npm - @run402/sdk - Versions diffs - 2.39.4 → 2.41.0 - Mend

@run402/sdk 2.39.4 → 2.41.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (37) hide show

package/README.md +1 -1
package/core-dist/control-plane-session.d.ts +53 -0
package/core-dist/control-plane-session.js +114 -0
package/dist/control-plane-credentials.d.ts +45 -0
package/dist/control-plane-credentials.d.ts.map +1 -0
package/dist/control-plane-credentials.js +57 -0
package/dist/control-plane-credentials.js.map +1 -0
package/dist/errors.d.ts +31 -1
package/dist/errors.d.ts.map +1 -1
package/dist/errors.js +59 -0
package/dist/errors.js.map +1 -1
package/dist/index.d.ts +6 -2
package/dist/index.d.ts.map +1 -1
package/dist/index.js +4 -2
package/dist/index.js.map +1 -1
package/dist/kernel.d.ts.map +1 -1
package/dist/kernel.js +4 -1
package/dist/kernel.js.map +1 -1
package/dist/namespaces/operator-session.d.ts +223 -0
package/dist/namespaces/operator-session.d.ts.map +1 -0
package/dist/namespaces/operator-session.js +230 -0
package/dist/namespaces/operator-session.js.map +1 -0
package/dist/namespaces/operator.d.ts +63 -0
package/dist/namespaces/operator.d.ts.map +1 -1
package/dist/namespaces/operator.js +51 -0
package/dist/namespaces/operator.js.map +1 -1
package/dist/namespaces/org.d.ts +55 -23
package/dist/namespaces/org.d.ts.map +1 -1
package/dist/namespaces/org.js +117 -52
package/dist/namespaces/org.js.map +1 -1
package/dist/namespaces/org.types.d.ts +37 -1
package/dist/namespaces/org.types.d.ts.map +1 -1
package/dist/namespaces/transfers.d.ts +58 -0
package/dist/namespaces/transfers.d.ts.map +1 -1
package/dist/namespaces/transfers.js +40 -0
package/dist/namespaces/transfers.js.map +1 -1
package/package.json +1 -1

