run402-mcp 2.41.1 → 2.43.0

package/sdk/dist/namespaces/operator.d.ts

@@ -114,6 +114,101 @@ export interface CliTokenExchange {
     /** Must match the `state` used at authorize time. */
     state: string;
 }
+/**
+ * A claim challenge (`POST …/claim-wallet-org/challenge`). The wallet must sign a
+ * fresh SIWX message carrying {@link ClaimChallenge.nonce}; that signed message
+ * becomes the `SIGN-IN-WITH-X` header on {@link ClaimWalletOrg.submit}. Reveals
+ * nothing about the wallet's orgs — control is proven only at claim time.
+ */
+export interface ClaimChallenge {
+    challenge_id: string;
+    nonce: string;
+    expires_at: string;
+    sign_instructions?: {
+        scheme?: string;
+        nonce?: string;
+        note?: string;
+        [key: string]: unknown;
+    };
+    [key: string]: unknown;
+}
+/** Input to {@link ClaimWalletOrg.challenge}. */
+export interface ClaimChallengeInput {
+    /** The wallet (0x EVM address) whose agent-owned org is being claimed. */
+    wallet: string;
+    /**
+     * The human's write-capable control-plane session bearer. Falls back to the
+     * client's default auth when omitted — pass it explicitly unless the client was
+     * constructed with control-plane-session credentials.
+     */
+    token?: string;
+}
+/** Input to {@link ClaimWalletOrg.submit}. */
+export interface ClaimSubmitInput {
+    /**
+     * The fresh SIWX proof over the challenge nonce — the value of the
+     * `SIGN-IN-WITH-X` header (the wallet proof). In Node, build it with
+     * `signWalletOrgClaim` from `@run402/sdk/node`.
+     */
+    siwx: string;
+    /** The human's control-plane session bearer (see {@link ClaimChallengeInput.token}). */
+    token?: string;
+    /**
+     * Target org id. Omit on the first submit; supply it on the second round when
+     * the first returned `select_org` (the wallet's agent owns more than one org).
+     * The same `token` + `siwx` are reused — no re-challenge, no re-sign.
+     */
+    orgId?: string;
+    /** Optional label to set on the claimed org at the same time. `null`/`""` clears. */
+    displayName?: string | null;
+}
+/** One org offered for selection when a wallet's agent owns more than one (`select_org`). */
+export interface SelectableOrg {
+    org_id: string;
+    display_name: string | null;
+    tier: string;
+    [key: string]: unknown;
+}
+/**
+ * Result of {@link ClaimWalletOrg.submit}. A discriminated union: `"claimed"` on
+ * success, or `"select_org"` when the wallet's agent owns more than one org and
+ * the caller must re-submit with a chosen `orgId`. `select_org` is a normal
+ * (non-error) result — it is returned, never thrown.
+ */
+export type ClaimResult = {
+    status: "claimed";
+    org_id: string;
+    display_name: string | null;
+    role: string;
+    /** True when the human already owned the org (idempotent re-claim). */
+    already_owned?: boolean;
+    [key: string]: unknown;
+} | {
+    status: "select_org";
+    selectable_orgs: SelectableOrg[];
+    [key: string]: unknown;
+};
+/**
+ * Wallet-owned org claim — `r.operator.claimWalletOrg.*`. The isomorphic
+ * (raw-proof) seam: `challenge` issues a nonce; `submit` posts the dual proof
+ * (control-plane session bearer + a fresh `SIGN-IN-WITH-X` wallet signature). The
+ * Node convenience `signWalletOrgClaim` / `claimWalletOrg` in `@run402/sdk/node`
+ * runs the whole dance (read session → challenge → sign → submit).
+ */
+export declare class ClaimWalletOrg {
+    private readonly client;
+    constructor(client: Client);
+    /** Request a single-use challenge nonce the wallet must sign (`POST …/claim-wallet-org/challenge`). */
+    challenge(input: ClaimChallengeInput): Promise<ClaimChallenge>;
+    /**
+     * Execute the claim (`POST …/claim-wallet-org`) carrying both proofs: the
+     * control-plane session bearer (the human) and the `SIGN-IN-WITH-X` wallet
+     * signature. Returns a discriminated {@link ClaimResult}; a `select_org` result
+     * is returned (not thrown). Throws {@link StepUpRequiredError} when the session
+     * is not passkey-fresh, and `ApiError` (`WALLET_PROOF_INVALID`) on a bad proof.
+     */
+    submit(input: ClaimSubmitInput): Promise<ClaimResult>;
+}
 export declare class Operator {
     private readonly client;
     /**
@@ -125,6 +220,12 @@ export declare class Operator {
      * CLI write-login below. See {@link OperatorSession}.
      */
     readonly session: OperatorSession;
+    /**
+     * Wallet-owned org claim (v1.82): `r.operator.claimWalletOrg.challenge()` +
+     * `.submit()`. The raw dual-proof seam; the Node convenience `claimWalletOrg`
+     * in `@run402/sdk/node` runs the full dance.
