@aithos/sdk 0.1.0-alpha.3 → 0.1.0-alpha.30

package/dist/src/compute.d.ts

@@ -1,16 +1,31 @@
-import { type BrowserIdentity } from "@aithos/protocol-client";
+import type { AithosAuth } from "./auth.js";
 import { type AithosSdkEndpoints } from "./endpoints.js";
 export interface ComputeMessage {
     readonly role: "user" | "assistant";
     readonly content: string;
 }
 export interface InvokeBedrockArgs {
-    /** Mandate ID granting this app the right to spend the user's wallet. */
-    readonly mandateId: string;
+    /**
+     * Mandate ID under which this call should be attributed.
+     *
+     * - **Owner sessions**: optional. The SDK uses the owner's own DID
+     *   as a sentinel "self" mandate id — the proxy skips all
+     *   mandate-related checks (scope, allowed_models, caps) when the
+     *   envelope is owner-signed, so the value is informational only.
+     * - **Delegate sessions**: required. Must reference the imported
+     *   mandate bundle the SDK signs with (the proxy enforces
+     *   `compute.invoke` scope and any `allowed_models` filter).
+     */
+    readonly mandateId?: string;
     /**
      * Model id. Today the proxy accepts the canonical Aithos identifiers:
-     *   `claude-sonnet-4-6`, `claude-haiku-4-5`, `claude-opus-4-7`.
+     *   `claude-sonnet-4-6`, `claude-haiku-4-5`, `claude-opus-4-6`.
      * The proxy maps these to Bedrock cross-region inference profiles.
+     *
+     * NOTE: `claude-opus-4-7` is also provisioned on the Bedrock account
+     * but commercial access is gated behind an AWS Sales unlock (as of
+     * May 2026) — InvokeModel returns AccessDeniedException pointing to
+     * AWS Sales. Stick with `claude-opus-4-6` until the unlock lands.
      */
     readonly model: string;
     /** Conversation messages (user / assistant turns). */
@@ -44,16 +59,150 @@ export interface InvokeBedrockResult {
     /** Audit log id for traceability. */
     readonly auditId: string;
 }
+/**
+ * Stable cross-provider image model ids supported by the Aithos compute
+ * proxy. New models can be added on the server side without an SDK
+ * release — but tagging the namespaced literal here gives consumers
+ * autocomplete + type-checking.
+ *
+ * The `image:` prefix is part of the wire contract: the server uses it
+ * to disambiguate text and image dispatch when a mandate's
+ * `allowed_models` mixes both.
+ */
+export type ImageModelId = "image:flux-schnell" | "image:flux-dev" | "image:flux-pro-1.1" | "image:flux-pro-1.1-ultra" | "image:imagen-3" | "image:imagen-4" | "image:nano-banana";
+/** Aspect ratios accepted by `invokeImage`. */
+export type ImageAspectRatio = "1:1" | "16:9" | "9:16" | "4:3" | "3:4" | "21:9";
+export interface InvokeImageArgs {
+    /**
+     * Mandate ID under which this call should be attributed.
+     *
+     * - **Owner sessions**: optional. The SDK uses the owner's own DID
+     *   as a sentinel "self" mandate id — the proxy skips all
+     *   mandate-related checks when the envelope is owner-signed.
+     * - **Delegate sessions**: required. Must reference the imported
+     *   mandate bundle the SDK signs with.
+     */
+    readonly mandateId?: string;
+    /**
+     * Image model id. Defaults to `"image:flux-pro-1.1"` on the SDK side
+     * if omitted — the server allowlist is the source of truth for which
+     * ones actually work.
