@pidgr/proto 0.36.0

package/package.json

@@ -0,0 +1,21 @@
+{
+  "name": "@pidgr/proto",
+  "version": "0.36.0",
+  "description": "Generated protobuf/gRPC stubs for the Pidgr platform",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/pidgr/pidgr-proto.git",
+    "directory": "gen/ts"
+  },
+  "publishConfig": {
+    "registry": "https://npm.pkg.github.com",
+    "access": "public"
+  },
+  "files": [
+    "pidgr/**/*.ts"
+  ],
+  "dependencies": {
+    "@bufbuild/protobuf": "^2.0.0",
+    "@connectrpc/connect": "^2.0.0"
+  }
+}

package/pidgr/v1/access_code_pb.ts

@@ -0,0 +1,247 @@
+// @generated by protoc-gen-es v2.11.0 with parameter "target=ts"
+// @generated from file pidgr/v1/access_code.proto (package pidgr.v1, syntax proto3)
+/* eslint-disable */
+
+import type { GenFile, GenMessage, GenService } from "@bufbuild/protobuf/codegenv2";
+import { fileDesc, messageDesc, serviceDesc } from "@bufbuild/protobuf/codegenv2";
+import type { Timestamp } from "@bufbuild/protobuf/wkt";
+import { file_google_protobuf_timestamp } from "@bufbuild/protobuf/wkt";
+import type { Message } from "@bufbuild/protobuf";
+
+/**
+ * Describes the file pidgr/v1/access_code.proto.
+ */
+export const file_pidgr_v1_access_code: GenFile = /*@__PURE__*/
+  fileDesc("ChpwaWRnci92MS9hY2Nlc3NfY29kZS5wcm90bxIIcGlkZ3IudjEi2wEKCkFjY2Vzc0NvZGUSCgoCaWQYASABKAkSDAoEY29kZRgCIAEoCRINCgVsYWJlbBgDIAEoCRIuCgpjcmVhdGVkX2F0GAQgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcBIvCgtyZWRlZW1lZF9hdBgFIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXASEwoLcmVkZWVtZWRfYnkYBiABKAkSLgoKcmV2b2tlZF9hdBgHIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXAiOgoaR2VuZXJhdGVBY2Nlc3NDb2Rlc1JlcXVlc3QSDQoFY291bnQYASABKAUSDQoFbGFiZWwYAiABKAkiSQobR2VuZXJhdGVBY2Nlc3NDb2Rlc1Jlc3BvbnNlEioKDGFjY2Vzc19jb2RlcxgBIAMoCzIULnBpZGdyLnYxLkFjY2Vzc0NvZGUiGAoWTGlzdEFjY2Vzc0NvZGVzUmVxdWVzdCJFChdMaXN0QWNjZXNzQ29kZXNSZXNwb25zZRIqCgxhY2Nlc3NfY29kZXMYASADKAsyFC5waWRnci52MS5BY2Nlc3NDb2RlIjEKF1Jldm9rZUFjY2Vzc0NvZGVSZXF1ZXN0EhYKDmFjY2Vzc19jb2RlX2lkGAEgASgJIhoKGFJldm9rZUFjY2Vzc0NvZGVSZXNwb25zZTKqAgoRQWNjZXNzQ29kZVNlcnZpY2USYgoTR2VuZXJhdGVBY2Nlc3NDb2RlcxIkLnBpZGdyLnYxLkdlbmVyYXRlQWNjZXNzQ29kZXNSZXF1ZXN0GiUucGlkZ3IudjEuR2VuZXJhdGVBY2Nlc3NDb2Rlc1Jlc3BvbnNlElYKD0xpc3RBY2Nlc3NDb2RlcxIgLnBpZGdyLnYxLkxpc3RBY2Nlc3NDb2Rlc1JlcXVlc3QaIS5waWRnci52MS5MaXN0QWNjZXNzQ29kZXNSZXNwb25zZRJZChBSZXZva2VBY2Nlc3NDb2RlEiEucGlkZ3IudjEuUmV2b2tlQWNjZXNzQ29kZVJlcXVlc3QaIi5waWRnci52MS5SZXZva2VBY2Nlc3NDb2RlUmVzcG9uc2VCNlo0Z2l0aHViLmNvbS9waWRnci9waWRnci1wcm90by9nZW4vZ28vcGlkZ3IvdjE7cGlkZ3J2MWIGcHJvdG8z", [file_google_protobuf_timestamp]);
+
+/**
+ * A pre-generated access code for early access gating.
