@hsuite/smart-engines-sdk 3.0.2 → 3.0.3

package/CHANGELOG.md

@@ -1,5 +1,33 @@
 # Changelog
 
+## 3.2.1 — 2026-05-16
+
+**Documentation-only fix.** No runtime behavior change.
+
+### Fixed
+- `DeploymentClient.init` JSDoc and `BaasInitResponse` type docs no longer
+  describe the registry as DOCR. The runtime arc routes pushes through a
+  per-tenant Harbor project (`hsuite-customers-<appId>`), and the credentials
+  returned in `registry.{server, username, password, repository}` are an
+  ephemeral project-scoped robot account whose secret is single-use and not
+  persisted server-side. README example aligned with the same wording.
+
+## 3.2.0 — undocumented (PR-A → PR-I, 2026-05-12 → 2026-05-13)
+
+Smart-app runtime arc surface — added `DeploymentClient` with the full
+init → push → uploadFrontend → deploy flow plus lifecycle (suspend/
+resume/update/rollback/delete) and ownership-gated metrics. See PRs
+#516 (PR-A), #523 (PR-C), and #530 (PR-H) for details.
+
+## 3.1.0 — undocumented (2026-05-12)
+
+Added `CustomerSessionClient` for NFT-gated customer→smart-app auth (PR #496).
+
+## 3.0.2 — undocumented (2026-05-12)
+
+Dropped `nestjs` re-exports from the root entry to keep tree-shaking clean for
+non-Nest consumers (PR #494).
+
 ## 3.0.0 — 2026-05-11
 
 **First publishable release.**

package/README.md

@@ -52,14 +52,24 @@ await baas.authenticate({
   },
 });
 
-// 4. Register a free_testnet smart-app (no HSUITE deposit on testnet; cluster runs DKG)
-const app = await baas.register({
-  name: 'My Smart App',
+// 4. Initialise a free_testnet smart-app via the four-step deploy flow
+//    (init → docker push → optional uploadFrontend → deploy). `init` runs
+//    the per-entity DKG ceremony on the cluster and returns the DKG entityId
+//    as `appId`, plus ephemeral push credentials for the cluster's per-tenant
+//    Harbor project (single-use secret — not persisted server-side).
+const init = await baas.deployment.init({
+  name: 'my-smart-app',
+  port: 3000,
   services: ['database', 'storage', 'messaging', 'functions'],
 });
 
-console.log(`Registered smart-app ${app.appId} — status: ${app.status}`);
-baas.setAppId(app.appId);
+console.log(`Allocated smart-app ${init.appId}`);
+console.log(`Push to: ${init.registry.server}/${init.registry.repository}:<tag>`);
+baas.setAppId(init.appId);
+
+// (out-of-band) docker login + docker push <init.registry.server>/<init.registry.repository>:v1
+// (optional)    await baas.deployment.uploadFrontend(init.appId, await fs.readFile('./bundle.tar.gz'));
+// (deploy)      await baas.deployment.deploy(init.appId, { tag: 'v1', replicas: 1 });
 ```
 
 **Why XRPL?** Per the Smart Engines V3 architecture, XRPL is canonical for
@@ -166,19 +176,40 @@ await baas.agents.resume(agent.agentId);
 const events = await baas.agents.getEvents(agent.agentId);
 ```
 
