@inkbox/sdk 0.2.15 → 0.3.0

package/dist/tunnels/exceptions.d.ts

@@ -0,0 +1,31 @@
+/**
+ * inkbox-tunnels/exceptions.ts
+ *
+ * Typed exceptions for the Tunnels SDK surface.
+ */
+import { InkboxAPIError, InkboxError, type InkboxAPIErrorDetail } from "../_http.js";
+export declare class TunnelError extends InkboxError {
+    constructor(message: string);
+}
+export declare class TunnelNameInvalid extends TunnelError {
+    constructor(message: string);
+}
+export declare class TunnelSecretUnavailable extends TunnelError {
+    constructor(message: string);
+}
+export declare class TunnelRemoved extends TunnelError {
+    constructor(message: string);
+}
+export declare class TunnelStateConflict extends InkboxAPIError {
+    constructor(statusCode: number, detail: InkboxAPIErrorDetail);
+}
+export declare class TunnelNameUnavailable extends InkboxAPIError {
+    constructor(statusCode: number, detail: InkboxAPIErrorDetail);
+}
+export declare class TunnelTLSModeMismatch extends InkboxAPIError {
+    constructor(statusCode: number, detail: InkboxAPIErrorDetail);
+}
+export declare class TunnelCSRStateConflict extends TunnelStateConflict {
+    constructor(statusCode: number, detail: InkboxAPIErrorDetail);
+}
+//# sourceMappingURL=exceptions.d.ts.map

package/dist/tunnels/exceptions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"exceptions.d.ts","sourceRoot":"","sources":["../../src/tunnels/exceptions.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,cAAc,EACd,WAAW,EACX,KAAK,oBAAoB,EAC1B,MAAM,aAAa,CAAC;AAErB,qBAAa,WAAY,SAAQ,WAAW;gBAC9B,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,iBAAkB,SAAQ,WAAW;gBACpC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,uBAAwB,SAAQ,WAAW;gBAC1C,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,aAAc,SAAQ,WAAW;gBAChC,OAAO,EAAE,MAAM;CAI5B;AAgBD,qBAAa,mBAAoB,SAAQ,cAAc;gBACzC,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,oBAAoB;CAI7D;AAED,qBAAa,qBAAsB,SAAQ,cAAc;gBAC3C,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,oBAAoB;CAI7D;AAED,qBAAa,qBAAsB,SAAQ,cAAc;gBAC3C,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,oBAAoB;CAI7D;AAED,qBAAa,sBAAuB,SAAQ,mBAAmB;gBACjD,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,oBAAoB;CAI7D"}

package/dist/tunnels/exceptions.js

@@ -0,0 +1,68 @@
+/**
+ * inkbox-tunnels/exceptions.ts
+ *
+ * Typed exceptions for the Tunnels SDK surface.
+ */
+import { InkboxAPIError, InkboxError, } from "../_http.js";
+export class TunnelError extends InkboxError {
+    constructor(message) {
+        super(message);
+        this.name = "TunnelError";
+    }
+}
+export class TunnelNameInvalid extends TunnelError {
+    constructor(message) {
+        super(message);
+        this.name = "TunnelNameInvalid";
+    }
+}
+export class TunnelSecretUnavailable extends TunnelError {
+    constructor(message) {
+        super(message);
+        this.name = "TunnelSecretUnavailable";
+    }
+}
+export class TunnelRemoved extends TunnelError {
+    constructor(message) {
+        super(message);
+        this.name = "TunnelRemoved";
+    }
+}
+function sanitizeDetail(detail) {
+    const sanitizeStr = (s) => s.replace(/delete_pending/g, "pending_removal").replace(/deleted/g, "removed");
+    if (typeof detail === "string")
+        return sanitizeStr(detail);
+    if (detail && typeof detail === "object") {
+        const out = {};
+        for (const [k, v] of Object.entries(detail)) {
+            out[k] = typeof v === "string" ? sanitizeStr(v) : v;
+        }
+        return out;
+    }
+    return detail;
+}
+export class TunnelStateConflict extends InkboxAPIError {
+    constructor(statusCode, detail) {
+        super(statusCode, sanitizeDetail(detail));
+        this.name = "TunnelStateConflict";
+    }
+}
+export class TunnelNameUnavailable extends InkboxAPIError {
+    constructor(statusCode, detail) {
+        super(statusCode, detail);
+        this.name = "TunnelNameUnavailable";
+    }
+}
+export class TunnelTLSModeMismatch extends InkboxAPIError {
+    constructor(statusCode, detail) {
+        super(statusCode, detail);
+        this.name = "TunnelTLSModeMismatch";
+    }
+}
+export class TunnelCSRStateConflict extends TunnelStateConflict {
+    constructor(statusCode, detail) {
+        super(statusCode, detail);
+        this.name = "TunnelCSRStateConflict";
+    }
+}
+//# sourceMappingURL=exceptions.js.map

