@primitivedotdev/sdk 0.26.0 → 0.27.0

package/dist/api/generated/sdk.gen.js

@@ -1,878 +0,0 @@
-// This file is auto-generated by @hey-api/openapi-ts
-import { client } from './client.gen.js';
-/**
- * Start CLI browser login
- *
- * Starts a browser-assisted CLI login session. The response includes a
- * device code for polling and a user code that the user approves in the
- * browser. This endpoint does not require an API key.
- *
- */
-export const startCliLogin = (options) => (options?.client ?? client).post({
-    url: '/cli/login/start',
-    ...options,
-    headers: {
-        'Content-Type': 'application/json',
-        ...options?.headers
-    }
-});
-/**
- * Poll CLI browser login
- *
- * Polls a CLI login session until the browser approval either succeeds,
- * is denied, expires, or is polled too quickly. The API key is generated
- * only after approval and is returned exactly once.
- *
- */
-export const pollCliLogin = (options) => (options.client ?? client).post({
-    url: '/cli/login/poll',
-    ...options,
-    headers: {
-        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
-        ...options.headers
-    }
-});
-/**
- * Revoke the current CLI API key
- *
- * Revokes the API key used to authenticate the request. CLI clients use
- * this endpoint during `primitive logout` before removing local credentials.
- *
- */
-export const cliLogout = (options) => (options?.client ?? client).post({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/cli/logout',
-    ...options,
-    headers: {
-        'Content-Type': 'application/json',
-        ...options?.headers
-    }
-});
-/**
- * Get account info
- */
-export const getAccount = (options) => (options?.client ?? client).get({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/account',
-    ...options
-});
-/**
- * Update account settings
- */
-export const updateAccount = (options) => (options.client ?? client).patch({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/account',
-    ...options,
-    headers: {
-        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
-        ...options.headers
-    }
-});
-/**
- * Get storage usage
- */
-export const getStorageStats = (options) => (options?.client ?? client).get({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/account/storage',
-    ...options
-});
-/**
- * Get webhook signing secret
- *
- * Returns the webhook signing secret for your account. If no
- * secret exists yet, one is generated automatically on first
- * access.
- *
- * Signing is account-scoped, not per-endpoint. Every webhook
- * delivery from any of your registered endpoints is signed
- * with this single secret. Rotate via
- * `POST /account/webhook-secret/rotate`.
- *
- * **Secret format**: the returned string looks base64-shaped
- * (e.g. `XNHBBW8VqoBjRfNs1tkZj11jTk...`) but is NOT base64.
- * Use it AS-IS as a UTF-8 string when computing HMAC over a
- * delivery body. Base64-decoding before HMAC will silently
- * produce mismatched signatures.
- *
- * See the API-level "Webhook signing" section for the full
- * wire format (header name, signed string shape, hash algo,
- * tolerance) including a language-agnostic verification
- * recipe.
- *
- */
-export const getWebhookSecret = (options) => (options?.client ?? client).get({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/account/webhook-secret',
-    ...options
-});
-/**
- * Rotate webhook signing secret
- *
- * Generates a new webhook signing secret, replacing the current one.
- * Rate limited to once per 60 minutes.
- *
- */
-export const rotateWebhookSecret = (options) => (options?.client ?? client).post({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/account/webhook-secret/rotate',
-    ...options
-});
-/**
- * List all domains
- *
- * Returns all verified and unverified domains for your organization,
- * sorted by creation date (newest first). Each domain includes a
- * `verified` boolean to distinguish between the two states.
- *
- */
-export const listDomains = (options) => (options?.client ?? client).get({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/domains',
-    ...options
-});
-/**
- * Claim a new domain
- *
- * Creates an unverified domain claim. You will receive a
- * `verification_token` to add as a DNS TXT record before
- * calling the verify endpoint.
- *
- */
-export const addDomain = (options) => (options.client ?? client).post({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/domains',
-    ...options,
-    headers: {
-        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
-        ...options.headers
-    }
-});
-/**
- * Delete a domain
- *
- * Deletes a verified or unverified domain claim.
- */
-export const deleteDomain = (options) => (options.client ?? client).delete({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/domains/{id}',
-    ...options
-});
-/**
- * Update domain settings
- *
- * Update a verified domain's settings. Only verified domains can be
- * updated. Per-domain spam thresholds require a Pro plan.
