@mantyx/sdk 0.9.0 → 0.10.0

package/dist/{client-CeWCSsmD.d.cts → client-DHwh8MPj.d.cts}

@@ -1,5 +1,345 @@
 import { z } from 'zod';
 
+/**
+ * Error types raised by the MANTYX SDK.
+ */
+declare class MantyxError extends Error {
+    readonly code: string;
+    readonly status: number | undefined;
+    readonly hint: string | undefined;
+    constructor(message: string, opts?: {
+        code?: string;
+        status?: number;
+        hint?: string;
+    });
+}
+declare class MantyxNetworkError extends MantyxError {
+    constructor(message: string, opts?: {
+        cause?: unknown;
+    });
+}
+declare class MantyxAuthError extends MantyxError {
+    constructor(message?: string);
+}
+/**
+ * Raised on `403 insufficient_scope`, returned when an OAuth access token
+ * is missing one of the scopes a route demands (see
+ * `docs/agent-runs-protocol.md` §2.2 for the per-endpoint table).
+ *
+ * `requiredScopes` carries the verbatim `required` value from the
+ * server's response — a single scope for most routes, an array when the
+ * route demands more than one. The SDK is expected to surface this so
+ * callers can drive a re-consent flow (e.g. "please re-authorise the
+ * app with `sessions:write` enabled").
+ *
+ * Workspace API keys never trip this error — they carry no granular
+ * scopes. It is OAuth-only.
+ */
+declare class MantyxScopeError extends MantyxError {
+    /**
+     * Scope(s) the route demanded. Always at least one entry; usually
+     * exactly one. New routes may demand more scopes in the future.
+     */
+    readonly requiredScopes: readonly string[];
+    constructor(message: string, requiredScopes: readonly string[]);
+}
+declare class MantyxToolError extends MantyxError {
+    readonly toolName: string;
+    constructor(toolName: string, message: string);
+}
+/**
+ * Optional triage attributes the runner attaches to terminal `error`
+ * events. Mirrors the wire fields described in
+ * `docs/agent-runs-protocol.md` §7 ("error event payload fields") so SDK
+ * callers can render structured UI status notes ("model truncated — JSON
+ * likely incomplete") and drive retry policy without re-parsing the
+ * human-readable `message`.
+ */
+interface MantyxRunErrorInit {
+    /**
+     * Canonical category of failure. One of `"rate_limit"`, `"overloaded"`,
+     * `"server"`, `"context_window"`, `"truncation"`, `"invalid_request"`,
+     * `"auth"`, `"timeout"`, `"local_timeout"`, `"upstream_deadline"`,
+     * `"unknown"`. New categories may land additively — callers should
+     * default-branch to `"unknown"` for unrecognized values.
+     */
+    errorClass?: string;
+    /**
+     * Canonical lowercase stop reason normalized across providers
+     * (`"max_tokens"`, `"refusal"`, `"malformed_function_call"`, …). When
+     * present, mirrors the value carried on the last `assistant_message`
+     * event preceding the failure.
+     */
+    finishReason?: string | null;
+    /**
+     * **Best-effort raw bytes** the model emitted before the failure. For
+     * `outputSchema` runs this is likely **incomplete JSON** that will
+     * fail `JSON.parse` — treat it as diagnostic data, never as a
+     * schema-conformant reply.
+     */
+    partialText?: string;
+    /**
+     * Coarse retry hint inherited from the pipeline's error classifier.
+     * Informational; the SDK still owns the actual retry decision.
+     */
+    retryable?: boolean;
+}
+declare class MantyxRunError extends MantyxError {
+    readonly runId: string;
+    readonly subtype: string;
+    /** See {@link MantyxRunErrorInit.errorClass}. */
+    readonly errorClass: string | undefined;
+    /** See {@link MantyxRunErrorInit.finishReason}. */
+    readonly finishReason: string | null | undefined;
+    /** See {@link MantyxRunErrorInit.partialText}. */
+    readonly partialText: string | undefined;
+    /** See {@link MantyxRunErrorInit.retryable}. */
+    readonly retryable: boolean | undefined;
+    constructor(runId: string, subtype: string, message: string, init?: MantyxRunErrorInit);
+}
+/**
+ * Thrown by {@link parseRunOutput} when the run's terminal text was supposed
+ * to be a JSON document (because `outputSchema` was set on the spec) but
+ * either failed to JSON.parse or failed the user-supplied validator.
