@audiodn/agent-kit 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (59) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +74 -0
  3. package/assets/content/instructions.md +48 -0
  4. package/assets/content/partials/auth.md +17 -0
  5. package/assets/content/partials/compatibility.md +10 -0
  6. package/assets/content/partials/playback.md +14 -0
  7. package/assets/content/partials/processing.md +17 -0
  8. package/assets/content/partials/security.md +14 -0
  9. package/assets/content/partials/upload.md +17 -0
  10. package/assets/content/partials/webhooks.md +13 -0
  11. package/assets/skill/SKILL.md +52 -0
  12. package/assets/skill/references/authentication.md +27 -0
  13. package/assets/skill/references/playback.md +29 -0
  14. package/assets/skill/references/processing.md +23 -0
  15. package/assets/skill/references/security.md +30 -0
  16. package/assets/skill/references/upload-flow.md +29 -0
  17. package/assets/skill/references/webhooks.md +19 -0
  18. package/assets/skill/scripts/known-endpoints.json +28 -0
  19. package/assets/skill/scripts/validate.mjs +287 -0
  20. package/assets/skill/templates/cloudflare-worker.md +39 -0
  21. package/assets/skill/templates/nextjs.md +47 -0
  22. package/assets/skill/templates/node-server.md +44 -0
  23. package/assets/skill/templates/vue-nuxt.md +49 -0
  24. package/assets/snapshots/llms-full.txt +347 -0
  25. package/assets/snapshots/openapi.json +1416 -0
  26. package/assets/snapshots/sources.json +19 -0
  27. package/dist/cli.d.ts +2 -0
  28. package/dist/cli.js +101 -0
  29. package/dist/commands/init.d.ts +8 -0
  30. package/dist/commands/init.js +35 -0
  31. package/dist/commands/list.d.ts +1 -0
  32. package/dist/commands/list.js +28 -0
  33. package/dist/commands/uninstall.d.ts +6 -0
  34. package/dist/commands/uninstall.js +20 -0
  35. package/dist/commands/validate.d.ts +5 -0
  36. package/dist/commands/validate.js +18 -0
  37. package/dist/core/formats.d.ts +23 -0
  38. package/dist/core/formats.js +43 -0
  39. package/dist/core/fsutil.d.ts +5 -0
  40. package/dist/core/fsutil.js +34 -0
  41. package/dist/core/install.d.ts +16 -0
  42. package/dist/core/install.js +76 -0
  43. package/dist/core/markers.d.ts +5 -0
  44. package/dist/core/markers.js +13 -0
  45. package/dist/core/merge.d.ts +21 -0
  46. package/dist/core/merge.js +38 -0
  47. package/dist/core/prompt.d.ts +2 -0
  48. package/dist/core/prompt.js +23 -0
  49. package/dist/core/render.d.ts +5 -0
  50. package/dist/core/render.js +21 -0
  51. package/dist/core/report.d.ts +10 -0
  52. package/dist/core/report.js +35 -0
  53. package/dist/core/skill.d.ts +13 -0
  54. package/dist/core/skill.js +117 -0
  55. package/dist/paths.d.ts +5 -0
  56. package/dist/paths.js +10 -0
  57. package/dist/version.d.ts +1 -0
  58. package/dist/version.js +12 -0
  59. package/package.json +61 -0
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) AudioDN
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/README.md ADDED
@@ -0,0 +1,74 @@
1
+ # @audiodn/agent-kit
2
+
3
+ Install AudioDN-specific guidance for AI coding agents into any repository, and
4
+ validate AudioDN integrations for common mistakes.
