@inkbox/sdk 0.2.0 → 0.2.2

package/README.md

@@ -1,6 +1,6 @@
 # @inkbox/sdk
 
-TypeScript SDK for the [Inkbox API](https://inkbox.ai/docs) — API-first communication infrastructure for AI agents (email, phone, authenticator/OTP, identities).
+TypeScript SDK for the [Inkbox API](https://inkbox.ai/docs) — API-first communication infrastructure for AI agents (email, phone, identities, encrypted vault — login credentials, API keys, key pairs, SSH keys, OTP, etc.).
 
 ## Install
 
@@ -19,10 +19,10 @@ You'll need an API key to use this SDK. Get one at [console.inkbox.ai](https://c
 ```ts
 import { Inkbox } from "@inkbox/sdk";
 
-const inkbox = new Inkbox({
+const inkbox = await new Inkbox({
   apiKey: process.env.INKBOX_API_KEY!,
   vaultKey: process.env.INKBOX_VAULT_KEY,
-});
+}).ready();
 
 // Create an agent identity
 const identity = await inkbox.createIdentity("support-bot");
@@ -215,42 +215,45 @@ for (const t of hits) {
 
 ---
 
-## Authenticator
+## Text Messages (SMS/MMS)
 
-```ts
-// Create an authenticator app and link it to an identity
-const app = await identity.createAuthenticatorApp();
-
-// Add an OTP account from an otpauth:// URI
-const account = await identity.createAuthenticatorAccount({
-  otpauthUri: "otpauth://totp/Example:user@example.com?secret=EXAMPLESECRET&issuer=Example",
-  displayName: "My OTP Account",        // optional (max 255 chars)
-  description: "Login MFA for Example",  // optional
-});
+Receive and read inbound text messages. Outbound SMS sending is coming soon.
 
-// List all accounts in this identity's authenticator app
-const accounts = await identity.listAuthenticatorAccounts();
+```ts
+// List text messages
+const texts = await identity.listTexts({ limit: 20 });
+for (const t of texts) {
+  console.log(t.remotePhoneNumber, t.text, t.isRead);
+}
 
-// Get a single account
-const acct = await identity.getAuthenticatorAccount("account-uuid");
+// Filter to unread only
+const unread = await identity.listTexts({ isRead: false });
 
-// Update account metadata (pass null to clear a field)
-await identity.updateAuthenticatorAccount("account-uuid", { displayName: "New Label" });
+// Get a single text
+const text = await identity.getText("text-uuid");
+console.log(text.type);  // "sms" or "mms"
+if (text.media) {         // MMS attachments (presigned S3 URLs, 1hr expiry)
+  for (const m of text.media) {
+    console.log(m.contentType, m.size, m.url);
+  }
+}
 
-// Generate an OTP code
-const otp = await identity.generateOtp("account-uuid");
-console.log(otp.otpCode);            // e.g. "482901"
-console.log(otp.validForSeconds);    // seconds until expiry (null for HOTP)
-console.log(otp.otpType);            // "totp" or "hotp"
+// List conversation summaries (one row per remote number)
+const convos = await identity.listTextConversations({ limit: 20 });
+for (const c of convos) {
+  console.log(c.remotePhoneNumber, c.latestText, c.unreadCount);
+}
 
-// Delete an account
-await identity.deleteAuthenticatorAccount("account-uuid");
+// Get messages in a specific conversation
+const msgs = await identity.getTextConversation("+15167251294", { limit: 50 });
 
-// Unlink authenticator app from identity
-await identity.unlinkAuthenticatorApp();
+// Mark as read
+await identity.markTextRead("text-uuid");
+await identity.markTextConversationRead("+15167251294");
 
-// Delete the authenticator app (org-level)
-await inkbox.authenticatorApps.delete("app-uuid");
+// Org-level: search and delete
+const results = await inkbox.texts.search(phone.id, { q: "invoice", limit: 20 });
+await inkbox.texts.update(phone.id, "text-uuid", { status: "deleted" });
 ```
 
 ---
@@ -431,10 +434,6 @@ Runnable example scripts are available in the [examples/typescript](https://gith
 | `read-agent-calls.ts` | List calls and print transcripts |
 | `receive-agent-email-webhook.ts` | Register and delete a mailbox webhook |
 | `receive-agent-call-webhook.ts` | Register, update, and delete a phone webhook |
-| `agent-authenticator-app-e2e.ts` | Full authenticator app lifecycle (create, OTP, cleanup) |
-| `create-authenticator.ts` | Create an authenticator app and add an OTP account |
-| `generate-otp.ts` | Generate an OTP code for an account |
-| `list-authenticator-accounts.ts` | List authenticator accounts for an identity |
 
 ## License
 

package/dist/agent_identity.d.ts

@@ -8,19 +8,19 @@
  * identity's assigned channels so callers never need to pass an email
  * address or phone number ID explicitly.
