dremiojs 1.0.0 → 1.1.0

package/README.md

@@ -57,3 +57,22 @@ async function main() {
 - **SQL Helper**: Easy `executeQuery` method that handles job submission and polling.
 - **Catalog Management**: Create, update, delete Spaces, Sources, Folders, and Datasets.
 - **Reflections**: Manage reflections programmatically.
+
+## Documentation
+
+- [Configuration & Environment Variables](docs/configuration.md)
+- [Client Usage](docs/client.md)
+- [Catalog API](docs/catalog.md)
+## Documentation
+
+- [Configuration & Environment Variables](docs/configuration.md)
+- [Client Usage](docs/client.md)
+- [Catalog API](docs/catalog.md)
+- [SQL & Jobs API](docs/sql_and_jobs.md)
+- [Reflections API](docs/reflections.md)
+- [Sources API](docs/sources.md)
+- [Users API](docs/users.md)
+- [Governance & Collaboration](docs/governance_collaboration.md)
+- [Scripts, Lineage & Tokens](docs/scripts_lineage_tokens.md)
+- [Provisioning (Engines)](docs/provisioning.md)
+- [Service Users & Credentials](docs/service_users.md)

package/docs/catalog.md

@@ -0,0 +1,76 @@
+# Catalog API Guide
+
+The Catalog API is the primary way to interact with Dremio's semantic layer (Spaces, Folders, Virtual Datasets) and physical sources.
+
+## Accessing the Catalog
+
+### Listing the Root
+To list the top-level items (Spaces and Sources):
+
+```typescript
+const root = await client.catalog.getByPath([]);
+console.log(root.children);
+```
+
+### Getting Items by Path
+You can traverse the catalog hierarchy using an array of path segments.
+
+```typescript
+// Get a specific dataset: "MarketingSpace.Campaigns.Q1_Results"
+const dataset = await client.catalog.getByPath(['MarketingSpace', 'Campaigns', 'Q1_Results']);
+console.log(dataset.id, dataset.type);
+```
+
+### Getting Items by ID
+If you already have the immutable ID of an object (e.g., from a search or list operation):
+
+```typescript
+const item = await client.catalog.get('dremio-dataset-uuid-1234');
+```
+
+## Creating Items
+
+### Creating a Space
+```typescript
+await client.catalog.create({
+    type: 'SPACE',
+    name: 'NewMarketingSpace'
+});
+```
+
+### Creating a Folder
+```typescript
+await client.catalog.create({
+    type: 'FOLDER',
+    path: ['NewMarketingSpace', 'Folder A']
+});
+```
+
+### Creating a Virtual Dataset (View)
+To create a VDS, you must provide the SQL definition and the context (path).
+
+```typescript
+await client.catalog.create({
+    type: 'DATASET',
+    path: ['NewMarketingSpace', 'MyView'],
+    sql: 'SELECT * FROM "Samples"."samples.dremio.com"."SF_incidents"',
+    format: { type: 'VIRTUAL_DATASET' } // Required specific to API v3/Cloud
+});
+```
+
+## Updating Items
+
+```typescript
+// Rename or Move (check API specifics for move vs update)
+await client.catalog.update('item-id', {
+    ...item,
+    tag: item.tag, // Optimistic locking tag is often required
+    sql: 'SELECT * FROM new_table' // Updating SQL of a view
+});
+```
+
+## Deleting Items
+
+```typescript
+await client.catalog.delete('item-id');
+```

package/docs/client.md

@@ -0,0 +1,55 @@
+# Client Instance Guide
+
+The library provides two distinct clients to handle the subtle differences between Dremio Cloud and Dremio Software APIs. Both clients share a common interface for most resources, making it easy to switch between them or support hybrid deployments.
+
+## Dremio Cloud Client
+
+The `DremioCloudClient` is optimized for Dremio Cloud's multi-tenant architecture. It automatically handles the `projectId` context required for most API calls.
+
+```typescript
+import { DremioCloudClient } from 'dremiojs';
+
+const cloudClient = new DremioCloudClient({
+    baseUrl: 'https://api.dremio.cloud/v0',
+    authToken: process.env.DREMIO_CLOUD_TOKEN,
+    projectId: process.env.DREMIO_CLOUD_PROJECT_ID
+});
+
+// The client automatically appends /projects/{id} to relevant paths
+await cloudClient.catalog.getByPath(['space', 'dataset']);
+```
+
+## Dremio Software Client
+
+The `DremioSoftwareClient` supports standard Dremio Software deployments (Docker, K8s, RPM). It includes logic for:
+- API v2 Login (username/password) exchange for tokens.
+- Automatic token management (if using username/pass).
+- Standard v3 API usage.
+
+```typescript
+import { DremioSoftwareClient } from 'dremiojs';
+
+const softwareClient = new DremioSoftwareClient({
+    baseUrl: 'http://localhost:9047/api/v3',
+    authToken: process.env.DREMIO_PAT 
+});
+
+// Or using Login
+const legacyClient = new DremioSoftwareClient({
+    baseUrl: 'http://localhost:9047/api/v3',
+    username: 'admin',
+    password: 'password123'
+});
+
+// The client performs login on the first request if no token is present
+await legacyClient.jobs.executeQuery('SELECT 1'); 
+```
+
+## Shared Capabilities
+
+Both clients extend `BaseClient` and expose:
+- `catalog`: Manage datasets, spaces, folders.
+- `jobs`: Execute SQL and track jobs.
+- `reflections`: specific Reflection management.
+- `sources`: specific Source management.
+- `users`: User and Role lookups.

