@mondaydotcomorg/monday-authorization 3.3.0-feature-bashanye-navigate-can-action-in-scope-to-graph-2d70b30 → 3.3.1-feature-bashanye-add-membership-create-delete-api-d00c165

package/dist/constants.d.ts

@@ -1,6 +1,7 @@
 import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
 import { FetcherConfig } from '@mondaydotcomorg/trident-backend-api';
 export declare const APP_NAME = "authorization";
+export declare const GRAPH_APP_NAME = "authorization-graph";
 export declare const ERROR_MESSAGES: {
     readonly HTTP_CLIENT_NOT_INITIALIZED: "MondayAuthorization: HTTP client is not initialized";
     readonly REQUEST_FAILED: (method: string, status: number, reason: string) => string;

package/dist/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AAExC,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AACxC,eAAO,MAAM,cAAc,wBAAwB,CAAC;AAEpD,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}

package/dist/constants.js

@@ -1,6 +1,7 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
 
 const APP_NAME = 'authorization';
+const GRAPH_APP_NAME = 'authorization-graph';
 const ERROR_MESSAGES = {
     HTTP_CLIENT_NOT_INITIALIZED: 'MondayAuthorization: HTTP client is not initialized',
     REQUEST_FAILED: (method, status, reason) => `MondayAuthorization: [${method}] request failed with status ${status} with reason: ${reason}`,
@@ -20,3 +21,4 @@ const DEFAULT_FETCH_OPTIONS = {
 exports.APP_NAME = APP_NAME;
 exports.DEFAULT_FETCH_OPTIONS = DEFAULT_FETCH_OPTIONS;
 exports.ERROR_MESSAGES = ERROR_MESSAGES;
+exports.GRAPH_APP_NAME = GRAPH_APP_NAME;

package/dist/esm/attributions-service.d.ts

@@ -2,9 +2,10 @@ import { Context, ExecutionContext } from '@mondaydotcomorg/trident-backend-api'
 export declare enum PlatformProfile {
     API_INTERNAL = "api-internal",
     SLOW = "slow",
-    INTERNAL = "internal"
+    INTERNAL = "internal",
+    APP = "app"
 }
-export declare function getProfile(): PlatformProfile;
+export declare function getProfile(): PlatformProfile.API_INTERNAL | PlatformProfile.SLOW | PlatformProfile.INTERNAL;
 export declare function getExecutionContext(context: Context): ExecutionContext;
 export declare function getAttributionsFromApi(): {
     [key: string]: string;

package/dist/esm/attributions-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,oBAAY,eAAe;IACzB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;CACtB;AAED,wBAAgB,UAAU,oBAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}
+{"version":3,"file":"attributions-service.d.ts","sourceRoot":"","sources":["../../src/attributions-service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,OAAO,EAAE,gBAAgB,EAAE,MAAM,sCAAsC,CAAC;AAStF,oBAAY,eAAe;IACzB,YAAY,iBAAiB;IAC7B,IAAI,SAAS;IACb,QAAQ,aAAa;IACrB,GAAG,QAAQ;CACZ;AAED,wBAAgB,UAAU,mFAiBzB;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,gBAAgB,CAEtE;AAED,wBAAgB,sBAAsB,IAAI;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAqClE"}

package/dist/esm/attributions-service.mjs

@@ -10,6 +10,7 @@ var PlatformProfile;
     PlatformProfile["API_INTERNAL"] = "api-internal";
     PlatformProfile["SLOW"] = "slow";
     PlatformProfile["INTERNAL"] = "internal";
+    PlatformProfile["APP"] = "app";
 })(PlatformProfile || (PlatformProfile = {}));
 function getProfile() {
     const tridentContext = Api.getPart('context');

package/dist/esm/authorization-internal-service.d.ts

@@ -10,7 +10,7 @@ export declare class AuthorizationInternalService {
     static markAuthorized(request: BaseRequest): void;
     static failIfNotCoveredByAuthorization(request: BaseRequest): void;
     static throwOnHttpErrorIfNeeded(response: Awaited<ReturnType<typeof fetch>>, placement: string): void;
-    static throwOnHttpError(status: number, placement: string): void;
+    static throwOnHttpError(status: number, placement: string): never;
     static generateInternalAuthToken(accountId: number, userId: number): string;
     static setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions): void;
     static getRequestFetchOptions(): MondayFetchOptions;

