@tenxyte/core 0.1.5 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. package/README.md +184 -0
  2. package/dist/index.cjs +951 -496
  3. package/dist/index.cjs.map +1 -1
  4. package/dist/index.d.cts +1709 -1265
  5. package/dist/index.d.ts +1709 -1265
  6. package/dist/index.js +919 -464
  7. package/dist/index.js.map +1 -1
  8. package/package.json +70 -66
  9. package/src/client.ts +50 -21
  10. package/src/http/client.ts +162 -162
  11. package/src/http/index.ts +1 -1
  12. package/src/http/interceptors.ts +117 -117
  13. package/src/index.ts +7 -7
  14. package/src/modules/ai.ts +178 -0
  15. package/src/modules/auth.ts +116 -95
  16. package/src/modules/b2b.ts +177 -0
  17. package/src/modules/rbac.ts +207 -160
  18. package/src/modules/security.ts +313 -122
  19. package/src/modules/user.ts +95 -80
  20. package/src/storage/cookie.ts +39 -39
  21. package/src/storage/index.ts +29 -29
  22. package/src/storage/localStorage.ts +75 -75
  23. package/src/storage/memory.ts +30 -30
  24. package/src/types/index.ts +152 -150
  25. package/src/utils/base64url.ts +25 -0
  26. package/src/utils/device_info.ts +94 -94
  27. package/src/utils/events.ts +71 -71
  28. package/src/utils/jwt.ts +51 -51
  29. package/tests/http.test.ts +144 -144
  30. package/tests/modules/auth.test.ts +93 -93
  31. package/tests/modules/rbac.test.ts +95 -95
  32. package/tests/modules/security.test.ts +85 -75
  33. package/tests/modules/user.test.ts +76 -76
  34. package/tests/storage.test.ts +96 -96
  35. package/tests/utils.test.ts +71 -71
  36. package/tsup.config.ts +10 -10
  37. package/vitest.config.ts +7 -7
package/dist/index.d.cts CHANGED
@@ -1,1265 +1,1709 @@
1
- interface HttpClientOptions {
2
- baseUrl: string;
3
- timeoutMs?: number;
4
- headers?: Record<string, string>;
5
- }
6
- type RequestConfig = Omit<RequestInit, 'body' | 'headers'> & {
7
- body?: unknown;
8
- headers?: Record<string, string>;
9
- params?: Record<string, string | number | boolean>;
10
- };
11
- /**
12
- * Core HTTP Client underlying the SDK.
13
- * Handles JSON parsing, standard headers, simple request processing,
14
- * and normalizing errors into TenxyteError format.
15
- */
16
- declare class TenxyteHttpClient {
17
- private baseUrl;
18
- private defaultHeaders;
19
- private requestInterceptors;
20
- private responseInterceptors;
21
- constructor(options: HttpClientOptions);
22
- addRequestInterceptor(interceptor: typeof this.requestInterceptors[0]): void;
23
- addResponseInterceptor(interceptor: typeof this.responseInterceptors[0]): void;
24
- /**
25
- * Main request method wrapping fetch
26
- */
27
- request<T>(endpoint: string, config?: RequestConfig): Promise<T>;
28
- private normalizeError;
29
- get<T>(endpoint: string, config?: Omit<RequestConfig, 'method' | 'body'>): Promise<T>;
30
- post<T>(endpoint: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'body'>): Promise<T>;
31
- put<T>(endpoint: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'body'>): Promise<T>;
32
- patch<T>(endpoint: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'body'>): Promise<T>;
33
- delete<T>(endpoint: string, config?: Omit<RequestConfig, 'method' | 'body'>): Promise<T>;
34
- }
35
-
36
- interface components {
37
- schemas: {
38
- /**
39
- * @description * `login` - Login
40
- * * `login_failed` - Login Failed
41
- * * `logout` - Logout
42
- * * `logout_all` - Logout All Devices
43
- * * `token_refresh` - Token Refresh
44
- * * `password_change` - Password Changed
45
- * * `password_reset_request` - Password Reset Requested
46
- * * `password_reset_complete` - Password Reset Completed
47
- * * `2fa_enabled` - 2FA Enabled
48
- * * `2fa_disabled` - 2FA Disabled
49
- * * `2fa_backup_used` - 2FA Backup Code Used
50
- * * `account_created` - Account Created
51
- * * `account_locked` - Account Locked
52
- * * `account_unlocked` - Account Unlocked
53
- * * `email_verified` - Email Verified
54
- * * `phone_verified` - Phone Verified
55
- * * `role_assigned` - Role Assigned
56
- * * `role_removed` - Role Removed
57
- * * `permission_changed` - Permission Changed
58
- * * `app_created` - Application Created
59
- * * `app_credentials_regenerated` - Application Credentials Regenerated
60
- * * `account_deleted` - Account Deleted
61
- * * `suspicious_activity` - Suspicious Activity Detected
62
- * * `session_limit_exceeded` - Session Limit Exceeded
63
- * * `device_limit_exceeded` - Device Limit Exceeded
64
- * * `new_device_detected` - New Device Detected
65
- * * `agent_action` - Agent Action Executed
66
- * @enum {string}
67
- */
68
- ActionEnum: "login" | "login_failed" | "logout" | "logout_all" | "token_refresh" | "password_change" | "password_reset_request" | "password_reset_complete" | "2fa_enabled" | "2fa_disabled" | "2fa_backup_used" | "account_created" | "account_locked" | "account_unlocked" | "email_verified" | "phone_verified" | "role_assigned" | "role_removed" | "permission_changed" | "app_created" | "app_credentials_regenerated" | "account_deleted" | "suspicious_activity" | "session_limit_exceeded" | "device_limit_exceeded" | "new_device_detected" | "agent_action";
69
- /** @description Full serializer for admin user detail view. */
70
- AdminUserDetail: {
71
- readonly id: string;
72
- /** Format: email */
73
- email?: string | null;
74
- phone_country_code?: string | null;
75
- phone_number?: string | null;
76
- first_name?: string;
77
- last_name?: string;
78
- is_active?: boolean;
79
- is_locked?: boolean;
80
- /** Format: date-time */
81
- locked_until?: string | null;
82
- /** @description Permanent ban (manual admin action). Cannot be auto-lifted. */
83
- is_banned?: boolean;
84
- is_deleted?: boolean;
85
- /** Format: date-time */
86
- deleted_at?: string | null;
87
- is_email_verified?: boolean;
88
- is_phone_verified?: boolean;
89
- is_2fa_enabled?: boolean;
90
- is_staff?: boolean;
91
- is_superuser?: boolean;
92
- /**
93
- * Format: int64
94
- * @description Maximum concurrent sessions allowed (0 = unlimited)
95
- */
96
- max_sessions?: number;
97
- /**
98
- * Format: int64
99
- * @description Maximum unique devices allowed (0 = unlimited)
100
- */
101
- max_devices?: number;
102
- readonly roles: string[];
103
- readonly permissions: string[];
104
- /** Format: date-time */
105
- readonly created_at: string;
106
- /** Format: date-time */
107
- readonly updated_at: string;
108
- /** Format: date-time */
109
- last_login?: string | null;
110
- };
111
- /** @description Lightweight serializer for admin user listing. */
112
- AdminUserList: {
113
- readonly id: string;
114
- /** Format: email */
115
- email?: string | null;
116
- first_name?: string;
117
- last_name?: string;
118
- is_active?: boolean;
119
- is_locked?: boolean;
120
- /** @description Permanent ban (manual admin action). Cannot be auto-lifted. */
121
- is_banned?: boolean;
122
- is_deleted?: boolean;
123
- is_email_verified?: boolean;
124
- is_phone_verified?: boolean;
125
- is_2fa_enabled?: boolean;
126
- readonly roles: string[];
127
- /** Format: date-time */
128
- readonly created_at: string;
129
- /** Format: date-time */
130
- last_login?: string | null;
131
- };
132
- AgentConfirmRequest: {
133
- /** @description Confirmation token de l'action */
134
- token: string;
135
- };
136
- AgentErrorResponse: {
137
- error: string;
138
- code?: string;
139
- };
140
- AgentPendingActionList: {
141
- id: number;
142
- agent_id: string;
143
- permission: string;
144
- endpoint: string;
145
- payload: {
146
- [key: string]: unknown;
147
- } | null;
148
- confirmation_token: string;
149
- /** Format: date-time */
150
- expires_at: string;
151
- /** Format: date-time */
152
- created_at: string;
153
- };
154
- AgentReportUsageBudget: {
155
- error: string;
156
- status: string;
157
- };
158
- AgentReportUsageRequest: {
159
- /**
160
- * Format: double
161
- * @description Coût en USD de la session
162
- */
163
- cost_usd: number;
164
- /** @description Tokens prompt consommés */
165
- prompt_tokens: number;
166
- /** @description Tokens completion consommés */
167
- completion_tokens: number;
168
- };
169
- AgentRevokeAllOk: {
170
- status: string;
171
- /** @description Nombre de tokens révoqués */
172
- count: number;
173
- };
174
- AgentSuccessResponse: {
175
- status: string;
176
- };
177
- AgentTokenCreateRequest: {
178
- /** @description Identifiant de l'agent (ex: 'my-bot-v1') */
179
- agent_id: string;
180
- /** @description Durée de validité en secondes */
181
- expires_in?: number;
182
- /** @description Liste des permissions demandées */
183
- permissions?: string[];
184
- /** @description Slug organisation (alternatif à X-Org-Slug header) */
185
- organization?: string;
186
- /**
187
- * Format: double
188
- * @description Budget max en USD
189
- */
190
- budget_limit_usd?: number;
191
- circuit_breaker?: {
192
- [key: string]: unknown;
193
- };
194
- dead_mans_switch?: {
195
- [key: string]: unknown;
196
- };
197
- };
198
- AgentTokenCreated: {
199
- id: number;
200
- /** @description Token brut AgentBearer (secret, à stocker) */
201
- token: string;
202
- agent_id: string;
203
- status: string;
204
- /** Format: date-time */
205
- expires_at: string;
206
- };
207
- AgentTokenDetail: {
208
- id: number;
209
- agent_id: string;
210
- status: string;
211
- /** Format: date-time */
212
- expires_at: string;
213
- /** Format: date-time */
214
- created_at: string;
215
- organization: string | null;
216
- current_request_count: number;
217
- };
218
- AgentTokenList: {
219
- id: number;
220
- agent_id: string;
221
- status: string;
222
- /** Format: date-time */
223
- expires_at: string;
224
- /** Format: date-time */
225
- created_at: string;
226
- organization: string | null;
227
- current_request_count: number;
228
- };
229
- /** @description Serializer pour afficher les applications (sans le secret) */
230
- Application: {
231
- readonly id: string;
232
- name: string;
233
- description?: string;
234
- readonly access_key: string;
235
- is_active?: boolean;
236
- /** Format: date-time */
237
- readonly created_at: string;
238
- /** Format: date-time */
239
- readonly updated_at: string;
240
- };
241
- /** @description Serializer pour créer une application */
242
- ApplicationCreate: {
243
- name: string;
244
- /** @default */
245
- description: string;
246
- };
247
- /** @description Serializer pour mettre à jour une application */
248
- ApplicationUpdate: {
249
- name?: string;
250
- description?: string;
251
- is_active?: boolean;
252
- };
253
- AssignRole: {
254
- role_code: string;
255
- };
256
- /** @description Serializer for audit log entries. */
257
- AuditLog: {
258
- readonly id: string;
259
- user?: number | null;
260
- readonly user_email: string;
261
- action: components["schemas"]["ActionEnum"];
262
- ip_address?: string | null;
263
- user_agent?: string;
264
- application?: number | null;
265
- readonly application_name: string;
266
- details?: unknown;
267
- /** Format: date-time */
268
- readonly created_at: string;
269
- };
270
- /** @description Serializer for banning a user. */
271
- BanUser: {
272
- /**
273
- * @description Reason for the ban (stored in audit log)
274
- * @default
275
- */
276
- reason: string;
277
- };
278
- /** @description Serializer for blacklisted JWT tokens. */
279
- BlacklistedToken: {
280
- readonly id: string;
281
- token_jti: string;
282
- user?: number | null;
283
- readonly user_email: string;
284
- /** Format: date-time */
285
- readonly blacklisted_at: string;
286
- /** Format: date-time */
287
- expires_at: string;
288
- reason?: string;
289
- readonly is_expired: string;
290
- };
291
- CancelAccountDeletion: {
292
- /** @description Mot de passe actuel requis pour annulation */
293
- password: string;
294
- };
295
- ChangePassword: {
296
- current_password: string;
297
- new_password: string;
298
- };
299
- /** @description Serializer for admin deletion request listing/detail. */
300
- DeletionRequest: {
301
- readonly id: string;
302
- user: number;
303
- readonly user_email: string;
304
- status?: components["schemas"]["StatusEnum"];
305
- /** Format: date-time */
306
- readonly requested_at: string;
307
- /** Format: date-time */
308
- confirmed_at?: string | null;
309
- /** Format: date-time */
310
- grace_period_ends_at?: string | null;
311
- /** Format: date-time */
312
- completed_at?: string | null;
313
- ip_address?: string | null;
314
- /** @description Optional reason for deletion request */
315
- reason?: string;
316
- admin_notes?: string;
317
- processed_by?: number | null;
318
- readonly processed_by_email: string;
319
- readonly is_grace_period_expired: string;
320
- };
321
- ExportUserData: {
322
- /** @description Mot de passe actuel requis pour exporter les données */
323
- password: string;
324
- };
325
- /** @description Serializer for locking a user account. */
326
- LockUser: {
327
- /**
328
- * @description Lock duration in minutes (default: 30, max: 30 days)
329
- * @default 30
330
- */
331
- duration_minutes: number;
332
- /**
333
- * @description Reason for the lock (stored in audit log)
334
- * @default
335
- */
336
- reason: string;
337
- };
338
- /** @description Serializer for login attempt records. */
339
- LoginAttempt: {
340
- readonly id: string;
341
- identifier: string;
342
- ip_address: string;
343
- application?: number | null;
344
- success?: boolean;
345
- failure_reason?: string;
346
- /** Format: date-time */
347
- readonly created_at: string;
348
- };
349
- LoginEmail: {
350
- /** Format: email */
351
- email: string;
352
- password: string;
353
- /** @description Code 2FA (requis si 2FA activé) */
354
- totp_code?: string;
355
- /**
356
- * @description Device info au format v1 (ex: v=1|os=windows;osv=11|device=desktop)
357
- * @default
358
- */
359
- device_info: string;
360
- };
361
- LoginPhone: {
362
- phone_country_code: string;
363
- phone_number: string;
364
- password: string;
365
- /** @description Code 2FA (requis si 2FA activé) */
366
- totp_code?: string;
367
- /**
368
- * @description Device info au format v1 (ex: v=1|os=windows;osv=11|device=desktop)
369
- * @default
370
- */
371
- device_info: string;
372
- };
373
- MagicLinkRequest: {
374
- /**
375
- * Format: email
376
- * @description Adresse email pour recevoir le magic link
377
- */
378
- email: string;
379
- /**
380
- * Format: uri
381
- * @description URL pour construire le lien de vérification (obligatoire)
