@primitivedotdev/sdk 0.17.0 → 0.19.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +165 -65
- package/dist/api/generated/index.js +1 -1
- package/dist/api/generated/sdk.gen.js +49 -1
- package/dist/api/index.d.ts +2 -2
- package/dist/api/index.js +39 -7
- package/dist/{api-DrAZhxS-.js → api-C5VR_Opg.js} +81 -7
- package/dist/contract/index.d.ts +2 -2
- package/dist/contract/index.js +1 -1
- package/dist/{index-CbEivn3S.d.ts → index-CDlwyxdp.d.ts} +7 -7
- package/dist/{index-CHWqMBs6.d.ts → index-oRkCqj6u.d.ts} +195 -13
- package/dist/index.d.ts +2 -2
- package/dist/index.js +2 -2
- package/dist/oclif/api-command.js +176 -92
- package/dist/oclif/auth.js +168 -0
- package/dist/oclif/commands/emails-latest.js +54 -35
- package/dist/oclif/commands/login.js +233 -0
- package/dist/oclif/commands/logout.js +87 -0
- package/dist/oclif/commands/send.js +61 -34
- package/dist/oclif/commands/whoami.js +51 -32
- package/dist/oclif/fish-completion.js +1 -1
- package/dist/oclif/index.js +6 -0
- package/dist/openapi/openapi.generated.js +385 -2
- package/dist/openapi/operations.generated.js +178 -1
- package/dist/webhook/index.d.ts +1 -1
- package/dist/webhook/index.js +1 -1
- package/dist/{webhook-zkN4wUTs.js → webhook-rUjGV6Zu.js} +4 -4
- package/oclif.manifest.json +507 -38
- package/package.json +5 -2
|
@@ -31,6 +31,10 @@ export const openapiDocument = {
|
|
|
31
31
|
}
|
|
32
32
|
],
|
|
33
33
|
"tags": [
|
|
34
|
+
{
|
|
35
|
+
"name": "CLI",
|
|
36
|
+
"description": "Browser-assisted CLI authentication"
|
|
37
|
+
},
|
|
34
38
|
{
|
|
35
39
|
"name": "Account",
|
|
36
40
|
"description": "Manage your account settings, storage, and webhook secret"
|
|
@@ -61,6 +65,251 @@ export const openapiDocument = {
|
|
|
61
65
|
}
|
|
62
66
|
],
|
|
63
67
|
"paths": {
|
|
68
|
+
"/cli/login/start": {
|
|
69
|
+
"post": {
|
|
70
|
+
"operationId": "startCliLogin",
|
|
71
|
+
"summary": "Start CLI browser login",
|
|
72
|
+
"description": "Starts a browser-assisted CLI login session. The response includes a\ndevice code for polling and a user code that the user approves in the\nbrowser. This endpoint does not require an API key.\n",
|
|
73
|
+
"tags": [
|
|
74
|
+
"CLI"
|
|
75
|
+
],
|
|
76
|
+
"security": [],
|
|
77
|
+
"requestBody": {
|
|
78
|
+
"required": false,
|
|
79
|
+
"content": {
|
|
80
|
+
"application/json": {
|
|
81
|
+
"schema": {
|
|
82
|
+
"$ref": "#/components/schemas/StartCliLoginInput"
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
},
|
|
87
|
+
"responses": {
|
|
88
|
+
"201": {
|
|
89
|
+
"description": "CLI login session created",
|
|
90
|
+
"headers": {
|
|
91
|
+
"Cache-Control": {
|
|
92
|
+
"schema": {
|
|
93
|
+
"type": "string"
|
|
94
|
+
},
|
|
95
|
+
"description": "Always `no-store`"
|
|
96
|
+
}
|
|
97
|
+
},
|
|
98
|
+
"content": {
|
|
99
|
+
"application/json": {
|
|
100
|
+
"schema": {
|
|
101
|
+
"allOf": [
|
|
102
|
+
{
|
|
103
|
+
"$ref": "#/components/schemas/SuccessEnvelope"
|
|
104
|
+
},
|
|
105
|
+
{
|
|
106
|
+
"type": "object",
|
|
107
|
+
"properties": {
|
|
108
|
+
"data": {
|
|
109
|
+
"$ref": "#/components/schemas/CliLoginStartResult"
|
|
110
|
+
}
|
|
111
|
+
}
|
|
112
|
+
}
|
|
113
|
+
]
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
},
|
|
118
|
+
"400": {
|
|
119
|
+
"$ref": "#/components/responses/ValidationError"
|
|
120
|
+
},
|
|
121
|
+
"429": {
|
|
122
|
+
"$ref": "#/components/responses/RateLimited"
|
|
123
|
+
}
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
},
|
|
127
|
+
"/cli/login/poll": {
|
|
128
|
+
"post": {
|
|
129
|
+
"operationId": "pollCliLogin",
|
|
130
|
+
"summary": "Poll CLI browser login",
|
|
131
|
+
"description": "Polls a CLI login session until the browser approval either succeeds,\nis denied, expires, or is polled too quickly. The API key is generated\nonly after approval and is returned exactly once.\n",
|
|
132
|
+
"tags": [
|
|
133
|
+
"CLI"
|
|
134
|
+
],
|
|
135
|
+
"security": [],
|
|
136
|
+
"requestBody": {
|
|
137
|
+
"required": true,
|
|
138
|
+
"content": {
|
|
139
|
+
"application/json": {
|
|
140
|
+
"schema": {
|
|
141
|
+
"$ref": "#/components/schemas/PollCliLoginInput"
|
|
142
|
+
}
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
},
|
|
146
|
+
"responses": {
|
|
147
|
+
"200": {
|
|
148
|
+