package/dist/tunnels/exceptions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"exceptions.js","sourceRoot":"","sources":["../../src/tunnels/exceptions.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,cAAc,EACd,WAAW,GAEZ,MAAM,aAAa,CAAC;AAErB,MAAM,OAAO,WAAY,SAAQ,WAAW;IAC1C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;IAC5B,CAAC;CACF;AAED,MAAM,OAAO,iBAAkB,SAAQ,WAAW;IAChD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AAED,MAAM,OAAO,uBAAwB,SAAQ,WAAW;IACtD,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF;AAED,MAAM,OAAO,aAAc,SAAQ,WAAW;IAC5C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;IAC9B,CAAC;CACF;AAED,SAAS,cAAc,CAAC,MAA4B;IAClD,MAAM,WAAW,GAAG,CAAC,CAAS,EAAU,EAAE,CACxC,CAAC,CAAC,OAAO,CAAC,iBAAiB,EAAE,iBAAiB,CAAC,CAAC,OAAO,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IACjF,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,WAAW,CAAC,MAAM,CAAC,CAAC;IAC3D,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QACzC,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5C,GAAG,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACtD,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,OAAO,mBAAoB,SAAQ,cAAc;IACrD,YAAY,UAAkB,EAAE,MAA4B;QAC1D,KAAK,CAAC,UAAU,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF;AAED,MAAM,OAAO,qBAAsB,SAAQ,cAAc;IACvD,YAAY,UAAkB,EAAE,MAA4B;QAC1D,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAC1B,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED,MAAM,OAAO,qBAAsB,SAAQ,cAAc;IACvD,YAAY,UAAkB,EAAE,MAA4B;QAC1D,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAC1B,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;IACtC,CAAC;CACF;AAED,MAAM,OAAO,sBAAuB,SAAQ,mBAAmB;IAC7D,YAAY,UAAkB,EAAE,MAA4B;QAC1D,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAC1B,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;IACvC,CAAC;CACF"}

package/dist/tunnels/resources/tunnels.d.ts

@@ -0,0 +1,73 @@
+/**
+ * inkbox-tunnels/resources/tunnels.ts
+ *
+ * Control-plane CRUD for tunnels. Wraps `/api/v1/tunnels/*`.
+ */
+import { HttpTransport } from "../../_http.js";
+import { CreatedTunnel, RotatedSecret, SignedCert, TLSMode, Tunnel } from "../types.js";
+export declare const POOL_SIZE_MIN = 1;
+export declare const POOL_SIZE_MAX = 32;
+export interface CreateTunnelOptions {
+    tunnelName: string;
+    tlsMode?: TLSMode | "edge" | "passthrough";
+    description?: string | null;
+}
+export interface UpdateTunnelOptions {
+    /** Pass `null` to clear; omit to leave unchanged. */
+    description?: string | null;
+    /**
+     * Pass `{}` or `null` to clear (the server's column is non-nullable
+     * and collapses both forms to `{}`); omit to leave unchanged.
+     */
+    metadata?: Record<string, unknown> | null;
+}
+export declare class TunnelsResource {
+    private readonly http;
+    constructor(http: HttpTransport);
+    list(): Promise<Tunnel[]>;
+    get(tunnelId: string): Promise<Tunnel>;
+    /**
+     * Create a new tunnel. Persist the returned `connectSecret` immediately —
+     * it is shown ONCE.
+     */
+    create(options: CreateTunnelOptions): Promise<CreatedTunnel>;
+    /**
+     * Update a tunnel. Pass only the fields you want to change.
+     *
+     * - `description: null` clears the description.
+     * - `metadata: {}` clears metadata. `metadata` cannot be `null`
+     *   (rejected client-side); pass `{}` to clear.
+     */
+    update(tunnelId: string, options: UpdateTunnelOptions): Promise<Tunnel>;
+    /**
+     * Schedule a tunnel for removal. The name is held for 24 hours, during
+     * which `restore` brings it back online.
+     */
+    delete(tunnelId: string): Promise<Tunnel>;
+    /** Bring a scheduled-for-removal tunnel back online. */
+    restore(tunnelId: string): Promise<Tunnel>;
+    /**
+     * Remove a scheduled-for-removal tunnel immediately, skipping the 24-hour
+     * window. Requires an admin-scoped API key.
+     */
+    forceDelete(tunnelId: string): Promise<Tunnel>;
+    /**
+     * Rotate the per-tunnel connect secret.
+     *
+     * The new secret takes effect on the next agent reconnect; existing live
+     * connections continue serving traffic with the old secret until they
+     * reconnect.
+     */
+    rotateSecret(tunnelId: string): Promise<RotatedSecret>;
+    /**
+     * Sign a CSR for a passthrough tunnel.
+     *
+     * The server performs DNS validation and cert issuance synchronously
+     * inside this request, which can take up to a few minutes. This call
+     * uses an elevated 180-second timeout to accommodate that.
+     */
+    signCsr(tunnelId: string, options: {
+        csrPem: string;
+    }): Promise<SignedCert>;
+}
+//# sourceMappingURL=tunnels.d.ts.map