+ * Codes are single-use: once redeemed during organization creation, they cannot be reused.
+ *
+ * @generated from message pidgr.v1.AccessCode
+ */
+export type AccessCode = Message<"pidgr.v1.AccessCode"> & {
+  /**
+   * Unique identifier for the access code.
+   *
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * The access code value (e.g. "PIDGR-A3BF7K2N").
+   * Format: PIDGR- followed by 8 alphanumeric characters (excludes 0, O, 1, I for readability).
+   *
+   * @generated from field: string code = 2;
+   */
+  code: string;
+
+  /**
+   * Optional human-friendly label for tracking (e.g. "Batch Feb 2026", "Demo for Acme").
+   * Constraints: Max length 200 characters.
+   *
+   * @generated from field: string label = 3;
+   */
+  label: string;
+
+  /**
+   * When the code was generated.
+   *
+   * @generated from field: google.protobuf.Timestamp created_at = 4;
+   */
+  createdAt?: Timestamp;
+
+  /**
+   * When the code was redeemed. Empty if not yet redeemed.
+   *
+   * @generated from field: google.protobuf.Timestamp redeemed_at = 5;
+   */
+  redeemedAt?: Timestamp;
+
+  /**
+   * Email of the user who redeemed the code. Empty if not yet redeemed.
+   *
+   * @generated from field: string redeemed_by = 6;
+   */
+  redeemedBy: string;
+
+  /**
+   * When the code was revoked. Empty if not revoked.
+   *
+   * @generated from field: google.protobuf.Timestamp revoked_at = 7;
+   */
+  revokedAt?: Timestamp;
+};
+
+/**
+ * Describes the message pidgr.v1.AccessCode.
+ * Use `create(AccessCodeSchema)` to create a new message.
+ */
+export const AccessCodeSchema: GenMessage<AccessCode> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_access_code, 0);
+
+/**
+ * Request to generate one or more access codes.
+ *
+ * @generated from message pidgr.v1.GenerateAccessCodesRequest
+ */
+export type GenerateAccessCodesRequest = Message<"pidgr.v1.GenerateAccessCodesRequest"> & {
+  /**
+   * Number of codes to generate. Required, must be between 1 and 100.
+   *
+   * @generated from field: int32 count = 1;
+   */
+  count: number;
+
+  /**
+   * Optional label applied to all generated codes.
+   * Constraints: Max length 200 characters.
+   *
+   * @generated from field: string label = 2;
+   */
+  label: string;
+};
+
+/**
+ * Describes the message pidgr.v1.GenerateAccessCodesRequest.
+ * Use `create(GenerateAccessCodesRequestSchema)` to create a new message.
+ */
+export const GenerateAccessCodesRequestSchema: GenMessage<GenerateAccessCodesRequest> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_access_code, 1);
+
+/**
+ * Response containing the newly generated access codes.
+ *
+ * @generated from message pidgr.v1.GenerateAccessCodesResponse
+ */
+export type GenerateAccessCodesResponse = Message<"pidgr.v1.GenerateAccessCodesResponse"> & {
+  /**
+   * The generated access codes.
+   *
+   * @generated from field: repeated pidgr.v1.AccessCode access_codes = 1;
+   */
+  accessCodes: AccessCode[];
+};
+
+/**
+ * Describes the message pidgr.v1.GenerateAccessCodesResponse.
+ * Use `create(GenerateAccessCodesResponseSchema)` to create a new message.
+ */
+export const GenerateAccessCodesResponseSchema: GenMessage<GenerateAccessCodesResponse> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_access_code, 2);
+
+/**
+ * Request to list all access codes.
