@agent-os-sdk/client 0.9.25 → 0.9.26

package/dist/client/AgentOsClient.js

@@ -1,250 +0,0 @@
-/**
- * Agent OS SDK - Main Client
- *
- * Fully typed API client for Agent OS platform.
- *
- * Two authentication modes:
- * - API Token (server-to-server): aosk_* tokens with embedded claims
- * - JWT (browser): Supabase JWT + X-Workspace-Id header
- *
- * @example
- * ```ts
- * // API Token (server-to-server)
- * const api = new AgentOsClient({
- *   baseUrl: "https://api.agentos.io",
- *   auth: { type: "api_token", apiKey: "aosk_live_xxx" }
- * });
- *
- * // JWT (browser)
- * const api = new AgentOsClient({
- *   baseUrl: "https://api.agentos.io",
- *   auth: {
- *     type: "jwt",
- *     getToken: () => supabase.auth.getSession().then(s => s.data.session?.access_token ?? ""),
- *     getWorkspaceId: () => localStorage.getItem("agentos.workspaceId") ?? ""
- *   }
- * });
- * ```
- */
-import { isApiTokenAuth, isBrowser, isJwtAuth, } from "./auth.js";
-import { createRawClient } from "./raw.js";
-import { AgentsModule } from "../modules/agents.js";
-import { ChatwootModule } from "../modules/chatwoot.js";
-import { CredentialsModule } from "../modules/credentials.js";
-import { DatasetsModule } from "../modules/datasets.js";
-import { RolesModule } from "../modules/roles.js";
-import { MembersModule } from "../modules/members.js";
-import { RunsModule } from "../modules/runs.js";
-import { TenantsModule } from "../modules/tenants.js";
-import { ThreadsModule } from "../modules/threads.js";
-import { ToolsModule } from "../modules/tools.js";
-import { TriggersModule } from "../modules/triggers.js";
-import { WorkspacesModule } from "../modules/workspaces.js";
-// Platform modules
-import { A2aModule } from "../modules/a2a.js";
-import { ApiTokensModule } from "../modules/apiTokens.js";
-import { ApprovalsModule } from "../modules/approvals.js";
-import { AuditModule } from "../modules/audit.js";
-import { AuthModule } from "../modules/auth.js";
-import { CatalogModule } from "../modules/catalog.js";
-import { CheckpointsModule } from "../modules/checkpoints.js";
-import { ContractsModule } from "../modules/contracts.js";
-import { CronsModule } from "../modules/crons.js";
-import { EvaluationModule } from "../modules/evaluation.js";
-import { FilesModule } from "../modules/files.js";
-import { InfoModule } from "../modules/info.js";
-import { ImprovementsModule } from "../modules/improvements.js";
-import { MeModule } from "../modules/me.js";
-import { MembershipsModule } from "../modules/memberships.js";
-import { MetaAgentModule } from "../modules/metaAgent.js";
-import { MetricsModule } from "../modules/metrics.js";
-import { ObservabilityModule } from "../modules/observability.js";
-import { PlaygroundModule } from "../modules/playground.js";
-import { PresetsModule } from "../modules/presets.js";
-import { PromptsModule } from "../modules/prompts.js";
-import { StoreModule } from "../modules/store.js";
-import { TemplatesModule } from "../modules/templates.js";
-import { TracesModule } from "../modules/traces.js";
-import { UsageModule } from "../modules/usage.js";
-import { VectorStoresModule } from "../modules/vectorStores.js";
-// Re-export auth types
-export { isApiTokenAuth, isJwtAuth } from "./auth.js";
-export class AgentOsClient {
-    _client;
-    _baseUrl;
-    _auth;
-    _customHeaders;
-    // Core modules
-    agents;
-    runs;
-    threads;
-    tools;
-    datasets;
-    roles;
-    triggers;
-    credentials;
-    members;
-    tenants;
-    workspaces;
-    chatwoot;
-    // Platform modules
-    prompts;
-    traces;
-    files;
-    vectorStores;
-    evaluation;
-    checkpoints;
-    playground;
-    crons;
-    store;
-    audit;
-    usage;
-    a2a;
-    me;
-    info;
-    improvements;
-    metrics;
-    metaAgent;
-    contracts;
-    catalog;
-    approvals;
-    auth;
-    observability;
-    templates;
-    // Convenience aliases
-    experiments;
-    apiTokens;
-    memberships;
-    presets;
-    constructor(options) {
-        this._baseUrl = options.baseUrl;
-        this._auth = options.auth;
-        this._customHeaders = options.headers ?? {};
-        // Validate auth configuration
-        this._validateAuth(options);
-        // Create raw client with async header provider
-        this._client = createRawClient({
-            baseUrl: options.baseUrl,
-            headerProvider: () => this._resolveHeaders(),
-            contextProvider: options.contextProvider,
-            network: options.network,
-            hooks: options.hooks,
-        });
-        // Module header getter (sync fallback for backwards compat with module internals)
-        const getHeaders = () => this._customHeaders;
-        const getWorkspaceId = () => "";
-        const getTenantId = () => "";
-        // Initialize core modules
-        this.agents = new AgentsModule(this._client, getHeaders);
-        this.runs = new RunsModule(this._client);
-        this.threads = new ThreadsModule(this._client, getHeaders);
-        this.tools = new ToolsModule(this._client, getHeaders);
-        this.datasets = new DatasetsModule(this._client, getHeaders);
