@sylphx/management 0.4.2 → 0.6.0

package/CHANGELOG.md

@@ -1,5 +1,47 @@
 # @sylphx/management
 
+## 0.6.0
+
+### Minor Changes
+
+- [#1019](https://github.com/SylphxAI/platform/pull/1019) [`7978a14`](https://github.com/SylphxAI/platform/commit/7978a140c6eaf146456a458aa89b943cd3989659) Thanks [@shtse8](https://github.com/shtse8)! - Fail closed when environment targeting is ambiguous across platform management APIs.
+
+  The contract, Management SDK, and CLI now preserve explicit `envId` targeting for env vars, domains, services, deployments, and logs instead of relying on `envType` defaults when a project has multiple matching environments.
+
+### Patch Changes
+
+- Updated dependencies [[`7978a14`](https://github.com/SylphxAI/platform/commit/7978a140c6eaf146456a458aa89b943cd3989659)]:
+  - @sylphx/contract@0.8.0
+
+## 0.5.0
+
+### Minor Changes
+
+- [#746](https://github.com/SylphxAI/platform/pull/746) [`382a78e`](https://github.com/SylphxAI/platform/commit/382a78e2fb52d248890ae4fcb9551b8dde17a641) Thanks [@shtse8](https://github.com/shtse8)! - Align Management SDK email logs, suppressions, and settings with the contract-derived email admin surface.
+
+  The email management module now returns the contract list shape for logs, exposes log detail and suppression management helpers, and uses the contract settings input/response types. Consumers using the older hand-written email settings or log-list TypeScript shapes should migrate to the exported `EmailSettings`, `UpdateEmailSettingsInput`, `ListEmailLogsResult`, and `ListSuppressionsResult` types.
+
+- [#766](https://github.com/SylphxAI/platform/pull/766) [`809abfe`](https://github.com/SylphxAI/platform/commit/809abfe0f9115e397dbd0fb2c75deeeb006712b6) Thanks [@shtse8](https://github.com/shtse8)! - Align the Management SDK auth admin surface with the contract-owned project auth API.
+
+  Auth admin helpers now require a project reference, use contract-derived request paths and result types, and send the contract-owned OAuth/settings field names. The unsupported `rotateOAuthSecret` helper has been removed because the production auth admin contract does not accept OAuth client secret mutation on this route.
+
+- [#763](https://github.com/SylphxAI/platform/pull/763) [`5dfa410`](https://github.com/SylphxAI/platform/commit/5dfa4105f20573a482d3cfefcf247084724f31b5) Thanks [@shtse8](https://github.com/shtse8)! - Align the Management SDK newsletter module with the contract-derived newsletter API surface.
+
+  Newsletter management methods now derive request paths, HTTP methods, input types, and result types from `@sylphx/contract`. Public newsletter SDK types are re-exported from the contract package, and SDK-specific query helpers only adapt booleans and numbers into the string query parameters used by the HTTP contract.
+
+- [#764](https://github.com/SylphxAI/platform/pull/764) [`d83b7de`](https://github.com/SylphxAI/platform/commit/d83b7de54ba3c7c331967ab882ea4d68623c041f) Thanks [@shtse8](https://github.com/shtse8)! - Derive the Management refresh-token SDK surface from `@sylphx/contract`, using contract-owned refresh/logout routes and the `refresh_token` wire body/response field names.
+
+- [#759](https://github.com/SylphxAI/platform/pull/759) [`3257675`](https://github.com/SylphxAI/platform/commit/325767586a2fa5e53f00cd81e438d561d0e37c41) Thanks [@shtse8](https://github.com/shtse8)! - Align the Management SDK runners module with the contract-derived runner API surface.
+
+  Runner management methods now derive request paths, HTTP methods, input types, and result types from `@sylphx/contract`. The create input no longer advertises unsupported `labels` or `maxJobs` fields; callers should pass the contract-owned `name`, `platform`, and `arch` fields.
+
+  The `sylphx runners register` CLI command no longer exposes the unsupported `--labels` or `--max-jobs` flags and now submits only the contract-owned runner registration fields.
+
+### Patch Changes
+
+- Updated dependencies [[`382a78e`](https://github.com/SylphxAI/platform/commit/382a78e2fb52d248890ae4fcb9551b8dde17a641)]:
+  - @sylphx/contract@0.7.0
+
 ## 0.4.2
 
 ### Patch Changes
@@ -107,9 +149,9 @@ rationale).
 
 ### Changes
 
-- **Beta API surface.** Per [ADR-077](https://github.com/SylphxAI/platform/blob/main/docs/adr/ADR-077-trio-completeness.md), the Promise-based pure-functional interface is the target public contract. No classes, no `this`, no hidden state — `createClient` returns a frozen value, and every capability is a free function that takes `client` as its first argument. Shape is NOT yet frozen; still iterating in 0.x.
+- **Beta API surface.** Per **ADR-077** (Trio Completeness — Sylphx-internal architecture record), the Promise-based pure-functional interface is the target public contract. No classes, no `this`, no hidden state — `createClient` returns a frozen value, and every capability is a free function that takes `client` as its first argument. Shape is NOT yet frozen; still iterating in 0.x.
 - **Capability namespaces** (in-flight; count may change before stable) covering the Management plane: `projects`, `deployments`, `environments`, `envVars`, `domains`, `databases`, `services`, `volumes`, `storage`, `secrets`, `tasks`, `resourceBindings`, `organizations`, `users`, `sandboxes`, `logs`, `email` (admin), `notifications` (admin/inbox), `monitoring`, `analytics`, `flags`, `experiments`, `remoteConfig`, `ai`, `webhooks`, `runners`, `backups`, `billing`, `certs`, `consent`, `engagement`, `newsletter`, `oidc`, `privacy`, `realtime`, `referrals`, `saml`, `search`, `serviceTokens`, `sessionReplay`. Function lifecycle is withheld until the Management API owns `/projects/:projectId/functions/*`.
-- **Contract-first types** ([ADR-084](https://github.com/SylphxAI/platform/blob/main/docs/adr/ADR-084-effect-schema-contract.md)). Wire types and endpoint metadata (method + path) are imported from [`@sylphx/contract`](https://www.npmjs.com/package/@sylphx/contract) — the Effect Schema SSOT. Hand-written type shims were removed; the contract package is the only place wire shape is defined.
+- **Contract-first types** (**ADR-084** — Effect Schema Contract, Sylphx-internal architecture record). Wire types and endpoint metadata (method + path) are imported from [`@sylphx/contract`](https://www.npmjs.com/package/@sylphx/contract) — the Effect Schema SSOT. Hand-written type shims were removed; the contract package is the only place wire shape is defined.
 - **Bearer-token auth.** `createClient({ token })` accepts service tokens (`svc_...`) and OAuth access JWTs. The same SDK works for CLI / CI / backend integrations on the Management plane (`api.sylphx.com/v1`).
 - **Tree-shakable subpath exports.** Every namespace is also reachable as `@sylphx/management/projects`, `@sylphx/management/deployments`, etc. `sideEffects: false` for bundler-friendly dead-code elimination.
 - **ESM-only.** `"type": "module"`, Node ≥ 20, uses the built-in `fetch`. No classes, no polyfills, no peer framework required.

