@productcraft/heimdall 0.0.2 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/README.md +280 -0
  2. package/dist/index.cjs +2034 -2
  3. package/dist/index.cjs.map +1 -1
  4. package/dist/index.d.cts +2394 -2824
  5. package/dist/index.d.ts +2394 -2824
  6. package/dist/index.js +2022 -4
  7. package/dist/index.js.map +1 -1
  8. package/package.json +5 -4
package/dist/index.js CHANGED
@@ -1,14 +1,2032 @@
1
- import { makeClient, PC_BASE_URL } from '@productcraft/core';
1
+ import { PC_BASE_URL } from '@productcraft/core';
2
+ import { createRemoteJWKSet, errors, jwtVerify, customFetch } from 'jose';
3
+
4
+ // src/index.ts
5
+
6
+ // src/_http.ts
7
+ var HeimdallHttpError = class extends Error {
8
+ status;
9
+ statusText;
10
+ data;
11
+ constructor(response) {
12
+ super(
13
+ `Heimdall request failed: ${response.status} ${response.statusText}`
14
+ );
15
+ this.name = "HeimdallHttpError";
16
+ this.status = response.status;
17
+ this.statusText = response.statusText;
18
+ this.data = response.data;
19
+ }
20
+ };
21
+ function applyAuthHeader(headers, auth) {
22
+ if (!auth) return;
23
+ switch (auth.type) {
24
+ case "apiKey":
25
+ headers.set("Authorization", `Bearer ${auth.key}`);
26
+ break;
27
+ case "bearer":
28
+ headers.set("Authorization", `Bearer ${auth.token}`);
29
+ break;
30
+ case "cookie":
31
+ headers.set("Cookie", `auth_token=${auth.value}`);
32
+ break;
33
+ }
34
+ }
35
+ function buildUrl(baseUrl, path, params) {
36
+ const url = new URL(path, baseUrl);
37
+ if (params && typeof params === "object") {
38
+ for (const [k, v] of Object.entries(params)) {
39
+ if (v === void 0 || v === null) continue;
40
+ if (Array.isArray(v)) {
41
+ for (const item of v) url.searchParams.append(k, String(item));
42
+ } else {
43
+ url.searchParams.set(k, String(v));
44
+ }
45
+ }
46
+ }
47
+ return url;
48
+ }
49
+ function makeHeimdallHttpClient(options) {
50
+ const fetchImpl = options.fetch ?? globalThis.fetch;
51
+ if (!fetchImpl) {
52
+ throw new Error(
53
+ "@productcraft/heimdall: no `fetch` available \u2014 pass `fetch` in the config or run on Node 18+"
54
+ );
55
+ }
56
+ return async function client2(req) {
57
+ const url = buildUrl(req.baseURL ?? options.baseUrl, req.url ?? "", req.params);
58
+ const headers = new Headers(req.headers);
59
+ applyAuthHeader(headers, options.auth);
60
+ const hasBody = req.data !== void 0 && req.method !== "GET" && req.method !== "HEAD";
61
+ const isFormData = typeof FormData !== "undefined" && req.data instanceof FormData;
62
+ if (hasBody && !isFormData && !headers.has("Content-Type")) {
63
+ headers.set("Content-Type", "application/json");
64
+ }
65
+ const body = hasBody ? isFormData ? req.data : JSON.stringify(req.data) : void 0;
66
+ const res = await fetchImpl(url, {
67
+ method: req.method,
68
+ headers,
69
+ body,
70
+ credentials: req.credentials,
71
+ signal: req.signal
72
+ });
73
+ let data = void 0;
74
+ const ctype = res.headers.get("content-type") ?? "";
75
+ if (req.responseType === "text") {
76
+ data = await res.text();
77
+ } else if (req.responseType === "blob") {
78
+ data = await res.blob();
79
+ } else if (req.responseType === "arraybuffer") {
80
+ data = await res.arrayBuffer();
81
+ } else if (ctype.includes("application/json") || ctype.includes("application/problem+json")) {
82
+ data = await res.json().catch(() => void 0);
83
+ } else if (res.status !== 204) {
84
+ const text = await res.text().catch(() => "");
85
+ data = text || void 0;
86
+ }
87
+ const response = {
88
+ data,
89
+ status: res.status,
90
+ statusText: res.statusText,
91
+ headers: res.headers
92
+ };
93
+ if (!res.ok) throw new HeimdallHttpError(response);
94
+ return response;
95
+ };
96
+ }
97
+
98
+ // ../../node_modules/.pnpm/@kubb+plugin-client@4.37.8_@kubb+fabric-core@0.14.0_@kubb+react-fabric@0.14.0/node_modules/@kubb/plugin-client/dist/clients/fetch.js
99
+ var _config = {};
100
+ var getConfig = () => _config;
101
+ var setConfig = (config) => {
102
+ _config = config;
103
+ return getConfig();
104
+ };
105
+ var mergeConfig = (...configs) => {
106
+ return configs.reduce((merged, config) => {
107
+ return {
108
+ ...merged,
109
+ ...config,
110
+ headers: {
111
+ ...Array.isArray(merged.headers) ? Object.fromEntries(merged.headers) : merged.headers,
112
+ ...Array.isArray(config.headers) ? Object.fromEntries(config.headers) : config.headers
113
+ }
114
+ };
115
+ }, {});
116
+ };
117
+ var client = async (paramsConfig) => {
118
+ const normalizedParams = new URLSearchParams();
119
+ const config = mergeConfig(getConfig(), paramsConfig);
120
+ Object.entries(config.params || {}).forEach(([key, value]) => {
121
+ if (value !== void 0) normalizedParams.append(key, value === null ? "null" : value.toString());
122
+ });
123
+ let targetUrl = [config.baseURL, config.url].filter(Boolean).join("");
124
+ if (config.params) targetUrl += `?${normalizedParams}`;
125
+ const response = await fetch(targetUrl, {
126
+ credentials: config.credentials || "same-origin",
127
+ method: config.method?.toUpperCase(),
128
+ body: config.data instanceof FormData ? config.data : JSON.stringify(config.data),
129
+ signal: config.signal,
130
+ headers: config.headers
131
+ });
132
+ return {
133
+ data: [
134
+ 204,
135
+ 205,
136
+ 304
137
+ ].includes(response.status) || !response.body ? {} : await response.json(),
138
+ status: response.status,
139
+ statusText: response.statusText,
140
+ headers: response.headers
141
+ };
142
+ };
143
+ client.getConfig = getConfig;
144
+ client.setConfig = setConfig;
145
+
146
+ // src/_generated/clients/apps/appControllerGetApp.ts
147
+ function getAppControllerGetAppUrl({
148
+ appId
149
+ }) {
150
+ const app_id = appId;
151
+ const res = { method: "GET", url: `/v1/apps/${app_id}` };
152
+ return res;
153
+ }
154
+ async function appControllerGetApp({ appId }, config = {}) {
155
+ const { client: request = client, ...requestConfig } = config;
156
+ const res = await request({
157
+ method: "GET",
158
+ url: getAppControllerGetAppUrl({ appId }).url.toString(),
159
+ ...requestConfig
160
+ });
161
+ return res.data;
162
+ }
163
+
164
+ // src/_generated/clients/apps/appControllerUpdateApp.ts
165
+ function getAppControllerUpdateAppUrl({
166
+ appId
167
+ }) {
168
+ const app_id = appId;
169
+ const res = { method: "PATCH", url: `/v1/apps/${app_id}` };
170
+ return res;
171
+ }
172
+ async function appControllerUpdateApp({
173
+ appId,
174
+ data
175
+ }, config = {}) {
176
+ const { client: request = client, ...requestConfig } = config;
177
+ const requestData = data;
178
+ const res = await request({
179
+ method: "PATCH",
180
+ url: getAppControllerUpdateAppUrl({ appId }).url.toString(),
181
+ data: requestData,
182
+ ...requestConfig
183
+ });
184
+ return res.data;
185
+ }
186
+
187
+ // src/_generated/clients/apps/appControllerDeleteApp.ts
188
+ function getAppControllerDeleteAppUrl({
189
+ appId
190
+ }) {
191
+ const app_id = appId;
192
+ const res = { method: "DELETE", url: `/v1/apps/${app_id}` };
193
+ return res;
194
+ }
195
+ async function appControllerDeleteApp({ appId }, config = {}) {
196
+ const { client: request = client, ...requestConfig } = config;
197
+ const res = await request({
198
+ method: "DELETE",
199
+ url: getAppControllerDeleteAppUrl({ appId }).url.toString(),
200
+ ...requestConfig
201
+ });
202
+ return res.data;
203
+ }
204
+
205
+ // src/_generated/clients/apps/appControllerUpdateAppStatus.ts
206
+ function getAppControllerUpdateAppStatusUrl({
207
+ appId
208
+ }) {
209
+ const app_id = appId;
210
+ const res = { method: "PATCH", url: `/v1/apps/${app_id}/status` };
211
+ return res;
212
+ }
213
+ async function appControllerUpdateAppStatus({
214
+ appId,
215
+ data
216
+ }, config = {}) {
217
+ const { client: request = client, ...requestConfig } = config;
218
+ const requestData = data;
219
+ const res = await request({
220
+ method: "PATCH",
221
+ url: getAppControllerUpdateAppStatusUrl({ appId }).url.toString(),
222
+ data: requestData,
223
+ ...requestConfig
224
+ });
