@agent-os-sdk/client 0.9.26 → 0.9.28

package/dist/client/AgentOsClient.d.ts

@@ -0,0 +1,141 @@
+/**
+ * Agent OS SDK - Main Client
+ *
+ * Fully typed API client for Agent OS platform.
+ *
+ * Two authentication modes:
+ * - API Token (server-to-server): aosk_* tokens with embedded claims
+ * - JWT (browser): Supabase JWT + X-Workspace-Id header
+ *
+ * @example
+ * ```ts
+ * // API Token (server-to-server)
+ * const api = new AgentOsClient({
+ *   baseUrl: "https://api.agentos.io",
+ *   auth: { type: "api_token", apiKey: "aosk_live_xxx" }
+ * });
+ *
+ * // JWT (browser)
+ * const api = new AgentOsClient({
+ *   baseUrl: "https://api.agentos.io",
+ *   auth: {
+ *     type: "jwt",
+ *     getToken: () => supabase.auth.getSession().then(s => s.data.session?.access_token ?? ""),
+ *     getWorkspaceId: () => localStorage.getItem("agentos.workspaceId") ?? ""
+ *   }
+ * });
+ * ```
+ */
+import { type AgentOsClientOptions } from "./auth.js";
+import { type RawClient } from "./raw.js";
+import { AgentsModule } from "../modules/agents.js";
+import { ChatwootModule } from "../modules/chatwoot.js";
+import { CredentialsModule } from "../modules/credentials.js";
+import { DatasetsModule } from "../modules/datasets.js";
+import { RolesModule } from "../modules/roles.js";
+import { MembersModule } from "../modules/members.js";
+import { RunsModule } from "../modules/runs.js";
+import { TenantsModule } from "../modules/tenants.js";
+import { ThreadsModule } from "../modules/threads.js";
+import { ToolsModule } from "../modules/tools.js";
+import { TriggersModule } from "../modules/triggers.js";
+import { WorkspacesModule } from "../modules/workspaces.js";
+import { A2aModule } from "../modules/a2a.js";
+import { ApiTokensModule } from "../modules/apiTokens.js";
+import { ApprovalsModule } from "../modules/approvals.js";
+import { AuditModule } from "../modules/audit.js";
+import { AuthModule } from "../modules/auth.js";
+import { CatalogModule } from "../modules/catalog.js";
+import { CheckpointsModule } from "../modules/checkpoints.js";
+import { ContractsModule } from "../modules/contracts.js";
+import { CronsModule } from "../modules/crons.js";
+import { EvaluationModule } from "../modules/evaluation.js";
+import { FilesModule } from "../modules/files.js";
+import { InfoModule } from "../modules/info.js";
+import { ImprovementsModule } from "../modules/improvements.js";
+import { MeModule } from "../modules/me.js";
+import { MembershipsModule } from "../modules/memberships.js";
+import { MetaAgentModule } from "../modules/metaAgent.js";
+import { MetricsModule } from "../modules/metrics.js";
+import { ObservabilityModule } from "../modules/observability.js";
+import { PlaygroundModule } from "../modules/playground.js";
+import { PresetsModule } from "../modules/presets.js";
+import { PromptsModule } from "../modules/prompts.js";
+import { StoreModule } from "../modules/store.js";
