@gpt-platform/client 0.10.5 → 0.11.1

package/dist/streaming.d.ts

@@ -0,0 +1,135 @@
+/**
+ * Options for streaming requests
+ */
+export interface StreamOptions {
+    /**
+     * Signal to abort the stream
+     */
+    signal?: AbortSignal;
+    /**
+     * Callback for handling errors
+     */
+    onError?: (error: Error) => void;
+    /**
+     * Maximum stream duration in milliseconds (default: 5 minutes)
+     * Prevents DoS via infinite streams
+     */
+    timeout?: number;
+    /**
+     * Maximum number of chunks to process (default: 10000)
+     * Prevents memory exhaustion via malicious streams
+     */
+    maxChunks?: number;
+    /**
+     * Maximum buffer size in bytes (default: 10MB)
+     * Prevents unbounded memory growth
+     */
+    maxBufferSize?: number;
+}
+/**
+ * Parse Server-Sent Events (SSE) stream into typed chunks
+ * Security: Enforces timeout, chunk count, and buffer size limits to prevent DoS
+ */
+export declare function streamSSE<T = unknown>(response: Response, options?: StreamOptions): AsyncIterableIterator<T>;
+/**
+ * Events emitted by thread message streaming.
+ *
+ * For threads backed by an agent, the stream emits the full execution event
+ * lifecycle including tool calls and results. For RAG threads (no agent),
+ * only `content`/`token`, `done`, and `error` events are emitted.
+ *
+ * The `type` field is a discriminant — use a `switch` statement to narrow.
+ *
+ * @example
+ * ```typescript
+ * const stream = await client.threads.messages.stream(threadId, { content: 'Hello' });
+ * for await (const event of stream) {
+ *   switch (event.type) {
+ *     case "token":
+ *       process.stdout.write(event.content ?? '');
+ *       break;
+ *     case "tool_call":
+ *       console.log(`Calling: ${event.data?.name}`);
+ *       break;
+ *     case "tool_result":
+ *       console.log(`Result: ${event.data?.summary}`);
+ *       break;
+ *     case "done":
+ *       console.log('Complete', event.metadata);
+ *       break;
+ *   }
+ * }
+ * ```
+ */
+export type StreamMessageChunk = StreamTokenEvent | StreamToolCallEvent | StreamToolResultEvent | StreamIterationCompleteEvent | StreamApprovalRequiredEvent | StreamDoneEvent | StreamErrorEvent;
+/**
+ * Incremental token from LLM streaming output.
+ * `type: "content"` is a backward-compatible alias — new consumers should match on `"token"`.
+ */
+export interface StreamTokenEvent {
+    type: "token" | "content";
+    content?: string;
+}
+/** Tool invocation started (agent-backed threads only). */
+export interface StreamToolCallEvent {
+    type: "tool_call";
+    data: {
+        name: string;
+        arguments: Record<string, unknown>;
+    };
+}
+/** Tool invocation completed (agent-backed threads only). */
+export interface StreamToolResultEvent {
+    type: "tool_result";
+    data: {
+        name: string;
+        summary: string;
+    };
+}
+/** LLM loop iteration completed (agent-backed threads only). */
+export interface StreamIterationCompleteEvent {
+    type: "iteration_complete";
+    data: {
+        iteration: number;
+        tokens: number;
+    };
+}
+/** Human-in-the-loop approval required (agent-backed threads only). */
+export interface StreamApprovalRequiredEvent {
+    type: "approval_required";
+    data: {
+        tool_name: string;
+        arguments: Record<string, unknown>;
+        classification: string;
+    };
+}
+/** Metadata included with stream completion events. */
+export interface StreamDoneMetadata {
+    thread_id?: string;
+    execution_id?: string;
+    total_tokens?: number;
+    [key: string]: unknown;
+}
+/** Stream completed successfully. */
+export interface StreamDoneEvent {
+    type: "done";
+    content?: string;
+    error?: string;
+    metadata?: StreamDoneMetadata;
+}
+/** Stream error. */
+export interface StreamErrorEvent {
+    type: "error";
+    content?: string;
+    error?: string;
+}
+/**
+ * Parse streaming message response — stops on terminal events.
+ */
+export declare function streamMessage(response: Response, options?: StreamOptions): AsyncIterableIterator<StreamMessageChunk>;
+/**
+ * Collect full message from stream chunks.
+ * Handles both `type: "token"` (agent-backed) and `type: "content"` (RAG) events.
+ */
+export declare function collectStreamedMessage(stream: AsyncIterableIterator<StreamMessageChunk>): Promise<string>;
+//# sourceMappingURL=streaming.d.ts.map