-### Deployment
+### Deployment (runtime orchestration — spec §6.1)
+
+The four-step deploy flow: **init → docker push → (optional) uploadFrontend → deploy**.
 
 ```ts
-const deployment = await baas.deployment.create({
-  name: 'My Smart App v2',
+// 1. init — allocate appId via DKG + receive ephemeral Harbor push credentials
+const init = await baas.deployment.init({
+  name: 'my-smart-app',
+  port: 3000,
   services: ['database', 'storage', 'messaging'],
-  config: { /* app-specific */ },
 });
 
+// 2. docker push — out-of-band, using the ephemeral creds returned above
+//    docker login -u <init.registry.username> -p <init.registry.password> <init.registry.server>
+//    docker push <init.registry.server>/<init.registry.repository>:v1
+
+// 3. uploadFrontend — optional SPA tarball (content-addressed, mounted read-only)
+await baas.deployment.uploadFrontend(init.appId, await fs.readFile('./bundle.tar.gz'));
+
+// 4. deploy — reconcile to k8s
+const deployed = await baas.deployment.deploy(init.appId, {
+  tag: 'v1',
+  replicas: 1,
+  env: { NODE_ENV: 'production' },
+});
+console.log(`live at ${deployed.url}`);
+
+// Lifecycle + listing
 const apps = await baas.deployment.list();
-const info = await baas.deployment.get(appId);
-await baas.deployment.suspend(appId);
-await baas.deployment.resume(appId);
+const info = await baas.deployment.get(init.appId);
+const status = await baas.deployment.status(init.appId);
+await baas.deployment.suspend(init.appId);
+await baas.deployment.resume(init.appId);
+await baas.deployment.rollback(init.appId, { toTag: 'v0' });
 ```
 
