dominus-sdk-nodejs 3.0.1 → 3.0.3

package/dist/namespaces/authority.js

@@ -0,0 +1,975 @@
+/**
+ * Authority Namespace - Dominus Authority service surface.
+ *
+ * This namespace (`dominus.authority.*`) is the canonical SDK entry point
+ * for the dominus-authority service. Public scope vocabulary is `appSlug` /
+ * `env` / `targetOrgId` / `targetAppSlug` / `targetEnv` with shared/storage
+ * helpers renamed to match the same cutover.
+ *
+ * All methods route through the gateway (`useGateway: true`) which maps
+ * `/api/authority/*` -> `/svc/authority/*` upstream to dominus-authority.
+ *
+ * Run launch is intentionally also exposed as `dominus.workflow.ensure(...)`.
+ * Both call `/api/authority/runs/ensure`. Use `dominus.workflow.ensure` from
+ * application code for the canonical "launch a saved workflow" path; use
+ * `dominus.authority.ensureRun` when you want to think in Authority terms
+ * (run lifecycle, run dossiers, retries, cancels).
+ */
+// ========================================
+// Helpers
+// ========================================
+function normalizeRunKindToken(raw) {
+    return (raw ?? '').trim().toLowerCase().replace(/\./g, '_').replace(/-/g, '_');
+}
+function isCompanyBootstrapRunKind(runKind) {
+    return normalizeRunKindToken(runKind) === 'company_bootstrap';
+}
+function compactObject(input) {
+    const out = {};
+    for (const [k, v] of Object.entries(input)) {
+        if (v === undefined || v === null)
+            continue;
+        if (typeof v === 'string' && v === '')
+            continue;
+        out[k] = v;
+    }
+    return out;
+}
+function buildQueryString(params) {
+    const search = new URLSearchParams();
+    for (const [k, v] of Object.entries(params)) {
+        if (v === undefined || v === null)
+            continue;
+        if (typeof v === 'string' && v === '')
+            continue;
+        search.set(k, String(v));
+    }
+    const qs = search.toString();
+    return qs ? `?${qs}` : '';
+}
+/**
+ * Omit redundant target_project_id / target_environment on Authority GETs when they
+ * duplicate selected-scope gateway org/env (parity with Python AuthorityNamespace._target_query_params).
+ */
+function targetQueryParams(client, targetOrgId, targetEnv) {
+    const c = client;
+    const gw = c.getSelectedScopeGateway?.();
+    if (!gw) {
+        return { targetOrgId, targetEnv };
+    }
+    let tid = targetOrgId;
+    let tev = targetEnv;
+    if (tid !== undefined && tid !== null && String(tid) === String(gw.orgId)) {
+        tid = undefined;
+    }
+    if (tev !== undefined && tev !== null && String(tev) === String(gw.env)) {
+        tev = undefined;
+    }
+    return { targetOrgId: tid, targetEnv: tev };
+}
+function withInitiator(opts) {
+    const out = {};
+    if (opts.initiatorType)
+        out.initiator_type = opts.initiatorType;
+    if (opts.initiatorId)
+        out.initiator_id = opts.initiatorId;
+    if (opts.idempotencyKey)
+        out.idempotency_key = opts.idempotencyKey;
+    return out;
+}
+function withScope(opts) {
+    const out = {};
+    if (opts.appSlug)
+        out.project_slug = opts.appSlug;
+    if (opts.env)
+        out.environment = opts.env;
+    if (opts.targetOrgId)
+        out.target_project_id = opts.targetOrgId;
+    if (opts.targetAppSlug)
+        out.target_project_slug = opts.targetAppSlug;
+    if (opts.targetEnv)
+        out.target_environment = opts.targetEnv;
+    if (opts.sharedAppSlug)
+        out.shared_project_slug = opts.sharedAppSlug;
+    return out;
+}
+// ========================================
+// Namespace
+// ========================================
+export class AuthorityNamespace {
+    client;
+    constructor(client) {
+        this.client = client;
+    }
+    // ----- Runs -----
+    /**
+     * Ensure (and optionally launch) an Authority-backed workflow run.
+     *
+     * Calls `POST /api/authority/runs/ensure`.
+     *
+     * For company bootstrap, pass `runKind: "company.bootstrap"` (or `company_bootstrap`) plus
+     * `company`, `companySlug`, or `slug`. Optional bootstrap fields (`executionMode`, `region`, …)
+     * map to the same body as `POST /api/authority/companies/{company}/bootstrap`.
