@omnibase/core-js 0.7.2 → 0.7.3

package/dist/chunk-V4FWENQQ.js

@@ -0,0 +1,378 @@
+// src/permissions/handler.ts
+import { RelationshipApi, PermissionApi } from "@ory/client";
+
+// src/permissions/roles.ts
+var RolesHandler = class {
+  constructor(client) {
+    this.client = client;
+  }
+  /**
+   * Get available namespace definitions for UI
+   *
+   * Returns all namespaces and their available relations/permissions.
+   * Useful for building role configuration UIs.
+   *
+   * @returns List of namespace definitions
+   *
+   * @example
+   * ```typescript
+   * const definitions = await omnibase.permissions.roles.getDefinitions();
+   *
+   * // Output: [{ namespace: 'Tenant', relations: ['invite_user', 'delete_tenant', ...] }]
+   * definitions.forEach(def => {
+   *   console.log(`${def.namespace} supports: ${def.relations.join(', ')}`);
+   * });
+   * ```
+   */
+  async getDefinitions() {
+    const response = await this.client.fetch(
+      "/api/v1/permissions/definitions",
+      {
+        method: "GET"
+      }
+    );
+    const data = await response.json();
+    if (!response.ok || data.error) {
+      throw new Error(data.error || "Failed to fetch definitions");
+    }
+    return data.data.definitions;
+  }
+  /**
+   * List all roles for the current tenant
+   *
+   * Returns both system roles (defined in roles.config.json) and
+   * custom roles created via the API. System roles have `tenant_id = null`.
+   *
+   * @returns List of roles
+   *
+   * @example
+   * ```typescript
+   * const roles = await omnibase.permissions.roles.list();
+   *
+   * const systemRoles = roles.filter(r => r.tenant_id === null);
+   * const customRoles = roles.filter(r => r.tenant_id !== null);
+   *
+   * console.log(`System roles: ${systemRoles.map(r => r.role_name).join(', ')}`);
+   * console.log(`Custom roles: ${customRoles.map(r => r.role_name).join(', ')}`);
+   * ```
+   */
+  async list() {
+    const response = await this.client.fetch("/api/v1/permissions/roles", {
+      method: "GET"
+    });
+    const data = await response.json();
+    if (!response.ok || data.error) {
+      throw new Error(data.error || "Failed to list roles");
+    }
+    return data.data.roles;
+  }
+  /**
+   * Create a new custom role
+   *
+   * Creates a tenant-specific role with the specified permissions.
+   * Permissions use the format `namespace#relation` or `namespace:id#relation`.
+   *
+   * @param request - Role creation request
+   * @returns Created role
+   *
+   * @example
+   * ```typescript
+   * const role = await omnibase.permissions.roles.create({
+   *   role_name: 'billing_manager',
+   *   permissions: [
+   *     'tenant#manage_billing',
+   *     'tenant#view_invoices',
+   *     'tenant#update_payment_methods'
+   *   ]
+   * });
+   *
+   * console.log(`Created role: ${role.id}`);
+   * ```
+   *
+   * @example
+   * Resource-specific permissions:
+   * ```typescript
+   * const devRole = await omnibase.permissions.roles.create({
+   *   role_name: 'project_developer',
+   *   permissions: [
+   *     'project:proj_abc123#deploy',
+   *     'project:proj_abc123#view_logs',
+   *     'tenant#invite_user'
+   *   ]
+   * });
+   * ```
+   */
+  async create(request) {
+    const response = await this.client.fetch("/api/v1/permissions/roles", {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(request)
+    });
+    const data = await response.json();
+    if (!response.ok || data.error) {
+      throw new Error(data.error || "Failed to create role");
+    }
+    return data.data;
+  }
+  /**
+   * Update an existing role's permissions
+   *
+   * Updates the permissions for a role and automatically updates all
+   * Keto relationships for users assigned to this role. Old permissions