+     */
+    readonly model?: ImageModelId;
+    /** What to draw. */
+    readonly prompt: string;
+    /** Optional comma-separated list of things to avoid (e.g. "blurry, watermark"). */
+    readonly negativePrompt?: string;
+    /** Default 1:1. */
+    readonly aspectRatio?: ImageAspectRatio;
+    /** Deterministic seed (re-rolls). Omit for random. */
+    readonly seed?: number;
+    /** Number of images to generate. Default 1, max 4. */
+    readonly numberOfImages?: number;
+    /** Idempotency key for retries (generated if omitted). */
+    readonly idempotencyKey?: string;
+    /** Abort signal to cancel the request (network + provider call). */
+    readonly signal?: AbortSignal;
+}
+export interface InvokeImageImage {
+    /** Base64-encoded image bytes (raw, no data: URI prefix). */
+    readonly base64: string;
+    /** "image/png" | "image/jpeg". */
+    readonly contentType: string;
+    readonly width: number;
+    readonly height: number;
+}
+export interface InvokeImageResult {
+    readonly images: readonly InvokeImageImage[];
+    /** Seed actually used by the provider (echoed back even when caller didn't set one). */
+    readonly seed: number;
+    /** Microcredits debited from the wallet (exact — no reconcile path for images). */
+    readonly creditsCharged: number;
+    /** Wallet balance after debit. */
+    readonly walletBalance: number;
+    /** Audit log id for traceability. */
+    readonly auditId: string;
+}
+export interface InvokeBedrockVisionArgs {
+    readonly mandateId?: string;
+    /**
+     * Model id. Sonnet 4.6 is the default — it's vision-capable and
+     * returns reliable structured JSON when prompted.
+     */
+    readonly model?: string;
+    /** Source image — Blob (recommended) or raw base64. */
+    readonly image: Blob | {
+        readonly base64: string;
+        readonly contentType: string;
+    };
+    /** Text prompt accompanying the image. */
+    readonly prompt: string;
+    /** Optional system prompt. */
+    readonly system?: string;
+    readonly maxTokens?: number;
+    readonly temperature?: number;
+    readonly idempotencyKey?: string;
+    readonly signal?: AbortSignal;
+}
+export interface InvokeBedrockVisionResult {
+    readonly content: string;
+    readonly stopReason: StopReason;
+    readonly usage: {
+        readonly inputTokens: number;
+        readonly outputTokens: number;
+    };
+    readonly creditsCharged: number;
+    readonly walletBalance: number;
+    readonly auditId: string;
+}
+export interface InvokeSegmentationArgs {
+    /** Mandate id (optional for owner sessions — see InvokeImageArgs). */
+    readonly mandateId?: string;
+    /** Source image. Blob (recommended) or raw base64. */
+    readonly image: Blob | {
+        readonly base64: string;
+        readonly contentType: string;
+    };
+    /**
+     * Text phrase describing what to segment. Florence-2 is robust with
+     * natural-language descriptions: "the torso of the robot", "the
+     * dog's head", "the chest of the character".
+     */
+    readonly textInput: string;
+    readonly idempotencyKey?: string;
+    readonly signal?: AbortSignal;
+}
+export interface SegmentPolygon {
+    readonly points: ReadonlyArray<{
+        readonly x: number;
+        readonly y: number;
+    }>;
+}
+export interface InvokeSegmentationResult {
+    /** All polygons Florence-2 returned (typically 1, sometimes a few when the prompt matches multiple regions). */
+    readonly polygons: readonly SegmentPolygon[];
+    /** Bbox of the first polygon for callers that only need a coarse target. */
+    readonly bbox: {
+        readonly left: number;
+        readonly top: number;
+        readonly right: number;
+        readonly bottom: number;
+    } | null;
+    readonly creditsCharged: number;
+    readonly walletBalance: number;
+    readonly auditId: string;
+}
 export interface ComputeNamespaceDeps {
-    readonly identity: BrowserIdentity;
+    readonly auth: AithosAuth;
     readonly appDid: string;
     readonly endpoints: AithosSdkEndpoints;
     readonly fetch: typeof fetch;
 }
 /**
  * `sdk.compute` namespace. Constructed once by the {@link AithosSDK}
- * constructor; all calls share the SDK's identity, app DID, and endpoint
- * configuration.
+ * constructor; reads the active owner from the supplied
+ * {@link AithosAuth} on every call so signing material follows the
+ * latest sign-in/sign-out state.
  */
 export declare class ComputeNamespace {
     #private;
@@ -62,10 +211,73 @@ export declare class ComputeNamespace {
      * Invoke a Bedrock model through the compute proxy. See
      * {@link InvokeBedrockArgs} and {@link InvokeBedrockResult}.
