corsair 0.1.88 → 0.1.89

package/dist/chunk-XLNT2UI2.js

@@ -0,0 +1 @@
+var c=class extends Error{status;code;extra;constructor(o,i,t,r={}){super(t),this.name="CorsairClientError",this.status=o,this.code=i,this.extra=r}};function g(e){return e.endsWith("/")?e.slice(0,-1):e}async function m(e){let o={};try{o=await e.json()}catch{}let i=typeof o.error=="string"?o.error:"request_failed",t=typeof o.message=="string"?o.message:`Request failed (${e.status})`,{error:r,message:u,...n}=o;return new c(e.status,i,t,n)}function k(e){let o=g(e.baseURL),i=e.fetch??((...n)=>globalThis.fetch(...n));async function t(n,s){let a=s&&Object.keys(s).length?`?${new URLSearchParams(s).toString()}`:"",l=await i(`${o}${n}${a}`,{method:"GET"});if(!l.ok)throw await m(l);return await l.json()}async function r(n,s){let a=await i(`${o}${n}`,{method:"POST",headers:{"content-type":"application/json"},body:JSON.stringify(s)});if(!a.ok)throw await m(a);return await a.json()}let u=encodeURIComponent;return{ok:()=>t("/ok"),tenants:{list:()=>t("/tenants"),create:n=>r("/tenants",n),get:n=>t(`/tenants/${u(n)}`)},plugins:{list:()=>t("/plugins"),get:n=>t(`/plugins/${u(n)}`)},connectionStatus:{get:n=>{let s={};return n?.tenantId&&(s.tenantId=n.tenantId),t("/connection-status",s)}},permissions:{get:n=>"id"in n?t(`/permissions/${u(n.id)}`):r("/permissions/lookup-by-token",{token:n.token})},connect:{createLink:n=>r("/connect/links",n),resolve:n=>t("/connect/resolve",{state:n}),oauthCallback:n=>r("/connect/oauth/callback",n)}}}export{c as a,k as b};

package/dist/client/react/index.d.ts

@@ -0,0 +1,76 @@
+import { T as Tenant, C as CreateTenantInput, P as PluginInfo, a as ConnectionStatus, b as PermissionRecord, c as ConnectLink, d as CreateConnectLinkInput, O as OAuthCallbackResult, e as OAuthCallbackInput } from '../../types-BswoTGV5.js';
+export { f as PermissionLookupInput } from '../../types-BswoTGV5.js';
+import { C as CorsairClientOptions, a as CorsairManagementClient } from '../../types-DoUHxHNl.js';
+import '../../index-ggMa1Rj6.js';
+import 'zod';
+import '../../constants-CE0V2QbI.js';
+
+type AsyncState<T> = {
+    status: 'idle';
+    data: null;
+    error: null;
+    loading: false;
+} | {
+    status: 'loading';
+    data: null;
+    error: null;
+    loading: true;
+} | {
+    status: 'success';
+    data: T;
+    error: null;
+    loading: false;
+} | {
+    status: 'error';
+    data: null;
+    error: Error;
+    loading: false;
+};
+type CorsairReactClientOptions = CorsairClientOptions;
+declare function createCorsairReactClient(opts: CorsairReactClientOptions): {
+    client: CorsairManagementClient;
+    useTenants: () => AsyncState<Tenant[]> & {
+        refetch: () => void;
+    };
+    useTenant: (id: string) => AsyncState<Tenant> & {
+        refetch: () => void;
+    };
+    useCreateTenant: () => {
+        data: Tenant | null;
+        loading: boolean;
+        error: Error | null;
+        mutate: (input: CreateTenantInput) => Promise<Tenant>;
+    };
+    usePlugins: () => AsyncState<PluginInfo[]> & {
+        refetch: () => void;
+    };
+    usePlugin: (id: string) => AsyncState<PluginInfo> & {
+        refetch: () => void;
+    };
+    useConnectionStatus: (query?: {
+        tenantId?: string;
+    }) => AsyncState<ConnectionStatus> & {
+        refetch: () => void;
+    };
+    usePermission: (input: {
+        id: string;
+    } | {
+        token: string;
+    }) => AsyncState<PermissionRecord> & {
+        refetch: () => void;
+    };
+    useCreateConnectLink: () => {
+        data: ConnectLink | null;
+        loading: boolean;
+        error: Error | null;
+        mutate: (input: CreateConnectLinkInput) => Promise<ConnectLink>;
+    };
+    useOAuthCallback: () => {
+        data: OAuthCallbackResult | null;
+        loading: boolean;
+        error: Error | null;
+        mutate: (input: OAuthCallbackInput) => Promise<OAuthCallbackResult>;
+    };
+};
+
+export { type AsyncState, ConnectLink, ConnectionStatus, type CorsairReactClientOptions, CreateConnectLinkInput, CreateTenantInput, OAuthCallbackInput, OAuthCallbackResult, PermissionRecord, PluginInfo, Tenant, createCorsairReactClient };

package/dist/client/react/index.js

@@ -0,0 +1 @@
+import{b as C}from"../../chunk-XLNT2UI2.js";import{useCallback as d,useEffect as m,useReducer as y,useRef as T}from"react";function R(r,t){switch(t.type){case"FETCH":return{status:"loading",data:null,error:null,loading:!0};case"SUCCESS":return{status:"success",data:t.data,error:null,loading:!1};case"ERROR":return{status:"error",data:null,error:t.error,loading:!1};case"RESET":return{status:"idle",data:null,error:null,loading:!1}}}var f={status:"idle",data:null,error:null,loading:!1};function l(r,t){let[a,s]=y(R,f),i=T(r);i.current=r;let e=T(0),u=d(()=>{let c=++e.current;s({type:"FETCH"}),i.current().then(o=>{c===e.current&&s({type:"SUCCESS",data:o})}).catch(o=>{c===e.current&&s({type:"ERROR",error:o instanceof Error?o:new Error(String(o))})})},[]);return m(()=>(u(),()=>{e.current++}),t),{...a,refetch:u}}function p(r){let[t,a]=y(R,f),s=d(async i=>{a({type:"FETCH"});try{let e=await r(i);return a({type:"SUCCESS",data:e}),e}catch(e){let u=e instanceof Error?e:new Error(String(e));throw a({type:"ERROR",error:u}),u}},[]);return{data:t.data,loading:t.loading,error:t.error,mutate:s}}function I(r){let t=C(r);function a(){return l(()=>t.tenants.list(),[])}function s(n){return l(()=>t.tenants.get(n),[n])}function i(){return p(n=>t.tenants.create(n))}function e(){return l(()=>t.plugins.list(),[])}function u(n){return l(()=>t.plugins.get(n),[n])}function c(n){return l(()=>t.connectionStatus.get(n),[n?.tenantId])}function o(n){let A="id"in n?n.id:n.token;return l(()=>t.permissions.get(n),[A])}function g(){return p(n=>t.connect.createLink(n))}function S(){return p(n=>t.connect.oauthCallback(n))}return{client:t,useTenants:a,useTenant:s,useCreateTenant:i,usePlugins:e,usePlugin:u,useConnectionStatus:c,usePermission:o,useCreateConnectLink:g,useOAuthCallback:S}}export{I as createCorsairReactClient};

package/dist/constants-CE0V2QbI.d.ts

@@ -0,0 +1,73 @@
+type AllErrors = 'RATE_LIMIT_ERROR' | 'AUTH_ERROR' | 'PERMISSION_ERROR' | 'NETWORK_ERROR' | 'TIMEOUT_ERROR' | 'SERVER_ERROR' | 'VALIDATION_ERROR' | 'NOT_FOUND_ERROR' | 'BAD_REQUEST_ERROR' | 'PARSING_ERROR' | 'DEFAULT' | (string & {});
+declare const BaseProviders: readonly ["ahrefs", "airtable", "amplitude", "asana", "bitwarden", "bluesky", "box", "cal", "calendly", "cloudflare", "cursor", "discord", "dodopayments", "dropbox", "exa", "figma", "firecrawl", "fireflies", "github", "gitlab", "gmail", "googlecalendar", "googledrive", "googlesheets", "grafana", "hackernews", "hubspot", "intercom", "jira", "linear", "monday", "notion", "onedrive", "openweathermap", "oura", "outlook", "pagerduty", "posthog", "razorpay", "reddit", "resend", "sentry", "sharepoint", "slack", "spotify", "strava", "stripe", "tally", "tavily", "teams", "telegram", "todoist", "trello", "twilio", "twitter", "twitterapiio", "typeform", "vapi", "xquik", "youtube", "zendesk", "zohomail", "zoom"];
+declare const ProviderDisplayNames: {
+    readonly ahrefs: "Ahrefs";
+    readonly airtable: "Airtable";
+    readonly amplitude: "Amplitude";
+    readonly asana: "Asana";
+    readonly bitwarden: "Bitwarden";
+    readonly bluesky: "Bluesky";
+    readonly box: "Box";
+    readonly cal: "Cal";
+    readonly calendly: "Calendly";
+    readonly cloudflare: "Cloudflare";
+    readonly cursor: "Cursor";
+    readonly discord: "Discord";
+    readonly dodopayments: "Dodo Payments";
+    readonly dropbox: "Dropbox";
+    readonly exa: "Exa";
+    readonly figma: "Figma";
+    readonly firecrawl: "Firecrawl";
+    readonly fireflies: "Fireflies";
+    readonly github: "GitHub";
+    readonly gitlab: "GitLab";
+    readonly gmail: "Gmail";
+    readonly googlecalendar: "Google Calendar";
+    readonly googledrive: "Google Drive";
+    readonly googlesheets: "Google Sheets";
+    readonly grafana: "Grafana";
+    readonly hackernews: "Hacker News";
+    readonly hubspot: "HubSpot";
+    readonly intercom: "Intercom";
+    readonly jira: "Jira";
+    readonly linear: "Linear";
+    readonly monday: "Monday";
+    readonly notion: "Notion";
+    readonly onedrive: "OneDrive";
+    readonly openweathermap: "OpenWeatherMap";
+    readonly oura: "Oura";
+    readonly outlook: "Outlook";
+    readonly pagerduty: "PagerDuty";
+    readonly posthog: "PostHog";
+    readonly razorpay: "Razorpay";
+    readonly reddit: "Reddit";
+    readonly resend: "Resend";
+    readonly sentry: "Sentry";
+    readonly sharepoint: "SharePoint";
+    readonly slack: "Slack";
+    readonly spotify: "Spotify";
+    readonly strava: "Strava";
+    readonly stripe: "Stripe";
+    readonly tally: "Tally";
+    readonly tavily: "Tavily";
+    readonly teams: "Teams";
+    readonly telegram: "Telegram";
+    readonly todoist: "Todoist";
+    readonly trello: "Trello";
+    readonly twilio: "Twilio";
+    readonly twitter: "Twitter";
+    readonly twitterapiio: "Twitter API IO";
+    readonly typeform: "Typeform";
+    readonly vapi: "Vapi";
+    readonly xquik: "XQuik";
+    readonly youtube: "YouTube";
+    readonly zendesk: "Zendesk";
+    readonly zohomail: "Zoho Mail";
+    readonly zoom: "Zoom";
+};
+declare function formatProviderDisplayName(plugin: string): string;
+type AllProviders = 'ahrefs' | 'airtable' | 'amplitude' | 'asana' | 'bitwarden' | 'bluesky' | 'box' | 'cal' | 'calendly' | 'cloudflare' | 'cursor' | 'discord' | 'dodopayments' | 'dropbox' | 'exa' | 'figma' | 'firecrawl' | 'fireflies' | 'github' | 'gitlab' | 'gmail' | 'googlecalendar' | 'googledrive' | 'googlesheets' | 'grafana' | 'hackernews' | 'hubspot' | 'intercom' | 'jira' | 'linear' | 'monday' | 'notion' | 'onedrive' | 'openweathermap' | 'oura' | 'outlook' | 'pagerduty' | 'posthog' | 'razorpay' | 'reddit' | 'resend' | 'sentry' | 'sharepoint' | 'slack' | 'spotify' | 'strava' | 'stripe' | 'tally' | 'tavily' | 'teams' | 'telegram' | 'todoist' | 'trello' | 'twilio' | 'twitter' | 'twitterapiio' | 'typeform' | 'vapi' | 'xquik' | 'youtube' | 'zendesk' | 'zohomail' | 'zoom' | (string & {});
+type AuthTypes = 'oauth_2' | 'api_key' | 'bot_token' | 'managed';
+type PickAuth<T extends AuthTypes> = T;
+
+export { type AuthTypes as A, BaseProviders as B, type PickAuth as P, type AllProviders as a, ProviderDisplayNames as b, type AllErrors as c, formatProviderDisplayName as f };

