@qafka/react-native 2.0.0

package/dist/services/BackendService.js

@@ -0,0 +1,755 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BackendService = void 0;
+const react_native_1 = require("react-native");
+const package_json_1 = require("../../package.json");
+const QafkaAttestation_1 = require("../native/QafkaAttestation");
+/**
+ * Backend API Service using native fetch
+ */
+class BackendService {
+    baseURL;
+    apiKey;
+    subProjectId = null;
+    // Instance state for the explicit end-user lane. Set via `setEndUser()`
+    // whenever the host app's `<Qafka endUserId=... />` prop changes
+    // (sign-in / sign-out / impersonation). Injected into every outgoing
+    // chat request payload.
+    endUserId = null;
+    endUserData = null;
+    timeout;
+    bundleId = null;
+    appVersion = null;
+    deviceModel = null;
+    sessionTokenGetter = null;
+    attestationManager = null;
+    refreshing = null;
+    // locale is only added to sdkContext when explicitly set by the
+    // developer via <Qafka locale="..." />. Drives both UI strings and the
+    // user-message context prefix on the server.
+    locale = null;
+    // Tool Data Channel
+    onToolDataRequested = null;
+    toolDataResolvedFor = new Map();
+    static RESOLVER_TIMEOUT_MS = 3000;
+    constructor(apiKey, apiUrl, subProjectId) {
+        // If custom apiUrl provided, ensure it has /api/v1 prefix
+        if (apiUrl) {
+            // Remove trailing slash if exists
+            const cleanUrl = apiUrl.replace(/\/$/, '');
+            // Add /api/v1 if not already present
+            this.baseURL = cleanUrl.includes('/api/v1')
+                ? cleanUrl
+                : `${cleanUrl}/api/v1`;
+        }
+        else {
+            this.baseURL = 'https://api.qafka.com/api/v1';
+        }
+        this.apiKey = apiKey;
+        this.subProjectId = subProjectId ?? null;
+        this.timeout = 60000; // 60 seconds for long-running AI responses
+        const deviceInfo = (0, QafkaAttestation_1.getDeviceInfo)();
+        this.bundleId = deviceInfo.bundleId || null;
+        this.appVersion = deviceInfo.appVersion || null;
+        this.deviceModel = deviceInfo.deviceModel || react_native_1.Platform.OS;
+    }
+    setSessionTokenGetter(getter) {
+        this.sessionTokenGetter = getter;
+    }
+    /**
+     * Store the validated end-user identity for subsequent chat requests.
+     * Called by the React component on mount and whenever the `endUserId` /
+     * `endUserData` props change. Validation happens upstream
+     * (`validate-end-user.ts`) so this method only persists the result.
+     */
+    setEndUser(endUserId, endUserData) {
+        this.endUserId = endUserId;
+        this.endUserData = endUserData ?? null;
+    }
+    setAttestationManager(am) {
+        this.attestationManager = am;
+    }
+    /**
+     * Single-flight refresh: concurrent callers share the same in-flight promise.
+     * Prevents multiple parallel re-attests when several requests fail simultaneously.
+     */
+    async refreshSession() {
+        if (!this.attestationManager)
+            return null;
+        if (!this.refreshing) {
+            this.refreshing = this.attestationManager.refresh()
+                .finally(() => { this.refreshing = null; });
+        }
+        return this.refreshing;
+    }
+    /**
+     * fetch() with automatic session refresh when the backend signals it —
+     * reactively on a 429 refresh hint, proactively when the budget header is
+     * low. Caller passes an init that already has Authorization/x-api-key set;
+     * on retry, only the Bearer header is swapped.
