@knowledge-stack/ksapi 1.72.4 → 1.78.0

package/src/apis/InvitesApi.ts

@@ -21,6 +21,7 @@ import type {
   InviteStatus,
   InviteUserRequest,
   PaginatedResponseInviteResponse,
+  UpdateInviteRequest,
 } from '../models/index';
 import {
     AcceptInviteResponseFromJSON,
@@ -35,6 +36,8 @@ import {
     InviteUserRequestToJSON,
     PaginatedResponseInviteResponseFromJSON,
     PaginatedResponseInviteResponseToJSON,
+    UpdateInviteRequestFromJSON,
+    UpdateInviteRequestToJSON,
 } from '../models/index';
 
 export interface AcceptInviteRequest {
@@ -64,6 +67,13 @@ export interface ListInvitesRequest {
     ksUat?: string | null;
 }
 
+export interface UpdateInviteOperationRequest {
+    inviteId: string;
+    updateInviteRequest: UpdateInviteRequest;
+    authorization?: string | null;
+    ksUat?: string | null;
+}
+
 /**
  * InvitesApi - interface
  * 
@@ -73,7 +83,7 @@ export interface ListInvitesRequest {
 export interface InvitesApiInterface {
     /**
      * Creates request options for acceptInvite without sending the request
-     * @param {string} inviteId 
+     * @param {string} inviteId Either an Invite ID (traditional per-email invite) OR a Tenant ID (when the tenant has ``invite_link.enabled``). Tenant lookup is tried first.
      * @param {string} [authorization] 
      * @param {string} [ksUat] 
      * @throws {RequiredError}
@@ -82,9 +92,9 @@ export interface InvitesApiInterface {
     acceptInviteRequestOpts(requestParameters: AcceptInviteRequest): Promise<runtime.RequestOpts>;
 
     /**
-     * Update an invite to accepted status and create tenant user.
+     * Accept an invite OR a tenant invite-link.  The path parameter ``invite_id`` may be either:   * a Tenant ID (when an admin has enabled ``invite_link`` on the tenant), OR   * an Invite ID (the traditional per-email invite flow).  Tenant lookup is tried first. If the row is found, the request is treated as an invite-link request — both 400 paths below have *distinct* messages so the frontend can branch on copy:   * \"does not have invite link enabled\" → admin hasn\'t turned it on   * \"does not support inviting users\"   → tenant kill-switch ``system_metadata.can_invite`` is honored on this path too — it\'s a hard kill switch for self-serve onboarding. Only when no tenant matches do we look up an Invite row.
      * @summary Accept Invite
-     * @param {string} inviteId 
+     * @param {string} inviteId Either an Invite ID (traditional per-email invite) OR a Tenant ID (when the tenant has &#x60;&#x60;invite_link.enabled&#x60;&#x60;). Tenant lookup is tried first.
      * @param {string} [authorization] 
      * @param {string} [ksUat] 
      * @param {*} [options] Override http request option.
@@ -94,7 +104,7 @@ export interface InvitesApiInterface {
     acceptInviteRaw(requestParameters: AcceptInviteRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<AcceptInviteResponse>>;
 
     /**
-     * Update an invite to accepted status and create tenant user.
+     * Accept an invite OR a tenant invite-link.  The path parameter ``invite_id`` may be either:   * a Tenant ID (when an admin has enabled ``invite_link`` on the tenant), OR   * an Invite ID (the traditional per-email invite flow).  Tenant lookup is tried first. If the row is found, the request is treated as an invite-link request — both 400 paths below have *distinct* messages so the frontend can branch on copy:   * \"does not have invite link enabled\" → admin hasn\'t turned it on   * \"does not support inviting users\"   → tenant kill-switch ``system_metadata.can_invite`` is honored on this path too — it\'s a hard kill switch for self-serve onboarding. Only when no tenant matches do we look up an Invite row.
      * Accept Invite
      */
     acceptInvite(requestParameters: AcceptInviteRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<AcceptInviteResponse>;
@@ -189,6 +199,36 @@ export interface InvitesApiInterface {
      */
     listInvites(requestParameters: ListInvitesRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<PaginatedResponseInviteResponse>;
 