  */
-import type { AuthenticatorAccount, AuthenticatorApp, OTPCode } from "./authenticator/types.js";
 import { Credentials } from "./credentials.js";
+import type { TOTPCode, TOTPConfig } from "./vault/totp.js";
+import type { DecryptedVaultSecret, SecretPayload, VaultSecret } from "./vault/types.js";
 import { MessageDirection } from "./mail/types.js";
 import type { Message, MessageDetail, ThreadDetail } from "./mail/types.js";
-import type { PhoneCall, PhoneCallWithRateLimit, PhoneTranscript } from "./phone/types.js";
-import type { _AgentIdentityData, IdentityAuthenticatorApp, IdentityMailbox, IdentityPhoneNumber } from "./identities/types.js";
+import type { PhoneCall, PhoneCallWithRateLimit, PhoneTranscript, TextConversationSummary, TextMessage } from "./phone/types.js";
+import type { _AgentIdentityData, IdentityMailbox, IdentityPhoneNumber } from "./identities/types.js";
 import type { Inkbox } from "./inkbox.js";
 export declare class AgentIdentity {
     private _data;
     private readonly _inkbox;
     private _mailbox;
     private _phoneNumber;
-    private _authenticatorApp;
     private _credentials;
     private _credentialsVaultRef;
     constructor(data: _AgentIdentityData, inkbox: Inkbox);
@@ -31,8 +31,6 @@ export declare class AgentIdentity {
     get mailbox(): IdentityMailbox | null;
     /** The phone number currently assigned to this identity, or `null` if none. */
     get phoneNumber(): IdentityPhoneNumber | null;
-    /** The authenticator app currently assigned to this identity, or `null` if none. */
-    get authenticatorApp(): IdentityAuthenticatorApp | null;
     /**
      * Identity-scoped credential access.
      *
@@ -56,6 +54,57 @@ export declare class AgentIdentity {
      * @param secretId - UUID of the secret to revoke access from.
      */
     revokeCredentialAccess(secretId: string): Promise<void>;
+    /**
+     * Create a vault secret and grant this identity access to it.
+     *
+     * The vault must be unlocked first.
+     *
+     * @param options.name - Display name (max 255 characters).
+     * @param options.payload - The secret payload.
+     * @param options.description - Optional description.
+     * @returns {@link VaultSecret} metadata.
+     */
+    createSecret(options: {
+        name: string;
+        payload: SecretPayload;
+        description?: string;
+    }): Promise<VaultSecret>;
+    /**
+     * Fetch and decrypt a vault secret this identity has access to.
+     *
+     * @param secretId - UUID of the secret.
+     */
+    getSecret(secretId: string): Promise<DecryptedVaultSecret>;
+    /**
+     * Add or replace TOTP on a login secret this identity has access to.
+     *
+     * @param secretId - UUID of the login secret.
+     * @param totp - A {@link TOTPConfig} or an `otpauth://totp/...` URI string.
+     * @returns Updated {@link VaultSecret} metadata.
+     */
+    setTotp(secretId: string, totp: TOTPConfig | string): Promise<VaultSecret>;
+    /**
+     * Remove TOTP from a login secret this identity has access to.
+     *
+     * @param secretId - UUID of the login secret.
+     * @returns Updated {@link VaultSecret} metadata.
+     */
+    removeTotp(secretId: string): Promise<VaultSecret>;
+    /**
+     * Generate the current TOTP code for a login secret.
+     *
+     * Uses cached credentials if available, otherwise fetches fresh.
+     *
+     * @param secretId - UUID of the login secret.
+     * @returns A {@link TOTPCode}.
+     */
+    getTotpCode(secretId: string): Promise<TOTPCode>;
+    /**
+     * Delete a vault secret.
+     *
+     * @param secretId - UUID of the secret to delete.
+     */
+    deleteSecret(secretId: string): Promise<void>;
     /**
      * Create a new mailbox and link it to this identity.
      *
@@ -100,24 +149,6 @@ export declare class AgentIdentity {
      * Unlink this identity's phone number (does not release the number).
      */
     unlinkPhoneNumber(): Promise<void>;
-    /**
-     * Create a new authenticator app and link it to this identity.
