@iblai/iblai-api 4.266.0-ai → 4.267.0-ai

package/dist/index.cjs.js

@@ -110,7 +110,7 @@ class CancelablePromise {
 
 const OpenAPI = {
   BASE: 'https://base.manager.iblai.app',
-  VERSION: '4.266.0-ai-plus',
+  VERSION: '4.267.0-ai-plus',
   WITH_CREDENTIALS: false,
   CREDENTIALS: 'include',
   TOKEN: undefined,
@@ -2206,7 +2206,7 @@ class ActivitiesService {
    * Create an activity
    * Creates an Activity. Either `deal` or `person` must be supplied; both must belong to your Platform.
    *
-   * **Required permission:** `Ibl.CRM/Activities/write`.
+   * **Required permission:** `Ibl.CRM/Activities/action`.
    * @returns Activity
    * @throws ApiError
    */
@@ -2220,7 +2220,7 @@ class ActivitiesService {
       mediaType: 'application/json',
       errors: {
         400: `Validation error.`,
-        403: `Missing required permission \`Ibl.CRM/Activities/write\`.`
+        403: `Missing required permission \`Ibl.CRM/Activities/action\`.`
       }
     });
   }
@@ -2537,23 +2537,34 @@ class AiAccountService {
    * name (optional): Filter results by LLM provider name.
    * When name=google, returns both 'google' (service account) and
    * 'gemini_google_api_key' credentials if they exist.
+   * unmask_sensitive_fields (optional, bool, default False):
+   * If true, returns the raw unmasked credential value. Restricted
+   * to credentials owned by the requested tenant — the
+   * ``GlobalCredential`` fallback is suppressed when unmasking,
+   * and the response is ``[]`` instead of 404 if the tenant has
+   * no own credentials.
    *
    * Args:
    * request: The HTTP request
    * org: Organization key identifier
    *
    * Returns:
-   * Response: List of LLM credentials for the organization
+   * Response: List of LLM credentials for the organization. Values
+   * are masked by default; unmasked when ``unmask_sensitive_fields=true``
+   * and the credential belongs to the tenant.
    *
    * Raises:
-   * NotFound: When organization is not found or when no credentials match the filters
+   * NotFound: When organization is not found, or (in default masked
+   * mode) when no credentials match the filters even after the
+   * global-credential fallback.
    * ValidationError: When query parameters are invalid
    * @returns LLMCredentialResponse
    * @throws ApiError
    */
   static aiAccountOrgsCredentialRetrieve({
     org,
-    name
+    name,
+    unmaskSensitiveFields = false
   }) {
     return request(OpenAPI, {
       method: 'GET',
@@ -2562,7 +2573,8 @@ class AiAccountService {
         'org': org
       },
       query: {
-        'name': name
+        'name': name,
+        'unmask_sensitive_fields': unmaskSensitiveFields
       }
     });
   }
@@ -2683,7 +2695,8 @@ class AiAccountService {
    */
   static aiAccountOrgsCredentialSchemaRetrieve({
     org,
-    name
+    name,
+    unmaskSensitiveFields = false
   }) {
     return request(OpenAPI, {
       method: 'GET',
@@ -2692,7 +2705,8 @@ class AiAccountService {
         'org': org
       },
       query: {
-        'name': name
+        'name': name,
+        'unmask_sensitive_fields': unmaskSensitiveFields
       }
     });
   }
@@ -2859,6 +2873,15 @@ class AiAccountService {
    *
    * Query Parameters:
    * name (optional): Filter results by integration service name
+   * unmask_sensitive_fields (optional, bool, default False):
+   * If true and the requester is a platform admin for ``org``,
+   * returns full unmasked credential values. Restricted to
+   * credentials owned by the requested tenant — the ``main``
+   * platform fallback is suppressed when unmasking, so admins
+   * cannot read another tenant's or the global ``main``
+   * credentials unmasked. Silently ignored for non-admins;
+   * students never receive sensitive fields regardless of this
+   * flag.
    *
    * Args:
    * request: The HTTP request
@@ -2866,9 +2889,18 @@ class AiAccountService {
    *
    * Returns:
    * Response: List of integration credentials for the organization
-   * - Students: Only allowed credentials (drive/dropbox/onedrive) with
-   * sensitive fields removed
-   * - Admins: All credentials with sensitive fields masked
+   * - Students: Only credentials whose schema declares at least one
+   * non-sensitive field (``is_student_visible()``), with sensitive
+   * fields removed from the response
+   * - Admins (default): All credentials with sensitive fields masked
+   * - Admins (with ``unmask_sensitive_fields=true``): Tenant-owned
+   * credentials with sensitive fields unmasked
+   *
+   * If the tenant has no matching credentials and
+   * ``ALLOW_TENANTS_TO_USE_MAIN_LLM_CREDENTIALS`` is enabled, the
+   * response falls back to credentials on the ``main`` platform
+   * (still filtered by the rules above). The fallback does NOT
+   * apply when ``unmask_sensitive_fields=true``.