package/dist/esm/authorization-internal-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-internal-service.d.ts","sourceRoot":"","sources":["../../src/authorization-internal-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAE1E,OAAO,EAAyB,eAAe,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAC;AACxG,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAK9C,eAAO,MAAM,MAAM,kBAA2B,CAAC;AAO/C,eAAO,MAAM,eAAe,EAAE,eAM7B,CAAC;AAYF,qBAAa,4BAA4B;IACvC,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IACnC,MAAM,CAAC,iBAAiB,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIpD,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIjD,MAAM,CAAC,+BAA+B,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAMlE,MAAM,CAAC,wBAAwB,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO,KAAK,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAcrG,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM;IAQzD,MAAM,CAAC,yBAAyB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAIlE,MAAM,CAAC,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB;IAO1E,MAAM,CAAC,sBAAsB,IAAI,kBAAkB;IAInD,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,YAAY;IAI3C,MAAM,CAAC,iBAAiB;IA2BxB,MAAM,CAAC,gBAAgB,IAAI,WAAW;CASvC"}
+{"version":3,"file":"authorization-internal-service.d.ts","sourceRoot":"","sources":["../../src/authorization-internal-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAE1E,OAAO,EAAyB,eAAe,EAAE,WAAW,EAAE,MAAM,mCAAmC,CAAC;AACxG,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC3D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAK9C,eAAO,MAAM,MAAM,kBAA2B,CAAC;AAO/C,eAAO,MAAM,eAAe,EAAE,eAM7B,CAAC;AAYF,qBAAa,4BAA4B;IACvC,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IACnC,MAAM,CAAC,iBAAiB,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIpD,MAAM,CAAC,cAAc,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAIjD,MAAM,CAAC,+BAA+B,CAAC,OAAO,EAAE,WAAW,GAAG,IAAI;IAMlE,MAAM,CAAC,wBAAwB,CAAC,QAAQ,EAAE,OAAO,CAAC,UAAU,CAAC,OAAO,KAAK,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI;IAcrG,MAAM,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,KAAK;IAQjE,MAAM,CAAC,yBAAyB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;IAIlE,MAAM,CAAC,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB;IAO1E,MAAM,CAAC,sBAAsB,IAAI,kBAAkB;IAInD,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,YAAY;IAI3C,MAAM,CAAC,iBAAiB;IA2BxB,MAAM,CAAC,gBAAgB,IAAI,WAAW;CASvC"}

package/dist/esm/authorization-service.d.ts

@@ -9,6 +9,11 @@ export interface AuthorizeResponse {
 }
 export declare function setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions): void;
 export declare class AuthorizationService {
+    private static get graphApi();
+    private static _graphApi?;
+    private static get platformApi();
+    private static _platformApi?;
+    static resetApiClients(): void;
     static redisClient?: any;
     static grantedFeatureRedisExpirationInSeconds?: number;
     static igniteClient?: IgniteClient;

package/dist/esm/authorization-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAE7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA6DnB,oBAAoB;mBAUpB,oBAAoB;CAoF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}
+{"version":3,"file":"authorization-service.d.ts","sourceRoot":"","sources":["../../src/authorization-service.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,EAAmB,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAG7F,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,0BAA0B,EAC1B,YAAY,EACb,MAAM,kCAAkC,CAAC;AAe1C,MAAM,WAAW,iBAAiB;IAChC,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;CAC7C;AAED,wBAAgB,sBAAsB,CAAC,wBAAwB,EAAE,kBAAkB,QAElF;AAMD,qBAAa,oBAAoB;IAC/B,OAAO,CAAC,MAAM,KAAK,QAAQ,GAK1B;IACD,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAW;IAEpC,OAAO,CAAC,MAAM,KAAK,WAAW,GAK7B;IACD,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAc;IAE1C,MAAM,CAAC,eAAe,IAAI,IAAI;IAK9B,MAAM,CAAC,WAAW,CAAC,MAAC;IACpB,MAAM,CAAC,sCAAsC,CAAC,EAAE,MAAM,CAAC;IACvD,MAAM,CAAC,YAAY,CAAC,EAAE,YAAY,CAAC;IAEnC;;;OAGG;WACU,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,QAAQ,EAAE,EACrB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,iBAAiB,CAAC;WAEhB,YAAY,CACvB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,2BAA2B,EAAE,mBAAmB,EAAE,GACjD,OAAO,CAAC,iBAAiB,CAAC;IAY7B;;;OAGG;WACU,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,EACnB,OAAO,GAAE;QAAE,eAAe,CAAC,EAAE,OAAO,CAAA;KAAO,GAC1C,OAAO,CAAC,OAAO,CAAC;mBAkBE,6BAA6B;IAclD,OAAO,CAAC,MAAM,CAAC,gBAAgB;WAIlB,gBAAgB,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,EACd,KAAK,EAAE,YAAY,GAClB,OAAO,CAAC,kBAAkB,CAAC;IAM9B,OAAO,CAAC,MAAM,CAAC,UAAU;WAsBZ,wBAAwB,CACnC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;mBA4CnB,oBAAoB;mBAUpB,oBAAoB;CAmF1C;AAED,wBAAgB,cAAc,CAC5B,MAAM,KAAA,EACN,sCAAsC,GAAE,MAAiD,QAY1F;AAED,wBAAsB,eAAe,kBAMpC;AAED,wBAAgB,yBAAyB,CAAC,SAAS,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAepG"}