225
+ return res.data;
226
+ }
227
+
228
+ // src/_generated/clients/apps/authConfigControllerGetConfig.ts
229
+ function getAuthConfigControllerGetConfigUrl({
230
+ appId
231
+ }) {
232
+ const app_id = appId;
233
+ const res = { method: "GET", url: `/v1/apps/${app_id}/auth-config` };
234
+ return res;
235
+ }
236
+ async function authConfigControllerGetConfig({ appId }, config = {}) {
237
+ const { client: request = client, ...requestConfig } = config;
238
+ const res = await request({
239
+ method: "GET",
240
+ url: getAuthConfigControllerGetConfigUrl({ appId }).url.toString(),
241
+ ...requestConfig
242
+ });
243
+ return res.data;
244
+ }
245
+
246
+ // src/_generated/clients/apps/authConfigControllerUpdateConfig.ts
247
+ function getAuthConfigControllerUpdateConfigUrl({
248
+ appId
249
+ }) {
250
+ const app_id = appId;
251
+ const res = {
252
+ method: "PATCH",
253
+ url: `/v1/apps/${app_id}/auth-config`
254
+ };
255
+ return res;
256
+ }
257
+ async function authConfigControllerUpdateConfig({
258
+ appId,
259
+ data
260
+ }, config = {}) {
261
+ const { client: request = client, ...requestConfig } = config;
262
+ const requestData = data;
263
+ const res = await request({
264
+ method: "PATCH",
265
+ url: getAuthConfigControllerUpdateConfigUrl({ appId }).url.toString(),
266
+ data: requestData,
267
+ ...requestConfig
268
+ });
269
+ return res.data;
270
+ }
271
+
272
+ // src/_generated/clients/apps/appControllerListInvites.ts
273
+ function getAppControllerListInvitesUrl({
274
+ appId
275
+ }) {
276
+ const app_id = appId;
277
+ const res = { method: "GET", url: `/v1/apps/${app_id}/invites` };
278
+ return res;
279
+ }
280
+ async function appControllerListInvites({
281
+ appId,
282
+ params
283
+ }, config = {}) {
284
+ const { client: request = client, ...requestConfig } = config;
285
+ const res = await request({
286
+ method: "GET",
287
+ url: getAppControllerListInvitesUrl({ appId }).url.toString(),
288
+ params,
289
+ ...requestConfig
290
+ });
291
+ return res.data;
292
+ }
293
+
294
+ // src/_generated/clients/apps/appControllerCreateInvite.ts
295
+ function getAppControllerCreateInviteUrl({
296
+ appId
297
+ }) {
298
+ const app_id = appId;
299
+ const res = { method: "POST", url: `/v1/apps/${app_id}/invites` };
300
+ return res;
301
+ }
302
+ async function appControllerCreateInvite({
303
+ appId,
304
+ data
305
+ }, config = {}) {
306
+ const { client: request = client, ...requestConfig } = config;
307
+ const requestData = data;
308
+ const res = await request({
309
+ method: "POST",
310
+ url: getAppControllerCreateInviteUrl({ appId }).url.toString(),
311
+ data: requestData,
312
+ ...requestConfig
313
+ });
314
+ return res.data;
315
+ }
316
+
317
+ // src/_generated/clients/apps/appControllerRevokeInvite.ts
318
+ function getAppControllerRevokeInviteUrl({
319
+ appId,
320
+ inviteId
321
+ }) {
322
+ const app_id = appId;
323
+ const invite_id = inviteId;
324
+ const res = {
325
+ method: "DELETE",
326
+ url: `/v1/apps/${app_id}/invites/${invite_id}`
327
+ };
328
+ return res;
329
+ }
330
+ async function appControllerRevokeInvite({
331
+ appId,
332
+ inviteId
333
+ }, config = {}) {
334
+ const { client: request = client, ...requestConfig } = config;
335
+ const res = await request({
336
+ method: "DELETE",
337
+ url: getAppControllerRevokeInviteUrl({ appId, inviteId }).url.toString(),
338
+ ...requestConfig
339
+ });
340
+ return res.data;
341
+ }
342
+
343
+ // src/_generated/clients/apps/appControllerListMembers.ts
344
+ function getAppControllerListMembersUrl({
345
+ appId
346
+ }) {
347
+ const app_id = appId;
348
+ const res = { method: "GET", url: `/v1/apps/${app_id}/members` };
349
+ return res;
350
+ }
351
+ async function appControllerListMembers({
352
+ appId,
353
+ params
354
+ }, config = {}) {
355
+ const { client: request = client, ...requestConfig } = config;
356
+ const res = await request({
357
+ method: "GET",
358
+ url: getAppControllerListMembersUrl({ appId }).url.toString(),
359
+ params,
360
+ ...requestConfig
361
+ });
362
+ return res.data;
363
+ }
364
+
365
+ // src/_generated/clients/apps/appControllerRemoveMember.ts
366
+ function getAppControllerRemoveMemberUrl({
367
+ appId,
368
+ accountId
369
+ }) {
370
+ const app_id = appId;
371
+ const account_id = accountId;
372
+ const res = {
373
+ method: "DELETE",
374
+ url: `/v1/apps/${app_id}/members/${account_id}`
375
+ };
376
+ return res;
377
+ }
378
+ async function appControllerRemoveMember({
379
+ appId,
380
+ accountId
381
+ }, config = {}) {
382
+ const { client: request = client, ...requestConfig } = config;
383
+ const res = await request({
384
+ method: "DELETE",
385
+ url: getAppControllerRemoveMemberUrl({ appId, accountId }).url.toString(),
386
+ ...requestConfig
387
+ });
388
+ return res.data;
389
+ }
390
+
391
+ // src/_generated/clients/endUsers/endUserControllerListEndUsers.ts
392
+ function getEndUserControllerListEndUsersUrl({
393
+ appId
394
+ }) {
395
+ const app_id = appId;
396
+ const res = { method: "GET", url: `/v1/apps/${app_id}/end-users` };
397
+ return res;
398
+ }
399
+ async function endUserControllerListEndUsers({
400
+ appId,
401
+ params
402
+ }, config = {}) {
403
+ const { client: request = client, ...requestConfig } = config;
404
+ const res = await request({
405
+ method: "GET",
406
+ url: getEndUserControllerListEndUsersUrl({ appId }).url.toString(),
407
+ params,
408
+ ...requestConfig
409
+ });
410
+ return res.data;
411
+ }
412
+
413
+ // src/_generated/clients/endUsers/endUserControllerGetEndUser.ts
414
+ function getEndUserControllerGetEndUserUrl({
415
+ appId,
416
+ userId
417
+ }) {
418
+ const app_id = appId;
419
+ const user_id = userId;
420
+ const res = {
421
+ method: "GET",
422
+ url: `/v1/apps/${app_id}/end-users/${user_id}`
423
+ };
424
+ return res;
425
+ }
426
+ async function endUserControllerGetEndUser({
427
+ appId,
428
+ userId
429
+ }, config = {}) {
430
+ const { client: request = client, ...requestConfig } = config;
431
+ const res = await request({
432
+ method: "GET",
433
+ url: getEndUserControllerGetEndUserUrl({ appId, userId }).url.toString(),
434
+ ...requestConfig
435
+ });
436
+ return res.data;
437
+ }
438
+
439
+ // src/_generated/clients/endUsers/endUserControllerUpdateEndUser.ts
440
+ function getEndUserControllerUpdateEndUserUrl({
441
+ appId,
442
+ userId
443
+ }) {
444
+ const app_id = appId;
445
+ const user_id = userId;
446
+ const res = {
447
+ method: "PATCH",
448
+ url: `/v1/apps/${app_id}/end-users/${user_id}`
449
+ };
450
+ return res;
451
+ }
452
+ async function endUserControllerUpdateEndUser({
453
+ appId,
454
+ userId,
455
+ data
456
+ }, config = {}) {
457
+ const { client: request = client, ...requestConfig } = config;
458
+ const requestData = data;
459
+ const res = await request({
460
+ method: "PATCH",
461
+ url: getEndUserControllerUpdateEndUserUrl({ appId, userId }).url.toString(),
462
+ data: requestData,
463
+ ...requestConfig
464
+ });
465
+ return res.data;
466
+ }
467
+
468
+ // src/_generated/clients/endUsers/endUserControllerDeleteEndUser.ts
469
+ function getEndUserControllerDeleteEndUserUrl({
470
+ appId,
471
+ userId
472
+ }) {
473
+ const app_id = appId;
474
+ const user_id = userId;
475
+ const res = {
476
+ method: "DELETE",
477
+ url: `/v1/apps/${app_id}/end-users/${user_id}`
478
+ };
479
+ return res;
480
+ }
481
+ async function endUserControllerDeleteEndUser({
482
+ appId,
483
+ userId
484
+ }, config = {}) {
485
+ const { client: request = client, ...requestConfig } = config;
486
+ const res = await request({
487
+ method: "DELETE",
488
+ url: getEndUserControllerDeleteEndUserUrl({ appId, userId }).url.toString(),
489
+ ...requestConfig
490
+ });
491
+ return res.data;
492
+ }
493
+
494
+ // src/_generated/clients/endUsers/endUserControllerUpdateRole.ts
495
+ function getEndUserControllerUpdateRoleUrl({
496
+ appId,
497
+ userId
498
+ }) {
499
+ const app_id = appId;
500
+ const user_id = userId;
501
+ const res = {
502
+ method: "PATCH",
503
