@idapt/browser-app-sdk 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +202 -0
- package/NOTICE +6 -0
- package/README.md +53 -0
- package/dist/chunk-6FSNLUVJ.js +435 -0
- package/dist/chunk-6FSNLUVJ.js.map +1 -0
- package/dist/chunk-AQZ2QVBK.js +7079 -0
- package/dist/chunk-AQZ2QVBK.js.map +1 -0
- package/dist/client-CO-P-xYI.d.cts +2213 -0
- package/dist/client-h2Wsvn7a.d.ts +2213 -0
- package/dist/data-Chus9wn2.d.cts +1714 -0
- package/dist/data-Chus9wn2.d.ts +1714 -0
- package/dist/index.cjs +7569 -0
- package/dist/index.cjs.map +1 -0
- package/dist/index.d.cts +372 -0
- package/dist/index.d.ts +372 -0
- package/dist/index.js +4 -0
- package/dist/index.js.map +1 -0
- package/dist/react.cjs +4167 -0
- package/dist/react.cjs.map +1 -0
- package/dist/react.d.cts +150 -0
- package/dist/react.d.ts +150 -0
- package/dist/react.js +266 -0
- package/dist/react.js.map +1 -0
- package/dist/testing.cjs +862 -0
- package/dist/testing.cjs.map +1 -0
- package/dist/testing.d.cts +113 -0
- package/dist/testing.d.ts +113 -0
- package/dist/testing.js +126 -0
- package/dist/testing.js.map +1 -0
- package/package.json +76 -0
|
@@ -0,0 +1,2213 @@
|
|
|
1
|
+
import { H as HttpContext, C as CallOptions, F as File$1, g as Agent, b as DeletedResponse, j as ApiKey, ac as Permission, aF as SpeechResult, aQ as TranscriptionResult, aG as SpeechStreamEvent, aR as TranscriptionStreamEvent, B as BlobObject, q as Chat, r as ChatCost, a4 as MessageCosts, t as ChatStopResult, a2 as Message, aw as SendMessageResult, i as AgentRunState, h as AgentRun, aq as RepromptResult, R as ExecutionRun, Q as ExecutionBackend, S as ExecutionRunStatus, v as Computer, E as ComputerServerInfo, x as ComputerExecResult, aP as TmuxWindow, ay as SftpEntry, z as ComputerPort, J as ComputerUser, a0 as ListEnvelope, w as ComputerEnvVar, O as DatastoreEntry, d as FileUploadResult, W as WriteOptions, X as ImageModel, V as ImageGenerationResult, Z as LLMModel, a7 as Notification, a8 as NotificationConfig, a9 as NotificationPreference, af as ProviderEndpointKind, aj as ProviderEndpointProviderKey, ae as ProviderEndpointConnectionType, am as ProviderEndpointTransport, ak as ProviderEndpointRuntime, ai as ProviderEndpointProtocol, an as ProviderEndpointVisibility, ag as ProviderEndpointModality, ad as ProviderEndpoint, a1 as ManagedProviderPreset, al as ProviderEndpointTestResult, at as SearchResult, au as Secret, av as SecretWithValue, ax as Settings, aC as ShareResourceType, aB as SharePermission, az as Share, aA as ShareDeletedResult, aD as SharedWithMeItem, aJ as StoreItemType, aI as StoreItem, aH as StoreInstallResult, aL as Subscription, aN as TableCollection, aO as TableRecord, aS as Trigger, K as CreateTriggerInput, aX as TriggerWithSecret, a_ as UpdateTriggerInput, aV as TriggerRun, aU as TriggerCostStats, b1 as User, b0 as UsageSummary, a$ as UsageRecord, b3 as WebSearchResponse, b7 as WorkspaceMemberRole, b4 as Workspace, b6 as WorkspaceMember, b5 as WorkspaceInvitation, k as AppFolder, M as DataFolder, u as ClientMeta, as as RuntimeMode, aK as StoredCredential, P as EscalateRequest } from './data-Chus9wn2.js';
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* Stateless low-level file operations against `/api/v1/drive/files/*`.
|
|
5
|
+
*
|
|
6
|
+
* Every file surface in the SDK (FilesApi, DataFolder, AppFolder) ultimately
|
|
7
|
+
* hits the same v1 endpoints. Keeping the HTTP details here means:
|
|
8
|
+
*
|
|
9
|
+
* - one place to fix envelope / OCC / multipart behaviour
|
|
10
|
+
* - scoped surfaces (DataFolder, AppFolder) compose instead of duplicate
|
|
11
|
+
* - new scoped methods (e.g. subfolder create under `.app-data/`) cost one
|
|
12
|
+
* delegating line instead of a re-implemented request() call
|
|
13
|
+
*
|
|
14
|
+
* Nothing in this module caches or holds state — callers layer that on.
|
|
15
|
+
*/
|
|
16
|
+
|
|
17
|
+
/**
|
|
18
|
+
* `GET /v1/files` query params. Cursor-paginated (`limit` + opaque
|
|
19
|
+
* `cursor`). There is NO `workspace_id` filter — list within a workspace by
|
|
20
|
+
* passing the workspace's root folder as `parent_id`.
|
|
21
|
+
*
|
|
22
|
+
* To page: pass no `cursor` for the first page, then echo back the
|
|
23
|
+
* `pagination.next_cursor` from the previous response (use `listEnvelope`
|
|
24
|
+
* if you need that token — `list` drops the envelope).
|
|
25
|
+
*/
|
|
26
|
+
interface ListFilesQuery {
|
|
27
|
+
limit?: number;
|
|
28
|
+
/** Opaque pagination cursor — echo `pagination.next_cursor`. */
|
|
29
|
+
cursor?: string;
|
|
30
|
+
parent_id?: string;
|
|
31
|
+
}
|
|
32
|
+
interface UploadInput {
|
|
33
|
+
file: Blob | globalThis.File;
|
|
34
|
+
name?: string;
|
|
35
|
+
parent_id?: string;
|
|
36
|
+
workspace_id?: string;
|
|
37
|
+
skip_if_exists?: boolean;
|
|
38
|
+
}
|
|
39
|
+
interface PatchFileInput {
|
|
40
|
+
name?: string;
|
|
41
|
+
content?: string;
|
|
42
|
+
expected_updated_at?: string;
|
|
43
|
+
}
|
|
44
|
+
interface CreateFolderInput {
|
|
45
|
+
name: string;
|
|
46
|
+
parent_id?: string;
|
|
47
|
+
workspace_id?: string;
|
|
48
|
+
icon?: string;
|
|
49
|
+
}
|
|
50
|
+
interface RunFileInput {
|
|
51
|
+
timeout_seconds?: number;
|
|
52
|
+
env?: Record<string, string>;
|
|
53
|
+
}
|
|
54
|
+
declare function listFiles(ctx: HttpContext, query?: ListFilesQuery, opts?: CallOptions): Promise<File$1[]>;
|
|
55
|
+
/** GET raw text body (`expectJson: false`). UTF-8 decoded by `fetch`. */
|
|
56
|
+
declare function getFileText(ctx: HttpContext, id: string, opts?: CallOptions): Promise<string>;
|
|
57
|
+
/** GET raw bytes as Blob, preserving Content-Type. */
|
|
58
|
+
declare function getFileBlob(ctx: HttpContext, id: string, opts?: CallOptions): Promise<Blob>;
|
|
59
|
+
|
|
60
|
+
/**
|
|
61
|
+
* AgentsApi — `/api/v1/agents` CRUD.
|
|
62
|
+
*
|
|
63
|
+
* Agents are standalone resources scoped to a workspace (personal or
|
|
64
|
+
* user-created). See `lib/browser-app/authorize.ts` for the permission model.
|
|
65
|
+
*/
|
|
66
|
+
|
|
67
|
+
/**
|
|
68
|
+
* `GET /v1/agents` query params. Cursor-paginated (`limit` + opaque
|
|
69
|
+
* `cursor`); `workspace_id` narrows the listing to one workspace.
|
|
70
|
+
*/
|
|
71
|
+
interface ListAgentsQuery {
|
|
72
|
+
workspace_id?: string;
|
|
73
|
+
scope?: "all";
|
|
74
|
+
type?: "user" | "generated";
|
|
75
|
+
include_archived?: boolean;
|
|
76
|
+
archived_only?: boolean;
|
|
77
|
+
limit?: number;
|
|
78
|
+
/** Opaque pagination cursor — echo `pagination.next_cursor`. */
|
|
79
|
+
cursor?: string;
|
|
80
|
+
}
|
|
81
|
+
interface CreateAgentInput {
|
|
82
|
+
name: string;
|
|
83
|
+
icon: string;
|
|
84
|
+
description?: string;
|
|
85
|
+
system_prompt?: string;
|
|
86
|
+
workspace_id?: string;
|
|
87
|
+
authorization?: Record<string, unknown> | null;
|
|
88
|
+
compaction_preset?: "minimal" | "normal" | "detailed" | null;
|
|
89
|
+
compaction_summary_percent?: number | null;
|
|
90
|
+
compaction_summary_max_tokens?: number | null;
|
|
91
|
+
compaction_preserved_percent?: number | null;
|
|
92
|
+
compaction_preserved_max_tokens?: number | null;
|
|
93
|
+
compaction_msg_percent?: number | null;
|
|
94
|
+
compaction_msg_max_tokens?: number | null;
|
|
95
|
+
type?: "user" | "generated";
|
|
96
|
+
memory_folder?: string | null;
|
|
97
|
+
default_model_id?: string;
|
|
98
|
+
default_reasoning_effort?: number | null;
|
|
99
|
+
default_auto_cost_level?: number | null;
|
|
100
|
+
default_cost_budget_limit_usd?: number | null;
|
|
101
|
+
}
|
|
102
|
+
interface UpdateAgentInput {
|
|
103
|
+
name?: string;
|
|
104
|
+
icon?: string;
|
|
105
|
+
description?: string | null;
|
|
106
|
+
system_prompt?: string | null;
|
|
107
|
+
authorization?: Record<string, unknown> | null;
|
|
108
|
+
compaction_preset?: "minimal" | "normal" | "detailed" | null;
|
|
109
|
+
compaction_summary_percent?: number | null;
|
|
110
|
+
compaction_summary_max_tokens?: number | null;
|
|
111
|
+
compaction_preserved_percent?: number | null;
|
|
112
|
+
compaction_preserved_max_tokens?: number | null;
|
|
113
|
+
compaction_msg_percent?: number | null;
|
|
114
|
+
compaction_msg_max_tokens?: number | null;
|
|
115
|
+
type?: "user" | "generated";
|
|
116
|
+
memory_folder?: string | null;
|
|
117
|
+
default_model_id?: string | null;
|
|
118
|
+
default_reasoning_effort?: number | null;
|
|
119
|
+
default_auto_cost_level?: number | null;
|
|
120
|
+
default_cost_budget_limit_usd?: number | null;
|
|
121
|
+
}
|
|
122
|
+
interface MoveAgentInput {
|
|
123
|
+
workspace_id: string;
|
|
124
|
+
}
|
|
125
|
+
interface CopyAgentToWorkspaceInput {
|
|
126
|
+
workspace_id: string;
|
|
127
|
+
}
|
|
128
|
+
declare class AgentsApi {
|
|
129
|
+
private readonly ctx;
|
|
130
|
+
constructor(ctx: HttpContext);
|
|
131
|
+
list(query?: ListAgentsQuery, opts?: CallOptions): Promise<Agent[]>;
|
|
132
|
+
create(input: CreateAgentInput, opts?: CallOptions): Promise<Agent>;
|
|
133
|
+
get(id: string, opts?: CallOptions): Promise<Agent>;
|
|
134
|
+
update(id: string, input: UpdateAgentInput, opts?: CallOptions): Promise<Agent>;
|
|
135
|
+
delete(id: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
136
|
+
archive(id: string, opts?: CallOptions): Promise<Agent>;
|
|
137
|
+
unarchive(id: string, opts?: CallOptions): Promise<Agent>;
|
|
138
|
+
restore(id: string, opts?: CallOptions): Promise<Agent>;
|
|
139
|
+
permanentDelete(id: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
140
|
+
move(id: string, input: MoveAgentInput, opts?: CallOptions): Promise<Agent>;
|
|
141
|
+
copyToWorkspace(id: string, input: CopyAgentToWorkspaceInput, opts?: CallOptions): Promise<Agent>;
|
|
142
|
+
}
|
|
143
|
+
|
|
144
|
+
/**
|
|
145
|
+
* ApiKeysApi — `/api/v1/api-keys`.
|
|
146
|
+
*
|
|
147
|
+
* Each user can mint long-lived `uk_` keys to authenticate scripts, CLIs,
|
|
148
|
+
* and external integrations against the v1 API. Keys are scoped by the
|
|
149
|
+
* `Permission[]` passed at creation time (omit for full-access).
|
|
150
|
+
*
|
|
151
|
+
* Constraints inherited from the route:
|
|
152
|
+
* - Paid tier only (free tier has `MAX_API_KEYS = 0`).
|
|
153
|
+
* - Per-tier cap on total keys + per-tier max expiration window.
|
|
154
|
+
* - Header-auth (using an API key) cannot list, create, modify, or revoke
|
|
155
|
+
* other API keys — only the first-party session-cookie path is allowed. This SDK
|
|
156
|
+
* mirrors the rule: when you talk to it with a `uk_` key, these calls
|
|
157
|
+
* will 403.
|
|
158
|
+
* - Plaintext key value is returned ONCE on `create` and never again —
|
|
159
|
+
* the server only persists the hash.
|
|
160
|
+
*/
|
|
161
|
+
|
|
162
|
+
interface ListApiKeysQuery {
|
|
163
|
+
limit?: number;
|
|
164
|
+
/** Opaque pagination cursor — echo `pagination.next_cursor`. */
|
|
165
|
+
cursor?: string;
|
|
166
|
+
}
|
|
167
|
+
interface CreateApiKeyInput {
|
|
168
|
+
name: string;
|
|
169
|
+
/**
|
|
170
|
+
* Permission set. Omit / null → full access (capability of caller).
|
|
171
|
+
* For "all scopes, read-only" use `[{ resource: "*", access: "read" }]`.
|
|
172
|
+
*/
|
|
173
|
+
permissions?: Permission[] | null;
|
|
174
|
+
/**
|
|
175
|
+
* Seconds from now until expiration. `0` is non-expiring (Max tier only).
|
|
176
|
+
* Omit to use the tier-default maximum.
|
|
177
|
+
*/
|
|
178
|
+
expires_in?: number;
|
|
179
|
+
}
|
|
180
|
+
interface UpdateApiKeyInput {
|
|
181
|
+
permissions?: Permission[] | null;
|
|
182
|
+
enabled?: boolean;
|
|
183
|
+
}
|
|
184
|
+
interface RotateApiKeyInput {
|
|
185
|
+
/** 1 hour, 24 hours, or 7 days. */
|
|
186
|
+
grace_period_seconds: 3600 | 86400 | 604800;
|
|
187
|
+
}
|
|
188
|
+
interface RotateApiKeyResult extends ApiKey {
|
|
189
|
+
/** Plaintext replacement key — present only on the rotate response. */
|
|
190
|
+
key: string;
|
|
191
|
+
/** Preview/fingerprint of the old key being rotated out. */
|
|
192
|
+
old_key_preview?: string | null;
|
|
193
|
+
/** ISO timestamp when the old key stops authenticating. */
|
|
194
|
+
grace_period_expires_at: string;
|
|
195
|
+
}
|
|
196
|
+
declare class ApiKeysApi {
|
|
197
|
+
private readonly ctx;
|
|
198
|
+
constructor(ctx: HttpContext);
|
|
199
|
+
list(query?: ListApiKeysQuery, opts?: CallOptions): Promise<ApiKey[]>;
|
|
200
|
+
/**
|
|
201
|
+
* Mint a new API key. The returned object includes a one-shot `key` field
|
|
202
|
+
* with the plaintext — store it immediately, there is no way to retrieve
|
|
203
|
+
* it later.
|
|
204
|
+
*/
|
|
205
|
+
create(input: CreateApiKeyInput, opts?: CallOptions): Promise<ApiKey>;
|
|
206
|
+
update(id: string, input: UpdateApiKeyInput, opts?: CallOptions): Promise<ApiKey>;
|
|
207
|
+
/** Revoke (delete) a key. Subsequent calls with that key 401. */
|
|
208
|
+
delete(id: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
209
|
+
/**
|
|
210
|
+
* Rotate a key and return the replacement plaintext once. API-key
|
|
211
|
+
* management remains first-party session-only on the server, so calls made
|
|
212
|
+
* with a raw `uk_` bearer key receive 403.
|
|
213
|
+
*/
|
|
214
|
+
rotate(id: string, input: RotateApiKeyInput, opts?: CallOptions): Promise<RotateApiKeyResult>;
|
|
215
|
+
}
|
|
216
|
+
|
|
217
|
+
/**
|
|
218
|
+
* AudioApi — `/api/v1/audio/*`.
|
|
219
|
+
*
|
|
220
|
+
* Two endpoints:
|
|
221
|
+
* - `POST /audio/speech` → text-to-speech, writes a file ref.
|
|
222
|
+
* Responds HTTP 201 (resource created).
|
|
223
|
+
* - `POST /audio/transcriptions` → multipart upload, returns `{ text }`
|
|
224
|
+
*
|
|
225
|
+
* Transcription accepts any Blob/File you already have in memory (e.g.,
|
|
226
|
+
* from a MediaRecorder session). Speech writes into the caller's workspace.
|
|
227
|
+
*/
|
|
228
|
+
|
|
229
|
+
interface SpeakInput {
|
|
230
|
+
text: string;
|
|
231
|
+
workspace_id: string;
|
|
232
|
+
model?: string;
|
|
233
|
+
voice?: string;
|
|
234
|
+
speed?: number;
|
|
235
|
+
pitch?: number;
|
|
236
|
+
emotion?: string;
|
|
237
|
+
output_path?: string;
|
|
238
|
+
}
|
|
239
|
+
interface TranscribeInput {
|
|
240
|
+
file: Blob | File;
|
|
241
|
+
model?: string;
|
|
242
|
+
language?: string;
|
|
243
|
+
/** Override the filename attached to the multipart upload. */
|
|
244
|
+
filename?: string;
|
|
245
|
+
}
|
|
246
|
+
interface SpeakStreamInput {
|
|
247
|
+
text: string;
|
|
248
|
+
model?: string;
|
|
249
|
+
voice?: string;
|
|
250
|
+
speed?: number;
|
|
251
|
+
}
|
|
252
|
+
declare class AudioApi {
|
|
253
|
+
private readonly ctx;
|
|
254
|
+
constructor(ctx: HttpContext);
|
|
255
|
+
/** Text-to-speech. Responds HTTP 201 with the written file ref under `data`. */
|
|
256
|
+
speak(input: SpeakInput, opts?: CallOptions): Promise<SpeechResult>;
|
|
257
|
+
transcribe(input: TranscribeInput, opts?: CallOptions): Promise<TranscriptionResult>;
|
|
258
|
+
streamSpeech(input: SpeakStreamInput, opts?: CallOptions): AsyncIterable<SpeechStreamEvent>;
|
|
259
|
+
streamTranscribe(input: TranscribeInput, opts?: CallOptions): AsyncIterable<TranscriptionStreamEvent>;
|
|
260
|
+
}
|
|
261
|
+
|
|
262
|
+
/**
|
|
263
|
+
* BlobsApi — `/api/v1/blobs` (the object-storage data plane).
