@nizam-os/dashboard-sdk 5.4.0 → 6.1.0

package/dist/api/resources/assets/client/Client.d.ts

@@ -14,7 +14,7 @@ export declare class AssetsClient {
     protected readonly _options: NormalizedClientOptionsWithAuth<AssetsClient.Options>;
     constructor(options: AssetsClient.Options);
     /**
-     * Without `q`: the org's assets ordered by `created_at` descending. With `q`: ranked full-text search across name, VIN, code, plate, serial, call sign, make, model and sub-kind — accent-insensitive, language-agnostic (epic #97). Search results are ordered by relevance and support forward-only cursors (`starting_after`). `highlight=true` adds a `<mark>`-wrapped match snippet.
+     * Without `q`: the org's assets ordered by `created_at` descending. With `q`: ranked search across name, VIN, code, plate, serial, call sign, make, model and sub-kind — accent-insensitive and language-agnostic (epic #97). Matching is hybrid: whole words and word-prefixes (type-ahead — `pick` finds `Picker Bot 3`) plus substrings and typos (`ick`, or a misspelled `sprintr`, still match). Results are ordered by relevance and support forward-only cursors (`starting_after`). `highlight=true` adds a `<mark>`-wrapped match snippet.
      *
      * @param {NizamDashboard.ListAssetsRequest} request
      * @param {AssetsClient.RequestOptions} requestOptions - Request-specific configuration.

package/dist/api/resources/assets/client/Client.js

@@ -50,7 +50,7 @@ class AssetsClient {
         this._options = (0, BaseClient_js_1.normalizeClientOptionsWithAuth)(options);
     }
     /**
-     * Without `q`: the org's assets ordered by `created_at` descending. With `q`: ranked full-text search across name, VIN, code, plate, serial, call sign, make, model and sub-kind — accent-insensitive, language-agnostic (epic #97). Search results are ordered by relevance and support forward-only cursors (`starting_after`). `highlight=true` adds a `<mark>`-wrapped match snippet.
+     * Without `q`: the org's assets ordered by `created_at` descending. With `q`: ranked search across name, VIN, code, plate, serial, call sign, make, model and sub-kind — accent-insensitive and language-agnostic (epic #97). Matching is hybrid: whole words and word-prefixes (type-ahead — `pick` finds `Picker Bot 3`) plus substrings and typos (`ick`, or a misspelled `sprintr`, still match). Results are ordered by relevance and support forward-only cursors (`starting_after`). `highlight=true` adds a `<mark>`-wrapped match snippet.
      *
      * @param {NizamDashboard.ListAssetsRequest} request
      * @param {AssetsClient.RequestOptions} requestOptions - Request-specific configuration.

package/dist/api/resources/organizations/client/Client.d.ts

@@ -34,11 +34,12 @@ export declare class OrganizationsClient {
     /**
      * Creates a brand-new tenant with the calling user as the founding admin. The id is assigned by Keycloak so the same value identifies the organization in both systems. Slug is derived from the name when not supplied.
      *
-     * Supports the standard `Idempotency-Key` header — submit a UUID v4 per logical attempt (same value on retry). Cached responses replay for matching request bodies; mismatching fingerprints surface as 409 `idempotency.key_conflict`.
+     * Supports the standard `Idempotency-Key` header — submit a UUID (v4 recommended) per logical attempt (same value on retry); malformed keys are rejected with 400 `idempotency.invalid_key`. Successful responses and 4xx domain rejections replay for matching request bodies; transient 5xx responses are never cached, so retrying with the same key re-executes. Mismatching fingerprints surface as 409 `idempotency.key_conflict`.
      *
      * @param {NizamDashboard.CreateOrganizationRequest} request
      * @param {OrganizationsClient.RequestOptions} requestOptions - Request-specific configuration.
      *
+     * @throws {@link NizamDashboard.BadRequestError}
      * @throws {@link NizamDashboard.UnauthorizedError}
      * @throws {@link NizamDashboard.ForbiddenError}
      * @throws {@link NizamDashboard.ConflictError}

