@neta-art/cohub 1.2.1 → 1.3.0

package/dist/apis/explore.d.ts

@@ -0,0 +1,9 @@
+import type { ExploreSpaceItem } from "../types.js";
+import type { HttpTransport } from "../transport.js";
+export declare class ExploreApi {
+    private readonly transport;
+    constructor(transport: HttpTransport);
+    spaces(): Promise<{
+        spaces: ExploreSpaceItem[];
+    }>;
+}

package/dist/apis/explore.js

@@ -0,0 +1,9 @@
+export class ExploreApi {
+    transport;
+    constructor(transport) {
+        this.transport = transport;
+    }
+    spaces() {
+        return this.transport.request("/api/explore/spaces");
+    }
+}

package/dist/apis/spaces.d.ts

@@ -1,24 +1,27 @@
+import type { SpacePublicEndpoints } from "@neta-art/cohub-protocol/ports";
 import type { WebsocketClient, WebsocketEventPayload } from "../websocket.js";
 import type { HttpTransport, Fetch } from "../transport.js";
 import { type SessionPatchApplyResult } from "../session-patch-reducer.js";
-import type { CheckpointRecord, ContentBlock, SessionMessageResponse, SessionMessagesPaginatedResponse, SessionMessagesResponse, SessionRecord, SpaceAccessPolicy, SpaceBootstrapSource, SpaceChannelBindingInput, SpaceCheckpointDetailResponse, SpaceCreateResponse, SpaceEnvInput, SpaceFsFileResponse, SpaceFsMoveInput, SpaceFsTreeResponse, SpaceFsUploadResponse, SpaceUsageResponse, SpaceFsWriteFileInput, SpaceMember, SpaceRecord, SpaceRole, SpaceSessionsResponse } from "../types.js";
+import type { CheckpointRecord, ContentBlock, SessionMessageResponse, SessionMessagesPaginatedResponse, SessionMessagesResponse, SessionTurnResponse, SessionTurnIndexResponse, SessionTurnWindowResponse, SessionTurnsPaginatedResponse, SessionTurnSignedUrlsResponse, SessionRecord, SpaceAccessPolicy, SpaceBootstrapSource, SpaceChannelBindingInput, SpaceCheckpointDetailResponse, SpaceCreateResponse, SpaceEnvInput, SpaceFsFileResponse, SpaceFsMoveInput, SpaceFsTreeResponse, SpaceFsUploadResponse, SpaceUsageResponse, SpaceFsWriteFileInput, SpaceMarkKind, SpaceMarkListItem, SpaceMarkResourceType, SpaceMember, SpaceRecord, SpaceRole, SpaceSessionsResponse } from "../types.js";
 import { SpaceInvitationsApi } from "./invitations.js";
 export type SessionSubscriptionHandlers = {
     patch?: (event: WebsocketEventPayload) => void;
     patchState?: (result: SessionPatchApplyResult) => void;
+    snapshot?: (event: WebsocketEventPayload) => void;
     progress?: (event: WebsocketEventPayload) => void;
     final?: (event: WebsocketEventPayload) => void;
+    turnUpdated?: (event: WebsocketEventPayload) => void;
+    turnFinalized?: (event: WebsocketEventPayload) => void;
     error?: (event: WebsocketEventPayload) => void;
     persisted?: (event: WebsocketEventPayload) => void;
     event?: (event: WebsocketEventPayload) => void;
 };
-export type SessionEventName = "turn.patch" | "turn.progress" | "turn.final" | "turn.error" | "message.persisted";
-export type SpaceEventName = SessionEventName | "event";
+export type SessionEventName = "turn.patch" | "turn.snapshot" | "turn.progress" | "turn.final" | "turn.updated" | "turn.error" | "message.persisted";
+export type SpaceEventName = SessionEventName | "ports.changed" | "event";
 type SessionSendMessageInput = {
     content: ContentBlock[];
     model?: string;
     provider?: string;
-    clientMessageId?: string;
 };
 export declare class SpacesApi {
     private readonly transport;
@@ -40,7 +43,16 @@ export declare class SpaceFilesApi {
     constructor(transport: HttpTransport, spaceId: string);
     list(path?: string, customFetch?: Fetch): Promise<SpaceFsTreeResponse>;
     read(path: string, customFetch?: Fetch): Promise<SpaceFsFileResponse>;
+    /**
+     * Build a direct download URL. For private files, prefer `download()` so the
+     * SDK can attach authorization headers.
+     */
     getDownloadUrl(path: string): string;
+    download(path: string, customFetch?: Fetch): Promise<{
+        blob: Blob;
+        filename: string;
+        mimeType: string;
+    }>;
     write(input: SpaceFsWriteFileInput): Promise<{
