npm - @sylphx/management - Versions diffs - 0.1.0 → 0.2.0 - Mend

@sylphx/management 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (259) hide show

package/CHANGELOG.md +88 -0
package/LICENSE +21 -0
package/README.md +157 -101
package/dist/admin.d.ts +141 -0
package/dist/admin.d.ts.map +1 -0
package/dist/admin.js +96 -0
package/dist/adminBootstrap.d.ts +46 -0
package/dist/adminBootstrap.d.ts.map +1 -0
package/dist/adminBootstrap.js +33 -0
package/dist/adminBuilds.d.ts +72 -0
package/dist/adminBuilds.d.ts.map +1 -0
package/dist/adminBuilds.js +29 -0
package/dist/adminEnvServices.d.ts +41 -0
package/dist/adminEnvServices.d.ts.map +1 -0
package/dist/adminEnvServices.js +22 -0
package/dist/adminRateLimits.d.ts +61 -0
package/dist/adminRateLimits.d.ts.map +1 -0
package/dist/adminRateLimits.js +44 -0
package/dist/adminReconcile.d.ts +45 -0
package/dist/adminReconcile.d.ts.map +1 -0
package/dist/adminReconcile.js +20 -0
package/dist/adminResources.d.ts +97 -0
package/dist/adminResources.d.ts.map +1 -0
package/dist/adminResources.js +40 -0
package/dist/adminSecrets.d.ts +60 -0
package/dist/adminSecrets.d.ts.map +1 -0
package/dist/adminSecrets.js +43 -0
package/dist/adminTenants.d.ts +41 -0
package/dist/adminTenants.d.ts.map +1 -0
package/dist/adminTenants.js +29 -0
package/dist/ai.d.ts +148 -0
package/dist/ai.d.ts.map +1 -0
package/dist/ai.js +29 -0
package/dist/analytics.d.ts +49 -0
package/dist/analytics.d.ts.map +1 -0
package/dist/analytics.js +23 -0
package/dist/auth.d.ts +39 -0
package/dist/auth.d.ts.map +1 -0
package/dist/auth.js +27 -0
package/dist/authSettings.d.ts +71 -0
package/dist/authSettings.d.ts.map +1 -0
package/dist/authSettings.js +39 -0
package/dist/backups.d.ts +66 -0
package/dist/backups.d.ts.map +1 -0
package/dist/backups.js +32 -0
package/dist/billing.d.ts +105 -0
package/dist/billing.d.ts.map +1 -0
package/dist/billing.js +42 -0
package/dist/billingSettings.d.ts +78 -0
package/dist/billingSettings.d.ts.map +1 -0
package/dist/billingSettings.js +54 -0
package/dist/branchDatabases.d.ts +53 -0
package/dist/branchDatabases.d.ts.map +1 -0
package/dist/branchDatabases.js +38 -0
package/dist/certs.d.ts +63 -0
package/dist/certs.d.ts.map +1 -0
package/dist/certs.js +28 -0
package/dist/ciSettings.d.ts +77 -0
package/dist/ciSettings.d.ts.map +1 -0
package/dist/ciSettings.js +41 -0
package/dist/client.d.ts +36 -38
package/dist/client.d.ts.map +1 -1
package/dist/client.js +32 -90
package/dist/consent.d.ts +111 -0
package/dist/consent.d.ts.map +1 -0
package/dist/consent.js +35 -0
package/dist/databases.d.ts +17 -0
package/dist/databases.d.ts.map +1 -0
package/dist/databases.js +32 -0
package/dist/deployments.d.ts +22 -0
package/dist/deployments.d.ts.map +1 -0
package/dist/deployments.js +39 -0
package/dist/domains.d.ts +26 -0
package/dist/domains.d.ts.map +1 -0
package/dist/domains.js +39 -0
package/dist/edgeDeployments.d.ts +43 -0
package/dist/edgeDeployments.d.ts.map +1 -0
package/dist/edgeDeployments.js +32 -0
package/dist/email.d.ts +45 -0
package/dist/email.d.ts.map +1 -0
package/dist/email.js +21 -0
package/dist/engagement.d.ts +100 -0
package/dist/engagement.d.ts.map +1 -0
package/dist/engagement.js +28 -0
package/dist/envVars.d.ts +17 -0
package/dist/envVars.d.ts.map +1 -0
package/dist/envVars.js +34 -0
package/dist/environments.d.ts +41 -0
package/dist/environments.d.ts.map +1 -0
package/dist/environments.js +54 -0
package/dist/errors.d.ts +8 -3
package/dist/errors.d.ts.map +1 -1
package/dist/errors.js +8 -2
package/dist/experiments.d.ts +80 -0
package/dist/experiments.d.ts.map +1 -0
package/dist/experiments.js +23 -0
package/dist/flags.d.ts +85 -0
package/dist/flags.d.ts.map +1 -0
package/dist/flags.js +25 -0
package/dist/functions.d.ts +39 -0
package/dist/functions.d.ts.map +1 -0
package/dist/functions.js +40 -0
package/dist/github.d.ts +33 -0
package/dist/github.d.ts.map +1 -0
package/dist/github.js +22 -0
package/dist/http.d.ts +28 -0
package/dist/http.d.ts.map +1 -0
package/dist/http.js +71 -0
package/dist/index.d.ts +85 -20
package/dist/index.d.ts.map +1 -1
package/dist/index.js +86 -20
package/dist/kv.d.ts +66 -0
package/dist/kv.d.ts.map +1 -0
package/dist/kv.js +36 -0
package/dist/logs.d.ts +14 -0
package/dist/logs.d.ts.map +1 -0
package/dist/logs.js +17 -0
package/dist/management.d.ts +55 -0
package/dist/management.d.ts.map +1 -0
package/dist/management.js +31 -0
package/dist/monitoring.d.ts +65 -0
package/dist/monitoring.d.ts.map +1 -0
package/dist/monitoring.js +29 -0
package/dist/newsletter.d.ts +279 -0
package/dist/newsletter.d.ts.map +1 -0
package/dist/newsletter.js +98 -0
package/dist/notifications.d.ts +30 -0
package/dist/notifications.d.ts.map +1 -0
package/dist/notifications.js +19 -0
package/dist/oidc.d.ts +46 -0
package/dist/oidc.d.ts.map +1 -0
package/dist/oidc.js +25 -0
