run402 2.41.1 → 2.43.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/lib/operator.mjs +75 -7
  2. package/lib/org.mjs +150 -67
  3. package/lib/projects.mjs +156 -13
  4. package/lib/status.mjs +5 -2
  5. package/package.json +1 -1
  6. package/sdk/dist/control-plane-credentials.d.ts +1 -1
  7. package/sdk/dist/control-plane-credentials.js +1 -1
  8. package/sdk/dist/index.d.ts +16 -7
  9. package/sdk/dist/index.d.ts.map +1 -1
  10. package/sdk/dist/index.js +19 -8
  11. package/sdk/dist/index.js.map +1 -1
  12. package/sdk/dist/namespaces/operator.d.ts +101 -0
  13. package/sdk/dist/namespaces/operator.d.ts.map +1 -1
  14. package/sdk/dist/namespaces/operator.js +60 -1
  15. package/sdk/dist/namespaces/operator.js.map +1 -1
  16. package/sdk/dist/namespaces/org.d.ts +73 -35
  17. package/sdk/dist/namespaces/org.d.ts.map +1 -1
  18. package/sdk/dist/namespaces/org.js +122 -71
  19. package/sdk/dist/namespaces/org.js.map +1 -1
  20. package/sdk/dist/namespaces/org.types.d.ts +51 -17
  21. package/sdk/dist/namespaces/org.types.d.ts.map +1 -1
  22. package/sdk/dist/namespaces/org.types.js +7 -4
  23. package/sdk/dist/namespaces/org.types.js.map +1 -1
  24. package/sdk/dist/namespaces/projects.d.ts +44 -16
  25. package/sdk/dist/namespaces/projects.d.ts.map +1 -1
  26. package/sdk/dist/namespaces/projects.js +72 -28
  27. package/sdk/dist/namespaces/projects.js.map +1 -1
  28. package/sdk/dist/namespaces/projects.types.d.ts +98 -10
  29. package/sdk/dist/namespaces/projects.types.d.ts.map +1 -1
  30. package/sdk/dist/node/index.d.ts +3 -1
  31. package/sdk/dist/node/index.d.ts.map +1 -1
  32. package/sdk/dist/node/index.js +2 -1
  33. package/sdk/dist/node/index.js.map +1 -1
  34. package/sdk/dist/node/operator-claim.d.ts +49 -0
  35. package/sdk/dist/node/operator-claim.d.ts.map +1 -0
  36. package/sdk/dist/node/operator-claim.js +77 -0
  37. package/sdk/dist/node/operator-claim.js.map +1 -0
  38. package/sdk/dist/scoped.d.ts +3 -2
  39. package/sdk/dist/scoped.d.ts.map +1 -1
  40. package/sdk/dist/scoped.js +5 -2
  41. package/sdk/dist/scoped.js.map +1 -1
package/sdk/dist/namespaces/operator.js CHANGED
@@ -17,7 +17,7 @@
17
17
  *
18
18
  * Gateway contract: kychee-com/run402-private#443 (RFC 8628 device-auth bridge).
19
19
  */
20
- import { ApiError, NetworkError } from "../errors.js";
20
+ import { ApiError, LocalError, NetworkError } from "../errors.js";
21
21
  import { OperatorSession } from "./operator-session.js";
22
22
  const POLL_ERROR_CODES = new Set([
23
23
  "authorization_pending",
@@ -25,6 +25,58 @@ const POLL_ERROR_CODES = new Set([
25
25
  "access_denied",
26
26
  "expired_token",
27
27
  ]);
28
+ /**
29
+ * Wallet-owned org claim — `r.operator.claimWalletOrg.*`. The isomorphic
30
+ * (raw-proof) seam: `challenge` issues a nonce; `submit` posts the dual proof
31
+ * (control-plane session bearer + a fresh `SIGN-IN-WITH-X` wallet signature). The
32
+ * Node convenience `signWalletOrgClaim` / `claimWalletOrg` in `@run402/sdk/node`
33
+ * runs the whole dance (read session → challenge → sign → submit).
34
+ */
35
+ export class ClaimWalletOrg {
36
+ client;
37
+ constructor(client) {
38
+ this.client = client;
39
+ }
40
+ /** Request a single-use challenge nonce the wallet must sign (`POST …/claim-wallet-org/challenge`). */
41
+ async challenge(input) {
42
+ if (!input?.wallet) {
43
+ throw new LocalError("claimWalletOrg.challenge requires { wallet }", "requesting wallet-org claim challenge");
44
+ }
45
+ return this.client.request("/agent/v1/operator/claim-wallet-org/challenge", {
46
+ method: "POST",
47
+ body: { wallet: input.wallet },
48
+ ...(input.token ? { headers: { Authorization: `Bearer ${input.token}` }, withAuth: false } : {}),
49
+ context: "requesting wallet-org claim challenge",
50
+ });
51
+ }
52
+ /**
53
+ * Execute the claim (`POST …/claim-wallet-org`) carrying both proofs: the
54
+ * control-plane session bearer (the human) and the `SIGN-IN-WITH-X` wallet
55
+ * signature. Returns a discriminated {@link ClaimResult}; a `select_org` result
56
+ * is returned (not thrown). Throws {@link StepUpRequiredError} when the session
57
+ * is not passkey-fresh, and `ApiError` (`WALLET_PROOF_INVALID`) on a bad proof.
58
+ */
59
+ async submit(input) {
60
+ if (!input?.siwx) {
61
+ throw new LocalError("claimWalletOrg.submit requires { siwx } (the SIGN-IN-WITH-X proof)", "claiming wallet org");
62
+ }
63
+ const headers = { "SIGN-IN-WITH-X": input.siwx };
64
+ if (input.token)
65
+ headers.Authorization = `Bearer ${input.token}`;
66
+ const body = {};
67
+ if (input.orgId !== undefined)
68
+ body.org_id = input.orgId;
69
+ if (input.displayName !== undefined)
70
+ body.display_name = input.displayName;
71
+ return this.client.request("/agent/v1/operator/claim-wallet-org", {
72
+ method: "POST",
73
+ body,
74
+ headers,
75
+ withAuth: !input.token,
76
+ context: "claiming wallet org",
77
+ });
78
+ }
79
+ }
28
80
  export class Operator {
29
81
  client;
30
82
  /**
@@ -36,9 +88,16 @@ export class Operator {
36
88
  * CLI write-login below. See {@link OperatorSession}.
37
89
  */
38
90
  session;
91
+ /**
92
+ * Wallet-owned org claim (v1.82): `r.operator.claimWalletOrg.challenge()` +
93
+ * `.submit()`. The raw dual-proof seam; the Node convenience `claimWalletOrg`
94
+ * in `@run402/sdk/node` runs the full dance.