+import { TemplatesModule } from "../modules/templates.js";
+import { TracesModule } from "../modules/traces.js";
+import { UsageModule } from "../modules/usage.js";
+import { VectorStoresModule } from "../modules/vectorStores.js";
+export { isApiTokenAuth, isJwtAuth } from "./auth.js";
+export type { AgentOsClientOptions, AuthProvider } from "./auth.js";
+export declare class AgentOsClient {
+    private readonly _client;
+    private readonly _baseUrl;
+    private readonly _auth;
+    private readonly _customHeaders;
+    readonly agents: AgentsModule;
+    readonly runs: RunsModule;
+    readonly threads: ThreadsModule;
+    readonly tools: ToolsModule;
+    readonly datasets: DatasetsModule;
+    readonly roles: RolesModule;
+    readonly triggers: TriggersModule;
+    readonly credentials: CredentialsModule;
+    readonly members: MembersModule;
+    readonly tenants: TenantsModule;
+    readonly workspaces: WorkspacesModule;
+    readonly chatwoot: ChatwootModule;
+    readonly prompts: PromptsModule;
+    readonly traces: TracesModule;
+    readonly files: FilesModule;
+    readonly vectorStores: VectorStoresModule;
+    readonly evaluation: EvaluationModule;
+    readonly checkpoints: CheckpointsModule;
+    readonly playground: PlaygroundModule;
+    readonly crons: CronsModule;
+    readonly store: StoreModule;
+    readonly audit: AuditModule;
+    readonly usage: UsageModule;
+    readonly a2a: A2aModule;
+    readonly me: MeModule;
+    readonly info: InfoModule;
+    readonly improvements: ImprovementsModule;
+    readonly metrics: MetricsModule;
+    readonly metaAgent: MetaAgentModule;
+    readonly contracts: ContractsModule;
+    readonly catalog: CatalogModule;
+    readonly approvals: ApprovalsModule;
+    readonly auth: AuthModule;
+    readonly observability: ObservabilityModule;
+    readonly templates: TemplatesModule;
+    readonly experiments: {
+        list: EvaluationModule["listExperiments"];
+        get: EvaluationModule["getExperiment"];
+        create: EvaluationModule["createExperiment"];
+    };
+    readonly apiTokens: ApiTokensModule;
+    readonly memberships: MembershipsModule;
+    readonly presets: PresetsModule;
+    constructor(options: AgentOsClientOptions);
+    /**
+     * Validate auth configuration at construction time
+     */
+    private _validateAuth;
+    /**
+     * Resolve headers for each request (async)
+     *
+     * SECURITY INVARIANTS:
+     * - JWT: Authorization + X-Workspace-Id (REQUIRED), NO X-Tenant-Id
+     * - API Token: Authorization only, NO X-Workspace-Id, NO X-Tenant-Id
+     */
+    private _resolveHeaders;
+    /**
+     * Get resolved headers (for debugging/testing)
+     */
+    getHeadersAsync(): Promise<Record<string, string>>;
+    /** Auth provider type */
+    get authType(): "api_token" | "jwt";
+    /** Raw HTTP client (use modules instead) */
+    get raw(): RawClient;
+}
+//# sourceMappingURL=AgentOsClient.d.ts.map

