@productcraft/heimdall 0.0.2 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/README.md +281 -0
  2. package/dist/index.cjs +1983 -2
  3. package/dist/index.cjs.map +1 -1
  4. package/dist/index.d.cts +2339 -2827
  5. package/dist/index.d.ts +2339 -2827
  6. package/dist/index.js +1972 -4
  7. package/dist/index.js.map +1 -1
  8. package/package.json +5 -4
package/dist/index.js CHANGED
@@ -1,14 +1,1982 @@
1
- import { makeClient, PC_BASE_URL } from '@productcraft/core';
1
+ import { PC_BASE_URL } from '@productcraft/core';
2
+ import { createRemoteJWKSet, errors, jwtVerify, customFetch } from 'jose';
3
+
4
+ // src/index.ts
5
+
6
+ // src/_http.ts
7
+ var HeimdallHttpError = class extends Error {
8
+ status;
9
+ statusText;
10
+ data;
11
+ constructor(response) {
12
+ super(
13
+ `Heimdall request failed: ${response.status} ${response.statusText}`
14
+ );
15
+ this.name = "HeimdallHttpError";
16
+ this.status = response.status;
17
+ this.statusText = response.statusText;
18
+ this.data = response.data;
19
+ }
20
+ };
21
+ function applyAuthHeader(headers, auth) {
22
+ if (!auth) return;
23
+ switch (auth.type) {
24
+ case "apiKey":
25
+ headers.set("Authorization", `Bearer ${auth.key}`);
26
+ break;
27
+ case "bearer":
28
+ headers.set("Authorization", `Bearer ${auth.token}`);
29
+ break;
30
+ case "cookie":
31
+ headers.set("Cookie", `auth_token=${auth.value}`);
32
+ break;
33
+ }
34
+ }
35
+ function buildUrl(baseUrl, path, params) {
36
+ const url = new URL(path, baseUrl);
37
+ if (params && typeof params === "object") {
38
+ for (const [k, v] of Object.entries(params)) {
39
+ if (v === void 0 || v === null) continue;
40
+ if (Array.isArray(v)) {
41
+ for (const item of v) url.searchParams.append(k, String(item));
42
+ } else {
43
+ url.searchParams.set(k, String(v));
44
+ }
45
+ }
46
+ }
47
+ return url;
48
+ }
49
+ function makeHeimdallHttpClient(options) {
50
+ const fetchImpl = options.fetch ?? globalThis.fetch;
51
+ if (!fetchImpl) {
52
+ throw new Error(
53
+ "@productcraft/heimdall: no `fetch` available \u2014 pass `fetch` in the config or run on Node 18+"
54
+ );
55
+ }
56
+ return async function client2(req) {
57
+ const url = buildUrl(req.baseURL ?? options.baseUrl, req.url ?? "", req.params);
58
+ const headers = new Headers(req.headers);
59
+ applyAuthHeader(headers, options.auth);
60
+ const hasBody = req.data !== void 0 && req.method !== "GET" && req.method !== "HEAD";
61
+ const isFormData = typeof FormData !== "undefined" && req.data instanceof FormData;
62
+ if (hasBody && !isFormData && !headers.has("Content-Type")) {
63
+ headers.set("Content-Type", "application/json");
64
+ }
65
+ const body = hasBody ? isFormData ? req.data : JSON.stringify(req.data) : void 0;
66
+ const res = await fetchImpl(url, {
67
+ method: req.method,
68
+ headers,
69
+ body,
70
+ credentials: req.credentials,
71
+ signal: req.signal
72
+ });
73
+ let data = void 0;
74
+ const ctype = res.headers.get("content-type") ?? "";
75
+ if (req.responseType === "text") {
76
+ data = await res.text();
77
+ } else if (req.responseType === "blob") {
78
+ data = await res.blob();
79
+ } else if (req.responseType === "arraybuffer") {
80
+ data = await res.arrayBuffer();
81
+ } else if (ctype.includes("application/json") || ctype.includes("application/problem+json")) {
82
+ data = await res.json().catch(() => void 0);
83
+ } else if (res.status !== 204) {
84
+ const text = await res.text().catch(() => "");
85
+ data = text || void 0;
86
+ }
87
+ const response = {
88
+ data,
89
+ status: res.status,
90
+ statusText: res.statusText,
91
+ headers: res.headers
92
+ };
93
+ if (!res.ok) throw new HeimdallHttpError(response);
94
+ return response;
95
+ };
96
+ }
97
+
98
+ // ../../node_modules/.pnpm/@kubb+plugin-client@4.37.8_@kubb+fabric-core@0.14.0_@kubb+react-fabric@0.14.0/node_modules/@kubb/plugin-client/dist/clients/fetch.js
99
+ var _config = {};
100
+ var getConfig = () => _config;
101
+ var setConfig = (config) => {
102
+ _config = config;
103
+ return getConfig();
104
+ };
105
+ var mergeConfig = (...configs) => {
106
+ return configs.reduce((merged, config) => {
107
+ return {
108
+ ...merged,
109
+ ...config,
110
+ headers: {
111
+ ...Array.isArray(merged.headers) ? Object.fromEntries(merged.headers) : merged.headers,
112
+ ...Array.isArray(config.headers) ? Object.fromEntries(config.headers) : config.headers
113
+ }
114
+ };
115
+ }, {});
116
+ };
117
+ var client = async (paramsConfig) => {
118
+ const normalizedParams = new URLSearchParams();
119
+ const config = mergeConfig(getConfig(), paramsConfig);
120
+ Object.entries(config.params || {}).forEach(([key, value]) => {
121
+ if (value !== void 0) normalizedParams.append(key, value === null ? "null" : value.toString());
122
+ });
123
+ let targetUrl = [config.baseURL, config.url].filter(Boolean).join("");
124
+ if (config.params) targetUrl += `?${normalizedParams}`;
125
+ const response = await fetch(targetUrl, {
126
+ credentials: config.credentials || "same-origin",
127
+ method: config.method?.toUpperCase(),
128
+ body: config.data instanceof FormData ? config.data : JSON.stringify(config.data),
129
+ signal: config.signal,
130
+ headers: config.headers
131
+ });
132
+ return {
133
+ data: [
134
+ 204,
135
+ 205,
136
+ 304
137
+ ].includes(response.status) || !response.body ? {} : await response.json(),
138
+ status: response.status,
139
+ statusText: response.statusText,
140
+ headers: response.headers
141
+ };
142
+ };
143
+ client.getConfig = getConfig;
144
+ client.setConfig = setConfig;
145
+
146
+ // src/_generated/clients/apps/appControllerGetApp.ts
147
+ function getAppControllerGetAppUrl({
148
+ appId
149
+ }) {
150
+ const app_id = appId;
151
+ const res = { method: "GET", url: `/v1/apps/${app_id}` };
152
+ return res;
153
+ }
154
+ async function appControllerGetApp({ appId }, config = {}) {
155
+ const { client: request = client, ...requestConfig } = config;
156
+ const res = await request({
157
+ method: "GET",
158
+ url: getAppControllerGetAppUrl({ appId }).url.toString(),
159
+ ...requestConfig
160
+ });
161
+ return res.data;
162
+ }
163
+
164
+ // src/_generated/clients/apps/appControllerUpdateApp.ts
165
+ function getAppControllerUpdateAppUrl({
166
+ appId
167
+ }) {
168
+ const app_id = appId;
169
+ const res = { method: "PATCH", url: `/v1/apps/${app_id}` };
170
+ return res;
171
+ }
172
+ async function appControllerUpdateApp({
173
+ appId,
174
+ data
175
+ }, config = {}) {
176
+ const { client: request = client, ...requestConfig } = config;
177
+ const requestData = data;
178
+ const res = await request({
179
+ method: "PATCH",
180
+ url: getAppControllerUpdateAppUrl({ appId }).url.toString(),
181
+ data: requestData,
182
+ ...requestConfig
183
+ });
184
+ return res.data;
185
+ }
186
+
187
+ // src/_generated/clients/apps/appControllerDeleteApp.ts
188
+ function getAppControllerDeleteAppUrl({
189
+ appId
190
+ }) {
191
+ const app_id = appId;
192
+ const res = { method: "DELETE", url: `/v1/apps/${app_id}` };
193
+ return res;
194
+ }
195
+ async function appControllerDeleteApp({ appId }, config = {}) {
196
+ const { client: request = client, ...requestConfig } = config;
197
+ const res = await request({
198
+ method: "DELETE",
199
+ url: getAppControllerDeleteAppUrl({ appId }).url.toString(),
200
+ ...requestConfig
201
+ });
202
+ return res.data;
203
+ }
204
+
205
+ // src/_generated/clients/apps/appControllerUpdateAppStatus.ts
206
+ function getAppControllerUpdateAppStatusUrl({
207
+ appId
208
+ }) {
209
+ const app_id = appId;
210
+ const res = { method: "PATCH", url: `/v1/apps/${app_id}/status` };
211
+ return res;
212
+ }
213
+ async function appControllerUpdateAppStatus({
214
+ appId,
215
+ data
216
+ }, config = {}) {
217
+ const { client: request = client, ...requestConfig } = config;
218
+ const requestData = data;
219
+ const res = await request({
220
+ method: "PATCH",
221
+ url: getAppControllerUpdateAppStatusUrl({ appId }).url.toString(),
222
+ data: requestData,
223
+ ...requestConfig
224
+ });