+     */
+    async ensureRun(options) {
+        const bootstrap = isCompanyBootstrapRunKind(options.runKind);
+        if (!bootstrap && !options.workflowId && !options.workflowRef) {
+            throw new Error('ensureRun requires workflowId or workflowRef unless runKind is company.bootstrap / company_bootstrap');
+        }
+        if (bootstrap) {
+            const co = `${options.companySlug || options.slug || options.company || ''}`.trim();
+            if (!co) {
+                throw new Error('ensureRun with runKind company.bootstrap requires company, companySlug, or slug');
+            }
+        }
+        if (options.mode === 'streaming') {
+            throw new Error('Authority runs do not support streaming mode; use blocking, async, or ensure_only');
+        }
+        const initiator = withInitiator(options);
+        const scope = withScope(options);
+        if (bootstrap) {
+            const body = compactObject({
+                run_kind: options.runKind,
+                workflow_id: options.workflowId,
+                workflow_ref: options.workflowRef,
+                instance_id: options.instanceId,
+                instance_key: options.instanceKey,
+                group: options.group,
+                owner: options.owner,
+                subject: options.subject,
+                company: options.company,
+                company_slug: options.companySlug,
+                slug: options.slug,
+                bindings: options.bindings,
+                inputs: options.inputs,
+                context: options.context,
+                execution_mode: options.executionMode,
+                region: options.region,
+                system: options.system,
+                github_mode: options.githubMode,
+                overwrite_existing: options.overwriteExisting,
+                owner_email: options.ownerEmail,
+                include: options.include,
+                metadata: options.metadata,
+                display_name: options.displayName,
+                description: options.description,
+                ...initiator,
+                ...scope,
+            });
+            return this.client.request({
+                endpoint: '/api/authority/runs/ensure',
+                method: 'POST',
+                body,
+                useGateway: true,
+            });
+        }
+        const body = compactObject({
+            workflow_id: options.workflowId,
+            workflow_ref: options.workflowRef,
+            instance_id: options.instanceId,
+            instance_key: options.instanceKey,
+            group: options.group,
+            owner: options.owner,
+            subject: options.subject,
+            company: options.company,
+            mode: options.mode ?? 'async',
+            bindings: options.bindings,
+            inputs: options.inputs,
+            context: options.context,
+            ...initiator,
+            ...scope,
+        });
+        return this.client.request({
+            endpoint: '/api/authority/runs/ensure',
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+    /**
+     * Get an Authority-backed run by id.
+     *
+     * Calls `GET /api/authority/runs/{run_id}`.
+     */
+    async getRun(runId) {
+        return this.client.request({
+            endpoint: `/api/authority/runs/${encodeURIComponent(runId)}`,
+            method: 'GET',
+            useGateway: true,
+        });
+    }
+    /**
+     * List Authority-backed runs, optionally filtered by workflow / status / group / owner.
+     *
+     * Calls `GET /api/authority/runs`.
+     */
+    async listRuns(options = {}) {
+        const t = targetQueryParams(this.client, options.targetOrgId, options.targetEnv);
+        const qs = buildQueryString({
+            workflow_id: options.workflowId,
+            status: options.status,
+            group: options.group,
+            owner: options.owner,
+            target_project_id: t.targetOrgId,
+            target_environment: t.targetEnv,
+            project_slug: options.appSlug,
+            environment: options.env,
+            limit: options.limit ?? 50,
+            offset: options.offset ?? 0,
+        });
+        return this.client.request({
+            endpoint: `/api/authority/runs${qs}`,
+            method: 'GET',
+            useGateway: true,
+        });
+    }
+    /**
+     * Cancel a running Authority-backed run.
+     *
+     * Calls `POST /api/authority/runs/{run_id}/cancel`.
+     */
+    async cancelRun(runId, options = {}) {
+        const body = compactObject({
+            reason: options.reason,
+            mode: options.mode,
+            execution_mode: options.executionMode,
+            company: options.company,
+            subject: options.subject,
+            metadata: options.metadata,
+            ...withInitiator(options),
+            ...withScope(options),
+        });
+        return this.client.request({
+            endpoint: `/api/authority/runs/${encodeURIComponent(runId)}/cancel`,
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+    /**
+     * Retry a failed or finished Authority-backed run.
