@onkernel/sdk 0.32.0 → 0.34.0

package/src/resources/auth/connections.ts

@@ -2,7 +2,6 @@
 
 import { APIResource } from '../../core/resource';
 import * as Shared from '../shared';
-import * as AuthAPI from '../agents/auth/auth';
 import { APIPromise } from '../../core/api-promise';
 import { OffsetPagination, type OffsetPaginationParams, PagePromise } from '../../core/pagination';
 import { Stream } from '../../core/streaming';
@@ -12,8 +11,8 @@ import { path } from '../../internal/utils/path';
 
 export class Connections extends APIResource {
   /**
-   * Creates managed authentication for a profile and domain combination. Returns 409
-   * Conflict if managed auth already exists for the given profile and domain.
+   * Creates an auth connection for a profile and domain combination. Returns 409
+   * Conflict if an auth connection already exists for the given profile and domain.
    *
    * @example
    * ```ts
@@ -28,8 +27,8 @@ export class Connections extends APIResource {
   }
 
   /**
-   * Retrieve managed auth by its ID. Includes current flow state if a login is in
-   * progress.
+   * Retrieve an auth connection by its ID. Includes current flow state if a login is
+   * in progress.
    *
    * @example
    * ```ts
@@ -43,7 +42,7 @@ export class Connections extends APIResource {
   }
 
   /**
-   * List managed auths with optional filters for profile_name and domain.
+   * List auth connections with optional filters for profile_name and domain.
    *
    * @example
    * ```ts
@@ -61,9 +60,9 @@ export class Connections extends APIResource {
   }
 
   /**
-   * Deletes managed auth and terminates its workflow. This will:
+   * Deletes an auth connection and terminates its workflow. This will:
    *
-   * - Delete the managed auth record
+   * - Delete the auth connection record
    * - Terminate the Temporal workflow
    * - Cancel any in-progress login flows
    *
@@ -98,8 +97,8 @@ export class Connections extends APIResource {
   }
 
   /**
-   * Starts a login flow for the managed auth. Returns immediately with a hosted URL
-   * for the user to complete authentication, or triggers automatic re-auth if
+   * Starts a login flow for the auth connection. Returns immediately with a hosted
+   * URL for the user to complete authentication, or triggers automatic re-auth if
    * credentials are stored.
    *
    * @example
@@ -118,18 +117,13 @@ export class Connections extends APIResource {
   }
 
   /**
-   * Submits field values for the login form. Poll the managed auth to track progress
-   * and get results.
+   * Submits field values for the login form. Poll the auth connection to track
+   * progress and get results.
    *
    * @example
    * ```ts
    * const submitFieldsResponse =
-   *   await client.auth.connections.submit('id', {
-   *     fields: {
-   *       email: 'user@example.com',
-   *       password: 'secret',
-   *     },
-   *   });
+   *   await client.auth.connections.submit('id');
    * ```
    */
   submit(
@@ -143,22 +137,12 @@ export class Connections extends APIResource {
 
 export type ManagedAuthsOffsetPagination = OffsetPagination<ManagedAuth>;
 
-/**
- * Request to start a login flow
- */
-export interface LoginRequest {
-  /**
-   * If provided, saves credentials under this name upon successful login
-   */
-  save_credential_as?: string;
-}
-
 /**
  * Response from starting a login flow
  */
 export interface LoginResponse {
   /**
-   * Managed auth ID
+   * Auth connection ID
    */
   id: string;
 
@@ -195,7 +179,7 @@ export interface LoginResponse {
  */
 export interface ManagedAuth {
   /**
-   * Unique identifier for the managed auth
+   * Unique identifier for the auth connection
    */
   id: string;
 
@@ -205,10 +189,16 @@ export interface ManagedAuth {
   domain: string;
 
   /**
-   * Name of the profile associated with this managed auth
+   * Name of the profile associated with this auth connection
    */
   profile_name: string;
 
+  /**
+   * Whether credentials are saved after every successful login. One-time codes
+   * (TOTP, SMS, etc.) are not saved.
+   */
+  save_credentials: boolean;
+
   /**
    * Current authentication status of the managed profile
    */
@@ -247,7 +237,7 @@ export interface ManagedAuth {
   can_reauth_reason?: string;
 
