@smplkit/sdk 3.0.14 → 3.0.17

package/dist/index.d.cts

@@ -18,6 +18,7 @@ interface AuditEvent {
     snapshot: Record<string, unknown> | null;
     data: Record<string, unknown>;
     idempotencyKey: string;
+    doNotForward: boolean;
 }
 interface CreateEventInput {
     action: string;
@@ -29,6 +30,13 @@ interface CreateEventInput {
     data?: Record<string, unknown>;
     /** Optional caller-supplied idempotency key. Server derives one from event content if absent. */
     idempotencyKey?: string;
+    /**
+     * When true, the audit service records the event normally but does NOT POST
+     * it through any configured SIEM forwarder. A `skipped_do_not_forward`
+     * delivery row is recorded for each enabled forwarder so the skip is
+     * visible in the forwarder delivery log.
+     */
+    doNotForward?: boolean;
 }
 interface ListEventsParams {
     action?: string;
@@ -46,6 +54,105 @@ interface ListEventsPage {
     /** Opaque cursor for the next page, or null if this is the last page. */
     nextCursor: string | null;
 }
+interface HttpHeader {
+    name: string;
+    value: string;
+}
+interface ForwarderHttp {
+    method: string;
+    url: string;
+    headers: HttpHeader[];
+    body: string | null;
+    /**
+     * 3-character string: an exact HTTP code (e.g. `"200"`, `"204"`) or a
+     * class (`"2xx"`, `"3xx"`, `"4xx"`, `"5xx"`).
+     */
+    successStatus: string;
+}
+interface Forwarder {
+    id: string;
+    name: string;
+    slug: string;
+    forwarderType: string;
+    enabled: boolean;
+    filter: Record<string, unknown> | null;
+    transform: string | null;
+    /** Header values are returned redacted on reads. */
+    http: ForwarderHttp;
+    data: Record<string, unknown>;
+    createdAt: string | null;
+    updatedAt: string | null;
+    deletedAt: string | null;
+    version: number | null;
+}
+interface CreateForwarderInput {
+    name: string;
+    forwarderType: string;
+    http: ForwarderHttp;
+    enabled?: boolean;
+    filter?: Record<string, unknown>;
+    transform?: string;
+    data?: Record<string, unknown>;
+}
+interface UpdateForwarderInput extends CreateForwarderInput {
+}
+interface ListForwardersParams {
+    forwarderType?: string;
+    enabled?: boolean;
+    pageSize?: number;
+    pageAfter?: string;
+}
+interface ListForwardersPage {
+    forwarders: Forwarder[];
+    nextCursor: string | null;
+}
+type ForwarderDeliveryStatus = "succeeded" | "failed" | "filtered_out" | "skipped_do_not_forward";
+interface ForwarderDelivery {
+    id: string;
+    forwarderId: string;
+    eventId: string;
+    attemptNumber: number;
+    status: ForwarderDeliveryStatus;
+    request: Record<string, unknown> | null;
+    responseStatus: number | null;
+    responseBody: string | null;
+    latencyMs: number | null;
+    error: string | null;
+    createdAt: string | null;
+}
+interface ListDeliveriesParams {
+    status?: ForwarderDeliveryStatus;
+    /** Range notation per ADR-014, e.g. `[2026-01-01T00:00:00Z,*)`. */
+    createdAtRange?: string;
+    pageSize?: number;
+    pageAfter?: string;
+}
+interface ListDeliveriesPage {
+    deliveries: ForwarderDelivery[];
+    nextCursor: string | null;
+}
+interface RetryFailedDeliveriesSummary {
+    attempted: number;
+    succeeded: number;
+    failed: number;
+}
+interface TestForwarderRequest {
+    url: string;
+    method?: string;
+    headers?: HttpHeader[];
+    body?: string | null;
+    successStatus?: string;
+    /** Capped at 30s server-side. */
+    timeoutMs?: number;
+}
+interface TestForwarderResult {
+    succeeded: boolean;
+    responseStatus: number | null;
+    responseHeaders: Record<string, string>;
+    responseBody: string;
+    latencyMs: number | null;
+    error: string | null;
+}
 
 /**
  * Audit namespace — `client.audit.events.{record,list,get}`.
@@ -71,6 +178,7 @@ declare class EventsClient {
         baseUrl: string;
         timeoutMs?: number;
         fetch?: typeof fetch;
+        extraHeaders?: Record<string, string>;
     });
     /**
      * Enqueue an audit event for asynchronous delivery.
