@aithos/sdk 0.1.0-alpha.23 → 0.1.0-alpha.25

package/dist/src/compute.d.ts

@@ -192,119 +192,6 @@ export interface InvokeSegmentationResult {
     readonly walletBalance: number;
     readonly auditId: string;
 }
-/**
- * Models accepted by `invokeUrlFetch`. These are the Anthropic-API-direct
- * model aliases — the proxy resolves them to the canonical API model id
- * (`claude-haiku-4-5-20251001`, etc.) at dispatch time.
- *
- * Bedrock's compute_invoke supports the same names but routes through
- * Bedrock; url_fetch routes through `api.anthropic.com` directly because
- * the `web_fetch` server-side tool isn't exposed via Bedrock.
- */
-export type UrlFetchModelId = "claude-haiku-4-5" | "claude-sonnet-4-6" | "claude-opus-4-6";
-export interface InvokeUrlFetchArgs {
-    /**
-     * Mandate ID under which this call should be attributed.
-     *
-     * - **Owner sessions**: optional. The owner's own DID is used as a
-     *   sentinel "self" mandate id; the proxy skips all mandate checks
-     *   for owner-signed envelopes.
-     * - **Delegate sessions**: required. Must reference an imported
-     *   mandate bundle that carries the `compute.url_fetch` scope (NOT
-     *   the same scope as `compute.invoke` — see the protocol spec).
-     */
-    readonly mandateId?: string;
-    /**
-     * Anthropic model alias. Default `"claude-haiku-4-5"` — fastest and
-     * cheapest model that supports `web_fetch`. Bump to Sonnet 4.6 for
-     * deeper reasoning over the fetched content; Opus 4.6 for the
-     * heaviest analyses (priced accordingly via reconcile). Opus 4.7 is
-     * provisioned but commercially gated — see the docstring on
-     * InvokeBedrockArgs.model for the unlock path.
-     */
-    readonly model?: UrlFetchModelId;
-    /**
-     * User prompt — should normally contain the URL(s) the caller wants
-     * the model to fetch and analyze. Example:
-     *   "Voici l'URL https://tata.com — résume le service, identifie
-     *    le style du site et la couleur primaire. Renvoie en JSON."
-     */
-    readonly prompt: string;
-    /** Optional system prompt (Anthropic-style separate field). */
-    readonly system?: string;
-    /** Cap on output tokens. Default 2048. */
-    readonly maxTokens?: number;
-    /** Sampling temperature. Default model-dependent. */
-    readonly temperature?: number;
-    /**
-     * Maximum number of `web_fetch` invocations the model is allowed to
-     * make in this call. Default 5; range [1, 10].
-     */
-    readonly maxFetches?: number;
-    /**
-     * Maximum tokens of fetched content Anthropic will inject per fetch.
-     * Default 100_000; range [1000, 200_000]. Pages larger than this
-     * are truncated server-side.
-     */
-    readonly maxContentTokens?: number;
-    /**
-     * When `true` (default), the response carries citation spans tying
-     * generated text back to fetched documents — useful for displaying
-     * "selon X, …" footnotes in the UI without post-processing.
-     */
-    readonly citations?: boolean;
-    /**
-     * Optional domain allowlist — if set, the model can only fetch from
-     * these domains. Mutually exclusive with `blockedDomains`.
-     */
-    readonly allowedDomains?: readonly string[];
-    /**
-     * Optional domain blocklist. Mutually exclusive with `allowedDomains`.
-     */
-    readonly blockedDomains?: readonly string[];
-    /** Idempotency key for retries (generated if omitted). */
-    readonly idempotencyKey?: string;
-    /** Abort signal to cancel the request. */
-    readonly signal?: AbortSignal;
-}
-/**
- * Single citation projection — flattened from Anthropic's wire shape so
- * consumers can render `{cited_text}` next to `{url}` without parsing
- * vendor-specific block types.
- */
-export interface UrlFetchCitation {
-    readonly url: string;
-    readonly citedText: string;
-    readonly documentTitle?: string;
-    readonly startCharIndex?: number;
-    readonly endCharIndex?: number;
-}
-/** Per-fetch metadata in the order the model performed the fetches. */
-export interface UrlFetchMetadata {
-    readonly url: string;
-    readonly retrievedAt?: string;
-    readonly title?: string;
-}
-export interface InvokeUrlFetchResult {
-    /** Final assistant text — typically a JSON string when the prompt asked for structure. */
-    readonly content: string;
-    /** Citation spans (empty when `citations: false` or no fetches succeeded). */
-    readonly citations: readonly UrlFetchCitation[];
-    /** Per-URL fetch metadata. */
-    readonly urlsFetched: readonly UrlFetchMetadata[];
-    readonly stopReason: "end_turn" | "max_tokens" | "tool_use" | "stop_sequence" | "pause_turn" | "refusal";
-    readonly usage: {
-        readonly inputTokens: number;
-        readonly outputTokens: number;
-        readonly webFetchInvocations: number;
-    };
-    /** Microcredits charged after reconcile (already net of any refund). */
-    readonly creditsCharged: number;
-    /** Wallet balance after the debit + reconcile. */
-    readonly walletBalance: number;
-    /** Audit log id for traceability. */
-    readonly auditId: string;
-}
 export interface ComputeNamespaceDeps {
     readonly auth: AithosAuth;
     readonly appDid: string;
@@ -392,41 +279,5 @@ export declare class ComputeNamespace {
      * Pricing: flat 5 000 mc per call (~$0.005 — Florence-2 is cheap).
      */
     invokeSegmentation(args: InvokeSegmentationArgs): Promise<InvokeSegmentationResult>;
-    /**
-     * Fetch one or more URLs and have Claude analyze the content. Routes
-     * through `api.anthropic.com` with the `web_fetch` server-side tool —
-     * NOT through Bedrock — because Bedrock does not expose Anthropic's
-     * server-side tools (web_fetch, web_search, etc.). The proxy hides
-     * this multi-backend detail from the SDK consumer; the wallet,
-     * envelope, and mandate-scope contracts are unchanged.
-     *
-     * Typical use:
-     * ```ts
-     * const r = await sdk.compute.invokeUrlFetch({
-     *   prompt: "Voici l'URL https://tata.com — résume le service, " +
-     *           "identifie le style et la couleur primaire. JSON.",
-     * });
-     * console.log(r.content);
-     * for (const c of r.citations) console.log(c.url, "→", c.citedText);
-     * ```
-     *
-     * Mandate scope: requires `compute.url_fetch` (distinct from
-     * `compute.invoke` — see {@link InvokeUrlFetchArgs.mandateId}).
-     *
-     * Pricing: same Claude 4.x rates as Bedrock (Anthropic's direct API
-     * and Bedrock list prices are identical). Default Haiku 4.5 ≈
-     * $0.001/1k input + $0.005/1k output. The proxy pre-debits a
-     * conservative upper bound (`maxFetches × maxContentTokens × input
-     * rate + maxTokens × output rate`) and reconciles down to the actual
-     * usage Anthropic reports — so the wallet is always charged the
-     * exact post-call cost.
-     *
-     * @throws {AithosSDKError} on protocol errors. Notable codes:
-     *   `sdk_no_signer`, `sdk_no_delegate_for_mandate`, `network`,
-     *   `http`, `empty`, plus proxy codes `-32042` (mandate scope
-     *   missing), `-32070`/`-32071` (wallet), `-32074` (fetch blocked
-     *   by robots.txt / domain filter), `-32050` (rate limit).
-     */
-    invokeUrlFetch(args: InvokeUrlFetchArgs): Promise<InvokeUrlFetchResult>;
 }
 //# sourceMappingURL=compute.d.ts.map