 ---

package/dist/index.d.ts

@@ -1055,7 +1055,7 @@ export type HttpClient = {
 	get<T = any>(path: string): Promise<T>;
 	put<T = any>(path: string, body: unknown): Promise<T>;
 	delete<T = any>(path: string): Promise<T>;
-	upload<T = any>(path: string, file: Blob | Buffer, filename: string, metadata?: Record<string, string>): Promise<T>;
+	upload<T = any>(path: string, file: Blob | Buffer, filename: string, metadata?: Record<string, string>, fieldName?: string): Promise<T>;
 };
 export type HttpClientConfig = {
 	baseUrl: string;
@@ -1197,7 +1197,6 @@ export type EntityCreationResponse = {
 	success: boolean;
 	entityId: string;
 	publicKeys: string[];
-	signerIndices: number[];
 	threshold: number;
 	ceremonyIds: string[];
 };
@@ -1217,7 +1216,6 @@ export type ReshareResponse = {
 export type EntityDetails = {
 	success: boolean;
 	payload?: unknown;
-	signerIndices?: number[];
 	validators?: string[];
 	publicKeys?: string[];
 	error?: string;
@@ -2098,7 +2096,7 @@ declare function xlmToStroops(xlm: string | number): string;
 declare function validateBitcoinAddress(address: string): boolean;
 declare function satoshisToBtc(satoshis: string | number): string;
 declare function btcToSatoshis(btc: string | number): string;
-export type BaasService = "auth" | "database" | "storage" | "functions" | "messaging";
+export type BaasService = "auth" | "database" | "storage" | "functions" | "messaging" | "customer-session";
 export type BaasSupportedChain = "hedera" | "xrpl" | "polkadot" | "solana";
 export type BaasEndpoints = {
 	auth: string;
@@ -2193,24 +2191,6 @@ export type BaasSessionInfo = {
 	expiresAt?: number;
 	error?: string;
 };
-export type BaasRegisterRequest = {
-	name: string;
-	services: BaasService[];
-	environment?: Record<string, string>;
-	limits?: {
-		storage?: string;
-		functions?: number;
-		channels?: number;
-	};
-};
-export type BaasRegisterResponse = {
-	appId: string;
-	name: string;
-	status: DeployedAppStatus;
-	services: string[];
-	endpoints: BaasEndpoints;
-	createdAt: string;
-};
 export type BaasDocument = {
 	_id: string;
 	data: Record<string, unknown>;
@@ -2416,18 +2396,56 @@ export type BaasPublishResult = {
 	channel: string;
 	timestamp: string;
 };
-export type BaasDeployRequest = {
+export type BaasInitRequest = {
 	name: string;
+	port: number;
 	services: BaasService[];
-	config?: Record<string, unknown>;
+	limits?: {
+		cpu?: string;
+		memory?: string;
+	};
 };
-export type BaasDeployResult = {
+export type BaasInitResponse = {
 	appId: string;
-	name: string;
-	status: "active" | "deploying" | "error";
-	services: string[];
-	endpoints: BaasEndpoints;
-	createdAt: string;
+	registry: {
+		server: string;
+		username: string;
+		password: string;
+		repository: string;
+	};
+};
+export type BaasDeployRequest = {
+	tag: string;
+	replicas?: number;
+	env?: Record<string, string>;
+	resources?: {
+		cpu?: string;
+		memory?: string;
+	};
+	strategy?: "rolling" | "recreate";
+};
+export type BaasDeployResponse = {
+	appId: string;
+	status: string;
+	url: string;
+};
+export type BaasUploadFrontendResponse = {
+	bundleSha256: string;
+	bundleSizeBytes: number;
+};
+export type BaasRollbackRequest = {
+	toTag: string;
+};
+export type BaasRuntimeStatus = {
+	appId: string;
+	state: "PENDING_SUBSCRIPTION" | "ACTIVE" | "SUSPENDED" | "RETIRED";
+	runtime?: {
+		image: string;
