@dashai/sdk 0.9.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (52) hide show
  1. package/README.md +53 -13
  2. package/dist/auth/client.cjs +23 -1
  3. package/dist/auth/client.cjs.map +1 -1
  4. package/dist/auth/client.d.cts +30 -5
  5. package/dist/auth/client.d.ts +30 -5
  6. package/dist/auth/client.js +23 -1
  7. package/dist/auth/client.js.map +1 -1
  8. package/dist/auth/middleware.cjs +11 -1
  9. package/dist/auth/middleware.cjs.map +1 -1
  10. package/dist/auth/middleware.js +11 -1
  11. package/dist/auth/middleware.js.map +1 -1
  12. package/dist/auth/server.cjs +36 -7
  13. package/dist/auth/server.cjs.map +1 -1
  14. package/dist/auth/server.js +36 -7
  15. package/dist/auth/server.js.map +1 -1
  16. package/dist/auth/types.cjs.map +1 -1
  17. package/dist/auth/types.d.cts +13 -0
  18. package/dist/auth/types.d.ts +13 -0
  19. package/dist/auth/types.js.map +1 -1
  20. package/dist/deps/index.cjs +82 -7
  21. package/dist/deps/index.cjs.map +1 -1
  22. package/dist/deps/index.d.cts +28 -10
  23. package/dist/deps/index.d.ts +28 -10
  24. package/dist/deps/index.js +81 -8
  25. package/dist/deps/index.js.map +1 -1
  26. package/dist/index-BsSFz58g.d.cts +431 -0
  27. package/dist/index-BsSFz58g.d.ts +431 -0
  28. package/dist/index.cjs +318 -25
  29. package/dist/index.cjs.map +1 -1
  30. package/dist/index.d.cts +66 -53
  31. package/dist/index.d.ts +66 -53
  32. package/dist/index.js +313 -26
  33. package/dist/index.js.map +1 -1
  34. package/dist/query/index.cjs +158 -2
  35. package/dist/query/index.cjs.map +1 -1
  36. package/dist/query/index.d.cts +7 -7
  37. package/dist/query/index.d.ts +7 -7
  38. package/dist/query/index.js +158 -2
  39. package/dist/query/index.js.map +1 -1
  40. package/dist/react/index.d.cts +1 -1
  41. package/dist/react/index.d.ts +1 -1
  42. package/dist/{types-DXsbCVkb.d.cts → types-CkAfiS4k.d.cts} +106 -38
  43. package/dist/{types-DXsbCVkb.d.ts → types-CkAfiS4k.d.ts} +106 -38
  44. package/dist/uses/index.cjs +147 -0
  45. package/dist/uses/index.cjs.map +1 -0
  46. package/dist/uses/index.d.cts +1 -0
  47. package/dist/uses/index.d.ts +1 -0
  48. package/dist/uses/index.js +142 -0
  49. package/dist/uses/index.js.map +1 -0
  50. package/package.json +6 -1
  51. package/dist/errors-BV75u7b9.d.cts +0 -207
  52. package/dist/errors-BV75u7b9.d.ts +0 -207
package/dist/index.d.cts CHANGED
@@ -1,6 +1,6 @@
1
- import { C as ClientConfig, a as Client, T as TokenResolver } from './types-DXsbCVkb.cjs';
2
- export { B as BaseInsert, b as BaseRow, c as BaseUpdate, d as DatahubClient, e as DatahubListResult, f as DatahubTableClient, D as Deps, F as FetchImpl, g as FileRef, h as FilterOps, i as FilterValue, L as ListOpts, P as Page, R as ReadOnlyTableClient, S as SlowQueryInfo, j as SortClause, k as SortDir, l as TableClient, W as Where } from './types-DXsbCVkb.cjs';
3
- export { C as ContractViolationError, a as DashwiseError, b as DashwiseErrorCode, D as DependencyContractError, F as ForbiddenError, J as JoinError, N as NetworkError, O as OperationNotAllowedByProviderError, P as ProviderTableMissingError, R as RowNotFoundError, T as TimeoutError, U as UnauthenticatedError, V as ValidationError, f as fromBackendEnvelope } from './errors-BV75u7b9.cjs';
1
+ import { C as ClientConfig, a as Client, T as TokenResolver } from './types-CkAfiS4k.cjs';
2
