@hsuite/smart-engines-sdk 3.0.1 → 3.0.3

package/dist/nestjs/index.d.ts

@@ -710,7 +710,7 @@ export type HttpClient = {
 	get<T = any>(path: string): Promise<T>;
 	put<T = any>(path: string, body: unknown): Promise<T>;
 	delete<T = any>(path: string): Promise<T>;
-	upload<T = any>(path: string, file: Blob | Buffer, filename: string, metadata?: Record<string, string>): Promise<T>;
+	upload<T = any>(path: string, file: Blob | Buffer, filename: string, metadata?: Record<string, string>, fieldName?: string): Promise<T>;
 };
 export type SubscriptionTierName = "free_testnet" | "starter" | "professional" | "enterprise";
 export type SubscriptionStatus = "pending_deposit" | "deposit_confirmed" | "active" | "expired" | "cancelled";
@@ -839,7 +839,6 @@ export type EntityCreationResponse = {
 	success: boolean;
 	entityId: string;
 	publicKeys: string[];
-	signerIndices: number[];
 	threshold: number;
 	ceremonyIds: string[];
 };
@@ -859,7 +858,6 @@ export type ReshareResponse = {
 export type EntityDetails = {
 	success: boolean;
 	payload?: unknown;
-	signerIndices?: number[];
 	validators?: string[];
 	publicKeys?: string[];
 	error?: string;
@@ -1708,7 +1706,7 @@ declare class SmartGatewayClient {
 	getMetrics(refresh?: boolean): Promise<GatewayMetricsResponse>;
 	getMetricsSummary(): Promise<GatewayMetricsSummaryResponse>;
 }
-export type BaasService = "auth" | "database" | "storage" | "functions" | "messaging";
+export type BaasService = "auth" | "database" | "storage" | "functions" | "messaging" | "customer-session";
 export type BaasSupportedChain = "hedera" | "xrpl" | "polkadot" | "solana";
 export type BaasEndpoints = {
 	auth: string;
@@ -1717,7 +1715,6 @@ export type BaasEndpoints = {
 	functions: string;
 	messaging: string;
 };
-export type DeployedAppStatus = "pending" | "deploying" | "active" | "suspended" | "deleted";
 export type DeployedAppInfo = {
 	appId: string;
 	name: string;
@@ -1761,24 +1758,6 @@ export type BaasSessionInfo = {
 	expiresAt?: number;
 	error?: string;
 };
-export type BaasRegisterRequest = {
-	name: string;
-	services: BaasService[];
-	environment?: Record<string, string>;
-	limits?: {
-		storage?: string;
-		functions?: number;
-		channels?: number;
-	};
-};
-export type BaasRegisterResponse = {
-	appId: string;
-	name: string;
-	status: DeployedAppStatus;
-	services: string[];
-	endpoints: BaasEndpoints;
-	createdAt: string;
-};
 export type BaasDocument = {
 	_id: string;
 	data: Record<string, unknown>;
@@ -1956,18 +1935,56 @@ export type BaasPublishResult = {
 	channel: string;
 	timestamp: string;
 };
-export type BaasDeployRequest = {
+export type BaasInitRequest = {
 	name: string;
+	port: number;
 	services: BaasService[];
-	config?: Record<string, unknown>;
+	limits?: {
+		cpu?: string;
+		memory?: string;
+	};
 };
-export type BaasDeployResult = {
+export type BaasInitResponse = {
 	appId: string;
-	name: string;
-	status: "active" | "deploying" | "error";
-	services: string[];
-	endpoints: BaasEndpoints;
-	createdAt: string;
+	registry: {
+		server: string;
+		username: string;
+		password: string;
+		repository: string;
+	};
+};
+export type BaasDeployRequest = {
+	tag: string;
+	replicas?: number;
+	env?: Record<string, string>;
+	resources?: {
+		cpu?: string;
+		memory?: string;
+	};
+	strategy?: "rolling" | "recreate";
+};
+export type BaasDeployResponse = {
+	appId: string;
+	status: string;
+	url: string;
+};
+export type BaasUploadFrontendResponse = {
+	bundleSha256: string;
+	bundleSizeBytes: number;
+};
+export type BaasRollbackRequest = {
+	toTag: string;
+};
+export type BaasRuntimeStatus = {
+	appId: string;
+	state: "PENDING_SUBSCRIPTION" | "ACTIVE" | "SUSPENDED" | "RETIRED";
+	runtime?: {
+		image: string;
+		runtimeState: "NOT_DEPLOYED" | "DEPLOYING" | "RUNNING" | "FAILED" | "DEGRADED";
+		replicas: number;
+		lastReconciledAt?: string;
+		lastError?: string;
+	};
 };
 export type BaasAppListResponse = {
 	apps: DeployedAppInfo[];
@@ -2100,7 +2117,11 @@ declare class MessagingClient {
 declare class DeploymentClient {
 	private readonly http;
 	constructor(http: HttpClient);
-	create(request: BaasDeployRequest): Promise<BaasDeployResult>;
+	init(request: BaasInitRequest): Promise<BaasInitResponse>;
+	uploadFrontend(appId: string, bundle: Blob | Buffer, filename?: string): Promise<BaasUploadFrontendResponse>;