+     */
+    readonly claimWalletOrg: ClaimWalletOrg;
     constructor(client: Client);
     /**
      * Begin the device-authorization flow. Unauthenticated. Returns the codes the

package/sdk/dist/namespaces/operator.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"operator.d.ts","sourceRoot":"","sources":["../../src/namespaces/operator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAE3C,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAExD,oDAAoD;AACpD,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,uEAAuE;IACvE,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,kDAAkD;IAClD,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,8EAA8E;AAC9E,MAAM,WAAW,oBAAoB;IACnC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GACxB;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,OAAO,EAAE,oBAAoB,CAAA;CAAE,GACnD;IAAE,IAAI,EAAE,uBAAuB,CAAA;CAAE,GACjC;IAAE,IAAI,EAAE,WAAW,CAAA;CAAE,GACrB;IAAE,IAAI,EAAE,eAAe,CAAA;CAAE,GACzB;IAAE,IAAI,EAAE,eAAe,CAAA;CAAE,CAAC;AAE9B;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACnE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,gBAAgB,CAAC,EAAE,OAAO,EAAE,CAAC;IAC7B,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC;IACpB,UAAU,CAAC,EAAE,OAAO,EAAE,CAAC;IACvB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;;;;GAKG;AACH,MAAM,WAAW,mBAAmB;IAClC,2BAA2B,EAAE,MAAM,CAAC;IACpC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,oCAAoC;IACpC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mEAAmE;IACnE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,sCAAsC;IACtC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,mDAAmD;IACnD,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,4DAA4D;AAC5D,MAAM,WAAW,kBAAkB;IACjC,2EAA2E;IAC3E,WAAW,EAAE,MAAM,CAAC;IACpB,yDAAyD;IACzD,aAAa,EAAE,MAAM,CAAC;IACtB,qDAAqD;IACrD,KAAK,EAAE,MAAM,CAAC;IACd,oBAAoB;IACpB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,wDAAwD;AACxD,MAAM,WAAW,gBAAgB;IAC/B,4DAA4D;IAC5D,IAAI,EAAE,MAAM,CAAC;IACb,gEAAgE;IAChE,YAAY,EAAE,MAAM,CAAC;IACrB,2DAA2D;IAC3D,WAAW,EAAE,MAAM,CAAC;IACpB,qDAAqD;IACrD,KAAK,EAAE,MAAM,CAAC;CACf;AASD,qBAAa,QAAQ;IAWP,OAAO,CAAC,QAAQ,CAAC,MAAM;IAVnC;;;;;;;OAOG;IACH,QAAQ,CAAC,OAAO,EAAE,eAAe,CAAC;gBAEL,MAAM,EAAE,MAAM;IAI3C;;;;OAIG;IACG,WAAW,CAAC,IAAI,GAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAA;KAAO,GAAG,OAAO,CAAC,eAAe,CAAC;IAS/E;;;;;OAKG;IACG,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAgC/D;;;;;;OAMG;IACG,QAAQ,CAAC,IAAI,GAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAA;KAAO,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAaxE;;;;OAIG;IACG,MAAM,CAAC,IAAI,EAAE;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAiBpD;;;;OAIG;IACH,oBAAoB,CAAC,MAAM,EAAE,kBAAkB,GAAG,MAAM;IAWxD;;;;OAIG;IACG,gBAAgB,CAAC,MAAM,EAAE,gBAAgB,GAAG,OAAO,CAAC,mBAAmB,CAAC;CAa/E"}
+{"version":3,"file":"operator.d.ts","sourceRoot":"","sources":["../../src/namespaces/operator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAE3C,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAExD,oDAAoD;AACpD,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,gBAAgB,EAAE,MAAM,CAAC;IACzB,uEAAuE;IACvE,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,kDAAkD;IAClD,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,8EAA8E;AAC9E,MAAM,WAAW,oBAAoB;IACnC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GACxB;IAAE,IAAI,EAAE,UAAU,CAAC;IAAC,OAAO,EAAE,oBAAoB,CAAA;CAAE,GACnD;IAAE,IAAI,EAAE,uBAAuB,CAAA;CAAE,GACjC;IAAE,IAAI,EAAE,WAAW,CAAA;CAAE,GACrB;IAAE,IAAI,EAAE,eAAe,CAAA;CAAE,GACzB;IAAE,IAAI,EAAE,eAAe,CAAA;CAAE,CAAC;AAE9B;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAC/B,KAAK,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACnE,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,gBAAgB,CAAC,EAAE,OAAO,EAAE,CAAC;IAC7B,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC;IACpB,UAAU,CAAC,EAAE,OAAO,EAAE,CAAC;IACvB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;;;;GAKG;AACH,MAAM,WAAW,mBAAmB;IAClC,2BAA2B,EAAE,MAAM,CAAC;IACpC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,oCAAoC;IACpC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mEAAmE;IACnE,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,sCAAsC;IACtC,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,mDAAmD;IACnD,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;IACf,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,4DAA4D;AAC5D,MAAM,WAAW,kBAAkB;IACjC,2EAA2E;IAC3E,WAAW,EAAE,MAAM,CAAC;IACpB,yDAAyD;IACzD,aAAa,EAAE,MAAM,CAAC;IACtB,qDAAqD;IACrD,KAAK,EAAE,MAAM,CAAC;IACd,oBAAoB;IACpB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,wDAAwD;AACxD,MAAM,WAAW,gBAAgB;IAC/B,4DAA4D;IAC5D,IAAI,EAAE,MAAM,CAAC;IACb,gEAAgE;IAChE,YAAY,EAAE,MAAM,CAAC;IACrB,2DAA2D;IAC3D,WAAW,EAAE,MAAM,CAAC;IACpB,qDAAqD;IACrD,KAAK,EAAE,MAAM,CAAC;CACf;AAWD;;;;;GAKG;AACH,MAAM,WAAW,cAAc;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC;IAC/F,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,iDAAiD;AACjD,MAAM,WAAW,mBAAmB;IAClC,0EAA0E;IAC1E,MAAM,EAAE,MAAM,CAAC;IACf;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,8CAA8C;AAC9C,MAAM,WAAW,gBAAgB;IAC/B;;;;OAIG;IACH,IAAI,EAAE,MAAM,CAAC;IACb,wFAAwF;IACxF,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;;OAIG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,qFAAqF;IACrF,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,6FAA6F;AAC7F,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;;;;GAKG;AACH,MAAM,MAAM,WAAW,GACnB;IACE,MAAM,EAAE,SAAS,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,uEAAuE;IACvE,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,GACD;IACE,MAAM,EAAE,YAAY,CAAC;IACrB,eAAe,EAAE,aAAa,EAAE,CAAC;IACjC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB,CAAC;AAEN;;;;;;GAMG;AACH,qBAAa,cAAc;IACb,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAE3C,uGAAuG;IACjG,SAAS,CAAC,KAAK,EAAE,mBAAmB,GAAG,OAAO,CAAC,cAAc,CAAC;IAYpE;;;;;;OAMG;IACG,MAAM,CAAC,KAAK,EAAE,gBAAgB,GAAG,OAAO,CAAC,WAAW,CAAC;CAiB5D;AAED,qBAAa,QAAQ;IAkBP,OAAO,CAAC,QAAQ,CAAC,MAAM;IAjBnC;;;;;;;OAOG;IACH,QAAQ,CAAC,OAAO,EAAE,eAAe,CAAC;IAElC;;;;OAIG;IACH,QAAQ,CAAC,cAAc,EAAE,cAAc,CAAC;gBAEX,MAAM,EAAE,MAAM;IAK3C;;;;OAIG;IACG,WAAW,CAAC,IAAI,GAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAA;KAAO,GAAG,OAAO,CAAC,eAAe,CAAC;IAS/E;;;;;OAKG;IACG,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAgC/D;;;;;;OAMG;IACG,QAAQ,CAAC,IAAI,GAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAA;KAAO,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAaxE;;;;OAIG;IACG,MAAM,CAAC,IAAI,EAAE;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAiBpD;;;;OAIG;IACH,oBAAoB,CAAC,MAAM,EAAE,kBAAkB,GAAG,MAAM;IAWxD;;;;OAIG;IACG,gBAAgB,CAAC,MAAM,EAAE,gBAAgB,GAAG,OAAO,CAAC,mBAAmB,CAAC;CAa/E"}

package/sdk/dist/namespaces/operator.js

@@ -17,7 +17,7 @@
  *
  * Gateway contract: kychee-com/run402-private#443 (RFC 8628 device-auth bridge).
  */
-import { ApiError, NetworkError } from "../errors.js";
+import { ApiError, LocalError, NetworkError } from "../errors.js";
 import { OperatorSession } from "./operator-session.js";
 const POLL_ERROR_CODES = new Set([
     "authorization_pending",
@@ -25,6 +25,58 @@ const POLL_ERROR_CODES = new Set([
     "access_denied",
     "expired_token",
 ]);
+/**
+ * Wallet-owned org claim — `r.operator.claimWalletOrg.*`. The isomorphic
+ * (raw-proof) seam: `challenge` issues a nonce; `submit` posts the dual proof
+ * (control-plane session bearer + a fresh `SIGN-IN-WITH-X` wallet signature). The
+ * Node convenience `signWalletOrgClaim` / `claimWalletOrg` in `@run402/sdk/node`
+ * runs the whole dance (read session → challenge → sign → submit).
