@onkernel/sdk 0.21.0 → 0.23.0

package/src/resources/agents/auth/auth.ts

@@ -0,0 +1,385 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+import { APIResource } from '../../../core/resource';
+import * as InvocationsAPI from './invocations';
+import {
+  InvocationCreateParams,
+  InvocationDiscoverParams,
+  InvocationExchangeParams,
+  InvocationExchangeResponse,
+  InvocationSubmitParams,
+  Invocations,
+} from './invocations';
+import { APIPromise } from '../../../core/api-promise';
+import { OffsetPagination, type OffsetPaginationParams, PagePromise } from '../../../core/pagination';
+import { RequestOptions } from '../../../internal/request-options';
+import { path } from '../../../internal/utils/path';
+
+export class Auth extends APIResource {
+  invocations: InvocationsAPI.Invocations = new InvocationsAPI.Invocations(this._client);
+
+  /**
+   * Creates a new auth agent for the specified domain and profile combination, or
+   * returns an existing one if it already exists. This is idempotent - calling with
+   * the same domain and profile will return the same agent. Does NOT start an
+   * invocation - use POST /agents/auth/invocations to start an auth flow.
+   *
+   * @example
+   * ```ts
+   * const authAgent = await client.agents.auth.create({
+   *   profile_name: 'user-123',
+   *   target_domain: 'netflix.com',
+   * });
+   * ```
+   */
+  create(body: AuthCreateParams, options?: RequestOptions): APIPromise<AuthAgent> {
+    return this._client.post('/agents/auth', { body, ...options });
+  }
+
+  /**
+   * Retrieve an auth agent by its ID. Returns the current authentication status of
+   * the managed profile.
+   *
+   * @example
+   * ```ts
+   * const authAgent = await client.agents.auth.retrieve('id');
+   * ```
+   */
+  retrieve(id: string, options?: RequestOptions): APIPromise<AuthAgent> {
+    return this._client.get(path`/agents/auth/${id}`, options);
+  }
+
+  /**
+   * List auth agents with optional filters for profile_name and target_domain.
+   *
+   * @example
+   * ```ts
+   * // Automatically fetches more pages as needed.
+   * for await (const authAgent of client.agents.auth.list()) {
+   *   // ...
+   * }
+   * ```
+   */
+  list(
+    query: AuthListParams | null | undefined = {},
+    options?: RequestOptions,
+  ): PagePromise<AuthAgentsOffsetPagination, AuthAgent> {
+    return this._client.getAPIList('/agents/auth', OffsetPagination<AuthAgent>, { query, ...options });
+  }
+}
+
+export type AuthAgentsOffsetPagination = OffsetPagination<AuthAgent>;
+
+/**
+ * Response from discover endpoint matching AuthBlueprint schema
+ */
+export interface AgentAuthDiscoverResponse {
+  /**
+   * Whether discovery succeeded
+   */
+  success: boolean;
+
+  /**
+   * Error message if discovery failed
+   */
+  error_message?: string;
+
+  /**
+   * Discovered form fields (present when success is true)
+   */
+  fields?: Array<DiscoveredField>;
+
+  /**
+   * Whether user is already logged in
+   */
+  logged_in?: boolean;
+
+  /**
+   * URL of the discovered login page
+   */
+  login_url?: string;
+
+  /**
+   * Title of the login page
+   */
+  page_title?: string;
+}
+
+/**
+ * Response from get invocation endpoint
+ */
+export interface AgentAuthInvocationResponse {
+  /**
+   * App name (org name at time of invocation creation)
+   */
+  app_name: string;
+
+  /**
+   * When the handoff code expires
+   */
+  expires_at: string;
+
+  /**
+   * Invocation status
+   */
+  status: 'IN_PROGRESS' | 'SUCCESS' | 'EXPIRED' | 'CANCELED';
+
+  /**
+   * Target domain for authentication
+   */
+  target_domain: string;
+}
+
+/**
+ * Response from submit endpoint matching SubmitResult schema
+ */
+export interface AgentAuthSubmitResponse {
+  /**
+   * Whether submission succeeded
+   */
+  success: boolean;
+
+  /**
+   * Additional fields needed (e.g., OTP) - present when needs_additional_auth is
+   * true
+   */
+  additional_fields?: Array<DiscoveredField>;
+
+  /**
+   * App name (only present when logged_in is true)
+   */
+  app_name?: string;
+
+  /**
+   * Error message if submission failed
+   */
+  error_message?: string;
+
+  /**
+   * Whether user is now logged in
+   */
+  logged_in?: boolean;
+
+  /**
+   * Whether additional authentication fields are needed
+   */
+  needs_additional_auth?: boolean;
+
+  /**
+   * Target domain (only present when logged_in is true)
+   */
+  target_domain?: string;
+}
+
+/**
