@aithos/sdk 0.1.0-alpha.4 → 0.1.0-alpha.41

package/dist/src/react/use-aithos-asset.js

@@ -0,0 +1,118 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+/**
+ * `useAithosAsset(urn)` — React hook that fetches an asset and exposes
+ * it as a browser-consumable `blob:` URL, with full lifecycle
+ * management (revoke on unmount, race-cancel on URN change, error
+ * surfacing).
+ *
+ * For most UIs the higher-level `<AithosAsset>` component is enough.
+ * Reach for this hook directly when you want to feed the bytes or the
+ * blob URL to a non-`<img>`/`<video>`/`<audio>` consumer — e.g. an
+ * inline CSS `background-image`, a Canvas, a custom PDF viewer.
+ */
+import { useEffect, useState } from "react";
+import { useAssetsClient } from "./context.js";
+/**
+ * Fetch + decrypt an Aithos asset and return a stable `blob:` URL.
+ *
+ * Lifecycle:
+ *  - On mount or when `urn` changes, runs `client.fetch(urn)`.
+ *  - On success, creates an object URL from the plaintext bytes.
+ *  - On unmount or before refetching, revokes the URL to free memory.
+ *  - Cancels in-flight fetches if the URN changes mid-flight.
+ *
+ * Throws (via `error`) when no client is available — supply one via
+ * `<AssetsClientProvider>` or the `client` option.
+ */
+export function useAithosAsset(urn, options = {}) {
+    const contextClient = useAssetsClient();
+    const client = options.client ?? contextClient;
+    const [state, setState] = useState({
+        url: null,
+        bytes: null,
+        mediaType: null,
+        sizeBytes: null,
+        loading: !!urn,
+        error: null,
+    });
+    useEffect(() => {
+        if (!urn) {
+            setState({
+                url: null,
+                bytes: null,
+                mediaType: null,
+                sizeBytes: null,
+                loading: false,
+                error: null,
+            });
+            return;
+        }
+        if (!client) {
+            setState({
+                url: null,
+                bytes: null,
+                mediaType: null,
+                sizeBytes: null,
+                loading: false,
+                error: new Error("useAithosAsset: no AssetsClient available — wrap your tree with <AssetsClientProvider> or pass the `client` option"),
+            });
+            return;
+        }
+        let cancelled = false;
+        let createdUrl = null;
+        setState((prev) => options.keepPreviousOnUrnChange
+            ? { ...prev, loading: true, error: null }
+            : {
+                url: null,
+                bytes: null,
+                mediaType: null,
+                sizeBytes: null,
+                loading: true,
+                error: null,
+            });
+        (async () => {
+            try {
+                const result = await client.fetch(urn);
+                if (cancelled)
+                    return;
+                // Construct the blob: URL the DOM can consume.
+                // The `as BlobPart` cast is needed because @types/node and
+                // lib.dom disagree on whether Uint8Array's backing buffer is
+                // always ArrayBuffer (vs SharedArrayBuffer). The runtime
+                // accepts our Uint8Array unconditionally.
+                const blob = new Blob([result.bytes], {
+                    type: result.mediaType,
+                });
+                createdUrl = URL.createObjectURL(blob);
+                setState({
+                    url: createdUrl,
+                    bytes: result.bytes,
+                    mediaType: result.mediaType,
+                    sizeBytes: result.sizeBytes,
+                    loading: false,
+                    error: null,
+                });
+            }
+            catch (e) {
+                if (cancelled)
+                    return;
+                setState({
+                    url: null,
+                    bytes: null,
+                    mediaType: null,
+                    sizeBytes: null,
+                    loading: false,
+                    error: e instanceof Error ? e : new Error(String(e)),
+                });
+            }
+        })();
+        return () => {
+            cancelled = true;
+            if (createdUrl)
+                URL.revokeObjectURL(createdUrl);
+        };
+    }, [urn, client, options.keepPreviousOnUrnChange]);
+    return state;
+}
+//# sourceMappingURL=use-aithos-asset.js.map

