@kinotic-ai/os-api 1.1.0 → 1.3.0

package/dist/index.d.cts

@@ -138,21 +138,49 @@ declare class TenantSelectionC3Type extends ArrayC3Type {
 import { Identifiable } from "@kinotic-ai/core";
 declare class Application implements Identifiable<string> {
 	id: string;
+	/**
+	* The id of the organization that owns this application.
+	* Must be set by the caller before save — backend org enforcement rejects entities
+	* with a missing or mismatched organizationId.
+	*/
+	organizationId: string;
 	description: string;
 	updated: number | null;
 	constructor(id: string, description: string);
 }
 import { Identifiable as Identifiable2 } from "@kinotic-ai/core";
+/**
+* Represents an organization developing applications on the Kinotic OS platform.
+* Organizations provide the boundary for teams, applications, users, and shared OIDC configuration.
+*
+* The {@link id} is auto-generated from the {@link name} on save (slugified) and serves as the URL-safe identifier.
+*/
+declare class Organization implements Identifiable2<string> {
+	id: string | null;
+	name: string;
+	description: string | null;
+	oidcConfigurationIds: string[] | null;
+	createdBy: string | null;
+	created: number | null;
+	updated: number | null;
+}
+import { Identifiable as Identifiable3 } from "@kinotic-ai/core";
 declare enum ProjectType {
 	TYPESCRIPT = "TYPESCRIPT"
 }
-declare class Project implements Identifiable2<string> {
+declare class Project implements Identifiable3<string> {
 	/**
 	* The id of the project.
 	* All project ids are unique throughout the entire system.
 	*/
 	id: string | null;
 	/**
+	* The id of the organization that owns this project.
+	* Must be set by the caller before save — backend org enforcement rejects entities
+	* with a missing or mismatched organizationId.
+	*/
+	organizationId: string;
+	/**
 	* The id of the application that this project belongs to.
 	* All application ids are unique throughout the entire system.
 	*/
@@ -176,8 +204,8 @@ declare class Project implements Identifiable2<string> {
 	constructor(id: string | null, applicationId: string, name: string, description?: string);
 }
 import { ObjectC3Type as ObjectC3Type3 } from "@kinotic-ai/idl";
-import { Identifiable as Identifiable3 } from "@kinotic-ai/core";
-declare class EntityDefinition implements Identifiable3<string> {
+import { Identifiable as Identifiable4 } from "@kinotic-ai/core";
+declare class EntityDefinition implements Identifiable4<string> {
 	id: string | null;
 	/**
 	* The id of the organization that owns this entity definition.
@@ -203,12 +231,12 @@ declare class EntityDefinition implements Identifiable3<string> {
 	publishedTimestamp: number;
 	constructor(organizationId: string, applicationId: string, projectId: string, name: string, schema: ObjectC3Type3, description?: string | null);
 }
-import { Identifiable as Identifiable4 } from "@kinotic-ai/core";
+import { Identifiable as Identifiable5 } from "@kinotic-ai/core";
 import { FunctionDefinition } from "@kinotic-ai/idl";
 /**
 * Provides Metadata that represents Named Queries for an Application
 */
-declare class NamedQueriesDefinition implements Identifiable4<string> {
+declare class NamedQueriesDefinition implements Identifiable5<string> {
 	id: string;
 	organizationId?: string | null;
 	applicationId: string;
@@ -348,7 +376,7 @@ interface InsightRequest {
 	*/
 	additionalContext?: string;
 }
-import { Identifiable as Identifiable5 } from "@kinotic-ai/core";
+import { Identifiable as Identifiable6 } from "@kinotic-ai/core";
 declare enum WorkloadStatus {
 	PENDING = "PENDING",
 	STARTING = "STARTING",
@@ -366,7 +394,7 @@ declare enum VmProviderType {
 * Represents a workload to be managed by the VM manager.
 * A workload defines the configuration for a micro VM instance.