package/dist/streaming.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"streaming.d.ts","sourceRoot":"","sources":["../src/streaming.ts"],"names":[],"mappings":"AASA;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,MAAM,CAAC,EAAE,WAAW,CAAC;IAErB;;OAEG;IACH,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,CAAC;IAEjC;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;GAGG;AACH,wBAAuB,SAAS,CAAC,CAAC,GAAG,OAAO,EAC1C,QAAQ,EAAE,QAAQ,EAClB,OAAO,GAAE,aAAkB,GAC1B,qBAAqB,CAAC,CAAC,CAAC,CAiG1B;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,MAAM,MAAM,kBAAkB,GAC1B,gBAAgB,GAChB,mBAAmB,GACnB,qBAAqB,GACrB,4BAA4B,GAC5B,2BAA2B,GAC3B,eAAe,GACf,gBAAgB,CAAC;AAErB;;;GAGG;AACH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,OAAO,GAAG,SAAS,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,2DAA2D;AAC3D,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,WAAW,CAAC;IAClB,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;KAAE,CAAC;CAC5D;AAED,6DAA6D;AAC7D,MAAM,WAAW,qBAAqB;IACpC,IAAI,EAAE,aAAa,CAAC;IACpB,IAAI,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CACzC;AAED,gEAAgE;AAChE,MAAM,WAAW,4BAA4B;IAC3C,IAAI,EAAE,oBAAoB,CAAC;IAC3B,IAAI,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;CAC7C;AAED,uEAAuE;AACvE,MAAM,WAAW,2BAA2B;IAC1C,IAAI,EAAE,mBAAmB,CAAC;IAC1B,IAAI,EAAE;QACJ,SAAS,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACnC,cAAc,EAAE,MAAM,CAAC;KACxB,CAAC;CACH;AAED,uDAAuD;AACvD,MAAM,WAAW,kBAAkB;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,qCAAqC;AACrC,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,kBAAkB,CAAC;CAC/B;AAED,oBAAoB;AACpB,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,wBAAuB,aAAa,CAClC,QAAQ,EAAE,QAAQ,EAClB,OAAO,GAAE,aAAkB,GAC1B,qBAAqB,CAAC,kBAAkB,CAAC,CAS3C;AAED;;;GAGG;AACH,wBAAsB,sBAAsB,CAC1C,MAAM,EAAE,qBAAqB,CAAC,kBAAkB,CAAC,GAChD,OAAO,CAAC,MAAM,CAAC,CA2BjB"}