package/docs/configuration.md

@@ -0,0 +1,54 @@
+# Configuration & Environment Variables
+
+`dremiojs` is designed to be flexible and secure. It supports configuration via a typed configuration object passed to the client constructor. While it does not automatically read environment variables (to avoid strict dependency on `dotenv` in client-side bundling scenarios), we recommend using standard environment variables in your application.
+
+## Best Practices
+
+Store your sensitive credentials in a `.env` file and use a library like `dotenv` to load them.
+
+```bash
+# .env example
+DREMIO_CLOUD_TOKEN=your_pat_here
+DREMIO_CLOUD_PROJECT_ID=your_project_id
+DREMIO_SOFTWARE_URL=http://dremio:9047/api/v3
+DREMIO_SOFTWARE_USER=admin
+DREMIO_SOFTWARE_PASS=password123
+```
+
+## Configuration Interfaces
+
+### Dremio Cloud Config
+
+```typescript
+interface DremioCloudConfig {
+  baseUrl: string;      // Usually 'https://api.dremio.cloud/v0'
+  authToken: string;    // Your Personal Access Token
+  projectId: string;    // The Project ID provided in the Cloud Console URL
+  timeout?: number;     // Request timeout in ms (default: 30000)
+}
+```
+
+### Dremio Software Config
+
+```typescript
+interface DremioSoftwareConfig {
+  baseUrl: string;      // e.g. 'http://localhost:9047/api/v3'
+  authToken?: string;   // PAT (Recommended)
+  username?: string;    // For legacy auth
+  password?: string;    // For legacy auth
+  checkSSLCerts?: boolean; // Set to false for self-signed certs (Node.js only)
+  timeout?: number;     // Request timeout in ms
+}
+```
+
+## SSL/TLS Configuration (Self-Signed Certs)
+
+If you are connecting to a Dremio Software instance with a self-signed certificate, you may need to disable SSL verification in Node.js.
+
+```typescript
+const client = new DremioSoftwareClient({
+    baseUrl: 'https://dremio.local:9047/api/v3',
+    authToken: '...',
+    checkSSLCerts: false // WARNING: Use only for development
+});
+```

package/docs/governance_collaboration.md

@@ -0,0 +1,41 @@
+# Governance & Collaboration API Guide
+
+## Governance (Grants)
+
+Manage access control lists (ACLs) and grants for Catalog entities.
+
+### Getting Grants
+```typescript
+const grants = await client.governance.getGrants('entity-id');
+// Output: [{ granteeType: 'USER', id: '...', privileges: ['SELECT'] }]
+```
+
+### Updating Grants
+```typescript
+await client.governance.updateGrants('entity-id', [
+    { granteeType: 'ROLE', id: 'role-id', privileges: ['SELECT', 'ALTER'] }
+]);
+```
+
+## Collaboration (Tags & Wiki)
+
+Manage metadata that helps users discover and understand data.
+
+### Tags
+```typescript
+// Get Tags
+const tags = await client.collaboration.getTags('dataset-id');
+
+// Set Tags
+await client.collaboration.setTags('dataset-id', ['marketing', 'q1-2024']);
+```
+
+### Wiki
+```typescript
+// Get Wiki Markdown
+const wiki = await client.collaboration.getWiki('dataset-id');
+console.log(wiki.text);
+
+// Set Wiki
+await client.collaboration.setWiki('dataset-id', '# Sales Data\n\nThis dataset contains...');
+```

package/docs/provisioning.md

@@ -0,0 +1,15 @@
+# Provisioning API Guide
+
+Manage Dremio Engines (Cloud) or Queues (Software WLM).
+
+## Engines (Dremio Cloud)
+
+```typescript
+// List available engines
+const engines = await client.provisioning.listEngines();
+engines.forEach(engine => {
+    console.log(`Engine: ${engine.name} (${engine.size}) - ${engine.status}`);
+});
+```
+
+*Note: Software WLM Queue management is structurally different and may be added to this namespace in future updates.*