+     *
+     * Calls `POST /api/authority/runs/{run_id}/retry`.
+     */
+    async retryRun(runId, options = {}) {
+        const body = compactObject({
+            reason: options.reason,
+            mode: options.mode,
+            trigger_artifact: options.triggerArtifact,
+            company: options.company,
+            subject: options.subject,
+            branch: options.branch,
+            sha: options.sha,
+            service_type: options.serviceType,
+            metadata: options.metadata,
+            ...withInitiator(options),
+            ...withScope(options),
+        });
+        return this.client.request({
+            endpoint: `/api/authority/runs/${encodeURIComponent(runId)}/retry`,
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+    /**
+     * Nudge an Authority-backed run (kick a wake/poll cycle).
+     *
+     * Calls `POST /api/authority/runs/{run_id}/nudge`.
+     */
+    async nudgeRun(runId, options = {}) {
+        const body = compactObject({
+            reason: options.reason,
+            mode: options.mode,
+            trigger_artifact: options.triggerArtifact,
+            company: options.company,
+            subject: options.subject,
+            metadata: options.metadata,
+            ...withInitiator(options),
+            ...withScope(options),
+        });
+        return this.client.request({
+            endpoint: `/api/authority/runs/${encodeURIComponent(runId)}/nudge`,
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+    /**
+     * Get the timeline of state transitions for an Authority-backed run.
+     *
+     * Calls `GET /api/authority/runs/{run_id}/timeline`.
+     */
+    async getRunTimeline(runId) {
+        return this.client.request({
+            endpoint: `/api/authority/runs/${encodeURIComponent(runId)}/timeline`,
+            method: 'GET',
+            useGateway: true,
+        });
+    }
+    /**
+     * Get the full Authority dossier for a run (state + timeline + artifacts + child runs).
+     *
+     * Calls `GET /api/authority/dossiers/run/{run_id}`.
+     */
+    async getRunDossier(runId) {
+        return this.client.request({
+            endpoint: `/api/authority/dossiers/run/${encodeURIComponent(runId)}`,
+            method: 'GET',
+            useGateway: true,
+        });
+    }
+    // ----- Workflows (publication / bindings) -----
+    /**
+     * Publish a workflow definition into the Authority workflow registry.
+     *
+     * Calls `POST /api/authority/workflows/publish`.
+     */
+    async publishWorkflow(options) {
+        if (!options.workflowRef) {
+            throw new Error('publishWorkflow requires workflowRef');
+        }
+        const body = compactObject({
+            workflow_ref: options.workflowRef,
+            workflow_id: options.workflowId,
+            version: options.version,
+            status: options.status,
+            pinned: options.pinned,
+            bindings: options.bindings,
+            metadata: options.metadata,
+            ...withInitiator(options),
+            ...withScope(options),
+        });
+        return this.client.request({
+            endpoint: '/api/authority/workflows/publish',
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+    /**
+     * List Authority workflow bindings.
+     *
+     * Calls `GET /api/authority/workflow-bindings`.
+     */
+    async listBindings(options = {}) {
+        const t = targetQueryParams(this.client, options.targetOrgId, options.targetEnv);
+        const qs = buildQueryString({
+            workflow_ref: options.workflowRef,
+            workflow_id: options.workflowId,
+            status: options.status,
+            project_slug: options.appSlug,
+            environment: options.env,
+            target_project_id: t.targetOrgId,
+            target_environment: t.targetEnv,
+            limit: options.limit ?? 50,
+            offset: options.offset ?? 0,
+        });
+        return this.client.request({
+            endpoint: `/api/authority/workflow-bindings${qs}`,
+            method: 'GET',
+            useGateway: true,
+        });
+    }
+    /**
+     * List Authority workflow publications.
+     *
+     * Calls `GET /api/authority/workflow-publications`.
+     */
+    async listPublications(options = {}) {
+        const t = targetQueryParams(this.client, options.targetOrgId, options.targetEnv);
+        const qs = buildQueryString({
+            workflow_ref: options.workflowRef,
+            status: options.status,
+            project_slug: options.appSlug,
+            environment: options.env,
+            target_project_id: t.targetOrgId,
+            target_environment: t.targetEnv,
+            limit: options.limit ?? 50,
+            offset: options.offset ?? 0,
+        });
+        return this.client.request({
+            endpoint: `/api/authority/workflow-publications${qs}`,
+            method: 'GET',
+            useGateway: true,
+        });
+    }
+    // ----- Companies -----
+    /**
+     * Create a new company under Authority scope.