"description": "CLI login approved and API key created",
|
|
149
|
+
"headers": {
|
|
150
|
+
"Cache-Control": {
|
|
151
|
+
"schema": {
|
|
152
|
+
"type": "string"
|
|
153
|
+
},
|
|
154
|
+
"description": "Always `no-store`"
|
|
155
|
+
}
|
|
156
|
+
},
|
|
157
|
+
"content": {
|
|
158
|
+
"application/json": {
|
|
159
|
+
"schema": {
|
|
160
|
+
"allOf": [
|
|
161
|
+
{
|
|
162
|
+
"$ref": "#/components/schemas/SuccessEnvelope"
|
|
163
|
+
},
|
|
164
|
+
{
|
|
165
|
+
"type": "object",
|
|
166
|
+
"properties": {
|
|
167
|
+
"data": {
|
|
168
|
+
"$ref": "#/components/schemas/CliLoginPollResult"
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
}
|
|
172
|
+
]
|
|
173
|
+
}
|
|
174
|
+
}
|
|
175
|
+
}
|
|
176
|
+
},
|
|
177
|
+
"400": {
|
|
178
|
+
"description": "Invalid request, pending authorization, slow polling, expired token, or invalid device code",
|
|
179
|
+
"headers": {
|
|
180
|
+
"Retry-After": {
|
|
181
|
+
"schema": {
|
|
182
|
+
"type": "integer"
|
|
183
|
+
},
|
|
184
|
+
"description": "Seconds to wait before polling again when the error code is `slow_down`"
|
|
185
|
+
}
|
|
186
|
+
},
|
|
187
|
+
"content": {
|
|
188
|
+
"application/json": {
|
|
189
|
+
"schema": {
|
|
190
|
+
"$ref": "#/components/schemas/ErrorResponse"
|
|
191
|
+
},
|
|
192
|
+
"examples": {
|
|
193
|
+
"authorization_pending": {
|
|
194
|
+
"summary": "Awaiting browser approval",
|
|
195
|
+
"value": {
|
|
196
|
+
"success": false,
|
|
197
|
+
"error": {
|
|
198
|
+
"code": "authorization_pending",
|
|
199
|
+
"message": "CLI login is still pending browser approval"
|
|
200
|
+
}
|
|
201
|
+
}
|
|
202
|
+
},
|
|
203
|
+
"expired_token": {
|
|
204
|
+
"summary": "Login session expired",
|
|
205
|
+
"value": {
|
|
206
|
+
"success": false,
|
|
207
|
+
"error": {
|
|
208
|
+
"code": "expired_token",
|
|
209
|
+
"message": "CLI login code expired; run primitive login again"
|
|
210
|
+
}
|
|
211
|
+
}
|
|
212
|
+
},
|
|
213
|
+
"invalid_device_code": {
|
|
214
|
+
"summary": "Unknown device code",
|
|
215
|
+
"value": {
|
|
216
|
+
"success": false,
|
|
217
|
+
"error": {
|
|
218
|
+
"code": "invalid_device_code",
|
|
219
|
+
"message": "Invalid CLI login device code"
|
|
220
|
+
}
|
|
221
|
+
}
|
|
222
|
+
},
|
|
223
|
+
"slow_down": {
|
|
224
|
+
"summary": "Polling too quickly",
|
|
225
|
+
"value": {
|
|
226
|
+
"success": false,
|
|
227
|
+
"error": {
|
|
228
|
+
"code": "slow_down",
|
|
229
|
+
"message": "Polling too quickly; slow down and retry later"
|
|
230
|
+
}
|
|
231
|
+
}
|
|
232
|
+
}
|
|
233
|
+
}
|
|
234
|
+
}
|
|
235
|
+
}
|
|
236
|
+
},
|
|
237
|
+
"403": {
|
|
238
|
+
"description": "CLI login was denied in the browser",
|
|
239
|
+
"content": {
|
|
240
|
+
"application/json": {
|
|
241
|
+
"schema": {
|
|
242
|
+
"$ref": "#/components/schemas/ErrorResponse"
|
|
243
|
+
},
|
|
244
|
+
"example": {
|
|
245
|
+
"success": false,
|
|
246
|
+
"error": {
|
|
247
|
+
"code": "access_denied",
|
|
248
|
+
"message": "CLI login was denied in the browser"
|
|
249
|
+
}
|
|
250
|
+
}
|
|
251
|
+
}
|
|
252
|
+
}
|
|
253
|
+
}
|
|
254
|
+
}
|
|
255
|
+
}
|
|
256
|
+
},
|
|
257
|
+
"/cli/logout": {
|
|
258
|
+
"post": {
|
|
259
|
+
"operationId": "cliLogout",
|
|
260
|
+
"summary": "Revoke the current CLI API key",
|
|
261
|
+
"description": "Revokes the API key used to authenticate the request. CLI clients use\nthis endpoint during `primitive logout` before removing local credentials.\n",
|
|
262
|
+
"tags": [
|
|
263
|
+
"CLI"
|
|
264
|
+
],
|
|
265
|
+
"requestBody": {
|
|
266
|
+
"required": false,
|
|
267
|
+
"content": {
|
|
268
|
+
"application/json": {
|
|
269
|
+
"schema": {
|
|
270
|
+
"$ref": "#/components/schemas/CliLogoutInput"
|
|
271
|
+
}
|
|
272
|
+
}
|
|
273
|
+
}
|
|
274
|
+
},
|
|
275
|
+
"responses": {
|
|
276
|
+
"200": {
|
|
277
|
+
"description": "CLI API key revoked",
|
|
278
|
+
"content": {
|
|
279
|
+
"application/json": {
|
|
280
|
+
"schema": {
|
|
281
|
+
"allOf": [
|
|
282
|
+
{
|
|
283
|
+
"$ref": "#/components/schemas/SuccessEnvelope"
|
|
284
|
+
},
|
|
285
|
+
{
|
|
286
|
+
"type": "object",
|
|
287
|
+
"properties": {
|
|
288
|
+
"data": {
|
|
289
|
+
"$ref": "#/components/schemas/CliLogoutResult"
|
|
290
|
+
}
|
|
291
|
+
}
|
|
292
|
+
}
|
|
293
|
+
]
|
|
294
|
+
}
|
|
295
|
+
}
|
|
296
|
+
}
|
|