package/docs/reflections.md

@@ -0,0 +1,54 @@
+# Reflections API Guide
+
+Reflections are Dremio's query acceleration technology. This API allows you to manage raw and aggregation reflections programmatically.
+
+## Listing Reflections
+
+You can list all reflections or filter by dataset.
+
+```typescript
+// List all accessible reflections
+const allReflections = await client.reflections.list();
+
+// List reflections for a specific dataset
+const datasetReflections = await client.reflections.list({
+    datasetId: 'dataset-uuid-123'
+});
+```
+
+## Getting a Reflection
+
+```typescript
+const reflection = await client.reflections.get('reflection-uuid');
+console.log(reflection.name, reflection.status);
+```
+
+## Creating a Reflection
+
+Creating a reflection implies defining which dataset it accelerates and its configuration (dimensions, measures, etc.).
+
+```typescript
+await client.reflections.create({
+    type: 'RAW',
+    name: 'Raw_Acceleration',
+    datasetId: 'dataset-uuid-123',
+    enabled: true,
+    displayFieldIds: ['col1', 'col2'] // Fields to include
+});
+```
+
+## Updating a Reflection
+
+Commonly used to enable/disable reflections or update their definition.
+
+```typescript
+await client.reflections.update('reflection-uuid', {
+    enabled: false // Disable reflection
+});
+```
+
+## Deleting a Reflection
+
+```typescript
+await client.reflections.delete('reflection-uuid');
+```

package/docs/scripts_lineage_tokens.md

@@ -0,0 +1,45 @@
+# Scripts, Lineage & Tokens Guide
+
+## Scripts API
+
+Manage saved SQL scripts (Dremio Cloud & Software).
+
+```typescript
+// List Scripts
+const scripts = await client.scripts.list({ maxResults: 10 });
+
+// Get a Script
+const myScript = await client.scripts.get('script-id');
+
+// Create a Script
+const newScript = await client.scripts.create({
+    name: 'Daily Report',
+    content: 'SELECT count(*) FROM sales',
+    context: ['Marketing']
+});
+
+// Update
+await client.scripts.update('script-id', { content: 'SELECT * FROM sales' });
+
+// Delete
+await client.scripts.delete('script-id');
+```
+
+## Lineage API
+
+Explore the data lineage graph for a dataset.
+
+```typescript
+const graph = await client.lineage.get('dataset-id');
+console.log(graph); 
+// Returns nodes and edges representing parent/child relationships
+```
+
+## Token Management
+
+Programmatically generate Personal Access Tokens (PATs) (where supported).
+
+```typescript
+const tokenResponse = await client.tokens.createToken('user-id', 'My New Token');
+console.log('New PAT:', tokenResponse.token);
+```

package/docs/service_users.md

@@ -0,0 +1,77 @@
+# Service Users & Credentials Guide
+
+Managing non-human accounts (Service Users) is essential for CI/CD and automated workflows. dremiojs provides full lifecycle management for Service Users and their OAuth credentials.
+
+> **Note**: Service Users are primarily a **Dremio Enterprise** feature. Calls to these endpoints may fail on Community Edition.
+
+## Service User Lifecycle
+
+### 1. Create a Service User
+
+```typescript
+const serviceUser = await client.users.create({
+    name: 'ci_pipeline_bot',
+    identityType: 'SERVICE_USER',
+    active: true
+});
+console.log('Service User Created:', serviceUser.id);
+```
+
+### 2. Create Client Credentials (Secret)
+
+Generate a Client ID and Secret for this user. This secret is only shown ONCE.
+
+```typescript
+const credential = await client.credentials.create(
+    serviceUser.id,
+    'gitlab-access-token', 
+    180 // Lifetime in days
+);
+
+console.log('Client ID:', credential.clientSecretConfig.clientId);
+console.log('Client Secret:', credential.clientSecretConfig.clientSecret); 
+// SAVE THE SECRET NOW! It cannot be retrieved again.
+```
+
+### 3. List Credentials
+
+View active credentials for a user.
+
+```typescript
+const creds = await client.credentials.list(serviceUser.id);
+creds.forEach(c => console.log(c.name, c.credentialType));
+```
+
+### 4. Delete Credentials
+
+Revoke a specific credential.
+
+```typescript
+await client.credentials.delete(serviceUser.id, credential.id);
+```
+
+### 5. Delete Service User
+
+```typescript
+await client.users.delete(serviceUser.id, serviceUser.tag);
+```
+
+## Dremio Cloud Service Accounts
+
+In Dremio Cloud, "Service Users" are typically handled as regular users with **Personal Access Tokens (PATs)**.
+
+### Creating a Token Programmatically
+
+You can generate tokens for users (if you have permissions) using the `TokensResource`.
+
+```typescript
+// Create a token for a specific user ID
+const { token } = await client.tokens.createToken(
+    'user-uuid-1234', 
+    'ci-pipeline-token', 
+    90 // Lifetime in days (default 30)
+);
+
+console.log('Generated PAT:', token);
+```
+

