@runtypelabs/sdk 4.14.0 → 4.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/index.cjs +1082 -257
  2. package/dist/index.d.cts +1748 -10
  3. package/dist/index.d.ts +1748 -10
  4. package/dist/index.mjs +1064 -257
  5. package/package.json +1 -1
package/dist/index.d.ts CHANGED
@@ -723,6 +723,10 @@ interface paths {
723
723
  };
724
724
  tools?: {
725
725
  approval?: {
726
+ choices?: {
727
+ alwaysAllow?: boolean;
728
+ alwaysDeny?: boolean;
729
+ };
726
730
  requestReason?: boolean;
727
731
  require: string[] | boolean;
728
732
  timeout?: number;
@@ -1092,6 +1096,10 @@ interface paths {
1092
1096
  };
1093
1097
  tools?: {
1094
1098
  approval?: {
1099
+ choices?: {
1100
+ alwaysAllow?: boolean;
1101
+ alwaysDeny?: boolean;
1102
+ };
1095
1103
  requestReason?: boolean;
1096
1104
  require: string[] | boolean;
1097
1105
  timeout?: number;
@@ -1733,6 +1741,10 @@ interface paths {
1733
1741
  };
1734
1742
  tools?: {
1735
1743
  approval?: {
1744
+ choices?: {
1745
+ alwaysAllow?: boolean;
1746
+ alwaysDeny?: boolean;
1747
+ };
1736
1748
  requestReason?: boolean;
1737
1749
  require: string[] | boolean;
1738
1750
  timeout?: number;
@@ -19880,6 +19892,153 @@ interface paths {
19880
19892
  patch?: never;
19881
19893
  trace?: never;
19882
19894
  };
19895
+ "/v1/products/ensure": {
19896
+ parameters: {
19897
+ query?: never;
19898
+ header?: never;
19899
+ path?: never;
19900
+ cookie?: never;
19901
+ };
19902
+ get?: never;
19903
+ put?: never;
19904
+ /**
19905
+ * Ensure product (config-as-code converge)
19906
+ * @description Idempotently converge a repo-defined product definition onto the platform. Identity is name + account scope. Hash-only probes skip the payload in the steady state (a miss is a normal 200 `definitionRequired` response, not an error); full requests create the product or update it when the canonical content hash differs. The converge covers the top-level product record only (description, icon, spec) — not nested capabilities/surfaces/tools or canvas layout. The response always carries the server-computed canonical hash. Set dryRun to plan without writing (CI drift gate), and onConflict: "overwrite" to converge over dashboard/API edits. Products have no version snapshots, so there is no publish option.
19907
+ */
19908
+ post: {
19909
+ parameters: {
19910
+ query?: never;
19911
+ header?: never;
19912
+ path?: never;
19913
+ cookie?: never;
19914
+ };
19915
+ requestBody?: {
19916
+ content: {
19917
+ "application/json": {
19918
+ contentHash?: string;
19919
+ definition?: {
19920
+ description?: string | null;
19921
+ icon?: string | null;
19922
+ name: string;
19923
+ spec?: {
19924
+ aiUseCases?: string[];
19925
+ complianceNeeds?: string[];
19926
+ dataSourceTypes?: string[];
19927
+ deploymentTargets?: string[];
19928
+ existingTools?: string[];
19929
+ importedFrom?: {
19930
+ importedAt: string;
19931
+ /** @enum {string} */
19932
+ source: "github" | "linear" | "chatprd" | "manual";
19933
+ sourceId?: string;
19934
+ syncEnabled?: boolean;
19935
+ };
19936
+ internalDocs?: {
19937
+ content?: string;
19938
+ resources?: {
19939
+ content?: string;
19940
+ title: string;
19941
+ type: string;
19942
+ url?: string;
19943
+ }[];
19944
+ tags?: string[];
19945
+ } | null;
19946
+ /** @enum {string} */
19947
+ loggingPolicy?: "default" | "on" | "off";
19948
+ preferredModels?: string[];
19949
+ productGoal?: string;
19950
+ /** @enum {string} */
19951
+ productStage?: "idea" | "prototype" | "beta" | "production" | "scaling";
19952
+ targetAudience?: string;
19953
+ techStack?: {
19954
+ backend?: string[];
19955
+ database?: string[];
19956
+ frontend?: string[];
19957
+ infrastructure?: string[];
19958
+ languages?: string[];
19959
+ };
19960
+ };
19961
+ };
19962
+ dryRun?: boolean;
19963
+ expectedRemoteHash?: string;
19964
+ name: string;
19965
+ /** @enum {string} */
19966
+ onConflict?: "error" | "overwrite";
19967
+ };
19968
+ };
19969
+ };
19970
+ responses: {
19971
+ /** @description Converge result: unchanged | created | updated | definitionRequired (hash miss — retry with the full definition) | plan (dryRun) */
19972
+ 200: {
19973
+ headers: {
19974
+ [name: string]: unknown;
19975
+ };
19976
+ content: {
19977
+ "application/json": components["schemas"]["ProductEnsureResponse"];
19978
+ };
19979
+ };
19980
+ /** @description Validation error */
19981
+ 400: {
19982
+ headers: {
19983
+ [name: string]: unknown;
19984
+ };
19985
+ content: {
19986
+ "application/json": components["schemas"]["Error"];
19987
+ };
19988
+ };
19989
+ /** @description Unauthorized */
19990
+ 401: {
19991
+ headers: {
19992
+ [name: string]: unknown;
19993
+ };
19994
+ content: {
19995
+ "application/json": components["schemas"]["Error"];
19996
+ };
19997
+ };
19998
+ /** @description Insufficient permissions */
19999
+ 403: {
20000
+ headers: {
20001
+ [name: string]: unknown;
20002
+ };
20003
+ content: {
20004
+ "application/json": components["schemas"]["Error"];
20005
+ };
20006
+ };
20007
+ /** @description Conflict: external_modification (last write was not ensure; pass onConflict: "overwrite") or remote_changed (expectedRemoteHash guard) */
20008
+ 409: {
20009
+ headers: {
20010
+ [name: string]: unknown;
20011
+ };
20012
+ content: {
20013
+ "application/json": components["schemas"]["ProductEnsureConflict"];
20014
+ };
20015
+ };
20016
+ /** @description Submitted contentHash does not match the server-recomputed canonical hash */
20017
+ 422: {
20018
+ headers: {
20019
+ [name: string]: unknown;
20020
+ };
20021
+ content: {
20022
+ "application/json": components["schemas"]["ProductEnsureHashMismatch"];
20023
+ };
20024
+ };
20025
+ /** @description Internal server error */
20026
+ 500: {
20027
+ headers: {
20028
+ [name: string]: unknown;
20029
+ };
20030
+ content: {
20031
+ "application/json": components["schemas"]["Error"];
20032
+ };
20033
+ };
20034
+ };
20035
+ };
20036
+ delete?: never;
20037
+ options?: never;
20038
+ head?: never;
20039
+ patch?: never;
20040
+ trace?: never;
20041
+ };
19883
20042
  "/v1/products/generation/sessions": {
19884
20043
  parameters: {
19885
20044
  query?: never;
@@ -20436,6 +20595,83 @@ interface paths {
20436
20595
  patch?: never;
20437
20596
  trace?: never;
20438
20597
  };
20598
+ "/v1/products/pull": {
20599
+ parameters: {
20600
+ query?: never;
20601
+ header?: never;
20602
+ path?: never;
20603
+ cookie?: never;
20604
+ };
20605
+ /**
20606
+ * Pull product definition (config-as-code)
20607
+ * @description Return the canonical config-as-code definition and provenance for a product by name — the absorb-drift direction of the ensure protocol. The contentHash is recomputed from the live product state, so it is accurate even immediately after a dashboard edit. Returns the top-level product record only (description, icon, spec); nested capabilities/surfaces and canvas layout are not included.
20608
+ */
20609
+ get: {
20610
+ parameters: {
20611
+ query: {
20612
+ name: string;
20613
+ };
20614
+ header?: never;
20615
+ path?: never;
20616
+ cookie?: never;
20617
+ };
20618
+ requestBody?: never;
20619
+ responses: {
20620
+ /** @description Canonical definition + provenance */
20621
+ 200: {
20622
+ headers: {
20623
+ [name: string]: unknown;
20624
+ };
20625
+ content: {
20626
+ "application/json": components["schemas"]["ProductPullResponse"];
20627
+ };
20628
+ };
20629
+ /** @description Unauthorized */
20630
+ 401: {
20631
+ headers: {
20632
+ [name: string]: unknown;
20633
+ };
20634
+ content: {
20635
+ "application/json": components["schemas"]["Error"];
20636
+ };
20637
+ };
20638
+ /** @description Insufficient permissions */
20639
+ 403: {
20640
+ headers: {
20641
+ [name: string]: unknown;
20642
+ };
20643
+ content: {
20644
+ "application/json": components["schemas"]["Error"];
20645
+ };
20646
+ };
20647
+ /** @description No product with that name in the account scope */
20648
+ 404: {
20649
+ headers: {
20650
+ [name: string]: unknown;
20651
+ };
20652
+ content: {
20653
+ "application/json": components["schemas"]["Error"];
20654
+ };
20655
+ };
20656
+ /** @description Internal server error */
20657
+ 500: {
20658
+ headers: {
20659
+ [name: string]: unknown;
20660
+ };
20661
+ content: {
20662
+ "application/json": components["schemas"]["Error"];
20663
+ };
20664
+ };
20665
+ };
20666
+ };
20667
+ put?: never;
20668
+ post?: never;
20669
+ delete?: never;
20670
+ options?: never;
20671
+ head?: never;
20672
+ patch?: never;
20673
+ trace?: never;
20674
+ };
20439
20675
  "/v1/products/{id}": {
20440
20676
  parameters: {
20441
20677
  query?: never;
@@ -21520,6 +21756,227 @@ interface paths {
21520
21756
  patch?: never;
21521
21757
  trace?: never;
21522
21758
  };
21759
+ "/v1/products/{id}/surfaces/ensure": {
21760
+ parameters: {
21761
+ query?: never;
21762
+ header?: never;
21763
+ path?: never;
21764
+ cookie?: never;
21765
+ };
21766
+ get?: never;
21767
+ put?: never;
21768
+ /**
21769
+ * Ensure surface (config-as-code converge)
21770
+ * @description Idempotently converge a repo-defined surface definition onto a product. Identity is name + product. Hash-only probes skip the payload in the steady state (a miss is a normal 200 `definitionRequired` response, not an error); full requests create the surface or update it when the canonical content hash differs. The response always carries the server-computed canonical hash. Set dryRun to plan without writing (CI drift gate), and onConflict: "overwrite" to converge over dashboard/API edits. Surfaces have no version snapshots, so there is no publish option.
21771
+ */
21772
+ post: {
21773
+ parameters: {
21774
+ query?: never;
21775
+ header?: never;
21776
+ path: {
21777
+ id: string;
21778
+ };
21779
+ cookie?: never;
21780
+ };
21781
+ requestBody?: {
21782
+ content: {
21783
+ "application/json": {
21784
+ contentHash?: string;
21785
+ definition?: {
21786
+ behavior?: {
21787
+ [key: string]: unknown;
21788
+ };
21789
+ /** @enum {string} */
21790
+ environment?: "production" | "development";
21791
+ inbound?: {
21792
+ [key: string]: unknown;
21793
+ };
21794
+ name: string;
21795
+ outbound?: {
21796
+ [key: string]: unknown;
21797
+ };
21798
+ /** @enum {string} */
21799
+ status?: "draft" | "active" | "paused";
21800
+ /** @enum {string} */
21801
+ type: "chat" | "mcp" | "mcp_code" | "api" | "webhook" | "schedule" | "a2a" | "email" | "slack" | "sms" | "imessage" | "discord" | "whatsapp" | "telegram" | "hosted-page" | "chrome_extension";
21802
+ };
21803
+ dryRun?: boolean;
21804
+ expectedRemoteHash?: string;
21805
+ name: string;
21806
+ /** @enum {string} */
21807
+ onConflict?: "error" | "overwrite";
21808
+ };
21809
+ };
21810
+ };
21811
+ responses: {
21812
+ /** @description Converge result: unchanged | created | updated | definitionRequired (hash miss — retry with the full definition) | plan (dryRun) */
21813
+ 200: {
21814
+ headers: {
21815
+ [name: string]: unknown;
21816
+ };
21817
+ content: {
21818
+ "application/json": components["schemas"]["SurfaceEnsureResponse"];
21819
+ };
21820
+ };
21821
+ /** @description Validation error */
21822
+ 400: {
21823
+ headers: {
21824
+ [name: string]: unknown;
21825
+ };
21826
+ content: {
21827
+ "application/json": components["schemas"]["Error"];
21828
+ };
21829
+ };
21830
+ /** @description Unauthorized */
21831
+ 401: {
21832
+ headers: {
21833
+ [name: string]: unknown;
21834
+ };
21835
+ content: {
21836
+ "application/json": components["schemas"]["Error"];
21837
+ };
21838
+ };
21839
+ /** @description Plan surface limit reached for the target environment (only a create counts against the quota) */
21840
+ 402: {
21841
+ headers: {
21842
+ [name: string]: unknown;
21843
+ };
21844
+ content: {
21845
+ "application/json": components["schemas"]["Error"];
21846
+ };
21847
+ };
21848
+ /** @description Insufficient permissions */
21849
+ 403: {
21850
+ headers: {
21851
+ [name: string]: unknown;
21852
+ };
21853
+ content: {
21854
+ "application/json": components["schemas"]["Error"];
21855
+ };
21856
+ };
21857
+ /** @description Product not found */
21858
+ 404: {
21859
+ headers: {
21860
+ [name: string]: unknown;
21861
+ };
21862
+ content: {
21863
+ "application/json": components["schemas"]["Error"];
21864
+ };
21865
+ };
21866
+ /** @description Conflict: external_modification (last write was not ensure; pass onConflict: "overwrite") or remote_changed (expectedRemoteHash guard) */
21867
+ 409: {
21868
+ headers: {
21869
+ [name: string]: unknown;
21870
+ };
21871
+ content: {
21872
+ "application/json": components["schemas"]["SurfaceEnsureConflict"];
21873
+ };
21874
+ };
21875
+ /** @description Submitted contentHash does not match the server-recomputed canonical hash */
21876
+ 422: {
21877
+ headers: {
21878
+ [name: string]: unknown;
21879
+ };
21880
+ content: {
21881
+ "application/json": components["schemas"]["SurfaceEnsureHashMismatch"];
21882
+ };
21883
+ };
21884
+ /** @description Internal server error */
21885
+ 500: {
21886
+ headers: {
21887
+ [name: string]: unknown;
21888
+ };
21889
+ content: {
21890
+ "application/json": components["schemas"]["Error"];
21891
+ };
21892
+ };
21893
+ };
21894
+ };
21895
+ delete?: never;
21896
+ options?: never;
21897
+ head?: never;
21898
+ patch?: never;
21899
+ trace?: never;
21900
+ };
21901
+ "/v1/products/{id}/surfaces/pull": {
21902
+ parameters: {
21903
+ query?: never;
21904
+ header?: never;
21905
+ path?: never;
21906
+ cookie?: never;
21907
+ };
21908
+ /**
21909
+ * Pull surface definition (config-as-code)
21910
+ * @description Return the canonical config-as-code definition and provenance for a surface by name within a product — the absorb-drift direction of the ensure protocol. The contentHash is recomputed from the live surface state, so it is accurate even immediately after a dashboard edit.