|
|
264
|
+
*
|
|
265
|
+
* Workspace-scoped object store. Objects live under a `namespace` (a bucket you
|
|
266
|
+
* pick) and a `key`. The companion to `client.kv` (Datastore) — KV holds small
|
|
267
|
+
* inline JSON, Blobs holds large / binary data. Surfaced as `client.blobs.*` on
|
|
268
|
+
* `IdaptClient`.
|
|
269
|
+
*/
|
|
270
|
+
|
|
271
|
+
interface BlobsListOptions extends CallOptions {
|
|
272
|
+
/** Only keys starting with this prefix. */
|
|
273
|
+
prefix?: string;
|
|
274
|
+
cursor?: string;
|
|
275
|
+
limit?: number;
|
|
276
|
+
}
|
|
277
|
+
/** Per-object metadata returned by `list`. */
|
|
278
|
+
interface BlobMeta {
|
|
279
|
+
key: string;
|
|
280
|
+
content_type: string;
|
|
281
|
+
size: number;
|
|
282
|
+
updated_at: string;
|
|
283
|
+
}
|
|
284
|
+
declare class BlobsApi {
|
|
285
|
+
private readonly ctx;
|
|
286
|
+
constructor(ctx: HttpContext);
|
|
287
|
+
/** List objects in a namespace (prefix-filterable). */
|
|
288
|
+
list(namespace: string, opts?: BlobsListOptions): Promise<BlobMeta[]>;
|
|
289
|
+
/**
|
|
290
|
+
* Upload (upsert) an object's bytes. Returns its metadata.
|
|
291
|
+
*
|
|
292
|
+
* Sent as `multipart/form-data` (the bytes ride a `file` part, with an
|
|
293
|
+
* optional `content_type` field) — the same upload convention as
|
|
294
|
+
* `client.files.upload`, so it flows through the one multipart transport and
|
|
295
|
+
* is reachable identically via `client.call("blobs put", …)`. The SDK leaves
|
|
296
|
+
* `Content-Type` unset so the runtime picks the multipart boundary.
|
|
297
|
+
*/
|
|
298
|
+
put(namespace: string, key: string, content: Blob | ArrayBuffer | Uint8Array, contentType?: string, opts?: CallOptions): Promise<BlobObject>;
|
|
299
|
+
/**
|
|
300
|
+
* Download an object's raw bytes (preserving its stored Content-Type).
|
|
301
|
+
*
|
|
302
|
+
* `GET /blobs/:ns/:key` returns JSON metadata + a signed URL by default (the
|
|
303
|
+
* agent/CLI form); `?download=true` is the raw-bytes escape hatch this facade
|
|
304
|
+
* uses. For the JSON reference instead, call `client.call("blobs get", …)`.
|
|
305
|
+
*/
|
|
306
|
+
get(namespace: string, key: string, opts?: CallOptions): Promise<{
|
|
307
|
+
blob: Blob;
|
|
308
|
+
contentType: string;
|
|
309
|
+
}>;
|
|
310
|
+
/** Read an object's metadata (no bytes). */
|
|
311
|
+
head(namespace: string, key: string, opts?: CallOptions): Promise<BlobObject>;
|
|
312
|
+
/** Delete an object (idempotent). */
|
|
313
|
+
delete(namespace: string, key: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
314
|
+
/** Mint a time-limited direct-download URL for an object. */
|
|
315
|
+
createSignedUrl(namespace: string, key: string, expiresIn?: number, opts?: CallOptions): Promise<{
|
|
316
|
+
url: string;
|
|
317
|
+
expires_at: string;
|
|
318
|
+
}>;
|
|
319
|
+
/** List the blob namespaces in the workspace. */
|
|
320
|
+
listNamespaces(opts?: CallOptions): Promise<string[]>;
|
|
321
|
+
}
|
|
322
|
+
|
|
323
|
+
/**
|
|
324
|
+
* GENERATED FILE — DO NOT EDIT BY HAND.
|
|
325
|
+
*
|
|
326
|
+
* Runtime command-bindings table for the SDK's generic `call(action, args)`
|
|
327
|
+
* executor — one entry per v1 command (HTTP binding only: method, path,
|
|
328
|
+
* pathParams, argLocation, responseKind, async, binary content types).
|
|
329
|
+
*
|
|
330
|
+
* Generated from the zod contract registry
|
|
331
|
+
* (`packages/api-contracts/src/v1/contracts`) by
|
|
332
|
+
* `scripts/generate-sdk.ts`. PURE literal data — NO zod, NO
|
|
333
|
+
* `@idapt/api-contracts` import — so the published SDK ships zero runtime
|
|
334
|
+
* `@idapt/*` dependencies.
|
|
335
|
+
*
|
|
336
|
+
* Regenerate: npx tsx scripts/generate-sdk.ts
|
|
337
|
+
* Drift check: npx tsx scripts/check-sdk-drift.ts (CI + pre-commit)
|
|
338
|
+
*/
|
|
339
|
+
/** HTTP binding for a single v1 command, addressed by its `<resource> <verb>` string. */
|
|
340
|
+
interface CommandBinding {
|
|
341
|
+
/** The canonical `<resource> <verb>` command string (also the map key). */
|
|
342
|
+
command: string;
|
|
343
|
+
method: "GET" | "POST" | "PATCH" | "DELETE";
|
|
344
|
+
/** Path relative to `/api/v1`, with `:param` placeholders, e.g. `/drive/files/:id`. */
|
|
345
|
+
path: string;
|
|
346
|
+
/** Request fields that fill the `:param` placeholders, in path order. */
|
|
347
|
+
pathParams: readonly string[];
|
|
348
|
+
/** Where the remaining (non-path) request fields are carried. */
|
|
349
|
+
argLocation: "path" | "query" | "body" | "multipart";
|
|
350
|
+
/** Shape of the response payload. */
|
|
351
|
+
responseKind: "single" | "list" | "created" | "deleted" | "binary";
|
|
352
|
+
/** Long-running → goes through the async-operation layer. */
|
|
353
|
+
async: boolean;
|
|
354
|
+
/** For `binary` responses — the served media types (e.g. `text/event-stream`). */
|
|
355
|
+
binaryContentTypes?: readonly string[];
|
|
356
|
+
}
|
|
357
|
+
declare const COMMAND_BINDINGS: Record<string, CommandBinding>;
|
|
358
|
+
/**
|
|
359
|
+
* Literal union of every known v1 command string (the keys of
|
|
360
|
+
* {@link COMMAND_BINDINGS}). Used to type `client.call(action, args)` so a
|
|
361
|
+
* known action autocompletes and a typo is caught at compile time.
|
|
362
|
+
*/
|
|
363
|
+
type V1CommandName = "agent archive" | "agent copy-to-workspace" | "agent create" | "agent delete" | "agent get" | "agent list" | "agent move" | "agent permanent-delete" | "agent restore" | "agent unarchive" | "agent update" | "ai-gateway providers" | "ai-gateway usage" | "api-key create" | "api-key delete" | "api-key list" | "api-key rotate" | "api-key update" | "audio models" | "audio search-models" | "audio search-voices" | "audio speak" | "audio speak-stream" | "audio transcribe" | "audio transcribe-stream" | "audio voices" | "blobs delete" | "blobs get" | "blobs head" | "blobs list" | "blobs namespaces" | "blobs put" | "blobs signed-url" | "browser-app create" | "browser-app deploy" | "browser-app deployments" | "browser-app fork" | "browser-app get" | "browser-app list" | "browser-app promote" | "browser-app snapshot" | "chat archive" | "chat copy-to-agent" | "chat copy-to-workspace" | "chat cost" | "chat create" | "chat delete" | "chat export" | "chat fork-to-workspace" | "chat get" | "chat list" | "chat message-costs" | "chat messages" | "chat permanent-delete" | "chat reprompt" | "chat restore" | "chat runs" | "chat send" | "chat stop" | "chat stream" | "chat unarchive" | "chat update" | "ci cancel" | "ci get" | "ci jobs" | "ci list" | "ci run" | "code execute" | "code get" | "code interrupt" | "code list" | "computer activity" | "computer add-local-model" | "computer app-create" | "computer app-delete" | "computer app-exec" | "computer app-expose" | "computer app-external" | "computer app-get" | "computer app-logs" | "computer app-ports" | "computer app-reset" | "computer app-restart" | "computer app-run" | "computer app-runtime" | "computer app-setup-runtime" | "computer app-start" | "computer app-stop" | "computer app-unexpose" | "computer apps" | "computer archive" | "computer compose-up" | "computer create" | "computer create-user" | "computer delete" | "computer delete-user" | "computer delete-user-env" | "computer download" | "computer exec" | "computer expose" | "computer get" | "computer get-user" | "computer hibernate" | "computer link" | "computer links" | "computer list" | "computer local-inference" | "computer local-models" | "computer manage" | "computer pair" | "computer ports" | "computer remove-local-model" | "computer set-ports" | "computer set-user-env" | "computer sftp" | "computer start" | "computer stop" | "computer test-connection" | "computer tmux" | "computer tunnels" | "computer unarchive" | "computer unexpose" | "computer unlink" | "computer update" | "computer update-user" | "computer upload" | "computer user-env" | "computer user-env-setup" | "computer user-env-setup-apply" | "computer user-env-sync" | "computer user-env-sync-repair" | "computer users" | "datastore batch" | "datastore delete" | "datastore get" | "datastore increment" | "datastore list" | "datastore namespaces" | "datastore set" | "drive content-versions" | "drive create-folder" | "drive delete" | "drive get-metadata" | "drive glob" | "drive grep" | "drive list" | "drive move" | "drive permanent-delete" | "drive read" | "drive restore" | "drive restore-version" | "drive run" | "drive update" | "drive upload" | "guide get" | "hook create" | "hook delete" | "hook get" | "hook history" | "hook list" | "hook override" | "hook preview" | "hook toggle" | "hook update" | "hub install" | "hub search" | "hub submissions" | "hub submit" | "hub update" | "hub update-check" | "image generate" | "image models" | "image search" | "me get" | "me usage" | "models list" | "models search" | "notes box-create" | "notes box-delete" | "notes box-get" | "notes box-list" | "notes box-update" | "notes delete" | "notes graph" | "notes index-read" | "notes index-write" | "notes links" | "notes list" | "notes note-rename" | "notes read" | "notes search" | "notes search-all" | "notes tag-list" | "notes tag-rename" | "notes write" | "notification config" | "notification delete" | "notification get" | "notification list" | "notification preferences" | "notification read-all" | "notification send" | "notification update" | "notification update-config" | "notification update-preferences" | "operation cancel" | "operation get" | "operation list" | "provider-endpoint create" | "provider-endpoint delete" | "provider-endpoint list" | "provider-endpoint presets" | "provider-endpoint test" | "provider-endpoint update" | "realtime broadcast" | "realtime presence" | "realtime presence-list" | "realtime subscribe" | "repos branches" | "repos clone-url" | "repos commit" | "repos commits" | "repos create" | "repos delete" | "repos get" | "repos list" | "repos read-file" | "repos set-visibility" | "search query" | "secret create" | "secret delete" | "secret get" | "secret list" | "secret reveal" | "secret update" | "settings get" | "settings update" | "share create" | "share delete" | "share list" | "share update" | "shared-with-me list" | "skill apply-update" | "skill attach" | "skill body" | "skill create" | "skill delete" | "skill detach" | "skill file-delete" | "skill file-list" | "skill file-read" | "skill file-write" | "skill fork" | "skill get" | "skill install" | "skill list" | "skill publish" | "skill render" | "skill search" | "skill update" | "skill update-check" | "subscription get" | "table create" | "table create-record" | "table delete" | "table delete-record" | "table export" | "table get" | "table get-record" | "table import" | "table list" | "table query" | "table update" | "table update-record" | "tasks ancestors" | "tasks assign" | "tasks comment" | "tasks comment-delete" | "tasks comment-list" | "tasks comment-update" | "tasks create" | "tasks delete" | "tasks depend" | "tasks dependencies" | "tasks duplicate" | "tasks events" | "tasks get" | "tasks label-create" | "tasks label-delete" | "tasks label-list" | "tasks label-update" | "tasks list" | "tasks list-create" | "tasks list-delete" | "tasks list-get" | "tasks list-list" | "tasks list-update" | "tasks unassign" | "tasks undepend" | "tasks update" | "trigger archive" | "trigger cost-stats" | "trigger cost-stats-all" | "trigger create" | "trigger delete" | "trigger fire" | "trigger get" | "trigger list" | "trigger rotate-secret" | "trigger runs" | "trigger test-fire" | "trigger unarchive" | "trigger update" | "web fetch" | "web search" | "workspace add-member" | "workspace archive" | "workspace create" | "workspace delete" | "workspace get" | "workspace invitations" | "workspace invite" | "workspace list" | "workspace members" | "workspace remove-member" | "workspace revoke-invitation" | "workspace unarchive" | "workspace update" | "workspace update-member";
|
|
364
|
+
|
|
365
|
+
/**
|
|
366
|
+
* Generic, spec-driven command executor — the SDK twin of the CLI's `runSpec`.
|
|
367
|
+
*
|
|
368
|
+
* `executeCommand` takes one {@link CommandBinding} (from the generated
|
|
369
|
+
* `COMMAND_BINDINGS` table) plus a flat `args` bag and turns it into a fully
|
|
370
|
+
* assembled v1 HTTP call: it binds the `:param` placeholders from `args`,
|
|
371
|
+
* routes the remaining fields by `argLocation` (query / JSON body / multipart),
|
|
372
|
+
* sends through the SDK's single {@link request}/{@link requestRaw} transport,
|
|
373
|
+
* and unwraps the response envelope by `responseKind`. For `async` verbs it can
|
|
374
|
+
* poll the operation handle to completion ({@link awaitOperation}).
|
|
375
|
+
*
|
|
376
|
+
* This is what powers `client.call(action, args)`: because the binding table is
|
|
377
|
+
* generated from the same contract registry the routes are, EVERY v1 command is
|
|
378
|
+
* reachable through this one path — no per-verb code, 100% parity by
|
|
379
|
+
* construction. It deliberately mirrors `packages/cli/src/execute.ts` so the
|
|
380
|
+
* CLI and SDK agree on path-binding, request assembly, envelope unwrap, and
|
|
381
|
+
* operation polling.
|
|
382
|
+
*/
|
|
383
|
+
|
|
384
|
+
/** Options for {@link executeCommand}. */
|
|
385
|
+
interface ExecuteCommandOptions {
|
|
386
|
+
/**
|
|
387
|
+
* For `async` verbs: poll the operation handle to a terminal status before
|
|
388
|
+
* resolving (default). Pass `wait: false` to resolve with the raw operation
|
|
389
|
+
* handle (`{ id, status, … }`) immediately — the caller then polls
|
|
390
|
+
* `operation get` itself. Ignored for non-async verbs.
|
|
391
|
+
*/
|
|
392
|
+
wait?: boolean;
|
|
393
|
+
signal?: AbortSignal;
|
|
394
|
+
/** Poll cadence for async operations (default 1500ms). */
|
|
395
|
+
pollIntervalMs?: number;
|
|
396
|
+
/** Max poll attempts before giving up and throwing (default 120). */
|
|
397
|
+
maxPollAttempts?: number;
|
|
398
|
+
/** Injectable delay (tests pass a no-op); defaults to real `setTimeout`. */
|
|
399
|
+
sleep?: (ms: number) => Promise<void>;
|
|
400
|
+
/**
|
|
401
|
+
* For `binary` SSE bindings (`text/event-stream`): when true, buffer the whole
|
|
402
|
+
* stream and return it as a `Blob` instead of an `AsyncIterable<SseEvent>`.
|
|
403
|
+
* Non-streaming callers — the `idapt` CLI and the in-chat dispatcher, which
|
|
404
|
+
* render a single buffered tool result — set this; the default (false) streams
|
|
405
|
+
* frames for live consumers. Non-SSE binaries return a `Blob` either way.
|
|
406
|
+
*/
|
|
407
|
+
bufferBinary?: boolean;
|
|
408
|
+
}
|
|
409
|
+
/** One parsed Server-Sent Events frame. */
|
|
410
|
+
interface SseEvent {
|
|
411
|
+
event: string;
|
|
412
|
+
data: string;
|
|
413
|
+
}
|
|
414
|
+
/** List envelope shape returned for `responseKind: "list"`. */
|
|
415
|
+
interface ListResult<T = unknown> {
|
|
416
|
+
data: T[];
|
|
417
|
+
pagination: {
|
|
418
|
+
has_more: boolean;
|
|
419
|
+
next_cursor: string | null;
|
|
420
|
+
};
|
|
421
|
+
}
|
|
422
|
+
/** Deleted envelope shape returned for `responseKind: "deleted"`. */
|
|
423
|
+
interface DeletedResult {
|
|
424
|
+
deleted: boolean;
|
|
425
|
+
id: string;
|
|
426
|
+
}
|
|
427
|
+
/**
|
|
428
|
+
* Execute one v1 command from its {@link CommandBinding} + flat `args`.
|
|
429
|
+
*
|
|
430
|
+
* Return shape by `responseKind`:
|
|
431
|
+
* - `single` / `created` → the unwrapped resource (`.data`)
|
|
432
|
+
* - `list` → `{ data, pagination }` ({@link ListResult})
|
|
433
|
+
* - `deleted` → `{ deleted, id }` ({@link DeletedResult})
|
|
434
|
+
* - `binary` (SSE) → an `AsyncIterable<SseEvent>` of raw frames
|
|
435
|
+
* - `binary` (other) → a `Blob`
|
|
436
|
+
*
|
|
437
|
+
* For `async` verbs the initial response is an operation handle; unless
|
|
438
|
+
* `opts.wait === false`, this polls `GET /api/v1/operations/:id` to a terminal
|
|
439
|
+
* status and resolves with the operation's `result` (or throws on
|
|
440
|
+
* failed/cancelled). The generic `T` is the caller's expected payload type.
|
|
441
|
+
*/
|
|
442
|
+
declare function executeCommand<T = unknown>(binding: CommandBinding, args: Record<string, unknown> | undefined, ctx: HttpContext, opts?: ExecuteCommandOptions): Promise<T>;
|
|
443
|
+
/**
|
|
444
|
+
* Poll `GET /api/v1/operations/:id` until the operation reaches a terminal
|
|
445
|
+
* status, then resolve with its `result` (on `completed`) or throw an
|
|
446
|
+
* {@link IdaptError} (on `failed` / `cancelled`). Built via the same request
|
|
447
|
+
* machinery as every other call. The operations route may not exist yet — this
|
|
448
|
+
* only runs for `async` verbs when `wait` is on.
|
|
449
|
+
*/
|
|
450
|
+
declare function awaitOperation<T = unknown>(binding: CommandBinding, operationId: string, ctx: HttpContext, opts?: ExecuteCommandOptions): Promise<T>;
|
|
451
|
+
|
|
452
|
+
/**
|
|
453
|
+
* ChatsApi — `/api/v1/chats` CRUD + sub-resources.
|
|
454
|
+
*
|
|
455
|
+
* Sub-resources are exposed as flat methods keyed by chat id so consumers
|
|
456
|
+
* don't need an extra factory step: `chats.listMessages(chatId)` instead of
|
|
457
|
+
* `chats.messages(chatId).list()`.
