@onkernel/sdk 0.23.0 → 0.25.0

package/resources/proxies.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"proxies.mjs","sourceRoot":"","sources":["../src/resources/proxies.ts"],"names":[],"mappings":"AAAA,sFAAsF;OAE/E,EAAE,WAAW,EAAE;OAEf,EAAE,YAAY,EAAE;OAEhB,EAAE,IAAI,EAAE;AAEf,MAAM,OAAO,OAAQ,SAAQ,WAAW;IACtC;;OAEG;IACH,MAAM,CAAC,IAAuB,EAAE,OAAwB;QACtD,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,EAAU,EAAE,OAAwB;QAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAA,YAAY,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC;IACzD,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,OAAwB;QAC3B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,EAAU,EAAE,OAAwB;QACzC,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAA,YAAY,EAAE,EAAE,EAAE;YAC/C,GAAG,OAAO;YACV,OAAO,EAAE,YAAY,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;SAC7D,CAAC,CAAC;IACL,CAAC;CACF"}
+{"version":3,"file":"proxies.mjs","sourceRoot":"","sources":["../src/resources/proxies.ts"],"names":[],"mappings":"AAAA,sFAAsF;OAE/E,EAAE,WAAW,EAAE;OAEf,EAAE,YAAY,EAAE;OAEhB,EAAE,IAAI,EAAE;AAEf,MAAM,OAAO,OAAQ,SAAQ,WAAW;IACtC;;OAEG;IACH,MAAM,CAAC,IAAuB,EAAE,OAAwB;QACtD,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED;;OAEG;IACH,QAAQ,CAAC,EAAU,EAAE,OAAwB;QAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAA,YAAY,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC;IACzD,CAAC;IAED;;OAEG;IACH,IAAI,CAAC,OAAwB;QAC3B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,EAAU,EAAE,OAAwB;QACzC,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAA,YAAY,EAAE,EAAE,EAAE;YAC/C,GAAG,OAAO;YACV,OAAO,EAAE,YAAY,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;SAC7D,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,EAAU,EAAE,OAAwB;QACxC,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAA,YAAY,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChE,CAAC;CACF"}

package/src/client.ts

@@ -22,18 +22,25 @@ import { AppListParams, AppListResponse, AppListResponsesOffsetPagination, Apps
 import {
   BrowserPool,
   BrowserPoolAcquireParams,
-  BrowserPoolAcquireRequest,
   BrowserPoolAcquireResponse,
   BrowserPoolCreateParams,
   BrowserPoolDeleteParams,
   BrowserPoolListResponse,
   BrowserPoolReleaseParams,
-  BrowserPoolReleaseRequest,
-  BrowserPoolRequest,
   BrowserPoolUpdateParams,
-  BrowserPoolUpdateRequest,
   BrowserPools,
 } from './resources/browser-pools';
+import {
+  CreateCredentialRequest,
+  Credential,
+  CredentialCreateParams,
+  CredentialListParams,
+  CredentialTotpCodeResponse,
+  CredentialUpdateParams,
+  Credentials,
+  CredentialsOffsetPagination,
+  UpdateCredentialRequest,
+} from './resources/credentials';
 import {
   DeploymentCreateParams,
   DeploymentCreateResponse,
@@ -71,6 +78,7 @@ import {
 import { ProfileCreateParams, ProfileListResponse, Profiles } from './resources/profiles';
 import {
   Proxies,
+  ProxyCheckResponse,
   ProxyCreateParams,
   ProxyCreateResponse,
   ProxyListResponse,
@@ -861,6 +869,7 @@ export class Kernel {
   extensions: API.Extensions = new API.Extensions(this);
   browserPools: API.BrowserPools = new API.BrowserPools(this);
   agents: API.Agents = new API.Agents(this);
+  credentials: API.Credentials = new API.Credentials(this);
 }
 
