@qnsp/tenant-sdk 0.0.1

package/.turbo/turbo-build.log

@@ -0,0 +1,5 @@
+
+
+> @qnsp/tenant-sdk@0.0.1 build /Volumes/ProjectQNSP/QNSP/packages/tenant-sdk
+> tsc --project tsconfig.build.json
+

package/.turbo/turbo-lint.log

@@ -0,0 +1,6 @@
+
+
+> @qnsp/tenant-sdk@0.0.1 lint /Volumes/ProjectQNSP/QNSP/packages/tenant-sdk
+> biome check .
+
+Checked 8 files in 9ms. No fixes applied.

package/.turbo/turbo-test.log

@@ -0,0 +1,65 @@
+
+
+> @qnsp/tenant-sdk@0.0.1 test /Volumes/ProjectQNSP/QNSP/packages/tenant-sdk
+> vitest run
+
+[?25l
+ RUN  v4.0.13 /Volumes/ProjectQNSP/QNSP/packages/tenant-sdk
+
+[?2026h
+ ❯ src/index.test.ts [queued]
+
+ Test Files 0 passed (1)
+      Tests 0 passed (0)
+   Start at 02:56:46
+   Duration 0ms
+[?2026l[?2026h
+ ❯ src/index.test.ts 0/9
+
+ Test Files 0 passed (1)
+      Tests 0 passed (9)
+   Start at 02:56:46
+   Duration 222ms
+[?2026l[?2026h
+ ❯ src/index.test.ts 1/9
+
+ Test Files 0 passed (1)
+      Tests 1 passed (9)
+   Start at 02:56:46
+   Duration 324ms
+[?2026l[?2026h
+ ❯ src/index.test.ts 7/9
+
+ Test Files 0 passed (1)
+      Tests 7 passed (9)
+   Start at 02:56:46
+   Duration 932ms
+[?2026l[?2026h
+ ❯ src/index.test.ts 8/9
+
+ Test Files 0 passed (1)
+      Tests 8 passed (9)
+   Start at 02:56:46
+   Duration 1.24s
+[?2026l ✓ src/index.test.ts (9 tests) 1044ms
+   ✓ TenantClient Security Tests (9)
+     ✓ HTTPS Enforcement (2)
+       ✓ should reject HTTP URLs in production 1ms
+       ✓ should allow HTTP localhost in development 0ms
+     ✓ Input Validation (4)
+       ✓ should reject invalid UUIDs 1ms
+       ✓ should reject SQL injection in tenantId 0ms
+       ✓ should reject path traversal in tenantId 0ms
+       ✓ should reject XSS attempts in tenantId 0ms
+     ✓ Error Message Sanitization (1)
+       ✓ should not expose sensitive data in error messages 7ms
+     ✓ Rate Limiting (2)
+       ✓ should retry on 429 with Retry-After header  1003ms
+       ✓ should fail after max retries 32ms
+
+ Test Files  1 passed (1)
+      Tests  9 passed (9)
+   Start at  02:56:46
+   Duration  1.35s (transform 120ms, setup 0ms, collect 229ms, tests 1.04s, environment 0ms, prepare 2ms)
+
+[?25h

package/.turbo/turbo-typecheck.log

@@ -0,0 +1,5 @@
+
+
+> @qnsp/tenant-sdk@0.0.1 typecheck /Volumes/ProjectQNSP/QNSP/packages/tenant-sdk
+> tsc --project tsconfig.json --noEmit
+

package/README.md

@@ -0,0 +1,70 @@
+# @qnsp/tenant-sdk
+
+TypeScript client for the QNSP Tenant service. Manages tenant lifecycle (create, update, suspend),
+domains, compliance tags, metadata, and PQC security envelopes.
+
+## Installation
+
+```bash
+pnpm add @qnsp/tenant-sdk
+```
+
+## Authentication
+
+Provide a tenant-scoped **service token** via `apiKey`. Requests require PQC security envelopes and
+signatures generated by the control plane; the SDK forwards your payloads but does not sign them.
+
+```ts
+import { TenantClient } from "@qnsp/tenant-sdk";
+
+const tenants = new TenantClient({
+  baseUrl: "https://tenant.qnsp.cuilabs.io",
+  apiKey: process.env.QNSP_SERVICE_TOKEN!,
+});
+```
+
+## Tier requirements
+
+Tenant management APIs are available on every tier. Higher tiers add more tenant seats or compliance
+features, but there are no SDK-side restrictions.
+
+## Usage example
+
+```ts
+import { TenantClient } from "@qnsp/tenant-sdk";
+
+const tenants = new TenantClient({
+  baseUrl: "https://tenant.qnsp.cuilabs.io",
+  apiKey: process.env.QNSP_SERVICE_TOKEN!,
+});
+
+const created = await tenants.createTenant({
+  name: "CUI Labs",
+  slug: "cui-labs",
+  plan: "dev-pro",
+  region: "global",
+  security: {
+    controlPlaneTokenSha256: "...",
+    pqcSignatures: [],
+    hardwareProvider: null,
+    attestationStatus: null,
+    attestationProof: null,
+  },
+});
+
+const list = await tenants.listTenants({ limit: 25 });
+```
+
+## Telemetry
+
+Set `telemetry` (or pass config to `createTenantClientTelemetry`) to emit OTLP metrics for every API
+call—latency, HTTP code, retries—powering the tenant dashboards described in
+`docs/observability/portal-dashboards.md`.
+
+## Related documentation
+
+- [Developer onboarding guide](../../docs/guides/developer-onboarding.md#sdk-quick-links)
+- [SDK inventory](../../docs/technical/SDK-INVENTORY.md)
+- [Tier limits](../shared-kernel/src/tier-limits.ts)
+
+© 2025 QNSP - CUI LABS, Singapore

