@realtimex/sdk 1.3.5-rc.2 → 1.3.6

package/dist/index.d.mts

@@ -1383,6 +1383,88 @@ declare class ContractRuntime implements ContractRuntimeInterface {
     private toFailedResult;
 }
 
+/**
+ * Database Module - Retrieve Supabase config from RealtimeX Main App
+ *
+ * Allows Local Apps to fetch their database configuration (URL, anonKey, mode)
+ * without hardcoding them.
+ */
+interface DatabaseConfig {
+    url: string;
+    anonKey: string;
+    mode: 'compatible' | 'custom';
+    tables: string[];
+    max_concurrent_tasks: number;
+}
+declare class DatabaseModule {
+    private baseUrl;
+    private appId;
+    private apiKey?;
+    constructor(realtimexUrl: string, appId: string, apiKey?: string);
+    private getHeaders;
+    /**
+     * Get the Supabase database configuration for this app.
+     * Returns URL, anonKey, mode, and tables.
+     *
+     * @example
+     * ```ts
+     * const config = await sdk.database.getConfig();
+     * const supabase = createClient(config.url, config.anonKey);
+     * ```
+     */
+    getConfig(): Promise<DatabaseConfig>;
+}
+
+/**
+ * Auth Module - Authentication helpers for RealtimeX SDK
+ *
+ * Provides:
+ * - syncSupabaseToken(): Push Supabase JWT to Main App for RLS-aware operations
+ * - getAccessToken(): Retrieve the Keycloak access token from Main App (existing endpoint)
+ */
+interface AuthTokenResponse {
+    token: string;
+    hasToken: boolean;
+    syncedAt: string | null;
+    source: string | null;
+}
+interface SyncTokenResponse {
+    success: boolean;
+    message: string;
+    hasToken: boolean;
+    syncedAt: string | null;
+    source: string | null;
+}
+declare class AuthModule {
+    private baseUrl;
+    private appId;
+    private apiKey?;
+    constructor(realtimexUrl: string, appId: string, apiKey?: string);
+    private getHeaders;
+    /**
+     * Push a Supabase access token to the Main App.
+     * This enables Main App to use the token for:
+     * - Realtime subscriptions (bypass RLS)
+     * - CRUD operations on rtx_activities (bypass RLS)
+     *
+     * @param token - Supabase JWT from supabase.auth.signIn()
+     *
+     * @example
+     * ```ts
+     * const { data } = await supabase.auth.signInWithPassword({ email, password });
+     * await sdk.auth.syncSupabaseToken(data.session.access_token);
+     * ```
+     */
+    syncSupabaseToken(token: string): Promise<SyncTokenResponse>;
+    /**
+     * Retrieve the current Keycloak access token from Main App.
+     * This is the existing Token Vending Machine endpoint.
+     *
+     * @returns The access token info, or null if no token is available.
+     */
+    getAccessToken(): Promise<AuthTokenResponse | null>;
+}
+
 interface ContractHttpClientConfig {
     baseUrl: string;
     appId?: string;
@@ -1707,6 +1789,8 @@ declare class RealtimeXSDK {
     mcp: MCPModule;
     contract: ContractModule;
     contractRuntime: ContractRuntime;
+    database: DatabaseModule;
+    auth: AuthModule;
     readonly appId: string;
     readonly appName: string | undefined;
     readonly apiKey: string | undefined;
@@ -1741,4 +1825,4 @@ declare class RealtimeXSDK {
     getAppDataDir(): Promise<string>;
 }
 