package/dist/api/resources/organizations/client/Client.js

@@ -122,11 +122,12 @@ class OrganizationsClient {
     /**
      * Creates a brand-new tenant with the calling user as the founding admin. The id is assigned by Keycloak so the same value identifies the organization in both systems. Slug is derived from the name when not supplied.
      *
-     * Supports the standard `Idempotency-Key` header — submit a UUID v4 per logical attempt (same value on retry). Cached responses replay for matching request bodies; mismatching fingerprints surface as 409 `idempotency.key_conflict`.
+     * Supports the standard `Idempotency-Key` header — submit a UUID (v4 recommended) per logical attempt (same value on retry); malformed keys are rejected with 400 `idempotency.invalid_key`. Successful responses and 4xx domain rejections replay for matching request bodies; transient 5xx responses are never cached, so retrying with the same key re-executes. Mismatching fingerprints surface as 409 `idempotency.key_conflict`.
      *
      * @param {NizamDashboard.CreateOrganizationRequest} request
      * @param {OrganizationsClient.RequestOptions} requestOptions - Request-specific configuration.
      *
+     * @throws {@link NizamDashboard.BadRequestError}
      * @throws {@link NizamDashboard.UnauthorizedError}
      * @throws {@link NizamDashboard.ForbiddenError}
      * @throws {@link NizamDashboard.ConflictError}
@@ -176,6 +177,8 @@ class OrganizationsClient {
         }
         if (_response.error.reason === "status-code") {
             switch (_response.error.statusCode) {
+                case 400:
+                    throw new NizamDashboard.BadRequestError(_response.error.body, _response.rawResponse);
                 case 401:
                     throw new NizamDashboard.UnauthorizedError(_response.error.body, _response.rawResponse);
                 case 403:

package/dist/api/resources/users/client/Client.d.ts

@@ -17,8 +17,9 @@ export declare class UsersClient {
      * Returns the authenticated user merged with profile claims from their JWT.
      *
      * JIT-provisions a shadow row on the first call (so a brand-new Keycloak user can hit any
-     * endpoint without an explicit signup step) and stamps `last_login_at` + increments
-     * `login_count` on every subsequent call.
+     * endpoint without an explicit signup step). Records a login (`last_login_at` = the token's
+     * `auth_time`, `login_count` incremented) only when a genuinely new authentication is seen;
+     * repeated calls within the same session don't write.
      *
      * The `roles` array combines realm roles (flat, e.g. `platform_admin`) with portal-scoped
      * client roles (prefixed, e.g. `dashboard:dispatcher`). The frontend usually drops the

package/dist/api/resources/users/client/Client.js

@@ -53,8 +53,9 @@ class UsersClient {
      * Returns the authenticated user merged with profile claims from their JWT.
      *
      * JIT-provisions a shadow row on the first call (so a brand-new Keycloak user can hit any
-     * endpoint without an explicit signup step) and stamps `last_login_at` + increments
-     * `login_count` on every subsequent call.
+     * endpoint without an explicit signup step). Records a login (`last_login_at` = the token's
+     * `auth_time`, `login_count` incremented) only when a genuinely new authentication is seen;
+     * repeated calls within the same session don't write.
      *
      * The `roles` array combines realm roles (flat, e.g. `platform_admin`) with portal-scoped
      * client roles (prefixed, e.g. `dashboard:dispatcher`). The frontend usually drops the

package/dist/api/types/ReconcileResponse.d.ts

@@ -9,4 +9,13 @@ export interface ReconcileResponse {
     kc_has_nizam_missing?: string[] | undefined;
     /** Per-org membership-set divergences (KC vs Nizam). */
     membership_divergent?: NizamDashboard.MembershipDriftResponse[] | undefined;
+    /** Object type discriminator (Stripe pattern). */
+    object?: ReconcileResponse.Object_ | undefined;
+}
+export declare namespace ReconcileResponse {
+    /** Object type discriminator (Stripe pattern). */
+    const Object_: {
+        readonly KeycloakReconciliation: "keycloak_reconciliation";
+    };
+    type Object_ = (typeof Object_)[keyof typeof Object_];
 }

package/dist/api/types/ReconcileResponse.js

@@ -1,3 +1,11 @@
 "use strict";
 // This file was auto-generated by Fern from our API Definition.
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.ReconcileResponse = void 0;
+var ReconcileResponse;
+(function (ReconcileResponse) {
+    /** Object type discriminator (Stripe pattern). */
+    ReconcileResponse.Object_ = {
+        KeycloakReconciliation: "keycloak_reconciliation",
+    };
+})(ReconcileResponse || (exports.ReconcileResponse = ReconcileResponse = {}));

package/dist/core/fetcher/signals.js

@@ -14,11 +14,19 @@ function anySignal(...args) {
     for (const signal of signals) {
         if (signal.aborted) {
             controller.abort(signal?.reason);
-            break;
+            return controller.signal;
         }
         signal.addEventListener("abort", () => controller.abort(signal?.reason), {
             signal: controller.signal,
         });
+        // Re-check after adding listener: the signal may have aborted
+        // between the initial `signal.aborted` check and the `addEventListener`
+        // call above. If it did, the abort event was already dispatched and
+        // the listener will never fire — we must manually abort.
+        if (signal.aborted) {
+            controller.abort(signal?.reason);
+            return controller.signal;
+        }
     }
     return controller.signal;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nizam-os/dashboard-sdk",
-  "version": "5.4.0",
+  "version": "6.1.0",
   "description": "Nizam Dashboard API SDK for TypeScript / JavaScript.",
   "license": "MIT",
   "private": false,