+ *
+ * @generated from message pidgr.v1.ListAccessCodesRequest
+ */
+export type ListAccessCodesRequest = Message<"pidgr.v1.ListAccessCodesRequest"> & {
+};
+
+/**
+ * Describes the message pidgr.v1.ListAccessCodesRequest.
+ * Use `create(ListAccessCodesRequestSchema)` to create a new message.
+ */
+export const ListAccessCodesRequestSchema: GenMessage<ListAccessCodesRequest> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_access_code, 3);
+
+/**
+ * Response containing all access codes.
+ *
+ * @generated from message pidgr.v1.ListAccessCodesResponse
+ */
+export type ListAccessCodesResponse = Message<"pidgr.v1.ListAccessCodesResponse"> & {
+  /**
+   * All access codes (active, redeemed, and revoked).
+   *
+   * @generated from field: repeated pidgr.v1.AccessCode access_codes = 1;
+   */
+  accessCodes: AccessCode[];
+};
+
+/**
+ * Describes the message pidgr.v1.ListAccessCodesResponse.
+ * Use `create(ListAccessCodesResponseSchema)` to create a new message.
+ */
+export const ListAccessCodesResponseSchema: GenMessage<ListAccessCodesResponse> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_access_code, 4);
+
+/**
+ * Request to revoke an access code.
+ *
+ * @generated from message pidgr.v1.RevokeAccessCodeRequest
+ */
+export type RevokeAccessCodeRequest = Message<"pidgr.v1.RevokeAccessCodeRequest"> & {
+  /**
+   * ID of the access code to revoke. Required.
+   *
+   * @generated from field: string access_code_id = 1;
+   */
+  accessCodeId: string;
+};
+
+/**
+ * Describes the message pidgr.v1.RevokeAccessCodeRequest.
+ * Use `create(RevokeAccessCodeRequestSchema)` to create a new message.
+ */
+export const RevokeAccessCodeRequestSchema: GenMessage<RevokeAccessCodeRequest> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_access_code, 5);
+
+/**
+ * Response after revoking an access code.
+ *
+ * @generated from message pidgr.v1.RevokeAccessCodeResponse
+ */
+export type RevokeAccessCodeResponse = Message<"pidgr.v1.RevokeAccessCodeResponse"> & {
+};
+
+/**
+ * Describes the message pidgr.v1.RevokeAccessCodeResponse.
+ * Use `create(RevokeAccessCodeResponseSchema)` to create a new message.
+ */
+export const RevokeAccessCodeResponseSchema: GenMessage<RevokeAccessCodeResponse> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_access_code, 6);
+
+/**
+ * Manages early access codes for organization creation gating.
+ * All RPCs require API key authentication (platform-level, not org-scoped).
+ *
+ * @generated from service pidgr.v1.AccessCodeService
+ */
+export const AccessCodeService: GenService<{
+  /**
+   * Generate one or more access codes with an optional label.
+   * Authorization: Requires API key auth (service-level).
+   *
+   * @generated from rpc pidgr.v1.AccessCodeService.GenerateAccessCodes
+   */
+  generateAccessCodes: {
+    methodKind: "unary";
+    input: typeof GenerateAccessCodesRequestSchema;
+    output: typeof GenerateAccessCodesResponseSchema;
+  },
+  /**
+   * List all access codes (active, redeemed, and revoked).
+   * Authorization: Requires API key auth (service-level).
+   *
+   * @generated from rpc pidgr.v1.AccessCodeService.ListAccessCodes
+   */
+  listAccessCodes: {
+    methodKind: "unary";
+    input: typeof ListAccessCodesRequestSchema;
+    output: typeof ListAccessCodesResponseSchema;
+  },
+  /**
+   * Revoke an access code. Revoked codes cannot be used for organization creation.
+   * Authorization: Requires API key auth (service-level).
