dominus-sdk-python 2.12.0__tar.gz → 2.13.0__tar.gz

dominus_sdk_python-2.13.0/PKG-INFO

@@ -0,0 +1,179 @@
+Metadata-Version: 2.4
+Name: dominus-sdk-python
+Version: 2.13.0
+Summary: Python SDK for the Dominus Orchestrator Platform
+Author-email: CareBridge Systems <dev@carebridge.io>
+License: Proprietary
+Project-URL: Homepage, https://github.com/carebridgesystems/dominus-sdk-python
+Project-URL: Repository, https://github.com/carebridgesystems/dominus-sdk-python
+Keywords: dominus,carebridge,sdk,orchestrator,api,async
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: Other/Proprietary License
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Classifier: Framework :: AsyncIO
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+Requires-Dist: httpx>=0.24.0
+Requires-Dist: bcrypt>=4.0.0
+Requires-Dist: cryptography>=41.0.0
+Provides-Extra: jwt
+Requires-Dist: PyJWT>=2.8.0; extra == "jwt"
+Provides-Extra: oracle
+Requires-Dist: websockets>=12.0; extra == "oracle"
+Requires-Dist: sounddevice>=0.4.6; extra == "oracle"
+Requires-Dist: numpy>=1.24.0; extra == "oracle"
+Requires-Dist: webrtcvad>=2.0.10; extra == "oracle"
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0.0; extra == "dev"
+Requires-Dist: pytest-asyncio>=0.21.0; extra == "dev"
+Provides-Extra: all
+Requires-Dist: PyJWT>=2.8.0; extra == "all"
+Requires-Dist: websockets>=12.0; extra == "all"
+Requires-Dist: sounddevice>=0.4.6; extra == "all"
+Requires-Dist: numpy>=1.24.0; extra == "all"
+Requires-Dist: webrtcvad>=2.0.10; extra == "all"
+
+# Dominus SDK for Python
+
+Async Python SDK for CareBridge Dominus platform services. Routes calls through the Dominus Gateway with JWT-based authentication, base64 wire encoding, retries, and circuit breaking.
+
+## What This Is
+
+- Server-side, asyncio-first Python SDK (3.9+)
+- Namespace API with root-level shortcuts for common operations
+- Targets production Cloudflare Workers (gateway, JWT, logs) and Cloud Run (orchestrator)
+- Version: 2.12.0
+
+## Quick Start
+
+```python
+import os
+from dominus import dominus
+
+os.environ["DOMINUS_TOKEN"] = "your-psk-token"
+
+# Secrets
+value = await dominus.secrets.get("DB_URL")
+await dominus.secrets.upsert("API_KEY", "secret_value")
+
+# Database CRUD
+users = await dominus.db.query("users", filters={"status": "active"})
+await dominus.db.insert("users", {"name": "John", "email": "john@example.com"})
+
+# Redis caching
+await dominus.redis.set("session:123", {"user": "john"}, ttl=3600)
+value = await dominus.redis.get("session:123")
+
+# File storage
+result = await dominus.files.upload(data=buf, filename="report.pdf", category="reports")
+
+# AI agent execution
+result = await dominus.ai.run_agent(
+    conversation_id="conv-123",
+    system_prompt="You are helpful.",
+    user_prompt="Hello!"
+)
+
+# Streaming AI
+async for chunk in dominus.ai.stream_agent(
+    conversation_id="conv-123",
+    system_prompt="You are helpful.",
+    user_prompt="Tell me a story"
+):
+    print(chunk.get("content", ""), end="", flush=True)
+
+# Workflow execution
+result = await dominus.workflow.execute(workflow_id, context={"key": "value"})
+```
+
+## Architecture (SDK View)
+
+```
+DOMINUS_TOKEN (PSK) --> Gateway /jwt/mint --> JWT cached (14min TTL)
+                                |
+                                v
+                    Gateway /svc/* (AI, workflow, logs)