|
|
458
|
+
*
|
|
459
|
+
* `sendMessage` wraps the "post user message, wait for assistant reply"
|
|
460
|
+
* flow. With `wait: true` (default) the server holds the connection until
|
|
461
|
+
* the reply is ready (up to `timeout` seconds); with `wait: false` the
|
|
462
|
+
* server responds `202`-style with a pending reference.
|
|
463
|
+
*/
|
|
464
|
+
|
|
465
|
+
interface ListChatsQuery {
|
|
466
|
+
limit?: number;
|
|
467
|
+
/** Opaque pagination cursor — echo `pagination.next_cursor`. */
|
|
468
|
+
cursor?: string;
|
|
469
|
+
agent_id?: string;
|
|
470
|
+
workspace_id?: string;
|
|
471
|
+
}
|
|
472
|
+
interface CreateChatInput {
|
|
473
|
+
title?: string;
|
|
474
|
+
agent_id?: string;
|
|
475
|
+
workspace_id?: string;
|
|
476
|
+
default_model?: string;
|
|
477
|
+
}
|
|
478
|
+
interface UpdateChatInput {
|
|
479
|
+
title?: string;
|
|
480
|
+
icon?: string | null;
|
|
481
|
+
default_model?: string | null;
|
|
482
|
+
}
|
|
483
|
+
interface ListMessagesQuery {
|
|
484
|
+
limit?: number;
|
|
485
|
+
/** Opaque pagination cursor — echo `pagination.next_cursor`. */
|
|
486
|
+
cursor?: string;
|
|
487
|
+
}
|
|
488
|
+
interface SendMessageInput {
|
|
489
|
+
content: string;
|
|
490
|
+
model_id?: string;
|
|
491
|
+
/** Default `true`. Set false to get a pending reference. */
|
|
492
|
+
wait?: boolean;
|
|
493
|
+
/** Seconds the server is allowed to block. Default `120`. Max `300`. */
|
|
494
|
+
timeout?: number;
|
|
495
|
+
/**
|
|
496
|
+
* Optional idempotency tag — repeat POSTs with the same key (within the
|
|
497
|
+
* server's dedupe window) return the original result instead of sending
|
|
498
|
+
* the message twice. Safe to set on retried requests.
|
|
499
|
+
*/
|
|
500
|
+
idempotency_key?: string;
|
|
501
|
+
}
|
|
502
|
+
interface StreamMessageInput {
|
|
503
|
+
content: string;
|
|
504
|
+
model_id?: string;
|
|
505
|
+
/** 0–100 reasoning effort for reasoning-capable models. */
|
|
506
|
+
reasoning_level?: number;
|
|
507
|
+
effort_level?: "fast" | "smart" | "expert";
|
|
508
|
+
/** 0–100 cost tier, only meaningful when the chat model is `"auto"`. */
|
|
509
|
+
cost_level?: number;
|
|
510
|
+
/** Branch the conversation from this message id instead of the active leaf. */
|
|
511
|
+
branch_from?: string;
|
|
512
|
+
/** Optional idempotency tag — repeated streams with the same key dedupe. */
|
|
513
|
+
idempotency_key?: string;
|
|
514
|
+
/** Max seconds to stream before a terminal `done: timeout`. Default `120`. */
|
|
515
|
+
timeout?: number;
|
|
516
|
+
}
|
|
517
|
+
interface RepromptMessageInput {
|
|
518
|
+
/** Override the chat's default model. `"auto"` routes via auto-router. */
|
|
519
|
+
model_id?: string;
|
|
520
|
+
effort_level?: "fast" | "smart" | "expert";
|
|
521
|
+
/** 0–100, power-user override for explicit reasoning effort. */
|
|
522
|
+
reasoning_level?: number;
|
|
523
|
+
/** 0–100, only meaningful when `model_id` is `"auto"`. */
|
|
524
|
+
cost_level?: number;
|
|
525
|
+
/** Default `true`. Set false to get an immediate `queued` response. */
|
|
526
|
+
wait?: boolean;
|
|
527
|
+
/** Seconds the server is allowed to block. Default `120`. Max `300`. */
|
|
528
|
+
timeout?: number;
|
|
529
|
+
}
|
|
530
|
+
interface ListRunsQuery {
|
|
531
|
+
limit?: number;
|
|
532
|
+
/**
|
|
533
|
+
* Opaque pagination cursor — `GET /chats/:id/runs` is cursor-paginated.
|
|
534
|
+
* Echo `pagination.next_cursor` from the previous page.
|
|
535
|
+
*/
|
|
536
|
+
cursor?: string;
|
|
537
|
+
/** Filter by run lifecycle state. */
|
|
538
|
+
state?: AgentRunState;
|
|
539
|
+
}
|
|
540
|
+
interface StopChatInput {
|
|
541
|
+
mode?: "soft" | "hard";
|
|
542
|
+
}
|
|
543
|
+
interface ExportChatQuery {
|
|
544
|
+
format?: "markdown" | "text" | "json" | "pdf";
|
|
545
|
+
}
|
|
546
|
+
interface CopyChatToAgentInput {
|
|
547
|
+
agent_id: string;
|
|
548
|
+
}
|
|
549
|
+
interface CopyChatToWorkspaceInput {
|
|
550
|
+
workspace_id: string;
|
|
551
|
+
agent_id: string;
|
|
552
|
+
}
|
|
553
|
+
declare class ChatsApi {
|
|
554
|
+
private readonly ctx;
|
|
555
|
+
constructor(ctx: HttpContext);
|
|
556
|
+
list(query?: ListChatsQuery, opts?: CallOptions): Promise<Chat[]>;
|
|
557
|
+
create(input: CreateChatInput, opts?: CallOptions): Promise<Chat>;
|
|
558
|
+
get(id: string, opts?: CallOptions): Promise<Chat>;
|
|
559
|
+
update(id: string, input: UpdateChatInput, opts?: CallOptions): Promise<Chat>;
|
|
560
|
+
delete(id: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
561
|
+
archive(id: string, opts?: CallOptions): Promise<Chat>;
|
|
562
|
+
unarchive(id: string, opts?: CallOptions): Promise<Chat>;
|
|
563
|
+
restore(id: string, opts?: CallOptions): Promise<Chat>;
|
|
564
|
+
permanentDelete(id: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
565
|
+
/** `GET /chats/:id/cost` — token usage + spend snapshot. */
|
|
566
|
+
cost(id: string, opts?: CallOptions): Promise<ChatCost>;
|
|
567
|
+
/** `GET /chats/:id/message-costs` - per-message and per-run cost details. */
|
|
568
|
+
messageCosts(id: string, opts?: CallOptions): Promise<MessageCosts>;
|
|
569
|
+
/** `POST /chats/:id/stop` - request cancellation of the active run. */
|
|
570
|
+
stop(id: string, input?: StopChatInput, opts?: CallOptions): Promise<ChatStopResult>;
|
|
571
|
+
/** `GET /chats/:id/export` - stream a transcript as a Blob. */
|
|
572
|
+
export(id: string, query?: ExportChatQuery, opts?: CallOptions): Promise<Blob>;
|
|
573
|
+
copyToAgent(id: string, input: CopyChatToAgentInput, opts?: CallOptions): Promise<Chat>;
|
|
574
|
+
copyToWorkspace(id: string, input: CopyChatToWorkspaceInput, opts?: CallOptions): Promise<Chat>;
|
|
575
|
+
forkToWorkspace(id: string, opts?: CallOptions): Promise<Chat>;
|
|
576
|
+
/** `GET /chats/:id/messages` — paginated history. */
|
|
577
|
+
listMessages(id: string, query?: ListMessagesQuery, opts?: CallOptions): Promise<Message[]>;
|
|
578
|
+
/**
|
|
579
|
+
* `POST /chats/:id/messages` — send a user message + (optionally) wait
|
|
580
|
+
* for the assistant reply synchronously. Responds HTTP 201 with a
|
|
581
|
+
* `oneOf`: a completed `{status, chat_id, model_id, user_message_id,
|
|
582
|
+
* message}` or a pending `{status, pending_token, chat_id}`. The pending
|
|
583
|
+
* handle is `pending_token` — an opaque workflow handle, NOT a
|
|
584
|
+
* resourceId. See `SendMessageResult`.
|
|
585
|
+
*/
|
|
586
|
+
sendMessage(id: string, input: SendMessageInput, opts?: CallOptions): Promise<SendMessageResult>;
|
|
587
|
+
/**
|
|
588
|
+
* `POST /chats/:id/messages/stream` — send a user message and stream the
|
|
589
|
+
* assistant reply token-by-token as Server-Sent Events. The real-time twin
|
|
590
|
+
* of {@link sendMessage}: same body, but instead of one finished JSON reply
|
|
591
|
+
* you get an `AsyncIterable` of raw SSE frames as the model generates.
|
|
592
|
+
*
|
|
593
|
+
* Each yielded `{ event, data }` has `data` as a JSON string — parse it per
|
|
594
|
+
* the frame's `event`:
|
|
595
|
+
* - `token` → `{ chat_id, message_id, text, reasoning? }` (`text` is the
|
|
596
|
+
* FULL accumulated snapshot — render by REPLACING, not
|
|
597
|
+
* appending)
|
|
598
|
+
* - `message` → `{ chat_id, message_id, role }` (assistant row finalized)
|
|
599
|
+
* - `done` → `{ chat_id, message_id, status }` (terminal; loop ends)
|
|
600
|
+
* - `heartbeat` → keep-alive ping, ignore.
|
|
601
|
+
*
|
|
602
|
+
* for await (const frame of client.chats.stream(chatId, { content })) {
|
|
603
|
+
* if (frame.event === "token") {
|
|
604
|
+
* const { text } = JSON.parse(frame.data);
|
|
605
|
+
* render(text);
|
|
606
|
+
* }
|
|
607
|
+
* }
|
|
608
|
+
*
|
|
609
|
+
* Delegates to the generic spec-driven executor, which turns the
|
|
610
|
+
* `text/event-stream` binary binding into the async iterable. Equivalent to
|
|
611
|
+
* `client.call("chat stream", input)`.
|
|
612
|
+
*/
|
|
613
|
+
stream(id: string, input: StreamMessageInput, opts?: ExecuteCommandOptions): Promise<AsyncIterable<SseEvent>>;
|
|
614
|
+
/** `GET /chats/:id/runs` — model execution runs tied to this chat. */
|
|
615
|
+
listRuns(id: string, query?: ListRunsQuery, opts?: CallOptions): Promise<AgentRun[]>;
|
|
616
|
+
/**
|
|
617
|
+
* `POST /chats/:id/messages/:message_id/reprompt` — regenerate the
|
|
618
|
+
* assistant response to an existing user message. The original AI reply
|
|
619
|
+
* is preserved; a sibling assistant message is created so branching
|
|
620
|
+
* stays intact.
|
|
621
|
+
*
|
|
622
|
+
* Before: [User A] → [AI B]
|
|
623
|
+
* After: [User A] ─┬─ [AI B]
|
|
624
|
+
* └─ [AI C] ← C.prevMessageId = A
|
|
625
|
+
*
|
|
626
|
+
* With `wait=true` (default) the server blocks until the new sibling is
|
|
627
|
+
* available; with `wait=false` returns `{ status: "pending", ... }` and
|
|
628
|
+
* the new message can be polled via `listMessages`.
|
|
629
|
+
*/
|
|
630
|
+
repromptMessage(chatId: string, messageId: string, input?: RepromptMessageInput, opts?: CallOptions): Promise<RepromptResult>;
|
|
631
|
+
}
|
|
632
|
+
|
|
633
|
+
/**
|
|
634
|
+
* CodeRunsApi — `/api/v1/code-runs`.
|
|
635
|
+
*
|
|
636
|
+
* Two surfaces:
|
|
637
|
+
* - `POST /code-runs` — execute a code file in a sandboxed Lambda
|
|
638
|
+
* environment. Returns stdout, stderr, exit code, timing.
|
|
639
|
+
* - `GET /code-runs` + `GET /code-runs/:id` — history browsing.
|
|
640
|
+
*
|
|
641
|
+
* Browser-apps use `runs.run()` to invoke a file owned by the user (e.g., a
|
|
642
|
+
* Python helper in the data folder) without needing a full computer.
|
|
643
|
+
*/
|
|
644
|
+
|
|
645
|
+
interface RunCodeInput {
|
|
646
|
+
file_id: string;
|
|
647
|
+
/** Hard upper bound on wall-clock runtime. Default 30s server-side. */
|
|
648
|
+
timeout_seconds?: number;
|
|
649
|
+
/**
|
|
650
|
+
* Environment variables passed to the running code. `IDAPT_API_KEY` is
|
|
651
|
+
* allowed. `AWS_*` and runtime-hijacking vars are stripped server-side.
|
|
652
|
+
*/
|
|
653
|
+
env?: Record<string, string>;
|
|
654
|
+
}
|
|
655
|
+
/**
|
|
656
|
+
* `GET /v1/code-runs` query params. Cursor-paginated (opaque `cursor`);
|
|
657
|
+
* `backend` and `status` are closed enums.
|
|
658
|
+
*/
|
|
659
|
+
interface ListExecutionsQuery {
|
|
660
|
+
limit?: number;
|
|
661
|
+
/** Opaque pagination cursor — echo `pagination.next_cursor`. */
|
|
662
|
+
cursor?: string;
|
|
663
|
+
backend?: ExecutionBackend;
|
|
664
|
+
status?: ExecutionRunStatus;
|
|
665
|
+
}
|
|
666
|
+
declare class CodeRunsApi {
|
|
667
|
+
private readonly ctx;
|
|
668
|
+
constructor(ctx: HttpContext);
|
|
669
|
+
/**
|
|
670
|
+
* Execute a code file. Returns the full `ExecutionRun` row — `id`,
|
|
671
|
+
* `status`, `stdout`, `stderr`, `exit_code`, and the run timestamps —
|
|
672
|
+
* the same shape as `GET /code-runs/:id`.
|
|
673
|
+
*/
|
|
674
|
+
run(input: RunCodeInput, opts?: CallOptions): Promise<ExecutionRun>;
|
|
675
|
+
/** List recent execution runs. */
|
|
676
|
+
list(query?: ListExecutionsQuery, opts?: CallOptions): Promise<ExecutionRun[]>;
|
|
677
|
+
/** Get a single execution run by id. */
|
|
678
|
+
get(id: string, opts?: CallOptions): Promise<ExecutionRun>;
|
|
679
|
+
}
|
|
680
|
+
|
|
681
|
+
/**
|
|
682
|
+
* ComputersApi — `/api/v1/computers`.
|
|
683
|
+
*
|
|
684
|
+
* Idapt manages daemon-connected computers (user-managed boxes and
|
|
685
|
+
* Idapt-provisioned VMs) as first-class workspace resources. This module is the
|
|
686
|
+
* flat surface over the entire `/api/v1/computers` tree.
|
|
687
|
+
*
|
|
688
|
+
* Verb groups (the route layout is `/computers/:id/<sub>`; flattened here so
|
|
689
|
+
* call sites don't have to instantiate per-computer factories):
|
|
690
|
+
*
|
|
691
|
+
* - CRUD — list / create pair token / get / update / delete
|
|
692
|
+
* - Lifecycle — archive / unarchive / start / hibernate /
|
|
693
|
+
* testConnection
|
|
694
|
+
* - Exec — exec (one-shot daemon command)
|
|
695
|
+
* - Tmux — tmux (re-attachable windows under `idapt` session)
|
|
696
|
+
* - SFTP — sftp (dispatcher), upload / download (binary)
|
|
697
|
+
* - Ports — listPorts / updatePort (managed only)
|
|
698
|
+
* - Unix users — listUsers / createUser / updateUser / deleteUser
|
|
699
|
+
* - User env vars — listUserEnvVars / createUserEnvVar /
|
|
700
|
+
* deleteUserEnvVar / setupUserEnv /
|
|
701
|
+
* checkUserEnvSetup / syncUserEnv / checkUserEnvSync
|
|
702
|
+
* - Workspace links — listWorkspaceLinks / linkWorkspace / unlinkWorkspace
|
|
703
|
+
* (share a computer's LOCAL INFERENCE into other
|
|
704
|
+
* workspaces; never shell / files / tunnels)
|
|
705
|
+
* - Pair — pair (daemon token bootstrap; bearer-overridden,
|
|
706
|
+
* mirrors the trigger-fire pattern)
|
|
707
|
+
*
|
|
708
|
+
* Permissions on every authenticated verb default to the caller's
|
|
709
|
+
* `computers:read` / `computers:write` scope. See `lib/computers/Computers.md`
|
|
710
|
+
* for the end-to-end computer model.
|
|
711
|
+
*/
|
|
712
|
+
|
|
713
|
+
interface ListComputersQuery {
|
|
714
|
+
workspace_id: string;
|
|
715
|
+
limit?: number;
|
|
716
|
+
/** Opaque pagination cursor — echo `pagination.next_cursor`. */
|
|
717
|
+
cursor?: string;
|
|
718
|
+
include_archived?: boolean;
|
|
719
|
+
}
|
|
720
|
+
interface CreateComputerInput {
|
|
721
|
+
workspace_id: string;
|
|
722
|
+
/** Preferred computer name; the daemon row is created when this token is redeemed. */
|
|
723
|
+
intended_name?: string;
|
|
724
|
+
}
|
|
725
|
+
/**
|
|
726
|
+
* Result of `POST /v1/computers/pair-tokens` — a one-time pair token plus
|
|
727
|
+
* the install command. A pair token has no addressable id.
|
|
728
|
+
*/
|
|
729
|
+
interface CreateComputerResult {
|
|
730
|
+
token: string;
|
|
731
|
+
expires_at: string;
|
|
732
|
+
install_command: string;
|
|
733
|
+
}
|
|
734
|
+
/**
|
|
735
|
+
* `PATCH /v1/computers/{id}` body. `name` must match
|
|
736
|
+
* `^[a-z0-9](?:[a-z0-9]|-(?!-))*[a-z0-9]$` (max 64 chars) server-side.