 */
-declare class Workload implements Identifiable5<string> {
+declare class Workload implements Identifiable6<string> {
 	/**
 	* Unique identifier for this workload.
 	*/
@@ -421,7 +449,7 @@ declare class Workload implements Identifiable5<string> {
 	updated: number | null;
 	constructor(name: string, image: string);
 }
-import { Identifiable as Identifiable6 } from "@kinotic-ai/core";
+import { Identifiable as Identifiable7 } from "@kinotic-ai/core";
 declare enum VmNodeStatus {
 	ONLINE = "ONLINE",
 	OFFLINE = "OFFLINE",
@@ -431,7 +459,7 @@ declare enum VmNodeStatus {
 * Represents a node in the cluster that is running a VmManager process
 * and is capable of hosting workloads.
 */
-declare class VmNode implements Identifiable6<string> {
+declare class VmNode implements Identifiable7<string> {
 	/**
 	* Unique identifier for this node.
 	*/
@@ -485,7 +513,7 @@ declare enum AuthType {
 	LOCAL = "LOCAL",
 	OIDC = "OIDC"
 }
-import { Identifiable as Identifiable7 } from "@kinotic-ai/core";
+import { Identifiable as Identifiable8 } from "@kinotic-ai/core";
 /**
 * Represents an authenticated identity at any scope layer in the IAM system.
 * Each user is scoped to exactly one layer and is unique by email within that scope.
@@ -494,7 +522,7 @@ import { Identifiable as Identifiable7 } from "@kinotic-ai/core";
 * - For APPLICATION scopes, {@link tenantId} is required and identifies the
 *   client tenant the user belongs to within the application's data.
 */
-declare class IamUser implements Identifiable7<string> {
+declare class IamUser implements Identifiable8<string> {
 	id: string | null;
 	email: string;
 	displayName: string | null;
@@ -535,6 +563,68 @@ interface SignUpCompleteRequest {
 	password: string;
 }
 /**
+* One row in the repo dropdown shown when linking a project. Carries just enough
+* info for the UI; a successful link round-trips through
+* {@link IProjectGitHubRepoService} which re-validates against GitHub before
+* persisting.
+*/
+declare class AvailableRepo {
+	repoId: string;
+	fullName: string;
+	defaultBranch: string;
+	privateRepo: boolean;
+}
+import { Identifiable as Identifiable9 } from "@kinotic-ai/core";
+/**
+* Persisted record of one GitHub App installation that a Kinotic Org has authorised.
+* The durable binding that says "Org X has access to GitHub install Y" — without it,
+* no installation token can be minted on behalf of the org and webhook deliveries
+* can't be matched to a project.
+*/
+declare class GitHubAppInstallation implements Identifiable9<string> {
+	id: string | null;
+	organizationId: string;
+	githubInstallationId: string;
+	accountLogin: string;
+	accountType: string;
+	suspendedAt: number | null;
+	created: number | null;
+	updated: number | null;
+}
+/**
+* What worker nodes receive when they ask for clone credentials. The token is a
+* short-lived GitHub installation access token scoped to a single repository with
+* {@code contents:read} permission; {@code expiresAt} is the absolute UTC instant
+* (epoch milliseconds).
+*/
+declare class GitHubInstallationToken {
+	/** Bearer token to send as {@code Authorization: Bearer <token>} on git over HTTPS. */
+	token: string;
+	/** Absolute expiry (epoch milliseconds). Workers should not use the token beyond this point. */
+	expiresAt: number;
+	/** {@code https://github.com/<owner>/<repo>.git} for the linked repo. */
+	cloneUrl: string;
+	/** Default branch on the linked repo (e.g. {@code main}). */
+	defaultBranch: string;
+}
+import { Identifiable as Identifiable10 } from "@kinotic-ai/core";
+/**
+* Persisted link between a Kinotic Project and a single GitHub repository reachable
+* through an existing {@link GitHubAppInstallation}. Drives webhook dispatch
+* (delivery → project) and ref-creation auth (project → which repo, via which
+* installation).