package/dist/tunnels/resources/tunnels.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tunnels.d.ts","sourceRoot":"","sources":["../../../src/tunnels/resources/tunnels.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,aAAa,EAAkB,MAAM,gBAAgB,CAAC;AAQ/D,OAAO,EACL,aAAa,EAKb,aAAa,EACb,UAAU,EACV,OAAO,EACP,MAAM,EAKP,MAAM,aAAa,CAAC;AAMrB,eAAO,MAAM,aAAa,IAAI,CAAC;AAC/B,eAAO,MAAM,aAAa,KAAK,CAAC;AAkChC,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,OAAO,GAAG,MAAM,GAAG,aAAa,CAAC;IAC3C,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,MAAM,WAAW,mBAAmB;IAClC,qDAAqD;IACrD,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CAC3C;AAED,qBAAa,eAAe;IACd,OAAO,CAAC,QAAQ,CAAC,IAAI;gBAAJ,IAAI,EAAE,aAAa;IAI1C,IAAI,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;IAQzB,GAAG,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAO5C;;;OAGG;IACG,MAAM,CAAC,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,aAAa,CAAC;IAkBlE;;;;;;OAMG;IACG,MAAM,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,mBAAmB,GAAG,OAAO,CAAC,MAAM,CAAC;IAkB7E;;;OAGG;IACG,MAAM,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAO/C,wDAAwD;IAClD,OAAO,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAUhD;;;OAGG;IACG,WAAW,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAYpD;;;;;;OAMG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAO5D;;;;;;OAMG;IACG,OAAO,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,UAAU,CAAC;CAalF"}