-     *
-     * @returns The newly created {@link AuthenticatorApp}.
-     */
-    createAuthenticatorApp(): Promise<AuthenticatorApp>;
-    /**
-     * Link an existing authenticator app to this identity.
-     *
-     * @param authenticatorAppId - UUID of the authenticator app to link. Obtain via
-     *   `inkbox.authenticatorApps.list()` or `inkbox.authenticatorApps.get()`.
-     * @returns The linked {@link IdentityAuthenticatorApp}.
-     */
-    assignAuthenticatorApp(authenticatorAppId: string): Promise<IdentityAuthenticatorApp>;
-    /**
-     * Unlink this identity's authenticator app (does not delete the app).
-     */
-    unlinkAuthenticatorApp(): Promise<void>;
     /**
      * Send an email from this identity's mailbox.
      *
@@ -215,49 +246,61 @@ export declare class AgentIdentity {
      */
     listTranscripts(callId: string): Promise<PhoneTranscript[]>;
     /**
-     * Create a new authenticator account from an `otpauth://` URI.
+     * List text messages for this identity's phone number.
      *
-     * @param options.otpauthUri - `otpauth://totp/...` or `otpauth://hotp/...` URI.
-     * @param options.displayName - Optional user-managed label (max 255 characters).
-     * @param options.description - Optional free-form notes.
+     * @param options.limit - Maximum number of results. Defaults to 50.
+     * @param options.offset - Pagination offset. Defaults to 0.
+     * @param options.isRead - Filter by read state.
      */
-    createAuthenticatorAccount(options: {
-        otpauthUri: string;
-        displayName?: string;
-        description?: string;
-    }): Promise<AuthenticatorAccount>;
-    /** List all authenticator accounts in this identity's app. */
-    listAuthenticatorAccounts(): Promise<AuthenticatorAccount[]>;
+    listTexts(options?: {
+        limit?: number;
+        offset?: number;
+        isRead?: boolean;
+    }): Promise<TextMessage[]>;
     /**
-     * Get a single authenticator account by ID.
+     * Get a single text message by ID.
      *
-     * @param accountId - UUID of the authenticator account.
+     * @param textId - UUID of the text message to fetch.
      */
-    getAuthenticatorAccount(accountId: string): Promise<AuthenticatorAccount>;
+    getText(textId: string): Promise<TextMessage>;
     /**
-     * Update user-managed metadata on an authenticator account.
+     * List text conversations (one row per remote number).
      *
-     * @param accountId - UUID of the authenticator account to update.
-     * @param options.displayName - New label (max 255 characters).
-     * @param options.description - New notes.
+     * @param options.limit - Maximum number of results. Defaults to 50.
+     * @param options.offset - Pagination offset. Defaults to 0.
      */
-    updateAuthenticatorAccount(accountId: string, options: {
-        displayName?: string | null;
-        description?: string | null;
-    }): Promise<AuthenticatorAccount>;
+    listTextConversations(options?: {
+        limit?: number;
+        offset?: number;
+    }): Promise<TextConversationSummary[]>;
+    /**
+     * Get all messages with a specific remote number.
+     *
+     * @param remoteNumber - E.164 remote phone number.
+     * @param options.limit - Maximum number of results. Defaults to 50.
+     * @param options.offset - Pagination offset. Defaults to 0.
+     */
+    getTextConversation(remoteNumber: string, options?: {
+        limit?: number;
+        offset?: number;
+    }): Promise<TextMessage[]>;
     /**
-     * Delete an authenticator account.
+     * Mark a single text message as read.
      *
-     * @param accountId - UUID of the authenticator account to delete.
+     * @param textId - UUID of the text message.
      */
-    deleteAuthenticatorAccount(accountId: string): Promise<void>;
+    markTextRead(textId: string): Promise<TextMessage>;
     /**
-     * Generate the current OTP code for an authenticator account.
+     * Mark all messages in a conversation as read.
      *
-     * @param accountId - UUID of the authenticator account.
-     * @returns The generated OTP code with metadata.
+     * @param remoteNumber - E.164 remote phone number.
+     * @returns Object with `remotePhoneNumber`, `isRead`, and `updatedCount`.
      */
-    generateOtp(accountId: string): Promise<OTPCode>;
+    markTextConversationRead(remoteNumber: string): Promise<{
+        remotePhoneNumber: string;
+        isRead: boolean;
+        updatedCount: number;
+    }>;
     /**
      * Update this identity's handle or status.