package/dist/esm/authorization-service.mjs

@@ -2,11 +2,12 @@ import { performance } from 'perf_hooks';
 import { Api } from '@mondaydotcomorg/trident-backend-api';
 import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
 import { getIgniteClient } from '@mondaydotcomorg/ignite-sdk';
-import { sendAuthorizationCheckResponseTimeMetric, incrementAuthorizationSuccess } from './prometheus-service.mjs';
+import { sendAuthorizationCheckResponseTimeMetric } from './prometheus-service.mjs';
+import { recordAuthorizationTiming } from './metrics-service.mjs';
 import { AuthorizationInternalService, logger } from './authorization-internal-service.mjs';
 import { getProfile, PlatformProfile, getAttributionsFromApi } from './attributions-service.mjs';
-import { GraphApiClient } from './clients/graph-api.client.mjs';
-import { PlatformApiClient } from './clients/platform-api.client.mjs';
+import { GraphApi } from './clients/graph-api.mjs';
+import { PlatformApi } from './clients/platform-api.mjs';
 import { scopeToResource } from './utils/authorization.utils.mjs';
 
 const GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS = 5 * 60;
@@ -19,6 +20,24 @@ function setRequestFetchOptions(customMondayFetchOptions) {
     AuthorizationInternalService.setRequestFetchOptions(customMondayFetchOptions);
 }
 class AuthorizationService {
+    static get graphApi() {
+        if (!this._graphApi) {
+            this._graphApi = new GraphApi();
+        }
+        return this._graphApi;
+    }
+    static _graphApi;
+    static get platformApi() {
+        if (!this._platformApi) {
+            this._platformApi = new PlatformApi();
+        }
+        return this._platformApi;
+    }
+    static _platformApi;
+    static resetApiClients() {
+        this._graphApi = undefined;
+        this._platformApi = undefined;
+    }
     static redisClient;
     static grantedFeatureRedisExpirationInSeconds;
     static igniteClient;
@@ -84,38 +103,25 @@ class AuthorizationService {
             this.igniteClient.isReleased(PLATFORM_PROFILE_RELEASE_FF, { accountId, userId })) {
             return getProfile();
         }
-        return PlatformProfile.INTERNAL;
+        return PlatformProfile.APP;
     }
     static async canActionInScopeMultiple(accountId, userId, scopedActions) {
         if (scopedActions.length === 0) {
             return [];
         }
         const shouldNavigateToGraph = Boolean(this.igniteClient?.isReleased(NAVIGATE_CAN_ACTION_IN_SCOPE_TO_GRAPH_FF, { accountId, userId }));
-        const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
         const startTime = performance.now();
         let scopedActionResponseObjects;
         let apiType;
         if (shouldNavigateToGraph) {
-            try {
-                scopedActionResponseObjects = await GraphApiClient.checkPermissions(internalAuthToken, scopedActions);
-                apiType = 'graph';
-            }
-            catch (error) {
-                const status = error instanceof HttpFetcherError ? error.status : undefined;
-                logger.warn({
-                    tag: 'authorization-service',
-                    error: error instanceof Error ? error.message : String(error),
-                    accountId,
-                    userId,
-                    status,
-                }, 'Graph API authorization failed');
-                throw error;
-            }
+            apiType = 'graph';
+            scopedActionResponseObjects = await this.graphApi.checkPermissions(accountId, userId, scopedActions);
         }
         else {
-            const profile = this.getProfile(accountId, userId);
-            scopedActionResponseObjects = await PlatformApiClient.checkPermissions(profile, internalAuthToken, userId, scopedActions);
             apiType = 'platform';
+            const profile = this.getProfile(accountId, userId);
+            const internalAuthToken = AuthorizationInternalService.generateInternalAuthToken(accountId, userId);
+            scopedActionResponseObjects = await this.platformApi.checkPermissions(profile, internalAuthToken, userId, scopedActions);
         }
         const endTime = performance.now();
         const time = endTime - startTime;
@@ -124,10 +130,8 @@ class AuthorizationService {
             const { action, scope } = obj.scopedAction;
             const { resourceType } = scopeToResource(scope);
             const isAuthorized = obj.permit.can;
-            sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time, apiType);
-            if (obj.permit.can) {
-                incrementAuthorizationSuccess(resourceType, action, apiType);
-            }
+            sendAuthorizationCheckResponseTimeMetric(resourceType, action, isAuthorized, 200, time);
+            recordAuthorizationTiming(apiType, time, 'canActionInScopeMultiple');
         }
         return scopedActionResponseObjects;
     }
@@ -184,7 +188,7 @@ class AuthorizationService {
             if (!isAuthorized) {
                 unauthorizedObjects.push(authorizationObject);
             }
-            sendAuthorizationCheckResponseTimeMetric(authorizationObject.resource_type, authorizationObject.action, isAuthorized, 200, time, 'platform');
+            sendAuthorizationCheckResponseTimeMetric(authorizationObject.resource_type, authorizationObject.action, isAuthorized, 200, time);
         });
         if (unauthorizedObjects.length > 0) {
             logger.info({