package/dist/src/sdk.d.ts

@@ -1,18 +1,61 @@
+import type { AithosAuth } from "./auth.js";
+import { AppsNamespace } from "./apps.js";
 import { ComputeNamespace } from "./compute.js";
 import { type AithosSdkEndpoints } from "./endpoints.js";
+import { EthosNamespace } from "./ethos.js";
+import { MandatesNamespace } from "./mandates.js";
 import { WalletNamespace } from "./wallet.js";
-import type { AithosSDKConfig } from "./types.js";
+import { WebNamespace } from "./web.js";
+export interface AithosSDKConfig {
+    /**
+     * The {@link AithosAuth} instance the SDK reads sign-in state from.
+     * Constructed and managed by the app — typically a singleton at the
+     * top of the application tree.
+     */
+    readonly auth: AithosAuth;
+    /**
+     * Application DID — identifies the calling app in mandates, audit
+     * logs, billing splits. Issued at developer onboarding (will be
+     * self-service before 0.1.0 stable).
+     */
+    readonly appDid: string;
+    /**
+     * Optional endpoint overrides. Production defaults point at the
+     * Aithos infrastructure; pass overrides for staging, self-hosting,
+     * tests.
+     */
+    readonly endpoints?: Partial<AithosSdkEndpoints>;
+    /**
+     * Optional `fetch` implementation. Defaults to the global `fetch`.
+     * Used by tests to inject a mock without monkeypatching globals.
+     */
+    readonly fetch?: typeof fetch;
+}
 export declare class AithosSDK {
     /** Resolved endpoint configuration (defaults + caller overrides). */
     readonly endpoints: AithosSdkEndpoints;
     /** Application DID (as declared in mandates). */
     readonly appDid: string;
-    /** User DID (derived from `config.identity`). */
-    readonly userDid: string;
+    /** The same auth instance the app constructed and passed in. */
+    readonly auth: AithosAuth;
     /** Compute proxy namespace — Bedrock invocation. */
     readonly compute: ComputeNamespace;
     /** Wallet namespace — Stripe top-up. */
     readonly wallet: WalletNamespace;
+    /** Ethos editing namespace — load, mutate (staged), publish. */
+    readonly ethos: EthosNamespace;
+    /** Mandate lifecycle namespace — create / list / revoke. */
+    readonly mandates: MandatesNamespace;
+    /** Web extraction namespace — aithos.web_extract through the web extractor proxy. */
+    readonly web: WebNamespace;
+    /**
+     * App lifecycle namespace — sponsorship mandates + app-credit top-ups.
+     * V0.1 (2026-05-27 — draft §13). Lets a developer pre-pay a pool that
+     * funds compute calls from their app's users within explicit caps.
+     */
+    readonly apps: AppsNamespace;
     constructor(config: AithosSDKConfig);
+    /** DID of the currently signed-in owner, or null if no owner is loaded. */
+    get userDid(): string | null;
 }
 //# sourceMappingURL=sdk.d.ts.map

