@grantex/sdk 0.1.0

package/dist/client.d.ts

@@ -0,0 +1,33 @@
+import { AgentsClient } from './resources/agents.js';
+import { AuditClient } from './resources/audit.js';
+import { GrantsClient } from './resources/grants.js';
+import { TokensClient } from './resources/tokens.js';
+import { WebhooksClient } from './resources/webhooks.js';
+import { BillingClient } from './resources/billing.js';
+import { PoliciesClient } from './resources/policies.js';
+import { ComplianceClient } from './resources/compliance.js';
+import { AnomaliesClient } from './resources/anomalies.js';
+import { ScimClient } from './resources/scim.js';
+import { SsoClient } from './resources/sso.js';
+import type { AuthorizationRequest, AuthorizeParams, GrantexClientOptions } from './types.js';
+export declare class Grantex {
+    #private;
+    readonly agents: AgentsClient;
+    readonly grants: GrantsClient;
+    readonly tokens: TokensClient;
+    readonly audit: AuditClient;
+    readonly webhooks: WebhooksClient;
+    readonly billing: BillingClient;
+    readonly policies: PoliciesClient;
+    readonly compliance: ComplianceClient;
+    readonly anomalies: AnomaliesClient;
+    readonly scim: ScimClient;
+    readonly sso: SsoClient;
+    constructor(options?: GrantexClientOptions);
+    /**
+     * Initiate the delegated authorization flow for a user.
+     * `userId` is transparently mapped to `principalId` in the request body.
+     */
+    authorize(params: AuthorizeParams): Promise<AuthorizationRequest>;
+}
+//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAC/C,OAAO,KAAK,EACV,oBAAoB,EACpB,eAAe,EACf,oBAAoB,EACrB,MAAM,YAAY,CAAC;AAIpB,qBAAa,OAAO;;IAGlB,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,QAAQ,CAAC,QAAQ,EAAE,cAAc,CAAC;IAClC,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC;IAChC,QAAQ,CAAC,QAAQ,EAAE,cAAc,CAAC;IAClC,QAAQ,CAAC,UAAU,EAAE,gBAAgB,CAAC;IACtC,QAAQ,CAAC,SAAS,EAAE,eAAe,CAAC;IACpC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAC1B,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC;gBAEZ,OAAO,GAAE,oBAAyB;IA6B9C;;;OAGG;IACH,SAAS,CAAC,MAAM,EAAE,eAAe,GAAG,OAAO,CAAC,oBAAoB,CAAC;CAOlE"}

package/dist/client.js

@@ -0,0 +1,61 @@
+import { HttpClient } from './http.js';
+import { AgentsClient } from './resources/agents.js';
+import { AuditClient } from './resources/audit.js';
+import { GrantsClient } from './resources/grants.js';
+import { TokensClient } from './resources/tokens.js';
+import { WebhooksClient } from './resources/webhooks.js';
+import { BillingClient } from './resources/billing.js';
+import { PoliciesClient } from './resources/policies.js';
+import { ComplianceClient } from './resources/compliance.js';
+import { AnomaliesClient } from './resources/anomalies.js';
+import { ScimClient } from './resources/scim.js';
+import { SsoClient } from './resources/sso.js';
+const DEFAULT_BASE_URL = 'https://api.grantex.dev';
+export class Grantex {
+    #http;
+    agents;
+    grants;
+    tokens;
+    audit;
+    webhooks;
+    billing;
+    policies;
+    compliance;
+    anomalies;
+    scim;
+    sso;
+    constructor(options = {}) {
+        const apiKey = options.apiKey ?? process.env['GRANTEX_API_KEY'] ?? '';
+        if (!apiKey) {
+            throw new Error('Grantex API key is required. Pass `apiKey` in options or set the GRANTEX_API_KEY environment variable.');
+        }
+        this.#http = new HttpClient({
+            baseUrl: options.baseUrl ?? DEFAULT_BASE_URL,
+            apiKey,
+            ...(options.timeout !== undefined ? { timeout: options.timeout } : {}),
+        });
+        this.agents = new AgentsClient(this.#http);
+        this.grants = new GrantsClient(this.#http);
+        this.tokens = new TokensClient(this.#http);
+        this.audit = new AuditClient(this.#http);
+        this.webhooks = new WebhooksClient(this.#http);
+        this.billing = new BillingClient(this.#http);
+        this.policies = new PoliciesClient(this.#http);
+        this.compliance = new ComplianceClient(this.#http);
+        this.anomalies = new AnomaliesClient(this.#http);
+        this.scim = new ScimClient(this.#http);
+        this.sso = new SsoClient(this.#http);
+    }
+    /**
+     * Initiate the delegated authorization flow for a user.
+     * `userId` is transparently mapped to `principalId` in the request body.
+     */
+    authorize(params) {
+        const { userId, ...rest } = params;
+        return this.#http.post('/v1/authorize', {
+            ...rest,
+            principalId: userId,
+        });
+    }
+}
+//# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAO/C,MAAM,gBAAgB,GAAG,yBAAyB,CAAC;AAEnD,MAAM,OAAO,OAAO;IACT,KAAK,CAAa;IAElB,MAAM,CAAe;IACrB,MAAM,CAAe;IACrB,MAAM,CAAe;IACrB,KAAK,CAAc;IACnB,QAAQ,CAAiB;IACzB,OAAO,CAAgB;IACvB,QAAQ,CAAiB;IACzB,UAAU,CAAmB;IAC7B,SAAS,CAAkB;IAC3B,IAAI,CAAa;IACjB,GAAG,CAAY;IAExB,YAAY,UAAgC,EAAE;QAC5C,MAAM,MAAM,GACV,OAAO,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC;QAEzD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CACb,wGAAwG,CACzG,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,IAAI,UAAU,CAAC;YAC1B,OAAO,EAAE,OAAO,CAAC,OAAO,IAAI,gBAAgB;YAC5C,MAAM;YACN,GAAG,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;SACvE,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,MAAM,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,MAAM,GAAG,IAAI,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,KAAK,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzC,IAAI,CAAC,QAAQ,GAAG,IAAI,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/C,IAAI,CAAC,OAAO,GAAG,IAAI,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC7C,IAAI,CAAC,QAAQ,GAAG,IAAI,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/C,IAAI,CAAC,UAAU,GAAG,IAAI,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnD,IAAI,CAAC,SAAS,GAAG,IAAI,eAAe,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjD,IAAI,CAAC,IAAI,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACvC,IAAI,CAAC,GAAG,GAAG,IAAI,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACvC,CAAC;IAED;;;OAGG;IACH,SAAS,CAAC,MAAuB;QAC/B,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,MAAM,CAAC;QACnC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAuB,eAAe,EAAE;YAC5D,GAAG,IAAI;YACP,WAAW,EAAE,MAAM;SACpB,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/errors.d.ts

