@realtimex/sdk 1.3.6 → 1.4.0

package/dist/index.d.mts

@@ -41,6 +41,7 @@ interface TriggerAgentResponse {
     success: boolean;
     task_uuid?: string;
     task_id?: string;
+    capability_id?: string;
     event_id?: string;
     attempt_id?: string;
     event_type?: ContractEventType | string;
@@ -59,21 +60,72 @@ interface ContractCallbackMetadata {
     attempt_id_format?: string;
     idempotency?: string;
 }
+interface ContractCapabilityTrigger$1 {
+    event: string;
+    route?: string;
+    payload_template?: Record<string, unknown>;
+}
+interface ContractCapability$1 {
+    capability_id: string;
+    name: string;
+    description?: string;
+    input_schema: Record<string, unknown>;
+    output_schema?: Record<string, unknown>;
+    permission?: string;
+    trigger?: ContractCapabilityTrigger$1;
+    tags?: string[];
+    examples?: string[];
+    risk_level?: 'low' | 'medium' | 'high' | null;
+    enabled?: boolean;
+}
 interface LocalAppContractDefinition {
     id: string;
     version: string;
+    strictness?: 'compatible' | 'strict';
     events: Record<string, ContractEventType>;
     supported_events: ContractEventType[];
     supported_legacy_events: string[];
     aliases: Record<string, ContractEventType>;
     status_map: Record<string, string>;
     legacy_action_map: Record<ContractEventType, string>;
+    catalog_hash?: string;
+    capability_count?: number;
+    capabilities?: ContractCapability$1[];
     callback?: ContractCallbackMetadata;
 }
 interface LocalAppContractResponse {
     success: boolean;
     contract: LocalAppContractDefinition;
 }
+interface LocalAppCapabilitiesResponse {
+    success: boolean;
+    contract_version: string;
+    strictness?: 'compatible' | 'strict';
+    catalog_hash?: string;
+    count: number;
+    capabilities: ContractCapability$1[];
+}
+interface LocalAppCapabilitySearchResponse extends LocalAppCapabilitiesResponse {
+    query: string;
+}
+interface LocalAppCapabilityDetailResponse {
+    success: boolean;
+    contract_version: string;
+    strictness?: 'compatible' | 'strict';
+    catalog_hash?: string;
+    capability: ContractCapability$1;
+}
+interface ContractInvokePayload {
+    capability_id: string;
+    args?: Record<string, unknown>;
+    auto_run?: boolean;
+    agent_name?: string;
+    workspace_slug?: string;
+    thread_slug?: string;
+    prompt?: string;
+    event_id?: string;
+    attempt_id?: string | number;
+}
 interface Agent {
     slug: string;
     name: string;
@@ -1065,6 +1117,134 @@ declare class AgentModule {
     }>;
 }
 
+/**
+ * ACP Agent Module — CLI-based agent sessions via ACP bridge
+ *
+ * Provides session lifecycle, sync/streaming chat, permission resolution,
+ * and turn control for CLI agents (Claude, Gemini, Codex, etc.).
+ *
+ * Unlike AgentModule (LLM API-based), ACP agents spawn CLI processes
+ * and can execute commands, read/write files, and interact with tools.
+ */
+
+interface AcpAgentInfo {
+    id: string;
+    label: string;
+    handles: string[];
+    installed: boolean;
+    authReady: boolean;
+    version?: string | null;
+    status: "installed" | "not_installed";
+    /** Present when listAgents({ includeModels: true }). */
+    models?: Array<{
+        id: string;
+        name?: string;
+    }>;
+    /** "provider_api" | "fallback" — how models were resolved. */
+    source?: string | null;
+    /** Non-null if model fetch failed and fell back. */
+    error?: string | null;
+}
+interface AcpSessionOptions {
+    agent_id: string;
+    cwd?: string;
+    label?: string;
+    model?: string;
+    approvalPolicy?: "approve-all" | "approve-reads" | "deny-all";
+}
+interface AcpSession {
+    session_key: string;
+    agent_id: string;
+    state: "initializing" | "ready" | "stale" | "closed";
+    backend_id: string;
+    created_at: string;
+}
+interface AcpSessionStatus extends AcpSession {
+    runtime_options: AcpRuntimeOptionPatch;
+    last_activity_at: string | null;
+    last_error?: string;
+}
+interface AcpRuntimeOptionPatch {
+    model?: string;
+    cwd?: string;
+    timeoutSeconds?: number;
+    runtimeMode?: string;
+    approvalPolicy?: "approve-all" | "approve-reads" | "deny-all";
+    extras?: Record<string, string>;
+}
+interface AcpAttachment {
+    contentString: string;
+    mime: string;
+}
+interface AcpChatResponse {
+    text: string;
+    stop_reason?: string;
+}
+interface AcpStreamEvent {
+    type: "text_delta" | "status" | "tool_call" | "permission_request" | "done" | "error" | "close";
+    data: Record<string, unknown>;
+}
+interface AcpPermissionDecision {
+    requestId: string;
+    optionId: string;
+    outcome?: string;
+}
+declare class AcpAgentModule {
+    private httpClient;
+    constructor(httpClient: HttpClient);
+    /** List available CLI agents. Pass includeModels to get model lists per agent. */
+    listAgents(opts?: {
+        includeModels?: boolean;
+    }): Promise<AcpAgentInfo[]>;
+    /** Create and initialize a new ACP session. Spawns the CLI agent process. */
+    createSession(options: AcpSessionOptions): Promise<AcpSession>;
+    /** Get session status and runtime options. */
+    getSession(sessionKey: string): Promise<AcpSessionStatus>;
+    /** List active ACP sessions owned by this app. */
+    listSessions(): Promise<AcpSessionStatus[]>;
+    /** Update runtime options (applied on next turn). */
+    patchSession(sessionKey: string, patch: AcpRuntimeOptionPatch): Promise<void>;
+    /** Close session and stop the agent process. */
+    closeSession(sessionKey: string, reason?: string): Promise<void>;
+    /**
+     * Synchronous turn — waits for completion, returns full response.
+     * Requires approvalPolicy set on the session (via create or patchSession).
+     */
+    chat(sessionKey: string, message: string, attachments?: AcpAttachment[]): Promise<AcpChatResponse>;
+    /**
+     * Streaming turn via SSE. Yields events as they arrive.
+     *
+     * Uses named SSE events (event: + data: lines). The event type comes
+     * from the `event:` line, not from inside the JSON payload.
+     *
+     * @example
+     * ```typescript
+     * for await (const event of sdk.acpAgent.streamChat(key, 'Explain this')) {
+     *   if (event.type === 'text_delta') console.log(event.data.text);
+     *   if (event.type === 'permission_request') {
+     *     await sdk.acpAgent.resolvePermission(key, {
+     *       requestId: event.data.requestId as string,
+     *       optionId: 'allow_once',
+     *     });
+     *   }
+     * }
+     * ```
+     */
+    streamChat(sessionKey: string, message: string, attachments?: AcpAttachment[]): AsyncIterableIterator<AcpStreamEvent>;
+    /** Cancel the active turn on a session. */
+    cancelTurn(sessionKey: string, reason?: string): Promise<void>;
+    /** Resolve a pending permission request (call while SSE stream is active). */
+    resolvePermission(sessionKey: string, decision: AcpPermissionDecision): Promise<{
+        resolved: boolean;
+        reason?: string;
+    }>;
+    /** Convenience: create session + first sync chat in one call. */
+    startChat(message: string, options: AcpSessionOptions): Promise<{
+        session: AcpSession;
+        response: AcpChatResponse;
+    }>;
+}
+
 /**
  * MCP Module - Interact with MCP servers via RealtimeX SDK
  */
@@ -1170,10 +1350,19 @@ declare class ContractModule {
     private readonly appId?;
     private readonly apiKey?;
     private cachedContract;
+    private cachedCapabilities;
+    private cachedCapabilityCatalogHash;
     constructor(realtimexUrl: string, appName?: string, appId?: string, apiKey?: string);
     private requestPermission;
     private request;
     getLocalAppV1(forceRefresh?: boolean): Promise<LocalAppContractDefinition>;
+    listCapabilities(forceRefresh?: boolean): Promise<ContractCapability$1[]>;
+    searchCapabilities(query: string): Promise<ContractCapability$1[]>;
+    describeCapability(capabilityId: string): Promise<ContractCapability$1>;
+    search(query: string): Promise<ContractCapability$1[]>;
+    describe(capabilityId: string): Promise<ContractCapability$1>;
+    invoke(payload: ContractInvokePayload): Promise<TriggerAgentResponse>;
+    getCachedCatalogHash(): string | null;
     clearCache(): void;
 }
 
