feat(iam): implement whoami

[designcode]

Note

Medium Risk
Adds a new whoami call and extends client configuration/authentication inputs (including a skipCheck path) which could change how requests are authorized if misused, though scope is limited to IAM client wiring.

Overview
Adds a new whoami API (GET /users/whoami) to the IAM package and exports it from the public index.ts, returning the current userId and organizationId.

Extends IAM config/client creation to accept accessKeyId/secretAccessKey (loaded from TIGRIS_STORAGE_ACCESS_KEY_ID/TIGRIS_STORAGE_SECRET_ACCESS_KEY) and introduces an optional skipCheck flag to bypass required sessionToken/organizationId validation when creating an IAM client.

Includes a small tweak to shared HTTP client error construction (formatting-only).

^{Written by Cursor Bugbot for commit 80de209. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix prepared a fix for the issue found in the latest run.

• ✅ Fixed: Whoami drops most user config fields silently
  • Updated whoami to pass options?.config directly into createIAMClient, preserving all user-provided IAM config fields.

Or push these changes by commenting:

@cursor push f6fef5bd5f

Preview (f6fef5bd5f)

diff --git a/packages/iam/src/lib/whoami.ts b/packages/iam/src/lib/whoami.ts
--- a/packages/iam/src/lib/whoami.ts
+++ b/packages/iam/src/lib/whoami.ts
@@ -18,13 +18,7 @@
 export async function whoami(
   options?: WhoamiOptions
 ): Promise<TigrisIAMResponse<WhoamiResponse, Error>> {
-  const { data: client, error } = createIAMClient(
-    {
-      sessionToken: options?.config?.sessionToken,
-    },
-    true,
-    true
-  );
+  const { data: client, error } = createIAMClient(options?.config, true, true);
 
   if (error) {
     return { error };

_{This Bugbot Autofix run was free. To enable autofix for future PRs, go to the Cursor dashboard.}

[greptile-apps]

Greptile Summary

This PR implements a whoami function for the IAM package that identifies the currently authenticated user by calling the /users/whoami management endpoint. It also extends TigrisIAMConfig and the shared HTTP client to support AWS Signature V4 credential fields alongside the existing session token/org-ID auth path, and adds a skipCheck flag to createIAMClient so that callers without a session token can still construct a client.\n\nKey changes:\n- New whoami() function in packages/iam/src/lib/whoami.ts that maps the UserId/NamespaceId API response to a camelCase WhoamiResponse.\n- TigrisIAMConfig extended with optional accessKeyId / secretAccessKey fields, loaded from env vars in config.ts.\n- createIAMClient gains a skipCheck parameter so the session-token and org-ID guards can be bypassed for endpoints that work without those credentials.\n- shared/http-client.ts formatting-only cleanup.\n\nIssue found:\n- In whoami.ts, createIAMClient is called with a partial object containing only sessionToken instead of the full options?.config. This silently discards any credential or endpoint fields the caller supplies in options.config, falling back to environment-variable values instead. Every other IAM function (listUsers, listAccessKeys, etc.) passes options?.config directly — whoami should do the same.

Confidence Score: 4/5

Safe to merge after fixing the partial config forwarding in whoami.ts.

The overall design is sound and consistent with the rest of the IAM package. There is one concrete P1 bug: caller-provided credential and endpoint fields in options.config are silently dropped in the whoami implementation, making the options API misleading and breaking per-call overrides. The fix is a one-line change (pass options?.config instead of { sessionToken: ... }). All other changes are clean additions or formatting.

packages/iam/src/lib/whoami.ts — partial config forwarding needs to be corrected.

Important Files Changed

Filename	Overview
packages/iam/src/lib/whoami.ts	New whoami function that calls /users/whoami; user-provided credential and endpoint fields in options.config are silently dropped because only sessionToken is forwarded to createIAMClient.
packages/iam/src/lib/http-client.ts	Adds whoami endpoint constant, credential fields, and a skipCheck flag to bypass the session-token/org-ID guards — clean and consistent with the shared client.
packages/iam/src/lib/types.ts	Adds optional accessKeyId and secretAccessKey fields to TigrisIAMConfig; straightforward type extension.
packages/iam/src/lib/config.ts	Loads access key credentials from environment variables into the config — correct and consistent with existing fields.
packages/iam/src/index.ts	Re-exports whoami, WhoamiOptions, and WhoamiResponse from the new module — no issues.
shared/http-client.ts	Pure formatting fix (indentation of the HttpClientResponse union type) — no logic changes.

_{Reviews (1): Last reviewed commit: "feat(iam): implement whoami" | Re-trigger Greptile}

[github-actions]

🎉 This PR is included in version 1.4.0 🎉

The release is available on:

• GitHub release
• npm package (@latest dist-tag)

Your semantic-release bot 📦🚀

[github-actions]

🎉 This PR is included in version 2.15.6 🎉

The release is available on:

• GitHub release
• npm package (@latest dist-tag)

Your semantic-release bot 📦🚀