+   * are removed and new ones are created.
+   *
+   * @param roleId - ID of role to update
+   * @param request - Update request with new permissions
+   * @returns Updated role
+   *
+   * @example
+   * ```typescript
+   * const updatedRole = await omnibase.permissions.roles.update('role_123', {
+   *   permissions: [
+   *     'tenant#manage_billing',
+   *     'tenant#view_invoices',
+   *     'tenant#manage_users' // Added new permission
+   *   ]
+   * });
+   *
+   * console.log(`Updated role with ${updatedRole.permissions.length} permissions`);
+   * ```
+   */
+  async update(roleId, request) {
+    const response = await this.client.fetch(
+      `/api/v1/permissions/roles/${roleId}`,
+      {
+        method: "PUT",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(request)
+      }
+    );
+    const data = await response.json();
+    if (!response.ok || data.error) {
+      throw new Error(data.error || "Failed to update role");
+    }
+    return data.data;
+  }
+  /**
+   * Delete a role
+   *
+   * Deletes the role and automatically removes all Keto relationships
+   * for users assigned to this role. Cannot delete system roles.
+   *
+   * @param roleId - ID of role to delete
+   *
+   * @example
+   * ```typescript
+   * await omnibase.permissions.roles.delete('role_123');
+   * console.log('Role deleted successfully');
+   * ```
+   */
+  async delete(roleId) {
+    const response = await this.client.fetch(
+      `/api/v1/permissions/roles/${roleId}`,
+      {
+        method: "DELETE"
+      }
+    );
+    const data = await response.json();
+    if (!response.ok || data.error) {
+      throw new Error(data.error || "Failed to delete role");
+    }
+  }
+  /**
+   * Assign a role to a user
+   *
+   * Assigns a role to a user and automatically creates all necessary
+   * Keto relationship tuples based on the role's permissions. The user
+   * immediately gains all permissions defined in the role.
+   *
+   * Supports assignment by either role ID or role name for flexibility.
+   *
+   * @param userId - ID of user to assign role to
+   * @param request - Assignment request with either role_id or role_name
+   *
+   * @example
+   * Assign by role ID:
+   * ```typescript
+   * await omnibase.permissions.roles.assign('user_123', {
+   *   role_id: 'role_456'
+   * });
+   * ```
+   *
+   * @example
+   * Assign by role name (system or custom role):
+   * ```typescript
+   * // Assign system role
+   * await omnibase.permissions.roles.assign('user_123', {
+   *   role_name: 'owner'
+   * });
+   *
+   * // Assign custom role
+   * await omnibase.permissions.roles.assign('user_456', {
+   *   role_name: 'billing_manager'
+   * });
+   * ```
+   *
+   * @example
+   * Verify permissions after assignment:
+   * ```typescript
+   * await omnibase.permissions.roles.assign('user_123', {
+   *   role_name: 'admin'
+   * });
+   *
+   * // User now has all permissions from the admin role
+   * const canManage = await omnibase.permissions.permissions.checkPermission(
+   *   undefined,
+   *   {
+   *     namespace: 'Tenant',
+   *     object: 'tenant_789',
+   *     relation: 'manage_billing',
+   *     subjectId: 'user_123'
+   *   }
+   * );
+   * // canManage.data.allowed === true
+   * ```
+   */
+  async assign(userId, request) {
+    const response = await this.client.fetch(
+      `/api/v1/permissions/users/${userId}/roles`,
+      {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(request)
+      }
+    );
+    const data = await response.json();
+    if (!response.ok || data.error) {
+      throw new Error(data.error || "Failed to assign role");
+    }
+  }
+};
+
+// src/permissions/handler.ts
+var PermissionsClient = class {
+  /**
