@tenxyte/core 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. package/dist/index.cjs +497 -0
  2. package/dist/index.cjs.map +1 -0
  3. package/dist/index.d.cts +1265 -0
  4. package/dist/index.d.ts +1265 -0
  5. package/dist/index.js +465 -0
  6. package/dist/index.js.map +1 -0
  7. package/package.json +67 -0
  8. package/patched-schema.json +11388 -0
  9. package/src/client.ts +21 -0
  10. package/src/config.ts +0 -0
  11. package/src/http/client.ts +162 -0
  12. package/src/http/index.ts +1 -0
  13. package/src/http/interceptors.ts +117 -0
  14. package/src/index.ts +7 -0
  15. package/src/modules/ai.ts +0 -0
  16. package/src/modules/auth.ts +95 -0
  17. package/src/modules/b2b.ts +0 -0
  18. package/src/modules/rbac.ts +160 -0
  19. package/src/modules/security.ts +122 -0
  20. package/src/modules/user.ts +80 -0
  21. package/src/storage/cookie.ts +39 -0
  22. package/src/storage/index.ts +29 -0
  23. package/src/storage/localStorage.ts +75 -0
  24. package/src/storage/memory.ts +30 -0
  25. package/src/types/api-schema.d.ts +6590 -0
  26. package/src/types/index.ts +150 -0
  27. package/src/utils/device_info.ts +94 -0
  28. package/src/utils/events.ts +71 -0
  29. package/src/utils/jwt.ts +51 -0
  30. package/tests/http.test.ts +144 -0
  31. package/tests/modules/auth.test.ts +93 -0
  32. package/tests/modules/rbac.test.ts +95 -0
  33. package/tests/modules/security.test.ts +75 -0
  34. package/tests/modules/user.test.ts +76 -0
  35. package/tests/storage.test.ts +96 -0
  36. package/tests/utils.test.ts +71 -0
  37. package/tsconfig.json +26 -0
  38. package/tsup.config.ts +10 -0
  39. package/vitest.config.ts +7 -0
package/dist/index.d.ts ADDED
@@ -0,0 +1,1265 @@
1
+ interface HttpClientOptions {
2
+ baseUrl: string;
3
+ timeoutMs?: number;
4
+ headers?: Record<string, string>;
5
+ }
6
+ type RequestConfig = Omit<RequestInit, 'body' | 'headers'> & {
7
+ body?: unknown;
8
+ headers?: Record<string, string>;
9
+ params?: Record<string, string | number | boolean>;
10
+ };
11
+ /**
12
+ * Core HTTP Client underlying the SDK.
13
+ * Handles JSON parsing, standard headers, simple request processing,
14
+ * and normalizing errors into TenxyteError format.
15
+ */
16
+ declare class TenxyteHttpClient {
17
+ private baseUrl;
18
+ private defaultHeaders;
19
+ private requestInterceptors;
20
+ private responseInterceptors;
21
+ constructor(options: HttpClientOptions);
22
+ addRequestInterceptor(interceptor: typeof this.requestInterceptors[0]): void;
23
+ addResponseInterceptor(interceptor: typeof this.responseInterceptors[0]): void;
24
+ /**
25
+ * Main request method wrapping fetch
26
+ */
27
+ request<T>(endpoint: string, config?: RequestConfig): Promise<T>;
28
+ private normalizeError;
29
+ get<T>(endpoint: string, config?: Omit<RequestConfig, 'method' | 'body'>): Promise<T>;
30
+ post<T>(endpoint: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'body'>): Promise<T>;
31
+ put<T>(endpoint: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'body'>): Promise<T>;
32
+ patch<T>(endpoint: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'body'>): Promise<T>;
33
+ delete<T>(endpoint: string, config?: Omit<RequestConfig, 'method' | 'body'>): Promise<T>;
34
+ }
35
+
36
+ interface components {
37
+ schemas: {
38
+ /**
39
+ * @description * `login` - Login
40
+ * * `login_failed` - Login Failed
41
+ * * `logout` - Logout
42
+ * * `logout_all` - Logout All Devices
43
+ * * `token_refresh` - Token Refresh
44
+ * * `password_change` - Password Changed
45
+ * * `password_reset_request` - Password Reset Requested
46
+ * * `password_reset_complete` - Password Reset Completed
47
+ * * `2fa_enabled` - 2FA Enabled
48
+ * * `2fa_disabled` - 2FA Disabled
49
+ * * `2fa_backup_used` - 2FA Backup Code Used
50
+ * * `account_created` - Account Created
51
+ * * `account_locked` - Account Locked
52
+ * * `account_unlocked` - Account Unlocked
53
+ * * `email_verified` - Email Verified
54
+ * * `phone_verified` - Phone Verified
55
+ * * `role_assigned` - Role Assigned
56
+ * * `role_removed` - Role Removed
57
+ * * `permission_changed` - Permission Changed
58
+ * * `app_created` - Application Created
59
+ * * `app_credentials_regenerated` - Application Credentials Regenerated
60
+ * * `account_deleted` - Account Deleted
61
+ * * `suspicious_activity` - Suspicious Activity Detected
62
+ * * `session_limit_exceeded` - Session Limit Exceeded
63
+ * * `device_limit_exceeded` - Device Limit Exceeded
64
+ * * `new_device_detected` - New Device Detected
65
+ * * `agent_action` - Agent Action Executed
66
+ * @enum {string}
67
+ */
68
+ ActionEnum: "login" | "login_failed" | "logout" | "logout_all" | "token_refresh" | "password_change" | "password_reset_request" | "password_reset_complete" | "2fa_enabled" | "2fa_disabled" | "2fa_backup_used" | "account_created" | "account_locked" | "account_unlocked" | "email_verified" | "phone_verified" | "role_assigned" | "role_removed" | "permission_changed" | "app_created" | "app_credentials_regenerated" | "account_deleted" | "suspicious_activity" | "session_limit_exceeded" | "device_limit_exceeded" | "new_device_detected" | "agent_action";
69
+ /** @description Full serializer for admin user detail view. */
70
+ AdminUserDetail: {
71
+ readonly id: string;
72
+ /** Format: email */