package/dist/client/AgentOsClient.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"AgentOsClient.d.ts","sourceRoot":"","sources":["../../src/client/AgentOsClient.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,OAAO,EACH,KAAK,oBAAoB,EAK5B,MAAM,WAAW,CAAC;AACnB,OAAO,EAAmB,KAAK,SAAS,EAAE,MAAM,UAAU,CAAC;AAE3D,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAG5D,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAChE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,6BAA6B,CAAC;AAClE,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC1D,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,4BAA4B,CAAC;AAGhE,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtD,YAAY,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AAEpE,qBAAa,aAAa;IACtB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAY;IACpC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAe;IACrC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAyB;IAGxD,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAC1B,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC;IAChC,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,QAAQ,CAAC,QAAQ,EAAE,cAAc,CAAC;IAClC,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,QAAQ,CAAC,QAAQ,EAAE,cAAc,CAAC;IAClC,QAAQ,CAAC,WAAW,EAAE,iBAAiB,CAAC;IACxC,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC;IAChC,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC;IAChC,QAAQ,CAAC,UAAU,EAAE,gBAAgB,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,cAAc,CAAC;IAGlC,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC;IAChC,QAAQ,CAAC,MAAM,EAAE,YAAY,CAAC;IAC9B,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,QAAQ,CAAC,YAAY,EAAE,kBAAkB,CAAC;IAC1C,QAAQ,CAAC,UAAU,EAAE,gBAAgB,CAAC;IACtC,QAAQ,CAAC,WAAW,EAAE,iBAAiB,CAAC;IACxC,QAAQ,CAAC,UAAU,EAAE,gBAAgB,CAAC;IACtC,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,QAAQ,CAAC,KAAK,EAAE,WAAW,CAAC;IAC5B,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC;IACxB,QAAQ,CAAC,EAAE,EAAE,QAAQ,CAAC;IACtB,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAC1B,QAAQ,CAAC,YAAY,EAAE,kBAAkB,CAAC;IAC1C,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC;IAChC,QAAQ,CAAC,SAAS,EAAE,eAAe,CAAC;IACpC,QAAQ,CAAC,SAAS,EAAE,eAAe,CAAC;IACpC,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC;IAChC,QAAQ,CAAC,SAAS,EAAE,eAAe,CAAC;IACpC,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC;IAC1B,QAAQ,CAAC,aAAa,EAAE,mBAAmB,CAAC;IAC5C,QAAQ,CAAC,SAAS,EAAE,eAAe,CAAC;IAGpC,QAAQ,CAAC,WAAW,EAAE;QAClB,IAAI,EAAE,gBAAgB,CAAC,iBAAiB,CAAC,CAAC;QAC1C,GAAG,EAAE,gBAAgB,CAAC,eAAe,CAAC,CAAC;QACvC,MAAM,EAAE,gBAAgB,CAAC,kBAAkB,CAAC,CAAC;KAChD,CAAC;IAEF,SAAgB,SAAS,EAAE,eAAe,CAAC;IAC3C,SAAgB,WAAW,EAAE,iBAAiB,CAAC;IAC/C,SAAgB,OAAO,EAAE,aAAa,CAAC;gBAI3B,OAAO,EAAE,oBAAoB;IA0EzC;;OAEG;IACH,OAAO,CAAC,aAAa;IAYrB;;;;;;OAMG;YACW,eAAe;IAwC7B;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAIxD,yBAAyB;IACzB,IAAI,QAAQ,IAAI,WAAW,GAAG,KAAK,CAElC;IAED,4CAA4C;IAC5C,IAAI,GAAG,IAAI,SAAS,CAEnB;CACJ"}