95
+ */
96
+ claimWalletOrg;
39
97
  constructor(client) {
40
98
  this.client = client;
41
99
  this.session = new OperatorSession(client);
100
+ this.claimWalletOrg = new ClaimWalletOrg(client);
42
101
  }
43
102
  /**
44
103
  * Begin the device-authorization flow. Unauthenticated. Returns the codes the
package/sdk/dist/namespaces/operator.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"operator.js","sourceRoot":"","sources":["../../src/namespaces/operator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AA+FxD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,uBAAuB;IACvB,WAAW;IACX,eAAe;IACf,eAAe;CAChB,CAAC,CAAC;AAEH,MAAM,OAAO,QAAQ;IAWU;IAV7B;;;;;;;OAOG;IACM,OAAO,CAAkB;IAElC,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;QACzC,IAAI,CAAC,OAAO,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC;IAC7C,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,WAAW,CAAC,OAAgC,EAAE;QAClD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAkB,mCAAmC,EAAE;YAC/E,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE;YAC7D,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,wCAAwC;SAClD,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,UAAU,CAAC,UAAkB;QACjC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,yCAAyC,CAAC;QAC5E,IAAI,GAAa,CAAC;QAClB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE;gBACjC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC;aAClD,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,YAAY,CACpB,sDAAuD,GAAa,CAAC,OAAO,EAAE,EAC9E,GAAG,EACH,+BAA+B,CAChC,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAmC,CAAC;QACpF,IAAI,GAAG,CAAC,EAAE,IAAI,IAAI,IAAI,OAAO,IAAI,CAAC,sBAAsB,KAAK,QAAQ,EAAE,CAAC;YACtE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,IAAuC,EAAE,CAAC;QAChF,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QACzE,IAAI,KAAK,IAAI,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACzC,OAAO,EAAE,IAAI,EAAE,KAAsD,EAAE,CAAC;QAC1E,CAAC;QACD,MAAM,IAAI,QAAQ,CAChB,mDAAmD,GAAG,CAAC,MAAM,GAAG,EAChE,GAAG,CAAC,MAAM,EACV,IAAI,EACJ,+BAA+B,CAChC,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,QAAQ,CAAC,OAA2B,EAAE;QAC1C,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAmB,6BAA6B,EAAE;gBAC1E,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE,EAAE;gBAClD,QAAQ,EAAE,KAAK;gBACf,OAAO,EAAE,4BAA4B;aACtC,CAAC,CAAC;QACL,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAmB,6BAA6B,EAAE;YAC1E,OAAO,EAAE,4BAA4B;SACtC,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM,CAAC,IAAuB;QAClC,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAU,mCAAmC,EAAE;YACtE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE,EAAE;YAClD,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,2BAA2B;SACrC,CAAC,CAAC;IACL,CAAC;IAED,6EAA6E;IAC7E,4EAA4E;IAC5E,4EAA4E;IAC5E,2EAA2E;IAC3E,gEAAgE;IAChE,8EAA8E;IAC9E,+DAA+D;IAE/D;;;;OAIG;IACH,oBAAoB,CAAC,MAA0B;QAC7C,MAAM,CAAC,GAAG,IAAI,eAAe,CAAC;YAC5B,YAAY,EAAE,MAAM,CAAC,WAAW;YAChC,cAAc,EAAE,MAAM,CAAC,aAAa;YACpC,qBAAqB,EAAE,MAAM;YAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,CAAC,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,yCAAyC,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC;IACvF,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,gBAAgB,CAAC,MAAwB;QAC7C,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAsB,mCAAmC,EAAE;YACnF,MAAM,EAAE,MAAM;YACd,IAAI,EAAE;gBACJ,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,aAAa,EAAE,MAAM,CAAC,YAAY;gBAClC,YAAY,EAAE,MAAM,CAAC,WAAW;gBAChC,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB;YACD,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,mCAAmC;SAC7C,CAAC,CAAC;IACL,CAAC;CACF"}
1
+ {"version":3,"file":"operator.js","sourceRoot":"","sources":["../../src/namespaces/operator.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAGH,OAAO,EAAE,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAClE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AA+FxD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,uBAAuB;IACvB,WAAW;IACX,eAAe;IACf,eAAe;CAChB,CAAC,CAAC;AAgFH;;;;;;GAMG;AACH,MAAM,OAAO,cAAc;IACI;IAA7B,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAE/C,uGAAuG;IACvG,KAAK,CAAC,SAAS,CAAC,KAA0B;QACxC,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC;YACnB,MAAM,IAAI,UAAU,CAAC,8CAA8C,EAAE,uCAAuC,CAAC,CAAC;QAChH,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAiB,+CAA+C,EAAE;YAC1F,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE;YAC9B,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,KAAK,CAAC,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChG,OAAO,EAAE,uCAAuC;SACjD,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,MAAM,CAAC,KAAuB;QAClC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC;YACjB,MAAM,IAAI,UAAU,CAAC,oEAAoE,EAAE,qBAAqB,CAAC,CAAC;QACpH,CAAC;QACD,MAAM,OAAO,GAA2B,EAAE,gBAAgB,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;QACzE,IAAI,KAAK,CAAC,KAAK;YAAE,OAAO,CAAC,aAAa,GAAG,UAAU,KAAK,CAAC,KAAK,EAAE,CAAC;QACjE,MAAM,IAAI,GAA4B,EAAE,CAAC;QACzC,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS;YAAE,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC;QACzD,IAAI,KAAK,CAAC,WAAW,KAAK,SAAS;YAAE,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC,WAAW,CAAC;QAC3E,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAc,qCAAqC,EAAE;YAC7E,MAAM,EAAE,MAAM;YACd,IAAI;YACJ,OAAO;YACP,QAAQ,EAAE,CAAC,KAAK,CAAC,KAAK;YACtB,OAAO,EAAE,qBAAqB;SAC/B,CAAC,CAAC;IACL,CAAC;CACF;AAED,MAAM,OAAO,QAAQ;IAkBU;IAjB7B;;;;;;;OAOG;IACM,OAAO,CAAkB;IAElC;;;;OAIG;IACM,cAAc,CAAiB;IAExC,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;QACzC,IAAI,CAAC,OAAO,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC;QAC3C,IAAI,CAAC,cAAc,GAAG,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC;IACnD,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,WAAW,CAAC,OAAgC,EAAE;QAClD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAkB,mCAAmC,EAAE;YAC/E,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE;YAC7D,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,wCAAwC;SAClD,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,UAAU,CAAC,UAAkB;QACjC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,yCAAyC,CAAC;QAC5E,IAAI,GAAa,CAAC;QAClB,IAAI,CAAC;YACH,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE;gBACjC,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC;aAClD,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,IAAI,YAAY,CACpB,sDAAuD,GAAa,CAAC,OAAO,EAAE,EAC9E,GAAG,EACH,+BAA+B,CAChC,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAmC,CAAC;QACpF,IAAI,GAAG,CAAC,EAAE,IAAI,IAAI,IAAI,OAAO,IAAI,CAAC,sBAAsB,KAAK,QAAQ,EAAE,CAAC;YACtE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,IAAuC,EAAE,CAAC;QAChF,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;QACzE,IAAI,KAAK,IAAI,gBAAgB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YACzC,OAAO,EAAE,IAAI,EAAE,KAAsD,EAAE,CAAC;QAC1E,CAAC;QACD,MAAM,IAAI,QAAQ,CAChB,mDAAmD,GAAG,CAAC,MAAM,GAAG,EAChE,GAAG,CAAC,MAAM,EACV,IAAI,EACJ,+BAA+B,CAChC,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,QAAQ,CAAC,OAA2B,EAAE;QAC1C,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAmB,6BAA6B,EAAE;gBAC1E,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE,EAAE;gBAClD,QAAQ,EAAE,KAAK;gBACf,OAAO,EAAE,4BAA4B;aACtC,CAAC,CAAC;QACL,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAmB,6BAA6B,EAAE;YAC1E,OAAO,EAAE,4BAA4B;SACtC,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM,CAAC,IAAuB;QAClC,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAU,mCAAmC,EAAE;YACtE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE,EAAE;YAClD,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,2BAA2B;SACrC,CAAC,CAAC;IACL,CAAC;IAED,6EAA6E;IAC7E,4EAA4E;IAC5E,4EAA4E;IAC5E,2EAA2E;IAC3E,gEAAgE;IAChE,8EAA8E;IAC9E,+DAA+D;IAE/D;;;;OAIG;IACH,oBAAoB,CAAC,MAA0B;QAC7C,MAAM,CAAC,GAAG,IAAI,eAAe,CAAC;YAC5B,YAAY,EAAE,MAAM,CAAC,WAAW;YAChC,cAAc,EAAE,MAAM,CAAC,aAAa;YACpC,qBAAqB,EAAE,MAAM;YAC7B,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,CAAC,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,yCAAyC,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC;IACvF,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,gBAAgB,CAAC,MAAwB;QAC7C,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAsB,mCAAmC,EAAE;YACnF,MAAM,EAAE,MAAM;YACd,IAAI,EAAE;gBACJ,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,aAAa,EAAE,MAAM,CAAC,YAAY;gBAClC,YAAY,EAAE,MAAM,CAAC,WAAW;gBAChC,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB;YACD,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,mCAAmC;SAC7C,CAAC,CAAC;IACL,CAAC;CACF"}
package/sdk/dist/namespaces/org.d.ts CHANGED
@@ -1,73 +1,111 @@
1
1
  /**
2
- * `org` namespace — the org-owned control plane (gateway v1.77+). Read the
3
- * resolved principal + memberships, list orgs, manage members and email
4
- * invites (owner-gated), and read the control-plane audit trail. All routes use
5
- * the existing SIWX auth; authorization is a membership lookup, never
6
- * `wallet == signer`.