-export { type ACPAdapterContext, type ACPAdapterTelemetryEvent, type ACPAdapterTelemetrySink, ACPContractAdapter, type ACPContractAdapterOptions, type ACPContractRuntime, ACPEventMapper, type ACPExecutionReference, type ACPNotifier, ACPPermissionBridge, type ACPSessionToolUpdate, type ACPSessionUpdateParams, ACPTelemetry, type ACPTextContent, type ACPToolInvocation, type ACPToolKind, type ACPToolStatus, ActivitiesModule, type Activity, type Agent, type AgentChatOptions, type AgentChatResponse, AgentModule, type AgentSession, type AgentSessionInfo, type AgentSessionOptions, ApiModule, type AuthProvider, CONTRACT_ATTEMPT_PREFIX, CONTRACT_EVENT_ID_HEADER, CONTRACT_SIGNATURE_ALGORITHM, CONTRACT_SIGNATURE_HEADER, type CanonicalToolDefinition, type ChatContentBlock, type ChatCustomBlock, type ChatFileBlock, type ChatImageUrlBlock, type ChatMessage, type ChatMessageContent, type ChatOptions, type ChatResponse, type ChatTextBlock, ClaudeToolAdapter, type ClaudeToolCall, type ClaudeToolDefinition, type ClaudeToolResult, CodexToolAdapter, type CodexToolCall, type CodexToolDefinition, type CodexToolResult, ContractCache, type ContractCallbackMetadata, type ContractCallbackRules, type ContractCapability, type ContractCapabilityTrigger, ContractClient, type ContractClientOptions, type ContractDiscoveryResponse, ContractError, type ContractEventType, ContractHttpClient, type ContractHttpClientConfig, ContractModule, ContractRuntime, type ContractRuntimeInterface, type ContractRuntimeOptions, type ContractSignInput, type ContractStrictness, ContractValidationError, type EmbedOptions, type EmbedResponse, type ExecutionContext, type ExecutionResult, type GeminiFunctionDeclaration, GeminiToolAdapter, type GeminiToolCall, type GeminiToolResult, type GetToolsInput, type HostToolAdapter, type IngestExecutionEventInput, LLMModule, LLMPermissionError, LLMProviderError, LOCAL_APP_CONTRACT_VERSION, type LegacyLocalAppContractShape, type LifecycleEventType, type LocalAppContractDefinition, type LocalAppContractResponse, type LocalAppContractV1, MCPModule, type MCPServer, type MCPTool, type MCPToolResult, PermissionDeniedError, type PermissionOption, PermissionRequiredError, PortModule, type ProjectToolsInput, type Provider, type ProviderKind, type ProvidersResponse, RealtimeXSDK, RetryPolicy, type RetryPolicyOptions, type RuntimeExecutionEvent, RuntimeTransportError, type SDKConfig, type STTListenOptions, type STTModel, type STTModelsResponse, STTModule, type STTProvider, type STTProvidersResponse, type STTResponse, ScopeDeniedError, ScopeGuard, StaticAuthProvider, type StaticAuthProviderOptions, type StreamChunk, type StreamChunkEvent, type TTSChunk, type TTSChunkEvent, TTSModule, type TTSOptions, type TTSProvider, type TTSProviderConfig, type TTSProvidersResponse, type Task, TaskModule, type TaskRun, type Thread, type ToolCall, ToolNotFoundError, ToolProjector, ToolValidationError, type TriggerAgentPayload, type TriggerAgentResponse, type VectorDeleteOptions, type VectorDeleteResponse, type VectorQueryOptions, type VectorQueryResponse, type VectorQueryResult, type VectorRecord, VectorStore, type VectorUpsertOptions, type VectorUpsertResponse, WebhookModule, type Workspace, buildContractIdempotencyKey, buildContractSignatureMessage, canonicalEventToLegacyAction, createContractEventId, hashContractPayload, normalizeAttemptId, normalizeContractEvent, normalizeLocalAppContractV1, normalizeSchema, parseAttemptRunId, signContractEvent, toStableToolName };