+     */
+    async fetchWithRefresh(url, init, retries = 1) {
+        const res = await fetch(url, init);
+        const refreshRequired = res.headers.get('X-Token-Refresh-Required') === 'true';
+        const remainingStr = res.headers.get('X-Token-Budget-Remaining');
+        const remaining = remainingStr ? parseInt(remainingStr, 10) : NaN;
+        // Reactive refresh — backend explicitly requests a new token
+        if (res.status === 429 && refreshRequired && retries > 0) {
+            const newToken = await this.refreshSession();
+            if (newToken) {
+                const headers = { ...init.headers };
+                headers['Authorization'] = `Bearer ${newToken}`;
+                return this.fetchWithRefresh(url, { ...init, headers }, retries - 1);
+            }
+        }
+        // Proactive refresh — fire-and-forget when budget is low or backend hints
+        if (refreshRequired || (!isNaN(remaining) && remaining < 1000)) {
+            void this.refreshSession();
+        }
+        return res;
+    }
+    /**
+     * Tool Data Channel: register the partner-provided resolver that
+     * supplies transient PII (`{{tooldata.X}}` substitution) bags. Called from
+     * QafkaSDK with the `onToolDataRequested` prop. Pass `null` to clear.
+     */
+    setOnToolDataRequested(resolver) {
+        this.onToolDataRequested = resolver;
+    }
+    /**
+    * explicit-intent locale. Only included in sdkContext when set —
+    * Qafka.tsx wires this from the `locale` prop. Developer can also call
+    * directly via QafkaSDK.setLocale().
+    */
+    setLocale(locale) {
+        this.locale = locale && locale.trim().length > 0 ? locale.trim() : null;
+    }
+    /**
+    * Build the SDK context attached to every request: universal temporal
+    * fields plus locale when the developer has set it.
+    */
+    buildSdkContext() {
+        const now = new Date();
+        const timezoneOffset = -now.getTimezoneOffset();
+        const sign = timezoneOffset >= 0 ? '+' : '-';
+        const hours = String(Math.floor(Math.abs(timezoneOffset) / 60)).padStart(2, '0');
+        const minutes = String(Math.abs(timezoneOffset) % 60).padStart(2, '0');
+        const tzString = `${sign}${hours}:${minutes}`;
+        const localIso = now.getFullYear() + '-' +
+            String(now.getMonth() + 1).padStart(2, '0') + '-' +
+            String(now.getDate()).padStart(2, '0') + 'T' +
+            String(now.getHours()).padStart(2, '0') + ':' +
+            String(now.getMinutes()).padStart(2, '0') + ':' +
+            String(now.getSeconds()).padStart(2, '0') + tzString;
+        const sdkContext = {
+            dateTime: localIso,
+            timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
+        };
+        if (this.locale) {
+            sdkContext.locale = this.locale;
+        }
+        return sdkContext;
+    }
+    /**
+    * Get security headers for API requests
+    */
+    async getSecurityHeaders() {
+        const headers = {
+            'x-platform': react_native_1.Platform.OS, // 'ios' or 'android'
+            'x-sdk-version': package_json_1.version,
+        };
+        if (this.apiKey) {
+            headers['x-api-key'] = this.apiKey;
+        }
+        // Add app version
+        if (this.appVersion) {
+            headers['x-app-version'] = this.appVersion;
+        }
+        // Add device model
+        if (this.deviceModel) {
+            headers['x-device-model'] = this.deviceModel;
+        }
+        if (this.sessionTokenGetter) {
+            const token = await this.sessionTokenGetter();
+            if (token) {
+                headers['Authorization'] = `Bearer ${token}`;
+            }
+        }
+        return headers;
+    }
+    /**
+     * Tool Data Channel: invokes the partner resolver, POSTs the
+     * opaque bag to /chat/tool-data. Per-execId dedupe, soft timeout, fail-soft.
+     * Called by the tool_suggestions SSE handler when `needData=true`.
+     */
+    async resolveAndPostToolData(execId, tools) {
+        if (this.toolDataResolvedFor.has(execId))
+            return;
+        this.toolDataResolvedFor.set(execId, true);
+        // Best-effort cleanup so the dedupe map doesn't grow unboundedly.
+        // 10 min retention is plenty for one chat turn lifecycle.