package/dist/utils/retry.d.ts

@@ -0,0 +1,63 @@
+import { GptCoreError } from "../errors/index";
+/**
+ * Retry configuration
+ */
+export interface RetryConfig {
+    /** Maximum number of retry attempts (default: 3) */
+    maxRetries: number;
+    /** Initial delay in milliseconds before first retry (default: 1000) */
+    initialDelay: number;
+    /** Maximum delay in milliseconds between retries (default: 32000) */
+    maxDelay: number;
+    /** HTTP status codes that trigger retry (default: [429, 500, 502, 503, 504]) */
+    retryableStatusCodes: number[];
+    /**
+     * Total timeout in milliseconds across all retry attempts.
+     * Prevents infinite retry loops from malicious Retry-After headers.
+     * Default: 300000 (5 minutes)
+     */
+    totalTimeout?: number;
+    /**
+     * Maximum value for Retry-After header in seconds.
+     * Prevents DoS via excessive server-requested delays.
+     * Default: 60 seconds
+     */
+    maxRetryAfter?: number;
+    /**
+     * Optional AbortSignal to cancel retry attempts.
+     * When aborted, the retry loop immediately throws an error.
+     */
+    signal?: AbortSignal;
+}
+/**
+ * Default retry configuration
+ */
+export declare const DEFAULT_RETRY_CONFIG: RetryConfig;
+/**
+ * Check if an error is retryable
+ */
+export declare function isRetryableError(error: unknown, retryableStatusCodes: number[]): boolean;
+/**
+ * Calculate exponential backoff delay with security limits
+ */
+export declare function calculateBackoff(attempt: number, initialDelay: number, maxDelay: number, retryAfter?: number, maxRetryAfter?: number): number;
+/**
+ * Sleep for specified milliseconds with optional abort signal
+ */
+export declare function sleep(ms: number, signal?: AbortSignal): Promise<void>;
+/**
+ * Error thrown when retry total timeout is exceeded
+ */
+export declare class RetryTimeoutError extends GptCoreError {
+    readonly lastError?: unknown;
+    constructor(message: string, lastError?: unknown);
+}
+/**
+ * Retry a function with exponential backoff and circuit breaker
+ */
+export declare function retryWithBackoff<T>(fn: () => Promise<T>, config?: RetryConfig): Promise<T>;
+/**
+ * Create a retry wrapper for a client method
+ */
+export declare function withRetry<TArgs extends unknown[], TReturn>(fn: (...args: TArgs) => Promise<TReturn>, config?: Partial<RetryConfig>): (...args: TArgs) => Promise<TReturn>;
+//# sourceMappingURL=retry.d.ts.map

package/dist/utils/retry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"retry.d.ts","sourceRoot":"","sources":["../../src/utils/retry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,oDAAoD;IACpD,UAAU,EAAE,MAAM,CAAC;IACnB,uEAAuE;IACvE,YAAY,EAAE,MAAM,CAAC;IACrB,qEAAqE;IACrE,QAAQ,EAAE,MAAM,CAAC;IACjB,gFAAgF;IAChF,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAC/B;;;;OAIG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;;OAGG;IACH,MAAM,CAAC,EAAE,WAAW,CAAC;CACtB;AAED;;GAEG;AACH,eAAO,MAAM,oBAAoB,EAAE,WAOlC,CAAC;AAEF;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,KAAK,EAAE,OAAO,EACd,oBAAoB,EAAE,MAAM,EAAE,GAC7B,OAAO,CAcT;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,MAAM,EACf,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,EAChB,UAAU,CAAC,EAAE,MAAM,EACnB,aAAa,GAAE,MAAW,GACzB,MAAM,CAcR;AAED;;GAEG;AACH,wBAAgB,KAAK,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAqBrE;AAED;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,YAAY;IACjD,SAAgB,SAAS,CAAC,EAAE,OAAO,CAAC;gBAExB,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,OAAO;CAIjD;AAED;;GAEG;AACH,wBAAsB,gBAAgB,CAAC,CAAC,EACtC,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,EACpB,MAAM,GAAE,WAAkC,GACzC,OAAO,CAAC,CAAC,CAAC,CA+EZ;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,KAAK,SAAS,OAAO,EAAE,EAAE,OAAO,EACxD,EAAE,EAAE,CAAC,GAAG,IAAI,EAAE,KAAK,KAAK,OAAO,CAAC,OAAO,CAAC,EACxC,MAAM,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,GAC5B,CAAC,GAAG,IAAI,EAAE,KAAK,KAAK,OAAO,CAAC,OAAO,CAAC,CAMtC"}

package/dist/version.d.ts

@@ -0,0 +1,5 @@
+/** SDK version — updated automatically by mix update.sdks */
+export declare const SDK_VERSION = "0.11.1";
+/** Default API version sent in every request — updated automatically by mix update.sdks */
+export declare const DEFAULT_API_VERSION = "2026-03-23";
+//# sourceMappingURL=version.d.ts.map