297
|
+
},
|
|
298
|
+
"400": {
|
|
299
|
+
"$ref": "#/components/responses/ValidationError"
|
|
300
|
+
},
|
|
301
|
+
"401": {
|
|
302
|
+
"$ref": "#/components/responses/Unauthorized"
|
|
303
|
+
},
|
|
304
|
+
"403": {
|
|
305
|
+
"$ref": "#/components/responses/Forbidden"
|
|
306
|
+
},
|
|
307
|
+
"404": {
|
|
308
|
+
"$ref": "#/components/responses/NotFound"
|
|
309
|
+
}
|
|
310
|
+
}
|
|
311
|
+
}
|
|
312
|
+
},
|
|
64
313
|
"/account": {
|
|
65
314
|
"get": {
|
|
66
315
|
"operationId": "getAccount",
|
|
@@ -987,7 +1236,7 @@ export const openapiDocument = {
|
|
|
987
1236
|
"post": {
|
|
988
1237
|
"operationId": "discardEmailContent",
|
|
989
1238
|
"summary": "Discard email content",
|
|
990
|
-
"description": "Permanently deletes the email's raw bytes, parsed body (text + HTML),\nand attachments while preserving metadata (sender, recipient,\nsubject, timestamps, hashes, attachment manifest) for audit logs.\nIdempotent: a second call returns success with\n`already_discarded: true` and does no work.\n\n**Gated** on the customer's discard-content opt-in (managed in the\ndashboard at Settings > Webhooks). When the toggle is off, this\nendpoint returns `403` with code `discard_not_enabled` and a\nmessage pointing the human at the dashboard. There is intentionally\nno API to flip this toggle
|
|
1239
|
+
"description": "Permanently deletes the email's raw bytes, parsed body (text + HTML),\nand attachments while preserving metadata (sender, recipient,\nsubject, timestamps, hashes, attachment manifest) for audit logs.\nIdempotent: a second call returns success with\n`already_discarded: true` and does no work.\n\n**Gated** on the customer's discard-content opt-in (managed in the\ndashboard at Settings > Webhooks). When the toggle is off, this\nendpoint returns `403` with code `discard_not_enabled` and a\nmessage pointing the human at the dashboard. There is intentionally\nno API to flip this toggle. Opting in to a destructive,\nnon-reversible operation must be a deliberate human click in the\nUI.\n",
|
|
991
1240
|
"tags": [
|
|
992
1241
|
"Emails"
|
|
993
1242
|
],
|
|
@@ -2157,7 +2406,12 @@ export const openapiDocument = {
|
|
|
2157
2406
|
"outbound_response_malformed",
|
|
2158
2407
|
"outbound_relay_failed",
|
|
2159
2408
|
"discard_not_enabled",
|
|
2160
|
-
"inbound_not_repliable"
|
|
2409
|
+
"inbound_not_repliable",
|
|
2410
|
+
"authorization_pending",
|
|
2411
|
+
"slow_down",
|
|
2412
|
+
"access_denied",
|
|
2413
|
+
"expired_token",
|
|
2414
|
+
"invalid_device_code"
|
|
2161
2415
|
]
|
|
2162
2416
|
},
|
|
2163
2417
|
"message": {
|
|
@@ -2295,6 +2549,135 @@ export const openapiDocument = {
|
|
|
2295
2549
|
"subject"
|
|
2296
2550
|
]
|
|
2297
2551
|
},
|
|
2552
|
+
"StartCliLoginInput": {
|
|
2553
|
+
"type": "object",
|
|
2554
|
+
"additionalProperties": false,
|
|
2555
|
+
"properties": {
|
|
2556
|
+
"device_name": {
|
|
2557
|
+
"type": "string",
|
|
2558
|
+
"minLength": 1,
|
|
2559
|
+
"maxLength": 80,
|
|
2560
|
+
"description": "Human-readable device name shown during browser approval"
|
|
2561
|
+
},
|
|
2562
|
+
"metadata": {
|
|
2563
|
+
"type": "object",
|
|
2564
|
+
"additionalProperties": true,
|
|
2565
|
+
"description": "Optional client metadata stored with the login session; serialized JSON must be 2048 bytes or fewer"
|
|
2566
|
+
}
|
|
2567
|
+
}
|
|
2568
|
+
},
|
|
2569
|
+
"CliLoginStartResult": {
|
|
2570
|
+
"type": "object",
|
|
2571
|
+
"properties": {
|
|
2572
|
+
"device_code": {
|
|
2573
|
+
"type": "string",
|
|
2574
|
+
"description": "Opaque code used by the CLI to poll for approval"
|
|
2575
|
+
},
|
|
2576
|
+
"user_code": {
|
|
2577
|
+
"type": "string",
|
|
2578
|
+
"pattern": "^[BCDFGHJKLMNPQRSTVWXZ]{4}-[BCDFGHJKLMNPQRSTVWXZ]{4}$",
|
|
2579
|
+
"description": "Short code the user confirms in the browser"
|
|
2580
|
+
},
|
|
2581
|
+
"verification_uri": {
|
|
2582
|
+
"type": "string",
|
|
2583
|
+
"description": "Browser URL where the user approves the login"
|
|
2584
|
+
},
|
|
2585
|
+
"verification_uri_complete": {
|
|
2586
|
+
"type": "string",
|
|
2587
|
+
"description": "Browser URL with the user code prefilled"
|
|
2588
|
+
},
|
|
2589
|
+
"expires_in": {
|
|
2590
|
+
"type": "integer",
|
|
2591
|
+
"description": "Seconds until the login session expires"