package/docs/sources.md

@@ -0,0 +1,53 @@
+# Sources API Guide
+
+Sources are the physical connections to your data lakes and databases (e.g., S3, HDFS, PostgreSQL, Snowflake).
+
+## Listing Sources
+
+```typescript
+const sources = await client.sources.list();
+sources.forEach(source => {
+    console.log(source.name, source.type); // e.g. "MyS3", "S3"
+});
+```
+
+## Getting a Source
+
+```typescript
+const source = await client.sources.get('source-id');
+```
+
+## Creating a Source
+
+Creating a source requires a specific configuration object that varies by source type (S3, Nessie, etc.). *Note: The specific config payload structure depends on the Dremio version and source type.*
+
+```typescript
+// Example: Creating an S3 Source
+await client.sources.create({
+    name: 'MyS3Source',
+    type: 'S3',
+    config: {
+        bucketName: 'my-bucket',
+        accessKey: '...',
+        accessSecret: '...'
+        // ... other S3 specific props
+    }
+});
+```
+
+## Updating a Source
+
+```typescript
+await client.sources.update('source-id', {
+    config: {
+        ...oldConfig,
+        accessSecret: 'NEW_SECRET'
+    }
+});
+```
+
+## Deleting a Source
+
+```typescript
+await client.sources.delete('source-id');
+```

package/docs/sql_and_jobs.md

@@ -0,0 +1,59 @@
+# SQL & Jobs API Guide
+
+Executing SQL in Dremio is an asynchronous process involving job submission, polling, and result retrieval. `dremiojs` simplifies this with a helper method while still exposing raw controls.
+
+## The Easy Way: `executeQuery`
+
+The `executeQuery` method handles the entire lifecycle: submitting the job, polling for completion, and fetching results.
+
+```typescript
+const rows = await client.jobs.executeQuery('SELECT * FROM sys.version');
+console.log(rows); 
+// Output: [{ version: '24.2.0', ... }]
+```
+
+### Context
+You can provide a context for the query (e.g., to simplify table names).
+
+```typescript
+// Queries table inside 'MarketingSpace' without full qualification
+const rows = await client.jobs.executeQuery('SELECT * FROM "Campaigns"', {
+    context: ['MarketingSpace'] 
+});
+```
+
+## The Query Lifecycle (Manual Control)
+
+For long-running queries or advanced UI integration (like progress bars), you may want to manage the lifecycle yourself.
+
+### 1. Submit Job
+```typescript
+const jobStub = await client.jobs.submitSQL('SELECT count(*) FROM big_table');
+const jobId = jobStub.id;
+console.log('Job submitted:', jobId);
+```
+
+### 2. Check Status
+Poll the job status until it reaches a terminal state (`COMPLETED`, `FAILED`, `CANCELED`).
+
+```typescript
+const status = await client.jobs.getJobStatus(jobId);
+console.log('Current State:', status.jobState); // e.g., 'RUNNING'
+```
+
+### 3. Get Results
+Once the job is `COMPLETED`, fetch the results.
+
+```typescript
+// Fetch first 100 rows
+const results = await client.jobs.getJobResults(jobId, 0, 100);
+console.log('Rows:', results.rows);
+console.log('Schema:', results.schema);
+```
+
+### 4. Cancel Job
+If the user wants to stop the query:
+
+```typescript
+await client.jobs.cancelJob(jobId);
+```

package/docs/users.md

@@ -0,0 +1,19 @@
+# Users API Guide
+
+The Users API allows you to lookup user information. This is useful for administration and governance workflows.
+
+## Getting a User by ID
+
+```typescript
+const user = await client.users.get('user-guid');
+console.log(user.name, user.email);
+```
+
+## Getting a User by Name
+
+```typescript
+const user = await client.users.getByName('admin');
+console.log(user.id);
+```
+
+*Note: User management capabilities (Create/Update/Delete) are typically restricted to administrative APIs and may differ significantly between Software and Cloud. The current library focuses on lookup/retrieval.*