package/dist/src/sdk.js

@@ -1,58 +1,84 @@
 // SPDX-License-Identifier: Apache-2.0
 // Copyright 2026 Mathieu Colla
-// AithosSDK — top-level developer surface.
-//
-// One construction, namespaced methods. The SDK takes the user's identity
-// (a `BrowserIdentity` from `@aithos/protocol-client`) and the calling
-// app's DID, then exposes:
-//
-//   sdk.compute  — Bedrock invocation through the compute proxy.
-//   sdk.wallet   — Stripe Checkout for credit-pack top-ups.
-//   sdk.ethos    — re-exports from protocol-client (zone editor, signers).
-//   sdk.onboarding / sdk.mandates — likewise.
-//
-// The class is intentionally thin: the heavy lifting lives in dedicated
-// namespace classes (`ComputeNamespace`, `WalletNamespace`) so each can be
-// tested in isolation with a mock fetch and so an advanced caller could
-// instantiate just one of them if needed.
+import { AppsNamespace } from "./apps.js";
 import { ComputeNamespace } from "./compute.js";
 import { resolveEndpoints } from "./endpoints.js";
+import { EthosNamespace } from "./ethos.js";
+import { MandatesNamespace } from "./mandates.js";
 import { WalletNamespace } from "./wallet.js";
+import { WebNamespace } from "./web.js";
 export class AithosSDK {
     /** Resolved endpoint configuration (defaults + caller overrides). */
     endpoints;
     /** Application DID (as declared in mandates). */
     appDid;
-    /** User DID (derived from `config.identity`). */
-    userDid;
+    /** The same auth instance the app constructed and passed in. */
+    auth;
     /** Compute proxy namespace — Bedrock invocation. */
     compute;
     /** Wallet namespace — Stripe top-up. */
     wallet;
+    /** Ethos editing namespace — load, mutate (staged), publish. */
+    ethos;
+    /** Mandate lifecycle namespace — create / list / revoke. */
+    mandates;
+    /** Web extraction namespace — aithos.web_extract through the web extractor proxy. */
+    web;
+    /**
+     * App lifecycle namespace — sponsorship mandates + app-credit top-ups.
+     * V0.1 (2026-05-27 — draft §13). Lets a developer pre-pay a pool that
+     * funds compute calls from their app's users within explicit caps.
+     */
+    apps;
     constructor(config) {
-        if (!config.identity) {
-            throw new TypeError("AithosSDK: config.identity is required");
+        if (!config.auth) {
+            throw new TypeError("AithosSDK: config.auth is required");
         }
         if (!config.appDid || typeof config.appDid !== "string") {
             throw new TypeError("AithosSDK: config.appDid is required (string)");
         }
         this.endpoints = resolveEndpoints(config.endpoints);
         this.appDid = config.appDid;
-        this.userDid = config.identity.did;
+        this.auth = config.auth;
         const fetchImpl = config.fetch ?? globalThis.fetch.bind(globalThis);
         this.compute = new ComputeNamespace({
-            identity: config.identity,
+            auth: config.auth,
             appDid: config.appDid,
             endpoints: this.endpoints,
             fetch: fetchImpl,
         });
         this.wallet = new WalletNamespace({
-            identity: config.identity,
+            auth: config.auth,
             appDid: config.appDid,
-            userDid: config.identity.did,
             endpoints: this.endpoints,
             fetch: fetchImpl,
         });
+        this.ethos = new EthosNamespace({
+            auth: config.auth,
+            endpoints: this.endpoints,
+            fetch: fetchImpl,
+        });
+        this.mandates = new MandatesNamespace({
+            auth: config.auth,
+            endpoints: this.endpoints,
+            fetch: fetchImpl,
+        });
+        this.web = new WebNamespace({
+            auth: config.auth,
+            appDid: config.appDid,
+            endpoints: this.endpoints,
+            fetch: fetchImpl,
+        });
+        this.apps = new AppsNamespace({
+            auth: config.auth,
+            appDid: config.appDid,
+            endpoints: this.endpoints,
+            fetch: fetchImpl,
+        });
+    }
+    /** DID of the currently signed-in owner, or null if no owner is loaded. */
+    get userDid() {
+        return this.auth.getOwnerInfo()?.did ?? null;
     }
 }
 //# sourceMappingURL=sdk.js.map

package/dist/src/wallet.d.ts

@@ -1,4 +1,4 @@
-import { type BrowserIdentity } from "@aithos/protocol-client";
+import type { AithosAuth } from "./auth.js";
 import { type AithosSdkEndpoints } from "./endpoints.js";
 /**
  * Canonical credit-pack identifiers. Pricing and microcredit amounts are
@@ -44,12 +44,10 @@ export interface GetBalanceResult {
     readonly exists: boolean;
 }
 export interface WalletNamespaceDeps {
-    /** User identity — needed to sign the balance-lookup envelope. */
-    readonly identity: BrowserIdentity;
+    /** Auth instance — the wallet reads the active owner DID + signing key from here. */
+    readonly auth: AithosAuth;
     /** App DID — sent as audit attribution alongside the balance request. */
     readonly appDid: string;
-    /** Pre-resolved DID convenience accessor (mirrors identity.did). */
-    readonly userDid: string;
     readonly endpoints: AithosSdkEndpoints;
     readonly fetch: typeof fetch;
 }
@@ -64,7 +62,7 @@ export declare class WalletNamespace {
      * hosted URL — the caller is responsible for redirecting the user (e.g.
      * `window.location.href = result.checkoutUrl`).
      *
-     * On success, the Stripe webhook will credit `userDid`'s wallet once the
+     * On success, the Stripe webhook will credit the user's wallet once the
      * payment clears. Wallet balances are shared across all Aithos apps that
      * use the same DID.
      */