package/dist/esm/clients/graph-api.d.ts

@@ -0,0 +1,28 @@
+import { ScopedAction, ScopedActionResponseObject } from '../types/scoped-actions-contracts';
+import { GraphIsAllowedResponse } from '../types/graph-api.types';
+/**
+ * Client for handling Graph API authorization operations
+ */
+export declare class GraphApi {
+    private readonly httpClient;
+    private readonly consumerAppName;
+    constructor();
+    /**
+     * Builds the request body for Graph API calls
+     */
+    private static buildRequestBody;
+    /**
+     * Fetches authorization data from the Graph API
+     */
+    fetchPermissions(authToken: string, scopedActions: ScopedAction[]): Promise<GraphIsAllowedResponse>;
+    /**
+     * Maps Graph API response to the expected format
+     */
+    private static mapResponse;
+    /**
+     * Performs a complete authorization check using the Graph API
+     */
+    checkPermissions(accountId: number, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
+    private static ensureGraphReason;
+}
+//# sourceMappingURL=graph-api.d.ts.map

package/dist/esm/clients/graph-api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"graph-api.d.ts","sourceRoot":"","sources":["../../../src/clients/graph-api.ts"],"names":[],"mappings":"AACA,OAAO,EACL,YAAY,EACZ,0BAA0B,EAG3B,MAAM,mCAAmC,CAAC;AAG3C,OAAO,EAEL,sBAAsB,EAMvB,MAAM,0BAA0B,CAAC;AASlC;;GAEG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;IACxC,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;;IAezC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,gBAAgB;IAyB/B;;OAEG;IACG,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,YAAY,EAAE,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAgCzG;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAiC1B;;OAEG;IACG,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;IAMxC,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAWjC"}

package/dist/esm/clients/{graph-api.client.mjs → graph-api.mjs}

@@ -1,16 +1,32 @@
 import { Api } from '@mondaydotcomorg/trident-backend-api';
-import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
 import { PermitTechnicalReason } from '../types/scoped-actions-contracts.mjs';
 import { AuthorizationInternalService } from '../authorization-internal-service.mjs';
 import { getAttributionsFromApi } from '../attributions-service.mjs';
 import { scopeToResource } from '../utils/authorization.utils.mjs';
-import { incrementAuthorizationError } from '../prometheus-service.mjs';
+import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
+import { GRAPH_APP_NAME } from '../constants.mjs';
+import { handleApiError } from '../utils/api-error-handler.mjs';
 