+	deploy(appId: string, request: BaasDeployRequest): Promise<BaasDeployResponse>;
+	rollback(appId: string, request: BaasRollbackRequest): Promise<BaasDeployResponse>;
+	status(appId: string): Promise<BaasRuntimeStatus>;
 	list(): Promise<BaasAppListResponse>;
 	get(appId: string): Promise<DeployedAppInfo>;
 	update(appId: string, updates: Partial<BaasDeployRequest>): Promise<DeployedAppInfo>;
@@ -2115,7 +2136,11 @@ declare class DeploymentClient {
 		success: boolean;
 		status: string;
 	}>;
-	getStats(): Promise<any>;
+	getStats(): Promise<{
+		totalApps: number;
+		activeApps: number;
+		totalOwners: number;
+	}>;
 }
 export type AgentStatus = "active" | "paused" | "revoked" | "pending";
 export type AgentRegisterRequest = {
@@ -2226,6 +2251,55 @@ declare class AgentsClient {
 		success: boolean;
 	}>;
 }
+export type CustomerSessionChallenge = {
+	challenge: string;
+};
+export type CustomerSessionVerifyRequest = {
+	appId: string;
+	chain: string;
+	address: string;
+	publicKey?: string;
+	signature: string;
+	challenge: string;
+};
+export type CustomerSessionToken = {
+	token: string;
+	sessionId: string;
+	validatorId: string;
+	expiresAt: string;
+	sessionSecret: string;
+};
+export type CustomerSessionInfo = {
+	sessionId: string;
+	appId: string;
+	customerChain: string;
+	customerAddress: string;
+	subscriptionContext?: {
+		nftSerial: number;
+		tier: "free_testnet" | "starter" | "professional" | "enterprise";
+		expiresAt: string;
+		allowedAutomations?: string[];
+	};
+	createdAt: string;
+	expiresAt: string;
+	lastActivityAt: string;
+};
+declare class CustomerSessionClient {
+	private readonly baseUrl;
+	private readonly timeoutMs;
+	constructor(baseUrl: string, timeoutMs?: number);
+	challenge(input: {
+		chain: string;
+		address: string;
+	}): Promise<CustomerSessionChallenge>;
+	verify(req: CustomerSessionVerifyRequest): Promise<CustomerSessionToken>;
+	validate(bearer: string): Promise<CustomerSessionInfo>;
+	end(bearer: string): Promise<{
+		revoked: boolean;
+		sessionId: string;
+	}>;
+	private fetch;
+}
 export type AuthenticateOptions = {
 	chain: BaasSupportedChain;
 	walletAddress: string;
@@ -2247,6 +2321,7 @@ declare class BaasClient {
 	readonly messaging: MessagingClient;
 	readonly deployment: DeploymentClient;
 	readonly agents: AgentsClient;
+	readonly customerSession: CustomerSessionClient;
 	constructor(config: BaasClientConfig);
 	setAppId(appId: string): void;
 	isAuthenticated(): boolean;
@@ -2259,7 +2334,6 @@ declare class BaasClient {
 	authenticate(options: AuthenticateOptions): Promise<BaasAuthResult>;
 	validateSession(): Promise<BaasSessionInfo>;
 	logout(): Promise<void>;
-	register(request: BaasRegisterRequest): Promise<BaasRegisterResponse>;
 	private requireAuth;
 	private getHeaders;
 	private post;

package/dist/nestjs/index.js

@@ -1354,14 +1354,14 @@ function createHttpClient(config) {
       throw new SdkHttpError(`Network error: ${err.message}`, 0, error);
     }
   }
-  async function upload(path, file, filename, metadata) {
+  async function upload(path, file, filename, metadata, fieldName = "file") {
     const url = `${config.baseUrl}${path}`;
     const controller = new AbortController();
     const timeoutId = setTimeout(() => controller.abort(), timeout * 2);
     try {
       const formData = new FormData();
       const blob = file instanceof Blob ? file : new Blob([new Uint8Array(file)]);
-      formData.append("file", blob, filename);
+      formData.append(fieldName, blob, filename);
       if (metadata) {
         for (const [key, value] of Object.entries(metadata)) {
           formData.append(key, value);
@@ -1405,7 +1405,7 @@ function createHttpClient(config) {
     get: (path) => request("GET", path),
     put: (path, body) => request("PUT", path, body),
     delete: (path) => request("DELETE", path),
-    upload,
+    upload: ((path, file, filename, metadata, fieldName) => upload(path, file, filename, metadata, fieldName)),
     setAuthToken
   };
   return client;
@@ -2730,49 +2730,101 @@ var DeploymentClient = class {
   }
   http;
   /**
-   * Create (deploy) a new app
+   * Step 1 — allocate appId + receive ephemeral push credentials for
+   * the cluster's per-tenant Harbor project.
