@1claw/sdk 0.2.0

package/dist/approvals.d.ts

@@ -0,0 +1,45 @@
+import type { HttpClient } from "./http";
+import type { ApprovalRequest, CreateApprovalRequest, ApprovalListResponse, OneclawResponse } from "./types";
+/**
+ * Approvals resource — human-in-the-loop approval workflows.
+ *
+ * Agents can request human approval before accessing sensitive secrets.
+ * Humans review, approve, or deny requests through the dashboard or API.
+ *
+ * **Status**: These endpoints are planned for an upcoming API release.
+ * The SDK methods are provided for forward compatibility and will work
+ * once the backend endpoints are deployed.
+ */
+export declare class ApprovalsResource {
+    private readonly http;
+    constructor(http: HttpClient);
+    /**
+     * Request human approval to access a secret.
+     * Typically called by an agent that encounters a gated secret.
+     */
+    request(options: CreateApprovalRequest): Promise<OneclawResponse<ApprovalRequest>>;
+    /**
+     * List approval requests, optionally filtered by status.
+     * @param status - "pending", "approved", or "denied"
+     */
+    list(status?: "pending" | "approved" | "denied"): Promise<OneclawResponse<ApprovalListResponse>>;
+    /** Approve a pending request. */
+    approve(requestId: string): Promise<OneclawResponse<ApprovalRequest>>;
+    /** Deny a pending request with an optional reason. */
+    deny(requestId: string, reason?: string): Promise<OneclawResponse<ApprovalRequest>>;
+    /**
+     * Poll for the status of a specific approval request.
+     * Returns the current state — useful for agents waiting on approval.
+     */
+    check(requestId: string): Promise<OneclawResponse<ApprovalRequest>>;
+    /**
+     * Subscribe to approval events via polling.
+     * Calls the callback every `intervalMs` with new/changed approvals.
+     * Returns an unsubscribe function.
+     */
+    subscribe(callback: (approvals: ApprovalRequest[]) => void, options?: {
+        status?: "pending" | "approved" | "denied";
+        intervalMs?: number;
+    }): () => void;
+}
+//# sourceMappingURL=approvals.d.ts.map

package/dist/approvals.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"approvals.d.ts","sourceRoot":"","sources":["../src/approvals.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACzC,OAAO,KAAK,EACR,eAAe,EACf,qBAAqB,EACrB,oBAAoB,EACpB,eAAe,EAClB,MAAM,SAAS,CAAC;AAEjB;;;;;;;;;GASG;AACH,qBAAa,iBAAiB;IACd,OAAO,CAAC,QAAQ,CAAC,IAAI;gBAAJ,IAAI,EAAE,UAAU;IAE7C;;;OAGG;IACG,OAAO,CACT,OAAO,EAAE,qBAAqB,GAC/B,OAAO,CAAC,eAAe,CAAC,eAAe,CAAC,CAAC;IAM5C;;;OAGG;IACG,IAAI,CACN,MAAM,CAAC,EAAE,SAAS,GAAG,UAAU,GAAG,QAAQ,GAC3C,OAAO,CAAC,eAAe,CAAC,oBAAoB,CAAC,CAAC;IAMjD,iCAAiC;IAC3B,OAAO,CACT,SAAS,EAAE,MAAM,GAClB,OAAO,CAAC,eAAe,CAAC,eAAe,CAAC,CAAC;IAO5C,sDAAsD;IAChD,IAAI,CACN,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,eAAe,CAAC,eAAe,CAAC,CAAC;IAQ5C;;;OAGG;IACG,KAAK,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,eAAe,CAAC,CAAC;IAOzE;;;;OAIG;IACH,SAAS,CACL,QAAQ,EAAE,CAAC,SAAS,EAAE,eAAe,EAAE,KAAK,IAAI,EAChD,OAAO,GAAE;QACL,MAAM,CAAC,EAAE,SAAS,GAAG,UAAU,GAAG,QAAQ,CAAC;QAC3C,UAAU,CAAC,EAAE,MAAM,CAAC;KAClB,GACP,MAAM,IAAI;CAuBhB"}

