@aithos/sdk 0.1.0-alpha.40 → 0.1.0-alpha.42

package/dist/src/compute.d.ts

@@ -58,6 +58,36 @@ export interface InvokeBedrockResult {
     readonly walletBalance: number;
     /** Audit log id for traceability. */
     readonly auditId: string;
+    /**
+     * Which wallet was actually debited (draft §13.8, V0.1 sponsorship).
+     *   - `"sponsored"` — the app developer's wallet (free trial / promo).
+     *   - `"grant"`     — the user's grant bucket (Aithos-donated credits).
+     *   - `"purchase"`  — the user's own paid credits.
+     * Absent on legacy server responses (pre-2026-05-27).
+     */
+    readonly fundedBy?: "sponsored" | "grant" | "purchase";
+    /**
+     * If `fundedBy === "sponsored"`, the sponsor's DID (= the developer
+     * who pre-paid the pool). Absent otherwise.
+     */
+    readonly sponsoredBy?: string;
+    /**
+     * If sponsored, the signed `ConsumptionReceipt` id (`rcpt_…`) the
+     * authority issued for this debit. The receipt itself can be fetched
+     * later via the receipts API (V0.2). Present on every signed call
+     * when the authority is configured, regardless of `fundedBy`.
+     */
+    readonly receiptId?: string;
+    /**
+     * If sponsored, remaining microcredits for THIS consumer in this
+     * sponsorship pool. Useful for displaying "X free calls remaining"
+     * without an extra round-trip. May be `0` even when the user can
+     * still consume — when the authority can't compute the remainder
+     * cheaply (e.g. windowed caps), the SDK gets a conservative 0 and
+     * the SPA should fall back to calling `sdk.apps.getSponsorshipStatusForUser`
+     * (V0.2).
+     */
+    readonly sponsoredRemainingForUser?: number;
 }
 /**
  * Stable cross-provider image model ids supported by the Aithos compute

package/dist/src/index.d.ts

@@ -1,4 +1,4 @@
-export declare const VERSION = "0.1.0-alpha.39";
+export declare const VERSION = "0.1.0-alpha.42";
 export { AithosSDK } from "./sdk.js";
 export type { AithosSDKConfig } from "./types.js";
 export { AithosSDKError } from "./types.js";
@@ -20,6 +20,8 @@ export { EthosClient, EthosNamespace, EthosZone, ZONE_NAMES, } from "./ethos.js"
 export type { AddSectionInput, PublishResult, StagedChange, UpdateSectionPatch, ZoneName, } from "./ethos.js";
 export { COMPUTE_INVOKE_SCOPE, MandatesNamespace } from "./mandates.js";
 export type { ActorSphere, CreateMandateComputeInput, CreateMandateInput, MintedMandate, OwnedMandate, Scope, } from "./mandates.js";
+export { AppsNamespace } from "./apps.js";
+export type { AudienceSet, AppCreditPackId, CreateAppTopupSessionArgs, CreateAppTopupSessionResult, CreateSponsorshipMandateArgs, SignedSponsorshipMandate, SignedSponsorshipRevocation, SponsorshipAccountingAuthorityInput, SponsorshipAudienceInput, SponsorshipBudgetInput, } from "./apps.js";
 export * as onboarding from "./onboarding.js";
 export { createBrowserIdentity, browserIdentityFromStored, type BrowserIdentity, } from "@aithos/protocol-client";
 export type { Section } from "@aithos/protocol-client";