@@ -0,0 +1,20 @@
+export declare class GrantexError extends Error {
+    constructor(message: string);
+}
+export declare class GrantexApiError extends GrantexError {
+    readonly statusCode: number;
+    readonly body: unknown;
+    readonly requestId: string | undefined;
+    constructor(message: string, statusCode: number, body: unknown, requestId?: string);
+}
+export declare class GrantexAuthError extends GrantexApiError {
+    constructor(message: string, statusCode: 401 | 403, body: unknown, requestId?: string);
+}
+export declare class GrantexTokenError extends GrantexError {
+    constructor(message: string);
+}
+export declare class GrantexNetworkError extends GrantexError {
+    readonly cause: unknown;
+    constructor(message: string, cause?: unknown);
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,qBAAa,YAAa,SAAQ,KAAK;gBACzB,OAAO,EAAE,MAAM;CAM5B;AAED,qBAAa,eAAgB,SAAQ,YAAY;IAC/C,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,SAAS,CAAC;gBAGrC,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,OAAO,EACb,SAAS,CAAC,EAAE,MAAM;CASrB;AAED,qBAAa,gBAAiB,SAAQ,eAAe;gBAEjD,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,GAAG,GAAG,GAAG,EACrB,IAAI,EAAE,OAAO,EACb,SAAS,CAAC,EAAE,MAAM;CAMrB;AAED,qBAAa,iBAAkB,SAAQ,YAAY;gBACrC,OAAO,EAAE,MAAM;CAK5B;AAED,qBAAa,mBAAoB,SAAQ,YAAY;IACnD,SAAkB,KAAK,EAAE,OAAO,CAAC;gBAErB,OAAO,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO;CAM7C"}

package/dist/errors.js

@@ -0,0 +1,45 @@
+export class GrantexError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'GrantexError';
+        // Restore prototype chain (required for instanceof checks in ES5 targets)
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+export class GrantexApiError extends GrantexError {
+    statusCode;
+    body;
+    requestId;
+    constructor(message, statusCode, body, requestId) {
+        super(message);
+        this.name = 'GrantexApiError';
+        this.statusCode = statusCode;
+        this.body = body;
+        this.requestId = requestId;
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+export class GrantexAuthError extends GrantexApiError {
+    constructor(message, statusCode, body, requestId) {
+        super(message, statusCode, body, requestId);
+        this.name = 'GrantexAuthError';
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+export class GrantexTokenError extends GrantexError {
+    constructor(message) {
+        super(message);
+        this.name = 'GrantexTokenError';
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+export class GrantexNetworkError extends GrantexError {
+    cause;
+    constructor(message, cause) {
+        super(message);
+        this.name = 'GrantexNetworkError';
+        this.cause = cause;
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,MAAM,OAAO,YAAa,SAAQ,KAAK;IACrC,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;QAC3B,0EAA0E;QAC1E,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAED,MAAM,OAAO,eAAgB,SAAQ,YAAY;IACtC,UAAU,CAAS;IACnB,IAAI,CAAU;IACd,SAAS,CAAqB;IAEvC,YACE,OAAe,EACf,UAAkB,EAClB,IAAa,EACb,SAAkB;QAElB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;QAC9B,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAED,MAAM,OAAO,gBAAiB,SAAQ,eAAe;IACnD,YACE,OAAe,EACf,UAAqB,EACrB,IAAa,EACb,SAAkB;QAElB,KAAK,CAAC,OAAO,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;QAC5C,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;QAC/B,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAED,MAAM,OAAO,iBAAkB,SAAQ,YAAY;IACjD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;QAChC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAED,MAAM,OAAO,mBAAoB,SAAQ,YAAY;IACjC,KAAK,CAAU;IAEjC,YAAY,OAAe,EAAE,KAAe;QAC1C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;QAClC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF"}

package/dist/http.d.ts

@@ -0,0 +1,15 @@
+export interface HttpClientOptions {
+    baseUrl: string;
+    apiKey: string;
+    timeout?: number;
+}
+export declare class HttpClient {
+    #private;
+    constructor(options: HttpClientOptions);
+    get<T>(path: string): Promise<T>;
+    post<T>(path: string, body?: unknown): Promise<T>;
+    put<T>(path: string, body?: unknown): Promise<T>;
+    patch<T>(path: string, body?: unknown): Promise<T>;
+    delete<T>(path: string): Promise<T>;
+}
+//# sourceMappingURL=http.d.ts.map

