docs: update documentation

Author: evansims

.github/labeler.yml

@@ -1,18 +1,18 @@
 # Documentation
-documentation:
+"kind/documentation":
   - changed-files:
       - any-glob-to-any-file:
           - "**/*.md"
           - "docs/**/*"
 
 # CI/CD
-ci:
+"area/ci":
   - changed-files:
       - any-glob-to-any-file:
           - ".github/**/*"
 
 # Configuration
-config:
+"area/config":
   - changed-files:
       - any-glob-to-any-file:
           - "**/*.toml"
@@ -21,72 +21,70 @@ config:
           - "!.github/**/*"
 
 # Dependencies
-dependencies:
+"area/deps":
   - changed-files:
       - any-glob-to-any-file:
           - "**/Cargo.toml"
           - "**/Cargo.lock"
 
 # Testing
-testing:
+"area/testing":
   - changed-files:
       - any-glob-to-any-file:
           - "**/tests/**/*"
           - "**/*_test.rs"
           - "**/*_tests.rs"
-
-# Source code
-source:
-  - changed-files:
-      - any-glob-to-any-file:
-          - "src/**/*"
+          - "src/testing/**/*"
 
 # Client
-client:
+"area/client":
   - changed-files:
       - any-glob-to-any-file:
           - "src/client/**/*"
           - "src/client.rs"
+          - "src/vault/**/*"
 
-# Transport
-transport:
+# Protocol buffers and gRPC
+"area/proto":
   - changed-files:
       - any-glob-to-any-file:
           - "src/transport/**/*"
-          - "src/grpc/**/*"
-          - "src/rest/**/*"
+          - "proto/**/*"
+          - "build.rs"
 
 # Authentication
-auth:
+"area/auth":
   - changed-files:
       - any-glob-to-any-file:
           - "src/auth/**/*"
           - "src/credentials/**/*"
 
 # API
-api:
+"area/api":
   - changed-files:
       - any-glob-to-any-file:
           - "src/api/**/*"
           - "src/check/**/*"
           - "src/relationships/**/*"
           - "src/expand/**/*"
+          - "src/control/**/*"
+
+# Data models and types
+"area/models":
+  - changed-files:
+      - any-glob-to-any-file:
+          - "src/types/**/*"
+          - "src/models/**/*"
+          - "src/error/**/*"
 
 # Derive macros
-macros:
+"area/derive":
   - changed-files:
       - any-glob-to-any-file:
           - "inferadb-derive/**/*"
 
 # Examples
-examples:
+"area/examples":
   - changed-files:
       - any-glob-to-any-file:
           - "examples/**/*"
-
-# Proto/gRPC
-proto:
-  - changed-files:
-      - any-glob-to-any-file:
-          - "proto/**/*"
-          - "build.rs"

README.md

@@ -60,36 +60,11 @@ let vault = org.vault("vlt_...");
 
 ### Permission Checks
 
-#### Check a Permission
-
 ```rust
 let allowed = vault.check("user:alice", "view", "doc:1").await?;
 ```
 
-#### Check with ABAC Context
-
-```rust
-let allowed = vault.check("user:alice", "view", "doc:confidential")
-    .with_context(Context::new()
-        .with("ip_address", "10.0.0.50")
-        .with("mfa_verified", true))
-    .await?;
-```
-
-#### Require Permission (Guard Clause)
-
-```rust
-vault.check("user:alice", "edit", "doc:1").require().await?;
-```
-
-#### Check Multiple Permissions
-
-```rust
-let results = vault.check_batch([
-    ("user:alice", "view", "doc:1"),
-    ("user:alice", "edit", "doc:1"),
-]).await?;
-```
+See the [Authorization API Guide](docs/guides/authorization-api.md) for ABAC context, batch checks, guard clauses, and more.
 
 ### Relationships
 
@@ -205,125 +180,40 @@ while let Some(event) = stream.next().await {
 
 ```rust
 let org = client.organization("org_...");
-let vault = org.vault("vlt_...");
-```
-
-### Organizations
-
-#### Get Current Organization
-
-```rust
-let info = org.control().get().await?;
 ```
 
 ### Vaults
 
-#### Create a Vault
-
 ```rust
 let vault = org.vaults().create(CreateVaultRequest::new("production")).await?;
 ```
 
-#### List Vaults
-
-```rust
-let vaults = org.vaults().list().collect().await?;
-```
-
 ### Schemas
 
