@productcraft/heimdall 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +16 -0
  2. package/dist/index.cjs.map +1 -0
  3. package/dist/index.d.cts +2842 -0
  4. package/dist/index.d.ts +2842 -0
  5. package/dist/index.js +14 -0
  6. package/dist/index.js.map +1 -0
  7. package/package.json +47 -0
package/dist/index.d.cts ADDED
@@ -0,0 +1,2842 @@
1
+ import { makeClient, PCClientConfig } from '@productcraft/core';
2
+
3
+ /**
4
+ * This file was auto-generated by openapi-typescript.
5
+ * Do not make direct changes to the file.
6
+ */
7
+
8
+ interface paths {
9
+ "/v1/apps": {
10
+ parameters: {
11
+ query?: never;
12
+ header?: never;
13
+ path?: never;
14
+ cookie?: never;
15
+ };
16
+ /** List apps the current PlatformUser is a member of */
17
+ get: operations["AppController_listMyApps"];
18
+ put?: never;
19
+ /** Create a new Heimdall app owned by the caller */
20
+ post: operations["AppController_createApp"];
21
+ delete?: never;
22
+ options?: never;
23
+ head?: never;
24
+ patch?: never;
25
+ trace?: never;
26
+ };
27
+ "/v1/apps/invites/accept": {
28
+ parameters: {
29
+ query?: never;
30
+ header?: never;
31
+ path?: never;
32
+ cookie?: never;
33
+ };
34
+ get?: never;
35
+ put?: never;
36
+ /** Accept an app invite by code */
37
+ post: operations["AppController_acceptInvite"];
38
+ delete?: never;
39
+ options?: never;
40
+ head?: never;
41
+ patch?: never;
42
+ trace?: never;
43
+ };
44
+ "/v1/apps/{appId}": {
45
+ parameters: {
46
+ query?: never;
47
+ header?: never;
48
+ path?: never;
49
+ cookie?: never;
50
+ };
51
+ /** Get app details */
52
+ get: operations["AppController_getApp"];
53
+ put?: never;
54
+ post?: never;
55
+ /** Delete an app permanently */
56
+ delete: operations["AppController_deleteApp"];
57
+ options?: never;
58
+ head?: never;
59
+ /** Update app display name and metadata */
60
+ patch: operations["AppController_updateApp"];
61
+ trace?: never;
62
+ };
63
+ "/v1/apps/{appId}/api-keys": {
64
+ parameters: {
65
+ query?: never;
66
+ header?: never;
67
+ path?: never;
68
+ cookie?: never;
69
+ };
70
+ /** List API keys for an app (no raw secret). */
71
+ get: operations["ApiKeyController_listApiKeys"];
72
+ put?: never;
73
+ /** Mint a new hdk_live_* API key with an explicit permission scope. The raw key is returned ONCE. */
74
+ post: operations["ApiKeyController_createApiKey"];
75
+ delete?: never;
76
+ options?: never;
77
+ head?: never;
78
+ patch?: never;
79
+ trace?: never;
80
+ };
81
+ "/v1/apps/{appId}/api-keys/{keyId}": {
82
+ parameters: {
83
+ query?: never;
84
+ header?: never;
85
+ path?: never;
86
+ cookie?: never;
87
+ };
88
+ get?: never;
89
+ put?: never;
90
+ post?: never;
91
+ /** Revoke (delete) an API key. */
92
+ delete: operations["ApiKeyController_deleteApiKey"];
93
+ options?: never;
94
+ head?: never;
95
+ patch?: never;
96
+ trace?: never;
97
+ };
98
+ "/v1/apps/{appId}/audit-logs": {
99
+ parameters: {
100
+ query?: never;
101
+ header?: never;
102
+ path?: never;
103
+ cookie?: never;
104
+ };
105
+ /** Append-only audit log for this app. Filter by `?action=` and/or `?actor_id=`. 50/page (max 200), cursor-paginated. */
106
+ get: operations["AppAuditController_getAuditLogs"];
107
+ put?: never;
108
+ post?: never;
109
+ delete?: never;
110
+ options?: never;
111
+ head?: never;
112
+ patch?: never;
113
+ trace?: never;
114
+ };
115
+ "/v1/apps/{appId}/auth-config": {
116
+ parameters: {
117
+ query?: never;
118
+ header?: never;
119
+ path?: never;
120
+ cookie?: never;
121
+ };
122
+ /** Get the per-app auth config (signup, signin, password policy, sessions). */
123
+ get: operations["AuthConfigController_getConfig"];
124
+ put?: never;
125
+ post?: never;
126
+ delete?: never;
127
+ options?: never;
128
+ head?: never;
129
+ /** Update the per-app auth config. Only fields you pass are changed. */
130
+ patch: operations["AuthConfigController_updateConfig"];
131
+ trace?: never;
132
+ };
133
+ "/v1/apps/{appId}/credentials": {
134
+ parameters: {
135
+ query?: never;
136
+ header?: never;
137
+ path?: never;
138
+ cookie?: never;
139
+ };
140
+ /** List M2M clients */
141
+ get: operations["M2mController_listClients"];
142
+ put?: never;
143
+ /** Create a new M2M client */
144
+ post: operations["M2mController_createClient"];
145
+ delete?: never;
146
+ options?: never;
147
+ head?: never;
148
+ patch?: never;
149
+ trace?: never;
150
+ };
151
+ "/v1/apps/{appId}/credentials/{clientId}": {
152
+ parameters: {
153
+ query?: never;
154
+ header?: never;
155
+ path?: never;
156
+ cookie?: never;
157
+ };
158
+ /** Get M2M client details */
159
+ get: operations["M2mController_getClient"];
160
+ put?: never;
161
+ post?: never;
162
+ /** Delete an M2M client */
163
+ delete: operations["M2mController_deleteClient"];
164
+ options?: never;
165
+ head?: never;
166
+ /** Update M2M client status */
167
+ patch: operations["M2mController_updateClient"];
168
+ trace?: never;
169
+ };
170
+ "/v1/apps/{appId}/credentials/{clientId}/rotate": {
171
+ parameters: {
172
+ query?: never;
173
+ header?: never;
174
+ path?: never;
175
+ cookie?: never;
176
+ };
177
+ get?: never;
178
+ put?: never;
179
+ /** Rotate M2M client secret */
180
+ post: operations["M2mController_rotateSecret"];
181
+ delete?: never;
182
+ options?: never;
183
+ head?: never;
184
+ patch?: never;
185
+ trace?: never;
186
+ };
187
+ "/v1/apps/{appId}/credentials/{clientId}/scopes": {
188
+ parameters: {
189
+ query?: never;
190
+ header?: never;
191
+ path?: never;
192
+ cookie?: never;
193
+ };
194
+ get?: never;
195
+ /** Set scopes for an M2M client */
196
+ put: operations["M2mController_setScopes"];
197
+ post?: never;
198
+ delete?: never;
199
+ options?: never;
200
+ head?: never;
201
+ patch?: never;
202
+ trace?: never;
203
+ };
204
+ "/v1/apps/{appId}/end-users": {
205
+ parameters: {
206
+ query?: never;
207
+ header?: never;
208
+ path?: never;
209
+ cookie?: never;
210
+ };
211
+ get: operations["EndUserController_listEndUsers"];
212
+ put?: never;
213
+ post?: never;
214
+ delete?: never;
215
+ options?: never;
216
+ head?: never;
217
+ patch?: never;
218
+ trace?: never;
219
+ };
220
+ "/v1/apps/{appId}/end-users/{userId}": {
221
+ parameters: {
222
+ query?: never;
223
+ header?: never;
224
+ path?: never;
225
+ cookie?: never;
226
+ };
227
+ get: operations["EndUserController_getEndUser"];
228
+ put?: never;
229
+ post?: never;
230
+ delete: operations["EndUserController_deleteEndUser"];
231
+ options?: never;
232
+ head?: never;
233
+ patch: operations["EndUserController_updateEndUser"];
234
+ trace?: never;
235
+ };
236
+ "/v1/apps/{appId}/end-users/{userId}/role": {
237
+ parameters: {
238
+ query?: never;
239
+ header?: never;
240
+ path?: never;
241
+ cookie?: never;
242
+ };
243
+ get?: never;
244
+ put?: never;
245
+ post?: never;
246
+ delete?: never;
247
+ options?: never;
248
+ head?: never;
249
+ patch: operations["EndUserController_updateRole"];
250
+ trace?: never;
251
+ };
252
+ "/v1/apps/{appId}/end-users/{userId}/sessions/revoke-all": {
253
+ parameters: {
254
+ query?: never;
255
+ header?: never;
256
+ path?: never;
257
+ cookie?: never;
258
+ };
259
+ get?: never;
260
+ put?: never;
261
+ post: operations["EndUserController_revokeAllSessions"];
262
+ delete?: never;
263
+ options?: never;
264
+ head?: never;
265
+ patch?: never;
266
+ trace?: never;
267
+ };
268
+ "/v1/apps/{appId}/end-users/{userId}/status": {
269
+ parameters: {
270
+ query?: never;
271
+ header?: never;
272
+ path?: never;
273
+ cookie?: never;
274
+ };
275
+ get?: never;
276
+ put?: never;
277
+ post?: never;
278
+ delete?: never;
279
+ options?: never;
280
+ head?: never;
281
+ patch: operations["EndUserController_updateStatus"];
282
+ trace?: never;
283
+ };
284
+ "/v1/apps/{appId}/invites": {
285
+ parameters: {
286
+ query?: never;
287
+ header?: never;
288
+ path?: never;
289
+ cookie?: never;
290
+ };
291
+ /** List app invites */
292
+ get: operations["AppController_listInvites"];
293
+ put?: never;
294
+ /** Create an app invite */
295
+ post: operations["AppController_createInvite"];
296
+ delete?: never;
297
+ options?: never;
298
+ head?: never;
299
+ patch?: never;
300
+ trace?: never;
301
+ };
302
+ "/v1/apps/{appId}/invites/{inviteId}": {
303
+ parameters: {
304
+ query?: never;
305
+ header?: never;
306
+ path?: never;
307
+ cookie?: never;
308
+ };
309
+ get?: never;
310
+ put?: never;
311
+ post?: never;
312
+ /** Revoke an app invite */
313
+ delete: operations["AppController_revokeInvite"];
314
+ options?: never;
315
+ head?: never;
316
+ patch?: never;
317
+ trace?: never;
318
+ };
319
+ "/v1/apps/{appId}/members": {
320
+ parameters: {
321
+ query?: never;
322
+ header?: never;
323
+ path?: never;
324
+ cookie?: never;
325
+ };
326
+ /** List app members (PlatformUser view of EndUser memberships) */
327
+ get: operations["AppController_listMembers"];
328
+ put?: never;
329
+ post?: never;
330
+ delete?: never;
331