@@ -1786,6 +1975,7 @@ declare class RealtimeXSDK {
     tts: TTSModule;
     stt: STTModule;
     agent: AgentModule;
+    acpAgent: AcpAgentModule;
     mcp: MCPModule;
     contract: ContractModule;
     contractRuntime: ContractRuntime;
@@ -1825,4 +2015,4 @@ declare class RealtimeXSDK {
     getAppDataDir(): Promise<string>;
 }
 
-export { type ACPAdapterContext, type ACPAdapterTelemetryEvent, type ACPAdapterTelemetrySink, ACPContractAdapter, type ACPContractAdapterOptions, type ACPContractRuntime, ACPEventMapper, type ACPExecutionReference, type ACPNotifier, ACPPermissionBridge, type ACPSessionToolUpdate, type ACPSessionUpdateParams, ACPTelemetry, type ACPTextContent, type ACPToolInvocation, type ACPToolKind, type ACPToolStatus, ActivitiesModule, type Activity, type Agent, type AgentChatOptions, type AgentChatResponse, AgentModule, type AgentSession, type AgentSessionInfo, type AgentSessionOptions, ApiModule, AuthModule, type AuthProvider, type AuthTokenResponse, CONTRACT_ATTEMPT_PREFIX, CONTRACT_EVENT_ID_HEADER, CONTRACT_SIGNATURE_ALGORITHM, CONTRACT_SIGNATURE_HEADER, type CanonicalToolDefinition, type ChatContentBlock, type ChatCustomBlock, type ChatFileBlock, type ChatImageUrlBlock, type ChatMessage, type ChatMessageContent, type ChatOptions, type ChatResponse, type ChatTextBlock, ClaudeToolAdapter, type ClaudeToolCall, type ClaudeToolDefinition, type ClaudeToolResult, CodexToolAdapter, type CodexToolCall, type CodexToolDefinition, type CodexToolResult, ContractCache, type ContractCallbackMetadata, type ContractCallbackRules, type ContractCapability, type ContractCapabilityTrigger, ContractClient, type ContractClientOptions, type ContractDiscoveryResponse, ContractError, type ContractEventType, ContractHttpClient, type ContractHttpClientConfig, ContractModule, ContractRuntime, type ContractRuntimeInterface, type ContractRuntimeOptions, type ContractSignInput, type ContractStrictness, ContractValidationError, type DatabaseConfig, DatabaseModule, type EmbedOptions, type EmbedResponse, type ExecutionContext, type ExecutionResult, type GeminiFunctionDeclaration, GeminiToolAdapter, type GeminiToolCall, type GeminiToolResult, type GetToolsInput, type HostToolAdapter, type IngestExecutionEventInput, LLMModule, LLMPermissionError, LLMProviderError, LOCAL_APP_CONTRACT_VERSION, type LegacyLocalAppContractShape, type LifecycleEventType, type LocalAppContractDefinition, type LocalAppContractResponse, type LocalAppContractV1, MCPModule, type MCPServer, type MCPTool, type MCPToolResult, PermissionDeniedError, type PermissionOption, PermissionRequiredError, PortModule, type ProjectToolsInput, type Provider, type ProviderKind, type ProvidersResponse, RealtimeXSDK, RetryPolicy, type RetryPolicyOptions, type RuntimeExecutionEvent, RuntimeTransportError, type SDKConfig, type STTListenOptions, type STTModel, type STTModelsResponse, STTModule, type STTProvider, type STTProvidersResponse, type STTResponse, ScopeDeniedError, ScopeGuard, StaticAuthProvider, type StaticAuthProviderOptions, type StreamChunk, type StreamChunkEvent, type SyncTokenResponse, type TTSChunk, type TTSChunkEvent, TTSModule, type TTSOptions, type TTSProvider, type TTSProviderConfig, type TTSProvidersResponse, type Task, TaskModule, type TaskRun, type Thread, type ToolCall, ToolNotFoundError, ToolProjector, ToolValidationError, type TriggerAgentPayload, type TriggerAgentResponse, type VectorDeleteOptions, type VectorDeleteResponse, type VectorQueryOptions, type VectorQueryResponse, type VectorQueryResult, type VectorRecord, VectorStore, type VectorUpsertOptions, type VectorUpsertResponse, WebhookModule, type Workspace, buildContractIdempotencyKey, buildContractSignatureMessage, canonicalEventToLegacyAction, createContractEventId, hashContractPayload, normalizeAttemptId, normalizeContractEvent, normalizeLocalAppContractV1, normalizeSchema, parseAttemptRunId, signContractEvent, toStableToolName };
+export { type ACPAdapterContext, type ACPAdapterTelemetryEvent, type ACPAdapterTelemetrySink, ACPContractAdapter, type ACPContractAdapterOptions, type ACPContractRuntime, ACPEventMapper, type ACPExecutionReference, type ACPNotifier, ACPPermissionBridge, type ACPSessionToolUpdate, type ACPSessionUpdateParams, ACPTelemetry, type ACPTextContent, type ACPToolInvocation, type ACPToolKind, type ACPToolStatus, type AcpAgentInfo, AcpAgentModule, type AcpAttachment, type AcpChatResponse, type AcpPermissionDecision, type AcpRuntimeOptionPatch, type AcpSession, type AcpSessionOptions, type AcpSessionStatus, type AcpStreamEvent, ActivitiesModule, type Activity, type Agent, type AgentChatOptions, type AgentChatResponse, AgentModule, type AgentSession, type AgentSessionInfo, type AgentSessionOptions, ApiModule, AuthModule, type AuthProvider, type AuthTokenResponse, CONTRACT_ATTEMPT_PREFIX, CONTRACT_EVENT_ID_HEADER, CONTRACT_SIGNATURE_ALGORITHM, CONTRACT_SIGNATURE_HEADER, type CanonicalToolDefinition, type ChatContentBlock, type ChatCustomBlock, type ChatFileBlock, type ChatImageUrlBlock, type ChatMessage, type ChatMessageContent, type ChatOptions, type ChatResponse, type ChatTextBlock, ClaudeToolAdapter, type ClaudeToolCall, type ClaudeToolDefinition, type ClaudeToolResult, CodexToolAdapter, type CodexToolCall, type CodexToolDefinition, type CodexToolResult, ContractCache, type ContractCallbackMetadata, type ContractCallbackRules, type ContractCapability, type ContractCapabilityTrigger, ContractClient, type ContractClientOptions, type ContractDiscoveryResponse, ContractError, type ContractEventType, ContractHttpClient, type ContractHttpClientConfig, type ContractInvokePayload, ContractModule, ContractRuntime, type ContractRuntimeInterface, type ContractRuntimeOptions, type ContractSignInput, type ContractStrictness, ContractValidationError, type DatabaseConfig, DatabaseModule, type EmbedOptions, type EmbedResponse, type ExecutionContext, type ExecutionResult, type GeminiFunctionDeclaration, GeminiToolAdapter, type GeminiToolCall, type GeminiToolResult, type GetToolsInput, type HostToolAdapter, type IngestExecutionEventInput, LLMModule, LLMPermissionError, LLMProviderError, LOCAL_APP_CONTRACT_VERSION, type LegacyLocalAppContractShape, type LifecycleEventType, type LocalAppCapabilitiesResponse, type LocalAppCapabilityDetailResponse, type LocalAppCapabilitySearchResponse, type LocalAppContractDefinition, type LocalAppContractResponse, type LocalAppContractV1, MCPModule, type MCPServer, type MCPTool, type MCPToolResult, PermissionDeniedError, type PermissionOption, PermissionRequiredError, PortModule, type ProjectToolsInput, type Provider, type ProviderKind, type ProvidersResponse, RealtimeXSDK, RetryPolicy, type RetryPolicyOptions, type RuntimeExecutionEvent, RuntimeTransportError, type SDKConfig, type STTListenOptions, type STTModel, type STTModelsResponse, STTModule, type STTProvider, type STTProvidersResponse, type STTResponse, ScopeDeniedError, ScopeGuard, StaticAuthProvider, type StaticAuthProviderOptions, type StreamChunk, type StreamChunkEvent, type SyncTokenResponse, type TTSChunk, type TTSChunkEvent, TTSModule, type TTSOptions, type TTSProvider, type TTSProviderConfig, type TTSProvidersResponse, type Task, TaskModule, type TaskRun, type Thread, type ToolCall, ToolNotFoundError, ToolProjector, ToolValidationError, type TriggerAgentPayload, type TriggerAgentResponse, type VectorDeleteOptions, type VectorDeleteResponse, type VectorQueryOptions, type VectorQueryResponse, type VectorQueryResult, type VectorRecord, VectorStore, type VectorUpsertOptions, type VectorUpsertResponse, WebhookModule, type Workspace, buildContractIdempotencyKey, buildContractSignatureMessage, canonicalEventToLegacyAction, createContractEventId, hashContractPayload, normalizeAttemptId, normalizeContractEvent, normalizeLocalAppContractV1, normalizeSchema, parseAttemptRunId, signContractEvent, toStableToolName };