-#### Push a Schema
-
 ```rust
-let result = vault.schemas().push(r#"
+vault.schemas().push(r#"
     type user {}
     type document {
         relation viewer: user
-        relation editor: user
-        permission view = viewer + editor
-        permission edit = editor
+        permission view = viewer
     }
 "#).await?;
 ```
 
-#### Validate a Schema
-
-```rust
-let validation = vault.schemas().validate(schema_content).await?;
-```
-
-#### Activate a Schema Version
-
-```rust
-vault.schemas().activate("v2").await?;
-```
-
-#### Compare Schema Versions
-
-```rust
-let diff = vault.schemas().diff("v1", "v2").await?;
-```
-
-### Members
-
-#### Invite a Member
+### Members & Teams
 
 ```rust
 org.members().invite(InviteMemberRequest::new("alice@example.com", OrgRole::Admin)).await?;
-```
-
-### Teams
-
-#### Create a Team
-
-```rust
 org.teams().create(CreateTeamRequest::new("Engineering")).await?;
 ```
 
-#### Add Member to Team
-
-```rust
-org.teams().add_member("team_...", "user_...", TeamRole::Member).await?;
-```
-
-### API Clients
-
-#### Create an API Client
-
-```rust
-let api_client = org.clients().create(
-    CreateApiClientRequest::new("payment-service")
-).await?;
-```
-
-#### Rotate Client Credentials
-
-```rust
-org.clients().certificates("client_...").rotate(
-    RotateCertificateRequest::new(public_key_pem)
-).await?;
-```
-
 ### Audit Logs
 
-#### Query Audit Events
-
 ```rust
-let events = org.audit().list()
-    .action(AuditAction::RelationshipCreated)
-    .since(one_hour_ago)
-    .collect()
-    .await?;
+let events = org.audit().list().collect().await?;
 ```
 
-#### Export Audit Logs
-
-```rust
-org.audit().export()
-    .format(ExportFormat::Json)
-    .write_to_file("audit.json")
-    .await?;
-```
+See the [Management API Guide](docs/guides/management-api.md) for organizations, API clients, schema versioning, and more.
 
 ## Local Development
 
@@ -373,6 +263,7 @@ See the [Testing Guide](docs/guides/testing.md) for `InMemoryClient` (full polic
 | ----------------------------------------------------------- | ------------------------------------------------- |
 | [Installation](docs/guides/installation.md)                 | Feature flags, optimized builds, TLS, MSRV        |
 | [Authentication](docs/guides/authentication.md)             | Client credentials, bearer tokens, key management |
+| [Authorization API](docs/guides/authorization-api.md)       | Permission checks, relationships, lookups, watch  |
 | [Integration Patterns](docs/guides/integration-patterns.md) | Axum, Actix-web, GraphQL, gRPC middleware         |
 | [Error Handling](docs/guides/errors.md)                     | Error types, retries, graceful degradation        |
 | [Testing](docs/guides/testing.md)                           | MockClient, InMemoryClient, TestVault             |

docs/README.md

@@ -8,6 +8,7 @@ Supplementary documentation for the InferaDB Rust SDK. For the main README and q
 | ------------------------------------------------------ | ------------------------------------------------------ |
 | [Installation](guides/installation.md)                 | Feature flags, optimized builds, TLS options, MSRV     |
 | [Authentication](guides/authentication.md)             | Client credentials, bearer tokens, key management      |
+| [Authorization API](guides/authorization-api.md)       | Permission checks, relationships, lookups, watch       |
 | [Integration Patterns](guides/integration-patterns.md) | Framework integration (Axum, Actix-web, GraphQL, gRPC) |
 | [Error Handling](guides/errors.md)                     | Error types, retries, graceful degradation             |
 | [Testing](guides/testing.md)                           | MockClient, InMemoryClient, TestVault                  |
@@ -31,7 +32,7 @@ Supplementary documentation for the InferaDB Rust SDK. For the main README and q
 
 | Guide                                   | Description                                        |
 | --------------------------------------- | -------------------------------------------------- |
-| [Control API](guides/control-api.md)    | Organizations, vaults, schemas, members, audit     |
+| [Management API](guides/management-api.md) | Organizations, vaults, schemas, members, audit     |
 | [Advanced Features](guides/advanced.md) | Simulation, explain, export/import, type-safe APIs |
 
 ## Production

docs/guides/authentication.md

@@ -255,4 +255,4 @@ match client.auth_status().await {
 
 - [Production Checklist](production-checklist.md) - Security requirements
 - [Error Handling](errors.md) - Auth error types
-- [Control API](control-api.md) - Managing API clients and keys
+- [Management API](management-api.md) - Managing API clients and keys