package/dist/organizations.d.ts +24 -0
package/dist/organizations.d.ts.map +1 -0
package/dist/organizations.js +42 -0
package/dist/plans.d.ts +66 -0
package/dist/plans.d.ts.map +1 -0
package/dist/plans.js +42 -0
package/dist/privacy.d.ts +138 -0
package/dist/privacy.d.ts.map +1 -0
package/dist/privacy.js +41 -0
package/dist/projects.d.ts +14 -0
package/dist/projects.d.ts.map +1 -0
package/dist/projects.js +22 -0
package/dist/realtime.d.ts +33 -0
package/dist/realtime.d.ts.map +1 -0
package/dist/realtime.js +19 -0
package/dist/referrals.d.ts +100 -0
package/dist/referrals.d.ts.map +1 -0
package/dist/referrals.js +33 -0
package/dist/refresh.d.ts +44 -0
package/dist/refresh.d.ts.map +1 -0
package/dist/refresh.js +33 -0
package/dist/remoteConfig.d.ts +15 -0
package/dist/remoteConfig.d.ts.map +1 -0
package/dist/remoteConfig.js +35 -0
package/dist/resourceBindings.d.ts +19 -0
package/dist/resourceBindings.d.ts.map +1 -0
package/dist/resourceBindings.js +24 -0
package/dist/runners.d.ts +60 -0
package/dist/runners.d.ts.map +1 -0
package/dist/runners.js +17 -0
package/dist/saml.d.ts +44 -0
package/dist/saml.d.ts.map +1 -0
package/dist/saml.js +77 -0
package/dist/sandboxes.d.ts +15 -0
package/dist/sandboxes.d.ts.map +1 -0
package/dist/sandboxes.js +18 -0
package/dist/search.d.ts +66 -0
package/dist/search.d.ts.map +1 -0
package/dist/search.js +29 -0
package/dist/secrets.d.ts +50 -0
package/dist/secrets.d.ts.map +1 -0
package/dist/secrets.js +61 -0
package/dist/security.d.ts +58 -0
package/dist/security.d.ts.map +1 -0
package/dist/security.js +49 -0
package/dist/serviceTokenRequests.d.ts +71 -0
package/dist/serviceTokenRequests.d.ts.map +1 -0
package/dist/serviceTokenRequests.js +43 -0
package/dist/serviceTokens.d.ts +65 -0
package/dist/serviceTokens.d.ts.map +1 -0
package/dist/serviceTokens.js +22 -0
package/dist/services.d.ts +10 -0
package/dist/services.d.ts.map +1 -0
package/dist/services.js +15 -0
package/dist/sessionReplay.d.ts +116 -0
package/dist/sessionReplay.d.ts.map +1 -0
package/dist/sessionReplay.js +29 -0
package/dist/storage.d.ts +12 -0
package/dist/storage.d.ts.map +1 -0
package/dist/storage.js +10 -0
package/dist/tasks.d.ts +29 -0
package/dist/tasks.d.ts.map +1 -0
package/dist/tasks.js +29 -0
package/dist/types.d.ts +59 -155
package/dist/types.d.ts.map +1 -1
package/dist/types.js +17 -3
package/dist/user.d.ts +99 -0
package/dist/user.d.ts.map +1 -0
package/dist/user.js +58 -0
package/dist/users.d.ts +9 -0
package/dist/users.d.ts.map +1 -0
package/dist/users.js +11 -0
package/dist/volumes.d.ts +16 -0
package/dist/volumes.d.ts.map +1 -0
package/dist/volumes.js +9 -0
package/dist/webhooks.d.ts +77 -0
package/dist/webhooks.d.ts.map +1 -0
package/dist/webhooks.js +27 -0
package/package.json +194 -5
package/dist/request.d.ts +0 -5
package/dist/request.d.ts.map +0 -1
package/dist/request.js +0 -1
package/dist/resources/config.d.ts +0 -30
package/dist/resources/config.d.ts.map +0 -1
package/dist/resources/config.js +0 -62
package/dist/resources/databases.d.ts +0 -26
package/dist/resources/databases.d.ts.map +0 -1
package/dist/resources/databases.js +0 -29
package/dist/resources/deployments.d.ts +0 -24
package/dist/resources/deployments.d.ts.map +0 -1
package/dist/resources/deployments.js +0 -30
package/dist/resources/domains.d.ts +0 -30
package/dist/resources/domains.d.ts.map +0 -1
package/dist/resources/domains.js +0 -46
package/dist/resources/env-vars.d.ts +0 -19
package/dist/resources/env-vars.d.ts.map +0 -1
package/dist/resources/env-vars.js +0 -30
package/dist/resources/environments.d.ts +0 -16
package/dist/resources/environments.d.ts.map +0 -1
package/dist/resources/environments.js +0 -24
package/dist/resources/logs.d.ts +0 -13
package/dist/resources/logs.d.ts.map +0 -1
package/dist/resources/logs.js +0 -20
package/dist/resources/org.d.ts +0 -15
package/dist/resources/org.d.ts.map +0 -1
package/dist/resources/org.js +0 -25
package/dist/resources/projects.d.ts +0 -19
package/dist/resources/projects.d.ts.map +0 -1
package/dist/resources/projects.js +0 -19
package/dist/resources/resources.d.ts +0 -26
package/dist/resources/resources.d.ts.map +0 -1
package/dist/resources/resources.js +0 -32
package/dist/resources/services.d.ts +0 -21
package/dist/resources/services.d.ts.map +0 -1
package/dist/resources/services.js +0 -30
package/dist/resources/storage.d.ts +0 -21
package/dist/resources/storage.d.ts.map +0 -1
package/dist/resources/storage.js +0 -25
package/dist/resources/tasks.d.ts +0 -42
package/dist/resources/tasks.d.ts.map +0 -1
package/dist/resources/tasks.js +0 -49
package/dist/resources/user.d.ts +0 -9
package/dist/resources/user.d.ts.map +0 -1
package/dist/resources/user.js +0 -10
package/dist/resources/volumes.d.ts +0 -20
package/dist/resources/volumes.d.ts.map +0 -1
package/dist/resources/volumes.js +0 -19

