@lmnr-ai/client 0.8.27 → 0.8.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.cts CHANGED
@@ -1,11 +1,34 @@
1
- import { Datapoint, Dataset, EvaluationDatapoint, GetDatapointsResponse, InitEvaluationResponse, PushDatapointsResponse, StringUUID } from "@lmnr-ai/types";
1
+ import { CachedSpan, Datapoint, Dataset, EvaluationDatapoint, GetDatapointsResponse, InitEvaluationResponse, PushDatapointsResponse, StringUUID } from "@lmnr-ai/types";
2
2
 
3
3
  //#region src/resources/index.d.ts
4
+ /**
5
+ * Unified auth for every resource. A discriminated union so a single object
6
+ * drives both the URL prefix and the request headers:
7
+ *
8
+ * - `apiKey` → project API key (SDK / app surfaces). Routes to `/v1/*`,
9
+ * Bearer is the project key, no `x-lmnr-project-id` header.
10
+ * - `userToken` → BetterAuth user access JWT (the CLI user-token surface).
11
+ * Routes to `/v1/cli/*`, Bearer is the JWT, carries the target project in
12
+ * the `x-lmnr-project-id` header.
13
+ */
14
+ type LaminarAuth = {
15
+ type: "apiKey";
16
+ key: string;
17
+ } | {
18
+ type: "userToken";
19
+ token: string;
20
+ projectId: string;
21
+ };
4
22
  declare class BaseResource {
5
23
  protected readonly baseHttpUrl: string;
6
- protected readonly projectApiKey: string;
7
- constructor(baseHttpUrl: string, projectApiKey: string);
24
+ protected readonly auth: LaminarAuth;
25
+ /** The bearer credential, regardless of auth type (project key or user JWT). */
26
+ protected readonly credential: string;
27
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
28
+ /** API path prefix: `/v1/cli` for CLI user-token auth, `/v1` otherwise. */
29
+ protected get apiPrefix(): string;
8
30
  protected headers(): {
31
+ "x-lmnr-project-id"?: string | undefined;
9
32
  Authorization: string;
10
33
  "Content-Type": string;
11
34
  Accept: string;
@@ -15,7 +38,7 @@ declare class BaseResource {
15
38
  //#endregion
16
39
  //#region src/resources/browser-events.d.ts
17
40
  declare class BrowserEventsResource extends BaseResource {
18
- constructor(baseHttpUrl: string, projectApiKey: string);
41
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
19
42
  send({
20
43
  sessionId,
21
44
  traceId,
@@ -27,9 +50,31 @@ declare class BrowserEventsResource extends BaseResource {
27
50
  }): Promise<void>;
28
51
  }
29
52
  //#endregion
53
+ //#region src/resources/cli.d.ts
54
+ interface CliProject {
55
+ id: string;
56
+ name: string;
57
+ workspaceId: string;
58
+ workspaceName: string;
59
+ }
60
+ /**
61
+ * User-scoped CLI endpoints that don't target a specific project. Authed by the
62
+ * BetterAuth user JWT (the `credential`); deliberately does NOT send an
63
+ * `x-lmnr-project-id` header (these routes are project discovery, pre-selection).
64
+ *
65
+ * Discovery exception: this resource always hits `/v1/cli/projects` with the
66
+ * bare bearer and overrides `BaseResource.headers()`/`apiPrefix`, so it works
67
+ * even when constructed with a `userToken` auth that has no real project id yet.
68
+ */
69
+ declare class CliResource extends BaseResource {
70
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
71
+ /** Workspaces + projects the authenticated user can access. */
72
+ listProjects(): Promise<CliProject[]>;
73
+ }
74
+ //#endregion
30
75
  //#region src/resources/datasets.d.ts
31
76
  declare class DatasetsResource extends BaseResource {
32
- constructor(baseHttpUrl: string, projectApiKey: string);
77
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
33
78
  /**
34
79
  * List all datasets.