package/dist/src/compute.js

@@ -234,82 +234,6 @@ export class ComputeNamespace {
             signal: args.signal,
         });
     }
-    /**
-     * Fetch one or more URLs and have Claude analyze the content. Routes
-     * through `api.anthropic.com` with the `web_fetch` server-side tool —
-     * NOT through Bedrock — because Bedrock does not expose Anthropic's
-     * server-side tools (web_fetch, web_search, etc.). The proxy hides
-     * this multi-backend detail from the SDK consumer; the wallet,
-     * envelope, and mandate-scope contracts are unchanged.
-     *
-     * Typical use:
-     * ```ts
-     * const r = await sdk.compute.invokeUrlFetch({
-     *   prompt: "Voici l'URL https://tata.com — résume le service, " +
-     *           "identifie le style et la couleur primaire. JSON.",
-     * });
-     * console.log(r.content);
-     * for (const c of r.citations) console.log(c.url, "→", c.citedText);
-     * ```
-     *
-     * Mandate scope: requires `compute.url_fetch` (distinct from
-     * `compute.invoke` — see {@link InvokeUrlFetchArgs.mandateId}).
-     *
-     * Pricing: same Claude 4.x rates as Bedrock (Anthropic's direct API
-     * and Bedrock list prices are identical). Default Haiku 4.5 ≈
-     * $0.001/1k input + $0.005/1k output. The proxy pre-debits a
-     * conservative upper bound (`maxFetches × maxContentTokens × input
-     * rate + maxTokens × output rate`) and reconciles down to the actual
-     * usage Anthropic reports — so the wallet is always charged the
-     * exact post-call cost.
-     *
-     * @throws {AithosSDKError} on protocol errors. Notable codes:
-     *   `sdk_no_signer`, `sdk_no_delegate_for_mandate`, `network`,
-     *   `http`, `empty`, plus proxy codes `-32042` (mandate scope
-     *   missing), `-32070`/`-32071` (wallet), `-32074` (fetch blocked
-     *   by robots.txt / domain filter), `-32050` (rate limit).
-     */
-    async invokeUrlFetch(args) {
-        const { endpoints, fetch: fetchImpl } = this.#deps;
-        const choice = this.#resolveSigner(args.mandateId);
-        const url = computeInvokeUrl(endpoints);
-        const idempotencyKey = args.idempotencyKey ?? generateIdempotencyKey();
-        const model = args.model ?? "claude-haiku-4-5";
-        const params = {
-            app_did: this.#deps.appDid,
-            mandate_id: this.#resolveMandateIdForWire(args.mandateId, choice),
-            model,
-            prompt: args.prompt,
-            idempotency_key: idempotencyKey,
-        };
-        if (args.system !== undefined)
-            params.system = args.system;
-        if (args.maxTokens !== undefined)
-            params.max_tokens = args.maxTokens;
-        if (args.temperature !== undefined)
-            params.temperature = args.temperature;
-        if (args.maxFetches !== undefined)
-            params.max_fetches = args.maxFetches;
-        if (args.maxContentTokens !== undefined) {
-            params.max_content_tokens = args.maxContentTokens;
-        }
-        if (args.citations !== undefined)
-            params.citations = args.citations;
-        if (args.allowedDomains !== undefined && args.allowedDomains.length > 0) {
-            params.allowed_domains = args.allowedDomains;
-        }
-        if (args.blockedDomains !== undefined && args.blockedDomains.length > 0) {
-            params.blocked_domains = args.blockedDomains;
-        }
-        return await this.#signAndPost({
-            url,
-            method: "aithos.compute_invoke_url_fetch",
-            params,
-            choice,
-            fetchImpl,
-            signal: args.signal,
-        });
-    }
     /**
      * Resolve the active signer (owner takes precedence over delegate).
      *

package/dist/src/data-schema-contacts-v1.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Bundled copy of the `aithos.contacts.v1` schema.
+ *
+ * Mirrors `spec/data/schemas/aithos.contacts.v1.json` of the
+ * Aithos-protocol repo. The SDK uses this to split a record into its
+ * indexable (metadata) and encrypted (payload) parts on insert and to
+ * recombine them on read.
+ *
+ * In a later iteration the SDK will fetch / resolve schemas dynamically
+ * from a registry; for v0.1 we bundle the core schemas.
+ */
+import type { AithosSchemaLite } from "./data.js";
+export declare const contactsV1: AithosSchemaLite;
+//# sourceMappingURL=data-schema-contacts-v1.d.ts.map

package/dist/src/data-schema-contacts-v1.js

@@ -0,0 +1,28 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+export const contactsV1 = {
+    schema: "aithos.contacts.v1",
+    indexable: new Set([
+        "name",
+        "email",
+        "phone_hash",
+        "status",
+        "tags",
+        "source",
+        "created_at",
+        "modified_at",
+        "last_contacted_at",
+    ]),
+    encrypted: new Set([
+        "phone",
+        "notes",
+        "conversation_log",
+        "form_responses",
+        "custom_fields",
+    ]),
+    auto: new Set(["created_at", "modified_at"]),
+    defaults: {
+        status: "lead",
+    },
+};
+//# sourceMappingURL=data-schema-contacts-v1.js.map