+     *
+     * Calls `POST /api/authority/companies`.
+     */
+    async createCompany(options) {
+        if (!options.companySlug) {
+            throw new Error('createCompany requires companySlug');
+        }
+        const body = compactObject({
+            company_slug: options.companySlug,
+            display_name: options.displayName,
+            description: options.description,
+            bootstrap_status: options.bootstrapStatus,
+            bootstrap_run_id: options.bootstrapRunId,
+            metadata: options.metadata,
+            ...withInitiator(options),
+            ...withScope(options),
+        });
+        return this.client.request({
+            endpoint: '/api/authority/companies',
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+    /**
+     * Get an Authority company by slug.
+     *
+     * Calls `GET /api/authority/companies/{company}`.
+     */
+    async getCompany(companySlug, options = {}) {
+        const t = targetQueryParams(this.client, options.targetOrgId, options.targetEnv);
+        const qs = buildQueryString({
+            project_slug: options.appSlug,
+            environment: options.env,
+            target_project_id: t.targetOrgId,
+            target_environment: t.targetEnv,
+        });
+        return this.client.request({
+            endpoint: `/api/authority/companies/${encodeURIComponent(companySlug)}${qs}`,
+            method: 'GET',
+            useGateway: true,
+        });
+    }
+    /**
+     * List Authority companies.
+     *
+     * Calls `GET /api/authority/companies`.
+     */
+    async listCompanies(options = {}) {
+        const t = targetQueryParams(this.client, options.targetOrgId, options.targetEnv);
+        const qs = buildQueryString({
+            project_slug: options.appSlug,
+            environment: options.env,
+            target_project_id: t.targetOrgId,
+            target_environment: t.targetEnv,
+            status: options.status,
+            limit: options.limit ?? 100,
+            offset: options.offset ?? 0,
+        });
+        return this.client.request({
+            endpoint: `/api/authority/companies${qs}`,
+            method: 'GET',
+            useGateway: true,
+        });
+    }
+    /**
+     * Trigger or replay the bootstrap workflow for a company.
+     *
+     * Calls `POST /api/authority/companies/{company}/bootstrap`.
+     */
+    async bootstrapCompany(companySlug, options = {}) {
+        const body = compactObject({
+            action: options.action,
+            run_id: options.runId,
+            reason: options.reason,
+            shared_project_slug: options.sharedAppSlug,
+            region: options.region,
+            system: options.system,
+            github_mode: options.githubMode,
+            overwrite_existing: options.overwriteExisting,
+            owner_email: options.ownerEmail,
+            execution_mode: options.executionMode,
+            include: options.include,
+            rollback_include: options.rollbackInclude,
+            delete_repo: options.deleteRepo,
+            metadata: options.metadata,
+            display_name: options.displayName,
+            description: options.description,
+            ...withInitiator(options),
+            ...withScope(options),
+        });
+        return this.client.request({
+            endpoint: `/api/authority/companies/${encodeURIComponent(companySlug)}/bootstrap`,
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+    /**
+     * Get the bootstrap state / steps for a company.
+     *
+     * Calls `GET /api/authority/companies/{company}/bootstrap`.
+     * Query string matches Python: no `target_project_id` / `target_environment`.
+     */
+    async getCompanyBootstrap(companySlug, options = {}) {
+        const qs = buildQueryString({
+            project_slug: options.appSlug,
+            environment: options.env,
+            run_id: options.runId,
+        });
+        return this.client.request({
+            endpoint: `/api/authority/companies/${encodeURIComponent(companySlug)}/bootstrap${qs}`,
+            method: 'GET',
+            useGateway: true,
+        });
+    }
+    /**
+     * Get the full Authority dossier for a company.
+     *
+     * Calls `GET /api/authority/dossiers/company/{company}`.
+     */
+    async getCompanyDossier(companySlug, options = {}) {
+        const t = targetQueryParams(this.client, options.targetOrgId, options.targetEnv);
+        const qs = buildQueryString({
+            project_slug: options.appSlug,
+            environment: options.env,
+            target_project_id: t.targetOrgId,
+            target_environment: t.targetEnv,
+        });
+        return this.client.request({
+            endpoint: `/api/authority/dossiers/company/${encodeURIComponent(companySlug)}${qs}`,
+            method: 'GET',
+            useGateway: true,
+        });
+    }
+    // ----- Deploys -----
+    /**
+     * Register a new deploy in Authority.