    *
    * Raises:
    * NotFound: When organization is not found or when no credentials match the filters
@@ -2878,7 +2910,8 @@ class AiAccountService {
    */
   static aiAccountOrgsIntegrationCredentialRetrieve({
     org,
-    name
+    name,
+    unmaskSensitiveFields = false
   }) {
     return request(OpenAPI, {
       method: 'GET',
@@ -2887,7 +2920,8 @@ class AiAccountService {
         'org': org
       },
       query: {
-        'name': name
+        'name': name,
+        'unmask_sensitive_fields': unmaskSensitiveFields
       }
     });
   }
@@ -2997,7 +3031,8 @@ class AiAccountService {
    */
   static aiAccountOrgsIntegrationCredentialSchemaRetrieve({
     org,
-    name
+    name,
+    unmaskSensitiveFields = false
   }) {
     return request(OpenAPI, {
       method: 'GET',
@@ -3006,7 +3041,8 @@ class AiAccountService {
         'org': org
       },
       query: {
-        'name': name
+        'name': name,
+        'unmask_sensitive_fields': unmaskSensitiveFields
       }
     });
   }
@@ -3017,23 +3053,34 @@ class AiAccountService {
    * name (optional): Filter results by LLM provider name.
    * When name=google, returns both 'google' (service account) and
    * 'gemini_google_api_key' credentials if they exist.
+   * unmask_sensitive_fields (optional, bool, default False):
+   * If true, returns the raw unmasked credential value. Restricted
+   * to credentials owned by the requested tenant — the
+   * ``GlobalCredential`` fallback is suppressed when unmasking,
+   * and the response is ``[]`` instead of 404 if the tenant has
+   * no own credentials.
    *
    * Args:
    * request: The HTTP request
    * org: Organization key identifier
    *
    * Returns:
-   * Response: List of LLM credentials for the organization
+   * Response: List of LLM credentials for the organization. Values
+   * are masked by default; unmasked when ``unmask_sensitive_fields=true``
+   * and the credential belongs to the tenant.
    *
    * Raises:
-   * NotFound: When organization is not found or when no credentials match the filters
+   * NotFound: When organization is not found, or (in default masked
+   * mode) when no credentials match the filters even after the
+   * global-credential fallback.
    * ValidationError: When query parameters are invalid
    * @returns LLMCredentialResponse
    * @throws ApiError
    */
   static aiAccountOrgsLlmCredentialRetrieve({
     org,
-    name
+    name,
+    unmaskSensitiveFields = false
   }) {
     return request(OpenAPI, {
       method: 'GET',
@@ -3042,7 +3089,8 @@ class AiAccountService {
         'org': org
       },
       query: {
-        'name': name
+        'name': name,
+        'unmask_sensitive_fields': unmaskSensitiveFields
       }
     });
   }
@@ -3163,7 +3211,8 @@ class AiAccountService {
    */
   static aiAccountOrgsMaskedIntegrationCredentialList({
     org,
-    name
+    name,
+    unmaskSensitiveFields = false
   }) {
     return request(OpenAPI, {
       method: 'GET',
@@ -3172,7 +3221,8 @@ class AiAccountService {
         'org': org
       },
       query: {
-        'name': name
+        'name': name,
+        'unmask_sensitive_fields': unmaskSensitiveFields
       }
     });
   }
@@ -3197,7 +3247,8 @@ class AiAccountService {
    */
   static aiAccountOrgsMaskedLlmCredentialRetrieve({
     org,
-    name
+    name,
+    unmaskSensitiveFields = false
   }) {
     return request(OpenAPI, {
       method: 'GET',
@@ -3206,7 +3257,8 @@ class AiAccountService {
         'org': org
       },
       query: {
-        'name': name
+        'name': name,
+        'unmask_sensitive_fields': unmaskSensitiveFields
       }
     });
   }
@@ -45073,7 +45125,7 @@ class CrmService {
    * Create an activity
    * Creates an Activity. Either `deal` or `person` must be supplied; both must belong to your Platform.
    *
-   * **Required permission:** `Ibl.CRM/Activities/write`.
+   * **Required permission:** `Ibl.CRM/Activities/action`.
    * @returns Activity
    * @throws ApiError
    */
@@ -45087,7 +45139,7 @@ class CrmService {
       mediaType: 'application/json',
       errors: {
         400: `Validation error.`,
-        403: `Missing required permission \`Ibl.CRM/Activities/write\`.`
+        403: `Missing required permission \`Ibl.CRM/Activities/action\`.`
       }
     });
   }
@@ -45236,7 +45288,8 @@ class CrmService {
     pipeline,
     source,
     stage,
-    status
+    status,
+    tags
   }) {
     return request(OpenAPI, {
       method: 'GET',
@@ -45255,7 +45308,8 @@ class CrmService {
         'pipeline': pipeline,
         'source': source,
         'stage': stage,
-        'status': status
+        'status': status,
+        'tags': tags
       },
       errors: {
         401: `Authentication required.`,
@@ -45267,7 +45321,7 @@ class CrmService {
    * Create a deal
    * Creates a new Deal. All FK targets (`person`, `organization`, `pipeline`, `stage`, `source`) must belong to your Platform; `stage` must belong to `pipeline`. `status` and `closed_at` are service-managed — passing them returns `400`.