package/dist/approvals.js

@@ -0,0 +1,76 @@
+/**
+ * Approvals resource — human-in-the-loop approval workflows.
+ *
+ * Agents can request human approval before accessing sensitive secrets.
+ * Humans review, approve, or deny requests through the dashboard or API.
+ *
+ * **Status**: These endpoints are planned for an upcoming API release.
+ * The SDK methods are provided for forward compatibility and will work
+ * once the backend endpoints are deployed.
+ */
+export class ApprovalsResource {
+    constructor(http) {
+        this.http = http;
+    }
+    /**
+     * Request human approval to access a secret.
+     * Typically called by an agent that encounters a gated secret.
+     */
+    async request(options) {
+        return this.http.request("POST", "/v1/approvals", {
+            body: options,
+        });
+    }
+    /**
+     * List approval requests, optionally filtered by status.
+     * @param status - "pending", "approved", or "denied"
+     */
+    async list(status) {
+        return this.http.request("GET", "/v1/approvals", {
+            query: status ? { status } : undefined,
+        });
+    }
+    /** Approve a pending request. */
+    async approve(requestId) {
+        return this.http.request("POST", `/v1/approvals/${requestId}/approve`);
+    }
+    /** Deny a pending request with an optional reason. */
+    async deny(requestId, reason) {
+        return this.http.request("POST", `/v1/approvals/${requestId}/deny`, { body: reason ? { reason } : undefined });
+    }
+    /**
+     * Poll for the status of a specific approval request.
+     * Returns the current state — useful for agents waiting on approval.
+     */
+    async check(requestId) {
+        return this.http.request("GET", `/v1/approvals/${requestId}`);
+    }
+    /**
+     * Subscribe to approval events via polling.
+     * Calls the callback every `intervalMs` with new/changed approvals.
+     * Returns an unsubscribe function.
+     */
+    subscribe(callback, options = {}) {
+        const interval = options.intervalMs ?? 3000;
+        let active = true;
+        const poll = async () => {
+            while (active) {
+                try {
+                    const res = await this.list(options.status);
+                    if (res.data?.approvals) {
+                        callback(res.data.approvals);
+                    }
+                }
+                catch {
+                    /* silently retry */
+                }
+                await new Promise((r) => setTimeout(r, interval));
+            }
+        };
+        poll();
+        return () => {
+            active = false;
+        };
+    }
+}
+//# sourceMappingURL=approvals.js.map

package/dist/approvals.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"approvals.js","sourceRoot":"","sources":["../src/approvals.ts"],"names":[],"mappings":"AAQA;;;;;;;;;GASG;AACH,MAAM,OAAO,iBAAiB;IAC1B,YAA6B,IAAgB;QAAhB,SAAI,GAAJ,IAAI,CAAY;IAAG,CAAC;IAEjD;;;OAGG;IACH,KAAK,CAAC,OAAO,CACT,OAA8B;QAE9B,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAkB,MAAM,EAAE,eAAe,EAAE;YAC/D,IAAI,EAAE,OAAO;SAChB,CAAC,CAAC;IACP,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,IAAI,CACN,MAA0C;QAE1C,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAuB,KAAK,EAAE,eAAe,EAAE;YACnE,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,SAAS;SACzC,CAAC,CAAC;IACP,CAAC;IAED,iCAAiC;IACjC,KAAK,CAAC,OAAO,CACT,SAAiB;QAEjB,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CACpB,MAAM,EACN,iBAAiB,SAAS,UAAU,CACvC,CAAC;IACN,CAAC;IAED,sDAAsD;IACtD,KAAK,CAAC,IAAI,CACN,SAAiB,EACjB,MAAe;QAEf,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CACpB,MAAM,EACN,iBAAiB,SAAS,OAAO,EACjC,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,CAC5C,CAAC;IACN,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,KAAK,CAAC,SAAiB;QACzB,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CACpB,KAAK,EACL,iBAAiB,SAAS,EAAE,CAC/B,CAAC;IACN,CAAC;IAED;;;;OAIG;IACH,SAAS,CACL,QAAgD,EAChD,UAGI,EAAE;QAEN,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,IAAI,IAAI,CAAC;QAC5C,IAAI,MAAM,GAAG,IAAI,CAAC;QAElB,MAAM,IAAI,GAAG,KAAK,IAAI,EAAE;YACpB,OAAO,MAAM,EAAE,CAAC;gBACZ,IAAI,CAAC;oBACD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;oBAC5C,IAAI,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC;wBACtB,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;oBACjC,CAAC;gBACL,CAAC;gBAAC,MAAM,CAAC;oBACL,oBAAoB;gBACxB,CAAC;gBACD,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;YACtD,CAAC;QACL,CAAC,CAAC;QAEF,IAAI,EAAE,CAAC;QACP,OAAO,GAAG,EAAE;YACR,MAAM,GAAG,KAAK,CAAC;QACnB,CAAC,CAAC;IACN,CAAC;CACJ"}

