@omnibase/core-js 0.8.0 → 0.9.1

package/src/apis/TenantsApi.ts

@@ -0,0 +1,868 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * Omnibase REST API
+ * Self-hostable Backend-as-a-Service providing database management, authentication, payments, storage, and email services.  ## Features - **Database**: PostgreSQL with RLS and migrations - **Authentication**: Ory Kratos integration with session management - **Payments**: Stripe integration with version-controlled billing configs - **Storage**: S3-compatible object storage with RLS - **Email**: Transactional email service - **Permissions**: Fine-grained access control via Ory Keto  ## Authentication Most endpoints require authentication via session cookies or JWT tokens. Use the appropriate security scheme based on the endpoint requirements.
+ *
+ * The version of the OpenAPI document: 0.9.1
+ * Contact: support@omnibase.dev
+ *
+ * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
+ * https://openapi-generator.tech
+ * Do not edit the class manually.
+ */
+
+
+import * as runtime from '../runtime';
+import type {
+  AcceptInvite200Response,
+  AssignRole200Response,
+  CreateInvite200Response,
+  CreateRole200Response,
+  CreateTenant200Response,
+  DeleteRole200Response,
+  DeleteTenant200Response,
+  GetRoleDefinitions200Response,
+  GetTenantBillingStatus200Response,
+  GetTenantJWT200Response,
+  HandlersBadRequestResponse,
+  HandlersForbiddenResponse,
+  HandlersInternalServerErrorResponse,
+  HandlersNotFoundErrorResponse,
+  HandlersSuccessResponse,
+  HandlersUnauthorizedResponse,
+  ListRoles200Response,
+  ListTenantSubscriptions200Response,
+  ListTenantUsers200Response,
+  SwitchActiveTenant200Response,
+  TenantsAcceptInviteRequest,
+  TenantsAssignRoleRequest,
+  TenantsCreateRoleRequest,
+  TenantsCreateTenantRequest,
+  TenantsCreateTenantUserInviteRequest,
+  TenantsDeleteTenantUserRequest,
+  TenantsSwitchTenantRequest,
+  TenantsUpdateRoleRequest,
+  TenantsUpdateTenantUserRoleRequest,
+  UpdateTenantUserRole200Response,
+} from '../models/index';
+import {
+    AcceptInvite200ResponseFromJSON,
+    AcceptInvite200ResponseToJSON,
+    AssignRole200ResponseFromJSON,
+    AssignRole200ResponseToJSON,
+    CreateInvite200ResponseFromJSON,
+    CreateInvite200ResponseToJSON,
+    CreateRole200ResponseFromJSON,
+    CreateRole200ResponseToJSON,
+    CreateTenant200ResponseFromJSON,
+    CreateTenant200ResponseToJSON,
+    DeleteRole200ResponseFromJSON,
+    DeleteRole200ResponseToJSON,
+    DeleteTenant200ResponseFromJSON,
+    DeleteTenant200ResponseToJSON,
+    GetRoleDefinitions200ResponseFromJSON,
+    GetRoleDefinitions200ResponseToJSON,
+    GetTenantBillingStatus200ResponseFromJSON,
+    GetTenantBillingStatus200ResponseToJSON,
+    GetTenantJWT200ResponseFromJSON,
+    GetTenantJWT200ResponseToJSON,
+    HandlersBadRequestResponseFromJSON,
+    HandlersBadRequestResponseToJSON,
+    HandlersForbiddenResponseFromJSON,
+    HandlersForbiddenResponseToJSON,
+    HandlersInternalServerErrorResponseFromJSON,
+    HandlersInternalServerErrorResponseToJSON,
+    HandlersNotFoundErrorResponseFromJSON,
+    HandlersNotFoundErrorResponseToJSON,