73
+ email?: string | null;
74
+ phone_country_code?: string | null;
75
+ phone_number?: string | null;
76
+ first_name?: string;
77
+ last_name?: string;
78
+ is_active?: boolean;
79
+ is_locked?: boolean;
80
+ /** Format: date-time */
81
+ locked_until?: string | null;
82
+ /** @description Permanent ban (manual admin action). Cannot be auto-lifted. */
83
+ is_banned?: boolean;
84
+ is_deleted?: boolean;
85
+ /** Format: date-time */
86
+ deleted_at?: string | null;
87
+ is_email_verified?: boolean;
88
+ is_phone_verified?: boolean;
89
+ is_2fa_enabled?: boolean;
90
+ is_staff?: boolean;
91
+ is_superuser?: boolean;
92
+ /**
93
+ * Format: int64
94
+ * @description Maximum concurrent sessions allowed (0 = unlimited)
95
+ */
96
+ max_sessions?: number;
97
+ /**
98
+ * Format: int64
99
+ * @description Maximum unique devices allowed (0 = unlimited)
100
+ */
101
+ max_devices?: number;
102
+ readonly roles: string[];
103
+ readonly permissions: string[];
104
+ /** Format: date-time */
105
+ readonly created_at: string;
106
+ /** Format: date-time */
107
+ readonly updated_at: string;
108
+ /** Format: date-time */
109
+ last_login?: string | null;
110
+ };
111
+ /** @description Lightweight serializer for admin user listing. */
112
+ AdminUserList: {
113
+ readonly id: string;
114
+ /** Format: email */
115
+ email?: string | null;
116
+ first_name?: string;
117
+ last_name?: string;
118
+ is_active?: boolean;
119
+ is_locked?: boolean;
120
+ /** @description Permanent ban (manual admin action). Cannot be auto-lifted. */
121
+ is_banned?: boolean;
122
+ is_deleted?: boolean;
123
+ is_email_verified?: boolean;
124
+ is_phone_verified?: boolean;
125
+ is_2fa_enabled?: boolean;
126
+ readonly roles: string[];
127
+ /** Format: date-time */
128
+ readonly created_at: string;
129
+ /** Format: date-time */
130
+ last_login?: string | null;
131
+ };
132
+ AgentConfirmRequest: {
133
+ /** @description Confirmation token de l'action */
134
+ token: string;
135
+ };
136
+ AgentErrorResponse: {
137
+ error: string;
138
+ code?: string;
139
+ };
140
+ AgentPendingActionList: {
141
+ id: number;
142
+ agent_id: string;
143
+ permission: string;
144
+ endpoint: string;
145
+ payload: {
146
+ [key: string]: unknown;
147
+ } | null;
148
+ confirmation_token: string;
149
+ /** Format: date-time */
150
+ expires_at: string;
151
+ /** Format: date-time */
152
+ created_at: string;
153
+ };
154
+ AgentReportUsageBudget: {
155
+ error: string;
156
+ status: string;
157
+ };
158
+ AgentReportUsageRequest: {
159
+ /**
160
+ * Format: double
161
+ * @description Coût en USD de la session
162
+ */
163
+ cost_usd: number;
164
+ /** @description Tokens prompt consommés */
165
+ prompt_tokens: number;
166
+ /** @description Tokens completion consommés */
167
+ completion_tokens: number;
168
+ };
169
+ AgentRevokeAllOk: {
170
+ status: string;
171
+ /** @description Nombre de tokens révoqués */
172
+ count: number;
173
+ };
174
+ AgentSuccessResponse: {
175
+ status: string;
176
+ };
177
+ AgentTokenCreateRequest: {
178
+ /** @description Identifiant de l'agent (ex: 'my-bot-v1') */
179
+ agent_id: string;
180
+ /** @description Durée de validité en secondes */
181
+ expires_in?: number;
182
+ /** @description Liste des permissions demandées */
183
+ permissions?: string[];
184
+ /** @description Slug organisation (alternatif à X-Org-Slug header) */
185
+ organization?: string;
186
+ /**
187
+ * Format: double
188
+ * @description Budget max en USD
189
+ */
190
+ budget_limit_usd?: number;
191
+ circuit_breaker?: {
192
+ [key: string]: unknown;
193
+ };
194
+ dead_mans_switch?: {
195
+ [key: string]: unknown;
196
+ };
197
+ };
198
+ AgentTokenCreated: {
199
+ id: number;
200
+ /** @description Token brut AgentBearer (secret, à stocker) */
201
+ token: string;
202
+ agent_id: string;
203
+ status: string;
204
+ /** Format: date-time */
205
+ expires_at: string;
206
+ };
207
+ AgentTokenDetail: {
208
+ id: number;
209
+ agent_id: string;
210
+ status: string;
211
+ /** Format: date-time */
212
+ expires_at: string;
213
+ /** Format: date-time */
214
+ created_at: string;
215
+ organization: string | null;
216
+ current_request_count: number;
217
+ };
218
+ AgentTokenList: {
219
+ id: number;
220
+ agent_id: string;
221
+ status: string;
222
+ /** Format: date-time */
223
+ expires_at: string;
224
+ /** Format: date-time */
225
+ created_at: string;
226
+ organization: string | null;
227
+ current_request_count: number;
228
+ };
229
+ /** @description Serializer pour afficher les applications (sans le secret) */
230
+ Application: {
231
+ readonly id: string;
232
+ name: string;
233
+ description?: string;
234
+ readonly access_key: string;
235
+ is_active?: boolean;
236
+ /** Format: date-time */
237
+ readonly created_at: string;
238
+ /** Format: date-time */
239
+ readonly updated_at: string;
240
+ };
241
+ /** @description Serializer pour créer une application */
242
+ ApplicationCreate: {
243
+ name: string;
244
+ /** @default */
245
+ description: string;
246
+ };
247
+ /** @description Serializer pour mettre à jour une application */
248
+ ApplicationUpdate: {
249
+ name?: string;
250
+ description?: string;
251
+ is_active?: boolean;
252
+ };
253
+ AssignRole: {
254
+ role_code: string;
255
+ };
256