+ * An auth agent that manages authentication for a specific domain and profile
+ * combination
+ */
+export interface AuthAgent {
+  /**
+   * Unique identifier for the auth agent
+   */
+  id: string;
+
+  /**
+   * Target domain for authentication
+   */
+  domain: string;
+
+  /**
+   * Name of the profile associated with this auth agent
+   */
+  profile_name: string;
+
+  /**
+   * Current authentication status of the managed profile
+   */
+  status: 'AUTHENTICATED' | 'NEEDS_AUTH';
+
+  /**
+   * When the last authentication check was performed
+   */
+  last_auth_check_at?: string;
+}
+
+/**
+ * Request to create or find an auth agent
+ */
+export interface AuthAgentCreateRequest {
+  /**
+   * Name of the profile to use for this auth agent
+   */
+  profile_name: string;
+
+  /**
+   * Target domain for authentication
+   */
+  target_domain: string;
+
+  /**
+   * Optional login page URL. If provided, will be stored on the agent and used to
+   * skip discovery in future invocations.
+   */
+  login_url?: string;
+
+  /**
+   * Optional proxy configuration
+   */
+  proxy?: AuthAgentCreateRequest.Proxy;
+}
+
+export namespace AuthAgentCreateRequest {
+  /**
+   * Optional proxy configuration
+   */
+  export interface Proxy {
+    /**
+     * ID of the proxy to use
+     */
+    proxy_id?: string;
+  }
+}
+
+/**
+ * Request to create an invocation for an existing auth agent
+ */
+export interface AuthAgentInvocationCreateRequest {
+  /**
+   * ID of the auth agent to create an invocation for
+   */
+  auth_agent_id: string;
+}
+
+/**
+ * Response from creating an auth agent invocation
+ */
+export interface AuthAgentInvocationCreateResponse {
+  /**
+   * When the handoff code expires
+   */
+  expires_at: string;
+
+  /**
+   * One-time code for handoff
+   */
+  handoff_code: string;
+
+  /**
+   * URL to redirect user to
+   */
+  hosted_url: string;
+
+  /**
+   * Unique identifier for the invocation
+   */
+  invocation_id: string;
+}
+
+/**
+ * A discovered form field
+ */
+export interface DiscoveredField {
+  /**
+   * Field label
+   */
+  label: string;
+
+  /**
+   * Field name
+   */
+  name: string;
+
+  /**
+   * CSS selector for the field
+   */
+  selector: string;
+
+  /**
+   * Field type
+   */
+  type: 'text' | 'email' | 'password' | 'tel' | 'number' | 'url' | 'code';
+
+  /**
+   * Field placeholder
+   */
+  placeholder?: string;
+
+  /**
+   * Whether field is required
+   */
+  required?: boolean;
+}
+
+export interface AuthCreateParams {
+  /**
+   * Name of the profile to use for this auth agent
+   */
+  profile_name: string;
+
+  /**
+   * Target domain for authentication
+   */
+  target_domain: string;
+
+  /**
+   * Optional login page URL. If provided, will be stored on the agent and used to
+   * skip discovery in future invocations.
+   */
+  login_url?: string;
+
+  /**
+   * Optional proxy configuration
+   */
+  proxy?: AuthCreateParams.Proxy;
+}
+
+export namespace AuthCreateParams {
+  /**
+   * Optional proxy configuration
+   */
+  export interface Proxy {
+    /**
+     * ID of the proxy to use
+     */
+    proxy_id?: string;
+  }
+}
+
+export interface AuthListParams extends OffsetPaginationParams {
+  /**
+   * Filter by profile name
+   */
+  profile_name?: string;
+
+  /**
+   * Filter by target domain
+   */
+  target_domain?: string;
+}
+
+Auth.Invocations = Invocations;
+
+export declare namespace Auth {
+  export {
+    type AgentAuthDiscoverResponse as AgentAuthDiscoverResponse,
+    type AgentAuthInvocationResponse as AgentAuthInvocationResponse,
+    type AgentAuthSubmitResponse as AgentAuthSubmitResponse,
+    type AuthAgent as AuthAgent,
+    type AuthAgentCreateRequest as AuthAgentCreateRequest,
+    type AuthAgentInvocationCreateRequest as AuthAgentInvocationCreateRequest,
+    type AuthAgentInvocationCreateResponse as AuthAgentInvocationCreateResponse,
+    type DiscoveredField as DiscoveredField,
+    type AuthAgentsOffsetPagination as AuthAgentsOffsetPagination,
+    type AuthCreateParams as AuthCreateParams,
+    type AuthListParams as AuthListParams,
+  };
+
+  export {
+    Invocations as Invocations,
+    type InvocationExchangeResponse as InvocationExchangeResponse,
+    type InvocationCreateParams as InvocationCreateParams,
+    type InvocationDiscoverParams as InvocationDiscoverParams,
+    type InvocationExchangeParams as InvocationExchangeParams,
+    type InvocationSubmitParams as InvocationSubmitParams,
+  };
+}