package/dist/http.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAKA,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,UAAU;;gBAKT,OAAO,EAAE,iBAAiB;IAMhC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;IAIhC,IAAI,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC;IAIjD,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC;IAIhD,KAAK,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC;IAIlD,MAAM,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;CAsE1C"}

package/dist/http.js

@@ -0,0 +1,94 @@
+import { GrantexApiError, GrantexAuthError, GrantexNetworkError } from './errors.js';
+const SDK_VERSION = '0.1.0';
+const DEFAULT_TIMEOUT_MS = 30_000;
+export class HttpClient {
+    #baseUrl;
+    #apiKey;
+    #timeout;
+    constructor(options) {
+        this.#baseUrl = options.baseUrl.replace(/\/$/, '');
+        this.#apiKey = options.apiKey;
+        this.#timeout = options.timeout ?? DEFAULT_TIMEOUT_MS;
+    }
+    async get(path) {
+        return this.#request('GET', path, undefined);
+    }
+    async post(path, body) {
+        return this.#request('POST', path, body);
+    }
+    async put(path, body) {
+        return this.#request('PUT', path, body);
+    }
+    async patch(path, body) {
+        return this.#request('PATCH', path, body);
+    }
+    async delete(path) {
+        return this.#request('DELETE', path, undefined);
+    }
+    async #request(method, path, body) {
+        const url = `${this.#baseUrl}${path}`;
+        const controller = new AbortController();
+        const timerId = setTimeout(() => controller.abort(), this.#timeout);
+        const headers = {
+            Authorization: `Bearer ${this.#apiKey}`,
+            'User-Agent': `@grantex/sdk/${SDK_VERSION}`,
+            Accept: 'application/json',
+        };
+        if (body !== undefined) {
+            headers['Content-Type'] = 'application/json';
+        }
+        let response;
+        try {
+            response = await fetch(url, {
+                method,
+                headers,
+                ...(body !== undefined ? { body: JSON.stringify(body) } : {}),
+                signal: controller.signal,
+            });
+        }
+        catch (err) {
+            const isTimeout = err instanceof Error && err.name === 'AbortError';
+            throw new GrantexNetworkError(isTimeout
+                ? `Request timed out after ${this.#timeout}ms`
+                : `Network error: ${err instanceof Error ? err.message : String(err)}`, err);
+        }
+        finally {
+            clearTimeout(timerId);
+        }
+        const requestId = response.headers.get('x-request-id') ?? undefined;
+        if (!response.ok) {
+            let responseBody;
+            try {
+                responseBody = await response.json();
+            }
+            catch {
+                responseBody = await response.text().catch(() => null);
+            }
+            const message = extractErrorMessage(responseBody, response.status);
+            if (response.status === 401 || response.status === 403) {
+                throw new GrantexAuthError(message, response.status, responseBody, requestId);
+            }
+            throw new GrantexApiError(message, response.status, responseBody, requestId);
+        }
+        if (response.status === 204) {
+            return undefined;
+        }
+        return response.json();
+    }
+}
+function extractErrorMessage(body, status) {
+    if (body !== null &&
+        typeof body === 'object' &&
+        'message' in body &&
+        typeof body['message'] === 'string') {
+        return body['message'];
+    }
+    if (body !== null &&
+        typeof body === 'object' &&
+        'error' in body &&
+        typeof body['error'] === 'string') {
+        return body['error'];
+    }
+    return `HTTP ${status}`;
+}
+//# sourceMappingURL=http.js.map