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,WAAW,EAAkC,MAAM,aAAa,CAAC;AAE1E,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAEhD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAezC,MAAM,OAAO,MAAM;IACR,QAAQ,CAAW;IACnB,MAAM,CAAS;IACf,SAAS,CAAY;IACrB,OAAO,CAAU;IACjB,KAAK,CAAQ;IACb,UAAU,CAAa;IACvB,OAAO,CAAU;IACjB,KAAK,CAAQ;IACb,OAAO,CAAU;IACjB,IAAI,CAAO;IACX,SAAS,CAAY;IACrB,EAAE,CAAK;IACP,KAAK,CAAM;IACX,IAAI,CAAO;IACX,YAAY,CAAe;IAC3B,OAAO,CAAU;IACjB,OAAO,CAAU;IACjB,IAAI,CAAO;IACX,KAAK,CAAQ;IACb,SAAS,CAAY;IACrB,KAAK,CAAQ;IACtB;;;;;;OAMG;IACM,YAAY,CAAS;IACrB,EAAE,CAAK;IACP,IAAI,CAAO;IACpB;;;OAGG;IACM,QAAQ,CAAW;IAC5B;;;;;OAKG;IACM,GAAG,CAAM;IAClB;;;OAGG;IACM,MAAM,CAAS;IAEf,OAAO,CAAS;IAEzB,YAAY,IAAmB;QAC7B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,IAAI,UAAU,CAClB,mCAAmC,EACnC,qBAAqB,CACtB,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YACtD,MAAM,IAAI,UAAU,CAClB,mDAAmD,EACnD,qBAAqB,CACtB,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,UAAU,CAClB,gKAAgK,EAChK,qBAAqB,CACtB,CAAC;QACJ,CAAC;QACD,IACE,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,KAAK,UAAU;YAC9C,OAAO,IAAI,CAAC,WAAW,CAAC,UAAU,KAAK,UAAU,EACjD,CAAC;YACD,MAAM,IAAI,UAAU,CAClB,+EAA+E,EAC/E,qBAAqB,CACtB,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAiB;YAC3B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC;YACtD,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B,CAAC;QACF,MAAM,MAAM,GAAW,WAAW,CAAC,MAAM,CAAC,CAAC;QAC3C,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC;QACjC,IAAI,CAAC,SAAS,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;QACzC,IAAI,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC;QACzB,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,OAAO,EAAE;YACnC,KAAK,EAAE,IAAI,CAAC,EAAE;YACd,UAAU,EAAE,KAAK;SAClB,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,SAAS,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,YAAY,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC;QACzB,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QAC3B,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACH,KAAK,CAAC,OAAO,CAAC,EAAW;QACvB,IAAI,UAAU,GAAG,EAAE,CAAC;QACpB,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC;YACzD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,UAAU,CAClB,yIAAyI,EACzI,2BAA2B,CAC5B,CAAC;YACJ,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;YAC3D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,UAAU,CAClB,yIAAyI,EACzI,2BAA2B,CAC5B,CAAC;YACJ,CAAC;YACD,UAAU,GAAG,MAAM,CAAC;QACtB,CAAC;QACD,OAAO,IAAI,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAC1D,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,UAAU,CAAC,EAAU;QACzB,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC1B,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,MAAM;QACV,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC;QACvC,MAAM,QAAQ,GAAG,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC5F,IAAI,OAAO,GAAG,QAAQ,EAAE,OAAO,IAAI,IAAI,CAAC;QACxC,IAAI,OAAO,IAAI,IAAI,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;YAC3C,OAAO,GAAG,CAAC,MAAM,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,IAAI,IAAI,CAAC;QACrE,CAAC;QACD,MAAM,aAAa,GAAG,KAAK,CAAC,gBAAgB;YAC1C,CAAC,CAAC,MAAM,KAAK,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC;YAC1C,CAAC,CAAC,IAAI,CAAC;QACT,OAAO;YACL,WAAW,EAAE,QAAQ,EAAE,IAAI,IAAI,IAAI;YACnC,YAAY,EAAE,QAAQ,EAAE,KAAK,IAAI,IAAI;YACrC,OAAO;YACP,aAAa,EAAE,aAAa,IAAI,IAAI;SACrC,CAAC;IACJ,CAAC;CACF;AAcD;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,KAAK,CAAC,MAAqC;IACzD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,MAAM,CAAC,IAAmB;IACxC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,OAAO,EACL,WAAW,EACX,eAAe,EACf,eAAe,EACf,YAAY,EACZ,kBAAkB,EAClB,QAAQ,EACR,YAAY,EACZ,UAAU,EACV,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,eAAe,EACf,UAAU,EACV,cAAc,EACd,YAAY,EACZ,aAAa,EACb,qBAAqB,EACrB,sBAAsB,EACtB,aAAa,GACd,MAAM,aAAa,CAAC;AAOrB,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAIvC,OAAO,EACL,sBAAsB,EACtB,0BAA0B,EAC1B,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EACL,8BAA8B,EAC9B,kBAAkB,EAClB,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,6BAA6B,EAC7B,+BAA+B,EAC/B,qBAAqB,GACtB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,EAAE,EACF,WAAW,EACX,wBAAwB,EACxB,0BAA0B,EAC1B,8BAA8B,EAC9B,qBAAqB,EACrB,4BAA4B,EAC5B,sBAAsB,EACtB,4BAA4B,EAC5B,0BAA0B,EAC1B,sBAAsB,EACtB,2BAA2B,EAC3B,eAAe,EACf,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG3C,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAiBtD,OAAO,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAC;~~AAE1C~~,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,WAAW,EAAkC,MAAM,aAAa,CAAC;AAE1E,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAC7D,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtD,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AAC5C,OAAO,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACpD,OAAO,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAEhD,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAezC,MAAM,OAAO,MAAM;IACR,QAAQ,CAAW;IACnB,MAAM,CAAS;IACf,SAAS,CAAY;IACrB,OAAO,CAAU;IACjB,KAAK,CAAQ;IACb,UAAU,CAAa;IACvB,OAAO,CAAU;IACjB,KAAK,CAAQ;IACb,OAAO,CAAU;IACjB,IAAI,CAAO;IACX,SAAS,CAAY;IACrB,EAAE,CAAK;IACP,KAAK,CAAM;IACX,IAAI,CAAO;IACX,YAAY,CAAe;IAC3B,OAAO,CAAU;IACjB,OAAO,CAAU;IACjB,IAAI,CAAO;IACX,KAAK,CAAQ;IACb,SAAS,CAAY;IACrB,KAAK,CAAQ;IACtB;;;;;;OAMG;IACM,YAAY,CAAS;IACrB,EAAE,CAAK;IACP,IAAI,CAAO;IACpB;;;OAGG;IACM,QAAQ,CAAW;IAC5B;;;;;OAKG;IACM,GAAG,CAAM;IAClB;;;OAGG;IACM,MAAM,CAAS;IAEf,OAAO,CAAS;IAEzB,YAAY,IAAmB;QAC7B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,IAAI,UAAU,CAClB,mCAAmC,EACnC,qBAAqB,CACtB,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YACtD,MAAM,IAAI,UAAU,CAClB,mDAAmD,EACnD,qBAAqB,CACtB,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,UAAU,CAClB,gKAAgK,EAChK,qBAAqB,CACtB,CAAC;QACJ,CAAC;QACD,IACE,OAAO,IAAI,CAAC,WAAW,CAAC,OAAO,KAAK,UAAU;YAC9C,OAAO,IAAI,CAAC,WAAW,CAAC,UAAU,KAAK,UAAU,EACjD,CAAC;YACD,MAAM,IAAI,UAAU,CAClB,+EAA+E,EAC/E,qBAAqB,CACtB,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAiB;YAC3B,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC;YACtD,WAAW,EAAE,IAAI,CAAC,WAAW;SAC9B,CAAC;QACF,MAAM,MAAM,GAAW,WAAW,CAAC,MAAM,CAAC,CAAC;QAC3C,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC;QACjC,IAAI,CAAC,SAAS,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;QACzC,IAAI,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,SAAS,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC;QACzB,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,OAAO,EAAE;YACnC,KAAK,EAAE,IAAI,CAAC,EAAE;YACd,UAAU,EAAE,KAAK;SAClB,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,CAAC,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,SAAS,GAAG,IAAI,SAAS,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,YAAY,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC,MAAM,CAAC,CAAC;QACzB,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7B,IAAI,CAAC,QAAQ,GAAG,IAAI,QAAQ,CAAC,MAAM,CAAC,CAAC;QACrC,IAAI,CAAC,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC;QAC3B,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACH,KAAK,CAAC,OAAO,CAAC,EAAW;QACvB,IAAI,UAAU,GAAG,EAAE,CAAC;QACpB,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,gBAAgB,CAAC;YACzD,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,UAAU,CAClB,yIAAyI,EACzI,2BAA2B,CAC5B,CAAC;YACJ,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;YAC3D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,UAAU,CAClB,yIAAyI,EACzI,2BAA2B,CAC5B,CAAC;YACJ,CAAC;YACD,UAAU,GAAG,MAAM,CAAC;QACtB,CAAC;QACD,OAAO,IAAI,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAC1D,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,UAAU,CAAC,EAAU;QACzB,MAAM,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAC1B,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,MAAM;QACV,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC;QACvC,MAAM,QAAQ,GAAG,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QAC5F,IAAI,OAAO,GAAG,QAAQ,EAAE,OAAO,IAAI,IAAI,CAAC;QACxC,IAAI,OAAO,IAAI,IAAI,IAAI,KAAK,CAAC,aAAa,EAAE,CAAC;YAC3C,OAAO,GAAG,CAAC,MAAM,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,IAAI,IAAI,CAAC;QACrE,CAAC;QACD,MAAM,aAAa,GAAG,KAAK,CAAC,gBAAgB;YAC1C,CAAC,CAAC,MAAM,KAAK,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC;YAC1C,CAAC,CAAC,IAAI,CAAC;QACT,OAAO;YACL,WAAW,EAAE,QAAQ,EAAE,IAAI,IAAI,IAAI;YACnC,YAAY,EAAE,QAAQ,EAAE,KAAK,IAAI,IAAI;YACrC,OAAO;YACP,aAAa,EAAE,aAAa,IAAI,IAAI;SACrC,CAAC;IACJ,CAAC;CACF;AAcD;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,KAAK,CAAC,MAAqC;IACzD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,MAAM,CAAC,IAAmB;IACxC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,OAAO,EACL,WAAW,EACX,eAAe,EACf,eAAe,EACf,YAAY,EACZ,kBAAkB,EAClB,QAAQ,EACR,YAAY,EACZ,UAAU,EACV,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,EACnB,aAAa,EACb,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,eAAe,EACf,UAAU,EACV,cAAc,EACd,YAAY,EACZ,aAAa,EACb,qBAAqB,EACrB,gBAAgB,EAChB,sBAAsB,EACtB,aAAa,GACd,MAAM,aAAa,CAAC;AAOrB,OAAO,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAIvC,OAAO,EACL,sBAAsB,EACtB,0BAA0B,EAC1B,wBAAwB,EACxB,sBAAsB,GACvB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,iCAAiC,EACjC,8BAA8B,EAC9B,gCAAgC,GACjC,MAAM,gCAAgC,CAAC;AAExC,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAChD,OAAO,EACL,8BAA8B,EAC9B,kBAAkB,EAClB,yBAAyB,EACzB,uBAAuB,EACvB,wBAAwB,EACxB,6BAA6B,EAC7B,+BAA+B,EAC/B,qBAAqB,GACtB,MAAM,8BAA8B,CAAC;AACtC,OAAO,EACL,EAAE,EACF,WAAW,EACX,wBAAwB,EACxB,0BAA0B,EAC1B,8BAA8B,EAC9B,qBAAqB,EACrB,4BAA4B,EAC5B,sBAAsB,EACtB,4BAA4B,EAC5B,0BAA0B,EAC1B,sBAAsB,EACtB,2BAA2B,EAC3B,eAAe,EACf,oBAAoB,EACpB,sBAAsB,GACvB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG3C,OAAO,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAiBtD,OAAO,EAAE,eAAe,EAAE,MAAM,kCAAkC,CAAC;AAEnE,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAElE,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC"}

package/dist/kernel.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"kernel.d.ts","sourceRoot":"","sources":["../src/kernel.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;~~AAUH~~,OAAO,KAAK,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAEzE,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAC/B,WAAW,EAAE,mBAAmB,CAAC;CAClC;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,2FAA2F;IAC3F,OAAO,CAAC,EAAE,MAAM,GAAG,UAAU,CAAC;IAC9B,kFAAkF;IAClF,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,iFAAiF;IACjF,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB,CAAC,CAAC,GAAG,OAAO;IAC3C,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,CAAC,CAAC;CACT;AAED,wDAAwD;AACxD,MAAM,WAAW,MAAM;IACrB,mIAAmI;IACnI,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IAC3D,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;IACzF,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IACpD,gIAAgI;IAChI,QAAQ,CAAC,WAAW,EAAE,mBAAmB,CAAC;IAC1C;;;;OAIG;IACH,QAAQ,CAAC,KAAK,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;CACzC;AAED,wBAAsB,OAAO,CAAC,CAAC,EAC7B,MAAM,EAAE,YAAY,EACpB,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,cAAc,GACnB,OAAO,CAAC,CAAC,CAAC,CAEZ;AAED,wBAAsB,mBAAmB,CAAC,CAAC,EACzC,MAAM,EAAE,YAAY,EACpB,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,cAAc,GACnB,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,~~CA6F9B~~;AAiBD,wBAAgB,WAAW,CAAC,MAAM,EAAE,YAAY,GAAG,MAAM,CAUxD"}
1	+ {"version":3,"file":"kernel.d.ts","sourceRoot":"","sources":["../src/kernel.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAWH,OAAO,KAAK,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAEzE,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;IAC/B,WAAW,EAAE,mBAAmB,CAAC;CAClC;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,2FAA2F;IAC3F,OAAO,CAAC,EAAE,MAAM,GAAG,UAAU,CAAC;IAC9B,kFAAkF;IAClF,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,iFAAiF;IACjF,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB,CAAC,CAAC,GAAG,OAAO;IAC3C,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,CAAC,CAAC;CACT;AAED,wDAAwD;AACxD,MAAM,WAAW,MAAM;IACrB,mIAAmI;IACnI,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IAC3D,mBAAmB,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC;IACzF,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IACpD,gIAAgI;IAChI,QAAQ,CAAC,WAAW,EAAE,mBAAmB,CAAC;IAC1C;;;;OAIG;IACH,QAAQ,CAAC,KAAK,EAAE,OAAO,UAAU,CAAC,KAAK,CAAC;CACzC;AAED,wBAAsB,OAAO,CAAC,CAAC,EAC7B,MAAM,EAAE,YAAY,EACpB,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,cAAc,GACnB,OAAO,CAAC,CAAC,CAAC,CAEZ;AAED,wBAAsB,mBAAmB,CAAC,CAAC,EACzC,MAAM,EAAE,YAAY,EACpB,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,cAAc,GACnB,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAqG9B;AAiBD,wBAAgB,WAAW,CAAC,MAAM,EAAE,YAAY,GAAG,MAAM,CAUxD"}