package/dist/core.d.ts

@@ -1,14 +1,18 @@
-export { C as CORSAIR_INTERNAL, a as CorsairInternalConfig, c as createCorsair } from './index-BOgiPWN6.js';
+export { C as CORSAIR_INTERNAL, a as CorsairInternalConfig, c as createCorsair } from './index-dta3YWl8.js';
 import { CorsairDatabase } from './db.js';
-import { A as AuthTypes, a as AccountKeyManagerFor, I as IntegrationKeyManagerFor } from './types-C2vFipdU.js';
-export { b as AccountFieldNames, f as AllProviders, e as BASE_AUTH_FIELDS, B as BaseAuthFieldConfig, c as BaseKeyManager, g as BaseProviders, k as Bivariant, d as IntegrationFieldNames, O as OAuth2IntegrationCredentials, h as PickAuth, P as PluginAuthConfig, j as ProviderDisplayNames, U as UnionToIntersection, i as formatProviderDisplayName } from './types-C2vFipdU.js';
-export { v as BeforeHookResult, B as BindEndpoints, N as BindWebhooks, h as BoundEndpointFn, i as BoundEndpointTree, Q as BoundWebhook, S as BoundWebhookTree, g as CorsairClient, j as CorsairContext, k as CorsairEndpoint, m as CorsairErrorHandler, c as CorsairIntegration, w as CorsairKeyBuilder, x as CorsairKeyBuilderBase, U as CorsairOAuthWebhookTenantLinkResolver, s as CorsairPermissionsNamespace, C as CorsairPlugin, y as CorsairPluginContext, e as CorsairSingleTenantClient, d as CorsairTenantWrapper, V as CorsairWebhook, X as CorsairWebhookHandler, Y as CorsairWebhookMatcher, Z as CorsairWebhookTenantMatcher, z as EndpointHooks, A as EndpointMetaEntry, E as EndpointPathsOf, D as EndpointRiskLevel, l as EndpointTree, t as EnforcePermissionOptions, u as EnforcePermissionResult, n as ErrorContext, o as ErrorHandler, p as ErrorHandlerAndMatchFunction, q as ErrorMatcher, K as KeyBuilderContext, O as OAuthConfig, P as PermissionMode, F as PermissionPolicy, G as PluginEndpointMeta, H as PluginPermissionsConfig, _ as RawWebhookRequest, I as RequiredPluginEndpointMeta, J as RequiredPluginEndpointSchemas, L as RequiredPluginWebhookSchemas, R as RetryStrategies, r as RetryStrategy, T as TokenResponse, M as WebhookHooks, $ as WebhookPathsOf, a0 as WebhookRequest, a1 as WebhookResponse, W as WebhookTenantMatch, a2 as WebhookTree, f as exchangeCodeForTokens } from './index-Cs2O9Pmx.js';
-export { A as AuthMissingError, D as DocSchemaFieldRow, a as DocSchemaShape, b as DocsApiEndpoint, c as DocsDbEntity, d as DocsDbFilterField, e as DocsWebhook, E as EndpointSchemaResult, I as IntrospectPluginForDocsResult, L as ListOperationsOptions, P as PluginDocsIntrospection, j as PluginWebhookMatchers, R as ResolveConnectLinkResult, W as WebhookPluginTenantMatch, k as asRecord, g as collectPluginWebhookMatchers, l as decodePubSubData, n as extractMicrosoftGraphValidationToken, o as firstString, f as formatDocSchemaShape, p as getHeader, i as introspectPluginForDocs, q as isMicrosoftGraphValidationHandshake, m as matchWebhookPlugin, h as matchWebhookPluginAndTenant, s as readBodyRecord, t as readQueryParam, r as resolveConnectLink, u as toExternalId } from './tenant-match-utils-CHQomRrU.js';
+import { A as AccountKeyManagerFor, I as IntegrationKeyManagerFor } from './types-BY2SDx3_.js';
+export { a as AccountFieldNames, d as BASE_AUTH_FIELDS, B as BaseAuthFieldConfig, b as BaseKeyManager, e as Bivariant, c as IntegrationFieldNames, O as OAuth2IntegrationCredentials, P as PluginAuthConfig, U as UnionToIntersection } from './types-BY2SDx3_.js';
+export { v as BeforeHookResult, B as BindEndpoints, N as BindWebhooks, h as BoundEndpointFn, i as BoundEndpointTree, Q as BoundWebhook, S as BoundWebhookTree, g as CorsairClient, j as CorsairContext, k as CorsairEndpoint, m as CorsairErrorHandler, c as CorsairIntegration, w as CorsairKeyBuilder, x as CorsairKeyBuilderBase, U as CorsairOAuthWebhookTenantLinkResolver, s as CorsairPermissionsNamespace, C as CorsairPlugin, y as CorsairPluginContext, e as CorsairSingleTenantClient, d as CorsairTenantWrapper, V as CorsairWebhook, X as CorsairWebhookHandler, Y as CorsairWebhookMatcher, Z as CorsairWebhookTenantMatcher, z as EndpointHooks, A as EndpointMetaEntry, E as EndpointPathsOf, D as EndpointRiskLevel, l as EndpointTree, t as EnforcePermissionOptions, u as EnforcePermissionResult, n as ErrorContext, o as ErrorHandler, p as ErrorHandlerAndMatchFunction, q as ErrorMatcher, K as KeyBuilderContext, O as OAuthConfig, P as PermissionMode, F as PermissionPolicy, G as PluginEndpointMeta, H as PluginPermissionsConfig, _ as RawWebhookRequest, I as RequiredPluginEndpointMeta, J as RequiredPluginEndpointSchemas, L as RequiredPluginWebhookSchemas, R as RetryStrategies, r as RetryStrategy, T as TokenResponse, M as WebhookHooks, $ as WebhookPathsOf, a0 as WebhookRequest, a1 as WebhookResponse, W as WebhookTenantMatch, a2 as WebhookTree, f as exchangeCodeForTokens } from './index-x-RG0TdQ.js';
+export { A as AuthMissingError, D as DocSchemaFieldRow, a as DocSchemaShape, b as DocsApiEndpoint, c as DocsDbEntity, d as DocsDbFilterField, e as DocsWebhook, E as EndpointSchemaResult, I as IntrospectPluginForDocsResult, L as ListOperationsOptions, P as PluginDocsIntrospection, j as PluginWebhookMatchers, R as ResolveConnectLinkResult, W as WebhookPluginTenantMatch, k as asRecord, g as collectPluginWebhookMatchers, l as decodePubSubData, n as extractMicrosoftGraphValidationToken, o as firstString, f as formatDocSchemaShape, p as getHeader, i as introspectPluginForDocs, q as isMicrosoftGraphValidationHandshake, m as matchWebhookPlugin, h as matchWebhookPluginAndTenant, s as readBodyRecord, t as readQueryParam, r as resolveConnectLink, u as toExternalId } from './tenant-match-utils-DhF58Vo8.js';
+import { A as AuthTypes } from './constants-CE0V2QbI.js';
+export { a as AllProviders, B as BaseProviders, P as PickAuth, b as ProviderDisplayNames, f as formatProviderDisplayName } from './constants-CE0V2QbI.js';
 import 'kysely';
+import './index-ggMa1Rj6.js';
 import 'zod';
 import 'pg';
 import 'postgres';
 import './orm.js';
+import './types-BswoTGV5.js';
 
 /**
  * Context interface with account ID resolver for logging events.