 Kernel.Deployments = Deployments;
@@ -872,6 +881,7 @@ Kernel.Proxies = Proxies;
 Kernel.Extensions = Extensions;
 Kernel.BrowserPools = BrowserPools;
 Kernel.Agents = Agents;
+Kernel.Credentials = Credentials;
 
 export declare namespace Kernel {
   export type RequestOptions = Opts.RequestOptions;
@@ -942,6 +952,7 @@ export declare namespace Kernel {
     type ProxyCreateResponse as ProxyCreateResponse,
     type ProxyRetrieveResponse as ProxyRetrieveResponse,
     type ProxyListResponse as ProxyListResponse,
+    type ProxyCheckResponse as ProxyCheckResponse,
     type ProxyCreateParams as ProxyCreateParams,
   };
 
@@ -956,10 +967,6 @@ export declare namespace Kernel {
   export {
     BrowserPools as BrowserPools,
     type BrowserPool as BrowserPool,
-    type BrowserPoolAcquireRequest as BrowserPoolAcquireRequest,
-    type BrowserPoolReleaseRequest as BrowserPoolReleaseRequest,
-    type BrowserPoolRequest as BrowserPoolRequest,
-    type BrowserPoolUpdateRequest as BrowserPoolUpdateRequest,
     type BrowserPoolListResponse as BrowserPoolListResponse,
     type BrowserPoolAcquireResponse as BrowserPoolAcquireResponse,
     type BrowserPoolCreateParams as BrowserPoolCreateParams,
@@ -971,6 +978,18 @@ export declare namespace Kernel {
 
   export { Agents as Agents };
 
+  export {
+    Credentials as Credentials,
+    type CreateCredentialRequest as CreateCredentialRequest,
+    type Credential as Credential,
+    type UpdateCredentialRequest as UpdateCredentialRequest,
+    type CredentialTotpCodeResponse as CredentialTotpCodeResponse,
+    type CredentialsOffsetPagination as CredentialsOffsetPagination,
+    type CredentialCreateParams as CredentialCreateParams,
+    type CredentialUpdateParams as CredentialUpdateParams,
+    type CredentialListParams as CredentialListParams,
+  };
+
   export type AppAction = API.AppAction;
   export type BrowserExtension = API.BrowserExtension;
   export type BrowserProfile = API.BrowserProfile;

package/src/resources/agents/agents.ts

@@ -3,7 +3,6 @@
 import { APIResource } from '../../core/resource';
 import * as AuthAPI from './auth/auth';
 import {
-  AgentAuthDiscoverResponse,
   AgentAuthInvocationResponse,
   AgentAuthSubmitResponse,
   Auth,
@@ -26,7 +25,6 @@ Agents.Auth = Auth;
 export declare namespace Agents {
   export {
     Auth as Auth,
-    type AgentAuthDiscoverResponse as AgentAuthDiscoverResponse,
     type AgentAuthInvocationResponse as AgentAuthInvocationResponse,
     type AgentAuthSubmitResponse as AgentAuthSubmitResponse,
     type AuthAgent as AuthAgent,

package/src/resources/agents/auth/auth.ts

@@ -4,7 +4,6 @@ import { APIResource } from '../../../core/resource';
 import * as InvocationsAPI from './invocations';
 import {
   InvocationCreateParams,
-  InvocationDiscoverParams,
   InvocationExchangeParams,
   InvocationExchangeResponse,
   InvocationSubmitParams,
@@ -12,6 +11,7 @@ import {
 } from './invocations';
 import { APIPromise } from '../../../core/api-promise';
 import { OffsetPagination, type OffsetPaginationParams, PagePromise } from '../../../core/pagination';
+import { buildHeaders } from '../../../internal/headers';
 import { RequestOptions } from '../../../internal/request-options';
 import { path } from '../../../internal/utils/path';
 