+ options?: never;
332
+ head?: never;
333
+ patch?: never;
334
+ trace?: never;
335
+ };
336
+ "/v1/apps/{appId}/members/{accountId}": {
337
+ parameters: {
338
+ query?: never;
339
+ header?: never;
340
+ path?: never;
341
+ cookie?: never;
342
+ };
343
+ get?: never;
344
+ put?: never;
345
+ post?: never;
346
+ /** Remove a member from the app */
347
+ delete: operations["AppController_removeMember"];
348
+ options?: never;
349
+ head?: never;
350
+ patch?: never;
351
+ trace?: never;
352
+ };
353
+ "/v1/apps/{appId}/permissions": {
354
+ parameters: {
355
+ query?: never;
356
+ header?: never;
357
+ path?: never;
358
+ cookie?: never;
359
+ };
360
+ /** List all permissions (system + custom) */
361
+ get: operations["PermissionController_listPermissions"];
362
+ put?: never;
363
+ /** Create a custom permission */
364
+ post: operations["PermissionController_createPermission"];
365
+ delete?: never;
366
+ options?: never;
367
+ head?: never;
368
+ patch?: never;
369
+ trace?: never;
370
+ };
371
+ "/v1/apps/{appId}/permissions/{permissionKey}": {
372
+ parameters: {
373
+ query?: never;
374
+ header?: never;
375
+ path?: never;
376
+ cookie?: never;
377
+ };
378
+ get?: never;
379
+ put?: never;
380
+ post?: never;
381
+ /** Delete a custom permission */
382
+ delete: operations["PermissionController_deletePermission"];
383
+ options?: never;
384
+ head?: never;
385
+ patch?: never;
386
+ trace?: never;
387
+ };
388
+ "/v1/apps/{appId}/roles": {
389
+ parameters: {
390
+ query?: never;
391
+ header?: never;
392
+ path?: never;
393
+ cookie?: never;
394
+ };
395
+ /** List all roles in an app */
396
+ get: operations["RoleController_listRoles"];
397
+ put?: never;
398
+ /** Create a new role */
399
+ post: operations["RoleController_createRole"];
400
+ delete?: never;
401
+ options?: never;
402
+ head?: never;
403
+ patch?: never;
404
+ trace?: never;
405
+ };
406
+ "/v1/apps/{appId}/roles/assign": {
407
+ parameters: {
408
+ query?: never;
409
+ header?: never;
410
+ path?: never;
411
+ cookie?: never;
412
+ };
413
+ get?: never;
414
+ put?: never;
415
+ /** Assign a role to a user */
416
+ post: operations["RoleController_assignRole"];
417
+ delete?: never;
418
+ options?: never;
419
+ head?: never;
420
+ patch?: never;
421
+ trace?: never;
422
+ };
423
+ "/v1/apps/{appId}/roles/permissions": {
424
+ parameters: {
425
+ query?: never;
426
+ header?: never;
427
+ path?: never;
428
+ cookie?: never;
429
+ };
430
+ /** List all available permissions */
431
+ get: operations["RoleController_listPermissions"];
432
+ put?: never;
433
+ post?: never;
434
+ delete?: never;
435
+ options?: never;
436
+ head?: never;
437
+ patch?: never;
438
+ trace?: never;
439
+ };
440
+ "/v1/apps/{appId}/roles/{roleName}": {
441
+ parameters: {
442
+ query?: never;
443
+ header?: never;
444
+ path?: never;
445
+ cookie?: never;
446
+ };
447
+ /** Get role details with permissions */
448
+ get: operations["RoleController_getRole"];
449
+ put?: never;
450
+ post?: never;
451
+ /** Delete a custom role */
452
+ delete: operations["RoleController_deleteRole"];
453
+ options?: never;
454
+ head?: never;
455
+ /** Update role name or description */
456
+ patch: operations["RoleController_updateRole"];
457
+ trace?: never;
458
+ };
459
+ "/v1/apps/{appId}/roles/{roleName}/permissions": {
460
+ parameters: {
461
+ query?: never;
462
+ header?: never;
463
+ path?: never;
464
+ cookie?: never;
465
+ };
466
+ get?: never;
467
+ /** Set permissions for a role */
468
+ put: operations["RoleController_setPermissions"];
469
+ post?: never;
470
+ delete?: never;
471
+ options?: never;
472
+ head?: never;
473
+ patch?: never;
474
+ trace?: never;
475
+ };
476
+ "/v1/apps/{appId}/status": {
477
+ parameters: {
478
+ query?: never;
479
+ header?: never;
480
+ path?: never;
481
+ cookie?: never;
482
+ };
483
+ get?: never;
484
+ put?: never;
485
+ post?: never;
486
+ delete?: never;
487
+ options?: never;
488
+ head?: never;
489
+ /** Update app status (active, suspended, archived) */
490
+ patch: operations["AppController_updateAppStatus"];
491
+ trace?: never;
492
+ };
493
+ "/v1/idp/exchange": {
494
+ parameters: {
495
+ query?: never;
496
+ header?: never;
497
+ path?: never;
498
+ cookie?: never;
499
+ };
500
+ get?: never;
501
+ put?: never;
502
+ post: operations["IdpController_exchange"];
503
+ delete?: never;
504
+ options?: never;
505
+ head?: never;
506
+ patch?: never;
507
+ trace?: never;
508
+ };
509
+ "/v1/idp/providers": {
510
+ parameters: {
511
+ query?: never;
512
+ header?: never;
513
+ path?: never;
514
+ cookie?: never;
515
+ };
516
+ get: operations["IdpController_list"];
517
+ put?: never;
518
+ post?: never;
519
+ delete?: never;
520
+ options?: never;
521
+ head?: never;
522
+ patch?: never;
523
+ trace?: never;
524
+ };
525
+ "/v1/idp/{provider}/redirect": {
526
+ parameters: {
527
+ query?: never;
528
+ header?: never;
529
+ path?: never;
530
+ cookie?: never;
531
+ };
532
+ get: operations["IdpController_redirect"];
533
+ put?: never;
534
+ post?: never;
535
+ delete?: never;
536
+ options?: never;
537
+ head?: never;
538
+ patch?: never;
539
+ trace?: never;
540
+ };
541
+ "/v1/idp/{provider}/start": {
542
+ parameters: {
543
+ query?: never;
544
+ header?: never;
545
+ path?: never;
546
+ cookie?: never;
547
+ };
548
+ get?: never;
549
+ put?: never;
550
+ post: operations["IdpController_start"];
551
+ delete?: never;
552
+ options?: never;
553
+ head?: never;
554
+ patch?: never;
555
+ trace?: never;
556
+ };
557
+ "/v1/idp/{provider}/verify-token": {
558
+ parameters: {
559
+ query?: never;
560
+ header?: never;
561
+ path?: never;
562
+ cookie?: never;
563
+ };
564
+ get?: never;
565
+ put?: never;
566
+ post: operations["IdpController_verifyIdToken"];
567
+ delete?: never;
568
+ options?: never;
569
+ head?: never;
570
+ patch?: never;
571
+ trace?: never;
572
+ };
573
+ "/v1/stats/me": {
574
+ parameters: {
575
+ query?: never;
576
+ header?: never;
577
+ path?: never;
578
+ cookie?: never;
579
+ };
580
+ /**
581
+ * Aggregate counts for the signed-in PlatformUser
582
+ * @description Returns total apps the caller belongs to, end-users across those apps, and active API keys across those apps. Single round-trip; cheap. Powers the workspace Dashboard hero stats.
583
+ */
584
+ get: operations["StatsController_getMyStats"];
585
+ put?: never;
586
+ post?: never;
587
+ delete?: never;
588
+ options?: never;
589
+ head?: never;
590
+ patch?: never;
591
+ trace?: never;
592
+ };
593
+ "/{appSlug}/v1/.well-known/jwks.json": {
594
+ parameters: {
595
+ query?: never;
596
+ header?: never;
597
+ path?: never;
598
+ cookie?: never;
599
+ };
600
+ get: operations["ConsumerJwksController_getJwks"];
601
+ put?: never;
602
+ post?: never;
603
+ delete?: never;
604
+ options?: never;
605
+ head?: never;
606
+ patch?: never;
607
+ trace?: never;
608
+ };
609
+ "/{appSlug}/v1/auth/logout": {
610
+ parameters: {
611
+ query?: never;
612
+ header?: never;
613
+ path?: never;
614
+ cookie?: never;
615
+ };
616
+ get?: never;
617
+ put?: never;
618
+ /**
619
+ * Revoke a refresh token
620
+ * @description Destroys the session that owns the refresh token. The matching access token continues to verify until its TTL expires.
621
+ */
622
+ post: operations["ConsumerAuthController_logout"];
623
+ delete?: never;
624
+ options?: never;
625
+ head?: never;
626
+ patch?: never;
627
+ trace?: never;
628
+ };
629
+ "/{appSlug}/v1/auth/refresh": {
630
+ parameters: {
631
+ query?: never;
632
+ header?: never;
633
+ path?: never;
634
+ cookie?: never;
635
+ };
636
+ get?: never;
637
+ put?: never;
638
+ /**
639
+ * Exchange a refresh token for a new access token
640
+ * @description Rotates the refresh token on every call — the previous refresh token is revoked, and re-using it triggers session revocation.
641
+ */
642
+ post: operations["ConsumerAuthController_refresh"];
643
+ delete?: never;
644
+ options?: never;
645
+ head?: never;
646
+ patch?: never;
647
+ trace?: never;
648
+ };
649
+ "/{appSlug}/v1/auth/request-reset": {
650
+ parameters: {
651
+ query?: never;
652
+ header?: never;
653
+ path?: never;
654
+ cookie?: never;
655
+ };
656
+ get?: never;
657
+ put?: never;
658
+ /**
659
+ * Request a password-reset code
660
+ * @description Always returns 201 to prevent account enumeration. If the email matches an EndUser, a 6-character reset code is sent.
661
+ */
662
+ post: operations["ConsumerAuthController_requestReset"];
663
+ delete?: never;
664
+ options?: never;
665
+ head?: never;
666
+ patch?: never;
667
+ trace?: never;
668
+ };
669
+ "/{appSlug}/v1/auth/reset-password": {
670
+ parameters: {
671
+ query?: never;
672
+ header?: never;
673
+ path?: never;
674
+ cookie?: never;
675
+ };
676
+ get?: never;
677
+ put?: never;
678
+ /**
679
+ * Submit a reset code + new password
680
+ * @description Consumes the reset code (single-use). On success the password is updated and the user can sign in immediately.
