@realtimex/sdk 1.3.5-rc.2 → 1.3.7-rc.1

package/dist/index.d.mts

@@ -41,6 +41,7 @@ interface TriggerAgentResponse {
     success: boolean;
     task_uuid?: string;
     task_id?: string;
+    capability_id?: string;
     event_id?: string;
     attempt_id?: string;
     event_type?: ContractEventType | string;
@@ -59,21 +60,72 @@ interface ContractCallbackMetadata {
     attempt_id_format?: string;
     idempotency?: string;
 }
+interface ContractCapabilityTrigger$1 {
+    event: string;
+    route?: string;
+    payload_template?: Record<string, unknown>;
+}
+interface ContractCapability$1 {
+    capability_id: string;
+    name: string;
+    description?: string;
+    input_schema: Record<string, unknown>;
+    output_schema?: Record<string, unknown>;
+    permission?: string;
+    trigger?: ContractCapabilityTrigger$1;
+    tags?: string[];
+    examples?: string[];
+    risk_level?: 'low' | 'medium' | 'high' | null;
+    enabled?: boolean;
+}
 interface LocalAppContractDefinition {
     id: string;
     version: string;
+    strictness?: 'compatible' | 'strict';
     events: Record<string, ContractEventType>;
     supported_events: ContractEventType[];
     supported_legacy_events: string[];
     aliases: Record<string, ContractEventType>;
     status_map: Record<string, string>;
     legacy_action_map: Record<ContractEventType, string>;
+    catalog_hash?: string;
+    capability_count?: number;
+    capabilities?: ContractCapability$1[];
     callback?: ContractCallbackMetadata;
 }
 interface LocalAppContractResponse {
     success: boolean;
     contract: LocalAppContractDefinition;
 }
+interface LocalAppCapabilitiesResponse {
+    success: boolean;
+    contract_version: string;
+    strictness?: 'compatible' | 'strict';
+    catalog_hash?: string;
+    count: number;
+    capabilities: ContractCapability$1[];
+}
+interface LocalAppCapabilitySearchResponse extends LocalAppCapabilitiesResponse {
+    query: string;
+}
+interface LocalAppCapabilityDetailResponse {
+    success: boolean;
+    contract_version: string;
+    strictness?: 'compatible' | 'strict';
+    catalog_hash?: string;
+    capability: ContractCapability$1;
+}
+interface ContractInvokePayload {
+    capability_id: string;
+    args?: Record<string, unknown>;
+    auto_run?: boolean;
+    agent_name?: string;
+    workspace_slug?: string;
+    thread_slug?: string;
+    prompt?: string;
+    event_id?: string;
+    attempt_id?: string | number;
+}
 interface Agent {
     slug: string;
     name: string;
@@ -1170,10 +1222,19 @@ declare class ContractModule {
     private readonly appId?;
     private readonly apiKey?;
     private cachedContract;
+    private cachedCapabilities;
+    private cachedCapabilityCatalogHash;
     constructor(realtimexUrl: string, appName?: string, appId?: string, apiKey?: string);
     private requestPermission;
     private request;
     getLocalAppV1(forceRefresh?: boolean): Promise<LocalAppContractDefinition>;
+    listCapabilities(forceRefresh?: boolean): Promise<ContractCapability$1[]>;
+    searchCapabilities(query: string): Promise<ContractCapability$1[]>;
+    describeCapability(capabilityId: string): Promise<ContractCapability$1>;
+    search(query: string): Promise<ContractCapability$1[]>;
+    describe(capabilityId: string): Promise<ContractCapability$1>;
+    invoke(payload: ContractInvokePayload): Promise<TriggerAgentResponse>;
+    getCachedCatalogHash(): string | null;
     clearCache(): void;
 }
 
@@ -1383,6 +1444,88 @@ declare class ContractRuntime implements ContractRuntimeInterface {
     private toFailedResult;
 }
 
+/**
+ * Database Module - Retrieve Supabase config from RealtimeX Main App
+ *
+ * Allows Local Apps to fetch their database configuration (URL, anonKey, mode)
+ * without hardcoding them.
+ */
+interface DatabaseConfig {
+    url: string;
+    anonKey: string;
+    mode: 'compatible' | 'custom';
+    tables: string[];
+    max_concurrent_tasks: number;
+}
+declare class DatabaseModule {
+    private baseUrl;
+    private appId;
+    private apiKey?;
+    constructor(realtimexUrl: string, appId: string, apiKey?: string);
+    private getHeaders;
+    /**
+     * Get the Supabase database configuration for this app.
+     * Returns URL, anonKey, mode, and tables.
+     *
+     * @example
+     * ```ts
+     * const config = await sdk.database.getConfig();
+     * const supabase = createClient(config.url, config.anonKey);
+     * ```
+     */
+    getConfig(): Promise<DatabaseConfig>;
+}
+
+/**
+ * Auth Module - Authentication helpers for RealtimeX SDK
+ *
+ * Provides:
+ * - syncSupabaseToken(): Push Supabase JWT to Main App for RLS-aware operations
+ * - getAccessToken(): Retrieve the Keycloak access token from Main App (existing endpoint)
+ */
+interface AuthTokenResponse {
+    token: string;
+    hasToken: boolean;
+    syncedAt: string | null;
+    source: string | null;
+}
+interface SyncTokenResponse {
+    success: boolean;
+    message: string;
+    hasToken: boolean;
+    syncedAt: string | null;
+    source: string | null;
+}
+declare class AuthModule {
+    private baseUrl;
+    private appId;
+    private apiKey?;
+    constructor(realtimexUrl: string, appId: string, apiKey?: string);
+    private getHeaders;
+    /**
+     * Push a Supabase access token to the Main App.
+     * This enables Main App to use the token for:
+     * - Realtime subscriptions (bypass RLS)
+     * - CRUD operations on rtx_activities (bypass RLS)
+     *
+     * @param token - Supabase JWT from supabase.auth.signIn()
+     *
+     * @example
+     * ```ts
+     * const { data } = await supabase.auth.signInWithPassword({ email, password });
+     * await sdk.auth.syncSupabaseToken(data.session.access_token);
+     * ```
+     */
+    syncSupabaseToken(token: string): Promise<SyncTokenResponse>;
+    /**
+     * Retrieve the current Keycloak access token from Main App.
+     * This is the existing Token Vending Machine endpoint.
+     *
+     * @returns The access token info, or null if no token is available.
+     */
+    getAccessToken(): Promise<AuthTokenResponse | null>;
+}
+
 interface ContractHttpClientConfig {
     baseUrl: string;
     appId?: string;
@@ -1707,6 +1850,8 @@ declare class RealtimeXSDK {
     mcp: MCPModule;
     contract: ContractModule;
     contractRuntime: ContractRuntime;
+    database: DatabaseModule;
+    auth: AuthModule;
     readonly appId: string;
     readonly appName: string | undefined;
     readonly apiKey: string | undefined;
@@ -1741,4 +1886,4 @@ declare class RealtimeXSDK {
     getAppDataDir(): Promise<string>;
 }
 