package/dist/db.d.ts

@@ -1,151 +1,10 @@
 import { Kysely, SqliteDialectConfig } from 'kysely';
 export { sql } from 'kysely';
-import { z } from 'zod';
+import { b as CorsairIntegration, C as CorsairAccount, c as CorsairEntity, d as CorsairEvent, a as CorsairPermission } from './index-ggMa1Rj6.js';
+export { n as CorsairAccountInsert, t as CorsairAccountUpdate, f as CorsairAccountsSchema, g as CorsairEntitiesSchema, o as CorsairEntityInsert, u as CorsairEntityUpdate, p as CorsairEventInsert, v as CorsairEventUpdate, h as CorsairEventsSchema, m as CorsairIntegrationInsert, s as CorsairIntegrationUpdate, e as CorsairIntegrationsSchema, j as CorsairPermissionInsert, i as CorsairPermissionsSchema, q as CorsairTableInsert, k as CorsairTableName, l as CorsairTableRow, w as CorsairTableUpdate, r as TableInsertType, T as TableRowType, x as TableUpdateType } from './index-ggMa1Rj6.js';
 import { Pool } from 'pg';
 import { Sql } from 'postgres';
-
-declare const CorsairIntegrationsSchema: z.ZodObject<{
-    id: z.ZodString;
-    created_at: z.ZodCoercedDate<unknown>;
-    updated_at: z.ZodCoercedDate<unknown>;
-    name: z.ZodString;
-    config: z.ZodPipe<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>, z.ZodTransform<Record<string, unknown>, Record<string, unknown> | null>>;
-    dek: z.ZodOptional<z.ZodNullable<z.ZodString>>;
-}, z.core.$strip>;
-type CorsairIntegration = z.infer<typeof CorsairIntegrationsSchema>;
-declare const CorsairAccountsSchema: z.ZodObject<{
-    id: z.ZodString;
-    created_at: z.ZodCoercedDate<unknown>;
-    updated_at: z.ZodCoercedDate<unknown>;
-    tenant_id: z.ZodString;
-    integration_id: z.ZodString;
-    config: z.ZodPipe<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>, z.ZodTransform<Record<string, unknown>, Record<string, unknown> | null>>;
-    dek: z.ZodOptional<z.ZodNullable<z.ZodString>>;
-}, z.core.$strip>;
-type CorsairAccount = z.infer<typeof CorsairAccountsSchema>;
-declare const CorsairEntitiesSchema: z.ZodObject<{
-    id: z.ZodString;
-    created_at: z.ZodCoercedDate<unknown>;
-    updated_at: z.ZodCoercedDate<unknown>;
-    account_id: z.ZodString;
-    entity_id: z.ZodString;
-    entity_type: z.ZodString;
-    version: z.ZodString;
-    data: z.ZodPipe<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>, z.ZodTransform<Record<string, unknown>, Record<string, unknown> | null>>;
-}, z.core.$strip>;
-type CorsairEntity = z.infer<typeof CorsairEntitiesSchema>;
-declare const CorsairEventsSchema: z.ZodObject<{
-    id: z.ZodString;
-    created_at: z.ZodCoercedDate<unknown>;
-    updated_at: z.ZodCoercedDate<unknown>;
-    account_id: z.ZodString;
-    event_type: z.ZodString;
-    payload: z.ZodPipe<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>, z.ZodTransform<Record<string, unknown>, Record<string, unknown> | null>>;
-    status: z.ZodOptional<z.ZodEnum<{
-        pending: "pending";
-        processing: "processing";
-        completed: "completed";
-        failed: "failed";
-    }>>;
-}, z.core.$strip>;
-type CorsairEvent = z.infer<typeof CorsairEventsSchema>;
-declare const CorsairPermissionsSchema: z.ZodObject<{
-    id: z.ZodString;
-    created_at: z.ZodCoercedDate<unknown>;
-    updated_at: z.ZodCoercedDate<unknown>;
-    token: z.ZodString;
-    plugin: z.ZodString;
-    endpoint: z.ZodString;
-    args: z.ZodString;
-    tenant_id: z.ZodString;
-    status: z.ZodDefault<z.ZodEnum<{
-        pending: "pending";
-        completed: "completed";
-        failed: "failed";
-        approved: "approved";
-        executing: "executing";
-        denied: "denied";
-        expired: "expired";
-    }>>;
-    expires_at: z.ZodString;
-    error: z.ZodOptional<z.ZodNullable<z.ZodString>>;
-}, z.core.$strip>;
-type CorsairPermission = z.infer<typeof CorsairPermissionsSchema>;
-type CorsairPermissionInsert = {
-    id?: string;
-    created_at?: Date;
-    updated_at?: Date;
-    token: string;
-    plugin: string;
-    endpoint: string;
-    args: string;
-    tenant_id?: string;
-    status?: 'pending' | 'approved' | 'executing' | 'completed' | 'denied' | 'expired' | 'failed';
-    expires_at: string;
-    error?: string | null;
-};
-type CorsairTableName = 'corsair_integrations' | 'corsair_accounts' | 'corsair_entities' | 'corsair_events' | 'corsair_permissions' | (string & {});
-type CorsairTableRow = {
-    corsair_integrations: CorsairIntegration;
-    corsair_accounts: CorsairAccount;
-    corsair_entities: CorsairEntity;
-    corsair_events: CorsairEvent;
-};
-type TableRowType<T extends CorsairTableName> = T extends keyof CorsairTableRow ? CorsairTableRow[T] : Record<string, unknown>;
-type CorsairIntegrationInsert = {
-    id?: string;
-    created_at?: Date;
-    updated_at?: Date;
-    name: string;
-    config: Record<string, unknown>;
-    dek?: string;
-};
-type CorsairAccountInsert = {
-    id?: string;
-    created_at?: Date;
-    updated_at?: Date;
-    tenant_id: string;
-    integration_id: string;
-    config: Record<string, unknown>;
-    dek?: string;
-};
-type CorsairEntityInsert = {
-    id?: string;
-    created_at?: Date;
-    updated_at?: Date;
-    account_id: string;
-    entity_id: string;
-    entity_type: string;
-    version: string;
-    data: Record<string, unknown>;
-};
-type CorsairEventInsert = {
-    id?: string;
-    created_at?: Date;
-    updated_at?: Date;
-    account_id: string;
-    event_type: string;
-    payload: Record<string, unknown>;
-    status?: 'pending' | 'processing' | 'completed' | 'failed';
-};
-type CorsairTableInsert = {
-    corsair_integrations: CorsairIntegrationInsert;
-    corsair_accounts: CorsairAccountInsert;
-    corsair_entities: CorsairEntityInsert;
-    corsair_events: CorsairEventInsert;
-};
-type TableInsertType<T extends CorsairTableName> = T extends keyof CorsairTableInsert ? CorsairTableInsert[T] : Record<string, unknown>;
-type CorsairIntegrationUpdate = Partial<Omit<CorsairIntegration, 'id' | 'created_at'>>;
-type CorsairAccountUpdate = Partial<Omit<CorsairAccount, 'id' | 'created_at'>>;
-type CorsairEntityUpdate = Partial<Omit<CorsairEntity, 'id' | 'created_at'>>;
-type CorsairEventUpdate = Partial<Omit<CorsairEvent, 'id' | 'created_at'>>;
-type CorsairTableUpdate = {
-    corsair_integrations: CorsairIntegrationUpdate;
-    corsair_accounts: CorsairAccountUpdate;
-    corsair_entities: CorsairEntityUpdate;
-    corsair_events: CorsairEventUpdate;
-};
-type TableUpdateType<T extends CorsairTableName> = T extends keyof CorsairTableUpdate ? CorsairTableUpdate[T] : Record<string, unknown>;
+import 'zod';
 
 type CorsairKyselyDatabase = {
     corsair_integrations: CorsairIntegration;
@@ -165,4 +24,4 @@ type BetterSqlite3Database = NonNullable<SqliteDialectConfig['database']>;
 type CorsairDatabaseInput = Pool | BetterSqlite3Database | Sql | Kysely<CorsairKyselyDatabase>;
 declare function createCorsairDatabase(input: CorsairDatabaseInput): CorsairDatabase;
 
-export { type CorsairAccount, type CorsairAccountInsert, type CorsairAccountUpdate, CorsairAccountsSchema, type CorsairDatabase, type CorsairDatabaseInput, CorsairEntitiesSchema, type CorsairEntity, type CorsairEntityInsert, type CorsairEntityUpdate, type CorsairEvent, type CorsairEventInsert, type CorsairEventUpdate, CorsairEventsSchema, type CorsairIntegration, type CorsairIntegrationInsert, type CorsairIntegrationUpdate, CorsairIntegrationsSchema, type CorsairKyselyDatabase, type CorsairPermission, type CorsairPermissionInsert, CorsairPermissionsSchema, type CorsairTableInsert, type CorsairTableName, type CorsairTableRow, type CorsairTableUpdate, type TableInsertType, type TableRowType, type TableUpdateType, createCorsairDatabase };
+export { CorsairAccount, type CorsairDatabase, type CorsairDatabaseInput, CorsairEntity, CorsairEvent, CorsairIntegration, type CorsairKyselyDatabase, CorsairPermission, createCorsairDatabase };

package/dist/hub.d.ts

@@ -1,5 +1,6 @@
-import { n as HubOAuthMode, o as HubConnectSessionResult, p as HubPermissionSessionResult, q as HubConnectSource, H as HubConfig, m as HubConfigInput, r as HubConnectSessionInput, a as AccountKeyManagerFor, s as HubPermissionSessionInput } from './types-C2vFipdU.js';
-export { D as DEFAULT_HUB_API_URL, i as formatProviderDisplayName } from './types-C2vFipdU.js';
+export { f as formatProviderDisplayName } from './constants-CE0V2QbI.js';
+import { g as HubOAuthMode, h as HubConnectSessionResult, i as HubPermissionSessionResult, j as HubConnectSource, H as HubConfig, f as HubConfigInput, k as HubConnectSessionInput, A as AccountKeyManagerFor, l as HubPermissionSessionInput } from './types-BY2SDx3_.js';
+export { D as DEFAULT_HUB_API_URL } from './types-BY2SDx3_.js';
 import { e as TunnelType, c as ProcessCorsairRequest } from './index-LpuBJQ1m.js';
 export { f as BROWSER_DELIVERY_TTL_MS, g as BrowserDeliveryMode, B as BrowserDeliveryPayload, S as SIGNED_TUNNEL_REPLAY_WINDOW_MS, d as TunnelEnvelope } from './index-LpuBJQ1m.js';
 export { b as buildBrowserDeliveryRedirectUrl, s as signBrowserDeliveryToken, v as verifyBrowserDeliveryToken } from './browser-delivery-CvBUoA96.js';

package/dist/{index-BOgiPWN6.d.ts → index-dta3YWl8.d.ts}

@@ -1,6 +1,6 @@
 import { CorsairDatabase } from './db.js';
-import { H as HubConfig } from './types-C2vFipdU.js';
-import { C as CorsairPlugin, a as CorsairPermissionsOptions, b as CorsairManualConfig, c as CorsairIntegration, d as CorsairTenantWrapper, e as CorsairSingleTenantClient } from './index-Cs2O9Pmx.js';
+import { H as HubConfig } from './types-BY2SDx3_.js';
+import { C as CorsairPlugin, a as CorsairPermissionsOptions, b as CorsairManualConfig, c as CorsairIntegration, d as CorsairTenantWrapper, e as CorsairSingleTenantClient } from './index-x-RG0TdQ.js';
 