225
+ return res.data;
226
+ }
227
+
228
+ // src/_generated/clients/apps/authConfigControllerGetConfig.ts
229
+ function getAuthConfigControllerGetConfigUrl({
230
+ appId
231
+ }) {
232
+ const app_id = appId;
233
+ const res = { method: "GET", url: `/v1/apps/${app_id}/auth-config` };
234
+ return res;
235
+ }
236
+ async function authConfigControllerGetConfig({ appId }, config = {}) {
237
+ const { client: request = client, ...requestConfig } = config;
238
+ const res = await request({
239
+ method: "GET",
240
+ url: getAuthConfigControllerGetConfigUrl({ appId }).url.toString(),
241
+ ...requestConfig
242
+ });
243
+ return res.data;
244
+ }
245
+
246
+ // src/_generated/clients/apps/authConfigControllerUpdateConfig.ts
247
+ function getAuthConfigControllerUpdateConfigUrl({
248
+ appId
249
+ }) {
250
+ const app_id = appId;
251
+ const res = {
252
+ method: "PATCH",
253
+ url: `/v1/apps/${app_id}/auth-config`
254
+ };
255
+ return res;
256
+ }
257
+ async function authConfigControllerUpdateConfig({
258
+ appId,
259
+ data
260
+ }, config = {}) {
261
+ const { client: request = client, ...requestConfig } = config;
262
+ const requestData = data;
263
+ const res = await request({
264
+ method: "PATCH",
265
+ url: getAuthConfigControllerUpdateConfigUrl({ appId }).url.toString(),
266
+ data: requestData,
267
+ ...requestConfig
268
+ });
269
+ return res.data;
270
+ }
271
+
272
+ // src/_generated/clients/apps/appControllerListInvites.ts
273
+ function getAppControllerListInvitesUrl({
274
+ appId
275
+ }) {
276
+ const app_id = appId;
277
+ const res = { method: "GET", url: `/v1/apps/${app_id}/invites` };
278
+ return res;
279
+ }
280
+ async function appControllerListInvites({
281
+ appId,
282
+ params
283
+ }, config = {}) {
284
+ const { client: request = client, ...requestConfig } = config;
285
+ const res = await request({
286
+ method: "GET",
287
+ url: getAppControllerListInvitesUrl({ appId }).url.toString(),
288
+ params,
289
+ ...requestConfig
290
+ });
291
+ return res.data;
292
+ }
293
+
294
+ // src/_generated/clients/apps/appControllerCreateInvite.ts
295
+ function getAppControllerCreateInviteUrl({
296
+ appId
297
+ }) {
298
+ const app_id = appId;
299
+ const res = { method: "POST", url: `/v1/apps/${app_id}/invites` };
300
+ return res;
301
+ }
302
+ async function appControllerCreateInvite({
303
+ appId,
304
+ data
305
+ }, config = {}) {
306
+ const { client: request = client, ...requestConfig } = config;
307
+ const requestData = data;
308
+ const res = await request({
309
+ method: "POST",
310
+ url: getAppControllerCreateInviteUrl({ appId }).url.toString(),
311
+ data: requestData,
312
+ ...requestConfig
313
+ });
314
+ return res.data;
315
+ }
316
+
317
+ // src/_generated/clients/apps/appControllerRevokeInvite.ts
318
+ function getAppControllerRevokeInviteUrl({
319
+ appId,
320
+ inviteId
321
+ }) {
322
+ const app_id = appId;
323
+ const invite_id = inviteId;
324
+ const res = {
325
+ method: "DELETE",
326
+ url: `/v1/apps/${app_id}/invites/${invite_id}`
327
+ };
328
+ return res;
329
+ }
330
+ async function appControllerRevokeInvite({
331
+ appId,
332
+ inviteId
333
+ }, config = {}) {
334
+ const { client: request = client, ...requestConfig } = config;
335
+ const res = await request({
336
+ method: "DELETE",
337
+ url: getAppControllerRevokeInviteUrl({ appId, inviteId }).url.toString(),
338
+ ...requestConfig
339
+ });
340
+ return res.data;
341
+ }
342
+
343
+ // src/_generated/clients/apps/appControllerListMembers.ts
344
+ function getAppControllerListMembersUrl({
345
+ appId
346
+ }) {
347
+ const app_id = appId;
348
+ const res = { method: "GET", url: `/v1/apps/${app_id}/members` };
349
+ return res;
350
+ }
351
+ async function appControllerListMembers({
352
+ appId,
353
+ params
354
+ }, config = {}) {
355
+ const { client: request = client, ...requestConfig } = config;
356
+ const res = await request({
357
+ method: "GET",
358
+ url: getAppControllerListMembersUrl({ appId }).url.toString(),
359
+ params,
360
+ ...requestConfig
361
+ });
362
+ return res.data;
363
+ }
364
+
365
+ // src/_generated/clients/apps/appControllerRemoveMember.ts
366
+ function getAppControllerRemoveMemberUrl({
367
+ appId,
368
+ accountId
369
+ }) {
370
+ const app_id = appId;
371
+ const account_id = accountId;
372
+ const res = {
373
+ method: "DELETE",
374
+ url: `/v1/apps/${app_id}/members/${account_id}`
375
+ };
376
+ return res;
377
+ }
378
+ async function appControllerRemoveMember({
379
+ appId,
380
+ accountId
381
+ }, config = {}) {
382
+ const { client: request = client, ...requestConfig } = config;
383
+ const res = await request({
384
+ method: "DELETE",
385
+ url: getAppControllerRemoveMemberUrl({ appId, accountId }).url.toString(),
386
+ ...requestConfig
387
+ });
388
+ return res.data;
389
+ }
390
+
391
+ // src/_generated/clients/endUsers/endUserControllerListEndUsers.ts
392
+ function getEndUserControllerListEndUsersUrl({
393
+ appId
394
+ }) {
395
+ const app_id = appId;
396
+ const res = { method: "GET", url: `/v1/apps/${app_id}/end-users` };
397
+ return res;
398
+ }
399
+ async function endUserControllerListEndUsers({
400
+ appId,
401
+ params
402
+ }, config = {}) {
403
+ const { client: request = client, ...requestConfig } = config;
404
+ const res = await request({
405
+ method: "GET",
406
+ url: getEndUserControllerListEndUsersUrl({ appId }).url.toString(),
407
+ params,
408
+ ...requestConfig
409
+ });
410
+ return res.data;
411
+ }
412
+
413
+ // src/_generated/clients/endUsers/endUserControllerGetEndUser.ts
414
+ function getEndUserControllerGetEndUserUrl({
415
+ appId,
416
+ userId
417
+ }) {
418
+ const app_id = appId;
419
+ const user_id = userId;
420
+ const res = {
421
+ method: "GET",
422
+ url: `/v1/apps/${app_id}/end-users/${user_id}`
423
+ };
424
+ return res;
425
+ }
426
+ async function endUserControllerGetEndUser({
427
+ appId,
428
+ userId
429
+ }, config = {}) {
430
+ const { client: request = client, ...requestConfig } = config;
431
+ const res = await request({
432
+ method: "GET",
433
+ url: getEndUserControllerGetEndUserUrl({ appId, userId }).url.toString(),
434
+ ...requestConfig
435
+ });
436
+ return res.data;
437
+ }
438
+
439
+ // src/_generated/clients/endUsers/endUserControllerUpdateEndUser.ts
440
+ function getEndUserControllerUpdateEndUserUrl({
441
+ appId,
442
+ userId
443
+ }) {
444
+ const app_id = appId;
445
+ const user_id = userId;
446
+ const res = {
447
+ method: "PATCH",
448
+ url: `/v1/apps/${app_id}/end-users/${user_id}`
449
+ };
450
+ return res;
451
+ }
452
+ async function endUserControllerUpdateEndUser({
453
+ appId,
454
+ userId,
455
+ data
456
+ }, config = {}) {
457
+ const { client: request = client, ...requestConfig } = config;
458
+ const requestData = data;
459
+ const res = await request({
460
+ method: "PATCH",
461
+ url: getEndUserControllerUpdateEndUserUrl({ appId, userId }).url.toString(),
462
+ data: requestData,
463
+ ...requestConfig
464
+ });
465
+ return res.data;
466
+ }
467
+
468
+ // src/_generated/clients/endUsers/endUserControllerDeleteEndUser.ts
469
+ function getEndUserControllerDeleteEndUserUrl({
470
+ appId,
471
+ userId
472
+ }) {
473
+ const app_id = appId;
474
+ const user_id = userId;
475
+ const res = {
476
+ method: "DELETE",
477
+ url: `/v1/apps/${app_id}/end-users/${user_id}`
478
+ };
479
+ return res;
480
+ }
481
+ async function endUserControllerDeleteEndUser({
482
+ appId,
483
+ userId
484
+ }, config = {}) {
485
+ const { client: request = client, ...requestConfig } = config;
486
+ const res = await request({
487
+ method: "DELETE",
488
+ url: getEndUserControllerDeleteEndUserUrl({ appId, userId }).url.toString(),
489
+ ...requestConfig
490
+ });
491
+ return res.data;
492
+ }
493
+
494
+ // src/_generated/clients/endUsers/endUserControllerUpdateRole.ts
495
+ function getEndUserControllerUpdateRoleUrl({
496
+ appId,
497
+ userId
498
+ }) {
499
+ const app_id = appId;
500
+ const user_id = userId;
501
+ const res = {
502
+ method: "PATCH",
503