-        this.roles = new RolesModule(this._client, getHeaders);
-        this.triggers = new TriggersModule(this._client, getHeaders);
-        this.credentials = new CredentialsModule(this._client, getWorkspaceId, getHeaders);
-        this.members = new MembersModule(this._client, getHeaders);
-        this.tenants = new TenantsModule(this._client, getHeaders);
-        this.workspaces = new WorkspacesModule(this._client, getTenantId, getHeaders);
-        this.chatwoot = new ChatwootModule(this._client, getHeaders);
-        // Initialize platform modules
-        this.prompts = new PromptsModule(this._client, getHeaders);
-        this.traces = new TracesModule(this._client, getHeaders);
-        this.files = new FilesModule(this._client, getHeaders);
-        this.vectorStores = new VectorStoresModule(this._client, getHeaders);
-        this.evaluation = new EvaluationModule(this._client, getHeaders);
-        this.checkpoints = new CheckpointsModule(this._client, getHeaders);
-        this.playground = new PlaygroundModule(this._client, getHeaders);
-        this.crons = new CronsModule(this._client, getHeaders);
-        this.store = new StoreModule(this._client, getHeaders);
-        this.audit = new AuditModule(this._client, getHeaders);
-        this.usage = new UsageModule(this._client, getHeaders);
-        this.a2a = new A2aModule(this._client, getHeaders);
-        this.me = new MeModule(this._client, getHeaders);
-        this.info = new InfoModule(this._client, getHeaders);
-        this.improvements = new ImprovementsModule(this._client, getHeaders);
-        this.metrics = new MetricsModule(this._client);
-        this.metaAgent = new MetaAgentModule(this._client, getHeaders);
-        this.contracts = new ContractsModule(this._client, getHeaders);
-        this.catalog = new CatalogModule(this._client);
-        this.approvals = new ApprovalsModule(this._client, getHeaders);
-        this.auth = new AuthModule(this._client, getHeaders);
-        this.observability = new ObservabilityModule(this._client, getHeaders);
-        this.templates = new TemplatesModule(this._client, getHeaders);
-        // Initialize convenience aliases
-        this.experiments = {
-            list: this.evaluation.listExperiments.bind(this.evaluation),
-            get: this.evaluation.getExperiment.bind(this.evaluation),
-            create: this.evaluation.createExperiment.bind(this.evaluation),
-        };
-        this.apiTokens = new ApiTokensModule(this._client);
-        this.memberships = new MembershipsModule(this._client);
-        this.presets = new PresetsModule(this._client, getHeaders);
-    }
-    /**
-     * Validate auth configuration at construction time
-     */
-    _validateAuth(options) {
-        const { auth, allowApiTokenInBrowser } = options;
-        // Browser security guard for API tokens
-        if (isApiTokenAuth(auth) && isBrowser() && !allowApiTokenInBrowser) {
-            throw new Error("[AgentOS SDK] SECURITY: API tokens (aosk_*) are SERVER-SIDE only. " +
-                "Use JWT auth in the browser. Set allowApiTokenInBrowser: true only if you understand the risks.");
-        }
-    }
-    /**
-     * Resolve headers for each request (async)
-     *
-     * SECURITY INVARIANTS:
-     * - JWT: Authorization + X-Workspace-Id (REQUIRED), NO X-Tenant-Id
-     * - API Token: Authorization only, NO X-Workspace-Id, NO X-Tenant-Id
-     */
-    async _resolveHeaders() {
-        const headers = {
-            "Content-Type": "application/json",
-            ...this._customHeaders,
-        };
-        if (isApiTokenAuth(this._auth)) {
-            // API Token: Authorization header only
-            const apiKey = typeof this._auth.apiKey === "function"
-                ? await this._auth.apiKey()
-                : this._auth.apiKey;
-            if (apiKey) {
-                headers["Authorization"] = `Bearer ${apiKey}`;
-            }
-            // NO X-Workspace-Id (embedded in token claims)
-            // NO X-Tenant-Id (embedded in token claims)
-        }
-        else if (isJwtAuth(this._auth)) {
-            // JWT: Authorization + X-Workspace-Id
-            const [token, workspaceId] = await Promise.all([
-                Promise.resolve(this._auth.getToken()),
-                Promise.resolve(this._auth.getWorkspaceId()),
-            ]);
-            if (token) {
-                headers["Authorization"] = `Bearer ${token}`;
-            }
-            // Workspace ID is optional for bootstrap endpoints (e.g., /me)
-            // Most endpoints require it, but the header provider allows empty strings
-            if (workspaceId) {
-                headers["X-Workspace-Id"] = workspaceId;
-            }
-            // NO X-Tenant-Id (backend derives from workspace membership)
-        }
-        return headers;
-    }
-    /**
-     * Get resolved headers (for debugging/testing)
-     */
-    async getHeadersAsync() {
-        return this._resolveHeaders();
-    }
-    /** Auth provider type */
-    get authType() {
-        return this._auth.type;
-    }
-    /** Raw HTTP client (use modules instead) */
-    get raw() {
-        return this._client;
-    }
-}