    *
-   * **Required permission:** `Ibl.CRM/Deals/write`.
+   * **Required permission:** `Ibl.CRM/Deals/action`.
    * @returns Deal
    * @throws ApiError
    */
@@ -45281,7 +45335,7 @@ class CrmService {
       mediaType: 'application/json',
       errors: {
         400: `Validation error.`,
-        403: `Missing required permission \`Ibl.CRM/Deals/write\`.`
+        403: `Missing required permission \`Ibl.CRM/Deals/action\`.`
       }
     });
   }
@@ -45439,6 +45493,59 @@ class CrmService {
       }
     });
   }
+  /**
+   * Attach a tag to this record
+   * Attaches an existing Tag to this record. Both the Tag and the record must belong to your Platform. Returns `409 Conflict` with the existing `assignment_id` if the tag is already attached.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/write`.
+   * @returns any No response body
+   * @throws ApiError
+   */
+  static crmDealsTagsCreate({
+    id,
+    requestBody
+  }) {
+    return request(OpenAPI, {
+      method: 'POST',
+      url: '/api/crm/deals/{id}/tags/',
+      path: {
+        'id': id
+      },
+      body: requestBody,
+      mediaType: 'application/json',
+      errors: {
+        400: `No response body`,
+        403: `No response body`,
+        404: `No response body`,
+        409: `No response body`
+      }
+    });
+  }
+  /**
+   * Detach a tag from this record
+   * Removes the Tag with id `tag_id` from this record. Returns `404` if the tag was not attached.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/write`.
+   * @returns void
+   * @throws ApiError
+   */
+  static crmDealsTagsDestroy({
+    id,
+    tagId
+  }) {
+    return request(OpenAPI, {
+      method: 'DELETE',
+      url: '/api/crm/deals/{id}/tags/{tag_id}/',
+      path: {
+        'id': id,
+        'tag_id': tagId
+      },
+      errors: {
+        403: `No response body`,
+        404: `No response body`
+      }
+    });
+  }
   /**
    * Mark a deal as won
    * Moves the Deal into a closed-won stage and sets `status='won'`. If `stage_code` is omitted, the first `is_won=True` stage in the Deal's pipeline (by sort order) is used.
@@ -45499,7 +45606,7 @@ class CrmService {
    * Create a lead source
    * Creates a new LeadSource in your Platform. `code` must be unique.
    *
-   * **Required permission:** `Ibl.CRM/Pipelines/write`.
+   * **Required permission:** `Ibl.CRM/Pipelines/action`.
    * @returns LeadSource
    * @throws ApiError
    */
@@ -45513,7 +45620,7 @@ class CrmService {
       mediaType: 'application/json',
       errors: {
         400: `Validation error.`,
-        403: `Missing required permission \`Ibl.CRM/Pipelines/write\`.`
+        403: `Missing required permission \`Ibl.CRM/Pipelines/action\`.`
       }
     });
   }
@@ -45629,7 +45736,8 @@ class CrmService {
     name,
     owner,
     page,
-    pageSize
+    pageSize,
+    tags
   }) {
     return request(OpenAPI, {
       method: 'GET',
@@ -45638,7 +45746,8 @@ class CrmService {
         'name': name,
         'owner': owner,
         'page': page,
-        'page_size': pageSize
+        'page_size': pageSize,
+        'tags': tags
       },
       errors: {
         401: `Authentication required.`,
@@ -45650,7 +45759,7 @@ class CrmService {
    * Create an organization
    * Creates a new organization in your Platform. The Platform is inferred from your credentials. `name` must be unique within your Platform.
    *
-   * **Required permission:** `Ibl.CRM/Organizations/write`.
+   * **Required permission:** `Ibl.CRM/Organizations/action`.
    * @returns Organization
    * @throws ApiError
    */
@@ -45664,7 +45773,7 @@ class CrmService {
       mediaType: 'application/json',
       errors: {
         400: `Validation error (for example, duplicate name).`,
-        403: `Missing required permission \`Ibl.CRM/Organizations/write\`.`
+        403: `Missing required permission \`Ibl.CRM/Organizations/action\`.`
       }
     });
   }
@@ -45768,6 +45877,59 @@ class CrmService {
       }
     });
   }
+  /**
+   * Attach a tag to this record
+   * Attaches an existing Tag to this record. Both the Tag and the record must belong to your Platform. Returns `409 Conflict` with the existing `assignment_id` if the tag is already attached.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/write`.
+   * @returns any No response body
+   * @throws ApiError
+   */
+  static crmOrganizationsTagsCreate({
+    id,
+    requestBody
+  }) {
+    return request(OpenAPI, {
+      method: 'POST',
+      url: '/api/crm/organizations/{id}/tags/',
+      path: {
+        'id': id
+      },
+      body: requestBody,
+      mediaType: 'application/json',
+      errors: {
+        400: `No response body`,
+        403: `No response body`,
+        404: `No response body`,
+        409: `No response body`
+      }
+    });
+  }
+  /**
+   * Detach a tag from this record
+   * Removes the Tag with id `tag_id` from this record. Returns `404` if the tag was not attached.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/write`.