+*/
+declare class ProjectGitHubRepoLink implements Identifiable10<string> {
+	id: string | null;
+	projectId: string;
+	organizationId: string;
+	installationId: string;
+	repoFullName: string;
+	repoId: string;
+	defaultBranch: string;
+	updated: number | null;
+}
+/**
 * Configuration for a single entities path and its corresponding repository output.
 */
 type EntitiesPathConfig = {
@@ -602,7 +692,8 @@ import { IKinotic } from "@kinotic-ai/core";
 import { CrudServiceProxy, ICrudServiceProxy } from "@kinotic-ai/core";
 interface IApplicationService extends ICrudServiceProxy<Application> {
 	/**
-	* Creates a new application if it does not already exist.
+	* Creates a new application if it does not already exist. The organization id is derived
+	* from the authenticated participant on the server.
 	* @param id the id of the application to create
 	* @param description the description of the application to create
 	* @return {@link Promise} emitting the created application
@@ -619,6 +710,22 @@ declare class ApplicationService extends CrudServiceProxy<Application> implement
 	createApplicationIfNotExist(id: string, description: string): Promise<Application>;
 	syncIndex(): Promise<void>;
 }
+import { IKinotic as IKinotic2 } from "@kinotic-ai/core";
+import { CrudServiceProxy as CrudServiceProxy2, ICrudServiceProxy as ICrudServiceProxy2 } from "@kinotic-ai/core";
+interface IOrganizationService extends ICrudServiceProxy2<Organization> {
+	/**
+	* Returns the enabled OIDC configurations registered on the given organization.
+	*
+	* @param organizationId the id of the organization
+	* @return the enabled configurations, or an empty list if the organization is not
+	*         found or has no configurations attached
+	*/
+	getOidcConfigurations(organizationId: string): Promise<any[]>;
+}
+declare class OrganizationService extends CrudServiceProxy2<Organization> implements IOrganizationService {
+	constructor(kinotic: IKinotic2);
+	getOidcConfigurations(organizationId: string): Promise<any[]>;
+}
 declare enum LogLevel {
 	TRACE = "TRACE",
 	DEBUG = "DEBUG",
@@ -668,8 +775,8 @@ interface ILogManager {
 	*/
 	configureLogLevel(nodeId: string, name: string, level: LogLevel): Promise<void>;
 }
-import { CrudServiceProxy as CrudServiceProxy2, IKinotic as IKinotic2, ICrudServiceProxy as ICrudServiceProxy2, IterablePage, Pageable } from "@kinotic-ai/core";
-interface IProjectService extends ICrudServiceProxy2<Project> {
+import { CrudServiceProxy as CrudServiceProxy3, IKinotic as IKinotic3, ICrudServiceProxy as ICrudServiceProxy3, IterablePage, Pageable } from "@kinotic-ai/core";
+interface IProjectService extends ICrudServiceProxy3<Project> {
 	/**
 	* Counts all projects for the given application.