2
+ * `org` namespace — the org-owned control plane (gateway v1.77+, first-class in
3
+ * v1.82). Mirrors the `r.projects` / `r.project(id)` idiom:
7
4
  *
8
- * Sub-resources are grouped so the surface scales: `r.org.members.*` and
9
- * `r.org.invites.*`. Org-level reads stay on the namespace itself
10
- * (`r.org.whoami` / `r.org.list` / `r.org.audit`).
5
+ * - `r.orgs` — collection + identity: `create`, `list`, `whoami`.
6
+ * - `r.org(id)` — a resource-scoped sub-client (id pre-bound): `get`,
7
+ * `rename`, `members.*`, `invites.*`, `audit`.
8
+ *
9
+ * All routes use the existing SIWX (or control-plane-session) auth; authorization
10
+ * is a membership lookup, never `wallet == signer`. Mutations (`create`,
11
+ * `rename`, member/invite changes) are step-up gated server-side and may return
12
+ * `STEP_UP_REQUIRED` when driven by a stale control-plane session.
11
13
  */
12
14
  import type { Client } from "../kernel.js";
13
- import type { AddMemberInput, AuditEvent, AuditOptions, CreateInviteInput, MemberMutationResult, MemberRevokeResult, OrgInvite, OrgInviteRevokeResult, OrgMember, OrgMembership, OrgRole, WhoAmIResult } from "./org.types.js";
14
- /** Member management — `r.org.members.*`. */
15
+ import type { AddMemberInput, AuditEvent, AuditOptions, CreateInviteInput, CreateOrgInput, MemberMutationResult, MemberRevokeResult, OrgDetail, OrgInvite, OrgInviteRevokeResult, OrgMember, OrgMembership, OrgRole, OrgSummary, WhoAmIResult } from "./org.types.js";
16
+ /** Member management — `r.org(id).members.*`. The org id is bound at construction. */
15
17
  export declare class OrgMembers {
16
18
  private readonly client;
17
- constructor(client: Client);
18
- /** List members of an org (`GET /orgs/v1/:billing_account_id/members`). Any active member. */
19
- list(billingAccountId: string): Promise<OrgMember[]>;
19
+ private readonly orgId;
20
+ constructor(client: Client, orgId: string);
21
+ /** List members of the org (`GET /orgs/v1/:org_id/members`). Any active member. */
22
+ list(): Promise<OrgMember[]>;
20
23
  /**
21
- * Add a member by wallet (`POST /orgs/v1/:billing_account_id/members`).
22
- * Requires an active `owner` membership. A brand-new wallet is provisioned as
23
- * a `human` principal; `role` defaults to `"developer"` server-side.
24
+ * Add a member by wallet (`POST /orgs/v1/:org_id/members`). Requires an active
25
+ * `owner` membership. A brand-new wallet is provisioned as a `human` principal;
26
+ * `role` defaults to `"developer"` server-side.
24
27
  */
25
- add(billingAccountId: string, input: AddMemberInput): Promise<MemberMutationResult>;
28
+ add(input: AddMemberInput): Promise<MemberMutationResult>;
26
29
  /**
27
30
  * Change a member's role (`PATCH …/members/:principal_id`). Requires `owner`;
28
31
  * demoting the org's only active owner fails with `409 LAST_OWNER`.
29
32
  */
30
- setRole(billingAccountId: string, principalId: string, role: OrgRole): Promise<MemberMutationResult>;
33
+ setRole(principalId: string, role: OrgRole): Promise<MemberMutationResult>;
31
34
  /**
32
35
  * Revoke a member (`DELETE …/members/:principal_id`) — one row, status
33
36
  * `revoked`, no key rotation. Requires `owner`; revoking the org's only active
34
37
  * owner fails with `409 LAST_OWNER`.
35
38
  */
36
- revoke(billingAccountId: string, principalId: string): Promise<MemberRevokeResult>;
39
+ revoke(principalId: string): Promise<MemberRevokeResult>;
37
40
  }
38
- /** Email-invite management — `r.org.invites.*`. */
41
+ /** Email-invite management — `r.org(id).invites.*`. The org id is bound at construction. */
39
42
  export declare class OrgInvites {
40
43
  private readonly client;
41
- constructor(client: Client);
42
- /** List pending email invites (`GET /orgs/v1/:billing_account_id/invites`). Any active member. */
43
- list(billingAccountId: string): Promise<OrgInvite[]>;
44
+ private readonly orgId;
45
+ constructor(client: Client, orgId: string);
46
+ /** List pending email invites (`GET /orgs/v1/:org_id/invites`). Any active member. */
47
+ list(): Promise<OrgInvite[]>;
44
48
  /**
45
49
  * Invite a person by email (`POST …/invites`); claimed at their first login.
46
50
  * Requires `owner` (plus step-up when driven by a control-plane session).
47
51
  */
48
- create(billingAccountId: string, input: CreateInviteInput): Promise<OrgInvite>;
52
+ create(input: CreateInviteInput): Promise<OrgInvite>;
49
53
  /** Revoke a pending invite by its pending principal id (`DELETE …/invites/:principal_id`). Requires `owner`. */
50
- revoke(billingAccountId: string, principalId: string): Promise<OrgInviteRevokeResult>;
54
+ revoke(principalId: string): Promise<OrgInviteRevokeResult>;
51
55
  }
52
- export declare class Org {
56
+ /**
57
+ * A resource-scoped org sub-client returned by `r.org(id)`. The org id is bound
58
+ * at construction; instance operations take no repeated id argument. Mirrors the
59
+ * project-scoped `r.project(id)` shape (narrower scope).