package/dist/tunnels/resources/tunnels.js

@@ -0,0 +1,173 @@
+/**
+ * inkbox-tunnels/resources/tunnels.ts
+ *
+ * Control-plane CRUD for tunnels. Wraps `/api/v1/tunnels/*`.
+ */
+import { InkboxAPIError } from "../../_http.js";
+import { validateTunnelName } from "../_validation.js";
+import { TunnelCSRStateConflict, TunnelNameUnavailable, TunnelStateConflict, TunnelTLSModeMismatch, } from "../exceptions.js";
+import { TLSMode, parseCreatedTunnel, parseRotatedSecret, parseSignedCert, parseTunnel, } from "../types.js";
+const BASE = "/tunnels";
+const SIGN_CSR_TIMEOUT_MS = 180_000;
+export const POOL_SIZE_MIN = 1;
+export const POOL_SIZE_MAX = 32;
+function detailText(detail) {
+    if (typeof detail === "string")
+        return detail;
+    if (detail && typeof detail === "object") {
+        const inner = detail.detail;
+        if (typeof inner === "string")
+            return inner;
+    }
+    return String(detail);
+}
+function mapCreateError(err) {
+    if (err.statusCode === 409) {
+        return new TunnelNameUnavailable(err.statusCode, err.detail);
+    }
+    return err;
+}
+function mapStateError(err) {
+    if (err.statusCode === 409) {
+        return new TunnelStateConflict(err.statusCode, err.detail);
+    }
+    return err;
+}
+function mapSignCsrError(err) {
+    if (err.statusCode !== 409)
+        return err;
+    const text = detailText(err.detail).toLowerCase();
+    if (text.includes("edge") || text.includes("tls_mode") || text.includes("passthrough")) {
+        return new TunnelTLSModeMismatch(err.statusCode, err.detail);
+    }
+    return new TunnelCSRStateConflict(err.statusCode, err.detail);
+}
+export class TunnelsResource {
+    http;
+    constructor(http) {
+        this.http = http;
+    }
+    // --- Reads -----------------------------------------------------------
+    async list() {
+        const data = await this.http.get(`${BASE}/`);
+        const items = Array.isArray(data) ? data : data.tunnels;
+        return items.map(parseTunnel);
+    }
+    async get(tunnelId) {
+        const data = await this.http.get(`${BASE}/${tunnelId}`);
+        return parseTunnel(data);
+    }
+    // --- Writes ----------------------------------------------------------
+    /**
+     * Create a new tunnel. Persist the returned `connectSecret` immediately —
+     * it is shown ONCE.
+     */
+    async create(options) {
+        validateTunnelName(options.tunnelName);
+        const body = {
+            tunnel_name: options.tunnelName,
+            tls_mode: options.tlsMode ?? TLSMode.EDGE,
+        };
+        if (options.description !== undefined && options.description !== null) {
+            body.description = options.description;
+        }
+        try {
+            const data = await this.http.post(`${BASE}/`, body);
+            return parseCreatedTunnel(data);
+        }
+        catch (err) {
+            if (err instanceof InkboxAPIError)
+                throw mapCreateError(err);
+            throw err;
+        }
+    }
+    /**
+     * Update a tunnel. Pass only the fields you want to change.
+     *
+     * - `description: null` clears the description.
+     * - `metadata: {}` clears metadata. `metadata` cannot be `null`
+     *   (rejected client-side); pass `{}` to clear.
+     */
+    async update(tunnelId, options) {
+        const body = {};
+        if ("description" in options) {
+            body.description = options.description;
+        }
+        if ("metadata" in options) {
+            const m = options.metadata;
+            if (m !== null && m !== undefined) {
+                if (typeof m !== "object" || Array.isArray(m)) {
+                    throw new Error("metadata must be a plain object or null");
+                }
+            }
+            body.metadata = m ?? null;
+        }
+        const data = await this.http.patch(`${BASE}/${tunnelId}`, body);
+        return parseTunnel(data);
+    }
+    /**
+     * Schedule a tunnel for removal. The name is held for 24 hours, during
+     * which `restore` brings it back online.
+     */
+    async delete(tunnelId) {
+        const data = await this.http.deleteWithResponse(`${BASE}/${tunnelId}`);
+        return parseTunnel(data);
+    }
+    /** Bring a scheduled-for-removal tunnel back online. */
+    async restore(tunnelId) {
+        try {
+            const data = await this.http.post(`${BASE}/${tunnelId}/restore`);
+            return parseTunnel(data);
+        }
+        catch (err) {
+            if (err instanceof InkboxAPIError)
+                throw mapStateError(err);
+            throw err;
+        }
+    }
+    /**
+     * Remove a scheduled-for-removal tunnel immediately, skipping the 24-hour
+     * window. Requires an admin-scoped API key.
+     */
+    async forceDelete(tunnelId) {
+        try {
+            const data = await this.http.deleteWithResponse(`${BASE}/${tunnelId}/force`);
+            return parseTunnel(data);
+        }
+        catch (err) {
+            if (err instanceof InkboxAPIError)
+                throw mapStateError(err);
+            throw err;
+        }
+    }
+    /**
+     * Rotate the per-tunnel connect secret.
+     *
+     * The new secret takes effect on the next agent reconnect; existing live
+     * connections continue serving traffic with the old secret until they
+     * reconnect.
+     */
+    async rotateSecret(tunnelId) {
+        const data = await this.http.post(`${BASE}/${tunnelId}/rotate-secret`);
+        return parseRotatedSecret(data);
+    }
+    /**
+     * Sign a CSR for a passthrough tunnel.
+     *
+     * The server performs DNS validation and cert issuance synchronously
+     * inside this request, which can take up to a few minutes. This call
+     * uses an elevated 180-second timeout to accommodate that.
+     */
+    async signCsr(tunnelId, options) {
+        try {
+            const data = await this.http.post(`${BASE}/${tunnelId}/sign-csr`, { csr_pem: options.csrPem }, { timeoutMs: SIGN_CSR_TIMEOUT_MS });
+            return parseSignedCert(data);
+        }
+        catch (err) {
+            if (err instanceof InkboxAPIError)
+                throw mapSignCsrError(err);
+            throw err;
+        }
+    }
+}
+//# sourceMappingURL=tunnels.js.map