         ok: true;
         path: string;
@@ -83,8 +95,31 @@ declare class SessionMessagesClient {
     send(input: SessionSendMessageInput): Promise<{
         ok: true;
         userMessageId: string;
+        turnId: string;
     }>;
 }
+declare class SessionTurnsClient {
+    private readonly transport;
+    private readonly sessionId;
+    constructor(transport: HttpTransport, sessionId: string);
+    listPaginated(options?: {
+        cursor?: number;
+        limit?: number;
+        direction?: "older" | "newer";
+    }, customFetch?: Fetch): Promise<SessionTurnsPaginatedResponse>;
+    index(options?: {
+        cursor?: number;
+        limit?: number;
+    }, customFetch?: Fetch): Promise<SessionTurnIndexResponse>;
+    window(options: {
+        sequence?: number;
+        turnId?: string;
+        before?: number;
+        after?: number;
+    }, customFetch?: Fetch): Promise<SessionTurnWindowResponse>;
+    get(turnId: string, customFetch?: Fetch): Promise<SessionTurnResponse>;
+    signedUrls(turnId: string, objectKeys: string[]): Promise<SessionTurnSignedUrlsResponse>;
+}
 declare class SessionRealtimeClient {
     private readonly websocketClient;
     private readonly spaceId;
@@ -99,6 +134,7 @@ export declare class SessionClient {
     readonly id: string;
     private readonly transport;
     readonly messages: SessionMessagesClient;
+    readonly turns: SessionTurnsClient;
     readonly realtime: SessionRealtimeClient;
     constructor(spaceId: string, id: string, transport: HttpTransport, websocketClient: WebsocketClient | null);
     get(customFetch?: Fetch): Promise<{
@@ -215,6 +251,52 @@ export declare class SpaceEnvApi {
         env: SpaceEnvInput[];
     }>;
 }
+export type SpaceSandboxRecord = {
+    status: string | null;
+    podName?: string | null;
+    desiredImage?: string | null;
+    reportedImageVersion?: string | null;
+    lastHeartbeatAt?: string | null;
+    reportedAt?: string | null;
+    meta?: Record<string, unknown> | null;
+};
+export declare class SpaceSandboxApi {
+    private readonly transport;
+    private readonly spaceId;
+    constructor(transport: HttpTransport, spaceId: string);
+    get(): Promise<{
+        sandbox: SpaceSandboxRecord | null;
+    }>;
+    ports(): Promise<{
+        endpoints: SpacePublicEndpoints;
+    }>;
+    recreate(): Promise<{
+        ok: boolean;
+        status?: string;
+        verified?: boolean;
+        checks?: Record<string, boolean> | null;
+        message?: string;
+    }>;
+}
+export declare class SpaceMarksApi {
+    private readonly transport;
+    private readonly spaceId;
+    constructor(transport: HttpTransport, spaceId: string);
+    list(kind?: SpaceMarkKind): Promise<{
+        marks: SpaceMarkListItem[];
+    }>;
+    create(input: {
+        kind?: SpaceMarkKind;
+        resourceType: SpaceMarkResourceType;
+        resourceRef: string;
+        label?: string | null;
+    }): Promise<{
+        mark: SpaceMarkListItem;
+    }>;
+    delete(markId: string): Promise<{
+        ok: true;
+    }>;
+}
 export declare class SpaceCheckpointsApi {
     private readonly transport;
     private readonly spaceId;
@@ -240,12 +322,20 @@ export declare class SpaceClient {
     readonly usage: SpaceUsageApi;
     readonly channels: SpaceChannelsApi;
     readonly env: SpaceEnvApi;
+    readonly sandbox: SpaceSandboxApi;
     readonly invitations: SpaceInvitationsApi;
+    readonly marks: SpaceMarksApi;
     constructor(id: string, transport: HttpTransport, websocketClient: WebsocketClient | null);
     get(customFetch?: Fetch): Promise<SpaceRecord>;
     rename(name: string): Promise<{
         space: SpaceRecord;
     }>;
+    profile(body: {
+        description?: string | null;
+        pictureUrl?: string | null;
+    }): Promise<{
+        space: SpaceRecord;
+    }>;
     session(sessionId: string): SessionClient;
     subscribe(handler: (event: WebsocketEventPayload) => void): () => void;
     on(type: SpaceEventName, handler: (event: WebsocketEventPayload) => void): () => void;