package/{src/client/AgentOsClient.ts → dist/client/AgentOsClient.js}

@@ -1,12 +1,12 @@
 /**
  * Agent OS SDK - Main Client
- * 
+ *
  * Fully typed API client for Agent OS platform.
- * 
+ *
  * Two authentication modes:
  * - API Token (server-to-server): aosk_* tokens with embedded claims
  * - JWT (browser): Supabase JWT + X-Workspace-Id header
- * 
+ *
  * @example
  * ```ts
  * // API Token (server-to-server)
@@ -14,7 +14,7 @@
  *   baseUrl: "https://api.agentos.io",
  *   auth: { type: "api_token", apiKey: "aosk_live_xxx" }
  * });
- * 
+ *
  * // JWT (browser)
  * const api = new AgentOsClient({
  *   baseUrl: "https://api.agentos.io",
@@ -26,16 +26,8 @@
  * });
  * ```
  */
-
-import {
-    type AgentOsClientOptions,
-    type AuthProvider,
-    isApiTokenAuth,
-    isBrowser,
-    isJwtAuth,
-} from "./auth.js";
-import { createRawClient, type RawClient } from "./raw.js";
-
+import { isApiTokenAuth, isBrowser, isJwtAuth, } from "./auth.js";
+import { createRawClient } from "./raw.js";
 import { AgentsModule } from "../modules/agents.js";
 import { ChatwootModule } from "../modules/chatwoot.js";
 import { CredentialsModule } from "../modules/credentials.js";
@@ -48,7 +40,6 @@ import { ThreadsModule } from "../modules/threads.js";
 import { ToolsModule } from "../modules/tools.js";
 import { TriggersModule } from "../modules/triggers.js";
 import { WorkspacesModule } from "../modules/workspaces.js";
-
 // Platform modules
 import { A2aModule } from "../modules/a2a.js";
 import { ApiTokensModule } from "../modules/apiTokens.js";
@@ -76,77 +67,61 @@ import { TemplatesModule } from "../modules/templates.js";
 import { TracesModule } from "../modules/traces.js";
 import { UsageModule } from "../modules/usage.js";
 import { VectorStoresModule } from "../modules/vectorStores.js";
-
 // Re-export auth types
 export { isApiTokenAuth, isJwtAuth } from "./auth.js";
-export type { AgentOsClientOptions, AuthProvider } from "./auth.js";
-
 export class AgentOsClient {
-    private readonly _client: RawClient;
-    private readonly _baseUrl: string;
-    private readonly _auth: AuthProvider;
-    private readonly _customHeaders: Record<string, string>;
-
+    _client;
+    _baseUrl;
+    _auth;
+    _customHeaders;
     // Core modules
-    readonly agents: AgentsModule;
-    readonly runs: RunsModule;
-    readonly threads: ThreadsModule;
-    readonly tools: ToolsModule;
-    readonly datasets: DatasetsModule;
-    readonly roles: RolesModule;
-    readonly triggers: TriggersModule;
-    readonly credentials: CredentialsModule;
-    readonly members: MembersModule;
-    readonly tenants: TenantsModule;
-    readonly workspaces: WorkspacesModule;
-    readonly chatwoot: ChatwootModule;
-
+    agents;
+    runs;
+    threads;
+    tools;
+    datasets;
+    roles;
+    triggers;
+    credentials;
+    members;
+    tenants;
+    workspaces;
+    chatwoot;
     // Platform modules
-    readonly prompts: PromptsModule;
-    readonly traces: TracesModule;
-    readonly files: FilesModule;
-    readonly vectorStores: VectorStoresModule;
-    readonly evaluation: EvaluationModule;
-    readonly checkpoints: CheckpointsModule;
-    readonly playground: PlaygroundModule;
-    readonly crons: CronsModule;
-    readonly store: StoreModule;
-    readonly audit: AuditModule;
-    readonly usage: UsageModule;
-    readonly a2a: A2aModule;
-    readonly me: MeModule;
-    readonly info: InfoModule;
-    readonly improvements: ImprovementsModule;
-    readonly metrics: MetricsModule;
-    readonly metaAgent: MetaAgentModule;
-    readonly contracts: ContractsModule;
-    readonly catalog: CatalogModule;
-    readonly approvals: ApprovalsModule;
-    readonly auth: AuthModule;
-    readonly observability: ObservabilityModule;
-    readonly templates: TemplatesModule;
-
+    prompts;
+    traces;
+    files;
+    vectorStores;
+    evaluation;
+    checkpoints;
+    playground;
+    crons;
+    store;
+    audit;
+    usage;
+    a2a;
+    me;
+    info;
+    improvements;
+    metrics;
+    metaAgent;
+    contracts;
+    catalog;
+    approvals;
+    auth;
+    observability;
+    templates;
     // Convenience aliases
-    readonly experiments: {
-        list: EvaluationModule["listExperiments"];
-        get: EvaluationModule["getExperiment"];
-        create: EvaluationModule["createExperiment"];
-    };
-
-    public readonly apiTokens: ApiTokensModule;
-    public readonly memberships: MembershipsModule;
-    public readonly presets: PresetsModule;
-
-
-
-    constructor(options: AgentOsClientOptions) {
+    experiments;
+    apiTokens;
+    memberships;
+    presets;
+    constructor(options) {
         this._baseUrl = options.baseUrl;
         this._auth = options.auth;
         this._customHeaders = options.headers ?? {};
-
         // Validate auth configuration
         this._validateAuth(options);
-
         // Create raw client with async header provider
         this._client = createRawClient({