+   *
+   * @generated from rpc pidgr.v1.AccessCodeService.RevokeAccessCode
+   */
+  revokeAccessCode: {
+    methodKind: "unary";
+    input: typeof RevokeAccessCodeRequestSchema;
+    output: typeof RevokeAccessCodeResponseSchema;
+  },
+}> = /*@__PURE__*/
+  serviceDesc(file_pidgr_v1_access_code, 0);
+

package/pidgr/v1/action_pb.ts

@@ -0,0 +1,94 @@
+// @generated by protoc-gen-es v2.11.0 with parameter "target=ts"
+// @generated from file pidgr/v1/action.proto (package pidgr.v1, syntax proto3)
+/* eslint-disable */
+
+import type { GenFile, GenMessage, GenService } from "@bufbuild/protobuf/codegenv2";
+import { fileDesc, messageDesc, serviceDesc } from "@bufbuild/protobuf/codegenv2";
+import type { Message } from "@bufbuild/protobuf";
+
+/**
+ * Describes the file pidgr/v1/action.proto.
+ */
+export const file_pidgr_v1_action: GenFile = /*@__PURE__*/
+  fileDesc("ChVwaWRnci92MS9hY3Rpb24ucHJvdG8SCHBpZGdyLnYxIk4KE1N1Ym1pdEFjdGlvblJlcXVlc3QSEwoLZGVsaXZlcnlfaWQYASABKAkSEQoJYWN0aW9uX2lkGAIgASgJEg8KB3BheWxvYWQYAyABKAwiJwoUU3VibWl0QWN0aW9uUmVzcG9uc2USDwoHc3VjY2VzcxgBIAEoCDJeCg1BY3Rpb25TZXJ2aWNlEk0KDFN1Ym1pdEFjdGlvbhIdLnBpZGdyLnYxLlN1Ym1pdEFjdGlvblJlcXVlc3QaHi5waWRnci52MS5TdWJtaXRBY3Rpb25SZXNwb25zZUI2WjRnaXRodWIuY29tL3BpZGdyL3BpZGdyLXByb3RvL2dlbi9nby9waWRnci92MTtwaWRncnYxYgZwcm90bzM");
+
+/**
+ * Request to submit a user action on a delivered message.
+ *
+ * @generated from message pidgr.v1.SubmitActionRequest
+ */
+export type SubmitActionRequest = Message<"pidgr.v1.SubmitActionRequest"> & {
+  /**
+   * ID of the delivery the user is acting on.
+   * Constraints: UUID format (36 characters).
+   *
+   * @generated from field: string delivery_id = 1;
+   */
+  deliveryId: string;
+
+  /**
+   * ID of the action being performed (matches MessageAction.id).
+   * Constraints: Max length 100 characters.
+   *
+   * @generated from field: string action_id = 2;
+   */
+  actionId: string;
+
+  /**
+   * Optional action-specific payload (e.g. poll response data). Empty for ACK.
+   * Constraints: Max size 10000 bytes.
+   *
+   * @generated from field: bytes payload = 3;
+   */
+  payload: Uint8Array;
+};
+
+/**
+ * Describes the message pidgr.v1.SubmitActionRequest.
+ * Use `create(SubmitActionRequestSchema)` to create a new message.
+ */
+export const SubmitActionRequestSchema: GenMessage<SubmitActionRequest> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_action, 0);
+
+/**
+ * Response after submitting an action.
+ *
+ * @generated from message pidgr.v1.SubmitActionResponse
+ */
+export type SubmitActionResponse = Message<"pidgr.v1.SubmitActionResponse"> & {
+  /**
+   * Whether the action was successfully recorded and forwarded to the workflow.
+   *
+   * @generated from field: bool success = 1;
+   */
+  success: boolean;
+};
+
+/**
+ * Describes the message pidgr.v1.SubmitActionResponse.
+ * Use `create(SubmitActionResponseSchema)` to create a new message.
+ */
+export const SubmitActionResponseSchema: GenMessage<SubmitActionResponse> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_action, 1);
+
+/**
+ * Handles user actions on delivered messages.
+ * Actions drive workflow progression (e.g. ACK completes a wait step).
+ *
+ * @generated from service pidgr.v1.ActionService
+ */
+export const ActionService: GenService<{
+  /**
+   * Submit an action for a specific delivery, advancing the campaign workflow.
+   * Backend MUST verify the authenticated user is the delivery recipient.