package/dist/apis/spaces.js

@@ -2,14 +2,35 @@ import { ensureRealtimeConnected } from "../realtime.js";
 import { SessionPatchReducer, } from "../session-patch-reducer.js";
 import { SpaceInvitationsApi } from "./invitations.js";
 const DEFAULT_DEDUP_WINDOW_MS = 2000;
+const getFilenameFromContentDisposition = (value) => {
+    if (!value)
+        return null;
+    const encodedMatch = value.match(/filename\*=UTF-8''([^;]+)/i);
+    if (encodedMatch?.[1]) {
+        try {
+            return decodeURIComponent(encodedMatch[1]);
+        }
+        catch {
+            return encodedMatch[1];
+        }
+    }
+    const plainMatch = value.match(/filename="?([^";]+)"?/i);
+    return plainMatch?.[1] ?? null;
+};
 const toSessionEventName = (type) => {
     switch (type) {
         case "session.turn.patch":
             return "turn.patch";
+        case "session.turn.snapshot":
+            return "turn.snapshot";
         case "session.turn.progress":
             return "turn.progress";
         case "session.turn.error":
             return "turn.error";
+        case "session.turn.updated":
+            return "turn.updated";
+        case "session.turn.finalized":
+            return "turn.final";
         case "session.message.persisted":
             return "message.persisted";
         default:
@@ -23,7 +44,16 @@ const isAssistantFinalPersistedEvent = (event) => {
     if (!message || typeof message !== "object")
         return false;
     const record = message;
-    return record.role === "assistant" && record.meta?.messageKind === "assistant_final";
+    return record.role === "assistant" && (record.meta?.messageKind === "assistant_final" || record.meta?.messageKind === "assistant_error");
+};
+const isAssistantIntermediatePersistedEvent = (event) => {
+    if (event.type !== "session.message.persisted")
+        return false;
+    const message = event.payload.message;
+    if (!message || typeof message !== "object")
+        return false;
+    const record = message;
+    return record.role === "assistant" && record.meta?.messageKind === "assistant_intermediate";
 };
 const getPersistedMessageTurnId = (event) => {
     if (event.type !== "session.message.persisted")
@@ -79,10 +109,26 @@ export class SpaceFilesApi {
         const params = new URLSearchParams({ path });
         return this.transport.request(`/api/spaces/${this.spaceId}/fs/file?${params.toString()}`, { fetch: customFetch });
     }
+    /**
+     * Build a direct download URL. For private files, prefer `download()` so the
+     * SDK can attach authorization headers.
+     */
     getDownloadUrl(path) {
         const params = new URLSearchParams({ path });
         return `/api/spaces/${this.spaceId}/fs/download?${params.toString()}`;
     }
+    async download(path, customFetch) {
+        const params = new URLSearchParams({ path });
+        const raw = await this.transport.raw(`/api/spaces/${this.spaceId}/fs/download?${params.toString()}`, { fetch: customFetch });
+        const blob = await raw.blob();
+        const filename = getFilenameFromContentDisposition(raw.response.headers.get("content-disposition")) ??
+            path.split("/").pop() ??
+            "download";
+        const mimeType = raw.response.headers.get("content-type") ??
+            blob.type ??
+            "application/octet-stream";
+        return { blob, filename, mimeType };
+    }
     write(input) {
         return this.transport.request(`/api/spaces/${this.spaceId}/fs/file`, {
             method: "PUT",
@@ -183,11 +229,61 @@ class SessionMessagesClient {
                 content: input.content,
                 model: input.model,
                 provider: input.provider,
-                clientMessageId: input.clientMessageId,
             }),
         });
     }
 }
+class SessionTurnsClient {
+    transport;
+    sessionId;
+    constructor(transport, sessionId) {
+        this.transport = transport;
+        this.sessionId = sessionId;
+    }
+    listPaginated(options, customFetch) {
+        const params = new URLSearchParams();
+        if (options?.cursor !== undefined)
+            params.set("cursor", String(options.cursor));
+        if (options?.limit !== undefined)
+            params.set("limit", String(options.limit));
+        if (options?.direction)
+            params.set("direction", options.direction);
+        const query = params.toString();
+        return this.transport.request(`/api/sessions/${this.sessionId}/turns${query ? `?${query}` : ""}`, { fetch: customFetch });
+    }
+    index(options, customFetch) {
+        const params = new URLSearchParams();
+        if (options?.cursor !== undefined)
+            params.set("cursor", String(options.cursor));
+        if (options?.limit !== undefined)
+            params.set("limit", String(options.limit));
+        const query = params.toString();
+        return this.transport.request(`/api/sessions/${this.sessionId}/turns/index${query ? `?${query}` : ""}`, { fetch: customFetch });
+    }
+    window(options, customFetch) {
+        const params = new URLSearchParams();
+        if (options.sequence !== undefined)
+            params.set("sequence", String(options.sequence));
+        if (options.turnId)
+            params.set("turnId", options.turnId);
+        if (options.before !== undefined)
+            params.set("before", String(options.before));
+        if (options.after !== undefined)
+            params.set("after", String(options.after));
+        const query = params.toString();
+        return this.transport.request(`/api/sessions/${this.sessionId}/turns/window${query ? `?${query}` : ""}`, { fetch: customFetch });
