@alfe.ai/openclaw-sync 0.1.5 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.cts CHANGED
@@ -289,24 +289,125 @@ declare class AgentApiClient {
289
289
  clientSecret: string;
290
290
  displayName?: string;
291
291
  }>;
292
+ /**
293
+ * @deprecated Returns a single primary credential blob (legacy "pick-the-
294
+ * default-connection" shape). Use `getGithubAccounts()` for the multi-
295
+ * account shape required by Pattern A — explicit selector args on every
296
+ * tool. Retained because the `@alfe.ai/openclaw-github` proxy is the
297
+ * only consumer that knows about Pattern A; legacy env-interpolation
298
+ * callers will keep hitting `/credentials` until they move to the proxy.
299
+ */
292
300
  getGithubCredentials(): Promise<{
293
301
  login: string;
294
302
  accessToken: string;
295
303
  }>;
304
+ /**
305
+ * Pattern A: multi-account credential fetch for GitHub.
306
+ *
307
+ * Returns every agent-scoped GitHub connection. The caller is expected
308
+ * to require a `login` selector on every credential-touching tool and
309
+ * look up the matching account at dispatch time.
310
+ *
311
+ * GitHub OAuth tokens have no expiry (`tokenLifecycle: "no_expiry"`),
312
+ * so there is intentionally no `refreshGithubAccountToken` method — if
313
+ * a token is revoked the user must re-run the OAuth flow.
314
+ *
315
+ * Returned `accounts[i].login` is the GitHub username — the stable
316
+ * cross-session identifier the LLM should pass.
317
+ */
318
+ getGithubAccounts(): Promise<{
319
+ accounts: {
320
+ connectionId: string;
321
+ accountIdentifier: string;
322
+ displayName: string | null;
323
+ connectedAt: string;
324
+ accessToken: string;
325
+ login: string;
326
+ scopes: string;
327
+ }[];
328
+ }>;
329
+ /**
330
+ * @deprecated Returns a single primary credential blob (legacy "pick-the-
331
+ * default-connection" shape). Use `getXeroAccounts()` for the multi-
332
+ * account shape required by Pattern A — explicit selector args on every
333
+ * tool. This method will be removed once all consumers migrate.
334
+ */
296
335
  getXeroCredentials(): Promise<{
297
336
  accessToken: string;
298
337
  accessTokenExpiresAt: string;
299
338
  xeroTenantId: string;
300
339
  }>;
340
+ /**
341
+ * Pattern A: multi-account credential fetch for Xero. Returns every
342
+ * agent-scoped Xero connection. The caller is expected to require a
343
+ * selector arg (e.g. `xeroTenantId`) on every credential-touching tool
344
+ * and look up the matching account by that selector at dispatch time.
345
+ *
346
+ * Returned `accounts[i].accountIdentifier` is the Xero tenantId — the
347
+ * stable cross-session identifier the LLM should pass.
348
+ */
349
+ getXeroAccounts(): Promise<{
350
+ accounts: {
351
+ connectionId: string;
352
+ accountIdentifier: string;
353
+ displayName: string | null;
354
+ connectedAt: string;
355
+ accessToken: string;
356
+ accessTokenExpiresAt: string;
357
+ xeroTenantId: string;
358
+ }[];
359
+ }>;
301
360
  refreshXeroToken(): Promise<{
302
361
  accessToken: string;
303
362
  expiresAt: string;
304
363
  }>;
364
+ /**
365
+ * Pattern A: refresh a specific Xero connection by its `accountIdentifier`
366
+ * (the Xero `tenantId`). The legacy `refreshXeroToken()` only refreshes
367
+ * the *primary* connection, which is wrong for multi-tenant Xero where
368
+ * each tenant has its own non-interchangeable access token.
369
+ */
370
+ refreshXeroAccountToken(xeroTenantId: string): Promise<{
371
+ accessToken: string;
372
+ accessTokenExpiresAt: string;
373
+ expiresAt: string;
374
+ }>;
375
+ /**
376
+ * @deprecated Returns a single primary credential blob (legacy "pick-the-
377
+ * default-connection" shape). Use `getNotionAccounts()` for the multi-
378
+ * account shape required by Pattern A.
379
+ */
305
380
  getNotionCredentials(): Promise<{
306
381
  accessToken: string;
307
382
  workspaceId: string;
308
383
  workspaceName: string;
309
384
  }>;
385
+ /**
386
+ * Pattern A: multi-account credential fetch for Notion. Returns every
387
+ * agent-scoped Notion connection. The caller is expected to require a
388
+ * selector arg (e.g. `workspaceId`) on every credential-touching tool.
389
+ *
390
+ * Returned `accounts[i].accountIdentifier` is the Notion workspaceId.
391
+ */
392
+ getNotionAccounts(): Promise<{
393
+ accounts: {
394
+ connectionId: string;
395
+ accountIdentifier: string;
396
+ displayName: string | null;
397
+ connectedAt: string;
398
+ accessToken: string;
399
+ workspaceId: string;
400
+ workspaceName: string;
401
+ }[];
402
+ }>;
403
+ /**
404
+ * @deprecated Returns a single primary Atlassian Connection's credentials
405
+ * (one OAuth user, one cloudId) — the legacy "pick-the-default-connection"
406
+ * shape. Atlassian is multi-site by nature (each OAuth user may have
407
+ * access to multiple Cloud sites), so Pattern A plugins MUST use
408
+ * `getAtlassianAccounts()` to discover the full set and dispatch via
409
+ * the `cloudId` selector arg.
410
+ */
310
411
  getAtlassianCredentials(): Promise<{
311
412
  accessToken: string;
312
413
  refreshToken: string;
@@ -323,16 +424,177 @@ declare class AgentApiClient {
323
424
  accessToken: string;
324
425
  expiresAt: string;
325
426
  }>;
427
+ /**
428
+ * Pattern A: multi-account / multi-site credential fetch for Atlassian.
429
+ *
430
+ * Returns every agent-scoped Atlassian Connection. Each Connection is
431
+ * one OAuth user with a single access token and N accessible Cloud
432
+ * sites (`availableSites`). The caller is expected to:
433
+ *
434
+ * 1. Flatten (connection × cloudId) into one MCP child per site.
435
+ * 2. Require a `cloudId` selector on every credential-touching tool.
436
+ * 3. Use the access token bound to the Connection that owns the
437
+ * requested `cloudId` (Atlassian shares one access token across
438
+ * all sites accessible to the OAuth user).
439
+ *
440
+ * Per-account token refresh uses `refreshAtlassianAccountToken(email)`
441
+ * — refreshing one Connection rotates its single access token, which
442
+ * then applies to every cloudId for that Connection.
443
+ *
444
+ * Returned `accounts[i].accountIdentifier` is the OAuth user's email
445
+ * — the stable cross-session identifier for refresh purposes. The LLM
446
+ * never sees this directly: it picks a site via the `cloudId` arg
447
+ * instead.
448
+ */
449
+ getAtlassianAccounts(): Promise<{
450
+ accounts: {
451
+ connectionId: string;
452
+ accountIdentifier: string;
453
+ displayName: string | null;
454
+ connectedAt: string;
455
+ accessToken: string;
456
+ accessTokenExpiresAt: string;
457
+ clientId: string;
458
+ clientSecret: string;
459
+ cloudId: string;
460
+ siteName: string;
461
+ siteUrl: string;
462
+ availableSites: {
463
+ id: string;
464
+ url: string;
465
+ name: string;
466
+ scopes?: string[];
467
+ avatarUrl?: string;
468
+ }[];
469
+ }[];
470
+ }>;
471
+ /**
472
+ * Pattern A: refresh a specific Atlassian Connection by `accountIdentifier`
473
+ * (the OAuth user's email).
474
+ *
475
+ * Atlassian rotates refresh tokens (`rotatesRefreshToken: true`); the
476
+ * server-side per-account refresh endpoint handles rotation and
477
+ * persistence. Refreshing one Connection updates its single access
478
+ * token, which applies to every accessible Cloud site (cloudId) for
479
+ * that OAuth user.
480
+ *
481
+ * Returns the new access token + expiry. The proxy is responsible for
482
+ * fanning the new token out to every child server it spawned for
483
+ * cloudIds owned by this Connection.
484
+ */
485
+ refreshAtlassianAccountToken(accountIdentifier: string): Promise<{
486
+ accessToken: string;
487
+ accessTokenExpiresAt: string;
488
+ expiresAt: string;
489
+ }>;
490
+ /**
491
+ * @deprecated Returns a single primary credential blob (legacy "pick-the-
492
+ * default-connection" shape). Use `getMYOBAccounts()` for the multi-
493
+ * account shape required by Pattern A.
494
+ */
326
495
  getMYOBCredentials(): Promise<{
327
496
  accessToken: string;
328
497
  accessTokenExpiresAt: string;
329
498
  myobBusinessId: string;
330
499
  clientId: string;
331
500
  }>;
501
+ /**
502
+ * Pattern A: multi-account credential fetch for MYOB. Returns every
503
+ * agent-scoped MYOB connection. The caller is expected to require a
504
+ * selector arg (e.g. `myobBusinessId` / `accountIdentifier`) on every
505
+ * credential-touching tool.
506
+ *
507
+ * Returned `accounts[i].accountIdentifier` is the MYOB businessId.
508
+ */
509
+ getMYOBAccounts(): Promise<{
510
+ accounts: {
511
+ connectionId: string;
512
+ accountIdentifier: string;
513
+ displayName: string | null;
514
+ connectedAt: string;
515
+ accessToken: string;
516
+ accessTokenExpiresAt: string;
517
+ myobBusinessId: string;
518
+ clientId: string;
519
+ }[];
520
+ }>;
332
521
  refreshMYOBToken(): Promise<{
333
522
  accessToken: string;
334
523
  expiresAt: string;
335
524
  }>;
525
+ /**
526
+ * Microsoft 365 (delegated OAuth) credential fetch — single-account shape.
527
+ *
528
+ * @deprecated Use `getMicrosoftAccounts()` and dispatch via the `email`
529
+ * selector once per-account plugins land. Retained because the existing
530
+ * `integrations/connect/microsoft/hooks/post_activate.mjs` writes
531
+ * `mgc` credentials for the single (default) Microsoft account.
532
+ *
533
+ * Returns the agent's effective Microsoft delegated-OAuth credentials.
534
+ * Distinct from `getTeamsCredentials()` (Azure bot credentials for the
535
+ * Teams adapter, which is admin-consent flow on services/microsoft, not
536
+ * delegated OAuth on services/connect).
537
+ */
538
+ getMicrosoftCredentials(): Promise<{
539
+ accessToken: string;
540
+ accessTokenExpiresAt?: string;
541
+ refreshToken: string;
542
+ clientId: string;
543
+ clientSecret: string;
544
+ email?: string;
545
+ microsoftTenantId?: string;
546
+ workspaceDomain?: string;
547
+ }>;
548
+ /**
549
+ * Pattern A: multi-account credential fetch for Microsoft 365.
550
+ *
551
+ * Returns every agent-scoped Microsoft connection. The caller is expected
552
+ * to require an `email` selector on every credential-touching tool and
553
+ * look up the matching account at dispatch time.
554
+ *
555
+ * Returned `accounts[i].accountIdentifier` is the user's primary email
556
+ * (or the tid claim as fallback) — the stable cross-session identifier
557
+ * the LLM should pass.
558
+ *
559
+ * Per-account token refresh is exposed via `refreshMicrosoftAccountToken`,
560
+ * NOT `refreshXeroAccountToken` — Microsoft refresh tokens are not
561
+ * interchangeable across (tenant, user) pairs.
562
+ */
563
+ getMicrosoftAccounts(): Promise<{
564
+ accounts: {
565
+ connectionId: string;
566
+ accountIdentifier: string;
567
+ displayName: string | null;
568
+ connectedAt: string;
569
+ accessToken: string;
570
+ accessTokenExpiresAt: string;
571
+ refreshToken: string;
572
+ clientId: string;
573
+ clientSecret: string;
574
+ email: string;
575
+ microsoftTenantId: string;
576
+ workspaceDomain: string;
577
+ }[];
578
+ }>;
579
+ /**
580
+ * Pattern A: refresh a specific Microsoft 365 connection by its
581
+ * `accountIdentifier`. For Microsoft, `accountIdentifier` is the user's
582
+ * email when the Graph profile fetch succeeded at connect time, and the
583
+ * Azure tenant id (`tid` claim) as fallback. Callers should pass the
584
+ * value returned by `getMicrosoftAccounts()` rather than synthesising
585
+ * an email locally.
586
+ *
587
+ * Microsoft refresh tokens are bound to a specific (tenant, user) pair —
588
+ * they are NOT interchangeable across accounts, so per-account refresh
589
+ * is mandatory. The generic /accounts/{accountIdentifier}/refresh
590
+ * endpoint walks the agent's full visible scope chain to find a matching
591
+ * connection (works for inherited team/project Microsoft connections).
592
+ */
593
+ refreshMicrosoftAccountToken(accountIdentifier: string): Promise<{
594
+ accessToken: string;
595
+ accessTokenExpiresAt: string;
596
+ expiresAt: string;
597
+ }>;
336
598
  getTeamsCredentials(): Promise<{
337
599
  agentId: string;
338
600
  tenantId: string;
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.cts","names":["ChangelogAction","ChangelogActor","ChangelogEntry","ChangelogEntry$1","EncryptedEnvelopeV1","EncryptedEnvelopeV1$1","Field","FieldEnvelope","FieldEnvelope$1","FieldFormat","FieldFormat$1","FieldSensitivity","FieldSensitivity$1","FieldView","GeneratedDataKey","GeneratedDataKey$1","IntegrationConfigResult","IntegrationConfigResult$1","IntegrationConfigSchemaField","IntegrationInstall","IntegrationInstall$1","RegistryEntry","RegistryEntry$1","ScopeInfo","ScopeInfo$1","SecretAggregate","SecretAggregate$1","SecretCategory","SecretCategory$1","SecretMetadata","SecretMetadata$1","SecretScope","SecretScope$1","AgentApiClientConfig","SyncAgentInfo","SyncManifestEntry","SyncManifest","Record","SyncPresignedUrl","SyncConfirmedUpload","SyncReconstructFile","SyncReconstructBundle","SyncAgentStats","SyncFileEntry","SyncSessionEntry","SyncSessionContent","SharedFileEntry","AgentApiClient","Promise"],"sources":["../src/manifest.ts","../src/ignore.ts","../../agent-api-client/dist/index.d.ts","../src/sync-engine.ts","../src/watcher.ts","../src/uploader.ts","../src/downloader.ts","../src/retry.ts","../src/shared-sync.ts"],"sourcesContent":["import { ChangelogAction, ChangelogActor, ChangelogEntry, ChangelogEntry as ChangelogEntry$1, EncryptedEnvelopeV1, EncryptedEnvelopeV1 as EncryptedEnvelopeV1$1, Field, FieldEnvelope, FieldEnvelope as FieldEnvelope$1, FieldFormat, FieldFormat as FieldFormat$1, FieldSensitivity, FieldSensitivity as FieldSensitivity$1, FieldView, GeneratedDataKey, GeneratedDataKey as GeneratedDataKey$1, IntegrationConfigResult, IntegrationConfigResult as IntegrationConfigResult$1, IntegrationConfigSchemaField, IntegrationInstall, IntegrationInstall as IntegrationInstall$1, RegistryEntry, RegistryEntry as RegistryEntry$1, ScopeInfo, ScopeInfo as ScopeInfo$1, SecretAggregate, SecretAggregate as SecretAggregate$1, SecretCategory, SecretCategory as SecretCategory$1, SecretMetadata, SecretMetadata as SecretMetadata$1, SecretScope, SecretScope as SecretScope$1 } from \"@alfe/types\";\n\n//#region src/index.d.ts\n\ninterface AgentApiClientConfig {\n apiKey: string;\n apiUrl: string;\n}\ninterface SyncAgentInfo {\n agentId: string;\n tenantId: string;\n displayName: string;\n s3Prefix: string;\n status: \"stale\" | \"syncing\" | \"synced\";\n fileCount?: number;\n totalSize?: number;\n lastSync?: string;\n}\ninterface SyncManifestEntry {\n hash: string;\n size: number;\n modified: string;\n etag?: string;\n storageClass?: string;\n compressed?: boolean;\n}\ninterface SyncManifest {\n version: 1;\n agentId: string;\n lastSync: string;\n files: Record<string, SyncManifestEntry>;\n}\ninterface SyncPresignedUrl {\n path: string;\n url: string;\n expiresAt: string;\n}\ninterface SyncConfirmedUpload {\n filePath: string;\n hash: string;\n size: number;\n storageClass: \"STANDARD\" | \"GLACIER_IR\";\n syncedAt: string;\n}\ninterface SyncReconstructFile {\n path: string;\n size: number;\n url: string;\n storageClass?: string;\n compressed?: boolean;\n}\ninterface SyncReconstructBundle {\n agentId: string;\n mode: \"full\" | \"active\" | \"memory\";\n fileCount: number;\n totalSize: number;\n files: SyncReconstructFile[];\n expiresAt: string;\n}\ninterface SyncAgentStats {\n agentId: string;\n standardBytes: number;\n glacierBytes: number;\n fileCount: number;\n lastSyncAt: string | null;\n}\ninterface SyncFileEntry {\n filePath: string;\n size: number;\n modified: string;\n contentHash: string;\n storageClass?: string;\n compressed?: boolean;\n}\ninterface SyncSessionEntry {\n sessionId: string;\n size: number;\n lastModified: string;\n storageClass?: string;\n isArchived: boolean;\n}\ninterface SyncSessionContent {\n sessionId: string;\n content: string;\n compressed: boolean;\n}\ninterface SharedFileEntry {\n filePath: string;\n fileName: string;\n size: number;\n contentType?: string;\n}\ndeclare class AgentApiClient {\n private readonly apiKey;\n private readonly apiUrl;\n constructor(config: AgentApiClientConfig);\n private request;\n syncRegister(args?: {\n displayName?: string;\n }): Promise<{\n agent: SyncAgentInfo;\n }>;\n syncGetManifest(): Promise<SyncManifest>;\n syncPresign(args: {\n files: {\n path: string;\n operation: \"put\" | \"get\";\n contentType?: string;\n }[];\n }): Promise<{\n urls: SyncPresignedUrl[];\n }>;\n syncConfirmUpload(args: {\n filePath: string;\n hash: string;\n size: number;\n storageClass?: \"STANDARD\" | \"GLACIER_IR\";\n }): Promise<SyncConfirmedUpload>;\n syncReconstruct(args: {\n mode: \"full\" | \"active\" | \"memory\";\n }): Promise<SyncReconstructBundle>;\n syncGetStats(): Promise<SyncAgentStats>;\n syncListFiles(args?: {\n prefix?: string;\n }): Promise<{\n files: SyncFileEntry[];\n }>;\n syncListSessions(): Promise<{\n sessions: SyncSessionEntry[];\n }>;\n syncGetSession(sessionId: string): Promise<SyncSessionContent>;\n syncDeleteFile(filePath: string): Promise<{\n removed: boolean;\n }>;\n sharedListFiles(args: {\n scope: \"org\" | \"team\" | \"project\";\n scopeId: string;\n }): Promise<{\n files: SharedFileEntry[];\n nextCursor: string | null;\n }>;\n sharedDownloadUrl(args: {\n scope: \"org\" | \"team\" | \"project\";\n scopeId: string;\n filePath: string;\n }): Promise<{\n downloadUrl: string;\n expiresIn: number;\n }>;\n listIntegrations(): Promise<IntegrationInstall$1[]>;\n getIntegrationConfig(integrationId: string): Promise<IntegrationConfigResult$1>;\n updateIntegrationConfig(integrationId: string, config: Record<string, unknown>): Promise<void>;\n installIntegration(integrationId: string, options?: {\n version?: string;\n config?: Record<string, unknown>;\n }): Promise<IntegrationInstall$1>;\n removeIntegration(integrationId: string): Promise<IntegrationInstall$1>;\n getOAuthUrl(provider: string, scopes?: string[]): Promise<{\n url: string;\n provider: string;\n expiresIn: number;\n }>;\n getOAuthStatus(provider: string): Promise<{\n provider: string;\n connected: boolean;\n config?: Record<string, string>;\n }>;\n getRegistry(): Promise<{\n integrations: RegistryEntry$1[];\n }>;\n /**\n * Returns every connected Google account for the agent. Multi-account by\n * design — the openclaw-google plugin requires the LLM to pass `email`\n * explicitly to `google_run_command` so an account is always selected\n * deliberately.\n *\n * 2026-05-14 (connections-redesign PR 1): the legacy flat shape (`email`,\n * `refreshToken`, `accessToken`, etc., populated from the default account)\n * is gone. Iterate over `accounts`.\n */\n getGoogleCredentials(): Promise<{\n accounts: {\n email: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n displayName?: string;\n connectedAt?: string;\n }[];\n }>;\n disconnectGoogleAccount(email: string): Promise<{\n accounts: {\n email: string;\n displayName?: string;\n connectedAt?: string;\n }[];\n }>;\n getGoogleChatCredentials(): Promise<{\n email: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n displayName?: string;\n }>;\n getGithubCredentials(): Promise<{\n login: string;\n accessToken: string;\n }>;\n getXeroCredentials(): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n xeroTenantId: string;\n }>;\n refreshXeroToken(): Promise<{\n accessToken: string;\n expiresAt: string;\n }>;\n getNotionCredentials(): Promise<{\n accessToken: string;\n workspaceId: string;\n workspaceName: string;\n }>;\n getAtlassianCredentials(): Promise<{\n accessToken: string;\n refreshToken: string;\n accessTokenExpiresAt: string;\n cloudId: string;\n siteName: string;\n siteUrl: string;\n email: string;\n enabledProducts: string[];\n clientId: string;\n clientSecret: string;\n }>;\n refreshAtlassianToken(): Promise<{\n accessToken: string;\n expiresAt: string;\n }>;\n getMYOBCredentials(): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n myobBusinessId: string;\n clientId: string;\n }>;\n refreshMYOBToken(): Promise<{\n accessToken: string;\n expiresAt: string;\n }>;\n getTeamsCredentials(): Promise<{\n agentId: string;\n tenantId: string;\n azureAppId: string;\n azureBotId: string;\n azureClientSecret: string;\n botDisplayName?: string;\n teamsTenantId?: string;\n serviceUrl?: string;\n }>;\n sendTeamsMessage(data: {\n conversationId: string;\n text?: string;\n adaptiveCard?: Record<string, unknown>;\n }): Promise<{\n ok: boolean;\n activityId: string;\n }>;\n listTeamsChannels(): Promise<{\n channels: {\n id: string;\n name: string;\n description?: string;\n }[];\n }>;\n presignAttachments(files: {\n filename: string;\n mimeType: string;\n size: number;\n }[]): Promise<{\n attachments: {\n id: string;\n uploadUrl: string;\n downloadUrl: string;\n s3Key: string;\n expiresAt: string;\n }[];\n }>;\n recordActivity(data: {\n userId?: string;\n channel: string;\n role: \"user\" | \"assistant\";\n }): Promise<{\n recorded: boolean;\n }>;\n /**\n * Mint a fresh AES-256 data key for a specific (secret, field) pair. The\n * encryption context is rebuilt server-side from `auth.tenantId` + the body\n * fields including `fieldKey`; the agent cannot forge context for a scope\n * or field it doesn't own. Legacy single-envelope secrets are migrated to\n * `field#value` rows by the data migration, so call with `fieldKey: \"value\"`\n * to reach them.