@omnibase/core-js 0.8.0 → 0.9.0

package/dist/index.cjs

@@ -1,2093 +0,0 @@
-"use strict";
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-
-// src/index.ts
-var index_exports = {};
-__export(index_exports, {
-  OmnibaseClient: () => OmnibaseClient,
-  PermissionsClient: () => PermissionsClient,
-  RolesHandler: () => RolesHandler,
-  StorageClient: () => StorageClient
-});
-module.exports = __toCommonJS(index_exports);
-
-// src/payments/checkout.ts
-var CheckoutManager = class {
-  /**
-   * Initialize the checkout manager
-   *
-   * @param paymentHandler - Payment handler instance for API communication
-   *
-   * @group Checkout
-   */
-  constructor(omnibaseClient) {
-    this.omnibaseClient = omnibaseClient;
-  }
-  /**
-   * Create a new Stripe checkout session
-   *
-   * Creates a checkout session with the specified options and returns
-   * the session URL for redirecting the user to complete payment.
-   * The checkout mode (one-time payment or subscription) is automatically
-   * determined from the price's configuration - no need to specify it manually.
-   *
-   * @param options - Configuration options for the checkout session
-   * @param options.price_id - Stripe price ID for the product/service
-   * @param options.success_url - URL to redirect after successful payment
-   * @param options.cancel_url - URL to redirect if user cancels
-   *
-   * @returns Promise resolving to checkout session response with URL and session ID
-   *
-   * @throws {Error} When the API request fails due to network issues
-   * @throws {Error} When the server returns an error response (invalid price_id, etc.)
-   * @throws {ValidationError} When required parameters are missing or invalid
-   *
-   * @example
-   * ```typescript
-   * const session = await checkoutManager.createSession({
-   *   price_id: 'price_monthly_pro',
-   *   success_url: 'https://app.com/success',
-   *   cancel_url: 'https://app.com/cancel'
-   * });
-   *
-   * // Redirect to Stripe checkout
-   * if (session.data?.url) {
-   *   window.location.href = session.data.url;
-   * }
-   * ```
-   *
-   * @since 0.6.0
-   * @group Checkout
-   */
-  async createSession(options) {
-    const response = await this.omnibaseClient.fetch(
-      "/api/v1/payments/checkout",
-      {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify(options)
-      }
-    );
-    if (!response.ok) {
-      const errorData = await response.text();
-      throw new Error(
-        `Failed to create checkout session: ${response.status} - ${errorData}`
-      );
-    }
-    const result = await response.json();
-    return result;
-  }
-};
-
-// src/payments/config.ts
-var ConfigManager = class {
-  constructor(omnibaseClient) {
-    this.omnibaseClient = omnibaseClient;
-  }
-  /**
-   * Get the current Stripe configuration from the database
-   *
-   * Retrieves the latest Stripe configuration including products, prices,
-   * and UI customization data. This configuration represents the current
-   * active pricing structure with all UI elements for pricing table rendering.
-   *
-   * @returns Promise resolving to the current Stripe configuration
-   *
-   * @throws {Error} When the API request fails due to network issues
-   * @throws {Error} When the server returns an error response (4xx, 5xx status codes)
-   *
-   * @example
-   * Basic usage:
-   * ```typescript
-   * const config = await getStripeConfig();
-   * console.log(`Found ${config.data.config.products.length} products`);
-   *
-   * // Access product UI configuration
-   * config.data.config.products.forEach(product => {
-   *   console.log(`${product.name}: ${product.ui?.tagline || 'No tagline'}`);
-   * });
-   * ```
-   */
-  async getStripeConfig() {
-    try {
-      const response = await this.omnibaseClient.fetch(
-        `/api/v1/stripe/config`,
-        {
-          method: "GET",
-          headers: {
-            "Content-Type": "application/json"
-          },
-          credentials: "include"
-        }
-      );
-      if (!response.ok) {
-        const errorData = await response.text();
-        throw new Error(
-          `Failed to get Stripe config: ${response.status} - ${errorData}`
-        );
-      }
-      const data = await response.json();
-      return data;
-    } catch (error) {
-      console.error("Error getting Stripe config:", error);
-      throw error;
-    }
-  }
-  /**
-   * Get available products with UI-ready pricing data
-   *
-   * Transforms the raw Stripe configuration into UI-ready format for pricing
-   * table rendering. Includes formatted pricing, features, limits, and all
-   * display customizations needed for marketing pages.
-   *
-   * @returns Promise resolving to products ready for UI consumption
-   *
-   * @throws {Error} When the API request fails or configuration is invalid
-   *
-   * @example
-   * Pricing table rendering:
-   * ```typescript
-   * const products = await getAvailableProducts();
-   *
-   * products.forEach(product => {
-   *   const display = product.pricing_display;
-   *   console.log(`${display.name} - ${display.tagline}`);
-   *
-   *   display.prices.forEach(price => {
-   *     console.log(`  ${price.display_name}: ${price.formatted_price}`);
-   *   });
-   * });
-   * ```
-   */
-  async getAvailableProducts() {
-    const configResponse = await this.getStripeConfig();
-    if (!configResponse.data?.config) {
-      throw new Error("No Stripe configuration found");
-    }
-    const products = configResponse.data.config.products;
-    return products.map(transformProductToUIReady).sort(
-      (a, b) => a.pricing_display.sort_order - b.pricing_display.sort_order
-    );
-  }
-  /**
-   * Get a specific product by ID
-   *
-   * Retrieves a single product configuration by its ID from the current
-   * Stripe configuration. Useful for product-specific operations.
-   *
-   * @param productId - The configuration product ID to retrieve
-   * @returns Promise resolving to the product or null if not found
-   *
-   * @example
-   * ```typescript
-   * const product = await getProduct('starter_plan');
-   * if (product) {
-   *   console.log(`Found product: ${product.name}`);
-   * }
-   * ```
-   */
-  async getProduct(productId) {
-    const configResponse = await this.getStripeConfig();
-    if (!configResponse.data?.config) {
-      return null;
-    }
-    const product = configResponse.data.config.products.find(
-      (p) => p.id === productId
-    );
-    return product || null;
-  }
-};
-function transformProductToUIReady(product) {
-  const ui = product.ui || {};
-  return {
-    ...product,
-    pricing_display: {
-      name: ui.display_name || product.name,
-      tagline: ui.tagline,
-      features: ui.features || [],
-      badge: ui.badge,
-      cta_text: ui.cta_text || "Choose Plan",
-      highlighted: ui.highlighted || false,
-      sort_order: ui.sort_order || 0,
-      prices: product.prices.map((price) => {
-        const priceUI = price.ui || {};
-        return {
-          id: price.id,
-          display_name: priceUI.display_name || formatDefaultPriceName(price),
-          formatted_price: formatPrice(price, priceUI),
-          billing_period: priceUI.billing_period || formatDefaultBillingPeriod(price),
-          features: priceUI.features || [],
-          limits: priceUI.limits || []
-        };
-      })
-    }
-  };
-}
-function formatPrice(price, priceUI) {
-  if (priceUI.price_display?.custom_text) {
-    return priceUI.price_display.custom_text;
-  }
-  if (!price.amount || price.amount === 0) {
-    return "Free";
-  }
-  const amount = price.amount / 100;
-  const currency = price.currency.toUpperCase();
-  let formattedPrice = "";
-  if (priceUI.price_display?.show_currency !== false) {
-    const currencySymbol = getCurrencySymbol(currency);
-    formattedPrice = `${currencySymbol}${amount.toFixed(2)}`;
-  } else {
-    formattedPrice = amount.toFixed(2);
-  }
-  if (priceUI.price_display?.suffix) {
-    formattedPrice += ` ${priceUI.price_display.suffix}`;
-  }
-  return formattedPrice;
-}
-function getCurrencySymbol(currency) {
-  const symbols = {
-    USD: "$",
-    EUR: "\u20AC",
-    GBP: "\xA3",
-    JPY: "\xA5",
-    CAD: "C$",
-    AUD: "A$"
-  };
-  return symbols[currency] || currency;
-}
-function formatDefaultPriceName(price) {
-  if (price.interval) {
-    return price.interval.charAt(0).toUpperCase() + price.interval.slice(1);
-  }
-  return "One-time";
-}
-function formatDefaultBillingPeriod(price) {
-  if (price.interval) {
-    const count = price.interval_count || 1;
-    const period = count === 1 ? price.interval : `${count} ${price.interval}s`;
-    return `per ${period}`;
-  }
-  return "one-time";
-}
-
-// src/payments/portal.ts
-var PortalManager = class {
-  /**
-   * Initialize the portal manager
-   *
-   * @param omnibaseClient - OmnibaseClient instance for API communication
-   *
-   * @group Portal
-   */
-  constructor(omnibaseClient) {
-    this.omnibaseClient = omnibaseClient;
-  }
-  /**
-   * Create a new customer portal session
-   *
-   * Creates a portal session that allows the specified customer to
-   * manage their billing information, subscriptions, and payment methods.