21911
+ */
21912
+ get: {
21913
+ parameters: {
21914
+ query: {
21915
+ name: string;
21916
+ };
21917
+ header?: never;
21918
+ path: {
21919
+ id: string;
21920
+ };
21921
+ cookie?: never;
21922
+ };
21923
+ requestBody?: never;
21924
+ responses: {
21925
+ /** @description Canonical definition + provenance */
21926
+ 200: {
21927
+ headers: {
21928
+ [name: string]: unknown;
21929
+ };
21930
+ content: {
21931
+ "application/json": components["schemas"]["SurfacePullResponse"];
21932
+ };
21933
+ };
21934
+ /** @description Unauthorized */
21935
+ 401: {
21936
+ headers: {
21937
+ [name: string]: unknown;
21938
+ };
21939
+ content: {
21940
+ "application/json": components["schemas"]["Error"];
21941
+ };
21942
+ };
21943
+ /** @description Insufficient permissions */
21944
+ 403: {
21945
+ headers: {
21946
+ [name: string]: unknown;
21947
+ };
21948
+ content: {
21949
+ "application/json": components["schemas"]["Error"];
21950
+ };
21951
+ };
21952
+ /** @description Product not found, or no surface with that name in the product */
21953
+ 404: {
21954
+ headers: {
21955
+ [name: string]: unknown;
21956
+ };
21957
+ content: {
21958
+ "application/json": components["schemas"]["Error"];
21959
+ };
21960
+ };
21961
+ /** @description Internal server error */
21962
+ 500: {
21963
+ headers: {
21964
+ [name: string]: unknown;
21965
+ };
21966
+ content: {
21967
+ "application/json": components["schemas"]["Error"];
21968
+ };
21969
+ };
21970
+ };
21971
+ };
21972
+ put?: never;
21973
+ post?: never;
21974
+ delete?: never;
21975
+ options?: never;
21976
+ head?: never;
21977
+ patch?: never;
21978
+ trace?: never;
21979
+ };
21523
21980
  "/v1/products/{id}/surfaces/{surfaceId}": {
21524
21981
  parameters: {
21525
21982
  query?: never;
@@ -31468,6 +31925,119 @@ interface paths {
31468
31925
  patch?: never;
31469
31926
  trace?: never;
31470
31927
  };
31928
+ "/v1/skills/ensure": {
31929
+ parameters: {
31930
+ query?: never;
31931
+ header?: never;
31932
+ path?: never;
31933
+ cookie?: never;
31934
+ };
31935
+ get?: never;
31936
+ put?: never;
31937
+ /**
31938
+ * Ensure skill (config-as-code converge)
31939
+ * @description Idempotently converge a repo-defined skill (SKILL.md manifest) onto the platform. Identity is name + account scope. Hash-only probes skip the payload in the steady state (a miss is a normal 200 `definitionRequired` response, not an error); full requests create the skill or append a new version when the canonical content hash differs. The response always carries the server-computed canonical hash + the version id. Set dryRun to plan without writing (CI drift gate), onConflict: "overwrite" to converge over dashboard/API edits, and release: "publish" to publish the converged version. Admin/control plane only — no review queue.
31940
+ */
31941
+ post: {
31942
+ parameters: {
31943
+ query?: never;
31944
+ header?: never;
31945
+ path?: never;
31946
+ cookie?: never;
31947
+ };
31948
+ requestBody?: {
31949
+ content: {
31950
+ "application/json": {
31951
+ contentHash?: string;
31952
+ definition?: {
31953
+ body?: string;
31954
+ frontmatter?: {
31955
+ [key: string]: unknown;
31956
+ };
31957
+ markdown?: string;
31958
+ };
31959
+ dryRun?: boolean;
31960
+ expectedRemoteHash?: string;
31961
+ name: string;
31962
+ /** @enum {string} */
31963
+ onConflict?: "error" | "overwrite";
31964
+ /** @enum {string} */
31965
+ release?: "none" | "publish";
31966
+ };
31967
+ };
31968
+ };
31969
+ responses: {
31970
+ /** @description Converge result: unchanged | created | updated | definitionRequired (hash miss — retry with the full definition) | plan (dryRun) */
31971
+ 200: {
31972
+ headers: {
31973
+ [name: string]: unknown;
31974
+ };
31975
+ content: {
31976
+ "application/json": components["schemas"]["SkillEnsureResponse"];
31977
+ };
31978
+ };
31979
+ /** @description Validation error / invalid manifest */
31980
+ 400: {
31981
+ headers: {
31982
+ [name: string]: unknown;
31983
+ };
31984
+ content: {
31985
+ "application/json": components["schemas"]["Error"];
31986
+ };
31987
+ };
31988
+ /** @description Unauthorized */
31989
+ 401: {
31990
+ headers: {
31991
+ [name: string]: unknown;
31992
+ };
31993
+ content: {
31994
+ "application/json": components["schemas"]["Error"];
31995
+ };
31996
+ };
31997
+ /** @description Insufficient permissions */
31998
+ 403: {
31999
+ headers: {
32000
+ [name: string]: unknown;
32001
+ };
32002
+ content: {
32003
+ "application/json": components["schemas"]["Error"];
32004
+ };
32005
+ };
32006
+ /** @description Conflict: external_modification (last write was not ensure; pass onConflict: "overwrite") or remote_changed (expectedRemoteHash guard) */
32007
+ 409: {
32008
+ headers: {
32009
+ [name: string]: unknown;
32010
+ };
32011
+ content: {
32012
+ "application/json": components["schemas"]["SkillEnsureConflict"];
32013
+ };
32014
+ };
32015
+ /** @description Submitted contentHash does not match the server-recomputed canonical hash (code: content_hash_mismatch), or the manifest carries an unsupported capability such as mcpServers (code: unsupported_capability) */
32016
+ 422: {
32017
+ headers: {
32018
+ [name: string]: unknown;
32019
+ };
32020
+ content: {
32021
+ "application/json": components["schemas"]["SkillEnsureUnprocessable"];
32022
+ };
32023
+ };
32024
+ /** @description Internal server error */
32025
+ 500: {
32026
+ headers: {
32027
+ [name: string]: unknown;
32028
+ };
32029
+ content: {
32030
+ "application/json": components["schemas"]["Error"];
32031
+ };
32032
+ };
32033
+ };
32034
+ };
32035
+ delete?: never;
32036
+ options?: never;
32037
+ head?: never;
32038
+ patch?: never;
32039
+ trace?: never;
32040
+ };
31471
32041
  "/v1/skills/import": {
31472
32042
  parameters: {
31473
32043
  query?: never;
@@ -31632,6 +32202,157 @@ interface paths {
31632
32202
  patch?: never;
31633
32203
  trace?: never;
31634
32204
  };
32205
+ "/v1/skills/pull": {
32206
+ parameters: {
32207
+ query?: never;
32208
+ header?: never;
32209
+ path?: never;
32210
+ cookie?: never;
32211
+ };
32212
+ /**
32213
+ * Pull skill definition (config-as-code)
32214
+ * @description Return the canonical config-as-code definition and provenance for a skill by name — the absorb-drift direction of the ensure protocol. The contentHash is recomputed from the live skill state, so it is accurate even immediately after a dashboard edit.
32215
+ */
32216
+ get: {
32217
+ parameters: {
32218
+ query: {
32219
+ name: string;
32220
+ };
32221
+ header?: never;
32222
+ path?: never;
32223
+ cookie?: never;
32224
+ };
32225
+ requestBody?: never;
32226
+ responses: {
32227
+ /** @description Canonical definition + provenance */
32228
+ 200: {
32229
+ headers: {
32230
+ [name: string]: unknown;
32231
+ };
32232
+ content: {
32233
+ "application/json": components["schemas"]["SkillPullResponse"];
32234
+ };
32235
+ };
32236
+ /** @description Unauthorized */
32237
+ 401: {
32238
+ headers: {
32239
+ [name: string]: unknown;
32240
+ };
32241
+ content: {
32242
+ "application/json": components["schemas"]["Error"];
32243
+ };
32244
+ };
32245
+ /** @description Insufficient permissions */
32246
+ 403: {
32247
+ headers: {
32248
+ [name: string]: unknown;
32249
+ };
32250
+ content: {
32251
+ "application/json": components["schemas"]["Error"];
32252
+ };
32253
+ };
32254
+ /** @description No skill with that name in the account scope */
32255
+ 404: {
32256
+ headers: {
32257
+ [name: string]: unknown;
32258
+ };
32259
+ content: {
32260
+ "application/json": components["schemas"]["Error"];
32261
+ };
32262
+ };
32263
+ /** @description Internal server error */
32264
+ 500: {
32265
+ headers: {
32266
+ [name: string]: unknown;
32267
+ };
32268
+ content: {
32269
+ "application/json": components["schemas"]["Error"];
32270
+ };
32271
+ };
32272
+ };
32273
+ };
32274
+ put?: never;
32275
+ post?: never;
32276
+ delete?: never;
32277
+ options?: never;
32278
+ head?: never;
32279
+ patch?: never;
32280
+ trace?: never;
32281
+ };
32282
+ "/v1/skills/scan": {
32283
+ parameters: {
32284
+ query?: never;
32285
+ header?: never;
32286
+ path?: never;
32287
+ cookie?: never;
32288
+ };
32289
+ get?: never;
32290
+ put?: never;
32291
+ /**
32292
+ * Scan a skill for malicious patterns
32293
+ * @description Statically scan a SKILL.md string (`markdown`) or structured manifest (`frontmatter` + `body`) and return a two-tier verdict (warning when suspected malicious, error when high-confidence malicious). Does not persist or gate.
32294
+ */
32295
+ post: {
32296
+ parameters: {
32297
+ query?: never;
32298
+ header?: never;
32299
+ path?: never;
32300
+ cookie?: never;
32301
+ };
32302
+ requestBody?: {
32303
+ content: {
32304
+ "application/json": {
32305
+ [key: string]: unknown;
32306
+ };
32307
+ };
32308
+ };
32309
+ responses: {
32310
+ /** @description Scan verdict */
32311
+ 200: {
32312
+ headers: {
32313
+ [name: string]: unknown;
32314
+ };
32315
+ content: {
32316
+ "application/json": {
32317
+ [key: string]: unknown;
32318
+ };
32319
+ };
32320
+ };
32321
+ /** @description Invalid manifest */
32322
+ 400: {
32323
+ headers: {
32324
+ [name: string]: unknown;
32325
+ };
32326
+ content: {
32327
+ "application/json": components["schemas"]["Error"];
32328
+ };
32329
+ };
32330
+ /** @description Unauthorized */
32331
+ 401: {
32332
+ headers: {
32333
+ [name: string]: unknown;
32334
+ };
32335
+ content: {
32336
+ "application/json": components["schemas"]["Error"];
32337
+ };
32338
+ };
32339
+ /** @description Insufficient permissions */
32340
+ 403: {
32341
+ headers: {
32342
+ [name: string]: unknown;
32343
+ };
32344
+ content: {
32345
+ "application/json": components["schemas"]["Error"];
32346
+ };
32347
+ };
32348
+ };
32349
+ };
32350
+ delete?: never;
32351
+ options?: never;
32352
+ head?: never;
32353
+ patch?: never;
32354
+ trace?: never;
32355
+ };
31635
32356
  "/v1/skills/{id}": {
31636
32357
  parameters: {
31637
32358
  query?: never;
@@ -32098,6 +32819,119 @@ interface paths {
32098
32819
  patch?: never;
32099
32820
  trace?: never;
32100
32821
  };
32822
+ "/v1/tool-approval-grants": {
32823
+ parameters: {
32824
+ query?: never;
32825
+ header?: never;
32826
+ path?: never;
32827
+ cookie?: never;
32828
+ };
32829
+ /**
32830
+ * List remembered tool-approval grants
32831
+ * @description List the authenticated owner's active cross-session "Always allow" grants. Optionally filter to a single agent with ?agentId=. A null endUserRef is an account-level grant.
