@aithos/sdk 0.1.0-alpha.41 → 0.1.0-alpha.42

package/dist/src/apps.d.ts

@@ -151,5 +151,74 @@ export declare class AppsNamespace {
      * just with the app-credits pack id family.
      */
     createAppTopupSession(args: CreateAppTopupSessionArgs): Promise<CreateAppTopupSessionResult>;
+    /**
+     * Build, sign, and PUBLISH a SponsorshipMandate to the authority's
+     * `aithos-app-sponsorships` table via `aithos.sponsorship_create`.
+     *
+     * Combines local signing (see {@link createSponsorshipMandate}) with the
+     * server upload step. After this resolves, the sponsorship is active —
+     * the next `sdk.compute.invokeBedrock` call targeting `args.audience.appDid`
+     * may be sponsored (subject to caps).
+     *
+     * Requires that the calling owner is the registered `owner_did` of
+     * `args.audience.appDid` in `aithos-auth-apps`; otherwise the server
+     * rejects with `-32042` "not the owner".
+     */
+    publishSponsorship(args: CreateSponsorshipMandateArgs): Promise<{
+        mandate: SignedSponsorshipMandate;
+        sponsorshipId: string;
+        mandateHash: string;
+        status: "active";
+        createdAt: number;
+    }>;
+    /**
+     * Read the active sponsorship for an app. Open endpoint (no envelope
+     * required): the mandate is publicly signed and resolvable anyway.
+     *
+     * Returns `{ exists: false }` when no row exists for the app.
+     */
+    getSponsorship(args: {
+        appDid: string;
+        signal?: AbortSignal;
+    }): Promise<{
+        exists: false;
+    } | {
+        exists: true;
+        sponsorshipId: string;
+        mandate: SignedSponsorshipMandate;
+        mandateHash: string;
+        status: "active" | "paused" | "depleted" | "expired" | "revoked";
+        poolConsumedLifetime: number;
+        createdAt: number;
+        lastUpdatedAt: number;
+    }>;
+    /**
+     * Revoke a published sponsorship by `app_did` + `sponsorship_id`. The
+     * row is marked `status: "revoked"` server-side; the routing cache is
+     * invalidated so the next compute call falls back to the user wallet.
+     */
+    revokeSponsorship(args: {
+        appDid: string;
+        sponsorshipId: string;
+        reason: string;
+        signal?: AbortSignal;
+    }): Promise<{
+        status: "revoked";
+    }>;
+    /**
+     * Read the app's wallet balance (= the sponsor pool). Requires owner
+     * signature.
+     */
+    getAppWalletBalance(args: {
+        appDid: string;
+        signal?: AbortSignal;
+    }): Promise<{
+        appDid: string;
+        exists: boolean;
+        balance: number;
+        balancePurchase: number;
+        balanceGrant: number;
+        dailySpent: number;
+    }>;
 }
 //# sourceMappingURL=apps.d.ts.map

