@blaxel/core 0.2.87-preview.169 → 0.2.87-preview.171

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/dist/cjs/.tsbuildinfo +1 -1
  2. package/dist/cjs/authentication/credentials.js +11 -1
  3. package/dist/cjs/authentication/index.js +3 -1
  4. package/dist/cjs/common/credentials.test.js +71 -0
  5. package/dist/cjs/common/errors.js +15 -0
  6. package/dist/cjs/common/h2fetch.js +55 -52
  7. package/dist/cjs/common/settings.js +40 -2
  8. package/dist/cjs/common/settings.test.js +10 -1
  9. package/dist/cjs/types/authentication/credentials.d.ts +9 -0
  10. package/dist/cjs/types/common/credentials.test.d.ts +1 -0
  11. package/dist/cjs/types/common/errors.d.ts +10 -0
  12. package/dist/cjs/types/common/h2fetch.d.ts +9 -4
  13. package/dist/cjs/types/common/settings.d.ts +9 -0
  14. package/dist/cjs-browser/.tsbuildinfo +1 -1
  15. package/dist/cjs-browser/authentication/credentials.js +11 -1
  16. package/dist/cjs-browser/authentication/index.js +3 -1
  17. package/dist/cjs-browser/common/credentials.test.js +71 -0
  18. package/dist/cjs-browser/common/errors.js +15 -0
  19. package/dist/cjs-browser/common/settings.js +40 -2
  20. package/dist/cjs-browser/common/settings.test.js +10 -1
  21. package/dist/cjs-browser/types/authentication/credentials.d.ts +9 -0
  22. package/dist/cjs-browser/types/common/credentials.test.d.ts +1 -0
  23. package/dist/cjs-browser/types/common/errors.d.ts +10 -0
  24. package/dist/cjs-browser/types/common/h2fetch.d.ts +9 -4
  25. package/dist/cjs-browser/types/common/settings.d.ts +9 -0
  26. package/dist/esm/.tsbuildinfo +1 -1
  27. package/dist/esm/authentication/credentials.js +9 -0
  28. package/dist/esm/authentication/index.js +4 -2
  29. package/dist/esm/common/credentials.test.js +69 -0
  30. package/dist/esm/common/errors.js +13 -0
  31. package/dist/esm/common/h2fetch.js +55 -52
  32. package/dist/esm/common/settings.js +40 -2
  33. package/dist/esm/common/settings.test.js +10 -1
  34. package/dist/esm-browser/.tsbuildinfo +1 -1
  35. package/dist/esm-browser/authentication/credentials.js +9 -0
  36. package/dist/esm-browser/authentication/index.js +4 -2
  37. package/dist/esm-browser/common/credentials.test.js +69 -0
  38. package/dist/esm-browser/common/errors.js +13 -0
  39. package/dist/esm-browser/common/settings.js +40 -2
  40. package/dist/esm-browser/common/settings.test.js +10 -1
  41. package/package.json +1 -1
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.Credentials = void 0;
3
+ exports.MissingCredentials = exports.Credentials = void 0;
4
4
  const env_js_1 = require("../common/env.js");
5
5
  class Credentials {
6
6
  async authenticate() { }
@@ -15,3 +15,13 @@ class Credentials {
15
15
  }
16
16
  }
17
17
  exports.Credentials = Credentials;
18
+ /**
19
+ * Marker returned by `authentication()` when no usable Blaxel credentials were
20
+ * resolved (no env vars, no matching config workspace). Construction is
21
+ * side-effect free so importing `@blaxel/core` never fails; the actionable
22
+ * error is raised when an authenticated request is actually attempted
23
+ * (see `Settings.assertCredentials`).
24
+ */
25
+ class MissingCredentials extends Credentials {
26
+ }
27
+ exports.MissingCredentials = MissingCredentials;
@@ -51,7 +51,9 @@ function getCredentials() {
51
51
  function authentication() {
52
52
  const credentials = getCredentials();
53
53
  if (!credentials) {
54
- return new credentials_js_1.Credentials();
54
+ // Never silently fall back to empty headers: a marker that triggers a
55
+ // clear CredentialsError when an authenticated request is attempted.