+    }
+    get(turnId, customFetch) {
+        return this.transport.request(`/api/sessions/${this.sessionId}/turns/${turnId}`, { fetch: customFetch });
+    }
+    signedUrls(turnId, objectKeys) {
+        return this.transport.request(`/api/sessions/${this.sessionId}/turns/${turnId}/signed-urls`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ objectKeys }),
+        });
+    }
+}
 class SessionRealtimeClient {
     websocketClient;
     spaceId;
@@ -229,6 +325,8 @@ class SessionRealtimeClient {
                     }
                 }
             }
+            if (eventName === "turn.snapshot")
+                handlers.snapshot?.(event);
             if (eventName === "turn.progress")
                 handlers.progress?.(event);
             if (eventName === "turn.error") {
@@ -238,8 +336,26 @@ class SessionRealtimeClient {
                 });
                 handlers.error?.(event);
             }
-            if (eventName === "message.persisted")
+            if (eventName === "message.persisted") {
                 handlers.persisted?.(event);
+                if (isAssistantIntermediatePersistedEvent(event)) {
+                    this.patchReducer.reset({
+                        spaceId: this.spaceId,
+                        sessionId: this.sessionId,
+                    });
+                }
+            }
+            if (eventName === "turn.updated")
+                handlers.turnUpdated?.(event);
+            if (eventName === "turn.final") {
+                this.patchReducer.complete({
+                    spaceId: this.spaceId,
+                    sessionId: this.sessionId,
+                    turnId: typeof event.payload.turn === "object" && event.payload.turn && "id" in event.payload.turn ? String(event.payload.turn.id) : null,
+                });
+                handlers.turnFinalized?.(event);
+                handlers.final?.(event);
+            }
             if (isAssistantFinalPersistedEvent(event)) {
                 this.patchReducer.complete({
                     spaceId: this.spaceId,
@@ -269,12 +385,14 @@ export class SessionClient {
     id;
     transport;
     messages;
+    turns;
     realtime;
     constructor(spaceId, id, transport, websocketClient) {
         this.spaceId = spaceId;
         this.id = id;
         this.transport = transport;
         this.messages = new SessionMessagesClient(transport, id);
+        this.turns = new SessionTurnsClient(transport, id);
         this.realtime = new SessionRealtimeClient(websocketClient, spaceId, id);
     }
     get(customFetch) {
@@ -355,6 +473,10 @@ export class SpaceEventsApi {
                 handler(event);
                 return;
             }
+            if (type === "ports.changed" && event.type === "space.ports.changed") {
+                handler(event);
+                return;
+            }
             if (type === "turn.final" && isAssistantFinalPersistedEvent(event)) {
                 handler(event);
                 return;
@@ -468,6 +590,47 @@ export class SpaceEnvApi {
         return this.transport.request(`/api/spaces/${this.spaceId}/env/${encodeURIComponent(name)}`, { method: "DELETE" });
     }
 }
+export class SpaceSandboxApi {
+    transport;
+    spaceId;
+    constructor(transport, spaceId) {
+        this.transport = transport;
+        this.spaceId = spaceId;
+    }
+    get() {
+        return this.transport.request(`/api/spaces/${this.spaceId}/sandbox`);
+    }
+    ports() {
+        return this.transport.request(`/api/spaces/${this.spaceId}/sandbox/ports`);
+    }
+    recreate() {
+        return this.transport.request(`/api/spaces/${this.spaceId}/sandbox/recreate`, {
+            method: "POST",
+        });
+    }
+}
+export class SpaceMarksApi {
+    transport;
+    spaceId;
+    constructor(transport, spaceId) {
+        this.transport = transport;
+        this.spaceId = spaceId;
+    }
+    list(kind = "pin") {
+        const params = new URLSearchParams({ kind });
+        return this.transport.request(`/api/spaces/${this.spaceId}/marks?${params.toString()}`);
+    }
+    create(input) {
+        return this.transport.request(`/api/spaces/${this.spaceId}/marks`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ kind: "pin", ...input }),
+        });
+    }
+    delete(markId) {
+        return this.transport.request(`/api/spaces/${this.spaceId}/marks/${markId}`, { method: "DELETE" });
+    }
+}
 export class SpaceCheckpointsApi {
     transport;
     spaceId;
@@ -501,7 +664,9 @@ export class SpaceClient {
     usage;
     channels;
     env;
+    sandbox;
     invitations;
+    marks;
     constructor(id, transport, websocketClient) {
         this.id = id;
         this.transport = transport;
@@ -514,7 +679,9 @@ export class SpaceClient {
         this.usage = new SpaceUsageApi(transport, id);
         this.channels = new SpaceChannelsApi(transport, id);
         this.env = new SpaceEnvApi(transport, id);
+        this.sandbox = new SpaceSandboxApi(transport, id);
         this.invitations = new SpaceInvitationsApi(transport, id);
+        this.marks = new SpaceMarksApi(transport, id);
     }
     get(customFetch) {
         return this.transport.request(`/api/spaces/${this.id}`, {
@@ -530,6 +697,13 @@ export class SpaceClient {
             body: JSON.stringify({ name }),
         });
     }
+    profile(body) {
+        return this.transport.request(`/api/spaces/${this.id}/profile`, {
+            method: "PATCH",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify(body),
+        });
+    }
     session(sessionId) {
         return new SessionClient(this.id, sessionId, this.transport, this.websocketClient);
     }