package/dist/kernel.js CHANGED Viewed

@@ -10,7 +10,7 @@
  * or a response-shaped error value — they either get the parsed body as T
  * or an exception.
  */
-import { ApiError, NetworkError, NotAuthorizedError, PaymentRequired, TransferFreezeError, Unauthorized, } from "./errors.js";
+import { ApiError, NetworkError, NotAuthorizedError, PaymentRequired, StepUpRequiredError, TransferFreezeError, Unauthorized, } from "./errors.js";
 export async function request(kernel, path, opts) {
     return (await requestWithResponse(kernel, path, opts)).body;
 }
@@ -62,6 +62,9 @@ export async function requestWithResponse(kernel, path, opts) {
     if (res.status === 402) {
         throw new PaymentRequired(`${displayMessage(resBody, "Payment required")} while ${context}`, 402, resBody, context);
     }
+    if (res.status === 403 && envelopeCode(resBody) === "STEP_UP_REQUIRED") {
+        throw new StepUpRequiredError(`${displayMessage(resBody, "Step-up authentication required")} while ${context}`, res.status, resBody, context);
+    }
     if (res.status === 403 && envelopeCode(resBody) === "NOT_AUTHORIZED") {
         // Org-owned control-plane denial (gateway v1.77+): authenticated but lacks
         // the required org membership/role or per-project grant. Distinct from a