+   * @returns void
+   * @throws ApiError
+   */
+  static crmOrganizationsTagsDestroy({
+    id,
+    tagId
+  }) {
+    return request(OpenAPI, {
+      method: 'DELETE',
+      url: '/api/crm/organizations/{id}/tags/{tag_id}/',
+      path: {
+        'id': id,
+        'tag_id': tagId
+      },
+      errors: {
+        403: `No response body`,
+        404: `No response body`
+      }
+    });
+  }
   /**
    * List persons
    * Returns a paginated list of persons in your Platform. Supports filtering by `lifecycle_stage`, `owner`, `organization`, `created_at__gte`/`created_at__lte`, and `metadata__has_key`.
@@ -45784,7 +45946,8 @@ class CrmService {
     organization,
     owner,
     page,
-    pageSize
+    pageSize,
+    tags
   }) {
     return request(OpenAPI, {
       method: 'GET',
@@ -45797,7 +45960,8 @@ class CrmService {
         'organization': organization,
         'owner': owner,
         'page': page,
-        'page_size': pageSize
+        'page_size': pageSize,
+        'tags': tags
       },
       errors: {
         401: `Authentication required.`,
@@ -45809,7 +45973,7 @@ class CrmService {
    * Create a person
    * Creates a new person in your Platform. The Platform is inferred from your credentials. If `organization` is supplied, it must reference an organization in your Platform.
    *
-   * **Required permission:** `Ibl.CRM/Persons/write`.
+   * **Required permission:** `Ibl.CRM/Persons/action`.
    * @returns Person
    * @throws ApiError
    */
@@ -45823,7 +45987,7 @@ class CrmService {
       mediaType: 'application/json',
       errors: {
         400: `Validation error.`,
-        403: `Missing required permission \`Ibl.CRM/Persons/write\`.`
+        403: `Missing required permission \`Ibl.CRM/Persons/action\`.`
       }
     });
   }
@@ -45986,6 +46150,59 @@ class CrmService {
       }
     });
   }
+  /**
+   * Attach a tag to this record
+   * Attaches an existing Tag to this record. Both the Tag and the record must belong to your Platform. Returns `409 Conflict` with the existing `assignment_id` if the tag is already attached.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/write`.
+   * @returns any No response body
+   * @throws ApiError
+   */
+  static crmPersonsTagsCreate({
+    id,
+    requestBody
+  }) {
+    return request(OpenAPI, {
+      method: 'POST',
+      url: '/api/crm/persons/{id}/tags/',
+      path: {
+        'id': id
+      },
+      body: requestBody,
+      mediaType: 'application/json',
+      errors: {
+        400: `No response body`,
+        403: `No response body`,
+        404: `No response body`,
+        409: `No response body`
+      }
+    });
+  }
+  /**
+   * Detach a tag from this record
+   * Removes the Tag with id `tag_id` from this record. Returns `404` if the tag was not attached.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/write`.
+   * @returns void
+   * @throws ApiError
+   */
+  static crmPersonsTagsDestroy({
+    id,
+    tagId
+  }) {
+    return request(OpenAPI, {
+      method: 'DELETE',
+      url: '/api/crm/persons/{id}/tags/{tag_id}/',
+      path: {
+        'id': id,
+        'tag_id': tagId
+      },
+      errors: {
+        403: `No response body`,
+        404: `No response body`
+      }
+    });
+  }
   /**
    * Merge duplicate persons into a primary
    * Marks each person in `duplicate_ids` as inactive and reports how many related records (deals, activities, tags) were re-parented onto `primary_id`.
@@ -46046,7 +46263,7 @@ class CrmService {
    * Create a pipeline
    * Creates a new Pipeline. `code` must be unique within your Platform. Promoting another Pipeline to `is_default=true` while one already exists will fail — unset the existing default first.
    *
-   * **Required permission:** `Ibl.CRM/Pipelines/write`.
+   * **Required permission:** `Ibl.CRM/Pipelines/action`.
    * @returns Pipeline
    * @throws ApiError
    */
@@ -46060,7 +46277,7 @@ class CrmService {
       mediaType: 'application/json',
       errors: {
         400: `Validation error.`,
-        403: `Missing required permission \`Ibl.CRM/Pipelines/write\`.`
+        403: `Missing required permission \`Ibl.CRM/Pipelines/action\`.`
       }
     });
   }
@@ -46103,7 +46320,7 @@ class CrmService {
    * Create a stage
    * Creates a new PipelineStage in the URL Pipeline. `code` must be unique within that Pipeline. At most one of `is_won` / `is_lost` may be true.
    *
-   * **Required permission:** `Ibl.CRM/Pipelines/write`.
+   * **Required permission:** `Ibl.CRM/Pipelines/action`.