60
+ */
61
+ export declare class ScopedOrg {
53
62
  private readonly client;
54
- /** Member management (`r.org.members.*`). */
63
+ /** Member management (`r.org(id).members.*`). */
55
64
  readonly members: OrgMembers;
56
- /** Email-invite management (`r.org.invites.*`). */
65
+ /** Email-invite management (`r.org(id).invites.*`). */
57
66
  readonly invites: OrgInvites;
67
+ /** The org id this sub-client is bound to. Read-only. */
68
+ readonly orgId: string;
69
+ constructor(client: Client, orgId: string);
70
+ /**
71
+ * Read this org (`GET /orgs/v1/:org_id`) — `{ org_id, display_name, tier, role }`.
72
+ * Any active member may view; a non-member (including a guessed id) gets the
73
+ * same non-revealing `403`.
74
+ */
75
+ get(): Promise<OrgDetail>;
76
+ /**
77
+ * Rename this org (`PATCH /orgs/v1/:org_id`). Owner-only + step-up gated. Pass
78
+ * `null` or `""` to clear the label. Returns the updated `{ org_id,
79
+ * display_name, tier }`.
80
+ */
81
+ rename(displayName: string | null): Promise<OrgSummary>;
82
+ /**
83
+ * Control-plane audit trail for this org (`GET /orgs/v1/:org_id/audit`).
84
+ * admin+. Newest-first; page with the `before` cursor.
85
+ */
86
+ audit(opts?: AuditOptions): Promise<AuditEvent[]>;
87
+ }
88
+ /**
89
+ * Org collection + identity — `r.orgs.*`. Operations that are not bound to a
90
+ * single org: create a new org, list the caller's orgs, resolve the principal.
91
+ */
92
+ export declare class Orgs {
93
+ private readonly client;
58
94
  constructor(client: Client);
95
+ /**
96
+ * Create an empty org on the `prototype` tier (`POST /orgs/v1`); the caller
97
+ * becomes `owner`. Accepts only an optional `displayName` — there is no tier at
98
+ * create (paid tiers are a separate flow). Step-up gated; the soft per-owner
99
+ * free-org cap may return `FREE_ORG_OWNER_LIMIT_EXCEEDED`.
100
+ */
101
+ create(input?: CreateOrgInput): Promise<OrgSummary>;
102
+ /** List the orgs the caller is an active member of (`GET /orgs/v1`), as memberships. */
103
+ list(): Promise<OrgMembership[]>;
59
104
  /**
60
105
  * Resolve the caller's control-plane principal and its org memberships
61
106
  * (`GET /agent/v1/whoami`). This is the REMOTE identity; for the local,
62
107
  * network-free wallet/profile identity use `r.whoami()`.
63
108
  */
64
109
  whoami(): Promise<WhoAmIResult>;
65
- /** List the orgs the caller is a member of (`GET /orgs/v1`), as memberships. */
66
- list(): Promise<OrgMembership[]>;
67
- /**
68
- * Control-plane audit trail for an org (`GET /orgs/v1/:billing_account_id/audit`).
69
- * admin+. Newest-first; page with the `before` cursor.
70
- */
71
- audit(billingAccountId: string, opts?: AuditOptions): Promise<AuditEvent[]>;
72
110
  }
73
111
  //# sourceMappingURL=org.d.ts.map
package/sdk/dist/namespaces/org.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"org.d.ts","sourceRoot":"","sources":["../../src/namespaces/org.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAE3C,OAAO,KAAK,EACV,cAAc,EACd,UAAU,EACV,YAAY,EACZ,iBAAiB,EACjB,oBAAoB,EACpB,kBAAkB,EAClB,SAAS,EACT,qBAAqB,EACrB,SAAS,EACT,aAAa,EACb,OAAO,EACP,YAAY,EACb,MAAM,gBAAgB,CAAC;AAQxB,6CAA6C;AAC7C,qBAAa,UAAU;IACT,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAE3C,8FAA8F;IACxF,IAAI,CAAC,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAS1D;;;;OAIG;IACG,GAAG,CAAC,gBAAgB,EAAE,MAAM,EAAE,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAazF;;;OAGG;IACG,OAAO,CAAC,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAU1G;;;;OAIG;IACG,MAAM,CAAC,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;CAQzF;AAED,mDAAmD;AACnD,qBAAa,UAAU;IACT,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAE3C,kGAAkG;IAC5F,IAAI,CAAC,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAS1D;;;OAGG;IACG,MAAM,CAAC,gBAAgB,EAAE,MAAM,EAAE,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,SAAS,CAAC;IAYpF,gHAAgH;IAC1G,MAAM,CAAC,gBAAgB,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC;CAQ5F;AAED,qBAAa,GAAG;IAMF,OAAO,CAAC,QAAQ,CAAC,MAAM;IALnC,6CAA6C;IAC7C,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;IAC7B,mDAAmD;IACnD,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;gBAEA,MAAM,EAAE,MAAM;IAK3C;;;;OAIG;IACG,MAAM,IAAI,OAAO,CAAC,YAAY,CAAC;IAMrC,gFAAgF;IAC1E,IAAI,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;IAOtC;;;OAGG;IACG,KAAK,CAAC,gBAAgB,EAAE,MAAM,EAAE,IAAI,GAAE,YAAiB,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;CAatF"}
1
+ {"version":3,"file":"org.d.ts","sourceRoot":"","sources":["../../src/namespaces/org.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAE3C,OAAO,KAAK,EACV,cAAc,EACd,UAAU,EACV,YAAY,EACZ,iBAAiB,EACjB,cAAc,EACd,oBAAoB,EACpB,kBAAkB,EAClB,SAAS,EACT,SAAS,EACT,qBAAqB,EACrB,SAAS,EACT,aAAa,EACb,OAAO,EACP,UAAU,EACV,YAAY,EACb,MAAM,gBAAgB,CAAC;AAExB,sFAAsF;AACtF,qBAAa,UAAU;IACT,OAAO,CAAC,QAAQ,CAAC,MAAM;IAAU,OAAO,CAAC,QAAQ,CAAC,KAAK;gBAAtC,MAAM,EAAE,MAAM,EAAmB,KAAK,EAAE,MAAM;IAE3E,mFAAmF;IAC7E,IAAI,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;IAQlC;;;;OAIG;IACG,GAAG,CAAC,KAAK,EAAE,cAAc,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAY/D;;;OAGG;IACG,OAAO,CAAC,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAShF;;;;OAIG;IACG,MAAM,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;CAO/D;AAED,4FAA4F;AAC5F,qBAAa,UAAU;IACT,OAAO,CAAC,QAAQ,CAAC,MAAM;IAAU,OAAO,CAAC,QAAQ,CAAC,KAAK;gBAAtC,MAAM,EAAE,MAAM,EAAmB,KAAK,EAAE,MAAM;IAE3E,sFAAsF;IAChF,IAAI,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;IAQlC;;;OAGG;IACG,MAAM,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAAC,SAAS,CAAC;IAW1D,gHAAgH;IAC1G,MAAM,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC;CAOlE;AAED;;;;GAIG;AACH,qBAAa,SAAS;IAQR,OAAO,CAAC,QAAQ,CAAC,MAAM;IAPnC,iDAAiD;IACjD,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;IAC7B,uDAAuD;IACvD,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;IAC7B,yDAAyD;IACzD,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;gBAEM,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM;IAO1D;;;;OAIG;IACG,GAAG,IAAI,OAAO,CAAC,SAAS,CAAC;IAM/B;;;;OAIG;IACG,MAAM,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,UAAU,CAAC;IAQ7D;;;OAGG;IACG,KAAK,CAAC,IAAI,GAAE,YAAiB,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;CAY5D;AAED;;;GAGG;AACH,qBAAa,IAAI;IACH,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAE3C;;;;;OAKG;IACG,MAAM,CAAC,KAAK,GAAE,cAAmB,GAAG,OAAO,CAAC,UAAU,CAAC;IAU7D,wFAAwF;IAClF,IAAI,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;IAOtC;;;;OAIG;IACG,MAAM,IAAI,OAAO,CAAC,YAAY,CAAC;CAKtC"}
package/sdk/dist/namespaces/org.js CHANGED
@@ -1,149 +1,200 @@
1
1
  /**
2
- * `org` namespace — the org-owned control plane (gateway v1.77+). Read the
3
- * resolved principal + memberships, list orgs, manage members and email
4
- * invites (owner-gated), and read the control-plane audit trail. All routes use
5
- * the existing SIWX auth; authorization is a membership lookup, never
6
- * `wallet == signer`.