+ *
+ * The original `text` is preserved on the `text` field so callers can log
+ * the raw model output for debugging.
+ */
+declare class MantyxParseError extends MantyxError {
+    readonly text: string;
+    constructor(message: string, text: string, opts?: {
+        cause?: unknown;
+    });
+}
+
+/**
+ * MANTYX OAuth 2.0 client: authorization-code exchange, refresh-token
+ * minting, client-credentials grant, and token revocation, plus typed
+ * {@link TokenSource}s that {@link MantyxClient} can consume to refresh
+ * access tokens transparently before they expire (and again on 401).
+ *
+ * The wire contract this implements is `docs/oauth.md` in the SDK monorepo:
+ *
+ * - Token endpoint: `POST <baseUrl>/api/oauth/token`, form-encoded.
+ * - Revoke endpoint: `POST <baseUrl>/api/oauth/revoke`, form-encoded.
+ * - Access tokens (`mantyx_at_…`) live 1 hour (`expires_in: 3600`).
+ * - Refresh tokens (`mantyx_rt_…`) are **persistent and non-rotating**:
+ *   `grant_type=refresh_token` echoes back the same value the client
+ *   sent. The caller persists the refresh token once at first sign-in
+ *   (encrypted at rest) and the SDK re-mints access tokens from it on
+ *   demand.
+ *
+ * See also `docs/oauth.md` for the authorization-code + PKCE consent
+ * flow (which the SDK does **not** drive — the calling app owns the
+ * redirect dance; once it has the auth code, `exchangeAuthorizationCode`
+ * swaps it for the initial `{access_token, refresh_token}` pair).
+ */
+
+declare const DEFAULT_OAUTH_BASE_URL = "https://app.mantyx.io";
+/** Skew (ms) before `expiresAt` at which a TokenSource will pre-emptively refresh. Default 60s. */
+declare const DEFAULT_REFRESH_SKEW_MS = 60000;
+/**
+ * Raised on a non-2xx response from `POST /api/oauth/token` or
+ * `POST /api/oauth/revoke`. Carries the RFC 6749 `error` discriminator
+ * (`"invalid_grant"`, `"invalid_client"`, `"unsupported_grant_type"`,
+ * …) and the optional `error_description` so callers can branch on
+ * machine-readable values without parsing the human message.
+ *
+ * `invalid_grant` from the refresh path specifically signals that the
+ * refresh token has been revoked (or the OAuth grant / application
+ * was deleted). The SDK never loops on this — callers should route
+ * the user back to a fresh sign-in.
+ */
+declare class MantyxOAuthError extends MantyxError {
+    readonly oauthError: string;
+    readonly oauthErrorDescription: string | undefined;
+    constructor(oauthError: string, oauthErrorDescription: string | undefined, status: number);
+}
+/**
+ * Decoded `POST /api/oauth/token` response, augmented with an absolute
+ * `expiresAt` timestamp the SDK can use to decide when to refresh.
+ *
+ * `refreshToken` is present on the initial `authorization_code` exchange
+ * and on subsequent `refresh_token` calls (where it is identical to the
+ * value the client just sent — refresh tokens never rotate). The
+ * `client_credentials` grant never returns one.
+ */
+interface OAuthToken {
+    readonly accessToken: string;
+    readonly refreshToken: string | undefined;
+    readonly tokenType: string;
+    readonly expiresIn: number;
+    /** Absolute Unix-ms timestamp set when the SDK parsed the response. */
+    readonly expiresAt: number;
+    readonly scope: string | undefined;
+}
+/** Why the SDK asked the {@link TokenSource} for the current access token. */
+type TokenRequestReason = "initial" | "expired" | "unauthorized";
+/**
+ * A `TokenSource` produces the current access token on demand. The
+ * {@link MantyxClient} HTTP layer calls it before every request. When
+ * called with `reason: "unauthorized"` the source MUST force a refresh
+ * (do not return a cached value); this is how the SDK recovers from
+ * 401s caused by a token that the server already invalidated.
