@gpt-platform/client 0.4.2 → 0.4.3

package/dist/index.mjs

@@ -901,6 +901,34 @@ var ConflictError = class extends GptCoreError {
     super(message, { statusCode: 409, code: "conflict_error", ...options });
   }
 };
+var PaymentRequiredError = class extends GptCoreError {
+  constructor(message = "Payment required", options) {
+    super(message, {
+      statusCode: 402,
+      code: "payment_required",
+      ...options
+    });
+  }
+};
+var CardDeclinedError = class extends GptCoreError {
+  constructor(message = "Card declined", declineCode, options) {
+    super(message, {
+      statusCode: 402,
+      code: "card_declined",
+      ...options
+    });
+    this.declineCode = declineCode;
+  }
+};
+var SubscriptionConflictError = class extends GptCoreError {
+  constructor(message = "Subscription conflict", options) {
+    super(message, {
+      statusCode: 409,
+      code: "subscription_conflict",
+      ...options
+    });
+  }
+};
 function handleApiError(error) {
   if (typeof error !== "object" || error === null) {
     throw new NetworkError(
@@ -909,7 +937,7 @@ function handleApiError(error) {
   }
   const err = error;
   const response = err.response || err;
-  const statusCode = response.status || err.status || err.statusCode;
+  let statusCode = response.status || err.status || err.statusCode;
   const headers = response.headers || err.headers;
   const requestId = (headers && typeof headers === "object" && "get" in headers ? headers.get("x-request-id") : headers?.["x-request-id"]) || void 0;
   const body = response.body || response.data || err.body || err.data || err;
@@ -923,6 +951,10 @@ function handleApiError(error) {
       field: err2.source?.pointer?.split("/").pop(),
       message: err2.detail || err2.title || "Unknown error"
     }));
+    if (!statusCode && firstError?.status) {
+      const parsed = parseInt(firstError.status, 10);
+      if (!isNaN(parsed)) statusCode = parsed;
+    }
   } else if (typeof body === "object" && body !== null && "message" in body && typeof body.message === "string") {
     message = body.message;
   } else if (typeof body === "string") {
@@ -969,8 +1001,21 @@ function handleApiError(error) {
       throw new AuthorizationError(message, errorOptions);
     case 404:
       throw new NotFoundError(message, errorOptions);
-    case 409:
+    case 402: {
+      const bodyCode = typeof body === "object" && body !== null && "code" in body ? body.code : void 0;
+      const declineCode = typeof body === "object" && body !== null && "decline_code" in body ? body.decline_code : void 0;
+      if (bodyCode === "card_declined") {
+        throw new CardDeclinedError(message, declineCode, errorOptions);
+      }
+      throw new PaymentRequiredError(message, errorOptions);
+    }
+    case 409: {
+      const bodyCode409 = typeof body === "object" && body !== null && "code" in body ? body.code : void 0;
+      if (bodyCode409 === "subscription_conflict") {
+        throw new SubscriptionConflictError(message, errorOptions);
+      }
       throw new ConflictError(message, errorOptions);
+    }
     case 400:
     case 422:
       throw new ValidationError(message, errors, errorOptions);
@@ -1224,7 +1269,7 @@ function buildUserAgent(sdkVersion, appInfo) {
 }
 
 // src/version.ts
-var SDK_VERSION = "0.4.2";
+var SDK_VERSION = "0.4.3";
 var DEFAULT_API_VERSION = "2026-02-27";
 
 // src/base-client.ts
@@ -1737,6 +1782,11 @@ var patchApiKeysByIdRotate = (options) => (options.client ?? client).patch({
     ...options.headers
   }
 });
+var getApplicationsCurrent = (options) => (options.client ?? client).get({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/applications/current",
+  ...options
+});
 var patchWorkspaceMembershipsByWorkspaceIdByUserIdProfile = (options) => (options.client ?? client).patch({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/workspace-memberships/{workspace_id}/{user_id}/profile",
@@ -1746,6 +1796,15 @@ var patchWorkspaceMembershipsByWorkspaceIdByUserIdProfile = (options) => (option
     ...options.headers
   }
 });
+var postInvitationsAcceptByToken = (options) => (options.client ?? client).post({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/invitations/accept-by-token",
+  ...options,
+  headers: {
+    "Content-Type": "application/vnd.api+json",
+    ...options.headers
+  }
+});
 var getWorkspaces = (options) => (options.client ?? client).get({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/workspaces",
@@ -1784,6 +1843,11 @@ var getAgentsByIdStats = (options) => (options.client ?? client).get({
   url: "/agents/{id}/stats",
   ...options
 });
+var getSchedulingEventsByParticipant = (options) => (options.client ?? client).get({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/scheduling/events/by_participant",
+  ...options
+});
 var getEmailTrackingEventsById = (options) => (options.client ?? client).get({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/email/tracking-events/{id}",
@@ -1837,15 +1901,6 @@ var patchCrmDealsById = (options) => (options.client ?? client).patch({
     ...options.headers
   }
 });
-var postUsersAuthResetPasswordRequest = (options) => (options.client ?? client).post({
-  security: [{ scheme: "bearer", type: "http" }],
-  url: "/users/auth/reset-password/request",