package/dist/index.d.ts

@@ -41,6 +41,7 @@ interface TriggerAgentResponse {
     success: boolean;
     task_uuid?: string;
     task_id?: string;
+    capability_id?: string;
     event_id?: string;
     attempt_id?: string;
     event_type?: ContractEventType | string;
@@ -59,21 +60,72 @@ interface ContractCallbackMetadata {
     attempt_id_format?: string;
     idempotency?: string;
 }
+interface ContractCapabilityTrigger$1 {
+    event: string;
+    route?: string;
+    payload_template?: Record<string, unknown>;
+}
+interface ContractCapability$1 {
+    capability_id: string;
+    name: string;
+    description?: string;
+    input_schema: Record<string, unknown>;
+    output_schema?: Record<string, unknown>;
+    permission?: string;
+    trigger?: ContractCapabilityTrigger$1;
+    tags?: string[];
+    examples?: string[];
+    risk_level?: 'low' | 'medium' | 'high' | null;
+    enabled?: boolean;
+}
 interface LocalAppContractDefinition {
     id: string;
     version: string;
+    strictness?: 'compatible' | 'strict';
     events: Record<string, ContractEventType>;
     supported_events: ContractEventType[];
     supported_legacy_events: string[];
     aliases: Record<string, ContractEventType>;
     status_map: Record<string, string>;
     legacy_action_map: Record<ContractEventType, string>;
+    catalog_hash?: string;
+    capability_count?: number;
+    capabilities?: ContractCapability$1[];
     callback?: ContractCallbackMetadata;
 }
 interface LocalAppContractResponse {
     success: boolean;
     contract: LocalAppContractDefinition;
 }
+interface LocalAppCapabilitiesResponse {
+    success: boolean;
+    contract_version: string;
+    strictness?: 'compatible' | 'strict';
+    catalog_hash?: string;
+    count: number;
+    capabilities: ContractCapability$1[];
+}
+interface LocalAppCapabilitySearchResponse extends LocalAppCapabilitiesResponse {
+    query: string;
+}
+interface LocalAppCapabilityDetailResponse {
+    success: boolean;
+    contract_version: string;
+    strictness?: 'compatible' | 'strict';
+    catalog_hash?: string;
+    capability: ContractCapability$1;
+}
+interface ContractInvokePayload {
+    capability_id: string;
+    args?: Record<string, unknown>;
+    auto_run?: boolean;
+    agent_name?: string;
+    workspace_slug?: string;
+    thread_slug?: string;
+    prompt?: string;
+    event_id?: string;
+    attempt_id?: string | number;
+}
 interface Agent {
     slug: string;
     name: string;
@@ -1065,6 +1117,134 @@ declare class AgentModule {
     }>;
 }
 
+/**
+ * ACP Agent Module — CLI-based agent sessions via ACP bridge
+ *
+ * Provides session lifecycle, sync/streaming chat, permission resolution,
+ * and turn control for CLI agents (Claude, Gemini, Codex, etc.).
+ *
+ * Unlike AgentModule (LLM API-based), ACP agents spawn CLI processes
+ * and can execute commands, read/write files, and interact with tools.
+ */
+
+interface AcpAgentInfo {
+    id: string;
+    label: string;
+    handles: string[];
+    installed: boolean;
+    authReady: boolean;
+    version?: string | null;
+    status: "installed" | "not_installed";
+    /** Present when listAgents({ includeModels: true }). */
+    models?: Array<{
+        id: string;
+        name?: string;
+    }>;
+    /** "provider_api" | "fallback" — how models were resolved. */
+    source?: string | null;
+    /** Non-null if model fetch failed and fell back. */
+    error?: string | null;
+}
+interface AcpSessionOptions {
+    agent_id: string;
+    cwd?: string;
+    label?: string;
+    model?: string;
+    approvalPolicy?: "approve-all" | "approve-reads" | "deny-all";
+}
+interface AcpSession {
+    session_key: string;
+    agent_id: string;
+    state: "initializing" | "ready" | "stale" | "closed";
+    backend_id: string;
+    created_at: string;
+}
+interface AcpSessionStatus extends AcpSession {
+    runtime_options: AcpRuntimeOptionPatch;
+    last_activity_at: string | null;
+    last_error?: string;
+}
+interface AcpRuntimeOptionPatch {
+    model?: string;
+    cwd?: string;
+    timeoutSeconds?: number;
+    runtimeMode?: string;
+    approvalPolicy?: "approve-all" | "approve-reads" | "deny-all";
+    extras?: Record<string, string>;
+}
+interface AcpAttachment {
+    contentString: string;
+    mime: string;
+}
+interface AcpChatResponse {
+    text: string;
+    stop_reason?: string;
+}
+interface AcpStreamEvent {
+    type: "text_delta" | "status" | "tool_call" | "permission_request" | "done" | "error" | "close";
+    data: Record<string, unknown>;
+}
+interface AcpPermissionDecision {
+    requestId: string;
+    optionId: string;
+    outcome?: string;
+}
+declare class AcpAgentModule {
+    private httpClient;
+    constructor(httpClient: HttpClient);
+    /** List available CLI agents. Pass includeModels to get model lists per agent. */
+    listAgents(opts?: {
+        includeModels?: boolean;
+    }): Promise<AcpAgentInfo[]>;
+    /** Create and initialize a new ACP session. Spawns the CLI agent process. */
+    createSession(options: AcpSessionOptions): Promise<AcpSession>;
+    /** Get session status and runtime options. */
+    getSession(sessionKey: string): Promise<AcpSessionStatus>;
+    /** List active ACP sessions owned by this app. */
+    listSessions(): Promise<AcpSessionStatus[]>;
+    /** Update runtime options (applied on next turn). */
+    patchSession(sessionKey: string, patch: AcpRuntimeOptionPatch): Promise<void>;
+    /** Close session and stop the agent process. */
+    closeSession(sessionKey: string, reason?: string): Promise<void>;
+    /**
+     * Synchronous turn — waits for completion, returns full response.
+     * Requires approvalPolicy set on the session (via create or patchSession).
+     */
+    chat(sessionKey: string, message: string, attachments?: AcpAttachment[]): Promise<AcpChatResponse>;
+    /**
+     * Streaming turn via SSE. Yields events as they arrive.
+     *
+     * Uses named SSE events (event: + data: lines). The event type comes
+     * from the `event:` line, not from inside the JSON payload.
+     *
+     * @example
+     * ```typescript
+     * for await (const event of sdk.acpAgent.streamChat(key, 'Explain this')) {
+     *   if (event.type === 'text_delta') console.log(event.data.text);
+     *   if (event.type === 'permission_request') {
+     *     await sdk.acpAgent.resolvePermission(key, {
+     *       requestId: event.data.requestId as string,
+     *       optionId: 'allow_once',
+     *     });
+     *   }
+     * }
+     * ```
+     */
+    streamChat(sessionKey: string, message: string, attachments?: AcpAttachment[]): AsyncIterableIterator<AcpStreamEvent>;
+    /** Cancel the active turn on a session. */
+    cancelTurn(sessionKey: string, reason?: string): Promise<void>;
+    /** Resolve a pending permission request (call while SSE stream is active). */
+    resolvePermission(sessionKey: string, decision: AcpPermissionDecision): Promise<{
+        resolved: boolean;
+        reason?: string;
+    }>;
+    /** Convenience: create session + first sync chat in one call. */
+    startChat(message: string, options: AcpSessionOptions): Promise<{
+        session: AcpSession;
+        response: AcpChatResponse;
+    }>;
+}
+
 /**
  * MCP Module - Interact with MCP servers via RealtimeX SDK
  */
@@ -1170,10 +1350,19 @@ declare class ContractModule {
     private readonly appId?;
     private readonly apiKey?;
     private cachedContract;
+    private cachedCapabilities;
+    private cachedCapabilityCatalogHash;
     constructor(realtimexUrl: string, appName?: string, appId?: string, apiKey?: string);
     private requestPermission;
     private request;
     getLocalAppV1(forceRefresh?: boolean): Promise<LocalAppContractDefinition>;
+    listCapabilities(forceRefresh?: boolean): Promise<ContractCapability$1[]>;
+    searchCapabilities(query: string): Promise<ContractCapability$1[]>;
+    describeCapability(capabilityId: string): Promise<ContractCapability$1>;
+    search(query: string): Promise<ContractCapability$1[]>;
+    describe(capabilityId: string): Promise<ContractCapability$1>;
+    invoke(payload: ContractInvokePayload): Promise<TriggerAgentResponse>;
+    getCachedCatalogHash(): string | null;
     clearCache(): void;
 }
 