+        setTimeout(() => this.toolDataResolvedFor.delete(execId), 10 * 60 * 1000);
+        const resolver = this.onToolDataRequested;
+        if (!resolver)
+            return;
+        const first = tools?.[0];
+        const toolDescriptor = first?.tool ?? first;
+        if (!toolDescriptor?.key || !toolDescriptor?.name)
+            return;
+        let bag = {};
+        try {
+            const resolverResult = Promise.resolve(resolver({ key: toolDescriptor.key, name: toolDescriptor.name }));
+            const timed = new Promise((resolve) => setTimeout(() => resolve({}), BackendService.RESOLVER_TIMEOUT_MS));
+            const result = await Promise.race([resolverResult, timed]);
+            bag = result ?? {};
+        }
+        catch (err) {
+            if (__DEV__) {
+                console.warn('[Qafka] onToolDataRequested threw - posting empty bag', err);
+            }
+            bag = {};
+        }
+        try {
+            await this.postToolData(execId, bag);
+        }
+        catch (err) {
+            if (__DEV__) {
+                console.warn('[Qafka] postToolData failed (fail-soft)', err);
+            }
+        }
+    }
+    /**
+     * POST tooldata bag to backend. Uses the standard SDK auth headers (API key
+     * + device attestation session token) — same chain as sendMessageStream.
+     * No retry, no body persistence; 64KB cap enforced server-side.
+     */
+    async postToolData(execId, data) {
+        const headers = await this.getSecurityHeaders();
+        headers['Content-Type'] = 'application/json';
+        await this.fetchWithRefresh(`${this.baseURL}/chat/tool-data`, {
+            method: 'POST',
+            headers,
+            body: JSON.stringify({ toolExecutionId: execId, data }),
+        });
+    }
+    /**
+    * Make HTTP request with timeout
+    */
+    async fetchWithTimeout(url, options) {
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+        try {
+            const response = await this.fetchWithRefresh(url, {
+                ...options,
+                signal: controller.signal,
+                headers: {
+                    'Content-Type': 'application/json',
+                    ...(await this.getSecurityHeaders()),
+                    ...options.headers,
+                },
+            });
+            clearTimeout(timeoutId);
+            return response;
+        }
+        catch (error) {
+            clearTimeout(timeoutId);
+            if (error.name === 'AbortError') {
+                throw new Error('Request timeout');
+            }
+            throw error;
+        }
+    }
+    /**
+    * Handle response errors with detailed messages
+    */
+    async handleResponse(response) {
+        if (!response.ok) {
+            const errorData = await response.json().catch(() => ({}));
+            const errorCode = errorData.error || 'UNKNOWN_ERROR';
+            const errorMessage = errorData.message || response.statusText;
+            const hint = errorData.hint || '';
+            // 401: Unauthorized (Invalid/Missing API Key)
+            if (response.status === 401) {
+                if (errorCode === 'MISSING_API_KEY') {
+                    throw new Error('❌ API key is required. Please check your configuration.');
+                }
+                if (errorCode === 'INVALID_API_KEY') {
+                    throw new Error('❌ Invalid API key. Please check your Dashboard for the correct key.');
+                }
+                throw new Error(`❌ Unauthorized: ${errorMessage}`);
+            }
+            // 403: Forbidden (Bundle ID, Platform, Permission issues)
+            if (response.status === 403) {
+                if (errorCode === 'INVALID_BUNDLE_ID') {
+                    const bundleIdMsg = this.bundleId
+                        ? `Your bundle ID: ${this.bundleId}`
+                        : 'Bundle ID could not be detected';
+                    throw new Error(`🔒 Access Denied: ${errorMessage}\n${bundleIdMsg}\n💡 ${hint || 'Add your bundle ID to API key restrictions in the Dashboard'}`);
+                }
+                if (errorCode === 'INVALID_PLATFORM') {
+                    throw new Error(`🔒 Access Denied: ${errorMessage}\n💡 Add '${react_native_1.Platform.OS}' to allowed platforms in the Dashboard`);
+                }
+                if (errorCode === 'INACTIVE_API_KEY') {
+                    throw new Error('🔒 API key is inactive. Please activate it in the Dashboard.');
+                }
+                if (errorCode === 'EXPIRED_API_KEY') {
+                    throw new Error('🔒 API key has expired. Please generate a new key in the Dashboard.');
+                }
+                if (errorCode.startsWith('PERMISSION_DENIED')) {