package/dist/http.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.js","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAErF,MAAM,WAAW,GAAG,OAAO,CAAC;AAC5B,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAQlC,MAAM,OAAO,UAAU;IACZ,QAAQ,CAAS;IACjB,OAAO,CAAS;IAChB,QAAQ,CAAS;IAE1B,YAAY,OAA0B;QACpC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QACnD,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC;QAC9B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,OAAO,IAAI,kBAAkB,CAAC;IACxD,CAAC;IAED,KAAK,CAAC,GAAG,CAAI,IAAY;QACvB,OAAO,IAAI,CAAC,QAAQ,CAAI,KAAK,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;IAClD,CAAC;IAED,KAAK,CAAC,IAAI,CAAI,IAAY,EAAE,IAAc;QACxC,OAAO,IAAI,CAAC,QAAQ,CAAI,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAC9C,CAAC;IAED,KAAK,CAAC,GAAG,CAAI,IAAY,EAAE,IAAc;QACvC,OAAO,IAAI,CAAC,QAAQ,CAAI,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,KAAK,CAAI,IAAY,EAAE,IAAc;QACzC,OAAO,IAAI,CAAC,QAAQ,CAAI,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAC/C,CAAC;IAED,KAAK,CAAC,MAAM,CAAI,IAAY;QAC1B,OAAO,IAAI,CAAC,QAAQ,CAAI,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,QAAQ,CAAI,MAAc,EAAE,IAAY,EAAE,IAAa;QAC3D,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,GAAG,IAAI,EAAE,CAAC;QACtC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAEpE,MAAM,OAAO,GAA2B;YACtC,aAAa,EAAE,UAAU,IAAI,CAAC,OAAO,EAAE;YACvC,YAAY,EAAE,gBAAgB,WAAW,EAAE;YAC3C,MAAM,EAAE,kBAAkB;SAC3B,CAAC;QAEF,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,OAAO,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;QAC/C,CAAC;QAED,IAAI,QAAkB,CAAC;QACvB,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAC1B,MAAM;gBACN,OAAO;gBACP,GAAG,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC7D,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,SAAS,GACb,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,CAAC;YACpD,MAAM,IAAI,mBAAmB,CAC3B,SAAS;gBACP,CAAC,CAAC,2BAA2B,IAAI,CAAC,QAAQ,IAAI;gBAC9C,CAAC,CAAC,kBAAkB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACxE,GAAG,CACJ,CAAC;QACJ,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QAED,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,SAAS,CAAC;QAEpE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,IAAI,YAAqB,CAAC;YAC1B,IAAI,CAAC;gBACH,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACvC,CAAC;YAAC,MAAM,CAAC;gBACP,YAAY,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;YACzD,CAAC;YAED,MAAM,OAAO,GAAG,mBAAmB,CAAC,YAAY,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;YAEnE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBACvD,MAAM,IAAI,gBAAgB,CACxB,OAAO,EACP,QAAQ,CAAC,MAAmB,EAC5B,YAAY,EACZ,SAAS,CACV,CAAC;YACJ,CAAC;YAED,MAAM,IAAI,eAAe,CAAC,OAAO,EAAE,QAAQ,CAAC,MAAM,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;QAC/E,CAAC;QAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,OAAO,SAAc,CAAC;QACxB,CAAC;QAED,OAAO,QAAQ,CAAC,IAAI,EAAgB,CAAC;IACvC,CAAC;CACF;AAED,SAAS,mBAAmB,CAAC,IAAa,EAAE,MAAc;IACxD,IACE,IAAI,KAAK,IAAI;QACb,OAAO,IAAI,KAAK,QAAQ;QACxB,SAAS,IAAI,IAAI;QACjB,OAAQ,IAAgC,CAAC,SAAS,CAAC,KAAK,QAAQ,EAChE,CAAC;QACD,OAAQ,IAA+B,CAAC,SAAS,CAAE,CAAC;IACtD,CAAC;IACD,IACE,IAAI,KAAK,IAAI;QACb,OAAO,IAAI,KAAK,QAAQ;QACxB,OAAO,IAAI,IAAI;QACf,OAAQ,IAAgC,CAAC,OAAO,CAAC,KAAK,QAAQ,EAC9D,CAAC;QACD,OAAQ,IAA+B,CAAC,OAAO,CAAE,CAAC;IACpD,CAAC;IACD,OAAO,QAAQ,MAAM,EAAE,CAAC;AAC1B,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+export { Grantex } from './client.js';
+export { verifyGrantToken } from './verify.js';
+export { verifyWebhookSignature } from './webhook.js';
+export { GrantexError, GrantexApiError, GrantexAuthError, GrantexTokenError, GrantexNetworkError, } from './errors.js';
+export type { GrantexClientOptions, Agent, RegisterAgentParams, UpdateAgentParams, ListAgentsResponse, AuthorizeParams, AuthorizationRequest, Grant, ListGrantsParams, ListGrantsResponse, VerifiedGrant, DelegateParams, VerifyTokenResponse, LogAuditParams, AuditEntry, ListAuditParams, ListAuditResponse, VerifyGrantTokenOptions, WebhookEventType, CreateWebhookParams, WebhookEndpoint, WebhookEndpointWithSecret, ListWebhooksResponse, SubscriptionStatus, CreateCheckoutParams, CheckoutResponse, CreatePortalParams, PortalResponse, Policy, CreatePolicyParams, UpdatePolicyParams, ListPoliciesResponse, AnomalyType, AnomalySeverity, Anomaly, DetectAnomaliesResponse, ListAnomaliesResponse, ScimEmail, ScimUserMeta, ScimUser, ScimListResponse, CreateScimUserParams, UpdateScimUserParams, ScimToken, ScimTokenWithSecret, CreateScimTokenParams, ListScimTokensResponse, SsoConfig, CreateSsoConfigParams, SsoLoginResponse, SsoCallbackResponse, ComplianceSummary, ComplianceExportGrantsParams, ComplianceExportAuditParams, ComplianceGrantsExport, ComplianceAuditExport, EvidencePackParams, EvidencePack, ChainIntegrity, } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAGtC,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAG/C,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AAGtD,OAAO,EACL,YAAY,EACZ,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,aAAa,CAAC;AAGrB,YAAY,EACV,oBAAoB,EAEpB,KAAK,EACL,mBAAmB,EACnB,iBAAiB,EACjB,kBAAkB,EAElB,eAAe,EACf,oBAAoB,EAEpB,KAAK,EACL,gBAAgB,EAChB,kBAAkB,EAClB,aAAa,EACb,cAAc,EAEd,mBAAmB,EAEnB,cAAc,EACd,UAAU,EACV,eAAe,EACf,iBAAiB,EAEjB,uBAAuB,EAEvB,gBAAgB,EAChB,mBAAmB,EACnB,eAAe,EACf,yBAAyB,EACzB,oBAAoB,EAEpB,kBAAkB,EAClB,oBAAoB,EACpB,gBAAgB,EAChB,kBAAkB,EAClB,cAAc,EAEd,MAAM,EACN,kBAAkB,EAClB,kBAAkB,EAClB,oBAAoB,EAEpB,WAAW,EACX,eAAe,EACf,OAAO,EACP,uBAAuB,EACvB,qBAAqB,EAErB,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,gBAAgB,EAChB,oBAAoB,EACpB,oBAAoB,EACpB,SAAS,EACT,mBAAmB,EACnB,qBAAqB,EACrB,sBAAsB,EAEtB,SAAS,EACT,qBAAqB,EACrB,gBAAgB,EAChB,mBAAmB,EAEnB,iBAAiB,EACjB,4BAA4B,EAC5B,2BAA2B,EAC3B,sBAAsB,EACtB,qBAAqB,EACrB,kBAAkB,EAClB,YAAY,EACZ,cAAc,GACf,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -0,0 +1,9 @@
+// Main client
+export { Grantex } from './client.js';
+// Standalone token verification (no Grantex account needed)
+export { verifyGrantToken } from './verify.js';
+// Webhook signature verification
+export { verifyWebhookSignature } from './webhook.js';
+// Error classes
+export { GrantexError, GrantexApiError, GrantexAuthError, GrantexTokenError, GrantexNetworkError, } from './errors.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc;AACd,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAEtC,4DAA4D;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C,iCAAiC;AACjC,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AAEtD,gBAAgB;AAChB,OAAO,EACL,YAAY,EACZ,eAAe,EACf,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,aAAa,CAAC"}