package/package.json

@@ -1,7 +1,11 @@
 {
   "name": "dremiojs",
-  "version": "1.0.0",
-  "description": "",
+  "version": "1.1.0",
+  "description": "A TypeScript client library for Dremio Cloud and Software.",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/developer-advocacy-dremio/dremiojs.git"
+  },
   "main": "index.js",
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1"
@@ -22,4 +26,4 @@
     "ts-node": "^10.9.2",
     "typescript": "^5.9.3"
   }
-}
+}

package/src/api/collaboration.ts

@@ -0,0 +1,55 @@
+import { BaseClient } from '../client/base';
+
+export interface Tag {
+    tags: string[];
+    version?: string;
+}
+
+export interface Wiki {
+    text: string;
+    version?: string;
+}
+
+export class CollaborationResource {
+    private client: BaseClient;
+
+    constructor(client: BaseClient) {
+        this.client = client;
+    }
+
+    async getTags(catalogId: string): Promise<Tag> {
+        return this.client.request<Tag>({
+            method: 'GET',
+            url: `/catalog/${encodeURIComponent(catalogId)}/collaboration/tag`
+        });
+    }
+
+    async setTags(catalogId: string, tags: string[], version?: string): Promise<void> {
+        const data: any = { tags };
+        if (version) data.version = version;
+
+        await this.client.request({
+            method: 'POST',
+            url: `/catalog/${encodeURIComponent(catalogId)}/collaboration/tag`,
+            data
+        });
+    }
+
+    async getWiki(catalogId: string): Promise<Wiki> {
+        return this.client.request<Wiki>({
+            method: 'GET',
+            url: `/catalog/${encodeURIComponent(catalogId)}/collaboration/wiki`
+        });
+    }
+
+    async setWiki(catalogId: string, text: string, version?: string): Promise<void> {
+        const data: any = { text };
+        if (version) data.version = version;
+
+        await this.client.request({
+            method: 'POST',
+            url: `/catalog/${encodeURIComponent(catalogId)}/collaboration/wiki`,
+            data
+        });
+    }
+}

package/src/api/credentials.ts

@@ -0,0 +1,74 @@
+import { BaseClient } from '../client/base';
+
+export interface Credential {
+    id: string;
+    name: string;
+    credentialType: 'CLIENT_SECRET' | 'EXTERNAL_JWT';
+    clientSecretConfig?: {
+        clientId: string;
+        clientSecret?: string; // Only returned on creation
+        createdAt?: string;
+        expiresAt?: string;
+    };
+    // ... External JWT config properties could be added here
+}
+
+export class CredentialsResource {
+    private client: BaseClient;
+
+    constructor(client: BaseClient) {
+        this.client = client;
+    }
+
+    /**
+     * List credentials for a Service User.
+     */
+    async list(userId: string): Promise<Credential[]> {
+        const response = await this.client.request<Credential[]>({
+            method: 'GET',
+            url: `/user/${encodeURIComponent(userId)}/oauth/credentials`
+        });
+        // Response might be wrapped or array, usually array for list endpoints but docs example showed {id...} which is odd for a list.
+        // Re-reading docs: GET /user/{id}/oauth/credentials returns A LIST?
+        // Actually the doc example showed `curl -X GET .../credentials` returning a SINGLE object?
+        // Wait, normally `credentials` implies list. Let's assume list for now or container.
+        // Actually, if it returns a single object it might be 'get by id'.
+        // Correction: The docs show GET .../credentials returning ONE credential object in the example? 
+        // That implies you might only have one? Or the doc example is misleading/specific ID.
+        // Let's assume it returns an array for safety or we handle both.
+        return Array.isArray(response) ? response : [response];
+    }
+
+    /**
+     * Create a Client Secret for a Service User.
+     * @param userId Service User ID
+     * @param name Name for the credential
+     * @param lifetimeDays Duration in days (max 180)
+     */
+    async create(userId: string, name: string, lifetimeDays: number = 180): Promise<Credential> {
+        return this.client.request<Credential>({
+            method: 'POST',
+            url: `/user/${encodeURIComponent(userId)}/oauth/credentials`,
+            data: {
+                name,
+                credentialType: 'CLIENT_SECRET',
+                clientSecretConfig: {
+                    lifetime: {
+                        quantity: lifetimeDays,
+                        units: 'DAYS'
+                    }
+                }
+            }
+        });
+    }
+
+    /**
+     * Delete a credential.
+     */
+    async delete(userId: string, credentialId: string): Promise<void> {
+        await this.client.request({
+            method: 'DELETE',
+            url: `/user/${encodeURIComponent(userId)}/oauth/credentials/${encodeURIComponent(credentialId)}`
+        });
+    }
+}