@@ -88,13 +196,62 @@ declare class EventsClient {
     /** @internal */
     _close(): Promise<void>;
 }
+declare class DeliveryActionsClient {
+    private readonly _http;
+    constructor(_http: AuditHttp);
+    /** Retry a single failed delivery. Records a new attempt row with
+     *  attempt_number = prior + 1; the prior row is unchanged. */
+    retry(forwarderId: string, deliveryId: string): Promise<ForwarderDelivery>;
+}
+declare class DeliveriesClient {
+    private readonly _http;
+    readonly actions: DeliveryActionsClient;
+    constructor(_http: AuditHttp);
+    list(forwarderId: string, params?: ListDeliveriesParams): Promise<ListDeliveriesPage>;
+}
+declare class ForwarderActionsClient {
+    private readonly _http;
+    constructor(_http: AuditHttp);
+    /** Retry every failed delivery for a forwarder. Returns a count summary. */
+    retryFailedDeliveries(forwarderId: string): Promise<RetryFailedDeliveriesSummary>;
+}
+declare class ForwardersClient {
+    private readonly _http;
+    readonly deliveries: DeliveriesClient;
+    readonly actions: ForwarderActionsClient;
+    constructor(_http: AuditHttp);
+    create(input: CreateForwarderInput): Promise<Forwarder>;
+    list(params?: ListForwardersParams): Promise<ListForwardersPage>;
+    get(forwarderId: string): Promise<Forwarder>;
+    update(forwarderId: string, input: UpdateForwarderInput): Promise<Forwarder>;
+    delete(forwarderId: string): Promise<void>;
+}
+declare class TestForwarderActionsClient {
+    private readonly _http;
+    constructor(_http: AuditHttp);
+    /** Server-side proxy to a customer-supplied URL. SSRF-guarded; the
+     *  audit service rejects private/loopback/link-local addresses (incl.
+     *  the EC2 IMDS at 169.254.169.254) and ports outside the allowlist. */
+    execute(input: TestForwarderRequest): Promise<TestForwarderResult>;
+}
+declare class TestForwarderClient {
+    readonly actions: TestForwarderActionsClient;
+    constructor(http: AuditHttp);
+}
+declare class FunctionsClient {
+    readonly test_forwarder: TestForwarderClient;
+    constructor(http: AuditHttp);
+}
 declare class AuditClient {
     readonly events: EventsClient;
+    readonly forwarders: ForwardersClient;
+    readonly functions: FunctionsClient;
     constructor(opts: {
         apiKey: string;
         baseUrl: string;
         timeoutMs?: number;
         fetch?: typeof fetch;
+        extraHeaders?: Record<string, string>;
     });
     /** @internal */
     _close(): Promise<void>;
@@ -1623,7 +1780,7 @@ declare class FlagsClient {
         readonly _metrics: MetricsReporter | null;
     } | null;
     /** @internal */
-    constructor(apiKey: string, ensureWs: () => SharedWebSocket, timeout?: number, flagsBaseUrl?: string, appBaseUrl?: string, contextBuffer?: ContextRegistrationBuffer);
+    constructor(apiKey: string, ensureWs: () => SharedWebSocket, timeout?: number, flagsBaseUrl?: string, appBaseUrl?: string, contextBuffer?: ContextRegistrationBuffer, extraHeaders?: Record<string, string>);
     /** Declare a boolean flag handle for runtime evaluation. */
     booleanFlag(id: string, defaultValue: boolean): BooleanFlag;
     /** Declare a string flag handle for runtime evaluation. */
@@ -2532,7 +2689,7 @@ declare class ConfigClient {
     private _initialized;
     private _listeners;
     /** @internal */
-    constructor(apiKey: string, timeout?: number, baseUrl?: string);
+    constructor(apiKey: string, timeout?: number, baseUrl?: string, extraHeaders?: Record<string, string>);
     /**
      * Return a live, dict-like view of the resolved values for *id*.
      *
@@ -2656,7 +2813,7 @@ declare class LoggingClient {
     private _loggerStore;
     private _groupStore;
     /** @internal */
-    constructor(apiKey: string, ensureWs: () => SharedWebSocket, timeout?: number, baseUrl?: string);
+    constructor(apiKey: string, ensureWs: () => SharedWebSocket, timeout?: number, baseUrl?: string, extraHeaders?: Record<string, string>);
     /**
      * Register a logging framework adapter.
      *
@@ -2818,6 +2975,14 @@ interface SmplClientOptions {
      * falling back to `false`.
      */
     debug?: boolean;
+    /**
+     * Additional HTTP headers to include on every request made by this client
+     * and all sub-clients (audit, config, flags, logging).
+     *
+     * SDK-owned headers (`Authorization`, `Accept`) take precedence over any
+     * key supplied here — callers cannot override them.
+     */
+    extraHeaders?: Record<string, string>;
 }
 /**
  * Entry point for the smplkit TypeScript SDK.