+		runtimeState: "NOT_DEPLOYED" | "DEPLOYING" | "RUNNING" | "FAILED" | "DEGRADED";
+		replicas: number;
+		lastReconciledAt?: string;
+		lastError?: string;
+	};
 };
 export type BaasAppListResponse = {
 	apps: DeployedAppInfo[];
@@ -2571,7 +2589,11 @@ export declare class MessagingClient {
 export declare class DeploymentClient {
 	private readonly http;
 	constructor(http: HttpClient);
-	create(request: BaasDeployRequest): Promise<BaasDeployResult>;
+	init(request: BaasInitRequest): Promise<BaasInitResponse>;
+	uploadFrontend(appId: string, bundle: Blob | Buffer, filename?: string): Promise<BaasUploadFrontendResponse>;
+	deploy(appId: string, request: BaasDeployRequest): Promise<BaasDeployResponse>;
+	rollback(appId: string, request: BaasRollbackRequest): Promise<BaasDeployResponse>;
+	status(appId: string): Promise<BaasRuntimeStatus>;
 	list(): Promise<BaasAppListResponse>;
 	get(appId: string): Promise<DeployedAppInfo>;
 	update(appId: string, updates: Partial<BaasDeployRequest>): Promise<DeployedAppInfo>;
@@ -2586,7 +2608,11 @@ export declare class DeploymentClient {
 		success: boolean;
 		status: string;
 	}>;
-	getStats(): Promise<any>;
+	getStats(): Promise<{
+		totalApps: number;
+		activeApps: number;
+		totalOwners: number;
+	}>;
 }
 export type AgentStatus = "active" | "paused" | "revoked" | "pending";
 export type AgentRegisterRequest = {
@@ -2711,6 +2737,55 @@ export declare class AgentsClient {
 		success: boolean;
 	}>;
 }
+export type CustomerSessionChallenge = {
+	challenge: string;
+};
+export type CustomerSessionVerifyRequest = {
+	appId: string;
+	chain: string;
+	address: string;
+	publicKey?: string;
+	signature: string;
+	challenge: string;
+};
+export type CustomerSessionToken = {
+	token: string;
+	sessionId: string;
+	validatorId: string;
+	expiresAt: string;
+	sessionSecret: string;
+};
+export type CustomerSessionInfo = {
+	sessionId: string;
+	appId: string;
+	customerChain: string;
+	customerAddress: string;
+	subscriptionContext?: {
+		nftSerial: number;
+		tier: "free_testnet" | "starter" | "professional" | "enterprise";
+		expiresAt: string;
+		allowedAutomations?: string[];
+	};
+	createdAt: string;
+	expiresAt: string;
+	lastActivityAt: string;
+};
+export declare class CustomerSessionClient {
+	private readonly baseUrl;
+	private readonly timeoutMs;
+	constructor(baseUrl: string, timeoutMs?: number);
+	challenge(input: {
+		chain: string;
+		address: string;
+	}): Promise<CustomerSessionChallenge>;
+	verify(req: CustomerSessionVerifyRequest): Promise<CustomerSessionToken>;
+	validate(bearer: string): Promise<CustomerSessionInfo>;
+	end(bearer: string): Promise<{
+		revoked: boolean;
+		sessionId: string;
+	}>;
+	private fetch;
+}
 export type AuthenticateOptions = {
 	chain: BaasSupportedChain;
 	walletAddress: string;
@@ -2732,6 +2807,7 @@ export declare class BaasClient {
 	readonly messaging: MessagingClient;
 	readonly deployment: DeploymentClient;
 	readonly agents: AgentsClient;
+	readonly customerSession: CustomerSessionClient;
 	constructor(config: BaasClientConfig);
 	setAppId(appId: string): void;
 	isAuthenticated(): boolean;
@@ -2744,7 +2820,6 @@ export declare class BaasClient {
 	authenticate(options: AuthenticateOptions): Promise<BaasAuthResult>;
 	validateSession(): Promise<BaasSessionInfo>;
 	logout(): Promise<void>;
-	register(request: BaasRegisterRequest): Promise<BaasRegisterResponse>;
 	private requireAuth;