+    HandlersSuccessResponseFromJSON,
+    HandlersSuccessResponseToJSON,
+    HandlersUnauthorizedResponseFromJSON,
+    HandlersUnauthorizedResponseToJSON,
+    ListRoles200ResponseFromJSON,
+    ListRoles200ResponseToJSON,
+    ListTenantSubscriptions200ResponseFromJSON,
+    ListTenantSubscriptions200ResponseToJSON,
+    ListTenantUsers200ResponseFromJSON,
+    ListTenantUsers200ResponseToJSON,
+    SwitchActiveTenant200ResponseFromJSON,
+    SwitchActiveTenant200ResponseToJSON,
+    TenantsAcceptInviteRequestFromJSON,
+    TenantsAcceptInviteRequestToJSON,
+    TenantsAssignRoleRequestFromJSON,
+    TenantsAssignRoleRequestToJSON,
+    TenantsCreateRoleRequestFromJSON,
+    TenantsCreateRoleRequestToJSON,
+    TenantsCreateTenantRequestFromJSON,
+    TenantsCreateTenantRequestToJSON,
+    TenantsCreateTenantUserInviteRequestFromJSON,
+    TenantsCreateTenantUserInviteRequestToJSON,
+    TenantsDeleteTenantUserRequestFromJSON,
+    TenantsDeleteTenantUserRequestToJSON,
+    TenantsSwitchTenantRequestFromJSON,
+    TenantsSwitchTenantRequestToJSON,
+    TenantsUpdateRoleRequestFromJSON,
+    TenantsUpdateRoleRequestToJSON,
+    TenantsUpdateTenantUserRoleRequestFromJSON,
+    TenantsUpdateTenantUserRoleRequestToJSON,
+    UpdateTenantUserRole200ResponseFromJSON,
+    UpdateTenantUserRole200ResponseToJSON,
+} from '../models/index';
+
+export interface AcceptInviteRequest {
+    request: TenantsAcceptInviteRequest;
+}
+
+export interface AssignRoleRequest {
+    userId: string;
+    request: TenantsAssignRoleRequest;
+}
+
+export interface CreateInviteRequest {
+    request: TenantsCreateTenantUserInviteRequest;
+}
+
+export interface CreateRoleRequest {
+    request: TenantsCreateRoleRequest;
+}
+
+export interface CreateTenantRequest {
+    request: TenantsCreateTenantRequest;
+}
+
+export interface DeleteRoleRequest {
+    roleId: string;
+}
+
+export interface RemoveTenantUserRequest {
+    request: TenantsDeleteTenantUserRequest;
+}
+
+export interface SwitchActiveTenantRequest {
+    request: TenantsSwitchTenantRequest;
+}
+
+export interface UpdateRoleRequest {
+    roleId: string;
+    request: TenantsUpdateRoleRequest;
+}
+
+export interface UpdateTenantUserRoleRequest {
+    request: TenantsUpdateTenantUserRoleRequest;
+}
+
+/**
+ * 
+ */
+export class TenantsApi extends runtime.BaseAPI {
+
+    /**
+     * Accepts a tenant invitation using the token from the invite email and adds the user to the organization.  ## Authentication Requires JWT token. User\'s email must match the invite email.  ## Process 1. Validates invite token and expiry 2. Verifies user\'s email matches invite email 3. Marks invite as used 4. Adds user to tenant 5. Assigns role with permissions 6. Sets as active tenant and returns JWT token
+     * Accept tenant invite
+     */
+    async acceptInviteRaw(requestParameters: AcceptInviteRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<AcceptInvite200Response>> {
+        if (requestParameters['request'] == null) {
+            throw new runtime.RequiredError(
+                'request',
+                'Required parameter "request" was null or undefined when calling acceptInvite().'