32832
+ */
32833
+ get: {
32834
+ parameters: {
32835
+ query?: {
32836
+ agentId?: string;
32837
+ };
32838
+ header?: never;
32839
+ path?: never;
32840
+ cookie?: never;
32841
+ };
32842
+ requestBody?: never;
32843
+ responses: {
32844
+ /** @description Active grants */
32845
+ 200: {
32846
+ headers: {
32847
+ [name: string]: unknown;
32848
+ };
32849
+ content: {
32850
+ "application/json": {
32851
+ data: components["schemas"]["ToolApprovalGrant"][];
32852
+ };
32853
+ };
32854
+ };
32855
+ /** @description Unauthorized */
32856
+ 401: {
32857
+ headers: {
32858
+ [name: string]: unknown;
32859
+ };
32860
+ content: {
32861
+ "application/json": components["schemas"]["Error"];
32862
+ };
32863
+ };
32864
+ };
32865
+ };
32866
+ put?: never;
32867
+ post?: never;
32868
+ delete?: never;
32869
+ options?: never;
32870
+ head?: never;
32871
+ patch?: never;
32872
+ trace?: never;
32873
+ };
32874
+ "/v1/tool-approval-grants/{id}": {
32875
+ parameters: {
32876
+ query?: never;
32877
+ header?: never;
32878
+ path?: never;
32879
+ cookie?: never;
32880
+ };
32881
+ get?: never;
32882
+ put?: never;
32883
+ post?: never;
32884
+ /**
32885
+ * Revoke a remembered tool-approval grant
32886
+ * @description Revoke (soft-delete) a grant so the tool prompts for approval again on future dispatches. Ownership-scoped.
32887
+ */
32888
+ delete: {
32889
+ parameters: {
32890
+ query?: never;
32891
+ header?: never;
32892
+ path: {
32893
+ id: string;
32894
+ };
32895
+ cookie?: never;
32896
+ };
32897
+ requestBody?: never;
32898
+ responses: {
32899
+ /** @description Revoked */
32900
+ 200: {
32901
+ headers: {
32902
+ [name: string]: unknown;
32903
+ };
32904
+ content: {
32905
+ "application/json": {
32906
+ revoked: boolean;
32907
+ };
32908
+ };
32909
+ };
32910
+ /** @description Unauthorized */
32911
+ 401: {
32912
+ headers: {
32913
+ [name: string]: unknown;
32914
+ };
32915
+ content: {
32916
+ "application/json": components["schemas"]["Error"];
32917
+ };
32918
+ };
32919
+ /** @description Grant not found */
32920
+ 404: {
32921
+ headers: {
32922
+ [name: string]: unknown;
32923
+ };
32924
+ content: {
32925
+ "application/json": components["schemas"]["Error"];
32926
+ };
32927
+ };
32928
+ };
32929
+ };
32930
+ options?: never;
32931
+ head?: never;
32932
+ patch?: never;
32933
+ trace?: never;
32934
+ };
32101
32935
  "/v1/tools": {
32102
32936
  parameters: {
32103
32937
  query?: never;
@@ -34059,6 +34893,7 @@ interface paths {
34059
34893
  enableChromeSurface: boolean;
34060
34894
  enableDashboardAssistant: boolean;
34061
34895
  enableRuntypeApps: boolean;
34896
+ enableSkillScanner: boolean;
34062
34897
  productGeneratorModel: string;
34063
34898
  };
34064
34899
  id: string;
@@ -34629,6 +35464,10 @@ interface components {
34629
35464
  };
34630
35465
  tools?: {
34631
35466
  approval?: {
35467
+ choices?: {
35468
+ alwaysAllow?: boolean;
35469
+ alwaysDeny?: boolean;
35470
+ };
34632
35471
  requestReason?: boolean;
34633
35472
  require: string[] | boolean;
34634
35473
  timeout?: number;
@@ -35395,6 +36234,7 @@ interface components {
35395
36234
  /** @enum {string} */
35396
36235
  type: "flow_start";
35397
36236
  } | {
36237
+ claudeManagedAgentId?: string;
35398
36238
  completedAt?: string;
35399
36239
  completedSteps?: number;
35400
36240
  duration?: number;
@@ -35879,6 +36719,7 @@ interface components {
35879
36719
  /** @enum {string} */
35880
36720
  type: "flow_start";
35881
36721
  } | {
36722
+ claudeManagedAgentId?: string;
35882
36723
  completedAt?: string;
35883
36724
  completedSteps?: number;
35884
36725
  duration?: number;
@@ -36239,12 +37080,136 @@ interface components {
36239
37080
  totalCount?: number;
36240
37081
  totalPages?: number;
36241
37082
  };
37083
+ ProductEnsureConflict: {
37084
+ /** @enum {string} */
37085
+ code: "external_modification" | "remote_changed";
37086
+ currentHash?: string | null;
37087
+ error: string;
37088
+ lastModifiedSource?: string;
37089
+ modifiedAt?: string | null;
37090
+ };
37091
+ ProductEnsureHashMismatch: {
37092
+ /** @enum {string} */
37093
+ code: "content_hash_mismatch";
37094
+ /** @description The server-computed canonical hash of the submitted definition. */
37095
+ contentHash: string;
37096
+ error: string;
37097
+ };
37098
+ ProductEnsureResponse: {
37099
+ /** @description Server-computed canonical content hash. Clients should echo this hash in probes. */
37100
+ contentHash: string;
37101
+ productId: string;
37102
+ /** @enum {string} */
37103
+ result: "unchanged" | "created" | "updated";
37104
+ } | {
37105
+ /** @enum {string} */
37106
+ result: "definitionRequired";
37107
+ } | {
37108
+ changedKeys: string[];
37109
+ /** @enum {string} */
37110
+ changes: "none" | "create" | "update";
37111
+ contentHash: string;
37112
+ productId?: string;
37113
+ remoteHash?: string;
37114
+ /** @enum {string} */
37115
+ result: "plan";
37116
+ };
37117
+ ProductPullResponse: {
37118
+ contentHash: string;
37119
+ definition: {
37120
+ description?: string | null;
37121
+ icon?: string | null;
37122
+ name: string;
37123
+ spec?: {
37124
+ aiUseCases?: string[];
37125
+ complianceNeeds?: string[];
37126
+ dataSourceTypes?: string[];
37127
+ deploymentTargets?: string[];
37128
+ existingTools?: string[];
37129
+ importedFrom?: {
37130
+ importedAt: string;
37131
+ /** @enum {string} */
37132
+ source: "github" | "linear" | "chatprd" | "manual";
37133
+ sourceId?: string;
37134
+ syncEnabled?: boolean;
37135
+ };
37136
+ internalDocs?: {
37137
+ content?: string;
37138
+ resources?: {
37139
+ content?: string;
37140
+ title: string;
37141
+ type: string;
37142
+ url?: string;
37143
+ }[];
37144
+ tags?: string[];
37145
+ } | null;
37146
+ /** @enum {string} */
37147
+ loggingPolicy?: "default" | "on" | "off";
37148
+ preferredModels?: string[];
37149
+ productGoal?: string;
37150
+ /** @enum {string} */
37151
+ productStage?: "idea" | "prototype" | "beta" | "production" | "scaling";
37152
+ targetAudience?: string;
37153
+ techStack?: {
37154
+ backend?: string[];
37155
+ database?: string[];
37156
+ frontend?: string[];
37157
+ infrastructure?: string[];
37158
+ languages?: string[];
37159
+ };
37160
+ };
37161
+ };
37162
+ lastModifiedSource: string | null;
37163
+ productId: string;
37164
+ updatedAt: string | null;
37165
+ };
36242
37166
  RecordFilterCondition: {
36243
37167
  field: string;
36244
37168
  /** @enum {string} */
36245
37169
  op: "eq" | "neq" | "gt" | "gte" | "lt" | "lte" | "between" | "contains" | "startsWith" | "endsWith" | "in" | "notIn" | "isSet" | "isNotSet" | "isTrue" | "isFalse" | "withinLastDays" | "olderThanDays";
36246
37170
  value?: unknown;
36247
37171
  };
37172
+ SkillEnsureConflict: {
37173
+ /** @enum {string} */
37174
+ code: "external_modification" | "remote_changed";
37175
+ currentHash?: string | null;
37176
+ error: string;
37177
+ lastModifiedSource?: string;
37178
+ modifiedAt?: string | null;
37179
+ };
37180
+ SkillEnsureHashMismatch: {
37181
+ /** @enum {string} */
37182
+ code: "content_hash_mismatch";
37183
+ /** @description The server-computed canonical hash of the submitted manifest. */
37184
+ contentHash: string;
37185
+ error: string;
37186
+ };
37187
+ SkillEnsureResponse: {
37188
+ /** @description Server-computed canonical content hash. Clients should echo this hash in probes. */
37189
+ contentHash: string;
37190
+ /** @enum {string} */
37191
+ result: "unchanged" | "created" | "updated";
37192
+ skillId: string;
37193
+ versionId: string | null;
37194
+ } | {
37195
+ /** @enum {string} */
37196
+ result: "definitionRequired";
37197
+ } | {
37198
+ changedKeys: string[];
37199
+ /** @enum {string} */
37200
+ changes: "none" | "create" | "update";
37201
+ contentHash: string;
37202
+ remoteHash?: string;
37203
+ /** @enum {string} */
37204
+ result: "plan";
37205
+ skillId?: string;
37206
+ };
37207
+ SkillEnsureUnprocessable: components["schemas"]["SkillEnsureHashMismatch"] | components["schemas"]["SkillEnsureUnsupportedCapability"];
37208
+ SkillEnsureUnsupportedCapability: {
37209
+ /** @enum {string} */
37210
+ code: "unsupported_capability";
37211
+ error: string;
37212
+ };
36248
37213
  SkillProposal: {
36249
37214
  createdAt: string;
36250
37215
  id: string;
@@ -36257,6 +37222,89 @@ interface components {
36257
37222
  skillVersionId: string;
36258
37223
  status: string;
36259
37224
  };
37225
+ SkillPullResponse: {
37226
+ contentHash: string;
37227
+ definition: {
37228
+ manifest: {
37229
+ [key: string]: unknown;
37230
+ };
37231
+ name: string;
37232
+ };
37233
+ lastModifiedSource: string | null;
37234
+ skillId: string;
37235
+ updatedAt: string | null;
37236
+ versionId: string | null;
37237
+ };
37238
+ SurfaceEnsureConflict: {
37239
+ /** @enum {string} */
37240
+ code: "external_modification" | "remote_changed";
37241
+ currentHash?: string | null;
37242
+ error: string;
37243
+ lastModifiedSource?: string;
37244
+ modifiedAt?: string | null;
37245
+ };
37246
+ SurfaceEnsureHashMismatch: {
37247
+ /** @enum {string} */
37248
+ code: "content_hash_mismatch";
37249
+ /** @description The server-computed canonical hash of the submitted definition. */
37250
+ contentHash: string;
37251
+ error: string;
37252
+ };
37253
+ SurfaceEnsureResponse: {
37254
+ /** @description Server-computed canonical content hash. Clients should echo this hash in probes. */
37255
+ contentHash: string;
37256
+ /** @enum {string} */
37257
+ result: "unchanged" | "created" | "updated";
37258
+ surfaceId: string;
37259
+ } | {
37260
+ /** @enum {string} */
37261
+ result: "definitionRequired";
37262
+ } | {
37263
+ changedKeys: string[];
37264
+ /** @enum {string} */
37265
+ changes: "none" | "create" | "update";
37266
+ contentHash: string;
37267
+ remoteHash?: string;
37268
+ /** @enum {string} */
37269
+ result: "plan";
37270
+ surfaceId?: string;
37271
+ };
37272
+ SurfacePullResponse: {
37273
+ contentHash: string;
37274
+ definition: {
37275
+ behavior?: {
37276
+ [key: string]: unknown;
37277
+ };
37278
+ /** @enum {string} */
37279
+ environment?: "production" | "development";
37280
+ inbound?: {
37281
+ [key: string]: unknown;
37282
+ };
37283
+ name: string;
37284
+ outbound?: {
37285
+ [key: string]: unknown;
37286
+ };
37287
+ /** @enum {string} */
37288
+ status?: "draft" | "active" | "paused";
37289
+ /** @enum {string} */
37290
+ type: "chat" | "mcp" | "mcp_code" | "api" | "webhook" | "schedule" | "a2a" | "email" | "slack" | "sms" | "imessage" | "discord" | "whatsapp" | "telegram" | "hosted-page" | "chrome_extension";
37291
+ };
37292
+ lastModifiedSource: string | null;
37293
+ surfaceId: string;
37294
+ updatedAt: string | null;
37295
+ };
37296
+ ToolApprovalGrant: {
37297
+ agentId: string;
37298
+ createdAt: string;
37299
+ decision: string;
37300
+ endUserRef: string | null;
37301
+ expiresAt: string | null;
37302
+ id: string;
37303
+ sourceApprovalId: string | null;
37304
+ sourceExecutionId: string | null;
37305
+ toolName: string;
37306
+ toolType: string;
37307
+ };
36260
37308
  ToolEnsureConflict: {
36261
37309
  /** @enum {string} */
36262
37310
  code: "external_modification" | "remote_changed";
@@ -36615,7 +37663,7 @@ interface FetchUrlStepConfig$1 {
36615
37663
  [key: string]: any;
36616
37664
  };
36617
37665
  /** Error handling configuration - supports simple mode or fallback chains */
36618
- errorHandling?: ErrorHandlingMode | ContextErrorHandling;
37666
+ errorHandling?: ContextErrorHandling;
36619
37667
  defaultValue?: unknown;
36620
37668
  streamOutput?: boolean;
36621
37669
  enabled?: boolean;
@@ -36644,7 +37692,7 @@ interface CrawlStepConfig$1 {
36644
37692
  jsonOptions?: Record<string, unknown>;
36645
37693
  outputVariable?: string;
36646
37694
  streamOutput?: boolean;
36647
- errorHandling?: ErrorHandlingMode | ContextErrorHandling;
37695
+ errorHandling?: ContextErrorHandling;
36648
37696
  pollIntervalMs?: number;
36649
37697
  completionTimeoutMs?: number;
36650
37698
  defaultValue?: unknown;
@@ -36667,7 +37715,7 @@ interface TransformDataStepConfig$1 {
36667
37715
  networkAccess?: 'off' | 'on' | {
36668
37716
  allowedHostnames: string[];
36669
37717
  };
36670
- errorHandling?: ErrorHandlingMode | ContextErrorHandling;
37718
+ errorHandling?: ContextErrorHandling;
36671
37719
  defaultValue?: unknown;
36672
37720
  tools?: {
36673
37721
  toolIds?: string[];
@@ -36719,7 +37767,7 @@ interface SearchStepConfig$1 {
36719
37767
  outputVariable?: string;
36720
37768
  returnCitations?: boolean;
36721
37769
  /** Error handling configuration - supports simple mode or fallback chains */
36722
- errorHandling?: ErrorHandlingMode | ContextErrorHandling;
37770
+ errorHandling?: ContextErrorHandling;
36723
37771
  streamOutput?: boolean;
36724
37772
  enabled?: boolean;
36725
37773
  /** JavaScript predicate evaluated at runtime. If falsy, the step is skipped. */
@@ -36742,7 +37790,7 @@ interface SendEmailStepConfig$1 {
36742
37790
  }>;
36743
37791
  outputVariable?: string;
36744
37792
  /** Error handling configuration - supports simple mode or fallback chains */
36745
- errorHandling?: ErrorHandlingMode | ContextErrorHandling;
37793
+ errorHandling?: ContextErrorHandling;
36746
37794
  defaultValue?: unknown;
36747
37795
  streamOutput?: boolean;
36748
37796
  enabled?: boolean;
@@ -36807,7 +37855,7 @@ interface UpsertRecordStepConfig$1 {
36807
37855
  mergeStrategy?: 'merge' | 'replace';
36808
37856
  outputVariable?: string;
36809
37857
  /** Error handling configuration - supports simple mode or fallback chains */
36810
- errorHandling?: ErrorHandlingMode | ContextErrorHandling;
37858
+ errorHandling?: ContextErrorHandling;
36811
37859
  streamOutput?: boolean;
36812
37860
  enabled?: boolean;
36813
37861
  /** JavaScript predicate evaluated at runtime. If falsy, the step is skipped. */
@@ -36869,7 +37917,7 @@ interface WaitUntilStepConfig$1 {
36869
37917
  };
36870
37918
  outputVariable?: string;
36871
37919
  /** Error handling configuration - supports simple mode or fallback chains */
36872
- errorHandling?: ErrorHandlingMode | ContextErrorHandling;
37920
+ errorHandling?: ContextErrorHandling;
36873
37921
  streamOutput?: boolean;
36874
37922
  enabled?: boolean;
36875
37923
  /** JavaScript predicate evaluated at runtime. If falsy, the step is skipped. */
@@ -36882,7 +37930,7 @@ interface SendEventStepConfig$1 {
36882
37930
  properties?: Record<string, any>;
36883
37931
  outputVariable?: string;
36884
37932
  /** Error handling configuration - supports simple mode or fallback chains */
36885
- errorHandling?: ErrorHandlingMode | ContextErrorHandling;
37933
+ errorHandling?: ContextErrorHandling;
36886
37934
  streamOutput?: boolean;
36887
37935
  enabled?: boolean;
36888
37936
  /** JavaScript predicate evaluated at runtime. If falsy, the step is skipped. */
@@ -36895,7 +37943,7 @@ interface SendTextStepConfig$1 {
36895
37943
  message: string;
36896
37944
  outputVariable?: string;
36897
37945
  /** Error handling configuration - supports simple mode or fallback chains */
36898
- errorHandling?: ErrorHandlingMode | ContextErrorHandling;
37946
+ errorHandling?: ContextErrorHandling;
36899
37947
  streamOutput?: boolean;
36900
37948
  enabled?: boolean;
36901
37949
  /** JavaScript predicate evaluated at runtime. If falsy, the step is skipped. */
@@ -39718,6 +40766,144 @@ declare class PromptsNamespace {
39718
40766
  delete(promptId: string): Promise<void>;
39719
40767
  }
39720
40768
 
40769
+ /**
40770
+ * Skill config-as-code: `defineSkill`, `skills.ensure`, `skills.pull`.