-   * Returns a URL that the customer should be redirected to.
-   *
-   * The portal session is temporary and expires after a short period
-   * for security. Each access requires creating a new session.
-   *
-   * @param options - Configuration options for the portal session
-   * @param options.return_url - URL to redirect to when exiting the portal
-   *
-   * @returns Promise resolving to portal session response with access URL
-   *
-   * @throws {Error} When the API request fails due to network issues
-   * @throws {Error} When the server returns an error response
-   * @throws {ValidationError} When required parameters are missing or invalid
-   *
-   * @example
-   * ```typescript
-   * const portal = await portalManager.create({
-   *   return_url: 'https://myapp.com/account/billing'
-   * });
-   *
-   * // Redirect user to portal
-   * if (portal.data?.url) {
-   *   window.location.href = portal.data.url;
-   * }
-   * ```
-   *
-   * @since 0.6.0
-   * @group Portal
-   */
-  async create(options) {
-    const response = await this.omnibaseClient.fetch(
-      "/api/v1/payments/portal",
-      {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify(options)
-      }
-    );
-    if (!response.ok) {
-      const errorData = await response.text();
-      throw new Error(
-        `Failed to create customer portal: ${response.status} - ${errorData}`
-      );
-    }
-    const result = await response.json();
-    return result;
-  }
-};
-
-// src/payments/usage.ts
-var UsageManager = class {
-  /**
-   * Initialize the usage manager
-   *
-   * @param omnibaseClient - OmnibaseClient instance for API communication
-   *
-   * @group Usage
-   */
-  constructor(omnibaseClient) {
-    this.omnibaseClient = omnibaseClient;
-  }
-  /**
-   * Record a usage event for metered billing
-   *
-   * Records a usage event against a specific meter for billing calculation.
-   * The event will be aggregated with other usage events for the billing period
-   * to determine the customer's charges for metered products.
-   *
-   * Usage events should be recorded in real-time or as close to real-time as
-   * possible to ensure accurate billing and provide up-to-date usage visibility
-   * to customers.
-   *
-   * @param options - Usage recording options
-   * @param options.meter_event_name - Name of the meter to record against
-   * @param options.value - Usage quantity as string
-   *
-   * @returns Promise resolving to API response confirmation
-   *
-   * @throws {Error} When the API request fails due to network issues
-   * @throws {Error} When the server returns an error response (invalid meter name, customer, etc.)
-   * @throws {ValidationError} When required parameters are missing or invalid
-   *
-   * @example
-   * ```typescript
-   * // Record each API call
-   * await usageManager.recordUsage({
-   *   meter_event_name: 'api_requests',
-   *   value: '1'
-   * });
-   * ```
-   *
-   * @since 0.6.0
-   * @group Usage
-   */
-  async recordUsage(options) {
-    const response = await this.omnibaseClient.fetch("/api/v1/payments/usage", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json"
-      },
-      body: JSON.stringify(options)
-    });
-    if (!response.ok) {
-      const errorData = await response.text();
-      throw new Error(
-        `Failed to record usage: ${response.status} - ${errorData}`
-      );
-    }
-    const result = await response.json();
-    return result;
-  }
-};
-
-// src/payments/handler.ts
-var PaymentHandler = class {
-  /**
-   * Initialize the payment handler with OmnibaseClient
-   *
-   * Creates a new payment handler instance with access to all payment
-   * operations including checkout, configuration, portal, and usage tracking.
-   * The handler uses the provided OmnibaseClient for API communication.
-   *
-   * @param omnibaseClient - OmnibaseClient instance for API communication
-   *
-   * @example
-   * ```typescript
-   * const paymentHandler = new PaymentHandler(omnibaseClient);
-   * ```
-   *
-   * @since 0.6.0
-   * @group Client
-   */
-  constructor(omnibaseClient) {
-    this.omnibaseClient = omnibaseClient;
-    this.checkout = new CheckoutManager(this.omnibaseClient);
-    this.config = new ConfigManager(this.omnibaseClient);
-    this.portal = new PortalManager(this.omnibaseClient);
-    this.usage = new UsageManager(this.omnibaseClient);
-  }
-  /**
-   * Checkout session management
-   *
-   * Provides functionality for creating and managing Stripe checkout sessions
-   * for both one-time payments and subscription billing.
-   *
-   * @example
-   * ```typescript
-   * const session = await paymentHandler.checkout.createSession({
-   *   price_id: 'price_monthly_pro',
-   *   success_url: window.location.origin + '/success',
-   *   cancel_url: window.location.origin + '/pricing'
-   * });
-   *
-   * if (session.data?.url) {
-   *   window.location.href = session.data.url;
-   * }
-   * ```
-   */
-  checkout;
-  /**
-   * Stripe configuration management
-   *
-   * Handles retrieval and processing of database-backed Stripe configurations,
-   * providing UI-ready product and pricing data for rendering pricing tables.
-   *
-   * @example
-   * ```typescript
-   * const products = await paymentHandler.config.getAvailableProducts();
-   * const config = await paymentHandler.config.getStripeConfig();
-   * ```
-   */
-  config;
-  /**
-   * Customer portal management
-   *
-   * Creates customer portal sessions for subscription management,
-   * billing history, and payment method updates.
-   *
-   * @example
-   * ```typescript
-   * const portal = await paymentHandler.portal.create({
-   *   return_url: 'https://app.com/billing'
-   * });
-   * ```
-   */
-  portal;
-  /**
-   * Usage tracking and metered billing
-   *
-   * Records usage events for metered billing products and manages
-   * usage-based pricing calculations.
-   *
-   * @example
-   * ```typescript
-   * await paymentHandler.usage.recordUsage({
-   *   meter_event_name: 'api_calls',
-   *   value: '1'
-   * });
-   * ```
-   */
-  usage;
-};
-
-// src/permissions/handler.ts
-var import_client = require("@ory/client");
-
-// src/permissions/roles.ts
-var RolesHandler = class {
-  constructor(client) {
-    this.client = client;
-  }
-  /**
-   * Get available namespace definitions for UI
-   *
-   * Returns all namespaces and their available relations/permissions.
-   * Useful for building role configuration UIs.
-   *
-   * @returns List of namespace definitions
-   *
-   * @example
-   * ```typescript
-   * const definitions = await omnibase.permissions.roles.getDefinitions();
-   *
-   * // Output: [{ namespace: 'Tenant', relations: ['invite_user', 'delete_tenant', ...] }]
-   * definitions.forEach(def => {
-   *   console.log(`${def.namespace} supports: ${def.relations.join(', ')}`);
-   * });
-   * ```
-   */
-  async getDefinitions() {
-    const response = await this.client.fetch(
-      "/api/v1/permissions/definitions",
-      {
-        method: "GET"
-      }
-    );
-    const data = await response.json();
-    if (!response.ok || data.error) {
-      throw new Error(data.error || "Failed to fetch definitions");
-    }
-    return data.data.definitions;
-  }
-  /**
-   * List all roles for the current tenant
-   *
-   * Returns both system roles (defined in roles.config.json) and
-   * custom roles created via the API. System roles have `tenant_id = null`.