+ url: `/v1/apps/${app_id}/end-users/${user_id}/role`
504
+ };
505
+ return res;
506
+ }
507
+ async function endUserControllerUpdateRole({
508
+ appId,
509
+ userId,
510
+ data
511
+ }, config = {}) {
512
+ const { client: request = client, ...requestConfig } = config;
513
+ const requestData = data;
514
+ const res = await request({
515
+ method: "PATCH",
516
+ url: getEndUserControllerUpdateRoleUrl({ appId, userId }).url.toString(),
517
+ data: requestData,
518
+ ...requestConfig
519
+ });
520
+ return res.data;
521
+ }
522
+
523
+ // src/_generated/clients/endUsers/endUserControllerUpdateStatus.ts
524
+ function getEndUserControllerUpdateStatusUrl({
525
+ appId,
526
+ userId
527
+ }) {
528
+ const app_id = appId;
529
+ const user_id = userId;
530
+ const res = {
531
+ method: "PATCH",
532
+ url: `/v1/apps/${app_id}/end-users/${user_id}/status`
533
+ };
534
+ return res;
535
+ }
536
+ async function endUserControllerUpdateStatus({
537
+ appId,
538
+ userId,
539
+ data
540
+ }, config = {}) {
541
+ const { client: request = client, ...requestConfig } = config;
542
+ const requestData = data;
543
+ const res = await request({
544
+ method: "PATCH",
545
+ url: getEndUserControllerUpdateStatusUrl({ appId, userId }).url.toString(),
546
+ data: requestData,
547
+ ...requestConfig
548
+ });
549
+ return res.data;
550
+ }
551
+
552
+ // src/_generated/clients/roles/roleControllerListRoles.ts
553
+ function getRoleControllerListRolesUrl({
554
+ appId
555
+ }) {
556
+ const app_id = appId;
557
+ const res = { method: "GET", url: `/v1/apps/${app_id}/roles` };
558
+ return res;
559
+ }
560
+ async function roleControllerListRoles({
561
+ appId,
562
+ params
563
+ }, config = {}) {
564
+ const { client: request = client, ...requestConfig } = config;
565
+ const res = await request({
566
+ method: "GET",
567
+ url: getRoleControllerListRolesUrl({ appId }).url.toString(),
568
+ params,
569
+ ...requestConfig
570
+ });
571
+ return res.data;
572
+ }
573
+
574
+ // src/_generated/clients/roles/roleControllerCreateRole.ts
575
+ function getRoleControllerCreateRoleUrl({
576
+ appId
577
+ }) {
578
+ const app_id = appId;
579
+ const res = { method: "POST", url: `/v1/apps/${app_id}/roles` };
580
+ return res;
581
+ }
582
+ async function roleControllerCreateRole({
583
+ appId,
584
+ data
585
+ }, config = {}) {
586
+ const { client: request = client, ...requestConfig } = config;
587
+ const requestData = data;
588
+ const res = await request({
589
+ method: "POST",
590
+ url: getRoleControllerCreateRoleUrl({ appId }).url.toString(),
591
+ data: requestData,
592
+ ...requestConfig
593
+ });
594
+ return res.data;
595
+ }
596
+
597
+ // src/_generated/clients/roles/roleControllerAssignRole.ts
598
+ function getRoleControllerAssignRoleUrl({
599
+ appId
600
+ }) {
601
+ const app_id = appId;
602
+ const res = {
603
+ method: "POST",
604
+ url: `/v1/apps/${app_id}/roles/assign`
605
+ };
606
+ return res;
607
+ }
608
+ async function roleControllerAssignRole({
609
+ appId,
610
+ data
611
+ }, config = {}) {
612
+ const { client: request = client, ...requestConfig } = config;
613
+ const requestData = data;
614
+ const res = await request({
615
+ method: "POST",
616
+ url: getRoleControllerAssignRoleUrl({ appId }).url.toString(),
617
+ data: requestData,
618
+ ...requestConfig
619
+ });
620
+ return res.data;
621
+ }
622
+
623
+ // src/_generated/clients/roles/roleControllerSetPermissions.ts
624
+ function getRoleControllerSetPermissionsUrl({
625
+ appId,
626
+ roleName
627
+ }) {
628
+ const app_id = appId;
629
+ const role_name = roleName;
630
+ const res = {
631
+ method: "PUT",
632
+ url: `/v1/apps/${app_id}/roles/${role_name}/permissions`
633
+ };
634
+ return res;
635
+ }
636
+ async function roleControllerSetPermissions({
637
+ appId,
638
+ roleName,
639
+ data
640
+ }, config = {}) {
641
+ const { client: request = client, ...requestConfig } = config;
642
+ const requestData = data;
643
+ const res = await request({
644
+ method: "PUT",
645
+ url: getRoleControllerSetPermissionsUrl({ appId, roleName }).url.toString(),
646
+ data: requestData,
647
+ ...requestConfig
648
+ });
649
+ return res.data;
650
+ }
651
+
652
+ // src/_generated/clients/roles/roleControllerListPermissions.ts
653
+ function getRoleControllerListPermissionsUrl({
654
+ appId
655
+ }) {
656
+ const app_id = appId;
657
+ const res = {
658
+ method: "GET",
659
+ url: `/v1/apps/${app_id}/roles/permissions`
660
+ };
661
+ return res;
662
+ }
663
+ async function roleControllerListPermissions({ appId }, config = {}) {
664
+ const { client: request = client, ...requestConfig } = config;
665
+ const res = await request({
666
+ method: "GET",
667
+ url: getRoleControllerListPermissionsUrl({ appId }).url.toString(),
668
+ ...requestConfig
669
+ });
670
+ return res.data;
671
+ }
672
+
673
+ // src/_generated/clients/permissions/permissionControllerListPermissions.ts
674
+ function getPermissionControllerListPermissionsUrl({
675
+ appId
676
+ }) {
677
+ const app_id = appId;
678
+ const res = { method: "GET", url: `/v1/apps/${app_id}/permissions` };
679
+ return res;
680
+ }
681
+ async function permissionControllerListPermissions({ appId }, config = {}) {
682
+ const { client: request = client, ...requestConfig } = config;
683
+ const res = await request({
684
+ method: "GET",
685
+ url: getPermissionControllerListPermissionsUrl({ appId }).url.toString(),
686
+ ...requestConfig
687
+ });
688
+ return res.data;
689
+ }
690
+
691
+ // src/_generated/clients/permissions/permissionControllerCreatePermission.ts
692
+ function getPermissionControllerCreatePermissionUrl({
693
+ appId
694
+ }) {
695
+ const app_id = appId;
696
+ const res = {
697
+ method: "POST",
698
+ url: `/v1/apps/${app_id}/permissions`
699
+ };
700
+ return res;
701
+ }
702
+ async function permissionControllerCreatePermission({
703
+ appId,
704
+ data
705
+ }, config = {}) {
706
+ const { client: request = client, ...requestConfig } = config;
707
+ const requestData = data;
708
+ const res = await request({
709
+ method: "POST",
710
+ url: getPermissionControllerCreatePermissionUrl({ appId }).url.toString(),
711
+ data: requestData,
712
+ ...requestConfig
713
+ });
714
+ return res.data;
715
+ }
716
+
717
+ // src/_generated/clients/permissions/permissionControllerDeletePermission.ts
718
+ function getPermissionControllerDeletePermissionUrl({
719
+ appId,
720
+ permissionKey
721
+ }) {
722
+ const app_id = appId;
723
+ const permission_key = permissionKey;
724
+ const res = {
725
+ method: "DELETE",
726
+ url: `/v1/apps/${app_id}/permissions/${permission_key}`
727
+ };
728
+ return res;
729
+ }
730
+ async function permissionControllerDeletePermission({
731
+ appId,
732
+ permissionKey
733
+ }, config = {}) {
734
+ const { client: request = client, ...requestConfig } = config;
735
+ const res = await request({
736
+ method: "DELETE",
737
+ url: getPermissionControllerDeletePermissionUrl({
738
+ appId,
739
+ permissionKey
740
+ }).url.toString(),
741
+ ...requestConfig
742
+ });
743
+ return res.data;
744
+ }
745
+
746
+ // src/_generated/clients/apiKeys/apiKeyControllerListApiKeys.ts
747
+ function getApiKeyControllerListApiKeysUrl({
748
+ appId
749
+ }) {
750
+ const app_id = appId;
751
+ const res = { method: "GET", url: `/v1/apps/${app_id}/api-keys` };
752
+ return res;
753
+ }
754
+ async function apiKeyControllerListApiKeys({ appId }, config = {}) {
755
+ const { client: request = client, ...requestConfig } = config;
756
+ const res = await request({
757
+ method: "GET",
758
+ url: getApiKeyControllerListApiKeysUrl({ appId }).url.toString(),
759
+ ...requestConfig
760
+ });
761
+ return res.data;
762
+ }
763
+
764
+ // src/_generated/clients/apiKeys/apiKeyControllerCreateApiKey.ts
765
+ function getApiKeyControllerCreateApiKeyUrl({
766
+ appId
767
+ }) {
768
+ const app_id = appId;
769
+ const res = { method: "POST", url: `/v1/apps/${app_id}/api-keys` };
770
+ return res;
771
+ }
772
+ async function apiKeyControllerCreateApiKey({
773
+ appId,
774
+ data,
775
+ headers
776
+ }, config = {}) {