+    /**
+     * Creates request options for updateInvite without sending the request
+     * @param {string} inviteId 
+     * @param {UpdateInviteRequest} updateInviteRequest 
+     * @param {string} [authorization] 
+     * @param {string} [ksUat] 
+     * @throws {RequiredError}
+     * @memberof InvitesApiInterface
+     */
+    updateInviteRequestOpts(requestParameters: UpdateInviteOperationRequest): Promise<runtime.RequestOpts>;
+
+    /**
+     * Update an invite\'s expiry or groups (admin/owner only).  The invite must belong to the caller\'s current tenant. Any provided groups are validated to belong to the same tenant.
+     * @summary Update Invite Handler
+     * @param {string} inviteId 
+     * @param {UpdateInviteRequest} updateInviteRequest 
+     * @param {string} [authorization] 
+     * @param {string} [ksUat] 
+     * @param {*} [options] Override http request option.
+     * @throws {RequiredError}
+     * @memberof InvitesApiInterface
+     */
+    updateInviteRaw(requestParameters: UpdateInviteOperationRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<InviteResponse>>;
+
+    /**
+     * Update an invite\'s expiry or groups (admin/owner only).  The invite must belong to the caller\'s current tenant. Any provided groups are validated to belong to the same tenant.
+     * Update Invite Handler
+     */
+    updateInvite(requestParameters: UpdateInviteOperationRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<InviteResponse>;
+
 }
 
 /**
@@ -228,7 +268,7 @@ export class InvitesApi extends runtime.BaseAPI implements InvitesApiInterface {
     }
 
     /**
-     * Update an invite to accepted status and create tenant user.
+     * Accept an invite OR a tenant invite-link.  The path parameter ``invite_id`` may be either:   * a Tenant ID (when an admin has enabled ``invite_link`` on the tenant), OR   * an Invite ID (the traditional per-email invite flow).  Tenant lookup is tried first. If the row is found, the request is treated as an invite-link request — both 400 paths below have *distinct* messages so the frontend can branch on copy:   * \"does not have invite link enabled\" → admin hasn\'t turned it on   * \"does not support inviting users\"   → tenant kill-switch ``system_metadata.can_invite`` is honored on this path too — it\'s a hard kill switch for self-serve onboarding. Only when no tenant matches do we look up an Invite row.
      * Accept Invite
      */
     async acceptInviteRaw(requestParameters: AcceptInviteRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<AcceptInviteResponse>> {
@@ -239,7 +279,7 @@ export class InvitesApi extends runtime.BaseAPI implements InvitesApiInterface {
     }
 
     /**
-     * Update an invite to accepted status and create tenant user.
+     * Accept an invite OR a tenant invite-link.  The path parameter ``invite_id`` may be either:   * a Tenant ID (when an admin has enabled ``invite_link`` on the tenant), OR   * an Invite ID (the traditional per-email invite flow).  Tenant lookup is tried first. If the row is found, the request is treated as an invite-link request — both 400 paths below have *distinct* messages so the frontend can branch on copy:   * \"does not have invite link enabled\" → admin hasn\'t turned it on   * \"does not support inviting users\"   → tenant kill-switch ``system_metadata.can_invite`` is honored on this path too — it\'s a hard kill switch for self-serve onboarding. Only when no tenant matches do we look up an Invite row.
      * Accept Invite
      */
     async acceptInvite(requestParameters: AcceptInviteRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<AcceptInviteResponse> {
@@ -409,4 +449,65 @@ export class InvitesApi extends runtime.BaseAPI implements InvitesApiInterface {
         return await response.value();
     }
 