   /**
-   * Reference to credentials for managed auth. Use one of:
+   * Reference to credentials for the auth connection. Use one of:
    *
    * - { name } for Kernel credentials
    * - { provider, path } for external provider item
@@ -258,7 +248,12 @@ export interface ManagedAuth {
   /**
    * Fields awaiting input (present when flow_step=awaiting_input)
    */
-  discovered_fields?: Array<AuthAPI.DiscoveredField> | null;
+  discovered_fields?: Array<ManagedAuth.DiscoveredField> | null;
+
+  /**
+   * Machine-readable error code (present when flow_status=failed)
+   */
+  error_code?: string | null;
 
   /**
    * Error message (present when flow_status=failed)
@@ -300,8 +295,9 @@ export interface ManagedAuth {
   /**
    * Interval in seconds between automatic health checks. When set, the system
    * periodically verifies the authentication status and triggers re-authentication
-   * if needed. Must be between 300 (5 minutes) and 86400 (24 hours). Default is 3600
-   * (1 hour).
+   * if needed. Maximum is 86400 (24 hours). Default is 3600 (1 hour). The minimum
+   * depends on your plan: Enterprise: 300 (5 minutes), Startup: 1200 (20 minutes),
+   * Hobbyist: 3600 (1 hour).
    */
   health_check_interval?: number | null;
 
@@ -336,6 +332,11 @@ export interface ManagedAuth {
    */
   post_login_url?: string;
 
+  /**
+   * ID of the proxy associated with this connection, if any.
+   */
+  proxy_id?: string;
+
   /**
    * SSO provider being used (e.g., google, github, microsoft)
    */
@@ -350,7 +351,7 @@ export interface ManagedAuth {
 
 export namespace ManagedAuth {
   /**
-   * Reference to credentials for managed auth. Use one of:
+   * Reference to credentials for the auth connection. Use one of:
    *
    * - { name } for Kernel credentials
    * - { provider, path } for external provider item
@@ -378,6 +379,47 @@ export namespace ManagedAuth {
     provider?: string;
   }
 
+  /**
+   * A discovered form field
+   */
+  export interface DiscoveredField {
+    /**
+     * Field label
+     */
+    label: string;
+
+    /**
+     * Field name
+     */
+    name: string;
+
+    /**
+     * CSS selector for the field
+     */
+    selector: string;
+
+    /**
+     * Field type
+     */
+    type: 'text' | 'email' | 'password' | 'tel' | 'number' | 'url' | 'code' | 'totp';
+
+    /**
+     * If this field is associated with an MFA option, the type of that option (e.g.,
+     * password field linked to "Enter password" option)
+     */
+    linked_mfa_type?: 'sms' | 'call' | 'email' | 'totp' | 'push' | 'password' | null;
+
+    /**
+     * Field placeholder
+     */
+    placeholder?: string;
+
+    /**
+     * Whether field is required
+     */
+    required?: boolean;
+  }
+
   /**
    * An MFA method option for verification
    */
@@ -425,7 +467,7 @@ export namespace ManagedAuth {
 }
 
 /**
- * Request to create managed auth for a profile and domain
+ * Request to create an auth connection for a profile and domain
  */
 export interface ManagedAuthCreateRequest {
   /**
@@ -460,7 +502,7 @@ export interface ManagedAuthCreateRequest {
   allowed_domains?: Array<string>;
 
   /**
-   * Reference to credentials for managed auth. Use one of:
+   * Reference to credentials for the auth connection. Use one of:
    *
    * - { name } for Kernel credentials
    * - { provider, path } for external provider item
@@ -471,8 +513,9 @@ export interface ManagedAuthCreateRequest {
   /**
    * Interval in seconds between automatic health checks. When set, the system
    * periodically verifies the authentication status and triggers re-authentication
-   * if needed. Must be between 300 (5 minutes) and 86400 (24 hours). Default is 3600
-   * (1 hour).
+   * if needed. Maximum is 86400 (24 hours). Default is 3600 (1 hour). The minimum
+   * depends on your plan: Enterprise: 300 (5 minutes), Startup: 1200 (20 minutes),
+   * Hobbyist: 3600 (1 hour).
    */
   health_check_interval?: number;
 