-export { type ACPAdapterContext, type ACPAdapterTelemetryEvent, type ACPAdapterTelemetrySink, ACPContractAdapter, type ACPContractAdapterOptions, type ACPContractRuntime, ACPEventMapper, type ACPExecutionReference, type ACPNotifier, ACPPermissionBridge, type ACPSessionToolUpdate, type ACPSessionUpdateParams, ACPTelemetry, type ACPTextContent, type ACPToolInvocation, type ACPToolKind, type ACPToolStatus, ActivitiesModule, type Activity, type Agent, type AgentChatOptions, type AgentChatResponse, AgentModule, type AgentSession, type AgentSessionInfo, type AgentSessionOptions, ApiModule, type AuthProvider, CONTRACT_ATTEMPT_PREFIX, CONTRACT_EVENT_ID_HEADER, CONTRACT_SIGNATURE_ALGORITHM, CONTRACT_SIGNATURE_HEADER, type CanonicalToolDefinition, type ChatContentBlock, type ChatCustomBlock, type ChatFileBlock, type ChatImageUrlBlock, type ChatMessage, type ChatMessageContent, type ChatOptions, type ChatResponse, type ChatTextBlock, ClaudeToolAdapter, type ClaudeToolCall, type ClaudeToolDefinition, type ClaudeToolResult, CodexToolAdapter, type CodexToolCall, type CodexToolDefinition, type CodexToolResult, ContractCache, type ContractCallbackMetadata, type ContractCallbackRules, type ContractCapability, type ContractCapabilityTrigger, ContractClient, type ContractClientOptions, type ContractDiscoveryResponse, ContractError, type ContractEventType, ContractHttpClient, type ContractHttpClientConfig, ContractModule, ContractRuntime, type ContractRuntimeInterface, type ContractRuntimeOptions, type ContractSignInput, type ContractStrictness, ContractValidationError, type EmbedOptions, type EmbedResponse, type ExecutionContext, type ExecutionResult, type GeminiFunctionDeclaration, GeminiToolAdapter, type GeminiToolCall, type GeminiToolResult, type GetToolsInput, type HostToolAdapter, type IngestExecutionEventInput, LLMModule, LLMPermissionError, LLMProviderError, LOCAL_APP_CONTRACT_VERSION, type LegacyLocalAppContractShape, type LifecycleEventType, type LocalAppContractDefinition, type LocalAppContractResponse, type LocalAppContractV1, MCPModule, type MCPServer, type MCPTool, type MCPToolResult, PermissionDeniedError, type PermissionOption, PermissionRequiredError, PortModule, type ProjectToolsInput, type Provider, type ProviderKind, type ProvidersResponse, RealtimeXSDK, RetryPolicy, type RetryPolicyOptions, type RuntimeExecutionEvent, RuntimeTransportError, type SDKConfig, type STTListenOptions, type STTModel, type STTModelsResponse, STTModule, type STTProvider, type STTProvidersResponse, type STTResponse, ScopeDeniedError, ScopeGuard, StaticAuthProvider, type StaticAuthProviderOptions, type StreamChunk, type StreamChunkEvent, type TTSChunk, type TTSChunkEvent, TTSModule, type TTSOptions, type TTSProvider, type TTSProviderConfig, type TTSProvidersResponse, type Task, TaskModule, type TaskRun, type Thread, type ToolCall, ToolNotFoundError, ToolProjector, ToolValidationError, type TriggerAgentPayload, type TriggerAgentResponse, type VectorDeleteOptions, type VectorDeleteResponse, type VectorQueryOptions, type VectorQueryResponse, type VectorQueryResult, type VectorRecord, VectorStore, type VectorUpsertOptions, type VectorUpsertResponse, WebhookModule, type Workspace, buildContractIdempotencyKey, buildContractSignatureMessage, canonicalEventToLegacyAction, createContractEventId, hashContractPayload, normalizeAttemptId, normalizeContractEvent, normalizeLocalAppContractV1, normalizeSchema, parseAttemptRunId, signContractEvent, toStableToolName };
+export { type ACPAdapterContext, type ACPAdapterTelemetryEvent, type ACPAdapterTelemetrySink, ACPContractAdapter, type ACPContractAdapterOptions, type ACPContractRuntime, ACPEventMapper, type ACPExecutionReference, type ACPNotifier, ACPPermissionBridge, type ACPSessionToolUpdate, type ACPSessionUpdateParams, ACPTelemetry, type ACPTextContent, type ACPToolInvocation, type ACPToolKind, type ACPToolStatus, ActivitiesModule, type Activity, type Agent, type AgentChatOptions, type AgentChatResponse, AgentModule, type AgentSession, type AgentSessionInfo, type AgentSessionOptions, ApiModule, AuthModule, type AuthProvider, type AuthTokenResponse, CONTRACT_ATTEMPT_PREFIX, CONTRACT_EVENT_ID_HEADER, CONTRACT_SIGNATURE_ALGORITHM, CONTRACT_SIGNATURE_HEADER, type CanonicalToolDefinition, type ChatContentBlock, type ChatCustomBlock, type ChatFileBlock, type ChatImageUrlBlock, type ChatMessage, type ChatMessageContent, type ChatOptions, type ChatResponse, type ChatTextBlock, ClaudeToolAdapter, type ClaudeToolCall, type ClaudeToolDefinition, type ClaudeToolResult, CodexToolAdapter, type CodexToolCall, type CodexToolDefinition, type CodexToolResult, ContractCache, type ContractCallbackMetadata, type ContractCallbackRules, type ContractCapability, type ContractCapabilityTrigger, ContractClient, type ContractClientOptions, type ContractDiscoveryResponse, ContractError, type ContractEventType, ContractHttpClient, type ContractHttpClientConfig, type ContractInvokePayload, ContractModule, ContractRuntime, type ContractRuntimeInterface, type ContractRuntimeOptions, type ContractSignInput, type ContractStrictness, ContractValidationError, type DatabaseConfig, DatabaseModule, type EmbedOptions, type EmbedResponse, type ExecutionContext, type ExecutionResult, type GeminiFunctionDeclaration, GeminiToolAdapter, type GeminiToolCall, type GeminiToolResult, type GetToolsInput, type HostToolAdapter, type IngestExecutionEventInput, LLMModule, LLMPermissionError, LLMProviderError, LOCAL_APP_CONTRACT_VERSION, type LegacyLocalAppContractShape, type LifecycleEventType, type LocalAppCapabilitiesResponse, type LocalAppCapabilityDetailResponse, type LocalAppCapabilitySearchResponse, type LocalAppContractDefinition, type LocalAppContractResponse, type LocalAppContractV1, MCPModule, type MCPServer, type MCPTool, type MCPToolResult, PermissionDeniedError, type PermissionOption, PermissionRequiredError, PortModule, type ProjectToolsInput, type Provider, type ProviderKind, type ProvidersResponse, RealtimeXSDK, RetryPolicy, type RetryPolicyOptions, type RuntimeExecutionEvent, RuntimeTransportError, type SDKConfig, type STTListenOptions, type STTModel, type STTModelsResponse, STTModule, type STTProvider, type STTProvidersResponse, type STTResponse, ScopeDeniedError, ScopeGuard, StaticAuthProvider, type StaticAuthProviderOptions, type StreamChunk, type StreamChunkEvent, type SyncTokenResponse, type TTSChunk, type TTSChunkEvent, TTSModule, type TTSOptions, type TTSProvider, type TTSProviderConfig, type TTSProvidersResponse, type Task, TaskModule, type TaskRun, type Thread, type ToolCall, ToolNotFoundError, ToolProjector, ToolValidationError, type TriggerAgentPayload, type TriggerAgentResponse, type VectorDeleteOptions, type VectorDeleteResponse, type VectorQueryOptions, type VectorQueryResponse, type VectorQueryResult, type VectorRecord, VectorStore, type VectorUpsertOptions, type VectorUpsertResponse, WebhookModule, type Workspace, buildContractIdempotencyKey, buildContractSignatureMessage, canonicalEventToLegacyAction, createContractEventId, hashContractPayload, normalizeAttemptId, normalizeContractEvent, normalizeLocalAppContractV1, normalizeSchema, parseAttemptRunId, signContractEvent, toStableToolName };