+ export { B as BaseInsert, b as BaseRow, c as BaseUpdate, d as DatahubClient, e as DatahubListOpts, f as DatahubListResult, g as DatahubTableClient, D as Deps, F as FetchImpl, h as FileRef, i as FilterOps, j as FilterValue, L as ListOpts, P as Page, R as ReadOnlyTableClient, S as SlowQueryInfo, k as SortClause, l as SortDir, m as TableClient, W as Where } from './types-CkAfiS4k.cjs';
3
+ export { C as ContractFieldMissingError, c as ContractViolationError, d as DashwiseError, e as DashwiseErrorCode, D as DepUnboundError, a as DepUnboundReason, b as DependencyContractError, F as ForbiddenError, J as JoinError, N as NetworkError, O as OperationNotAllowedByProviderError, P as ProviderTableMissingError, R as RowNotFoundError, T as TimeoutError, U as UnauthenticatedError, f as UsesOpNotAllowedError, g as UsesUnboundError, h as UsesUnboundReason, V as ValidationError, i as fromBackendEnvelope } from './index-BsSFz58g.cjs';
4
4
 
5
5
  /**
6
6
  * `createClient()` — the public factory for talking to the DashWise
@@ -19,14 +19,16 @@ export { C as ContractViolationError, a as DashwiseError, b as DashwiseErrorCode
19
19
  * `Record<string, unknown>` rows with the generic `db<Row>(slug)`
20
20
  * shape.
21
21
  *
22
- * The HTTP path layout mirrors the existing runtime data plane in
23
- * `dashwise-backend/src/modules/modules/runtime/data/runtime-table.controller.ts`:
22
+ * The HTTP path layout targets the Phase 2 module-API plane. Every
23
+ * route is install-agnostic — the backend resolves the install from
24
+ * the bearer credential (a scoped `dwk_` key or a sandbox session
25
+ * token), so no installation id appears in the URL:
24
26
  *
25
- * POST /api/modules/<installation>/db/<table>/list
26
- * GET /api/modules/<installation>/db/<table>/<id>
27
- * POST /api/modules/<installation>/db/<table>
28
- * PATCH /api/modules/<installation>/db/<table>/<id>
29
- * DELETE /api/modules/<installation>/db/<table>/<id>
27
+ * POST /api/module-api/db/<table>/list
28
+ * GET /api/module-api/db/<table>/<id>
29
+ * POST /api/module-api/db/<table>
30
+ * PATCH /api/module-api/db/<table>/<id>
31
+ * DELETE /api/module-api/db/<table>/<id>
30
32
  */
31
33
 
32
34
  /**
@@ -35,9 +37,8 @@ export { C as ContractViolationError, a as DashwiseError, b as DashwiseErrorCode
35
37
  *
36
38
  * @example
37
39
  * const client = createClient({
38
- * baseUrl: 'https://api.dashwise.io',
39
- * installationId: 'sandbox',
40
- * getToken: () => process.env.DASHWISE_TOKEN ?? null,
40
+ * baseUrl: 'https://api.dashwise.net',
41
+ * apiKey: process.env.DASHWISE_API_KEY,
41
42
  * });
42
43
  *
43
44
  * const page = await client.db<TasksRow>('tasks').list({
@@ -50,35 +51,39 @@ declare function createClient(config: ClientConfig): Client;
50
51
  /**
51
52
  * `createDevClient()` — `createClient()`'s zero-config sibling for local dev.
52
53
  *
53
- * Resolves `baseUrl`, `installationId`, and `getToken` from a layered
54
- * config chain so a developer who has run `dashwise login` (and, for the
55
- * full local-dev experience, `dashwise init`) can do:
54
+ * Resolves `baseUrl` + `getToken` from a layered config chain so a
55
+ * developer who has run `dashwise login` (and, for the full local-dev
56
+ * experience, `dashwise init`) can do:
56
57
  *
57
58
  * ```ts
58
59
  * import { createDevClient } from '@dashai/sdk';
59
60
  * const client = createDevClient({ moduleSlug: 'my-tasks' });
60
61
  * ```
61
62
  *
62
- * …without copying tokens or installation ids around. The flow this
63
- * enables is the end-to-end "two-command bootstrap" the CLI's
64
- * `dashwise login` + `dashwise init` pair targets.