 declare const CORSAIR_INTERNAL: unique symbol;
 type CorsairInternalConfig = {

package/dist/index-ggMa1Rj6.d.ts

@@ -0,0 +1,146 @@
+import { z } from 'zod';
+
+declare const CorsairIntegrationsSchema: z.ZodObject<{
+    id: z.ZodString;
+    created_at: z.ZodCoercedDate<unknown>;
+    updated_at: z.ZodCoercedDate<unknown>;
+    name: z.ZodString;
+    config: z.ZodPipe<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>, z.ZodTransform<Record<string, unknown>, Record<string, unknown> | null>>;
+    dek: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+}, z.core.$strip>;
+type CorsairIntegration = z.infer<typeof CorsairIntegrationsSchema>;
+declare const CorsairAccountsSchema: z.ZodObject<{
+    id: z.ZodString;
+    created_at: z.ZodCoercedDate<unknown>;
+    updated_at: z.ZodCoercedDate<unknown>;
+    tenant_id: z.ZodString;
+    integration_id: z.ZodString;
+    config: z.ZodPipe<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>, z.ZodTransform<Record<string, unknown>, Record<string, unknown> | null>>;
+    dek: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+}, z.core.$strip>;
+type CorsairAccount = z.infer<typeof CorsairAccountsSchema>;
+declare const CorsairEntitiesSchema: z.ZodObject<{
+    id: z.ZodString;
+    created_at: z.ZodCoercedDate<unknown>;
+    updated_at: z.ZodCoercedDate<unknown>;
+    account_id: z.ZodString;
+    entity_id: z.ZodString;
+    entity_type: z.ZodString;
+    version: z.ZodString;
+    data: z.ZodPipe<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>, z.ZodTransform<Record<string, unknown>, Record<string, unknown> | null>>;
+}, z.core.$strip>;
+type CorsairEntity = z.infer<typeof CorsairEntitiesSchema>;
+declare const CorsairEventsSchema: z.ZodObject<{
+    id: z.ZodString;
+    created_at: z.ZodCoercedDate<unknown>;
+    updated_at: z.ZodCoercedDate<unknown>;
+    account_id: z.ZodString;
+    event_type: z.ZodString;
+    payload: z.ZodPipe<z.ZodNullable<z.ZodRecord<z.ZodString, z.ZodUnknown>>, z.ZodTransform<Record<string, unknown>, Record<string, unknown> | null>>;
+    status: z.ZodOptional<z.ZodEnum<{
+        pending: "pending";
+        processing: "processing";
+        completed: "completed";
+        failed: "failed";
+    }>>;
+}, z.core.$strip>;
+type CorsairEvent = z.infer<typeof CorsairEventsSchema>;
+declare const CorsairPermissionsSchema: z.ZodObject<{
+    id: z.ZodString;
+    created_at: z.ZodCoercedDate<unknown>;
+    updated_at: z.ZodCoercedDate<unknown>;
+    token: z.ZodString;
+    plugin: z.ZodString;
+    endpoint: z.ZodString;
+    args: z.ZodString;
+    tenant_id: z.ZodString;
+    status: z.ZodDefault<z.ZodEnum<{
+        pending: "pending";
+        completed: "completed";
+        failed: "failed";
+        approved: "approved";
+        executing: "executing";
+        denied: "denied";
+        expired: "expired";
+    }>>;
+    expires_at: z.ZodString;
+    error: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+}, z.core.$strip>;
+type CorsairPermission = z.infer<typeof CorsairPermissionsSchema>;
+type CorsairPermissionInsert = {
+    id?: string;
+    created_at?: Date;
+    updated_at?: Date;
+    token: string;
+    plugin: string;
+    endpoint: string;
+    args: string;
+    tenant_id?: string;
+    status?: 'pending' | 'approved' | 'executing' | 'completed' | 'denied' | 'expired' | 'failed';
+    expires_at: string;
+    error?: string | null;
+};
+type CorsairTableName = 'corsair_integrations' | 'corsair_accounts' | 'corsair_entities' | 'corsair_events' | 'corsair_permissions' | (string & {});
+type CorsairTableRow = {
+    corsair_integrations: CorsairIntegration;
+    corsair_accounts: CorsairAccount;
+    corsair_entities: CorsairEntity;
+    corsair_events: CorsairEvent;
+};
+type TableRowType<T extends CorsairTableName> = T extends keyof CorsairTableRow ? CorsairTableRow[T] : Record<string, unknown>;
+type CorsairIntegrationInsert = {
+    id?: string;
+    created_at?: Date;
+    updated_at?: Date;
+    name: string;
+    config: Record<string, unknown>;
+    dek?: string;
+};
+type CorsairAccountInsert = {
+    id?: string;
+    created_at?: Date;
+    updated_at?: Date;
+    tenant_id: string;
+    integration_id: string;
+    config: Record<string, unknown>;
+    dek?: string;
+};
+type CorsairEntityInsert = {
+    id?: string;
+    created_at?: Date;
+    updated_at?: Date;
+    account_id: string;
+    entity_id: string;
+    entity_type: string;
+    version: string;
+    data: Record<string, unknown>;
+};
+type CorsairEventInsert = {
+    id?: string;
+    created_at?: Date;
+    updated_at?: Date;
+    account_id: string;
+    event_type: string;
+    payload: Record<string, unknown>;
+    status?: 'pending' | 'processing' | 'completed' | 'failed';
+};
+type CorsairTableInsert = {
+    corsair_integrations: CorsairIntegrationInsert;
+    corsair_accounts: CorsairAccountInsert;
+    corsair_entities: CorsairEntityInsert;
+    corsair_events: CorsairEventInsert;
+};
+type TableInsertType<T extends CorsairTableName> = T extends keyof CorsairTableInsert ? CorsairTableInsert[T] : Record<string, unknown>;
+type CorsairIntegrationUpdate = Partial<Omit<CorsairIntegration, 'id' | 'created_at'>>;
+type CorsairAccountUpdate = Partial<Omit<CorsairAccount, 'id' | 'created_at'>>;
+type CorsairEntityUpdate = Partial<Omit<CorsairEntity, 'id' | 'created_at'>>;
+type CorsairEventUpdate = Partial<Omit<CorsairEvent, 'id' | 'created_at'>>;
+type CorsairTableUpdate = {
+    corsair_integrations: CorsairIntegrationUpdate;
+    corsair_accounts: CorsairAccountUpdate;
+    corsair_entities: CorsairEntityUpdate;
+    corsair_events: CorsairEventUpdate;
+};
+type TableUpdateType<T extends CorsairTableName> = T extends keyof CorsairTableUpdate ? CorsairTableUpdate[T] : Record<string, unknown>;
+
+export { type CorsairAccount as C, type TableRowType as T, type CorsairPermission as a, type CorsairIntegration as b, type CorsairEntity as c, type CorsairEvent as d, CorsairIntegrationsSchema as e, CorsairAccountsSchema as f, CorsairEntitiesSchema as g, CorsairEventsSchema as h, CorsairPermissionsSchema as i, type CorsairPermissionInsert as j, type CorsairTableName as k, type CorsairTableRow as l, type CorsairIntegrationInsert as m, type CorsairAccountInsert as n, type CorsairEntityInsert as o, type CorsairEventInsert as p, type CorsairTableInsert as q, type TableInsertType as r, type CorsairIntegrationUpdate as s, type CorsairAccountUpdate as t, type CorsairEntityUpdate as u, type CorsairEventUpdate as v, type CorsairTableUpdate as w, type TableUpdateType as x };

package/dist/{index-Cs2O9Pmx.d.ts → index-x-RG0TdQ.d.ts}

@@ -1,7 +1,10 @@
 import { ZodTypeAny } from 'zod';
-import { CorsairDatabase, CorsairPermission, CorsairDatabaseInput } from './db.js';
+import { CorsairDatabase, CorsairDatabaseInput } from './db.js';
 import { CorsairPluginSchema, PluginEntityClients } from './orm.js';
-import { l as AllErrors, A as AuthTypes, a as AccountKeyManagerFor, P as PluginAuthConfig, I as IntegrationKeyManagerFor, f as AllProviders, H as HubConfig, m as HubConfigInput } from './types-C2vFipdU.js';
+import { c as AllErrors, A as AuthTypes, a as AllProviders } from './constants-CE0V2QbI.js';
+import { A as AccountKeyManagerFor, P as PluginAuthConfig, I as IntegrationKeyManagerFor, H as HubConfig, f as HubConfigInput } from './types-BY2SDx3_.js';
+import { M as ManagementOk, T as Tenant, C as CreateTenantInput, P as PluginInfo, a as ConnectionStatus, f as PermissionLookupInput, b as PermissionRecord, d as CreateConnectLinkInput, c as ConnectLink, R as ResolvedConnectLink, e as OAuthCallbackInput, O as OAuthCallbackResult } from './types-BswoTGV5.js';
+import { a as CorsairPermission } from './index-ggMa1Rj6.js';
 
 /**
  * Bivariance hack for function types to ensure proper type inference.
@@ -134,73 +137,6 @@ type CorsairErrorHandler = {
     [K in AllErrors]?: ErrorHandlerAndMatchFunction;
 };
 