package/dist/src/index.js

@@ -17,7 +17,7 @@
 // Public types specific to the SDK (`AithosSDKConfig`, `AithosSDKError`)
 // are exported from here. Endpoint config (`AithosSdkEndpoints`,
 // `DEFAULT_SDK_ENDPOINTS`) likewise.
-export const VERSION = "0.1.0-alpha.39";
+export const VERSION = "0.1.0-alpha.42";
 export { AithosSDK } from "./sdk.js";
 export { AithosSDKError } from "./types.js";
 // Re-export protocol-client's JSON-RPC error type so consumers can
@@ -52,6 +52,12 @@ export { DEFAULT_KEYSTORE_DB_NAME, defaultKeyStore, indexedDbKeyStore, memoryKey
 export { EthosClient, EthosNamespace, EthosZone, ZONE_NAMES, } from "./ethos.js";
 // `sdk.mandates` namespace — owner-side mandate lifecycle.
 export { COMPUTE_INVOKE_SCOPE, MandatesNamespace } from "./mandates.js";
+// `sdk.apps` namespace — sponsorship mandates + app-credit top-ups
+// (draft §13, V0.1). Pre-pay a pool that funds your users' compute
+// calls within explicit caps. Per-user caps + per-day caps + lifetime
+// pool cap enforced server-side. Fallback to user wallet when caps
+// are reached or pool is empty.
+export { AppsNamespace } from "./apps.js";
 // Onboarding re-exports kept for advanced callers — the curated API
 // for first-run flows is `auth.signUp` (already shipped in J3).
 export * as onboarding from "./onboarding.js";

package/dist/src/sdk.d.ts

@@ -1,4 +1,5 @@
 import type { AithosAuth } from "./auth.js";
+import { AppsNamespace } from "./apps.js";
 import { ComputeNamespace } from "./compute.js";
 import { type AithosSdkEndpoints } from "./endpoints.js";
 import { EthosNamespace } from "./ethos.js";
@@ -47,6 +48,12 @@ export declare class AithosSDK {
     readonly mandates: MandatesNamespace;
     /** Web extraction namespace — aithos.web_extract through the web extractor proxy. */
     readonly web: WebNamespace;
+    /**
+     * App lifecycle namespace — sponsorship mandates + app-credit top-ups.
+     * V0.1 (2026-05-27 — draft §13). Lets a developer pre-pay a pool that
+     * funds compute calls from their app's users within explicit caps.
+     */
+    readonly apps: AppsNamespace;
     constructor(config: AithosSDKConfig);
     /** DID of the currently signed-in owner, or null if no owner is loaded. */
     get userDid(): string | null;

package/dist/src/sdk.js

@@ -1,5 +1,6 @@
 // SPDX-License-Identifier: Apache-2.0
 // Copyright 2026 Mathieu Colla
+import { AppsNamespace } from "./apps.js";
 import { ComputeNamespace } from "./compute.js";
 import { resolveEndpoints } from "./endpoints.js";
 import { EthosNamespace } from "./ethos.js";
@@ -23,6 +24,12 @@ export class AithosSDK {
     mandates;
     /** Web extraction namespace — aithos.web_extract through the web extractor proxy. */
     web;
+    /**
+     * App lifecycle namespace — sponsorship mandates + app-credit top-ups.
+     * V0.1 (2026-05-27 — draft §13). Lets a developer pre-pay a pool that
+     * funds compute calls from their app's users within explicit caps.
+     */
+    apps;
     constructor(config) {
         if (!config.auth) {
             throw new TypeError("AithosSDK: config.auth is required");
@@ -62,6 +69,12 @@ export class AithosSDK {
             endpoints: this.endpoints,
             fetch: fetchImpl,
         });
+        this.apps = new AppsNamespace({
+            auth: config.auth,
+            appDid: config.appDid,
+            endpoints: this.endpoints,
+            fetch: fetchImpl,
+        });
     }
     /** DID of the currently signed-in owner, or null if no owner is loaded. */
     get userDid() {

package/dist/test/auth-j3.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=auth-j3.test.d.ts.map

