@revstackhq/node 0.0.0-dev-20260226054346

package/dist/src/errors.js

@@ -0,0 +1,101 @@
+/**
+ * @module @revstackhq/node/errors
+ * @description Typed error hierarchy for the Revstack SDK. All errors thrown by the
+ * SDK extend {@link RevstackError}, enabling precise error handling with `instanceof`.
+ *
+ * @example
+ * ```typescript
+ * import { RateLimitError, RevstackAPIError } from "@revstackhq/node";
+ *
+ * try {
+ *   await revstack.entitlements.check(userId, "api-calls");
+ * } catch (error) {
+ *   if (error instanceof RateLimitError) {
+ *     console.log(`Rate limited. Retry after ${error.retryAfter}s`);
+ *   } else if (error instanceof RevstackAPIError) {
+ *     console.log(`API error ${error.status}: ${error.code}`);
+ *   }
+ * }
+ * ```
+ */
+// ─── Base Error ──────────────────────────────────────────────
+/**
+ * Base class for all Revstack SDK errors.
+ * Use `instanceof RevstackError` to catch any SDK-originated error.
+ */
+export class RevstackError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "RevstackError";
+    }
+}
+/**
+ * Thrown when the Revstack API returns a non-2xx HTTP response.
+ * Contains structured fields for programmatic error handling.
+ */
+export class RevstackAPIError extends RevstackError {
+    /** HTTP status code (e.g. `400`, `401`, `404`, `500`). */
+    status;
+    /** Machine-readable error code (e.g. `INSUFFICIENT_BALANCE`, `NOT_FOUND`). */
+    code;
+    /** Unique request ID for tracing. Include this in support tickets. */
+    requestId;
+    constructor(message, status, code, requestId) {
+        super(message);
+        this.name = "RevstackAPIError";
+        this.status = status;
+        this.code = code;
+        this.requestId = requestId;
+    }
+}
+// ─── Rate Limit ──────────────────────────────────────────────
+/**
+ * Thrown when the API returns HTTP 429 (Too Many Requests).
+ * The `retryAfter` field indicates how long to wait before retrying.
+ *
+ * @example
+ * ```typescript
+ * try {
+ *   await revstack.usage.report(params);
+ * } catch (error) {
+ *   if (error instanceof RateLimitError) {
+ *     await sleep(error.retryAfter * 1000);
+ *     await revstack.usage.report(params); // retry
+ *   }
+ * }
+ * ```
+ */
+export class RateLimitError extends RevstackAPIError {
+    /** Number of seconds to wait before retrying the request. */
+    retryAfter;
+    constructor(message, retryAfter, requestId) {
+        super(message, 429, "RATE_LIMIT_EXCEEDED", requestId);
+        this.name = "RateLimitError";
+        this.retryAfter = retryAfter;
+    }
+}
+// ─── Webhook Signature ──────────────────────────────────────
+/**
+ * Thrown when webhook signature verification fails.
+ * This indicates the webhook payload was tampered with, the signing secret is wrong,
+ * or the webhook timestamp has expired (replay protection).
+ */
+export class SignatureVerificationError extends RevstackError {
+    constructor(message = "Webhook signature verification failed") {
+        super(message);
+        this.name = "SignatureVerificationError";
+    }
+}
+// ─── Sync Conflict ──────────────────────────────────────────
+/**
+ * Thrown when the system sync endpoint detects a conflict (HTTP 409).
+ */
+export class SyncConflictError extends RevstackAPIError {
+    /** The conflicts discovered during sync attempts. */
+    conflicts;
+    constructor(message, conflicts, requestId) {
+        super(message, 409, "SYNC_CONFLICT", requestId);
+        this.name = "SyncConflictError";
+        this.conflicts = conflicts;
+    }
+}