      *
+     * Two signer paths are supported:
+     *
+     *   - **Owner**: when the caller is signed in as an owner, the
+     *     envelope is signed with the owner's `#public` sphere key and
+     *     no mandate is attached (the proxy resolves the mandate
+     *     server-side from `params.mandate_id`).
+     *   - **Delegate**: when the caller is delegate-only (mandate
+     *     imported via `auth.importMandate`), the envelope is signed
+     *     with the delegate's bound keypair and the full SignedMandate
+     *     is attached so the proxy can verify both signature and
+     *     authorisation in one pass. The mandate must carry the
+     *     `compute.invoke` scope and the proxy enforces its constraints
+     *     (caps, allowed models, …) at server-side.
+     *
+     * Owner takes precedence: if a session has BOTH an owner and a
+     * matching delegate session, we use the owner key (more flexible —
+     * the mandate is dereferenced via `mandate_id` and there's no
+     * lifetime cliff if the delegate seed has been wiped).
+     *
      * @throws {AithosSDKError} on protocol errors. The `code` field is one of
-     *   `network`, `http`, `empty`, or any code returned by the proxy
-     *   (`quota_exceeded`, `mandate_revoked`, `insufficient_credits`, …).
+     *   `sdk_no_signer`, `sdk_no_delegate_for_mandate`, `network`, `http`,
+     *   `empty`, or any code returned by the proxy (`quota_exceeded`,
+     *   `mandate_revoked`, `insufficient_credits`, …).
      */
     invokeBedrock(args: InvokeBedrockArgs): Promise<InvokeBedrockResult>;
+    /**
+     * Multimodal Bedrock invoke — image + text → text response.
+     * Default model: `claude-sonnet-4-6` (vision-capable, reliable JSON).
+     *
+     * Use when you need a VLM to reason about an image: locating
+     * features, structured extraction, semantic Q&A. Prompt the model
+     * to return JSON if you need structured output (the API itself is
+     * unstructured).
+     */
+    invokeBedrockVision(args: InvokeBedrockVisionArgs): Promise<InvokeBedrockVisionResult>;
+    /**
+     * Generate one or more images through the Aithos compute proxy
+     * (currently powered by fal.ai FLUX models). Spec mirror of
+     * {@link invokeBedrock}: same envelope, same wallet path, same
+     * mandate-scope gate (`compute.invoke` + `allowed_models`). The
+     * separation at the JSON-RPC method level (`aithos.compute_invoke_image`
+     * vs `aithos.compute_invoke`) commits each envelope to a specific
+     * modality so a stolen text-invoke envelope cannot be replayed
+     * against the image endpoint.
+     *
+     * Default model: `"image:flux-pro-1.1"`. Default aspect ratio: 1:1.
+     * Default count: 1 image.
+     *
+     * Pricing is per image and deterministic (no token-based reconcile):
+     *   - flux-schnell:        3 000 mc + fee per image
+     *   - flux-dev:           25 000 mc + fee per image
+     *   - flux-pro-1.1:       40 000 mc + fee per image
+     *   - flux-pro-1.1-ultra: 60 000 mc + fee per image
+     */
+    invokeImage(args: InvokeImageArgs): Promise<InvokeImageResult>;
+    /**
+     * Run text-prompted segmentation (Florence-2 referring-expression)
+     * on a source image. Returns one or more polygons hugging the
+     * region matching the text prompt.
+     *
+     * Use cases: locate the chest/torso area of a generated mascot
+     * for logo compositing, find the face zone for a thumbnail crop,
+     * extract a product from a marketing shot — anything that needs
+     * a precise mask + bbox from natural-language description.
+     *
+     * Pricing: flat 5 000 mc per call (~$0.005 — Florence-2 is cheap).
+     */
+    invokeSegmentation(args: InvokeSegmentationArgs): Promise<InvokeSegmentationResult>;
 }
 //# sourceMappingURL=compute.d.ts.map

package/dist/src/compute.js

@@ -4,8 +4,8 @@
 //
 // Wraps the JSON-RPC + signed-envelope protocol of `compute.aithos.be`
 // behind an ergonomic method on the SDK. Internally builds a §11 envelope
-// signed with the user's public-sphere key and posts it to
-// `${compute}/v1/invoke`.