+ *
+ * Implementations should be safe to call from many concurrent requests.
+ */
+type TokenSource = (reason?: TokenRequestReason) => Promise<string>;
+/** Caller-supplied options for `MantyxOAuthClient`. */
+interface MantyxOAuthClientOptions {
+    /**
+     * OAuth `client_id` issued at app registration (token prefix
+     * `mantyx_oa_`).
+     */
+    clientId: string;
+    /**
+     * OAuth `client_secret` issued at app registration (token prefix
+     * `mantyx_oas_`). Every MANTYX OAuth app is a confidential client,
+     * so this is always required for token + revoke calls. Treat as a
+     * deployment secret — do not bundle into browser builds.
+     */
+    clientSecret: string;
+    /**
+     * Origin of the MANTYX deployment. Defaults to `https://app.mantyx.io`.
+     * The OAuth endpoints are mounted at `<baseUrl>/api/oauth/...`.
+     */
+    baseUrl?: string;
+    /** Optional `fetch` override (e.g. node-fetch wrapper). Default: global `fetch`. */
+    fetch?: typeof fetch;
+    /** Default per-request timeout in milliseconds. Default: 30s. */
+    timeoutMs?: number;
+}
+interface ExchangeAuthorizationCodeOptions {
+    code: string;
+    redirectUri: string;
+    codeVerifier: string;
+}
+interface RefreshOptions {
+    refreshToken: string;
+    /**
+     * Optional scope narrowing. Must be a subset of the scopes already
+     * granted to the refresh token (server enforces this). Useful when
+     * an SDK consumer wants a short-scope access token for a specific
+     * sub-operation.
+     */
+    scope?: string | readonly string[];
+}
+interface ClientCredentialsOptions {
+    scope?: string | readonly string[];
+}
+interface RevokeOptions {
+    token: string;
+}
+interface RefreshTokenSourceOptions {
+    refreshToken: string;
+    /** Optional scope narrowing applied on every refresh. */
+    scope?: string | readonly string[];
+    /**
+     * How many ms before `expiresAt` the source proactively refreshes.
+     * Defaults to {@link DEFAULT_REFRESH_SKEW_MS} (60s).
+     */
+    refreshSkewMs?: number;
+    /**
+     * Optional initial access token + expiry to seed the source's cache
+     * with (e.g. the token already in hand from the authorization-code
+     * exchange). When omitted, the source mints one on the first call.
+     */
+    initialToken?: OAuthToken;
+}
+interface ClientCredentialsTokenSourceOptions {
+    scope?: string | readonly string[];
+    refreshSkewMs?: number;
+}
+/**
+ * Wraps the MANTYX OAuth 2.0 authorization-server endpoints. App-scoped
+ * (one per `{clientId, clientSecret}` pair); construct independently of
+ * {@link MantyxClient}, then either call its grant helpers directly or
+ * hand a `TokenSource` it produces to `MantyxClient` for fully
+ * transparent refresh.
+ */
+declare class MantyxOAuthClient {
+    readonly clientId: string;
+    readonly baseUrl: string;
+    private readonly clientSecret;
+    private readonly fetchImpl;
+    private readonly timeoutMs;
+    constructor(opts: MantyxOAuthClientOptions);
+    /**
+     * Swap an authorization-code + PKCE verifier for the initial
+     * `{access_token, refresh_token}` pair. Call this exactly once per
+     * sign-in after the browser/native redirect lands back on your
+     * `redirectUri` with a `code` parameter. Persist the returned
+     * `refreshToken` against the user record — it is long-lived and
+     * non-rotating per `docs/oauth.md` §"Token lifetimes & lifecycle".
+     */
+    exchangeAuthorizationCode(opts: ExchangeAuthorizationCodeOptions): Promise<OAuthToken>;
+    /**
+     * Mint a fresh access token from a stored refresh token. The
+     * returned `refreshToken` is identical to the input — the field is
+     * surfaced for symmetry with {@link exchangeAuthorizationCode} only.
+     *
+     * On `400 invalid_grant` the refresh token has been revoked (or its
+     * grant / app was deleted); the SDK surfaces a
+     * {@link MantyxOAuthError} and callers must drive a fresh sign-in.