package/dist/src/index.d.ts

@@ -0,0 +1,71 @@
+/**
+ * @module @revstackhq/node
+ * @description Official Node.js SDK for Revstack — billing infrastructure for SaaS.
+ *
+ * The SDK provides two namespaces:
+ * - **Data Plane** (`revstack.*`) — Daily backend operations: entitlement checks, usage reporting, subscriptions.
+ * - **Control Plane** (`revstack.admin.*`) — Infrastructure management: plan CRUD, Billing as Code sync.
+ *
+ * @example
+ * ```typescript
+ * import { Revstack, RateLimitError } from "@revstackhq/node";
+ *
+ * const revstack = new Revstack({ secretKey: "sk_live_..." });
+ *
+ * // Data Plane: check if a customer can use a feature
+ * const { allowed } = await revstack.entitlements.check("usr_abc", "api-calls");
+ * ```
+ *
+ * @packageDocumentation
+ */
+import { RevstackOptions } from "@/types";
+import { EntitlementsClient } from "@/modules/entitlements";
+import { WalletsClient } from "@/modules/wallets";
+import { CustomersClient } from "@/modules/customers";
+import { UsageClient } from "@/modules/usage";
+import { SubscriptionsClient } from "@/modules/subscriptions";
+import { PlansClient } from "@/modules/plans";
+import { InvoicesClient } from "@/modules/invoices";
+import { WebhooksClient } from "@/modules/webhooks";
+import { AdminClient } from "@/modules/admin";
+/**
+ * Main SDK client. Initialize with your secret key to access all modules.
+ *
+ * @example
+ * ```typescript
+ * const revstack = new Revstack({
+ *   secretKey: process.env.REVSTACK_SECRET_KEY!,
+ * });
+ * ```
+ */
+export declare class Revstack {
+    /** Manage end-user (customer) records. */
+    readonly customers: CustomersClient;
+    /** Create, cancel, and manage subscriptions. */
+    readonly subscriptions: SubscriptionsClient;
+    /** Check feature access and query entitlements. */
+    readonly entitlements: EntitlementsClient;
+    /** Report and query metered feature usage. */
+    readonly usage: UsageClient;
+    /** Manage customer wallet balances. */
+    readonly wallets: WalletsClient;
+    /** Verify inbound webhook signatures. */
+    readonly webhooks: WebhooksClient;
+    /** Query billing plans (read-only). */
+    readonly plans: PlansClient;
+    /** Query billing invoices (read-only). */
+    readonly invoices: InvoicesClient;
+    /** Administrative operations for plans, entitlements, integrations, and environments. */
+    readonly admin: AdminClient;
+    private readonly config;
+    /**
+     * Create a new Revstack SDK instance.
+     *
+     * @param options - Configuration options including the secret API key.
+     * @throws {Error} If `secretKey` is missing.
+     */
+    constructor(options: RevstackOptions);
+}
+export { RevstackError, RevstackAPIError, RateLimitError, SignatureVerificationError, } from "@/errors";
+export type { RevstackOptions, Customer, IdentifyCustomerParams, UpdateCustomerParams, Subscription, CreateSubscriptionParams, ChangePlanParams, ListSubscriptionsParams, Entitlement, EntitlementCheckOptions, EntitlementCheckResult, UsageMeter, ReportUsageParams, RevertUsageParams, BalanceResponse, GrantBalanceParams, RevokeBalanceParams, Plan, Price, PlanEntitlement, ListPlansParams, Invoice, ListInvoicesParams, WebhookEvent, ListParams, PaginatedResponse, CreatePlanParams, UpdatePlanParams, UpsertPlanParams, UpsertPriceInput, UpsertPlanEntitlementInput, CreateEntitlementParams, UpdateEntitlementParams, UpsertEntitlementParams, Integration, CreateIntegrationParams, UpdateIntegrationParams, ProviderEvent, IntegrationMetric, ListIntegrationsParams, ListProviderEventsParams, ListMetricsParams, Environment, CreateEnvironmentParams, UpdateEnvironmentParams, } from "@/types";
+//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAC1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE9C;;;;;;;;;GASG;AACH,qBAAa,QAAQ;IAGnB,0CAA0C;IAC1C,SAAgB,SAAS,EAAE,eAAe,CAAC;IAC3C,gDAAgD;IAChD,SAAgB,aAAa,EAAE,mBAAmB,CAAC;IACnD,mDAAmD;IACnD,SAAgB,YAAY,EAAE,kBAAkB,CAAC;IACjD,8CAA8C;IAC9C,SAAgB,KAAK,EAAE,WAAW,CAAC;IACnC,uCAAuC;IACvC,SAAgB,OAAO,EAAE,aAAa,CAAC;IACvC,yCAAyC;IACzC,SAAgB,QAAQ,EAAE,cAAc,CAAC;IACzC,uCAAuC;IACvC,SAAgB,KAAK,EAAE,WAAW,CAAC;IACnC,0CAA0C;IAC1C,SAAgB,QAAQ,EAAE,cAAc,CAAC;IAIzC,yFAAyF;IACzF,SAAgB,KAAK,EAAE,WAAW,CAAC;IAEnC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAIrB;IAEF;;;;;OAKG;gBACS,OAAO,EAAE,eAAe;CA0BrC;AAGD,OAAO,EACL,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,0BAA0B,GAC3B,MAAM,UAAU,CAAC;AAGlB,YAAY,EACV,eAAe,EACf,QAAQ,EACR,sBAAsB,EACtB,oBAAoB,EACpB,YAAY,EACZ,wBAAwB,EACxB,gBAAgB,EAChB,uBAAuB,EACvB,WAAW,EACX,uBAAuB,EACvB,sBAAsB,EACtB,UAAU,EACV,iBAAiB,EACjB,iBAAiB,EACjB,eAAe,EACf,kBAAkB,EAClB,mBAAmB,EACnB,IAAI,EACJ,KAAK,EACL,eAAe,EACf,eAAe,EACf,OAAO,EACP,kBAAkB,EAClB,YAAY,EACZ,UAAU,EACV,iBAAiB,EAGjB,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,gBAAgB,EAChB,0BAA0B,EAC1B,uBAAuB,EACvB,uBAAuB,EACvB,uBAAuB,EACvB,WAAW,EACX,uBAAuB,EACvB,uBAAuB,EACvB,aAAa,EACb,iBAAiB,EACjB,sBAAsB,EACtB,wBAAwB,EACxB,iBAAiB,EACjB,WAAW,EACX,uBAAuB,EACvB,uBAAuB,GACxB,MAAM,SAAS,CAAC"}