-   *
-   * @returns List of roles
-   *
-   * @example
-   * ```typescript
-   * const roles = await omnibase.permissions.roles.list();
-   *
-   * const systemRoles = roles.filter(r => r.tenant_id === null);
-   * const customRoles = roles.filter(r => r.tenant_id !== null);
-   *
-   * console.log(`System roles: ${systemRoles.map(r => r.role_name).join(', ')}`);
-   * console.log(`Custom roles: ${customRoles.map(r => r.role_name).join(', ')}`);
-   * ```
-   */
-  async list() {
-    const response = await this.client.fetch("/api/v1/permissions/roles", {
-      method: "GET"
-    });
-    const data = await response.json();
-    if (!response.ok || data.error) {
-      throw new Error(data.error || "Failed to list roles");
-    }
-    return data.data.roles;
-  }
-  /**
-   * Create a new custom role
-   *
-   * Creates a tenant-specific role with the specified permissions.
-   * Permissions use the format `namespace#relation` or `namespace:id#relation`.
-   *
-   * @param request - Role creation request
-   * @returns Created role
-   *
-   * @example
-   * ```typescript
-   * const role = await omnibase.permissions.roles.create({
-   *   role_name: 'billing_manager',
-   *   permissions: [
-   *     'tenant#manage_billing',
-   *     'tenant#view_invoices',
-   *     'tenant#update_payment_methods'
-   *   ]
-   * });
-   *
-   * console.log(`Created role: ${role.id}`);
-   * ```
-   *
-   * @example
-   * Resource-specific permissions:
-   * ```typescript
-   * const devRole = await omnibase.permissions.roles.create({
-   *   role_name: 'project_developer',
-   *   permissions: [
-   *     'project:proj_abc123#deploy',
-   *     'project:proj_abc123#view_logs',
-   *     'tenant#invite_user'
-   *   ]
-   * });
-   * ```
-   */
-  async create(request) {
-    const response = await this.client.fetch("/api/v1/permissions/roles", {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify(request)
-    });
-    const data = await response.json();
-    if (!response.ok || data.error) {
-      throw new Error(data.error || "Failed to create role");
-    }
-    return data.data;
-  }
-  /**
-   * Update an existing role's permissions
-   *
-   * Updates the permissions for a role and automatically updates all
-   * Keto relationships for users assigned to this role. Old permissions
-   * are removed and new ones are created.
-   *
-   * @param roleId - ID of role to update
-   * @param request - Update request with new permissions
-   * @returns Updated role
-   *
-   * @example
-   * ```typescript
-   * const updatedRole = await omnibase.permissions.roles.update('role_123', {
-   *   permissions: [
-   *     'tenant#manage_billing',
-   *     'tenant#view_invoices',
-   *     'tenant#manage_users' // Added new permission
-   *   ]
-   * });
-   *
-   * console.log(`Updated role with ${updatedRole.permissions.length} permissions`);
-   * ```
-   */
-  async update(roleId, request) {
-    const response = await this.client.fetch(
-      `/api/v1/permissions/roles/${roleId}`,
-      {
-        method: "PUT",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify(request)
-      }
-    );
-    const data = await response.json();
-    if (!response.ok || data.error) {
-      throw new Error(data.error || "Failed to update role");
-    }
-    return data.data;
-  }
-  /**
-   * Delete a role
-   *
-   * Deletes the role and automatically removes all Keto relationships
-   * for users assigned to this role. Cannot delete system roles.
-   *
-   * @param roleId - ID of role to delete
-   *
-   * @example
-   * ```typescript
-   * await omnibase.permissions.roles.delete('role_123');
-   * console.log('Role deleted successfully');
-   * ```
-   */
-  async delete(roleId) {
-    const response = await this.client.fetch(
-      `/api/v1/permissions/roles/${roleId}`,
-      {
-        method: "DELETE"
-      }
-    );
-    const data = await response.json();
-    if (!response.ok || data.error) {
-      throw new Error(data.error || "Failed to delete role");
-    }
-  }
-  /**
-   * Assign a role to a user
-   *
-   * Assigns a role to a user and automatically creates all necessary
-   * Keto relationship tuples based on the role's permissions. The user
-   * immediately gains all permissions defined in the role.
-   *
-   * Supports assignment by either role ID or role name for flexibility.
-   *
-   * @param userId - ID of user to assign role to
-   * @param request - Assignment request with either role_id or role_name
-   *
-   * @example
-   * Assign by role ID:
-   * ```typescript
-   * await omnibase.permissions.roles.assign('user_123', {
-   *   role_id: 'role_456'
-   * });
-   * ```
-   *
-   * @example
-   * Assign by role name (system or custom role):
-   * ```typescript
-   * // Assign system role
-   * await omnibase.permissions.roles.assign('user_123', {
-   *   role_name: 'owner'
-   * });
-   *
-   * // Assign custom role
-   * await omnibase.permissions.roles.assign('user_456', {
-   *   role_name: 'billing_manager'
-   * });
-   * ```
-   *
-   * @example
-   * Verify permissions after assignment:
-   * ```typescript
-   * await omnibase.permissions.roles.assign('user_123', {
-   *   role_name: 'admin'
-   * });
-   *
-   * // User now has all permissions from the admin role
-   * const canManage = await omnibase.permissions.permissions.checkPermission(
-   *   undefined,
-   *   {
-   *     namespace: 'Tenant',
-   *     object: 'tenant_789',
-   *     relation: 'manage_billing',
-   *     subjectId: 'user_123'
-   *   }
-   * );
-   * // canManage.data.allowed === true
-   * ```
-   */
-  async assign(userId, request) {
-    const response = await this.client.fetch(
-      `/api/v1/permissions/users/${userId}/roles`,
-      {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify(request)
-      }
-    );
-    const data = await response.json();
-    if (!response.ok || data.error) {
-      throw new Error(data.error || "Failed to assign role");
-    }
-  }
-};
-
-// src/permissions/handler.ts
-var PermissionsClient = class {
-  /**
-   * Ory Keto RelationshipApi for managing subject-object relationships
-   *
-   * Provides methods for creating, updating, and deleting relationships between
-   * subjects (users, groups) and objects (tenants, resources). This API handles
-   * write operations and is used to establish permission structures.
-   *
-   * Key methods:
-   * - `createRelationship()` - Creates a new relationship tuple
-   * - `deleteRelationships()` - Removes existing relationship tuples
-   * - `getRelationships()` - Queries existing relationships
-   * - `patchRelationships()` - Updates multiple relationships atomically
-   *
-   * @example
-   * ```typescript
-   * // Create a relationship
-   * await client.relationships.createRelationship(
-   *   undefined,
-   *   {
-   *     namespace: 'Tenant',
-   *     object: 'tenant_123',
-   *     relation: 'members',
-   *     subjectId: 'user_456'
-   *   }
-   * );
-   * ```
-   *
-   * @since 1.0.0
-   * @group Relationships
-   */
-  relationships;
-  /**
-   * Ory Keto PermissionApi for checking permissions
-   *
-   * Provides methods for querying whether a subject has a specific permission
-   * on an object. This API handles read operations and is optimized for fast
-   * permission checks in your application logic.
-   *
-   * All operations are proxied through Omnibase's API at `/api/v1/permissions/read`.