package/dist/index.d.ts

@@ -41,6 +41,7 @@ interface TriggerAgentResponse {
     success: boolean;
     task_uuid?: string;
     task_id?: string;
+    capability_id?: string;
     event_id?: string;
     attempt_id?: string;
     event_type?: ContractEventType | string;
@@ -59,21 +60,72 @@ interface ContractCallbackMetadata {
     attempt_id_format?: string;
     idempotency?: string;
 }
+interface ContractCapabilityTrigger$1 {
+    event: string;
+    route?: string;
+    payload_template?: Record<string, unknown>;
+}
+interface ContractCapability$1 {
+    capability_id: string;
+    name: string;
+    description?: string;
+    input_schema: Record<string, unknown>;
+    output_schema?: Record<string, unknown>;
+    permission?: string;
+    trigger?: ContractCapabilityTrigger$1;
+    tags?: string[];
+    examples?: string[];
+    risk_level?: 'low' | 'medium' | 'high' | null;
+    enabled?: boolean;
+}
 interface LocalAppContractDefinition {
     id: string;
     version: string;
+    strictness?: 'compatible' | 'strict';
     events: Record<string, ContractEventType>;
     supported_events: ContractEventType[];
     supported_legacy_events: string[];
     aliases: Record<string, ContractEventType>;
     status_map: Record<string, string>;
     legacy_action_map: Record<ContractEventType, string>;
+    catalog_hash?: string;
+    capability_count?: number;
+    capabilities?: ContractCapability$1[];
     callback?: ContractCallbackMetadata;
 }
 interface LocalAppContractResponse {
     success: boolean;
     contract: LocalAppContractDefinition;
 }
+interface LocalAppCapabilitiesResponse {
+    success: boolean;
+    contract_version: string;
+    strictness?: 'compatible' | 'strict';
+    catalog_hash?: string;
+    count: number;
+    capabilities: ContractCapability$1[];
+}
+interface LocalAppCapabilitySearchResponse extends LocalAppCapabilitiesResponse {
+    query: string;
+}
+interface LocalAppCapabilityDetailResponse {
+    success: boolean;
+    contract_version: string;
+    strictness?: 'compatible' | 'strict';
+    catalog_hash?: string;
+    capability: ContractCapability$1;
+}
+interface ContractInvokePayload {
+    capability_id: string;
+    args?: Record<string, unknown>;
+    auto_run?: boolean;
+    agent_name?: string;
+    workspace_slug?: string;
+    thread_slug?: string;
+    prompt?: string;
+    event_id?: string;
+    attempt_id?: string | number;
+}
 interface Agent {
     slug: string;
     name: string;
@@ -1170,10 +1222,19 @@ declare class ContractModule {
     private readonly appId?;
     private readonly apiKey?;
     private cachedContract;
+    private cachedCapabilities;
+    private cachedCapabilityCatalogHash;
     constructor(realtimexUrl: string, appName?: string, appId?: string, apiKey?: string);
     private requestPermission;
     private request;
     getLocalAppV1(forceRefresh?: boolean): Promise<LocalAppContractDefinition>;
+    listCapabilities(forceRefresh?: boolean): Promise<ContractCapability$1[]>;
+    searchCapabilities(query: string): Promise<ContractCapability$1[]>;
+    describeCapability(capabilityId: string): Promise<ContractCapability$1>;
+    search(query: string): Promise<ContractCapability$1[]>;
+    describe(capabilityId: string): Promise<ContractCapability$1>;
+    invoke(payload: ContractInvokePayload): Promise<TriggerAgentResponse>;
+    getCachedCatalogHash(): string | null;
     clearCache(): void;
 }
 
@@ -1383,6 +1444,88 @@ declare class ContractRuntime implements ContractRuntimeInterface {
     private toFailedResult;
 }
 