\n */\n generateSecretDataKey(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n }): Promise<GeneratedDataKey$1>;\n /**\n * Unwrap a wrapped data key so the agent can decrypt the envelope locally.\n * `fieldKey` MUST match the value supplied when the data key was generated\n * (it's bound into KMS encryption context); mismatch fails with\n * `InvalidCiphertextException`.\n */\n decryptSecretDataKey(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n dataKeyCiphertext: string;\n }): Promise<{\n plaintextKey: string;\n }>;\n /**\n * Create a new secret with one or more fields. Encrypted fields must arrive\n * pre-sealed (the agent has already obtained per-field data keys via\n * `generateSecretDataKey({ ..., fieldKey })` and AES-encrypted locally).\n * Plaintext fields ship the value inline.\n */\n createSecret(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n secretName: string;\n category?: SecretCategory$1;\n description?: string;\n tags?: string[];\n fields: {\n key: string;\n format?: FieldFormat$1;\n sensitivity: FieldSensitivity$1;\n value?: string;\n envelope?: EncryptedEnvelopeV1$1;\n }[];\n reason?: string;\n }): Promise<SecretAggregate$1>;\n /** Fetch the secret aggregate plus per-field encrypted envelopes. */\n getSecret(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n }): Promise<{\n aggregate: SecretAggregate$1;\n envelopes: FieldEnvelope$1[];\n }>;\n /** Fetch one field. Plaintext: value inline. Encrypted: envelope. */\n getSecretField(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n }): Promise<{\n key: string;\n sensitivity: FieldSensitivity$1;\n format?: FieldFormat$1;\n value?: string;\n envelope?: EncryptedEnvelopeV1$1;\n rotatedAt?: string;\n createdAt: string;\n updatedAt: string;\n }>;\n /** Add OR rotate one field. */\n setSecretField(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n sensitivity: FieldSensitivity$1;\n format?: FieldFormat$1;\n value?: string;\n envelope?: EncryptedEnvelopeV1$1;\n reason?: string;\n }): Promise<{\n fieldKey: string;\n rotated: boolean;\n }>;\n /** Remove one field. */\n removeSecretField(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n }): Promise<void>;\n /** Update secret-level metadata (name/description/tags/category). */\n updateSecretMetadata(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n secretName?: string;\n description?: string;\n tags?: string[];\n category?: SecretCategory$1;\n reason?: string;\n }): Promise<SecretAggregate$1>;\n /** List metadata for secrets in a scope. Optional filters route through the byFacet GSI. */\n listSecrets(args: {\n scope: SecretScope$1;\n scopeId: string;\n category?: SecretCategory$1;\n tag?: string;\n fieldKey?: string;\n }): Promise<SecretMetadata$1[]>;\n /** Bounded changelog read — metadata-only audit entries. */\n getSecretHistory(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n limit?: number;\n cursor?: string;\n }): Promise<{\n entries: ChangelogEntry$1[];\n nextCursor?: string;\n }>;\n /** Delete a secret (and all its field rows + tag rows + changelog rows). */\n deleteSecret(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n }): Promise<void>;\n /** Enumerate scopes (org/team/project/agent) this agent can access. */\n listSecretScopes(): Promise<ScopeInfo$1[]>;\n /**\n * Returns the calling agent's own identity context — `{ agentId, tenantId }`\n * decoded server-side from the agent API token. Used by the\n * `@alfe.ai/openclaw-identity` plugin to bootstrap context when the\n * OpenClaw daemon doesn't plumb `ctx.agentId` through to plugin hooks.\n * Plugins should cache this for the daemon's lifetime (single-agent-per-\n * process invariant). One HTTP round-trip per process activate; not for\n * per-call use.\n */\n whoami(): Promise<{\n agentId: string;\n tenantId: string;\n }>;\n resolveIdentity(args: {\n provider: string;\n platformId: string;\n kind?: \"user\" | \"agent\" | \"service\" | \"bot\" | \"workspace\";\n displayName?: string;\n }): Promise<{\n identityId: string | null;\n status: string;\n created?: boolean;\n reason?: string;\n /**\n * Flattened auriclabs permission strings for the resolved identity\n * (scope-prefixed where applicable). Empty array on miss / org service\n * outage — the runtime gate fails closed in that case.\n */\n permissions: string[];\n }>;\n searchIdentities(args?: {\n q?: string;\n status?: string;\n limit?: number;\n }): Promise<{\n identities: unknown[];\n }>;\n getIdentityContext(identityId: string): Promise<{\n context: unknown;\n }>;\n mergeIdentities(survivorId: string, args: {\n mergedId: string;\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n error?: string;\n }>;\n unmergeIdentity(identityId: string, args: {\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n error?: string;\n }>;\n addIdentityNote(identityId: string, args: {\n content: string;\n category?: string;\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n noteId: string | null;\n }>;\n tagIdentity(identityId: string, args: {\n tag: string;\n action: \"add\" | \"remove\";\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n }>;\n getIdentityChangelog(identityId: string, args?: {\n limit?: number;\n }): Promise<{\n entries: unknown[];\n }>;\n rollbackIdentity(identityId: string, args: {\n targetVersion: number;\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n entry?: unknown;\n }>;\n requestIdentityVerification(args: {\n claimedIdentityId: string;\n requestingIdentityId: string;\n requestingProvider: string;\n requestingPlatformId: string;\n preferredChannel?: \"mobile\" | \"email\";\n /**\n * Phase 2: agent-supplied contact endpoint. When provided, the top-level\n * `preferredChannel` is ignored — the contact's channel wins.\n */\n contact?: {\n channel: \"email\" | \"mobile\";\n value: string;\n };\n }): Promise<{\n verificationId: string;\n channel: string;\n deliveredTo: string;\n expiresAt: string;\n availableChannels: {\n channel: string;\n deliveredTo: string;\n }[];\n } | {\n error: string;\n }>;\n confirmIdentityVerification(args: {\n claimedIdentityId: string;\n verificationId: string;\n phrase: string;\n }): Promise<{\n verified: boolean;\n identityId?: string;\n /** Phase 2: how the confirm resolved — Scenario A vs B. */\n action?: \"merged\" | \"contact_verified\";\n error?: string;\n }>;\n /**\n * Update display-shape fields on an Identity. Body excludes `email` /\n * `phone` / `title` / `company` / `metadata` per Section D4 — contacts go\n * via the verify flow, title/company live on OrgMembership, metadata is\n * not agent-writable.\n */\n updateIdentity(identityId: string, args: {\n name?: string;\n avatarUrl?: string;\n timezone?: string;\n locale?: string;\n }): Promise<{\n ok: boolean;\n }>;\n /**\n * Phase 2 (Section H): server-side verification of a Google Chat sender via\n * the agent's existing Google OAuth credentials. Returns the resolved\n * identity (created or matched via Scenario-B email enrichment).\n */\n resolveGoogleChatSender(args: {\n senderUserId: string;\n spaceId?: string;\n }): Promise<{\n identityId: string | null;\n status: string;\n }>;\n memorySearch(query: string, opts?: {\n limit?: number;\n topic?: string;\n subtopic?: string;\n tag?: string;\n includeKnowledge?: boolean;\n }): Promise<{\n facts: {\n subject: string;\n predicate: string;\n object: string;\n since: string;\n confidence: number;\n }[];\n memories: {\n id: string;\n text: string;\n topic: string;\n subtopic: string;\n tag: string;\n importance: number;\n timestamp: number;\n score: number;\n }[];\n }>;\n memoryStore(text: string, opts?: {\n topic?: string;\n subtopic?: string;\n tag?: string;\n importance?: number;\n }): Promise<{\n memoryId: string;\n }>;\n memoryIngest(sessionKey: string, messages: {\n role: string;\n content: string;\n index: number;\n timestamp?: string;\n }[], metadata?: {\n channelId?: string;\n userId?: string;\n userName?: string;\n }): Promise<{\n queued: boolean;\n messageCount: number;\n }>;\n memoryLoadContext(tier?: number, topicHint?: string): Promise<{\n formatted: string;\n [key: string]: unknown;\n }>;\n memoryLookupEntity(subject: string): Promise<{\n subject: string;\n triples: {\n tripleId: string;\n predicate: string;\n object: string;\n validFrom: string;\n validTo?: string;\n confidence: number;\n }[];\n }>;\n memoryNavigate(): Promise<{\n topics: {\n name: string;\n tripleCount: number;\n subtopics: string[];\n }[];\n cursor: string | null;\n }>;\n memoryDelete(memoryId: string): Promise<{\n deleted: boolean;\n }>;\n memoryStats(): Promise<{\n vectorCount: number;\n tripleCount: number;\n storageEstimateBytes: number;\n lastIngestionAt?: string;\n }>;\n memoryLearn(args: {\n text: string;\n source?: string;\n sourceType?: \"file\" | \"url\" | \"inline\";\n metadata?: {\n sessionId?: string;\n channelId?: string;\n userName?: string;\n };\n }): Promise<{\n memoriesStored: number;\n triplesStored: number;\n chunks: number;\n source?: string;\n }>;\n memoryBootstrapStatus(): Promise<{\n synced: boolean;\n syncedAt?: string;\n }>;\n memoryBootstrapStatusMark(): Promise<{\n synced: true;\n syncedAt: string;\n }>;\n searchWeb(params: {\n query: string;\n count?: number;\n offset?: number;\n country?: string;\n freshness?: string;\n }): Promise<unknown>;\n searchImages(params: {\n query: string;\n count?: number;\n }): Promise<unknown>;\n searchNews(params: {\n query: string;\n count?: number;\n freshness?: string;\n }): Promise<unknown>;\n registerDatabaseCredentials(): Promise<{\n connectionString: string;\n username: string;\n password: string;\n databases: string[];\n }>;\n reportDatabaseAudit(entry: {\n database: string;\n collection: string;\n operation: string;\n summary?: string;\n }): Promise<void>;\n}\n//# sourceMappingURL=index.d.ts.map\n//#endregion\nexport { AgentApiClient, AgentApiClientConfig, type ChangelogAction, type ChangelogActor, type ChangelogEntry, type EncryptedEnvelopeV1, type Field, type FieldEnvelope, type FieldFormat, type FieldSensitivity, type FieldView, type GeneratedDataKey, type IntegrationConfigResult, type IntegrationConfigSchemaField, type IntegrationInstall, type RegistryEntry, type ScopeInfo, type SecretAggregate, type SecretCategory, type SecretMetadata, type SecretScope, SharedFileEntry, SyncAgentInfo, SyncAgentStats, SyncConfirmedUpload, SyncFileEntry, SyncManifest, SyncManifestEntry, SyncPresignedUrl, SyncReconstructBundle, SyncReconstructFile, SyncSessionContent, SyncSessionEntry };\n//# sourceMappingURL=index.d.ts.map"],"mappings":";;;;;;;;;AAyBA;AAOA;;;;;AAIA;AAiBiB,UA5BA,aAAA,CA4BY;EA4BP,IAAA,EAAA,MAAA;EAAY,IAAA,EAAA,MAAA;YAEvB,EAAA,MAAA;cAAR,EAAA,UAAA,GAAA,YAAA;;AAmBmB,UAtEL,aAAA,CAsEkB;EAAA,KAAA,EArE1B,MAqE0B,CAAA,MAAA,EArEX,aAqEW,CAAA;;AAGhC,UArEc,cAAA,CAqEd;EAAO,OAAA,EAAA,CAAA;EAUY,OAAA,EAAA,MAAA;EAAmB,QAAA,EAAA,MAAA;OAGhC,EA9EA,MA8EA,CAAA,MAAA,EAAA;IACN,IAAA,EAAA,MAAA;IAAO,IAAA,EAAA,MAAA;IASY,QAAA,EAAA,MAAA;IAgBA,IAAA,CAAA,EAAA,MAAA;IAgBN,YAAa,CAAA,EAAA,MAAA;IAAA,UAAA,CAAA,EAAA,OAAA;;;AAG1B,UA9Gc,YAAA,CA8Gd;EAAY;;;;EC3EO;EA8BN,SAAA,EAAA,MAAY,EAAA;EAiBZ;;;;ACvIo1B;AAIt0B;AAIP;AAUI;;;AAYlBqC,iBFmDa,YAAA,CEnDbA,aAAAA,EAAAA,MAAAA,CAAAA,EFqDN,OErDMA,CFqDE,aErDFA,CAAAA;;AAAM;AAEW;AAKG;AAcnBI,iBFmDY,aAAA,CEnDS,aAKtBD,EAAAA,MAAmB,EAAA,QAAA,EFgDhB,aEhDgB,CAAA,EFiDzB,OEjDyB,CAAA,IAAA,CAAA;AAAA;AAGJ;AAOD;AAebK,iBFkCY,mBAAA,CElCM,aAAA,EAAA,MAAA,EAAA,YAAA,EAAA,MAAA,EAAA,KAAA,EFqCnB,aErCmB,CAAA,EFsCzB,OEtCyB,CAAA,IAAA,CAAA;AAAA;AAKH;;AASHZ,iBFiCA,mBAAA,CEjCAA,aAAAA,EAAAA,MAAAA,EAAAA,YAAAA,EAAAA,MAAAA,CAAAA,EFoCnB,OEpCmBA,CAAAA,IAAAA,CAAAA;;;;;AAeZK,iBFkCY,eAAA,CElCZA,QAAAA,EAAAA,MAAAA,CAAAA,EFkC+C,OElC/CA,CAAAA,MAAAA,CAAAA;;;;;;AAWgBI,iBFuCV,aAAA,CEvCUA,KAAAA,EFwCjB,aExCiBA,EAAAA,MAAAA,EFyChB,cEzCgBA,CAAAA,EF0CvB,YE1CuBA;;;;iBDjCJ,kBAAA,yBAEnB;iBA4Ba,YAAA;AD7FC,iBC8GD,aAAA,CD9Gc,KAAA,EAAA,MAAA,EAAA,EAAA,QAAA,EAAA,MAAA,EAAA,CAAA,EAAA,MAAA,EAAA;AAO9B;;;;;AAPA,UErBUT,oBAAAA,CFqBoB;EAO9B,MAAiB,EAAA,MAAA;EAAa,MAAA,EAAA,MAAA;;UExBpBC,aAAAA,CFyBD;EAAM,OAAA,EAAA,MAAA;EAGf,QAAiB,EAAA,MAAA;EAiBjB,WAAiB,EAAA,MAAY;EA4B7B,QAAsB,EAAA,MAAA;EAAY,MAAA,EAAA,OAAA,GAAA,SAAA,GAAA,QAAA;WAEvB,CAAA,EAAA,MAAA;WAAR,CAAA,EAAA,MAAA;EAAO,QAAA,CAAA,EAAA,MAAA;AAmBV;UEpFUC,iBAAAA,CFoFyB;QAEvB,MAAA;QACT,MAAA;EAAO,QAAA,EAAA,MAAA;EAUV,IAAsB,CAAA,EAAA,MAAA;EAAmB,YAAA,CAAA,EAAA,MAAA;YAGhC,CAAA,EAAA,OAAA;;UE5FCC,YAAAA,CF6FA;EASV,OAAsB,EAAA,CAAA;EAgBtB,OAAsB,EAAA,MAAA;EAgBtB,QAAgB,EAAA,MAAA;EAAa,KAAA,EElIpBC,MFkIoB,CAAA,MAAA,EElILF,iBFkIK,CAAA;;UEhInBG,gBAAAA,CFkIA;QACP,MAAA;EAAY,GAAA,EAAA,MAAA;;;UE9HLC,mBAAAA;EDmDV,QAAsB,EAAA,MAAA;EA8BtB,IAAgB,EAAA,MAAA;EAiBhB,IAAgB,EAAA,MAAA;;;;ACvIo1B,UA4C11BC,mBAAAA,CAxCoB;EAAA,IAIpBN,EAAAA,MAAAA;EAAa,IAUbC,EAAAA,MAAAA;EAAiB,GAQjBC,EAAAA,MAAAA;EAAY,YAAA,CAAA,EAAA,MAAA;YAIED,CAAAA,EAAAA,OAAAA;;UAqBdM,qBAAAA,CArBK;EAAA,OAELH,EAAAA,MAAAA;EAAgB,IAKhBC,EAAAA,MAAAA,GAAAA,QAAAA,GAAmB,QAAA;EAAA,SAOnBC,EAAAA,MAAAA;EAAmB,SAOnBC,EAAAA,MAAAA;EAKkB,KAGlBC,EAHDF,mBAGe,EAAA;EAAA,SAOdG,EAAAA,MAAAA;AAAa;AAQG,UAfhBD,cAAAA,CAsBkB;EAAA,OAKlBI,EAAAA,MAAAA;EAAe,aAMXC,EAAAA,MAAc;EAAA,YAAA,EAAA,MAAA;WAGNd,EAAAA,MAAAA;YAKXC,EAAAA,MAAAA,GAAAA,IAAAA;;UAlCDS,aAAAA,CAoCmBP;UAARY,EAAAA,MAAAA;QAQXV,MAAAA;UADJU,EAAAA,MAAAA;aAQQT,EAAAA,MAAAA;cAARS,CAAAA,EAAAA,MAAAA;YAGQP,CAAAA,EAAAA,OAAAA;;UA9CJG,gBAAAA,CA+CgBF;WAARM,EAAAA,MAAAA;QAIPL,MAAAA;cADLK,EAAAA,MAAAA;cAIQJ,CAAAA,EAAAA,MAAAA;YADQI,EAAAA,OAAAA;;UA9CZH,kBAAAA,CAiD2BG;WACDA,EAAAA,MAAAA;SAOzBF,EAAAA,MAAAA;YADLE,EAAAA,OAAAA;;UAnDIF,eAAAA,CA+DoB1B;UAAR4B,EAAAA,MAAAA;UACiC/B,EAAAA,MAAAA;QAAR+B,MAAAA;aACUX,CAAAA,EAAAA,MAAAA;;cA3D3CU,cAAAA,CA8DDV;mBACCjB,MAAAA;mBAAR4B,MAAAA;aAC8C5B,CAAAA,MAAAA,EA7D9Ba,oBA6D8Bb;UAAR4B,OAAAA;cACQA,CAAAA,KAAAA,EAAAA;eAQvCX,CAAAA,EAAAA,MAAAA;MAlEPW,OA+D8BA,CAAAA;SAMlB1B,EApEPY,aAoEOZ;;iBAYQ0B,CAAAA,CAAAA,EA9ELA,OA8EKA,CA9EGZ,YA8EHY,CAAAA;aAUgBA,CAAAA,IAAAA,EAAAA;SAOZA,EAAAA;UAOJA,EAAAA,MAAAA;eAIFA,EAAAA,KAAAA,GAAAA,KAAAA;iBAKFA,CAAAA,EAAAA,MAAAA;OAIIA;MA5GpBA,OAiHuBA,CAAAA;QAYFA,EA5HjBV,gBA4HiBU,EAAAA;;mBAULA,CAAAA,IAAAA,EAAAA;YAIGA,EAAAA,MAAAA;QAaNX,EAAAA,MAAAA;QACbW,EAAAA,MAAAA;gBAIiBA,CAAAA,EAAAA,UAAAA,GAAAA,YAAAA;MArJjBA,OAgKEA,CAhKMT,mBAgKNS,CAAAA;iBAaFA,CAAAA,IAAAA,EAAAA;QAYKhB,EAAAA,MAAAA,GAAAA,QAAAA,GAAAA,QAAAA;MAtLLgB,OA0LQjC,CA1LA0B,qBA0LA1B,CAAAA;cAARiC,CAAAA,CAAAA,EAzLYA,OAyLZA,CAzLoBN,cAyLpBM,CAAAA;eAQKhB,CAAAA,KAAAA,EAAAA;UAKLgB,CAAAA,EAAAA,MAAAA;MAnMAA,OA6MKhB,CAAAA;SAIIJ,EAhNJe,aAgNIf,EAAAA;;kBAMIhB,CAAAA,CAAAA,EApNGoC,OAoNHpC,CAAAA;YAEFP,EArNHuC,gBAqNGvC,EAAAA;;gBAGX2C,CAAAA,SAAAA,EAAAA,MAAAA,CAAAA,EAtN+BA,OAsN/BA,CAtNuCH,kBAsNvCG,CAAAA;gBAGKhB,CAAAA,QAAAA,EAAAA,MAAAA,CAAAA,EAxNyBgB,OAwNzBhB,CAAAA;WAIIN,EAAAA,OAAAA;;iBADTsB,CAAAA,IAAAA,EAAAA;SAMKhB,EAAAA,KAAAA,GAAAA,MAAAA,GAAAA,SAAAA;WAMMpB,EAAAA,MAAAA;MAjOXoC,OAkOOtC,CAAAA;SAEEL,EAnOJyC,eAmOIzC,EAAAA;cALT2C,EAAAA,MAAAA,GAAAA,IAAAA;;mBAgBWpC,CAAAA,IAAAA,EAAAA;SACJF,EAAAA,KAAAA,GAAAA,MAAAA,GAAAA,SAAAA;WAEEL,EAAAA,MAAAA;YAET2C,EAAAA,MAAAA;MA5OAA,OAkPKhB,CAAAA;eAILgB,EAAAA,MAAAA;aAGKhB,EAAAA,MAAAA;;kBAQGN,CAAAA,CAAAA,EA7PQsB,OA6PRtB,CA7PgBN,kBA6PhBM,EAAAA,CAAAA;sBAARsB,CAAAA,aAAAA,EAAAA,MAAAA,CAAAA,EA5PyCA,OA4PzCA,CA5PiD/B,uBA4PjD+B,CAAAA;yBAGKhB,CAAAA,aAAAA,EAAAA,MAAAA,EAAAA,MAAAA,EA9P8CK,MA8P9CL,CAAAA,MAAAA,EAAAA,OAAAA,CAAAA,CAAAA,EA9PwEgB,OA8PxEhB,CAAAA,IAAAA,CAAAA;oBAEIJ,CAAAA,aAAAA,EAAAA,MAAAA,EAAAA,QAAAA,EAAAA;WAGDE,CAAAA,EAAAA,MAAAA;UAARkB,CAAAA,EAhQOX,MAgQPW,CAAAA,MAAAA,EAAAA,OAAAA,CAAAA;MA/PAA,OAkQKhB,CAlQGZ,kBAkQHY,CAAAA;mBAME7B,CAAAA,aAAAA,EAAAA,MAAAA,CAAAA,EAvQ+B6C,OAuQ/B7C,CAvQuCiB,kBAuQvCjB,CAAAA;aADP6C,CAAAA,QAAAA,EAAAA,MAAAA,EAAAA,MAAAA,CAAAA,EAAAA,MAAAA,EAAAA,CAAAA,EArQ8CA,OAqQ9CA,CAAAA;OAMKhB,EAAAA,MAAAA;YAGLgB,EAAAA,MAAAA;aAEwBxB,EAAAA,MAAAA;;gBAUlBwB,CAAAA,QAAAA,EAAAA,MAAAA,CAAAA,EArRwBA,OAqRxBA,CAAAA;YASNA,EAAAA,MAAAA;aAgBAA,EAAAA,OAAAA;UAGoCA,CAAAA,EA9S7BX,MA8S6BW,CAAAA,MAAAA,EAAAA,MAAAA,CAAAA;;aAoBpCA,CAAAA,CAAAA,EAhUWA,OAgUXA,CAAAA;gBAYAA,EA3UY1B,aA2UZ0B,EAAAA;;;;;;;;;;;;sBA+IiCA,CAAAA,CAAAA,EA9cbA,OA8caA,CAAAA;YAWnBA,EAAAA;WAQcA,EAAAA,MAAAA;kBAGjBA,EAAAA,MAAAA;cAeXA,EAAAA,MAAAA;kBAMqBA,EAAAA,MAAAA;iBAIIA,CAAAA,EAAAA,MAAAA;iBAUzBA,CAAAA,EAAAA,MAAAA;OAIAA;;yBAM2BA,CAAAA,KAAAA,EAAAA,MAAAA,CAAAA,EAvgBSA,OAugBTA,CAAAA;YAW3BA,EAAAA;MAAO,KAAA,EAAA,MAAA;;;;EClrBb,CAAA,CAAiB;EAOjB,wBAAkC,CAAA,CAAA,EDgKJA,OC9JpB,CAAA;IASM,KAAA,EAAA,MAAA;IAAgB,YAAA,EAAA,MAAA;YAAG,EAAA,MAAA;gBAAe,EAAA,MAAA;eAAU,CAAA,EAAA,MAAA;;sBAY7C,CAAA,CAAA,EDgJWA,OChJX,CAAA;SAAR,EAAA,MAAA;eAwCQ,EAAA,MAAA;;oBA4B4C,CAAA,CAAA,EDgFnCA,OChFmC,CAAA;eAAR,EAAA,MAAA;wBAqCY,EAAA,MAAA;gBAAR,EAAA,MAAA;;kBA4FhD,CAAA,CAAA,ED5CeA,OC4Cf,CAAA;eA2CA,EAAA,MAAA;IAAO,SAAA,EAAA,MAAA;EAmBd,CAAA,CAAY;EAAU,oBAAA,CAAA,CAAA,EDtGIA,OCsGJ,CAAA;eAAqB,EAAA,MAAA;eAAlB,EAAA,MAAA;IAAU,aAAA,EAAA,MAAA;;6BDjGNA;;IEnNZ,YAAA,EAAA,MAAc;IAaT,oBAAY,EAAA,MAAA;IAAA,OAAA,EAAA,MAAA;YACvB,EAAA,MAAA;WACM,EAAA,MAAA;SAAd,EAAA,MAAA;IAAO,eAAA,EAAA,MAAA,EAAA;;;;ECHV,qBAA6B,CAAA,CAAA,EHmNFA,OGnNE,CAAA;IA4FP,WAAA,EAAA,MAAW;IAAA,SAAA,EAAA,MAAA;;oBAKtB,CAAA,CAAA,EHsHaA,OGtHb,CAAA;eAAR,EAAA,MAAA;IAAO,oBAAA,EAAA,MAAA;;;;ECnGV,gBAAiB,CAAA,CAAA,EJ+NKA,OI/NS,CAAA;IAqDT,WAAA,EAAA,MAAa;IAAA,SAAA,EAAA,MAAA;;qBAIhB,CAAA,CAAA,EJ0KMA,OI1KN,CAAA;WAER,EAAA,MAAA;YAAR,EAAA,MAAA;IAAO,UAAA,EAAA,MAAA;;;;ICxEO,aAAA,CAAA,EAAY,MAAA;IAUP,UAAA,CAAA,EAAS,MAAA;EAAA,CAAA,CAAA;kBACX,CAAA,IAAA,EAAA;kBAAR,EAAA,MAAA;QACD,CAAA,EAAA,MAAA;gBACA,CAAA,ELgPQX,MKhPR,CAAA,MAAA,EAAA,OAAA,CAAA;MLiPLW,OKjPH,CAAA;IAAO,EAAA,EAAA,OAAA;;;uBLqPaA;IM5ON,QAAA,EAAA;MAMA,EAAA,EAAA,MAAA;MAKP,IAAA,EAAA,MAAA;MAOO,WAAA,CAAA,EAAA,MAAgB;IAAA,CAAA,EAAA;;oBACI,CAAA,KAAA,EAAA;YACd,EAAA,MAAA;YAAgB,EAAA,MAAA;QACmC,EAAA,MAAA;QNkOlEA,OMjOM,CAAA;eACC,EAAA;MAAW,EAAA,EAAA,MAAA;MAGV,SAAA,EAAA,MAAA;MAAsB,WAAA,EAAA,MAAA;WAC5B,EAAA,MAAA;eACH,EAAA,MAAA;OACJ;EAAgB,CAAA,CAAA;;;;;MNuObA;;;;;;;;;;;;WAYKhB;;;;MAILgB,QAAQjC;;;;;;;;WAQHiB;;;;;MAKLgB;;;;;;;;;;WAUKhB;;;;eAIIJ;;;;;eAKAlB;mBACIE;;iBAEFP;;;MAGX2C,QAAQtB;;;WAGHM;;;MAGLgB;eACStB;eACAlB;;;;WAIJwB;;;;MAILgB;;iBAEWpC;aACJF;;eAEEL;;;;;;;WAOJ2B;;;;iBAIMpB;aACJF;;eAEEL;;MAET2C;;;;;;WAMKhB;;;;MAILgB;;;WAGKhB;;;;;;eAMIJ;;MAEToB,QAAQtB;;;WAGHM;;eAEIJ;;;MAGToB,QAAQlB;;;WAGHE;;;;;MAKLgB;aACO7C;;;;;WAKF6B;;;MAGLgB;;sBAEgBA,QAAQxB;;;;;;;;;;YAUlBwB;;;;;;;;;MASNA;;;;;;;;;;;;;;;;MAgBAA;;;0CAGoCA;;;;;;;;;;MAUpCA;;;;;;;;;;MAUAA;;;;;;;;;;;;MAYAA;;;;;;;;;;;MAWAA;;;;;MAKAA;;;;;;;;;;MAUAA;;;;;;;;;;;;;;;;;;MAkBAA;;;;;;;;;;;;;;;;MAgBAA;;;;;;;;;;;;;;;;;;MAkBAA;;;;;;;;;;;MAWAA;;;;;;;;;;MAUAA;;;;;;;;;;;;;;;;;;;;;;;;MAwBAA;;;;;;;;;;;;MAYAA;;;;wDAIkDA;;;;uCAIjBA;;;;;;;;;;;oBAWnBA;;;;;;;;kCAQcA;;;iBAGjBA;;;;;;;;;;;;;;;MAeXA;;;;;;2BAMqBA;;;;+BAIIA;;;;;;;;;;MAUzBA;;;;MAIAA;;;;;MAKAA;iCAC2BA;;;;;;;;;;;MAW3BA;;;;;;AF/nBgB,UGnDL,UAAA,CHmDiB;EAAA,MAAA,EAAA,MAAA;QAEvB,EAAA,MAAA;WAAR,EAAA,MAAA;EAAO,MAAA,EAAA,MAAA;AAmBV;AAAmC,UGjElB,iBAAA,CHiEkB;eAEvB,EAAA,MAAA;QACT,EGlEO,cHkEP;;AAUH;;;;;AAaA;AAgBsB,iBGhGN,gBAAA,CHgGgD;EAAA,aAAA;EAAA;AAAA,CAAA,EGhGJ,iBHgGI,CAAA,EAAA;EAgBhD,aAAA,EAAA,MAAa;EAAA,MAAA,gBAAA;;;;;gCCxEP;;;EAAA,CAAA,CAAA,EE5Bf,OF4Be,CE5BP,UF4ByB,CAAA;EA8BxB,WAAA,CAAA,KAAY,EAAA,MAAA,EAAA,EAAA,QAAA,EAAA;IAiBZ,KAAA,CAAA,EAAA,OAAa;MEnCtB,QAAQ;;cD5FLd;IAJAD,KAAAA,CAAAA,EAAAA,OAAAA;EAIAC,CAAAA,CAAAA,ECwHyC,ODxHzCA,CCwHiD,UDxHpC,CAAA;EAUbC;AAAiB;;;UAYlBE,CAAAA,OAECC,CAFDD,EAAAA;IAAM,KAAA,CAAA,EAAA,OAAA;EAELC,CAAAA,CAAAA,ECqI6C,ODrI7CA,CCqIqD,UDrIrC,CAAA;EAKhBC;AAAmB;AAOA;AAYD;EAUlBI,SAAAA,CAAAA,KAAAA,EAAa,MAAA,EAAA,EAAA,OAebE,CAfa,EAAA;IAQbD,KAAAA,CAAAA,EAAAA,OAAgB;EAOhBC,CAAAA,CAAAA,ECgLH,ODhLGA,CCgLK,UDhLa,CAAA;EAKlBC;AAAe;;;iBAcdZ,CAAAA,QAAAA,EAAAA,MAAAA,EAAAA,QAAAA,EAAAA;IADLc,KAAAA,CAAAA,EAAAA,OAAAA;MCyMC,ODtMsBZ,CAAAA,IAAAA,CAAAA;;AAQnBE,KCiNE,UAAA,GAAa,UDjNfA,CAAAA,OCiNiC,gBDjNjCA,CAAAA;;;;;;;;AFrFV;AAOA;AAA8B,UIrBb,cAAA,CJqBa;eACN,EAAA,MAAA;;EAAT,UAAA,CAAA,EAAA,MAAA;EAGE;EAiBA,SAAA,EAAA,CAAA,KAAY,EAAA,MAAA,EAAA,EAAA,GAAA,IAAA,GIrCY,OJqCZ,CAAA,IAAA,CAAA;AA4B7B;;;;;AAqBA;AAAmC,iBI9Eb,YAAA,CJ8Ea,OAAA,EI7ExB,cJ6EwB,CAAA,EI5EhC,OJ4EgC,CAAA,GAAA,GI5ElB,OJ4EkB,CAAA,IAAA,CAAA,CAAA;;;;AArBb,UK1DL,YAAA,CL0DiB;EAAA,IAAA,EAAA,MAAA;SAEvB,EAAA,OAAA;MAAR,CAAA,EAAA,MAAA;EAAO,IAAA,CAAA,EAAA,MAAA;EAmBY,KAAA,CAAA,EAAA,MAAA;;;;;AAaA,iBKAA,WAAA,CLAmB,aAAA,EAAA,MAAA,EAAA,aAAA,EAAA,MAAA,EAAA,EAAA,MAAA,EKG/B,cLH+B,EAAA,QAAA,EAAA;EAAA,WAAA,CAAA,EAAA,MAAA;OAGhC,CAAA,EAAA,OAAA;IKEN,OLDA,CKCQ,YLDR,EAAA,CAAA;;;;AAlEc,UMhCA,cAAA,CNgCY;EA4BP,IAAA,EAAA,MAAA;EAAY,OAAA,EAAA,OAAA;MAEvB,CAAA,EAAA,MAAA;OAAR,CAAA,EAAA,MAAA;;AAmBmB,iBM5BA,aAAA,CN4Ba,aAAA,EAAA,MAAA,EAAA,aAAA,EAAA,MAAA,EAAA,EAAA,MAAA,EMzBzB,cNyByB,EAAA,cAAA,CAAA,EMxBhB,cNwBgB,EAAA,QAAA,EAAA;EAAA,WAAA,CAAA,EAAA,MAAA;OAEvB,CAAA,EAAA,OAAA;IMxBT,ONyBA,CMzBQ,cNyBR,EAAA,CAAA;;;;;;;;AAhFc,UOjBA,YAAA,CPiBa;EAOb,UAAA,CAAA,EAAA,MAAa;EAAA,WAAA,CAAA,EAAA,MAAA;;;;AAI9B;AAiBA;AA4BA;AAAkC,iBO/DZ,SP+DY,CAAA,CAAA,CAAA,CAAA,EAAA,EAAA,GAAA,GO9DtB,OP8DsB,CO9Dd,CP8Dc,CAAA,EAAA,OAAA,CAAA,EO7DvB,YP6DuB,CAAA,EO5D/B,OP4D+B,CO5DvB,CP4DuB,CAAA;;;;AAAZ,UQnDL,WAAA,CRmDiB;EAAA,SAAA,EAAA,MAAA,GAAA,SAAA,GAAA,KAAA;SAEvB,EAAA,MAAA;MAAR,EAAA,MAAA;;AAmBmB,UQlEL,gBAAA,CRkEkB;EAAA,aAAA,EAAA,MAAA;QAEvB,EQlEF,cRkEE;;UQ/DF,YAAA,CRgEA;EAUY,IAAA,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAmB;EAAA,IAAA,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAA;OAGhC,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAA;OACN,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAA;;AASmB,UQhFL,gBAAA,CRgFwB;EAgBnB,UAAA,CAAA,MAAA,EQ/FD,WR+FoC,EAAA,CAAA,EQ/FpB,OR+F2B,CAAA,IAAA,CAAA;EAgBhD,YAAA,CAAA,MAAa,EQ9GN,WR8GM,EAAA,CAAA,EQ9GU,OR8GV,CAAA,IAAA,CAAA;EAAA,kBAAA,CAAA,QAAA,EAAA,MAAA,EAAA,SAAA,EAAA,SAAA,GAAA,SAAA,CAAA,EQ7G6C,OR6G7C,CAAA,IAAA,CAAA;UACpB,EAAA,EQ7GK,OR6GL,CAAA,IAAA,CAAA;WACC,EAAA,EQ7GK,WR6GL,EAAA;;AACK,iBQ3GC,sBAAA,CR2GD,MAAA,EQ1GL,gBR0GK,EAAA,GAAA,EQzGR,YRyGQ,CAAA,EQxGZ,gBRwGY"}
