@alfe.ai/openclaw-sync 0.2.1 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli/index.js CHANGED
@@ -1,5 +1,5 @@
1
1
  #!/usr/bin/env node
2
- import { c as shouldIgnore, d as diffManifests, f as readManifest, s as loadIgnorePatterns, t as createSyncEngine } from "../sync-engine.js";
2
+ import { c as loadIgnorePatterns, f as diffManifests, l as shouldIgnore, p as readManifest, t as createSyncEngine } from "../sync-engine.js";
3
3
  import { readdir } from "node:fs/promises";
4
4
  import { join } from "node:path";
5
5
  import { configExists, resolveConfig } from "@alfe.ai/config";
@@ -10,6 +10,12 @@
10
10
  # VCS / build / package metadata; OS + editor noise; sync-internal backstop;
11
11
  # secrets (never sync); OpenClaw config-rotation backups; Chromium/Electron
12
12
  # browser caches (zero restore value, tens of MB); language churn.
13
+ #
14
+ # NEVER add `*.conflict-*` or `RECOVERY-*` patterns here. Recovery artifacts
15
+ # (see sync-engine.ts isRecoveryArtifact) must seed UP to the cloud for
16
+ # durability; ignoring them would block that seed AND expose the cloud copies
17
+ # to pruneIgnored deletion. They are kept out of the restore path in code,
18
+ # not via the ignore set.
13
19
 
14
20
  **/.alfesync/**
15
21
  # shared/ mirrors org/team/project files (OrgFilesBucket) into the workspace via
package/dist/index.d.cts CHANGED
@@ -22,6 +22,16 @@ interface ManifestEntry {
22
22
  }
23
23
  interface LocalManifest {
24
24
  files: Record<string, ManifestEntry>;
25
+ /**
26
+ * Owner of this manifest. The manifest lives at a machine-global path
27
+ * (`~/.alfe/sync/manifest.json`), so if a machine is re-adopted by a
28
+ * DIFFERENT agent without clearing `~/.alfe/sync/`, the entries describe
29
+ * the previous agent's sync state and must not be trusted for recovery
30
+ * classification. Absent on pre-upgrade manifests — those are trusted
31
+ * (grandfathered: same-agent continuation is overwhelmingly the norm, and
32
+ * distrust would sidecar-spam every diverged file after upgrade).
33
+ */
34
+ agentId?: string;
25
35
  }
26
36
  interface RemoteManifest {
27
37
  version: 1;
@@ -63,6 +73,15 @@ declare function writeManifest(workspacePath: string, manifest: LocalManifest):
63
73
  * Update a single file entry in the local manifest.
64
74
  */
65
75
  declare function updateManifestEntry(workspacePath: string, relativePath: string, entry: ManifestEntry): Promise<void>;
76
+ /**
77
+ * Update many file entries in one read-modify-write pass.
78
+ *
79
+ * `updateManifestEntry` re-reads and rewrites the whole manifest JSON per
80
+ * call — fine for single-file watcher events, quadratic for bulk heals, and
81
+ * lossy when calls overlap. Use this for any batch (e.g. the recovery
82
+ * "identical → heal" pass). Optionally stamps the owning agentId.
83
+ */
84
+
66
85
  /**
67
86
  * Remove a file entry from the local manifest.
68
87
  */
@@ -1284,8 +1303,10 @@ declare class AgentApiClient {
1284
1303
  memoryBootstrapStatus(): Promise<{
1285
1304
  synced: boolean;
1286
1305
  syncedAt?: string;
1306
+ sessionsBackfillSynced?: boolean;
1307
+ sessionsBackfillSyncedAt?: string;
1287
1308
  }>;
1288
- memoryBootstrapStatusMark(): Promise<{
1309
+ memoryBootstrapStatusMark(scope?: "files" | "sessions"): Promise<{
1289
1310
  synced: true;
1290
1311
  syncedAt: string;
1291
1312
  }>;
@@ -1434,6 +1455,26 @@ interface SyncResult {
1434
1455
  conflicts: number;
1435
1456
  errors: number;
1436
1457
  }
1458
+ /**
1459
+ * Recovery artifacts: `.conflict-<ts>` sidecars and `RECOVERY-<ts>.md`
1460
+ * reports. Anchored to the timestamp shape so legitimate user files like
1461
+ * `my.conflict-notes.txt` or `RECOVERY-plan.md` are never misclassified.
1462
+ *
1463
+ * They seed UP to the cloud so a preserved local version survives even if
1464
+ * the VM dies before the agent merges it (retrievable via the dashboard
1465
+ * file manager), but they are never AUTO-restored back down and never
1466
+ * preserved again — restoring would resurrect copies the agent already
1467
+ * cleaned up, and re-preserving would cascade `.conflict`-of-`.conflict`
1468
+ * files. Cloud copies are reclaimed when the agent's local cleanup
1469
+ * propagates through the watcher; artifacts orphaned by a rebuild before
1470
+ * cleanup linger until then (accepted: small, user-visible, deletable).
1471
+ * The watcher's delete brake also exempts them so the agent's post-merge
1472
+ * cleanup of many sidecars can't trip it.
1473
+ *
1474
+ * Deliberately NOT in the ignore set: ignored paths don't seed up and would
1475
+ * be eligible for pruneIgnored deletion.
1476
+ */
1477
+
1437
1478
  interface SyncEngineOptions {
1438
1479
  workspacePath: string;
1439
1480
  client: AgentApiClient;
@@ -1442,6 +1483,11 @@ interface SyncEngineOptions {
1442
1483
  * every scan (push / fullSync / firstRunReconcile). Default: "openclaw".
1443
1484
  */
1444
1485
  runtime?: string;
1486
+ /**
1487
+ * Recovery sidecar size cap override — see MAX_PRESERVE_BYTES. Exists so
1488
+ * tests can exercise the over-cap path without multi-hundred-MB fixtures.
1489
+ */
1490
+ maxPreserveBytes?: number;
1445
1491
  }
1446
1492
  /**
1447
1493
  * Construct a sync engine bound to a workspace + agent API client.
@@ -1452,7 +1498,8 @@ interface SyncEngineOptions {
1452
1498
  declare function createSyncEngine({
1453
1499
  workspacePath,
1454
1500
  client,
1455
- runtime
1501
+ runtime,
1502
+ maxPreserveBytes
1456
1503
  }: SyncEngineOptions): {
1457
1504
  workspacePath: string;
1458
1505
  client: AgentApiClient;
@@ -1501,10 +1548,24 @@ declare function createSyncEngine({
1501
1548
  * manifest has no entry for it). fullSync pushes before it pulls, so it
1502
1549
  * would still clobber the cloud edit before restoring it locally.
1503
1550
  *
1504
- * Conflict direction: for a rebuild the CLOUD copy is authoritative for
1505
- * anything it holds. We do not write `.conflict-<ts>` markers here — a
1506
- * fresh setup seed losing to the agent's own prior edit is the intended
1507
- * outcome, not a conflict.
1551
+ * Conflict direction: the CLOUD copy is authoritative for anything it
1552
+ * holds, but diverged UNSYNCED local content is never silently
1553
+ * destroyed it is preserved next to the restored file as a
1554
+ * `.conflict-<ts>` sidecar and indexed in a `RECOVERY-<ts>.md` report
1555
+ * the agent is nudged (via HEARTBEAT.md, openclaw only) to reconcile.
1556
+ * Known noise: on a fresh-disk rebuild the setup-seeded persona
1557
+ * templates diverge from the edited cloud copies, so each gets a small
1558
+ * sidecar of the pristine template — bounded, listed in the report, and
1559
+ * cleaned up by the agent. The plugin can't tell a seed from an edit
1560
+ * without the template registry, and guessing (e.g. mtime windows)
1561
+ * would reintroduce exactly the silent-loss hole this closes.
1562
+ *
1563
+ * Per-path classification (see classifyRestorePaths): files whose local
1564
+ * manifest entry matches the cloud hash but whose disk content moved on
1565
+ * (`localAhead` — edited while the plugin was down) are PUSHED, not
1566
+ * restored; files deleted locally while the plugin was down
1567
+ * (`offlineDelete`) are not resurrected; files already matching the
1568
+ * cloud are healed into the manifest without a download.
1508
1569
  */
1509
1570
  firstRunReconcile(options?: {
1510
1571
  quiet?: boolean;
@@ -1577,6 +1638,13 @@ interface UploadResult {
1577
1638
  size?: number;
1578
1639
  error?: string;
1579
1640
  }
1641
+ /**
1642
+ * Prefixes stored as GLACIER_IR on the sync bucket. Shared with the recovery
1643
+ * classifier in sync-engine.ts, which must never cut conflict sidecars for
1644
+ * archive objects (their presigned GETs fail until restored, so hashing/
1645
+ * preserving them is wasted work on a pull that can't succeed anyway).
1646
+ */
1647
+
1580
1648
  /**
1581
1649
  * Upload many files, batched by `concurrency`.
1582
1650
  */
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.cts","names":["ChangelogAction","ChangelogActor","ChangelogEntry","ChangelogEntry$1","EncryptedEnvelopeV1","EncryptedEnvelopeV1$1","Field","FieldEnvelope","FieldEnvelope$1","FieldFormat","FieldFormat$1","FieldSensitivity","FieldSensitivity$1","FieldView","GeneratedDataKey","GeneratedDataKey$1","IntegrationConfigResult","IntegrationConfigResult$1","IntegrationConfigSchemaField","IntegrationInstall","IntegrationInstall$1","RegistryEntry","RegistryEntry$1","ScopeInfo","ScopeInfo$1","SecretAggregate","SecretAggregate$1","SecretCategory","SecretCategory$1","SecretMetadata","SecretMetadata$1","SecretScope","SecretScope$1","AgentApiClientConfig","RemoteSessionInfo","SyncAgentInfo","SyncManifestEntry","SyncManifest","Record","SyncPresignedUrl","SyncConfirmedUpload","SyncReconstructFile","SyncReconstructBundle","SyncAgentStats","SyncFileEntry","SyncSessionEntry","SyncSessionContent","SharedFileEntry","KnowledgeScopeType","KnowledgeScope","KnowledgeSearchHit","KnowledgeSearchResult","KnowledgeProfileLink","KnowledgeProfile","KnowledgeFact","KnowledgeDoc","AgentVoiceConfig","AgentSelf","AgentAvatarPresign","AgentVoice","VoiceTtsModel","VoiceTtsArgs","VoiceTtsResult","Buffer","VoiceSttArgs","Uint8Array","VoiceSttResult","AgentApiClient","Promise"],"sources":["../src/manifest.ts","../src/ignore.ts","../../agent-api-client/dist/index.d.ts","../src/sync-engine.ts","../src/watcher.ts","../src/uploader.ts","../src/downloader.ts","../src/retry.ts","../src/shared-sync.ts"],"sourcesContent":["import { ChangelogAction, ChangelogActor, ChangelogEntry, ChangelogEntry as ChangelogEntry$1, EncryptedEnvelopeV1, EncryptedEnvelopeV1 as EncryptedEnvelopeV1$1, Field, FieldEnvelope, FieldEnvelope as FieldEnvelope$1, FieldFormat, FieldFormat as FieldFormat$1, FieldSensitivity, FieldSensitivity as FieldSensitivity$1, FieldView, GeneratedDataKey, GeneratedDataKey as GeneratedDataKey$1, IntegrationConfigResult, IntegrationConfigResult as IntegrationConfigResult$1, IntegrationConfigSchemaField, IntegrationInstall, IntegrationInstall as IntegrationInstall$1, RegistryEntry, RegistryEntry as RegistryEntry$1, ScopeInfo, ScopeInfo as ScopeInfo$1, SecretAggregate, SecretAggregate as SecretAggregate$1, SecretCategory, SecretCategory as SecretCategory$1, SecretMetadata, SecretMetadata as SecretMetadata$1, SecretScope, SecretScope as SecretScope$1 } from \"@alfe/types\";\n\n//#region src/index.d.ts\n\ninterface AgentApiClientConfig {\n apiKey: string;\n apiUrl: string;\n}\ninterface RemoteSessionInfo {\n sessionId: string;\n agentId: string;\n surface: \"browser\" | \"terminal\";\n status: \"agent_driving\" | \"awaiting_human\" | \"human_in_control\" | \"resuming\" | \"completed\" | \"expired\" | \"failed\";\n url?: string;\n instructions?: string;\n requestedAt?: string;\n}\ninterface SyncAgentInfo {\n agentId: string;\n tenantId: string;\n displayName: string;\n s3Prefix: string;\n status: \"stale\" | \"syncing\" | \"synced\";\n fileCount?: number;\n totalSize?: number;\n lastSync?: string;\n}\ninterface SyncManifestEntry {\n hash: string;\n size: number;\n modified: string;\n etag?: string;\n storageClass?: string;\n compressed?: boolean;\n}\ninterface SyncManifest {\n version: 1;\n agentId: string;\n lastSync: string;\n files: Record<string, SyncManifestEntry>;\n}\ninterface SyncPresignedUrl {\n path: string;\n url: string;\n expiresAt: string;\n}\ninterface SyncConfirmedUpload {\n filePath: string;\n hash: string;\n size: number;\n storageClass: \"STANDARD\" | \"GLACIER_IR\";\n syncedAt: string;\n}\ninterface SyncReconstructFile {\n path: string;\n size: number;\n url: string;\n storageClass?: string;\n compressed?: boolean;\n}\ninterface SyncReconstructBundle {\n agentId: string;\n mode: \"full\" | \"active\" | \"memory\";\n fileCount: number;\n totalSize: number;\n files: SyncReconstructFile[];\n expiresAt: string;\n}\ninterface SyncAgentStats {\n agentId: string;\n standardBytes: number;\n glacierBytes: number;\n fileCount: number;\n lastSyncAt: string | null;\n}\ninterface SyncFileEntry {\n filePath: string;\n size: number;\n modified: string;\n contentHash: string;\n storageClass?: string;\n compressed?: boolean;\n}\ninterface SyncSessionEntry {\n sessionId: string;\n size: number;\n lastModified: string;\n storageClass?: string;\n isArchived: boolean;\n}\ninterface SyncSessionContent {\n sessionId: string;\n content: string;\n compressed: boolean;\n}\ninterface SharedFileEntry {\n filePath: string;\n fileName: string;\n size: number;\n contentType?: string;\n}\ntype KnowledgeScopeType = \"org\" | \"team\" | \"project\";\ninterface KnowledgeScope {\n scopeType: KnowledgeScopeType;\n scopeId: string;\n name: string;\n}\ninterface KnowledgeSearchHit {\n id: string;\n text: string;\n /** Normalized relevance in (0,1]; higher = closer. */\n score: number;\n scopeType: KnowledgeScopeType;\n scopeId: string;\n source: \"doc\" | \"fact\";\n /** Present when `source === \"doc\"` — the canonical file under shared/<scope>/. */\n filePath?: string;\n /** Present when `source === \"fact\"`. */\n factId?: string;\n}\ninterface KnowledgeSearchResult {\n results: KnowledgeSearchHit[];\n /** True when fan-out breadth was capped (more member scopes than the cap). */\n truncatedScopes: boolean;\n}\ninterface KnowledgeProfileLink {\n label: string;\n url: string;\n}\ninterface KnowledgeProfile {\n scopeType: KnowledgeScopeType;\n scopeId: string;\n about: string | null;\n description: string | null;\n links: KnowledgeProfileLink[];\n updatedAt: string | null;\n updatedBy: string | null;\n}\ninterface KnowledgeFact {\n factId: string;\n scopeType: KnowledgeScopeType;\n scopeId: string;\n text: string;\n sourceType: string;\n createdBy: string;\n createdAt: string;\n updatedAt: string;\n}\ninterface KnowledgeDoc {\n filePath: string;\n fileName: string;\n contentType?: string;\n size: number;\n uploadedBy?: string;\n createdAt: string;\n updatedAt: string;\n}\n/** Voice settings — core agent config. Mirrors `VoiceConfig` in `@alfe/types`. */\ninterface AgentVoiceConfig {\n /** ElevenLabs voice ID; platform default when unset. */\n voiceId?: string;\n ttsModel?: string;\n enabled?: boolean;\n}\n/**\n * The agent's own public identity, as returned by `updateSelf`, `generateAvatar`,\n * `presignAvatar`'s finalize (`finalizeAvatar`). This is the public agent\n * projection; only the identity-relevant fields are typed here — the response\n * carries the full public agent record.