package/src/resources/agents/auth/index.ts

@@ -0,0 +1,24 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+export {
+  Auth,
+  type AgentAuthDiscoverResponse,
+  type AgentAuthInvocationResponse,
+  type AgentAuthSubmitResponse,
+  type AuthAgent,
+  type AuthAgentCreateRequest,
+  type AuthAgentInvocationCreateRequest,
+  type AuthAgentInvocationCreateResponse,
+  type DiscoveredField,
+  type AuthCreateParams,
+  type AuthListParams,
+  type AuthAgentsOffsetPagination,
+} from './auth';
+export {
+  Invocations,
+  type InvocationExchangeResponse,
+  type InvocationCreateParams,
+  type InvocationDiscoverParams,
+  type InvocationExchangeParams,
+  type InvocationSubmitParams,
+} from './invocations';

package/src/resources/agents/auth/invocations.ts

@@ -0,0 +1,167 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+import { APIResource } from '../../../core/resource';
+import * as AuthAPI from './auth';
+import { APIPromise } from '../../../core/api-promise';
+import { RequestOptions } from '../../../internal/request-options';
+import { path } from '../../../internal/utils/path';
+
+export class Invocations extends APIResource {
+  /**
+   * Creates a new authentication invocation for the specified auth agent. This
+   * starts the auth flow and returns a hosted URL for the user to complete
+   * authentication.
+   *
+   * @example
+   * ```ts
+   * const authAgentInvocationCreateResponse =
+   *   await client.agents.auth.invocations.create({
+   *     auth_agent_id: 'abc123xyz',
+   *   });
+   * ```
+   */
+  create(
+    body: InvocationCreateParams,
+    options?: RequestOptions,
+  ): APIPromise<AuthAPI.AuthAgentInvocationCreateResponse> {
+    return this._client.post('/agents/auth/invocations', { body, ...options });
+  }
+
+  /**
+   * Returns invocation details including app_name and target_domain. Uses the JWT
+   * returned by the exchange endpoint, or standard API key or JWT authentication.
+   *
+   * @example
+   * ```ts
+   * const agentAuthInvocationResponse =
+   *   await client.agents.auth.invocations.retrieve(
+   *     'invocation_id',
+   *   );
+   * ```
+   */
+  retrieve(invocationID: string, options?: RequestOptions): APIPromise<AuthAPI.AgentAuthInvocationResponse> {
+    return this._client.get(path`/agents/auth/invocations/${invocationID}`, options);
+  }
+
+  /**
+   * Inspects the target site to detect logged-in state or discover required fields.
+   * Returns 200 with success: true when fields are found, or 4xx/5xx for failures.
+   * Requires the JWT returned by the exchange endpoint.
+   *
+   * @example
+   * ```ts
+   * const agentAuthDiscoverResponse =
+   *   await client.agents.auth.invocations.discover(
+   *     'invocation_id',
+   *   );
+   * ```
+   */
+  discover(
+    invocationID: string,
+    body: InvocationDiscoverParams | null | undefined = {},
+    options?: RequestOptions,
+  ): APIPromise<AuthAPI.AgentAuthDiscoverResponse> {
+    return this._client.post(path`/agents/auth/invocations/${invocationID}/discover`, { body, ...options });
+  }
+
+  /**
+   * Validates the handoff code and returns a JWT token for subsequent requests. No
+   * authentication required (the handoff code serves as the credential).
+   *
+   * @example
+   * ```ts
+   * const response =