|
|
2592
|
+
},
|
|
2593
|
+
"interval": {
|
|
2594
|
+
"type": "integer",
|
|
2595
|
+
"description": "Minimum seconds between poll requests"
|
|
2596
|
+
}
|
|
2597
|
+
},
|
|
2598
|
+
"required": [
|
|
2599
|
+
"device_code",
|
|
2600
|
+
"user_code",
|
|
2601
|
+
"verification_uri",
|
|
2602
|
+
"verification_uri_complete",
|
|
2603
|
+
"expires_in",
|
|
2604
|
+
"interval"
|
|
2605
|
+
]
|
|
2606
|
+
},
|
|
2607
|
+
"PollCliLoginInput": {
|
|
2608
|
+
"type": "object",
|
|
2609
|
+
"additionalProperties": false,
|
|
2610
|
+
"properties": {
|
|
2611
|
+
"device_code": {
|
|
2612
|
+
"type": "string",
|
|
2613
|
+
"minLength": 1
|
|
2614
|
+
}
|
|
2615
|
+
},
|
|
2616
|
+
"required": [
|
|
2617
|
+
"device_code"
|
|
2618
|
+
]
|
|
2619
|
+
},
|
|
2620
|
+
"CliLoginPollResult": {
|
|
2621
|
+
"type": "object",
|
|
2622
|
+
"properties": {
|
|
2623
|
+
"api_key": {
|
|
2624
|
+
"type": "string",
|
|
2625
|
+
"description": "Newly-created API key for CLI authentication"
|
|
2626
|
+
},
|
|
2627
|
+
"key_id": {
|
|
2628
|
+
"type": "string",
|
|
2629
|
+
"format": "uuid"
|
|
2630
|
+
},
|
|
2631
|
+
"key_prefix": {
|
|
2632
|
+
"type": "string"
|
|
2633
|
+
},
|
|
2634
|
+
"org_id": {
|
|
2635
|
+
"type": "string",
|
|
2636
|
+
"format": "uuid"
|
|
2637
|
+
},
|
|
2638
|
+
"org_name": {
|
|
2639
|
+
"type": [
|
|
2640
|
+
"string",
|
|
2641
|
+
"null"
|
|
2642
|
+
]
|
|
2643
|
+
}
|
|
2644
|
+
},
|
|
2645
|
+
"required": [
|
|
2646
|
+
"api_key",
|
|
2647
|
+
"key_id",
|
|
2648
|
+
"key_prefix",
|
|
2649
|
+
"org_id",
|
|
2650
|
+
"org_name"
|
|
2651
|
+
]
|
|
2652
|
+
},
|
|
2653
|
+
"CliLogoutInput": {
|
|
2654
|
+
"type": "object",
|
|
2655
|
+
"additionalProperties": false,
|
|
2656
|
+
"properties": {
|
|
2657
|
+
"key_id": {
|
|
2658
|
+
"type": "string",
|
|
2659
|
+
"format": "uuid",
|
|
2660
|
+
"description": "Optional key id guard; when provided it must match the authenticated API key"
|
|
2661
|
+
}
|
|
2662
|
+
}
|
|
2663
|
+
},
|
|
2664
|
+
"CliLogoutResult": {
|
|
2665
|
+
"type": "object",
|
|
2666
|
+
"properties": {
|
|
2667
|
+
"revoked": {
|
|
2668
|
+
"type": "boolean",
|
|
2669
|
+
"const": true
|
|
2670
|
+
},
|
|
2671
|
+
"key_id": {
|
|
2672
|
+
"type": "string",
|
|
2673
|
+
"format": "uuid"
|
|
2674
|
+
}
|
|
2675
|
+
},
|
|
2676
|
+
"required": [
|
|
2677
|
+
"revoked",
|
|
2678
|
+
"key_id"
|
|
2679
|
+
]
|
|
2680
|
+
},
|
|
2298
2681
|
"Account": {
|
|
2299
2682
|
"type": "object",
|
|
2300
2683
|
"properties": {
|
|
@@ -274,6 +274,183 @@ export const operationManifest = [
|
|
|
274
274
|
"tag": "Account",
|
|
275
275
|
"tagCommand": "account"
|
|
276
276
|
},
|
|
277
|
+
{
|
|
278
|
+
"binaryResponse": false,
|
|
279
|
+
"bodyRequired": false,
|
|
280
|
+
"command": "cli-logout",
|
|
281
|
+
"description": "Revokes the API key used to authenticate the request. CLI clients use\nthis endpoint during `primitive logout` before removing local credentials.\n",
|
|
282
|
+
"hasJsonBody": true,
|
|
283
|
+
"method": "POST",
|
|
284
|
+
"operationId": "cliLogout",
|
|
285
|
+
"path": "/cli/logout",
|
|
286
|
+
"pathParams": [],
|
|
287
|
+
"queryParams": [],
|
|
288
|
+
"requestSchema": {
|
|
289
|
+
"type": "object",
|
|
290
|
+
"additionalProperties": false,
|
|
291
|
+
"properties": {
|
|
292
|
+
"key_id": {
|
|
293
|
+
"type": "string",
|
|
294
|
+
"format": "uuid",
|
|
295
|
+
"description": "Optional key id guard; when provided it must match the authenticated API key"
|
|
296
|
+
}
|
|
297
|
+
}
|
|
298
|
+
},
|
|
299
|
+
"responseSchema": {
|
|
300
|
+
"type": "object",
|
|
301
|
+
"properties": {
|
|
302
|
+
"revoked": {
|
|
303
|
+
"type": "boolean",
|
|
304
|
+
"const": true
|
|
305
|
+
},
|
|
306
|
+
"key_id": {
|
|
307
|
+
"type": "string",
|
|
308
|
+
"format": "uuid"
|
|
309
|
+
}
|
|
310
|
+
},
|
|
311
|
+
"required": [
|
|
312
|
+
"revoked",
|
|
313
|
+
"key_id"
|
|
314
|
+
]
|
|
315
|
+
},
|
|
316
|
+
"sdkName": "cliLogout",
|
|
317
|
+
"summary": "Revoke the current CLI API key",
|
|
318
|
+
"tag": "CLI",
|
|
319
|
+
"tagCommand": "cli"
|
|
320
|
+
},
|
|
321
|
+
{
|
|
322
|
+
"binaryResponse": false,
|
|
323
|
+
"bodyRequired": true,
|
|
324
|
+
"command": "poll-cli-login",
|
|
325
|
+
