@iblai/iblai-api 2025.11.7-google-a2a-core → 2025.11.10-google-a2a-core

package/dist/types/services/CoreService.d.ts

@@ -722,15 +722,23 @@ export declare class CoreService {
     }): CancelablePromise<Record<string, any>>;
     /**
      * List RBAC groups
-     * Retrieve a list of RBAC groups. Can be filtered by platform_key.
+     * Retrieve a list of RBAC groups. Can be filtered by platform_key, owner, name, username, or email. Use include_users to control response payload.
      * @returns PaginatedRbacGroupList
      * @throws ApiError
      */
-    static coreRbacGroupsList({ includeUsers, owner, page, pageSize, platformKey, }: {
+    static coreRbacGroupsList({ email, includeUsers, name, owner, page, pageSize, platformKey, username, }: {
         /**
-         * Include user information in response (default: false for performance)
+         * Filter groups by email (exact match, case-insensitive)
+         */
+        email?: string;
+        /**
+         * Include user information in response (default: true)
          */
         includeUsers?: boolean;
+        /**
+         * Filter groups by name (case-insensitive partial match)
+         */
+        name?: string;
         /**
          * Filter groups by owner username
          */
@@ -747,6 +755,10 @@ export declare class CoreService {
          * Filter groups by platform key
          */
         platformKey?: string;
+        /**
+         * Filter groups by username (exact match, case-insensitive)
+         */
+        username?: string;
     }): CancelablePromise<PaginatedRbacGroupList>;
     /**
      * Create RBAC group
@@ -771,7 +783,7 @@ export declare class CoreService {
     }): CancelablePromise<RbacGroup>;
     /**
      * Update RBAC group
-     * Update an existing RBAC group. Platform validation applies for user assignments.
+     * Update an existing RBAC group. Platform validation applies for user assignments. Cannot update internal system groups.
      * @returns RbacGroup
      * @throws ApiError
      */
@@ -784,7 +796,7 @@ export declare class CoreService {
     }): CancelablePromise<RbacGroup>;
     /**
      * Partially update RBAC group
-     * Partially update an existing RBAC group. Platform validation applies for user assignments.
+     * Partially update an existing RBAC group. Platform validation applies for user assignments. Cannot update internal system groups.
      * @returns RbacGroup
      * @throws ApiError
      */
@@ -797,7 +809,7 @@ export declare class CoreService {
     }): CancelablePromise<RbacGroup>;
     /**
      * Delete RBAC group
-     * Delete an RBAC group and all associated group role assignments.
+     * Delete an RBAC group and all associated group role assignments. Cannot delete internal system groups.
      * @returns void
      * @throws ApiError
      */
@@ -847,11 +859,31 @@ export declare class CoreService {
     }): CancelablePromise<any>;
     /**
      * List RBAC policies
-     * Retrieve a list of RBAC policies. Can be filtered by platform_key or role_id.
+     * Retrieve a list of RBAC policies. Can be filtered by platform_key, role_id, name, username, email, or group. Use include_users and include_groups to control response payload.
      * @returns PaginatedRbacPolicyList
      * @throws ApiError
      */
-    static coreRbacPoliciesList({ page, pageSize, platformKey, roleId, }: {
+    static coreRbacPoliciesList({ email, group, includeGroups, includeUsers, name, page, pageSize, platformKey, roleId, username, }: {
+        /**
+         * Filter policies by email (exact match, case-insensitive) - includes users in policy or in policy's groups
+         */
+        email?: string;
+        /**
+         * Filter policies by group name (exact match, case-insensitive)
+         */
+        group?: string;
+        /**
+         * Include group information in response (default: true)
+         */
+        includeGroups?: boolean;
+        /**
+         * Include user information in response (default: true)
+         */
+        includeUsers?: boolean;
+        /**
+         * Filter policies by name (case-insensitive partial match)
+         */
+        name?: string;
         /**
          * A page number within the paginated result set.
          */
@@ -868,6 +900,10 @@ export declare class CoreService {
          * Filter policies by role ID
          */
         roleId?: number;
+        /**
+         * Filter policies by username (exact match, case-insensitive) - includes users in policy or in policy's groups
+         */
+        username?: string;
     }): CancelablePromise<PaginatedRbacPolicyList>;
     /**
      * Create RBAC policy
@@ -934,11 +970,15 @@ export declare class CoreService {
     }): CancelablePromise<void>;
     /**
      * List RBAC roles
-     * Retrieve a list of RBAC roles. Can be filtered by platform_key.
+     * Retrieve a list of RBAC roles. Can be filtered by platform_key and name.
      * @returns PaginatedRbacRoleList
      * @throws ApiError
      */
-    static coreRbacRolesList({ page, pageSize, platformKey, }: {
+    static coreRbacRolesList({ name, page, pageSize, platformKey, }: {
+        /**
+         * Filter roles by name (case-insensitive partial match)
+         */
+        name?: string;
         /**
          * A page number within the paginated result set.
          */
@@ -1001,7 +1041,7 @@ export declare class CoreService {
     }): CancelablePromise<RbacRole>;
     /**
      * Delete RBAC role
-     * Delete an RBAC role.
+     * Delete an RBAC role. WARNING: Deleting a role will remove all policies referencing it.
      * @returns void
      * @throws ApiError
      */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@iblai/iblai-api",
-  "version": "2025.11.7-google-a2a-core",
+  "version": "2025.11.10-google-a2a-core",
   "main": "dist/index.cjs.js",
   "module": "dist/index.esm.js",
   "type": "module",