382
- */
383
- validation_url: string;
384
- };
385
- ManageRolePermissions: {
386
- /** @description Liste des codes de permissions à ajouter ou retirer */
387
- permission_codes: string[];
388
- };
389
- /**
390
- * @description * `email` - email
391
- * * `phone` - phone
392
- * @enum {string}
393
- */
394
- OtpTypeEnum: "email" | "phone";
395
- PaginatedAdminUserListList: {
396
- /**
397
- * @description Total number of items
398
- * @example 150
399
- */
400
- count: number;
401
- /**
402
- * @description Current page number
403
- * @example 1
404
- */
405
- page?: number;
406
- /**
407
- * @description Items per page
408
- * @example 20
409
- */
410
- page_size?: number;
411
- /**
412
- * @description Total number of pages
413
- * @example 8
414
- */
415
- total_pages?: number;
416
- /**
417
- * Format: uri
418
- * @description URL to the next page
419
- */
420
- next?: string | null;
421
- /**
422
- * Format: uri
423
- * @description URL to the previous page
424
- */
425
- previous?: string | null;
426
- results: components["schemas"]["AdminUserList"][];
427
- };
428
- PaginatedApplicationList: {
429
- /**
430
- * @description Total number of items
431
- * @example 150
432
- */
433
- count: number;
434
- /**
435
- * @description Current page number
436
- * @example 1
437
- */
438
- page?: number;
439
- /**
440
- * @description Items per page
441
- * @example 20
442
- */
443
- page_size?: number;
444
- /**
445
- * @description Total number of pages
446
- * @example 8
447
- */
448
- total_pages?: number;
449
- /**
450
- * Format: uri
451
- * @description URL to the next page
452
- */
453
- next?: string | null;
454
- /**
455
- * Format: uri
456
- * @description URL to the previous page
457
- */
458
- previous?: string | null;
459
- results: components["schemas"]["Application"][];
460
- };
461
- PaginatedAuditLogList: {
462
- /**
463
- * @description Total number of items
464
- * @example 150
465
- */
466
- count: number;
467
- /**
468
- * @description Current page number
469
- * @example 1
470
- */
471
- page?: number;
472
- /**
473
- * @description Items per page
474
- * @example 20
475
- */
476
- page_size?: number;
477
- /**
478
- * @description Total number of pages
479
- * @example 8
480
- */
481
- total_pages?: number;
482
- /**
483
- * Format: uri
484
- * @description URL to the next page
485
- */
486
- next?: string | null;
487
- /**
488
- * Format: uri
489
- * @description URL to the previous page
490
- */
491
- previous?: string | null;
492
- results: components["schemas"]["AuditLog"][];
493
- };
494
- PaginatedBlacklistedTokenList: {
495
- /**
496
- * @description Total number of items
497
- * @example 150
498
- */
499
- count: number;
500
- /**
501
- * @description Current page number
502
- * @example 1
503
- */
504
- page?: number;
505
- /**
506
- * @description Items per page
507
- * @example 20
508
- */
509
- page_size?: number;
510
- /**
511
- * @description Total number of pages
512
- * @example 8
513
- */
514
- total_pages?: number;
515
- /**
516
- * Format: uri
517
- * @description URL to the next page
518
- */
519
- next?: string | null;
520
- /**
521
- * Format: uri
522
- * @description URL to the previous page
523
- */
524
- previous?: string | null;
525
- results: components["schemas"]["BlacklistedToken"][];
526
- };
527
- PaginatedLoginAttemptList: {
528
- /**
529
- * @description Total number of items
530
- * @example 150
531
- */
532
- count: number;
533
- /**
534
- * @description Current page number
535
- * @example 1
536
- */
537
- page?: number;
538
- /**
539
- * @description Items per page
540
- * @example 20
541
- */
542
- page_size?: number;
543
- /**
544
- * @description Total number of pages
545
- * @example 8
546
- */
547
- total_pages?: number;
548
- /**
549
- * Format: uri
550
- * @description URL to the next page
551
- */
552
- next?: string | null;
553
- /**
554
- * Format: uri
555
- * @description URL to the previous page
556
- */
557
- previous?: string | null;
558
- results: components["schemas"]["LoginAttempt"][];
559
- };
560
- PaginatedPermissionList: {
561
- /**
562
- * @description Total number of items
563
- * @example 150
564
- */
565
- count: number;
566
- /**
567
- * @description Current page number
568
- * @example 1
569
- */
570
- page?: number;
571
- /**
572
- * @description Items per page
573
- * @example 20
574
- */
575
- page_size?: number;
576
- /**
577
- * @description Total number of pages
578
- * @example 8
579
- */
580
- total_pages?: number;
581
- /**
582
- * Format: uri
583
- * @description URL to the next page
584
- */
585
- next?: string | null;
586
- /**
587
- * Format: uri
588
- * @description URL to the previous page
589
- */
590
- previous?: string | null;
591
- results: components["schemas"]["Permission"][];
592
- };
593
- PaginatedRefreshTokenAdminList: {
594
- /**
595
- * @description Total number of items
596
- * @example 150
597
- */
598
- count: number;
599
- /**
600
- * @description Current page number
601
- * @example 1
602
- */
603
- page?: number;
604
- /**
605
- * @description Items per page
606
- * @example 20
607
- */
608
- page_size?: number;
609
- /**
610
- * @description Total number of pages
611
- * @example 8
612
- */
613
- total_pages?: number;
614
- /**
615
- * Format: uri
616
- * @description URL to the next page
617
- */
618
- next?: string | null;
619
- /**
620
- * Format: uri
621
- * @description URL to the previous page
622
- */
623
- previous?: string | null;
624
- results: components["schemas"]["RefreshTokenAdmin"][];
625
- };
626
- PaginatedRoleListList: {
627
- /**
628
- * @description Total number of items
629
- * @example 150
630
- */
631
- count: number;
632
- /**
633
- * @description Current page number
634
- * @example 1
635
- */
636
- page?: number;
637
- /**
638
- * @description Items per page
639
- * @example 20
640
- */
641
- page_size?: number;
642
- /**
643
- * @description Total number of pages
644
- * @example 8
645
- */
646
- total_pages?: number;
647
- /**
648
- * Format: uri
649
- * @description URL to the next page
650
- */
651
- next?: string | null;
652
- /**
653
- * Format: uri
654
- * @description URL to the previous page
655
- */
656
- previous?: string | null;
657
- results: components["schemas"]["RoleList"][];
658
- };
659
- PasswordResetConfirm: {
660
- code: string;
661
- new_password: string;
662
- };
663
- PasswordResetRequest: {
664
- /** Format: email */
665
- email?: string;
666
- phone_country_code?: string;
667
- phone_number?: string;
668
- };
669
- PasswordStrengthRequest: {
670
- password: string;
671
- /** Format: email */
672
- email?: string;
673
- };
674
- /** @description Serializer for admin user updates (partial). */
675
- PatchedAdminUserUpdate: {
676
- first_name?: string;
677
- last_name?: string;
678
- is_active?: boolean;
679
- is_staff?: boolean;
680
- is_superuser?: boolean;
681
- max_sessions?: number;
682
- max_devices?: number;
683
- };
684
- PatchedToggleApplicationStatus: {
685
- /** @description Nouveau statut actif de l'application */
686
- is_active?: boolean;
687
- };
688
- PatchedUpdateProfileRequest: {
689
- /** @description Prénom (max 30 caractères) */
690
- first_name?: string;
691
- /** @description Nom (max 30 caractères) */
692
- last_name?: string;
693
- /** @description Nom d'utilisateur unique (alphanumérique + underscores) */
694
- username?: string;
695
- /** @description Numéro de téléphone au format international (+33612345678) */
696
- phone?: string;
697
- /** @description Biographie (max 500 caractères) */
698
- bio?: string;
699
- /** @description Fuseau horaire (ex: Europe/Paris, America/New_York) */
700
- timezone?: string;
701
- /** @description Langue préférée */
702
- language?: string;
703
- /** @description Champs personnalisés (selon configuration organisation) */
704
- custom_fields?: {
705
- [key: string]: unknown;
706
- };
707
- };
708
- Permission: {
709
- readonly id: string;
710
- code: string;
711
- name: string;
712
- description?: string;
713
- readonly parent: {
714
- [key: string]: unknown;
715
- } | null;
716
- /** @description Code de la permission parente (hiérarchie) */
717
- parent_code?: string | null;
718
- readonly children: {
719
- [key: string]: unknown;
720
- }[];
721
- /** Format: date-time */
722
- readonly created_at: string;
723
- };
724
- ProcessDeletionRequest: {
725
- /** @description Texte de confirmation "PERMANENTLY DELETE" */
726
- confirmation: string;
727
- /** @description Notes administratives optionnelles */
728
- admin_notes?: string;
729
- };
730
- RefreshToken: {
731
- refresh_token: string;
732
- };
733
- /** @description Serializer for refresh tokens (admin view, token value hidden). */
734
- RefreshTokenAdmin: {
735
- readonly id: string;
736
- user: number;
737
- readonly user_email: string;
738
- application: number;
739
- readonly application_name: string;
740
- device_info?: string;
741
- ip_address?: string | null;
742
- is_revoked?: boolean;
743
- readonly is_expired: string;
744
- /** Format: date-time */
745
- expires_at: string;
746
- /** Format: date-time */
747
- readonly created_at: string;
748
- /** Format: date-time */
749
- readonly last_used_at: string;
750
- };
751
- RegenerateApplicationCredentials: {
752
- /** @description Texte de confirmation "REGENERATE" */
753
- confirmation: string;
754
- };
755
- Register: {
756
- /** Format: email */
757
- email?: string | null;
758
- phone_country_code?: string | null;
759
- phone_number?: string | null;
760
- password: string;
761
- /** @default */
762
- first_name: string;
763
- /** @default */
764
- last_name: string;
765
- /**
766
- * @description Si True, l'utilisateur est connecté immédiatement après l'inscription (tokens JWT retournés)
767
- * @default false
768
- */
769
- login: boolean;
770
- /**
771
- * @description Device info au format v1 (ex: v=1|os=windows;osv=11|device=desktop)
772
- * @default
773
- */
774
- device_info: string;
775
- };
776
- RequestAccountDeletion: {
777
- /** @description Mot de passe actuel requis pour confirmation */
778
- password: string;
779
- /** @description Code OTP à 6 chiffres (requis si 2FA activé) */
780
- otp_code?: string;
781
- /** @description Raison optionnelle de la suppression */
782
- reason?: string;
783
- };
784
- RequestOTP: {
785
- otp_type: components["schemas"]["OtpTypeEnum"];
786
- };
787
- Role: {
788
- readonly id: string;
789
- code: string;
790
- name: string;
791
- description?: string;
792
- readonly permissions: components["schemas"]["Permission"][];
793
- permission_codes?: string[];
794
- is_default?: boolean;
795
- /** Format: date-time */
796
- readonly created_at: string;
797
- /** Format: date-time */
798
- readonly updated_at: string;
799
- };
800
- /** @description Version allégée pour les listes */
801
- RoleList: {
802
- readonly id: string;
803
- code: string;
804
- name: string;
805
- is_default?: boolean;
806
- };
807
- SocialAuthRequest: {
808
- /** @description OAuth2 access token du provider */
809
- access_token?: string;
810
- /** @description Authorization code flow */
811
- code?: string;
812
- /** @description URI de redirection (requis avec code) */
813
- redirect_uri?: string;
814
- /** @description Google ID token uniquement */
815
- id_token?: string;
816
- /** @description Informations device (optionnel) */
817
- device_info?: string;
818
- };
819
- SocialCallbackError: {
820
- error: string;
821
- code: string;
822
- };
823
- SocialCallbackRedirect: {
824
- /** @description URL de redirection avec tokens en paramètres query */
825
- location: string;
826
- };
827
- SocialCallbackResponse: {
828
- access: string;
829
- refresh: string;
830
- provider: string;
831
- is_new_user: boolean;
832
- };
833
- SocialCallbackUnauthorized: {
834
- error: string;
835
- code: string;
836
- };
837
- /**
838
- * @description * `pending` - Pending
839
- * * `confirmation_sent` - Confirmation Sent
840
- * * `confirmed` - Confirmed
841
- * * `completed` - Completed
842
- * * `cancelled` - Cancelled
843
- * @enum {string}
844
- */
845
- StatusEnum: "pending" | "confirmation_sent" | "confirmed" | "completed" | "cancelled";
846
- TokenRequest: {
847
- /** @description Confirmation token de l'action */
848
- token: string;
849
- };
850
- TwoFactorBackupCodesRequest: {
851
- /** @description Code TOTP à 6 chiffres pour validation */
852
- code: string;
853
- };
854
- TwoFactorConfirmRequest: {
855
- /** @description Code TOTP à 6 chiffres */
856
- code: string;
857
- };
858
- TwoFactorDisableRequest: {
859
- /** @description Code TOTP ou code de secours à 8 chiffres */
860
- code: string;
861
- /** @description Mot de passe de l'utilisateur pour confirmation */
862
- password: string;
863
- };
864
- VerifyOTP: {
865
- code: string;
866
- };
867
- WebAuthnAuthenticateBeginRequest: {
868
- /**
869
- * Format: email
870
- * @description Optionnel — pour credentials utilisateur spécifiques
871
- */
872
- email?: string;
873
- };
874
- WebAuthnAuthenticateCompleteRequest: {
875
- /** @description ID du challenge généré */
876
- challenge_id: number;
877
- /** @description Assertion WebAuthn du navigateur */
878
- credential: {
879
- [key: string]: unknown;
880
- };
881
- /** @description Informations sur le device (optionnel) */
882
- device_info?: string;
883
- };
884
- WebAuthnRegisterCompleteRequest: {
885
- /** @description ID du challenge généré */
886
- challenge_id: number;
887
- /** @description Credential WebAuthn du navigateur */
888
- credential: {
889
- [key: string]: unknown;
890
- };
891
- /** @description Nom optionnel du device */
892
- device_name?: string;
893
- };
894
- User: {
895
- /** Format: uuid */
896
- id?: string;
897
- email?: string;
898
- phone_country_code?: string | null;
899
- phone_number?: string | null;
900
- first_name?: string;
901
- last_name?: string;
902
- is_email_verified?: boolean;
903
- is_phone_verified?: boolean;
904
- is_2fa_enabled?: boolean;
905
- roles?: string[];
906
- permissions?: string[];
907
- /** Format: date-time */
908
- created_at?: string;
909
- /** Format: date-time */
910
- last_login?: string | null;
911
- };
912
- };
913
- responses: never;
914
- parameters: never;
915
- requestBodies: never;
916
- headers: never;
917
- pathItems: never;
918
- }
919
-
920
- type GeneratedSchema = components['schemas'];
921
- /**
922
- * Core User Interface exposed by the SDK.