             baseUrl: options.baseUrl,
@@ -155,12 +130,10 @@ export class AgentOsClient {
             network: options.network,
             hooks: options.hooks,
         });
-
         // Module header getter (sync fallback for backwards compat with module internals)
         const getHeaders = () => this._customHeaders;
         const getWorkspaceId = () => "";
         const getTenantId = () => "";
-
         // Initialize core modules
         this.agents = new AgentsModule(this._client, getHeaders);
         this.runs = new RunsModule(this._client);
@@ -174,7 +147,6 @@ export class AgentOsClient {
         this.tenants = new TenantsModule(this._client, getHeaders);
         this.workspaces = new WorkspacesModule(this._client, getTenantId, getHeaders);
         this.chatwoot = new ChatwootModule(this._client, getHeaders);
-
         // Initialize platform modules
         this.prompts = new PromptsModule(this._client, getHeaders);
         this.traces = new TracesModule(this._client, getHeaders);
@@ -199,71 +171,59 @@ export class AgentOsClient {
         this.auth = new AuthModule(this._client, getHeaders);
         this.observability = new ObservabilityModule(this._client, getHeaders);
         this.templates = new TemplatesModule(this._client, getHeaders);
-
         // Initialize convenience aliases
         this.experiments = {
             list: this.evaluation.listExperiments.bind(this.evaluation),
             get: this.evaluation.getExperiment.bind(this.evaluation),
             create: this.evaluation.createExperiment.bind(this.evaluation),
         };
-
         this.apiTokens = new ApiTokensModule(this._client);
         this.memberships = new MembershipsModule(this._client);
         this.presets = new PresetsModule(this._client, getHeaders);
-
     }
-
     /**
      * Validate auth configuration at construction time
      */
-    private _validateAuth(options: AgentOsClientOptions): void {
+    _validateAuth(options) {
         const { auth, allowApiTokenInBrowser } = options;
-
         // Browser security guard for API tokens
         if (isApiTokenAuth(auth) && isBrowser() && !allowApiTokenInBrowser) {
-            throw new Error(
-                "[AgentOS SDK] SECURITY: API tokens (aosk_*) are SERVER-SIDE only. " +
-                "Use JWT auth in the browser. Set allowApiTokenInBrowser: true only if you understand the risks."
-            );
+            throw new Error("[AgentOS SDK] SECURITY: API tokens (aosk_*) are SERVER-SIDE only. " +
+                "Use JWT auth in the browser. Set allowApiTokenInBrowser: true only if you understand the risks.");
         }
     }
-
     /**
      * Resolve headers for each request (async)
-     * 
+     *
      * SECURITY INVARIANTS:
      * - JWT: Authorization + X-Workspace-Id (REQUIRED), NO X-Tenant-Id
      * - API Token: Authorization only, NO X-Workspace-Id, NO X-Tenant-Id
      */
-    private async _resolveHeaders(): Promise<Record<string, string>> {
-        const headers: Record<string, string> = {
+    async _resolveHeaders() {
+        const headers = {
             "Content-Type": "application/json",
             ...this._customHeaders,
         };
-
         if (isApiTokenAuth(this._auth)) {
             // API Token: Authorization header only
             const apiKey = typeof this._auth.apiKey === "function"
                 ? await this._auth.apiKey()
                 : this._auth.apiKey;
-
             if (apiKey) {
                 headers["Authorization"] = `Bearer ${apiKey}`;
             }
             // NO X-Workspace-Id (embedded in token claims)
             // NO X-Tenant-Id (embedded in token claims)
-
-        } else if (isJwtAuth(this._auth)) {
+        }
+        else if (isJwtAuth(this._auth)) {
             // JWT: Authorization + X-Workspace-Id
             const [token, workspaceId] = await Promise.all([
                 Promise.resolve(this._auth.getToken()),
                 Promise.resolve(this._auth.getWorkspaceId()),
             ]);
-
             if (token) {
                 headers["Authorization"] = `Bearer ${token}`;
             }
-
             // Workspace ID is optional for bootstrap endpoints (e.g., /me)
             // Most endpoints require it, but the header provider allows empty strings
             if (workspaceId) {
@@ -271,24 +231,20 @@ export class AgentOsClient {
             }
             // NO X-Tenant-Id (backend derives from workspace membership)
         }
-
         return headers;
     }
-
     /**
      * Get resolved headers (for debugging/testing)
      */
-    async getHeadersAsync(): Promise<Record<string, string>> {
+    async getHeadersAsync() {
         return this._resolveHeaders();
     }
-
     /** Auth provider type */
-    get authType(): "api_token" | "jwt" {
+    get authType() {
         return this._auth.type;
     }
-
     /** Raw HTTP client (use modules instead) */
-    get raw(): RawClient {
+    get raw() {
         return this._client;
     }
 }