+ /** @description Serializer for audit log entries. */
257
+ AuditLog: {
258
+ readonly id: string;
259
+ user?: number | null;
260
+ readonly user_email: string;
261
+ action: components["schemas"]["ActionEnum"];
262
+ ip_address?: string | null;
263
+ user_agent?: string;
264
+ application?: number | null;
265
+ readonly application_name: string;
266
+ details?: unknown;
267
+ /** Format: date-time */
268
+ readonly created_at: string;
269
+ };
270
+ /** @description Serializer for banning a user. */
271
+ BanUser: {
272
+ /**
273
+ * @description Reason for the ban (stored in audit log)
274
+ * @default
275
+ */
276
+ reason: string;
277
+ };
278
+ /** @description Serializer for blacklisted JWT tokens. */
279
+ BlacklistedToken: {
280
+ readonly id: string;
281
+ token_jti: string;
282
+ user?: number | null;
283
+ readonly user_email: string;
284
+ /** Format: date-time */
285
+ readonly blacklisted_at: string;
286
+ /** Format: date-time */
287
+ expires_at: string;
288
+ reason?: string;
289
+ readonly is_expired: string;
290
+ };
291
+ CancelAccountDeletion: {
292
+ /** @description Mot de passe actuel requis pour annulation */
293
+ password: string;
294
+ };
295
+ ChangePassword: {
296
+ current_password: string;
297
+ new_password: string;
298
+ };
299
+ /** @description Serializer for admin deletion request listing/detail. */
300
+ DeletionRequest: {
301
+ readonly id: string;
302
+ user: number;
303
+ readonly user_email: string;
304
+ status?: components["schemas"]["StatusEnum"];
305
+ /** Format: date-time */
306
+ readonly requested_at: string;
307
+ /** Format: date-time */
308
+ confirmed_at?: string | null;
309
+ /** Format: date-time */
310
+ grace_period_ends_at?: string | null;
311
+ /** Format: date-time */
312
+ completed_at?: string | null;
313
+ ip_address?: string | null;
314
+ /** @description Optional reason for deletion request */
315
+ reason?: string;
316
+ admin_notes?: string;
317
+ processed_by?: number | null;
318
+ readonly processed_by_email: string;
319
+ readonly is_grace_period_expired: string;
320
+ };
321
+ ExportUserData: {
322
+ /** @description Mot de passe actuel requis pour exporter les données */
323
+ password: string;
324
+ };
325
+ /** @description Serializer for locking a user account. */
326
+ LockUser: {
327
+ /**
328
+ * @description Lock duration in minutes (default: 30, max: 30 days)
329
+ * @default 30
330
+ */
331
+ duration_minutes: number;
332
+ /**
333
+ * @description Reason for the lock (stored in audit log)
334
+ * @default
335
+ */
336
+ reason: string;
337
+ };
338
+ /** @description Serializer for login attempt records. */
339
+ LoginAttempt: {
340
+ readonly id: string;
341
+ identifier: string;
342
+ ip_address: string;
343
+ application?: number | null;
344
+ success?: boolean;
345
+ failure_reason?: string;
346
+ /** Format: date-time */
347
+ readonly created_at: string;
348
+ };
349
+ LoginEmail: {
350
+ /** Format: email */
351
+ email: string;
352
+ password: string;
353
+ /** @description Code 2FA (requis si 2FA activé) */
354
+ totp_code?: string;
355
+ /**
356
+ * @description Device info au format v1 (ex: v=1|os=windows;osv=11|device=desktop)
357
+ * @default
358
+ */
359
+ device_info: string;
360
+ };
361
+ LoginPhone: {
362
+ phone_country_code: string;
363
+ phone_number: string;
364
+ password: string;
365
+ /** @description Code 2FA (requis si 2FA activé) */
366
+ totp_code?: string;
367
+ /**
368
+ * @description Device info au format v1 (ex: v=1|os=windows;osv=11|device=desktop)
369
+ * @default
370
+ */
371
+ device_info: string;
372
+ };
373
+ MagicLinkRequest: {
374
+ /**
375
+ * Format: email
376
+ * @description Adresse email pour recevoir le magic link
377
+ */
378
+ email: string;
379
+ /**
380
+ * Format: uri
381
+ * @description URL pour construire le lien de vérification (obligatoire)
382
+ */
383
+ validation_url: string;
384
+ };
385
+ ManageRolePermissions: {
386
+ /** @description Liste des codes de permissions à ajouter ou retirer */
387
+ permission_codes: string[];
388
+ };
389
+ /**
390
+ * @description * `email` - email
391
+ * * `phone` - phone
392
+ * @enum {string}
393
+ */
394
+ OtpTypeEnum: "email" | "phone";
395
+ PaginatedAdminUserListList: {
396
+ /**
397
+ * @description Total number of items
398
+ * @example 150
399
+ */
400
+ count: number;
401
+ /**
402
+ * @description Current page number
403
+ * @example 1
404
+ */
405
+ page?: number;
406
+ /**
407
+ * @description Items per page
408
+ * @example 20
409
+ */
410
+ page_size?: number;
411
+ /**
412
+ * @description Total number of pages
413
+ * @example 8
414
+ */
415
+ total_pages?: number;
416
+ /**
417
+ * Format: uri
418
+ * @description URL to the next page
419
+ */
420
+ next?: string | null;
421
+ /**
422
+ * Format: uri
423
+ * @description URL to the previous page
424
+ */
425
+ previous?: string | null;
426
+ results: components["schemas"]["AdminUserList"][];
427
+ };
428
+ PaginatedApplicationList: {
429
+ /**
430
+ * @description Total number of items
431
+ * @example 150
432
+ */
433
+ count: number;
434
+ /**
435
+ * @description Current page number
436
+ * @example 1
437
+ */
438
+ page?: number;
439
+ /**
440
+ * @description Items per page
441
+ * @example 20
442
+ */
443
+ page_size?: number;
444
+ /**
445
+ * @description Total number of pages