-  ...options,
-  headers: {
-    "Content-Type": "application/vnd.api+json",
-    ...options.headers
-  }
-});
 var getSupportTagsWorkspaceByWorkspaceId = (options) => (options.client ?? client).get({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/support/tags/workspace/{workspace_id}",
@@ -1977,6 +2032,11 @@ var getAgentsByIdTrainingExamples = (options) => (options.client ?? client).get(
   url: "/agents/{id}/training-examples",
   ...options
 });
+var getInvitationsConsumeByToken = (options) => (options.client ?? client).get({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/invitations/consume/{token}",
+  ...options
+});
 var postEmailMarketingCampaignsByIdOptimizeSendTimes = (options) => (options.client ?? client).post({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/email-marketing/campaigns/{id}/optimize-send-times",
@@ -2043,6 +2103,15 @@ var patchRetentionPoliciesById = (options) => (options.client ?? client).patch({
     ...options.headers
   }
 });
+var patchInvitationsByIdRevoke = (options) => (options.client ?? client).patch({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/invitations/{id}/revoke",
+  ...options,
+  headers: {
+    "Content-Type": "application/vnd.api+json",
+    ...options.headers
+  }
+});
 var getCatalogTaxonomiesApplicationByApplicationId = (options) => (options.client ?? client).get({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/catalog/taxonomies/application/{application_id}",
@@ -2348,6 +2417,15 @@ var getEmailMarketingUnsubscribersWorkspaceByWorkspaceId = (options) => (options
   url: "/email-marketing/unsubscribers/workspace/{workspace_id}",
   ...options
 });
+var patchInvitationsByIdResend = (options) => (options.client ?? client).patch({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/invitations/{id}/resend",
+  ...options,
+  headers: {
+    "Content-Type": "application/vnd.api+json",
+    ...options.headers
+  }
+});
 var getSearchSaved = (options) => (options.client ?? client).get({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/search/saved",
@@ -2593,6 +2671,15 @@ var postSupportTickets = (options) => (options.client ?? client).post({
     ...options.headers
   }
 });
+var patchInvitationsByIdAccept = (options) => (options.client ?? client).patch({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/invitations/{id}/accept",
+  ...options,
+  headers: {
+    "Content-Type": "application/vnd.api+json",
+    ...options.headers
+  }
+});
 var getCreditPackagesById = (options) => (options.client ?? client).get({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/credit-packages/{id}",
@@ -2786,6 +2873,20 @@ var getSchedulingBookingsById = (options) => (options.client ?? client).get({
   url: "/scheduling/bookings/{id}",
   ...options
 });
+var getTenantMemberships = (options) => (options.client ?? client).get({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/tenant-memberships",
+  ...options
+});
+var postTenantMemberships = (options) => (options.client ?? client).post({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/tenant-memberships",
+  ...options,
+  headers: {
+    "Content-Type": "application/vnd.api+json",
+    ...options.headers
+  }
+});
 var getWebhookDeliveriesById = (options) => (options.client ?? client).get({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/webhook-deliveries/{id}",
@@ -3388,6 +3489,11 @@ var getEmailTrackingEventsWorkspaceByWorkspaceId = (options) => (options.client
   url: "/email/tracking-events/workspace/{workspace_id}",
   ...options
 });
+var getTenants = (options) => (options.client ?? client).get({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/tenants",
+  ...options
+});
 var getExtractionSchemaDiscoveriesById = (options) => (options.client ?? client).get({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/extraction/schema-discoveries/{id}",
@@ -3797,6 +3903,15 @@ var getApplicationsById = (options) => (options.client ?? client).get({
   url: "/applications/{id}",
   ...options
 });
+var patchApplicationsById = (options) => (options.client ?? client).patch({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/applications/{id}",
+  ...options,
+  headers: {
+    "Content-Type": "application/vnd.api+json",
+    ...options.headers
+  }
+});
 var patchEmailOutboundEmailsByIdSchedule = (options) => (options.client ?? client).patch({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/email/outbound-emails/{id}/schedule",
@@ -4271,15 +4386,6 @@ var getExtractionDocumentsWorkspaceByWorkspaceId = (options) => (options.client
   url: "/extraction/documents/workspace/{workspace_id}",
   ...options
 });
-var patchApplicationsByIdAllocateCredits = (options) => (options.client ?? client).patch({
-  security: [{ scheme: "bearer", type: "http" }],
-  url: "/applications/{id}/allocate-credits",
-  ...options,
-  headers: {
-    "Content-Type": "application/vnd.api+json",
-    ...options.headers
-  }
-});
 var postUsersAuthMagicLinkRequest = (options) => (options.client ?? client).post({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/users/auth/magic-link/request",
@@ -4378,6 +4484,25 @@ var getExtractionDocuments = (options) => (options.client ?? client).get({
   url: "/extraction/documents",
   ...options
 });
