@nizam-os/dashboard-sdk 4.1.0 → 5.0.0

package/dist/api/resources/organizations/client/Client.d.ts

@@ -16,6 +16,8 @@ export declare class OrganizationsClient {
     /**
      * Creates a brand-new tenant with the calling user as the founding admin. The id is assigned by Keycloak so the same value identifies the organization in both systems. Slug is derived from the name when not supplied.
      *
+     * Supports the standard `Idempotency-Key` header — submit a UUID v4 per logical attempt (same value on retry). Cached responses replay for matching request bodies; mismatching fingerprints surface as 409 `idempotency.key_conflict`.
+     *
      * @param {NizamDashboard.CreateOrganizationRequest} request
      * @param {OrganizationsClient.RequestOptions} requestOptions - Request-specific configuration.
      *

package/dist/api/resources/organizations/client/Client.js

@@ -52,6 +52,8 @@ class OrganizationsClient {
     /**
      * Creates a brand-new tenant with the calling user as the founding admin. The id is assigned by Keycloak so the same value identifies the organization in both systems. Slug is derived from the name when not supplied.
      *
+     * Supports the standard `Idempotency-Key` header — submit a UUID v4 per logical attempt (same value on retry). Cached responses replay for matching request bodies; mismatching fingerprints surface as 409 `idempotency.key_conflict`.
+     *
      * @param {NizamDashboard.CreateOrganizationRequest} request
      * @param {OrganizationsClient.RequestOptions} requestOptions - Request-specific configuration.
      *

package/dist/api/resources/users/client/Client.d.ts

@@ -37,7 +37,7 @@ export declare class UsersClient {
     me(requestOptions?: UsersClient.RequestOptions): core.HttpResponsePromise<NizamDashboard.User>;
     private __me;
     /**
-     * Dashboard sees co-members of the caller's active organization (tenant-scoped via the organization_users join). Platform staff bypass RLS and see across tenants, and may sort by `deleted_at`. RFC 8288 Link header carries `first`, `prev`, `next` rels alongside the body's bidirectional cursors.
+     * Dashboard sees co-members of the caller's active organization (tenant-scoped via the organization_users join). Platform staff bypass RLS and see across tenants. Allowed sort fields: `created_at`, `name` (prefix with `-` for descending). RFC 8288 Link header carries `first`, `prev`, `next` rels alongside the body's bidirectional cursors.
      *
      * @param {NizamDashboard.ListUsersRequest} request
      * @param {UsersClient.RequestOptions} requestOptions - Request-specific configuration.
@@ -75,44 +75,4 @@ export declare class UsersClient {
      */
     inviteUser(request: NizamDashboard.InviteUserRequest, requestOptions?: UsersClient.RequestOptions): core.HttpResponsePromise<NizamDashboard.UserResource>;
     private __inviteUser;
-    /**
-     * Tenant-admin operation. Sets `deleted_at = NOW()`. Subsequent dashboard reads filter the row out; platform staff can still surface and act on it.
-     *
-     * @param {NizamDashboard.SoftDeleteUserRequest} request
-     * @param {UsersClient.RequestOptions} requestOptions - Request-specific configuration.
-     *
-     * @throws {@link NizamDashboard.UnauthorizedError}
-     * @throws {@link NizamDashboard.ForbiddenError}
-     * @throws {@link NizamDashboard.NotFoundError}
-     * @throws {@link NizamDashboard.InternalServerError}
-     *
-     * @example
-     *     await client.users.softDeleteUser({
-     *         id: "00000000-0000-0000-0000-000000000000"
-     *     })
-     */
-    softDeleteUser(request: NizamDashboard.SoftDeleteUserRequest, requestOptions?: UsersClient.RequestOptions): core.HttpResponsePromise<void>;
-    private __softDeleteUser;
-    /**
-     * Tenant-admin operation. Body has no `status` — lifecycle changes go through the platform-staff surface.
-     *
-     * @param {NizamDashboard.UserUpdateRequest} request
-     * @param {UsersClient.RequestOptions} requestOptions - Request-specific configuration.
-     *
-     * @throws {@link NizamDashboard.UnauthorizedError}
-     * @throws {@link NizamDashboard.ForbiddenError}
-     * @throws {@link NizamDashboard.NotFoundError}
-     * @throws {@link NizamDashboard.ConflictError}
-     * @throws {@link NizamDashboard.UnprocessableEntityError}
-     * @throws {@link NizamDashboard.InternalServerError}
-     *
-     * @example
-     *     await client.users.updateUser({
-     *         id: "00000000-0000-0000-0000-000000000000",
-     *         email: "renamed@acme.example",
-     *         name: "Ali Issa"
-     *     })
-     */
-    updateUser(request: NizamDashboard.UserUpdateRequest, requestOptions?: UsersClient.RequestOptions): core.HttpResponsePromise<NizamDashboard.UserResource>;
-    private __updateUser;
 }