1
+ {"version":3,"file":"index.d.cts","names":["ChangelogAction","ChangelogActor","ChangelogEntry","ChangelogEntry$1","EncryptedEnvelopeV1","EncryptedEnvelopeV1$1","Field","FieldEnvelope","FieldEnvelope$1","FieldFormat","FieldFormat$1","FieldSensitivity","FieldSensitivity$1","FieldView","GeneratedDataKey","GeneratedDataKey$1","IntegrationConfigResult","IntegrationConfigResult$1","IntegrationConfigSchemaField","IntegrationInstall","IntegrationInstall$1","RegistryEntry","RegistryEntry$1","ScopeInfo","ScopeInfo$1","SecretAggregate","SecretAggregate$1","SecretCategory","SecretCategory$1","SecretMetadata","SecretMetadata$1","SecretScope","SecretScope$1","AgentApiClientConfig","SyncAgentInfo","SyncManifestEntry","SyncManifest","Record","SyncPresignedUrl","SyncConfirmedUpload","SyncReconstructFile","SyncReconstructBundle","SyncAgentStats","SyncFileEntry","SyncSessionEntry","SyncSessionContent","SharedFileEntry","AgentApiClient","Promise"],"sources":["../src/manifest.ts","../src/ignore.ts","../../agent-api-client/dist/index.d.ts","../src/sync-engine.ts","../src/watcher.ts","../src/uploader.ts","../src/downloader.ts","../src/retry.ts","../src/shared-sync.ts"],"sourcesContent":["import { ChangelogAction, ChangelogActor, ChangelogEntry, ChangelogEntry as ChangelogEntry$1, EncryptedEnvelopeV1, EncryptedEnvelopeV1 as EncryptedEnvelopeV1$1, Field, FieldEnvelope, FieldEnvelope as FieldEnvelope$1, FieldFormat, FieldFormat as FieldFormat$1, FieldSensitivity, FieldSensitivity as FieldSensitivity$1, FieldView, GeneratedDataKey, GeneratedDataKey as GeneratedDataKey$1, IntegrationConfigResult, IntegrationConfigResult as IntegrationConfigResult$1, IntegrationConfigSchemaField, IntegrationInstall, IntegrationInstall as IntegrationInstall$1, RegistryEntry, RegistryEntry as RegistryEntry$1, ScopeInfo, ScopeInfo as ScopeInfo$1, SecretAggregate, SecretAggregate as SecretAggregate$1, SecretCategory, SecretCategory as SecretCategory$1, SecretMetadata, SecretMetadata as SecretMetadata$1, SecretScope, SecretScope as SecretScope$1 } from \"@alfe/types\";\n\n//#region src/index.d.ts\n\ninterface AgentApiClientConfig {\n apiKey: string;\n apiUrl: string;\n}\ninterface SyncAgentInfo {\n agentId: string;\n tenantId: string;\n displayName: string;\n s3Prefix: string;\n status: \"stale\" | \"syncing\" | \"synced\";\n fileCount?: number;\n totalSize?: number;\n lastSync?: string;\n}\ninterface SyncManifestEntry {\n hash: string;\n size: number;\n modified: string;\n etag?: string;\n storageClass?: string;\n compressed?: boolean;\n}\ninterface SyncManifest {\n version: 1;\n agentId: string;\n lastSync: string;\n files: Record<string, SyncManifestEntry>;\n}\ninterface SyncPresignedUrl {\n path: string;\n url: string;\n expiresAt: string;\n}\ninterface SyncConfirmedUpload {\n filePath: string;\n hash: string;\n size: number;\n storageClass: \"STANDARD\" | \"GLACIER_IR\";\n syncedAt: string;\n}\ninterface SyncReconstructFile {\n path: string;\n size: number;\n url: string;\n storageClass?: string;\n compressed?: boolean;\n}\ninterface SyncReconstructBundle {\n agentId: string;\n mode: \"full\" | \"active\" | \"memory\";\n fileCount: number;\n totalSize: number;\n files: SyncReconstructFile[];\n expiresAt: string;\n}\ninterface SyncAgentStats {\n agentId: string;\n standardBytes: number;\n glacierBytes: number;\n fileCount: number;\n lastSyncAt: string | null;\n}\ninterface SyncFileEntry {\n filePath: string;\n size: number;\n modified: string;\n contentHash: string;\n storageClass?: string;\n compressed?: boolean;\n}\ninterface SyncSessionEntry {\n sessionId: string;\n size: number;\n lastModified: string;\n storageClass?: string;\n isArchived: boolean;\n}\ninterface SyncSessionContent {\n sessionId: string;\n content: string;\n compressed: boolean;\n}\ninterface SharedFileEntry {\n filePath: string;\n fileName: string;\n size: number;\n contentType?: string;\n}\ndeclare class AgentApiClient {\n private readonly apiKey;\n private readonly apiUrl;\n constructor(config: AgentApiClientConfig);\n private request;\n syncRegister(args?: {\n displayName?: string;\n }): Promise<{\n agent: SyncAgentInfo;\n }>;\n syncGetManifest(): Promise<SyncManifest>;\n syncPresign(args: {\n files: {\n path: string;\n operation: \"put\" | \"get\";\n contentType?: string;\n }[];\n }): Promise<{\n urls: SyncPresignedUrl[];\n }>;\n syncConfirmUpload(args: {\n filePath: string;\n hash: string;\n size: number;\n storageClass?: \"STANDARD\" | \"GLACIER_IR\";\n }): Promise<SyncConfirmedUpload>;\n syncReconstruct(args: {\n mode: \"full\" | \"active\" | \"memory\";\n }): Promise<SyncReconstructBundle>;\n syncGetStats(): Promise<SyncAgentStats>;\n syncListFiles(args?: {\n prefix?: string;\n }): Promise<{\n files: SyncFileEntry[];\n }>;\n syncListSessions(): Promise<{\n sessions: SyncSessionEntry[];\n }>;\n syncGetSession(sessionId: string): Promise<SyncSessionContent>;\n syncDeleteFile(filePath: string): Promise<{\n removed: boolean;\n }>;\n sharedListFiles(args: {\n scope: \"org\" | \"team\" | \"project\";\n scopeId: string;\n }): Promise<{\n files: SharedFileEntry[];\n nextCursor: string | null;\n }>;\n sharedDownloadUrl(args: {\n scope: \"org\" | \"team\" | \"project\";\n scopeId: string;\n filePath: string;\n }): Promise<{\n downloadUrl: string;\n expiresIn: number;\n }>;\n listIntegrations(): Promise<IntegrationInstall$1[]>;\n getIntegrationConfig(integrationId: string): Promise<IntegrationConfigResult$1>;\n updateIntegrationConfig(integrationId: string, config: Record<string, unknown>): Promise<void>;\n installIntegration(integrationId: string, options?: {\n version?: string;\n config?: Record<string, unknown>;\n }): Promise<IntegrationInstall$1>;\n removeIntegration(integrationId: string): Promise<IntegrationInstall$1>;\n getOAuthUrl(provider: string, scopes?: string[]): Promise<{\n url: string;\n provider: string;\n expiresIn: number;\n }>;\n getOAuthStatus(provider: string): Promise<{\n provider: string;\n connected: boolean;\n config?: Record<string, string>;\n }>;\n getRegistry(): Promise<{\n integrations: RegistryEntry$1[];\n }>;\n /**\n * Returns every connected Google account for the agent. Multi-account by\n * design — the openclaw-google plugin requires the LLM to pass `email`\n * explicitly to `google_run_command` so an account is always selected\n * deliberately.\n *\n * 2026-05-14 (connections-redesign PR 1): the legacy flat shape (`email`,\n * `refreshToken`, `accessToken`, etc., populated from the default account)\n * is gone. Iterate over `accounts`.\n */\n getGoogleCredentials(): Promise<{\n accounts: {\n email: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n displayName?: string;\n connectedAt?: string;\n }[];\n }>;\n disconnectGoogleAccount(email: string): Promise<{\n accounts: {\n email: string;\n displayName?: string;\n connectedAt?: string;\n }[];\n }>;\n getGoogleChatCredentials(): Promise<{\n email: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n displayName?: string;\n }>;\n /**\n * @deprecated Returns a single primary credential blob (legacy \"pick-the-\n * default-connection\" shape). Use `getGithubAccounts()` for the multi-\n * account shape required by Pattern A — explicit selector args on every\n * tool. Retained because the `@alfe.ai/openclaw-github` proxy is the\n * only consumer that knows about Pattern A; legacy env-interpolation\n * callers will keep hitting `/credentials` until they move to the proxy.\n */\n getGithubCredentials(): Promise<{\n login: string;\n accessToken: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for GitHub.\n *\n * Returns every agent-scoped GitHub connection. The caller is expected\n * to require a `login` selector on every credential-touching tool and\n * look up the matching account at dispatch time.\n *\n * GitHub OAuth tokens have no expiry (`tokenLifecycle: \"no_expiry\"`),\n * so there is intentionally no `refreshGithubAccountToken` method — if\n * a token is revoked the user must re-run the OAuth flow.\n *\n * Returned `accounts[i].login` is the GitHub username — the stable\n * cross-session identifier the LLM should pass.\n */\n getGithubAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n login: string;\n scopes: string;\n }[];\n }>;\n /**\n * @deprecated Returns a single primary credential blob (legacy \"pick-the-\n * default-connection\" shape). Use `getXeroAccounts()` for the multi-\n * account shape required by Pattern A — explicit selector args on every\n * tool. This method will be removed once all consumers migrate.\n */\n getXeroCredentials(): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n xeroTenantId: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for Xero. Returns every\n * agent-scoped Xero connection. The caller is expected to require a\n * selector arg (e.g. `xeroTenantId`) on every credential-touching tool\n * and look up the matching account by that selector at dispatch time.\n *\n * Returned `accounts[i].accountIdentifier` is the Xero tenantId — the\n * stable cross-session identifier the LLM should pass.\n */\n getXeroAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n accessTokenExpiresAt: string;\n xeroTenantId: string;\n }[];\n }>;\n refreshXeroToken(): Promise<{\n accessToken: string;\n expiresAt: string;\n }>;\n /**\n * Pattern A: refresh a specific Xero connection by its `accountIdentifier`\n * (the Xero `tenantId`). The legacy `refreshXeroToken()` only refreshes\n * the *primary* connection, which is wrong for multi-tenant Xero where\n * each tenant has its own non-interchangeable access token.\n */\n refreshXeroAccountToken(xeroTenantId: string): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n expiresAt: string;\n }>;\n /**\n * @deprecated Returns a single primary credential blob (legacy \"pick-the-\n * default-connection\" shape). Use `getNotionAccounts()` for the multi-\n * account shape required by Pattern A.\n */\n getNotionCredentials(): Promise<{\n accessToken: string;\n workspaceId: string;\n workspaceName: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for Notion. Returns every\n * agent-scoped Notion connection. The caller is expected to require a\n * selector arg (e.g. `workspaceId`) on every credential-touching tool.\n *\n * Returned `accounts[i].accountIdentifier` is the Notion workspaceId.\n */\n getNotionAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n workspaceId: string;\n workspaceName: string;\n }[];\n }>;\n /**\n * @deprecated Returns a single primary Atlassian Connection's credentials\n * (one OAuth user, one cloudId) — the legacy \"pick-the-default-connection\"\n * shape. Atlassian is multi-site by nature (each OAuth user may have\n * access to multiple Cloud sites), so Pattern A plugins MUST use\n * `getAtlassianAccounts()` to discover the full set and dispatch via\n * the `cloudId` selector arg.\n */\n getAtlassianCredentials(): Promise<{\n accessToken: string;\n refreshToken: string;\n accessTokenExpiresAt: string;\n cloudId: string;\n siteName: string;\n siteUrl: string;\n email: string;\n enabledProducts: string[];\n clientId: string;\n clientSecret: string;\n }>;\n refreshAtlassianToken(): Promise<{\n accessToken: string;\n expiresAt: string;\n }>;\n /**\n * Pattern A: multi-account / multi-site credential fetch for Atlassian.\n *\n * Returns every agent-scoped Atlassian Connection. Each Connection is\n * one OAuth user with a single access token and N accessible Cloud\n * sites (`availableSites`). The caller is expected to:\n *\n * 1. Flatten (connection × cloudId) into one MCP child per site.\n * 2. Require a `cloudId` selector on every credential-touching tool.\n * 3. Use the access token bound to the Connection that owns the\n * requested `cloudId` (Atlassian shares one access token across\n * all sites accessible to the OAuth user).\n *\n * Per-account token refresh uses `refreshAtlassianAccountToken(email)`\n * — refreshing one Connection rotates its single access token, which\n * then applies to every cloudId for that Connection.\n *\n * Returned `accounts[i].accountIdentifier` is the OAuth user's email\n * — the stable cross-session identifier for refresh purposes. The LLM\n * never sees this directly: it picks a site via the `cloudId` arg\n * instead.\n */\n getAtlassianAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n accessTokenExpiresAt: string;\n clientId: string;\n clientSecret: string;\n cloudId: string;\n siteName: string;\n siteUrl: string;\n availableSites: {\n id: string;\n url: string;\n name: string;\n scopes?: string[];\n avatarUrl?: string;\n }[];\n }[];\n }>;\n /**\n * Pattern A: refresh a specific Atlassian Connection by `accountIdentifier`\n * (the OAuth user's email).\n *\n * Atlassian rotates refresh tokens (`rotatesRefreshToken: true`); the\n * server-side per-account refresh endpoint handles rotation and\n * persistence. Refreshing one Connection updates its single access\n * token, which applies to every accessible Cloud site (cloudId) for\n * that OAuth user.\n *\n * Returns the new access token + expiry. The proxy is responsible for\n * fanning the new token out to every child server it spawned for\n * cloudIds owned by this Connection.\n */\n refreshAtlassianAccountToken(accountIdentifier: string): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n expiresAt: string;\n }>;\n /**\n * @deprecated Returns a single primary credential blob (legacy \"pick-the-\n * default-connection\" shape). Use `getMYOBAccounts()` for the multi-\n * account shape required by Pattern A.\n */\n getMYOBCredentials(): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n myobBusinessId: string;\n clientId: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for MYOB. Returns every\n * agent-scoped MYOB connection. The caller is expected to require a\n * selector arg (e.g. `myobBusinessId` / `accountIdentifier`) on every\n * credential-touching tool.\n *\n * Returned `accounts[i].accountIdentifier` is the MYOB businessId.\n */\n getMYOBAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n accessTokenExpiresAt: string;\n myobBusinessId: string;\n clientId: string;\n }[];\n }>;\n refreshMYOBToken(): Promise<{\n accessToken: string;\n expiresAt: string;\n }>;\n /**\n * Microsoft 365 (delegated OAuth) credential fetch — single-account shape.\n *\n * @deprecated Use `getMicrosoftAccounts()` and dispatch via the `email`\n * selector once per-account plugins land. Retained because the existing\n * `integrations/connect/microsoft/hooks/post_activate.mjs` writes\n * `mgc` credentials for the single (default) Microsoft account.\n *\n * Returns the agent's effective Microsoft delegated-OAuth credentials.\n * Distinct from `getTeamsCredentials()` (Azure bot credentials for the\n * Teams adapter, which is admin-consent flow on services/microsoft, not\n * delegated OAuth on services/connect).\n */\n getMicrosoftCredentials(): Promise<{\n accessToken: string;\n accessTokenExpiresAt?: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n email?: string;\n microsoftTenantId?: string;\n workspaceDomain?: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for Microsoft 365.\n *\n * Returns every agent-scoped Microsoft connection. The caller is expected\n * to require an `email` selector on every credential-touching tool and\n * look up the matching account at dispatch time.\n *\n * Returned `accounts[i].accountIdentifier` is the user's primary email\n * (or the tid claim as fallback) — the stable cross-session identifier\n * the LLM should pass.\n *\n * Per-account token refresh is exposed via `refreshMicrosoftAccountToken`,\n * NOT `refreshXeroAccountToken` — Microsoft refresh tokens are not\n * interchangeable across (tenant, user) pairs.\n */\n getMicrosoftAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n accessTokenExpiresAt: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n email: string;\n microsoftTenantId: string;\n workspaceDomain: string;\n }[];\n }>;\n /**\n * Pattern A: refresh a specific Microsoft 365 connection by its\n * `accountIdentifier`. For Microsoft, `accountIdentifier` is the user's\n * email when the Graph profile fetch succeeded at connect time, and the\n * Azure tenant id (`tid` claim) as fallback. Callers should pass the\n * value returned by `getMicrosoftAccounts()` rather than synthesising\n * an email locally.\n *\n * Microsoft refresh tokens are bound to a specific (tenant, user) pair —\n * they are NOT interchangeable across accounts, so per-account refresh\n * is mandatory. The generic /accounts/{accountIdentifier}/refresh\n * endpoint walks the agent's full visible scope chain to find a matching\n * connection (works for inherited team/project Microsoft connections).\n */\n refreshMicrosoftAccountToken(accountIdentifier: string): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n expiresAt: string;\n }>;\n getTeamsCredentials(): Promise<{\n agentId: string;\n tenantId: string;\n azureAppId: string;\n azureBotId: string;\n azureClientSecret: string;\n botDisplayName?: string;\n teamsTenantId?: string;\n serviceUrl?: string;\n }>;\n sendTeamsMessage(data: {\n conversationId: string;\n text?: string;\n adaptiveCard?: Record<string, unknown>;\n }): Promise<{\n ok: boolean;\n activityId: string;\n }>;\n listTeamsChannels(): Promise<{\n channels: {\n id: string;\n name: string;\n description?: string;\n }[];\n }>;\n presignAttachments(files: {\n filename: string;\n mimeType: string;\n size: number;\n }[]): Promise<{\n attachments: {\n id: string;\n uploadUrl: string;\n downloadUrl: string;\n s3Key: string;\n expiresAt: string;\n }[];\n }>;\n recordActivity(data: {\n userId?: string;\n channel: string;\n role: \"user\" | \"assistant\";\n }): Promise<{\n recorded: boolean;\n }>;\n /**\n * Mint a fresh AES-256 data key for a specific (secret, field) pair. The\n * encryption context is rebuilt server-side from `auth.tenantId` + the body\n * fields including `fieldKey`; the agent cannot forge context for a scope\n * or field it doesn't own. Legacy single-envelope secrets are migrated to\n * `field#value` rows by the data migration, so call with `fieldKey: \"value\"`\n * to reach them.\n */\n generateSecretDataKey(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n }): Promise<GeneratedDataKey$1>;\n /**\n * Unwrap a wrapped data key so the agent can decrypt the envelope locally.\n * `fieldKey` MUST match the value supplied when the data key was generated\n * (it's bound into KMS encryption context); mismatch fails with\n * `InvalidCiphertextException`.\n */\n decryptSecretDataKey(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n dataKeyCiphertext: string;\n }): Promise<{\n plaintextKey: string;\n }>;\n /**\n * Create a new secret with one or more fields. Encrypted fields must arrive\n * pre-sealed (the agent has already obtained per-field data keys via\n * `generateSecretDataKey({ ..., fieldKey })` and AES-encrypted locally).\n * Plaintext fields ship the value inline.