package/dist/tunnels/resources/tunnels.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tunnels.js","sourceRoot":"","sources":["../../../src/tunnels/resources/tunnels.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAiB,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC/D,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,mBAAmB,EACnB,qBAAqB,GACtB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAQL,OAAO,EAEP,kBAAkB,EAClB,kBAAkB,EAClB,eAAe,EACf,WAAW,GACZ,MAAM,aAAa,CAAC;AAErB,MAAM,IAAI,GAAG,UAAU,CAAC;AAExB,MAAM,mBAAmB,GAAG,OAAO,CAAC;AAEpC,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC;AAC/B,MAAM,CAAC,MAAM,aAAa,GAAG,EAAE,CAAC;AAEhC,SAAS,UAAU,CAAC,MAAe;IACjC,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAO,MAAM,CAAC;IAC9C,IAAI,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;QACzC,MAAM,KAAK,GAAI,MAAkC,CAAC,MAAM,CAAC;QACzD,IAAI,OAAO,KAAK,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAC;IAC9C,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,cAAc,CAAC,GAAmB;IACzC,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAC3B,OAAO,IAAI,qBAAqB,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,aAAa,CAAC,GAAmB;IACxC,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAC3B,OAAO,IAAI,mBAAmB,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC7D,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,eAAe,CAAC,GAAmB;IAC1C,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG;QAAE,OAAO,GAAG,CAAC;IACvC,MAAM,IAAI,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;IAClD,IAAI,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC,EAAE,CAAC;QACvF,OAAO,IAAI,qBAAqB,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAC/D,CAAC;IACD,OAAO,IAAI,sBAAsB,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;AAChE,CAAC;AAkBD,MAAM,OAAO,eAAe;IACG;IAA7B,YAA6B,IAAmB;QAAnB,SAAI,GAAJ,IAAI,CAAe;IAAG,CAAC;IAEpD,wEAAwE;IAExE,KAAK,CAAC,IAAI;QACR,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAC9B,GAAG,IAAI,GAAG,CACX,CAAC;QACF,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;QACxD,OAAO,KAAK,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,QAAgB;QACxB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,CAAY,GAAG,IAAI,IAAI,QAAQ,EAAE,CAAC,CAAC;QACnE,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC;IAC3B,CAAC;IAED,wEAAwE;IAExE;;;OAGG;IACH,KAAK,CAAC,MAAM,CAAC,OAA4B;QACvC,kBAAkB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACvC,MAAM,IAAI,GAA4B;YACpC,WAAW,EAAE,OAAO,CAAC,UAAU;YAC/B,QAAQ,EAAE,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI;SAC1C,CAAC;QACF,IAAI,OAAO,CAAC,WAAW,KAAK,SAAS,IAAI,OAAO,CAAC,WAAW,KAAK,IAAI,EAAE,CAAC;YACtE,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACzC,CAAC;QACD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAmB,GAAG,IAAI,GAAG,EAAE,IAAI,CAAC,CAAC;YACtE,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAClC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,cAAc;gBAAE,MAAM,cAAc,CAAC,GAAG,CAAC,CAAC;YAC7D,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,MAAM,CAAC,QAAgB,EAAE,OAA4B;QACzD,MAAM,IAAI,GAA4B,EAAE,CAAC;QACzC,IAAI,aAAa,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACzC,CAAC;QACD,IAAI,UAAU,IAAI,OAAO,EAAE,CAAC;YAC1B,MAAM,CAAC,GAAG,OAAO,CAAC,QAAQ,CAAC;YAC3B,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;gBAClC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;oBAC9C,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;gBAC7D,CAAC;YACH,CAAC;YACD,IAAI,CAAC,QAAQ,GAAG,CAAC,IAAI,IAAI,CAAC;QAC5B,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAY,GAAG,IAAI,IAAI,QAAQ,EAAE,EAAE,IAAI,CAAC,CAAC;QAC3E,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,MAAM,CAAC,QAAgB;QAC3B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAC7C,GAAG,IAAI,IAAI,QAAQ,EAAE,CACtB,CAAC;QACF,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC;IAC3B,CAAC;IAED,wDAAwD;IACxD,KAAK,CAAC,OAAO,CAAC,QAAgB;QAC5B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAAY,GAAG,IAAI,IAAI,QAAQ,UAAU,CAAC,CAAC;YAC5E,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,cAAc;gBAAE,MAAM,aAAa,CAAC,GAAG,CAAC,CAAC;YAC5D,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CAAC,QAAgB;QAChC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,kBAAkB,CAC7C,GAAG,IAAI,IAAI,QAAQ,QAAQ,CAC5B,CAAC;YACF,OAAO,WAAW,CAAC,IAAI,CAAC,CAAC;QAC3B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,cAAc;gBAAE,MAAM,aAAa,CAAC,GAAG,CAAC,CAAC;YAC5D,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAC/B,GAAG,IAAI,IAAI,QAAQ,gBAAgB,CACpC,CAAC;QACF,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,OAAO,CAAC,QAAgB,EAAE,OAA2B;QACzD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,IAAI,CAC/B,GAAG,IAAI,IAAI,QAAQ,WAAW,EAC9B,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,EAAE,EAC3B,EAAE,SAAS,EAAE,mBAAmB,EAAE,CACnC,CAAC;YACF,OAAO,eAAe,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,cAAc;gBAAE,MAAM,eAAe,CAAC,GAAG,CAAC,CAAC;YAC9D,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;CACF"}