@@ -482,14 +525,21 @@ export interface ManagedAuthCreateRequest {
   login_url?: string;
 
   /**
-   * Optional proxy configuration
+   * Proxy selection. Provide either id or name. The proxy must belong to the
+   * caller's org.
    */
   proxy?: ManagedAuthCreateRequest.Proxy;
+
+  /**
+   * Whether to save credentials after every successful login. Defaults to true.
+   * One-time codes (TOTP, SMS, etc.) are not saved.
+   */
+  save_credentials?: boolean;
 }
 
 export namespace ManagedAuthCreateRequest {
   /**
-   * Reference to credentials for managed auth. Use one of:
+   * Reference to credentials for the auth connection. Use one of:
    *
    * - { name } for Kernel credentials
    * - { provider, path } for external provider item
@@ -518,24 +568,31 @@ export namespace ManagedAuthCreateRequest {
   }
 
   /**
-   * Optional proxy configuration
+   * Proxy selection. Provide either id or name. The proxy must belong to the
+   * caller's org.
    */
   export interface Proxy {
     /**
-     * ID of the proxy to use
+     * Proxy ID
+     */
+    id?: string;
+
+    /**
+     * Proxy name
      */
-    proxy_id?: string;
+    name?: string;
   }
 }
 
 /**
- * Request to submit field values for login
+ * Request to submit field values, click an SSO button, or select an MFA method.
+ * Provide exactly one of fields, sso_button_selector, or mfa_option_id.
  */
 export interface SubmitFieldsRequest {
   /**
    * Map of field name to value
    */
-  fields: { [key: string]: string };
+  fields?: { [key: string]: string };
 
   /**
    * Optional MFA option ID if user selected an MFA method
@@ -594,7 +651,12 @@ export namespace ConnectionFollowResponse {
     /**
      * Fields awaiting input (present when flow_step=AWAITING_INPUT).
      */
-    discovered_fields?: Array<AuthAPI.DiscoveredField>;
+    discovered_fields?: Array<ManagedAuthStateEvent.DiscoveredField>;
+
+    /**
+     * Machine-readable error code (present when flow_status=FAILED).
+     */
+    error_code?: string;
 
     /**
      * Error message (present when flow_status=FAILED).
@@ -646,6 +708,47 @@ export namespace ConnectionFollowResponse {
   }
 
   export namespace ManagedAuthStateEvent {
+    /**
+     * A discovered form field
+     */
+    export interface DiscoveredField {
+      /**
+       * Field label
+       */
+      label: string;
+
+      /**
+       * Field name
+       */
+      name: string;
+
+      /**
+       * CSS selector for the field
+       */
+      selector: string;
+
+      /**
+       * Field type
+       */
+      type: 'text' | 'email' | 'password' | 'tel' | 'number' | 'url' | 'code' | 'totp';
+
+      /**
+       * If this field is associated with an MFA option, the type of that option (e.g.,
+       * password field linked to "Enter password" option)
+       */
+      linked_mfa_type?: 'sms' | 'call' | 'email' | 'totp' | 'push' | 'password' | null;
+
+      /**
+       * Field placeholder
+       */
+      placeholder?: string;
+
+      /**
+       * Whether field is required
+       */
+      required?: boolean;
+    }
+
     /**
      * An MFA method option for verification
      */
@@ -726,7 +829,7 @@ export interface ConnectionCreateParams {
   allowed_domains?: Array<string>;
 
   /**
-   * Reference to credentials for managed auth. Use one of:
+   * Reference to credentials for the auth connection. Use one of:
    *
    * - { name } for Kernel credentials
    * - { provider, path } for external provider item
@@ -737,8 +840,9 @@ export interface ConnectionCreateParams {
   /**
    * Interval in seconds between automatic health checks. When set, the system
    * periodically verifies the authentication status and triggers re-authentication
-   * if needed. Must be between 300 (5 minutes) and 86400 (24 hours). Default is 3600
-   * (1 hour).
+   * if needed. Maximum is 86400 (24 hours). Default is 3600 (1 hour). The minimum
+   * depends on your plan: Enterprise: 300 (5 minutes), Startup: 1200 (20 minutes),
+   * Hobbyist: 3600 (1 hour).
    */
   health_check_interval?: number;
 