package/dist/index.d.ts

@@ -18,6 +18,7 @@ interface AuditEvent {
     snapshot: Record<string, unknown> | null;
     data: Record<string, unknown>;
     idempotencyKey: string;
+    doNotForward: boolean;
 }
 interface CreateEventInput {
     action: string;
@@ -29,6 +30,13 @@ interface CreateEventInput {
     data?: Record<string, unknown>;
     /** Optional caller-supplied idempotency key. Server derives one from event content if absent. */
     idempotencyKey?: string;
+    /**
+     * When true, the audit service records the event normally but does NOT POST
+     * it through any configured SIEM forwarder. A `skipped_do_not_forward`
+     * delivery row is recorded for each enabled forwarder so the skip is
+     * visible in the forwarder delivery log.
+     */
+    doNotForward?: boolean;
 }
 interface ListEventsParams {
     action?: string;
@@ -46,6 +54,105 @@ interface ListEventsPage {
     /** Opaque cursor for the next page, or null if this is the last page. */
     nextCursor: string | null;
 }
+interface HttpHeader {
+    name: string;
+    value: string;
+}
+interface ForwarderHttp {
+    method: string;
+    url: string;
+    headers: HttpHeader[];
+    body: string | null;
+    /**
+     * 3-character string: an exact HTTP code (e.g. `"200"`, `"204"`) or a
+     * class (`"2xx"`, `"3xx"`, `"4xx"`, `"5xx"`).
+     */
+    successStatus: string;
+}
+interface Forwarder {
+    id: string;
+    name: string;
+    slug: string;
+    forwarderType: string;
+    enabled: boolean;
+    filter: Record<string, unknown> | null;
+    transform: string | null;
+    /** Header values are returned redacted on reads. */
+    http: ForwarderHttp;
+    data: Record<string, unknown>;
+    createdAt: string | null;
+    updatedAt: string | null;
+    deletedAt: string | null;
+    version: number | null;
+}
+interface CreateForwarderInput {
+    name: string;
+    forwarderType: string;
+    http: ForwarderHttp;
+    enabled?: boolean;
+    filter?: Record<string, unknown>;
+    transform?: string;
+    data?: Record<string, unknown>;
+}
+interface UpdateForwarderInput extends CreateForwarderInput {
+}
+interface ListForwardersParams {
+    forwarderType?: string;
+    enabled?: boolean;
+    pageSize?: number;
+    pageAfter?: string;
+}
+interface ListForwardersPage {
+    forwarders: Forwarder[];
+    nextCursor: string | null;
+}
+type ForwarderDeliveryStatus = "succeeded" | "failed" | "filtered_out" | "skipped_do_not_forward";
+interface ForwarderDelivery {
+    id: string;
+    forwarderId: string;
+    eventId: string;
+    attemptNumber: number;
+    status: ForwarderDeliveryStatus;
+    request: Record<string, unknown> | null;
+    responseStatus: number | null;
+    responseBody: string | null;
+    latencyMs: number | null;
+    error: string | null;
+    createdAt: string | null;
+}
+interface ListDeliveriesParams {
+    status?: ForwarderDeliveryStatus;
+    /** Range notation per ADR-014, e.g. `[2026-01-01T00:00:00Z,*)`. */
+    createdAtRange?: string;
+    pageSize?: number;
+    pageAfter?: string;
+}
+interface ListDeliveriesPage {
+    deliveries: ForwarderDelivery[];
+    nextCursor: string | null;
+}
+interface RetryFailedDeliveriesSummary {
+    attempted: number;
+    succeeded: number;
+    failed: number;
+}
+interface TestForwarderRequest {
+    url: string;
+    method?: string;
+    headers?: HttpHeader[];
+    body?: string | null;
+    successStatus?: string;
+    /** Capped at 30s server-side. */
+    timeoutMs?: number;
+}
+interface TestForwarderResult {
+    succeeded: boolean;
+    responseStatus: number | null;
+    responseHeaders: Record<string, string>;
+    responseBody: string;
+    latencyMs: number | null;
+    error: string | null;
+}
 
 /**
  * Audit namespace — `client.audit.events.{record,list,get}`.
@@ -71,6 +178,7 @@ declare class EventsClient {
         baseUrl: string;
         timeoutMs?: number;
         fetch?: typeof fetch;
+        extraHeaders?: Record<string, string>;
     });
     /**
      * Enqueue an audit event for asynchronous delivery.