35
80
  *
@@ -92,7 +137,7 @@ declare class DatasetsResource extends BaseResource {
92
137
  //#endregion
93
138
  //#region src/resources/evals.d.ts
94
139
  declare class EvalsResource extends BaseResource {
95
- constructor(baseHttpUrl: string, projectApiKey: string);
140
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
96
141
  /**
97
142
  * Initialize an evaluation.
98
143
  *
@@ -224,7 +269,7 @@ type ScoreOptions = {
224
269
  * Resource for creating evaluator scores
225
270
  */
226
271
  declare class EvaluatorsResource extends BaseResource {
227
- constructor(baseHttpUrl: string, projectApiKey: string);
272
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
228
273
  /**
229
274
  * Create a score for a span or trace
230
275
  *
@@ -257,8 +302,26 @@ declare class EvaluatorsResource extends BaseResource {
257
302
  }
258
303
  //#endregion
259
304
  //#region src/resources/rollout-sessions.d.ts
305
+ /**
306
+ * Result of a debug-replay cache lookup (debug-replay v2).
307
+ *
308
+ * - `hit` — the server served a cached response for this input hash; replay it
309
+ * and mark the span CACHED.
310
+ * - `miss` — no cache entry; the caller latches process-wide live mode and runs
311
+ * every subsequent call live.
312
+ * - `live` — run THIS call live without latching (server COLD warmup-timeout
313
+ * degrade, or any non-OK / transport error here).
314
+ */
315
+ type CacheOutcome = {
316
+ kind: "hit";
317
+ cached: CachedSpan;
318
+ } | {
319
+ kind: "miss";
320
+ } | {
321
+ kind: "live";
322
+ };
260
323
  declare class RolloutSessionsResource extends BaseResource {
261
- constructor(baseHttpUrl: string, projectApiKey: string);
324
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
262
325
  /**
263
326
  * Idempotently register (upsert) a debug session on the backend, keyed on the
264
327
  * SDK-supplied session id. The backend stores the row so the session is
@@ -287,6 +350,31 @@ declare class RolloutSessionsResource extends BaseResource {
287
350
  sessionId: string;
288
351
  name: string;
289
352
  }): Promise<void>;
353
+ /**
354
+ * Look up the debug-replay cache for a single LLM call (debug-replay v2).
355
+ *
356
+ * The server is keyed by `inputHash` (hex blake3 of the canonicalized,
357
+ * system-stripped input messages). It returns one of three outcomes:
358
+ * - `{ outcome: "hit", response }` — a cached response to replay.
359
+ * - `{ outcome: "miss" }` — no entry; caller latches live mode.
360
+ * - `{ outcome: "live" }` — run this call live (COLD degrade).
361
+ *
362
+ * Error posture: a non-OK response or a transport error degrades to
363
+ * `{ kind: "live" }` for THIS call only — it never throws and never latches
364
+ * the process-wide live flag (only a real MISS does that). This keeps a flaky
365
+ * cache backend from turning a replay into a crash.
366
+ */
367
+ cache({
368
+ sessionId,
369
+ replayTraceId,
370
+ cacheUntil,
371
+ inputHash
372
+ }: {
373
+ sessionId: string;
374
+ replayTraceId: string;
375
+ cacheUntil: string;
376
+ inputHash: string;
377
+ }): Promise<CacheOutcome>;
290
378
  delete({
291
379
  sessionId
292
380
  }: {
@@ -296,14 +384,14 @@ declare class RolloutSessionsResource extends BaseResource {
296
384
  //#endregion
297
385
  //#region src/resources/sql.d.ts
298
386
  declare class SqlResource extends BaseResource {
299
- constructor(baseHttpUrl: string, projectApiKey: string);
387
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
300
388
  query(sql: string, parameters?: Record<string, any>): Promise<Array<Record<string, any>>>;
301
389
  }
302
390
  //#endregion
303
391
  //#region src/resources/tags.d.ts
304
392
  declare class TagsResource extends BaseResource {
305
393
  /** Resource for tagging traces. */
306
- constructor(baseHttpUrl: string, projectApiKey: string);
394
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
307
395
  /**
308
396
  * Tag a trace with a list of tags. Note that the trace must be ended before
309
397
  * tagging it. You may want to call `await Laminar.flush()` after the trace
@@ -342,7 +430,7 @@ declare class TagsResource extends BaseResource {
342
430
  //#region src/resources/traces.d.ts
343
431
  declare class TracesResource extends BaseResource {
344
432
  /** Resource for post-factum operations on existing traces. */
345
- constructor(baseHttpUrl: string, projectApiKey: string);
433
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
346
434
  /**
347
435
  * Push a metadata patch to an existing trace.