@@ -748,14 +852,21 @@ export interface ConnectionCreateParams {
   login_url?: string;
 
   /**
-   * Optional proxy configuration
+   * Proxy selection. Provide either id or name. The proxy must belong to the
+   * caller's org.
    */
   proxy?: ConnectionCreateParams.Proxy;
+
+  /**
+   * Whether to save credentials after every successful login. Defaults to true.
+   * One-time codes (TOTP, SMS, etc.) are not saved.
+   */
+  save_credentials?: boolean;
 }
 
 export namespace ConnectionCreateParams {
   /**
-   * Reference to credentials for managed auth. Use one of:
+   * Reference to credentials for the auth connection. Use one of:
    *
    * - { name } for Kernel credentials
    * - { provider, path } for external provider item
@@ -784,13 +895,19 @@ export namespace ConnectionCreateParams {
   }
 
   /**
-   * Optional proxy configuration
+   * Proxy selection. Provide either id or name. The proxy must belong to the
+   * caller's org.
    */
   export interface Proxy {
     /**
-     * ID of the proxy to use
+     * Proxy ID
+     */
+    id?: string;
+
+    /**
+     * Proxy name
      */
-    proxy_id?: string;
+    name?: string;
   }
 }
 
@@ -808,16 +925,35 @@ export interface ConnectionListParams extends OffsetPaginationParams {
 
 export interface ConnectionLoginParams {
   /**
-   * If provided, saves credentials under this name upon successful login
+   * Proxy selection. Provide either id or name. The proxy must belong to the
+   * caller's org.
    */
-  save_credential_as?: string;
+  proxy?: ConnectionLoginParams.Proxy;
+}
+
+export namespace ConnectionLoginParams {
+  /**
+   * Proxy selection. Provide either id or name. The proxy must belong to the
+   * caller's org.
+   */
+  export interface Proxy {
+    /**
+     * Proxy ID
+     */
+    id?: string;
+
+    /**
+     * Proxy name
+     */
+    name?: string;
+  }
 }
 
 export interface ConnectionSubmitParams {
   /**
    * Map of field name to value
    */
-  fields: { [key: string]: string };
+  fields?: { [key: string]: string };
 
   /**
    * Optional MFA option ID if user selected an MFA method
@@ -832,7 +968,6 @@ export interface ConnectionSubmitParams {
 
 export declare namespace Connections {
   export {
-    type LoginRequest as LoginRequest,
     type LoginResponse as LoginResponse,
     type ManagedAuth as ManagedAuth,
     type ManagedAuthCreateRequest as ManagedAuthCreateRequest,

package/src/resources/auth/index.ts

@@ -3,7 +3,6 @@
 export { Auth } from './auth';
 export {
   Connections,
-  type LoginRequest,
   type LoginResponse,
   type ManagedAuth,
   type ManagedAuthCreateRequest,

package/src/resources/browser-pools.ts

@@ -240,13 +240,13 @@ export namespace BrowserPool {
 
     /**
      * Initial browser window size in pixels with optional refresh rate. If omitted,
-     * image defaults apply (1920x1080@25). Only specific viewport configurations are
-     * supported. The server will reject unsupported combinations. Supported
-     * resolutions are: 2560x1440@10, 1920x1080@25, 1920x1200@25, 1440x900@25,
-     * 1280x800@60, 1024x768@60, 1200x800@60 If refresh_rate is not provided, it will
-     * be automatically determined from the width and height if they match a supported
-     * configuration exactly. Note: Higher resolutions may affect the responsiveness of
-     * live view browser
+     * image defaults apply (1920x1080@25). Arbitrary viewport dimensions are accepted,
+     * but the following configurations are known-good and fully tested: 2560x1440@10,
+     * 1920x1080@25, 1920x1200@25, 1440x900@25, 1280x800@60, 1024x768@60, 1200x800@60.
+     * Viewports outside this list may exhibit unstable live view or recording
+     * behavior. If refresh_rate is not provided, it will be automatically determined
+     * based on the resolution (higher resolutions use lower refresh rates to keep
+     * bandwidth reasonable).
      */
     viewport?: Shared.BrowserViewport;
   }
@@ -319,13 +319,13 @@ export interface BrowserPoolAcquireResponse {
 