+   *
+   * @generated from rpc pidgr.v1.ActionService.SubmitAction
+   */
+  submitAction: {
+    methodKind: "unary";
+    input: typeof SubmitActionRequestSchema;
+    output: typeof SubmitActionResponseSchema;
+  },
+}> = /*@__PURE__*/
+  serviceDesc(file_pidgr_v1_action, 0);
+

package/pidgr/v1/api_key_pb.ts

@@ -0,0 +1,264 @@
+// @generated by protoc-gen-es v2.11.0 with parameter "target=ts"
+// @generated from file pidgr/v1/api_key.proto (package pidgr.v1, syntax proto3)
+/* eslint-disable */
+
+import type { GenFile, GenMessage, GenService } from "@bufbuild/protobuf/codegenv2";
+import { fileDesc, messageDesc, serviceDesc } from "@bufbuild/protobuf/codegenv2";
+import type { Timestamp } from "@bufbuild/protobuf/wkt";
+import { file_google_protobuf_timestamp } from "@bufbuild/protobuf/wkt";
+import type { Permission } from "./common_pb";
+import { file_pidgr_v1_common } from "./common_pb";
+import type { Message } from "@bufbuild/protobuf";
+
+/**
+ * Describes the file pidgr/v1/api_key.proto.
+ */
+export const file_pidgr_v1_api_key: GenFile = /*@__PURE__*/
+  fileDesc("ChZwaWRnci92MS9hcGlfa2V5LnByb3RvEghwaWRnci52MSLzAQoGQXBpS2V5EgoKAmlkGAEgASgJEgwKBG5hbWUYAiABKAkSEgoKa2V5X3ByZWZpeBgDIAEoCRIpCgtwZXJtaXNzaW9ucxgEIAMoDjIULnBpZGdyLnYxLlBlcm1pc3Npb24SLgoKY3JlYXRlZF9hdBgFIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXASMAoMbGFzdF91c2VkX2F0GAYgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcBIuCgpleHBpcmVzX2F0GAcgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcCJ+ChNDcmVhdGVBcGlLZXlSZXF1ZXN0EgwKBG5hbWUYASABKAkSKQoLcGVybWlzc2lvbnMYAiADKA4yFC5waWRnci52MS5QZXJtaXNzaW9uEi4KCmV4cGlyZXNfYXQYAyABKAsyGi5nb29nbGUucHJvdG9idWYuVGltZXN0YW1wIkYKFENyZWF0ZUFwaUtleVJlc3BvbnNlEiEKB2FwaV9rZXkYASABKAsyEC5waWRnci52MS5BcGlLZXkSCwoDa2V5GAIgASgJIhQKEkxpc3RBcGlLZXlzUmVxdWVzdCI5ChNMaXN0QXBpS2V5c1Jlc3BvbnNlEiIKCGFwaV9rZXlzGAEgAygLMhAucGlkZ3IudjEuQXBpS2V5IikKE1Jldm9rZUFwaUtleVJlcXVlc3QSEgoKYXBpX2tleV9pZBgBIAEoCSIWChRSZXZva2VBcGlLZXlSZXNwb25zZTL5AQoNQXBpS2V5U2VydmljZRJNCgxDcmVhdGVBcGlLZXkSHS5waWRnci52MS5DcmVhdGVBcGlLZXlSZXF1ZXN0Gh4ucGlkZ3IudjEuQ3JlYXRlQXBpS2V5UmVzcG9uc2USSgoLTGlzdEFwaUtleXMSHC5waWRnci52MS5MaXN0QXBpS2V5c1JlcXVlc3QaHS5waWRnci52MS5MaXN0QXBpS2V5c1Jlc3BvbnNlEk0KDFJldm9rZUFwaUtleRIdLnBpZGdyLnYxLlJldm9rZUFwaUtleVJlcXVlc3QaHi5waWRnci52MS5SZXZva2VBcGlLZXlSZXNwb25zZUI2WjRnaXRodWIuY29tL3BpZGdyL3BpZGdyLXByb3RvL2dlbi9nby9waWRnci92MTtwaWRncnYxYgZwcm90bzM", [file_google_protobuf_timestamp, file_pidgr_v1_common]);
+
+/**
+ * A scoped API key for programmatic access (MCP agents, service integrations).