package/dist/adminResources.js ADDED Viewed

@@ -0,0 +1,40 @@
+/**
+ * `@sylphx/management/adminResources` — operator recovery for stuck resources.
+ *
+ * Mirrors `DELETE /admin/resources/:id` in
+ * `apps/api/src/server/platform/routes/admin/resources.ts`. Replaces the
+ * raw `DELETE FROM managed_resources WHERE id=...` historically run from
+ * psql per `docs/how-to/teardown-failure.md`.
+ *
+ * Typical use: an on-call engineer mints a service token scoped to
+ * `platform:resources:forcedelete`, points the CLI
+ * (`sylphx admin resources force-delete <id>`) at the cluster, and the
+ * CLI calls `forceDelete()` here. CI / cron / dashboards call this SDK
+ * directly.
+ */
+import { adminResourcesEndpoints } from '@sylphx/contract';
+import { interpolatePath, request } from './http.js';
+/**
+ * Force-delete a stuck `managed_resources` row. Refuses the call when
+ * `reconcile_status !== 'terminating'` unless `reallyForce=true`. Returns
+ * 404 when the row does not exist; 409 on the wrong-status path.
+ */
+export const forceDelete = (client, id, input) => {
+    const { method, path } = adminResourcesEndpoints.forceDelete;
+    const interpolated = interpolatePath(path, { id });
+    const query = { reason: input.reason };
+    if (input.cascade !== undefined)
+        query.cascade = input.cascade ? 'true' : 'false';
+    if (input.reallyForce !== undefined)
+        query.reallyForce = input.reallyForce ? 'true' : 'false';
+    return request(client, method, interpolated, { query });
+};
+/**
+ * Walk the canonical rotation registry and re-encrypt every row whose
+ * envelope is not under the active KEK. Idempotent: re-running after
+ * convergence rewrites zero rows. Returns 409 on `keyId` mismatch.
+ */
+export const reseal = (client, input) => {
+    const { method, path } = adminResourcesEndpoints.reseal;
+    return request(client, method, path, { body: input });
+};

package/dist/adminSecrets.d.ts ADDED Viewed

@@ -0,0 +1,60 @@
+/**
+ * `@sylphx/management/adminSecrets` — operator-driven secret rotation
+ * audit ledger (G-5).
+ *
+ * Mirrors `/admin/secrets/*` in
+ * `apps/api/src/server/platform/routes/admin/secrets.ts`.
+ *
+ * Auth: service token + scope `platform:secrets:rotate`. Super-admin
+ * sessions are explicitly NOT accepted by the server — rotation MUST be
+ * a programmatic step in an Ops runbook.
+ *
+ * Typical use:
+ *
+ *   sylphx admin rotate-secret --type break-glass --dry-run
+ *   sylphx admin rotate-secret --type break-glass --reason "scheduled 90d cadence"
+ *
+ * dispatches here via `requireAuthEffect` + `withAuthedSdk`. The endpoint
+ * NEVER mints the new secret value; operators paste it into the cluster
+ * Secret store per `docs/runbooks/secret-rotation.md`.
+ */
+import type { Client } from './client.js';
+/** Catalog entry shape mirrored from `AdminSecretStatus` in the contract. */
+export interface AdminSecretStatus {
+    readonly type: 'break-glass' | 'encryption-key' | 'jwt-signing';
+    readonly lastRotatedAt: string | null;
+    readonly ageDays: number | null;
+    readonly cadenceDays: number;
+    readonly overdue: boolean;
+    readonly clusterSecretRef: string;
+}
+export interface ListSecretsResult {
+    readonly secrets: ReadonlyArray<AdminSecretStatus>;
+}
+export interface RotateSecretInput {
+    readonly type: 'break-glass' | 'encryption-key' | 'jwt-signing';
+    readonly dryRun?: boolean;
+    readonly reason?: string;
+}
+export interface RotateSecretResult {
+    readonly rotated: boolean;
+    readonly status: AdminSecretStatus;
+    readonly auditLogId: string | null;
+    readonly message: string;
+}
+/**
+ * List the rotation status of every rotatable platform secret.
+ *
+ * Used by the `sylphx_secret_age_days` Prometheus alert evaluator and
+ * the Console operator dashboard's secret-rotation widget.
+ */
+export declare const list: (client: Client) => Promise<ListSecretsResult>;
+/**
+ * Record a rotation event.
+ *
+ * `dryRun=true` returns the eligibility report without writing an
+ * `audit_logs` row (the `secret_rotation_events` row is still inserted
+ * with `is_real=false` so the alert evaluator can read fresh state).
+ */
+export declare const rotate: (client: Client, body: RotateSecretInput) => Promise<RotateSecretResult>;
+//# sourceMappingURL=adminSecrets.d.ts.map

package/dist/adminSecrets.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"adminSecrets.d.ts","sourceRoot":"","sources":["../src/adminSecrets.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAGH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAGzC,6EAA6E;AAC7E,MAAM,WAAW,iBAAiB;IACjC,QAAQ,CAAC,IAAI,EAAE,aAAa,GAAG,gBAAgB,GAAG,aAAa,CAAA;IAC/D,QAAQ,CAAC,aAAa,EAAE,MAAM,GAAG,IAAI,CAAA;IACrC,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAA;IAC/B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAA;CACjC;AAED,MAAM,WAAW,iBAAiB;IACjC,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,iBAAiB,CAAC,CAAA;CAClD;AAED,MAAM,WAAW,iBAAiB;IACjC,QAAQ,CAAC,IAAI,EAAE,aAAa,GAAG,gBAAgB,GAAG,aAAa,CAAA;IAC/D,QAAQ,CAAC,MAAM,CAAC,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CACxB;AAED,MAAM,WAAW,kBAAkB;IAClC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,MAAM,EAAE,iBAAiB,CAAA;IAClC,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IAClC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;CACxB;AAED;;;;;GAKG;AACH,eAAO,MAAM,IAAI,GAAI,QAAQ,MAAM,KAAG,OAAO,CAAC,iBAAiB,CAG9D,CAAA;AAED;;;;;;GAMG;AACH,eAAO,MAAM,MAAM,GAAI,QAAQ,MAAM,EAAE,MAAM,iBAAiB,KAAG,OAAO,CAAC,kBAAkB,CAG1F,CAAA"}

package/dist/adminSecrets.js ADDED Viewed

@@ -0,0 +1,43 @@
+/**
+ * `@sylphx/management/adminSecrets` — operator-driven secret rotation
+ * audit ledger (G-5).
+ *
+ * Mirrors `/admin/secrets/*` in
+ * `apps/api/src/server/platform/routes/admin/secrets.ts`.
+ *
+ * Auth: service token + scope `platform:secrets:rotate`. Super-admin
+ * sessions are explicitly NOT accepted by the server — rotation MUST be
+ * a programmatic step in an Ops runbook.
+ *
+ * Typical use:
+ *
+ *   sylphx admin rotate-secret --type break-glass --dry-run
+ *   sylphx admin rotate-secret --type break-glass --reason "scheduled 90d cadence"
+ *
+ * dispatches here via `requireAuthEffect` + `withAuthedSdk`. The endpoint
+ * NEVER mints the new secret value; operators paste it into the cluster
+ * Secret store per `docs/runbooks/secret-rotation.md`.
+ */
+import { adminSecretsEndpoints } from '@sylphx/contract';
+import { request } from './http.js';
+/**
+ * List the rotation status of every rotatable platform secret.
+ *
+ * Used by the `sylphx_secret_age_days` Prometheus alert evaluator and
+ * the Console operator dashboard's secret-rotation widget.
+ */
+export const list = (client) => {
+    const { method, path } = adminSecretsEndpoints.list;
+    return request(client, method, path, {});
+};
+/**
+ * Record a rotation event.
+ *
+ * `dryRun=true` returns the eligibility report without writing an
+ * `audit_logs` row (the `secret_rotation_events` row is still inserted
+ * with `is_real=false` so the alert evaluator can read fresh state).
+ */
+export const rotate = (client, body) => {
+    const { method, path } = adminSecretsEndpoints.rotate;
+    return request(client, method, path, { body });
+};

