@anthropic-ai/claude-agent-sdk 0.2.109 → 0.2.110

package/bridge.d.ts

@@ -182,13 +182,15 @@ export type RemoteCredentials = {
 };
 /**
  * Terminal authz failure from `POST /bridge` — retrying with the same inputs
- * is guaranteed to fail. Returned for 403 `error.resource: "untrusted_device"`
- * when `X-Trusted-Device-Token` is missing or revoked.
+ * is guaranteed to fail. Returned for 403 with `error.resource` set to
+ * `"untrusted_device"` (token missing/revoked — enroll) or
+ * `"session_stale_relogin"` (OAuth session older than the freshness window —
+ * re-authenticate).
  * @alpha
  */
 export type CredentialsFailure = {
     terminal: true;
-    reason: 'untrusted_device';
+    reason: 'untrusted_device' | 'session_stale_relogin';
 };
 /**
  * Type guard for `fetchRemoteCredentials` results.
@@ -216,10 +218,10 @@ export declare function createCodeSession(baseUrl: string, accessToken: string,
 /**
  * `POST /v1/code/sessions/{id}/bridge` — mint a worker JWT for the session.
  * Returns credentials, a `CredentialsFailure` for terminal authz failures
- * (don't retry — re-enroll the device), or null on transient failure.
- * The call IS the worker register (bumps epoch server-side), so pass
- * `epoch: creds.worker_epoch` to `attachBridgeSession` to skip a redundant
- * register.
+ * (don't retry — see `CredentialsFailure.reason` for remediation), or null
+ * on transient failure. The call IS the worker register (bumps epoch
+ * server-side), so pass `epoch: creds.worker_epoch` to `attachBridgeSession`
+ * to skip a redundant register.
  *
  * `trustedDeviceToken` sets the `X-Trusted-Device-Token` header. Required
  * when the server's `sessions_elevated_auth_enforcement` flag is on