446
+ * @example 8
447
+ */
448
+ total_pages?: number;
449
+ /**
450
+ * Format: uri
451
+ * @description URL to the next page
452
+ */
453
+ next?: string | null;
454
+ /**
455
+ * Format: uri
456
+ * @description URL to the previous page
457
+ */
458
+ previous?: string | null;
459
+ results: components["schemas"]["Application"][];
460
+ };
461
+ PaginatedAuditLogList: {
462
+ /**
463
+ * @description Total number of items
464
+ * @example 150
465
+ */
466
+ count: number;
467
+ /**
468
+ * @description Current page number
469
+ * @example 1
470
+ */
471
+ page?: number;
472
+ /**
473
+ * @description Items per page
474
+ * @example 20
475
+ */
476
+ page_size?: number;
477
+ /**
478
+ * @description Total number of pages
479
+ * @example 8
480
+ */
481
+ total_pages?: number;
482
+ /**
483
+ * Format: uri
484
+ * @description URL to the next page
485
+ */
486
+ next?: string | null;
487
+ /**
488
+ * Format: uri
489
+ * @description URL to the previous page
490
+ */
491
+ previous?: string | null;
492
+ results: components["schemas"]["AuditLog"][];
493
+ };
494
+ PaginatedBlacklistedTokenList: {
495
+ /**
496
+ * @description Total number of items
497
+ * @example 150
498
+ */
499
+ count: number;
500
+ /**
501
+ * @description Current page number
502
+ * @example 1
503
+ */
504
+ page?: number;
505
+ /**
506
+ * @description Items per page
507
+ * @example 20
508
+ */
509
+ page_size?: number;
510
+ /**
511
+ * @description Total number of pages
512
+ * @example 8
513
+ */
514
+ total_pages?: number;
515
+ /**
516
+ * Format: uri
517
+ * @description URL to the next page
518
+ */
519
+ next?: string | null;
520
+ /**
521
+ * Format: uri
522
+ * @description URL to the previous page
523
+ */
524
+ previous?: string | null;
525
+ results: components["schemas"]["BlacklistedToken"][];
526
+ };
527
+ PaginatedLoginAttemptList: {
528
+ /**
529
+ * @description Total number of items
530
+ * @example 150
531
+ */
532
+ count: number;
533
+ /**
534
+ * @description Current page number
535
+ * @example 1
536
+ */
537
+ page?: number;
538
+ /**
539
+ * @description Items per page
540
+ * @example 20
541
+ */
542
+ page_size?: number;
543
+ /**
544
+ * @description Total number of pages
545
+ * @example 8
546
+ */
547
+ total_pages?: number;
548
+ /**
549
+ * Format: uri
550
+ * @description URL to the next page
551
+ */
552
+ next?: string | null;
553
+ /**
554
+ * Format: uri
555
+ * @description URL to the previous page
556
+ */
557
+ previous?: string | null;
558
+ results: components["schemas"]["LoginAttempt"][];
559
+ };
560
+ PaginatedPermissionList: {
561
+ /**
562
+ * @description Total number of items
563
+ * @example 150
564
+ */
565
+ count: number;
566
+ /**
567
+ * @description Current page number
568
+ * @example 1
569
+ */
570
+ page?: number;
571
+ /**
572
+ * @description Items per page
573
+ * @example 20
574
+ */
575
+ page_size?: number;
576
+ /**
577
+ * @description Total number of pages
578
+ * @example 8
579
+ */
580
+ total_pages?: number;
581
+ /**
582
+ * Format: uri
583
+ * @description URL to the next page
584
+ */
585
+ next?: string | null;
586
+ /**
587
+ * Format: uri
588
+ * @description URL to the previous page
589
+ */
590
+ previous?: string | null;
591
+ results: components["schemas"]["Permission"][];
592
+ };
593
+ PaginatedRefreshTokenAdminList: {
594
+ /**
595
+ * @description Total number of items
596
+ * @example 150
597
+ */
598
+ count: number;
599
+ /**
600
+ * @description Current page number
601
+ * @example 1
602
+ */
603
+ page?: number;
604
+ /**
605
+ * @description Items per page
606
+ * @example 20
607
+ */
608
+ page_size?: number;
609
+ /**
610
+ * @description Total number of pages
611
+ * @example 8
612
+ */
613
+ total_pages?: number;
614
+ /**
615
+ * Format: uri
616
+ * @description URL to the next page
617
+ */
618
+ next?: string | null;
619
+ /**
620
+ * Format: uri
621
+ * @description URL to the previous page
622
+ */
623
+ previous?: string | null;
624
+ results: components["schemas"]["RefreshTokenAdmin"][];
625
+ };
626
+ PaginatedRoleListList: {
627
+ /**
628
+ * @description Total number of items
629
+ * @example 150
630
+ */
631
+ count: number;
632
+ /**
633
+ * @description Current page number
634
+ * @example 1
635
+ */
636
+ page?: number;
637
+ /**
638
+ * @description Items per page
639
+ * @example 20
640
+ */
641
+ page_size?: number;
642
+ /**
643
+ * @description Total number of pages
644
+ * @example 8
645
+ */
646
+ total_pages?: number;
647
+ /**
648
+ * Format: uri
649
+ * @description URL to the next page
650
+ */
651
+ next?: string | null;
652
+ /**
653
+ * Format: uri
654
+ * @description URL to the previous page
655
+ */
656
+ previous?: string | null;
657
+ results: components["schemas"]["RoleList"][];
658
+ };
659
+ PasswordResetConfirm: {
660
+ code: string;
661
+ new_password: string;
662
+ };
663
+ PasswordResetRequest: {
664
+ /** Format: email */
665
+ email?: string;
666
+ phone_country_code?: string;
667
+ phone_number?: string;
668
+ };
669
+ PasswordStrengthRequest: {
670
+ password: string;
671
+ /** Format: email */
672
+ email?: string;
673
+ };
674
+ /** @description Serializer for admin user updates (partial). */
675
+ PatchedAdminUserUpdate: {
676
+ first_name?: string;
677
+ last_name?: string;