package/dist/audit.d.ts

@@ -0,0 +1,23 @@
+import type { HttpClient } from "./http";
+import type { AuditQuery, AuditEventsResponse, OneclawResponse } from "./types";
+/**
+ * Audit resource — query the immutable audit log of all vault operations.
+ */
+export declare class AuditResource {
+    private readonly http;
+    constructor(http: HttpClient);
+    /**
+     * Query audit events with optional filters.
+     *
+     * @example
+     * ```ts
+     * const events = await client.audit.query({
+     *   resource_id: vaultId,
+     *   action: "secret.read",
+     *   limit: 25,
+     * });
+     * ```
+     */
+    query(filters?: AuditQuery): Promise<OneclawResponse<AuditEventsResponse>>;
+}
+//# sourceMappingURL=audit.d.ts.map

package/dist/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../src/audit.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACzC,OAAO,KAAK,EAAE,UAAU,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAEhF;;GAEG;AACH,qBAAa,aAAa;IACV,OAAO,CAAC,QAAQ,CAAC,IAAI;gBAAJ,IAAI,EAAE,UAAU;IAE7C;;;;;;;;;;;OAWG;IACG,KAAK,CACP,OAAO,GAAE,UAAe,GACzB,OAAO,CAAC,eAAe,CAAC,mBAAmB,CAAC,CAAC;CAkBnD"}

package/dist/audit.js

@@ -0,0 +1,41 @@
+/**
+ * Audit resource — query the immutable audit log of all vault operations.
+ */
+export class AuditResource {
+    constructor(http) {
+        this.http = http;
+    }
+    /**
+     * Query audit events with optional filters.
+     *
+     * @example
+     * ```ts
+     * const events = await client.audit.query({
+     *   resource_id: vaultId,
+     *   action: "secret.read",
+     *   limit: 25,
+     * });
+     * ```
+     */
+    async query(filters = {}) {
+        const query = {};
+        if (filters.resource_id)
+            query.resource_id = filters.resource_id;
+        if (filters.actor_id)
+            query.actor_id = filters.actor_id;
+        if (filters.action)
+            query.action = filters.action;
+        if (filters.from)
+            query.from = filters.from;
+        if (filters.to)
+            query.to = filters.to;
+        if (filters.limit !== undefined)
+            query.limit = filters.limit;
+        if (filters.offset !== undefined)
+            query.offset = filters.offset;
+        return this.http.request("GET", "/v1/audit/events", {
+            query,
+        });
+    }
+}
+//# sourceMappingURL=audit.js.map

package/dist/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../src/audit.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,MAAM,OAAO,aAAa;IACtB,YAA6B,IAAgB;QAAhB,SAAI,GAAJ,IAAI,CAAY;IAAG,CAAC;IAEjD;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,KAAK,CACP,UAAsB,EAAE;QAExB,MAAM,KAAK,GAAgD,EAAE,CAAC;QAC9D,IAAI,OAAO,CAAC,WAAW;YAAE,KAAK,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACjE,IAAI,OAAO,CAAC,QAAQ;YAAE,KAAK,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACxD,IAAI,OAAO,CAAC,MAAM;YAAE,KAAK,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAClD,IAAI,OAAO,CAAC,IAAI;YAAE,KAAK,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAC5C,IAAI,OAAO,CAAC,EAAE;YAAE,KAAK,CAAC,EAAE,GAAG,OAAO,CAAC,EAAE,CAAC;QACtC,IAAI,OAAO,CAAC,KAAK,KAAK,SAAS;YAAE,KAAK,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QAC7D,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS;YAAE,KAAK,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAEhE,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CACpB,KAAK,EACL,kBAAkB,EAClB;YACI,KAAK;SACR,CACJ,CAAC;IACN,CAAC;CACJ"}