package/dist/api/resources/users/client/Client.js

@@ -113,7 +113,7 @@ class UsersClient {
         return (0, handleNonStatusCodeError_js_1.handleNonStatusCodeError)(_response.error, _response.rawResponse, "GET", "/v1/me");
     }
     /**
-     * Dashboard sees co-members of the caller's active organization (tenant-scoped via the organization_users join). Platform staff bypass RLS and see across tenants, and may sort by `deleted_at`. RFC 8288 Link header carries `first`, `prev`, `next` rels alongside the body's bidirectional cursors.
+     * Dashboard sees co-members of the caller's active organization (tenant-scoped via the organization_users join). Platform staff bypass RLS and see across tenants. Allowed sort fields: `created_at`, `name` (prefix with `-` for descending). RFC 8288 Link header carries `first`, `prev`, `next` rels alongside the body's bidirectional cursors.
      *
      * @param {NizamDashboard.ListUsersRequest} request
      * @param {UsersClient.RequestOptions} requestOptions - Request-specific configuration.
@@ -250,134 +250,5 @@ class UsersClient {
         }
         return (0, handleNonStatusCodeError_js_1.handleNonStatusCodeError)(_response.error, _response.rawResponse, "POST", "/v1/users");
     }
-    /**
-     * Tenant-admin operation. Sets `deleted_at = NOW()`. Subsequent dashboard reads filter the row out; platform staff can still surface and act on it.
-     *
-     * @param {NizamDashboard.SoftDeleteUserRequest} request
-     * @param {UsersClient.RequestOptions} requestOptions - Request-specific configuration.
-     *
-     * @throws {@link NizamDashboard.UnauthorizedError}
-     * @throws {@link NizamDashboard.ForbiddenError}
-     * @throws {@link NizamDashboard.NotFoundError}
-     * @throws {@link NizamDashboard.InternalServerError}
-     *
-     * @example
-     *     await client.users.softDeleteUser({
-     *         id: "00000000-0000-0000-0000-000000000000"
-     *     })
-     */
-    softDeleteUser(request, requestOptions) {
-        return core.HttpResponsePromise.fromPromise(this.__softDeleteUser(request, requestOptions));
-    }
-    async __softDeleteUser(request, requestOptions) {
-        const { id } = request;
-        const _authRequest = await this._options.authProvider.getAuthRequest();
-        const _headers = (0, headers_js_1.mergeHeaders)(_authRequest.headers, this._options?.headers, requestOptions?.headers);
-        const _response = await core.fetcher({
-            url: core.url.join((await core.Supplier.get(this._options.baseUrl)) ??
-                (await core.Supplier.get(this._options.environment)) ??
-                environments.NizamDashboardEnvironment.Production, `v1/users/${core.url.encodePathParam(id)}`),
-            method: "DELETE",
-            headers: _headers,
-            queryString: core.url.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),
-            timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1000,
-            maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,
-            abortSignal: requestOptions?.abortSignal,
-            fetchFn: this._options?.fetch,
-            logging: this._options.logging,
-        });
-        if (_response.ok) {
-            return { data: undefined, rawResponse: _response.rawResponse };
-        }
-        if (_response.error.reason === "status-code") {
-            switch (_response.error.statusCode) {
-                case 401:
-                    throw new NizamDashboard.UnauthorizedError(_response.error.body, _response.rawResponse);
-                case 403:
-                    throw new NizamDashboard.ForbiddenError(_response.error.body, _response.rawResponse);
-                case 404:
-                    throw new NizamDashboard.NotFoundError(_response.error.body, _response.rawResponse);
-                case 500:
-                    throw new NizamDashboard.InternalServerError(_response.error.body, _response.rawResponse);
-                default:
-                    throw new errors.NizamDashboardError({
-                        statusCode: _response.error.statusCode,