681
+ */
682
+ post: operations["ConsumerAuthController_resetPassword"];
683
+ delete?: never;
684
+ options?: never;
685
+ head?: never;
686
+ patch?: never;
687
+ trace?: never;
688
+ };
689
+ "/{appSlug}/v1/auth/signin": {
690
+ parameters: {
691
+ query?: never;
692
+ header?: never;
693
+ path?: never;
694
+ cookie?: never;
695
+ };
696
+ get?: never;
697
+ put?: never;
698
+ /**
699
+ * Sign in an EndUser
700
+ * @description Authenticate with username-or-email + password. Returns a fresh access + refresh token pair on success.
701
+ */
702
+ post: operations["ConsumerAuthController_signin"];
703
+ delete?: never;
704
+ options?: never;
705
+ head?: never;
706
+ patch?: never;
707
+ trace?: never;
708
+ };
709
+ "/{appSlug}/v1/auth/signup": {
710
+ parameters: {
711
+ query?: never;
712
+ header?: never;
713
+ path?: never;
714
+ cookie?: never;
715
+ };
716
+ get?: never;
717
+ put?: never;
718
+ /**
719
+ * Sign up an EndUser
720
+ * @description Create an EndUser account inside the app and immediately mint a session. Subject to the app-configured signup policy (signup enabled, password policy, default role). When the app sets `signup_requires_pak: true`, the request must carry an `Authorization: Bearer <pcft_live_*>` PAK with the `heimdall.signup.create` permission — public unauthenticated signup is rejected with 401.
721
+ */
722
+ post: operations["ConsumerAuthController_signup"];
723
+ delete?: never;
724
+ options?: never;
725
+ head?: never;
726
+ patch?: never;
727
+ trace?: never;
728
+ };
729
+ "/{appSlug}/v1/authorize": {
730
+ parameters: {
731
+ query?: never;
732
+ header?: never;
733
+ path?: never;
734
+ cookie?: never;
735
+ };
736
+ get?: never;
737
+ put?: never;
738
+ /**
739
+ * Verify a token + check one or more permissions
740
+ * @description Returns `{ authorized: boolean }`. Pass `permission` (string) for a single check, or `permissions` (array) when ALL must be held.
741
+ */
742
+ post: operations["ConsumerVerifyController_authorize"];
743
+ delete?: never;
744
+ options?: never;
745
+ head?: never;
746
+ patch?: never;
747
+ trace?: never;
748
+ };
749
+ "/{appSlug}/v1/authorize/batch": {
750
+ parameters: {
751
+ query?: never;
752
+ header?: never;
753
+ path?: never;
754
+ cookie?: never;
755
+ };
756
+ get?: never;
757
+ put?: never;
758
+ /**
759
+ * Multi-permission authorization in a single round-trip
760
+ * @description Runs N permission checks against the same token in one call. Each result reports the missing permissions (if any). Useful when a UI needs to flag many actions at once.
761
+ */
762
+ post: operations["ConsumerVerifyController_authorizeBatch"];
763
+ delete?: never;
764
+ options?: never;
765
+ head?: never;
766
+ patch?: never;
767
+ trace?: never;
768
+ };
769
+ "/{appSlug}/v1/me": {
770
+ parameters: {
771
+ query?: never;
772
+ header?: never;
773
+ path?: never;
774
+ cookie?: never;
775
+ };
776
+ /**
777
+ * Get the signed-in EndUser profile
778
+ * @description Returns the EndUser identity, app membership, and effective permissions for the bearer token.
779
+ */
780
+ get: operations["ConsumerMeController_getProfile"];
781
+ put?: never;
782
+ post?: never;
783
+ /**
784
+ * Permanently delete the signed-in EndUser account
785
+ * @description Removes the EndUser, all sessions, and all related records inside this app. Cannot be undone.
786
+ */
787
+ delete: operations["ConsumerMeController_deleteAccount"];
788
+ options?: never;
789
+ head?: never;
790
+ /**
791
+ * Update the signed-in EndUser profile
792
+ * @description Currently only the display name can be changed.
793
+ */
794
+ patch: operations["ConsumerMeController_updateProfile"];
795
+ trace?: never;
796
+ };
797
+ "/{appSlug}/v1/me/activity": {
798
+ parameters: {
799
+ query?: never;
800
+ header?: never;
801
+ path?: never;
802
+ cookie?: never;
803
+ };
804
+ /**
805
+ * Recent account activity
806
+ * @description Login events, password changes, and other security-relevant records, scoped to this EndUser.
807
+ */
808
+ get: operations["ConsumerMeController_getActivity"];
809
+ put?: never;
810
+ post?: never;
811
+ delete?: never;
812
+ options?: never;
813
+ head?: never;
814
+ patch?: never;
815
+ trace?: never;
816
+ };
817
+ "/{appSlug}/v1/me/sessions": {
818
+ parameters: {
819
+ query?: never;
820
+ header?: never;
821
+ path?: never;
822
+ cookie?: never;
823
+ };
824
+ /**
825
+ * List all active sessions for the EndUser
826
+ * @description Each session includes a `current` flag identifying the one belonging to the bearer token used for this request.
827
+ */
828
+ get: operations["ConsumerMeController_listSessions"];
829
+ put?: never;
830
+ post?: never;
831
+ delete?: never;
832
+ options?: never;
833
+ head?: never;
834
+ patch?: never;
835
+ trace?: never;
836
+ };
837
+ "/{appSlug}/v1/me/sessions/{id}": {
838
+ parameters: {
839
+ query?: never;
840
+ header?: never;
841
+ path?: never;
842
+ cookie?: never;
843
+ };
844
+ get?: never;
845
+ put?: never;
846
+ post?: never;
847
+ /**
848
+ * Revoke a session
849
+ * @description Sign the EndUser out of one device. The session’s refresh token is destroyed; its access token expires on its TTL.
850
+ */
851
+ delete: operations["ConsumerMeController_revokeSession"];
852
+ options?: never;
853
+ head?: never;
854
+ patch?: never;
855
+ trace?: never;
856
+ };
857
+ "/{appSlug}/v1/oauth/token": {
858
+ parameters: {
859
+ query?: never;
860
+ header?: never;
861
+ path?: never;
862
+ cookie?: never;
863
+ };
864
+ get?: never;
865
+ put?: never;
866
+ /**
867
+ * Exchange client_credentials for an access token
868
+ * @description Standard OAuth 2.0 client_credentials grant. Returns an app-scoped access token whose `permissions` claim is the union of the client's configured scopes. Use for service-to-service calls.
869
+ */
870
+ post: operations["ConsumerOAuthController_clientCredentials"];
871
+ delete?: never;
872
+ options?: never;
873
+ head?: never;
874
+ patch?: never;
875
+ trace?: never;
876
+ };
877
+ "/{appSlug}/v1/verify": {
878
+ parameters: {
879
+ query?: never;
880
+ header?: never;
881
+ path?: never;
882
+ cookie?: never;
883
+ };
884
+ get?: never;
885
+ put?: never;
886
+ /**
887
+ * Verify a token signature + return its principal
888
+ * @description Validates the JWT against the app's JWKS keys and returns `{ valid, principal }`. Use this when you need the full claims; use `/authorize` for a yes/no permission check.
889
+ */
890
+ post: operations["ConsumerVerifyController_verify"];
891
+ delete?: never;
892
+ options?: never;
893
+ head?: never;
894
+ patch?: never;
895
+ trace?: never;
896
+ };
897
+ }
898
+ interface components {
899
+ schemas: {
900
+ AcceptInviteDto: {
901
+ /**
902
+ * @description Invite code from the invite email / link.
903
+ * @example inv_x7H2k…
904
+ */
905
+ code: string;
906
+ };
907
+ AssignRoleDto: {
908
+ /** @description Account ID of the user */
909
+ accountId: string;
910
+ /**
911
+ * @description Role name to assign
912
+ * @example admin
913
+ */
914
+ role: string;
915
+ };
916
+ AuthorizeBatchBody: {
917
+ /** @description List of checks. Each returns { authorized, missing_permissions }. */
918
+ checks: components["schemas"]["AuthorizeBatchEntry"][];
919
+ /** @description JWT to verify and authorize against each check. */
920
+ token: string;
921
+ };
922
+ AuthorizeBatchEntry: {
923
+ /** @description Permissions for this check; ALL must be held. */
924
+ permissions: string[];
925
+ };
926
+ AuthorizeBody: {
927
+ /** @description Single permission to check, e.g. 'user.read'. Use this OR `permissions`. */
928
+ permission?: string;
929
+ /** @description Multiple permissions; the token must hold ALL of them. */
930
+ permissions?: string[];
931
+ /** @description JWT to verify and authorize. */
932
+ token: string;
933
+ };
934
+ ClientCredentialsDto: {
935
+ /**
936
+ * @description M2M client identifier (m2m_*).
937
+ * @example m2m_a1b2c3d4e5f6...
938
+ */
939
+ client_id: string;
940
+ /** @description M2M client secret (issued at client creation, never returned again). */
941
+ client_secret: string;
942
+ /**
943
+ * @description OAuth grant type. Only 'client_credentials' is supported.
944
+ * @example client_credentials
945
+ */
946
+ grant_type: string;
947
+ };
948
+ ConsumerLogoutDto: {
949
+ /** @description Refresh token to revoke. The matching session is destroyed; the access token continues to verify until its TTL expires. */
950
+ refresh_token: string;
951
+ };
952
+ ConsumerRefreshDto: {
953
+ /** @description Refresh token returned from signin/signup/previous refresh. Each refresh rotates the token; the previous one is revoked. */
954
+ refresh_token: string;
955
+ };
956
+ ConsumerRequestResetDto: {
957
+ /**
958
+ * @description EndUser's email address. Always returns 201 (no enumeration); if the address exists, a reset code is emailed.
959
+ * @example jane@example.com
960
+ */
961
+ email: string;
962
+ };
963
+ ConsumerResetPasswordDto: {
964
+ /** @description New password. Must satisfy the app-configured policy. */
965
+ newPassword: string;
966
+ /**
967
+ * @description The 6-character code from the password-reset email.
968
+ * @example A1B2C3
969
+ */
970
+ token: string;
971
+ };
972
+ ConsumerSigninDto: {
973
+ /**
974
+ * @description Username or email — either accepted.