package/dist/index.d.ts

@@ -0,0 +1,116 @@
+import type { TenantClientTelemetry, TenantClientTelemetryConfig } from "./observability.js";
+/**
+ * @qnsp/tenant-sdk
+ *
+ * TypeScript SDK client for the QNSP tenant-service API.
+ * Provides a high-level interface for tenant lifecycle and subscription management.
+ */
+export interface TenantClientConfig {
+    readonly baseUrl: string;
+    readonly apiKey?: string;
+    readonly timeoutMs?: number;
+    readonly telemetry?: TenantClientTelemetry | TenantClientTelemetryConfig;
+    readonly maxRetries?: number;
+    readonly retryDelayMs?: number;
+}
+export type TenantStatus = "active" | "suspended" | "pending" | "deleted";
+export interface TenantSecurityEnvelope {
+    readonly controlPlaneTokenSha256: string | null;
+    readonly pqcSignatures: readonly {
+        readonly provider: string;
+        readonly algorithm: string;
+        readonly value: string;
+        readonly publicKey: string;
+    }[];
+    readonly hardwareProvider: string | null;
+    readonly attestationStatus: string | null;
+    readonly attestationProof: string | null;
+}
+export interface TenantSignature {
+    readonly provider: string;
+    readonly algorithm: string;
+    readonly value: string;
+    readonly publicKey: string;
+}
+export interface TenantDomain {
+    readonly id: string;
+    readonly domain: string;
+    readonly verified: boolean;
+    readonly createdAt: string;
+    readonly updatedAt: string;
+}
+export interface Tenant {
+    readonly id: string;
+    readonly name: string;
+    readonly slug: string;
+    readonly status: TenantStatus;
+    readonly plan: string;
+    readonly region: string;
+    readonly complianceTags: readonly string[];
+    readonly metadata: Record<string, unknown>;
+    readonly security: TenantSecurityEnvelope;
+    readonly domains: readonly TenantDomain[];
+    readonly createdAt: string;
+    readonly updatedAt: string;
+}
+export interface CreateTenantRequest {
+    readonly name: string;
+    readonly slug: string;
+    readonly plan?: string;
+    readonly region?: string;
+    readonly complianceTags?: readonly string[];
+    readonly metadata?: Record<string, unknown>;
+    readonly domains?: readonly {
+        readonly domain: string;
+        readonly verified?: boolean;
+    }[];
+    readonly security: TenantSecurityEnvelope;
+    readonly signature?: TenantSignature;
+}
+export interface UpdateTenantRequest {
+    readonly plan?: string;
+    readonly status?: TenantStatus;
+    readonly complianceTags?: readonly string[];
+    readonly metadata?: Record<string, unknown>;
+    readonly security: TenantSecurityEnvelope;
+    readonly signature?: TenantSignature;
+}
+export interface ListTenantsResponse {
+    readonly items: readonly Tenant[];
+    readonly nextCursor: string | null;
+}
+export declare class TenantClient {
+    private readonly config;
+    private readonly telemetry;
+    private readonly targetService;
+    constructor(config: TenantClientConfig);
+    private request;
+    private requestWithRetry;
+    private recordTelemetryEvent;
+    /**
+     * Create a new tenant.
+     * Requires PQC-signed security envelope and optional signature.
+     */
+    createTenant(request: CreateTenantRequest): Promise<Tenant>;
+    /**
+     * Update a tenant's plan, status, compliance tags, or metadata.