5
+
6
+ ```bash
7
+ npx @audiodn/agent-kit init
8
+ ```
9
+
10
+ ## What it installs
11
+
12
+ `init` writes guidance in the formats you select. All installs are **merge-safe**
13
+ (they never clobber your own content) and **idempotent** (re-running reports
14
+ `unchanged`):
15
+
16
+ - `AGENTS.md`
17
+ - `CLAUDE.md`
18
+ - `.github/copilot-instructions.md`
19
+ - `.cursor/rules/audiodn.mdc`
20
+ - `.agents/skills/audiodn/` — a portable Skill (references, framework templates, and a validator)
21
+
22
+ Kit-owned content lives inside a managed block:
23
+
24
+ ```
25
+ <!-- AUDIODN:BEGIN v0.1.0 (managed by @audiodn/agent-kit — do not edit inside) -->
26
+ ...
27
+ <!-- AUDIODN:END -->
28
+ ```
29
+
30
+ Anything outside that block is yours and is preserved.
31
+
32
+ ## Commands
33
+
34
+ ```bash
35
+ npx @audiodn/agent-kit init # interactive
36
+ npx @audiodn/agent-kit init --yes # non-interactive (all formats)
37
+ npx @audiodn/agent-kit init --formats agents,cursor,skill
38
+ npx @audiodn/agent-kit init --dry-run # preview, no writes
39
+ npx @audiodn/agent-kit init --force # overwrite unmanaged conflicts
40
+
41
+ npx @audiodn/agent-kit validate [path] # scan a project for AudioDN mistakes
42
+ npx @audiodn/agent-kit validate . --json
43
+
44
+ npx @audiodn/agent-kit uninstall # remove managed blocks / kit files only
45
+ npx @audiodn/agent-kit list # show formats + bundled doc versions
46
+ ```
47
+
48
+ ## What the validator catches
49
+
50
+ Server API key exposed to client code, invented endpoints, a missing per-track
51
+ upload request, treating an upload URL as permanent, playback before processing
52
+ is ready, hardcoded secrets, incorrect API origin, and obsolete documentation
53
+ URLs. See [`assets/skill/references/security.md`](assets/skill/references/security.md).
54
+
55
+ ## Canonical sources
56
+
57
+ Guidance and the bundled OpenAPI snapshot derive from the public AudioDN docs
58
+ (`https://audiodeliverynetwork.com/openapi.json`, `/llms-full.txt`). The snapshot
59
+ is refreshed by `npm run sync` and pinned in
60
+ [`assets/snapshots/sources.json`](assets/snapshots/sources.json). This repository
61
+ never depends on the AudioDN monorepo; it only reads the public site.
62
+
63
+ ## Development
64
+
65
+ ```bash
66
+ npm install
67
+ npm run build # tsc -> dist
68
+ npm test # vitest
69
+ npm run smoke # build + init into a temp dir + validate
70
+ ```
71
+
72
+ ## License
73
+
74
+ MIT
@@ -0,0 +1,48 @@
1
+ # AudioDN integration guide for coding agents
2
+
3
+ This project uses (or integrates with) **AudioDN** (Audio Delivery Network).
4
+ AudioDN handles audio **upload, processing, normalization, variants, previews,
5
+ waveforms, secure delivery, and playback**. Follow this guidance whenever you
6
+ write or review code that touches AudioDN.
7
+
8
+ ## Golden rules
9
+
10
+ 1. **Never put server API credentials in browser or mobile code.** API Access
11
+ keys (Bearer tokens) belong only on a server you control. Client-side keys
12
+ may be used **only** where AudioDN specifically supports them (e.g. a
13
+ Client-Side Player/Uploader key for components).
14
+ 2. **Never invent endpoints, fields, or parameters.** Verify every operation
15
+ against the canonical OpenAPI document:
16
+ `https://audiodeliverynetwork.com/openapi.json`.
17
+ 3. **Creating an upload session is not the whole upload flow.** Each track needs
18
+ a **separate** request that returns that track's own upload URL.
19
+ 4. **Playback must account for processing readiness.** A freshly uploaded track
20
+ is not immediately playable.
21
+ 5. **Preserve existing API compatibility.** Do not change request/response
22
+ shapes, rename endpoints, or drop backward-compatible behavior.
23
+ 6. **Use the correct hosts.** API base is `https://api.audiodelivery.net/v1/`.