975
+ * @example jane_doe
976
+ */
977
+ identifier: string;
978
+ /** @description EndUser password. */
979
+ password: string;
980
+ };
981
+ ConsumerSignupDto: {
982
+ /**
983
+ * @description Optional display name shown back to the user.
984
+ * @example Jane Doe
985
+ */
986
+ displayName?: string;
987
+ /**
988
+ * @description EndUser email address. Used for verification + reset.
989
+ * @example jane@example.com
990
+ */
991
+ email: string;
992
+ /**
993
+ * @description Password. Must satisfy the app-configured policy (default: 8+ chars).
994
+ * @example CorrectHorseBatteryStaple
995
+ */
996
+ password: string;
997
+ /**
998
+ * @description Unique username inside the app. 3+ chars.
999
+ * @example jane_doe
1000
+ */
1001
+ username: string;
1002
+ };
1003
+ ConsumerTokenResponseDto: {
1004
+ /** @description Short-lived JWT signed with the app-scoped JWKS key. Carries sub, role, permissions[], type=end_user. */
1005
+ access_token: string;
1006
+ /**
1007
+ * @description Access-token lifetime in seconds.
1008
+ * @example 3600
1009
+ */
1010
+ expires_in: number;
1011
+ /** @description Long-lived opaque-ish JWT used to mint a new access token via /auth/refresh. Rotated on use. */
1012
+ refresh_token: string;
1013
+ /** @example Bearer */
1014
+ token_type: string;
1015
+ };
1016
+ CreateApiKeyDto: {
1017
+ /**
1018
+ * @description Human-readable label for this key (shown in the API keys list).
1019
+ * @example CI deploy bot
1020
+ */
1021
+ name: string;
1022
+ /**
1023
+ * @description Permission scope for the key. Each entry must match `resource.action` (lowercase + underscores).
1024
+ * @example [
1025
+ * "user.read",
1026
+ * "user.list"
1027
+ * ]
1028
+ */
1029
+ permissions: string[];
1030
+ };
1031
+ CreateAppDto: {
1032
+ /**
1033
+ * @description Display name shown in the console.
1034
+ * @example Acme
1035
+ */
1036
+ displayName: string;
1037
+ /**
1038
+ * @description URL-friendly app slug (lowercase letters, digits, hyphens).
1039
+ * @example acme-app
1040
+ */
1041
+ slug: string;
1042
+ };
1043
+ CreateInviteDto: {
1044
+ /**
1045
+ * @description Optional invitee email. If set, the invite is locked to that address.
1046
+ * @example alice@example.com
1047
+ */
1048
+ email?: string;
1049
+ /**
1050
+ * @description Hours until the invite expires. Defaults to 168 (7 days).
1051
+ * @example 168
1052
+ */
1053
+ expiresInHours?: number;
1054
+ /**
1055
+ * @description Maximum number of times this invite can be accepted. Defaults to 1.
1056
+ * @example 1
1057
+ */
1058
+ maxUses?: number;
1059
+ /**
1060
+ * @description Role slug to grant on accept (e.g. `admin`, `member`).
1061
+ * @example member
1062
+ */
1063
+ role: string;
1064
+ };
1065
+ CreateM2mClientDto: {
1066
+ /**
1067
+ * @description Client display name
1068
+ * @example CI Pipeline
1069
+ */
1070
+ name: string;
1071
+ };
1072
+ CreatePermissionDto: {
1073
+ /**
1074
+ * @description Action name
1075
+ * @example read
1076
+ */
1077
+ action: string;
1078
+ /** @example View projects */
1079
+ description?: string;
1080
+ /**
1081
+ * @description Resource name
1082
+ * @example project
1083
+ */
1084
+ resource: string;
1085
+ };
1086
+ CreateRoleDto: {
1087
+ /** @example Can edit content */
1088
+ description?: string;
1089
+ /** @example editor */
1090
+ name: string;
1091
+ };
1092
+ ExchangeDto: {
1093
+ /** @description Optional device fingerprint stored on the resulting session (UA, IP class, etc.). */
1094
+ deviceInfo?: Record<string, never>;
1095
+ /**
1096
+ * @description The opaque grant returned from the IdP callback.
1097
+ * @example g_8z…
1098
+ */
1099
+ grant: string;
1100
+ };
1101
+ IdTokenVerifyDto: {
1102
+ /** @description Optional device fingerprint stored on the resulting session. */
1103
+ deviceInfo?: Record<string, never>;
1104
+ /**
1105
+ * @description OIDC ID token from the IdP.
1106
+ * @example eyJhbGciOi…
1107
+ */
1108
+ idToken: string;
1109
+ /**
1110
+ * @description `login` to sign in (or sign up if new), `link` to attach the IdP identity to an already-signed-in account.
1111
+ * @example login
1112
+ * @enum {string}
1113
+ */
1114
+ mode: "login" | "link";
1115
+ };
1116
+ SetPermissionsDto: {
1117
+ /**
1118
+ * @description Array of permission strings in resource.action format
1119
+ * @example [
1120
+ * "user.read",
1121
+ * "role.create"
1122
+ * ]
1123
+ */
1124
+ permissions: string[];
1125
+ };
1126
+ SetScopesDto: {
1127
+ /**
1128
+ * @description Permission strings in resource.action format to assign as scopes
1129
+ * @example [
1130
+ * "user.read",
1131
+ * "app.read"
1132
+ * ]
1133
+ */
1134
+ permissions: string[];
1135
+ };
1136
+ StartDto: {
1137
+ /**
1138
+ * @description `login` to sign in (or sign up if new), `link` to attach the IdP identity to an already-signed-in account.
1139
+ * @example login
1140
+ * @enum {string}
1141
+ */
1142
+ mode: "login" | "link";
1143
+ /** @description PKCE code challenge (S256). Required for public clients; optional for confidential clients. */
1144
+ pkceChallenge?: string;
1145
+ /**
1146
+ * @description URL the IdP should redirect back to after the user authenticates. Must be a localhost URL or a productcraft.co subdomain.
1147
+ * @example https://app.productcraft.co/oauth/callback
1148
+ */
1149
+ redirectUri: string;
1150
+ };
1151
+ UpdateAppDto: {
1152
+ /**
1153
+ * @description New display name
1154
+ * @example Acme Corp
1155
+ */
1156
+ displayName?: string;
1157
+ /**
1158
+ * @description Arbitrary metadata attached to the app
1159
+ * @example {
1160
+ * "plan": "pro",
1161
+ * "region": "us-east-1"
1162
+ * }
1163
+ */
1164
+ metadata?: Record<string, never>;
1165
+ };
1166
+ UpdateAppStatusDto: {
1167
+ /**
1168
+ * @description New app status
1169
+ * @example suspended
1170
+ * @enum {string}
1171
+ */
1172
+ status: "active" | "suspended" | "archived";
1173
+ };
1174
+ UpdateAuthConfigDto: {
1175
+ /**
1176
+ * @description Failed-login attempts before the EndUser account is locked.
1177
+ * @example 5
1178
+ */
1179
+ maxFailedLoginAttempts?: number;
1180
+ /**
1181
+ * @description Maximum concurrent sessions per EndUser. Oldest is evicted on overflow.
1182
+ * @example 5
1183
+ */
1184
+ maxSessions?: number;
1185
+ /**
1186
+ * @description Minimum password length (NIST minimum is 8).
1187
+ * @example 12
1188
+ */
1189
+ passwordMinLength?: number;
1190
+ /** @description Require a digit in passwords. */
1191
+ passwordRequireNumber?: boolean;
1192
+ /** @description Require a symbol in passwords. */
1193
+ passwordRequireSymbol?: boolean;
1194
+ /** @description Require an uppercase letter in passwords. */
1195
+ passwordRequireUppercase?: boolean;
1196
+ /**
1197
+ * @description Session lifetime in minutes (1 minute to 30 days).
1198
+ * @example 10080
1199
+ */
1200
+ sessionDurationMinutes?: number;
1201
+ /** @description Whether existing EndUsers can sign in. */
1202
+ signinEnabled?: boolean;
1203
+ /**
1204
+ * @description Optional allowlist of email domains for signup. Empty array = any domain.
1205
+ * @example [
1206
+ * "acme.com",
1207
+ * "acme.io"
1208
+ * ]
1209
+ */
1210
+ signupAllowedEmailDomains?: string[];
1211
+ /**
1212
+ * @description Role slug newly-signed-up EndUsers receive (e.g. `member`).
1213
+ * @example member
1214
+ */
1215
+ signupDefaultRole?: string;
1216
+ /** @description Whether new EndUsers can sign up. */
1217
+ signupEnabled?: boolean;
1218
+ };
1219
+ UpdateEndUserDto: {
1220
+ /** @description New display name */
1221
+ displayName?: string;
1222
+ /** @description New primary email */
1223
+ email?: string;
1224
+ };
1225
+ UpdateEndUserRoleDto: {
1226
+ /**
1227
+ * @description Name of the role to assign
1228
+ * @example admin
1229
+ */
1230
+ roleName: string;
1231
+ };
1232
+ UpdateEndUserStatusDto: {
1233
+ /**
1234
+ * @description New end-user status
1235
+ * @example suspended
1236
+ * @enum {string}
1237
+ */
1238
+ status: "active" | "suspended" | "deactivated";
1239
+ };
1240
+ UpdateM2mClientDto: {
1241
+ /** @description Set active or inactive */
1242
+ isActive?: boolean;
1243
+ };
1244
+ UpdateMeDto: {
1245
+ /**
1246
+ * @description New display name. Pass an empty string to clear it; omit to leave unchanged.