package/dist/version.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"version.d.ts","sourceRoot":"","sources":["../src/version.ts"],"names":[],"mappings":"AAAA,6DAA6D;AAC7D,eAAO,MAAM,WAAW,WAAW,CAAC;AAEpC,2FAA2F;AAC3F,eAAO,MAAM,mBAAmB,eAAe,CAAC"}

package/dist/webhook-signature.d.ts

@@ -0,0 +1,109 @@
+/**
+ * Webhook signature verification for GPT Core webhooks.
+ *
+ * Verifies that incoming webhook payloads are authentic by checking
+ * the HMAC-SHA256 signature in the `X-GptCore-Signature` header.
+ *
+ * @example
+ * ```typescript
+ * import { Webhooks } from '@gpt-platform/client';
+ *
+ * const webhooks = new Webhooks('whsec_your_secret_here');
+ *
+ * // In your webhook handler:
+ * const isValid = await webhooks.verify(requestBody, signatureHeader);
+ *
+ * // Or construct and verify manually:
+ * const isValid = await Webhooks.verify(requestBody, signatureHeader, 'whsec_your_secret');
+ * ```
+ */
+/**
+ * Error thrown when webhook signature verification fails.
+ */
+export declare class WebhookSignatureError extends Error {
+    constructor(message: string);
+}
+/**
+ * Clear the internal CryptoKey cache.
+ * Useful for testing or when secrets are rotated.
+ */
+export declare function clearKeyCache(): void;
+export interface WebhookVerifyOptions {
+    /**
+     * Tolerance in seconds for timestamp verification.
+     * Rejects signatures older than this.
+     * Default: 300 (5 minutes)
+     */
+    tolerance?: number;
+    /**
+     * Current timestamp in seconds (for testing).
+     * Default: Date.now() / 1000
+     */
+    currentTimestamp?: number;
+}
+/**
+ * Webhook signature verification utility.
+ *
+ * Create an instance with your webhook secret, then use `.verify()`
+ * to validate incoming webhook payloads.
+ *
+ * @example
+ * ```typescript
+ * const wh = new Webhooks('whsec_your_secret');
+ *
+ * app.post('/webhooks', async (req, res) => {
+ *   const signature = req.headers['x-gptcore-signature'];
+ *   const body = req.body; // raw string body
+ *
+ *   try {
+ *     await wh.verify(body, signature);
+ *     // Process the webhook...
+ *     res.status(200).send('OK');
+ *   } catch (err) {
+ *     res.status(400).send('Invalid signature');
+ *   }
+ * });
+ * ```
+ */
+export declare class Webhooks {
+    private secret;
+    constructor(secret: string);
+    /**
+     * Verify a webhook payload signature.
+     *
+     * @param payload - The raw request body string
+     * @param signatureHeader - The `X-GptCore-Signature` header value
+     * @param options - Optional verification parameters
+     * @throws {WebhookSignatureError} If verification fails
+     */
+    verify(payload: string, signatureHeader: string, options?: WebhookVerifyOptions): Promise<true>;
+    /**
+     * Verify a webhook payload signature — returns `false` instead of throwing.
+     *
+     * Use this when you prefer a boolean check over try/catch:
+     * ```typescript
+     * if (await wh.safeVerify(body, signature)) {
+     *   // valid
+     * } else {
+     *   // invalid — reject
+     * }
+     * ```
+     */
+    safeVerify(payload: string, signatureHeader: string, options?: WebhookVerifyOptions): Promise<boolean>;
+    /**
+     * Static verification method.
+     * The secret should be the raw secret (whsec_ prefix is stripped automatically).
+     *
+     * @param payload - The raw request body string
+     * @param signatureHeader - The `X-GptCore-Signature` header value
+     * @param secret - The webhook signing secret
+     * @param options - Optional verification parameters
+     * @throws {WebhookSignatureError} If verification fails
+     */
+    static verify(payload: string, signatureHeader: string, secret: string, options?: WebhookVerifyOptions): Promise<true>;
+    /**
+     * Static safe verification — returns `false` instead of throwing.
+     */
+    static safeVerify(payload: string, signatureHeader: string, secret: string, options?: WebhookVerifyOptions): Promise<boolean>;
+}
+//# sourceMappingURL=webhook-signature.d.ts.map