24
+ The marketing/docs host `audiodeliverynetwork.com` must never be used as the
25
+ API origin for `/v1/` requests.
26
+
27
+ {{PARTIALS}}
28
+
29
+ ## Canonical references
30
+
31
+ - OpenAPI 3.1 spec: https://audiodeliverynetwork.com/openapi.json
32
+ - LLM-readable overview: https://audiodeliverynetwork.com/llms-full.txt
33
+ - Docs: https://audiodeliverynetwork.com/docs
34
+ - AI-agent guide: https://audiodeliverynetwork.com/for-ai-agents
35
+
36
+ ## Validate your work
37
+
38
+ If this repo has the AudioDN Skill installed, run its validator before finishing:
39
+
40
+ ```bash
41
+ node .agents/skills/audiodn/scripts/validate.mjs .
42
+ ```
43
+
44
+ Or, with the kit:
45
+
46
+ ```bash
47
+ npx @audiodn/agent-kit validate .
48
+ ```
@@ -0,0 +1,17 @@
1
+ ## Authentication
2
+
3
+ AudioDN uses three credential types:
4
+
5
+ - **API Access key** (`Bearer` token): full server-side access. Server-only.
6
+ Used to create upload sessions, read track status, and create play sessions.
7
+ - **Client-Side keys** (Player / Uploader): scoped keys safe to ship in a
8
+ browser or app for the web components only.
9
+ - **Session IDs as capability tokens**: some endpoints are authorized by a
10
+ session ID instead of a Bearer token and take **no** Authorization header:
11
+ - `GET /v1/upload_session/{id}`
12
+ - `POST /v1/upload/{upload_session_id}/track`
13
+ - `GET /v1/play/{play_session_id}/{play_track_id}`
14
+ - `GET /v1/play/{play_session_id}/{play_track_id}/{variant_index}/download`
15
+
16
+ Rule: server code holds the Bearer key; the client only ever receives a session
17
+ ID or a finished signed URL. See `references/authentication.md` in the Skill.
@@ -0,0 +1,10 @@
1
+ ## API compatibility
2
+
3
+ AudioDN's public API is stable. When integrating or refactoring:
4
+
5
+ - Do not rename endpoints, change path styles, or alter request/response shapes.
6
+ - API paths use underscores (`/v1/upload_session`, `/v1/play_session`). HTML
7
+ component attributes use hyphens (`upload-session-id`).
8
+ - Prefer additive changes; keep backward-compatible behavior intact.
9
+ - If something seems missing, re-check the OpenAPI spec before assuming it does
10
+ not exist — do not invent a replacement endpoint.
@@ -0,0 +1,14 @@
1
+ ## Playback and delivery
2
+
3
+ Two supported ways to deliver audio, both gated by readiness:
4
+
5
+ - **Play sessions**: `POST /v1/play_session/{scope}` (server, Bearer) returns
6
+ signed variant URLs in `first_track.variants[].url` plus waveform `levels`.
7
+ Fetch more tracks with `GET /v1/play/{play_session_id}/{play_track_id}` (no
8
+ Bearer). Best for per-listener authorization and short expiry.
9
+ - **Signed delivery**: sign a delivery URL on your server with a URL Signing key
10
+ (HMAC-SHA256; the `verify` query param must be appended **last**). Skips play
11
+ sessions for public/entitled tracks. The signing secret is server-only.
12
+
13
+ For components, pass a Client-Side Player key or a server-provisioned play
14
+ session ID to `<audiodn-player>`. See `references/playback.md` in the Skill.
@@ -0,0 +1,17 @@
1
+ ## Processing and readiness
2
+
3
+ After the bytes are uploaded, AudioDN processes the track: probing, waveform
4
+ generation, variant transcodes/previews, optional fallback processing, and cover
5
+ extraction. This takes time, so a track is not playable the instant it uploads.