package/dist/src/data.d.ts

@@ -0,0 +1,97 @@
+export interface AithosSchemaLite {
+    readonly schema: string;
+    readonly indexable: ReadonlySet<string>;
+    readonly encrypted: ReadonlySet<string>;
+    readonly auto: ReadonlySet<string>;
+    readonly defaults: Readonly<Record<string, unknown>>;
+}
+export interface CreateDataClientArgs {
+    /** Base URL of the deployed PDS (e.g. https://abc.execute-api.eu-west-3.amazonaws.com). */
+    readonly pdsUrl: string;
+    /** Subject DID — typically did:key:… in dev, did:aithos:… in prod. */
+    readonly did: string;
+    /**
+     * Ed25519 sphere seed (32 bytes). For did:key this is the same as
+     * the key embedded in the DID itself. For did:aithos this is the
+     * subject's `#data` (or `#public`) sphere key.
+     */
+    readonly sphereSeed: Uint8Array;
+    /**
+     * The verification method URL within the DID document used to sign
+     * envelopes. For did:key this is `<did>#<multibase>`. For did:aithos
+     * this is `<did>#data` (or `#public`).
+     */
+    readonly verificationMethod: string;
+    /** Optional fetch implementation. Defaults to globalThis.fetch. */
+    readonly fetch?: typeof fetch;
+}
+export interface DataClient {
+    /** Get / create a collection handle. */
+    collection(name: string): DataCollection;
+    /** Initialize a new collection with an explicit schema. */
+    createCollection(args: {
+        name: string;
+        schema: string;
+        forwardSecrecy?: "best_effort" | "strict";
+    }): Promise<void>;
+    /** List collections owned by this subject. */
+    listCollections(): Promise<readonly {
+        name: string;
+        schema: string;
+        record_count: number;
+    }[]>;
+    /** List gamma audit entries. */
+    listGammaEntries(opts?: {
+        limit?: number;
+        opPrefix?: string;
+        verify?: boolean;
+    }): Promise<unknown>;
+    /** Drop in-memory cache (CMK, collection metadata, …). */
+    reset(): void;
+}
+export interface DataCollection {
+    readonly name: string;
+    /**
+     * Insert a record. The object MAY contain both indexable and
+     * encrypted fields per the schema; the SDK splits them.
+     */
+    insert(record: Record<string, unknown>): Promise<string>;
+    /** Fetch one record by id (decrypted client-side). */
+    get(recordId: string): Promise<Record<string, unknown> | null>;
+    /** List records, decrypted. Pagination via opaque cursor. */
+    list(opts?: ListOpts): Promise<{
+        items: Record<string, unknown>[];
+        nextCursor?: string;
+    }>;
+    /**
+     * Replace a record. Same shape as insert; the SDK splits indexable
+     * vs encrypted again per the schema.
+     */
+    update(recordId: string, record: Record<string, unknown>): Promise<void>;
+    /** Soft-delete a record. */
+    delete(recordId: string): Promise<void>;
+}
+export interface ListOpts {
+    readonly filter?: {
+        readonly equals?: {
+            field: string;
+            value: unknown;
+        };
+        readonly contains?: {
+            field: string;
+            value: string;
+        };
+        readonly tagsAny?: readonly string[];
+        readonly tagsAll?: readonly string[];
+        readonly range?: {
+            field: string;
+            gte?: string;
+            lte?: string;
+        };
+    };
+    readonly order?: "newest" | "oldest";
+    readonly limit?: number;
+    readonly cursor?: string;
+}
+export declare function createDataClient(args: CreateDataClientArgs): DataClient;
+//# sourceMappingURL=data.d.ts.map