923
- */
924
- interface TenxyteUser {
925
- id: string;
926
- email: string | null;
927
- phone_country_code: string | null;
928
- phone_number: string | null;
929
- first_name: string;
930
- last_name: string;
931
- is_email_verified: boolean;
932
- is_phone_verified: boolean;
933
- is_2fa_enabled: boolean;
934
- roles: string[];
935
- permissions: string[];
936
- created_at: string;
937
- last_login: string | null;
938
- }
939
- /**
940
- * Standard SDK Token Pair (internal structure normalized by interceptors)
941
- */
942
- interface TokenPair {
943
- access_token: string;
944
- refresh_token: string;
945
- token_type: 'Bearer';
946
- expires_in: number;
947
- device_summary: string | null;
948
- }
949
- /**
950
- * Standardized API Error Response wrapper
951
- */
952
- interface TenxyteError {
953
- error: string;
954
- code: TenxyteErrorCode;
955
- details?: Record<string, string[]> | string;
956
- retry_after?: number;
957
- }
958
- type TenxyteErrorCode = 'LOGIN_FAILED' | 'INVALID_CREDENTIALS' | 'ACCOUNT_LOCKED' | 'ACCOUNT_BANNED' | '2FA_REQUIRED' | 'ADMIN_2FA_SETUP_REQUIRED' | 'TOKEN_EXPIRED' | 'TOKEN_BLACKLISTED' | 'REFRESH_FAILED' | 'PERMISSION_DENIED' | 'SESSION_LIMIT_EXCEEDED' | 'DEVICE_LIMIT_EXCEEDED' | 'RATE_LIMITED' | 'INVALID_OTP' | 'OTP_EXPIRED' | 'INVALID_PROVIDER' | 'SOCIAL_AUTH_FAILED' | 'VALIDATION_URL_REQUIRED' | 'INVALID_TOKEN' | 'CONFIRMATION_REQUIRED' | 'PASSWORD_REQUIRED' | 'INVALID_PASSWORD' | 'INVALID_DEVICE_INFO' | 'ORG_NOT_FOUND' | 'NOT_ORG_MEMBER' | 'NOT_OWNER' | 'ALREADY_MEMBER' | 'MEMBER_LIMIT_EXCEEDED' | 'HAS_CHILDREN' | 'CIRCULAR_HIERARCHY' | 'LAST_OWNER_REQUIRED' | 'INVITATION_EXISTS' | 'INVALID_ROLE' | 'AGENT_NOT_FOUND' | 'AGENT_SUSPENDED' | 'AGENT_REVOKED' | 'AGENT_EXPIRED' | 'BUDGET_EXCEEDED' | 'RATE_LIMIT_EXCEEDED' | 'HEARTBEAT_MISSING' | 'AIRS_DISABLED';
959
- /**
960
- * Organization Structure
961
- */
962
- interface Organization {
963
- id: number;
964
- name: string;
965
- slug: string;
966
- description: string | null;
967
- metadata: Record<string, unknown> | null;
968
- is_active: boolean;
969
- max_members: number;
970
- member_count: number;
971
- created_at: string;
972
- updated_at: string;
973
- parent: {
974
- id: number;
975
- name: string;
976
- slug: string;
977
- } | null;
978
- children: Array<{
979
- id: number;
980
- name: string;
981
- slug: string;
982
- }>;
983
- user_role: string | null;
984
- user_permissions: string[];
985
- }
986
- /**
987
- * Base Pagination Response wrapper
988
- */
989
- interface PaginatedResponse<T> {
990
- count: number;
991
- page: number;
992
- page_size: number;
993
- total_pages: number;
994
- next: string | null;
995
- previous: string | null;
996
- results: T[];
997
- }
998
- /**
999
- * AIRS Agent Token metadata
1000
- */
1001
- interface AgentTokenSummary {
1002
- id: number;
1003
- agent_id: string;
1004
- status: 'ACTIVE' | 'SUSPENDED' | 'REVOKED' | 'EXPIRED';
1005
- expires_at: string;
1006
- created_at: string;
1007
- organization: string | null;
1008
- current_request_count: number;
1009
- }
1010
- /**
1011
- * Request awaiting Human-In-The-Loop approval
1012
- */
1013
- interface AgentPendingAction {
1014
- id: number;
1015
- agent_id: string;
1016
- permission: string;
1017
- endpoint: string;
1018
- payload: unknown;
1019
- confirmation_token: string;
1020
- expires_at: string;
1021
- created_at: string;
1022
- }
1023
-
1024
- interface LoginEmailOptions {
1025
- totp_code?: string;
1026
- }
1027
- interface LoginPhoneOptions {
1028
- totp_code?: string;
1029
- }
1030
- type RegisterRequest = any;
1031
- interface MagicLinkRequest {
1032
- email: string;
1033
- }
1034
- interface SocialLoginRequest {
1035
- access_token?: string;
1036
- authorization_code?: string;
1037
- id_token?: string;
1038
- }
1039
- declare class AuthModule {
1040
- private client;
1041
- constructor(client: TenxyteHttpClient);
1042
- /**
1043
- * Authenticate user with email and password
1044
- */
1045
- loginWithEmail(data: GeneratedSchema['LoginEmail']): Promise<TokenPair>;
1046
- /**
1047
- * Authenticate user with international phone number and password
1048
- */
1049
- loginWithPhone(data: GeneratedSchema['LoginPhone']): Promise<TokenPair>;
1050
- /**
1051
- * Register a new user
1052
- */
1053
- register(data: RegisterRequest): Promise<any>;
1054
- /**
1055
- * Logout from the current session
1056
- */
1057
- logout(refreshToken: string): Promise<void>;
1058
- /**
1059
- * Logout from all sessions (revokes all refresh tokens)
1060
- */
1061
- logoutAll(): Promise<void>;
1062
- /**
1063
- * Request a magic link for sign-in
1064
- */
1065
- requestMagicLink(data: MagicLinkRequest): Promise<void>;
1066
- /**
1067
- * Verify a magic link token
1068
- */
1069
- verifyMagicLink(token: string): Promise<TokenPair>;
1070
- /**
1071
- * Perform OAuth2 Social Authentication (e.g. Google, GitHub)
1072
- */
1073
- loginWithSocial(provider: 'google' | 'github' | 'microsoft' | 'facebook', data: SocialLoginRequest): Promise<TokenPair>;
1074
- /**
1075
- * Handle Social Auth Callback (authorization code flow)
1076
- */
1077
- handleSocialCallback(provider: 'google' | 'github' | 'microsoft' | 'facebook', code: string, redirectUri: string): Promise<TokenPair>;
1078
- }
1079
-
1080
- interface OtpRequestParams {
1081
- email?: string;
1082
- phone_country_code?: string;
1083
- phone_number?: string;
1084
- type: 'email_verification' | 'phone_verification' | 'password_reset';
1085
- }
1086
- interface VerifyOtpEmailParams {
1087
- email: string;
1088
- code: string;
1089
- }
1090
- interface VerifyOtpPhoneParams {
1091
- phone_country_code: string;
1092
- phone_number: string;
1093
- code: string;
1094
- }
1095
- interface Setup2FAResponse {
1096
- qr_code_url: string;
1097
- secret: string;
1098
- backup_codes: string[];
1099
- }
1100
- interface WebAuthnRegisterBeginResponse {
1101
- publicKey: any;
1102
- }
1103
- interface WebAuthnAuthenticateBeginResponse {
1104
- publicKey: any;
1105
- }
1106
- declare class SecurityModule {
1107
- private client;
1108
- constructor(client: TenxyteHttpClient);
1109
- requestOtp(data: OtpRequestParams): Promise<void>;
1110
- verifyOtpEmail(data: VerifyOtpEmailParams): Promise<void>;
1111
- verifyOtpPhone(data: VerifyOtpPhoneParams): Promise<void>;
1112
- get2FAStatus(): Promise<{
1113
- is_enabled: boolean;
1114
- backup_codes_remaining: number;
1115
- }>;
1116
- setup2FA(): Promise<Setup2FAResponse>;
1117
- confirm2FA(totp_code: string): Promise<void>;
1118
- disable2FA(totp_code: string, password?: string): Promise<void>;
1119
- regenerateBackupCodes(totp_code: string): Promise<{
1120
- backup_codes: string[];
1121
- }>;
1122
- resetPasswordRequest(data: {
1123
- email?: string;
1124
- phone_country_code?: string;
1125
- phone_number?: string;
1126
- }): Promise<void>;
1127
- resetPasswordConfirm(data: {
1128
- otp_code: string;
1129
- new_password: string;
1130
- email?: string;
1131
- phone_country_code?: string;
1132
- phone_number?: string;
1133
- }): Promise<void>;
1134
- changePassword(data: {
1135
- current_password: string;
1136
- new_password: string;
1137
- }): Promise<void>;
1138
- checkPasswordStrength(data: {
1139
- password: string;
1140
- email?: string;
1141
- }): Promise<{
1142
- score: number;
1143
- feedback: string[];
1144
- }>;
1145
- getPasswordRequirements(): Promise<any>;
1146
- registerWebAuthnBegin(): Promise<WebAuthnRegisterBeginResponse>;
1147
- registerWebAuthnComplete(data: any): Promise<void>;
1148
- authenticateWebAuthnBegin(data?: {
1149
- email?: string;
1150
- }): Promise<WebAuthnAuthenticateBeginResponse>;
1151
- authenticateWebAuthnComplete(data: any): Promise<TokenPair>;
1152
- listWebAuthnCredentials(): Promise<any[]>;
1153
- deleteWebAuthnCredential(credentialId: string): Promise<void>;
1154
- }
1155
-
1156
- interface Role {
1157
- id: string;
1158
- name: string;
1159
- description?: string;
1160
- is_default?: boolean;
1161
- permissions?: string[];
1162
- }
1163
- interface Permission {
1164
- id: string;
1165
- code: string;
1166
- name: string;
1167
- description?: string;
1168
- }
1169
- declare class RbacModule {
1170
- private client;
1171
- private cachedToken;
1172
- constructor(client: TenxyteHttpClient);
1173
- /**
1174
- * Cache a token to use for parameter-less synchronous checks.