-   *
-   * Key methods:
-   * - `checkPermission(params)` - Checks if a subject has permission on an object
-   * - `checkPermissionOrError(params)` - Same as above but throws error if denied
-   * - `expandPermissions(namespace, object, relation, maxDepth?)` - Expands relationships to show all granted permissions
-   * - `postCheckPermission(maxDepth?, body)` - POST variant of permission check
-   *
-   * @example
-   * Check a single permission:
-   * ```typescript
-   * const result = await omnibase.permissions.permissions.checkPermission({
-   *   namespace: 'Tenant',
-   *   object: 'tenant_123',
-   *   relation: 'view',
-   *   subjectId: 'user_456'
-   * });
-   *
-   * if (result.data.allowed) {
-   *   console.log('User has permission');
-   * }
-   * ```
-   *
-   * @example
-   * Expand permission tree:
-   * ```typescript
-   * const tree = await omnibase.permissions.permissions.expandPermissions(
-   *   'Tenant',
-   *   'tenant_123',
-   *   'view'
-   * );
-   *
-   * console.log('Permission tree:', tree.data);
-   * ```
-   *
-   * @example
-   * Check permission or throw error:
-   * ```typescript
-   * try {
-   *   await omnibase.permissions.permissions.checkPermissionOrError({
-   *     namespace: 'Tenant',
-   *     object: 'tenant_123',
-   *     relation: 'edit',
-   *     subjectId: 'user_456'
-   *   });
-   *   // Permission granted
-   * } catch (error) {
-   *   // Permission denied
-   *   console.error('Access denied');
-   * }
-   * ```
-   *
-   * @since 1.0.0
-   * @group Permissions
-   */
-  permissions;
-  /**
-   * Handler for managing roles and role-based permissions
-   *
-   * Provides methods for creating custom roles, assigning permissions,
-   * and managing role assignments. Works alongside the Keto-based
-   * permissions system to provide dynamic RBAC capabilities.
-   *
-   * Roles are stored in the database and automatically synchronized with
-   * Ory Keto relationships, providing a higher-level abstraction over
-   * raw relationship tuples.
-   *
-   * @example
-   * Create a custom role:
-   * ```typescript
-   * const role = await omnibase.permissions.roles.create({
-   *   role_name: 'billing_manager',
-   *   permissions: ['tenant#manage_billing', 'tenant#view_invoices']
-   * });
-   * ```
-   *
-   * @example
-   * Assign role to a user:
-   * ```typescript
-   * await omnibase.permissions.roles.assign('user_123', {
-   *   role_id: role.id
-   * });
-   * ```
-   *
-   * @example
-   * List all roles:
-   * ```typescript
-   * const roles = await omnibase.permissions.roles.list();
-   * console.log('Available roles:', roles);
-   * ```
-   *
-   * @since 0.7.0
-   * @group Roles
-   */
-  roles;
-  /**
-   * Creates a new PermissionsClient instance
-   *
-   * Initializes the client with separate endpoints for read and write operations.
-   * The client automatically configures the Ory Keto client libraries to use
-   * Omnibase's permission proxy endpoints:
-   * - Write endpoint: `${apiBaseUrl}/api/v1/permissions/write`
-   * - Read endpoint: `${apiBaseUrl}/api/v1/permissions/read`
-   *
-   * This separation follows Ory Keto's recommended architecture for optimal
-   * performance and security.
-   *
-   * @param apiBaseUrl - The base URL for your Omnibase API instance (e.g., 'https://api.example.com')
-   * @param client - The main OmnibaseClient instance (required for roles handler)
-   *
-   * @throws {Error} When the base URL is invalid or cannot be reached
-   *
-   * @example
-   * Direct instantiation (not recommended - use OmnibaseClient instead):
-   * ```typescript
-   * const client = new PermissionsClient('https://api.example.com', omnibaseClient);
-   * ```
-   *
-   * @example
-   * Recommended usage via OmnibaseClient:
-   * ```typescript
-   * import { OmnibaseClient } from '@omnibase/core-js';
-   *
-   * const omnibase = new OmnibaseClient({
-   *   apiUrl: 'https://api.example.com'
-   * });
-   *
-   * // Use the permissions client
-   * await omnibase.permissions.permissions.checkPermission({
-   *   namespace: 'Tenant',
-   *   object: 'tenant_123',
-   *   relation: 'view',
-   *   subjectId: 'user_456'
-   * });
-   * ```
-   *
-   * @since 1.0.0
-   * @group Client
-   */
-  constructor(apiBaseUrl, client) {
-    this.relationships = new import_client.RelationshipApi(
-      void 0,
-      `${apiBaseUrl}/api/v1/permissions/write`
-    );
-    this.permissions = new import_client.PermissionApi(
-      void 0,
-      `${apiBaseUrl}/api/v1/permissions/read`
-    );
-    this.roles = new RolesHandler(client);
-  }
-};
-
-// src/storage/index.ts
-var StorageClient = class {
-  constructor(client) {
-    this.client = client;
-  }
-  /**
-   * Upload a file to storage
-   *
-   * @param path - Full path for the file (e.g., "public/images/avatar.png", "users/123/private/doc.pdf")
-   * @param file - File or Blob to upload
-   * @param options - Upload options including custom metadata
-   *
-   * @example
-   * ```typescript
-   * const result = await storage.upload(
-   *   'public/avatars/user-123.png',
-   *   file,
-   *   {
-   *     metadata: {
-   *       userId: '123',
-   *       uploadedBy: 'john@example.com',
-   *       tags: ['profile', 'avatar']
-   *     }
-   *   }
-   * );
-   *
-   * // File is automatically uploaded to S3 via the presigned URL
-   * console.log('File uploaded to:', result.path);
-   * ```
-   */
-  async upload(path, file, options) {
-    const metadata = {
-      // File metadata
-      filename: file instanceof File ? file.name : "blob",
-      size: file.size,
-      mime_type: file.type,
-      uploaded_at: (/* @__PURE__ */ new Date()).toISOString(),
-      // Merge custom metadata
-      ...options?.metadata || {}
-    };
-    const response = await this.client.fetch("/api/v1/storage/upload", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json"
-      },
-      body: JSON.stringify({
-        path,
-        metadata
-      })
-    });
-    if (!response.ok) {
-      const error = await response.json().catch(() => ({ error: "Upload failed" }));
-      throw new Error(error.error || "Failed to get upload URL");
-    }
-    const responseData = await response.json();
-    const result = responseData.data;
-    const uploadResponse = await fetch(result.upload_url, {
-      method: "PUT",
-      body: file,
-      headers: {
-        "Content-Type": file.type
-      }
-    });
-    if (!uploadResponse.ok) {
-      throw new Error("Failed to upload file to storage");
-    }
-    return result;
-  }
-  /**
-   * Download a file from storage
-   *
-   * @param path - Full path to the file
-   *
-   * @example
-   * ```typescript
-   * const { download_url } = await storage.download('public/images/logo.png');
-   *
-   * // Download the file
-   * const response = await fetch(download_url);
-   * const blob = await response.blob();
-   * ```
-   */
-  async download(path) {
-    const response = await this.client.fetch("/api/v1/storage/download", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json"
-      },
-      body: JSON.stringify({
-        path
-      })
-    });
-    if (!response.ok) {
-      const error = await response.json().catch(() => ({ error: "Download failed" }));
-      throw new Error(error.error || "Failed to get download URL");
-    }
-    const responseData = await response.json();
-    return responseData.data;
-  }
-  /**
-   * Delete a file from storage
-   *
-   * @param path - Full path to the file
-   *
-   * @example
-   * ```typescript
-   * await storage.delete('users/123/documents/old-report.pdf');
-   * ```
-   */
-  async delete(path) {
-    const response = await this.client.fetch("/api/v1/storage/object", {
-      method: "DELETE",
-      headers: {
-        "Content-Type": "application/json"
-      },
-      body: JSON.stringify({
-        path
-      })
-    });
-    if (!response.ok) {
-      const error = await response.json().catch(() => ({ error: "Delete failed" }));
-      throw new Error(error.error || "Failed to delete file");
-    }
-  }
-};
-
-// src/tenants/invites.ts
-var TenantInviteManager = class {
-  /**
-   * Creates a new TenantInviteManager instance
-   *
-   * Initializes the manager with the provided Omnibase client for making
-   * authenticated API requests to tenant invitation endpoints.
-   *
-   * @param omnibaseClient - Configured Omnibase client instance
-   *
-   * @group Tenant Invitations
-   */
-  constructor(omnibaseClient) {
-    this.omnibaseClient = omnibaseClient;
-  }
-  /**
-   * Accepts a tenant invitation using a secure token
-   *
-   * Processes a tenant invitation by validating the provided token and
-   * adding the authenticated user to the specified tenant. The invitation
-   * token is consumed during this process and cannot be used again.