\n */\n createSecret(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n secretName: string;\n category?: SecretCategory$1;\n description?: string;\n tags?: string[];\n fields: {\n key: string;\n format?: FieldFormat$1;\n sensitivity: FieldSensitivity$1;\n value?: string;\n envelope?: EncryptedEnvelopeV1$1;\n }[];\n reason?: string;\n }): Promise<SecretAggregate$1>;\n /** Fetch the secret aggregate plus per-field encrypted envelopes. */\n getSecret(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n }): Promise<{\n aggregate: SecretAggregate$1;\n envelopes: FieldEnvelope$1[];\n }>;\n /** Fetch one field. Plaintext: value inline. Encrypted: envelope. */\n getSecretField(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n }): Promise<{\n key: string;\n sensitivity: FieldSensitivity$1;\n format?: FieldFormat$1;\n value?: string;\n envelope?: EncryptedEnvelopeV1$1;\n rotatedAt?: string;\n createdAt: string;\n updatedAt: string;\n }>;\n /** Add OR rotate one field. */\n setSecretField(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n sensitivity: FieldSensitivity$1;\n format?: FieldFormat$1;\n value?: string;\n envelope?: EncryptedEnvelopeV1$1;\n reason?: string;\n }): Promise<{\n fieldKey: string;\n rotated: boolean;\n }>;\n /** Remove one field. */\n removeSecretField(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n }): Promise<void>;\n /** Update secret-level metadata (name/description/tags/category). */\n updateSecretMetadata(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n secretName?: string;\n description?: string;\n tags?: string[];\n category?: SecretCategory$1;\n reason?: string;\n }): Promise<SecretAggregate$1>;\n /** List metadata for secrets in a scope. Optional filters route through the byFacet GSI. */\n listSecrets(args: {\n scope: SecretScope$1;\n scopeId: string;\n category?: SecretCategory$1;\n tag?: string;\n fieldKey?: string;\n }): Promise<SecretMetadata$1[]>;\n /** Bounded changelog read — metadata-only audit entries. */\n getSecretHistory(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n limit?: number;\n cursor?: string;\n }): Promise<{\n entries: ChangelogEntry$1[];\n nextCursor?: string;\n }>;\n /** Delete a secret (and all its field rows + tag rows + changelog rows). */\n deleteSecret(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n }): Promise<void>;\n /** Enumerate scopes (org/team/project/agent) this agent can access. */\n listSecretScopes(): Promise<ScopeInfo$1[]>;\n /**\n * Returns the calling agent's own identity context — `{ agentId, tenantId }`\n * decoded server-side from the agent API token. Used by the\n * `@alfe.ai/openclaw-identity` plugin to bootstrap context when the\n * OpenClaw daemon doesn't plumb `ctx.agentId` through to plugin hooks.\n * Plugins should cache this for the daemon's lifetime (single-agent-per-\n * process invariant). One HTTP round-trip per process activate; not for\n * per-call use.\n */\n whoami(): Promise<{\n agentId: string;\n tenantId: string;\n }>;\n resolveIdentity(args: {\n provider: string;\n platformId: string;\n kind?: \"user\" | \"agent\" | \"service\" | \"bot\" | \"workspace\";\n displayName?: string;\n }): Promise<{\n identityId: string | null;\n status: string;\n created?: boolean;\n reason?: string;\n /**\n * Flattened auriclabs permission strings for the resolved identity\n * (scope-prefixed where applicable). Empty array on miss / org service\n * outage — the runtime gate fails closed in that case.\n */\n permissions: string[];\n }>;\n searchIdentities(args?: {\n q?: string;\n status?: string;\n limit?: number;\n }): Promise<{\n identities: unknown[];\n }>;\n getIdentityContext(identityId: string): Promise<{\n context: unknown;\n }>;\n mergeIdentities(survivorId: string, args: {\n mergedId: string;\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n error?: string;\n }>;\n unmergeIdentity(identityId: string, args: {\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n error?: string;\n }>;\n addIdentityNote(identityId: string, args: {\n content: string;\n category?: string;\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n noteId: string | null;\n }>;\n tagIdentity(identityId: string, args: {\n tag: string;\n action: \"add\" | \"remove\";\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n }>;\n getIdentityChangelog(identityId: string, args?: {\n limit?: number;\n }): Promise<{\n entries: unknown[];\n }>;\n rollbackIdentity(identityId: string, args: {\n targetVersion: number;\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n entry?: unknown;\n }>;\n requestIdentityVerification(args: {\n claimedIdentityId: string;\n requestingIdentityId: string;\n requestingProvider: string;\n requestingPlatformId: string;\n preferredChannel?: \"mobile\" | \"email\";\n /**\n * Phase 2: agent-supplied contact endpoint. When provided, the top-level\n * `preferredChannel` is ignored — the contact's channel wins.\n */\n contact?: {\n channel: \"email\" | \"mobile\";\n value: string;\n };\n }): Promise<{\n verificationId: string;\n channel: string;\n deliveredTo: string;\n expiresAt: string;\n availableChannels: {\n channel: string;\n deliveredTo: string;\n }[];\n } | {\n error: string;\n }>;\n confirmIdentityVerification(args: {\n claimedIdentityId: string;\n verificationId: string;\n phrase: string;\n }): Promise<{\n verified: boolean;\n identityId?: string;\n /** Phase 2: how the confirm resolved — Scenario A vs B. */\n action?: \"merged\" | \"contact_verified\";\n error?: string;\n }>;\n /**\n * Update display-shape fields on an Identity. Body excludes `email` /\n * `phone` / `title` / `company` / `metadata` per Section D4 — contacts go\n * via the verify flow, title/company live on OrgMembership, metadata is\n * not agent-writable.\n */\n updateIdentity(identityId: string, args: {\n name?: string;\n avatarUrl?: string;\n timezone?: string;\n locale?: string;\n }): Promise<{\n ok: boolean;\n }>;\n /**\n * Phase 2 (Section H): server-side verification of a Google Chat sender via\n * the agent's existing Google OAuth credentials. Returns the resolved\n * identity (created or matched via Scenario-B email enrichment).\n */\n resolveGoogleChatSender(args: {\n senderUserId: string;\n spaceId?: string;\n }): Promise<{\n identityId: string | null;\n status: string;\n }>;\n memorySearch(query: string, opts?: {\n limit?: number;\n topic?: string;\n subtopic?: string;\n tag?: string;\n includeKnowledge?: boolean;\n }): Promise<{\n facts: {\n subject: string;\n predicate: string;\n object: string;\n since: string;\n confidence: number;\n }[];\n memories: {\n id: string;\n text: string;\n topic: string;\n subtopic: string;\n tag: string;\n importance: number;\n timestamp: number;\n score: number;\n }[];\n }>;\n memoryStore(text: string, opts?: {\n topic?: string;\n subtopic?: string;\n tag?: string;\n importance?: number;\n }): Promise<{\n memoryId: string;\n }>;\n memoryIngest(sessionKey: string, messages: {\n role: string;\n content: string;\n index: number;\n timestamp?: string;\n }[], metadata?: {\n channelId?: string;\n userId?: string;\n userName?: string;\n }): Promise<{\n queued: boolean;\n messageCount: number;\n }>;\n memoryLoadContext(tier?: number, topicHint?: string): Promise<{\n formatted: string;\n [key: string]: unknown;\n }>;\n memoryLookupEntity(subject: string): Promise<{\n subject: string;\n triples: {\n tripleId: string;\n predicate: string;\n object: string;\n validFrom: string;\n validTo?: string;\n confidence: number;\n }[];\n }>;\n memoryNavigate(): Promise<{\n topics: {\n name: string;\n tripleCount: number;\n subtopics: string[];\n }[];\n cursor: string | null;\n }>;\n memoryDelete(memoryId: string): Promise<{\n deleted: boolean;\n }>;\n memoryStats(): Promise<{\n vectorCount: number;\n tripleCount: number;\n storageEstimateBytes: number;\n lastIngestionAt?: string;\n }>;\n memoryLearn(args: {\n text: string;\n source?: string;\n sourceType?: \"file\" | \"url\" | \"inline\";\n metadata?: {\n sessionId?: string;\n channelId?: string;\n userName?: string;\n };\n }): Promise<{\n memoriesStored: number;\n triplesStored: number;\n chunks: number;\n source?: string;\n }>;\n memoryBootstrapStatus(): Promise<{\n synced: boolean;\n syncedAt?: string;\n }>;\n memoryBootstrapStatusMark(): Promise<{\n synced: true;\n syncedAt: string;\n }>;\n searchWeb(params: {\n query: string;\n count?: number;\n offset?: number;\n country?: string;\n freshness?: string;\n }): Promise<unknown>;\n searchImages(params: {\n query: string;\n count?: number;\n }): Promise<unknown>;\n searchNews(params: {\n query: string;\n count?: number;\n freshness?: string;\n }): Promise<unknown>;\n registerDatabaseCredentials(): Promise<{\n connectionString: string;\n username: string;\n password: string;\n databases: string[];\n }>;\n reportDatabaseAudit(entry: {\n database: string;\n collection: string;\n operation: string;\n summary?: string;\n }): Promise<void>;\n}\n//# sourceMappingURL=index.d.ts.map\n//#endregion\nexport { AgentApiClient, AgentApiClientConfig, type ChangelogAction, type ChangelogActor, type ChangelogEntry, type EncryptedEnvelopeV1, type Field, type FieldEnvelope, type FieldFormat, type FieldSensitivity, type FieldView, type GeneratedDataKey, type IntegrationConfigResult, type IntegrationConfigSchemaField, type IntegrationInstall, type RegistryEntry, type ScopeInfo, type SecretAggregate, type SecretCategory, type SecretMetadata, type SecretScope, SharedFileEntry, SyncAgentInfo, SyncAgentStats, SyncConfirmedUpload, SyncFileEntry, SyncManifest, SyncManifestEntry, SyncPresignedUrl, SyncReconstructBundle, SyncReconstructFile, SyncSessionContent, SyncSessionEntry };\n//# sourceMappingURL=index.d.ts.map"],"mappings":";;;;;;;;;AAyBA;AAOA;;;;;AAIA;AAiBiB,UA5BA,aAAA,CA4BY;EA4BP,IAAA,EAAA,MAAA;EAAY,IAAA,EAAA,MAAA;YAEvB,EAAA,MAAA;cAAR,EAAA,UAAA,GAAA,YAAA;;AAmBmB,UAtEL,aAAA,CAsEkB;EAAA,KAAA,EArE1B,MAqE0B,CAAA,MAAA,EArEX,aAqEW,CAAA;;AAGhC,UArEc,cAAA,CAqEd;EAAO,OAAA,EAAA,CAAA;EAUY,OAAA,EAAA,MAAA;EAAmB,QAAA,EAAA,MAAA;OAGhC,EA9EA,MA8EA,CAAA,MAAA,EAAA;IACN,IAAA,EAAA,MAAA;IAAO,IAAA,EAAA,MAAA;IASY,QAAA,EAAA,MAAA;IAgBA,IAAA,CAAA,EAAA,MAAA;IAgBN,YAAa,CAAA,EAAA,MAAA;IAAA,UAAA,CAAA,EAAA,OAAA;;;AAG1B,UA9Gc,YAAA,CA8Gd;EAAY;;;;EC3EO;EA8BN,SAAA,EAAA,MAAY,EAAA;EAiBZ;;;;ACvIo1B;AAIt0B;AAIP;AAUI;;;AAYlBqC,iBFmDa,YAAA,CEnDbA,aAAAA,EAAAA,MAAAA,CAAAA,EFqDN,OErDMA,CFqDE,aErDFA,CAAAA;;AAAM;AAEW;AAKG;AAcnBI,iBFmDY,aAAA,CEnDS,aAKtBD,EAAAA,MAAmB,EAAA,QAAA,EFgDhB,aEhDgB,CAAA,EFiDzB,OEjDyB,CAAA,IAAA,CAAA;AAAA;AAGJ;AAOD;AAebK,iBFkCY,mBAAA,CElCM,aAAA,EAAA,MAAA,EAAA,YAAA,EAAA,MAAA,EAAA,KAAA,EFqCnB,aErCmB,CAAA,EFsCzB,OEtCyB,CAAA,IAAA,CAAA;AAAA;AAKH;;AASHZ,iBFiCA,mBAAA,CEjCAA,aAAAA,EAAAA,MAAAA,EAAAA,YAAAA,EAAAA,MAAAA,CAAAA,EFoCnB,OEpCmBA,CAAAA,IAAAA,CAAAA;;;;;AAeZK,iBFkCY,eAAA,CElCZA,QAAAA,EAAAA,MAAAA,CAAAA,EFkC+C,OElC/CA,CAAAA,MAAAA,CAAAA;;;;;;AAWgBI,iBFuCV,aAAA,CEvCUA,KAAAA,EFwCjB,aExCiBA,EAAAA,MAAAA,EFyChB,cEzCgBA,CAAAA,EF0CvB,YE1CuBA;;;;iBDjCJ,kBAAA,yBAEnB;iBA4Ba,YAAA;AD7FC,iBC8GD,aAAA,CD9Gc,KAAA,EAAA,MAAA,EAAA,EAAA,QAAA,EAAA,MAAA,EAAA,CAAA,EAAA,MAAA,EAAA;AAO9B;;;;;AAPA,UErBUT,oBAAAA,CFqBoB;EAO9B,MAAiB,EAAA,MAAA;EAAa,MAAA,EAAA,MAAA;;UExBpBC,aAAAA,CFyBD;EAAM,OAAA,EAAA,MAAA;EAGf,QAAiB,EAAA,MAAA;EAiBjB,WAAiB,EAAA,MAAY;EA4B7B,QAAsB,EAAA,MAAA;EAAY,MAAA,EAAA,OAAA,GAAA,SAAA,GAAA,QAAA;WAEvB,CAAA,EAAA,MAAA;WAAR,CAAA,EAAA,MAAA;EAAO,QAAA,CAAA,EAAA,MAAA;AAmBV;UEpFUC,iBAAAA,CFoFyB;QAEvB,MAAA;QACT,MAAA;EAAO,QAAA,EAAA,MAAA;EAUV,IAAsB,CAAA,EAAA,MAAA;EAAmB,YAAA,CAAA,EAAA,MAAA;YAGhC,CAAA,EAAA,OAAA;;UE5FCC,YAAAA,CF6FA;EASV,OAAsB,EAAA,CAAA;EAgBtB,OAAsB,EAAA,MAAA;EAgBtB,QAAgB,EAAA,MAAA;EAAa,KAAA,EElIpBC,MFkIoB,CAAA,MAAA,EElILF,iBFkIK,CAAA;;UEhInBG,gBAAAA,CFkIA;QACP,MAAA;EAAY,GAAA,EAAA,MAAA;;;UE9HLC,mBAAAA;EDmDV,QAAsB,EAAA,MAAA;EA8BtB,IAAgB,EAAA,MAAA;EAiBhB,IAAgB,EAAA,MAAA;;;;ACvIo1B,UA4C11BC,mBAAAA,CAxCoB;EAAA,IAIpBN,EAAAA,MAAAA;EAAa,IAUbC,EAAAA,MAAAA;EAAiB,GAQjBC,EAAAA,MAAAA;EAAY,YAAA,CAAA,EAAA,MAAA;YAIED,CAAAA,EAAAA,OAAAA;;UAqBdM,qBAAAA,CArBK;EAAA,OAELH,EAAAA,MAAAA;EAAgB,IAKhBC,EAAAA,MAAAA,GAAAA,QAAAA,GAAmB,QAAA;EAAA,SAOnBC,EAAAA,MAAAA;EAAmB,SAOnBC,EAAAA,MAAAA;EAKkB,KAGlBC,EAHDF,mBAGe,EAAA;EAAA,SAOdG,EAAAA,MAAAA;AAAa;AAQG,UAfhBD,cAAAA,CAsBkB;EAAA,OAKlBI,EAAAA,MAAAA;EAAe,aAMXC,EAAAA,MAAc;EAAA,YAAA,EAAA,MAAA;WAGNd,EAAAA,MAAAA;YAKXC,EAAAA,MAAAA,GAAAA,IAAAA;;UAlCDS,aAAAA,CAoCmBP;UAARY,EAAAA,MAAAA;QAQXV,MAAAA;UADJU,EAAAA,MAAAA;aAQQT,EAAAA,MAAAA;cAARS,CAAAA,EAAAA,MAAAA;YAGQP,CAAAA,EAAAA,OAAAA;;UA9CJG,gBAAAA,CA+CgBF;WAARM,EAAAA,MAAAA;QAIPL,MAAAA;cADLK,EAAAA,MAAAA;cAIQJ,CAAAA,EAAAA,MAAAA;YADQI,EAAAA,OAAAA;;UA9CZH,kBAAAA,CAiD2BG;WACDA,EAAAA,MAAAA;SAOzBF,EAAAA,MAAAA;YADLE,EAAAA,OAAAA;;UAnDIF,eAAAA,CA+DoB1B;UAAR4B,EAAAA,MAAAA;UACiC/B,EAAAA,MAAAA;QAAR+B,MAAAA;aACUX,CAAAA,EAAAA,MAAAA;;cA3D3CU,cAAAA,CA8DDV;mBACCjB,MAAAA;mBAAR4B,MAAAA;aAC8C5B,CAAAA,MAAAA,EA7D9Ba,oBA6D8Bb;UAAR4B,OAAAA;cACQA,CAAAA,KAAAA,EAAAA;eAQvCX,CAAAA,EAAAA,MAAAA;MAlEPW,OA+D8BA,CAAAA;SAMlB1B,EApEPY,aAoEOZ;;iBAYQ0B,CAAAA,CAAAA,EA9ELA,OA8EKA,CA9EGZ,YA8EHY,CAAAA;aAUgBA,CAAAA,IAAAA,EAAAA;SAOZA,EAAAA;UAeJA,EAAAA,MAAAA;eAkBHA,EAAAA,KAAAA,GAAAA,KAAAA;iBAiBCA,CAAAA,EAAAA,MAAAA;OAcHA;MAxJfA,OAmKgBA,CAAAA;QAU2BA,EA5KvCV,gBA4KuCU,EAAAA;;mBAsB1BA,CAAAA,IAAAA,EAAAA;YAmBMA,EAAAA,MAAAA;QAYFA,EAAAA,MAAAA;QA0BDA,EAAAA,MAAAA;gBAoCiCA,CAAAA,EAAAA,UAAAA,GAAAA,YAAAA;MAxRrDA,OAkSkBA,CAlSVT,mBAkSUS,CAAAA;iBAcHA,CAAAA,IAAAA,EAAAA;QAYCA,EAAAA,MAAAA,GAAAA,QAAAA,GAAAA,QAAAA;MAzThBA,OA0UuBA,CA1UfP,qBA0UeO,CAAAA;cAyBHA,CAAAA,CAAAA,EAlWRA,OAkWQA,CAlWAN,cAkWAM,CAAAA;eA8BiCA,CAAAA,KAAAA,EAAAA;UAKlCA,CAAAA,EAAAA,MAAAA;MAlYnBA,OA+YaX,CAAAA;SACbW,EA/YKL,aA+YLK,EAAAA;;kBAeEA,CAAAA,CAAAA,EA5ZcA,OA4ZdA,CAAAA;YAaFA,EAxaQJ,gBAwaRI,EAAAA;;gBAgBQjC,CAAAA,SAAAA,EAAAA,MAAAA,CAAAA,EAtbuBiC,OAsbvBjC,CAtb+B8B,kBAsb/B9B,CAAAA;gBAARiC,CAAAA,QAAAA,EAAAA,MAAAA,CAAAA,EArb8BA,OAqb9BA,CAAAA;WAQKhB,EAAAA,OAAAA;;iBAeAA,CAAAA,IAAAA,EAAAA;SAIIJ,EAAAA,KAAAA,GAAAA,MAAAA,GAAAA,SAAAA;WAKAlB,EAAAA,MAAAA;MA/cTsC,OAgdapC,CAAAA;SAEFP,EAjdNyC,eAidMzC,EAAAA;cAGHqB,EAAAA,MAAAA,GAAAA,IAAAA;;mBAGHM,CAAAA,IAAAA,EAAAA;SAIIN,EAAAA,KAAAA,GAAAA,MAAAA,GAAAA,SAAAA;WACAlB,EAAAA,MAAAA;YAFTwC,EAAAA,MAAAA;MAndAA,OAydKhB,CAAAA;eAMMpB,EAAAA,MAAAA;aACJF,EAAAA,MAAAA;;kBAHPsC,CAAAA,CAAAA,EAzdgBA,OAydhBA,CAzdwB5B,kBAydxB4B,EAAAA,CAAAA;sBAYKhB,CAAAA,aAAAA,EAAAA,MAAAA,CAAAA,EApeoCgB,OAoepChB,CApe4Cf,uBAoe5Ce,CAAAA;yBAIMpB,CAAAA,aAAAA,EAAAA,MAAAA,EAAAA,MAAAA,EAvewCyB,MAuexCzB,CAAAA,MAAAA,EAAAA,OAAAA,CAAAA,CAAAA,EAvekEoC,OAuelEpC,CAAAA,IAAAA,CAAAA;oBACJF,CAAAA,aAAAA,EAAAA,MAAAA,EAAAA,QAAAA,EAAAA;WAEEL,CAAAA,EAAAA,MAAAA;UAET2C,CAAAA,EAzeOX,MAyePW,CAAAA,MAAAA,EAAAA,OAAAA,CAAAA;MAxeAA,OA8eKhB,CA9eGZ,kBA8eHY,CAAAA;mBAILgB,CAAAA,aAAAA,EAAAA,MAAAA,CAAAA,EAjfsCA,OAiftCA,CAjf8C5B,kBAif9C4B,CAAAA;aAGKhB,CAAAA,QAAAA,EAAAA,MAAAA,EAAAA,MAAAA,CAAAA,EAAAA,MAAAA,EAAAA,CAAAA,EAnfyCgB,OAmfzChB,CAAAA;OAMIJ,EAAAA,MAAAA;YAEDF,EAAAA,MAAAA;aAARsB,EAAAA,MAAAA;;gBAKSpB,CAAAA,QAAAA,EAAAA,MAAAA,CAAAA,EA3fqBoB,OA2frBpB,CAAAA;YAGDE,EAAAA,MAAAA;aAARkB,EAAAA,OAAAA;UAGKhB,CAAAA,EA9fEK,MA8fFL,CAAAA,MAAAA,EAAAA,MAAAA,CAAAA;;aAKLgB,CAAAA,CAAAA,EAjgBWA,OAigBXA,CAAAA;gBAMKhB,EAtgBOV,aAsgBPU,EAAAA;;;;;;;;;;;;sBA2FLgB,CAAAA,CAAAA,EArlBoBA,OAqlBpBA,CAAAA;YAUAA,EAAAA;WAkBAA,EAAAA,MAAAA;kBAgBAA,EAAAA,MAAAA;cAkBAA,EAAAA,MAAAA;kBAWAA,EAAAA,MAAAA;iBAUAA,CAAAA,EAAAA,MAAAA;iBAwBAA,CAAAA,EAAAA,MAAAA;OAYAA;;yBAQiCA,CAAAA,KAAAA,EAAAA,MAAAA,CAAAA,EA1sBGA,OA0sBHA,CAAAA;YAWnBA,EAAAA;WAQcA,EAAAA,MAAAA;iBAGjBA,CAAAA,EAAAA,MAAAA;iBAeXA,CAAAA,EAAAA,MAAAA;OAMqBA;;0BAcrBA,CAAAA,CAAAA,EA5vBwBA,OA4vBxBA,CAAAA;SAIAA,EAAAA,MAAAA;gBAKAA,EAAAA,MAAAA;YAC2BA,EAAAA,MAAAA;gBAW3BA,EAAAA,MAAAA;IAAO,WAAA,CAAA,EAAA,MAAA;;;;ACx7Bb;AAOA;AAWA;;;;sBAA4D,CAAA,CAAA,EDoKlCA,OCpKkC,CAAA;;eAY7C,EAAA,MAAA;;;;;;;;;;;;AAmQf;;;;EAAmC,iBAAA,CAAA,CAAA,EDzFZA,OCyFY,CAAA;;;;MCpTlB,WAAA,EAAA,MAAc,GAAA,IAKU;MAQnB,WAAA,EAAY,MAAA;MAAA,WAAA,EAAA,MAAA;WACvB,EAAA,MAAA;YACM,EAAA,MAAA;OAAd;EAAO,CAAA,CAAA;;;;ACHV;AA4FA;;oBAGU,CAAA,CAAA,EHiIcA,OGjId,CAAA;eAEC,EAAA,MAAA;wBAAR,EAAA,MAAA;IAAO,YAAA,EAAA,MAAA;;;;ACnGV;AAqDA;;;;;;EAMU,eAAA,CAAA,CAAA,EJqLWA,OIrLX,CAAA;;;;MCxEO,WAAA,EAAY,MAAA,GAAA,IAAA;MAUP,WAAS,EAAA,MAAA;MAAA,WAAA,EAAA,MAAA;0BACX,EAAA,MAAA;kBAAR,EAAA,MAAA;OACD;;kBACR,CAAA,CAAA,EL2PmBA,OK3PnB,CAAA;IAAO,WAAA,EAAA,MAAA;;;;ACSV;AAMA;AAGC;AASD;;yBACqB,CAAA,YAAA,EAAA,MAAA,CAAA,ENyO4BA,OMzO5B,CAAA;eAAgB,EAAA,MAAA;wBACd,EAAA,MAAA;aAAgB,EAAA,MAAA;;;;;AAMvC;;sBACU,CAAA,CAAA,EN2OgBA,OM3OhB,CAAA;eACH,EAAA,MAAA;eACJ,EAAA,MAAA;IAAgB,aAAA,EAAA,MAAA;;;;;;;;;uBNqPIA;;;;;;;;;;;;;;;;;;;6BAmBMA;;;;;;;;;;;;2BAYFA;;;;;;;;;;;;;;;;;;;;;;;;;;0BA0BDA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2DAoCiCA;;;;;;;;;;wBAUnCA;;;;;;;;;;;;;;qBAcHA;;;;;;;;;;;;sBAYCA;;;;;;;;;;;;;;;;;6BAiBOA;;;;;;;;;;;;;;;;;;;;;;;;;0BAyBHA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2DA8BiCA;;;;;yBAKlCA;;;;;;;;;;;;;mBAaNX;MACbW;;;;uBAIiBA;;;;;;;;;;;QAWfA;;;;;;;;;;;;;MAaFA;;;;;;;;;;;;WAYKhB;;;;MAILgB,QAAQjC;;;;;;;;WAQHiB;;;;;MAKLgB;;;;;;;;;;WAUKhB;;;;eAIIJ;;;;;eAKAlB;mBACIE;;iBAEFP;;;MAGX2C,QAAQtB;;;WAGHM;;;MAGLgB;eACStB;eACAlB;;;;WAIJwB;;;;MAILgB;;iBAEWpC;aACJF;;eAEEL;;;;;;;WAOJ2B;;;;iBAIMpB;aACJF;;eAEEL;;MAET2C;;;;;;WAMKhB;;;;MAILgB;;;WAGKhB;;;;;;eAMIJ;;MAEToB,QAAQtB;;;WAGHM;;eAEIJ;;;MAGToB,QAAQlB;;;WAGHE;;;;;MAKLgB;aACO7C;;;;;WAKF6B;;;MAGLgB;;sBAEgBA,QAAQxB;;;;;;;;;;YAUlBwB;;;;;;;;;MASNA;;;;;;;;;;;;;;;;MAgBAA;;;0CAGoCA;;;;;;;;;;MAUpCA;;;;;;;;;;MAUAA;;;;;;;;;;;;MAYAA;;;;;;;;;;;MAWAA;;;;;MAKAA;;;;;;;;;;MAUAA;;;;;;;;;;;;;;;;;;MAkBAA;;;;;;;;;;;;;;;;MAgBAA;;;;;;;;;;;;;;;;;;MAkBAA;;;;;;;;;;;MAWAA;;;;;;;;;;MAUAA;;;;;;;;;;;;;;;;;;;;;;;;MAwBAA;;;;;;;;;;;;MAYAA;;;;wDAIkDA;;;;uCAIjBA;;;;;;;;;;;oBAWnBA;;;;;;;;kCAQcA;;;iBAGjBA;;;;;;;;;;;;;;;MAeXA;;;;;;2BAMqBA;;;;+BAIIA;;;;;;;;;;MAUzBA;;;;MAIAA;;;;;MAKAA;iCAC2BA;;;;;;;;;;;MAW3BA;;;;;;AFr4BgB,UGnDL,UAAA,CHmDiB;EAAA,MAAA,EAAA,MAAA;QAEvB,EAAA,MAAA;WAAR,EAAA,MAAA;EAAO,MAAA,EAAA,MAAA;AAmBV;AAAmC,UGjElB,iBAAA,CHiEkB;eAEvB,EAAA,MAAA;QACT,EGlEO,cHkEP;;AAUH;;;;;AAaA;AAgBsB,iBGhGN,gBAAA,CHgGgD;EAAA,aAAA;EAAA;AAAA,CAAA,EGhGJ,iBHgGI,CAAA,EAAA;EAgBhD,aAAA,EAAA,MAAa;EAAA,MAAA,gBAAA;;;;;gCCxEP;;;EAAA,CAAA,CAAA,EE5Bf,OF4Be,CE5BP,UF4ByB,CAAA;EA8BxB,WAAA,CAAA,KAAY,EAAA,MAAA,EAAA,EAAA,QAAA,EAAA;IAiBZ,KAAA,CAAA,EAAA,OAAa;MEnCtB,QAAQ;;cD5FLd;IAJAD,KAAAA,CAAAA,EAAAA,OAAAA;EAIAC,CAAAA,CAAAA,ECwHyC,ODxHzCA,CCwHiD,UDxHpC,CAAA;EAUbC;AAAiB;;;UAYlBE,CAAAA,OAECC,CAFDD,EAAAA;IAAM,KAAA,CAAA,EAAA,OAAA;EAELC,CAAAA,CAAAA,ECqI6C,ODrI7CA,CCqIqD,UDrIrC,CAAA;EAKhBC;AAAmB;AAOA;AAYD;EAUlBI,SAAAA,CAAAA,KAAAA,EAAa,MAAA,EAAA,EAAA,OAebE,CAfa,EAAA;IAQbD,KAAAA,CAAAA,EAAAA,OAAgB;EAOhBC,CAAAA,CAAAA,ECgLH,ODhLGA,CCgLK,UDhLa,CAAA;EAKlBC;AAAe;;;iBAcdZ,CAAAA,QAAAA,EAAAA,MAAAA,EAAAA,QAAAA,EAAAA;IADLc,KAAAA,CAAAA,EAAAA,OAAAA;MCyMC,ODtMsBZ,CAAAA,IAAAA,CAAAA;;AAQnBE,KCiNE,UAAA,GAAa,UDjNfA,CAAAA,OCiNiC,gBDjNjCA,CAAAA;;;;;;;;AFrFV;AAOA;AAA8B,UIrBb,cAAA,CJqBa;eACN,EAAA,MAAA;;EAAT,UAAA,CAAA,EAAA,MAAA;EAGE;EAiBA,SAAA,EAAA,CAAA,KAAY,EAAA,MAAA,EAAA,EAAA,GAAA,IAAA,GIrCY,OJqCZ,CAAA,IAAA,CAAA;AA4B7B;;;;;AAqBA;AAAmC,iBI9Eb,YAAA,CJ8Ea,OAAA,EI7ExB,cJ6EwB,CAAA,EI5EhC,OJ4EgC,CAAA,GAAA,GI5ElB,OJ4EkB,CAAA,IAAA,CAAA,CAAA;;;;AArBb,UK1DL,YAAA,CL0DiB;EAAA,IAAA,EAAA,MAAA;SAEvB,EAAA,OAAA;MAAR,CAAA,EAAA,MAAA;EAAO,IAAA,CAAA,EAAA,MAAA;EAmBY,KAAA,CAAA,EAAA,MAAA;;;;;AAaA,iBKAA,WAAA,CLAmB,aAAA,EAAA,MAAA,EAAA,aAAA,EAAA,MAAA,EAAA,EAAA,MAAA,EKG/B,cLH+B,EAAA,QAAA,EAAA;EAAA,WAAA,CAAA,EAAA,MAAA;OAGhC,CAAA,EAAA,OAAA;IKEN,OLDA,CKCQ,YLDR,EAAA,CAAA;;;;AAlEc,UMhCA,cAAA,CNgCY;EA4BP,IAAA,EAAA,MAAA;EAAY,OAAA,EAAA,OAAA;MAEvB,CAAA,EAAA,MAAA;OAAR,CAAA,EAAA,MAAA;;AAmBmB,iBM5BA,aAAA,CN4Ba,aAAA,EAAA,MAAA,EAAA,aAAA,EAAA,MAAA,EAAA,EAAA,MAAA,EMzBzB,cNyByB,EAAA,cAAA,CAAA,EMxBhB,cNwBgB,EAAA,QAAA,EAAA;EAAA,WAAA,CAAA,EAAA,MAAA;OAEvB,CAAA,EAAA,OAAA;IMxBT,ONyBA,CMzBQ,cNyBR,EAAA,CAAA;;;;;;;;AAhFc,UOjBA,YAAA,CPiBa;EAOb,UAAA,CAAA,EAAA,MAAa;EAAA,WAAA,CAAA,EAAA,MAAA;;;;AAI9B;AAiBA;AA4BA;AAAkC,iBO/DZ,SP+DY,CAAA,CAAA,CAAA,CAAA,EAAA,EAAA,GAAA,GO9DtB,OP8DsB,CO9Dd,CP8Dc,CAAA,EAAA,OAAA,CAAA,EO7DvB,YP6DuB,CAAA,EO5D/B,OP4D+B,CO5DvB,CP4DuB,CAAA;;;;AAAZ,UQnDL,WAAA,CRmDiB;EAAA,SAAA,EAAA,MAAA,GAAA,SAAA,GAAA,KAAA;SAEvB,EAAA,MAAA;MAAR,EAAA,MAAA;;AAmBmB,UQlEL,gBAAA,CRkEkB;EAAA,aAAA,EAAA,MAAA;QAEvB,EQlEF,cRkEE;;UQ/DF,YAAA,CRgEA;EAUY,IAAA,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAmB;EAAA,IAAA,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAA;OAGhC,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAA;OACN,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAA;;AASmB,UQhFL,gBAAA,CRgFwB;EAgBnB,UAAA,CAAA,MAAA,EQ/FD,WR+FoC,EAAA,CAAA,EQ/FpB,OR+F2B,CAAA,IAAA,CAAA;EAgBhD,YAAA,CAAA,MAAa,EQ9GN,WR8GM,EAAA,CAAA,EQ9GU,OR8GV,CAAA,IAAA,CAAA;EAAA,kBAAA,CAAA,QAAA,EAAA,MAAA,EAAA,SAAA,EAAA,SAAA,GAAA,SAAA,CAAA,EQ7G6C,OR6G7C,CAAA,IAAA,CAAA;UACpB,EAAA,EQ7GK,OR6GL,CAAA,IAAA,CAAA;WACC,EAAA,EQ7GK,WR6GL,EAAA;;AACK,iBQ3GC,sBAAA,CR2GD,MAAA,EQ1GL,gBR0GK,EAAA,GAAA,EQzGR,YRyGQ,CAAA,EQxGZ,gBRwGY"}
package/dist/index.d.ts CHANGED
@@ -289,24 +289,125 @@ declare class AgentApiClient {
289
289
  clientSecret: string;
290
290
  displayName?: string;
291
291
  }>;
292
+ /**
293
+ * @deprecated Returns a single primary credential blob (legacy "pick-the-
294
+ * default-connection" shape). Use `getGithubAccounts()` for the multi-
295
+ * account shape required by Pattern A — explicit selector args on every
296
+ * tool. Retained because the `@alfe.ai/openclaw-github` proxy is the
297
+ * only consumer that knows about Pattern A; legacy env-interpolation
298
+ * callers will keep hitting `/credentials` until they move to the proxy.