+ */
+export class ClaimWalletOrg {
+    client;
+    constructor(client) {
+        this.client = client;
+    }
+    /** Request a single-use challenge nonce the wallet must sign (`POST …/claim-wallet-org/challenge`). */
+    async challenge(input) {
+        if (!input?.wallet) {
+            throw new LocalError("claimWalletOrg.challenge requires { wallet }", "requesting wallet-org claim challenge");
+        }
+        return this.client.request("/agent/v1/operator/claim-wallet-org/challenge", {
+            method: "POST",
+            body: { wallet: input.wallet },
+            ...(input.token ? { headers: { Authorization: `Bearer ${input.token}` }, withAuth: false } : {}),
+            context: "requesting wallet-org claim challenge",
+        });
+    }
+    /**
+     * Execute the claim (`POST …/claim-wallet-org`) carrying both proofs: the
+     * control-plane session bearer (the human) and the `SIGN-IN-WITH-X` wallet
+     * signature. Returns a discriminated {@link ClaimResult}; a `select_org` result
+     * is returned (not thrown). Throws {@link StepUpRequiredError} when the session
+     * is not passkey-fresh, and `ApiError` (`WALLET_PROOF_INVALID`) on a bad proof.
+     */
+    async submit(input) {
+        if (!input?.siwx) {
+            throw new LocalError("claimWalletOrg.submit requires { siwx } (the SIGN-IN-WITH-X proof)", "claiming wallet org");
+        }
+        const headers = { "SIGN-IN-WITH-X": input.siwx };
+        if (input.token)
+            headers.Authorization = `Bearer ${input.token}`;
+        const body = {};
+        if (input.orgId !== undefined)
+            body.org_id = input.orgId;
+        if (input.displayName !== undefined)
+            body.display_name = input.displayName;
+        return this.client.request("/agent/v1/operator/claim-wallet-org", {
+            method: "POST",
+            body,
+            headers,
+            withAuth: !input.token,
+            context: "claiming wallet org",
+        });
+    }
+}
 export class Operator {
     client;
     /**
@@ -36,9 +88,16 @@ export class Operator {
      * CLI write-login below. See {@link OperatorSession}.
      */
     session;
+    /**
+     * Wallet-owned org claim (v1.82): `r.operator.claimWalletOrg.challenge()` +
+     * `.submit()`. The raw dual-proof seam; the Node convenience `claimWalletOrg`
+     * in `@run402/sdk/node` runs the full dance.
+     */
+    claimWalletOrg;
     constructor(client) {
         this.client = client;
         this.session = new OperatorSession(client);
+        this.claimWalletOrg = new ClaimWalletOrg(client);
     }
     /**
      * Begin the device-authorization flow. Unauthenticated. Returns the codes the

package/sdk/dist/namespaces/operator.js.map

@@ -1 +1 @@
-{"version":3,"file":"operator.js","sourceRoot":"","sources":["../../src/namespaces/operator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AA+FxD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,uBAAuB;IACvB,WAAW;IACX,eAAe;IACf,eAAe;CAChB,CAAC,CAAC;AAEH,MAAM,OAAO,QAAQ;IAWU;IAV7B;;;;;;;OAOG;IACM,OAAO,CAAkB;IAElC,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;QACzC,IAAI,CAAC,OAAO,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,WAAW,CAAC,OAAgC,EAAE;QAClD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAkB,mCAAmC,EAAE;YAC/E,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE;YAC7D,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,wCAAwC;SAClD,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,UAAU,CAAC,UAAkB;QACjC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,yCAAyC,CAAC;QAC5E,IAAI,GAAa,CAAC;QAClB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE;gBACjC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC;aAClD,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,YAAY,CACpB,sDAAuD,GAAa,CAAC,OAAO,EAAE,EAC9E,GAAG,EACH,+BAA+B,CAChC,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAmC,CAAC;QACpF,IAAI,GAAG,CAAC,EAAE,IAAI,IAAI,IAAI,OAAO,IAAI,CAAC,sBAAsB,KAAK,QAAQ,EAAE,CAAC;YACtE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,IAAuC,EAAE,CAAC;QAChF,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QACzE,IAAI,KAAK,IAAI,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACzC,OAAO,EAAE,IAAI,EAAE,KAAsD,EAAE,CAAC;QAC1E,CAAC;QACD,MAAM,IAAI,QAAQ,CAChB,mDAAmD,GAAG,CAAC,MAAM,GAAG,EAChE,GAAG,CAAC,MAAM,EACV,IAAI,EACJ,+BAA+B,CAChC,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,QAAQ,CAAC,OAA2B,EAAE;QAC1C,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAmB,6BAA6B,EAAE;gBAC1E,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE,EAAE;gBAClD,QAAQ,EAAE,