1175
- */
1176
- setToken(token: string | null): void;
1177
- private getDecodedToken;
1178
- hasRole(role: string, token?: string): boolean;
1179
- hasAnyRole(roles: string[], token?: string): boolean;
1180
- hasAllRoles(roles: string[], token?: string): boolean;
1181
- hasPermission(permission: string, token?: string): boolean;
1182
- hasAnyPermission(permissions: string[], token?: string): boolean;
1183
- hasAllPermissions(permissions: string[], token?: string): boolean;
1184
- listRoles(): Promise<Role[]>;
1185
- createRole(data: {
1186
- name: string;
1187
- description?: string;
1188
- permission_codes?: string[];
1189
- is_default?: boolean;
1190
- }): Promise<Role>;
1191
- getRole(roleId: string): Promise<Role>;
1192
- updateRole(roleId: string, data: {
1193
- name?: string;
1194
- description?: string;
1195
- permission_codes?: string[];
1196
- is_default?: boolean;
1197
- }): Promise<Role>;
1198
- deleteRole(roleId: string): Promise<void>;
1199
- getRolePermissions(roleId: string): Promise<Permission[]>;
1200
- addPermissionsToRole(roleId: string, permission_codes: string[]): Promise<void>;
1201
- removePermissionsFromRole(roleId: string, permission_codes: string[]): Promise<void>;
1202
- listPermissions(): Promise<Permission[]>;
1203
- createPermission(data: {
1204
- code: string;
1205
- name: string;
1206
- description?: string;
1207
- parent_code?: string;
1208
- }): Promise<Permission>;
1209
- getPermission(permissionId: string): Promise<Permission>;
1210
- updatePermission(permissionId: string, data: {
1211
- name?: string;
1212
- description?: string;
1213
- }): Promise<Permission>;
1214
- deletePermission(permissionId: string): Promise<void>;
1215
- assignRoleToUser(userId: string, roleCode: string): Promise<void>;
1216
- removeRoleFromUser(userId: string, roleCode: string): Promise<void>;
1217
- assignPermissionsToUser(userId: string, permissionCodes: string[]): Promise<void>;
1218
- removePermissionsFromUser(userId: string, permissionCodes: string[]): Promise<void>;
1219
- }
1220
-
1221
- interface UpdateProfileParams {
1222
- first_name?: string;
1223
- last_name?: string;
1224
- [key: string]: any;
1225
- }
1226
- interface AdminUpdateUserParams {
1227
- first_name?: string;
1228
- last_name?: string;
1229
- is_active?: boolean;
1230
- is_locked?: boolean;
1231
- max_sessions?: number;
1232
- max_devices?: number;
1233
- }
1234
- declare class UserModule {
1235
- private client;
1236
- constructor(client: TenxyteHttpClient);
1237
- getProfile(): Promise<any>;
1238
- updateProfile(data: UpdateProfileParams): Promise<any>;
1239
- /**
1240
- * Upload an avatar using FormData.
1241
- * Ensure the environment supports FormData (browser or Node.js v18+).
1242
- * @param formData The FormData object containing the 'avatar' field.
1243
- */
1244
- uploadAvatar(formData: FormData): Promise<any>;
1245
- deleteAccount(password: string, otpCode?: string): Promise<void>;
1246
- listUsers(params?: Record<string, any>): Promise<any[]>;
1247
- getUser(userId: string): Promise<any>;
1248
- adminUpdateUser(userId: string, data: AdminUpdateUserParams): Promise<any>;
1249
- adminDeleteUser(userId: string): Promise<void>;
1250
- banUser(userId: string, reason?: string): Promise<void>;
1251
- unbanUser(userId: string): Promise<void>;
1252
- lockUser(userId: string, durationMinutes?: number, reason?: string): Promise<void>;
1253
- unlockUser(userId: string): Promise<void>;
1254
- }
1255
-
1256
- declare class TenxyteClient {
1257
- http: TenxyteHttpClient;
1258
- auth: AuthModule;
1259
- security: SecurityModule;
1260
- rbac: RbacModule;
1261
- user: UserModule;
1262
- constructor(options: HttpClientOptions);
1263
- }
1264
-
1265
- export { type AdminUpdateUserParams, type AgentPendingAction, type AgentTokenSummary, AuthModule, type GeneratedSchema, type HttpClientOptions, type LoginEmailOptions, type LoginPhoneOptions, type MagicLinkRequest, type Organization, type OtpRequestParams, type PaginatedResponse, type Permission, RbacModule, type RegisterRequest, type RequestConfig, type Role, SecurityModule, type Setup2FAResponse, type SocialLoginRequest, TenxyteClient, type TenxyteError, type TenxyteErrorCode, TenxyteHttpClient, type TenxyteUser, type TokenPair, type UpdateProfileParams, UserModule, type VerifyOtpEmailParams, type VerifyOtpPhoneParams, type WebAuthnAuthenticateBeginResponse, type WebAuthnRegisterBeginResponse };
1
+ interface HttpClientOptions {
2
+ baseUrl: string;
3
+ timeoutMs?: number;
4
+ headers?: Record<string, string>;
5
+ }
6
+ type RequestConfig = Omit<RequestInit, 'body' | 'headers'> & {
7
+ body?: unknown;
8
+ headers?: Record<string, string>;
9
+ params?: Record<string, string | number | boolean>;
10
+ };
11
+ /**
12
+ * Core HTTP Client underlying the SDK.
13
+ * Handles JSON parsing, standard headers, simple request processing,
14
+ * and normalizing errors into TenxyteError format.
15
+ */
16
+ declare class TenxyteHttpClient {
17
+ private baseUrl;
18
+ private defaultHeaders;
19
+ private requestInterceptors;
20
+ private responseInterceptors;
21
+ constructor(options: HttpClientOptions);
22
+ addRequestInterceptor(interceptor: typeof this.requestInterceptors[0]): void;
23
+ addResponseInterceptor(interceptor: typeof this.responseInterceptors[0]): void;
24
+ /**
25
+ * Main request method wrapping fetch
26
+ */
27
+ request<T>(endpoint: string, config?: RequestConfig): Promise<T>;
28
+ private normalizeError;
29
+ get<T>(endpoint: string, config?: Omit<RequestConfig, 'method' | 'body'>): Promise<T>;
30
+ post<T>(endpoint: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'body'>): Promise<T>;
31
+ put<T>(endpoint: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'body'>): Promise<T>;
32
+ patch<T>(endpoint: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'body'>): Promise<T>;
33
+ delete<T>(endpoint: string, config?: Omit<RequestConfig, 'method' | 'body'>): Promise<T>;
34
+ }
35
+
36
+ interface components {
37
+ schemas: {
38
+ /**
39
+ * @description * `login` - Login
40
+ * * `login_failed` - Login Failed
41
+ * * `logout` - Logout
42
+ * * `logout_all` - Logout All Devices
43
+ * * `token_refresh` - Token Refresh
44
+ * * `password_change` - Password Changed
45
+ * * `password_reset_request` - Password Reset Requested
46
+ * * `password_reset_complete` - Password Reset Completed
47
+ * * `2fa_enabled` - 2FA Enabled
48
+ * * `2fa_disabled` - 2FA Disabled
49
+ * * `2fa_backup_used` - 2FA Backup Code Used
50
+ * * `account_created` - Account Created
51
+ * * `account_locked` - Account Locked
52
+ * * `account_unlocked` - Account Unlocked
53
+ * * `email_verified` - Email Verified
54
+ * * `phone_verified` - Phone Verified
55
+ * * `role_assigned` - Role Assigned
56
+ * * `role_removed` - Role Removed
57
+ * * `permission_changed` - Permission Changed
58
+ * * `app_created` - Application Created
59
+ * * `app_credentials_regenerated` - Application Credentials Regenerated
60
+ * * `account_deleted` - Account Deleted
61
+ * * `suspicious_activity` - Suspicious Activity Detected
62
+ * * `session_limit_exceeded` - Session Limit Exceeded
63
+ * * `device_limit_exceeded` - Device Limit Exceeded
64
+ * * `new_device_detected` - New Device Detected
65
+ * * `agent_action` - Agent Action Executed
66
+ * @enum {string}
67
+ */
68
+ ActionEnum: "login" | "login_failed" | "logout" | "logout_all" | "token_refresh" | "password_change" | "password_reset_request" | "password_reset_complete" | "2fa_enabled" | "2fa_disabled" | "2fa_backup_used" | "account_created" | "account_locked" | "account_unlocked" | "email_verified" | "phone_verified" | "role_assigned" | "role_removed" | "permission_changed" | "app_created" | "app_credentials_regenerated" | "account_deleted" | "suspicious_activity" | "session_limit_exceeded" | "device_limit_exceeded" | "new_device_detected" | "agent_action";
69
+ /** @description Full serializer for admin user detail view. */
70
+ AdminUserDetail: {
71
+ readonly id: string;
72
+ /** Format: email */
73
+ email?: string | null;
74
+ phone_country_code?: string | null;
75
+ phone_number?: string | null;
76
+ first_name?: string;
77
+ last_name?: string;
78
+ is_active?: boolean;
79
+ is_locked?: boolean;
80
+ /** Format: date-time */
81
+ locked_until?: string | null;
82
+ /** @description Permanent ban (manual admin action). Cannot be auto-lifted. */
83
+ is_banned?: boolean;
84
+ is_deleted?: boolean;
85
+ /** Format: date-time */
86
+ deleted_at?: string | null;
87
+ is_email_verified?: boolean;
88
+ is_phone_verified?: boolean;
89
+ is_2fa_enabled?: boolean;
90
+ is_staff?: boolean;
91
+ is_superuser?: boolean;
92
+ /**
93
+ * Format: int64
94
+ * @description Maximum concurrent sessions allowed (0 = unlimited)
95
+ */
96
+ max_sessions?: number;
97
+ /**
98
+ * Format: int64
99
+ * @description Maximum unique devices allowed (0 = unlimited)
100
+ */
101
+ max_devices?: number;
102
+ readonly roles: string[];
103
+ readonly permissions: string[];
104
+ /** Format: date-time */
105
+ readonly created_at: string;
106
+ /** Format: date-time */
107
+ readonly updated_at: string;
108
+ /** Format: date-time */
109
+ last_login?: string | null;
110
+ };
111
+ /** @description Lightweight serializer for admin user listing. */
112
+ AdminUserList: {
113
+ readonly id: string;
114
+ /** Format: email */
115
+ email?: string | null;
116
+ first_name?: string;
117
+ last_name?: string;
118
+ is_active?: boolean;
119
+ is_locked?: boolean;
120
+ /** @description Permanent ban (manual admin action). Cannot be auto-lifted. */
121
+ is_banned?: boolean;
122
+ is_deleted?: boolean;
123
+ is_email_verified?: boolean;
124
+ is_phone_verified?: boolean;
125
+ is_2fa_enabled?: boolean;
126
+ readonly roles: string[];
127
+ /** Format: date-time */
128
+ readonly created_at: string;
129
+ /** Format: date-time */
130
+ last_login?: string | null;
131
+ };
132
+ AgentConfirmRequest: {
133
+ /** @description Confirmation token de l'action */
134
+ token: string;
135
+ };
136
+ AgentErrorResponse: {
137
+ error: string;
138
+ code?: string;
139
+ };
140
+ AgentPendingActionList: {
141
+ id: number;
142
+ agent_id: string;
143
+ permission: string;
144
+ endpoint: string;
145
+ payload: {
146
+ [key: string]: unknown;
147
+ } | null;
148
+ confirmation_token: string;
149
+ /** Format: date-time */
150
+ expires_at: string;
151
+ /** Format: date-time */
152
+ created_at: string;
153
+ };
154
+ AgentReportUsageBudget: {
155
+ error: string;
156
+ status: string;
157
+ };
158
+ AgentReportUsageRequest: {
159
+ /**
160
+ * Format: double
161
+ * @description Coût en USD de la session
162
+ */
163
+ cost_usd: number;
164
+ /** @description Tokens prompt consommés */
165
+ prompt_tokens: number;
166
+ /** @description Tokens completion consommés */
167
+ completion_tokens: number;
168
+ };
169
+ AgentRevokeAllOk: {
170
+ status: string;
171
+ /** @description Nombre de tokens révoqués */
172
+ count: number;
173
+ };
174
+ AgentSuccessResponse: {
175
+ status: string;
176
+ };
177
+ AgentTokenCreateRequest: {
178
+ /** @description Identifiant de l'agent (ex: 'my-bot-v1') */
179
+ agent_id: string;
180
+ /** @description Durée de validité en secondes */
181
+ expires_in?: number;
182
+ /** @description Liste des permissions demandées */
183
+ permissions?: string[];
184
+ /** @description Slug organisation (alternatif à X-Org-Slug header) */
185
+ organization?: string;
186
+ /**
187
+ * Format: double
188
+ * @description Budget max en USD
189
+ */
190
+ budget_limit_usd?: number;
191
+ circuit_breaker?: {
192
+ [key: string]: unknown;
193
+ };
194
+ dead_mans_switch?: {
195
+ [key: string]: unknown;
196
+ };
197
+ };
198
+ AgentTokenCreated: {
199
+ id: number;
200
+ /** @description Token brut AgentBearer (secret, à stocker) */
201
+ token: string;
202
+ agent_id: string;
203
+ status: string;
204
+ /** Format: date-time */
205
+ expires_at: string;
206
+ };
207
+ AgentTokenDetail: {
208
+ id: number;
209
+ agent_id: string;
210
+ status: string;
211
+ /** Format: date-time */
212
+ expires_at: string;
213
+ /** Format: date-time */
214
+ created_at: string;
215
+ organization: string | null;
216
+ current_request_count: number;
217
+ };
218
+ AgentTokenList: {
219
+ id: number;
220
+ agent_id: string;
221
+ status: string;
222
+ /** Format: date-time */
223
+ expires_at: string;
224
+ /** Format: date-time */
225
+ created_at: string;
226
+ organization: string | null;
227
+ current_request_count: number;
228
+ };
229
+ /** @description Serializer pour afficher les applications (sans le secret) */