|
|
737
|
+
*/
|
|
738
|
+
interface UpdateComputerInput {
|
|
739
|
+
name?: string;
|
|
740
|
+
description?: string | null;
|
|
741
|
+
icon?: string | null;
|
|
742
|
+
logging_level?: "minimal" | "standard" | "full";
|
|
743
|
+
}
|
|
744
|
+
interface ExecCommandInput {
|
|
745
|
+
command: string;
|
|
746
|
+
/** Hard upper bound; default 60s, max 900s. */
|
|
747
|
+
timeout_seconds?: number;
|
|
748
|
+
/** Run as a different POSIX user via `sudo -u`. */
|
|
749
|
+
user?: string;
|
|
750
|
+
}
|
|
751
|
+
type SftpOp = "list" | "stat" | "write" | "mkdir" | "rename" | "delete" | "chmod" | "chown";
|
|
752
|
+
interface SftpInput {
|
|
753
|
+
op: SftpOp;
|
|
754
|
+
path: string;
|
|
755
|
+
/** `write` — utf-8 content. */
|
|
756
|
+
content?: string;
|
|
757
|
+
/** `rename` — target path. */
|
|
758
|
+
destination?: string;
|
|
759
|
+
/** `chmod` — octal mode string, e.g. "0755". */
|
|
760
|
+
mode?: string;
|
|
761
|
+
/** `chown` — owner name. */
|
|
762
|
+
owner?: string;
|
|
763
|
+
/** `chown` — optional group name (appended as `owner:group`). */
|
|
764
|
+
group?: string;
|
|
765
|
+
}
|
|
766
|
+
interface SftpListResult {
|
|
767
|
+
path: string;
|
|
768
|
+
entries: SftpEntry[];
|
|
769
|
+
}
|
|
770
|
+
interface SftpUploadInput {
|
|
771
|
+
/** Binary content. Browser `File`/`Blob` both work. */
|
|
772
|
+
file: Blob;
|
|
773
|
+
/** Destination path on the remote computer. */
|
|
774
|
+
path: string;
|
|
775
|
+
/** Relative path when uploading a folder tree; intermediate dirs created. */
|
|
776
|
+
relative_path?: string;
|
|
777
|
+
/** Conflict resolution. Default: `replace`. */
|
|
778
|
+
conflict_mode?: "replace" | "skip";
|
|
779
|
+
}
|
|
780
|
+
type TmuxOp = "list" | "run" | "capture" | "send" | "kill";
|
|
781
|
+
interface TmuxInput {
|
|
782
|
+
op: TmuxOp;
|
|
783
|
+
/** Required for run/capture/send/kill. POSIX-safe shape. */
|
|
784
|
+
name?: string;
|
|
785
|
+
/** `run` — the shell command. */
|
|
786
|
+
command?: string;
|
|
787
|
+
/** `run` — optional `cd` prefix. */
|
|
788
|
+
working_dir?: string;
|
|
789
|
+
/** `send` — keys to inject (auto-followed by Enter). */
|
|
790
|
+
keys?: string;
|
|
791
|
+
/** `capture` — number of trailing lines to grab. Default 200. */
|
|
792
|
+
lines?: number;
|
|
793
|
+
}
|
|
794
|
+
interface PatchPortInput {
|
|
795
|
+
port: number;
|
|
796
|
+
protocol: string;
|
|
797
|
+
hidden?: boolean;
|
|
798
|
+
display_name?: string | null;
|
|
799
|
+
icon?: string | null;
|
|
800
|
+
description?: string | null;
|
|
801
|
+
}
|
|
802
|
+
interface CreateComputerUserInput {
|
|
803
|
+
username: string;
|
|
804
|
+
groups?: string[];
|
|
805
|
+
shell?: string;
|
|
806
|
+
}
|
|
807
|
+
interface UpdateComputerUserInput {
|
|
808
|
+
groups?: string[];
|
|
809
|
+
}
|
|
810
|
+
type CreateUserEnvVarInput = {
|
|
811
|
+
/** Credential file resourceId the value is sourced from. */
|
|
812
|
+
file_id: string;
|
|
813
|
+
name?: never;
|
|
814
|
+
value?: never;
|
|
815
|
+
} | {
|
|
816
|
+
/** Env-var name to create and bind on the user. */
|
|
817
|
+
name: string;
|
|
818
|
+
/** Secret value. Stored server-side in a generated credential file. */
|
|
819
|
+
value: string;
|
|
820
|
+
file_id?: never;
|
|
821
|
+
};
|
|
822
|
+
/**
|
|
823
|
+
* `POST /v1/computers/pair` request body. All fields are snake_case on the
|
|
824
|
+
* wire.
|
|
825
|
+
*/
|
|
826
|
+
interface PairComputerInput {
|
|
827
|
+
/** One-time pair token minted by the user. */
|
|
828
|
+
token: string;
|
|
829
|
+
hostname: string;
|
|
830
|
+
os: string;
|
|
831
|
+
arch: string;
|
|
832
|
+
cli_version: string;
|
|
833
|
+
default_user: string;
|
|
834
|
+
host_kind: "server" | "desktop";
|
|
835
|
+
kernel_version?: string;
|
|
836
|
+
}
|
|
837
|
+
/**
|
|
838
|
+
* `POST /v1/computers/pair` result (unwrapped from `{data:{…}}`).
|
|
839
|
+
* `computer_id` is a **resourceId**, not a UUID.
|
|
840
|
+
*/
|
|
841
|
+
interface PairComputerResult {
|
|
842
|
+
computer_id: string;
|
|
843
|
+
computer_token: string;
|
|
844
|
+
domain: string;
|
|
845
|
+
}
|
|
846
|
+
/**
|
|
847
|
+
* One `computer_workspace` link — a computer shared INTO an additional
|
|
848
|
+
* workspace, granting LOCAL INFERENCE ONLY (never shell / files / tunnels).
|
|
849
|
+
* `workspace_resource_id` is the target workspace's public `ws_…` id.
|
|
850
|
+
*/
|
|
851
|
+
interface ComputerWorkspaceLink {
|
|
852
|
+
id: string;
|
|
853
|
+
computer_id: string;
|
|
854
|
+
workspace_id: string;
|
|
855
|
+
workspace_resource_id: string | null;
|
|
856
|
+
permissions: unknown[] | null;
|
|
857
|
+
created_by_actor_id: string;
|
|
858
|
+
created_at: number;
|
|
859
|
+
updated_at: number;
|
|
860
|
+
}
|
|
861
|
+
declare class ComputersApi {
|
|
862
|
+
private readonly ctx;
|
|
863
|
+
constructor(ctx: HttpContext);
|
|
864
|
+
list(query: ListComputersQuery, opts?: CallOptions): Promise<Computer[]>;
|
|
865
|
+
create(input: CreateComputerInput, opts?: CallOptions): Promise<CreateComputerResult>;
|
|
866
|
+
get(id: string, opts?: CallOptions): Promise<Computer>;
|
|
867
|
+
update(id: string, input: UpdateComputerInput, opts?: CallOptions): Promise<Computer>;
|
|
868
|
+
delete(id: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
869
|
+
archive(id: string, opts?: CallOptions): Promise<Computer>;
|
|
870
|
+
unarchive(id: string, opts?: CallOptions): Promise<Computer>;
|
|
871
|
+
/** Wake a hibernated cloud computer. Errors with 409 from non-hibernated states. */
|
|
872
|
+
start(id: string, opts?: CallOptions): Promise<Computer>;
|
|
873
|
+
/** Stop a running cloud computer; preserves provider-local disk state. */
|
|
874
|
+
stop(id: string, opts?: CallOptions): Promise<Computer>;
|
|
875
|
+
/** Hibernate a running cloud computer; deallocates compute, snapshots state. */
|
|
876
|
+
hibernate(id: string, opts?: CallOptions): Promise<Computer>;
|
|
877
|
+
/**
|
|
878
|
+
* Daemon connectivity probe; returns a success flag + duration.
|
|
879
|
+
* Rate-limited per computer. `serverInfo` is a structured
|
|
880
|
+
* `{version, uptime_seconds}` object (was a free-form blob).
|
|
881
|
+
*/
|
|
882
|
+
testConnection(id: string, opts?: CallOptions): Promise<{
|
|
883
|
+
success: boolean;
|
|
884
|
+
durationMs: number | null;
|
|
885
|
+
serverInfo: ComputerServerInfo | null;
|
|
886
|
+
error: string | null;
|
|
887
|
+
}>;
|
|
888
|
+
exec(id: string, input: ExecCommandInput, opts?: CallOptions): Promise<ComputerExecResult>;
|
|
889
|
+
/**
|
|
890
|
+
* tmux dispatcher. Each `op` returns a different shape — see the route
|
|
891
|
+
* docs for the per-op payload. Common case: `op: "run"` starts a window,
|
|
892
|
+
* `op: "capture"` reads its output.
|
|
893
|
+
*/
|
|
894
|
+
tmux(id: string, input: TmuxInput, opts?: CallOptions): Promise<Record<string, unknown>>;
|
|
895
|
+
/** Convenience over `tmux({ op: "list" })`. */
|
|
896
|
+
listTmuxWindows(id: string, opts?: CallOptions): Promise<TmuxWindow[]>;
|
|
897
|
+
/**
|
|
898
|
+
* Unified SFTP dispatcher. Returns op-shaped payload. For streaming
|
|
899
|
+
* uploads/downloads use `sftpUpload` / `sftpDownload`.
|
|
900
|
+
*/
|
|
901
|
+
sftp(id: string, input: SftpInput, opts?: CallOptions): Promise<Record<string, unknown>>;
|
|
902
|
+
/** Convenience: `sftp({op:"list"})` returning the entries array directly. */
|
|
903
|
+
sftpList(id: string, path: string, opts?: CallOptions): Promise<SftpListResult>;
|
|
904
|
+
/**
|
|
905
|
+
* Multipart upload of a file/folder member. Falls back to single-file mode
|
|
906
|
+
* when `relative_path` is omitted.
|
|
907
|
+
*/
|
|
908
|
+
sftpUpload(id: string, input: SftpUploadInput, opts?: CallOptions): Promise<Record<string, unknown>>;
|
|
909
|
+
/**
|
|
910
|
+
* Stream a remote file (or a folder as `tar.gz`) as a `Blob`. The server
|
|
911
|
+
* sends the real MIME type on `Content-Type`.
|
|
912
|
+
*/
|
|
913
|
+
sftpDownload(id: string, remotePath: string, opts?: CallOptions): Promise<Blob>;
|
|
914
|
+
listPorts(id: string, query?: {
|
|
915
|
+
refresh?: boolean;
|
|
916
|
+
}, opts?: CallOptions): Promise<{
|
|
917
|
+
ports: ComputerPort[];
|
|
918
|
+
discoveryStatus: string;
|
|
919
|
+
discoveryError: string | null;
|
|
920
|
+
}>;
|
|
921
|
+
updatePort(id: string, input: PatchPortInput, opts?: CallOptions): Promise<ComputerPort>;
|
|
922
|
+
/**
|
|
923
|
+
* List the computer's Unix users. The v1 contract returns a list envelope
|
|
924
|
+
* — `data` is the user array, with `current_user`, `has_root_access` and
|
|
925
|
+
* `has_sudo_access` as sibling top-level keys. This convenience method
|
|
926
|
+
* returns just the array; use `listUsersWithMeta` for the access flags.
|
|
927
|
+
*/
|
|
928
|
+
listUsers(id: string, opts?: CallOptions): Promise<ComputerUser[]>;
|
|
929
|
+
/**
|
|
930
|
+
* Like `listUsers` but returns the full v1 list envelope, including the
|
|
931
|
+
* `current_user` daemon user and the `has_root_access` / `has_sudo_access`
|
|
932
|
+
* capability flags.
|
|
933
|
+
*/
|
|
934
|
+
listUsersWithMeta(id: string, opts?: CallOptions): Promise<ListEnvelope<ComputerUser> & {
|
|
935
|
+
current_user?: string | null;
|
|
936
|
+
has_root_access?: boolean;
|
|
937
|
+
has_sudo_access?: boolean;
|
|
938
|
+
}>;
|
|
939
|
+
/** Fetch one Unix user by username (`GET /v1/computers/{id}/users/{username}`). */
|
|
940
|
+
getUser(id: string, username: string, opts?: CallOptions): Promise<ComputerUser>;
|
|
941
|
+
/**
|
|
942
|
+
* Create a Unix user. The user fields are returned directly under `data`.
|
|
943
|
+
* Responds 201 on creation, 200 when the user already existed.
|
|
944
|
+
*/
|
|
945
|
+
createUser(id: string, input: CreateComputerUserInput, opts?: CallOptions): Promise<ComputerUser>;
|
|
946
|
+
/** Update a Unix user. The user fields are returned directly under `data`. */
|
|
947
|
+
updateUser(id: string, username: string, input: UpdateComputerUserInput, opts?: CallOptions): Promise<ComputerUser>;
|
|
948
|
+
deleteUser(id: string, username: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
949
|
+
listUserEnvVars(id: string, username: string, opts?: CallOptions): Promise<ComputerEnvVar[]>;
|
|
950
|
+
createUserEnvVar(id: string, username: string, input: CreateUserEnvVarInput, opts?: CallOptions): Promise<ComputerEnvVar>;
|
|
951
|
+
/**
|
|
952
|
+
* Remove an env-var binding from a user. A binding is addressed by its
|
|
953
|
+
* env-var `name` (the route segment is `{name}`, not a UUID).
|
|
954
|
+
*/
|
|
955
|
+
deleteUserEnvVar(id: string, username: string, name: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
956
|
+
/** Bootstrap `~/.idapt-env` + `.bashrc` sourcing on a user. Idempotent. */
|
|
957
|
+
setupUserEnv(id: string, username: string, opts?: CallOptions): Promise<Record<string, unknown>>;
|
|
958
|
+
checkUserEnvSetup(id: string, username: string, opts?: CallOptions): Promise<Record<string, unknown>>;
|
|
959
|
+
/** Rewrite the computer's `~/.idapt-env` from the DB-recorded bindings. */
|
|
960
|
+
syncUserEnv(id: string, username: string, opts?: CallOptions): Promise<Record<string, unknown>>;
|
|
961
|
+
checkUserEnvSync(id: string, username: string, opts?: CallOptions): Promise<Record<string, unknown>>;
|
|
962
|
+
/**
|
|
963
|
+
* List the workspaces a computer's LOCAL INFERENCE is shared into. The home
|
|
964
|
+
* workspace is never listed (it already has full access). The route returns
|
|
965
|
+
* the links under a `links` key (not a standard list envelope).
|
|
966
|
+
*/
|
|
967
|
+
listWorkspaceLinks(id: string, opts?: CallOptions): Promise<ComputerWorkspaceLink[]>;
|
|
968
|
+
/**
|
|
969
|
+
* Share a computer's LOCAL INFERENCE into another workspace (never shell /
|
|
970
|
+
* files / tunnels). `workspaceId` is the target workspace's `ws_…`
|
|
971
|
+
* resourceId or slug. Requires EDIT on the computer's home workspace and
|
|
972
|
+
* membership of the target. Rejects the home workspace and duplicates.
|
|
973
|
+
*/
|
|
974
|
+
linkWorkspace(id: string, workspaceId: string, opts?: CallOptions): Promise<ComputerWorkspaceLink>;
|
|
975
|
+
/**
|
|
976
|
+
* Stop sharing a computer's local inference into a workspace. `workspaceId`
|
|
977
|
+
* is the target workspace's `ws_…` resourceId. Idempotent — unlinking a
|
|
978
|
+
* non-existent link still succeeds.
|
|
979
|
+
*/
|
|
980
|
+
unlinkWorkspace(id: string, workspaceId: string, opts?: CallOptions): Promise<{
|
|
981
|
+
unlinked: boolean;
|
|
982
|
+
}>;
|
|
983
|
+
/**
|
|
984
|
+
* Redeem a one-time pair token for a long-lived computer identity. The
|
|
985
|
+
* token itself is the auth — we swap the bearer for the token on this
|
|
986
|
+
* call only (same pattern as `triggers.fire`).
|
|
987
|
+
*
|
|
988
|
+
* Used by `idapt up --token` to bootstrap a daemon. The request body is
|
|
989
|
+
* snake_case; the response is wrapped in the standard `{data:{…}}`
|
|
990
|
+
* envelope. `computer_id` is a resourceId.
|
|
991
|
+
*/
|
|
992
|
+
pair(input: PairComputerInput, opts?: CallOptions): Promise<PairComputerResult>;
|
|
993
|
+
}
|
|
994
|
+
|
|
995
|
+
/**
|
|
996
|
+
* DatastoreApi — `/api/v1/datastore` (the KV data plane).
|
|
997
|
+
*
|
|
998
|
+
* Workspace-scoped key/value store. Entries live under a `namespace` (a bucket
|
|
999
|
+
* you pick) and a `key`. Surfaced as `client.kv.*` on `IdaptClient`.
|
|
1000
|
+
*/
|
|
1001
|
+
|
|
1002
|
+
interface DatastoreListOptions extends CallOptions {
|
|
1003
|
+
/** Only keys starting with this prefix. */
|
|
1004
|
+
prefix?: string;
|
|
1005
|
+
cursor?: string;
|
|
1006
|
+
limit?: number;
|
|
1007
|
+
}
|
|
1008
|
+
interface DatastoreSetOptions extends CallOptions {
|
|
1009
|
+
/** Seconds until the entry expires; omit for no expiry. */
|
|
1010
|
+
ttlSeconds?: number;
|
|
1011
|
+
}
|
|
1012
|
+
declare class DatastoreApi {
|
|
1013
|
+
private readonly ctx;
|
|
1014
|
+
constructor(ctx: HttpContext);
|
|
1015
|
+
/** List keys in a namespace (prefix-filterable). */
|
|
1016
|
+
list(namespace: string, opts?: DatastoreListOptions): Promise<{
|
|
1017
|
+
key: string;
|
|
1018
|
+
}[]>;
|
|
1019
|
+
/** Read a KV entry. */
|
|
1020
|
+
get(namespace: string, key: string, opts?: CallOptions): Promise<DatastoreEntry>;
|
|
1021
|
+
/** Upsert a KV entry (optionally with a TTL). */
|
|
1022
|
+
set(namespace: string, key: string, value: unknown, opts?: DatastoreSetOptions): Promise<DatastoreEntry>;
|
|
1023
|
+
/** Delete a KV entry (idempotent). */
|
|
1024
|
+
delete(namespace: string, key: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
1025
|
+
/** Atomically add `by` (default 1) to a numeric counter. */
|
|
1026
|
+
increment(namespace: string, key: string, by?: number, opts?: CallOptions): Promise<{
|
|
1027
|
+
key: string;
|
|
1028
|
+
value: number;
|
|
1029
|
+
}>;
|
|
1030
|
+
/** List the namespaces in the workspace. */
|
|
1031
|
+
listNamespaces(opts?: CallOptions): Promise<string[]>;
|
|
1032
|
+
/** Read several keys at once. */
|
|
1033
|
+
batchGet(namespace: string, keys: string[], opts?: CallOptions): Promise<DatastoreEntry[]>;
|
|
1034
|
+
/** Upsert several entries at once. */
|
|
1035
|
+
batchSet(namespace: string, entries: {
|
|
1036
|
+
key: string;
|
|
1037
|
+
value: unknown;
|
|
1038
|
+
ttlSeconds?: number | null;
|
|
1039
|
+
}[], opts?: CallOptions): Promise<number>;
|
|
1040
|
+
/** Delete several keys at once; returns the count removed. */
|
|
1041
|
+
batchDelete(namespace: string, keys: string[], opts?: CallOptions): Promise<number>;
|
|
1042
|
+
}
|
|
1043
|
+
|
|
1044
|
+
/**
|
|
1045
|
+
* DocsApi — `GET /api/v1/docs`.
|
|
1046
|
+
*
|
|
1047
|
+
* Returns the computer-readable OpenAPI 3.1 spec for the v1 API. Useful for
|
|
1048
|
+
* tools that generate clients / validators at runtime. Most consumers of
|
|
1049
|
+
* this SDK don't need it — the typed wrappers cover the same surface.
|
|
1050
|
+
*/
|
|
1051
|
+
|
|
1052
|
+
declare class DocsApi {
|
|
1053
|
+
private readonly ctx;
|
|
1054
|
+
constructor(ctx: HttpContext);
|
|
1055
|
+
/**
|
|
1056
|
+
* Fetch the OpenAPI spec as a plain object. Shape is `OpenAPI.Document`
|
|
1057
|
+
* from the standard spec — typed as `Record<string, unknown>` here so
|
|
1058
|
+
* consumers can narrow as needed without pulling in an openapi-types
|
|
1059
|
+
* dependency.
|
|
1060
|
+
*/
|
|
1061
|
+
get(opts?: CallOptions): Promise<Record<string, unknown>>;
|
|
1062
|
+
}
|
|
1063
|
+
|
|
1064
|
+
/**
|
|
1065
|
+
* FilesApi — the full `/api/v1/drive/files` surface for app code that operates
|
|
1066
|
+
* on arbitrary file ids (not just the sandboxed folders exposed via
|
|
1067
|
+
* `client.app` / `client.data`).