+var getDataStoreRecordsByNamespace = (options) => (options.client ?? client).get({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/data_store/records/by_namespace",
+  ...options
+});
+var deleteTenantMembershipsByTenantIdByUserId = (options) => (options.client ?? client).delete({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/tenant-memberships/{tenant_id}/{user_id}",
+  ...options
+});
+var patchTenantMembershipsByTenantIdByUserId = (options) => (options.client ?? client).patch({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/tenant-memberships/{tenant_id}/{user_id}",
+  ...options,
+  headers: {
+    "Content-Type": "application/vnd.api+json",
+    ...options.headers
+  }
+});
 var getCrmDealsWorkspaceByWorkspaceId = (options) => (options.client ?? client).get({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/crm/deals/workspace/{workspace_id}",
@@ -4842,6 +4967,11 @@ var deleteWorkspaceMembershipsByWorkspaceIdByUserId = (options) => (options.clie
   url: "/workspace-memberships/{workspace_id}/{user_id}",
   ...options
 });
+var getWorkspaceMembershipsByWorkspaceIdByUserId = (options) => (options.client ?? client).get({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/workspace-memberships/{workspace_id}/{user_id}",
+  ...options
+});
 var patchWorkspaceMembershipsByWorkspaceIdByUserId = (options) => (options.client ?? client).patch({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/workspace-memberships/{workspace_id}/{user_id}",
@@ -4894,6 +5024,15 @@ var getUsers = (options) => (options.client ?? client).get({
   url: "/users",
   ...options
 });
+var postDataStoreRecordsUpsert = (options) => (options.client ?? client).post({
+  security: [{ scheme: "bearer", type: "http" }],
+  url: "/data_store/records/upsert",
+  ...options,
+  headers: {
+    "Content-Type": "application/vnd.api+json",
+    ...options.headers
+  }
+});
 var deleteSupportTicketsById = (options) => (options.client ?? client).delete({
   security: [{ scheme: "bearer", type: "http" }],
   url: "/support/tickets/{id}",
@@ -7188,6 +7327,9 @@ function createBillingNamespace(rb) {
        * Preview the cost and effective date of a plan change before committing.
        *
        * @param planSlug - The slug of the target plan (e.g. `"pro-monthly"`).
+       * @returns A projected `Wallet` representing the hypothetical post-change
+       *   state — **not** the caller's current wallet. Do not cache or use this
+       *   as live balance data. Call `wallet.get()` for authoritative state.
        */
       previewPlanChange: async (planSlug, options) => {
         return rb.execute(
@@ -7199,14 +7341,41 @@ function createBillingNamespace(rb) {
       /**
        * Change the workspace's subscription plan.
        *
+       * Two call signatures:
+       * - `changePlan(planSlug)` — fetches the wallet automatically (recommended)
+       * - `changePlan(walletId, planSlug)` — use when you already have the wallet ID
+       *
        * Upgrades charge a prorated amount immediately against the default payment
        * method. Downgrades are deferred to the end of the current billing period.
        * Use `previewPlanChange` first to show the user a cost estimate.
        *
-       * @param walletId - The wallet UUID from `wallet.get()`.
-       * @param planSlug - The slug of the target plan (e.g. `"pro-monthly"`).
+       * @example
+       * ```typescript
+       * // Simple form — no wallet ID needed
+       * await client.billing.wallet.changePlan("pro-monthly");
+       *
+       * // Explicit form — when walletId is already known
+       * await client.billing.wallet.changePlan(wallet.id, "pro-monthly");
+       * ```
        */
-      changePlan: async (walletId, planSlug, options) => {
+      changePlan: async (walletIdOrSlug, planSlugOrOptions, options) => {
+        let walletId;
+        let planSlug;
+        let reqOptions;
+        if (typeof planSlugOrOptions === "string") {
+          walletId = walletIdOrSlug;
+          planSlug = planSlugOrOptions;
+          reqOptions = options;
+        } else {
+          const wallet = await rb.execute(
+            getWallet,
+            {},
+            planSlugOrOptions
+          );
+          walletId = wallet.id;
+          planSlug = walletIdOrSlug;
+          reqOptions = planSlugOrOptions;
+        }
         return rb.execute(
           patchWalletPlan,
           {
@@ -7218,7 +7387,7 @@ function createBillingNamespace(rb) {
               }
             }
           },
-          options
+          reqOptions
         );
       },
       /**
@@ -7687,8 +7856,12 @@ function createBillingNamespace(rb) {
        * const client = new GptClient({ apiKey: 'sk_app_...' });
        *
        * const method = await client.billing.paymentMethods.create({
-       *   token: 'tok_visa_4242',
-       *   billing_name: 'Acme Corp',
+       *   provider_token: 'tok_visa_4242',
+       *   type: 'card',
+       *   last4: '4242',
+       *   exp_month: 12,
+       *   exp_year: 2027,
+       *   brand: 'Visa',
        * });
        * console.log(`Added card ending in ${method.last4}`);
        * ```
@@ -7703,14 +7876,21 @@ function createBillingNamespace(rb) {
       /**
        * Tokenizes a raw card server-side and saves the resulting payment method.