+     */
+    refresh(opts: RefreshOptions): Promise<OAuthToken>;
+    /**
+     * Request a workspace-scoped access token without a user via the
+     * `client_credentials` grant. Available only on private OAuth apps
+     * that were registered with `allowsClientCredentials: true`. No
+     * refresh token is issued; re-call this method whenever a new
+     * access token is needed.
+     */
+    clientCredentials(opts?: ClientCredentialsOptions): Promise<OAuthToken>;
+    /**
+     * Revoke an access or refresh token (RFC 7009). The server always
+     * returns 200, even for unknown tokens. Revoking a **refresh**
+     * token kills the refresh and every live access token tied to its
+     * grant; revoking an **access** token kills only that one.
+     */
+    revoke(opts: RevokeOptions): Promise<void>;
+    /**
+     * Build a long-lived {@link TokenSource} that re-mints access
+     * tokens from the supplied refresh token. Pass the returned source
+     * to `new MantyxClient({ tokenSource, workspaceSlug, ... })`. The
+     * source caches the access token in-memory and refreshes
+     * proactively when the cached value is within `refreshSkewMs` of
+     * `expiresAt`, or eagerly when `MantyxClient` reports a 401.
+     */
+    refreshTokenSource(opts: RefreshTokenSourceOptions): TokenSource;
+    /**
+     * Build a long-lived {@link TokenSource} backed by the
+     * `client_credentials` grant. On every refresh the source re-mints
+     * a workspace-scoped access token by calling the token endpoint
+     * with `grant_type=client_credentials`. Available only on private
+     * apps with `allowsClientCredentials: true`.
+     */
+    clientCredentialsTokenSource(opts?: ClientCredentialsTokenSourceOptions): TokenSource;
+    /**
+     * POST `application/x-www-form-urlencoded` to `/api/oauth/token` and
+     * decode the {@link OAuthToken} response. Always injects `client_id`
+     * + `client_secret` from the constructor.
+     */
+    private token;
+    private formPost;
+}
+/**
+ * Generate a high-entropy PKCE `code_verifier` (RFC 7636 §4.1). The
+ * verifier is the raw secret you keep across the redirect; the
+ * `code_challenge` you send on `/api/oauth/authorize` is derived from
+ * it via {@link pkceChallenge}.
+ *
+ * Default length is 64 characters (≈ 384 bits of entropy after
+ * base64url-encoding the 32 random bytes). Pass `length` to clamp to
+ * the RFC's 43..128 inclusive range.
+ */
+declare function generatePkceVerifier(length?: number): string;
+/**
+ * Compute the PKCE `S256` `code_challenge` for a given verifier:
+ * `base64url(sha256(verifier))` with no padding (RFC 7636 §4.2).
+ */
+declare function pkceChallenge(verifier: string): string;
+
 /**
  * Public tool helpers for the MANTYX SDK.
  *
@@ -332,7 +672,64 @@ declare function isLocalMcpServer(t: ToolRef): t is LocalMcpServer;
 
 declare const DEFAULT_BASE_URL = "https://app.mantyx.io";
 interface MantyxClientOptions {
-    apiKey: string;
+    /**
+     * Workspace API key (token prefix `mantyx_`) **or** a MANTYX OAuth 2.0
+     * access token (token prefix `mantyx_at_`). The server resolves either
+     * kind by token-prefix, so the SDK uses a single credential code path.
+     *
+     * Prefer the {@link accessToken} alias when wiring up an OAuth-based
+     * application — the two options are semantically identical (the value
+     * is forwarded as `Authorization: Bearer <credential>`), but
+     * `accessToken` makes the intent obvious at the call site.
+     *
+     * Exactly one of `apiKey` / `accessToken` must be set. Passing both —
+     * even to the same value — throws `MantyxError` at construction time.
+     *
+     * See `docs/agent-runs-protocol.md` §2 for the full credential table
+     * (including which prefix means what, scope semantics, and the
+     * `insufficient_scope` 403 SDKs surface via
+     * {@link MantyxScopeError}).
