npm - @siglume/api-sdk - Versions diffs - 3.0.0 → 3.1.0 - Mend

@siglume/api-sdk 3.0.0 → 3.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/README.md CHANGED Viewed

@@ -66,6 +66,7 @@ siglume validate .
 siglume score . --remote
 siglume preflight .         # checks blockers without creating a draft
 siglume register .          # preflight + auto-register + confirm/publish
+siglume register . --private-confirm # confirm release, keep listing hidden for production testing
 siglume register . --draft-only # review-only draft staging
 ```
@@ -75,12 +76,18 @@ Git-ignored because they hold the runtime auth header shared secret. SDK / HTTP
 `source_url`, `source_context`, and `input_form_spec` directly to
 `auto-register`. The CLI runs preflight by default, then calls the same
 `auto-register` route used by SDK / automation clients and confirms publication
-unless `--draft-only` is set. Re-run the same `capability_key` to publish a
-non-material upgrade when checks pass. The server-side publish gate
+unless `--draft-only` is set. Use `--private-confirm` to create the executable
+release while keeping the listing hidden for seller-owned production testing.
+Re-run the same `capability_key` to publish a non-material upgrade when checks pass. The server-side publish gate
 includes runtime checks, contract checks, external OAuth declaration checks, pricing / payout
 rules, and a mandatory fail-closed LLM legal review for law compliance plus
 public-order / morals compliance.
+At production runtime, verify your configured runtime auth header first
+(commonly `X-Siglume-Auth`). Then map `X-Siglume-Platform-User-Id` to the
+buyer / agent-owner tenant or token record and use `X-Siglume-Agent-Id` for
+agent-scoped audit. `X-Siglume-Owner-Id` is not a supported runtime header.
 ## Usage-Based And Per-Action Billing
 For the canonical pricing reference, see

package/dist/bin/siglume.cjs CHANGED Viewed

@@ -2565,8 +2565,12 @@ var init_client = __esm({
         };
       }
       async confirm_registration(listing_id, options = {}) {
-        const { version_bump: versionBump } = options;
+        const { version_bump: versionBump, visibility = "public" } = options;
         const payload = { approved: true };
+        if (visibility !== "public" && visibility !== "private") {
+          throw new Error(`visibility must be one of ["public","private"], got ${JSON.stringify(visibility)}`);
+        }
+        payload.visibility = visibility;
         if (versionBump !== void 0) {
           const allowed = ["patch", "minor", "major"];
           if (!allowed.includes(versionBump)) {
@@ -2584,6 +2588,7 @@ var init_client = __esm({
         return {
           listing_id: String(data.listing_id ?? listing_id),
           status: String(data.status ?? ""),
+          visibility: stringOrNull(data.visibility),
           message: stringOrNull(data.message),
           checklist,
           release: toRecord(data.release),
@@ -7079,7 +7084,9 @@ async function runRegistration(path = ".", options = {}, deps = {}) {
   }
   const shouldConfirm = Boolean(options.confirm) || options.confirm === void 0 && !options.draft_only && !options.submit_review;
   if (shouldConfirm) {
-    result.confirmation = toJsonable(await client.confirm_registration(receipt.listing_id));
+    result.confirmation = toJsonable(await client.confirm_registration(receipt.listing_id, {
+      visibility: options.confirm_visibility ?? "public"
+    }));
     if (options.submit_review) {
       result.submit_review_skipped = true;
     }
@@ -8356,26 +8363,44 @@ async function runCli(argv, deps = {}) {
     }
     if (report.runtime_validation_path) emit(stdout, `runtime_validation_path: ${String(report.runtime_validation_path)}`);
   });
-  program.command("register").option("--confirm", "explicitly confirm the registration; this is the default unless --draft-only is set", false).option("--draft-only", "create or refresh the draft without confirming publication", false).option("--submit-review", "legacy alias: publish immediately if your environment still routes through submit-review", false).option("--json", "emit machine-readable JSON", false).argument("[path]", ".", "project path").action(async (path, options) => {
+  program.command("register").option("--confirm", "explicitly confirm the registration; this is the default unless --draft-only is set", false).option("--private-confirm", "confirm the registration for private production testing without publishing it", false).option("--draft-only", "create or refresh the draft without confirming publication", false).option("--submit-review", "legacy alias: publish immediately if your environment still routes through submit-review", false).option("--json", "emit machine-readable JSON", false).argument("[path]", ".", "project path").action(async (path, options) => {
     const draftOnly = Boolean(options.draftOnly);
+    const privateConfirm = Boolean(options.privateConfirm);
     if (draftOnly && options.confirm) {
       throw new SiglumeProjectError("--draft-only cannot be combined with --confirm.");
     }
+    if (draftOnly && privateConfirm) {
+      throw new SiglumeProjectError("--draft-only cannot be combined with --private-confirm.");
+    }
+    if (options.confirm && privateConfirm) {
+      throw new SiglumeProjectError("--confirm cannot be combined with --private-confirm.");
+    }
     if (draftOnly && options.submitReview) {
       throw new SiglumeProjectError("--draft-only cannot be combined with --submit-review.");
     }
-    const shouldConfirm = Boolean(options.confirm) || !draftOnly && !options.submitReview;
+    if (privateConfirm && options.submitReview) {
+      throw new SiglumeProjectError("--private-confirm cannot be combined with --submit-review.");
+    }
+    const shouldConfirm = Boolean(options.confirm) || privateConfirm || !draftOnly && !options.submitReview;
     const report = await runRegistration(path, {
       confirm: shouldConfirm,
+      confirm_visibility: privateConfirm ? "private" : "public",
       draft_only: draftOnly,
       submit_review: options.submitReview
     }, deps);
+    if (privateConfirm && report.confirmation && !report.confirmation.visibility) {
+      report.confirmation.visibility = "private";
+    }
     if (options.json) {
       emit(stdout, renderJson(report));
     } else {
       const receipt = report.receipt;
-      const published = Boolean(report.confirmation || report.review);
-      if (published && receipt.registration_mode === "upgrade") {
+      const confirmationSummary = report.confirmation;
+      const privatelyConfirmed = confirmationSummary?.visibility === "private";
+      const published = !privatelyConfirmed && Boolean(report.confirmation || report.review);
+      if (privatelyConfirmed) {
+        emit(stdout, "Registration privately confirmed.");
+      } else if (published && receipt.registration_mode === "upgrade") {
         emit(stdout, "Upgrade registered.");
       } else if (published) {
         emit(stdout, "Registration accepted.");
@@ -8394,8 +8419,9 @@ async function runCli(argv, deps = {}) {
       if (receipt.request_id) emit(stdout, `request_id: ${receipt.request_id}`);
       if (report.confirmation) {
         const confirmation = report.confirmation;
-        emit(stdout, "Listing published.");
+        emit(stdout, confirmation.visibility === "private" ? "Listing confirmed privately for production testing." : "Listing published.");
         if (confirmation.status) emit(stdout, `confirmation_status: ${confirmation.status}`);
+        if (confirmation.visibility) emit(stdout, `confirmation_visibility: ${confirmation.visibility}`);
         if (confirmation.release?.release_status) emit(stdout, `release_status: ${confirmation.release.release_status}`);
       } else if (report.review) {
         const review = report.review;