"description": "Polls a CLI login session until the browser approval either succeeds,\nis denied, expires, or is polled too quickly. The API key is generated\nonly after approval and is returned exactly once.\n",
|
|
326
|
+
"hasJsonBody": true,
|
|
327
|
+
"method": "POST",
|
|
328
|
+
"operationId": "pollCliLogin",
|
|
329
|
+
"path": "/cli/login/poll",
|
|
330
|
+
"pathParams": [],
|
|
331
|
+
"queryParams": [],
|
|
332
|
+
"requestSchema": {
|
|
333
|
+
"type": "object",
|
|
334
|
+
"additionalProperties": false,
|
|
335
|
+
"properties": {
|
|
336
|
+
"device_code": {
|
|
337
|
+
"type": "string",
|
|
338
|
+
"minLength": 1
|
|
339
|
+
}
|
|
340
|
+
},
|
|
341
|
+
"required": [
|
|
342
|
+
"device_code"
|
|
343
|
+
]
|
|
344
|
+
},
|
|
345
|
+
"responseSchema": {
|
|
346
|
+
"type": "object",
|
|
347
|
+
"properties": {
|
|
348
|
+
"api_key": {
|
|
349
|
+
"type": "string",
|
|
350
|
+
"description": "Newly-created API key for CLI authentication"
|
|
351
|
+
},
|
|
352
|
+
"key_id": {
|
|
353
|
+
"type": "string",
|
|
354
|
+
"format": "uuid"
|
|
355
|
+
},
|
|
356
|
+
"key_prefix": {
|
|
357
|
+
"type": "string"
|
|
358
|
+
},
|
|
359
|
+
"org_id": {
|
|
360
|
+
"type": "string",
|
|
361
|
+
"format": "uuid"
|
|
362
|
+
},
|
|
363
|
+
"org_name": {
|
|
364
|
+
"type": [
|
|
365
|
+
"string",
|
|
366
|
+
"null"
|
|
367
|
+
]
|
|
368
|
+
}
|
|
369
|
+
},
|
|
370
|
+
"required": [
|
|
371
|
+
"api_key",
|
|
372
|
+
"key_id",
|
|
373
|
+
"key_prefix",
|
|
374
|
+
"org_id",
|
|
375
|
+
"org_name"
|
|
376
|
+
]
|
|
377
|
+
},
|
|
378
|
+
"sdkName": "pollCliLogin",
|
|
379
|
+
"summary": "Poll CLI browser login",
|
|
380
|
+
"tag": "CLI",
|
|
381
|
+
"tagCommand": "cli"
|
|
382
|
+
},
|
|
383
|
+
{
|
|
384
|
+
"binaryResponse": false,
|
|
385
|
+
"bodyRequired": false,
|
|
386
|
+
"command": "start-cli-login",
|
|
387
|
+
"description": "Starts a browser-assisted CLI login session. The response includes a\ndevice code for polling and a user code that the user approves in the\nbrowser. This endpoint does not require an API key.\n",
|
|
388
|
+
"hasJsonBody": true,
|
|
389
|
+
"method": "POST",
|
|
390
|
+
"operationId": "startCliLogin",
|
|
391
|
+
"path": "/cli/login/start",
|
|
392
|
+
"pathParams": [],
|
|
393
|
+
"queryParams": [],
|
|
394
|
+
"requestSchema": {
|
|
395
|
+
"type": "object",
|
|
396
|
+
"additionalProperties": false,
|
|
397
|
+
"properties": {
|
|
398
|
+
"device_name": {
|
|
399
|
+
"type": "string",
|
|
400
|
+
"minLength": 1,
|
|
401
|
+
"maxLength": 80,
|
|
402
|
+
"description": "Human-readable device name shown during browser approval"
|
|
403
|
+
},
|
|
404
|
+
"metadata": {
|
|
405
|
+
"type": "object",
|
|
406
|
+
"additionalProperties": true,
|
|
407
|
+
"description": "Optional client metadata stored with the login session; serialized JSON must be 2048 bytes or fewer"
|
|
408
|
+
}
|
|
409
|
+
}
|
|
410
|
+
},
|
|
411
|
+
"responseSchema": {
|
|
412
|
+
"type": "object",
|
|
413
|
+
"properties": {
|
|
414
|
+
"device_code": {
|
|
415
|
+
"type": "string",
|
|
416
|
+
"description": "Opaque code used by the CLI to poll for approval"
|
|
417
|
+
},
|
|
418
|
+
"user_code": {
|
|
419
|
+
"type": "string",
|
|
420
|
+
"pattern": "^[BCDFGHJKLMNPQRSTVWXZ]{4}-[BCDFGHJKLMNPQRSTVWXZ]{4}$",
|
|
421
|
+
"description": "Short code the user confirms in the browser"
|
|
422
|
+
},
|
|
423
|
+
"verification_uri": {
|
|
424
|
+
"type": "string",
|
|
425
|
+
"description": "Browser URL where the user approves the login"
|
|
426
|
+
},
|
|
427
|
+
"verification_uri_complete": {
|
|
428
|
+
"type": "string",
|
|
429
|
+
"description": "Browser URL with the user code prefilled"
|
|
430
|
+
},
|
|
431
|
+
"expires_in": {
|
|
432
|
+
"type": "integer",
|
|
433
|
+
"description": "Seconds until the login session expires"
|
|
434
|
+
},
|
|
435
|
+
"interval": {
|
|
436
|
+
"type": "integer",
|
|
437
|
+
"description": "Minimum seconds between poll requests"
|
|
438
|
+
}
|
|
439
|
+
},
|
|
440
|
+
"required": [
|
|
441
|
+
"device_code",
|
|
442
|
+
"user_code",
|
|
443
|
+
"verification_uri",
|
|
444
|
+
"verification_uri_complete",
|
|
445
|
+
"expires_in",
|
|
446
|
+
"interval"
|
|
447
|
+
]
|
|
448
|
+
},
|
|
449
|
+
"sdkName": "startCliLogin",
|
|
450
|
+
"summary": "Start CLI browser login",
|
|
451
|
+
"tag": "CLI",
|
|
452
|
+
"tagCommand": "cli"
|
|
453
|
+
},
|
|
277
454
|
{
|
|
278
455
|