777
+ const { client: request = client, ...requestConfig } = config;
778
+ const mappedHeaders = headers ? { "Idempotency-Key": headers.idempotencyKey } : void 0;
779
+ const requestData = data;
780
+ const res = await request({
781
+ method: "POST",
782
+ url: getApiKeyControllerCreateApiKeyUrl({ appId }).url.toString(),
783
+ data: requestData,
784
+ ...requestConfig,
785
+ headers: { ...mappedHeaders, ...requestConfig.headers }
786
+ });
787
+ return res.data;
788
+ }
789
+
790
+ // src/_generated/clients/apiKeys/apiKeyControllerDeleteApiKey.ts
791
+ function getApiKeyControllerDeleteApiKeyUrl({
792
+ appId,
793
+ keyId
794
+ }) {
795
+ const app_id = appId;
796
+ const key_id = keyId;
797
+ const res = {
798
+ method: "DELETE",
799
+ url: `/v1/apps/${app_id}/api-keys/${key_id}`
800
+ };
801
+ return res;
802
+ }
803
+ async function apiKeyControllerDeleteApiKey({
804
+ appId,
805
+ keyId
806
+ }, config = {}) {
807
+ const { client: request = client, ...requestConfig } = config;
808
+ const res = await request({
809
+ method: "DELETE",
810
+ url: getApiKeyControllerDeleteApiKeyUrl({ appId, keyId }).url.toString(),
811
+ ...requestConfig
812
+ });
813
+ return res.data;
814
+ }
815
+
816
+ // src/_generated/clients/credentials/M2MControllerListClients.ts
817
+ function getM2MControllerListClientsUrl({
818
+ appId
819
+ }) {
820
+ const app_id = appId;
821
+ const res = { method: "GET", url: `/v1/apps/${app_id}/credentials` };
822
+ return res;
823
+ }
824
+ async function M2MControllerListClients({
825
+ appId,
826
+ params
827
+ }, config = {}) {
828
+ const { client: request = client, ...requestConfig } = config;
829
+ const res = await request({
830
+ method: "GET",
831
+ url: getM2MControllerListClientsUrl({ appId }).url.toString(),
832
+ params,
833
+ ...requestConfig
834
+ });
835
+ return res.data;
836
+ }
837
+
838
+ // src/_generated/clients/credentials/M2MControllerCreateClient.ts
839
+ function getM2MControllerCreateClientUrl({
840
+ appId
841
+ }) {
842
+ const app_id = appId;
843
+ const res = {
844
+ method: "POST",
845
+ url: `/v1/apps/${app_id}/credentials`
846
+ };
847
+ return res;
848
+ }
849
+ async function M2MControllerCreateClient({
850
+ appId,
851
+ data,
852
+ headers
853
+ }, config = {}) {
854
+ const { client: request = client, ...requestConfig } = config;
855
+ const mappedHeaders = headers ? { "Idempotency-Key": headers.idempotencyKey } : void 0;
856
+ const requestData = data;
857
+ const res = await request({
858
+ method: "POST",
859
+ url: getM2MControllerCreateClientUrl({ appId }).url.toString(),
860
+ data: requestData,
861
+ ...requestConfig,
862
+ headers: { ...mappedHeaders, ...requestConfig.headers }
863
+ });
864
+ return res.data;
865
+ }
866
+
867
+ // src/_generated/clients/credentials/M2MControllerGetClient.ts
868
+ function getM2MControllerGetClientUrl({
869
+ appId,
870
+ clientId
871
+ }) {
872
+ const app_id = appId;
873
+ const client_id = clientId;
874
+ const res = {
875
+ method: "GET",
876
+ url: `/v1/apps/${app_id}/credentials/${client_id}`
877
+ };
878
+ return res;
879
+ }
880
+ async function M2MControllerGetClient({
881
+ appId,
882
+ clientId
883
+ }, config = {}) {
884
+ const { client: request = client, ...requestConfig } = config;
885
+ const res = await request({
886
+ method: "GET",
887
+ url: getM2MControllerGetClientUrl({ appId, clientId }).url.toString(),
888
+ ...requestConfig
889
+ });
890
+ return res.data;
891
+ }
892
+
893
+ // src/_generated/clients/credentials/M2MControllerUpdateClient.ts
894
+ function getM2MControllerUpdateClientUrl({
895
+ appId,
896
+ clientId
897
+ }) {
898
+ const app_id = appId;
899
+ const client_id = clientId;
900
+ const res = {
901
+ method: "PATCH",
902
+ url: `/v1/apps/${app_id}/credentials/${client_id}`
903
+ };
904
+ return res;
905
+ }
906
+ async function M2MControllerUpdateClient({
907
+ appId,
908
+ clientId,
909
+ data
910
+ }, config = {}) {
911
+ const { client: request = client, ...requestConfig } = config;
912
+ const requestData = data;
913
+ const res = await request({
914
+ method: "PATCH",
915
+ url: getM2MControllerUpdateClientUrl({ appId, clientId }).url.toString(),
916
+ data: requestData,
917
+ ...requestConfig
918
+ });
919
+ return res.data;
920
+ }
921
+
922
+ // src/_generated/clients/credentials/M2MControllerDeleteClient.ts
923
+ function getM2MControllerDeleteClientUrl({
924
+ appId,
925
+ clientId
926
+ }) {
927
+ const app_id = appId;
928
+ const client_id = clientId;
929
+ const res = {
930
+ method: "DELETE",
931
+ url: `/v1/apps/${app_id}/credentials/${client_id}`
932
+ };
933
+ return res;
934
+ }
935
+ async function M2MControllerDeleteClient({
936
+ appId,
937
+ clientId
938
+ }, config = {}) {
939
+ const { client: request = client, ...requestConfig } = config;
940
+ const res = await request({
941
+ method: "DELETE",
942
+ url: getM2MControllerDeleteClientUrl({ appId, clientId }).url.toString(),
943
+ ...requestConfig
944
+ });
945
+ return res.data;
946
+ }
947
+
948
+ // src/_generated/clients/credentials/M2MControllerRotateSecret.ts
949
+ function getM2MControllerRotateSecretUrl({
950
+ appId,
951
+ clientId
952
+ }) {
953
+ const app_id = appId;
954
+ const client_id = clientId;
955
+ const res = {
956
+ method: "POST",
957
+ url: `/v1/apps/${app_id}/credentials/${client_id}/rotate`
958
+ };
959
+ return res;
960
+ }
961
+ async function M2MControllerRotateSecret({
962
+ appId,
963
+ clientId
964
+ }, config = {}) {
965
+ const { client: request = client, ...requestConfig } = config;
966
+ const res = await request({
967
+ method: "POST",
968
+ url: getM2MControllerRotateSecretUrl({ appId, clientId }).url.toString(),
969
+ ...requestConfig
970
+ });
971
+ return res.data;
972
+ }
973
+
974
+ // src/_generated/clients/credentials/M2MControllerSetScopes.ts
975
+ function getM2MControllerSetScopesUrl({
976
+ appId,
977
+ clientId
978
+ }) {
979
+ const app_id = appId;
980
+ const client_id = clientId;
981
+ const res = {
982
+ method: "PUT",
983
+ url: `/v1/apps/${app_id}/credentials/${client_id}/scopes`
984
+ };
985
+ return res;
986
+ }
987
+ async function M2MControllerSetScopes({
988
+ appId,
989
+ clientId,
990
+ data
991
+ }, config = {}) {
992
+ const { client: request = client, ...requestConfig } = config;
993
+ const requestData = data;
994
+ const res = await request({
995
+ method: "PUT",
996
+ url: getM2MControllerSetScopesUrl({ appId, clientId }).url.toString(),
997
+ data: requestData,
998
+ ...requestConfig
999
+ });
1000
+ return res.data;
1001
+ }
1002
+
1003
+ // src/_generated/clients/appAudit/appAuditControllerGetAuditLogs.ts
1004
+ function getAppAuditControllerGetAuditLogsUrl({
1005
+ appId
1006
+ }) {
1007
+ const app_id = appId;
1008
+ const res = { method: "GET", url: `/v1/apps/${app_id}/audit-logs` };
1009
+ return res;
1010
+ }
1011
+ async function appAuditControllerGetAuditLogs({
1012
+ appId,
1013
+ params
1014
+ }, config = {}) {
1015
+ const { client: request = client, ...requestConfig } = config;
1016
+ const mappedParams = params ? {
1017
+ limit: params.limit,
1018
+ cursor: params.cursor,
1019
+ action: params.action,
1020
+ actor_id: params.actorId
1021
+ } : void 0;
1022
+ const res = await request({
1023
+ method: "GET",
1024
+ url: getAppAuditControllerGetAuditLogsUrl({ appId }).url.toString(),
1025
+ params: mappedParams,
1026
+ ...requestConfig
1027
+ });
1028
+ return res.data;
1029
+ }
1030
+
1031
+ // src/scopes/app.ts
1032
+ var AppScope = class {
1033
+ /** The appId bound to this scope. */
1034
+ appId;
1035
+ client;
1036
+ constructor(appId, client2) {
1037
+ this.appId = appId;
1038
+ this.client = client2;
1039
+ }
1040
+ /**
1041
+ * Direct HTTP escape hatch used to call endpoints whose spec is buggy
1042
+ * — currently those whose path declares `{appId}` but whose
1043
+ * `parameters[]` omits it, so the kubb-generated code leaves the
1044
+ * URL template unfilled. Tracked upstream; remove once the spec is
1045
+ * fixed and the per-call wrappers can move back to kubb's output.