+   * Ory Keto RelationshipApi for managing subject-object relationships
+   *
+   * Provides methods for creating, updating, and deleting relationships between
+   * subjects (users, groups) and objects (tenants, resources). This API handles
+   * write operations and is used to establish permission structures.
+   *
+   * Key methods:
+   * - `createRelationship()` - Creates a new relationship tuple
+   * - `deleteRelationships()` - Removes existing relationship tuples
+   * - `getRelationships()` - Queries existing relationships
+   * - `patchRelationships()` - Updates multiple relationships atomically
+   *
+   * @example
+   * ```typescript
+   * // Create a relationship
+   * await client.relationships.createRelationship(
+   *   undefined,
+   *   {
+   *     namespace: 'Tenant',
+   *     object: 'tenant_123',
+   *     relation: 'members',
+   *     subjectId: 'user_456'
+   *   }
+   * );
+   * ```
+   *
+   * @since 1.0.0
+   * @group Relationships
+   */
+  relationships;
+  /**
+   * Ory Keto PermissionApi for checking permissions
+   *
+   * Provides methods for querying whether a subject has a specific permission
+   * on an object. This API handles read operations and is optimized for fast
+   * permission checks in your application logic.
+   *
+   * Key methods:
+   * - `checkPermission()` - Checks if a subject has permission on an object
+   * - `checkPermissionOrError()` - Same as above but throws error if denied
+   * - `expandPermissions()` - Expands relationships to show all granted permissions
+   *
+   * @example
+   * ```typescript
+   * // Check permission
+   * const result = await client.permissions.checkPermission(
+   *   undefined,
+   *   {
+   *     namespace: 'Tenant',
+   *     object: 'tenant_123',
+   *     relation: 'view',
+   *     subjectId: 'user_456'
+   *   }
+   * );
+   *
+   * console.log('Has permission:', result.data.allowed);
+   * ```
+   *
+   * @since 1.0.0
+   * @group Permissions
+   */
+  permissions;
+  /**
+   * Handler for managing roles and role-based permissions
+   *
+   * Provides methods for creating custom roles, assigning permissions,
+   * and managing role assignments. Works alongside the Keto-based
+   * permissions system to provide dynamic RBAC capabilities.
+   *
+   * @example
+   * ```typescript
+   * // Create a custom role
+   * const role = await omnibase.permissions.roles.create({
+   *   role_name: 'billing_manager',
+   *   permissions: ['tenant#manage_billing', 'tenant#view_invoices']
+   * });
+   *
+   * // Assign role to user
+   * await omnibase.permissions.roles.assign('user_123', {
+   *   role_id: role.id
+   * });
+   * ```
+   *
+   * @since 0.7.0
+   * @group Roles
+   */
+  roles;
+  /**
+   * Creates a new PermissionsClient instance
+   *
+   * Initializes the client with separate endpoints for read and write operations.
+   * The client automatically appends the appropriate Keto API paths to the base URL
+   * for optimal performance and security separation.
+   *
+   * @param apiBaseUrl - The base URL for your Omnibase API instance
+   * @param client - The main OmnibaseClient instance (for roles handler)
+   *
+   * @throws {Error} When the base URL is invalid or cannot be reached
+   *
+   * @example
+   * ```typescript
+   * const client = new PermissionsClient('https://api.example.com', omnibaseClient);
+   * ```
+   *
+   * @since 1.0.0
+   * @group Client
+   */
+  constructor(apiBaseUrl, client) {
+    this.relationships = new RelationshipApi(
+      void 0,
+      `${apiBaseUrl}/api/v1/permissions/write`
+    );
+    this.permissions = new PermissionApi(
+      void 0,
+      `${apiBaseUrl}/api/v1/permissions/read`
+    );
+    this.roles = new RolesHandler(client);
+  }
+};
+
+export {
+  RolesHandler,
+  PermissionsClient
+};