1247
+ * @example Ada Lovelace
1248
+ */
1249
+ displayName?: string;
1250
+ };
1251
+ UpdateRoleDto: {
1252
+ /** @example Updated description */
1253
+ description?: string;
1254
+ };
1255
+ VerifyBody: {
1256
+ /** @description EndUser or M2M JWT to verify against the app JWKS. */
1257
+ token: string;
1258
+ };
1259
+ };
1260
+ responses: never;
1261
+ parameters: never;
1262
+ requestBodies: never;
1263
+ headers: never;
1264
+ pathItems: never;
1265
+ }
1266
+ interface operations {
1267
+ AppController_listMyApps: {
1268
+ parameters: {
1269
+ query: {
1270
+ limit: string;
1271
+ cursor: string;
1272
+ };
1273
+ header?: never;
1274
+ path?: never;
1275
+ cookie?: never;
1276
+ };
1277
+ requestBody?: never;
1278
+ responses: {
1279
+ 200: {
1280
+ headers: {
1281
+ [name: string]: unknown;
1282
+ };
1283
+ content?: never;
1284
+ };
1285
+ };
1286
+ };
1287
+ AppController_createApp: {
1288
+ parameters: {
1289
+ query?: never;
1290
+ header?: never;
1291
+ path?: never;
1292
+ cookie?: never;
1293
+ };
1294
+ requestBody: {
1295
+ content: {
1296
+ "application/json": components["schemas"]["CreateAppDto"];
1297
+ };
1298
+ };
1299
+ responses: {
1300
+ /** @description App created. */
1301
+ 201: {
1302
+ headers: {
1303
+ [name: string]: unknown;
1304
+ };
1305
+ content?: never;
1306
+ };
1307
+ /** @description Validation failure (slug or display name). */
1308
+ 400: {
1309
+ headers: {
1310
+ [name: string]: unknown;
1311
+ };
1312
+ content?: never;
1313
+ };
1314
+ /** @description Caller email not verified. */
1315
+ 403: {
1316
+ headers: {
1317
+ [name: string]: unknown;
1318
+ };
1319
+ content?: never;
1320
+ };
1321
+ /** @description Slug already taken. */
1322
+ 409: {
1323
+ headers: {
1324
+ [name: string]: unknown;
1325
+ };
1326
+ content?: never;
1327
+ };
1328
+ };
1329
+ };
1330
+ AppController_acceptInvite: {
1331
+ parameters: {
1332
+ query?: never;
1333
+ header?: never;
1334
+ path?: never;
1335
+ cookie?: never;
1336
+ };
1337
+ requestBody: {
1338
+ content: {
1339
+ "application/json": components["schemas"]["AcceptInviteDto"];
1340
+ };
1341
+ };
1342
+ responses: {
1343
+ 201: {
1344
+ headers: {
1345
+ [name: string]: unknown;
1346
+ };
1347
+ content?: never;
1348
+ };
1349
+ };
1350
+ };
1351
+ AppController_getApp: {
1352
+ parameters: {
1353
+ query?: never;
1354
+ header?: never;
1355
+ path: {
1356
+ appId: string;
1357
+ };
1358
+ cookie?: never;
1359
+ };
1360
+ requestBody?: never;
1361
+ responses: {
1362
+ 200: {
1363
+ headers: {
1364
+ [name: string]: unknown;
1365
+ };
1366
+ content?: never;
1367
+ };
1368
+ };
1369
+ };
1370
+ AppController_deleteApp: {
1371
+ parameters: {
1372
+ query?: never;
1373
+ header?: never;
1374
+ path: {
1375
+ appId: string;
1376
+ };
1377
+ cookie?: never;
1378
+ };
1379
+ requestBody?: never;
1380
+ responses: {
1381
+ /** @description App deleted. */
1382
+ 204: {
1383
+ headers: {
1384
+ [name: string]: unknown;
1385
+ };
1386
+ content?: never;
1387
+ };
1388
+ /** @description Caller lacks `app.delete`. */
1389
+ 403: {
1390
+ headers: {
1391
+ [name: string]: unknown;
1392
+ };
1393
+ content?: never;
1394
+ };
1395
+ /** @description App not found or caller is not a member. */
1396
+ 404: {
1397
+ headers: {
1398
+ [name: string]: unknown;
1399
+ };
1400
+ content?: never;
1401
+ };
1402
+ };
1403
+ };
1404
+ AppController_updateApp: {
1405
+ parameters: {
1406
+ query?: never;
1407
+ header?: never;
1408
+ path: {
1409
+ appId: string;
1410
+ };
1411
+ cookie?: never;
1412
+ };
1413
+ requestBody: {
1414
+ content: {
1415
+ "application/json": components["schemas"]["UpdateAppDto"];
1416
+ };
1417
+ };
1418
+ responses: {
1419
+ 200: {
1420
+ headers: {
1421
+ [name: string]: unknown;
1422
+ };
1423
+ content?: never;
1424
+ };
1425
+ };
1426
+ };
1427
+ ApiKeyController_listApiKeys: {
1428
+ parameters: {
1429
+ query?: never;
1430
+ header?: never;
1431
+ path: {
1432
+ appId: string;
1433
+ };
1434
+ cookie?: never;
1435
+ };
1436
+ requestBody?: never;
1437
+ responses: {
1438
+ 200: {
1439
+ headers: {
1440
+ [name: string]: unknown;
1441
+ };
1442
+ content?: never;
1443
+ };
1444
+ };
1445
+ };
1446
+ ApiKeyController_createApiKey: {
1447
+ parameters: {
1448
+ query?: never;
1449
+ header?: never;
1450
+ path: {
1451
+ appId: string;
1452
+ };
1453
+ cookie?: never;
1454
+ };
1455
+ requestBody: {
1456
+ content: {
1457
+ "application/json": components["schemas"]["CreateApiKeyDto"];
1458
+ };
1459
+ };
1460
+ responses: {
1461
+ 201: {
1462
+ headers: {
1463
+ [name: string]: unknown;
1464
+ };
1465
+ content?: never;
1466
+ };
1467
+ };
1468
+ };
1469
+ ApiKeyController_deleteApiKey: {
1470
+ parameters: {
1471
+ query?: never;
1472
+ header?: never;
1473
+ path: {
1474
+ appId: string;
1475
+ keyId: string;
1476
+ };
1477
+ cookie?: never;
1478
+ };
1479
+ requestBody?: never;
1480
+ responses: {
1481
+ 204: {
1482
+ headers: {
1483
+ [name: string]: unknown;
1484
+ };
1485
+ content?: never;
1486
+ };
1487
+ };
1488
+ };
1489
+ AppAuditController_getAuditLogs: {
1490
+ parameters: {
1491
+ query: {
1492
+ limit: string;
1493
+ cursor: string;
1494
+ action: string;
1495
+ actor_id: string;
1496
+ };
1497
+ header?: never;
1498
+ path: {
1499
+ appId: string;
1500
+ };
1501
+ cookie?: never;
1502
+ };
1503
+ requestBody?: never;
1504
+ responses: {
1505
+ /** @description Page of audit entries with `next_cursor` and `has_more`. */
1506
+ 200: {
1507
+ headers: {
1508
+ [name: string]: unknown;
1509
+ };
1510
+ content?: never;
1511
+ };
1512
+ /** @description Caller lacks `audit.read`. */
1513
+ 403: {
1514
+ headers: {
1515
+ [name: string]: unknown;
1516
+ };
1517
+ content?: never;
1518
+ };
1519
+ /** @description App not found or caller is not a member. */
1520
+ 404: {
1521
+ headers: {
1522
+ [name: string]: unknown;
1523
+ };
1524
+ content?: never;
1525
+ };
1526
+ };
1527
+ };
1528
+ AuthConfigController_getConfig: {
1529
+ parameters: {
1530
+ query?: never;
1531
+ header?: never;
1532
+ path: {
1533
+ appId: string;
1534
+ };
1535
+ cookie?: never;
1536
+ };
1537
+ requestBody?: never;
1538
+ responses: {
1539
+ 200: {
1540
+ headers: {
1541
+ [name: string]: unknown;
1542
+ };
1543
+ content?: never;
1544
+ };
1545
+ };
1546
+ };
1547
+ AuthConfigController_updateConfig: {
1548
+ parameters: {
1549
+ query?: never;
1550
+ header?: never;
1551
+ path: {
1552
+ appId: string;
1553
+ };
1554
+ cookie?: never;
1555
+ };
1556
+ requestBody: {
1557
+ content: {
1558
+ "application/json": components["schemas"]["UpdateAuthConfigDto"];
1559
+ };
1560
+ };
1561
+ responses: {
1562
+ 200: {
1563
+ headers: {
1564
+ [name: string]: unknown;
1565
+ };
1566
+ content?: never;
1567
+ };
1568
+ };
1569
+ };
1570
+ M2mController_listClients: {
1571
+ parameters: {
1572
+ query: {
1573
+ limit: string;
1574
+ cursor: string;
1575
+ };
1576
+ header?: never;
1577
+ path: {
1578
+ appId: string;
1579
+ };
1580
+ cookie?: never;
1581
+ };
1582
+ requestBody?: never;
1583
+ responses: {
1584
+ 200: {
1585
+ headers: {
1586
+ [name: string]: unknown;
1587
+ };
1588
+ content?: never;
1589
+ };
1590
+ };
1591
+ };
1592
+ M2mController_createClient: {
1593
+ parameters: {
1594
+ query?: never;
1595
+ header?: never;
1596
+ path: {
1597
+ appId: string;
1598
+ };
1599
+ cookie?: never;
1600
+ };
1601
+ requestBody: {
1602
+ content: {
1603
+ "application/json": components["schemas"]["CreateM2mClientDto"];
1604
+ };
1605
+ };
1606
+ responses: {
1607
+ /** @description M2M client created. Plaintext secret is returned ONCE in this response. */
1608
+ 201: {
1609
+ headers: {
1610
+ [name: string]: unknown;
1611
+ };
1612
+ content?: never;
1613
+ };
1614
+ /** @description Validation failure (missing or invalid name). */
1615
+ 400: {
1616
+ headers: {
1617
+ [name: string]: unknown;
1618
+ };
1619
+ content?: never;
1620
+ };
1621
+ /** @description Caller email not verified, or lacks `m2m.create`. */
1622
+ 403: {
1623
+ headers: {
1624
+ [name: string]: unknown;
1625
+ };
1626
+ content?: never;
1627
+ };
1628
+ /** @description App not found or caller is not a member. */
1629
+ 404: {
1630
+ headers: {
1631
+ [name: string]: unknown;
1632
+ };
1633
+ content?: never;
1634
+ };
1635
+ };
1636
+ };
1637