230
+ Application: {
231
+ readonly id: string;
232
+ name: string;
233
+ description?: string;
234
+ readonly access_key: string;
235
+ is_active?: boolean;
236
+ /** Format: date-time */
237
+ readonly created_at: string;
238
+ /** Format: date-time */
239
+ readonly updated_at: string;
240
+ };
241
+ /** @description Serializer pour créer une application */
242
+ ApplicationCreate: {
243
+ name: string;
244
+ /** @default */
245
+ description: string;
246
+ };
247
+ /** @description Serializer pour mettre à jour une application */
248
+ ApplicationUpdate: {
249
+ name?: string;
250
+ description?: string;
251
+ is_active?: boolean;
252
+ };
253
+ AssignRole: {
254
+ role_code: string;
255
+ };
256
+ /** @description Serializer for audit log entries. */
257
+ AuditLog: {
258
+ readonly id: string;
259
+ user?: number | null;
260
+ readonly user_email: string;
261
+ action: components["schemas"]["ActionEnum"];
262
+ ip_address?: string | null;
263
+ user_agent?: string;
264
+ application?: number | null;
265
+ readonly application_name: string;
266
+ details?: unknown;
267
+ /** Format: date-time */
268
+ readonly created_at: string;
269
+ };
270
+ /** @description Serializer for banning a user. */
271
+ BanUser: {
272
+ /**
273
+ * @description Reason for the ban (stored in audit log)
274
+ * @default
275
+ */
276
+ reason: string;
277
+ };
278
+ /** @description Serializer for blacklisted JWT tokens. */
279
+ BlacklistedToken: {
280
+ readonly id: string;
281
+ token_jti: string;
282
+ user?: number | null;
283
+ readonly user_email: string;
284
+ /** Format: date-time */
285
+ readonly blacklisted_at: string;
286
+ /** Format: date-time */
287
+ expires_at: string;
288
+ reason?: string;
289
+ readonly is_expired: string;
290
+ };
291
+ CancelAccountDeletion: {
292
+ /** @description Mot de passe actuel requis pour annulation */
293
+ password: string;
294
+ };
295
+ ChangePassword: {
296
+ current_password: string;
297
+ new_password: string;
298
+ };
299
+ /** @description Serializer for admin deletion request listing/detail. */
300
+ DeletionRequest: {
301
+ readonly id: string;
302
+ user: number;
303
+ readonly user_email: string;
304
+ status?: components["schemas"]["StatusEnum"];
305
+ /** Format: date-time */
306
+ readonly requested_at: string;
307
+ /** Format: date-time */
308
+ confirmed_at?: string | null;
309
+ /** Format: date-time */
310
+ grace_period_ends_at?: string | null;
311
+ /** Format: date-time */
312
+ completed_at?: string | null;
313
+ ip_address?: string | null;
314
+ /** @description Optional reason for deletion request */
315
+ reason?: string;
316
+ admin_notes?: string;
317
+ processed_by?: number | null;
318
+ readonly processed_by_email: string;
319
+ readonly is_grace_period_expired: string;
320
+ };
321
+ ExportUserData: {
322
+ /** @description Mot de passe actuel requis pour exporter les données */
323
+ password: string;
324
+ };
325
+ /** @description Serializer for locking a user account. */
326
+ LockUser: {
327
+ /**
328
+ * @description Lock duration in minutes (default: 30, max: 30 days)
329
+ * @default 30
330
+ */
331
+ duration_minutes: number;
332
+ /**
333
+ * @description Reason for the lock (stored in audit log)
334
+ * @default
335
+ */
336
+ reason: string;
337
+ };
338
+ /** @description Serializer for login attempt records. */
339
+ LoginAttempt: {
340
+ readonly id: string;
341
+ identifier: string;
342
+ ip_address: string;
343
+ application?: number | null;
344
+ success?: boolean;
345
+ failure_reason?: string;
346
+ /** Format: date-time */
347
+ readonly created_at: string;
348
+ };
349
+ LoginEmail: {
350
+ /** Format: email */
351
+ email: string;
352
+ password: string;
353
+ /** @description Code 2FA (requis si 2FA activé) */
354
+ totp_code?: string;
355
+ /**
356
+ * @description Device info au format v1 (ex: v=1|os=windows;osv=11|device=desktop)
357
+ * @default
358
+ */
359
+ device_info: string;
360
+ };
361
+ LoginPhone: {
362
+ phone_country_code: string;
363
+ phone_number: string;
364
+ password: string;
365
+ /** @description Code 2FA (requis si 2FA activé) */
366
+ totp_code?: string;
367
+ /**
368
+ * @description Device info au format v1 (ex: v=1|os=windows;osv=11|device=desktop)
369
+ * @default
370
+ */
371
+ device_info: string;
372
+ };
373
+ MagicLinkRequest: {
374
+ /**
375
+ * Format: email
376
+ * @description Adresse email pour recevoir le magic link
377
+ */
378
+ email: string;
379
+ /**
380
+ * Format: uri
381
+ * @description URL pour construire le lien de vérification (obligatoire)
382
+ */
383
+ validation_url: string;
384
+ };
385
+ ManageRolePermissions: {
386
+ /** @description Liste des codes de permissions à ajouter ou retirer */
387
+ permission_codes: string[];
388
+ };
389
+ /**
390
+ * @description * `email` - email
391
+ * * `phone` - phone
392
+ * @enum {string}
393
+ */
394
+ OtpTypeEnum: "email" | "phone";
395
+ PaginatedAdminUserListList: {
396
+ /**
397
+ * @description Total number of items
398
+ * @example 150
399
+ */
400
+ count: number;
401
+ /**
402
+ * @description Current page number
403
+ * @example 1
404
+ */
405
+ page?: number;
406
+ /**
407
+ * @description Items per page
408
+ * @example 20
409
+ */
410
+ page_size?: number;
411
+ /**
412
+ * @description Total number of pages
413
+ * @example 8
414
+ */
415
+ total_pages?: number;
416
+ /**
417
+ * Format: uri
418
+ * @description URL to the next page
419
+ */
420
+ next?: string | null;
421
+ /**
422
+ * Format: uri
423
+ * @description URL to the previous page
424
+ */
425
+ previous?: string | null;
426
+ results: components["schemas"]["AdminUserList"][];
427
+ };
428
+ PaginatedApplicationList: {
429
+ /**
430
+ * @description Total number of items
431
+ * @example 150
432
+ */
433
+ count: number;
434
+ /**
435
+ * @description Current page number
436
+ * @example 1
437
+ */
438
+ page?: number;
439
+ /**
440
+ * @description Items per page
441
+ * @example 20
442
+ */
443
+ page_size?: number;
444
+ /**
445
+ * @description Total number of pages
446
+ * @example 8
447
+ */
448
+ total_pages?: number;
449
+ /**
450
+ * Format: uri
451
+ * @description URL to the next page
452
+ */
453
+ next?: string | null;
454
+ /**
455
+ * Format: uri
456
+ * @description URL to the previous page
457
+ */
458
+ previous?: string | null;
459
+ results: components["schemas"]["Application"][];
460
+ };
461
+ PaginatedAuditLogList: {
462
+ /**
463
+ * @description Total number of items
464
+ * @example 150
465
+ */
466
+ count: number;
467
+ /**
468
+ * @description Current page number
469
+ * @example 1
470
+ */
471
+ page?: number;
472
+ /**
473
+ * @description Items per page
474
+ * @example 20
475
+ */
476
+ page_size?: number;
477
+ /**
478
+ * @description Total number of pages
479
+ * @example 8
480
+ */
481
+ total_pages?: number;
482
+ /**
483
+ * Format: uri
484
+ * @description URL to the next page
485
+ */
486
+ next?: string | null;
487
+ /**
488
+ * Format: uri
489
+ * @description URL to the previous page
490
+ */
491
+ previous?: string | null;
492
+ results: components["schemas"]["AuditLog"][];
493
+ };
494
+ PaginatedBlacklistedTokenList: {
495
+ /**
496
+ * @description Total number of items
497
+ * @example 150
498
+ */
499
+ count: number;
500
+ /**
501
+ * @description Current page number
502
+ * @example 1
503
+ */
504
+ page?: number;
505
+ /**
506
+ * @description Items per page
507
+ * @example 20
508
+ */
509
+ page_size?: number;
510
+ /**
511
+ * @description Total number of pages
512
+ * @example 8
513
+ */
514
+ total_pages?: number;
515
+ /**
516
+ * Format: uri
517
+ * @description URL to the next page
518
+ */
519
+ next?: string | null;
520
+ /**
521
+ * Format: uri
522
+ * @description URL to the previous page
523
+ */
524
+ previous?: string | null;
525
+ results: components["schemas"]["BlacklistedToken"][];
526
+ };
527
+ PaginatedLoginAttemptList: {
528
+ /**
529
+ * @description Total number of items
530
+ * @example 150
531
+ */
532
+ count: number;
533
+ /**
534
+ * @description Current page number
535
+ * @example 1
536
+ */
537
+ page?: number;
538
+ /**
539
+ * @description Items per page
540
+ * @example 20
541
+ */
542
+ page_size?: number;
543
+ /**
544
+ * @description Total number of pages
545
+ * @example 8
546
+ */
547
+ total_pages?: number;
548
+ /**
549
+ * Format: uri
550
+ * @description URL to the next page
551
+ */
552
+ next?: string | null;
553
+ /**
554
+ * Format: uri
555
+ * @description URL to the previous page
556
+ */
557
+ previous?: string | null;
558
+ results: components["schemas"]["LoginAttempt"][];
559
+ };
560
+ PaginatedPermissionList: {
561
+ /**
562
+ * @description Total number of items
563
+ * @example 150
564
+ */
565
+ count: number;
566
+ /**
567
+ * @description Current page number
568
+ * @example 1
569
+ */
570
+ page?: number;
571
+ /**
572
+ * @description Items per page
573
+ * @example 20
574
+ */
575
+ page_size?: number;
576
+ /**
577
+ * @description Total number of pages
578
+ * @example 8
579
+ */
580
+ total_pages?: number;
581
+ /**
582
+ * Format: uri
583
+ * @description URL to the next page
584
+ */
585
+ next?: string | null;
586
+ /**
587
+ * Format: uri
588
+ * @description URL to the previous page
589
+ */
590
+ previous?: string | null;
591
+ results: components["schemas"]["Permission"][];
592
+ };
593
+ PaginatedRefreshTokenAdminList: {
594
+ /**
595
+ * @description Total number of items
596
+ * @example 150
597
+ */
598
+ count: number;
599
+ /**
600
+ * @description Current page number
601
+ * @example 1
602
+ */
603
+ page?: number;
604
+ /**
605
+ * @description Items per page
606
+ * @example 20
607
+ */
608
+ page_size?: number;
609
+ /**
610
+ * @description Total number of pages
611
+ * @example 8
612
+ */
613
+ total_pages?: number;
614
+ /**
615
+ * Format: uri
616
+ * @description URL to the next page
617
+ */
618
+ next?: string | null;
619
+ /**
620
+ * Format: uri
621
+ * @description URL to the previous page
622
+ */
623
+ previous?: string | null;
624
+ results: components["schemas"]["RefreshTokenAdmin"][];
625
+ };
626
+ PaginatedRoleListList: {
627
+ /**
628
+ * @description Total number of items
629
+ * @example 150
630
+ */
631
+ count: number;
632
+ /**
633
+ * @description Current page number
634
+ * @example 1
635
+ */
636
+ page?: number;
637
+ /**
638
+ * @description Items per page
639
+ * @example 20
640
+ */
641
+ page_size?: number;
642
+ /**
643
+ * @description Total number of pages
644
+ * @example 8
645
+ */
646
+ total_pages?: number;
647
+ /**
648
+ * Format: uri
649
+ * @description URL to the next page
650
+ */
651
+ next?: string | null;
652
+ /**
653
+ * Format: uri
654
+ * @description URL to the previous page
655
+ */
656
+ previous?: string | null;
657
+ results: components["schemas"]["RoleList"][];
658
+ };
659
+ PasswordResetConfirm: {
660
+ code: string;
661
+ new_password: string;
662
+ };
663
+ PasswordResetRequest: {
664
+ /** Format: email */
665
+ email?: string;
666
+ phone_country_code?: string;
667
+ phone_number?: string;
668
+ };
669
+ PasswordStrengthRequest: {
670
+ password: string;
671
+ /** Format: email */
672
+ email?: string;
673
+ };
674
+ /** @description Serializer for admin user updates (partial). */
675
+ PatchedAdminUserUpdate: {
676
+ first_name?: string;
677
+ last_name?: string;
678
+ is_active?: boolean;
679
+ is_staff?: boolean;
680
+ is_superuser?: boolean;
681
+ max_sessions?: number;
682
+ max_devices?: number;
683
+ };
684
+ PatchedToggleApplicationStatus: {
685
+ /** @description Nouveau statut actif de l'application */
686
+ is_active?: boolean;
687
+ };
688
+ PatchedUpdateProfileRequest: {
689
+ /** @description Prénom (max 30 caractères) */
690
+ first_name?: string;
691
+ /** @description Nom (max 30 caractères) */
692
+ last_name?: string;
693
+ /** @description Nom d'utilisateur unique (alphanumérique + underscores) */
694
+ username?: string;
695
+ /** @description Numéro de téléphone au format international (+33612345678) */
696
+ phone?: string;
697
+ /** @description Biographie (max 500 caractères) */
698
+ bio?: string;
699
+ /** @description Fuseau horaire (ex: Europe/Paris, America/New_York) */
700
+ timezone?: string;
701
+ /** @description Langue préférée */
702
+ language?: string;
703
+ /** @description Champs personnalisés (selon configuration organisation) */
704
+ custom_fields?: {
705
+ [key: string]: unknown;
706
+ };
707
+ };
708
+ Permission: {
709
+ readonly id: string;
710
+ code: string;
711
+ name: string;
712
+ description?: string;
713