+ url: `/v1/apps/${app_id}/end-users/${user_id}/role`
504
+ };
505
+ return res;
506
+ }
507
+ async function endUserControllerUpdateRole({
508
+ appId,
509
+ userId,
510
+ data
511
+ }, config = {}) {
512
+ const { client: request = client, ...requestConfig } = config;
513
+ const requestData = data;
514
+ const res = await request({
515
+ method: "PATCH",
516
+ url: getEndUserControllerUpdateRoleUrl({ appId, userId }).url.toString(),
517
+ data: requestData,
518
+ ...requestConfig
519
+ });
520
+ return res.data;
521
+ }
522
+
523
+ // src/_generated/clients/endUsers/endUserControllerUpdateStatus.ts
524
+ function getEndUserControllerUpdateStatusUrl({
525
+ appId,
526
+ userId
527
+ }) {
528
+ const app_id = appId;
529
+ const user_id = userId;
530
+ const res = {
531
+ method: "PATCH",
532
+ url: `/v1/apps/${app_id}/end-users/${user_id}/status`
533
+ };
534
+ return res;
535
+ }
536
+ async function endUserControllerUpdateStatus({
537
+ appId,
538
+ userId,
539
+ data
540
+ }, config = {}) {
541
+ const { client: request = client, ...requestConfig } = config;
542
+ const requestData = data;
543
+ const res = await request({
544
+ method: "PATCH",
545
+ url: getEndUserControllerUpdateStatusUrl({ appId, userId }).url.toString(),
546
+ data: requestData,
547
+ ...requestConfig
548
+ });
549
+ return res.data;
550
+ }
551
+
552
+ // src/_generated/clients/roles/roleControllerListRoles.ts
553
+ function getRoleControllerListRolesUrl({
554
+ appId
555
+ }) {
556
+ const app_id = appId;
557
+ const res = { method: "GET", url: `/v1/apps/${app_id}/roles` };
558
+ return res;
559
+ }
560
+ async function roleControllerListRoles({
561
+ appId,
562
+ params
563
+ }, config = {}) {
564
+ const { client: request = client, ...requestConfig } = config;
565
+ const res = await request({
566
+ method: "GET",
567
+ url: getRoleControllerListRolesUrl({ appId }).url.toString(),
568
+ params,
569
+ ...requestConfig
570
+ });
571
+ return res.data;
572
+ }
573
+
574
+ // src/_generated/clients/roles/roleControllerCreateRole.ts
575
+ function getRoleControllerCreateRoleUrl({
576
+ appId
577
+ }) {
578
+ const app_id = appId;
579
+ const res = { method: "POST", url: `/v1/apps/${app_id}/roles` };
580
+ return res;
581
+ }
582
+ async function roleControllerCreateRole({
583
+ appId,
584
+ data
585
+ }, config = {}) {
586
+ const { client: request = client, ...requestConfig } = config;
587
+ const requestData = data;
588
+ const res = await request({
589
+ method: "POST",
590
+ url: getRoleControllerCreateRoleUrl({ appId }).url.toString(),
591
+ data: requestData,
592
+ ...requestConfig
593
+ });
594
+ return res.data;
595
+ }
596
+
597
+ // src/_generated/clients/roles/roleControllerAssignRole.ts
598
+ function getRoleControllerAssignRoleUrl({
599
+ appId
600
+ }) {
601
+ const app_id = appId;
602
+ const res = {
603
+ method: "POST",
604
+ url: `/v1/apps/${app_id}/roles/assign`
605
+ };
606
+ return res;
607
+ }
608
+ async function roleControllerAssignRole({
609
+ appId,
610
+ data
611
+ }, config = {}) {
612
+ const { client: request = client, ...requestConfig } = config;
613
+ const requestData = data;
614
+ const res = await request({
615
+ method: "POST",
616
+ url: getRoleControllerAssignRoleUrl({ appId }).url.toString(),
617
+ data: requestData,
618
+ ...requestConfig
619
+ });
620
+ return res.data;
621
+ }
622
+
623
+ // src/_generated/clients/roles/roleControllerSetPermissions.ts
624
+ function getRoleControllerSetPermissionsUrl({
625
+ appId,
626
+ roleName
627
+ }) {
628
+ const app_id = appId;
629
+ const role_name = roleName;
630
+ const res = {
631
+ method: "PUT",
632
+ url: `/v1/apps/${app_id}/roles/${role_name}/permissions`
633
+ };
634
+ return res;
635
+ }
636
+ async function roleControllerSetPermissions({
637
+ appId,
638
+ roleName,
639
+ data
640
+ }, config = {}) {
641
+ const { client: request = client, ...requestConfig } = config;
642
+ const requestData = data;
643
+ const res = await request({
644
+ method: "PUT",
645
+ url: getRoleControllerSetPermissionsUrl({ appId, roleName }).url.toString(),
646
+ data: requestData,
647
+ ...requestConfig
648
+ });
649
+ return res.data;
650
+ }
651
+
652
+ // src/_generated/clients/roles/roleControllerListPermissions.ts
653
+ function getRoleControllerListPermissionsUrl({
654
+ appId
655
+ }) {
656
+ const app_id = appId;
657
+ const res = {
658
+ method: "GET",
659
+ url: `/v1/apps/${app_id}/roles/permissions`
660
+ };
661
+ return res;
662
+ }
663
+ async function roleControllerListPermissions({ appId }, config = {}) {
664
+ const { client: request = client, ...requestConfig } = config;
665
+ const res = await request({
666
+ method: "GET",
667
+ url: getRoleControllerListPermissionsUrl({ appId }).url.toString(),
668
+ ...requestConfig
669
+ });
670
+ return res.data;
671
+ }
672
+
673
+ // src/_generated/clients/permissions/permissionControllerListPermissions.ts
674
+ function getPermissionControllerListPermissionsUrl({
675
+ appId
676
+ }) {
677
+ const app_id = appId;
678
+ const res = { method: "GET", url: `/v1/apps/${app_id}/permissions` };
679
+ return res;
680
+ }
681
+ async function permissionControllerListPermissions({ appId }, config = {}) {
682
+ const { client: request = client, ...requestConfig } = config;
683
+ const res = await request({
684
+ method: "GET",
685
+ url: getPermissionControllerListPermissionsUrl({ appId }).url.toString(),
686
+ ...requestConfig
687
+ });
688
+ return res.data;
689
+ }
690
+
691
+ // src/_generated/clients/permissions/permissionControllerCreatePermission.ts
692
+ function getPermissionControllerCreatePermissionUrl({
693
+ appId
694
+ }) {
695
+ const app_id = appId;
696
+ const res = {
697
+ method: "POST",
698
+ url: `/v1/apps/${app_id}/permissions`
699
+ };
700
+ return res;
701
+ }
702
+ async function permissionControllerCreatePermission({
703
+ appId,
704
+ data
705
+ }, config = {}) {
706
+ const { client: request = client, ...requestConfig } = config;
707
+ const requestData = data;
708
+ const res = await request({
709
+ method: "POST",
710
+ url: getPermissionControllerCreatePermissionUrl({ appId }).url.toString(),
711
+ data: requestData,
712
+ ...requestConfig
713
+ });
714
+ return res.data;
715
+ }
716
+
717
+ // src/_generated/clients/permissions/permissionControllerDeletePermission.ts
718
+ function getPermissionControllerDeletePermissionUrl({
719
+ appId,
720
+ permissionKey
721
+ }) {
722
+ const app_id = appId;
723
+ const permission_key = permissionKey;
724
+ const res = {
725
+ method: "DELETE",
726
+ url: `/v1/apps/${app_id}/permissions/${permission_key}`
727
+ };
728
+ return res;
729
+ }
730
+ async function permissionControllerDeletePermission({
731
+ appId,
732
+ permissionKey
733
+ }, config = {}) {
734
+ const { client: request = client, ...requestConfig } = config;
735
+ const res = await request({
736
+ method: "DELETE",
737
+ url: getPermissionControllerDeletePermissionUrl({
738
+ appId,
739
+ permissionKey
740
+ }).url.toString(),
741
+ ...requestConfig
742
+ });
743
+ return res.data;
744
+ }
745
+
746
+ // src/_generated/clients/apiKeys/apiKeyControllerListApiKeys.ts
747
+ function getApiKeyControllerListApiKeysUrl({
748
+ appId
749
+ }) {
750
+ const app_id = appId;
751
+ const res = { method: "GET", url: `/v1/apps/${app_id}/api-keys` };
752
+ return res;
753
+ }
754
+ async function apiKeyControllerListApiKeys({ appId }, config = {}) {
755
+ const { client: request = client, ...requestConfig } = config;
756
+ const res = await request({
757
+ method: "GET",
758
+ url: getApiKeyControllerListApiKeysUrl({ appId }).url.toString(),
759
+ ...requestConfig
760
+ });
761
+ return res.data;
762
+ }
763
+
764
+ // src/_generated/clients/apiKeys/apiKeyControllerCreateApiKey.ts
765
+ function getApiKeyControllerCreateApiKeyUrl({
766
+ appId
767
+ }) {
768
+ const app_id = appId;
769
+ const res = { method: "POST", url: `/v1/apps/${app_id}/api-keys` };
770
+ return res;
771
+ }
772
+ async function apiKeyControllerCreateApiKey({
773
+ appId,
774
+ data,
775
+ headers
776
+ }, config = {}) {