KAAK;gBACf,OAAO,EAAE,4BAA4B;aACtC,CAAC,CAAC;QACL,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAmB,6BAA6B,EAAE;YAC1E,OAAO,EAAE,4BAA4B;SACtC,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM,CAAC,IAAuB;QAClC,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAU,mCAAmC,EAAE;YACtE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE,EAAE;YAClD,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,2BAA2B;SACrC,CAAC,CAAC;IACL,CAAC;IAED,6EAA6E;IAC7E,4EAA4E;IAC5E,4EAA4E;IAC5E,2EAA2E;IAC3E,gEAAgE;IAChE,8EAA8E;IAC9E,+DAA+D;IAE/D;;;;OAIG;IACH,oBAAoB,CAAC,MAA0B;QAC7C,MAAM,CAAC,GAAG,IAAI,eAAe,CAAC;YAC5B,YAAY,EAAE,MAAM,CAAC,WAAW;YAChC,cAAc,EAAE,MAAM,CAAC,aAAa;YACpC,qBAAqB,EAAE,MAAM;YAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,CAAC,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,yCAAyC,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC;IACvF,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,gBAAgB,CAAC,MAAwB;QAC7C,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAsB,mCAAmC,EAAE;YACnF,MAAM,EAAE,MAAM;YACd,IAAI,EAAE;gBACJ,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,aAAa,EAAE,MAAM,CAAC,YAAY;gBAClC,YAAY,EAAE,MAAM,CAAC,WAAW;gBAChC,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB;YACD,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,mCAAmC;SAC7C,CAAC,CAAC;IACL,CAAC;CACF"}
+{"version":3,"file":"operator.js","sourceRoot":"","sources":["../../src/namespaces/operator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AA+FxD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,uBAAuB;IACvB,WAAW;IACX,eAAe;IACf,eAAe;CAChB,CAAC,CAAC;AAgFH;;;;;;GAMG;AACH,MAAM,OAAO,cAAc;IACI;IAA7B,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAE/C,uGAAuG;IACvG,KAAK,CAAC,SAAS,CAAC,KAA0B;QACxC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC;YACnB,MAAM,IAAI,UAAU,CAAC,8CAA8C,EAAE,uCAAuC,CAAC,CAAC;QAChH,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAiB,+CAA+C,EAAE;YAC1F,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE;YAC9B,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChG,OAAO,EAAE,uCAAuC;SACjD,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,MAAM,CAAC,KAAuB;QAClC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC;YACjB,MAAM,IAAI,UAAU,CAAC,oEAAoE,EAAE,qBAAqB,CAAC,CAAC;QACpH,CAAC;QACD,MAAM,OAAO,GAA2B,EAAE,gBAAgB,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;QACzE,IAAI,KAAK,CAAC,KAAK;YAAE,OAAO,CAAC,aAAa,GAAG,UAAU,KAAK,CAAC,KAAK,EAAE,CAAC;QACjE,MAAM,IAAI,GAA4B,EAAE,CAAC;QACzC,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS;YAAE,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC;QACzD,IAAI,KAAK,CAAC,WAAW,KAAK,SAAS;YAAE,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC,WAAW,CAAC;QAC3E,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAc,qCAAqC,EAAE;YAC7E,MAAM,EAAE,MAAM;YACd,IAAI;YACJ,OAAO;YACP,QAAQ,EAAE,CAAC,KAAK,CAAC,KAAK;YACtB,OAAO,EAAE,qBAAqB;SAC/B,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,OAAO,QAAQ;IAkBU;IAjB7B;;;;;;;OAOG;IACM,OAAO,CAAkB;IAElC;;;;OAIG;IACM,cAAc,CAAiB;IAExC,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;QACzC,IAAI,CAAC,OAAO,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC;QAC3C,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;IACnD,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,WAAW,CAAC,OAAgC,EAAE;QAClD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAkB,mCAAmC,EAAE;YAC/E,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE;YAC7D,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,wCAAwC;SAClD,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,UAAU,CAAC,UAAkB;QACjC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,yCAAyC,CAAC;QAC5E,IAAI,GAAa,CAAC;QAClB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE;gBACjC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC;aAClD,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,YAAY,CACpB,sDAAuD,GAAa,CAAC,OAAO,EAAE,EAC9E,GAAG,EACH,+BAA+B,CAChC,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAmC,CAAC;QACpF,IAAI,GAAG,CAAC,EAAE,IAAI,IAAI,IAAI,OAAO,IAAI,CAAC,sBAAsB,KAAK,QAAQ,EAAE,CAAC;YACtE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,IAAuC,EAAE,CAAC;QAChF,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QACzE,IAAI,KAAK,IAAI,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACzC,OAAO,EAAE,IAAI,EAAE,KAAsD,EAAE,CAAC;QAC1E,CAAC;QACD,MAAM,IAAI,QAAQ,CAChB,mDAAmD,GAAG,CAAC,MAAM,GAAG,EAChE,GAAG,CAAC,MAAM,EACV,IAAI,EACJ,+BAA+B,CAChC,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,QAAQ,CAAC,OAA2B,EAAE;QAC1C,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAmB,6BAA6B,EAAE;gBAC1E,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE,EAAE;gBAClD,QAAQ,EAAE,KAAK;gBACf,OAAO,EAAE,4BAA4B;aACtC,CAAC,CAAC;QACL,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAmB,6BAA6B,EAAE;YAC1E,OAAO,EAAE,4BAA4B;SACtC,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM,CAAC,IAAuB;QAClC,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAU,mCAAmC,EAAE;YACtE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE,EAAE;YAClD,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,2BAA2B;SACrC,CAAC,CAAC;IACL,CAAC;IAED,6EAA6E;IAC7E,4EAA4E;IAC5E,4EAA4E;IAC5E,2EAA2E;IAC3E,gEAAgE;IAChE,8EAA8E;IAC9E,+DAA+D;IAE/D;;;;OAIG;IACH,oBAAoB,CAAC,MAA0B;QAC7C,MAAM,CAAC,GAAG,IAAI,eAAe,CAAC;YAC5B,YAAY,EAAE,MAAM,CAAC,WAAW;YAChC,cAAc,EAAE,MAAM,CAAC,aAAa;YACpC,qBAAqB,EAAE,MAAM;YAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,CAAC,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,yCAAyC,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC;IACvF,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,gBAAgB,CAAC,MAAwB;QAC7C,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAsB,mCAAmC,EAAE;YACnF,MAAM,EAAE,MAAM;YACd,IAAI,EAAE;gBACJ,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,aAAa,EAAE,MAAM,CAAC,YAAY;gBAClC,YAAY,EAAE,MAAM,CAAC,WAAW;gBAChC,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB;YACD,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,mCAAmC;SAC7C,CAAC,CAAC;IACL,CAAC;CACF"}

package/sdk/dist/namespaces/org.d.ts

@@ -1,73 +1,111 @@
 /**
- * `org` namespace — the org-owned control plane (gateway v1.77+). Read the
- * resolved principal + memberships, list orgs, manage members and email
- * invites (owner-gated), and read the control-plane audit trail. All routes use
- * the existing SIWX auth; authorization is a membership lookup, never
- * `wallet == signer`.
+ * `org` namespace — the org-owned control plane (gateway v1.77+, first-class in
+ * v1.82). Mirrors the `r.projects` / `r.project(id)` idiom:
  *
- * Sub-resources are grouped so the surface scales: `r.org.members.*` and
- * `r.org.invites.*`. Org-level reads stay on the namespace itself
- * (`r.org.whoami` / `r.org.list` / `r.org.audit`).
+ *   - `r.orgs`        — collection + identity: `create`, `list`, `whoami`.
+ *   - `r.org(id)`     — a resource-scoped sub-client (id pre-bound): `get`,
+ *                       `rename`, `members.*`, `invites.*`, `audit`.
+ *
+ * All routes use the existing SIWX (or control-plane-session) auth; authorization
+ * is a membership lookup, never `wallet == signer`. Mutations (`create`,
+ * `rename`, member/invite changes) are step-up gated server-side and may return
+ * `STEP_UP_REQUIRED` when driven by a stale control-plane session.
  */
 import type { Client } from "../kernel.js";
-import type { AddMemberInput, AuditEvent, AuditOptions, CreateInviteInput, MemberMutationResult, MemberRevokeResult, OrgInvite, OrgInviteRevokeResult, OrgMember, OrgMembership, OrgRole, WhoAmIResult } from "./org.types.js";
-/** Member management — `r.org.members.*`. */
+import type { AddMemberInput, AuditEvent, AuditOptions, CreateInviteInput, CreateOrgInput, MemberMutationResult, MemberRevokeResult, OrgDetail, OrgInvite, OrgInviteRevokeResult, OrgMember, OrgMembership, OrgRole, OrgSummary, WhoAmIResult } from "./org.types.js";
+/** Member management — `r.org(id).members.*`. The org id is bound at construction. */
 export declare class OrgMembers {
     private readonly client;
-    constructor(client: Client);
-    /** List members of an org (`GET /orgs/v1/:billing_account_id/members`). Any active member. */
-    list(billingAccountId: string): Promise<OrgMember[]>;
+    private readonly orgId;
+    constructor(client: Client, orgId: string);
+    /** List members of the org (`GET /orgs/v1/:org_id/members`). Any active member. */
+    list(): Promise<OrgMember[]>;
     /**
-     * Add a member by wallet (`POST /orgs/v1/:billing_account_id/members`).
-     * Requires an active `owner` membership. A brand-new wallet is provisioned as
-     * a `human` principal; `role` defaults to `"developer"` server-side.
+     * Add a member by wallet (`POST /orgs/v1/:org_id/members`). Requires an active
+     * `owner` membership. A brand-new wallet is provisioned as a `human` principal;
+     * `role` defaults to `"developer"` server-side.
      */
-    add(billingAccountId: string, input: AddMemberInput): Promise<MemberMutationResult>;
+    add(input: AddMemberInput): Promise<MemberMutationResult>;
     /**
      * Change a member's role (`PATCH …/members/:principal_id`). Requires `owner`;
      * demoting the org's only active owner fails with `409 LAST_OWNER`.