 	* @param applicationId the application to find projects for
@@ -695,24 +802,24 @@ interface IProjectService extends ICrudServiceProxy2<Project> {
 	*/
 	syncIndex(): Promise<void>;
 }
-declare class ProjectService extends CrudServiceProxy2<Project> implements IProjectService {
-	constructor(kinotic: IKinotic2);
+declare class ProjectService extends CrudServiceProxy3<Project> implements IProjectService {
+	constructor(kinotic: IKinotic3);
 	countForApplication(applicationId: string): Promise<number>;
 	createProjectIfNotExist(project: Project): Promise<Project>;
 	findAllForApplication(applicationId: string, pageable: Pageable): Promise<IterablePage<Project>>;
 	findAllForApplicationSinglePage(applicationId: string, pageable: Pageable): Promise<IterablePage<Project>>;
 	syncIndex(): Promise<void>;
 }
-import { IKinotic as IKinotic3 } from "@kinotic-ai/core";
+import { IKinotic as IKinotic4 } from "@kinotic-ai/core";
 declare class LogManager implements ILogManager {
 	private readonly serviceProxy;
-	constructor(kinotic: IKinotic3);
+	constructor(kinotic: IKinotic4);
 	loggers(nodeId: string): Promise<LoggersDescriptor>;
 	loggerLevels(nodeId: string, name: string): Promise<LoggerLevelsDescriptor>;
 	configureLogLevel(nodeId: string, name: string, level: LogLevel): Promise<void>;
 }
-import { CrudServiceProxy as CrudServiceProxy3, IKinotic as IKinotic4, ICrudServiceProxy as ICrudServiceProxy3, IterablePage as IterablePage2, Page, Pageable as Pageable2 } from "@kinotic-ai/core";
-interface IEntityDefinitionService extends ICrudServiceProxy3<EntityDefinition> {
+import { CrudServiceProxy as CrudServiceProxy4, IKinotic as IKinotic5, ICrudServiceProxy as ICrudServiceProxy4, IterablePage as IterablePage2, Page, Pageable as Pageable2 } from "@kinotic-ai/core";
+interface IEntityDefinitionService extends ICrudServiceProxy4<EntityDefinition> {
 	/**
 	* Counts all entity definitions for the given application.
 	* @param applicationId the application to find entity definitions for
@@ -765,8 +872,8 @@ interface IEntityDefinitionService extends ICrudServiceProxy3<EntityDefinition>
 	*/
 	unPublish(entityDefinitionId: string): Promise<void>;
 }
-declare class EntityDefinitionService extends CrudServiceProxy3<EntityDefinition> implements IEntityDefinitionService {
-	constructor(kinotic: IKinotic4);
+declare class EntityDefinitionService extends CrudServiceProxy4<EntityDefinition> implements IEntityDefinitionService {
+	constructor(kinotic: IKinotic5);
 	countForApplication(applicationId: string): Promise<number>;
 	countForProject(projectId: string): Promise<number>;
 	findAllForApplicationSinglePage(applicationId: string, pageable: Pageable2): Promise<Page<EntityDefinition>>;
@@ -778,20 +885,20 @@ declare class EntityDefinitionService extends CrudServiceProxy3<EntityDefinition
 	unPublish(entityDefinitionId: string): Promise<void>;
 	syncIndex(): Promise<void>;
 }
-import { IKinotic as IKinotic5 } from "@kinotic-ai/core";
-import { CrudServiceProxy as CrudServiceProxy4, ICrudServiceProxy as ICrudServiceProxy4 } from "@kinotic-ai/core";
-interface INamedQueriesDefinitionService extends ICrudServiceProxy4<NamedQueriesDefinition> {
+import { IKinotic as IKinotic6 } from "@kinotic-ai/core";
+import { CrudServiceProxy as CrudServiceProxy5, ICrudServiceProxy as ICrudServiceProxy5 } from "@kinotic-ai/core";
+interface INamedQueriesDefinitionService extends ICrudServiceProxy5<NamedQueriesDefinition> {
 	/**
 	* This operation makes all the recent writes immediately available for search.
 	* @return a Promise that resolves when the operation is complete
 	*/
 	syncIndex(): Promise<void>;
 }
-declare class NamedQueriesDefinitionService extends CrudServiceProxy4<NamedQueriesDefinition> implements INamedQueriesDefinitionService {
-	constructor(kinotic: IKinotic5);
+declare class NamedQueriesDefinitionService extends CrudServiceProxy5<NamedQueriesDefinition> implements INamedQueriesDefinitionService {
+	constructor(kinotic: IKinotic6);
 	syncIndex(): Promise<void>;
 }
-import { IKinotic as IKinotic6 } from "@kinotic-ai/core";
+import { IKinotic as IKinotic7 } from "@kinotic-ai/core";
 /**
 * Service for executing project-specific migrations through the Persistence API.
