@aithos/sdk 0.1.0-alpha.5 → 0.1.0-alpha.50

package/dist/src/apps.js

@@ -0,0 +1,432 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+// `sdk.apps` namespace — sponsorship lifecycle for app developers.
+//
+// V0.1 surface (2026-05-27) — minimal but sufficient to bootstrap a free
+// trial flow on Linkedone and similar apps:
+//
+//   createSponsorshipMandate(args)
+//       Build + sign a SponsorshipMandate as the calling owner. Returns
+//       the signed JSON. The caller is responsible for getting the row
+//       into the authority's `aithos-app-sponsorships` table — V0.1 has
+//       no server endpoint for it (manual `aws dynamodb put-item` or a
+//       Terraform-managed seed). V0.2 will add a server endpoint.
+//
+//   revokeSponsorshipMandate(mandate, reason)
+//       Build + sign a §4.6 revocation document targeting the mandate.
+//       Same upload caveat as create — V0.1 has no server endpoint.
+//
+//   createAppTopupSession(args)
+//       Stripe Checkout session for an `app-credits-*` pack. Reuses the
+//       existing wallet-topup endpoint; the difference is the pack id
+//       and the DID being credited (the app's, not the user's).
+//
+// Why no `getSponsorshipStatus*` in V0.1: the read side requires either
+// a CloudFront-fronted read endpoint or direct DDB access. We'll add it
+// in V0.2 once the sponsorship-api Lambda exists; for now, devs check
+// their sponsorship via the AWS Console.
+import { base64url, buildSignedEnvelope, sign } from "@aithos/protocol-client";
+import { canonicalize } from "@aithos/protocol-core/canonical";
+import { computeInvokeUrl, walletTopupCheckoutUrl } from "./endpoints.js";
+import { ownerKeyPair } from "./internal/protocol-client-bridge.js";
+import { AithosSDKError } from "./types.js";
+/* -------------------------------------------------------------------------- */
+/*  Class                                                                     */
+/* -------------------------------------------------------------------------- */
+export class AppsNamespace {
+    #deps;
+    constructor(deps) {
+        this.#deps = deps;
+    }
+    /**
+     * Build and sign a `SponsorshipMandate` as the calling owner. The
+     * returned JSON is signed by the owner's `#public` sphere key, ready
+     * to be seeded into the authority's `aithos-app-sponsorships` table.
+     *
+     * V0.1 has no server endpoint — get the row into DDB via:
+     *   1. `aws dynamodb put-item --table-name aithos-app-sponsorships
+     *      --item file://mandate.json` (raw), or
+     *   2. The ops bootstrap script in
+     *      `innoesate/aithos/platform/scripts/seed-sponsorship.mjs`
+     *      (planned for V0.2).
+     *
+     * Hash with `sponsorshipMandateHash()` from `@aithos/protocol-core`
+     * if you need to embed it in an envelope's `sponsorship.hash` field.