299
+ */
292
300
  getGithubCredentials(): Promise<{
293
301
  login: string;
294
302
  accessToken: string;
295
303
  }>;
304
+ /**
305
+ * Pattern A: multi-account credential fetch for GitHub.
306
+ *
307
+ * Returns every agent-scoped GitHub connection. The caller is expected
308
+ * to require a `login` selector on every credential-touching tool and
309
+ * look up the matching account at dispatch time.
310
+ *
311
+ * GitHub OAuth tokens have no expiry (`tokenLifecycle: "no_expiry"`),
312
+ * so there is intentionally no `refreshGithubAccountToken` method — if
313
+ * a token is revoked the user must re-run the OAuth flow.
314
+ *
315
+ * Returned `accounts[i].login` is the GitHub username — the stable
316
+ * cross-session identifier the LLM should pass.
317
+ */
318
+ getGithubAccounts(): Promise<{
319
+ accounts: {
320
+ connectionId: string;
321
+ accountIdentifier: string;
322
+ displayName: string | null;
323
+ connectedAt: string;
324
+ accessToken: string;
325
+ login: string;
326
+ scopes: string;
327
+ }[];
328
+ }>;
329
+ /**
330
+ * @deprecated Returns a single primary credential blob (legacy "pick-the-
331
+ * default-connection" shape). Use `getXeroAccounts()` for the multi-
332
+ * account shape required by Pattern A — explicit selector args on every
333
+ * tool. This method will be removed once all consumers migrate.
334
+ */
296
335
  getXeroCredentials(): Promise<{
297
336
  accessToken: string;
298
337
  accessTokenExpiresAt: string;
299
338
  xeroTenantId: string;
300
339
  }>;
340
+ /**
341
+ * Pattern A: multi-account credential fetch for Xero. Returns every
342
+ * agent-scoped Xero connection. The caller is expected to require a
343
+ * selector arg (e.g. `xeroTenantId`) on every credential-touching tool
344
+ * and look up the matching account by that selector at dispatch time.
345
+ *
346
+ * Returned `accounts[i].accountIdentifier` is the Xero tenantId — the
347
+ * stable cross-session identifier the LLM should pass.
348
+ */
349
+ getXeroAccounts(): Promise<{
350
+ accounts: {
351
+ connectionId: string;
352
+ accountIdentifier: string;
353
+ displayName: string | null;
354
+ connectedAt: string;
355
+ accessToken: string;
356
+ accessTokenExpiresAt: string;
357
+ xeroTenantId: string;
358
+ }[];
359
+ }>;
301
360
  refreshXeroToken(): Promise<{
302
361
  accessToken: string;
303
362
  expiresAt: string;
304
363
  }>;
364
+ /**
365
+ * Pattern A: refresh a specific Xero connection by its `accountIdentifier`
366
+ * (the Xero `tenantId`). The legacy `refreshXeroToken()` only refreshes
367
+ * the *primary* connection, which is wrong for multi-tenant Xero where
368
+ * each tenant has its own non-interchangeable access token.
369
+ */
370
+ refreshXeroAccountToken(xeroTenantId: string): Promise<{
371
+ accessToken: string;
372
+ accessTokenExpiresAt: string;
373
+ expiresAt: string;
374
+ }>;
375
+ /**
376
+ * @deprecated Returns a single primary credential blob (legacy "pick-the-
377
+ * default-connection" shape). Use `getNotionAccounts()` for the multi-
378
+ * account shape required by Pattern A.
379
+ */
305
380
  getNotionCredentials(): Promise<{
306
381
  accessToken: string;
307
382
  workspaceId: string;
308
383
  workspaceName: string;
309
384
  }>;
385
+ /**
386
+ * Pattern A: multi-account credential fetch for Notion. Returns every
387
+ * agent-scoped Notion connection. The caller is expected to require a
388
+ * selector arg (e.g. `workspaceId`) on every credential-touching tool.
389
+ *
390
+ * Returned `accounts[i].accountIdentifier` is the Notion workspaceId.
391
+ */
392
+ getNotionAccounts(): Promise<{
393
+ accounts: {
394
+ connectionId: string;
395
+ accountIdentifier: string;
396
+ displayName: string | null;
397
+ connectedAt: string;
398
+ accessToken: string;
399
+ workspaceId: string;
400
+ workspaceName: string;
401
+ }[];
402
+ }>;
403
+ /**
404
+ * @deprecated Returns a single primary Atlassian Connection's credentials
405
+ * (one OAuth user, one cloudId) — the legacy "pick-the-default-connection"
406
+ * shape. Atlassian is multi-site by nature (each OAuth user may have
407
+ * access to multiple Cloud sites), so Pattern A plugins MUST use
408
+ * `getAtlassianAccounts()` to discover the full set and dispatch via
409
+ * the `cloudId` selector arg.
410
+ */
310
411
  getAtlassianCredentials(): Promise<{
311
412
  accessToken: string;
312
413
  refreshToken: string;
@@ -323,16 +424,177 @@ declare class AgentApiClient {
323
424
  accessToken: string;
324
425
  expiresAt: string;
325
426
  }>;
427
+ /**
428
+ * Pattern A: multi-account / multi-site credential fetch for Atlassian.
429
+ *
430
+ * Returns every agent-scoped Atlassian Connection. Each Connection is
431
+ * one OAuth user with a single access token and N accessible Cloud
432
+ * sites (`availableSites`). The caller is expected to:
433
+ *
434
+ * 1. Flatten (connection × cloudId) into one MCP child per site.
435
+ * 2. Require a `cloudId` selector on every credential-touching tool.
436
+ * 3. Use the access token bound to the Connection that owns the
437
+ * requested `cloudId` (Atlassian shares one access token across
438
+ * all sites accessible to the OAuth user).
439
+ *
440
+ * Per-account token refresh uses `refreshAtlassianAccountToken(email)`
441
+ * — refreshing one Connection rotates its single access token, which
442
+ * then applies to every cloudId for that Connection.
443
+ *
444
+ * Returned `accounts[i].accountIdentifier` is the OAuth user's email
445
+ * — the stable cross-session identifier for refresh purposes. The LLM
446
+ * never sees this directly: it picks a site via the `cloudId` arg
447
+ * instead.
448
+ */
449
+ getAtlassianAccounts(): Promise<{
450
+ accounts: {
451
+ connectionId: string;
452
+ accountIdentifier: string;
453
+ displayName: string | null;
454
+ connectedAt: string;
455
+ accessToken: string;
456
+ accessTokenExpiresAt: string;
457
+ clientId: string;
458
+ clientSecret: string;
459
+ cloudId: string;
460
+ siteName: string;
461
+ siteUrl: string;
462
+ availableSites: {
463
+ id: string;
464
+ url: string;
465
+ name: string;
466
+ scopes?: string[];
467
+ avatarUrl?: string;
468
+ }[];
469
+ }[];
470
+ }>;
471
+ /**
472
+ * Pattern A: refresh a specific Atlassian Connection by `accountIdentifier`
473
+ * (the OAuth user's email).
474
+ *
475
+ * Atlassian rotates refresh tokens (`rotatesRefreshToken: true`); the
476
+ * server-side per-account refresh endpoint handles rotation and
477
+ * persistence. Refreshing one Connection updates its single access
478
+ * token, which applies to every accessible Cloud site (cloudId) for
479
+ * that OAuth user.
480
+ *
481
+ * Returns the new access token + expiry. The proxy is responsible for
482
+ * fanning the new token out to every child server it spawned for
483
+ * cloudIds owned by this Connection.
484
+ */
485
+ refreshAtlassianAccountToken(accountIdentifier: string): Promise<{
486
+ accessToken: string;
487
+ accessTokenExpiresAt: string;
488
+ expiresAt: string;
489
+ }>;
490
+ /**
491
+ * @deprecated Returns a single primary credential blob (legacy "pick-the-
492
+ * default-connection" shape). Use `getMYOBAccounts()` for the multi-
493
+ * account shape required by Pattern A.
494
+ */
326
495
  getMYOBCredentials(): Promise<{
327
496
  accessToken: string;
328
497
  accessTokenExpiresAt: string;
329
498
  myobBusinessId: string;
330
499
  clientId: string;
331
500
  }>;
501
+ /**
502
+ * Pattern A: multi-account credential fetch for MYOB. Returns every
503
+ * agent-scoped MYOB connection. The caller is expected to require a
504
+ * selector arg (e.g. `myobBusinessId` / `accountIdentifier`) on every
505
+ * credential-touching tool.
506
+ *
507
+ * Returned `accounts[i].accountIdentifier` is the MYOB businessId.
508
+ */
509
+ getMYOBAccounts(): Promise<{
510
+ accounts: {
511
+ connectionId: string;
512
+ accountIdentifier: string;
513
+ displayName: string | null;
514
+ connectedAt: string;
515
+ accessToken: string;
516
+ accessTokenExpiresAt: string;
517
+ myobBusinessId: string;
518
+ clientId: string;
519
+ }[];
520
+ }>;
332
521
  refreshMYOBToken(): Promise<{
333
522
  accessToken: string;
334
523
  expiresAt: string;
335
524
  }>;
525
+ /**
526
+ * Microsoft 365 (delegated OAuth) credential fetch — single-account shape.
527
+ *
528
+ * @deprecated Use `getMicrosoftAccounts()` and dispatch via the `email`
529
+ * selector once per-account plugins land. Retained because the existing
530
+ * `integrations/connect/microsoft/hooks/post_activate.mjs` writes
531
+ * `mgc` credentials for the single (default) Microsoft account.
532
+ *
533
+ * Returns the agent's effective Microsoft delegated-OAuth credentials.
534
+ * Distinct from `getTeamsCredentials()` (Azure bot credentials for the
535
+ * Teams adapter, which is admin-consent flow on services/microsoft, not
536
+ * delegated OAuth on services/connect).
537
+ */
538
+ getMicrosoftCredentials(): Promise<{
539
+ accessToken: string;
540
+ accessTokenExpiresAt?: string;
541
+ refreshToken: string;
542
+ clientId: string;
543
+ clientSecret: string;
544
+ email?: string;
545
+ microsoftTenantId?: string;
546
+ workspaceDomain?: string;
547
+ }>;
548
+ /**
549
+ * Pattern A: multi-account credential fetch for Microsoft 365.
550
+ *
551
+ * Returns every agent-scoped Microsoft connection. The caller is expected
552
+ * to require an `email` selector on every credential-touching tool and
553
+ * look up the matching account at dispatch time.
554
+ *
555
+ * Returned `accounts[i].accountIdentifier` is the user's primary email
556
+ * (or the tid claim as fallback) — the stable cross-session identifier
557
+ * the LLM should pass.
558
+ *
559
+ * Per-account token refresh is exposed via `refreshMicrosoftAccountToken`,
560
+ * NOT `refreshXeroAccountToken` — Microsoft refresh tokens are not
561
+ * interchangeable across (tenant, user) pairs.
562
+ */
563
+ getMicrosoftAccounts(): Promise<{
564
+ accounts: {
565
+ connectionId: string;
566
+ accountIdentifier: string;
567
+ displayName: string | null;
568
+ connectedAt: string;
569
+ accessToken: string;
570
+ accessTokenExpiresAt: string;
571
+ refreshToken: string;
572
+ clientId: string;
573
+ clientSecret: string;
574
+ email: string;
575
+ microsoftTenantId: string;
576
+ workspaceDomain: string;
577
+ }[];
578
+ }>;
579
+ /**
580
+ * Pattern A: refresh a specific Microsoft 365 connection by its
581
+ * `accountIdentifier`. For Microsoft, `accountIdentifier` is the user's
582
+ * email when the Graph profile fetch succeeded at connect time, and the
583
+ * Azure tenant id (`tid` claim) as fallback. Callers should pass the
584
+ * value returned by `getMicrosoftAccounts()` rather than synthesising
585
+ * an email locally.
586
+ *
587
+ * Microsoft refresh tokens are bound to a specific (tenant, user) pair —
588
+ * they are NOT interchangeable across accounts, so per-account refresh
589
+ * is mandatory. The generic /accounts/{accountIdentifier}/refresh
590
+ * endpoint walks the agent's full visible scope chain to find a matching
591
+ * connection (works for inherited team/project Microsoft connections).
592
+ */
593
+ refreshMicrosoftAccountToken(accountIdentifier: string): Promise<{
594
+ accessToken: string;
595
+ accessTokenExpiresAt: string;
596
+ expiresAt: string;
597
+ }>;
336
598
  getTeamsCredentials(): Promise<{
337
599
  agentId: string;
338
600
  tenantId: string;
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","names":["ChangelogAction","ChangelogActor","ChangelogEntry","ChangelogEntry$1","EncryptedEnvelopeV1","EncryptedEnvelopeV1$1","Field","FieldEnvelope","FieldEnvelope$1","FieldFormat","FieldFormat$1","FieldSensitivity","FieldSensitivity$1","FieldView","GeneratedDataKey","GeneratedDataKey$1","IntegrationConfigResult","IntegrationConfigResult$1","IntegrationConfigSchemaField","IntegrationInstall","IntegrationInstall$1","RegistryEntry","RegistryEntry$1","ScopeInfo","ScopeInfo$1","SecretAggregate","SecretAggregate$1","SecretCategory","SecretCategory$1","SecretMetadata","SecretMetadata$1","SecretScope","SecretScope$1","AgentApiClientConfig","SyncAgentInfo","SyncManifestEntry","SyncManifest","Record","SyncPresignedUrl","SyncConfirmedUpload","SyncReconstructFile","SyncReconstructBundle","SyncAgentStats","SyncFileEntry","SyncSessionEntry","SyncSessionContent","SharedFileEntry","AgentApiClient","Promise"],"sources":["../src/manifest.ts","../src/ignore.ts","../../agent-api-client/dist/index.d.ts","../src/sync-engine.ts","../src/watcher.ts","../src/uploader.ts","../src/downloader.ts","../src/retry.ts","../src/shared-sync.ts"],"sourcesContent":["import { ChangelogAction, ChangelogActor, ChangelogEntry, ChangelogEntry as ChangelogEntry$1, EncryptedEnvelopeV1, EncryptedEnvelopeV1 as EncryptedEnvelopeV1$1, Field, FieldEnvelope, FieldEnvelope as FieldEnvelope$1, FieldFormat, FieldFormat as FieldFormat$1, FieldSensitivity, FieldSensitivity as FieldSensitivity$1, FieldView, GeneratedDataKey, GeneratedDataKey as GeneratedDataKey$1, IntegrationConfigResult, IntegrationConfigResult as IntegrationConfigResult$1, IntegrationConfigSchemaField, IntegrationInstall, IntegrationInstall as IntegrationInstall$1, RegistryEntry, RegistryEntry as RegistryEntry$1, ScopeInfo, ScopeInfo as ScopeInfo$1, SecretAggregate, SecretAggregate as SecretAggregate$1, SecretCategory, SecretCategory as SecretCategory$1, SecretMetadata, SecretMetadata as SecretMetadata$1, SecretScope, SecretScope as SecretScope$1 } from \"@alfe/types\";\n\n//#region src/index.d.ts\n\ninterface AgentApiClientConfig {\n apiKey: string;\n apiUrl: string;\n}\ninterface SyncAgentInfo {\n agentId: string;\n tenantId: string;\n displayName: string;\n s3Prefix: string;\n status: \"stale\" | \"syncing\" | \"synced\";\n fileCount?: number;\n totalSize?: number;\n lastSync?: string;\n}\ninterface SyncManifestEntry {\n hash: string;\n size: number;\n modified: string;\n etag?: string;\n storageClass?: string;\n compressed?: boolean;\n}\ninterface SyncManifest {\n version: 1;\n agentId: string;\n lastSync: string;\n files: Record<string, SyncManifestEntry>;\n}\ninterface SyncPresignedUrl {\n path: string;\n url: string;\n expiresAt: string;\n}\ninterface SyncConfirmedUpload {\n filePath: string;\n hash: string;\n size: number;\n storageClass: \"STANDARD\" | \"GLACIER_IR\";\n syncedAt: string;\n}\ninterface SyncReconstructFile {\n path: string;\n size: number;\n url: string;\n storageClass?: string;\n compressed?: boolean;\n}\ninterface SyncReconstructBundle {\n agentId: string;\n mode: \"full\" | \"active\" | \"memory\";\n fileCount: number;\n totalSize: number;\n files: SyncReconstructFile[];\n expiresAt: string;\n}\ninterface SyncAgentStats {\n agentId: string;\n standardBytes: number;\n glacierBytes: number;\n fileCount: number;\n lastSyncAt: string | null;\n}\ninterface SyncFileEntry {\n filePath: string;\n size: number;\n modified: string;\n contentHash: string;\n storageClass?: string;\n compressed?: boolean;\n}\ninterface SyncSessionEntry {\n sessionId: string;\n size: number;\n lastModified: string;\n storageClass?: string;\n isArchived: boolean;\n}\ninterface SyncSessionContent {\n sessionId: string;\n content: string;\n compressed: boolean;\n}\ninterface SharedFileEntry {\n filePath: string;\n fileName: string;\n size: number;\n contentType?: string;\n}\ndeclare class AgentApiClient {\n private readonly apiKey;\n private readonly apiUrl;\n constructor(config: AgentApiClientConfig);\n private request;\n syncRegister(args?: {\n displayName?: string;\n }): Promise<{\n agent: SyncAgentInfo;\n }>;\n syncGetManifest(): Promise<SyncManifest>;\n syncPresign(args: {\n files: {\n path: string;\n operation: \"put\" | \"get\";\n contentType?: string;\n }[];\n }): Promise<{\n urls: SyncPresignedUrl[];\n }>;\n syncConfirmUpload(args: {\n filePath: string;\n hash: string;\n size: number;\n storageClass?: \"STANDARD\" | \"GLACIER_IR\";\n }): Promise<SyncConfirmedUpload>;\n syncReconstruct(args: {\n mode: \"full\" | \"active\" | \"memory\";\n }): Promise<SyncReconstructBundle>;\n syncGetStats(): Promise<SyncAgentStats>;\n syncListFiles(args?: {\n prefix?: string;\n }): Promise<{\n files: SyncFileEntry[];\n }>;\n syncListSessions(): Promise<{\n sessions: SyncSessionEntry[];\n }>;\n syncGetSession(sessionId: string): Promise<SyncSessionContent>;\n syncDeleteFile(filePath: string): Promise<{\n removed: boolean;\n }>;\n sharedListFiles(args: {\n scope: \"org\" | \"team\" | \"project\";\n scopeId: string;\n }): Promise<{\n files: SharedFileEntry[];\n nextCursor: string | null;\n }>;\n sharedDownloadUrl(args: {\n scope: \"org\" | \"team\" | \"project\";\n scopeId: string;\n filePath: string;\n }): Promise<{\n downloadUrl: string;\n expiresIn: number;\n }>;\n listIntegrations(): Promise<IntegrationInstall$1[]>;\n getIntegrationConfig(integrationId: string): Promise<IntegrationConfigResult$1>;\n updateIntegrationConfig(integrationId: string, config: Record<string, unknown>): Promise<void>;\n installIntegration(integrationId: string, options?: {\n version?: string;\n config?: Record<string, unknown>;\n }): Promise<IntegrationInstall$1>;\n removeIntegration(integrationId: string): Promise<IntegrationInstall$1>;\n getOAuthUrl(provider: string, scopes?: string[]): Promise<{\n url: string;\n provider: string;\n expiresIn: number;\n }>;\n getOAuthStatus(provider: string): Promise<{\n provider: string;\n connected: boolean;\n config?: Record<string, string>;\n }>;\n getRegistry(): Promise<{\n integrations: RegistryEntry$1[];\n }>;\n /**\n * Returns every connected Google account for the agent. Multi-account by\n * design — the openclaw-google plugin requires the LLM to pass `email`\n * explicitly to `google_run_command` so an account is always selected\n * deliberately.\n *\n * 2026-05-14 (connections-redesign PR 1): the legacy flat shape (`email`,\n * `refreshToken`, `accessToken`, etc., populated from the default account)\n * is gone. Iterate over `accounts`.\n */\n getGoogleCredentials(): Promise<{\n accounts: {\n email: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n displayName?: string;\n connectedAt?: string;\n }[];\n }>;\n disconnectGoogleAccount(email: string): Promise<{\n accounts: {\n email: string;\n displayName?: string;\n connectedAt?: string;\n }[];\n }>;\n getGoogleChatCredentials(): Promise<{\n email: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n displayName?: string;\n }>;\n getGithubCredentials(): Promise<{\n login: string;\n accessToken: string;\n }>;\n getXeroCredentials(): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n xeroTenantId: string;\n }>;\n refreshXeroToken(): Promise<{\n accessToken: string;\n expiresAt: string;\n }>;\n getNotionCredentials(): Promise<{\n accessToken: string;\n workspaceId: string;\n workspaceName: string;\n }>;\n getAtlassianCredentials(): Promise<{\n accessToken: string;\n refreshToken: string;\n accessTokenExpiresAt: string;\n cloudId: string;\n siteName: string;\n siteUrl: string;\n email: string;\n enabledProducts: string[];\n clientId: string;\n clientSecret: string;\n }>;\n refreshAtlassianToken(): Promise<{\n accessToken: string;\n expiresAt: string;\n }>;\n getMYOBCredentials(): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n myobBusinessId: string;\n clientId: string;\n }>;\n refreshMYOBToken(): Promise<{\n accessToken: string;\n expiresAt: string;\n }>;\n getTeamsCredentials(): Promise<{\n agentId: string;\n tenantId: string;\n azureAppId: string;\n azureBotId: string;\n azureClientSecret: string;\n botDisplayName?: string;\n teamsTenantId?: string;\n serviceUrl?: string;\n }>;\n sendTeamsMessage(data: {\n conversationId: string;\n text?: string;\n adaptiveCard?: Record<string, unknown>;\n }): Promise<{\n ok: boolean;\n activityId: string;\n }>;\n listTeamsChannels(): Promise<{\n channels: {\n id: string;\n name: string;\n description?: string;\n }[];\n }>;\n presignAttachments(files: {\n filename: string;\n mimeType: string;\n size: number;\n }[]): Promise<{\n attachments: {\n id: string;\n uploadUrl: string;\n downloadUrl: string;\n s3Key: string;\n expiresAt: string;\n }[];\n }>;\n recordActivity(data: {\n userId?: string;\n channel: string;\n role: \"user\" | \"assistant\";\n }): Promise<{\n recorded: boolean;\n }>;\n /**\n * Mint a fresh AES-256 data key for a specific (secret, field) pair. The\n * encryption context is rebuilt server-side from `auth.tenantId` + the body\n * fields including `fieldKey`; the agent cannot forge context for a scope\n * or field it doesn't own. Legacy single-envelope secrets are migrated to\n * `field#value` rows by the data migration, so call with `fieldKey: \"value\"`\n * to reach them.