+   *   await client.agents.auth.invocations.exchange(
+   *     'invocation_id',
+   *     { code: 'abc123xyz' },
+   *   );
+   * ```
+   */
+  exchange(
+    invocationID: string,
+    body: InvocationExchangeParams,
+    options?: RequestOptions,
+  ): APIPromise<InvocationExchangeResponse> {
+    return this._client.post(path`/agents/auth/invocations/${invocationID}/exchange`, { body, ...options });
+  }
+
+  /**
+   * Submits field values for the discovered login form and may return additional
+   * auth fields or success. Requires the JWT returned by the exchange endpoint.
+   *
+   * @example
+   * ```ts
+   * const agentAuthSubmitResponse =
+   *   await client.agents.auth.invocations.submit(
+   *     'invocation_id',
+   *     {
+   *       field_values: {
+   *         email: 'user@example.com',
+   *         password: '********',
+   *       },
+   *     },
+   *   );
+   * ```
+   */
+  submit(
+    invocationID: string,
+    body: InvocationSubmitParams,
+    options?: RequestOptions,
+  ): APIPromise<AuthAPI.AgentAuthSubmitResponse> {
+    return this._client.post(path`/agents/auth/invocations/${invocationID}/submit`, { body, ...options });
+  }
+}
+
+/**
+ * Response from exchange endpoint
+ */
+export interface InvocationExchangeResponse {
+  /**
+   * Invocation ID
+   */
+  invocation_id: string;
+
+  /**
+   * JWT token with invocation_id claim (30 minute TTL)
+   */
+  jwt: string;
+}
+
+export interface InvocationCreateParams {
+  /**
+   * ID of the auth agent to create an invocation for
+   */
+  auth_agent_id: string;
+}
+
+export interface InvocationDiscoverParams {
+  /**
+   * Optional login page URL. If provided, will override the stored login URL for
+   * this discovery invocation and skip Phase 1 discovery.
+   */
+  login_url?: string;
+}
+
+export interface InvocationExchangeParams {
+  /**
+   * Handoff code from start endpoint
+   */
+  code: string;
+}
+
+export interface InvocationSubmitParams {
+  /**
+   * Values for the discovered login fields
+   */
+  field_values: { [key: string]: string };
+}
+
+export declare namespace Invocations {
+  export {
+    type InvocationExchangeResponse as InvocationExchangeResponse,
+    type InvocationCreateParams as InvocationCreateParams,
+    type InvocationDiscoverParams as InvocationDiscoverParams,
+    type InvocationExchangeParams as InvocationExchangeParams,
+    type InvocationSubmitParams as InvocationSubmitParams,
+  };
+}

package/src/resources/agents/auth.ts

@@ -0,0 +1,3 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+export * from './auth/index';

package/src/resources/agents/index.ts

@@ -0,0 +1,17 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+export { Agents } from './agents';
+export {
+  Auth,
+  type AgentAuthDiscoverResponse,
+  type AgentAuthInvocationResponse,
+  type AgentAuthSubmitResponse,
+  type AuthAgent,
+  type AuthAgentCreateRequest,
+  type AuthAgentInvocationCreateRequest,
+  type AuthAgentInvocationCreateResponse,
+  type DiscoveredField,
+  type AuthCreateParams,
+  type AuthListParams,
+  type AuthAgentsOffsetPagination,
+} from './auth/index';

package/src/resources/agents.ts

@@ -0,0 +1,3 @@
+// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
+
+export * from './agents/index';