+     */
+    async createSponsorshipMandate(args) {
+        const owner = this.#requireOwner();
+        validateBudget(args.budget);
+        validateAudience(args.audience);
+        if (args.scopes.length === 0) {
+            throw new AithosSDKError("invalid_input", "scopes must be non-empty");
+        }
+        if (args.allowedMethods.length === 0) {
+            throw new AithosSDKError("invalid_input", "allowedMethods must be non-empty");
+        }
+        const nb = args.notBefore ?? new Date();
+        const ttl = args.ttlSeconds ?? 365 * 24 * 3600;
+        const na = new Date(nb.getTime() + ttl * 1000);
+        if (na <= nb) {
+            throw new AithosSDKError("invalid_input", "ttlSeconds must produce not_after > not_before");
+        }
+        const nonce = base64url(randomBytes(9));
+        const unsigned = {
+            "aithos-sponsorship-mandate": "0.1.0",
+            id: `spons_${ulid()}`,
+            issuer: owner.did,
+            issued_by_key: `${owner.did}#public`,
+            audience: {
+                app_did: args.audience.appDid,
+                audience_set: args.audience.audienceSet,
+                ...(args.audience.consumers !== undefined
+                    ? { consumers: [...args.audience.consumers] }
+                    : {}),
+            },
+            scopes: [...args.scopes],
+            allowed_methods: [...args.allowedMethods],
+            ...(args.allowedModels ? { allowed_models: [...args.allowedModels] } : {}),
+            budget: {
+                unit: args.budget.unit ?? "aithos.mc",
+                per_user_cap: args.budget.perUserCap,
+                per_user_window_seconds: args.budget.perUserWindowSeconds === undefined
+                    ? null
+                    : args.budget.perUserWindowSeconds,
+                per_day_total_cap: args.budget.perDayTotalCap,
+                pool_cap_total: args.budget.poolCapTotal === undefined
+                    ? null
+                    : args.budget.poolCapTotal,
+            },
+            accounting_authority: { ...args.accountingAuthority },
+            not_before: nb.toISOString(),
+            not_after: na.toISOString(),
+            issued_at: new Date().toISOString(),
+            nonce,
+            signature: { alg: "ed25519", key: `${owner.did}#public`, value: "" },
+        };
+        const bytes = new TextEncoder().encode(jcsCanonicalize(unsigned));
+        const ownerPub = ownerKeyPair(owner, "public");
+        const sigBytes = sign(bytes, ownerPub.seed);
+        return {
+            ...unsigned,
+            signature: { ...unsigned.signature, value: base64url(sigBytes) },
+        };
+    }
+    /**
+     * Build and sign a §4.6 revocation document targeting a sponsorship
+     * mandate. Same upload caveat as `createSponsorshipMandate`.
+     */
+    async revokeSponsorshipMandate(mandate, reason) {
+        const owner = this.#requireOwner();
+        if (mandate.issuer !== owner.did) {
+            throw new AithosSDKError("invalid_input", `mandate.issuer (${mandate.issuer}) does not match signed-in owner (${owner.did}) — only the sponsor can revoke`);
+        }
+        const unsigned = {
+            "aithos-revocation": "0.1.0",
+            mandate_id: mandate.id,
+            mandate_kind: "sponsorship-mandate",
+            issuer: owner.did,
+            issued_by_key: `${owner.did}#public`,
+            revoked_at: new Date().toISOString(),
+            reason,
+            signature: { alg: "ed25519", key: `${owner.did}#public`, value: "" },
+        };
+        const bytes = new TextEncoder().encode(jcsCanonicalize(unsigned));
+        const ownerPub = ownerKeyPair(owner, "public");
+        const sigBytes = sign(bytes, ownerPub.seed);
+        return {
+            ...unsigned,
+            signature: { ...unsigned.signature, value: base64url(sigBytes) },
+        };
+    }
+    /**
+     * Stripe Checkout session for an `app-credits-*` pack. The session is
+     * bound to the calling owner's DID (which is treated as the app's
+     * funding DID — Option A unified wallet, see plan §3.4).
+     *
+     * Same endpoint and auth pattern as `sdk.wallet.createTopupSession`,
+     * just with the app-credits pack id family.
+     */
+    async createAppTopupSession(args) {
+        const { auth, endpoints, fetch: fetchImpl } = this.#deps;
+        const owner = auth._getOwnerSigners();
+        if (!owner || owner.destroyed) {
+            throw new AithosSDKError("sdk_no_owner", "no owner signed in; sign in first");
+        }
+        const url = walletTopupCheckoutUrl(endpoints);
+        let res;
+        try {
+            res = await fetchImpl(url, {
+                method: "POST",
+                headers: { "content-type": "application/json" },
+                body: JSON.stringify({
+                    // Same endpoint as user-pack top-ups. The Lambda's pack-table
+                    // distinguishes `app-credits-*` from `credits-*` and routes
+                    // the credit to the same `aithos-wallet-user` row keyed on
+                    // `user_did`, which for an app is its DID (= sdk.appDid).