package/dist/test/auth-j3.test.js

@@ -0,0 +1,391 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+// Tests for J3 — KeyStore integration, signInWithRecovery,
+// importMandate, resume(), signOut(), state accessors.
+import { strict as assert } from "node:assert";
+import { describe, it } from "node:test";
+import { createBrowserIdentity } from "@aithos/protocol-client";
+import { AithosAuth, AithosSDKError, memoryKeyStore, noopStore, } from "../src/index.js";
+import { parseDelegateBundle, readDelegateBundleText, } from "../src/internal/delegate-bundle.js";
+import { parseRecoveryFile, serializeRecoveryFile, } from "../src/internal/recovery-file.js";
+/* -------------------------------------------------------------------------- */
+/*  Test helpers                                                              */
+/* -------------------------------------------------------------------------- */
+function makeAuth(opts = {}) {
+    return new AithosAuth({
+        authBaseUrl: "https://auth.test",
+        fetch: (() => {
+            throw new Error("network not expected in this test");
+        }),
+        sessionStore: opts.sessionStore ?? noopStore(),
+        keyStore: opts.keyStore ?? memoryKeyStore(),
+    });
+}
+/** Build a recovery-file JSON string from a fresh BrowserIdentity. */
+function recoveryTextFor(handle, displayName) {
+    const id = createBrowserIdentity(handle, displayName);
+    const { text } = serializeRecoveryFile(id);
+    return { text, did: id.did };
+}
+function delegateBundleText(args) {
+    return JSON.stringify({
+        aithos_delegate_version: "0.1.0",
+        mandate: {
+            id: args.mandateId,
+            subject_did: args.subjectDid,
+            grantee: {
+                id: args.granteeId,
+                pubkey: args.granteePubkeyMultibase ?? "z6MkqGenericPubKey",
+            },
+            scopes: args.scopes ?? ["ethos.read.public"],
+        },
+        delegate_seed_hex: "11".repeat(32),
+    });
+}
+/* -------------------------------------------------------------------------- */
+/*  parseRecoveryFile / serializeRecoveryFile                                 */
+/* -------------------------------------------------------------------------- */
+describe("recovery file: parse + serialize", () => {
+    it("round-trips a fresh identity", () => {
+        const id = createBrowserIdentity("alice", "Alice");
+        const { text } = serializeRecoveryFile(id);
+        const parsed = parseRecoveryFile(text);
+        assert.equal(parsed.did, id.did);
+        assert.equal(parsed.handle, id.handle);
+        assert.equal(parsed.displayName, id.displayName);
+        assert.equal(parsed.seedsHex.root.length, 64);
+    });
+    it("accepts the runOnboarding shape (warning + created_at)", () => {
+        const id = createBrowserIdentity("bob", "Bob");
+        const text = JSON.stringify({
+            aithos_recovery_version: "0.1.0-plaintext",
+            warning: "this is plaintext, store offline",
+            handle: id.handle,
+            display_name: id.displayName,
+            did: id.did,
+            created_at: new Date().toISOString(),
+            seeds_hex: {
+                root: bytesToHex(id.root.seed),
+                public: bytesToHex(id.public.seed),
+                circle: bytesToHex(id.circle.seed),
+                self: bytesToHex(id.self.seed),
+            },
+            public_keys_multibase: {},
+        });
+        const parsed = parseRecoveryFile(text);
+        assert.equal(parsed.did, id.did);
+    });
+    it("rejects unsupported versions", () => {
+        assert.throws(() => parseRecoveryFile(JSON.stringify({ aithos_recovery_version: "9.9.9" })), (e) => e instanceof AithosSDKError && e.code === "auth_invalid_recovery_file");
+    });
+    it("rejects malformed seeds", () => {
+        const id = createBrowserIdentity("alice", "Alice");
+        const { text } = serializeRecoveryFile(id);
+        const obj = JSON.parse(text);
+        obj.seeds_hex.root = "not hex";
+        assert.throws(() => parseRecoveryFile(JSON.stringify(obj)), AithosSDKError);
+    });
+});
+/* -------------------------------------------------------------------------- */
+/*  parseDelegateBundle                                                       */
+/* -------------------------------------------------------------------------- */
+describe("delegate bundle: parse", () => {
+    it("parses a well-formed bundle (legacy subject_did field)", () => {