        *
-       * Use this for direct card collection flows where your server handles card
-       * data (PCI-DSS scope applies). The platform tokenizes the card with QorPay
-       * and stores only the token — raw card data is never persisted.
+       * @remarks **SERVER-SIDE ONLY — PCI-DSS.**
+       * This method transmits raw card numbers (`card_number`, `cvc`) over the
+       * network. It **must only be called from a trusted server context** (Node.js,
+       * server-side rendering). Calling this method from browser/client-side code
+       * (React, Vue, browser fetch) is a **PCI-DSS violation** — raw card numbers
+       * must never pass through browser memory or JavaScript bundles.
+       *
+       * For browser flows, use the payment provider's hosted fields iframe to tokenize
+       * on the client side, then call `paymentMethods.create({ provider_token })` instead.
        *
-       * For hosted-fields flows where the client tokenizes the card, use
-       * `paymentMethods.create({ provider_token })` instead.
+       * The platform forwards `cardDetails` to the payment gateway over TLS and stores
+       * only the resulting token — raw card data is never persisted.
        *
-       * @param cardDetails - Raw card fields including number, CVC, expiry, and billing address.
+       * @param cardDetails - Raw PCI-sensitive card fields. All fields must be treated
+       *   as sensitive: do not log, serialize, or pass through error reporters.
        */
       tokenize: async (cardDetails, options) => {
         return rb.execute(
@@ -16144,8 +16324,12 @@ function createIdentityNamespace(rb, baseUrl) {
       );
     },
     /** Resend confirmation email to an unconfirmed user */
-    resendConfirmation: async (options) => {
-      return rb.execute(postUsersAuthResendConfirmation, {}, options);
+    resendConfirmation: async (email, options) => {
+      return rb.execute(
+        postUsersAuthResendConfirmation,
+        { body: { data: { type: "user", attributes: { email } } } },
+        options
+      );
     },
     /** Confirm an email address using the token from the confirmation email */
     confirmEmail: async (email, confirmationToken, options) => {
@@ -16186,7 +16370,7 @@ function createIdentityNamespace(rb, baseUrl) {
     requestPasswordReset: async (email, options) => {
       RequestPasswordResetSchema.parse({ email });
       return rb.execute(
-        postUsersAuthResetPasswordRequest,
+        patchUsersAuthResetPassword,
         {
           body: {
             data: { type: "user", attributes: { email } }
@@ -17064,7 +17248,7 @@ function createPlatformNamespace(rb) {
        */
       update: async (id, attributes, options) => {
         return rb.execute(
-          patchApplicationsByIdAllocateCredits,
+          patchApplicationsById,
           {
             path: { id },
             body: { data: { id, type: "application", attributes } }
@@ -17111,7 +17295,7 @@ function createPlatformNamespace(rb) {
        * ```
        */
       readCurrent: async (options) => {
-        return rb.execute(postApplications, {}, options);
+        return rb.execute(getApplicationsCurrent, {}, options);
       }
     },
     /**
@@ -17122,6 +17306,21 @@ function createPlatformNamespace(rb) {
      * ISVs provision tenants when onboarding new customers.
      */
     tenants: {
+      /**
+       * List all tenants (paginated).
+       *
+       * Returns tenants accessible to the current actor (application-scoped).
+       *
+       * @param options - Optional page number, page size, and request options.
+       * @returns A page of `Tenant` records.
+       */
+      list: async (options) => {
+        return rb.execute(
+          getTenants,
+          buildPageQuery(options?.page, options?.pageSize),
+          options
+        );
+      },
       /**
        * List document statistics for tenants (paginated).
        *
@@ -17138,30 +17337,35 @@ function createPlatformNamespace(rb) {
        * stats.forEach(s => console.log(s.attributes?.document_count));
        * ```
        */
-      listDocumentStats: async (options) => {
+      listDocumentStats: async (tenantId, options) => {
         return rb.execute(
           getTenantsByTenantIdDocumentStats,
-          buildPageQuery(options?.page, options?.pageSize),
+          {
+            path: { tenant_id: tenantId },
+            ...buildPageQuery(options?.page, options?.pageSize)
+          },
           options
         );
       },
       /**
        * List all document statistics for tenants, auto-paginating.
        *
+       * @param tenantId - The UUID of the tenant.
        * @param options - Optional request options.
        * @returns All tenant document stat records as a flat array.