-   *
-   * The function performs several validations:
-   * - Verifies the token exists and is valid
-   * - Checks that the invitation hasn't expired
-   * - Ensures the invitation hasn't already been used
-   * - Confirms the user is authenticated via session cookies
-   *
-   * Upon successful acceptance, the user is granted access to the tenant
-   * with the role specified in the original invitation. The invitation
-   * record is marked as used and cannot be accepted again.
-   *
-   * @param token - The secure invitation token from the email invitation
-   *
-   * @returns Promise resolving to the tenant ID and success confirmation
-   *
-   * @throws {Error} When the token parameter is missing or empty
-   * @throws {Error} When the invitation token is invalid or expired
-   * @throws {Error} When the invitation has already been accepted
-   * @throws {Error} When the user is not authenticated
-   * @throws {Error} When the API request fails due to network issues
-   * @throws {Error} When the server returns an error response (4xx, 5xx status codes)
-   *
-   * @example
-   * ```typescript
-   * // Typically called from an invitation link like:
-   * // https://app.com/accept-invite?token=inv_secure_token_abc123
-   *
-   * const urlParams = new URLSearchParams(window.location.search);
-   * const inviteToken = urlParams.get('token');
-   *
-   * if (inviteToken) {
-   *   try {
-   *     const result = await inviteManager.accept(inviteToken);
-   *
-   *     // Success - redirect to tenant dashboard
-   *     console.log(`Successfully joined tenant: ${result.data.tenant_id}`);
-   *     window.location.href = `/dashboard?tenant=${result.data.tenant_id}`;
-   *   } catch (error) {
-   *     console.error('Failed to accept invitation:', error.message);
-   *   }
-   * }
-   * ```
-   *
-   * @since 0.6.0
-   * @public
-   * @group Tenant Invitations
-   */
-  async accept(token) {
-    if (!token) {
-      throw new Error("Invite token is required");
-    }
-    const requestBody = {
-      token
-    };
-    try {
-      const response = await this.omnibaseClient.fetch(
-        `/api/v1/tenants/invites/accept`,
-        {
-          method: "PUT",
-          headers: {
-            "Content-Type": "application/json"
-          },
-          body: JSON.stringify(requestBody),
-          credentials: "include"
-        }
-      );
-      if (!response.ok) {
-        const errorData = await response.text();
-        throw new Error(
-          `Failed to accept invite: ${response.status} - ${errorData}`
-        );
-      }
-      const data = await response.json();
-      return data;
-    } catch (error) {
-      console.error("Error accepting tenant invite:", error);
-      throw error;
-    }
-  }
-  /**
-   * Creates a new user invitation for the active tenant
-   *
-   * Generates a secure invitation that allows a user to join the currently active
-   * tenant with the defined role. The invitation is sent to the provided email address
-   * and includes a time-limited token for security. The invite URL will be automatically
-   * appended with ?token=XYZ when sent to the user.
-   *
-   * The function creates the invitation record in the database and triggers an email
-   * notification to the invited user. The invitation expires after 7 days and can only
-   * be used once.
-   *
-   * Only existing tenant members with appropriate permissions (invite_user permission)
-   * can create invitations. The inviter's authentication and tenant context are validated
-   * via HTTP-only cookies sent with the request.
-   *
-   * @param inviteData - Configuration object for the invitation
-   * @param inviteData.email - Email address of the user to invite
-   * @param inviteData.role - Role the user will have after joining (e.g., 'member', 'admin')
-   * @param inviteData.invite_url - Base URL for the invitation link (will be appended with ?token=XYZ)
-   *
-   * @returns Promise resolving to the created invitation with secure token
-   *
-   * @throws {Error} When required fields (email, role, invite_url) are missing or empty
-   * @throws {Error} When the user doesn't have permission to invite users to the tenant
-   * @throws {Error} When the API request fails due to network issues
-   * @throws {Error} When the server returns an error response (4xx, 5xx status codes)
-   *
-   * @example
-   * ```typescript
-   * const invite = await inviteManager.create({
-   *   email: 'colleague@company.com',
-   *   role: 'member',
-   *   invite_url: 'https://yourapp.com/accept-invite'
-   * });
-   *
-   * console.log(`Invite sent to: ${invite.data.invite.email}`);
-   * console.log(`Invite token: ${invite.data.invite.token}`);
-   * ```
-   *
-   * @since 0.6.0
-   * @public
-   * @group Tenant Invitations
-   */
-  async create(inviteData) {
-    if (!inviteData.email || !inviteData.role || !inviteData.invite_url) {
-      throw new Error(
-        "Missing data in `create` - email, role, and invite_url are required"
-      );
-    }
-    try {
-      const response = await this.omnibaseClient.fetch(
-        `/api/v1/tenants/invites`,
-        {
-          method: "POST",
-          headers: {
-            "Content-Type": "application/json"
-          },
-          body: JSON.stringify(inviteData),
-          credentials: "include"
-        }
-      );
-      if (!response.ok) {
-        const errorData = await response.text();
-        throw new Error(
-          `Failed to create invite: ${response.status} - ${errorData}`
-        );
-      }
-      const data = await response.json();
-      return data;
-    } catch (error) {
-      console.error("Error creating tenant user invite:", error);
-      throw error;
-    }
-  }
-};
-
-// src/tenants/management.ts
-var TenantManger = class {
-  /**
-   * Creates a new TenantManger instance
-   *
-   * Initializes the manager with the provided Omnibase client for making
-   * authenticated API requests to tenant management endpoints.
-   *
-   * @param omnibaseClient - Configured Omnibase client instance
-   *
-   * @group Tenant Management
-   */
-  constructor(omnibaseClient) {
-    this.omnibaseClient = omnibaseClient;
-  }
-  /**
-   * Creates a new tenant in the multi-tenant system
-   *
-   * Establishes a new tenant with integrated Stripe billing setup and assigns
-   * the specified user as the tenant owner. The operation creates the necessary
-   * database records and returns a JWT token that enables Row-Level Security
-   * access to the tenant's isolated data.
-   *
-   * The function automatically handles Stripe customer creation for billing
-   * integration and sets up the initial tenant configuration. The returned
-   * token should be stored securely for subsequent API calls.
-   *
-   * @param tenantData - Configuration object for the new tenant
-   * @param tenantData.name - Display name for the tenant organization
-   * @param tenantData.billing_email - Email address for Stripe billing notifications
-   * @param tenantData.user_id - Unique identifier of the user who will own this tenant
-   *
-   * @returns Promise resolving to the created tenant with authentication token
-   *
-   * @throws {Error} When required fields (name, user_id) are missing or empty
-   * @throws {Error} When the API request fails due to network issues
-   * @throws {Error} When the server returns an error response (4xx, 5xx status codes)
-   *
-   * @example
-   * ```typescript
-   * const newTenant = await tenantManager.createTenant({
-   *   name: 'Acme Corporation',
-   *   billing_email: 'billing@acme.com',
-   *   user_id: 'user_123'
-   * });
-   *
-   * console.log(`Tenant created: ${newTenant.data.tenant.id}`);
-   * ```
-   *
-   * @since 0.6.0
-   * @public
-   * @group Tenant Management
-   */
-  async createTenant(tenantData) {
-    if (!tenantData.name || !tenantData.user_id) {
-      throw new Error("Name and user_id are required");
-    }
-    try {
-      const response = await this.omnibaseClient.fetch(`/api/v1/tenants`, {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify(tenantData),
-        credentials: "include"
-      });
-      if (!response.ok) {
-        const errorData = await response.text();
-        throw new Error(
-          `Failed to create tenant: ${response.status} - ${errorData}`
-        );
-      }
-      const data = await response.json();
-      return data;
-    } catch (error) {
-      console.error("Error creating tenant:", error);
-      throw error;
-    }
-  }
-  /**
-   * Permanently deletes a tenant and all associated data
-   *
-   * ⚠️ **WARNING: This operation is irreversible and will permanently delete:**
-   * - The tenant record and all metadata
-   * - All user memberships and invitations for this tenant
-   * - All tenant-specific data protected by row-level security
-   * - Any tenant-related billing information
-   * - All tenant configuration and settings
-   *
-   * **Access Control:**
-   * Only tenant owners can delete a tenant. This operation requires:
-   * - User must be authenticated
-   * - User must have 'owner' role for the specified tenant
-   * - Tenant must exist and be accessible to the user
-   *
-   * **Security Considerations:**
-   * - All tenant data is immediately and permanently removed
-   * - Other tenant members lose access immediately
-   * - Any active sessions for this tenant are invalidated
-   * - Billing subscriptions are cancelled (if applicable)
-   * - Audit logs for deletion are maintained for compliance
-   *
-   * @returns Promise resolving to a confirmation message
-   *
-   * @throws {Error} When the tenantId parameter is missing or empty
-   * @throws {Error} When the user is not authenticated
-   * @throws {Error} When the user is not an owner of the specified tenant
-   * @throws {Error} When the tenant doesn't exist or is not accessible
-   * @throws {Error} When the API request fails due to network issues
-   * @throws {Error} When the server returns an error response (4xx, 5xx status codes)
-   *
-   * @example
-   * ```typescript
-   * // Always confirm before deleting
-   * const userConfirmed = confirm(
-   *   'Are you sure you want to delete this tenant? This action cannot be undone.'