"binaryResponse": false,
|
|
279
456
|
"bodyRequired": true,
|
|
@@ -668,7 +845,7 @@ export const operationManifest = [
|
|
|
668
845
|
"binaryResponse": false,
|
|
669
846
|
"bodyRequired": false,
|
|
670
847
|
"command": "discard-email-content",
|
|
671
|
-
"description": "Permanently deletes the email's raw bytes, parsed body (text + HTML),\nand attachments while preserving metadata (sender, recipient,\nsubject, timestamps, hashes, attachment manifest) for audit logs.\nIdempotent: a second call returns success with\n`already_discarded: true` and does no work.\n\n**Gated** on the customer's discard-content opt-in (managed in the\ndashboard at Settings > Webhooks). When the toggle is off, this\nendpoint returns `403` with code `discard_not_enabled` and a\nmessage pointing the human at the dashboard. There is intentionally\nno API to flip this toggle
|
|
848
|
+
"description": "Permanently deletes the email's raw bytes, parsed body (text + HTML),\nand attachments while preserving metadata (sender, recipient,\nsubject, timestamps, hashes, attachment manifest) for audit logs.\nIdempotent: a second call returns success with\n`already_discarded: true` and does no work.\n\n**Gated** on the customer's discard-content opt-in (managed in the\ndashboard at Settings > Webhooks). When the toggle is off, this\nendpoint returns `403` with code `discard_not_enabled` and a\nmessage pointing the human at the dashboard. There is intentionally\nno API to flip this toggle. Opting in to a destructive,\nnon-reversible operation must be a deliberate human click in the\nUI.\n",
|
|
672
849
|
"hasJsonBody": false,
|
|
673
850
|
"method": "POST",
|
|
674
851
|
"operationId": "discardEmailContent",
|
package/dist/webhook/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
import { A as UnknownEvent, C as ParsedDataFailed, D as RawContentDownloadOnly, E as RawContent, M as WebhookAttachment, N as WebhookEvent, O as RawContentInline, S as ParsedDataComplete, T as ParsedStatus, _ as ForwardResultInline, a as DmarcPolicy, b as KnownWebhookEvent, c as EmailAnalysis, d as EventType, f as ForwardAnalysis, g as ForwardResultAttachmentSkipped, h as ForwardResultAttachmentAnalyzed, i as DkimSignature, j as ValidateEmailAuthResult, k as SpfResult, l as EmailAuth, m as ForwardResult, n as AuthVerdict, o as DmarcResult, p as ForwardOriginalSender, r as DkimResult, s as EmailAddress, t as AuthConfidence, u as EmailReceivedEvent, v as ForwardVerdict, w as ParsedError, x as ParsedData, y as ForwardVerification } from "../types-9vXGZjPd.js";
|
|
2
2
|
import { a as buildReplySubject, c as parseHeaderAddress, i as buildForwardSubject, n as ReceivedEmailAddress, o as formatAddress, r as ReceivedEmailThread, s as normalizeReceivedEmail, t as ReceivedEmail } from "../received-email-DNjpq_Wt.js";
|
|
3
|
-
import { A as VerifyOptions, B as PAYLOAD_ERRORS, C as signStandardWebhooksPayload, D as PRIMITIVE_CONFIRMED_HEADER, E as LEGACY_SIGNATURE_HEADER, F as VerifyDownloadTokenResult, G as VERIFICATION_ERRORS, H as RAW_EMAIL_ERRORS, I as generateDownloadToken, J as WebhookPayloadErrorCode, K as WebhookErrorCode, L as verifyDownloadToken, M as verifyWebhookSignature, N as GenerateDownloadTokenOptions, O as PRIMITIVE_SIGNATURE_HEADER, P as VerifyDownloadTokenOptions, Q as WebhookVerificationErrorCode, R as safeValidateEmailReceivedEvent, S as StandardWebhooksVerifyOptions, T as LEGACY_CONFIRMED_HEADER, U as RawEmailDecodeError, V as PrimitiveWebhookError, W as RawEmailDecodeErrorCode, X as WebhookValidationErrorCode, Y as WebhookValidationError, Z as WebhookVerificationError, _ as emailReceivedEventJsonSchema, a as confirmedHeaders, b as STANDARD_WEBHOOK_TIMESTAMP_HEADER, c as handleWebhook, d as isRawIncluded, f as parseWebhookEvent, g as validateEmailAuth, h as WEBHOOK_VERSION, i as WebhookHeaders, j as signWebhookPayload, k as SignResult, l as isDownloadExpired, m as verifyRawEmailDownload, n as HandleWebhookOptions, o as decodeRawEmail, p as receive, q as WebhookPayloadError, r as ReceiveRequestOptions, s as getDownloadTimeRemaining, t as DecodeRawEmailOptions, u as isEmailReceivedEvent, v as STANDARD_WEBHOOK_ID_HEADER, w as verifyStandardWebhooksSignature, x as StandardWebhooksSignResult, y as STANDARD_WEBHOOK_SIGNATURE_HEADER, z as validateEmailReceivedEvent } from "../index-