-type Tenant = {
-    id: string;
-    accounts: Array<{
-        integrationName: string;
-        hasCredentials: boolean;
-    }>;
-    connectedPlugins: string[];
-};
-type CreateTenantInput = {
-    id: string;
-};
-type PluginInfo = {
-    id: string;
-    authType: AuthTypes | null;
-    configured: boolean;
-    missingFields: string[];
-    oauth: {
-        providerName: string;
-        scopes: string[];
-        requiresRegisteredRedirect: boolean;
-    } | null;
-};
-type PluginConnectionState = 'connected' | 'missing_credentials' | 'not_connected';
-type ConnectionStatus = Record<string, PluginConnectionState>;
-type ManagementOk = {
-    ok: true;
-};
-type PermissionRecord = CorsairPermission & {
-    /** Resolved review URL for pending/approved records. Null when not actionable or not configured. */
-    approvalUrl: string | null;
-};
-type PermissionLookupInput = {
-    id: string;
-} | {
-    token: string;
-};
-type CreateConnectLinkInput = {
-    /** Required in manual mode. Optional in hub mode (omit to connect all plugins). */
-    plugin?: string;
-    tenantId?: string;
-    /** Hub mode only — BYO uses your OAuth app; managed uses Corsair's. */
-    oauthMode?: 'byo' | 'managed';
-    /** Hub mode only — inferred from deliveryUrl when omitted. */
-    source?: 'client' | 'server';
-    /** Hub mode only — override the provider display name. */
-    providerName?: string;
-};
-type ConnectLink = {
-    connectUrl: string;
-    expiresAt?: string;
-};
-type ResolvedConnectLink = {
-    plugin: string;
-    tenantId: string;
-    providerName: string;
-    oauthUrl: string;
-    state: string;
-};
-type OAuthCallbackInput = {
-    code: string;
-    state: string;
-};
-type OAuthCallbackResult = {
-    plugin: string;
-    tenantId: string;
-};
-
 type CorsairManageNamespace = {
     ok: () => ManagementOk;
     tenants: {
@@ -1190,4 +1126,4 @@ type CorsairDeprecatedApprovalConfig = {
     approval?: CorsairPermissionsOptions;
 };
 
-export { type WebhookPathsOf as $, type EndpointMetaEntry as A, type BindEndpoints as B, type CorsairPlugin as C, type EndpointRiskLevel as D, type EndpointPathsOf as E, type PermissionPolicy as F, type PluginEndpointMeta as G, type PluginPermissionsConfig as H, type RequiredPluginEndpointMeta as I, type RequiredPluginEndpointSchemas as J, type KeyBuilderContext as K, type RequiredPluginWebhookSchemas as L, type WebhookHooks as M, type BindWebhooks as N, type OAuthConfig as O, type PermissionMode as P, type BoundWebhook as Q, type RetryStrategies as R, type BoundWebhookTree as S, type TokenResponse as T, type CorsairOAuthWebhookTenantLinkResolver as U, type CorsairWebhook as V, type WebhookTenantMatch as W, type CorsairWebhookHandler as X, type CorsairWebhookMatcher as Y, type CorsairWebhookTenantMatcher as Z, type RawWebhookRequest as _, type CorsairPermissionsOptions as a, type WebhookRequest as a0, type WebhookResponse as a1, type WebhookTree as a2, type ManagementOk as a3, type Tenant as a4, type CreateTenantInput as a5, type PluginInfo as a6, type ConnectionStatus as a7, type PermissionLookupInput as a8, type PermissionRecord as a9, type CreateConnectLinkInput as aa, type ConnectLink as ab, type ResolvedConnectLink as ac, type OAuthCallbackInput as ad, type OAuthCallbackResult as ae, type CorsairManageNamespace as af, type PluginConnectionState as ag, type CorsairManualConfig as b, type CorsairIntegration as c, type CorsairTenantWrapper as d, type CorsairSingleTenantClient as e, exchangeCodeForTokens as f, type CorsairClient as g, type BoundEndpointFn as h, type BoundEndpointTree as i, type CorsairContext as j, type CorsairEndpoint as k, type EndpointTree as l, type CorsairErrorHandler as m, type ErrorContext as n, type ErrorHandler as o, type ErrorHandlerAndMatchFunction as p, type ErrorMatcher as q, type RetryStrategy as r, type CorsairPermissionsNamespace as s, type EnforcePermissionOptions as t, type EnforcePermissionResult as u, type BeforeHookResult as v, type CorsairKeyBuilder as w, type CorsairKeyBuilderBase as x, type CorsairPluginContext as y, type EndpointHooks as z };
+export { type WebhookPathsOf as $, type EndpointMetaEntry as A, type BindEndpoints as B, type CorsairPlugin as C, type EndpointRiskLevel as D, type EndpointPathsOf as E, type PermissionPolicy as F, type PluginEndpointMeta as G, type PluginPermissionsConfig as H, type RequiredPluginEndpointMeta as I, type RequiredPluginEndpointSchemas as J, type KeyBuilderContext as K, type RequiredPluginWebhookSchemas as L, type WebhookHooks as M, type BindWebhooks as N, type OAuthConfig as O, type PermissionMode as P, type BoundWebhook as Q, type RetryStrategies as R, type BoundWebhookTree as S, type TokenResponse as T, type CorsairOAuthWebhookTenantLinkResolver as U, type CorsairWebhook as V, type WebhookTenantMatch as W, type CorsairWebhookHandler as X, type CorsairWebhookMatcher as Y, type CorsairWebhookTenantMatcher as Z, type RawWebhookRequest as _, type CorsairPermissionsOptions as a, type WebhookRequest as a0, type WebhookResponse as a1, type WebhookTree as a2, type CorsairManageNamespace as a3, type CorsairManualConfig as b, type CorsairIntegration as c, type CorsairTenantWrapper as d, type CorsairSingleTenantClient as e, exchangeCodeForTokens as f, type CorsairClient as g, type BoundEndpointFn as h, type BoundEndpointTree as i, type CorsairContext as j, type CorsairEndpoint as k, type EndpointTree as l, type CorsairErrorHandler as m, type ErrorContext as n, type ErrorHandler as o, type ErrorHandlerAndMatchFunction as p, type ErrorMatcher as q, type RetryStrategy as r, type CorsairPermissionsNamespace as s, type EnforcePermissionOptions as t, type EnforcePermissionResult as u, type BeforeHookResult as v, type CorsairKeyBuilder as w, type CorsairKeyBuilderBase as x, type CorsairPluginContext as y, type EndpointHooks as z };

package/dist/index.d.ts

@@ -1,17 +1,22 @@
-import { a3 as ManagementOk, a4 as Tenant, a5 as CreateTenantInput, a6 as PluginInfo, a7 as ConnectionStatus, a8 as PermissionLookupInput, a9 as PermissionRecord, aa as CreateConnectLinkInput, ab as ConnectLink, ac as ResolvedConnectLink, ad as OAuthCallbackInput, ae as OAuthCallbackResult, e as CorsairSingleTenantClient, C as CorsairPlugin, d as CorsairTenantWrapper, g as CorsairClient, s as CorsairPermissionsNamespace, S as BoundWebhookTree, _ as RawWebhookRequest, Z as CorsairWebhookTenantMatcher, a1 as WebhookResponse } from './index-Cs2O9Pmx.js';
-export { af as CorsairManageNamespace, b as CorsairManualConfig, a as CorsairPermissionsOptions, ag as PluginConnectionState } from './index-Cs2O9Pmx.js';
-export { c as createCorsair } from './index-BOgiPWN6.js';
-import { F as FormFieldSchema, L as ListOperationsOptions } from './tenant-match-utils-CHQomRrU.js';
-export { A as AuthMissingError, j as PluginWebhookMatchers, R as ResolveConnectLinkResult, W as WebhookPluginTenantMatch, k as asRecord, g as collectPluginWebhookMatchers, l as decodePubSubData, o as firstString, f as formatDocSchemaShape, p as getHeader, m as matchWebhookPlugin, h as matchWebhookPluginAndTenant, s as readBodyRecord, r as resolveConnectLink, u as toExternalId } from './tenant-match-utils-CHQomRrU.js';
+import { C as CorsairClientOptions, a as CorsairManagementClient } from './types-DoUHxHNl.js';
+export { b as CorsairClientError } from './types-DoUHxHNl.js';
+export { c as createCorsair } from './index-dta3YWl8.js';
+import { e as CorsairSingleTenantClient, C as CorsairPlugin, d as CorsairTenantWrapper, g as CorsairClient, s as CorsairPermissionsNamespace, S as BoundWebhookTree, _ as RawWebhookRequest, Z as CorsairWebhookTenantMatcher, a1 as WebhookResponse } from './index-x-RG0TdQ.js';
+export { a3 as CorsairManageNamespace, b as CorsairManualConfig, a as CorsairPermissionsOptions } from './index-x-RG0TdQ.js';
+import { F as FormFieldSchema, L as ListOperationsOptions } from './tenant-match-utils-DhF58Vo8.js';
+export { A as AuthMissingError, j as PluginWebhookMatchers, R as ResolveConnectLinkResult, W as WebhookPluginTenantMatch, k as asRecord, g as collectPluginWebhookMatchers, l as decodePubSubData, o as firstString, f as formatDocSchemaShape, p as getHeader, m as matchWebhookPlugin, h as matchWebhookPluginAndTenant, s as readBodyRecord, r as resolveConnectLink, u as toExternalId } from './tenant-match-utils-DhF58Vo8.js';
 export { SetupCorsairOptions, setupCorsair } from './setup.js';
 export { O as OAuthCallbackTunnelPayload, P as ProcessCorsairOptions, c as ProcessCorsairRequest, T as TunnelAck, d as TunnelEnvelope, e as TunnelType, W as WebhookTunnelPayload, p as processCorsair } from './index-LpuBJQ1m.js';
-import { g as BaseProviders } from './types-C2vFipdU.js';
-export { R as ResolveAccountFromWebhookLinkInput, W as WebhookTenantLink, r as resolveAccountFromWebhookLink, a as resolveTenantFromWebhookLink, b as resolveTenantIdFromWebhookLink, s as setWebhookTenantLink } from './tenant-links-Cg8-Zu9C.js';
-import 'zod';
+import { B as BaseProviders } from './constants-CE0V2QbI.js';
+export { R as ResolveAccountFromWebhookLinkInput, W as WebhookTenantLink, r as resolveAccountFromWebhookLink, a as resolveTenantFromWebhookLink, b as resolveTenantIdFromWebhookLink, s as setWebhookTenantLink } from './tenant-links-B7k-eaef.js';
+export { c as ConnectLink, a as ConnectionStatus, d as CreateConnectLinkInput, C as CreateTenantInput, M as ManagementOk, e as OAuthCallbackInput, O as OAuthCallbackResult, f as PermissionLookupInput, b as PermissionRecord, g as PluginConnectionState, P as PluginInfo, R as ResolvedConnectLink, T as Tenant } from './types-BswoTGV5.js';
 import './db.js';
 import 'kysely';
+import './index-ggMa1Rj6.js';
+import 'zod';
 import 'pg';
 import 'postgres';
+import './types-BY2SDx3_.js';
 import './orm.js';
 
 type ManagementHandlerOptions = {
@@ -54,44 +59,6 @@ declare function toNextJsHandler(corsair: unknown, opts?: ManagementHandlerOptio
     OPTIONS: (req: Request) => Promise<Response>;
 };
 