-   * );
-   *
-   * if (userConfirmed) {
-   *   try {
-   *     const result = await tenantManager.deleteTenant();
-   *     console.log(result.data.message);
-   *
-   *     // Redirect user away from deleted tenant
-   *     window.location.href = '/dashboard';
-   *   } catch (error) {
-   *     console.error('Failed to delete tenant:', error);
-   *   }
-   * }
-   * ```
-   *
-   * @since 0.6.0
-   * @public
-   * @group Tenant Management
-   */
-  async deleteTenant() {
-    try {
-      const response = await this.omnibaseClient.fetch(`/api/v1/tenants`, {
-        method: "DELETE",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        credentials: "include"
-      });
-      if (!response.ok) {
-        const errorData = await response.text();
-        throw new Error(
-          `Failed to delete tenant: ${response.status} - ${errorData}`
-        );
-      }
-      const data = await response.json();
-      return data;
-    } catch (error) {
-      console.error("Error deleting tenant:", error);
-      throw error;
-    }
-  }
-  /**
-   * Switches the user's active tenant context
-   *
-   * Changes the user's active tenant to the specified tenant ID, updating
-   * their authentication context and permissions. This function is essential
-   * for multi-tenant applications where users belong to multiple tenants
-   * and need to switch between them.
-   *
-   * The function performs several operations:
-   * - Validates that the user has access to the specified tenant
-   * - Updates the user's active tenant in their session
-   * - Generates a new JWT token with updated tenant claims
-   * - Updates any cached tenant-specific data
-   *
-   * After switching tenants, all subsequent API calls will be made within
-   * the context of the new active tenant, with row-level security policies
-   * applied accordingly. The new JWT token should be used for all future
-   * authenticated requests.
-   *
-   * @param tenantId - The ID of the tenant to switch to (must be a tenant the user belongs to)
-   *
-   * @returns Promise resolving to a new JWT token and success confirmation
-   *
-   * @throws {Error} When the tenantId parameter is missing or empty
-   * @throws {Error} When the user doesn't have access to the specified tenant
-   * @throws {Error} When the user is not authenticated
-   * @throws {Error} When the specified tenant doesn't exist
-   * @throws {Error} When the API request fails due to network issues
-   * @throws {Error} When the server returns an error response (4xx, 5xx status codes)
-   *
-   * @example
-   * ```typescript
-   * const result = await tenantManager.switchActiveTenant('tenant_xyz789');
-   *
-   * // Store the new token for future requests
-   * console.log(`Switched to tenant. New token: ${result.data.token}`);
-   *
-   * // Now all API calls will be in the context of tenant_xyz789
-   * const tenantData = await getCurrentTenantData();
-   * ```
-   *
-   * @since 0.6.0
-   * @public
-   * @group Tenant Management
-   */
-  async switchActiveTenant(tenantId) {
-    if (!tenantId) {
-      throw new Error("Tenant ID is required");
-    }
-    const requestBody = {
-      tenant_id: tenantId
-    };
-    try {
-      const response = await this.omnibaseClient.fetch(
-        `/api/v1/tenants/switch-active`,
-        {
-          method: "PUT",
-          headers: {
-            "Content-Type": "application/json"
-          },
-          body: JSON.stringify(requestBody),
-          credentials: "include"
-        }
-      );
-      if (!response.ok) {
-        const errorData = await response.text();
-        throw new Error(
-          `Failed to switch tenant: ${response.status} - ${errorData}`
-        );
-      }
-      const data = await response.json();
-      return data;
-    } catch (error) {
-      console.error("Error switching active tenant:", error);
-      throw error;
-    }
-  }
-};
-
-// src/tenants/subscriptions.ts
-var TenantSubscriptionManager = class {
-  /**
-   * Creates a new TenantSubscriptionManager instance
-   *
-   * @param omnibaseClient - Configured Omnibase client instance
-   *
-   * @group Tenant Subscriptions
-   */
-  constructor(omnibaseClient) {
-    this.omnibaseClient = omnibaseClient;
-  }
-  /**
-   * Get all active subscriptions for the current tenant
-   *
-   * Retrieves all active Stripe subscriptions associated with the user's
-   * currently active tenant. Returns subscriptions with config-based price IDs
-   * instead of raw Stripe IDs, making it easier to match against your billing
-   * configuration.
-   *
-   * The endpoint automatically:
-   * - Fetches subscriptions from Stripe API
-   * - Maps Stripe price IDs to your config price IDs
-   * - Checks both current and historical price mappings
-   * - Flags legacy prices from old billing configurations
-   * - Filters to only active/trialing/past_due subscriptions
-   *
-   * Returns an empty array if:
-   * - Tenant has no Stripe customer ID configured
-   * - Tenant has no active subscriptions
-   * - User is not authenticated
-   *
-   * @returns Promise resolving to array of active subscriptions
-   *
-   * @throws {Error} When the user is not authenticated
-   * @throws {Error} When the API request fails due to network issues
-   * @throws {Error} When the server returns an error response (4xx, 5xx)
-   *
-   * @example
-   * ```typescript
-   * const response = await subscriptionManager.getActive();
-   *
-   * if (response.data.length === 0) {
-   *   console.log('No active subscriptions');
-   * } else {
-   *   response.data.forEach(sub => {
-   *     console.log(`Plan: ${sub.config_price_id}`);
-   *     console.log(`Status: ${sub.status}`);
-   *     if (sub.is_legacy_price) {
-   *       console.log('⚠️ Using legacy pricing');
-   *     }
-   *   });
-   * }
-   * ```
-   *
-   * @since 0.6.0
-   * @public
-   * @group Tenant Subscriptions
-   */
-  async getActive() {
-    try {
-      const response = await this.omnibaseClient.fetch(
-        `/api/v1/tenants/subscriptions`,
-        {
-          method: "GET",
-          credentials: "include"
-        }
-      );
-      if (!response.ok) {
-        const errorData = await response.text();
-        throw new Error(
-          `Failed to fetch subscriptions: ${response.status} - ${errorData}`
-        );
-      }
-      const data = await response.json();
-      return data;
-    } catch (error) {
-      console.error("Error fetching tenant subscriptions:", error);
-      throw error;
-    }
-  }
-  /**
-   * Check if the current tenant has billing information configured
-   *
-   * Verifies whether the tenant has valid payment methods attached to their
-   * Stripe customer account. This is useful for:
-   * - Showing billing setup prompts
-   * - Gating premium features behind payment method requirement
-   * - Displaying billing status indicators in UI
-   * - Determining if customer portal access should be shown
-   *
-   * The check verifies:
-   * - Default payment source (card, bank account, etc.)