+     */
+    apiKey?: string;
+    /**
+     * MANTYX OAuth 2.0 access token (token prefix `mantyx_at_…`). Exactly
+     * one of {@link apiKey} / `accessToken` / {@link tokenSource} must be
+     * set; passing more than one throws `MantyxError` at construction
+     * time.
+     *
+     * Functionally identical to {@link apiKey} — the SDK ships either
+     * value verbatim on `Authorization: Bearer <credential>` — but using
+     * the OAuth-specific name makes scope-driven applications easier to
+     * read.
+     *
+     * OAuth tokens additionally enforce per-route **scopes**
+     * (`runs:read`, `runs:write`, `sessions:read`, `sessions:write`,
+     * `models:read`, `mantyx.identity:read`); see
+     * `docs/agent-runs-protocol.md` §2.2 for the table. Missing scopes
+     * land as {@link MantyxScopeError} so callers can route the user
+     * back to a re-consent flow.
+     *
+     * Static `accessToken` values are 1-hour-lived per `docs/oauth.md`
+     * §"Token lifetimes & lifecycle" — for long-running processes
+     * prefer {@link tokenSource} so the SDK can refresh transparently.
+     */
+    accessToken?: string;
+    /**
+     * Dynamic credential provider. The SDK calls it before every request
+     * to obtain the current access token, and again with
+     * `reason: "unauthorized"` after a 401 so it can refresh and retry
+     * the request exactly once.
+     *
+     * Build one via `oauthClient.refreshTokenSource({ refreshToken })`
+     * or `oauthClient.clientCredentialsTokenSource()` — see
+     * [`./oauth.ts`](./oauth.ts) for the helpers, or pass any function
+     * matching the {@link TokenSource} signature for full custom
+     * control (e.g. tokens minted by an upstream auth proxy).
+     *
+     * Exactly one of {@link apiKey} / {@link accessToken} / `tokenSource`
+     * must be set.
+     */
+    tokenSource?: TokenSource;
     workspaceSlug: string;
     /** Defaults to `https://app.mantyx.io`. Override for self-hosted instances. */
     baseUrl?: string;
@@ -545,7 +942,34 @@ interface ThinkingDeltaEvent extends RunEventBase {
 }
 interface AssistantMessageEvent extends RunEventBase {
     type: "assistant_message";
+    /**
+     * Full assistant text for this turn (concatenation of every preceding
+     * `assistant_delta` for the turn, plus any non-streaming snapshot the
+     * engine appended at close). May be empty when the turn was tool-only.
+     */
     text: string;
+    /**
+     * 0-based tool-turn index this assistant message closes. Useful for
+     * SDK clients pairing the message with the subsequent `tool_result`
+     * rows.
+     */
+    turn?: number;
+    /**
+     * Canonical lowercase stop reason normalized across providers
+     * (`"end_turn"`, `"tool_use"`, `"max_tokens"`, `"refusal"`,
+     * `"malformed_function_call"`, …). `null` / omitted when the provider
+     * did not report one.
+     */
+    finishReason?: string | null;
+    /**
+     * Tool calls the model emitted on this turn. Omitted when the model
+     * did not call any tools.
+     */
+    toolCalls?: Array<{
+        id: string;
+        name: string;
+        input: Record<string, unknown>;
+    }>;
 }
 interface ServerToolResultEvent extends RunEventBase {
     type: "tool_result";
@@ -654,8 +1078,41 @@ interface ResultEvent extends RunEventBase {
 }
 interface ErrorEvent extends RunEventBase {
     type: "error";
+    /** Human-readable failure message. */
     error: string;
+    /**
+     * Legacy alias for {@link errorClass}. Equals `errorClass` when present;
+     * otherwise a small lowercase token (`"error"`, `"invalid_spec"`,
+     * `"worker_error"`, …).
+     */
     code?: string;
+    /**
+     * Canonical failure category. One of `"rate_limit"`, `"overloaded"`,
+     * `"server"`, `"context_window"`, `"truncation"`, `"invalid_request"`,
+     * `"auth"`, `"timeout"`, `"local_timeout"`, `"upstream_deadline"`,
+     * `"unknown"`. New categories may land additively. See
+     * `docs/agent-runs-protocol.md` §7 for the full list.