-type CorsairClientOptions = {
-    /** Origin + base path of the mounted handler, e.g. 'https://api.example.com/api/corsair'. */
-    baseURL: string;
-    /** Optional fetch override. Defaults to globalThis.fetch. */
-    fetch?: typeof fetch;
-};
-type CorsairManagementClient = {
-    ok: () => Promise<ManagementOk>;
-    tenants: {
-        list: () => Promise<Tenant[]>;
-        create: (input: CreateTenantInput) => Promise<Tenant>;
-        get: (id: string) => Promise<Tenant>;
-    };
-    plugins: {
-        list: () => Promise<PluginInfo[]>;
-        get: (id: string) => Promise<PluginInfo>;
-    };
-    connectionStatus: {
-        get: (query?: {
-            tenantId?: string;
-        }) => Promise<ConnectionStatus>;
-    };
-    permissions: {
-        get: (input: PermissionLookupInput) => Promise<PermissionRecord>;
-    };
-    connect: {
-        createLink: (input: CreateConnectLinkInput) => Promise<ConnectLink>;
-        resolve: (state: string) => Promise<ResolvedConnectLink>;
-        oauthCallback: (input: OAuthCallbackInput) => Promise<OAuthCallbackResult>;
-    };
-};
-declare class CorsairClientError extends Error {
-    readonly status: number;
-    readonly code: string;
-    readonly extra: Record<string, unknown>;
-    constructor(status: number, code: string, message: string, extra?: Record<string, unknown>);
-}
-
 declare function createCorsairClient(opts: CorsairClientOptions): CorsairManagementClient;
 
 type InspectCorsairPlugin = {
@@ -256,4 +223,4 @@ declare function processWebhook(corsair: CorsairInstance, headers: WebhookHeader
     [x: string]: string | string[] | undefined;
 }): Promise<WebhookFilterResult>;
 
-export { type AnyCorsairInstance, ConnectLink, ConnectionStatus, CorsairClientError, type CorsairClientOptions, type CorsairManagementClient, CreateConnectLinkInput, CreateTenantInput, type ExpressHandler, FormFieldSchema, type HonoHandler, ListOperationsOptions, type ManagementHandlerOptions, ManagementOk, OAuthCallbackInput, OAuthCallbackResult, type PermissionExecuteResult, PermissionLookupInput, PermissionRecord, PluginInfo, ResolvedConnectLink, Tenant, createCorsairClient, executePermission, getSchema, getStructuredSchema, listOperations, managementHandler, processWebhook, toExpressHandler, toHonoHandler, toNextJsHandler };
+export { type AnyCorsairInstance, CorsairClientOptions, CorsairManagementClient, type ExpressHandler, FormFieldSchema, type HonoHandler, ListOperationsOptions, type ManagementHandlerOptions, type PermissionExecuteResult, createCorsairClient, executePermission, getSchema, getStructuredSchema, listOperations, managementHandler, processWebhook, toExpressHandler, toHonoHandler, toNextJsHandler };

package/dist/index.js

@@ -1,3 +1,3 @@
-import{$ as w,$a as W,A as P,B as x,C as b,D as I,M as R,Ma as T,Na as L,Oa as A,Pa as v,Qa as $,Ua as d,Va as g,Wa as C,Xa as f,Za as E,_a as M,ab as F,bb as _,cb as N,db as D,hb as H,ib as j,jb as k,ka as S,kb as J,ra as O}from"./chunk-LWFKRPBU.js";import"./chunk-NZS35HPL.js";import"./chunk-IGGCNGU2.js";import"./chunk-QAIKSQAD.js";var u=class extends Error{status;code;extra;constructor(r,o,e,a={}){super(e),this.name="CorsairClientError",this.status=r,this.code=o,this.extra=a}};function U(n){return n.endsWith("/")?n.slice(0,-1):n}async function y(n){let r={};try{r=await n.json()}catch{}let o=typeof r.error=="string"?r.error:"request_failed",e=typeof r.message=="string"?r.message:`Request failed (${n.status})`,{error:a,message:c,...t}=r;return new u(n.status,o,e,t)}function q(n){let r=U(n.baseURL),o=n.fetch??((...t)=>globalThis.fetch(...t));async function e(t,s){let i=s&&Object.keys(s).length?`?${new URLSearchParams(s).toString()}`:"",p=await o(`${r}${t}${i}`,{method:"GET"});if(!p.ok)throw await y(p);return await p.json()}async function a(t,s){let i=await o(`${r}${t}`,{method:"POST",headers:{"content-type":"application/json"},body:JSON.stringify(s)});if(!i.ok)throw await y(i);return await i.json()}let c=encodeURIComponent;return{ok:()=>e("/ok"),tenants:{list:()=>e("/tenants"),create:t=>a("/tenants",t),get:t=>e(`/tenants/${c(t)}`)},plugins:{list:()=>e("/plugins"),get:t=>e(`/plugins/${c(t)}`)},connectionStatus:{get:t=>{let s={};return t?.tenantId&&(s.tenantId=t.tenantId),e("/connection-status",s)}},permissions:{get:t=>"id"in t?e(`/permissions/${c(t.id)}`):a("/permissions/lookup-by-token",{token:t.token})},connect:{createLink:t=>a("/connect/links",t),resolve:t=>e("/connect/resolve",{state:t}),oauthCallback:t=>a("/connect/oauth/callback",t)}}}function l(n){let r=n[k];if(!r)throw new Error("listOperations / getSchema: invalid corsair instance. Pass the value returned by createCorsair() or corsair.withTenant().");return r.plugins}function B(n,r){let o=g(l(n),r);return typeof o=="string"?o:Array.isArray(o)?o.join(`
-`):Object.values(o).flat().join(`
-`)}function G(n,r){return C(l(n),r)}function Y(n,r){return d(l(n),r)}var z=Symbol.for("corsair:internal");function K(n,r){let o=n;for(let e of r){if(!o||typeof o!="object")return null;o=o[e]}return typeof o=="function"?o:null}function h(n){return n[z]?.database}async function Q(n,r){let o=new Date().toISOString(),e=await n.permissions.find_by_token(r);if(!e)return console.error("executePermission: no permission found for token."),{error:"executePermission: no permission found for token."};if(e.status!=="approved")return console.error(`executePermission: permission '${e.id}' is '${e.status}', expected 'approved'.`),{endpoint:e.endpoint,plugin:e.plugin,result:null,error:`executePermission: permission '${e.id}' is '${e.status}', expected 'approved'.`};if(e.expires_at<o){let i=h(n);return i&&await i.db.updateTable("corsair_permissions").set({status:"expired",updated_at:new Date}).where("id","=",e.id).execute(),console.error(`executePermission: permission '${e.id}' has expired.`),{error:`executePermission: permission '${e.id}' has expired.`,endpoint:e.endpoint,plugin:e.plugin,result:null}}let a=e.tenant_id??"default",t=(n.withTenant?n.withTenant(a):n)[e.plugin];if(!t?.api)return console.error(`executePermission: plugin '${e.plugin}' not found or has no API on this corsair instance.`),{error:`executePermission: plugin '${e.plugin}' not found or has no API on this corsair instance.`,plugin:e.plugin,endpoint:e.endpoint,result:null};let s=K(t.api,e.endpoint.split("."));if(!s)return console.error(`executePermission: endpoint '${e.endpoint}' not found in plugin '${e.plugin}'.`),{endpoint:e.endpoint,plugin:e.plugin,result:null,error:`executePermission: endpoint '${e.endpoint}' not found in plugin '${e.plugin}'.`};await n.permissions.set_executing(e.id);try{let i=typeof e.args=="string"?JSON.parse(e.args):e.args,p=await s(i);return await n.permissions.set_completed(e.id),{plugin:e.plugin,endpoint:e.endpoint,result:p}}catch(i){let p=i instanceof Error?i.message:String(i),m=h(n);return m&&await m.db.updateTable("corsair_permissions").set({status:"failed",error:p,updated_at:new Date}).where("id","=",e.id).execute(),{plugin:e.plugin,endpoint:e.endpoint,result:null,error:p}}}export{O as AuthMissingError,u as CorsairClientError,N as asRecord,W as collectPluginWebhookMatchers,J as createCorsair,q as createCorsairClient,j as decodePubSubData,Q as executePermission,H as firstString,f as formatDocSchemaShape,F as getHeader,G as getSchema,Y as getStructuredSchema,B as listOperations,L as managementHandler,E as matchWebhookPlugin,M as matchWebhookPluginAndTenant,S as processCorsair,w as processWebhook,D as readBodyRecord,x as resolveAccountFromWebhookLink,T as resolveConnectLink,I as resolveTenantFromWebhookLink,b as resolveTenantIdFromWebhookLink,P as setWebhookTenantLink,R as setupCorsair,A as toExpressHandler,_ as toExternalId,v as toHonoHandler,$ as toNextJsHandler};
+import{a as N,b as j}from"./chunk-XLNT2UI2.js";import{$ as b,$a as F,A as y,B as h,C as k,D as x,M as P,Ma as I,Na as O,Oa as R,Pa as T,Qa as A,Ua as l,Va as c,Wa as d,Xa as m,Za as L,_a as W,ab as v,bb as E,cb as _,db as $,hb as M,ib as D,jb as g,ka as S,kb as H,ra as w}from"./chunk-LWFKRPBU.js";import"./chunk-NZS35HPL.js";import"./chunk-IGGCNGU2.js";import"./chunk-QAIKSQAD.js";function s(n){let t=n[g];if(!t)throw new Error("listOperations / getSchema: invalid corsair instance. Pass the value returned by createCorsair() or corsair.withTenant().");return t.plugins}function B(n,t){let r=c(s(n),t);return typeof r=="string"?r:Array.isArray(r)?r.join(`
+`):Object.values(r).flat().join(`
+`)}function J(n,t){return d(s(n),t)}function q(n,t){return l(s(n),t)}var Y=Symbol.for("corsair:internal");function z(n,t){let r=n;for(let e of t){if(!r||typeof r!="object")return null;r=r[e]}return typeof r=="function"?r:null}function C(n){return n[Y]?.database}async function G(n,t){let r=new Date().toISOString(),e=await n.permissions.find_by_token(t);if(!e)return console.error("executePermission: no permission found for token."),{error:"executePermission: no permission found for token."};if(e.status!=="approved")return console.error(`executePermission: permission '${e.id}' is '${e.status}', expected 'approved'.`),{endpoint:e.endpoint,plugin:e.plugin,result:null,error:`executePermission: permission '${e.id}' is '${e.status}', expected 'approved'.`};if(e.expires_at<r){let o=C(n);return o&&await o.db.updateTable("corsair_permissions").set({status:"expired",updated_at:new Date}).where("id","=",e.id).execute(),console.error(`executePermission: permission '${e.id}' has expired.`),{error:`executePermission: permission '${e.id}' has expired.`,endpoint:e.endpoint,plugin:e.plugin,result:null}}let f=e.tenant_id??"default",a=(n.withTenant?n.withTenant(f):n)[e.plugin];if(!a?.api)return console.error(`executePermission: plugin '${e.plugin}' not found or has no API on this corsair instance.`),{error:`executePermission: plugin '${e.plugin}' not found or has no API on this corsair instance.`,plugin:e.plugin,endpoint:e.endpoint,result:null};let p=z(a.api,e.endpoint.split("."));if(!p)return console.error(`executePermission: endpoint '${e.endpoint}' not found in plugin '${e.plugin}'.`),{endpoint:e.endpoint,plugin:e.plugin,result:null,error:`executePermission: endpoint '${e.endpoint}' not found in plugin '${e.plugin}'.`};await n.permissions.set_executing(e.id);try{let o=typeof e.args=="string"?JSON.parse(e.args):e.args,i=await p(o);return await n.permissions.set_completed(e.id),{plugin:e.plugin,endpoint:e.endpoint,result:i}}catch(o){let i=o instanceof Error?o.message:String(o),u=C(n);return u&&await u.db.updateTable("corsair_permissions").set({status:"failed",error:i,updated_at:new Date}).where("id","=",e.id).execute(),{plugin:e.plugin,endpoint:e.endpoint,result:null,error:i}}}export{w as AuthMissingError,N as CorsairClientError,_ as asRecord,F as collectPluginWebhookMatchers,H as createCorsair,j as createCorsairClient,D as decodePubSubData,G as executePermission,M as firstString,m as formatDocSchemaShape,v as getHeader,J as getSchema,q as getStructuredSchema,B as listOperations,O as managementHandler,L as matchWebhookPlugin,W as matchWebhookPluginAndTenant,S as processCorsair,b as processWebhook,$ as readBodyRecord,h as resolveAccountFromWebhookLink,I as resolveConnectLink,x as resolveTenantFromWebhookLink,k as resolveTenantIdFromWebhookLink,y as setWebhookTenantLink,P as setupCorsair,R as toExpressHandler,E as toExternalId,T as toHonoHandler,A as toNextJsHandler};