package/README.md

@@ -83,6 +83,7 @@ argument. Key namespaces:
 | Namespace            | Representative functions                                                                   |
 | -------------------- | ------------------------------------------------------------------------------------------ |
 | `users`              | `whoami`                                                                                   |
+| `auth`, `authSettings` | `getOAuthProviders`, `updateOAuthProviders`, `getAuthSettings`, `updateAuthSettings`, `getAuthStats` |
 | `projects`           | `list`, `create`, `delete`                                                                 |
 | `deployments`        | `status`, `trigger`, `history`, `rollback`                                                 |
 | `environments`       | `list`, `resolveId`, `create`, `update`, `delete`, `promote`                               |
@@ -167,12 +168,11 @@ try {
   across parallel calls. No hidden globals, no singletons.
 - **ESM-only, tree-shakable.** `"type": "module"`, `sideEffects: false`,
   per-namespace subpath exports.
-- See [ADR-077](https://github.com/SylphxAI/platform/blob/main/docs/adr/ADR-077-trio-completeness.md)
-  for the design rationale,
-  [ADR-083](https://github.com/SylphxAI/platform/blob/main/docs/adr/ADR-083-two-plane-sdk-architecture.md)
-  for the two-plane split,
-  [ADR-084](https://github.com/SylphxAI/platform/blob/main/docs/adr/ADR-084-effect-schema-contract.md)
-  for the contract SSOT.
+- See **ADR-077** (Trio Completeness) for the design rationale,
+  **ADR-083** (Two-Plane SDK Architecture) for the management /
+  BaaS split, and **ADR-084** (Effect Schema Contract) for the
+  contract SSOT. (ADRs live in the Sylphx-internal architecture
+  records.)
 
 ## Agent integration
 

package/dist/auth.d.ts

@@ -10,7 +10,7 @@
  * This file re-binds every export of `authSettings.ts` as a local
  * `export const` so that both:
  *
- *   - `@sylphx/management/auth`          — maps 1:1 to `authEndpoints`
+ *   - `@sylphx/management/auth`          — maps 1:1 to `authAdminEndpoints`
  *   - `@sylphx/management/authSettings`  — ergonomic alias
  *
  * resolve to the same transport functions, and the ADR-089 S7 coverage
@@ -19,21 +19,10 @@
  * @see ./authSettings.ts — source of truth
  */
 import * as settings from './authSettings.js';
-export declare const getOAuthProviders: (client: import("./client.js").Client) => Promise<{
-    providers: readonly settings.OAuthProviderConfig[];
-}>;
-export declare const updateOAuthProviders: (client: import("./client.js").Client, body: settings.UpdateOAuthProvidersInput) => Promise<{
-    providers: readonly settings.OAuthProviderConfig[];
-}>;
-export declare const rotateOAuthSecret: (client: import("./client.js").Client, provider: string, newClientSecret: string) => Promise<{
-    providers: readonly settings.OAuthProviderConfig[];
-}>;
-export declare const getAuthSettings: (client: import("./client.js").Client) => Promise<{
-    settings: settings.AuthSettings;
-}>;
-export declare const updateAuthSettings: (client: import("./client.js").Client, body: Partial<settings.AuthSettings>) => Promise<{
-    settings: settings.AuthSettings;
-}>;
-export declare const getAuthStats: (client: import("./client.js").Client) => Promise<settings.AuthStats>;
-export type { AuthSettings, AuthStats, OAuthProviderConfig, UpdateOAuthProvidersInput, } from './authSettings.js';
+export declare const getOAuthProviders: (client: import("./client.js").Client, projectId: string) => Promise<settings.OAuthProvidersResult>;
+export declare const updateOAuthProviders: (client: import("./client.js").Client, projectId: string, body: settings.UpdateOAuthProvidersInput) => Promise<settings.UpdateOAuthProvidersResult>;
+export declare const getAuthSettings: (client: import("./client.js").Client, projectId: string) => Promise<settings.AuthSettings>;
+export declare const updateAuthSettings: (client: import("./client.js").Client, projectId: string, body: settings.UpdateAuthSettingsInput) => Promise<settings.AuthSettings>;
+export declare const getAuthStats: (client: import("./client.js").Client, projectId: string) => Promise<settings.AuthStats>;
+export type { AuthSettings, AuthStats, OAuthProvidersResult, UpdateAuthSettingsInput, UpdateOAuthProvidersInput, UpdateOAuthProvidersResult, } from '@sylphx/contract';
 //# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,KAAK,QAAQ,MAAM,mBAAmB,CAAA;AAE7C,eAAO,MAAM,iBAAiB;;EAA6B,CAAA;AAC3D,eAAO,MAAM,oBAAoB;;EAAgC,CAAA;AACjE,eAAO,MAAM,iBAAiB;;EAA6B,CAAA;AAC3D,eAAO,MAAM,eAAe;;EAA2B,CAAA;AACvD,eAAO,MAAM,kBAAkB;;EAA8B,CAAA;AAC7D,eAAO,MAAM,YAAY,uEAAwB,CAAA;AAEjD,YAAY,EACX,YAAY,EACZ,SAAS,EACT,mBAAmB,EACnB,yBAAyB,GACzB,MAAM,mBAAmB,CAAA"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,KAAK,QAAQ,MAAM,mBAAmB,CAAA;AAE7C,eAAO,MAAM,iBAAiB,qGAA6B,CAAA;AAC3D,eAAO,MAAM,oBAAoB,qJAAgC,CAAA;AACjE,eAAO,MAAM,eAAe,6FAA2B,CAAA;AACvD,eAAO,MAAM,kBAAkB,qIAA8B,CAAA;AAC7D,eAAO,MAAM,YAAY,0FAAwB,CAAA;AAEjD,YAAY,EACX,YAAY,EACZ,SAAS,EACT,oBAAoB,EACpB,uBAAuB,EACvB,yBAAyB,EACzB,0BAA0B,GAC1B,MAAM,kBAAkB,CAAA"}