package/dist/src/index.js

@@ -0,0 +1,91 @@
+/**
+ * @module @revstackhq/node
+ * @description Official Node.js SDK for Revstack — billing infrastructure for SaaS.
+ *
+ * The SDK provides two namespaces:
+ * - **Data Plane** (`revstack.*`) — Daily backend operations: entitlement checks, usage reporting, subscriptions.
+ * - **Control Plane** (`revstack.admin.*`) — Infrastructure management: plan CRUD, Billing as Code sync.
+ *
+ * @example
+ * ```typescript
+ * import { Revstack, RateLimitError } from "@revstackhq/node";
+ *
+ * const revstack = new Revstack({ secretKey: "sk_live_..." });
+ *
+ * // Data Plane: check if a customer can use a feature
+ * const { allowed } = await revstack.entitlements.check("usr_abc", "api-calls");
+ * ```
+ *
+ * @packageDocumentation
+ */
+import { EntitlementsClient } from "@/modules/entitlements";
+import { WalletsClient } from "@/modules/wallets";
+import { CustomersClient } from "@/modules/customers";
+import { UsageClient } from "@/modules/usage";
+import { SubscriptionsClient } from "@/modules/subscriptions";
+import { PlansClient } from "@/modules/plans";
+import { InvoicesClient } from "@/modules/invoices";
+import { WebhooksClient } from "@/modules/webhooks";
+import { AdminClient } from "@/modules/admin";
+/**
+ * Main SDK client. Initialize with your secret key to access all modules.
+ *
+ * @example
+ * ```typescript
+ * const revstack = new Revstack({
+ *   secretKey: process.env.REVSTACK_SECRET_KEY!,
+ * });
+ * ```
+ */
+export class Revstack {
+    // ─── Data Plane (S2S) ──────────────────────────
+    /** Manage end-user (customer) records. */
+    customers;
+    /** Create, cancel, and manage subscriptions. */
+    subscriptions;
+    /** Check feature access and query entitlements. */
+    entitlements;
+    /** Report and query metered feature usage. */
+    usage;
+    /** Manage customer wallet balances. */
+    wallets;
+    /** Verify inbound webhook signatures. */
+    webhooks;
+    /** Query billing plans (read-only). */
+    plans;
+    /** Query billing invoices (read-only). */
+    invoices;
+    // ─── Control Plane (CLI / Admin) ───────────────
+    /** Administrative operations for plans, entitlements, integrations, and environments. */
+    admin;
+    config;
+    /**
+     * Create a new Revstack SDK instance.
+     *
+     * @param options - Configuration options including the secret API key.
+     * @throws {Error} If `secretKey` is missing.
+     */
+    constructor(options) {
+        if (!options.secretKey) {
+            throw new Error("Revstack: Secret Key is required. Get yours at https://app.revstack.dev");
+        }
+        this.config = {
+            secretKey: options.secretKey,
+            baseUrl: options.baseUrl || "https://app.revstack.dev/api/v1",
+            timeout: options.timeout || 10000,
+        };
+        // Data Plane
+        this.customers = new CustomersClient(this.config);
+        this.subscriptions = new SubscriptionsClient(this.config);
+        this.entitlements = new EntitlementsClient(this.config);
+        this.usage = new UsageClient(this.config);
+        this.wallets = new WalletsClient(this.config);
+        this.webhooks = new WebhooksClient();
+        this.plans = new PlansClient(this.config);
+        this.invoices = new InvoicesClient(this.config);
+        // Control Plane
+        this.admin = new AdminClient(this.config);
+    }
+}
+// ─── Errors ──────────────────────────────────────
+export { RevstackError, RevstackAPIError, RateLimitError, SignatureVerificationError, } from "@/errors";

