@omnikit-ai/sdk 2.2.2 → 2.2.4

package/dist/index.d.mts

@@ -10,7 +10,7 @@ export { cleanTokenFromUrl, getAccessToken, isTokenInUrl, removeAccessToken, sav
  * SECURITY: getAccessToken requires service token authentication.
  * Only available to backend functions, not frontend code.
  */
-type ConnectorType = 'slack' | 'google_calendar' | 'gmail' | 'notion' | 'salesforce';
+type ConnectorType = 'slack' | 'google_calendar' | 'gmail' | 'google_sheets' | 'notion' | 'salesforce';
 interface ConnectorAccessTokenResponse {
     success: boolean;
     access_token: string;
@@ -320,13 +320,28 @@ interface EmailParams {
     from_name?: string;
 }
 interface LLMMessage {
-    role: 'system' | 'user' | 'assistant';
+    role: 'system' | 'user' | 'assistant' | 'tool';
     content: string | Array<{
         type: string;
         text?: string;
         file?: any;
         image_url?: any;
     }>;
+    /**
+     * For role="tool" messages - links to the tool_calls[].id from the assistant message.
+     * Required when role is "tool".
+     */
+    tool_call_id?: string;
+    /**
+     * For role="tool" messages - the function name that was called.
+     * Optional but recommended for clarity.
+     */
+    name?: string;
+    /**
+     * For assistant messages - tool calls the assistant wants to make.
+     * Present when the assistant decides to use tools.
+     */
+    tool_calls?: ToolCall[];
 }
 /**
  * Available LLM models:
@@ -1368,19 +1383,20 @@ interface OmnikitClient {
     /**
      * Get a secret value at runtime (for backend functions).
      *
-     * This method securely fetches secrets from the Omnikit API using the app's API key.
-     * Use this in Supabase Edge Functions instead of storing secrets in Supabase's
-     * environment variables to ensure proper isolation between apps.
+     * This method securely fetches secrets from the Omnikit API at runtime.
+     * Secrets are NOT injected into function code - they are fetched via API
+     * to ensure they cannot be leaked through source code, logs, or backups.
      *
      * @example
      * ```typescript
+     * const omnikit = createServerClient(req);
      * const stripeKey = await omnikit.getSecret('STRIPE_SECRET_KEY');
      * const stripe = new Stripe(stripeKey);
      * ```
      *
      * @param secretName - Name of the secret to retrieve
      * @returns The decrypted secret value
-     * @throws Error if the secret is not found or API key is invalid
+     * @throws Error if the secret is not found or service token is invalid
      */
     getSecret(secretName: string): Promise<string>;
 }
@@ -2143,26 +2159,29 @@ declare class APIClient implements OmnikitClient {
     /**
      * Get a secret value at runtime (for backend functions).
      *
-     * This method securely fetches secrets from the Omnikit API using the app's API key.
-     * Use this in Supabase Edge Functions instead of storing secrets in Supabase's
-     * environment variables to ensure proper isolation between apps.
+     * This method securely fetches secrets from the Omnikit API at runtime.
+     * Secrets are NOT injected into function code - they are fetched via API
+     * to ensure they cannot be leaked through source code, logs, or backups.
      *
      * @example
      * ```typescript
      * // In a backend function (Deno Edge Function)
-     * const omnikit = createClient({
-     *   appId: __OMNIKIT_APP_ID__,
-     *   serverUrl: __OMNIKIT_API_URL__,
-     *   apiKey: __OMNIKIT_API_KEY__,
-     * });
+     * import { createServerClient } from '@omnikit-ai/sdk';
      *
-     * const stripeKey = await omnikit.getSecret('STRIPE_SECRET_KEY');
-     * const stripe = new Stripe(stripeKey);
+     * Deno.serve(async (req) => {
+     *   const omnikit = createServerClient(req);
+     *
+     *   // Fetch secret at runtime - secure, never in source code
+     *   const stripeKey = await omnikit.getSecret('STRIPE_SECRET_KEY');
+     *   const stripe = new Stripe(stripeKey);
+     *
+     *   // ... rest of function
+     * });
      * ```
      *
      * @param secretName - Name of the secret to retrieve
      * @returns The decrypted secret value
-     * @throws Error if the secret is not found or API key is invalid
+     * @throws Error if the secret is not found or service token is invalid
      */
     getSecret(secretName: string): Promise<string>;
 }