package/dist/auth.js

@@ -10,7 +10,7 @@
  * This file re-binds every export of `authSettings.ts` as a local
  * `export const` so that both:
  *
- *   - `@sylphx/management/auth`          — maps 1:1 to `authEndpoints`
+ *   - `@sylphx/management/auth`          — maps 1:1 to `authAdminEndpoints`
  *   - `@sylphx/management/authSettings`  — ergonomic alias
  *
  * resolve to the same transport functions, and the ADR-089 S7 coverage
@@ -21,7 +21,6 @@
 import * as settings from './authSettings.js';
 export const getOAuthProviders = settings.getOAuthProviders;
 export const updateOAuthProviders = settings.updateOAuthProviders;
-export const rotateOAuthSecret = settings.rotateOAuthSecret;
 export const getAuthSettings = settings.getAuthSettings;
 export const updateAuthSettings = settings.updateAuthSettings;
 export const getAuthStats = settings.getAuthStats;

package/dist/authSettings.d.ts

@@ -7,65 +7,12 @@
  * Mirrors the `authAdminEndpoints` portion of
  * `apps/api/src/server/platform/routes/auth.ts`.
  */
+import type { AuthSettings, AuthStats, OAuthProvidersResult, UpdateAuthSettingsInput, UpdateOAuthProvidersInput, UpdateOAuthProvidersResult } from '@sylphx/contract';
 import type { Client } from './client.js';
-export interface OAuthProviderConfig {
-    readonly provider: 'google' | 'github' | 'microsoft' | 'apple' | string;
-    readonly enabled: boolean;
-    readonly clientId: string | null;
-    readonly hasClientSecret: boolean;
-    readonly scopes: readonly string[];
-    readonly updatedAt: string | null;
-}
-export declare const getOAuthProviders: (client: Client) => Promise<{
-    providers: readonly OAuthProviderConfig[];
-}>;
-export interface UpdateOAuthProvidersInput {
-    readonly providers: readonly {
-        readonly provider: string;
-        readonly enabled: boolean;
-        readonly clientId?: string;
-        /** Omit to keep the stored secret; pass `null` to clear; pass a new string to rotate. */
-        readonly clientSecret?: string | null;
-        readonly scopes?: readonly string[];
-    }[];
-}
-export declare const updateOAuthProviders: (client: Client, body: UpdateOAuthProvidersInput) => Promise<{
-    providers: readonly OAuthProviderConfig[];
-}>;
-/**
- * Rotate a single OAuth provider's client secret without touching the
- * rest of the provider list. Convenience wrapper over
- * `updateOAuthProviders` — Phase 4b SOTA addition (ADR-089 Matrix 2 gap).
- */
-export declare const rotateOAuthSecret: (client: Client, provider: string, newClientSecret: string) => Promise<{
-    providers: readonly OAuthProviderConfig[];
-}>;
-export interface AuthSettings {
-    readonly passwordMinLength: number;
-    readonly passwordRequireMixedCase: boolean;
-    readonly passwordRequireDigits: boolean;
-    readonly passwordRequireSymbols: boolean;
-    readonly mfaRequired: boolean;
-    readonly mfaGracePeriodDays: number;
-    readonly sessionMaxAgeSeconds: number;
-    readonly sessionIdleTimeoutSeconds: number;
-    readonly allowSignup: boolean;
-    readonly allowedEmailDomains: readonly string[] | null;
-}
-export declare const getAuthSettings: (client: Client) => Promise<{
-    settings: AuthSettings;
-}>;
-export declare const updateAuthSettings: (client: Client, body: Partial<AuthSettings>) => Promise<{
-    settings: AuthSettings;
-}>;
-export interface AuthStats {
-    readonly totalUsers: number;
-    readonly activeLast24h: number;
-    readonly activeLast7d: number;
-    readonly signupsLast24h: number;
-    readonly mfaEnabledCount: number;
-    readonly passkeyEnrolledCount: number;
-    readonly failedLoginsLast24h: number;
-}
-export declare const getAuthStats: (client: Client) => Promise<AuthStats>;
+export type { AuthSettings, AuthStats, OAuthProvidersResult, UpdateAuthSettingsInput, UpdateOAuthProvidersInput, UpdateOAuthProvidersResult, } from '@sylphx/contract';
+export declare const getOAuthProviders: (client: Client, projectId: string) => Promise<OAuthProvidersResult>;
+export declare const updateOAuthProviders: (client: Client, projectId: string, body: UpdateOAuthProvidersInput) => Promise<UpdateOAuthProvidersResult>;
+export declare const getAuthSettings: (client: Client, projectId: string) => Promise<AuthSettings>;
+export declare const updateAuthSettings: (client: Client, projectId: string, body: UpdateAuthSettingsInput) => Promise<AuthSettings>;
+export declare const getAuthStats: (client: Client, projectId: string) => Promise<AuthStats>;
 //# sourceMappingURL=authSettings.d.ts.map