63
+ * …without copying tokens around. The flow this enables is the
64
+ * end-to-end "two-command bootstrap" the CLI's `dashwise login` +
65
+ * `dashwise init` pair targets.
66
+ *
67
+ * Phase 2 wire protocol: there is NO installation id anywhere in this
68
+ * resolver — the backend resolves the install from the credential
69
+ * (a scoped `dwk_` key or, in the AI builder sandbox, a session token),
70
+ * and every request hits the install-agnostic `/api/module-api`.
65
71
  *
66
72
  * ## Resolution chain
67
73
  *
68
74
  * For each field, the first non-empty source wins:
69
75
  *
70
76
  * 1. Explicit `overrides` argument (per-call escape hatch).
71
- * 2. Environment variables — `DASHWISE_API_URL` / `DASHWISE_API_TOKEN`
72
- * / `DASHWISE_INSTALLATION_ID` / `DASHWISE_RUNTIME_TOKEN` (HH-CC-LDI-5).
73
- * Standard for CI, Docker, prod-like setups; also the path
74
- * `dashwise dev` uses to inject per-module credentials into the
75
- * Next.js child process.
77
+ * 2. Environment variables — exactly `DASHWISE_API_URL` +
78
+ * `DASHWISE_API_KEY` (the Phase 2 two-var contract). Standard for
79
+ * CI, Docker, prod-like setups; also the path `dashwise dev` uses
80
+ * to inject the module's scoped `dwk_` key into the Next.js child.
76
81
  * 3. The CLI's saved config at `$XDG_CONFIG_HOME/dashwise/auth.json`
77
82
  * (or platform default) — written by `dashwise login` (top-level
78
- * `apiUrl` + `token`) and `dashwise init` (per-module entry under
79
- * `modules[slug]`).
83
+ * `apiUrl` + `token`) and `dashwise init` / `register` (per-module
84
+ * entry under `modules[slug]`).
80
85
  *
81
- * ## Per-module local-dev tokens (HH-CC-LDI-5)
86
+ * ## Per-module local-dev credential (P1-C)
82
87
  *
83
88
  * When `overrides.moduleSlug` is set, the SDK looks up the per-module
84
89
  * entry in `auth.json`:
@@ -89,26 +94,34 @@ declare function createClient(config: ClientConfig): Client;
89
94
  * "token": "dwc_...", // CLI bearer (login)
90
95
  * "modules": {
91
96
  * "my-tasks": {
92
- * "runtimeToken": "<JWT>", // long-lived runtime token (LDI-2)
93
- * "installationId": 4242, // numeric install id (LDI-2)
97
+ * "apiKey": "dwk_...", // scoped local-dev API key (P1-C)
98
+ * "apiKeyId": 88, // module_api_keys row id
99
+ * "installationId": 4242, // numeric install id (internal)
94
100
  * "expiresAt": "2026-08-22T..." // informational only
95
101
  * }
96
102
  * }
97
103
  * }
98
104
  * ```
99
105
  *
100
- * Per-module entries are written by `dashwise init` (HH-CC-LDI-6) when
101
- * a developer provisions a local-dev install. The SDK prefers the
102
- * `runtimeToken` over the legacy CLI bearer (`token`) when both
103
- * exist, and sets `installationId` to the literal `'sandbox'` — the
104
- * URL placeholder the backend's `RuntimeTokenGuard` accepts (the
105
- * token resolves to the actual install on the server side).
106
+ * Per-module entries are written by `dashwise init` / `dashwise module
107
+ * register` when a developer provisions a local-dev install. The SDK
108
+ * prefers the per-module `apiKey` over the CLI bearer (`token`) when
109
+ * both exist. The `installationId` on the entry is CLI-internal
110
+ * bookkeeping (used only for admin URLs like `dashwise api-keys`); the
111
+ * SDK never sends it — the key binds the install server-side.
