docs: refresh readme and legal info

ts_apiclient/readme.md

@@ -1,18 +1,18 @@
 # @serve.zone/dcrouter-apiclient
 
-Typed, object-oriented client for operating a running dcrouter instance. It wraps the OpsServer `/typedrequest` API in managers and resource classes so your scripts can work with routes, certificates, tokens, remote ingress edges, emails, stats, config, logs, and RADIUS without hand-rolling requests.
+`@serve.zone/dcrouter-apiclient` is the object-oriented TypeScript client for the dcrouter OpsServer API. It wraps `/typedrequest` calls in managers, builders, and resource classes for routes, certificates, API tokens, remote ingress, email, stats, config, logs, RADIUS, and WorkHoster integrations.
 
 ## Issue Reporting and Security
 
 For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly.
 
-## Installation
+## Install
 
 ```bash
 pnpm add @serve.zone/dcrouter-apiclient
 ```
 
-You can also import the same client through the main package subpath:
+The same client is also exposed as a subpath of the main package:
 
 ```typescript
 import { DcRouterApiClient } from '@serve.zone/dcrouter/apiclient';
@@ -30,7 +30,7 @@ const client = new DcRouterApiClient({
 await client.login('admin', 'admin');
 
 const { routes, warnings } = await client.routes.list();
-console.log('route count', routes.length, 'warnings', warnings.length);
+console.log(routes.length, warnings.length);
 
 const route = await client.routes.build()
   .setName('api-gateway')
@@ -38,47 +38,46 @@ const route = await client.routes.build()
   .setAction({ type: 'forward', targets: [{ host: '127.0.0.1', port: 8080 }] })
   .save();
 
-await route.toggle(false);
+await route.toggle(true);
 ```
 
-## What the Client Gives You
+## Authentication
 
-| Manager | Purpose |
-| --- | --- |
-| `client.routes` | List merged routes, create API routes, toggle routes |
-| `client.certificates` | Inspect certificates and run certificate operations |
-| `client.apiTokens` | Create, list, toggle, roll, and revoke API tokens |
-| `client.remoteIngress` | Manage edge registrations, statuses, and connection tokens |
-| `client.emails` | Inspect email items and trigger resend flows |
-| `client.stats` | Health, statistics, and operational summaries |
-| `client.config` | Read the current configuration view |
-| `client.logs` | Read recent logs and log-related data |
-| `client.radius` | Manage RADIUS clients, VLANs, and sessions |
-
-## Authentication Modes
-
-| Mode | How it works |
-| --- | --- |
-| Admin login | Call `login(username, password)` and the returned identity is stored on the client |
-| API token | Pass `apiToken` in the constructor and it is injected into requests automatically |
+The client supports session login and API-token authentication.
 
 ```typescript
-const client = new DcRouterApiClient({
+const sessionClient = new DcRouterApiClient({
   baseUrl: 'https://dcrouter.example.com',
-  apiToken: 'dcr_your_token_here',
+});
+await sessionClient.login('admin', 'admin');
+
+const tokenClient = new DcRouterApiClient({
+  baseUrl: 'https://dcrouter.example.com',
+  apiToken: 'dcr_token_value',
 });
 ```
 
-Important behavior:
+`baseUrl` is normalized by removing trailing slashes. Requests are sent to `${baseUrl}/typedrequest`. `buildRequestPayload()` injects the current identity and optional API token for manager methods.
 
-- `baseUrl` is normalized, and the client automatically calls `${baseUrl}/typedrequest`
-- `buildRequestPayload()` injects the current identity and optional API token for you
-- system routes can be toggled, but only API routes are meant for edit and delete flows
+## Manager Map
 
-## Route Builder Example
+| Manager | Purpose |
+| --- | --- |
+| `client.routes` | List merged routes, build API routes, update/delete API routes, and toggle routes. |
+| `client.certificates` | Inspect certificate summaries and trigger certificate operations. |
+| `client.apiTokens` | Create, list, toggle, roll, and revoke API tokens. |
+| `client.remoteIngress` | Manage edge registrations, statuses, ports, tags, and connection tokens. |
+| `client.emails` | Inspect received/cached email items and trigger resend flows. |
+| `client.workHosters` | Manage WorkHoster-facing route/application integration calls. |
+| `client.stats` | Read health, counters, summaries, and runtime status. |
+| `client.config` | Read the current configuration view. |
+| `client.logs` | Read recent log information. |
+| `client.radius` | Manage RADIUS clients, VLAN mappings, and accounting sessions. |
+
+## Route Builder
 
 ```typescript
-const newRoute = await client.routes.build()
+const route = await client.routes.build()
   .setName('internal-app')
   .setMatch({
     ports: 443,
@@ -91,7 +90,7 @@ const newRoute = await client.routes.build()
   .setEnabled(true)
   .save();
 
-await newRoute.update({
+await route.update({
   action: {
     type: 'forward',
     targets: [{ host: '127.0.0.1', port: 3001 }],
@@ -99,17 +98,17 @@ await newRoute.update({
 });
 ```
 
-## Token and Remote Ingress Example
+System routes from `config`, `email`, and `dns` origins are designed to be toggled, not edited. Full create/update/delete behavior is for routes with origin `api`.
+
+## API Tokens and Remote Ingress
 
 ```typescript
 const token = await client.apiTokens.build()
-  .setName('ci-token')
+  .setName('automation')
   .setScopes(['routes:read', 'routes:write'])
   .setExpiresInDays(30)
   .save();
 
-console.log('copy this once:', token.tokenValue);
-
 const edge = await client.remoteIngress.build()
   .setName('edge-eu-1')
   .setListenPorts([80, 443])
@@ -118,20 +117,31 @@ const edge = await client.remoteIngress.build()
   .save();
 
 const connectionToken = await edge.getConnectionToken();
-console.log(connectionToken);
+console.log(token.tokenValue, connectionToken);
 ```
 
-## What This Package Does Not Do
+## What This Package Is Not
 
 - It does not start dcrouter.
-- It does not bundle the dashboard.
-- It does not replace the raw interfaces package when you want low-level TypedRequest contracts.
+- It does not serve or bundle the Ops dashboard.
+- It does not replace `@serve.zone/dcrouter-interfaces` when you want raw TypedRequest contracts.
 
-Use `@serve.zone/dcrouter` to run the server and `@serve.zone/dcrouter-interfaces` for the shared request/data types.
+Use `@serve.zone/dcrouter` for the server runtime and `@serve.zone/dcrouter-interfaces` for shared request/data types.
+
+## Development
+
+This folder is published from the dcrouter monorepo via `tspublish.json` with order `5`.
+
+Useful source entry points:
+
+- `index.ts` exports the public client surface.
+- `classes.dcrouterapiclient.ts` owns authentication and request dispatch.
+- `classes.route.ts` owns route resources and builders.
+- `classes.remoteingress.ts`, `classes.apitoken.ts`, `classes.radius.ts`, and the other manager files wrap focused API domains.
 
 ## License and Legal Information
 
-This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](../license) file.
+This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](../license) file.
 
 **Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
 
@@ -143,7 +153,7 @@ Use of these trademarks must comply with Task Venture Capital GmbH's Trademark G
 
 ### Company Information
 
-Task Venture Capital GmbH  
+Task Venture Capital GmbH
 Registered at District Court Bremen HRB 35230 HB, Germany
 
 For any legal inquiries or further information, please contact us via email at hello@task.vc.