package/dist/authSettings.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"authSettings.d.ts","sourceRoot":"","sources":["../src/authSettings.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAGzC,MAAM,WAAW,mBAAmB;IACnC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,GAAG,QAAQ,GAAG,WAAW,GAAG,OAAO,GAAG,MAAM,CAAA;IACvE,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IAChC,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAA;IACjC,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAA;IAClC,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;CACjC;AAED,eAAO,MAAM,iBAAiB,GAC7B,QAAQ,MAAM,KACZ,OAAO,CAAC;IAAE,SAAS,EAAE,SAAS,mBAAmB,EAAE,CAAA;CAAE,CAGvD,CAAA;AAED,MAAM,WAAW,yBAAyB;IACzC,QAAQ,CAAC,SAAS,EAAE,SAAS;QAC5B,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;QACzB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;QACzB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;QAC1B,yFAAyF;QACzF,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;QACrC,QAAQ,CAAC,MAAM,CAAC,EAAE,SAAS,MAAM,EAAE,CAAA;KACnC,EAAE,CAAA;CACH;AAED,eAAO,MAAM,oBAAoB,GAChC,QAAQ,MAAM,EACd,MAAM,yBAAyB,KAC7B,OAAO,CAAC;IAAE,SAAS,EAAE,SAAS,mBAAmB,EAAE,CAAA;CAAE,CAGvD,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,iBAAiB,GAC7B,QAAQ,MAAM,EACd,UAAU,MAAM,EAChB,iBAAiB,MAAM,KACrB,OAAO,CAAC;IAAE,SAAS,EAAE,SAAS,mBAAmB,EAAE,CAAA;CAAE,CAGrD,CAAA;AAEH,MAAM,WAAW,YAAY;IAC5B,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAA;IAClC,QAAQ,CAAC,wBAAwB,EAAE,OAAO,CAAA;IAC1C,QAAQ,CAAC,qBAAqB,EAAE,OAAO,CAAA;IACvC,QAAQ,CAAC,sBAAsB,EAAE,OAAO,CAAA;IACxC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAA;IAC7B,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAA;IACnC,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAA;IACrC,QAAQ,CAAC,yBAAyB,EAAE,MAAM,CAAA;IAC1C,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAA;IAC7B,QAAQ,CAAC,mBAAmB,EAAE,SAAS,MAAM,EAAE,GAAG,IAAI,CAAA;CACtD;AAED,eAAO,MAAM,eAAe,GAAI,QAAQ,MAAM,KAAG,OAAO,CAAC;IAAE,QAAQ,EAAE,YAAY,CAAA;CAAE,CAGlF,CAAA;AAED,eAAO,MAAM,kBAAkB,GAC9B,QAAQ,MAAM,EACd,MAAM,OAAO,CAAC,YAAY,CAAC,KACzB,OAAO,CAAC;IAAE,QAAQ,EAAE,YAAY,CAAA;CAAE,CAGpC,CAAA;AAED,MAAM,WAAW,SAAS;IACzB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAA;IAC3B,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAA;IAC9B,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAA;IAC7B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAA;IAC/B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAA;IAChC,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAA;IACrC,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAA;CACpC;AAED,eAAO,MAAM,YAAY,GAAI,QAAQ,MAAM,KAAG,OAAO,CAAC,SAAS,CAG9D,CAAA"}
+{"version":3,"file":"authSettings.d.ts","sourceRoot":"","sources":["../src/authSettings.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EACX,YAAY,EACZ,SAAS,EACT,oBAAoB,EACpB,uBAAuB,EACvB,yBAAyB,EACzB,0BAA0B,EAC1B,MAAM,kBAAkB,CAAA;AAEzB,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAGzC,YAAY,EACX,YAAY,EACZ,SAAS,EACT,oBAAoB,EACpB,uBAAuB,EACvB,yBAAyB,EACzB,0BAA0B,GAC1B,MAAM,kBAAkB,CAAA;AAEzB,eAAO,MAAM,iBAAiB,GAC7B,QAAQ,MAAM,EACd,WAAW,MAAM,KACf,OAAO,CAAC,oBAAoB,CAG9B,CAAA;AAED,eAAO,MAAM,oBAAoB,GAChC,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,MAAM,yBAAyB,KAC7B,OAAO,CAAC,0BAA0B,CAGpC,CAAA;AAED,eAAO,MAAM,eAAe,GAAI,QAAQ,MAAM,EAAE,WAAW,MAAM,KAAG,OAAO,CAAC,YAAY,CAGvF,CAAA;AAED,eAAO,MAAM,kBAAkB,GAC9B,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,MAAM,uBAAuB,KAC3B,OAAO,CAAC,YAAY,CAGtB,CAAA;AAED,eAAO,MAAM,YAAY,GAAI,QAAQ,MAAM,EAAE,WAAW,MAAM,KAAG,OAAO,CAAC,SAAS,CAGjF,CAAA"}

package/dist/authSettings.js

@@ -8,32 +8,24 @@
  * `apps/api/src/server/platform/routes/auth.ts`.
  */
 import { authAdminEndpoints } from '@sylphx/contract';
-import { request } from './http.js';
-export const getOAuthProviders = (client) => {
+import { interpolatePath, request } from './http.js';
+export const getOAuthProviders = (client, projectId) => {
     const { method, path } = authAdminEndpoints.getOAuthProviders;
-    return request(client, method, path);
+    return request(client, method, interpolatePath(path, { id: projectId }));
 };
-export const updateOAuthProviders = (client, body) => {
+export const updateOAuthProviders = (client, projectId, body) => {
     const { method, path } = authAdminEndpoints.updateOAuthProviders;
-    return request(client, method, path, { body });
+    return request(client, method, interpolatePath(path, { id: projectId }), { body });
 };
-/**
- * Rotate a single OAuth provider's client secret without touching the
- * rest of the provider list. Convenience wrapper over
- * `updateOAuthProviders` — Phase 4b SOTA addition (ADR-089 Matrix 2 gap).
- */
-export const rotateOAuthSecret = (client, provider, newClientSecret) => updateOAuthProviders(client, {
-    providers: [{ provider, enabled: true, clientSecret: newClientSecret }],
-});
-export const getAuthSettings = (client) => {
+export const getAuthSettings = (client, projectId) => {
     const { method, path } = authAdminEndpoints.getAuthSettings;
-    return request(client, method, path);
+    return request(client, method, interpolatePath(path, { id: projectId }));
 };
-export const updateAuthSettings = (client, body) => {
+export const updateAuthSettings = (client, projectId, body) => {
     const { method, path } = authAdminEndpoints.updateAuthSettings;
-    return request(client, method, path, { body });
+    return request(client, method, interpolatePath(path, { id: projectId }), { body });
 };
-export const getAuthStats = (client) => {
+export const getAuthStats = (client, projectId) => {
     const { method, path } = authAdminEndpoints.getAuthStats;
-    return request(client, method, path);
+    return request(client, method, interpolatePath(path, { id: projectId }));
 };

package/dist/backups.d.ts

@@ -10,29 +10,14 @@
  * accessed via `authedFetch` in the CLI; promoted to a first-class SDK
  * module per ADR-077 trio-completeness.
  */
+import type { BackupEntry, DeleteBackupResult, ListBackupsResult, RestoreBackupResult, TriggerBackupResult } from '@sylphx/contract';
 import type { Client } from './client.js';
-export type BackupStatus = 'completed' | 'in_progress' | 'failed';
-export interface Backup {
-    readonly id: string;
-    readonly projectId: string;
-    readonly envId: string;
-    readonly key: string;
-    readonly timestamp: string;
-    readonly sizeBytes: number;
-    readonly status: BackupStatus;
-}
-export interface ListResult {
-    readonly backups: readonly Backup[];
-    readonly total: number;
-}
+export type BackupStatus = BackupEntry['status'];
+export type Backup = BackupEntry;
+export type ListResult = ListBackupsResult;
 export declare const list: (client: Client, projectId: string, envId?: string) => Promise<ListResult>;
-export declare const trigger: (client: Client, projectId: string, envId: string) => Promise<{
-    backup: Backup;
-}>;
-export declare const restore: (client: Client, backupId: string, targetDatabaseUrl?: string) => Promise<{
-    success: boolean;
-    message: string;
-}>;
+export declare const trigger: (client: Client, projectId: string, envId: string) => Promise<TriggerBackupResult>;
+export declare const restore: (client: Client, backupId: string, targetDatabaseUrl?: string) => Promise<RestoreBackupResult>;
 /**
  * Point-in-time recovery. Targets a specific timestamp between the most
  * recent base backup and current time; the platform walks WAL to land
@@ -59,8 +44,6 @@ export declare const restoreInPlace: (client: Client, backupId: string) => Promi
     success: boolean;
     message: string;
 }>;
-declare const _delete: (client: Client, backupId: string) => Promise<{
-    success: boolean;
-}>;
+declare const _delete: (client: Client, backupId: string) => Promise<DeleteBackupResult>;
 export { _delete as delete };
 //# sourceMappingURL=backups.d.ts.map