777
+ const { client: request = client, ...requestConfig } = config;
778
+ const mappedHeaders = headers ? { "Idempotency-Key": headers.idempotencyKey } : void 0;
779
+ const requestData = data;
780
+ const res = await request({
781
+ method: "POST",
782
+ url: getApiKeyControllerCreateApiKeyUrl({ appId }).url.toString(),
783
+ data: requestData,
784
+ ...requestConfig,
785
+ headers: { ...mappedHeaders, ...requestConfig.headers }
786
+ });
787
+ return res.data;
788
+ }
789
+
790
+ // src/_generated/clients/apiKeys/apiKeyControllerDeleteApiKey.ts
791
+ function getApiKeyControllerDeleteApiKeyUrl({
792
+ appId,
793
+ keyId
794
+ }) {
795
+ const app_id = appId;
796
+ const key_id = keyId;
797
+ const res = {
798
+ method: "DELETE",
799
+ url: `/v1/apps/${app_id}/api-keys/${key_id}`
800
+ };
801
+ return res;
802
+ }
803
+ async function apiKeyControllerDeleteApiKey({
804
+ appId,
805
+ keyId
806
+ }, config = {}) {
807
+ const { client: request = client, ...requestConfig } = config;
808
+ const res = await request({
809
+ method: "DELETE",
810
+ url: getApiKeyControllerDeleteApiKeyUrl({ appId, keyId }).url.toString(),
811
+ ...requestConfig
812
+ });
813
+ return res.data;
814
+ }
815
+
816
+ // src/_generated/clients/credentials/M2MControllerListClients.ts
817
+ function getM2MControllerListClientsUrl({
818
+ appId
819
+ }) {
820
+ const app_id = appId;
821
+ const res = { method: "GET", url: `/v1/apps/${app_id}/credentials` };
822
+ return res;
823
+ }
824
+ async function M2MControllerListClients({
825
+ appId,
826
+ params
827
+ }, config = {}) {
828
+ const { client: request = client, ...requestConfig } = config;
829
+ const res = await request({
830
+ method: "GET",
831
+ url: getM2MControllerListClientsUrl({ appId }).url.toString(),
832
+ params,
833
+ ...requestConfig
834
+ });
835
+ return res.data;
836
+ }
837
+
838
+ // src/_generated/clients/credentials/M2MControllerCreateClient.ts
839
+ function getM2MControllerCreateClientUrl({
840
+ appId
841
+ }) {
842
+ const app_id = appId;
843
+ const res = {
844
+ method: "POST",
845
+ url: `/v1/apps/${app_id}/credentials`
846
+ };
847
+ return res;
848
+ }
849
+ async function M2MControllerCreateClient({
850
+ appId,
851
+ data,
852
+ headers
853
+ }, config = {}) {
854
+ const { client: request = client, ...requestConfig } = config;
855
+ const mappedHeaders = headers ? { "Idempotency-Key": headers.idempotencyKey } : void 0;
856
+ const requestData = data;
857
+ const res = await request({
858
+ method: "POST",
859
+ url: getM2MControllerCreateClientUrl({ appId }).url.toString(),
860
+ data: requestData,
861
+ ...requestConfig,
862
+ headers: { ...mappedHeaders, ...requestConfig.headers }
863
+ });
864
+ return res.data;
865
+ }
866
+
867
+ // src/_generated/clients/credentials/M2MControllerGetClient.ts
868
+ function getM2MControllerGetClientUrl({
869
+ appId,
870
+ clientId
871
+ }) {
872
+ const app_id = appId;
873
+ const client_id = clientId;
874
+ const res = {
875
+ method: "GET",
876
+ url: `/v1/apps/${app_id}/credentials/${client_id}`
877
+ };
878
+ return res;
879
+ }
880
+ async function M2MControllerGetClient({
881
+ appId,
882
+ clientId
883
+ }, config = {}) {
884
+ const { client: request = client, ...requestConfig } = config;
885
+ const res = await request({
886
+ method: "GET",
887
+ url: getM2MControllerGetClientUrl({ appId, clientId }).url.toString(),
888
+ ...requestConfig
889
+ });
890
+ return res.data;
891
+ }
892
+
893
+ // src/_generated/clients/credentials/M2MControllerUpdateClient.ts
894
+ function getM2MControllerUpdateClientUrl({
895
+ appId,
896
+ clientId
897
+ }) {
898
+ const app_id = appId;
899
+ const client_id = clientId;
900
+ const res = {
901
+ method: "PATCH",
902
+ url: `/v1/apps/${app_id}/credentials/${client_id}`
903
+ };
904
+ return res;
905
+ }
906
+ async function M2MControllerUpdateClient({
907
+ appId,
908
+ clientId,
909
+ data
910
+ }, config = {}) {
911
+ const { client: request = client, ...requestConfig } = config;
912
+ const requestData = data;
913
+ const res = await request({
914
+ method: "PATCH",
915
+ url: getM2MControllerUpdateClientUrl({ appId, clientId }).url.toString(),
916
+ data: requestData,
917
+ ...requestConfig
918
+ });
919
+ return res.data;
920
+ }
921
+
922
+ // src/_generated/clients/credentials/M2MControllerDeleteClient.ts
923
+ function getM2MControllerDeleteClientUrl({
924
+ appId,
925
+ clientId
926
+ }) {
927
+ const app_id = appId;
928
+ const client_id = clientId;
929
+ const res = {
930
+ method: "DELETE",
931
+ url: `/v1/apps/${app_id}/credentials/${client_id}`
932
+ };
933
+ return res;
934
+ }
935
+ async function M2MControllerDeleteClient({
936
+ appId,
937
+ clientId
938
+ }, config = {}) {
939
+ const { client: request = client, ...requestConfig } = config;
940
+ const res = await request({
941
+ method: "DELETE",
942
+ url: getM2MControllerDeleteClientUrl({ appId, clientId }).url.toString(),
943
+ ...requestConfig
944
+ });
945
+ return res.data;
946
+ }
947
+
948
+ // src/_generated/clients/credentials/M2MControllerRotateSecret.ts
949
+ function getM2MControllerRotateSecretUrl({
950
+ appId,
951
+ clientId
952
+ }) {
953
+ const app_id = appId;
954
+ const client_id = clientId;
955
+ const res = {
956
+ method: "POST",
957
+ url: `/v1/apps/${app_id}/credentials/${client_id}/rotate`
958
+ };
959
+ return res;
960
+ }
961
+ async function M2MControllerRotateSecret({
962
+ appId,
963
+ clientId
964
+ }, config = {}) {
965
+ const { client: request = client, ...requestConfig } = config;
966
+ const res = await request({
967
+ method: "POST",
968
+ url: getM2MControllerRotateSecretUrl({ appId, clientId }).url.toString(),
969
+ ...requestConfig
970
+ });
971
+ return res.data;
972
+ }
973
+
974
+ // src/_generated/clients/credentials/M2MControllerSetScopes.ts
975
+ function getM2MControllerSetScopesUrl({
976
+ appId,
977
+ clientId
978
+ }) {
979
+ const app_id = appId;
980
+ const client_id = clientId;
981
+ const res = {
982
+ method: "PUT",
983
+ url: `/v1/apps/${app_id}/credentials/${client_id}/scopes`
984
+ };
985
+ return res;
986
+ }
987
+ async function M2MControllerSetScopes({
988
+ appId,
989
+ clientId,
990
+ data
991
+ }, config = {}) {
992
+ const { client: request = client, ...requestConfig } = config;
993
+ const requestData = data;
994
+ const res = await request({
995
+ method: "PUT",
996
+ url: getM2MControllerSetScopesUrl({ appId, clientId }).url.toString(),
997
+ data: requestData,
998
+ ...requestConfig
999
+ });
1000
+ return res.data;
1001
+ }
1002
+
1003
+ // src/_generated/clients/appAudit/appAuditControllerGetAuditLogs.ts
1004
+ function getAppAuditControllerGetAuditLogsUrl({
1005
+ appId
1006
+ }) {
1007
+ const app_id = appId;
1008
+ const res = { method: "GET", url: `/v1/apps/${app_id}/audit-logs` };
1009
+ return res;
1010
+ }
1011
+ async function appAuditControllerGetAuditLogs({
1012
+ appId,
1013
+ params
1014
+ }, config = {}) {
1015
+ const { client: request = client, ...requestConfig } = config;
1016
+ const mappedParams = params ? {
1017
+ limit: params.limit,
1018
+ cursor: params.cursor,
1019
+ action: params.action,
1020
+ actor_id: params.actorId
1021
+ } : void 0;
1022
+ const res = await request({
1023
+ method: "GET",
1024
+ url: getAppAuditControllerGetAuditLogsUrl({ appId }).url.toString(),
1025
+ params: mappedParams,
1026
+ ...requestConfig
1027
+ });
1028
+ return res.data;
1029
+ }
1030
+
1031
+ // src/scopes/app.ts
1032
+ var AppScope = class {
1033
+ /** The appId bound to this scope. */
1034
+ appId;
1035
+ client;
1036
+ constructor(appId, client2) {
1037
+ this.appId = appId;
1038
+ this.client = client2;
1039
+ }
1040
+ /**
1041
+ * Direct HTTP escape hatch used to call endpoints whose spec is buggy
1042
+ * — currently those whose path declares `{appId}` but whose
1043
+ * `parameters[]` omits it, so the kubb-generated code leaves the
1044
+ * URL template unfilled. Tracked upstream; remove once the spec is
1045
+ * fixed and the per-call wrappers can move back to kubb's output.