package/dist/auth.d.ts

@@ -0,0 +1,42 @@
+import type { HttpClient } from "./http";
+import type { TokenRequest, AgentTokenRequest, UserApiKeyTokenRequest, GoogleAuthRequest, SignupRequest, ChangePasswordRequest, TokenResponse, OneclawResponse } from "./types";
+/**
+ * Auth resource — authenticate users and agents, manage sessions.
+ * Successful authentication automatically stores the JWT on the client
+ * so subsequent requests are authenticated.
+ */
+export declare class AuthResource {
+    private readonly http;
+    constructor(http: HttpClient);
+    /**
+     * Authenticate with email and password.
+     * Stores the resulting JWT for subsequent requests.
+     */
+    login(credentials: TokenRequest): Promise<OneclawResponse<TokenResponse>>;
+    /**
+     * Create a new account with email and password.
+     * Creates a new organization, returns a JWT, and automatically
+     * claims any pending email-based secret shares.
+     */
+    signup(credentials: SignupRequest): Promise<OneclawResponse<TokenResponse>>;
+    /**
+     * Authenticate an agent using its ID and API key.
+     * Stores the resulting JWT for subsequent requests.
+     */
+    agentToken(credentials: AgentTokenRequest): Promise<OneclawResponse<TokenResponse>>;
+    /**
+     * Authenticate with a user API key (prefix `ocv_`).
+     * Stores the resulting JWT for subsequent requests.
+     */
+    apiKeyToken(credentials: UserApiKeyTokenRequest): Promise<OneclawResponse<TokenResponse>>;
+    /**
+     * Authenticate with a Google ID token (OAuth2 flow).
+     * Stores the resulting JWT for subsequent requests.
+     */
+    google(credentials: GoogleAuthRequest): Promise<OneclawResponse<TokenResponse>>;
+    /** Change the current user's password. */
+    changePassword(request: ChangePasswordRequest): Promise<OneclawResponse<void>>;
+    /** Revoke the current session token. */
+    logout(): Promise<OneclawResponse<void>>;
+}
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACzC,OAAO,KAAK,EACR,YAAY,EACZ,iBAAiB,EACjB,sBAAsB,EACtB,iBAAiB,EACjB,aAAa,EACb,qBAAqB,EACrB,aAAa,EACb,eAAe,EAClB,MAAM,SAAS,CAAC;AAEjB;;;;GAIG;AACH,qBAAa,YAAY;IACT,OAAO,CAAC,QAAQ,CAAC,IAAI;gBAAJ,IAAI,EAAE,UAAU;IAE7C;;;OAGG;IACG,KAAK,CACP,WAAW,EAAE,YAAY,GAC1B,OAAO,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;IAY1C;;;;OAIG;IACG,MAAM,CACR,WAAW,EAAE,aAAa,GAC3B,OAAO,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;IAY1C;;;OAGG;IACG,UAAU,CACZ,WAAW,EAAE,iBAAiB,GAC/B,OAAO,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;IAY1C;;;OAGG;IACG,WAAW,CACb,WAAW,EAAE,sBAAsB,GACpC,OAAO,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;IAY1C;;;OAGG;IACG,MAAM,CACR,WAAW,EAAE,iBAAiB,GAC/B,OAAO,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;IAY1C,0CAA0C;IACpC,cAAc,CAChB,OAAO,EAAE,qBAAqB,GAC/B,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;IAMjC,wCAAwC;IAClC,MAAM,IAAI,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;CAKjD"}