40771
+ *
40772
+ * The deploy-time convergence postcondition for Agent Skills: "make the
40773
+ * platform's definition of this skill match this manifest; no-op if it already
40774
+ * does." Identity is name + account scope (the API key's org, else personal);
40775
+ * environment is whichever API the client points at. `ensure` never deletes,
40776
+ * and renaming a manifest orphans the old skill and creates a new one.
40777
+ *
40778
+ * This is the admin/control-plane converge — API scopes only, no review queue.
40779
+ * It is NOT the deployed-agent `propose_skill` data plane.
40780
+ *
40781
+ * Wire protocol (POST /v1/skills/ensure — APQ-shaped, both APQ scars fixed):
40782
+ * 1. Hash-only probe `{ name, contentHash }`. A match is
40783
+ * `{ result: 'unchanged' }`; a miss is a NORMAL 200
40784
+ * `{ result: 'definitionRequired' }`, never an error.
40785
+ * 2. On a miss, retry with the full `definition`. The server recomputes the
40786
+ * canonical hash itself and returns it on every response — this SDK echoes
40787
+ * the server's hash (memoized per client instance) rather than trusting its
40788
+ * own serialization.
40789
+ *
40790
+ * Like agents/flows (and unlike tools), skills HAVE version snapshots: every
40791
+ * change appends an immutable version, the result carries a `versionId`, and
40792
+ * `release: 'publish'` re-aims the published-version pointer.
40793
+ *
40794
+ * The content hash is the canonical skill hash (`computeSkillContentHash` —
40795
+ * mirrored from `packages/shared/src/utils/skill-content-hash.ts`; this package
40796
+ * is dependency-free by convention) over the manifest `{ frontmatter (name
40797
+ * excluded), runtype, body }`. `name` is identity, not content.
40798
+ *
40799
+ * See docs/adr/0003-agent-config-as-code-ensure.md for the design rationale.
40800
+ */
40801
+
40802
+ interface SkillContentInput {
40803
+ /** Identity — excluded from the hash. */
40804
+ name: string;
40805
+ manifest: SkillManifest | Record<string, unknown>;
40806
+ }
40807
+ /** Canonical normalized form of a skill manifest (frontmatter name excluded). */
40808
+ declare function normalizeSkillDefinition(definition: SkillContentInput): {
40809
+ frontmatter: Record<string, unknown>;
40810
+ runtype: Record<string, unknown>;
40811
+ body: string;
40812
+ };
40813
+ /** SHA-256 (hex) over the canonical normalized skill manifest. */
40814
+ declare function computeSkillContentHash(definition: SkillContentInput): Promise<string>;
40815
+ /** `defineSkill` input: identity (name) + the convergeable manifest content. */
40816
+ interface DefineSkillInput {
40817
+ name: string;
40818
+ manifest: SkillManifest;
40819
+ }
40820
+ /** The canonical (wire) definition produced by `defineSkill`. */
40821
+ interface SkillDefinition {
40822
+ name: string;
40823
+ manifest: SkillManifest;
40824
+ }
40825
+ /**
40826
+ * Pure-local declarative constructor for a skill definition. No I/O. Validates
40827
+ * structure, rejects unknown fields, and asserts the manifest's frontmatter
40828
+ * name matches the identity name. Deep validation (capability gate, length
40829
+ * limits) happens server-side at ensure time, mirroring the create/update
40830
+ * routes.
40831
+ *
40832
+ * @example
40833
+ * ```typescript
40834
+ * const reviewer = defineSkill({
40835
+ * name: 'code_reviewer',
40836
+ * manifest: {
40837
+ * frontmatter: { name: 'code_reviewer', description: 'Reviews pull requests' },
40838
+ * runtype: { trustLevel: 'org' },
40839
+ * body: '# Code Reviewer\n\nReview the diff for bugs...',
40840
+ * },
40841
+ * })
40842
+ * ```
40843
+ */
40844
+ declare function defineSkill(input: DefineSkillInput): SkillDefinition;
40845
+ interface EnsureSkillOptions {
40846
+ /** Plan without writing (the CI drift gate). Sends the full definition. */
40847
+ dryRun?: boolean;
40848
+ /**
40849
+ * What to do when the skill's last write came from the dashboard/API rather
40850
+ * than ensure. Default 'error' (HTTP 409 → SkillEnsureConflictError).
40851
+ */
40852
+ onConflict?: 'error' | 'overwrite';
40853
+ /** 'publish' also re-aims the published-version pointer. Default 'none'. */
40854
+ release?: 'none' | 'publish';
40855
+ /**
40856
+ * TOCTOU guard binding a dry run to its apply: the write only proceeds if the
40857
+ * remote still hashes to this value (409 remote_changed otherwise).
40858
+ */
40859
+ expectedRemoteHash?: string;
40860
+ /** Implies dryRun; throws SkillDriftError unless the plan is 'none'. */
40861
+ expectNoChanges?: boolean;
40862
+ }
40863
+ interface EnsureSkillConverged {
40864
+ result: 'unchanged' | 'created' | 'updated';
40865
+ skillId: string;
40866
+ versionId: string | null;
40867
+ /** The server-computed canonical hash (echo this — never your own). */
40868
+ contentHash: string;
40869
+ }
40870
+ interface EnsureSkillPlan {
40871
+ result: 'plan';
40872
+ changes: 'none' | 'create' | 'update';
40873
+ changedKeys: string[];
40874
+ contentHash: string;
40875
+ remoteHash?: string;
40876
+ skillId?: string;
40877
+ }
40878
+ type EnsureSkillResult = EnsureSkillConverged | EnsureSkillPlan;
40879
+ interface SkillPullResult {
40880
+ skillId: string;
40881
+ definition: SkillDefinition;
40882
+ contentHash: string;
40883
+ lastModifiedSource: string | null;
40884
+ updatedAt: string | null;
40885
+ versionId: string | null;
40886
+ }
40887
+ /** A 409 from the ensure protocol (external_modification or remote_changed). */
40888
+ declare class SkillEnsureConflictError extends Error {
40889
+ readonly code: 'external_modification' | 'remote_changed';
40890
+ readonly lastModifiedSource?: string;
40891
+ readonly modifiedAt?: string | null;
40892
+ readonly currentHash?: string | null;
40893
+ constructor(body: {
40894
+ error?: string;
40895
+ code: 'external_modification' | 'remote_changed';
40896
+ lastModifiedSource?: string;
40897
+ modifiedAt?: string | null;
40898
+ currentHash?: string | null;
40899
+ });
40900
+ }
40901
+ /** Thrown by `ensure(def, { expectNoChanges: true })` when drift is detected. */
40902
+ declare class SkillDriftError extends Error {
40903
+ readonly plan: EnsureSkillPlan;
40904
+ constructor(plan: EnsureSkillPlan);
40905
+ }
40906
+
39721
40907
  /**
39722
40908
  * SkillsNamespace — admin/control-plane operations for Agent Skills.
39723
40909
  *
@@ -39914,6 +41100,43 @@ interface SkillManifestInput {
39914
41100
  }
39915
41101
  /** A skill create/update payload — either a SKILL.md string or a manifest. */
39916
41102
  type SkillWriteInput = SkillMarkdownInput | SkillManifestInput;
41103
+ /** Per-finding tier surfaced to the user. */
41104
+ interface SkillScanFinding {
41105
+ ruleId: string;
41106
+ category: string | null;
41107
+ severity: 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL';
41108
+ confidence: number;
41109
+ tier: 'warning' | 'error';
41110
+ hardBlock: boolean;
41111
+ message: string;
41112
+ file: string;
41113
+ startLine: number;
41114
+ remediation: string | null;
41115
+ }
41116
+ /** Two-tier verdict over a skill scan. `tier` is authoritative. */
41117
+ interface SkillScanVerdict {
41118
+ tier: 'clean' | 'warning' | 'error';
41119
+ riskScore: number;
41120
+ riskSeverity: 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL';
41121
+ recommendation: 'SAFE' | 'CAUTION' | 'DO_NOT_INSTALL';
41122
+ errors: SkillScanFinding[];
41123
+ warnings: SkillScanFinding[];
41124
+ summary: string;
41125
+ scannerVersion: string;
41126
+ verdictVersion: number;
41127
+ }
41128
+ /** The `POST /v1/skills/scan` response. */
41129
+ interface SkillScanResult {
41130
+ status: 'passed' | 'warning' | 'blocked' | 'scanner_error';
41131
+ verdict: SkillScanVerdict;
41132
+ reportBody: string;
41133
+ scannerVersion: string;
41134
+ completedAt: string;
41135
+ error?: {
41136
+ code: string;
41137
+ message: string;
41138
+ };
41139
+ }
39917
41140
  /** Options for binding a skill to an agent. */
39918
41141
  interface BindSkillInput {
39919
41142
  agentId: string;
@@ -40074,6 +41297,19 @@ declare class SkillsNamespace {
40074
41297
  * ```
40075
41298
  */
40076
41299
  publishVersion(skillId: string, versionId: string): Promise<void>;
41300
+ /**
41301
+ * Statically scan a SKILL.md document for malicious patterns and return a
41302
+ * two-tier verdict — `warning` when a skill appears suspicious (low–medium
41303
+ * confidence), `error` when high-confidence malicious. Does not persist or
41304
+ * gate; use it as a "scan before save" affordance.
41305
+ *
41306
+ * @example
41307
+ * ```typescript
41308
+ * const { verdict } = await Runtype.skills.scan(skillMarkdown)
41309
+ * if (verdict.tier === 'error') console.warn(verdict.summary)
41310
+ * ```
41311
+ */
41312
+ scan(markdown: string): Promise<SkillScanResult>;
40077
41313
  /**
40078
41314
  * Import a single SKILL.md document. The imported skill lands with
40079
41315
  * `trustLevel: 'imported'` and a draft version.
@@ -40102,6 +41338,36 @@ declare class SkillsNamespace {
40102
41338
  * ```
40103
41339
  */
40104
41340
  listBindings(agentId: string): Promise<AgentSkillBinding[]>;
41341
+ /**
41342
+ * Idempotently converge a `defineSkill` definition onto the platform.
41343
+ * Hash-first: the steady state is one tiny probe request. Creates or appends a
41344
+ * new version; never deletes. Identity is name + account scope. Pass
41345
+ * `release: 'publish'` to publish the converged version.