112
+ *
113
+ * Back-compat: a pre-P1-C `auth.json` may carry a `runtimeToken` (90-day
114
+ * JWT) instead of `apiKey`. The SDK still reads it as a last-resort
115
+ * file fallback so old files keep working until `dashwise dev`
116
+ * self-heals the entry to a `dwk_` key. The `DASHWISE_RUNTIME_TOKEN` /
117
+ * `DASHWISE_API_TOKEN` / `DASHWISE_INSTALLATION_ID` env vars no longer
118
+ * exist in Phase 2 and are not read here.
106
119
  *
107
120
  * If `moduleSlug` is unset, OR the named module isn't in the
108
- * `modules` map, OR the entry lacks a `runtimeToken`, the resolver
109
- * falls back to the legacy chain (`token` field + `'local'` install
110
- * id, which the backend will reject — surfacing as a typed
111
- * `UnauthenticatedError` on the first request).
121
+ * `modules` map, OR the entry lacks a credential, the resolver
122
+ * falls back to the deploy `DASHWISE_API_KEY` env, then the CLI bearer
123
+ * (which the backend rejects on the module-API plane — surfacing as a
124
+ * typed `UnauthenticatedError` on the first request).
112
125
  *
113
126
  * ## Safety rails
114
127
  *
@@ -151,25 +164,25 @@ interface CreateDevClientOptions extends Partial<Omit<ClientConfig, 'getToken'>>
151
164
  */
152
165
  getToken?: TokenResolver;
153
166
  /**
154
- * HH-CC-LDI-5 — module slug for per-module runtime-token lookup.
167
+ * P1-C — module slug for per-module API-key lookup.
155
168
  *
156
169
  * When set, `createDevClient` reads
157
- * `~/.config/dashwise/auth.json#modules[<moduleSlug>]` looking for
158
- * a `runtimeToken`. If found, that token is used as the bearer
159
- * (overriding `DASHWISE_API_TOKEN` / file-level `token`) and the
160
- * SDK sends `installationId='sandbox'` the URL placeholder
161
- * accepted by the backend's `RuntimeTokenGuard`. The runtime
162
- * token itself binds to a specific install on the server side.
170
+ * `~/.config/dashwise/auth.json#modules[<moduleSlug>]` looking for a
171
+ * scoped `dwk_` `apiKey` (a legacy `runtimeToken` is also honoured
172
+ * for old files). If found, it is used as the bearer (overriding the
173
+ * deploy `DASHWISE_API_KEY` / file-level `token`); the key binds to a
174
+ * specific install server-side, so no installation id is sent.
163
175
  *
164
- * If `moduleSlug` is unset or the entry is missing, the legacy
165
- * resolution chain applies (CLI bearer + `'local'` installation
166
- * id, which the backend will 401 surfacing as a typed
167
- * `UnauthenticatedError` on the first request).
176
+ * If `moduleSlug` is unset or the entry is missing, the resolution
177
+ * chain falls through to the deploy `DASHWISE_API_KEY` env, then the
178
+ * CLI bearer (which the backend 401s on the module-API plane
179
+ * surfacing as a typed `UnauthenticatedError` on the first request).
168
180
  *
169
181
  * Typical usage: scaffolded modules read `module.json#module.slug`
170
- * and pass it here. The CLI's `dashwise dev` command also exports
171
- * it as the `DASHWISE_RUNTIME_TOKEN` env var so child processes
172
- * (e.g. `next dev`) can authenticate without re-reading the file.
182
+ * and pass it here. The CLI's `dashwise dev` command instead exports
183
+ * the key as the `DASHWISE_API_KEY` env var so child processes (e.g.
184
+ * `next dev`) authenticate without re-reading the file or passing a
185
+ * slug.