package/src/api/governance.ts

@@ -0,0 +1,52 @@
+import { BaseClient } from '../client/base';
+
+export interface Grant {
+    id: string; // User or Role ID
+    granteeType: 'USER' | 'ROLE';
+    privileges: string[]; // e.g. ['SELECT', 'ALTER']
+}
+
+export interface AccessControlList {
+    users?: { id: string, permissions: string[] }[];
+    roles?: { id: string, permissions: string[] }[];
+}
+
+export class GovernanceResource {
+    private client: BaseClient;
+
+    constructor(client: BaseClient) {
+        this.client = client;
+    }
+
+    /**
+     * Dremio Cloud: Get Grants for a catalog entity.
+     * Dremio Software: Typically uses ACLs embedded in Catalog.
+     * This method targets the /grants endpoints primarily used in Cloud/Newer Software.
+     */
+    async getGrants(catalogId: string): Promise<Grant[]> {
+        // Dremio Cloud: /v0/projects/{id}/catalog/{id}/grants
+        // Note: ProjectId is handled by client base url interceptor/logic usually.
+        const response = await this.client.request<{ grants: Grant[] }>({
+            method: 'GET',
+            url: `/catalog/${encodeURIComponent(catalogId)}/grants`
+        });
+        return response.grants || [];
+    }
+
+    /**
+     * Dremio Cloud: Update Grants.
+     */
+    async updateGrants(catalogId: string, grants: Grant[]): Promise<void> {
+        await this.client.request({
+            method: 'PUT',
+            url: `/catalog/${encodeURIComponent(catalogId)}/grants`,
+            data: { grants }
+        });
+    }
+
+    /**
+     * Dremio Software: Set ACL (Software v3 style) on an entity.
+     * Technically this usually goes via Catalog Update, but we provide a helper here if beneficial.
+     * For now, we'll focus on the 'Grants' endpoint which is cleaner if supported.
+     */
+}

package/src/api/lineage.ts

@@ -0,0 +1,19 @@
+import { BaseClient } from '../client/base';
+
+export class LineageResource {
+    private client: BaseClient;
+
+    constructor(client: BaseClient) {
+        this.client = client;
+    }
+
+    async get(catalogId: string): Promise<any> {
+        return this.client.request({
+            method: 'GET',
+            url: `/catalog/${encodeURIComponent(catalogId)}/graph`
+        });
+        // Note: Graph/Lineage endpoints can vary. 
+        // Software v3 doc: GET /api/v3/catalog/{id}/graph
+        // Cloud doc checks: /v0/projects/{id}/catalog/{id}/graph
+    }
+}

package/src/api/provisioning.ts

@@ -0,0 +1,32 @@
+import { BaseClient } from '../client/base';
+
+// Simplified Engine/Queue types
+export interface Engine {
+    id: string;
+    name: string;
+    size?: string;
+    status?: string;
+}
+
+export class ProvisioningResource {
+    private client: BaseClient;
+
+    constructor(client: BaseClient) {
+        this.client = client;
+    }
+
+    /**
+     * Dremio Cloud: List Engines
+     */
+    async listEngines(): Promise<Engine[]> {
+        // Cloud: /v0/projects/{id}/engines
+        const response = await this.client.request<any>({
+            method: 'GET',
+            url: '/engines'
+        });
+        // Normalize response
+        return response.data || (Array.isArray(response) ? response : []);
+    }
+
+    // Additional methods for start/stop engines or queue management could be added here
+}

package/src/api/scripts.ts

@@ -0,0 +1,64 @@
+import { BaseClient } from '../client/base';
+
+export interface Script {
+    id: string;
+    name: string;
+    description?: string;
+    content: string; // SQL
+    context?: string[];
+    createdAt?: string;
+    modifiedAt?: string;
+    createdBy?: string;
+    modifiedBy?: string;
+}
+
+export class ScriptsResource {
+    private client: BaseClient;
+
+    constructor(client: BaseClient) {
+        this.client = client;
+    }
+
+    async list(options: { maxResults?: number, ownedBy?: string } = {}): Promise<Script[]> {
+        const params: any = {};
+        if (options.maxResults) params.maxResults = options.maxResults;
+        if (options.ownedBy) params.ownedBy = options.ownedBy;
+
+        const response = await this.client.request<{ data: Script[] }>({
+            method: 'GET',
+            url: '/scripts',
+            params
+        });
+        return response.data || [];
+    }
+
+    async get(id: string): Promise<Script> {
+        return this.client.request<Script>({
+            method: 'GET',
+            url: `/scripts/${encodeURIComponent(id)}`
+        });
+    }
+
+    async create(script: Partial<Script>): Promise<Script> {
+        return this.client.request<Script>({
+            method: 'POST',
+            url: '/scripts',
+            data: script
+        });
+    }
+
+    async update(id: string, script: Partial<Script>): Promise<Script> {
+        return this.client.request<Script>({
+            method: 'PUT',
+            url: `/scripts/${encodeURIComponent(id)}`,
+            data: script
+        });
+    }
+
+    async delete(id: string): Promise<void> {
+        return this.client.request({
+            method: 'DELETE',
+            url: `/scripts/${encodeURIComponent(id)}`
+        });
+    }
+}