- *
- */
-export const updateDomain = (options) => (options.client ?? client).patch({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/domains/{id}',
-    ...options,
-    headers: {
-        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
-        ...options.headers
-    }
-});
-/**
- * Verify domain ownership
- *
- * Checks DNS records (MX and TXT) to verify domain ownership.
- * On success, the domain is promoted from unverified to verified.
- * On failure, returns which checks passed and which failed.
- *
- */
-export const verifyDomain = (options) => (options.client ?? client).post({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/domains/{id}/verify',
-    ...options
-});
-/**
- * List inbound emails
- *
- * Returns a paginated list of INBOUND emails received at your
- * verified domains. Outbound messages sent via /send-mail are
- * not included; this endpoint is the inbox view, not a
- * unified send/receive history.
- *
- * Supports filtering by domain, status, date range, and
- * free-text search across subject, sender, and recipient
- * fields.
- *
- * For a compact text-table summary of the most recent N
- * inbounds (no filters, no cursor pagination), the CLI ships
- * `primitive emails:latest` as a one-line-per-email shortcut.
- * It's TTY-aware so id columns are full UUIDs when piped, and
- * a `--json` flag returns the same envelope this endpoint
- * does. Use whichever fits the call site.
- *
- */
-export const listEmails = (options) => (options?.client ?? client).get({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/emails',
-    ...options
-});
-/**
- * Search inbound emails
- *
- * Searches inbound emails with structured filters and optional
- * full-text matching across parsed email fields. This endpoint is
- * optimized for filtered inbox views and CLI polling workflows:
- * callers that only need new accepted mail can pass
- * `sort=received_at_asc`, `snippet=false`, `include_facets=false`,
- * and a `date_from` timestamp.
- *
- * `q`, `subject`, and `body` use the same English full-text index
- * as the web inbox search. Structured filters such as `from`, `to`,
- * `domain_id`, status, attachment presence, and spam score bounds
- * are combined with the text query.
- *
- */
-export const searchEmails = (options) => (options?.client ?? client).get({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/emails/search',
-    ...options
-});
-/**
- * Delete an email
- */
-export const deleteEmail = (options) => (options.client ?? client).delete({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/emails/{id}',
-    ...options
-});
-/**
- * Get inbound email by id
- *
- * Returns the full record for an inbound email received at one
- * of your verified domains, including the parsed text and HTML
- * bodies, threading metadata, SMTP envelope detail, webhook
- * delivery state, and a `replies` array for any outbound sends
- * recorded as replies to this inbound.
- *
- * For listing inbound emails (with cursor pagination, status
- * and date filters, and free-text search), use
- * `/emails`. Outbound (sent) email records are NOT returned
- * here; use `/sent-emails/{id}` for those.
- *
- * The response carries four sender-shaped fields whose
- * meanings overlap. `from_email` is the canonical "who sent
- * this" field for most use cases (parsed bare address from
- * the `From:` header, with a `sender` fallback). `from_header`
- * is the raw header including any display name. `sender` and
- * `smtp_mail_from` both carry the SMTP envelope MAIL FROM
- * (return-path) and are equal by construction; `sender` is
- * the older field name retained for compatibility. See
- * `primitive describe emails:get-email | jq '.responseSchema.properties'`
- * for per-field detail.
- *
- */
-export const getEmail = (options) => (options.client ?? client).get({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/emails/{id}',
-    ...options
-});
-/**
- * Download raw email
- *
- * Downloads the raw RFC 822 email file (.eml). Authenticates via
- * a signed download token (provided in webhook payloads) or a
- * valid session.
- *
- */
-export const downloadRawEmail = (options) => (options.client ?? client).get({
-    security: [{ scheme: 'bearer', type: 'http' }, {
-            in: 'query',
-            name: 'token',
-            type: 'apiKey'
-        }],
-    url: '/emails/{id}/raw',
-    ...options
-});
-/**
- * Download email attachments
- *
- * Downloads all attachments as a gzip-compressed tar archive.
- * Authenticates via a signed download token (provided in webhook
- * payloads) or a valid session.
- *
- */
-export const downloadAttachments = (options) => (options.client ?? client).get({
-    security: [{ scheme: 'bearer', type: 'http' }, {
-            in: 'query',
-            name: 'token',
-            type: 'apiKey'
-        }],
-    url: '/emails/{id}/attachments.tar.gz',
-    ...options
-});
-/**
- * Reply to an inbound email
- *
- * Sends an outbound reply to the inbound email identified by `id`.