+        const text = delegateBundleText({
+            mandateId: "mandate:01H8XYZ",
+            subjectDid: "did:aithos:zCarol",
+            granteeId: "urn:aithos:agent:bob1",
+            scopes: ["ethos.read.public", "ethos.write.public"],
+        });
+        const parsed = parseDelegateBundle(text);
+        assert.equal(parsed.mandateId, "mandate:01H8XYZ");
+        assert.equal(parsed.subjectDid, "did:aithos:zCarol");
+        assert.equal(parsed.granteeId, "urn:aithos:agent:bob1");
+        assert.equal(parsed.delegateSeedHex.length, 64);
+    });
+    it("parses a bundle minted by mintDelegateBundle (issuer field)", () => {
+        // Real wire shape emitted by `mintDelegateBundle` in protocol-client:
+        // SignedMandate carries the subject's DID under `issuer`, NOT
+        // `subject_did`. Regression test for the import flow that broke
+        // every freshly-minted mandate before this fix.
+        const text = JSON.stringify({
+            aithos_delegate_version: "0.1.0",
+            mandate: {
+                "aithos-mandate": "0.1",
+                id: "mandate:01H8ISSUER",
+                issuer: "did:aithos:zCarol",
+                issued_by_key: "did:aithos:zCarol#root",
+                grantee: {
+                    id: "urn:aithos:agent:bob1",
+                    pubkey: "z6MkqGenericPubKey",
+                },
+                actor_sphere: "self",
+                scopes: ["ethos.read.public", "ethos.write.public"],
+                not_before: "2026-05-10T00:00:00Z",
+                not_after: "2026-05-11T00:00:00Z",
+                issued_at: "2026-05-10T00:00:00Z",
+                nonce: "abc",
+                signature: { alg: "ed25519", key: "...", value: "..." },
+            },
+            delegate_seed_hex: "11".repeat(32),
+        });
+        const parsed = parseDelegateBundle(text);
+        assert.equal(parsed.subjectDid, "did:aithos:zCarol");
+        assert.equal(parsed.mandateId, "mandate:01H8ISSUER");
+        assert.equal(parsed.granteeId, "urn:aithos:agent:bob1");
+    });
+    it("readDelegateBundleText accepts string passthrough", async () => {
+        const text = delegateBundleText({
+            mandateId: "m",
+            subjectDid: "did:aithos:z",
+            granteeId: "urn:x",
+        });
+        assert.equal(await readDelegateBundleText(text), text);
+    });
+    it("rejects missing mandate", () => {
+        assert.throws(() => parseDelegateBundle(JSON.stringify({
+            aithos_delegate_version: "0.1.0",
+            delegate_seed_hex: "11".repeat(32),
+        })), AithosSDKError);
+    });
+    it("rejects malformed delegate seed", () => {
+        assert.throws(() => parseDelegateBundle(JSON.stringify({
+            aithos_delegate_version: "0.1.0",
+            mandate: {
+                id: "m",
+                subject_did: "did:aithos:z",
+                grantee: { id: "u", pubkey: "z6MkXYZ" },
+            },
+            delegate_seed_hex: "not hex",
+        })), AithosSDKError);
+    });
+});
+/* -------------------------------------------------------------------------- */
+/*  AithosAuth — recovery sign-in                                             */
+/* -------------------------------------------------------------------------- */
+describe("AithosAuth.signInWithRecovery", () => {
+    it("hydrates owner signers + persists to keyStore (no JWT)", async () => {
+        const keyStore = memoryKeyStore();
+        const sessionStore = noopStore();
+        const auth = makeAuth({ sessionStore, keyStore });
+        assert.equal(auth.canSignAsOwner(), false);
+        assert.equal(auth.getOwnerInfo(), null);
+        const { text } = recoveryTextFor("alice", "Alice");
+        const info = await auth.signInWithRecovery({ file: text });
+        assert.equal(info.handle, "alice");
+        assert.equal(auth.canSignAsOwner(), true);
+        assert.equal(auth.getOwnerInfo()?.did, info.did);
+        assert.equal(auth.getCurrentSession(), null, "no JWT for recovery flow");
+        const persisted = await keyStore.loadOwner();
+        assert.equal(persisted?.did, info.did);
+    });
+    it("rejects loading a different owner without signOut first", async () => {
+        const auth = makeAuth();
+        const a = recoveryTextFor("alice", "Alice");
+        await auth.signInWithRecovery({ file: a.text });
+        const b = recoveryTextFor("bob", "Bob");