+     * Requires PQC-signed security envelope and optional signature.
+     */
+    updateTenant(id: string, request: UpdateTenantRequest): Promise<Tenant>;
+    /**
+     * Get a tenant by ID.
+     * Returns the tenant with domains and security envelope.
+     */
+    getTenant(id: string): Promise<Tenant>;
+    /**
+     * List tenants with cursor-based pagination.
+     * Returns a list of tenants and an optional next cursor for pagination.
+     */
+    listTenants(options?: {
+        readonly limit?: number;
+        readonly cursor?: string;
+    }): Promise<ListTenantsResponse>;
+}
+export * from "./observability.js";
+export * from "./validation.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACX,qBAAqB,EACrB,2BAA2B,EAE3B,MAAM,oBAAoB,CAAC;AAI5B;;;;;GAKG;AAEH,MAAM,WAAW,kBAAkB;IAClC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,CAAC,EAAE,qBAAqB,GAAG,2BAA2B,CAAC;IACzE,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAC/B;AAUD,MAAM,MAAM,YAAY,GAAG,QAAQ,GAAG,WAAW,GAAG,SAAS,GAAG,SAAS,CAAC;AAE1E,MAAM,WAAW,sBAAsB;IACtC,QAAQ,CAAC,uBAAuB,EAAE,MAAM,GAAG,IAAI,CAAC;IAChD,QAAQ,CAAC,aAAa,EAAE,SAAS;QAChC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;QAC3B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;QACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;KAC3B,EAAE,CAAC;IACJ,QAAQ,CAAC,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;IACzC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1C,QAAQ,CAAC,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAC;CACzC;AAED,MAAM,WAAW,eAAe;IAC/B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,YAAY;IAC5B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,MAAM;IACtB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,cAAc,EAAE,SAAS,MAAM,EAAE,CAAC;IAC3C,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC3C,QAAQ,CAAC,QAAQ,EAAE,sBAAsB,CAAC;IAC1C,QAAQ,CAAC,OAAO,EAAE,SAAS,YAAY,EAAE,CAAC;IAC1C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,mBAAmB;IACnC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,QAAQ,CAAC,OAAO,CAAC,EAAE,SAAS;QAC3B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC;KAC5B,EAAE,CAAC;IACJ,QAAQ,CAAC,QAAQ,EAAE,sBAAsB,CAAC;IAC1C,QAAQ,CAAC,SAAS,CAAC,EAAE,eAAe,CAAC;CACrC;AAED,MAAM,WAAW,mBAAmB;IACnC,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,MAAM,CAAC,EAAE,YAAY,CAAC;IAC/B,QAAQ,CAAC,cAAc,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5C,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC5C,QAAQ,CAAC,QAAQ,EAAE,sBAAsB,CAAC;IAC1C,QAAQ,CAAC,SAAS,CAAC,EAAE,eAAe,CAAC;CACrC;AAED,MAAM,WAAW,mBAAmB;IACnC,QAAQ,CAAC,KAAK,EAAE,SAAS,MAAM,EAAE,CAAC;IAClC,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CACnC;AAWD,qBAAa,YAAY;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA6B;IACpD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA+B;IACzD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;gBAE3B,MAAM,EAAE,kBAAkB;YAqCxB,OAAO;YAIP,gBAAgB;IA6G9B,OAAO,CAAC,oBAAoB;IAO5B;;;OAGG;IACG,YAAY,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC;IAkBjE;;;OAGG;IACG,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC;IAgB7E;;;OAGG;IACG,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAQ5C;;;OAGG;IACG,WAAW,CAAC,OAAO,CAAC,EAAE;QAC3B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;KACzB,GAAG,OAAO,CAAC,mBAAmB,CAAC;CAehC;AAED,cAAc,oBAAoB,CAAC;AACnC,cAAc,iBAAiB,CAAC"}