|
|
1068
|
+
*
|
|
1069
|
+
* Use when:
|
|
1070
|
+
* - The app has elevated `files:*` permission and wants to touch files
|
|
1071
|
+
* outside its `.app-data` scope.
|
|
1072
|
+
* - You need create-folder / move / run endpoints with a workspace_id /
|
|
1073
|
+
* parent_id you choose yourself.
|
|
1074
|
+
*
|
|
1075
|
+
* For "save preferences in my data folder", prefer `client.data.set(name)`
|
|
1076
|
+
* — it handles name→id resolution and OCC for you.
|
|
1077
|
+
*
|
|
1078
|
+
* All HTTP details live in `_files-core.ts` so DataFolder / AppFolder share
|
|
1079
|
+
* exactly the same wire behaviour.
|
|
1080
|
+
*/
|
|
1081
|
+
|
|
1082
|
+
declare class FilesApi {
|
|
1083
|
+
private readonly ctx;
|
|
1084
|
+
constructor(ctx: HttpContext);
|
|
1085
|
+
list(query?: ListFilesQuery, opts?: CallOptions): Promise<File$1[]>;
|
|
1086
|
+
/** Multipart upload a Blob/File. Returns the partial file record. */
|
|
1087
|
+
upload(input: UploadInput, opts?: CallOptions): Promise<FileUploadResult>;
|
|
1088
|
+
/**
|
|
1089
|
+
* Fetch a file's raw text content. Use for text-like files (source code,
|
|
1090
|
+
* Markdown, JSON strings). For binary content (images, PDFs, zips) use
|
|
1091
|
+
* `getBlob()` instead — `getText()` will UTF-8 decode and corrupt bytes.
|
|
1092
|
+
*/
|
|
1093
|
+
getText(id: string, opts?: CallOptions): Promise<string>;
|
|
1094
|
+
/**
|
|
1095
|
+
* Fetch a file's raw bytes as a Blob. The server sends the real MIME
|
|
1096
|
+
* type on `Content-Type`; the returned Blob's `.type` reflects it.
|
|
1097
|
+
*/
|
|
1098
|
+
getBlob(id: string, opts?: CallOptions): Promise<Blob>;
|
|
1099
|
+
/**
|
|
1100
|
+
* Patch file metadata or content. Supports `expectedUpdatedAt` for
|
|
1101
|
+
* optimistic concurrency — pass it when you know the version you read.
|
|
1102
|
+
*/
|
|
1103
|
+
patch(id: string, input: PatchFileInput, opts?: WriteOptions): Promise<File$1>;
|
|
1104
|
+
delete(id: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
1105
|
+
restore(id: string, opts?: CallOptions): Promise<File$1>;
|
|
1106
|
+
permanentDelete(id: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
1107
|
+
/**
|
|
1108
|
+
* Idempotent create-or-get a folder. Returns the existing folder (with
|
|
1109
|
+
* `200`) or the new one (`201`) — consumers don't need to distinguish.
|
|
1110
|
+
*/
|
|
1111
|
+
createFolder(input: CreateFolderInput, opts?: CallOptions): Promise<File$1>;
|
|
1112
|
+
move(id: string, parentId: string | null, opts?: CallOptions): Promise<File$1>;
|
|
1113
|
+
/**
|
|
1114
|
+
* Execute a code file (js/ts/py/sh) in a sandboxed Lambda. Returns the
|
|
1115
|
+
* full `ExecutionRun` record (status, stdout/stderr, exit code, timestamps).
|
|
1116
|
+
*/
|
|
1117
|
+
run(id: string, input?: RunFileInput, opts?: CallOptions): Promise<ExecutionRun>;
|
|
1118
|
+
}
|
|
1119
|
+
|
|
1120
|
+
/**
|
|
1121
|
+
* GuideApi — `GET /api/v1/guide`.
|
|
1122
|
+
*
|
|
1123
|
+
* Returns the canonical SKILL.md — Markdown instructions that LLMs (or
|
|
1124
|
+
* other browser-apps) can load to learn what the idapt API offers. Served as
|
|
1125
|
+
* a JSON envelope (`{ data: { content, format } }`).
|
|
1126
|
+
*/
|
|
1127
|
+
|
|
1128
|
+
/** Payload of `GET /v1/skill` — the SKILL.md body plus its format tag. */
|
|
1129
|
+
interface GuideContent {
|
|
1130
|
+
/** The SKILL.md document body. */
|
|
1131
|
+
content: string;
|
|
1132
|
+
/** Content format — `"markdown"` today. */
|
|
1133
|
+
format: string;
|
|
1134
|
+
}
|
|
1135
|
+
declare class GuideApi {
|
|
1136
|
+
private readonly ctx;
|
|
1137
|
+
constructor(ctx: HttpContext);
|
|
1138
|
+
/**
|
|
1139
|
+
* Fetch the SKILL.md document. Returns `{ content, format }` — the route
|
|
1140
|
+
* responds with a JSON envelope, not raw text.
|
|
1141
|
+
*/
|
|
1142
|
+
get(opts?: CallOptions): Promise<GuideContent>;
|
|
1143
|
+
}
|
|
1144
|
+
|
|
1145
|
+
/**
|
|
1146
|
+
* ImagesApi — `/api/v1/images/*`.
|
|
1147
|
+
*
|
|
1148
|
+
* Two endpoints:
|
|
1149
|
+
* - `GET /images/models` → catalogue of image models. Each item is
|
|
1150
|
+
* `{id, display_name, provider, modality}`
|
|
1151
|
+
* plus image-specific fields.
|
|
1152
|
+
* - `POST /images/generations` → generate an image, returns a file ref.
|
|
1153
|
+
* Responds HTTP 201 (resource created).
|
|
1154
|
+
*
|
|
1155
|
+
* `generate()` writes the output into the caller's workspace (required) at
|
|
1156
|
+
* an optional path; the response includes a `file_id` you can turn around
|
|
1157
|
+
* and pass to `files.get(id)` for the bytes, or use `url` for a signed
|
|
1158
|
+
* download link.
|
|
1159
|
+
*/
|
|
1160
|
+
|
|
1161
|
+
interface GenerateImageInput {
|
|
1162
|
+
prompt: string;
|
|
1163
|
+
workspace_id: string;
|
|
1164
|
+
model?: string;
|
|
1165
|
+
output_path?: string;
|
|
1166
|
+
reference_image_ids?: string[];
|
|
1167
|
+
reference_image_paths?: string[];
|
|
1168
|
+
aspect_ratio?: string;
|
|
1169
|
+
}
|
|
1170
|
+
declare class ImagesApi {
|
|
1171
|
+
private readonly ctx;
|
|
1172
|
+
constructor(ctx: HttpContext);
|
|
1173
|
+
listModels(opts?: CallOptions): Promise<ImageModel[]>;
|
|
1174
|
+
/** Generate an image. Responds HTTP 201 with the written file ref under `data`. */
|
|
1175
|
+
generate(input: GenerateImageInput, opts?: CallOptions): Promise<ImageGenerationResult>;
|
|
1176
|
+
}
|
|
1177
|
+
|
|
1178
|
+
/**
|
|
1179
|
+
* ModelsApi — `GET /api/v1/models`.
|
|
1180
|
+
*
|
|
1181
|
+
* Returns the catalogue of LLMs available to the authenticated user.
|
|
1182
|
+
* Pricing and capability fields drive the model-picker UX in any app that
|
|
1183
|
+
* lets users swap models.
|
|
1184
|
+
*/
|
|
1185
|
+
|
|
1186
|
+
declare class ModelsApi {
|
|
1187
|
+
private readonly ctx;
|
|
1188
|
+
constructor(ctx: HttpContext);
|
|
1189
|
+
list(opts?: CallOptions): Promise<LLMModel[]>;
|
|
1190
|
+
}
|
|
1191
|
+
|
|
1192
|
+
/**
|
|
1193
|
+
* NotificationsApi — `/api/v1/notifications`.
|
|
1194
|
+
*
|
|
1195
|
+
* Notifications are per-recipient rows attached to underlying notification
|
|
1196
|
+
* "events". The SDK exposes only the per-recipient view — events themselves
|
|
1197
|
+
* are an internal audit surface.
|
|
1198
|
+
*
|
|
1199
|
+
* Three sub-surfaces on the same module for ergonomics:
|
|
1200
|
+
* - per-row verbs: list, get, markRead, archive, unarchive, delete
|
|
1201
|
+
* - bulk: readAll
|
|
1202
|
+
* - settings: getConfig / updateConfig (toasts, quiet hours, digest)
|
|
1203
|
+
* - matrix: getPreferences / updatePreferences (per-(type, subtype?, channel))
|
|
1204
|
+
* - send: send a notification to workspace members (admin/owner verb)
|
|
1205
|
+
*
|
|
1206
|
+
* `id` parameters are notification recipient resourceIds. Resolution of
|
|
1207
|
+
* profile/workspace FKs to resourceIds is handled server-side; both lists
|
|
1208
|
+
* and singles come back already in wire shape.
|
|
1209
|
+
*/
|
|
1210
|
+
|
|
1211
|
+
interface ListNotificationsQuery {
|
|
1212
|
+
limit?: number;
|
|
1213
|
+
/** Opaque pagination cursor — echo `pagination.next_cursor`. */
|
|
1214
|
+
cursor?: string;
|
|
1215
|
+
unread_only?: boolean;
|
|
1216
|
+
archived_only?: boolean;
|
|
1217
|
+
type?: string;
|
|
1218
|
+
subtype?: string;
|
|
1219
|
+
workspace_id?: string;
|
|
1220
|
+
search?: string;
|
|
1221
|
+
}
|
|
1222
|
+
interface UpdateNotificationInput {
|
|
1223
|
+
/**
|
|
1224
|
+
* Mark the row read. Only `true` is accepted — the v1 contract does not
|
|
1225
|
+
* support reverting a row to unread via this field.
|
|
1226
|
+
*/
|
|
1227
|
+
is_read?: true;
|
|
1228
|
+
/** `true` → archive, `false` → unarchive. */
|
|
1229
|
+
archived?: boolean;
|
|
1230
|
+
}
|
|
1231
|
+
type NotificationAudience = string[] | "all_members" | "admins" | "owner";
|
|
1232
|
+
interface SendNotificationInput {
|
|
1233
|
+
workspace_id: string;
|
|
1234
|
+
title: string;
|
|
1235
|
+
message?: string;
|
|
1236
|
+
/**
|
|
1237
|
+
* One of:
|
|
1238
|
+
* - An array of profile resourceIds — only those people get the row
|
|
1239
|
+
* - `"all_members" | "admins" | "owner"` — broadcast within the workspace
|
|
1240
|
+
*
|
|
1241
|
+
* Exactly one form must be supplied.
|
|
1242
|
+
*/
|
|
1243
|
+
audience: NotificationAudience;
|
|
1244
|
+
channels?: ("in_app" | "email" | "web_push")[];
|
|
1245
|
+
urgency?: "low" | "normal" | "high";
|
|
1246
|
+
/** Idempotency tag — repeat calls with the same key dedupe. */
|
|
1247
|
+
dedup_key?: string;
|
|
1248
|
+
data?: Record<string, unknown>;
|
|
1249
|
+
/** Click-through target. See `backend/platform/notifications/src/internal/notifications/deep-links.ts`. */
|
|
1250
|
+
deep_link?: Record<string, unknown>;
|
|
1251
|
+
}
|
|
1252
|
+
interface SendNotificationResult {
|
|
1253
|
+
recipientCount: number;
|
|
1254
|
+
deduped: boolean;
|
|
1255
|
+
deepLink?: Record<string, unknown>;
|
|
1256
|
+
}
|
|
1257
|
+
/** Single entry in the bulk-update payload for the preferences matrix. */
|
|
1258
|
+
interface NotificationPreferenceUpdate {
|
|
1259
|
+
type: string;
|
|
1260
|
+
subtype?: string;
|
|
1261
|
+
channel: "in_app" | "email" | "web_push";
|
|
1262
|
+
enabled: boolean;
|
|
1263
|
+
}
|
|
1264
|
+
declare class NotificationsApi {
|
|
1265
|
+
private readonly ctx;
|
|
1266
|
+
constructor(ctx: HttpContext);
|
|
1267
|
+
/**
|
|
1268
|
+
* List notification rows. Returns the `data` array directly; the
|
|
1269
|
+
* unfiltered unread tally lives at the TOP LEVEL of the wire envelope
|
|
1270
|
+
* (`unread_count`, a sibling of `data`/`pagination`) — use `listWithMeta`
|
|
1271
|
+
* when you need it.
|
|
1272
|
+
*/
|
|
1273
|
+
list(query?: ListNotificationsQuery, opts?: CallOptions): Promise<Notification[]>;
|
|
1274
|
+
/**
|
|
1275
|
+
* Like `list()` but returns the full envelope so callers can read the
|
|
1276
|
+
* top-level `unread_count` (e.g. to drive an unread badge).
|
|
1277
|
+
*/
|
|
1278
|
+
listWithMeta(query?: ListNotificationsQuery, opts?: CallOptions): Promise<ListEnvelope<Notification> & {
|
|
1279
|
+
unread_count: number;
|
|
1280
|
+
}>;
|
|
1281
|
+
get(id: string, opts?: CallOptions): Promise<Notification>;
|
|
1282
|
+
/**
|
|
1283
|
+
* PATCH a single recipient row. The body accepts only the `is_read` and
|
|
1284
|
+
* `archived` booleans; at least one must be supplied (422 otherwise).
|
|
1285
|
+
* Returns the full updated `Notification`.
|
|
1286
|
+
*/
|
|
1287
|
+
update(id: string, input: UpdateNotificationInput, opts?: CallOptions): Promise<Notification>;
|
|
1288
|
+
/** Shorthand for `update(id, { is_read: true })`. */
|
|
1289
|
+
markRead(id: string, opts?: CallOptions): Promise<{
|
|
1290
|
+
id: string;
|
|
1291
|
+
type: string;
|
|
1292
|
+
title: string;
|
|
1293
|
+
is_read: boolean;
|
|
1294
|
+
created_at: string;
|
|
1295
|
+
subtype?: string | null | undefined;
|
|
1296
|
+
message?: string | null | undefined;
|
|
1297
|
+
data?: Record<string, unknown> | null | undefined;
|
|
1298
|
+
group_key?: string | null | undefined;
|
|
1299
|
+
workspace_id?: string | null | undefined;
|
|
1300
|
+
sender_kind?: string | null | undefined;
|
|
1301
|
+
sender_actor_id?: string | null | undefined;
|
|
1302
|
+
sender_agent_id?: string | null | undefined;
|
|
1303
|
+
audience?: string | string[] | null | undefined;
|
|
1304
|
+
read_at?: string | null | undefined;
|
|
1305
|
+
archived_at?: string | null | undefined;
|
|
1306
|
+
}>;
|
|
1307
|
+
/** Shorthand for `update(id, { archived: true })`. */
|
|
1308
|
+
archive(id: string, opts?: CallOptions): Promise<{
|
|
1309
|
+
id: string;
|
|
1310
|
+
type: string;
|
|
1311
|
+
title: string;
|
|
1312
|
+
is_read: boolean;
|
|
1313
|
+
created_at: string;
|
|
1314
|
+
subtype?: string | null | undefined;
|
|
1315
|
+
message?: string | null | undefined;
|
|
1316
|
+
data?: Record<string, unknown> | null | undefined;
|
|
1317
|
+
group_key?: string | null | undefined;
|
|
1318
|
+
workspace_id?: string | null | undefined;
|
|
1319
|
+
sender_kind?: string | null | undefined;
|
|
1320
|
+
sender_actor_id?: string | null | undefined;
|
|
1321
|
+
sender_agent_id?: string | null | undefined;
|
|
1322
|
+
audience?: string | string[] | null | undefined;
|
|
1323
|
+
read_at?: string | null | undefined;
|
|
1324
|
+
archived_at?: string | null | undefined;
|
|
1325
|
+
}>;
|
|
1326
|
+
/** Shorthand for `update(id, { archived: false })`. */
|
|
1327
|
+
unarchive(id: string, opts?: CallOptions): Promise<{
|
|
1328
|
+
id: string;
|
|
1329
|
+
type: string;
|
|
1330
|
+
title: string;
|
|
1331
|
+
is_read: boolean;
|
|
1332
|
+
created_at: string;
|
|
1333
|
+
subtype?: string | null | undefined;
|
|
1334
|
+
message?: string | null | undefined;
|
|
1335
|
+
data?: Record<string, unknown> | null | undefined;
|
|
1336
|
+
group_key?: string | null | undefined;
|
|
1337
|
+
workspace_id?: string | null | undefined;
|
|
1338
|
+
sender_kind?: string | null | undefined;
|
|
1339
|
+
sender_actor_id?: string | null | undefined;
|
|
1340
|
+
sender_agent_id?: string | null | undefined;
|
|
1341
|
+
audience?: string | string[] | null | undefined;
|
|
1342
|
+
read_at?: string | null | undefined;
|
|
1343
|
+
archived_at?: string | null | undefined;
|
|
1344
|
+
}>;
|
|
1345
|
+
delete(id: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
1346
|
+
/**
|
|
1347
|
+
* Mark every unread, non-archived, non-deleted notification as read.
|
|
1348
|
+
* Resolves once the bulk update lands — the v1 response is an empty
|
|
1349
|
+
* `{ data: {} }` envelope.
|
|
1350
|
+
*/
|
|
1351
|
+
readAll(opts?: CallOptions): Promise<void>;
|
|
1352
|
+
/**
|
|
1353
|
+
* Send a notification to workspace members. The caller must be an admin/owner
|
|
1354
|
+
* of the workspace; `recipient_ids` (profile resourceIds) and the broadcast
|
|
1355
|
+
* targets are mutually exclusive — pass one via `audience`.
|
|
1356
|
+
*/
|
|
1357
|
+
send(input: SendNotificationInput, opts?: CallOptions): Promise<SendNotificationResult>;
|
|
1358
|
+
/**
|
|
1359
|
+
* Fetch the per-user toast/sound/quiet-hours/digest config. The response
|
|
1360
|
+
* is flat — the config object IS `data`, with no inner `{config}` wrapper.
|
|
1361
|
+
*/
|
|
1362
|
+
getConfig(opts?: CallOptions): Promise<NotificationConfig>;
|
|
1363
|
+
/** PATCH a subset of the config. Returns the full flat config. */
|
|
1364
|
+
updateConfig(input: Partial<NotificationConfig>, opts?: CallOptions): Promise<NotificationConfig>;
|
|
1365
|
+
/**
|
|
1366
|
+
* Fetch the (type, subtype?, channel) preference matrix. The response is
|
|
1367
|
+
* flat — `data` IS the preference array, with no inner `{preferences}`
|
|
1368
|
+
* wrapper.
|
|
1369
|
+
*/
|
|
1370
|
+
getPreferences(opts?: CallOptions): Promise<NotificationPreference[]>;
|
|
1371
|
+
/**
|
|
1372
|
+
* Bulk-update preferences. Each entry sets one (type, subtype?, channel)
|
|
1373
|
+
* row. Empty `updates[]` → 422. Returns the full flat preference array.