+     */
+    errorClass?: string;
+    /**
+     * Canonical lowercase stop reason normalized across providers
+     * (`"max_tokens"`, `"refusal"`, `"malformed_function_call"`, …). When
+     * present, mirrors the value on the last `assistant_message` event.
+     */
+    finishReason?: string | null;
+    /**
+     * **Best-effort raw bytes** the model emitted before the failure. For
+     * `outputSchema` runs this is likely **incomplete JSON** that will
+     * fail `JSON.parse` — see the wire-protocol truncation contract. Also
+     * persisted on `EphemeralAgentRun.finalText` so SDKs can recover it
+     * via `GET /agent-runs/:runId` after the SSE stream closes.
+     */
+    partialText?: string;
+    /**
+     * Coarse retry hint inherited from the pipeline's error classifier.
+     * Informational; the SDK still owns the actual retry decision.
+     */
+    retryable?: boolean;
 }
 interface CancelledEvent extends RunEventBase {
     type: "cancelled";
@@ -681,9 +1138,28 @@ interface SessionInfo {
     metadata: Record<string, string>;
 }
 declare class MantyxClient {
-    readonly options: Required<Pick<MantyxClientOptions, "apiKey" | "workspaceSlug" | "baseUrl">> & {
+    readonly options: Required<Pick<MantyxClientOptions, "workspaceSlug" | "baseUrl">> & {
+        /**
+         * Single resolved bearer credential — either a workspace API key
+         * (token prefix `mantyx_`) or an OAuth access token (`mantyx_at_…`).
+         * The SDK does not need to distinguish them on the wire; the value
+         * is forwarded verbatim on `Authorization: Bearer …`.
+         *
+         * Kept as `apiKey` (instead of e.g. `credential`) for backwards
+         * compatibility — older releases exposed it under this name.
+         *
+         * Empty string when a {@link tokenSource} is configured — every
+         * request resolves the bearer from the source instead.
+         */
+        apiKey: string;
         fetch: typeof fetch;
         timeoutMs: number;
+        /**
+         * Dynamic credential provider when constructed with
+         * `tokenSource` — see {@link MantyxClientOptions.tokenSource}.
+         * `null` for static `apiKey` / `accessToken` clients.
+         */
+        tokenSource: TokenSource | null;
     };
     constructor(opts: MantyxClientOptions);
     listModels(): Promise<ModelCatalog>;
@@ -719,6 +1195,26 @@ declare class MantyxClient {
     }): Promise<void>;
     cancelRun(runId: string): Promise<void>;
     private absoluteUrl;
+    /**
+     * Resolve the bearer credential to send on the next request. With a
+     * static `apiKey` / `accessToken` this is a synchronous reach into
+     * `options.apiKey`; with a {@link TokenSource} it delegates so the
+     * source can refresh expired access tokens before we hit the wire.
+     *
+     * The `reason` is forwarded to the source verbatim. Pass
+     * `"unauthorized"` immediately after a 401 so the source forces a
+     * refresh rather than handing back its (now-invalid) cached value.
+     */
+    private resolveBearer;
+    /**
+     * Open an SSE stream against `reqUrl` with at-most-one refresh +
+     * retry on 401. The caller is responsible for the subsequent
+     * `readSseStream` loop; this helper only handles the initial GET.
+     * Mid-stream 401s propagate as `MantyxNetworkError` from the read
+     * loop and trigger a reconnect via the outer `while` in
+     * {@link streamRunEvents}.