 const CAN_ACTION_IN_SCOPE_GRAPH_PATH = '/permissions/is-allowed';
+const APP_NAME_REQUIRED_ERROR = 'GraphApi: APP_NAME environment variable is required for Graph API authentication';
 /**
  * Client for handling Graph API authorization operations
  */
-class GraphApiClient {
+class GraphApi {
+    httpClient;
+    consumerAppName;
+    constructor() {
+        const httpClient = Api.getPart('httpClient');
+        if (!httpClient) {
+            throw new Error('GraphApi: http client is not initialized');
+        }
+        const consumerAppName = process.env.APP_NAME?.trim();
+        if (!consumerAppName) {
+            throw new Error(APP_NAME_REQUIRED_ERROR);
+        }
+        this.httpClient = httpClient;
+        this.consumerAppName = consumerAppName;
+    }
     /**
      * Builds the request body for Graph API calls
      */
@@ -39,19 +55,18 @@ class GraphApiClient {
     /**
      * Fetches authorization data from the Graph API
      */
-    static async fetchPermissions(internalAuthToken, scopedActions) {
-        const httpClient = Api.getPart('httpClient');
+    async fetchPermissions(authToken, scopedActions) {
         const attributionHeaders = getAttributionsFromApi();
-        const bodyPayload = this.buildRequestBody(scopedActions);
+        const bodyPayload = GraphApi.buildRequestBody(scopedActions);
         try {
-            const response = await httpClient.fetch({
+            const response = await this.httpClient.fetch({
                 url: {
-                    appName: 'authorization-graph',
+                    appName: GRAPH_APP_NAME,
                     path: CAN_ACTION_IN_SCOPE_GRAPH_PATH,
                 },
                 method: 'POST',
                 headers: {
-                    Authorization: internalAuthToken,
+                    Authorization: authToken,
                     'Content-Type': 'application/json',
                     ...attributionHeaders,
                 },
@@ -63,13 +78,8 @@ class GraphApiClient {
             return response;
         }
         catch (err) {
-            if (err instanceof HttpFetcherError) {
-                AuthorizationInternalService.throwOnHttpError(err.status, 'canActionInScopeMultiple');
-                if (scopedActions.length > 0) {
-                    incrementAuthorizationError(scopeToResource(scopedActions[0].scope).resourceType, scopedActions[0].action, err.status, 'graph');
-                }
-            }
-            throw err;
+            // handleApiError never returns (throws)
+            return handleApiError(err, 'graph', 'canActionInScopeMultiple');
         }
     }
     /**
@@ -81,41 +91,39 @@ class GraphApiClient {
             const { action, scope } = scopedAction;
             const { resourceType, resourceId } = scopeToResource(scope);
             const permissionResult = resources?.[resourceType]?.[String(resourceId)]?.[action];
-            const graphReason = permissionResult?.reason;
-            let reasonKey;
-            let additionalOptions = {};
-            let technicalReason = PermitTechnicalReason.NO_REASON;
-            if (typeof graphReason === 'string') {
-                reasonKey = graphReason;
-            }
-            else if (graphReason && typeof graphReason === 'object') {
-                reasonKey = graphReason.key ?? 'unknown';
-                additionalOptions = graphReason.additionalOptions ?? {};
-                if (graphReason.technicalReason !== undefined) {
-                    technicalReason = (graphReason.technicalReason ?? PermitTechnicalReason.NO_REASON);
-                }
-            }
-            else {
-                reasonKey = 'unknown';
-            }
             const permit = {
                 can: permissionResult?.can ?? false,
                 reason: {
-                    key: reasonKey,
-                    ...additionalOptions,
+                    key: 'unknown',
                 },
-                technicalReason,
+                technicalReason: PermitTechnicalReason.NO_REASON,
             };
+            if (permissionResult) {
+                const graphReason = GraphApi.ensureGraphReason(permissionResult.reason, { resourceType, resourceId, action });
+                permit.reason = {
+                    key: graphReason.key,
+                    ...(graphReason.additionalOptions ?? {}),
+                };
+                permit.technicalReason = (graphReason.technicalReason ??
+                    PermitTechnicalReason.NO_REASON);
+            }
             return { scopedAction, permit };
         });
     }
     /**
      * Performs a complete authorization check using the Graph API
      */
-    static async checkPermissions(internalAuthToken, scopedActions) {
-        const response = await this.fetchPermissions(internalAuthToken, scopedActions);
-        return this.mapResponse(scopedActions, response);
+    async checkPermissions(accountId, userId, scopedActions) {
+        const authToken = signAuthorizationHeader({ appName: this.consumerAppName, accountId, userId });
+        const response = await this.fetchPermissions(authToken, scopedActions);
+        return GraphApi.mapResponse(scopedActions, response);
+    }
+    static ensureGraphReason(reason, context) {
+        if (!reason || typeof reason !== 'object' || typeof reason.key !== 'string') {
+            throw new Error(`GraphApi: unexpected reason format for ${context.resourceType}/${context.resourceId}/${context.action}`);
+        }
+        return reason;
     }
 }
 