package/dist/index.d.ts

@@ -10,7 +10,7 @@ export { cleanTokenFromUrl, getAccessToken, isTokenInUrl, removeAccessToken, sav
  * SECURITY: getAccessToken requires service token authentication.
  * Only available to backend functions, not frontend code.
  */
-type ConnectorType = 'slack' | 'google_calendar' | 'gmail' | 'notion' | 'salesforce';
+type ConnectorType = 'slack' | 'google_calendar' | 'gmail' | 'google_sheets' | 'notion' | 'salesforce';
 interface ConnectorAccessTokenResponse {
     success: boolean;
     access_token: string;
@@ -320,13 +320,28 @@ interface EmailParams {
     from_name?: string;
 }
 interface LLMMessage {
-    role: 'system' | 'user' | 'assistant';
+    role: 'system' | 'user' | 'assistant' | 'tool';
     content: string | Array<{
         type: string;
         text?: string;
         file?: any;
         image_url?: any;
     }>;
+    /**
+     * For role="tool" messages - links to the tool_calls[].id from the assistant message.
+     * Required when role is "tool".
+     */
+    tool_call_id?: string;
+    /**
+     * For role="tool" messages - the function name that was called.
+     * Optional but recommended for clarity.
+     */
+    name?: string;
+    /**
+     * For assistant messages - tool calls the assistant wants to make.
+     * Present when the assistant decides to use tools.
+     */
+    tool_calls?: ToolCall[];
 }
 /**
  * Available LLM models:
@@ -1368,19 +1383,20 @@ interface OmnikitClient {
     /**
      * Get a secret value at runtime (for backend functions).
      *
-     * This method securely fetches secrets from the Omnikit API using the app's API key.
-     * Use this in Supabase Edge Functions instead of storing secrets in Supabase's
-     * environment variables to ensure proper isolation between apps.
+     * This method securely fetches secrets from the Omnikit API at runtime.
+     * Secrets are NOT injected into function code - they are fetched via API
+     * to ensure they cannot be leaked through source code, logs, or backups.
      *
      * @example
      * ```typescript
+     * const omnikit = createServerClient(req);
      * const stripeKey = await omnikit.getSecret('STRIPE_SECRET_KEY');
      * const stripe = new Stripe(stripeKey);
      * ```
      *
      * @param secretName - Name of the secret to retrieve
      * @returns The decrypted secret value
-     * @throws Error if the secret is not found or API key is invalid
+     * @throws Error if the secret is not found or service token is invalid
      */
     getSecret(secretName: string): Promise<string>;
 }
@@ -2143,26 +2159,29 @@ declare class APIClient implements OmnikitClient {
     /**
      * Get a secret value at runtime (for backend functions).
      *
-     * This method securely fetches secrets from the Omnikit API using the app's API key.
-     * Use this in Supabase Edge Functions instead of storing secrets in Supabase's
-     * environment variables to ensure proper isolation between apps.
+     * This method securely fetches secrets from the Omnikit API at runtime.
+     * Secrets are NOT injected into function code - they are fetched via API
+     * to ensure they cannot be leaked through source code, logs, or backups.
      *
      * @example
      * ```typescript
      * // In a backend function (Deno Edge Function)
-     * const omnikit = createClient({
-     *   appId: __OMNIKIT_APP_ID__,
-     *   serverUrl: __OMNIKIT_API_URL__,
-     *   apiKey: __OMNIKIT_API_KEY__,
-     * });
+     * import { createServerClient } from '@omnikit-ai/sdk';
      *
-     * const stripeKey = await omnikit.getSecret('STRIPE_SECRET_KEY');
-     * const stripe = new Stripe(stripeKey);
+     * Deno.serve(async (req) => {
+     *   const omnikit = createServerClient(req);
+     *
+     *   // Fetch secret at runtime - secure, never in source code
+     *   const stripeKey = await omnikit.getSecret('STRIPE_SECRET_KEY');
+     *   const stripe = new Stripe(stripeKey);
+     *
+     *   // ... rest of function
+     * });
      * ```
      *
      * @param secretName - Name of the secret to retrieve
      * @returns The decrypted secret value
-     * @throws Error if the secret is not found or API key is invalid
+     * @throws Error if the secret is not found or service token is invalid
      */
     getSecret(secretName: string): Promise<string>;
 }