package/sdk_schema.yml

@@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
   title: ibl-data-manager
-  version: 4.82.1-core
+  version: 4.88.3-core
   description: API for iblai
 paths:
   /api/analytics/content/:
@@ -16568,15 +16568,28 @@ paths:
   /api/core/rbac/groups/:
     get:
       operationId: core_rbac_groups_list
-      description: Retrieve a list of RBAC groups. Can be filtered by platform_key.
+      description: Retrieve a list of RBAC groups. Can be filtered by platform_key,
+        owner, name, username, or email. Use include_users to control response payload.
       summary: List RBAC groups
       parameters:
+      - in: query
+        name: email
+        schema:
+          type: string
+          minLength: 1
+        description: Filter groups by email (exact match, case-insensitive)
       - in: query
         name: include_users
         schema:
           type: boolean
           default: true
-        description: 'Include user information in response (default: false for performance)'
+        description: 'Include user information in response (default: true)'
+      - in: query
+        name: name
+        schema:
+          type: string
+          minLength: 1
+        description: Filter groups by name (case-insensitive partial match)
       - in: query
         name: owner
         schema:
@@ -16601,6 +16614,12 @@ paths:
           type: string
           minLength: 1
         description: Filter groups by platform key
+      - in: query
+        name: username
+        schema:
+          type: string
+          minLength: 1
+        description: Filter groups by username (exact match, case-insensitive)
       tags:
       - core
       security:
@@ -16612,6 +16631,8 @@ paths:
               schema:
                 $ref: '#/components/schemas/PaginatedRbacGroupList'
           description: ''
+        '403':
+          description: Permission denied - insufficient RBAC permissions
     post:
       operationId: core_rbac_groups_create
       description: Create a new RBAC group for a platform. Users can be assigned during
@@ -16651,6 +16672,8 @@ paths:
             Invalid input data. Common errors include:
             - Users do not belong to the specified platform
             - Invalid user IDs provided
+        '403':
+          description: Permission denied - insufficient RBAC permissions
   /api/core/rbac/groups/{id}/:
     get:
       operationId: core_rbac_groups_retrieve
@@ -16674,12 +16697,14 @@ paths:
               schema:
                 $ref: '#/components/schemas/RbacGroup'
           description: ''
+        '403':
+          description: Permission denied - insufficient RBAC permissions
         '404':
           description: Group not found
     put:
       operationId: core_rbac_groups_update
       description: Update an existing RBAC group. Platform validation applies for
-        user assignments.
+        user assignments. Cannot update internal system groups.
       summary: Update RBAC group
       parameters:
       - in: path
@@ -16722,12 +16747,15 @@ paths:
             Invalid input data. Common errors include:
             - Users do not belong to the specified platform
             - Invalid user IDs provided
+        '403':
+          description: Permission denied - insufficient RBAC permissions or attempting
+            to edit internal system group
         '404':
           description: Group not found
     patch:
       operationId: core_rbac_groups_partial_update
       description: Partially update an existing RBAC group. Platform validation applies
-        for user assignments.
+        for user assignments. Cannot update internal system groups.
       summary: Partially update RBAC group
       parameters:
       - in: path
@@ -16769,11 +16797,15 @@ paths:
             Invalid input data. Common errors include:
             - Users do not belong to the specified platform
             - Invalid user IDs provided
+        '403':
+          description: Permission denied - insufficient RBAC permissions or attempting
+            to edit internal system group
         '404':
           description: Group not found
     delete:
       operationId: core_rbac_groups_destroy
       description: Delete an RBAC group and all associated group role assignments.
+        Cannot delete internal system groups.
       summary: Delete RBAC group
       parameters:
       - in: path
@@ -16796,6 +16828,9 @@ paths:
       responses:
         '204':
           description: Group deleted successfully
+        '403':
+          description: Permission denied - insufficient RBAC permissions or attempting
+            to delete internal system group
         '404':
           description: Group not found
   /api/core/rbac/mentor-access/:
@@ -16925,10 +16960,42 @@ paths:
   /api/core/rbac/policies/:
     get:
       operationId: core_rbac_policies_list
-      description: Retrieve a list of RBAC policies. Can be filtered by platform_key