56
+ return new credentials_js_1.MissingCredentials();
55
57
  }
56
58
  if (credentials.apiKey) {
57
59
  return new apikey_js_1.ApiKey(credentials);
@@ -0,0 +1,71 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ const vitest_1 = require("vitest");
4
+ const apikey_js_1 = require("../authentication/apikey.js");
5
+ const credentials_js_1 = require("../authentication/credentials.js");
6
+ const index_js_1 = require("../authentication/index.js");
7
+ const errors_js_1 = require("./errors.js");
8
+ const settings_js_1 = require("./settings.js");
9
+ /**
10
+ * ENG-2698: missing / partial BL_WORKSPACE / BL_API_KEY must fail fast with a
11
+ * clear, actionable error instead of silently sending empty headers and
12
+ * surfacing the server's misleading "workspace is required".
13
+ *
14
+ * `env` reads through to `process.env`, so env state is controlled there.
15
+ */
16
+ (0, vitest_1.describe)('credential validation', () => {
17
+ const AUTH_ENV = ['BL_API_KEY', 'BL_WORKSPACE', 'BL_CLIENT_CREDENTIALS'];
18
+ let savedEnv;
19
+ let savedCredentials;
20
+ let savedConfig;
21
+ (0, vitest_1.beforeEach)(() => {
22
+ savedEnv = {};
23
+ for (const key of AUTH_ENV) {
24
+ savedEnv[key] = process.env[key];
25
+ delete process.env[key];
26
+ }
27
+ savedCredentials = settings_js_1.settings.credentials;
28
+ savedConfig = settings_js_1.settings.config;
29
+ settings_js_1.settings.config = { proxy: '', apikey: '', workspace: '' };
30
+ });
31
+ (0, vitest_1.afterEach)(() => {
32
+ for (const key of AUTH_ENV) {
33
+ if (savedEnv[key] === undefined)
34
+ delete process.env[key];
35
+ else
36
+ process.env[key] = savedEnv[key];
37
+ }
38
+ settings_js_1.settings.credentials = savedCredentials;
39
+ settings_js_1.settings.config = savedConfig;
40
+ });
41
+ (0, vitest_1.it)('API key without workspace throws a clear BL_WORKSPACE error from headers', () => {
42
+ settings_js_1.settings.credentials = new apikey_js_1.ApiKey({ apiKey: 'test-key' });
43
+ (0, vitest_1.expect)(() => settings_js_1.settings.headers).toThrow(errors_js_1.CredentialsError);
44
+ (0, vitest_1.expect)(() => settings_js_1.settings.headers).toThrow(/BL_WORKSPACE/);
45
+ });
46
+ (0, vitest_1.it)('API key without workspace rejects from authenticate()', async () => {
47
+ settings_js_1.settings.credentials = new apikey_js_1.ApiKey({ apiKey: 'test-key' });
48
+ await (0, vitest_1.expect)(settings_js_1.settings.authenticate()).rejects.toThrow(/BL_WORKSPACE/);
49
+ });
50
+ (0, vitest_1.it)('workspace set but no API key names the missing API key', () => {
51
+ process.env.BL_WORKSPACE = 'my-workspace';
52
+ settings_js_1.settings.credentials = new credentials_js_1.MissingCredentials();
53
+ (0, vitest_1.expect)(() => settings_js_1.settings.headers).toThrow(/API key is missing/);
54
+ });
55
+ (0, vitest_1.it)('no credentials at all names both env vars', () => {
56
+ settings_js_1.settings.credentials = new credentials_js_1.MissingCredentials();
57
+ (0, vitest_1.expect)(() => settings_js_1.settings.headers).toThrow(errors_js_1.CredentialsError);
58
+ (0, vitest_1.expect)(() => settings_js_1.settings.headers).toThrow(/BL_API_KEY and BL_WORKSPACE/);
59
+ });
60
+ (0, vitest_1.it)('api key + workspace builds clean headers with no empty values', () => {
61
+ settings_js_1.settings.credentials = new apikey_js_1.ApiKey({ apiKey: 'test-key', workspace: 'my-workspace' });
62
+ const headers = settings_js_1.settings.headers;
63
+ (0, vitest_1.expect)(headers['x-blaxel-workspace']).toBe('my-workspace');
64
+ (0, vitest_1.expect)(headers['x-blaxel-authorization']).toBe('Bearer test-key');
65
+ (0, vitest_1.expect)(Object.values(headers)).not.toContain('');
66
+ });
67
+ (0, vitest_1.it)('authentication() returns a real ApiKey when BL_API_KEY is set', () => {
68
+ process.env.BL_API_KEY = 'test-key';
69
+ (0, vitest_1.expect)((0, index_js_1.authentication)()).toBeInstanceOf(apikey_js_1.ApiKey);
70
+ });
71
+ });
@@ -1,6 +1,21 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.CredentialsError = void 0;
3
4
  exports.handleDynamicImportError = handleDynamicImportError;
5
+ /**
6
+ * Thrown when Blaxel credentials are missing or incomplete.