+/**
+ * Database Module - Retrieve Supabase config from RealtimeX Main App
+ *
+ * Allows Local Apps to fetch their database configuration (URL, anonKey, mode)
+ * without hardcoding them.
+ */
+interface DatabaseConfig {
+    url: string;
+    anonKey: string;
+    mode: 'compatible' | 'custom';
+    tables: string[];
+    max_concurrent_tasks: number;
+}
+declare class DatabaseModule {
+    private baseUrl;
+    private appId;
+    private apiKey?;
+    constructor(realtimexUrl: string, appId: string, apiKey?: string);
+    private getHeaders;
+    /**
+     * Get the Supabase database configuration for this app.
+     * Returns URL, anonKey, mode, and tables.
+     *
+     * @example
+     * ```ts
+     * const config = await sdk.database.getConfig();
+     * const supabase = createClient(config.url, config.anonKey);
+     * ```
+     */
+    getConfig(): Promise<DatabaseConfig>;
+}
+
+/**
+ * Auth Module - Authentication helpers for RealtimeX SDK
+ *
+ * Provides:
+ * - syncSupabaseToken(): Push Supabase JWT to Main App for RLS-aware operations
+ * - getAccessToken(): Retrieve the Keycloak access token from Main App (existing endpoint)
+ */
+interface AuthTokenResponse {
+    token: string;
+    hasToken: boolean;
+    syncedAt: string | null;
+    source: string | null;
+}
+interface SyncTokenResponse {
+    success: boolean;
+    message: string;
+    hasToken: boolean;
+    syncedAt: string | null;
+    source: string | null;
+}
+declare class AuthModule {
+    private baseUrl;
+    private appId;
+    private apiKey?;
+    constructor(realtimexUrl: string, appId: string, apiKey?: string);
+    private getHeaders;
+    /**
+     * Push a Supabase access token to the Main App.
+     * This enables Main App to use the token for:
+     * - Realtime subscriptions (bypass RLS)
+     * - CRUD operations on rtx_activities (bypass RLS)
+     *
+     * @param token - Supabase JWT from supabase.auth.signIn()
+     *
+     * @example
+     * ```ts
+     * const { data } = await supabase.auth.signInWithPassword({ email, password });
+     * await sdk.auth.syncSupabaseToken(data.session.access_token);
+     * ```
+     */
+    syncSupabaseToken(token: string): Promise<SyncTokenResponse>;
+    /**
+     * Retrieve the current Keycloak access token from Main App.
+     * This is the existing Token Vending Machine endpoint.
+     *
+     * @returns The access token info, or null if no token is available.
+     */
+    getAccessToken(): Promise<AuthTokenResponse | null>;
+}
+
 interface ContractHttpClientConfig {
     baseUrl: string;
     appId?: string;
@@ -1707,6 +1850,8 @@ declare class RealtimeXSDK {
     mcp: MCPModule;
     contract: ContractModule;
     contractRuntime: ContractRuntime;
+    database: DatabaseModule;
+    auth: AuthModule;
     readonly appId: string;
     readonly appName: string | undefined;
     readonly apiKey: string | undefined;
@@ -1741,4 +1886,4 @@ declare class RealtimeXSDK {
     getAppDataDir(): Promise<string>;
 }
 