|
|
3
|
+
import { A as VerifyOptions, B as PAYLOAD_ERRORS, C as signStandardWebhooksPayload, D as PRIMITIVE_CONFIRMED_HEADER, E as LEGACY_SIGNATURE_HEADER, F as VerifyDownloadTokenResult, G as VERIFICATION_ERRORS, H as RAW_EMAIL_ERRORS, I as generateDownloadToken, J as WebhookPayloadErrorCode, K as WebhookErrorCode, L as verifyDownloadToken, M as verifyWebhookSignature, N as GenerateDownloadTokenOptions, O as PRIMITIVE_SIGNATURE_HEADER, P as VerifyDownloadTokenOptions, Q as WebhookVerificationErrorCode, R as safeValidateEmailReceivedEvent, S as StandardWebhooksVerifyOptions, T as LEGACY_CONFIRMED_HEADER, U as RawEmailDecodeError, V as PrimitiveWebhookError, W as RawEmailDecodeErrorCode, X as WebhookValidationErrorCode, Y as WebhookValidationError, Z as WebhookVerificationError, _ as emailReceivedEventJsonSchema, a as confirmedHeaders, b as STANDARD_WEBHOOK_TIMESTAMP_HEADER, c as handleWebhook, d as isRawIncluded, f as parseWebhookEvent, g as validateEmailAuth, h as WEBHOOK_VERSION, i as WebhookHeaders, j as signWebhookPayload, k as SignResult, l as isDownloadExpired, m as verifyRawEmailDownload, n as HandleWebhookOptions, o as decodeRawEmail, p as receive, q as WebhookPayloadError, r as ReceiveRequestOptions, s as getDownloadTimeRemaining, t as DecodeRawEmailOptions, u as isEmailReceivedEvent, v as STANDARD_WEBHOOK_ID_HEADER, w as verifyStandardWebhooksSignature, x as StandardWebhooksSignResult, y as STANDARD_WEBHOOK_SIGNATURE_HEADER, z as validateEmailReceivedEvent } from "../index-CDlwyxdp.js";
|
|
4
4
|
export { AuthConfidence, AuthVerdict, DecodeRawEmailOptions, DkimResult, DkimSignature, DmarcPolicy, DmarcResult, EmailAddress, EmailAnalysis, EmailAuth, EmailReceivedEvent, EventType, ForwardAnalysis, ForwardOriginalSender, ForwardResult, ForwardResultAttachmentAnalyzed, ForwardResultAttachmentSkipped, ForwardResultInline, ForwardVerdict, ForwardVerification, GenerateDownloadTokenOptions, HandleWebhookOptions, KnownWebhookEvent, LEGACY_CONFIRMED_HEADER, LEGACY_SIGNATURE_HEADER, PAYLOAD_ERRORS, PRIMITIVE_CONFIRMED_HEADER, PRIMITIVE_SIGNATURE_HEADER, ParsedData, ParsedDataComplete, ParsedDataFailed, ParsedError, ParsedStatus, PrimitiveWebhookError, RAW_EMAIL_ERRORS, RawContent, RawContentDownloadOnly, RawContentInline, RawEmailDecodeError, RawEmailDecodeErrorCode, ReceiveRequestOptions, ReceivedEmail, ReceivedEmailAddress, ReceivedEmailThread, STANDARD_WEBHOOK_ID_HEADER, STANDARD_WEBHOOK_SIGNATURE_HEADER, STANDARD_WEBHOOK_TIMESTAMP_HEADER, SignResult, SpfResult, StandardWebhooksSignResult, StandardWebhooksVerifyOptions, UnknownEvent, VERIFICATION_ERRORS, ValidateEmailAuthResult, VerifyDownloadTokenOptions, VerifyDownloadTokenResult, VerifyOptions, WEBHOOK_VERSION, WebhookAttachment, WebhookErrorCode, WebhookEvent, WebhookHeaders, WebhookPayloadError, WebhookPayloadErrorCode, WebhookValidationError, WebhookValidationErrorCode, WebhookVerificationError, WebhookVerificationErrorCode, buildForwardSubject, buildReplySubject, confirmedHeaders, decodeRawEmail, emailReceivedEventJsonSchema, formatAddress, generateDownloadToken, getDownloadTimeRemaining, handleWebhook, isDownloadExpired, isEmailReceivedEvent, isRawIncluded, normalizeReceivedEmail, parseHeaderAddress, parseWebhookEvent, receive, safeValidateEmailReceivedEvent, signStandardWebhooksPayload, signWebhookPayload, validateEmailAuth, validateEmailReceivedEvent, verifyDownloadToken, verifyRawEmailDownload, verifyStandardWebhooksSignature, verifyWebhookSignature };
|
package/dist/webhook/index.js
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
import { a as parseHeaderAddress, i as normalizeReceivedEmail, n as buildReplySubject, r as formatAddress, t as buildForwardSubject } from "../received-email-D6tKtWwW.js";
|
|
2
|
-