+     *
+     * Calls `POST /api/authority/deploys/registrations`.
+     */
+    async registerDeploy(options) {
+        if (!options.repoFullName) {
+            throw new Error('registerDeploy requires repoFullName');
+        }
+        const body = compactObject({
+            deploy_id: options.deployId,
+            repo_full_name: options.repoFullName,
+            branch: options.branch,
+            sha: options.sha,
+            service_type: options.serviceType,
+            company: options.company,
+            subject: options.subject,
+            metadata: options.metadata,
+            ...withInitiator(options),
+            ...withScope(options),
+        });
+        return this.client.request({
+            endpoint: '/api/authority/deploys/registrations',
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+    /**
+     * Get a deploy by id.
+     *
+     * Calls `GET /api/authority/deploys/{deploy_id}`.
+     */
+    async getDeploy(deployId) {
+        return this.client.request({
+            endpoint: `/api/authority/deploys/${encodeURIComponent(deployId)}`,
+            method: 'GET',
+            useGateway: true,
+        });
+    }
+    /**
+     * List deploys with optional filters.
+     *
+     * Calls `GET /api/authority/deploys`.
+     */
+    async listDeploys(options = {}) {
+        const t = targetQueryParams(this.client, options.targetOrgId, options.targetEnv);
+        const qs = buildQueryString({
+            project_slug: options.appSlug,
+            environment: options.env,
+            target_project_id: t.targetOrgId,
+            target_environment: t.targetEnv,
+            repo_full_name: options.repoFullName,
+            status: options.status,
+            limit: options.limit ?? 50,
+            offset: options.offset ?? 0,
+        });
+        return this.client.request({
+            endpoint: `/api/authority/deploys${qs}`,
+            method: 'GET',
+            useGateway: true,
+        });
+    }
+    /**
+     * Trigger a rollout for a previously registered deploy.
+     *
+     * Calls `POST /api/authority/deploys/{deploy_id}/rollouts`.
+     */
+    async rolloutDeploy(deployId, options = {}) {
+        const body = compactObject({
+            repo_full_name: options.repoFullName,
+            branch: options.branch,
+            sha: options.sha,
+            service_type: options.serviceType,
+            reason: options.reason,
+            company: options.company,
+            subject: options.subject,
+            metadata: options.metadata,
+            force: options.force,
+            allow_duplicate_sha: options.allowDuplicateSha,
+            ...withInitiator(options),
+            ...withScope(options),
+        });
+        return this.client.request({
+            endpoint: `/api/authority/deploys/${encodeURIComponent(deployId)}/rollouts`,
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+    /**
+     * Get the full Authority dossier for a deploy.
+     *
+     * Calls `GET /api/authority/dossiers/deploy/{deploy_id}`.
+     *
+     * Note: this endpoint mirrors the MCP `authority_get_deploy_dossier` tool.
+     * If the dossier route is not yet enabled in dominus-authority, the gateway
+     * will return 404 — the SDK surface is intentionally aligned with MCP.
+     */
+    async getDeployDossier(deployId) {
+        return this.client.request({
+            endpoint: `/api/authority/dossiers/deploy/${encodeURIComponent(deployId)}`,
+            method: 'GET',
+            useGateway: true,
+        });
+    }
+    // ----- Managed clients -----
+    /**
+     * Create a managed client class (e.g. "envoy", "scribe").
+     *
+     * Calls `POST /api/authority/clients/classes`.
+     */
+    async createClientClass(options) {
+        if (!options.slug) {
+            throw new Error('createClientClass requires slug');
+        }
+        const body = compactObject({
+            slug: options.slug,
+            name: options.name,
+            description: options.description,
+            metadata: options.metadata,
+            ...withInitiator(options),
+            ...withScope(options),
+        });
+        return this.client.request({
+            endpoint: '/api/authority/clients/classes',
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+    /**
+     * Create a managed client variant under a class (channel/arch/runtime tuple).
+     *
+     * Calls `POST /api/authority/clients/variants`.
