npm - @siglume/api-sdk - Versions diffs - 0.10.7 → 1.0.0 - Mend

@siglume/api-sdk 0.10.7 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/dist/cli/index.js CHANGED Viewed

@@ -1226,6 +1226,56 @@ var init_operations = __esm({
 });
 // src/client.ts
+function validateManifestPersistenceContract(payload) {
+  const vertical = String(payload.store_vertical ?? "").trim().toLowerCase();
+  const persistence = payload.persistence;
+  if (persistence === void 0 || persistence === null) {
+    return;
+  }
+  if (!isRecord(persistence)) {
+    throw new SiglumeClientError("AppManifest.persistence must be an object.");
+  }
+  const mode = String(persistence.mode ?? (vertical === "game" ? "platform" : "none")).trim().toLowerCase();
+  if (!["none", "local", "platform", "developer_server"].includes(mode)) {
+    throw new SiglumeClientError(
+      "AppManifest.persistence.mode must be one of: none, local, platform, developer_server."
+    );
+  }
+  const schema = persistence.save_data_schema;
+  if (vertical === "game" && mode !== "none" && schema === void 0) {
+    throw new SiglumeClientError(
+      "AppManifest.persistence.save_data_schema is required when store_vertical='game' and persistence.mode is not 'none'."
+    );
+  }
+  if (schema !== void 0) {
+    validateSaveDataSchema(schema, "AppManifest.persistence.save_data_schema");
+  }
+}
+function validateSaveDataSchema(schema, fieldName) {
+  if (!isRecord(schema)) {
+    throw new SiglumeClientError(`${fieldName} must be a JSON Schema object.`);
+  }
+  const schemaSize = new TextEncoder().encode(JSON.stringify(schema)).length;
+  if (schemaSize > 8192) {
+    throw new SiglumeClientError(`${fieldName} must be at most 8192 bytes.`);
+  }
+  if (schema.type !== "object") {
+    throw new SiglumeClientError(`${fieldName}.type must be 'object'.`);
+  }
+  const properties = schema.properties;
+  if (!isRecord(properties) || Object.keys(properties).length === 0) {
+    throw new SiglumeClientError(`${fieldName}.properties must be a non-empty object.`);
+  }
+  if (schema.required !== void 0) {
+    if (!Array.isArray(schema.required) || !schema.required.every((item) => typeof item === "string")) {
+      throw new SiglumeClientError(`${fieldName}.required must be an array of strings when provided.`);
+    }
+    const missing = schema.required.filter((item) => !(item in properties));
+    if (missing.length > 0) {
+      throw new SiglumeClientError(`${fieldName}.required references undefined properties: ${missing.join(", ")}.`);
+    }
+  }
+}
 function buildToolManualQualityReport(payload) {
   const qualityBlock = isRecord(payload.quality) ? payload.quality : payload;
   const issues = [];
@@ -1300,6 +1350,8 @@ function buildUrl(baseUrl, path, params) {
   return url.toString();
 }
 function parseListing(data) {
+  const metadata = isRecord(data.metadata) ? data.metadata : {};
+  const persistence = isRecord(data.persistence) ? data.persistence : isRecord(metadata.persistence) ? metadata.persistence : {};
   return {
     listing_id: String(data.listing_id ?? data.id ?? ""),
     capability_key: String(data.capability_key ?? ""),
@@ -1322,14 +1374,59 @@ function parseListing(data) {
     seller_display_name: stringOrNull(data.seller_display_name),
     seller_homepage_url: stringOrNull(data.seller_homepage_url),
     seller_social_url: stringOrNull(data.seller_social_url),
+    publisher_type: stringOrNull(data.publisher_type),
+    publisher_company_id: stringOrNull(data.publisher_company_id),
+    company_id: stringOrNull(data.company_id),
+    company_name: stringOrNull(data.company_name),
+    company_publish_status: stringOrNull(data.company_publish_status),
+    company_terms_version: stringOrNull(data.company_terms_version),
     review_status: stringOrNull(data.review_status),
     review_note: stringOrNull(data.review_note),
     submission_blockers: Array.isArray(data.submission_blockers) ? data.submission_blockers.filter((item) => typeof item === "string") : [],
+    persistence: { ...persistence },
     created_at: stringOrNull(data.created_at),
     updated_at: stringOrNull(data.updated_at),
     raw: { ...data }
   };
 }
+function parseCompanyPublisher(data) {
+  const wallets = Array.isArray(data.settlement_wallets) ? data.settlement_wallets.filter((item) => isRecord(item)) : [];
+  return {
+    company_id: String(data.company_id ?? data.id ?? ""),
+    name: String(data.name ?? ""),
+    status: String(data.status ?? ""),
+    description: stringOrNull(data.description),
+    is_founder: Boolean(data.is_founder ?? false),
+    membership_role: stringOrNull(data.membership_role),
+    membership_status: stringOrNull(data.membership_status),
+    can_publish: Boolean(data.can_publish ?? true),
+    can_approve: Boolean(data.can_approve ?? false),
+    approval_required: Boolean(data.approval_required ?? false),
+    paid_listing_allowed: Boolean(data.paid_listing_allowed ?? false),
+    disabled_reasons: Array.isArray(data.disabled_reasons) ? data.disabled_reasons.filter((item) => typeof item === "string") : [],
+    company_terms_version: stringOrNull(data.company_terms_version),
+    active_listing_count: Number(data.active_listing_count ?? 0),
+    pending_approval_count: Number(data.pending_approval_count ?? 0),
+    settlement_wallet_ready: Boolean(data.settlement_wallet_ready ?? false),
+    settlement_wallets: wallets.map((item) => ({ ...item })),
+    raw: { ...data }
+  };
+}
+function parseCapabilitySaveState(data) {
+  return {
+    capability_key: String(data.capability_key ?? ""),
+    save_key: String(data.save_key ?? ""),
+    schema_version: String(data.schema_version ?? "1"),
+    revision: Number(data.revision ?? 0),
+    payload: toRecord(data.payload),
+    metadata: toRecord(data.metadata),
+    checksum: stringOrNull(data.checksum),
+    updated_at: stringOrNull(data.updated_at),
+    created_at: stringOrNull(data.created_at),
+    exists: Boolean(data.exists ?? false),
+    raw: { ...data }
+  };
+}
 function parseBundleMember(data) {
   return {
     capability_listing_id: String(data.capability_listing_id ?? ""),
@@ -1341,18 +1438,6 @@ function parseBundleMember(data) {
     link_id: stringOrNull(data.link_id)
   };
 }
-function parseConnectedAccountLifecycle(data) {
-  return {
-    connected_account_id: String(data.connected_account_id ?? ""),
-    provider_key: String(data.provider_key ?? ""),
-    expires_at: stringOrNull(data.expires_at),
-    scopes: Array.isArray(data.scopes) ? data.scopes.filter((s) => typeof s === "string") : [],
-    refreshed_at: stringOrNull(data.refreshed_at),
-    connection_status: stringOrNull(data.connection_status),
-    provider_revoked: typeof data.provider_revoked === "boolean" ? data.provider_revoked : null,
-    revoked_at: stringOrNull(data.revoked_at)
-  };
-}
 function parseBundle(data) {