@@ -27,8 +27,8 @@ export class Auth extends APIResource {
    * @example
    * ```ts
    * const authAgent = await client.agents.auth.create({
+   *   domain: 'netflix.com',
    *   profile_name: 'user-123',
-   *   target_domain: 'netflix.com',
    * });
    * ```
    */
@@ -50,7 +50,7 @@ export class Auth extends APIResource {
   }
 
   /**
-   * List auth agents with optional filters for profile_name and target_domain.
+   * List auth agents with optional filters for profile_name and domain.
    *
    * @example
    * ```ts
@@ -66,109 +66,136 @@ export class Auth extends APIResource {
   ): PagePromise<AuthAgentsOffsetPagination, AuthAgent> {
     return this._client.getAPIList('/agents/auth', OffsetPagination<AuthAgent>, { query, ...options });
   }
+
+  /**
+   * Deletes an auth agent and terminates its workflow. This will:
+   *
+   * - Soft delete the auth agent record
+   * - Gracefully terminate the agent's Temporal workflow
+   * - Cancel any in-progress invocations
+   *
+   * @example
+   * ```ts
+   * await client.agents.auth.delete('id');
+   * ```
+   */
+  delete(id: string, options?: RequestOptions): APIPromise<void> {
+    return this._client.delete(path`/agents/auth/${id}`, {
+      ...options,
+      headers: buildHeaders([{ Accept: '*/*' }, options?.headers]),
+    });
+  }
 }
 
 export type AuthAgentsOffsetPagination = OffsetPagination<AuthAgent>;
 
 /**
- * Response from discover endpoint matching AuthBlueprint schema
+ * Response from get invocation endpoint
  */
-export interface AgentAuthDiscoverResponse {
-  /**
-   * Whether discovery succeeded
-   */
-  success: boolean;
-
+export interface AgentAuthInvocationResponse {
   /**
-   * Error message if discovery failed
+   * App name (org name at time of invocation creation)
    */
-  error_message?: string;
+  app_name: string;
 
   /**
-   * Discovered form fields (present when success is true)
+   * Domain for authentication
    */
-  fields?: Array<DiscoveredField>;
+  domain: string;
 
   /**
-   * Whether user is already logged in
+   * When the handoff code expires
    */
-  logged_in?: boolean;
+  expires_at: string;
 
   /**
-   * URL of the discovered login page
+   * Invocation status
    */
-  login_url?: string;
+  status: 'IN_PROGRESS' | 'SUCCESS' | 'EXPIRED' | 'CANCELED' | 'FAILED';
 
   /**
-   * Title of the login page
+   * Current step in the invocation workflow
    */
-  page_title?: string;
-}
+  step:
+    | 'initialized'
+    | 'discovering'
+    | 'awaiting_input'
+    | 'awaiting_external_action'
+    | 'submitting'
+    | 'completed'
+    | 'expired';
 
-/**
- * Response from get invocation endpoint
- */
-export interface AgentAuthInvocationResponse {
   /**
-   * App name (org name at time of invocation creation)
+   * The invocation type:
+   *
+   * - login: First-time authentication
+   * - reauth: Re-authentication for previously authenticated agents
+   * - auto_login: Legacy type (no longer created, kept for backward compatibility)
    */
-  app_name: string;
+  type: 'login' | 'auto_login' | 'reauth';
 
   /**
-   * When the handoff code expires
+   * Error message explaining why the invocation failed (present when status=FAILED)
    */
-  expires_at: string;
+  error_message?: string | null;
 
   /**
-   * Invocation status
+   * Instructions for user when external action is required (present when
+   * step=awaiting_external_action)
    */
-  status: 'IN_PROGRESS' | 'SUCCESS' | 'EXPIRED' | 'CANCELED';
+  external_action_message?: string | null;
 
   /**
-   * Target domain for authentication
+   * Browser live view URL for debugging the invocation
    */
-  target_domain: string;
-}
+  live_view_url?: string | null;
 