\n */\ninterface AgentSelf {\n agentId: string;\n tenantId: string;\n name: string;\n avatarUrl?: string;\n voiceConfig?: AgentVoiceConfig;\n status: string;\n}\n/** Result of `presignAvatar` — the agent PUTs bytes to `uploadUrl`, then finalizes with `s3Key`. */\ninterface AgentAvatarPresign {\n /** Presigned PUT URL to upload the image bytes to. */\n uploadUrl: string;\n /** Object key — echoed back to `finalizeAvatar`. */\n s3Key: string;\n /** Stable public URL the avatar will be served from once finalized. */\n publicUrl: string;\n /** ISO expiry of the presigned PUT URL. */\n expiresAt: string;\n}\n/** A voice in the platform catalogue (ElevenLabs), from `listVoices`. */\ninterface AgentVoice {\n id: string;\n name: string;\n previewUrl: string;\n description: string;\n labels: Record<string, string>;\n category: string;\n}\n/** The ElevenLabs models with a pricing row — the TTS endpoint rejects any other value. */\ntype VoiceTtsModel = \"eleven_turbo_v2_5\" | \"eleven_multilingual_v2\";\ninterface VoiceTtsArgs {\n /** Text to synthesize (1–5000 chars — the endpoint enforces this). */\n text: string;\n /** ElevenLabs voice id; platform default when unset. */\n voiceId?: string;\n /** TTS model; `eleven_turbo_v2_5` (lower latency) when unset. */\n model?: VoiceTtsModel;\n}\n/** Raw synthesized audio plus its PCM framing (from the response headers). */\ninterface VoiceTtsResult {\n /** Raw little-endian PCM samples — no container. Wrap in WAV to make a playable file. */\n audio: Buffer;\n /** Samples per second (e.g. 24000). */\n sampleRate: number;\n /** Channel count (mono = 1). */\n channels: number;\n /** Bits per sample (e.g. 16). */\n bitDepth: number;\n}\ninterface VoiceSttArgs {\n /** Raw linear16 (16-bit little-endian) mono PCM samples — no WAV/container header. */\n audio: Uint8Array;\n /** Sample rate of `audio` in Hz (8000–48000). */\n sampleRate: number;\n}\ninterface VoiceSttResult {\n text: string;\n /** Deepgram confidence in (0,1]. */\n confidence: number;\n}\ndeclare class AgentApiClient {\n private readonly apiKey;\n private readonly apiUrl;\n constructor(config: AgentApiClientConfig);\n private request;\n syncRegister(args?: {\n displayName?: string;\n }): Promise<{\n agent: SyncAgentInfo;\n }>;\n syncGetManifest(): Promise<SyncManifest>;\n syncPresign(args: {\n files: {\n path: string;\n operation: \"put\" | \"get\";\n contentType?: string;\n }[];\n }): Promise<{\n urls: SyncPresignedUrl[];\n }>;\n syncConfirmUpload(args: {\n filePath: string;\n hash: string;\n size: number;\n storageClass?: \"STANDARD\" | \"GLACIER_IR\";\n }): Promise<SyncConfirmedUpload>;\n syncReconstruct(args: {\n mode: \"full\" | \"active\" | \"memory\";\n }): Promise<SyncReconstructBundle>;\n syncGetStats(): Promise<SyncAgentStats>;\n syncListFiles(args?: {\n prefix?: string;\n }): Promise<{\n files: SyncFileEntry[];\n }>;\n syncListSessions(): Promise<{\n sessions: SyncSessionEntry[];\n }>;\n syncGetSession(sessionId: string): Promise<SyncSessionContent>;\n syncDeleteFile(filePath: string): Promise<{\n removed: boolean;\n }>;\n sharedListFiles(args: {\n scope: \"org\" | \"team\" | \"project\";\n scopeId: string;\n }): Promise<{\n files: SharedFileEntry[];\n nextCursor: string | null;\n }>;\n sharedDownloadUrl(args: {\n scope: \"org\" | \"team\" | \"project\";\n scopeId: string;\n filePath: string;\n }): Promise<{\n downloadUrl: string;\n expiresIn: number;\n }>;\n listIntegrations(): Promise<IntegrationInstall$1[]>;\n getIntegrationConfig(integrationId: string): Promise<IntegrationConfigResult$1>;\n updateIntegrationConfig(integrationId: string, config: Record<string, unknown>): Promise<void>;\n installIntegration(integrationId: string, options?: {\n version?: string;\n config?: Record<string, unknown>;\n }): Promise<IntegrationInstall$1>;\n removeIntegration(integrationId: string): Promise<IntegrationInstall$1>;\n getOAuthUrl(provider: string, scopes?: string[]): Promise<{\n url: string;\n provider: string;\n expiresIn: number;\n }>;\n getOAuthStatus(provider: string): Promise<{\n provider: string;\n connected: boolean;\n config?: Record<string, string>;\n }>;\n getRegistry(): Promise<{\n integrations: RegistryEntry$1[];\n }>;\n /**\n * Returns every connected Google account for the agent. Multi-account by\n * design — the openclaw-google plugin requires the LLM to pass `email`\n * explicitly to `google_run_command` so an account is always selected\n * deliberately.\n *\n * 2026-05-14 (connections-redesign PR 1): the legacy flat shape (`email`,\n * `refreshToken`, `accessToken`, etc., populated from the default account)\n * is gone. Iterate over `accounts`.\n */\n getGoogleCredentials(): Promise<{\n accounts: {\n email: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n displayName?: string;\n connectedAt?: string;\n }[];\n }>;\n disconnectGoogleAccount(email: string): Promise<{\n accounts: {\n email: string;\n displayName?: string;\n connectedAt?: string;\n }[];\n }>;\n getGoogleChatCredentials(): Promise<{\n email: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n displayName?: string;\n }>;\n /**\n * Fetch decrypted credentials for ONE specific connection by its\n * stable connectionId (connection-scoped, vs the provider-scoped\n * `get<Provider>Credentials` helpers). Used by the daemon to resolve\n * a Custom Connection-driven integration's credentials from the\n * exact connection it was installed from — every custom connection\n * shares the `custom` provider id, so provider-scoping is ambiguous.\n *\n * For custom connections `accessToken` is the JSON-encoded secret\n * bundle (the daemon un-bundles it); non-secret fields are on\n * `providerMetadata`. The endpoint enforces that the connection is in\n * the calling agent's effective scope (403 otherwise).\n */\n getConnectionCredentials(connectionId: string): Promise<{\n provider: string;\n connectionId: string;\n accountIdentifier?: string;\n accessToken?: string;\n providerMetadata?: Record<string, unknown>;\n [key: string]: unknown;\n }>;\n /**\n * @deprecated Returns a single primary credential blob (legacy \"pick-the-\n * default-connection\" shape). Use `getGithubAccounts()` for the multi-\n * account shape required by Pattern A — explicit selector args on every\n * tool. Retained because the `@alfe.ai/github-mcp` proxy is the\n * only consumer that knows about Pattern A; legacy env-interpolation\n * callers will keep hitting `/credentials` until they move to the proxy.\n */\n getGithubCredentials(): Promise<{\n login: string;\n accessToken: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for GitHub.\n *\n * Returns every agent-scoped GitHub connection. The caller is expected\n * to require a `login` selector on every credential-touching tool and\n * look up the matching account at dispatch time.\n *\n * GitHub OAuth tokens have no expiry (`tokenLifecycle: \"no_expiry\"`),\n * so there is intentionally no `refreshGithubAccountToken` method — if\n * a token is revoked the user must re-run the OAuth flow.\n *\n * Returned `accounts[i].login` is the GitHub username — the stable\n * cross-session identifier the LLM should pass.\n */\n getGithubAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n login: string;\n scopes: string;\n }[];\n }>;\n /**\n * @deprecated Returns a single primary credential blob (legacy \"pick-the-\n * default-connection\" shape). Use `getXeroAccounts()` for the multi-\n * account shape required by Pattern A — explicit selector args on every\n * tool. This method will be removed once all consumers migrate.\n */\n getXeroCredentials(): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n xeroTenantId: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for Xero. Returns every\n * agent-scoped Xero connection. The caller is expected to require a\n * selector arg (e.g. `xeroTenantId`) on every credential-touching tool\n * and look up the matching account by that selector at dispatch time.\n *\n * Returned `accounts[i].accountIdentifier` is the Xero tenantId — the\n * stable cross-session identifier the LLM should pass.\n */\n getXeroAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n accessTokenExpiresAt: string;\n xeroTenantId: string;\n }[];\n }>;\n refreshXeroToken(): Promise<{\n accessToken: string;\n expiresAt: string;\n }>;\n /**\n * Pattern A: refresh a specific Xero connection by its `accountIdentifier`\n * (the Xero `tenantId`). The legacy `refreshXeroToken()` only refreshes\n * the *primary* connection, which is wrong for multi-tenant Xero where\n * each tenant has its own non-interchangeable access token.\n */\n refreshXeroAccountToken(xeroTenantId: string): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n expiresAt: string;\n }>;\n /**\n * @deprecated Returns a single primary credential blob (legacy \"pick-the-\n * default-connection\" shape). Use `getNotionAccounts()` for the multi-\n * account shape required by Pattern A.\n */\n getNotionCredentials(): Promise<{\n accessToken: string;\n workspaceId: string;\n workspaceName: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for Notion. Returns every\n * agent-scoped Notion connection. The caller is expected to require a\n * selector arg (e.g. `workspaceId`) on every credential-touching tool.\n *\n * Returned `accounts[i].accountIdentifier` is the Notion workspaceId.\n */\n getNotionAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n workspaceId: string;\n workspaceName: string;\n }[];\n }>;\n /**\n * @deprecated Returns a single primary Atlassian Connection's credentials\n * (one OAuth user, one cloudId) — the legacy \"pick-the-default-connection\"\n * shape. Atlassian is multi-site by nature (each OAuth user may have\n * access to multiple Cloud sites), so Pattern A plugins MUST use\n * `getAtlassianAccounts()` to discover the full set and dispatch via\n * the `cloudId` selector arg.\n */\n getAtlassianCredentials(): Promise<{\n accessToken: string;\n refreshToken: string;\n accessTokenExpiresAt: string;\n cloudId: string;\n siteName: string;\n siteUrl: string;\n email: string;\n enabledProducts: string[];\n clientId: string;\n clientSecret: string;\n }>;\n refreshAtlassianToken(): Promise<{\n accessToken: string;\n expiresAt: string;\n }>;\n /**\n * Pattern A: multi-account / multi-site credential fetch for Atlassian.\n *\n * Returns every agent-scoped Atlassian Connection. Each Connection is\n * one OAuth user with a single access token and N accessible Cloud\n * sites (`availableSites`). The caller is expected to:\n *\n * 1. Flatten (connection × cloudId) into one MCP child per site.\n * 2. Require a `cloudId` selector on every credential-touching tool.\n * 3. Use the access token bound to the Connection that owns the\n * requested `cloudId` (Atlassian shares one access token across\n * all sites accessible to the OAuth user).\n *\n * Per-account token refresh uses `refreshAtlassianAccountToken(email)`\n * — refreshing one Connection rotates its single access token, which\n * then applies to every cloudId for that Connection.\n *\n * Returned `accounts[i].accountIdentifier` is the OAuth user's email\n * — the stable cross-session identifier for refresh purposes. The LLM\n * never sees this directly: it picks a site via the `cloudId` arg\n * instead.\n */\n getAtlassianAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n accessTokenExpiresAt: string;\n clientId: string;\n clientSecret: string;\n cloudId: string;\n siteName: string;\n siteUrl: string;\n availableSites: {\n id: string;\n url: string;\n name: string;\n scopes?: string[];\n avatarUrl?: string;\n }[];\n }[];\n }>;\n /**\n * Pattern A: refresh a specific Atlassian Connection by `accountIdentifier`\n * (the OAuth user's email).\n *\n * Atlassian rotates refresh tokens (`rotatesRefreshToken: true`); the\n * server-side per-account refresh endpoint handles rotation and\n * persistence. Refreshing one Connection updates its single access\n * token, which applies to every accessible Cloud site (cloudId) for\n * that OAuth user.\n *\n * Returns the new access token + expiry. The proxy is responsible for\n * fanning the new token out to every child server it spawned for\n * cloudIds owned by this Connection.\n */\n refreshAtlassianAccountToken(accountIdentifier: string): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n expiresAt: string;\n }>;\n /**\n * @deprecated Returns a single primary credential blob (legacy \"pick-the-\n * default-connection\" shape). Use `getMYOBAccounts()` for the multi-\n * account shape required by Pattern A.\n */\n getMYOBCredentials(): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n myobBusinessId: string;\n clientId: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for MYOB. Returns every\n * agent-scoped MYOB connection. The caller is expected to require a\n * selector arg (e.g. `myobBusinessId` / `accountIdentifier`) on every\n * credential-touching tool.\n *\n * Returned `accounts[i].accountIdentifier` is the MYOB businessId.\n */\n getMYOBAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n accessTokenExpiresAt: string;\n myobBusinessId: string;\n clientId: string;\n }[];\n }>;\n refreshMYOBToken(): Promise<{\n accessToken: string;\n expiresAt: string;\n }>;\n /**\n * @deprecated Returns a single primary credential blob. Use\n * `getSalesforceAccounts()` for the multi-account shape required by\n * Pattern A.\n */\n getSalesforceCredentials(): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n instanceUrl: string;\n orgId: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for Salesforce. Returns every\n * agent-scoped Salesforce connection. One OAuth grant maps to one org, so\n * `accounts[i].accountIdentifier` (and `orgId`) is the Salesforce org id —\n * the selector every credential-touching tool requires.\n */\n getSalesforceAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n accessTokenExpiresAt: string;\n instanceUrl: string;\n orgId: string;\n }[];\n }>;\n /**\n * Refresh the access token for a specific Salesforce org. Salesforce\n * tokens aren't interchangeable across orgs, so the connection is targeted\n * by `accountIdentifier` (the org id) — mirrors `refreshXeroAccountToken`.\n */\n refreshSalesforceAccountToken(orgId: string): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n expiresAt: string;\n }>;\n /**\n * Microsoft 365 (delegated OAuth) credential fetch — single-account shape.\n *\n * @deprecated Use `getMicrosoftAccounts()` and dispatch via the `email`\n * selector once per-account plugins land. Retained because the existing\n * `integrations/connect/microsoft/hooks/post_activate.mjs` writes\n * `mgc` credentials for the single (default) Microsoft account.\n *\n * Returns the agent's effective Microsoft delegated-OAuth credentials.\n * Distinct from `getTeamsCredentials()` (Azure bot credentials for the\n * Teams adapter, which is admin-consent flow on services/microsoft, not\n * delegated OAuth on services/connect).\n */\n getMicrosoftCredentials(): Promise<{\n accessToken: string;\n accessTokenExpiresAt?: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n email?: string;\n microsoftTenantId?: string;\n workspaceDomain?: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for Microsoft 365.\n *\n * Returns every agent-scoped Microsoft connection. The caller is expected\n * to require an `email` selector on every credential-touching tool and\n * look up the matching account at dispatch time.\n *\n * Returned `accounts[i].accountIdentifier` is the user's primary email\n * (or the tid claim as fallback) — the stable cross-session identifier\n * the LLM should pass.\n *\n * Per-account token refresh is exposed via `refreshMicrosoftAccountToken`,\n * NOT `refreshXeroAccountToken` — Microsoft refresh tokens are not\n * interchangeable across (tenant, user) pairs.\n */\n getMicrosoftAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n accessTokenExpiresAt: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n email: string;\n microsoftTenantId: string;\n workspaceDomain: string;\n }[];\n }>;\n /**\n * Pattern A: refresh a specific Microsoft 365 connection by its\n * `accountIdentifier`. For Microsoft, `accountIdentifier` is the user's\n * email when the Graph profile fetch succeeded at connect time, and the\n * Azure tenant id (`tid` claim) as fallback. Callers should pass the\n * value returned by `getMicrosoftAccounts()` rather than synthesising\n * an email locally.\n *\n * Microsoft refresh tokens are bound to a specific (tenant, user) pair —\n * they are NOT interchangeable across accounts, so per-account refresh\n * is mandatory. The generic /accounts/{accountIdentifier}/refresh\n * endpoint walks the agent's full visible scope chain to find a matching\n * connection (works for inherited team/project Microsoft connections).