package/dist/adminTenants.d.ts ADDED Viewed

@@ -0,0 +1,41 @@
+/**
+ * `@sylphx/management/adminTenants` — headless tenant provisioning.
+ *
+ * Mirrors `POST /admin/tenants/` in
+ * `apps/api/src/server/platform/routes/admin/tenants.ts`. Replaces the
+ * legacy `POST /admin/bootstrap` call (ADR-089 Phase 7.5): same inputs
+ * and outputs; the caller now authenticates with a service token
+ * (`svc_*`) carrying scope `platform:tenants:provision` rather than the
+ * retired `SYLPHX_BOOTSTRAP_KEY` shared secret.
+ *
+ * Typical use: a CI job or ops script mints a scoped service token via
+ * `sylphx tokens create --scope platform:tenants:provision ...`, stores
+ * it in the operator's secret store, and calls `tenants.create` to
+ * onboard a new org headlessly.
+ */
+import type { Client } from './client.js';
+export interface CreateTenantInput {
+    readonly orgName: string;
+    readonly orgSlug: string;
+    readonly projectName: string;
+    readonly projectSlug: string;
+    readonly ownerEmail: string;
+}
+export interface CreateTenantResult {
+    readonly orgId: string;
+    readonly projectId: string;
+    /** `sk_{env}_{64hex}` — production secret key. Returned raw, once. */
+    readonly secretKey: string;
+    /** `pk_{env}_{32hex}` — production publishable key. Returned raw, once. */
+    readonly publishableKey: string;
+}
+/**
+ * Provision a brand-new tenant (organization + initial project + dev and
+ * production environments) in a single transaction.
+ *
+ * The returned `secretKey` / `publishableKey` are the raw production
+ * credentials — only SHA-256 hashes are retained server-side. Callers
+ * MUST persist them immediately; they cannot be retrieved again.
+ */
+export declare const create: (client: Client, input: CreateTenantInput) => Promise<CreateTenantResult>;
+//# sourceMappingURL=adminTenants.d.ts.map

package/dist/adminTenants.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"adminTenants.d.ts","sourceRoot":"","sources":["../src/adminTenants.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAGH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAGzC,MAAM,WAAW,iBAAiB;IACjC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAA;CAC3B;AAED,MAAM,WAAW,kBAAkB;IAClC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,sEAAsE;IACtE,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,2EAA2E;IAC3E,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAA;CAC/B;AAED;;;;;;;GAOG;AACH,eAAO,MAAM,MAAM,GAAI,QAAQ,MAAM,EAAE,OAAO,iBAAiB,KAAG,OAAO,CAAC,kBAAkB,CAG3F,CAAA"}

package/dist/adminTenants.js ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * `@sylphx/management/adminTenants` — headless tenant provisioning.
+ *
+ * Mirrors `POST /admin/tenants/` in
+ * `apps/api/src/server/platform/routes/admin/tenants.ts`. Replaces the
+ * legacy `POST /admin/bootstrap` call (ADR-089 Phase 7.5): same inputs
+ * and outputs; the caller now authenticates with a service token
+ * (`svc_*`) carrying scope `platform:tenants:provision` rather than the
+ * retired `SYLPHX_BOOTSTRAP_KEY` shared secret.
+ *
+ * Typical use: a CI job or ops script mints a scoped service token via
+ * `sylphx tokens create --scope platform:tenants:provision ...`, stores
+ * it in the operator's secret store, and calls `tenants.create` to
+ * onboard a new org headlessly.
+ */
+import { adminTenantsEndpoints } from '@sylphx/contract';
+import { request } from './http.js';
+/**
+ * Provision a brand-new tenant (organization + initial project + dev and
+ * production environments) in a single transaction.
+ *
+ * The returned `secretKey` / `publishableKey` are the raw production
+ * credentials — only SHA-256 hashes are retained server-side. Callers
+ * MUST persist them immediately; they cannot be retrieved again.
+ */
+export const create = (client, input) => {
+    const { method, path } = adminTenantsEndpoints.create;
+    return request(client, method, path, { body: input });
+};