1046
+ */
1047
+ async callDirect(method, url, body) {
1048
+ const res = await this.client({ method, url, data: body });
1049
+ return res.data;
1050
+ }
1051
+ // ─────────────────────────────────────────────────────────────
1052
+ // App meta — operations on the app record itself
1053
+ // ─────────────────────────────────────────────────────────────
1054
+ get = () => appControllerGetApp({ appId: this.appId }, { client: this.client });
1055
+ update = (data) => appControllerUpdateApp({ appId: this.appId, data }, { client: this.client });
1056
+ delete = () => appControllerDeleteApp({ appId: this.appId }, { client: this.client });
1057
+ updateStatus = (data) => appControllerUpdateAppStatus(
1058
+ { appId: this.appId, data },
1059
+ { client: this.client }
1060
+ );
1061
+ // ─────────────────────────────────────────────────────────────
1062
+ // Auth config (workspace-side config for the app's auth surface)
1063
+ // ─────────────────────────────────────────────────────────────
1064
+ authConfig = {
1065
+ get: () => authConfigControllerGetConfig(
1066
+ { appId: this.appId },
1067
+ { client: this.client }
1068
+ ),
1069
+ update: (data) => authConfigControllerUpdateConfig(
1070
+ { appId: this.appId, data },
1071
+ { client: this.client }
1072
+ )
1073
+ };
1074
+ // ─────────────────────────────────────────────────────────────
1075
+ // Invites (workspace members)
1076
+ // ─────────────────────────────────────────────────────────────
1077
+ invites = {
1078
+ list: (params = {}) => appControllerListInvites(
1079
+ { appId: this.appId, params },
1080
+ { client: this.client }
1081
+ ),
1082
+ create: (data) => appControllerCreateInvite(
1083
+ { appId: this.appId, data },
1084
+ { client: this.client }
1085
+ ),
1086
+ revoke: (inviteId) => appControllerRevokeInvite(
1087
+ { appId: this.appId, inviteId },
1088
+ { client: this.client }
1089
+ )
1090
+ };
1091
+ // ─────────────────────────────────────────────────────────────
1092
+ // Members (workspace seats on this app)
1093
+ // ─────────────────────────────────────────────────────────────
1094
+ members = {
1095
+ list: (params = {}) => appControllerListMembers(
1096
+ { appId: this.appId, params },
1097
+ { client: this.client }
1098
+ ),
1099
+ remove: (accountId) => appControllerRemoveMember(
1100
+ { appId: this.appId, accountId },
1101
+ { client: this.client }
1102
+ )
1103
+ };
1104
+ // ─────────────────────────────────────────────────────────────
1105
+ // EndUsers (the app's authenticated users — Heimdall's bread + butter)
1106
+ // ─────────────────────────────────────────────────────────────
1107
+ endUsers = {
1108
+ list: (params = {}) => endUserControllerListEndUsers(
1109
+ { appId: this.appId, params },
1110
+ { client: this.client }
1111
+ ),
1112
+ get: (userId) => endUserControllerGetEndUser(
1113
+ { appId: this.appId, userId },
1114
+ { client: this.client }
1115
+ ),
1116
+ update: (userId, data) => endUserControllerUpdateEndUser(
1117
+ { appId: this.appId, userId, data },
1118
+ { client: this.client }
1119
+ ),
1120
+ delete: (userId) => endUserControllerDeleteEndUser(
1121
+ { appId: this.appId, userId },
1122
+ { client: this.client }
1123
+ ),
1124
+ updateRole: (userId, data) => endUserControllerUpdateRole(
1125
+ { appId: this.appId, userId, data },
1126
+ { client: this.client }
1127
+ ),
1128
+ updateStatus: (userId, data) => endUserControllerUpdateStatus(
1129
+ { appId: this.appId, userId, data },
1130
+ { client: this.client }
1131
+ ),
1132
+ /** Spec bug: appId missing in spec params (see callDirect). */
1133
+ revokeAllSessions: (userId) => this.callDirect(
1134
+ "POST",
1135
+ `/v1/apps/${this.appId}/end-users/${userId}/sessions/revoke-all`
1136
+ )
1137
+ };
1138
+ // ─────────────────────────────────────────────────────────────
1139
+ // Roles
1140
+ // ─────────────────────────────────────────────────────────────
1141
+ roles = {
1142
+ list: (params = {}) => roleControllerListRoles(
1143
+ { appId: this.appId, params },
1144
+ { client: this.client }
1145
+ ),
1146
+ /** Spec bug: appId missing in spec params (see callDirect). */
1147
+ get: (roleName) => this.callDirect("GET", `/v1/apps/${this.appId}/roles/${roleName}`),
1148
+ create: (data) => roleControllerCreateRole(
1149
+ { appId: this.appId, data },
1150
+ { client: this.client }
1151
+ ),
1152
+ /** Spec bug: appId missing in spec params (see callDirect). */
1153
+ update: (roleName, data) => this.callDirect(
1154
+ "PATCH",
1155
+ `/v1/apps/${this.appId}/roles/${roleName}`,
1156
+ data
1157
+ ),
1158
+ /** Spec bug: appId missing in spec params (see callDirect). */
1159
+ delete: (roleName) => this.callDirect("DELETE", `/v1/apps/${this.appId}/roles/${roleName}`),
1160
+ assign: (data) => roleControllerAssignRole(
1161
+ { appId: this.appId, data },
1162
+ { client: this.client }
1163
+ ),
1164
+ setPermissions: (roleName, data) => roleControllerSetPermissions(
1165
+ { appId: this.appId, roleName, data },
1166
+ { client: this.client }
1167
+ ),
1168
+ listPermissions: () => roleControllerListPermissions(
1169
+ { appId: this.appId },
1170
+ { client: this.client }
1171
+ )
1172
+ };
1173
+ // ─────────────────────────────────────────────────────────────
1174
+ // Permissions catalog
1175
+ // ─────────────────────────────────────────────────────────────
1176
+ permissions = {
1177
+ list: () => permissionControllerListPermissions(
1178
+ { appId: this.appId },
1179
+ { client: this.client }
1180
+ ),
1181
+ create: (data) => permissionControllerCreatePermission(
1182
+ { appId: this.appId, data },
1183
+ { client: this.client }
1184
+ ),
1185
+ delete: (permissionKey) => permissionControllerDeletePermission(
1186
+ { appId: this.appId, permissionKey },
1187
+ { client: this.client }
1188
+ )
1189
+ };
1190
+ // ─────────────────────────────────────────────────────────────
1191
+ // API keys (server-to-server platform keys for this app)
1192
+ // ─────────────────────────────────────────────────────────────
1193
+ apiKeys = {
1194
+ list: () => apiKeyControllerListApiKeys(
1195
+ { appId: this.appId },
1196
+ { client: this.client }
1197
+ ),
1198
+ create: (data) => apiKeyControllerCreateApiKey(
1199
+ { appId: this.appId, data },
1200
+ { client: this.client }
1201
+ ),
1202
+ delete: (keyId) => apiKeyControllerDeleteApiKey(
1203
+ { appId: this.appId, keyId },
1204
+ { client: this.client }
1205
+ )
1206
+ };
1207
+ // ─────────────────────────────────────────────────────────────
1208
+ // M2M credentials (client_id + client_secret for service-to-service)
1209
+ // ─────────────────────────────────────────────────────────────
1210
+ credentials = {
1211
+ list: (params = {}) => M2MControllerListClients(
1212
+ { appId: this.appId, params },
1213
+ { client: this.client }
1214
+ ),
1215
+ create: (data) => M2MControllerCreateClient(
1216
+ { appId: this.appId, data },
1217
+ { client: this.client }
1218
+ ),
1219
+ get: (clientId) => M2MControllerGetClient(
1220
+ { appId: this.appId, clientId },
1221
+ { client: this.client }
1222
+ ),
1223
+ update: (clientId, data) => M2MControllerUpdateClient(
1224
+ { appId: this.appId, clientId, data },
1225
+ { client: this.client }
1226
+ ),
1227
+ delete: (clientId) => M2MControllerDeleteClient(
1228
+ { appId: this.appId, clientId },
1229
+ { client: this.client }
1230
+ ),
1231
+ rotateSecret: (clientId) => M2MControllerRotateSecret(
1232
+ { appId: this.appId, clientId },
1233
+ { client: this.client }
1234
+ ),
1235
+ setScopes: (clientId, data) => M2MControllerSetScopes(
1236
+ { appId: this.appId, clientId, data },
1237
+ { client: this.client }
1238
+ )
1239
+ };
1240
+ // ─────────────────────────────────────────────────────────────
1241
+ // Audit logs
1242
+ // ─────────────────────────────────────────────────────────────
1243
+ auditLogs = {
1244
+ list: (params = {}) => appAuditControllerGetAuditLogs(
1245
+ { appId: this.appId, params },
1246
+ { client: this.client }
1247
+ )
1248
+ };
1249
+ };
1250
+
1251
+ // src/_generated/clients/consumerAuth/consumerAuthControllerSignin.ts
1252
+ function getConsumerAuthControllerSigninUrl({
1253
+ appSlug
1254
+ }) {
1255
+ const app_slug = appSlug;
1256
+ const res = { method: "POST", url: `/${app_slug}/v1/auth/signin` };
1257
+ return res;
1258
+ }
1259
+ async function consumerAuthControllerSignin({
1260
+ appSlug,
1261
+ data
1262
+ }, config = {}) {
1263
+ const { client: request = client, ...requestConfig } = config;
1264
+ const requestData = data;
1265
+ const res = await request({
1266
+ method: "POST",
1267
+ url: getConsumerAuthControllerSigninUrl({ appSlug }).url.toString(),
1268
+ data: requestData,
1269
+ ...requestConfig
1270
+ });
1271
+ return res.data;
1272
+ }
1273
+
1274
+ // src/_generated/clients/consumerAuth/consumerAuthControllerRefresh.ts
1275
+ function getConsumerAuthControllerRefreshUrl({
1276
+ appSlug
1277
+ }) {
1278
+ const app_slug = appSlug;
1279
+ const res = { method: "POST", url: `/${app_slug}/v1/auth/refresh` };
1280
+ return res;
1281
+ }
1282
+ async function consumerAuthControllerRefresh({
1283
+ appSlug,
1284
+ data
1285
+ }, config = {}) {
1286
+ const { client: request = client, ...requestConfig } = config;
1287
+ const requestData = data;
1288
+ const res = await request({
1289
+ method: "POST",
1290
+ url: getConsumerAuthControllerRefreshUrl({ appSlug }).url.toString(),
1291
+ data: requestData,
1292
+ ...requestConfig
1293
+ });
1294
+ return res.data;
1295
+ }
1296
+
1297
+ // src/_generated/clients/consumerAuth/consumerAuthControllerLogout.ts
1298
+ function getConsumerAuthControllerLogoutUrl({
1299
+ appSlug
1300
+ }) {
1301
+ const app_slug = appSlug;
1302
+ const res = { method: "POST", url: `/${app_slug}/v1/auth/logout` };
1303
+ return res;
1304
+ }
1305
+ async function consumerAuthControllerLogout({