package/dist/kernel.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"kernel.js","sourceRoot":"","sources":["../src/kernel.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,QAAQ,EACR,YAAY,EACZ,kBAAkB,EAClB,eAAe,EACf,mBAAmB,EACnB,YAAY,GACb,MAAM,aAAa,CAAC;AA2CrB,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,MAAoB,EACpB,IAAY,EACZ,IAAoB;IAEpB,OAAO,CAAC,MAAM,mBAAmB,CAAI,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;AACjE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAoB,EACpB,IAAY,EACZ,IAAoB;IAEpB,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,MAAM,CAAC;IAC/C,MAAM,EAAE,MAAM,GAAG,KAAK,EAAE,OAAO,GAAG,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACvF,MAAM,GAAG,GAAG,GAAG,OAAO,GAAG,IAAI,EAAE,CAAC;IAEhC,MAAM,YAAY,GAA2B,EAAE,GAAG,OAAO,EAAE,CAAC;IAE5D,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,IAAI,EAAE,CAAC;YACT,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1C,IAAI,CAAC,CAAC,CAAC,IAAI,YAAY,CAAC;oBAAE,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,SAA0C,CAAC;IAC/C,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,SAAS,GAAG,OAAO,CAAC;IACtB,CAAC;SAAM,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QAC9B,IAAI,CAAC,CAAC,cAAc,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,cAAc,IAAI,YAAY,CAAC,EAAE,CAAC;YAC3E,YAAY,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;QACpD,CAAC;QACD,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;IAED,IAAI,GAAa,CAAC;IAClB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YACrB,MAAM;YACN,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,SAAiC;SACxC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,YAAY,CACpB,uBAAuB,OAAO,KAAM,GAAa,CAAC,OAAO,EAAE,EAC3D,GAAG,EACH,OAAO,CACR,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;IACjD,IAAI,OAAgB,CAAC;IACrB,IAAI,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACpC,OAAO,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IAC/C,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;IAC7B,CAAC;IAED,IAAI,GAAG,CAAC,EAAE;QAAE,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,OAAY,EAAE,CAAC;IAE9D,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QACvB,MAAM,IAAI,eAAe,CACvB,GAAG,cAAc,CAAC,OAAO,EAAE,kBAAkB,CAAC,UAAU,OAAO,EAAE,EACjE,GAAG,EACH,OAAO,EACP,OAAO,CACR,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,YAAY,CAAC,OAAO,CAAC,KAAK,gBAAgB,EAAE,CAAC;QACrE,2EAA2E;QAC3E,yEAAyE;QACzE,2EAA2E;QAC3E,MAAM,IAAI,kBAAkB,CAC1B,GAAG,cAAc,CAAC,OAAO,EAAE,gBAAgB,CAAC,UAAU,OAAO,UAAU,GAAG,CAAC,MAAM,GAAG,EACpF,GAAG,CAAC,MAAM,EACV,OAAO,EACP,OAAO,CACR,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC7C,MAAM,IAAI,YAAY,CACpB,GAAG,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,UAAU,OAAO,UAAU,GAAG,CAAC,MAAM,GAAG,EAClF,GAAG,CAAC,MAAM,EACV,OAAO,EACP,OAAO,CACR,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,YAAY,CAAC,OAAO,CAAC,KAAK,8BAA8B,EAAE,CAAC;QACnF,MAAM,IAAI,mBAAmB,CAC3B,GAAG,cAAc,CAAC,OAAO,EAAE,gCAAgC,CAAC,UAAU,OAAO,EAAE,EAC/E,GAAG,CAAC,MAAM,EACV,OAAO,EACP,OAAO,CACR,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,QAAQ,CAChB,GAAG,cAAc,CAAC,OAAO,EAAE,WAAW,CAAC,UAAU,OAAO,UAAU,GAAG,CAAC,MAAM,GAAG,EAC/E,GAAG,CAAC,MAAM,EACV,OAAO,EACP,OAAO,CACR,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,IAAa,EAAE,QAAgB;IACrD,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7D,MAAM,GAAG,GAAG,IAA+B,CAAC;QAC5C,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,GAAG,CAAC,OAAO,CAAC;QAClF,IAAI,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,GAAG,CAAC,KAAK,CAAC;IAC9E,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,YAAY,CAAC,IAAa;IACjC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAC1E,MAAM,IAAI,GAAI,IAAgC,CAAC,IAAI,CAAC;IACpD,OAAO,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,MAAoB;IAC9C,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,OAAO,EAAE,CAAI,IAAY,EAAE,IAAoB,EAAE,EAAE,CAAC,OAAO,CAAI,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC;QAClF,mBAAmB,EAAE,CAAI,IAAY,EAAE,IAAoB,EAAE,EAAE,CAC7D,mBAAmB,CAAI,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC;QAC5C,UAAU,EAAE,CAAC,EAAU,EAAE,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;QAC7D,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,KAAK,EAAE,MAAM,CAAC,KAAK;KACpB,CAAC;AACJ,CAAC"}
1	+ {"version":3,"file":"kernel.js","sourceRoot":"","sources":["../src/kernel.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EACL,QAAQ,EACR,YAAY,EACZ,kBAAkB,EAClB,eAAe,EACf,mBAAmB,EACnB,mBAAmB,EACnB,YAAY,GACb,MAAM,aAAa,CAAC;AA2CrB,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,MAAoB,EACpB,IAAY,EACZ,IAAoB;IAEpB,OAAO,CAAC,MAAM,mBAAmB,CAAI,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;AACjE,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,MAAoB,EACpB,IAAY,EACZ,IAAoB;IAEpB,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,MAAM,CAAC;IAC/C,MAAM,EAAE,MAAM,GAAG,KAAK,EAAE,OAAO,GAAG,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,QAAQ,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACvF,MAAM,GAAG,GAAG,GAAG,OAAO,GAAG,IAAI,EAAE,CAAC;IAEhC,MAAM,YAAY,GAA2B,EAAE,GAAG,OAAO,EAAE,CAAC;IAE5D,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,IAAI,EAAE,CAAC;YACT,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC1C,IAAI,CAAC,CAAC,CAAC,IAAI,YAAY,CAAC;oBAAE,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;YAChD,CAAC;QACH,CAAC;IACH,CAAC;IAED,IAAI,SAA0C,CAAC;IAC/C,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;QAC1B,SAAS,GAAG,OAAO,CAAC;IACtB,CAAC;SAAM,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QAC9B,IAAI,CAAC,CAAC,cAAc,IAAI,YAAY,CAAC,IAAI,CAAC,CAAC,cAAc,IAAI,YAAY,CAAC,EAAE,CAAC;YAC3E,YAAY,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;QACpD,CAAC;QACD,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;IAED,IAAI,GAAa,CAAC;IAClB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YACrB,MAAM;YACN,OAAO,EAAE,YAAY;YACrB,IAAI,EAAE,SAAiC;SACxC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,IAAI,YAAY,CACpB,uBAAuB,OAAO,KAAM,GAAa,CAAC,OAAO,EAAE,EAC3D,GAAG,EACH,OAAO,CACR,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;IACjD,IAAI,OAAgB,CAAC;IACrB,IAAI,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACpC,OAAO,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;IAC/C,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;IAC7B,CAAC;IAED,IAAI,GAAG,CAAC,EAAE;QAAE,OAAO,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,EAAE,OAAY,EAAE,CAAC;IAE9D,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QACvB,MAAM,IAAI,eAAe,CACvB,GAAG,cAAc,CAAC,OAAO,EAAE,kBAAkB,CAAC,UAAU,OAAO,EAAE,EACjE,GAAG,EACH,OAAO,EACP,OAAO,CACR,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,YAAY,CAAC,OAAO,CAAC,KAAK,kBAAkB,EAAE,CAAC;QACvE,MAAM,IAAI,mBAAmB,CAC3B,GAAG,cAAc,CAAC,OAAO,EAAE,iCAAiC,CAAC,UAAU,OAAO,EAAE,EAChF,GAAG,CAAC,MAAM,EACV,OAAO,EACP,OAAO,CACR,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,YAAY,CAAC,OAAO,CAAC,KAAK,gBAAgB,EAAE,CAAC;QACrE,2EAA2E;QAC3E,yEAAyE;QACzE,2EAA2E;QAC3E,MAAM,IAAI,kBAAkB,CAC1B,GAAG,cAAc,CAAC,OAAO,EAAE,gBAAgB,CAAC,UAAU,OAAO,UAAU,GAAG,CAAC,MAAM,GAAG,EACpF,GAAG,CAAC,MAAM,EACV,OAAO,EACP,OAAO,CACR,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC7C,MAAM,IAAI,YAAY,CACpB,GAAG,cAAc,CAAC,OAAO,EAAE,cAAc,CAAC,UAAU,OAAO,UAAU,GAAG,CAAC,MAAM,GAAG,EAClF,GAAG,CAAC,MAAM,EACV,OAAO,EACP,OAAO,CACR,CAAC;IACJ,CAAC;IACD,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,YAAY,CAAC,OAAO,CAAC,KAAK,8BAA8B,EAAE,CAAC;QACnF,MAAM,IAAI,mBAAmB,CAC3B,GAAG,cAAc,CAAC,OAAO,EAAE,gCAAgC,CAAC,UAAU,OAAO,EAAE,EAC/E,GAAG,CAAC,MAAM,EACV,OAAO,EACP,OAAO,CACR,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,QAAQ,CAChB,GAAG,cAAc,CAAC,OAAO,EAAE,WAAW,CAAC,UAAU,OAAO,UAAU,GAAG,CAAC,MAAM,GAAG,EAC/E,GAAG,CAAC,MAAM,EACV,OAAO,EACP,OAAO,CACR,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,IAAa,EAAE,QAAgB;IACrD,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7D,MAAM,GAAG,GAAG,IAA+B,CAAC;QAC5C,IAAI,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,IAAI,GAAG,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,GAAG,CAAC,OAAO,CAAC;QAClF,IAAI,OAAO,GAAG,CAAC,KAAK,KAAK,QAAQ,IAAI,GAAG,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,GAAG,CAAC,KAAK,CAAC;IAC9E,CAAC;IACD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,SAAS,YAAY,CAAC,IAAa;IACjC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,CAAC;IAC1E,MAAM,IAAI,GAAI,IAAgC,CAAC,IAAI,CAAC;IACpD,OAAO,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,MAAoB;IAC9C,OAAO;QACL,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,OAAO,EAAE,CAAI,IAAY,EAAE,IAAoB,EAAE,EAAE,CAAC,OAAO,CAAI,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC;QAClF,mBAAmB,EAAE,CAAI,IAAY,EAAE,IAAoB,EAAE,EAAE,CAC7D,mBAAmB,CAAI,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC;QAC5C,UAAU,EAAE,CAAC,EAAU,EAAE,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,UAAU,CAAC,EAAE,CAAC;QAC7D,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,KAAK,EAAE,MAAM,CAAC,KAAK;KACpB,CAAC;AACJ,CAAC"}