678
+ is_active?: boolean;
679
+ is_staff?: boolean;
680
+ is_superuser?: boolean;
681
+ max_sessions?: number;
682
+ max_devices?: number;
683
+ };
684
+ PatchedToggleApplicationStatus: {
685
+ /** @description Nouveau statut actif de l'application */
686
+ is_active?: boolean;
687
+ };
688
+ PatchedUpdateProfileRequest: {
689
+ /** @description Prénom (max 30 caractères) */
690
+ first_name?: string;
691
+ /** @description Nom (max 30 caractères) */
692
+ last_name?: string;
693
+ /** @description Nom d'utilisateur unique (alphanumérique + underscores) */
694
+ username?: string;
695
+ /** @description Numéro de téléphone au format international (+33612345678) */
696
+ phone?: string;
697
+ /** @description Biographie (max 500 caractères) */
698
+ bio?: string;
699
+ /** @description Fuseau horaire (ex: Europe/Paris, America/New_York) */
700
+ timezone?: string;
701
+ /** @description Langue préférée */
702
+ language?: string;
703
+ /** @description Champs personnalisés (selon configuration organisation) */
704
+ custom_fields?: {
705
+ [key: string]: unknown;
706
+ };
707
+ };
708
+ Permission: {
709
+ readonly id: string;
710
+ code: string;
711
+ name: string;
712
+ description?: string;
713
+ readonly parent: {
714
+ [key: string]: unknown;
715
+ } | null;
716
+ /** @description Code de la permission parente (hiérarchie) */
717
+ parent_code?: string | null;
718
+ readonly children: {
719
+ [key: string]: unknown;
720
+ }[];
721
+ /** Format: date-time */
722
+ readonly created_at: string;
723
+ };
724
+ ProcessDeletionRequest: {
725
+ /** @description Texte de confirmation "PERMANENTLY DELETE" */
726
+ confirmation: string;
727
+ /** @description Notes administratives optionnelles */
728
+ admin_notes?: string;
729
+ };
730
+ RefreshToken: {
731
+ refresh_token: string;
732
+ };
733
+ /** @description Serializer for refresh tokens (admin view, token value hidden). */
734
+ RefreshTokenAdmin: {
735
+ readonly id: string;
736
+ user: number;
737
+ readonly user_email: string;
738
+ application: number;
739
+ readonly application_name: string;
740
+ device_info?: string;
741
+ ip_address?: string | null;
742
+ is_revoked?: boolean;
743
+ readonly is_expired: string;
744
+ /** Format: date-time */
745
+ expires_at: string;
746
+ /** Format: date-time */
747
+ readonly created_at: string;
748
+ /** Format: date-time */
749
+ readonly last_used_at: string;
750
+ };
751
+ RegenerateApplicationCredentials: {
752
+ /** @description Texte de confirmation "REGENERATE" */
753
+ confirmation: string;
754
+ };
755
+ Register: {
756
+ /** Format: email */
757
+ email?: string | null;
758
+ phone_country_code?: string | null;
759
+ phone_number?: string | null;
760
+ password: string;
761
+ /** @default */
762
+ first_name: string;
763
+ /** @default */
764
+ last_name: string;
765
+ /**
766
+ * @description Si True, l'utilisateur est connecté immédiatement après l'inscription (tokens JWT retournés)
767
+ * @default false
768
+ */
769
+ login: boolean;
770
+ /**
771
+ * @description Device info au format v1 (ex: v=1|os=windows;osv=11|device=desktop)
772
+ * @default
773
+ */
774
+ device_info: string;
775
+ };
776
+ RequestAccountDeletion: {
777
+ /** @description Mot de passe actuel requis pour confirmation */
778
+ password: string;
779
+ /** @description Code OTP à 6 chiffres (requis si 2FA activé) */
780
+ otp_code?: string;
781
+ /** @description Raison optionnelle de la suppression */
782
+ reason?: string;
783
+ };
784
+ RequestOTP: {
785
+ otp_type: components["schemas"]["OtpTypeEnum"];
786
+ };
787
+ Role: {
788
+ readonly id: string;
789
+ code: string;
790
+ name: string;
791
+ description?: string;
792
+ readonly permissions: components["schemas"]["Permission"][];
793
+ permission_codes?: string[];
794
+ is_default?: boolean;
795
+ /** Format: date-time */
796
+ readonly created_at: string;
797
+ /** Format: date-time */
798
+ readonly updated_at: string;
799
+ };
800
+ /** @description Version allégée pour les listes */
801
+ RoleList: {
802
+ readonly id: string;
803
+ code: string;
804
+ name: string;
805
+ is_default?: boolean;
806
+ };
807
+ SocialAuthRequest: {
808
+ /** @description OAuth2 access token du provider */
809
+ access_token?: string;
810
+ /** @description Authorization code flow */
811
+ code?: string;
812
+ /** @description URI de redirection (requis avec code) */
813
+ redirect_uri?: string;
814
+ /** @description Google ID token uniquement */
815
+ id_token?: string;
816
+ /** @description Informations device (optionnel) */
817
+ device_info?: string;
818
+ };
819
+ SocialCallbackError: {
820
+ error: string;
821
+ code: string;
822
+ };
823
+ SocialCallbackRedirect: {
824
+ /** @description URL de redirection avec tokens en paramètres query */
825
+ location: string;
826
+ };
827
+ SocialCallbackResponse: {
828
+ access: string;
829
+ refresh: string;
830
+ provider: string;
831
+ is_new_user: boolean;
832
+ };
833
+ SocialCallbackUnauthorized: {
834
+ error: string;
835
+ code: string;
836
+ };
837
+ /**
838
+ * @description * `pending` - Pending
839
+ * * `confirmation_sent` - Confirmation Sent
840
+ * * `confirmed` - Confirmed
841
+ * * `completed` - Completed
842
+ * * `cancelled` - Cancelled
843
+ * @enum {string}
844
+ */
845