package/dist/client/HttpRequestBuilder.d.ts

@@ -1,50 +0,0 @@
-/**
- * HttpRequestBuilder — Single source of truth for headers
- *
- * All header generation flows through this builder.
- * raw.ts should NOT generate headers directly.
- *
- * Headers generated:
- * - X-Request-Id: Per-request, always new (crypto.randomUUID)
- * - X-Correlation-Id: Per-flow, immutable within flow
- * - Authorization: Bearer token
- * - X-Workspace-Id: Workspace binding (from context)
- * - X-Idempotency-Key: Opt-in for POST requests
- * - User-Agent: SDK version + runtime info
- *
- * @see sdk-upgrade.md Section 1.3
- */
-import type { OperationContext } from "./OperationContext.js";
-export declare function sanitizeValidCorrelationId(raw?: string): string | null;
-/**
- * Options for building request headers
- */
-export interface HttpRequestBuilderOptions {
-    /** Bearer token for Authorization header */
-    token?: string;
-    /** Operation context with correlationId and workspaceId */
-    context?: OperationContext;
-    /** Idempotency key for POST requests */
-    idempotencyKey?: string;
-    /** If true, throws if correlationId is missing */
-    requireFlow?: boolean;
-}
-/**
- * Build headers for HTTP requests.
- * This is the SINGLE SOURCE OF TRUTH for header generation.
- */
-export declare class HttpRequestBuilder {
-    /**
-     * Build headers from options.
-     *
-     * @throws Error if requireFlow is true and correlationId is missing
-     */
-    build(opts: HttpRequestBuilderOptions): Record<string, string>;
-    private resolveCorrelationId;
-    /**
-     * Build User-Agent string with SDK version and runtime info
-     */
-    private buildUserAgent;
-}
-export declare const httpRequestBuilder: HttpRequestBuilder;
-//# sourceMappingURL=HttpRequestBuilder.d.ts.map