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/tenants/invites/accept`;
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'PUT',
+            headers: headerParameters,
+            query: queryParameters,
+            body: TenantsAcceptInviteRequestToJSON(requestParameters['request']),
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => AcceptInvite200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Accepts a tenant invitation using the token from the invite email and adds the user to the organization.  ## Authentication Requires JWT token. User\'s email must match the invite email.  ## Process 1. Validates invite token and expiry 2. Verifies user\'s email matches invite email 3. Marks invite as used 4. Adds user to tenant 5. Assigns role with permissions 6. Sets as active tenant and returns JWT token
+     * Accept tenant invite
+     */
+    async acceptInvite(requestParameters: AcceptInviteRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<AcceptInvite200Response> {
+        const response = await this.acceptInviteRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Assigns a role to a user and creates all associated Keto relationships for the role\'s permissions.  ## Authentication Requires JWT token with tenant context and appropriate permissions.  ## Request Format Provide either `role_id` or `role_name` (not both).  ## Use Cases - Grant role to user - Assign permissions via role - User onboarding
+     * Assign role to user
+     */
+    async assignRoleRaw(requestParameters: AssignRoleRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<AssignRole200Response>> {
+        if (requestParameters['userId'] == null) {
+            throw new runtime.RequiredError(
+                'userId',
+                'Required parameter "userId" was null or undefined when calling assignRole().'
+            );
+        }
+
+        if (requestParameters['request'] == null) {
+            throw new runtime.RequiredError(
+                'request',
+                'Required parameter "request" was null or undefined when calling assignRole().'
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/tenants/roles/assign/{user_id}`;
+        urlPath = urlPath.replace(`{${"user_id"}}`, encodeURIComponent(String(requestParameters['userId'])));
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+            body: TenantsAssignRoleRequestToJSON(requestParameters['request']),
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => AssignRole200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Assigns a role to a user and creates all associated Keto relationships for the role\'s permissions.  ## Authentication Requires JWT token with tenant context and appropriate permissions.  ## Request Format Provide either `role_id` or `role_name` (not both).  ## Use Cases - Grant role to user - Assign permissions via role - User onboarding
+     * Assign role to user
+     */
+    async assignRole(requestParameters: AssignRoleRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<AssignRole200Response> {
+        const response = await this.assignRoleRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Creates a tenant invitation with a 7-day expiry token and sends an email to the invited user.  ## Authentication Requires JWT token with `invite_user` permission.  ## Process 1. Verifies user has invite permission 2. Creates invite with unique token (7-day expiry) 3. Sends invitation email asynchronously  ## Use Cases - Add team members to organization - Invite collaborators with specific roles
+     * Create tenant invite
+     */
+    async createInviteRaw(requestParameters: CreateInviteRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<CreateInvite200Response>> {
+        if (requestParameters['request'] == null) {
+            throw new runtime.RequiredError(
+                'request',
+                'Required parameter "request" was null or undefined when calling createInvite().'
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/tenants/invites`;
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+            body: TenantsCreateTenantUserInviteRequestToJSON(requestParameters['request']),
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => CreateInvite200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Creates a tenant invitation with a 7-day expiry token and sends an email to the invited user.  ## Authentication Requires JWT token with `invite_user` permission.  ## Process 1. Verifies user has invite permission 2. Creates invite with unique token (7-day expiry) 3. Sends invitation email asynchronously  ## Use Cases - Add team members to organization - Invite collaborators with specific roles
+     * Create tenant invite
+     */
+    async createInvite(requestParameters: CreateInviteRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<CreateInvite200Response> {
+        const response = await this.createInviteRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Creates a new custom role for the tenant with specified permissions.  ## Authentication Requires JWT token with tenant context and appropriate permissions.  ## Permission Format Permissions should be in the format: `namespace:resource#relation` - Tenant-wide: `tenant#relation` - Resource-specific: `project:uuid#relation`  ## Use Cases - Create custom roles for specific workflows - Define project-specific permissions - Build granular access control
+     * Create role
+     */
+    async createRoleRaw(requestParameters: CreateRoleRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<CreateRole200Response>> {
+        if (requestParameters['request'] == null) {
+            throw new runtime.RequiredError(
+                'request',
+                'Required parameter "request" was null or undefined when calling createRole().'