package/dist/ai.d.ts ADDED Viewed

@@ -0,0 +1,148 @@
+/**
+ * AI gateway — cross-model usage, cost tracking, per-project config.
+ *
+ *   GET   /ai/overview                        — platform-wide totals (admin only)
+ *   GET   /ai/projects/:projectId/usage       — per-project rollup
+ *   GET   /ai/trends                          — cost trend time-series (admin only)
+ *   GET   /ai/projects/:projectId/config      — model allow/block lists + rate limits
+ *   PATCH /ai/projects/:projectId/config      — update model config
+ *
+ * Costs are returned both as integer microdollars (safe for arithmetic)
+ * and a human-friendly `formatted` string; prefer the former for any math.
+ * Latency percentiles (`p95Ms`) are rounded to whole milliseconds.
+ */
+import type { Client } from './client.js';
+export type Period = 'day' | 'week' | 'month';
+export type Interval = 'hour' | 'day';
+export type TrendPeriod = 'week' | 'month';
+export interface Cost {
+    readonly microdollars: number;
+    readonly formatted: string;
+}
+export interface UsageByProject {
+    readonly projectId: string;
+    readonly projectName: string;
+    readonly requests: number;
+    readonly inputTokens: number;
+    readonly outputTokens: number;
+    readonly cost: Cost;
+    readonly successRate: number;
+}
+export interface UsageByModel {
+    readonly model: string;
+    readonly requests: number;
+    readonly tokens: number;
+    readonly cost: Cost;
+}
+export interface UsageByProvider {
+    readonly provider: string;
+    readonly requests: number;
+    readonly tokens: number;
+    readonly cost: Cost;
+}
+export interface UsageByType {
+    readonly type: string;
+    readonly requests: number;
+    readonly tokens: number;
+}
+export interface RecentError {
+    readonly id: string;
+    readonly model: string;
+    readonly type: string;
+    readonly error: string | null;
+    readonly code: string | null;
+    readonly timestamp: string;
+}
+export interface OverviewResult {
+    readonly period: Period;
+    readonly totals: {
+        readonly requests: number;
+        readonly tokens: number;
+        readonly cost: Cost;
+        readonly avgLatencyMs: number;
+        readonly successRate: number;
+    };
+    readonly byProject: readonly UsageByProject[];
+    readonly byModel: readonly UsageByModel[];
+    readonly byProvider: readonly UsageByProvider[];
+}
+export declare const overview: (client: Client, period?: Period) => Promise<OverviewResult>;
+export interface ProjectUsageResult {
+    readonly app: {
+        readonly id: string;
+        readonly name: string;
+        readonly slug: string;
+    };
+    readonly period: Period;
+    readonly stats: {
+        readonly requests: number;
+        readonly inputTokens: number;
+        readonly outputTokens: number;
+        readonly cost: Cost;
+        readonly latency: {
+            readonly avgMs: number;
+            readonly p95Ms: number;
+        };
+        readonly successRate: number;
+    };
+    readonly byModel: readonly UsageByModel[];
+    readonly byType: readonly UsageByType[];
+    readonly recentErrors: readonly RecentError[];
+}
+export declare const projectUsage: (client: Client, projectId: string, period?: Period) => Promise<ProjectUsageResult>;
+export interface TrendPoint {
+    readonly timestamp: string;
+    readonly requests: number;
+    readonly tokens: number;
+    readonly cost: Cost;
+    readonly avgLatencyMs: number;
+}
+export interface TrendsResult {
+    readonly period: TrendPeriod;
+    readonly interval: Interval;
+    readonly data: readonly TrendPoint[];
+}
+export interface TrendsOptions {
+    readonly projectId?: string;
+    readonly period?: TrendPeriod;
+    readonly interval?: Interval;
+}
+export declare const trends: (client: Client, options?: TrendsOptions) => Promise<TrendsResult>;
+export interface ModelConfig {
+    readonly defaultMaxTokens: number;
+    readonly defaultTemperature: number;
+    readonly enableCaching: boolean;
+    readonly allowedModels: readonly string[] | null;
+    readonly blockedModels: readonly string[] | null;
+}
+export interface RateLimit {
+    readonly id: string;
+    readonly modelPattern: string;
+    readonly requestsPerMinute: number | null;
+    readonly requestsPerDay: number | null;
+    readonly tokensPerMinute: number | null;
+    readonly tokensPerDay: number | null;
+    readonly costPerDayMicrodollars: number | null;
+    readonly isActive: boolean;
+}
+export interface ProjectConfigResult {
+    readonly app: {
+        readonly id: string;
+        readonly name: string;
+        readonly slug: string;
+    };
+    readonly config: ModelConfig;
+    readonly rateLimits: readonly RateLimit[];
+}
+export declare const getProjectConfig: (client: Client, projectId: string) => Promise<ProjectConfigResult>;
+export interface UpdateProjectConfigInput {
+    readonly defaultMaxTokens?: number;
+    readonly defaultTemperature?: number;
+    readonly enableCaching?: boolean;
+    readonly allowedModels?: readonly string[] | null;
+    readonly blockedModels?: readonly string[] | null;
+}
+export declare const updateProjectConfig: (client: Client, projectId: string, input: UpdateProjectConfigInput) => Promise<{
+    success: boolean;
+}>;
+//# sourceMappingURL=ai.d.ts.map

package/dist/ai.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"ai.d.ts","sourceRoot":"","sources":["../src/ai.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAGzC,MAAM,MAAM,MAAM,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,CAAA;AAC7C,MAAM,MAAM,QAAQ,GAAG,MAAM,GAAG,KAAK,CAAA;AACrC,MAAM,MAAM,WAAW,GAAG,MAAM,GAAG,OAAO,CAAA;AAE1C,MAAM,WAAW,IAAI;IACpB,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;CAC1B;AAED,MAAM,WAAW,cAAc;IAC9B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAA;IACnB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAC5B;AAED,MAAM,WAAW,YAAY;IAC5B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAA;CACnB;AAED,MAAM,WAAW,eAAe;IAC/B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAA;CACnB;AAED,MAAM,WAAW,WAAW;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;CACvB;AAED,MAAM,WAAW,WAAW;IAC3B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;CAC1B;AAED,MAAM,WAAW,cAAc;IAC9B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,MAAM,EAAE;QAChB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;QACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;QACvB,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAA;QACnB,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;QAC7B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;KAC5B,CAAA;IACD,QAAQ,CAAC,SAAS,EAAE,SAAS,cAAc,EAAE,CAAA;IAC7C,QAAQ,CAAC,OAAO,EAAE,SAAS,YAAY,EAAE,CAAA;IACzC,QAAQ,CAAC,UAAU,EAAE,SAAS,eAAe,EAAE,CAAA;CAC/C;AAED,eAAO,MAAM,QAAQ,GAAI,QAAQ,MAAM,EAAE,SAAS,MAAM,KAAG,OAAO,CAAC,cAAc,CACnB,CAAA;AAE9D,MAAM,WAAW,kBAAkB;IAClC,QAAQ,CAAC,GAAG,EAAE;QAAE,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAA;IACnF,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,KAAK,EAAE;QACf,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;QACzB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;QAC5B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;QAC7B,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAA;QACnB,QAAQ,CAAC,OAAO,EAAE;YAAE,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;YAAC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;SAAE,CAAA;QACpE,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;KAC5B,CAAA;IACD,QAAQ,CAAC,OAAO,EAAE,SAAS,YAAY,EAAE,CAAA;IACzC,QAAQ,CAAC,MAAM,EAAE,SAAS,WAAW,EAAE,CAAA;IACvC,QAAQ,CAAC,YAAY,EAAE,SAAS,WAAW,EAAE,CAAA;CAC7C;AAED,eAAO,MAAM,YAAY,GACxB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,SAAS,MAAM,KACb,OAAO,CAAC,kBAAkB,CAG1B,CAAA;AAEH,MAAM,WAAW,UAAU;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,IAAI,EAAE,IAAI,CAAA;IACnB,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;CAC7B;AAED,MAAM,WAAW,YAAY;IAC5B,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAA;IAC5B,QAAQ,CAAC,QAAQ,EAAE,QAAQ,CAAA;IAC3B,QAAQ,CAAC,IAAI,EAAE,SAAS,UAAU,EAAE,CAAA;CACpC;AAED,MAAM,WAAW,aAAa;IAC7B,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;IAC3B,QAAQ,CAAC,MAAM,CAAC,EAAE,WAAW,CAAA;IAC7B,QAAQ,CAAC,QAAQ,CAAC,EAAE,QAAQ,CAAA;CAC5B;AAED,eAAO,MAAM,MAAM,GAAI,QAAQ,MAAM,EAAE,UAAU,aAAa,KAAG,OAAO,CAAC,YAAY,CAOlF,CAAA;AAEH,MAAM,WAAW,WAAW;IAC3B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAA;IACjC,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAA;IACnC,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAA;IAC/B,QAAQ,CAAC,aAAa,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAA;IAChD,QAAQ,CAAC,aAAa,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAA;CAChD;AAED,MAAM,WAAW,SAAS;IACzB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAA;IACzC,QAAQ,CAAC,cAAc,EAAE,MAAM,GAAG,IAAI,CAAA;IACtC,QAAQ,CAAC,eAAe,EAAE,MAAM,GAAG,IAAI,CAAA;IACvC,QAAQ,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,CAAA;IACpC,QAAQ,CAAC,sBAAsB,EAAE,MAAM,GAAG,IAAI,CAAA;IAC9C,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAA;CAC1B;AAED,MAAM,WAAW,mBAAmB;IACnC,QAAQ,CAAC,GAAG,EAAE;QAAE,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAA;IACnF,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAA;IAC5B,QAAQ,CAAC,UAAU,EAAE,SAAS,SAAS,EAAE,CAAA;CACzC;AAED,eAAO,MAAM,gBAAgB,GAAI,QAAQ,MAAM,EAAE,WAAW,MAAM,KAAG,OAAO,CAAC,mBAAmB,CACjB,CAAA;AAE/E,MAAM,WAAW,wBAAwB;IACxC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAA;IAClC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAA;IACpC,QAAQ,CAAC,aAAa,CAAC,EAAE,OAAO,CAAA;IAChC,QAAQ,CAAC,aAAa,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAA;IACjD,QAAQ,CAAC,aAAa,CAAC,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAA;CACjD;AAED,eAAO,MAAM,mBAAmB,GAC/B,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,OAAO,wBAAwB,KAC7B,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAA;CAAE,CAG5B,CAAA"}