+        await assert.rejects(() => auth.signInWithRecovery({ file: b.text }), (e) => e instanceof AithosSDKError && e.code === "auth_owner_already_loaded");
+    });
+    it("clears any stale JWT to keep stores in sync", async () => {
+        const keyStore = memoryKeyStore();
+        let stored = {
+            session: "stale-jwt",
+            exp: Math.floor(Date.now() / 1000) + 3600,
+            did: "did:aithos:zStale",
+            handle: "stale",
+            blob_b64: "",
+            blob_nonce_b64: "",
+            blob_version: 0,
+            enc_key_b64: "",
+            is_first_login: false,
+        };
+        const sessionStore = {
+            get: () => stored,
+            set: (s) => {
+                stored = s;
+            },
+            clear: () => {
+                stored = null;
+            },
+        };
+        const auth = makeAuth({ sessionStore, keyStore });
+        const { text } = recoveryTextFor("alice", "Alice");
+        await auth.signInWithRecovery({ file: text });
+        assert.equal(stored, null, "stale JWT must be wiped");
+    });
+});
+/* -------------------------------------------------------------------------- */
+/*  AithosAuth — importMandate                                                */
+/* -------------------------------------------------------------------------- */
+describe("AithosAuth.importMandate", () => {
+    it("registers a delegate, lists it, removes it", async () => {
+        const keyStore = memoryKeyStore();
+        const auth = makeAuth({ keyStore });
+        const text = delegateBundleText({
+            mandateId: "mandate:A",
+            subjectDid: "did:aithos:zCarol",
+            granteeId: "urn:aithos:agent:bob1",
+            scopes: ["ethos.read.circle"],
+        });
+        const info = await auth.importMandate({ bundle: text });
+        assert.equal(info.mandateId, "mandate:A");
+        assert.equal(info.subjectDid, "did:aithos:zCarol");
+        assert.deepEqual(info.scopes, ["ethos.read.circle"]);
+        const list = auth.getDelegates();
+        assert.equal(list.length, 1);
+        assert.equal(list[0]?.mandateId, "mandate:A");
+        assert.equal(auth.canSignAsDelegateFor("did:aithos:zCarol"), true);
+        assert.equal(auth.canSignAsDelegateFor("did:aithos:zNobody"), false);
+        await auth.removeMandate("mandate:A");
+        assert.equal(auth.getDelegates().length, 0);
+        assert.equal((await keyStore.listDelegates()).length, 0);
+    });
+    it("works without an owner loaded (delegate-only session)", async () => {
+        const auth = makeAuth();
+        assert.equal(auth.canSignAsOwner(), false);
+        const text = delegateBundleText({
+            mandateId: "mandate:Solo",
+            subjectDid: "did:aithos:zCarol",
+            granteeId: "urn:aithos:agent:solo1",
+        });
+        await auth.importMandate({ bundle: text });
+        assert.equal(auth.canSignAsOwner(), false);
+        assert.equal(auth.canSignAsDelegateFor("did:aithos:zCarol"), true);
+    });
+    it("re-importing the same mandate replaces the prior actor", async () => {
+        const auth = makeAuth();
+        const text = delegateBundleText({
+            mandateId: "mandate:R",
+            subjectDid: "did:aithos:zCarol",
+            granteeId: "urn:aithos:agent:r",
+        });
+        await auth.importMandate({ bundle: text });
+        await auth.importMandate({ bundle: text });
+        assert.equal(auth.getDelegates().length, 1);
+    });
+});
+/* -------------------------------------------------------------------------- */
+/*  AithosAuth — resume()                                                     */
+/* -------------------------------------------------------------------------- */
+describe("AithosAuth.resume", () => {
+    it("rehydrates owner + delegates from keyStore on a fresh instance", async () => {
+        const keyStore = memoryKeyStore();
+        const sessionStore = noopStore();
+        // Seed the stores via a first auth instance.
+        {
+            const auth1 = makeAuth({ keyStore, sessionStore });
+            const { text: rt } = recoveryTextFor("alice", "Alice");
+            await auth1.signInWithRecovery({ file: rt });
+            const dt = delegateBundleText({
+                mandateId: "mandate:M1",
+                subjectDid: "did:aithos:zCarol",
+                granteeId: "urn:x",
+            });
+            await auth1.importMandate({ bundle: dt });