|
|
1374
|
+
*/
|
|
1375
|
+
updatePreferences(updates: NotificationPreferenceUpdate[], opts?: CallOptions): Promise<NotificationPreference[]>;
|
|
1376
|
+
}
|
|
1377
|
+
|
|
1378
|
+
/**
|
|
1379
|
+
* ProviderEndpointsApi — `/api/v1/ai-gateway/provider-endpoints`.
|
|
1380
|
+
*
|
|
1381
|
+
* User-owned BYOK and daemon-local endpoints used by model routing. Provider
|
|
1382
|
+
* secrets are write-only: create/update accept `api_key`, but reads only expose
|
|
1383
|
+
* `api_key_preview`.
|
|
1384
|
+
*/
|
|
1385
|
+
|
|
1386
|
+
interface ProviderEndpointModelMappingInput {
|
|
1387
|
+
/** Idapt model id, for example `openai/gpt-5.4`. */
|
|
1388
|
+
model_id: string;
|
|
1389
|
+
/** Upstream provider model id. Defaults server-side to `model_id`. */
|
|
1390
|
+
api_model_id: string;
|
|
1391
|
+
}
|
|
1392
|
+
interface CreateProviderEndpointInput {
|
|
1393
|
+
kind?: ProviderEndpointKind;
|
|
1394
|
+
provider_key?: ProviderEndpointProviderKey;
|
|
1395
|
+
connection_type?: ProviderEndpointConnectionType;
|
|
1396
|
+
display_name: string;
|
|
1397
|
+
api_key?: string;
|
|
1398
|
+
transport?: ProviderEndpointTransport;
|
|
1399
|
+
runtime?: ProviderEndpointRuntime | null;
|
|
1400
|
+
protocol?: ProviderEndpointProtocol | null;
|
|
1401
|
+
computer_id?: string | null;
|
|
1402
|
+
local_base_url?: string | null;
|
|
1403
|
+
visibility?: ProviderEndpointVisibility;
|
|
1404
|
+
base_url?: string | null;
|
|
1405
|
+
default_for_kind?: boolean;
|
|
1406
|
+
default_modalities?: ProviderEndpointModality[];
|
|
1407
|
+
model_mappings?: ProviderEndpointModelMappingInput[];
|
|
1408
|
+
}
|
|
1409
|
+
type UpdateProviderEndpointInput = Partial<Omit<CreateProviderEndpointInput, "kind">> & {
|
|
1410
|
+
enabled?: boolean;
|
|
1411
|
+
};
|
|
1412
|
+
declare class ProviderEndpointsApi {
|
|
1413
|
+
private readonly ctx;
|
|
1414
|
+
constructor(ctx: HttpContext);
|
|
1415
|
+
list(opts?: CallOptions): Promise<ProviderEndpoint[]>;
|
|
1416
|
+
presets(opts?: CallOptions): Promise<ManagedProviderPreset[]>;
|
|
1417
|
+
create(input: CreateProviderEndpointInput, opts?: CallOptions): Promise<ProviderEndpoint>;
|
|
1418
|
+
update(id: string, input: UpdateProviderEndpointInput, opts?: CallOptions): Promise<ProviderEndpoint>;
|
|
1419
|
+
delete(id: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
1420
|
+
test(id: string, opts?: CallOptions): Promise<ProviderEndpointTestResult>;
|
|
1421
|
+
}
|
|
1422
|
+
|
|
1423
|
+
/**
|
|
1424
|
+
* RealtimeApi — `/api/v1/realtime` (broadcast + presence + live subscribe).
|
|
1425
|
+
*
|
|
1426
|
+
* Channels authorize by the resource they name (`ws:{wsResId}:…`,
|
|
1427
|
+
* `table:{collResId}`, `app:{appResId}`). Surfaced as `client.realtime.*`.
|
|
1428
|
+
*
|
|
1429
|
+
* Two surfaces:
|
|
1430
|
+
* - **control** (`broadcast` / `heartbeat` / `presence`) — plain JSON calls.
|
|
1431
|
+
* - **live** (`subscribe`) — opens an authenticated SSE `fetch`-stream and
|
|
1432
|
+
* pushes each frame to a callback, auto-resuming via `Last-Event-ID`.
|
|
1433
|
+
*
|
|
1434
|
+
* `subscribe` deliberately uses `requestRaw` (a `fetch`-stream) rather than a
|
|
1435
|
+
* native `EventSource`. `EventSource` can't set an `Authorization` header, so it
|
|
1436
|
+
* only works same-origin via the session cookie; a `fetch`-stream rides the
|
|
1437
|
+
* SDK's existing auth (static bearer, app-key cookie, OR minted-bearer) and
|
|
1438
|
+
* therefore works isomorphically in node and the browser. The trade-off is we
|
|
1439
|
+
* own reconnect/backoff (below) instead of the browser's built-in EventSource
|
|
1440
|
+
* retry.
|
|
1441
|
+
*/
|
|
1442
|
+
|
|
1443
|
+
interface PresenceEntry {
|
|
1444
|
+
principal_id: string;
|
|
1445
|
+
meta: Record<string, unknown>;
|
|
1446
|
+
last_seen: number;
|
|
1447
|
+
}
|
|
1448
|
+
interface PresenceHeartbeatOptions extends CallOptions {
|
|
1449
|
+
/** Arbitrary presence metadata (name, cursor, …). */
|
|
1450
|
+
meta?: Record<string, unknown>;
|
|
1451
|
+
/** Seconds the presence entry stays live without a refresh. */
|
|
1452
|
+
ttlSeconds?: number;
|
|
1453
|
+
}
|
|
1454
|
+
/** A single realtime event handed to a {@link RealtimeApi.subscribe} callback. */
|
|
1455
|
+
interface RealtimeEvent {
|
|
1456
|
+
/** The channel the event belongs to. */
|
|
1457
|
+
channel: string;
|
|
1458
|
+
/**
|
|
1459
|
+
* Event type. Durable changes carry the publisher's type (e.g.
|
|
1460
|
+
* `record:created`); broadcasts are `"broadcast"`; transport signals are
|
|
1461
|
+
* `"session:gap"` / `"heartbeat"`.
|
|
1462
|
+
*/
|
|
1463
|
+
type: string;
|
|
1464
|
+
/** The payload — the change `data`, the broadcast message, or `null`. */
|
|
1465
|
+
data: unknown;
|
|
1466
|
+
/** Resume cursor (Redis stream id) — present only on durable change frames. */
|
|
1467
|
+
id?: string;
|
|
1468
|
+
}
|
|
1469
|
+
interface SubscribeOptions {
|
|
1470
|
+
/** Called on a stream/parse/network error (the SDK still auto-reconnects). */
|
|
1471
|
+
onError?: (err: Error) => void;
|
|
1472
|
+
/** Initial resume cursor (Redis stream id) for the first connect. */
|
|
1473
|
+
lastEventId?: string;
|
|
1474
|
+
/**
|
|
1475
|
+
* Abort the subscription. Equivalent to calling the returned unsubscribe fn;
|
|
1476
|
+
* provided for callers that already thread an `AbortSignal`.
|
|
1477
|
+
*/
|
|
1478
|
+
signal?: AbortSignal;
|
|
1479
|
+
}
|
|
1480
|
+
/** A per-channel handle composing the realtime verbs for one channel. */
|
|
1481
|
+
interface ChannelHandle {
|
|
1482
|
+
/** The channel key. */
|
|
1483
|
+
readonly key: string;
|
|
1484
|
+
/** Subscribe to this channel's live changes + broadcasts. */
|
|
1485
|
+
subscribe(onEvent: (event: RealtimeEvent) => void, opts?: SubscribeOptions): () => void;
|
|
1486
|
+
/** Send an ephemeral broadcast to this channel's subscribers. */
|
|
1487
|
+
broadcast(message: unknown, opts?: CallOptions): Promise<{
|
|
1488
|
+
ok: boolean;
|
|
1489
|
+
}>;
|
|
1490
|
+
/** List who is currently present on this channel. */
|
|
1491
|
+
presence(opts?: CallOptions): Promise<PresenceEntry[]>;
|
|
1492
|
+
/** Record/refresh the caller's presence (TTL heartbeat). */
|
|
1493
|
+
heartbeat(opts?: PresenceHeartbeatOptions): Promise<{
|
|
1494
|
+
ok: boolean;
|
|
1495
|
+
}>;
|
|
1496
|
+
}
|
|
1497
|
+
declare class RealtimeApi {
|
|
1498
|
+
private readonly ctx;
|
|
1499
|
+
constructor(ctx: HttpContext);
|
|
1500
|
+
/** Send an ephemeral message to a channel's current subscribers. */
|
|
1501
|
+
broadcast(channel: string, message: unknown, opts?: CallOptions): Promise<{
|
|
1502
|
+
ok: boolean;
|
|
1503
|
+
}>;
|
|
1504
|
+
/** Record/refresh the caller's presence on a channel (TTL heartbeat). */
|
|
1505
|
+
heartbeat(channel: string, opts?: PresenceHeartbeatOptions): Promise<{
|
|
1506
|
+
ok: boolean;
|
|
1507
|
+
}>;
|
|
1508
|
+
/** List who is currently present on a channel. */
|
|
1509
|
+
presence(channel: string, opts?: CallOptions): Promise<PresenceEntry[]>;
|
|
1510
|
+
/**
|
|
1511
|
+
* Open an SSE stream for one or more channels' durable changes + ephemeral
|
|
1512
|
+
* broadcasts. `onEvent` fires for every change/broadcast frame; heartbeat and
|
|
1513
|
+
* transport-only signals are NOT surfaced (they keep the socket warm). Returns
|
|
1514
|
+
* an unsubscribe function — call it (or abort `opts.signal`) to close.
|
|
1515
|
+
*
|
|
1516
|
+
* The stream auto-reconnects with capped exponential backoff and resumes from
|
|
1517
|
+
* the last seen change id (so durable changes are not missed across a drop).
|
|
1518
|
+
*/
|
|
1519
|
+
subscribe(channels: string[], onEvent: (event: RealtimeEvent) => void, opts?: SubscribeOptions): () => void;
|
|
1520
|
+
/**
|
|
1521
|
+
* A per-channel handle bundling subscribe + broadcast + presence + heartbeat
|
|
1522
|
+
* for one channel, so callers don't repeat the key:
|
|
1523
|
+
*
|
|
1524
|
+
* const ch = client.realtime.channel("table:col_123");
|
|
1525
|
+
* const stop = ch.subscribe((e) => render(e));
|
|
1526
|
+
* await ch.broadcast({ cursor: { x, y } });
|
|
1527
|
+
*/
|
|
1528
|
+
channel(key: string): ChannelHandle;
|
|
1529
|
+
}
|
|
1530
|
+
|
|
1531
|
+
/**
|
|
1532
|
+
* SearchApi — `GET /api/v1/search`.
|
|
1533
|
+
*
|
|
1534
|
+
* Full-text search across the user's accessible content (files, chats,
|
|
1535
|
+
* agents, etc.). Results are loosely shaped — caller narrows via `.type`.
|
|
1536
|
+
*/
|
|
1537
|
+
|
|
1538
|
+
interface SearchInput {
|
|
1539
|
+
q: string;
|
|
1540
|
+
/** Page size — capped at 50 server-side for search (default 50). */
|
|
1541
|
+
limit?: number;
|
|
1542
|
+
/**
|
|
1543
|
+
* Opaque pagination cursor — `GET /v1/search` is cursor-paginated.
|
|
1544
|
+
* Echo `pagination.next_cursor` from the previous page.
|
|
1545
|
+
*/
|
|
1546
|
+
cursor?: string;
|
|
1547
|
+
/** Comma-separated source filter, e.g. `file` or `chat_message,chat`. */
|
|
1548
|
+
source?: string;
|
|
1549
|
+
/** File type filter when searching files. */
|
|
1550
|
+
type?: "documents" | "images" | "videos" | "audio" | "folders";
|
|
1551
|
+
/** Workspace resourceId to scope results. */
|
|
1552
|
+
workspace_id?: string;
|
|
1553
|
+
/** Chat-only search mode when source is omitted. */
|
|
1554
|
+
chat_mode?: "title" | "content";
|
|
1555
|
+
}
|
|
1556
|
+
declare class SearchApi {
|
|
1557
|
+
private readonly ctx;
|
|
1558
|
+
constructor(ctx: HttpContext);
|
|
1559
|
+
search(input: SearchInput, opts?: CallOptions): Promise<SearchResult[]>;
|
|
1560
|
+
}
|
|
1561
|
+
|
|
1562
|
+
/**
|
|
1563
|
+
* SecretsApi — `/api/v1/secrets` (Idapt Secrets).
|
|
1564
|
+
*
|
|
1565
|
+
* Flat, workspace-scoped secrets. `workspace_id` is optional on `list`/`create`
|
|
1566
|
+
* and defaults to the caller's personal workspace (same posture as the rest of
|
|
1567
|
+
* v1). The plaintext value is NEVER returned by list/get/create/update — only a
|
|
1568
|
+
* masked `value_preview`. The single value-returning call is `reveal`, which is
|
|
1569
|
+
* session-only, audited, and rate-limited server-side (and never available to
|
|
1570
|
+
* agents). To mount a secret into a runtime, reference it by name; do not pull
|
|
1571
|
+
* the value client-side.
|
|
1572
|
+
*
|
|
1573
|
+
* Surfaced as `client.secrets.*` on `IdaptClient`.
|
|
1574
|
+
*/
|
|
1575
|
+
|
|
1576
|
+
interface ListSecretsOptions extends CallOptions {
|
|
1577
|
+
/** Workspace resourceId. Omit for the caller's personal workspace. */
|
|
1578
|
+
workspaceId?: string;
|
|
1579
|
+
}
|
|
1580
|
+
interface CreateSecretInput {
|
|
1581
|
+
name: string;
|
|
1582
|
+
value: string;
|
|
1583
|
+
description?: string | null;
|
|
1584
|
+
/** Content classification; derived from the name when omitted. */
|
|
1585
|
+
type?: "generic" | "password" | "api_key" | "ssh_private_key" | "ssh_public_key";
|
|
1586
|
+
/** Target workspace resourceId. Omit for the personal workspace. */
|
|
1587
|
+
workspace_id?: string;
|
|
1588
|
+
}
|
|
1589
|
+
interface UpdateSecretInput {
|
|
1590
|
+
/** Pass a new plaintext to ROTATE the secret. Omit to leave unchanged. */
|
|
1591
|
+
value?: string;
|
|
1592
|
+
description?: string | null;
|
|
1593
|
+
}
|
|
1594
|
+
declare class SecretsApi {
|
|
1595
|
+
private readonly ctx;
|
|
1596
|
+
constructor(ctx: HttpContext);
|
|
1597
|
+
list(opts?: ListSecretsOptions): Promise<Secret[]>;
|
|
1598
|
+
get(secretId: string, opts?: CallOptions): Promise<Secret>;
|
|
1599
|
+
create(input: CreateSecretInput, opts?: CallOptions): Promise<Secret>;
|
|
1600
|
+
update(secretId: string, input: UpdateSecretInput, opts?: CallOptions): Promise<Secret>;
|
|
1601
|
+
delete(secretId: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
1602
|
+
/**
|
|
1603
|
+
* Reveal a secret's plaintext value. Session-authenticated callers only (not
|
|
1604
|
+
* API keys), audited, and rate-limited. Returns the decrypted `value`.
|
|
1605
|
+
*/
|
|
1606
|
+
reveal(secretId: string, opts?: CallOptions): Promise<SecretWithValue>;
|
|
1607
|
+
}
|
|
1608
|
+
|
|
1609
|
+
/**
|
|
1610
|
+
* SettingsApi — `/api/v1/settings`.
|
|
1611
|
+
*
|
|
1612
|
+
* Account-level preferences: profile display name, slug, public visibility,
|
|
1613
|
+
* Hub publisher username, AI auto-compact opt-in, analytics/marketing consent.
|
|
1614
|
+
*
|
|
1615
|
+
* Slug renames go through the dedicated rename pipeline server-side
|
|
1616
|
+
* (uniqueness + cooldown + audit). Pass `slug` in `update()`; the route
|
|
1617
|
+
* dispatches to the rename path under the hood. A rejected slug surfaces
|
|
1618
|
+
* as an `invalid_request` (422) error.
|
|
1619
|
+
*
|
|
1620
|
+
* UI-only state (sidebar hints, theme, modal counters) is intentionally
|
|
1621
|
+
* NOT on the public surface.
|
|
1622
|
+
*/
|
|
1623
|
+
|
|
1624
|
+
interface UpdateSettingsInput {
|
|
1625
|
+
name?: string | null;
|
|
1626
|
+
/** Lowercase 3–30 chars, `[a-z0-9-]`. Routed through the rename pipeline. */
|
|
1627
|
+
slug?: string;
|
|
1628
|
+
is_public?: boolean;
|
|
1629
|
+
is_auto_compact_enabled?: boolean;
|
|
1630
|
+
consent_analytics?: boolean;
|
|
1631
|
+
consent_marketing?: boolean;
|
|
1632
|
+
consent_decided_at?: string;
|
|
1633
|
+
locale?: string | null;
|
|
1634
|
+
icon?: string | null;
|
|
1635
|
+
github_username?: string | null;
|
|
1636
|
+
}
|
|
1637
|
+
declare class SettingsApi {
|
|
1638
|
+
private readonly ctx;
|
|
1639
|
+
constructor(ctx: HttpContext);
|
|
1640
|
+
get(opts?: CallOptions): Promise<Settings>;
|
|
1641
|
+
update(input: UpdateSettingsInput, opts?: CallOptions): Promise<Settings>;
|
|
1642
|
+
}
|
|
1643
|
+
|
|
1644
|
+
/**
|
|
1645
|
+
* SharingApi — `/api/v1/shares` + `/api/v1/shared-with-me`.
|
|
1646
|
+
*
|
|
1647
|
+
* One unified surface for managing shares across every resource type
|
|
1648
|
+
* (chat / agent / file / workspace) — the v1 route is intentionally a
|
|
1649
|
+
* single endpoint that discriminates by `resource_type`, rather than
|
|
1650
|
+
* `/v1/chats/:id/shares` etc. The SDK mirrors that shape so we keep
|
|
1651
|
+
* the wire and the SDK at parity.
|
|
1652
|
+
*
|
|
1653
|
+
* list({ resource_type, resource_id }) → GET /v1/shares (query)
|
|
1654
|
+
* add({ resource_type, resource_id, ... }) → POST /v1/shares (body)
|
|
1655
|
+
* update({ ... }) → PATCH /v1/shares (triple
|
|
1656
|
+
* on query, {permission} body)
|
|
1657
|
+
* remove({ ... }) → DELETE /v1/shares (triple
|
|
1658
|
+
* on query, no body)
|
|
1659
|
+
* listSharedWithMe(query) → GET /v1/shared-with-me
|
|
1660
|
+
*
|
|
1661
|
+
* Grantee actor ids on the wire are profile resourceIds. The route
|
|
1662
|
+
* resolves them to internal uuids server-side. A share has no standalone
|
|
1663
|
+
* `id` — it is keyed by its `(resource_type, resource_id,
|
|
1664
|
+
* grantee_actor_id)` triple. PATCH/DELETE carry that triple as QUERY
|
|
1665
|
+
* params (not a JSON body); `remove()` echoes the triple back at the
|
|
1666
|
+
* top level of the response.