package/dist/src/modules/admin/entitlements.d.ts

@@ -0,0 +1,73 @@
+import { BaseClient } from "@/modules/base";
+import { Entitlement, CreateEntitlementParams, UpdateEntitlementParams, UpsertEntitlementParams, ListParams, PaginatedResponse } from "@/types";
+/**
+ * Admin client for managing entitlement definitions (CRUD + upsert).
+ * Entitlements define the features and capabilities that can be gated behind plans.
+ *
+ * The `upsert()` method is idempotent by `slug`, making it safe for repeated
+ * CLI deployments without creating duplicates.
+ *
+ * @example
+ * ```typescript
+ * await revstack.admin.entitlements.upsert({
+ *   slug: "api-calls",
+ *   name: "API Calls",
+ *   type: "metered",
+ *   unitType: "count",
+ * });
+ * ```
+ */
+export declare class AdminEntitlementsClient extends BaseClient {
+    constructor(config: {
+        secretKey: string;
+        baseUrl: string;
+        timeout: number;
+    });
+    /**
+     * List all entitlement definitions with optional pagination.
+     *
+     * @param params - Pagination parameters.
+     * @returns A paginated list of entitlements.
+     */
+    list(params?: ListParams): Promise<PaginatedResponse<Entitlement>>;
+    /**
+     * Retrieve a single entitlement definition by ID.
+     *
+     * @param entitlementId - The entitlement's unique identifier.
+     * @returns The entitlement definition.
+     */
+    get(entitlementId: string): Promise<Entitlement>;
+    /**
+     * Create a new entitlement definition.
+     *
+     * @param params - Entitlement creation parameters.
+     * @returns The newly created entitlement.
+     */
+    create(params: CreateEntitlementParams): Promise<Entitlement>;
+    /**
+     * Partially update an existing entitlement definition.
+     *
+     * @param entitlementId - The entitlement's unique identifier.
+     * @param params - Fields to update.
+     * @returns The updated entitlement.
+     */
+    update(entitlementId: string, params: UpdateEntitlementParams): Promise<Entitlement>;
+    /**
+     * Delete an entitlement definition. Fails if any active plans reference it.
+     *
+     * @param entitlementId - The entitlement's unique identifier.
+     * @returns Confirmation of deletion.
+     */
+    delete(entitlementId: string): Promise<{
+        success: boolean;
+    }>;
+    /**
+     * Idempotently create or update an entitlement by its `slug`.
+     * If an entitlement with the given slug exists, it is updated; otherwise, it is created.
+     *
+     * @param params - Full entitlement state.
+     * @returns The created or updated entitlement.
+     */
+    upsert(params: UpsertEntitlementParams): Promise<Entitlement>;
+}
+//# sourceMappingURL=entitlements.d.ts.map