348
436
  *
@@ -401,8 +489,9 @@ declare class TracesResource extends BaseResource {
401
489
  //#region src/index.d.ts
402
490
  declare class LaminarClient {
403
491
  private baseUrl;
404
- private projectApiKey;
492
+ private auth;
405
493
  private _browserEvents;
494
+ private _cli;
406
495
  private _datasets;
407
496
  private _evals;
408
497
  private _evaluators;
@@ -412,14 +501,45 @@ declare class LaminarClient {
412
501
  private _traces;
413
502
  constructor({
414
503
  baseUrl,
504
+ port,
505
+ auth,
415
506
  projectApiKey,
416
- port
507
+ cliUserProjectId
417
508
  }?: {
418
509
  baseUrl?: string;
419
- projectApiKey?: string;
420
510
  port?: number;
511
+ /**
512
+ * Unified auth. A discriminated union that drives both the URL prefix and
513
+ * the request headers:
514
+ * - `{ type: "apiKey", key }` → project key, `/v1/*`.
515
+ * - `{ type: "userToken", token, projectId }` → user JWT, `/v1/cli/*` with
516
+ * `x-lmnr-project-id`.
517
+ * When omitted, the legacy `projectApiKey` / `cliUserProjectId` fields (or
518
+ * `LMNR_PROJECT_API_KEY`) are normalized into this union.
519
+ */
520
+ auth?: LaminarAuth;
521
+ /**
522
+ * @deprecated Pass `auth: { type: "apiKey", key }` instead. Kept for
523
+ * backward compatibility — normalized into the unified `auth` union.
524
+ */
525
+ projectApiKey?: string;
526
+ /**
527
+ * @deprecated Pass `auth: { type: "userToken", token, projectId }` instead.
528
+ * Kept for backward compatibility: when set, the legacy `projectApiKey` is
529
+ * treated as a user JWT and routes to `/v1/cli/*` with this project id.
530
+ */
531
+ cliUserProjectId?: string;
421
532
  });
533
+ /**
534
+ * Normalize the constructor's auth inputs into a {@link LaminarAuth} union.
535
+ * Precedence: an explicit `auth` wins; otherwise the legacy
536
+ * `projectApiKey` (+ optional `cliUserProjectId`) is mapped — a present
537
+ * `cliUserProjectId` selects the user-token surface, otherwise the project
538
+ * key surface. Falls back to `LMNR_PROJECT_API_KEY` as a project key.