7
+ *
8
+ * Surfaced eagerly with an actionable message (which env var / login step is
9
+ * missing) instead of silently sending empty workspace/authorization headers
10
+ * and letting the user hit a misleading server-side "workspace is required".
11
+ */
12
+ class CredentialsError extends Error {
13
+ constructor(message) {
14
+ super(message);
15
+ this.name = "CredentialsError";
16
+ }
17
+ }
18
+ exports.CredentialsError = CredentialsError;
4
19
  function handleDynamicImportError(err) {
5
20
  if (err instanceof Error) {
6
21
  // We check if it's module import error and retrieve package name from the error message with a regex
@@ -103,64 +103,44 @@ function createH2Fetch(session) {
103
103
  };
104
104
  }
105
105
  /**
106
- * Creates a fetch()-compatible function backed by the H2 session pool.
106
+ * The single HTTP/2 request gateway (ENG-2679).
107
107
  *
108
- * The pool validates idle sessions before reuse. If no usable H2 session is
109
- * available, the request falls back to regular fetch before any H2 frames
110
- * are sent.
108
+ * Every pool-backed request funnels through here, no matter which entry point
109
+ * it came from: the generated client's fetch (`createPoolBackedH2Fetch`),
110
+ * `SandboxAction.h2Fetch`, and the interpreter's direct path (both via
111
+ * `h2RequestDirectFromPool`). It owns the shared request lifecycle in one place:
112
+ * 1. take a per-domain open-stream slot,
113
+ * 2. get a live session from the pool,
114
+ * 3. send the request on it,
115
+ * 4. evict the session if the send fails after a stream was opened,
116
+ * 5. fall back to globalThis.fetch when the pool has no usable session.
117
+ *
118
+ * This is the chokepoint where reliability behavior that must protect EVERY
119
+ * consumer belongs: the open-stream concurrency limit today, and retry,
120
+ * timeouts, typed errors, and observability in later phases. Adding it once here
121
+ * (instead of re-implementing it per entry point) is what stops the recurring
122
+ * "fixed on one path, still broken on another" regressions.
123
+ *
124
+ * `send` performs the actual wire send on a live session; the caller supplies it
125
+ * so the gateway stays agnostic to the `Request` vs `(url, init)` call shapes,
126
+ * and it receives the slot-release and request-created hooks. `fallback` runs
127
+ * only when the pool has no usable session (a fresh connection, no shared
128
+ * stream is opened).
111
129
  */
112
- function createPoolBackedH2Fetch(pool, domain) {
113
- return async (input) => {
114
- // Acquire the slot here, but hand its release to the send path: it is held
115
- // for the OPEN-STREAM lifetime and freed on the stream terminal. Paths that
116
- // never open a stream on the shared session (fetch fallbacks go over a
117
- // different connection) release it immediately so they do not count against
118
- // the open-stream budget. `rel` is idempotent, so the explicit releases
119
- // below are safe even though the send path may also release.
120
- const rel = await acquireH2Slot(domain);
121
- try {
122
- const session = await pool.get(domain);
123
- if (session) {
124
- let h2RequestCreated = false;
125
- try {
126
- return await _h2Request(session, input, {
127
- onH2RequestCreated: () => {
128
- h2RequestCreated = true;
129
- },
130
- releaseSlot: rel,
131
- });
132
- }
133
- catch (err) {
134
- if (h2RequestCreated) {
135
- pool.evictSession(domain, session);
136
- }
137
- throw err;
138
- }
139
- }
140
- // No usable session: this fetch does not open a stream on the shared
141
- // session, so free the slot before falling back.