      *
@@ -283,6 +326,5 @@ export declare class AgentIdentity {
     private _requireVaultUnlocked;
     private _requireMailbox;
     private _requirePhone;
-    private _requireAuthenticatorApp;
 }
 //# sourceMappingURL=agent_identity.d.ts.map

package/dist/agent_identity.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"agent_identity.d.ts","sourceRoot":"","sources":["../src/agent_identity.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,KAAK,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAChG,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,KAAK,EAAE,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC5E,OAAO,KAAK,EAAE,SAAS,EAAE,sBAAsB,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAC3F,OAAO,KAAK,EAEV,kBAAkB,EAClB,wBAAwB,EACxB,eAAe,EACf,mBAAmB,EACpB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAE1C,qBAAa,aAAa;IACxB,OAAO,CAAC,KAAK,CAAqB;IAClC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAyB;IACzC,OAAO,CAAC,YAAY,CAA6B;IACjD,OAAO,CAAC,iBAAiB,CAAkC;IAC3D,OAAO,CAAC,YAAY,CAA4B;IAChD,OAAO,CAAC,oBAAoB,CAAuB;gBAEvC,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,MAAM;IAYpD,IAAI,WAAW,IAAI,MAAM,CAAmC;IAC5D,IAAI,EAAE,IAAI,MAAM,CAAoC;IACpD,IAAI,MAAM,IAAI,MAAM,CAAoC;IAExD,0EAA0E;IAC1E,IAAI,OAAO,IAAI,eAAe,GAAG,IAAI,CAA0B;IAE/D,+EAA+E;IAC/E,IAAI,WAAW,IAAI,mBAAmB,GAAG,IAAI,CAA8B;IAE3E,oFAAoF;IACpF,IAAI,gBAAgB,IAAI,wBAAwB,GAAG,IAAI,CAAmC;IAE1F;;;;;;;;;;;;OAYG;IACG,cAAc,IAAI,OAAO,CAAC,WAAW,CAAC;IA6B5C;;;;;;;OAOG;IACG,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAS7D;;;;;OAKG;IACG,aAAa,CAAC,OAAO,GAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAA;KAAO,GAAG,OAAO,CAAC,eAAe,CAAC;IAiBrF;;;;;;OAMG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAShE;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IAMpC;;;;;;OAMG;IACG,oBAAoB,CACxB,OAAO,GAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAO,GAC9C,OAAO,CAAC,mBAAmB,CAAC;IAQ/B;;;;;;OAMG;IACG,iBAAiB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAS5E;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,IAAI,CAAC;IAMxC;;;;OAIG;IACG,sBAAsB,IAAI,OAAO,CAAC,gBAAgB,CAAC;IAazD;;;;;;OAMG;IACG,sBAAsB,CAAC,kBAAkB,EAAE,MAAM,GAAG,OAAO,CAAC,wBAAwB,CAAC;IAS3F;;OAEG;IACG,sBAAsB,IAAI,OAAO,CAAC,IAAI,CAAC;IAU7C;;;;;;;;;;;OAWG;IACG,SAAS,CAAC,OAAO,EAAE;QACvB,EAAE,EAAE,MAAM,EAAE,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC;QACd,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;QACf,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,WAAW,CAAC,EAAE,KAAK,CAAC;YAAE,QAAQ,EAAE,MAAM,CAAC;YAAC,WAAW,EAAE,MAAM,CAAC;YAAC,aAAa,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;KACvF,GAAG,OAAO,CAAC,OAAO,CAAC;IAKpB;;;;;;;OAOG;IACH,UAAU,CAAC,OAAO,GAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,gBAAgB,CAAA;KAAO,GAAG,cAAc,CAAC,OAAO,CAAC;IAKtG;;;;;;;OAOG;IACI,gBAAgB,CAAC,OAAO,GAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,gBAAgB,CAAA;KAAO,GAAG,cAAc,CAAC,OAAO,CAAC;IAMnH;;;;OAIG;IACG,cAAc,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAOzD;;;;;OAKG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAK3D;;;;;OAKG;IACG,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IASxD;;;;;OAKG;IACG,SAAS,CAAC,OAAO,EAAE;QACvB,QAAQ,EAAE,MAAM,CAAC;QACjB,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,GAAG,OAAO,CAAC,sBAAsB,CAAC;IASnC;;;;;OAKG;IACG,SAAS,CAAC,OAAO,GAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAO,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAKxF;;;;OAIG;IACG,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IASjE;;;;;;OAMG;IACG,0BAA0B,CAAC,OAAO,EAAE;QACxC,UAAU,EAAE,MAAM,CAAC;QACnB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAKjC,8DAA8D;IACxD,yBAAyB,IAAI,OAAO,CAAC,oBAAoB,EAAE,CAAC;IAKlE;;;;OAIG;IACG,uBAAuB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAK/E;;;;;;OAMG;IACG,0BAA0B,CAC9B,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE;QAAE,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,GACpE,OAAO,CAAC,oBAAoB,CAAC;IAKhC;;;;OAIG;IACG,0BAA0B,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKlE;;;;;OAKG;IACG,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAStD;;;;;OAKG;IACG,MAAM,CAAC,OAAO,EAAE;QAAE,SAAS,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAU7E;;;;;;;;OAQG;IACG,OAAO,IAAI,OAAO,CAAC,aAAa,CAAC;IAUvC,qEAAqE;IAC/D,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAQ7B,OAAO,CAAC,qBAAqB;IAQ7B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,aAAa;IAQrB,OAAO,CAAC,wBAAwB;CAOjC"}
+{"version":3,"file":"agent_identity.d.ts","sourceRoot":"","sources":["../src/agent_identity.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAC5D,OAAO,KAAK,EAAE,oBAAoB,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACzF,OAAO,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACnD,OAAO,KAAK,EAAE,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC5E,OAAO,KAAK,EACV,SAAS,EACT,sBAAsB,EACtB,eAAe,EACf,uBAAuB,EACvB,WAAW,EACZ,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAEV,kBAAkB,EAClB,eAAe,EACf,mBAAmB,EACpB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAE1C,qBAAa,aAAa;IACxB,OAAO,CAAC,KAAK,CAAqB;IAClC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAyB;IACzC,OAAO,CAAC,YAAY,CAA6B;IACjD,OAAO,CAAC,YAAY,CAA4B;IAChD,OAAO,CAAC,oBAAoB,CAAuB;gBAEvC,IAAI,EAAE,kBAAkB,EAAE,MAAM,EAAE,MAAM;IAWpD,IAAI,WAAW,IAAI,MAAM,CAAmC;IAC5D,IAAI,EAAE,IAAI,MAAM,CAAoC;IACpD,IAAI,MAAM,IAAI,MAAM,CAAoC;IAExD,0EAA0E;IAC1E,IAAI,OAAO,IAAI,eAAe,GAAG,IAAI,CAA0B;IAE/D,+EAA+E;IAC/E,IAAI,WAAW,IAAI,mBAAmB,GAAG,IAAI,CAA8B;IAE3E;;;;;;;;;;;;OAYG;IACG,cAAc,IAAI,OAAO,CAAC,WAAW,CAAC;IA6B5C;;;;;;;OAOG;IACG,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAS7D;;;;;;;;;OASG;IACG,YAAY,CAAC,OAAO,EAAE;QAC1B,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,aAAa,CAAC;QACvB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,GAAG,OAAO,CAAC,WAAW,CAAC;IASxB;;;;OAIG;IACG,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAKhE;;;;;;OAMG;IACG,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAOhF;;;;;OAKG;IACG,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAOxD;;;;;;;OAOG;IACG,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAKtD;;;;OAIG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAUnD;;;;;OAKG;IACG,aAAa,CAAC,OAAO,GAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAA;KAAO,GAAG,OAAO,CAAC,eAAe,CAAC;IAiBrF;;;;;;OAMG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAShE;;OAEG;IACG,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;IAMpC;;;;;;OAMG;IACG,oBAAoB,CACxB,OAAO,GAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAO,GAC9C,OAAO,CAAC,mBAAmB,CAAC;IAQ/B;;;;;;OAMG;IACG,iBAAiB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAS5E;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,IAAI,CAAC;IAUxC;;;;;;;;;;;OAWG;IACG,SAAS,CAAC,OAAO,EAAE;QACvB,EAAE,EAAE,MAAM,EAAE,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC;QACd,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC;QACf,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,WAAW,CAAC,EAAE,KAAK,CAAC;YAAE,QAAQ,EAAE,MAAM,CAAC;YAAC,WAAW,EAAE,MAAM,CAAC;YAAC,aAAa,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;KACvF,GAAG,OAAO,CAAC,OAAO,CAAC;IAKpB;;;;;;;OAOG;IACH,UAAU,CAAC,OAAO,GAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,gBAAgB,CAAA;KAAO,GAAG,cAAc,CAAC,OAAO,CAAC;IAKtG;;;;;;;OAOG;IACI,gBAAgB,CAAC,OAAO,GAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;QAAC,SAAS,CAAC,EAAE,gBAAgB,CAAA;KAAO,GAAG,cAAc,CAAC,OAAO,CAAC;IAMnH;;;;OAIG;IACG,cAAc,CAAC,UAAU,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAOzD;;;;;OAKG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAK3D;;;;;OAKG;IACG,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IASxD;;;;;OAKG;IACG,SAAS,CAAC,OAAO,EAAE;QACvB,QAAQ,EAAE,MAAM,CAAC;QACjB,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,GAAG,OAAO,CAAC,sBAAsB,CAAC;IASnC;;;;;OAKG;IACG,SAAS,CAAC,OAAO,GAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAO,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;IAKxF;;;;OAIG;IACG,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IASjE;;;;;;OAMG;IACG,SAAS,CACb,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,OAAO,CAAA;KAAE,GAC9D,OAAO,CAAC,WAAW,EAAE,CAAC;IAKzB;;;;OAIG;IACG,OAAO,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAKnD;;;;;OAKG;IACG,qBAAqB,CACzB,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAC5C,OAAO,CAAC,uBAAuB,EAAE,CAAC;IAKrC;;;;;;OAMG;IACG,mBAAmB,CACvB,YAAY,EAAE,MAAM,EACpB,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAC5C,OAAO,CAAC,WAAW,EAAE,CAAC;IAKzB;;;;OAIG;IACG,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAOxD;;;;;OAKG;IACG,wBAAwB,CAC5B,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC;QAAE,iBAAiB,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,OAAO,CAAC;QAAC,YAAY,EAAE,MAAM,CAAA;KAAE,CAAC;IAahF;;;;;OAKG;IACG,MAAM,CAAC,OAAO,EAAE;QAAE,SAAS,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IAS7E;;;;;;;;OAQG;IACG,OAAO,IAAI,OAAO,CAAC,aAAa,CAAC;IASvC,qEAAqE;IAC/D,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAQ7B,OAAO,CAAC,qBAAqB;IAQ7B,OAAO,CAAC,eAAe;IAQvB,OAAO,CAAC,aAAa;CAQtB"}

package/dist/agent_identity.js

@@ -15,7 +15,6 @@ export class AgentIdentity {
     _inkbox;
     _mailbox;
     _phoneNumber;
-    _authenticatorApp;
     _credentials = null;
     _credentialsVaultRef = null; // tracks which _unlocked built the cache
     constructor(data, inkbox) {
@@ -23,7 +22,6 @@ export class AgentIdentity {
         this._inkbox = inkbox;
         this._mailbox = data.mailbox;
         this._phoneNumber = data.phoneNumber;
-        this._authenticatorApp = data.authenticatorApp;
     }
     // ------------------------------------------------------------------
     // Identity properties
@@ -35,8 +33,6 @@ export class AgentIdentity {
     get mailbox() { return this._mailbox; }
     /** The phone number currently assigned to this identity, or `null` if none. */
     get phoneNumber() { return this._phoneNumber; }
-    /** The authenticator app currently assigned to this identity, or `null` if none. */
-    get authenticatorApp() { return this._authenticatorApp; }
     /**
      * Identity-scoped credential access.
      *
@@ -89,6 +85,83 @@ export class AgentIdentity {
         this._credentials = null;
     }
     // ------------------------------------------------------------------
+    // Vault secret management
+    // ------------------------------------------------------------------
+    /**
+     * Create a vault secret and grant this identity access to it.
+     *
+     * The vault must be unlocked first.
+     *
+     * @param options.name - Display name (max 255 characters).
+     * @param options.payload - The secret payload.
+     * @param options.description - Optional description.
+     * @returns {@link VaultSecret} metadata.
+     */
+    async createSecret(options) {
+        this._requireVaultUnlocked();
+        const unlocked = this._inkbox._vaultResource._unlocked;
+        const secret = await unlocked.createSecret(options);
+        await this._inkbox._vaultResource.grantAccess(secret.id, this.id);
+        this._credentials = null;
+        return secret;
+    }
+    /**
+     * Fetch and decrypt a vault secret this identity has access to.
+     *
+     * @param secretId - UUID of the secret.
+     */
+    async getSecret(secretId) {
+        this._requireVaultUnlocked();
+        return this._inkbox._vaultResource._unlocked.getSecret(secretId);
+    }
+    /**
+     * Add or replace TOTP on a login secret this identity has access to.
+     *
+     * @param secretId - UUID of the login secret.