package/dist/src/modules/admin/entitlements.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"entitlements.d.ts","sourceRoot":"","sources":["../../../../src/modules/admin/entitlements.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EACL,WAAW,EACX,uBAAuB,EACvB,uBAAuB,EACvB,uBAAuB,EACvB,UAAU,EACV,iBAAiB,EAClB,MAAM,SAAS,CAAC;AAEjB;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,uBAAwB,SAAQ,UAAU;gBACzC,MAAM,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE;IAI3E;;;;;OAKG;IACG,IAAI,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;IAOxE;;;;;OAKG;IACG,GAAG,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAMtD;;;;;OAKG;IACG,MAAM,CAAC,MAAM,EAAE,uBAAuB,GAAG,OAAO,CAAC,WAAW,CAAC;IAOnE;;;;;;OAMG;IACG,MAAM,CACV,aAAa,EAAE,MAAM,EACrB,MAAM,EAAE,uBAAuB,GAC9B,OAAO,CAAC,WAAW,CAAC;IAOvB;;;;;OAKG;IACG,MAAM,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC;IAOlE;;;;;;OAMG;IACG,MAAM,CAAC,MAAM,EAAE,uBAAuB,GAAG,OAAO,CAAC,WAAW,CAAC;CAMpE"}

package/dist/src/modules/admin/entitlements.js

@@ -0,0 +1,90 @@
+import { BaseClient } from "@/modules/base";
+/**
+ * Admin client for managing entitlement definitions (CRUD + upsert).
+ * Entitlements define the features and capabilities that can be gated behind plans.
+ *
+ * The `upsert()` method is idempotent by `slug`, making it safe for repeated
+ * CLI deployments without creating duplicates.
+ *
+ * @example
+ * ```typescript
+ * await revstack.admin.entitlements.upsert({
+ *   slug: "api-calls",
+ *   name: "API Calls",
+ *   type: "metered",
+ *   unitType: "count",
+ * });
+ * ```
+ */
+export class AdminEntitlementsClient extends BaseClient {
+    constructor(config) {
+        super(config);
+    }
+    /**
+     * List all entitlement definitions with optional pagination.
+     *
+     * @param params - Pagination parameters.
+     * @returns A paginated list of entitlements.
+     */
+    async list(params) {
+        return this.request(`/admin/entitlements${this.buildQuery(params)}`, { method: "GET" });
+    }
+    /**
+     * Retrieve a single entitlement definition by ID.
+     *
+     * @param entitlementId - The entitlement's unique identifier.
+     * @returns The entitlement definition.
+     */
+    async get(entitlementId) {
+        return this.request(`/admin/entitlements/${entitlementId}`, {
+            method: "GET",
+        });
+    }
+    /**
+     * Create a new entitlement definition.
+     *
+     * @param params - Entitlement creation parameters.
+     * @returns The newly created entitlement.
+     */
+    async create(params) {
+        return this.request("/admin/entitlements", {
+            method: "POST",
+            body: JSON.stringify(params),
+        });
+    }
+    /**
+     * Partially update an existing entitlement definition.
+     *
+     * @param entitlementId - The entitlement's unique identifier.
+     * @param params - Fields to update.
+     * @returns The updated entitlement.
+     */
+    async update(entitlementId, params) {
+        return this.request(`/admin/entitlements/${entitlementId}`, {
+            method: "PATCH",
+            body: JSON.stringify(params),
+        });
+    }
+    /**
+     * Delete an entitlement definition. Fails if any active plans reference it.
+     *
+     * @param entitlementId - The entitlement's unique identifier.
+     * @returns Confirmation of deletion.
+     */
+    async delete(entitlementId) {
+        return this.request(`/admin/entitlements/${entitlementId}`, { method: "DELETE" });
+    }
+    /**
+     * Idempotently create or update an entitlement by its `slug`.
+     * If an entitlement with the given slug exists, it is updated; otherwise, it is created.
+     *
+     * @param params - Full entitlement state.
+     * @returns The created or updated entitlement.
+     */
+    async upsert(params) {
+        return this.request("/admin/entitlements", {
+            method: "PUT",
+            body: JSON.stringify(params),
+        });
+    }
+}