142
- rel();
143
- return await globalThis.fetch(input);
144
- }
145
- catch (err) {
146
- // Pre-send throw (e.g. pool.get() or Request body read): release the slot
147
- // so a failed request never pins it. Idempotent if already released.
148
- rel();
149
- throw err;
150
- }
151
- };
152
- }
153
- async function h2RequestDirectFromPool(pool, domain, url, init) {
154
- // See createPoolBackedH2Fetch: the slot is held for the OPEN-STREAM lifetime
155
- // and released by the send path on the stream terminal; non-stream fallbacks
156
- // release it immediately. `rel` is idempotent.
130
+ async function h2GatewayRequest(pool, domain, send, fallback) {
131
+ // Take the slot here, but hand its release to the send path: it is held for
132
+ // the OPEN-STREAM lifetime and freed on the stream terminal (ENG-2678). A
133
+ // request that never opens a stream on the shared session (the fallback goes
134
+ // over a different connection) releases it immediately so it does not count
135
+ // against the open-stream budget. `rel` is idempotent, so releasing here when
136
+ // the send path may also release is safe.
157
137
  const rel = await acquireH2Slot(domain);
158
138
  try {
159
139
  const session = await pool.get(domain);
160
140
  if (session) {
161
141
  let h2RequestCreated = false;
162
142
  try {
163
- return await h2RequestDirectInternal(session, url, init, {
143
+ return await send(session, {
164
144
  onH2RequestCreated: () => {
165
145
  h2RequestCreated = true;
166
146
  },
@@ -168,21 +148,44 @@ async function h2RequestDirectFromPool(pool, domain, url, init) {
168
148
  });
169
149
  }
170
150
  catch (err) {
151
+ // A failure AFTER a stream opened means the session is suspect: drop it
152
+ // so the next caller gets a fresh one.
171
153
  if (h2RequestCreated) {
172
154
  pool.evictSession(domain, session);
173
155
  }
174
156
  throw err;
175
157
  }
176
158
  }
177
- // No usable session: fetch over a different connection, no stream opened.
159
+ // No usable session: free the slot before falling back over a different
160
+ // connection (no stream opens on the shared session).
178
161
  rel();
179
- return await globalThis.fetch(url, init);
162
+ return await fallback();
180
163
  }
181
164
  catch (err) {
165
+ // Pre-send throw (pool.get(), Request body read, or the fallback itself):
166
+ // release the slot so a failed request never pins it. Idempotent.
182
167
  rel();
183
168
  throw err;
184
169
  }
185
170
  }
171
+ /**
172
+ * Creates a fetch()-compatible function backed by the H2 session pool, routed
173
+ * through the single gateway. Used as the generated client's `fetch`.
174
+ *
175
+ * If no usable H2 session is available, the request falls back to regular fetch
176
+ * before any H2 frames are sent.
177
+ */
178
+ function createPoolBackedH2Fetch(pool, domain) {
179
+ return (input) => h2GatewayRequest(pool, domain, (session, options) => _h2Request(session, input, options), () => globalThis.fetch(input));
180
+ }
181
+ /**
182
+ * Pool-backed H2 request taking raw url + init (skips Request allocation),
183
+ * routed through the same single gateway. Used by `SandboxAction.h2Fetch` and
184
+ * the code interpreter.
185
+ */
186
+ function h2RequestDirectFromPool(pool, domain, url, init) {
187
+ return h2GatewayRequest(pool, domain, (session, options) => h2RequestDirectInternal(session, url, init, options), () => globalThis.fetch(url, init));
188
+ }
186
189
  /**
187
190
  * Low-level H2 request that takes raw URL + init, skipping Request construction.
188
191
  * Used by SandboxAction.h2Fetch() for direct calls from subsystems.
@@ -7,12 +7,29 @@ exports.settings = void 0;
7
7
  const yaml_1 = __importDefault(require("yaml"));
8
8
  const apikey_js_1 = require("../authentication/apikey.js");
9
9
  const clientcredentials_js_1 = require("../authentication/clientcredentials.js");
10
+ const credentials_js_1 = require("../authentication/credentials.js");
10
11
  const index_js_1 = require("../authentication/index.js");
11
12
  const env_js_1 = require("../common/env.js");
13
+ const errors_js_1 = require("../common/errors.js");
12
14
  const node_js_1 = require("../common/node.js");
15
+ /**
16
+ * Build an actionable "credentials missing" message naming exactly which piece
17
+ * is absent, based on the env vars currently set.