        *
        * @example
        * ```typescript
        * const client = new GptClient({ apiKey: 'sk_app_...' });
-       * const allStats = await client.platform.tenants.listAllDocumentStats();
+       * const allStats = await client.platform.tenants.listAllDocumentStats('tenant_abc123');
        * ```
        */
-      listAllDocumentStats: async (options) => {
+      listAllDocumentStats: async (tenantId, options) => {
         return paginateToArray(
           rb.createPaginatedFetcher(
             getTenantsByTenantIdDocumentStats,
             (page, pageSize) => ({
+              path: { tenant_id: tenantId },
               query: { page: { number: page, size: pageSize } }
             }),
             options
@@ -17186,10 +17390,15 @@ function createPlatformNamespace(rb) {
        * console.log(tenant.attributes?.credit_balance);
        * ```
        */
-      credit: async (id, options) => {
+      credit: async (id, amount, description, options) => {
+        const attributes = { amount };
+        if (description !== void 0) attributes.description = description;
         return rb.execute(
           postTenantsByIdCredit,
-          { path: { id }, body: {} },
+          {
+            path: { id },
+            body: { data: { type: "tenant", attributes } }
+          },
           options
         );
       },
@@ -17297,24 +17506,6 @@ function createPlatformNamespace(rb) {
         );
       },
       /**
-       * Add a payment method to a tenant via raw details (server-to-server proxy).
-       *
-       * Proxies payment method registration to the underlying payment provider
-       * on behalf of the tenant. Used in server-side flows where the payment
-       * form is embedded by the ISV rather than the platform.
-       *
-       * @param options - Optional request options.
-       * @returns The updated `Tenant` with new payment method reference.
-       *
-       * @example
-       * ```typescript
-       * const client = new GptClient({ apiKey: 'sk_app_...' });
-       * const tenant = await client.platform.tenants.addPaymentMethod();
-       * ```
-       */
-      addPaymentMethod: async (options) => {
-        return rb.execute(postTenantsIsv, {}, options);
-      },
       /**
        * Retrieve a single tenant by its ID.
        *
@@ -17331,6 +17522,33 @@ function createPlatformNamespace(rb) {
        */
       get: async (id, options) => {
         return rb.execute(getTenantsById, { path: { id } }, options);
+      },
+      /**
+       * Transfer ownership of a tenant to another admin member.
+       *
+       * The new owner must already be a tenant admin. The previous owner
+       * retains their admin role. Cannot be used on personal tenants.
+       *
+       * @param tenantId - The UUID of the tenant to transfer.
+       * @param newOwnerId - The UUID of the user to become the new owner.
+       * @param options - Optional request options.
+       * @returns The updated `Tenant`.
+       */
+      transferOwnership: async (tenantId, newOwnerId, options) => {
+        return rb.execute(
+          patchTenantsById,
+          {
+            path: { id: tenantId },
+            body: {
+              data: {
+                id: tenantId,
+                type: "tenant",
+                attributes: { new_owner_id: newOwnerId }
+              }
+            }
+          },
+          options
+        );
       }
     },
     /**
@@ -17338,22 +17556,63 @@ function createPlatformNamespace(rb) {
      */
     invitations: {
       /**
-       * Delete (revoke) the current user's pending invitation.
+       * Accept a pending invitation (authenticated user flow).
        *
-       * Removes the invitation so it can no longer be accepted or declined.
-       * Typically used by the inviting party to cancel an outstanding invite.
+       * Accepts an invitation the current user received, creating
+       * the appropriate membership records.
        *
+       * @param id - The UUID of the invitation to accept.
        * @param options - Optional request options.
-       * @returns `true` on successful deletion.
+       * @returns The updated `Invitation`.
+       */
+      accept: async (id, options) => {
+        return rb.execute(
+          patchInvitationsByIdAccept,
+          {
+            path: { id },
+            body: { data: { id, type: "invitation", attributes: {} } }
+          },
+          options
+        );
+      },
+      /**
+       * Decline a pending invitation.
        *
-       * @example
-       * ```typescript
-       * const client = new GptClient({ apiKey: 'sk_app_...' });
-       * await client.platform.invitations.delete();
-       * ```
+       * The invitation status is set to `:declined` and no membership is created.
+       *
+       * @param id - The UUID of the invitation to decline.
+       * @param options - Optional request options.
+       * @returns The updated `Invitation`.
        */
-      delete: async (options) => {
-        return rb.executeDelete(getInvitationsMe, { path: {} }, options);
+      decline: async (id, options) => {
+        return rb.execute(
+          patchInvitationsByIdDecline,
+          {
+            path: { id },
+            body: { data: { id, type: "invitation", attributes: {} } }
+          },
+          options
+        );
+      },
+      /**
+       * Revoke a pending invitation (inviter flow).
+       *
+       * Cancels the invitation so it can no longer be accepted or declined.
+       * Callable by the original inviter or a tenant admin.
+       *
+       * @param id - The UUID of the invitation to revoke.
+       * @param options - Optional request options.
+       * @returns The updated `Invitation`.