+ *
+ * @generated from message pidgr.v1.ApiKey
+ */
+export type ApiKey = Message<"pidgr.v1.ApiKey"> & {
+  /**
+   * Unique identifier.
+   *
+   * @generated from field: string id = 1;
+   */
+  id: string;
+
+  /**
+   * Human-friendly label (e.g. "MCP Production", "CI Pipeline").
+   *
+   * @generated from field: string name = 2;
+   */
+  name: string;
+
+  /**
+   * Displayable prefix of the key (e.g. "pidgr_k_abc12345").
+   * Used for identification — the full key is only returned on creation.
+   *
+   * @generated from field: string key_prefix = 3;
+   */
+  keyPrefix: string;
+
+  /**
+   * Permissions granted to this key.
+   *
+   * @generated from field: repeated pidgr.v1.Permission permissions = 4;
+   */
+  permissions: Permission[];
+
+  /**
+   * When the key was created.
+   *
+   * @generated from field: google.protobuf.Timestamp created_at = 5;
+   */
+  createdAt?: Timestamp;
+
+  /**
+   * Last time the key was used to authenticate a request. Empty if never used.
+   *
+   * @generated from field: google.protobuf.Timestamp last_used_at = 6;
+   */
+  lastUsedAt?: Timestamp;
+
+  /**
+   * When the key expires. Empty means no expiration.
+   *
+   * @generated from field: google.protobuf.Timestamp expires_at = 7;
+   */
+  expiresAt?: Timestamp;
+};
+
+/**
+ * Describes the message pidgr.v1.ApiKey.
+ * Use `create(ApiKeySchema)` to create a new message.
+ */
+export const ApiKeySchema: GenMessage<ApiKey> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_api_key, 0);
+
+/**
+ * Request to create a new API key.
+ *
+ * @generated from message pidgr.v1.CreateApiKeyRequest
+ */
+export type CreateApiKeyRequest = Message<"pidgr.v1.CreateApiKeyRequest"> & {
+  /**
+   * Human-friendly label. Required, max 200 characters.
+   *
+   * @generated from field: string name = 1;
+   */
+  name: string;
+
+  /**
+   * Permissions to grant. Required, at least one.
+   * PERMISSION_UNSPECIFIED values are rejected.
+   *
+   * @generated from field: repeated pidgr.v1.Permission permissions = 2;
+   */
+  permissions: Permission[];
+
+  /**
+   * Optional expiration time. If omitted, the key does not expire.
+   *
+   * @generated from field: google.protobuf.Timestamp expires_at = 3;
+   */
+  expiresAt?: Timestamp;
+};
+
+/**
+ * Describes the message pidgr.v1.CreateApiKeyRequest.
+ * Use `create(CreateApiKeyRequestSchema)` to create a new message.
+ */
+export const CreateApiKeyRequestSchema: GenMessage<CreateApiKeyRequest> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_api_key, 1);
+
+/**
+ * Response after creating an API key.
+ * IMPORTANT: The full key is only returned here — it cannot be retrieved later.
+ *
+ * @generated from message pidgr.v1.CreateApiKeyResponse
+ */
+export type CreateApiKeyResponse = Message<"pidgr.v1.CreateApiKeyResponse"> & {
+  /**
+   * The created API key metadata.
+   *
+   * @generated from field: pidgr.v1.ApiKey api_key = 1;
+   */
+  apiKey?: ApiKey;
+
+  /**
+   * The full secret key value (e.g. "pidgr_k_abc12345...").
+   * Store this securely — it is not retrievable after this response.
+   *
+   * @generated from field: string key = 2;
+   */
+  key: string;
+};
+
+/**
+ * Describes the message pidgr.v1.CreateApiKeyResponse.
+ * Use `create(CreateApiKeyResponseSchema)` to create a new message.
+ */
+export const CreateApiKeyResponseSchema: GenMessage<CreateApiKeyResponse> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_api_key, 2);
+
+/**
+ * Request to list all API keys in the caller's organization.
+ *
+ * @generated from message pidgr.v1.ListApiKeysRequest
+ */
+export type ListApiKeysRequest = Message<"pidgr.v1.ListApiKeysRequest"> & {
+};
+
+/**
+ * Describes the message pidgr.v1.ListApiKeysRequest.