package/dist/client/HttpRequestBuilder.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"HttpRequestBuilder.d.ts","sourceRoot":"","sources":["../../src/client/HttpRequestBuilder.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAQ9D,wBAAgB,0BAA0B,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAGtE;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACtC,4CAA4C;IAC5C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2DAA2D;IAC3D,OAAO,CAAC,EAAE,gBAAgB,CAAC;IAC3B,wCAAwC;IACxC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kDAAkD;IAClD,WAAW,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;;GAGG;AACH,qBAAa,kBAAkB;IAC3B;;;;OAIG;IACH,KAAK,CAAC,IAAI,EAAE,yBAAyB,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAiC9D,OAAO,CAAC,oBAAoB;IAS5B;;OAEG;IACH,OAAO,CAAC,cAAc;CAYzB;AAGD,eAAO,MAAM,kBAAkB,oBAA2B,CAAC"}

package/dist/client/HttpRequestBuilder.js

@@ -1,83 +0,0 @@
-/**
- * HttpRequestBuilder — Single source of truth for headers
- *
- * All header generation flows through this builder.
- * raw.ts should NOT generate headers directly.
- *
- * Headers generated:
- * - X-Request-Id: Per-request, always new (crypto.randomUUID)
- * - X-Correlation-Id: Per-flow, immutable within flow
- * - Authorization: Bearer token
- * - X-Workspace-Id: Workspace binding (from context)
- * - X-Idempotency-Key: Opt-in for POST requests
- * - User-Agent: SDK version + runtime info
- *
- * @see sdk-upgrade.md Section 1.3
- */
-import { sanitizeHeader, sanitizeHeaders } from "./sanitize.js";
-const SDK_VERSION = typeof __SDK_VERSION__ !== "undefined" ? __SDK_VERSION__ : "0.7.12-dev";
-const CORRELATION_ID_PATTERN = /^[A-Za-z0-9._:-]{8,128}$/;
-export function sanitizeValidCorrelationId(raw) {
-    const candidate = sanitizeHeader((raw ?? "").trim());
-    return CORRELATION_ID_PATTERN.test(candidate) ? candidate : null;
-}
-/**
- * Build headers for HTTP requests.
- * This is the SINGLE SOURCE OF TRUTH for header generation.
- */
-export class HttpRequestBuilder {
-    /**
-     * Build headers from options.
-     *
-     * @throws Error if requireFlow is true and correlationId is missing
-     */
-    build(opts) {
-        const headers = {};
-        // I2: X-Request-Id always exists (per request)
-        headers["X-Request-Id"] = crypto.randomUUID();
-        // User-Agent: Dynamic SDK version
-        headers["User-Agent"] = this.buildUserAgent();
-        // I3: X-Correlation-Id is per flow
-        if (opts.requireFlow && !opts.context?.correlationId) {
-            throw new Error("X-Correlation-Id required for flow-scoped operations");
-        }
-        headers["X-Correlation-Id"] = this.resolveCorrelationId(opts.context?.correlationId);
-        // Authorization
-        if (opts.token) {
-            headers["Authorization"] = `Bearer ${opts.token}`;
-        }
-        // X-Workspace-Id from context
-        if (opts.context?.workspaceId) {
-            headers["X-Workspace-Id"] = opts.context.workspaceId;
-        }
-        // I7: Idempotency is opt-in
-        if (opts.idempotencyKey) {
-            headers["X-Idempotency-Key"] = sanitizeHeader(opts.idempotencyKey);
-        }
-        return sanitizeHeaders(headers);
-    }
-    resolveCorrelationId(raw) {
-        const candidate = sanitizeValidCorrelationId(raw);
-        if (candidate) {
-            return candidate;
-        }
-        return crypto.randomUUID();
-    }
-    /**
-     * Build User-Agent string with SDK version and runtime info
-     */
-    buildUserAgent() {
-        // Node.js environment
-        if (typeof process !== "undefined" && process.version) {
-            return `agent-os-sdk/${SDK_VERSION} (node/${process.version})`;
-        }
-        // Browser environment
-        if (typeof navigator !== "undefined" && navigator.userAgent) {
-            return `agent-os-sdk/${SDK_VERSION} (browser)`;
-        }
-        // Unknown environment
-        return `agent-os-sdk/${SDK_VERSION}`;
-    }
-}
-// Singleton instance for convenience
-export const httpRequestBuilder = new HttpRequestBuilder();