+                    user_did: this.#deps.appDid,
+                    pack_id: args.packId,
+                    success_url: args.successUrl,
+                    cancel_url: args.cancelUrl,
+                }),
+                ...(args.signal ? { signal: args.signal } : {}),
+            });
+        }
+        catch (e) {
+            throw new AithosSDKError("network", e.message);
+        }
+        let body;
+        try {
+            body = await res.json();
+        }
+        catch {
+            throw new AithosSDKError("http", `HTTP ${res.status} ${res.statusText} — non-JSON response`, { status: res.status });
+        }
+        if (!res.ok) {
+            const err = body;
+            throw new AithosSDKError(err.error ?? "http", err.detail ?? `HTTP ${res.status} ${res.statusText}`, { status: res.status });
+        }
+        const ok = body;
+        if (typeof ok.checkout_url !== "string" ||
+            typeof ok.session_id !== "string") {
+            throw new AithosSDKError("empty", "wallet response missing checkout_url or session_id");
+        }
+        return { checkoutUrl: ok.checkout_url, sessionId: ok.session_id };
+    }
+    /**
+     * Build, sign, and PUBLISH a SponsorshipMandate to the authority's
+     * `aithos-app-sponsorships` table via `aithos.sponsorship_create`.
+     *
+     * Combines local signing (see {@link createSponsorshipMandate}) with the
+     * server upload step. After this resolves, the sponsorship is active —
+     * the next `sdk.compute.invokeBedrock` call targeting `args.audience.appDid`
+     * may be sponsored (subject to caps).
+     *
+     * Requires that the calling owner is the registered `owner_did` of
+     * `args.audience.appDid` in `aithos-auth-apps`; otherwise the server
+     * rejects with `-32042` "not the owner".
+     */
+    async publishSponsorship(args) {
+        const mandate = await this.createSponsorshipMandate(args);
+        const result = await this.#signedRpc({
+            method: "aithos.sponsorship_create",
+            params: { mandate },
+        });
+        return {
+            mandate,
+            sponsorshipId: result.sponsorship_id,
+            mandateHash: result.mandate_hash,
+            status: result.status,
+            createdAt: result.created_at,
+        };
+    }
+    /**
+     * Read the active sponsorship for an app. Open endpoint (no envelope
+     * required): the mandate is publicly signed and resolvable anyway.
+     *
+     * Returns `{ exists: false }` when no row exists for the app.
+     */
+    async getSponsorship(args) {
+        const { endpoints, fetch: fetchImpl } = this.#deps;
+        const url = computeInvokeUrl(endpoints);
+        let res;
+        try {
+            res = await fetchImpl(url, {
+                method: "POST",
+                headers: { "content-type": "application/json" },
+                body: JSON.stringify({
+                    jsonrpc: "2.0",
+                    id: "aithos.sponsorship_get",
+                    method: "aithos.sponsorship_get",
+                    params: { app_did: args.appDid },
+                }),
+                ...(args.signal ? { signal: args.signal } : {}),
+            });
+        }
+        catch (e) {
+            throw new AithosSDKError("network", e.message);
+        }
+        const body = (await res.json());
+        if (body.error) {
+            throw new AithosSDKError(String(body.error.code), body.error.message);
+        }
+        const r = body.result ?? {};
+        if (r.exists === false || !r.exists) {
+            return { exists: false };
+        }
+        return {
+            exists: true,
+            sponsorshipId: r.sponsorship_id,
+            mandate: r.mandate,
+            mandateHash: r.mandate_hash,
+            status: r.status,
+            poolConsumedLifetime: r.pool_consumed_lifetime ?? 0,
+            createdAt: r.created_at ?? 0,
+            lastUpdatedAt: r.last_updated_at ?? 0,
+        };
+    }
+    /**
+     * Revoke a published sponsorship by `app_did` + `sponsorship_id`. The
+     * row is marked `status: "revoked"` server-side; the routing cache is
+     * invalidated so the next compute call falls back to the user wallet.