-        or role_id.
+      description: Retrieve a list of RBAC policies. Can be filtered by platform_key,
+        role_id, name, username, email, or group. Use include_users and include_groups
+        to control response payload.
       summary: List RBAC policies
       parameters:
+      - in: query
+        name: email
+        schema:
+          type: string
+          minLength: 1
+        description: Filter policies by email (exact match, case-insensitive) - includes
+          users in policy or in policy's groups
+      - in: query
+        name: group
+        schema:
+          type: string
+          minLength: 1
+        description: Filter policies by group name (exact match, case-insensitive)
+      - in: query
+        name: include_groups
+        schema:
+          type: boolean
+          default: true
+        description: 'Include group information in response (default: true)'
+      - in: query
+        name: include_users
+        schema:
+          type: boolean
+          default: true
+        description: 'Include user information in response (default: true)'
+      - in: query
+        name: name
+        schema:
+          type: string
+          minLength: 1
+        description: Filter policies by name (case-insensitive partial match)
       - name: page
         required: false
         in: query
@@ -16952,6 +17019,13 @@ paths:
         schema:
           type: integer
         description: Filter policies by role ID
+      - in: query
+        name: username
+        schema:
+          type: string
+          minLength: 1
+        description: Filter policies by username (exact match, case-insensitive) -
+          includes users in policy or in policy's groups
       tags:
       - core
       security:
@@ -16963,6 +17037,8 @@ paths:
               schema:
                 $ref: '#/components/schemas/PaginatedRbacPolicyList'
           description: ''
+        '403':
+          description: Permission denied - insufficient RBAC permissions
     post:
       operationId: core_rbac_policies_create
       description: Create a new RBAC policy that defines resource access for a role
@@ -16999,6 +17075,8 @@ paths:
         '400':
           description: 'Invalid input data. Common errors include: invalid user/group
             IDs, users/groups not belonging to the platform, or invalid resource paths.'
+        '403':
+          description: Permission denied - insufficient RBAC permissions
   /api/core/rbac/policies/{id}/:
     get:
       operationId: core_rbac_policies_retrieve
@@ -17023,6 +17101,8 @@ paths:
               schema:
                 $ref: '#/components/schemas/RbacPolicy'
           description: ''
+        '403':
+          description: Permission denied - insufficient RBAC permissions
         '404':
           description: Policy not found
     put:
@@ -17068,6 +17148,8 @@ paths:
         '400':
           description: 'Invalid input data. Common errors include: invalid user/group
             IDs, users/groups not belonging to the platform, or invalid resource paths.'
+        '403':
+          description: Permission denied - insufficient RBAC permissions
         '404':
           description: Policy not found
     patch:
@@ -17113,6 +17195,8 @@ paths:
         '400':
           description: 'Invalid input data. Common errors include: invalid user/group
             IDs, users/groups not belonging to the platform, or invalid resource paths.'
+        '403':
+          description: Permission denied - insufficient RBAC permissions
         '404':
           description: Policy not found
     delete:
@@ -17140,14 +17224,23 @@ paths:
       responses:
         '204':
           description: Policy deleted successfully
+        '403':
+          description: Permission denied - insufficient RBAC permissions
         '404':
           description: Policy not found
   /api/core/rbac/roles/:
     get:
       operationId: core_rbac_roles_list
-      description: Retrieve a list of RBAC roles. Can be filtered by platform_key.
+      description: Retrieve a list of RBAC roles. Can be filtered by platform_key
+        and name.
       summary: List RBAC roles
       parameters:
+      - in: query
+        name: name
+        schema:
+          type: string
+          minLength: 1
+        description: Filter roles by name (case-insensitive partial match)
       - name: page
         required: false
         in: query
@@ -17177,6 +17270,8 @@ paths:
               schema:
                 $ref: '#/components/schemas/PaginatedRbacRoleList'
           description: ''
+        '403':
+          description: Permission denied - insufficient RBAC permissions
     post:
       operationId: core_rbac_roles_create
       description: Create a new RBAC role for a platform.
@@ -17212,6 +17307,8 @@ paths:
           description: ''
         '400':
           description: Invalid input data
+        '403':