   const membersRaw = Array.isArray(data.members) ? data.members : [];
   return {
@@ -1431,21 +1516,6 @@ function parseBinding(data) {
     raw: { ...data }
   };
 }
-function parseConnectedAccount(data) {
-  return {
-    connected_account_id: String(data.connected_account_id ?? data.id ?? ""),
-    provider_key: String(data.provider_key ?? ""),
-    account_role: String(data.account_role ?? ""),
-    display_name: stringOrNull(data.display_name),
-    environment: stringOrNull(data.environment),
-    connection_status: stringOrNull(data.connection_status),
-    scopes: Array.isArray(data.scopes) ? data.scopes.filter((item) => typeof item === "string") : [],
-    metadata: toRecord(data.metadata),
-    created_at: stringOrNull(data.created_at),
-    updated_at: stringOrNull(data.updated_at),
-    raw: { ...data }
-  };
-}
 function parseSupportCase(data) {
   return {
     support_case_id: String(data.support_case_id ?? data.id ?? ""),
@@ -2484,13 +2554,6 @@ var init_client = __esm({
         if (options.runtime_validation) {
           payload.runtime_validation = coerceMapping(options.runtime_validation, "runtime_validation");
         }
-        if (options.oauth_credentials) {
-          payload.oauth_credentials = Array.isArray(options.oauth_credentials) ? {
-            items: options.oauth_credentials.map(
-              (item, index) => coerceMapping(item, `oauth_credentials[${index}]`)
-            )
-          } : coerceMapping(options.oauth_credentials, "oauth_credentials");
-        }
         if (options.source_context) {
           payload.source_context = coerceMapping(options.source_context, "source_context");
         }
@@ -2509,6 +2572,9 @@ var init_client = __esm({
           "support_contact",
           "seller_homepage_url",
           "seller_social_url",
+          "publisher_type",
+          "company_id",
+          "publisher_company_id",
           "store_vertical",
           "jurisdiction",
           "price_model",
@@ -2521,7 +2587,8 @@ var init_client = __esm({
           "dry_run_supported",
           "required_connected_accounts",
           "permission_scopes",
-          "compatibility_tags"
+          "compatibility_tags",
+          "persistence"
         ]) {
           const value = manifestPayload[fieldName];
           if (value !== void 0 && value !== null) {
@@ -2561,6 +2628,26 @@ var init_client = __esm({
             );
           }
         }
+        const explicitPublisherType = payload.publisher_type !== void 0 && payload.publisher_type !== null;
+        const companyId = String(payload.company_id ?? "").trim() || String(payload.publisher_company_id ?? "").trim();
+        const publisherType = String(payload.publisher_type ?? "user").trim().toLowerCase();
+        if (publisherType !== "user" && publisherType !== "company") {
+          throw new SiglumeClientError("AppManifest.publisher_type must be 'user' or 'company'.");
+        }
+        if (publisherType === "company" && !companyId) {
+          throw new SiglumeClientError("AppManifest.company_id is required when publisher_type='company'.");
+        }
+        if (publisherType === "user" && companyId) {
+          throw new SiglumeClientError("AppManifest.company_id cannot be combined with publisher_type='user'.");
+        }
+        if (explicitPublisherType || companyId) {
+          payload.publisher_type = publisherType;
+        }
+        if (companyId) {
+          payload.company_id = companyId;
+          payload.publisher_company_id = companyId;
+        }
+        validateManifestPersistenceContract(payload);
         if (payload.manifest && typeof payload.manifest === "object") {
           delete payload.manifest.version;
         }
@@ -2596,7 +2683,6 @@ var init_client = __esm({
           auto_manifest: toRecord(data.auto_manifest),
           confidence: toRecord(data.confidence),
           validation_report: toRecord(data.validation_report),
-          oauth_status: toRecord(data.oauth_status),
           review_url: stringOrNull(data.review_url),
           trace_id: meta.trace_id,
           request_id: meta.request_id
@@ -2668,6 +2754,45 @@ var init_client = __esm({
         const [data] = await this.request("GET", `/market/capabilities/${listing_id}`);
         return parseListing(data);
       }
+      async list_company_publishers() {
+        const [data] = await this.request("GET", "/market/company-publishers");
+        return Array.isArray(data.items) ? data.items.filter((item) => isRecord(item)).map(parseCompanyPublisher) : [];
+      }
+      async request_company_publish_approval(listing_id, note) {
+        const [data] = await this.request("POST", `/market/capabilities/${listing_id}/company-publish-approval`, {
+          json_body: note ? { note } : {}
+        });
+        return parseListing(data);
+      }
+      async decide_company_publish_approval(listing_id, options) {
+        const [data] = await this.request("POST", `/market/capabilities/${listing_id}/company-publish-approval/decision`, {
+          json_body: {
+            decision: options.decision,
+            ...options.reason ? { reason: options.reason } : {}
+          }
+        });
+        return parseListing(data);
+      }
+      async get_capability_state(capability_key, save_key = "default") {
+        const [data] = await this.request("GET", `/market/capability-state/${capability_key}/${save_key}`);
+        return parseCapabilitySaveState(data);
+      }
+      async put_capability_state(capability_key, save_key = "default", payload = {}, options = {}) {
+        const body = {
+          payload: toRecord(payload),
+          schema_version: options.schema_version ?? "1",
+          metadata: toRecord(options.metadata)
+        };
+        if (options.expected_revision !== void 0 && options.expected_revision !== null) {
+          body.expected_revision = Math.trunc(options.expected_revision);
+        }
+        const [data] = await this.request("PUT", `/market/capability-state/${capability_key}/${save_key}`, { json_body: body });
+        return parseCapabilitySaveState(data);
+      }
+      async delete_capability_state(capability_key, save_key = "default") {
+        const [data] = await this.request("DELETE", `/market/capability-state/${capability_key}/${save_key}`);
+        return parseCapabilitySaveState(data);
+      }
       // ----- Capability bundles (v0.7 track 2) ---------------------------------
       async list_bundles(options = {}) {
         const params = {
@@ -2733,66 +2858,9 @@ var init_client = __esm({
         return parseBundle(data);
       }
       // ----- end bundles -------------------------------------------------------
-      // ----- Connected accounts (v0.7 track 3) ---------------------------------
-      // `resolve()` is intentionally NOT wrapped: runtime-only, never over the wire.