1046
+ */
1047
+ async callDirect(method, url, body) {
1048
+ const res = await this.client({ method, url, data: body });
1049
+ return res.data;
1050
+ }
1051
+ // ─────────────────────────────────────────────────────────────
1052
+ // App meta — operations on the app record itself
1053
+ // ─────────────────────────────────────────────────────────────
1054
+ get = () => appControllerGetApp({ appId: this.appId }, { client: this.client });
1055
+ update = (data) => appControllerUpdateApp({ appId: this.appId, data }, { client: this.client });
1056
+ delete = () => appControllerDeleteApp({ appId: this.appId }, { client: this.client });
1057
+ updateStatus = (data) => appControllerUpdateAppStatus(
1058
+ { appId: this.appId, data },
1059
+ { client: this.client }
1060
+ );
1061
+ // ─────────────────────────────────────────────────────────────
1062
+ // Auth config (workspace-side config for the app's auth surface)
1063
+ // ─────────────────────────────────────────────────────────────
1064
+ authConfig = {
1065
+ get: () => authConfigControllerGetConfig(
1066
+ { appId: this.appId },
1067
+ { client: this.client }
1068
+ ),
1069
+ update: (data) => authConfigControllerUpdateConfig(
1070
+ { appId: this.appId, data },
1071
+ { client: this.client }
1072
+ )
1073
+ };
1074
+ // ─────────────────────────────────────────────────────────────
1075
+ // Invites (workspace members)
1076
+ // ─────────────────────────────────────────────────────────────
1077
+ invites = {
1078
+ list: (params = {}) => appControllerListInvites(
1079
+ { appId: this.appId, params },
1080
+ { client: this.client }
1081
+ ),
1082
+ create: (data) => appControllerCreateInvite(
1083
+ { appId: this.appId, data },
1084
+ { client: this.client }
1085
+ ),
1086
+ revoke: (inviteId) => appControllerRevokeInvite(
1087
+ { appId: this.appId, inviteId },
1088
+ { client: this.client }
1089
+ )
1090
+ };
1091
+ // ─────────────────────────────────────────────────────────────
1092
+ // Members (workspace seats on this app)
1093
+ // ─────────────────────────────────────────────────────────────
1094
+ members = {
1095
+ list: (params = {}) => appControllerListMembers(
1096
+ { appId: this.appId, params },
1097
+ { client: this.client }
1098
+ ),
1099
+ remove: (accountId) => appControllerRemoveMember(
1100
+ { appId: this.appId, accountId },
1101
+ { client: this.client }
1102
+ )
1103
+ };
1104
+ // ─────────────────────────────────────────────────────────────
1105
+ // EndUsers (the app's authenticated users — Heimdall's bread + butter)
1106
+ // ─────────────────────────────────────────────────────────────
1107
+ endUsers = {
1108
+ list: (params = {}) => endUserControllerListEndUsers(
1109
+ { appId: this.appId, params },
1110
+ { client: this.client }
1111
+ ),
1112
+ get: (userId) => endUserControllerGetEndUser(
1113
+ { appId: this.appId, userId },
1114
+ { client: this.client }
1115
+ ),
1116
+ update: (userId, data) => endUserControllerUpdateEndUser(
1117
+ { appId: this.appId, userId, data },
1118
+ { client: this.client }
1119
+ ),
1120
+ delete: (userId) => endUserControllerDeleteEndUser(
1121
+ { appId: this.appId, userId },
1122
+ { client: this.client }
1123
+ ),
1124
+ updateRole: (userId, data) => endUserControllerUpdateRole(
1125
+ { appId: this.appId, userId, data },
1126
+ { client: this.client }
1127
+ ),
1128
+ updateStatus: (userId, data) => endUserControllerUpdateStatus(
1129
+ { appId: this.appId, userId, data },
1130
+ { client: this.client }
1131
+ ),
1132
+ /** Spec bug: appId missing in spec params (see callDirect). */
1133
+ revokeAllSessions: (userId) => this.callDirect(
1134
+ "POST",
1135
+ `/v1/apps/${this.appId}/end-users/${userId}/sessions/revoke-all`
1136
+ )
1137
+ };
1138
+ // ─────────────────────────────────────────────────────────────
1139
+ // Roles
1140
+ // ─────────────────────────────────────────────────────────────
1141
+ roles = {
1142
+ list: (params = {}) => roleControllerListRoles(
1143
+ { appId: this.appId, params },
1144
+ { client: this.client }
1145
+ ),
1146
+ /** Spec bug: appId missing in spec params (see callDirect). */
1147
+ get: (roleName) => this.callDirect("GET", `/v1/apps/${this.appId}/roles/${roleName}`),
1148
+ create: (data) => roleControllerCreateRole(
1149
+ { appId: this.appId, data },
1150
+ { client: this.client }
1151
+ ),
1152
+ /** Spec bug: appId missing in spec params (see callDirect). */
1153
+ update: (roleName, data) => this.callDirect(
1154
+ "PATCH",
1155
+ `/v1/apps/${this.appId}/roles/${roleName}`,
1156
+ data
1157
+ ),
1158
+ /** Spec bug: appId missing in spec params (see callDirect). */
1159
+ delete: (roleName) => this.callDirect("DELETE", `/v1/apps/${this.appId}/roles/${roleName}`),
1160
+ assign: (data) => roleControllerAssignRole(
1161
+ { appId: this.appId, data },
1162
+ { client: this.client }
1163
+ ),
1164
+ setPermissions: (roleName, data) => roleControllerSetPermissions(
1165
+ { appId: this.appId, roleName, data },
1166
+ { client: this.client }
1167
+ ),
1168
+ listPermissions: () => roleControllerListPermissions(
1169
+ { appId: this.appId },
1170
+ { client: this.client }
1171
+ )
1172
+ };
1173
+ // ─────────────────────────────────────────────────────────────
1174
+ // Permissions catalog
1175
+ // ─────────────────────────────────────────────────────────────
1176
+ permissions = {
1177
+ list: () => permissionControllerListPermissions(
1178
+ { appId: this.appId },
1179
+ { client: this.client }
1180
+ ),
1181
+ create: (data) => permissionControllerCreatePermission(
1182
+ { appId: this.appId, data },
1183
+ { client: this.client }
1184
+ ),
1185
+ delete: (permissionKey) => permissionControllerDeletePermission(
1186
+ { appId: this.appId, permissionKey },
1187
+ { client: this.client }
1188
+ )
1189
+ };
1190
+ // ─────────────────────────────────────────────────────────────
1191
+ // API keys (server-to-server platform keys for this app)
1192
+ // ─────────────────────────────────────────────────────────────
1193
+ apiKeys = {
1194
+ list: () => apiKeyControllerListApiKeys(
1195
+ { appId: this.appId },
1196
+ { client: this.client }
1197
+ ),
1198
+ create: (data) => apiKeyControllerCreateApiKey(
1199
+ { appId: this.appId, data },
1200
+ { client: this.client }
1201
+ ),
1202
+ delete: (keyId) => apiKeyControllerDeleteApiKey(
1203
+ { appId: this.appId, keyId },
1204
+ { client: this.client }
1205
+ )
1206
+ };
1207
+ // ─────────────────────────────────────────────────────────────
1208
+ // M2M credentials (client_id + client_secret for service-to-service)
1209
+ // ─────────────────────────────────────────────────────────────
1210
+ credentials = {
1211
+ list: (params = {}) => M2MControllerListClients(
1212
+ { appId: this.appId, params },
1213
+ { client: this.client }
1214
+ ),
1215
+ create: (data) => M2MControllerCreateClient(
1216
+ { appId: this.appId, data },
1217
+ { client: this.client }
1218
+ ),
1219
+ get: (clientId) => M2MControllerGetClient(
1220
+ { appId: this.appId, clientId },
1221
+ { client: this.client }
1222
+ ),
1223
+ update: (clientId, data) => M2MControllerUpdateClient(
1224
+ { appId: this.appId, clientId, data },
1225
+ { client: this.client }
1226
+ ),
1227
+ delete: (clientId) => M2MControllerDeleteClient(
1228
+ { appId: this.appId, clientId },
1229
+ { client: this.client }
1230
+ ),
1231
+ rotateSecret: (clientId) => M2MControllerRotateSecret(
1232
+ { appId: this.appId, clientId },
1233
+ { client: this.client }
1234
+ ),
1235
+ setScopes: (clientId, data) => M2MControllerSetScopes(
1236
+ { appId: this.appId, clientId, data },
1237
+ { client: this.client }
1238
+ )
1239
+ };
1240
+ // ─────────────────────────────────────────────────────────────
1241
+ // Audit logs
1242
+ // ─────────────────────────────────────────────────────────────
1243
+ auditLogs = {
1244
+ list: (params = {}) => appAuditControllerGetAuditLogs(
1245
+ { appId: this.appId, params },
1246
+ { client: this.client }
1247
+ )
1248
+ };
1249
+ };
1250
+
1251
+ // src/_generated/clients/consumerAuth/consumerAuthControllerSignin.ts
1252
+ function getConsumerAuthControllerSigninUrl({
1253
+ appSlug
1254
+ }) {
1255
+ const app_slug = appSlug;
1256
+ const res = { method: "POST", url: `/${app_slug}/v1/auth/signin` };
1257
+ return res;
1258
+ }
1259
+ async function consumerAuthControllerSignin({
1260
+ appSlug,
1261
+ data
1262
+ }, config = {}) {
1263
+ const { client: request = client, ...requestConfig } = config;
1264
+ const requestData = data;
1265
+ const res = await request({
1266
+ method: "POST",
1267
+ url: getConsumerAuthControllerSigninUrl({ appSlug }).url.toString(),
1268
+ data: requestData,
1269
+ ...requestConfig
1270
+ });
1271
+ return res.data;
1272
+ }
1273
+
1274
+ // src/_generated/clients/consumerAuth/consumerAuthControllerRefresh.ts
1275
+ function getConsumerAuthControllerRefreshUrl({
1276
+ appSlug
1277
+ }) {
1278
+ const app_slug = appSlug;
1279
+ const res = { method: "POST", url: `/${app_slug}/v1/auth/refresh` };
1280
+ return res;
1281
+ }
1282
+ async function consumerAuthControllerRefresh({
1283
+ appSlug,
1284
+ data
1285
+ }, config = {}) {
1286
+ const { client: request = client, ...requestConfig } = config;
1287
+ const requestData = data;