\n */\n refreshMicrosoftAccountToken(accountIdentifier: string): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n expiresAt: string;\n }>;\n getTeamsCredentials(): Promise<{\n agentId: string;\n tenantId: string;\n azureAppId: string;\n azureBotId: string;\n azureClientSecret: string;\n botDisplayName?: string;\n teamsTenantId?: string;\n serviceUrl?: string;\n }>;\n sendTeamsMessage(data: {\n conversationId: string;\n text?: string;\n adaptiveCard?: Record<string, unknown>;\n }): Promise<{\n ok: boolean;\n activityId: string;\n }>;\n listTeamsChannels(): Promise<{\n channels: {\n id: string;\n name: string;\n description?: string;\n }[];\n }>;\n presignAttachments(files: {\n filename: string;\n mimeType: string;\n size: number;\n }[]): Promise<{\n attachments: {\n id: string;\n uploadUrl: string;\n downloadUrl: string;\n s3Key: string;\n expiresAt: string;\n }[];\n }>;\n /**\n * Generate an image from a text prompt and get back a STABLE, public URL\n * (served from the agent-assets CDN — it does not expire). The image is\n * generated + stored server-side; embed the returned `imageUrl` in a reply as\n * markdown to show it to the user.\n *\n * Unlike most methods this reads the server's error body so a bad-request\n * detail (e.g. an unsupported `size`) reaches the caller instead of an opaque\n * \"request failed (400)\". Not retried — generation is expensive and\n * non-idempotent.\n */\n generateImage(args: {\n prompt: string;\n model?: string;\n size?: string;\n quality?: string;\n }): Promise<{\n imageUrl: string;\n model: string;\n }>;\n recordActivity(data: {\n userId?: string;\n channel: string;\n role: \"user\" | \"assistant\";\n }): Promise<{\n recorded: boolean;\n }>;\n /** Update the agent's own name and/or voice config. Returns the updated agent. */\n updateSelf(update: {\n name?: string;\n voiceConfig?: AgentVoiceConfig;\n }): Promise<AgentSelf>;\n /**\n * Generate the agent's own avatar from a text prompt. The image is generated,\n * stored, and set on the agent server-side; returns the updated agent.\n */\n generateAvatar(args: {\n prompt: string;\n }): Promise<AgentSelf>;\n /**\n * Get a presigned PUT URL to upload a new avatar image. Upload the bytes to\n * `uploadUrl`, then call `finalizeAvatar(s3Key)` to set it on the agent.\n */\n presignAvatar(args: {\n mimeType: string;\n size: number;\n }): Promise<AgentAvatarPresign>;\n /**\n * Finalize an avatar upload — validates ownership + size, then sets the\n * agent's `avatarUrl` server-side. Returns the updated agent.\n */\n finalizeAvatar(s3Key: string): Promise<AgentSelf>;\n /** List the platform voice catalogue (ElevenLabs) so the agent can pick its own voice. */\n listVoices(): Promise<{\n voices: AgentVoice[];\n }>;\n /**\n * Mint a fresh AES-256 data key for a specific (secret, field) pair. The\n * encryption context is rebuilt server-side from `auth.tenantId` + the body\n * fields including `fieldKey`; the agent cannot forge context for a scope\n * or field it doesn't own. Legacy single-envelope secrets are migrated to\n * `field#value` rows by the data migration, so call with `fieldKey: \"value\"`\n * to reach them.\n */\n generateSecretDataKey(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n }): Promise<GeneratedDataKey$1>;\n /**\n * Unwrap a wrapped data key so the agent can decrypt the envelope locally.\n * `fieldKey` MUST match the value supplied when the data key was generated\n * (it's bound into KMS encryption context); mismatch fails with\n * `InvalidCiphertextException`.\n */\n decryptSecretDataKey(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n dataKeyCiphertext: string;\n }): Promise<{\n plaintextKey: string;\n }>;\n /**\n * Create a new secret with one or more fields. Encrypted fields must arrive\n * pre-sealed (the agent has already obtained per-field data keys via\n * `generateSecretDataKey({ ..., fieldKey })` and AES-encrypted locally).\n * Plaintext fields ship the value inline.\n */\n createSecret(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n secretName: string;\n category?: SecretCategory$1;\n description?: string;\n tags?: string[];\n fields: {\n key: string;\n format?: FieldFormat$1;\n sensitivity: FieldSensitivity$1;\n value?: string;\n envelope?: EncryptedEnvelopeV1$1;\n }[];\n reason?: string;\n }): Promise<SecretAggregate$1>;\n /** Fetch the secret aggregate plus per-field encrypted envelopes. */\n getSecret(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n }): Promise<{\n aggregate: SecretAggregate$1;\n envelopes: FieldEnvelope$1[];\n }>;\n /** Fetch one field. Plaintext: value inline. Encrypted: envelope. */\n getSecretField(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n }): Promise<{\n key: string;\n sensitivity: FieldSensitivity$1;\n format?: FieldFormat$1;\n value?: string;\n envelope?: EncryptedEnvelopeV1$1;\n rotatedAt?: string;\n createdAt: string;\n updatedAt: string;\n }>;\n /** Add OR rotate one field. */\n setSecretField(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n sensitivity: FieldSensitivity$1;\n format?: FieldFormat$1;\n value?: string;\n envelope?: EncryptedEnvelopeV1$1;\n reason?: string;\n }): Promise<{\n fieldKey: string;\n rotated: boolean;\n }>;\n /** Remove one field. */\n removeSecretField(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n }): Promise<void>;\n /** Update secret-level metadata (name/description/tags/category). */\n updateSecretMetadata(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n secretName?: string;\n description?: string;\n tags?: string[];\n category?: SecretCategory$1;\n reason?: string;\n }): Promise<SecretAggregate$1>;\n /** List metadata for secrets in a scope. Optional filters route through the byFacet GSI. */\n listSecrets(args: {\n scope: SecretScope$1;\n scopeId: string;\n category?: SecretCategory$1;\n tag?: string;\n fieldKey?: string;\n }): Promise<SecretMetadata$1[]>;\n /** Bounded changelog read — metadata-only audit entries. */\n getSecretHistory(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n limit?: number;\n cursor?: string;\n }): Promise<{\n entries: ChangelogEntry$1[];\n nextCursor?: string;\n }>;\n /** Delete a secret (and all its field rows + tag rows + changelog rows). */\n deleteSecret(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n }): Promise<void>;\n /** Enumerate scopes (org/team/project/agent) this agent can access. */\n listSecretScopes(): Promise<ScopeInfo$1[]>;\n /**\n * Returns the calling agent's own identity context — `{ agentId, tenantId }`\n * decoded server-side from the agent API token. Used by the\n * `@alfe.ai/openclaw-identity` plugin to bootstrap context when the\n * OpenClaw daemon doesn't plumb `ctx.agentId` through to plugin hooks.\n * Plugins should cache this for the daemon's lifetime (single-agent-per-\n * process invariant). One HTTP round-trip per process activate; not for\n * per-call use.\n */\n whoami(): Promise<{\n agentId: string;\n tenantId: string;\n }>;\n resolveIdentity(args: {\n provider: string;\n platformId: string;\n kind?: \"user\" | \"agent\" | \"service\" | \"bot\" | \"workspace\";\n displayName?: string;\n }): Promise<{\n identityId: string | null;\n status: string;\n created?: boolean;\n reason?: string;\n /**\n * Flattened auriclabs permission strings for the resolved identity\n * (scope-prefixed where applicable). Empty array on miss / org service\n * outage — the runtime gate fails closed in that case.\n */\n permissions: string[];\n }>;\n searchIdentities(args?: {\n q?: string;\n status?: string;\n limit?: number;\n }): Promise<{\n identities: unknown[];\n }>;\n getIdentityContext(identityId: string): Promise<{\n context: unknown;\n }>;\n mergeIdentities(survivorId: string, args: {\n mergedId: string;\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n error?: string;\n }>;\n unmergeIdentity(identityId: string, args: {\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n error?: string;\n }>;\n addIdentityNote(identityId: string, args: {\n content: string;\n category?: string;\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n noteId: string | null;\n }>;\n tagIdentity(identityId: string, args: {\n tag: string;\n action: \"add\" | \"remove\";\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n }>;\n getIdentityChangelog(identityId: string, args?: {\n limit?: number;\n }): Promise<{\n entries: unknown[];\n }>;\n rollbackIdentity(identityId: string, args: {\n targetVersion: number;\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n entry?: unknown;\n }>;\n requestIdentityVerification(args: {\n claimedIdentityId: string;\n requestingIdentityId: string;\n requestingProvider: string;\n requestingPlatformId: string;\n preferredChannel?: \"mobile\" | \"email\";\n /**\n * Phase 2: agent-supplied contact endpoint. When provided, the top-level\n * `preferredChannel` is ignored — the contact's channel wins.\n */\n contact?: {\n channel: \"email\" | \"mobile\";\n value: string;\n };\n }): Promise<{\n verificationId: string;\n channel: string;\n deliveredTo: string;\n expiresAt: string;\n availableChannels: {\n channel: string;\n deliveredTo: string;\n }[];\n } | {\n error: string;\n }>;\n confirmIdentityVerification(args: {\n claimedIdentityId: string;\n verificationId: string;\n phrase: string;\n }): Promise<{\n verified: boolean;\n identityId?: string;\n /** Phase 2: how the confirm resolved — Scenario A vs B. */\n action?: \"merged\" | \"contact_verified\";\n error?: string;\n }>;\n /**\n * Update display-shape fields on an Identity. Body excludes `email` /\n * `phone` / `title` / `company` / `metadata` per Section D4 — contacts go\n * via the verify flow, title/company live on OrgMembership, metadata is\n * not agent-writable.\n */\n updateIdentity(identityId: string, args: {\n name?: string;\n avatarUrl?: string;\n timezone?: string;\n locale?: string;\n }): Promise<{\n ok: boolean;\n }>;\n /**\n * Phase 2 (Section H): server-side verification of a Google Chat sender via\n * the agent's existing Google OAuth credentials. Returns the resolved\n * identity (created or matched via Scenario-B email enrichment).\n */\n resolveGoogleChatSender(args: {\n senderUserId: string;\n spaceId?: string;\n }): Promise<{\n identityId: string | null;\n status: string;\n }>;\n memorySearch(query: string, opts?: {\n limit?: number;\n topic?: string;\n subtopic?: string;\n tag?: string;\n includeKnowledge?: boolean;\n }): Promise<{\n facts: {\n subject: string;\n predicate: string;\n object: string;\n since: string;\n confidence: number;\n }[];\n memories: {\n id: string;\n text: string;\n topic: string;\n subtopic: string;\n tag: string;\n importance: number;\n timestamp: number;\n score: number;\n }[];\n }>;\n memoryStore(text: string, opts?: {\n topic?: string;\n subtopic?: string;\n tag?: string;\n importance?: number;\n }): Promise<{\n memoryId: string;\n }>;\n memoryIngest(sessionKey: string, messages: {\n role: string;\n content: string;\n index: number;\n timestamp?: string;\n }[], metadata?: {\n channelId?: string;\n userId?: string;\n userName?: string;\n }): Promise<{\n queued: boolean;\n messageCount: number;\n }>;\n memoryLoadContext(tier?: number, topicHint?: string): Promise<{\n formatted: string;\n [key: string]: unknown;\n }>;\n memoryLookupEntity(subject: string): Promise<{\n subject: string;\n triples: {\n tripleId: string;\n predicate: string;\n object: string;\n validFrom: string;\n validTo?: string;\n confidence: number;\n }[];\n }>;\n memoryNavigate(): Promise<{\n topics: {\n name: string;\n tripleCount: number;\n subtopics: string[];\n }[];\n cursor: string | null;\n }>;\n memoryDelete(memoryId: string): Promise<{\n deleted: boolean;\n }>;\n memoryStats(): Promise<{\n vectorCount: number;\n tripleCount: number;\n storageEstimateBytes: number;\n lastIngestionAt?: string;\n }>;\n memoryLearn(args: {\n text: string;\n source?: string;\n sourceType?: \"file\" | \"url\" | \"inline\";\n metadata?: {\n sessionId?: string;\n channelId?: string;\n userName?: string;\n };\n }): Promise<{\n memoriesStored: number;\n triplesStored: number;\n chunks: number;\n source?: string;\n }>;\n memoryBootstrapStatus(): Promise<{\n synced: boolean;\n syncedAt?: string;\n }>;\n memoryBootstrapStatusMark(): Promise<{\n synced: true;\n syncedAt: string;\n }>;\n searchWeb(params: {\n query: string;\n count?: number;\n offset?: number;\n country?: string;\n freshness?: string;\n }): Promise<unknown>;\n searchImages(params: {\n query: string;\n count?: number;\n }): Promise<unknown>;\n searchNews(params: {\n query: string;\n count?: number;\n freshness?: string;\n }): Promise<unknown>;\n /**\n * Semantic search across the agent's member scopes. Fan-out is gated\n * server-side by `listScopes` set-inclusion (fail-closed). Pass\n * `scopeType` + `scopeId` to narrow to one scope; a non-member scope\n * yields empty results (never a cross-scope leak).\n */\n knowledgeSearch(query: string, opts?: {\n limit?: number;\n scopeType?: KnowledgeScopeType;\n scopeId?: string;\n }): Promise<KnowledgeSearchResult>;\n /** Enumerate the scopes (org + teams + projects) this agent belongs to. */\n listScopes(): Promise<{\n scopes: KnowledgeScope[];\n }>;\n /** Read a scope's structured knowledge profile (after membership check). */\n getScopeProfile(scopeType: KnowledgeScopeType, scopeId: string): Promise<KnowledgeProfile>;\n /** List a scope's facts (non-semantic, full enumeration). */\n listScopeFacts(scopeType: KnowledgeScopeType, scopeId: string, opts?: {\n limit?: number;\n cursor?: string;\n }): Promise<{\n facts: KnowledgeFact[];\n nextCursor: string | null;\n }>;\n /**\n * Publish a fact at a scope. This is the deliberate cross-agent learning\n * boundary — facts are attributable (the agent is recorded as author) and\n * never an automatic merge. Membership is enforced server-side (403 for a\n * non-member scope).\n */\n createScopeFact(scopeType: KnowledgeScopeType, scopeId: string, text: string): Promise<KnowledgeFact>;\n /** Delete a fact at a scope. */\n deleteScopeFact(scopeType: KnowledgeScopeType, scopeId: string, factId: string): Promise<{\n removed: boolean;\n }>;\n /** List a scope's docs (the org-files corpus; mirrored to shared/<scope>/). */\n listScopeDocs(scopeType: KnowledgeScopeType, scopeId: string, opts?: {\n limit?: number;\n cursor?: string;\n }): Promise<{\n files: KnowledgeDoc[];\n nextCursor: string | null;\n }>;\n /**\n * Read the full text of a scope doc. Resolves a presigned download URL\n * from `services/org`, then fetches the bytes directly from S3 (the one\n * legitimate raw fetch in a plugin — same pattern as sync).\n */\n readScopeDoc(scopeType: KnowledgeScopeType, scopeId: string, filePath: string): Promise<{\n filePath: string;\n text: string;\n }>;\n /**\n * Write (create or overwrite) a scope doc. Two-step presigned upload:\n * `services/org` returns a signed URL plus `requiredHeaders` (author /\n * authorKind / message as `x-amz-meta-*`) that MUST be sent verbatim on\n * the PUT, alongside the same `Content-Type` that was signed. Author and\n * authorKind are server-set from the agent token — never trusted here.\n */\n writeScopeDoc(scopeType: KnowledgeScopeType, scopeId: string, filePath: string, content: string, opts?: {\n contentType?: string;\n message?: string;\n }): Promise<{\n filePath: string;\n }>;\n registerDatabaseCredentials(): Promise<{\n connectionString: string;\n username: string;\n password: string;\n databases: string[];\n }>;\n reportDatabaseAudit(entry: {\n database: string;\n collection: string;\n operation: string;\n summary?: string;\n }): Promise<void>;\n requestBrowserTakeover(args: {\n instructions: string;\n url?: string;\n conversationId?: string;\n }): Promise<{\n sessionId: string;\n status: string;\n }>;\n getRemoteSession(sessionId: string): Promise<RemoteSessionInfo>;\n completeRemoteSession(sessionId: string): Promise<{\n ok: boolean;\n }>;\n /**\n * Issue a request that returns the raw `Response` (no JSON parsing, no\n * forced Content-Type). The caller sets `Content-Type`/`Accept` on `headers`\n * and reads the body itself (`arrayBuffer()` / `json()`).