package/dist/ai.js ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * AI gateway — cross-model usage, cost tracking, per-project config.
+ *
+ *   GET   /ai/overview                        — platform-wide totals (admin only)
+ *   GET   /ai/projects/:projectId/usage       — per-project rollup
+ *   GET   /ai/trends                          — cost trend time-series (admin only)
+ *   GET   /ai/projects/:projectId/config      — model allow/block lists + rate limits
+ *   PATCH /ai/projects/:projectId/config      — update model config
+ *
+ * Costs are returned both as integer microdollars (safe for arithmetic)
+ * and a human-friendly `formatted` string; prefer the former for any math.
+ * Latency percentiles (`p95Ms`) are rounded to whole milliseconds.
+ */
+import { request } from './http.js';
+export const overview = (client, period) => request(client, 'GET', '/ai/overview', { query: { period } });
+export const projectUsage = (client, projectId, period) => request(client, 'GET', `/ai/projects/${encodeURIComponent(projectId)}/usage`, {
+    query: { period },
+});
+export const trends = (client, options) => request(client, 'GET', '/ai/trends', {
+    query: {
+        projectId: options?.projectId,
+        period: options?.period,
+        interval: options?.interval,
+    },
+});
+export const getProjectConfig = (client, projectId) => request(client, 'GET', `/ai/projects/${encodeURIComponent(projectId)}/config`);
+export const updateProjectConfig = (client, projectId, input) => request(client, 'PATCH', `/ai/projects/${encodeURIComponent(projectId)}/config`, {
+    body: input,
+});

package/dist/analytics.d.ts ADDED Viewed

@@ -0,0 +1,49 @@
+/**
+ * Product analytics — data-routing destinations + user segmentation cohorts.
+ *
+ *   GET    /analytics/projects/:p/destinations
+ *   POST   /analytics/projects/:p/destinations
+ *   DELETE /analytics/projects/:p/destinations/:id
+ *   GET    /analytics/projects/:p/cohorts
+ *   POST   /analytics/projects/:p/cohorts
+ *
+ * `destinations` route events to third-party systems (BigQuery, Snowflake,
+ * Segment, Amplitude, webhook, …); `cohorts` define dynamic user segments
+ * either via a structured predicate or a SQL fragment.
+ */
+import type { Client } from './client.js';
+export interface Destination {
+    readonly id: string;
+    readonly type: string;
+    readonly name: string | null;
+    readonly enabled: boolean;
+    readonly createdAt: string;
+}
+export declare const listDestinations: (client: Client, projectId: string) => Promise<{
+    destinations: readonly Destination[];
+}>;
+export interface AddDestinationInput {
+    readonly type: string;
+    readonly credentials: Readonly<Record<string, unknown>>;
+    readonly enabled?: boolean;
+    readonly name?: string;
+}
+export declare const addDestination: (client: Client, projectId: string, input: AddDestinationInput) => Promise<Destination>;
+export declare const removeDestination: (client: Client, projectId: string, destinationId: string) => Promise<void>;
+export interface Cohort {
+    readonly id: string;
+    readonly name: string;
+    readonly cohortType: string;
+    readonly memberCount: number | null;
+    readonly createdAt: string;
+}
+export declare const listCohorts: (client: Client, projectId: string) => Promise<{
+    cohorts: readonly Cohort[];
+}>;
+export interface CreateCohortInput {
+    readonly name: string;
+    readonly definition: unknown;
+    readonly cohortType?: 'dynamic' | 'static';
+}
+export declare const createCohort: (client: Client, projectId: string, input: CreateCohortInput) => Promise<Cohort>;
+//# sourceMappingURL=analytics.d.ts.map