-   * - Default payment method in invoice settings
-   * - Whether the payment method is valid and active
-   *
-   * Returns `false` if:
-   * - Tenant has no Stripe customer ID
-   * - No payment methods are configured
-   * - User is not authenticated
-   *
-   * @returns Promise resolving to billing status information
-   *
-   * @throws {Error} When the user is not authenticated
-   * @throws {Error} When the API request fails due to network issues
-   * @throws {Error} When the server returns an error response (4xx, 5xx)
-   *
-   * @example
-   * ```typescript
-   * const response = await subscriptionManager.getBillingStatus();
-   *
-   * if (!response.data.has_billing_info) {
-   *   // Show billing setup prompt
-   *   showBillingSetupModal();
-   * } else if (!response.data.is_active) {
-   *   // Payment method exists but may be expired/invalid
-   *   showPaymentMethodUpdatePrompt();
-   * } else {
-   *   // All good - show customer portal link
-   *   showManageBillingButton();
-   * }
-   * ```
-   *
-   * @since 0.6.0
-   * @public
-   * @group Tenant Subscriptions
-   */
-  async getBillingStatus() {
-    try {
-      const response = await this.omnibaseClient.fetch(
-        `/api/v1/tenants/billing-status`,
-        {
-          method: "GET",
-          credentials: "include"
-        }
-      );
-      if (!response.ok) {
-        const errorData = await response.text();
-        throw new Error(
-          `Failed to fetch billing status: ${response.status} - ${errorData}`
-        );
-      }
-      const data = await response.json();
-      return data;
-    } catch (error) {
-      console.error("Error fetching billing status:", error);
-      throw error;
-    }
-  }
-};
-
-// src/tenants/user.ts
-var TenantUserManager = class {
-  /**
-   * Creates a new tenant user manager
-   *
-   * @param omnibaseClient - Configured OmnibaseClient instance for API communication
-   *
-   * @group Tenant User Management
-   */
-  constructor(omnibaseClient) {
-    this.omnibaseClient = omnibaseClient;
-  }
-  /**
-   * Retrieves all users in the active tenant
-   *
-   * This method fetches a list of all users who are members of the current active tenant,
-   * including their basic information (name, email) and assigned role. The operation
-   * requires the requesting user to have appropriate permissions to view tenant users
-   * (typically requires `view_users` permission).
-   *
-   * The returned list includes all tenant members regardless of their role, ordered by
-   * when they joined the tenant (newest first).
-   *
-   * @returns Promise resolving to an array of tenant users with their details
-   *
-   * @throws {Error} When the API request fails (includes status code and error details)
-   * @throws {Error} When the user doesn't have permission to view users
-   * @throws {Error} When the user is not authenticated or no active tenant is set
-   *
-   * @example
-   * ```typescript
-   * // Fetch all users in the active tenant
-   * try {
-   *   const result = await userManager.getAll();
-   *   console.log(`Found ${result.data.length} users`);
-   *
-   *   result.data.forEach(user => {
-   *     console.log(`${user.first_name} ${user.last_name} (${user.email}) - ${user.role}`);
-   *   });
-   * } catch (error) {
-   *   if (error.message.includes('403')) {
-   *     console.error('Insufficient permissions to view users');
-   *   } else {
-   *     console.error('Failed to fetch users:', error);
-   *   }
-   * }
-   * ```
-   *
-   * @since 1.0.0
-   * @public
-   * @group Tenant User Management
-   */
-  async getAll() {
-    const response = await this.omnibaseClient.fetch("/api/v1/tenants/users", {
-      method: "GET"
-    });
-    if (!response.ok) {
-      const errorData = await response.text();
-      throw new Error(
-        `Failed to fetch tenant users: ${response.status} - ${errorData}`
-      );
-    }
-    return await response.json();
-  }
-  /**
-   * Removes a user from the active tenant
-   *
-   * This method removes a specified user from the current active tenant. The operation
-   * requires the requesting user to have appropriate permissions (admin or owner role).
-   * The user being removed will lose access to the tenant and all its resources.
-   *
-   * Note: You cannot remove yourself from a tenant using this method. To leave a tenant,
-   * use the appropriate leave or delete tenant operations instead.
-   *
-   * @param data - Request data containing the user ID to remove
-   * @param data.user_id - ID of the user to remove from the tenant
-   *
-   * @returns Promise resolving to an API response confirming the removal
-   *
-   * @throws {Error} When user_id is not provided
-   * @throws {Error} When the API request fails (includes status code and error details)
-   * @throws {Error} When the user doesn't have permission to remove users
-   * @throws {Error} When the specified user is not a member of the tenant
-   *
-   * @example
-   * ```typescript
-   * // Remove a user from the active tenant
-   * try {
-   *   await userManager.remove({ user_id: 'user_abc123' });
-   *   console.log('User removed successfully');
-   * } catch (error) {
-   *   if (error.message.includes('403')) {
-   *     console.error('Insufficient permissions to remove user');
-   *   } else if (error.message.includes('404')) {
-   *     console.error('User not found in tenant');
-   *   } else {
-   *     console.error('Failed to remove user:', error);
-   *   }
-   * }
-   * ```
-   *
-   * @since 0.6.0
-   * @public
-   * @group Tenant User Management
-   */
-  async remove(data) {
-    if (!data.user_id) {
-      throw new Error("user_id is required");
-    }
-    const response = await this.omnibaseClient.fetch("/api/v1/tenants/users", {
-      method: "DELETE",
-      body: JSON.stringify(data)
-    });
-    if (!response.ok) {
-      const errorData = await response.text();
-      throw new Error(
-        `Failed to delete user from tenant: ${response.status} - ${errorData}`
-      );
-    }
-    return await response.json();
-  }
-  /**
-   * Updates a user's role within the active tenant
-   *
-   * This method changes the role of a specified user in the current active tenant. The operation
-   * requires the requesting user to have appropriate permissions (typically admin or owner role).
-   * Role updates take effect immediately and affect the user's permissions and access rights
-   * within the tenant.
-   *
-   * Common roles include 'admin', 'member', and 'viewer', but the exact roles available depend
-   * on your tenant's configuration. Changing a user's role will modify their ability to perform
-   * various operations within the tenant.
-   *
-   * @param data - Request data containing the user ID and new role
-   * @param data.user_id - ID of the user whose role is being updated
-   * @param data.role - New role to assign to the user
-   *
-   * @returns Promise resolving to an API response confirming the role update
-   *
-   * @throws {Error} When user_id or role is not provided
-   * @throws {Error} When the API request fails (includes status code and error details)
-   * @throws {Error} When the user doesn't have permission to update roles
-   * @throws {Error} When the specified user is not a member of the tenant
-   * @throws {Error} When the specified role is invalid or not allowed
-   *
-   * @example
-   * ```typescript
-   * // Update a user's role to admin
-   * try {
-   *   const result = await userManager.updateRole({
-   *     user_id: 'user_abc123',
-   *     role: 'admin'
-   *   });
-   *   console.log('Role updated successfully:', result.data.message);
-   * } catch (error) {
-   *   if (error.message.includes('403')) {
-   *     console.error('Insufficient permissions to update roles');
-   *   } else if (error.message.includes('404')) {
-   *     console.error('User not found in tenant');
-   *   } else {
-   *     console.error('Failed to update role:', error);
-   *   }
-   * }
-   * ```
-   *
-   * @since 0.6.0
-   * @public
-   * @group Tenant User Management
-   */
-  async updateRole(data) {
-    if (!data.role || !data.user_id)
-      throw new Error("user_id and role is required");
-    const response = await this.omnibaseClient.fetch("/api/v1/tenants/users", {
-      method: "PUT",
-      body: JSON.stringify(data)
-    });
-    if (!response.ok) {
-      const errorData = await response.text();
-      throw new Error(
-        `Failed to update users role: ${response.status} - ${errorData}`
-      );
-    }
-    return await response.json();
-  }
-};
-
-// src/tenants/handler.ts
-var TenantHandler = class {
-  /**
-   * Creates a new TenantHandler instance
-   *
-   * Initializes the handler with the provided Omnibase client and sets up
-   * the specialized manager instances for tenant and invitation operations.