   /**
    * Initial browser window size in pixels with optional refresh rate. If omitted,
-   * image defaults apply (1920x1080@25). Only specific viewport configurations are
-   * supported. The server will reject unsupported combinations. Supported
-   * resolutions are: 2560x1440@10, 1920x1080@25, 1920x1200@25, 1440x900@25,
-   * 1280x800@60, 1024x768@60, 1200x800@60 If refresh_rate is not provided, it will
-   * be automatically determined from the width and height if they match a supported
-   * configuration exactly. Note: Higher resolutions may affect the responsiveness of
-   * live view browser
+   * image defaults apply (1920x1080@25). Arbitrary viewport dimensions are accepted,
+   * but the following configurations are known-good and fully tested: 2560x1440@10,
+   * 1920x1080@25, 1920x1200@25, 1440x900@25, 1280x800@60, 1024x768@60, 1200x800@60.
+   * Viewports outside this list may exhibit unstable live view or recording
+   * behavior. If refresh_rate is not provided, it will be automatically determined
+   * based on the resolution (higher resolutions use lower refresh rates to keep
+   * bandwidth reasonable).
    */
   viewport?: Shared.BrowserViewport;
 }
@@ -391,13 +391,13 @@ export interface BrowserPoolCreateParams {
 
   /**
    * Initial browser window size in pixels with optional refresh rate. If omitted,
-   * image defaults apply (1920x1080@25). Only specific viewport configurations are
-   * supported. The server will reject unsupported combinations. Supported
-   * resolutions are: 2560x1440@10, 1920x1080@25, 1920x1200@25, 1440x900@25,
-   * 1280x800@60, 1024x768@60, 1200x800@60 If refresh_rate is not provided, it will
-   * be automatically determined from the width and height if they match a supported
-   * configuration exactly. Note: Higher resolutions may affect the responsiveness of
-   * live view browser
+   * image defaults apply (1920x1080@25). Arbitrary viewport dimensions are accepted,
+   * but the following configurations are known-good and fully tested: 2560x1440@10,
+   * 1920x1080@25, 1920x1200@25, 1440x900@25, 1280x800@60, 1024x768@60, 1200x800@60.
+   * Viewports outside this list may exhibit unstable live view or recording
+   * behavior. If refresh_rate is not provided, it will be automatically determined
+   * based on the resolution (higher resolutions use lower refresh rates to keep
+   * bandwidth reasonable).
    */
   viewport?: Shared.BrowserViewport;
 }
@@ -469,13 +469,13 @@ export interface BrowserPoolUpdateParams {
 
   /**
    * Initial browser window size in pixels with optional refresh rate. If omitted,
-   * image defaults apply (1920x1080@25). Only specific viewport configurations are
-   * supported. The server will reject unsupported combinations. Supported
-   * resolutions are: 2560x1440@10, 1920x1080@25, 1920x1200@25, 1440x900@25,
-   * 1280x800@60, 1024x768@60, 1200x800@60 If refresh_rate is not provided, it will
-   * be automatically determined from the width and height if they match a supported
-   * configuration exactly. Note: Higher resolutions may affect the responsiveness of
-   * live view browser
+   * image defaults apply (1920x1080@25). Arbitrary viewport dimensions are accepted,
+   * but the following configurations are known-good and fully tested: 2560x1440@10,
+   * 1920x1080@25, 1920x1200@25, 1440x900@25, 1280x800@60, 1024x768@60, 1200x800@60.
+   * Viewports outside this list may exhibit unstable live view or recording
+   * behavior. If refresh_rate is not provided, it will be automatically determined
+   * based on the resolution (higher resolutions use lower refresh rates to keep
+   * bandwidth reasonable).
    */
   viewport?: Shared.BrowserViewport;
 }