@@ -1786,6 +1975,7 @@ declare class RealtimeXSDK {
     tts: TTSModule;
     stt: STTModule;
     agent: AgentModule;
+    acpAgent: AcpAgentModule;
     mcp: MCPModule;
     contract: ContractModule;
     contractRuntime: ContractRuntime;
@@ -1825,4 +2015,4 @@ declare class RealtimeXSDK {
     getAppDataDir(): Promise<string>;
 }
 
-export { type ACPAdapterContext, type ACPAdapterTelemetryEvent, type ACPAdapterTelemetrySink, ACPContractAdapter, type ACPContractAdapterOptions, type ACPContractRuntime, ACPEventMapper, type ACPExecutionReference, type ACPNotifier, ACPPermissionBridge, type ACPSessionToolUpdate, type ACPSessionUpdateParams, ACPTelemetry, type ACPTextContent, type ACPToolInvocation, type ACPToolKind, type ACPToolStatus, ActivitiesModule, type Activity, type Agent, type AgentChatOptions, type AgentChatResponse, AgentModule, type AgentSession, type AgentSessionInfo, type AgentSessionOptions, ApiModule, AuthModule, type AuthProvider, type AuthTokenResponse, CONTRACT_ATTEMPT_PREFIX, CONTRACT_EVENT_ID_HEADER, CONTRACT_SIGNATURE_ALGORITHM, CONTRACT_SIGNATURE_HEADER, type CanonicalToolDefinition, type ChatContentBlock, type ChatCustomBlock, type ChatFileBlock, type ChatImageUrlBlock, type ChatMessage, type ChatMessageContent, type ChatOptions, type ChatResponse, type ChatTextBlock, ClaudeToolAdapter, type ClaudeToolCall, type ClaudeToolDefinition, type ClaudeToolResult, CodexToolAdapter, type CodexToolCall, type CodexToolDefinition, type CodexToolResult, ContractCache, type ContractCallbackMetadata, type ContractCallbackRules, type ContractCapability, type ContractCapabilityTrigger, ContractClient, type ContractClientOptions, type ContractDiscoveryResponse, ContractError, type ContractEventType, ContractHttpClient, type ContractHttpClientConfig, ContractModule, ContractRuntime, type ContractRuntimeInterface, type ContractRuntimeOptions, type ContractSignInput, type ContractStrictness, ContractValidationError, type DatabaseConfig, DatabaseModule, type EmbedOptions, type EmbedResponse, type ExecutionContext, type ExecutionResult, type GeminiFunctionDeclaration, GeminiToolAdapter, type GeminiToolCall, type GeminiToolResult, type GetToolsInput, type HostToolAdapter, type IngestExecutionEventInput, LLMModule, LLMPermissionError, LLMProviderError, LOCAL_APP_CONTRACT_VERSION, type LegacyLocalAppContractShape, type LifecycleEventType, type LocalAppContractDefinition, type LocalAppContractResponse, type LocalAppContractV1, MCPModule, type MCPServer, type MCPTool, type MCPToolResult, PermissionDeniedError, type PermissionOption, PermissionRequiredError, PortModule, type ProjectToolsInput, type Provider, type ProviderKind, type ProvidersResponse, RealtimeXSDK, RetryPolicy, type RetryPolicyOptions, type RuntimeExecutionEvent, RuntimeTransportError, type SDKConfig, type STTListenOptions, type STTModel, type STTModelsResponse, STTModule, type STTProvider, type STTProvidersResponse, type STTResponse, ScopeDeniedError, ScopeGuard, StaticAuthProvider, type StaticAuthProviderOptions, type StreamChunk, type StreamChunkEvent, type SyncTokenResponse, type TTSChunk, type TTSChunkEvent, TTSModule, type TTSOptions, type TTSProvider, type TTSProviderConfig, type TTSProvidersResponse, type Task, TaskModule, type TaskRun, type Thread, type ToolCall, ToolNotFoundError, ToolProjector, ToolValidationError, type TriggerAgentPayload, type TriggerAgentResponse, type VectorDeleteOptions, type VectorDeleteResponse, type VectorQueryOptions, type VectorQueryResponse, type VectorQueryResult, type VectorRecord, VectorStore, type VectorUpsertOptions, type VectorUpsertResponse, WebhookModule, type Workspace, buildContractIdempotencyKey, buildContractSignatureMessage, canonicalEventToLegacyAction, createContractEventId, hashContractPayload, normalizeAttemptId, normalizeContractEvent, normalizeLocalAppContractV1, normalizeSchema, parseAttemptRunId, signContractEvent, toStableToolName };
+export { type ACPAdapterContext, type ACPAdapterTelemetryEvent, type ACPAdapterTelemetrySink, ACPContractAdapter, type ACPContractAdapterOptions, type ACPContractRuntime, ACPEventMapper, type ACPExecutionReference, type ACPNotifier, ACPPermissionBridge, type ACPSessionToolUpdate, type ACPSessionUpdateParams, ACPTelemetry, type ACPTextContent, type ACPToolInvocation, type ACPToolKind, type ACPToolStatus, type AcpAgentInfo, AcpAgentModule, type AcpAttachment, type AcpChatResponse, type AcpPermissionDecision, type AcpRuntimeOptionPatch, type AcpSession, type AcpSessionOptions, type AcpSessionStatus, type AcpStreamEvent, ActivitiesModule, type Activity, type Agent, type AgentChatOptions, type AgentChatResponse, AgentModule, type AgentSession, type AgentSessionInfo, type AgentSessionOptions, ApiModule, AuthModule, type AuthProvider, type AuthTokenResponse, CONTRACT_ATTEMPT_PREFIX, CONTRACT_EVENT_ID_HEADER, CONTRACT_SIGNATURE_ALGORITHM, CONTRACT_SIGNATURE_HEADER, type CanonicalToolDefinition, type ChatContentBlock, type ChatCustomBlock, type ChatFileBlock, type ChatImageUrlBlock, type ChatMessage, type ChatMessageContent, type ChatOptions, type ChatResponse, type ChatTextBlock, ClaudeToolAdapter, type ClaudeToolCall, type ClaudeToolDefinition, type ClaudeToolResult, CodexToolAdapter, type CodexToolCall, type CodexToolDefinition, type CodexToolResult, ContractCache, type ContractCallbackMetadata, type ContractCallbackRules, type ContractCapability, type ContractCapabilityTrigger, ContractClient, type ContractClientOptions, type ContractDiscoveryResponse, ContractError, type ContractEventType, ContractHttpClient, type ContractHttpClientConfig, type ContractInvokePayload, ContractModule, ContractRuntime, type ContractRuntimeInterface, type ContractRuntimeOptions, type ContractSignInput, type ContractStrictness, ContractValidationError, type DatabaseConfig, DatabaseModule, type EmbedOptions, type EmbedResponse, type ExecutionContext, type ExecutionResult, type GeminiFunctionDeclaration, GeminiToolAdapter, type GeminiToolCall, type GeminiToolResult, type GetToolsInput, type HostToolAdapter, type IngestExecutionEventInput, LLMModule, LLMPermissionError, LLMProviderError, LOCAL_APP_CONTRACT_VERSION, type LegacyLocalAppContractShape, type LifecycleEventType, type LocalAppCapabilitiesResponse, type LocalAppCapabilityDetailResponse, type LocalAppCapabilitySearchResponse, type LocalAppContractDefinition, type LocalAppContractResponse, type LocalAppContractV1, MCPModule, type MCPServer, type MCPTool, type MCPToolResult, PermissionDeniedError, type PermissionOption, PermissionRequiredError, PortModule, type ProjectToolsInput, type Provider, type ProviderKind, type ProvidersResponse, RealtimeXSDK, RetryPolicy, type RetryPolicyOptions, type RuntimeExecutionEvent, RuntimeTransportError, type SDKConfig, type STTListenOptions, type STTModel, type STTModelsResponse, STTModule, type STTProvider, type STTProvidersResponse, type STTResponse, ScopeDeniedError, ScopeGuard, StaticAuthProvider, type StaticAuthProviderOptions, type StreamChunk, type StreamChunkEvent, type SyncTokenResponse, type TTSChunk, type TTSChunkEvent, TTSModule, type TTSOptions, type TTSProvider, type TTSProviderConfig, type TTSProvidersResponse, type Task, TaskModule, type TaskRun, type Thread, type ToolCall, ToolNotFoundError, ToolProjector, ToolValidationError, type TriggerAgentPayload, type TriggerAgentResponse, type VectorDeleteOptions, type VectorDeleteResponse, type VectorQueryOptions, type VectorQueryResponse, type VectorQueryResult, type VectorRecord, VectorStore, type VectorUpsertOptions, type VectorUpsertResponse, WebhookModule, type Workspace, buildContractIdempotencyKey, buildContractSignatureMessage, canonicalEventToLegacyAction, createContractEventId, hashContractPayload, normalizeAttemptId, normalizeContractEvent, normalizeLocalAppContractV1, normalizeSchema, parseAttemptRunId, signContractEvent, toStableToolName };