package/dist/analytics.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"analytics.d.ts","sourceRoot":"","sources":["../src/analytics.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAKzC,MAAM,WAAW,WAAW;IAC3B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;CAC1B;AAED,eAAO,MAAM,gBAAgB,GAC5B,QAAQ,MAAM,EACd,WAAW,MAAM,KACf,OAAO,CAAC;IAAE,YAAY,EAAE,SAAS,WAAW,EAAE,CAAA;CAAE,CACyC,CAAA;AAE5F,MAAM,WAAW,mBAAmB;IACnC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,WAAW,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAA;IACvD,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAA;IAC1B,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CACtB;AAED,eAAO,MAAM,cAAc,GAC1B,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,OAAO,mBAAmB,KACxB,OAAO,CAAC,WAAW,CAGnB,CAAA;AAEH,eAAO,MAAM,iBAAiB,GAC7B,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,eAAe,MAAM,KACnB,OAAO,CAAC,IAAI,CAKb,CAAA;AAIF,MAAM,WAAW,MAAM;IACtB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAA;IAC3B,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IACnC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;CAC1B;AAED,eAAO,MAAM,WAAW,GACvB,QAAQ,MAAM,EACd,WAAW,MAAM,KACf,OAAO,CAAC;IAAE,OAAO,EAAE,SAAS,MAAM,EAAE,CAAA;CAAE,CAC8C,CAAA;AAEvF,MAAM,WAAW,iBAAiB;IACjC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAA;IAC5B,QAAQ,CAAC,UAAU,CAAC,EAAE,SAAS,GAAG,QAAQ,CAAA;CAC1C;AAED,eAAO,MAAM,YAAY,GACxB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,OAAO,iBAAiB,KACtB,OAAO,CAAC,MAAM,CAGd,CAAA"}

package/dist/analytics.js ADDED Viewed

@@ -0,0 +1,23 @@
+/**
+ * Product analytics — data-routing destinations + user segmentation cohorts.
+ *
+ *   GET    /analytics/projects/:p/destinations
+ *   POST   /analytics/projects/:p/destinations
+ *   DELETE /analytics/projects/:p/destinations/:id
+ *   GET    /analytics/projects/:p/cohorts
+ *   POST   /analytics/projects/:p/cohorts
+ *
+ * `destinations` route events to third-party systems (BigQuery, Snowflake,
+ * Segment, Amplitude, webhook, …); `cohorts` define dynamic user segments
+ * either via a structured predicate or a SQL fragment.
+ */
+import { request } from './http.js';
+export const listDestinations = (client, projectId) => request(client, 'GET', `/analytics/projects/${encodeURIComponent(projectId)}/destinations`);
+export const addDestination = (client, projectId, input) => request(client, 'POST', `/analytics/projects/${encodeURIComponent(projectId)}/destinations`, {
+    body: { enabled: true, ...input },
+});
+export const removeDestination = (client, projectId, destinationId) => request(client, 'DELETE', `/analytics/projects/${encodeURIComponent(projectId)}/destinations/${encodeURIComponent(destinationId)}`);
+export const listCohorts = (client, projectId) => request(client, 'GET', `/analytics/projects/${encodeURIComponent(projectId)}/cohorts`);
+export const createCohort = (client, projectId, input) => request(client, 'POST', `/analytics/projects/${encodeURIComponent(projectId)}/cohorts`, {
+    body: { cohortType: 'dynamic', ...input },
+});

package/dist/auth.d.ts ADDED Viewed

@@ -0,0 +1,39 @@
+/**
+ * Auth admin namespace — thin re-export wrapper over `authSettings.ts`.
+ *
+ * The Platform route `apps/api/src/server/platform/routes/auth.ts`
+ * carries an `auth` top-level namespace in the coverage inventory.
+ * Consumers read more cleanly when the settings surface is called
+ * `authSettings` (distinguishes it from `@sylphx/sdk.auth` on the BaaS
+ * plane, which owns end-user sign-in / sign-up).
+ *
+ * This file re-binds every export of `authSettings.ts` as a local
+ * `export const` so that both:
+ *
+ *   - `@sylphx/management/auth`          — maps 1:1 to `authEndpoints`
+ *   - `@sylphx/management/authSettings`  — ergonomic alias
+ *
+ * resolve to the same transport functions, and the ADR-089 S7 coverage
+ * guard matches the route namespace 1:1.
+ *
+ * @see ./authSettings.ts — source of truth
+ */
+import * as settings from './authSettings.js';
+export declare const getOAuthProviders: (client: import("./client.js").Client) => Promise<{
+    providers: readonly settings.OAuthProviderConfig[];
+}>;
+export declare const updateOAuthProviders: (client: import("./client.js").Client, body: settings.UpdateOAuthProvidersInput) => Promise<{
+    providers: readonly settings.OAuthProviderConfig[];
+}>;
+export declare const rotateOAuthSecret: (client: import("./client.js").Client, provider: string, newClientSecret: string) => Promise<{
+    providers: readonly settings.OAuthProviderConfig[];
+}>;
+export declare const getAuthSettings: (client: import("./client.js").Client) => Promise<{
+    settings: settings.AuthSettings;
+}>;
+export declare const updateAuthSettings: (client: import("./client.js").Client, body: Partial<settings.AuthSettings>) => Promise<{
+    settings: settings.AuthSettings;
+}>;
+export declare const getAuthStats: (client: import("./client.js").Client) => Promise<settings.AuthStats>;
+export type { AuthSettings, AuthStats, OAuthProviderConfig, UpdateOAuthProvidersInput, } from './authSettings.js';
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,KAAK,QAAQ,MAAM,mBAAmB,CAAA;AAE7C,eAAO,MAAM,iBAAiB;;EAA6B,CAAA;AAC3D,eAAO,MAAM,oBAAoB;;EAAgC,CAAA;AACjE,eAAO,MAAM,iBAAiB;;EAA6B,CAAA;AAC3D,eAAO,MAAM,eAAe;;EAA2B,CAAA;AACvD,eAAO,MAAM,kBAAkB;;EAA8B,CAAA;AAC7D,eAAO,MAAM,YAAY,uEAAwB,CAAA;AAEjD,YAAY,EACX,YAAY,EACZ,SAAS,EACT,mBAAmB,EACnB,yBAAyB,GACzB,MAAM,mBAAmB,CAAA"}

package/dist/auth.js ADDED Viewed

@@ -0,0 +1,27 @@
+/**
+ * Auth admin namespace — thin re-export wrapper over `authSettings.ts`.
+ *
+ * The Platform route `apps/api/src/server/platform/routes/auth.ts`
+ * carries an `auth` top-level namespace in the coverage inventory.
+ * Consumers read more cleanly when the settings surface is called
+ * `authSettings` (distinguishes it from `@sylphx/sdk.auth` on the BaaS
+ * plane, which owns end-user sign-in / sign-up).
+ *
+ * This file re-binds every export of `authSettings.ts` as a local
+ * `export const` so that both:
+ *
+ *   - `@sylphx/management/auth`          — maps 1:1 to `authEndpoints`
+ *   - `@sylphx/management/authSettings`  — ergonomic alias
+ *
+ * resolve to the same transport functions, and the ADR-089 S7 coverage
+ * guard matches the route namespace 1:1.
+ *
+ * @see ./authSettings.ts — source of truth
+ */
+import * as settings from './authSettings.js';
+export const getOAuthProviders = settings.getOAuthProviders;
+export const updateOAuthProviders = settings.updateOAuthProviders;
+export const rotateOAuthSecret = settings.rotateOAuthSecret;
+export const getAuthSettings = settings.getAuthSettings;
+export const updateAuthSettings = settings.updateAuthSettings;
+export const getAuthStats = settings.getAuthStats;