package/dist/namespaces/operator-session.d.ts ADDED Viewed

@@ -0,0 +1,223 @@
+/**
+ * `operator.session` — the hosted/browser control-plane **session** surface
+ * (gateway v1.78 `passkey-principals-onboarding`). The write-capable human
+ * principal: log in (email magic-link / passkey / Google / GitHub), manage the
+ * session (whoami / refresh / revoke), enrol a passkey, run a step-up ceremony,
+ * and manage authenticators + recovery codes.
+ *
+ * Reached as `r.operator.session.*`. Distinct from the read-only operator
+ * overview session (`r.operator.deviceStart`/`overview`) and from the CLI
+ * loopback-PKCE write-login (`r.operator.buildCliAuthorizeUrl`/`exchangeCliToken`,
+ * which is the headless variant of this same browser ceremony). All three are
+ * the one human principal; this group is the browser/console front door that the
+ * hosted login pages and `@run402/sdk` consumers call.
+ *
+ * Isomorphic — no Node APIs. The token model mirrors {@link Operator.overview}:
+ * the public *mint* methods (`email`/`verifyEmail`/`passkey*`/`consumeRecoveryCode`)
+ * send no auth (the body or the magic-link token IS the credential); the
+ * *session-bound* methods take `opts.token` to send the `control_plane_session`
+ * bearer explicitly, and fall back to the credential provider's default auth
+ * (e.g. {@link controlPlaneSessionCredentials} or a SIWX wallet) when omitted.
+ *
+ * WebAuthn option/assertion payloads are opaque passthroughs (`unknown`) — the
+ * browser runs the actual ceremony; a headless client cannot.
+ *
+ * High-stakes writes (invite, membership, handoff, delete) require a **fresh
+ * passkey** — a magic-link/OAuth session does NOT satisfy step-up, so the
+ * gateway returns {@link StepUpRequiredError}; `stepUpOptions`/`stepUpVerify`
+ * are how a long-lived session re-establishes that freshness.
+ */
+import type { Client } from "../kernel.js";
+import type { ControlPlaneSession } from "./operator.js";
+import type { Principal, OrgMembership } from "./org.types.js";
+/** OAuth identity providers bridged for control-plane login. */
+export type ControlPlaneOAuthProvider = "google" | "github";
+/** Generic, non-enumerating response from {@link OperatorSession.email}. */
+export interface MagicLinkSendResult {
+    status: string;
+    message: string;
+    [key: string]: unknown;
+}
+/**
+ * Result of {@link OperatorSession.consumeRecoveryCode} — a minted session that
+ * cannot perform high-stakes ops until a passkey is enrolled
+ * (`must_enroll_passkey: true`). Recovery `amr` never satisfies step-up.
+ */
+export interface RecoveryConsumeResult extends ControlPlaneSession {
+    must_enroll_passkey?: boolean;
+    note?: string;
+}
+/**
+ * Result of {@link OperatorSession.whoami} (`GET /agent/v1/control-plane/session`)
+ * — the live session's principal, every org membership (newly-active rows here
+ * are the auto-claimed invites), and the freshness substrate (`amr` + per-AMR
+ * `amr_times`) the step-up gate reads. Forward-compatible.
+ */
+export interface ControlPlaneWhoAmI {
+    principal: Principal;
+    memberships: OrgMembership[];
+    /** Auth methods satisfied on this session, e.g. `["passkey"]`. */
+    amr: string[];
+    /** Per-AMR last-proven time (epoch ms or ISO), the step-up freshness source. */
+    amr_times?: Record<string, unknown>;
+    [key: string]: unknown;
+}
+/** Result of {@link OperatorSession.refresh} (`POST …/session/refresh`). */
+export interface ControlPlaneRefreshResult {
+    control_plane_session_token: string;
+    token_type?: string;
+    expires_in?: number;
+    [key: string]: unknown;
+}
+/** WebAuthn options envelope (`{ options }`) — opaque; handed to the browser. */
+export interface WebAuthnOptionsResult {
+    options: unknown;
+    [key: string]: unknown;
+}
+/** Result of {@link OperatorSession.enrollPasskeyVerify}. */
+export interface EnrollPasskeyResult {
+    status: string;
+    credential_id: string;
+    [key: string]: unknown;
+}
+/** Result of {@link OperatorSession.stepUpVerify}. */
+export interface StepUpVerifyResult {
+    status: string;
+    stepped_up: boolean;
+    [key: string]: unknown;
+}
+/** Result of {@link OperatorSession.issueRecoveryCodes} — shown ONCE. */
+export interface RecoveryCodesResult {
+    status: string;
+    recovery_codes: string[];
+    note?: string;
+    [key: string]: unknown;
+}
+/** One active authenticator (no secret material). Forward-compatible. */
+export interface Authenticator {
+    id: string;
+    kind: string;
+    [key: string]: unknown;
+}
+/** Result of {@link OperatorSession.revokeAuthenticator}. */
+export interface AuthenticatorRevokeResult {
+    status: string;
+    kind: string;
+    [key: string]: unknown;
+}
+/** Options bag carrying the optional `control_plane_session` bearer. */
+export interface SessionTokenOpts {
+    /**
+     * The `control_plane_session` bearer. When omitted, the request falls back to
+     * the credential provider's default auth (e.g. {@link controlPlaneSessionCredentials}).
+     */
+    token?: string;
+}
+export declare class OperatorSession {
+    private readonly client;
+    constructor(client: Client);
+    /**
+     * Send a control-plane sign-in magic link to `email`
+     * (`POST /agent/v1/control-plane/session/email`). Non-enumerating: an
+     * identical response whether or not the email can sign in. Rate-limited.
+     */
+    email(input: {
+        email: string;
+    }): Promise<MagicLinkSendResult>;
+    /**
+     * Exchange a magic-link token for a control-plane session
+     * (`POST …/session/email/verify`). Verifies the email, resolves/creates the
+     * principal, **auto-claims any pending invites**, and mints the session
+     * (`amr: ["email"]`).
+     */
+    verifyEmail(input: {
+        token: string;
+    }): Promise<ControlPlaneSession>;
+    /**
+     * Get WebAuthn login options for an email's passkeys
+     * (`POST …/session/passkey/options`). Opaque — pass `options` to the browser's
+     * `navigator.credentials.get`.
+     */
+    passkeyOptions(input: {
+        email: string;
+    }): Promise<WebAuthnOptionsResult>;
+    /**
+     * Verify a WebAuthn assertion and mint a session (`amr: ["passkey"]`)
+     * (`POST …/session/passkey/verify`). `response` is the opaque assertion from
+     * the browser.
+     */
+    passkeyVerify(input: {
+        email: string;
+        response: unknown;
+    }): Promise<ControlPlaneSession>;
+    /**
+     * Build the browser OAuth start URL for `provider`
+     * (`GET …/oauth/:provider/start`). Pure — no network. Open it in a browser;
+     * the gateway 302s to the provider, then the callback lands on the console
+     * with the session token in the URL fragment.
+     *
+     * Note: the live bridge can return `503` until the gateway provisions the
+     * provider's `CONTROL_PLANE_{GOOGLE,GITHUB}_*` client credentials.
+     */
+    oauthUrl(provider: ControlPlaneOAuthProvider): string;
+    /**
+     * Run the recovery-code ceremony (`POST …/recovery/consume`). Mints a session
+     * with `amr: ["recovery_code"]` which **cannot** do high-stakes ops
+     * (`must_enroll_passkey: true`) — enrol a passkey to restore full access.
+     */
+    consumeRecoveryCode(input: {
+        code: string;
+    }): Promise<RecoveryConsumeResult>;
+    /**
+     * Resolve the current session's principal + memberships + freshness
+     * (`GET /agent/v1/control-plane/session`). The `memberships` reflect any
+     * invites auto-claimed at login.
+     */
+    whoami(opts?: SessionTokenOpts): Promise<ControlPlaneWhoAmI>;
+    /** Rotate the access token (`POST …/session/refresh`). */
+    refresh(opts?: SessionTokenOpts): Promise<ControlPlaneRefreshResult>;
+    /** Sign out — revoke the session server-side (`POST …/session/revoke`). Idempotent. */
+    revoke(opts?: SessionTokenOpts): Promise<{
+        status: string;
+        [key: string]: unknown;
+    }>;
+    /** WebAuthn registration options for a new passkey (`POST …/passkey/enroll/options`). */
+    enrollPasskeyOptions(opts?: SessionTokenOpts): Promise<WebAuthnOptionsResult>;
+    /** Verify a passkey registration (`POST …/passkey/enroll/verify`). `label` names the authenticator. */
+    enrollPasskeyVerify(input: {
+        response: unknown;
+        label?: string | null;
+    } & SessionTokenOpts): Promise<EnrollPasskeyResult>;
+    /**
+     * WebAuthn step-up options for a high-stakes op (`POST …/step-up/options`).
+     * `opClass` binds the elevation, e.g. `"org.invite"` / `"org.membership"` /
+     * `"project.transfer"` (see {@link StepUpRequiredError.requiredAmr}).
+     */
+    stepUpOptions(input?: {
+        opClass?: string;
+    } & SessionTokenOpts): Promise<WebAuthnOptionsResult>;
+    /**
+     * Verify a step-up assertion (`POST …/step-up/verify`) → refreshes session
+     * passkey-freshness and records an action-bound elevation when `opClass` (and
+     * optionally `objectKind`/`objectId`) are given. Retry the gated write after.
+     */
+    stepUpVerify(input: {
+        response: unknown;
+        opClass?: string;
+        objectKind?: string | null;
+        objectId?: string | null;
+    } & SessionTokenOpts): Promise<StepUpVerifyResult>;
+    /** (Re)issue recovery codes — shown ONCE (`POST …/recovery/issue`). */
+    issueRecoveryCodes(opts?: SessionTokenOpts): Promise<RecoveryCodesResult>;
+    /** List my active authenticators — no secret material (`GET …/authenticators`). */
+    listAuthenticators(opts?: SessionTokenOpts): Promise<Authenticator[]>;
+    /**
+     * Revoke an authenticator (`DELETE …/authenticators/:id`). Step-up enforced;
+     * the gateway refuses to remove the last passkey of a sole org owner
+     * (`OWNER_NEEDS_PASSKEY`).
+     */
+    revokeAuthenticator(input: {
+        id: string;
+    } & SessionTokenOpts): Promise<AuthenticatorRevokeResult>;
+}
+//# sourceMappingURL=operator-session.d.ts.map