-      async start_connected_account_oauth(input) {
-        const body = {
-          listing_id: input.listing_id,
-          redirect_uri: input.redirect_uri
-        };
-        if (input.scopes !== void 0) body.scopes = input.scopes;
-        if (input.account_role !== void 0) body.account_role = input.account_role;
-        const [data] = await this.request("POST", "/me/connected-accounts/oauth/authorize", {
-          json_body: body
-        });
-        return {
-          authorize_url: String(data.authorize_url ?? ""),
-          state: String(data.state ?? ""),
-          provider_key: String(data.provider_key ?? ""),
-          scopes: Array.isArray(data.scopes) ? data.scopes.filter((s) => typeof s === "string") : [],
-          pkce_method: stringOrNull(data.pkce_method)
-        };
-      }
-      async complete_connected_account_oauth(input) {
-        const [data] = await this.request("POST", "/me/connected-accounts/oauth/callback", {
-          json_body: { state: input.state, code: input.code }
-        });
-        return { ...data };
-      }
-      async refresh_connected_account(account_id) {
-        const [data] = await this.request("POST", `/me/connected-accounts/${account_id}/refresh`);
-        return parseConnectedAccountLifecycle(data);
-      }
-      async revoke_connected_account(account_id) {
-        const [data] = await this.request("POST", `/me/connected-accounts/${account_id}/revoke`);
-        return parseConnectedAccountLifecycle(data);
-      }
-      async set_listing_oauth_credentials(listing_id, input) {
-        const body = {
-          provider_key: input.provider_key,
-          client_id: input.client_id,
-          client_secret: input.client_secret,
-          authorize_url: input.authorize_url,
-          token_url: input.token_url
-        };
-        if (input.revoke_url !== void 0) body.revoke_url = input.revoke_url;
-        if (input.display_name !== void 0) body.display_name = input.display_name;
-        if (input.scope_separator !== void 0) body.scope_separator = input.scope_separator;
-        if (input.token_endpoint_auth !== void 0) body.token_endpoint_auth = input.token_endpoint_auth;
-        if (input.pkce_required !== void 0) body.pkce_required = input.pkce_required;
-        if (input.refresh_supported !== void 0) body.refresh_supported = input.refresh_supported;
-        if (input.available_scopes !== void 0) body.available_scopes = input.available_scopes;
-        if (input.required_scopes !== void 0) body.required_scopes = input.required_scopes;
-        const [data] = await this.request("PUT", `/market/capabilities/${listing_id}/oauth-credentials`, {
-          json_body: body
-        });
-        return { ...data };
-      }
-      async get_listing_oauth_credentials_status(listing_id) {
-        const [data] = await this.request("GET", `/market/capabilities/${listing_id}/oauth-credentials`);
-        return { ...data };
-      }
-      // ----- end connected accounts --------------------------------------------
+      // ----- Connected accounts ------------------------------------------------
+      // Architecture B: publisher APIs own external OAuth and token storage.
+      // The SDK no longer exposes platform OAuth or listing credential APIs.