package/dist/resources/agents.d.ts

@@ -0,0 +1,12 @@
+import type { HttpClient } from '../http.js';
+import type { Agent, ListAgentsResponse, RegisterAgentParams, UpdateAgentParams } from '../types.js';
+export declare class AgentsClient {
+    #private;
+    constructor(http: HttpClient);
+    register(params: RegisterAgentParams): Promise<Agent>;
+    get(agentId: string): Promise<Agent>;
+    list(): Promise<ListAgentsResponse>;
+    update(agentId: string, params: UpdateAgentParams): Promise<Agent>;
+    delete(agentId: string): Promise<void>;
+}
+//# sourceMappingURL=agents.d.ts.map

package/dist/resources/agents.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agents.d.ts","sourceRoot":"","sources":["../../src/resources/agents.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,KAAK,EACV,KAAK,EACL,kBAAkB,EAClB,mBAAmB,EACnB,iBAAiB,EAClB,MAAM,aAAa,CAAC;AAErB,qBAAa,YAAY;;gBAGX,IAAI,EAAE,UAAU;IAI5B,QAAQ,CAAC,MAAM,EAAE,mBAAmB,GAAG,OAAO,CAAC,KAAK,CAAC;IAIrD,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;IAIpC,IAAI,IAAI,OAAO,CAAC,kBAAkB,CAAC;IAInC,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,iBAAiB,GAAG,OAAO,CAAC,KAAK,CAAC;IAIlE,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAGvC"}

package/dist/resources/agents.js

@@ -0,0 +1,22 @@
+export class AgentsClient {
+    #http;
+    constructor(http) {
+        this.#http = http;
+    }
+    register(params) {
+        return this.#http.post('/v1/agents', params);
+    }
+    get(agentId) {
+        return this.#http.get(`/v1/agents/${agentId}`);
+    }
+    list() {
+        return this.#http.get('/v1/agents');
+    }
+    update(agentId, params) {
+        return this.#http.post(`/v1/agents/${agentId}`, params);
+    }
+    delete(agentId) {
+        return this.#http.delete(`/v1/agents/${agentId}`);
+    }
+}
+//# sourceMappingURL=agents.js.map

package/dist/resources/agents.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agents.js","sourceRoot":"","sources":["../../src/resources/agents.ts"],"names":[],"mappings":"AAQA,MAAM,OAAO,YAAY;IACd,KAAK,CAAa;IAE3B,YAAY,IAAgB;QAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;IACpB,CAAC;IAED,QAAQ,CAAC,MAA2B;QAClC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAQ,YAAY,EAAE,MAAM,CAAC,CAAC;IACtD,CAAC;IAED,GAAG,CAAC,OAAe;QACjB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAQ,cAAc,OAAO,EAAE,CAAC,CAAC;IACxD,CAAC;IAED,IAAI;QACF,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAqB,YAAY,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,CAAC,OAAe,EAAE,MAAyB;QAC/C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAQ,cAAc,OAAO,EAAE,EAAE,MAAM,CAAC,CAAC;IACjE,CAAC;IAED,MAAM,CAAC,OAAe;QACpB,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAO,cAAc,OAAO,EAAE,CAAC,CAAC;IAC1D,CAAC;CACF"}

package/dist/resources/anomalies.d.ts

@@ -0,0 +1,15 @@
+import type { HttpClient } from '../http.js';
+import type { Anomaly, DetectAnomaliesResponse, ListAnomaliesResponse } from '../types.js';
+export declare class AnomaliesClient {
+    #private;
+    constructor(http: HttpClient);
+    /** Run anomaly detection across all agents and return detected anomalies. */
+    detect(): Promise<DetectAnomaliesResponse>;
+    /** List stored anomalies. Pass `{ unacknowledged: true }` to filter to open ones only. */
+    list(params?: {
+        unacknowledged?: boolean;
+    }): Promise<ListAnomaliesResponse>;
+    /** Acknowledge an anomaly by ID. */
+    acknowledge(anomalyId: string): Promise<Anomaly>;
+}
+//# sourceMappingURL=anomalies.d.ts.map