package/dist/src/data.js

@@ -0,0 +1,616 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+/**
+ * `sdk.data` — high-level API for the Aithos data sub-protocol PDS.
+ *
+ * The Aithos data sub-protocol stores operational records (contacts,
+ * messages, ...) under a subject's identity, encrypted client-side,
+ * accessible to authorized apps via signed mandates. This module is the
+ * ergonomic façade developers consume:
+ *
+ *     const client = createDataClient({ pdsUrl, did, sphereSeed });
+ *     const contacts = client.collection("contacts");
+ *     const id = await contacts.insert({ name: "Jean", phone: "+33..." });
+ *     const list = await contacts.list({ filter: { status: "lead" } });
+ *
+ * Under the hood the module handles: envelope signing per spec §11,
+ * CMK / DEK lifecycle (generate, wrap, unwrap), per-record AEAD
+ * encryption, split between indexable metadata (server-visible) and
+ * encrypted payload (server-blind), JSON-RPC dispatch.
+ *
+ * It does not (yet) handle: mandate-delegate authentication on the
+ * caller side (the SDK only signs as owner in v0.1), schema
+ * publication (only the bundled `aithos.contacts.v1` is recognized),
+ * forward-secrecy CMK rotation primitives. Those land in later
+ * Sub-jalons.
+ *
+ * Spec ref: spec/data/01..10 of the aithos-protocol repo.
+ */
+import { x25519 } from "@noble/curves/ed25519.js";
+import { hkdf } from "@noble/hashes/hkdf.js";
+import { sha256, sha512 } from "@noble/hashes/sha2.js";
+import { XChaCha20Poly1305 } from "@stablelib/xchacha20poly1305";
+import * as ed from "@noble/ed25519";
+import { contactsV1 } from "./data-schema-contacts-v1.js";
+// noble/ed25519 v2 needs sha512 wired in for sync sign/verify
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+ed.etc.sha512Sync = (...m) => 
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+sha512(ed.etc.concatBytes(...m));
+/* -------------------------------------------------------------------------- */
+/*  Schema registry (local)                                                   */
+/* -------------------------------------------------------------------------- */
+const SCHEMAS = new Map([
+    [contactsV1.schema, contactsV1],
+]);
+/* -------------------------------------------------------------------------- */
+/*  Public factory                                                            */
+/* -------------------------------------------------------------------------- */
+export function createDataClient(args) {
+    return new DataClientImpl(args);
+}
+/* -------------------------------------------------------------------------- */
+/*  Implementation                                                            */
+/* -------------------------------------------------------------------------- */
+class DataClientImpl {
+    #pdsUrl;
+    #did;
+    #seed;
+    #vm;
+    #fetch;
+    // Per-collection CMK cache: cleared on reset()
+    #cmkCache = new Map();
+    #colCache = new Map();
+    constructor(args) {
+        this.#pdsUrl = args.pdsUrl.replace(/\/$/, "");
+        this.#did = args.did;
+        this.#seed = args.sphereSeed;
+        this.#vm = args.verificationMethod;
+        this.#fetch = args.fetch ?? globalThis.fetch.bind(globalThis);
+    }
+    collection(name) {
+        return new DataCollectionImpl(this, name);
+    }
+    async createCollection(args) {
+        const cmk = randomBytes32();
+        const recipientDidUrl = `${this.#did}#data-kex`;
+        const collectionUrn = this.#collectionUrn(args.name);
+        const recipientPublic = ed25519SeedToX25519PublicKey(this.#seed);
+        const wrap = this.#wrapCmkForRecipient({
+            cmk,
+            recipientPublicKey: recipientPublic,
+            recipientDidUrl,
+            collectionUrn,
+        });
+        try {
+            await this.#call("/mcp/primitives/write", "aithos.data.create_collection", {
+                subject_did: this.#did,
+                collection_name: args.name,
+                schema: args.schema,
+                ...(args.forwardSecrecy ? { forward_secrecy: args.forwardSecrecy } : {}),
+                cmk_envelope: {
+                    alg: "xchacha20poly1305-ietf",
+                    wraps: [wrap],
+                },
+            });
+            // Cache CMK in memory for subsequent ops on this collection.
+            this.#cmkCache.set(args.name, cmk);
+        }
+        finally {
+            // CMK is retained in cache, only zero the local var if we didn't cache.
+        }
+    }
+    async listCollections() {
+        const r = await this.#call("/mcp/primitives/read", "aithos.data.list_collections", {
+            subject_did: this.#did,
+        });
+        const items = r.items ?? [];
+        return items.map((c) => ({
+            name: c.name,
+            schema: c.schema,
+            record_count: c.record_count,
+        }));
+    }
+    async listGammaEntries(opts = {}) {
+        const params = { subject_did: this.#did };
+        if (opts.limit !== undefined)
+            params.limit = opts.limit;
+        if (opts.opPrefix)
+            params.op_prefix = opts.opPrefix;
+        if (opts.verify)
+            params.verify = true;
+        return this.#call("/mcp/primitives/read", "aithos.data.list_gamma_entries", params);
+    }
+    reset() {
+        for (const k of this.#cmkCache.values())
+            k.fill(0);
+        this.#cmkCache.clear();
+        this.#colCache.clear();
+    }
+    /* -- Internals used by DataCollection -- */
+    async _ensureCollection(name) {
+        const cached = this.#colCache.get(name);
+        if (cached)
+            return cached;
+        // Fetch metadata from PDS
+        const meta = (await this.#call("/mcp/primitives/read", "aithos.data.get_collection", {
+            subject_did: this.#did,
+            collection_name: name,
+        }));
+        // Look up our wrap and unwrap the CMK
+        const ourRecipient = `${this.#did}#data-kex`;
+        const wrap = meta.cmk_envelope.wraps.find((w) => w.recipient === ourRecipient);
+        if (!wrap) {
+            throw new Error(`sdk.data: no CMK wrap for ${ourRecipient} in collection ${name}. The collection was either created with a different recipient, or this client is not the owner.`);
+        }
+        const cmk = this.#unwrapCmk({
+            wrap,
+            collectionUrn: meta.urn,
+            privateKey: ed25519SeedToX25519PrivateKey(this.#seed),
+        });
+        this.#cmkCache.set(name, cmk);
+        const schema = SCHEMAS.get(meta.schema);
+        if (!schema) {
+            throw new Error(`sdk.data: schema "${meta.schema}" not known to the SDK`);
+        }
+        const state = { name, urn: meta.urn, schema };
+        this.#colCache.set(name, state);
+        return state;
+    }
+    async _insert(state, record) {
+        const cmk = this.#cmkCache.get(state.name);
+        if (!cmk)
+            throw new Error("CMK not loaded");
+        const { metadata, payload } = splitRecord(record, state.schema);
+        const recordId = `record_${makeUlid()}`;
+        const encrypted = this.#encryptPayload({
+            collectionName: state.name,
+            recordId,
+            payload,
+            cmk,
+        });
+        const r = (await this.#call("/mcp/primitives/write", "aithos.data.insert_record", {
+            collection_urn: state.urn,
+            record_id: recordId,
+            metadata,
+            payload: encrypted,
+        }));
+        return r.record_id;
+    }
+    async _get(state, recordId) {
+        let raw;
+        try {
+            raw = await this.#call("/mcp/primitives/read", "aithos.data.get_record", {
+                collection_urn: state.urn,
+                record_id: recordId,
+            });
+        }
+        catch (e) {
+            if (e.code === -32020)
+                return null;