 * This service allows external clients to apply their own migrations to projects.
@@ -823,12 +930,12 @@ interface IMigrationService {
 }
 declare class MigrationService implements IMigrationService {
 	private readonly serviceProxy;
-	constructor(kinotic: IKinotic6);
+	constructor(kinotic: IKinotic7);
 	executeMigrations(migrationRequest: MigrationRequest): Promise<MigrationResult>;
 	getLastAppliedMigrationVersion(projectId: string): Promise<number | null>;
 	isMigrationApplied(projectId: string, version: string): Promise<boolean>;
 }
-import { IKinotic as IKinotic7 } from "@kinotic-ai/core";
+import { IKinotic as IKinotic8 } from "@kinotic-ai/core";
 import { Observable } from "rxjs";
 /**
 * Provides AI-powered data analysis and visualization code generation capabilities.
@@ -847,12 +954,12 @@ interface IDataInsightsService {
 }
 declare class DataInsightsService implements IDataInsightsService {
 	private readonly serviceProxy;
-	constructor(kinotic: IKinotic7);
+	constructor(kinotic: IKinotic8);
 	processRequest(request: InsightRequest): Observable<InsightProgress>;
 }
-import { IKinotic as IKinotic8 } from "@kinotic-ai/core";
-import { CrudServiceProxy as CrudServiceProxy5, ICrudServiceProxy as ICrudServiceProxy5 } from "@kinotic-ai/core";
-interface IVmNodeService extends ICrudServiceProxy5<VmNode> {
+import { IKinotic as IKinotic9 } from "@kinotic-ai/core";
+import { CrudServiceProxy as CrudServiceProxy6, ICrudServiceProxy as ICrudServiceProxy6 } from "@kinotic-ai/core";
+interface IVmNodeService extends ICrudServiceProxy6<VmNode> {
 	/**
 	* Finds a node with sufficient resources to host a workload with the given requirements.
 	* @param requiredCpus the number of vCPUs required
@@ -867,13 +974,13 @@ interface IVmNodeService extends ICrudServiceProxy5<VmNode> {
 	*/
 	syncIndex(): Promise<void>;
 }
-declare class VmNodeServiceProxy extends CrudServiceProxy5<VmNode> implements IVmNodeService {
-	constructor(kinotic: IKinotic8);
+declare class VmNodeServiceProxy extends CrudServiceProxy6<VmNode> implements IVmNodeService {
+	constructor(kinotic: IKinotic9);
 	findAvailableNode(requiredCpus: number, requiredMemoryMb: number, requiredDiskMb: number): Promise<VmNode | null>;
 	syncIndex(): Promise<void>;
 }
-import { CrudServiceProxy as CrudServiceProxy6, IKinotic as IKinotic9, ICrudServiceProxy as ICrudServiceProxy6, IterablePage as IterablePage3, Page as Page2, Pageable as Pageable3 } from "@kinotic-ai/core";
-interface IWorkloadService extends ICrudServiceProxy6<Workload> {
+import { CrudServiceProxy as CrudServiceProxy7, IKinotic as IKinotic10, ICrudServiceProxy as ICrudServiceProxy7, IterablePage as IterablePage3, Page as Page2, Pageable as Pageable3 } from "@kinotic-ai/core";
+interface IWorkloadService extends ICrudServiceProxy7<Workload> {
 	/**
 	* Finds all workloads deployed on the given node.