+ readonly parent: {
714
+ [key: string]: unknown;
715
+ } | null;
716
+ /** @description Code de la permission parente (hiérarchie) */
717
+ parent_code?: string | null;
718
+ readonly children: {
719
+ [key: string]: unknown;
720
+ }[];
721
+ /** Format: date-time */
722
+ readonly created_at: string;
723
+ };
724
+ ProcessDeletionRequest: {
725
+ /** @description Texte de confirmation "PERMANENTLY DELETE" */
726
+ confirmation: string;
727
+ /** @description Notes administratives optionnelles */
728
+ admin_notes?: string;
729
+ };
730
+ RefreshToken: {
731
+ refresh_token: string;
732
+ };
733
+ /** @description Serializer for refresh tokens (admin view, token value hidden). */
734
+ RefreshTokenAdmin: {
735
+ readonly id: string;
736
+ user: number;
737
+ readonly user_email: string;
738
+ application: number;
739
+ readonly application_name: string;
740
+ device_info?: string;
741
+ ip_address?: string | null;
742
+ is_revoked?: boolean;
743
+ readonly is_expired: string;
744
+ /** Format: date-time */
745
+ expires_at: string;
746
+ /** Format: date-time */
747
+ readonly created_at: string;
748
+ /** Format: date-time */
749
+ readonly last_used_at: string;
750
+ };
751
+ RegenerateApplicationCredentials: {
752
+ /** @description Texte de confirmation "REGENERATE" */
753
+ confirmation: string;
754
+ };
755
+ Register: {
756
+ /** Format: email */
757
+ email?: string | null;
758
+ phone_country_code?: string | null;
759
+ phone_number?: string | null;
760
+ password: string;
761
+ /** @default */
762
+ first_name: string;
763
+ /** @default */
764
+ last_name: string;
765
+ /**
766
+ * @description Si True, l'utilisateur est connecté immédiatement après l'inscription (tokens JWT retournés)
767
+ * @default false
768
+ */
769
+ login: boolean;
770
+ /**
771
+ * @description Device info au format v1 (ex: v=1|os=windows;osv=11|device=desktop)
772
+ * @default
773
+ */
774
+ device_info: string;
775
+ };
776
+ RequestAccountDeletion: {
777
+ /** @description Mot de passe actuel requis pour confirmation */
778
+ password: string;
779
+ /** @description Code OTP à 6 chiffres (requis si 2FA activé) */
780
+ otp_code?: string;
781
+ /** @description Raison optionnelle de la suppression */
782
+ reason?: string;
783
+ };
784
+ RequestOTP: {
785
+ otp_type: components["schemas"]["OtpTypeEnum"];
786
+ };
787
+ Role: {
788
+ readonly id: string;
789
+ code: string;
790
+ name: string;
791
+ description?: string;
792
+ readonly permissions: components["schemas"]["Permission"][];
793
+ permission_codes?: string[];
794
+ is_default?: boolean;
795
+ /** Format: date-time */
796
+ readonly created_at: string;
797
+ /** Format: date-time */
798
+ readonly updated_at: string;
799
+ };
800
+ /** @description Version allégée pour les listes */
801
+ RoleList: {
802
+ readonly id: string;
803
+ code: string;
804
+ name: string;
805
+ is_default?: boolean;
806
+ };
807
+ SocialAuthRequest: {
808
+ /** @description OAuth2 access token du provider */
809
+ access_token?: string;
810
+ /** @description Authorization code flow */
811
+ code?: string;
812
+ /** @description URI de redirection (requis avec code) */
813
+ redirect_uri?: string;
814
+ /** @description Google ID token uniquement */
815
+ id_token?: string;
816
+ /** @description Informations device (optionnel) */
817
+ device_info?: string;
818
+ };
819
+ SocialCallbackError: {
820
+ error: string;
821
+ code: string;
822
+ };
823
+ SocialCallbackRedirect: {
824
+ /** @description URL de redirection avec tokens en paramètres query */
825
+ location: string;
826
+ };
827
+ SocialCallbackResponse: {
828
+ access: string;
829
+ refresh: string;
830
+ provider: string;
831
+ is_new_user: boolean;
832
+ };
833
+ SocialCallbackUnauthorized: {
834
+ error: string;
835
+ code: string;
836
+ };
837
+ /**
838
+ * @description * `pending` - Pending
839
+ * * `confirmation_sent` - Confirmation Sent
840
+ * * `confirmed` - Confirmed
841
+ * * `completed` - Completed
842
+ * * `cancelled` - Cancelled
843
+ * @enum {string}
844
+ */
845
+ StatusEnum: "pending" | "confirmation_sent" | "confirmed" | "completed" | "cancelled";
846
+ TokenRequest: {
847
+ /** @description Confirmation token de l'action */
848
+ token: string;
849
+ };
850
+ TwoFactorBackupCodesRequest: {
851
+ /** @description Code TOTP à 6 chiffres pour validation */
852
+ code: string;
853
+ };
854
+ TwoFactorConfirmRequest: {
855
+ /** @description Code TOTP à 6 chiffres */
856
+ code: string;
857
+ };
858
+ TwoFactorDisableRequest: {
859
+ /** @description Code TOTP ou code de secours à 8 chiffres */
860
+ code: string;
861
+ /** @description Mot de passe de l'utilisateur pour confirmation */
862
+ password: string;
863
+ };
864
+ VerifyOTP: {
865
+ code: string;
866
+ };
867
+ WebAuthnAuthenticateBeginRequest: {
868
+ /**
869
+ * Format: email
870
+ * @description Optionnel — pour credentials utilisateur spécifiques
871
+ */
872
+ email?: string;
873
+ };
874
+ WebAuthnAuthenticateCompleteRequest: {
875
+ /** @description ID du challenge généré */
876
+ challenge_id: number;
877
+ /** @description Assertion WebAuthn du navigateur */
878
+ credential: {
879
+ [key: string]: unknown;
880
+ };
881
+ /** @description Informations sur le device (optionnel) */
882
+ device_info?: string;
883
+ };
884
+ WebAuthnRegisterCompleteRequest: {
885
+ /** @description ID du challenge généré */
886
+ challenge_id: number;
887
+ /** @description Credential WebAuthn du navigateur */
888
+ credential: {
889
+ [key: string]: unknown;
890
+ };
891
+ /** @description Nom optionnel du device */
892
+ device_name?: string;
893
+ };
894
+ User: {
895
+ /** Format: uuid */
896
+ id?: string;
897
+ email?: string;
898
+ phone_country_code?: string | null;
899
+ phone_number?: string | null;
900
+ first_name?: string;
901
+ last_name?: string;
902
+ is_email_verified?: boolean;
903
+ is_phone_verified?: boolean;
904
+ is_2fa_enabled?: boolean;
905
+ roles?: string[];
906
+ permissions?: string[];
907
+ /** Format: date-time */
908
+ created_at?: string;
909
+ /** Format: date-time */
910
+ last_login?: string | null;
911
+ };
912
+ };
913
+ responses: never;
914
+ parameters: never;
915
+ requestBodies: never;
916
+ headers: never;
917
+ pathItems: never;
918
+ }
919
+
920
+ type GeneratedSchema = components['schemas'];
921
+ /**
922
+ * Core User Interface exposed by the SDK.
923
+ * Represents the authenticated entity bound to the active session.
924
+ */
925
+ interface TenxyteUser {
926
+ id: string;
927
+ email: string | null;
928
+ phone_country_code: string | null;
929
+ phone_number: string | null;
930
+ first_name: string;
931
+ last_name: string;
932
+ is_email_verified: boolean;
933
+ is_phone_verified: boolean;
934
+ is_2fa_enabled: boolean;
935
+ roles: string[];
936
+ permissions: string[];
937
+ created_at: string;
938
+ last_login: string | null;
939
+ }
940
+ /**
941
+ * Standard SDK Token Pair (internal structure normalized by interceptors).
942
+ * These are managed automatically if auto-refresh is enabled.
943
+ */
944
+ interface TokenPair {
945
+ access_token: string;
946
+ refresh_token: string;
947
+ token_type: 'Bearer';
948
+ expires_in: number;
949
+ device_summary: string | null;
950
+ }
951
+ /**
952
+ * Standardized API Error Response wrapper thrown by network interceptors.
953
+ */
954
+ interface TenxyteError {
955
+ error: string;
956
+ code: TenxyteErrorCode;
957
+ details?: Record<string, string[]> | string;
958
+ retry_after?: number;
959
+ }
960
+ type TenxyteErrorCode = 'LOGIN_FAILED' | 'INVALID_CREDENTIALS' | 'ACCOUNT_LOCKED' | 'ACCOUNT_BANNED' | '2FA_REQUIRED' | 'ADMIN_2FA_SETUP_REQUIRED' | 'TOKEN_EXPIRED' | 'TOKEN_BLACKLISTED' | 'REFRESH_FAILED' | 'PERMISSION_DENIED' | 'SESSION_LIMIT_EXCEEDED' | 'DEVICE_LIMIT_EXCEEDED' | 'RATE_LIMITED' | 'INVALID_OTP' | 'OTP_EXPIRED' | 'INVALID_PROVIDER' | 'SOCIAL_AUTH_FAILED' | 'VALIDATION_URL_REQUIRED' | 'INVALID_TOKEN' | 'CONFIRMATION_REQUIRED' | 'PASSWORD_REQUIRED' | 'INVALID_PASSWORD' | 'INVALID_DEVICE_INFO' | 'ORG_NOT_FOUND' | 'NOT_ORG_MEMBER' | 'NOT_OWNER' | 'ALREADY_MEMBER' | 'MEMBER_LIMIT_EXCEEDED' | 'HAS_CHILDREN' | 'CIRCULAR_HIERARCHY' | 'LAST_OWNER_REQUIRED' | 'INVITATION_EXISTS' | 'INVALID_ROLE' | 'AGENT_NOT_FOUND' | 'AGENT_SUSPENDED' | 'AGENT_REVOKED' | 'AGENT_EXPIRED' | 'BUDGET_EXCEEDED' | 'RATE_LIMIT_EXCEEDED' | 'HEARTBEAT_MISSING' | 'AIRS_DISABLED';
961
+ /**
962
+ * Organization Structure defining a B2B tenant or hierarchical unit.
963
+ */
964
+ interface Organization {
965
+ id: number;
966
+ name: string;
967
+ slug: string;
968
+ description: string | null;
969
+ metadata: Record<string, unknown> | null;
970
+ is_active: boolean;
971
+ max_members: number;
972
+ member_count: number;
973
+ created_at: string;
974
+ updated_at: string;
975
+ parent: {
976
+ id: number;
977
+ name: string;
978
+ slug: string;
979
+ } | null;
980
+ children: Array<{
981
+ id: number;
982
+ name: string;
983
+ slug: string;
984
+ }>;
985
+ user_role: string | null;
986
+ user_permissions: string[];
987
+ }
988
+ /**
989
+ * Base Pagination Response wrapper
990
+ */
991
+ interface PaginatedResponse<T> {
992
+ count: number;
993
+ page: number;
994
+ page_size: number;
995
+ total_pages: number;
996
+ next: string | null;
997
+ previous: string | null;
998
+ results: T[];
999
+ }
1000
+ /**
1001
+ * AIRS Agent Token metadata
1002
+ */
1003
+ interface AgentTokenSummary {
1004
+ id: number;
1005
+ agent_id: string;
1006
+ status: 'ACTIVE' | 'SUSPENDED' | 'REVOKED' | 'EXPIRED';
1007
+ expires_at: string;
1008
+ created_at: string;
1009
+ organization: string | null;
1010
+ current_request_count: number;
1011
+ }
1012
+ /**
1013
+ * Request awaiting Human-In-The-Loop approval
1014
+ */
1015
+ interface AgentPendingAction {
1016
+ id: number;
1017
+ agent_id: string;
1018
+ permission: string;
1019
+ endpoint: string;
1020
+ payload: unknown;
1021
+ confirmation_token: string;
1022
+ expires_at: string;
1023
+ created_at: string;
1024
+ }
1025
+
1026
+ interface LoginEmailOptions {
1027
+ totp_code?: string;
1028
+ }
1029
+ interface LoginPhoneOptions {
1030
+ totp_code?: string;
1031
+ }
1032
+ type RegisterRequest = any;
1033
+ interface MagicLinkRequest {
1034
+ email: string;
1035
+ }
1036
+ interface SocialLoginRequest {
1037
+ access_token?: string;
1038
+ authorization_code?: string;
1039
+ id_token?: string;
1040
+ }
1041
+ declare class AuthModule {
1042
+ private client;
1043
+ constructor(client: TenxyteHttpClient);
1044
+ /**
1045
+ * Authenticate a user with their email and password.
1046
+ * @param data - The login credentials and optional TOTP code if 2FA is required.
1047
+ * @returns A pair of Access and Refresh tokens upon successful authentication.
1048
+ * @throws {TenxyteError} If credentials are invalid, or if `2FA_REQUIRED` without a valid `totp_code`.
1049
+ */
1050
+ loginWithEmail(data: GeneratedSchema['LoginEmail']): Promise<TokenPair>;
1051
+ /**
1052
+ * Authenticate a user with an international phone number and password.
1053
+ * @param data - The login credentials and optional TOTP code if 2FA is required.
1054
+ * @returns A pair of Access and Refresh tokens.
1055
+ */
1056
+ loginWithPhone(data: GeneratedSchema['LoginPhone']): Promise<TokenPair>;
1057
+ /**
1058
+ * Registers a new user account.
1059
+ * @param data - The registration details (email, password, etc.).
1060
+ * @returns The registered user data or a confirmation message.
1061
+ */
1062
+ register(data: RegisterRequest): Promise<any>;
1063
+ /**
1064
+ * Logout from the current session.
1065
+ * Informs the backend to immediately revoke the specified refresh token.
1066
+ * @param refreshToken - The refresh token to revoke.
1067
+ */
1068
+ logout(refreshToken: string): Promise<void>;
1069
+ /**
1070
+ * Logout from all sessions across all devices.
1071
+ * Revokes all refresh tokens currently assigned to the user.
1072
+ */
1073
+ logoutAll(): Promise<void>;
1074
+ /**
1075
+ * Request a Magic Link for passwordless sign-in.
1076
+ * @param data - The email to send the logic link to.
1077
+ */
1078
+ requestMagicLink(data: MagicLinkRequest): Promise<void>;
1079
+ /**
1080
+ * Verifies a magic link token extracted from the URL.
1081
+ * @param token - The cryptographic token received via email.
1082
+ * @returns A session token pair if the token is valid and unexpired.
1083
+ */
1084
+ verifyMagicLink(token: string): Promise<TokenPair>;
1085
+ /**
1086
+ * Submits OAuth2 Social Authentication payloads to the backend.
1087
+ * Can be used with native mobile SDK tokens (like Apple Sign-In JWTs).