 	private getHeaders;
 	private post;
@@ -2776,7 +2851,7 @@ declare namespace stellar {
 	export { stroopsToXlm, validateStellarAddress, xlmToStroops };
 }
 declare namespace baas {
-	export { AgentBalance, AgentEvent, AgentFundRequest, AgentInfo, AgentOperation, AgentRegisterRequest, AgentRules, AgentRulesValidationResult, AgentStatus, AgentTradeRequest, AgentWithdrawRequest, AgentsClient, AuthenticateOptions, BaasAppListResponse, BaasAuthConfig, BaasAuthResult, BaasChallengeRequest, BaasChallengeResponse, BaasChannelConfig, BaasClient, BaasClientConfig, BaasDeleteResult, BaasDeployRequest, BaasDeployResult, BaasDocument, BaasEndpoints, BaasError, BaasErrorDetails, BaasErrorResponse, BaasFileInfo, BaasFileMetadata, BaasFindResult, BaasFunctionDeployRequest, BaasFunctionDeployResult, BaasFunctionInfo, BaasFunctionLog, BaasFunctionLogOptions, BaasFunctionResources, BaasFunctionResult, BaasFunctionRuntime, BaasHistoryOptions, BaasInsertResult, BaasMerkleProof, BaasMessage, BaasPresenceInfo, BaasPresenceMember, BaasPublishResult, BaasQueryOptions, BaasRegisterRequest, BaasRegisterResponse, BaasService, BaasSessionInfo, BaasStateTransition, BaasStorageUsage, BaasSupportedChain, BaasTriggerType, BaasUpdateResult, BaasUploadResult, BaasVerifyRequest, ChannelSubscription, DatabaseClient, DatabaseStatsResponse, DbComparisonOperator, DbDocument, DbQuery, DeployedApp, DeployedAppInfo, DeployedAppLimits, DeployedAppStatus, DeployedAppUsage, DeploymentClient, DocumentProofResponse, FunctionsClient, MessageHandler, MessagingClient, StateRootResponse, StateTransitionsResponse, StorageClient, validateAgentRules };
+	export { AgentBalance, AgentEvent, AgentFundRequest, AgentInfo, AgentOperation, AgentRegisterRequest, AgentRules, AgentRulesValidationResult, AgentStatus, AgentTradeRequest, AgentWithdrawRequest, AgentsClient, AuthenticateOptions, BaasAppListResponse, BaasAuthConfig, BaasAuthResult, BaasChallengeRequest, BaasChallengeResponse, BaasChannelConfig, BaasClient, BaasClientConfig, BaasDeleteResult, BaasDeployRequest, BaasDeployResponse, BaasDocument, BaasEndpoints, BaasError, BaasErrorDetails, BaasErrorResponse, BaasFileInfo, BaasFileMetadata, BaasFindResult, BaasFunctionDeployRequest, BaasFunctionDeployResult, BaasFunctionInfo, BaasFunctionLog, BaasFunctionLogOptions, BaasFunctionResources, BaasFunctionResult, BaasFunctionRuntime, BaasHistoryOptions, BaasInitRequest, BaasInitResponse, BaasInsertResult, BaasMerkleProof, BaasMessage, BaasPresenceInfo, BaasPresenceMember, BaasPublishResult, BaasQueryOptions, BaasRollbackRequest, BaasRuntimeStatus, BaasService, BaasSessionInfo, BaasStateTransition, BaasStorageUsage, BaasSupportedChain, BaasTriggerType, BaasUpdateResult, BaasUploadFrontendResponse, BaasUploadResult, BaasVerifyRequest, ChannelSubscription, DatabaseClient, DatabaseStatsResponse, DbComparisonOperator, DbDocument, DbQuery, DeployedApp, DeployedAppInfo, DeployedAppLimits, DeployedAppStatus, DeployedAppUsage, DeploymentClient, DocumentProofResponse, FunctionsClient, MessageHandler, MessagingClient, StateRootResponse, StateTransitionsResponse, StorageClient, validateAgentRules };
 }
 declare namespace discovery {
 	export { MIRROR_NODE_URLS, MirrorNodeClient, MirrorNodeConfig, MirrorNodeError, TopicMessage, TopicMessagesResponse, ValidatorDiscoveryClient, ValidatorDiscoveryConfig, ValidatorInfo, ValidatorMetadata, ValidatorNetworkEndpoints };

