@mymehq/sdk 5.2.0 → 5.4.0

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-import { MergeStrategy, ConflictSnapshot, MergePolicy, ItemState, Tier, CreateItemInput, Item, PaginatedResult, ItemWithMetadata, Version, Edge, Metadata, SearchResult, CreateEdgeInput, EdgeTypeSchema, TypeSchema, CreateKeyInput, ApiKey, UpdateKeyInput, CreateWebhookInput, Webhook, UpdateWebhookInput, WebhookDelivery, ConnectionInstallResult, ConnectionUninstallResult, PreviewEventRequest, PreviewEventResult, TenantConfig, TenantQuota, Profile, UpdateProfileInput } from '@mymehq/shared';
-export { ApiKey, ConflictSnapshot, CreateItemInput, CreateKeyInput, Item, ItemState, MergePolicy, MergeStrategy, Metadata, PaginatedResult, Profile, SearchResult, TypeSchema, UpdateKeyInput, UpdateProfileInput, Version } from '@mymehq/shared';
+import { MergeStrategy, ConflictSnapshot, MergePolicy, ItemState, Tier, CreateItemInput, Item, PaginatedResult, ItemWithMetadata, Version, Edge, Metadata, SearchResult, CreateEdgeInput, EdgeTypeSchema, TypeSchema, CreateKeyInput, ApiKey, UpdateKeyInput, CreateWebhookInput, Webhook, UpdateWebhookInput, WebhookDelivery, ConnectionInstallResult, ConnectionUninstallResult, PreviewEventRequest, PreviewEventResult, TenantConfig, TenantQuota, Tenant, TenantActivityEntry, TenantMetrics, Profile, UpdateProfileInput } from '@mymehq/shared';
+export { ApiKey, ConflictSnapshot, CreateItemInput, CreateKeyInput, Item, ItemState, MergePolicy, MergeStrategy, Metadata, PaginatedResult, Profile, SearchResult, Tenant, TenantActivityEntry, TenantMetrics, TenantQuota, TenantStatus, TypeSchema, UpdateKeyInput, UpdateProfileInput, Version } from '@mymehq/shared';
 
 /**
  * Conflict resolution strategy for item updates.
@@ -178,6 +178,21 @@ interface SearchFilters {
 interface MetadataInput {
     tags?: string[];
 }
+/**
+ * Compact API-key summary returned by the admin keys-list route
+ * (T-117). The full `ApiKey` shape carries permission maps; the
+ * operator surface deliberately surfaces only the identifying fields +
+ * timestamps needed for emergency revocation.
+ */
+interface TenantApiKeySummary {
+    id: string;
+    label: string;
+    source: string;
+    role: string;
+    is_platform: boolean;
+    created_at: string;
+    last_used_at: string | null;
+}
 /** One item to create or upsert in a `POST /items/bulk` call. Shape is
  *  `CreateItemInput` plus compact outbound-only inline `edges`. */
 interface BulkItemInput {
@@ -727,6 +742,81 @@ declare class MymeClient {
             }) => Promise<TenantQuota>;
         };
     };
+    /**
+     * Operator-level admin surface — the `my admin` CLI command tree's
+     * backing endpoints. Every method requires a platform-admin key
+     * (`is_platform: true`). Non-platform credentials get a `403
+     * forbidden`; render `"this command requires a platform-admin key"`
+     * in CLI / UI layers.
+     *
+     * Quota read/write is intentionally NOT duplicated here — it lives on
+     * `client.tenants.quotas.{getById, set}` and is already platform-
+     * admin-gated. The admin namespace mirrors what the CLI's `my admin`
+     * tree exposes; quotas are reached via the existing tenants surface.
+     */
+    readonly admin: {
+        tenants: {
+            /** List every tenant in the instance with current status. */
+            list: () => Promise<Tenant[]>;
+            /**
+             * Single tenant + per-tenant quota overrides + the most-recent
+             * `system.activity` items for the tenant (`null` quotas when no
+             * override is configured; quota fields then resolve to instance
+             * defaults).
+             */
+            show: (tenantId: string) => Promise<{
+                tenant: Tenant;
+                quotas: TenantQuota | null;
+                recent_activity: TenantActivityEntry[];
+            }>;
+            /**
+             * Flip the tenant's status to `'suspended'`. Future non-GET
+             * requests from credentials in the tenant return HTTP 403
+             * `tenant_suspended`. Reads pass through; platform-admin keys
+             * bypass. Idempotent.
+             */
+            suspend: (tenantId: string) => Promise<Tenant>;
+            /** Reverse of `suspend`. Idempotent. */
+            unsuspend: (tenantId: string) => Promise<Tenant>;
+            /**
+             * Per-tenant usage snapshot — item count by state, blob count
+             * and total bytes, custom-type count, plus recent activity.
+             */
+            metrics: (tenantId: string) => Promise<TenantMetrics>;
+        };
+        keys: {
+            /** Active (non-revoked) keys for the named tenant. Operator
+             *  surface for emergency revocation — pair with `client.keys.revoke`. */
+            list: (tenantId: string) => Promise<TenantApiKeySummary[]>;
+        };
+    };
+    /**
+     * Account-lifecycle surface (T-116).
+     *
+     * The data plane (every other namespace on the client) authenticates
+     * with a bearer token; these account-management endpoints accept
+     * EITHER a bearer (workspace_admin / admin in the user's tenant)
+     * OR a better-auth session cookie. The CLI flow uses a bearer (the
+     * user's own key); web flows use the cookie. The transport sends
+     * the bearer header by default, so SDK callers operating with a
+     * bearer just work.
+     */
+    readonly auth: {
+        account: {
+            /** Initiate deletion. Mints a confirm token and dispatches the
+             *  confirmation email. Returns when the request is accepted
+             *  (HTTP 202). Idempotent within the token TTL. */
+            requestDelete: () => Promise<void>;
+            /** Consume a confirmation token. The server's GET response is an
+             *  HTML page intended for the email recipient's browser; this
+             *  helper exposes the same effect to programmatic callers (CLI
+             *  / integration tests). Throws on bad / expired tokens. */
+            confirmDelete: (token: string) => Promise<void>;
+            /** Cancel an in-flight deletion (session-cookie or bearer path).
+             *  Throws if the account is not in pending-deletion. */
+            cancel: () => Promise<void>;
+        };
+    };
     /**
      * The calling user's profile. `system.profile` is a virtual type —
      * served by a dedicated endpoint over the `users` table joined to
@@ -894,4 +984,4 @@ interface VerifyWebhookSignatureInput {
  */
 declare function verifyWebhookSignature(input: VerifyWebhookSignatureInput): WebhookVerifyResult;
 