+    /**
+     * Creates request options for updateInvite without sending the request
+     */
+    async updateInviteRequestOpts(requestParameters: UpdateInviteOperationRequest): Promise<runtime.RequestOpts> {
+        if (requestParameters['inviteId'] == null) {
+            throw new runtime.RequiredError(
+                'inviteId',
+                'Required parameter "inviteId" was null or undefined when calling updateInvite().'
+            );
+        }
+
+        if (requestParameters['updateInviteRequest'] == null) {
+            throw new runtime.RequiredError(
+                'updateInviteRequest',
+                'Required parameter "updateInviteRequest" was null or undefined when calling updateInvite().'
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/json';
+
+        if (requestParameters['authorization'] != null) {
+            headerParameters['authorization'] = String(requestParameters['authorization']);
+        }
+
+
+        let urlPath = `/v1/invites/{invite_id}`;
+        urlPath = urlPath.replace(`{${"invite_id"}}`, encodeURIComponent(String(requestParameters['inviteId'])));
+
+        return {
+            path: urlPath,
+            method: 'PATCH',
+            headers: headerParameters,
+            query: queryParameters,
+            body: UpdateInviteRequestToJSON(requestParameters['updateInviteRequest']),
+        };
+    }
+
+    /**
+     * Update an invite\'s expiry or groups (admin/owner only).  The invite must belong to the caller\'s current tenant. Any provided groups are validated to belong to the same tenant.
+     * Update Invite Handler
+     */
+    async updateInviteRaw(requestParameters: UpdateInviteOperationRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<InviteResponse>> {
+        const requestOptions = await this.updateInviteRequestOpts(requestParameters);
+        const response = await this.request(requestOptions, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => InviteResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Update an invite\'s expiry or groups (admin/owner only).  The invite must belong to the caller\'s current tenant. Any provided groups are validated to belong to the same tenant.
+     * Update Invite Handler
+     */
+    async updateInvite(requestParameters: UpdateInviteOperationRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<InviteResponse> {
+        const response = await this.updateInviteRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
 }

package/src/apis/PublicApi.ts

@@ -0,0 +1,100 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * Knowledge Stack API
+ * Knowledge Stack backend API for authentication and knowledge management
+ *
+ * The version of the OpenAPI document: 0.1.0
+ * 
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+
+import * as runtime from '../runtime';
+import type {
+  SubscriptionPlanResponse,
+} from '../models/index';
+import {
+    SubscriptionPlanResponseFromJSON,
+    SubscriptionPlanResponseToJSON,
+} from '../models/index';
+
+/**
+ * PublicApi - interface
+ * 
+ * @export
+ * @interface PublicApiInterface
+ */
+export interface PublicApiInterface {
+    /**
+     * Creates request options for listPublicSubscriptions without sending the request
+     * @throws {RequiredError}
+     * @memberof PublicApiInterface
+     */
+    listPublicSubscriptionsRequestOpts(): Promise<runtime.RequestOpts>;
+
+    /**
+     * List publicly-visible subscription plans (no authentication required).  Filters to ``subscription_plan.public = true`` — custom enterprise tiers (created with ``public=False`` via ``POST /system/subscriptions``) are excluded. Tenants on a private plan can still read it via ``GET /v1/tenants/{tenant_id}/subscriptions``.
+     * @summary List Public Subscriptions Handler
+     * @param {*} [options] Override http request option.
+     * @throws {RequiredError}
+     * @memberof PublicApiInterface
+     */
+    listPublicSubscriptionsRaw(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<Array<SubscriptionPlanResponse>>>;
+
+    /**
+     * List publicly-visible subscription plans (no authentication required).  Filters to ``subscription_plan.public = true`` — custom enterprise tiers (created with ``public=False`` via ``POST /system/subscriptions``) are excluded. Tenants on a private plan can still read it via ``GET /v1/tenants/{tenant_id}/subscriptions``.
+     * List Public Subscriptions Handler
+     */
+    listPublicSubscriptions(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<Array<SubscriptionPlanResponse>>;
+
+}
+
+/**
+ * 
+ */
+export class PublicApi extends runtime.BaseAPI implements PublicApiInterface {
+
+    /**
+     * Creates request options for listPublicSubscriptions without sending the request
+     */
+    async listPublicSubscriptionsRequestOpts(): Promise<runtime.RequestOpts> {
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+
+        let urlPath = `/public/subscriptions`;
+
+        return {
+            path: urlPath,
+            method: 'GET',
+            headers: headerParameters,
+            query: queryParameters,
+        };
+    }
+
+    /**
+     * List publicly-visible subscription plans (no authentication required).  Filters to ``subscription_plan.public = true`` — custom enterprise tiers (created with ``public=False`` via ``POST /system/subscriptions``) are excluded. Tenants on a private plan can still read it via ``GET /v1/tenants/{tenant_id}/subscriptions``.
+     * List Public Subscriptions Handler
+     */
+    async listPublicSubscriptionsRaw(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<Array<SubscriptionPlanResponse>>> {
+        const requestOptions = await this.listPublicSubscriptionsRequestOpts();
+        const response = await this.request(requestOptions, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => jsonValue.map(SubscriptionPlanResponseFromJSON));
+    }
+
+    /**
+     * List publicly-visible subscription plans (no authentication required).  Filters to ``subscription_plan.public = true`` — custom enterprise tiers (created with ``public=False`` via ``POST /system/subscriptions``) are excluded. Tenants on a private plan can still read it via ``GET /v1/tenants/{tenant_id}/subscriptions``.
+     * List Public Subscriptions Handler
+     */
+    async listPublicSubscriptions(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<Array<SubscriptionPlanResponse>> {
+        const response = await this.listPublicSubscriptionsRaw(initOverrides);
+        return await response.value();
+    }
+
+}