package/dist/auth.js

@@ -0,0 +1,79 @@
+/**
+ * Auth resource — authenticate users and agents, manage sessions.
+ * Successful authentication automatically stores the JWT on the client
+ * so subsequent requests are authenticated.
+ */
+export class AuthResource {
+    constructor(http) {
+        this.http = http;
+    }
+    /**
+     * Authenticate with email and password.
+     * Stores the resulting JWT for subsequent requests.
+     */
+    async login(credentials) {
+        const res = await this.http.request("POST", "/v1/auth/token", { body: credentials });
+        if (res.data?.access_token) {
+            this.http.setToken(res.data.access_token);
+        }
+        return res;
+    }
+    /**
+     * Create a new account with email and password.
+     * Creates a new organization, returns a JWT, and automatically
+     * claims any pending email-based secret shares.
+     */
+    async signup(credentials) {
+        const res = await this.http.request("POST", "/v1/auth/signup", { body: credentials });
+        if (res.data?.access_token) {
+            this.http.setToken(res.data.access_token);
+        }
+        return res;
+    }
+    /**
+     * Authenticate an agent using its ID and API key.
+     * Stores the resulting JWT for subsequent requests.
+     */
+    async agentToken(credentials) {
+        const res = await this.http.request("POST", "/v1/auth/agent-token", { body: credentials });
+        if (res.data?.access_token) {
+            this.http.setToken(res.data.access_token);
+        }
+        return res;
+    }
+    /**
+     * Authenticate with a user API key (prefix `ocv_`).
+     * Stores the resulting JWT for subsequent requests.
+     */
+    async apiKeyToken(credentials) {
+        const res = await this.http.request("POST", "/v1/auth/api-key-token", { body: credentials });
+        if (res.data?.access_token) {
+            this.http.setToken(res.data.access_token);
+        }
+        return res;
+    }
+    /**
+     * Authenticate with a Google ID token (OAuth2 flow).
+     * Stores the resulting JWT for subsequent requests.
+     */
+    async google(credentials) {
+        const res = await this.http.request("POST", "/v1/auth/google", { body: credentials });
+        if (res.data?.access_token) {
+            this.http.setToken(res.data.access_token);
+        }
+        return res;
+    }
+    /** Change the current user's password. */
+    async changePassword(request) {
+        return this.http.request("POST", "/v1/auth/change-password", {
+            body: request,
+        });
+    }
+    /** Revoke the current session token. */
+    async logout() {
+        const res = await this.http.request("DELETE", "/v1/auth/token");
+        this.http.setToken("");
+        return res;
+    }
+}
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAYA;;;;GAIG;AACH,MAAM,OAAO,YAAY;IACrB,YAA6B,IAAgB;QAAhB,SAAI,GAAJ,IAAI,CAAY;IAAG,CAAC;IAEjD;;;OAGG;IACH,KAAK,CAAC,KAAK,CACP,WAAyB;QAEzB,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAC/B,MAAM,EACN,gBAAgB,EAChB,EAAE,IAAI,EAAE,WAAW,EAAE,CACxB,CAAC;QACF,IAAI,GAAG,CAAC,IAAI,EAAE,YAAY,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO,GAAG,CAAC;IACf,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM,CACR,WAA0B;QAE1B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAC/B,MAAM,EACN,iBAAiB,EACjB,EAAE,IAAI,EAAE,WAAW,EAAE,CACxB,CAAC;QACF,IAAI,GAAG,CAAC,IAAI,EAAE,YAAY,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO,GAAG,CAAC;IACf,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU,CACZ,WAA8B;QAE9B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAC/B,MAAM,EACN,sBAAsB,EACtB,EAAE,IAAI,EAAE,WAAW,EAAE,CACxB,CAAC;QACF,IAAI,GAAG,CAAC,IAAI,EAAE,YAAY,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO,GAAG,CAAC;IACf,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CACb,WAAmC;QAEnC,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAC/B,MAAM,EACN,wBAAwB,EACxB,EAAE,IAAI,EAAE,WAAW,EAAE,CACxB,CAAC;QACF,IAAI,GAAG,CAAC,IAAI,EAAE,YAAY,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO,GAAG,CAAC;IACf,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CACR,WAA8B;QAE9B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAC/B,MAAM,EACN,iBAAiB,EACjB,EAAE,IAAI,EAAE,WAAW,EAAE,CACxB,CAAC;QACF,IAAI,GAAG,CAAC,IAAI,EAAE,YAAY,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO,GAAG,CAAC;IACf,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,cAAc,CAChB,OAA8B;QAE9B,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAO,MAAM,EAAE,0BAA0B,EAAE;YAC/D,IAAI,EAAE,OAAO;SAChB,CAAC,CAAC;IACP,CAAC;IAED,wCAAwC;IACxC,KAAK,CAAC,MAAM;QACR,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAO,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QACtE,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;QACvB,OAAO,GAAG,CAAC;IACf,CAAC;CACJ"}

package/dist/billing.d.ts

@@ -0,0 +1,17 @@
+import type { HttpClient } from "./http";
+import type { UsageSummaryResponse, UsageHistoryResponse, OneclawResponse } from "./types";
+/**
+ * Billing resource — view API usage summaries and per-request history.
+ */
+export declare class BillingResource {
+    private readonly http;
+    constructor(http: HttpClient);
+    /** Get the current month's usage summary (free tier remaining, costs). */
+    usage(): Promise<OneclawResponse<UsageSummaryResponse>>;
+    /**
+     * Get per-request usage history.
+     * @param limit Maximum number of events to return (1–200, default 50).
+     */
+    history(limit?: number): Promise<OneclawResponse<UsageHistoryResponse>>;
+}
+//# sourceMappingURL=billing.d.ts.map

package/dist/billing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"billing.d.ts","sourceRoot":"","sources":["../src/billing.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACzC,OAAO,KAAK,EACR,oBAAoB,EACpB,oBAAoB,EACpB,eAAe,EAClB,MAAM,SAAS,CAAC;AAEjB;;GAEG;AACH,qBAAa,eAAe;IACZ,OAAO,CAAC,QAAQ,CAAC,IAAI;gBAAJ,IAAI,EAAE,UAAU;IAE7C,0EAA0E;IACpE,KAAK,IAAI,OAAO,CAAC,eAAe,CAAC,oBAAoB,CAAC,CAAC;IAO7D;;;OAGG;IACG,OAAO,CACT,KAAK,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,eAAe,CAAC,oBAAoB,CAAC,CAAC;CASpD"}