41346
+ *
41347
+ * @example
41348
+ * ```typescript
41349
+ * const reviewer = defineSkill({
41350
+ * name: 'code_reviewer',
41351
+ * manifest: {
41352
+ * frontmatter: { name: 'code_reviewer', description: 'Reviews pull requests' },
41353
+ * runtype: { trustLevel: 'org' },
41354
+ * body: '# Code Reviewer\n\nReview the diff...',
41355
+ * },
41356
+ * })
41357
+ *
41358
+ * // Converge + publish (CI/deploy).
41359
+ * const result = await Runtype.skills.ensure(reviewer, { release: 'publish' })
41360
+ *
41361
+ * // PR drift gate.
41362
+ * await Runtype.skills.ensure(reviewer, { expectNoChanges: true })
41363
+ * ```
41364
+ */
41365
+ ensure(definition: SkillDefinition, options?: EnsureSkillOptions): Promise<EnsureSkillResult>;
41366
+ /**
41367
+ * Pull the canonical definition + provenance for a skill by name — the
41368
+ * absorb-drift direction of the ensure protocol.
41369
+ */
41370
+ pull(name: string): Promise<SkillPullResult>;
40105
41371
  }
40106
41372
 
40107
41373
  /**
@@ -40536,6 +41802,382 @@ declare class ToolsNamespace {
40536
41802
  pull(name: string): Promise<ToolPullResult>;
40537
41803
  }
40538
41804
 
41805
+ /**
41806
+ * Product config-as-code: `defineProduct`, `products.ensure`, `products.pull`.
41807
+ *
41808
+ * The deploy-time convergence postcondition for the top-level product record:
41809
+ * "make the platform's definition of this product match this object; no-op if
41810
+ * it already does." Identity is name + account scope (the API key's org, else
41811
+ * personal); environment is whichever API the client points at. `ensure` never
41812
+ * deletes, and renaming a definition orphans the old product and creates a new
41813
+ * one.
41814
+ *
41815
+ * SCOPE (v1): the converge covers the TOP-LEVEL product record only — name
41816
+ * (identity), description, icon, and the `spec` (ProductSpec). It does NOT
41817
+ * converge nested capabilities/surfaces/tools/records/schedules, and it does
41818
+ * NOT converge `canvas` (architecture-viewer UI layout state).
41819
+ *
41820
+ * Wire protocol (POST /v1/products/ensure — APQ-shaped, both APQ scars fixed):
41821
+ * 1. Hash-only probe `{ name, contentHash }`. A match is
41822
+ * `{ result: 'unchanged' }`; a miss is a NORMAL 200
41823
+ * `{ result: 'definitionRequired' }`, never an error.
41824
+ * 2. On a miss, retry with the full `definition`. The server recomputes the
41825
+ * canonical hash itself and returns it on every response — this SDK
41826
+ * echoes the server's hash (memoized per client instance) rather than
41827
+ * trusting its own serialization.
41828
+ *
41829
+ * Unlike agents/flows, products have NO version snapshots: there is no
41830
+ * `release: 'publish'` option and no `versionId` on the result.
41831
+ *
41832
+ * The content hash is the canonical product hash (`computeProductContentHash` —
41833
+ * mirrored from `packages/shared/src/utils/product-content-hash.ts`; this
41834
+ * package is dependency-free by convention) over `{ description, icon, spec }`.
41835
+ * `name` is identity, not content, so it is excluded from the hash; `canvas` is
41836
+ * UI state and is excluded too.
41837
+ *
41838
+ * See docs/adr/0003-agent-config-as-code-ensure.md for the design rationale.
41839
+ */
41840
+
41841
+ /** Canonical normalized form of a product definition (name + canvas excluded). */
41842
+ declare function normalizeProductDefinition(definition: ProductContentInput): {
41843
+ description?: string;
41844
+ icon?: string;
41845
+ spec: Record<string, unknown>;
41846
+ };
41847
+ /** SHA-256 (hex) over the canonical normalized product definition. */
41848
+ declare function computeProductContentHash(definition: ProductContentInput): Promise<string>;
41849
+ interface ProductContentInput {
41850
+ description?: string | null;
41851
+ icon?: string | null;
41852
+ spec?: Record<string, unknown> | null;
41853
+ }
41854
+ /** `defineProduct` input: identity (name) + the convergeable content fields. */
41855
+ interface DefineProductInput {
41856
+ name: string;
41857
+ description?: string | null;
41858
+ icon?: string | null;
41859
+ spec?: Record<string, unknown> | null;
41860
+ }
41861
+ /** The canonical (wire) definition produced by `defineProduct`. */
41862
+ interface ProductDefinition {
41863
+ name: string;
41864
+ description?: string | null;
41865
+ icon?: string | null;
41866
+ spec?: Record<string, unknown> | null;
41867
+ }
41868
+ /**
41869
+ * Pure-local declarative constructor for a product definition. No I/O.
41870
+ * Validates structure and rejects unknown fields. Deep validation (spec shape)
41871
+ * happens server-side at ensure time, mirroring the create/update routes.
41872
+ *
41873
+ * @example
41874
+ * ```typescript
41875
+ * const product = defineProduct({
41876
+ * name: 'Support Copilot',
41877
+ * description: 'An AI support assistant',
41878
+ * icon: '🤖',
41879
+ * spec: { productGoal: 'Deflect tier-1 tickets', productStage: 'beta' },
41880
+ * })
41881
+ * ```
41882
+ */
41883
+ declare function defineProduct(input: DefineProductInput): ProductDefinition;
41884
+ interface EnsureProductOptions {
41885
+ /** Plan without writing (the CI drift gate). Sends the full definition. */
41886
+ dryRun?: boolean;
41887
+ /**
41888
+ * What to do when the product's last write came from the dashboard/API
41889
+ * rather than ensure. Default 'error' (HTTP 409 → ProductEnsureConflictError).
41890
+ */
41891
+ onConflict?: 'error' | 'overwrite';
41892
+ /**
41893
+ * TOCTOU guard binding a dry run to its apply: the write only proceeds if
41894
+ * the remote still hashes to this value (409 remote_changed otherwise).
41895
+ */
41896
+ expectedRemoteHash?: string;
41897
+ /** Implies dryRun; throws ProductDriftError unless the plan is 'none'. */
41898
+ expectNoChanges?: boolean;
41899
+ }
41900
+ interface EnsureProductConverged {
41901
+ result: 'unchanged' | 'created' | 'updated';
41902
+ productId: string;
41903
+ /** The server-computed canonical hash (echo this — never your own). */
41904
+ contentHash: string;
41905
+ }
41906
+ interface EnsureProductPlan {
41907
+ result: 'plan';
41908
+ changes: 'none' | 'create' | 'update';
41909
+ changedKeys: string[];
41910
+ contentHash: string;
41911
+ remoteHash?: string;
41912
+ productId?: string;
41913
+ }
41914
+ type EnsureProductResult = EnsureProductConverged | EnsureProductPlan;
41915
+ interface ProductPullResult {
41916
+ productId: string;
41917
+ definition: ProductDefinition;
41918
+ contentHash: string;
41919
+ lastModifiedSource: string | null;
41920
+ updatedAt: string | null;
41921
+ }
41922
+ /** A 409 from the ensure protocol (external_modification or remote_changed). */
41923
+ declare class ProductEnsureConflictError extends Error {
41924
+ readonly code: 'external_modification' | 'remote_changed';
41925
+ readonly lastModifiedSource?: string;
41926
+ readonly modifiedAt?: string | null;
41927
+ readonly currentHash?: string | null;
41928
+ constructor(body: {
41929
+ error?: string;
41930
+ code: 'external_modification' | 'remote_changed';
41931
+ lastModifiedSource?: string;
41932
+ modifiedAt?: string | null;
41933
+ currentHash?: string | null;
41934
+ });
41935
+ }
41936
+ /** Thrown by `ensure(def, { expectNoChanges: true })` when drift is detected. */
41937
+ declare class ProductDriftError extends Error {
41938
+ readonly plan: EnsureProductPlan;
41939
+ constructor(plan: EnsureProductPlan);
41940
+ }
41941
+
41942
+ /**
41943
+ * ProductsNamespace — config-as-code operations for products.
41944
+ *
41945
+ * `products.ensure` is the deploy-time, non-executing converge (create-or-update
41946
+ * a product by name + account scope); `products.pull` is the absorb-drift
41947
+ * direction. Both delegate to the implementation in `products-ensure.ts`.
41948
+ *
41949
+ * SCOPE (v1): the converge covers the top-level product record only
41950
+ * (description, icon, spec). Nested capabilities/surfaces/tools and the
41951
+ * `canvas` UI layout state are not converged.
41952
+ */
41953
+
41954
+ declare class ProductsNamespace {
41955
+ private getClient;
41956
+ constructor(getClient: () => RuntypeClient$1);
41957
+ /**
41958
+ * Idempotently converge a `defineProduct` definition onto the platform.
41959
+ * Hash-first: the steady state is one tiny probe request. Creates or updates
41960
+ * the top-level product record; never deletes. Identity is name + account
41961
+ * scope.
41962
+ *
41963
+ * @example
41964
+ * ```typescript
41965
+ * const product = defineProduct({
41966
+ * name: 'Support Copilot',
41967
+ * description: 'An AI support assistant',
41968
+ * icon: '🤖',
41969
+ * spec: { productGoal: 'Deflect tier-1 tickets', productStage: 'beta' },
41970
+ * })
41971
+ *
41972
+ * // Converge (CI/deploy).
41973
+ * const result = await Runtype.products.ensure(product)
41974
+ *
41975
+ * // PR drift gate.
41976
+ * await Runtype.products.ensure(product, { expectNoChanges: true })
41977
+ * ```
41978
+ */
41979
+ ensure(definition: ProductDefinition, options?: EnsureProductOptions): Promise<EnsureProductResult>;
41980
+ /**
41981
+ * Pull the canonical definition + provenance for a product by name — the
41982
+ * absorb-drift direction of the ensure protocol.
41983
+ */
41984
+ pull(name: string): Promise<ProductPullResult>;
41985
+ }
41986
+
41987
+ /**
41988
+ * Surface config-as-code: `defineSurface`, `surfaces.ensure`, `surfaces.pull`.
41989
+ *
41990
+ * The deploy-time convergence postcondition for product surfaces: "make the
41991
+ * platform's definition of this surface match this object; no-op if it already
41992
+ * does." Surfaces are PRODUCT-scoped: identity is (productId, name) — NOT
41993
+ * account scope. `ensure` never deletes, and renaming a definition orphans the
41994
+ * old surface and creates a new one.
41995
+ *
41996
+ * Wire protocol (POST /v1/products/{id}/surfaces/ensure — APQ-shaped, both APQ
41997
+ * scars fixed):
41998
+ * 1. Hash-only probe `{ name, contentHash }`. A match is
41999
+ * `{ result: 'unchanged' }`; a miss is a NORMAL 200
42000
+ * `{ result: 'definitionRequired' }`, never an error.
42001
+ * 2. On a miss, retry with the full `definition`. The server recomputes the
42002
+ * canonical hash itself and returns it on every response — this SDK echoes
42003
+ * the server's hash (memoized per client instance) rather than trusting
42004
+ * its own serialization.
42005
+ *
42006
+ * Unlike agents/flows, surfaces have NO version snapshots: there is no
42007
+ * `release: 'publish'` option and no `versionId` on the result.
42008
+ *
42009
+ * The content hash is the canonical surface hash (`computeSurfaceContentHash` —
42010
+ * mirrored from `packages/shared/src/utils/surface-content-hash.ts`; this
42011
+ * package is dependency-free by convention) over `{ type, behavior, inbound,
42012
+ * outbound, status, environment }`. `name` is identity, not content, so it is
42013
+ * excluded from the hash.
42014
+ *
42015
+ * See docs/adr/0003-agent-config-as-code-ensure.md for the design rationale.
42016
+ */
42017
+
42018
+ /**
42019
+ * Canonical normalized form of a surface definition (name excluded — identity).
42020
+ * `inbound` / `outbound` are EXCLUDED — they carry sealed secrets that hash
42021
+ * non-deterministically against the stored row. MUST stay in sync with the
42022
+ * canonical copy in @runtypelabs/shared (utils/surface-content-hash.ts).
42023
+ */
42024
+ declare function normalizeSurfaceDefinition(definition: SurfaceContentInput): {
42025
+ type: string;
42026
+ behavior: Record<string, unknown>;
42027
+ status: string;
42028
+ environment: string;
42029
+ };
42030
+ /** SHA-256 (hex) over the canonical normalized surface definition. */
42031
+ declare function computeSurfaceContentHash(definition: SurfaceContentInput): Promise<string>;
42032
+ interface SurfaceContentInput {
42033
+ type: string;
42034
+ behavior?: Record<string, unknown> | null;
42035
+ inbound?: Record<string, unknown> | null;
42036
+ outbound?: Record<string, unknown> | null;
42037
+ status?: string | null;
42038
+ environment?: string | null;
42039
+ }
42040
+ /** The surface types `ensure` accepts (mirrors the server's createSurfaceSchema). */
42041
+ type SurfaceDefinitionType = 'chat' | 'mcp' | 'mcp_code' | 'api' | 'webhook' | 'schedule' | 'a2a' | 'email' | 'slack' | 'sms' | 'imessage' | 'discord' | 'whatsapp' | 'telegram' | 'hosted-page' | 'chrome_extension';
42042
+ type SurfaceDefinitionStatus = 'draft' | 'active' | 'paused';
42043
+ type SurfaceDefinitionEnvironment = 'production' | 'development';
42044
+ /** `defineSurface` input: identity (name) + the convergeable content fields. */
42045
+ interface DefineSurfaceInput {
42046
+ name: string;
42047
+ type: SurfaceDefinitionType;
42048
+ behavior?: Record<string, unknown>;
42049
+ inbound?: Record<string, unknown>;
42050
+ outbound?: Record<string, unknown>;
42051
+ status?: SurfaceDefinitionStatus;
42052
+ environment?: SurfaceDefinitionEnvironment;
42053
+ }
42054
+ /** The canonical (wire) definition produced by `defineSurface`. */
42055
+ interface SurfaceDefinition {
42056
+ name: string;
42057
+ type: SurfaceDefinitionType;
42058
+ behavior?: Record<string, unknown>;
42059
+ inbound?: Record<string, unknown>;
42060
+ outbound?: Record<string, unknown>;
42061
+ status?: SurfaceDefinitionStatus;
42062
+ environment?: SurfaceDefinitionEnvironment;
42063
+ }
42064
+ /**
42065
+ * Pure-local declarative constructor for a surface definition. No I/O.