package/dist/src/modules/admin/environments.d.ts

@@ -0,0 +1,76 @@
+import { BaseClient } from "@/modules/base";
+import { Environment, CreateEnvironmentParams, UpdateEnvironmentParams, ListParams, PaginatedResponse } from "@/types";
+/**
+ * Admin client for managing deployment environments.
+ * Each environment has its own API keys, auth configuration, and integrations.
+ *
+ * @example
+ * ```typescript
+ * // Create a staging environment
+ * const env = await revstack.admin.environments.create({
+ *   name: "staging",
+ *   authProvider: "supabase",
+ *   authJwksUri: "https://my-project.supabase.co/.well-known/jwks.json",
+ * });
+ *
+ * // Rotate API keys after a security incident
+ * const newKeys = await revstack.admin.environments.rotateKeys(env.id);
+ * ```
+ */
+export declare class AdminEnvironmentsClient extends BaseClient {
+    constructor(config: {
+        secretKey: string;
+        baseUrl: string;
+        timeout: number;
+    });
+    /**
+     * List all environments with optional pagination.
+     *
+     * @param params - Pagination parameters.
+     * @returns A paginated list of environments.
+     */
+    list(params?: ListParams): Promise<PaginatedResponse<Environment>>;
+    /**
+     * Retrieve a single environment by ID.
+     *
+     * @param environmentId - The environment's unique identifier.
+     * @returns The environment record including API keys and auth config.
+     */
+    get(environmentId: string): Promise<Environment>;
+    /**
+     * Create a new deployment environment.
+     *
+     * @param params - Environment creation parameters.
+     * @returns The newly created environment with generated API keys.
+     */
+    create(params: CreateEnvironmentParams): Promise<Environment>;
+    /**
+     * Update an existing environment's name or auth configuration.
+     *
+     * @param environmentId - The environment's unique identifier.
+     * @param params - Fields to update.
+     * @returns The updated environment.
+     */
+    update(environmentId: string, params: UpdateEnvironmentParams): Promise<Environment>;
+    /**
+     * Delete an environment. This invalidates its API keys immediately.
+     *
+     * @param environmentId - The environment's unique identifier.
+     * @returns Confirmation of deletion.
+     */
+    delete(environmentId: string): Promise<{
+        success: boolean;
+    }>;
+    /**
+     * Rotate both the public and secret API keys for an environment.
+     * The old keys become invalid immediately. Use this after a security incident.
+     *
+     * @param environmentId - The environment whose keys to rotate.
+     * @returns The new API key pair.
+     */
+    rotateKeys(environmentId: string): Promise<{
+        apiKeyPublic: string;
+        apiKeySecret: string;
+    }>;
+}
+//# sourceMappingURL=environments.d.ts.map

package/dist/src/modules/admin/environments.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"environments.d.ts","sourceRoot":"","sources":["../../../../src/modules/admin/environments.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EACL,WAAW,EACX,uBAAuB,EACvB,uBAAuB,EACvB,UAAU,EACV,iBAAiB,EAClB,MAAM,SAAS,CAAC;AAEjB;;;;;;;;;;;;;;;;GAgBG;AACH,qBAAa,uBAAwB,SAAQ,UAAU;gBACzC,MAAM,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE;IAI3E;;;;;OAKG;IACG,IAAI,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,iBAAiB,CAAC,WAAW,CAAC,CAAC;IAOxE;;;;;OAKG;IACG,GAAG,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAMtD;;;;;OAKG;IACG,MAAM,CAAC,MAAM,EAAE,uBAAuB,GAAG,OAAO,CAAC,WAAW,CAAC;IAOnE;;;;;;OAMG;IACG,MAAM,CACV,aAAa,EAAE,MAAM,EACrB,MAAM,EAAE,uBAAuB,GAC9B,OAAO,CAAC,WAAW,CAAC;IAOvB;;;;;OAKG;IACG,MAAM,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC;IAOlE;;;;;;OAMG;IACG,UAAU,CACd,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,CAAC;CAM3D"}