+// signed with the user's public-sphere key (read from
+// {@link AithosAuth} at call time) and posts it to `${compute}/v1/invoke`.
 //
 // Server-side guarantees (enforced by the proxy, not by this lib):
 //   - Envelope signature verified against the user's `did.json`.
@@ -18,11 +18,13 @@
 // tool calling on the proxy) will land in a follow-up.
 import { buildSignedEnvelope, } from "@aithos/protocol-client";
 import { computeInvokeUrl, } from "./endpoints.js";
+import { delegateKeyPair, ownerKeyPair, } from "./internal/protocol-client-bridge.js";
 import { AithosSDKError } from "./types.js";
 /**
  * `sdk.compute` namespace. Constructed once by the {@link AithosSDK}
- * constructor; all calls share the SDK's identity, app DID, and endpoint
- * configuration.
+ * constructor; reads the active owner from the supplied
+ * {@link AithosAuth} on every call so signing material follows the
+ * latest sign-in/sign-out state.
  */
 export class ComputeNamespace {
     #deps;
@@ -33,17 +35,38 @@ export class ComputeNamespace {
      * Invoke a Bedrock model through the compute proxy. See
      * {@link InvokeBedrockArgs} and {@link InvokeBedrockResult}.
      *
+     * Two signer paths are supported:
+     *
+     *   - **Owner**: when the caller is signed in as an owner, the
+     *     envelope is signed with the owner's `#public` sphere key and
+     *     no mandate is attached (the proxy resolves the mandate
+     *     server-side from `params.mandate_id`).
+     *   - **Delegate**: when the caller is delegate-only (mandate
+     *     imported via `auth.importMandate`), the envelope is signed
+     *     with the delegate's bound keypair and the full SignedMandate
+     *     is attached so the proxy can verify both signature and
+     *     authorisation in one pass. The mandate must carry the
+     *     `compute.invoke` scope and the proxy enforces its constraints
+     *     (caps, allowed models, …) at server-side.
+     *
+     * Owner takes precedence: if a session has BOTH an owner and a
+     * matching delegate session, we use the owner key (more flexible —
+     * the mandate is dereferenced via `mandate_id` and there's no
+     * lifetime cliff if the delegate seed has been wiped).
+     *
      * @throws {AithosSDKError} on protocol errors. The `code` field is one of
-     *   `network`, `http`, `empty`, or any code returned by the proxy
-     *   (`quota_exceeded`, `mandate_revoked`, `insufficient_credits`, …).
+     *   `sdk_no_signer`, `sdk_no_delegate_for_mandate`, `network`, `http`,
+     *   `empty`, or any code returned by the proxy (`quota_exceeded`,
+     *   `mandate_revoked`, `insufficient_credits`, …).
      */
     async invokeBedrock(args) {
-        const { identity, appDid, endpoints, fetch: fetchImpl } = this.#deps;
+        const { endpoints, fetch: fetchImpl } = this.#deps;
+        const choice = this.#resolveSigner(args.mandateId);
         const url = computeInvokeUrl(endpoints);
         const idempotencyKey = args.idempotencyKey ?? generateIdempotencyKey();
         const params = {
-            app_did: appDid,
-            mandate_id: args.mandateId,
+            app_did: this.#deps.appDid,
+            mandate_id: this.#resolveMandateIdForWire(args.mandateId, choice),
             model: args.model,
             messages: args.messages,
             idempotency_key: idempotencyKey,
@@ -54,13 +77,252 @@ export class ComputeNamespace {
             params.max_tokens = args.maxTokens;
         if (args.temperature !== undefined)
             params.temperature = args.temperature;
+        return await this.#signAndPost({
+            url,
+            method: "aithos.compute_invoke",
+            params,
+            choice,
+            fetchImpl,
+            signal: args.signal,
+        });
+    }
+    /**
+     * Multimodal Bedrock invoke — image + text → text response.
+     * Default model: `claude-sonnet-4-6` (vision-capable, reliable JSON).
+     *
+     * Use when you need a VLM to reason about an image: locating
+     * features, structured extraction, semantic Q&A. Prompt the model
+     * to return JSON if you need structured output (the API itself is
+     * unstructured).