-                        body: _response.error.body,
-                        rawResponse: _response.rawResponse,
-                    });
-            }
-        }
-        return (0, handleNonStatusCodeError_js_1.handleNonStatusCodeError)(_response.error, _response.rawResponse, "DELETE", "/v1/users/{id}");
-    }
-    /**
-     * Tenant-admin operation. Body has no `status` — lifecycle changes go through the platform-staff surface.
-     *
-     * @param {NizamDashboard.UserUpdateRequest} request
-     * @param {UsersClient.RequestOptions} requestOptions - Request-specific configuration.
-     *
-     * @throws {@link NizamDashboard.UnauthorizedError}
-     * @throws {@link NizamDashboard.ForbiddenError}
-     * @throws {@link NizamDashboard.NotFoundError}
-     * @throws {@link NizamDashboard.ConflictError}
-     * @throws {@link NizamDashboard.UnprocessableEntityError}
-     * @throws {@link NizamDashboard.InternalServerError}
-     *
-     * @example
-     *     await client.users.updateUser({
-     *         id: "00000000-0000-0000-0000-000000000000",
-     *         email: "renamed@acme.example",
-     *         name: "Ali Issa"
-     *     })
-     */
-    updateUser(request, requestOptions) {
-        return core.HttpResponsePromise.fromPromise(this.__updateUser(request, requestOptions));
-    }
-    async __updateUser(request, requestOptions) {
-        const { id, ..._body } = request;
-        const _authRequest = await this._options.authProvider.getAuthRequest();
-        const _headers = (0, headers_js_1.mergeHeaders)(_authRequest.headers, this._options?.headers, requestOptions?.headers);
-        const _response = await core.fetcher({
-            url: core.url.join((await core.Supplier.get(this._options.baseUrl)) ??
-                (await core.Supplier.get(this._options.environment)) ??
-                environments.NizamDashboardEnvironment.Production, `v1/users/${core.url.encodePathParam(id)}`),
-            method: "PATCH",
-            headers: _headers,
-            contentType: "application/json",
-            queryString: core.url.queryBuilder().mergeAdditional(requestOptions?.queryParams).build(),
-            requestType: "json",
-            body: _body,
-            timeoutMs: (requestOptions?.timeoutInSeconds ?? this._options?.timeoutInSeconds ?? 60) * 1000,
-            maxRetries: requestOptions?.maxRetries ?? this._options?.maxRetries,
-            abortSignal: requestOptions?.abortSignal,
-            fetchFn: this._options?.fetch,
-            logging: this._options.logging,
-        });
-        if (_response.ok) {
-            return { data: _response.body, rawResponse: _response.rawResponse };
-        }
-        if (_response.error.reason === "status-code") {
-            switch (_response.error.statusCode) {
-                case 401:
-                    throw new NizamDashboard.UnauthorizedError(_response.error.body, _response.rawResponse);
-                case 403:
-                    throw new NizamDashboard.ForbiddenError(_response.error.body, _response.rawResponse);
-                case 404:
-                    throw new NizamDashboard.NotFoundError(_response.error.body, _response.rawResponse);
-                case 409:
-                    throw new NizamDashboard.ConflictError(_response.error.body, _response.rawResponse);
-                case 422:
-                    throw new NizamDashboard.UnprocessableEntityError(_response.error.body, _response.rawResponse);
-                case 500:
-                    throw new NizamDashboard.InternalServerError(_response.error.body, _response.rawResponse);
-                default:
-                    throw new errors.NizamDashboardError({
-                        statusCode: _response.error.statusCode,
-                        body: _response.error.body,
-                        rawResponse: _response.rawResponse,
-                    });
-            }
-        }
-        return (0, handleNonStatusCodeError_js_1.handleNonStatusCodeError)(_response.error, _response.rawResponse, "PATCH", "/v1/users/{id}");
-    }
 }
 exports.UsersClient = UsersClient;