+                         or
+                    Orchestrator /api/* (all other services)
+```
+
+- JSON requests/responses are base64-encoded for auth-required routes
+- GET requests send no body; parameters go in the path or query string
+- Gateway routing (`/api/*` -> `/svc/*`) is used by AI, workflow, and logs namespaces
+- Orchestrator handles secrets, db, auth, ddl, files, redis, portal, courier, open, health, admin
+
+## Namespaces
+
+| Namespace | Service | Description |
+|-----------|---------|-------------|
+| `secrets` | Warden | Secrets CRUD |
+| `db` | Scribe | Database CRUD with optional secure-table audit |
+| `secure` / `db_secure` | Scribe | Audit-logged data access (requires reason/actor) |
+| `redis` | Whisperer | Cache, locks, counters, hashes |
+| `files` | Archivist | Object storage with compliance mode |
+| `auth` | Guardian | Users, roles, scopes, tenants, clients, pages, nav, subtypes, secure tables (147 methods) |
+| `ddl` | Smith | Schema DDL, migrations, tenant provisioning, schema builder |
+| `logs` | Logs Worker | Structured logging with callsite capture |
+| `portal` | Portal | Login, sessions, profile, preferences, navigation, registration |
+| `courier` | Courier | Postmark email delivery |
+| `open` | Scribe Open | Raw SQL / DSN retrieval |
+| `health` | Orchestrator | Health/ping/warmup |
+| `admin` | Admin | Reseed/reset admin category |
+| `ai` | Agent Runtime | Agent execution, LLM completions, RAG, artifacts, results, orchestration, STT/TTS |
+| `workflow` | Workflow Manager | Workflow CRUD, categories/pipelines, templates, execution |
+| `oracle` / `stt` | Oracle | Real-time streaming STT with VAD (WebSocket, requires `oracle` extras) |
+| `fastapi` | Local | FastAPI route auth decorators (`@jwt`, `@psk`, `@scopes`) |
+
+## Configuration
+
+**Required:**
+- `DOMINUS_TOKEN` -- PSK token for gateway authentication
+
+**Optional:**
+- `DOMINUS_GATEWAY_URL` -- Override gateway URL (default: `https://gateway.getdominus.app`)
+- `DOMINUS_JWT_URL` -- Override JWT worker URL (default: `https://jwt.getdominus.app`)
+- `DOMINUS_LOGS_URL` -- Override logs worker URL (default: `https://logs.getdominus.app`)
+- `DOMINUS_BASE_URL` -- Override orchestrator URL (default: production Cloud Run)
+- `DOMINUS_HTTP_PROXY` / `DOMINUS_HTTPS_PROXY` -- httpx proxy configuration
+- `DOMINUS_CAPTURE_CONSOLE` -- Set to `"true"` to auto-forward `print()` and `logging.*` to Logs Worker
+
+## Installation
+
+```bash
+pip install dominus-sdk-python
+
+# With optional extras
+pip install dominus-sdk-python[jwt]      # Local JWT verification
+pip install dominus-sdk-python[oracle]   # WebSocket STT (websockets, numpy, sounddevice, webrtcvad)
+pip install dominus-sdk-python[all]      # Everything
+```
+
+## Console Capture
+
+Forward `print()` and `logging.*` to the Dominus Logs Worker:
+
+```python
+# Automatic (via env var, before importing SDK):
+os.environ["DOMINUS_CAPTURE_CONSOLE"] = "true"
+
+# Manual:
+dominus.capture_console()     # start capturing
+dominus.release_console()     # stop capturing
+```
+
+## Documentation
+
+- [Architecture](docs/architecture.md) -- Request flow, resilience, JWT verification
+- [Services Reference](docs/services.md) -- Complete namespace and method inventory
+- [Development](docs/development.md) -- Setup, testing, adding APIs
+
+## License
+
+Proprietary - CareBridge Systems