package/dist/apis/user.d.ts

@@ -1,5 +1,5 @@
 import { type HttpTransport, type Fetch } from "../transport.js";
-import type { UserSshKey } from "../types.js";
+import type { UserRulesResponse, UserSshKey } from "../types.js";
 export declare class UserApi {
     private readonly transport;
     private readonly transportBaseUrl;
@@ -7,6 +7,7 @@ export declare class UserApi {
     private readonly clearStoredAuthToken?;
     constructor(transport: HttpTransport, transportBaseUrl: string, setStoredAuthToken?: ((token: string) => void) | undefined, clearStoredAuthToken?: (() => void) | undefined);
     getMe(customFetch?: Fetch): Promise<unknown>;
+    getRules(customFetch?: Fetch): Promise<UserRulesResponse>;
     setAuthToken(token: string): Promise<any>;
     clearAuthToken(): Promise<null>;
     getSshKeys(customFetch?: Fetch): Promise<UserSshKey[]>;

package/dist/apis/user.js

@@ -13,6 +13,12 @@ export class UserApi {
     getMe(customFetch) {
         return this.transport.request("/api/me", { fetch: customFetch });
     }
+    getRules(customFetch) {
+        return this.transport.request("/api/me/rules", {
+            method: "GET",
+            fetch: customFetch,
+        });
+    }
     async setAuthToken(token) {
         const trimmedToken = token.trim();
         const response = await fetch(this.transportBaseUrl ? `${this.transportBaseUrl}/api/me` : "/api/me", {

package/dist/client.d.ts

@@ -1,5 +1,6 @@
 import { ChannelsApi } from "./apis/channels.js";
 import { CronJobsApi } from "./apis/cron-jobs.js";
+import { ExploreApi } from "./apis/explore.js";
 import { ModelsApi } from "./apis/models.js";
 import { PromptsApi } from "./apis/prompts.js";
 import { SessionAccessApi } from "./apis/session-access.js";
@@ -17,6 +18,7 @@ export declare class CohubClient {
     readonly sessionAccess: SessionAccessApi;
     readonly tasks: TasksApi;
     readonly cronJobs: CronJobsApi;
+    readonly explore: ExploreApi;
     readonly invite: PublicInviteApi;
     private readonly transport;
     private readonly websocketClient;

package/dist/client.js

@@ -1,5 +1,6 @@
 import { ChannelsApi } from "./apis/channels.js";
 import { CronJobsApi } from "./apis/cron-jobs.js";
+import { ExploreApi } from "./apis/explore.js";
 import { ModelsApi } from "./apis/models.js";
 import { PromptsApi } from "./apis/prompts.js";
 import { SessionAccessApi } from "./apis/session-access.js";
@@ -19,6 +20,7 @@ export class CohubClient {
     sessionAccess;
     tasks;
     cronJobs;
+    explore;
     invite;
     transport;
     websocketClient;
@@ -41,6 +43,7 @@ export class CohubClient {
         this.sessionAccess = new SessionAccessApi(this.transport);
         this.tasks = new TasksApi(this.transport);
         this.cronJobs = new CronJobsApi(this.transport);
+        this.explore = new ExploreApi(this.transport);
         this.invite = new PublicInviteApi(this.transport);
     }
     space(spaceId) {

package/dist/index.d.ts

@@ -3,6 +3,7 @@ export { CohubClient, createCohubClient } from "./client.js";
 export { WebsocketClient, createWebsocketClient } from "./websocket.js";
 export { SessionPatchReducer, createSessionPatchReducer } from "./session-patch-reducer.js";
 export { HttpError } from "./transport.js";
+export type { RawHttpResponse } from "./transport.js";
 export { COHUB_ENVIRONMENTS, normalizeBaseUrl, normalizeWebsocketUrl, resolveApiBaseUrl, resolveCohubEnvironment, resolveWebsocketUrl, } from "./environment.js";
 export type { CohubClientOptions, Fetch } from "./transport.js";
 export type { CohubEnvironment } from "./environment.js";

package/dist/session-patch-reducer.d.ts

@@ -38,6 +38,9 @@ export declare class SessionPatchReducer {
     private key;
     get(input: SessionPatchKeyInput): SessionPatchState;
     start(input: SessionPatchKeyInput): SessionPatchState;
+    replaceTurnId(input: SessionPatchKeyInput & {
+        nextTurnId: string | null;
+    }): SessionPatchState;
     complete(input: SessionPatchKeyInput): SessionPatchState;
     fail(input: SessionPatchKeyInput): SessionPatchState;
     reset(input: SessionPatchKeyInput): void;

package/dist/session-patch-reducer.js

@@ -177,12 +177,21 @@ export class SessionPatchReducer {
             contentBlocks: [],
             anchorUserMessageId: null,
             patchSeq: 0,
-            turnId: null,
+            turnId: input.turnId ?? null,
             appendPath: null,
         };
         this.states.set(this.key(input), state);
         return state;
     }
+    replaceTurnId(input) {
+        const current = this.get(input);
+        const state = {
+            ...current,
+            turnId: input.nextTurnId,
+        };
+        this.states.set(this.key(input), state);
+        return state;
+    }
     complete(input) {
         const current = this.get(input);
         const state = {
@@ -231,6 +240,11 @@ export class SessionPatchReducer {
         const isDifferentKnownTurn = Boolean(currentTurnId && inputTurnId && currentTurnId !== inputTurnId);
         const isFreshKnownTurn = isDifferentKnownTurn && input.baseSeq === 0;
         const currentSeq = isFreshKnownTurn ? 0 : current.patchSeq;
+        const isSameTurnKeyframe = Boolean(currentTurnId &&
+            inputTurnId &&
+            currentTurnId === inputTurnId &&
+            input.baseSeq === 0 &&
+            input.seq >= currentSeq);
         const isTerminalSameTurn = (current.status === "completed" || current.status === "failed") &&
             Boolean(currentTurnId) &&
             currentTurnId === inputTurnId;
@@ -240,13 +254,13 @@ export class SessionPatchReducer {
         if (isDifferentKnownTurn && !isFreshKnownTurn) {
             return { applied: false, reason: "version_mismatch", state: current };
         }
-        if (input.seq <= currentSeq) {
+        if (!isSameTurnKeyframe && input.seq <= currentSeq) {
             return { applied: false, reason: "duplicate", state: current };
         }
-        if (input.baseSeq !== currentSeq) {
+        if (!isSameTurnKeyframe && input.baseSeq !== currentSeq) {
             return { applied: false, reason: "version_mismatch", state: current };
         }
-        const startingFresh = input.baseSeq === 0 || isFreshKnownTurn;
+        const startingFresh = input.baseSeq === 0 || isFreshKnownTurn || isSameTurnKeyframe;
         const baseBlocks = startingFresh ? [] : current.contentBlocks;
         const patched = applyPatchOpsToBlocks(baseBlocks, input.ops, startingFresh ? null : current.appendPath);
         if (patched.failed) {