539
+ */
540
+ private static normalizeAuth;
422
541
  get browserEvents(): BrowserEventsResource;
542
+ get cli(): CliResource;
423
543
  get datasets(): DatasetsResource;
424
544
  get evals(): EvalsResource;
425
545
  get evaluators(): EvaluatorsResource;
@@ -429,5 +549,5 @@ declare class LaminarClient {
429
549
  get traces(): TracesResource;
430
550
  }
431
551
  //#endregion
432
- export { LaminarClient };
552
+ export { type CacheOutcome, type CliProject, type LaminarAuth, LaminarClient, RolloutSessionsResource };
433
553
  //# sourceMappingURL=index.d.cts.map
package/dist/index.d.mts CHANGED
@@ -1,11 +1,34 @@
1
- import { Datapoint, Dataset, EvaluationDatapoint, GetDatapointsResponse, InitEvaluationResponse, PushDatapointsResponse, StringUUID } from "@lmnr-ai/types";
1
+ import { CachedSpan, Datapoint, Dataset, EvaluationDatapoint, GetDatapointsResponse, InitEvaluationResponse, PushDatapointsResponse, StringUUID } from "@lmnr-ai/types";
2
2
 
3
3
  //#region src/resources/index.d.ts
4
+ /**
5
+ * Unified auth for every resource. A discriminated union so a single object
6
+ * drives both the URL prefix and the request headers:
7
+ *
8
+ * - `apiKey` → project API key (SDK / app surfaces). Routes to `/v1/*`,
9
+ * Bearer is the project key, no `x-lmnr-project-id` header.
10
+ * - `userToken` → BetterAuth user access JWT (the CLI user-token surface).
11
+ * Routes to `/v1/cli/*`, Bearer is the JWT, carries the target project in
12
+ * the `x-lmnr-project-id` header.
13
+ */
14
+ type LaminarAuth = {
15
+ type: "apiKey";
16
+ key: string;
17
+ } | {
18
+ type: "userToken";
19
+ token: string;
20
+ projectId: string;
21
+ };
4
22
  declare class BaseResource {
5
23
  protected readonly baseHttpUrl: string;
6
- protected readonly projectApiKey: string;
7
- constructor(baseHttpUrl: string, projectApiKey: string);
24
+ protected readonly auth: LaminarAuth;
25
+ /** The bearer credential, regardless of auth type (project key or user JWT). */
26
+ protected readonly credential: string;
27
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
28
+ /** API path prefix: `/v1/cli` for CLI user-token auth, `/v1` otherwise. */
29
+ protected get apiPrefix(): string;
8
30
  protected headers(): {
31
+ "x-lmnr-project-id"?: string | undefined;
9
32
  Authorization: string;
10
33
  "Content-Type": string;
11
34
  Accept: string;
@@ -15,7 +38,7 @@ declare class BaseResource {
15
38
  //#endregion
16
39
  //#region src/resources/browser-events.d.ts
17
40
  declare class BrowserEventsResource extends BaseResource {
18
- constructor(baseHttpUrl: string, projectApiKey: string);
41
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
19
42
  send({
20
43
  sessionId,
21
44
  traceId,
@@ -27,9 +50,31 @@ declare class BrowserEventsResource extends BaseResource {
27
50
  }): Promise<void>;
28
51
  }
29
52
  //#endregion
53
+ //#region src/resources/cli.d.ts
54
+ interface CliProject {
55
+ id: string;
56
+ name: string;
57
+ workspaceId: string;
58
+ workspaceName: string;
59
+ }
60
+ /**
61
+ * User-scoped CLI endpoints that don't target a specific project. Authed by the
62
+ * BetterAuth user JWT (the `credential`); deliberately does NOT send an
63
+ * `x-lmnr-project-id` header (these routes are project discovery, pre-selection).
64
+ *
65
+ * Discovery exception: this resource always hits `/v1/cli/projects` with the
66
+ * bare bearer and overrides `BaseResource.headers()`/`apiPrefix`, so it works
67
+ * even when constructed with a `userToken` auth that has no real project id yet.
68
+ */
69
+ declare class CliResource extends BaseResource {
70
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
71
+ /** Workspaces + projects the authenticated user can access. */
72
+ listProjects(): Promise<CliProject[]>;
73
+ }
74
+ //#endregion
30
75
  //#region src/resources/datasets.d.ts
31
76
  declare class DatasetsResource extends BaseResource {
32
- constructor(baseHttpUrl: string, projectApiKey: string);
77
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
33
78
  /**
34
79
  * List all datasets.