package/dist/index.js

@@ -0,0 +1,207 @@
+import { performance } from "node:perf_hooks";
+import { createTenantClientTelemetry, isTenantClientTelemetry } from "./observability.js";
+import { validateUUID } from "./validation.js";
+export class TenantClient {
+    config;
+    telemetry;
+    targetService;
+    constructor(config) {
+        const baseUrl = config.baseUrl.replace(/\/$/, "");
+        // Enforce HTTPS in production (allow HTTP only for localhost in development)
+        if (!baseUrl.startsWith("https://")) {
+            const isLocalhost = baseUrl.startsWith("http://localhost") || baseUrl.startsWith("http://127.0.0.1");
+            const isDevelopment = process.env["NODE_ENV"] === "development" || process.env["NODE_ENV"] === "test";
+            if (!isLocalhost || !isDevelopment) {
+                throw new Error("baseUrl must use HTTPS in production. HTTP is only allowed for localhost in development.");
+            }
+        }
+        this.config = {
+            baseUrl,
+            apiKey: config.apiKey ?? "",
+            timeoutMs: config.timeoutMs ?? 30_000,
+            maxRetries: config.maxRetries ?? 3,
+            retryDelayMs: config.retryDelayMs ?? 1_000,
+        };
+        this.telemetry = config.telemetry
+            ? isTenantClientTelemetry(config.telemetry)
+                ? config.telemetry
+                : createTenantClientTelemetry(config.telemetry)
+            : null;
+        try {
+            this.targetService = new URL(this.config.baseUrl).host;
+        }
+        catch {
+            this.targetService = "tenant-service";
+        }
+    }
+    async request(method, path, options) {
+        return this.requestWithRetry(method, path, options, 0);
+    }
+    async requestWithRetry(method, path, options, attempt) {
+        const url = `${this.config.baseUrl}${path}`;
+        const headers = {
+            "Content-Type": "application/json",
+            ...options?.headers,
+        };
+        if (this.config.apiKey) {
+            headers["Authorization"] = `Bearer ${this.config.apiKey}`;
+        }
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), this.config.timeoutMs);
+        const signal = options?.signal ?? controller.signal;
+        const route = options?.telemetryRoute ?? new URL(path, this.config.baseUrl).pathname;
+        const target = options?.telemetryTarget ?? this.targetService;
+        const start = performance.now();
+        let status = "ok";
+        let httpStatus;
+        let errorMessage;
+        try {
+            const init = {
+                method,
+                headers,
+                signal,
+            };
+            if (options?.body !== undefined) {
+                init.body = JSON.stringify(options.body);
+            }
+            const response = await fetch(url, init);
+            clearTimeout(timeoutId);
+            httpStatus = response.status;
+            // Handle rate limiting (429) with retry logic
+            if (response.status === 429) {
+                if (attempt < this.config.maxRetries) {
+                    const retryAfterHeader = response.headers.get("Retry-After");
+                    let delayMs = this.config.retryDelayMs;
+                    if (retryAfterHeader) {
+                        const retryAfterSeconds = Number.parseInt(retryAfterHeader, 10);
+                        if (!Number.isNaN(retryAfterSeconds) && retryAfterSeconds > 0) {
+                            delayMs = retryAfterSeconds * 1_000;
+                        }
+                    }
+                    else {
+                        // Exponential backoff: 2^attempt * baseDelay, capped at 30 seconds
+                        delayMs = Math.min(2 ** attempt * this.config.retryDelayMs, 30_000);
+                    }
+                    await new Promise((resolve) => setTimeout(resolve, delayMs));
+                    return this.requestWithRetry(method, path, options, attempt + 1);
+                }
+                status = "error";
+                errorMessage = `HTTP ${response.status}`;
+                throw new Error(`Tenant API error: Rate limit exceeded after ${this.config.maxRetries} retries`);
+            }
+            if (!response.ok) {
+                status = "error";
+                // Sanitize error message to prevent information disclosure
+                // Don't include full response text in error to avoid leaking sensitive data
+                errorMessage = `HTTP ${response.status}`;
+                throw new Error(`Tenant API error: ${response.status} ${response.statusText}`);
+            }
+            if (response.status === 204) {
+                return undefined;
+            }
+            return (await response.json());
+        }
+        catch (error) {
+            clearTimeout(timeoutId);
+            status = "error";
+            if (!errorMessage && error instanceof Error) {
+                errorMessage = error.message;
+            }
+            if (error instanceof Error && error.name === "AbortError") {
+                errorMessage = `timeout after ${this.config.timeoutMs}ms`;
+                throw new Error(`Request timeout after ${this.config.timeoutMs}ms`);
+            }
+            throw error;
+        }
+        finally {
+            const durationMs = performance.now() - start;
+            const event = {
+                operation: options?.operation ?? `${method} ${route}`,
+                method,