+export { type ACPAdapterContext, type ACPAdapterTelemetryEvent, type ACPAdapterTelemetrySink, ACPContractAdapter, type ACPContractAdapterOptions, type ACPContractRuntime, ACPEventMapper, type ACPExecutionReference, type ACPNotifier, ACPPermissionBridge, type ACPSessionToolUpdate, type ACPSessionUpdateParams, ACPTelemetry, type ACPTextContent, type ACPToolInvocation, type ACPToolKind, type ACPToolStatus, ActivitiesModule, type Activity, type Agent, type AgentChatOptions, type AgentChatResponse, AgentModule, type AgentSession, type AgentSessionInfo, type AgentSessionOptions, ApiModule, AuthModule, type AuthProvider, type AuthTokenResponse, CONTRACT_ATTEMPT_PREFIX, CONTRACT_EVENT_ID_HEADER, CONTRACT_SIGNATURE_ALGORITHM, CONTRACT_SIGNATURE_HEADER, type CanonicalToolDefinition, type ChatContentBlock, type ChatCustomBlock, type ChatFileBlock, type ChatImageUrlBlock, type ChatMessage, type ChatMessageContent, type ChatOptions, type ChatResponse, type ChatTextBlock, ClaudeToolAdapter, type ClaudeToolCall, type ClaudeToolDefinition, type ClaudeToolResult, CodexToolAdapter, type CodexToolCall, type CodexToolDefinition, type CodexToolResult, ContractCache, type ContractCallbackMetadata, type ContractCallbackRules, type ContractCapability, type ContractCapabilityTrigger, ContractClient, type ContractClientOptions, type ContractDiscoveryResponse, ContractError, type ContractEventType, ContractHttpClient, type ContractHttpClientConfig, ContractModule, ContractRuntime, type ContractRuntimeInterface, type ContractRuntimeOptions, type ContractSignInput, type ContractStrictness, ContractValidationError, type DatabaseConfig, DatabaseModule, type EmbedOptions, type EmbedResponse, type ExecutionContext, type ExecutionResult, type GeminiFunctionDeclaration, GeminiToolAdapter, type GeminiToolCall, type GeminiToolResult, type GetToolsInput, type HostToolAdapter, type IngestExecutionEventInput, LLMModule, LLMPermissionError, LLMProviderError, LOCAL_APP_CONTRACT_VERSION, type LegacyLocalAppContractShape, type LifecycleEventType, type LocalAppContractDefinition, type LocalAppContractResponse, type LocalAppContractV1, MCPModule, type MCPServer, type MCPTool, type MCPToolResult, PermissionDeniedError, type PermissionOption, PermissionRequiredError, PortModule, type ProjectToolsInput, type Provider, type ProviderKind, type ProvidersResponse, RealtimeXSDK, RetryPolicy, type RetryPolicyOptions, type RuntimeExecutionEvent, RuntimeTransportError, type SDKConfig, type STTListenOptions, type STTModel, type STTModelsResponse, STTModule, type STTProvider, type STTProvidersResponse, type STTResponse, ScopeDeniedError, ScopeGuard, StaticAuthProvider, type StaticAuthProviderOptions, type StreamChunk, type StreamChunkEvent, type SyncTokenResponse, type TTSChunk, type TTSChunkEvent, TTSModule, type TTSOptions, type TTSProvider, type TTSProviderConfig, type TTSProvidersResponse, type Task, TaskModule, type TaskRun, type Thread, type ToolCall, ToolNotFoundError, ToolProjector, ToolValidationError, type TriggerAgentPayload, type TriggerAgentResponse, type VectorDeleteOptions, type VectorDeleteResponse, type VectorQueryOptions, type VectorQueryResponse, type VectorQueryResult, type VectorRecord, VectorStore, type VectorUpsertOptions, type VectorUpsertResponse, WebhookModule, type Workspace, buildContractIdempotencyKey, buildContractSignatureMessage, canonicalEventToLegacyAction, createContractEventId, hashContractPayload, normalizeAttemptId, normalizeContractEvent, normalizeLocalAppContractV1, normalizeSchema, parseAttemptRunId, signContractEvent, toStableToolName };