+     * @param totp - A {@link TOTPConfig} or an `otpauth://totp/...` URI string.
+     * @returns Updated {@link VaultSecret} metadata.
+     */
+    async setTotp(secretId, totp) {
+        this._requireVaultUnlocked();
+        const result = await this._inkbox._vaultResource._unlocked.setTotp(secretId, totp);
+        this._credentials = null;
+        return result;
+    }
+    /**
+     * Remove TOTP from a login secret this identity has access to.
+     *
+     * @param secretId - UUID of the login secret.
+     * @returns Updated {@link VaultSecret} metadata.
+     */
+    async removeTotp(secretId) {
+        this._requireVaultUnlocked();
+        const result = await this._inkbox._vaultResource._unlocked.removeTotp(secretId);
+        this._credentials = null;
+        return result;
+    }
+    /**
+     * Generate the current TOTP code for a login secret.
+     *
+     * Uses cached credentials if available, otherwise fetches fresh.
+     *
+     * @param secretId - UUID of the login secret.
+     * @returns A {@link TOTPCode}.
+     */
+    async getTotpCode(secretId) {
+        this._requireVaultUnlocked();
+        return this._inkbox._vaultResource._unlocked.getTotpCode(secretId);
+    }
+    /**
+     * Delete a vault secret.
+     *
+     * @param secretId - UUID of the secret to delete.
+     */
+    async deleteSecret(secretId) {
+        this._requireVaultUnlocked();
+        await this._inkbox._vaultResource._unlocked.deleteSecret(secretId);
+        this._credentials = null;
+    }
+    // ------------------------------------------------------------------
     // Channel management
     // ------------------------------------------------------------------
     /**
@@ -173,46 +246,6 @@ export class AgentIdentity {
         await this._inkbox._idsResource.unlinkPhoneNumber(this.agentHandle);
         this._phoneNumber = null;
     }
-    /**
-     * Create a new authenticator app and link it to this identity.
-     *
-     * @returns The newly created {@link AuthenticatorApp}.
-     */
-    async createAuthenticatorApp() {
-        const app = await this._inkbox._authApps.create({ agentHandle: this.agentHandle });
-        this._authenticatorApp = {
-            id: app.id,
-            organizationId: app.organizationId,
-            identityId: app.identityId,
-            status: app.status,
-            createdAt: app.createdAt,
-            updatedAt: app.updatedAt,
-        };
-        return app;
-    }
-    /**
-     * Link an existing authenticator app to this identity.
-     *
-     * @param authenticatorAppId - UUID of the authenticator app to link. Obtain via
-     *   `inkbox.authenticatorApps.list()` or `inkbox.authenticatorApps.get()`.
-     * @returns The linked {@link IdentityAuthenticatorApp}.
-     */
-    async assignAuthenticatorApp(authenticatorAppId) {
-        const data = await this._inkbox._idsResource.assignAuthenticatorApp(this.agentHandle, {
-            authenticatorAppId,
-        });
-        this._authenticatorApp = data.authenticatorApp;
-        this._data = data;
-        return this._authenticatorApp;
-    }
-    /**
-     * Unlink this identity's authenticator app (does not delete the app).
-     */
-    async unlinkAuthenticatorApp() {
-        this._requireAuthenticatorApp();
-        await this._inkbox._idsResource.unlinkAuthenticatorApp(this.agentHandle);
-        this._authenticatorApp = null;
-    }
     // ------------------------------------------------------------------
     // Mail helpers
     // ------------------------------------------------------------------
@@ -326,62 +359,69 @@ export class AgentIdentity {
         return this._inkbox._transcripts.list(this._phoneNumber.id, callId);
     }
     // ------------------------------------------------------------------
-    // Authenticator helpers
+    // Text message helpers
     // ------------------------------------------------------------------
     /**
-     * Create a new authenticator account from an `otpauth://` URI.
+     * List text messages for this identity's phone number.
      *
-     * @param options.otpauthUri - `otpauth://totp/...` or `otpauth://hotp/...` URI.
-     * @param options.displayName - Optional user-managed label (max 255 characters).
-     * @param options.description - Optional free-form notes.
+     * @param options.limit - Maximum number of results. Defaults to 50.
+     * @param options.offset - Pagination offset. Defaults to 0.
+     * @param options.isRead - Filter by read state.