package/src/apis/SubscriptionsApi.ts

@@ -0,0 +1,238 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * Knowledge Stack API
+ * Knowledge Stack backend API for authentication and knowledge management
+ *
+ * The version of the OpenAPI document: 0.1.0
+ * 
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+
+import * as runtime from '../runtime';
+import type {
+  ChangeSubscriptionRequest,
+  HTTPValidationError,
+  SubscriptionPlanResponse,
+  TenantResponse,
+} from '../models/index';
+import {
+    ChangeSubscriptionRequestFromJSON,
+    ChangeSubscriptionRequestToJSON,
+    HTTPValidationErrorFromJSON,
+    HTTPValidationErrorToJSON,
+    SubscriptionPlanResponseFromJSON,
+    SubscriptionPlanResponseToJSON,
+    TenantResponseFromJSON,
+    TenantResponseToJSON,
+} from '../models/index';
+
+export interface ChangeTenantSubscriptionRequest {
+    tenantId: string;
+    changeSubscriptionRequest: ChangeSubscriptionRequest;
+    idempotencyKey?: string | null;
+    authorization?: string | null;
+    ksUat?: string | null;
+}
+
+export interface GetTenantSubscriptionRequest {
+    tenantId: string;
+    authorization?: string | null;
+    ksUat?: string | null;
+}
+
+/**
+ * SubscriptionsApi - interface
+ * 
+ * @export
+ * @interface SubscriptionsApiInterface
+ */
+export interface SubscriptionsApiInterface {
+    /**
+     * Creates request options for changeTenantSubscription without sending the request
+     * @param {string} tenantId 
+     * @param {ChangeSubscriptionRequest} changeSubscriptionRequest 
+     * @param {string} [idempotencyKey] 
+     * @param {string} [authorization] 
+     * @param {string} [ksUat] 
+     * @throws {RequiredError}
+     * @memberof SubscriptionsApiInterface
+     */
+    changeTenantSubscriptionRequestOpts(requestParameters: ChangeTenantSubscriptionRequest): Promise<runtime.RequestOpts>;
+
+    /**
+     * Change the tenant\'s subscription plan and/or seat count.  OWNER-only on the target tenant. Covers three scenarios with one shape:   - Plan change (with optional seat-count change).   - Pure seat-count change (same plan, different ``num_seats``).   - No-op (same plan, same seats) — returns 200, performs no DB or     Stripe writes.  Optional ``Idempotency-Key`` request header is forwarded to Stripe verbatim (clients that retry the same logical operation MUST send the same value across attempts; Stripe collapses duplicates server- side). Absent the header, the server generates a fresh ``uuid4()`` per call and emits a warning — retries in that case are NOT deduplicated. v1 mock-Stripe doesn\'t care, but the contract is in place for the real integration.
+     * @summary Change Tenant Subscription Handler
+     * @param {string} tenantId 
+     * @param {ChangeSubscriptionRequest} changeSubscriptionRequest 
+     * @param {string} [idempotencyKey] 
+     * @param {string} [authorization] 
+     * @param {string} [ksUat] 
+     * @param {*} [options] Override http request option.
+     * @throws {RequiredError}
+     * @memberof SubscriptionsApiInterface
+     */
+    changeTenantSubscriptionRaw(requestParameters: ChangeTenantSubscriptionRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<TenantResponse>>;
+
+    /**
+     * Change the tenant\'s subscription plan and/or seat count.  OWNER-only on the target tenant. Covers three scenarios with one shape:   - Plan change (with optional seat-count change).   - Pure seat-count change (same plan, different ``num_seats``).   - No-op (same plan, same seats) — returns 200, performs no DB or     Stripe writes.  Optional ``Idempotency-Key`` request header is forwarded to Stripe verbatim (clients that retry the same logical operation MUST send the same value across attempts; Stripe collapses duplicates server- side). Absent the header, the server generates a fresh ``uuid4()`` per call and emits a warning — retries in that case are NOT deduplicated. v1 mock-Stripe doesn\'t care, but the contract is in place for the real integration.
+     * Change Tenant Subscription Handler
+     */
+    changeTenantSubscription(requestParameters: ChangeTenantSubscriptionRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<TenantResponse>;
+
+    /**
+     * Creates request options for getTenantSubscription without sending the request
+     * @param {string} tenantId 
+     * @param {string} [authorization] 
+     * @param {string} [ksUat] 
+     * @throws {RequiredError}
+     * @memberof SubscriptionsApiInterface