42066
+ * Validates structure and rejects unknown fields. Deep validation (credential
42067
+ * sealing, prerelease-type-in-production guard) happens server-side at ensure
42068
+ * time, mirroring the create/update routes.
42069
+ *
42070
+ * @example
42071
+ * ```typescript
42072
+ * const chat = defineSurface({
42073
+ * name: 'Support Chat',
42074
+ * type: 'chat',
42075
+ * behavior: { type: 'chat', greeting: 'Hi there!' },
42076
+ * status: 'active',
42077
+ * })
42078
+ * ```
42079
+ */
42080
+ declare function defineSurface(input: DefineSurfaceInput): SurfaceDefinition;
42081
+ interface EnsureSurfaceOptions {
42082
+ /** Plan without writing (the CI drift gate). Sends the full definition. */
42083
+ dryRun?: boolean;
42084
+ /**
42085
+ * What to do when the surface's last write came from the dashboard/API
42086
+ * rather than ensure. Default 'error' (HTTP 409 → SurfaceEnsureConflictError).
42087
+ */
42088
+ onConflict?: 'error' | 'overwrite';
42089
+ /**
42090
+ * TOCTOU guard binding a dry run to its apply: the write only proceeds if
42091
+ * the remote still hashes to this value (409 remote_changed otherwise).
42092
+ */
42093
+ expectedRemoteHash?: string;
42094
+ /** Implies dryRun; throws SurfaceDriftError unless the plan is 'none'. */
42095
+ expectNoChanges?: boolean;
42096
+ }
42097
+ interface EnsureSurfaceConverged {
42098
+ result: 'unchanged' | 'created' | 'updated';
42099
+ surfaceId: string;
42100
+ /** The server-computed canonical hash (echo this — never your own). */
42101
+ contentHash: string;
42102
+ }
42103
+ interface EnsureSurfacePlan {
42104
+ result: 'plan';
42105
+ changes: 'none' | 'create' | 'update';
42106
+ changedKeys: string[];
42107
+ contentHash: string;
42108
+ remoteHash?: string;
42109
+ surfaceId?: string;
42110
+ }
42111
+ type EnsureSurfaceResult = EnsureSurfaceConverged | EnsureSurfacePlan;
42112
+ interface SurfacePullResult {
42113
+ surfaceId: string;
42114
+ definition: SurfaceDefinition;
42115
+ contentHash: string;
42116
+ lastModifiedSource: string | null;
42117
+ updatedAt: string | null;
42118
+ }
42119
+ /** A 409 from the ensure protocol (external_modification or remote_changed). */
42120
+ declare class SurfaceEnsureConflictError extends Error {
42121
+ readonly code: 'external_modification' | 'remote_changed';
42122
+ readonly lastModifiedSource?: string;
42123
+ readonly modifiedAt?: string | null;
42124
+ readonly currentHash?: string | null;
42125
+ constructor(body: {
42126
+ error?: string;
42127
+ code: 'external_modification' | 'remote_changed';
42128
+ lastModifiedSource?: string;
42129
+ modifiedAt?: string | null;
42130
+ currentHash?: string | null;
42131
+ });
42132
+ }
42133
+ /** Thrown by `ensure(def, { expectNoChanges: true })` when drift is detected. */
42134
+ declare class SurfaceDriftError extends Error {
42135
+ readonly plan: EnsureSurfacePlan;
42136
+ constructor(plan: EnsureSurfacePlan);
42137
+ }
42138
+
42139
+ /**
42140
+ * SurfacesNamespace — config-as-code operations for product surfaces.
42141
+ *
42142
+ * `surfaces.ensure` is the deploy-time, non-executing converge (create-or-update
42143
+ * a surface by name within a product); `surfaces.pull` is the absorb-drift
42144
+ * direction. Both delegate to the implementation in `surfaces-ensure.ts`.
42145
+ *
42146
+ * Surfaces are PRODUCT-scoped: every operation takes the owning `productId`.
42147
+ */
42148
+
42149
+ declare class SurfacesNamespace {
42150
+ private getClient;
42151
+ constructor(getClient: () => RuntypeClient$1);
42152
+ /**
42153
+ * Idempotently converge a `defineSurface` definition onto a product.
42154
+ * Hash-first: the steady state is one tiny probe request. Creates or updates
42155
+ * the surface; never deletes. Identity is name + product.
42156
+ *
42157
+ * @example
42158
+ * ```typescript
42159
+ * const chat = defineSurface({
42160
+ * name: 'Support Chat',
42161
+ * type: 'chat',
42162
+ * behavior: { type: 'chat', greeting: 'Hi there!' },
42163
+ * status: 'active',
42164
+ * })
42165
+ *
42166
+ * // Converge (CI/deploy).
42167
+ * const result = await Runtype.surfaces.ensure('product_abc', chat)
42168
+ *
42169
+ * // PR drift gate.
42170
+ * await Runtype.surfaces.ensure('product_abc', chat, { expectNoChanges: true })
42171
+ * ```
42172
+ */
42173
+ ensure(productId: string, definition: SurfaceDefinition, options?: EnsureSurfaceOptions): Promise<EnsureSurfaceResult>;
42174
+ /**
42175
+ * Pull the canonical definition + provenance for a surface by name within a
42176
+ * product — the absorb-drift direction of the ensure protocol.
42177
+ */
42178
+ pull(productId: string, name: string): Promise<SurfacePullResult>;
42179
+ }
42180
+
40539
42181
  /**
40540
42182
  * Runtype - The unified SDK client for building and executing flows, batches, evals, and prompts
40541
42183
  *
@@ -40837,6 +42479,62 @@ declare class Runtype {
40837
42479
  * ```
40838
42480
  */
40839
42481
  static get tools(): ToolsNamespace;
42482
+ /**
42483
+ * Products namespace - Product config-as-code (define / ensure / pull)
42484
+ *
42485
+ * Converges the top-level product record (description, icon, spec). Nested
42486
+ * capabilities/surfaces/tools and the canvas UI layout state are not
42487
+ * converged by ensure.
42488
+ *
42489
+ * @example
42490
+ * ```typescript
42491
+ * import { defineProduct, Runtype } from '@runtypelabs/sdk'
42492
+ *
42493
+ * const product = defineProduct({
42494
+ * name: 'Support Copilot',
42495
+ * description: 'An AI support assistant',
42496
+ * icon: '🤖',
42497
+ * spec: { productGoal: 'Deflect tier-1 tickets', productStage: 'beta' },
42498
+ * })
42499
+ *
42500
+ * // Converge at deploy time (idempotent; one tiny probe in steady state)
42501
+ * await Runtype.products.ensure(product)
42502
+ *
42503
+ * // CI drift gate
42504
+ * await Runtype.products.ensure(product, { expectNoChanges: true })
42505
+ *
42506
+ * // Absorb a dashboard edit back into the repo
42507
+ * const { definition } = await Runtype.products.pull('Support Copilot')
42508
+ * ```
42509
+ */
42510
+ static get products(): ProductsNamespace;
42511
+ /**
42512
+ * Config-as-code operations for product surfaces. `surfaces.ensure` is the
42513
+ * deploy-time, non-executing converge (create-or-update a surface by name
42514
+ * within a product); `surfaces.pull` is the absorb-drift direction.
42515
+ *
42516
+ * @example
42517
+ * ```typescript
42518
+ * import { Runtype, defineSurface } from '@runtypelabs/sdk'
42519
+ *
42520
+ * const chat = defineSurface({
42521
+ * name: 'Support Chat',
42522
+ * type: 'chat',
42523
+ * behavior: { type: 'chat', greeting: 'Hi there!' },
42524
+ * status: 'active',
42525
+ * })
42526
+ *
42527
+ * // Converge at deploy time (idempotent; one tiny probe in steady state)
42528
+ * await Runtype.surfaces.ensure('product_abc', chat)
42529
+ *
42530
+ * // CI drift gate
42531
+ * await Runtype.surfaces.ensure('product_abc', chat, { expectNoChanges: true })
42532
+ *
42533
+ * // Absorb a dashboard edit back into the repo
42534
+ * const { definition } = await Runtype.surfaces.pull('product_abc', 'Support Chat')
42535
+ * ```
42536
+ */
42537
+ static get surfaces(): SurfacesNamespace;
40840
42538
  }
40841
42539
 
40842
42540
  /**
@@ -43537,6 +45235,45 @@ interface UpdateAppRequest {
43537
45235
  visibility?: 'public' | 'unlisted';
43538
45236
  status?: 'active' | 'suspended';
43539
45237
  }
45238
+ /**
45239
+ * Tool approval grant (cross-session "Always allow") returned by the grants
45240
+ * API. A null `endUserRef` is an account-level grant.
45241
+ */
45242
+ interface ToolApprovalGrant {
45243
+ id: string;
45244
+ agentId: string;
45245
+ endUserRef: string | null;
45246
+ toolType: string;
45247
+ toolName: string;
45248
+ decision: string;
45249
+ sourceExecutionId: string | null;
45250
+ sourceApprovalId: string | null;
45251
+ createdAt: string;
45252
+ expiresAt: string | null;
45253
+ }
45254
+ /**
45255
+ * Tool Approval Grants API
45256
+ *
45257
+ * Manage cross-session "Always allow" tool-approval grants: list the
45258
+ * authenticated owner's remembered approvals and revoke them so the tool
45259
+ * prompts for approval again on future dispatches.
45260
+ */
45261
+ declare class ToolApprovalGrantsEndpoint {
45262
+ private client;
45263
+ constructor(client: ApiClient);
45264
+ /**
45265
+ * List active remembered tool-approval grants for the authenticated owner,
45266
+ * optionally filtered to a single agent.
45267
+ */
45268
+ list(agentId?: string): Promise<ToolApprovalGrant[]>;
45269
+ /**
45270
+ * Revoke (soft-delete) a remembered grant so the tool prompts for approval
45271
+ * again on future dispatches.