package/dist/index.d.ts

@@ -1383,6 +1383,88 @@ declare class ContractRuntime implements ContractRuntimeInterface {
     private toFailedResult;
 }
 
+/**
+ * Database Module - Retrieve Supabase config from RealtimeX Main App
+ *
+ * Allows Local Apps to fetch their database configuration (URL, anonKey, mode)
+ * without hardcoding them.
+ */
+interface DatabaseConfig {
+    url: string;
+    anonKey: string;
+    mode: 'compatible' | 'custom';
+    tables: string[];
+    max_concurrent_tasks: number;
+}
+declare class DatabaseModule {
+    private baseUrl;
+    private appId;
+    private apiKey?;
+    constructor(realtimexUrl: string, appId: string, apiKey?: string);
+    private getHeaders;
+    /**
+     * Get the Supabase database configuration for this app.
+     * Returns URL, anonKey, mode, and tables.
+     *
+     * @example
+     * ```ts
+     * const config = await sdk.database.getConfig();
+     * const supabase = createClient(config.url, config.anonKey);
+     * ```
+     */
+    getConfig(): Promise<DatabaseConfig>;
+}
+
+/**
+ * Auth Module - Authentication helpers for RealtimeX SDK
+ *
+ * Provides:
+ * - syncSupabaseToken(): Push Supabase JWT to Main App for RLS-aware operations
+ * - getAccessToken(): Retrieve the Keycloak access token from Main App (existing endpoint)
+ */
+interface AuthTokenResponse {
+    token: string;
+    hasToken: boolean;
+    syncedAt: string | null;
+    source: string | null;
+}
+interface SyncTokenResponse {
+    success: boolean;
+    message: string;
+    hasToken: boolean;
+    syncedAt: string | null;
+    source: string | null;
+}
+declare class AuthModule {
+    private baseUrl;
+    private appId;
+    private apiKey?;
+    constructor(realtimexUrl: string, appId: string, apiKey?: string);
+    private getHeaders;
+    /**
+     * Push a Supabase access token to the Main App.
+     * This enables Main App to use the token for:
+     * - Realtime subscriptions (bypass RLS)
+     * - CRUD operations on rtx_activities (bypass RLS)
+     *
+     * @param token - Supabase JWT from supabase.auth.signIn()
+     *
+     * @example
+     * ```ts
+     * const { data } = await supabase.auth.signInWithPassword({ email, password });
+     * await sdk.auth.syncSupabaseToken(data.session.access_token);
+     * ```
+     */
+    syncSupabaseToken(token: string): Promise<SyncTokenResponse>;
+    /**
+     * Retrieve the current Keycloak access token from Main App.
+     * This is the existing Token Vending Machine endpoint.
+     *
+     * @returns The access token info, or null if no token is available.
+     */
+    getAccessToken(): Promise<AuthTokenResponse | null>;
+}
+
 interface ContractHttpClientConfig {
     baseUrl: string;
     appId?: string;
@@ -1707,6 +1789,8 @@ declare class RealtimeXSDK {
     mcp: MCPModule;
     contract: ContractModule;
     contractRuntime: ContractRuntime;
+    database: DatabaseModule;
+    auth: AuthModule;
     readonly appId: string;
     readonly appName: string | undefined;
     readonly apiKey: string | undefined;
@@ -1741,4 +1825,4 @@ declare class RealtimeXSDK {
     getAppDataDir(): Promise<string>;
 }
 