+     */
+    async createClientVariant(options) {
+        if (!options.classSlug)
+            throw new Error('createClientVariant requires classSlug');
+        if (!options.slug)
+            throw new Error('createClientVariant requires slug');
+        const body = compactObject({
+            class_slug: options.classSlug,
+            slug: options.slug,
+            name: options.name,
+            channel: options.channel,
+            architecture: options.architecture,
+            runtime_family: options.runtimeFamily,
+            installer_format: options.installerFormat,
+            status: options.status,
+            metadata: options.metadata,
+            ...withInitiator(options),
+            ...withScope(options),
+        });
+        return this.client.request({
+            endpoint: '/api/authority/clients/variants',
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+    /**
+     * Publish a new managed-client release for a variant.
+     *
+     * Calls `POST /api/authority/clients/releases`.
+     */
+    async publishClientRelease(options) {
+        if (!options.variantSlug)
+            throw new Error('publishClientRelease requires variantSlug');
+        if (!options.version)
+            throw new Error('publishClientRelease requires version');
+        const statusEff = (options.status ?? 'published').toString().trim().toLowerCase();
+        if (!options.manifestPath && statusEff !== 'proposed') {
+            throw new Error('publishClientRelease requires manifestPath unless status is proposed');
+        }
+        const body = compactObject({
+            variant_slug: options.variantSlug,
+            version: options.version,
+            status: options.status ?? 'published',
+            storage_project_slug: options.storageAppSlug,
+            storage_environment: options.storageEnv,
+            storage_category: options.storageCategory,
+            manifest_path: options.manifestPath ?? '',
+            bootstrapper_path: options.bootstrapperPath,
+            artifact_manifest_path: options.artifactManifestPath,
+            checksums: options.checksums,
+            metadata: options.metadata,
+            ...withInitiator(options),
+            ...withScope(options),
+        });
+        return this.client.request({
+            endpoint: '/api/authority/clients/releases',
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+    /**
+     * Get one managed-client release by id (includes variant_slug join).
+     *
+     * Calls `GET /api/authority/clients/releases/{release_id}`.
+     */
+    async getClientRelease(options) {
+        if (!options.releaseId)
+            throw new Error('getClientRelease requires releaseId');
+        const qs = buildQueryString({
+            project_slug: options.appSlug,
+            environment: options.env,
+        });
+        return this.client.request({
+            endpoint: `/api/authority/clients/releases/${encodeURIComponent(options.releaseId)}${qs}`,
+            method: 'GET',
+            useGateway: true,
+        });
+    }
+    /**
+     * Approve a proposed release (FSM: proposed → approved).
+     *
+     * Calls `POST /api/authority/clients/releases/{release_id}/approve`.
+     */
+    async approveClientRelease(options) {
+        if (!options.releaseId)
+            throw new Error('approveClientRelease requires releaseId');
+        const body = compactObject({
+            ...withInitiator(options),
+            ...withScope(options),
+        });
+        return this.client.request({
+            endpoint: `/api/authority/clients/releases/${encodeURIComponent(options.releaseId)}/approve`,
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+    /**
+     * Publish an approved release (FSM: approved → published), including gateway health handshake.
+     *
+     * Calls `POST /api/authority/clients/releases/{release_id}/publish`.
+     */
+    async publishApprovedClientRelease(options) {
+        if (!options.releaseId)
+            throw new Error('publishApprovedClientRelease requires releaseId');
+        const body = compactObject({
+            ...withInitiator(options),
+            ...withScope(options),
+        });
+        return this.client.request({
+            endpoint: `/api/authority/clients/releases/${encodeURIComponent(options.releaseId)}/publish`,
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+    /**
+     * Mark a published release as distributed (FSM: published → distributed).
+     *
+     * Calls `POST /api/authority/clients/releases/{release_id}/distribute`.
+     */
+    async distributeClientRelease(options) {
+        if (!options.releaseId)
+            throw new Error('distributeClientRelease requires releaseId');
+        const body = compactObject({
+            ...withInitiator(options),
+            ...withScope(options),
+        });
+        return this.client.request({
+            endpoint: `/api/authority/clients/releases/${encodeURIComponent(options.releaseId)}/distribute`,
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+    /**
+     * Create a one-shot bootstrap session that an installer can redeem.
+     *
+     * Calls `POST /api/authority/clients/bootstrap-sessions`.
+     */
+    async createClientBootstrapSession(options) {
+        if (!options.releaseId) {
+            throw new Error('createClientBootstrapSession requires releaseId');
+        }
+        const body = compactObject({
+            release_id: options.releaseId,
+            company: options.company,
+            subject: options.subject,
+            ttl_hours: options.ttlHours,
+            metadata: options.metadata,
+            ...withInitiator(options),
+            ...withScope(options),
+        });
+        return this.client.request({
+            endpoint: '/api/authority/clients/bootstrap-sessions',
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+    /**
+     * Get a managed client installation by id.