1288
+ const res = await request({
1289
+ method: "POST",
1290
+ url: getConsumerAuthControllerRefreshUrl({ appSlug }).url.toString(),
1291
+ data: requestData,
1292
+ ...requestConfig
1293
+ });
1294
+ return res.data;
1295
+ }
1296
+
1297
+ // src/_generated/clients/consumerAuth/consumerAuthControllerLogout.ts
1298
+ function getConsumerAuthControllerLogoutUrl({
1299
+ appSlug
1300
+ }) {
1301
+ const app_slug = appSlug;
1302
+ const res = { method: "POST", url: `/${app_slug}/v1/auth/logout` };
1303
+ return res;
1304
+ }
1305
+ async function consumerAuthControllerLogout({
1306
+ appSlug,
1307
+ data
1308
+ }, config = {}) {
1309
+ const { client: request = client, ...requestConfig } = config;
1310
+ const requestData = data;
1311
+ const res = await request({
1312
+ method: "POST",
1313
+ url: getConsumerAuthControllerLogoutUrl({ appSlug }).url.toString(),
1314
+ data: requestData,
1315
+ ...requestConfig
1316
+ });
1317
+ return res.data;
1318
+ }
1319
+
1320
+ // src/_generated/clients/consumerAuth/consumerAuthControllerRequestPasswordReset.ts
1321
+ function getConsumerAuthControllerRequestPasswordResetUrl({
1322
+ appSlug
1323
+ }) {
1324
+ const app_slug = appSlug;
1325
+ const res = {
1326
+ method: "POST",
1327
+ url: `/${app_slug}/v1/auth/request-password-reset`
1328
+ };
1329
+ return res;
1330
+ }
1331
+ async function consumerAuthControllerRequestPasswordReset({
1332
+ appSlug,
1333
+ data,
1334
+ headers
1335
+ }, config = {}) {
1336
+ const { client: request = client, ...requestConfig } = config;
1337
+ const requestData = data;
1338
+ const res = await request({
1339
+ method: "POST",
1340
+ url: getConsumerAuthControllerRequestPasswordResetUrl({
1341
+ appSlug
1342
+ }).url.toString(),
1343
+ data: requestData,
1344
+ ...requestConfig,
1345
+ headers: { ...headers, ...requestConfig.headers }
1346
+ });
1347
+ return res.data;
1348
+ }
1349
+
1350
+ // src/_generated/clients/consumerAuth/consumerAuthControllerResetPassword.ts
1351
+ function getConsumerAuthControllerResetPasswordUrl({
1352
+ appSlug
1353
+ }) {
1354
+ const app_slug = appSlug;
1355
+ const res = {
1356
+ method: "POST",
1357
+ url: `/${app_slug}/v1/auth/reset-password`
1358
+ };
1359
+ return res;
1360
+ }
1361
+ async function consumerAuthControllerResetPassword({
1362
+ appSlug,
1363
+ data
1364
+ }, config = {}) {
1365
+ const { client: request = client, ...requestConfig } = config;
1366
+ const requestData = data;
1367
+ const res = await request({
1368
+ method: "POST",
1369
+ url: getConsumerAuthControllerResetPasswordUrl({ appSlug }).url.toString(),
1370
+ data: requestData,
1371
+ ...requestConfig
1372
+ });
1373
+ return res.data;
1374
+ }
1375
+
1376
+ // src/_generated/clients/consumerOauthSignIn/consumerIdpControllerNativeSignIn.ts
1377
+ function getConsumerIdpControllerNativeSignInUrl({
1378
+ appSlug,
1379
+ provider
1380
+ }) {
1381
+ const app_slug = appSlug;
1382
+ const res = {
1383
+ method: "POST",
1384
+ url: `/${app_slug}/v1/auth/oauth/${provider}`
1385
+ };
1386
+ return res;
1387
+ }
1388
+ async function consumerIdpControllerNativeSignIn({
1389
+ appSlug,
1390
+ provider,
1391
+ data
1392
+ }, config = {}) {
1393
+ const { client: request = client, ...requestConfig } = config;
1394
+ const requestData = data;
1395
+ const res = await request({
1396
+ method: "POST",
1397
+ url: getConsumerIdpControllerNativeSignInUrl({
1398
+ appSlug,
1399
+ provider
1400
+ }).url.toString(),
1401
+ data: requestData,
1402
+ ...requestConfig
1403
+ });
1404
+ return res.data;
1405
+ }
1406
+
1407
+ // src/_generated/clients/consumerVerify/consumerVerifyControllerVerify.ts
1408
+ function getConsumerVerifyControllerVerifyUrl({
1409
+ appSlug
1410
+ }) {
1411
+ const app_slug = appSlug;
1412
+ const res = { method: "POST", url: `/${app_slug}/v1/verify` };
1413
+ return res;
1414
+ }
1415
+ async function consumerVerifyControllerVerify({
1416
+ appSlug,
1417
+ data
1418
+ }, config = {}) {
1419
+ const { client: request = client, ...requestConfig } = config;
1420
+ const requestData = data;
1421
+ const res = await request({
1422
+ method: "POST",
1423
+ url: getConsumerVerifyControllerVerifyUrl({ appSlug }).url.toString(),
1424
+ data: requestData,
1425
+ ...requestConfig
1426
+ });
1427
+ return res.data;
1428
+ }
1429
+
1430
+ // src/_generated/clients/consumerVerify/consumerVerifyControllerAuthorize.ts
1431
+ function getConsumerVerifyControllerAuthorizeUrl({
1432
+ appSlug
1433
+ }) {
1434
+ const app_slug = appSlug;
1435
+ const res = { method: "POST", url: `/${app_slug}/v1/authorize` };
1436
+ return res;
1437
+ }
1438
+ async function consumerVerifyControllerAuthorize({
1439
+ appSlug,
1440
+ data
1441
+ }, config = {}) {
1442
+ const { client: request = client, ...requestConfig } = config;
1443
+ const requestData = data;
1444
+ const res = await request({
1445
+ method: "POST",
1446
+ url: getConsumerVerifyControllerAuthorizeUrl({ appSlug }).url.toString(),
1447
+ data: requestData,
1448
+ ...requestConfig
1449
+ });
1450
+ return res.data;
1451
+ }
1452
+
1453
+ // src/_generated/clients/consumerVerify/consumerVerifyControllerAuthorizeBatch.ts
1454
+ function getConsumerVerifyControllerAuthorizeBatchUrl({
1455
+ appSlug
1456
+ }) {
1457
+ const app_slug = appSlug;
1458
+ const res = {
1459
+ method: "POST",
1460
+ url: `/${app_slug}/v1/authorize/batch`
1461
+ };
1462
+ return res;
1463
+ }
1464
+ async function consumerVerifyControllerAuthorizeBatch({
1465
+ appSlug,
1466
+ data
1467
+ }, config = {}) {
1468
+ const { client: request = client, ...requestConfig } = config;
1469
+ const requestData = data;
1470
+ const res = await request({
1471
+ method: "POST",
1472
+ url: getConsumerVerifyControllerAuthorizeBatchUrl({
1473
+ appSlug
1474
+ }).url.toString(),
1475
+ data: requestData,
1476
+ ...requestConfig
1477
+ });
1478
+ return res.data;
1479
+ }
1480
+
1481
+ // src/_generated/clients/consumerOauthM2m/consumerOAuthControllerClientCredentials.ts
1482
+ function getConsumerOAuthControllerClientCredentialsUrl({
1483
+ appSlug
1484
+ }) {
1485
+ const app_slug = appSlug;
1486
+ const res = { method: "POST", url: `/${app_slug}/v1/oauth/token` };
1487
+ return res;
1488
+ }
1489
+ async function consumerOAuthControllerClientCredentials({
1490
+ appSlug,
1491
+ data
1492
+ }, config = {}) {
1493
+ const { client: request = client, ...requestConfig } = config;
1494
+ const requestData = data;
1495
+ const res = await request({
1496
+ method: "POST",
1497
+ url: getConsumerOAuthControllerClientCredentialsUrl({
1498
+ appSlug
1499
+ }).url.toString(),
1500
+ data: requestData,
1501
+ ...requestConfig
1502
+ });
1503
+ return res.data;
1504
+ }
1505
+
1506
+ // src/jwt/errors.ts
1507
+ var JwtVerifyError = class extends Error {
1508
+ code;
1509
+ constructor(code, message, options) {
1510
+ super(message, options);
1511
+ this.name = "JwtVerifyError";
1512
+ this.code = code;
1513
+ }
1514
+ };
1515
+ var JwtInvalidError = class extends JwtVerifyError {
1516
+ constructor(message, options) {
1517
+ super("ERR_JWT_INVALID", message, options);
1518
+ this.name = "JwtInvalidError";
1519
+ }
1520
+ };
1521
+ var JwtExpiredError = class extends JwtVerifyError {
1522
+ expiredAt;
1523
+ constructor(message, expiredAt, options) {
1524
+ super("ERR_JWT_EXPIRED", message, options);
1525
+ this.name = "JwtExpiredError";
1526
+ this.expiredAt = expiredAt;
1527
+ }
1528
+ };
1529
+ var JwtNotYetValidError = class extends JwtVerifyError {
1530
+ constructor(message, options) {
1531
+ super("ERR_JWT_NOT_YET_VALID", message, options);
1532
+ this.name = "JwtNotYetValidError";
1533
+ }
1534
+ };
1535
+ var JwtIssuerMismatchError = class extends JwtVerifyError {
1536
+ constructor(message, options) {
1537
+ super("ERR_JWT_ISS_MISMATCH", message, options);
1538
+ this.name = "JwtIssuerMismatchError";
1539
+ }
1540
+ };
1541
+ var JwtAudienceMismatchError = class extends JwtVerifyError {
1542
+ constructor(message, options) {
1543
+ super("ERR_JWT_AUD_MISMATCH", message, options);
1544
+ this.name = "JwtAudienceMismatchError";
1545
+ }
1546
+ };
1547
+ var JwksKeyNotFoundError = class extends JwtVerifyError {
1548
+ kid;
1549
+ constructor(kid, options) {
1550
+ super(
1551
+ "ERR_JWKS_KID_NOT_FOUND",
1552
+ `JWKS has no key matching kid=${kid ?? "(missing)"}`,
1553
+ options
1554
+ );
1555
+ this.name = "JwksKeyNotFoundError";
1556
+ this.kid = kid;
1557
+ }
1558
+ };
1559
+ var JwksFetchError = class extends JwtVerifyError {
1560
+ constructor(message, options) {
1561
+ super("ERR_JWKS_FETCH", message, options);
1562
+ this.name = "JwksFetchError";
1563
+ }
1564
+ };
1565
+
1566
+ // src/jwt/jwks-cache.ts
1567
+ var JwksCache = class {
1568
+ url;
1569
+ _jose;
1570
+ constructor(options) {
1571
+ this.url = options.url;
1572
+ const joseOpts = {
1573
+ cacheMaxAge: options.ttlMs ?? 10 * 60 * 1e3,
1574
+ cooldownDuration: options.cooldownMs ?? 3e4,
1575
+ timeoutDuration: options.timeoutMs ?? 5e3
1576
+ };
1577
+ if (options.fetch) {
1578
+ joseOpts[customFetch] = options.fetch;
1579
+ }
1580
+ this._jose = createRemoteJWKSet(
1581
+ options.url,
1582
+ joseOpts
1583
+ );
1584
+ }
1585
+ /**
1586
+ * Resolve a signing key for a given JWT header.