-export { type ACPAdapterContext, type ACPAdapterTelemetryEvent, type ACPAdapterTelemetrySink, ACPContractAdapter, type ACPContractAdapterOptions, type ACPContractRuntime, ACPEventMapper, type ACPExecutionReference, type ACPNotifier, ACPPermissionBridge, type ACPSessionToolUpdate, type ACPSessionUpdateParams, ACPTelemetry, type ACPTextContent, type ACPToolInvocation, type ACPToolKind, type ACPToolStatus, ActivitiesModule, type Activity, type Agent, type AgentChatOptions, type AgentChatResponse, AgentModule, type AgentSession, type AgentSessionInfo, type AgentSessionOptions, ApiModule, type AuthProvider, CONTRACT_ATTEMPT_PREFIX, CONTRACT_EVENT_ID_HEADER, CONTRACT_SIGNATURE_ALGORITHM, CONTRACT_SIGNATURE_HEADER, type CanonicalToolDefinition, type ChatContentBlock, type ChatCustomBlock, type ChatFileBlock, type ChatImageUrlBlock, type ChatMessage, type ChatMessageContent, type ChatOptions, type ChatResponse, type ChatTextBlock, ClaudeToolAdapter, type ClaudeToolCall, type ClaudeToolDefinition, type ClaudeToolResult, CodexToolAdapter, type CodexToolCall, type CodexToolDefinition, type CodexToolResult, ContractCache, type ContractCallbackMetadata, type ContractCallbackRules, type ContractCapability, type ContractCapabilityTrigger, ContractClient, type ContractClientOptions, type ContractDiscoveryResponse, ContractError, type ContractEventType, ContractHttpClient, type ContractHttpClientConfig, ContractModule, ContractRuntime, type ContractRuntimeInterface, type ContractRuntimeOptions, type ContractSignInput, type ContractStrictness, ContractValidationError, type EmbedOptions, type EmbedResponse, type ExecutionContext, type ExecutionResult, type GeminiFunctionDeclaration, GeminiToolAdapter, type GeminiToolCall, type GeminiToolResult, type GetToolsInput, type HostToolAdapter, type IngestExecutionEventInput, LLMModule, LLMPermissionError, LLMProviderError, LOCAL_APP_CONTRACT_VERSION, type LegacyLocalAppContractShape, type LifecycleEventType, type LocalAppContractDefinition, type LocalAppContractResponse, type LocalAppContractV1, MCPModule, type MCPServer, type MCPTool, type MCPToolResult, PermissionDeniedError, type PermissionOption, PermissionRequiredError, PortModule, type ProjectToolsInput, type Provider, type ProviderKind, type ProvidersResponse, RealtimeXSDK, RetryPolicy, type RetryPolicyOptions, type RuntimeExecutionEvent, RuntimeTransportError, type SDKConfig, type STTListenOptions, type STTModel, type STTModelsResponse, STTModule, type STTProvider, type STTProvidersResponse, type STTResponse, ScopeDeniedError, ScopeGuard, StaticAuthProvider, type StaticAuthProviderOptions, type StreamChunk, type StreamChunkEvent, type TTSChunk, type TTSChunkEvent, TTSModule, type TTSOptions, type TTSProvider, type TTSProviderConfig, type TTSProvidersResponse, type Task, TaskModule, type TaskRun, type Thread, type ToolCall, ToolNotFoundError, ToolProjector, ToolValidationError, type TriggerAgentPayload, type TriggerAgentResponse, type VectorDeleteOptions, type VectorDeleteResponse, type VectorQueryOptions, type VectorQueryResponse, type VectorQueryResult, type VectorRecord, VectorStore, type VectorUpsertOptions, type VectorUpsertResponse, WebhookModule, type Workspace, buildContractIdempotencyKey, buildContractSignatureMessage, canonicalEventToLegacyAction, createContractEventId, hashContractPayload, normalizeAttemptId, normalizeContractEvent, normalizeLocalAppContractV1, normalizeSchema, parseAttemptRunId, signContractEvent, toStableToolName };
+export { type ACPAdapterContext, type ACPAdapterTelemetryEvent, type ACPAdapterTelemetrySink, ACPContractAdapter, type ACPContractAdapterOptions, type ACPContractRuntime, ACPEventMapper, type ACPExecutionReference, type ACPNotifier, ACPPermissionBridge, type ACPSessionToolUpdate, type ACPSessionUpdateParams, ACPTelemetry, type ACPTextContent, type ACPToolInvocation, type ACPToolKind, type ACPToolStatus, ActivitiesModule, type Activity, type Agent, type AgentChatOptions, type AgentChatResponse, AgentModule, type AgentSession, type AgentSessionInfo, type AgentSessionOptions, ApiModule, AuthModule, type AuthProvider, type AuthTokenResponse, CONTRACT_ATTEMPT_PREFIX, CONTRACT_EVENT_ID_HEADER, CONTRACT_SIGNATURE_ALGORITHM, CONTRACT_SIGNATURE_HEADER, type CanonicalToolDefinition, type ChatContentBlock, type ChatCustomBlock, type ChatFileBlock, type ChatImageUrlBlock, type ChatMessage, type ChatMessageContent, type ChatOptions, type ChatResponse, type ChatTextBlock, ClaudeToolAdapter, type ClaudeToolCall, type ClaudeToolDefinition, type ClaudeToolResult, CodexToolAdapter, type CodexToolCall, type CodexToolDefinition, type CodexToolResult, ContractCache, type ContractCallbackMetadata, type ContractCallbackRules, type ContractCapability, type ContractCapabilityTrigger, ContractClient, type ContractClientOptions, type ContractDiscoveryResponse, ContractError, type ContractEventType, ContractHttpClient, type ContractHttpClientConfig, type ContractInvokePayload, ContractModule, ContractRuntime, type ContractRuntimeInterface, type ContractRuntimeOptions, type ContractSignInput, type ContractStrictness, ContractValidationError, type DatabaseConfig, DatabaseModule, type EmbedOptions, type EmbedResponse, type ExecutionContext, type ExecutionResult, type GeminiFunctionDeclaration, GeminiToolAdapter, type GeminiToolCall, type GeminiToolResult, type GetToolsInput, type HostToolAdapter, type IngestExecutionEventInput, LLMModule, LLMPermissionError, LLMProviderError, LOCAL_APP_CONTRACT_VERSION, type LegacyLocalAppContractShape, type LifecycleEventType, type LocalAppCapabilitiesResponse, type LocalAppCapabilityDetailResponse, type LocalAppCapabilitySearchResponse, type LocalAppContractDefinition, type LocalAppContractResponse, type LocalAppContractV1, MCPModule, type MCPServer, type MCPTool, type MCPToolResult, PermissionDeniedError, type PermissionOption, PermissionRequiredError, PortModule, type ProjectToolsInput, type Provider, type ProviderKind, type ProvidersResponse, RealtimeXSDK, RetryPolicy, type RetryPolicyOptions, type RuntimeExecutionEvent, RuntimeTransportError, type SDKConfig, type STTListenOptions, type STTModel, type STTModelsResponse, STTModule, type STTProvider, type STTProvidersResponse, type STTResponse, ScopeDeniedError, ScopeGuard, StaticAuthProvider, type StaticAuthProviderOptions, type StreamChunk, type StreamChunkEvent, type SyncTokenResponse, type TTSChunk, type TTSChunkEvent, TTSModule, type TTSOptions, type TTSProvider, type TTSProviderConfig, type TTSProvidersResponse, type Task, TaskModule, type TaskRun, type Thread, type ToolCall, ToolNotFoundError, ToolProjector, ToolValidationError, type TriggerAgentPayload, type TriggerAgentResponse, type VectorDeleteOptions, type VectorDeleteResponse, type VectorQueryOptions, type VectorQueryResponse, type VectorQueryResult, type VectorRecord, VectorStore, type VectorUpsertOptions, type VectorUpsertResponse, WebhookModule, type Workspace, buildContractIdempotencyKey, buildContractSignatureMessage, canonicalEventToLegacyAction, createContractEventId, hashContractPayload, normalizeAttemptId, normalizeContractEvent, normalizeLocalAppContractV1, normalizeSchema, parseAttemptRunId, signContractEvent, toStableToolName };