package/dist/webhook-signature.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webhook-signature.d.ts","sourceRoot":"","sources":["../src/webhook-signature.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAKH;;GAEG;AACH,qBAAa,qBAAsB,SAAQ,KAAK;gBAClC,OAAO,EAAE,MAAM;CAI5B;AA4ED;;;GAGG;AACH,wBAAgB,aAAa,IAAI,IAAI,CAEpC;AAqDD,MAAM,WAAW,oBAAoB;IACnC;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,qBAAa,QAAQ;IACnB,OAAO,CAAC,MAAM,CAAS;gBAEX,MAAM,EAAE,MAAM;IAO1B;;;;;;;OAOG;IACG,MAAM,CACV,OAAO,EAAE,MAAM,EACf,eAAe,EAAE,MAAM,EACvB,OAAO,CAAC,EAAE,oBAAoB,GAC7B,OAAO,CAAC,IAAI,CAAC;IAIhB;;;;;;;;;;;OAWG;IACG,UAAU,CACd,OAAO,EAAE,MAAM,EACf,eAAe,EAAE,MAAM,EACvB,OAAO,CAAC,EAAE,oBAAoB,GAC7B,OAAO,CAAC,OAAO,CAAC;IAInB;;;;;;;;;OASG;WACU,MAAM,CACjB,OAAO,EAAE,MAAM,EACf,eAAe,EAAE,MAAM,EACvB,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,oBAAoB,GAC7B,OAAO,CAAC,IAAI,CAAC;IA2ChB;;OAEG;WACU,UAAU,CACrB,OAAO,EAAE,MAAM,EACf,eAAe,EAAE,MAAM,EACvB,MAAM,EAAE,MAAM,EACd,OAAO,CAAC,EAAE,oBAAoB,GAC7B,OAAO,CAAC,OAAO,CAAC;CAQpB"}

package/llms.txt

@@ -142,7 +142,7 @@ metadata, and configuration
 - `getApplicationsCurrent()` - Get the current application based on x-application-key header context
 - `postApplications()` - Register a new ISV application on the platform
 - `patchApplicationsById()` - Update application configuration including branding, email settings, capability
-flags, workspace mode, and execution limits
+flags, workspace mode, execution limits, and compliance tags
 - `patchApplicationsByIdAllocate-credits()` - Allocate credits to the account associated with this Application
 - `patchApplicationsByIdCompliance-tags()` - Update the compliance tags for an application (GDPR, HIPAA, SOC2, PCI-DSS, etc.)
 - `patchApplicationsByIdGrant-credits()` - Allocates promotional credits to a specific tenant on behalf of the application
@@ -608,9 +608,15 @@ flags, workspace mode, and execution limits
 
 - `getConnectors()` - /connectors operation on connector-instance resource
 - `getConnectorsById()` - /connectors/:id operation on connector-instance resource
+- `getConnectorsByIdHealthieStatus()` - Get Healthie connector sync status
 - `postConnectors()` - Install a new connector instance in a workspace
 - `postConnectorsByIdEdamamRecipesGet()` - Get full details for a single recipe by Edamam recipe ID
 - `postConnectorsByIdEdamamRecipesSearch()` - Search for recipes using the Edamam Recipe API
+- `postConnectorsByIdHealthieAppointmentsList()` - List appointments from Healthie connector
+- `postConnectorsByIdHealthieAppointmentsSync()` - Sync appointments from Healthie connector to platform
+- `postConnectorsByIdHealthiePatientsList()` - List patients from Healthie connector
+- `postConnectorsByIdHealthiePatientsSync()` - Sync patients from Healthie connector to platform
+- `postConnectorsByIdHealthieSync-all()` - Sync all Healthie data (patients + appointments)
 - `postConnectorsByIdPractice-betterPush-note()` - Push an AI-generated clinical note to Practice Better for a linked contact
 - `postConnectorsByIdSync()` - Execute an action on an external connector
 - `postConnectorsFullscriptCheck-patient()` - Check if a patient exists in Fullscript by email