+            throw e;
+        }
+        return this.#decryptRecord(state, raw);
+    }
+    async _list(state, opts = {}) {
+        const params = {
+            collection_urn: state.urn,
+        };
+        if (opts.filter)
+            params.filter = opts.filter;
+        if (opts.order)
+            params.order = opts.order;
+        if (opts.limit !== undefined)
+            params.limit = opts.limit;
+        if (opts.cursor)
+            params.cursor = opts.cursor;
+        const r = (await this.#call("/mcp/primitives/read", "aithos.data.list_records", params));
+        const items = r.items.map((it) => this.#decryptRecord(state, it));
+        return {
+            items,
+            ...(r.next_cursor ? { nextCursor: r.next_cursor } : {}),
+        };
+    }
+    async _update(state, recordId, record) {
+        const cmk = this.#cmkCache.get(state.name);
+        if (!cmk)
+            throw new Error("CMK not loaded");
+        const { metadata, payload } = splitRecord(record, state.schema);
+        const encrypted = this.#encryptPayload({
+            collectionName: state.name,
+            recordId,
+            payload,
+            cmk,
+        });
+        await this.#call("/mcp/primitives/write", "aithos.data.update_record", {
+            collection_urn: state.urn,
+            record_id: recordId,
+            metadata,
+            payload: encrypted,
+        });
+    }
+    async _delete(state, recordId) {
+        await this.#call("/mcp/primitives/write", "aithos.data.delete_record", {
+            collection_urn: state.urn,
+            record_id: recordId,
+        });
+    }
+    /* -- JSON-RPC dispatch -- */
+    async #call(path, method, params) {
+        const aud = `${this.#pdsUrl}${path}`;
+        const envelope = this.#signEnvelope({ aud, method, params });
+        const body = {
+            jsonrpc: "2.0",
+            id: makeUlid(),
+            method,
+            params: { ...params, _envelope: envelope },
+        };
+        const r = await this.#fetch(aud, {
+            method: "POST",
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify(body),
+        });
+        const json = (await r.json());
+        if (json.error) {
+            const err = new Error(json.error.message);
+            err.code = json.error.code;
+            err.data = json.error.data;
+            throw err;
+        }
+        return json.result ?? {};
+    }
+    /* -- Envelope signing (inlined subset of @aithos/protocol-core/envelope) -- */
+    #signEnvelope(args) {
+        const now = Math.floor(Date.now() / 1000);
+        const exp = now + 60;
+        const nonce = makeUlid();
+        const paramsHash = "sha256-" + sha256Hex(jcsCanonicalize(args.params));
+        const unsigned = {
+            "aithos-envelope": "0.1.0",
+            iss: this.#did,
+            aud: args.aud,
+            method: args.method,
+            iat: now,
+            exp,
+            nonce,
+            params_hash: paramsHash,
+            proof: {
+                type: "Ed25519Signature2020",
+                verificationMethod: this.#vm,
+                created: new Date(now * 1000).toISOString(),
+                proofValue: "",
+            },
+        };
+        const bytes = new TextEncoder().encode(jcsCanonicalize(unsigned));
+        const sig = ed.sign(bytes, this.#seed);
+        return {
+            ...unsigned,
+            proof: { ...unsigned.proof, proofValue: base64url(sig) },
+        };
+    }
+    /* -- Crypto helpers -- */
+    #collectionUrn(name) {
+        return `urn:aithos:collection:${this.#did}:${name}`;
+    }
+    #wrapCmkForRecipient(args) {
+        const ephSk = x25519.utils.randomSecretKey();
+        const ephPk = x25519.getPublicKey(ephSk);
+        const shared = x25519.getSharedSecret(ephSk, args.recipientPublicKey);
+        const wrapKey = hkdf(sha256, shared, utf8("aithos-data-cmk-wrap-v1"), utf8(args.recipientDidUrl), 32);
+        const wrapNonce = randomBytes24();
+        const aad = aadCmkWrap(args.collectionUrn, args.recipientDidUrl);
+        const aead = new XChaCha20Poly1305(wrapKey);
+        const wrapped = aead.seal(wrapNonce, args.cmk, aad);
+        wrapKey.fill(0);
+        shared.fill(0);
+        return {
+            recipient: args.recipientDidUrl,
+            alg: "x25519-hkdf-sha256-aead",
+            ephemeral_public: base64Std(ephPk),
+            wrap_nonce: base64Std(wrapNonce),
+            wrapped_key: base64Std(wrapped),
+        };
+    }
+    #unwrapCmk(args) {
+        const ephPk = fromBase64(args.wrap.ephemeral_public);
+        const wrapNonce = fromBase64(args.wrap.wrap_nonce);
+        const wrappedKey = fromBase64(args.wrap.wrapped_key);
+        const shared = x25519.getSharedSecret(args.privateKey, ephPk);
+        const wrapKey = hkdf(sha256, shared, utf8("aithos-data-cmk-wrap-v1"), utf8(args.wrap.recipient), 32);
+        const aad = aadCmkWrap(args.collectionUrn, args.wrap.recipient);
+        const aead = new XChaCha20Poly1305(wrapKey);
+        const cmk = aead.open(wrapNonce, wrappedKey, aad);
+        wrapKey.fill(0);
+        shared.fill(0);
+        if (!cmk)
+            throw new Error("sdk.data: CMK unwrap failed (wrong key or AAD mismatch)");
+        return cmk;
+    }
+    #encryptPayload(args) {
+        const dek = randomBytes32();
+        try {
+            const plaintext = new TextEncoder().encode(jcsCanonicalize(args.payload));
+            const nonce = randomBytes24();
+            const aad = aadRecord(this.#did, args.collectionName, args.recordId);
+            const aead = new XChaCha20Poly1305(dek);
+            const ciphertext = aead.seal(nonce, plaintext, aad);
+            const dekWrapNonce = randomBytes24();
+            const dekAad = aadDekWrap(this.#did, args.collectionName, args.recordId);
+            const dekAead = new XChaCha20Poly1305(args.cmk);
+            const wrapped = dekAead.seal(dekWrapNonce, dek, dekAad);
+            const dekWrap = new Uint8Array(dekWrapNonce.length + wrapped.length);
+            dekWrap.set(dekWrapNonce, 0);
+            dekWrap.set(wrapped, dekWrapNonce.length);
+            return {
+                alg: "xchacha20poly1305-ietf",
+                nonce: base64Std(nonce),
+                ciphertext: base64Std(ciphertext),
+                dek_wrapped_for_cmk: base64Std(dekWrap),
+            };
+        }
+        finally {
+            dek.fill(0);
+        }
+    }
+    #decryptRecord(state, raw) {
+        if (raw.deleted) {
+            // Soft-deleted record — payload was cleared.
+            return { ...raw.metadata, _deleted: true };
+        }
+        const cmk = this.#cmkCache.get(state.name);
+        if (!cmk) {
+            throw new Error("sdk.data: CMK not loaded — call ensureCollection first");
+        }
+        // Unwrap DEK
+        const wrapBuf = fromBase64(raw.payload.dek_wrapped_for_cmk);
+        const wrapNonce = wrapBuf.slice(0, 24);
+        const wrapped = wrapBuf.slice(24);
+        const dekAad = aadDekWrap(this.#did, state.name, raw.record_id);
+        const dekAead = new XChaCha20Poly1305(cmk);
+        const dek = dekAead.open(wrapNonce, wrapped, dekAad);
+        if (!dek)
+            throw new Error("sdk.data: DEK unwrap failed");
+        try {
+            const nonce = fromBase64(raw.payload.nonce);
+            const ciphertext = fromBase64(raw.payload.ciphertext);
+            const aad = aadRecord(this.#did, state.name, raw.record_id);
+            const aead = new XChaCha20Poly1305(dek);
+            const plaintext = aead.open(nonce, ciphertext, aad);
+            if (!plaintext)
+                throw new Error("sdk.data: payload decrypt failed");
+            const payload = JSON.parse(new TextDecoder().decode(plaintext));
+            return { record_id: raw.record_id, ...raw.metadata, ...payload };