package/dist/index.js

@@ -37,6 +37,7 @@ __export(index_exports, {
   ActivitiesModule: () => ActivitiesModule,
   AgentModule: () => AgentModule,
   ApiModule: () => ApiModule,
+  AuthModule: () => AuthModule,
   CONTRACT_ATTEMPT_PREFIX: () => CONTRACT_ATTEMPT_PREFIX,
   CONTRACT_EVENT_ID_HEADER: () => CONTRACT_EVENT_ID_HEADER,
   CONTRACT_SIGNATURE_ALGORITHM: () => CONTRACT_SIGNATURE_ALGORITHM,
@@ -50,6 +51,7 @@ __export(index_exports, {
   ContractModule: () => ContractModule,
   ContractRuntime: () => ContractRuntime,
   ContractValidationError: () => ContractValidationError,
+  DatabaseModule: () => DatabaseModule,
   GeminiToolAdapter: () => GeminiToolAdapter,
   LLMModule: () => LLMModule,
   LLMPermissionError: () => LLMPermissionError,
@@ -453,6 +455,8 @@ function buildContractIdempotencyKey({
 var ContractModule = class {
   constructor(realtimexUrl, appName, appId, apiKey) {
     this.cachedContract = null;
+    this.cachedCapabilities = null;
+    this.cachedCapabilityCatalogHash = null;
     this.realtimexUrl = realtimexUrl.replace(/\/$/, "");
     this.appName = appName;
     this.appId = appId;
@@ -475,16 +479,18 @@ var ContractModule = class {
       return false;
     }
   }
-  async request(path) {
+  async request(path, options = {}) {
     const url = `${this.realtimexUrl}${path}`;
     const headers = {
-      "Content-Type": "application/json"
+      "Content-Type": "application/json",
+      ...options.headers
     };
     if (this.apiKey) headers.Authorization = `Bearer ${this.apiKey}`;
     if (this.appId) headers["x-app-id"] = this.appId;
     const response = await fetch(url, {
-      method: "GET",
-      headers
+      method: options.method || "GET",
+      headers,
+      body: options.body
     });
     const data = await response.json();
     if (response.status === 403) {
@@ -493,7 +499,7 @@ var ContractModule = class {
       const message = data.message;
       if (errorCode === "PERMISSION_REQUIRED" && permission) {
         const granted = await this.requestPermission(permission);
-        if (granted) return this.request(path);
+        if (granted) return this.request(path, options);
         throw new PermissionDeniedError(permission, message);
       }
       if (errorCode === "PERMISSION_DENIED") {
@@ -509,10 +515,89 @@ var ContractModule = class {
     if (!forceRefresh && this.cachedContract) return this.cachedContract;
     const data = await this.request("/contracts/local-app/v1");
     this.cachedContract = data.contract;
+    if (Array.isArray(data.contract?.capabilities)) {
+      this.cachedCapabilities = data.contract.capabilities;
+      this.cachedCapabilityCatalogHash = data.contract.catalog_hash || null;
+    }
     return data.contract;
   }
+  async listCapabilities(forceRefresh = false) {
+    if (!forceRefresh && this.cachedCapabilities) return this.cachedCapabilities;
+    const data = await this.request(
+      "/contracts/local-app/v1/capabilities"
+    );
+    this.cachedCapabilities = Array.isArray(data.capabilities) ? data.capabilities : [];
+    this.cachedCapabilityCatalogHash = data.catalog_hash || null;
+    return this.cachedCapabilities;
+  }
+  async searchCapabilities(query) {
+    const normalizedQuery = String(query || "").trim();
+    if (!normalizedQuery) {
+      throw new Error("searchCapabilities requires a non-empty query");
+    }
+    const encodedQuery = encodeURIComponent(normalizedQuery);
+    const data = await this.request(
+      `/contracts/local-app/v1/capabilities/search?q=${encodedQuery}`
+    );
+    return Array.isArray(data.capabilities) ? data.capabilities : [];
+  }
+  async describeCapability(capabilityId) {
+    const normalizedCapabilityId = String(capabilityId || "").trim();
+    if (!normalizedCapabilityId) {
+      throw new Error("describeCapability requires a non-empty capability id");
+    }
+    const encodedCapabilityId = encodeURIComponent(normalizedCapabilityId);
+    const data = await this.request(
+      `/contracts/local-app/v1/capabilities/${encodedCapabilityId}`
+    );
+    return data.capability;
+  }
+  // Alias for agentic contract flow naming.
+  async search(query) {
+    return this.searchCapabilities(query);
+  }
+  // Alias for agentic contract flow naming.
+  async describe(capabilityId) {
+    return this.describeCapability(capabilityId);
+  }
+  async invoke(payload) {
+    const capabilityId = String(payload?.capability_id || "").trim();
+    if (!capabilityId) {
+      throw new Error("invoke requires payload.capability_id");
+    }
+    if (payload.auto_run && (!payload.agent_name || !payload.workspace_slug)) {
+      throw new Error("auto_run requires agent_name and workspace_slug");
+    }
+    const args = payload.args && typeof payload.args === "object" && !Array.isArray(payload.args) ? { ...payload.args } : {};
+    if (!args.capability) {
+      args.capability = capabilityId;
+    }
+    return this.request("/webhooks/realtimex", {
+      method: "POST",
+      body: JSON.stringify({
+        app_name: this.appName,
+        app_id: this.appId,
+        event: "task.trigger",
+        event_id: payload.event_id || createContractEventId(),
+        attempt_id: normalizeAttemptId(payload.attempt_id),
+        payload: {
+          raw_data: args,
+          auto_run: payload.auto_run ?? false,
+          agent_name: payload.agent_name,
+          workspace_slug: payload.workspace_slug,
+          thread_slug: payload.thread_slug,
+          prompt: payload.prompt ?? ""
+        }
+      })
+    });
+  }
+  getCachedCatalogHash() {
+    return this.cachedCapabilityCatalogHash;
+  }
   clearCache() {
     this.cachedContract = null;
+    this.cachedCapabilities = null;
+    this.cachedCapabilityCatalogHash = null;
   }
 };
 
@@ -2495,6 +2580,7 @@ var ContractRuntime = class {
         tool_call_id: call.tool_call_id,
         args: call.args,
         context: {
+          app_id: context.appId,
           user_id: context.userId,
           workspace_id: context.workspaceId || null,
           request_id: context.requestId || null,
@@ -2507,7 +2593,9 @@ var ContractRuntime = class {
     }
     return {
       app_name: this.appName,
-      app_id: this.appId || context.appId,
+      // In API-key dev mode, app_id should be omitted unless explicitly configured
+      // on the runtime. Passing an unknown app_id causes webhook trigger rejection.
+      app_id: this.appId || void 0,
       event: tool.trigger.event,
       event_id: eventId,
       payload
@@ -2621,6 +2709,118 @@ var ContractRuntime = class {
   }
 };
 