-export { GraphApiClient };
+export { GraphApi };

package/dist/esm/clients/platform-api.d.ts

@@ -0,0 +1,26 @@
+import { ScopedAction, ScopedActionResponseObject } from '../types/scoped-actions-contracts';
+import { PlatformProfile } from '../attributions-service';
+/**
+ * Client for handling Platform API authorization operations
+ */
+export declare class PlatformApi {
+    private readonly httpClient;
+    constructor();
+    /**
+     * Builds the request payload for Platform API calls
+     */
+    private static buildRequestPayload;
+    /**
+     * Fetches authorization data from the Platform API
+     */
+    private fetchPermissions;
+    /**
+     * Maps Platform API response to the expected format
+     */
+    private static mapResponse;
+    /**
+     * Performs a complete authorization check using the Platform API
+     */
+    checkPermissions(profile: PlatformProfile, internalAuthToken: string, userId: number, scopedActions: ScopedAction[]): Promise<ScopedActionResponseObject[]>;
+}
+//# sourceMappingURL=platform-api.d.ts.map

package/dist/esm/clients/platform-api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"platform-api.d.ts","sourceRoot":"","sources":["../../../src/clients/platform-api.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,0BAA0B,EAAE,MAAM,mCAAmC,CAAC;AAE7F,OAAO,EAA0B,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAelF;;GAEG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAa;;IAUxC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,mBAAmB;IAOlC;;OAEG;YACW,gBAAgB;IAqC9B;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,WAAW;IAkB1B;;OAEG;IACG,gBAAgB,CACpB,OAAO,EAAE,eAAe,EACxB,iBAAiB,EAAE,MAAM,EACzB,MAAM,EAAE,MAAM,EACd,aAAa,EAAE,YAAY,EAAE,GAC5B,OAAO,CAAC,0BAA0B,EAAE,CAAC;CAKzC"}

package/dist/esm/clients/{platform-api.client.mjs → platform-api.mjs}

@@ -1,15 +1,22 @@
 import { Api } from '@mondaydotcomorg/trident-backend-api';
-import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
 import { AuthorizationInternalService, logger } from '../authorization-internal-service.mjs';
 import { getAttributionsFromApi } from '../attributions-service.mjs';
-import { toSnakeCase, scopeToResource, toCamelCase } from '../utils/authorization.utils.mjs';
-import { incrementAuthorizationError } from '../prometheus-service.mjs';
+import { toSnakeCase, toCamelCase } from '../utils/authorization.utils.mjs';
+import { handleApiError } from '../utils/api-error-handler.mjs';
 
 const PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH = '/internal_ms/authorization/can_actions_in_scopes';
 /**
  * Client for handling Platform API authorization operations
  */
-class PlatformApiClient {
+class PlatformApi {
+    httpClient;
+    constructor() {
+        const httpClient = Api.getPart('httpClient');
+        if (!httpClient) {
+            throw new Error('PlatformApi: http client is not initialized');
+        }
+        this.httpClient = httpClient;
+    }
     /**
      * Builds the request payload for Platform API calls
      */
@@ -22,11 +29,10 @@ class PlatformApiClient {
     /**
      * Fetches authorization data from the Platform API
      */
-    static async fetchPermissions(profile, internalAuthToken, userId, scopedActionsPayload) {
+    async fetchPermissions(profile, internalAuthToken, userId, scopedActionsPayload) {
         const attributionHeaders = getAttributionsFromApi();
-        const httpClient = Api.getPart('httpClient');
         try {
-            const response = await httpClient.fetch({
+            const response = await this.httpClient.fetch({
                 url: {
                     appName: 'platform',
                     path: PLATFORM_CAN_ACTIONS_IN_SCOPES_PATH,
@@ -46,14 +52,8 @@ class PlatformApiClient {
             return response;
         }
         catch (err) {
-            if (err instanceof HttpFetcherError) {
-                AuthorizationInternalService.throwOnHttpError(err.status, 'canActionInScopeMultiple');
-                if (scopedActionsPayload.length > 0) {
-                    const { resourceType } = scopeToResource(toCamelCase(scopedActionsPayload[0].scope));
-                    incrementAuthorizationError(resourceType, scopedActionsPayload[0].action, err.status, 'platform');
-                }
-            }
-            throw err;
+            // handleApiError never returns (throws)
+            return handleApiError(err, 'platform', 'canActionInScopeMultiple');
         }
     }
     /**
@@ -61,8 +61,8 @@ class PlatformApiClient {
      */
     static mapResponse(response) {
         if (!response) {
-            logger.error({ tag: 'platform-api-client', response }, 'PlatformApiClient: missing response');
-            throw new Error('PlatformApiClient: missing response');
+            logger.error({ tag: 'platform-api', response }, 'PlatformApi: missing response');
+            throw new Error('PlatformApi: missing response');
         }
         return response.result.map(responseObject => {
             const { scopedAction, permit } = responseObject;
@@ -77,11 +77,11 @@ class PlatformApiClient {
     /**
      * Performs a complete authorization check using the Platform API
      */
-    static async checkPermissions(profile, internalAuthToken, userId, scopedActions) {
-        const scopedActionsPayload = this.buildRequestPayload(scopedActions);
+    async checkPermissions(profile, internalAuthToken, userId, scopedActions) {
+        const scopedActionsPayload = PlatformApi.buildRequestPayload(scopedActions);
         const platformResponse = await this.fetchPermissions(profile, internalAuthToken, userId, scopedActionsPayload);
-        return this.mapResponse(platformResponse);
+        return PlatformApi.mapResponse(platformResponse);
     }
 }
 