+   *
+   * Each app gets its own Harbor project (`hsuite-customers-<appId>`)
+   * isolated by Harbor's RBAC. The push robot returned in
+   * `registry.{username, password}` is scoped to that project only —
+   * it cannot read or write any other tenant's images.
+   *
+   * **Single-use secret discipline:** `registry.password` is returned
+   * exactly once and is NOT persisted server-side. Store it locally
+   * for the `docker push` and discard. To rotate, call `init` again
+   * (issues a new robot under the same project).
+   *
+   * Use the credentials to `docker login` + `docker push`, then call
+   * {@link deploy} with the pushed image tag.
+   */
+  async init(request) {
+    return this.http.post("/api/deployment/apps/init", request);
+  }
+  /**
+   * Step 3 (optional) — upload the SPA tarball.
+   *
+   * The tarball is content-addressed (SHA-256) and mounted read-only
+   * into the customer's pod alongside the backend container. Returns
+   * the hash + size so the caller can verify the upload.
+   */
+  async uploadFrontend(appId, bundle, filename = "bundle.tar.gz") {
+    return this.http.upload(
+      `/api/deployment/apps/${encodeURIComponent(appId)}/frontend`,
+      bundle,
+      filename,
+      void 0,
+      "bundle"
+    );
+  }
+  /**
+   * Step 4 — reconcile the runtime to k8s.
+   *
+   * Returns immediately with `status: 'deploying'`. Poll {@link status}
+   * until `runtime.runtimeState === 'RUNNING'` for the URL to be live.
+   */
+  async deploy(appId, request) {
+    return this.http.post(`/api/deployment/apps/${encodeURIComponent(appId)}/deploy`, request);
+  }
+  /**
+   * Roll back to a previously-deployed image tag (must exist in
+   * `runtime.deploymentHistory[]`).
    */
-  async create(request) {
-    return this.http.post("/api/deployment/apps", request);
+  async rollback(appId, request) {
+    return this.http.post(`/api/deployment/apps/${encodeURIComponent(appId)}/rollback`, request);
   }
   /**
-   * List all deployed apps
+   * Live combined lifecycle + runtime status of an app.
+   */
+  async status(appId) {
+    return this.http.get(`/api/deployment/apps/${encodeURIComponent(appId)}/status`);
+  }
+  /**
+   * List all deployed apps for the authenticated developer.
    */
   async list() {
     return this.http.get("/api/deployment/apps");
   }
   /**
-   * Get app details
+   * Get app details.
    */
   async get(appId) {
     return this.http.get(`/api/deployment/apps/${encodeURIComponent(appId)}`);
   }
   /**
-   * Update app configuration
+   * Update app configuration. Runtime effect lands in PR-H.
    */
   async update(appId, updates) {
     return this.http.put(`/api/deployment/apps/${encodeURIComponent(appId)}`, updates);
   }
   /**
-   * Delete an app
+   * Delete an app. Runtime effect (namespace teardown) lands in PR-H.
    */
   async delete(appId) {
     return this.http.delete(`/api/deployment/apps/${encodeURIComponent(appId)}`);
   }
   /**
-   * Suspend an app
+   * Suspend an app. Runtime effect (scale to zero) lands in PR-H.