+                route,
+                target,
+                status,
+                durationMs,
+                ...(typeof httpStatus === "number" ? { httpStatus } : {}),
+                ...(status === "error" && errorMessage ? { error: errorMessage } : {}),
+            };
+            this.recordTelemetryEvent(event);
+        }
+    }
+    recordTelemetryEvent(event) {
+        if (!this.telemetry) {
+            return;
+        }
+        this.telemetry.record(event);
+    }
+    /**
+     * Create a new tenant.
+     * Requires PQC-signed security envelope and optional signature.
+     */
+    async createTenant(request) {
+        // Validation is handled by the service, but we validate format here for early feedback
+        return this.request("POST", "/tenant/v1/tenants", {
+            body: {
+                name: request.name,
+                slug: request.slug,
+                ...(request.plan !== undefined ? { plan: request.plan } : {}),
+                ...(request.region !== undefined ? { region: request.region } : {}),
+                ...(request.complianceTags !== undefined ? { complianceTags: request.complianceTags } : {}),
+                ...(request.metadata !== undefined ? { metadata: request.metadata } : {}),
+                ...(request.domains !== undefined ? { domains: request.domains } : {}),
+                security: request.security,
+                ...(request.signature !== undefined ? { signature: request.signature } : {}),
+            },
+            operation: "createTenant",
+        });
+    }
+    /**
+     * Update a tenant's plan, status, compliance tags, or metadata.
+     * Requires PQC-signed security envelope and optional signature.
+     */
+    async updateTenant(id, request) {
+        validateUUID(id, "id");
+        return this.request("PATCH", `/tenant/v1/tenants/${id}`, {
+            body: {
+                ...(request.plan !== undefined ? { plan: request.plan } : {}),
+                ...(request.status !== undefined ? { status: request.status } : {}),
+                ...(request.complianceTags !== undefined ? { complianceTags: request.complianceTags } : {}),
+                ...(request.metadata !== undefined ? { metadata: request.metadata } : {}),
+                security: request.security,
+                ...(request.signature !== undefined ? { signature: request.signature } : {}),
+            },
+            operation: "updateTenant",
+        });
+    }
+    /**
+     * Get a tenant by ID.
+     * Returns the tenant with domains and security envelope.
+     */
+    async getTenant(id) {
+        validateUUID(id, "id");
+        return this.request("GET", `/tenant/v1/tenants/${id}`, {
+            operation: "getTenant",
+        });
+    }
+    /**
+     * List tenants with cursor-based pagination.
+     * Returns a list of tenants and an optional next cursor for pagination.
+     */
+    async listTenants(options) {
+        const params = new URLSearchParams();
+        if (options?.limit !== undefined) {
+            params.set("limit", String(options.limit));
+        }
+        if (options?.cursor !== undefined) {
+            params.set("cursor", options.cursor);
+        }
+        const queryString = params.toString();
+        const path = queryString ? `/tenant/v1/tenants?${queryString}` : "/tenant/v1/tenants";
+        return this.request("GET", path, {
+            operation: "listTenants",
+        });
+    }
+}
+export * from "./observability.js";
+export * from "./validation.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAO9C,OAAO,EAAE,2BAA2B,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC1F,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AA6G/C,MAAM,OAAO,YAAY;IACP,MAAM,CAA6B;IACnC,SAAS,CAA+B;IACxC,aAAa,CAAS;IAEvC,YAAY,MAA0B;QACrC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAElD,6EAA6E;QAC7E,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACrC,MAAM,WAAW,GAChB,OAAO,CAAC,UAAU,CAAC,kBAAkB,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;YAClF,MAAM,aAAa,GAClB,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,aAAa,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,MAAM,CAAC;YACjF,IAAI,CAAC,WAAW,IAAI,CAAC,aAAa,EAAE,CAAC;gBACpC,MAAM,IAAI,KAAK,CACd,0FAA0F,CAC1F,CAAC;YACH,CAAC;QACF,CAAC;QAED,IAAI,CAAC,MAAM,GAAG;YACb,OAAO;YACP,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,EAAE;YAC3B,SAAS,EAAE,MAAM,CAAC,SAAS,IAAI,MAAM;YACrC,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,CAAC;YAClC,YAAY,EAAE,MAAM,CAAC,YAAY,IAAI,KAAK;SAC1C,CAAC;QAEF,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS;YAChC,CAAC,CAAC,uBAAuB,CAAC,MAAM,CAAC,SAAS,CAAC;gBAC1C,CAAC,CAAC,MAAM,CAAC,SAAS;gBAClB,CAAC,CAAC,2BAA2B,CAAC,MAAM,CAAC,SAAS,CAAC;YAChD,CAAC,CAAC,IAAI,CAAC;QAER,IAAI,CAAC;YACJ,IAAI,CAAC,aAAa,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC;QACxD,CAAC;QAAC,MAAM,CAAC;YACR,IAAI,CAAC,aAAa,GAAG,gBAAgB,CAAC;QACvC,CAAC;IACF,CAAC;IAEO,KAAK,CAAC,OAAO,CAAI,MAAc,EAAE,IAAY,EAAE,OAAwB;QAC9E,OAAO,IAAI,CAAC,gBAAgB,CAAI,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;IAC3D,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC7B,MAAc,EACd,IAAY,EACZ,OAAmC,EACnC,OAAe;QAEf,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,GAAG,IAAI,EAAE,CAAC;QAC5C,MAAM,OAAO,GAA2B;YACvC,cAAc,EAAE,kBAAkB;YAClC,GAAG,OAAO,EAAE,OAAO;SACnB,CAAC;QAEF,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACxB,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC3D,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC9E,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,UAAU,CAAC,MAAM,CAAC;QACpD,MAAM,KAAK,GAAG,OAAO,EAAE,cAAc,IAAI,IAAI,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC;QACrF,MAAM,MAAM,GAAG,OAAO,EAAE,eAAe,IAAI,IAAI,CAAC,aAAa,CAAC;QAC9D,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC;QAChC,IAAI,MAAM,GAAmB,IAAI,CAAC;QAClC,IAAI,UAA8B,CAAC;QACnC,IAAI,YAAgC,CAAC;QAErC,IAAI,CAAC;YACJ,MAAM,IAAI,GAAgB;gBACzB,MAAM;gBACN,OAAO;gBACP,MAAM;aACN,CAAC;YAEF,IAAI,OAAO,EAAE,IAAI,KAAK,SAAS,EAAE,CAAC;gBACjC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YAC1C,CAAC;YAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAExC,YAAY,CAAC,SAAS,CAAC,CAAC;YACxB,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC;YAE7B,8CAA8C;YAC9C,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC7B,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;oBACtC,MAAM,gBAAgB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;oBAC7D,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;oBAEvC,IAAI,gBAAgB,EAAE,CAAC;wBACtB,MAAM,iBAAiB,GAAG,MAAM,CAAC,QAAQ,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;wBAChE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,IAAI,iBAAiB,GAAG,CAAC,EAAE,CAAC;4BAC/D,OAAO,GAAG,iBAAiB,GAAG,KAAK,CAAC;wBACrC,CAAC;oBACF,CAAC;yBAAM,CAAC;wBACP,mEAAmE;wBACnE,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;oBACrE,CAAC;oBAED,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;oBAC7D,OAAO,IAAI,CAAC,gBAAgB,CAAI,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC;gBACrE,CAAC;gBAED,MAAM,GAAG,OAAO,CAAC;gBACjB,YAAY,GAAG,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACzC,MAAM,IAAI,KAAK,CACd,+CAA+C,IAAI,CAAC,MAAM,CAAC,UAAU,UAAU,CAC/E,CAAC;YACH,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAClB,MAAM,GAAG,OAAO,CAAC;gBACjB,2DAA2D;gBAC3D,4EAA4E;gBAC5E,YAAY,GAAG,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACzC,MAAM,IAAI,KAAK,CAAC,qBAAqB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;YAChF,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC7B,OAAO,SAAc,CAAC;YACvB,CAAC;YAED,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAM,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,YAAY,CAAC,SAAS,CAAC,CAAC;YACxB,MAAM,GAAG,OAAO,CAAC;YACjB,IAAI,CAAC,YAAY,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;gBAC7C,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC;YAC9B,CAAC;YACD,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC3D,YAAY,GAAG,iBAAiB,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC;gBAC1D,MAAM,IAAI,KAAK,CAAC,yBAAyB,IAAI,CAAC,MAAM,CAAC,SAAS,IAAI,CAAC,CAAC;YACrE,CAAC;YACD,MAAM,KAAK,CAAC;QACb,CAAC;gBAAS,CAAC;YACV,MAAM,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;YAC7C,MAAM,KAAK,GAA+B;gBACzC,SAAS,EAAE,OAAO,EAAE,SAAS,IAAI,GAAG,MAAM,IAAI,KAAK,EAAE;gBACrD,MAAM;gBACN,KAAK;gBACL,MAAM;gBACN,MAAM;gBACN,UAAU;gBACV,GAAG,CAAC,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACzD,GAAG,CAAC,MAAM,KAAK,OAAO,IAAI,YAAY,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACtE,CAAC;YACF,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAAC;QAClC,CAAC;IACF,CAAC;IAEO,oBAAoB,CAAC,KAAiC;QAC7D,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACrB,OAAO;QACR,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC9B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,OAA4B;QAC9C,uFAAuF;QACvF,OAAO,IAAI,CAAC,OAAO,CAAS,MAAM,EAAE,oBAAoB,EAAE;YACzD,IAAI,EAAE;gBACL,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,GAAG,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC7D,GAAG,CAAC,OAAO,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACnE,GAAG,CAAC,OAAO,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3F,GAAG,CAAC,OAAO,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACzE,GAAG,CAAC,OAAO,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtE,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,GAAG,CAAC,OAAO,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC5E;YACD,SAAS,EAAE,cAAc;SACzB,CAAC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,EAAU,EAAE,OAA4B;QAC1D,YAAY,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QAEvB,OAAO,IAAI,CAAC,OAAO,CAAS,OAAO,EAAE,sBAAsB,EAAE,EAAE,EAAE;YAChE,IAAI,EAAE;gBACL,GAAG,CAAC,OAAO,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC7D,GAAG,CAAC,OAAO,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACnE,GAAG,CAAC,OAAO,CAAC,cAAc,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,cAAc,EAAE,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3F,GAAG,CAAC,OAAO,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACzE,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,GAAG,CAAC,OAAO,CAAC,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC5E;YACD,SAAS,EAAE,cAAc;SACzB,CAAC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS,CAAC,EAAU;QACzB,YAAY,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QAEvB,OAAO,IAAI,CAAC,OAAO,CAAS,KAAK,EAAE,sBAAsB,EAAE,EAAE,EAAE;YAC9D,SAAS,EAAE,WAAW;SACtB,CAAC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CAAC,OAGjB;QACA,MAAM,MAAM,GAAG,IAAI,eAAe,EAAE,CAAC;QACrC,IAAI,OAAO,EAAE,KAAK,KAAK,SAAS,EAAE,CAAC;YAClC,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5C,CAAC;QACD,IAAI,OAAO,EAAE,MAAM,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QACtC,CAAC;QACD,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,WAAW,CAAC,CAAC,CAAC,sBAAsB,WAAW,EAAE,CAAC,CAAC,CAAC,oBAAoB,CAAC;QAEtF,OAAO,IAAI,CAAC,OAAO,CAAsB,KAAK,EAAE,IAAI,EAAE;YACrD,SAAS,EAAE,aAAa;SACxB,CAAC,CAAC;IACJ,CAAC;CACD;AAED,cAAc,oBAAoB,CAAC;AACnC,cAAc,iBAAiB,CAAC"}