package/dist/client/OperationContext.d.ts

@@ -1,19 +0,0 @@
-/**
- * OperationContext — Immutable flow context
- *
- * Created at the start of a logical flow and never mutates.
- *
- * - correlationId: Tracks the entire logical operation (immutable per flow)
- * - workspaceId: Optional workspace binding
- *
- * @see sdk-upgrade.md Section 1.1
- */
-export type OperationContext = Readonly<{
-    correlationId: string;
-    workspaceId?: string;
-}>;
-export declare function createOperationContext(input: {
-    correlationId: string;
-    workspaceId?: string;
-}): OperationContext;
-//# sourceMappingURL=OperationContext.d.ts.map

package/dist/client/OperationContext.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"OperationContext.d.ts","sourceRoot":"","sources":["../../src/client/OperationContext.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,MAAM,MAAM,gBAAgB,GAAG,QAAQ,CAAC;IACpC,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC,CAAC;AAEH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE;IAC1C,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;CACxB,GAAG,gBAAgB,CAEnB"}

package/dist/client/OperationContext.js

@@ -1,13 +0,0 @@
-/**
- * OperationContext — Immutable flow context
- *
- * Created at the start of a logical flow and never mutates.
- *
- * - correlationId: Tracks the entire logical operation (immutable per flow)
- * - workspaceId: Optional workspace binding
- *
- * @see sdk-upgrade.md Section 1.1
- */
-export function createOperationContext(input) {
-    return Object.freeze({ ...input });
-}

package/dist/client/OperationContextProvider.d.ts

@@ -1,54 +0,0 @@
-/**
- * OperationContextProvider — Flow lifecycle management
- *
- * Provider defines the lifecycle of a flow context.
- * Implementations can use AsyncLocalStorage or manual context passing.
- *
- * @see sdk-upgrade.md Section 1.2
- */
-import type { OperationContext } from "./OperationContext.js";
-/**
- * Interface for context providers
- */
-export interface OperationContextProvider {
-    get(): OperationContext | undefined;
-}
-/**
- * Default provider that always returns undefined.
- * Used when no flow context is established.
- */
-export declare class DefaultContextProvider implements OperationContextProvider {
-    get(): OperationContext | undefined;
-}
-/**
- * AsyncLocalStorage-based provider for Node.js environments.
- * Automatically propagates context through async call chains.
- *
- * Note: This class requires Node.js async_hooks module.
- * Import and use only in Node.js environments.
- */
-export declare class AsyncLocalStorageContextProvider implements OperationContextProvider {
-    private readonly storage;
-    constructor();
-    get(): OperationContext | undefined;
-    /**
-     * Run a function within a context.
-     * The context is automatically available to all async operations within.
-     */
-    run<T>(context: OperationContext, fn: () => T): T;
-    /**
-     * Run an async function within a context.
-     */
-    runAsync<T>(context: OperationContext, fn: () => Promise<T>): Promise<T>;
-}
-/**
- * Manual provider for environments without AsyncLocalStorage.
- * Context must be explicitly set and cleared.
- */
-export declare class ManualContextProvider implements OperationContextProvider {
-    private context;
-    get(): OperationContext | undefined;
-    set(context: OperationContext): void;
-    clear(): void;
-}
-//# sourceMappingURL=OperationContextProvider.d.ts.map