package/dist/billing.js

@@ -0,0 +1,22 @@
+/**
+ * Billing resource — view API usage summaries and per-request history.
+ */
+export class BillingResource {
+    constructor(http) {
+        this.http = http;
+    }
+    /** Get the current month's usage summary (free tier remaining, costs). */
+    async usage() {
+        return this.http.request("GET", "/v1/billing/usage");
+    }
+    /**
+     * Get per-request usage history.
+     * @param limit Maximum number of events to return (1–200, default 50).
+     */
+    async history(limit) {
+        return this.http.request("GET", "/v1/billing/history", {
+            query: limit !== undefined ? { limit } : undefined,
+        });
+    }
+}
+//# sourceMappingURL=billing.js.map

package/dist/billing.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"billing.js","sourceRoot":"","sources":["../src/billing.ts"],"names":[],"mappings":"AAOA;;GAEG;AACH,MAAM,OAAO,eAAe;IACxB,YAA6B,IAAgB;QAAhB,SAAI,GAAJ,IAAI,CAAY;IAAG,CAAC;IAEjD,0EAA0E;IAC1E,KAAK,CAAC,KAAK;QACP,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CACpB,KAAK,EACL,mBAAmB,CACtB,CAAC;IACN,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,OAAO,CACT,KAAc;QAEd,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CACpB,KAAK,EACL,qBAAqB,EACrB;YACI,KAAK,EAAE,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,SAAS;SACrD,CACJ,CAAC;IACN,CAAC;CACJ"}

package/dist/chains.d.ts

@@ -0,0 +1,25 @@
+import type { HttpClient } from "./http";
+import type { ChainResponse, ChainListResponse, CreateChainRequest, UpdateChainRequest, OneclawResponse } from "./types";
+/**
+ * Chains resource — list supported blockchains and manage chain configuration.
+ *
+ * Public endpoints let any authenticated user list enabled chains.
+ * Admin endpoints allow adding, updating (e.g. setting an RPC URL), and removing chains.
+ */
+export declare class ChainsResource {
+    private readonly http;
+    constructor(http: HttpClient);
+    /** List all enabled chains. */
+    list(): Promise<OneclawResponse<ChainListResponse>>;
+    /** Get a chain by name (e.g. "base") or numeric chain ID (e.g. "8453"). */
+    get(identifier: string): Promise<OneclawResponse<ChainResponse>>;
+    /** List all chains including disabled ones (admin). */
+    adminList(): Promise<OneclawResponse<ChainListResponse>>;
+    /** Add a new chain to the registry (admin). */
+    create(chain: CreateChainRequest): Promise<OneclawResponse<ChainResponse>>;
+    /** Update chain configuration, e.g. set an RPC URL (admin). */
+    update(chainId: string, update: UpdateChainRequest): Promise<OneclawResponse<ChainResponse>>;
+    /** Remove a chain from the registry (admin). */
+    delete(chainId: string): Promise<OneclawResponse<void>>;
+}
+//# sourceMappingURL=chains.d.ts.map

package/dist/chains.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"chains.d.ts","sourceRoot":"","sources":["../src/chains.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AACzC,OAAO,KAAK,EACR,aAAa,EACb,iBAAiB,EACjB,kBAAkB,EAClB,kBAAkB,EAClB,eAAe,EAClB,MAAM,SAAS,CAAC;AAEjB;;;;;GAKG;AACH,qBAAa,cAAc;IACX,OAAO,CAAC,QAAQ,CAAC,IAAI;gBAAJ,IAAI,EAAE,UAAU;IAE7C,+BAA+B;IACzB,IAAI,IAAI,OAAO,CAAC,eAAe,CAAC,iBAAiB,CAAC,CAAC;IAIzD,2EAA2E;IACrE,GAAG,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;IAStE,uDAAuD;IACjD,SAAS,IAAI,OAAO,CAAC,eAAe,CAAC,iBAAiB,CAAC,CAAC;IAO9D,+CAA+C;IACzC,MAAM,CACR,KAAK,EAAE,kBAAkB,GAC1B,OAAO,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;IAM1C,+DAA+D;IACzD,MAAM,CACR,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,kBAAkB,GAC3B,OAAO,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;IAQ1C,gDAAgD;IAC1C,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;CAMhE"}