+       */
+      revoke: async (id, options) => {
+        return rb.execute(
+          patchInvitationsByIdRevoke,
+          {
+            path: { id },
+            body: { data: { id, type: "invitation", attributes: {} } }
+          },
+          options
+        );
       },
       /**
        * List pending invitations for the currently authenticated user (paginated).
@@ -17432,31 +17691,119 @@ function createPlatformNamespace(rb) {
         );
       },
       /**
-       * Update an invitation (e.g., decline it).
+      /**
+       * Resend an invitation email with a refreshed token and new 7-day expiry.
        *
-       * Used by the invited user to respond to an invitation. Pass
-       * `{ status: "declined" }` in attributes to decline. Accepting
-       * an invitation is handled separately through the acceptance flow.
+       * Only pending invitations can be resent. Generates a new token (invalidating
+       * the old one) and re-sends the invitation email. Callable by the original
+       * inviter or the tenant owner.
        *
-       * @param id - The UUID of the invitation to update.
-       * @param attributes - Attribute map, typically `{ status: "declined" }`.
+       * @param id - The UUID of the invitation to resend.
        * @param options - Optional request options.
        * @returns The updated `Invitation`.
        *
        * @example
        * ```typescript
        * const client = new GptClient({ apiKey: 'sk_app_...' });
-       * const invite = await client.platform.invitations.update('inv_abc123', {
-       *   status: 'declined',
-       * });
+       * await client.platform.invitations.resend('inv_abc123');
        * ```
        */
-      update: async (id, attributes, options) => {
+      resend: async (id, applicationId, options) => {
         return rb.execute(
-          patchInvitationsByIdDecline,
+          patchInvitationsByIdResend,
           {
             path: { id },
-            body: { data: { id, type: "invitation", attributes } }
+            body: {
+              data: {
+                id,
+                type: "invitation",
+                ...applicationId ? { attributes: { application_id: applicationId } } : {}
+              }
+            }
+          },
+          options
+        );
+      },
+      /**
+       * Look up a pending invitation by its raw token.
+       *
+       * Call this on the `/invite/:token` landing page to display invitation
+       * details before the user accepts. Returns the full invitation record
+       * including `email` (to pre-fill the register form), `role`, `scope_type`,
+       * `scope_id`, `tenant_id`, `expires_at`, and the `inviter` relationship
+       * (pass `include=inviter` via request options to embed inviter email).
+       *
+       * Returns `null` if the token is invalid, already used, or expired —
+       * there is no partial response for consumed tokens.
+       *
+       * **Note:** The response does not include the workspace or tenant name.
+       * Fetch it separately using `platform.workspaces.get(scope_id)` or
+       * `platform.tenants.get(scope_id)` based on `scope_type`.
+       *
+       * @param token - The raw invitation token from the email link (`/invite/:token`).
+       * @param options - Optional request options (e.g., `{ headers: { include: 'inviter' } }`).
+       * @returns The pending `Invitation` record, or `null` if not found.
+       *
+       * @example
+       * ```typescript
+       * // On your /invite/:token page
+       * const invite = await client.platform.invitations.consumeByToken(token);
+       * if (!invite) {
+       *   // Token expired or already used
+       *   return redirect('/invite/expired');
+       * }
+       * // Pre-fill form
+       * setEmail(invite.attributes?.email);
+       * setRole(invite.attributes?.role);
+       * ```
+       */
+      consumeByToken: async (token, options) => {
+        try {
+          return await rb.execute(
+            getInvitationsConsumeByToken,
+            { path: { token } },
+            options
+          );
+        } catch {
+          return null;
+        }
+      },
+      /**
+       * Accept a pending invitation using only the raw token.
+       *
+       * Call this after the user is authenticated (either via `registerViaInvitation`
+       * or an existing account login). The platform validates the token, creates or
+       * upgrades the user's `TenantMembership` and `WorkspaceMembership`, and returns
+       * the accepted invitation.
+       *
+       * For new users: `registerViaInvitation` accepts the invitation atomically —
+       * do NOT call `acceptByToken` again after registration. Only call this for
+       * existing users accepting a new invite after sign-in.
+       *
+       * @param token - The raw invitation token from the email link.
+       * @param options - Optional request options.
+       * @returns The accepted `Invitation` with `scope_id` and `tenant_id` populated.
+       *
+       * @example
+       * ```typescript
+       * // Existing user accepting an invite after login
+       * const accepted = await client.platform.invitations.acceptByToken(token);
+       * const workspaceId = accepted.attributes?.scope_type === 'workspace'
+       *   ? accepted.attributes?.scope_id
+       *   : null;
+       * const tenantId = accepted.attributes?.tenant_id;
+       * ```
+       */
+      acceptByToken: async (token, options) => {
+        return rb.execute(
+          postInvitationsAcceptByToken,
+          {
+            body: {
+              data: {
+                type: "invitation",
+                attributes: { token }
+              }
+            }
           },
           options
         );
@@ -17499,6 +17846,42 @@ function createPlatformNamespace(rb) {
           options
         );
       },
+      /**
+       * List workspace members with user profile data (name, email, avatar) included.