package/dist/index.js

@@ -34,6 +34,7 @@ __export(index_exports, {
   ACPEventMapper: () => ACPEventMapper,
   ACPPermissionBridge: () => ACPPermissionBridge,
   ACPTelemetry: () => ACPTelemetry,
+  AcpAgentModule: () => AcpAgentModule,
   ActivitiesModule: () => ActivitiesModule,
   AgentModule: () => AgentModule,
   ApiModule: () => ApiModule,
@@ -455,6 +456,8 @@ function buildContractIdempotencyKey({
 var ContractModule = class {
   constructor(realtimexUrl, appName, appId, apiKey) {
     this.cachedContract = null;
+    this.cachedCapabilities = null;
+    this.cachedCapabilityCatalogHash = null;
     this.realtimexUrl = realtimexUrl.replace(/\/$/, "");
     this.appName = appName;
     this.appId = appId;
@@ -477,16 +480,18 @@ var ContractModule = class {
       return false;
     }
   }
-  async request(path) {
+  async request(path, options = {}) {
     const url = `${this.realtimexUrl}${path}`;
     const headers = {
-      "Content-Type": "application/json"
+      "Content-Type": "application/json",
+      ...options.headers
     };
     if (this.apiKey) headers.Authorization = `Bearer ${this.apiKey}`;
     if (this.appId) headers["x-app-id"] = this.appId;
     const response = await fetch(url, {
-      method: "GET",
-      headers
+      method: options.method || "GET",
+      headers,
+      body: options.body
     });
     const data = await response.json();
     if (response.status === 403) {
@@ -495,7 +500,7 @@ var ContractModule = class {
       const message = data.message;
       if (errorCode === "PERMISSION_REQUIRED" && permission) {
         const granted = await this.requestPermission(permission);
-        if (granted) return this.request(path);
+        if (granted) return this.request(path, options);
         throw new PermissionDeniedError(permission, message);
       }
       if (errorCode === "PERMISSION_DENIED") {
@@ -511,10 +516,89 @@ var ContractModule = class {
     if (!forceRefresh && this.cachedContract) return this.cachedContract;
     const data = await this.request("/contracts/local-app/v1");
     this.cachedContract = data.contract;
+    if (Array.isArray(data.contract?.capabilities)) {
+      this.cachedCapabilities = data.contract.capabilities;
+      this.cachedCapabilityCatalogHash = data.contract.catalog_hash || null;
+    }
     return data.contract;
   }
+  async listCapabilities(forceRefresh = false) {
+    if (!forceRefresh && this.cachedCapabilities) return this.cachedCapabilities;
+    const data = await this.request(
+      "/contracts/local-app/v1/capabilities"
+    );
+    this.cachedCapabilities = Array.isArray(data.capabilities) ? data.capabilities : [];
+    this.cachedCapabilityCatalogHash = data.catalog_hash || null;
+    return this.cachedCapabilities;
+  }
+  async searchCapabilities(query) {
+    const normalizedQuery = String(query || "").trim();
+    if (!normalizedQuery) {
+      throw new Error("searchCapabilities requires a non-empty query");
+    }
+    const encodedQuery = encodeURIComponent(normalizedQuery);
+    const data = await this.request(
+      `/contracts/local-app/v1/capabilities/search?q=${encodedQuery}`
+    );
+    return Array.isArray(data.capabilities) ? data.capabilities : [];
+  }
+  async describeCapability(capabilityId) {
+    const normalizedCapabilityId = String(capabilityId || "").trim();
+    if (!normalizedCapabilityId) {
+      throw new Error("describeCapability requires a non-empty capability id");
+    }
+    const encodedCapabilityId = encodeURIComponent(normalizedCapabilityId);
+    const data = await this.request(
+      `/contracts/local-app/v1/capabilities/${encodedCapabilityId}`
+    );
+    return data.capability;
+  }
+  // Alias for agentic contract flow naming.
+  async search(query) {
+    return this.searchCapabilities(query);
+  }
+  // Alias for agentic contract flow naming.
+  async describe(capabilityId) {
+    return this.describeCapability(capabilityId);
+  }
+  async invoke(payload) {
+    const capabilityId = String(payload?.capability_id || "").trim();
+    if (!capabilityId) {
+      throw new Error("invoke requires payload.capability_id");
+    }
+    if (payload.auto_run && (!payload.agent_name || !payload.workspace_slug)) {
+      throw new Error("auto_run requires agent_name and workspace_slug");
+    }
+    const args = payload.args && typeof payload.args === "object" && !Array.isArray(payload.args) ? { ...payload.args } : {};
+    if (!args.capability) {
+      args.capability = capabilityId;
+    }
+    return this.request("/webhooks/realtimex", {
+      method: "POST",
+      body: JSON.stringify({
+        app_name: this.appName,
+        app_id: this.appId,
+        event: "task.trigger",
+        event_id: payload.event_id || createContractEventId(),
+        attempt_id: normalizeAttemptId(payload.attempt_id),
+        payload: {
+          raw_data: args,
+          auto_run: payload.auto_run ?? false,
+          agent_name: payload.agent_name,
+          workspace_slug: payload.workspace_slug,
+          thread_slug: payload.thread_slug,
+          prompt: payload.prompt ?? ""
+        }
+      })
+    });
+  }
+  getCachedCatalogHash() {
+    return this.cachedCapabilityCatalogHash;
+  }
   clearCache() {
     this.cachedContract = null;
+    this.cachedCapabilities = null;
+    this.cachedCapabilityCatalogHash = null;
   }
 };
 