package/dist/backups.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"backups.d.ts","sourceRoot":"","sources":["../src/backups.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAGzC,MAAM,MAAM,YAAY,GAAG,WAAW,GAAG,aAAa,GAAG,QAAQ,CAAA;AAEjE,MAAM,WAAW,MAAM;IACtB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAA;IACpB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAA;CAC7B;AAED,MAAM,WAAW,UAAU;IAC1B,QAAQ,CAAC,OAAO,EAAE,SAAS,MAAM,EAAE,CAAA;IACnC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;CACtB;AAED,eAAO,MAAM,IAAI,GAAI,QAAQ,MAAM,EAAE,WAAW,MAAM,EAAE,QAAQ,MAAM,KAAG,OAAO,CAAC,UAAU,CACvB,CAAA;AAEpE,eAAO,MAAM,OAAO,GACnB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,OAAO,MAAM,KACX,OAAO,CAAC;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,CAC+C,CAAA;AAE5E,eAAO,MAAM,OAAO,GACnB,QAAQ,MAAM,EACd,UAAU,MAAM,EAChB,oBAAoB,MAAM,KACxB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAG7C,CAAA;AAEH;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,GAC9B,QAAQ,MAAM,EACd,YAAY,MAAM,EAClB,MAAM;IACL,+EAA+E;IAC/E,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAA;IAC3B,wGAAwG;IACxG,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAA;IAC1B,qEAAqE;IACrE,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAA;CACnC,KACC,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,mBAAmB,EAAE,MAAM,CAAA;CAAE,CACkB,CAAA;AAE/F;;;;GAIG;AACH,eAAO,MAAM,cAAc,GAC1B,QAAQ,MAAM,EACd,UAAU,MAAM,KACd,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CACqC,CAAA;AAErF,QAAA,MAAM,OAAO,GAAI,QAAQ,MAAM,EAAE,UAAU,MAAM,KAAG,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAA;CAAE,CACV,CAAA;AACtE,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,CAAA"}
+{"version":3,"file":"backups.d.ts","sourceRoot":"","sources":["../src/backups.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EACX,WAAW,EACX,kBAAkB,EAClB,iBAAiB,EAEjB,mBAAmB,EACnB,mBAAmB,EACnB,MAAM,kBAAkB,CAAA;AAEzB,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAGzC,MAAM,MAAM,YAAY,GAAG,WAAW,CAAC,QAAQ,CAAC,CAAA;AAEhD,MAAM,MAAM,MAAM,GAAG,WAAW,CAAA;AAEhC,MAAM,MAAM,UAAU,GAAG,iBAAiB,CAAA;AAE1C,eAAO,MAAM,IAAI,GAAI,QAAQ,MAAM,EAAE,WAAW,MAAM,EAAE,QAAQ,MAAM,KAAG,OAAO,CAAC,UAAU,CAG1F,CAAA;AAED,eAAO,MAAM,OAAO,GACnB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,OAAO,MAAM,KACX,OAAO,CAAC,mBAAmB,CAG7B,CAAA;AAED,eAAO,MAAM,OAAO,GACnB,QAAQ,MAAM,EACd,UAAU,MAAM,EAChB,oBAAoB,MAAM,KACxB,OAAO,CAAC,mBAAmB,CAM7B,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,kBAAkB,GAC9B,QAAQ,MAAM,EACd,YAAY,MAAM,EAClB,MAAM;IACL,+EAA+E;IAC/E,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAA;IAC3B,wGAAwG;IACxG,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAA;IAC1B,qEAAqE;IACrE,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAA;CACnC,KACC,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,mBAAmB,EAAE,MAAM,CAAA;CAAE,CACkB,CAAA;AAE/F;;;;GAIG;AACH,eAAO,MAAM,cAAc,GAC1B,QAAQ,MAAM,EACd,UAAU,MAAM,KACd,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CACqC,CAAA;AAErF,QAAA,MAAM,OAAO,GAAI,QAAQ,MAAM,EAAE,UAAU,MAAM,KAAG,OAAO,CAAC,kBAAkB,CAG7E,CAAA;AACD,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,CAAA"}

package/dist/backups.js

@@ -10,12 +10,23 @@
  * accessed via `authedFetch` in the CLI; promoted to a first-class SDK
  * module per ADR-077 trio-completeness.
  */
-import { request } from './http.js';
-export const list = (client, projectId, envId) => request(client, 'GET', '/backups', { query: { projectId, envId } });
-export const trigger = (client, projectId, envId) => request(client, 'POST', '/backups/trigger', { body: { projectId, envId } });
-export const restore = (client, backupId, targetDatabaseUrl) => request(client, 'POST', `/backups/${encodeURIComponent(backupId)}/restore`, {
-    body: targetDatabaseUrl ? { targetDatabaseUrl } : {},
-});
+import { backupsEndpoints } from '@sylphx/contract';
+import { interpolatePath, request } from './http.js';
+export const list = (client, projectId, envId) => {
+    const { method, path } = backupsEndpoints.list;
+    return request(client, method, path, { query: { projectId, envId } });
+};
+export const trigger = (client, projectId, envId) => {
+    const { method, path } = backupsEndpoints.trigger;
+    return request(client, method, path, { body: { projectId, envId } });
+};
+export const restore = (client, backupId, targetDatabaseUrl) => {
+    const { method, path } = backupsEndpoints.restore;
+    const body = targetDatabaseUrl ? { targetDatabaseUrl } : {};
+    return request(client, method, interpolatePath(path, { id: backupId }), {
+        body,
+    });
+};
 /**
  * Point-in-time recovery. Targets a specific timestamp between the most
  * recent base backup and current time; the platform walks WAL to land
@@ -28,5 +39,8 @@ export const restorePointInTime = (client, databaseId, body) => request(client,
  * maintenance window.
  */
 export const restoreInPlace = (client, backupId) => request(client, 'POST', `/backups/${encodeURIComponent(backupId)}/restore-in-place`);
-const _delete = (client, backupId) => request(client, 'DELETE', `/backups/${encodeURIComponent(backupId)}`);
+const _delete = (client, backupId) => {
+    const { method, path } = backupsEndpoints.delete;
+    return request(client, method, interpolatePath(path, { id: backupId }));
+};
 export { _delete as delete };