-/**
- * Response from submit endpoint matching SubmitResult schema
- */
-export interface AgentAuthSubmitResponse {
   /**
-   * Whether submission succeeded
+   * Fields currently awaiting input (present when step=awaiting_input)
    */
-  success: boolean;
+  pending_fields?: Array<DiscoveredField> | null;
 
   /**
-   * Additional fields needed (e.g., OTP) - present when needs_additional_auth is
-   * true
+   * SSO buttons available on the page (present when step=awaiting_input)
    */
-  additional_fields?: Array<DiscoveredField>;
+  pending_sso_buttons?: Array<AgentAuthInvocationResponse.PendingSSOButton> | null;
 
   /**
-   * App name (only present when logged_in is true)
+   * Names of fields that have been submitted (present when step=submitting or later)
    */
-  app_name?: string;
+  submitted_fields?: Array<string> | null;
+}
 
+export namespace AgentAuthInvocationResponse {
   /**
-   * Error message if submission failed
+   * An SSO button for signing in with an external identity provider
    */
-  error_message?: string;
+  export interface PendingSSOButton {
+    /**
+     * Visible button text
+     */
+    label: string;
 
-  /**
-   * Whether user is now logged in
-   */
-  logged_in?: boolean;
+    /**
+     * Identity provider name
+     */
+    provider: string;
 
-  /**
-   * Whether additional authentication fields are needed
-   */
-  needs_additional_auth?: boolean;
+    /**
+     * XPath selector for the button
+     */
+    selector: string;
+  }
+}
 
+/**
+ * Response from submit endpoint - returns immediately after submission is accepted
+ */
+export interface AgentAuthSubmitResponse {
   /**
-   * Target domain (only present when logged_in is true)
+   * Whether the submission was accepted for processing
    */
-  target_domain?: string;
+  accepted: boolean;
 }
 
 /**
@@ -196,6 +223,34 @@ export interface AuthAgent {
    */
   status: 'AUTHENTICATED' | 'NEEDS_AUTH';
 
+  /**
+   * Additional domains that are valid for this auth agent's authentication flow
+   * (besides the primary domain). Useful when login pages redirect to different
+   * domains.
+   */
+  allowed_domains?: Array<string>;
+
+  /**
+   * Whether automatic re-authentication is possible (has credential_id, selectors,
+   * and login_url)
+   */
+  can_reauth?: boolean;
+
+  /**
+   * ID of the linked credential for automatic re-authentication
+   */
+  credential_id?: string;
+
+  /**
+   * Name of the linked credential for automatic re-authentication
+   */
+  credential_name?: string;
+
+  /**
+   * Whether this auth agent has stored selectors for deterministic re-authentication
+   */
+  has_selectors?: boolean;
+
   /**
    * When the last authentication check was performed
    */
@@ -206,15 +261,29 @@ export interface AuthAgent {
  * Request to create or find an auth agent
  */
 export interface AuthAgentCreateRequest {
+  /**
+   * Domain for authentication
+   */
+  domain: string;
+
   /**
    * Name of the profile to use for this auth agent
    */
   profile_name: string;
 
   /**
-   * Target domain for authentication
+   * Additional domains that are valid for this auth agent's authentication flow
+   * (besides the primary domain). Useful when login pages redirect to different
+   * domains.
+   */
+  allowed_domains?: Array<string>;
+
+  /**
+   * Optional name of an existing credential to use for this auth agent. If provided,
+   * the credential will be linked to the agent and its values will be used to
+   * auto-fill the login form on invocation.
    */
-  target_domain: string;
+  credential_name?: string;
 
   /**
    * Optional login page URL. If provided, will be stored on the agent and used to
@@ -248,31 +317,47 @@ export interface AuthAgentInvocationCreateRequest {
    * ID of the auth agent to create an invocation for
    */
   auth_agent_id: string;
+
+  /**
+   * If provided, saves the submitted credentials under this name upon successful
+   * login. The credential will be linked to the auth agent for automatic
+   * re-authentication.
+   */
+  save_credential_as?: string;
 }
 