package/dist/src/apps.js

@@ -25,8 +25,8 @@
 // a CloudFront-fronted read endpoint or direct DDB access. We'll add it
 // in V0.2 once the sponsorship-api Lambda exists; for now, devs check
 // their sponsorship via the AWS Console.
-import { base64url, sign } from "@aithos/protocol-client";
-import { walletTopupCheckoutUrl } from "./endpoints.js";
+import { base64url, buildSignedEnvelope, sign } from "@aithos/protocol-client";
+import { computeInvokeUrl, walletTopupCheckoutUrl } from "./endpoints.js";
 import { ownerKeyPair } from "./internal/protocol-client-bridge.js";
 import { AithosSDKError } from "./types.js";
 /* -------------------------------------------------------------------------- */
@@ -191,6 +191,161 @@ export class AppsNamespace {
         }
         return { checkoutUrl: ok.checkout_url, sessionId: ok.session_id };
     }
+    /**
+     * Build, sign, and PUBLISH a SponsorshipMandate to the authority's
+     * `aithos-app-sponsorships` table via `aithos.sponsorship_create`.
+     *
+     * Combines local signing (see {@link createSponsorshipMandate}) with the
+     * server upload step. After this resolves, the sponsorship is active —
+     * the next `sdk.compute.invokeBedrock` call targeting `args.audience.appDid`
+     * may be sponsored (subject to caps).
+     *
+     * Requires that the calling owner is the registered `owner_did` of
+     * `args.audience.appDid` in `aithos-auth-apps`; otherwise the server
+     * rejects with `-32042` "not the owner".
+     */
+    async publishSponsorship(args) {
+        const mandate = await this.createSponsorshipMandate(args);
+        const result = await this.#signedRpc({
+            method: "aithos.sponsorship_create",
+            params: { mandate },
+        });
+        return {
+            mandate,
+            sponsorshipId: result.sponsorship_id,
+            mandateHash: result.mandate_hash,
+            status: result.status,
+            createdAt: result.created_at,
+        };
+    }
+    /**
+     * Read the active sponsorship for an app. Open endpoint (no envelope
+     * required): the mandate is publicly signed and resolvable anyway.
+     *
+     * Returns `{ exists: false }` when no row exists for the app.
+     */
+    async getSponsorship(args) {
+        const { endpoints, fetch: fetchImpl } = this.#deps;
+        const url = computeInvokeUrl(endpoints);
+        let res;
+        try {
+            res = await fetchImpl(url, {
+                method: "POST",
+                headers: { "content-type": "application/json" },
+                body: JSON.stringify({
+                    jsonrpc: "2.0",
+                    id: "aithos.sponsorship_get",
+                    method: "aithos.sponsorship_get",
+                    params: { app_did: args.appDid },
+                }),
+                ...(args.signal ? { signal: args.signal } : {}),
+            });
+        }
+        catch (e) {
+            throw new AithosSDKError("network", e.message);
+        }
+        const body = (await res.json());
+        if (body.error) {
+            throw new AithosSDKError(String(body.error.code), body.error.message);
+        }
+        const r = body.result ?? {};
+        if (r.exists === false || !r.exists) {
+            return { exists: false };
+        }
+        return {
+            exists: true,
+            sponsorshipId: r.sponsorship_id,
+            mandate: r.mandate,
+            mandateHash: r.mandate_hash,
+            status: r.status,
+            poolConsumedLifetime: r.pool_consumed_lifetime ?? 0,
+            createdAt: r.created_at ?? 0,
+            lastUpdatedAt: r.last_updated_at ?? 0,
+        };
+    }
+    /**
+     * Revoke a published sponsorship by `app_did` + `sponsorship_id`. The
+     * row is marked `status: "revoked"` server-side; the routing cache is
+     * invalidated so the next compute call falls back to the user wallet.
+     */
+    async revokeSponsorship(args) {
+        const result = await this.#signedRpc({
+            method: "aithos.sponsorship_revoke",
+            params: {
+                app_did: args.appDid,
+                sponsorship_id: args.sponsorshipId,
+                reason: args.reason,
+            },
+            ...(args.signal ? { signal: args.signal } : {}),
+        });
+        return result;
+    }
+    /**
+     * Read the app's wallet balance (= the sponsor pool). Requires owner
+     * signature.
+     */
+    async getAppWalletBalance(args) {
+        const result = await this.#signedRpc({
+            method: "aithos.app_wallet_get_balance",
+            params: { app_did: args.appDid },
+            ...(args.signal ? { signal: args.signal } : {}),
+        });
+        return {
+            appDid: result.app_did,
+            exists: result.exists,
+            balance: result.balance,
+            balancePurchase: result.balance_purchase,
+            balanceGrant: result.balance_grant,
+            dailySpent: result.daily_spent,
+        };
+    }
+    /**
+     * Internal: sign an envelope with the calling owner's `#public` sphere
+     * and POST a JSON-RPC request to the compute proxy. Used by the
+     * sponsorship CRUD methods above. Mirrors `ComputeNamespace.#signAndPost`.
+     */
+    async #signedRpc(opts) {
+        const { endpoints, fetch: fetchImpl } = this.#deps;
+        const owner = this.#requireOwner();
+        const publicKp = ownerKeyPair(owner, "public");
+        const url = computeInvokeUrl(endpoints);
+        const envelope = buildSignedEnvelope({
+            iss: owner.did,
+            aud: url,
+            method: opts.method,
+            verificationMethod: `${owner.did}#public`,
+            params: opts.params,
+            signer: publicKp,
+        });
+        let res;
+        try {
+            res = await fetchImpl(url, {
+                method: "POST",
+                headers: { "content-type": "application/json" },
+                body: JSON.stringify({
+                    jsonrpc: "2.0",
+                    id: opts.method,
+                    method: opts.method,
+                    params: { ...opts.params, _envelope: envelope },
+                }),
+                ...(opts.signal ? { signal: opts.signal } : {}),
+            });
+        }
+        catch (e) {
+            throw new AithosSDKError("network", e.message);
+        }
+        if (!res.ok) {
+            throw new AithosSDKError("http", `HTTP ${res.status} ${res.statusText}`, { status: res.status });
+        }
+        const body = (await res.json());
+        if (body.error) {
+            throw new AithosSDKError(String(body.error.code), body.error.message, body.error.data ? { data: body.error.data } : undefined);
+        }
+        if (body.result === undefined) {
+            throw new AithosSDKError("empty", `empty result for ${opts.method}`);
+        }
+        return body.result;
+    }
     #requireOwner() {
         const owner = this.#deps.auth._getOwnerSigners();
         if (!owner || owner.destroyed) {