       async get_developer_portal() {
         const [data, meta] = await this.request("GET", "/market/developer/portal");
         return {
@@ -2825,7 +2893,6 @@ var init_client = __esm({
           dry_run_supported: Boolean(data.dry_run_supported ?? false),
           approval_mode: stringOrNull(data.approval_mode),
           required_connected_accounts: Array.isArray(data.required_connected_accounts) ? data.required_connected_accounts : [],
-          connected_accounts: Array.isArray(data.connected_accounts) ? data.connected_accounts.filter((item) => isRecord(item)).map((item) => ({ ...item })) : [],
           stub_providers_enabled: Boolean(data.stub_providers_enabled ?? false),
           simulated_receipts: Boolean(data.simulated_receipts ?? false),
           approval_simulator: Boolean(data.approval_simulator ?? false),
@@ -4123,25 +4190,6 @@ var init_client = __esm({
           raw: { ...data }
         };
       }
-      async list_connected_accounts(options = {}) {
-        const params = {
-          provider_key: options.provider_key,
-          environment: options.environment,
-          limit: Math.max(1, Math.min(Math.trunc(options.limit ?? 50), 100)),
-          cursor: options.cursor
-        };
-        const [data, meta] = await this.request("GET", "/market/connected-accounts", { params });
-        const items = Array.isArray(data.items) ? data.items.filter((item) => isRecord(item)).map(parseConnectedAccount) : [];
-        const next_cursor = stringOrNull(data.next_cursor);
-        return new CursorPageResult({
-          items,
-          next_cursor,
-          limit: typeof data.limit === "number" ? data.limit : params.limit,
-          offset: typeof data.offset === "number" ? data.offset : null,
-          meta,
-          fetchNext: next_cursor ? (cursor) => this.list_connected_accounts({ ...options, cursor }) : void 0
-        });
-      }
       async create_support_case(subject, body, options = {}) {
         const summary = subject.trim();
         const details = body.trim();
@@ -5985,24 +6033,12 @@ var AppTestHarness = class {
     this.stubs = stubs;
   }
   async executeWithKind(execution_kind, task_type = "default", options = {}) {
-    const connected_accounts = options.connected_accounts ?? Object.fromEntries(
-      Object.keys(this.stubs).map((key) => [
-        key,
-        {
-          provider_key: key,
-          session_token: `stub-token-${key}`,
-          environment: Environment.SANDBOX,
-          scopes: []
-        }
-      ])
-    );
     const ctx = {
       agent_id: "test-agent-001",
       owner_user_id: "test-owner-001",
       task_type,
       environment: Environment.SANDBOX,
       execution_kind,
-      connected_accounts,
       input_params: options.input_params ?? {},
       trace_id: options.trace_id,
       idempotency_key: options.idempotency_key,
@@ -6092,12 +6128,6 @@ var AppTestHarness = class {
     }
     return issues;
   }
-  async simulate_connected_account_missing(task_type = "default", options = {}) {
-    return this.executeWithKind("dry_run", task_type, {
-      ...options,
-      connected_accounts: {}
-    });
-  }
   async simulate_metering(record, options = {}) {
     const { normalizeUsageRecord: normalizeUsageRecord2 } = await Promise.resolve().then(() => (init_metering(), metering_exports));
     const manifest = await this.app.manifest();
@@ -7060,15 +7090,6 @@ async function loadProject(path = ".") {
   const tool_manual = tool_manual_path ? JSON.parse(await readFile(tool_manual_path, "utf8")) : buildToolManualTemplate(manifest);
   const runtime_validation_path = await findRuntimeValidationPath(root_dir);
   const runtime_validation = runtime_validation_path ? await loadJsonObject(runtime_validation_path, "runtime_validation") : void 0;
-  const oauth_credentials_path = await findOauthCredentialsPath(root_dir);
-  let oauth_credentials;
-  if (oauth_credentials_path) {
-    const parsed = JSON.parse(await readFile(oauth_credentials_path, "utf8"));
-    if (!isRecord(parsed) && !Array.isArray(parsed)) {
-      throw new SiglumeProjectError("oauth_credentials must be a JSON object or array");
-    }
-    oauth_credentials = parsed;
-  }
   return {
     root_dir,
     adapter_path,
@@ -7077,9 +7098,7 @@ async function loadProject(path = ".") {
     tool_manual_path: tool_manual_path ?? void 0,
     tool_manual,
     runtime_validation_path: runtime_validation_path ?? void 0,
-    runtime_validation,
-    oauth_credentials_path: oauth_credentials_path ?? void 0,
-    oauth_credentials
+    runtime_validation
   };
 }
 function isPlatformManagedRequirement(value) {
@@ -7117,6 +7136,21 @@ function requiredOauthProviders(requirements) {
   }
   return providers;
 }
+function apiManagedRequirementsMissingConnectUrl(requirements) {
+  const missing = [];
+  for (const item of requirements ?? []) {
+    if (!isRecord(item)) continue;
+    const managedBy = String(item.managed_by ?? "").trim().toLowerCase().replaceAll("_", "-");
+    if (managedBy !== "api") continue;
+    const connectUrl = String(item.connect_url ?? "").trim();
+    if (connectUrl) continue;
+    const label = oauthProviderKeyFromRequirement(item) ?? "(missing provider_key)";
+    if (!missing.includes(label)) {
+      missing.push(label);
+    }
+  }
+  return missing;
+}
 function connectedAccountRequirementLabel(value) {
   if (isRecord(value)) {
     for (const key of ["provider_key", "provider", "account_type", "name"]) {
@@ -7127,102 +7161,6 @@ function connectedAccountRequirementLabel(value) {
   }
   return String(value ?? "").trim();
 }
-function oauthProviderRecordsMap(payload) {
-  if (!payload) {
-    return {};
-  }
-  const items = Array.isArray(payload) ? payload : Array.isArray(payload.items) ? payload.items : [payload];
-  const resolved = {};
-  for (const [index, item] of items.entries()) {
-    if (!isRecord(item)) {
-      throw new SiglumeProjectError(`oauth_credentials[${index}] must be a JSON object.`);
-    }
-    const providerKey = oauthProviderKeyFromRequirement(item.provider_key ?? item.provider);
-    if (!providerKey) {
-      throw new SiglumeProjectError(`oauth_credentials[${index}].provider_key is required.`);
-    }
-    const authorizeUrl = String(item.authorize_url ?? item.authorization_url ?? item.auth_url ?? "").trim();
-    const tokenUrl = String(item.token_url ?? "").trim();