+     */
+    getTenantSubscriptionRequestOpts(requestParameters: GetTenantSubscriptionRequest): Promise<runtime.RequestOpts>;
+
+    /**
+     * Read the tenant\'s current subscription plan, including private tiers.  Any active member of the tenant can read. This is the only path that surfaces private (custom enterprise) plans to non-admin users — ``GET /public/subscriptions`` filters them out, but tenants on a private plan still need to see their own caps. Returns the full plan body (id, name, caps, max_seats, public flag, timestamps).  Returns 404 when the user is not a member of the tenant — same response shape as a non-existent tenant so we don\'t leak existence to outsiders.
+     * @summary Get Tenant Subscription Handler
+     * @param {string} tenantId 
+     * @param {string} [authorization] 
+     * @param {string} [ksUat] 
+     * @param {*} [options] Override http request option.
+     * @throws {RequiredError}
+     * @memberof SubscriptionsApiInterface
+     */
+    getTenantSubscriptionRaw(requestParameters: GetTenantSubscriptionRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<SubscriptionPlanResponse>>;
+
+    /**
+     * Read the tenant\'s current subscription plan, including private tiers.  Any active member of the tenant can read. This is the only path that surfaces private (custom enterprise) plans to non-admin users — ``GET /public/subscriptions`` filters them out, but tenants on a private plan still need to see their own caps. Returns the full plan body (id, name, caps, max_seats, public flag, timestamps).  Returns 404 when the user is not a member of the tenant — same response shape as a non-existent tenant so we don\'t leak existence to outsiders.
+     * Get Tenant Subscription Handler
+     */
+    getTenantSubscription(requestParameters: GetTenantSubscriptionRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<SubscriptionPlanResponse>;
+
+}
+
+/**
+ * 
+ */
+export class SubscriptionsApi extends runtime.BaseAPI implements SubscriptionsApiInterface {
+
+    /**
+     * Creates request options for changeTenantSubscription without sending the request
+     */
+    async changeTenantSubscriptionRequestOpts(requestParameters: ChangeTenantSubscriptionRequest): Promise<runtime.RequestOpts> {
+        if (requestParameters['tenantId'] == null) {
+            throw new runtime.RequiredError(
+                'tenantId',
+                'Required parameter "tenantId" was null or undefined when calling changeTenantSubscription().'
+            );
+        }
+
+        if (requestParameters['changeSubscriptionRequest'] == null) {
+            throw new runtime.RequiredError(
+                'changeSubscriptionRequest',
+                'Required parameter "changeSubscriptionRequest" was null or undefined when calling changeTenantSubscription().'
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/json';
+
+        if (requestParameters['idempotencyKey'] != null) {
+            headerParameters['Idempotency-Key'] = String(requestParameters['idempotencyKey']);
+        }
+
+        if (requestParameters['authorization'] != null) {
+            headerParameters['authorization'] = String(requestParameters['authorization']);
+        }
+
+
+        let urlPath = `/v1/tenants/{tenant_id}/subscriptions`;
+        urlPath = urlPath.replace(`{${"tenant_id"}}`, encodeURIComponent(String(requestParameters['tenantId'])));
+
+        return {
+            path: urlPath,
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+            body: ChangeSubscriptionRequestToJSON(requestParameters['changeSubscriptionRequest']),
+        };
+    }
+
+    /**
+     * Change the tenant\'s subscription plan and/or seat count.  OWNER-only on the target tenant. Covers three scenarios with one shape:   - Plan change (with optional seat-count change).   - Pure seat-count change (same plan, different ``num_seats``).   - No-op (same plan, same seats) — returns 200, performs no DB or     Stripe writes.  Optional ``Idempotency-Key`` request header is forwarded to Stripe verbatim (clients that retry the same logical operation MUST send the same value across attempts; Stripe collapses duplicates server- side). Absent the header, the server generates a fresh ``uuid4()`` per call and emits a warning — retries in that case are NOT deduplicated. v1 mock-Stripe doesn\'t care, but the contract is in place for the real integration.
+     * Change Tenant Subscription Handler