+                    const feature = errorCode
+                        .replace('PERMISSION_DENIED_', '')
+                        .toLowerCase();
+                    throw new Error(`🔒 Permission Denied: ${feature} access is not enabled for this API key.\n💡 Enable it in the Dashboard`);
+                }
+                throw new Error(`🔒 Access Denied: ${errorMessage}\n💡 ${hint}`);
+            }
+            // 429: Rate Limit Exceeded
+            if (response.status === 429) {
+                const retryAfter = response.headers.get('Retry-After');
+                const rateLimitReset = response.headers.get('X-RateLimit-Reset');
+                const retryMsg = retryAfter
+                    ? `Try again in ${retryAfter} seconds`
+                    : rateLimitReset
+                        ? `Try again at ${new Date(parseInt(rateLimitReset) * 1000).toLocaleTimeString()}`
+                        : 'Try again later';
+                throw new Error(`⚠️ Rate limit exceeded: ${errorMessage}\n💡 ${retryMsg}`);
+            }
+            // Other errors
+            throw new Error(errorData.message ||
+                `❌ HTTP Error ${response.status}: ${response.statusText}`);
+        }
+        return response.json();
+    }
+    /**
+    * Send chat message to backend
+    */
+    async sendMessage(message, sessionId, context, contextDescription, isInitialMessage) {
+        try {
+            // Filter out undefined values from context before sending
+            const cleanedContext = context
+                ? Object.keys(context).reduce((acc, key) => {
+                    const value = context[key];
+                    if (value !== undefined) {
+                        acc[key] = value;
+                    }
+                    return acc;
+                }, {})
+                : undefined;
+            const request = {
+                message,
+                sessionId,
+                ...(this.subProjectId && { subProjectId: this.subProjectId }),
+                ...(this.endUserId !== null && { endUserId: this.endUserId }),
+                ...(this.endUserData !== null && { endUserData: this.endUserData }),
+                context: cleanedContext
+                    ? {
+                        metadata: {
+                            ...cleanedContext,
+                            ...(contextDescription && { contextDescription }),
+                        },
+                    }
+                    : undefined,
+                sdkContext: this.buildSdkContext(),
+                ...(isInitialMessage && { isInitialMessage: true }),
+            };
+            const response = await this.fetchWithTimeout(`${this.baseURL}/chat`, {
+                method: 'POST',
+                body: JSON.stringify(request),
+            });
+            return this.handleResponse(response);
+        }
+        catch (error) {
+            throw new Error(error.message || 'Failed to send message');
+        }
+    }
+    /**
+    * Get conversation history
+    */
+    async getHistory(sessionId, limit = 50) {
+        try {
+            const params = new URLSearchParams({
+                sessionId,
+                limit: limit.toString(),
+            });
+            const response = await this.fetchWithTimeout(`${this.baseURL}/chat/history?${params}`, { method: 'GET' });
+            return this.handleResponse(response);
+        }
+        catch (error) {
+            throw new Error('Failed to fetch conversation history');
+        }
+    }
+    /**
+    * Delete conversation
+    */
+    async deleteConversation(sessionId) {
+        try {
+            const params = new URLSearchParams({ sessionId });
+            const response = await this.fetchWithTimeout(`${this.baseURL}/chat/conversation?${params}`, { method: 'DELETE' });
+            if (!response.ok) {
+                throw new Error(`Failed to delete: ${response.statusText}`);
+            }
+        }
+        catch (error) {
+            throw new Error('Failed to delete conversation');
+        }
+    }
+    /**
+    * Get project theme
+    */
+    async getTheme() {
+        try {
+            const cleanApiUrl = this.baseURL.replace(/\/api\/v1\/?$/, '');
+            const queryParams = this.subProjectId
+                ? `?subProjectId=${encodeURIComponent(this.subProjectId)}`
+                : '';
+            const response = await this.fetchWithTimeout(`${cleanApiUrl}/api/v1/public/projects/chat-theme${queryParams}`, { method: 'GET' });
+            return this.handleResponse(response);
+        }
+        catch (error) {
+            throw new Error(error.message || 'Failed to fetch theme');
+        }
+    }
+    /**
+    * Send message with streaming response