package/dist/index.js

@@ -1725,14 +1725,14 @@ function createHttpClient(config) {
       throw new SdkHttpError(`Network error: ${err.message}`, 0, error);
     }
   }
-  async function upload(path, file, filename, metadata) {
+  async function upload(path, file, filename, metadata, fieldName = "file") {
     const url = `${config.baseUrl}${path}`;
     const controller = new AbortController();
     const timeoutId = setTimeout(() => controller.abort(), timeout * 2);
     try {
       const formData = new FormData();
       const blob = file instanceof Blob ? file : new Blob([new Uint8Array(file)]);
-      formData.append("file", blob, filename);
+      formData.append(fieldName, blob, filename);
       if (metadata) {
         for (const [key, value] of Object.entries(metadata)) {
           formData.append(key, value);
@@ -1776,7 +1776,7 @@ function createHttpClient(config) {
     get: (path) => request("GET", path),
     put: (path, body) => request("PUT", path, body),
     delete: (path) => request("DELETE", path),
-    upload,
+    upload: ((path, file, filename, metadata, fieldName) => upload(path, file, filename, metadata, fieldName)),
     setAuthToken
   };
   return client;
@@ -3619,49 +3619,101 @@ var DeploymentClient = class {
   }
   http;
   /**
-   * Create (deploy) a new app
+   * Step 1 — allocate appId + receive ephemeral push credentials for
+   * the cluster's per-tenant Harbor project.
+   *
+   * Each app gets its own Harbor project (`hsuite-customers-<appId>`)
+   * isolated by Harbor's RBAC. The push robot returned in
+   * `registry.{username, password}` is scoped to that project only —
+   * it cannot read or write any other tenant's images.
+   *
+   * **Single-use secret discipline:** `registry.password` is returned
+   * exactly once and is NOT persisted server-side. Store it locally
+   * for the `docker push` and discard. To rotate, call `init` again
+   * (issues a new robot under the same project).
+   *
+   * Use the credentials to `docker login` + `docker push`, then call
+   * {@link deploy} with the pushed image tag.
+   */
+  async init(request) {
+    return this.http.post("/api/deployment/apps/init", request);
+  }
+  /**
+   * Step 3 (optional) — upload the SPA tarball.
+   *
+   * The tarball is content-addressed (SHA-256) and mounted read-only
+   * into the customer's pod alongside the backend container. Returns
+   * the hash + size so the caller can verify the upload.
+   */
+  async uploadFrontend(appId, bundle, filename = "bundle.tar.gz") {
+    return this.http.upload(
+      `/api/deployment/apps/${encodeURIComponent(appId)}/frontend`,
+      bundle,
+      filename,
+      void 0,
+      "bundle"
+    );
+  }
+  /**
+   * Step 4 — reconcile the runtime to k8s.
+   *
+   * Returns immediately with `status: 'deploying'`. Poll {@link status}
+   * until `runtime.runtimeState === 'RUNNING'` for the URL to be live.
+   */
+  async deploy(appId, request) {
+    return this.http.post(`/api/deployment/apps/${encodeURIComponent(appId)}/deploy`, request);
+  }
+  /**
+   * Roll back to a previously-deployed image tag (must exist in
+   * `runtime.deploymentHistory[]`).
    */
-  async create(request) {
-    return this.http.post("/api/deployment/apps", request);
+  async rollback(appId, request) {
+    return this.http.post(`/api/deployment/apps/${encodeURIComponent(appId)}/rollback`, request);
   }
   /**
-   * List all deployed apps
+   * Live combined lifecycle + runtime status of an app.
+   */
+  async status(appId) {
+    return this.http.get(`/api/deployment/apps/${encodeURIComponent(appId)}/status`);
+  }
+  /**
+   * List all deployed apps for the authenticated developer.
    */
   async list() {
     return this.http.get("/api/deployment/apps");
   }
   /**
-   * Get app details
+   * Get app details.
    */
   async get(appId) {
     return this.http.get(`/api/deployment/apps/${encodeURIComponent(appId)}`);
   }
   /**
-   * Update app configuration
+   * Update app configuration. Runtime effect lands in PR-H.
    */
   async update(appId, updates) {
     return this.http.put(`/api/deployment/apps/${encodeURIComponent(appId)}`, updates);
   }
   /**
-   * Delete an app
+   * Delete an app. Runtime effect (namespace teardown) lands in PR-H.
    */
   async delete(appId) {
     return this.http.delete(`/api/deployment/apps/${encodeURIComponent(appId)}`);
   }
   /**
-   * Suspend an app
+   * Suspend an app. Runtime effect (scale to zero) lands in PR-H.
    */
   async suspend(appId) {
     return this.http.post(`/api/deployment/apps/${encodeURIComponent(appId)}/suspend`, {});
   }
   /**
-   * Resume a suspended app
+   * Resume a suspended app. Runtime effect (scale back up) lands in PR-H.
    */
   async resume(appId) {
     return this.http.post(`/api/deployment/apps/${encodeURIComponent(appId)}/resume`, {});
   }
   /**
-   * Get deployment statistics
+   * Get deployment statistics.
    */
   async getStats() {
     return this.http.get("/api/deployment/stats");
@@ -3791,6 +3843,78 @@ var AgentsClient = class {
   }
 };
 