@@ -1700,6 +1784,193 @@ var AgentModule = class {
   }
 };
 
+// src/modules/acpAgent.ts
+function encodeSessionKey(sessionKey) {
+  return encodeURIComponent(sessionKey);
+}
+async function parseJsonResponse(response, fallbackError) {
+  const data = await response.json();
+  if (!response.ok) throw new Error(data.error || fallbackError);
+  return data;
+}
+var AcpAgentModule = class {
+  constructor(httpClient) {
+    this.httpClient = httpClient;
+  }
+  /** List available CLI agents. Pass includeModels to get model lists per agent. */
+  async listAgents(opts) {
+    const qs = opts?.includeModels ? "?includeModels=true" : "";
+    const response = await this.httpClient.fetch(`/sdk/acp/agents${qs}`);
+    const data = await parseJsonResponse(
+      response,
+      "Failed to list agents"
+    );
+    return data.agents;
+  }
+  /** Create and initialize a new ACP session. Spawns the CLI agent process. */
+  async createSession(options) {
+    const response = await this.httpClient.fetch("/sdk/acp/session", {
+      method: "POST",
+      body: JSON.stringify(options)
+    });
+    const data = await parseJsonResponse(
+      response,
+      "Failed to create session"
+    );
+    return data.session;
+  }
+  /** Get session status and runtime options. */
+  async getSession(sessionKey) {
+    const response = await this.httpClient.fetch(
+      `/sdk/acp/session/${encodeSessionKey(sessionKey)}`
+    );
+    const data = await parseJsonResponse(
+      response,
+      "Failed to get session"
+    );
+    return data.session;
+  }
+  /** List active ACP sessions owned by this app. */
+  async listSessions() {
+    const response = await this.httpClient.fetch("/sdk/acp/sessions");
+    const data = await parseJsonResponse(
+      response,
+      "Failed to list sessions"
+    );
+    return data.sessions;
+  }
+  /** Update runtime options (applied on next turn). */
+  async patchSession(sessionKey, patch) {
+    const response = await this.httpClient.fetch(
+      `/sdk/acp/session/${encodeSessionKey(sessionKey)}`,
+      { method: "PATCH", body: JSON.stringify(patch) }
+    );
+    await parseJsonResponse(response, "Failed to update session");
+  }
+  /** Close session and stop the agent process. */
+  async closeSession(sessionKey, reason) {
+    const response = await this.httpClient.fetch(
+      `/sdk/acp/session/${encodeSessionKey(sessionKey)}`,
+      {
+        method: "DELETE",
+        body: reason ? JSON.stringify({ reason }) : void 0
+      }
+    );
+    await parseJsonResponse(response, "Failed to close session");
+  }
+  /**
+   * Synchronous turn — waits for completion, returns full response.
+   * Requires approvalPolicy set on the session (via create or patchSession).
+   */
+  async chat(sessionKey, message, attachments) {
+    const body = { message };
+    if (attachments?.length) body.attachments = attachments;
+    const response = await this.httpClient.fetch(
+      `/sdk/acp/session/${encodeSessionKey(sessionKey)}/chat`,
+      { method: "POST", body: JSON.stringify(body) }
+    );
+    const data = await parseJsonResponse(
+      response,
+      "Chat request failed"
+    );
+    return data.response;
+  }
+  /**
+   * Streaming turn via SSE. Yields events as they arrive.
+   *
+   * Uses named SSE events (event: + data: lines). The event type comes
+   * from the `event:` line, not from inside the JSON payload.
+   *
+   * @example
+   * ```typescript
+   * for await (const event of sdk.acpAgent.streamChat(key, 'Explain this')) {
+   *   if (event.type === 'text_delta') console.log(event.data.text);
+   *   if (event.type === 'permission_request') {
+   *     await sdk.acpAgent.resolvePermission(key, {
+   *       requestId: event.data.requestId as string,
+   *       optionId: 'allow_once',
+   *     });
+   *   }
+   * }
+   * ```
+   */
+  async *streamChat(sessionKey, message, attachments) {
+    const body = { message };
+    if (attachments?.length) body.attachments = attachments;
+    const response = await this.httpClient.fetch(
+      `/sdk/acp/session/${encodeSessionKey(sessionKey)}/chat/stream`,
+      { method: "POST", body: JSON.stringify(body) }
+    );
+    if (!response.ok) {
+      const data = await response.json();
+      throw new Error(data.error || "Stream request failed");
+    }
+    if (!response.body) {
+      throw new Error("Response body is null");
+    }
+    yield* parseNamedSSEStream(response.body);
+  }
+  /** Cancel the active turn on a session. */
+  async cancelTurn(sessionKey, reason) {
+    const response = await this.httpClient.fetch(
+      `/sdk/acp/session/${encodeSessionKey(sessionKey)}/cancel`,
+      {
+        method: "POST",
+        body: reason ? JSON.stringify({ reason }) : void 0
+      }
+    );
+    await parseJsonResponse(response, "Failed to cancel turn");
+  }
+  /** Resolve a pending permission request (call while SSE stream is active). */
+  async resolvePermission(sessionKey, decision) {
+    const response = await this.httpClient.fetch(
+      `/sdk/acp/session/${encodeSessionKey(sessionKey)}/permission`,
+      { method: "POST", body: JSON.stringify(decision) }
+    );
+    return parseJsonResponse(response, "Failed to resolve permission");
+  }
+  /** Convenience: create session + first sync chat in one call. */
+  async startChat(message, options) {
+    const session = await this.createSession(options);
+    const chatResponse = await this.chat(session.session_key, message);
+    return { session, response: chatResponse };
+  }
+};
+async function* parseNamedSSEStream(body) {
+  const reader = body.getReader();
+  const decoder = new TextDecoder();
+  let buffer = "";
+  let currentEvent = "";
+  try {
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+      buffer += decoder.decode(value, { stream: true });
+      const lines = buffer.split("\n");
+      buffer = lines.pop() || "";
+      for (const line of lines) {
+        if (line.startsWith("event: ")) {
+          currentEvent = line.slice(7).trim();
+        } else if (line.startsWith("data: ")) {
+          const jsonStr = line.slice(6);
+          const eventType = currentEvent || void 0;
+          currentEvent = "";
+          if (!eventType) continue;
+          try {
+            const data = JSON.parse(jsonStr);
+            yield { type: eventType, data };
+          } catch {
+          }
+        } else if (line === "") {
+          currentEvent = "";
+        }
+      }
+    }
+  } finally {
+    reader.releaseLock();
+  }
+}
+
 // src/modules/mcp.ts
 var MCPModule = class extends ApiModule {
   constructor(realtimexUrl, appId, appName, apiKey) {
@@ -2497,6 +2768,7 @@ var ContractRuntime = class {
         tool_call_id: call.tool_call_id,
         args: call.args,
         context: {
+          app_id: context.appId,
           user_id: context.userId,
           workspace_id: context.workspaceId || null,
           request_id: context.requestId || null,
@@ -2509,7 +2781,9 @@ var ContractRuntime = class {
     }
     return {
       app_name: this.appName,
-      app_id: this.appId || context.appId,
+      // In API-key dev mode, app_id should be omitted unless explicitly configured
+      // on the runtime. Passing an unknown app_id causes webhook trigger rejection.
+      app_id: this.appId || void 0,
       event: tool.trigger.event,
       event_id: eventId,
       payload
@@ -3420,6 +3694,7 @@ var _RealtimeXSDK = class _RealtimeXSDK {
     this.tts = new TTSModule(this.realtimexUrl, this.appId, this.appName, this.apiKey);
     this.stt = new STTModule(this.realtimexUrl, this.appId, this.appName, this.apiKey);
     this.agent = new AgentModule(this.httpClient);
+    this.acpAgent = new AcpAgentModule(this.httpClient);
     this.mcp = new MCPModule(this.realtimexUrl, this.appId, this.appName, this.apiKey);
     this.contract = new ContractModule(this.realtimexUrl, this.appName, this.appId, this.apiKey);
     this.contractRuntime = new ContractRuntime({
@@ -3536,6 +3811,7 @@ var RealtimeXSDK = _RealtimeXSDK;
   ACPEventMapper,
   ACPPermissionBridge,
   ACPTelemetry,
+  AcpAgentModule,
   ActivitiesModule,
   AgentModule,
   ApiModule,