173
186
  */
174
187
  moduleSlug?: string;
175
188
  }
package/dist/index.d.ts CHANGED
@@ -1,6 +1,6 @@
1
- import { C as ClientConfig, a as Client, T as TokenResolver } from './types-DXsbCVkb.js';
2
- export { B as BaseInsert, b as BaseRow, c as BaseUpdate, d as DatahubClient, e as DatahubListResult, f as DatahubTableClient, D as Deps, F as FetchImpl, g as FileRef, h as FilterOps, i as FilterValue, L as ListOpts, P as Page, R as ReadOnlyTableClient, S as SlowQueryInfo, j as SortClause, k as SortDir, l as TableClient, W as Where } from './types-DXsbCVkb.js';
3
- export { C as ContractViolationError, a as DashwiseError, b as DashwiseErrorCode, D as DependencyContractError, F as ForbiddenError, J as JoinError, N as NetworkError, O as OperationNotAllowedByProviderError, P as ProviderTableMissingError, R as RowNotFoundError, T as TimeoutError, U as UnauthenticatedError, V as ValidationError, f as fromBackendEnvelope } from './errors-BV75u7b9.js';
1
+ import { C as ClientConfig, a as Client, T as TokenResolver } from './types-CkAfiS4k.js';
2
+ export { B as BaseInsert, b as BaseRow, c as BaseUpdate, d as DatahubClient, e as DatahubListOpts, f as DatahubListResult, g as DatahubTableClient, D as Deps, F as FetchImpl, h as FileRef, i as FilterOps, j as FilterValue, L as ListOpts, P as Page, R as ReadOnlyTableClient, S as SlowQueryInfo, k as SortClause, l as SortDir, m as TableClient, W as Where } from './types-CkAfiS4k.js';
3
+ export { C as ContractFieldMissingError, c as ContractViolationError, d as DashwiseError, e as DashwiseErrorCode, D as DepUnboundError, a as DepUnboundReason, b as DependencyContractError, F as ForbiddenError, J as JoinError, N as NetworkError, O as OperationNotAllowedByProviderError, P as ProviderTableMissingError, R as RowNotFoundError, T as TimeoutError, U as UnauthenticatedError, f as UsesOpNotAllowedError, g as UsesUnboundError, h as UsesUnboundReason, V as ValidationError, i as fromBackendEnvelope } from './index-BsSFz58g.js';
4
4
 
5
5
  /**
6
6
  * `createClient()` — the public factory for talking to the DashWise
@@ -19,14 +19,16 @@ export { C as ContractViolationError, a as DashwiseError, b as DashwiseErrorCode
19
19
  * `Record<string, unknown>` rows with the generic `db<Row>(slug)`
20
20
  * shape.
21
21
  *
22
- * The HTTP path layout mirrors the existing runtime data plane in
23
- * `dashwise-backend/src/modules/modules/runtime/data/runtime-table.controller.ts`:
22
+ * The HTTP path layout targets the Phase 2 module-API plane. Every
23
+ * route is install-agnostic — the backend resolves the install from
24
+ * the bearer credential (a scoped `dwk_` key or a sandbox session
25
+ * token), so no installation id appears in the URL:
24
26
  *
25
- * POST /api/modules/<installation>/db/<table>/list
26
- * GET /api/modules/<installation>/db/<table>/<id>
27
- * POST /api/modules/<installation>/db/<table>
28
- * PATCH /api/modules/<installation>/db/<table>/<id>
29
- * DELETE /api/modules/<installation>/db/<table>/<id>
27
+ * POST /api/module-api/db/<table>/list
28
+ * GET /api/module-api/db/<table>/<id>
29
+ * POST /api/module-api/db/<table>
30
+ * PATCH /api/module-api/db/<table>/<id>
31
+ * DELETE /api/module-api/db/<table>/<id>
30
32
  */
31
33
 
32
34
  /**
@@ -35,9 +37,8 @@ export { C as ContractViolationError, a as DashwiseError, b as DashwiseErrorCode
35
37
  *
36
38
  * @example
37
39
  * const client = createClient({
38
- * baseUrl: 'https://api.dashwise.io',
39
- * installationId: 'sandbox',
40
- * getToken: () => process.env.DASHWISE_TOKEN ?? null,
40
+ * baseUrl: 'https://api.dashwise.net',
41
+ * apiKey: process.env.DASHWISE_API_KEY,
41
42
  * });
42
43
  *
43
44
  * const page = await client.db<TasksRow>('tasks').list({
@@ -50,35 +51,39 @@ declare function createClient(config: ClientConfig): Client;
50
51
  /**
51
52
  * `createDevClient()` — `createClient()`'s zero-config sibling for local dev.