18
+ */
19
+ function missingCredentialsMessage() {
20
+ const hasWorkspace = !!env_js_1.env.BL_WORKSPACE;
21
+ const hasApiKey = !!env_js_1.env.BL_API_KEY;
22
+ if (hasWorkspace && !hasApiKey) {
23
+ return "Blaxel API key is missing. Set the BL_API_KEY environment variable, or run `bl login`, to authenticate (BL_WORKSPACE is already set).";
24
+ }
25
+ if (hasApiKey && !hasWorkspace) {
26
+ return "Blaxel workspace is missing. Set the BL_WORKSPACE environment variable, or run `bl login`, to authenticate (BL_API_KEY is already set).";
27
+ }
28
+ return "No Blaxel credentials found. Set the BL_API_KEY and BL_WORKSPACE environment variables, or run `bl login`.";
29
+ }
13
30
  // Build info - these placeholders are replaced at build time by build:replace-imports
14
- const BUILD_VERSION = "0.2.87-preview.169";
15
- const BUILD_COMMIT = "5357b12d98548db2b306537be7d96d2888ac8cb1";
31
+ const BUILD_VERSION = "0.2.87-preview.171";
32
+ const BUILD_COMMIT = "06530fbea3b8ff89d51d0b834de6725ad5ad80ee";
16
33
  const BUILD_SENTRY_DSN = "https://fd5e60e1c9820e1eef5ccebb84a07127@o4508714045276160.ingest.us.sentry.io/4510465864564736";
17
34
  const BLAXEL_API_VERSION = "2026-04-16";
18
35
  // Cache for config.yaml tracking value
@@ -173,6 +190,7 @@ class Settings {
173
190
  return env_js_1.env.BL_API_VERSION || BLAXEL_API_VERSION;
174
191
  }
175
192
  get headers() {
193
+ this.assertCredentials();
176
194
  const osArch = getOsArch();
177
195
  return {
178
196
  "x-blaxel-authorization": this.authorization,
@@ -258,7 +276,27 @@ class Settings {
258
276
  }
259
277
  return 0;
260
278
  }
279
+ /**
280
+ * Fail fast with a clear, actionable error when credentials are missing or
281
+ * incomplete, instead of sending empty workspace/authorization headers and
282
+ * surfacing a misleading server-side "workspace is required". Skipped for
283
+ * `forceUrl` sandbox sessions, which carry their own headers and never read
284
+ * `settings.headers`. Leaves `workspace` itself non-throwing so telemetry
285
+ * tagging stays safe.
286
+ */
287
+ assertCredentials() {
288
+ const hasConfigCredentials = !!(this.config.apikey ||
289
+ this.config.apiKey ||
290
+ this.config.clientCredentials);
291
+ if (!hasConfigCredentials && this.credentials instanceof credentials_js_1.MissingCredentials) {
292
+ throw new errors_js_1.CredentialsError(missingCredentialsMessage());
293
+ }
294
+ if (!this.workspace) {
295
+ throw new errors_js_1.CredentialsError("Blaxel workspace is missing. Set the BL_WORKSPACE environment variable, or run `bl login`, to authenticate your requests.");
296
+ }
297
+ }
261
298
  async authenticate() {
299
+ this.assertCredentials();
262
300
  await this.credentials.authenticate();
263
301
  }
264
302
  }
@@ -34,6 +34,7 @@ var __importStar = (this && this.__importStar) || (function () {
34
34
  })();
35
35
  Object.defineProperty(exports, "__esModule", { value: true });
36
36
  const vitest_1 = require("vitest");
37
+ const apikey_js_1 = require("../authentication/apikey.js");
37
38
  const env_js_1 = require("./env.js");
38
39
  (0, vitest_1.describe)('Settings.apiVersion', () => {
39
40
  (0, vitest_1.beforeEach)(() => {
@@ -50,6 +51,14 @@ const env_js_1 = require("./env.js");
50
51
  (0, vitest_1.it)('headers include Blaxel-Version set to the default', async () => {
51
52
  delete env_js_1.env.BL_API_VERSION;
52
53
  const { settings } = await Promise.resolve().then(() => __importStar(require('./settings.js')));
53
- (0, vitest_1.expect)(settings.headers['Blaxel-Version']).toBe('2026-04-16');
54