package/dist/index.js

@@ -1721,7 +1721,7 @@ Example: await ${collectionName}.list({ limit: 100, sort: '-created_at' })`,
             if (options.offset !== void 0) {
               queryParams.append("offset", String(options.offset));
             }
-            if (options.after !== void 0) {
+            if (options.after) {
               queryParams.append("after", options.after);
             }
           }
@@ -2689,43 +2689,52 @@ Example: await ${collectionName}.list({ limit: 100, sort: '-created_at' })`,
   /**
    * Get a secret value at runtime (for backend functions).
    *
-   * This method securely fetches secrets from the Omnikit API using the app's API key.
-   * Use this in Supabase Edge Functions instead of storing secrets in Supabase's
-   * environment variables to ensure proper isolation between apps.
+   * This method securely fetches secrets from the Omnikit API at runtime.
+   * Secrets are NOT injected into function code - they are fetched via API
+   * to ensure they cannot be leaked through source code, logs, or backups.
    *
    * @example
    * ```typescript
    * // In a backend function (Deno Edge Function)
-   * const omnikit = createClient({
-   *   appId: __OMNIKIT_APP_ID__,
-   *   serverUrl: __OMNIKIT_API_URL__,
-   *   apiKey: __OMNIKIT_API_KEY__,
-   * });
+   * import { createServerClient } from '@omnikit-ai/sdk';
+   *
+   * Deno.serve(async (req) => {
+   *   const omnikit = createServerClient(req);
+   *
+   *   // Fetch secret at runtime - secure, never in source code
+   *   const stripeKey = await omnikit.getSecret('STRIPE_SECRET_KEY');
+   *   const stripe = new Stripe(stripeKey);
    *
-   * const stripeKey = await omnikit.getSecret('STRIPE_SECRET_KEY');
-   * const stripe = new Stripe(stripeKey);
+   *   // ... rest of function
+   * });
    * ```
    *
    * @param secretName - Name of the secret to retrieve
    * @returns The decrypted secret value
-   * @throws Error if the secret is not found or API key is invalid
+   * @throws Error if the secret is not found or service token is invalid
    */
   async getSecret(secretName) {
-    if (!this._apiKey) {
+    const authToken = this._serviceToken || this._apiKey;
+    if (!authToken) {
       throw new OmnikitError(
-        "API key is required to fetch secrets. Provide apiKey in config.",
+        "Service token required. Use createServerClient(req) in backend functions.",
         403,
-        "API_KEY_REQUIRED"
+        "AUTH_REQUIRED"
       );
     }
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this._serviceToken) {
+      headers["X-Service-Token"] = this._serviceToken;
+    } else if (this._apiKey) {
+      headers["X-API-Key"] = this._apiKey;
+    }
     const response = await fetch(
       `${this.baseUrl}/apps/${this.appId}/secrets/${secretName}/value`,
       {
         method: "GET",
-        headers: {
-          "X-API-Key": this._apiKey,
-          "Content-Type": "application/json"
-        }
+        headers
       }
     );
     if (!response.ok) {