package/dist/src/index.d.ts

@@ -1,4 +1,4 @@
-export declare const VERSION = "0.1.0-alpha.41";
+export declare const VERSION = "0.1.0-alpha.42";
 export { AithosSDK } from "./sdk.js";
 export type { AithosSDKConfig } from "./types.js";
 export { AithosSDKError } from "./types.js";

package/dist/src/index.js

@@ -17,7 +17,7 @@
 // Public types specific to the SDK (`AithosSDKConfig`, `AithosSDKError`)
 // are exported from here. Endpoint config (`AithosSdkEndpoints`,
 // `DEFAULT_SDK_ENDPOINTS`) likewise.
-export const VERSION = "0.1.0-alpha.41";
+export const VERSION = "0.1.0-alpha.42";
 export { AithosSDK } from "./sdk.js";
 export { AithosSDKError } from "./types.js";
 // Re-export protocol-client's JSON-RPC error type so consumers can

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aithos/sdk",
-  "version": "0.1.0-alpha.41",
+  "version": "0.1.0-alpha.42",
   "description": "Aithos SDK — high-level TypeScript developer kit for building agentic apps on the Aithos protocol. Wraps @aithos/protocol-client and exposes the Aithos compute proxy and wallet (Stripe top-up) endpoints.",
   "keywords": [
     "aithos",
@@ -43,15 +43,6 @@
     "README.md",
     "LICENSE"
   ],
-  "scripts": {
-    "build": "tsc",
-    "build:test": "tsc -p tsconfig.test.json",
-    "check-types": "tsc --noEmit && tsc -p tsconfig.test.json --noEmit",
-    "test": "npm run clean && npm run build && npm run build:test && cd dist && node --test",
-    "test:watch": "cd dist && node --test --watch",
-    "clean": "rm -rf dist",
-    "prepublishOnly": "npm run clean && npm run build && npm test"
-  },
   "engines": {
     "node": ">=20"
   },
@@ -77,5 +68,13 @@
   "publishConfig": {
     "access": "public",
     "tag": "alpha"
+  },
+  "scripts": {
+    "build": "tsc",
+    "build:test": "tsc -p tsconfig.test.json",
+    "check-types": "tsc --noEmit && tsc -p tsconfig.test.json --noEmit",
+    "test": "npm run clean && npm run build && npm run build:test && cd dist && node --test",
+    "test:watch": "cd dist && node --test --watch",
+    "clean": "rm -rf dist"
   }
-}
+}