- * Threading headers (`In-Reply-To`, `References`), recipient
- * derivation (Reply-To, then From, then bare sender), and the
- * `Re:` subject prefix are all derived server-side from the
- * stored inbound row. The request body carries only the message
- * body and optional `wait` flag; passing any header or recipient
- * override is rejected by the schema (`additionalProperties:
- * false`).
- *
- * Forwards through the same gates as `/send-mail`: the response
- * status, error envelope, and `idempotent_replay` flag mirror
- * the send-mail contract verbatim.
- *
- */
-export const replyToEmail = (options) => (options.client ?? client).post({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/emails/{id}/reply',
-    ...options,
-    headers: {
-        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
-        ...options.headers
-    }
-});
-/**
- * Replay email webhooks
- *
- * Re-delivers the webhook payload for this email to all active
- * endpoints matching the email's domain. Rate limited per-email
- * (short cooldown between successive replays of the same email)
- * and per-org (burst + sustained windows), sharing an org-wide
- * budget with delivery replays.
- *
- */
-export const replayEmailWebhooks = (options) => (options.client ?? client).post({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/emails/{id}/replay',
-    ...options
-});
-/**
- * Discard email content
- *
- * Permanently deletes the email's raw bytes, parsed body (text + HTML),
- * and attachments while preserving metadata (sender, recipient,
- * subject, timestamps, hashes, attachment manifest) for audit logs.
- * Idempotent: a second call returns success with
- * `already_discarded: true` and does no work.
- *
- * **Gated** on the customer's discard-content opt-in (managed in the
- * dashboard at Settings > Webhooks). When the toggle is off, this
- * endpoint returns `403` with code `discard_not_enabled` and a
- * message pointing the human at the dashboard. There is intentionally
- * no API to flip this toggle. Opting in to a destructive,
- * non-reversible operation must be a deliberate human click in the
- * UI.
- *
- */
-export const discardEmailContent = (options) => (options.client ?? client).post({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/emails/{id}/discard-content',
-    ...options
-});
-/**
- * List webhook endpoints
- *
- * Returns all active (non-deleted) webhook endpoints.
- */
-export const listEndpoints = (options) => (options?.client ?? client).get({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/endpoints',
-    ...options
-});
-/**
- * Create a webhook endpoint
- *
- * Creates a new webhook endpoint. If a deactivated endpoint
- * with the same URL and domain exists, it is reactivated
- * instead. Subject to plan limits on the number of active
- * endpoints.
- *
- * **Signing is account-scoped, not per-endpoint.** This call
- * does not return any signing material; every endpoint on the
- * account uses the same webhook secret, fetched via
- * `GET /account/webhook-secret`. See the API-level "Webhook
- * signing" section for the full wire format (header name,
- * signed string, hash algo, secret format, tolerance) and a
- * language-agnostic verification recipe.
- *
- * After creating the endpoint, fire a test delivery against
- * it via `POST /endpoints/{id}/test` to confirm your verifier
- * accepts the signature.
- *
- */
-export const createEndpoint = (options) => (options.client ?? client).post({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/endpoints',
-    ...options,
-    headers: {
-        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
-        ...options.headers
-    }
-});
-/**
- * Delete a webhook endpoint
- *
- * Soft-deletes a webhook endpoint. The endpoint will no longer
- * receive webhook deliveries.
- *
- */
-export const deleteEndpoint = (options) => (options.client ?? client).delete({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/endpoints/{id}',
-    ...options
-});
-/**
- * Update a webhook endpoint
- *
- * Updates an active webhook endpoint. If the URL is changed, the old
- * endpoint is deactivated and a new one is created (or an existing
- * deactivated endpoint with the new URL is reactivated).
- *
- */
-export const updateEndpoint = (options) => (options.client ?? client).patch({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/endpoints/{id}',
-    ...options,
-    headers: {
-        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
-        ...options.headers
-    }
-});
-/**
- * Send a test webhook
- *
- * Sends a sample `email.received` event to the endpoint. The request
- * includes SSRF protection (private IP rejection and DNS pinning).
- * Rate limited to 4 per minute and 30 per hour (non-exempt).
- * Successful deliveries and verified-domain endpoints are exempt
- * from the rate limit.
- *
- */
-export const testEndpoint = (options) => (options.client ?? client).post({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/endpoints/{id}/test',
-    ...options
-});
-/**
- * List filter rules
- *
- * Returns all whitelist and blocklist filter rules.