1306
+ appSlug,
1307
+ data
1308
+ }, config = {}) {
1309
+ const { client: request = client, ...requestConfig } = config;
1310
+ const requestData = data;
1311
+ const res = await request({
1312
+ method: "POST",
1313
+ url: getConsumerAuthControllerLogoutUrl({ appSlug }).url.toString(),
1314
+ data: requestData,
1315
+ ...requestConfig
1316
+ });
1317
+ return res.data;
1318
+ }
1319
+
1320
+ // src/_generated/clients/consumerAuth/consumerAuthControllerRequestPasswordReset.ts
1321
+ function getConsumerAuthControllerRequestPasswordResetUrl({
1322
+ appSlug
1323
+ }) {
1324
+ const app_slug = appSlug;
1325
+ const res = {
1326
+ method: "POST",
1327
+ url: `/${app_slug}/v1/auth/request-password-reset`
1328
+ };
1329
+ return res;
1330
+ }
1331
+ async function consumerAuthControllerRequestPasswordReset({
1332
+ appSlug,
1333
+ data,
1334
+ headers
1335
+ }, config = {}) {
1336
+ const { client: request = client, ...requestConfig } = config;
1337
+ const requestData = data;
1338
+ const res = await request({
1339
+ method: "POST",
1340
+ url: getConsumerAuthControllerRequestPasswordResetUrl({
1341
+ appSlug
1342
+ }).url.toString(),
1343
+ data: requestData,
1344
+ ...requestConfig,
1345
+ headers: { ...headers, ...requestConfig.headers }
1346
+ });
1347
+ return res.data;
1348
+ }
1349
+
1350
+ // src/_generated/clients/consumerAuth/consumerAuthControllerResetPassword.ts
1351
+ function getConsumerAuthControllerResetPasswordUrl({
1352
+ appSlug
1353
+ }) {
1354
+ const app_slug = appSlug;
1355
+ const res = {
1356
+ method: "POST",
1357
+ url: `/${app_slug}/v1/auth/reset-password`
1358
+ };
1359
+ return res;
1360
+ }
1361
+ async function consumerAuthControllerResetPassword({
1362
+ appSlug,
1363
+ data
1364
+ }, config = {}) {
1365
+ const { client: request = client, ...requestConfig } = config;
1366
+ const requestData = data;
1367
+ const res = await request({
1368
+ method: "POST",
1369
+ url: getConsumerAuthControllerResetPasswordUrl({ appSlug }).url.toString(),
1370
+ data: requestData,
1371
+ ...requestConfig
1372
+ });
1373
+ return res.data;
1374
+ }
1375
+
1376
+ // src/_generated/clients/consumerOauthSignIn/consumerIdpControllerNativeSignIn.ts
1377
+ function getConsumerIdpControllerNativeSignInUrl({
1378
+ appSlug,
1379
+ provider
1380
+ }) {
1381
+ const app_slug = appSlug;
1382
+ const res = {
1383
+ method: "POST",
1384
+ url: `/${app_slug}/v1/auth/oauth/${provider}`
1385
+ };
1386
+ return res;
1387
+ }
1388
+ async function consumerIdpControllerNativeSignIn({
1389
+ appSlug,
1390
+ provider,
1391
+ data
1392
+ }, config = {}) {
1393
+ const { client: request = client, ...requestConfig } = config;
1394
+ const requestData = data;
1395
+ const res = await request({
1396
+ method: "POST",
1397
+ url: getConsumerIdpControllerNativeSignInUrl({
1398
+ appSlug,
1399
+ provider
1400
+ }).url.toString(),
1401
+ data: requestData,
1402
+ ...requestConfig
1403
+ });
1404
+ return res.data;
1405
+ }
1406
+
1407
+ // src/_generated/clients/consumerVerify/consumerVerifyControllerVerify.ts
1408
+ function getConsumerVerifyControllerVerifyUrl({
1409
+ appSlug
1410
+ }) {
1411
+ const app_slug = appSlug;
1412
+ const res = { method: "POST", url: `/${app_slug}/v1/verify` };
1413
+ return res;
1414
+ }
1415
+ async function consumerVerifyControllerVerify({
1416
+ appSlug,
1417
+ data,
1418
+ headers
1419
+ }, config = {}) {
1420
+ const { client: request = client, ...requestConfig } = config;
1421
+ const requestData = data;
1422
+ const res = await request({
1423
+ method: "POST",
1424
+ url: getConsumerVerifyControllerVerifyUrl({ appSlug }).url.toString(),
1425
+ data: requestData,
1426
+ ...requestConfig,
1427
+ headers: { ...headers, ...requestConfig.headers }
1428
+ });
1429
+ return res.data;
1430
+ }
1431
+
1432
+ // src/_generated/clients/consumerVerify/consumerVerifyControllerAuthorize.ts
1433
+ function getConsumerVerifyControllerAuthorizeUrl({
1434
+ appSlug
1435
+ }) {
1436
+ const app_slug = appSlug;
1437
+ const res = { method: "POST", url: `/${app_slug}/v1/authorize` };
1438
+ return res;
1439
+ }
1440
+ async function consumerVerifyControllerAuthorize({
1441
+ appSlug,
1442
+ data,
1443
+ headers
1444
+ }, config = {}) {
1445
+ const { client: request = client, ...requestConfig } = config;
1446
+ const requestData = data;
1447
+ const res = await request({
1448
+ method: "POST",
1449
+ url: getConsumerVerifyControllerAuthorizeUrl({ appSlug }).url.toString(),
1450
+ data: requestData,
1451
+ ...requestConfig,
1452
+ headers: { ...headers, ...requestConfig.headers }
1453
+ });
1454
+ return res.data;
1455
+ }
1456
+
1457
+ // src/_generated/clients/consumerVerify/consumerVerifyControllerAuthorizeBatch.ts
1458
+ function getConsumerVerifyControllerAuthorizeBatchUrl({
1459
+ appSlug
1460
+ }) {
1461
+ const app_slug = appSlug;
1462
+ const res = {
1463
+ method: "POST",
1464
+ url: `/${app_slug}/v1/authorize/batch`
1465
+ };
1466
+ return res;
1467
+ }
1468
+ async function consumerVerifyControllerAuthorizeBatch({
1469
+ appSlug,
1470
+ data,
1471
+ headers
1472
+ }, config = {}) {
1473
+ const { client: request = client, ...requestConfig } = config;
1474
+ const requestData = data;
1475
+ const res = await request({
1476
+ method: "POST",
1477
+ url: getConsumerVerifyControllerAuthorizeBatchUrl({
1478
+ appSlug
1479
+ }).url.toString(),
1480
+ data: requestData,
1481
+ ...requestConfig,
1482
+ headers: { ...headers, ...requestConfig.headers }
1483
+ });
1484
+ return res.data;
1485
+ }
1486
+
1487
+ // src/_generated/clients/consumerOauthM2m/consumerOAuthControllerClientCredentials.ts
1488
+ function getConsumerOAuthControllerClientCredentialsUrl({
1489
+ appSlug
1490
+ }) {
1491
+ const app_slug = appSlug;
1492
+ const res = { method: "POST", url: `/${app_slug}/v1/oauth/token` };
1493
+ return res;
1494
+ }
1495
+ async function consumerOAuthControllerClientCredentials({
1496
+ appSlug,
1497
+ data
1498
+ }, config = {}) {
1499
+ const { client: request = client, ...requestConfig } = config;
1500
+ const requestData = data;
1501
+ const res = await request({
1502
+ method: "POST",
1503
+ url: getConsumerOAuthControllerClientCredentialsUrl({
1504
+ appSlug
1505
+ }).url.toString(),
1506
+ data: requestData,
1507
+ ...requestConfig
1508
+ });
1509
+ return res.data;
1510
+ }
1511
+
1512
+ // src/jwt/errors.ts
1513
+ var JwtVerifyError = class extends Error {
1514
+ code;
1515
+ constructor(code, message, options) {
1516
+ super(message, options);
1517
+ this.name = "JwtVerifyError";
1518
+ this.code = code;
1519
+ }
1520
+ };
1521
+ var JwtInvalidError = class extends JwtVerifyError {
1522
+ constructor(message, options) {
1523
+ super("ERR_JWT_INVALID", message, options);
1524
+ this.name = "JwtInvalidError";
1525
+ }
1526
+ };
1527
+ var JwtExpiredError = class extends JwtVerifyError {
1528
+ expiredAt;
1529
+ constructor(message, expiredAt, options) {
1530
+ super("ERR_JWT_EXPIRED", message, options);
1531
+ this.name = "JwtExpiredError";
1532
+ this.expiredAt = expiredAt;
1533
+ }
1534
+ };
1535
+ var JwtNotYetValidError = class extends JwtVerifyError {
1536
+ constructor(message, options) {
1537
+ super("ERR_JWT_NOT_YET_VALID", message, options);
1538
+ this.name = "JwtNotYetValidError";
1539
+ }
1540
+ };
1541
+ var JwtIssuerMismatchError = class extends JwtVerifyError {
1542
+ constructor(message, options) {
1543
+ super("ERR_JWT_ISS_MISMATCH", message, options);
1544
+ this.name = "JwtIssuerMismatchError";
1545
+ }
1546
+ };
1547
+ var JwtAudienceMismatchError = class extends JwtVerifyError {
1548
+ constructor(message, options) {
1549
+ super("ERR_JWT_AUD_MISMATCH", message, options);
1550
+ this.name = "JwtAudienceMismatchError";
1551
+ }
1552
+ };
1553
+ var JwksKeyNotFoundError = class extends JwtVerifyError {
1554
+ kid;
1555
+ constructor(kid, options) {
1556
+ super(
1557
+ "ERR_JWKS_KID_NOT_FOUND",
1558
+ `JWKS has no key matching kid=${kid ?? "(missing)"}`,
1559
+ options
1560
+ );
1561
+ this.name = "JwksKeyNotFoundError";
1562
+ this.kid = kid;
1563
+ }
1564
+ };
1565
+ var JwksFetchError = class extends JwtVerifyError {
1566
+ constructor(message, options) {
1567
+ super("ERR_JWKS_FETCH", message, options);
1568
+ this.name = "JwksFetchError";
1569
+ }
1570
+ };
1571
+
1572
+ // src/jwt/jwks-cache.ts
1573
+ var JwksCache = class {
1574
+ url;
1575
+ _jose;
1576
+ constructor(options) {
1577
+ this.url = options.url;
1578
+ const joseOpts = {
1579
+ cacheMaxAge: options.ttlMs ?? 10 * 60 * 1e3,
1580
+ cooldownDuration: options.cooldownMs ?? 3e4,
1581
+ timeoutDuration: options.timeoutMs ?? 5e3
1582
+ };
1583
+ if (options.fetch) {
1584
+ joseOpts[customFetch] = options.fetch;
1585
+ }
1586
+ this._jose = createRemoteJWKSet(
1587
+ options.url,
1588
+ joseOpts
1589
+ );
1590
+ }
1591
+ /**
1592
+ * Resolve a signing key for a given JWT header.
1593
+ * Bound as an arrow-function field so it can be passed around
1594
+ * (`jose.jwtVerify(token, cache.getKey, ...)`, passport-jwt, etc.)
1595
+ * without losing `this`.
1596
+ */
1597
+ getKey = async (header, input) => {
1598
+ try {
1599
+ return await this._jose(header, input);
1600
+ } catch (err) {
1601
+ if (err instanceof errors.JWKSNoMatchingKey) {
1602
+ throw new JwksKeyNotFoundError(header?.kid, { cause: err });
1603
+ }
1604
+ if (err instanceof errors.JWKSTimeout || err instanceof errors.JWKSInvalid || err instanceof errors.JOSEError) {
1605
+ throw new JwksFetchError(
1606
+ `Failed to load JWKS from ${this.url.href}: ${err.message}`,
1607
+ { cause: err }
1608
+ );
1609
+ }
1610
+ throw err;
1611
+ }
1612
+ };
1613
+ /**
1614
+ * Force a refetch on the next verify. Useful in tests and for
1615
+ * external rotation drills — the normal flow self-heals because
1616
+ * jose auto-refetches on kid miss.