package/dist/index.mjs

@@ -363,6 +363,8 @@ function buildContractIdempotencyKey({
 var ContractModule = class {
   constructor(realtimexUrl, appName, appId, apiKey) {
     this.cachedContract = null;
+    this.cachedCapabilities = null;
+    this.cachedCapabilityCatalogHash = null;
     this.realtimexUrl = realtimexUrl.replace(/\/$/, "");
     this.appName = appName;
     this.appId = appId;
@@ -385,16 +387,18 @@ var ContractModule = class {
       return false;
     }
   }
-  async request(path) {
+  async request(path, options = {}) {
     const url = `${this.realtimexUrl}${path}`;
     const headers = {
-      "Content-Type": "application/json"
+      "Content-Type": "application/json",
+      ...options.headers
     };
     if (this.apiKey) headers.Authorization = `Bearer ${this.apiKey}`;
     if (this.appId) headers["x-app-id"] = this.appId;
     const response = await fetch(url, {
-      method: "GET",
-      headers
+      method: options.method || "GET",
+      headers,
+      body: options.body
     });
     const data = await response.json();
     if (response.status === 403) {
@@ -403,7 +407,7 @@ var ContractModule = class {
       const message = data.message;
       if (errorCode === "PERMISSION_REQUIRED" && permission) {
         const granted = await this.requestPermission(permission);
-        if (granted) return this.request(path);
+        if (granted) return this.request(path, options);
         throw new PermissionDeniedError(permission, message);
       }
       if (errorCode === "PERMISSION_DENIED") {
@@ -419,10 +423,89 @@ var ContractModule = class {
     if (!forceRefresh && this.cachedContract) return this.cachedContract;
     const data = await this.request("/contracts/local-app/v1");
     this.cachedContract = data.contract;
+    if (Array.isArray(data.contract?.capabilities)) {
+      this.cachedCapabilities = data.contract.capabilities;
+      this.cachedCapabilityCatalogHash = data.contract.catalog_hash || null;
+    }
     return data.contract;
   }
+  async listCapabilities(forceRefresh = false) {
+    if (!forceRefresh && this.cachedCapabilities) return this.cachedCapabilities;
+    const data = await this.request(
+      "/contracts/local-app/v1/capabilities"
+    );
+    this.cachedCapabilities = Array.isArray(data.capabilities) ? data.capabilities : [];
+    this.cachedCapabilityCatalogHash = data.catalog_hash || null;
+    return this.cachedCapabilities;
+  }
+  async searchCapabilities(query) {
+    const normalizedQuery = String(query || "").trim();
+    if (!normalizedQuery) {
+      throw new Error("searchCapabilities requires a non-empty query");
+    }
+    const encodedQuery = encodeURIComponent(normalizedQuery);
+    const data = await this.request(
+      `/contracts/local-app/v1/capabilities/search?q=${encodedQuery}`
+    );
+    return Array.isArray(data.capabilities) ? data.capabilities : [];
+  }
+  async describeCapability(capabilityId) {
+    const normalizedCapabilityId = String(capabilityId || "").trim();
+    if (!normalizedCapabilityId) {
+      throw new Error("describeCapability requires a non-empty capability id");
+    }
+    const encodedCapabilityId = encodeURIComponent(normalizedCapabilityId);
+    const data = await this.request(
+      `/contracts/local-app/v1/capabilities/${encodedCapabilityId}`
+    );
+    return data.capability;
+  }
+  // Alias for agentic contract flow naming.
+  async search(query) {
+    return this.searchCapabilities(query);
+  }
+  // Alias for agentic contract flow naming.
+  async describe(capabilityId) {
+    return this.describeCapability(capabilityId);
+  }
+  async invoke(payload) {
+    const capabilityId = String(payload?.capability_id || "").trim();
+    if (!capabilityId) {
+      throw new Error("invoke requires payload.capability_id");
+    }
+    if (payload.auto_run && (!payload.agent_name || !payload.workspace_slug)) {
+      throw new Error("auto_run requires agent_name and workspace_slug");
+    }
+    const args = payload.args && typeof payload.args === "object" && !Array.isArray(payload.args) ? { ...payload.args } : {};
+    if (!args.capability) {
+      args.capability = capabilityId;
+    }
+    return this.request("/webhooks/realtimex", {
+      method: "POST",
+      body: JSON.stringify({
+        app_name: this.appName,
+        app_id: this.appId,
+        event: "task.trigger",
+        event_id: payload.event_id || createContractEventId(),
+        attempt_id: normalizeAttemptId(payload.attempt_id),
+        payload: {
+          raw_data: args,
+          auto_run: payload.auto_run ?? false,
+          agent_name: payload.agent_name,
+          workspace_slug: payload.workspace_slug,
+          thread_slug: payload.thread_slug,
+          prompt: payload.prompt ?? ""
+        }
+      })
+    });
+  }
+  getCachedCatalogHash() {
+    return this.cachedCapabilityCatalogHash;
+  }
   clearCache() {
     this.cachedContract = null;
+    this.cachedCapabilities = null;
+    this.cachedCapabilityCatalogHash = null;
   }
 };
 
@@ -1608,6 +1691,193 @@ var AgentModule = class {
   }
 };
 