package/dist/client.d.ts

@@ -11,8 +11,8 @@
  *   const db     = await databases.create(client, { name: 'mydb', tier: 'standard', env: 'production', storageGb: 10 })
  *
  * The `Client` returned by `createClient` is a frozen value-type carrying
- * only the transport primitives (token, URLs, User-Agent). All business
- * logic lives server-side (Effect-TS, ADR-058). Capability modules
+ * only the transport primitives (token, URLs, User-Agent, optional fetch).
+ * All business logic lives server-side (Effect-TS, ADR-058). Capability modules
  * (`projects`, `databases`, …) are flat namespaces of free async
  * functions that take `Client` as their first argument. No state is
  * held in the SDK; the same `Client` may be shared across any number
@@ -28,6 +28,8 @@ export interface ClientOptions {
     readonly baseUrl?: string;
     /** User-Agent header value. Default: `@sylphx/management/1.0.0`. */
     readonly userAgent?: string;
+    /** Optional transport override for server-side cookie forwarding or tests. */
+    readonly fetch?: typeof globalThis.fetch;
     /**
      * Optional organization selector for user-context Management API calls.
      * Multi-org operators use this to scope requests without minting a separate
@@ -40,6 +42,7 @@ export interface Client {
     readonly baseUrl: string;
     readonly apiBase: string;
     readonly userAgent: string;
+    readonly fetch?: typeof globalThis.fetch;
     readonly preferredOrgId?: string;
 }
 export declare function createClient(opts: ClientOptions): Client;

package/dist/client.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,MAAM,WAAW,aAAa;IAC7B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;IACtB,+DAA+D;IAC/D,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAA;IACzB,oEAAoE;IACpE,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;IAC3B;;;;OAIG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAA;CAChC;AAED,MAAM,WAAW,MAAM;IACtB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAA;CAChC;AAED,wBAAgB,YAAY,CAAC,IAAI,EAAE,aAAa,GAAG,MAAM,CAUxD"}
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,MAAM,WAAW,aAAa;IAC7B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;IACtB,+DAA+D;IAC/D,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAA;IACzB,oEAAoE;IACpE,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;IAC3B,8EAA8E;IAC9E,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAA;IACxC;;;;OAIG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAA;CAChC;AAED,MAAM,WAAW,MAAM;IACtB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,KAAK,CAAA;IACxC,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,CAAA;CAChC;AAED,wBAAgB,YAAY,CAAC,IAAI,EAAE,aAAa,GAAG,MAAM,CAWxD"}

package/dist/client.js

@@ -11,8 +11,8 @@
  *   const db     = await databases.create(client, { name: 'mydb', tier: 'standard', env: 'production', storageGb: 10 })
  *
  * The `Client` returned by `createClient` is a frozen value-type carrying
- * only the transport primitives (token, URLs, User-Agent). All business
- * logic lives server-side (Effect-TS, ADR-058). Capability modules
+ * only the transport primitives (token, URLs, User-Agent, optional fetch).
+ * All business logic lives server-side (Effect-TS, ADR-058). Capability modules
  * (`projects`, `databases`, …) are flat namespaces of free async
  * functions that take `Client` as their first argument. No state is
  * held in the SDK; the same `Client` may be shared across any number
@@ -29,6 +29,7 @@ export function createClient(opts) {
         baseUrl,
         apiBase: `${baseUrl}/v1`,
         userAgent: opts.userAgent ?? '@sylphx/management/1.0.0',
+        ...(opts.fetch ? { fetch: opts.fetch } : {}),
         ...(opts.preferredOrgId ? { preferredOrgId: opts.preferredOrgId } : {}),
     };
     return Object.freeze(client);

package/dist/domains.d.ts

@@ -11,12 +11,16 @@ import type { Client } from './client.js';
 export interface OrgScopedRequestOptions {
     readonly orgId?: string;
 }
-export declare const list: (client: Client, projectId: string, envType?: string, options?: OrgScopedRequestOptions) => Promise<DomainResult[]>;
-export declare const create: (client: Client, projectId: string, apexDomain: string, envType?: string, options?: OrgScopedRequestOptions) => Promise<DomainResult>;
+export interface EnvironmentTargetRequestOptions extends OrgScopedRequestOptions {
+    readonly envId?: string;
+}
+export declare const list: (client: Client, projectId: string, envType?: string, options?: EnvironmentTargetRequestOptions) => Promise<DomainResult[]>;
+export declare const create: (client: Client, projectId: string, apexDomain: string, envType?: string, options?: EnvironmentTargetRequestOptions) => Promise<DomainResult>;
 export interface AddHostnameOpts extends Omit<AddHostnameInput, 'hostname'> {
     readonly envType?: string;
+    readonly envId?: string;
 }
-export declare const addHostname: (client: Client, projectId: string, domainId: string, hostname: string, opts?: AddHostnameOpts, options?: OrgScopedRequestOptions) => Promise<DomainHostname>;
+export declare const addHostname: (client: Client, projectId: string, domainId: string, hostname: string, opts: AddHostnameOpts, options?: OrgScopedRequestOptions) => Promise<DomainHostname>;
 export declare const removeHostname: (client: Client, projectId: string, domainId: string, hostnameId: string, options?: OrgScopedRequestOptions) => Promise<void>;
 export declare const checkHostname: (client: Client, projectId: string, domainId: string, hostnameId: string, options?: OrgScopedRequestOptions) => Promise<DomainHostname>;
 export interface EnableEmailOpts {