package/dist/api/resources/users/client/requests/index.d.ts

@@ -1,4 +1,2 @@
 export type { InviteUserRequest } from "./InviteUserRequest.js";
 export type { ListUsersRequest } from "./ListUsersRequest.js";
-export type { SoftDeleteUserRequest } from "./SoftDeleteUserRequest.js";
-export type { UserUpdateRequest } from "./UserUpdateRequest.js";

package/dist/api/types/MembershipDriftResponse.d.ts

@@ -0,0 +1,13 @@
+/**
+ * One org with divergent membership sets.
+ */
+export interface MembershipDriftResponse {
+    /** Nizam organization id. */
+    organization_id?: string | undefined;
+    /** Matching Keycloak organization id. */
+    keycloak_id?: string | undefined;
+    /** User ids present in the Nizam member set but not in KC. */
+    in_nizam_only?: string[] | undefined;
+    /** User ids present in the KC member set but not in Nizam. */
+    in_kc_only?: string[] | undefined;
+}

package/dist/api/types/Organization.d.ts

@@ -16,6 +16,8 @@ export interface Organization {
     owner_user_id?: string | undefined;
     /** When this organization was created. */
     created_at?: string | undefined;
+    /** Populated ONLY on the POST /v1/organizations create response — the active organization id Nizam pinned for the founder as part of the same transaction that created the org. Null on every other endpoint (GET, list, membership embeds). Per issue #67 phase 1, the SPA writes its active-org cookie from this field instead of issuing a follow-up PATCH /v1/me/active-organization. */
+    active_organization_id?: string | undefined;
     /** Object type discriminator (Stripe pattern). */
     object?: Organization.Object_ | undefined;
 }

package/dist/api/types/ReconcileResponse.d.ts

@@ -0,0 +1,12 @@
+import type * as NizamDashboard from "../index.js";
+/**
+ * Drift report for a single aggregate reconciliation.
+ */
+export interface ReconcileResponse {
+    /** Nizam org ids whose stored keycloak_id no longer resolves on the KC side. */
+    nizam_has_kc_missing?: string[] | undefined;
+    /** KC org ids with no matching Nizam organizations.keycloak_id row. */
+    kc_has_nizam_missing?: string[] | undefined;
+    /** Per-org membership-set divergences (KC vs Nizam). */
+    membership_divergent?: NizamDashboard.MembershipDriftResponse[] | undefined;
+}

package/dist/api/types/index.d.ts

@@ -21,9 +21,11 @@ export * from "./ListResponseTimezone.js";
 export * from "./ListResponseUserResource.js";
 export * from "./Membership.js";
 export * from "./MembershipChoice.js";
+export * from "./MembershipDriftResponse.js";
 export * from "./Operator.js";
 export * from "./Organization.js";
 export * from "./ProblemDetail.js";
+export * from "./ReconcileResponse.js";
 export * from "./Timezone.js";
 export * from "./User.js";
 export * from "./UserResource.js";

package/dist/api/types/index.js

@@ -37,9 +37,11 @@ __exportStar(require("./ListResponseTimezone.js"), exports);
 __exportStar(require("./ListResponseUserResource.js"), exports);
 __exportStar(require("./Membership.js"), exports);
 __exportStar(require("./MembershipChoice.js"), exports);
+__exportStar(require("./MembershipDriftResponse.js"), exports);
 __exportStar(require("./Operator.js"), exports);
 __exportStar(require("./Organization.js"), exports);
 __exportStar(require("./ProblemDetail.js"), exports);
+__exportStar(require("./ReconcileResponse.js"), exports);
 __exportStar(require("./Timezone.js"), exports);
 __exportStar(require("./User.js"), exports);
 __exportStar(require("./UserResource.js"), exports);

package/dist/core/fetcher/getResponseBody.js

@@ -3,6 +3,15 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.getResponseBody = getResponseBody;
 const json_js_1 = require("../json.js");
 const BinaryResponse_js_1 = require("./BinaryResponse.js");
+// Pins the upstream Response so undici's FinalizationRegistry can't GC it and cancel the body stream.
+function retainResponse(target, response) {
+    Object.defineProperty(target, "__fern_response_ref", {
+        value: response,
+        enumerable: false,
+        configurable: true,
+        writable: false,
+    });
+}
 async function getResponseBody(response, responseType) {
     switch (responseType) {
         case "binary-response":
@@ -21,6 +30,7 @@ async function getResponseBody(response, responseType) {
                     },
                 };
             }
+            retainResponse(response.body, response);
             return response.body;
         case "streaming":
             if (response.body == null) {
@@ -32,6 +42,7 @@ async function getResponseBody(response, responseType) {
                     },
                 };
             }
+            retainResponse(response.body, response);
             return response.body;
         case "text":
             return await response.text();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nizam-os/dashboard-sdk",
-  "version": "4.1.0",
+  "version": "5.0.0",
   "description": "Nizam Dashboard API SDK for TypeScript / JavaScript.",
   "license": "MIT",
   "private": false,

package/dist/api/resources/users/client/requests/SoftDeleteUserRequest.d.ts

@@ -1,9 +0,0 @@
-/**
- * @example
- *     {
- *         id: "00000000-0000-0000-0000-000000000000"
- *     }
- */
-export interface SoftDeleteUserRequest {
-    id: string;
-}

package/dist/api/resources/users/client/requests/UserUpdateRequest.d.ts

@@ -1,15 +0,0 @@
-/**
- * @example
- *     {
- *         id: "00000000-0000-0000-0000-000000000000",
- *         email: "renamed@acme.example",
- *         name: "Ali Issa"
- *     }
- */
-export interface UserUpdateRequest {
-    id: string;
-    /** New email (optional). */
-    email?: string;
-    /** New display name (optional). */
-    name?: string;
-}