package/dist/namespaces/operator-session.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"operator-session.d.ts","sourceRoot":"","sources":["../../src/namespaces/operator-session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACzD,OAAO,KAAK,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAE/D,gEAAgE;AAChE,MAAM,MAAM,yBAAyB,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAE5D,4EAA4E;AAC5E,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED;;;;GAIG;AACH,MAAM,WAAW,qBAAsB,SAAQ,mBAAmB;IAChE,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;;;;GAKG;AACH,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,SAAS,CAAC;IACrB,WAAW,EAAE,aAAa,EAAE,CAAC;IAC7B,kEAAkE;IAClE,GAAG,EAAE,MAAM,EAAE,CAAC;IACd,gFAAgF;IAChF,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,4EAA4E;AAC5E,MAAM,WAAW,yBAAyB;IACxC,2BAA2B,EAAE,MAAM,CAAC;IACpC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,iFAAiF;AACjF,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,6DAA6D;AAC7D,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,sDAAsD;AACtD,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,OAAO,CAAC;IACpB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,yEAAyE;AACzE,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,yEAAyE;AACzE,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,6DAA6D;AAC7D,MAAM,WAAW,yBAAyB;IACxC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,wEAAwE;AACxE,MAAM,WAAW,gBAAgB;IAC/B;;;OAGG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,eAAe;IACd,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAI3C;;;;OAIG;IACG,KAAK,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,mBAAmB,CAAC;IASnE;;;;;OAKG;IACG,WAAW,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,mBAAmB,CAAC;IASzE;;;;OAIG;IACG,cAAc,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAS9E;;;;OAIG;IACG,aAAa,CAAC,KAAK,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,OAAO,CAAA;KAAE,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAS9F;;;;;;;;OAQG;IACH,QAAQ,CAAC,QAAQ,EAAE,yBAAyB,GAAG,MAAM;IAIrD;;;;OAIG;IACG,mBAAmB,CAAC,KAAK,EAAE;QAAE,IAAI,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAWlF;;;;OAIG;IACG,MAAM,CAAC,IAAI,GAAE,gBAAqB,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAOtE,0DAA0D;IACpD,OAAO,CAAC,IAAI,GAAE,gBAAqB,GAAG,OAAO,CAAC,yBAAyB,CAAC;IAQ9E,uFAAuF;IACjF,MAAM,CAAC,IAAI,GAAE,gBAAqB,GAAG,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC;IAU9F,yFAAyF;IACnF,oBAAoB,CAAC,IAAI,GAAE,gBAAqB,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAQvF,uGAAuG;IACjG,mBAAmB,CACvB,KAAK,EAAE;QAAE,QAAQ,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;KAAE,GAAG,gBAAgB,GACrE,OAAO,CAAC,mBAAmB,CAAC;IAY/B;;;;OAIG;IACG,aAAa,CAAC,KAAK,GAAE;QAAE,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,gBAAqB,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAUxG;;;;OAIG;IACG,YAAY,CAChB,KAAK,EAAE;QACL,QAAQ,EAAE,OAAO,CAAC;QAClB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC3B,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;KAC1B,GAAG,gBAAgB,GACnB,OAAO,CAAC,kBAAkB,CAAC;IAiB9B,uEAAuE;IACjE,kBAAkB,CAAC,IAAI,GAAE,gBAAqB,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAUnF,mFAAmF;IAC7E,kBAAkB,CAAC,IAAI,GAAE,gBAAqB,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAQ/E;;;;OAIG;IACG,mBAAmB,CAAC,KAAK,EAAE;QAAE,EAAE,EAAE,MAAM,CAAA;KAAE,GAAG,gBAAgB,GAAG,OAAO,CAAC,yBAAyB,CAAC;CAOxG"}