\n *\n * A single retry fires only on the same transient statuses `request()`\n * retries (authorizer-timeout 500 + LB 502/503/504) and transient network\n * errors — before the route handler runs — so re-issuing a POST does not\n * risk a duplicate side effect. Voice TTS/STT are effectively idempotent\n * (re-synthesize / re-transcribe) and meter server-side keyed on the\n * gateway requestId, so a retried transcription doesn't double-bill.\n */\n private rawFetch;\n /**\n * Text-to-speech. Returns raw PCM audio bytes plus their framing — the\n * voice service defaults to 24 kHz / mono / 16-bit. Wrap in a WAV container\n * to produce a playable file. Metered per character against the tenant\n * credit pool server-side; TTS completes regardless of metering outcome.\n */\n tts(args: VoiceTtsArgs): Promise<VoiceTtsResult>;\n /**\n * Speech-to-text. Accepts raw linear16 (16-bit LE) mono PCM — NOT a WAV or\n * other container (the endpoint transcribes with a fixed linear16 encoding,\n * so a container header would be transcribed as noise). Strip any WAV header\n * and pass `sampleRate` from it before calling. Metered by transcribed\n * duration against the tenant credit pool server-side.\n */\n stt(args: VoiceSttArgs): Promise<VoiceSttResult>;\n}\n//# sourceMappingURL=index.d.ts.map\n//#endregion\nexport { AgentApiClient, AgentApiClientConfig, AgentAvatarPresign, AgentSelf, AgentVoice, AgentVoiceConfig, type ChangelogAction, type ChangelogActor, type ChangelogEntry, type EncryptedEnvelopeV1, type Field, type FieldEnvelope, type FieldFormat, type FieldSensitivity, type FieldView, type GeneratedDataKey, type IntegrationConfigResult, type IntegrationConfigSchemaField, type IntegrationInstall, KnowledgeDoc, KnowledgeFact, KnowledgeProfile, KnowledgeProfileLink, KnowledgeScope, KnowledgeScopeType, KnowledgeSearchHit, KnowledgeSearchResult, type RegistryEntry, RemoteSessionInfo, type ScopeInfo, type SecretAggregate, type SecretCategory, type SecretMetadata, type SecretScope, SharedFileEntry, SyncAgentInfo, SyncAgentStats, SyncConfirmedUpload, SyncFileEntry, SyncManifest, SyncManifestEntry, SyncPresignedUrl, SyncReconstructBundle, SyncReconstructFile, SyncSessionContent, SyncSessionEntry, VoiceSttArgs, VoiceSttResult, VoiceTtsArgs, VoiceTtsModel, VoiceTtsResult };\n//# sourceMappingURL=index.d.ts.map"],"mappings":";;;;;;;;;AAyBA;AAOA;;;;;AAIA;AAiBiB,UA5BA,aAAA,CA4BY;EA4BP,IAAA,EAAA,MAAA;EAAY,IAAA,EAAA,MAAA;YAEvB,EAAA,MAAA;cAAR,EAAA,UAAA,GAAA,YAAA;;AAmBmB,UAtEL,aAAA,CAsEkB;EAAA,KAAA,EArE1B,MAqE0B,CAAA,MAAA,EArEX,aAqEW,CAAA;;AAGhC,UArEc,cAAA,CAqEd;EAAO,OAAA,EAAA,CAAA;EAUY,OAAA,EAAA,MAAA;EAAmB,QAAA,EAAA,MAAA;OAGhC,EA9EA,MA8EA,CAAA,MAAA,EAAA;IACN,IAAA,EAAA,MAAA;IAAO,IAAA,EAAA,MAAA;IASY,QAAA,EAAA,MAAA;IAgBA,IAAA,CAAA,EAAA,MAAA;IAgBN,YAAa,CAAA,EAAA,MAAA;IAAA,UAAA,CAAA,EAAA,OAAA;;;AAG1B,UA9Gc,YAAA,CA8Gd;EAAY;;;;EC1FF;EAiDS,SAAA,EAAA,MAAA,EAAA;EA+BN;EAuBA,aAAA,EAAA,MAAe,EAAA;AAU/B;;;;AC1Lo2B;AAIt0B;AAIH;AASJ;AAkBbqC,iBF8CY,YAAA,CE9CA,aAAA,EAAA,MAAA,CAAA,EFgDnB,OEhDmB,CFgDX,aEhDW,CAAA;;;;;AAMZE,iBF6DY,aAAA,CE7DI,aAAA,EAAA,MAAA,EAAA,QAAA,EF+Dd,aE/Dc,CAAA,EFgEvB,OEhEuB,CAAA,IAAA,CAAA;AAAA;AAKG;AAOA;AAenBI,iBF+CY,mBAAA,CE/CE,aAAA,EAAA,MAAA,EAAA,YAAA,EAAA,MAAA,EAAA,KAAA,EFkDf,aElDe,CAAA,EFmDrB,OEnDqB,CAAA,IAAA,CAAA;AAAA;AAOD;AAQG;AAYhBI,iBFiCY,mBAAA,CEjCG,aAAA,EAAA,MAAA,EAAA,YAAA,EAAA,MAAA,CAAA,EFoCtB,OEpCsB,CAAA,IAAA,CAAA;AAAA;AAMF;AAEQ;AASA;AAarBK,iBFmBY,eAAA,CEnBQ,QAAA,EAAA,MAAA,CAAA,EFmB2B,OEnB3B,CAAA,MAAA,CAAA;AAAA;;;;;AAapBE,iBFsBM,aAAA,CEpBHN,KAAAA,EFqBJ,aErBsB,EAAA,MAAA,EFsBrB,cEtBqB,CAAA,EFuB5B,YEvB4B;AAAA;;;cDnElB;iBAiDS,kBAAA,2CAGnB;iBA4Ba,YAAA;ADhIC,iBCuJD,eAAA,CDvJc,WAAA,EAAA,MAAA,EAAA,QAAA,EAAA,MAAA,EAAA,CAAA,EAAA,OAAA;AAOb,iBC0JD,aAAA,CD1Jc,KAAA,EAAA,MAAA,EAAA,EAAA,QAAA,EAAA,MAAA,EAAA,CAAA,EAAA,MAAA,EAAA;;;;;;AAP9B,UErBUf,oBAAAA,CFqBoB;EAO9B,MAAiB,EAAA,MAAA;EAAa,MAAA,EAAA,MAAA;;UExBpBC,iBAAAA,CFyBD;EAAM,SAAA,EAAA,MAAA;EAGf,OAAiB,EAAA,MAAA;EAiBjB,OAAiB,EAAA,SAAY,GAAA,UAAA;EA4B7B,MAAsB,EAAA,eAAY,GAAA,gBAAA,GAAA,kBAAA,GAAA,UAAA,GAAA,WAAA,GAAA,SAAA,GAAA,QAAA;EAAA,GAAA,CAAA,EAAA,MAAA;cAEvB,CAAA,EAAA,MAAA;aAAR,CAAA,EAAA,MAAA;;AAmBH,UErFUC,aAAAA,CFqFyB;EAAA,OAAA,EAAA,MAAA;UAEvB,EAAA,MAAA;aACT,EAAA,MAAA;EAAO,QAAA,EAAA,MAAA;EAUV,MAAsB,EAAA,OAAA,GAAA,SAAmB,GAAA,QAAA;EAAA,SAAA,CAAA,EAAA,MAAA;WAGhC,CAAA,EAAA,MAAA;UACN,CAAA,EAAA,MAAA;;AASH,UErGUC,iBAAAA,CFqG+B;EAgBzC,IAAsB,EAAA,MAAA;EAgBtB,IAAgB,EAAA,MAAA;EAAa,QAAA,EAAA,MAAA;OACpB,EAAA,MAAA;cACC,CAAA,EAAA,MAAA;YACP,CAAA,EAAA,OAAA;;UEhIOC,YAAAA;;;EDsCV,QAAa,EAAA,MAAA;EAiDb,KAAsB,ECnFbC,MDmFa,CAAA,MAAA,ECnFEF,iBDsFrB,CAAA;AA4BH;AAuBA,UCvIUG,gBAAAA,CDuIqB;EAU/B,IAAgB,EAAA,MAAA;;;;AC1Lo1B,UA8C11BC,mBAAAA,CA1CoB;EAAA,QAIpBN,EAAAA,MAAAA;EAAiB,IASjBC,EAAAA,MAAAA;EAAa,IAUbC,EAAAA,MAAAA;EAAiB,YAQjBC,EAAAA,UAAY,GAAA,YAAA;EAAA,QAAA,EAAA,MAAA;;UAkBZI,mBAAAA,CAdDH;EAAM,IAAA,EAAA,MAAA;EAAA,IAELC,EAAAA,MAAAA;EAAgB,GAKhBC,EAAAA,MAAAA;EAAmB,YAOnBC,CAAAA,EAAAA,MAAAA;EAAmB,UAOnBC,CAAAA,EAAAA,OAAAA;AAKkB;AAGJ,UARdA,qBAAAA,CAea;EAAA,OAQbG,EAAAA,MAAAA;EAAgB,IAOhBC,EAAAA,MAAAA,GAAAA,QAAkB,GAAA,QAAA;EAAA,SAKlBC,EAAAA,MAAAA;EAAe,SAMpBC,EAAAA,MAAAA;EAAkB,KACbC,EArCDR,mBAqCe,EAAA;EACO,SAIrBS,EAAAA,MAAAA;AAKqB;AASF,UArDnBP,cAAAA,CAyDAS;EAAoB,OAIpBC,EAAAA,MAAAA;EAAgB,aAAA,EAAA,MAAA;cACbL,EAAAA,MAAAA;WAIJI,EAAAA,MAAAA;EAAoB,UAAA,EAAA,MAAA,GAAA,IAAA;AAAA;AAME,UAjErBR,aAAAA,CAyEY;EAAA,QAUZY,EAAAA,MAAAA;EAAgB,IAYhBC,EAAAA,MAAAA;EAKsB,QAItBC,EAAAA,MAAAA;EAAkB,WAWlBC,EAAAA,MAAU;EAKJ,YAIXC,CAAAA,EAAAA,MAAa;EAAA,UACRC,CAAAA,EAAAA,OAAY;AAMC;AAKR,UAhILhB,gBAAAA,CAwIY;EAEH,SAITqB,EAAAA,MAAAA;EAAc,IAKVC,EAAAA,MAAAA;EAAc,YAAA,EAAA,MAAA;cAGNlC,CAAAA,EAAAA,MAAAA;YAKXE,EAAAA,OAAAA;;UApJDW,kBAAAA,CAsJmBT;WAAR+B,EAAAA,MAAAA;SAQX7B,EAAAA,MAAAA;YADJ6B,EAAAA,OAAAA;;UAxJIrB,eAAAA,CAgKJqB;UAGQ1B,EAAAA,MAAAA;UAAR0B,EAAAA,MAAAA;QACoBzB,MAAAA;aAARyB,CAAAA,EAAAA,MAAAA;;KA9JbpB,kBAAAA,GAiKCoB,KAAAA,GAAAA,MAAAA,GAAAA,SAAAA;UAhKInB,cAAAA,CAoKIJ;WADQuB,EAlKTpB,kBAkKSoB;SAGuBtB,EAAAA,MAAAA;QAARsB,MAAAA;;UAjK3BlB,kBAAAA,CAyKCH;YADLqB;QAQAA,MAAAA;;OAIgBA,EAAAA,MAAAA;WACiCnD,EAhL1C+B,kBAgL0C/B;SAARmD,EAAAA,MAAAA;QACU9B,EAAAA,KAAAA,GAAAA,MAAAA;;UAG5CA,CAAAA,EAAAA,MAAAA;;QACP8B,CAAAA,EAAAA,MAAAA;;UA7KIjB,qBAAAA,CA8KkCiB;SACQA,EA9KzClB,kBA8KyCkB,EAAAA;;iBAKhBA,EAAAA,OAAAA;;UA/K1BhB,oBAAAA,CAoLOgB;OAaSA,EAAAA,MAAAA;OAUgBA,MAAAA;;UAvMhCf,gBAAAA,CAuOaf;WAL2B8B,EAjOrCpB,kBAiOqCoB;SAgBxBA,EAAAA,MAAAA;OAkBHA,EAAAA,MAAAA,GAAAA,IAAAA;aAiBCA,EAAAA,MAAAA,GAAAA,IAAAA;OAcHA,EA9RZhB,oBA8RYgB,EAAAA;WAWCA,EAAAA,MAAAA,GAAAA,IAAAA;WAU2BA,EAAAA,MAAAA,GAAAA,IAAAA;;UA/SvCd,aAAAA,CAqUac;QAmBMA,EAAAA,MAAAA;WAYFA,EAlWdpB,kBAkWcoB;SA0BDA,EAAAA,MAAAA;QAoCiCA,MAAAA;YAUnCA,EAAAA,MAAAA;WAcHA,EAAAA,MAAAA;WAYCA,EAAAA,MAAAA;WASQA,EAAAA,MAAAA;;UArcpBb,YAAAA,CAkesCa;UAkBnBA,EAAAA,MAAAA;UAyBHA,EAAAA,MAAAA;aA8BiCA,CAAAA,EAAAA,MAAAA;QAKlCA,MAAAA;YAaN9B,CAAAA,EAAAA,MAAAA;WACb8B,EAAAA,MAAAA;WAIiBA,EAAAA,MAAAA;;;UAxjBbZ,gBAAAA,CAomBJY;;SAOQX,CAAAA,EAAAA,MAAAA;UAARW,CAAAA,EAAAA,MAAAA;SAOQX,CAAAA,EAAAA,OAAAA;;;;;;;;UAtmBJA,SAAAA,CAioBCzB;SAIGjB,EAAAA,MAAAA;UAARqD,EAAAA,MAAAA;QAQKpC,MAAAA;WAKLoC,CAAAA,EAAAA,MAAAA;aAUKpC,CAAAA,EAvpBKwB,gBAupBLxB;QAIIJ,EAAAA,MAAAA;;;UAvpBL8B,kBAAAA,CA+pBOrD;;WAGX+D,EAAAA,MAAAA;;OAOS1C,EAAAA,MAAAA;;WADT0C,EAAAA,MAAAA;;WAYWxD,EAAAA,MAAAA;;;UAzqBP+C,UAAAA,CAuqBJS;YAYKpC;QAIMpB,MAAAA;YACJF,EAAAA,MAAAA;aAEEL,EAAAA,MAAAA;QAET+D,EAvrBI9B,MAurBJ8B,CAAAA,MAAAA,EAAAA,MAAAA,CAAAA;UAMKpC,EAAAA,MAAAA;;;KAzrBN4B,aAAAA,GAssBUhC,mBAAAA,GAAAA,wBAAAA;UArsBLiC,YAAAA,CAusBInC;;QAGHM,MAAAA;;SAKGF,CAAAA,EAAAA,MAAAA;;OAGHE,CAAAA,EA5sBD4B,aA4sBC5B;;;UAzsBD8B,cAAAA,CAotBC9B;;OAKmBR,EAvtBrBuC,MAutBqBvC;;YAUlB4C,EAAAA,MAAAA;;UAyBNA,EAAAA,MAAAA;;UAaAA,EAAAA,MAAAA;;UA/vBIJ,YAAAA,CAqxBJI;;OAgBAA,EAnyBGH,UAmyBHG;;YA4BAA,EAAAA,MAAAA;;UA3zBIF,cAAAA,CA61BJE;QAWAA,MAAAA;;YAkCAA,EAAAA,MAAAA;;cAr4BQD,cAAAA,CAq5B0CC;mBAIjBA,MAAAA;mBAWnBA,MAAAA;aAQcA,CAAAA,MAAAA,EAz6BZnC,oBAy6BYmC;UAGjBA,OAAAA;cAeXA,CAAAA,KAAAA,EAAAA;eAMqBA,CAAAA,EAAAA,MAAAA;MA77BrBA,OAi8ByBA,CAAAA;SAUzBA,EA18BKjC,aA08BLiC;;iBASAA,CAAAA,CAAAA,EAj9BeA,OAi9BfA,CAj9BuB/B,YAi9BvB+B,CAAAA;aASUpB,CAAAA,IAAAA,EAAAA;SAEFG,EAAAA;UAARiB,EAAAA,MAAAA;eAGMnB,EAAAA,KAAAA,GAAAA,KAAAA;iBADImB,CAAAA,EAAAA,MAAAA;OAIapB;MA39BvBoB,OA29BqEf,CAAAA;QAARe,EA19BzD7B,gBA09ByD6B,EAAAA;;mBAMxDd,CAAAA,IAAAA,EAAAA;YADLc,EAAAA,MAAAA;QAUuBpB,EAAAA,MAAAA;QAA4DM,EAAAA,MAAAA;gBAARc,CAAAA,EAAAA,UAAAA,GAAAA,YAAAA;MAl+B3EA,OAo+BuBpB,CAp+BfR,mBAo+BeQ,CAAAA;iBAAsDoB,CAAAA,IAAAA,EAAAA;QAIxDpB,EAAAA,MAAAA,GAAAA,QAAAA,GAAAA,QAAAA;MAr+BrBoB,OAy+BKb,CAz+BGb,qBAy+BHa,CAAAA;cADLa,CAAAA,CAAAA,EAv+BYA,OAu+BZA,CAv+BoBzB,cAu+BpByB,CAAAA;eASoBpB,CAAAA,KAAAA,EAAAA;UAAwDoB,CAAAA,EAAAA,MAAAA;MA7+B5EA,OAw/BqBpB,CAAAA;SAGrBoB,EA1/BKxB,aA0/BLwB,EAAAA;;kBAcAA,CAAAA,CAAAA,EAtgCgBA,OAsgChBA,CAAAA;YAKAA,EA1gCQvB,gBA0gCRuB,EAAAA;;gBAIiCA,CAAAA,SAAAA,EAAAA,MAAAA,CAAAA,EA5gCFA,OA4gCEA,CA5gCMtB,kBA4gCNsB,CAAAA;gBACKA,CAAAA,QAAAA,EAAAA,MAAAA,CAAAA,EA5gCRA,OA4gCQA,CAAAA;WAsBhCP,EAAAA,OAAAA;;iBAAeO,CAAAA,IAAAA,EAAAA;SAQfJ,EAAAA,KAAAA,GAAAA,MAAAA,GAAAA,SAAAA;WAAuBE,EAAAA,MAAAA;MApiC7BE,OAoiCqBA,CAAAA;IAAO,KAAA,EAniCvBrB,eAmiCuB,EAAA;;;;ICzxCjB,KAAA,EAAA,KAAA,GAAU,MAAA,GAAA,SAAA;IAOV,OAAA,EAAA,MAAA;IAgBD,QAAA,EAAA,MAAA;EAAgB,CAAA,CAAA,EDsO1BqB,OCtO0B,CAAA;eAAG,EAAA,MAAA;aAAe,EAAA,MAAA;;kBAAgC,CAAA,CAAA,ED0O5DA,OC1O4D,CD0OpDhD,kBC1OoD,EAAA,CAAA;+CD2OnCgD,QAAQnD;yBC9NxC,CAAA,aAAA,EAAA,MAAA,EAAA,MAAA,ED+N0CqB,MC/N1C,CAAA,MAAA,EAAA,OAAA,CAAA,CAAA,ED+NoE8B,OC/NpE,CAAA,IAAA,CAAA;oBAAR,CAAA,aAAA,EAAA,MAAA,EAAA,QAAA,EAAA;WAwCQ,CAAA,EAAA,MAAA;UAAR,CAAA,ED0LM9B,MC1LN,CAAA,MAAA,EAAA,OAAA,CAAA;MD2LD8B,OC/JqD,CD+J7ChD,kBC/J6C,CAAA;mBAAR,CAAA,aAAA,EAAA,MAAA,CAAA,EDgKPgD,OChKO,CDgKChD,kBChKD,CAAA;aAqCY,CAAA,QAAA,EAAA,MAAA,EAAA,MAAA,CAAA,EAAA,MAAA,EAAA,CAAA,ED4HXgD,OC5HW,CAAA;OAAR,EAAA,MAAA;YAkHxC,EAAA,MAAA;aAAR,EAAA,MAAA;;gBA8DA,CAAA,QAAA,EAAA,MAAA,CAAA,ED/C6BA,OC+C7B,CAAA;YAgDQ,EAAA,MAAA;aAAR,EAAA,OAAA;UAgCA,CAAA,ED5HM9B,MC4HN,CAAA,MAAA,EAAA,MAAA,CAAA;EAAO,CAAA,CAAA;EAmBd,WAAY,CAAA,CAAA,ED7IK8B,OC6IK,CAAA;IAAA,YAAA,ED5IJ9C,aC4II,EAAA;;;;;;;ACnbtB;AAmBA;;;;sBAEG,CAAA,CAAA,EF8RuB8C,OE9RvB,CAAA;IAAO,QAAA,EAAA;;;;MCTO,YAAA,EAAY,MAAA;MA4FP,WAAA,CAAW,EAAA,MAAA;MAAA,WAAA,CAAA,EAAA,MAAA;OAGvB;;yBAEP,CAAA,KAAA,EAAA,MAAA,CAAA,EHgNuCA,OGhNvC,CAAA;IAAO,QAAA,EAAA;;;;ICnGO,CAAA,EAAA;EAqDjB,CAAA,CAAsB;EAAa,wBAAA,CAAA,CAAA,EJqQLA,OIrQK,CAAA;SAGzB,EAAA,MAAA;gBACS,EAAA,MAAA;YAER,EAAA,MAAA;gBAAR,EAAA,MAAA;IAAO,WAAA,CAAA,EAAA,MAAA;;;;ACxEV;AAUA;;;;;;;;;;kDLiVkDA;IMrUjC,QAAA,EAAA,MAAW;IAMX,YAAA,EAAA,MAAgB;IAKvB,iBAAY,CAAA,EAAA,MAAA;IAOL,WAAA,CAAA,EAAA,MAAgB;IAAA,gBAAA,CAAA,ENwTV9B,MMxTU,CAAA,MAAA,EAAA,OAAA,CAAA;QACZ,EAAA,MAAA,CAAA,EAAA,OAAA;;;;;;;;AAOrB;;sBACU,CAAA,CAAA,EN0TgB8B,OM1ThB,CAAA;SACH,EAAA,MAAA;eACJ,EAAA,MAAA;EAAgB,CAAA,CAAA;;;;;;;;;;;;;;;uBN0UIA;;;;;;;;;;;;;;;;;wBAiBCA;;;;;;;;;;;;;;qBAcHA;;;;;;;;;;;sBAWCA;;;;;;;;;;iDAU2BA;;;;;;;;;;0BAUvBA;;;;;;;;;;;;uBAYHA;;;;;;;;;;;;;;;;;;;6BAmBMA;;;;;;;;;;;;2BAYFA;;;;;;;;;;;;;;;;;;;;;;;;;;0BA0BDA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2DAoCiCA;;;;;;;;;;wBAUnCA;;;;;;;;;;;;;;qBAcHA;;;;;;;;;;;;sBAYCA;;;;;;;;;8BASQA;;;;;;;;;;;;2BAYHA;;;;;;;;;;;;;;;;;gDAiBqBA;;;;;;;;;;;;;;;;;;6BAkBnBA;;;;;;;;;;;;;;;;;;;;;;;;;0BAyBHA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2DA8BiCA;;;;;yBAKlCA;;;;;;;;;;;;;mBAaN9B;MACb8B;;;;uBAIiBA;;;;;;;;;;;QAWfA;;;;;;;;;;;;;;;;;;;;;;;;;MAyBFA;;;;;;;;MAQAA;;;;;;kBAMYZ;MACZY,QAAQX;;;;;;;MAORW,QAAQX;;;;;;;;MAQRW,QAAQV;;;;;iCAKmBU,QAAQX;;gBAEzBW;YACJT;;;;;;;;;;;WAWD3B;;;;MAILoC,QAAQrD;;;;;;;;WAQHiB;;;;;MAKLoC;;;;;;;;;;WAUKpC;;;;eAIIJ;;;;;eAKAlB;mBACIE;;iBAEFP;;;MAGX+D,QAAQ1C;;;WAGHM;;;MAGLoC;eACS1C;eACAlB;;;;WAIJwB;;;;MAILoC;;iBAEWxD;aACJF;;eAEEL;;;;;;;WAOJ2B;;;;iBAIMpB;aACJF;;eAEEL;;MAET+D;;;;;;WAMKpC;;;;MAILoC;;;WAGKpC;;;;;;eAMIJ;;MAETwC,QAAQ1C;;;WAGHM;;eAEIJ;;;MAGTwC,QAAQtC;;;WAGHE;;;;;MAKLoC;aACOjE;;;;;WAKF6B;;;MAGLoC;;sBAEgBA,QAAQ5C;;;;;;;;;;YAUlB4C;;;;;;;;;MASNA;;;;;;;;;;;;;;;;MAgBAA;;;0CAGoCA;;;;;;;;;;MAUpCA;;;;;;;;;;MAUAA;;;;;;;;;;;;MAYAA;;;;;;;;;;;MAWAA;;;;;MAKAA;;;;;;;;;;MAUAA;;;;;;;;;;;;;;;;;;MAkBAA;;;;;;;;;;;;;;;;MAgBAA;;;;;;;;;;;;;;;;;;MAkBAA;;;;;;;;;;;MAWAA;;;;;;;;;;MAUAA;;;;;;;;;;;;;;;;;;;;;;;;MAwBAA;;;;;;;;;;;;MAYAA;;;;wDAIkDA;;;;uCAIjBA;;;;;;;;;;;oBAWnBA;;;;;;;;kCAQcA;;;iBAGjBA;;;;;;;;;;;;;;;MAeXA;;;;;;2BAMqBA;;;;+BAIIA;;;;;;;;;;MAUzBA;;;;MAIAA;;;;;MAKAA;;;;;;;;;gBASUpB;;MAEVoB,QAAQjB;;gBAEEiB;YACJnB;;;6BAGiBD,sCAAsCoB,QAAQf;;4BAE/CL;;;MAGtBoB;WACKd;;;;;;;;;6BASkBN,oDAAoDoB,QAAQd;;6BAE5DN,sDAAsDoB;;;;2BAIxDpB;;;MAGrBoB;WACKb;;;;;;;;0BAQeP,wDAAwDoB;;;;;;;;;;;2BAWvDpB;;;MAGrBoB;;;iCAG2BA;;;;;;;;;;;MAW3BA;;;;;MAKAA;;;;uCAIiCA,QAAQlC;4CACHkC;;;;;;;;;;;;;;;;;;;;;;YAsBhCP,eAAeO,QAAQN;;;;;;;;YAQvBE,eAAeI,QAAQF;;;;;;AFtuCb,UGnDL,UAAA,CHmDiB;EAAA,MAAA,EAAA,MAAA;QAEvB,EAAA,MAAA;WAAR,EAAA,MAAA;EAAO,MAAA,EAAA,MAAA;AAmBV;AAAmC,UGjElB,iBAAA,CHiEkB;eAEvB,EAAA,MAAA;QACT,EGlEO,cHkEP;EAAO;AAUV;;;SAIG,CAAA,EAAA,MAAA;;AASH;AAgBA;AAgBA;;;;AAGG,iBG9Ga,gBAAA,CH8Gb;EAAA,aAAA;EAAA,MAAA;EAAA;AAAA,CAAA,EG9G+E,iBH8G/E,CAAA,EAAA;EAAY,aAAA,EAAA,MAAA;;;;AC1Ff;AAiDA;AA+BA;EAuBgB,IAAA,CAAA,KAAe,CAAf,EAAA,MAAe,EAAA,EAAA,QAAA,EAAA;IAUf,KAAA,CAAA,EAAA,OAAa;;MExHtB,QAAQ;sCD1DLhC;IAJAD,KAAAA,CAAAA,EAAAA,OAAAA;EAIAC,CAAAA,CAAAA,ECkGH,ODlGGA,CCkGK,UDlGY,CAAA;EASjBC;EAUAC,IAAAA,CAAAA,OAQY,CARZA,EAAAA;IAQAC,KAAAA,CAAAA,EAAAA,OAAY;EAAA,CAAA,CAAA,ECmG6B,ODnG7B,CCmGqC,UDnGrC,CAAA;;;;AAIP;EAOLG,QAAAA,CAAAA,OAcAE,CAdAF,EAAAA;IAOAC,KAAAA,CAAAA,EAAAA,OAAAA;EAOAC,CAAAA,CAAAA,EC+G6C,OD/G7CA,CC+GqD,UD/GrDA,CAAAA;EAQAC;AAAc;AAOD;AAQG;AAOE;AAKH;AAMF;AAEQ;AASA;AASF;AAIC;;;;;AASD;AAME;AAQT;AAUI;AAiBM;AAIJ;AAgBZ;AAIE;AAOK;AAKR;AAUI;AAIK;EAKI,iBAAA,CAAA,QAAA,EAAA;IAGNV,KAAAA,CAAAA,EAAAA,OAAAA;MCoDf,OD/CIE,CC+CI,UD/CJA,CAAAA;;;;;WASLiC,CAAAA,KAAAA,EAAAA,MAAAA,EAAAA,EAAAA,QAAAA,EAAAA;IAQQ5B,KAAAA,CAAAA,EAAAA,OAAAA;MC4FP,OD5FD4B,CC4FS,UD5FTA,CAAAA;;;;;;;;;;;cAc8BA,CAAAA,QAAAA,EAAAA;IAOzBrB,KAAAA,CAAAA,EAAAA,OAAAA;IADLqB,KAAAA,CAAAA,EAAAA,MAAAA;MCwHC,ODhHDA,CCgHS,UDhHTA,CAAAA;;;;;iBAMmD9B,CAAAA,QAAAA,EAAAA,MAAAA,EAAAA,QAAAA,EAAAA;IAA0B8B,KAAAA,CAAAA,EAAAA,OAAAA;MC0I5E,ODvIM9B,CAAAA,IAAAA,CAAAA;;AACP8B,KCyJM,UAAA,GAAa,UDzJnBA,CAAAA,OCyJqC,gBDzJrCA,CAAAA;;;;;;;;AF5QN;AAOA;AAA8B,UIrBb,cAAA,CJqBa;eACN,EAAA,MAAA;;;AAGxB;AAiBA;AA4BA;EAAkC,OAAA,CAAA,EAAA,MAAA;;YAE/B,CAAA,EAAA,MAAA;EAAO;EAmBY,SAAA,EAAA,CAAA,KAAa,EAAA,MAAA,EAAA,EAAA,GAAA,IAAA,GIhFM,OJgFN,CAAA,IAAA,CAAA;;;;;AAanC;;AAGS,iBIxFa,YAAA,CJwFb,OAAA,EIvFE,cJuFF,CAAA,EItFN,OJsFM,CAAA,GAAA,GItFQ,OJsFR,CAAA,IAAA,CAAA,CAAA;;;;AArCa,UK1DL,YAAA,CL0DiB;EAAA,IAAA,EAAA,MAAA;SAEvB,EAAA,OAAA;MAAR,CAAA,EAAA,MAAA;EAAO,IAAA,CAAA,EAAA,MAAA;EAmBY,KAAA,CAAA,EAAA,MAAA;;;;;AAaA,iBKAA,WAAA,CLAmB,aAAA,EAAA,MAAA,EAAA,aAAA,EAAA,MAAA,EAAA,EAAA,MAAA,EKG/B,cLH+B,EAAA,QAAA,EAAA;EAAA,WAAA,CAAA,EAAA,MAAA;OAGhC,CAAA,EAAA,OAAA;IKEN,OLDA,CKCQ,YLDR,EAAA,CAAA;;;;AAlEc,UMhCA,cAAA,CNgCY;EA4BP,IAAA,EAAA,MAAA;EAAY,OAAA,EAAA,OAAA;MAEvB,CAAA,EAAA,MAAA;OAAR,CAAA,EAAA,MAAA;;AAmBmB,iBM5BA,aAAA,CN4Ba,aAAA,EAAA,MAAA,EAAA,aAAA,EAAA,MAAA,EAAA,EAAA,MAAA,EMzBzB,cNyByB,EAAA,cAAA,CAAA,EMxBhB,cNwBgB,EAAA,QAAA,EAAA;EAAA,WAAA,CAAA,EAAA,MAAA;OAEvB,CAAA,EAAA,OAAA;IMxBT,ONyBA,CMzBQ,cNyBR,EAAA,CAAA;;;;;;;;AAhFc,UOjBA,YAAA,CPiBa;EAOb,UAAA,CAAA,EAAA,MAAa;EAAA,WAAA,CAAA,EAAA,MAAA;;;;AAI9B;AAiBA;AA4BA;AAAkC,iBO/DZ,SP+DY,CAAA,CAAA,CAAA,CAAA,EAAA,EAAA,GAAA,GO9DtB,OP8DsB,CO9Dd,CP8Dc,CAAA,EAAA,OAAA,CAAA,EO7DvB,YP6DuB,CAAA,EO5D/B,OP4D+B,CO5DvB,CP4DuB,CAAA;;;;AAAZ,UQnDL,WAAA,CRmDiB;EAAA,SAAA,EAAA,MAAA,GAAA,SAAA,GAAA,KAAA;SAEvB,EAAA,MAAA;MAAR,EAAA,MAAA;;AAmBmB,UQlEL,gBAAA,CRkEkB;EAAA,aAAA,EAAA,MAAA;QAEvB,EQlEF,cRkEE;;UQ/DF,YAAA,CRgEA;EAUY,IAAA,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAmB;EAAA,IAAA,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAA;OAGhC,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAA;OACN,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAA;;AASmB,UQhFL,gBAAA,CRgFwB;EAgBnB,UAAA,CAAA,MAAA,EQ/FD,WR+FoC,EAAA,CAAA,EQ/FpB,OR+F2B,CAAA,IAAA,CAAA;EAgBhD,YAAA,CAAA,MAAa,EQ9GN,WR8GM,EAAA,CAAA,EQ9GU,OR8GV,CAAA,IAAA,CAAA;EAAA,kBAAA,CAAA,QAAA,EAAA,MAAA,EAAA,SAAA,EAAA,SAAA,GAAA,SAAA,CAAA,EQ7G6C,OR6G7C,CAAA,IAAA,CAAA;UACpB,EAAA,EQ7GK,OR6GL,CAAA,IAAA,CAAA;WACC,EAAA,EQ7GK,WR6GL,EAAA;;AACK,iBQ3GC,sBAAA,CR2GD,MAAA,EQ1GL,gBR0GK,EAAA,GAAA,EQzGR,YRyGQ,CAAA,EQxGZ,gBRwGY"}