-export { type ACPAdapterContext, type ACPAdapterTelemetryEvent, type ACPAdapterTelemetrySink, ACPContractAdapter, type ACPContractAdapterOptions, type ACPContractRuntime, ACPEventMapper, type ACPExecutionReference, type ACPNotifier, ACPPermissionBridge, type ACPSessionToolUpdate, type ACPSessionUpdateParams, ACPTelemetry, type ACPTextContent, type ACPToolInvocation, type ACPToolKind, type ACPToolStatus, ActivitiesModule, type Activity, type Agent, type AgentChatOptions, type AgentChatResponse, AgentModule, type AgentSession, type AgentSessionInfo, type AgentSessionOptions, ApiModule, type AuthProvider, CONTRACT_ATTEMPT_PREFIX, CONTRACT_EVENT_ID_HEADER, CONTRACT_SIGNATURE_ALGORITHM, CONTRACT_SIGNATURE_HEADER, type CanonicalToolDefinition, type ChatContentBlock, type ChatCustomBlock, type ChatFileBlock, type ChatImageUrlBlock, type ChatMessage, type ChatMessageContent, type ChatOptions, type ChatResponse, type ChatTextBlock, ClaudeToolAdapter, type ClaudeToolCall, type ClaudeToolDefinition, type ClaudeToolResult, CodexToolAdapter, type CodexToolCall, type CodexToolDefinition, type CodexToolResult, ContractCache, type ContractCallbackMetadata, type ContractCallbackRules, type ContractCapability, type ContractCapabilityTrigger, ContractClient, type ContractClientOptions, type ContractDiscoveryResponse, ContractError, type ContractEventType, ContractHttpClient, type ContractHttpClientConfig, ContractModule, ContractRuntime, type ContractRuntimeInterface, type ContractRuntimeOptions, type ContractSignInput, type ContractStrictness, ContractValidationError, type EmbedOptions, type EmbedResponse, type ExecutionContext, type ExecutionResult, type GeminiFunctionDeclaration, GeminiToolAdapter, type GeminiToolCall, type GeminiToolResult, type GetToolsInput, type HostToolAdapter, type IngestExecutionEventInput, LLMModule, LLMPermissionError, LLMProviderError, LOCAL_APP_CONTRACT_VERSION, type LegacyLocalAppContractShape, type LifecycleEventType, type LocalAppContractDefinition, type LocalAppContractResponse, type LocalAppContractV1, MCPModule, type MCPServer, type MCPTool, type MCPToolResult, PermissionDeniedError, type PermissionOption, PermissionRequiredError, PortModule, type ProjectToolsInput, type Provider, type ProviderKind, type ProvidersResponse, RealtimeXSDK, RetryPolicy, type RetryPolicyOptions, type RuntimeExecutionEvent, RuntimeTransportError, type SDKConfig, type STTListenOptions, type STTModel, type STTModelsResponse, STTModule, type STTProvider, type STTProvidersResponse, type STTResponse, ScopeDeniedError, ScopeGuard, StaticAuthProvider, type StaticAuthProviderOptions, type StreamChunk, type StreamChunkEvent, type TTSChunk, type TTSChunkEvent, TTSModule, type TTSOptions, type TTSProvider, type TTSProviderConfig, type TTSProvidersResponse, type Task, TaskModule, type TaskRun, type Thread, type ToolCall, ToolNotFoundError, ToolProjector, ToolValidationError, type TriggerAgentPayload, type TriggerAgentResponse, type VectorDeleteOptions, type VectorDeleteResponse, type VectorQueryOptions, type VectorQueryResponse, type VectorQueryResult, type VectorRecord, VectorStore, type VectorUpsertOptions, type VectorUpsertResponse, WebhookModule, type Workspace, buildContractIdempotencyKey, buildContractSignatureMessage, canonicalEventToLegacyAction, createContractEventId, hashContractPayload, normalizeAttemptId, normalizeContractEvent, normalizeLocalAppContractV1, normalizeSchema, parseAttemptRunId, signContractEvent, toStableToolName };