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/tenants/roles`;
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+            body: TenantsCreateRoleRequestToJSON(requestParameters['request']),
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => CreateRole200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Creates a new custom role for the tenant with specified permissions.  ## Authentication Requires JWT token with tenant context and appropriate permissions.  ## Permission Format Permissions should be in the format: `namespace:resource#relation` - Tenant-wide: `tenant#relation` - Resource-specific: `project:uuid#relation`  ## Use Cases - Create custom roles for specific workflows - Define project-specific permissions - Build granular access control
+     * Create role
+     */
+    async createRole(requestParameters: CreateRoleRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<CreateRole200Response> {
+        const response = await this.createRoleRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Creates a new tenant organization with Stripe customer, sets up owner role, and makes it the active tenant for the creator.  ## Authentication Requires JWT token.  ## Process 1. Creates Stripe customer (if billing_email provided) 2. Creates tenant in database 3. Sets up default tenant settings 4. Adds creator as owner 5. Assigns owner role with all permissions 6. Sets as active tenant and returns JWT token
+     * Create tenant
+     */
+    async createTenantRaw(requestParameters: CreateTenantRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<CreateTenant200Response>> {
+        if (requestParameters['request'] == null) {
+            throw new runtime.RequiredError(
+                'request',
+                'Required parameter "request" was null or undefined when calling createTenant().'
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/tenants`;
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'POST',
+            headers: headerParameters,
+            query: queryParameters,
+            body: TenantsCreateTenantRequestToJSON(requestParameters['request']),
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => CreateTenant200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Creates a new tenant organization with Stripe customer, sets up owner role, and makes it the active tenant for the creator.  ## Authentication Requires JWT token.  ## Process 1. Creates Stripe customer (if billing_email provided) 2. Creates tenant in database 3. Sets up default tenant settings 4. Adds creator as owner 5. Assigns owner role with all permissions 6. Sets as active tenant and returns JWT token
+     * Create tenant
+     */
+    async createTenant(requestParameters: CreateTenantRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<CreateTenant200Response> {
+        const response = await this.createTenantRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Deletes a role and removes all associated Keto relationships for users who had this role assigned.  ## Authentication Requires JWT token with tenant context and appropriate permissions.  ## Use Cases - Remove obsolete roles - Clean up role definitions - Revoke all permissions from role users
+     * Delete role
+     */
+    async deleteRoleRaw(requestParameters: DeleteRoleRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<DeleteRole200Response>> {
+        if (requestParameters['roleId'] == null) {
+            throw new runtime.RequiredError(
+                'roleId',
+                'Required parameter "roleId" was null or undefined when calling deleteRole().'
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/tenants/roles/{role_id}`;
+        urlPath = urlPath.replace(`{${"role_id"}}`, encodeURIComponent(String(requestParameters['roleId'])));
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'DELETE',
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => DeleteRole200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Deletes a role and removes all associated Keto relationships for users who had this role assigned.  ## Authentication Requires JWT token with tenant context and appropriate permissions.  ## Use Cases - Remove obsolete roles - Clean up role definitions - Revoke all permissions from role users
+     * Delete role
+     */
+    async deleteRole(requestParameters: DeleteRoleRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<DeleteRole200Response> {
+        const response = await this.deleteRoleRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Deletes a tenant organization and performs cleanup of Stripe customer, Keto permissions, and user associations.  ## Authentication Requires JWT token with `delete_tenant` permission.  ## Process 1. Verifies user has delete permission 2. Archives Stripe customer 3. Deletes tenant (cascades to users, settings, invites) 4. Cleans up all affected users\' tenant state
+     * Delete tenant
+     */
+    async deleteTenantRaw(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<DeleteTenant200Response>> {
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/tenants`;
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'DELETE',
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => DeleteTenant200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Deletes a tenant organization and performs cleanup of Stripe customer, Keto permissions, and user associations.  ## Authentication Requires JWT token with `delete_tenant` permission.  ## Process 1. Verifies user has delete permission 2. Archives Stripe customer 3. Deletes tenant (cascades to users, settings, invites) 4. Cleans up all affected users\' tenant state
+     * Delete tenant
+     */
+    async deleteTenant(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<DeleteTenant200Response> {