package/dist/client/OperationContextProvider.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"OperationContextProvider.d.ts","sourceRoot":"","sources":["../../src/client/OperationContextProvider.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAE9D;;GAEG;AACH,MAAM,WAAW,wBAAwB;IACrC,GAAG,IAAI,gBAAgB,GAAG,SAAS,CAAC;CACvC;AAED;;;GAGG;AACH,qBAAa,sBAAuB,YAAW,wBAAwB;IACnE,GAAG,IAAI,gBAAgB,GAAG,SAAS;CAGtC;AAED;;;;;;GAMG;AACH,qBAAa,gCAAiC,YAAW,wBAAwB;IAE7E,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAM;;IAa9B,GAAG,IAAI,gBAAgB,GAAG,SAAS;IAInC;;;OAGG;IACH,GAAG,CAAC,CAAC,EAAE,OAAO,EAAE,gBAAgB,EAAE,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC;IAIjD;;OAEG;IACH,QAAQ,CAAC,CAAC,EAAE,OAAO,EAAE,gBAAgB,EAAE,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC;CAG3E;AAED;;;GAGG;AACH,qBAAa,qBAAsB,YAAW,wBAAwB;IAClE,OAAO,CAAC,OAAO,CAA+B;IAE9C,GAAG,IAAI,gBAAgB,GAAG,SAAS;IAInC,GAAG,CAAC,OAAO,EAAE,gBAAgB,GAAG,IAAI;IAIpC,KAAK,IAAI,IAAI;CAGhB"}

package/dist/client/OperationContextProvider.js

@@ -1,71 +0,0 @@
-/**
- * OperationContextProvider — Flow lifecycle management
- *
- * Provider defines the lifecycle of a flow context.
- * Implementations can use AsyncLocalStorage or manual context passing.
- *
- * @see sdk-upgrade.md Section 1.2
- */
-/**
- * Default provider that always returns undefined.
- * Used when no flow context is established.
- */
-export class DefaultContextProvider {
-    get() {
-        return undefined;
-    }
-}
-/**
- * AsyncLocalStorage-based provider for Node.js environments.
- * Automatically propagates context through async call chains.
- *
- * Note: This class requires Node.js async_hooks module.
- * Import and use only in Node.js environments.
- */
-export class AsyncLocalStorageContextProvider {
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    storage;
-    constructor() {
-        // Dynamic import to avoid browser errors
-        try {
-            // eslint-disable-next-line @typescript-eslint/no-require-imports
-            const asyncHooks = require("async_hooks");
-            this.storage = new asyncHooks.AsyncLocalStorage();
-        }
-        catch {
-            throw new Error("AsyncLocalStorage requires Node.js environment");
-        }
-    }
-    get() {
-        return this.storage?.getStore();
-    }
-    /**
-     * Run a function within a context.
-     * The context is automatically available to all async operations within.
-     */
-    run(context, fn) {
-        return this.storage.run(context, fn);
-    }
-    /**
-     * Run an async function within a context.
-     */
-    runAsync(context, fn) {
-        return this.storage.run(context, fn);
-    }
-}
-/**
- * Manual provider for environments without AsyncLocalStorage.
- * Context must be explicitly set and cleared.
- */
-export class ManualContextProvider {
-    context;
-    get() {
-        return this.context;
-    }
-    set(context) {
-        this.context = context;
-    }
-    clear() {
-        this.context = undefined;
-    }
-}