2
+ * `org` namespace — the org-owned control plane (gateway v1.77+, first-class in
3
+ * v1.82). Mirrors the `r.projects` / `r.project(id)` idiom:
7
4
  *
8
- * Sub-resources are grouped so the surface scales: `r.org.members.*` and
9
- * `r.org.invites.*`. Org-level reads stay on the namespace itself
10
- * (`r.org.whoami` / `r.org.list` / `r.org.audit`).
5
+ * - `r.orgs` — collection + identity: `create`, `list`, `whoami`.
6
+ * - `r.org(id)` — a resource-scoped sub-client (id pre-bound): `get`,
7
+ * `rename`, `members.*`, `invites.*`, `audit`.
8
+ *
9
+ * All routes use the existing SIWX (or control-plane-session) auth; authorization
10
+ * is a membership lookup, never `wallet == signer`. Mutations (`create`,
11
+ * `rename`, member/invite changes) are step-up gated server-side and may return
12
+ * `STEP_UP_REQUIRED` when driven by a stale control-plane session.
11
13
  */
12
14
  import { LocalError } from "../errors.js";
13
- function requireBa(billingAccountId, method, context) {
14
- if (!billingAccountId) {
15
- throw new LocalError(`${method} requires a billing_account_id`, context);
16
- }
17
- }
18
- /** Member management — `r.org.members.*`. */
15
+ /** Member management — `r.org(id).members.*`. The org id is bound at construction. */
19
16
  export class OrgMembers {
20
17
  client;
21
- constructor(client) {
18
+ orgId;
19
+ constructor(client, orgId) {
22
20
  this.client = client;
21
+ this.orgId = orgId;
23
22
  }
24
- /** List members of an org (`GET /orgs/v1/:billing_account_id/members`). Any active member. */
25
- async list(billingAccountId) {
26
- requireBa(billingAccountId, "org.members.list", "listing org members");
27
- const res = await this.client.request(`/orgs/v1/${encodeURIComponent(billingAccountId)}/members`, { context: "listing org members" });
23
+ /** List members of the org (`GET /orgs/v1/:org_id/members`). Any active member. */
24
+ async list() {
25
+ const res = await this.client.request(`/orgs/v1/${encodeURIComponent(this.orgId)}/members`, { context: "listing org members" });
28
26
  return res.members ?? [];
29
27
  }
30
28
  /**
31
- * Add a member by wallet (`POST /orgs/v1/:billing_account_id/members`).
32
- * Requires an active `owner` membership. A brand-new wallet is provisioned as
33
- * a `human` principal; `role` defaults to `"developer"` server-side.
29
+ * Add a member by wallet (`POST /orgs/v1/:org_id/members`). Requires an active
30
+ * `owner` membership. A brand-new wallet is provisioned as a `human` principal;
31
+ * `role` defaults to `"developer"` server-side.
34
32
  */
35
- async add(billingAccountId, input) {
36
- requireBa(billingAccountId, "org.members.add", "adding org member");
33
+ async add(input) {
37
34
  if (!input?.wallet) {
38
- throw new LocalError("org.members.add requires { wallet }", "adding org member");
35
+ throw new LocalError("org members.add requires { wallet }", "adding org member");
39
36
  }
40
37
  const body = { wallet: input.wallet };
41
38
  if (input.role !== undefined)
42
39
  body.role = input.role;
43
- return this.client.request(`/orgs/v1/${encodeURIComponent(billingAccountId)}/members`, { method: "POST", body, context: "adding org member" });
40
+ return this.client.request(`/orgs/v1/${encodeURIComponent(this.orgId)}/members`, { method: "POST", body, context: "adding org member" });
44
41
  }
45
42
  /**
46
43
  * Change a member's role (`PATCH …/members/:principal_id`). Requires `owner`;
47
44
  * demoting the org's only active owner fails with `409 LAST_OWNER`.
48
45
  */
49
- async setRole(billingAccountId, principalId, role) {
50
- requireBa(billingAccountId, "org.members.setRole", "setting member role");
46
+ async setRole(principalId, role) {
51
47
  if (!principalId)
52
- throw new LocalError("org.members.setRole requires a principalId", "setting member role");
48
+ throw new LocalError("org members.setRole requires a principalId", "setting member role");
53
49
  if (!role)
54
- throw new LocalError("org.members.setRole requires a role", "setting member role");
55
- return this.client.request(`/orgs/v1/${encodeURIComponent(billingAccountId)}/members/${encodeURIComponent(principalId)}`, { method: "PATCH", body: { role }, context: "setting member role" });
50
+ throw new LocalError("org members.setRole requires a role", "setting member role");
51
+ return this.client.request(`/orgs/v1/${encodeURIComponent(this.orgId)}/members/${encodeURIComponent(principalId)}`, { method: "PATCH", body: { role }, context: "setting member role" });
56
52
  }
57
53
  /**
58
54
  * Revoke a member (`DELETE …/members/:principal_id`) — one row, status
59
55
  * `revoked`, no key rotation. Requires `owner`; revoking the org's only active
60
56
  * owner fails with `409 LAST_OWNER`.
61
57
  */
62
- async revoke(billingAccountId, principalId) {
63
- requireBa(billingAccountId, "org.members.revoke", "revoking org member");
58
+ async revoke(principalId) {
64
59
  if (!principalId)
65
- throw new LocalError("org.members.revoke requires a principalId", "revoking org member");
66
- return this.client.request(`/orgs/v1/${encodeURIComponent(billingAccountId)}/members/${encodeURIComponent(principalId)}`, { method: "DELETE", context: "revoking org member" });
60
+ throw new LocalError("org members.revoke requires a principalId", "revoking org member");
61
+ return this.client.request(`/orgs/v1/${encodeURIComponent(this.orgId)}/members/${encodeURIComponent(principalId)}`, { method: "DELETE", context: "revoking org member" });
67
62
  }
68
63
  }
69
- /** Email-invite management — `r.org.invites.*`. */
64
+ /** Email-invite management — `r.org(id).invites.*`. The org id is bound at construction. */
70
65
  export class OrgInvites {
71
66
  client;
72
- constructor(client) {
67
+ orgId;
68
+ constructor(client, orgId) {
73
69
  this.client = client;
70
+ this.orgId = orgId;
74
71
  }
75
- /** List pending email invites (`GET /orgs/v1/:billing_account_id/invites`). Any active member. */
76
- async list(billingAccountId) {
77
- requireBa(billingAccountId, "org.invites.list", "listing org invites");
78
- const res = await this.client.request(`/orgs/v1/${encodeURIComponent(billingAccountId)}/invites`, { context: "listing org invites" });
72
+ /** List pending email invites (`GET /orgs/v1/:org_id/invites`). Any active member. */
73
+ async list() {
74
+ const res = await this.client.request(`/orgs/v1/${encodeURIComponent(this.orgId)}/invites`, { context: "listing org invites" });
79
75
  return res.invites ?? [];
80
76
  }
81
77
  /**
82
78
  * Invite a person by email (`POST …/invites`); claimed at their first login.