+        const response = await this.deleteTenantRaw(initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Returns all available permission namespaces and their relations from the database.  ## Authentication Requires JWT token with appropriate permissions.  ## Use Cases - Discover available permission namespaces - List relations for each namespace - Build dynamic permission UIs
+     * Get namespace definitions
+     */
+    async getRoleDefinitionsRaw(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<GetRoleDefinitions200Response>> {
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/tenants/roles/definitions`;
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'GET',
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => GetRoleDefinitions200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Returns all available permission namespaces and their relations from the database.  ## Authentication Requires JWT token with appropriate permissions.  ## Use Cases - Discover available permission namespaces - List relations for each namespace - Build dynamic permission UIs
+     * Get namespace definitions
+     */
+    async getRoleDefinitions(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<GetRoleDefinitions200Response> {
+        const response = await this.getRoleDefinitionsRaw(initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Checks whether the tenant has billing information configured in Stripe and if it\'s active.  ## Authentication Requires JWT token with tenant context.  ## Use Cases - Check if billing setup is required - Conditional feature access - Payment method verification
+     * Get billing status
+     */
+    async getTenantBillingStatusRaw(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<GetTenantBillingStatus200Response>> {
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/tenants/billing-status`;
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'GET',
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => GetTenantBillingStatus200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Checks whether the tenant has billing information configured in Stripe and if it\'s active.  ## Authentication Requires JWT token with tenant context.  ## Use Cases - Check if billing setup is required - Conditional feature access - Payment method verification
+     * Get billing status
+     */
+    async getTenantBillingStatus(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<GetTenantBillingStatus200Response> {
+        const response = await this.getTenantBillingStatusRaw(initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Generates a JWT token for direct PostgREST database access with the user\'s active tenant context.  ## Authentication Requires JWT token and active tenant.  ## Use Cases - Client-side database queries - Real-time subscriptions - Direct PostgREST API access
+     * Get PostgREST JWT token
+     */
+    async getTenantJWTRaw(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<GetTenantJWT200Response>> {
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/tenants/jwt`;
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'GET',
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => GetTenantJWT200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Generates a JWT token for direct PostgREST database access with the user\'s active tenant context.  ## Authentication Requires JWT token and active tenant.  ## Use Cases - Client-side database queries - Real-time subscriptions - Direct PostgREST API access
+     * Get PostgREST JWT token
+     */
+    async getTenantJWT(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<GetTenantJWT200Response> {
+        const response = await this.getTenantJWTRaw(initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Returns all roles for the authenticated tenant, including both system roles and custom tenant-specific roles.  ## Authentication Requires JWT token with tenant context.  ## Use Cases - Display available roles to assign - Role management UI - Permission auditing
+     * List roles
+     */
+    async listRolesRaw(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<ListRoles200Response>> {
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/tenants/roles`;
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'GET',
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => ListRoles200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Returns all roles for the authenticated tenant, including both system roles and custom tenant-specific roles.  ## Authentication Requires JWT token with tenant context.  ## Use Cases - Display available roles to assign - Role management UI - Permission auditing
+     * List roles
+     */
+    async listRoles(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<ListRoles200Response> {
+        const response = await this.listRolesRaw(initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Returns all active Stripe subscriptions associated with the tenant\'s Stripe customer.  ## Authentication Requires JWT token with tenant context.  ## Use Cases - Display current subscriptions - Billing overview - Subscription management UI
+     * Get tenant subscriptions
+     */
+    async listTenantSubscriptionsRaw(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<ListTenantSubscriptions200Response>> {
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/tenants/subscriptions`;
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'GET',
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => ListTenantSubscriptions200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Returns all active Stripe subscriptions associated with the tenant\'s Stripe customer.  ## Authentication Requires JWT token with tenant context.  ## Use Cases - Display current subscriptions - Billing overview - Subscription management UI
+     * Get tenant subscriptions
+     */