+// src/baas/customer-session/index.ts
+var CustomerSessionClient = class {
+  constructor(baseUrl, timeoutMs = 3e4) {
+    this.baseUrl = baseUrl;
+    this.timeoutMs = timeoutMs;
+  }
+  baseUrl;
+  timeoutMs;
+  /**
+   * Step 1: ask the host to issue a fresh challenge for the customer to sign.
+   */
+  async challenge(input) {
+    return this.fetch("POST", "/api/customer-session/challenge", input);
+  }
+  /**
+   * Step 2: submit the customer's signed challenge. On success returns a
+   * short-lived bearer JWT scoped to {appId, chain, address}.
+   */
+  async verify(req) {
+    return this.fetch("POST", "/api/customer-session/verify", req);
+  }
+  /**
+   * Validate a customer bearer + return the decoded session info. Used by
+   * smart-app backends to authorise incoming customer requests.
+   */
+  async validate(bearer) {
+    return this.fetch("GET", "/api/customer-session/validate", void 0, bearer);
+  }
+  /**
+   * Revoke a customer session. Idempotent.
+   */
+  async end(bearer) {
+    return this.fetch(
+      "POST",
+      "/api/customer-session/end",
+      void 0,
+      bearer
+    );
+  }
+  async fetch(method, path, body, bearer) {
+    const url = `${this.baseUrl}${path}`;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.timeoutMs);
+    try {
+      const headers = { "Content-Type": "application/json" };
+      if (bearer) headers["Authorization"] = `Bearer ${bearer}`;
+      const init = { method, headers, signal: controller.signal };
+      if (body !== void 0) init.body = JSON.stringify(body);
+      const response = await fetch(url, init);
+      clearTimeout(timeoutId);
+      if (!response.ok) {
+        const errBody = await response.json().catch(() => ({}));
+        const err = new Error(
+          errBody.message ?? `customer-session ${path} failed: ${response.status} ${response.statusText}`
+        );
+        err.status = response.status;
+        throw err;
+      }
+      const text = await response.text();
+      if (!text) return void 0;
+      return JSON.parse(text);
+    } catch (error) {
+      clearTimeout(timeoutId);
+      const e = error;
+      if (e.name === "AbortError") {
+        throw new Error(`customer-session ${path} timeout`);
+      }
+      throw error;
+    }
+  }
+};
+
 // src/baas/client.ts
 var BaasClient = class {
   hostUrl;
@@ -3815,6 +3939,8 @@ var BaasClient = class {
   deployment;
   /** Autonomous smart agent management */
   agents;
+  /** Customer→smart-app session bridge (TokenGate Face B). */
+  customerSession;
   constructor(config) {
     this.allowInsecure = config.allowInsecure ?? false;
     this.hostUrl = validateUrl2(config.hostUrl, this.allowInsecure);
@@ -3834,6 +3960,7 @@ var BaasClient = class {
     this.messaging = new MessagingClient(this.http, getAppId);
     this.deployment = new DeploymentClient(this.http);
     this.agents = new AgentsClient(this.http);
+    this.customerSession = new CustomerSessionClient(baseUrlWithPrefix, this.timeout);
   }
   /** Set the app ID (for newly registered apps) */
   setAppId(appId) {
@@ -3860,7 +3987,7 @@ var BaasClient = class {
   requireAppId() {
     if (!this.appId) {
       throw new BaasError(
-        "App ID required. Either provide appId in config or call register() first.",
+        "App ID required. Provide appId in config (e.g. from a prior deployment.init() call).",
         400
       );
     }
@@ -3907,12 +4034,6 @@ var BaasClient = class {
     }
     this.authToken = null;
   }
-  // ========== App Registration ==========
-  /** Register a new app on the BaaS host */
-  async register(request) {
-    this.requireAuth();
-    return this.post("/api/deployment/apps", request);
-  }
   // ========== HTTP Helpers ==========
   requireAuth() {
     if (!this.authToken) {
@@ -4007,6 +4128,7 @@ exports.CapabilityNotEnabledError = CapabilityNotEnabledError;
 exports.CapabilityValidationError = CapabilityValidationError;
 exports.CircuitBreaker = CircuitBreaker;
 exports.CircuitBreakerOpenError = CircuitBreakerOpenError;
+exports.CustomerSessionClient = CustomerSessionClient;
 exports.DEFAULT_CIRCUIT_BREAKER_CONFIG = DEFAULT_CIRCUIT_BREAKER_CONFIG;
 exports.DEFAULT_RETRY_CONFIG = DEFAULT_RETRY_CONFIG;
 exports.DatabaseClient = DatabaseClient;