+     */
+    private openSseStream;
     private authHeaders;
     request<T>(args: {
         method: string;
@@ -726,6 +1222,7 @@ declare class MantyxClient {
         body?: unknown;
         timeoutMs?: number;
     }): Promise<T>;
+    private requestWithRetry;
     private errorFromResponse;
 }
 declare class AgentSession {
@@ -822,4 +1319,4 @@ interface LocalHandlers {
  */
 declare function parseRunOutput<T = unknown>(result: RunResult, validator?: (value: unknown) => T): T;
 
-export { mantyxMcp as $, type A2AToolRef as A, type RunEventBase as B, type CancelledEvent as C, DEFAULT_BASE_URL as D, type ErrorEvent as E, type RunResult as F, type RunSpec as G, type SessionInfo as H, type SessionSpec as I, type ThinkingDeltaEvent as J, type ToolBudget as K, type LocalA2ATool as L, MantyxClient as M, type ToolBudgetExceededEvent as N, type OutputSchema as O, type ToolBudgets as P, defineLocalA2A as Q, type ReasoningLevel as R, type ServerToolResultEvent as S, type ToolRef as T, defineLocalMcp as U, defineLocalTool as V, isLocalA2ATool as W, isLocalMcpServer as X, isLocalTool as Y, type ZodLikeObject as Z, mantyxA2A as _, AgentSession as a, mantyxPluginTool as a0, mantyxTool as a1, parseRunOutput as a2, type AgentSpecBase as b, type AssistantDeltaEvent as c, type AssistantMessageEvent as d, type DefineLocalA2AOptions as e, type DefineLocalMcpOptions as f, type DefineLocalToolOptions as g, type LocalHandlers as h, type LocalMcpHttpTransport as i, type LocalMcpServer as j, type LocalMcpStdioTransport as k, type LocalTool as l, type LocalToolCallEvent as m, type LocalToolResultInEvent as n, type LoopDetectedEvent as o, type LoopDetection as p, type MantyxA2AOptions as q, type MantyxClientOptions as r, type MantyxMcpOptions as s, type MantyxPluginToolRef as t, type MantyxToolRef as u, type McpToolRef as v, type ModelCatalog as w, type ModelInfo as x, type ResultEvent as y, type RunEvent as z };
+export { type RevokeOptions as $, type A2AToolRef as A, MantyxNetworkError as B, type CancelledEvent as C, DEFAULT_BASE_URL as D, type ErrorEvent as E, MantyxOAuthClient as F, type MantyxOAuthClientOptions as G, MantyxOAuthError as H, MantyxParseError as I, type MantyxPluginToolRef as J, MantyxRunError as K, type LocalA2ATool as L, MantyxClient as M, type MantyxRunErrorInit as N, MantyxScopeError as O, MantyxToolError as P, type MantyxToolRef as Q, type ReasoningLevel as R, type McpToolRef as S, type ToolRef as T, type ModelCatalog as U, type ModelInfo as V, type OAuthToken as W, type OutputSchema as X, type RefreshOptions as Y, type RefreshTokenSourceOptions as Z, type ResultEvent as _, AgentSession as a, type RunEvent as a0, type RunEventBase as a1, type RunResult as a2, type RunSpec as a3, type ServerToolResultEvent as a4, type SessionInfo as a5, type SessionSpec as a6, type ThinkingDeltaEvent as a7, type TokenRequestReason as a8, type TokenSource as a9, type ToolBudget as aa, type ToolBudgetExceededEvent as ab, type ToolBudgets as ac, type ZodLikeObject as ad, defineLocalA2A as ae, defineLocalMcp as af, defineLocalTool as ag, generatePkceVerifier as ah, isLocalA2ATool as ai, isLocalMcpServer as aj, isLocalTool as ak, mantyxA2A as al, mantyxMcp as am, mantyxPluginTool as an, mantyxTool as ao, parseRunOutput as ap, pkceChallenge as aq, type AgentSpecBase as b, type AssistantDeltaEvent as c, type AssistantMessageEvent as d, type ClientCredentialsOptions as e, type ClientCredentialsTokenSourceOptions as f, DEFAULT_OAUTH_BASE_URL as g, DEFAULT_REFRESH_SKEW_MS as h, type DefineLocalA2AOptions as i, type DefineLocalMcpOptions as j, type DefineLocalToolOptions as k, type ExchangeAuthorizationCodeOptions as l, type LocalHandlers as m, type LocalMcpHttpTransport as n, type LocalMcpServer as o, type LocalMcpStdioTransport as p, type LocalTool as q, type LocalToolCallEvent as r, type LocalToolResultInEvent as s, type LoopDetectedEvent as t, type LoopDetection as u, type MantyxA2AOptions as v, MantyxAuthError as w, type MantyxClientOptions as x, MantyxError as y, type MantyxMcpOptions as z };