1
+ {"version":3,"file":"index.d.cts","names":["ChangelogAction","ChangelogActor","ChangelogEntry","ChangelogEntry$1","EncryptedEnvelopeV1","EncryptedEnvelopeV1$1","Field","FieldEnvelope","FieldEnvelope$1","FieldFormat","FieldFormat$1","FieldSensitivity","FieldSensitivity$1","FieldView","GeneratedDataKey","GeneratedDataKey$1","IntegrationConfigResult","IntegrationConfigResult$1","IntegrationConfigSchemaField","IntegrationInstall","IntegrationInstall$1","RegistryEntry","RegistryEntry$1","ScopeInfo","ScopeInfo$1","SecretAggregate","SecretAggregate$1","SecretCategory","SecretCategory$1","SecretMetadata","SecretMetadata$1","SecretScope","SecretScope$1","AgentApiClientConfig","RemoteSessionInfo","SyncAgentInfo","SyncManifestEntry","SyncManifest","Record","SyncPresignedUrl","SyncConfirmedUpload","SyncReconstructFile","SyncReconstructBundle","SyncAgentStats","SyncFileEntry","SyncSessionEntry","SyncSessionContent","SharedFileEntry","KnowledgeScopeType","KnowledgeScope","KnowledgeSearchHit","KnowledgeSearchResult","KnowledgeProfileLink","KnowledgeProfile","KnowledgeFact","KnowledgeDoc","AgentVoiceConfig","AgentSelf","AgentAvatarPresign","AgentVoice","VoiceTtsModel","VoiceTtsArgs","VoiceTtsResult","Buffer","VoiceSttArgs","Uint8Array","VoiceSttResult","AgentApiClient","Promise"],"sources":["../src/manifest.ts","../src/ignore.ts","../../agent-api-client/dist/index.d.ts","../src/sync-engine.ts","../src/watcher.ts","../src/uploader.ts","../src/downloader.ts","../src/retry.ts","../src/shared-sync.ts"],"sourcesContent":["import { ChangelogAction, ChangelogActor, ChangelogEntry, ChangelogEntry as ChangelogEntry$1, EncryptedEnvelopeV1, EncryptedEnvelopeV1 as EncryptedEnvelopeV1$1, Field, FieldEnvelope, FieldEnvelope as FieldEnvelope$1, FieldFormat, FieldFormat as FieldFormat$1, FieldSensitivity, FieldSensitivity as FieldSensitivity$1, FieldView, GeneratedDataKey, GeneratedDataKey as GeneratedDataKey$1, IntegrationConfigResult, IntegrationConfigResult as IntegrationConfigResult$1, IntegrationConfigSchemaField, IntegrationInstall, IntegrationInstall as IntegrationInstall$1, RegistryEntry, RegistryEntry as RegistryEntry$1, ScopeInfo, ScopeInfo as ScopeInfo$1, SecretAggregate, SecretAggregate as SecretAggregate$1, SecretCategory, SecretCategory as SecretCategory$1, SecretMetadata, SecretMetadata as SecretMetadata$1, SecretScope, SecretScope as SecretScope$1 } from \"@alfe/types\";\n\n//#region src/index.d.ts\n\ninterface AgentApiClientConfig {\n apiKey: string;\n apiUrl: string;\n}\ninterface RemoteSessionInfo {\n sessionId: string;\n agentId: string;\n surface: \"browser\" | \"terminal\";\n status: \"agent_driving\" | \"awaiting_human\" | \"human_in_control\" | \"resuming\" | \"completed\" | \"expired\" | \"failed\";\n url?: string;\n instructions?: string;\n requestedAt?: string;\n}\ninterface SyncAgentInfo {\n agentId: string;\n tenantId: string;\n displayName: string;\n s3Prefix: string;\n status: \"stale\" | \"syncing\" | \"synced\";\n fileCount?: number;\n totalSize?: number;\n lastSync?: string;\n}\ninterface SyncManifestEntry {\n hash: string;\n size: number;\n modified: string;\n etag?: string;\n storageClass?: string;\n compressed?: boolean;\n}\ninterface SyncManifest {\n version: 1;\n agentId: string;\n lastSync: string;\n files: Record<string, SyncManifestEntry>;\n}\ninterface SyncPresignedUrl {\n path: string;\n url: string;\n expiresAt: string;\n}\ninterface SyncConfirmedUpload {\n filePath: string;\n hash: string;\n size: number;\n storageClass: \"STANDARD\" | \"GLACIER_IR\";\n syncedAt: string;\n}\ninterface SyncReconstructFile {\n path: string;\n size: number;\n url: string;\n storageClass?: string;\n compressed?: boolean;\n}\ninterface SyncReconstructBundle {\n agentId: string;\n mode: \"full\" | \"active\" | \"memory\";\n fileCount: number;\n totalSize: number;\n files: SyncReconstructFile[];\n expiresAt: string;\n}\ninterface SyncAgentStats {\n agentId: string;\n standardBytes: number;\n glacierBytes: number;\n fileCount: number;\n lastSyncAt: string | null;\n}\ninterface SyncFileEntry {\n filePath: string;\n size: number;\n modified: string;\n contentHash: string;\n storageClass?: string;\n compressed?: boolean;\n}\ninterface SyncSessionEntry {\n sessionId: string;\n size: number;\n lastModified: string;\n storageClass?: string;\n isArchived: boolean;\n}\ninterface SyncSessionContent {\n sessionId: string;\n content: string;\n compressed: boolean;\n}\ninterface SharedFileEntry {\n filePath: string;\n fileName: string;\n size: number;\n contentType?: string;\n}\ntype KnowledgeScopeType = \"org\" | \"team\" | \"project\";\ninterface KnowledgeScope {\n scopeType: KnowledgeScopeType;\n scopeId: string;\n name: string;\n}\ninterface KnowledgeSearchHit {\n id: string;\n text: string;\n /** Normalized relevance in (0,1]; higher = closer. */\n score: number;\n scopeType: KnowledgeScopeType;\n scopeId: string;\n source: \"doc\" | \"fact\";\n /** Present when `source === \"doc\"` — the canonical file under shared/<scope>/. */\n filePath?: string;\n /** Present when `source === \"fact\"`. */\n factId?: string;\n}\ninterface KnowledgeSearchResult {\n results: KnowledgeSearchHit[];\n /** True when fan-out breadth was capped (more member scopes than the cap). */\n truncatedScopes: boolean;\n}\ninterface KnowledgeProfileLink {\n label: string;\n url: string;\n}\ninterface KnowledgeProfile {\n scopeType: KnowledgeScopeType;\n scopeId: string;\n about: string | null;\n description: string | null;\n links: KnowledgeProfileLink[];\n updatedAt: string | null;\n updatedBy: string | null;\n}\ninterface KnowledgeFact {\n factId: string;\n scopeType: KnowledgeScopeType;\n scopeId: string;\n text: string;\n sourceType: string;\n createdBy: string;\n createdAt: string;\n updatedAt: string;\n}\ninterface KnowledgeDoc {\n filePath: string;\n fileName: string;\n contentType?: string;\n size: number;\n uploadedBy?: string;\n createdAt: string;\n updatedAt: string;\n}\n/** Voice settings — core agent config. Mirrors `VoiceConfig` in `@alfe/types`. */\ninterface AgentVoiceConfig {\n /** ElevenLabs voice ID; platform default when unset. */\n voiceId?: string;\n ttsModel?: string;\n enabled?: boolean;\n}\n/**\n * The agent's own public identity, as returned by `updateSelf`, `generateAvatar`,\n * `presignAvatar`'s finalize (`finalizeAvatar`). This is the public agent\n * projection; only the identity-relevant fields are typed here — the response\n * carries the full public agent record.\n */\ninterface AgentSelf {\n agentId: string;\n tenantId: string;\n name: string;\n avatarUrl?: string;\n voiceConfig?: AgentVoiceConfig;\n status: string;\n}\n/** Result of `presignAvatar` — the agent PUTs bytes to `uploadUrl`, then finalizes with `s3Key`. */\ninterface AgentAvatarPresign {\n /** Presigned PUT URL to upload the image bytes to. */\n uploadUrl: string;\n /** Object key — echoed back to `finalizeAvatar`. */\n s3Key: string;\n /** Stable public URL the avatar will be served from once finalized. */\n publicUrl: string;\n /** ISO expiry of the presigned PUT URL. */\n expiresAt: string;\n}\n/** A voice in the platform catalogue (ElevenLabs), from `listVoices`. */\ninterface AgentVoice {\n id: string;\n name: string;\n previewUrl: string;\n description: string;\n labels: Record<string, string>;\n category: string;\n}\n/** The ElevenLabs models with a pricing row — the TTS endpoint rejects any other value. */\ntype VoiceTtsModel = \"eleven_turbo_v2_5\" | \"eleven_multilingual_v2\";\ninterface VoiceTtsArgs {\n /** Text to synthesize (1–5000 chars — the endpoint enforces this). */\n text: string;\n /** ElevenLabs voice id; platform default when unset. */\n voiceId?: string;\n /** TTS model; `eleven_turbo_v2_5` (lower latency) when unset. */\n model?: VoiceTtsModel;\n}\n/** Raw synthesized audio plus its PCM framing (from the response headers). */\ninterface VoiceTtsResult {\n /** Raw little-endian PCM samples — no container. Wrap in WAV to make a playable file. */\n audio: Buffer;\n /** Samples per second (e.g. 24000). */\n sampleRate: number;\n /** Channel count (mono = 1). */\n channels: number;\n /** Bits per sample (e.g. 16). */\n bitDepth: number;\n}\ninterface VoiceSttArgs {\n /** Raw linear16 (16-bit little-endian) mono PCM samples — no WAV/container header. */\n audio: Uint8Array;\n /** Sample rate of `audio` in Hz (8000–48000). */\n sampleRate: number;\n}\ninterface VoiceSttResult {\n text: string;\n /** Deepgram confidence in (0,1]. */\n confidence: number;\n}\ndeclare class AgentApiClient {\n private readonly apiKey;\n private readonly apiUrl;\n constructor(config: AgentApiClientConfig);\n private request;\n syncRegister(args?: {\n displayName?: string;\n }): Promise<{\n agent: SyncAgentInfo;\n }>;\n syncGetManifest(): Promise<SyncManifest>;\n syncPresign(args: {\n files: {\n path: string;\n operation: \"put\" | \"get\";\n contentType?: string;\n }[];\n }): Promise<{\n urls: SyncPresignedUrl[];\n }>;\n syncConfirmUpload(args: {\n filePath: string;\n hash: string;\n size: number;\n storageClass?: \"STANDARD\" | \"GLACIER_IR\";\n }): Promise<SyncConfirmedUpload>;\n syncReconstruct(args: {\n mode: \"full\" | \"active\" | \"memory\";\n }): Promise<SyncReconstructBundle>;\n syncGetStats(): Promise<SyncAgentStats>;\n syncListFiles(args?: {\n prefix?: string;\n }): Promise<{\n files: SyncFileEntry[];\n }>;\n syncListSessions(): Promise<{\n sessions: SyncSessionEntry[];\n }>;\n syncGetSession(sessionId: string): Promise<SyncSessionContent>;\n syncDeleteFile(filePath: string): Promise<{\n removed: boolean;\n }>;\n sharedListFiles(args: {\n scope: \"org\" | \"team\" | \"project\";\n scopeId: string;\n }): Promise<{\n files: SharedFileEntry[];\n nextCursor: string | null;\n }>;\n sharedDownloadUrl(args: {\n scope: \"org\" | \"team\" | \"project\";\n scopeId: string;\n filePath: string;\n }): Promise<{\n downloadUrl: string;\n expiresIn: number;\n }>;\n listIntegrations(): Promise<IntegrationInstall$1[]>;\n getIntegrationConfig(integrationId: string): Promise<IntegrationConfigResult$1>;\n updateIntegrationConfig(integrationId: string, config: Record<string, unknown>): Promise<void>;\n installIntegration(integrationId: string, options?: {\n version?: string;\n config?: Record<string, unknown>;\n }): Promise<IntegrationInstall$1>;\n removeIntegration(integrationId: string): Promise<IntegrationInstall$1>;\n getOAuthUrl(provider: string, scopes?: string[]): Promise<{\n url: string;\n provider: string;\n expiresIn: number;\n }>;\n getOAuthStatus(provider: string): Promise<{\n provider: string;\n connected: boolean;\n config?: Record<string, string>;\n }>;\n getRegistry(): Promise<{\n integrations: RegistryEntry$1[];\n }>;\n /**\n * Returns every connected Google account for the agent. Multi-account by\n * design — the openclaw-google plugin requires the LLM to pass `email`\n * explicitly to `google_run_command` so an account is always selected\n * deliberately.\n *\n * 2026-05-14 (connections-redesign PR 1): the legacy flat shape (`email`,\n * `refreshToken`, `accessToken`, etc., populated from the default account)\n * is gone. Iterate over `accounts`.\n */\n getGoogleCredentials(): Promise<{\n accounts: {\n email: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n displayName?: string;\n connectedAt?: string;\n }[];\n }>;\n disconnectGoogleAccount(email: string): Promise<{\n accounts: {\n email: string;\n displayName?: string;\n connectedAt?: string;\n }[];\n }>;\n getGoogleChatCredentials(): Promise<{\n email: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n displayName?: string;\n }>;\n /**\n * Fetch decrypted credentials for ONE specific connection by its\n * stable connectionId (connection-scoped, vs the provider-scoped\n * `get<Provider>Credentials` helpers). Used by the daemon to resolve\n * a Custom Connection-driven integration's credentials from the\n * exact connection it was installed from — every custom connection\n * shares the `custom` provider id, so provider-scoping is ambiguous.\n *\n * For custom connections `accessToken` is the JSON-encoded secret\n * bundle (the daemon un-bundles it); non-secret fields are on\n * `providerMetadata`. The endpoint enforces that the connection is in\n * the calling agent's effective scope (403 otherwise).\n */\n getConnectionCredentials(connectionId: string): Promise<{\n provider: string;\n connectionId: string;\n accountIdentifier?: string;\n accessToken?: string;\n providerMetadata?: Record<string, unknown>;\n [key: string]: unknown;\n }>;\n /**\n * @deprecated Returns a single primary credential blob (legacy \"pick-the-\n * default-connection\" shape). Use `getGithubAccounts()` for the multi-\n * account shape required by Pattern A — explicit selector args on every\n * tool. Retained because the `@alfe.ai/github-mcp` proxy is the\n * only consumer that knows about Pattern A; legacy env-interpolation\n * callers will keep hitting `/credentials` until they move to the proxy.\n */\n getGithubCredentials(): Promise<{\n login: string;\n accessToken: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for GitHub.\n *\n * Returns every agent-scoped GitHub connection. The caller is expected\n * to require a `login` selector on every credential-touching tool and\n * look up the matching account at dispatch time.\n *\n * GitHub OAuth tokens have no expiry (`tokenLifecycle: \"no_expiry\"`),\n * so there is intentionally no `refreshGithubAccountToken` method — if\n * a token is revoked the user must re-run the OAuth flow.\n *\n * Returned `accounts[i].login` is the GitHub username — the stable\n * cross-session identifier the LLM should pass.\n */\n getGithubAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n login: string;\n scopes: string;\n }[];\n }>;\n /**\n * @deprecated Returns a single primary credential blob (legacy \"pick-the-\n * default-connection\" shape). Use `getXeroAccounts()` for the multi-\n * account shape required by Pattern A — explicit selector args on every\n * tool. This method will be removed once all consumers migrate.\n */\n getXeroCredentials(): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n xeroTenantId: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for Xero. Returns every\n * agent-scoped Xero connection. The caller is expected to require a\n * selector arg (e.g. `xeroTenantId`) on every credential-touching tool\n * and look up the matching account by that selector at dispatch time.\n *\n * Returned `accounts[i].accountIdentifier` is the Xero tenantId — the\n * stable cross-session identifier the LLM should pass.\n */\n getXeroAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n accessTokenExpiresAt: string;\n xeroTenantId: string;\n }[];\n }>;\n refreshXeroToken(): Promise<{\n accessToken: string;\n expiresAt: string;\n }>;\n /**\n * Pattern A: refresh a specific Xero connection by its `accountIdentifier`\n * (the Xero `tenantId`). The legacy `refreshXeroToken()` only refreshes\n * the *primary* connection, which is wrong for multi-tenant Xero where\n * each tenant has its own non-interchangeable access token.\n */\n refreshXeroAccountToken(xeroTenantId: string): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n expiresAt: string;\n }>;\n /**\n * @deprecated Returns a single primary credential blob (legacy \"pick-the-\n * default-connection\" shape). Use `getNotionAccounts()` for the multi-\n * account shape required by Pattern A.