- */
-export const listFilters = (options) => (options?.client ?? client).get({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/filters',
-    ...options
-});
-/**
- * Create a filter rule
- *
- * Creates a new whitelist or blocklist filter. Per-domain filters
- * require a Pro plan. Patterns are stored as lowercase.
- *
- */
-export const createFilter = (options) => (options.client ?? client).post({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/filters',
-    ...options,
-    headers: {
-        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
-        ...options.headers
-    }
-});
-/**
- * Delete a filter rule
- */
-export const deleteFilter = (options) => (options.client ?? client).delete({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/filters/{id}',
-    ...options
-});
-/**
- * Update a filter rule
- *
- * Toggle a filter's enabled state.
- */
-export const updateFilter = (options) => (options.client ?? client).patch({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/filters/{id}',
-    ...options,
-    headers: {
-        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
-        ...options.headers
-    }
-});
-/**
- * List webhook deliveries
- *
- * Returns a paginated list of webhook delivery attempts. Each delivery
- * includes a nested `email` object with sender, recipient, and subject.
- *
- */
-export const listDeliveries = (options) => (options?.client ?? client).get({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/webhooks/deliveries',
-    ...options
-});
-/**
- * Replay a webhook delivery
- *
- * Re-sends the stored webhook payload from a previous delivery attempt.
- * If the original endpoint is still active, it is targeted. If the
- * original endpoint was deleted, the oldest active endpoint is used.
- * Deactivated endpoints cannot be replayed to. Rate limited per-org,
- * sharing an org-wide budget with email replays.
- *
- */
-export const replayDelivery = (options) => (options.client ?? client).post({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/webhooks/deliveries/{id}/replay',
-    ...options
-});
-/**
- * List send-permission rules
- *
- * Returns a flat list of rules describing every recipient the
- * caller may send to. Each rule has a `type`, a kind-specific
- * payload, and a human-readable `description`. If any rule
- * matches the recipient, /send-mail will accept the send under
- * the recipient-scope check.
- *
- * The endpoint is the answer to "where can I send" without
- * exposing internal entitlement names. Agents that don't
- * recognize a `type` can still read the `description` prose
- * and act on it.
- *
- * Rule kinds, ordered broadest-first so an agent can stop
- * scanning at the first match:
- *
- * 1. `any_recipient` (one entry, only when the org can send
- * anywhere): every other rule below it is redundant.
- * 2. `managed_zone` (always emitted, one per Primitive-managed
- * zone): sends to any address at *.primitive.email or
- * *.email.works always succeed; no entitlement required.
- * 3. `your_domain` (one per active verified outbound domain
- * owned by the org): sends to that domain are approved.
- * 4. `address` (one per address that has authenticated
- * inbound mail to the org, capped at `meta.address_cap`):
- * sends to that exact address are approved.
- *
- * The list is informational, not an authorization check.
- * /send-mail remains the source of truth on whether an
- * individual send will succeed (it also enforces the
- * from-address and the `send_mail` entitlement, which are
- * not recipient-scope concerns and are not represented here).
- *
- */
-export const getSendPermissions = (options) => (options?.client ?? client).get({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/send-permissions',
-    ...options
-});
-/**
- * Send outbound email
- *
- * Sends an outbound email through Primitive's outbound relay. By default
- * the request returns once the relay accepts the message for delivery.
- * Set `wait: true` to wait for the first downstream SMTP delivery outcome.
- *
- * **Host routing.** /send-mail is served by the attachments-
- * supporting host (`https://api.primitive.dev/v1`) so the
- * request body can carry inline attachments up to ~30 MiB raw.
- * The primary host (`https://www.primitive.dev/api/v1`) also
- * accepts /send-mail for attachment-free sends; sends WITH
- * attachments to the primary host return 413
- * `attachments_unsupported_on_this_endpoint`. The typed SDKs
- * route /send-mail to the attachments host automatically.
- *
- */
-export const sendEmail = (options) => (options.client ?? client).post({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/send-mail',
-    ...options,
-    headers: {
-        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
-        ...options.headers
-    }
-});
-/**
- * List outbound sent emails
- *
- * Returns a paginated list of OUTBOUND emails the caller's
- * org has sent via /send-mail (and /emails/{id}/reply, which
- * forwards through /send-mail). Includes every recorded
- * attempt, including gate-denied attempts that the agent
- * never called and rows still in `queued` state.