package/dist/namespaces/operator-session.js ADDED Viewed

@@ -0,0 +1,230 @@
+/**
+ * `operator.session` — the hosted/browser control-plane **session** surface
+ * (gateway v1.78 `passkey-principals-onboarding`). The write-capable human
+ * principal: log in (email magic-link / passkey / Google / GitHub), manage the
+ * session (whoami / refresh / revoke), enrol a passkey, run a step-up ceremony,
+ * and manage authenticators + recovery codes.
+ *
+ * Reached as `r.operator.session.*`. Distinct from the read-only operator
+ * overview session (`r.operator.deviceStart`/`overview`) and from the CLI
+ * loopback-PKCE write-login (`r.operator.buildCliAuthorizeUrl`/`exchangeCliToken`,
+ * which is the headless variant of this same browser ceremony). All three are
+ * the one human principal; this group is the browser/console front door that the
+ * hosted login pages and `@run402/sdk` consumers call.
+ *
+ * Isomorphic — no Node APIs. The token model mirrors {@link Operator.overview}:
+ * the public *mint* methods (`email`/`verifyEmail`/`passkey*`/`consumeRecoveryCode`)
+ * send no auth (the body or the magic-link token IS the credential); the
+ * *session-bound* methods take `opts.token` to send the `control_plane_session`
+ * bearer explicitly, and fall back to the credential provider's default auth
+ * (e.g. {@link controlPlaneSessionCredentials} or a SIWX wallet) when omitted.
+ *
+ * WebAuthn option/assertion payloads are opaque passthroughs (`unknown`) — the
+ * browser runs the actual ceremony; a headless client cannot.
+ *
+ * High-stakes writes (invite, membership, handoff, delete) require a **fresh
+ * passkey** — a magic-link/OAuth session does NOT satisfy step-up, so the
+ * gateway returns {@link StepUpRequiredError}; `stepUpOptions`/`stepUpVerify`
+ * are how a long-lived session re-establishes that freshness.
+ */
+export class OperatorSession {
+    client;
+    constructor(client) {
+        this.client = client;
+    }
+    // ── login / mint (public — no auth; the body or link token is the credential) ──
+    /**
+     * Send a control-plane sign-in magic link to `email`
+     * (`POST /agent/v1/control-plane/session/email`). Non-enumerating: an
+     * identical response whether or not the email can sign in. Rate-limited.
+     */
+    async email(input) {
+        return this.client.request("/agent/v1/control-plane/session/email", {
+            method: "POST",
+            body: { email: input.email },
+            withAuth: false,
+            context: "sending control-plane magic link",
+        });
+    }
+    /**
+     * Exchange a magic-link token for a control-plane session
+     * (`POST …/session/email/verify`). Verifies the email, resolves/creates the
+     * principal, **auto-claims any pending invites**, and mints the session
+     * (`amr: ["email"]`).
+     */
+    async verifyEmail(input) {
+        return this.client.request("/agent/v1/control-plane/session/email/verify", {
+            method: "POST",
+            body: { token: input.token },
+            withAuth: false,
+            context: "verifying control-plane magic link",
+        });
+    }
+    /**
+     * Get WebAuthn login options for an email's passkeys
+     * (`POST …/session/passkey/options`). Opaque — pass `options` to the browser's
+     * `navigator.credentials.get`.
+     */
+    async passkeyOptions(input) {
+        return this.client.request("/agent/v1/control-plane/session/passkey/options", {
+            method: "POST",
+            body: { email: input.email },
+            withAuth: false,
+            context: "requesting control-plane passkey login options",
+        });
+    }
+    /**
+     * Verify a WebAuthn assertion and mint a session (`amr: ["passkey"]`)
+     * (`POST …/session/passkey/verify`). `response` is the opaque assertion from
+     * the browser.
+     */
+    async passkeyVerify(input) {
+        return this.client.request("/agent/v1/control-plane/session/passkey/verify", {
+            method: "POST",
+            body: { email: input.email, response: input.response },
+            withAuth: false,
+            context: "verifying control-plane passkey login",
+        });
+    }
+    /**
+     * Build the browser OAuth start URL for `provider`
+     * (`GET …/oauth/:provider/start`). Pure — no network. Open it in a browser;
+     * the gateway 302s to the provider, then the callback lands on the console
+     * with the session token in the URL fragment.
+     *
+     * Note: the live bridge can return `503` until the gateway provisions the
+     * provider's `CONTROL_PLANE_{GOOGLE,GITHUB}_*` client credentials.
+     */
+    oauthUrl(provider) {
+        return `${this.client.apiBase}/agent/v1/control-plane/oauth/${encodeURIComponent(provider)}/start`;
+    }
+    /**
+     * Run the recovery-code ceremony (`POST …/recovery/consume`). Mints a session
+     * with `amr: ["recovery_code"]` which **cannot** do high-stakes ops
+     * (`must_enroll_passkey: true`) — enrol a passkey to restore full access.
+     */
+    async consumeRecoveryCode(input) {
+        return this.client.request("/agent/v1/control-plane/recovery/consume", {
+            method: "POST",
+            body: { code: input.code },
+            withAuth: false,
+            context: "consuming control-plane recovery code",
+        });
+    }
+    // ── session lifecycle (bearer; falls back to credential provider) ──
+    /**
+     * Resolve the current session's principal + memberships + freshness
+     * (`GET /agent/v1/control-plane/session`). The `memberships` reflect any
+     * invites auto-claimed at login.
+     */
+    async whoami(opts = {}) {
+        return this.client.request("/agent/v1/control-plane/session", {
+            ...authFor(opts),
+            context: "resolving control-plane session",
+        });
+    }
+    /** Rotate the access token (`POST …/session/refresh`). */
+    async refresh(opts = {}) {
+        return this.client.request("/agent/v1/control-plane/session/refresh", {
+            method: "POST",
+            ...authFor(opts),
+            context: "refreshing control-plane session",
+        });
+    }
+    /** Sign out — revoke the session server-side (`POST …/session/revoke`). Idempotent. */
+    async revoke(opts = {}) {
+        return this.client.request("/agent/v1/control-plane/session/revoke", {
+            method: "POST",
+            ...authFor(opts),
+            context: "revoking control-plane session",
+        });
+    }
+    // ── passkey enrollment (bearer + step-up, enforced by the gateway) ──
+    /** WebAuthn registration options for a new passkey (`POST …/passkey/enroll/options`). */
+    async enrollPasskeyOptions(opts = {}) {
+        return this.client.request("/agent/v1/control-plane/passkey/enroll/options", {
+            method: "POST",
+            ...authFor(opts),
+            context: "requesting control-plane passkey enrollment options",
+        });
+    }
+    /** Verify a passkey registration (`POST …/passkey/enroll/verify`). `label` names the authenticator. */
+    async enrollPasskeyVerify(input) {
+        const { token, response, label } = input;
+        return this.client.request("/agent/v1/control-plane/passkey/enroll/verify", {
+            method: "POST",
+            body: { response, ...(label !== undefined ? { label } : {}) },
+            ...authFor({ token }),
+            context: "verifying control-plane passkey enrollment",
+        });
+    }
+    // ── step-up ceremony (bearer) ──
+    /**
+     * WebAuthn step-up options for a high-stakes op (`POST …/step-up/options`).
+     * `opClass` binds the elevation, e.g. `"org.invite"` / `"org.membership"` /
+     * `"project.transfer"` (see {@link StepUpRequiredError.requiredAmr}).
+     */
+    async stepUpOptions(input = {}) {
+        const { token, opClass } = input;
+        return this.client.request("/agent/v1/control-plane/step-up/options", {
+            method: "POST",
+            body: opClass ? { op_class: opClass } : {},
+            ...authFor({ token }),
+            context: "requesting control-plane step-up options",
+        });
+    }
+    /**
+     * Verify a step-up assertion (`POST …/step-up/verify`) → refreshes session
+     * passkey-freshness and records an action-bound elevation when `opClass` (and
+     * optionally `objectKind`/`objectId`) are given. Retry the gated write after.
+     */
+    async stepUpVerify(input) {
+        const { token, response, opClass, objectKind, objectId } = input;
+        return this.client.request("/agent/v1/control-plane/step-up/verify", {
+            method: "POST",
+            body: {
+                response,
+                ...(opClass !== undefined ? { op_class: opClass } : {}),
+                ...(objectKind !== undefined ? { object_kind: objectKind } : {}),
+                ...(objectId !== undefined ? { object_id: objectId } : {}),
+            },
+            ...authFor({ token }),
+            context: "verifying control-plane step-up",
+        });
+    }
+    // ── recovery codes (bearer + step-up) ──
+    /** (Re)issue recovery codes — shown ONCE (`POST …/recovery/issue`). */
+    async issueRecoveryCodes(opts = {}) {
+        return this.client.request("/agent/v1/control-plane/recovery/issue", {
+            method: "POST",
+            ...authFor(opts),
+            context: "issuing control-plane recovery codes",
+        });
+    }
+    // ── authenticator management (bearer) ──
+    /** List my active authenticators — no secret material (`GET …/authenticators`). */
+    async listAuthenticators(opts = {}) {
+        const res = await this.client.request("/agent/v1/control-plane/authenticators", { ...authFor(opts), context: "listing control-plane authenticators" });
+        return res.authenticators ?? [];
+    }
+    /**
+     * Revoke an authenticator (`DELETE …/authenticators/:id`). Step-up enforced;
+     * the gateway refuses to remove the last passkey of a sole org owner
+     * (`OWNER_NEEDS_PASSKEY`).
+     */
+    async revokeAuthenticator(input) {
+        const { token, id } = input;
+        return this.client.request(`/agent/v1/control-plane/authenticators/${encodeURIComponent(id)}`, { method: "DELETE", ...authFor({ token }), context: "revoking control-plane authenticator" });
+    }
+}
+/**
+ * Build the auth half of a request: explicit `Authorization: Bearer <token>`
+ * (and `withAuth: false`) when a token is passed, else fall through to the
+ * credential provider (`withAuth` defaults true). Mirrors {@link Operator.overview}.
+ */
+function authFor(opts) {
+    return opts.token
+        ? { headers: { Authorization: `Bearer ${opts.token}` }, withAuth: false }
+        : {};
+}
+//# sourceMappingURL=operator-session.js.map