1088
+ * @param provider - The OAuth provider ('google', 'github', etc.)
1089
+ * @param data - The OAuth tokens (access_token, id_token, etc.)
1090
+ * @returns An active session token pair.
1091
+ */
1092
+ loginWithSocial(provider: 'google' | 'github' | 'microsoft' | 'facebook', data: SocialLoginRequest): Promise<TokenPair>;
1093
+ /**
1094
+ * Handle Social Auth Callbacks (Authorization Code flow).
1095
+ * @param provider - The OAuth provider ('google', 'github', etc.)
1096
+ * @param code - The authorization code retrieved from the query string parameters.
1097
+ * @param redirectUri - The original redirect URI that was requested.
1098
+ * @returns An active session token pair after successful code exchange.
1099
+ */
1100
+ handleSocialCallback(provider: 'google' | 'github' | 'microsoft' | 'facebook', code: string, redirectUri: string): Promise<TokenPair>;
1101
+ }
1102
+
1103
+ declare class SecurityModule {
1104
+ private client;
1105
+ constructor(client: TenxyteHttpClient);
1106
+ /**
1107
+ * Get the current 2FA status for the authenticated user.
1108
+ * @returns Information about whether 2FA is enabled and how many backup codes remain.
1109
+ */
1110
+ get2FAStatus(): Promise<{
1111
+ is_enabled: boolean;
1112
+ backup_codes_remaining: number;
1113
+ }>;
1114
+ /**
1115
+ * Start the 2FA enrollment process.
1116
+ * @returns The secret key and QR code URL to be scanned by an Authenticator app.
1117
+ */
1118
+ setup2FA(): Promise<{
1119
+ message: string;
1120
+ secret: string;
1121
+ manual_entry_key: string;
1122
+ qr_code: string;
1123
+ provisioning_uri: string;
1124
+ backup_codes: string[];
1125
+ warning: string;
1126
+ }>;
1127
+ /**
1128
+ * Confirm the 2FA setup by providing the first TOTP code generated by the Authenticator app.
1129
+ * @param totpCode - The 6-digit code.
1130
+ */
1131
+ confirm2FA(totpCode: string): Promise<{
1132
+ message: string;
1133
+ is_enabled: boolean;
1134
+ enabled_at: string;
1135
+ }>;
1136
+ /**
1137
+ * Disable 2FA for the current user.
1138
+ * Usually requires re-authentication or providing the active password/totp code.
1139
+ * @param totpCode - The current 6-digit code to verify intent.
1140
+ * @param password - (Optional) The user's password if required by backend policy.
1141
+ */
1142
+ disable2FA(totpCode: string, password?: string): Promise<{
1143
+ message: string;
1144
+ is_enabled: boolean;
1145
+ disabled_at: string;
1146
+ backup_codes_invalidated: boolean;
1147
+ }>;
1148
+ /**
1149
+ * Invalidate old backup codes and explicitly generate a new batch.
1150
+ * @param totpCode - An active TOTP code to verify intent.
1151
+ */
1152
+ regenerateBackupCodes(totpCode: string): Promise<{
1153
+ message: string;
1154
+ backup_codes: string[];
1155
+ codes_count: number;
1156
+ generated_at?: string;
1157
+ warning: string;
1158
+ }>;
1159
+ /**
1160
+ * Request an OTP code to be dispatched to the user's primary contact method.
1161
+ * @param type - The channel type ('email' or 'phone').
1162
+ */
1163
+ requestOtp(type: 'email' | 'phone'): Promise<{
1164
+ message: string;
1165
+ otp_id: number;
1166
+ expires_at: string;
1167
+ channel: 'email' | 'phone';
1168
+ masked_recipient: string;
1169
+ }>;
1170
+ /**
1171
+ * Verify an email confirmation OTP.
1172
+ * @param code - The numeric code received via email.
1173
+ */
1174
+ verifyOtpEmail(code: string): Promise<{
1175
+ message: string;
1176
+ email_verified: boolean;
1177
+ verified_at: string;
1178
+ }>;
1179
+ /**
1180
+ * Verify a phone confirmation OTP (SMS dispatch).
1181
+ * @param code - The numeric code received via SMS.
1182
+ */
1183
+ verifyOtpPhone(code: string): Promise<{
1184
+ message: string;
1185
+ phone_verified: boolean;
1186
+ verified_at: string;
1187
+ phone_number: string;
1188
+ }>;
1189
+ /**
1190
+ * Triggers a password reset flow, dispatching an OTP to the target.
1191
+ * @param target - Either an email address or a phone configuration payload.
1192
+ */
1193
+ resetPasswordRequest(target: {
1194
+ email: string;
1195
+ } | {
1196
+ phone_country_code: string;
1197
+ phone_number: string;
1198
+ }): Promise<{
1199
+ message: string;
1200
+ }>;
1201
+ /**
1202
+ * Confirm a password reset using the OTP dispatched by `resetPasswordRequest`.
1203
+ * @param data - The OTP code and the new matching password fields.
1204
+ */
1205
+ resetPasswordConfirm(data: {
1206
+ email?: string;
1207
+ phone_country_code?: string;
1208
+ phone_number?: string;
1209
+ otp_code: string;
1210
+ new_password: string;
1211
+ confirm_password: string;
1212
+ }): Promise<{
1213
+ message: string;
1214
+ }>;
1215
+ /**
1216
+ * Change password for an already authenticated user.
1217
+ * @param currentPassword - The existing password to verify intent.
1218
+ * @param newPassword - The distinct new password.
1219
+ */
1220
+ changePassword(currentPassword: string, newPassword: string): Promise<{
1221
+ message: string;
1222
+ }>;
1223
+ /**
1224
+ * Evaluate the strength of a potential password against backend policies.
1225
+ * @param password - The password string to test.
1226
+ * @param email - (Optional) The user's email to ensure the password doesn't contain it.
1227
+ */
1228
+ checkPasswordStrength(password: string, email?: string): Promise<{
1229
+ score: number;
1230
+ strength: string;
1231
+ is_valid: boolean;
1232
+ errors: string[];
1233
+ requirements: {
1234
+ min_length: number;
1235
+ require_lowercase: boolean;
1236
+ require_uppercase: boolean;
1237
+ require_numbers: boolean;
1238
+ require_special: boolean;
1239
+ };
1240
+ }>;
1241
+ /**
1242
+ * Fetch the password complexity requirements enforced by the Tenxyte backend.
1243
+ */
1244
+ getPasswordRequirements(): Promise<{
1245
+ requirements: Record<string, boolean | number>;
1246
+ min_length: number;
1247
+ max_length: number;
1248
+ }>;
1249
+ /**
1250
+ * Register a new WebAuthn device (Passkey/Biometrics/Security Key) for the authenticated user.
1251
+ * Integrates transparently with the browser `navigator.credentials` API.
1252
+ * @param deviceName - Optional human-readable name for the device being registered.
1253
+ */
1254
+ registerWebAuthn(deviceName?: string): Promise<{
1255
+ message: string;
1256
+ credential: {
1257
+ id: number;
1258
+ device_name: string;
1259
+ created_at: string;
1260
+ };
1261
+ }>;
1262
+ /**
1263
+ * Authenticate via WebAuthn (Passkey) without requiring a password.
1264
+ * Integrates transparently with the browser `navigator.credentials` API.
1265
+ * @param email - The email address identifying the user account (optional if discoverable credentials are used).
1266
+ * @returns A session token pair and the user context upon successful cryptographic challenge verification.
1267
+ */
1268
+ authenticateWebAuthn(email?: string): Promise<{
1269
+ access: string;
1270
+ refresh: string;
1271
+ user: TenxyteUser;
1272
+ message: string;
1273
+ credential_used: string;
1274
+ }>;
1275
+ /**
1276
+ * List all registered WebAuthn credentials for the active user.
1277
+ */
1278
+ listWebAuthnCredentials(): Promise<{
1279
+ credentials: Array<{
1280
+ id: number;
1281
+ device_name: string;
1282
+ created_at: string;
1283
+ last_used_at: string | null;
1284
+ authenticator_type: string;
1285
+ is_resident_key: boolean;
1286
+ }>;
1287
+ count: number;
1288
+ }>;
1289
+ /**
1290
+ * Delete a specific WebAuthn credential, removing its capability to sign in.
1291
+ * @param credentialId - The internal ID of the credential to delete.
1292
+ */
1293
+ deleteWebAuthnCredential(credentialId: number): Promise<void>;
1294
+ }
1295
+
1296
+ interface Role {
1297
+ id: string;
1298
+ name: string;
1299
+ description?: string;
1300
+ is_default?: boolean;
1301
+ permissions?: string[];
1302
+ }
1303
+ interface Permission {
1304
+ id: string;
1305
+ code: string;
1306
+ name: string;
1307
+ description?: string;
1308
+ }
1309
+ declare class RbacModule {
1310
+ private client;
1311
+ private cachedToken;
1312
+ constructor(client: TenxyteHttpClient);
1313
+ /**
1314
+ * Cache a decoded JWT payload locally to perform parameter-less synchronous permission checks.
1315
+ * Usually invoked automatically by the system upon login or token refresh.
1316
+ * @param token - The raw JWT access token encoded string.
1317
+ */
1318
+ setToken(token: string | null): void;
1319
+ private getDecodedToken;
1320
+ /**
1321
+ * Synchronously deeply inspects the cached (or provided) JWT to determine if the user has a specific Role.
1322
+ * @param role - The exact code name of the Role.
1323
+ * @param token - (Optional) Provide a specific token overriding the cached one.
1324
+ */
1325
+ hasRole(role: string, token?: string): boolean;
1326
+ /**
1327
+ * Evaluates if the active session holds AT LEAST ONE of the listed Roles.
1328
+ * @param roles - An array of Role codes.
1329
+ */
1330
+ hasAnyRole(roles: string[], token?: string): boolean;
1331
+ /**
1332
+ * Evaluates if the active session holds ALL of the listed Roles concurrently.
1333
+ * @param roles - An array of Role codes.
1334
+ */
1335
+ hasAllRoles(roles: string[], token?: string): boolean;
1336
+ /**
1337
+ * Synchronously deeply inspects the cached (or provided) JWT to determine if the user has a specific granular Permission.
1338
+ * @param permission - The exact code name of the Permission (e.g., 'invoices.read').
1339
+ */
1340
+ hasPermission(permission: string, token?: string): boolean;
1341
+ /**
1342
+ * Evaluates if the active session holds AT LEAST ONE of the listed Permissions.
1343
+ */
1344
+ hasAnyPermission(permissions: string[], token?: string): boolean;
1345
+ /**
1346
+ * Evaluates if the active session holds ALL of the listed Permissions concurrently.
1347
+ */
1348
+ hasAllPermissions(permissions: string[], token?: string): boolean;
1349
+ /** Fetch all application global Roles structure */
1350
+ listRoles(): Promise<Role[]>;
1351
+ /** Create a new architectural Role inside Tenxyte */
1352
+ createRole(data: {
1353
+ name: string;
1354
+ description?: string;
1355
+ permission_codes?: string[];
1356
+ is_default?: boolean;
1357
+ }): Promise<Role>;
1358
+ /** Get detailed metadata defining a single bounded Role */
1359
+ getRole(roleId: string): Promise<Role>;
1360
+ /** Modify properties bounding a Role */
1361
+ updateRole(roleId: string, data: {
1362
+ name?: string;
1363
+ description?: string;
1364
+ permission_codes?: string[];
1365
+ is_default?: boolean;
1366
+ }): Promise<Role>;
1367
+ /** Unbind and destruct a Role from the global Tenant. (Dangerous, implies cascading permission unbindings) */
1368
+ deleteRole(roleId: string): Promise<void>;
1369
+ getRolePermissions(roleId: string): Promise<Permission[]>;
1370
+ addPermissionsToRole(roleId: string, permission_codes: string[]): Promise<void>;
1371
+ removePermissionsFromRole(roleId: string, permission_codes: string[]): Promise<void>;
1372
+ /** Enumerates all available fine-grained Permissions inside this Tenant scope. */
1373
+ listPermissions(): Promise<Permission[]>;
1374
+ /** Bootstraps a new granular Permission flag (e.g. `billing.refund`). */
1375
+ createPermission(data: {
1376
+ code: string;
1377
+ name: string;
1378
+ description?: string;
1379
+ parent_code?: string;
1380
+ }): Promise<Permission>;
1381
+ /** Retrieves an existing atomic Permission construct. */
1382
+ getPermission(permissionId: string): Promise<Permission>;
1383
+ /** Edits the human readable description or structural dependencies of a Permission. */
1384
+ updatePermission(permissionId: string, data: {
1385
+ name?: string;
1386
+ description?: string;
1387
+ }): Promise<Permission>;
1388
+ /** Destroys an atomic Permission permanently. Any Roles referencing it will be stripped of this grant automatically. */
1389
+ deletePermission(permissionId: string): Promise<void>;
1390
+ /**
1391
+ * Attach a given Role globally to a user entity.
1392
+ * Use sparingly if B2B multi-tenancy contexts are preferred.
1393
+ */
1394
+ assignRoleToUser(userId: string, roleCode: string): Promise<void>;
1395
+ /**
1396
+ * Unbind a global Role from a user entity.
1397
+ */
1398
+ removeRoleFromUser(userId: string, roleCode: string): Promise<void>;
1399
+ /**
1400
+ * Ad-Hoc directly attach specific granular Permissions to a single User, bypassing Role boundaries.
1401
+ */
1402
+ assignPermissionsToUser(userId: string, permissionCodes: string[]): Promise<void>;
1403
+ /**
1404
+ * Ad-Hoc strip direct granular Permissions bindings from a specific User.