- *
- * For inbound mail received at your verified domains, see
- * /emails. There is no unified send/receive history endpoint;
- * the two surfaces are intentionally separate because the
- * underlying tables, statuses, and lifecycle differ.
- *
- * Email bodies (`body_text`, `body_html`) are NOT included on
- * list rows so a 50-row page can't balloon into a multi-MB
- * response when sends are near the 5MB body cap. Use
- * /sent-emails/{id} to fetch a single row with bodies, or
- * cross-reference by `client_idempotency_key` if the caller
- * already has the body locally.
- *
- */
-export const listSentEmails = (options) => (options?.client ?? client).get({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/sent-emails',
-    ...options
-});
-/**
- * Get a sent email by id
- *
- * Returns the full sent-email record by id, including
- * `body_text` and `body_html` (omitted from the listing
- * endpoint to keep paginated responses small). Use this when
- * diagnosing a specific send, e.g. inspecting the receiver's
- * SMTP response on a `bounced` row or pulling the gate
- * denial detail on a `gate_denied` row.
- *
- */
-export const getSentEmail = (options) => (options.client ?? client).get({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/sent-emails/{id}',
-    ...options
-});
-/**
- * List functions
- *
- * Returns every active (non-deleted) function in the org, newest
- * first. Each entry carries the deploy status and the gateway URL
- * that the platform's webhook delivery loop posts to. To inspect
- * the source code or deploy errors, use `GET /functions/{id}`.
- *
- */
-export const listFunctions = (options) => (options?.client ?? client).get({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/functions',
-    ...options
-});
-/**
- * Deploy a function
- *
- * Creates and deploys a new function. The handler must be a single
- * ESM module whose default export is an object with an async
- * `fetch(request, env)` method (Workers-style). The gateway
- * HMAC-verifies the POST against the org's webhook secret before
- * invoking the handler; the request body parses to an
- * `email.received` event (see `EmailReceivedEvent` and the
- * Webhook payload section for the full schema). Code is bundled
- * before being uploaded; ship a single self-contained file rather
- * than relying on external imports.
- *
- * **Code limits.** `code` is capped at 1 MiB UTF-8. `sourceMap`
- * (optional) is capped at 5 MiB UTF-8 and is stored only on the
- * edge runtime side; it is not persisted in Primitive's database.
- *
- * **Auto-wiring.** On successful deploy, Primitive automatically
- * creates a webhook endpoint that delivers inbound mail to the
- * function. There is nothing to configure on the Endpoints API
- * for this to work; the gateway URL returned here is for
- * reference only and is not directly callable from outside.
- *
- * **Secrets.** New functions ship with the managed secrets
- * (`PRIMITIVE_WEBHOOK_SECRET`, `PRIMITIVE_API_KEY`) already
- * bound. Add user-set secrets via
- * `POST /functions/{id}/secrets`; secret writes only land in the
- * running handler on the next redeploy.
- *
- */
-export const createFunction = (options) => (options.client ?? client).post({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/functions',
-    ...options,
-    headers: {
-        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
-        ...options.headers
-    }
-});
-/**
- * Delete a function
- *
- * Soft-deletes the function row, removes the script from the edge
- * runtime, and deactivates the auto-wired webhook endpoint so no
- * further inbound mail is delivered. Past deploy history,
- * invocations, and logs are retained.
- *
- * Returns 502 if the runtime delete fails partway; the function
- * row stays in place and the call is safe to retry until it
- * succeeds.
- *
- */
-export const deleteFunction = (options) => (options.client ?? client).delete({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/functions/{id}',
-    ...options
-});
-/**
- * Get a function
- *
- * Returns the full record for a function, including its current
- * source code and the deploy status / error from the most recent
- * deploy attempt.
- *
- */
-export const getFunction = (options) => (options.client ?? client).get({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/functions/{id}',
-    ...options
-});
-/**
- * Update and redeploy a function
- *
- * Replaces the function's source code with the body's `code` and
- * triggers a redeploy. Same size limits as `POST /functions`.
- * Use this verb to push secret writes into the running handler:
- * passing the same `code` re-runs the deploy and refreshes the
- * binding set with the latest values from the secrets table.
- *
- * On a 502 deploy failure, the previously-deployed code stays
- * live; the runtime never serves a half-built bundle. The
- * `deploy_error` field on the returned record carries the error
- * that came back from the runtime so you can surface it to users
- * without polling.