+     */
+    async invokeBedrockVision(args) {
+        const { endpoints, fetch: fetchImpl } = this.#deps;
+        const choice = this.#resolveSigner(args.mandateId);
+        let imageBase64;
+        let imageContentType;
+        if ("base64" in args.image) {
+            imageBase64 = args.image.base64;
+            imageContentType = args.image.contentType;
+        }
+        else {
+            const buf = await args.image.arrayBuffer();
+            imageBase64 = arrayBufferToBase64(buf);
+            imageContentType = args.image.type || "image/png";
+        }
+        const url = computeInvokeUrl(endpoints);
+        const idempotencyKey = args.idempotencyKey ?? generateIdempotencyKey();
+        const model = args.model ?? "claude-sonnet-4-6";
+        const params = {
+            app_did: this.#deps.appDid,
+            mandate_id: this.#resolveMandateIdForWire(args.mandateId, choice),
+            model,
+            image_base64: imageBase64,
+            image_content_type: imageContentType,
+            prompt: args.prompt,
+            idempotency_key: idempotencyKey,
+        };
+        if (args.system !== undefined)
+            params.system = args.system;
+        if (args.maxTokens !== undefined)
+            params.max_tokens = args.maxTokens;
+        if (args.temperature !== undefined)
+            params.temperature = args.temperature;
+        return await this.#signAndPost({
+            url,
+            method: "aithos.compute_invoke_bedrock_vision",
+            params,
+            choice,
+            fetchImpl,
+            signal: args.signal,
+        });
+    }
+    /**
+     * Generate one or more images through the Aithos compute proxy
+     * (currently powered by fal.ai FLUX models). Spec mirror of
+     * {@link invokeBedrock}: same envelope, same wallet path, same
+     * mandate-scope gate (`compute.invoke` + `allowed_models`). The
+     * separation at the JSON-RPC method level (`aithos.compute_invoke_image`
+     * vs `aithos.compute_invoke`) commits each envelope to a specific
+     * modality so a stolen text-invoke envelope cannot be replayed
+     * against the image endpoint.
+     *
+     * Default model: `"image:flux-pro-1.1"`. Default aspect ratio: 1:1.
+     * Default count: 1 image.
+     *
+     * Pricing is per image and deterministic (no token-based reconcile):
+     *   - flux-schnell:        3 000 mc + fee per image
+     *   - flux-dev:           25 000 mc + fee per image
+     *   - flux-pro-1.1:       40 000 mc + fee per image
+     *   - flux-pro-1.1-ultra: 60 000 mc + fee per image
+     */
+    async invokeImage(args) {
+        const { endpoints, fetch: fetchImpl } = this.#deps;
+        const choice = this.#resolveSigner(args.mandateId);
+        const url = computeInvokeUrl(endpoints);
+        const idempotencyKey = args.idempotencyKey ?? generateIdempotencyKey();
+        // Default is Imagen 4 since alpha.17 — flat-illustration style is
+        // the right match for brand-mascot use cases. FLUX Pro 1.1 remains
+        // available via explicit `model: "image:flux-pro-1.1"`.
+        const model = args.model ?? "image:imagen-4";
+        const params = {
+            app_did: this.#deps.appDid,
+            mandate_id: this.#resolveMandateIdForWire(args.mandateId, choice),
+            model,
+            prompt: args.prompt,
+            idempotency_key: idempotencyKey,
+        };
+        if (args.negativePrompt !== undefined)
+            params.negative_prompt = args.negativePrompt;
+        if (args.aspectRatio !== undefined)
+            params.aspect_ratio = args.aspectRatio;
+        if (args.seed !== undefined)
+            params.seed = args.seed;
+        if (args.numberOfImages !== undefined)
+            params.number_of_images = args.numberOfImages;
+        return await this.#signAndPost({
+            url,
+            method: "aithos.compute_invoke_image",
+            params,
+            choice,
+            fetchImpl,
+            signal: args.signal,
+        });
+    }
+    /**
+     * Run text-prompted segmentation (Florence-2 referring-expression)
+     * on a source image. Returns one or more polygons hugging the
+     * region matching the text prompt.
+     *
+     * Use cases: locate the chest/torso area of a generated mascot
+     * for logo compositing, find the face zone for a thumbnail crop,
+     * extract a product from a marketing shot — anything that needs
+     * a precise mask + bbox from natural-language description.