6
+
7
+ Determine readiness in one of two ways:
8
+
9
+ - **Poll**: `GET /v1/track/{track_id}` (server, Bearer) until
10
+ `track.track_status_id === 'ready'` (or a terminal state like `incomplete`,
11
+ `error`, `init_error`).
12
+ - **Webhook** (preferred in production): react to the Track Processing webhook,
13
+ which fires on terminal outcomes / when the file set is complete — not on every
14
+ transitional status.
15
+
16
+ Never build a playback experience that assumes a just-uploaded track is ready.
17
+ See `references/processing.md` in the Skill.
@@ -0,0 +1,14 @@
1
+ ## Security
2
+
3
+ - **Server key isolation**: API Access keys (Bearer) live only in server code and
4
+ server-side environment variables. They must never appear in browser bundles,
5
+ mobile apps, `public/` assets, client components, or committed files.
6
+ - **No hardcoded secrets**: read keys and signing secrets from environment
7
+ variables. Never inline a literal `adn_...` key, `Bearer` token, or signing
8
+ secret in source.
9
+ - **Signing secret stays server/edge-side**: URL Signing is done on your server or
10
+ in an edge worker; the secret is never sent to the client.
11
+ - **Least privilege on the client**: use resource-scoped Client-Side keys and
12
+ short-lived, per-listener play sessions.
13
+
14
+ See `references/security.md` in the Skill.
@@ -0,0 +1,17 @@
1
+ ## Upload flow (do not skip steps)
2
+
3
+ The upload lifecycle is multi-step. Creating a session alone uploads nothing.
4
+
5
+ 1. **Create an upload session** (server, Bearer):
6
+ `POST /v1/upload_session` -> returns `upload_session_id`. A session can hold
7
+ many tracks and does **not** return an upload URL by itself.
8
+ 2. **Create a track in the session** (no Bearer — the session ID authorizes it):
9
+ `POST /v1/upload/{upload_session_id}/track` -> returns `track_id` and a
10
+ per-track upload target in `track_upload.upload_url` (with `track_upload.method`).
11
+ Do this **once per file**.
12
+ 3. **Upload the bytes**: `PUT` the file to `track_upload.upload_url`.
13
+ 4. **Wait for readiness** before playback (see Processing).
14
+
15
+ The per-track upload URL is **short-lived and single-purpose**. Never store it
16
+ in a database, cache it, or treat it as a permanent link — mint a fresh track if
17
+ it expires. See `references/upload-flow.md` in the Skill.
@@ -0,0 +1,13 @@
1
+ ## Webhooks
2
+
3
+ Configure webhooks in the dashboard to react to processing without polling:
4
+
5
+ - **Track Processing** (`webhook_url`): fires when a track reaches a terminal
6
+ status (`ready`, `incomplete`, `error`, `init_error`) or when its full file set
7
+ is complete (`files_completed_at`) — not on transitional statuses.
8
+ - **Track File** (`webhook_url_file`): fires once per track file with a status of
9
+ `success`/`failed`.
10
+ - **Collection Sync**: collection create/update/delete events.
11
+
12
+ Verify webhook authenticity and make handlers idempotent (deliveries can retry).
13
+ See `references/webhooks.md` in the Skill.
@@ -0,0 +1,52 @@
1
+ ---
2
+ name: audiodn
3
+ description: Use when integrating AudioDN (Audio Delivery Network) — audio upload, processing, variants/previews, waveforms, secure delivery, and playback. Covers auth boundaries, the multi-step upload flow, processing readiness, playback, webhooks, and security, plus a validator for common mistakes.
4
+ ---
5
+
6
+ # AudioDN integration skill
7
+
8
+ Use this skill whenever you write or review code that uploads, processes,
9
+ delivers, or plays audio through AudioDN. Read the relevant reference before
10
+ implementing, and run the validator before you finish.
11
+
12
+ ## Non-negotiable rules
13
+
14
+ 1. Server API credentials (Bearer / API Access keys) never appear in browser or
15
+ mobile code. Client-side keys only where AudioDN supports them.