package/src/resources/browser-pools.ts

@@ -266,11 +266,11 @@ export interface BrowserPoolRequest {
 
   /**
    * Initial browser window size in pixels with optional refresh rate. If omitted,
-   * image defaults apply (commonly 1024x768@60). Only specific viewport
-   * configurations are supported. The server will reject unsupported combinations.
-   * Supported resolutions are: 2560x1440@10, 1920x1080@25, 1920x1200@25,
-   * 1440x900@25, 1024x768@60, 1200x800@60 If refresh_rate is not provided, it will
-   * be automatically determined from the width and height if they match a supported
+   * image defaults apply (1920x1080@25). Only specific viewport configurations are
+   * supported. The server will reject unsupported combinations. Supported
+   * resolutions are: 2560x1440@10, 1920x1080@25, 1920x1200@25, 1440x900@25,
+   * 1024x768@60, 1200x800@60 If refresh_rate is not provided, it will be
+   * automatically determined from the width and height if they match a supported
    * configuration exactly. Note: Higher resolutions may affect the responsiveness of
    * live view browser
    */
@@ -284,7 +284,7 @@ export interface BrowserPoolRequest {
 export interface BrowserPoolUpdateRequest extends BrowserPoolRequest {
   /**
    * Whether to discard all idle browsers and rebuild the pool immediately. Defaults
-   * to true.
+   * to false.
    */
   discard_all_idle?: boolean;
 }
@@ -339,7 +339,8 @@ export interface BrowserPoolAcquireResponse {
   kiosk_mode?: boolean;
 
   /**
-   * Optional persistence configuration for the browser session.
+   * @deprecated DEPRECATED: Use timeout_seconds (up to 72 hours) and Profiles
+   * instead.
    */
   persistence?: BrowsersAPI.BrowserPersistence;
 
@@ -355,11 +356,11 @@ export interface BrowserPoolAcquireResponse {
 
   /**
    * Initial browser window size in pixels with optional refresh rate. If omitted,
-   * image defaults apply (commonly 1024x768@60). Only specific viewport
-   * configurations are supported. The server will reject unsupported combinations.
-   * Supported resolutions are: 2560x1440@10, 1920x1080@25, 1920x1200@25,
-   * 1440x900@25, 1024x768@60, 1200x800@60 If refresh_rate is not provided, it will
-   * be automatically determined from the width and height if they match a supported
+   * image defaults apply (1920x1080@25). Only specific viewport configurations are
+   * supported. The server will reject unsupported combinations. Supported
+   * resolutions are: 2560x1440@10, 1920x1080@25, 1920x1200@25, 1440x900@25,
+   * 1024x768@60, 1200x800@60 If refresh_rate is not provided, it will be
+   * automatically determined from the width and height if they match a supported
    * configuration exactly. Note: Higher resolutions may affect the responsiveness of
    * live view browser
    */
@@ -425,11 +426,11 @@ export interface BrowserPoolCreateParams {
 
   /**
    * Initial browser window size in pixels with optional refresh rate. If omitted,
-   * image defaults apply (commonly 1024x768@60). Only specific viewport
-   * configurations are supported. The server will reject unsupported combinations.
-   * Supported resolutions are: 2560x1440@10, 1920x1080@25, 1920x1200@25,
-   * 1440x900@25, 1024x768@60, 1200x800@60 If refresh_rate is not provided, it will
-   * be automatically determined from the width and height if they match a supported
+   * image defaults apply (1920x1080@25). Only specific viewport configurations are
+   * supported. The server will reject unsupported combinations. Supported
+   * resolutions are: 2560x1440@10, 1920x1080@25, 1920x1200@25, 1440x900@25,
+   * 1024x768@60, 1200x800@60 If refresh_rate is not provided, it will be
+   * automatically determined from the width and height if they match a supported
    * configuration exactly. Note: Higher resolutions may affect the responsiveness of
    * live view browser
    */
@@ -444,7 +445,7 @@ export interface BrowserPoolUpdateParams {
 
   /**
    * Whether to discard all idle browsers and rebuild the pool immediately. Defaults
-   * to true.
+   * to false.
    */
   discard_all_idle?: boolean;
 
@@ -501,11 +502,11 @@ export interface BrowserPoolUpdateParams {
 
   /**
    * Initial browser window size in pixels with optional refresh rate. If omitted,
-   * image defaults apply (commonly 1024x768@60). Only specific viewport
-   * configurations are supported. The server will reject unsupported combinations.
-   * Supported resolutions are: 2560x1440@10, 1920x1080@25, 1920x1200@25,
-   * 1440x900@25, 1024x768@60, 1200x800@60 If refresh_rate is not provided, it will
-   * be automatically determined from the width and height if they match a supported
+   * image defaults apply (1920x1080@25). Only specific viewport configurations are
+   * supported. The server will reject unsupported combinations. Supported
+   * resolutions are: 2560x1440@10, 1920x1080@25, 1920x1200@25, 1440x900@25,
+   * 1024x768@60, 1200x800@60 If refresh_rate is not provided, it will be
+   * automatically determined from the width and height if they match a supported
    * configuration exactly. Note: Higher resolutions may affect the responsiveness of
    * live view browser
    */