+ * Use `create(ListApiKeysRequestSchema)` to create a new message.
+ */
+export const ListApiKeysRequestSchema: GenMessage<ListApiKeysRequest> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_api_key, 3);
+
+/**
+ * Response containing the organization's API keys.
+ *
+ * @generated from message pidgr.v1.ListApiKeysResponse
+ */
+export type ListApiKeysResponse = Message<"pidgr.v1.ListApiKeysResponse"> & {
+  /**
+   * All active (non-revoked) API keys. Full key values are not included.
+   *
+   * @generated from field: repeated pidgr.v1.ApiKey api_keys = 1;
+   */
+  apiKeys: ApiKey[];
+};
+
+/**
+ * Describes the message pidgr.v1.ListApiKeysResponse.
+ * Use `create(ListApiKeysResponseSchema)` to create a new message.
+ */
+export const ListApiKeysResponseSchema: GenMessage<ListApiKeysResponse> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_api_key, 4);
+
+/**
+ * Request to revoke an API key.
+ *
+ * @generated from message pidgr.v1.RevokeApiKeyRequest
+ */
+export type RevokeApiKeyRequest = Message<"pidgr.v1.RevokeApiKeyRequest"> & {
+  /**
+   * ID of the API key to revoke. Required.
+   *
+   * @generated from field: string api_key_id = 1;
+   */
+  apiKeyId: string;
+};
+
+/**
+ * Describes the message pidgr.v1.RevokeApiKeyRequest.
+ * Use `create(RevokeApiKeyRequestSchema)` to create a new message.
+ */
+export const RevokeApiKeyRequestSchema: GenMessage<RevokeApiKeyRequest> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_api_key, 5);
+
+/**
+ * Response after revoking an API key.
+ *
+ * @generated from message pidgr.v1.RevokeApiKeyResponse
+ */
+export type RevokeApiKeyResponse = Message<"pidgr.v1.RevokeApiKeyResponse"> & {
+};
+
+/**
+ * Describes the message pidgr.v1.RevokeApiKeyResponse.
+ * Use `create(RevokeApiKeyResponseSchema)` to create a new message.
+ */
+export const RevokeApiKeyResponseSchema: GenMessage<RevokeApiKeyResponse> = /*@__PURE__*/
+  messageDesc(file_pidgr_v1_api_key, 6);
+
+/**
+ * Manages scoped API keys for programmatic access.
+ * All RPCs operate within the caller's org (extracted from JWT).
+ *
+ * @generated from service pidgr.v1.ApiKeyService
+ */
+export const ApiKeyService: GenService<{
+  /**
+   * Create a new scoped API key with specific permissions.
+   * The full secret key is only returned in the response — store it securely.
+   * Authorization: Requires PERMISSION_ORG_WRITE.
+   *
+   * @generated from rpc pidgr.v1.ApiKeyService.CreateApiKey
+   */
+  createApiKey: {
+    methodKind: "unary";
+    input: typeof CreateApiKeyRequestSchema;
+    output: typeof CreateApiKeyResponseSchema;
+  },
+  /**
+   * List all active API keys in the organization (metadata only, no secrets).
+   * Authorization: Requires PERMISSION_ORG_READ.
+   *
+   * @generated from rpc pidgr.v1.ApiKeyService.ListApiKeys
+   */
+  listApiKeys: {
+    methodKind: "unary";
+    input: typeof ListApiKeysRequestSchema;
+    output: typeof ListApiKeysResponseSchema;
+  },
+  /**
+   * Revoke an API key. The key becomes immediately unusable.
+   * Authorization: Requires PERMISSION_ORG_WRITE.
+   *
+   * @generated from rpc pidgr.v1.ApiKeyService.RevokeApiKey
+   */
+  revokeApiKey: {
+    methodKind: "unary";
+    input: typeof RevokeApiKeyRequestSchema;
+    output: typeof RevokeApiKeyResponseSchema;
+  },
+}> = /*@__PURE__*/
+  serviceDesc(file_pidgr_v1_api_key, 0);
+