+     *
+     * Pricing: flat 5 000 mc per call (~$0.005 — Florence-2 is cheap).
+     */
+    async invokeSegmentation(args) {
+        const { endpoints, fetch: fetchImpl } = this.#deps;
+        const choice = this.#resolveSigner(args.mandateId);
+        // Normalize image input to base64 + content type.
+        let imageBase64;
+        let imageContentType;
+        if ("base64" in args.image) {
+            imageBase64 = args.image.base64;
+            imageContentType = args.image.contentType;
+        }
+        else {
+            const buf = await args.image.arrayBuffer();
+            imageBase64 = arrayBufferToBase64(buf);
+            imageContentType = args.image.type || "image/png";
+        }
+        const url = computeInvokeUrl(endpoints);
+        const idempotencyKey = args.idempotencyKey ?? generateIdempotencyKey();
+        const params = {
+            app_did: this.#deps.appDid,
+            mandate_id: this.#resolveMandateIdForWire(args.mandateId, choice),
+            image_base64: imageBase64,
+            image_content_type: imageContentType,
+            text_input: args.textInput,
+            idempotency_key: idempotencyKey,
+        };
+        return await this.#signAndPost({
+            url,
+            method: "aithos.compute_invoke_segmentation",
+            params,
+            choice,
+            fetchImpl,
+            signal: args.signal,
+        });
+    }
+    /**
+     * Resolve the active signer (owner takes precedence over delegate).
+     *
+     * - When an owner is signed in: returns the owner-signer regardless
+     *   of `mandateId` (the proxy ignores params.mandate_id on
+     *   owner-signed envelopes, so owners can omit it).
+     * - When delegate-only: requires `mandateId` to find the matching
+     *   imported bundle. Throws `sdk_no_delegate_for_mandate` if absent
+     *   or no match.
+     */
+    #resolveSigner(mandateId) {
+        const { auth } = this.#deps;
+        const owner = auth._getOwnerSigners();
+        const ownerLoaded = owner !== null && !owner.destroyed;
+        if (ownerLoaded) {
+            const publicKp = ownerKeyPair(owner, "public");
+            return {
+                kind: "owner",
+                iss: owner.did,
+                verificationMethod: `${owner.did}#public`,
+                signer: publicKp,
+                mandate: undefined,
+            };
+        }
+        if (mandateId === undefined || mandateId.length === 0) {
+            throw new AithosSDKError("sdk_no_signer", "no owner signed in and no mandateId provided — pass a mandateId for a delegate session, or sign in as an owner first.");
+        }
+        const actor = auth._getDelegateActor(mandateId);
+        if (!actor || actor.destroyed) {
+            throw new AithosSDKError("sdk_no_delegate_for_mandate", `no owner signed in and no imported delegate mandate matches '${mandateId}'. Sign in as an owner, or import a delegate bundle for that mandate via auth.importMandate.`);
+        }
+        const kp = delegateKeyPair(actor);
+        return {
+            kind: "delegate",
+            iss: actor.subjectDid,
+            verificationMethod: actor.granteePubkeyMultibase,
+            signer: kp,
+            // The DelegateActor stores the SignedMandate as a structurally
+            // opaque object so the SDK doesn't have to import the
+            // protocol-client type at the storage boundary. Round-trip
+            // through `unknown` for the TS cast — at runtime the bytes are
+            // the canonical SignedMandate the bundle parser already
+            // validated.
+            mandate: actor.mandate,
+        };
+    }
+    /**
+     * Resolve the `mandate_id` value the SDK writes into the JSON-RPC
+     * params for the wire. The proxy requires this field to be a
+     * non-empty string but only consults it for the delegate path —
+     * for owner-signed envelopes it's audit-log metadata, with no
+     * security implication.
+     *
+     * Strategy:
+     *   - Caller-provided id always wins (owner who wants to attribute
+     *     to a specific minted mandate can still pass it).
+     *   - Delegate path: the choice carries the real mandate.id — use it
+     *     so a delegate cannot accidentally lie about which mandate
+     *     it claims to spend under.