dominus_sdk_python-2.13.0/README.md

@@ -0,0 +1,137 @@
+# Dominus SDK for Python
+
+Async Python SDK for CareBridge Dominus platform services. Routes calls through the Dominus Gateway with JWT-based authentication, base64 wire encoding, retries, and circuit breaking.
+
+## What This Is
+
+- Server-side, asyncio-first Python SDK (3.9+)
+- Namespace API with root-level shortcuts for common operations
+- Targets production Cloudflare Workers (gateway, JWT, logs) and Cloud Run (orchestrator)
+- Version: 2.12.0
+
+## Quick Start
+
+```python
+import os
+from dominus import dominus
+
+os.environ["DOMINUS_TOKEN"] = "your-psk-token"
+
+# Secrets
+value = await dominus.secrets.get("DB_URL")
+await dominus.secrets.upsert("API_KEY", "secret_value")
+
+# Database CRUD
+users = await dominus.db.query("users", filters={"status": "active"})
+await dominus.db.insert("users", {"name": "John", "email": "john@example.com"})
+
+# Redis caching
+await dominus.redis.set("session:123", {"user": "john"}, ttl=3600)
+value = await dominus.redis.get("session:123")
+
+# File storage
+result = await dominus.files.upload(data=buf, filename="report.pdf", category="reports")
+
+# AI agent execution
+result = await dominus.ai.run_agent(
+    conversation_id="conv-123",
+    system_prompt="You are helpful.",
+    user_prompt="Hello!"
+)
+
+# Streaming AI
+async for chunk in dominus.ai.stream_agent(
+    conversation_id="conv-123",
+    system_prompt="You are helpful.",
+    user_prompt="Tell me a story"
+):
+    print(chunk.get("content", ""), end="", flush=True)
+
+# Workflow execution
+result = await dominus.workflow.execute(workflow_id, context={"key": "value"})
+```
+
+## Architecture (SDK View)
+
+```
+DOMINUS_TOKEN (PSK) --> Gateway /jwt/mint --> JWT cached (14min TTL)
+                                |
+                                v
+                    Gateway /svc/* (AI, workflow, logs)
+                         or
+                    Orchestrator /api/* (all other services)
+```
+
+- JSON requests/responses are base64-encoded for auth-required routes
+- GET requests send no body; parameters go in the path or query string
+- Gateway routing (`/api/*` -> `/svc/*`) is used by AI, workflow, and logs namespaces
+- Orchestrator handles secrets, db, auth, ddl, files, redis, portal, courier, open, health, admin
+
+## Namespaces
+
+| Namespace | Service | Description |
+|-----------|---------|-------------|
+| `secrets` | Warden | Secrets CRUD |
+| `db` | Scribe | Database CRUD with optional secure-table audit |
+| `secure` / `db_secure` | Scribe | Audit-logged data access (requires reason/actor) |
+| `redis` | Whisperer | Cache, locks, counters, hashes |
+| `files` | Archivist | Object storage with compliance mode |
+| `auth` | Guardian | Users, roles, scopes, tenants, clients, pages, nav, subtypes, secure tables (147 methods) |
+| `ddl` | Smith | Schema DDL, migrations, tenant provisioning, schema builder |
+| `logs` | Logs Worker | Structured logging with callsite capture |
+| `portal` | Portal | Login, sessions, profile, preferences, navigation, registration |
+| `courier` | Courier | Postmark email delivery |
+| `open` | Scribe Open | Raw SQL / DSN retrieval |
+| `health` | Orchestrator | Health/ping/warmup |
+| `admin` | Admin | Reseed/reset admin category |
+| `ai` | Agent Runtime | Agent execution, LLM completions, RAG, artifacts, results, orchestration, STT/TTS |
+| `workflow` | Workflow Manager | Workflow CRUD, categories/pipelines, templates, execution |
+| `oracle` / `stt` | Oracle | Real-time streaming STT with VAD (WebSocket, requires `oracle` extras) |
+| `fastapi` | Local | FastAPI route auth decorators (`@jwt`, `@psk`, `@scopes`) |
+
+## Configuration
+
+**Required:**
+- `DOMINUS_TOKEN` -- PSK token for gateway authentication
+
+**Optional:**
+- `DOMINUS_GATEWAY_URL` -- Override gateway URL (default: `https://gateway.getdominus.app`)
+- `DOMINUS_JWT_URL` -- Override JWT worker URL (default: `https://jwt.getdominus.app`)
+- `DOMINUS_LOGS_URL` -- Override logs worker URL (default: `https://logs.getdominus.app`)
+- `DOMINUS_BASE_URL` -- Override orchestrator URL (default: production Cloud Run)
+- `DOMINUS_HTTP_PROXY` / `DOMINUS_HTTPS_PROXY` -- httpx proxy configuration
+- `DOMINUS_CAPTURE_CONSOLE` -- Set to `"true"` to auto-forward `print()` and `logging.*` to Logs Worker
+
+## Installation
+
+```bash
+pip install dominus-sdk-python
+
+# With optional extras
+pip install dominus-sdk-python[jwt]      # Local JWT verification
+pip install dominus-sdk-python[oracle]   # WebSocket STT (websockets, numpy, sounddevice, webrtcvad)
+pip install dominus-sdk-python[all]      # Everything
+```
+
+## Console Capture
+
+Forward `print()` and `logging.*` to the Dominus Logs Worker:
+
+```python
+# Automatic (via env var, before importing SDK):
+os.environ["DOMINUS_CAPTURE_CONSOLE"] = "true"
+
+# Manual:
+dominus.capture_console()     # start capturing
+dominus.release_console()     # stop capturing
+```
+
+## Documentation
+
+- [Architecture](docs/architecture.md) -- Request flow, resilience, JWT verification
+- [Services Reference](docs/services.md) -- Complete namespace and method inventory
+- [Development](docs/development.md) -- Setup, testing, adding APIs
+
+## License
+
+Proprietary - CareBridge Systems