\n */\n generateSecretDataKey(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n }): Promise<GeneratedDataKey$1>;\n /**\n * Unwrap a wrapped data key so the agent can decrypt the envelope locally.\n * `fieldKey` MUST match the value supplied when the data key was generated\n * (it's bound into KMS encryption context); mismatch fails with\n * `InvalidCiphertextException`.\n */\n decryptSecretDataKey(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n dataKeyCiphertext: string;\n }): Promise<{\n plaintextKey: string;\n }>;\n /**\n * Create a new secret with one or more fields. Encrypted fields must arrive\n * pre-sealed (the agent has already obtained per-field data keys via\n * `generateSecretDataKey({ ..., fieldKey })` and AES-encrypted locally).\n * Plaintext fields ship the value inline.\n */\n createSecret(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n secretName: string;\n category?: SecretCategory$1;\n description?: string;\n tags?: string[];\n fields: {\n key: string;\n format?: FieldFormat$1;\n sensitivity: FieldSensitivity$1;\n value?: string;\n envelope?: EncryptedEnvelopeV1$1;\n }[];\n reason?: string;\n }): Promise<SecretAggregate$1>;\n /** Fetch the secret aggregate plus per-field encrypted envelopes. */\n getSecret(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n }): Promise<{\n aggregate: SecretAggregate$1;\n envelopes: FieldEnvelope$1[];\n }>;\n /** Fetch one field. Plaintext: value inline. Encrypted: envelope. */\n getSecretField(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n }): Promise<{\n key: string;\n sensitivity: FieldSensitivity$1;\n format?: FieldFormat$1;\n value?: string;\n envelope?: EncryptedEnvelopeV1$1;\n rotatedAt?: string;\n createdAt: string;\n updatedAt: string;\n }>;\n /** Add OR rotate one field. */\n setSecretField(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n sensitivity: FieldSensitivity$1;\n format?: FieldFormat$1;\n value?: string;\n envelope?: EncryptedEnvelopeV1$1;\n reason?: string;\n }): Promise<{\n fieldKey: string;\n rotated: boolean;\n }>;\n /** Remove one field. */\n removeSecretField(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n }): Promise<void>;\n /** Update secret-level metadata (name/description/tags/category). */\n updateSecretMetadata(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n secretName?: string;\n description?: string;\n tags?: string[];\n category?: SecretCategory$1;\n reason?: string;\n }): Promise<SecretAggregate$1>;\n /** List metadata for secrets in a scope. Optional filters route through the byFacet GSI. */\n listSecrets(args: {\n scope: SecretScope$1;\n scopeId: string;\n category?: SecretCategory$1;\n tag?: string;\n fieldKey?: string;\n }): Promise<SecretMetadata$1[]>;\n /** Bounded changelog read — metadata-only audit entries. */\n getSecretHistory(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n limit?: number;\n cursor?: string;\n }): Promise<{\n entries: ChangelogEntry$1[];\n nextCursor?: string;\n }>;\n /** Delete a secret (and all its field rows + tag rows + changelog rows). */\n deleteSecret(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n }): Promise<void>;\n /** Enumerate scopes (org/team/project/agent) this agent can access. */\n listSecretScopes(): Promise<ScopeInfo$1[]>;\n /**\n * Returns the calling agent's own identity context — `{ agentId, tenantId }`\n * decoded server-side from the agent API token. Used by the\n * `@alfe.ai/openclaw-identity` plugin to bootstrap context when the\n * OpenClaw daemon doesn't plumb `ctx.agentId` through to plugin hooks.\n * Plugins should cache this for the daemon's lifetime (single-agent-per-\n * process invariant). One HTTP round-trip per process activate; not for\n * per-call use.\n */\n whoami(): Promise<{\n agentId: string;\n tenantId: string;\n }>;\n resolveIdentity(args: {\n provider: string;\n platformId: string;\n kind?: \"user\" | \"agent\" | \"service\" | \"bot\" | \"workspace\";\n displayName?: string;\n }): Promise<{\n identityId: string | null;\n status: string;\n created?: boolean;\n reason?: string;\n /**\n * Flattened auriclabs permission strings for the resolved identity\n * (scope-prefixed where applicable). Empty array on miss / org service\n * outage — the runtime gate fails closed in that case.\n */\n permissions: string[];\n }>;\n searchIdentities(args?: {\n q?: string;\n status?: string;\n limit?: number;\n }): Promise<{\n identities: unknown[];\n }>;\n getIdentityContext(identityId: string): Promise<{\n context: unknown;\n }>;\n mergeIdentities(survivorId: string, args: {\n mergedId: string;\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n error?: string;\n }>;\n unmergeIdentity(identityId: string, args: {\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n error?: string;\n }>;\n addIdentityNote(identityId: string, args: {\n content: string;\n category?: string;\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n noteId: string | null;\n }>;\n tagIdentity(identityId: string, args: {\n tag: string;\n action: \"add\" | \"remove\";\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n }>;\n getIdentityChangelog(identityId: string, args?: {\n limit?: number;\n }): Promise<{\n entries: unknown[];\n }>;\n rollbackIdentity(identityId: string, args: {\n targetVersion: number;\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n entry?: unknown;\n }>;\n requestIdentityVerification(args: {\n claimedIdentityId: string;\n requestingIdentityId: string;\n requestingProvider: string;\n requestingPlatformId: string;\n preferredChannel?: \"mobile\" | \"email\";\n /**\n * Phase 2: agent-supplied contact endpoint. When provided, the top-level\n * `preferredChannel` is ignored — the contact's channel wins.\n */\n contact?: {\n channel: \"email\" | \"mobile\";\n value: string;\n };\n }): Promise<{\n verificationId: string;\n channel: string;\n deliveredTo: string;\n expiresAt: string;\n availableChannels: {\n channel: string;\n deliveredTo: string;\n }[];\n } | {\n error: string;\n }>;\n confirmIdentityVerification(args: {\n claimedIdentityId: string;\n verificationId: string;\n phrase: string;\n }): Promise<{\n verified: boolean;\n identityId?: string;\n /** Phase 2: how the confirm resolved — Scenario A vs B. */\n action?: \"merged\" | \"contact_verified\";\n error?: string;\n }>;\n /**\n * Update display-shape fields on an Identity. Body excludes `email` /\n * `phone` / `title` / `company` / `metadata` per Section D4 — contacts go\n * via the verify flow, title/company live on OrgMembership, metadata is\n * not agent-writable.\n */\n updateIdentity(identityId: string, args: {\n name?: string;\n avatarUrl?: string;\n timezone?: string;\n locale?: string;\n }): Promise<{\n ok: boolean;\n }>;\n /**\n * Phase 2 (Section H): server-side verification of a Google Chat sender via\n * the agent's existing Google OAuth credentials. Returns the resolved\n * identity (created or matched via Scenario-B email enrichment).\n */\n resolveGoogleChatSender(args: {\n senderUserId: string;\n spaceId?: string;\n }): Promise<{\n identityId: string | null;\n status: string;\n }>;\n memorySearch(query: string, opts?: {\n limit?: number;\n topic?: string;\n subtopic?: string;\n tag?: string;\n includeKnowledge?: boolean;\n }): Promise<{\n facts: {\n subject: string;\n predicate: string;\n object: string;\n since: string;\n confidence: number;\n }[];\n memories: {\n id: string;\n text: string;\n topic: string;\n subtopic: string;\n tag: string;\n importance: number;\n timestamp: number;\n score: number;\n }[];\n }>;\n memoryStore(text: string, opts?: {\n topic?: string;\n subtopic?: string;\n tag?: string;\n importance?: number;\n }): Promise<{\n memoryId: string;\n }>;\n memoryIngest(sessionKey: string, messages: {\n role: string;\n content: string;\n index: number;\n timestamp?: string;\n }[], metadata?: {\n channelId?: string;\n userId?: string;\n userName?: string;\n }): Promise<{\n queued: boolean;\n messageCount: number;\n }>;\n memoryLoadContext(tier?: number, topicHint?: string): Promise<{\n formatted: string;\n [key: string]: unknown;\n }>;\n memoryLookupEntity(subject: string): Promise<{\n subject: string;\n triples: {\n tripleId: string;\n predicate: string;\n object: string;\n validFrom: string;\n validTo?: string;\n confidence: number;\n }[];\n }>;\n memoryNavigate(): Promise<{\n topics: {\n name: string;\n tripleCount: number;\n subtopics: string[];\n }[];\n cursor: string | null;\n }>;\n memoryDelete(memoryId: string): Promise<{\n deleted: boolean;\n }>;\n memoryStats(): Promise<{\n vectorCount: number;\n tripleCount: number;\n storageEstimateBytes: number;\n lastIngestionAt?: string;\n }>;\n memoryLearn(args: {\n text: string;\n source?: string;\n sourceType?: \"file\" | \"url\" | \"inline\";\n metadata?: {\n sessionId?: string;\n channelId?: string;\n userName?: string;\n };\n }): Promise<{\n memoriesStored: number;\n triplesStored: number;\n chunks: number;\n source?: string;\n }>;\n memoryBootstrapStatus(): Promise<{\n synced: boolean;\n syncedAt?: string;\n }>;\n memoryBootstrapStatusMark(): Promise<{\n synced: true;\n syncedAt: string;\n }>;\n searchWeb(params: {\n query: string;\n count?: number;\n offset?: number;\n country?: string;\n freshness?: string;\n }): Promise<unknown>;\n searchImages(params: {\n query: string;\n count?: number;\n }): Promise<unknown>;\n searchNews(params: {\n query: string;\n count?: number;\n freshness?: string;\n }): Promise<unknown>;\n registerDatabaseCredentials(): Promise<{\n connectionString: string;\n username: string;\n password: string;\n databases: string[];\n }>;\n reportDatabaseAudit(entry: {\n database: string;\n collection: string;\n operation: string;\n summary?: string;\n }): Promise<void>;\n}\n//# sourceMappingURL=index.d.ts.map\n//#endregion\nexport { AgentApiClient, AgentApiClientConfig, type ChangelogAction, type ChangelogActor, type ChangelogEntry, type EncryptedEnvelopeV1, type Field, type FieldEnvelope, type FieldFormat, type FieldSensitivity, type FieldView, type GeneratedDataKey, type IntegrationConfigResult, type IntegrationConfigSchemaField, type IntegrationInstall, type RegistryEntry, type ScopeInfo, type SecretAggregate, type SecretCategory, type SecretMetadata, type SecretScope, SharedFileEntry, SyncAgentInfo, SyncAgentStats, SyncConfirmedUpload, SyncFileEntry, SyncManifest, SyncManifestEntry, SyncPresignedUrl, SyncReconstructBundle, SyncReconstructFile, SyncSessionContent, SyncSessionEntry };\n//# sourceMappingURL=index.d.ts.map"],"mappings":";;;;;;;;;AAyBA;AAOA;;;;;AAIA;AAiBiB,UA5BA,aAAA,CA4BY;EA4BP,IAAA,EAAA,MAAA;EAAY,IAAA,EAAA,MAAA;YAEvB,EAAA,MAAA;cAAR,EAAA,UAAA,GAAA,YAAA;;AAmBmB,UAtEL,aAAA,CAsEkB;EAAA,KAAA,EArE1B,MAqE0B,CAAA,MAAA,EArEX,aAqEW,CAAA;;AAGhC,UArEc,cAAA,CAqEd;EAAO,OAAA,EAAA,CAAA;EAUY,OAAA,EAAA,MAAA;EAAmB,QAAA,EAAA,MAAA;OAGhC,EA9EA,MA8EA,CAAA,MAAA,EAAA;IACN,IAAA,EAAA,MAAA;IAAO,IAAA,EAAA,MAAA;IASY,QAAA,EAAA,MAAA;IAgBA,IAAA,CAAA,EAAA,MAAA;IAgBN,YAAa,CAAA,EAAA,MAAA;IAAA,UAAA,CAAA,EAAA,OAAA;;;AAG1B,UA9Gc,YAAA,CA8Gd;EAAY;;;;EC3EO;EA8BN,SAAA,EAAA,MAAY,EAAA;EAiBZ;;;;ACvIo1B;AAIt0B;AAIP;AAUI;;;AAYlBqC,iBFmDa,YAAA,CEnDbA,aAAAA,EAAAA,MAAAA,CAAAA,EFqDN,OErDMA,CFqDE,aErDFA,CAAAA;;AAAM;AAEW;AAKG;AAcnBI,iBFmDY,aAAA,CEnDS,aAKtBD,EAAAA,MAAmB,EAAA,QAAA,EFgDhB,aEhDgB,CAAA,EFiDzB,OEjDyB,CAAA,IAAA,CAAA;AAAA;AAGJ;AAOD;AAebK,iBFkCY,mBAAA,CElCM,aAAA,EAAA,MAAA,EAAA,YAAA,EAAA,MAAA,EAAA,KAAA,EFqCnB,aErCmB,CAAA,EFsCzB,OEtCyB,CAAA,IAAA,CAAA;AAAA;AAKH;;AASHZ,iBFiCA,mBAAA,CEjCAA,aAAAA,EAAAA,MAAAA,EAAAA,YAAAA,EAAAA,MAAAA,CAAAA,EFoCnB,OEpCmBA,CAAAA,IAAAA,CAAAA;;;;;AAeZK,iBFkCY,eAAA,CElCZA,QAAAA,EAAAA,MAAAA,CAAAA,EFkC+C,OElC/CA,CAAAA,MAAAA,CAAAA;;;;;;AAWgBI,iBFuCV,aAAA,CEvCUA,KAAAA,EFwCjB,aExCiBA,EAAAA,MAAAA,EFyChB,cEzCgBA,CAAAA,EF0CvB,YE1CuBA;;;;iBDjCJ,kBAAA,yBAEnB;iBA4Ba,YAAA;AD7FC,iBC8GD,aAAA,CD9Gc,KAAA,EAAA,MAAA,EAAA,EAAA,QAAA,EAAA,MAAA,EAAA,CAAA,EAAA,MAAA,EAAA;AAO9B;;;;;AAPA,UErBUT,oBAAAA,CFqBoB;EAO9B,MAAiB,EAAA,MAAA;EAAa,MAAA,EAAA,MAAA;;UExBpBC,aAAAA,CFyBD;EAAM,OAAA,EAAA,MAAA;EAGf,QAAiB,EAAA,MAAA;EAiBjB,WAAiB,EAAA,MAAY;EA4B7B,QAAsB,EAAA,MAAA;EAAY,MAAA,EAAA,OAAA,GAAA,SAAA,GAAA,QAAA;WAEvB,CAAA,EAAA,MAAA;WAAR,CAAA,EAAA,MAAA;EAAO,QAAA,CAAA,EAAA,MAAA;AAmBV;UEpFUC,iBAAAA,CFoFyB;QAEvB,MAAA;QACT,MAAA;EAAO,QAAA,EAAA,MAAA;EAUV,IAAsB,CAAA,EAAA,MAAA;EAAmB,YAAA,CAAA,EAAA,MAAA;YAGhC,CAAA,EAAA,OAAA;;UE5FCC,YAAAA,CF6FA;EASV,OAAsB,EAAA,CAAA;EAgBtB,OAAsB,EAAA,MAAA;EAgBtB,QAAgB,EAAA,MAAA;EAAa,KAAA,EElIpBC,MFkIoB,CAAA,MAAA,EElILF,iBFkIK,CAAA;;UEhInBG,gBAAAA,CFkIA;QACP,MAAA;EAAY,GAAA,EAAA,MAAA;;;UE9HLC,mBAAAA;EDmDV,QAAsB,EAAA,MAAA;EA8BtB,IAAgB,EAAA,MAAA;EAiBhB,IAAgB,EAAA,MAAA;;;;ACvIo1B,UA4C11BC,mBAAAA,CAxCoB;EAAA,IAIpBN,EAAAA,MAAAA;EAAa,IAUbC,EAAAA,MAAAA;EAAiB,GAQjBC,EAAAA,MAAAA;EAAY,YAAA,CAAA,EAAA,MAAA;YAIED,CAAAA,EAAAA,OAAAA;;UAqBdM,qBAAAA,CArBK;EAAA,OAELH,EAAAA,MAAAA;EAAgB,IAKhBC,EAAAA,MAAAA,GAAAA,QAAAA,GAAmB,QAAA;EAAA,SAOnBC,EAAAA,MAAAA;EAAmB,SAOnBC,EAAAA,MAAAA;EAKkB,KAGlBC,EAHDF,mBAGe,EAAA;EAAA,SAOdG,EAAAA,MAAAA;AAAa;AAQG,UAfhBD,cAAAA,CAsBkB;EAAA,OAKlBI,EAAAA,MAAAA;EAAe,aAMXC,EAAAA,MAAc;EAAA,YAAA,EAAA,MAAA;WAGNd,EAAAA,MAAAA;YAKXC,EAAAA,MAAAA,GAAAA,IAAAA;;UAlCDS,aAAAA,CAoCmBP;UAARY,EAAAA,MAAAA;QAQXV,MAAAA;UADJU,EAAAA,MAAAA;aAQQT,EAAAA,MAAAA;cAARS,CAAAA,EAAAA,MAAAA;YAGQP,CAAAA,EAAAA,OAAAA;;UA9CJG,gBAAAA,CA+CgBF;WAARM,EAAAA,MAAAA;QAIPL,MAAAA;cADLK,EAAAA,MAAAA;cAIQJ,CAAAA,EAAAA,MAAAA;YADQI,EAAAA,OAAAA;;UA9CZH,kBAAAA,CAiD2BG;WACDA,EAAAA,MAAAA;SAOzBF,EAAAA,MAAAA;YADLE,EAAAA,OAAAA;;UAnDIF,eAAAA,CA+DoB1B;UAAR4B,EAAAA,MAAAA;UACiC/B,EAAAA,MAAAA;QAAR+B,MAAAA;aACUX,CAAAA,EAAAA,MAAAA;;cA3D3CU,cAAAA,CA8DDV;mBACCjB,MAAAA;mBAAR4B,MAAAA;aAC8C5B,CAAAA,MAAAA,EA7D9Ba,oBA6D8Bb;UAAR4B,OAAAA;cACQA,CAAAA,KAAAA,EAAAA;eAQvCX,CAAAA,EAAAA,MAAAA;MAlEPW,OA+D8BA,CAAAA;SAMlB1B,EApEPY,aAoEOZ;;iBAYQ0B,CAAAA,CAAAA,EA9ELA,OA8EKA,CA9EGZ,YA8EHY,CAAAA;aAUgBA,CAAAA,IAAAA,EAAAA;SAOZA,EAAAA;UAOJA,EAAAA,MAAAA;eAIFA,EAAAA,KAAAA,GAAAA,KAAAA;iBAKFA,CAAAA,EAAAA,MAAAA;OAIIA;MA5GpBA,OAiHuBA,CAAAA;QAYFA,EA5HjBV,gBA4HiBU,EAAAA;;mBAULA,CAAAA,IAAAA,EAAAA;YAIGA,EAAAA,MAAAA;QAaNX,EAAAA,MAAAA;QACbW,EAAAA,MAAAA;gBAIiBA,CAAAA,EAAAA,UAAAA,GAAAA,YAAAA;MArJjBA,OAgKEA,CAhKMT,mBAgKNS,CAAAA;iBAaFA,CAAAA,IAAAA,EAAAA;QAYKhB,EAAAA,MAAAA,GAAAA,QAAAA,GAAAA,QAAAA;MAtLLgB,OA0LQjC,CA1LA0B,qBA0LA1B,CAAAA;cAARiC,CAAAA,CAAAA,EAzLYA,OAyLZA,CAzLoBN,cAyLpBM,CAAAA;eAQKhB,CAAAA,KAAAA,EAAAA;UAKLgB,CAAAA,EAAAA,MAAAA;MAnMAA,OA6MKhB,CAAAA;SAIIJ,EAhNJe,aAgNIf,EAAAA;;kBAMIhB,CAAAA,CAAAA,EApNGoC,OAoNHpC,CAAAA;YAEFP,EArNHuC,gBAqNGvC,EAAAA;;gBAGX2C,CAAAA,SAAAA,EAAAA,MAAAA,CAAAA,EAtN+BA,OAsN/BA,CAtNuCH,kBAsNvCG,CAAAA;gBAGKhB,CAAAA,QAAAA,EAAAA,MAAAA,CAAAA,EAxNyBgB,OAwNzBhB,CAAAA;WAIIN,EAAAA,OAAAA;;iBADTsB,CAAAA,IAAAA,EAAAA;SAMKhB,EAAAA,KAAAA,GAAAA,MAAAA,GAAAA,SAAAA;WAMMpB,EAAAA,MAAAA;MAjOXoC,OAkOOtC,CAAAA;SAEEL,EAnOJyC,eAmOIzC,EAAAA;cALT2C,EAAAA,MAAAA,GAAAA,IAAAA;;mBAgBWpC,CAAAA,IAAAA,EAAAA;SACJF,EAAAA,KAAAA,GAAAA,MAAAA,GAAAA,SAAAA;WAEEL,EAAAA,MAAAA;YAET2C,EAAAA,MAAAA;MA5OAA,OAkPKhB,CAAAA;eAILgB,EAAAA,MAAAA;aAGKhB,EAAAA,MAAAA;;kBAQGN,CAAAA,CAAAA,EA7PQsB,OA6PRtB,CA7PgBN,kBA6PhBM,EAAAA,CAAAA;sBAARsB,CAAAA,aAAAA,EAAAA,MAAAA,CAAAA,EA5PyCA,OA4PzCA,CA5PiD/B,uBA4PjD+B,CAAAA;yBAGKhB,CAAAA,aAAAA,EAAAA,MAAAA,EAAAA,MAAAA,EA9P8CK,MA8P9CL,CAAAA,MAAAA,EAAAA,OAAAA,CAAAA,CAAAA,EA9PwEgB,OA8PxEhB,CAAAA,IAAAA,CAAAA;oBAEIJ,CAAAA,aAAAA,EAAAA,MAAAA,EAAAA,QAAAA,EAAAA;WAGDE,CAAAA,EAAAA,MAAAA;UAARkB,CAAAA,EAhQOX,MAgQPW,CAAAA,MAAAA,EAAAA,OAAAA,CAAAA;MA/PAA,OAkQKhB,CAlQGZ,kBAkQHY,CAAAA;mBAME7B,CAAAA,aAAAA,EAAAA,MAAAA,CAAAA,EAvQ+B6C,OAuQ/B7C,CAvQuCiB,kBAuQvCjB,CAAAA;aADP6C,CAAAA,QAAAA,EAAAA,MAAAA,EAAAA,MAAAA,CAAAA,EAAAA,MAAAA,EAAAA,CAAAA,EArQ8CA,OAqQ9CA,CAAAA;OAMKhB,EAAAA,MAAAA;YAGLgB,EAAAA,MAAAA;aAEwBxB,EAAAA,MAAAA;;gBAUlBwB,CAAAA,QAAAA,EAAAA,MAAAA,CAAAA,EArRwBA,OAqRxBA,CAAAA;YASNA,EAAAA,MAAAA;aAgBAA,EAAAA,OAAAA;UAGoCA,CAAAA,EA9S7BX,MA8S6BW,CAAAA,MAAAA,EAAAA,MAAAA,CAAAA;;aAoBpCA,CAAAA,CAAAA,EAhUWA,OAgUXA,CAAAA;gBAYAA,EA3UY1B,aA2UZ0B,EAAAA;;;;;;;;;;;;sBA+IiCA,CAAAA,CAAAA,EA9cbA,OA8caA,CAAAA;YAWnBA,EAAAA;WAQcA,EAAAA,MAAAA;kBAGjBA,EAAAA,MAAAA;cAeXA,EAAAA,MAAAA;kBAMqBA,EAAAA,MAAAA;iBAIIA,CAAAA,EAAAA,MAAAA;iBAUzBA,CAAAA,EAAAA,MAAAA;OAIAA;;yBAM2BA,CAAAA,KAAAA,EAAAA,MAAAA,CAAAA,EAvgBSA,OAugBTA,CAAAA;YAW3BA,EAAAA;MAAO,KAAA,EAAA,MAAA;;;;EClrBb,CAAA,CAAiB;EAOjB,wBAAkC,CAAA,CAAA,EDgKJA,OC9JpB,CAAA;IASM,KAAA,EAAA,MAAA;IAAgB,YAAA,EAAA,MAAA;YAAG,EAAA,MAAA;gBAAe,EAAA,MAAA;eAAU,CAAA,EAAA,MAAA;;sBAY7C,CAAA,CAAA,EDgJWA,OChJX,CAAA;SAAR,EAAA,MAAA;eAwCQ,EAAA,MAAA;;oBA4B4C,CAAA,CAAA,EDgFnCA,OChFmC,CAAA;eAAR,EAAA,MAAA;wBAqCY,EAAA,MAAA;gBAAR,EAAA,MAAA;;kBA4FhD,CAAA,CAAA,ED5CeA,OC4Cf,CAAA;eA2CA,EAAA,MAAA;IAAO,SAAA,EAAA,MAAA;EAmBd,CAAA,CAAY;EAAU,oBAAA,CAAA,CAAA,EDtGIA,OCsGJ,CAAA;eAAqB,EAAA,MAAA;eAAlB,EAAA,MAAA;IAAU,aAAA,EAAA,MAAA;;6BDjGNA;;IEnNZ,YAAA,EAAA,MAAc;IAaT,oBAAY,EAAA,MAAA;IAAA,OAAA,EAAA,MAAA;YACvB,EAAA,MAAA;WACM,EAAA,MAAA;SAAd,EAAA,MAAA;IAAO,eAAA,EAAA,MAAA,EAAA;;;;ECHV,qBAA6B,CAAA,CAAA,EHmNFA,OGnNE,CAAA;IA4FP,WAAA,EAAA,MAAW;IAAA,SAAA,EAAA,MAAA;;oBAKtB,CAAA,CAAA,EHsHaA,OGtHb,CAAA;eAAR,EAAA,MAAA;IAAO,oBAAA,EAAA,MAAA;;;;ECnGV,gBAAiB,CAAA,CAAA,EJ+NKA,OI/NS,CAAA;IAqDT,WAAA,EAAA,MAAa;IAAA,SAAA,EAAA,MAAA;;qBAIhB,CAAA,CAAA,EJ0KMA,OI1KN,CAAA;WAER,EAAA,MAAA;YAAR,EAAA,MAAA;IAAO,UAAA,EAAA,MAAA;;;;ICxEO,aAAA,CAAA,EAAY,MAAA;IAUP,UAAA,CAAA,EAAS,MAAA;EAAA,CAAA,CAAA;kBACX,CAAA,IAAA,EAAA;kBAAR,EAAA,MAAA;QACD,CAAA,EAAA,MAAA;gBACA,CAAA,ELgPQX,MKhPR,CAAA,MAAA,EAAA,OAAA,CAAA;MLiPLW,OKjPH,CAAA;IAAO,EAAA,EAAA,OAAA;;;uBLqPaA;IM5ON,QAAA,EAAA;MAMA,EAAA,EAAA,MAAA;MAKP,IAAA,EAAA,MAAA;MAOO,WAAA,CAAA,EAAA,MAAgB;IAAA,CAAA,EAAA;;oBACI,CAAA,KAAA,EAAA;YACd,EAAA,MAAA;YAAgB,EAAA,MAAA;QACmC,EAAA,MAAA;QNkOlEA,OMjOM,CAAA;eACC,EAAA;MAAW,EAAA,EAAA,MAAA;MAGV,SAAA,EAAA,MAAA;MAAsB,WAAA,EAAA,MAAA;WAC5B,EAAA,MAAA;eACH,EAAA,MAAA;OACJ;EAAgB,CAAA,CAAA;;;;;MNuObA;;;;;;;;;;;;WAYKhB;;;;MAILgB,QAAQjC;;;;;;;;WAQHiB;;;;;MAKLgB;;;;;;;;;;WAUKhB;;;;eAIIJ;;;;;eAKAlB;mBACIE;;iBAEFP;;;MAGX2C,QAAQtB;;;WAGHM;;;MAGLgB;eACStB;eACAlB;;;;WAIJwB;;;;MAILgB;;iBAEWpC;aACJF;;eAEEL;;;;;;;WAOJ2B;;;;iBAIMpB;aACJF;;eAEEL;;MAET2C;;;;;;WAMKhB;;;;MAILgB;;;WAGKhB;;;;;;eAMIJ;;MAEToB,QAAQtB;;;WAGHM;;eAEIJ;;;MAGToB,QAAQlB;;;WAGHE;;;;;MAKLgB;aACO7C;;;;;WAKF6B;;;MAGLgB;;sBAEgBA,QAAQxB;;;;;;;;;;YAUlBwB;;;;;;;;;MASNA;;;;;;;;;;;;;;;;MAgBAA;;;0CAGoCA;;;;;;;;;;MAUpCA;;;;;;;;;;MAUAA;;;;;;;;;;;;MAYAA;;;;;;;;;;;MAWAA;;;;;MAKAA;;;;;;;;;;MAUAA;;;;;;;;;;;;;;;;;;MAkBAA;;;;;;;;;;;;;;;;MAgBAA;;;;;;;;;;;;;;;;;;MAkBAA;;;;;;;;;;;MAWAA;;;;;;;;;;MAUAA;;;;;;;;;;;;;;;;;;;;;;;;MAwBAA;;;;;;;;;;;;MAYAA;;;;wDAIkDA;;;;uCAIjBA;;;;;;;;;;;oBAWnBA;;;;;;;;kCAQcA;;;iBAGjBA;;;;;;;;;;;;;;;MAeXA;;;;;;2BAMqBA;;;;+BAIIA;;;;;;;;;;MAUzBA;;;;MAIAA;;;;;MAKAA;iCAC2BA;;;;;;;;;;;MAW3BA;;;;;;AF/nBgB,UGnDL,UAAA,CHmDiB;EAAA,MAAA,EAAA,MAAA;QAEvB,EAAA,MAAA;WAAR,EAAA,MAAA;EAAO,MAAA,EAAA,MAAA;AAmBV;AAAmC,UGjElB,iBAAA,CHiEkB;eAEvB,EAAA,MAAA;QACT,EGlEO,cHkEP;;AAUH;;;;;AAaA;AAgBsB,iBGhGN,gBAAA,CHgGgD;EAAA,aAAA;EAAA;AAAA,CAAA,EGhGJ,iBHgGI,CAAA,EAAA;EAgBhD,aAAA,EAAA,MAAa;EAAA,MAAA,gBAAA;;;;;gCCxEP;;;EAAA,CAAA,CAAA,EE5Bf,OF4Be,CE5BP,UF4ByB,CAAA;EA8BxB,WAAA,CAAA,KAAY,EAAA,MAAA,EAAA,EAAA,QAAA,EAAA;IAiBZ,KAAA,CAAA,EAAA,OAAa;MEnCtB,QAAQ;;cD5FLd;IAJAD,KAAAA,CAAAA,EAAAA,OAAAA;EAIAC,CAAAA,CAAAA,ECwHyC,ODxHzCA,CCwHiD,UDxHpC,CAAA;EAUbC;AAAiB;;;UAYlBE,CAAAA,OAECC,CAFDD,EAAAA;IAAM,KAAA,CAAA,EAAA,OAAA;EAELC,CAAAA,CAAAA,ECqI6C,ODrI7CA,CCqIqD,UDrIrC,CAAA;EAKhBC;AAAmB;AAOA;AAYD;EAUlBI,SAAAA,CAAAA,KAAAA,EAAa,MAAA,EAAA,EAAA,OAebE,CAfa,EAAA;IAQbD,KAAAA,CAAAA,EAAAA,OAAgB;EAOhBC,CAAAA,CAAAA,ECgLH,ODhLGA,CCgLK,UDhLa,CAAA;EAKlBC;AAAe;;;iBAcdZ,CAAAA,QAAAA,EAAAA,MAAAA,EAAAA,QAAAA,EAAAA;IADLc,KAAAA,CAAAA,EAAAA,OAAAA;MCyMC,ODtMsBZ,CAAAA,IAAAA,CAAAA;;AAQnBE,KCiNE,UAAA,GAAa,UDjNfA,CAAAA,OCiNiC,gBDjNjCA,CAAAA;;;;;;;;AFrFV;AAOA;AAA8B,UIrBb,cAAA,CJqBa;eACN,EAAA,MAAA;;EAAT,UAAA,CAAA,EAAA,MAAA;EAGE;EAiBA,SAAA,EAAA,CAAA,KAAY,EAAA,MAAA,EAAA,EAAA,GAAA,IAAA,GIrCY,OJqCZ,CAAA,IAAA,CAAA;AA4B7B;;;;;AAqBA;AAAmC,iBI9Eb,YAAA,CJ8Ea,OAAA,EI7ExB,cJ6EwB,CAAA,EI5EhC,OJ4EgC,CAAA,GAAA,GI5ElB,OJ4EkB,CAAA,IAAA,CAAA,CAAA;;;;AArBb,UK1DL,YAAA,CL0DiB;EAAA,IAAA,EAAA,MAAA;SAEvB,EAAA,OAAA;MAAR,CAAA,EAAA,MAAA;EAAO,IAAA,CAAA,EAAA,MAAA;EAmBY,KAAA,CAAA,EAAA,MAAA;;;;;AAaA,iBKAA,WAAA,CLAmB,aAAA,EAAA,MAAA,EAAA,aAAA,EAAA,MAAA,EAAA,EAAA,MAAA,EKG/B,cLH+B,EAAA,QAAA,EAAA;EAAA,WAAA,CAAA,EAAA,MAAA;OAGhC,CAAA,EAAA,OAAA;IKEN,OLDA,CKCQ,YLDR,EAAA,CAAA;;;;AAlEc,UMhCA,cAAA,CNgCY;EA4BP,IAAA,EAAA,MAAA;EAAY,OAAA,EAAA,OAAA;MAEvB,CAAA,EAAA,MAAA;OAAR,CAAA,EAAA,MAAA;;AAmBmB,iBM5BA,aAAA,CN4Ba,aAAA,EAAA,MAAA,EAAA,aAAA,EAAA,MAAA,EAAA,EAAA,MAAA,EMzBzB,cNyByB,EAAA,cAAA,CAAA,EMxBhB,cNwBgB,EAAA,QAAA,EAAA;EAAA,WAAA,CAAA,EAAA,MAAA;OAEvB,CAAA,EAAA,OAAA;IMxBT,ONyBA,CMzBQ,cNyBR,EAAA,CAAA;;;;;;;;AAhFc,UOjBA,YAAA,CPiBa;EAOb,UAAA,CAAA,EAAA,MAAa;EAAA,WAAA,CAAA,EAAA,MAAA;;;;AAI9B;AAiBA;AA4BA;AAAkC,iBO/DZ,SP+DY,CAAA,CAAA,CAAA,CAAA,EAAA,EAAA,GAAA,GO9DtB,OP8DsB,CO9Dd,CP8Dc,CAAA,EAAA,OAAA,CAAA,EO7DvB,YP6DuB,CAAA,EO5D/B,OP4D+B,CO5DvB,CP4DuB,CAAA;;;;AAAZ,UQnDL,WAAA,CRmDiB;EAAA,SAAA,EAAA,MAAA,GAAA,SAAA,GAAA,KAAA;SAEvB,EAAA,MAAA;MAAR,EAAA,MAAA;;AAmBmB,UQlEL,gBAAA,CRkEkB;EAAA,aAAA,EAAA,MAAA;QAEvB,EQlEF,cRkEE;;UQ/DF,YAAA,CRgEA;EAUY,IAAA,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAmB;EAAA,IAAA,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAA;OAGhC,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAA;OACN,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAA;;AASmB,UQhFL,gBAAA,CRgFwB;EAgBnB,UAAA,CAAA,MAAA,EQ/FD,WR+FoC,EAAA,CAAA,EQ/FpB,OR+F2B,CAAA,IAAA,CAAA;EAgBhD,YAAA,CAAA,MAAa,EQ9GN,WR8GM,EAAA,CAAA,EQ9GU,OR8GV,CAAA,IAAA,CAAA;EAAA,kBAAA,CAAA,QAAA,EAAA,MAAA,EAAA,SAAA,EAAA,SAAA,GAAA,SAAA,CAAA,EQ7G6C,OR6G7C,CAAA,IAAA,CAAA;UACpB,EAAA,EQ7GK,OR6GL,CAAA,IAAA,CAAA;WACC,EAAA,EQ7GK,WR6GL,EAAA;;AACK,iBQ3GC,sBAAA,CR2GD,MAAA,EQ1GL,gBR0GK,EAAA,GAAA,EQzGR,YRyGQ,CAAA,EQxGZ,gBRwGY"}