package/dist/observability.d.ts

@@ -0,0 +1,26 @@
+import type { MetricReader } from "@opentelemetry/sdk-metrics";
+export interface TenantClientTelemetryConfig {
+    readonly serviceName: string;
+    readonly serviceVersion?: string;
+    readonly environment?: string;
+    readonly otlpEndpoint?: string;
+    readonly metricsIntervalMs?: number;
+    readonly metricsTimeoutMs?: number;
+    readonly exporterFactory?: () => MetricReader;
+}
+export interface TenantClientTelemetryEvent {
+    readonly operation: string;
+    readonly method: string;
+    readonly route: string;
+    readonly status: "ok" | "error";
+    readonly durationMs: number;
+    readonly httpStatus?: number;
+    readonly target?: string;
+    readonly error?: string;
+}
+export interface TenantClientTelemetry {
+    record(event: TenantClientTelemetryEvent): void;
+}
+export declare function createTenantClientTelemetry(config: TenantClientTelemetryConfig): TenantClientTelemetry;
+export declare function isTenantClientTelemetry(value: TenantClientTelemetry | TenantClientTelemetryConfig): value is TenantClientTelemetry;
+//# sourceMappingURL=observability.d.ts.map

package/dist/observability.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"observability.d.ts","sourceRoot":"","sources":["../src/observability.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAS/D,MAAM,WAAW,2BAA2B;IAC3C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,YAAY,CAAC;CAC9C;AAED,MAAM,WAAW,0BAA0B;IAC1C,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,MAAM,EAAE,IAAI,GAAG,OAAO,CAAC;IAChC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,qBAAqB;IACrC,MAAM,CAAC,KAAK,EAAE,0BAA0B,GAAG,IAAI,CAAC;CAChD;AAED,wBAAgB,2BAA2B,CAC1C,MAAM,EAAE,2BAA2B,GACjC,qBAAqB,CAsEvB;AAED,wBAAgB,uBAAuB,CACtC,KAAK,EAAE,qBAAqB,GAAG,2BAA2B,GACxD,KAAK,IAAI,qBAAqB,CAEhC"}

package/dist/observability.js

@@ -0,0 +1,66 @@
+import { OTLPMetricExporter } from "@opentelemetry/exporter-metrics-otlp-http";
+import { ConsoleMetricExporter, createCounter, createHistogram, createMeterProvider, PeriodicExportingMetricReader, } from "@qnsp/observability";
+export function createTenantClientTelemetry(config) {
+    const interval = config.metricsIntervalMs ?? 60_000;
+    const timeout = config.metricsTimeoutMs ?? 15_000;
+    const readers = [];
+    if (typeof config.exporterFactory === "function") {
+        readers.push(config.exporterFactory());
+    }
+    else if (config.otlpEndpoint) {
+        readers.push(new PeriodicExportingMetricReader({
+            exporter: new OTLPMetricExporter({
+                url: config.otlpEndpoint,
+            }),
+            exportIntervalMillis: interval,
+            exportTimeoutMillis: timeout,
+        }));
+    }
+    else if (process.env["NODE_ENV"] !== "test") {
+        readers.push(new PeriodicExportingMetricReader({
+            exporter: new ConsoleMetricExporter(),
+            exportIntervalMillis: interval,
+            exportTimeoutMillis: timeout,
+        }));
+    }
+    const provider = createMeterProvider({
+        serviceName: config.serviceName,
+        serviceVersion: config.serviceVersion ?? "0.0.0",
+        environment: config.environment ?? process.env["NODE_ENV"] ?? "development",
+    }, readers);
+    const requestCounter = createCounter(provider, "tenant_sdk_requests_total", {
+        description: "Count of Tenant SDK HTTP requests",
+    });
+    const failureCounter = createCounter(provider, "tenant_sdk_request_failures_total", {
+        description: "Count of failed Tenant SDK HTTP requests",
+    });
+    const durationHistogram = createHistogram(provider, "tenant_sdk_request_duration_ms", {
+        description: "Latency of Tenant SDK HTTP requests",
+        unit: "ms",
+    });
+    return {
+        record(event) {
+            const baseAttributes = {
+                service: config.serviceName,
+                operation: event.operation,
+                method: event.method,
+                route: event.route,
+                target: event.target ?? event.route,
+                status: event.status,
+                ...(event.httpStatus ? { http_status: event.httpStatus } : {}),
+            };
+            requestCounter.add(1, baseAttributes);
+            durationHistogram.record(event.durationMs, baseAttributes);
+            if (event.status === "error") {
+                failureCounter.add(1, {
+                    ...baseAttributes,
+                    error: event.error ?? "unknown",
+                });
+            }
+        },
+    };
+}
+export function isTenantClientTelemetry(value) {
+    return typeof value?.record === "function";
+}
+//# sourceMappingURL=observability.js.map