+     */
+    async changeTenantSubscriptionRaw(requestParameters: ChangeTenantSubscriptionRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<TenantResponse>> {
+        const requestOptions = await this.changeTenantSubscriptionRequestOpts(requestParameters);
+        const response = await this.request(requestOptions, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => TenantResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Change the tenant\'s subscription plan and/or seat count.  OWNER-only on the target tenant. Covers three scenarios with one shape:   - Plan change (with optional seat-count change).   - Pure seat-count change (same plan, different ``num_seats``).   - No-op (same plan, same seats) — returns 200, performs no DB or     Stripe writes.  Optional ``Idempotency-Key`` request header is forwarded to Stripe verbatim (clients that retry the same logical operation MUST send the same value across attempts; Stripe collapses duplicates server- side). Absent the header, the server generates a fresh ``uuid4()`` per call and emits a warning — retries in that case are NOT deduplicated. v1 mock-Stripe doesn\'t care, but the contract is in place for the real integration.
+     * Change Tenant Subscription Handler
+     */
+    async changeTenantSubscription(requestParameters: ChangeTenantSubscriptionRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<TenantResponse> {
+        const response = await this.changeTenantSubscriptionRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Creates request options for getTenantSubscription without sending the request
+     */
+    async getTenantSubscriptionRequestOpts(requestParameters: GetTenantSubscriptionRequest): Promise<runtime.RequestOpts> {
+        if (requestParameters['tenantId'] == null) {
+            throw new runtime.RequiredError(
+                'tenantId',
+                'Required parameter "tenantId" was null or undefined when calling getTenantSubscription().'
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (requestParameters['authorization'] != null) {
+            headerParameters['authorization'] = String(requestParameters['authorization']);
+        }
+
+
+        let urlPath = `/v1/tenants/{tenant_id}/subscriptions`;
+        urlPath = urlPath.replace(`{${"tenant_id"}}`, encodeURIComponent(String(requestParameters['tenantId'])));
+
+        return {
+            path: urlPath,
+            method: 'GET',
+            headers: headerParameters,
+            query: queryParameters,
+        };
+    }
+
+    /**
+     * Read the tenant\'s current subscription plan, including private tiers.  Any active member of the tenant can read. This is the only path that surfaces private (custom enterprise) plans to non-admin users — ``GET /public/subscriptions`` filters them out, but tenants on a private plan still need to see their own caps. Returns the full plan body (id, name, caps, max_seats, public flag, timestamps).  Returns 404 when the user is not a member of the tenant — same response shape as a non-existent tenant so we don\'t leak existence to outsiders.
+     * Get Tenant Subscription Handler
+     */
+    async getTenantSubscriptionRaw(requestParameters: GetTenantSubscriptionRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<SubscriptionPlanResponse>> {
+        const requestOptions = await this.getTenantSubscriptionRequestOpts(requestParameters);
+        const response = await this.request(requestOptions, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => SubscriptionPlanResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Read the tenant\'s current subscription plan, including private tiers.  Any active member of the tenant can read. This is the only path that surfaces private (custom enterprise) plans to non-admin users — ``GET /public/subscriptions`` filters them out, but tenants on a private plan still need to see their own caps. Returns the full plan body (id, name, caps, max_seats, public flag, timestamps).  Returns 404 when the user is not a member of the tenant — same response shape as a non-existent tenant so we don\'t leak existence to outsiders.
+     * Get Tenant Subscription Handler
+     */
+    async getTenantSubscription(requestParameters: GetTenantSubscriptionRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<SubscriptionPlanResponse> {
+        const response = await this.getTenantSubscriptionRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+}