+// src/modules/acpAgent.ts
+function encodeSessionKey(sessionKey) {
+  return encodeURIComponent(sessionKey);
+}
+async function parseJsonResponse(response, fallbackError) {
+  const data = await response.json();
+  if (!response.ok) throw new Error(data.error || fallbackError);
+  return data;
+}
+var AcpAgentModule = class {
+  constructor(httpClient) {
+    this.httpClient = httpClient;
+  }
+  /** List available CLI agents. Pass includeModels to get model lists per agent. */
+  async listAgents(opts) {
+    const qs = opts?.includeModels ? "?includeModels=true" : "";
+    const response = await this.httpClient.fetch(`/sdk/acp/agents${qs}`);
+    const data = await parseJsonResponse(
+      response,
+      "Failed to list agents"
+    );
+    return data.agents;
+  }
+  /** Create and initialize a new ACP session. Spawns the CLI agent process. */
+  async createSession(options) {
+    const response = await this.httpClient.fetch("/sdk/acp/session", {
+      method: "POST",
+      body: JSON.stringify(options)
+    });
+    const data = await parseJsonResponse(
+      response,
+      "Failed to create session"
+    );
+    return data.session;
+  }
+  /** Get session status and runtime options. */
+  async getSession(sessionKey) {
+    const response = await this.httpClient.fetch(
+      `/sdk/acp/session/${encodeSessionKey(sessionKey)}`
+    );
+    const data = await parseJsonResponse(
+      response,
+      "Failed to get session"
+    );
+    return data.session;
+  }
+  /** List active ACP sessions owned by this app. */
+  async listSessions() {
+    const response = await this.httpClient.fetch("/sdk/acp/sessions");
+    const data = await parseJsonResponse(
+      response,
+      "Failed to list sessions"
+    );
+    return data.sessions;
+  }
+  /** Update runtime options (applied on next turn). */
+  async patchSession(sessionKey, patch) {
+    const response = await this.httpClient.fetch(
+      `/sdk/acp/session/${encodeSessionKey(sessionKey)}`,
+      { method: "PATCH", body: JSON.stringify(patch) }
+    );
+    await parseJsonResponse(response, "Failed to update session");
+  }
+  /** Close session and stop the agent process. */
+  async closeSession(sessionKey, reason) {
+    const response = await this.httpClient.fetch(
+      `/sdk/acp/session/${encodeSessionKey(sessionKey)}`,
+      {
+        method: "DELETE",
+        body: reason ? JSON.stringify({ reason }) : void 0
+      }
+    );
+    await parseJsonResponse(response, "Failed to close session");
+  }
+  /**
+   * Synchronous turn — waits for completion, returns full response.
+   * Requires approvalPolicy set on the session (via create or patchSession).
+   */
+  async chat(sessionKey, message, attachments) {
+    const body = { message };
+    if (attachments?.length) body.attachments = attachments;
+    const response = await this.httpClient.fetch(
+      `/sdk/acp/session/${encodeSessionKey(sessionKey)}/chat`,
+      { method: "POST", body: JSON.stringify(body) }
+    );
+    const data = await parseJsonResponse(
+      response,
+      "Chat request failed"
+    );
+    return data.response;
+  }
+  /**
+   * Streaming turn via SSE. Yields events as they arrive.
+   *
+   * Uses named SSE events (event: + data: lines). The event type comes
+   * from the `event:` line, not from inside the JSON payload.
+   *
+   * @example
+   * ```typescript
+   * for await (const event of sdk.acpAgent.streamChat(key, 'Explain this')) {
+   *   if (event.type === 'text_delta') console.log(event.data.text);
+   *   if (event.type === 'permission_request') {
+   *     await sdk.acpAgent.resolvePermission(key, {
+   *       requestId: event.data.requestId as string,
+   *       optionId: 'allow_once',
+   *     });
+   *   }
+   * }
+   * ```
+   */
+  async *streamChat(sessionKey, message, attachments) {
+    const body = { message };
+    if (attachments?.length) body.attachments = attachments;
+    const response = await this.httpClient.fetch(
+      `/sdk/acp/session/${encodeSessionKey(sessionKey)}/chat/stream`,
+      { method: "POST", body: JSON.stringify(body) }
+    );
+    if (!response.ok) {
+      const data = await response.json();
+      throw new Error(data.error || "Stream request failed");
+    }
+    if (!response.body) {
+      throw new Error("Response body is null");
+    }
+    yield* parseNamedSSEStream(response.body);
+  }
+  /** Cancel the active turn on a session. */
+  async cancelTurn(sessionKey, reason) {
+    const response = await this.httpClient.fetch(
+      `/sdk/acp/session/${encodeSessionKey(sessionKey)}/cancel`,
+      {
+        method: "POST",
+        body: reason ? JSON.stringify({ reason }) : void 0
+      }
+    );
+    await parseJsonResponse(response, "Failed to cancel turn");
+  }
+  /** Resolve a pending permission request (call while SSE stream is active). */
+  async resolvePermission(sessionKey, decision) {
+    const response = await this.httpClient.fetch(
+      `/sdk/acp/session/${encodeSessionKey(sessionKey)}/permission`,
+      { method: "POST", body: JSON.stringify(decision) }
+    );
+    return parseJsonResponse(response, "Failed to resolve permission");
+  }
+  /** Convenience: create session + first sync chat in one call. */
+  async startChat(message, options) {
+    const session = await this.createSession(options);
+    const chatResponse = await this.chat(session.session_key, message);
+    return { session, response: chatResponse };
+  }
+};
+async function* parseNamedSSEStream(body) {
+  const reader = body.getReader();
+  const decoder = new TextDecoder();
+  let buffer = "";
+  let currentEvent = "";
+  try {
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+      buffer += decoder.decode(value, { stream: true });
+      const lines = buffer.split("\n");
+      buffer = lines.pop() || "";
+      for (const line of lines) {
+        if (line.startsWith("event: ")) {
+          currentEvent = line.slice(7).trim();
+        } else if (line.startsWith("data: ")) {
+          const jsonStr = line.slice(6);
+          const eventType = currentEvent || void 0;
+          currentEvent = "";
+          if (!eventType) continue;
+          try {
+            const data = JSON.parse(jsonStr);
+            yield { type: eventType, data };
+          } catch {
+          }
+        } else if (line === "") {
+          currentEvent = "";
+        }
+      }
+    }
+  } finally {
+    reader.releaseLock();
+  }
+}
+
 // src/modules/mcp.ts
 var MCPModule = class extends ApiModule {
   constructor(realtimexUrl, appId, appName, apiKey) {
@@ -2405,6 +2675,7 @@ var ContractRuntime = class {
         tool_call_id: call.tool_call_id,
         args: call.args,
         context: {
+          app_id: context.appId,
           user_id: context.userId,
           workspace_id: context.workspaceId || null,
           request_id: context.requestId || null,
@@ -2417,7 +2688,9 @@ var ContractRuntime = class {
     }
     return {
       app_name: this.appName,
-      app_id: this.appId || context.appId,
+      // In API-key dev mode, app_id should be omitted unless explicitly configured
+      // on the runtime. Passing an unknown app_id causes webhook trigger rejection.
+      app_id: this.appId || void 0,
       event: tool.trigger.event,
       event_id: eventId,
       payload
@@ -3328,6 +3601,7 @@ var _RealtimeXSDK = class _RealtimeXSDK {
     this.tts = new TTSModule(this.realtimexUrl, this.appId, this.appName, this.apiKey);
     this.stt = new STTModule(this.realtimexUrl, this.appId, this.appName, this.apiKey);
     this.agent = new AgentModule(this.httpClient);
+    this.acpAgent = new AcpAgentModule(this.httpClient);
     this.mcp = new MCPModule(this.realtimexUrl, this.appId, this.appName, this.apiKey);
     this.contract = new ContractModule(this.realtimexUrl, this.appName, this.appId, this.apiKey);
     this.contractRuntime = new ContractRuntime({
@@ -3443,6 +3717,7 @@ export {
   ACPEventMapper,
   ACPPermissionBridge,
   ACPTelemetry,
+  AcpAgentModule,
   ActivitiesModule,
   AgentModule,
   ApiModule,

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@realtimex/sdk",
-    "version": "1.3.6",
+    "version": "1.4.0",
     "description": "SDK for building Local Apps that integrate with RealtimeX",
     "main": "dist/index.js",
     "module": "dist/index.mjs",