package/dist/index.cjs

@@ -537,9 +537,12 @@ var RolesHandler = class {
    * ```
    */
   async getDefinitions() {
-    const response = await this.client.fetch("/api/v1/roles/definitions", {
-      method: "GET"
-    });
+    const response = await this.client.fetch(
+      "/api/v1/permissions/definitions",
+      {
+        method: "GET"
+      }
+    );
     const data = await response.json();
     if (!response.ok || data.error) {
       throw new Error(data.error || "Failed to fetch definitions");
@@ -566,7 +569,7 @@ var RolesHandler = class {
    * ```
    */
   async list() {
-    const response = await this.client.fetch("/api/v1/roles/roles", {
+    const response = await this.client.fetch("/api/v1/permissions/roles", {
       method: "GET"
     });
     const data = await response.json();
@@ -612,7 +615,7 @@ var RolesHandler = class {
    * ```
    */
   async create(request) {
-    const response = await this.client.fetch("/api/v1/roles/roles", {
+    const response = await this.client.fetch("/api/v1/permissions/roles", {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify(request)
@@ -648,11 +651,14 @@ var RolesHandler = class {
    * ```
    */
   async update(roleId, request) {
-    const response = await this.client.fetch(`/api/v1/roles/roles/${roleId}`, {
-      method: "PUT",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify(request)
-    });
+    const response = await this.client.fetch(
+      `/api/v1/permissions/roles/${roleId}`,
+      {
+        method: "PUT",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(request)
+      }
+    );
     const data = await response.json();
     if (!response.ok || data.error) {
       throw new Error(data.error || "Failed to update role");
@@ -674,9 +680,12 @@ var RolesHandler = class {
    * ```
    */
   async delete(roleId) {
-    const response = await this.client.fetch(`/api/v1/roles/roles/${roleId}`, {
-      method: "DELETE"
-    });
+    const response = await this.client.fetch(
+      `/api/v1/permissions/roles/${roleId}`,
+      {
+        method: "DELETE"
+      }
+    );
     const data = await response.json();
     if (!response.ok || data.error) {
       throw new Error(data.error || "Failed to delete role");
@@ -689,18 +698,42 @@ var RolesHandler = class {
    * Keto relationship tuples based on the role's permissions. The user
    * immediately gains all permissions defined in the role.
    *
+   * Supports assignment by either role ID or role name for flexibility.
+   *
    * @param userId - ID of user to assign role to
-   * @param request - Assignment request with role ID
+   * @param request - Assignment request with either role_id or role_name
    *
    * @example
+   * Assign by role ID:
    * ```typescript
-   * // Assign billing manager role to user
    * await omnibase.permissions.roles.assign('user_123', {
    *   role_id: 'role_456'
    * });
+   * ```
+   *
+   * @example
+   * Assign by role name (system or custom role):
+   * ```typescript
+   * // Assign system role
+   * await omnibase.permissions.roles.assign('user_123', {
+   *   role_name: 'owner'
+   * });
+   *
+   * // Assign custom role
+   * await omnibase.permissions.roles.assign('user_456', {
+   *   role_name: 'billing_manager'
+   * });
+   * ```
+   *
+   * @example
+   * Verify permissions after assignment:
+   * ```typescript
+   * await omnibase.permissions.roles.assign('user_123', {
+   *   role_name: 'admin'
+   * });
    *
-   * // User now has all permissions from the role
-   * const canManageBilling = await omnibase.permissions.permissions.checkPermission(
+   * // User now has all permissions from the admin role
+   * const canManage = await omnibase.permissions.permissions.checkPermission(
    *   undefined,
    *   {
    *     namespace: 'Tenant',
@@ -709,12 +742,12 @@ var RolesHandler = class {
    *     subjectId: 'user_123'
    *   }
    * );
-   * // canManageBilling.data.allowed === true
+   * // canManage.data.allowed === true
    * ```
    */
   async assign(userId, request) {
     const response = await this.client.fetch(
-      `/api/v1/roles/users/${userId}/roles`,
+      `/api/v1/permissions/users/${userId}/roles`,
       {
         method: "POST",
         headers: { "Content-Type": "application/json" },

package/dist/index.js

@@ -1,13 +1,13 @@
 import {
   PermissionsClient,
   RolesHandler
-} from "./chunk-JNM7XP7L.js";
-import {
-  PaymentHandler
-} from "./chunk-QPW6G4PA.js";
+} from "./chunk-V4FWENQQ.js";
 import {
   StorageClient
 } from "./chunk-I6DMWC32.js";
+import {
+  PaymentHandler
+} from "./chunk-QPW6G4PA.js";
 import {
   TenantHandler
 } from "./chunk-6OGESVXW.js";

package/dist/payments/index.d.cts

@@ -1211,21 +1211,41 @@ interface UpdateRoleRequest {
 /**
  * Request body for assigning a role to a user
  *
+ * Supports assigning by either role ID or role name for flexibility.
+ * When using role_name, the system will find the role by name within
+ * the current tenant's scope (including system roles).
+ *
  * @example
+ * By role ID:
  * ```typescript
  * {
  *   role_id: 'role_456'
  * }
  * ```
  *
+ * @example
+ * By role name:
+ * ```typescript
+ * {
+ *   role_name: 'owner'
+ * }
+ * ```
+ *
  * @since 0.7.0
  * @public
  */
 interface AssignRoleRequest {
     /**
      * ID of the role to assign to the user
+     * Use either role_id or role_name, not both
+     */
+    role_id?: string;
+    /**
+     * Name of the role to assign to the user
+     * Use either role_id or role_name, not both
+     * @example 'owner', 'admin', 'billing_manager'
      */
-    role_id: string;
+    role_name?: string;
 }
 