{dominus_sdk_python-2.12.0 → dominus_sdk_python-2.13.0}/dominus/__init__.py

@@ -100,6 +100,12 @@ from .namespaces.courier import CourierNamespace
 from .namespaces.health import HealthNamespace
 from .namespaces.open import OpenNamespace
 
+# Export new namespaces (Node.js SDK parity)
+from .namespaces.artifacts import ArtifactsNamespace
+from .namespaces.jobs import JobsNamespace
+from .namespaces.processor import ProcessorNamespace
+from .namespaces.sync import SyncNamespace
+
 # Export Oracle namespace for speech-to-text
 from .namespaces.oracle import (
     OracleNamespace,
@@ -146,7 +152,7 @@ from .errors import (
     TimeoutError as DominusTimeoutError,
 )
 
-__version__ = "2.10.0"
+__version__ = "2.13.0"
 __all__ = [
     # Main SDK instance
     "dominus",
@@ -175,6 +181,11 @@ __all__ = [
     "CourierNamespace",
     "HealthNamespace",
     "OpenNamespace",
+    # New namespaces (Node.js SDK parity)
+    "ArtifactsNamespace",
+    "JobsNamespace",
+    "ProcessorNamespace",
+    "SyncNamespace",
     # Oracle namespace for speech-to-text
     "OracleNamespace",
     "OracleSession",

{dominus_sdk_python-2.12.0 → dominus_sdk_python-2.13.0}/dominus/helpers/core.py

@@ -611,41 +611,26 @@ def verify_token_format(token: str) -> bool:
 
 async def health_check_all(base_url: str) -> dict:
     """
-    Check health of orchestrator services.
+    Validate SDK readiness.
+
+    Previously checked orchestrator health via /api/health, but orchestrator
+    health is no longer a gate for SDK operations. Services route through
+    the gateway, and each service handles its own health independently.
+
+    Now just validates the base URL is set and returns healthy.
+    Orchestrator health checks are only relevant for courier/oracle
+    which will be refactored separately.
 
     Args:
-        base_url: Orchestrator base URL
+        base_url: Gateway/orchestrator base URL
 
     Returns:
-        Health status dict with service results
+        Health status dict (always healthy if base_url is set)
     """
-    from ..config.endpoints import get_proxy_config
-    proxy_config = get_proxy_config()
-
-    results = {}
-
-    # Check orchestrator via /api/health
-    # Timeout: 15s to handle cold starts on Cloud Run
-    try:
-        start = time.time()
-        async with httpx.AsyncClient(base_url=base_url, timeout=15.0, proxies=proxy_config) as client:
-            response = await client.get("/api/health")
-            response.raise_for_status()
-
-            # Parse response (may be JSON string or dict)
-            health_data = response.json() if response.headers.get("content-type", "").startswith("application/json") else {"status": "ok"}
-
-        latency = int((time.time() - start) * 1000)
-        results["orchestrator"] = {
-            "status": health_data.get("status", "healthy"),
-            "latency_ms": latency,
-            **health_data
-        }
-    except Exception as e:
-        results["orchestrator"] = {"status": "unhealthy", "error": str(e)}
-        return {"status": "unhealthy", "services": results, "message": "Orchestrator unhealthy"}
+    if not base_url:
+        return {"status": "unhealthy", "services": {}, "message": "No base URL configured"}
 
-    return {"status": "healthy", "services": results, "message": "All services healthy"}
+    return {"status": "healthy", "services": {}, "message": "SDK ready"}
 
 
 async def get_service_url(service_name: str, token: str, sovereign_url: str) -> str:

{dominus_sdk_python-2.12.0 → dominus_sdk_python-2.13.0}/dominus/namespaces/__init__.py