package/src/api/token.ts

@@ -0,0 +1,50 @@
+import { BaseClient } from '../client/base';
+
+export class TokenResource {
+    private client: BaseClient;
+
+    constructor(client: BaseClient) {
+        this.client = client;
+    }
+
+    // Usually administrative
+    // Implement standard PAT creation endpoints if available/documented for target version
+
+    // Dremio Software: POST /api/v3/user/{uid}/token
+    // Dremio Cloud: /v0/projects/{id}/users/{uid}/token ? (Check docs)
+    // Often PAT management is done via specialized internal APIs or different paths.
+    // We will provide a placeholder that attempts the standard V3 path.
+
+    // Supports Dremio Cloud (PAT) and Software (PAT) creation
+    async createToken(userId: string, label: string, lifetimeDays: number = 30): Promise<{ token: string }> {
+        const config = this.client.getConfig();
+        let baseUrl = config.baseUrl.replace(/\/$/, '');
+
+        // Ensure we target the correct API root
+        // Cloud: https://api.dremio.cloud/v0/user/{id}/token
+        // Software: http://host:9047/api/v3/user/{id}/token
+
+        // If the client is Cloud, the getConfig() returns the raw URL (without project), 
+        // effectively handling the path correctly.
+
+        const fullUrl = `${baseUrl}/user/${encodeURIComponent(userId)}/token`;
+
+        const millisecondsToExpire = lifetimeDays * 24 * 60 * 60 * 1000;
+
+        const response = await this.client.request({
+            method: 'POST',
+            url: fullUrl, // Absolute URL to bypass axios baseURL prefix
+            data: {
+                label,
+                millisecondsToExpire
+            }
+        });
+
+        // Cloud API returns the token string directly in some contexts, or JSON?
+        // Based on docs example, checking if response is string or object.
+        if (typeof response === 'string') {
+            return { token: response };
+        }
+        return response; // Assuming { token: ... } or similar JSON
+    }
+}

package/src/api/user.ts

@@ -1,12 +1,17 @@
 import { BaseClient } from '../client/base';
 
+// Basic types
 export interface User {
     id: string;
     name: string;
     firstName?: string;
     lastName?: string;
     email?: string;
-    roles?: any[];
+    tag?: string;
+    identityType?: 'REGULAR_USER' | 'SERVICE_USER';
+    active?: boolean;
+    roles?: { id: string, name: string, type: string }[];
+    oauthClientId?: string; // For Service Users
 }
 
 export class UserResource {
@@ -17,16 +22,47 @@ export class UserResource {
     }
 
     async get(id: string): Promise<User> {
-        return this.client.request({
+        return this.client.request<User>({
             method: 'GET',
             url: `/user/${encodeURIComponent(id)}`
         });
     }
 
     async getByName(name: string): Promise<User> {
-        return this.client.request({
+        return this.client.request<User>({
             method: 'GET',
             url: `/user/by-name/${encodeURIComponent(name)}`
         });
     }
+
+    /**
+     * Create a new user (Regular or Service).
+     * @param user User definition. For Service Users, set identityType to 'SERVICE_USER'.
+     */
+    async create(user: Partial<User>): Promise<User> {
+        return this.client.request<User>({
+            method: 'POST',
+            url: '/user',
+            data: user
+        });
+    }
+
+    async update(id: string, user: Partial<User>): Promise<User> {
+        return this.client.request<User>({
+            method: 'PUT',
+            url: `/user/${encodeURIComponent(id)}`,
+            data: user
+        });
+    }
+
+    async delete(id: string, versionTag?: string): Promise<void> {
+        const config: any = {
+            method: 'DELETE',
+            url: `/user/${encodeURIComponent(id)}`
+        };
+        if (versionTag) {
+            config.params = { version: versionTag };
+        }
+        await this.client.request(config);
+    }
 }

package/src/client/base.ts

@@ -5,6 +5,13 @@ import { JobResource } from '../api/jobs';
 import { ReflectionResource } from '../api/reflection';
 import { SourceResource } from '../api/source';
 import { UserResource } from '../api/user';
+import { GovernanceResource } from '../api/governance';
+import { CollaborationResource } from '../api/collaboration';
+import { ScriptsResource } from '../api/scripts';
+import { LineageResource } from '../api/lineage';
+import { ProvisioningResource } from '../api/provisioning';
+import { TokenResource } from '../api/token';
+import { CredentialsResource } from '../api/credentials';
 