 /**
@@ -1378,18 +1398,42 @@ declare class RolesHandler {
      * Keto relationship tuples based on the role's permissions. The user
      * immediately gains all permissions defined in the role.
      *
+     * Supports assignment by either role ID or role name for flexibility.
+     *
      * @param userId - ID of user to assign role to
-     * @param request - Assignment request with role ID
+     * @param request - Assignment request with either role_id or role_name
      *
      * @example
+     * Assign by role ID:
      * ```typescript
-     * // Assign billing manager role to user
      * await omnibase.permissions.roles.assign('user_123', {
      *   role_id: 'role_456'
      * });
+     * ```
+     *
+     * @example
+     * Assign by role name (system or custom role):
+     * ```typescript
+     * // Assign system role
+     * await omnibase.permissions.roles.assign('user_123', {
+     *   role_name: 'owner'
+     * });
+     *
+     * // Assign custom role
+     * await omnibase.permissions.roles.assign('user_456', {
+     *   role_name: 'billing_manager'
+     * });
+     * ```
+     *
+     * @example
+     * Verify permissions after assignment:
+     * ```typescript
+     * await omnibase.permissions.roles.assign('user_123', {
+     *   role_name: 'admin'
+     * });
      *
-     * // User now has all permissions from the role
-     * const canManageBilling = await omnibase.permissions.permissions.checkPermission(
+     * // User now has all permissions from the admin role
+     * const canManage = await omnibase.permissions.permissions.checkPermission(
      *   undefined,
      *   {
      *     namespace: 'Tenant',
@@ -1398,7 +1442,7 @@ declare class RolesHandler {
      *     subjectId: 'user_123'
      *   }
      * );
-     * // canManageBilling.data.allowed === true
+     * // canManage.data.allowed === true
      * ```
      */
     assign(userId: string, request: AssignRoleRequest): Promise<void>;

package/dist/payments/index.d.ts

@@ -1211,21 +1211,41 @@ interface UpdateRoleRequest {
 /**
  * Request body for assigning a role to a user
  *
+ * Supports assigning by either role ID or role name for flexibility.
+ * When using role_name, the system will find the role by name within
+ * the current tenant's scope (including system roles).
+ *
  * @example
+ * By role ID:
  * ```typescript
  * {
  *   role_id: 'role_456'
  * }
  * ```
  *
+ * @example
+ * By role name:
+ * ```typescript
+ * {
+ *   role_name: 'owner'
+ * }
+ * ```
+ *
  * @since 0.7.0
  * @public
  */
 interface AssignRoleRequest {
     /**
      * ID of the role to assign to the user
+     * Use either role_id or role_name, not both
+     */
+    role_id?: string;
+    /**
+     * Name of the role to assign to the user
+     * Use either role_id or role_name, not both
+     * @example 'owner', 'admin', 'billing_manager'
      */
-    role_id: string;
+    role_name?: string;
 }
 
 /**
@@ -1378,18 +1398,42 @@ declare class RolesHandler {
      * Keto relationship tuples based on the role's permissions. The user
      * immediately gains all permissions defined in the role.
      *
+     * Supports assignment by either role ID or role name for flexibility.
+     *
      * @param userId - ID of user to assign role to
-     * @param request - Assignment request with role ID
+     * @param request - Assignment request with either role_id or role_name
      *
      * @example
+     * Assign by role ID:
      * ```typescript
-     * // Assign billing manager role to user
      * await omnibase.permissions.roles.assign('user_123', {
      *   role_id: 'role_456'
      * });
+     * ```
+     *
+     * @example
+     * Assign by role name (system or custom role):
+     * ```typescript
+     * // Assign system role
+     * await omnibase.permissions.roles.assign('user_123', {
+     *   role_name: 'owner'
+     * });
+     *
+     * // Assign custom role
+     * await omnibase.permissions.roles.assign('user_456', {
+     *   role_name: 'billing_manager'
+     * });
+     * ```
+     *
+     * @example
+     * Verify permissions after assignment:
+     * ```typescript
+     * await omnibase.permissions.roles.assign('user_123', {
+     *   role_name: 'admin'
+     * });
      *
-     * // User now has all permissions from the role
-     * const canManageBilling = await omnibase.permissions.permissions.checkPermission(
+     * // User now has all permissions from the admin role
+     * const canManage = await omnibase.permissions.permissions.checkPermission(
      *   undefined,
      *   {
      *     namespace: 'Tenant',
@@ -1398,7 +1442,7 @@ declare class RolesHandler {
      *     subjectId: 'user_123'
      *   }
      * );
-     * // canManageBilling.data.allowed === true
+     * // canManage.data.allowed === true
      * ```
      */
     assign(userId: string, request: AssignRoleRequest): Promise<void>;