+        }
+        // Fresh instance, same stores → resume() must reload everything.
+        const auth2 = makeAuth({ keyStore, sessionStore });
+        assert.equal(auth2.canSignAsOwner(), false, "before resume, in-memory only");
+        await auth2.resume();
+        assert.equal(auth2.canSignAsOwner(), true);
+        assert.equal(auth2.getOwnerInfo()?.handle, "alice");
+        assert.equal(auth2.getDelegates().length, 1);
+        assert.equal(auth2.canSignAsDelegateFor("did:aithos:zCarol"), true);
+    });
+    it("strict mode: JWT in sessionStore but no owner in keyStore → wipes JWT", async () => {
+        let jwt = {
+            session: "j",
+            exp: Math.floor(Date.now() / 1000) + 3600,
+            did: "did:aithos:zGhost",
+            handle: "ghost",
+            blob_b64: "",
+            blob_nonce_b64: "",
+            blob_version: 0,
+            enc_key_b64: "",
+            is_first_login: false,
+        };
+        const sessionStore = {
+            get: () => jwt,
+            set: (s) => {
+                jwt = s;
+            },
+            clear: () => {
+                jwt = null;
+            },
+        };
+        const keyStore = memoryKeyStore();
+        const auth = makeAuth({ keyStore, sessionStore });
+        await auth.resume();
+        assert.equal(jwt, null, "out-of-sync JWT must be cleared");
+        assert.equal(auth.canSignAsOwner(), false);
+    });
+    it("strict mode: JWT and owner disagree on DID → wipes JWT only", async () => {
+        const keyStore = memoryKeyStore();
+        const { text } = recoveryTextFor("alice", "Alice");
+        // Seed the keystore with alice via one instance.
+        {
+            const auth1 = makeAuth({ keyStore });
+            await auth1.signInWithRecovery({ file: text });
+        }
+        // Now plant a JWT for a DIFFERENT DID in the session store.
+        let jwt = {
+            session: "j",
+            exp: Math.floor(Date.now() / 1000) + 3600,
+            did: "did:aithos:zSomeoneElse",
+            handle: "someone",
+            blob_b64: "",
+            blob_nonce_b64: "",
+            blob_version: 0,
+            enc_key_b64: "",
+            is_first_login: false,
+        };
+        const sessionStore = {
+            get: () => jwt,
+            set: (s) => {
+                jwt = s;
+            },
+            clear: () => {
+                jwt = null;
+            },
+        };
+        const auth2 = makeAuth({ keyStore, sessionStore });
+        await auth2.resume();
+        assert.equal(jwt, null, "mismatched JWT must be wiped");
+        // Owner is preserved (it's the source of truth in strict mode).
+        assert.equal(auth2.canSignAsOwner(), true);
+        assert.equal(auth2.getOwnerInfo()?.handle, "alice");
+    });
+});
+/* -------------------------------------------------------------------------- */
+/*  AithosAuth — signOut                                                      */
+/* -------------------------------------------------------------------------- */
+describe("AithosAuth.signOut", () => {
+    it("wipes both stores and in-memory state", async () => {
+        const keyStore = memoryKeyStore();
+        const auth = makeAuth({ keyStore });
+        const { text } = recoveryTextFor("alice", "Alice");
+        await auth.signInWithRecovery({ file: text });
+        const dt = delegateBundleText({
+            mandateId: "mandate:X",
+            subjectDid: "did:aithos:zCarol",
+            granteeId: "urn:x",
+        });
+        await auth.importMandate({ bundle: dt });
+        await auth.signOut();
+        assert.equal(auth.canSignAsOwner(), false);
+        assert.equal(auth.getOwnerInfo(), null);
+        assert.equal(auth.getDelegates().length, 0);
+        assert.equal(await keyStore.loadOwner(), null);
+        assert.equal((await keyStore.listDelegates()).length, 0);
+    });
+});
+/* -------------------------------------------------------------------------- */
+/*  Helpers                                                                   */
+/* -------------------------------------------------------------------------- */
+function bytesToHex(b) {
+    let out = "";
+    for (let i = 0; i < b.length; i++)
+        out += b[i].toString(16).padStart(2, "0");
+    return out;
+}
+//# sourceMappingURL=auth-j3.test.js.map

package/dist/test/auth.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=auth.test.d.ts.map