35
80
  *
@@ -92,7 +137,7 @@ declare class DatasetsResource extends BaseResource {
92
137
  //#endregion
93
138
  //#region src/resources/evals.d.ts
94
139
  declare class EvalsResource extends BaseResource {
95
- constructor(baseHttpUrl: string, projectApiKey: string);
140
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
96
141
  /**
97
142
  * Initialize an evaluation.
98
143
  *
@@ -224,7 +269,7 @@ type ScoreOptions = {
224
269
  * Resource for creating evaluator scores
225
270
  */
226
271
  declare class EvaluatorsResource extends BaseResource {
227
- constructor(baseHttpUrl: string, projectApiKey: string);
272
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
228
273
  /**
229
274
  * Create a score for a span or trace
230
275
  *
@@ -257,8 +302,26 @@ declare class EvaluatorsResource extends BaseResource {
257
302
  }
258
303
  //#endregion
259
304
  //#region src/resources/rollout-sessions.d.ts
305
+ /**
306
+ * Result of a debug-replay cache lookup (debug-replay v2).
307
+ *
308
+ * - `hit` — the server served a cached response for this input hash; replay it
309
+ * and mark the span CACHED.
310
+ * - `miss` — no cache entry; the caller latches process-wide live mode and runs
311
+ * every subsequent call live.
312
+ * - `live` — run THIS call live without latching (server COLD warmup-timeout
313
+ * degrade, or any non-OK / transport error here).
314
+ */
315
+ type CacheOutcome = {
316
+ kind: "hit";
317
+ cached: CachedSpan;
318
+ } | {
319
+ kind: "miss";
320
+ } | {
321
+ kind: "live";
322
+ };
260
323
  declare class RolloutSessionsResource extends BaseResource {
261
- constructor(baseHttpUrl: string, projectApiKey: string);
324
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
262
325
  /**
263
326
  * Idempotently register (upsert) a debug session on the backend, keyed on the
264
327
  * SDK-supplied session id. The backend stores the row so the session is
@@ -287,6 +350,31 @@ declare class RolloutSessionsResource extends BaseResource {
287
350
  sessionId: string;
288
351
  name: string;
289
352
  }): Promise<void>;
353
+ /**
354
+ * Look up the debug-replay cache for a single LLM call (debug-replay v2).
355
+ *
356
+ * The server is keyed by `inputHash` (hex blake3 of the canonicalized,
357
+ * system-stripped input messages). It returns one of three outcomes:
358
+ * - `{ outcome: "hit", response }` — a cached response to replay.
359
+ * - `{ outcome: "miss" }` — no entry; caller latches live mode.
360
+ * - `{ outcome: "live" }` — run this call live (COLD degrade).
361
+ *
362
+ * Error posture: a non-OK response or a transport error degrades to
363
+ * `{ kind: "live" }` for THIS call only — it never throws and never latches
364
+ * the process-wide live flag (only a real MISS does that). This keeps a flaky
365
+ * cache backend from turning a replay into a crash.
366
+ */
367
+ cache({
368
+ sessionId,
369
+ replayTraceId,
370
+ cacheUntil,
371
+ inputHash
372
+ }: {
373
+ sessionId: string;
374
+ replayTraceId: string;
375
+ cacheUntil: string;
376
+ inputHash: string;
377
+ }): Promise<CacheOutcome>;
290
378
  delete({
291
379
  sessionId
292
380
  }: {
@@ -296,14 +384,14 @@ declare class RolloutSessionsResource extends BaseResource {
296
384
  //#endregion
297
385
  //#region src/resources/sql.d.ts
298
386
  declare class SqlResource extends BaseResource {
299
- constructor(baseHttpUrl: string, projectApiKey: string);
387
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
300
388
  query(sql: string, parameters?: Record<string, any>): Promise<Array<Record<string, any>>>;
301
389
  }
302
390
  //#endregion
303
391
  //#region src/resources/tags.d.ts
304
392
  declare class TagsResource extends BaseResource {
305
393
  /** Resource for tagging traces. */
306
- constructor(baseHttpUrl: string, projectApiKey: string);
394
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
307
395
  /**
308
396
  * Tag a trace with a list of tags. Note that the trace must be ended before
309
397
  * tagging it. You may want to call `await Laminar.flush()` after the trace
@@ -342,7 +430,7 @@ declare class TagsResource extends BaseResource {
342
430
  //#region src/resources/traces.d.ts
343
431
  declare class TracesResource extends BaseResource {
344
432
  /** Resource for post-factum operations on existing traces. */
345
- constructor(baseHttpUrl: string, projectApiKey: string);
433
+ constructor(baseHttpUrl: string, auth: LaminarAuth);
346
434
  /**
347
435
  * Push a metadata patch to an existing trace.