83
79
  * Requires `owner` (plus step-up when driven by a control-plane session).
84
80
  */
85
- async create(billingAccountId, input) {
86
- requireBa(billingAccountId, "org.invites.create", "creating org invite");
81
+ async create(input) {
87
82
  if (!input?.email)
88
- throw new LocalError("org.invites.create requires { email }", "creating org invite");
83
+ throw new LocalError("org invites.create requires { email }", "creating org invite");
89
84
  if (!input?.role)
90
- throw new LocalError("org.invites.create requires { role }", "creating org invite");
85
+ throw new LocalError("org invites.create requires { role }", "creating org invite");
91
86
  const body = { email: input.email, role: input.role };
92
87
  if (input.inviteTtlHours !== undefined)
93
88
  body.invite_ttl_hours = input.inviteTtlHours;
94
- return this.client.request(`/orgs/v1/${encodeURIComponent(billingAccountId)}/invites`, { method: "POST", body, context: "creating org invite" });
89
+ return this.client.request(`/orgs/v1/${encodeURIComponent(this.orgId)}/invites`, { method: "POST", body, context: "creating org invite" });
95
90
  }
96
91
  /** Revoke a pending invite by its pending principal id (`DELETE …/invites/:principal_id`). Requires `owner`. */
97
- async revoke(billingAccountId, principalId) {
98
- requireBa(billingAccountId, "org.invites.revoke", "revoking org invite");
92
+ async revoke(principalId) {
99
93
  if (!principalId)
100
- throw new LocalError("org.invites.revoke requires a principalId", "revoking org invite");
101
- return this.client.request(`/orgs/v1/${encodeURIComponent(billingAccountId)}/invites/${encodeURIComponent(principalId)}`, { method: "DELETE", context: "revoking org invite" });
94
+ throw new LocalError("org invites.revoke requires a principalId", "revoking org invite");
95
+ return this.client.request(`/orgs/v1/${encodeURIComponent(this.orgId)}/invites/${encodeURIComponent(principalId)}`, { method: "DELETE", context: "revoking org invite" });
102
96
  }
103
97
  }
104
- export class Org {
98
+ /**
99
+ * A resource-scoped org sub-client returned by `r.org(id)`. The org id is bound
100
+ * at construction; instance operations take no repeated id argument. Mirrors the
101
+ * project-scoped `r.project(id)` shape (narrower scope).
102
+ */
103
+ export class ScopedOrg {
105
104
  client;
106
- /** Member management (`r.org.members.*`). */
105
+ /** Member management (`r.org(id).members.*`). */
107
106
  members;
108
- /** Email-invite management (`r.org.invites.*`). */
107
+ /** Email-invite management (`r.org(id).invites.*`). */
109
108
  invites;
110
- constructor(client) {
109
+ /** The org id this sub-client is bound to. Read-only. */
110
+ orgId;
111
+ constructor(client, orgId) {
111
112
  this.client = client;
112
- this.members = new OrgMembers(client);
113
- this.invites = new OrgInvites(client);
113
+ if (!orgId)
114
+ throw new LocalError("r.org(id) requires an org id", "scoping client to org");
115
+ this.orgId = orgId;
116
+ this.members = new OrgMembers(client, orgId);
117
+ this.invites = new OrgInvites(client, orgId);
114
118
  }
115
119
  /**
116
- * Resolve the caller's control-plane principal and its org memberships
117
- * (`GET /agent/v1/whoami`). This is the REMOTE identity; for the local,
118
- * network-free wallet/profile identity use `r.whoami()`.
120
+ * Read this org (`GET /orgs/v1/:org_id`) `{ org_id, display_name, tier, role }`.
121
+ * Any active member may view; a non-member (including a guessed id) gets the
122
+ * same non-revealing `403`.
119
123
  */
120
- async whoami() {
121
- return this.client.request("/agent/v1/whoami", {
122
- context: "resolving principal identity",
124
+ async get() {
125
+ return this.client.request(`/orgs/v1/${encodeURIComponent(this.orgId)}`, {
126
+ context: "reading org",
123
127
  });
124
128
  }
125
- /** List the orgs the caller is a member of (`GET /orgs/v1`), as memberships. */
126
- async list() {
127
- const res = await this.client.request("/orgs/v1", {
128
- context: "listing organizations",
129
+ /**
130
+ * Rename this org (`PATCH /orgs/v1/:org_id`). Owner-only + step-up gated. Pass
131
+ * `null` or `""` to clear the label. Returns the updated `{ org_id,
132
+ * display_name, tier }`.
133
+ */
134
+ async rename(displayName) {
135
+ return this.client.request(`/orgs/v1/${encodeURIComponent(this.orgId)}`, {
136
+ method: "PATCH",
137
+ body: { display_name: displayName },
138
+ context: "renaming org",
129
139
  });
130
- return res.orgs ?? [];
131
140
  }
132
141
  /**
133
- * Control-plane audit trail for an org (`GET /orgs/v1/:billing_account_id/audit`).
142
+ * Control-plane audit trail for this org (`GET /orgs/v1/:org_id/audit`).
134
143
  * admin+. Newest-first; page with the `before` cursor.
135
144
  */
136
- async audit(billingAccountId, opts = {}) {
137
- requireBa(billingAccountId, "org.audit", "reading org audit trail");
145
+ async audit(opts = {}) {
138
146
  const parts = [];
139
147
  if (opts.limit !== undefined)
140
148
  parts.push(`limit=${encodeURIComponent(String(opts.limit))}`);
141
149
  if (opts.before !== undefined)
142
150
  parts.push(`before=${encodeURIComponent(opts.before)}`);
143
151
  const q = parts.join("&");
144
- const base = `/orgs/v1/${encodeURIComponent(billingAccountId)}/audit`;
152
+ const base = `/orgs/v1/${encodeURIComponent(this.orgId)}/audit`;
145
153
  const res = await this.client.request(q ? `${base}?${q}` : base, { context: "reading org audit trail" });
146
154
  return res.events ?? res.audit_events ?? [];
147
155
  }
148
156
  }
157
+ /**
158
+ * Org collection + identity — `r.orgs.*`. Operations that are not bound to a
159
+ * single org: create a new org, list the caller's orgs, resolve the principal.
160
+ */
161
+ export class Orgs {
162
+ client;
163
+ constructor(client) {
164
+ this.client = client;
165
+ }
166
+ /**
167
+ * Create an empty org on the `prototype` tier (`POST /orgs/v1`); the caller
168
+ * becomes `owner`. Accepts only an optional `displayName` — there is no tier at
169
+ * create (paid tiers are a separate flow). Step-up gated; the soft per-owner
170
+ * free-org cap may return `FREE_ORG_OWNER_LIMIT_EXCEEDED`.