-    if (!authorizeUrl || !tokenUrl) {
-      throw new SiglumeProjectError(
-        `oauth_credentials[${index}] must include authorize_url and token_url.`
-      );
-    }
-    for (const [urlKey, urlValue] of Object.entries({
-      authorize_url: authorizeUrl,
-      token_url: tokenUrl,
-      revoke_url: String(item.revoke_url ?? "").trim()
-    })) {
-      if (urlValue && !urlValue.startsWith("https://")) {
-        throw new SiglumeProjectError(`oauth_credentials[${index}].${urlKey} must be an https URL.`);
-      }
-    }
-    const clientId = String(item.client_id ?? "").trim();
-    const clientSecret = String(item.client_secret ?? "").trim();
-    if (!clientId || !clientSecret) {
-      throw new SiglumeProjectError(`oauth_credentials[${index}] must include client_id and client_secret.`);
-    }
-    const rawScopes = item.required_scopes ?? item.scopes;
-    let scopes = [];
-    if (rawScopes == null) {
-      scopes = [];
-    } else if (!Array.isArray(rawScopes)) {
-      throw new SiglumeProjectError(`oauth_credentials[${index}].required_scopes must be a JSON array.`);
-    } else {
-      scopes = rawScopes.map((scope) => String(scope ?? "").trim()).filter(Boolean);
-    }
-    const record = {
-      provider_key: providerKey,
-      client_id: clientId,
-      client_secret: clientSecret,
-      required_scopes: scopes
-    };
-    for (const [key, value] of Object.entries({
-      authorize_url: authorizeUrl,
-      token_url: tokenUrl,
-      revoke_url: String(item.revoke_url ?? "").trim(),
-      display_name: String(item.display_name ?? "").trim(),
-      scope_separator: String(item.scope_separator ?? "").trim(),
-      token_endpoint_auth: String(item.token_endpoint_auth ?? "").trim()
-    })) {
-      if (value) record[key] = value;
-    }
-    for (const key of ["pkce_required", "refresh_supported"]) {
-      if (typeof item[key] === "boolean") record[key] = item[key];
-    }
-    if (Array.isArray(item.available_scopes)) {
-      const availableScopes = item.available_scopes.map((scope) => String(scope ?? "").trim()).filter(Boolean);
-      if (availableScopes.length > 0) record.available_scopes = availableScopes;
-    }
-    resolved[providerKey] = record;
-  }
-  return resolved;
-}
-function canonicalOauthCredentialsPayload(payload) {
-  const records = oauthProviderRecordsMap(payload);
-  const providerKeys = Object.keys(records).sort();
-  if (providerKeys.length === 0) {
-    return void 0;
-  }
-  return {
-    items: providerKeys.map((providerKey) => records[providerKey])
-  };
-}
-function ensureRequiredOauthCredentials(project) {
-  const requiredProviders = requiredOauthProviders(project.manifest.required_connected_accounts ?? []);
-  if (requiredProviders.length === 0) {
-    return;
-  }
-  const provided = new Set(Object.keys(oauthProviderRecordsMap(project.oauth_credentials)));
-  const missing = requiredProviders.filter((provider) => !provided.has(provider));
-  if (missing.length === 0) {
-    return;
-  }
-  const path = project.oauth_credentials_path ?? join(project.root_dir, "oauth_credentials.json");
-  throw new SiglumeProjectError(
-    `${path} is required for platform-managed OAuth APIs. Missing provider seeds: ${missing.join(", ")}`
-  );
-}
 async function validateProject(path = ".", deps = {}) {
   const project = await loadProject(path);
   const manifest_issues = await projectValidationIssues(project);
@@ -7262,7 +7200,12 @@ function ensureManifestPublisherIdentity(project) {
   const sellerHomepageUrl = String(manifestPayload.seller_homepage_url ?? "").trim();
   const sellerSocialUrl = String(manifestPayload.seller_social_url ?? "").trim();
   const jurisdiction = String(manifestPayload.jurisdiction ?? "").trim();
+  const companyId = String(manifestPayload.company_id ?? "").trim() || String(manifestPayload.publisher_company_id ?? "").trim();
+  const publisherType = String(manifestPayload.publisher_type ?? "user").trim().toLowerCase();
   const issues = [];
+  if (companyId && publisherType !== "company") {
+    issues.push('manifest.company_id requires manifest.publisher_type to be "company"');
+  }
   if (!docsUrl) {
     issues.push("manifest.docs_url is required");
   } else if (looksLikePlaceholder(docsUrl)) {
@@ -7372,10 +7315,21 @@ function ensureExplicitToolManual(project) {
 async function registrationPreflight(project, client) {
   const manifestIssues = await projectValidationIssues(project);
   const [toolManualValid, toolManualIssues] = validate_tool_manual(project.tool_manual);
+  const retiredPlatformOauthProviders = requiredOauthProviders(project.manifest.required_connected_accounts ?? []);
+  if (retiredPlatformOauthProviders.length > 0) {
+    throw new SiglumeProjectError(
+      `Registration preflight failed. Fix these before calling auto-register:
+- platform-managed OAuth is retired. Use managed_by="api" with connect_url: ${retiredPlatformOauthProviders.join(", ")}`
+    );
+  }
+  const apiManagedMissingConnectUrl = apiManagedRequirementsMissingConnectUrl(project.manifest.required_connected_accounts ?? []);
+  if (apiManagedMissingConnectUrl.length > 0) {
+    throw new SiglumeProjectError(
+      `Registration preflight failed. Fix these before calling auto-register:
+- API-managed OAuth requirements must include connect_url: ${apiManagedMissingConnectUrl.join(", ")}`
+    );
+  }
   const remoteQuality = await client.preview_quality_score(project.tool_manual);
-  const requiredOauthProvidersList = requiredOauthProviders(project.manifest.required_connected_accounts ?? []);
-  const oauthProviderRecords = oauthProviderRecordsMap(project.oauth_credentials);
-  const missingOauthProviders = requiredOauthProvidersList.filter((provider) => !oauthProviderRecords[provider]);
   const blockingToolManualIssues = toolManualIssues.filter((issue2) => issue2.severity === "error");
   const errors = [
     ...manifestIssues.map((issue2) => String(issue2)),
@@ -7387,17 +7341,12 @@ async function registrationPreflight(project, client) {
   if (!remoteQualityOk(remoteQuality)) {
     errors.push(`remote Tool Manual quality is not publishable: ${remoteQuality.grade} (${remoteQuality.overall_score}/100)`);
   }
-  if (missingOauthProviders.length > 0) {
-    errors.push(`oauth_credentials.json is required for platform-managed OAuth APIs: ${missingOauthProviders.join(", ")}`);