1
+ {"version":3,"file":"index.d.ts","names":["ChangelogAction","ChangelogActor","ChangelogEntry","ChangelogEntry$1","EncryptedEnvelopeV1","EncryptedEnvelopeV1$1","Field","FieldEnvelope","FieldEnvelope$1","FieldFormat","FieldFormat$1","FieldSensitivity","FieldSensitivity$1","FieldView","GeneratedDataKey","GeneratedDataKey$1","IntegrationConfigResult","IntegrationConfigResult$1","IntegrationConfigSchemaField","IntegrationInstall","IntegrationInstall$1","RegistryEntry","RegistryEntry$1","ScopeInfo","ScopeInfo$1","SecretAggregate","SecretAggregate$1","SecretCategory","SecretCategory$1","SecretMetadata","SecretMetadata$1","SecretScope","SecretScope$1","AgentApiClientConfig","SyncAgentInfo","SyncManifestEntry","SyncManifest","Record","SyncPresignedUrl","SyncConfirmedUpload","SyncReconstructFile","SyncReconstructBundle","SyncAgentStats","SyncFileEntry","SyncSessionEntry","SyncSessionContent","SharedFileEntry","AgentApiClient","Promise"],"sources":["../src/manifest.ts","../src/ignore.ts","../../agent-api-client/dist/index.d.ts","../src/sync-engine.ts","../src/watcher.ts","../src/uploader.ts","../src/downloader.ts","../src/retry.ts","../src/shared-sync.ts"],"sourcesContent":["import { ChangelogAction, ChangelogActor, ChangelogEntry, ChangelogEntry as ChangelogEntry$1, EncryptedEnvelopeV1, EncryptedEnvelopeV1 as EncryptedEnvelopeV1$1, Field, FieldEnvelope, FieldEnvelope as FieldEnvelope$1, FieldFormat, FieldFormat as FieldFormat$1, FieldSensitivity, FieldSensitivity as FieldSensitivity$1, FieldView, GeneratedDataKey, GeneratedDataKey as GeneratedDataKey$1, IntegrationConfigResult, IntegrationConfigResult as IntegrationConfigResult$1, IntegrationConfigSchemaField, IntegrationInstall, IntegrationInstall as IntegrationInstall$1, RegistryEntry, RegistryEntry as RegistryEntry$1, ScopeInfo, ScopeInfo as ScopeInfo$1, SecretAggregate, SecretAggregate as SecretAggregate$1, SecretCategory, SecretCategory as SecretCategory$1, SecretMetadata, SecretMetadata as SecretMetadata$1, SecretScope, SecretScope as SecretScope$1 } from \"@alfe/types\";\n\n//#region src/index.d.ts\n\ninterface AgentApiClientConfig {\n apiKey: string;\n apiUrl: string;\n}\ninterface SyncAgentInfo {\n agentId: string;\n tenantId: string;\n displayName: string;\n s3Prefix: string;\n status: \"stale\" | \"syncing\" | \"synced\";\n fileCount?: number;\n totalSize?: number;\n lastSync?: string;\n}\ninterface SyncManifestEntry {\n hash: string;\n size: number;\n modified: string;\n etag?: string;\n storageClass?: string;\n compressed?: boolean;\n}\ninterface SyncManifest {\n version: 1;\n agentId: string;\n lastSync: string;\n files: Record<string, SyncManifestEntry>;\n}\ninterface SyncPresignedUrl {\n path: string;\n url: string;\n expiresAt: string;\n}\ninterface SyncConfirmedUpload {\n filePath: string;\n hash: string;\n size: number;\n storageClass: \"STANDARD\" | \"GLACIER_IR\";\n syncedAt: string;\n}\ninterface SyncReconstructFile {\n path: string;\n size: number;\n url: string;\n storageClass?: string;\n compressed?: boolean;\n}\ninterface SyncReconstructBundle {\n agentId: string;\n mode: \"full\" | \"active\" | \"memory\";\n fileCount: number;\n totalSize: number;\n files: SyncReconstructFile[];\n expiresAt: string;\n}\ninterface SyncAgentStats {\n agentId: string;\n standardBytes: number;\n glacierBytes: number;\n fileCount: number;\n lastSyncAt: string | null;\n}\ninterface SyncFileEntry {\n filePath: string;\n size: number;\n modified: string;\n contentHash: string;\n storageClass?: string;\n compressed?: boolean;\n}\ninterface SyncSessionEntry {\n sessionId: string;\n size: number;\n lastModified: string;\n storageClass?: string;\n isArchived: boolean;\n}\ninterface SyncSessionContent {\n sessionId: string;\n content: string;\n compressed: boolean;\n}\ninterface SharedFileEntry {\n filePath: string;\n fileName: string;\n size: number;\n contentType?: string;\n}\ndeclare class AgentApiClient {\n private readonly apiKey;\n private readonly apiUrl;\n constructor(config: AgentApiClientConfig);\n private request;\n syncRegister(args?: {\n displayName?: string;\n }): Promise<{\n agent: SyncAgentInfo;\n }>;\n syncGetManifest(): Promise<SyncManifest>;\n syncPresign(args: {\n files: {\n path: string;\n operation: \"put\" | \"get\";\n contentType?: string;\n }[];\n }): Promise<{\n urls: SyncPresignedUrl[];\n }>;\n syncConfirmUpload(args: {\n filePath: string;\n hash: string;\n size: number;\n storageClass?: \"STANDARD\" | \"GLACIER_IR\";\n }): Promise<SyncConfirmedUpload>;\n syncReconstruct(args: {\n mode: \"full\" | \"active\" | \"memory\";\n }): Promise<SyncReconstructBundle>;\n syncGetStats(): Promise<SyncAgentStats>;\n syncListFiles(args?: {\n prefix?: string;\n }): Promise<{\n files: SyncFileEntry[];\n }>;\n syncListSessions(): Promise<{\n sessions: SyncSessionEntry[];\n }>;\n syncGetSession(sessionId: string): Promise<SyncSessionContent>;\n syncDeleteFile(filePath: string): Promise<{\n removed: boolean;\n }>;\n sharedListFiles(args: {\n scope: \"org\" | \"team\" | \"project\";\n scopeId: string;\n }): Promise<{\n files: SharedFileEntry[];\n nextCursor: string | null;\n }>;\n sharedDownloadUrl(args: {\n scope: \"org\" | \"team\" | \"project\";\n scopeId: string;\n filePath: string;\n }): Promise<{\n downloadUrl: string;\n expiresIn: number;\n }>;\n listIntegrations(): Promise<IntegrationInstall$1[]>;\n getIntegrationConfig(integrationId: string): Promise<IntegrationConfigResult$1>;\n updateIntegrationConfig(integrationId: string, config: Record<string, unknown>): Promise<void>;\n installIntegration(integrationId: string, options?: {\n version?: string;\n config?: Record<string, unknown>;\n }): Promise<IntegrationInstall$1>;\n removeIntegration(integrationId: string): Promise<IntegrationInstall$1>;\n getOAuthUrl(provider: string, scopes?: string[]): Promise<{\n url: string;\n provider: string;\n expiresIn: number;\n }>;\n getOAuthStatus(provider: string): Promise<{\n provider: string;\n connected: boolean;\n config?: Record<string, string>;\n }>;\n getRegistry(): Promise<{\n integrations: RegistryEntry$1[];\n }>;\n /**\n * Returns every connected Google account for the agent. Multi-account by\n * design — the openclaw-google plugin requires the LLM to pass `email`\n * explicitly to `google_run_command` so an account is always selected\n * deliberately.\n *\n * 2026-05-14 (connections-redesign PR 1): the legacy flat shape (`email`,\n * `refreshToken`, `accessToken`, etc., populated from the default account)\n * is gone. Iterate over `accounts`.\n */\n getGoogleCredentials(): Promise<{\n accounts: {\n email: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n displayName?: string;\n connectedAt?: string;\n }[];\n }>;\n disconnectGoogleAccount(email: string): Promise<{\n accounts: {\n email: string;\n displayName?: string;\n connectedAt?: string;\n }[];\n }>;\n getGoogleChatCredentials(): Promise<{\n email: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n displayName?: string;\n }>;\n /**\n * @deprecated Returns a single primary credential blob (legacy \"pick-the-\n * default-connection\" shape). Use `getGithubAccounts()` for the multi-\n * account shape required by Pattern A — explicit selector args on every\n * tool. Retained because the `@alfe.ai/openclaw-github` proxy is the\n * only consumer that knows about Pattern A; legacy env-interpolation\n * callers will keep hitting `/credentials` until they move to the proxy.\n */\n getGithubCredentials(): Promise<{\n login: string;\n accessToken: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for GitHub.\n *\n * Returns every agent-scoped GitHub connection. The caller is expected\n * to require a `login` selector on every credential-touching tool and\n * look up the matching account at dispatch time.\n *\n * GitHub OAuth tokens have no expiry (`tokenLifecycle: \"no_expiry\"`),\n * so there is intentionally no `refreshGithubAccountToken` method — if\n * a token is revoked the user must re-run the OAuth flow.\n *\n * Returned `accounts[i].login` is the GitHub username — the stable\n * cross-session identifier the LLM should pass.\n */\n getGithubAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n login: string;\n scopes: string;\n }[];\n }>;\n /**\n * @deprecated Returns a single primary credential blob (legacy \"pick-the-\n * default-connection\" shape). Use `getXeroAccounts()` for the multi-\n * account shape required by Pattern A — explicit selector args on every\n * tool. This method will be removed once all consumers migrate.\n */\n getXeroCredentials(): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n xeroTenantId: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for Xero. Returns every\n * agent-scoped Xero connection. The caller is expected to require a\n * selector arg (e.g. `xeroTenantId`) on every credential-touching tool\n * and look up the matching account by that selector at dispatch time.\n *\n * Returned `accounts[i].accountIdentifier` is the Xero tenantId — the\n * stable cross-session identifier the LLM should pass.\n */\n getXeroAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n accessTokenExpiresAt: string;\n xeroTenantId: string;\n }[];\n }>;\n refreshXeroToken(): Promise<{\n accessToken: string;\n expiresAt: string;\n }>;\n /**\n * Pattern A: refresh a specific Xero connection by its `accountIdentifier`\n * (the Xero `tenantId`). The legacy `refreshXeroToken()` only refreshes\n * the *primary* connection, which is wrong for multi-tenant Xero where\n * each tenant has its own non-interchangeable access token.\n */\n refreshXeroAccountToken(xeroTenantId: string): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n expiresAt: string;\n }>;\n /**\n * @deprecated Returns a single primary credential blob (legacy \"pick-the-\n * default-connection\" shape). Use `getNotionAccounts()` for the multi-\n * account shape required by Pattern A.\n */\n getNotionCredentials(): Promise<{\n accessToken: string;\n workspaceId: string;\n workspaceName: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for Notion. Returns every\n * agent-scoped Notion connection. The caller is expected to require a\n * selector arg (e.g. `workspaceId`) on every credential-touching tool.\n *\n * Returned `accounts[i].accountIdentifier` is the Notion workspaceId.\n */\n getNotionAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n workspaceId: string;\n workspaceName: string;\n }[];\n }>;\n /**\n * @deprecated Returns a single primary Atlassian Connection's credentials\n * (one OAuth user, one cloudId) — the legacy \"pick-the-default-connection\"\n * shape. Atlassian is multi-site by nature (each OAuth user may have\n * access to multiple Cloud sites), so Pattern A plugins MUST use\n * `getAtlassianAccounts()` to discover the full set and dispatch via\n * the `cloudId` selector arg.\n */\n getAtlassianCredentials(): Promise<{\n accessToken: string;\n refreshToken: string;\n accessTokenExpiresAt: string;\n cloudId: string;\n siteName: string;\n siteUrl: string;\n email: string;\n enabledProducts: string[];\n clientId: string;\n clientSecret: string;\n }>;\n refreshAtlassianToken(): Promise<{\n accessToken: string;\n expiresAt: string;\n }>;\n /**\n * Pattern A: multi-account / multi-site credential fetch for Atlassian.\n *\n * Returns every agent-scoped Atlassian Connection. Each Connection is\n * one OAuth user with a single access token and N accessible Cloud\n * sites (`availableSites`). The caller is expected to:\n *\n * 1. Flatten (connection × cloudId) into one MCP child per site.\n * 2. Require a `cloudId` selector on every credential-touching tool.\n * 3. Use the access token bound to the Connection that owns the\n * requested `cloudId` (Atlassian shares one access token across\n * all sites accessible to the OAuth user).\n *\n * Per-account token refresh uses `refreshAtlassianAccountToken(email)`\n * — refreshing one Connection rotates its single access token, which\n * then applies to every cloudId for that Connection.\n *\n * Returned `accounts[i].accountIdentifier` is the OAuth user's email\n * — the stable cross-session identifier for refresh purposes. The LLM\n * never sees this directly: it picks a site via the `cloudId` arg\n * instead.\n */\n getAtlassianAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n accessTokenExpiresAt: string;\n clientId: string;\n clientSecret: string;\n cloudId: string;\n siteName: string;\n siteUrl: string;\n availableSites: {\n id: string;\n url: string;\n name: string;\n scopes?: string[];\n avatarUrl?: string;\n }[];\n }[];\n }>;\n /**\n * Pattern A: refresh a specific Atlassian Connection by `accountIdentifier`\n * (the OAuth user's email).\n *\n * Atlassian rotates refresh tokens (`rotatesRefreshToken: true`); the\n * server-side per-account refresh endpoint handles rotation and\n * persistence. Refreshing one Connection updates its single access\n * token, which applies to every accessible Cloud site (cloudId) for\n * that OAuth user.\n *\n * Returns the new access token + expiry. The proxy is responsible for\n * fanning the new token out to every child server it spawned for\n * cloudIds owned by this Connection.\n */\n refreshAtlassianAccountToken(accountIdentifier: string): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n expiresAt: string;\n }>;\n /**\n * @deprecated Returns a single primary credential blob (legacy \"pick-the-\n * default-connection\" shape). Use `getMYOBAccounts()` for the multi-\n * account shape required by Pattern A.\n */\n getMYOBCredentials(): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n myobBusinessId: string;\n clientId: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for MYOB. Returns every\n * agent-scoped MYOB connection. The caller is expected to require a\n * selector arg (e.g. `myobBusinessId` / `accountIdentifier`) on every\n * credential-touching tool.\n *\n * Returned `accounts[i].accountIdentifier` is the MYOB businessId.\n */\n getMYOBAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n accessTokenExpiresAt: string;\n myobBusinessId: string;\n clientId: string;\n }[];\n }>;\n refreshMYOBToken(): Promise<{\n accessToken: string;\n expiresAt: string;\n }>;\n /**\n * Microsoft 365 (delegated OAuth) credential fetch — single-account shape.\n *\n * @deprecated Use `getMicrosoftAccounts()` and dispatch via the `email`\n * selector once per-account plugins land. Retained because the existing\n * `integrations/connect/microsoft/hooks/post_activate.mjs` writes\n * `mgc` credentials for the single (default) Microsoft account.\n *\n * Returns the agent's effective Microsoft delegated-OAuth credentials.\n * Distinct from `getTeamsCredentials()` (Azure bot credentials for the\n * Teams adapter, which is admin-consent flow on services/microsoft, not\n * delegated OAuth on services/connect).\n */\n getMicrosoftCredentials(): Promise<{\n accessToken: string;\n accessTokenExpiresAt?: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n email?: string;\n microsoftTenantId?: string;\n workspaceDomain?: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for Microsoft 365.\n *\n * Returns every agent-scoped Microsoft connection. The caller is expected\n * to require an `email` selector on every credential-touching tool and\n * look up the matching account at dispatch time.\n *\n * Returned `accounts[i].accountIdentifier` is the user's primary email\n * (or the tid claim as fallback) — the stable cross-session identifier\n * the LLM should pass.\n *\n * Per-account token refresh is exposed via `refreshMicrosoftAccountToken`,\n * NOT `refreshXeroAccountToken` — Microsoft refresh tokens are not\n * interchangeable across (tenant, user) pairs.\n */\n getMicrosoftAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n accessTokenExpiresAt: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n email: string;\n microsoftTenantId: string;\n workspaceDomain: string;\n }[];\n }>;\n /**\n * Pattern A: refresh a specific Microsoft 365 connection by its\n * `accountIdentifier`. For Microsoft, `accountIdentifier` is the user's\n * email when the Graph profile fetch succeeded at connect time, and the\n * Azure tenant id (`tid` claim) as fallback. Callers should pass the\n * value returned by `getMicrosoftAccounts()` rather than synthesising\n * an email locally.\n *\n * Microsoft refresh tokens are bound to a specific (tenant, user) pair —\n * they are NOT interchangeable across accounts, so per-account refresh\n * is mandatory. The generic /accounts/{accountIdentifier}/refresh\n * endpoint walks the agent's full visible scope chain to find a matching\n * connection (works for inherited team/project Microsoft connections).\n */\n refreshMicrosoftAccountToken(accountIdentifier: string): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n expiresAt: string;\n }>;\n getTeamsCredentials(): Promise<{\n agentId: string;\n tenantId: string;\n azureAppId: string;\n azureBotId: string;\n azureClientSecret: string;\n botDisplayName?: string;\n teamsTenantId?: string;\n serviceUrl?: string;\n }>;\n sendTeamsMessage(data: {\n conversationId: string;\n text?: string;\n adaptiveCard?: Record<string, unknown>;\n }): Promise<{\n ok: boolean;\n activityId: string;\n }>;\n listTeamsChannels(): Promise<{\n channels: {\n id: string;\n name: string;\n description?: string;\n }[];\n }>;\n presignAttachments(files: {\n filename: string;\n mimeType: string;\n size: number;\n }[]): Promise<{\n attachments: {\n id: string;\n uploadUrl: string;\n downloadUrl: string;\n s3Key: string;\n expiresAt: string;\n }[];\n }>;\n recordActivity(data: {\n userId?: string;\n channel: string;\n role: \"user\" | \"assistant\";\n }): Promise<{\n recorded: boolean;\n }>;\n /**\n * Mint a fresh AES-256 data key for a specific (secret, field) pair. The\n * encryption context is rebuilt server-side from `auth.tenantId` + the body\n * fields including `fieldKey`; the agent cannot forge context for a scope\n * or field it doesn't own. Legacy single-envelope secrets are migrated to\n * `field#value` rows by the data migration, so call with `fieldKey: \"value\"`\n * to reach them.\n */\n generateSecretDataKey(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n }): Promise<GeneratedDataKey$1>;\n /**\n * Unwrap a wrapped data key so the agent can decrypt the envelope locally.\n * `fieldKey` MUST match the value supplied when the data key was generated\n * (it's bound into KMS encryption context); mismatch fails with\n * `InvalidCiphertextException`.\n */\n decryptSecretDataKey(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n dataKeyCiphertext: string;\n }): Promise<{\n plaintextKey: string;\n }>;\n /**\n * Create a new secret with one or more fields. Encrypted fields must arrive\n * pre-sealed (the agent has already obtained per-field data keys via\n * `generateSecretDataKey({ ..., fieldKey })` and AES-encrypted locally).\n * Plaintext fields ship the value inline.