package/dist/resources/anomalies.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"anomalies.d.ts","sourceRoot":"","sources":["../../src/resources/anomalies.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,KAAK,EACV,OAAO,EACP,uBAAuB,EACvB,qBAAqB,EACtB,MAAM,aAAa,CAAC;AAErB,qBAAa,eAAe;;gBAGd,IAAI,EAAE,UAAU;IAI5B,6EAA6E;IAC7E,MAAM,IAAI,OAAO,CAAC,uBAAuB,CAAC;IAI1C,0FAA0F;IAC1F,IAAI,CAAC,MAAM,CAAC,EAAE;QAAE,cAAc,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAK3E,oCAAoC;IACpC,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAGjD"}

package/dist/resources/anomalies.js

@@ -0,0 +1,20 @@
+export class AnomaliesClient {
+    #http;
+    constructor(http) {
+        this.#http = http;
+    }
+    /** Run anomaly detection across all agents and return detected anomalies. */
+    detect() {
+        return this.#http.post('/v1/anomalies/detect', {});
+    }
+    /** List stored anomalies. Pass `{ unacknowledged: true }` to filter to open ones only. */
+    list(params) {
+        const qs = params?.unacknowledged ? '?unacknowledged=true' : '';
+        return this.#http.get(`/v1/anomalies${qs}`);
+    }
+    /** Acknowledge an anomaly by ID. */
+    acknowledge(anomalyId) {
+        return this.#http.patch(`/v1/anomalies/${anomalyId}/acknowledge`, {});
+    }
+}
+//# sourceMappingURL=anomalies.js.map

package/dist/resources/anomalies.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"anomalies.js","sourceRoot":"","sources":["../../src/resources/anomalies.ts"],"names":[],"mappings":"AAOA,MAAM,OAAO,eAAe;IACjB,KAAK,CAAa;IAE3B,YAAY,IAAgB;QAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;IACpB,CAAC;IAED,6EAA6E;IAC7E,MAAM;QACJ,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAA0B,sBAAsB,EAAE,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,0FAA0F;IAC1F,IAAI,CAAC,MAAqC;QACxC,MAAM,EAAE,GAAG,MAAM,EAAE,cAAc,CAAC,CAAC,CAAC,sBAAsB,CAAC,CAAC,CAAC,EAAE,CAAC;QAChE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAwB,gBAAgB,EAAE,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,oCAAoC;IACpC,WAAW,CAAC,SAAiB;QAC3B,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,CAAU,iBAAiB,SAAS,cAAc,EAAE,EAAE,CAAC,CAAC;IACjF,CAAC;CACF"}

package/dist/resources/audit.d.ts

@@ -0,0 +1,10 @@
+import type { HttpClient } from '../http.js';
+import type { AuditEntry, ListAuditParams, ListAuditResponse, LogAuditParams } from '../types.js';
+export declare class AuditClient {
+    #private;
+    constructor(http: HttpClient);
+    log(params: LogAuditParams): Promise<AuditEntry>;
+    list(params?: ListAuditParams): Promise<ListAuditResponse>;
+    get(entryId: string): Promise<AuditEntry>;
+}
+//# sourceMappingURL=audit.d.ts.map

package/dist/resources/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/resources/audit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,KAAK,EACV,UAAU,EACV,eAAe,EACf,iBAAiB,EACjB,cAAc,EACf,MAAM,aAAa,CAAC;AAErB,qBAAa,WAAW;;gBAGV,IAAI,EAAE,UAAU;IAI5B,GAAG,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC;IAIhD,IAAI,CAAC,MAAM,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAM1D,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;CAG1C"}

package/dist/resources/audit.js

@@ -0,0 +1,28 @@
+export class AuditClient {
+    #http;
+    constructor(http) {
+        this.#http = http;
+    }
+    log(params) {
+        return this.#http.post('/v1/audit/log', params);
+    }
+    list(params) {
+        const query = buildQuery(params);
+        const path = query ? `/v1/audit/entries?${query}` : '/v1/audit/entries';
+        return this.#http.get(path);
+    }
+    get(entryId) {
+        return this.#http.get(`/v1/audit/${entryId}`);
+    }
+}
+function buildQuery(params) {
+    if (!params)
+        return '';
+    const entries = Object.entries(params).filter(([, v]) => v !== undefined && v !== null);
+    if (entries.length === 0)
+        return '';
+    return entries
+        .map(([k, v]) => `${encodeURIComponent(k)}=${encodeURIComponent(String(v))}`)
+        .join('&');
+}
+//# sourceMappingURL=audit.js.map

package/dist/resources/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/resources/audit.ts"],"names":[],"mappings":"AAQA,MAAM,OAAO,WAAW;IACb,KAAK,CAAa;IAE3B,YAAY,IAAgB;QAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;IACpB,CAAC;IAED,GAAG,CAAC,MAAsB;QACxB,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAa,eAAe,EAAE,MAAM,CAAC,CAAC;IAC9D,CAAC;IAED,IAAI,CAAC,MAAwB;QAC3B,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,qBAAqB,KAAK,EAAE,CAAC,CAAC,CAAC,mBAAmB,CAAC;QACxE,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB,IAAI,CAAC,CAAC;IACjD,CAAC;IAED,GAAG,CAAC,OAAe;QACjB,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAa,aAAa,OAAO,EAAE,CAAC,CAAC;IAC5D,CAAC;CACF;AAED,SAAS,UAAU,CAAC,MAAwB;IAC1C,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,CAAC;IACvB,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAC3C,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,IAAI,CACL,CAAC;IACtC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACpC,OAAO,OAAO;SACX,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,kBAAkB,CAAC,CAAC,CAAC,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SAC5E,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC"}