package/dist/transport.d.ts

@@ -1,6 +1,15 @@
 import type { CohubEnvironment } from "./environment.js";
 import type { WebsocketClientOptions } from "./websocket.js";
 export type Fetch = typeof globalThis.fetch;
+type RequestInitWithFetch = RequestInit & {
+    fetch?: Fetch;
+};
+export type RawHttpResponse = {
+    response: Response;
+    blob(): Promise<Blob>;
+    arrayBuffer(): Promise<ArrayBuffer>;
+    text(): Promise<string>;
+};
 export type CohubClientOptions = {
     env?: CohubEnvironment;
     baseUrl?: string;
@@ -23,7 +32,9 @@ export declare class HttpTransport {
     private readonly onUnauthorized?;
     constructor(options?: CohubClientOptions);
     private withAuthorization;
-    request<T>(path: string, init?: RequestInit & {
-        fetch?: Fetch;
-    }): Promise<T>;
+    private send;
+    request<T>(path: string, init?: RequestInitWithFetch): Promise<T>;
+    raw(path: string, init?: RequestInitWithFetch): Promise<RawHttpResponse>;
+    blob(path: string, init?: RequestInitWithFetch): Promise<Blob>;
 }
+export {};

package/dist/transport.js

@@ -1,4 +1,11 @@
 import { resolveApiBaseUrl } from "./environment.js";
+const responseBodyForError = async (response) => {
+    const contentType = response.headers.get("content-type") ?? "";
+    return contentType.includes("application/json")
+        ? await response.json().catch(() => null)
+        : await response.text().catch(() => response.statusText);
+};
+const messageFromErrorBody = (body, fallback) => typeof body === "string" ? body : JSON.stringify(body ?? null) || fallback;
 export class HttpError extends Error {
     status;
     body;
@@ -34,7 +41,7 @@ export class HttpTransport {
             headers,
         };
     }
-    async request(path, init) {
+    async send(path, init) {
         const fetcher = init?.fetch ?? this.fetcher;
         const url = this.baseUrl ? `${this.baseUrl}${path}` : path;
         const response = await fetcher(url, await this.withAuthorization(init));
@@ -43,16 +50,29 @@ export class HttpTransport {
             throw new HttpError("unauthorized", 401, null);
         }
         if (!response.ok) {
-            const contentType = response.headers.get("content-type") ?? "";
-            const body = contentType.includes("application/json")
-                ? await response.json().catch(() => null)
-                : await response.text().catch(() => response.statusText);
-            const message = typeof body === "string" ? body : JSON.stringify(body ?? null);
-            throw new HttpError(message || response.statusText, response.status, body);
+            const body = await responseBodyForError(response);
+            throw new HttpError(messageFromErrorBody(body, response.statusText), response.status, body);
         }
+        return response;
+    }
+    async request(path, init) {
+        const response = await this.send(path, init);
         if (response.status === 204) {
             return null;
         }
         return response.json();
     }
+    async raw(path, init) {
+        const response = await this.send(path, init);
+        return {
+            response,
+            blob: () => response.blob(),
+            arrayBuffer: () => response.arrayBuffer(),
+            text: () => response.text(),
+        };
+    }
+    async blob(path, init) {
+        const raw = await this.raw(path, init);
+        return raw.blob();
+    }
 }