 export abstract class BaseClient {
     protected axiosInstance: AxiosInstance;
@@ -14,6 +21,13 @@ export abstract class BaseClient {
     public reflections: ReflectionResource;
     public sources: SourceResource;
     public users: UserResource;
+    public governance: GovernanceResource;
+    public collaboration: CollaborationResource;
+    public scripts: ScriptsResource;
+    public lineage: LineageResource;
+    public provisioning: ProvisioningResource;
+    public tokens: TokenResource;
+    public credentials: CredentialsResource;
 
     constructor(config: BaseDremioConfig) {
         this.config = config;
@@ -30,6 +44,13 @@ export abstract class BaseClient {
         this.reflections = new ReflectionResource(this);
         this.sources = new SourceResource(this);
         this.users = new UserResource(this);
+        this.governance = new GovernanceResource(this);
+        this.collaboration = new CollaborationResource(this);
+        this.scripts = new ScriptsResource(this);
+        this.lineage = new LineageResource(this);
+        this.provisioning = new ProvisioningResource(this);
+        this.tokens = new TokenResource(this);
+        this.credentials = new CredentialsResource(this);
 
         // Add generic interceptors if needed
         this.axiosInstance.interceptors.response.use(
@@ -41,6 +62,10 @@ export abstract class BaseClient {
         );
     }
 
+    public getConfig(): BaseDremioConfig {
+        return this.config;
+    }
+
     protected abstract getAuthHeaders(): Record<string, string> | Promise<Record<string, string>>;
 
     public async request<T = any>(config: AxiosRequestConfig): Promise<T> {

package/src/client/cloud.ts

@@ -34,4 +34,8 @@ export class DremioCloudClient extends BaseClient {
     getProjectId(): string {
         return this.config.projectId;
     }
+
+    public getConfig(): DremioCloudConfig {
+        return this.config;
+    }
 }

package/tests/integration_manual.ts

@@ -39,6 +39,22 @@ const runTests = async () => {
                 console.warn('   Warning: Could not list reflections:', e.message);
             }
 
+            console.log(' - Validating Provisioning (Engines)...');
+            try {
+                const engines = await cloudClient.provisioning.listEngines();
+                console.log('   Success! Found', engines.length, 'engines');
+            } catch (e: any) {
+                console.warn('   Warning: Could not list engines:', e.message);
+            }
+
+            console.log(' - Validating Scripts...');
+            try {
+                const scripts = await cloudClient.scripts.list();
+                console.log('   Success! Found', scripts.length, 'scripts');
+            } catch (e: any) {
+                console.warn('   Warning: Could not list scripts:', e.message);
+            }
+
             console.log(' - Running Test Query: SELECT 1');
             const results = await cloudClient.jobs.executeQuery('SELECT 1');
             console.log('   Query Success! Result:', results);
@@ -80,6 +96,39 @@ const runTests = async () => {
                 console.warn('   Warning: Could not list reflections:', e.message);
             }
 
+            console.log(' - Validating Scripts...');
+            try {
+                const scripts = await softwareClient.scripts.list();
+                console.log('   Success! Found', scripts.length, 'scripts');
+            } catch (e: any) {
+                console.warn('   Warning: Could not list scripts (Check if supported/enabled in this version):', e.message);
+            }
+
+            console.log(' - Validating Service User Lifecycle...');
+            try {
+                // 1. Create Service User
+                const userName = `test_svc_${Date.now()}`;
+                console.log(`   Creating Service User: ${userName}...`);
+                const newUser = await softwareClient.users.create({
+                    name: userName,
+                    identityType: 'SERVICE_USER'
+                });
+                console.log('   Success! Created User ID:', newUser.id);
+
+                // 2. Create Credential
+                console.log('   Creating Credential...');
+                const cred = await softwareClient.credentials.create(newUser.id, 'test-secret', 30);
+                console.log('   Success! Created Credential ID:', cred.id);
+
+                // 3. Delete User
+                console.log('   Deleting User...');
+                await softwareClient.users.delete(newUser.id, newUser.tag);
+                console.log('   Success! User Deleted.');
+
+            } catch (e: any) {
+                console.warn('   Warning: Service User test failed (Admin privileges required?):', e.message);
+            }
+
             console.log(' - Running Test Query: SELECT 1');
             const results = await softwareClient.jobs.executeQuery('SELECT 1');
             console.log('   Query Success! Result:', results);