1617
+ */
1618
+ refresh() {
1619
+ }
1620
+ };
1621
+ async function verifyHeimdallToken(token, getKey, opts = {}) {
1622
+ try {
1623
+ const { payload } = await jwtVerify(token, getKey, {
1624
+ algorithms: opts.algorithms ?? ["ES256", "RS256", "EdDSA"],
1625
+ issuer: opts.issuer,
1626
+ audience: opts.audience,
1627
+ clockTolerance: opts.clockTolerance ?? 5,
1628
+ requiredClaims: opts.requiredClaims,
1629
+ currentDate: opts.currentDate,
1630
+ maxTokenAge: opts.maxTokenAge
1631
+ });
1632
+ return payload;
1633
+ } catch (err) {
1634
+ throw translateJoseError(err);
1635
+ }
1636
+ }
1637
+ function translateJoseError(err) {
1638
+ if (err instanceof JwksKeyNotFoundError || err instanceof JwksFetchError || err instanceof JwtVerifyError) {
1639
+ return err;
1640
+ }
1641
+ const code = err?.code ?? "";
1642
+ const message = err?.message ?? "JWT verification failed";
1643
+ switch (code) {
1644
+ case "ERR_JWT_EXPIRED":
1645
+ return new JwtExpiredError(message, void 0, { cause: err });
1646
+ case "ERR_JWT_CLAIM_VALIDATION_FAILED": {
1647
+ const claim = err?.claim;
1648
+ if (claim === "iss") return new JwtIssuerMismatchError(message, { cause: err });
1649
+ if (claim === "aud") return new JwtAudienceMismatchError(message, { cause: err });
1650
+ if (claim === "nbf") return new JwtNotYetValidError(message, { cause: err });
1651
+ return new JwtInvalidError(message, { cause: err });
1652
+ }
1653
+ case "ERR_JWS_SIGNATURE_VERIFICATION_FAILED":
1654
+ case "ERR_JWS_INVALID":
1655
+ case "ERR_JWT_INVALID":
1656
+ return new JwtInvalidError(message, { cause: err });
1657
+ default:
1658
+ return new JwtInvalidError(message, { cause: err });
1659
+ }
1660
+ }
1661
+
1662
+ // src/scopes/consumer.ts
1663
+ var HEIMDALL_LEGACY_ISSUER = "heimdall";
1664
+ var ConsumerScope = class {
1665
+ /** The appSlug bound to this scope. */
1666
+ appSlug;
1667
+ /**
1668
+ * Issuer the Heimdall Consumer API stamps on every token for this
1669
+ * app — the public Heimdall API base joined with the app slug
1670
+ * (e.g. `https://api.heimdall.productcraft.co/acme`). Pin it in
1671
+ * your local verifier so a token minted for another app on the
1672
+ * platform cannot pass.
1673
+ *
1674
+ * `scope.verifyToken` already enforces this for you. Pass it as a
1675
+ * second-position issuer if you're wiring `jose.jwtVerify`,
1676
+ * `passport-jwt`, or PyJWT yourself.
1677
+ */
1678
+ expectedIssuer;
1679
+ /**
1680
+ * Audience the Consumer API stamps on every token for this app —
1681
+ * literally the app slug (e.g. `"acme"`). Pin it in your verifier
1682
+ * the same way as `expectedIssuer`. `scope.verifyToken` enforces
1683
+ * it by default.
1684
+ */
1685
+ expectedAudience;
1686
+ /**
1687
+ * Both accepted issuer strings (`expectedIssuer` + the legacy
1688
+ * `'heimdall'` literal). `verifyToken` passes this to jose so tokens
1689
+ * minted before the 2026-05-24 per-app-issuer migration keep
1690
+ * verifying alongside fresh ones — useful for the ~1-hour transition
1691
+ * window per access-token TTL, and the longer session TTL on
1692
+ * refresh tokens.
1693
+ */
1694
+ acceptedIssuers;
1695
+ /** jose-compatible JWKS resolver. Drop into `jose.jwtVerify`, passport-jwt, etc. */
1696
+ jwks;
1697
+ client;
1698
+ constructor(appSlug, internals, opts = {}) {
1699
+ this.appSlug = appSlug;
1700
+ this.client = internals.client;
1701
+ const apiOrigin = new URL(internals.baseUrl);
1702
+ apiOrigin.pathname = `/${appSlug}`;
1703
+ this.expectedIssuer = apiOrigin.toString().replace(/\/$/, "");
1704
+ this.expectedAudience = appSlug;
1705
+ this.acceptedIssuers = [this.expectedIssuer, HEIMDALL_LEGACY_ISSUER];
1706
+ this.jwks = new JwksCache({
1707
+ url: new URL(`/${appSlug}/v1/.well-known/jwks.json`, internals.baseUrl),
1708
+ ttlMs: opts.jwksTtlMs,
1709
+ fetch: internals.fetch
1710
+ });
1711
+ }
1712
+ /**
1713
+ * Direct HTTP escape hatch for endpoints whose spec is buggy
1714
+ * (path declares `{appSlug}` but parameters[] omits it). Tracked
1715
+ * upstream; remove once the spec is fixed.
1716
+ */
1717
+ async callDirect(method, url, body, params) {
1718
+ const res = await this.client({ method, url, data: body, params });
1719
+ return res.data;
1720
+ }
1721
+ /**
1722
+ * Verify a Heimdall-issued JWT against this app's JWKS.
1723
+ *
1724
+ * Checks the signature, expiry, `iss`, and `aud`. Accepts both the
1725
+ * per-app issuer URL (`expectedIssuer`) and the legacy `'heimdall'`
1726
+ * literal during the issuer-migration transition window — callers
1727
+ * who want to refuse legacy tokens can override with
1728
+ * `{ issuer: scope.expectedIssuer }`. Audience defaults to the app
1729
+ * slug (`expectedAudience`); pass `{ audience: false }` (in an
1730
+ * options override) to skip the audience check entirely.
1731
+ */
1732
+ verifyToken(token, opts = {}) {
1733
+ return verifyHeimdallToken(token, this.jwks.getKey, {
1734
+ issuer: this.acceptedIssuers,
1735
+ audience: this.expectedAudience,
1736
+ ...opts
1737
+ });
1738
+ }
1739
+ // ─────────────────────────────────────────────────────────────
1740
+ // Auth — sign-in/up flows, refresh, password reset
1741
+ // ─────────────────────────────────────────────────────────────
1742
+ auth = {
1743
+ signin: (data) => consumerAuthControllerSignin(
1744
+ { appSlug: this.appSlug, data },
1745
+ { client: this.client }
1746
+ ),
1747
+ /**
1748
+ * Signup may require a Platform API Key when the app has
1749
+ * `signup_requires_pak: true`. Configure that on the Heimdall
1750
+ * instance (`new Heimdall({ auth: { type: "apiKey", key: "..." } })`)
1751
+ * — our HTTP client attaches the Authorization header automatically.
1752
+ */
1753
+ signup: (data) => this.callDirect(
1754
+ "POST",
1755
+ `/${this.appSlug}/v1/auth/signup`,
1756
+ data
1757
+ ),
1758
+ refresh: (data) => consumerAuthControllerRefresh(
1759
+ { appSlug: this.appSlug, data },
1760
+ { client: this.client }
1761
+ ),
1762
+ logout: (data) => consumerAuthControllerLogout(
1763
+ { appSlug: this.appSlug, data },
1764
+ { client: this.client }
1765
+ ),
1766
+ /**
1767
+ * PAK-required: caller must instantiate `Heimdall` with
1768
+ * `auth: { type: "apiKey", key: "pcft_live_..." }`. The
1769
+ * kubb-generated `headers.authorization` slot is a stub — the
1770
+ * HTTP client's auth middleware overrides whatever's passed.
1771
+ */
1772
+ requestReset: (data) => consumerAuthControllerRequestPasswordReset(
1773
+ { appSlug: this.appSlug, data, headers: { authorization: "" } },
1774
+ { client: this.client }
1775
+ ),
1776
+ resetPassword: (data) => consumerAuthControllerResetPassword(
1777
+ { appSlug: this.appSlug, data },
1778
+ { client: this.client }
1779
+ ),
1780
+ /**
1781
+ * Sign in / sign up with a provider ID token (native flow).
1782
+ *
1783
+ * Submit the identity token Apple (or Google, once enabled) issued
1784
+ * to a native client (iOS `ASAuthorizationController`, Google
1785
+ * Sign-In for iOS / Android). Heimdall verifies the signature
1786
+ * against the provider's JWKS, pins the issuer, checks the
1787
+ * audience against the app's configured native client ids,
1788
+ * recomputes `sha256(nonce)` and compares to the token's `nonce`
1789
+ * claim, then resolves or creates the EndUser. Same response
1790
+ * shape as `auth.signin`.
1791
+ *
1792
+ * Account linking: when an EndUser already exists with a verified
1793
+ * primary email matching the token's `email` claim, the app's
1794
+ * `oauth_link_policy` decides the outcome:
1795
+ * - `auto` (default): silently link the identity to the existing
1796
+ * account (provider claims `email_verified: true` AND the email
1797
+ * is not an Apple private relay).
1798
+ * - `confirm`: refuse with 409 `link_required`. UI should sign
1799
+ * the user in via their original method to bind.
1800
+ * - `reject`: refuse with 409 `account_exists_with_different_provider`.
1801
+ *
1802
+ * Apple's private-relay emails (`*@privaterelay.appleid.com`) are
1803
+ * persisted as-is on the EndUser's primary email contact and
1804
+ * never participate in auto-link.
1805
+ *
1806
+ * Apple sends the user's display name only on the FIRST sign-in.
1807
+ * Pass it through `user.name` on that call — Heimdall persists it
1808
+ * to the EndUser row. Subsequent sign-ins should omit `user`.
1809
+ */
1810
+ signinWithProvider: (args) => consumerIdpControllerNativeSignIn(
1811
+ {
1812
+ appSlug: this.appSlug,
1813
+ provider: args.provider,
1814
+ data: { id_token: args.id_token, nonce: args.nonce, user: args.user }
1815
+ },
1816
+ { client: this.client }
1817
+ )
1818
+ };
1819
+ // ─────────────────────────────────────────────────────────────
1820
+ // Me — the currently-signed-in EndUser's own resources
1821
+ // All six endpoints currently use callDirect to work around spec
1822
+ // bugs in heimdall.json (appSlug missing from parameters[]).