45272
+ */
45273
+ revoke(id: string): Promise<{
45274
+ revoked: boolean;
45275
+ }>;
45276
+ }
43540
45277
  /**
43541
45278
  * Apps endpoint handlers — Runtype Apps are hosted AI apps served at
43542
45279
  * {slug}-{shortId}.runtype.run. Deploy = upload a version (zip), then
@@ -43667,6 +45404,7 @@ declare class RuntypeClient implements ApiClient {
43667
45404
  flowVersions: FlowVersionsEndpoint;
43668
45405
  integrations: IntegrationsEndpoint;
43669
45406
  billing: BillingEndpoint;
45407
+ toolApprovalGrants: ToolApprovalGrantsEndpoint;
43670
45408
  constructor(config?: ClientConfig);
43671
45409
  /**
43672
45410
  * Set the API key for authentication
@@ -45235,4 +46973,4 @@ declare function getLikelySupportingCandidatePaths(bestCandidatePath: string | u
45235
46973
  declare function getDefaultPlanPath(taskName: string): string;
45236
46974
  declare function sanitizeTaskSlug(taskName: string): string;
45237
46975
 
45238
- export { type Agent, type AgentApprovalCompleteEvent, type AgentApprovalStartEvent, type AgentCompleteEvent, type AgentDefinition, type AgentDefinitionConfig, AgentDriftError, AgentEnsureConflictError, type AgentErrorEvent, type AgentEvent, type AgentEventType, type AgentExecuteRequest, type AgentExecuteResponse, type AgentIterationCompleteEvent, type AgentIterationStartEvent, type AgentMediaEvent, type AgentMessage, type AgentPausedEvent, type AgentPingEvent, type AgentPullResult, type AgentReflectionEvent, type AgentRuntimeToolDefinition, type AgentStartEvent, type AgentStreamCallbacks, type AgentStreamEvent, type AgentSubagentConfig, type AgentToolCompleteEvent, type AgentToolDeltaEvent, type AgentToolInputCompleteEvent, type AgentToolInputDeltaEvent, type AgentToolStartEvent, type AgentTurnCompleteEvent, type AgentTurnDeltaEvent, type AgentTurnStartEvent, type AgentVersionDetail, type AgentVersionListItem, type AgentVersionPublishResponse, AgentVersionsEndpoint, type AgentVersionsListResponse, AgentsEndpoint, AgentsNamespace, AnalyticsEndpoint, type ApiClient, type ApiKey, ApiKeysEndpoint, type ApiResponse, type App, type AppManifest, type AppVersion, type ApplyGeneratedProposalOptions, type ApplyGeneratedProposalResult, AppsEndpoint, type AssetReferenceContentPart, type AttachRuntimeToolsOptions, type BaseAgentEvent, BatchBuilder, type BatchClient, type BatchListParams, type BatchOptions, type BatchRequest, type BatchResult, type BatchScheduleConfig, type BatchStatus, BatchesNamespace, BillingEndpoint, type BillingSpendAnalyticsParams, type BindSkillInput, type BuiltInTool, type BulkEditCondition, type BulkEditRequest, type BulkEditResponse, type BulkEditResult, ChatEndpoint, ClientBatchBuilder, type ClientConfig, type ClientConversation, ClientEvalBuilder, ClientFlowBuilder, type ClientToken, type ClientTokenConfig, type ClientTokenEnvironment, type ClientTokenVersionPin, ClientTokensEndpoint, type ClientToolDefinition, type ClientWidgetTheme, type ConditionalStepConfig$1 as ConditionalStepConfig, type ContextErrorHandling, type ContextFallback, ContextTemplatesEndpoint, type Conversation, type ConversationListItem, type ConversationListParams, type ConversationMessage, type ConversationSource, ConversationsEndpoint, type ConversationsListResponse, type CreateApiKeyRequest, type CreateAppRequest, type CreateClientTokenRequest, type CreateClientTokenResponse, type CreateConversationRequest, type CreateFlowRequest, type CreateModelConfigRequest, type CreatePromptData, type CreatePromptRequest, type CreateProviderKeyRequest, type CreateRecordRequest, type CreateScheduleRequest, type CreateSecretRequest, type CreateToolRequest, type CustomMCPServer, type CustomMCPServerAuth, type CustomToolConfig, DEFAULT_RECOVERY_AFTER_EMPTY_SESSIONS, DEFAULT_STALL_STOP_AFTER, type DefineAgentInput, type DefineFlowInput, type DefineToolInput, type DeployCfSandboxRequest, type DeployCfSandboxResponse, type DeploySandboxRequest, type DeploySandboxResponse, type DiscoveredModel, type DispatchClient, DispatchEndpoint, type DispatchEnvironment, type DispatchEvent, type DispatchOptions$1 as DispatchOptions, type DispatchRequest, type EnsureAgentConverged, type EnsureAgentOptions, type EnsureAgentPlan, type EnsureAgentResult, type EnsureFlowConverged, type EnsureFlowOptions, type EnsureFlowPlan, type EnsureFlowResult, type EnsureToolConverged, type EnsureToolOptions, type EnsureToolPlan, type EnsureToolResult, type ErrorHandlingMode, EvalBuilder, type EvalClient, EvalEndpoint, type EvalListParams, type EvalOptions, type EvalRecord, type EvalRequest, type EvalResult, type EvalRunConfig, EvalRunner, type EvalStatus, EvalsNamespace, type ExecuteToolRequest, type ExecuteToolResponse, type ExternalAgentContext, type ExternalToolConfig, type FallbackFailEvent, type FallbackStartEvent, type FallbackSuccessEvent, type FallbackTrigger, type FallbackTriggerType, type FallbacksExhaustedEvent, type FallbacksInitiatedEvent, type FetchGitHubStepConfig$1 as FetchGitHubStepConfig, type FetchUrlStepConfig$1 as FetchUrlStepConfig, type FieldFormat, type FileContentPart, type Flow, type FlowAttachment, FlowBuilder, type FlowCompleteEvent, type FlowConfig$1 as FlowConfig, type FlowDefinition, type FlowDefinitionStep, FlowDriftError, FlowEnsureConflictError, type FlowErrorEvent, type FlowFallback, type FlowListItem, type FlowPausedEvent, type FlowPullResult, FlowResult, type FlowStartEvent, type FlowStep, type FlowStepDefinition, type FlowStepType, FlowStepsEndpoint, type FlowStreamEvent, type FlowSummary, type FlowToolConfig, type FlowValidationClient, type FlowValidationIssue, type FlowValidationResult, type FlowVersionDetail, type FlowVersionListItem, type FlowVersionPublishResponse, FlowVersionsEndpoint, type FlowVersionsListResponse, FlowsEndpoint, FlowsNamespace, type GenerateEmbeddingStepConfig$1 as GenerateEmbeddingStepConfig, type GeneratedRuntimeToolGateDecision, type GeneratedRuntimeToolGateOptions, type ImageContentPart, type Integration, type IntegrationTool, IntegrationsEndpoint, type IntegrationsListResponse, type JSONSchema, type JsonArray, type JsonObject, type JsonPrimitive, type JsonValue, LEDGER_ARTIFACT_LINE_PREFIX, type ListConversationsResponse, type ListParams, type LocalToolConfig, type LocalToolDefinition, type LocalToolExecutionCompleteEvent, type LocalToolExecutionLoopSnapshotSlice, type LocalToolExecutionStartEvent, type LogEntry, type LogQueryParams, type LogQueryResponse, type LogQueryResult, type LogStatsParams, type LogStatsResponse, type LogStatsResult, LogsEndpoint, type Message$1 as Message, type MessageContent, type MessageFallback, type Metadata, type ModelConfig, ModelConfigsEndpoint, type ModelFallback, type ModelOverride, type ModelUsageDetail, type ModelUsageQueryParams, type ModelUsageResponse, type ModelUsageSummary, type ModelUsageTimeSeries, type PaginationResponse, type Prompt$1 as Prompt, type PromptErrorHandling, type PromptFallback, type PromptListParams, type PromptRunOptions, PromptRunner, type PromptStepConfig$1 as PromptStepConfig, PromptsEndpoint, PromptsNamespace, type ProviderApiKey, type ProviderKeyModel, ProviderKeysEndpoint, type ReasoningConfig, type ReasoningContentPart, type ReasoningValue, type RecordConfig$1 as RecordConfig, type RecordCostAggregation, type RecordCostModelBreakdown, type RecordFilter, type RecordFilterCondition, type RecordFilterGroup, type RecordFilterOperator, type RecordListItem, type RecordListParams, type RecordStepResult, type RecordStepResultsParams, type RecordStepResultsResponse, type RecordWriteResponse, RecordsEndpoint, type RetrieveRecordStepConfig$1 as RetrieveRecordStepConfig, type RetryFallback, type RunTaskContextBudgetBreakdown, type RunTaskContextCompactionEvent, type RunTaskContextCompactionStrategy, type RunTaskContextNoticeEvent, type RunTaskContextSummaryEntry, type RunTaskContinuation, type RunTaskOffloadRecorder, type RunTaskOnContextCompaction, type RunTaskOnContextNotice, type RunTaskOnSession, type RunTaskOptions, type RunTaskResult, type RunTaskResumeState, type RunTaskSessionSummary, type RunTaskState, type RunTaskStateSlice, type RunTaskStatus, type RunTaskToolTraceSlice, type RuntimeCustomToolConfig, type RuntimeExternalToolConfig, type RuntimeFlowToolConfig, type RuntimeLocalToolConfig, type RuntimeSubagentToolConfig, type RuntimeTool, type RuntimeToolConfig, Runtype, type AgentSkillBinding as RuntypeAgentSkillBinding, RuntypeApiError, RuntypeClient, type ConditionalStepConfig as RuntypeConditionalStepConfig, type RuntypeConfig, type FetchGitHubStepConfig as RuntypeFetchGitHubStepConfig, type FetchUrlStepConfig as RuntypeFetchUrlStepConfig, RuntypeFlowBuilder, type FlowConfig as RuntypeFlowConfig, type GenerateEmbeddingStepConfig as RuntypeGenerateEmbeddingStepConfig, type Message as RuntypeMessage, type ModelOverride$1 as RuntypeModelOverride, type Prompt as RuntypePrompt, type PromptStepConfig as RuntypePromptStepConfig, type RuntypeRecord, type RecordConfig as RuntypeRecordConfig, type RetrieveRecordStepConfig as RuntypeRetrieveRecordStepConfig, type SearchStepConfig as RuntypeSearchStepConfig, type SendEmailStepConfig as RuntypeSendEmailStepConfig, type SendEventStepConfig as RuntypeSendEventStepConfig, type SendStreamStepConfig as RuntypeSendStreamStepConfig, type SendTextStepConfig as RuntypeSendTextStepConfig, type SetVariableStepConfig as RuntypeSetVariableStepConfig, type Skill as RuntypeSkill, type SkillCapabilities as RuntypeSkillCapabilities, type SkillFrontmatter as RuntypeSkillFrontmatter, type SkillManifest as RuntypeSkillManifest, type SkillProposal as RuntypeSkillProposal, type SkillRuntypeExtensions as RuntypeSkillRuntypeExtensions, type SkillVersion as RuntypeSkillVersion, type TransformDataStepConfig as RuntypeTransformDataStepConfig, type UpsertFlowConfig as RuntypeUpsertFlowConfig, type UpsertRecordStepConfig as RuntypeUpsertRecordStepConfig, type VectorSearchStepConfig as RuntypeVectorSearchStepConfig, type WaitUntilStepConfig as RuntypeWaitUntilStepConfig, STEP_FIELD_REGISTRY, STEP_TYPE_TO_METHOD, type Schedule, type ScheduleExecutionOptions, type ScheduleListParams, type ScheduleMessage, type ScheduleMessageSet, type ScheduleMessages, type ScheduleMutationResponse, type ScheduleRun, type ScheduleRunNowResponse, type ScheduleStatusResponse, type ScheduleTarget, type ScheduleTrigger, SchedulesEndpoint, type SearchStepConfig$1 as SearchStepConfig, type Secret, type SecretCheckResponse, type SecretDeleteResponse, type SecretSetupUrlRequest, type SecretSetupUrlResponse, SecretsEndpoint, type SendEmailStepConfig$1 as SendEmailStepConfig, type SendEventStepConfig$1 as SendEventStepConfig, type SendStreamStepConfig$1 as SendStreamStepConfig, type SendTextStepConfig$1 as SendTextStepConfig, type SetVariableStepConfig$1 as SetVariableStepConfig, type SkillListPage, type SkillListPagination, type SkillListParams, type SkillManifestInput, type SkillMarkdownInput, type SkillOrigin, type SkillProposalStatus, SkillProposalsNamespace, type SkillStatus, type SkillTrustLevel, type SkillVersionStatus, type SkillWithVersion, type SkillWriteInput, SkillsNamespace, type SlackInstallRequest, type StepCompleteEvent, type StepDeltaEvent, type StepFallback, type StepFieldMeta, type StepStartEvent, type StepWaitingLocalEvent, type StreamCallbacks, type StreamEvent, type StreamEventOf, type SubagentToolConfig, type Surface, type SurfaceListParams, SurfacesEndpoint, type TextContentPart, type Tool, type ToolConfig, type ToolDefinition, type ToolDefinitionType, ToolDriftError, ToolEnsureConflictError, type ToolPullResult, type ToolWithValidation, type ToolsConfig, ToolsEndpoint, ToolsNamespace, type TransformDataStepConfig$1 as TransformDataStepConfig, type UpdateAppRequest, type UpdateClientTokenRequest, type UpdateConversationRequest, type UpdatePromptData, type UpdateProviderKeyRequest, type UpdateScheduleRequest, type UpdateSecretRequest, type UpdateToolRequest, type UpdatedFlow, type UpsertFlowConfig$1 as UpsertFlowConfig, type UpsertOptions, type UpsertRecordStepConfig$1 as UpsertRecordStepConfig, type UserProfile, UsersEndpoint, type VectorSearchStepConfig$1 as VectorSearchStepConfig, type VersionType, type WaitUntilStepConfig$1 as WaitUntilStepConfig, type WorkflowCompileDeps, type WorkflowCompletionCriteriaConfig, type WorkflowConfig, type WorkflowConfigFactory, type WorkflowContext, type WorkflowDefinition, type WorkflowHookEntry, type WorkflowHookKind, type WorkflowHookRef, type WorkflowHookSignatures, type WorkflowMilestoneConfig, type WorkflowPhase, type WorkflowPolicyConfig, type WorkflowRecoveryConfig, type WorkflowSlot, type WorkflowStallPolicy, applyGeneratedRuntimeToolProposalToDispatchRequest, attachRuntimeToolsToDispatchRequest, buildEmptySessionNudge, buildGeneratedRuntimeToolGateOutput, buildLedgerOffloadReference, buildPolicyGuidance, buildSendViewOffloadMarker, compileWorkflowConfig, computeAgentContentHash, computeFlowContentHash, computeToolContentHash, createClient, createExternalTool, defaultWorkflow, defaultWorkflowConfig, defineAgent, defineFlow, definePlaybook, defineTool, deployWorkflow, ensureDefaultWorkflowHooks, evaluateGeneratedRuntimeToolProposal, extractDeclaredToolResultChars, gameWorkflow, getDefaultPlanPath, getLikelySupportingCandidatePaths, interpolateWorkflowTemplate, isDiscoveryToolName, isMarathonArtifactPath, isPreservationSensitiveTask, isWorkflowHookRef, listWorkflowHooks, normalizeAgentDefinition, normalizeCandidatePath, normalizeToolDefinition, parseFinalBuffer, parseLedgerArtifactRelativePath, parseOffloadedOutputId, parseSSEChunk, processStream, registerWorkflowHook, resolveStallStopAfter, resolveWorkflowHook, sanitizeTaskSlug, shouldInjectEmptySessionNudge, shouldRequestModelEscalation, streamEvents, unregisterWorkflowHook };
46976