package/dist/client/HttpRequestBuilder.d.ts

@@ -0,0 +1,50 @@
+/**
+ * HttpRequestBuilder — Single source of truth for headers
+ *
+ * All header generation flows through this builder.
+ * raw.ts should NOT generate headers directly.
+ *
+ * Headers generated:
+ * - X-Request-Id: Per-request, always new (crypto.randomUUID)
+ * - X-Correlation-Id: Per-flow, immutable within flow
+ * - Authorization: Bearer token
+ * - X-Workspace-Id: Workspace binding (from context)
+ * - X-Idempotency-Key: Opt-in for POST requests
+ * - User-Agent: SDK version + runtime info
+ *
+ * @see sdk-upgrade.md Section 1.3
+ */
+import type { OperationContext } from "./OperationContext.js";
+export declare function sanitizeValidCorrelationId(raw?: string): string | null;
+/**
+ * Options for building request headers
+ */
+export interface HttpRequestBuilderOptions {
+    /** Bearer token for Authorization header */
+    token?: string;
+    /** Operation context with correlationId and workspaceId */
+    context?: OperationContext;
+    /** Idempotency key for POST requests */
+    idempotencyKey?: string;
+    /** If true, throws if correlationId is missing */
+    requireFlow?: boolean;
+}
+/**
+ * Build headers for HTTP requests.
+ * This is the SINGLE SOURCE OF TRUTH for header generation.
+ */
+export declare class HttpRequestBuilder {
+    /**
+     * Build headers from options.
+     *
+     * @throws Error if requireFlow is true and correlationId is missing
+     */
+    build(opts: HttpRequestBuilderOptions): Record<string, string>;
+    private resolveCorrelationId;
+    /**
+     * Build User-Agent string with SDK version and runtime info
+     */
+    private buildUserAgent;
+}
+export declare const httpRequestBuilder: HttpRequestBuilder;
+//# sourceMappingURL=HttpRequestBuilder.d.ts.map

package/dist/client/HttpRequestBuilder.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"HttpRequestBuilder.d.ts","sourceRoot":"","sources":["../../src/client/HttpRequestBuilder.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uBAAuB,CAAC;AAQ9D,wBAAgB,0BAA0B,CAAC,GAAG,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAGtE;AAED;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACtC,4CAA4C;IAC5C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2DAA2D;IAC3D,OAAO,CAAC,EAAE,gBAAgB,CAAC;IAC3B,wCAAwC;IACxC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,kDAAkD;IAClD,WAAW,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;;GAGG;AACH,qBAAa,kBAAkB;IAC3B;;;;OAIG;IACH,KAAK,CAAC,IAAI,EAAE,yBAAyB,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC;IAiC9D,OAAO,CAAC,oBAAoB;IAS5B;;OAEG;IACH,OAAO,CAAC,cAAc;CAYzB;AAGD,eAAO,MAAM,kBAAkB,oBAA2B,CAAC"}