package/dist/tunnels/types.d.ts

@@ -0,0 +1,99 @@
+/**
+ * inkbox-tunnels/types.ts
+ *
+ * Resource models for the Tunnels SDK surface.
+ */
+export declare enum TLSMode {
+    EDGE = "edge",
+    PASSTHROUGH = "passthrough"
+}
+/**
+ * Lifecycle state of a tunnel.
+ *
+ * - `awaiting_cert`: passthrough-only intermediate state. Inbound TLS
+ *   will fail until you call `tunnels.signCsr(...)`.
+ * - `active`: routable end-to-end.
+ * - `pending_removal`: `delete` was called; the name is held for 24h
+ *   during which `tunnels.restore(id)` brings it back. After 24h the
+ *   tunnel is permanently removed and its name is released. Past that
+ *   point a `GET` for the tunnel id returns 404; `TunnelRemoved`
+ *   surfaces that condition for clients holding stale state.
+ */
+export declare enum TunnelStatus {
+    AWAITING_CERT = "awaiting_cert",
+    ACTIVE = "active",
+    PENDING_REMOVAL = "pending_removal"
+}
+export interface Tunnel {
+    id: string;
+    organizationId: string;
+    tunnelName: string;
+    description: string | null;
+    tlsMode: TLSMode;
+    certPem: string | null;
+    certFingerprintSha256: string | null;
+    certExpiresAt: Date | null;
+    status: TunnelStatus;
+    lastConnectedAt: Date | null;
+    lastConnectedIpAddr: string | null;
+    restoreDeadlineAt: Date | null;
+    currentlyConnected: boolean;
+    publicHost: string | null;
+    zone: string | null;
+    metadata: Record<string, unknown>;
+    createdAt: Date;
+    updatedAt: Date;
+}
+export interface CreatedTunnel {
+    tunnel: Tunnel;
+    /** Shown ONCE — persist immediately. */
+    connectSecret: string;
+}
+export interface RotatedSecret {
+    /** New secret. Takes effect on the next agent reconnect. */
+    connectSecret: string;
+}
+export interface SignedCert {
+    certPem: string;
+    chainPem: string;
+    certFingerprintSha256: string;
+    certExpiresAt: Date;
+}
+export interface RawTunnel {
+    id: string;
+    organization_id: string;
+    tunnel_name: string;
+    description: string | null;
+    tls_mode: string;
+    cert_pem: string | null;
+    cert_fingerprint_sha256: string | null;
+    cert_expires_at: string | null;
+    status: string;
+    last_connected_at: string | null;
+    last_connected_ip_addr: string | null;
+    restore_deadline_at: string | null;
+    currently_connected: boolean;
+    public_host?: string | null;
+    zone?: string | null;
+    metadata?: Record<string, unknown> | null;
+    created_at: string;
+    updated_at: string;
+}
+export interface RawCreatedTunnel {
+    tunnel: RawTunnel;
+    connect_secret: string;
+}
+export interface RawRotatedSecret {
+    connect_secret: string;
+}
+export interface RawSignedCert {
+    cert_pem: string;
+    chain_pem: string;
+    cert_fingerprint_sha256: string;
+    cert_expires_at: string;
+}
+export declare function parseTunnel(raw: RawTunnel): Tunnel;
+export declare function parseCreatedTunnel(raw: RawCreatedTunnel): CreatedTunnel;
+export declare function parseRotatedSecret(raw: RawRotatedSecret): RotatedSecret;
+export declare function parseSignedCert(raw: RawSignedCert): SignedCert;
+//# sourceMappingURL=types.d.ts.map

package/dist/tunnels/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/tunnels/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,oBAAY,OAAO;IACjB,IAAI,SAAS;IACb,WAAW,gBAAgB;CAC5B;AAED;;;;;;;;;;;GAWG;AACH,oBAAY,YAAY;IACtB,aAAa,kBAAkB;IAC/B,MAAM,WAAW;IACjB,eAAe,oBAAoB;CACpC;AAQD,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,qBAAqB,EAAE,MAAM,GAAG,IAAI,CAAC;IACrC,aAAa,EAAE,IAAI,GAAG,IAAI,CAAC;IAC3B,MAAM,EAAE,YAAY,CAAC;IACrB,eAAe,EAAE,IAAI,GAAG,IAAI,CAAC;IAC7B,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,iBAAiB,EAAE,IAAI,GAAG,IAAI,CAAC;IAC/B,kBAAkB,EAAE,OAAO,CAAC;IAC5B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,SAAS,EAAE,IAAI,CAAC;IAChB,SAAS,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,wCAAwC;IACxC,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,aAAa;IAC5B,4DAA4D;IAC5D,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB,EAAE,MAAM,CAAC;IAC9B,aAAa,EAAE,IAAI,CAAC;CACrB;AAED,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,uBAAuB,EAAE,MAAM,GAAG,IAAI,CAAC;IACvC,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,sBAAsB,EAAE,MAAM,GAAG,IAAI,CAAC;IACtC,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,mBAAmB,EAAE,OAAO,CAAC;IAC7B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,SAAS,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,gBAAgB;IAC/B,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,uBAAuB,EAAE,MAAM,CAAC;IAChC,eAAe,EAAE,MAAM,CAAC;CACzB;AAOD,wBAAgB,WAAW,CAAC,GAAG,EAAE,SAAS,GAAG,MAAM,CAwBlD;AAED,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,CAEvE;AAED,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,gBAAgB,GAAG,aAAa,CAEvE;AAED,wBAAgB,eAAe,CAAC,GAAG,EAAE,aAAa,GAAG,UAAU,CAO9D"}