package/dist/authSettings.d.ts ADDED Viewed

@@ -0,0 +1,71 @@
+/**
+ * Platform-admin auth settings — OAuth provider configuration, auth
+ * policy settings, auth stats. Distinct from `@sylphx/sdk.auth.*` (end-
+ * user credentials on the BaaS plane) and from session / password /
+ * device endpoints (which are Management but operator-self-service).
+ *
+ * Mirrors the `authAdminEndpoints` portion of
+ * `apps/api/src/server/platform/routes/auth.ts`.
+ */
+import type { Client } from './client.js';
+export interface OAuthProviderConfig {
+    readonly provider: 'google' | 'github' | 'microsoft' | 'apple' | string;
+    readonly enabled: boolean;
+    readonly clientId: string | null;
+    readonly hasClientSecret: boolean;
+    readonly scopes: readonly string[];
+    readonly updatedAt: string | null;
+}
+export declare const getOAuthProviders: (client: Client) => Promise<{
+    providers: readonly OAuthProviderConfig[];
+}>;
+export interface UpdateOAuthProvidersInput {
+    readonly providers: readonly {
+        readonly provider: string;
+        readonly enabled: boolean;
+        readonly clientId?: string;
+        /** Omit to keep the stored secret; pass `null` to clear; pass a new string to rotate. */
+        readonly clientSecret?: string | null;
+        readonly scopes?: readonly string[];
+    }[];
+}
+export declare const updateOAuthProviders: (client: Client, body: UpdateOAuthProvidersInput) => Promise<{
+    providers: readonly OAuthProviderConfig[];
+}>;
+/**
+ * Rotate a single OAuth provider's client secret without touching the
+ * rest of the provider list. Convenience wrapper over
+ * `updateOAuthProviders` — Phase 4b SOTA addition (ADR-089 Matrix 2 gap).
+ */
+export declare const rotateOAuthSecret: (client: Client, provider: string, newClientSecret: string) => Promise<{
+    providers: readonly OAuthProviderConfig[];
+}>;
+export interface AuthSettings {
+    readonly passwordMinLength: number;
+    readonly passwordRequireMixedCase: boolean;
+    readonly passwordRequireDigits: boolean;
+    readonly passwordRequireSymbols: boolean;
+    readonly mfaRequired: boolean;
+    readonly mfaGracePeriodDays: number;
+    readonly sessionMaxAgeSeconds: number;
+    readonly sessionIdleTimeoutSeconds: number;
+    readonly allowSignup: boolean;
+    readonly allowedEmailDomains: readonly string[] | null;
+}
+export declare const getAuthSettings: (client: Client) => Promise<{
+    settings: AuthSettings;
+}>;
+export declare const updateAuthSettings: (client: Client, body: Partial<AuthSettings>) => Promise<{
+    settings: AuthSettings;
+}>;
+export interface AuthStats {
+    readonly totalUsers: number;
+    readonly activeLast24h: number;
+    readonly activeLast7d: number;
+    readonly signupsLast24h: number;
+    readonly mfaEnabledCount: number;
+    readonly passkeyEnrolledCount: number;
+    readonly failedLoginsLast24h: number;
+}
+export declare const getAuthStats: (client: Client) => Promise<AuthStats>;
+//# sourceMappingURL=authSettings.d.ts.map

package/dist/authSettings.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"authSettings.d.ts","sourceRoot":"","sources":["../src/authSettings.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAGzC,MAAM,WAAW,mBAAmB;IACnC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,GAAG,QAAQ,GAAG,WAAW,GAAG,OAAO,GAAG,MAAM,CAAA;IACvE,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IAChC,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAA;IACjC,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAA;IAClC,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;CACjC;AAED,eAAO,MAAM,iBAAiB,GAC7B,QAAQ,MAAM,KACZ,OAAO,CAAC;IAAE,SAAS,EAAE,SAAS,mBAAmB,EAAE,CAAA;CAAE,CAGvD,CAAA;AAED,MAAM,WAAW,yBAAyB;IACzC,QAAQ,CAAC,SAAS,EAAE,SAAS;QAC5B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;QACzB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;QACzB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;QAC1B,yFAAyF;QACzF,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;QACrC,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;KACnC,EAAE,CAAA;CACH;AAED,eAAO,MAAM,oBAAoB,GAChC,QAAQ,MAAM,EACd,MAAM,yBAAyB,KAC7B,OAAO,CAAC;IAAE,SAAS,EAAE,SAAS,mBAAmB,EAAE,CAAA;CAAE,CAGvD,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,iBAAiB,GAC7B,QAAQ,MAAM,EACd,UAAU,MAAM,EAChB,iBAAiB,MAAM,KACrB,OAAO,CAAC;IAAE,SAAS,EAAE,SAAS,mBAAmB,EAAE,CAAA;CAAE,CAGrD,CAAA;AAEH,MAAM,WAAW,YAAY;IAC5B,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAA;IAClC,QAAQ,CAAC,wBAAwB,EAAE,OAAO,CAAA;IAC1C,QAAQ,CAAC,qBAAqB,EAAE,OAAO,CAAA;IACvC,QAAQ,CAAC,sBAAsB,EAAE,OAAO,CAAA;IACxC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAA;IAC7B,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAA;IACnC,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAA;IACrC,QAAQ,CAAC,yBAAyB,EAAE,MAAM,CAAA;IAC1C,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAA;IAC7B,QAAQ,CAAC,mBAAmB,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAA;CACtD;AAED,eAAO,MAAM,eAAe,GAAI,QAAQ,MAAM,KAAG,OAAO,CAAC;IAAE,QAAQ,EAAE,YAAY,CAAA;CAAE,CAGlF,CAAA;AAED,eAAO,MAAM,kBAAkB,GAC9B,QAAQ,MAAM,EACd,MAAM,OAAO,CAAC,YAAY,CAAC,KACzB,OAAO,CAAC;IAAE,QAAQ,EAAE,YAAY,CAAA;CAAE,CAGpC,CAAA;AAED,MAAM,WAAW,SAAS;IACzB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAA;IAC3B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAA;IAC/B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAA;IACrC,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAA;CACpC;AAED,eAAO,MAAM,YAAY,GAAI,QAAQ,MAAM,KAAG,OAAO,CAAC,SAAS,CAG9D,CAAA"}