@@ -1,4 +1,4 @@
-"""Dominus SDK Namespaces v2.8"""
+"""Dominus SDK Namespaces v2.9"""
 from .secrets import SecretsNamespace
 from .db import DbNamespace
 from .redis import RedisNamespace
@@ -11,6 +11,10 @@ from .health import HealthNamespace
 from .portal import PortalNamespace
 from .courier import CourierNamespace
 from .workflow import WorkflowNamespace
+from .artifacts import ArtifactsNamespace
+from .jobs import JobsNamespace
+from .processor import ProcessorNamespace
+from .sync import SyncNamespace
 from .ai import (
     AiNamespace,
     RagSubNamespace,
@@ -32,6 +36,10 @@ __all__ = [
     "PortalNamespace",
     "CourierNamespace",
     "WorkflowNamespace",
+    "ArtifactsNamespace",
+    "JobsNamespace",
+    "ProcessorNamespace",
+    "SyncNamespace",
     "AiNamespace",
     "RagSubNamespace",
     "ArtifactsSubNamespace",

dominus_sdk_python-2.13.0/dominus/namespaces/artifacts.py

@@ -0,0 +1,150 @@
+"""
+Artifacts Namespace - Temporary artifact storage.
+
+Provides auto-tiered artifact storage (Redis < 1MB, B2 >= 1MB)
+with TTL-based expiration. Routes through gateway to artifact-worker.
+
+Usage:
+    from dominus import dominus
+
+    # Store
+    result = await dominus.artifacts.store(data="base64data...", ttl_seconds=7200)
+
+    # Retrieve
+    artifact = await dominus.artifacts.retrieve(result["key"])
+
+    # List
+    items = await dominus.artifacts.list(category="reports")
+
+    # Delete
+    await dominus.artifacts.delete(result["key"])
+"""
+from typing import Any, Dict, List, Optional, TYPE_CHECKING
+
+if TYPE_CHECKING:
+    from ..start import Dominus
+
+
+class ArtifactsNamespace:
+    """
+    Artifact storage namespace.
+
+    Auto-tiered: data < 1MB stored in Redis, >= 1MB in Backblaze B2.
+    All operations route through gateway to artifact-worker.
+    """
+
+    def __init__(self, client: "Dominus"):
+        self._client = client
+
+    async def _api(
+        self,
+        endpoint: str,
+        method: str = "POST",
+        body: Optional[Dict[str, Any]] = None,
+        timeout: float = 30.0,
+    ) -> Dict[str, Any]:
+        """Make gateway-routed request to artifact-worker."""
+        return await self._client._request(
+            endpoint=endpoint,
+            method=method,
+            body=body,
+            use_gateway=True,
+            timeout=timeout,
+        )
+
+    async def list(
+        self,
+        limit: int = 100,
+        category: Optional[str] = None,
+    ) -> Dict[str, Any]:
+        """
+        List artifacts for the current project/environment.
+
+        Args:
+            limit: Max items to return (default 100, max 500)
+            category: Optional category filter
+
+        Returns:
+            {artifacts: [...], count: int, total_size_bytes: int}
+        """
+        body: Dict[str, Any] = {"limit": limit}
+        if category:
+            body["category"] = category
+        return await self._api("/api/artifact/list", body=body)
+
+    async def get_health(self) -> Dict[str, Any]:
+        """Check artifact worker health."""
+        return await self._api("/api/artifact/health", method="GET")
+
+    async def store(
+        self,
+        data: str,
+        key: Optional[str] = None,
+        ttl_seconds: int = 3600,
+        category: Optional[str] = None,
+    ) -> Dict[str, Any]:
+        """
+        Store an artifact.
+
+        Args:
+            data: Base64-encoded data
+            key: Optional caller-provided key (UUID generated if not provided)
+            ttl_seconds: Time-to-live in seconds (default 3600)
+            category: Optional category for organization
+
+        Returns:
+            {key, ref, storage_type, size_bytes, expires_at}
+        """
+        body: Dict[str, Any] = {
+            "data": data,
+            "ttl_seconds": ttl_seconds,
+        }
+        if key:
+            body["key"] = key
+        if category:
+            body["category"] = category
+        return await self._api("/api/artifact/store", body=body)
+
+    async def retrieve(self, key: str) -> Dict[str, Any]:
+        """
+        Retrieve an artifact by key.
+
+        Args:
+            key: Artifact key
+
+        Returns:
+            {key, data, storage_type, size_bytes, expires_at}
+        """
+        return await self._api("/api/artifact/retrieve", body={"key": key})
+
+    async def delete(self, key: str) -> Dict[str, Any]:
+        """
+        Delete an artifact by key.
+
+        Args:
+            key: Artifact key
+
+        Returns:
+            {deleted: bool, key: str}
+        """
+        return await self._api("/api/artifact/delete", body={"key": key})
+
+    async def cleanup(
+        self,
+        force: bool = False,
+        limit: int = 100,
+    ) -> Dict[str, Any]:
+        """
+        Cleanup expired artifacts (admin only).
+
+        Args:
+            force: Skip throttle check
+            limit: Max items to clean (default 100)
+
+        Returns:
+            {cleaned: int, skipped: bool}
+        """
+        body: Dict[str, Any] = {"limit": limit}
+        if force:
+            body["force"] = True
+        return await self._api("/api/artifact/cleanup", body=body)