-export { type BulkActionErrorEntry, type BulkActionFilter, type BulkActionInput, type BulkActionResult, type BulkEdgeInput, type BulkEdgeInputItem, type BulkEdgeResult, type BulkEdgeResultEntry, type BulkInput, type BulkItemInput, type BulkMode, type BulkOutcome, type BulkResult, type BulkResultEntry, type ClientConfig, type ConflictAutoMergeListener, type ConflictAutoMergedEvent, type ConflictData, ConflictError, type ConflictResolver, type ConflictStrategy, type CreateWithAttachmentsAttachment, type CreateWithAttachmentsInput, type CreateWithAttachmentsResult, ForbiddenError, type ItemWithExtensions, type ListFilters, type MetadataInput, MymeClient, MymeError, NotFoundError, type SearchFilters, UnauthorizedError, type UpdateOptions, ValidationError, type VerifyWebhookSignatureInput, type WebhookVerifyReason, type WebhookVerifyResult, defineType, verifyWebhookSignature };
+export { type BulkActionErrorEntry, type BulkActionFilter, type BulkActionInput, type BulkActionResult, type BulkEdgeInput, type BulkEdgeInputItem, type BulkEdgeResult, type BulkEdgeResultEntry, type BulkInput, type BulkItemInput, type BulkMode, type BulkOutcome, type BulkResult, type BulkResultEntry, type ClientConfig, type ConflictAutoMergeListener, type ConflictAutoMergedEvent, type ConflictData, ConflictError, type ConflictResolver, type ConflictStrategy, type CreateWithAttachmentsAttachment, type CreateWithAttachmentsInput, type CreateWithAttachmentsResult, ForbiddenError, type ItemWithExtensions, type ListFilters, type MetadataInput, MymeClient, MymeError, NotFoundError, type SearchFilters, type TenantApiKeySummary, UnauthorizedError, type UpdateOptions, ValidationError, type VerifyWebhookSignatureInput, type WebhookVerifyReason, type WebhookVerifyResult, defineType, verifyWebhookSignature };