+    * React Native compatible version using XMLHttpRequest
+    */
+    async sendMessageStream(message, sessionId, onChunk, onComplete, onError, context, contextDescription, onToolSuggestions, // Tool suggestions callback
+    isInitialMessage, onActionResult, // Action result callback
+    onStepCompleted, // Step completed callback
+    onFileUploadRequest, onExtractionResult, 
+    // three new events for server-managed tool execution modes
+    onToolStatus, onToolResultPayload, onFinalChunk) {
+        try {
+            // Filter out undefined values from context before sending
+            const cleanedContext = context
+                ? Object.keys(context).reduce((acc, key) => {
+                    const value = context[key];
+                    if (value !== undefined) {
+                        acc[key] = value;
+                    }
+                    return acc;
+                }, {})
+                : undefined;
+            const request = {
+                message,
+                sessionId,
+                ...(this.subProjectId && { subProjectId: this.subProjectId }),
+                ...(this.endUserId !== null && { endUserId: this.endUserId }),
+                ...(this.endUserData !== null && { endUserData: this.endUserData }),
+                context: cleanedContext
+                    ? {
+                        metadata: {
+                            ...cleanedContext,
+                            ...(contextDescription && { contextDescription }),
+                        },
+                    }
+                    : undefined,
+                sdkContext: this.buildSdkContext(),
+                ...(isInitialMessage && { isInitialMessage: true }),
+            };
+            // Use XMLHttpRequest for React Native streaming support
+            const xhr = new XMLHttpRequest();
+            let fullResponse = '';
+            let messageId = '';
+            let navigationSuggestion = undefined;
+            let externalSuggestions = [];
+            let lastProcessedIndex = 0;
+            let firstChunkReceived = false; // ⏱️ Track first chunk
+            xhr.onprogress = () => {
+                // Get new data since last update
+                const currentText = xhr.responseText;
+                const newText = currentText.substring(lastProcessedIndex);
+                lastProcessedIndex = currentText.length;
+                if (!newText)
+                    return;
+                // ⏱️ Track first chunk arrival
+                if (!firstChunkReceived) {
+                    firstChunkReceived = true;
+                }
+                // Parse SSE events (format: "data: {...}\n\n")
+                const lines = newText.split('\n');
+                for (const line of lines) {
+                    if (line.startsWith('data: ')) {
+                        const jsonStr = line.slice(6).trim(); // Remove "data: " prefix
+                        if (!jsonStr)
+                            continue;
+                        try {
+                            const event = JSON.parse(jsonStr);
+                            switch (event.type) {
+                                case 'content':
+                                    // Stream content chunk
+                                    fullResponse += event.content;
+                                    onChunk(event.content);
+                                    break;
+                                case 'navigation':
+                                    navigationSuggestion = event.navigation;
+                                    break;
+                                case 'external_navigation':
+                                    // External suggestions (WhatsApp, phone, map, app store, …)
+                                    // emitted by backend after the assistant message.
+                                    externalSuggestions = event.externalSuggestions || event.data?.externalSuggestions || [];
+                                    break;
+                                case 'tool_suggestions':
+                                    // Tool Registry suggestions
+                                    if (onToolSuggestions && event.tools) {
+                                        onToolSuggestions(event.tools, event.conversationId, event.messageId);
+                                    }
+                                    // Tool Data Channel. Fire-and-forget; do NOT await so
+                                    // other stream events aren't blocked while the partner resolver
+                                    // runs. resolveAndPostToolData is fail-soft and bounded by a
+                                    // 3-second timeout.