+export { type ACPAdapterContext, type ACPAdapterTelemetryEvent, type ACPAdapterTelemetrySink, ACPContractAdapter, type ACPContractAdapterOptions, type ACPContractRuntime, ACPEventMapper, type ACPExecutionReference, type ACPNotifier, ACPPermissionBridge, type ACPSessionToolUpdate, type ACPSessionUpdateParams, ACPTelemetry, type ACPTextContent, type ACPToolInvocation, type ACPToolKind, type ACPToolStatus, ActivitiesModule, type Activity, type Agent, type AgentChatOptions, type AgentChatResponse, AgentModule, type AgentSession, type AgentSessionInfo, type AgentSessionOptions, ApiModule, AuthModule, type AuthProvider, type AuthTokenResponse, CONTRACT_ATTEMPT_PREFIX, CONTRACT_EVENT_ID_HEADER, CONTRACT_SIGNATURE_ALGORITHM, CONTRACT_SIGNATURE_HEADER, type CanonicalToolDefinition, type ChatContentBlock, type ChatCustomBlock, type ChatFileBlock, type ChatImageUrlBlock, type ChatMessage, type ChatMessageContent, type ChatOptions, type ChatResponse, type ChatTextBlock, ClaudeToolAdapter, type ClaudeToolCall, type ClaudeToolDefinition, type ClaudeToolResult, CodexToolAdapter, type CodexToolCall, type CodexToolDefinition, type CodexToolResult, ContractCache, type ContractCallbackMetadata, type ContractCallbackRules, type ContractCapability, type ContractCapabilityTrigger, ContractClient, type ContractClientOptions, type ContractDiscoveryResponse, ContractError, type ContractEventType, ContractHttpClient, type ContractHttpClientConfig, ContractModule, ContractRuntime, type ContractRuntimeInterface, type ContractRuntimeOptions, type ContractSignInput, type ContractStrictness, ContractValidationError, type DatabaseConfig, DatabaseModule, type EmbedOptions, type EmbedResponse, type ExecutionContext, type ExecutionResult, type GeminiFunctionDeclaration, GeminiToolAdapter, type GeminiToolCall, type GeminiToolResult, type GetToolsInput, type HostToolAdapter, type IngestExecutionEventInput, LLMModule, LLMPermissionError, LLMProviderError, LOCAL_APP_CONTRACT_VERSION, type LegacyLocalAppContractShape, type LifecycleEventType, type LocalAppContractDefinition, type LocalAppContractResponse, type LocalAppContractV1, MCPModule, type MCPServer, type MCPTool, type MCPToolResult, PermissionDeniedError, type PermissionOption, PermissionRequiredError, PortModule, type ProjectToolsInput, type Provider, type ProviderKind, type ProvidersResponse, RealtimeXSDK, RetryPolicy, type RetryPolicyOptions, type RuntimeExecutionEvent, RuntimeTransportError, type SDKConfig, type STTListenOptions, type STTModel, type STTModelsResponse, STTModule, type STTProvider, type STTProvidersResponse, type STTResponse, ScopeDeniedError, ScopeGuard, StaticAuthProvider, type StaticAuthProviderOptions, type StreamChunk, type StreamChunkEvent, type SyncTokenResponse, type TTSChunk, type TTSChunkEvent, TTSModule, type TTSOptions, type TTSProvider, type TTSProviderConfig, type TTSProvidersResponse, type Task, TaskModule, type TaskRun, type Thread, type ToolCall, ToolNotFoundError, ToolProjector, ToolValidationError, type TriggerAgentPayload, type TriggerAgentResponse, type VectorDeleteOptions, type VectorDeleteResponse, type VectorQueryOptions, type VectorQueryResponse, type VectorQueryResult, type VectorRecord, VectorStore, type VectorUpsertOptions, type VectorUpsertResponse, WebhookModule, type Workspace, buildContractIdempotencyKey, buildContractSignatureMessage, canonicalEventToLegacyAction, createContractEventId, hashContractPayload, normalizeAttemptId, normalizeContractEvent, normalizeLocalAppContractV1, normalizeSchema, parseAttemptRunId, signContractEvent, toStableToolName };