package/dist/types.d.ts

@@ -1,4 +1,4 @@
-import type { SessionBindingRecord as ProtocolSessionBindingRecord, SessionRecord as ProtocolSessionRecord } from "@neta-art/cohub-protocol/model";
+import type { SessionBindingRecord as ProtocolSessionBindingRecord, SessionRecord as ProtocolSessionRecord, SessionTurnIndexItem, SessionTurnRecord } from "@neta-art/cohub-protocol/model";
 import type { ChannelConfig } from "@neta-art/cohub-protocol/gateway";
 import type { ContentBlock } from "@neta-art/cohub-protocol/core";
 import type { MessageRecord } from "@neta-art/cohub-protocol/model";
@@ -6,7 +6,13 @@ export type { ChannelConfig, DiscordChannelConfig, } from "@neta-art/cohub-proto
 export type ApiError = {
     message: string;
 };
-export type { ContentBlock, MessageRecord };
+export type UserRulesResponse = {
+    content: string;
+    updatedAt: string | null;
+    source: "config-space";
+    path: string;
+};
+export type { ContentBlock, MessageRecord, SessionTurnRecord, SessionTurnIndexItem };
 export type SpaceFsEntry = {
     name: string;
     path: string;
@@ -120,6 +126,34 @@ export type SessionMessagesPaginatedResponse = {
     hasMore: boolean;
     nextCursor: number | undefined;
 };
+export type SessionTurnsPaginatedResponse = {
+    session: SessionRecord;
+    turns: SessionTurnRecord[];
+    hasMore: boolean;
+    nextCursor: number | undefined;
+};
+export type SessionTurnIndexResponse = {
+    session: SessionRecord;
+    turns: SessionTurnIndexItem[];
+    hasMore: boolean;
+    nextCursor: number | undefined;
+};
+export type SessionTurnWindowResponse = {
+    session: SessionRecord;
+    turns: SessionTurnRecord[];
+    hasMoreOlder: boolean;
+    hasMoreNewer: boolean;
+    oldestCursor: number | undefined;
+    newestCursor: number | undefined;
+    anchorSequence: number | undefined;
+};
+export type SessionTurnResponse = {
+    session: SessionRecord;
+    turn: SessionTurnRecord;
+};
+export type SessionTurnSignedUrlsResponse = {
+    urls: Record<string, string>;
+};
 export type ModelCatalogEntry = {
     provider: string;
     id: string;
@@ -241,6 +275,44 @@ export type SpaceMember = {
     createdAt: string;
     updatedAt: string;
 };
+export type SpaceMarkKind = "pin";
+export type SpaceMarkResourceType = "session" | "checkpoint" | "file";
+export type SpaceMarkRecord = {
+    id: string;
+    spaceId: string;
+    kind: SpaceMarkKind;
+    resourceType: SpaceMarkResourceType;
+    resourceRef: string;
+    label: string | null;
+    rank: number;
+    createdBy: string;
+    createdAt: string;
+    updatedAt: string;
+};
+export type SpaceMarkListItem = SpaceMarkRecord & {
+    href: string;
+    resource: {
+        title: string;
+        subtitle: string | null;
+        status: string | null;
+    } | null;
+};
+export type ExploreSpaceItem = {
+    space: SpaceRecord;
+    accessAudience: "anonymous" | "signed_in";
+    explore: {
+        rank: number;
+        category: string | null;
+        label: string | null;
+    };
+    latestCheckpoints: CheckpointRecord[];
+    stats: {
+        pinnedCount: number;
+        checkpointCount: number;
+        forkCount: number;
+    };
+    sandboxStatus: string | null;
+};
 export type SpaceAccessPolicy = {
     signed_in_user: SpaceRole | null;
     anonymous_user: SpaceRole | null;

package/dist/websocket.d.ts

@@ -97,6 +97,7 @@ export declare class WebsocketClient {
     private lastPingRequestId;
     private pongDeadlineAt;
     private readonly compactStreamContexts;
+    private readonly patchStreamBuffers;
     state: WebsocketClientState;
     connectionId: string | null;
     private readonly listeners;
@@ -126,6 +127,10 @@ export declare class WebsocketClient {
     private rejectAuthWaiter;
     private handleMessage;
     private rememberCompactStreamContext;
+    private getPatchStreamBufferKey;
+    private handlePatchEnvelope;
+    private enforcePatchStreamBufferLimit;
+    private flushPatchStreamBuffer;
     private handleCompactFrame;
     private startPingLoop;
     private stopPingLoop;