package/dist/tunnels/types.js

@@ -0,0 +1,76 @@
+/**
+ * inkbox-tunnels/types.ts
+ *
+ * Resource models for the Tunnels SDK surface.
+ */
+export var TLSMode;
+(function (TLSMode) {
+    TLSMode["EDGE"] = "edge";
+    TLSMode["PASSTHROUGH"] = "passthrough";
+})(TLSMode || (TLSMode = {}));
+/**
+ * Lifecycle state of a tunnel.
+ *
+ * - `awaiting_cert`: passthrough-only intermediate state. Inbound TLS
+ *   will fail until you call `tunnels.signCsr(...)`.
+ * - `active`: routable end-to-end.
+ * - `pending_removal`: `delete` was called; the name is held for 24h
+ *   during which `tunnels.restore(id)` brings it back. After 24h the
+ *   tunnel is permanently removed and its name is released. Past that
+ *   point a `GET` for the tunnel id returns 404; `TunnelRemoved`
+ *   surfaces that condition for clients holding stale state.
+ */
+export var TunnelStatus;
+(function (TunnelStatus) {
+    TunnelStatus["AWAITING_CERT"] = "awaiting_cert";
+    TunnelStatus["ACTIVE"] = "active";
+    TunnelStatus["PENDING_REMOVAL"] = "pending_removal";
+})(TunnelStatus || (TunnelStatus = {}));
+const STATUS_REMAP_TO_PUBLIC = {
+    awaiting_cert: TunnelStatus.AWAITING_CERT,
+    active: TunnelStatus.ACTIVE,
+    delete_pending: TunnelStatus.PENDING_REMOVAL,
+};
+function parseDate(v) {
+    if (v === null || v === undefined)
+        return null;
+    return new Date(v);
+}
+export function parseTunnel(raw) {
+    const status = STATUS_REMAP_TO_PUBLIC[raw.status] ?? raw.status;
+    return {
+        id: String(raw.id),
+        organizationId: String(raw.organization_id),
+        tunnelName: String(raw.tunnel_name),
+        description: raw.description ?? null,
+        tlsMode: raw.tls_mode,
+        certPem: raw.cert_pem ?? null,
+        certFingerprintSha256: raw.cert_fingerprint_sha256 ?? null,
+        certExpiresAt: parseDate(raw.cert_expires_at),
+        status,
+        lastConnectedAt: parseDate(raw.last_connected_at),
+        lastConnectedIpAddr: raw.last_connected_ip_addr ?? null,
+        restoreDeadlineAt: parseDate(raw.restore_deadline_at),
+        currentlyConnected: Boolean(raw.currently_connected),
+        publicHost: raw.public_host ?? null,
+        zone: raw.zone ?? null,
+        metadata: raw.metadata && typeof raw.metadata === "object" ? { ...raw.metadata } : {},
+        createdAt: new Date(raw.created_at),
+        updatedAt: new Date(raw.updated_at),
+    };
+}
+export function parseCreatedTunnel(raw) {
+    return { tunnel: parseTunnel(raw.tunnel), connectSecret: raw.connect_secret };
+}
+export function parseRotatedSecret(raw) {
+    return { connectSecret: raw.connect_secret };
+}
+export function parseSignedCert(raw) {
+    return {
+        certPem: raw.cert_pem,
+        chainPem: raw.chain_pem,
+        certFingerprintSha256: raw.cert_fingerprint_sha256,
+        certExpiresAt: new Date(raw.cert_expires_at),
+    };
+}
+//# sourceMappingURL=types.js.map