+       *
+       * Equivalent to `list()` with `?include=user,user.profile` appended. Each
+       * membership in the response will have `relationships.user` and nested
+       * `user.relationships.profile` populated in the JSON:API `included` array.
+       *
+       * The `RequestBuilder` flattens included relationships automatically, so
+       * each membership object will have `user` and `user.profile` accessible.
+       *
+       * @param workspaceId - The UUID of the workspace to list members for.
+       * @param options - Optional page number, page size, and request options.
+       * @returns A page of `WorkspaceMembership` records with embedded user + profile.
+       *
+       * @example
+       * ```typescript
+       * const members = await client.platform.workspaceMembers.listWithProfiles('ws_abc123');
+       * members.forEach(m => {
+       *   console.log(m.attributes?.user_id, m.attributes?.role);
+       *   // Profile fields come from included relationships
+       * });
+       * ```
+       */
+      listWithProfiles: async (workspaceId, options) => {
+        return rb.execute(
+          getWorkspaceMemberships,
+          {
+            query: {
+              filter: { workspace_id: workspaceId },
+              include: "user,user.profile",
+              ...buildPageQuery(options?.page, options?.pageSize)?.query
+            }
+          },
+          options
+        );
+      },
       /**
        * Retrieve the membership record for a specific user within a workspace.
        *
@@ -17518,8 +17901,9 @@ function createPlatformNamespace(rb) {
        * ```
        */
       get: async (workspaceId, memberId, options) => {
-        return rb.rawGet(
-          `/workspace-memberships/${workspaceId}/${memberId}`,
+        return rb.execute(
+          getWorkspaceMembershipsByWorkspaceIdByUserId,
+          { path: { workspace_id: workspaceId, user_id: memberId } },
           options
         );
       },
@@ -17750,6 +18134,95 @@ function createPlatformNamespace(rb) {
           options
         );
       }
+    },
+    /**
+     * Tenant Members — manage tenant-level membership (org roles).
+     *
+     * TenantMembership records represent a user's role within a tenant.
+     * Roles are either `"admin"` or `"member"`.
+     */
+    tenantMembers: {
+      /**
+       * List members of a tenant (paginated).
+       *
+       * @param tenantId - The UUID of the tenant.
+       * @param options - Optional page number, page size, and request options.
+       * @returns A page of `TenantMembership` records.
+       */
+      list: async (tenantId, options) => {
+        return rb.execute(
+          getTenantMemberships,
+          {
+            query: {
+              filter: { tenant_id: tenantId },
+              ...buildPageQuery(options?.page, options?.pageSize).query
+            }
+          },
+          options
+        );
+      },
+      /**
+       * Add a user to a tenant with the given role.
+       *
+       * @param tenantId - The UUID of the tenant.
+       * @param userId - The UUID of the user to add.
+       * @param role - The role to assign (`"admin"` or `"member"`).
+       * @param options - Optional request options.
+       * @returns The created `TenantMembership`.
+       */
+      create: async (tenantId, userId, role, options) => {
+        return rb.execute(
+          postTenantMemberships,
+          {
+            body: {
+              data: {
+                type: "tenant_membership",
+                attributes: { tenant_id: tenantId, user_id: userId, role }
+              }
+            }
+          },
+          options
+        );
+      },
+      /**
+       * Change a member's role within a tenant.
+       *
+       * @param tenantId - The UUID of the tenant.
+       * @param userId - The UUID of the user.
+       * @param role - The new role (`"admin"` or `"member"`).
+       * @param options - Optional request options.
+       * @returns The updated `TenantMembership`.
+       */
+      updateRole: async (tenantId, userId, role, options) => {
+        return rb.execute(
+          patchTenantMembershipsByTenantIdByUserId,
+          {
+            path: { tenant_id: tenantId, user_id: userId },
+            body: {
+              data: {
+                type: "tenant_membership",
+                attributes: { role }
+              }
+            }
+          },
+          options
+        );
+      },
+      /**
+       * Remove a user from a tenant.
+       *
+       * @param tenantId - The UUID of the tenant.
+       * @param userId - The UUID of the user to remove.
+       * @param options - Optional request options.
+       * @returns `true` on success.
+       */
+      remove: async (tenantId, userId, options) => {
+        return rb.executeDelete(
+          deleteTenantMembershipsByTenantIdByUserId,
+          { path: { tenant_id: tenantId, user_id: userId } },
+          options
+        );
+      }
     }
   };
 }
@@ -18038,6 +18511,42 @@ function createSchedulingNamespace(rb) {
           },
           options
         );
+      },
+      /**
+       * List events that include a specific participant by email.
+       *
+       * Use this to retrieve all sessions for a client (e.g., all appointments
+       * for a given patient). Filters events in the workspace where a Participant
+       * record with the given email exists.