1587
+ * Bound as an arrow-function field so it can be passed around
1588
+ * (`jose.jwtVerify(token, cache.getKey, ...)`, passport-jwt, etc.)
1589
+ * without losing `this`.
1590
+ */
1591
+ getKey = async (header, input) => {
1592
+ try {
1593
+ return await this._jose(header, input);
1594
+ } catch (err) {
1595
+ if (err instanceof errors.JWKSNoMatchingKey) {
1596
+ throw new JwksKeyNotFoundError(header?.kid, { cause: err });
1597
+ }
1598
+ if (err instanceof errors.JWKSTimeout || err instanceof errors.JWKSInvalid || err instanceof errors.JOSEError) {
1599
+ throw new JwksFetchError(
1600
+ `Failed to load JWKS from ${this.url.href}: ${err.message}`,
1601
+ { cause: err }
1602
+ );
1603
+ }
1604
+ throw err;
1605
+ }
1606
+ };
1607
+ /**
1608
+ * Force a refetch on the next verify. Useful in tests and for
1609
+ * external rotation drills — the normal flow self-heals because
1610
+ * jose auto-refetches on kid miss.
1611
+ */
1612
+ refresh() {
1613
+ }
1614
+ };
1615
+ async function verifyHeimdallToken(token, getKey, opts = {}) {
1616
+ try {
1617
+ const { payload } = await jwtVerify(token, getKey, {
1618
+ algorithms: opts.algorithms ?? ["ES256", "RS256", "EdDSA"],
1619
+ issuer: opts.issuer,
1620
+ audience: opts.audience,
1621
+ clockTolerance: opts.clockTolerance ?? 5,
1622
+ requiredClaims: opts.requiredClaims,
1623
+ currentDate: opts.currentDate,
1624
+ maxTokenAge: opts.maxTokenAge
1625
+ });
1626
+ return payload;
1627
+ } catch (err) {
1628
+ throw translateJoseError(err);
1629
+ }
1630
+ }
1631
+ function translateJoseError(err) {
1632
+ if (err instanceof JwksKeyNotFoundError || err instanceof JwksFetchError || err instanceof JwtVerifyError) {
1633
+ return err;
1634
+ }
1635
+ const code = err?.code ?? "";
1636
+ const message = err?.message ?? "JWT verification failed";
1637
+ switch (code) {
1638
+ case "ERR_JWT_EXPIRED":
1639
+ return new JwtExpiredError(message, void 0, { cause: err });
1640
+ case "ERR_JWT_CLAIM_VALIDATION_FAILED": {
1641
+ const claim = err?.claim;
1642
+ if (claim === "iss") return new JwtIssuerMismatchError(message, { cause: err });
1643
+ if (claim === "aud") return new JwtAudienceMismatchError(message, { cause: err });
1644
+ if (claim === "nbf") return new JwtNotYetValidError(message, { cause: err });
1645
+ return new JwtInvalidError(message, { cause: err });
1646
+ }
1647
+ case "ERR_JWS_SIGNATURE_VERIFICATION_FAILED":
1648
+ case "ERR_JWS_INVALID":
1649
+ case "ERR_JWT_INVALID":
1650
+ return new JwtInvalidError(message, { cause: err });
1651
+ default:
1652
+ return new JwtInvalidError(message, { cause: err });
1653
+ }
1654
+ }
1655
+
1656
+ // src/scopes/consumer.ts
1657
+ var ConsumerScope = class {
1658
+ /** The appSlug bound to this scope. */
1659
+ appSlug;
1660
+ /** Default iss claim expected on tokens issued by this app's Heimdall instance. */
1661
+ expectedIssuer;
1662
+ /** Default aud claim. Undefined unless the caller sets it (skip aud check). */
1663
+ expectedAudience;
1664
+ /** jose-compatible JWKS resolver. Drop into `jose.jwtVerify`, passport-jwt, etc. */
1665
+ jwks;
1666
+ client;
1667
+ constructor(appSlug, internals, opts = {}) {
1668
+ this.appSlug = appSlug;
1669
+ this.client = internals.client;
1670
+ this.expectedIssuer = `${internals.baseUrl}/${appSlug}`;
1671
+ this.expectedAudience = opts.audience;
1672
+ this.jwks = new JwksCache({
1673
+ url: new URL(`/${appSlug}/v1/.well-known/jwks.json`, internals.baseUrl),
1674
+ ttlMs: opts.jwksTtlMs,
1675
+ fetch: internals.fetch
1676
+ });
1677
+ }
1678
+ /**
1679
+ * Direct HTTP escape hatch for endpoints whose spec is buggy
1680
+ * (path declares `{appSlug}` but parameters[] omits it). Tracked
1681
+ * upstream; remove once the spec is fixed.
1682
+ */
1683
+ async callDirect(method, url, body, params) {
1684
+ const res = await this.client({ method, url, data: body, params });
1685
+ return res.data;
1686
+ }
1687
+ /** Verify a Heimdall-issued JWT against this app's JWKS. */
1688
+ verifyToken(token, opts = {}) {
1689
+ return verifyHeimdallToken(token, this.jwks.getKey, {
1690
+ issuer: this.expectedIssuer,
1691
+ audience: this.expectedAudience,
1692
+ ...opts
1693
+ });
1694
+ }
1695
+ // ─────────────────────────────────────────────────────────────
1696
+ // Auth — sign-in/up flows, refresh, password reset
1697
+ // ─────────────────────────────────────────────────────────────
1698
+ auth = {
1699
+ signin: (data) => consumerAuthControllerSignin(
1700
+ { appSlug: this.appSlug, data },
1701
+ { client: this.client }
1702
+ ),
1703
+ /**
1704
+ * Signup may require a Platform API Key when the app has
1705
+ * `signup_requires_pak: true`. Configure that on the Heimdall
1706
+ * instance (`new Heimdall({ auth: { type: "apiKey", key: "..." } })`)
1707
+ * — our HTTP client attaches the Authorization header automatically.
1708
+ */
1709
+ signup: (data) => this.callDirect(
1710
+ "POST",
1711
+ `/${this.appSlug}/v1/auth/signup`,
1712
+ data
1713
+ ),
1714
+ refresh: (data) => consumerAuthControllerRefresh(
1715
+ { appSlug: this.appSlug, data },
1716
+ { client: this.client }
1717
+ ),
1718
+ logout: (data) => consumerAuthControllerLogout(
1719
+ { appSlug: this.appSlug, data },
1720
+ { client: this.client }
1721
+ ),
1722
+ /**
1723
+ * PAK-required: caller must instantiate `Heimdall` with
1724
+ * `auth: { type: "apiKey", key: "pcft_live_..." }`. The
1725
+ * kubb-generated `headers.authorization` slot is a stub — the
1726
+ * HTTP client's auth middleware overrides whatever's passed.
1727
+ */
1728
+ requestReset: (data) => consumerAuthControllerRequestPasswordReset(
1729
+ { appSlug: this.appSlug, data, headers: { authorization: "" } },
1730
+ { client: this.client }
1731
+ ),
1732
+ resetPassword: (data) => consumerAuthControllerResetPassword(
1733
+ { appSlug: this.appSlug, data },
1734
+ { client: this.client }
1735
+ ),
1736
+ /**
1737
+ * Sign in / sign up with a provider ID token (native flow).
1738
+ *
1739
+ * Submit the identity token Apple (or Google, once enabled) issued
1740
+ * to a native client (iOS `ASAuthorizationController`, Google
1741
+ * Sign-In for iOS / Android). Heimdall verifies the signature
1742
+ * against the provider's JWKS, pins the issuer, checks the
1743
+ * audience against the app's configured native client ids,
1744
+ * recomputes `sha256(nonce)` and compares to the token's `nonce`
1745
+ * claim, then resolves or creates the EndUser. Same response
1746
+ * shape as `auth.signin`.
1747
+ *
1748
+ * Account linking: when an EndUser already exists with a verified
1749
+ * primary email matching the token's `email` claim, the app's
1750
+ * `oauth_link_policy` decides the outcome:
1751
+ * - `auto` (default): silently link the identity to the existing
1752
+ * account (provider claims `email_verified: true` AND the email
1753
+ * is not an Apple private relay).
1754
+ * - `confirm`: refuse with 409 `link_required`. UI should sign
1755
+ * the user in via their original method to bind.
1756
+ * - `reject`: refuse with 409 `account_exists_with_different_provider`.
1757
+ *
1758
+ * Apple's private-relay emails (`*@privaterelay.appleid.com`) are
1759
+ * persisted as-is on the EndUser's primary email contact and
1760
+ * never participate in auto-link.
1761
+ *
1762
+ * Apple sends the user's display name only on the FIRST sign-in.
1763
+ * Pass it through `user.name` on that call — Heimdall persists it
1764
+ * to the EndUser row. Subsequent sign-ins should omit `user`.
1765
+ */
1766
+ signinWithProvider: (args) => consumerIdpControllerNativeSignIn(
1767
+ {
1768
+ appSlug: this.appSlug,
1769
+ provider: args.provider,
1770
+ data: { id_token: args.id_token, nonce: args.nonce, user: args.user }
1771
+ },
1772
+ { client: this.client }
1773
+ )
1774
+ };
1775
+ // ─────────────────────────────────────────────────────────────
1776
+ // Me — the currently-signed-in EndUser's own resources
1777
+ // All six endpoints currently use callDirect to work around spec
1778
+ // bugs in heimdall.json (appSlug missing from parameters[]).