+        }
+        finally {
+            dek.fill(0);
+        }
+    }
+}
+class DataCollectionImpl {
+    client;
+    name;
+    constructor(client, name) {
+        this.client = client;
+        this.name = name;
+    }
+    async insert(record) {
+        const state = await this.client._ensureCollection(this.name);
+        return this.client._insert(state, record);
+    }
+    async get(recordId) {
+        const state = await this.client._ensureCollection(this.name);
+        return this.client._get(state, recordId);
+    }
+    async list(opts) {
+        const state = await this.client._ensureCollection(this.name);
+        return this.client._list(state, opts);
+    }
+    async update(recordId, record) {
+        const state = await this.client._ensureCollection(this.name);
+        return this.client._update(state, recordId, record);
+    }
+    async delete(recordId) {
+        const state = await this.client._ensureCollection(this.name);
+        return this.client._delete(state, recordId);
+    }
+}
+/* -------------------------------------------------------------------------- */
+/*  Record split (metadata vs payload)                                        */
+/* -------------------------------------------------------------------------- */
+function splitRecord(record, schema) {
+    const metadata = {};
+    const payload = {};
+    for (const [k, v] of Object.entries(record)) {
+        if (schema.auto.has(k))
+            continue; // server-set
+        if (schema.indexable.has(k)) {
+            metadata[k] = v;
+        }
+        else if (schema.encrypted.has(k)) {
+            payload[k] = v;
+        }
+        else {
+            // Unknown field — drop. Server will reject in any case (additionalProperties: false).
+        }
+    }
+    return { metadata, payload };
+}
+/* -------------------------------------------------------------------------- */
+/*  Crypto helpers                                                            */
+/* -------------------------------------------------------------------------- */
+function randomBytes32() {
+    return cryptoRandom(32);
+}
+function randomBytes24() {
+    return cryptoRandom(24);
+}
+/** Cross-platform CSPRNG: Web Crypto in browser, Node WebCrypto in Node 19+. */
+function cryptoRandom(n) {
+    const buf = new Uint8Array(n);
+    // globalThis.crypto exists in browsers and in Node 19+
+    globalThis.crypto?.getRandomValues(buf);
+    return buf;
+}
+function utf8(s) {
+    return new TextEncoder().encode(s);
+}
+function aadCmkWrap(collectionUrn, recipient) {
+    const p = utf8("aithos-data-cmk-v1\0");
+    const c = utf8(collectionUrn);
+    const sep = new Uint8Array([0]);
+    const r = utf8(recipient);
+    const out = new Uint8Array(p.length + c.length + sep.length + r.length);
+    let off = 0;
+    out.set(p, off);
+    off += p.length;
+    out.set(c, off);
+    off += c.length;
+    out.set(sep, off);
+    off += sep.length;
+    out.set(r, off);
+    return out;
+}
+function aadDekWrap(subjectDid, collectionName, recordId) {
+    const p = utf8("aithos-data-dek-v1\0");
+    return concat3WithSeps(p, subjectDid, collectionName, recordId);
+}
+function aadRecord(subjectDid, collectionName, recordId) {
+    const p = utf8("aithos-data-record-v1\0");
+    return concat3WithSeps(p, subjectDid, collectionName, recordId);
+}
+function concat3WithSeps(prefix, a, b, c) {
+    const aa = utf8(a);
+    const bb = utf8(b);
+    const cc = utf8(c);
+    const sep = new Uint8Array([0]);
+    const total = prefix.length + aa.length + sep.length + bb.length + sep.length + cc.length;
+    const out = new Uint8Array(total);
+    let off = 0;
+    out.set(prefix, off);
+    off += prefix.length;
+    out.set(aa, off);
+    off += aa.length;
+    out.set(sep, off);
+    off += sep.length;
+    out.set(bb, off);
+    off += bb.length;
+    out.set(sep, off);
+    off += sep.length;
+    out.set(cc, off);
+    return out;
+}
+/**
+ * Derive a 32-byte X25519 private key from an Ed25519 seed via SHA-512
+ * truncation + clamping. Mirrors libsodium's
+ * crypto_sign_ed25519_sk_to_curve25519 for the secret-key side. Used so
+ * a single Ed25519 sphere seed can both sign envelopes and key-agree
+ * with mandate recipients.
+ */
+function ed25519SeedToX25519PrivateKey(seed) {
+    if (seed.length !== 32)
+        throw new Error("Ed25519 seed must be 32 bytes");
+    const h = sha512(seed);
+    const sk = new Uint8Array(h.slice(0, 32));
+    // Clamp per X25519 spec
+    sk[0] = sk[0] & 248;
+    sk[31] = sk[31] & 127;
+    sk[31] = sk[31] | 64;
+    return sk;
+}
+function ed25519SeedToX25519PublicKey(seed) {
+    const sk = ed25519SeedToX25519PrivateKey(seed);
+    try {
+        return x25519.getPublicKey(sk);
+    }
+    finally {
+        sk.fill(0);
+    }
+}
+function makeUlid() {
+    // Lightweight ULID — millisecond timestamp + 80 bits of randomness.
+    // Crockford base32. For tests this is sufficient; production uses
+    // the canonical ulid package.
+    const tsBuf = new Uint8Array(6);
+    let ts = Date.now();
+    for (let i = 5; i >= 0; i--) {
+        tsBuf[i] = ts & 0xff;
+        ts = Math.floor(ts / 256);
+    }
+    const rndBuf = cryptoRandom(10);
+    const all = new Uint8Array(16);
+    all.set(tsBuf, 0);
+    all.set(rndBuf, 6);
+    const alphabet = "0123456789ABCDEFGHJKMNPQRSTVWXYZ";
+    let bits = 0;
+    let value = 0;
+    let out = "";
+    for (const b of all) {
+        value = (value << 8) | b;
+        bits += 8;
+        while (bits >= 5) {
+            out += alphabet[(value >> (bits - 5)) & 0x1f];
+            bits -= 5;
+        }
+    }
+    if (bits > 0)
+        out += alphabet[(value << (5 - bits)) & 0x1f];
+    return out.slice(0, 26);
+}
+/** Standard base64 (with `=` padding). Browser + Node compatible. */
+function base64Std(bytes) {
+    let bin = "";
+    for (let i = 0; i < bytes.length; i++)
+        bin += String.fromCharCode(bytes[i]);
+    return btoa(bin);
+}
+/** base64url (URL-safe, no padding). */
+function base64url(bytes) {
+    return base64Std(bytes).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function fromBase64(s) {
+    // Accept either standard base64 or base64url
+    const std = s.replace(/-/g, "+").replace(/_/g, "/");
+    const padded = std + "=".repeat((4 - (std.length % 4)) % 4);
+    const bin = atob(padded);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++)
+        out[i] = bin.charCodeAt(i);
+    return out;
+}
+function sha256Hex(s) {
+    const d = sha256(new TextEncoder().encode(s));
+    let hex = "";
+    for (const b of d)
+        hex += b.toString(16).padStart(2, "0");
+    return hex;
+}
+/* -------------------------------------------------------------------------- */
+/*  JCS-style canonicalization (RFC 8785 subset)                              */
+/* -------------------------------------------------------------------------- */
+function jcsCanonicalize(value) {
+    if (value === null)
+        return "null";
+    if (value === undefined)
+        throw new Error("Cannot canonicalize undefined");
+    if (typeof value === "boolean")
+        return value ? "true" : "false";
+    if (typeof value === "number") {
+        if (!Number.isFinite(value))
+            throw new Error("non-finite number");
+        return value.toString();
+    }
+    if (typeof value === "string")
+        return JSON.stringify(value);
+    if (Array.isArray(value)) {
+        return "[" + value.map(jcsCanonicalize).join(",") + "]";
+    }
+    if (typeof value === "object") {
+        const obj = value;
+        const keys = Object.keys(obj).sort();
+        return ("{" +
+            keys.map((k) => JSON.stringify(k) + ":" + jcsCanonicalize(obj[k])).join(",") +
+            "}");
+    }
+    throw new Error(`Cannot canonicalize ${typeof value}`);
+}
+//# sourceMappingURL=data.js.map