-export { PlatformApiClient };
+export { PlatformApi };

package/dist/esm/constants.d.ts

@@ -1,6 +1,7 @@
 import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
 import { FetcherConfig } from '@mondaydotcomorg/trident-backend-api';
 export declare const APP_NAME = "authorization";
+export declare const GRAPH_APP_NAME = "authorization-graph";
 export declare const ERROR_MESSAGES: {
     readonly HTTP_CLIENT_NOT_INITIALIZED: "MondayAuthorization: HTTP client is not initialized";
     readonly REQUEST_FAILED: (method: string, status: number, reason: string) => string;

package/dist/esm/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AAExC,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,sCAAsC,CAAC;AAErE,eAAO,MAAM,QAAQ,kBAAkB,CAAC;AACxC,eAAO,MAAM,cAAc,wBAAwB,CAAC;AAEpD,eAAO,MAAM,cAAc;;sCAEA,MAAM,UAAU,MAAM,UAAU,MAAM;CAEvD,CAAC;AAEX,eAAO,MAAM,qBAAqB,EAAE,gBAAgB,CAAC,aAAa,CAUjE,CAAC"}

package/dist/esm/constants.mjs

@@ -1,4 +1,5 @@
 const APP_NAME = 'authorization';
+const GRAPH_APP_NAME = 'authorization-graph';
 const ERROR_MESSAGES = {
     HTTP_CLIENT_NOT_INITIALIZED: 'MondayAuthorization: HTTP client is not initialized',
     REQUEST_FAILED: (method, status, reason) => `MondayAuthorization: [${method}] request failed with status ${status} with reason: ${reason}`,
@@ -15,4 +16,4 @@ const DEFAULT_FETCH_OPTIONS = {
     },
 };
 
-export { APP_NAME, DEFAULT_FETCH_OPTIONS, ERROR_MESSAGES };
+export { APP_NAME, DEFAULT_FETCH_OPTIONS, ERROR_MESSAGES, GRAPH_APP_NAME };

package/dist/esm/index.d.ts

@@ -5,12 +5,19 @@ export interface InitOptions {
     mondayFetchOptions?: MondayFetchOptions;
     redisClient?: any;
     grantedFeatureRedisExpirationInSeconds?: number;
+    metrics?: {
+        serviceName?: string;
+        host?: string;
+        port?: number;
+        disabled?: boolean;
+    };
 }
 export declare function init(options?: InitOptions): Promise<void>;
 export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware, } from './authorization-middleware';
 export { AuthorizationService, AuthorizeResponse } from './authorization-service';
 export { AuthorizationAttributesService } from './authorization-attributes-service';
 export { RolesService } from './roles-service';
+export { MembershipsService } from './memberships';
 export { AuthorizationObject, Resource, BaseRequest, ResourceGetter, ContextGetter } from './types/general';
 export { Translation, ScopedAction, ScopedActionResponseObject, ScopedActionPermit, } from './types/scoped-actions-contracts';
 export { CustomRole, BasicRole, RoleType, RoleCreateRequest, RoleUpdateRequest, RolesResponse } from './types/roles';

package/dist/esm/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAGnE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;CACjD;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBAcnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAErH,OAAO,EAAE,OAAO,EAAE,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,+BAA+B,CAAC;AAInE,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AAErC,MAAM,WAAW,WAAW;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC;IACjB,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC,WAAW,CAAC,EAAE,GAAG,CAAC;IAClB,sCAAsC,CAAC,EAAE,MAAM,CAAC;IAChD,OAAO,CAAC,EAAE;QACR,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,QAAQ,CAAC,EAAE,OAAO,CAAC;KACpB,CAAC;CACH;AAED,wBAAsB,IAAI,CAAC,OAAO,GAAE,WAAgB,iBAuBnD;AAED,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,OAAO,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAClF,OAAO,EAAE,8BAA8B,EAAE,MAAM,oCAAoC,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,WAAW,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAC5G,OAAO,EACL,WAAW,EACX,YAAY,EACZ,0BAA0B,EAC1B,kBAAkB,GACnB,MAAM,kCAAkC,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAErH,OAAO,EAAE,OAAO,EAAE,CAAC"}