1779
+ // ─────────────────────────────────────────────────────────────
1780
+ me = {
1781
+ getProfile: () => this.callDirect("GET", `/${this.appSlug}/v1/me`),
1782
+ updateProfile: (data) => this.callDirect("PATCH", `/${this.appSlug}/v1/me`, data),
1783
+ listSessions: (params = {}) => this.callDirect(
1784
+ "GET",
1785
+ `/${this.appSlug}/v1/me/sessions`,
1786
+ void 0,
1787
+ params
1788
+ ),
1789
+ revokeSession: (id) => this.callDirect("DELETE", `/${this.appSlug}/v1/me/sessions/${id}`),
1790
+ getActivity: (params = {}) => this.callDirect(
1791
+ "GET",
1792
+ `/${this.appSlug}/v1/me/activity`,
1793
+ void 0,
1794
+ params
1795
+ ),
1796
+ deleteAccount: () => this.callDirect("DELETE", `/${this.appSlug}/v1/me`)
1797
+ };
1798
+ // ─────────────────────────────────────────────────────────────
1799
+ // Verify — server-to-server token verification + authorization
1800
+ // (typically called by the customer's backend, not the user agent)
1801
+ // ─────────────────────────────────────────────────────────────
1802
+ verify = {
1803
+ verify: (data) => consumerVerifyControllerVerify(
1804
+ { appSlug: this.appSlug, data },
1805
+ { client: this.client }
1806
+ ),
1807
+ authorize: (data) => consumerVerifyControllerAuthorize(
1808
+ { appSlug: this.appSlug, data },
1809
+ { client: this.client }
1810
+ ),
1811
+ authorizeBatch: (data) => consumerVerifyControllerAuthorizeBatch(
1812
+ { appSlug: this.appSlug, data },
1813
+ { client: this.client }
1814
+ )
1815
+ };
1816
+ // ─────────────────────────────────────────────────────────────
1817
+ // OAuth M2M — client_credentials grant for service-to-service tokens
1818
+ // ─────────────────────────────────────────────────────────────
1819
+ oauth = {
1820
+ clientCredentials: (data) => consumerOAuthControllerClientCredentials(
1821
+ { appSlug: this.appSlug, data },
1822
+ { client: this.client }
1823
+ )
1824
+ };
1825
+ };
1826
+
1827
+ // src/_generated/clients/apps/appControllerListMyApps.ts
1828
+ function getAppControllerListMyAppsUrl() {
1829
+ const res = { method: "GET", url: `/v1/apps` };
1830
+ return res;
1831
+ }
1832
+ async function appControllerListMyApps({ params }, config = {}) {
1833
+ const { client: request = client, ...requestConfig } = config;
1834
+ const mappedParams = params ? {
1835
+ limit: params.limit,
1836
+ cursor: params.cursor,
1837
+ workspace_id: params.workspaceId
1838
+ } : void 0;
1839
+ const res = await request({
1840
+ method: "GET",
1841
+ url: getAppControllerListMyAppsUrl().url.toString(),
1842
+ params: mappedParams,
1843
+ ...requestConfig
1844
+ });
1845
+ return res.data;
1846
+ }
1847
+
1848
+ // src/_generated/clients/apps/appControllerCreateApp.ts
1849
+ function getAppControllerCreateAppUrl() {
1850
+ const res = { method: "POST", url: `/v1/apps` };
1851
+ return res;
1852
+ }
1853
+ async function appControllerCreateApp({
1854
+ data,
1855
+ headers
1856
+ }, config = {}) {
1857
+ const { client: request = client, ...requestConfig } = config;
1858
+ const mappedHeaders = headers ? { "Idempotency-Key": headers.idempotencyKey } : void 0;
1859
+ const requestData = data;
1860
+ const res = await request({
1861
+ method: "POST",
1862
+ url: getAppControllerCreateAppUrl().url.toString(),
1863
+ data: requestData,
1864
+ ...requestConfig,
1865
+ headers: { ...mappedHeaders, ...requestConfig.headers }
1866
+ });
1867
+ return res.data;
1868
+ }
1869
+
1870
+ // src/_generated/clients/apps/appControllerAcceptInvite.ts
1871
+ function getAppControllerAcceptInviteUrl() {
1872
+ const res = { method: "POST", url: `/v1/apps/invites/accept` };
1873
+ return res;
1874
+ }
1875
+ async function appControllerAcceptInvite({ data }, config = {}) {
1876
+ const { client: request = client, ...requestConfig } = config;
1877
+ const requestData = data;
1878
+ const res = await request({
1879
+ method: "POST",
1880
+ url: getAppControllerAcceptInviteUrl().url.toString(),
1881
+ data: requestData,
1882
+ ...requestConfig
1883
+ });
1884
+ return res.data;
1885
+ }
1886
+
1887
+ // src/_generated/clients/platformStats/statsControllerGetMyStats.ts
1888
+ function getStatsControllerGetMyStatsUrl() {
1889
+ const res = { method: "GET", url: `/v1/stats/me` };
1890
+ return res;
1891
+ }
1892
+ async function statsControllerGetMyStats({ params }, config = {}) {
1893
+ const { client: request = client, ...requestConfig } = config;
1894
+ const mappedParams = params ? { workspace_id: params.workspaceId } : void 0;
1895
+ const res = await request({
1896
+ method: "GET",
1897
+ url: getStatsControllerGetMyStatsUrl().url.toString(),
1898
+ params: mappedParams,
1899
+ ...requestConfig
1900
+ });
1901
+ return res.data;
1902
+ }
2
1903
 
3
1904
  // src/index.ts
4
1905
  var Heimdall = class {
5
- /** The underlying typed client. v0 surface — every endpoint reachable. */
6
1906
  client;
1907
+ baseUrl;
1908
+ fetch;
1909
+ jwtConfig;
7
1910
  constructor(config = {}) {
8
- this.client = makeClient(PC_BASE_URL.heimdall, config);
1911
+ this.baseUrl = config.baseUrl ?? PC_BASE_URL.heimdall;
1912
+ this.fetch = config.fetch;
1913
+ this.client = makeHeimdallHttpClient({
1914
+ baseUrl: this.baseUrl,
1915
+ auth: config.auth,
1916
+ fetch: this.fetch
1917
+ });
1918
+ this.jwtConfig = {
1919
+ audience: config.expectedAudience,
1920
+ jwksTtlMs: config.jwksTtlMs
1921
+ };
1922
+ }
1923
+ /**
1924
+ * Returns an `AppScope` bound to the given appId. All operations under
1925
+ * `/v1/apps/{appId}/...` are exposed as resource namespaces on the
1926
+ * returned object.
1927
+ */
1928
+ app(appId) {
1929
+ return new AppScope(appId, this.client);
1930
+ }
1931
+ /**
1932
+ * Returns a `ConsumerScope` bound to the given appSlug. Exposes the
1933
+ * `/{appSlug}/v1/...` surface (sign-in, sign-up, me, verify, oauth)
1934
+ * and the JWT-verify helper for tokens issued by this app.
1935
+ */
1936
+ consumer(appSlug) {
1937
+ return new ConsumerScope(
1938
+ appSlug,
1939
+ { client: this.client, baseUrl: this.baseUrl, fetch: this.fetch },
1940
+ this.jwtConfig
1941
+ );
9
1942
  }
1943
+ // ─────────────────────────────────────────────────────────────
1944
+ // Workspace-wide apps surface
1945
+ // (other admin operations are under `app(appId).*` once an app exists)
1946
+ // ─────────────────────────────────────────────────────────────
1947
+ apps = {
1948
+ /** List apps the caller's workspace can see. */
1949
+ list: (params = {}) => appControllerListMyApps(
1950
+ { params },
1951
+ { client: this.client }
1952
+ ),
1953
+ /** Create a new app under the caller's workspace. */
1954
+ create: (data) => appControllerCreateApp({ data }, { client: this.client }),
1955
+ /** Accept a workspace invite to join an existing app. */
1956
+ acceptInvite: (data) => appControllerAcceptInvite({ data }, { client: this.client })
1957
+ };
1958
+ // ─────────────────────────────────────────────────────────────
1959
+ // Platform stats
1960
+ //
1961
+ // Workspace-level IdP admin (`/v1/idp/*`) was removed from the API
1962
+ // when consumer-side OAuth moved to per-app `auth_config_provider`
1963
+ // rows. Configure providers via the per-app auth-config endpoints
1964
+ // (`app(appId).authConfig.*`) and consume them client-side through
1965
+ // `consumer(slug).auth.signinWithProvider({ ... })`.
1966
+ // ─────────────────────────────────────────────────────────────
1967
+ stats = {
1968
+ /**
1969
+ * Get the signed-in PlatformUser's aggregate counts. Pass
1970
+ * `workspaceId` to scope to a single workspace; omit to total
1971
+ * across every workspace the caller belongs to.
1972
+ */
1973
+ get: (params = {}) => statsControllerGetMyStats(
1974
+ { params },
1975
+ { client: this.client }
1976
+ )
1977
+ };
10
1978
  };
11
1979
 
12
- export { Heimdall };
1980
+ export { AppScope, ConsumerScope, Heimdall, HeimdallHttpError, JwksCache, JwksFetchError, JwksKeyNotFoundError, JwtAudienceMismatchError, JwtExpiredError, JwtInvalidError, JwtIssuerMismatchError, JwtNotYetValidError, JwtVerifyError, verifyHeimdallToken };
13
1981
  //# sourceMappingURL=index.js.map
14
1982
  //# sourceMappingURL=index.js.map