 /**
- * Response from creating an auth agent invocation
+ * Response from creating an invocation. Always returns an invocation_id.
  */
 export interface AuthAgentInvocationCreateResponse {
   /**
-   * When the handoff code expires
+   * When the handoff code expires.
    */
   expires_at: string;
 
   /**
-   * One-time code for handoff
+   * One-time code for handoff.
    */
   handoff_code: string;
 
   /**
-   * URL to redirect user to
+   * URL to redirect user to.
    */
   hosted_url: string;
 
   /**
-   * Unique identifier for the invocation
+   * Unique identifier for the invocation.
    */
   invocation_id: string;
+
+  /**
+   * The invocation type:
+   *
+   * - login: First-time authentication
+   * - reauth: Re-authentication for previously authenticated agents
+   * - auto_login: Legacy type (no longer created, kept for backward compatibility)
+   */
+  type: 'login' | 'auto_login' | 'reauth';
 }
 
 /**
@@ -297,7 +382,7 @@ export interface DiscoveredField {
   /**
    * Field type
    */
-  type: 'text' | 'email' | 'password' | 'tel' | 'number' | 'url' | 'code';
+  type: 'text' | 'email' | 'password' | 'tel' | 'number' | 'url' | 'code' | 'totp';
 
   /**
    * Field placeholder
@@ -311,15 +396,29 @@ export interface DiscoveredField {
 }
 
 export interface AuthCreateParams {
+  /**
+   * Domain for authentication
+   */
+  domain: string;
+
   /**
    * Name of the profile to use for this auth agent
    */
   profile_name: string;
 
   /**
-   * Target domain for authentication
+   * Additional domains that are valid for this auth agent's authentication flow
+   * (besides the primary domain). Useful when login pages redirect to different
+   * domains.
+   */
+  allowed_domains?: Array<string>;
+
+  /**
+   * Optional name of an existing credential to use for this auth agent. If provided,
+   * the credential will be linked to the agent and its values will be used to
+   * auto-fill the login form on invocation.
    */
-  target_domain: string;
+  credential_name?: string;
 
   /**
    * Optional login page URL. If provided, will be stored on the agent and used to
@@ -347,21 +446,20 @@ export namespace AuthCreateParams {
 
 export interface AuthListParams extends OffsetPaginationParams {
   /**
-   * Filter by profile name
+   * Filter by domain
    */
-  profile_name?: string;
+  domain?: string;
 
   /**
-   * Filter by target domain
+   * Filter by profile name
    */
-  target_domain?: string;
+  profile_name?: string;
 }
 
 Auth.Invocations = Invocations;
 
 export declare namespace Auth {
   export {
-    type AgentAuthDiscoverResponse as AgentAuthDiscoverResponse,
     type AgentAuthInvocationResponse as AgentAuthInvocationResponse,
     type AgentAuthSubmitResponse as AgentAuthSubmitResponse,
     type AuthAgent as AuthAgent,
@@ -378,7 +476,6 @@ export declare namespace Auth {
     Invocations as Invocations,
     type InvocationExchangeResponse as InvocationExchangeResponse,
     type InvocationCreateParams as InvocationCreateParams,
-    type InvocationDiscoverParams as InvocationDiscoverParams,
     type InvocationExchangeParams as InvocationExchangeParams,
     type InvocationSubmitParams as InvocationSubmitParams,
   };

package/src/resources/agents/auth/index.ts

@@ -2,7 +2,6 @@
 
 export {
   Auth,
-  type AgentAuthDiscoverResponse,
   type AgentAuthInvocationResponse,
   type AgentAuthSubmitResponse,
   type AuthAgent,
@@ -18,7 +17,6 @@ export {
   Invocations,
   type InvocationExchangeResponse,
   type InvocationCreateParams,
-  type InvocationDiscoverParams,
   type InvocationExchangeParams,
   type InvocationSubmitParams,
 } from './invocations';