16
+ 2. Never invent endpoints, fields, or params. Verify against the canonical
17
+ OpenAPI: https://audiodeliverynetwork.com/openapi.json
18
+ 3. Creating an upload session is not the whole upload. Each track needs a
19
+ separate request that returns its own `track_upload.upload_url`.
20
+ 4. Playback must wait for processing readiness.
21
+ 5. Preserve existing API compatibility (paths use underscores; no shape changes).
22
+ 6. API host is `https://api.audiodelivery.net/v1/`; never use the marketing host
23
+ `audiodeliverynetwork.com` for `/v1/` calls.
24
+
25
+ ## References (read as needed)
26
+
27
+ - `references/authentication.md` — key types and which endpoints are session-gated.
28
+ - `references/upload-flow.md` — session -> per-track -> PUT -> readiness.
29
+ - `references/processing.md` — statuses and readiness detection.
30
+ - `references/playback.md` — play sessions and signed delivery.
31
+ - `references/webhooks.md` — track/file/collection webhooks.
32
+ - `references/security.md` — secret handling and the validator's rules.
33
+
34
+ ## Framework templates
35
+
36
+ Copy-adapt the correct server/client boundary for your stack:
37
+
38
+ - `templates/nextjs.md`
39
+ - `templates/vue-nuxt.md`
40
+ - `templates/cloudflare-worker.md`
41
+ - `templates/node-server.md`
42
+
43
+ ## Validate before finishing
44
+
45
+ ```bash
46
+ node .agents/skills/audiodn/scripts/validate.mjs .
47
+ ```
48
+
49
+ Fix every error (exit code is non-zero while errors remain) and review warnings.
50
+ The validator checks: server key in client code, invented endpoints, missing
51
+ per-track request, permanent upload URL, playback before ready, hardcoded
52
+ secrets, incorrect API origin, and obsolete documentation URLs.
@@ -0,0 +1,27 @@
1
+ # Authentication reference
2
+
3
+ ## Credential types
4
+
5
+ - **API Access key** — `Authorization: Bearer <key>`. Full server-side access.
6
+ Server-only. Used to create upload sessions, read track status, create play
7
+ sessions, and manage resources.
8
+ - **Client-Side keys** (Player / Uploader) — scoped keys safe to ship to a
9
+ browser/app, but ONLY for the AudioDN web components.
10
+ - **Session IDs as capability tokens** — some endpoints are authorized purely by
11
+ a session ID in the path and take NO `Authorization` header.
12
+
13
+ ## Session-gated endpoints (no Bearer)
14
+
15
+ - `GET /v1/upload_session/{upload_session_id}`
16
+ - `POST /v1/upload/{upload_session_id}/track`
17
+ - `GET /v1/play/{play_session_id}/{play_track_id}`
18
+ - `GET /v1/play/{play_session_id}/{play_track_id}/{variant_index}/download`
19
+
20
+ ## Rules
21
+
22
+ - The browser holds only a Client-Side key or a session ID/signed URL provisioned
23
+ by your server.
24
+ - Read keys from environment variables; never hardcode them.
25
+ - Errors use `{ ok: false, message, api_request_id }` with 400/401/404/500.
26
+
27
+ Canonical: https://audiodeliverynetwork.com/docs/api and `/openapi.json`.
@@ -0,0 +1,29 @@
1
+ # Playback reference
2
+
3
+ Two supported delivery paths, both gated by readiness.
4
+
5
+ ## Play sessions (per-listener)
6
+
7
+ `POST /v1/play_session/{scope}` (server, Bearer), scope `track` or `collection`:
8
+
9
+ - Body: `{ track_id | collection_id, variants?, expires_in?, is_downloadable? }`.
10
+ - Returns signed variant URLs in `first_track.variants[].url` and waveform data
11
+ in `first_track.levels`.
12
+ - Fetch more tracks: `GET /v1/play/{play_session_id}/{play_track_id}` (no Bearer).