package/{src/client/HttpRequestBuilder.ts → dist/client/HttpRequestBuilder.js}

@@ -1,9 +1,9 @@
 /**
  * HttpRequestBuilder — Single source of truth for headers
- * 
+ *
  * All header generation flows through this builder.
  * raw.ts should NOT generate headers directly.
- * 
+ *
  * Headers generated:
  * - X-Request-Id: Per-request, always new (crypto.randomUUID)
  * - X-Correlation-Id: Per-flow, immutable within flow
@@ -11,37 +11,16 @@
  * - X-Workspace-Id: Workspace binding (from context)
  * - X-Idempotency-Key: Opt-in for POST requests
  * - User-Agent: SDK version + runtime info
- * 
+ *
  * @see sdk-upgrade.md Section 1.3
  */
-
-import type { OperationContext } from "./OperationContext.js";
 import { sanitizeHeader, sanitizeHeaders } from "./sanitize.js";
-
-// SDK version injected at build time, fallback for local dev
-declare const __SDK_VERSION__: string | undefined;
 const SDK_VERSION = typeof __SDK_VERSION__ !== "undefined" ? __SDK_VERSION__ : "0.7.12-dev";
 const CORRELATION_ID_PATTERN = /^[A-Za-z0-9._:-]{8,128}$/;
-
-export function sanitizeValidCorrelationId(raw?: string): string | null {
+export function sanitizeValidCorrelationId(raw) {
     const candidate = sanitizeHeader((raw ?? "").trim());
     return CORRELATION_ID_PATTERN.test(candidate) ? candidate : null;
 }
-
-/**
- * Options for building request headers
- */
-export interface HttpRequestBuilderOptions {
-    /** Bearer token for Authorization header */
-    token?: string;
-    /** Operation context with correlationId and workspaceId */
-    context?: OperationContext;
-    /** Idempotency key for POST requests */
-    idempotencyKey?: string;
-    /** If true, throws if correlationId is missing */
-    requireFlow?: boolean;
-}
-
 /**
  * Build headers for HTTP requests.
  * This is the SINGLE SOURCE OF TRUTH for header generation.
@@ -49,55 +28,45 @@ export interface HttpRequestBuilderOptions {
 export class HttpRequestBuilder {
     /**
      * Build headers from options.
-     * 
+     *
      * @throws Error if requireFlow is true and correlationId is missing
      */
-    build(opts: HttpRequestBuilderOptions): Record<string, string> {
-        const headers: Record<string, string> = {};
-
+    build(opts) {
+        const headers = {};
         // I2: X-Request-Id always exists (per request)
         headers["X-Request-Id"] = crypto.randomUUID();
-
         // User-Agent: Dynamic SDK version
         headers["User-Agent"] = this.buildUserAgent();
-
         // I3: X-Correlation-Id is per flow
         if (opts.requireFlow && !opts.context?.correlationId) {
             throw new Error("X-Correlation-Id required for flow-scoped operations");
         }
         headers["X-Correlation-Id"] = this.resolveCorrelationId(opts.context?.correlationId);
-
         // Authorization
         if (opts.token) {
             headers["Authorization"] = `Bearer ${opts.token}`;
         }
-
         // X-Workspace-Id from context
         if (opts.context?.workspaceId) {
             headers["X-Workspace-Id"] = opts.context.workspaceId;
         }
-
         // I7: Idempotency is opt-in
         if (opts.idempotencyKey) {
             headers["X-Idempotency-Key"] = sanitizeHeader(opts.idempotencyKey);
         }
-
         return sanitizeHeaders(headers);
     }
-
-    private resolveCorrelationId(raw?: string): string {
+    resolveCorrelationId(raw) {
         const candidate = sanitizeValidCorrelationId(raw);
         if (candidate) {
             return candidate;
         }
-
         return crypto.randomUUID();
     }
-
     /**
      * Build User-Agent string with SDK version and runtime info
      */
-    private buildUserAgent(): string {
+    buildUserAgent() {
         // Node.js environment
         if (typeof process !== "undefined" && process.version) {
             return `agent-os-sdk/${SDK_VERSION} (node/${process.version})`;
@@ -110,6 +79,5 @@ export class HttpRequestBuilder {
         return `agent-os-sdk/${SDK_VERSION}`;
     }
 }
-
 // Singleton instance for convenience
 export const httpRequestBuilder = new HttpRequestBuilder();

package/{src/client/OperationContext.ts → dist/client/OperationContext.d.ts}

@@ -1,22 +1,19 @@
 /**
  * OperationContext — Immutable flow context
- * 
+ *
  * Created at the start of a logical flow and never mutates.
- * 
+ *
  * - correlationId: Tracks the entire logical operation (immutable per flow)
  * - workspaceId: Optional workspace binding
- * 
+ *
  * @see sdk-upgrade.md Section 1.1
  */
-
 export type OperationContext = Readonly<{
     correlationId: string;
     workspaceId?: string;
 }>;
-
-export function createOperationContext(input: {
+export declare function createOperationContext(input: {
     correlationId: string;
     workspaceId?: string;
-}): OperationContext {
-    return Object.freeze({ ...input });
-}
+}): OperationContext;
+//# sourceMappingURL=OperationContext.d.ts.map

package/dist/client/OperationContext.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"OperationContext.d.ts","sourceRoot":"","sources":["../../src/client/OperationContext.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,MAAM,MAAM,gBAAgB,GAAG,QAAQ,CAAC;IACpC,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC,CAAC;AAEH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE;IAC1C,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,CAAC,EAAE,MAAM,CAAC;CACxB,GAAG,gBAAgB,CAEnB"}

package/dist/client/OperationContext.js

@@ -0,0 +1,13 @@
+/**
+ * OperationContext — Immutable flow context
+ *
+ * Created at the start of a logical flow and never mutates.
+ *
+ * - correlationId: Tracks the entire logical operation (immutable per flow)
+ * - workspaceId: Optional workspace binding
+ *
+ * @see sdk-upgrade.md Section 1.1
+ */
+export function createOperationContext(input) {
+    return Object.freeze({ ...input });
+}