package/dist/src/index.d.ts

@@ -1,11 +1,11 @@
-export declare const VERSION = "0.1.0-alpha.23";
+export declare const VERSION = "0.1.0-alpha.25";
 export { AithosSDK } from "./sdk.js";
 export type { AithosSDKConfig } from "./types.js";
 export { AithosSDKError } from "./types.js";
 export { AithosRpcError } from "@aithos/protocol-client";
 export type { AithosSdkEndpoints } from "./endpoints.js";
 export { DEFAULT_SDK_ENDPOINTS } from "./endpoints.js";
-export type { ComputeMessage, ImageAspectRatio, ImageModelId, InvokeBedrockArgs, InvokeBedrockResult, InvokeBedrockVisionArgs, InvokeBedrockVisionResult, InvokeImageArgs, InvokeImageImage, InvokeImageResult, InvokeSegmentationArgs, InvokeSegmentationResult, InvokeUrlFetchArgs, InvokeUrlFetchResult, SegmentPolygon, StopReason, UrlFetchCitation, UrlFetchMetadata, UrlFetchModelId, } from "./compute.js";
+export type { ComputeMessage, ImageAspectRatio, ImageModelId, InvokeBedrockArgs, InvokeBedrockResult, InvokeBedrockVisionArgs, InvokeBedrockVisionResult, InvokeImageArgs, InvokeImageImage, InvokeImageResult, InvokeSegmentationArgs, InvokeSegmentationResult, SegmentPolygon, StopReason, } from "./compute.js";
 export { ComputeNamespace } from "./compute.js";
 export type { CreditPackId, CreateTopupSessionArgs, CreateTopupSessionResult, GetBalanceArgs, GetBalanceResult, } from "./wallet.js";
 export { WalletNamespace } from "./wallet.js";
@@ -21,4 +21,5 @@ export { COMPUTE_INVOKE_SCOPE, MandatesNamespace } from "./mandates.js";
 export type { ActorSphere, CreateMandateComputeInput, CreateMandateInput, MintedMandate, OwnedMandate, Scope, } from "./mandates.js";
 export * as onboarding from "./onboarding.js";
 export { createBrowserIdentity, browserIdentityFromStored, type BrowserIdentity, } from "@aithos/protocol-client";
+export { createDataClient, type CreateDataClientArgs, type DataClient, type DataCollection, type ListOpts, type AithosSchemaLite, } from "./data.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/src/index.js

@@ -17,7 +17,7 @@
 // Public types specific to the SDK (`AithosSDKConfig`, `AithosSDKError`)
 // are exported from here. Endpoint config (`AithosSdkEndpoints`,
 // `DEFAULT_SDK_ENDPOINTS`) likewise.
-export const VERSION = "0.1.0-alpha.23";
+export const VERSION = "0.1.0-alpha.25";
 export { AithosSDK } from "./sdk.js";
 export { AithosSDKError } from "./types.js";
 // Re-export protocol-client's JSON-RPC error type so consumers can
@@ -58,4 +58,8 @@ export * as onboarding from "./onboarding.js";
 // Convenience direct re-exports of the most-used identity primitives so the
 // quick-start example doesn't need a namespace import.
 export { createBrowserIdentity, browserIdentityFromStored, } from "@aithos/protocol-client";
+// `sdk.data` namespace — Aithos data sub-protocol PDS client. Manages
+// the lifecycle of subject-owned, encrypted, schema-validated records.
+// See spec/data/ in the aithos-protocol repo.
+export { createDataClient, } from "./data.js";
 //# sourceMappingURL=index.js.map