\n */\n createSecret(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n secretName: string;\n category?: SecretCategory$1;\n description?: string;\n tags?: string[];\n fields: {\n key: string;\n format?: FieldFormat$1;\n sensitivity: FieldSensitivity$1;\n value?: string;\n envelope?: EncryptedEnvelopeV1$1;\n }[];\n reason?: string;\n }): Promise<SecretAggregate$1>;\n /** Fetch the secret aggregate plus per-field encrypted envelopes. */\n getSecret(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n }): Promise<{\n aggregate: SecretAggregate$1;\n envelopes: FieldEnvelope$1[];\n }>;\n /** Fetch one field. Plaintext: value inline. Encrypted: envelope. */\n getSecretField(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n }): Promise<{\n key: string;\n sensitivity: FieldSensitivity$1;\n format?: FieldFormat$1;\n value?: string;\n envelope?: EncryptedEnvelopeV1$1;\n rotatedAt?: string;\n createdAt: string;\n updatedAt: string;\n }>;\n /** Add OR rotate one field. */\n setSecretField(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n sensitivity: FieldSensitivity$1;\n format?: FieldFormat$1;\n value?: string;\n envelope?: EncryptedEnvelopeV1$1;\n reason?: string;\n }): Promise<{\n fieldKey: string;\n rotated: boolean;\n }>;\n /** Remove one field. */\n removeSecretField(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n }): Promise<void>;\n /** Update secret-level metadata (name/description/tags/category). */\n updateSecretMetadata(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n secretName?: string;\n description?: string;\n tags?: string[];\n category?: SecretCategory$1;\n reason?: string;\n }): Promise<SecretAggregate$1>;\n /** List metadata for secrets in a scope. Optional filters route through the byFacet GSI. */\n listSecrets(args: {\n scope: SecretScope$1;\n scopeId: string;\n category?: SecretCategory$1;\n tag?: string;\n fieldKey?: string;\n }): Promise<SecretMetadata$1[]>;\n /** Bounded changelog read — metadata-only audit entries. */\n getSecretHistory(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n limit?: number;\n cursor?: string;\n }): Promise<{\n entries: ChangelogEntry$1[];\n nextCursor?: string;\n }>;\n /** Delete a secret (and all its field rows + tag rows + changelog rows). */\n deleteSecret(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n }): Promise<void>;\n /** Enumerate scopes (org/team/project/agent) this agent can access. */\n listSecretScopes(): Promise<ScopeInfo$1[]>;\n /**\n * Returns the calling agent's own identity context — `{ agentId, tenantId }`\n * decoded server-side from the agent API token. Used by the\n * `@alfe.ai/openclaw-identity` plugin to bootstrap context when the\n * OpenClaw daemon doesn't plumb `ctx.agentId` through to plugin hooks.\n * Plugins should cache this for the daemon's lifetime (single-agent-per-\n * process invariant). One HTTP round-trip per process activate; not for\n * per-call use.\n */\n whoami(): Promise<{\n agentId: string;\n tenantId: string;\n }>;\n resolveIdentity(args: {\n provider: string;\n platformId: string;\n kind?: \"user\" | \"agent\" | \"service\" | \"bot\" | \"workspace\";\n displayName?: string;\n }): Promise<{\n identityId: string | null;\n status: string;\n created?: boolean;\n reason?: string;\n /**\n * Flattened auriclabs permission strings for the resolved identity\n * (scope-prefixed where applicable). Empty array on miss / org service\n * outage — the runtime gate fails closed in that case.\n */\n permissions: string[];\n }>;\n searchIdentities(args?: {\n q?: string;\n status?: string;\n limit?: number;\n }): Promise<{\n identities: unknown[];\n }>;\n getIdentityContext(identityId: string): Promise<{\n context: unknown;\n }>;\n mergeIdentities(survivorId: string, args: {\n mergedId: string;\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n error?: string;\n }>;\n unmergeIdentity(identityId: string, args: {\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n error?: string;\n }>;\n addIdentityNote(identityId: string, args: {\n content: string;\n category?: string;\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n noteId: string | null;\n }>;\n tagIdentity(identityId: string, args: {\n tag: string;\n action: \"add\" | \"remove\";\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n }>;\n getIdentityChangelog(identityId: string, args?: {\n limit?: number;\n }): Promise<{\n entries: unknown[];\n }>;\n rollbackIdentity(identityId: string, args: {\n targetVersion: number;\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n entry?: unknown;\n }>;\n requestIdentityVerification(args: {\n claimedIdentityId: string;\n requestingIdentityId: string;\n requestingProvider: string;\n requestingPlatformId: string;\n preferredChannel?: \"mobile\" | \"email\";\n /**\n * Phase 2: agent-supplied contact endpoint. When provided, the top-level\n * `preferredChannel` is ignored — the contact's channel wins.\n */\n contact?: {\n channel: \"email\" | \"mobile\";\n value: string;\n };\n }): Promise<{\n verificationId: string;\n channel: string;\n deliveredTo: string;\n expiresAt: string;\n availableChannels: {\n channel: string;\n deliveredTo: string;\n }[];\n } | {\n error: string;\n }>;\n confirmIdentityVerification(args: {\n claimedIdentityId: string;\n verificationId: string;\n phrase: string;\n }): Promise<{\n verified: boolean;\n identityId?: string;\n /** Phase 2: how the confirm resolved — Scenario A vs B. */\n action?: \"merged\" | \"contact_verified\";\n error?: string;\n }>;\n /**\n * Update display-shape fields on an Identity. Body excludes `email` /\n * `phone` / `title` / `company` / `metadata` per Section D4 — contacts go\n * via the verify flow, title/company live on OrgMembership, metadata is\n * not agent-writable.\n */\n updateIdentity(identityId: string, args: {\n name?: string;\n avatarUrl?: string;\n timezone?: string;\n locale?: string;\n }): Promise<{\n ok: boolean;\n }>;\n /**\n * Phase 2 (Section H): server-side verification of a Google Chat sender via\n * the agent's existing Google OAuth credentials. Returns the resolved\n * identity (created or matched via Scenario-B email enrichment).\n */\n resolveGoogleChatSender(args: {\n senderUserId: string;\n spaceId?: string;\n }): Promise<{\n identityId: string | null;\n status: string;\n }>;\n memorySearch(query: string, opts?: {\n limit?: number;\n topic?: string;\n subtopic?: string;\n tag?: string;\n includeKnowledge?: boolean;\n }): Promise<{\n facts: {\n subject: string;\n predicate: string;\n object: string;\n since: string;\n confidence: number;\n }[];\n memories: {\n id: string;\n text: string;\n topic: string;\n subtopic: string;\n tag: string;\n importance: number;\n timestamp: number;\n score: number;\n }[];\n }>;\n memoryStore(text: string, opts?: {\n topic?: string;\n subtopic?: string;\n tag?: string;\n importance?: number;\n }): Promise<{\n memoryId: string;\n }>;\n memoryIngest(sessionKey: string, messages: {\n role: string;\n content: string;\n index: number;\n timestamp?: string;\n }[], metadata?: {\n channelId?: string;\n userId?: string;\n userName?: string;\n }): Promise<{\n queued: boolean;\n messageCount: number;\n }>;\n memoryLoadContext(tier?: number, topicHint?: string): Promise<{\n formatted: string;\n [key: string]: unknown;\n }>;\n memoryLookupEntity(subject: string): Promise<{\n subject: string;\n triples: {\n tripleId: string;\n predicate: string;\n object: string;\n validFrom: string;\n validTo?: string;\n confidence: number;\n }[];\n }>;\n memoryNavigate(): Promise<{\n topics: {\n name: string;\n tripleCount: number;\n subtopics: string[];\n }[];\n cursor: string | null;\n }>;\n memoryDelete(memoryId: string): Promise<{\n deleted: boolean;\n }>;\n memoryStats(): Promise<{\n vectorCount: number;\n tripleCount: number;\n storageEstimateBytes: number;\n lastIngestionAt?: string;\n }>;\n memoryLearn(args: {\n text: string;\n source?: string;\n sourceType?: \"file\" | \"url\" | \"inline\";\n metadata?: {\n sessionId?: string;\n channelId?: string;\n userName?: string;\n };\n }): Promise<{\n memoriesStored: number;\n triplesStored: number;\n chunks: number;\n source?: string;\n }>;\n memoryBootstrapStatus(): Promise<{\n synced: boolean;\n syncedAt?: string;\n }>;\n memoryBootstrapStatusMark(): Promise<{\n synced: true;\n syncedAt: string;\n }>;\n searchWeb(params: {\n query: string;\n count?: number;\n offset?: number;\n country?: string;\n freshness?: string;\n }): Promise<unknown>;\n searchImages(params: {\n query: string;\n count?: number;\n }): Promise<unknown>;\n searchNews(params: {\n query: string;\n count?: number;\n freshness?: string;\n }): Promise<unknown>;\n registerDatabaseCredentials(): Promise<{\n connectionString: string;\n username: string;\n password: string;\n databases: string[];\n }>;\n reportDatabaseAudit(entry: {\n database: string;\n collection: string;\n operation: string;\n summary?: string;\n }): Promise<void>;\n}\n//# sourceMappingURL=index.d.ts.map\n//#endregion\nexport { AgentApiClient, AgentApiClientConfig, type ChangelogAction, type ChangelogActor, type ChangelogEntry, type EncryptedEnvelopeV1, type Field, type FieldEnvelope, type FieldFormat, type FieldSensitivity, type FieldView, type GeneratedDataKey, type IntegrationConfigResult, type IntegrationConfigSchemaField, type IntegrationInstall, type RegistryEntry, type ScopeInfo, type SecretAggregate, type SecretCategory, type SecretMetadata, type SecretScope, SharedFileEntry, SyncAgentInfo, SyncAgentStats, SyncConfirmedUpload, SyncFileEntry, SyncManifest, SyncManifestEntry, SyncPresignedUrl, SyncReconstructBundle, SyncReconstructFile, SyncSessionContent, SyncSessionEntry };\n//# sourceMappingURL=index.d.ts.map"],"mappings":";;;;;;;;;AAyBA;AAOA;;;;;AAIA;AAiBiB,UA5BA,aAAA,CA4BY;EA4BP,IAAA,EAAA,MAAA;EAAY,IAAA,EAAA,MAAA;YAEvB,EAAA,MAAA;cAAR,EAAA,UAAA,GAAA,YAAA;;AAmBmB,UAtEL,aAAA,CAsEkB;EAAA,KAAA,EArE1B,MAqE0B,CAAA,MAAA,EArEX,aAqEW,CAAA;;AAGhC,UArEc,cAAA,CAqEd;EAAO,OAAA,EAAA,CAAA;EAUY,OAAA,EAAA,MAAA;EAAmB,QAAA,EAAA,MAAA;OAGhC,EA9EA,MA8EA,CAAA,MAAA,EAAA;IACN,IAAA,EAAA,MAAA;IAAO,IAAA,EAAA,MAAA;IASY,QAAA,EAAA,MAAA;IAgBA,IAAA,CAAA,EAAA,MAAA;IAgBN,YAAa,CAAA,EAAA,MAAA;IAAA,UAAA,CAAA,EAAA,OAAA;;;AAG1B,UA9Gc,YAAA,CA8Gd;EAAY;;;;EC3EO;EA8BN,SAAA,EAAA,MAAY,EAAA;EAiBZ;;;;ACvIo1B;AAIt0B;AAIP;AAUI;;;AAYlBqC,iBFmDa,YAAA,CEnDbA,aAAAA,EAAAA,MAAAA,CAAAA,EFqDN,OErDMA,CFqDE,aErDFA,CAAAA;;AAAM;AAEW;AAKG;AAcnBI,iBFmDY,aAAA,CEnDS,aAKtBD,EAAAA,MAAmB,EAAA,QAAA,EFgDhB,aEhDgB,CAAA,EFiDzB,OEjDyB,CAAA,IAAA,CAAA;AAAA;AAGJ;AAOD;AAebK,iBFkCY,mBAAA,CElCM,aAAA,EAAA,MAAA,EAAA,YAAA,EAAA,MAAA,EAAA,KAAA,EFqCnB,aErCmB,CAAA,EFsCzB,OEtCyB,CAAA,IAAA,CAAA;AAAA;AAKH;;AASHZ,iBFiCA,mBAAA,CEjCAA,aAAAA,EAAAA,MAAAA,EAAAA,YAAAA,EAAAA,MAAAA,CAAAA,EFoCnB,OEpCmBA,CAAAA,IAAAA,CAAAA;;;;;AAeZK,iBFkCY,eAAA,CElCZA,QAAAA,EAAAA,MAAAA,CAAAA,EFkC+C,OElC/CA,CAAAA,MAAAA,CAAAA;;;;;;AAWgBI,iBFuCV,aAAA,CEvCUA,KAAAA,EFwCjB,aExCiBA,EAAAA,MAAAA,EFyChB,cEzCgBA,CAAAA,EF0CvB,YE1CuBA;;;;iBDjCJ,kBAAA,yBAEnB;iBA4Ba,YAAA;AD7FC,iBC8GD,aAAA,CD9Gc,KAAA,EAAA,MAAA,EAAA,EAAA,QAAA,EAAA,MAAA,EAAA,CAAA,EAAA,MAAA,EAAA;AAO9B;;;;;AAPA,UErBUT,oBAAAA,CFqBoB;EAO9B,MAAiB,EAAA,MAAA;EAAa,MAAA,EAAA,MAAA;;UExBpBC,aAAAA,CFyBD;EAAM,OAAA,EAAA,MAAA;EAGf,QAAiB,EAAA,MAAA;EAiBjB,WAAiB,EAAA,MAAY;EA4B7B,QAAsB,EAAA,MAAA;EAAY,MAAA,EAAA,OAAA,GAAA,SAAA,GAAA,QAAA;WAEvB,CAAA,EAAA,MAAA;WAAR,CAAA,EAAA,MAAA;EAAO,QAAA,CAAA,EAAA,MAAA;AAmBV;UEpFUC,iBAAAA,CFoFyB;QAEvB,MAAA;QACT,MAAA;EAAO,QAAA,EAAA,MAAA;EAUV,IAAsB,CAAA,EAAA,MAAA;EAAmB,YAAA,CAAA,EAAA,MAAA;YAGhC,CAAA,EAAA,OAAA;;UE5FCC,YAAAA,CF6FA;EASV,OAAsB,EAAA,CAAA;EAgBtB,OAAsB,EAAA,MAAA;EAgBtB,QAAgB,EAAA,MAAA;EAAa,KAAA,EElIpBC,MFkIoB,CAAA,MAAA,EElILF,iBFkIK,CAAA;;UEhInBG,gBAAAA,CFkIA;QACP,MAAA;EAAY,GAAA,EAAA,MAAA;;;UE9HLC,mBAAAA;EDmDV,QAAsB,EAAA,MAAA;EA8BtB,IAAgB,EAAA,MAAA;EAiBhB,IAAgB,EAAA,MAAA;;;;ACvIo1B,UA4C11BC,mBAAAA,CAxCoB;EAAA,IAIpBN,EAAAA,MAAAA;EAAa,IAUbC,EAAAA,MAAAA;EAAiB,GAQjBC,EAAAA,MAAAA;EAAY,YAAA,CAAA,EAAA,MAAA;YAIED,CAAAA,EAAAA,OAAAA;;UAqBdM,qBAAAA,CArBK;EAAA,OAELH,EAAAA,MAAAA;EAAgB,IAKhBC,EAAAA,MAAAA,GAAAA,QAAAA,GAAmB,QAAA;EAAA,SAOnBC,EAAAA,MAAAA;EAAmB,SAOnBC,EAAAA,MAAAA;EAKkB,KAGlBC,EAHDF,mBAGe,EAAA;EAAA,SAOdG,EAAAA,MAAAA;AAAa;AAQG,UAfhBD,cAAAA,CAsBkB;EAAA,OAKlBI,EAAAA,MAAAA;EAAe,aAMXC,EAAAA,MAAc;EAAA,YAAA,EAAA,MAAA;WAGNd,EAAAA,MAAAA;YAKXC,EAAAA,MAAAA,GAAAA,IAAAA;;UAlCDS,aAAAA,CAoCmBP;UAARY,EAAAA,MAAAA;QAQXV,MAAAA;UADJU,EAAAA,MAAAA;aAQQT,EAAAA,MAAAA;cAARS,CAAAA,EAAAA,MAAAA;YAGQP,CAAAA,EAAAA,OAAAA;;UA9CJG,gBAAAA,CA+CgBF;WAARM,EAAAA,MAAAA;QAIPL,MAAAA;cADLK,EAAAA,MAAAA;cAIQJ,CAAAA,EAAAA,MAAAA;YADQI,EAAAA,OAAAA;;UA9CZH,kBAAAA,CAiD2BG;WACDA,EAAAA,MAAAA;SAOzBF,EAAAA,MAAAA;YADLE,EAAAA,OAAAA;;UAnDIF,eAAAA,CA+DoB1B;UAAR4B,EAAAA,MAAAA;UACiC/B,EAAAA,MAAAA;QAAR+B,MAAAA;aACUX,CAAAA,EAAAA,MAAAA;;cA3D3CU,cAAAA,CA8DDV;mBACCjB,MAAAA;mBAAR4B,MAAAA;aAC8C5B,CAAAA,MAAAA,EA7D9Ba,oBA6D8Bb;UAAR4B,OAAAA;cACQA,CAAAA,KAAAA,EAAAA;eAQvCX,CAAAA,EAAAA,MAAAA;MAlEPW,OA+D8BA,CAAAA;SAMlB1B,EApEPY,aAoEOZ;;iBAYQ0B,CAAAA,CAAAA,EA9ELA,OA8EKA,CA9EGZ,YA8EHY,CAAAA;aAUgBA,CAAAA,IAAAA,EAAAA;SAOZA,EAAAA;UAeJA,EAAAA,MAAAA;eAkBHA,EAAAA,KAAAA,GAAAA,KAAAA;iBAiBCA,CAAAA,EAAAA,MAAAA;OAcHA;MAxJfA,OAmKgBA,CAAAA;QAU2BA,EA5KvCV,gBA4KuCU,EAAAA;;mBAsB1BA,CAAAA,IAAAA,EAAAA;YAmBMA,EAAAA,MAAAA;QAYFA,EAAAA,MAAAA;QA0BDA,EAAAA,MAAAA;gBAoCiCA,CAAAA,EAAAA,UAAAA,GAAAA,YAAAA;MAxRrDA,OAkSkBA,CAlSVT,mBAkSUS,CAAAA;iBAcHA,CAAAA,IAAAA,EAAAA;QAYCA,EAAAA,MAAAA,GAAAA,QAAAA,GAAAA,QAAAA;MAzThBA,OA0UuBA,CA1UfP,qBA0UeO,CAAAA;cAyBHA,CAAAA,CAAAA,EAlWRA,OAkWQA,CAlWAN,cAkWAM,CAAAA;eA8BiCA,CAAAA,KAAAA,EAAAA;UAKlCA,CAAAA,EAAAA,MAAAA;MAlYnBA,OA+YaX,CAAAA;SACbW,EA/YKL,aA+YLK,EAAAA;;kBAeEA,CAAAA,CAAAA,EA5ZcA,OA4ZdA,CAAAA;YAaFA,EAxaQJ,gBAwaRI,EAAAA;;gBAgBQjC,CAAAA,SAAAA,EAAAA,MAAAA,CAAAA,EAtbuBiC,OAsbvBjC,CAtb+B8B,kBAsb/B9B,CAAAA;gBAARiC,CAAAA,QAAAA,EAAAA,MAAAA,CAAAA,EArb8BA,OAqb9BA,CAAAA;WAQKhB,EAAAA,OAAAA;;iBAeAA,CAAAA,IAAAA,EAAAA;SAIIJ,EAAAA,KAAAA,GAAAA,MAAAA,GAAAA,SAAAA;WAKAlB,EAAAA,MAAAA;MA/cTsC,OAgdapC,CAAAA;SAEFP,EAjdNyC,eAidMzC,EAAAA;cAGHqB,EAAAA,MAAAA,GAAAA,IAAAA;;mBAGHM,CAAAA,IAAAA,EAAAA;SAIIN,EAAAA,KAAAA,GAAAA,MAAAA,GAAAA,SAAAA;WACAlB,EAAAA,MAAAA;YAFTwC,EAAAA,MAAAA;MAndAA,OAydKhB,CAAAA;eAMMpB,EAAAA,MAAAA;aACJF,EAAAA,MAAAA;;kBAHPsC,CAAAA,CAAAA,EAzdgBA,OAydhBA,CAzdwB5B,kBAydxB4B,EAAAA,CAAAA;sBAYKhB,CAAAA,aAAAA,EAAAA,MAAAA,CAAAA,EApeoCgB,OAoepChB,CApe4Cf,uBAoe5Ce,CAAAA;yBAIMpB,CAAAA,aAAAA,EAAAA,MAAAA,EAAAA,MAAAA,EAvewCyB,MAuexCzB,CAAAA,MAAAA,EAAAA,OAAAA,CAAAA,CAAAA,EAvekEoC,OAuelEpC,CAAAA,IAAAA,CAAAA;oBACJF,CAAAA,aAAAA,EAAAA,MAAAA,EAAAA,QAAAA,EAAAA;WAEEL,CAAAA,EAAAA,MAAAA;UAET2C,CAAAA,EAzeOX,MAyePW,CAAAA,MAAAA,EAAAA,OAAAA,CAAAA;MAxeAA,OA8eKhB,CA9eGZ,kBA8eHY,CAAAA;mBAILgB,CAAAA,aAAAA,EAAAA,MAAAA,CAAAA,EAjfsCA,OAiftCA,CAjf8C5B,kBAif9C4B,CAAAA;aAGKhB,CAAAA,QAAAA,EAAAA,MAAAA,EAAAA,MAAAA,CAAAA,EAAAA,MAAAA,EAAAA,CAAAA,EAnfyCgB,OAmfzChB,CAAAA;OAMIJ,EAAAA,MAAAA;YAEDF,EAAAA,MAAAA;aAARsB,EAAAA,MAAAA;;gBAKSpB,CAAAA,QAAAA,EAAAA,MAAAA,CAAAA,EA3fqBoB,OA2frBpB,CAAAA;YAGDE,EAAAA,MAAAA;aAARkB,EAAAA,OAAAA;UAGKhB,CAAAA,EA9fEK,MA8fFL,CAAAA,MAAAA,EAAAA,MAAAA,CAAAA;;aAKLgB,CAAAA,CAAAA,EAjgBWA,OAigBXA,CAAAA;gBAMKhB,EAtgBOV,aAsgBPU,EAAAA;;;;;;;;;;;;sBA2FLgB,CAAAA,CAAAA,EArlBoBA,OAqlBpBA,CAAAA;YAUAA,EAAAA;WAkBAA,EAAAA,MAAAA;kBAgBAA,EAAAA,MAAAA;cAkBAA,EAAAA,MAAAA;kBAWAA,EAAAA,MAAAA;iBAUAA,CAAAA,EAAAA,MAAAA;iBAwBAA,CAAAA,EAAAA,MAAAA;OAYAA;;yBAQiCA,CAAAA,KAAAA,EAAAA,MAAAA,CAAAA,EA1sBGA,OA0sBHA,CAAAA;YAWnBA,EAAAA;WAQcA,EAAAA,MAAAA;iBAGjBA,CAAAA,EAAAA,MAAAA;iBAeXA,CAAAA,EAAAA,MAAAA;OAMqBA;;0BAcrBA,CAAAA,CAAAA,EA5vBwBA,OA4vBxBA,CAAAA;SAIAA,EAAAA,MAAAA;gBAKAA,EAAAA,MAAAA;YAC2BA,EAAAA,MAAAA;gBAW3BA,EAAAA,MAAAA;IAAO,WAAA,CAAA,EAAA,MAAA;;;;ACx7Bb;AAOA;AAWA;;;;sBAA4D,CAAA,CAAA,EDoKlCA,OCpKkC,CAAA;;eAY7C,EAAA,MAAA;;;;;;;;;;;;AAmQf;;;;EAAmC,iBAAA,CAAA,CAAA,EDzFZA,OCyFY,CAAA;;;;MCpTlB,WAAA,EAAA,MAAc,GAAA,IAKU;MAQnB,WAAA,EAAY,MAAA;MAAA,WAAA,EAAA,MAAA;WACvB,EAAA,MAAA;YACM,EAAA,MAAA;OAAd;EAAO,CAAA,CAAA;;;;ACHV;AA4FA;;oBAGU,CAAA,CAAA,EHiIcA,OGjId,CAAA;eAEC,EAAA,MAAA;wBAAR,EAAA,MAAA;IAAO,YAAA,EAAA,MAAA;;;;ACnGV;AAqDA;;;;;;EAMU,eAAA,CAAA,CAAA,EJqLWA,OIrLX,CAAA;;;;MCxEO,WAAA,EAAY,MAAA,GAAA,IAAA;MAUP,WAAS,EAAA,MAAA;MAAA,WAAA,EAAA,MAAA;0BACX,EAAA,MAAA;kBAAR,EAAA,MAAA;OACD;;kBACR,CAAA,CAAA,EL2PmBA,OK3PnB,CAAA;IAAO,WAAA,EAAA,MAAA;;;;ACSV;AAMA;AAGC;AASD;;yBACqB,CAAA,YAAA,EAAA,MAAA,CAAA,ENyO4BA,OMzO5B,CAAA;eAAgB,EAAA,MAAA;wBACd,EAAA,MAAA;aAAgB,EAAA,MAAA;;;;;AAMvC;;sBACU,CAAA,CAAA,EN2OgBA,OM3OhB,CAAA;eACH,EAAA,MAAA;eACJ,EAAA,MAAA;IAAgB,aAAA,EAAA,MAAA;;;;;;;;;uBNqPIA;;;;;;;;;;;;;;;;;;;6BAmBMA;;;;;;;;;;;;2BAYFA;;;;;;;;;;;;;;;;;;;;;;;;;;0BA0BDA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2DAoCiCA;;;;;;;;;;wBAUnCA;;;;;;;;;;;;;;qBAcHA;;;;;;;;;;;;sBAYCA;;;;;;;;;;;;;;;;;6BAiBOA;;;;;;;;;;;;;;;;;;;;;;;;;0BAyBHA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2DA8BiCA;;;;;yBAKlCA;;;;;;;;;;;;;mBAaNX;MACbW;;;;uBAIiBA;;;;;;;;;;;QAWfA;;;;;;;;;;;;;MAaFA;;;;;;;;;;;;WAYKhB;;;;MAILgB,QAAQjC;;;;;;;;WAQHiB;;;;;MAKLgB;;;;;;;;;;WAUKhB;;;;eAIIJ;;;;;eAKAlB;mBACIE;;iBAEFP;;;MAGX2C,QAAQtB;;;WAGHM;;;MAGLgB;eACStB;eACAlB;;;;WAIJwB;;;;MAILgB;;iBAEWpC;aACJF;;eAEEL;;;;;;;WAOJ2B;;;;iBAIMpB;aACJF;;eAEEL;;MAET2C;;;;;;WAMKhB;;;;MAILgB;;;WAGKhB;;;;;;eAMIJ;;MAEToB,QAAQtB;;;WAGHM;;eAEIJ;;;MAGToB,QAAQlB;;;WAGHE;;;;;MAKLgB;aACO7C;;;;;WAKF6B;;;MAGLgB;;sBAEgBA,QAAQxB;;;;;;;;;;YAUlBwB;;;;;;;;;MASNA;;;;;;;;;;;;;;;;MAgBAA;;;0CAGoCA;;;;;;;;;;MAUpCA;;;;;;;;;;MAUAA;;;;;;;;;;;;MAYAA;;;;;;;;;;;MAWAA;;;;;MAKAA;;;;;;;;;;MAUAA;;;;;;;;;;;;;;;;;;MAkBAA;;;;;;;;;;;;;;;;MAgBAA;;;;;;;;;;;;;;;;;;MAkBAA;;;;;;;;;;;MAWAA;;;;;;;;;;MAUAA;;;;;;;;;;;;;;;;;;;;;;;;MAwBAA;;;;;;;;;;;;MAYAA;;;;wDAIkDA;;;;uCAIjBA;;;;;;;;;;;oBAWnBA;;;;;;;;kCAQcA;;;iBAGjBA;;;;;;;;;;;;;;;MAeXA;;;;;;2BAMqBA;;;;+BAIIA;;;;;;;;;;MAUzBA;;;;MAIAA;;;;;MAKAA;iCAC2BA;;;;;;;;;;;MAW3BA;;;;;;AFr4BgB,UGnDL,UAAA,CHmDiB;EAAA,MAAA,EAAA,MAAA;QAEvB,EAAA,MAAA;WAAR,EAAA,MAAA;EAAO,MAAA,EAAA,MAAA;AAmBV;AAAmC,UGjElB,iBAAA,CHiEkB;eAEvB,EAAA,MAAA;QACT,EGlEO,cHkEP;;AAUH;;;;;AAaA;AAgBsB,iBGhGN,gBAAA,CHgGgD;EAAA,aAAA;EAAA;AAAA,CAAA,EGhGJ,iBHgGI,CAAA,EAAA;EAgBhD,aAAA,EAAA,MAAa;EAAA,MAAA,gBAAA;;;;;gCCxEP;;;EAAA,CAAA,CAAA,EE5Bf,OF4Be,CE5BP,UF4ByB,CAAA;EA8BxB,WAAA,CAAA,KAAY,EAAA,MAAA,EAAA,EAAA,QAAA,EAAA;IAiBZ,KAAA,CAAA,EAAA,OAAa;MEnCtB,QAAQ;;cD5FLd;IAJAD,KAAAA,CAAAA,EAAAA,OAAAA;EAIAC,CAAAA,CAAAA,ECwHyC,ODxHzCA,CCwHiD,UDxHpC,CAAA;EAUbC;AAAiB;;;UAYlBE,CAAAA,OAECC,CAFDD,EAAAA;IAAM,KAAA,CAAA,EAAA,OAAA;EAELC,CAAAA,CAAAA,ECqI6C,ODrI7CA,CCqIqD,UDrIrC,CAAA;EAKhBC;AAAmB;AAOA;AAYD;EAUlBI,SAAAA,CAAAA,KAAAA,EAAa,MAAA,EAAA,EAAA,OAebE,CAfa,EAAA;IAQbD,KAAAA,CAAAA,EAAAA,OAAgB;EAOhBC,CAAAA,CAAAA,ECgLH,ODhLGA,CCgLK,UDhLa,CAAA;EAKlBC;AAAe;;;iBAcdZ,CAAAA,QAAAA,EAAAA,MAAAA,EAAAA,QAAAA,EAAAA;IADLc,KAAAA,CAAAA,EAAAA,OAAAA;MCyMC,ODtMsBZ,CAAAA,IAAAA,CAAAA;;AAQnBE,KCiNE,UAAA,GAAa,UDjNfA,CAAAA,OCiNiC,gBDjNjCA,CAAAA;;;;;;;;AFrFV;AAOA;AAA8B,UIrBb,cAAA,CJqBa;eACN,EAAA,MAAA;;EAAT,UAAA,CAAA,EAAA,MAAA;EAGE;EAiBA,SAAA,EAAA,CAAA,KAAY,EAAA,MAAA,EAAA,EAAA,GAAA,IAAA,GIrCY,OJqCZ,CAAA,IAAA,CAAA;AA4B7B;;;;;AAqBA;AAAmC,iBI9Eb,YAAA,CJ8Ea,OAAA,EI7ExB,cJ6EwB,CAAA,EI5EhC,OJ4EgC,CAAA,GAAA,GI5ElB,OJ4EkB,CAAA,IAAA,CAAA,CAAA;;;;AArBb,UK1DL,YAAA,CL0DiB;EAAA,IAAA,EAAA,MAAA;SAEvB,EAAA,OAAA;MAAR,CAAA,EAAA,MAAA;EAAO,IAAA,CAAA,EAAA,MAAA;EAmBY,KAAA,CAAA,EAAA,MAAA;;;;;AAaA,iBKAA,WAAA,CLAmB,aAAA,EAAA,MAAA,EAAA,aAAA,EAAA,MAAA,EAAA,EAAA,MAAA,EKG/B,cLH+B,EAAA,QAAA,EAAA;EAAA,WAAA,CAAA,EAAA,MAAA;OAGhC,CAAA,EAAA,OAAA;IKEN,OLDA,CKCQ,YLDR,EAAA,CAAA;;;;AAlEc,UMhCA,cAAA,CNgCY;EA4BP,IAAA,EAAA,MAAA;EAAY,OAAA,EAAA,OAAA;MAEvB,CAAA,EAAA,MAAA;OAAR,CAAA,EAAA,MAAA;;AAmBmB,iBM5BA,aAAA,CN4Ba,aAAA,EAAA,MAAA,EAAA,aAAA,EAAA,MAAA,EAAA,EAAA,MAAA,EMzBzB,cNyByB,EAAA,cAAA,CAAA,EMxBhB,cNwBgB,EAAA,QAAA,EAAA;EAAA,WAAA,CAAA,EAAA,MAAA;OAEvB,CAAA,EAAA,OAAA;IMxBT,ONyBA,CMzBQ,cNyBR,EAAA,CAAA;;;;;;;;AAhFc,UOjBA,YAAA,CPiBa;EAOb,UAAA,CAAA,EAAA,MAAa;EAAA,WAAA,CAAA,EAAA,MAAA;;;;AAI9B;AAiBA;AA4BA;AAAkC,iBO/DZ,SP+DY,CAAA,CAAA,CAAA,CAAA,EAAA,EAAA,GAAA,GO9DtB,OP8DsB,CO9Dd,CP8Dc,CAAA,EAAA,OAAA,CAAA,EO7DvB,YP6DuB,CAAA,EO5D/B,OP4D+B,CO5DvB,CP4DuB,CAAA;;;;AAAZ,UQnDL,WAAA,CRmDiB;EAAA,SAAA,EAAA,MAAA,GAAA,SAAA,GAAA,KAAA;SAEvB,EAAA,MAAA;MAAR,EAAA,MAAA;;AAmBmB,UQlEL,gBAAA,CRkEkB;EAAA,aAAA,EAAA,MAAA;QAEvB,EQlEF,cRkEE;;UQ/DF,YAAA,CRgEA;EAUY,IAAA,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAmB;EAAA,IAAA,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAA;OAGhC,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAA;OACN,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAA;;AASmB,UQhFL,gBAAA,CRgFwB;EAgBnB,UAAA,CAAA,MAAA,EQ/FD,WR+FoC,EAAA,CAAA,EQ/FpB,OR+F2B,CAAA,IAAA,CAAA;EAgBhD,YAAA,CAAA,MAAa,EQ9GN,WR8GM,EAAA,CAAA,EQ9GU,OR8GV,CAAA,IAAA,CAAA;EAAA,kBAAA,CAAA,QAAA,EAAA,MAAA,EAAA,SAAA,EAAA,SAAA,GAAA,SAAA,CAAA,EQ7G6C,OR6G7C,CAAA,IAAA,CAAA;UACpB,EAAA,EQ7GK,OR6GL,CAAA,IAAA,CAAA;WACC,EAAA,EQ7GK,WR6GL,EAAA;;AACK,iBQ3GC,sBAAA,CR2GD,MAAA,EQ1GL,gBR0GK,EAAA,GAAA,EQzGR,YRyGQ,CAAA,EQxGZ,gBRwGY"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@alfe.ai/openclaw-sync",
3
- "version": "0.1.5",
3
+ "version": "0.1.6",
4
4
  "description": "AlfeSync — agent workspace backup and sync skill for OpenClaw",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
@@ -21,7 +21,7 @@
21
21
  "commander": "^13.0.0",
22
22
  "micromatch": "^4.0.8",
23
23
  "ws": "^8.18.0",
24
- "@alfe.ai/agent-api-client": "0.1.4",
24
+ "@alfe.ai/agent-api-client": "0.2.0",
25
25
  "@alfe.ai/config": "0.0.9"
26
26
  },
27
27
  "peerDependencies": {