package/dist/esm/index.mjs

@@ -1,17 +1,26 @@
 import { setPrometheus } from './prometheus-service.mjs';
 import { setRequestFetchOptions, setRedisClient, setIgniteClient } from './authorization-service.mjs';
 export { AuthorizationService } from './authorization-service.mjs';
+import { initializeMetrics } from './metrics-service.mjs';
 import * as testKit_index from './testKit/index.mjs';
 export { testKit_index as TestKit };
 export { authorizationCheckMiddleware, getAuthorizationMiddleware, skipAuthorizationMiddleware } from './authorization-middleware.mjs';
 export { AuthorizationAttributesService } from './authorization-attributes-service.mjs';
 export { RolesService } from './roles-service.mjs';
+export { MembershipsService } from './memberships.mjs';
 export { RoleType } from './types/roles.mjs';
 
 async function init(options = {}) {
     if (options.prometheus) {
         setPrometheus(options.prometheus);
     }
+    const resolvedDisabled = options.metrics?.disabled ?? ['test', 'development'].includes((process.env.NODE_ENV ?? '').toLowerCase());
+    initializeMetrics({
+        serviceName: options.metrics?.serviceName ?? process.env.APP_NAME ?? 'authorization-sdk',
+        host: options.metrics?.host,
+        port: options.metrics?.port,
+        disabled: resolvedDisabled,
+    });
     if (options.mondayFetchOptions) {
         setRequestFetchOptions(options.mondayFetchOptions);
     }

package/dist/esm/memberships.d.ts

@@ -0,0 +1,30 @@
+import { FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend-api';
+import { RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
+import { MembershipCreateResponse, MembershipDeleteResponse, MembershipForCreate, MembershipForDelete } from './types/memberships';
+export declare class MembershipsService {
+    private static API_PATHS;
+    private httpClient;
+    private fetchOptions;
+    /**
+     * Public constructor to create the AuthorizationAttributesService instance.
+     * @param httpClient The HTTP client to use for API requests, if not provided, the default HTTP client from Api will be used.
+     * @param fetchOptions The fetch options to use for API requests, if not provided, the default fetch options will be used.
+     */
+    constructor(httpClient?: HttpClient, fetchOptions?: RecursivePartial<FetcherConfig>);
+    /**
+     * Upsert memberships synchronously, performing http call to the authorization MS to assign the given memberships.
+     * @param accountId
+     * @param memberships - Array of memberships to upsert
+     * @returns MembershipCreateResponse - The affected (created and updated) memberships.
+     */
+    upsertMemberships(accountId: number, memberships: MembershipForCreate[]): Promise<MembershipCreateResponse>;
+    /**
+     * Delete memberships synchronously, performing http call to the authorization MS to delete the given memberships.
+     * @param accountId
+     * @param resource - The resource (resourceType, resourceId) to delete the attributes for.
+     * @param attributeKeys - Array of attribute keys to delete for the resource.
+     * @returns ResourceAttributeResponse - The affected (deleted) resource attributes assignments in the `attributes` field.
+     */
+    deleteMemberships(accountId: number, memberships: MembershipForDelete[]): Promise<MembershipDeleteResponse>;
+}
+//# sourceMappingURL=memberships.d.ts.map

package/dist/esm/memberships.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"memberships.d.ts","sourceRoot":"","sources":["../../src/memberships.ts"],"names":[],"mappings":"AAAA,OAAO,EAAO,aAAa,EAAE,UAAU,EAAE,MAAM,sCAAsC,CAAC;AACtF,OAAO,EAAE,gBAAgB,EAAE,MAAM,mCAAmC,CAAC;AAIrE,OAAO,EACL,wBAAwB,EACxB,wBAAwB,EACxB,mBAAmB,EACnB,mBAAmB,EACpB,MAAM,mBAAmB,CAAC;AAG3B,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAAC,SAAS,CAGb;IACX,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,YAAY,CAAkC;IAEtD;;;;OAIG;gBACS,UAAU,CAAC,EAAE,UAAU,EAAE,YAAY,CAAC,EAAE,gBAAgB,CAAC,aAAa,CAAC;IAoBnF;;;;;OAKG;IACG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,wBAAwB,CAAC;IA0BjH;;;;;;OAMG;IACG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,mBAAmB,EAAE,GAAG,OAAO,CAAC,wBAAwB,CAAC;CAyBlH"}