52
53
  *
53
- * Resolves `baseUrl`, `installationId`, and `getToken` from a layered
54
- * config chain so a developer who has run `dashwise login` (and, for the
55
- * full local-dev experience, `dashwise init`) can do:
54
+ * Resolves `baseUrl` + `getToken` from a layered config chain so a
55
+ * developer who has run `dashwise login` (and, for the full local-dev
56
+ * experience, `dashwise init`) can do:
56
57
  *
57
58
  * ```ts
58
59
  * import { createDevClient } from '@dashai/sdk';
59
60
  * const client = createDevClient({ moduleSlug: 'my-tasks' });
60
61
  * ```
61
62
  *
62
- * …without copying tokens or installation ids around. The flow this
63
- * enables is the end-to-end "two-command bootstrap" the CLI's
64
- * `dashwise login` + `dashwise init` pair targets.
63
+ * …without copying tokens around. The flow this enables is the
64
+ * end-to-end "two-command bootstrap" the CLI's `dashwise login` +
65
+ * `dashwise init` pair targets.
66
+ *
67
+ * Phase 2 wire protocol: there is NO installation id anywhere in this
68
+ * resolver — the backend resolves the install from the credential
69
+ * (a scoped `dwk_` key or, in the AI builder sandbox, a session token),
70
+ * and every request hits the install-agnostic `/api/module-api`.
65
71
  *
66
72
  * ## Resolution chain
67
73
  *
68
74
  * For each field, the first non-empty source wins:
69
75
  *
70
76
  * 1. Explicit `overrides` argument (per-call escape hatch).
71
- * 2. Environment variables — `DASHWISE_API_URL` / `DASHWISE_API_TOKEN`
72
- * / `DASHWISE_INSTALLATION_ID` / `DASHWISE_RUNTIME_TOKEN` (HH-CC-LDI-5).
73
- * Standard for CI, Docker, prod-like setups; also the path
74
- * `dashwise dev` uses to inject per-module credentials into the
75
- * Next.js child process.
77
+ * 2. Environment variables — exactly `DASHWISE_API_URL` +
78
+ * `DASHWISE_API_KEY` (the Phase 2 two-var contract). Standard for
79
+ * CI, Docker, prod-like setups; also the path `dashwise dev` uses
80
+ * to inject the module's scoped `dwk_` key into the Next.js child.
76
81
  * 3. The CLI's saved config at `$XDG_CONFIG_HOME/dashwise/auth.json`
77
82
  * (or platform default) — written by `dashwise login` (top-level
78
- * `apiUrl` + `token`) and `dashwise init` (per-module entry under
79
- * `modules[slug]`).
83
+ * `apiUrl` + `token`) and `dashwise init` / `register` (per-module
84
+ * entry under `modules[slug]`).
80
85
  *
81
- * ## Per-module local-dev tokens (HH-CC-LDI-5)
86
+ * ## Per-module local-dev credential (P1-C)
82
87
  *
83
88
  * When `overrides.moduleSlug` is set, the SDK looks up the per-module
84
89
  * entry in `auth.json`:
@@ -89,26 +94,34 @@ declare function createClient(config: ClientConfig): Client;
89
94
  * "token": "dwc_...", // CLI bearer (login)
90
95
  * "modules": {
91
96
  * "my-tasks": {
92
- * "runtimeToken": "<JWT>", // long-lived runtime token (LDI-2)
93
- * "installationId": 4242, // numeric install id (LDI-2)
97
+ * "apiKey": "dwk_...", // scoped local-dev API key (P1-C)
98
+ * "apiKeyId": 88, // module_api_keys row id
99
+ * "installationId": 4242, // numeric install id (internal)
94
100
  * "expiresAt": "2026-08-22T..." // informational only
95
101
  * }
96
102
  * }
97
103
  * }
98
104
  * ```
99
105
  *
100
- * Per-module entries are written by `dashwise init` (HH-CC-LDI-6) when
101
- * a developer provisions a local-dev install. The SDK prefers the
102
- * `runtimeToken` over the legacy CLI bearer (`token`) when both
103
- * exist, and sets `installationId` to the literal `'sandbox'` — the
104
- * URL placeholder the backend's `RuntimeTokenGuard` accepts (the
105
- * token resolves to the actual install on the server side).