+     */
+    async revokeSponsorship(args) {
+        const result = await this.#signedRpc({
+            method: "aithos.sponsorship_revoke",
+            params: {
+                app_did: args.appDid,
+                sponsorship_id: args.sponsorshipId,
+                reason: args.reason,
+            },
+            ...(args.signal ? { signal: args.signal } : {}),
+        });
+        return result;
+    }
+    /**
+     * Read the app's wallet balance (= the sponsor pool). Requires owner
+     * signature.
+     */
+    async getAppWalletBalance(args) {
+        const result = await this.#signedRpc({
+            method: "aithos.app_wallet_get_balance",
+            params: { app_did: args.appDid },
+            ...(args.signal ? { signal: args.signal } : {}),
+        });
+        return {
+            appDid: result.app_did,
+            exists: result.exists,
+            balance: result.balance,
+            balancePurchase: result.balance_purchase,
+            balanceGrant: result.balance_grant,
+            dailySpent: result.daily_spent,
+        };
+    }
+    /**
+     * Internal: sign an envelope with the calling owner's `#public` sphere
+     * and POST a JSON-RPC request to the compute proxy. Used by the
+     * sponsorship CRUD methods above. Mirrors `ComputeNamespace.#signAndPost`.
+     */
+    async #signedRpc(opts) {
+        const { endpoints, fetch: fetchImpl } = this.#deps;
+        const owner = this.#requireOwner();
+        const publicKp = ownerKeyPair(owner, "public");
+        const url = computeInvokeUrl(endpoints);
+        const envelope = buildSignedEnvelope({
+            iss: owner.did,
+            aud: url,
+            method: opts.method,
+            verificationMethod: `${owner.did}#public`,
+            params: opts.params,
+            signer: publicKp,
+        });
+        let res;
+        try {
+            res = await fetchImpl(url, {
+                method: "POST",
+                headers: { "content-type": "application/json" },
+                body: JSON.stringify({
+                    jsonrpc: "2.0",
+                    id: opts.method,
+                    method: opts.method,
+                    params: { ...opts.params, _envelope: envelope },
+                }),
+                ...(opts.signal ? { signal: opts.signal } : {}),
+            });
+        }
+        catch (e) {
+            throw new AithosSDKError("network", e.message);
+        }
+        if (!res.ok) {
+            throw new AithosSDKError("http", `HTTP ${res.status} ${res.statusText}`, { status: res.status });
+        }
+        const body = (await res.json());
+        if (body.error) {
+            throw new AithosSDKError(String(body.error.code), body.error.message, body.error.data ? { data: body.error.data } : undefined);
+        }
+        if (body.result === undefined) {
+            throw new AithosSDKError("empty", `empty result for ${opts.method}`);
+        }
+        return body.result;
+    }
+    #requireOwner() {
+        const owner = this.#deps.auth._getOwnerSigners();
+        if (!owner || owner.destroyed) {
+            throw new AithosSDKError("sdk_no_owner", "no owner signed in; sign in first");
+        }
+        return owner;
+    }
+}
+/* -------------------------------------------------------------------------- */
+/*  Validation                                                                */
+/* -------------------------------------------------------------------------- */
+function validateBudget(b) {
+    if (!Number.isInteger(b.perUserCap) || b.perUserCap < 0) {
+        throw new AithosSDKError("invalid_input", "budget.perUserCap must be a non-negative integer");
+    }
+    if (!Number.isInteger(b.perDayTotalCap) || b.perDayTotalCap < 0) {