+       *
+       * @param email - The participant's email address to filter by.
+       * @param workspaceId - The workspace to scope the query to.
+       * @param options - Optional page number, page size, and request options.
+       * @returns A flat array of `SchedulingEvent` records.
+       *
+       * @example
+       * ```typescript
+       * const client = new GptClient({ apiKey: 'sk_app_...' });
+       * const sessions = await client.scheduling.events.listByParticipant(
+       *   'patient@example.com',
+       *   workspaceId,
+       * );
+       * sessions.forEach(s => console.log(s.attributes?.start_time, s.attributes?.status));
+       * ```
+       */
+      listByParticipant: async (email, workspaceId, options) => {
+        return rb.execute(
+          getSchedulingEventsByParticipant,
+          {
+            query: {
+              email,
+              workspace_id: workspaceId,
+              ...options?.pageSize && { "page[size]": options.pageSize },
+              ...options?.page && { "page[number]": options.page }
+            }
+          },
+          options
+        );
       }
     },
     /**
@@ -18598,6 +19107,91 @@ function createSchedulingNamespace(rb) {
           options
         );
       }
+    },
+    /**
+     * Session Notes — clinical notes per appointment, stored in DataStore.
+     *
+     * Notes are keyed by `{eventId}:{noteType}` under the `sessions` namespace.
+     * Each event supports up to 4 note types: `adime`, `soap`, `goals`, `email`.
+     *
+     * Notes are versioned automatically by DataStore — each `upsert` increments
+     * the version counter. Full version history retrieval requires a future
+     * DataStore enhancement.
+     *
+     * @example
+     * ```typescript
+     * const client = new GptClient({ apiKey: 'sk_app_...' });
+     *
+     * // Read an ADIME note
+     * const note = await client.scheduling.sessionNotes.get(sessionId, 'adime');
+     * console.log(note?.attributes?.value?.content);
+     *
+     * // Write/update a SOAP note
+     * await client.scheduling.sessionNotes.upsert(sessionId, 'soap', {
+     *   content: 'S: Patient reports...',
+     *   reviewed_by_user_id: currentUserId,
+     *   reviewed_at: new Date().toISOString(),
+     * });
+     * ```
+     */
+    sessionNotes: {
+      /**
+       * Get the current version of a session note.
+       *
+       * Returns `null` if no note of this type exists for the event yet.
+       *
+       * @param eventId - The UUID of the scheduling event (session).
+       * @param noteType - The note type: `"adime"`, `"soap"`, `"goals"`, or `"email"`.
+       * @param workspaceId - The workspace UUID. Required for application-scoped API keys.
+       * @param options - Optional request options.
+       * @returns The `DataStoreRecord`, or `null` if not found.
+       */
+      get: async (eventId, noteType, workspaceId, options) => {
+        const results = await rb.execute(
+          getDataStoreRecordsByNamespace,
+          {
+            query: {
+              workspace_id: workspaceId,
+              namespace: "sessions",
+              "filter[record_key]": `${eventId}:${noteType}`
+            }
+          },
+          options
+        );
+        return results.length > 0 ? results[0] ?? null : null;
+      },
+      /**
+       * Create or update a session note (auto-versions on update).
+       *
+       * If the note does not exist, it is created. If it exists, its value
+       * is replaced and the version counter is incremented.
+       *
+       * @param eventId - The UUID of the scheduling event (session).
+       * @param noteType - The note type: `"adime"`, `"soap"`, `"goals"`, or `"email"`.
+       * @param workspaceId - The workspace UUID. Required for application-scoped API keys.
+       * @param value - The note content and optional metadata.
+       * @param options - Optional request options.
+       * @returns The upserted `DataStoreRecord`.
+       */
+      upsert: async (eventId, noteType, workspaceId, value, options) => {
+        return rb.execute(
+          postDataStoreRecordsUpsert,
+          {
+            body: {
+              data: {
+                type: "data_store_record",
+                attributes: {
+                  namespace: "sessions",
+                  record_key: `${eventId}:${noteType}`,
+                  workspace_id: workspaceId,
+                  value
+                }
+              }
+            }
+          },
+          options
+        );
+      }
     }
   };
 }
@@ -22467,6 +23061,7 @@ export {
   AuthenticationError,
   AuthorizationError,
   BrowserApiKeyError,
+  CardDeclinedError,
   ConflictError,
   DEFAULT_API_VERSION,
   DEFAULT_RETRY_CONFIG,
@@ -22476,12 +23071,14 @@ export {
   LOG_LEVELS,
   NetworkError,
   NotFoundError,
+  PaymentRequiredError,
   RateLimitError,
   RequestBuilder,
   RetryTimeoutError,
   SDK_VERSION,
   SdkEventEmitter,
   ServerError,
+  SubscriptionConflictError,
   TimeoutError,
   ValidationError,
   WebhookSignatureError,