package/dist/test/compute.test.js

@@ -187,166 +187,8 @@ describe("compute.invokeBedrock — abort", () => {
         assert.equal(receivedSignal, ac.signal);
     });
 });
-/* -------------------------------------------------------------------------- */
-/*  invokeUrlFetch                                                            */
-/* -------------------------------------------------------------------------- */
-const URL_FETCH_HAPPY_RESULT = {
-    content: "Tata.com propose un service Y avec une couleur primaire bleu (#1E40AF).",
-    citations: [
-        {
-            url: "https://tata.com",
-            citedText: "Notre service révolutionne...",
-            documentTitle: "Tata — Home",
-            startCharIndex: 0,
-            endCharIndex: 28,
-        },
-    ],
-    urlsFetched: [
-        {
-            url: "https://tata.com",
-            retrievedAt: "2026-05-12T10:00:00Z",
-            title: "Tata — Home",
-        },
-    ],
-    stopReason: "end_turn",
-    usage: { inputTokens: 28_500, outputTokens: 420, webFetchInvocations: 1 },
-    creditsCharged: 35,
-    walletBalance: 99_965,
-    auditId: "audit-url-1",
-};
-describe("compute.invokeUrlFetch — happy path", () => {
-    it("posts to ${compute}/v1/invoke with method=aithos.compute_invoke_url_fetch", async () => {
-        let capturedUrl;
-        let capturedInit;
-        const fakeFetch = async (input, init) => {
-            capturedUrl = typeof input === "string" ? input : input.toString();
-            capturedInit = init;
-            return new Response(JSON.stringify({ result: URL_FETCH_HAPPY_RESULT }), {
-                status: 200,
-                headers: { "content-type": "application/json" },
-            });
-        };
-        const sdk = await makeSdk(fakeFetch);
-        const out = await sdk.compute.invokeUrlFetch({
-            mandateId: "mandate:abc",
-            prompt: "Voici l'URL https://tata.com — résume.",
-        });
-        assert.deepEqual(out, URL_FETCH_HAPPY_RESULT);
-        assert.equal(capturedUrl, "https://compute.example.test/v1/invoke");
-        const body = JSON.parse(capturedInit?.body);
-        assert.equal(body.jsonrpc, "2.0");
-        assert.equal(body.method, "aithos.compute_invoke_url_fetch");
-        assert.equal(body.params.app_did, APP_DID);
-        assert.equal(body.params.mandate_id, "mandate:abc");
-        // Default model is Haiku 4.5 (cheapest model that supports web_fetch).
-        assert.equal(body.params.model, "claude-haiku-4-5");
-        assert.equal(body.params.prompt, "Voici l'URL https://tata.com — résume.");
-        // Auto-generated idempotency key.
-        assert.match(body.params.idempotency_key, /^[0-9a-f]{32}$/);
-        // Envelope is present on the wire.
-        assert.ok(body.params._envelope, "request must carry a signed envelope");
-        // Optional params NOT forwarded when not provided.
-        assert.equal(body.params.system, undefined);
-        assert.equal(body.params.max_fetches, undefined);
-        assert.equal(body.params.max_content_tokens, undefined);
-        assert.equal(body.params.citations, undefined);
-        assert.equal(body.params.allowed_domains, undefined);
-        assert.equal(body.params.blocked_domains, undefined);
-    });
-    it("forwards all optional knobs: system / maxTokens / maxFetches / maxContentTokens / citations / allowedDomains / idempotencyKey / model", async () => {
-        let capturedBody;
-        const fakeFetch = async (_input, init) => {
-            capturedBody = JSON.parse(init?.body).params;
-            return new Response(JSON.stringify({ result: URL_FETCH_HAPPY_RESULT }), {
-                status: 200,
-                headers: { "content-type": "application/json" },
-            });
-        };
-        const sdk = await makeSdk(fakeFetch);
-        await sdk.compute.invokeUrlFetch({
-            mandateId: "mandate:abc",
-            model: "claude-sonnet-4-6",
-            prompt: "Analyse https://tata.com",
-            system: "You are a brand analyst.",
-            maxTokens: 1024,
-            temperature: 0.1,
-            maxFetches: 3,
-            maxContentTokens: 50_000,
-            citations: false,
-            allowedDomains: ["tata.com", "*.tata.com"],
-            idempotencyKey: "idem-url-1",
-        });
-        assert.equal(capturedBody?.model, "claude-sonnet-4-6");
-        assert.equal(capturedBody?.system, "You are a brand analyst.");
-        assert.equal(capturedBody?.max_tokens, 1024);
-        assert.equal(capturedBody?.temperature, 0.1);
-        assert.equal(capturedBody?.max_fetches, 3);
-        assert.equal(capturedBody?.max_content_tokens, 50_000);
-        assert.equal(capturedBody?.citations, false);
-        assert.deepEqual(capturedBody?.allowed_domains, ["tata.com", "*.tata.com"]);
-        assert.equal(capturedBody?.idempotency_key, "idem-url-1");
-        // Empty / undefined arrays must NOT bleed through as `[]` on the wire.
-        assert.equal(capturedBody?.blocked_domains, undefined);
-    });
-    it("omits empty allowedDomains / blockedDomains arrays from the wire payload", async () => {
-        let capturedBody;
-        const fakeFetch = async (_input, init) => {
-            capturedBody = JSON.parse(init?.body).params;
-            return new Response(JSON.stringify({ result: URL_FETCH_HAPPY_RESULT }), {
-                status: 200,
-                headers: { "content-type": "application/json" },
-            });
-        };
-        const sdk = await makeSdk(fakeFetch);
-        await sdk.compute.invokeUrlFetch({
-            mandateId: "mandate:abc",
-            prompt: "Analyse https://tata.com",
-            allowedDomains: [],
-            blockedDomains: [],
-        });
-        assert.equal(capturedBody?.allowed_domains, undefined);
-        assert.equal(capturedBody?.blocked_domains, undefined);
-    });
-});
-describe("compute.invokeUrlFetch — errors", () => {
-    it("wraps a JSON-RPC error from the proxy as AithosSDKError with the proxy code", async () => {
-        const fakeFetch = async () => new Response(JSON.stringify({
-            error: {
-                code: -32074,
-                message: "web_fetch failed: robots.txt disallows /api/* — fetch refused",
-                data: { detail: "robots_blocked" },
-            },
-        }), { status: 200, headers: { "content-type": "application/json" } });
-        const sdk = await makeSdk(fakeFetch);
-        await assert.rejects(sdk.compute.invokeUrlFetch({
-            mandateId: "mandate:abc",
-            prompt: "Analyse https://tata.com/api/secret",
-        }), (err) => {
-            assert.ok(err instanceof AithosSDKError);
-            assert.equal(err.code, "-32074");
-            assert.match(err.message, /robots\.txt/);
-            return true;
-        });
-    });
-});
-describe("compute.invokeUrlFetch — abort", () => {
-    it("propagates an AbortSignal to fetch", async () => {
-        let receivedSignal;
-        const fakeFetch = async (_input, init) => {
-            receivedSignal = init?.signal;
-            return new Response(JSON.stringify({ result: URL_FETCH_HAPPY_RESULT }), {
-                status: 200,
-                headers: { "content-type": "application/json" },
-            });
-        };
-        const sdk = await makeSdk(fakeFetch);
-        const ac = new AbortController();
-        await sdk.compute.invokeUrlFetch({
-            mandateId: "mandate:abc",
-            prompt: "Analyse https://tata.com",
-            signal: ac.signal,
-        });
-        assert.equal(receivedSignal, ac.signal);
-    });
-});
+// `compute.invokeUrlFetch` was removed in alpha.24 (BREAKING). The
+// Anthropic API-direct + web_fetch tool path is replaced by the
+// `sdk.web.extract` namespace which routes through the deterministic
+// web-extractor Lambda. No tests here anymore.
 //# sourceMappingURL=compute.test.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aithos/sdk",
-  "version": "0.1.0-alpha.23",
+  "version": "0.1.0-alpha.25",
   "description": "Aithos SDK \u2014 high-level TypeScript developer kit for building agentic apps on the Aithos protocol. Wraps @aithos/protocol-client and exposes the Aithos compute proxy and wallet (Stripe top-up) endpoints.",
   "keywords": [
     "aithos",