    * @returns PipelineStage
    * @throws ApiError
    */
@@ -46121,7 +46338,7 @@ class CrmService {
       mediaType: 'application/json',
       errors: {
         400: `Validation error.`,
-        403: `Missing required permission \`Ibl.CRM/Pipelines/write\`.`,
+        403: `Missing required permission \`Ibl.CRM/Pipelines/action\`.`,
         404: `Pipeline not found.`
       }
     });
@@ -46336,6 +46553,159 @@ class CrmService {
       }
     });
   }
+  /**
+   * List tags
+   * Returns a paginated list of Tags in your Platform. Supports filtering by `name` (case-insensitive substring) and `created_at__gte`/`created_at__lte` ISO timestamp ranges.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/list`.
+   * @returns PaginatedTagList
+   * @throws ApiError
+   */
+  static crmTagsList({
+    createdAtGte,
+    createdAtLte,
+    name,
+    page,
+    pageSize
+  }) {
+    return request(OpenAPI, {
+      method: 'GET',
+      url: '/api/crm/tags/',
+      query: {
+        'created_at__gte': createdAtGte,
+        'created_at__lte': createdAtLte,
+        'name': name,
+        'page': page,
+        'page_size': pageSize
+      },
+      errors: {
+        401: `Authentication required.`,
+        403: `Missing required permission \`Ibl.CRM/Tags/list\`.`
+      }
+    });
+  }
+  /**
+   * Create a tag
+   * Creates a new Tag in your Platform. `name` must be unique within your Platform; supply `color` as a `#RRGGBB` hex string (defaults to `#888888`).
+   *
+   * **Required permission:** `Ibl.CRM/Tags/action`.
+   * @returns Tag
+   * @throws ApiError
+   */
+  static crmTagsCreate({
+    requestBody
+  }) {
+    return request(OpenAPI, {
+      method: 'POST',
+      url: '/api/crm/tags/',
+      body: requestBody,
+      mediaType: 'application/json',
+      errors: {
+        400: `Validation error (duplicate name, bad color, etc.).`,
+        403: `Missing required permission \`Ibl.CRM/Tags/action\`.`
+      }
+    });
+  }
+  /**
+   * Retrieve a tag
+   * Returns a single Tag by id.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/read`.
+   * @returns Tag
+   * @throws ApiError
+   */
+  static crmTagsRetrieve({
+    id
+  }) {
+    return request(OpenAPI, {
+      method: 'GET',
+      url: '/api/crm/tags/{id}/',
+      path: {
+        'id': id
+      },
+      errors: {
+        403: `Missing required permission \`Ibl.CRM/Tags/read\`.`,
+        404: `Tag not found.`
+      }
+    });
+  }
+  /**
+   * Replace a tag
+   * Replaces all editable fields on the Tag.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/write`.
+   * @returns Tag
+   * @throws ApiError
+   */
+  static crmTagsUpdate({
+    id,
+    requestBody
+  }) {
+    return request(OpenAPI, {
+      method: 'PUT',
+      url: '/api/crm/tags/{id}/',
+      path: {
+        'id': id
+      },
+      body: requestBody,
+      mediaType: 'application/json',
+      errors: {
+        400: `Validation error.`,
+        403: `Missing required permission \`Ibl.CRM/Tags/write\`.`,
+        404: `Tag not found.`
+      }
+    });
+  }
+  /**
+   * Update a tag
+   * Updates only the supplied fields on the Tag (typically `name` or `color`).
+   *
+   * **Required permission:** `Ibl.CRM/Tags/write`.
+   * @returns Tag
+   * @throws ApiError
+   */
+  static crmTagsPartialUpdate({
+    id,
+    requestBody
+  }) {
+    return request(OpenAPI, {
+      method: 'PATCH',
+      url: '/api/crm/tags/{id}/',
+      path: {
+        'id': id
+      },
+      body: requestBody,
+      mediaType: 'application/json',
+      errors: {
+        400: `Validation error.`,
+        403: `Missing required permission \`Ibl.CRM/Tags/write\`.`,
+        404: `Tag not found.`
+      }
+    });
+  }
+  /**
+   * Delete a tag
+   * Deletes the Tag. All attachments to Persons, Organizations, and Deals are removed atomically via cascade.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/delete`.
+   * @returns void
+   * @throws ApiError
+   */
+  static crmTagsDestroy({
+    id
+  }) {
+    return request(OpenAPI, {
+      method: 'DELETE',
+      url: '/api/crm/tags/{id}/',
+      path: {
+        'id': id
+      },
+      errors: {
+        403: `Missing required permission \`Ibl.CRM/Tags/delete\`.`,
+        404: `Tag not found.`
+      }
+    });
+  }
 }
 
 class CustomDomainsService {
@@ -46450,7 +46820,8 @@ class DealsService {
     pipeline,
     source,
     stage,
-    status
+    status,
+    tags
   }) {
     return request(OpenAPI, {
       method: 'GET',
@@ -46469,7 +46840,8 @@ class DealsService {
         'pipeline': pipeline,
         'source': source,
         'stage': stage,
-        'status': status
+        'status': status,
+        'tags': tags
       },
       errors: {
         401: `Authentication required.`,
@@ -46481,7 +46853,7 @@ class DealsService {
    * Create a deal
    * Creates a new Deal. All FK targets (`person`, `organization`, `pipeline`, `stage`, `source`) must belong to your Platform; `stage` must belong to `pipeline`. `status` and `closed_at` are service-managed — passing them returns `400`.