+// src/modules/database.ts
+var DatabaseModule = class {
+  constructor(realtimexUrl, appId, apiKey) {
+    this.baseUrl = realtimexUrl.replace(/\/$/, "");
+    this.appId = appId;
+    this.apiKey = apiKey;
+  }
+  getHeaders() {
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this.apiKey) {
+      headers["Authorization"] = `Bearer ${this.apiKey}`;
+    }
+    if (this.appId) {
+      headers["x-app-id"] = this.appId;
+    }
+    return headers;
+  }
+  /**
+   * Get the Supabase database configuration for this app.
+   * Returns URL, anonKey, mode, and tables.
+   *
+   * @example
+   * ```ts
+   * const config = await sdk.database.getConfig();
+   * const supabase = createClient(config.url, config.anonKey);
+   * ```
+   */
+  async getConfig() {
+    const response = await fetch(`${this.baseUrl}/sdk/database/config`, {
+      method: "GET",
+      headers: this.getHeaders()
+    });
+    const data = await response.json();
+    if (!response.ok) {
+      throw new Error(data.error || "Failed to get database config");
+    }
+    return data.config;
+  }
+};
+
+// src/modules/auth.ts
+var AuthModule = class {
+  constructor(realtimexUrl, appId, apiKey) {
+    this.baseUrl = realtimexUrl.replace(/\/$/, "");
+    this.appId = appId;
+    this.apiKey = apiKey;
+  }
+  getHeaders() {
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this.apiKey) {
+      headers["Authorization"] = `Bearer ${this.apiKey}`;
+    }
+    if (this.appId) {
+      headers["x-app-id"] = this.appId;
+    }
+    return headers;
+  }
+  /**
+   * Push a Supabase access token to the Main App.
+   * This enables Main App to use the token for:
+   * - Realtime subscriptions (bypass RLS)
+   * - CRUD operations on rtx_activities (bypass RLS)
+   *
+   * @param token - Supabase JWT from supabase.auth.signIn()
+   *
+   * @example
+   * ```ts
+   * const { data } = await supabase.auth.signInWithPassword({ email, password });
+   * await sdk.auth.syncSupabaseToken(data.session.access_token);
+   * ```
+   */
+  async syncSupabaseToken(token) {
+    if (!token || typeof token !== "string") {
+      throw new Error("Token must be a non-empty string");
+    }
+    const response = await fetch(`${this.baseUrl}/sdk/auth/sync-supabase-token`, {
+      method: "POST",
+      headers: this.getHeaders(),
+      body: JSON.stringify({ token })
+    });
+    const data = await response.json();
+    if (!response.ok) {
+      throw new Error(data.error || "Failed to sync Supabase token");
+    }
+    return data;
+  }
+  /**
+   * Retrieve the current Keycloak access token from Main App.
+   * This is the existing Token Vending Machine endpoint.
+   *
+   * @returns The access token info, or null if no token is available.
+   */
+  async getAccessToken() {
+    const response = await fetch(`${this.baseUrl}/sdk/auth/token`, {
+      method: "GET",
+      headers: this.getHeaders()
+    });
+    const data = await response.json();
+    if (response.status === 404) {
+      return null;
+    }
+    if (!response.ok) {
+      throw new Error(data.error || "Failed to get access token");
+    }
+    return data;
+  }
+};
+
 // src/core/auth/AuthProvider.ts
 var StaticAuthProvider = class {
   constructor(options = {}) {
@@ -3315,6 +3515,8 @@ var _RealtimeXSDK = class _RealtimeXSDK {
       apiKey: this.apiKey,
       permissions: this.permissions
     });
+    this.database = new DatabaseModule(this.realtimexUrl, this.appId, this.apiKey);
+    this.auth = new AuthModule(this.realtimexUrl, this.appId, this.apiKey);
     if (this.permissions.length > 0 && this.appId && !this.apiKey) {
       this.register().catch((err) => {
         console.error("[RealtimeX SDK] Auto-registration failed:", err.message);
@@ -3423,6 +3625,7 @@ var RealtimeXSDK = _RealtimeXSDK;
   ActivitiesModule,
   AgentModule,
   ApiModule,
+  AuthModule,
   CONTRACT_ATTEMPT_PREFIX,
   CONTRACT_EVENT_ID_HEADER,
   CONTRACT_SIGNATURE_ALGORITHM,
@@ -3436,6 +3639,7 @@ var RealtimeXSDK = _RealtimeXSDK;
   ContractModule,
   ContractRuntime,
   ContractValidationError,
+  DatabaseModule,
   GeminiToolAdapter,
   LLMModule,
   LLMPermissionError,

package/dist/index.mjs

@@ -363,6 +363,8 @@ function buildContractIdempotencyKey({
 var ContractModule = class {
   constructor(realtimexUrl, appName, appId, apiKey) {
     this.cachedContract = null;
+    this.cachedCapabilities = null;
+    this.cachedCapabilityCatalogHash = null;
     this.realtimexUrl = realtimexUrl.replace(/\/$/, "");
     this.appName = appName;
     this.appId = appId;
@@ -385,16 +387,18 @@ var ContractModule = class {
       return false;
     }
   }
-  async request(path) {
+  async request(path, options = {}) {
     const url = `${this.realtimexUrl}${path}`;
     const headers = {
-      "Content-Type": "application/json"
+      "Content-Type": "application/json",
+      ...options.headers
     };
     if (this.apiKey) headers.Authorization = `Bearer ${this.apiKey}`;
     if (this.appId) headers["x-app-id"] = this.appId;
     const response = await fetch(url, {
-      method: "GET",
-      headers
+      method: options.method || "GET",
+      headers,
+      body: options.body
     });
     const data = await response.json();
     if (response.status === 403) {
@@ -403,7 +407,7 @@ var ContractModule = class {
       const message = data.message;
       if (errorCode === "PERMISSION_REQUIRED" && permission) {
         const granted = await this.requestPermission(permission);
-        if (granted) return this.request(path);
+        if (granted) return this.request(path, options);
         throw new PermissionDeniedError(permission, message);
       }
       if (errorCode === "PERMISSION_DENIED") {
@@ -419,10 +423,89 @@ var ContractModule = class {
     if (!forceRefresh && this.cachedContract) return this.cachedContract;
     const data = await this.request("/contracts/local-app/v1");
     this.cachedContract = data.contract;
+    if (Array.isArray(data.contract?.capabilities)) {
+      this.cachedCapabilities = data.contract.capabilities;
+      this.cachedCapabilityCatalogHash = data.contract.catalog_hash || null;
+    }
     return data.contract;
   }
+  async listCapabilities(forceRefresh = false) {
+    if (!forceRefresh && this.cachedCapabilities) return this.cachedCapabilities;
+    const data = await this.request(
+      "/contracts/local-app/v1/capabilities"
+    );
+    this.cachedCapabilities = Array.isArray(data.capabilities) ? data.capabilities : [];
+    this.cachedCapabilityCatalogHash = data.catalog_hash || null;
+    return this.cachedCapabilities;
+  }
+  async searchCapabilities(query) {
+    const normalizedQuery = String(query || "").trim();
+    if (!normalizedQuery) {
+      throw new Error("searchCapabilities requires a non-empty query");
+    }
+    const encodedQuery = encodeURIComponent(normalizedQuery);
+    const data = await this.request(
+      `/contracts/local-app/v1/capabilities/search?q=${encodedQuery}`
+    );
+    return Array.isArray(data.capabilities) ? data.capabilities : [];
+  }
+  async describeCapability(capabilityId) {
+    const normalizedCapabilityId = String(capabilityId || "").trim();
+    if (!normalizedCapabilityId) {
+      throw new Error("describeCapability requires a non-empty capability id");
+    }
+    const encodedCapabilityId = encodeURIComponent(normalizedCapabilityId);
+    const data = await this.request(
+      `/contracts/local-app/v1/capabilities/${encodedCapabilityId}`
+    );
+    return data.capability;
+  }
+  // Alias for agentic contract flow naming.
+  async search(query) {
+    return this.searchCapabilities(query);
+  }
+  // Alias for agentic contract flow naming.
+  async describe(capabilityId) {
+    return this.describeCapability(capabilityId);
+  }
+  async invoke(payload) {
+    const capabilityId = String(payload?.capability_id || "").trim();
+    if (!capabilityId) {
+      throw new Error("invoke requires payload.capability_id");
+    }
+    if (payload.auto_run && (!payload.agent_name || !payload.workspace_slug)) {
+      throw new Error("auto_run requires agent_name and workspace_slug");
+    }
+    const args = payload.args && typeof payload.args === "object" && !Array.isArray(payload.args) ? { ...payload.args } : {};
+    if (!args.capability) {
+      args.capability = capabilityId;
+    }
+    return this.request("/webhooks/realtimex", {
+      method: "POST",
+      body: JSON.stringify({
+        app_name: this.appName,
+        app_id: this.appId,
+        event: "task.trigger",
+        event_id: payload.event_id || createContractEventId(),
+        attempt_id: normalizeAttemptId(payload.attempt_id),
+        payload: {
+          raw_data: args,
+          auto_run: payload.auto_run ?? false,
+          agent_name: payload.agent_name,
+          workspace_slug: payload.workspace_slug,
+          thread_slug: payload.thread_slug,
+          prompt: payload.prompt ?? ""
+        }
+      })
+    });
+  }
+  getCachedCatalogHash() {
+    return this.cachedCapabilityCatalogHash;
+  }
   clearCache() {
     this.cachedContract = null;
+    this.cachedCapabilities = null;
+    this.cachedCapabilityCatalogHash = null;
   }
 };
 