+     *   - Owner path with no explicit id: use the owner DID followed
+     *     by `#self` — a stable sentinel that's unambiguously not a
+     *     real mandate id (mandate ids are ULIDs).
+     */
+    #resolveMandateIdForWire(explicit, choice) {
+        if (explicit && explicit.length > 0)
+            return explicit;
+        if (choice.kind === "delegate")
+            return choice.mandate.id;
+        // Owner-direct sentinel. The proxy never inspects this value
+        // beyond non-empty-string validation when no mandate is attached.
+        return `${choice.iss}#self`;
+    }
+    /**
+     * Sign the params with the resolved signer and POST a JSON-RPC
+     * request. Shared between `invokeBedrock` and `invokeImage` — the
+     * only difference between those two is the method name and the
+     * params shape; the envelope construction + transport + error
+     * mapping is identical.
+     */
+    async #signAndPost(opts) {
+        const { url, method, params, choice, fetchImpl, signal } = opts;
         const envelope = buildSignedEnvelope({
-            iss: identity.did,
+            iss: choice.iss,
             aud: url,
-            method: "aithos.compute_invoke",
-            verificationMethod: `${identity.did}#public`,
+            method,
+            verificationMethod: choice.verificationMethod,
             params,
-            signer: identity.public,
+            signer: choice.signer,
+            ...(choice.kind === "delegate" ? { mandate: choice.mandate } : {}),
         });
         let res;
         try {
@@ -69,11 +331,11 @@ export class ComputeNamespace {
                 headers: { "content-type": "application/json" },
                 body: JSON.stringify({
                     jsonrpc: "2.0",
-                    id: "aithos.compute_invoke",
-                    method: "aithos.compute_invoke",
+                    id: method,
+                    method,
                     params: { ...params, _envelope: envelope },
                 }),
-                ...(args.signal ? { signal: args.signal } : {}),
+                ...(signal ? { signal } : {}),
             });
         }
         catch (e) {
@@ -101,4 +363,19 @@ function generateIdempotencyKey() {
     }
     return hex;
 }
+/**
+ * Encode an ArrayBuffer as base64 in environments where `Buffer` is
+ * not available (browser). Uses btoa over a binary string — safe for
+ * the small payload sizes the SDK deals with (≤ a few MB).
+ */
+function arrayBufferToBase64(buf) {
+    const bytes = new Uint8Array(buf);
+    let bin = "";
+    // Process in chunks to avoid stack overflow on String.fromCharCode.apply
+    const CHUNK = 0x8000;
+    for (let i = 0; i < bytes.length; i += CHUNK) {
+        bin += String.fromCharCode.apply(null, Array.from(bytes.subarray(i, i + CHUNK)));
+    }
+    return btoa(bin);
+}
 //# sourceMappingURL=compute.js.map

package/dist/src/data-schema-contacts-v1.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Bundled copy of the `aithos.contacts.v1` schema.
+ *
+ * Mirrors `spec/data/schemas/aithos.contacts.v1.json` of the
+ * Aithos-protocol repo. The SDK uses this to split a record into its
+ * indexable (metadata) and encrypted (payload) parts on insert and to
+ * recombine them on read.
+ *
+ * In a later iteration the SDK will fetch / resolve schemas dynamically
+ * from a registry; for v0.1 we bundle the core schemas.
+ */
+import type { AithosSchemaLite } from "./data.js";
+export declare const contactsV1: AithosSchemaLite;
+//# sourceMappingURL=data-schema-contacts-v1.d.ts.map

package/dist/src/data-schema-contacts-v1.js

@@ -0,0 +1,28 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+export const contactsV1 = {
+    schema: "aithos.contacts.v1",
+    indexable: new Set([
+        "name",
+        "email",
+        "phone_hash",
+        "status",
+        "tags",
+        "source",
+        "created_at",
+        "modified_at",
+        "last_contacted_at",
+    ]),
+    encrypted: new Set([
+        "phone",
+        "notes",
+        "conversation_log",
+        "form_responses",
+        "custom_fields",
+    ]),
+    auto: new Set(["created_at", "modified_at"]),
+    defaults: {
+        status: "lead",
+    },
+};
+//# sourceMappingURL=data-schema-contacts-v1.js.map