+ StatusEnum: "pending" | "confirmation_sent" | "confirmed" | "completed" | "cancelled";
846
+ TokenRequest: {
847
+ /** @description Confirmation token de l'action */
848
+ token: string;
849
+ };
850
+ TwoFactorBackupCodesRequest: {
851
+ /** @description Code TOTP à 6 chiffres pour validation */
852
+ code: string;
853
+ };
854
+ TwoFactorConfirmRequest: {
855
+ /** @description Code TOTP à 6 chiffres */
856
+ code: string;
857
+ };
858
+ TwoFactorDisableRequest: {
859
+ /** @description Code TOTP ou code de secours à 8 chiffres */
860
+ code: string;
861
+ /** @description Mot de passe de l'utilisateur pour confirmation */
862
+ password: string;
863
+ };
864
+ VerifyOTP: {
865
+ code: string;
866
+ };
867
+ WebAuthnAuthenticateBeginRequest: {
868
+ /**
869
+ * Format: email
870
+ * @description Optionnel — pour credentials utilisateur spécifiques
871
+ */
872
+ email?: string;
873
+ };
874
+ WebAuthnAuthenticateCompleteRequest: {
875
+ /** @description ID du challenge généré */
876
+ challenge_id: number;
877
+ /** @description Assertion WebAuthn du navigateur */
878
+ credential: {
879
+ [key: string]: unknown;
880
+ };
881
+ /** @description Informations sur le device (optionnel) */
882
+ device_info?: string;
883
+ };
884
+ WebAuthnRegisterCompleteRequest: {
885
+ /** @description ID du challenge généré */
886
+ challenge_id: number;
887
+ /** @description Credential WebAuthn du navigateur */
888
+ credential: {
889
+ [key: string]: unknown;
890
+ };
891
+ /** @description Nom optionnel du device */
892
+ device_name?: string;
893
+ };
894
+ User: {
895
+ /** Format: uuid */
896
+ id?: string;
897
+ email?: string;
898
+ phone_country_code?: string | null;
899
+ phone_number?: string | null;
900
+ first_name?: string;
901
+ last_name?: string;
902
+ is_email_verified?: boolean;
903
+ is_phone_verified?: boolean;
904
+ is_2fa_enabled?: boolean;
905
+ roles?: string[];
906
+ permissions?: string[];
907
+ /** Format: date-time */
908
+ created_at?: string;
909
+ /** Format: date-time */
910
+ last_login?: string | null;
911
+ };
912
+ };
913
+ responses: never;
914
+ parameters: never;
915
+ requestBodies: never;
916
+ headers: never;
917
+ pathItems: never;
918
+ }
919
+
920
+ type GeneratedSchema = components['schemas'];
921
+ /**
922
+ * Core User Interface exposed by the SDK.
923
+ */
924
+ interface TenxyteUser {
925
+ id: string;
926
+ email: string | null;
927
+ phone_country_code: string | null;
928
+ phone_number: string | null;
929
+ first_name: string;
930
+ last_name: string;
931
+ is_email_verified: boolean;
932
+ is_phone_verified: boolean;
933
+ is_2fa_enabled: boolean;
934
+ roles: string[];
935
+ permissions: string[];
936
+ created_at: string;
937
+ last_login: string | null;
938
+ }
939
+ /**
940
+ * Standard SDK Token Pair (internal structure normalized by interceptors)
941
+ */
942
+ interface TokenPair {
943
+ access_token: string;
944
+ refresh_token: string;
945
+ token_type: 'Bearer';
946
+ expires_in: number;
947
+ device_summary: string | null;
948
+ }
949
+ /**
950
+ * Standardized API Error Response wrapper
951
+ */
952
+ interface TenxyteError {
953
+ error: string;
954
+ code: TenxyteErrorCode;
955
+ details?: Record<string, string[]> | string;
956
+ retry_after?: number;
957
+ }
958
+ type TenxyteErrorCode = 'LOGIN_FAILED' | 'INVALID_CREDENTIALS' | 'ACCOUNT_LOCKED' | 'ACCOUNT_BANNED' | '2FA_REQUIRED' | 'ADMIN_2FA_SETUP_REQUIRED' | 'TOKEN_EXPIRED' | 'TOKEN_BLACKLISTED' | 'REFRESH_FAILED' | 'PERMISSION_DENIED' | 'SESSION_LIMIT_EXCEEDED' | 'DEVICE_LIMIT_EXCEEDED' | 'RATE_LIMITED' | 'INVALID_OTP' | 'OTP_EXPIRED' | 'INVALID_PROVIDER' | 'SOCIAL_AUTH_FAILED' | 'VALIDATION_URL_REQUIRED' | 'INVALID_TOKEN' | 'CONFIRMATION_REQUIRED' | 'PASSWORD_REQUIRED' | 'INVALID_PASSWORD' | 'INVALID_DEVICE_INFO' | 'ORG_NOT_FOUND' | 'NOT_ORG_MEMBER' | 'NOT_OWNER' | 'ALREADY_MEMBER' | 'MEMBER_LIMIT_EXCEEDED' | 'HAS_CHILDREN' | 'CIRCULAR_HIERARCHY' | 'LAST_OWNER_REQUIRED' | 'INVITATION_EXISTS' | 'INVALID_ROLE' | 'AGENT_NOT_FOUND' | 'AGENT_SUSPENDED' | 'AGENT_REVOKED' | 'AGENT_EXPIRED' | 'BUDGET_EXCEEDED' | 'RATE_LIMIT_EXCEEDED' | 'HEARTBEAT_MISSING' | 'AIRS_DISABLED';
959
+ /**
960
+ * Organization Structure
961
+ */
962
+ interface Organization {
963
+ id: number;
964
+ name: string;
965
+ slug: string;
966
+ description: string | null;
967
+ metadata: Record<string, unknown> | null;
968
+ is_active: boolean;
969
+ max_members: number;
970
+ member_count: number;
971
+ created_at: string;
972
+ updated_at: string;
973
+ parent: {
974
+ id: number;
975
+ name: string;
976
+ slug: string;
977
+ } | null;
978
+ children: Array<{
979
+ id: number;
980
+ name: string;
981
+ slug: string;
982
+ }>;
983
+ user_role: string | null;
984
+ user_permissions: string[];
985
+ }
986
+ /**
987
+ * Base Pagination Response wrapper
988
+ */
989
+ interface PaginatedResponse<T> {
990
+ count: number;
991
+ page: number;
992
+ page_size: number;
993
+ total_pages: number;
994
+ next: string | null;
995
+ previous: string | null;
996
+ results: T[];
997
+ }
998
+ /**
999
+ * AIRS Agent Token metadata
1000
+ */
1001
+ interface AgentTokenSummary {
1002
+ id: number;
1003
+ agent_id: string;
1004
+ status: 'ACTIVE' | 'SUSPENDED' | 'REVOKED' | 'EXPIRED';
1005
+ expires_at: string;
1006
+ created_at: string;
1007
+ organization: string | null;