    *
-   * **Required permission:** `Ibl.CRM/Deals/write`.
+   * **Required permission:** `Ibl.CRM/Deals/action`.
    * @returns Deal
    * @throws ApiError
    */
@@ -46495,7 +46867,7 @@ class DealsService {
       mediaType: 'application/json',
       errors: {
         400: `Validation error.`,
-        403: `Missing required permission \`Ibl.CRM/Deals/write\`.`
+        403: `Missing required permission \`Ibl.CRM/Deals/action\`.`
       }
     });
   }
@@ -46653,6 +47025,59 @@ class DealsService {
       }
     });
   }
+  /**
+   * Attach a tag to this record
+   * Attaches an existing Tag to this record. Both the Tag and the record must belong to your Platform. Returns `409 Conflict` with the existing `assignment_id` if the tag is already attached.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/write`.
+   * @returns any No response body
+   * @throws ApiError
+   */
+  static dealsTagsCreate({
+    id,
+    requestBody
+  }) {
+    return request(OpenAPI, {
+      method: 'POST',
+      url: '/deals/{id}/tags/',
+      path: {
+        'id': id
+      },
+      body: requestBody,
+      mediaType: 'application/json',
+      errors: {
+        400: `No response body`,
+        403: `No response body`,
+        404: `No response body`,
+        409: `No response body`
+      }
+    });
+  }
+  /**
+   * Detach a tag from this record
+   * Removes the Tag with id `tag_id` from this record. Returns `404` if the tag was not attached.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/write`.
+   * @returns void
+   * @throws ApiError
+   */
+  static dealsTagsDestroy({
+    id,
+    tagId
+  }) {
+    return request(OpenAPI, {
+      method: 'DELETE',
+      url: '/deals/{id}/tags/{tag_id}/',
+      path: {
+        'id': id,
+        'tag_id': tagId
+      },
+      errors: {
+        403: `No response body`,
+        404: `No response body`
+      }
+    });
+  }
   /**
    * Mark a deal as won
    * Moves the Deal into a closed-won stage and sets `status='won'`. If `stage_code` is omitted, the first `is_won=True` stage in the Deal's pipeline (by sort order) is used.
@@ -46813,7 +47238,8 @@ class IntegrationCredentialsService {
    */
   static aiAccountOrgsIntegrationCredentialSchemaV2List({
     org,
-    name
+    name,
+    unmaskSensitiveFields = false
   }) {
     return request(OpenAPI, {
       method: 'GET',
@@ -46822,7 +47248,8 @@ class IntegrationCredentialsService {
         'org': org
       },
       query: {
-        'name': name
+        'name': name,
+        'unmask_sensitive_fields': unmaskSensitiveFields
       }
     });
   }
@@ -46882,7 +47309,7 @@ class LeadSourcesService {
    * Create a lead source
    * Creates a new LeadSource in your Platform. `code` must be unique.
    *
-   * **Required permission:** `Ibl.CRM/Pipelines/write`.
+   * **Required permission:** `Ibl.CRM/Pipelines/action`.
    * @returns LeadSource
    * @throws ApiError
    */
@@ -46896,7 +47323,7 @@ class LeadSourcesService {
       mediaType: 'application/json',
       errors: {
         400: `Validation error.`,
-        403: `Missing required permission \`Ibl.CRM/Pipelines/write\`.`
+        403: `Missing required permission \`Ibl.CRM/Pipelines/action\`.`
       }
     });
   }
@@ -47899,7 +48326,8 @@ class OrganizationsService {
     name,
     owner,
     page,
-    pageSize
+    pageSize,
+    tags
   }) {
     return request(OpenAPI, {
       method: 'GET',
@@ -47908,7 +48336,8 @@ class OrganizationsService {
         'name': name,
         'owner': owner,
         'page': page,
-        'page_size': pageSize
+        'page_size': pageSize,
+        'tags': tags
       },
       errors: {
         401: `Authentication required.`,
@@ -47920,7 +48349,7 @@ class OrganizationsService {
    * Create an organization
    * Creates a new organization in your Platform. The Platform is inferred from your credentials. `name` must be unique within your Platform.
    *
-   * **Required permission:** `Ibl.CRM/Organizations/write`.
+   * **Required permission:** `Ibl.CRM/Organizations/action`.
    * @returns Organization
    * @throws ApiError
    */
@@ -47934,7 +48363,7 @@ class OrganizationsService {
       mediaType: 'application/json',
       errors: {
         400: `Validation error (for example, duplicate name).`,
-        403: `Missing required permission \`Ibl.CRM/Organizations/write\`.`
+        403: `Missing required permission \`Ibl.CRM/Organizations/action\`.`
       }
     });
   }
@@ -48038,6 +48467,59 @@ class OrganizationsService {
       }
     });
   }
+  /**
+   * Attach a tag to this record
+   * Attaches an existing Tag to this record. Both the Tag and the record must belong to your Platform. Returns `409 Conflict` with the existing `assignment_id` if the tag is already attached.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/write`.