|
|
1667
|
+
*/
|
|
1668
|
+
|
|
1669
|
+
interface ListSharesQuery {
|
|
1670
|
+
resource_type: ShareResourceType;
|
|
1671
|
+
resource_id: string;
|
|
1672
|
+
}
|
|
1673
|
+
interface CreateShareInput {
|
|
1674
|
+
resource_type: ShareResourceType;
|
|
1675
|
+
resource_id: string;
|
|
1676
|
+
/** Grantee profile resourceId. */
|
|
1677
|
+
grantee_actor_id: string;
|
|
1678
|
+
permission: SharePermission;
|
|
1679
|
+
}
|
|
1680
|
+
type UpdateShareInput = CreateShareInput;
|
|
1681
|
+
interface RemoveShareInput {
|
|
1682
|
+
resource_type: ShareResourceType;
|
|
1683
|
+
resource_id: string;
|
|
1684
|
+
grantee_actor_id: string;
|
|
1685
|
+
}
|
|
1686
|
+
interface ListSharedWithMeQuery {
|
|
1687
|
+
resource_type?: ShareResourceType;
|
|
1688
|
+
limit?: number;
|
|
1689
|
+
/** Opaque pagination cursor — echo `pagination.next_cursor`. */
|
|
1690
|
+
cursor?: string;
|
|
1691
|
+
}
|
|
1692
|
+
declare class SharingApi {
|
|
1693
|
+
private readonly ctx;
|
|
1694
|
+
constructor(ctx: HttpContext);
|
|
1695
|
+
list(query: ListSharesQuery, opts?: CallOptions): Promise<Share[]>;
|
|
1696
|
+
add(input: CreateShareInput, opts?: CallOptions): Promise<Share>;
|
|
1697
|
+
/**
|
|
1698
|
+
* Update a share's permission. The keying triple
|
|
1699
|
+
* (`resource_type`, `resource_id`, `grantee_actor_id`) goes on the QUERY
|
|
1700
|
+
* string; the request BODY carries only `{ permission }`.
|
|
1701
|
+
*/
|
|
1702
|
+
update(input: UpdateShareInput, opts?: CallOptions): Promise<Share>;
|
|
1703
|
+
/**
|
|
1704
|
+
* Remove a share. The keying triple goes on the QUERY string; the
|
|
1705
|
+
* request takes NO body. The response is the removed triple at the TOP
|
|
1706
|
+
* LEVEL — `{ deleted, resource_type, resource_id, grantee_actor_id }` —
|
|
1707
|
+
* not nested under `data` (a share has no standalone id).
|
|
1708
|
+
*/
|
|
1709
|
+
remove(input: RemoveShareInput, opts?: CallOptions): Promise<ShareDeletedResult>;
|
|
1710
|
+
/**
|
|
1711
|
+
* List resources others have shared with the caller. Omit `resource_type`
|
|
1712
|
+
* for the unified view across chats / agents / files / workspaces.
|
|
1713
|
+
*/
|
|
1714
|
+
listSharedWithMe(query?: ListSharedWithMeQuery, opts?: CallOptions): Promise<SharedWithMeItem[]>;
|
|
1715
|
+
}
|
|
1716
|
+
|
|
1717
|
+
/**
|
|
1718
|
+
* StoreApi — `/api/v1/store/*`.
|
|
1719
|
+
*
|
|
1720
|
+
* Hub / store surface for browsing and installing community items: skills,
|
|
1721
|
+
* agent templates, computer images, workspace templates.
|
|
1722
|
+
*
|
|
1723
|
+
* Both verbs are feature-gated by FF42 (Hub) server-side. With the flag
|
|
1724
|
+
* OFF the routes 404; the SDK relays that as a `NotFoundError`. The CLI's
|
|
1725
|
+
* `idapt store` tree gates on the same flag client-side, so visibility of
|
|
1726
|
+
* the verbs in `idapt help` matches what the server actually accepts.
|
|
1727
|
+
*/
|
|
1728
|
+
|
|
1729
|
+
interface SearchStoreQuery {
|
|
1730
|
+
q?: string;
|
|
1731
|
+
type?: "all" | StoreItemType;
|
|
1732
|
+
sort?: "popular" | "recent" | "updated";
|
|
1733
|
+
limit?: number;
|
|
1734
|
+
/** Opaque pagination cursor — echo `pagination.next_cursor`. */
|
|
1735
|
+
cursor?: string;
|
|
1736
|
+
}
|
|
1737
|
+
interface InstallStoreItemInput {
|
|
1738
|
+
/** Destination workspace resourceId. */
|
|
1739
|
+
workspace_id: string;
|
|
1740
|
+
folder_name?: string;
|
|
1741
|
+
/** Parent file resourceId to land the installed folder under. */
|
|
1742
|
+
target_parent_id?: string | null;
|
|
1743
|
+
}
|
|
1744
|
+
declare class StoreApi {
|
|
1745
|
+
private readonly ctx;
|
|
1746
|
+
constructor(ctx: HttpContext);
|
|
1747
|
+
/**
|
|
1748
|
+
* Search the hub. Open envelope — items are heterogeneous (skills carry
|
|
1749
|
+
* version/license, agents carry icons/prompts, computer templates carry
|
|
1750
|
+
* sizing) so we surface them as `StoreItem` with an open index signature.
|
|
1751
|
+
*/
|
|
1752
|
+
search(query?: SearchStoreQuery, opts?: CallOptions): Promise<StoreItem[]>;
|
|
1753
|
+
/**
|
|
1754
|
+
* Install a hub item into one of the caller's workspaces. Returns whatever
|
|
1755
|
+
* the per-template installer produces (folder ids, agent ids, ...) —
|
|
1756
|
+
* `StoreInstallResult` carries the common fields and leaves the rest
|
|
1757
|
+
* open.
|
|
1758
|
+
*/
|
|
1759
|
+
install(resourceId: string, input: InstallStoreItemInput, opts?: CallOptions): Promise<StoreInstallResult>;
|
|
1760
|
+
}
|
|
1761
|
+
|
|
1762
|
+
/**
|
|
1763
|
+
* SubscriptionApi — `/api/v1/subscription`.
|
|
1764
|
+
*
|
|
1765
|
+
* Single-read surface: the caller's current account/credit state. Idapt is
|
|
1766
|
+
* pay-as-you-go — there are no subscription plans, periods, or trials. The
|
|
1767
|
+
* payload carries the account tier (`plan` = `free` / `paid`, `is_paid`), the
|
|
1768
|
+
* credit `balance` (USD), and the auto top-up settings.
|
|
1769
|
+
*
|
|
1770
|
+
* Anonymous / unauthenticated callers receive the `free` view rather than a
|
|
1771
|
+
* 401 — the route deliberately mirrors the cookie-route behaviour so CLI/SDK
|
|
1772
|
+
* users that haven't signed up still get a usable answer.
|
|
1773
|
+
*
|
|
1774
|
+
* Internal correlation ids and implementation-detail fields are dropped at
|
|
1775
|
+
* the route boundary; they never appear on the v1 wire.
|
|
1776
|
+
*/
|
|
1777
|
+
|
|
1778
|
+
declare class SubscriptionApi {
|
|
1779
|
+
private readonly ctx;
|
|
1780
|
+
constructor(ctx: HttpContext);
|
|
1781
|
+
get(opts?: CallOptions): Promise<Subscription>;
|
|
1782
|
+
}
|
|
1783
|
+
|
|
1784
|
+
/**
|
|
1785
|
+
* TablesApi — `/api/v1/tables` (Idapt Tables, structured documents).
|
|
1786
|
+
*
|
|
1787
|
+
* Collections hold a field schema; records are JSON documents queried via the
|
|
1788
|
+
* safe DSL. Surfaced as `client.tables.*` on `IdaptClient`.
|
|
1789
|
+
*/
|
|
1790
|
+
|
|
1791
|
+
interface TableField {
|
|
1792
|
+
key: string;
|
|
1793
|
+
name: string;
|
|
1794
|
+
type: string;
|
|
1795
|
+
options?: unknown[];
|
|
1796
|
+
required?: boolean;
|
|
1797
|
+
default?: unknown;
|
|
1798
|
+
}
|
|
1799
|
+
interface CollectionSchemaInput {
|
|
1800
|
+
fields: TableField[];
|
|
1801
|
+
}
|
|
1802
|
+
interface CreateCollectionInput {
|
|
1803
|
+
name: string;
|
|
1804
|
+
description?: string | null;
|
|
1805
|
+
icon?: string | null;
|
|
1806
|
+
schema?: CollectionSchemaInput;
|
|
1807
|
+
workspace_id?: string;
|
|
1808
|
+
}
|
|
1809
|
+
interface UpdateCollectionInput {
|
|
1810
|
+
name?: string;
|
|
1811
|
+
description?: string | null;
|
|
1812
|
+
icon?: string | null;
|
|
1813
|
+
schema?: CollectionSchemaInput;
|
|
1814
|
+
}
|
|
1815
|
+
interface TableQuery {
|
|
1816
|
+
where?: unknown;
|
|
1817
|
+
sort?: {
|
|
1818
|
+
field: string;
|
|
1819
|
+
dir?: "asc" | "desc";
|
|
1820
|
+
}[];
|
|
1821
|
+
limit?: number;
|
|
1822
|
+
cursor?: string;
|
|
1823
|
+
}
|
|
1824
|
+
declare class TablesApi {
|
|
1825
|
+
private readonly ctx;
|
|
1826
|
+
constructor(ctx: HttpContext);
|
|
1827
|
+
list(opts?: CallOptions & {
|
|
1828
|
+
workspaceId?: string;
|
|
1829
|
+
cursor?: string;
|
|
1830
|
+
limit?: number;
|
|
1831
|
+
}): Promise<TableCollection[]>;
|
|
1832
|
+
get(id: string, opts?: CallOptions): Promise<TableCollection>;
|
|
1833
|
+
create(input: CreateCollectionInput, opts?: CallOptions): Promise<TableCollection>;
|
|
1834
|
+
update(id: string, input: UpdateCollectionInput, opts?: CallOptions): Promise<TableCollection>;
|
|
1835
|
+
delete(id: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
1836
|
+
/** Query a collection's records with the filter/sort/paginate DSL. */
|
|
1837
|
+
query(id: string, query?: TableQuery, opts?: CallOptions): Promise<TableRecord[]>;
|
|
1838
|
+
createRecord(id: string, values: Record<string, unknown>, opts?: CallOptions): Promise<TableRecord>;
|
|
1839
|
+
getRecord(id: string, recordId: string, opts?: CallOptions): Promise<TableRecord>;
|
|
1840
|
+
updateRecord(id: string, recordId: string, values: Record<string, unknown>, opts?: CallOptions): Promise<TableRecord>;
|
|
1841
|
+
deleteRecord(id: string, recordId: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
1842
|
+
/** Export a collection's records as a CSV string (header row = field keys). */
|
|
1843
|
+
exportCsv(id: string, opts?: CallOptions): Promise<string>;
|
|
1844
|
+
/** Import records into a collection from a CSV string. Returns the count. */
|
|
1845
|
+
importCsv(id: string, csv: string, opts?: CallOptions): Promise<{
|
|
1846
|
+
imported: number;
|
|
1847
|
+
}>;
|
|
1848
|
+
}
|
|
1849
|
+
|
|
1850
|
+
/**
|
|
1851
|
+
* TriggersApi — `/api/v1/triggers`.
|
|
1852
|
+
*
|
|
1853
|
+
* Triggers fire actions (run code, run chat) on events (webhook, schedule,
|
|
1854
|
+
* manual). The `fire` endpoint is unauthenticated — it validates the
|
|
1855
|
+
* per-trigger webhook secret instead of the bearer token. This SDK handles
|
|
1856
|
+
* both modes: regular calls use `this.ctx.key`; `fire` can be called with
|
|
1857
|
+
* an explicit secret override.
|
|
1858
|
+
*/
|
|
1859
|
+
|
|
1860
|
+
interface FireTriggerInput {
|
|
1861
|
+
/**
|
|
1862
|
+
* Webhook secret for this trigger. Overrides the client's `ap_` key.
|
|
1863
|
+
* Required when calling `fire` outside the creating user's session.
|
|
1864
|
+
*/
|
|
1865
|
+
secret: string;
|
|
1866
|
+
/** Optional context overrides forwarded to the action. */
|
|
1867
|
+
body?: Record<string, unknown>;
|
|
1868
|
+
}
|
|
1869
|
+
interface ListTriggerRunsQuery {
|
|
1870
|
+
limit?: number;
|
|
1871
|
+
/** Opaque pagination cursor — echo `pagination.next_cursor`. */
|
|
1872
|
+
cursor?: string;
|
|
1873
|
+
}
|
|
1874
|
+
interface ListTriggersQuery {
|
|
1875
|
+
workspace_id?: string;
|
|
1876
|
+
include_archived?: boolean;
|
|
1877
|
+
archived_only?: boolean;
|
|
1878
|
+
}
|
|
1879
|
+
interface BulkTriggerCostStatsQuery {
|
|
1880
|
+
workspace_id?: string;
|
|
1881
|
+
}
|
|
1882
|
+
declare class TriggersApi {
|
|
1883
|
+
private readonly ctx;
|
|
1884
|
+
constructor(ctx: HttpContext);
|
|
1885
|
+
list(query?: ListTriggersQuery, opts?: CallOptions): Promise<Trigger[]>;
|
|
1886
|
+
/**
|
|
1887
|
+
* Create a trigger. `workspace_id` is passed in the request BODY (alongside
|
|
1888
|
+
* the flat trigger definition) — it is not a query param. The request
|
|
1889
|
+
* body is flat: every scheduling field (`cron_expression`, …) and every
|
|
1890
|
+
* action field (`agent_id`, `prompt_template`, `file_id`, …) sits at the
|
|
1891
|
+
* top level — there are no nested `trigger_config` / `action_config`
|
|
1892
|
+
* objects any more.
|
|
1893
|
+
*
|
|
1894
|
+
* For a `webhook` trigger the response additionally carries a one-time
|
|
1895
|
+
* plaintext `secret` (use `TriggerWithSecret`); other trigger types
|
|
1896
|
+
* resolve to a plain `Trigger`.
|
|
1897
|
+
*/
|
|
1898
|
+
create(workspaceId: string, input: CreateTriggerInput, opts?: CallOptions): Promise<TriggerWithSecret | Trigger>;
|
|
1899
|
+
get(id: string, opts?: CallOptions): Promise<Trigger>;
|
|
1900
|
+
update(id: string, input: UpdateTriggerInput, opts?: CallOptions): Promise<Trigger>;
|
|
1901
|
+
delete(id: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
1902
|
+
archive(id: string, opts?: CallOptions): Promise<Trigger>;
|
|
1903
|
+
unarchive(id: string, opts?: CallOptions): Promise<Trigger>;
|
|
1904
|
+
/**
|
|
1905
|
+
* Fire a trigger via its webhook secret. This endpoint does NOT use the
|
|
1906
|
+
* client's `ap_` key — the bearer is the trigger's secret — so we build a
|
|
1907
|
+
* one-off HttpContext for it rather than mutating the shared one.
|
|
1908
|
+
*
|
|
1909
|
+
* Responds HTTP 202. The response identifies the fired trigger via `id`
|
|
1910
|
+
* only.
|
|
1911
|
+
*/
|
|
1912
|
+
fire(id: string, input: FireTriggerInput, opts?: CallOptions): Promise<{
|
|
1913
|
+
id: string;
|
|
1914
|
+
}>;
|
|
1915
|
+
/**
|
|
1916
|
+
* Rotate the webhook secret. Returns the trigger with a fresh one-time
|
|
1917
|
+
* plaintext `secret` populated (`TriggerWithSecret`). The old secret
|
|
1918
|
+
* immediately stops working.
|
|
1919
|
+
*/
|
|
1920
|
+
rotateSecret(id: string, opts?: CallOptions): Promise<TriggerWithSecret>;
|
|
1921
|
+
/** Recent fires + their success/error outcome. */
|
|
1922
|
+
listRuns(id: string, query?: ListTriggerRunsQuery, opts?: CallOptions): Promise<TriggerRun[]>;
|
|
1923
|
+
getCostStats(id: string, opts?: CallOptions): Promise<TriggerCostStats>;
|
|
1924
|
+
getCostStatsMap(query?: BulkTriggerCostStatsQuery, opts?: CallOptions): Promise<Record<string, TriggerCostStats>>;
|
|
1925
|
+
}
|
|
1926
|
+
|
|
1927
|
+
/**
|
|
1928
|
+
* UserApi — identity + usage.
|
|
1929
|
+
*
|
|
1930
|
+
* `me()` is always callable (implicit `user:read` grant). `usage()` may
|
|
1931
|
+
* require elevated permissions depending on deployment — check the
|
|
1932
|
+
* manifest if you get a 403.
|
|
1933
|
+
*/
|
|
1934
|
+
|
|
1935
|
+
interface ListUsageHistoryQuery {
|
|
1936
|
+
limit?: number;
|
|
1937
|
+
/** Opaque pagination cursor — echo `pagination.next_cursor`. */
|
|
1938
|
+
cursor?: string;
|
|
1939
|
+
/** Filter history by call type (e.g. "chat", "image"). */
|
|
1940
|
+
call_type?: string;
|
|
1941
|
+
}
|
|
1942
|
+
declare class UserApi {
|
|
1943
|
+
private readonly ctx;
|
|
1944
|
+
constructor(ctx: HttpContext);
|
|
1945
|
+
/** Current authenticated user's profile. */
|
|
1946
|
+
me(opts?: CallOptions): Promise<User>;
|
|
1947
|
+
/**
|
|
1948
|
+
* Storage usage summary — bytes used / total, snapshot footprint.
|
|
1949
|
+
* Corresponds to `GET /me/usage?view=summary` (the default).
|
|
1950
|
+
*/
|
|
1951
|
+
usage(opts?: CallOptions): Promise<UsageSummary>;
|
|
1952
|
+
/**
|
|
1953
|
+
* Paginated history of LLM / image / audio calls + cost.
|
|
1954
|
+
* Corresponds to `GET /me/usage?view=history`.
|
|
1955
|
+
*/
|
|
1956
|
+
usageHistory(query?: ListUsageHistoryQuery, opts?: CallOptions): Promise<UsageRecord[]>;
|
|
1957
|
+
}
|
|
1958
|
+
|
|
1959
|
+
/**
|
|
1960
|
+
* WebSearchApi — `POST /api/v1/web/search`.
|
|
1961
|
+
*
|
|
1962
|
+
* External web search. Needs the elevated `web:search` permission. Apps
|
|
1963
|
+
* that want this must declare it in their manifest; `client.escalate()`
|
|
1964
|
+
* can request it at runtime.
|
|
1965
|
+
*/
|
|
1966
|
+
|
|
1967
|
+
interface WebSearchInput {
|
|
1968
|
+
query: string;
|
|
1969
|
+
/** Min 1, max 25. Default 12. */
|
|
1970
|
+
num_results?: number;
|
|
1971
|
+
}
|
|
1972
|
+
declare class WebSearchApi {
|
|
1973
|
+
private readonly ctx;
|
|
1974
|
+
constructor(ctx: HttpContext);
|
|
1975
|
+
search(input: WebSearchInput, opts?: CallOptions): Promise<WebSearchResponse>;
|
|
1976
|
+
}
|
|
1977
|
+
|
|
1978
|
+
/**
|
|
1979
|
+
* WorkspacesApi — `/api/v1/workspaces` CRUD + members + invitations.