106
+ * Per-module entries are written by `dashwise init` / `dashwise module
107
+ * register` when a developer provisions a local-dev install. The SDK
108
+ * prefers the per-module `apiKey` over the CLI bearer (`token`) when
109
+ * both exist. The `installationId` on the entry is CLI-internal
110
+ * bookkeeping (used only for admin URLs like `dashwise api-keys`); the
111
+ * SDK never sends it — the key binds the install server-side.
112
+ *
113
+ * Back-compat: a pre-P1-C `auth.json` may carry a `runtimeToken` (90-day
114
+ * JWT) instead of `apiKey`. The SDK still reads it as a last-resort
115
+ * file fallback so old files keep working until `dashwise dev`
116
+ * self-heals the entry to a `dwk_` key. The `DASHWISE_RUNTIME_TOKEN` /
117
+ * `DASHWISE_API_TOKEN` / `DASHWISE_INSTALLATION_ID` env vars no longer
118
+ * exist in Phase 2 and are not read here.
106
119
  *
107
120
  * If `moduleSlug` is unset, OR the named module isn't in the
108
- * `modules` map, OR the entry lacks a `runtimeToken`, the resolver
109
- * falls back to the legacy chain (`token` field + `'local'` install
110
- * id, which the backend will reject — surfacing as a typed
111
- * `UnauthenticatedError` on the first request).
121
+ * `modules` map, OR the entry lacks a credential, the resolver
122
+ * falls back to the deploy `DASHWISE_API_KEY` env, then the CLI bearer
123
+ * (which the backend rejects on the module-API plane — surfacing as a
124
+ * typed `UnauthenticatedError` on the first request).
112
125
  *
113
126
  * ## Safety rails
114
127
  *
@@ -151,25 +164,25 @@ interface CreateDevClientOptions extends Partial<Omit<ClientConfig, 'getToken'>>
151
164
  */
152
165
  getToken?: TokenResolver;
153
166
  /**
154
- * HH-CC-LDI-5 — module slug for per-module runtime-token lookup.
167
+ * P1-C — module slug for per-module API-key lookup.
155
168
  *
156
169
  * When set, `createDevClient` reads
157
- * `~/.config/dashwise/auth.json#modules[<moduleSlug>]` looking for
158
- * a `runtimeToken`. If found, that token is used as the bearer
159
- * (overriding `DASHWISE_API_TOKEN` / file-level `token`) and the
160
- * SDK sends `installationId='sandbox'` the URL placeholder
161
- * accepted by the backend's `RuntimeTokenGuard`. The runtime
162
- * token itself binds to a specific install on the server side.
170
+ * `~/.config/dashwise/auth.json#modules[<moduleSlug>]` looking for a
171
+ * scoped `dwk_` `apiKey` (a legacy `runtimeToken` is also honoured
172
+ * for old files). If found, it is used as the bearer (overriding the
173
+ * deploy `DASHWISE_API_KEY` / file-level `token`); the key binds to a
174
+ * specific install server-side, so no installation id is sent.
163
175
  *
164
- * If `moduleSlug` is unset or the entry is missing, the legacy
165
- * resolution chain applies (CLI bearer + `'local'` installation
166
- * id, which the backend will 401 surfacing as a typed
167
- * `UnauthenticatedError` on the first request).
176
+ * If `moduleSlug` is unset or the entry is missing, the resolution
177
+ * chain falls through to the deploy `DASHWISE_API_KEY` env, then the
178
+ * CLI bearer (which the backend 401s on the module-API plane
179
+ * surfacing as a typed `UnauthenticatedError` on the first request).
168
180
  *
169
181
  * Typical usage: scaffolded modules read `module.json#module.slug`
170
- * and pass it here. The CLI's `dashwise dev` command also exports
171
- * it as the `DASHWISE_RUNTIME_TOKEN` env var so child processes
172
- * (e.g. `next dev`) can authenticate without re-reading the file.
182
+ * and pass it here. The CLI's `dashwise dev` command instead exports
183
+ * the key as the `DASHWISE_API_KEY` env var so child processes (e.g.
184
+ * `next dev`) authenticate without re-reading the file or passing a
185
+ * slug.
173
186
  */
174
187
  moduleSlug?: string;
175
188
  }