+ export { type Agent, type AgentApprovalCompleteEvent, type AgentApprovalStartEvent, type AgentCompleteEvent, type AgentDefinition, type AgentDefinitionConfig, AgentDriftError, AgentEnsureConflictError, type AgentErrorEvent, type AgentEvent, type AgentEventType, type AgentExecuteRequest, type AgentExecuteResponse, type AgentIterationCompleteEvent, type AgentIterationStartEvent, type AgentMediaEvent, type AgentMessage, type AgentPausedEvent, type AgentPingEvent, type AgentPullResult, type AgentReflectionEvent, type AgentRuntimeToolDefinition, type AgentStartEvent, type AgentStreamCallbacks, type AgentStreamEvent, type AgentSubagentConfig, type AgentToolCompleteEvent, type AgentToolDeltaEvent, type AgentToolInputCompleteEvent, type AgentToolInputDeltaEvent, type AgentToolStartEvent, type AgentTurnCompleteEvent, type AgentTurnDeltaEvent, type AgentTurnStartEvent, type AgentVersionDetail, type AgentVersionListItem, type AgentVersionPublishResponse, AgentVersionsEndpoint, type AgentVersionsListResponse, AgentsEndpoint, AgentsNamespace, AnalyticsEndpoint, type ApiClient, type ApiKey, ApiKeysEndpoint, type ApiResponse, type App, type AppManifest, type AppVersion, type ApplyGeneratedProposalOptions, type ApplyGeneratedProposalResult, AppsEndpoint, type AssetReferenceContentPart, type AttachRuntimeToolsOptions, type BaseAgentEvent, BatchBuilder, type BatchClient, type BatchListParams, type BatchOptions, type BatchRequest, type BatchResult, type BatchScheduleConfig, type BatchStatus, BatchesNamespace, BillingEndpoint, type BillingSpendAnalyticsParams, type BindSkillInput, type BuiltInTool, type BulkEditCondition, type BulkEditRequest, type BulkEditResponse, type BulkEditResult, ChatEndpoint, ClientBatchBuilder, type ClientConfig, type ClientConversation, ClientEvalBuilder, ClientFlowBuilder, type ClientToken, type ClientTokenConfig, type ClientTokenEnvironment, type ClientTokenVersionPin, ClientTokensEndpoint, type ClientToolDefinition, type ClientWidgetTheme, type ConditionalStepConfig$1 as ConditionalStepConfig, type ContextErrorHandling, type ContextFallback, ContextTemplatesEndpoint, type Conversation, type ConversationListItem, type ConversationListParams, type ConversationMessage, type ConversationSource, ConversationsEndpoint, type ConversationsListResponse, type CreateApiKeyRequest, type CreateAppRequest, type CreateClientTokenRequest, type CreateClientTokenResponse, type CreateConversationRequest, type CreateFlowRequest, type CreateModelConfigRequest, type CreatePromptData, type CreatePromptRequest, type CreateProviderKeyRequest, type CreateRecordRequest, type CreateScheduleRequest, type CreateSecretRequest, type CreateToolRequest, type CustomMCPServer, type CustomMCPServerAuth, type CustomToolConfig, DEFAULT_RECOVERY_AFTER_EMPTY_SESSIONS, DEFAULT_STALL_STOP_AFTER, type DefineAgentInput, type DefineFlowInput, type DefineProductInput, type DefineSkillInput, type DefineSurfaceInput, type DefineToolInput, type DeployCfSandboxRequest, type DeployCfSandboxResponse, type DeploySandboxRequest, type DeploySandboxResponse, type DiscoveredModel, type DispatchClient, DispatchEndpoint, type DispatchEnvironment, type DispatchEvent, type DispatchOptions$1 as DispatchOptions, type DispatchRequest, type EnsureAgentConverged, type EnsureAgentOptions, type EnsureAgentPlan, type EnsureAgentResult, type EnsureFlowConverged, type EnsureFlowOptions, type EnsureFlowPlan, type EnsureFlowResult, type EnsureProductConverged, type EnsureProductOptions, type EnsureProductPlan, type EnsureProductResult, type EnsureSkillConverged, type EnsureSkillOptions, type EnsureSkillPlan, type EnsureSkillResult, type EnsureSurfaceConverged, type EnsureSurfaceOptions, type EnsureSurfacePlan, type EnsureSurfaceResult, type EnsureToolConverged, type EnsureToolOptions, type EnsureToolPlan, type EnsureToolResult, type ErrorHandlingMode, EvalBuilder, type EvalClient, EvalEndpoint, type EvalListParams, type EvalOptions, type EvalRecord, type EvalRequest, type EvalResult, type EvalRunConfig, EvalRunner, type EvalStatus, EvalsNamespace, type ExecuteToolRequest, type ExecuteToolResponse, type ExternalAgentContext, type ExternalToolConfig, type FallbackFailEvent, type FallbackStartEvent, type FallbackSuccessEvent, type FallbackTrigger, type FallbackTriggerType, type FallbacksExhaustedEvent, type FallbacksInitiatedEvent, type FetchGitHubStepConfig$1 as FetchGitHubStepConfig, type FetchUrlStepConfig$1 as FetchUrlStepConfig, type FieldFormat, type FileContentPart, type Flow, type FlowAttachment, FlowBuilder, type FlowCompleteEvent, type FlowConfig$1 as FlowConfig, type FlowDefinition, type FlowDefinitionStep, FlowDriftError, FlowEnsureConflictError, type FlowErrorEvent, type FlowFallback, type FlowListItem, type FlowPausedEvent, type FlowPullResult, FlowResult, type FlowStartEvent, type FlowStep, type FlowStepDefinition, type FlowStepType, FlowStepsEndpoint, type FlowStreamEvent, type FlowSummary, type FlowToolConfig, type FlowValidationClient, type FlowValidationIssue, type FlowValidationResult, type FlowVersionDetail, type FlowVersionListItem, type FlowVersionPublishResponse, FlowVersionsEndpoint, type FlowVersionsListResponse, FlowsEndpoint, FlowsNamespace, type GenerateEmbeddingStepConfig$1 as GenerateEmbeddingStepConfig, type GeneratedRuntimeToolGateDecision, type GeneratedRuntimeToolGateOptions, type ImageContentPart, type Integration, type IntegrationTool, IntegrationsEndpoint, type IntegrationsListResponse, type JSONSchema, type JsonArray, type JsonObject, type JsonPrimitive, type JsonValue, LEDGER_ARTIFACT_LINE_PREFIX, type ListConversationsResponse, type ListParams, type LocalToolConfig, type LocalToolDefinition, type LocalToolExecutionCompleteEvent, type LocalToolExecutionLoopSnapshotSlice, type LocalToolExecutionStartEvent, type LogEntry, type LogQueryParams, type LogQueryResponse, type LogQueryResult, type LogStatsParams, type LogStatsResponse, type LogStatsResult, LogsEndpoint, type Message$1 as Message, type MessageContent, type MessageFallback, type Metadata, type ModelConfig, ModelConfigsEndpoint, type ModelFallback, type ModelOverride, type ModelUsageDetail, type ModelUsageQueryParams, type ModelUsageResponse, type ModelUsageSummary, type ModelUsageTimeSeries, type PaginationResponse, type ProductDefinition, ProductDriftError, ProductEnsureConflictError, type ProductPullResult, ProductsNamespace, type Prompt$1 as Prompt, type PromptErrorHandling, type PromptFallback, type PromptListParams, type PromptRunOptions, PromptRunner, type PromptStepConfig$1 as PromptStepConfig, PromptsEndpoint, PromptsNamespace, type ProviderApiKey, type ProviderKeyModel, ProviderKeysEndpoint, type ReasoningConfig, type ReasoningContentPart, type ReasoningValue, type RecordConfig$1 as RecordConfig, type RecordCostAggregation, type RecordCostModelBreakdown, type RecordFilter, type RecordFilterCondition, type RecordFilterGroup, type RecordFilterOperator, type RecordListItem, type RecordListParams, type RecordStepResult, type RecordStepResultsParams, type RecordStepResultsResponse, type RecordWriteResponse, RecordsEndpoint, type RetrieveRecordStepConfig$1 as RetrieveRecordStepConfig, type RetryFallback, type RunTaskContextBudgetBreakdown, type RunTaskContextCompactionEvent, type RunTaskContextCompactionStrategy, type RunTaskContextNoticeEvent, type RunTaskContextSummaryEntry, type RunTaskContinuation, type RunTaskOffloadRecorder, type RunTaskOnContextCompaction, type RunTaskOnContextNotice, type RunTaskOnSession, type RunTaskOptions, type RunTaskResult, type RunTaskResumeState, type RunTaskSessionSummary, type RunTaskState, type RunTaskStateSlice, type RunTaskStatus, type RunTaskToolTraceSlice, type RuntimeCustomToolConfig, type RuntimeExternalToolConfig, type RuntimeFlowToolConfig, type RuntimeLocalToolConfig, type RuntimeSubagentToolConfig, type RuntimeTool, type RuntimeToolConfig, Runtype, type AgentSkillBinding as RuntypeAgentSkillBinding, RuntypeApiError, RuntypeClient, type ConditionalStepConfig as RuntypeConditionalStepConfig, type RuntypeConfig, type FetchGitHubStepConfig as RuntypeFetchGitHubStepConfig, type FetchUrlStepConfig as RuntypeFetchUrlStepConfig, RuntypeFlowBuilder, type FlowConfig as RuntypeFlowConfig, type GenerateEmbeddingStepConfig as RuntypeGenerateEmbeddingStepConfig, type Message as RuntypeMessage, type ModelOverride$1 as RuntypeModelOverride, type Prompt as RuntypePrompt, type PromptStepConfig as RuntypePromptStepConfig, type RuntypeRecord, type RecordConfig as RuntypeRecordConfig, type RetrieveRecordStepConfig as RuntypeRetrieveRecordStepConfig, type SearchStepConfig as RuntypeSearchStepConfig, type SendEmailStepConfig as RuntypeSendEmailStepConfig, type SendEventStepConfig as RuntypeSendEventStepConfig, type SendStreamStepConfig as RuntypeSendStreamStepConfig, type SendTextStepConfig as RuntypeSendTextStepConfig, type SetVariableStepConfig as RuntypeSetVariableStepConfig, type Skill as RuntypeSkill, type SkillCapabilities as RuntypeSkillCapabilities, type SkillFrontmatter as RuntypeSkillFrontmatter, type SkillManifest as RuntypeSkillManifest, type SkillProposal as RuntypeSkillProposal, type SkillRuntypeExtensions as RuntypeSkillRuntypeExtensions, type SkillScanFinding as RuntypeSkillScanFinding, type SkillScanResult as RuntypeSkillScanResult, type SkillScanVerdict as RuntypeSkillScanVerdict, type SkillVersion as RuntypeSkillVersion, type TransformDataStepConfig as RuntypeTransformDataStepConfig, type UpsertFlowConfig as RuntypeUpsertFlowConfig, type UpsertRecordStepConfig as RuntypeUpsertRecordStepConfig, type VectorSearchStepConfig as RuntypeVectorSearchStepConfig, type WaitUntilStepConfig as RuntypeWaitUntilStepConfig, STEP_FIELD_REGISTRY, STEP_TYPE_TO_METHOD, type Schedule, type ScheduleExecutionOptions, type ScheduleListParams, type ScheduleMessage, type ScheduleMessageSet, type ScheduleMessages, type ScheduleMutationResponse, type ScheduleRun, type ScheduleRunNowResponse, type ScheduleStatusResponse, type ScheduleTarget, type ScheduleTrigger, SchedulesEndpoint, type SearchStepConfig$1 as SearchStepConfig, type Secret, type SecretCheckResponse, type SecretDeleteResponse, type SecretSetupUrlRequest, type SecretSetupUrlResponse, SecretsEndpoint, type SendEmailStepConfig$1 as SendEmailStepConfig, type SendEventStepConfig$1 as SendEventStepConfig, type SendStreamStepConfig$1 as SendStreamStepConfig, type SendTextStepConfig$1 as SendTextStepConfig, type SetVariableStepConfig$1 as SetVariableStepConfig, type SkillDefinition, SkillDriftError, SkillEnsureConflictError, type SkillListPage, type SkillListPagination, type SkillListParams, type SkillManifestInput, type SkillMarkdownInput, type SkillOrigin, type SkillProposalStatus, SkillProposalsNamespace, type SkillPullResult, type SkillStatus, type SkillTrustLevel, type SkillVersionStatus, type SkillWithVersion, type SkillWriteInput, SkillsNamespace, type SlackInstallRequest, type StepCompleteEvent, type StepDeltaEvent, type StepFallback, type StepFieldMeta, type StepStartEvent, type StepWaitingLocalEvent, type StreamCallbacks, type StreamEvent, type StreamEventOf, type SubagentToolConfig, type Surface, type SurfaceDefinition, type SurfaceDefinitionEnvironment, type SurfaceDefinitionStatus, type SurfaceDefinitionType, SurfaceDriftError, SurfaceEnsureConflictError, type SurfaceListParams, type SurfacePullResult, SurfacesEndpoint, SurfacesNamespace, type TextContentPart, type Tool, type ToolApprovalGrant, ToolApprovalGrantsEndpoint, type ToolConfig, type ToolDefinition, type ToolDefinitionType, ToolDriftError, ToolEnsureConflictError, type ToolPullResult, type ToolWithValidation, type ToolsConfig, ToolsEndpoint, ToolsNamespace, type TransformDataStepConfig$1 as TransformDataStepConfig, type UpdateAppRequest, type UpdateClientTokenRequest, type UpdateConversationRequest, type UpdatePromptData, type UpdateProviderKeyRequest, type UpdateScheduleRequest, type UpdateSecretRequest, type UpdateToolRequest, type UpdatedFlow, type UpsertFlowConfig$1 as UpsertFlowConfig, type UpsertOptions, type UpsertRecordStepConfig$1 as UpsertRecordStepConfig, type UserProfile, UsersEndpoint, type VectorSearchStepConfig$1 as VectorSearchStepConfig, type VersionType, type WaitUntilStepConfig$1 as WaitUntilStepConfig, type WorkflowCompileDeps, type WorkflowCompletionCriteriaConfig, type WorkflowConfig, type WorkflowConfigFactory, type WorkflowContext, type WorkflowDefinition, type WorkflowHookEntry, type WorkflowHookKind, type WorkflowHookRef, type WorkflowHookSignatures, type WorkflowMilestoneConfig, type WorkflowPhase, type WorkflowPolicyConfig, type WorkflowRecoveryConfig, type WorkflowSlot, type WorkflowStallPolicy, applyGeneratedRuntimeToolProposalToDispatchRequest, attachRuntimeToolsToDispatchRequest, buildEmptySessionNudge, buildGeneratedRuntimeToolGateOutput, buildLedgerOffloadReference, buildPolicyGuidance, buildSendViewOffloadMarker, compileWorkflowConfig, computeAgentContentHash, computeFlowContentHash, computeProductContentHash, computeSkillContentHash, computeSurfaceContentHash, computeToolContentHash, createClient, createExternalTool, defaultWorkflow, defaultWorkflowConfig, defineAgent, defineFlow, definePlaybook, defineProduct, defineSkill, defineSurface, defineTool, deployWorkflow, ensureDefaultWorkflowHooks, evaluateGeneratedRuntimeToolProposal, extractDeclaredToolResultChars, gameWorkflow, getDefaultPlanPath, getLikelySupportingCandidatePaths, interpolateWorkflowTemplate, isDiscoveryToolName, isMarathonArtifactPath, isPreservationSensitiveTask, isWorkflowHookRef, listWorkflowHooks, normalizeAgentDefinition, normalizeCandidatePath, normalizeProductDefinition, normalizeSkillDefinition, normalizeSurfaceDefinition, normalizeToolDefinition, parseFinalBuffer, parseLedgerArtifactRelativePath, parseOffloadedOutputId, parseSSEChunk, processStream, registerWorkflowHook, resolveStallStopAfter, resolveWorkflowHook, sanitizeTaskSlug, shouldInjectEmptySessionNudge, shouldRequestModelEscalation, streamEvents, unregisterWorkflowHook };