1405
+ */
1406
+ removePermissionsFromUser(userId: string, permissionCodes: string[]): Promise<void>;
1407
+ }
1408
+
1409
+ interface UpdateProfileParams {
1410
+ first_name?: string;
1411
+ last_name?: string;
1412
+ [key: string]: any;
1413
+ }
1414
+ interface AdminUpdateUserParams {
1415
+ first_name?: string;
1416
+ last_name?: string;
1417
+ is_active?: boolean;
1418
+ is_locked?: boolean;
1419
+ max_sessions?: number;
1420
+ max_devices?: number;
1421
+ }
1422
+ declare class UserModule {
1423
+ private client;
1424
+ constructor(client: TenxyteHttpClient);
1425
+ /** Retrieve your current comprehensive Profile metadata matching the active network bearer token. */
1426
+ getProfile(): Promise<any>;
1427
+ /** Modify your active profile core details or injected application metadata. */
1428
+ updateProfile(data: UpdateProfileParams): Promise<any>;
1429
+ /**
1430
+ * Upload an avatar using FormData.
1431
+ * Ensure the environment supports FormData (browser or Node.js v18+).
1432
+ * @param formData The FormData object containing the 'avatar' field.
1433
+ */
1434
+ uploadAvatar(formData: FormData): Promise<any>;
1435
+ /**
1436
+ * Trigger self-deletion of an entire account data boundary.
1437
+ * @param password - Requires the active system password as destructive proof of intent.
1438
+ * @param otpCode - (Optional) If an OTP was queried prior to attempting account deletion.
1439
+ */
1440
+ deleteAccount(password: string, otpCode?: string): Promise<void>;
1441
+ /** (Admin only) Lists users paginated matching criteria. */
1442
+ listUsers(params?: Record<string, any>): Promise<any[]>;
1443
+ /** (Admin only) Gets deterministic data related to a remote unassociated user. */
1444
+ getUser(userId: string): Promise<any>;
1445
+ /** (Admin only) Modifies configuration/details or capacity bounds related to a remote unassociated user. */
1446
+ adminUpdateUser(userId: string, data: AdminUpdateUserParams): Promise<any>;
1447
+ /** (Admin only) Force obliterate a User boundary. Can affect relational database stability if not bound carefully. */
1448
+ adminDeleteUser(userId: string): Promise<void>;
1449
+ /** (Admin only) Apply a permanent suspension / ban state globally on a user token footprint. */
1450
+ banUser(userId: string, reason?: string): Promise<void>;
1451
+ /** (Admin only) Recover a user footprint from a global ban state. */
1452
+ unbanUser(userId: string): Promise<void>;
1453
+ /** (Admin only) Apply a temporary lock bounding block on a user interaction footprint. */
1454
+ lockUser(userId: string, durationMinutes?: number, reason?: string): Promise<void>;
1455
+ /** (Admin only) Releases an arbitrary temporary system lock placed on a user bounds. */
1456
+ unlockUser(userId: string): Promise<void>;
1457
+ }
1458
+
1459
+ interface OrgMembership {
1460
+ id: number;
1461
+ user_id: number;
1462
+ email: string;
1463
+ first_name: string;
1464
+ last_name: string;
1465
+ role: {
1466
+ code: string;
1467
+ name: string;
1468
+ };
1469
+ joined_at: string;
1470
+ }
1471
+ interface OrgTreeNode {
1472
+ id: number;
1473
+ name: string;
1474
+ slug: string;
1475
+ children: OrgTreeNode[];
1476
+ }
1477
+ declare class B2bModule {
1478
+ private client;
1479
+ private currentOrgSlug;
1480
+ constructor(client: TenxyteHttpClient);
1481
+ /**
1482
+ * Set the active Organization context.
1483
+ * Subsequent API requests will automatically include the `X-Org-Slug` header.
1484
+ * @param slug - The unique string identifier of the organization.
1485
+ */
1486
+ switchOrganization(slug: string): void;
1487
+ /**
1488
+ * Clear the active Organization context, dropping the `X-Org-Slug` header for standard User operations.
1489
+ */
1490
+ clearOrganization(): void;
1491
+ /** Get the currently active Organization slug context if set. */
1492
+ getCurrentOrganizationSlug(): string | null;
1493
+ /** Create a new top-level or child Organization in the backend. */
1494
+ createOrganization(data: {
1495
+ name: string;
1496
+ slug?: string;
1497
+ description?: string;
1498
+ parent_id?: number;
1499
+ metadata?: Record<string, unknown>;
1500
+ max_members?: number;
1501
+ }): Promise<Organization>;
1502
+ /** List organizations the currently authenticated user belongs to. */
1503
+ listMyOrganizations(params?: {
1504
+ search?: string;
1505
+ is_active?: boolean;
1506
+ parent?: string;
1507
+ ordering?: string;
1508
+ page?: number;
1509
+ page_size?: number;
1510
+ }): Promise<PaginatedResponse<Organization>>;
1511
+ /** Retrieve details about a specific organization by slug. */
1512
+ getOrganization(slug: string): Promise<Organization>;
1513
+ /** Update configuration and metadata of an Organization. */
1514
+ updateOrganization(slug: string, data: Partial<{
1515
+ name: string;
1516
+ slug: string;
1517
+ description: string;
1518
+ parent_id: number | null;
1519
+ metadata: Record<string, unknown>;
1520
+ max_members: number;
1521
+ is_active: boolean;
1522
+ }>): Promise<Organization>;
1523
+ /** Permanently delete an Organization. */
1524
+ deleteOrganization(slug: string): Promise<{
1525
+ message: string;
1526
+ }>;
1527
+ /** Retrieve the topology subtree extending downward from this point. */
1528
+ getOrganizationTree(slug: string): Promise<OrgTreeNode>;
1529
+ /** List users bound to a specific Organization. */
1530
+ listMembers(slug: string, params?: {
1531
+ search?: string;
1532
+ role?: 'owner' | 'admin' | 'member';
1533
+ status?: 'active' | 'inactive' | 'pending';
1534
+ ordering?: string;
1535
+ page?: number;
1536
+ page_size?: number;
1537
+ }): Promise<PaginatedResponse<OrgMembership>>;
1538
+ /** Add a user directly into an Organization with a designated role. */
1539
+ addMember(slug: string, data: {
1540
+ user_id: number;
1541
+ role_code: string;
1542
+ }): Promise<OrgMembership>;
1543
+ /** Evolve or demote an existing member's role within the Organization. */
1544
+ updateMemberRole(slug: string, userId: number, roleCode: string): Promise<OrgMembership>;
1545
+ /** Kick a user out of the Organization. */
1546
+ removeMember(slug: string, userId: number): Promise<{
1547
+ message: string;
1548
+ }>;
1549
+ /** Send an onboarding email invitation to join an Organization. */
1550
+ inviteMember(slug: string, data: {
1551
+ email: string;
1552
+ role_code: string;
1553
+ expires_in_days?: number;
1554
+ }): Promise<{
1555
+ id: number;
1556
+ email: string;
1557
+ role: string;
1558
+ token: string;
1559
+ expires_at: string;
1560
+ invited_by: {
1561
+ id: number;
1562
+ email: string;
1563
+ };
1564
+ organization: {
1565
+ id: number;
1566
+ name: string;
1567
+ slug: string;
1568
+ };
1569
+ }>;
1570
+ /** Fetch a definition matrix of what Organization-level roles can be assigned. */
1571
+ listOrgRoles(): Promise<Array<{
1572
+ code: string;
1573
+ name: string;
1574
+ description: string;
1575
+ weight: number;
1576
+ permissions: Array<{
1577
+ code: string;
1578
+ name: string;
1579
+ description: string;
1580
+ }>;
1581
+ is_system_role: boolean;
1582
+ created_at: string;
1583
+ }>>;
1584
+ }
1585
+
1586
+ declare class AiModule {
1587
+ private client;
1588
+ private agentToken;
1589
+ private traceId;
1590
+ constructor(client: TenxyteHttpClient);
1591
+ /**
1592
+ * Create an AgentToken granting specific deterministic limits to an AI Agent.
1593
+ */
1594
+ createAgentToken(data: {
1595
+ agent_id: string;
1596
+ permissions?: string[];
1597
+ expires_in?: number;
1598
+ organization?: string;
1599
+ budget_limit_usd?: number;
1600
+ circuit_breaker?: {
1601
+ max_requests?: number;
1602
+ window_seconds?: number;
1603
+ };
1604
+ dead_mans_switch?: {
1605
+ heartbeat_required_every?: number;
1606
+ };
1607
+ }): Promise<{
1608
+ id: number;
1609
+ token: string;
1610
+ agent_id: string;
1611
+ status: string;
1612
+ expires_at: string;
1613
+ }>;
1614
+ /**
1615
+ * Set the SDK to operate on behalf of an Agent using the generated Agent Token payload.
1616
+ * Overrides standard `Authorization` headers with `AgentBearer`.
1617
+ */
1618
+ setAgentToken(token: string): void;
1619
+ /** Disables the active Agent override and reverts to standard User session requests. */
1620
+ clearAgentToken(): void;
1621
+ /** Check if the SDK is currently mocking requests as an AI Agent. */
1622
+ isAgentMode(): boolean;
1623
+ /** List previously provisioned active Agent tokens. */
1624
+ listAgentTokens(): Promise<AgentTokenSummary[]>;
1625
+ /** Fetch the status and configuration of a specific AgentToken. */
1626
+ getAgentToken(tokenId: number): Promise<AgentTokenSummary>;
1627
+ /** Irreversibly revoke a targeted AgentToken from acting upon the Tenant. */
1628
+ revokeAgentToken(tokenId: number): Promise<{
1629
+ status: 'revoked';
1630
+ }>;
1631
+ /** Temporarily freeze an AgentToken by forcibly closing its Circuit Breaker. */
1632
+ suspendAgentToken(tokenId: number): Promise<{
1633
+ status: 'suspended';
1634
+ }>;
1635
+ /** Emergency kill-switch to wipe all operational Agent Tokens. */
1636
+ revokeAllAgentTokens(): Promise<{
1637
+ status: 'revoked';
1638
+ count: number;
1639
+ }>;
1640
+ /** Satisfy an Agent's Dead-Man's switch heartbeat requirement to prevent suspension. */
1641
+ sendHeartbeat(tokenId: number): Promise<{
1642
+ status: 'ok';
1643
+ }>;
1644
+ /** List intercepted HTTP 202 actions waiting for Human interaction / approval. */
1645
+ listPendingActions(): Promise<AgentPendingAction[]>;
1646
+ /** Complete a pending HITL authorization to finally flush the Agent action to backend systems. */
1647
+ confirmPendingAction(confirmationToken: string): Promise<{
1648
+ status: 'confirmed';
1649
+ }>;
1650
+ /** Block an Agent action permanently. */
1651
+ denyPendingAction(confirmationToken: string): Promise<{
1652
+ status: 'denied';
1653
+ }>;
1654
+ /** Start piping the `X-Prompt-Trace-ID` custom header outwards for tracing logs against LLM inputs. */
1655
+ setTraceId(traceId: string): void;
1656
+ /** Disable trace forwarding context. */
1657
+ clearTraceId(): void;
1658
+ /**
1659
+ * Report consumption costs associated with a backend invocation back to Tenxyte for strict circuit budgeting.
1660
+ * @param tokenId - AgentToken evaluating ID.
1661
+ * @param usage - Sunk token costs or explicit USD derivations.
1662
+ */
1663
+ reportUsage(tokenId: number, usage: {
1664
+ cost_usd: number;
1665
+ prompt_tokens: number;
1666
+ completion_tokens: number;
1667
+ }): Promise<{
1668
+ status: 'ok';
1669
+ } | {
1670
+ error: 'Budget exceeded';
1671
+ status: 'suspended';
1672
+ }>;
1673
+ }
1674
+
1675
+ /**
1676
+ * The primary entry point for the Tenxyte SDK.
1677
+ * Groups together logic for authentication, security, organization switching, and AI control.
1678
+ */
1679
+ declare class TenxyteClient {
1680
+ /** The core HTTP wrapper handling network interception and parsing */
1681
+ http: TenxyteHttpClient;
1682
+ /** Authentication module (Login, Signup, Magic link, session handling) */
1683
+ auth: AuthModule;
1684
+ /** Security module (2FA, WebAuthn, Passwords, OTPs) */
1685
+ security: SecurityModule;
1686
+ /** Role-Based Access Control and permission checking module */
1687
+ rbac: RbacModule;
1688
+ /** Connected user's profile and management module */
1689
+ user: UserModule;
1690
+ /** Business-to-Business organizations module (multi-tenant environments) */
1691
+ b2b: B2bModule;
1692
+ /** AIRS - AI Responsibility & Security module (Agent tokens, Circuit breakers, HITL) */
1693
+ ai: AiModule;
1694
+ /**
1695
+ * Initializes the SDK with connection details for your Tenxyte-powered API.
1696
+ * @param options Configuration options including `baseUrl` and custom headers like `X-Access-Key`
1697
+ *
1698
+ * @example
1699
+ * ```typescript
1700
+ * const tx = new TenxyteClient({
1701
+ * baseUrl: 'https://api.my-service.com',
1702
+ * headers: { 'X-Access-Key': 'pkg_abc123' }
1703
+ * });
1704
+ * ```
1705
+ */
1706
+ constructor(options: HttpClientOptions);
1707
+ }
1708
+
1709
+ export { type AdminUpdateUserParams, type AgentPendingAction, type AgentTokenSummary, AuthModule, type GeneratedSchema, type HttpClientOptions, type LoginEmailOptions, type LoginPhoneOptions, type MagicLinkRequest, type Organization, type PaginatedResponse, type Permission, RbacModule, type RegisterRequest, type RequestConfig, type Role, SecurityModule, type SocialLoginRequest, TenxyteClient, type TenxyteError, type TenxyteErrorCode, TenxyteHttpClient, type TenxyteUser, type TokenPair, type UpdateProfileParams, UserModule };