348
436
  *
@@ -401,8 +489,9 @@ declare class TracesResource extends BaseResource {
401
489
  //#region src/index.d.ts
402
490
  declare class LaminarClient {
403
491
  private baseUrl;
404
- private projectApiKey;
492
+ private auth;
405
493
  private _browserEvents;
494
+ private _cli;
406
495
  private _datasets;
407
496
  private _evals;
408
497
  private _evaluators;
@@ -412,14 +501,45 @@ declare class LaminarClient {
412
501
  private _traces;
413
502
  constructor({
414
503
  baseUrl,
504
+ port,
505
+ auth,
415
506
  projectApiKey,
416
- port
507
+ cliUserProjectId
417
508
  }?: {
418
509
  baseUrl?: string;
419
- projectApiKey?: string;
420
510
  port?: number;
511
+ /**
512
+ * Unified auth. A discriminated union that drives both the URL prefix and
513
+ * the request headers:
514
+ * - `{ type: "apiKey", key }` → project key, `/v1/*`.
515
+ * - `{ type: "userToken", token, projectId }` → user JWT, `/v1/cli/*` with
516
+ * `x-lmnr-project-id`.
517
+ * When omitted, the legacy `projectApiKey` / `cliUserProjectId` fields (or
518
+ * `LMNR_PROJECT_API_KEY`) are normalized into this union.
519
+ */
520
+ auth?: LaminarAuth;
521
+ /**
522
+ * @deprecated Pass `auth: { type: "apiKey", key }` instead. Kept for
523
+ * backward compatibility — normalized into the unified `auth` union.
524
+ */
525
+ projectApiKey?: string;
526
+ /**
527
+ * @deprecated Pass `auth: { type: "userToken", token, projectId }` instead.
528
+ * Kept for backward compatibility: when set, the legacy `projectApiKey` is
529
+ * treated as a user JWT and routes to `/v1/cli/*` with this project id.
530
+ */
531
+ cliUserProjectId?: string;
421
532
  });
533
+ /**
534
+ * Normalize the constructor's auth inputs into a {@link LaminarAuth} union.
535
+ * Precedence: an explicit `auth` wins; otherwise the legacy
536
+ * `projectApiKey` (+ optional `cliUserProjectId`) is mapped — a present
537
+ * `cliUserProjectId` selects the user-token surface, otherwise the project
538
+ * key surface. Falls back to `LMNR_PROJECT_API_KEY` as a project key.
539
+ */
540
+ private static normalizeAuth;
422
541
  get browserEvents(): BrowserEventsResource;
542
+ get cli(): CliResource;
423
543
  get datasets(): DatasetsResource;
424
544
  get evals(): EvalsResource;
425
545
  get evaluators(): EvaluatorsResource;
@@ -429,5 +549,5 @@ declare class LaminarClient {
429
549
  get traces(): TracesResource;
430
550
  }
431
551
  //#endregion
432
- export { LaminarClient };
552
+ export { type CacheOutcome, type CliProject, type LaminarAuth, LaminarClient, RolloutSessionsResource };
433
553
  //# sourceMappingURL=index.d.mts.map