package/dist/src/wallet.js

@@ -13,8 +13,9 @@
 //     compute proxy at `${compute}/v1/invoke`. Read-only DDB GetItem on
 //     the wallet table, gated by the same signed envelope verification
 //     as compute_invoke. Returns the current balance + daily spent.
-import { buildSignedEnvelope, } from "@aithos/protocol-client";
+import { buildSignedEnvelope } from "@aithos/protocol-client";
 import { computeInvokeUrl, walletTopupCheckoutUrl, } from "./endpoints.js";
+import { ownerKeyPair } from "./internal/protocol-client-bridge.js";
 import { AithosSDKError } from "./types.js";
 /**
  * `sdk.wallet` namespace.
@@ -29,12 +30,16 @@ export class WalletNamespace {
      * hosted URL — the caller is responsible for redirecting the user (e.g.
      * `window.location.href = result.checkoutUrl`).
      *
-     * On success, the Stripe webhook will credit `userDid`'s wallet once the
+     * On success, the Stripe webhook will credit the user's wallet once the
      * payment clears. Wallet balances are shared across all Aithos apps that
      * use the same DID.
      */
     async createTopupSession(args) {
-        const { userDid, endpoints, fetch: fetchImpl } = this.#deps;
+        const { auth, endpoints, fetch: fetchImpl } = this.#deps;
+        const owner = auth._getOwnerSigners();
+        if (!owner || owner.destroyed) {
+            throw new AithosSDKError("sdk_no_owner", "no owner signed in; sign in first");
+        }
         const url = walletTopupCheckoutUrl(endpoints);
         let res;
         try {
@@ -42,7 +47,7 @@ export class WalletNamespace {
                 method: "POST",
                 headers: { "content-type": "application/json" },
                 body: JSON.stringify({
-                    user_did: userDid,
+                    user_did: owner.did,
                     pack_id: args.packId,
                     success_url: args.successUrl,
                     cancel_url: args.cancelUrl,
@@ -88,16 +93,21 @@ export class WalletNamespace {
      *   envelope-verify failures from the proxy).
      */
     async getBalance(args = {}) {
-        const { identity, appDid, endpoints, fetch: fetchImpl } = this.#deps;
+        const { auth, appDid, endpoints, fetch: fetchImpl } = this.#deps;
+        const owner = auth._getOwnerSigners();
+        if (!owner || owner.destroyed) {
+            throw new AithosSDKError("sdk_no_owner", "no owner signed in; sign in first");
+        }
+        const publicKp = ownerKeyPair(owner, "public");
         const url = computeInvokeUrl(endpoints);
         const params = { app_did: appDid };
         const envelope = buildSignedEnvelope({
-            iss: identity.did,
+            iss: owner.did,
             aud: url,
             method: "aithos.wallet_get_balance",
-            verificationMethod: `${identity.did}#public`,
+            verificationMethod: `${owner.did}#public`,
             params,
-            signer: identity.public,
+            signer: publicKp,
         });
         let res;
         try {