package/dist/chains.js

@@ -0,0 +1,39 @@
+/**
+ * Chains resource — list supported blockchains and manage chain configuration.
+ *
+ * Public endpoints let any authenticated user list enabled chains.
+ * Admin endpoints allow adding, updating (e.g. setting an RPC URL), and removing chains.
+ */
+export class ChainsResource {
+    constructor(http) {
+        this.http = http;
+    }
+    /** List all enabled chains. */
+    async list() {
+        return this.http.request("GET", "/v1/chains");
+    }
+    /** Get a chain by name (e.g. "base") or numeric chain ID (e.g. "8453"). */
+    async get(identifier) {
+        return this.http.request("GET", `/v1/chains/${identifier}`);
+    }
+    // ── Admin ──────────────────────────────────────────────────────
+    /** List all chains including disabled ones (admin). */
+    async adminList() {
+        return this.http.request("GET", "/v1/admin/chains");
+    }
+    /** Add a new chain to the registry (admin). */
+    async create(chain) {
+        return this.http.request("POST", "/v1/admin/chains", {
+            body: chain,
+        });
+    }
+    /** Update chain configuration, e.g. set an RPC URL (admin). */
+    async update(chainId, update) {
+        return this.http.request("PUT", `/v1/admin/chains/${chainId}`, { body: update });
+    }
+    /** Remove a chain from the registry (admin). */
+    async delete(chainId) {
+        return this.http.request("DELETE", `/v1/admin/chains/${chainId}`);
+    }
+}
+//# sourceMappingURL=chains.js.map

package/dist/chains.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"chains.js","sourceRoot":"","sources":["../src/chains.ts"],"names":[],"mappings":"AASA;;;;;GAKG;AACH,MAAM,OAAO,cAAc;IACvB,YAA6B,IAAgB;QAAhB,SAAI,GAAJ,IAAI,CAAY;IAAG,CAAC;IAEjD,+BAA+B;IAC/B,KAAK,CAAC,IAAI;QACN,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAoB,KAAK,EAAE,YAAY,CAAC,CAAC;IACrE,CAAC;IAED,2EAA2E;IAC3E,KAAK,CAAC,GAAG,CAAC,UAAkB;QACxB,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CACpB,KAAK,EACL,cAAc,UAAU,EAAE,CAC7B,CAAC;IACN,CAAC;IAED,kEAAkE;IAElE,uDAAuD;IACvD,KAAK,CAAC,SAAS;QACX,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CACpB,KAAK,EACL,kBAAkB,CACrB,CAAC;IACN,CAAC;IAED,+CAA+C;IAC/C,KAAK,CAAC,MAAM,CACR,KAAyB;QAEzB,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAgB,MAAM,EAAE,kBAAkB,EAAE;YAChE,IAAI,EAAE,KAAK;SACd,CAAC,CAAC;IACP,CAAC;IAED,+DAA+D;IAC/D,KAAK,CAAC,MAAM,CACR,OAAe,EACf,MAA0B;QAE1B,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CACpB,KAAK,EACL,oBAAoB,OAAO,EAAE,EAC7B,EAAE,IAAI,EAAE,MAAM,EAAE,CACnB,CAAC;IACN,CAAC;IAED,gDAAgD;IAChD,KAAK,CAAC,MAAM,CAAC,OAAe;QACxB,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CACpB,QAAQ,EACR,oBAAoB,OAAO,EAAE,CAChC,CAAC;IACN,CAAC;CACJ"}