package/dist/oauth.d.ts

@@ -1,11 +1,14 @@
-import { O as OAuthConfig } from './index-Cs2O9Pmx.js';
+import { O as OAuthConfig } from './index-x-RG0TdQ.js';
 import 'zod';
 import './db.js';
 import 'kysely';
+import './index-ggMa1Rj6.js';
 import 'pg';
 import 'postgres';
 import './orm.js';
-import './types-C2vFipdU.js';
+import './constants-CE0V2QbI.js';
+import './types-BY2SDx3_.js';
+import './types-BswoTGV5.js';
 
 type OAuthState = {
     plugin: string;

package/dist/orm.d.ts

@@ -1,6 +1,7 @@
-import { CorsairEntity, CorsairAccount, CorsairEvent, CorsairIntegration, CorsairDatabase } from './db.js';
-export { CorsairAccountsSchema, CorsairEntitiesSchema, CorsairEventsSchema, CorsairIntegrationsSchema } from './db.js';
+import { c as CorsairEntity, C as CorsairAccount, d as CorsairEvent, b as CorsairIntegration } from './index-ggMa1Rj6.js';
+export { f as CorsairAccountsSchema, g as CorsairEntitiesSchema, h as CorsairEventsSchema, e as CorsairIntegrationsSchema } from './index-ggMa1Rj6.js';
 import { ZodTypeAny, z } from 'zod';
+import { CorsairDatabase } from './db.js';
 import 'kysely';
 import 'pg';
 import 'postgres';

package/dist/setup.d.ts

@@ -1,12 +1,15 @@
-import { a as CorsairInternalConfig } from './index-BOgiPWN6.js';
+import { a as CorsairInternalConfig } from './index-dta3YWl8.js';
 import { CorsairDatabase } from './db.js';
-import { C as CorsairPlugin, e as CorsairSingleTenantClient, d as CorsairTenantWrapper } from './index-Cs2O9Pmx.js';
-import './types-C2vFipdU.js';
+import { C as CorsairPlugin, e as CorsairSingleTenantClient, d as CorsairTenantWrapper } from './index-x-RG0TdQ.js';
+import './types-BY2SDx3_.js';
+import './constants-CE0V2QbI.js';
 import 'kysely';
+import './index-ggMa1Rj6.js';
 import 'zod';
 import 'pg';
 import 'postgres';
 import './orm.js';
+import './types-BswoTGV5.js';
 
 /** Plugin id → credential field → value (from CLI `field=value` pairs). */
 type SetupCredentials = Record<string, Record<string, string>>;

package/dist/{tenant-links-Cg8-Zu9C.d.ts → tenant-links-B7k-eaef.d.ts}

@@ -1,6 +1,7 @@
-import { A as AuthTypes } from './types-C2vFipdU.js';
-import { W as WebhookTenantMatch } from './index-Cs2O9Pmx.js';
-import { CorsairDatabase, CorsairAccount } from './db.js';
+import { A as AuthTypes } from './constants-CE0V2QbI.js';
+import { W as WebhookTenantMatch } from './index-x-RG0TdQ.js';
+import { C as CorsairAccount } from './index-ggMa1Rj6.js';
+import { CorsairDatabase } from './db.js';
 
 type WebhookTenantLink = WebhookTenantMatch;
 declare function setWebhookTenantLink(options: {

package/dist/{tenant-match-utils-CHQomRrU.d.ts → tenant-match-utils-DhF58Vo8.d.ts}

@@ -1,5 +1,5 @@
-import { D as EndpointRiskLevel, C as CorsairPlugin, Y as CorsairWebhookMatcher, Z as CorsairWebhookTenantMatcher, _ as RawWebhookRequest, W as WebhookTenantMatch } from './index-Cs2O9Pmx.js';
-import { f as AllProviders } from './types-C2vFipdU.js';
+import { D as EndpointRiskLevel, C as CorsairPlugin, Y as CorsairWebhookMatcher, Z as CorsairWebhookTenantMatcher, _ as RawWebhookRequest, W as WebhookTenantMatch } from './index-x-RG0TdQ.js';
+import { a as AllProviders } from './constants-CE0V2QbI.js';
 
 /**
  * Error thrown when a plugin endpoint is called but the required auth credentials

package/dist/tests.d.ts

@@ -1,6 +1,7 @@
 import * as kysely from 'kysely';
 import { Kysely } from 'kysely';
 import { CorsairKyselyDatabase, CorsairDatabase } from './db.js';
+import './index-ggMa1Rj6.js';
 import 'zod';
 import 'pg';
 import 'postgres';

package/dist/tunnel.d.ts

@@ -1,15 +1,18 @@
 import { B as BrowserDeliveryPayload } from './index-LpuBJQ1m.js';
 export { O as OAuthCallbackTunnelPayload, b as OAuthTokensTunnelPayload, P as ProcessCorsairOptions, c as ProcessCorsairRequest, T as TunnelAck, d as TunnelEnvelope, e as TunnelType, W as WebhookTunnelPayload, a as applyPermissionDecision, p as processCorsair } from './index-LpuBJQ1m.js';
-export { r as resolveAccountFromWebhookLink, a as resolveTenantFromWebhookLink, b as resolveTenantIdFromWebhookLink, s as setWebhookTenantLink } from './tenant-links-Cg8-Zu9C.js';
+export { r as resolveAccountFromWebhookLink, a as resolveTenantFromWebhookLink, b as resolveTenantIdFromWebhookLink, s as setWebhookTenantLink } from './tenant-links-B7k-eaef.js';
 export { v as verifyBrowserDeliveryToken } from './browser-delivery-CvBUoA96.js';
-import './types-C2vFipdU.js';
-import './index-Cs2O9Pmx.js';
+import './constants-CE0V2QbI.js';
+import './index-x-RG0TdQ.js';
 import 'zod';
 import './db.js';
 import 'kysely';
+import './index-ggMa1Rj6.js';
 import 'pg';
 import 'postgres';
 import './orm.js';
+import './types-BY2SDx3_.js';
+import './types-BswoTGV5.js';
 
 declare function isConnectStatusBrowserDelivery(payload: BrowserDeliveryPayload): boolean;
 declare function isAuthCredentialsBrowserDelivery(payload: BrowserDeliveryPayload): boolean;