package/dist/src/modules/admin/environments.js

@@ -0,0 +1,87 @@
+import { BaseClient } from "@/modules/base";
+/**
+ * Admin client for managing deployment environments.
+ * Each environment has its own API keys, auth configuration, and integrations.
+ *
+ * @example
+ * ```typescript
+ * // Create a staging environment
+ * const env = await revstack.admin.environments.create({
+ *   name: "staging",
+ *   authProvider: "supabase",
+ *   authJwksUri: "https://my-project.supabase.co/.well-known/jwks.json",
+ * });
+ *
+ * // Rotate API keys after a security incident
+ * const newKeys = await revstack.admin.environments.rotateKeys(env.id);
+ * ```
+ */
+export class AdminEnvironmentsClient extends BaseClient {
+    constructor(config) {
+        super(config);
+    }
+    /**
+     * List all environments with optional pagination.
+     *
+     * @param params - Pagination parameters.
+     * @returns A paginated list of environments.
+     */
+    async list(params) {
+        return this.request(`/admin/environments${this.buildQuery(params)}`, { method: "GET" });
+    }
+    /**
+     * Retrieve a single environment by ID.
+     *
+     * @param environmentId - The environment's unique identifier.
+     * @returns The environment record including API keys and auth config.
+     */
+    async get(environmentId) {
+        return this.request(`/admin/environments/${environmentId}`, {
+            method: "GET",
+        });
+    }
+    /**
+     * Create a new deployment environment.
+     *
+     * @param params - Environment creation parameters.
+     * @returns The newly created environment with generated API keys.
+     */
+    async create(params) {
+        return this.request("/admin/environments", {
+            method: "POST",
+            body: JSON.stringify(params),
+        });
+    }
+    /**
+     * Update an existing environment's name or auth configuration.
+     *
+     * @param environmentId - The environment's unique identifier.
+     * @param params - Fields to update.
+     * @returns The updated environment.
+     */
+    async update(environmentId, params) {
+        return this.request(`/admin/environments/${environmentId}`, {
+            method: "PATCH",
+            body: JSON.stringify(params),
+        });
+    }
+    /**
+     * Delete an environment. This invalidates its API keys immediately.
+     *
+     * @param environmentId - The environment's unique identifier.
+     * @returns Confirmation of deletion.
+     */
+    async delete(environmentId) {
+        return this.request(`/admin/environments/${environmentId}`, { method: "DELETE" });
+    }
+    /**
+     * Rotate both the public and secret API keys for an environment.
+     * The old keys become invalid immediately. Use this after a security incident.
+     *
+     * @param environmentId - The environment whose keys to rotate.
+     * @returns The new API key pair.
+     */
+    async rotateKeys(environmentId) {
+        return this.request(`/admin/environments/${environmentId}/rotate-keys`, { method: "POST" });
+    }
+}

package/dist/src/modules/admin/index.d.ts

@@ -0,0 +1,16 @@
+import { AdminPlansClient } from "@/modules/admin/plans";
+import { AdminEntitlementsClient } from "@/modules/admin/entitlements";
+import { AdminIntegrationsClient } from "@/modules/admin/integrations";
+import { AdminEnvironmentsClient } from "@/modules/admin/environments";
+export declare class AdminClient {
+    readonly plans: AdminPlansClient;
+    readonly entitlements: AdminEntitlementsClient;
+    readonly integrations: AdminIntegrationsClient;
+    readonly environments: AdminEnvironmentsClient;
+    constructor(config: {
+        secretKey: string;
+        baseUrl: string;
+        timeout: number;
+    });
+}
+//# sourceMappingURL=index.d.ts.map

package/dist/src/modules/admin/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/modules/admin/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AACvE,OAAO,EAAE,uBAAuB,EAAE,MAAM,8BAA8B,CAAC;AAEvE,qBAAa,WAAW;IACtB,SAAgB,KAAK,EAAE,gBAAgB,CAAC;IACxC,SAAgB,YAAY,EAAE,uBAAuB,CAAC;IACtD,SAAgB,YAAY,EAAE,uBAAuB,CAAC;IACtD,SAAgB,YAAY,EAAE,uBAAuB,CAAC;gBAE1C,MAAM,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE;CAM5E"}

package/dist/src/modules/admin/index.js

@@ -0,0 +1,16 @@
+import { AdminPlansClient } from "@/modules/admin/plans";
+import { AdminEntitlementsClient } from "@/modules/admin/entitlements";
+import { AdminIntegrationsClient } from "@/modules/admin/integrations";
+import { AdminEnvironmentsClient } from "@/modules/admin/environments";
+export class AdminClient {
+    plans;
+    entitlements;
+    integrations;
+    environments;
+    constructor(config) {
+        this.plans = new AdminPlansClient(config);
+        this.entitlements = new AdminEntitlementsClient(config);
+        this.integrations = new AdminIntegrationsClient(config);
+        this.environments = new AdminEnvironmentsClient(config);
+    }
+}