@@ -88,13 +196,62 @@ declare class EventsClient {
     /** @internal */
     _close(): Promise<void>;
 }
+declare class DeliveryActionsClient {
+    private readonly _http;
+    constructor(_http: AuditHttp);
+    /** Retry a single failed delivery. Records a new attempt row with
+     *  attempt_number = prior + 1; the prior row is unchanged. */
+    retry(forwarderId: string, deliveryId: string): Promise<ForwarderDelivery>;
+}
+declare class DeliveriesClient {
+    private readonly _http;
+    readonly actions: DeliveryActionsClient;
+    constructor(_http: AuditHttp);
+    list(forwarderId: string, params?: ListDeliveriesParams): Promise<ListDeliveriesPage>;
+}
+declare class ForwarderActionsClient {
+    private readonly _http;
+    constructor(_http: AuditHttp);
+    /** Retry every failed delivery for a forwarder. Returns a count summary. */
+    retryFailedDeliveries(forwarderId: string): Promise<RetryFailedDeliveriesSummary>;
+}
+declare class ForwardersClient {
+    private readonly _http;
+    readonly deliveries: DeliveriesClient;
+    readonly actions: ForwarderActionsClient;
+    constructor(_http: AuditHttp);
+    create(input: CreateForwarderInput): Promise<Forwarder>;
+    list(params?: ListForwardersParams): Promise<ListForwardersPage>;
+    get(forwarderId: string): Promise<Forwarder>;
+    update(forwarderId: string, input: UpdateForwarderInput): Promise<Forwarder>;
+    delete(forwarderId: string): Promise<void>;
+}
+declare class TestForwarderActionsClient {
+    private readonly _http;
+    constructor(_http: AuditHttp);
+    /** Server-side proxy to a customer-supplied URL. SSRF-guarded; the
+     *  audit service rejects private/loopback/link-local addresses (incl.
+     *  the EC2 IMDS at 169.254.169.254) and ports outside the allowlist. */
+    execute(input: TestForwarderRequest): Promise<TestForwarderResult>;
+}
+declare class TestForwarderClient {
+    readonly actions: TestForwarderActionsClient;
+    constructor(http: AuditHttp);
+}
+declare class FunctionsClient {
+    readonly test_forwarder: TestForwarderClient;
+    constructor(http: AuditHttp);
+}
 declare class AuditClient {
     readonly events: EventsClient;
+    readonly forwarders: ForwardersClient;
+    readonly functions: FunctionsClient;
     constructor(opts: {
         apiKey: string;
         baseUrl: string;
         timeoutMs?: number;
         fetch?: typeof fetch;
+        extraHeaders?: Record<string, string>;
     });
     /** @internal */
     _close(): Promise<void>;
@@ -1623,7 +1780,7 @@ declare class FlagsClient {
         readonly _metrics: MetricsReporter | null;
     } | null;
     /** @internal */
-    constructor(apiKey: string, ensureWs: () => SharedWebSocket, timeout?: number, flagsBaseUrl?: string, appBaseUrl?: string, contextBuffer?: ContextRegistrationBuffer);
+    constructor(apiKey: string, ensureWs: () => SharedWebSocket, timeout?: number, flagsBaseUrl?: string, appBaseUrl?: string, contextBuffer?: ContextRegistrationBuffer, extraHeaders?: Record<string, string>);
     /** Declare a boolean flag handle for runtime evaluation. */
     booleanFlag(id: string, defaultValue: boolean): BooleanFlag;
     /** Declare a string flag handle for runtime evaluation. */
@@ -2532,7 +2689,7 @@ declare class ConfigClient {
     private _initialized;
     private _listeners;
     /** @internal */
-    constructor(apiKey: string, timeout?: number, baseUrl?: string);
+    constructor(apiKey: string, timeout?: number, baseUrl?: string, extraHeaders?: Record<string, string>);
     /**
      * Return a live, dict-like view of the resolved values for *id*.
      *
@@ -2656,7 +2813,7 @@ declare class LoggingClient {
     private _loggerStore;
     private _groupStore;
     /** @internal */
-    constructor(apiKey: string, ensureWs: () => SharedWebSocket, timeout?: number, baseUrl?: string);
+    constructor(apiKey: string, ensureWs: () => SharedWebSocket, timeout?: number, baseUrl?: string, extraHeaders?: Record<string, string>);
     /**
      * Register a logging framework adapter.
      *
@@ -2818,6 +2975,14 @@ interface SmplClientOptions {
      * falling back to `false`.
      */
     debug?: boolean;
+    /**
+     * Additional HTTP headers to include on every request made by this client
+     * and all sub-clients (audit, config, flags, logging).
+     *
+     * SDK-owned headers (`Authorization`, `Accept`) take precedence over any
+     * key supplied here — callers cannot override them.
+     */
+    extraHeaders?: Record<string, string>;
 }
 /**
  * Entry point for the smplkit TypeScript SDK.