package/dist/observability.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"observability.js","sourceRoot":"","sources":["../src/observability.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,2CAA2C,CAAC;AAE/E,OAAO,EACN,qBAAqB,EACrB,aAAa,EACb,eAAe,EACf,mBAAmB,EACnB,6BAA6B,GAC7B,MAAM,qBAAqB,CAAC;AA2B7B,MAAM,UAAU,2BAA2B,CAC1C,MAAmC;IAEnC,MAAM,QAAQ,GAAG,MAAM,CAAC,iBAAiB,IAAI,MAAM,CAAC;IACpD,MAAM,OAAO,GAAG,MAAM,CAAC,gBAAgB,IAAI,MAAM,CAAC;IAClD,MAAM,OAAO,GAAmB,EAAE,CAAC;IAEnC,IAAI,OAAO,MAAM,CAAC,eAAe,KAAK,UAAU,EAAE,CAAC;QAClD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,eAAe,EAAE,CAAC,CAAC;IACxC,CAAC;SAAM,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QAChC,OAAO,CAAC,IAAI,CACX,IAAI,6BAA6B,CAAC;YACjC,QAAQ,EAAE,IAAI,kBAAkB,CAAC;gBAChC,GAAG,EAAE,MAAM,CAAC,YAAY;aACxB,CAAC;YACF,oBAAoB,EAAE,QAAQ;YAC9B,mBAAmB,EAAE,OAAO;SAC5B,CAAC,CACF,CAAC;IACH,CAAC;SAAM,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,KAAK,MAAM,EAAE,CAAC;QAC/C,OAAO,CAAC,IAAI,CACX,IAAI,6BAA6B,CAAC;YACjC,QAAQ,EAAE,IAAI,qBAAqB,EAAE;YACrC,oBAAoB,EAAE,QAAQ;YAC9B,mBAAmB,EAAE,OAAO;SAC5B,CAAC,CACF,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GAAG,mBAAmB,CACnC;QACC,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,cAAc,EAAE,MAAM,CAAC,cAAc,IAAI,OAAO;QAChD,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,aAAa;KAC3E,EACD,OAAO,CACP,CAAC;IAEF,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,EAAE,2BAA2B,EAAE;QAC3E,WAAW,EAAE,mCAAmC;KAChD,CAAC,CAAC;IACH,MAAM,cAAc,GAAG,aAAa,CAAC,QAAQ,EAAE,mCAAmC,EAAE;QACnF,WAAW,EAAE,0CAA0C;KACvD,CAAC,CAAC;IACH,MAAM,iBAAiB,GAAG,eAAe,CAAC,QAAQ,EAAE,gCAAgC,EAAE;QACrF,WAAW,EAAE,qCAAqC;QAClD,IAAI,EAAE,IAAI;KACV,CAAC,CAAC;IAEH,OAAO;QACN,MAAM,CAAC,KAAK;YACX,MAAM,cAAc,GAAe;gBAClC,OAAO,EAAE,MAAM,CAAC,WAAW;gBAC3B,SAAS,EAAE,KAAK,CAAC,SAAS;gBAC1B,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,KAAK;gBACnC,MAAM,EAAE,KAAK,CAAC,MAAM;gBACpB,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC9D,CAAC;YAEF,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;YACtC,iBAAiB,CAAC,MAAM,CAAC,KAAK,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;YAE3D,IAAI,KAAK,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;gBAC9B,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE;oBACrB,GAAG,cAAc;oBACjB,KAAK,EAAE,KAAK,CAAC,KAAK,IAAI,SAAS;iBAC/B,CAAC,CAAC;YACJ,CAAC;QACF,CAAC;KACD,CAAC;AACH,CAAC;AAED,MAAM,UAAU,uBAAuB,CACtC,KAA0D;IAE1D,OAAO,OAAQ,KAA+B,EAAE,MAAM,KAAK,UAAU,CAAC;AACvE,CAAC"}

package/dist/validation.d.ts

@@ -0,0 +1,10 @@
+import { z } from "zod";
+/**
+ * Validation schemas for tenant-sdk inputs
+ */
+export declare const uuidSchema: z.ZodString;
+/**
+ * Validates a UUID string
+ */
+export declare function validateUUID(value: string, fieldName: string): void;
+//# sourceMappingURL=validation.d.ts.map

package/dist/validation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../src/validation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;GAEG;AAEH,eAAO,MAAM,UAAU,aAAyC,CAAC;AAEjE;;GAEG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,IAAI,CASnE"}

package/dist/validation.js

@@ -0,0 +1,20 @@
+import { z } from "zod";
+/**
+ * Validation schemas for tenant-sdk inputs
+ */
+export const uuidSchema = z.string().uuid("Invalid UUID format");
+/**
+ * Validates a UUID string
+ */
+export function validateUUID(value, fieldName) {
+    try {
+        uuidSchema.parse(value);
+    }
+    catch (error) {
+        if (error instanceof z.ZodError) {
+            throw new Error(`Invalid ${fieldName}: ${error.issues[0]?.message ?? "Invalid format"}`);
+        }
+        throw error;
+    }
+}
+//# sourceMappingURL=validation.js.map

package/dist/validation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.js","sourceRoot":"","sources":["../src/validation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;GAEG;AAEH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;AAEjE;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,KAAa,EAAE,SAAiB;IAC5D,IAAI,CAAC;QACJ,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACzB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QAChB,IAAI,KAAK,YAAY,CAAC,CAAC,QAAQ,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,WAAW,SAAS,KAAK,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,OAAO,IAAI,gBAAgB,EAAE,CAAC,CAAC;QAC1F,CAAC;QACD,MAAM,KAAK,CAAC;IACb,CAAC;AACF,CAAC"}