package/dist/{types-C2vFipdU.d.ts → types-BY2SDx3_.d.ts}

@@ -1,74 +1,4 @@
-type AllErrors = 'RATE_LIMIT_ERROR' | 'AUTH_ERROR' | 'PERMISSION_ERROR' | 'NETWORK_ERROR' | 'TIMEOUT_ERROR' | 'SERVER_ERROR' | 'VALIDATION_ERROR' | 'NOT_FOUND_ERROR' | 'BAD_REQUEST_ERROR' | 'PARSING_ERROR' | 'DEFAULT' | (string & {});
-declare const BaseProviders: readonly ["ahrefs", "airtable", "amplitude", "asana", "bitwarden", "bluesky", "box", "cal", "calendly", "cloudflare", "cursor", "discord", "dodopayments", "dropbox", "exa", "figma", "firecrawl", "fireflies", "github", "gitlab", "gmail", "googlecalendar", "googledrive", "googlesheets", "grafana", "hackernews", "hubspot", "intercom", "jira", "linear", "monday", "notion", "onedrive", "openweathermap", "oura", "outlook", "pagerduty", "posthog", "razorpay", "reddit", "resend", "sentry", "sharepoint", "slack", "spotify", "strava", "stripe", "tally", "tavily", "teams", "telegram", "todoist", "trello", "twilio", "twitter", "twitterapiio", "typeform", "vapi", "xquik", "youtube", "zendesk", "zohomail", "zoom"];
-declare const ProviderDisplayNames: {
-    readonly ahrefs: "Ahrefs";
-    readonly airtable: "Airtable";
-    readonly amplitude: "Amplitude";
-    readonly asana: "Asana";
-    readonly bitwarden: "Bitwarden";
-    readonly bluesky: "Bluesky";
-    readonly box: "Box";
-    readonly cal: "Cal";
-    readonly calendly: "Calendly";
-    readonly cloudflare: "Cloudflare";
-    readonly cursor: "Cursor";
-    readonly discord: "Discord";
-    readonly dodopayments: "Dodo Payments";
-    readonly dropbox: "Dropbox";
-    readonly exa: "Exa";
-    readonly figma: "Figma";
-    readonly firecrawl: "Firecrawl";
-    readonly fireflies: "Fireflies";
-    readonly github: "GitHub";
-    readonly gitlab: "GitLab";
-    readonly gmail: "Gmail";
-    readonly googlecalendar: "Google Calendar";
-    readonly googledrive: "Google Drive";
-    readonly googlesheets: "Google Sheets";
-    readonly grafana: "Grafana";
-    readonly hackernews: "Hacker News";
-    readonly hubspot: "HubSpot";
-    readonly intercom: "Intercom";
-    readonly jira: "Jira";
-    readonly linear: "Linear";
-    readonly monday: "Monday";
-    readonly notion: "Notion";
-    readonly onedrive: "OneDrive";
-    readonly openweathermap: "OpenWeatherMap";
-    readonly oura: "Oura";
-    readonly outlook: "Outlook";
-    readonly pagerduty: "PagerDuty";
-    readonly posthog: "PostHog";
-    readonly razorpay: "Razorpay";
-    readonly reddit: "Reddit";
-    readonly resend: "Resend";
-    readonly sentry: "Sentry";
-    readonly sharepoint: "SharePoint";
-    readonly slack: "Slack";
-    readonly spotify: "Spotify";
-    readonly strava: "Strava";
-    readonly stripe: "Stripe";
-    readonly tally: "Tally";
-    readonly tavily: "Tavily";
-    readonly teams: "Teams";
-    readonly telegram: "Telegram";
-    readonly todoist: "Todoist";
-    readonly trello: "Trello";
-    readonly twilio: "Twilio";
-    readonly twitter: "Twitter";
-    readonly twitterapiio: "Twitter API IO";
-    readonly typeform: "Typeform";
-    readonly vapi: "Vapi";
-    readonly xquik: "XQuik";
-    readonly youtube: "YouTube";
-    readonly zendesk: "Zendesk";
-    readonly zohomail: "Zoho Mail";
-    readonly zoom: "Zoom";
-};
-declare function formatProviderDisplayName(plugin: string): string;
-type AllProviders = 'ahrefs' | 'airtable' | 'amplitude' | 'asana' | 'bitwarden' | 'bluesky' | 'box' | 'cal' | 'calendly' | 'cloudflare' | 'cursor' | 'discord' | 'dodopayments' | 'dropbox' | 'exa' | 'figma' | 'firecrawl' | 'fireflies' | 'github' | 'gitlab' | 'gmail' | 'googlecalendar' | 'googledrive' | 'googlesheets' | 'grafana' | 'hackernews' | 'hubspot' | 'intercom' | 'jira' | 'linear' | 'monday' | 'notion' | 'onedrive' | 'openweathermap' | 'oura' | 'outlook' | 'pagerduty' | 'posthog' | 'razorpay' | 'reddit' | 'resend' | 'sentry' | 'sharepoint' | 'slack' | 'spotify' | 'strava' | 'stripe' | 'tally' | 'tavily' | 'teams' | 'telegram' | 'todoist' | 'trello' | 'twilio' | 'twitter' | 'twitterapiio' | 'typeform' | 'vapi' | 'xquik' | 'youtube' | 'zendesk' | 'zohomail' | 'zoom' | (string & {});
-type AuthTypes = 'oauth_2' | 'api_key' | 'bot_token' | 'managed';
-type PickAuth<T extends AuthTypes> = T;
+import { A as AuthTypes } from './constants-CE0V2QbI.js';
 
 type HubConnectSource = 'client' | 'server';
 type HubOAuthMode = 'byo' | 'managed';
@@ -251,4 +181,4 @@ type AccountKeyManagerFor<T extends AuthTypes, Config extends PluginAuthConfig |
     get_integration_credentials: () => Promise<OAuth2IntegrationCredentials>;
 } : {});
 
-export { type AuthTypes as A, type BaseAuthFieldConfig as B, DEFAULT_HUB_API_URL as D, type HubConfig as H, type IntegrationKeyManagerFor as I, type OAuth2IntegrationCredentials as O, type PluginAuthConfig as P, type UnionToIntersection as U, type AccountKeyManagerFor as a, type AccountFieldNames as b, type BaseKeyManager as c, type IntegrationFieldNames as d, BASE_AUTH_FIELDS as e, type AllProviders as f, BaseProviders as g, type PickAuth as h, formatProviderDisplayName as i, ProviderDisplayNames as j, type Bivariant as k, type AllErrors as l, type HubConfigInput as m, type HubOAuthMode as n, type HubConnectSessionResult as o, type HubPermissionSessionResult as p, type HubConnectSource as q, type HubConnectSessionInput as r, type HubPermissionSessionInput as s };
+export { type AccountKeyManagerFor as A, type BaseAuthFieldConfig as B, DEFAULT_HUB_API_URL as D, type HubConfig as H, type IntegrationKeyManagerFor as I, type OAuth2IntegrationCredentials as O, type PluginAuthConfig as P, type UnionToIntersection as U, type AccountFieldNames as a, type BaseKeyManager as b, type IntegrationFieldNames as c, BASE_AUTH_FIELDS as d, type Bivariant as e, type HubConfigInput as f, type HubOAuthMode as g, type HubConnectSessionResult as h, type HubPermissionSessionResult as i, type HubConnectSource as j, type HubConnectSessionInput as k, type HubPermissionSessionInput as l };

package/dist/types-BswoTGV5.d.ts

@@ -0,0 +1,71 @@
+import { a as CorsairPermission } from './index-ggMa1Rj6.js';
+import { A as AuthTypes } from './constants-CE0V2QbI.js';
+
+type Tenant = {
+    id: string;
+    accounts: Array<{
+        integrationName: string;
+        hasCredentials: boolean;
+    }>;
+    connectedPlugins: string[];
+};
+type CreateTenantInput = {
+    id: string;
+};
+type PluginInfo = {
+    id: string;
+    authType: AuthTypes | null;
+    configured: boolean;
+    missingFields: string[];
+    oauth: {
+        providerName: string;
+        scopes: string[];
+        requiresRegisteredRedirect: boolean;
+    } | null;
+};
+type PluginConnectionState = 'connected' | 'missing_credentials' | 'not_connected';
+type ConnectionStatus = Record<string, PluginConnectionState>;
+type ManagementOk = {
+    ok: true;
+};
+type PermissionRecord = CorsairPermission & {
+    /** Resolved review URL for pending/approved records. Null when not actionable or not configured. */
+    approvalUrl: string | null;
+};
+type PermissionLookupInput = {
+    id: string;
+} | {
+    token: string;
+};
+type CreateConnectLinkInput = {
+    /** Required in manual mode. Optional in hub mode (omit to connect all plugins). */
+    plugin?: string;
+    tenantId?: string;
+    /** Hub mode only — BYO uses your OAuth app; managed uses Corsair's. */
+    oauthMode?: 'byo' | 'managed';
+    /** Hub mode only — inferred from deliveryUrl when omitted. */
+    source?: 'client' | 'server';
+    /** Hub mode only — override the provider display name. */
+    providerName?: string;
+};
+type ConnectLink = {
+    connectUrl: string;
+    expiresAt?: string;
+};
+type ResolvedConnectLink = {
+    plugin: string;
+    tenantId: string;
+    providerName: string;
+    oauthUrl: string;
+    state: string;
+};
+type OAuthCallbackInput = {
+    code: string;
+    state: string;
+};
+type OAuthCallbackResult = {
+    plugin: string;
+    tenantId: string;
+};
+
+export type { CreateTenantInput as C, ManagementOk as M, OAuthCallbackResult as O, PluginInfo as P, ResolvedConnectLink as R, Tenant as T, ConnectionStatus as a, PermissionRecord as b, ConnectLink as c, CreateConnectLinkInput as d, OAuthCallbackInput as e, PermissionLookupInput as f, PluginConnectionState as g };

package/dist/types-DoUHxHNl.d.ts

@@ -0,0 +1,41 @@
+import { M as ManagementOk, T as Tenant, C as CreateTenantInput, P as PluginInfo, a as ConnectionStatus, f as PermissionLookupInput, b as PermissionRecord, d as CreateConnectLinkInput, c as ConnectLink, R as ResolvedConnectLink, e as OAuthCallbackInput, O as OAuthCallbackResult } from './types-BswoTGV5.js';
+
+type CorsairClientOptions = {
+    /** Origin + base path of the mounted handler, e.g. 'https://api.example.com/api/corsair'. */
+    baseURL: string;
+    /** Optional fetch override. Defaults to globalThis.fetch. */
+    fetch?: typeof fetch;
+};
+type CorsairManagementClient = {
+    ok: () => Promise<ManagementOk>;
+    tenants: {
+        list: () => Promise<Tenant[]>;
+        create: (input: CreateTenantInput) => Promise<Tenant>;
+        get: (id: string) => Promise<Tenant>;
+    };
+    plugins: {
+        list: () => Promise<PluginInfo[]>;
+        get: (id: string) => Promise<PluginInfo>;
+    };
+    connectionStatus: {
+        get: (query?: {
+            tenantId?: string;
+        }) => Promise<ConnectionStatus>;
+    };
+    permissions: {
+        get: (input: PermissionLookupInput) => Promise<PermissionRecord>;
+    };
+    connect: {
+        createLink: (input: CreateConnectLinkInput) => Promise<ConnectLink>;
+        resolve: (state: string) => Promise<ResolvedConnectLink>;
+        oauthCallback: (input: OAuthCallbackInput) => Promise<OAuthCallbackResult>;
+    };
+};
+declare class CorsairClientError extends Error {
+    readonly status: number;
+    readonly code: string;
+    readonly extra: Record<string, unknown>;
+    constructor(status: number, code: string, message: string, extra?: Record<string, unknown>);
+}
+
+export { type CorsairClientOptions as C, type CorsairManagementClient as a, CorsairClientError as b };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "corsair",
-  "version": "0.1.88",
+  "version": "0.1.89",
   "description": "",
   "type": "module",
   "main": "./dist/index.js",