package/dist/index.js

@@ -37,6 +37,7 @@ __export(index_exports, {
   ActivitiesModule: () => ActivitiesModule,
   AgentModule: () => AgentModule,
   ApiModule: () => ApiModule,
+  AuthModule: () => AuthModule,
   CONTRACT_ATTEMPT_PREFIX: () => CONTRACT_ATTEMPT_PREFIX,
   CONTRACT_EVENT_ID_HEADER: () => CONTRACT_EVENT_ID_HEADER,
   CONTRACT_SIGNATURE_ALGORITHM: () => CONTRACT_SIGNATURE_ALGORITHM,
@@ -50,6 +51,7 @@ __export(index_exports, {
   ContractModule: () => ContractModule,
   ContractRuntime: () => ContractRuntime,
   ContractValidationError: () => ContractValidationError,
+  DatabaseModule: () => DatabaseModule,
   GeminiToolAdapter: () => GeminiToolAdapter,
   LLMModule: () => LLMModule,
   LLMPermissionError: () => LLMPermissionError,
@@ -2621,6 +2623,118 @@ var ContractRuntime = class {
   }
 };
 
+// src/modules/database.ts
+var DatabaseModule = class {
+  constructor(realtimexUrl, appId, apiKey) {
+    this.baseUrl = realtimexUrl.replace(/\/$/, "");
+    this.appId = appId;
+    this.apiKey = apiKey;
+  }
+  getHeaders() {
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this.apiKey) {
+      headers["Authorization"] = `Bearer ${this.apiKey}`;
+    }
+    if (this.appId) {
+      headers["x-app-id"] = this.appId;
+    }
+    return headers;
+  }
+  /**
+   * Get the Supabase database configuration for this app.
+   * Returns URL, anonKey, mode, and tables.
+   *
+   * @example
+   * ```ts
+   * const config = await sdk.database.getConfig();
+   * const supabase = createClient(config.url, config.anonKey);
+   * ```
+   */
+  async getConfig() {
+    const response = await fetch(`${this.baseUrl}/sdk/database/config`, {
+      method: "GET",
+      headers: this.getHeaders()
+    });
+    const data = await response.json();
+    if (!response.ok) {
+      throw new Error(data.error || "Failed to get database config");
+    }
+    return data.config;
+  }
+};
+
+// src/modules/auth.ts
+var AuthModule = class {
+  constructor(realtimexUrl, appId, apiKey) {
+    this.baseUrl = realtimexUrl.replace(/\/$/, "");
+    this.appId = appId;
+    this.apiKey = apiKey;
+  }
+  getHeaders() {
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this.apiKey) {
+      headers["Authorization"] = `Bearer ${this.apiKey}`;
+    }
+    if (this.appId) {
+      headers["x-app-id"] = this.appId;
+    }
+    return headers;
+  }
+  /**
+   * Push a Supabase access token to the Main App.
+   * This enables Main App to use the token for:
+   * - Realtime subscriptions (bypass RLS)
+   * - CRUD operations on rtx_activities (bypass RLS)
+   *
+   * @param token - Supabase JWT from supabase.auth.signIn()
+   *
+   * @example
+   * ```ts
+   * const { data } = await supabase.auth.signInWithPassword({ email, password });
+   * await sdk.auth.syncSupabaseToken(data.session.access_token);
+   * ```
+   */
+  async syncSupabaseToken(token) {
+    if (!token || typeof token !== "string") {
+      throw new Error("Token must be a non-empty string");
+    }
+    const response = await fetch(`${this.baseUrl}/sdk/auth/sync-supabase-token`, {
+      method: "POST",
+      headers: this.getHeaders(),
+      body: JSON.stringify({ token })
+    });
+    const data = await response.json();
+    if (!response.ok) {
+      throw new Error(data.error || "Failed to sync Supabase token");
+    }
+    return data;
+  }
+  /**
+   * Retrieve the current Keycloak access token from Main App.
+   * This is the existing Token Vending Machine endpoint.
+   *
+   * @returns The access token info, or null if no token is available.
+   */
+  async getAccessToken() {
+    const response = await fetch(`${this.baseUrl}/sdk/auth/token`, {
+      method: "GET",
+      headers: this.getHeaders()
+    });
+    const data = await response.json();
+    if (response.status === 404) {
+      return null;
+    }
+    if (!response.ok) {
+      throw new Error(data.error || "Failed to get access token");
+    }
+    return data;
+  }
+};
+
 // src/core/auth/AuthProvider.ts
 var StaticAuthProvider = class {
   constructor(options = {}) {
@@ -3315,6 +3429,8 @@ var _RealtimeXSDK = class _RealtimeXSDK {
       apiKey: this.apiKey,
       permissions: this.permissions
     });
+    this.database = new DatabaseModule(this.realtimexUrl, this.appId, this.apiKey);
+    this.auth = new AuthModule(this.realtimexUrl, this.appId, this.apiKey);
     if (this.permissions.length > 0 && this.appId && !this.apiKey) {
       this.register().catch((err) => {
         console.error("[RealtimeX SDK] Auto-registration failed:", err.message);
@@ -3423,6 +3539,7 @@ var RealtimeXSDK = _RealtimeXSDK;
   ActivitiesModule,
   AgentModule,
   ApiModule,
+  AuthModule,
   CONTRACT_ATTEMPT_PREFIX,
   CONTRACT_EVENT_ID_HEADER,
   CONTRACT_SIGNATURE_ALGORITHM,
@@ -3436,6 +3553,7 @@ var RealtimeXSDK = _RealtimeXSDK;
   ContractModule,
   ContractRuntime,
   ContractValidationError,
+  DatabaseModule,
   GeminiToolAdapter,
   LLMModule,
   LLMPermissionError,

package/dist/index.mjs

@@ -2531,6 +2531,118 @@ var ContractRuntime = class {
   }
 };
 