      */
-    setRole(billingAccountId: string, principalId: string, role: OrgRole): Promise<MemberMutationResult>;
+    setRole(principalId: string, role: OrgRole): Promise<MemberMutationResult>;
     /**
      * Revoke a member (`DELETE …/members/:principal_id`) — one row, status
      * `revoked`, no key rotation. Requires `owner`; revoking the org's only active
      * owner fails with `409 LAST_OWNER`.
      */
-    revoke(billingAccountId: string, principalId: string): Promise<MemberRevokeResult>;
+    revoke(principalId: string): Promise<MemberRevokeResult>;
 }
-/** Email-invite management — `r.org.invites.*`. */
+/** Email-invite management — `r.org(id).invites.*`. The org id is bound at construction. */
 export declare class OrgInvites {
     private readonly client;
-    constructor(client: Client);
-    /** List pending email invites (`GET /orgs/v1/:billing_account_id/invites`). Any active member. */
-    list(billingAccountId: string): Promise<OrgInvite[]>;
+    private readonly orgId;
+    constructor(client: Client, orgId: string);
+    /** List pending email invites (`GET /orgs/v1/:org_id/invites`). Any active member. */
+    list(): Promise<OrgInvite[]>;
     /**
      * Invite a person by email (`POST …/invites`); claimed at their first login.
      * Requires `owner` (plus step-up when driven by a control-plane session).
      */
-    create(billingAccountId: string, input: CreateInviteInput): Promise<OrgInvite>;
+    create(input: CreateInviteInput): Promise<OrgInvite>;
     /** Revoke a pending invite by its pending principal id (`DELETE …/invites/:principal_id`). Requires `owner`. */
-    revoke(billingAccountId: string, principalId: string): Promise<OrgInviteRevokeResult>;
+    revoke(principalId: string): Promise<OrgInviteRevokeResult>;
 }
-export declare class Org {
+/**
+ * A resource-scoped org sub-client returned by `r.org(id)`. The org id is bound
+ * at construction; instance operations take no repeated id argument. Mirrors the
+ * project-scoped `r.project(id)` shape (narrower scope).
+ */
+export declare class ScopedOrg {
     private readonly client;
-    /** Member management (`r.org.members.*`). */
+    /** Member management (`r.org(id).members.*`). */
     readonly members: OrgMembers;
-    /** Email-invite management (`r.org.invites.*`). */
+    /** Email-invite management (`r.org(id).invites.*`). */
     readonly invites: OrgInvites;
+    /** The org id this sub-client is bound to. Read-only. */
+    readonly orgId: string;
+    constructor(client: Client, orgId: string);
+    /**
+     * Read this org (`GET /orgs/v1/:org_id`) — `{ org_id, display_name, tier, role }`.
+     * Any active member may view; a non-member (including a guessed id) gets the
+     * same non-revealing `403`.
+     */
+    get(): Promise<OrgDetail>;
+    /**
+     * Rename this org (`PATCH /orgs/v1/:org_id`). Owner-only + step-up gated. Pass
+     * `null` or `""` to clear the label. Returns the updated `{ org_id,
+     * display_name, tier }`.
+     */
+    rename(displayName: string | null): Promise<OrgSummary>;
+    /**
+     * Control-plane audit trail for this org (`GET /orgs/v1/:org_id/audit`).
+     * admin+. Newest-first; page with the `before` cursor.
+     */
+    audit(opts?: AuditOptions): Promise<AuditEvent[]>;
+}
+/**
+ * Org collection + identity — `r.orgs.*`. Operations that are not bound to a
+ * single org: create a new org, list the caller's orgs, resolve the principal.
+ */
+export declare class Orgs {
+    private readonly client;
     constructor(client: Client);
+    /**
+     * Create an empty org on the `prototype` tier (`POST /orgs/v1`); the caller
+     * becomes `owner`. Accepts only an optional `displayName` — there is no tier at
+     * create (paid tiers are a separate flow). Step-up gated; the soft per-owner
+     * free-org cap may return `FREE_ORG_OWNER_LIMIT_EXCEEDED`.
+     */
+    create(input?: CreateOrgInput): Promise<OrgSummary>;
+    /** List the orgs the caller is an active member of (`GET /orgs/v1`), as memberships. */
+    list(): Promise<OrgMembership[]>;
     /**
      * Resolve the caller's control-plane principal and its org memberships
      * (`GET /agent/v1/whoami`). This is the REMOTE identity; for the local,
      * network-free wallet/profile identity use `r.whoami()`.
      */
     whoami(): Promise<WhoAmIResult>;
-    /** List the orgs the caller is a member of (`GET /orgs/v1`), as memberships. */
-    list(): Promise<OrgMembership[]>;
-    /**
-     * Control-plane audit trail for an org (`GET /orgs/v1/:billing_account_id/audit`).
-     * admin+. Newest-first; page with the `before` cursor.