+                                    if (event.needData && event.toolExecutionId) {
+                                        void this.resolveAndPostToolData(event.toolExecutionId, event.tools || []);
+                                    }
+                                    break;
+                                case 'tool_status':
+                                    // status pill for server-managed tools
+                                    if (onToolStatus) {
+                                        onToolStatus({
+                                            toolKey: event.toolKey,
+                                            message: event.message,
+                                            stage: event.stage,
+                                        });
+                                    }
+                                    break;
+                                case 'tool_result_payload':
+                                    // backend-fetched tool payload to render in widget
+                                    if (onToolResultPayload) {
+                                        onToolResultPayload({
+                                            toolKey: event.toolKey,
+                                            data: event.data,
+                                            uiConfig: event.uiConfig,
+                                        });
+                                    }
+                                    break;
+                                case 'final_chunk':
+                                    // final AI text after server-side tool execution
+                                    if (onFinalChunk && typeof event.content === 'string') {
+                                        onFinalChunk(event.content);
+                                    }
+                                    break;
+                                case 'action_result':
+                                    // Action execution results
+                                    if (onActionResult && event.results) {
+                                        onActionResult(event.results);
+                                    }
+                                    break;
+                                case 'step_completed':
+                                    // Step completed during multi-step tool flow
+                                    if (onStepCompleted) {
+                                        onStepCompleted({ tool: event.tool, step: event.step, data: event.data, actionResults: event.actionResults });
+                                    }
+                                    break;
+                                case 'file_uploaded':
+                                    // Backend confirmed file upload or requests file from user
+                                    if (onFileUploadRequest && event.fileInput) {
+                                        onFileUploadRequest({
+                                            toolId: event.toolId,
+                                            fileInput: event.fileInput,
+                                            submit: async (file) => {
+                                                try {
+                                                    const result = await this.uploadFile(event.toolId, file, event.conversationId);
+                                                    if (result.extraction && onExtractionResult) {
+                                                        onExtractionResult(result.extraction);
+                                                    }
+                                                }
+                                                catch (err) {
+                                                    onError(err instanceof Error ? err : new Error('File upload failed'));
+                                                }
+                                            },
+                                            cancel: () => {
+                                                // No-op — user cancelled file selection
+                                            },
+                                        });
+                                    }
+                                    break;
+                                case 'extraction_result':
+                                    if (onExtractionResult) {
+                                        onExtractionResult({
+                                            fileId: event.fileId,
+                                            toolId: event.toolId,
+                                            data: event.data,
+                                            status: event.status,
+                                            incompleteFields: event.incompleteFields,
+                                        });
+                                    }
+                                    break;
+                                case 'done':
+                                    // Stream complete
+                                    messageId = event.messageId;
+                                    break;
+                                case 'error':
+                                    onError(new Error(event.error));
+                                    return;
+                            }
+                        }
+                        catch {
+                            // Skip malformed JSON silently
+                        }
+                    }
+                }
+            };
+            xhr.onload = () => {
+                if (xhr.status === 200) {
+                    // Call onComplete with full response
+                    onComplete({
+                        id: messageId || `msg-${Date.now()}`,
+                        text: fullResponse,
+                        timestamp: new Date(),
+                        navigationSuggestion,
+                        externalSuggestions: externalSuggestions.length > 0 ? externalSuggestions : undefined,
+                    });
+                }
+                else {
+                    try {
+                        const errorData = JSON.parse(xhr.responseText);
+                        onError(new Error(errorData.message || `HTTP Error: ${xhr.status}`));
+                    }
+                    catch {
+                        onError(new Error(`HTTP Error: ${xhr.status}`));
+                    }
+                }
+            };
+            xhr.onerror = () => {
+                onError(new Error('Network error occurred'));
+            };
+            xhr.ontimeout = () => {
+                onError(new Error('Request timeout'));
+            };
+            xhr.open('POST', `${this.baseURL}/chat/stream`);
+            xhr.setRequestHeader('Content-Type', 'application/json');
+            const securityHeaders = await this.getSecurityHeaders();
+            for (const [key, value] of Object.entries(securityHeaders)) {
+                xhr.setRequestHeader(key, value);
+            }
+            xhr.timeout = this.timeout;
+            xhr.send(JSON.stringify(request));
+        }
+        catch (error) {
+            onError(error instanceof Error
+                ? error
+                : new Error(error.message || 'Stream failed'));
+        }
+    }
+    /**
+    * Post a tool result back to the backend so the AI can continue its turn.