+          description: Permission denied - insufficient RBAC permissions
   /api/core/rbac/roles/{id}/:
     get:
       operationId: core_rbac_roles_retrieve
@@ -17235,6 +17332,8 @@ paths:
               schema:
                 $ref: '#/components/schemas/RbacRole'
           description: ''
+        '403':
+          description: Permission denied - insufficient RBAC permissions
         '404':
           description: Role not found
     put:
@@ -17279,6 +17378,8 @@ paths:
           description: ''
         '400':
           description: Invalid input data
+        '403':
+          description: Permission denied - insufficient RBAC permissions
         '404':
           description: Role not found
     patch:
@@ -17322,11 +17423,14 @@ paths:
           description: ''
         '400':
           description: Invalid input data
+        '403':
+          description: Permission denied - insufficient RBAC permissions
         '404':
           description: Role not found
     delete:
       operationId: core_rbac_roles_destroy
-      description: Delete an RBAC role.
+      description: 'Delete an RBAC role. WARNING: Deleting a role will remove all
+        policies referencing it.'
       summary: Delete RBAC role
       parameters:
       - in: path
@@ -17349,6 +17453,8 @@ paths:
       responses:
         '204':
           description: Role deleted successfully
+        '403':
+          description: Permission denied - insufficient RBAC permissions
         '404':
           description: Role not found
   /api/core/rbac/student-llm-access/set/:
@@ -37234,6 +37340,11 @@ components:
             type: integer
           writeOnly: true
           description: List of user IDs to remove from this group
+        is_internal:
+          type: boolean
+          readOnly: true
+          description: When True, this group is internal to the system and cannot
+            be viewed or modified by tenants via API endpoints.
     PatchedRbacPolicy:
       type: object
       description: Serializer for policies.
@@ -37303,6 +37414,11 @@ components:
             type: integer
           writeOnly: true
           description: List of group IDs to remove from this Policy
+        is_internal:
+          type: boolean
+          readOnly: true
+          description: When True, this policy is internal to the system and cannot
+            be viewed or modified by tenants via API endpoints.
     PatchedRbacRole:
       type: object
       description: Serializer for roles.
@@ -37334,6 +37450,11 @@ components:
             type: string
           description: List of data actions/permissions this role can perform for
             field-level access (e.g., ['Ibl.Mentor/Settings/name/read', 'Ibl.Mentor/Settings/email/write'])
+        is_internal:
+          type: boolean
+          readOnly: true
+          description: When True, this role is internal to the system and cannot be
+            viewed or modified by tenants via API endpoints.
     PatchedSCIMGroup:
       type: object
       description: SCIM group serializer for RBAC group management
@@ -40638,8 +40759,14 @@ components:
             type: integer
           writeOnly: true
           description: List of user IDs to remove from this group
+        is_internal:
+          type: boolean
+          readOnly: true
+          description: When True, this group is internal to the system and cannot
+            be viewed or modified by tenants via API endpoints.
       required:
       - id
+      - is_internal
       - owner
       - platform
       - platform_key
@@ -40733,9 +40860,15 @@ components:
             type: integer
           writeOnly: true
           description: List of group IDs to remove from this Policy
+        is_internal:
+          type: boolean
+          readOnly: true
+          description: When True, this policy is internal to the system and cannot
+            be viewed or modified by tenants via API endpoints.
       required:
       - groups
       - id
+      - is_internal
       - platform
       - platform_key
       - resources
@@ -40797,8 +40930,14 @@ components:
             type: string
           description: List of data actions/permissions this role can perform for
             field-level access (e.g., ['Ibl.Mentor/Settings/name/read', 'Ibl.Mentor/Settings/email/write'])
+        is_internal:
+          type: boolean
+          readOnly: true
+          description: When True, this role is internal to the system and cannot be
+            viewed or modified by tenants via API endpoints.
       required:
       - id
+      - is_internal
       - name
       - platform
       - platform_key
@@ -40815,6 +40954,12 @@ components:
           nullable: true
           description: edX username
           maxLength: 100
+        email:
+          type: string
+          format: email
+          nullable: true
+          description: edX email
+          maxLength: 254
       required:
       - id
     Recipient:

package/src/core/OpenAPI.ts

@@ -21,7 +21,7 @@ export type OpenAPIConfig = {
 
 export const OpenAPI: OpenAPIConfig = {
     BASE: 'https://base.manager.iblai.app',
-    VERSION: '4.82.1-core',
+    VERSION: '4.88.3-core',
     WITH_CREDENTIALS: false,
     CREDENTIALS: 'include',
     TOKEN: undefined,

package/src/models/PatchedRbacGroup.ts

@@ -36,5 +36,9 @@ export type PatchedRbacGroup = {
      * List of user IDs to remove from this group
      */
     users_to_remove?: Array<number>;
+    /**
+     * When True, this group is internal to the system and cannot be viewed or modified by tenants via API endpoints.
+     */
+    readonly is_internal?: boolean;
 };
 

package/src/models/PatchedRbacPolicy.ts

@@ -53,5 +53,9 @@ export type PatchedRbacPolicy = {
      * List of group IDs to remove from this Policy
      */
     groups_to_remove?: Array<number>;
+    /**
+     * When True, this policy is internal to the system and cannot be viewed or modified by tenants via API endpoints.
+     */
+    readonly is_internal?: boolean;
 };
 

package/src/models/PatchedRbacRole.ts

@@ -25,5 +25,9 @@ export type PatchedRbacRole = {
      * List of data actions/permissions this role can perform for field-level access (e.g., ['Ibl.Mentor/Settings/name/read', 'Ibl.Mentor/Settings/email/write'])
      */
     data_actions?: Array<string>;
+    /**
+     * When True, this role is internal to the system and cannot be viewed or modified by tenants via API endpoints.
+     */
+    readonly is_internal?: boolean;
 };
 

package/src/models/RbacGroup.ts

@@ -36,5 +36,9 @@ export type RbacGroup = {
      * List of user IDs to remove from this group
      */
     users_to_remove?: Array<number>;
+    /**
+     * When True, this group is internal to the system and cannot be viewed or modified by tenants via API endpoints.
+     */
+    readonly is_internal: boolean;
 };
 

package/src/models/RbacPolicy.ts

@@ -53,5 +53,9 @@ export type RbacPolicy = {
      * List of group IDs to remove from this Policy
      */
     groups_to_remove?: Array<number>;
+    /**
+     * When True, this policy is internal to the system and cannot be viewed or modified by tenants via API endpoints.
+     */
+    readonly is_internal: boolean;
 };
 

package/src/models/RbacRole.ts

@@ -25,5 +25,9 @@ export type RbacRole = {
      * List of data actions/permissions this role can perform for field-level access (e.g., ['Ibl.Mentor/Settings/name/read', 'Ibl.Mentor/Settings/email/write'])
      */
     data_actions?: Array<string>;
+    /**
+     * When True, this role is internal to the system and cannot be viewed or modified by tenants via API endpoints.
+     */
+    readonly is_internal: boolean;
 };
 

package/src/models/RbacUser.ts

@@ -14,5 +14,9 @@ export type RbacUser = {
      * edX username
      */
     username?: string | null;
+    /**
+     * edX email
+     */
+    email?: string | null;
 };