package/dist/permissions/index.cjs

@@ -52,9 +52,12 @@ var RolesHandler = class {
    * ```
    */
   async getDefinitions() {
-    const response = await this.client.fetch("/api/v1/roles/definitions", {
-      method: "GET"
-    });
+    const response = await this.client.fetch(
+      "/api/v1/permissions/definitions",
+      {
+        method: "GET"
+      }
+    );
     const data = await response.json();
     if (!response.ok || data.error) {
       throw new Error(data.error || "Failed to fetch definitions");
@@ -81,7 +84,7 @@ var RolesHandler = class {
    * ```
    */
   async list() {
-    const response = await this.client.fetch("/api/v1/roles/roles", {
+    const response = await this.client.fetch("/api/v1/permissions/roles", {
       method: "GET"
     });
     const data = await response.json();
@@ -127,7 +130,7 @@ var RolesHandler = class {
    * ```
    */
   async create(request) {
-    const response = await this.client.fetch("/api/v1/roles/roles", {
+    const response = await this.client.fetch("/api/v1/permissions/roles", {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify(request)
@@ -163,11 +166,14 @@ var RolesHandler = class {
    * ```
    */
   async update(roleId, request) {
-    const response = await this.client.fetch(`/api/v1/roles/roles/${roleId}`, {
-      method: "PUT",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify(request)
-    });
+    const response = await this.client.fetch(
+      `/api/v1/permissions/roles/${roleId}`,
+      {
+        method: "PUT",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(request)
+      }
+    );
     const data = await response.json();
     if (!response.ok || data.error) {
       throw new Error(data.error || "Failed to update role");
@@ -189,9 +195,12 @@ var RolesHandler = class {
    * ```
    */
   async delete(roleId) {
-    const response = await this.client.fetch(`/api/v1/roles/roles/${roleId}`, {
-      method: "DELETE"
-    });
+    const response = await this.client.fetch(
+      `/api/v1/permissions/roles/${roleId}`,
+      {
+        method: "DELETE"
+      }
+    );
     const data = await response.json();
     if (!response.ok || data.error) {
       throw new Error(data.error || "Failed to delete role");
@@ -204,18 +213,42 @@ var RolesHandler = class {
    * Keto relationship tuples based on the role's permissions. The user
    * immediately gains all permissions defined in the role.
    *
+   * Supports assignment by either role ID or role name for flexibility.
+   *
    * @param userId - ID of user to assign role to
-   * @param request - Assignment request with role ID
+   * @param request - Assignment request with either role_id or role_name
    *
    * @example
+   * Assign by role ID:
    * ```typescript
-   * // Assign billing manager role to user
    * await omnibase.permissions.roles.assign('user_123', {
    *   role_id: 'role_456'
    * });
+   * ```
+   *
+   * @example
+   * Assign by role name (system or custom role):
+   * ```typescript
+   * // Assign system role
+   * await omnibase.permissions.roles.assign('user_123', {
+   *   role_name: 'owner'
+   * });
+   *
+   * // Assign custom role
+   * await omnibase.permissions.roles.assign('user_456', {
+   *   role_name: 'billing_manager'
+   * });
+   * ```
+   *
+   * @example
+   * Verify permissions after assignment:
+   * ```typescript
+   * await omnibase.permissions.roles.assign('user_123', {
+   *   role_name: 'admin'
+   * });
    *
-   * // User now has all permissions from the role
-   * const canManageBilling = await omnibase.permissions.permissions.checkPermission(
+   * // User now has all permissions from the admin role
+   * const canManage = await omnibase.permissions.permissions.checkPermission(
    *   undefined,
    *   {
    *     namespace: 'Tenant',
@@ -224,12 +257,12 @@ var RolesHandler = class {
    *     subjectId: 'user_123'
    *   }
    * );
-   * // canManageBilling.data.allowed === true
+   * // canManage.data.allowed === true
    * ```
    */
   async assign(userId, request) {
     const response = await this.client.fetch(
-      `/api/v1/roles/users/${userId}/roles`,
+      `/api/v1/permissions/users/${userId}/roles`,
       {
         method: "POST",
         headers: { "Content-Type": "application/json" },

package/dist/permissions/index.js

@@ -1,7 +1,7 @@
 import {
   PermissionsClient,
   RolesHandler
-} from "../chunk-JNM7XP7L.js";
+} from "../chunk-V4FWENQQ.js";
 export {
   PermissionsClient,
   RolesHandler

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@omnibase/core-js",
-  "version": "0.7.2",
+  "version": "0.7.3",
   "description": "OmniBase core Javascript SDK - framework agnostic",
   "files": [
     "dist/**/*"