+    * Streams back `final_chunk` and `done` events.
+    */
+    async postToolResult(payload, onFinalChunk, onDone, onError, onCard) {
+        const url = `${this.baseURL}/chat/tool-result`;
+        const headers = await this.getSecurityHeaders();
+        headers['Content-Type'] = 'application/json';
+        return new Promise((resolve) => {
+            const xhr = new XMLHttpRequest();
+            xhr.open('POST', url, true);
+            for (const [k, v] of Object.entries(headers)) {
+                xhr.setRequestHeader(k, v);
+            }
+            let processedLength = 0;
+            let settled = false;
+            const settle = () => {
+                if (!settled) {
+                    settled = true;
+                    resolve();
+                }
+            };
+            xhr.onprogress = () => {
+                const chunk = xhr.responseText.substring(processedLength);
+                processedLength = xhr.responseText.length;
+                if (!chunk)
+                    return;
+                // Parse SSE events line-by-line (match sendMessageStream pattern)
+                const lines = chunk.split('\n');
+                for (const line of lines) {
+                    if (!line.startsWith('data: '))
+                        continue;
+                    const jsonStr = line.slice(6).trim();
+                    if (!jsonStr)
+                        continue;
+                    try {
+                        const event = JSON.parse(jsonStr);
+                        if (event.type === 'final_chunk' && typeof event.content === 'string') {
+                            onFinalChunk(event.content);
+                        }
+                        else if (event.type === 'card' && event.card) {
+                            onCard?.(event.card);
+                        }
+                        else if (event.type === 'done') {
+                            onDone();
+                            settle();
+                            return;
+                        }
+                        else if (event.type === 'error') {
+                            onError(new Error(event.message || 'tool-result error'));
+                            settle();
+                            return;
+                        }
+                    }
+                    catch {
+                        // Skip malformed SSE frames
+                    }
+                }
+            };
+            xhr.onerror = () => {
+                onError(new Error('Network error posting tool result'));
+                settle();
+            };
+            xhr.ontimeout = () => {
+                onError(new Error('Timeout posting tool result'));
+                settle();
+            };
+            xhr.onload = () => {
+                // In case done wasn't emitted but stream ended
+                if (xhr.status >= 400) {
+                    try {
+                        const err = JSON.parse(xhr.responseText);
+                        onError(new Error(err.message || `HTTP Error: ${xhr.status}`));
+                    }
+                    catch {
+                        onError(new Error(`HTTP Error: ${xhr.status}`));
+                    }
+                }
+                settle();
+            };
+            xhr.timeout = this.timeout;
+            xhr.send(JSON.stringify(payload));
+        });
+    }
+    async uploadFile(toolId, file, conversationId) {
+        const formData = new FormData();
+        formData.append('file', {
+            uri: file.uri,
+            name: file.name,
+            type: file.type,
+        });
+        if (conversationId) {
+            formData.append('conversationId', conversationId);
+        }
+        // Forward the device-attestation session token when available so the
+        // server can tie this upload to an attested device.
+        const headers = {
+            'x-platform': react_native_1.Platform.OS,
+            'x-sdk-version': package_json_1.version,
+        };
+        if (this.apiKey) {
+            headers['x-api-key'] = this.apiKey;
+        }
+        if (this.sessionTokenGetter) {
+            const sessionToken = await this.sessionTokenGetter();
+            if (sessionToken) {
+                headers['Authorization'] = `Bearer ${sessionToken}`;
+            }
+        }
+        const response = await this.fetchWithRefresh(`${this.baseURL}/tools-v2/${toolId}/files/upload`, {
+            method: 'POST',
+            headers,
+            body: formData,
+        });
+        if (!response.ok) {
+            const error = await response.json().catch(() => ({ message: 'Upload failed' }));
+            throw new Error(error.message || `Upload failed: ${response.status}`);
+        }
+        return response.json();
+    }
+}
+exports.BackendService = BackendService;