\n */\n getNotionCredentials(): Promise<{\n accessToken: string;\n workspaceId: string;\n workspaceName: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for Notion. Returns every\n * agent-scoped Notion connection. The caller is expected to require a\n * selector arg (e.g. `workspaceId`) on every credential-touching tool.\n *\n * Returned `accounts[i].accountIdentifier` is the Notion workspaceId.\n */\n getNotionAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n workspaceId: string;\n workspaceName: string;\n }[];\n }>;\n /**\n * @deprecated Returns a single primary Atlassian Connection's credentials\n * (one OAuth user, one cloudId) — the legacy \"pick-the-default-connection\"\n * shape. Atlassian is multi-site by nature (each OAuth user may have\n * access to multiple Cloud sites), so Pattern A plugins MUST use\n * `getAtlassianAccounts()` to discover the full set and dispatch via\n * the `cloudId` selector arg.\n */\n getAtlassianCredentials(): Promise<{\n accessToken: string;\n refreshToken: string;\n accessTokenExpiresAt: string;\n cloudId: string;\n siteName: string;\n siteUrl: string;\n email: string;\n enabledProducts: string[];\n clientId: string;\n clientSecret: string;\n }>;\n refreshAtlassianToken(): Promise<{\n accessToken: string;\n expiresAt: string;\n }>;\n /**\n * Pattern A: multi-account / multi-site credential fetch for Atlassian.\n *\n * Returns every agent-scoped Atlassian Connection. Each Connection is\n * one OAuth user with a single access token and N accessible Cloud\n * sites (`availableSites`). The caller is expected to:\n *\n * 1. Flatten (connection × cloudId) into one MCP child per site.\n * 2. Require a `cloudId` selector on every credential-touching tool.\n * 3. Use the access token bound to the Connection that owns the\n * requested `cloudId` (Atlassian shares one access token across\n * all sites accessible to the OAuth user).\n *\n * Per-account token refresh uses `refreshAtlassianAccountToken(email)`\n * — refreshing one Connection rotates its single access token, which\n * then applies to every cloudId for that Connection.\n *\n * Returned `accounts[i].accountIdentifier` is the OAuth user's email\n * — the stable cross-session identifier for refresh purposes. The LLM\n * never sees this directly: it picks a site via the `cloudId` arg\n * instead.\n */\n getAtlassianAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n accessTokenExpiresAt: string;\n clientId: string;\n clientSecret: string;\n cloudId: string;\n siteName: string;\n siteUrl: string;\n availableSites: {\n id: string;\n url: string;\n name: string;\n scopes?: string[];\n avatarUrl?: string;\n }[];\n }[];\n }>;\n /**\n * Pattern A: refresh a specific Atlassian Connection by `accountIdentifier`\n * (the OAuth user's email).\n *\n * Atlassian rotates refresh tokens (`rotatesRefreshToken: true`); the\n * server-side per-account refresh endpoint handles rotation and\n * persistence. Refreshing one Connection updates its single access\n * token, which applies to every accessible Cloud site (cloudId) for\n * that OAuth user.\n *\n * Returns the new access token + expiry. The proxy is responsible for\n * fanning the new token out to every child server it spawned for\n * cloudIds owned by this Connection.\n */\n refreshAtlassianAccountToken(accountIdentifier: string): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n expiresAt: string;\n }>;\n /**\n * @deprecated Returns a single primary credential blob (legacy \"pick-the-\n * default-connection\" shape). Use `getMYOBAccounts()` for the multi-\n * account shape required by Pattern A.\n */\n getMYOBCredentials(): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n myobBusinessId: string;\n clientId: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for MYOB. Returns every\n * agent-scoped MYOB connection. The caller is expected to require a\n * selector arg (e.g. `myobBusinessId` / `accountIdentifier`) on every\n * credential-touching tool.\n *\n * Returned `accounts[i].accountIdentifier` is the MYOB businessId.\n */\n getMYOBAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n accessTokenExpiresAt: string;\n myobBusinessId: string;\n clientId: string;\n }[];\n }>;\n refreshMYOBToken(): Promise<{\n accessToken: string;\n expiresAt: string;\n }>;\n /**\n * @deprecated Returns a single primary credential blob. Use\n * `getSalesforceAccounts()` for the multi-account shape required by\n * Pattern A.\n */\n getSalesforceCredentials(): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n instanceUrl: string;\n orgId: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for Salesforce. Returns every\n * agent-scoped Salesforce connection. One OAuth grant maps to one org, so\n * `accounts[i].accountIdentifier` (and `orgId`) is the Salesforce org id —\n * the selector every credential-touching tool requires.\n */\n getSalesforceAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n accessTokenExpiresAt: string;\n instanceUrl: string;\n orgId: string;\n }[];\n }>;\n /**\n * Refresh the access token for a specific Salesforce org. Salesforce\n * tokens aren't interchangeable across orgs, so the connection is targeted\n * by `accountIdentifier` (the org id) — mirrors `refreshXeroAccountToken`.\n */\n refreshSalesforceAccountToken(orgId: string): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n expiresAt: string;\n }>;\n /**\n * Microsoft 365 (delegated OAuth) credential fetch — single-account shape.\n *\n * @deprecated Use `getMicrosoftAccounts()` and dispatch via the `email`\n * selector once per-account plugins land. Retained because the existing\n * `integrations/connect/microsoft/hooks/post_activate.mjs` writes\n * `mgc` credentials for the single (default) Microsoft account.\n *\n * Returns the agent's effective Microsoft delegated-OAuth credentials.\n * Distinct from `getTeamsCredentials()` (Azure bot credentials for the\n * Teams adapter, which is admin-consent flow on services/microsoft, not\n * delegated OAuth on services/connect).\n */\n getMicrosoftCredentials(): Promise<{\n accessToken: string;\n accessTokenExpiresAt?: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n email?: string;\n microsoftTenantId?: string;\n workspaceDomain?: string;\n }>;\n /**\n * Pattern A: multi-account credential fetch for Microsoft 365.\n *\n * Returns every agent-scoped Microsoft connection. The caller is expected\n * to require an `email` selector on every credential-touching tool and\n * look up the matching account at dispatch time.\n *\n * Returned `accounts[i].accountIdentifier` is the user's primary email\n * (or the tid claim as fallback) — the stable cross-session identifier\n * the LLM should pass.\n *\n * Per-account token refresh is exposed via `refreshMicrosoftAccountToken`,\n * NOT `refreshXeroAccountToken` — Microsoft refresh tokens are not\n * interchangeable across (tenant, user) pairs.\n */\n getMicrosoftAccounts(): Promise<{\n accounts: {\n connectionId: string;\n accountIdentifier: string;\n displayName: string | null;\n connectedAt: string;\n accessToken: string;\n accessTokenExpiresAt: string;\n refreshToken: string;\n clientId: string;\n clientSecret: string;\n email: string;\n microsoftTenantId: string;\n workspaceDomain: string;\n }[];\n }>;\n /**\n * Pattern A: refresh a specific Microsoft 365 connection by its\n * `accountIdentifier`. For Microsoft, `accountIdentifier` is the user's\n * email when the Graph profile fetch succeeded at connect time, and the\n * Azure tenant id (`tid` claim) as fallback. Callers should pass the\n * value returned by `getMicrosoftAccounts()` rather than synthesising\n * an email locally.\n *\n * Microsoft refresh tokens are bound to a specific (tenant, user) pair —\n * they are NOT interchangeable across accounts, so per-account refresh\n * is mandatory. The generic /accounts/{accountIdentifier}/refresh\n * endpoint walks the agent's full visible scope chain to find a matching\n * connection (works for inherited team/project Microsoft connections).\n */\n refreshMicrosoftAccountToken(accountIdentifier: string): Promise<{\n accessToken: string;\n accessTokenExpiresAt: string;\n expiresAt: string;\n }>;\n getTeamsCredentials(): Promise<{\n agentId: string;\n tenantId: string;\n azureAppId: string;\n azureBotId: string;\n azureClientSecret: string;\n botDisplayName?: string;\n teamsTenantId?: string;\n serviceUrl?: string;\n }>;\n sendTeamsMessage(data: {\n conversationId: string;\n text?: string;\n adaptiveCard?: Record<string, unknown>;\n }): Promise<{\n ok: boolean;\n activityId: string;\n }>;\n listTeamsChannels(): Promise<{\n channels: {\n id: string;\n name: string;\n description?: string;\n }[];\n }>;\n presignAttachments(files: {\n filename: string;\n mimeType: string;\n size: number;\n }[]): Promise<{\n attachments: {\n id: string;\n uploadUrl: string;\n downloadUrl: string;\n s3Key: string;\n expiresAt: string;\n }[];\n }>;\n /**\n * Generate an image from a text prompt and get back a STABLE, public URL\n * (served from the agent-assets CDN — it does not expire). The image is\n * generated + stored server-side; embed the returned `imageUrl` in a reply as\n * markdown to show it to the user.\n *\n * Unlike most methods this reads the server's error body so a bad-request\n * detail (e.g. an unsupported `size`) reaches the caller instead of an opaque\n * \"request failed (400)\". Not retried — generation is expensive and\n * non-idempotent.\n */\n generateImage(args: {\n prompt: string;\n model?: string;\n size?: string;\n quality?: string;\n }): Promise<{\n imageUrl: string;\n model: string;\n }>;\n recordActivity(data: {\n userId?: string;\n channel: string;\n role: \"user\" | \"assistant\";\n }): Promise<{\n recorded: boolean;\n }>;\n /** Update the agent's own name and/or voice config. Returns the updated agent. */\n updateSelf(update: {\n name?: string;\n voiceConfig?: AgentVoiceConfig;\n }): Promise<AgentSelf>;\n /**\n * Generate the agent's own avatar from a text prompt. The image is generated,\n * stored, and set on the agent server-side; returns the updated agent.\n */\n generateAvatar(args: {\n prompt: string;\n }): Promise<AgentSelf>;\n /**\n * Get a presigned PUT URL to upload a new avatar image. Upload the bytes to\n * `uploadUrl`, then call `finalizeAvatar(s3Key)` to set it on the agent.\n */\n presignAvatar(args: {\n mimeType: string;\n size: number;\n }): Promise<AgentAvatarPresign>;\n /**\n * Finalize an avatar upload — validates ownership + size, then sets the\n * agent's `avatarUrl` server-side. Returns the updated agent.\n */\n finalizeAvatar(s3Key: string): Promise<AgentSelf>;\n /** List the platform voice catalogue (ElevenLabs) so the agent can pick its own voice. */\n listVoices(): Promise<{\n voices: AgentVoice[];\n }>;\n /**\n * Mint a fresh AES-256 data key for a specific (secret, field) pair. The\n * encryption context is rebuilt server-side from `auth.tenantId` + the body\n * fields including `fieldKey`; the agent cannot forge context for a scope\n * or field it doesn't own. Legacy single-envelope secrets are migrated to\n * `field#value` rows by the data migration, so call with `fieldKey: \"value\"`\n * to reach them.\n */\n generateSecretDataKey(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n }): Promise<GeneratedDataKey$1>;\n /**\n * Unwrap a wrapped data key so the agent can decrypt the envelope locally.\n * `fieldKey` MUST match the value supplied when the data key was generated\n * (it's bound into KMS encryption context); mismatch fails with\n * `InvalidCiphertextException`.\n */\n decryptSecretDataKey(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n dataKeyCiphertext: string;\n }): Promise<{\n plaintextKey: string;\n }>;\n /**\n * Create a new secret with one or more fields. Encrypted fields must arrive\n * pre-sealed (the agent has already obtained per-field data keys via\n * `generateSecretDataKey({ ..., fieldKey })` and AES-encrypted locally).\n * Plaintext fields ship the value inline.\n */\n createSecret(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n secretName: string;\n category?: SecretCategory$1;\n description?: string;\n tags?: string[];\n fields: {\n key: string;\n format?: FieldFormat$1;\n sensitivity: FieldSensitivity$1;\n value?: string;\n envelope?: EncryptedEnvelopeV1$1;\n }[];\n reason?: string;\n }): Promise<SecretAggregate$1>;\n /** Fetch the secret aggregate plus per-field encrypted envelopes. */\n getSecret(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n }): Promise<{\n aggregate: SecretAggregate$1;\n envelopes: FieldEnvelope$1[];\n }>;\n /** Fetch one field. Plaintext: value inline. Encrypted: envelope. */\n getSecretField(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n }): Promise<{\n key: string;\n sensitivity: FieldSensitivity$1;\n format?: FieldFormat$1;\n value?: string;\n envelope?: EncryptedEnvelopeV1$1;\n rotatedAt?: string;\n createdAt: string;\n updatedAt: string;\n }>;\n /** Add OR rotate one field. */\n setSecretField(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n sensitivity: FieldSensitivity$1;\n format?: FieldFormat$1;\n value?: string;\n envelope?: EncryptedEnvelopeV1$1;\n reason?: string;\n }): Promise<{\n fieldKey: string;\n rotated: boolean;\n }>;\n /** Remove one field. */\n removeSecretField(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n fieldKey: string;\n }): Promise<void>;\n /** Update secret-level metadata (name/description/tags/category). */\n updateSecretMetadata(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n secretName?: string;\n description?: string;\n tags?: string[];\n category?: SecretCategory$1;\n reason?: string;\n }): Promise<SecretAggregate$1>;\n /** List metadata for secrets in a scope. Optional filters route through the byFacet GSI. */\n listSecrets(args: {\n scope: SecretScope$1;\n scopeId: string;\n category?: SecretCategory$1;\n tag?: string;\n fieldKey?: string;\n }): Promise<SecretMetadata$1[]>;\n /** Bounded changelog read — metadata-only audit entries. */\n getSecretHistory(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n limit?: number;\n cursor?: string;\n }): Promise<{\n entries: ChangelogEntry$1[];\n nextCursor?: string;\n }>;\n /** Delete a secret (and all its field rows + tag rows + changelog rows). */\n deleteSecret(args: {\n scope: SecretScope$1;\n scopeId: string;\n secretId: string;\n }): Promise<void>;\n /** Enumerate scopes (org/team/project/agent) this agent can access. */\n listSecretScopes(): Promise<ScopeInfo$1[]>;\n /**\n * Returns the calling agent's own identity context — `{ agentId, tenantId }`\n * decoded server-side from the agent API token. Used by the\n * `@alfe.ai/openclaw-identity` plugin to bootstrap context when the\n * OpenClaw daemon doesn't plumb `ctx.agentId` through to plugin hooks.\n * Plugins should cache this for the daemon's lifetime (single-agent-per-\n * process invariant). One HTTP round-trip per process activate; not for\n * per-call use.\n */\n whoami(): Promise<{\n agentId: string;\n tenantId: string;\n }>;\n resolveIdentity(args: {\n provider: string;\n platformId: string;\n kind?: \"user\" | \"agent\" | \"service\" | \"bot\" | \"workspace\";\n displayName?: string;\n }): Promise<{\n identityId: string | null;\n status: string;\n created?: boolean;\n reason?: string;\n /**\n * Flattened auriclabs permission strings for the resolved identity\n * (scope-prefixed where applicable). Empty array on miss / org service\n * outage — the runtime gate fails closed in that case.