package/dist/src/web.d.ts

@@ -0,0 +1,279 @@
+import type { AithosAuth } from "./auth.js";
+import { type AithosSdkEndpoints } from "./endpoints.js";
+/** Opt-in scope a mandate must carry to invoke `aithos.web_extract`. */
+export declare const WEB_EXTRACT_SCOPE: "web.extract";
+export interface ExtractArgs {
+    /**
+     * Mandate ID under which this call should be attributed.
+     *
+     * - **Owner sessions**: optional. The SDK uses the owner's own DID
+     *   as a sentinel "self" mandate id — the proxy skips mandate checks
+     *   when the envelope is owner-signed.
+     * - **Delegate sessions**: required. Must reference the imported
+     *   mandate bundle the SDK signs with; the proxy enforces the
+     *   `web.extract` scope.
+     */
+    readonly mandateId?: string;
+    /** Absolute http(s) URL to extract. */
+    readonly url: string;
+    /**
+     * Playwright `waitUntil` strategy passed straight through to the
+     * server-side navigation. Defaults to `"networkidle"` server-side
+     * if omitted.
+     */
+    readonly waitUntil?: "load" | "domcontentloaded" | "networkidle";
+    /** Navigation timeout in ms. Server validates [1000, 60000]. */
+    readonly timeoutMs?: number;
+    /** Reserved for audit-level deduplication; the proxy currently does not
+     *  enforce idempotency keys for extractions. */
+    readonly idempotencyKey?: string;
+    /** Abort signal to cancel the request. */
+    readonly signal?: AbortSignal;
+}
+export interface ExtractMeta {
+    readonly title: string | null;
+    readonly description: string | null;
+    readonly lang: string | null;
+    readonly charset: string | null;
+    readonly viewport: string | null;
+    readonly canonical: string | null;
+    readonly og: Readonly<Record<string, string>>;
+}
+export interface ExtractHeading {
+    readonly level: 1 | 2 | 3 | 4 | 5 | 6;
+    readonly text: string;
+    readonly id: string | null;
+}
+export interface ExtractSection {
+    readonly tag: string;
+    readonly role: string | null;
+    readonly html: string;
+    readonly text_len: number;
+}
+export interface ExtractLink {
+    readonly label: string;
+    readonly href: string;
+    readonly internal: boolean;
+}
+export interface ExtractImage {
+    readonly src: string;
+    readonly alt: string | null;
+    readonly role: string | null;
+}
+export interface ExtractFormField {
+    readonly type: string;
+    readonly name: string | null;
+    readonly required: boolean;
+}
+export interface ExtractForm {
+    readonly action: string | null;
+    readonly method: string;
+    readonly fields: readonly ExtractFormField[];
+}
+export interface ExtractStructure {
+    readonly headings: readonly ExtractHeading[];
+    readonly sections: readonly ExtractSection[];
+    readonly nav_links: readonly ExtractLink[];
+    readonly forms: readonly ExtractForm[];
+}
+export interface ExtractContent {
+    readonly main_html: string;
+    readonly main_text: string;
+    readonly images: readonly ExtractImage[];
+    readonly links: {
+        readonly internal: readonly ExtractLink[];
+        readonly external: readonly ExtractLink[];
+    };
+}
+export interface ExtractStyles {
+    readonly css: string;
+    readonly inline_styles_count: number;
+}
+export interface PaletteEntry {
+    readonly hex: string;
+    readonly weight: number;
+    readonly role: "background" | "text" | "accent" | "other";
+}
+export interface ComponentStyle {
+    readonly count: number;
+    readonly bg: string | null;
+    readonly fg: string | null;
+    readonly border: string | null;
+    readonly radius: string | null;
+    readonly padding: string | null;
+    readonly font_size: string | null;
+    readonly font_weight: string | null;
+}
+export interface VisualSignature {
+    readonly colors: {
+        readonly palette: readonly PaletteEntry[];
+        readonly background: string | null;
+        readonly text: string | null;
+        readonly primary: string | null;
+        readonly link: string | null;
+    };
+    readonly typography: {
+        readonly heading_font: string | null;
+        readonly body_font: string | null;
+        readonly size_scale: readonly number[];
+        readonly base_size_px: number | null;
+        readonly base_line_height: number | null;
+    };
+    readonly radii: {
+        readonly button: string | null;
+        readonly input: string | null;
+        readonly card: string | null;
+    };
+    readonly spacing: {
+        readonly base_unit_px: number | null;
+        readonly common_gaps_px: readonly number[];
+    };
+    readonly layout: {
+        readonly max_content_width_px: number | null;
+        readonly mode: "flex" | "grid" | "block" | null;
+    };
+    readonly components: {
+        readonly buttons: readonly ComponentStyle[];
+        readonly inputs: readonly ComponentStyle[];
+        readonly cards: readonly ComponentStyle[];
+    };
+}
+export interface ExtractIconDeclaration {
+    /** href as written in the HTML (relative or absolute). */
+    readonly href: string;
+    /** rel value, lowercased: "icon", "apple-touch-icon", "shortcut icon", ... */
+    readonly rel: string;
+    /** Declared `sizes` attribute, e.g. "180x180" or "any" or null. */
+    readonly sizes: string | null;
+    /** Declared mime type, e.g. "image/svg+xml" or null. */
+    readonly type: string | null;
+}
+/**
+ * Logo asset resolved server-side. The Lambda picks the best