package/dist/domains.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"domains.d.ts","sourceRoot":"","sources":["../src/domains.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACX,gBAAgB,EAChB,kBAAkB,EAClB,cAAc,EACd,MAAM,IAAI,YAAY,EACtB,MAAM,kBAAkB,CAAA;AAEzB,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAGzC,MAAM,WAAW,uBAAuB;IACvC,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CACvB;AAQD,eAAO,MAAM,IAAI,GAChB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,gBAAsB,EACtB,UAAS,uBAA4B,KACnC,OAAO,CAAC,YAAY,EAAE,CAMxB,CAAA;AAED,eAAO,MAAM,MAAM,GAClB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,YAAY,MAAM,EAClB,gBAAsB,EACtB,UAAS,uBAA4B,KACnC,OAAO,CAAC,YAAY,CAMtB,CAAA;AAED,MAAM,WAAW,eAAgB,SAAQ,IAAI,CAAC,gBAAgB,EAAE,UAAU,CAAC;IAC1E,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CACzB;AAED,eAAO,MAAM,WAAW,GACvB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,UAAU,MAAM,EAChB,UAAU,MAAM,EAChB,OAAO,eAAe,EACtB,UAAS,uBAA4B,KACnC,OAAO,CAAC,cAAc,CAQxB,CAAA;AAED,eAAO,MAAM,cAAc,GAC1B,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,UAAU,MAAM,EAChB,YAAY,MAAM,EAClB,UAAS,uBAA4B,KACnC,OAAO,CAAC,IAAI,CAKd,CAAA;AAID,eAAO,MAAM,aAAa,GACzB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,UAAU,MAAM,EAChB,YAAY,MAAM,EAClB,UAAS,uBAA4B,KACnC,OAAO,CAAC,cAAc,CAMvB,CAAA;AAEF,MAAM,WAAW,eAAe;IAC/B,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAA;IAClC,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAA;CACjC;AAED,eAAO,MAAM,WAAW,GACvB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,UAAU,MAAM,EAChB,OAAO,eAAe,EACtB,UAAS,uBAA4B,KACnC,OAAO,CAAC,kBAAkB,CAM3B,CAAA;AAEF,eAAO,MAAM,UAAU,GACtB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,UAAU,MAAM,EAChB,UAAS,uBAA4B,KACnC,OAAO,CAAC,kBAAkB,CAM3B,CAAA;AAEF,eAAO,MAAM,YAAY,GACxB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,UAAU,MAAM,EAChB,UAAS,uBAA4B,KACnC,OAAO,CAAC,IAAI,CAMb,CAAA"}
+{"version":3,"file":"domains.d.ts","sourceRoot":"","sources":["../src/domains.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACX,gBAAgB,EAChB,kBAAkB,EAClB,cAAc,EACd,MAAM,IAAI,YAAY,EACtB,MAAM,kBAAkB,CAAA;AAEzB,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAGzC,MAAM,WAAW,uBAAuB;IACvC,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CACvB;AAED,MAAM,WAAW,+BAAgC,SAAQ,uBAAuB;IAC/E,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CACvB;AAQD,eAAO,MAAM,IAAI,GAChB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,gBAAsB,EACtB,UAAS,+BAAoC,KAC3C,OAAO,CAAC,YAAY,EAAE,CAMxB,CAAA;AAED,eAAO,MAAM,MAAM,GAClB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,YAAY,MAAM,EAClB,gBAAsB,EACtB,UAAS,+BAAoC,KAC3C,OAAO,CAAC,YAAY,CAMtB,CAAA;AAED,MAAM,WAAW,eAAgB,SAAQ,IAAI,CAAC,gBAAgB,EAAE,UAAU,CAAC;IAC1E,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAA;IACzB,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CACvB;AAED,eAAO,MAAM,WAAW,GACvB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,UAAU,MAAM,EAChB,UAAU,MAAM,EAChB,MAAM,eAAe,EACrB,UAAS,uBAA4B,KACnC,OAAO,CAAC,cAAc,CAQxB,CAAA;AAED,eAAO,MAAM,cAAc,GAC1B,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,UAAU,MAAM,EAChB,YAAY,MAAM,EAClB,UAAS,uBAA4B,KACnC,OAAO,CAAC,IAAI,CAKd,CAAA;AAID,eAAO,MAAM,aAAa,GACzB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,UAAU,MAAM,EAChB,YAAY,MAAM,EAClB,UAAS,uBAA4B,KACnC,OAAO,CAAC,cAAc,CAMvB,CAAA;AAEF,MAAM,WAAW,eAAe;IAC/B,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAA;IAClC,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,CAAA;CACjC;AAED,eAAO,MAAM,WAAW,GACvB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,UAAU,MAAM,EAChB,OAAO,eAAe,EACtB,UAAS,uBAA4B,KACnC,OAAO,CAAC,kBAAkB,CAM3B,CAAA;AAEF,eAAO,MAAM,UAAU,GACtB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,UAAU,MAAM,EAChB,UAAS,uBAA4B,KACnC,OAAO,CAAC,kBAAkB,CAM3B,CAAA;AAEF,eAAO,MAAM,YAAY,GACxB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,UAAU,MAAM,EAChB,UAAS,uBAA4B,KACnC,OAAO,CAAC,IAAI,CAMb,CAAA"}

package/dist/domains.js

@@ -14,22 +14,22 @@ const orgHeaders = (options = {}) => ({
 export const list = (client, projectId, envType = 'production', options = {}) => {
     const { method, path } = domainsEndpoints.list;
     return request(client, method, interpolatePath(path, { projectId }), {
-        query: { envType },
+        query: { envType, envId: options.envId },
         headers: orgHeaders(options),
     });
 };
 export const create = (client, projectId, apexDomain, envType = 'production', options = {}) => {
     const { method, path } = domainsEndpoints.create;
     return request(client, method, interpolatePath(path, { projectId }), {
-        body: { apexDomain, envType },
+        body: { apexDomain, envType, envId: options.envId },
         headers: orgHeaders(options),
     });
 };
 export const addHostname = (client, projectId, domainId, hostname, opts, options = {}) => {
     const { method, path } = domainsEndpoints.addHostname;
-    const { envType = 'production', ...body } = opts ?? {};
+    const { envType = 'production', envId, ...body } = opts;
     return request(client, method, interpolatePath(path, { projectId, domainId }), {
-        query: { envType },
+        query: { envType, envId },
         body: { hostname, ...body },
         headers: orgHeaders(options),
     });