+   * @returns any No response body
+   * @throws ApiError
+   */
+  static organizationsTagsCreate({
+    id,
+    requestBody
+  }) {
+    return request(OpenAPI, {
+      method: 'POST',
+      url: '/organizations/{id}/tags/',
+      path: {
+        'id': id
+      },
+      body: requestBody,
+      mediaType: 'application/json',
+      errors: {
+        400: `No response body`,
+        403: `No response body`,
+        404: `No response body`,
+        409: `No response body`
+      }
+    });
+  }
+  /**
+   * Detach a tag from this record
+   * Removes the Tag with id `tag_id` from this record. Returns `404` if the tag was not attached.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/write`.
+   * @returns void
+   * @throws ApiError
+   */
+  static organizationsTagsDestroy({
+    id,
+    tagId
+  }) {
+    return request(OpenAPI, {
+      method: 'DELETE',
+      url: '/organizations/{id}/tags/{tag_id}/',
+      path: {
+        'id': id,
+        'tag_id': tagId
+      },
+      errors: {
+        403: `No response body`,
+        404: `No response body`
+      }
+    });
+  }
 }
 
 class PersonsService {
@@ -48057,7 +48539,8 @@ class PersonsService {
     organization,
     owner,
     page,
-    pageSize
+    pageSize,
+    tags
   }) {
     return request(OpenAPI, {
       method: 'GET',
@@ -48070,7 +48553,8 @@ class PersonsService {
         'organization': organization,
         'owner': owner,
         'page': page,
-        'page_size': pageSize
+        'page_size': pageSize,
+        'tags': tags
       },
       errors: {
         401: `Authentication required.`,
@@ -48082,7 +48566,7 @@ class PersonsService {
    * Create a person
    * Creates a new person in your Platform. The Platform is inferred from your credentials. If `organization` is supplied, it must reference an organization in your Platform.
    *
-   * **Required permission:** `Ibl.CRM/Persons/write`.
+   * **Required permission:** `Ibl.CRM/Persons/action`.
    * @returns Person
    * @throws ApiError
    */
@@ -48096,7 +48580,7 @@ class PersonsService {
       mediaType: 'application/json',
       errors: {
         400: `Validation error.`,
-        403: `Missing required permission \`Ibl.CRM/Persons/write\`.`
+        403: `Missing required permission \`Ibl.CRM/Persons/action\`.`
       }
     });
   }
@@ -48259,6 +48743,59 @@ class PersonsService {
       }
     });
   }
+  /**
+   * Attach a tag to this record
+   * Attaches an existing Tag to this record. Both the Tag and the record must belong to your Platform. Returns `409 Conflict` with the existing `assignment_id` if the tag is already attached.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/write`.
+   * @returns any No response body
+   * @throws ApiError
+   */
+  static personsTagsCreate({
+    id,
+    requestBody
+  }) {
+    return request(OpenAPI, {
+      method: 'POST',
+      url: '/persons/{id}/tags/',
+      path: {
+        'id': id
+      },
+      body: requestBody,
+      mediaType: 'application/json',
+      errors: {
+        400: `No response body`,
+        403: `No response body`,
+        404: `No response body`,
+        409: `No response body`
+      }
+    });
+  }
+  /**
+   * Detach a tag from this record
+   * Removes the Tag with id `tag_id` from this record. Returns `404` if the tag was not attached.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/write`.
+   * @returns void
+   * @throws ApiError
+   */
+  static personsTagsDestroy({
+    id,
+    tagId
+  }) {
+    return request(OpenAPI, {
+      method: 'DELETE',
+      url: '/persons/{id}/tags/{tag_id}/',
+      path: {
+        'id': id,
+        'tag_id': tagId
+      },
+      errors: {
+        403: `No response body`,
+        404: `No response body`
+      }
+    });
+  }
   /**
    * Merge duplicate persons into a primary
    * Marks each person in `duplicate_ids` as inactive and reports how many related records (deals, activities, tags) were re-parented onto `primary_id`.
@@ -48322,7 +48859,7 @@ class PipelinesService {
    * Create a pipeline
    * Creates a new Pipeline. `code` must be unique within your Platform. Promoting another Pipeline to `is_default=true` while one already exists will fail — unset the existing default first.
    *
-   * **Required permission:** `Ibl.CRM/Pipelines/write`.
+   * **Required permission:** `Ibl.CRM/Pipelines/action`.
    * @returns Pipeline
    * @throws ApiError
    */
@@ -48336,7 +48873,7 @@ class PipelinesService {
       mediaType: 'application/json',
       errors: {
         400: `Validation error.`,
-        403: `Missing required permission \`Ibl.CRM/Pipelines/write\`.`
+        403: `Missing required permission \`Ibl.CRM/Pipelines/action\`.`
       }
     });
   }
@@ -48379,7 +48916,7 @@ class PipelinesService {
    * Create a stage
    * Creates a new PipelineStage in the URL Pipeline. `code` must be unique within that Pipeline. At most one of `is_won` / `is_lost` may be true.
    *
-   * **Required permission:** `Ibl.CRM/Pipelines/write`.
+   * **Required permission:** `Ibl.CRM/Pipelines/action`.