+    async listTenantSubscriptions(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<ListTenantSubscriptions200Response> {
+        const response = await this.listTenantSubscriptionsRaw(initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Returns all users who are members of the tenant with their profile information and roles.  ## Authentication Requires JWT token with `view_users` permission.  ## Use Cases - Display team members list - User management UI - Member directory
+     * Get tenant users
+     */
+    async listTenantUsersRaw(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<ListTenantUsers200Response>> {
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/tenants/users`;
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'GET',
+            headers: headerParameters,
+            query: queryParameters,
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => ListTenantUsers200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Returns all users who are members of the tenant with their profile information and roles.  ## Authentication Requires JWT token with `view_users` permission.  ## Use Cases - Display team members list - User management UI - Member directory
+     * Get tenant users
+     */
+    async listTenantUsers(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<ListTenantUsers200Response> {
+        const response = await this.listTenantUsersRaw(initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Removes a user from the tenant and cleans up all associated permissions and Keto relationships.  ## Authentication Requires JWT token with `remove_user` permission.  ## Restrictions - Cannot remove the last owner (must have at least one owner) - Removing an owner requires `remove_owner_role` permission  ## Process 1. Verifies permissions 2. Removes from role\'s user list 3. Deletes all Keto relationships 4. Removes from database 5. Cleans up user\'s tenant state
+     * Remove tenant user
+     */
+    async removeTenantUserRaw(requestParameters: RemoveTenantUserRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<HandlersSuccessResponse>> {
+        if (requestParameters['request'] == null) {
+            throw new runtime.RequiredError(
+                'request',
+                'Required parameter "request" was null or undefined when calling removeTenantUser().'
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/tenants/users`;
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'DELETE',
+            headers: headerParameters,
+            query: queryParameters,
+            body: TenantsDeleteTenantUserRequestToJSON(requestParameters['request']),
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => HandlersSuccessResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Removes a user from the tenant and cleans up all associated permissions and Keto relationships.  ## Authentication Requires JWT token with `remove_user` permission.  ## Restrictions - Cannot remove the last owner (must have at least one owner) - Removing an owner requires `remove_owner_role` permission  ## Process 1. Verifies permissions 2. Removes from role\'s user list 3. Deletes all Keto relationships 4. Removes from database 5. Cleans up user\'s tenant state
+     * Remove tenant user
+     */
+    async removeTenantUser(requestParameters: RemoveTenantUserRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<HandlersSuccessResponse> {
+        const response = await this.removeTenantUserRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Updates the user\'s active tenant in Kratos identity and returns a new JWT token with updated tenant context.  ## Authentication Requires JWT token.  ## Use Cases - Switch between organizations - Change context for multi-tenant users
+     * Switch active tenant
+     */
+    async switchActiveTenantRaw(requestParameters: SwitchActiveTenantRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<SwitchActiveTenant200Response>> {
+        if (requestParameters['request'] == null) {
+            throw new runtime.RequiredError(
+                'request',
+                'Required parameter "request" was null or undefined when calling switchActiveTenant().'
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/tenants/switch-active`;
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'PUT',
+            headers: headerParameters,
+            query: queryParameters,
+            body: TenantsSwitchTenantRequestToJSON(requestParameters['request']),
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => SwitchActiveTenant200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Updates the user\'s active tenant in Kratos identity and returns a new JWT token with updated tenant context.  ## Authentication Requires JWT token.  ## Use Cases - Switch between organizations - Change context for multi-tenant users
+     * Switch active tenant
+     */
+    async switchActiveTenant(requestParameters: SwitchActiveTenantRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<SwitchActiveTenant200Response> {
+        const response = await this.switchActiveTenantRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Updates the permissions for an existing role. This will update Keto relationships for all users assigned to this role.  ## Authentication Requires JWT token with tenant context and appropriate permissions.  ## Permission Format Permissions should be in the format: `namespace:resource#relation`  ## Use Cases - Modify role permissions - Grant or revoke access - Update role capabilities
+     * Update role
+     */
+    async updateRoleRaw(requestParameters: UpdateRoleRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<CreateRole200Response>> {
+        if (requestParameters['roleId'] == null) {
+            throw new runtime.RequiredError(
+                'roleId',
+                'Required parameter "roleId" was null or undefined when calling updateRole().'