package/src/resources/agents/auth/invocations.ts

@@ -28,8 +28,8 @@ export class Invocations extends APIResource {
   }
 
   /**
-   * Returns invocation details including app_name and target_domain. Uses the JWT
-   * returned by the exchange endpoint, or standard API key or JWT authentication.
+   * Returns invocation details including status, app_name, and domain. Supports both
+   * API key and JWT (from exchange endpoint) authentication.
    *
    * @example
    * ```ts
@@ -43,27 +43,6 @@ export class Invocations extends APIResource {
     return this._client.get(path`/agents/auth/invocations/${invocationID}`, options);
   }
 
-  /**
-   * Inspects the target site to detect logged-in state or discover required fields.
-   * Returns 200 with success: true when fields are found, or 4xx/5xx for failures.
-   * Requires the JWT returned by the exchange endpoint.
-   *
-   * @example
-   * ```ts
-   * const agentAuthDiscoverResponse =
-   *   await client.agents.auth.invocations.discover(
-   *     'invocation_id',
-   *   );
-   * ```
-   */
-  discover(
-    invocationID: string,
-    body: InvocationDiscoverParams | null | undefined = {},
-    options?: RequestOptions,
-  ): APIPromise<AuthAPI.AgentAuthDiscoverResponse> {
-    return this._client.post(path`/agents/auth/invocations/${invocationID}/discover`, { body, ...options });
-  }
-
   /**
    * Validates the handoff code and returns a JWT token for subsequent requests. No
    * authentication required (the handoff code serves as the credential).
@@ -86,8 +65,9 @@ export class Invocations extends APIResource {
   }
 
   /**
-   * Submits field values for the discovered login form and may return additional
-   * auth fields or success. Requires the JWT returned by the exchange endpoint.
+   * Submits field values for the discovered login form. Returns immediately after
+   * submission is accepted. Poll the invocation endpoint to track progress and get
+   * results.
    *
    * @example
    * ```ts
@@ -132,14 +112,13 @@ export interface InvocationCreateParams {
    * ID of the auth agent to create an invocation for
    */
   auth_agent_id: string;
-}
 
-export interface InvocationDiscoverParams {
   /**
-   * Optional login page URL. If provided, will override the stored login URL for
-   * this discovery invocation and skip Phase 1 discovery.
+   * If provided, saves the submitted credentials under this name upon successful
+   * login. The credential will be linked to the auth agent for automatic
+   * re-authentication.
    */
-  login_url?: string;
+  save_credential_as?: string;
 }
 
 export interface InvocationExchangeParams {
@@ -149,18 +128,28 @@ export interface InvocationExchangeParams {
   code: string;
 }
 
-export interface InvocationSubmitParams {
-  /**
-   * Values for the discovered login fields
-   */
-  field_values: { [key: string]: string };
+export type InvocationSubmitParams = InvocationSubmitParams.Variant0 | InvocationSubmitParams.Variant1;
+
+export declare namespace InvocationSubmitParams {
+  export interface Variant0 {
+    /**
+     * Values for the discovered login fields
+     */
+    field_values: { [key: string]: string };
+  }
+
+  export interface Variant1 {
+    /**
+     * Selector of SSO button to click
+     */
+    sso_button: string;
+  }
 }
 
 export declare namespace Invocations {
   export {
     type InvocationExchangeResponse as InvocationExchangeResponse,
     type InvocationCreateParams as InvocationCreateParams,
-    type InvocationDiscoverParams as InvocationDiscoverParams,
     type InvocationExchangeParams as InvocationExchangeParams,
     type InvocationSubmitParams as InvocationSubmitParams,
   };

package/src/resources/agents/index.ts

@@ -3,7 +3,6 @@
 export { Agents } from './agents';
 export {
   Auth,
-  type AgentAuthDiscoverResponse,
   type AgentAuthInvocationResponse,
   type AgentAuthSubmitResponse,
   type AuthAgent,