      */
-    async createAuthenticatorAccount(options) {
-        this._requireAuthenticatorApp();
-        return this._inkbox._authAccounts.create(this._authenticatorApp.id, options);
+    async listTexts(options) {
+        this._requirePhone();
+        return this._inkbox._texts.list(this._phoneNumber.id, options);
     }
-    /** List all authenticator accounts in this identity's app. */
-    async listAuthenticatorAccounts() {
-        this._requireAuthenticatorApp();
-        return this._inkbox._authAccounts.list(this._authenticatorApp.id);
+    /**
+     * Get a single text message by ID.
+     *
+     * @param textId - UUID of the text message to fetch.
+     */
+    async getText(textId) {
+        this._requirePhone();
+        return this._inkbox._texts.get(this._phoneNumber.id, textId);
     }
     /**
-     * Get a single authenticator account by ID.
+     * List text conversations (one row per remote number).
      *
-     * @param accountId - UUID of the authenticator account.
+     * @param options.limit - Maximum number of results. Defaults to 50.
+     * @param options.offset - Pagination offset. Defaults to 0.
      */
-    async getAuthenticatorAccount(accountId) {
-        this._requireAuthenticatorApp();
-        return this._inkbox._authAccounts.get(this._authenticatorApp.id, accountId);
+    async listTextConversations(options) {
+        this._requirePhone();
+        return this._inkbox._texts.listConversations(this._phoneNumber.id, options);
     }
     /**
-     * Update user-managed metadata on an authenticator account.
+     * Get all messages with a specific remote number.
      *
-     * @param accountId - UUID of the authenticator account to update.
-     * @param options.displayName - New label (max 255 characters).
-     * @param options.description - New notes.
+     * @param remoteNumber - E.164 remote phone number.
+     * @param options.limit - Maximum number of results. Defaults to 50.
+     * @param options.offset - Pagination offset. Defaults to 0.
      */
-    async updateAuthenticatorAccount(accountId, options) {
-        this._requireAuthenticatorApp();
-        return this._inkbox._authAccounts.update(this._authenticatorApp.id, accountId, options);
+    async getTextConversation(remoteNumber, options) {
+        this._requirePhone();
+        return this._inkbox._texts.getConversation(this._phoneNumber.id, remoteNumber, options);
     }
     /**
-     * Delete an authenticator account.
+     * Mark a single text message as read.
      *
-     * @param accountId - UUID of the authenticator account to delete.
+     * @param textId - UUID of the text message.
      */
-    async deleteAuthenticatorAccount(accountId) {
-        this._requireAuthenticatorApp();
-        await this._inkbox._authAccounts.delete(this._authenticatorApp.id, accountId);
+    async markTextRead(textId) {
+        this._requirePhone();
+        return this._inkbox._texts.update(this._phoneNumber.id, textId, {
+            isRead: true,
+        });
     }
     /**
-     * Generate the current OTP code for an authenticator account.
+     * Mark all messages in a conversation as read.
      *
-     * @param accountId - UUID of the authenticator account.
-     * @returns The generated OTP code with metadata.
+     * @param remoteNumber - E.164 remote phone number.
+     * @returns Object with `remotePhoneNumber`, `isRead`, and `updatedCount`.
      */
-    async generateOtp(accountId) {
-        this._requireAuthenticatorApp();
-        return this._inkbox._authAccounts.generateOtp(this._authenticatorApp.id, accountId);
+    async markTextConversationRead(remoteNumber) {
+        this._requirePhone();
+        return this._inkbox._texts.updateConversation(this._phoneNumber.id, remoteNumber, { isRead: true });
     }
     // ------------------------------------------------------------------
     // Identity management
@@ -398,7 +438,6 @@ export class AgentIdentity {
             ...result,
             mailbox: this._mailbox,
             phoneNumber: this._phoneNumber,
-            authenticatorApp: this._authenticatorApp,
         };
     }
     /**
@@ -415,7 +454,6 @@ export class AgentIdentity {
         this._data = data;
         this._mailbox = data.mailbox;
         this._phoneNumber = data.phoneNumber;
-        this._authenticatorApp = data.authenticatorApp;
         this._credentials = null;
         return this;
     }
@@ -441,10 +479,5 @@ export class AgentIdentity {
             throw new InkboxError(`Identity '${this.agentHandle}' has no phone number assigned. Call identity.provisionPhoneNumber() or identity.assignPhoneNumber() first.`);
         }
     }
-    _requireAuthenticatorApp() {
-        if (!this._authenticatorApp) {
-            throw new InkboxError(`Identity '${this.agentHandle}' has no authenticator app assigned. Call identity.createAuthenticatorApp() or identity.assignAuthenticatorApp() first.`);
-        }
-    }
 }
 //# sourceMappingURL=agent_identity.js.map