 	* @param nodeId the id of the node to find workloads for
@@ -893,49 +1000,126 @@ interface IWorkloadService extends ICrudServiceProxy6<Workload> {
 	*/
 	syncIndex(): Promise<void>;
 }
-declare class WorkloadServiceProxy extends CrudServiceProxy6<Workload> implements IWorkloadService {
-	constructor(kinotic: IKinotic9);
+declare class WorkloadServiceProxy extends CrudServiceProxy7<Workload> implements IWorkloadService {
+	constructor(kinotic: IKinotic10);
 	findAllForNode(nodeId: string, pageable: Pageable3): Promise<IterablePage3<Workload>>;
 	findAllForNodeSinglePage(nodeId: string, pageable: Pageable3): Promise<Page2<Workload>>;
 	countForNode(nodeId: string): Promise<number>;
 	syncIndex(): Promise<void>;
 }
-import { CrudServiceProxy as CrudServiceProxy7, IKinotic as IKinotic10, ICrudServiceProxy as ICrudServiceProxy7, Page as Page3, Pageable as Pageable4 } from "@kinotic-ai/core";
-interface IIamUserService extends ICrudServiceProxy7<IamUser> {
+import { CrudServiceProxy as CrudServiceProxy8, IKinotic as IKinotic11, ICrudServiceProxy as ICrudServiceProxy8, Page as Page3, Pageable as Pageable4 } from "@kinotic-ai/core";
+interface IIamUserService extends ICrudServiceProxy8<IamUser> {
 	/**
 	* Finds the user with the given email within the given auth scope.
-	* @return Promise emitting the user or null if no user matches
+	* @param email the email address to look up
+	* @param authScopeType the scope type the user is registered against (e.g. {@code SYSTEM}, {@code ORGANIZATION}, {@code APPLICATION})
+	* @param authScopeId the id of the scope the user is registered against
+	* @return {@link Promise} emitting the matching user, or {@code null} if no user matches
 	*/
 	findByEmailAndScope(email: string, authScopeType: string, authScopeId: string): Promise<IamUser | null>;
 	/**
 	* Finds all users registered against the given auth scope.
+	* @param authScopeType the scope type to filter by (e.g. {@code SYSTEM}, {@code ORGANIZATION}, {@code APPLICATION})
+	* @param authScopeId the id of the scope to filter by
+	* @param pageable the paging and sort options
+	* @return {@link Promise} emitting a page of users registered against the scope
 	*/
 	findByScope(authScopeType: string, authScopeId: string, pageable: Pageable4): Promise<Page3<IamUser>>;
 	/**
 	* Creates a user and, if a password is provided, the matching credential.
-	* APPLICATION-scoped users must carry a {@code tenantId}; SYSTEM and ORGANIZATION users must not.
+	* {@code APPLICATION}-scoped users must carry a {@code tenantId}; {@code SYSTEM} and {@code ORGANIZATION} users must not.
+	* @param user the user to create
+	* @param password the password to set, or {@code null} to create the user without a credential
+	* @return {@link Promise} emitting the persisted user
 	*/
 	createUser(user: IamUser, password: string | null): Promise<IamUser>;
 	/**
 	* Verifies the current password and updates it. Used when the user knows their current password.
+	* @param userId the id of the user whose password should be changed
+	* @param currentPassword the user's current password
+	* @param newPassword the new password to set
+	* @return {@link Promise} that resolves when the password has been updated
 	*/
 	changePassword(userId: string, currentPassword: string, newPassword: string): Promise<void>;
 	/**
 	* Replaces the user's password without verifying the current one. Administrative reset.
+	* @param userId the id of the user whose password should be reset
+	* @param newPassword the new password to set
+	* @return {@link Promise} that resolves when the password has been reset
 	*/
 	resetPassword(userId: string, newPassword: string): Promise<void>;
+	/**
+	* Finds the first user with the given email across all scope ids of the given scope type.
+	* Used by the sign-up flow to enforce one user per email at organization-creation time,
+	* before the new organization's scope id exists.