    */
   async suspend(appId) {
     return this.http.post(`/api/deployment/apps/${encodeURIComponent(appId)}/suspend`, {});
   }
   /**
-   * Resume a suspended app
+   * Resume a suspended app. Runtime effect (scale back up) lands in PR-H.
    */
   async resume(appId) {
     return this.http.post(`/api/deployment/apps/${encodeURIComponent(appId)}/resume`, {});
   }
   /**
-   * Get deployment statistics
+   * Get deployment statistics.
    */
   async getStats() {
     return this.http.get("/api/deployment/stats");
@@ -2843,6 +2895,78 @@ var AgentsClient = class {
   }
 };
 
+// src/baas/customer-session/index.ts
+var CustomerSessionClient = class {
+  constructor(baseUrl, timeoutMs = 3e4) {
+    this.baseUrl = baseUrl;
+    this.timeoutMs = timeoutMs;
+  }
+  baseUrl;
+  timeoutMs;
+  /**
+   * Step 1: ask the host to issue a fresh challenge for the customer to sign.
+   */
+  async challenge(input) {
+    return this.fetch("POST", "/api/customer-session/challenge", input);
+  }
+  /**
+   * Step 2: submit the customer's signed challenge. On success returns a
+   * short-lived bearer JWT scoped to {appId, chain, address}.
+   */
+  async verify(req) {
+    return this.fetch("POST", "/api/customer-session/verify", req);
+  }
+  /**
+   * Validate a customer bearer + return the decoded session info. Used by
+   * smart-app backends to authorise incoming customer requests.
+   */
+  async validate(bearer) {
+    return this.fetch("GET", "/api/customer-session/validate", void 0, bearer);
+  }
+  /**
+   * Revoke a customer session. Idempotent.
+   */
+  async end(bearer) {
+    return this.fetch(
+      "POST",
+      "/api/customer-session/end",
+      void 0,
+      bearer
+    );
+  }
+  async fetch(method, path, body, bearer) {
+    const url = `${this.baseUrl}${path}`;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);
+    try {
+      const headers = { "Content-Type": "application/json" };
+      if (bearer) headers["Authorization"] = `Bearer ${bearer}`;
+      const init = { method, headers, signal: controller.signal };
+      if (body !== void 0) init.body = JSON.stringify(body);
+      const response = await fetch(url, init);
+      clearTimeout(timeoutId);
+      if (!response.ok) {
+        const errBody = await response.json().catch(() => ({}));
+        const err = new Error(
+          errBody.message ?? `customer-session ${path} failed: ${response.status} ${response.statusText}`
+        );
+        err.status = response.status;
+        throw err;
+      }
+      const text = await response.text();
+      if (!text) return void 0;
+      return JSON.parse(text);
+    } catch (error) {
+      clearTimeout(timeoutId);
+      const e = error;
+      if (e.name === "AbortError") {
+        throw new Error(`customer-session ${path} timeout`);
+      }
+      throw error;
+    }
+  }
+};
+
 // src/baas/client.ts
 var BaasClient = class {
   hostUrl;
@@ -2867,6 +2991,8 @@ var BaasClient = class {
   deployment;
   /** Autonomous smart agent management */
   agents;
+  /** Customer→smart-app session bridge (TokenGate Face B). */
+  customerSession;
   constructor(config) {
     this.allowInsecure = config.allowInsecure ?? false;
     this.hostUrl = validateUrl2(config.hostUrl, this.allowInsecure);
@@ -2886,6 +3012,7 @@ var BaasClient = class {
     this.messaging = new MessagingClient(this.http, getAppId);
     this.deployment = new DeploymentClient(this.http);
     this.agents = new AgentsClient(this.http);
+    this.customerSession = new CustomerSessionClient(baseUrlWithPrefix, this.timeout);
   }
   /** Set the app ID (for newly registered apps) */
   setAppId(appId) {
@@ -2912,7 +3039,7 @@ var BaasClient = class {
   requireAppId() {
     if (!this.appId) {
       throw new BaasError(
-        "App ID required. Either provide appId in config or call register() first.",
+        "App ID required. Provide appId in config (e.g. from a prior deployment.init() call).",
         400
       );
     }
@@ -2959,12 +3086,6 @@ var BaasClient = class {
     }
     this.authToken = null;
   }
-  // ========== App Registration ==========
-  /** Register a new app on the BaaS host */
-  async register(request) {
-    this.requireAuth();
-    return this.post("/api/deployment/apps", request);
-  }
   // ========== HTTP Helpers ==========
   requireAuth() {
     if (!this.authToken) {