- *
- */
-export const updateFunction = (options) => (options.client ?? client).put({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/functions/{id}',
-    ...options,
-    headers: {
-        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
-        ...options.headers
-    }
-});
-/**
- * Send a test invocation
- *
- * Sends a real test email from a Primitive-controlled sender to a
- * local-part on one of the org's verified inbound domains. By
- * default the recipient is a synthetic
- * `__primitive_function_test+<random>@<domain>` address that
- * every handler's catch-all routing receives identically; pass
- * `local_part` to override and exercise routing logic that
- * branches on a specific recipient (the common pattern when one
- * function handles multiple inboxes like `summarize@` and
- * `action@`). The function fires through the normal MX delivery
- * path, so reply / send-mail calls from inside the handler
- * against the inbound's `email.id` work the same as in
- * production. Returns immediately after the send is queued; the
- * invocation appears on the function's invocations list within a
- * few seconds.
- *
- * Requires that the function is currently `deployed`. Returns 422
- * if the function is in `pending` or `failed` state, or if the
- * org has no verified inbound domain to receive the test mail.
- * Returns 400 if `local_part` is set to a value that does not
- * match the local-part character set.
- *
- */
-export const testFunction = (options) => (options.client ?? client).post({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/functions/{id}/test',
-    ...options,
-    headers: {
-        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
-        ...options.headers
-    }
-});
-/**
- * List a function's secrets
- *
- * Returns metadata for every secret bound to the function, with
- * managed entries (provisioned by Primitive) listed first and
- * user-set entries listed alphabetically after. **Values are
- * never returned.** Secret writes are write-only.
- *
- * Managed entries (e.g. `PRIMITIVE_WEBHOOK_SECRET`,
- * `PRIMITIVE_API_KEY`) carry a `description` instead of
- * `created_at` / `updated_at`. They cannot be created, updated,
- * or deleted via this API.
- *
- */
-export const listFunctionSecrets = (options) => (options.client ?? client).get({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/functions/{id}/secrets',
-    ...options
-});
-/**
- * Create or update a secret
- *
- * Idempotent insert-or-update keyed on `(function_id, key)`.
- * Returns 201 the first time the key is set, 200 on subsequent
- * updates. Values are encrypted at rest and only become visible
- * to the running handler on the next deploy (`PUT /functions/{id}`
- * with the existing code is sufficient to refresh bindings).
- *
- * Keys must match `^[A-Z_][A-Z0-9_]*$` (uppercase letters,
- * digits, underscores; first character is a letter or
- * underscore). Values are at most 4096 UTF-8 bytes. System-
- * managed keys are reserved and rejected.
- *
- */
-export const createFunctionSecret = (options) => (options.client ?? client).post({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/functions/{id}/secrets',
-    ...options,
-    headers: {
-        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
-        ...options.headers
-    }
-});
-/**
- * Delete a secret
- *
- * Removes the secret. The binding stays live in the running
- * handler until the next deploy refreshes the binding set
- * (`PUT /functions/{id}` with the existing code is sufficient).
- * Returns 404 if the key did not exist. Managed system keys
- * cannot be deleted.
- *
- */
-export const deleteFunctionSecret = (options) => (options.client ?? client).delete({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/functions/{id}/secrets/{key}',
-    ...options
-});
-/**
- * Set a secret by key
- *
- * Path-keyed companion to `POST /functions/{id}/secrets`.
- * Idempotent: returns 201 the first time the key is set, 200 on
- * subsequent updates. Same validation rules and same write-only
- * guarantees as the POST verb; the new value lands in the running
- * handler on the next deploy.
- *
- */
-export const setFunctionSecret = (options) => (options.client ?? client).put({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/functions/{id}/secrets/{key}',
-    ...options,
-    headers: {
-        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
-        ...options.headers
-    }
-});
-/**
- * List a function's execution logs
- *
- * Returns the most recent `function_logs` rows for the function,
- * newest first. Each row is a single `console.log` / `console.error`
- * invocation captured from the running handler.
- *
- * Page through history with the opaque `cursor` returned as
- * `next_cursor`; pass it back as the `cursor` query param on the
- * next call. `next_cursor` is `null` when there are no further
- * rows. The cursor format is an implementation detail and should
- * not be parsed by callers.
- *
- */
-export const listFunctionLogs = (options) => (options.client ?? client).get({
-    security: [{ scheme: 'bearer', type: 'http' }],
-    url: '/functions/{id}/logs',
-    ...options
-});