+	* @param email the email address to look up
+	* @param authScopeType the scope type to search within (e.g. {@code ORGANIZATION})
+	* @return {@link Promise} emitting the first matching user, or {@code null} if no user matches
+	*/
+	findFirstByEmailInScopeType(email: string, authScopeType: string): Promise<IamUser | null>;
 }
-declare class IamUserService extends CrudServiceProxy7<IamUser> implements IIamUserService {
-	constructor(kinotic: IKinotic10);
+declare class IamUserService extends CrudServiceProxy8<IamUser> implements IIamUserService {
+	constructor(kinotic: IKinotic11);
 	findByEmailAndScope(email: string, authScopeType: string, authScopeId: string): Promise<IamUser | null>;
 	findByScope(authScopeType: string, authScopeId: string, pageable: Pageable4): Promise<Page3<IamUser>>;
 	createUser(user: IamUser, password: string | null): Promise<IamUser>;
 	changePassword(userId: string, currentPassword: string, newPassword: string): Promise<void>;
 	resetPassword(userId: string, newPassword: string): Promise<void>;
+	findFirstByEmailInScopeType(email: string, authScopeType: string): Promise<IamUser | null>;
+}
+import { CrudServiceProxy as CrudServiceProxy9, IKinotic as IKinotic12, ICrudServiceProxy as ICrudServiceProxy9 } from "@kinotic-ai/core";
+interface IGitHubAppInstallationService extends ICrudServiceProxy9<GitHubAppInstallation> {
+	/**
+	* Stages a single-use {@code state} token bound to the caller's organization in
+	* a cluster-wide store, then returns the GitHub install URL with that state
+	* embedded. The SPA performs {@code window.location = url}.
+	* <p>
+	* Caller must be authenticated under {@code ORGANIZATION} scope; the org is read
+	* from the participant. The state expires after 10 minutes if unused.
+	*/
+	startInstall(): Promise<string>;
+	/**
+	* Returns the (at-most-one) installation bound to the caller's organization, or
+	* {@code null} if GitHub is not yet linked. Drives the "linked / not linked"
+	* indicator in the org-settings UI.
+	*/
+	findForCurrentOrg(): Promise<GitHubAppInstallation | null>;
+}
+declare class GitHubAppInstallationService extends CrudServiceProxy9<GitHubAppInstallation> implements IGitHubAppInstallationService {
+	constructor(kinotic: IKinotic12);
+	startInstall(): Promise<string>;
+	findForCurrentOrg(): Promise<GitHubAppInstallation | null>;
+}
+import { CrudServiceProxy as CrudServiceProxy10, IKinotic as IKinotic13, ICrudServiceProxy as ICrudServiceProxy10 } from "@kinotic-ai/core";
+interface IProjectGitHubRepoService extends ICrudServiceProxy10<ProjectGitHubRepoLink> {
+	/**
+	* Lists the repositories visible under the caller's organization's installation.
+	* Calls GitHub on every invocation; not cached because the org admin may have
+	* just toggled repo access.
+	*/
+	listAvailableRepos(): Promise<AvailableRepo[]>;
+	/**
+	* Creates or replaces the link for the given project. Validates that the chosen
+	* {@code repoFullName} is reachable through the org's installation before
+	* persisting.