+        throw new AithosSDKError("invalid_input", "budget.perDayTotalCap must be a non-negative integer");
+    }
+    if (b.perUserWindowSeconds !== undefined &&
+        b.perUserWindowSeconds !== null) {
+        if (!Number.isInteger(b.perUserWindowSeconds) ||
+            b.perUserWindowSeconds <= 0) {
+            throw new AithosSDKError("invalid_input", "budget.perUserWindowSeconds must be null or a positive integer");
+        }
+    }
+    if (b.poolCapTotal !== undefined && b.poolCapTotal !== null) {
+        if (!Number.isInteger(b.poolCapTotal) || b.poolCapTotal < 0) {
+            throw new AithosSDKError("invalid_input", "budget.poolCapTotal must be null or a non-negative integer");
+        }
+    }
+}
+function validateAudience(a) {
+    if (!a.appDid || typeof a.appDid !== "string") {
+        throw new AithosSDKError("invalid_input", "audience.appDid must be a DID string");
+    }
+    if (a.audienceSet === "open") {
+        if (a.consumers !== undefined) {
+            throw new AithosSDKError("invalid_input", "audience.consumers MUST be absent when audienceSet is 'open'");
+        }
+    }
+    else if (a.audienceSet === "list") {
+        if (!Array.isArray(a.consumers) || a.consumers.length === 0) {
+            throw new AithosSDKError("invalid_input", "audience.consumers MUST be a non-empty array when audienceSet is 'list'");
+        }
+    }
+    else {
+        throw new AithosSDKError("invalid_input", `audience.audienceSet must be 'open' or 'list' (got: ${String(a.audienceSet)})`);
+    }
+}
+/* -------------------------------------------------------------------------- */
+/*  ULID + JCS — local copies to avoid a runtime dep                          */
+/* -------------------------------------------------------------------------- */
+const ULID_ALPHABET = "0123456789ABCDEFGHJKMNPQRSTVWXYZ";
+function ulid(now = Date.now()) {
+    // 10 chars timestamp + 16 chars random = 26 chars
+    let timePart = "";
+    let t = now;
+    for (let i = 0; i < 10; i++) {
+        const mod = t % 32;
+        timePart = ULID_ALPHABET[mod] + timePart;
+        t = (t - mod) / 32;
+    }
+    let randPart = "";
+    for (let i = 0; i < 16; i++) {
+        randPart += ULID_ALPHABET[Math.floor(Math.random() * 32)];
+    }
+    return timePart + randPart;
+}
+function randomBytes(n) {
+    const out = new Uint8Array(n);
+    crypto.getRandomValues(out);
+    return out;
+}
+/**
+ * Minimal RFC-8785 (JCS) canonicalization. Sorts object keys
+ * lexicographically by code point, no whitespace, JSON.stringify for
+ * primitives. Matches the protocol-core canonicalize used to compute
+ * the hash the signature commits to.
+ */
+function jcsCanonicalize(value) {
+    return canonicalize(value);
+}
+//# sourceMappingURL=apps.js.map

package/dist/src/assets.d.ts

@@ -0,0 +1,208 @@
+/**
+ * `sdk.assets` — high-level API for the Aithos assets sub-protocol PDS.
+ *
+ * Stores binary content (images, PDFs, audio, video) owned by a
+ * subject, encrypted client-side under per-asset AMKs (Asset Master
+ * Keys), accessible to authorized apps via signed mandates (v0.2).
+ *
+ *     const assets = sdk.assets;
+ *     const avatar = await assets.upload({
+ *       bytes: pngBuffer,
+ *       mediaType: "image/png",
+ *       attachTo: { ethos: { zone: "public", sectionId: "sec_identity" } },
+ *     });
+ *     // avatar.url is a stable CloudFront URL (public asset)
+ *
+ *     const cv = await assets.upload({
+ *       bytes: pdfBuffer,
+ *       mediaType: "application/pdf",
+ *       attachTo: { ethos: { zone: "circle", sectionId: "sec_career_docs" } },
+ *     });
+ *     // cv is private: stored encrypted, fetched via short-lived presigned URL.