13
+ - Downloads: `GET /v1/play/{play_session_id}/{play_track_id}/{variant_index}/download`
14
+ (only if the session is downloadable).
15
+
16
+ ## Signed delivery (public/entitled, no session)
17
+
18
+ Sign a delivery URL on your server with a URL Signing key (HMAC-SHA256). The
19
+ `verify` query parameter must be appended LAST. The signing secret is
20
+ server/edge-only. Skips play sessions for public tracks.
21
+
22
+ ## Components
23
+
24
+ Pass a Client-Side Player key or a server-provisioned play session ID to
25
+ `<audiodn-player>`. Do not embed a server key.
26
+
27
+ Canonical: https://audiodeliverynetwork.com/docs/api/play-sessions and
28
+ `/docs/integration/signed-delivery`.
29
+ OpenAPI operationIds: `createPlaySession`, `getPlayTrack`, `downloadPlayTrackVariant`.
@@ -0,0 +1,23 @@
1
+ # Processing reference
2
+
3
+ After the bytes upload, AudioDN processes the track (probe, waveform, variants,
4
+ optional fallback processing, cover extraction). A track is not immediately
5
+ playable.
6
+
7
+ ## Detect readiness
8
+
9
+ - **Poll** (server, Bearer): `GET /v1/track/{track_id}` until
10
+ `track.track_status_id === 'ready'`. Terminal states also include
11
+ `incomplete` (some variants failed but at least one plays), `error`,
12
+ `init_error`.
13
+ - **Webhook** (preferred): the Track Processing webhook fires on terminal
14
+ outcomes / when the file set is complete (`files_completed_at`), not on every
15
+ transitional status.
16
+
17
+ ## Statuses you may observe
18
+
19
+ `processing`, `fallback_processing` (retry on higher-capacity worker), then a
20
+ terminal state. Do not assume a just-uploaded track is `ready`.
21
+
22
+ Canonical: https://audiodeliverynetwork.com/docs and `/docs/webhooks/track-processing`.
23
+ OpenAPI operationId: `getTrack`.
@@ -0,0 +1,30 @@
1
+ # Security reference
2
+
3
+ ## Principles
4
+
5
+ - **Server key isolation**: API Access keys (Bearer) live only in server code and
6
+ server-side env vars. Never in browser bundles, mobile apps, `public/` assets,
7
+ client components, or committed files.
8
+ - **No hardcoded secrets**: read keys and signing secrets from environment
9
+ variables. Never inline an `adn_...` key, `Bearer` token, or signing secret.
10
+ - **Signing secret stays server/edge-side**: URL signing happens on your server
11
+ or an edge worker; the secret is never sent to the client.
12
+ - **Least privilege on the client**: resource-scoped Client-Side keys and
13
+ short-lived, per-listener play sessions.
14
+
15
+ ## What the validator enforces
16
+
17
+ The bundled `scripts/validate.mjs` flags:
18
+
19
+ - `server-key-in-client` (error) — server credential referenced in client code.
20
+ - `invented-endpoint` (error) — `/v1/...` path not in the OpenAPI.
21
+ - `missing-per-track-request` (warn) — session created, no per-track upload URL.
22
+ - `upload-url-treated-permanent` (warn) — `upload_url` persisted/cached.
23
+ - `playback-before-ready` (warn) — playback with no readiness gate.
24
+ - `hardcoded-secret` (error) — literal key/secret in source.
25
+ - `incorrect-api-origin` (error) — wrong host for `/v1/` (e.g. marketing host).
26
+ - `obsolete-doc-url` (warn) — deprecated paths/params (`/v1/upload-session`,
27
+ `ttl_seconds`, `session.url`, docs-on-API-host, etc.).
28
+
29
+ Configure exceptions in `.audiodn-validate.json` (`{ "ignore": [], "ignoreFiles": [] }`)
30
+ or add `audiodn-validate-ignore` on a specific line.