package/dist/index.js

@@ -1129,6 +1129,125 @@ var MymeClient = class {
       }
     }
   };
+  // ---- Admin (T-117) ----
+  /**
+   * Operator-level admin surface — the `my admin` CLI command tree's
+   * backing endpoints. Every method requires a platform-admin key
+   * (`is_platform: true`). Non-platform credentials get a `403
+   * forbidden`; render `"this command requires a platform-admin key"`
+   * in CLI / UI layers.
+   *
+   * Quota read/write is intentionally NOT duplicated here — it lives on
+   * `client.tenants.quotas.{getById, set}` and is already platform-
+   * admin-gated. The admin namespace mirrors what the CLI's `my admin`
+   * tree exposes; quotas are reached via the existing tenants surface.
+   */
+  admin = {
+    tenants: {
+      /** List every tenant in the instance with current status. */
+      list: async () => {
+        const res = await this.transport.request(
+          "GET",
+          "/admin/tenants"
+        );
+        return res.data;
+      },
+      /**
+       * Single tenant + per-tenant quota overrides + the most-recent
+       * `system.activity` items for the tenant (`null` quotas when no
+       * override is configured; quota fields then resolve to instance
+       * defaults).
+       */
+      show: async (tenantId) => {
+        return this.transport.request("GET", `/admin/tenants/${encodeURIComponent(tenantId)}`);
+      },
+      /**
+       * Flip the tenant's status to `'suspended'`. Future non-GET
+       * requests from credentials in the tenant return HTTP 403
+       * `tenant_suspended`. Reads pass through; platform-admin keys
+       * bypass. Idempotent.
+       */
+      suspend: async (tenantId) => {
+        return this.transport.request(
+          "POST",
+          `/admin/tenants/${encodeURIComponent(tenantId)}/suspend`
+        );
+      },
+      /** Reverse of `suspend`. Idempotent. */
+      unsuspend: async (tenantId) => {
+        return this.transport.request(
+          "POST",
+          `/admin/tenants/${encodeURIComponent(tenantId)}/unsuspend`
+        );
+      },
+      /**
+       * Per-tenant usage snapshot — item count by state, blob count
+       * and total bytes, custom-type count, plus recent activity.
+       */
+      metrics: async (tenantId) => {
+        return this.transport.request(
+          "GET",
+          `/admin/tenants/${encodeURIComponent(tenantId)}/metrics`
+        );
+      }
+    },
+    keys: {
+      /** Active (non-revoked) keys for the named tenant. Operator
+       *  surface for emergency revocation — pair with `client.keys.revoke`. */
+      list: async (tenantId) => {
+        const res = await this.transport.request("GET", `/admin/tenants/${encodeURIComponent(tenantId)}/keys`);
+        return res.data;
+      }
+    }
+  };
+  // ---- Auth (T-116) ----
+  /**
+   * Account-lifecycle surface (T-116).
+   *
+   * The data plane (every other namespace on the client) authenticates
+   * with a bearer token; these account-management endpoints accept
+   * EITHER a bearer (workspace_admin / admin in the user's tenant)
+   * OR a better-auth session cookie. The CLI flow uses a bearer (the
+   * user's own key); web flows use the cookie. The transport sends
+   * the bearer header by default, so SDK callers operating with a
+   * bearer just work.
+   */
+  auth = {
+    account: {
+      /** Initiate deletion. Mints a confirm token and dispatches the
+       *  confirmation email. Returns when the request is accepted
+       *  (HTTP 202). Idempotent within the token TTL. */
+      requestDelete: async () => {
+        await this.transport.request(
+          "POST",
+          "/auth/account/delete"
+        );
+      },
+      /** Consume a confirmation token. The server's GET response is an
+       *  HTML page intended for the email recipient's browser; this
+       *  helper exposes the same effect to programmatic callers (CLI
+       *  / integration tests). Throws on bad / expired tokens. */
+      confirmDelete: async (token) => {
+        const res = await this.transport.rawRequest(
+          "GET",
+          `/auth/account/delete/confirm?token=${encodeURIComponent(token)}`
+        );
+        if (!res.ok) {
+          throw new Error(
+            `Account-delete confirm failed (${String(res.status)})`
+          );
+        }
+      },
+      /** Cancel an in-flight deletion (session-cookie or bearer path).
+       *  Throws if the account is not in pending-deletion. */
+      cancel: async () => {
+        await this.transport.request(
+          "POST",
+          "/auth/account/delete/cancel"
+        );
+      }
+    }
+  };
   // ---- Profile (T-074) ----
   /**
    * The calling user's profile. `system.profile` is a virtual type —

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mymehq/sdk",
-  "version": "5.2.0",
+  "version": "5.4.0",
   "type": "module",
   "publishConfig": {
     "registry": "https://registry.npmjs.org",
@@ -20,7 +20,7 @@
     "dist"
   ],
   "dependencies": {
-    "@mymehq/shared": "5.1.0"
+    "@mymehq/shared": "5.4.0"
   },
   "devDependencies": {
     "@types/node": "^22.0.0",