-   * The client is used for all underlying HTTP requests and authentication.
-   *
-   * @param omnibaseClient - Configured Omnibase client instance
-   *
-   * @example
-   * ```typescript
-   * const client = new OmnibaseClient({
-   *   apiKey: 'your-api-key',
-   *   baseURL: 'https://api.yourapp.com'
-   * });
-   * const tenantHandler = new TenantHandler(client);
-   * ```
-   *
-   * @group Tenant Management
-   */
-  constructor(omnibaseClient) {
-    this.invites = new TenantInviteManager(omnibaseClient);
-    this.manage = new TenantManger(omnibaseClient);
-    this.subscriptions = new TenantSubscriptionManager(omnibaseClient);
-    this.user = new TenantUserManager(omnibaseClient);
-  }
-  /**
-   * Tenant user management operations
-   *
-   * Provides access to operations for managing users within tenants, including
-   * removing users from the active tenant. All operations respect user permissions
-   * and tenant ownership rules.
-   *
-   * @example
-   * ```typescript
-   * // Remove a user from the active tenant
-   * await tenantHandler.user.remove({ user_id: 'user_123' });
-   * ```
-   *
-   * @since 0.6.0
-   * @group Tenant Management
-   */
-  user;
-  /**
-   * Core tenant management operations
-   *
-   * Provides access to tenant lifecycle operations including creation,
-   * deletion, and active tenant switching. All operations respect user
-   * permissions and tenant ownership rules.
-   *
-   * @example
-   * ```typescript
-   * // Create a new tenant
-   * const tenant = await tenantHandler.manage.createTenant({
-   *   name: 'New Company',
-   *   billing_email: 'billing@newcompany.com',
-   *   user_id: 'user_456'
-   * });
-   *
-   * // Switch to the tenant
-   * await tenantHandler.manage.switchActiveTenant(tenant.data.tenant.id);
-   *
-   * // Delete the tenant (owner only)
-   * await tenantHandler.manage.deleteTenant(tenant.data.tenant.id);
-   * ```
-   */
-  manage;
-  /**
-   * Tenant invitation management operations
-   *
-   * Provides access to user invitation functionality including creating
-   * invitations for new users and accepting existing invitations.
-   * Supports role-based access control and secure token-based workflows.
-   *
-   * @example
-   * ```typescript
-   * // Create an invitation
-   * const invite = await tenantHandler.invites.create({
-   *   email: 'newuser@company.com',
-   *   role: 'admin',
-   *   invite_url: 'https://yourapp.com/accept-invite'
-   * });
-   *
-   * // Accept an invitation (from the invited user's session)
-   * const result = await tenantHandler.invites.accept('invite_token_xyz');
-   * ```
-   */
-  invites;
-  /**
-   * Tenant subscription and billing management
-   *
-   * Provides access to subscription data and billing status for the
-   * active tenant, including legacy price detection and payment method
-   * verification. All operations are automatically scoped to the user's
-   * currently active tenant.
-   *
-   * @example
-   * ```typescript
-   * // Get active subscriptions
-   * const subs = await tenantHandler.subscriptions.getActive();
-   *
-   * // Check billing status
-   * const status = await tenantHandler.subscriptions.getBillingStatus();
-   * if (!status.data.has_billing_info) {
-   *   console.log('No payment method configured');
-   * }
-   * ```
-   *
-   * @since 0.6.0
-   * @group Tenant Management
-   */
-  subscriptions;
-};
-
-// src/client.ts
-var OmnibaseClient = class {
-  constructor(config) {
-    this.config = config;
-    this.permissions = new PermissionsClient(this.config.api_url, this);
-  }
-  /**
-   * Main payment handler for all payment-related operations
-   *
-   * This class serves as the central coordinator for all payment functionality,
-   * providing access to checkout sessions, billing configuration, customer portals,
-   * and usage tracking. It handles the low-level HTTP communication with the
-   * payment API and delegates specific operations to specialized managers.
-   *
-   * The handler automatically manages authentication, request formatting, and
-   * provides a consistent interface across all payment operations.
-   *
-   * @example
-   * ```typescript
-   * // Create a checkout session (mode auto-detected from price)
-   * const checkout = await omnibase.payments.checkout.createSession({
-   *   price_id: 'price_123',
-   *   success_url: 'https://app.com/success',
-   *   cancel_url: 'https://app.com/cancel'
-   * });
-   *
-   * // Get available products
-   * const products = await omnibase.payments.config.getAvailableProducts();
-   * ```
-   */
-  payments = new PaymentHandler(this);
-  /**
-   * Main tenant management handler
-   *
-   * This is the primary entry point for all tenant-related operations in the
-   * Omnibase SDK. It provides a unified interface to tenant management,
-   * user management, and invitation functionality through dedicated manager instances.
-   *
-   * The handler follows the composition pattern, combining specialized managers
-   * for different aspects of tenant functionality:
-   * - `manage`: Core tenant operations (create, delete, switch)
-   * - `invites`: User invitation management (create, accept)
-   * - `user`: Tenant user operations (remove, update role)
-   *
-   * All operations are performed within the context of the authenticated user
-   * and respect tenant-level permissions and row-level security policies.
-   *
-   * @example
-   * ```typescript
-   * // Create a new tenant
-   * const tenant = await omnibase.tenants.manage.createTenant({
-   *   name: 'My Company',
-   *   billing_email: 'billing@company.com',
-   *   user_id: 'user_123'
-   * });
-   *
-   * // Invite users to the tenant
-   * const invite = await omnibase.tenants.invites.create({
-   *   email: 'colleague@company.com',
-   *   role: 'member',
-   *   invite_url: 'https://yourapp.com/accept-invite'
-   * });
-   *
-   * // Switch to the new tenant
-   * await omnibase.tenants.manage.switchActiveTenant(tenant.data.tenant.id);
-   * ```
-   *
-   * @since 0.6.0
-   * @public
-   * @group Tenant Management
-   */
-  tenants = new TenantHandler(this);
-  /**
-   * Client for managing permissions and relationships using Ory Keto
-   *
-   * This client provides access to Ory Keto's permission system, allowing you to
-   * create, manage, and check relationships between subjects and objects. It handles
-   * both read operations (permission checks) and write operations (relationship management).
-   *
-   * The client automatically configures separate endpoints for read and write operations
-   * to optimize performance and security by following Ory Keto's recommended architecture.
-   *
-   * @example
-   * ```typescript
-   * // Check if a user can view a tenant
-   * const canView = await omnibase.permissions.permissions.checkPermission(
-   *   undefined,
-   *   {
-   *     namespace: 'Tenant',
-   *     object: 'tenant_123',
-   *     relation: 'view',
-   *     subjectId: 'user_456'
-   *   }
-   * );
-   *
-   * if (canView.data.allowed) {
-   *   console.log('User can view the tenant');
-   * }
-   *
-   * // Create a relationship making a user an owner of a tenant
-   * await omnibase.permissions.relationships.createRelationship(
-   *   undefined,
-   *   {
-   *     namespace: 'Tenant',
-   *     object: 'tenant_123',
-   *     relation: 'owners',
-   *     subjectId: 'user_456'
-   *   }
-   * );
-   * ```
-   *
-   * @since 0.6.0
-   * @public
-   * @group Permissions
-   */
-  permissions;
-  /**
-   * Storage client for file upload/download operations
-   *
-   * @example
-   * ```typescript
-   * // Upload with metadata
-   * await omnibase.storage.bucket('documents').upload(
-   *   'report.pdf',
-   *   file,
-   *   { metadata: { department: 'engineering' } }
-   * );
-   * ```
-   */
-  storage = new StorageClient(this);
-  async fetch(endpoint, options = {}) {
-    if (this.config.fetch)
-      return this.config.fetch(this.config.api_url + endpoint, options);
-    return fetch(this.config.api_url + endpoint, {
-      ...options,
-      credentials: "include"
-    });
-  }
-};
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  OmnibaseClient,
-  PermissionsClient,
-  RolesHandler,
-  StorageClient
-});