package/dist/client/auth.d.ts

@@ -1,100 +0,0 @@
-/**
- * Auth Provider Types for Agent OS SDK
- *
- * Two modes only:
- * - JWT (browser): Uses Supabase JWT + X-Workspace-Id header
- * - API Token (server): Uses aosk_* token with embedded claims
- */
-import type { NetworkConfig } from "./config.js";
-import type { SDKHooks } from "./raw.js";
-import type { OperationContextProvider } from "./OperationContextProvider.js";
-/**
- * API Token authentication for server-to-server integrations.
- * Token format: aosk_live_* or aosk_test_*
- *
- * SECURITY: API tokens contain embedded workspace/tenant claims.
- * The SDK sends ONLY Authorization header (no X-Workspace-Id, no X-Tenant-Id).
- *
- * @example
- * ```ts
- * const client = new AgentOsClient({
- *   baseUrl: "https://api.example.com",
- *   auth: { type: "api_token", apiKey: "aosk_live_xxx" }
- * })
- * ```
- */
-export type ApiTokenAuth = {
-    type: "api_token";
-    /** API key (aosk_*) or function that returns one */
-    apiKey: string | (() => string | Promise<string>);
-};
-/**
- * JWT authentication for browser/frontend clients.
- * Uses Supabase JWT with X-Workspace-Id header.
- *
- * SECURITY:
- * - X-Workspace-Id is REQUIRED (throws if missing)
- * - X-Tenant-Id is NEVER sent (backend derives from workspace membership)
- *
- * @example
- * ```ts
- * const client = new AgentOsClient({
- *   baseUrl: "https://api.example.com",
- *   auth: {
- *     type: "jwt",
- *     getToken: async () => (await supabase.auth.getSession()).data.session?.access_token,
- *     getWorkspaceId: () => localStorage.getItem("agentos.workspaceId")!,
- *   }
- * })
- * ```
- */
-export type JwtAuth = {
-    type: "jwt";
-    /** Function to get the JWT access token */
-    getToken: () => string | Promise<string>;
-    /** Function to get the current workspace ID (REQUIRED) */
-    getWorkspaceId: () => string | Promise<string>;
-};
-/**
- * Auth provider union type - only two modes supported
- */
-export type AuthProvider = ApiTokenAuth | JwtAuth;
-/**
- * Options for AgentOsClient - auth is REQUIRED
- */
-export type AgentOsClientOptions = {
-    /** Base URL of the Agent OS Control Plane */
-    baseUrl: string;
-    /** Authentication provider (REQUIRED) */
-    auth: AuthProvider;
-    /**
-     * Allow API token in browser environment.
-     * Default: false (throws error to prevent accidental exposure)
-     * Only set to true if you understand the security implications.
-     */
-    allowApiTokenInBrowser?: boolean;
-    /** Network policy (timeouts/retries). */
-    network?: Partial<NetworkConfig>;
-    /** Optional request lifecycle hooks for observability */
-    hooks?: SDKHooks;
-    /** Optional flow context provider (ALS/manual) for sticky correlation per operation. */
-    /** Recommended for long-lived server clients to avoid process-wide sticky fallback correlation. */
-    contextProvider?: OperationContextProvider;
-    /** Custom headers to add to all requests */
-    headers?: Record<string, string>;
-};
-export declare function isApiTokenAuth(auth: AuthProvider): auth is ApiTokenAuth;
-export declare function isJwtAuth(auth: AuthProvider): auth is JwtAuth;
-/**
- * Detect browser environment
- */
-export declare function isBrowser(): boolean;
-/**
- * Check if token looks like an API token (aosk_*)
- */
-export declare function isApiToken(token: string): boolean;
-/**
- * Check if token looks like a JWT (three base64 segments)
- */
-export declare function isJwtToken(token: string): boolean;
-//# sourceMappingURL=auth.d.ts.map

package/dist/client/auth.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/client/auth.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,+BAA+B,CAAC;AAM9E;;;;;;;;;;;;;;GAcG;AACH,MAAM,MAAM,YAAY,GAAG;IACvB,IAAI,EAAE,WAAW,CAAA;IACjB,oDAAoD;IACpD,MAAM,EAAE,MAAM,GAAG,CAAC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAA;CACpD,CAAA;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,MAAM,OAAO,GAAG;IAClB,IAAI,EAAE,KAAK,CAAA;IACX,2CAA2C;IAC3C,QAAQ,EAAE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;IACxC,0DAA0D;IAC1D,cAAc,EAAE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAA;CACjD,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,YAAY,GAAG,YAAY,GAAG,OAAO,CAAA;AAMjD;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG;IAC/B,6CAA6C;IAC7C,OAAO,EAAE,MAAM,CAAA;IACf,yCAAyC;IACzC,IAAI,EAAE,YAAY,CAAA;IAClB;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,OAAO,CAAA;IAChC,yCAAyC;IACzC,OAAO,CAAC,EAAE,OAAO,CAAC,aAAa,CAAC,CAAA;IAChC,yDAAyD;IACzD,KAAK,CAAC,EAAE,QAAQ,CAAA;IAChB,wFAAwF;IACxF,mGAAmG;IACnG,eAAe,CAAC,EAAE,wBAAwB,CAAA;IAC1C,4CAA4C;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACnC,CAAA;AAMD,wBAAgB,cAAc,CAAC,IAAI,EAAE,YAAY,GAAG,IAAI,IAAI,YAAY,CAEvE;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,YAAY,GAAG,IAAI,IAAI,OAAO,CAE7D;AAMD;;GAEG;AACH,wBAAgB,SAAS,IAAI,OAAO,CAEnC;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAEjD;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAGjD"}