1008
+ current_request_count: number;
1009
+ }
1010
+ /**
1011
+ * Request awaiting Human-In-The-Loop approval
1012
+ */
1013
+ interface AgentPendingAction {
1014
+ id: number;
1015
+ agent_id: string;
1016
+ permission: string;
1017
+ endpoint: string;
1018
+ payload: unknown;
1019
+ confirmation_token: string;
1020
+ expires_at: string;
1021
+ created_at: string;
1022
+ }
1023
+
1024
+ interface LoginEmailOptions {
1025
+ totp_code?: string;
1026
+ }
1027
+ interface LoginPhoneOptions {
1028
+ totp_code?: string;
1029
+ }
1030
+ type RegisterRequest = any;
1031
+ interface MagicLinkRequest {
1032
+ email: string;
1033
+ }
1034
+ interface SocialLoginRequest {
1035
+ access_token?: string;
1036
+ authorization_code?: string;
1037
+ id_token?: string;
1038
+ }
1039
+ declare class AuthModule {
1040
+ private client;
1041
+ constructor(client: TenxyteHttpClient);
1042
+ /**
1043
+ * Authenticate user with email and password
1044
+ */
1045
+ loginWithEmail(data: GeneratedSchema['LoginEmail']): Promise<TokenPair>;
1046
+ /**
1047
+ * Authenticate user with international phone number and password
1048
+ */
1049
+ loginWithPhone(data: GeneratedSchema['LoginPhone']): Promise<TokenPair>;
1050
+ /**
1051
+ * Register a new user
1052
+ */
1053
+ register(data: RegisterRequest): Promise<any>;
1054
+ /**
1055
+ * Logout from the current session
1056
+ */
1057
+ logout(refreshToken: string): Promise<void>;
1058
+ /**
1059
+ * Logout from all sessions (revokes all refresh tokens)
1060
+ */
1061
+ logoutAll(): Promise<void>;
1062
+ /**
1063
+ * Request a magic link for sign-in
1064
+ */
1065
+ requestMagicLink(data: MagicLinkRequest): Promise<void>;
1066
+ /**
1067
+ * Verify a magic link token
1068
+ */
1069
+ verifyMagicLink(token: string): Promise<TokenPair>;
1070
+ /**
1071
+ * Perform OAuth2 Social Authentication (e.g. Google, GitHub)
1072
+ */
1073
+ loginWithSocial(provider: 'google' | 'github' | 'microsoft' | 'facebook', data: SocialLoginRequest): Promise<TokenPair>;
1074
+ /**
1075
+ * Handle Social Auth Callback (authorization code flow)
1076
+ */
1077
+ handleSocialCallback(provider: 'google' | 'github' | 'microsoft' | 'facebook', code: string, redirectUri: string): Promise<TokenPair>;
1078
+ }
1079
+
1080
+ interface OtpRequestParams {
1081
+ email?: string;
1082
+ phone_country_code?: string;
1083
+ phone_number?: string;
1084
+ type: 'email_verification' | 'phone_verification' | 'password_reset';
1085
+ }
1086
+ interface VerifyOtpEmailParams {
1087
+ email: string;
1088
+ code: string;
1089
+ }
1090
+ interface VerifyOtpPhoneParams {
1091
+ phone_country_code: string;
1092
+ phone_number: string;
1093
+ code: string;
1094
+ }
1095
+ interface Setup2FAResponse {
1096
+ qr_code_url: string;
1097
+ secret: string;
1098
+ backup_codes: string[];
1099
+ }
1100
+ interface WebAuthnRegisterBeginResponse {
1101
+ publicKey: any;
1102
+ }
1103
+ interface WebAuthnAuthenticateBeginResponse {
1104
+ publicKey: any;
1105
+ }
1106
+ declare class SecurityModule {
1107
+ private client;
1108
+ constructor(client: TenxyteHttpClient);
1109
+ requestOtp(data: OtpRequestParams): Promise<void>;
1110
+ verifyOtpEmail(data: VerifyOtpEmailParams): Promise<void>;
1111
+ verifyOtpPhone(data: VerifyOtpPhoneParams): Promise<void>;
1112
+ get2FAStatus(): Promise<{
1113
+ is_enabled: boolean;
1114
+ backup_codes_remaining: number;
1115
+ }>;
1116
+ setup2FA(): Promise<Setup2FAResponse>;
1117
+ confirm2FA(totp_code: string): Promise<void>;
1118
+ disable2FA(totp_code: string, password?: string): Promise<void>;
1119
+ regenerateBackupCodes(totp_code: string): Promise<{
1120
+ backup_codes: string[];
1121
+ }>;
1122
+ resetPasswordRequest(data: {
1123
+ email?: string;
1124
+ phone_country_code?: string;
1125
+ phone_number?: string;
1126
+ }): Promise<void>;
1127
+ resetPasswordConfirm(data: {
1128
+ otp_code: string;
1129
+ new_password: string;
1130
+ email?: string;
1131
+ phone_country_code?: string;
1132
+ phone_number?: string;
1133
+ }): Promise<void>;
1134
+ changePassword(data: {
1135
+ current_password: string;
1136
+ new_password: string;
1137
+ }): Promise<void>;
1138
+ checkPasswordStrength(data: {
1139
+ password: string;
1140
+ email?: string;
1141
+ }): Promise<{
1142
+ score: number;
1143
+ feedback: string[];
1144
+ }>;
1145
+ getPasswordRequirements(): Promise<any>;
1146
+ registerWebAuthnBegin(): Promise<WebAuthnRegisterBeginResponse>;
1147
+ registerWebAuthnComplete(data: any): Promise<void>;
1148
+ authenticateWebAuthnBegin(data?: {
1149
+ email?: string;
1150
+ }): Promise<WebAuthnAuthenticateBeginResponse>;
1151
+ authenticateWebAuthnComplete(data: any): Promise<TokenPair>;
1152
+ listWebAuthnCredentials(): Promise<any[]>;
1153
+ deleteWebAuthnCredential(credentialId: string): Promise<void>;
1154
+ }
1155
+
1156
+ interface Role {
1157
+ id: string;
1158
+ name: string;
1159
+ description?: string;
1160
+ is_default?: boolean;
1161
+ permissions?: string[];
1162
+ }
1163
+ interface Permission {
1164
+ id: string;
1165
+ code: string;
1166
+ name: string;
1167
+ description?: string;
1168
+ }
1169
+ declare class RbacModule {
1170
+ private client;
1171
+ private cachedToken;
1172
+ constructor(client: TenxyteHttpClient);
1173
+ /**
1174
+ * Cache a token to use for parameter-less synchronous checks.