package/dist/resources/billing.d.ts

@@ -0,0 +1,13 @@
+import type { HttpClient } from '../http.js';
+import type { CheckoutResponse, CreateCheckoutParams, CreatePortalParams, PortalResponse, SubscriptionStatus } from '../types.js';
+export declare class BillingClient {
+    #private;
+    constructor(http: HttpClient);
+    /** Get the current subscription status for the authenticated developer. */
+    getSubscription(): Promise<SubscriptionStatus>;
+    /** Create a Stripe Checkout session and return the redirect URL. */
+    createCheckout(params: CreateCheckoutParams): Promise<CheckoutResponse>;
+    /** Create a Stripe Billing Portal session and return the redirect URL. */
+    createPortal(params: CreatePortalParams): Promise<PortalResponse>;
+}
+//# sourceMappingURL=billing.d.ts.map

package/dist/resources/billing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"billing.d.ts","sourceRoot":"","sources":["../../src/resources/billing.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,KAAK,EACV,gBAAgB,EAChB,oBAAoB,EACpB,kBAAkB,EAClB,cAAc,EACd,kBAAkB,EACnB,MAAM,aAAa,CAAC;AAErB,qBAAa,aAAa;;gBAGZ,IAAI,EAAE,UAAU;IAI5B,2EAA2E;IAC3E,eAAe,IAAI,OAAO,CAAC,kBAAkB,CAAC;IAI9C,oEAAoE;IACpE,cAAc,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAIvE,0EAA0E;IAC1E,YAAY,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,cAAc,CAAC;CAGlE"}

package/dist/resources/billing.js

@@ -0,0 +1,19 @@
+export class BillingClient {
+    #http;
+    constructor(http) {
+        this.#http = http;
+    }
+    /** Get the current subscription status for the authenticated developer. */
+    getSubscription() {
+        return this.#http.get('/v1/billing/subscription');
+    }
+    /** Create a Stripe Checkout session and return the redirect URL. */
+    createCheckout(params) {
+        return this.#http.post('/v1/billing/checkout', params);
+    }
+    /** Create a Stripe Billing Portal session and return the redirect URL. */
+    createPortal(params) {
+        return this.#http.post('/v1/billing/portal', params);
+    }
+}
+//# sourceMappingURL=billing.js.map

package/dist/resources/billing.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"billing.js","sourceRoot":"","sources":["../../src/resources/billing.ts"],"names":[],"mappings":"AASA,MAAM,OAAO,aAAa;IACf,KAAK,CAAa;IAE3B,YAAY,IAAgB;QAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;IACpB,CAAC;IAED,2EAA2E;IAC3E,eAAe;QACb,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAqB,0BAA0B,CAAC,CAAC;IACxE,CAAC;IAED,oEAAoE;IACpE,cAAc,CAAC,MAA4B;QACzC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAmB,sBAAsB,EAAE,MAAM,CAAC,CAAC;IAC3E,CAAC;IAED,0EAA0E;IAC1E,YAAY,CAAC,MAA0B;QACrC,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAiB,oBAAoB,EAAE,MAAM,CAAC,CAAC;IACvE,CAAC;CACF"}

package/dist/resources/compliance.d.ts

@@ -0,0 +1,18 @@
+import type { HttpClient } from '../http.js';
+import type { ComplianceAuditExport, ComplianceExportAuditParams, ComplianceExportGrantsParams, ComplianceGrantsExport, ComplianceSummary, EvidencePack, EvidencePackParams } from '../types.js';
+export declare class ComplianceClient {
+    #private;
+    constructor(http: HttpClient);
+    /** Get an org-wide compliance summary (agents, grants, audit, policies, plan). */
+    getSummary(params?: {
+        since?: string;
+        until?: string;
+    }): Promise<ComplianceSummary>;
+    /** Export all grants (optionally filtered). */
+    exportGrants(params?: ComplianceExportGrantsParams): Promise<ComplianceGrantsExport>;
+    /** Export all audit entries (optionally filtered). */
+    exportAudit(params?: ComplianceExportAuditParams): Promise<ComplianceAuditExport>;
+    /** Generate a full SOC2/GDPR evidence pack with chain integrity verification. */
+    evidencePack(params?: EvidencePackParams): Promise<EvidencePack>;
+}
+//# sourceMappingURL=compliance.d.ts.map

package/dist/resources/compliance.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"compliance.d.ts","sourceRoot":"","sources":["../../src/resources/compliance.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,KAAK,EACV,qBAAqB,EACrB,2BAA2B,EAC3B,4BAA4B,EAC5B,sBAAsB,EACtB,iBAAiB,EACjB,YAAY,EACZ,kBAAkB,EACnB,MAAM,aAAa,CAAC;AAErB,qBAAa,gBAAgB;;gBAGf,IAAI,EAAE,UAAU;IAI5B,kFAAkF;IAClF,UAAU,CAAC,MAAM,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAMnF,+CAA+C;IAC/C,YAAY,CAAC,MAAM,CAAC,EAAE,4BAA4B,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAQpF,sDAAsD;IACtD,WAAW,CAAC,MAAM,CAAC,EAAE,2BAA2B,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAQjF,iFAAiF;IACjF,YAAY,CAAC,MAAM,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,YAAY,CAAC;CAOjE"}