|
|
1980
|
+
*
|
|
1981
|
+
* Members, invitations, and secrets all live as sub-resources under
|
|
1982
|
+
* `/workspaces/:id/...`. Members and invitations are exposed as flat methods
|
|
1983
|
+
* on this class to avoid an extra factory step. Workspace secrets are a
|
|
1984
|
+
* heavier surface and get their own top-level module (`client.secrets`).
|
|
1985
|
+
*/
|
|
1986
|
+
|
|
1987
|
+
interface CreateWorkspaceInput {
|
|
1988
|
+
name: string;
|
|
1989
|
+
slug: string;
|
|
1990
|
+
description?: string;
|
|
1991
|
+
icon?: string;
|
|
1992
|
+
}
|
|
1993
|
+
interface UpdateWorkspaceInput {
|
|
1994
|
+
name?: string;
|
|
1995
|
+
description?: string | null;
|
|
1996
|
+
icon?: string | null;
|
|
1997
|
+
/**
|
|
1998
|
+
* New workspace slug. Follows the canonical workspace-slug rules; the route
|
|
1999
|
+
* dispatches a slug change through its rename pipeline server-side.
|
|
2000
|
+
*/
|
|
2001
|
+
slug?: string;
|
|
2002
|
+
}
|
|
2003
|
+
interface ListWorkspacesQuery {
|
|
2004
|
+
include_archived?: boolean;
|
|
2005
|
+
archived_only?: boolean;
|
|
2006
|
+
}
|
|
2007
|
+
/** Only non-owner roles are acceptable in member write paths. */
|
|
2008
|
+
type WritableMemberRole = Extract<WorkspaceMemberRole, "admin" | "editor" | "viewer">;
|
|
2009
|
+
interface AddMemberInput {
|
|
2010
|
+
actor_id: string;
|
|
2011
|
+
role: WritableMemberRole;
|
|
2012
|
+
}
|
|
2013
|
+
interface UpdateMemberInput {
|
|
2014
|
+
role: WritableMemberRole;
|
|
2015
|
+
}
|
|
2016
|
+
interface CreateInvitationInput {
|
|
2017
|
+
/** Invitee profile slug, e.g. `alice`. */
|
|
2018
|
+
slug: string;
|
|
2019
|
+
role?: WritableMemberRole;
|
|
2020
|
+
}
|
|
2021
|
+
/**
|
|
2022
|
+
* Result of `POST /v1/workspaces/{id}/invitations`. The v1 contract keys an
|
|
2023
|
+
* invitation by `invitee_slug` — there is no `invitationId` / `id` field.
|
|
2024
|
+
*/
|
|
2025
|
+
interface CreateInvitationResult {
|
|
2026
|
+
invitee_slug: string;
|
|
2027
|
+
role: WritableMemberRole;
|
|
2028
|
+
status: string;
|
|
2029
|
+
}
|
|
2030
|
+
/** Result of `DELETE /v1/workspaces/{id}/invitations?invitee_slug=…`. */
|
|
2031
|
+
interface DeleteInvitationResult {
|
|
2032
|
+
deleted: true;
|
|
2033
|
+
/** The workspace id the invitation was removed from. */
|
|
2034
|
+
id: string;
|
|
2035
|
+
}
|
|
2036
|
+
declare class WorkspacesApi {
|
|
2037
|
+
private readonly ctx;
|
|
2038
|
+
constructor(ctx: HttpContext);
|
|
2039
|
+
list(query?: ListWorkspacesQuery, opts?: CallOptions): Promise<Workspace[]>;
|
|
2040
|
+
create(input: CreateWorkspaceInput, opts?: CallOptions): Promise<Workspace>;
|
|
2041
|
+
get(id: string, opts?: CallOptions): Promise<Workspace>;
|
|
2042
|
+
update(id: string, input: UpdateWorkspaceInput, opts?: CallOptions): Promise<Workspace>;
|
|
2043
|
+
delete(id: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
2044
|
+
archive(id: string, opts?: CallOptions): Promise<Workspace>;
|
|
2045
|
+
unarchive(id: string, opts?: CallOptions): Promise<Workspace>;
|
|
2046
|
+
listMembers(id: string, opts?: CallOptions): Promise<WorkspaceMember[]>;
|
|
2047
|
+
addMember(id: string, input: AddMemberInput, opts?: CallOptions): Promise<WorkspaceMember>;
|
|
2048
|
+
updateMember(id: string, memberId: string, input: UpdateMemberInput, opts?: CallOptions): Promise<WorkspaceMember>;
|
|
2049
|
+
removeMember(id: string, memberId: string, opts?: CallOptions): Promise<DeletedResponse>;
|
|
2050
|
+
listInvitations(id: string, opts?: CallOptions): Promise<WorkspaceInvitation[]>;
|
|
2051
|
+
/**
|
|
2052
|
+
* Invite an existing idapt user by their profile slug. Idempotent on
|
|
2053
|
+
* the `(workspace_id, slug)` pair — reissue safely. Personal workspaces
|
|
2054
|
+
* reject invitations.
|
|
2055
|
+
*/
|
|
2056
|
+
createInvitation(id: string, input: CreateInvitationInput, opts?: CallOptions): Promise<CreateInvitationResult>;
|
|
2057
|
+
/**
|
|
2058
|
+
* Revoke a pending invitation. The invitation is identified by the
|
|
2059
|
+
* invitee's profile slug, passed as the `invitee_slug` query param —
|
|
2060
|
+
* there is no invitation id. Returns `{ deleted: true, id }` where `id`
|
|
2061
|
+
* is the workspace id (top-level, not enveloped under `data`).
|
|
2062
|
+
*/
|
|
2063
|
+
deleteInvitation(id: string, inviteeSlug: string, opts?: CallOptions): Promise<DeleteInvitationResult>;
|
|
2064
|
+
}
|
|
2065
|
+
|
|
2066
|
+
/**
|
|
2067
|
+
* IdaptClient — the object consumers hold after `connect()`.
|
|
2068
|
+
*
|
|
2069
|
+
* Wires the folder accessors, user API, and auth escalation into one cohesive
|
|
2070
|
+
* surface. Deliberately thin — the heavy lifting is in the individual modules
|
|
2071
|
+
* so each can be tested in isolation.
|
|
2072
|
+
*
|
|
2073
|
+
* The client is **always remote** — it talks to the Idapt backend, either via
|
|
2074
|
+
* the cookie/bootstrap flow (hosted on an app subdomain) or library bearer
|
|
2075
|
+
* mode. Browser apps are **npm-only**: there is no off-Idapt local mode and no
|
|
2076
|
+
* IndexedDB / relative-fetch degradation. Every surface always works.
|
|
2077
|
+
*/
|
|
2078
|
+
|
|
2079
|
+
interface IdaptClientDeps {
|
|
2080
|
+
credential: StoredCredential;
|
|
2081
|
+
browserAppDomain: string;
|
|
2082
|
+
fetch?: typeof fetch;
|
|
2083
|
+
/** Inject for tests. Defaults to `window.location.assign(url)`. */
|
|
2084
|
+
navigate?: (url: string) => void;
|
|
2085
|
+
}
|
|
2086
|
+
declare class IdaptClient {
|
|
2087
|
+
/** The app's own code/bundle (read-only). */
|
|
2088
|
+
readonly app: AppFolder;
|
|
2089
|
+
/** The per-(user × app) data KV (read-write), scoped by the app resource id. */
|
|
2090
|
+
readonly data: DataFolder;
|
|
2091
|
+
/** Identity + usage. */
|
|
2092
|
+
readonly user: UserApi;
|
|
2093
|
+
/** Raw file ops by id (upload, move, run, folders). */
|
|
2094
|
+
readonly files: FilesApi;
|
|
2095
|
+
/** Agents CRUD. */
|
|
2096
|
+
readonly agents: AgentsApi;
|
|
2097
|
+
/** Chats CRUD + messages / runs / cost. */
|
|
2098
|
+
readonly chats: ChatsApi;
|
|
2099
|
+
/** Workspaces CRUD + members + invitations + fork. */
|
|
2100
|
+
readonly workspaces: WorkspacesApi;
|
|
2101
|
+
/** Triggers CRUD + fire, rotate-secret, runs. */
|
|
2102
|
+
readonly triggers: TriggersApi;
|
|
2103
|
+
/** Computers CRUD + lifecycle + exec/tmux/sftp + ports + users + env + pair. */
|
|
2104
|
+
readonly computers: ComputersApi;
|
|
2105
|
+
/** Workspace secrets CRUD. */
|
|
2106
|
+
readonly secrets: SecretsApi;
|
|
2107
|
+
/** Datastore (KV) — workspace key/value store for app + agent state. */
|
|
2108
|
+
readonly kv: DatastoreApi;
|
|
2109
|
+
/** Blobs — workspace object store for large / binary data. */
|
|
2110
|
+
readonly blobs: BlobsApi;
|
|
2111
|
+
/** Idapt Tables — structured document collections + records + query. */
|
|
2112
|
+
readonly tables: TablesApi;
|
|
2113
|
+
/** Realtime — broadcast + presence + live SSE subscribe over channels. */
|
|
2114
|
+
readonly realtime: RealtimeApi;
|
|
2115
|
+
/** User-API-key CRUD (`uk_` keys). Header-auth (API-key transport) is rejected. */
|
|
2116
|
+
readonly apiKeys: ApiKeysApi;
|
|
2117
|
+
/** Notifications: per-row verbs, bulk readAll, send, config + preferences. */
|
|
2118
|
+
readonly notifications: NotificationsApi;
|
|
2119
|
+
/** Account preferences (display name, slug, public visibility, consents). */
|
|
2120
|
+
readonly settings: SettingsApi;
|
|
2121
|
+
/** Current subscription view (plan, status, period, trial, downgrade target). */
|
|
2122
|
+
readonly subscription: SubscriptionApi;
|
|
2123
|
+
/** Resource shares + the inverse `/shared-with-me` list. */
|
|
2124
|
+
readonly sharing: SharingApi;
|
|
2125
|
+
/** Hub / store: search community items + install into a workspace. */
|
|
2126
|
+
readonly store: StoreApi;
|
|
2127
|
+
/** LLM model catalogue. */
|
|
2128
|
+
readonly models: ModelsApi;
|
|
2129
|
+
/** User-owned BYOK and daemon-local model provider endpoints. */
|
|
2130
|
+
readonly providerEndpoints: ProviderEndpointsApi;
|
|
2131
|
+
/** Image models + generation. */
|
|
2132
|
+
readonly images: ImagesApi;
|
|
2133
|
+
/** Text-to-speech + transcription. */
|
|
2134
|
+
readonly audio: AudioApi;
|
|
2135
|
+
/** Execute code files in sandboxed Lambda. */
|
|
2136
|
+
readonly code: CodeRunsApi;
|
|
2137
|
+
/** Full-text search across user content. */
|
|
2138
|
+
readonly search: SearchApi;
|
|
2139
|
+
/** External web search. */
|
|
2140
|
+
readonly web: WebSearchApi;
|
|
2141
|
+
/** Fetch the SKILL.md instruction text. */
|
|
2142
|
+
readonly guide: GuideApi;
|
|
2143
|
+
/** OpenAPI 3.1 spec retrieval. */
|
|
2144
|
+
readonly docs: DocsApi;
|
|
2145
|
+
/** Browser-app client metadata (appId, folder ids, api url, mode). */
|
|
2146
|
+
readonly meta: ClientMeta;
|
|
2147
|
+
/** Which backing the client is wired against (always `"remote"`). */
|
|
2148
|
+
readonly mode: RuntimeMode;
|
|
2149
|
+
private readonly deps;
|
|
2150
|
+
/** HTTP context for server calls. */
|
|
2151
|
+
private readonly ctx;
|
|
2152
|
+
constructor(deps: IdaptClientDeps);
|
|
2153
|
+
/**
|
|
2154
|
+
* The `ap_`/`uk_` key — use only for raw v1 calls the SDK doesn't wrap.
|
|
2155
|
+
* In cookie mode there is no raw key — it lives only in the httpOnly app-key
|
|
2156
|
+
* cookie the browser attaches automatically — so this throws; use the SDK
|
|
2157
|
+
* surfaces (or `getAuthToken()` for ad-hoc bearer use) instead.
|
|
2158
|
+
*/
|
|
2159
|
+
getApiKey(): string;
|
|
2160
|
+
/** API base URL the client targets. */
|
|
2161
|
+
getApiUrl(): string;
|
|
2162
|
+
/**
|
|
2163
|
+
* Mint a short-lived JWT for ad-hoc Bearer use (custom fetch calls,
|
|
2164
|
+
* third-party libraries, WebSocket protocols). Expires after ~15 min —
|
|
2165
|
+
* cache in memory, never persist to localStorage.
|
|
2166
|
+
*
|
|
2167
|
+
* Two mint paths depending on auth mode:
|
|
2168
|
+
* - **bearer/library** — the raw `uk_`/`ap_` key authenticates better-auth's
|
|
2169
|
+
* `/api/auth/token` directly.
|
|
2170
|
+
* - **cookie** — the iframe carries only the httpOnly `__Secure-idapt_app_key`
|
|
2171
|
+
* cookie, which better-auth's session-based `/api/auth/token` can't see.
|
|
2172
|
+
* We mint via `/api/browser-app/token` instead (resolves the app principal
|
|
2173
|
+
* from that cookie). The request rides `credentials: "include"` and sends
|
|
2174
|
+
* NO empty `Bearer` header.
|
|
2175
|
+
*/
|
|
2176
|
+
getAuthToken(): Promise<string>;
|
|
2177
|
+
/**
|
|
2178
|
+
* Low-level mint against `/api/browser-app/token` — exchanges the httpOnly
|
|
2179
|
+
* app cookie for a short-lived `idapt-api` JWT. Used by the cookie-mode v1
|
|
2180
|
+
* surfaces' token provider AND by `getAuthToken()` in cookie mode.
|
|
2181
|
+
*
|
|
2182
|
+
* Carries the app cookie via `credentials: "include"`; sends `Sec-Fetch-Site:
|
|
2183
|
+
* same-origin` so the server's CSRF guard accepts it (the SDK only ever runs
|
|
2184
|
+
* same-origin under the app subdomain in cookie mode).
|
|
2185
|
+
*/
|
|
2186
|
+
private fetchAppToken;
|
|
2187
|
+
/**
|
|
2188
|
+
* Build a lazily-minting, self-refreshing app-token provider for the
|
|
2189
|
+
* cookie-mode v1 contexts. Caches the JWT until ~30 s before its stated
|
|
2190
|
+
* expiry; `invalidate()` (wired to the request layer's 401 hook) drops the
|
|
2191
|
+
* cache so the next call re-mints.
|
|
2192
|
+
*/
|
|
2193
|
+
private makeAppTokenMinter;
|
|
2194
|
+
/**
|
|
2195
|
+
* Request additional scopes at runtime. Navigates to the consent page;
|
|
2196
|
+
* the returned promise never resolves because the page is navigating away.
|
|
2197
|
+
*
|
|
2198
|
+
* The credential doesn't change — principal.authorization is broadened
|
|
2199
|
+
* server-side. When the user lands back in the app, the cached key now
|
|
2200
|
+
* has the new scope.
|
|
2201
|
+
*/
|
|
2202
|
+
escalate(permissions: EscalateRequest): Promise<never>;
|
|
2203
|
+
/**
|
|
2204
|
+
* No-op in the cookie-based flow — the `__idapt_app_key` cookie is
|
|
2205
|
+
* httpOnly + server-managed, so the SDK can't clear it from JS. To end a
|
|
2206
|
+
* hosted session, revoke the credential from the main-app Connected Apps
|
|
2207
|
+
* settings.
|
|
2208
|
+
*/
|
|
2209
|
+
disconnect(): void;
|
|
2210
|
+
private navigate;
|
|
2211
|
+
}
|
|
2212
|
+
|
|
2213
|
+
export { type ListRunsQuery as $, type AddMemberInput as A, type BlobMeta as B, COMMAND_BINDINGS as C, DatastoreApi as D, type DeleteInvitationResult as E, type DeletedResult as F, DocsApi as G, type ExecCommandInput as H, IdaptClient as I, type ExecuteCommandOptions as J, FilesApi as K, type FireTriggerInput as L, type GenerateImageInput as M, GuideApi as N, type GuideContent as O, type IdaptClientDeps as P, ImagesApi as Q, type InstallStoreItemInput as R, type ListAgentsQuery as S, type ListApiKeysQuery as T, type ListChatsQuery as U, type ListComputersQuery as V, type ListExecutionsQuery as W, type ListFilesQuery as X, type ListMessagesQuery as Y, type ListNotificationsQuery as Z, type ListResult as _, AgentsApi as a, type V1CommandName as a$, type ListSharedWithMeQuery as a0, type ListSharesQuery as a1, type ListTriggerRunsQuery as a2, type ListUsageHistoryQuery as a3, ModelsApi as a4, type NotificationAudience as a5, type NotificationPreferenceUpdate as a6, NotificationsApi as a7, type PairComputerInput as a8, type PairComputerResult as a9, SharingApi as aA, type SpeakInput as aB, type SseEvent as aC, StoreApi as aD, type SubscribeOptions as aE, SubscriptionApi as aF, type TableQuery as aG, TablesApi as aH, type TmuxInput as aI, type TmuxOp as aJ, type TranscribeInput as aK, TriggersApi as aL, type UpdateAgentInput as aM, type UpdateApiKeyInput as aN, type UpdateChatInput as aO, type UpdateCollectionInput as aP, type UpdateComputerInput as aQ, type UpdateComputerUserInput as aR, type UpdateMemberInput as aS, type UpdateNotificationInput as aT, type UpdateProviderEndpointInput as aU, type UpdateSecretInput as aV, type UpdateSettingsInput as aW, type UpdateShareInput as aX, type UpdateWorkspaceInput as aY, type UploadInput as aZ, UserApi as a_, type PatchFileInput as aa, type PatchPortInput as ab, type PresenceEntry as ac, type PresenceHeartbeatOptions as ad, type ProviderEndpointModelMappingInput as ae, ProviderEndpointsApi as af, RealtimeApi as ag, type RealtimeEvent as ah, type RemoveShareInput as ai, type RepromptMessageInput as aj, type RotateApiKeyInput as ak, type RotateApiKeyResult as al, type RunCodeInput as am, type RunFileInput as an, SearchApi as ao, type SearchInput as ap, type SearchStoreQuery as aq, SecretsApi as ar, type SendMessageInput as as, type SendNotificationInput as at, type SendNotificationResult as au, SettingsApi as av, type SftpInput as aw, type SftpListResult as ax, type SftpOp as ay, type SftpUploadInput as az, ApiKeysApi as b, WebSearchApi as b0, type WebSearchInput as b1, WorkspacesApi as b2, type WritableMemberRole as b3, awaitOperation as b4, executeCommand as b5, getFileBlob as b6, getFileText as b7, listFiles as b8, AudioApi as c, BlobsApi as d, type BlobsListOptions as e, type ChannelHandle as f, ChatsApi as g, CodeRunsApi as h, type CommandBinding as i, ComputersApi as j, type CreateAgentInput as k, type CreateApiKeyInput as l, type CreateChatInput as m, type CreateCollectionInput as n, type CreateComputerInput as o, type CreateComputerUserInput as p, type CreateFolderInput as q, type CreateInvitationInput as r, type CreateInvitationResult as s, type CreateProviderEndpointInput as t, type CreateSecretInput as u, type CreateShareInput as v, type CreateUserEnvVarInput as w, type CreateWorkspaceInput as x, type DatastoreListOptions as y, type DatastoreSetOptions as z };
|