+ * symbol-only asset available on the page — declared <link rel="icon"|
+ * "apple-touch-icon"> declarations + conventional well-known paths
+ * (/apple-touch-icon.png, /favicon.svg, /favicon.ico) — in that
+ * order of expected quality. Null when nothing resolves.
+ *
+ * Favicons are symbol-only by construction (no designer ships a
+ * wordmark inside a 16-180 px icon), which sidesteps the
+ * lockup-vs-symbol problem callers used to handle client-side with
+ * a vision model.
+ */
+export interface ExtractLogo {
+    /** Absolute URL of the asset that was successfully fetched. */
+    readonly url: string;
+    /** Which source produced the winner. */
+    readonly source: "link-icon-svg" | "link-apple-touch-icon" | "link-icon-large" | "link-icon" | "link-shortcut-icon" | "well-known-apple-180" | "well-known-apple" | "well-known-svg" | "well-known-png-large" | "well-known-ico";
+    readonly content_type: string;
+    readonly size_bytes: number;
+    /** Base64-encoded asset bytes (no `data:` prefix). Build a data
+     *  URI with `data:${content_type};base64,${base64}`. */
+    readonly base64: string;
+}
+export interface ExtractData {
+    readonly url: string;
+    readonly final_url: string;
+    readonly fetched_at: string;
+    readonly render_ms: number;
+    readonly meta: ExtractMeta;
+    readonly structure: ExtractStructure;
+    readonly content: ExtractContent;
+    readonly styles: ExtractStyles;
+    readonly visual_signature: VisualSignature;
+    /**
+     * Best logo asset resolved by the lambda — null when no
+     * <link rel="icon"> declaration and no conventional favicon
+     * path produced a usable image. Callers should then let the
+     * operator upload the logo manually rather than treat this as
+     * a fatal error.
+     */
+    readonly logo: ExtractLogo | null;
+}
+export interface ExtractResult {
+    /** Cleaned extraction payload. */
+    readonly data: ExtractData;
+    /** Microcredits charged for this call (1 on success, 0 on refunded failures). */
+    readonly creditsCharged: number;
+    /** Wallet balance after the (possibly refunded) debit. */
+    readonly walletBalance: number;
+    /** Audit log id for traceability. */
+    readonly auditId: string;
+}
+export interface FetchAssetArgs {
+    /** Absolute http(s) URL of the asset to fetch. */
+    readonly url: string;
+    /** Mandate id under which this call should be attributed. */
+    readonly mandateId?: string;
+    /** Abort signal. */
+    readonly signal?: AbortSignal;
+}
+export interface FetchAssetResult {
+    /** Asset payload. */
+    readonly data: {
+        /** URL we asked the proxy to fetch. */
+        readonly url: string;
+        /** URL after the proxy followed any redirects. */
+        readonly final_url: string;
+        /** Content-Type reported by the upstream server. */
+        readonly content_type: string;
+        /** Size of the fetched body in bytes. */
+        readonly size_bytes: number;
+        /** Base64-encoded body (no `data:` prefix). Build a data URI
+         *  with `data:${content_type};base64,${base64}`. */
+        readonly base64: string;
+    };
+    /** Microcredits charged for this call. */
+    readonly creditsCharged: number;
+    readonly walletBalance: number;
+    readonly auditId: string;
+}
+export interface WebNamespaceDeps {
+    readonly auth: AithosAuth;
+    readonly appDid: string;
+    readonly endpoints: AithosSdkEndpoints;
+    readonly fetch: typeof fetch;
+}
+/**
+ * `sdk.web` namespace — Aithos's web extraction primitive.
+ *
+ * Designed so a downstream agent can read the static content of any
+ * public page (HTML, purged CSS, computed visual signature) without
+ * involving an LLM — saving ~30× over a Bedrock-based extraction in
+ * both latency and cost.
+ *
+ * @throws {AithosSDKError} — same error taxonomy as `sdk.compute`,
+ *   including `-32071` (insufficient balance with `{required, available}`
+ *   in `data`) and `-32042` (mandate scope mismatch).
+ */
+export declare class WebNamespace {
+    #private;
+    constructor(deps: WebNamespaceDeps);
+    /**
+     * Extract a public webpage. Returns the cleaned HTML, purged CSS and
+     * a deterministic visual signature (palette, typography, dominant
+     * radii, spacing, layout mode, component digests).
+     */
+    extract(args: ExtractArgs): Promise<ExtractResult>;
+    /**
+     * Fetch a single asset (image / font / css / json …) server-side,
+     * bypassing browser CORS. Returns the bytes as base64 + content-type.
+     *
+     * Use when `fetch(url, {mode: "cors"})` and `<img crossOrigin>`
+     * canvas readback both fail because the asset server doesn't return
+     * Access-Control-Allow-Origin headers — typical for production
+     * sites' logos hosted on the main domain.
+     *
+     * For the common "logo of a webpage" case the lambda already
+     * resolves and embeds the best symbol-only logo in
+     * {@link extract}'s `data.logo` field; you only need fetchAsset
+     * when extract's logo doesn't fit, when picking up secondary
+     * assets (og:image, hero image, document download), or when
+     * fetching an asset on a page you haven't extracted.
+     *
+     * Costs 1 mc per successful fetch, full refund on failure. Server
+     * caps: 15 s timeout, 10 MB body, http/https only.
+     */
+    fetchAsset(args: FetchAssetArgs): Promise<FetchAssetResult>;
+}
+//# sourceMappingURL=web.d.ts.map