171
+ */
172
+ async create(input = {}) {
173
+ const body = {};
174
+ if (input.displayName !== undefined)
175
+ body.display_name = input.displayName;
176
+ return this.client.request("/orgs/v1", {
177
+ method: "POST",
178
+ body,
179
+ context: "creating organization",
180
+ });
181
+ }
182
+ /** List the orgs the caller is an active member of (`GET /orgs/v1`), as memberships. */
183
+ async list() {
184
+ const res = await this.client.request("/orgs/v1", {
185
+ context: "listing organizations",
186
+ });
187
+ return res.orgs ?? [];
188
+ }
189
+ /**
190
+ * Resolve the caller's control-plane principal and its org memberships
191
+ * (`GET /agent/v1/whoami`). This is the REMOTE identity; for the local,
192
+ * network-free wallet/profile identity use `r.whoami()`.
193
+ */
194
+ async whoami() {
195
+ return this.client.request("/agent/v1/whoami", {
196
+ context: "resolving principal identity",
197
+ });
198
+ }
199
+ }
149
200
  //# sourceMappingURL=org.js.map
package/sdk/dist/namespaces/org.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"org.js","sourceRoot":"","sources":["../../src/namespaces/org.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAgB1C,SAAS,SAAS,CAAC,gBAAwB,EAAE,MAAc,EAAE,OAAe;IAC1E,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACtB,MAAM,IAAI,UAAU,CAAC,GAAG,MAAM,gCAAgC,EAAE,OAAO,CAAC,CAAC;IAC3E,CAAC;AACH,CAAC;AAED,6CAA6C;AAC7C,MAAM,OAAO,UAAU;IACQ;IAA7B,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAE/C,8FAA8F;IAC9F,KAAK,CAAC,IAAI,CAAC,gBAAwB;QACjC,SAAS,CAAC,gBAAgB,EAAE,kBAAkB,EAAE,qBAAqB,CAAC,CAAC;QACvE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACnC,YAAY,kBAAkB,CAAC,gBAAgB,CAAC,UAAU,EAC1D,EAAE,OAAO,EAAE,qBAAqB,EAAE,CACnC,CAAC;QACF,OAAO,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,GAAG,CAAC,gBAAwB,EAAE,KAAqB;QACvD,SAAS,CAAC,gBAAgB,EAAE,iBAAiB,EAAE,mBAAmB,CAAC,CAAC;QACpE,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC;YACnB,MAAM,IAAI,UAAU,CAAC,qCAAqC,EAAE,mBAAmB,CAAC,CAAC;QACnF,CAAC;QACD,MAAM,IAAI,GAA4B,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;QAC/D,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS;YAAE,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;QACrD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CACxB,YAAY,kBAAkB,CAAC,gBAAgB,CAAC,UAAU,EAC1D,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,mBAAmB,EAAE,CACvD,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,OAAO,CAAC,gBAAwB,EAAE,WAAmB,EAAE,IAAa;QACxE,SAAS,CAAC,gBAAgB,EAAE,qBAAqB,EAAE,qBAAqB,CAAC,CAAC;QAC1E,IAAI,CAAC,WAAW;YAAE,MAAM,IAAI,UAAU,CAAC,4CAA4C,EAAE,qBAAqB,CAAC,CAAC;QAC5G,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,UAAU,CAAC,qCAAqC,EAAE,qBAAqB,CAAC,CAAC;QAC9F,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CACxB,YAAY,kBAAkB,CAAC,gBAAgB,CAAC,YAAY,kBAAkB,CAAC,WAAW,CAAC,EAAE,EAC7F,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,qBAAqB,EAAE,CACpE,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM,CAAC,gBAAwB,EAAE,WAAmB;QACxD,SAAS,CAAC,gBAAgB,EAAE,oBAAoB,EAAE,qBAAqB,CAAC,CAAC;QACzE,IAAI,CAAC,WAAW;YAAE,MAAM,IAAI,UAAU,CAAC,2CAA2C,EAAE,qBAAqB,CAAC,CAAC;QAC3G,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CACxB,YAAY,kBAAkB,CAAC,gBAAgB,CAAC,YAAY,kBAAkB,CAAC,WAAW,CAAC,EAAE,EAC7F,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,qBAAqB,EAAE,CACrD,CAAC;IACJ,CAAC;CACF;AAED,mDAAmD;AACnD,MAAM,OAAO,UAAU;IACQ;IAA7B,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAE/C,kGAAkG;IAClG,KAAK,CAAC,IAAI,CAAC,gBAAwB;QACjC,SAAS,CAAC,gBAAgB,EAAE,kBAAkB,EAAE,qBAAqB,CAAC,CAAC;QACvE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACnC,YAAY,kBAAkB,CAAC,gBAAgB,CAAC,UAAU,EAC1D,EAAE,OAAO,EAAE,qBAAqB,EAAE,CACnC,CAAC;QACF,OAAO,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CAAC,gBAAwB,EAAE,KAAwB;QAC7D,SAAS,CAAC,gBAAgB,EAAE,oBAAoB,EAAE,qBAAqB,CAAC,CAAC;QACzE,IAAI,CAAC,KAAK,EAAE,KAAK;YAAE,MAAM,IAAI,UAAU,CAAC,uCAAuC,EAAE,qBAAqB,CAAC,CAAC;QACxG,IAAI,CAAC,KAAK,EAAE,IAAI;YAAE,MAAM,IAAI,UAAU,CAAC,sCAAsC,EAAE,qBAAqB,CAAC,CAAC;QACtG,MAAM,IAAI,GAA4B,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;QAC/E,IAAI,KAAK,CAAC,cAAc,KAAK,SAAS;YAAE,IAAI,CAAC,gBAAgB,GAAG,KAAK,CAAC,cAAc,CAAC;QACrF,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CACxB,YAAY,kBAAkB,CAAC,gBAAgB,CAAC,UAAU,EAC1D,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,qBAAqB,EAAE,CACzD,CAAC;IACJ,CAAC;IAED,gHAAgH;IAChH,KAAK,CAAC,MAAM,CAAC,gBAAwB,EAAE,WAAmB;QACxD,SAAS,CAAC,gBAAgB,EAAE,oBAAoB,EAAE,qBAAqB,CAAC,CAAC;QACzE,IAAI,CAAC,WAAW;YAAE,MAAM,IAAI,UAAU,CAAC,2CAA2C,EAAE,qBAAqB,CAAC,CAAC;QAC3G,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CACxB,YAAY,kBAAkB,CAAC,gBAAgB,CAAC,YAAY,kBAAkB,CAAC,WAAW,CAAC,EAAE,EAC7F,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,qBAAqB,EAAE,CACrD,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,GAAG;IAMe;IAL7B,6CAA6C;IACpC,OAAO,CAAa;IAC7B,mDAAmD;IAC1C,OAAO,CAAa;IAE7B,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;QACzC,IAAI,CAAC,OAAO,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;QACtC,IAAI,CAAC,OAAO,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IACxC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM;QACV,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAe,kBAAkB,EAAE;YAC3D,OAAO,EAAE,8BAA8B;SACxC,CAAC,CAAC;IACL,CAAC;IAED,gFAAgF;IAChF,KAAK,CAAC,IAAI;QACR,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAA4B,UAAU,EAAE;YAC3E,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;QACH,OAAO,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;IACxB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,KAAK,CAAC,gBAAwB,EAAE,OAAqB,EAAE;QAC3D,SAAS,CAAC,gBAAgB,EAAE,WAAW,EAAE,yBAAyB,CAAC,CAAC;QACpE,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS;YAAE,KAAK,CAAC,IAAI,CAAC,SAAS,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QAC5F,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS;YAAE,KAAK,CAAC,IAAI,CAAC,UAAU,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACvF,MAAM,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1B,MAAM,IAAI,GAAG,YAAY,kBAAkB,CAAC,gBAAgB,CAAC,QAAQ,CAAC;QACtE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACnC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EACzB,EAAE,OAAO,EAAE,yBAAyB,EAAE,CACvC,CAAC;QACF,OAAO,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;IAC9C,CAAC;CACF"}