-  }
   const preflight = {
     manifest_issues: manifestIssues,
     tool_manual_valid: toolManualValid,
     tool_manual_issues: toolManualIssues.map((issue2) => toJsonable(issue2)),
     remote_quality: toJsonable(remoteQuality),
-    required_oauth_providers: requiredOauthProvidersList,
-    oauth_credentials_path: project.oauth_credentials_path ?? null,
-    oauth_missing_providers: missingOauthProviders,
+    retired_platform_oauth_providers: retiredPlatformOauthProviders,
     ok: errors.length === 0
   };
   if (errors.length > 0) {
@@ -7408,35 +7357,116 @@ ${errors.map((error) => `- ${error}`).join("\n")}`
   }
   return preflight;
 }
+function companyNameSlug(value) {
+  return value.normalize("NFKD").toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-+|-+$/g, "");
+}
 async function runRegistration(path = ".", options = {}, deps = {}) {
   const project = await loadProject(path);
+  let requestedCompanyId = String(options.company_id ?? "").trim();
+  const requestedCompanySlug = String(options.company_slug ?? "").trim();
+  let companyPublisherCandidates = null;
+  if (requestedCompanySlug) {
+    if (requestedCompanyId) {
+      throw new SiglumeProjectError("--company and --company-slug cannot be combined.");
+    }
+    const slug = companyNameSlug(requestedCompanySlug);
+    if (!slug && requestedCompanySlug !== requestedCompanyId) {
+      throw new SiglumeProjectError(`Company slug ${requestedCompanySlug} is not slug-compatible; use --company <company_id> instead.`);
+    }
+  }
+  if (requestedCompanyId) {
+    project.manifest = {
+      ...project.manifest,
+      publisher_type: "company",
+      company_id: requestedCompanyId,
+      publisher_company_id: requestedCompanyId
+    };
+  }
   ensureExplicitToolManual(project);
   ensureManifestPublisherIdentity(project);
   ensureRuntimeValidationReady(project);
-  ensureRequiredOauthCredentials(project);
-  const canonicalOauthCredentials = canonicalOauthCredentialsPayload(project.oauth_credentials);
   const client = await createClient(deps);
+  if (requestedCompanySlug) {
+    const slug = companyNameSlug(requestedCompanySlug);
+    companyPublisherCandidates = await client.list_company_publishers();
+    const matches = companyPublisherCandidates.filter(
+      (item) => companyNameSlug(item.name || item.company_id) === slug || item.company_id === requestedCompanySlug
+    );
+    if (matches.length === 0) {
+      throw new SiglumeProjectError(`Company slug ${requestedCompanySlug} is not available to this API key.`);
+    }
+    if (matches.length > 1) {
+      throw new SiglumeProjectError(`Company slug ${requestedCompanySlug} is ambiguous; use --company <company_id> instead.`);
+    }
+    const match = matches[0];
+    if (!match) {
+      throw new SiglumeProjectError(`Company slug ${requestedCompanySlug} is not available to this API key.`);
+    }
+    if (match.can_publish === false) {
+      const disabledReasons = match.disabled_reasons ?? [];
+      const reasons = disabledReasons.length > 0 ? disabledReasons.join(", ") : "company publisher is disabled";
+      throw new SiglumeProjectError(`Company ${match.company_id} cannot publish: ${reasons}.`);
+    }
+    requestedCompanyId = match.company_id;
+    project.manifest = {
+      ...project.manifest,
+      publisher_type: "company",
+      company_id: requestedCompanyId,
+      publisher_company_id: requestedCompanyId
+    };
+  }
   const preflight = await registrationPreflight(project, client);
+  let companyPublisherPreflight = null;
+  const companyId = String(project.manifest.company_id ?? "").trim() || String(project.manifest.publisher_company_id ?? "").trim();
+  const publisherType = String(project.manifest.publisher_type ?? "user").toLowerCase();
+  if (publisherType === "company") {
+    if (!companyId) {
+      throw new SiglumeProjectError("Company registration requires --company <company_id> or manifest.company_id.");
+    }
+    const companies = companyPublisherCandidates ?? await client.list_company_publishers();
+    companyPublisherCandidates = companies;
+    const company = companies.find((item) => item.company_id === companyId);
+    if (!company) {
+      throw new SiglumeProjectError(`Company ${companyId} is not available to this API key.`);
+    }
+    if (company.can_publish === false) {
+      const disabledReasons = company.disabled_reasons ?? [];
+      const reasons = disabledReasons.length > 0 ? disabledReasons.join(", ") : "company publisher is disabled";
+      throw new SiglumeProjectError(`Company ${companyId} cannot publish: ${reasons}.`);
+    }
+    companyPublisherPreflight = company;
+  }
   let developerPortalPreflight = null;
   if (String(project.manifest.price_model ?? "free").toLowerCase() !== "free") {
-    const portal = await client.get_developer_portal();
-    const verifiedDestination = portal.payout_readiness?.verified_destination;
-    if (verifiedDestination !== true) {
-      throw new SiglumeProjectError(
-        "Paid API registration requires a verified Polygon payout destination. Open https://siglume.com/owner/credits/payout and confirm the embedded-wallet payout token, or call GET /v1/market/developer/portal until payout_readiness.verified_destination is true."
-      );
+    if (publisherType === "company") {
+      const company = companyPublisherPreflight;
+      if (!company) {
+        throw new SiglumeProjectError(`Company ${companyId} is not available to this API key.`);
+      }
+      if (company.settlement_wallet_ready !== true) {
+        throw new SiglumeProjectError(
+          `Paid company registration requires a verified company settlement wallet for ${company.name}. Open the company settings and complete settlement readiness before registering.`
+        );
+      }
+      developerPortalPreflight = { company_publisher: toJsonable(company) };
+    } else {
+      const portal = await client.get_developer_portal();
+      const verifiedDestination = portal.payout_readiness?.verified_destination;
+      if (verifiedDestination !== true) {
+        throw new SiglumeProjectError(
+          "Paid API registration requires a verified Polygon payout destination. Open https://siglume.com/owner/credits/payout and confirm the embedded-wallet payout token, or call GET /v1/market/developer/portal until payout_readiness.verified_destination is true."