+ M2mController_getClient: {
1638
+ parameters: {
1639
+ query?: never;
1640
+ header?: never;
1641
+ path: {
1642
+ appId: string;
1643
+ clientId: string;
1644
+ };
1645
+ cookie?: never;
1646
+ };
1647
+ requestBody?: never;
1648
+ responses: {
1649
+ 200: {
1650
+ headers: {
1651
+ [name: string]: unknown;
1652
+ };
1653
+ content?: never;
1654
+ };
1655
+ };
1656
+ };
1657
+ M2mController_deleteClient: {
1658
+ parameters: {
1659
+ query?: never;
1660
+ header?: never;
1661
+ path: {
1662
+ appId: string;
1663
+ clientId: string;
1664
+ };
1665
+ cookie?: never;
1666
+ };
1667
+ requestBody?: never;
1668
+ responses: {
1669
+ /** @description M2M client deleted. */
1670
+ 204: {
1671
+ headers: {
1672
+ [name: string]: unknown;
1673
+ };
1674
+ content?: never;
1675
+ };
1676
+ /** @description Caller lacks `m2m.delete`. */
1677
+ 403: {
1678
+ headers: {
1679
+ [name: string]: unknown;
1680
+ };
1681
+ content?: never;
1682
+ };
1683
+ /** @description M2M client not found in this app. */
1684
+ 404: {
1685
+ headers: {
1686
+ [name: string]: unknown;
1687
+ };
1688
+ content?: never;
1689
+ };
1690
+ };
1691
+ };
1692
+ M2mController_updateClient: {
1693
+ parameters: {
1694
+ query?: never;
1695
+ header?: never;
1696
+ path: {
1697
+ appId: string;
1698
+ clientId: string;
1699
+ };
1700
+ cookie?: never;
1701
+ };
1702
+ requestBody: {
1703
+ content: {
1704
+ "application/json": components["schemas"]["UpdateM2mClientDto"];
1705
+ };
1706
+ };
1707
+ responses: {
1708
+ 200: {
1709
+ headers: {
1710
+ [name: string]: unknown;
1711
+ };
1712
+ content?: never;
1713
+ };
1714
+ };
1715
+ };
1716
+ M2mController_rotateSecret: {
1717
+ parameters: {
1718
+ query?: never;
1719
+ header?: never;
1720
+ path: {
1721
+ appId: string;
1722
+ clientId: string;
1723
+ };
1724
+ cookie?: never;
1725
+ };
1726
+ requestBody?: never;
1727
+ responses: {
1728
+ /** @description New secret generated and returned ONCE. */
1729
+ 200: {
1730
+ headers: {
1731
+ [name: string]: unknown;
1732
+ };
1733
+ content?: never;
1734
+ };
1735
+ /** @description Caller lacks `m2m.rotate-secret`. */
1736
+ 403: {
1737
+ headers: {
1738
+ [name: string]: unknown;
1739
+ };
1740
+ content?: never;
1741
+ };
1742
+ /** @description M2M client not found in this app. */
1743
+ 404: {
1744
+ headers: {
1745
+ [name: string]: unknown;
1746
+ };
1747
+ content?: never;
1748
+ };
1749
+ };
1750
+ };
1751
+ M2mController_setScopes: {
1752
+ parameters: {
1753
+ query?: never;
1754
+ header?: never;
1755
+ path: {
1756
+ appId: string;
1757
+ clientId: string;
1758
+ };
1759
+ cookie?: never;
1760
+ };
1761
+ requestBody: {
1762
+ content: {
1763
+ "application/json": components["schemas"]["SetScopesDto"];
1764
+ };
1765
+ };
1766
+ responses: {
1767
+ 200: {
1768
+ headers: {
1769
+ [name: string]: unknown;
1770
+ };
1771
+ content?: never;
1772
+ };
1773
+ };
1774
+ };
1775
+ EndUserController_listEndUsers: {
1776
+ parameters: {
1777
+ query: {
1778
+ limit: string;
1779
+ cursor: string;
1780
+ status: string;
1781
+ search: string;
1782
+ };
1783
+ header?: never;
1784
+ path: {
1785
+ appId: string;
1786
+ };
1787
+ cookie?: never;
1788
+ };
1789
+ requestBody?: never;
1790
+ responses: {
1791
+ 200: {
1792
+ headers: {
1793
+ [name: string]: unknown;
1794
+ };
1795
+ content?: never;
1796
+ };
1797
+ };
1798
+ };
1799
+ EndUserController_getEndUser: {
1800
+ parameters: {
1801
+ query?: never;
1802
+ header?: never;
1803
+ path: {
1804
+ appId: string;
1805
+ userId: string;
1806
+ };
1807
+ cookie?: never;
1808
+ };
1809
+ requestBody?: never;
1810
+ responses: {
1811
+ 200: {
1812
+ headers: {
1813
+ [name: string]: unknown;
1814
+ };
1815
+ content?: never;
1816
+ };
1817
+ };
1818
+ };
1819
+ EndUserController_deleteEndUser: {
1820
+ parameters: {
1821
+ query?: never;
1822
+ header?: never;
1823
+ path: {
1824
+ appId: string;
1825
+ userId: string;
1826
+ };
1827
+ cookie?: never;
1828
+ };
1829
+ requestBody?: never;
1830
+ responses: {
1831
+ 204: {
1832
+ headers: {
1833
+ [name: string]: unknown;
1834
+ };
1835
+ content?: never;
1836
+ };
1837
+ };
1838
+ };
1839
+ EndUserController_updateEndUser: {
1840
+ parameters: {
1841
+ query?: never;
1842
+ header?: never;
1843
+ path: {
1844
+ appId: string;
1845
+ userId: string;
1846
+ };
1847
+ cookie?: never;
1848
+ };
1849
+ requestBody: {
1850
+ content: {
1851
+ "application/json": components["schemas"]["UpdateEndUserDto"];
1852
+ };
1853
+ };
1854
+ responses: {
1855
+ 200: {
1856
+ headers: {
1857
+ [name: string]: unknown;
1858
+ };
1859
+ content?: never;
1860
+ };
1861
+ };
1862
+ };
1863
+ EndUserController_updateRole: {
1864
+ parameters: {
1865
+ query?: never;
1866
+ header?: never;
1867
+ path: {
1868
+ appId: string;
1869
+ userId: string;
1870
+ };
1871
+ cookie?: never;
1872
+ };
1873
+ requestBody: {
1874
+ content: {
1875
+ "application/json": components["schemas"]["UpdateEndUserRoleDto"];
1876
+ };
1877
+ };
1878
+ responses: {
1879
+ 200: {
1880
+ headers: {
1881
+ [name: string]: unknown;
1882
+ };
1883
+ content?: never;
1884
+ };
1885
+ };
1886
+ };
1887
+ EndUserController_revokeAllSessions: {
1888
+ parameters: {
1889
+ query?: never;
1890
+ header?: never;
1891
+ path: {
1892
+ userId: string;
1893
+ };
1894
+ cookie?: never;
1895
+ };
1896
+ requestBody?: never;
1897
+ responses: {
1898
+ 204: {
1899
+ headers: {
1900
+ [name: string]: unknown;
1901
+ };
1902
+ content?: never;
1903
+ };
1904
+ };
1905
+ };
1906
+ EndUserController_updateStatus: {
1907
+ parameters: {
1908
+ query?: never;
1909
+ header?: never;
1910
+ path: {
1911
+ appId: string;
1912
+ userId: string;
1913
+ };
1914
+ cookie?: never;
1915
+ };
1916
+ requestBody: {
1917
+ content: {
1918
+ "application/json": components["schemas"]["UpdateEndUserStatusDto"];
1919
+ };
1920
+ };
1921
+ responses: {
1922
+ 200: {
1923
+ headers: {
1924
+ [name: string]: unknown;
1925
+ };
1926
+ content?: never;
1927
+ };
1928
+ };
1929
+ };
1930
+ AppController_listInvites: {
1931
+ parameters: {
1932
+ query: {
1933
+ limit: string;
1934
+ cursor: string;
1935
+ };
1936
+ header?: never;
1937
+ path: {
1938
+ appId: string;
1939
+ };
1940
+ cookie?: never;
1941
+ };
1942
+ requestBody?: never;
1943
+ responses: {
1944
+ 200: {
1945
+ headers: {
1946
+ [name: string]: unknown;
1947
+ };
1948
+ content?: never;
1949
+ };
1950
+ };
1951
+ };
1952
+ AppController_createInvite: {
1953
+ parameters: {
1954
+ query?: never;
1955
+ header?: never;
1956
+ path: {
1957
+ appId: string;
1958
+ };
1959
+ cookie?: never;
1960
+ };
1961
+ requestBody: {
1962
+ content: {
1963
+ "application/json": components["schemas"]["CreateInviteDto"];
1964
+ };
1965
+ };
1966
+ responses: {
1967
+ /** @description Invite created. */
1968
+ 201: {
1969
+ headers: {
1970
+ [name: string]: unknown;
1971
+ };
1972
+ content?: never;
1973
+ };
1974
+ /** @description Validation failure or unknown role slug. */
1975
+ 400: {
1976
+ headers: {
1977
+ [name: string]: unknown;
1978
+ };
1979
+ content?: never;
1980
+ };
1981
+ /** @description Caller email not verified, or lacks `role.assign`. */
1982
+ 403: {
1983
+ headers: {
1984
+ [name: string]: unknown;
1985
+ };
1986
+ content?: never;
1987
+ };
1988
+ /** @description App not found or caller is not a member. */
1989
+ 404: {
1990
+ headers: {
1991
+ [name: string]: unknown;
1992
+ };
1993
+ content?: never;
1994
+ };
1995
+ };
1996
+ };
1997
+ AppController_revokeInvite: {
1998
+ parameters: {
1999
+ query?: never;
2000
+ header?: never;
2001
+ path: {
2002
+ appId: string;
2003
+ inviteId: string;
2004
+ };
2005
+ cookie?: never;
2006
+ };
2007
+ requestBody?: never;
2008
+ responses: {
2009
+ 204: {
2010
+ headers: {
2011
+ [name: string]: unknown;
2012
+ };
2013
+ content?: never;
2014
+ };
2015
+ };
2016
+ };
2017
+ AppController_listMembers: {
2018
+ parameters: {
2019
+ query: {
2020
+ limit: string;
2021
+ cursor: string;
2022
+ };
2023
+ header?: never;
2024
+ path: {
2025
+ appId: string;
2026
+ };
2027
+ cookie?: never;
2028
+ };
2029
+ requestBody?: never;
2030
+ responses: {
2031
+ 200: {
2032
+ headers: {
2033
+ [name: string]: unknown;
2034
+ };
2035
+ content?: never;
2036
+ };
2037
+ };
2038
+ };
2039
+ AppController_removeMember: {
2040
+ parameters: {