+     *
+     * Calls `GET /api/authority/clients/installations/{installation_id}`.
+     */
+    async getClientInstallation(installationId) {
+        return this.client.request({
+            endpoint: `/api/authority/clients/installations/${encodeURIComponent(installationId)}`,
+            method: 'GET',
+            useGateway: true,
+        });
+    }
+    /**
+     * List managed client installations.
+     *
+     * Calls `GET /api/authority/clients/installations`.
+     * Query string matches Python: no `target_project_id` / `target_environment` (scope is JWT + project_slug/env).
+     */
+    async listClientInstallations(options = {}) {
+        const qs = buildQueryString({
+            project_slug: options.appSlug,
+            environment: options.env,
+            status: options.status,
+            variant_slug: options.variantSlug,
+            company: options.company,
+            limit: options.limit,
+            offset: options.offset,
+        });
+        return this.client.request({
+            endpoint: `/api/authority/clients/installations${qs}`,
+            method: 'GET',
+            useGateway: true,
+        });
+    }
+    /**
+     * Revoke a managed client installation.
+     *
+     * Calls `POST /api/authority/clients/installations/{installation_id}/revoke`.
+     */
+    async revokeClientInstallation(installationId, options = {}) {
+        const body = compactObject({
+            reason: options.reason,
+            metadata: options.metadata,
+            ...withInitiator(options),
+        });
+        return this.client.request({
+            endpoint: `/api/authority/clients/installations/${encodeURIComponent(installationId)}/revoke`,
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+    /**
+     * Rotate the credentials for a managed client installation.
+     *
+     * Calls `POST /api/authority/clients/installations/{installation_id}/rotate-credentials`.
+     */
+    async rotateClientCredentials(installationId, options = {}) {
+        const body = compactObject({
+            reason: options.reason,
+            metadata: options.metadata,
+            ...withInitiator(options),
+        });
+        return this.client.request({
+            endpoint: `/api/authority/clients/installations/${encodeURIComponent(installationId)}/rotate-credentials`,
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+    // ----- Timelines -----
+    /**
+     * Query the Authority timelines store.
+     *
+     * Calls `POST /api/authority/timelines/query`.
+     */
+    async queryTimelines(options = {}) {
+        const body = compactObject({
+            subject: options.subject,
+            company: options.company,
+            run_id: options.runId,
+            filters: options.filters,
+            window_hours: options.windowHours,
+            limit: options.limit,
+            ...withInitiator(options),
+            ...withScope(options),
+        });
+        return this.client.request({
+            endpoint: '/api/authority/timelines/query',
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+    // ----- Context -----
+    /**
+     * Get the current Authority context for the calling token.
+     *
+     * Calls `GET /api/authority/context/current`.
+     */
+    async contextCurrent() {
+        return this.client.request({
+            endpoint: '/api/authority/context/current',
+            method: 'GET',
+            useGateway: true,
+        });
+    }
+    /**
+     * Resolve the rrc.v1 routing contract from optional org/app/env/company selectors.
+     *
+     * Calls `POST /api/authority/context/resolve`.
+     */
+    async contextResolve(options = {}) {
+        const body = {};
+        if (options.orgId !== undefined)
+            body.org_id = options.orgId;
+        if (options.appSlug !== undefined)
+            body.app_slug = options.appSlug;
+        if (options.env !== undefined)
+            body.env = options.env;
+        if (options.company !== undefined)
+            body.company = options.company;
+        if (options.tenant !== undefined)
+            body.tenant = options.tenant;
+        if (options.scopeMode !== undefined)
+            body.scope_mode = options.scopeMode;
+        if (options.useShared !== undefined)
+            body.use_shared = options.useShared;
+        if (options.targetOrgId !== undefined)
+            body.target_org_id = options.targetOrgId;
+        if (options.targetAppSlug !== undefined)
+            body.target_app_slug = options.targetAppSlug;
+        if (options.targetEnv !== undefined)
+            body.target_env = options.targetEnv;
+        return this.client.request({
+            endpoint: '/api/authority/context/resolve',
+            method: 'POST',
+            body,
+            useGateway: true,
+        });
+    }
+}
+//# sourceMappingURL=authority.js.map