+        );
+      }
+      developerPortalPreflight = toJsonable(portal);
     }
-    developerPortalPreflight = toJsonable(portal);
   }
   const receipt = await client.auto_register(project.manifest, project.tool_manual, {
-    runtime_validation: project.runtime_validation,
-    oauth_credentials: canonicalOauthCredentials
+    runtime_validation: project.runtime_validation
   });
   const result = {
     receipt: toJsonable(receipt),
     registration_preflight: preflight,
-    runtime_validation_path: project.runtime_validation_path ?? null,
-    oauth_credentials_path: project.oauth_credentials_path ?? null
+    runtime_validation_path: project.runtime_validation_path ?? null
   };
   if (developerPortalPreflight) {
     result.developer_portal_preflight = developerPortalPreflight;
@@ -7457,7 +7487,6 @@ async function runPreflight(path = ".", deps = {}) {
   ensureExplicitToolManual(project);
   ensureManifestPublisherIdentity(project);
   ensureRuntimeValidationReady(project);
-  ensureRequiredOauthCredentials(project);
   const client = await createClient(deps);
   const preflight = await registrationPreflight(project, client);
   let developerPortalPreflight = null;
@@ -7475,8 +7504,7 @@ async function runPreflight(path = ".", deps = {}) {
     ok: true,
     adapter_path: project.adapter_path,
     registration_preflight: preflight,
-    runtime_validation_path: project.runtime_validation_path ?? null,
-    oauth_credentials_path: project.oauth_credentials_path ?? null
+    runtime_validation_path: project.runtime_validation_path ?? null
   };
   if (developerPortalPreflight) {
     result.developer_portal_preflight = developerPortalPreflight;
@@ -7499,6 +7527,14 @@ async function getUsageReport(options, deps = {}) {
     count: items.length
   };
 }
+async function listCompanyPublishersReport(deps = {}) {
+  const client = await createClient(deps);
+  const companies = await client.list_company_publishers();
+  return {
+    companies: companies.map((item) => toJsonable(item)),
+    count: companies.length
+  };
+}
 async function diffJsonFiles(oldPath, newPath) {
   const oldPayload = await loadJsonDocument(oldPath);
   const newPayload = await loadJsonDocument(newPath);
@@ -7950,7 +7986,7 @@ function operationReadmeTemplate(operation, manifest, warning) {
     "- `tool_manual.json`: machine-generated ToolManual scaffold",
     "- `runtime_validation.json`: local public endpoint and review-key checks used by auto-register",
     "- `docs/api-usage.md`: publishable API usage guide template for `docs_url`",
-    "- `.gitignore`: keeps runtime review keys and OAuth client secrets out of Git",
+    "- `.gitignore`: keeps runtime review keys out of Git",
     "- `tests/test_adapter.ts`: smoke test for `AppTestHarness`",
     "",
     "Before registering, replace all generated placeholders:",
@@ -7958,8 +7994,8 @@ function operationReadmeTemplate(operation, manifest, warning) {
     "- Replace `support_contact` with a real support email address or public support URL.",
     "- Optional `seller_homepage_url` is the seller's official site and can stay blank.",
     "- In the local `runtime_validation.json`, replace the public URL and review-key placeholders.",
-    "- If the API uses seller-side OAuth, create a local `oauth_credentials.json` next to the adapter.",
-    "- Do not commit real review keys or OAuth client secrets; the generated `.gitignore` excludes those files.",
+    "- If the API uses external OAuth, implement that flow in your API runtime and keep user tokens outside Siglume.",
+    "- Do not commit real review keys or external-provider secrets; the generated `.gitignore` excludes local secret files.",
     "- Because `runtime_validation.json` is ignored, GitHub samples do not commit review-key values.",
     "",
     "## Commands",
@@ -8035,8 +8071,6 @@ function generatedGitignore() {
     "!.env.example",
     "runtime_validation.json",
     "runtime-validation.json",
-    "oauth_credentials.json",
-    "oauth-credentials.json",
     "",
     "# Python / test artifacts.",
     "__pycache__/",
@@ -8182,13 +8216,6 @@ async function runHarnessForProject(project) {
     checks.push(executionCheck("quote", await harness.execute_quote(task_type, { input_params: sample_input }), harness));
     checks.push(executionCheck("payment", await harness.execute_payment(task_type, { input_params: sample_input }), harness));
   }
-  checks.push(
-    executionCheck(
-      "missing_account_simulation",
-      await harness.simulate_connected_account_missing(task_type, { input_params: sample_input }),
-      harness
-    )
-  );
   return {
     adapter_path: project.adapter_path,
     task_type,
@@ -8291,15 +8318,6 @@ async function findRuntimeValidationPath(root_dir) {
   }
   return null;
 }
-async function findOauthCredentialsPath(root_dir) {
-  for (const name of ["oauth_credentials.json", "oauth-credentials.json"]) {
-    const candidate = join(root_dir, name);
-    if (existsSync(candidate)) {
-      return candidate;
-    }
-  }
-  return null;
-}
 async function loadJsonObject(path, label) {
   let payload;
   try {
@@ -8531,15 +8549,15 @@ function readmeTemplate(template) {
     "- `tool_manual.json`: editable ToolManual draft for validation and registration",
     "- `runtime_validation.json`: local live API smoke-test contract used during registration",
     "- `docs/api-usage.md`: publish this page and use its public URL as `docs_url`",
-    "- `.gitignore`: keeps runtime review keys and OAuth client secrets out of Git",
+    "- `.gitignore`: keeps runtime review keys out of Git",
     "",
     "Before registering, replace all generated placeholders:",
     "- In `adapter.ts` and `manifest.json`, replace `docs_url` with a dedicated public API usage guide, not a homepage.",
     "- Replace `support_contact` with a real support email address or public support URL.",