2041
+ query?: never;
2042
+ header?: never;
2043
+ path: {
2044
+ appId: string;
2045
+ accountId: string;
2046
+ };
2047
+ cookie?: never;
2048
+ };
2049
+ requestBody?: never;
2050
+ responses: {
2051
+ 204: {
2052
+ headers: {
2053
+ [name: string]: unknown;
2054
+ };
2055
+ content?: never;
2056
+ };
2057
+ };
2058
+ };
2059
+ PermissionController_listPermissions: {
2060
+ parameters: {
2061
+ query?: never;
2062
+ header?: never;
2063
+ path: {
2064
+ appId: string;
2065
+ };
2066
+ cookie?: never;
2067
+ };
2068
+ requestBody?: never;
2069
+ responses: {
2070
+ 200: {
2071
+ headers: {
2072
+ [name: string]: unknown;
2073
+ };
2074
+ content?: never;
2075
+ };
2076
+ };
2077
+ };
2078
+ PermissionController_createPermission: {
2079
+ parameters: {
2080
+ query?: never;
2081
+ header?: never;
2082
+ path: {
2083
+ appId: string;
2084
+ };
2085
+ cookie?: never;
2086
+ };
2087
+ requestBody: {
2088
+ content: {
2089
+ "application/json": components["schemas"]["CreatePermissionDto"];
2090
+ };
2091
+ };
2092
+ responses: {
2093
+ 201: {
2094
+ headers: {
2095
+ [name: string]: unknown;
2096
+ };
2097
+ content?: never;
2098
+ };
2099
+ };
2100
+ };
2101
+ PermissionController_deletePermission: {
2102
+ parameters: {
2103
+ query?: never;
2104
+ header?: never;
2105
+ path: {
2106
+ appId: string;
2107
+ permissionKey: string;
2108
+ };
2109
+ cookie?: never;
2110
+ };
2111
+ requestBody?: never;
2112
+ responses: {
2113
+ 204: {
2114
+ headers: {
2115
+ [name: string]: unknown;
2116
+ };
2117
+ content?: never;
2118
+ };
2119
+ };
2120
+ };
2121
+ RoleController_listRoles: {
2122
+ parameters: {
2123
+ query: {
2124
+ limit: string;
2125
+ cursor: string;
2126
+ };
2127
+ header?: never;
2128
+ path: {
2129
+ appId: string;
2130
+ };
2131
+ cookie?: never;
2132
+ };
2133
+ requestBody?: never;
2134
+ responses: {
2135
+ 200: {
2136
+ headers: {
2137
+ [name: string]: unknown;
2138
+ };
2139
+ content?: never;
2140
+ };
2141
+ };
2142
+ };
2143
+ RoleController_createRole: {
2144
+ parameters: {
2145
+ query?: never;
2146
+ header?: never;
2147
+ path: {
2148
+ appId: string;
2149
+ };
2150
+ cookie?: never;
2151
+ };
2152
+ requestBody: {
2153
+ content: {
2154
+ "application/json": components["schemas"]["CreateRoleDto"];
2155
+ };
2156
+ };
2157
+ responses: {
2158
+ 201: {
2159
+ headers: {
2160
+ [name: string]: unknown;
2161
+ };
2162
+ content?: never;
2163
+ };
2164
+ };
2165
+ };
2166
+ RoleController_assignRole: {
2167
+ parameters: {
2168
+ query?: never;
2169
+ header?: never;
2170
+ path: {
2171
+ appId: string;
2172
+ };
2173
+ cookie?: never;
2174
+ };
2175
+ requestBody: {
2176
+ content: {
2177
+ "application/json": components["schemas"]["AssignRoleDto"];
2178
+ };
2179
+ };
2180
+ responses: {
2181
+ 201: {
2182
+ headers: {
2183
+ [name: string]: unknown;
2184
+ };
2185
+ content?: never;
2186
+ };
2187
+ };
2188
+ };
2189
+ RoleController_listPermissions: {
2190
+ parameters: {
2191
+ query?: never;
2192
+ header?: never;
2193
+ path: {
2194
+ appId: string;
2195
+ };
2196
+ cookie?: never;
2197
+ };
2198
+ requestBody?: never;
2199
+ responses: {
2200
+ 200: {
2201
+ headers: {
2202
+ [name: string]: unknown;
2203
+ };
2204
+ content?: never;
2205
+ };
2206
+ };
2207
+ };
2208
+ RoleController_getRole: {
2209
+ parameters: {
2210
+ query?: never;
2211
+ header?: never;
2212
+ path: {
2213
+ roleName: string;
2214
+ };
2215
+ cookie?: never;
2216
+ };
2217
+ requestBody?: never;
2218
+ responses: {
2219
+ 200: {
2220
+ headers: {
2221
+ [name: string]: unknown;
2222
+ };
2223
+ content?: never;
2224
+ };
2225
+ };
2226
+ };
2227
+ RoleController_deleteRole: {
2228
+ parameters: {
2229
+ query?: never;
2230
+ header?: never;
2231
+ path: {
2232
+ roleName: string;
2233
+ };
2234
+ cookie?: never;
2235
+ };
2236
+ requestBody?: never;
2237
+ responses: {
2238
+ 204: {
2239
+ headers: {
2240
+ [name: string]: unknown;
2241
+ };
2242
+ content?: never;
2243
+ };
2244
+ };
2245
+ };
2246
+ RoleController_updateRole: {
2247
+ parameters: {
2248
+ query?: never;
2249
+ header?: never;
2250
+ path: {
2251
+ roleName: string;
2252
+ };
2253
+ cookie?: never;
2254
+ };
2255
+ requestBody: {
2256
+ content: {
2257
+ "application/json": components["schemas"]["UpdateRoleDto"];
2258
+ };
2259
+ };
2260
+ responses: {
2261
+ 200: {
2262
+ headers: {
2263
+ [name: string]: unknown;
2264
+ };
2265
+ content?: never;
2266
+ };
2267
+ };
2268
+ };
2269
+ RoleController_setPermissions: {
2270
+ parameters: {
2271
+ query?: never;
2272
+ header?: never;
2273
+ path: {
2274
+ appId: string;
2275
+ roleName: string;
2276
+ };
2277
+ cookie?: never;
2278
+ };
2279
+ requestBody: {
2280
+ content: {
2281
+ "application/json": components["schemas"]["SetPermissionsDto"];
2282
+ };
2283
+ };
2284
+ responses: {
2285
+ 200: {
2286
+ headers: {
2287
+ [name: string]: unknown;
2288
+ };
2289
+ content?: never;
2290
+ };
2291
+ };
2292
+ };
2293
+ AppController_updateAppStatus: {
2294
+ parameters: {
2295
+ query?: never;
2296
+ header?: never;
2297
+ path: {
2298
+ appId: string;
2299
+ };
2300
+ cookie?: never;
2301
+ };
2302
+ requestBody: {
2303
+ content: {
2304
+ "application/json": components["schemas"]["UpdateAppStatusDto"];
2305
+ };
2306
+ };
2307
+ responses: {
2308
+ /** @description Status updated. */
2309
+ 200: {
2310
+ headers: {
2311
+ [name: string]: unknown;
2312
+ };
2313
+ content?: never;
2314
+ };
2315
+ /** @description Invalid status transition (e.g. archived → active). */
2316
+ 400: {
2317
+ headers: {
2318
+ [name: string]: unknown;
2319
+ };
2320
+ content?: never;
2321
+ };
2322
+ /** @description Caller lacks `app.update`. */
2323
+ 403: {
2324
+ headers: {
2325
+ [name: string]: unknown;
2326
+ };
2327
+ content?: never;
2328
+ };
2329
+ /** @description App not found or caller is not a member. */
2330
+ 404: {
2331
+ headers: {
2332
+ [name: string]: unknown;
2333
+ };
2334
+ content?: never;
2335
+ };
2336
+ };
2337
+ };
2338
+ IdpController_exchange: {
2339
+ parameters: {
2340
+ query?: never;
2341
+ header?: never;
2342
+ path?: never;
2343
+ cookie?: never;
2344
+ };
2345
+ requestBody: {
2346
+ content: {
2347
+ "application/json": components["schemas"]["ExchangeDto"];
2348
+ };
2349
+ };
2350
+ responses: {
2351
+ 200: {
2352
+ headers: {
2353
+ [name: string]: unknown;
2354
+ };
2355
+ content?: never;
2356
+ };
2357
+ };
2358
+ };
2359
+ IdpController_list: {
2360
+ parameters: {
2361
+ query?: never;
2362
+ header?: never;
2363
+ path?: never;
2364
+ cookie?: never;
2365
+ };
2366
+ requestBody?: never;
2367
+ responses: {
2368
+ 200: {
2369
+ headers: {
2370
+ [name: string]: unknown;
2371
+ };
2372
+ content?: never;
2373
+ };
2374
+ };
2375
+ };
2376
+ IdpController_redirect: {
2377
+ parameters: {
2378
+ query?: never;
2379
+ header?: never;
2380
+ path: {
2381
+ provider: string;
2382
+ };
2383
+ cookie?: never;
2384
+ };
2385
+ requestBody?: never;
2386
+ responses: {
2387
+ 200: {
2388
+ headers: {
2389
+ [name: string]: unknown;
2390
+ };
2391
+ content?: never;
2392
+ };
2393
+ };
2394
+ };
2395
+ IdpController_start: {
2396
+ parameters: {
2397
+ query: {
2398
+ response: string;
2399
+ };
2400
+ header?: never;
2401
+ path: {
2402
+ provider: string;
2403
+ };
2404
+ cookie?: never;
2405
+ };
2406
+ requestBody: {
2407
+ content: {
2408
+ "application/json": components["schemas"]["StartDto"];
2409
+ };
2410
+ };
2411
+ responses: {
2412
+ 201: {
2413
+ headers: {
2414
+ [name: string]: unknown;
2415
+ };
2416
+ content?: never;
2417
+ };
2418
+ };
2419
+ };
2420
+ IdpController_verifyIdToken: {
2421
+ parameters: {
2422
+ query?: never;
2423
+ header?: never;
2424
+ path: {
2425
+ provider: string;
2426
+ };
2427
+ cookie?: never;
2428
+ };
2429
+ requestBody: {
2430
+ content: {
2431
+ "application/json": components["schemas"]["IdTokenVerifyDto"];
2432
+ };
2433
+ };
2434
+ responses: {
2435
+ 200: {
2436
+ headers: {
2437
+ [name: string]: unknown;
2438
+ };
2439
+ content?: never;
2440
+ };
2441
+ };
2442
+ };
2443
+ StatsController_getMyStats: {
2444
+ parameters: {
2445
+ query?: never;
2446
+ header?: never;
2447
+ path?: never;
2448
+ cookie?: never;
2449
+ };
2450
+ requestBody?: never;
2451
+ responses: {
2452
+ /** @description Aggregate counts. */