package/dist/resources/compliance.js

@@ -0,0 +1,47 @@
+export class ComplianceClient {
+    #http;
+    constructor(http) {
+        this.#http = http;
+    }
+    /** Get an org-wide compliance summary (agents, grants, audit, policies, plan). */
+    getSummary(params) {
+        const query = buildQuery(params);
+        const path = query ? `/v1/compliance/summary?${query}` : '/v1/compliance/summary';
+        return this.#http.get(path);
+    }
+    /** Export all grants (optionally filtered). */
+    exportGrants(params) {
+        const query = buildQuery(params);
+        const path = query
+            ? `/v1/compliance/export/grants?${query}`
+            : '/v1/compliance/export/grants';
+        return this.#http.get(path);
+    }
+    /** Export all audit entries (optionally filtered). */
+    exportAudit(params) {
+        const query = buildQuery(params);
+        const path = query
+            ? `/v1/compliance/export/audit?${query}`
+            : '/v1/compliance/export/audit';
+        return this.#http.get(path);
+    }
+    /** Generate a full SOC2/GDPR evidence pack with chain integrity verification. */
+    evidencePack(params) {
+        const query = buildQuery(params);
+        const path = query
+            ? `/v1/compliance/evidence-pack?${query}`
+            : '/v1/compliance/evidence-pack';
+        return this.#http.get(path);
+    }
+}
+function buildQuery(params) {
+    if (!params)
+        return '';
+    const entries = Object.entries(params).filter(([, v]) => v !== undefined && v !== null);
+    if (entries.length === 0)
+        return '';
+    return entries
+        .map(([k, v]) => `${encodeURIComponent(k)}=${encodeURIComponent(String(v))}`)
+        .join('&');
+}
+//# sourceMappingURL=compliance.js.map

package/dist/resources/compliance.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"compliance.js","sourceRoot":"","sources":["../../src/resources/compliance.ts"],"names":[],"mappings":"AAWA,MAAM,OAAO,gBAAgB;IAClB,KAAK,CAAa;IAE3B,YAAY,IAAgB;QAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;IACpB,CAAC;IAED,kFAAkF;IAClF,UAAU,CAAC,MAA2C;QACpD,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,0BAA0B,KAAK,EAAE,CAAC,CAAC,CAAC,wBAAwB,CAAC;QAClF,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAoB,IAAI,CAAC,CAAC;IACjD,CAAC;IAED,+CAA+C;IAC/C,YAAY,CAAC,MAAqC;QAChD,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,KAAK;YAChB,CAAC,CAAC,gCAAgC,KAAK,EAAE;YACzC,CAAC,CAAC,8BAA8B,CAAC;QACnC,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAyB,IAAI,CAAC,CAAC;IACtD,CAAC;IAED,sDAAsD;IACtD,WAAW,CAAC,MAAoC;QAC9C,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,KAAK;YAChB,CAAC,CAAC,+BAA+B,KAAK,EAAE;YACxC,CAAC,CAAC,6BAA6B,CAAC;QAClC,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAwB,IAAI,CAAC,CAAC;IACrD,CAAC;IAED,iFAAiF;IACjF,YAAY,CAAC,MAA2B;QACtC,MAAM,KAAK,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,IAAI,GAAG,KAAK;YAChB,CAAC,CAAC,gCAAgC,KAAK,EAAE;YACzC,CAAC,CAAC,8BAA8B,CAAC;QACnC,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAe,IAAI,CAAC,CAAC;IAC5C,CAAC;CACF;AAED,SAAS,UAAU,CAAC,MAAe;IACjC,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,CAAC;IACvB,MAAM,OAAO,GAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAA8B,CAAC,MAAM,CACzE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,IAAI,CACd,CAAC;IAC7B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IACpC,OAAO,OAAO;SACX,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,kBAAkB,CAAC,CAAC,CAAC,IAAI,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;SAC5E,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC"}

package/dist/resources/grants.d.ts

@@ -0,0 +1,25 @@
+import type { HttpClient } from '../http.js';
+import type { Grant, ListGrantsParams, ListGrantsResponse, VerifiedGrant, DelegateParams } from '../types.js';
+export declare class GrantsClient {
+    #private;
+    constructor(http: HttpClient);
+    get(grantId: string): Promise<Grant>;
+    list(params?: ListGrantsParams): Promise<ListGrantsResponse>;
+    revoke(grantId: string): Promise<void>;
+    /**
+     * Create a delegated sub-agent grant (SPEC §9).
+     */
+    delegate(params: DelegateParams): Promise<{
+        grantToken: string;
+        expiresAt: string;
+        scopes: string[];
+        grantId: string;
+    }>;
+    /**
+     * Verify a grant token via the API (online verification).
+     * Returns a clean VerifiedGrant shape by decoding the raw token returned
+     * from the server to fill fields the summary response may omit.
+     */
+    verify(token: string): Promise<VerifiedGrant>;
+}
+//# sourceMappingURL=grants.d.ts.map

package/dist/resources/grants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"grants.d.ts","sourceRoot":"","sources":["../../src/resources/grants.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAE7C,OAAO,KAAK,EACV,KAAK,EACL,gBAAgB,EAChB,kBAAkB,EAClB,aAAa,EACb,cAAc,EACf,MAAM,aAAa,CAAC;AAErB,qBAAa,YAAY;;gBAGX,IAAI,EAAE,UAAU;IAI5B,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;IAIpC,IAAI,CAAC,MAAM,CAAC,EAAE,gBAAgB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAM5D,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAItC;;OAEG;IACH,QAAQ,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,EAAE,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAIvH;;;;OAIG;IACG,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;CASpD"}