     "- Optional `seller_homepage_url` is the seller's official site and can stay blank.",
     "- In the local `runtime_validation.json`, replace the public URL and review-key placeholders.",
-    "- If the API uses seller-side OAuth, create a local `oauth_credentials.json` next to the adapter.",
-    "- Do not commit real review keys or OAuth client secrets; the generated `.gitignore` excludes those files.",
+    "- If the API uses external OAuth, implement that flow in your API runtime and keep user tokens outside Siglume.",
+    "- Do not commit real review keys or external-provider secrets; the generated `.gitignore` excludes local secret files.",
     "- Because `runtime_validation.json` is ignored, GitHub samples do not commit review-key values.",
     "",
     "Suggested workflow:",
@@ -8585,6 +8603,24 @@ function renderOperationTable(operations) {
     ...rows.map((row) => row.map((cell, index) => cell.padEnd(widths[index] ?? cell.length)).join("  "))
   ];
 }
+function renderCompanyTable(companies) {
+  const rows = companies.map((item) => [
+    String(item.company_id ?? item.id ?? ""),
+    String(item.name ?? ""),
+    String(item.membership_role ?? (item.is_founder ? "founder" : "")),
+    String(item.settlement_wallet_ready === true ? "ready" : "not_ready"),
+    String(item.pending_approval_count ?? 0)
+  ]);
+  const headers = ["company_id", "name", "role", "settlement", "pending"];
+  const widths = headers.map(
+    (header, index) => Math.max(header.length, ...rows.map((row) => row[index]?.length ?? 0))
+  );
+  return [
+    headers.map((header, index) => header.padEnd(widths[index] ?? header.length)).join("  "),
+    widths.map((width) => "-".repeat(width)).join("  "),
+    ...rows.map((row) => row.map((cell, index) => cell.padEnd(widths[index] ?? cell.length)).join("  "))
+  ];
+}
 async function runCli(argv, deps = {}) {
   const stdout = deps.stdout;
   const stderr = deps.stderr ?? console.error;
@@ -8739,9 +8775,22 @@ async function runCli(argv, deps = {}) {
       emit(stdout, `preflight_quality: ${preflight.remote_quality.grade} (${preflight.remote_quality.overall_score}/100)`);
     }
     if (report.runtime_validation_path) emit(stdout, `runtime_validation_path: ${String(report.runtime_validation_path)}`);
-    if (report.oauth_credentials_path) emit(stdout, `oauth_credentials_path: ${String(report.oauth_credentials_path)}`);
   });
-  program.command("register").option("--confirm", "explicitly confirm the registration; this is the default unless --draft-only is set", false).option("--draft-only", "create or refresh the draft without confirming publication", false).option("--submit-review", "legacy alias: publish immediately if your environment still routes through submit-review", false).option("--json", "emit machine-readable JSON", false).argument("[path]", ".", "project path").action(async (path, options) => {
+  program.command("companies").description("List Siglume companies available for company-name publishing.").option("--json", "emit machine-readable JSON", false).action(async (options) => {
+    const report = await listCompanyPublishersReport(deps);
+    if (options.json) {
+      emit(stdout, renderJson(report));
+      return;
+    }
+    const companies = Array.isArray(report.companies) ? report.companies.filter((item) => Boolean(item && typeof item === "object")) : [];
+    if (companies.length === 0) {
+      emit(stdout, "No company publishers available for this API key.");
+      return;
+    }
+    emit(stdout, "Company publishers");
+    renderCompanyTable(companies).forEach((line) => emit(stdout, line));
+  });
+  program.command("register").option("--confirm", "explicitly confirm the registration; this is the default unless --draft-only is set", false).option("--draft-only", "create or refresh the draft without confirming publication", false).option("--submit-review", "legacy alias: publish immediately if your environment still routes through submit-review", false).option("--company <companyId>", "publish under a Siglume company name; revenue is split equally among active members", "").option("--company-slug <slug>", "publish under a Siglume company by matching the slugified company name", "").option("--json", "emit machine-readable JSON", false).argument("[path]", ".", "project path").action(async (path, options) => {
     const draftOnly = Boolean(options.draftOnly);
     if (draftOnly && options.confirm) {
       throw new SiglumeProjectError("--draft-only cannot be combined with --confirm.");
@@ -8750,7 +8799,13 @@ async function runCli(argv, deps = {}) {
       throw new SiglumeProjectError("--draft-only cannot be combined with --submit-review.");
     }
     const shouldConfirm = Boolean(options.confirm) || !draftOnly && !options.submitReview;
-    const report = await runRegistration(path, { confirm: shouldConfirm, draft_only: draftOnly, submit_review: options.submitReview }, deps);
+    const report = await runRegistration(path, {
+      confirm: shouldConfirm,
+      draft_only: draftOnly,
+      submit_review: options.submitReview,
+      company_id: options.company,
+      company_slug: options.companySlug
+    }, deps);
     if (options.json) {
       emit(stdout, renderJson(report));
     } else {
@@ -8770,7 +8825,6 @@ async function runCli(argv, deps = {}) {
       emit(stdout, `listing_id: ${receipt.listing_id}`);
       emit(stdout, `receipt_status: ${receipt.status}`);
       if (receipt.listing_status) emit(stdout, `listing_status: ${receipt.listing_status}`);
-      if (receipt.oauth_status) emit(stdout, `oauth_configured: ${Boolean(receipt.oauth_status.configured)}`);
       if (receipt.review_url) emit(stdout, `review_url: ${receipt.review_url}`);
       if (receipt.trace_id) emit(stdout, `trace_id: ${receipt.trace_id}`);
       if (receipt.request_id) emit(stdout, `request_id: ${receipt.request_id}`);