package/dist/email.d.ts

@@ -1,45 +1,38 @@
 /**
- * Transactional email — admin surface (logs + settings).
+ * Transactional email — Management surface (logs, suppressions, settings).
  *
  *   GET   /email/projects/:id/logs?limit=&status=
+ *   GET   /email/projects/:id/suppressions?limit=&cursor=&email=&reason=
+ *   POST  /email/projects/:id/suppressions
+ *   DELETE /email/projects/:id/suppressions/:email
  *   GET   /email/projects/:id/email-settings
  *   PATCH /email/projects/:id/email-settings
  *
  * The runtime `send` verb lives in `@sylphx/sdk` per ADR-083 (BaaS data
  * plane). Only admin-facing observation / configuration remains here.
  */
+import { type AddSuppressionInput, type EmailLogDetail, type EmailLogEvent, type EmailLogItem, type EmailSettings, type ListEmailLogsQuery, type ListEmailLogsResult, type ListSuppressionsResult, type SuppressionItem, type SuppressionReason, type UpdateEmailSettingsInput } from '@sylphx/contract';
 import type { Client } from './client.js';
-export interface EmailLogEntry {
-    readonly id: string;
-    readonly to: string;
-    readonly from: string | null;
-    readonly subject: string;
-    readonly status: string;
-    readonly createdAt: string;
-}
 export interface ListLogsOptions {
+    readonly cursor?: string;
+    readonly email?: string;
+    readonly from?: string;
     readonly limit?: number;
-    readonly status?: string;
+    readonly status?: NonNullable<ListEmailLogsQuery['status']>;
+    readonly to?: string;
 }
-export declare const listLogs: (client: Client, projectId: string, options?: ListLogsOptions) => Promise<{
-    logs: readonly EmailLogEntry[];
-}>;
-export interface EmailSettings {
-    readonly defaultFromEmail: string | null;
-    readonly defaultFromName: string | null;
-    readonly webhookUrl: string | null;
-    readonly trackOpens: boolean | null;
-    readonly trackClicks: boolean | null;
+export declare const listLogs: (client: Client, projectId: string, options?: ListLogsOptions) => Promise<ListEmailLogsResult>;
+export declare const getLog: (client: Client, projectId: string, logId: string) => Promise<EmailLogDetail>;
+export type { AddSuppressionInput, EmailLogDetail, EmailLogEvent, EmailLogItem, EmailSettings, ListEmailLogsResult, ListSuppressionsResult, SuppressionItem, SuppressionReason, UpdateEmailSettingsInput, };
+export interface ListSuppressionsOptions {
+    readonly cursor?: string;
+    readonly email?: string;
+    readonly limit?: number;
+    readonly reason?: SuppressionReason;
 }
+export declare const listSuppressions: (client: Client, projectId: string, options?: ListSuppressionsOptions) => Promise<ListSuppressionsResult>;
+export declare const addSuppression: (client: Client, projectId: string, input: AddSuppressionInput) => Promise<SuppressionItem>;
+export declare const deleteSuppression: (client: Client, projectId: string, email: string) => Promise<SuppressionItem>;
 export declare const getSettings: (client: Client, projectId: string) => Promise<EmailSettings>;
-export interface UpdateSettingsInput {
-    readonly fromEmail?: string;
-    readonly fromName?: string;
-    readonly webhookUrl?: string;
-    readonly trackOpens?: boolean;
-    readonly trackClicks?: boolean;
-}
-export declare const updateSettings: (client: Client, projectId: string, input: UpdateSettingsInput) => Promise<{
-    success: boolean;
-}>;
+export declare const updateSettings: (client: Client, projectId: string, input: UpdateEmailSettingsInput) => Promise<EmailSettings>;
 //# sourceMappingURL=email.d.ts.map

package/dist/email.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"email.d.ts","sourceRoot":"","sources":["../src/email.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAGzC,MAAM,WAAW,aAAa;IAC7B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAA;IAC5B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;CAC1B;AAED,MAAM,WAAW,eAAe;IAC/B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CACxB;AAED,eAAO,MAAM,QAAQ,GACpB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,UAAU,eAAe,KACvB,OAAO,CAAC;IAAE,IAAI,EAAE,SAAS,aAAa,EAAE,CAAA;CAAE,CAM1C,CAAA;AAEH,MAAM,WAAW,aAAa;IAC7B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,GAAG,IAAI,CAAA;IACxC,QAAQ,CAAC,eAAe,EAAE,MAAM,GAAG,IAAI,CAAA;IACvC,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IAClC,QAAQ,CAAC,UAAU,EAAE,OAAO,GAAG,IAAI,CAAA;IACnC,QAAQ,CAAC,WAAW,EAAE,OAAO,GAAG,IAAI,CAAA;CACpC;AAED,eAAO,MAAM,WAAW,GAAI,QAAQ,MAAM,EAAE,WAAW,MAAM,KAAG,OAAO,CAAC,aAAa,CACK,CAAA;AAE1F,MAAM,WAAW,mBAAmB;IACnC,QAAQ,CAAC,SAAS,CAAC,EAAE,MAAM,CAAA;IAC3B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;IAC1B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAA;IAC5B,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,CAAA;IAC7B,QAAQ,CAAC,WAAW,CAAC,EAAE,OAAO,CAAA;CAC9B;AAED,eAAO,MAAM,cAAc,GAC1B,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,OAAO,mBAAmB,KACxB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAA;CAAE,CAG5B,CAAA"}
+{"version":3,"file":"email.d.ts","sourceRoot":"","sources":["../src/email.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EACN,KAAK,mBAAmB,EAExB,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,YAAY,EACjB,KAAK,aAAa,EAClB,KAAK,kBAAkB,EACvB,KAAK,mBAAmB,EACxB,KAAK,sBAAsB,EAC3B,KAAK,eAAe,EACpB,KAAK,iBAAiB,EACtB,KAAK,wBAAwB,EAC7B,MAAM,kBAAkB,CAAA;AACzB,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAGzC,MAAM,WAAW,eAAe;IAC/B,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,IAAI,CAAC,EAAE,MAAM,CAAA;IACtB,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,MAAM,CAAC,EAAE,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC,CAAA;IAC3D,QAAQ,CAAC,EAAE,CAAC,EAAE,MAAM,CAAA;CACpB;AAED,eAAO,MAAM,QAAQ,GACpB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,UAAU,eAAe,KACvB,OAAO,CAAC,mBAAmB,CAY7B,CAAA;AAED,eAAO,MAAM,MAAM,GAClB,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,OAAO,MAAM,KACX,OAAO,CAAC,cAAc,CAGxB,CAAA;AAED,YAAY,EACX,mBAAmB,EACnB,cAAc,EACd,aAAa,EACb,YAAY,EACZ,aAAa,EACb,mBAAmB,EACnB,sBAAsB,EACtB,eAAe,EACf,iBAAiB,EACjB,wBAAwB,GACxB,CAAA;AAED,MAAM,WAAW,uBAAuB;IACvC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAA;IACxB,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,MAAM,CAAC,EAAE,iBAAiB,CAAA;CACnC;AAED,eAAO,MAAM,gBAAgB,GAC5B,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,UAAU,uBAAuB,KAC/B,OAAO,CAAC,sBAAsB,CAUhC,CAAA;AAED,eAAO,MAAM,cAAc,GAC1B,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,OAAO,mBAAmB,KACxB,OAAO,CAAC,eAAe,CAGzB,CAAA;AAED,eAAO,MAAM,iBAAiB,GAC7B,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,OAAO,MAAM,KACX,OAAO,CAAC,eAAe,CAGzB,CAAA;AAED,eAAO,MAAM,WAAW,GAAI,QAAQ,MAAM,EAAE,WAAW,MAAM,KAAG,OAAO,CAAC,aAAa,CAGpF,CAAA;AAED,eAAO,MAAM,cAAc,GAC1B,QAAQ,MAAM,EACd,WAAW,MAAM,EACjB,OAAO,wBAAwB,KAC7B,OAAO,CAAC,aAAa,CAKvB,CAAA"}