import { A as PRIMITIVE_CONFIRMED_HEADER, B as RAW_EMAIL_ERRORS, C as STANDARD_WEBHOOK_ID_HEADER, D as verifyStandardWebhooksSignature, E as signStandardWebhooksPayload, F as verifyDownloadToken, G as WebhookVerificationError, H as VERIFICATION_ERRORS, I as safeValidateEmailReceivedEvent, L as validateEmailReceivedEvent, M as signWebhookPayload, N as verifyWebhookSignature, O as LEGACY_CONFIRMED_HEADER, P as generateDownloadToken, R as PAYLOAD_ERRORS, S as emailReceivedEventJsonSchema, T as STANDARD_WEBHOOK_TIMESTAMP_HEADER, U as WebhookPayloadError, V as RawEmailDecodeError, W as WebhookValidationError, _ as DmarcResult, a as isDownloadExpired, b as ParsedStatus, c as parseWebhookEvent, d as WEBHOOK_VERSION, f as validateEmailAuth, g as DmarcPolicy, h as DkimResult, i as handleWebhook, j as PRIMITIVE_SIGNATURE_HEADER, k as LEGACY_SIGNATURE_HEADER, l as receive, m as AuthVerdict, n as decodeRawEmail, o as isEmailReceivedEvent, p as AuthConfidence, r as getDownloadTimeRemaining, s as isRawIncluded, t as confirmedHeaders, u as verifyRawEmailDownload, v as EventType, w as STANDARD_WEBHOOK_SIGNATURE_HEADER, x as SpfResult, y as ForwardVerdict, z as PrimitiveWebhookError } from "../webhook-
|
|
2
|
+
import { A as PRIMITIVE_CONFIRMED_HEADER, B as RAW_EMAIL_ERRORS, C as STANDARD_WEBHOOK_ID_HEADER, D as verifyStandardWebhooksSignature, E as signStandardWebhooksPayload, F as verifyDownloadToken, G as WebhookVerificationError, H as VERIFICATION_ERRORS, I as safeValidateEmailReceivedEvent, L as validateEmailReceivedEvent, M as signWebhookPayload, N as verifyWebhookSignature, O as LEGACY_CONFIRMED_HEADER, P as generateDownloadToken, R as PAYLOAD_ERRORS, S as emailReceivedEventJsonSchema, T as STANDARD_WEBHOOK_TIMESTAMP_HEADER, U as WebhookPayloadError, V as RawEmailDecodeError, W as WebhookValidationError, _ as DmarcResult, a as isDownloadExpired, b as ParsedStatus, c as parseWebhookEvent, d as WEBHOOK_VERSION, f as validateEmailAuth, g as DmarcPolicy, h as DkimResult, i as handleWebhook, j as PRIMITIVE_SIGNATURE_HEADER, k as LEGACY_SIGNATURE_HEADER, l as receive, m as AuthVerdict, n as decodeRawEmail, o as isEmailReceivedEvent, p as AuthConfidence, r as getDownloadTimeRemaining, s as isRawIncluded, t as confirmedHeaders, u as verifyRawEmailDownload, v as EventType, w as STANDARD_WEBHOOK_SIGNATURE_HEADER, x as SpfResult, y as ForwardVerdict, z as PrimitiveWebhookError } from "../webhook-rUjGV6Zu.js";
|
|
3
3
|
export { AuthConfidence, AuthVerdict, DkimResult, DmarcPolicy, DmarcResult, EventType, ForwardVerdict, LEGACY_CONFIRMED_HEADER, LEGACY_SIGNATURE_HEADER, PAYLOAD_ERRORS, PRIMITIVE_CONFIRMED_HEADER, PRIMITIVE_SIGNATURE_HEADER, ParsedStatus, PrimitiveWebhookError, RAW_EMAIL_ERRORS, RawEmailDecodeError, STANDARD_WEBHOOK_ID_HEADER, STANDARD_WEBHOOK_SIGNATURE_HEADER, STANDARD_WEBHOOK_TIMESTAMP_HEADER, SpfResult, VERIFICATION_ERRORS, WEBHOOK_VERSION, WebhookPayloadError, WebhookValidationError, WebhookVerificationError, buildForwardSubject, buildReplySubject, confirmedHeaders, decodeRawEmail, emailReceivedEventJsonSchema, formatAddress, generateDownloadToken, getDownloadTimeRemaining, handleWebhook, isDownloadExpired, isEmailReceivedEvent, isRawIncluded, normalizeReceivedEmail, parseHeaderAddress, parseWebhookEvent, receive, safeValidateEmailReceivedEvent, signStandardWebhooksPayload, signWebhookPayload, validateEmailAuth, validateEmailReceivedEvent, verifyDownloadToken, verifyRawEmailDownload, verifyStandardWebhooksSignature, verifyWebhookSignature };
|
|
@@ -6045,10 +6045,10 @@ function safeValidateEmailReceivedEvent(input) {
|
|
|
6045
6045
|
* specific email's raw bytes or attachment bundle from a per-deployment
|
|
6046
6046
|
* download endpoint. It binds:
|
|
6047
6047
|
*
|
|
6048
|
-
* - `email_id
|
|
6049
|
-
* - `aud
|
|
6048
|
+
* - `email_id`: the specific email the token authorizes.
|
|
6049
|
+
* - `aud`: a caller-chosen audience label (e.g. the resource kind being
|
|
6050
6050
|
* downloaded). Tokens minted for one audience will not verify under another.
|
|
6051
|
-
* - `exp
|
|
6051
|
+
* - `exp`: an absolute expiration time (unix seconds).
|
|
6052
6052
|
*
|
|
6053
6053
|
* Format: `<base64url(payload)>.<base64url(signature)>` where `signature`
|
|
6054
6054
|
* is HMAC-SHA256 over the base64url-encoded payload using the shared secret.
|
|
@@ -6087,7 +6087,7 @@ function generateDownloadToken(params) {
|
|
|
6087
6087
|
* Verify a signed download token.
|
|
6088
6088
|
*
|
|
6089
6089
|
* Returns a discriminated-union result. The function never throws for
|
|
6090
|
-
* verification failures
|
|
6090
|
+
* verification failures. Only malformed inputs at the crypto layer would
|
|
6091
6091
|
* surface. Callers should check `result.valid` and log `result.error`.
|
|
6092
6092
|
*
|
|
6093
6093
|
* @param params - Verification inputs.
|