+// src/modules/database.ts
+var DatabaseModule = class {
+  constructor(realtimexUrl, appId, apiKey) {
+    this.baseUrl = realtimexUrl.replace(/\/$/, "");
+    this.appId = appId;
+    this.apiKey = apiKey;
+  }
+  getHeaders() {
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this.apiKey) {
+      headers["Authorization"] = `Bearer ${this.apiKey}`;
+    }
+    if (this.appId) {
+      headers["x-app-id"] = this.appId;
+    }
+    return headers;
+  }
+  /**
+   * Get the Supabase database configuration for this app.
+   * Returns URL, anonKey, mode, and tables.
+   *
+   * @example
+   * ```ts
+   * const config = await sdk.database.getConfig();
+   * const supabase = createClient(config.url, config.anonKey);
+   * ```
+   */
+  async getConfig() {
+    const response = await fetch(`${this.baseUrl}/sdk/database/config`, {
+      method: "GET",
+      headers: this.getHeaders()
+    });
+    const data = await response.json();
+    if (!response.ok) {
+      throw new Error(data.error || "Failed to get database config");
+    }
+    return data.config;
+  }
+};
+
+// src/modules/auth.ts
+var AuthModule = class {
+  constructor(realtimexUrl, appId, apiKey) {
+    this.baseUrl = realtimexUrl.replace(/\/$/, "");
+    this.appId = appId;
+    this.apiKey = apiKey;
+  }
+  getHeaders() {
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this.apiKey) {
+      headers["Authorization"] = `Bearer ${this.apiKey}`;
+    }
+    if (this.appId) {
+      headers["x-app-id"] = this.appId;
+    }
+    return headers;
+  }
+  /**
+   * Push a Supabase access token to the Main App.
+   * This enables Main App to use the token for:
+   * - Realtime subscriptions (bypass RLS)
+   * - CRUD operations on rtx_activities (bypass RLS)
+   *
+   * @param token - Supabase JWT from supabase.auth.signIn()
+   *
+   * @example
+   * ```ts
+   * const { data } = await supabase.auth.signInWithPassword({ email, password });
+   * await sdk.auth.syncSupabaseToken(data.session.access_token);
+   * ```
+   */
+  async syncSupabaseToken(token) {
+    if (!token || typeof token !== "string") {
+      throw new Error("Token must be a non-empty string");
+    }
+    const response = await fetch(`${this.baseUrl}/sdk/auth/sync-supabase-token`, {
+      method: "POST",
+      headers: this.getHeaders(),
+      body: JSON.stringify({ token })
+    });
+    const data = await response.json();
+    if (!response.ok) {
+      throw new Error(data.error || "Failed to sync Supabase token");
+    }
+    return data;
+  }
+  /**
+   * Retrieve the current Keycloak access token from Main App.
+   * This is the existing Token Vending Machine endpoint.
+   *
+   * @returns The access token info, or null if no token is available.
+   */
+  async getAccessToken() {
+    const response = await fetch(`${this.baseUrl}/sdk/auth/token`, {
+      method: "GET",
+      headers: this.getHeaders()
+    });
+    const data = await response.json();
+    if (response.status === 404) {
+      return null;
+    }
+    if (!response.ok) {
+      throw new Error(data.error || "Failed to get access token");
+    }
+    return data;
+  }
+};
+
 // src/core/auth/AuthProvider.ts
 var StaticAuthProvider = class {
   constructor(options = {}) {
@@ -3225,6 +3337,8 @@ var _RealtimeXSDK = class _RealtimeXSDK {
       apiKey: this.apiKey,
       permissions: this.permissions
     });
+    this.database = new DatabaseModule(this.realtimexUrl, this.appId, this.apiKey);
+    this.auth = new AuthModule(this.realtimexUrl, this.appId, this.apiKey);
     if (this.permissions.length > 0 && this.appId && !this.apiKey) {
       this.register().catch((err) => {
         console.error("[RealtimeX SDK] Auto-registration failed:", err.message);
@@ -3332,6 +3446,7 @@ export {
   ActivitiesModule,
   AgentModule,
   ApiModule,
+  AuthModule,
   CONTRACT_ATTEMPT_PREFIX,
   CONTRACT_EVENT_ID_HEADER,
   CONTRACT_SIGNATURE_ALGORITHM,
@@ -3345,6 +3460,7 @@ export {
   ContractModule,
   ContractRuntime,
   ContractValidationError,
+  DatabaseModule,
   GeminiToolAdapter,
   LLMModule,
   LLMPermissionError,

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@realtimex/sdk",
-    "version": "1.3.5-rc.2",
+    "version": "1.3.6",
     "description": "SDK for building Local Apps that integrate with RealtimeX",
     "main": "dist/index.js",
     "module": "dist/index.mjs",