+ *
+ *     const bytes = await assets.fetch(cv.urn);
+ *     // decrypted plaintext returned to the caller
+ *
+ * The module wires:
+ *   - AMK generation + wrap (via @aithos/assets-crypto)
+ *   - Bytes encryption with the canonical nonce-prefix on-disk layout
+ *   - RecipientResolver (v0.2-ethos: maps {zone} → recipient set)
+ *   - Direct S3 PUT against the presigned URL returned by init_upload
+ *   - In-memory AMK cache (per asset URN) for sub-second re-fetches
+ *   - Signed envelope JSON-RPC dispatch to /mcp/primitives/{read,write}
+ *
+ * Spec ref: spec/assets/ in the aithos-protocol repo.
+ */
+import { type AssetMetadata, type AssetReference } from "@aithos/assets-crypto";
+export interface CreateAssetsClientArgs {
+    /** Base URL of the assets PDS. Defaults to `https://pds.aithos.be` (the
+     * production vanity domain) when omitted. Override for self-hosting/staging. */
+    readonly pdsUrl?: string;
+    /** Subject DID. */
+    readonly did: string;
+    /** Ed25519 sphere seed (32 bytes). */
+    readonly sphereSeed: Uint8Array;
+    /** Verification method URL within the DID document (e.g. `<did>#<multibase>` for did:key). */
+    readonly verificationMethod: string;
+    /** Optional fetch implementation. Defaults to globalThis.fetch. */
+    readonly fetch?: typeof fetch;
+    /**
+     * Optional override for the recipient resolver. By default the SDK
+     * uses a "self-only" resolver that maps every private upload to the
+     * subject's own X25519 sphere key. Apps that already orchestrate
+     * grantees explicitly may pass a custom resolver.
+     */
+    readonly recipientResolver?: RecipientResolver;
+}
+export interface AttachedContext {
+    readonly ethos?: {
+        readonly zone: "public" | "circle" | "self";
+        readonly sectionId?: string;
+    };
+    readonly data?: {
+        readonly collectionUrn: string;
+        readonly recordId?: string;
+        readonly field?: string;
+    };
+}
+export interface AssetUploadInput {
+    readonly bytes: Uint8Array;
+    readonly mediaType: string;
+    readonly attachTo?: AttachedContext;
+    /**
+     * OPTIONAL — force a regime. Defaults to "auto":
+     *   - ethos.zone === "public" → public
+     *   - anything else → private
+     */
+    readonly regime?: "auto" | "public" | "private";
+    /** OPTIONAL — strict forward secrecy at AMK rotation time. */
+    readonly forwardSecrecy?: "best_effort" | "strict";
+}
+export interface AssetUploadResult {
+    readonly urn: string;
+    readonly assetId: string;
+    readonly mediaType: string;
+    readonly sizeBytes: number;
+    readonly sha256OfPlaintext: string;
+    readonly encrypted: boolean;
+    /**
+     * Stable URL for public assets (CloudFront-served). Absent for
+     * private assets — fetch them via {@link AssetsClient.fetch}.