@@ -2405,6 +2488,7 @@ var ContractRuntime = class {
         tool_call_id: call.tool_call_id,
         args: call.args,
         context: {
+          app_id: context.appId,
           user_id: context.userId,
           workspace_id: context.workspaceId || null,
           request_id: context.requestId || null,
@@ -2417,7 +2501,9 @@ var ContractRuntime = class {
     }
     return {
       app_name: this.appName,
-      app_id: this.appId || context.appId,
+      // In API-key dev mode, app_id should be omitted unless explicitly configured
+      // on the runtime. Passing an unknown app_id causes webhook trigger rejection.
+      app_id: this.appId || void 0,
       event: tool.trigger.event,
       event_id: eventId,
       payload
@@ -2531,6 +2617,118 @@ var ContractRuntime = class {
   }
 };
 
+// src/modules/database.ts
+var DatabaseModule = class {
+  constructor(realtimexUrl, appId, apiKey) {
+    this.baseUrl = realtimexUrl.replace(/\/$/, "");
+    this.appId = appId;
+    this.apiKey = apiKey;
+  }
+  getHeaders() {
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this.apiKey) {
+      headers["Authorization"] = `Bearer ${this.apiKey}`;
+    }
+    if (this.appId) {
+      headers["x-app-id"] = this.appId;
+    }
+    return headers;
+  }
+  /**
+   * Get the Supabase database configuration for this app.
+   * Returns URL, anonKey, mode, and tables.
+   *
+   * @example
+   * ```ts
+   * const config = await sdk.database.getConfig();
+   * const supabase = createClient(config.url, config.anonKey);
+   * ```
+   */
+  async getConfig() {
+    const response = await fetch(`${this.baseUrl}/sdk/database/config`, {
+      method: "GET",
+      headers: this.getHeaders()
+    });
+    const data = await response.json();
+    if (!response.ok) {
+      throw new Error(data.error || "Failed to get database config");
+    }
+    return data.config;
+  }
+};
+
+// src/modules/auth.ts
+var AuthModule = class {
+  constructor(realtimexUrl, appId, apiKey) {
+    this.baseUrl = realtimexUrl.replace(/\/$/, "");
+    this.appId = appId;
+    this.apiKey = apiKey;
+  }
+  getHeaders() {
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this.apiKey) {
+      headers["Authorization"] = `Bearer ${this.apiKey}`;
+    }
+    if (this.appId) {
+      headers["x-app-id"] = this.appId;
+    }
+    return headers;
+  }
+  /**
+   * Push a Supabase access token to the Main App.
+   * This enables Main App to use the token for:
+   * - Realtime subscriptions (bypass RLS)
+   * - CRUD operations on rtx_activities (bypass RLS)
+   *
+   * @param token - Supabase JWT from supabase.auth.signIn()
+   *
+   * @example
+   * ```ts
+   * const { data } = await supabase.auth.signInWithPassword({ email, password });
+   * await sdk.auth.syncSupabaseToken(data.session.access_token);
+   * ```
+   */
+  async syncSupabaseToken(token) {
+    if (!token || typeof token !== "string") {
+      throw new Error("Token must be a non-empty string");
+    }
+    const response = await fetch(`${this.baseUrl}/sdk/auth/sync-supabase-token`, {
+      method: "POST",
+      headers: this.getHeaders(),
+      body: JSON.stringify({ token })
+    });
+    const data = await response.json();
+    if (!response.ok) {
+      throw new Error(data.error || "Failed to sync Supabase token");
+    }
+    return data;
+  }
+  /**
+   * Retrieve the current Keycloak access token from Main App.
+   * This is the existing Token Vending Machine endpoint.
+   *
+   * @returns The access token info, or null if no token is available.
+   */
+  async getAccessToken() {
+    const response = await fetch(`${this.baseUrl}/sdk/auth/token`, {
+      method: "GET",
+      headers: this.getHeaders()
+    });
+    const data = await response.json();
+    if (response.status === 404) {
+      return null;
+    }
+    if (!response.ok) {
+      throw new Error(data.error || "Failed to get access token");
+    }
+    return data;
+  }
+};
+
 // src/core/auth/AuthProvider.ts
 var StaticAuthProvider = class {
   constructor(options = {}) {
@@ -3225,6 +3423,8 @@ var _RealtimeXSDK = class _RealtimeXSDK {
       apiKey: this.apiKey,
       permissions: this.permissions
     });
+    this.database = new DatabaseModule(this.realtimexUrl, this.appId, this.apiKey);
+    this.auth = new AuthModule(this.realtimexUrl, this.appId, this.apiKey);
     if (this.permissions.length > 0 && this.appId && !this.apiKey) {
       this.register().catch((err) => {
         console.error("[RealtimeX SDK] Auto-registration failed:", err.message);
@@ -3332,6 +3532,7 @@ export {
   ActivitiesModule,
   AgentModule,
   ApiModule,
+  AuthModule,
   CONTRACT_ATTEMPT_PREFIX,
   CONTRACT_EVENT_ID_HEADER,
   CONTRACT_SIGNATURE_ALGORITHM,
@@ -3345,6 +3546,7 @@ export {
   ContractModule,
   ContractRuntime,
   ContractValidationError,
+  DatabaseModule,
   GeminiToolAdapter,
   LLMModule,
   LLMPermissionError,

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@realtimex/sdk",
-    "version": "1.3.5-rc.2",
+    "version": "1.3.7-rc.1",
     "description": "SDK for building Local Apps that integrate with RealtimeX",
     "main": "dist/index.js",
     "module": "dist/index.mjs",