+ // headers now requires resolvable credentials; run in an authenticated context
55
+ const previous = settings.credentials;
56
+ settings.credentials = new apikey_js_1.ApiKey({ apiKey: 'test-key', workspace: 'test-ws' });
57
+ try {
58
+ (0, vitest_1.expect)(settings.headers['Blaxel-Version']).toBe('2026-04-16');
59
+ }
60
+ finally {
61
+ settings.credentials = previous;
62
+ }
54
63
  });
55
64
  });
@@ -4,3 +4,12 @@ export declare class Credentials {
4
4
  get authorization(): string;
5
5
  get token(): string;
6
6
  }
7
+ /**
8
+ * Marker returned by `authentication()` when no usable Blaxel credentials were
9
+ * resolved (no env vars, no matching config workspace). Construction is
10
+ * side-effect free so importing `@blaxel/core` never fails; the actionable
11
+ * error is raised when an authenticated request is actually attempted
12
+ * (see `Settings.assertCredentials`).
13
+ */
14
+ export declare class MissingCredentials extends Credentials {
15
+ }
@@ -0,0 +1 @@
1
+ export {};
@@ -1 +1,11 @@
1
+ /**
2
+ * Thrown when Blaxel credentials are missing or incomplete.
3
+ *
4
+ * Surfaced eagerly with an actionable message (which env var / login step is
5
+ * missing) instead of silently sending empty workspace/authorization headers
6
+ * and letting the user hit a misleading server-side "workspace is required".
7
+ */
8
+ export declare class CredentialsError extends Error {
9
+ constructor(message: string);
10
+ }
1
11
  export declare function handleDynamicImportError(err: any): void;
@@ -10,13 +10,18 @@ import type { H2Pool } from "./h2pool.js";
10
10
  */
11
11
  export declare function createH2Fetch(session: http2.ClientHttp2Session): (input: Request) => Promise<Response>;
12
12
  /**
13
- * Creates a fetch()-compatible function backed by the H2 session pool.
13
+ * Creates a fetch()-compatible function backed by the H2 session pool, routed
14
+ * through the single gateway. Used as the generated client's `fetch`.
14
15
  *
15
- * The pool validates idle sessions before reuse. If no usable H2 session is
16
- * available, the request falls back to regular fetch before any H2 frames
17
- * are sent.
16
+ * If no usable H2 session is available, the request falls back to regular fetch
17
+ * before any H2 frames are sent.
18
18
  */
19
19
  export declare function createPoolBackedH2Fetch(pool: H2Pool, domain: string): (input: Request) => Promise<Response>;
20
+ /**
21
+ * Pool-backed H2 request taking raw url + init (skips Request allocation),
22
+ * routed through the same single gateway. Used by `SandboxAction.h2Fetch` and
23
+ * the code interpreter.
24
+ */
20
25
  export declare function h2RequestDirectFromPool(pool: H2Pool, domain: string, url: string, init?: RequestInit): Promise<Response>;
21
26
  /**
22
27
  * Low-level H2 request that takes raw URL + init, skipping Request construction.
@@ -63,6 +63,15 @@ declare class Settings {
63
63
  get disableH2(): boolean;
64
64
  get maxConcurrentH2Requests(): number;
65
65
  get fsPartRetries(): number;
66
+ /**
67
+ * Fail fast with a clear, actionable error when credentials are missing or
68
+ * incomplete, instead of sending empty workspace/authorization headers and
69
+ * surfacing a misleading server-side "workspace is required". Skipped for
70
+ * `forceUrl` sandbox sessions, which carry their own headers and never read
71
+ * `settings.headers`. Leaves `workspace` itself non-throwing so telemetry
72
+ * tagging stays safe.
73
+ */
74
+ private assertCredentials;
66
75
  authenticate(): Promise<void>;
67
76
  }
68
77
  export declare const settings: Settings;