1175
+ */
1176
+ setToken(token: string | null): void;
1177
+ private getDecodedToken;
1178
+ hasRole(role: string, token?: string): boolean;
1179
+ hasAnyRole(roles: string[], token?: string): boolean;
1180
+ hasAllRoles(roles: string[], token?: string): boolean;
1181
+ hasPermission(permission: string, token?: string): boolean;
1182
+ hasAnyPermission(permissions: string[], token?: string): boolean;
1183
+ hasAllPermissions(permissions: string[], token?: string): boolean;
1184
+ listRoles(): Promise<Role[]>;
1185
+ createRole(data: {
1186
+ name: string;
1187
+ description?: string;
1188
+ permission_codes?: string[];
1189
+ is_default?: boolean;
1190
+ }): Promise<Role>;
1191
+ getRole(roleId: string): Promise<Role>;
1192
+ updateRole(roleId: string, data: {
1193
+ name?: string;
1194
+ description?: string;
1195
+ permission_codes?: string[];
1196
+ is_default?: boolean;
1197
+ }): Promise<Role>;
1198
+ deleteRole(roleId: string): Promise<void>;
1199
+ getRolePermissions(roleId: string): Promise<Permission[]>;
1200
+ addPermissionsToRole(roleId: string, permission_codes: string[]): Promise<void>;
1201
+ removePermissionsFromRole(roleId: string, permission_codes: string[]): Promise<void>;
1202
+ listPermissions(): Promise<Permission[]>;
1203
+ createPermission(data: {
1204
+ code: string;
1205
+ name: string;
1206
+ description?: string;
1207
+ parent_code?: string;
1208
+ }): Promise<Permission>;
1209
+ getPermission(permissionId: string): Promise<Permission>;
1210
+ updatePermission(permissionId: string, data: {
1211
+ name?: string;
1212
+ description?: string;
1213
+ }): Promise<Permission>;
1214
+ deletePermission(permissionId: string): Promise<void>;
1215
+ assignRoleToUser(userId: string, roleCode: string): Promise<void>;
1216
+ removeRoleFromUser(userId: string, roleCode: string): Promise<void>;
1217
+ assignPermissionsToUser(userId: string, permissionCodes: string[]): Promise<void>;
1218
+ removePermissionsFromUser(userId: string, permissionCodes: string[]): Promise<void>;
1219
+ }
1220
+
1221
+ interface UpdateProfileParams {
1222
+ first_name?: string;
1223
+ last_name?: string;
1224
+ [key: string]: any;
1225
+ }
1226
+ interface AdminUpdateUserParams {
1227
+ first_name?: string;
1228
+ last_name?: string;
1229
+ is_active?: boolean;
1230
+ is_locked?: boolean;
1231
+ max_sessions?: number;
1232
+ max_devices?: number;
1233
+ }
1234
+ declare class UserModule {
1235
+ private client;
1236
+ constructor(client: TenxyteHttpClient);
1237
+ getProfile(): Promise<any>;
1238
+ updateProfile(data: UpdateProfileParams): Promise<any>;
1239
+ /**
1240
+ * Upload an avatar using FormData.
1241
+ * Ensure the environment supports FormData (browser or Node.js v18+).
1242
+ * @param formData The FormData object containing the 'avatar' field.
1243
+ */
1244
+ uploadAvatar(formData: FormData): Promise<any>;
1245
+ deleteAccount(password: string, otpCode?: string): Promise<void>;
1246
+ listUsers(params?: Record<string, any>): Promise<any[]>;
1247
+ getUser(userId: string): Promise<any>;
1248
+ adminUpdateUser(userId: string, data: AdminUpdateUserParams): Promise<any>;
1249
+ adminDeleteUser(userId: string): Promise<void>;
1250
+ banUser(userId: string, reason?: string): Promise<void>;
1251
+ unbanUser(userId: string): Promise<void>;
1252
+ lockUser(userId: string, durationMinutes?: number, reason?: string): Promise<void>;
1253
+ unlockUser(userId: string): Promise<void>;
1254
+ }
1255
+
1256
+ declare class TenxyteClient {
1257
+ http: TenxyteHttpClient;
1258
+ auth: AuthModule;
1259
+ security: SecurityModule;
1260
+ rbac: RbacModule;
1261
+ user: UserModule;
1262
+ constructor(options: HttpClientOptions);
1263
+ }
1264
+
1265
+ export { type AdminUpdateUserParams, type AgentPendingAction, type AgentTokenSummary, AuthModule, type GeneratedSchema, type HttpClientOptions, type LoginEmailOptions, type LoginPhoneOptions, type MagicLinkRequest, type Organization, type OtpRequestParams, type PaginatedResponse, type Permission, RbacModule, type RegisterRequest, type RequestConfig, type Role, SecurityModule, type Setup2FAResponse, type SocialLoginRequest, TenxyteClient, type TenxyteError, type TenxyteErrorCode, TenxyteHttpClient, type TenxyteUser, type TokenPair, type UpdateProfileParams, UserModule, type VerifyOtpEmailParams, type VerifyOtpPhoneParams, type WebAuthnAuthenticateBeginResponse, type WebAuthnRegisterBeginResponse };