2453
+ 200: {
2454
+ headers: {
2455
+ [name: string]: unknown;
2456
+ };
2457
+ content: {
2458
+ "application/json": unknown;
2459
+ };
2460
+ };
2461
+ };
2462
+ };
2463
+ ConsumerJwksController_getJwks: {
2464
+ parameters: {
2465
+ query?: never;
2466
+ header?: never;
2467
+ path: {
2468
+ appSlug: string;
2469
+ };
2470
+ cookie?: never;
2471
+ };
2472
+ requestBody?: never;
2473
+ responses: {
2474
+ 200: {
2475
+ headers: {
2476
+ [name: string]: unknown;
2477
+ };
2478
+ content?: never;
2479
+ };
2480
+ };
2481
+ };
2482
+ ConsumerAuthController_logout: {
2483
+ parameters: {
2484
+ query?: never;
2485
+ header?: never;
2486
+ path: {
2487
+ appSlug: string;
2488
+ };
2489
+ cookie?: never;
2490
+ };
2491
+ requestBody: {
2492
+ content: {
2493
+ "application/json": components["schemas"]["ConsumerLogoutDto"];
2494
+ };
2495
+ };
2496
+ responses: {
2497
+ 204: {
2498
+ headers: {
2499
+ [name: string]: unknown;
2500
+ };
2501
+ content?: never;
2502
+ };
2503
+ };
2504
+ };
2505
+ ConsumerAuthController_refresh: {
2506
+ parameters: {
2507
+ query?: never;
2508
+ header?: never;
2509
+ path: {
2510
+ appSlug: string;
2511
+ };
2512
+ cookie?: never;
2513
+ };
2514
+ requestBody: {
2515
+ content: {
2516
+ "application/json": components["schemas"]["ConsumerRefreshDto"];
2517
+ };
2518
+ };
2519
+ responses: {
2520
+ 200: {
2521
+ headers: {
2522
+ [name: string]: unknown;
2523
+ };
2524
+ content: {
2525
+ "application/json": components["schemas"]["ConsumerTokenResponseDto"];
2526
+ };
2527
+ };
2528
+ };
2529
+ };
2530
+ ConsumerAuthController_requestReset: {
2531
+ parameters: {
2532
+ query?: never;
2533
+ header?: never;
2534
+ path: {
2535
+ appSlug: string;
2536
+ };
2537
+ cookie?: never;
2538
+ };
2539
+ requestBody: {
2540
+ content: {
2541
+ "application/json": components["schemas"]["ConsumerRequestResetDto"];
2542
+ };
2543
+ };
2544
+ responses: {
2545
+ 201: {
2546
+ headers: {
2547
+ [name: string]: unknown;
2548
+ };
2549
+ content?: never;
2550
+ };
2551
+ };
2552
+ };
2553
+ ConsumerAuthController_resetPassword: {
2554
+ parameters: {
2555
+ query?: never;
2556
+ header?: never;
2557
+ path: {
2558
+ appSlug: string;
2559
+ };
2560
+ cookie?: never;
2561
+ };
2562
+ requestBody: {
2563
+ content: {
2564
+ "application/json": components["schemas"]["ConsumerResetPasswordDto"];
2565
+ };
2566
+ };
2567
+ responses: {
2568
+ 204: {
2569
+ headers: {
2570
+ [name: string]: unknown;
2571
+ };
2572
+ content?: never;
2573
+ };
2574
+ };
2575
+ };
2576
+ ConsumerAuthController_signin: {
2577
+ parameters: {
2578
+ query?: never;
2579
+ header?: never;
2580
+ path: {
2581
+ appSlug: string;
2582
+ };
2583
+ cookie?: never;
2584
+ };
2585
+ requestBody: {
2586
+ content: {
2587
+ "application/json": components["schemas"]["ConsumerSigninDto"];
2588
+ };
2589
+ };
2590
+ responses: {
2591
+ 200: {
2592
+ headers: {
2593
+ [name: string]: unknown;
2594
+ };
2595
+ content: {
2596
+ "application/json": components["schemas"]["ConsumerTokenResponseDto"];
2597
+ };
2598
+ };
2599
+ };
2600
+ };
2601
+ ConsumerAuthController_signup: {
2602
+ parameters: {
2603
+ query?: never;
2604
+ header: {
2605
+ authorization: string;
2606
+ };
2607
+ path: {
2608
+ appSlug: string;
2609
+ };
2610
+ cookie?: never;
2611
+ };
2612
+ requestBody: {
2613
+ content: {
2614
+ "application/json": components["schemas"]["ConsumerSignupDto"];
2615
+ };
2616
+ };
2617
+ responses: {
2618
+ 200: {
2619
+ headers: {
2620
+ [name: string]: unknown;
2621
+ };
2622
+ content: {
2623
+ "application/json": components["schemas"]["ConsumerTokenResponseDto"];
2624
+ };
2625
+ };
2626
+ };
2627
+ };
2628
+ ConsumerVerifyController_authorize: {
2629
+ parameters: {
2630
+ query?: never;
2631
+ header?: never;
2632
+ path: {
2633
+ appSlug: string;
2634
+ };
2635
+ cookie?: never;
2636
+ };
2637
+ requestBody: {
2638
+ content: {
2639
+ "application/json": components["schemas"]["AuthorizeBody"];
2640
+ };
2641
+ };
2642
+ responses: {
2643
+ 200: {
2644
+ headers: {
2645
+ [name: string]: unknown;
2646
+ };
2647
+ content?: never;
2648
+ };
2649
+ };
2650
+ };
2651
+ ConsumerVerifyController_authorizeBatch: {
2652
+ parameters: {
2653
+ query?: never;
2654
+ header?: never;
2655
+ path: {
2656
+ appSlug: string;
2657
+ };
2658
+ cookie?: never;
2659
+ };
2660
+ requestBody: {
2661
+ content: {
2662
+ "application/json": components["schemas"]["AuthorizeBatchBody"];
2663
+ };
2664
+ };
2665
+ responses: {
2666
+ 200: {
2667
+ headers: {
2668
+ [name: string]: unknown;
2669
+ };
2670
+ content?: never;
2671
+ };
2672
+ };
2673
+ };
2674
+ ConsumerMeController_getProfile: {
2675
+ parameters: {
2676
+ query?: never;
2677
+ header?: never;
2678
+ path?: never;
2679
+ cookie?: never;
2680
+ };
2681
+ requestBody?: never;
2682
+ responses: {
2683
+ 200: {
2684
+ headers: {
2685
+ [name: string]: unknown;
2686
+ };
2687
+ content?: never;
2688
+ };
2689
+ };
2690
+ };
2691
+ ConsumerMeController_deleteAccount: {
2692
+ parameters: {
2693
+ query?: never;
2694
+ header?: never;
2695
+ path?: never;
2696
+ cookie?: never;
2697
+ };
2698
+ requestBody?: never;
2699
+ responses: {
2700
+ 204: {
2701
+ headers: {
2702
+ [name: string]: unknown;
2703
+ };
2704
+ content?: never;
2705
+ };
2706
+ };
2707
+ };
2708
+ ConsumerMeController_updateProfile: {
2709
+ parameters: {
2710
+ query?: never;
2711
+ header?: never;
2712
+ path?: never;
2713
+ cookie?: never;
2714
+ };
2715
+ requestBody: {
2716
+ content: {
2717
+ "application/json": components["schemas"]["UpdateMeDto"];
2718
+ };
2719
+ };
2720
+ responses: {
2721
+ 200: {
2722
+ headers: {
2723
+ [name: string]: unknown;
2724
+ };
2725
+ content?: never;
2726
+ };
2727
+ };
2728
+ };
2729
+ ConsumerMeController_getActivity: {
2730
+ parameters: {
2731
+ query?: never;
2732
+ header?: never;
2733
+ path?: never;
2734
+ cookie?: never;
2735
+ };
2736
+ requestBody?: never;
2737
+ responses: {
2738
+ 200: {
2739
+ headers: {
2740
+ [name: string]: unknown;
2741
+ };
2742
+ content?: never;
2743
+ };
2744
+ };
2745
+ };
2746
+ ConsumerMeController_listSessions: {
2747
+ parameters: {
2748
+ query?: never;
2749
+ header?: never;
2750
+ path?: never;
2751
+ cookie?: never;
2752
+ };
2753
+ requestBody?: never;
2754
+ responses: {
2755
+ 200: {
2756
+ headers: {
2757
+ [name: string]: unknown;
2758
+ };
2759
+ content?: never;
2760
+ };
2761
+ };
2762
+ };
2763
+ ConsumerMeController_revokeSession: {
2764
+ parameters: {
2765
+ query?: never;
2766
+ header?: never;
2767
+ path: {
2768
+ id: string;
2769
+ };
2770
+ cookie?: never;
2771
+ };
2772
+ requestBody?: never;
2773
+ responses: {
2774
+ 204: {
2775
+ headers: {
2776
+ [name: string]: unknown;
2777
+ };
2778
+ content?: never;
2779
+ };
2780
+ };
2781
+ };
2782
+ ConsumerOAuthController_clientCredentials: {
2783
+ parameters: {
2784
+ query?: never;
2785
+ header?: never;
2786
+ path: {
2787
+ appSlug: string;
2788
+ };
2789
+ cookie?: never;
2790
+ };
2791
+ requestBody: {
2792
+ content: {
2793
+ "application/json": components["schemas"]["ClientCredentialsDto"];
2794
+ };
2795
+ };
2796
+ responses: {
2797
+ 200: {
2798
+ headers: {
2799
+ [name: string]: unknown;
2800
+ };
2801
+ content?: never;
2802
+ };
2803
+ };
2804
+ };
2805
+ ConsumerVerifyController_verify: {
2806
+ parameters: {
2807
+ query?: never;
2808
+ header?: never;
2809
+ path: {
2810
+ appSlug: string;
2811
+ };
2812
+ cookie?: never;
2813
+ };
2814
+ requestBody: {
2815
+ content: {
2816
+ "application/json": components["schemas"]["VerifyBody"];
2817
+ };
2818
+ };
2819
+ responses: {
2820
+ 200: {
2821
+ headers: {
2822
+ [name: string]: unknown;
2823
+ };
2824
+ content?: never;
2825
+ };
2826
+ };
2827
+ };
2828
+ }
2829
+
2830
+ /**
2831
+ * Heimdall — typed `openapi-fetch` client for every endpoint in
2832
+ * `Specs/heimdall.json`. Reach for `client.GET("/v1/...")` or
2833
+ * `client.POST(...)`; request / response types come from the
2834
+ * generated `paths` interface.
2835
+ */
2836
+ declare class Heimdall {
2837
+ /** The underlying typed client. v0 surface — every endpoint reachable. */
2838
+ readonly client: ReturnType<typeof makeClient<paths>>;
2839
+ constructor(config?: PCClientConfig);
2840
+ }
2841
+
2842
+ export { Heimdall, type paths };