package/dist/namespaces/operator-session.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"operator-session.js","sourceRoot":"","sources":["../../src/namespaces/operator-session.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAqGH,MAAM,OAAO,eAAe;IACG;IAA7B,YAA6B,MAAc;QAAd,WAAM,GAAN,MAAM,CAAQ;IAAG,CAAC;IAE/C,kFAAkF;IAElF;;;;OAIG;IACH,KAAK,CAAC,KAAK,CAAC,KAAwB;QAClC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAsB,uCAAuC,EAAE;YACvF,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE;YAC5B,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,kCAAkC;SAC5C,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,WAAW,CAAC,KAAwB;QACxC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAsB,8CAA8C,EAAE;YAC9F,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE;YAC5B,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,oCAAoC;SAC9C,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,cAAc,CAAC,KAAwB;QAC3C,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAwB,iDAAiD,EAAE;YACnG,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE;YAC5B,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,gDAAgD;SAC1D,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,aAAa,CAAC,KAA2C;QAC7D,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAsB,gDAAgD,EAAE;YAChG,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE;YACtD,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,uCAAuC;SACjD,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;OAQG;IACH,QAAQ,CAAC,QAAmC;QAC1C,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,iCAAiC,kBAAkB,CAAC,QAAQ,CAAC,QAAQ,CAAC;IACrG,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,mBAAmB,CAAC,KAAuB;QAC/C,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAwB,0CAA0C,EAAE;YAC5F,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE;YAC1B,QAAQ,EAAE,KAAK;YACf,OAAO,EAAE,uCAAuC;SACjD,CAAC,CAAC;IACL,CAAC;IAED,sEAAsE;IAEtE;;;;OAIG;IACH,KAAK,CAAC,MAAM,CAAC,OAAyB,EAAE;QACtC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAqB,iCAAiC,EAAE;YAChF,GAAG,OAAO,CAAC,IAAI,CAAC;YAChB,OAAO,EAAE,iCAAiC;SAC3C,CAAC,CAAC;IACL,CAAC;IAED,0DAA0D;IAC1D,KAAK,CAAC,OAAO,CAAC,OAAyB,EAAE;QACvC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAA4B,yCAAyC,EAAE;YAC/F,MAAM,EAAE,MAAM;YACd,GAAG,OAAO,CAAC,IAAI,CAAC;YAChB,OAAO,EAAE,kCAAkC;SAC5C,CAAC,CAAC;IACL,CAAC;IAED,uFAAuF;IACvF,KAAK,CAAC,MAAM,CAAC,OAAyB,EAAE;QACtC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAqB,wCAAwC,EAAE;YACvF,MAAM,EAAE,MAAM;YACd,GAAG,OAAO,CAAC,IAAI,CAAC;YAChB,OAAO,EAAE,gCAAgC;SAC1C,CAAC,CAAC;IACL,CAAC;IAED,uEAAuE;IAEvE,yFAAyF;IACzF,KAAK,CAAC,oBAAoB,CAAC,OAAyB,EAAE;QACpD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAwB,gDAAgD,EAAE;YAClG,MAAM,EAAE,MAAM;YACd,GAAG,OAAO,CAAC,IAAI,CAAC;YAChB,OAAO,EAAE,qDAAqD;SAC/D,CAAC,CAAC;IACL,CAAC;IAED,uGAAuG;IACvG,KAAK,CAAC,mBAAmB,CACvB,KAAsE;QAEtE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC;QACzC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAsB,+CAA+C,EAAE;YAC/F,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE;YAC7D,GAAG,OAAO,CAAC,EAAE,KAAK,EAAE,CAAC;YACrB,OAAO,EAAE,4CAA4C;SACtD,CAAC,CAAC;IACL,CAAC;IAED,kCAAkC;IAElC;;;;OAIG;IACH,KAAK,CAAC,aAAa,CAAC,QAAiD,EAAE;QACrE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC;QACjC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAwB,yCAAyC,EAAE;YAC3F,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE;YAC1C,GAAG,OAAO,CAAC,EAAE,KAAK,EAAE,CAAC;YACrB,OAAO,EAAE,0CAA0C;SACpD,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,YAAY,CAChB,KAKoB;QAEpB,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,GAAG,KAAK,CAAC;QACjE,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAqB,wCAAwC,EAAE;YACvF,MAAM,EAAE,MAAM;YACd,IAAI,EAAE;gBACJ,QAAQ;gBACR,GAAG,CAAC,OAAO,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACvD,GAAG,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAChE,GAAG,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aAC3D;YACD,GAAG,OAAO,CAAC,EAAE,KAAK,EAAE,CAAC;YACrB,OAAO,EAAE,iCAAiC;SAC3C,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAE1C,uEAAuE;IACvE,KAAK,CAAC,kBAAkB,CAAC,OAAyB,EAAE;QAClD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAsB,wCAAwC,EAAE;YACxF,MAAM,EAAE,MAAM;YACd,GAAG,OAAO,CAAC,IAAI,CAAC;YAChB,OAAO,EAAE,sCAAsC;SAChD,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAE1C,mFAAmF;IACnF,KAAK,CAAC,kBAAkB,CAAC,OAAyB,EAAE;QAClD,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACnC,wCAAwC,EACxC,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,sCAAsC,EAAE,CACtE,CAAC;QACF,OAAO,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC;IAClC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,mBAAmB,CAAC,KAAwC;QAChE,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,GAAG,KAAK,CAAC;QAC5B,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CACxB,0CAA0C,kBAAkB,CAAC,EAAE,CAAC,EAAE,EAClE,EAAE,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAC7F,CAAC;IACJ,CAAC;CACF;AAED;;;;GAIG;AACH,SAAS,OAAO,CAAC,IAAsB;IACrC,OAAO,IAAI,CAAC,KAAK;QACf,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE;QACzE,CAAC,CAAC,EAAE,CAAC;AACT,CAAC"}

package/dist/namespaces/operator.d.ts CHANGED Viewed

@@ -18,6 +18,7 @@
  * Gateway contract: kychee-com/run402-private#443 (RFC 8628 device-auth bridge).
  */
 import type { Client } from "../kernel.js";
+import { OperatorSession } from "./operator-session.js";
 /** RFC 8628 device-authorization start response. */
 export interface DeviceAuthStart {
     device_code: string;
@@ -72,8 +73,58 @@ export interface OperatorOverview {
     advisories?: unknown[];
     [key: string]: unknown;
 }
+/**
+ * A write-capable control-plane session minted by the loopback-PKCE flow
+ * (`POST /agent/v1/control-plane/cli/token`). Distinct from the device-flow
+ * {@link OperatorSessionToken} (read-only): this carries `provenance` and
+ * `amr`, and is accepted everywhere a SIWX wallet is. Forward-compatible.
+ */
+export interface ControlPlaneSession {
+    control_plane_session_token: string;
+    token_type?: string;
+    /** Relative lifetime in seconds. */
+    expires_in?: number;
+    /** How it was minted — `loopback_pkce` for the CLI write-login. */
+    provenance?: string;
+    /** The control-plane principal id. */
+    principal_id?: string;
+    /** Auth methods satisfied (e.g. `["passkey"]`). */
+    amr?: string[];
+    [key: string]: unknown;
+}
+/** Parameters for {@link Operator.buildCliAuthorizeUrl}. */
+export interface CliAuthorizeParams {
+    /** The CLI's loopback redirect, e.g. `http://127.0.0.1:54321/callback`. */
+    redirectUri: string;
+    /** PKCE S256 challenge = base64url(sha256(verifier)). */
+    codeChallenge: string;
+    /** Opaque CSRF state echoed back on the redirect. */
+    state: string;
+    /** Replay nonce. */
+    nonce: string;
+}
+/** Parameters for {@link Operator.exchangeCliToken}. */
+export interface CliTokenExchange {
+    /** Authorization code received on the loopback redirect. */
+    code: string;
+    /** The PKCE verifier whose hash was sent as `codeChallenge`. */
+    codeVerifier: string;
+    /** Must match the `redirectUri` used at authorize time. */
+    redirectUri: string;
+    /** Must match the `state` used at authorize time. */
+    state: string;
+}
 export declare class Operator {
     private readonly client;
+    /**
+     * The hosted/browser control-plane **session** surface (gateway v1.78):
+     * `r.operator.session.email`, `verifyEmail`, `passkeyVerify`, `whoami`,
+     * `refresh`, `revoke`, and the step-up / authenticator helpers.
+     * The write-capable human login + step-up + authenticators, distinct from the
+     * read-only device/overview methods on this class and the loopback-PKCE
+     * CLI write-login below. See {@link OperatorSession}.
+     */
+    readonly session: OperatorSession;
     constructor(client: Client);
     /**
      * Begin the device-authorization flow. Unauthenticated. Returns the codes the
@@ -108,5 +159,17 @@ export declare class Operator {
     revoke(opts: {
         token: string;
     }): Promise<void>;
+    /**
+     * Build the loopback-PKCE authorize URL the CLI opens in the browser. Pure —
+     * no network, no Node APIs — so it is safe in any runtime. The caller
+     * generates `codeChallenge`/`state`/`nonce` and runs the redirect server.
+     */
+    buildCliAuthorizeUrl(params: CliAuthorizeParams): string;
+    /**
+     * Exchange the loopback authorization code (+ PKCE verifier) for a
+     * write-capable {@link ControlPlaneSession}. Unauthenticated — the code +
+     * verifier are the credential.
+     */
+    exchangeCliToken(params: CliTokenExchange): Promise<ControlPlaneSession>;
 }
 //# sourceMappingURL=operator.d.ts.map