-     */
-    audit(billingAccountId: string, opts?: AuditOptions): Promise<AuditEvent[]>;
 }
 //# sourceMappingURL=org.d.ts.map

package/sdk/dist/namespaces/org.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"org.d.ts","sourceRoot":"","sources":["../../src/namespaces/org.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAE3C,OAAO,KAAK,EACV,cAAc,EACd,UAAU,EACV,YAAY,EACZ,iBAAiB,EACjB,oBAAoB,EACpB,kBAAkB,EAClB,SAAS,EACT,qBAAqB,EACrB,SAAS,EACT,aAAa,EACb,OAAO,EACP,YAAY,EACb,MAAM,gBAAgB,CAAC;AAQxB,6CAA6C;AAC7C,qBAAa,UAAU;IACT,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAE3C,8FAA8F;IACxF,IAAI,CAAC,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAS1D;;;;OAIG;IACG,GAAG,CAAC,gBAAgB,EAAE,MAAM,EAAE,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAazF;;;OAGG;IACG,OAAO,CAAC,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAU1G;;;;OAIG;IACG,MAAM,CAAC,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;CAQzF;AAED,mDAAmD;AACnD,qBAAa,UAAU;IACT,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAE3C,kGAAkG;IAC5F,IAAI,CAAC,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAS1D;;;OAGG;IACG,MAAM,CAAC,gBAAgB,EAAE,MAAM,EAAE,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,SAAS,CAAC;IAYpF,gHAAgH;IAC1G,MAAM,CAAC,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC;CAQ5F;AAED,qBAAa,GAAG;IAMF,OAAO,CAAC,QAAQ,CAAC,MAAM;IALnC,6CAA6C;IAC7C,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;IAC7B,mDAAmD;IACnD,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;gBAEA,MAAM,EAAE,MAAM;IAK3C;;;;OAIG;IACG,MAAM,IAAI,OAAO,CAAC,YAAY,CAAC;IAMrC,gFAAgF;IAC1E,IAAI,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;IAOtC;;;OAGG;IACG,KAAK,CAAC,gBAAgB,EAAE,MAAM,EAAE,IAAI,GAAE,YAAiB,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;CAatF"}
+{"version":3,"file":"org.d.ts","sourceRoot":"","sources":["../../src/namespaces/org.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAE3C,OAAO,KAAK,EACV,cAAc,EACd,UAAU,EACV,YAAY,EACZ,iBAAiB,EACjB,cAAc,EACd,oBAAoB,EACpB,kBAAkB,EAClB,SAAS,EACT,SAAS,EACT,qBAAqB,EACrB,SAAS,EACT,aAAa,EACb,OAAO,EACP,UAAU,EACV,YAAY,EACb,MAAM,gBAAgB,CAAC;AAExB,sFAAsF;AACtF,qBAAa,UAAU;IACT,OAAO,CAAC,QAAQ,CAAC,MAAM;IAAU,OAAO,CAAC,QAAQ,CAAC,KAAK;gBAAtC,MAAM,EAAE,MAAM,EAAmB,KAAK,EAAE,MAAM;IAE3E,mFAAmF;IAC7E,IAAI,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;IAQlC;;;;OAIG;IACG,GAAG,CAAC,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAY/D;;;OAGG;IACG,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAShF;;;;OAIG;IACG,MAAM,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;CAO/D;AAED,4FAA4F;AAC5F,qBAAa,UAAU;IACT,OAAO,CAAC,QAAQ,CAAC,MAAM;IAAU,OAAO,CAAC,QAAQ,CAAC,KAAK;gBAAtC,MAAM,EAAE,MAAM,EAAmB,KAAK,EAAE,MAAM;IAE3E,sFAAsF;IAChF,IAAI,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;IAQlC;;;OAGG;IACG,MAAM,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,SAAS,CAAC;IAW1D,gHAAgH;IAC1G,MAAM,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC;CAOlE;AAED;;;;GAIG;AACH,qBAAa,SAAS;IAQR,OAAO,CAAC,QAAQ,CAAC,MAAM;IAPnC,iDAAiD;IACjD,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;IAC7B,uDAAuD;IACvD,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;IAC7B,yDAAyD;IACzD,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;gBAEM,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM;IAO1D;;;;OAIG;IACG,GAAG,IAAI,OAAO,CAAC,SAAS,CAAC;IAM/B;;;;OAIG;IACG,MAAM,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,UAAU,CAAC;IAQ7D;;;OAGG;IACG,KAAK,CAAC,IAAI,GAAE,YAAiB,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;CAY5D;AAED;;;GAGG;AACH,qBAAa,IAAI;IACH,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAE3C;;;;;OAKG;IACG,MAAM,CAAC,KAAK,GAAE,cAAmB,GAAG,OAAO,CAAC,UAAU,CAAC;IAU7D,wFAAwF;IAClF,IAAI,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;IAOtC;;;;OAIG;IACG,MAAM,IAAI,OAAO,CAAC,YAAY,CAAC;CAKtC"}