package/src/apis/TenantsApi.ts

@@ -19,6 +19,7 @@ import type {
   HTTPValidationError,
   PaginatedResponseTenantResponse,
   PaginatedResponseTenantUserResponse,
+  TenantQuotaStateResponse,
   TenantResponse,
   TenantUserEditRequest,
   TenantUserResponse,
@@ -33,6 +34,8 @@ import {
     PaginatedResponseTenantResponseToJSON,
     PaginatedResponseTenantUserResponseFromJSON,
     PaginatedResponseTenantUserResponseToJSON,
+    TenantQuotaStateResponseFromJSON,
+    TenantQuotaStateResponseToJSON,
     TenantResponseFromJSON,
     TenantResponseToJSON,
     TenantUserEditRequestFromJSON,
@@ -83,6 +86,12 @@ export interface GetTenantRequest {
     ksUat?: string | null;
 }
 
+export interface GetTenantQuotaStateRequest {
+    tenantId: string;
+    authorization?: string | null;
+    ksUat?: string | null;
+}
+
 export interface ListTenantUsersRequest {
     tenantId: string;
     limit?: number;
@@ -304,6 +313,34 @@ export interface TenantsApiInterface {
      */
     getTenant(requestParameters: GetTenantRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<TenantResponse>;
 
+    /**
+     * Creates request options for getTenantQuotaState without sending the request
+     * @param {string} tenantId 
+     * @param {string} [authorization] 
+     * @param {string} [ksUat] 
+     * @throws {RequiredError}
+     * @memberof TenantsApiInterface
+     */
+    getTenantQuotaStateRequestOpts(requestParameters: GetTenantQuotaStateRequest): Promise<runtime.RequestOpts>;
+
+    /**
+     * Read the tenant\'s current quota state across all metered caps + seats.  Any active member of the tenant can read. Read-only — does not mutate quota state.
+     * @summary Get Tenant Quota State Handler
+     * @param {string} tenantId 
+     * @param {string} [authorization] 
+     * @param {string} [ksUat] 
+     * @param {*} [options] Override http request option.
+     * @throws {RequiredError}
+     * @memberof TenantsApiInterface
+     */
+    getTenantQuotaStateRaw(requestParameters: GetTenantQuotaStateRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<TenantQuotaStateResponse>>;
+
+    /**
+     * Read the tenant\'s current quota state across all metered caps + seats.  Any active member of the tenant can read. Read-only — does not mutate quota state.
+     * Get Tenant Quota State Handler
+     */
+    getTenantQuotaState(requestParameters: GetTenantQuotaStateRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<TenantQuotaStateResponse>;
+
     /**
      * Creates request options for listTenantUsers without sending the request
      * @param {string} tenantId 
@@ -799,6 +836,57 @@ export class TenantsApi extends runtime.BaseAPI implements TenantsApiInterface {
         return await response.value();
     }
 
+    /**
+     * Creates request options for getTenantQuotaState without sending the request
+     */
+    async getTenantQuotaStateRequestOpts(requestParameters: GetTenantQuotaStateRequest): Promise<runtime.RequestOpts> {
+        if (requestParameters['tenantId'] == null) {
+            throw new runtime.RequiredError(
+                'tenantId',
+                'Required parameter "tenantId" was null or undefined when calling getTenantQuotaState().'
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (requestParameters['authorization'] != null) {
+            headerParameters['authorization'] = String(requestParameters['authorization']);
+        }
+
+
+        let urlPath = `/v1/tenants/{tenant_id}/quota`;
+        urlPath = urlPath.replace(`{${"tenant_id"}}`, encodeURIComponent(String(requestParameters['tenantId'])));
+
+        return {
+            path: urlPath,
+            method: 'GET',
+            headers: headerParameters,
+            query: queryParameters,
+        };
+    }
+
+    /**
+     * Read the tenant\'s current quota state across all metered caps + seats.  Any active member of the tenant can read. Read-only — does not mutate quota state.
+     * Get Tenant Quota State Handler
+     */
+    async getTenantQuotaStateRaw(requestParameters: GetTenantQuotaStateRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<TenantQuotaStateResponse>> {
+        const requestOptions = await this.getTenantQuotaStateRequestOpts(requestParameters);
+        const response = await this.request(requestOptions, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => TenantQuotaStateResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Read the tenant\'s current quota state across all metered caps + seats.  Any active member of the tenant can read. Read-only — does not mutate quota state.
+     * Get Tenant Quota State Handler
+     */
+    async getTenantQuotaState(requestParameters: GetTenantQuotaStateRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<TenantQuotaStateResponse> {
+        const response = await this.getTenantQuotaStateRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
     /**
      * Creates request options for listTenantUsers without sending the request
      */