@@ -0,0 +1,29 @@
1
+ # Upload-flow reference
2
+
3
+ The upload lifecycle is multi-step. A session alone uploads nothing.
4
+
5
+ ## Steps
6
+
7
+ 1. **Create upload session** (server, Bearer)
8
+ `POST /v1/upload_session` with optional `{ collection_id }`.
9
+ Returns `upload_session_id`. Holds many tracks; returns no upload URL.
10
+
11
+ 2. **Create a track in the session** (no Bearer)
12
+ `POST /v1/upload/{upload_session_id}/track` with `{ file_name }`.
13
+ Returns `track_id` and `track_upload` = `{ method, upload_url }`.
14
+ Do this once per file.
15
+
16
+ 3. **Upload the bytes**
17
+ `PUT` the file to `track_upload.upload_url` using `track_upload.method`.
18
+ Processing begins automatically once the PUT completes.
19
+
20
+ 4. **Wait for readiness** (see processing.md) before playback.
21
+
22
+ ## Critical
23
+
24
+ - The per-track `upload_url` is short-lived and single-use. Never store it in a
25
+ DB, cache, or config; if it expires, create a fresh track and retry.
26
+ - The session-create step does NOT return `upload_url` — do not expect one.
27
+
28
+ Canonical: https://audiodeliverynetwork.com/docs/api/upload-sessions
29
+ OpenAPI operationIds: `createUploadSession`, `createUploadSessionTrack`.
@@ -0,0 +1,19 @@
1
+ # Webhook reference
2
+
3
+ Configure webhooks in the dashboard to react to processing without polling.
4
+
5
+ - **Track Processing** (`webhook_url`): fires when a track reaches a terminal
6
+ status (`ready`, `incomplete`, `error`, `init_error`) or when its file set is
7
+ complete (`files_completed_at`) — not on transitional statuses.
8
+ - **Track File** (`webhook_url_file`): fires once per track file with a status of
9
+ `success`/`failed` (`track_file.created` / `track_file.failed`).
10
+ - **Collection Sync**: collection create/update/delete events.
11
+
12
+ ## Handler rules
13
+
14
+ - Make handlers idempotent — deliveries can retry.
15
+ - Verify authenticity before trusting the payload.
16
+ - Use the terminal event to advance your own workflow (mark ready, notify user).
17
+
18
+ Canonical: https://audiodeliverynetwork.com/docs/webhooks/track-processing,
19
+ `/docs/webhooks/track-files`, `/docs/webhooks/collection-sync`.
@@ -0,0 +1,28 @@
1
+ {
2
+ "note": "Canonical AudioDN v1 path templates. Regenerated from the public OpenAPI by scripts/sync-canonical.mjs. Used by validate.mjs to detect invented endpoints.",
3
+ "openapiVersion": "1.0.0",
4
+ "apiBase": "https://api.audiodelivery.net/v1",
5
+ "paths": [
6
+ "/v1/api_key",
7
+ "/v1/collection",
8
+ "/v1/collection/{collection_id}",
9
+ "/v1/collection/{collection_id}/cover",
10
+ "/v1/collection/{collection_id}/track",
11
+ "/v1/creator",
12
+ "/v1/creator/{creator_id}",
13
+ "/v1/organization/{organization_id}",
14
+ "/v1/play/{play_session_id}/{play_track_id}",
15
+ "/v1/play/{play_session_id}/{play_track_id}/{variant_index}/download",
16
+ "/v1/play_session/{play_session_id}",
17
+ "/v1/play_session/{scope}",
18
+ "/v1/track",
19
+ "/v1/track/{track_id}",
20
+ "/v1/track/{track_id}/cover",
21
+ "/v1/track/{track_id}/variant",
22
+ "/v1/upload/{upload_session_id}/track",
23
+ "/v1/upload_session",
24
+ "/v1/upload_session/{upload_session_id}",
25
+ "/v1/variant",
26
+ "/v1/variant/{variant_id}"
27
+ ]
28
+ }