+            );
+        }
+
+        if (requestParameters['request'] == null) {
+            throw new runtime.RequiredError(
+                'request',
+                'Required parameter "request" was null or undefined when calling updateRole().'
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/tenants/roles/{role_id}`;
+        urlPath = urlPath.replace(`{${"role_id"}}`, encodeURIComponent(String(requestParameters['roleId'])));
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'PUT',
+            headers: headerParameters,
+            query: queryParameters,
+            body: TenantsUpdateRoleRequestToJSON(requestParameters['request']),
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => CreateRole200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Updates the permissions for an existing role. This will update Keto relationships for all users assigned to this role.  ## Authentication Requires JWT token with tenant context and appropriate permissions.  ## Permission Format Permissions should be in the format: `namespace:resource#relation`  ## Use Cases - Modify role permissions - Grant or revoke access - Update role capabilities
+     * Update role
+     */
+    async updateRole(requestParameters: UpdateRoleRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<CreateRole200Response> {
+        const response = await this.updateRoleRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+    /**
+     * Updates a user\'s role in the tenant and updates all associated Keto permissions.  ## Authentication Requires JWT token with `update_user_role` permission.  ## Restrictions - Promoting to owner requires `update_user_role_to_owner` permission - Demoting from owner requires `remove_owner_role` permission - Cannot demote the last owner (must have at least one owner)  ## Process 1. Verifies permissions 2. Removes old role permissions 3. Updates database 4. Assigns new role permissions
+     * Update user role
+     */
+    async updateTenantUserRoleRaw(requestParameters: UpdateTenantUserRoleRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<runtime.ApiResponse<UpdateTenantUserRole200Response>> {
+        if (requestParameters['request'] == null) {
+            throw new runtime.RequiredError(
+                'request',
+                'Required parameter "request" was null or undefined when calling updateTenantUserRole().'
+            );
+        }
+
+        const queryParameters: any = {};
+
+        const headerParameters: runtime.HTTPHeaders = {};
+
+        headerParameters['Content-Type'] = 'application/json';
+
+        if (this.configuration && this.configuration.apiKey) {
+            headerParameters["Authorization"] = await this.configuration.apiKey("Authorization"); // BearerAuth authentication
+        }
+
+
+        let urlPath = `/tenants/users/role`;
+
+        const response = await this.request({
+            path: urlPath,
+            method: 'PUT',
+            headers: headerParameters,
+            query: queryParameters,
+            body: TenantsUpdateTenantUserRoleRequestToJSON(requestParameters['request']),
+        }, initOverrides);
+
+        return new runtime.JSONApiResponse(response, (jsonValue) => UpdateTenantUserRole200ResponseFromJSON(jsonValue));
+    }
+
+    /**
+     * Updates a user\'s role in the tenant and updates all associated Keto permissions.  ## Authentication Requires JWT token with `update_user_role` permission.  ## Restrictions - Promoting to owner requires `update_user_role_to_owner` permission - Demoting from owner requires `remove_owner_role` permission - Cannot demote the last owner (must have at least one owner)  ## Process 1. Verifies permissions 2. Removes old role permissions 3. Updates database 4. Assigns new role permissions
+     * Update user role
+     */
+    async updateTenantUserRole(requestParameters: UpdateTenantUserRoleRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise<UpdateTenantUserRole200Response> {
+        const response = await this.updateTenantUserRoleRaw(requestParameters, initOverrides);
+        return await response.value();
+    }
+
+}