+     */
+    readonly url?: string;
+    /** Whether this URN was returned by intra-subject dedup (existing asset). */
+    readonly dedupHit: boolean;
+}
+export interface AssetFetchResult {
+    readonly urn: string;
+    readonly mediaType: string;
+    readonly sizeBytes: number;
+    readonly bytes: Uint8Array;
+    readonly sha256OfPlaintext: string;
+}
+export interface AssetBrief {
+    readonly urn: string;
+    readonly assetId: string;
+    readonly mediaType: string;
+    readonly sizeBytes: number;
+    readonly sha256OfPlaintext: string;
+    readonly encrypted: boolean;
+    readonly state: "ACTIVE" | "ORPHANED" | "TOMBSTONED";
+    readonly referenceCount: number;
+    readonly createdAt: string;
+    readonly modifiedAt: string;
+}
+export interface ListAssetsOpts {
+    readonly filter?: {
+        readonly mediaTypePrefix?: string;
+        readonly sizeBytes?: {
+            gte?: number;
+            lte?: number;
+        };
+        readonly createdAfter?: string;
+        readonly createdBefore?: string;
+    };
+    readonly limit?: number;
+    readonly cursor?: string;
+    readonly order?: "newest" | "oldest";
+    readonly includeOrphaned?: boolean;
+    readonly includeTombstoned?: boolean;
+}
+export interface ThumbnailUploadInput extends AssetUploadInput {
+    /** Long-edge sizes to produce (e.g. [64, 256]). */
+    readonly sizes: readonly number[];
+    /**
+     * Downscaler. The SDK does NOT bundle an image library; callers pass
+     * a function that takes the original bytes and a target size and
+     * returns downscaled bytes. Typical implementations: `pica` in the
+     * browser, `sharp` in Node.
+     */
+    readonly downscale: (bytes: Uint8Array, targetLongEdge: number) => Promise<Uint8Array>;
+}
+export interface ThumbnailUploadResult {
+    readonly primary: AssetUploadResult;
+    readonly thumbnails: readonly {
+        size: number;
+        result: AssetUploadResult;
+    }[];
+}
+/**
+ * Maps an attaching context to the set of recipients whose wraps the
+ * AMK must carry. The v0.1 default returns the subject's own X25519
+ * sphere key derived from the SDK's seed.
+ *
+ * v0.2 will introduce an Ethos-aware resolver that inspects the
+ * current manifest's `zones.<z>.cipher.wraps[]` (or, in v0.3, the
+ * per-section wraps) to mirror grantees on attached assets.
+ */
+export interface RecipientResolver {
+    resolve(input: {
+        subjectDid: string;
+        context: AttachedContext | undefined;
+    }): Promise<RecipientSet>;
+}
+export interface RecipientSet {
+    readonly recipients: ReadonlyArray<{
+        readonly didUrl: string;
+        readonly x25519PublicKey: Uint8Array;
+    }>;
+}
+export declare function createAssetsClient(args: CreateAssetsClientArgs): AssetsClient;
+export declare class AssetsClient {
+    #private;
+    constructor(args: CreateAssetsClientArgs);
+    upload(input: AssetUploadInput): Promise<AssetUploadResult>;
+    /**
+     * Upload a primary asset plus one or more thumbnails (downscaled
+     * client-side). Convenience method for the Deep avatar use case and
+     * any UI that displays the same asset at multiple resolutions.
+     *
+     * The thumbnails are attached to the same context as the primary
+     * and uploaded in parallel. They carry the {@link AssetReference}
+     * role `"thumbnail"` when referenced from a section (see
+     * spec/assets/03-asset-descriptors.md §3.2.3).
+     */
+    uploadWithThumbnails(input: ThumbnailUploadInput): Promise<ThumbnailUploadResult>;
+    fetch(urn: string): Promise<AssetFetchResult>;
+    head(urn: string): Promise<AssetMetadata>;
+    list(opts?: ListAssetsOpts): Promise<{
+        items: AssetBrief[];
+        nextCursor?: string;
+    }>;
+    ref(urn: string, reference: AssetReference): Promise<{
+        referenceCount: number;
+        gammaRef: string;
+    }>;
+    unref(urn: string, reference: AssetReference): Promise<{
+        referenceCount: number;
+        gammaRef: string;
+    }>;
+    listReferences(urn: string): Promise<AssetReference[]>;
+    delete(urn: string): Promise<{
+        tombstonedAt: string;
+        gammaRef: string;
+    }>;
+    /** Zero in-memory AMK cache. Useful at user logout. */
+    reset(): void;
+}
+//# sourceMappingURL=assets.d.ts.map