{dominus_sdk_python-2.12.0 → dominus_sdk_python-2.13.0}/dominus/namespaces/auth.py

@@ -153,6 +153,63 @@ class AuthNamespace:
             body={"password": password}
         )
 
+    # User profiles
+    async def get_user_profile(self, user_id: str) -> Optional[Dict[str, Any]]:
+        """Get user profile by user_id. Returns None if no profile exists."""
+        result = await self._client._request(
+            endpoint=f"/api/guardian/user-profiles?user_id={user_id}&limit=1",
+            method="GET"
+        )
+        items = result if isinstance(result, list) else (result.get("data", []) if isinstance(result, dict) else [])
+        return items[0] if items else None
+
+    async def create_user_profile(
+        self,
+        user_id: str,
+        first_name: Optional[str] = None,
+        last_name: Optional[str] = None,
+        display_name: Optional[str] = None,
+        avatar_url: Optional[str] = None,
+    ) -> Dict[str, Any]:
+        """Create a user profile."""
+        body: Dict[str, Any] = {"user_id": user_id}
+        if first_name is not None:
+            body["first_name"] = first_name
+        if last_name is not None:
+            body["last_name"] = last_name
+        if display_name is not None:
+            body["display_name"] = display_name
+        if avatar_url is not None:
+            body["avatar_url"] = avatar_url
+        return await self._client._request(
+            endpoint="/api/guardian/user-profiles",
+            body=body
+        )
+
+    async def update_user_profile(
+        self,
+        profile_id: str,
+        first_name: Optional[str] = None,
+        last_name: Optional[str] = None,
+        display_name: Optional[str] = None,
+        avatar_url: Optional[str] = None,
+    ) -> Dict[str, Any]:
+        """Update a user profile."""
+        body: Dict[str, Any] = {}
+        if first_name is not None:
+            body["first_name"] = first_name
+        if last_name is not None:
+            body["last_name"] = last_name
+        if display_name is not None:
+            body["display_name"] = display_name
+        if avatar_url is not None:
+            body["avatar_url"] = avatar_url
+        return await self._client._request(
+            endpoint=f"/api/guardian/user-profiles/{profile_id}",
+            method="PUT",
+            body=body
+        )
+
     # User junction tables
     async def get_user_roles(self, user_id: str) -> List[Dict[str, Any]]:
         """Get roles assigned to user."""
@@ -722,6 +779,7 @@ class AuthNamespace:
         self,
         status: Optional[str] = None,
         category_id: Optional[str] = None,
+        include_system: bool = False,
         limit: int = 100,
         offset: int = 0
     ) -> Dict[str, Any]:
@@ -731,6 +789,8 @@ class AuthNamespace:
             params += f"&status={status}"
         if category_id:
             params += f"&category_id={category_id}"
+        if include_system:
+            params += "&include_system=true"
 
         return await self._client._request(
             endpoint=f"/api/guardian/tenants{params}",
@@ -796,12 +856,16 @@ class AuthNamespace:
 
     async def list_tenant_categories(
         self,
+        include_system: bool = False,
         limit: int = 100,
         offset: int = 0
     ) -> Dict[str, Any]:
         """List all tenant categories."""
+        params = f"?limit={limit}&offset={offset}"
+        if include_system:
+            params += "&include_system=true"
         return await self._client._request(
-            endpoint=f"/api/guardian/tenant-categories?limit={limit}&offset={offset}",
+            endpoint=f"/api/guardian/tenant-categories{params}",
             method="GET"
         )