\n */\n permissions: string[];\n }>;\n searchIdentities(args?: {\n q?: string;\n status?: string;\n limit?: number;\n }): Promise<{\n identities: unknown[];\n }>;\n getIdentityContext(identityId: string): Promise<{\n context: unknown;\n }>;\n mergeIdentities(survivorId: string, args: {\n mergedId: string;\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n error?: string;\n }>;\n unmergeIdentity(identityId: string, args: {\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n error?: string;\n }>;\n addIdentityNote(identityId: string, args: {\n content: string;\n category?: string;\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n noteId: string | null;\n }>;\n tagIdentity(identityId: string, args: {\n tag: string;\n action: \"add\" | \"remove\";\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n }>;\n getIdentityChangelog(identityId: string, args?: {\n limit?: number;\n }): Promise<{\n entries: unknown[];\n }>;\n rollbackIdentity(identityId: string, args: {\n targetVersion: number;\n changedBy: {\n type: string;\n id: string;\n name?: string;\n };\n }): Promise<{\n ok: boolean;\n entry?: unknown;\n }>;\n requestIdentityVerification(args: {\n claimedIdentityId: string;\n requestingIdentityId: string;\n requestingProvider: string;\n requestingPlatformId: string;\n preferredChannel?: \"mobile\" | \"email\";\n /**\n * Phase 2: agent-supplied contact endpoint. When provided, the top-level\n * `preferredChannel` is ignored — the contact's channel wins.\n */\n contact?: {\n channel: \"email\" | \"mobile\";\n value: string;\n };\n }): Promise<{\n verificationId: string;\n channel: string;\n deliveredTo: string;\n expiresAt: string;\n availableChannels: {\n channel: string;\n deliveredTo: string;\n }[];\n } | {\n error: string;\n }>;\n confirmIdentityVerification(args: {\n claimedIdentityId: string;\n verificationId: string;\n phrase: string;\n }): Promise<{\n verified: boolean;\n identityId?: string;\n /** Phase 2: how the confirm resolved — Scenario A vs B. */\n action?: \"merged\" | \"contact_verified\";\n error?: string;\n }>;\n /**\n * Update display-shape fields on an Identity. Body excludes `email` /\n * `phone` / `title` / `company` / `metadata` per Section D4 — contacts go\n * via the verify flow, title/company live on OrgMembership, metadata is\n * not agent-writable.\n */\n updateIdentity(identityId: string, args: {\n name?: string;\n avatarUrl?: string;\n timezone?: string;\n locale?: string;\n }): Promise<{\n ok: boolean;\n }>;\n /**\n * Phase 2 (Section H): server-side verification of a Google Chat sender via\n * the agent's existing Google OAuth credentials. Returns the resolved\n * identity (created or matched via Scenario-B email enrichment).\n */\n resolveGoogleChatSender(args: {\n senderUserId: string;\n spaceId?: string;\n }): Promise<{\n identityId: string | null;\n status: string;\n }>;\n memorySearch(query: string, opts?: {\n limit?: number;\n topic?: string;\n subtopic?: string;\n tag?: string;\n includeKnowledge?: boolean;\n }): Promise<{\n facts: {\n subject: string;\n predicate: string;\n object: string;\n since: string;\n confidence: number;\n }[];\n memories: {\n id: string;\n text: string;\n topic: string;\n subtopic: string;\n tag: string;\n importance: number;\n timestamp: number;\n score: number;\n }[];\n }>;\n memoryStore(text: string, opts?: {\n topic?: string;\n subtopic?: string;\n tag?: string;\n importance?: number;\n }): Promise<{\n memoryId: string;\n }>;\n memoryIngest(sessionKey: string, messages: {\n role: string;\n content: string;\n index: number;\n timestamp?: string;\n }[], metadata?: {\n channelId?: string;\n userId?: string;\n userName?: string;\n }): Promise<{\n queued: boolean;\n messageCount: number;\n }>;\n memoryLoadContext(tier?: number, topicHint?: string): Promise<{\n formatted: string;\n [key: string]: unknown;\n }>;\n memoryLookupEntity(subject: string): Promise<{\n subject: string;\n triples: {\n tripleId: string;\n predicate: string;\n object: string;\n validFrom: string;\n validTo?: string;\n confidence: number;\n }[];\n }>;\n memoryNavigate(): Promise<{\n topics: {\n name: string;\n tripleCount: number;\n subtopics: string[];\n }[];\n cursor: string | null;\n }>;\n memoryDelete(memoryId: string): Promise<{\n deleted: boolean;\n }>;\n memoryStats(): Promise<{\n vectorCount: number;\n tripleCount: number;\n storageEstimateBytes: number;\n lastIngestionAt?: string;\n }>;\n memoryLearn(args: {\n text: string;\n source?: string;\n sourceType?: \"file\" | \"url\" | \"inline\";\n metadata?: {\n sessionId?: string;\n channelId?: string;\n userName?: string;\n };\n }): Promise<{\n memoriesStored: number;\n triplesStored: number;\n chunks: number;\n source?: string;\n }>;\n memoryBootstrapStatus(): Promise<{\n synced: boolean;\n syncedAt?: string;\n sessionsBackfillSynced?: boolean;\n sessionsBackfillSyncedAt?: string;\n }>;\n memoryBootstrapStatusMark(scope?: \"files\" | \"sessions\"): Promise<{\n synced: true;\n syncedAt: string;\n }>;\n searchWeb(params: {\n query: string;\n count?: number;\n offset?: number;\n country?: string;\n freshness?: string;\n }): Promise<unknown>;\n searchImages(params: {\n query: string;\n count?: number;\n }): Promise<unknown>;\n searchNews(params: {\n query: string;\n count?: number;\n freshness?: string;\n }): Promise<unknown>;\n /**\n * Semantic search across the agent's member scopes. Fan-out is gated\n * server-side by `listScopes` set-inclusion (fail-closed). Pass\n * `scopeType` + `scopeId` to narrow to one scope; a non-member scope\n * yields empty results (never a cross-scope leak).\n */\n knowledgeSearch(query: string, opts?: {\n limit?: number;\n scopeType?: KnowledgeScopeType;\n scopeId?: string;\n }): Promise<KnowledgeSearchResult>;\n /** Enumerate the scopes (org + teams + projects) this agent belongs to. */\n listScopes(): Promise<{\n scopes: KnowledgeScope[];\n }>;\n /** Read a scope's structured knowledge profile (after membership check). */\n getScopeProfile(scopeType: KnowledgeScopeType, scopeId: string): Promise<KnowledgeProfile>;\n /** List a scope's facts (non-semantic, full enumeration). */\n listScopeFacts(scopeType: KnowledgeScopeType, scopeId: string, opts?: {\n limit?: number;\n cursor?: string;\n }): Promise<{\n facts: KnowledgeFact[];\n nextCursor: string | null;\n }>;\n /**\n * Publish a fact at a scope. This is the deliberate cross-agent learning\n * boundary — facts are attributable (the agent is recorded as author) and\n * never an automatic merge. Membership is enforced server-side (403 for a\n * non-member scope).\n */\n createScopeFact(scopeType: KnowledgeScopeType, scopeId: string, text: string): Promise<KnowledgeFact>;\n /** Delete a fact at a scope. */\n deleteScopeFact(scopeType: KnowledgeScopeType, scopeId: string, factId: string): Promise<{\n removed: boolean;\n }>;\n /** List a scope's docs (the org-files corpus; mirrored to shared/<scope>/). */\n listScopeDocs(scopeType: KnowledgeScopeType, scopeId: string, opts?: {\n limit?: number;\n cursor?: string;\n }): Promise<{\n files: KnowledgeDoc[];\n nextCursor: string | null;\n }>;\n /**\n * Read the full text of a scope doc. Resolves a presigned download URL\n * from `services/org`, then fetches the bytes directly from S3 (the one\n * legitimate raw fetch in a plugin — same pattern as sync).\n */\n readScopeDoc(scopeType: KnowledgeScopeType, scopeId: string, filePath: string): Promise<{\n filePath: string;\n text: string;\n }>;\n /**\n * Write (create or overwrite) a scope doc. Two-step presigned upload:\n * `services/org` returns a signed URL plus `requiredHeaders` (author /\n * authorKind / message as `x-amz-meta-*`) that MUST be sent verbatim on\n * the PUT, alongside the same `Content-Type` that was signed. Author and\n * authorKind are server-set from the agent token — never trusted here.\n */\n writeScopeDoc(scopeType: KnowledgeScopeType, scopeId: string, filePath: string, content: string, opts?: {\n contentType?: string;\n message?: string;\n }): Promise<{\n filePath: string;\n }>;\n registerDatabaseCredentials(): Promise<{\n connectionString: string;\n username: string;\n password: string;\n databases: string[];\n }>;\n reportDatabaseAudit(entry: {\n database: string;\n collection: string;\n operation: string;\n summary?: string;\n }): Promise<void>;\n requestBrowserTakeover(args: {\n instructions: string;\n url?: string;\n conversationId?: string;\n }): Promise<{\n sessionId: string;\n status: string;\n }>;\n getRemoteSession(sessionId: string): Promise<RemoteSessionInfo>;\n completeRemoteSession(sessionId: string): Promise<{\n ok: boolean;\n }>;\n /**\n * Issue a request that returns the raw `Response` (no JSON parsing, no\n * forced Content-Type). The caller sets `Content-Type`/`Accept` on `headers`\n * and reads the body itself (`arrayBuffer()` / `json()`).\n *\n * A single retry fires only on the same transient statuses `request()`\n * retries (authorizer-timeout 500 + LB 502/503/504) and transient network\n * errors — before the route handler runs — so re-issuing a POST does not\n * risk a duplicate side effect. Voice TTS/STT are effectively idempotent\n * (re-synthesize / re-transcribe) and meter server-side keyed on the\n * gateway requestId, so a retried transcription doesn't double-bill.\n */\n private rawFetch;\n /**\n * Text-to-speech. Returns raw PCM audio bytes plus their framing — the\n * voice service defaults to 24 kHz / mono / 16-bit. Wrap in a WAV container\n * to produce a playable file. Metered per character against the tenant\n * credit pool server-side; TTS completes regardless of metering outcome.\n */\n tts(args: VoiceTtsArgs): Promise<VoiceTtsResult>;\n /**\n * Speech-to-text. Accepts raw linear16 (16-bit LE) mono PCM — NOT a WAV or\n * other container (the endpoint transcribes with a fixed linear16 encoding,\n * so a container header would be transcribed as noise). Strip any WAV header\n * and pass `sampleRate` from it before calling. Metered by transcribed\n * duration against the tenant credit pool server-side.\n */\n stt(args: VoiceSttArgs): Promise<VoiceSttResult>;\n}\n//# sourceMappingURL=index.d.ts.map\n//#endregion\nexport { AgentApiClient, AgentApiClientConfig, AgentAvatarPresign, AgentSelf, AgentVoice, AgentVoiceConfig, type ChangelogAction, type ChangelogActor, type ChangelogEntry, type EncryptedEnvelopeV1, type Field, type FieldEnvelope, type FieldFormat, type FieldSensitivity, type FieldView, type GeneratedDataKey, type IntegrationConfigResult, type IntegrationConfigSchemaField, type IntegrationInstall, KnowledgeDoc, KnowledgeFact, KnowledgeProfile, KnowledgeProfileLink, KnowledgeScope, KnowledgeScopeType, KnowledgeSearchHit, KnowledgeSearchResult, type RegistryEntry, RemoteSessionInfo, type ScopeInfo, type SecretAggregate, type SecretCategory, type SecretMetadata, type SecretScope, SharedFileEntry, SyncAgentInfo, SyncAgentStats, SyncConfirmedUpload, SyncFileEntry, SyncManifest, SyncManifestEntry, SyncPresignedUrl, SyncReconstructBundle, SyncReconstructFile, SyncSessionContent, SyncSessionEntry, VoiceSttArgs, VoiceSttResult, VoiceTtsArgs, VoiceTtsModel, VoiceTtsResult };\n//# sourceMappingURL=index.d.ts.map"],"mappings":";;;;;;;;;AAyBA;AAOA;;;;;AAcA;AAiBiB,UAtCA,aAAA,CAsCY;EA4BP,IAAA,EAAA,MAAA;EAAY,IAAA,EAAA,MAAA;YAEvB,EAAA,MAAA;cAAR,EAAA,UAAA,GAAA,YAAA;;AAmBmB,UAhFL,aAAA,CAgFkB;EAAA,KAAA,EA/E1B,MA+E0B,CAAA,MAAA,EA/EX,aA+EW,CAAA;;;;AAanC;;;;;AAgCA;EAgBsB,OAAA,CAAA,EAAA,MAAA;AAgBtB;AAA6B,UA/IZ,cAAA,CA+IY;SACpB,EAAA,CAAA;SACC,EAAA,MAAA;UACP,EAAA,MAAA;EAAY,KAAA,EA9IN,MA8IM,CAAA,MAAA,EAAA;;;;ICvHF,IAAA,CAAA,EAAA,MAAA;IAiDS,YAAA,CAAA,EAAA,MAAkB;IA+BxB,UAAA,CAAY,EAAA,OAAA;EAuBZ,CAAA,CAAA;AAUhB;UD3HiB,YAAA;;;EE3DPiC;EAIAC,MAAAA,EAAAA,MAAAA,EAAAA;EASAC;EAUAC,SAAAA,EAAAA,MAAAA,EAAAA;EAQAC;EAAY,aAAA,EAAA,MAAA,EAAA;;;;AAIP;AAEW;AAKG;AAOA;AAYD;AAUlBO,iBFgBY,YAAA,CEhBC,aAAA,EAAA,MAAA,CAAA,EFkBpB,OElBoB,CFkBZ,aElBY,CAAA;AAAA;AAQG;AAOE;AAKH;AAOfK,iBFUY,aAAA,CETTD,aAAkB,EAAA,MAAA,EAAA,QAAA,EFWnB,aEXmB,CAAA,EFY5B,OEZ4B,CAAA,IAAA,CAAA;AAAA;AASA;AASF;AAQnBK,iBFJY,mBAAA,CEII,aAAA,EAAA,MAAA,EAAA,YAAA,EAAA,MAAA,EAAA,KAAA,EFDjB,aECiB,CAAA,EFAvB,OEAuB,CAAA,IAAA,CAAA;;;;;AAKG;AAME;AAQT;AAUI;;AAyCR;AAOK;AAKR;AAcLa,iBFpEY,mBAAA,CEoEE,aAAA,EAAA,MAAA,EAAA,YAAA,EAAA,MAAA,CAAA,EFjErB,OEiEqB,CAAA,IAAA,CAAA;AAAA;;;;AAYlBE,iBFhEgB,eAAA,CEgEhBA,QAAAA,EAAAA,MAAAA,CAAAA,EFhEmD,OEgEnDA,CAAAA,MAAAA,CAAAA;;;;;;AAkBAA,iBFlEU,aAAA,CEkEVA,KAAAA,EFjEG,aEiEHA,EAAAA,MAAAA,EFhEI,cEgEJA,CAAAA,EF/DH,YE+DGA;;;;cDtLO;iBAiDS,kBAAA,2CAGnB;iBA4Ba,YAAA;ADhIC,iBCuJD,eAAA,CDvJc,WAAA,EAAA,MAAA,EAAA,QAAA,EAAA,MAAA,EAAA,CAAA,EAAA,OAAA;AAOb,iBC0JD,aAAA,CD1Jc,KAAA,EAAA,MAAA,EAAA,EAAA,QAAA,EAAA,MAAA,EAAA,CAAA,EAAA,MAAA,EAAA;;;;;;AAP9B,UErBUnC,oBAAAA,CFqBoB;EAO9B,MAAiB,EAAA,MAAA;EAAa,MAAA,EAAA,MAAA;;UExBpBC,iBAAAA,CFyBD;EAAM,SAAA,EAAA,MAAA;EAaf,OAAiB,EAAA,MAAA;EAiBjB,OAAiB,EAAA,SAAY,GAAA,UAAA;EA4B7B,MAAsB,EAAA,eAAY,GAAA,gBAAA,GAAA,kBAAA,GAAA,UAAA,GAAA,WAAA,GAAA,SAAA,GAAA,QAAA;EAAA,GAAA,CAAA,EAAA,MAAA;cAEvB,CAAA,EAAA,MAAA;aAAR,CAAA,EAAA,MAAA;;AAmBH,UE/FUC,aAAAA,CF+FyB;EAAA,OAAA,EAAA,MAAA;UAEvB,EAAA,MAAA;aACT,EAAA,MAAA;EAAO,QAAA,EAAA,MAAA;EAUV,MAAsB,EAAA,OAAA,GAAA,SAAmB,GAAA,QAAA;EAAA,SAAA,CAAA,EAAA,MAAA;WAGhC,CAAA,EAAA,MAAA;UACN,CAAA,EAAA,MAAA;;AA4BH,UElIUC,iBAAAA,CFkI+B;EAgBzC,IAAsB,EAAA,MAAA;EAgBtB,IAAgB,EAAA,MAAA;EAAa,QAAA,EAAA,MAAA;OACpB,EAAA,MAAA;cACC,CAAA,EAAA,MAAA;YACP,CAAA,EAAA,OAAA;;UE7JOC,YAAAA;;;EDsCV,QAAa,EAAA,MAAA;EAiDb,KAAsB,ECnFbC,MDmFa,CAAA,MAAA,ECnFEF,iBDsFrB,CAAA;AA4BH;AAuBA,UCvIUG,gBAAAA,CDuIqB;EAU/B,IAAgB,EAAA,MAAA;;;;AC1Lo1B,UA8C11BC,mBAAAA,CA1CoB;EAAA,QAIpBN,EAAAA,MAAAA;EAAiB,IASjBC,EAAAA,MAAAA;EAAa,IAUbC,EAAAA,MAAAA;EAAiB,YAQjBC,EAAAA,UAAY,GAAA,YAAA;EAAA,QAAA,EAAA,MAAA;;UAkBZI,mBAAAA,CAdDH;EAAM,IAAA,EAAA,MAAA;EAAA,IAELC,EAAAA,MAAAA;EAAgB,GAKhBC,EAAAA,MAAAA;EAAmB,YAOnBC,CAAAA,EAAAA,MAAAA;EAAmB,UAOnBC,CAAAA,EAAAA,OAAAA;AAKkB;AAGJ,UARdA,qBAAAA,CAea;EAAA,OAQbG,EAAAA,MAAAA;EAAgB,IAOhBC,EAAAA,MAAAA,GAAAA,QAAkB,GAAA,QAAA;EAAA,SAKlBC,EAAAA,MAAAA;EAAe,SAMpBC,EAAAA,MAAAA;EAAkB,KACbC,EArCDR,mBAqCe,EAAA;EACO,SAIrBS,EAAAA,MAAAA;AAKqB;AASF,UArDnBP,cAAAA,CAyDAS;EAAoB,OAIpBC,EAAAA,MAAAA;EAAgB,aAAA,EAAA,MAAA;cACbL,EAAAA,MAAAA;WAIJI,EAAAA,MAAAA;EAAoB,UAAA,EAAA,MAAA,GAAA,IAAA;AAAA;AAME,UAjErBR,aAAAA,CAyEY;EAAA,QAUZY,EAAAA,MAAAA;EAAgB,IAYhBC,EAAAA,MAAAA;EAKsB,QAItBC,EAAAA,MAAAA;EAAkB,WAWlBC,EAAAA,MAAU;EAKJ,YAIXC,CAAAA,EAAAA,MAAa;EAAA,UACRC,CAAAA,EAAAA,OAAY;AAMC;AAKR,UAhILhB,gBAAAA,CAwIY;EAEH,SAITqB,EAAAA,MAAAA;EAAc,IAKVC,EAAAA,MAAAA;EAAc,YAAA,EAAA,MAAA;cAGNlC,CAAAA,EAAAA,MAAAA;YAKXE,EAAAA,OAAAA;;UApJDW,kBAAAA,CAsJmBT;WAAR+B,EAAAA,MAAAA;SAQX7B,EAAAA,MAAAA;YADJ6B,EAAAA,OAAAA;;UAxJIrB,eAAAA,CAgKJqB;UAGQ1B,EAAAA,MAAAA;UAAR0B,EAAAA,MAAAA;QACoBzB,MAAAA;aAARyB,CAAAA,EAAAA,MAAAA;;KA9JbpB,kBAAAA,GAiKCoB,KAAAA,GAAAA,MAAAA,GAAAA,SAAAA;UAhKInB,cAAAA,CAoKIJ;WADQuB,EAlKTpB,kBAkKSoB;SAGuBtB,EAAAA,MAAAA;QAARsB,MAAAA;;UAjK3BlB,kBAAAA,CAyKCH;YADLqB;QAQAA,MAAAA;;OAIgBA,EAAAA,MAAAA;WACiCnD,EAhL1C+B,kBAgL0C/B;SAARmD,EAAAA,MAAAA;QACU9B,EAAAA,KAAAA,GAAAA,MAAAA;;UAG5CA,CAAAA,EAAAA,MAAAA;;QACP8B,CAAAA,EAAAA,MAAAA;;UA7KIjB,qBAAAA,CA8KkCiB;SACQA,EA9KzClB,kBA8KyCkB,EAAAA;;iBAKhBA,EAAAA,OAAAA;;UA/K1BhB,oBAAAA,CAoLOgB;OAaSA,EAAAA,MAAAA;OAUgBA,MAAAA;;UAvMhCf,gBAAAA,CAuOaf;WAL2B8B,EAjOrCpB,kBAiOqCoB;SAgBxBA,EAAAA,MAAAA;OAkBHA,EAAAA,MAAAA,GAAAA,IAAAA;aAiBCA,EAAAA,MAAAA,GAAAA,IAAAA;OAcHA,EA9RZhB,oBA8RYgB,EAAAA;WAWCA,EAAAA,MAAAA,GAAAA,IAAAA;WAU2BA,EAAAA,MAAAA,GAAAA,IAAAA;;UA/SvCd,aAAAA,CAqUac;QAmBMA,EAAAA,MAAAA;WAYFA,EAlWdpB,kBAkWcoB;SA0BDA,EAAAA,MAAAA;QAoCiCA,MAAAA;YAUnCA,EAAAA,MAAAA;WAcHA,EAAAA,MAAAA;WAYCA,EAAAA,MAAAA;WASQA,EAAAA,MAAAA;;UArcpBb,YAAAA,CAkesCa;UAkBnBA,EAAAA,MAAAA;UAyBHA,EAAAA,MAAAA;aA8BiCA,CAAAA,EAAAA,MAAAA;QAKlCA,MAAAA;YAaN9B,CAAAA,EAAAA,MAAAA;WACb8B,EAAAA,MAAAA;WAIiBA,EAAAA,MAAAA;;;UAxjBbZ,gBAAAA,CAomBJY;;SAOQX,CAAAA,EAAAA,MAAAA;UAARW,CAAAA,EAAAA,MAAAA;SAOQX,CAAAA,EAAAA,OAAAA;;;;;;;;UAtmBJA,SAAAA,CAioBCzB;SAIGjB,EAAAA,MAAAA;UAARqD,EAAAA,MAAAA;QAQKpC,MAAAA;WAKLoC,CAAAA,EAAAA,MAAAA;aAUKpC,CAAAA,EAvpBKwB,gBAupBLxB;QAIIJ,EAAAA,MAAAA;;;UAvpBL8B,kBAAAA,CA+pBOrD;;WAGX+D,EAAAA,MAAAA;;OAOS1C,EAAAA,MAAAA;;WADT0C,EAAAA,MAAAA;;WAYWxD,EAAAA,MAAAA;;;UAzqBP+C,UAAAA,CAuqBJS;YAYKpC;QAIMpB,MAAAA;YACJF,EAAAA,MAAAA;aAEEL,EAAAA,MAAAA;QAET+D,EAvrBI9B,MAurBJ8B,CAAAA,MAAAA,EAAAA,MAAAA,CAAAA;UAMKpC,EAAAA,MAAAA;;;KAzrBN4B,aAAAA,GAssBUhC,mBAAAA,GAAAA,wBAAAA;UArsBLiC,YAAAA,CAusBInC;;QAGHM,MAAAA;;SAKGF,CAAAA,EAAAA,MAAAA;;OAGHE,CAAAA,EA5sBD4B,aA4sBC5B;;;UAzsBD8B,cAAAA,CAotBC9B;;OAKmBR,EAvtBrBuC,MAutBqBvC;;YAUlB4C,EAAAA,MAAAA;;UAyBNA,EAAAA,MAAAA;;UAaAA,EAAAA,MAAAA;;UA/vBIJ,YAAAA,CAqxBJI;;OAgBAA,EAnyBGH,UAmyBHG;;YA4BAA,EAAAA,MAAAA;;UA3zBIF,cAAAA,CA61BJE;QAWAA,MAAAA;;YAkCAA,EAAAA,MAAAA;;cAr4BQD,cAAAA,CAq5B0CC;mBAIjBA,MAAAA;mBAWnBA,MAAAA;aAQcA,CAAAA,MAAAA,EAz6BZnC,oBAy6BYmC;UAGjBA,OAAAA;cAeXA,CAAAA,KAAAA,EAAAA;eAMqBA,CAAAA,EAAAA,MAAAA;MA77BrBA,OAm8BqDA,CAAAA;SAUrDA,EA58BKjC,aA48BLiC;;iBASAA,CAAAA,CAAAA,EAn9BeA,OAm9BfA,CAn9BuB/B,YAm9BvB+B,CAAAA;aASUpB,CAAAA,IAAAA,EAAAA;SAEFG,EAAAA;UAARiB,EAAAA,MAAAA;eAGMnB,EAAAA,KAAAA,GAAAA,KAAAA;iBADImB,CAAAA,EAAAA,MAAAA;OAIapB;MA79BvBoB,OA69BqEf,CAAAA;QAARe,EA59BzD7B,gBA49ByD6B,EAAAA;;mBAMxDd,CAAAA,IAAAA,EAAAA;YADLc,EAAAA,MAAAA;QAUuBpB,EAAAA,MAAAA;QAA4DM,EAAAA,MAAAA;gBAARc,CAAAA,EAAAA,UAAAA,GAAAA,YAAAA;MAp+B3EA,OAs+BuBpB,CAt+BfR,mBAs+BeQ,CAAAA;iBAAsDoB,CAAAA,IAAAA,EAAAA;QAIxDpB,EAAAA,MAAAA,GAAAA,QAAAA,GAAAA,QAAAA;MAv+BrBoB,OA2+BKb,CA3+BGb,qBA2+BHa,CAAAA;cADLa,CAAAA,CAAAA,EAz+BYA,OAy+BZA,CAz+BoBzB,cAy+BpByB,CAAAA;eASoBpB,CAAAA,KAAAA,EAAAA;UAAwDoB,CAAAA,EAAAA,MAAAA;MA/+B5EA,OA0/BqBpB,CAAAA;SAGrBoB,EA5/BKxB,aA4/BLwB,EAAAA;;kBAcAA,CAAAA,CAAAA,EAxgCgBA,OAwgChBA,CAAAA;YAKAA,EA5gCQvB,gBA4gCRuB,EAAAA;;gBAIiCA,CAAAA,SAAAA,EAAAA,MAAAA,CAAAA,EA9gCFA,OA8gCEA,CA9gCMtB,kBA8gCNsB,CAAAA;gBACKA,CAAAA,QAAAA,EAAAA,MAAAA,CAAAA,EA9gCRA,OA8gCQA,CAAAA;WAsBhCP,EAAAA,OAAAA;;iBAAeO,CAAAA,IAAAA,EAAAA;SAQfJ,EAAAA,KAAAA,GAAAA,MAAAA,GAAAA,SAAAA;WAAuBE,EAAAA,MAAAA;MAtiC7BE,OAsiCqBA,CAAAA;IAAO,KAAA,EAriCvBrB,eAqiCuB,EAAA;;;;IChxCjB,KAAA,EAAA,KAAA,GAAU,MAAA,GAAA,SAAA;IA8CV,OAAA,EAAA,MAAA;IAqBD,QAAA,EAAA,MAAA;EAAgB,CAAA,CAAA,ED+K1BqB,OC/K0B,CAAA;eAC9B,EAAA,MAAA;aACA,EAAA,MAAA;;kBAEA,CAAA,CAAA,ED+KoBA,OC/KpB,CD+K4BhD,kBC/K5B,EAAA,CAAA;sBACC,CAAA,aAAA,EAAA,MAAA,CAAA,ED+K4CgD,OC/K5C,CD+KoDnD,uBC/KpD,CAAA;yDDgLsDqB,0BAA0B8B;oBCnKpE,CAAA,aAAA,EAAA,MAAA,EAAA,QAAA,EAAA;WAAR,CAAA,EAAA,MAAA;UAwCQ,CAAA,ED8HF9B,MC9HE,CAAA,MAAA,EAAA,OAAA,CAAA;MD+HT8B,OC/HC,CD+HOhD,kBC/HP,CAAA;mBA4BoD,CAAA,aAAA,EAAA,MAAA,CAAA,EDoGfgD,OCpGe,CDoGPhD,kBCpGO,CAAA;aAAR,CAAA,QAAA,EAAA,MAAA,EAAA,MAAA,CAAA,EAAA,MAAA,EAAA,CAAA,EDqGCgD,OCrGD,CAAA;OAqCY,EAAA,MAAA;YAAR,EAAA,MAAA;aA6HxC,EAAA,MAAA;;gBAmOA,CAAA,QAAA,EAAA,MAAA,CAAA,ED3RqBA,OC2RrB,CAAA;YAAR,EAAA,MAAA;aAgDQ,EAAA,OAAA;UAAR,CAAA,EDxUM9B,MCwUN,CAAA,MAAA,EAAA,MAAA,CAAA;;EAgCO,WAAA,CAAA,CAAA,EDtWG8B,OCsWH,CAAA;IAmBF,YAAA,EDxXM9C,aCwXI,EAAA;EAAA,CAAA,CAAA;;;;;;;AC/pBtB;AAmBA;;;sBAEiB,CAAA,CAAA,EF8RS8C,OE9RT,CAAA;YAAd,EAAA;MAAO,KAAA,EAAA,MAAA;;;;MCTO,WAAA,CAAA,EAAY,MAAA;MAkGP,WAAA,CAAW,EAAA,MAAA;IAAA,CAAA,EAAA;;yBAKtB,CAAA,KAAA,EAAA,MAAA,CAAA,EH0M+BA,OG1M/B,CAAA;YAAR,EAAA;MAAO,KAAA,EAAA,MAAA;;;;ECzGV,CAAA,CAAiB;EAqDjB,wBAAmC,CAAA,CAAA,EJqQLA,OIrQK,CAAA;IAAA,KAAA,EAAA,MAAA;gBAGzB,EAAA,MAAA;YACS,EAAA,MAAA;gBAER,EAAA,MAAA;eAAR,CAAA,EAAA,MAAA;EAAO,CAAA,CAAA;;;;ACxEV;AAUA;;;;;;;;;kDLiVkDA;;IMrUjC,YAAA,EAAW,MAAA;IAMX,iBAAA,CAAA,EAAgB,MAAA;IAKvB,WAAA,CAAA,EAAA,MAAY;IAOL,gBAAA,CAAA,ENwTM9B,MMxTU,CAAA,MAAA,EAAA,OAAA,CAAA;IAAA,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,OAAA;;;;;;;;;AAQjC;EAAsC,oBAAA,CAAA,CAAA,EN2TZ8B,OM3TY,CAAA;SAC5B,EAAA,MAAA;eACH,EAAA,MAAA;;EACY;;;;;;;;;;;;;;uBN0UIA;;;;;;;;;;;;;;;;;wBAiBCA;;;;;;;;;;;;;;qBAcHA;;;;;;;;;;;sBAWCA;;;;;;;;;;iDAU2BA;;;;;;;;;;0BAUvBA;;;;;;;;;;;;uBAYHA;;;;;;;;;;;;;;;;;;;6BAmBMA;;;;;;;;;;;;2BAYFA;;;;;;;;;;;;;;;;;;;;;;;;;;0BA0BDA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2DAoCiCA;;;;;;;;;;wBAUnCA;;;;;;;;;;;;;;qBAcHA;;;;;;;;;;;;sBAYCA;;;;;;;;;8BASQA;;;;;;;;;;;;2BAYHA;;;;;;;;;;;;;;;;;gDAiBqBA;;;;;;;;;;;;;;;;;;6BAkBnBA;;;;;;;;;;;;;;;;;;;;;;;;;0BAyBHA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;2DA8BiCA;;;;;yBAKlCA;;;;;;;;;;;;;mBAaN9B;MACb8B;;;;uBAIiBA;;;;;;;;;;;QAWfA;;;;;;;;;;;;;;;;;;;;;;;;;MAyBFA;;;;;;;;MAQAA;;;;;;kBAMYZ;MACZY,QAAQX;;;;;;;MAORW,QAAQX;;;;;;;;MAQRW,QAAQV;;;;;iCAKmBU,QAAQX;;gBAEzBW;YACJT;;;;;;;;;;;WAWD3B;;;;MAILoC,QAAQrD;;;;;;;;WAQHiB;;;;;MAKLoC;;;;;;;;;;WAUKpC;;;;eAIIJ;;;;;eAKAlB;mBACIE;;iBAEFP;;;MAGX+D,QAAQ1C;;;WAGHM;;;MAGLoC;eACS1C;eACAlB;;;;WAIJwB;;;;MAILoC;;iBAEWxD;aACJF;;eAEEL;;;;;;;WAOJ2B;;;;iBAIMpB;aACJF;;eAEEL;;MAET+D;;;;;;WAMKpC;;;;MAILoC;;;WAGKpC;;;;;;eAMIJ;;MAETwC,QAAQ1C;;;WAGHM;;eAEIJ;;;MAGTwC,QAAQtC;;;WAGHE;;;;;MAKLoC;aACOjE;;;;;WAKF6B;;;MAGLoC;;sBAEgBA,QAAQ5C;;;;;;;;;;YAUlB4C;;;;;;;;;MASNA;;;;;;;;;;;;;;;;MAgBAA;;;0CAGoCA;;;;;;;;;;MAUpCA;;;;;;;;;;MAUAA;;;;;;;;;;;;MAYAA;;;;;;;;;;;MAWAA;;;;;MAKAA;;;;;;;;;;MAUAA;;;;;;;;;;;;;;;;;;MAkBAA;;;;;;;;;;;;;;;;MAgBAA;;;;;;;;;;;;;;;;;;MAkBAA;;;;;;;;;;;MAWAA;;;;;;;;;;MAUAA;;;;;;;;;;;;;;;;;;;;;;;;MAwBAA;;;;;;;;;;;;MAYAA;;;;wDAIkDA;;;;uCAIjBA;;;;;;;;;;;oBAWnBA;;;;;;;;kCAQcA;;;iBAGjBA;;;;;;;;;;;;;;;MAeXA;;;;;;2BAMqBA;;;;;;2DAMgCA;;;;;;;;;;MAUrDA;;;;MAIAA;;;;;MAKAA;;;;;;;;;gBASUpB;;MAEVoB,QAAQjB;;gBAEEiB;YACJnB;;;6BAGiBD,sCAAsCoB,QAAQf;;4BAE/CL;;;MAGtBoB;WACKd;;;;;;;;;6BASkBN,oDAAoDoB,QAAQd;;6BAE5DN,sDAAsDoB;;;;2BAIxDpB;;;MAGrBoB;WACKb;;;;;;;;0BAQeP,wDAAwDoB;;;;;;;;;;;2BAWvDpB;;;MAGrBoB;;;iCAG2BA;;;;;;;;;;;MAW3BA;;;;;MAKAA;;;;uCAIiCA,QAAQlC;4CACHkC;;;;;;;;;;;;;;;;;;;;;;YAsBhCP,eAAeO,QAAQN;;;;;;;;YAQvBE,eAAeI,QAAQF;;;;;;AF9tCb,UGlDL,UAAA,CHkDiB;EAAA,MAAA,EAAA,MAAA;QAEvB,EAAA,MAAA;WAAR,EAAA,MAAA;EAAO,MAAA,EAAA,MAAA;AAmBV;;;;;AAaA;;;;;AAgCA;AAgBA;AAgBA;;;;;;;;;ACpHa,UEcI,iBAAA,CFbiD;EAgD5C,aAAA,EAAA,MAAkB;EA+BxB,MAAA,EEhEN,cFgEkB;EAuBZ;AAUhB;;;;ECtLUjC;AAAoB;AAIH;AASJ;EAkBbI,gBAAY,CAAA,EAAA,MAAA;;;;;AAIP;AAEW;AAKG;AAcnBK,iBCgDM,gBAAA,CD3CPD;EAAAA,aAAAA;EAAAA,MAAmB;EAAA,OAAA;EAAA;AAAA,CAAA,ECgDzB,iBDhDyB,CAAA,EAAA;EAGlBE,aAAAA,EAAAA,MAAc;EAOdC,MAAAA,gBAAa;EAQbC,OAAAA,EAAAA,MAAAA;EAOAC;AAAkB;AAKH;AAMF;EAMbI,IAAAA,CAAAA,KAAkB,CAAlBA,EAAAA,MAAAA,EAAkB,EAAA,OAsBlBG,CAtBkB,EAKfL;IAQHG,KAAAA,CAAAA,EAAAA,OAAAA;IAKAC,MAAAA,CAAAA,EAAAA,MAAAA;EAIAC,CAAAA,CAAAA,ECHH,ODGGA,CCHK,UDGW,CAAA;EAAA,WAAA,CAAA,KAAA,EAAA,MAAA,EAAA,EAAA,QAAA,EAAA;IACbL,KAAAA,CAAAA,EAAAA,OAAAA;MCoCN,ODhCEI,CCgCM,UDhCNA,CAAAA;EAAoB;EAInBE,IAAAA,CAAAA,OAoBAE,CApBAF,EAAAA;IAUAC,KAAAA,CAAAA,EAAAA,OAAY;EAUZC,CAAAA,CAAAA,ECoCyC,ODpCzCA,CCoCiD,UDpCjC,CAAA;EAYhBC;AAKsB;AAIJ;AAgBZ;EAKNI,QAAAA,CAAAA,OAmBAG,CAnBY,EAAA;IASZF,KAAAA,CAAAA,EAAAA,OAAc;EAUdE,CAAAA,CAAAA,ECY6C,ODZ7CA,CCYqD,UDZzC,CAAA;EAMZE;AAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mBAgFPE,CAAAA,QAAAA,EAAAA;IAaSA,KAAAA,CAAAA,EAAAA,OAAAA;MCsCnB,OD5BmCA,CC4B3B,UD5B2BA,CAAAA;;;;;WA6DnBA,CAAAA,KAAAA,EAAAA,MAAAA,EAAAA,EAAAA,QAAAA,EAAAA;IAiBCA,KAAAA,CAAAA,EAAAA,OAAAA;MCiLjB,ODnKcA,CCmKN,UDnKMA,CAAAA;;;;;;;;;;;cA4KCA,CAAAA,QAAAA,EAAAA;IASQA,KAAAA,CAAAA,EAAAA,OAAAA;IAYHA,KAAAA,CAAAA,EAAAA,MAAAA;MCkBpB,ODDyCA,CCCjC,UDDiCA,CAAAA;;;;;iBA2F7B9B,CAAAA,QAAAA,EAAAA,MAAAA,EAAAA,QAAAA,EAAAA;IACb8B,KAAAA,CAAAA,EAAAA,OAAAA;MC3DC,OD+DgBA,CAAAA,IAAAA,CAAAA;;AAoCjBA,KChFM,UAAA,GAAa,UDgFnBA,CAAAA,OChFqC,gBDgFrCA,CAAAA;;;;;;;;AFjuBN;AAOA;AAA8B,UIrBb,cAAA,CJqBa;eACN,EAAA,MAAA;;;AAaxB;AAiBA;AA4BA;EAAkC,OAAA,CAAA,EAAA,MAAA;;YAE/B,CAAA,EAAA,MAAA;EAAO;EAmBY,SAAA,EAAA,CAAA,KAAa,EAAA,MAAA,EAAA,EAAA,GAAA,IAAA,GI1FM,OJ0FN,CAAA,IAAA,CAAA;;;;;AAanC;;AAGS,iBIlGa,YAAA,CJkGb,OAAA,EIjGE,cJiGF,CAAA,EIhGN,OJgGM,CAAA,GAAA,GIhGQ,OJgGR,CAAA,IAAA,CAAA,CAAA;;;;AArCa,UKpEL,YAAA,CLoEiB;EAAA,IAAA,EAAA,MAAA;SAEvB,EAAA,OAAA;MAAR,CAAA,EAAA,MAAA;EAAO,IAAA,CAAA,EAAA,MAAA;EAmBY,KAAA,CAAA,EAAA,MAAA;;;;;AAatB;;;;;AAgCA;AAgBA;AAgBgB,iBKpEM,WAAA,CLoEO,aAAA,EAAA,MAAA,EAAA,aAAA,EAAA,MAAA,EAAA,EAAA,MAAA,EKjEnB,cLiEmB,EAAA,QAAA,EAAA;EAAA,WAAA,CAAA,EAAA,MAAA;OACpB,CAAA,EAAA,OAAA;IKhEN,OLiEO,CKjEC,YLiED,EAAA,CAAA;;;;AAhIO,UM1CA,cAAA,CN0CY;EA4BP,IAAA,EAAA,MAAA;EAAY,OAAA,EAAA,OAAA;MAEvB,CAAA,EAAA,MAAA;OAAR,CAAA,EAAA,MAAA;;AAmBmB,iBMtCA,aAAA,CNsCa,aAAA,EAAA,MAAA,EAAA,aAAA,EAAA,MAAA,EAAA,EAAA,MAAA,EMnCzB,cNmCyB,EAAA,cAAA,CAAA,EMlChB,cNkCgB,EAAA,QAAA,EAAA;EAAA,WAAA,CAAA,EAAA,MAAA;OAEvB,CAAA,EAAA,OAAA;IMlCT,ONmCA,CMnCQ,cNmCR,EAAA,CAAA;;;;;;;;AA1Fc,UOjBA,YAAA,CPiBa;EAOb,UAAA,CAAA,EAAA,MAAa;EAAA,WAAA,CAAA,EAAA,MAAA;;;;AAc9B;AAiBA;AA4BA;AAAkC,iBOzEZ,SPyEY,CAAA,CAAA,CAAA,CAAA,EAAA,EAAA,GAAA,GOxEtB,OPwEsB,COxEd,CPwEc,CAAA,EAAA,OAAA,CAAA,EOvEvB,YPuEuB,CAAA,EOtE/B,OPsE+B,COtEvB,CPsEuB,CAAA;;;;AAAZ,UQ7DL,WAAA,CR6DiB;EAAA,SAAA,EAAA,MAAA,GAAA,SAAA,GAAA,KAAA;SAEvB,EAAA,MAAA;MAAR,EAAA,MAAA;;AAmBmB,UQ5EL,gBAAA,CR4EkB;EAAA,aAAA,EAAA,MAAA;QAEvB,EQ5EF,cR4EE;;UQzEF,YAAA,CR0EA;EAUY,IAAA,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAmB;EAAA,IAAA,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAA;OAGhC,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAA;OACN,CAAA,GAAA,EAAA,MAAA,CAAA,EAAA,IAAA;;AA4BmB,UQ7GL,gBAAA,CR6GwB;EAgBnB,UAAA,CAAA,MAAA,EQ5HD,WR4HoC,EAAA,CAAA,EQ5HpB,OR4H2B,CAAA,IAAA,CAAA;EAgBhD,YAAA,CAAA,MAAa,EQ3IN,WR2IM,EAAA,CAAA,EQ3IU,OR2IV,CAAA,IAAA,CAAA;EAAA,kBAAA,CAAA,QAAA,EAAA,MAAA,EAAA,SAAA,EAAA,SAAA,GAAA,SAAA,CAAA,EQ1I6C,OR0I7C,CAAA,IAAA,CAAA;UACpB,EAAA,EQ1IK,OR0IL,CAAA,IAAA,CAAA;WACC,EAAA,EQ1IK,WR0IL,EAAA;;AACK,iBQxIC,sBAAA,CRwID,MAAA,EQvIL,gBRuIK,EAAA,GAAA,EQtIR,YRsIQ,CAAA,EQrIZ,gBRqIY"}
package/dist/index.d.ts CHANGED
@@ -22,6 +22,16 @@ interface ManifestEntry {
22
22
  }
23
23
  interface LocalManifest {
24
24
  files: Record<string, ManifestEntry>;
25
+ /**
26
+ * Owner of this manifest. The manifest lives at a machine-global path
27
+ * (`~/.alfe/sync/manifest.json`), so if a machine is re-adopted by a
28
+ * DIFFERENT agent without clearing `~/.alfe/sync/`, the entries describe
29
+ * the previous agent's sync state and must not be trusted for recovery
30
+ * classification. Absent on pre-upgrade manifests — those are trusted
31
+ * (grandfathered: same-agent continuation is overwhelmingly the norm, and
32
+ * distrust would sidecar-spam every diverged file after upgrade).
33
+ */
34
+ agentId?: string;
25
35
  }
26
36
  interface RemoteManifest {
27
37
  version: 1;
@@ -63,6 +73,15 @@ declare function writeManifest(workspacePath: string, manifest: LocalManifest):
63
73
  * Update a single file entry in the local manifest.
64
74
  */
65
75
  declare function updateManifestEntry(workspacePath: string, relativePath: string, entry: ManifestEntry): Promise<void>;
76
+ /**
77
+ * Update many file entries in one read-modify-write pass.
78
+ *
79
+ * `updateManifestEntry` re-reads and rewrites the whole manifest JSON per
80
+ * call — fine for single-file watcher events, quadratic for bulk heals, and
81
+ * lossy when calls overlap. Use this for any batch (e.g. the recovery
82
+ * "identical → heal" pass). Optionally stamps the owning agentId.
83
+ */
84
+
66
85
  /**
67
86
  * Remove a file entry from the local manifest.
68
87
  */
@@ -1284,8 +1303,10 @@ declare class AgentApiClient {
1284
1303
  memoryBootstrapStatus(): Promise<{
1285
1304
  synced: boolean;
1286
1305
  syncedAt?: string;
1306
+ sessionsBackfillSynced?: boolean;
1307
+ sessionsBackfillSyncedAt?: string;
1287
1308
  }>;
1288
- memoryBootstrapStatusMark(): Promise<{
1309
+ memoryBootstrapStatusMark(scope?: "files" | "sessions"): Promise<{
1289
1310
  synced: true;
1290
1311
  syncedAt: string;
1291
1312
  }>;
@@ -1434,6 +1455,26 @@ interface SyncResult {
1434
1455
  conflicts: number;
1435
1456
  errors: number;
1436
1457
  }
1458
+ /**
1459
+ * Recovery artifacts: `.conflict-<ts>` sidecars and `RECOVERY-<ts>.md`
1460
+ * reports. Anchored to the timestamp shape so legitimate user files like
1461
+ * `my.conflict-notes.txt` or `RECOVERY-plan.md` are never misclassified.
1462
+ *
1463
+ * They seed UP to the cloud so a preserved local version survives even if
1464
+ * the VM dies before the agent merges it (retrievable via the dashboard
1465
+ * file manager), but they are never AUTO-restored back down and never
1466
+ * preserved again — restoring would resurrect copies the agent already
1467
+ * cleaned up, and re-preserving would cascade `.conflict`-of-`.conflict`
1468
+ * files. Cloud copies are reclaimed when the agent's local cleanup
1469
+ * propagates through the watcher; artifacts orphaned by a rebuild before
1470
+ * cleanup linger until then (accepted: small, user-visible, deletable).
1471
+ * The watcher's delete brake also exempts them so the agent's post-merge
1472
+ * cleanup of many sidecars can't trip it.
1473
+ *
1474
+ * Deliberately NOT in the ignore set: ignored paths don't seed up and would
1475
+ * be eligible for pruneIgnored deletion.
1476
+ */
1477
+
1437
1478
  interface SyncEngineOptions {
1438
1479
  workspacePath: string;
1439
1480
  client: AgentApiClient;
@@ -1442,6 +1483,11 @@ interface SyncEngineOptions {
1442
1483
  * every scan (push / fullSync / firstRunReconcile). Default: "openclaw".
1443
1484
  */
1444
1485
  runtime?: string;
1486
+ /**
1487
+ * Recovery sidecar size cap override — see MAX_PRESERVE_BYTES. Exists so
1488
+ * tests can exercise the over-cap path without multi-hundred-MB fixtures.
1489
+ */
1490
+ maxPreserveBytes?: number;
1445
1491
  }
1446
1492
  /**
1447
1493
  * Construct a sync engine bound to a workspace + agent API client.
@@ -1452,7 +1498,8 @@ interface SyncEngineOptions {
1452
1498
  declare function createSyncEngine({
1453
1499
  workspacePath,
1454
1500
  client,
1455
- runtime
1501
+ runtime,
1502
+ maxPreserveBytes
1456
1503
  }: SyncEngineOptions): {
1457
1504
  workspacePath: string;
1458
1505
  client: AgentApiClient;
@@ -1501,10 +1548,24 @@ declare function createSyncEngine({
1501
1548
  * manifest has no entry for it). fullSync pushes before it pulls, so it
1502
1549
  * would still clobber the cloud edit before restoring it locally.
1503
1550
  *
1504
- * Conflict direction: for a rebuild the CLOUD copy is authoritative for
1505
- * anything it holds. We do not write `.conflict-<ts>` markers here — a
1506
- * fresh setup seed losing to the agent's own prior edit is the intended
1507
- * outcome, not a conflict.
1551
+ * Conflict direction: the CLOUD copy is authoritative for anything it
1552
+ * holds, but diverged UNSYNCED local content is never silently
1553
+ * destroyed it is preserved next to the restored file as a
1554
+ * `.conflict-<ts>` sidecar and indexed in a `RECOVERY-<ts>.md` report
1555
+ * the agent is nudged (via HEARTBEAT.md, openclaw only) to reconcile.
1556
+ * Known noise: on a fresh-disk rebuild the setup-seeded persona
1557
+ * templates diverge from the edited cloud copies, so each gets a small
1558
+ * sidecar of the pristine template — bounded, listed in the report, and
1559
+ * cleaned up by the agent. The plugin can't tell a seed from an edit
1560
+ * without the template registry, and guessing (e.g. mtime windows)
1561
+ * would reintroduce exactly the silent-loss hole this closes.
1562
+ *
1563
+ * Per-path classification (see classifyRestorePaths): files whose local
1564
+ * manifest entry matches the cloud hash but whose disk content moved on
1565
+ * (`localAhead` — edited while the plugin was down) are PUSHED, not
1566
+ * restored; files deleted locally while the plugin was down
1567
+ * (`offlineDelete`) are not resurrected; files already matching the
1568
+ * cloud are healed into the manifest without a download.
1508
1569
  */
1509
1570
  firstRunReconcile(options?: {
1510
1571
  quiet?: boolean;
@@ -1577,6 +1638,13 @@ interface UploadResult {
1577
1638
  size?: number;
1578
1639
  error?: string;
1579
1640
  }
1641
+ /**
1642
+ * Prefixes stored as GLACIER_IR on the sync bucket. Shared with the recovery
1643
+ * classifier in sync-engine.ts, which must never cut conflict sidecars for
1644
+ * archive objects (their presigned GETs fail until restored, so hashing/
1645
+ * preserving them is wasted work on a pull that can't succeed anyway).
1646
+ */
1647
+
1580
1648
  /**
1581
1649
  * Upload many files, batched by `concurrency`.
1582
1650
  */