1
+ {"version":3,"file":"org.js","sourceRoot":"","sources":["../../src/namespaces/org.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAmB1C,sFAAsF;AACtF,MAAM,OAAO,UAAU;IACQ;IAAiC;IAA9D,YAA6B,MAAc,EAAmB,KAAa;QAA9C,WAAM,GAAN,MAAM,CAAQ;QAAmB,UAAK,GAAL,KAAK,CAAQ;IAAG,CAAC;IAE/E,mFAAmF;IACnF,KAAK,CAAC,IAAI;QACR,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACnC,YAAY,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,EACpD,EAAE,OAAO,EAAE,qBAAqB,EAAE,CACnC,CAAC;QACF,OAAO,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,GAAG,CAAC,KAAqB;QAC7B,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC;YACnB,MAAM,IAAI,UAAU,CAAC,qCAAqC,EAAE,mBAAmB,CAAC,CAAC;QACnF,CAAC;QACD,MAAM,IAAI,GAA4B,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC;QAC/D,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS;YAAE,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;QACrD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CACxB,YAAY,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,EACpD,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,mBAAmB,EAAE,CACvD,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,OAAO,CAAC,WAAmB,EAAE,IAAa;QAC9C,IAAI,CAAC,WAAW;YAAE,MAAM,IAAI,UAAU,CAAC,4CAA4C,EAAE,qBAAqB,CAAC,CAAC;QAC5G,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,UAAU,CAAC,qCAAqC,EAAE,qBAAqB,CAAC,CAAC;QAC9F,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CACxB,YAAY,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,kBAAkB,CAAC,WAAW,CAAC,EAAE,EACvF,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,qBAAqB,EAAE,CACpE,CAAC;IACJ,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM,CAAC,WAAmB;QAC9B,IAAI,CAAC,WAAW;YAAE,MAAM,IAAI,UAAU,CAAC,2CAA2C,EAAE,qBAAqB,CAAC,CAAC;QAC3G,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CACxB,YAAY,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,kBAAkB,CAAC,WAAW,CAAC,EAAE,EACvF,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,qBAAqB,EAAE,CACrD,CAAC;IACJ,CAAC;CACF;AAED,4FAA4F;AAC5F,MAAM,OAAO,UAAU;IACQ;IAAiC;IAA9D,YAA6B,MAAc,EAAmB,KAAa;QAA9C,WAAM,GAAN,MAAM,CAAQ;QAAmB,UAAK,GAAL,KAAK,CAAQ;IAAG,CAAC;IAE/E,sFAAsF;IACtF,KAAK,CAAC,IAAI;QACR,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACnC,YAAY,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,EACpD,EAAE,OAAO,EAAE,qBAAqB,EAAE,CACnC,CAAC;QACF,OAAO,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CAAC,KAAwB;QACnC,IAAI,CAAC,KAAK,EAAE,KAAK;YAAE,MAAM,IAAI,UAAU,CAAC,uCAAuC,EAAE,qBAAqB,CAAC,CAAC;QACxG,IAAI,CAAC,KAAK,EAAE,IAAI;YAAE,MAAM,IAAI,UAAU,CAAC,sCAAsC,EAAE,qBAAqB,CAAC,CAAC;QACtG,MAAM,IAAI,GAA4B,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;QAC/E,IAAI,KAAK,CAAC,cAAc,KAAK,SAAS;YAAE,IAAI,CAAC,gBAAgB,GAAG,KAAK,CAAC,cAAc,CAAC;QACrF,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CACxB,YAAY,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,EACpD,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,qBAAqB,EAAE,CACzD,CAAC;IACJ,CAAC;IAED,gHAAgH;IAChH,KAAK,CAAC,MAAM,CAAC,WAAmB;QAC9B,IAAI,CAAC,WAAW;YAAE,MAAM,IAAI,UAAU,CAAC,2CAA2C,EAAE,qBAAqB,CAAC,CAAC;QAC3G,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CACxB,YAAY,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,kBAAkB,CAAC,WAAW,CAAC,EAAE,EACvF,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,qBAAqB,EAAE,CACrD,CAAC;IACJ,CAAC;CACF;AAED;;;;GAIG;AACH,MAAM,OAAO,SAAS;IAQS;IAP7B,iDAAiD;IACxC,OAAO,CAAa;IAC7B,uDAAuD;IAC9C,OAAO,CAAa;IAC7B,yDAAyD;IAChD,KAAK,CAAS;IAEvB,YAA6B,MAAc,EAAE,KAAa;QAA7B,WAAM,GAAN,MAAM,CAAQ;QACzC,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,UAAU,CAAC,8BAA8B,EAAE,uBAAuB,CAAC,CAAC;QAC1F,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,OAAO,GAAG,IAAI,UAAU,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO,GAAG,IAAI,UAAU,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAC/C,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,GAAG;QACP,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAY,YAAY,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;YAClF,OAAO,EAAE,aAAa;SACvB,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM,CAAC,WAA0B;QACrC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAa,YAAY,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;YACnF,MAAM,EAAE,OAAO;YACf,IAAI,EAAE,EAAE,YAAY,EAAE,WAAW,EAAE;YACnC,OAAO,EAAE,cAAc;SACxB,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,KAAK,CAAC,OAAqB,EAAE;QACjC,MAAM,KAAK,GAAa,EAAE,CAAC;QAC3B,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS;YAAE,KAAK,CAAC,IAAI,CAAC,SAAS,kBAAkB,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QAC5F,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS;YAAE,KAAK,CAAC,IAAI,CAAC,UAAU,kBAAkB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QACvF,MAAM,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1B,MAAM,IAAI,GAAG,YAAY,kBAAkB,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;QAChE,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACnC,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EACzB,EAAE,OAAO,EAAE,yBAAyB,EAAE,CACvC,CAAC;QACF,OAAO,GAAG,CAAC,MAAM,IAAI,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;IAC9C,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,IAAI;IACc;IAA7B,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAE/C;;;;;OAKG;IACH,KAAK,CAAC,MAAM,CAAC,QAAwB,EAAE;QACrC,MAAM,IAAI,GAA4B,EAAE,CAAC;QACzC,IAAI,KAAK,CAAC,WAAW,KAAK,SAAS;YAAE,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC,WAAW,CAAC;QAC3E,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAa,UAAU,EAAE;YACjD,MAAM,EAAE,MAAM;YACd,IAAI;YACJ,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;IACL,CAAC;IAED,wFAAwF;IACxF,KAAK,CAAC,IAAI;QACR,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAA4B,UAAU,EAAE;YAC3E,OAAO,EAAE,uBAAuB;SACjC,CAAC,CAAC;QACH,OAAO,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;IACxB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM;QACV,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAe,kBAAkB,EAAE;YAC3D,OAAO,EAAE,8BAA8B;SACxC,CAAC,CAAC;IACL,CAAC;CACF"}