1823
+ // ─────────────────────────────────────────────────────────────
1824
+ me = {
1825
+ getProfile: () => this.callDirect("GET", `/${this.appSlug}/v1/me`),
1826
+ updateProfile: (data) => this.callDirect("PATCH", `/${this.appSlug}/v1/me`, data),
1827
+ listSessions: (params = {}) => this.callDirect(
1828
+ "GET",
1829
+ `/${this.appSlug}/v1/me/sessions`,
1830
+ void 0,
1831
+ params
1832
+ ),
1833
+ revokeSession: (id) => this.callDirect("DELETE", `/${this.appSlug}/v1/me/sessions/${id}`),
1834
+ getActivity: (params = {}) => this.callDirect(
1835
+ "GET",
1836
+ `/${this.appSlug}/v1/me/activity`,
1837
+ void 0,
1838
+ params
1839
+ ),
1840
+ deleteAccount: () => this.callDirect("DELETE", `/${this.appSlug}/v1/me`)
1841
+ };
1842
+ // ─────────────────────────────────────────────────────────────
1843
+ // Verify — server-to-server token verification + authorization
1844
+ // (typically called by the customer's backend, not the user agent)
1845
+ // ─────────────────────────────────────────────────────────────
1846
+ verify = {
1847
+ /**
1848
+ * The kubb-generated client makes `headers.authorization` a required
1849
+ * arg because the server controllers accept the bearer as a fallback
1850
+ * to `body.token`. We stub an empty string here — the HTTP client's
1851
+ * auth middleware overrides whatever's passed with the configured
1852
+ * credential (`PCAuth.apiKey` / `bearer` / `cookie`).
1853
+ */
1854
+ verify: (data) => consumerVerifyControllerVerify(
1855
+ { appSlug: this.appSlug, data, headers: { authorization: "" } },
1856
+ { client: this.client }
1857
+ ),
1858
+ authorize: (data) => consumerVerifyControllerAuthorize(
1859
+ { appSlug: this.appSlug, data, headers: { authorization: "" } },
1860
+ { client: this.client }
1861
+ ),
1862
+ authorizeBatch: (data) => consumerVerifyControllerAuthorizeBatch(
1863
+ { appSlug: this.appSlug, data, headers: { authorization: "" } },
1864
+ { client: this.client }
1865
+ )
1866
+ };
1867
+ // ─────────────────────────────────────────────────────────────
1868
+ // OAuth M2M — client_credentials grant for service-to-service tokens
1869
+ // ─────────────────────────────────────────────────────────────
1870
+ oauth = {
1871
+ clientCredentials: (data) => consumerOAuthControllerClientCredentials(
1872
+ { appSlug: this.appSlug, data },
1873
+ { client: this.client }
1874
+ )
1875
+ };
1876
+ };
1877
+
1878
+ // src/_generated/clients/apps/appControllerListMyApps.ts
1879
+ function getAppControllerListMyAppsUrl() {
1880
+ const res = { method: "GET", url: `/v1/apps` };
1881
+ return res;
1882
+ }
1883
+ async function appControllerListMyApps({ params } = {}, config = {}) {
1884
+ const { client: request = client, ...requestConfig } = config;
1885
+ const mappedParams = params ? {
1886
+ limit: params.limit,
1887
+ cursor: params.cursor,
1888
+ workspace_id: params.workspaceId
1889
+ } : void 0;
1890
+ const res = await request({
1891
+ method: "GET",
1892
+ url: getAppControllerListMyAppsUrl().url.toString(),
1893
+ params: mappedParams,
1894
+ ...requestConfig
1895
+ });
1896
+ return res.data;
1897
+ }
1898
+
1899
+ // src/_generated/clients/apps/appControllerCreateApp.ts
1900
+ function getAppControllerCreateAppUrl() {
1901
+ const res = { method: "POST", url: `/v1/apps` };
1902
+ return res;
1903
+ }
1904
+ async function appControllerCreateApp({
1905
+ data,
1906
+ headers
1907
+ }, config = {}) {
1908
+ const { client: request = client, ...requestConfig } = config;
1909
+ const mappedHeaders = headers ? { "Idempotency-Key": headers.idempotencyKey } : void 0;
1910
+ const requestData = data;
1911
+ const res = await request({
1912
+ method: "POST",
1913
+ url: getAppControllerCreateAppUrl().url.toString(),
1914
+ data: requestData,
1915
+ ...requestConfig,
1916
+ headers: { ...mappedHeaders, ...requestConfig.headers }
1917
+ });
1918
+ return res.data;
1919
+ }
1920
+
1921
+ // src/_generated/clients/apps/appControllerAcceptInvite.ts
1922
+ function getAppControllerAcceptInviteUrl() {
1923
+ const res = { method: "POST", url: `/v1/apps/invites/accept` };
1924
+ return res;
1925
+ }
1926
+ async function appControllerAcceptInvite({ data }, config = {}) {
1927
+ const { client: request = client, ...requestConfig } = config;
1928
+ const requestData = data;
1929
+ const res = await request({
1930
+ method: "POST",
1931
+ url: getAppControllerAcceptInviteUrl().url.toString(),
1932
+ data: requestData,
1933
+ ...requestConfig
1934
+ });
1935
+ return res.data;
1936
+ }
1937
+
1938
+ // src/_generated/clients/platformStats/statsControllerGetMyStats.ts
1939
+ function getStatsControllerGetMyStatsUrl() {
1940
+ const res = { method: "GET", url: `/v1/stats/me` };
1941
+ return res;
1942
+ }
1943
+ async function statsControllerGetMyStats({ params } = {}, config = {}) {
1944
+ const { client: request = client, ...requestConfig } = config;
1945
+ const mappedParams = params ? { workspace_id: params.workspaceId } : void 0;
1946
+ const res = await request({
1947
+ method: "GET",
1948
+ url: getStatsControllerGetMyStatsUrl().url.toString(),
1949
+ params: mappedParams,
1950
+ ...requestConfig
1951
+ });
1952
+ return res.data;
1953
+ }
2
1954
 
3
1955
  // src/index.ts
4
1956
  var Heimdall = class {
5
- /** The underlying typed client. v0 surface — every endpoint reachable. */
6
1957
  client;
1958
+ baseUrl;
1959
+ fetch;
1960
+ jwtConfig;
7
1961
  constructor(config = {}) {
8
- this.client = makeClient(PC_BASE_URL.heimdall, config);
1962
+ this.baseUrl = config.baseUrl ?? PC_BASE_URL.heimdall;
1963
+ this.fetch = config.fetch;
1964
+ this.client = makeHeimdallHttpClient({
1965
+ baseUrl: this.baseUrl,
1966
+ auth: config.auth,
1967
+ fetch: this.fetch
1968
+ });
1969
+ this.jwtConfig = {
1970
+ jwksTtlMs: config.jwksTtlMs
1971
+ };
1972
+ }
1973
+ /**
1974
+ * Returns an `AppScope` bound to the given appId. All operations under
1975
+ * `/v1/apps/{appId}/...` are exposed as resource namespaces on the
1976
+ * returned object.
1977
+ */
1978
+ app(appId) {
1979
+ return new AppScope(appId, this.client);
1980
+ }
1981
+ /**
1982
+ * Returns a `ConsumerScope` bound to the given appSlug. Exposes the
1983
+ * `/{appSlug}/v1/...` surface (sign-in, sign-up, me, verify, oauth)
1984
+ * and the JWT-verify helper for tokens issued by this app.
1985
+ */
1986
+ consumer(appSlug) {
1987
+ return new ConsumerScope(
1988
+ appSlug,
1989
+ { client: this.client, baseUrl: this.baseUrl, fetch: this.fetch },
1990
+ this.jwtConfig
1991
+ );
9
1992
  }
1993
+ // ─────────────────────────────────────────────────────────────
1994
+ // Workspace-wide apps surface
1995
+ // (other admin operations are under `app(appId).*` once an app exists)
1996
+ // ─────────────────────────────────────────────────────────────
1997
+ apps = {
1998
+ /** List apps the caller's workspace can see. */
1999
+ list: (params = {}) => appControllerListMyApps(
2000
+ { params },
2001
+ { client: this.client }
2002
+ ),
2003
+ /** Create a new app under the caller's workspace. */
2004
+ create: (data) => appControllerCreateApp({ data }, { client: this.client }),
2005
+ /** Accept a workspace invite to join an existing app. */
2006
+ acceptInvite: (data) => appControllerAcceptInvite({ data }, { client: this.client })
2007
+ };
2008
+ // ─────────────────────────────────────────────────────────────
2009
+ // Platform stats
2010
+ //
2011
+ // Workspace-level IdP admin (`/v1/idp/*`) was removed from the API
2012
+ // when consumer-side OAuth moved to per-app `auth_config_provider`
2013
+ // rows. Configure providers via the per-app auth-config endpoints
2014
+ // (`app(appId).authConfig.*`) and consume them client-side through
2015
+ // `consumer(slug).auth.signinWithProvider({ ... })`.
2016
+ // ─────────────────────────────────────────────────────────────
2017
+ stats = {
2018
+ /**
2019
+ * Get the signed-in PlatformUser's aggregate counts. Pass
2020
+ * `workspaceId` to scope to a single workspace; omit to total
2021
+ * across every workspace the caller belongs to.
2022
+ */
2023
+ get: (params = {}) => statsControllerGetMyStats(
2024
+ { params },
2025
+ { client: this.client }
2026
+ )
2027
+ };
10
2028
  };
11
2029
 
12
- export { Heimdall };
2030
+ export { AppScope, ConsumerScope, HEIMDALL_LEGACY_ISSUER, Heimdall, HeimdallHttpError, JwksCache, JwksFetchError, JwksKeyNotFoundError, JwtAudienceMismatchError, JwtExpiredError, JwtInvalidError, JwtIssuerMismatchError, JwtNotYetValidError, JwtVerifyError, verifyHeimdallToken };
13
2031
  //# sourceMappingURL=index.js.map
14
2032
  //# sourceMappingURL=index.js.map