+	*/
+	linkProject(projectId: string, repoFullName: string): Promise<ProjectGitHubRepoLink>;
+	/** Removes the link for the given project, if any. */
+	unlinkProject(projectId: string): Promise<void>;
+	/** Returns the link for the given project, or {@code null} when none exists. */
+	findByProject(projectId: string): Promise<ProjectGitHubRepoLink | null>;
+}
+declare class ProjectGitHubRepoService extends CrudServiceProxy10<ProjectGitHubRepoLink> implements IProjectGitHubRepoService {
+	constructor(kinotic: IKinotic13);
+	listAvailableRepos(): Promise<AvailableRepo[]>;
+	linkProject(projectId: string, repoFullName: string): Promise<ProjectGitHubRepoLink>;
+	unlinkProject(projectId: string): Promise<void>;
+	findByProject(projectId: string): Promise<ProjectGitHubRepoLink | null>;
 }
 import { KinoticPlugin } from "@kinotic-ai/core";
 interface IOsApiExtension {
 	applications: IApplicationService;
+	organizations: IOrganizationService;
 	projects: IProjectService;
 	logManager: ILogManager;
 	entityDefinitions: IEntityDefinitionService;
@@ -945,9 +1129,11 @@ interface IOsApiExtension {
 	vmNodes: IVmNodeService;
 	workloads: IWorkloadService;
 	iamUsers: IIamUserService;
+	githubAppInstallations: IGitHubAppInstallationService;
+	githubRepoLinks: IProjectGitHubRepoService;
 }
 declare const OsApiPlugin: KinoticPlugin<IOsApiExtension>;
 declare module "@kinotic-ai/core" {
 	interface KinoticSingleton extends IOsApiExtension {}
 }
-export { WorkloadStatus, WorkloadServiceProxy, Workload, VmProviderType, VmNodeStatus, VmNodeServiceProxy, VmNode, VersionDecorator, TimeReferenceDecorator, TextDecorator, TenantSelectionC3Type, TenantIdDecorator, SingleLoggerLevelsDescriptor, SignUpRequest, SignUpCompleteRequest, QueryOptionsC3Type, QueryDecorator, ProjectType, ProjectService, Project, ProgressType, PageableC3Type, PageC3Type, OsApiPlugin, NotIndexedDecorator, NestedDecorator, NamedQueriesDefinitionService, NamedQueriesDefinition, MigrationService, MigrationResult, MigrationRequest, MigrationDefinition, LoggersDescriptor, LoggerLevelsDescriptor, LogManager, LogLevel, KinoticProjectConfig, InsightRequest, InsightProgress, IdDecorator, IamUserService, IamUser, IWorkloadService, IVmNodeService, IProjectService, IOsApiExtension, INamedQueriesDefinitionService, IMigrationService, ILogManager, IIamUserService, IEntityDefinitionService, IDataInsightsService, IApplicationService, GroupLoggerLevelsDescriptor, FlattenedDecorator, EsIndexConfigurationDecorator, EntityDefinitionService, EntityDefinition, EntityDecorator, EntitiesPathConfig, DiscriminatorDecorator, DataInsightsService, DataInsightsComponent, AutoGeneratedIdDecorator, AuthType, ApplicationService, Application };
+export { WorkloadStatus, WorkloadServiceProxy, Workload, VmProviderType, VmNodeStatus, VmNodeServiceProxy, VmNode, VersionDecorator, TimeReferenceDecorator, TextDecorator, TenantSelectionC3Type, TenantIdDecorator, SingleLoggerLevelsDescriptor, SignUpRequest, SignUpCompleteRequest, QueryOptionsC3Type, QueryDecorator, ProjectType, ProjectService, ProjectGitHubRepoService, ProjectGitHubRepoLink, Project, ProgressType, PageableC3Type, PageC3Type, OsApiPlugin, OrganizationService, Organization, NotIndexedDecorator, NestedDecorator, NamedQueriesDefinitionService, NamedQueriesDefinition, MigrationService, MigrationResult, MigrationRequest, MigrationDefinition, LoggersDescriptor, LoggerLevelsDescriptor, LogManager, LogLevel, KinoticProjectConfig, InsightRequest, InsightProgress, IdDecorator, IamUserService, IamUser, IWorkloadService, IVmNodeService, IProjectService, IProjectGitHubRepoService, IOsApiExtension, IOrganizationService, INamedQueriesDefinitionService, IMigrationService, ILogManager, IIamUserService, IGitHubAppInstallationService, IEntityDefinitionService, IDataInsightsService, IApplicationService, GroupLoggerLevelsDescriptor, GitHubInstallationToken, GitHubAppInstallationService, GitHubAppInstallation, FlattenedDecorator, EsIndexConfigurationDecorator, EntityDefinitionService, EntityDefinition, EntityDecorator, EntitiesPathConfig, DiscriminatorDecorator, DataInsightsService, DataInsightsComponent, AvailableRepo, AutoGeneratedIdDecorator, AuthType, ApplicationService, Application };