package/dist/websocket.js

@@ -32,6 +32,7 @@ const isRetryableCloseCode = (code) => {
     return true;
 };
 const AUTH_CLOSE_REASON = "authentication failed";
+const PATCH_STREAM_BUFFER_MAX_PENDING = 128;
 const isRecord = (value) => Boolean(value && typeof value === "object" && !Array.isArray(value));
 const compactFrameToPatchOperation = (frame) => {
     if (frame.t === "d")
@@ -82,6 +83,7 @@ export class WebsocketClient {
     lastPingRequestId = null;
     pongDeadlineAt = 0;
     compactStreamContexts = new Map();
+    patchStreamBuffers = new Map();
     state = "idle";
     connectionId = null;
     listeners = createEventMap();
@@ -169,6 +171,8 @@ export class WebsocketClient {
                 const wasConnecting = this.state === "connecting" || this.state === "reconnecting";
                 this.state = "closed";
                 this.ws = null;
+                this.compactStreamContexts.clear();
+                this.patchStreamBuffers.clear();
                 const closeError = new Error(formatCloseMessage(event.code, event.reason));
                 this.rejectAuthWaiter(closeError);
                 const willReconnect = !this.manuallyClosed && this.autoReconnect && isRetryableCloseCode(event.code);
@@ -197,6 +201,8 @@ export class WebsocketClient {
         this.ws?.close(code, reason);
         this.ws = null;
         this.connectPromise = null;
+        this.compactStreamContexts.clear();
+        this.patchStreamBuffers.clear();
     }
     async sendMessage(input) {
         await this.ensureOpen();
@@ -294,6 +300,10 @@ export class WebsocketClient {
         }
         const envelope = result.data;
         this.rememberCompactStreamContext(envelope);
+        if (envelope.type === "session.turn.patch") {
+            this.handlePatchEnvelope(envelope);
+            return;
+        }
         switch (envelope.type) {
             case "system.ready": {
                 const connectionId = typeof envelope.payload.connectionId === "string"
@@ -401,6 +411,9 @@ export class WebsocketClient {
                 sessionId: envelope.sessionId ?? null,
                 turnId,
                 messageId,
+                messageOrdinal: typeof payload.messageOrdinal === "number"
+                    ? payload.messageOrdinal
+                    : null,
                 anchorUserMessageId: typeof payload.anchorUserMessageId === "string"
                     ? payload.anchorUserMessageId
                     : null,
@@ -417,8 +430,89 @@ export class WebsocketClient {
         if (!turnId)
             return;
         for (const [sid, context] of this.compactStreamContexts.entries()) {
-            if (context.turnId === turnId)
+            if (context.turnId === turnId) {
                 this.compactStreamContexts.delete(sid);
+                this.patchStreamBuffers.delete(sid);
+            }
+        }
+    }
+    getPatchStreamBufferKey(envelope) {
+        if (envelope.type !== "session.turn.patch")
+            return null;
+        const payload = envelope.payload;
+        const realtimeMeta = payload._rt && typeof payload._rt === "object"
+            ? payload._rt
+            : null;
+        if (typeof realtimeMeta?.sid === "string" && realtimeMeta.sid.trim()) {
+            return realtimeMeta.sid;
+        }
+        if (typeof payload.turnId === "string" && payload.turnId.trim())
+            return payload.turnId;
+        if (typeof payload.messageId === "string" && payload.messageId.trim())
+            return payload.messageId;
+        return typeof envelope.sessionId === "string" && envelope.sessionId.trim()
+            ? envelope.sessionId
+            : null;
+    }
+    handlePatchEnvelope(envelope) {
+        const payload = envelope.payload;
+        if (typeof payload.seq !== "number" ||
+            typeof payload.baseSeq !== "number" ||
+            !Number.isInteger(payload.seq) ||
+            !Number.isInteger(payload.baseSeq) ||
+            payload.seq < 0 ||
+            payload.baseSeq < 0) {
+            this.emit("event", envelope);
+            return;
+        }
+        const key = this.getPatchStreamBufferKey(envelope);
+        if (!key) {
+            this.emit("event", envelope);
+            return;
+        }
+        if (payload.baseSeq === 0) {
+            const buffer = { nextSeq: payload.seq + 1, pending: new Map() };
+            this.patchStreamBuffers.set(key, buffer);
+            this.emit("event", envelope);
+            this.flushPatchStreamBuffer(buffer);
+            return;
+        }
+        const buffer = this.patchStreamBuffers.get(key);
+        if (!buffer) {
+            this.patchStreamBuffers.set(key, {
+                nextSeq: payload.baseSeq,
+                pending: new Map([[payload.seq, envelope]]),
+            });
+            return;
+        }
+        if (payload.seq < buffer.nextSeq)
+            return;
+        buffer.pending.set(payload.seq, envelope);
+        if (!this.enforcePatchStreamBufferLimit(key, buffer))
+            return;
+        this.flushPatchStreamBuffer(buffer);
+    }
+    enforcePatchStreamBufferLimit(key, buffer) {
+        if (buffer.pending.size <= PATCH_STREAM_BUFFER_MAX_PENDING)
+            return true;
+        this.patchStreamBuffers.delete(key);
+        this.emit("error", {
+            error: new Error(`patch stream buffer overflow: ${key}`),
+            recoverable: true,
+        });
+        return false;
+    }
+    flushPatchStreamBuffer(buffer) {
+        while (true) {
+            const envelope = buffer.pending.get(buffer.nextSeq);
+            if (!envelope)
+                return;
+            const seq = envelope.payload.seq;
+            if (typeof seq !== "number" || !Number.isInteger(seq))
+                return;
+            buffer.pending.delete(buffer.nextSeq);
+            buffer.nextSeq = seq + 1;
+            this.emit("event", envelope);
         }
     }
     handleCompactFrame(frame) {
@@ -448,13 +542,15 @@ export class WebsocketClient {
             payload: {
                 turnId: context.turnId,
                 messageId: context.messageId,
+                messageOrdinal: context.messageOrdinal,
                 anchorUserMessageId: context.anchorUserMessageId,
                 seq: frame.s,
                 baseSeq: frame.b,
                 ops: [op],
+                _rt: { sid: frame.sid },
             },
         };
-        this.emit("event", envelope);
+        this.handlePatchEnvelope(envelope);
     }
     startPingLoop() {
         this.stopPingLoop();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@neta-art/cohub",
-  "version": "1.2.1",
+  "version": "1.3.0",
   "description": "Cohub SDK for spaces, sessions, checkpoints, and realtime agent collaboration.",
   "license": "UNLICENSED",
   "private": false,
@@ -44,7 +44,7 @@
     "README.md"
   ],
   "dependencies": {
-    "@neta-art/cohub-protocol": "1.2.1"
+    "@neta-art/cohub-protocol": "1.2.2"
   },
   "devDependencies": {
     "typescript": "^6.0.3"