    * @returns PipelineStage
    * @throws ApiError
    */
@@ -48397,7 +48934,7 @@ class PipelinesService {
       mediaType: 'application/json',
       errors: {
         400: `Validation error.`,
-        403: `Missing required permission \`Ibl.CRM/Pipelines/write\`.`,
+        403: `Missing required permission \`Ibl.CRM/Pipelines/action\`.`,
         404: `Pipeline not found.`
       }
     });
@@ -51433,6 +51970,162 @@ class SkillsService {
   }
 }
 
+class TagsService {
+  /**
+   * List tags
+   * Returns a paginated list of Tags in your Platform. Supports filtering by `name` (case-insensitive substring) and `created_at__gte`/`created_at__lte` ISO timestamp ranges.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/list`.
+   * @returns PaginatedTagList
+   * @throws ApiError
+   */
+  static tagsList({
+    createdAtGte,
+    createdAtLte,
+    name,
+    page,
+    pageSize
+  }) {
+    return request(OpenAPI, {
+      method: 'GET',
+      url: '/tags/',
+      query: {
+        'created_at__gte': createdAtGte,
+        'created_at__lte': createdAtLte,
+        'name': name,
+        'page': page,
+        'page_size': pageSize
+      },
+      errors: {
+        401: `Authentication required.`,
+        403: `Missing required permission \`Ibl.CRM/Tags/list\`.`
+      }
+    });
+  }
+  /**
+   * Create a tag
+   * Creates a new Tag in your Platform. `name` must be unique within your Platform; supply `color` as a `#RRGGBB` hex string (defaults to `#888888`).
+   *
+   * **Required permission:** `Ibl.CRM/Tags/action`.
+   * @returns Tag
+   * @throws ApiError
+   */
+  static tagsCreate({
+    requestBody
+  }) {
+    return request(OpenAPI, {
+      method: 'POST',
+      url: '/tags/',
+      body: requestBody,
+      mediaType: 'application/json',
+      errors: {
+        400: `Validation error (duplicate name, bad color, etc.).`,
+        403: `Missing required permission \`Ibl.CRM/Tags/action\`.`
+      }
+    });
+  }
+  /**
+   * Retrieve a tag
+   * Returns a single Tag by id.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/read`.
+   * @returns Tag
+   * @throws ApiError
+   */
+  static tagsRetrieve({
+    id
+  }) {
+    return request(OpenAPI, {
+      method: 'GET',
+      url: '/tags/{id}/',
+      path: {
+        'id': id
+      },
+      errors: {
+        403: `Missing required permission \`Ibl.CRM/Tags/read\`.`,
+        404: `Tag not found.`
+      }
+    });
+  }
+  /**
+   * Replace a tag
+   * Replaces all editable fields on the Tag.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/write`.
+   * @returns Tag
+   * @throws ApiError
+   */
+  static tagsUpdate({
+    id,
+    requestBody
+  }) {
+    return request(OpenAPI, {
+      method: 'PUT',
+      url: '/tags/{id}/',
+      path: {
+        'id': id
+      },
+      body: requestBody,
+      mediaType: 'application/json',
+      errors: {
+        400: `Validation error.`,
+        403: `Missing required permission \`Ibl.CRM/Tags/write\`.`,
+        404: `Tag not found.`
+      }
+    });
+  }
+  /**
+   * Update a tag
+   * Updates only the supplied fields on the Tag (typically `name` or `color`).
+   *
+   * **Required permission:** `Ibl.CRM/Tags/write`.
+   * @returns Tag
+   * @throws ApiError
+   */
+  static tagsPartialUpdate({
+    id,
+    requestBody
+  }) {
+    return request(OpenAPI, {
+      method: 'PATCH',
+      url: '/tags/{id}/',
+      path: {
+        'id': id
+      },
+      body: requestBody,
+      mediaType: 'application/json',
+      errors: {
+        400: `Validation error.`,
+        403: `Missing required permission \`Ibl.CRM/Tags/write\`.`,
+        404: `Tag not found.`
+      }
+    });
+  }
+  /**
+   * Delete a tag
+   * Deletes the Tag. All attachments to Persons, Organizations, and Deals are removed atomically via cascade.
+   *
+   * **Required permission:** `Ibl.CRM/Tags/delete`.
+   * @returns void
+   * @throws ApiError
+   */
+  static tagsDestroy({
+    id
+  }) {
+    return request(OpenAPI, {
+      method: 'DELETE',
+      url: '/tags/{id}/',
+      path: {
+        'id': id
+      },
+      errors: {
+        403: `Missing required permission \`Ibl.CRM/Tags/delete\`.`,
+        404: `Tag not found.`
+      }
+    });
+  }
+}
+
 class TransactionsService {
   /**
    * List transaction history
@@ -51504,5 +52197,6 @@ exports.ReportsService = ReportsService;
 exports.ScimService = ScimService;
 exports.SearchService = SearchService;
 exports.SkillsService = SkillsService;
+exports.TagsService = TagsService;
 exports.TransactionsService = TransactionsService;
 //# sourceMappingURL=index.cjs.js.map