package/dist/tunnels/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/tunnels/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,CAAN,IAAY,OAGX;AAHD,WAAY,OAAO;IACjB,wBAAa,CAAA;IACb,sCAA2B,CAAA;AAC7B,CAAC,EAHW,OAAO,KAAP,OAAO,QAGlB;AAED;;;;;;;;;;;GAWG;AACH,MAAM,CAAN,IAAY,YAIX;AAJD,WAAY,YAAY;IACtB,+CAA+B,CAAA;IAC/B,iCAAiB,CAAA;IACjB,mDAAmC,CAAA;AACrC,CAAC,EAJW,YAAY,KAAZ,YAAY,QAIvB;AAED,MAAM,sBAAsB,GAAiC;IAC3D,aAAa,EAAE,YAAY,CAAC,aAAa;IACzC,MAAM,EAAE,YAAY,CAAC,MAAM;IAC3B,cAAc,EAAE,YAAY,CAAC,eAAe;CAC7C,CAAC;AA8EF,SAAS,SAAS,CAAC,CAA4B;IAC7C,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IAC/C,OAAO,IAAI,IAAI,CAAC,CAAC,CAAC,CAAC;AACrB,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,GAAc;IACxC,MAAM,MAAM,GACV,sBAAsB,CAAC,GAAG,CAAC,MAAM,CAAC,IAAK,GAAG,CAAC,MAAuB,CAAC;IACrE,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;QAClB,cAAc,EAAE,MAAM,CAAC,GAAG,CAAC,eAAe,CAAC;QAC3C,UAAU,EAAE,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC;QACnC,WAAW,EAAE,GAAG,CAAC,WAAW,IAAI,IAAI;QACpC,OAAO,EAAE,GAAG,CAAC,QAAmB;QAChC,OAAO,EAAE,GAAG,CAAC,QAAQ,IAAI,IAAI;QAC7B,qBAAqB,EAAE,GAAG,CAAC,uBAAuB,IAAI,IAAI;QAC1D,aAAa,EAAE,SAAS,CAAC,GAAG,CAAC,eAAe,CAAC;QAC7C,MAAM;QACN,eAAe,EAAE,SAAS,CAAC,GAAG,CAAC,iBAAiB,CAAC;QACjD,mBAAmB,EAAE,GAAG,CAAC,sBAAsB,IAAI,IAAI;QACvD,iBAAiB,EAAE,SAAS,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACrD,kBAAkB,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACpD,UAAU,EAAE,GAAG,CAAC,WAAW,IAAI,IAAI;QACnC,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,IAAI;QACtB,QAAQ,EACN,GAAG,CAAC,QAAQ,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE;QAC7E,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC;QACnC,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC;KACpC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,GAAqB;IACtD,OAAO,EAAE,MAAM,EAAE,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,aAAa,EAAE,GAAG,CAAC,cAAc,EAAE,CAAC;AAChF,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,GAAqB;IACtD,OAAO,EAAE,aAAa,EAAE,GAAG,CAAC,cAAc,EAAE,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,GAAkB;IAChD,OAAO;QACL,OAAO,EAAE,GAAG,CAAC,QAAQ;QACrB,QAAQ,EAAE,GAAG,CAAC,SAAS;QACvB,qBAAqB,EAAE,GAAG,CAAC,uBAAuB;QAClD,aAAa,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,eAAe,CAAC;KAC7C,CAAC;AACJ,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inkbox/sdk",
-  "version": "0.2.15",
+  "version": "0.3.0",
   "description": "TypeScript SDK for the Inkbox API",
   "license": "MIT",
   "type": "module",
@@ -8,22 +8,31 @@
   "types": "./dist/index.d.ts",
   "exports": {
     ".": {
-      "import": "./dist/index.js",
-      "types": "./dist/index.d.ts"
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./tunnels/connect": {
+      "types": "./dist/tunnels/client/index.d.ts",
+      "node": "./dist/tunnels/client/index.js"
     }
   },
   "files": [
     "dist",
+    "protocol",
     "README.md"
   ],
   "scripts": {
     "build": "tsc",
     "test": "vitest run",
     "test:coverage": "vitest run --coverage",
+    "verify:bundle": "node scripts/verify-bundle.mjs",
     "prepublishOnly": "npm run build"
   },
   "dependencies": {
-    "hash-wasm": "^4.11.0"
+    "@peculiar/x509": "^2.0.0",
+    "hash-wasm": "^4.11.0",
+    "reflect-metadata": "^0.2.2",
+    "undici": "^7.0.0"
   },
   "devDependencies": {
     "@types/node": "^25.5.0",
@@ -42,6 +51,6 @@
     "url": "https://github.com/inkbox-ai/inkbox/issues"
   },
   "engines": {
-    "node": ">=18"
+    "node": ">=22"
   }
 }