package/dist/client.d.ts

@@ -0,0 +1,99 @@
+import type { OneclawClientConfig } from "./types";
+import { VaultResource } from "./vault";
+import { SecretsResource } from "./secrets";
+import { AccessResource } from "./access";
+import { AgentsResource } from "./agents";
+import { SharingResource } from "./sharing";
+import { ApprovalsResource } from "./approvals";
+import { BillingResource } from "./billing";
+import { AuditResource } from "./audit";
+import { OrgResource } from "./org";
+import { AuthResource } from "./auth";
+import { ApiKeysResource } from "./api-keys";
+import { ChainsResource } from "./chains";
+import { X402Resource } from "./x402";
+/**
+ * The main 1Claw SDK client. All API resources are exposed as
+ * namespaced properties for discoverability and tree-shaking.
+ *
+ * @example
+ * ```ts
+ * import { createClient } from "@1claw/sdk";
+ *
+ * const client = createClient({
+ *   baseUrl: "https://api.1claw.xyz",
+ *   apiKey: "ocv_...",
+ * });
+ *
+ * // Authenticate (exchanges API key for a JWT)
+ * await client.auth.apiKeyToken({ api_key: "ocv_..." });
+ *
+ * // Use resources
+ * const vaults = await client.vault.list();
+ * const secret = await client.secrets.get(vaultId, "my-key");
+ * ```
+ */
+export declare class OneclawClient {
+    private readonly http;
+    /** Vault management — create, list, get, delete vaults. */
+    readonly vault: VaultResource;
+    /** Secret management — store, retrieve, list, rotate, delete secrets. */
+    readonly secrets: SecretsResource;
+    /** Access control — grant/revoke policies for humans and agents. */
+    readonly access: AccessResource;
+    /** Agent management — register, update, delete agents and rotate keys. */
+    readonly agents: AgentsResource;
+    /** Secret sharing — create and manage time-limited share links. */
+    readonly sharing: SharingResource;
+    /** Human-in-the-loop approvals — request, review, approve/deny. */
+    readonly approvals: ApprovalsResource;
+    /** Billing and usage — view usage summaries and per-request history. */
+    readonly billing: BillingResource;
+    /** Audit log — query the immutable audit trail. */
+    readonly audit: AuditResource;
+    /** Organization — manage members and roles. */
+    readonly org: OrgResource;
+    /** Authentication — login, agent auth, API key auth, Google OAuth. */
+    readonly auth: AuthResource;
+    /** API keys — create, list, and revoke personal API keys. */
+    readonly apiKeys: ApiKeysResource;
+    /** Supported blockchains — list chains and manage RPC configuration. */
+    readonly chains: ChainsResource;
+    /** x402 payment protocol — inspect, pay, and verify micropayments. */
+    readonly x402: X402Resource;
+    constructor(config: OneclawClientConfig);
+    /**
+     * When an API key is provided without a pre-existing token, lazily
+     * exchange it for a JWT on construction. This is async but fires
+     * without blocking the constructor — the first actual request
+     * will await token resolution.
+     */
+    private autoAuthenticate;
+}
+/**
+ * Factory function to create a new 1Claw SDK client.
+ *
+ * @example
+ * ```ts
+ * // User with API key
+ * const client = createClient({
+ *   baseUrl: "https://api.1claw.xyz",
+ *   apiKey: "ocv_...",
+ * });
+ *
+ * // Agent with API key
+ * const agent = createClient({
+ *   baseUrl: "https://api.1claw.xyz",
+ *   apiKey: "ocv_...",
+ *   agentId: "agent-uuid",
+ * });
+ *
+ * // Pre-authenticated with JWT
+ * const authed = createClient({
+ *   baseUrl: "https://api.1claw.xyz",
+ *   token: "eyJ...",
+ * });
+ * ```
+ */
+export declare function createClient(config: OneclawClientConfig): OneclawClient;
+//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAEnD,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,MAAM,OAAO,CAAC;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AACtC,OAAO,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAEtC;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,qBAAa,aAAa;IACtB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAa;IAElC,2DAA2D;IAC3D,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC;IAC9B,yEAAyE;IACzE,QAAQ,CAAC,OAAO,EAAE,eAAe,CAAC;IAClC,oEAAoE;IACpE,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC;IAChC,0EAA0E;IAC1E,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC;IAChC,mEAAmE;IACnE,QAAQ,CAAC,OAAO,EAAE,eAAe,CAAC;IAClC,mEAAmE;IACnE,QAAQ,CAAC,SAAS,EAAE,iBAAiB,CAAC;IACtC,wEAAwE;IACxE,QAAQ,CAAC,OAAO,EAAE,eAAe,CAAC;IAClC,mDAAmD;IACnD,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC;IAC9B,+CAA+C;IAC/C,QAAQ,CAAC,GAAG,EAAE,WAAW,CAAC;IAC1B,sEAAsE;IACtE,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B,6DAA6D;IAC7D,QAAQ,CAAC,OAAO,EAAE,eAAe,CAAC;IAClC,wEAAwE;IACxE,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC;IAChC,sEAAsE;IACtE,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;gBAEhB,MAAM,EAAE,mBAAmB;IAsBvC;;;;;OAKG;IACH,OAAO,CAAC,gBAAgB;CAkC3B;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,mBAAmB,GAAG,aAAa,CAEvE"}