@sparkvault/sdk 1.24.0 → 1.24.2

package/dist/config.d.ts

@@ -4,6 +4,16 @@
 export interface SparkVaultConfig {
     /** Account ID for Identity operations */
     accountId: string;
+    /** Core API origin. Defaults to https://api.sparkvault.com. A trailing /v1 is accepted and normalized. */
+    apiBaseUrl?: string;
+    /** Identity App API base URL. Defaults to https://api.sparkvault.com/v1/apps/identity. */
+    identityBaseUrl?: string;
+    /** Static SparkVault Core access token for authenticated API calls. */
+    accessToken?: string;
+    /** Dynamic SparkVault Core access token provider for authenticated API calls. */
+    getAccessToken?: () => string | null | Promise<string | null>;
+    /** Optional API key for server-side SDK use. */
+    apiKey?: string;
     /** Request timeout in milliseconds (default: 30000) */
     timeout?: number;
     /**
@@ -15,14 +25,23 @@ export interface SparkVaultConfig {
     preloadConfig?: boolean;
     /** Enable backdrop blur on dialogs (default: true) */
     backdropBlur?: boolean;
+    /**
+     * Optional host allowlist for backend-issued ingot download URLs.
+     * When omitted, the SDK preserves the existing HTTPS-only validation behavior.
+     */
+    allowedDownloadHostPatterns?: RegExp[];
 }
 export interface ResolvedConfig {
     accountId: string;
     timeout: number;
     apiBaseUrl: string;
     identityBaseUrl: string;
+    accessToken?: string;
+    getAccessToken?: () => string | null | Promise<string | null>;
+    apiKey?: string;
     preloadConfig: boolean;
     backdropBlur: boolean;
+    allowedDownloadHostPatterns?: RegExp[];
 }
 export declare function resolveConfig(config: SparkVaultConfig): ResolvedConfig;
 export declare function validateConfig(config: SparkVaultConfig): void;

package/dist/health.d.ts

@@ -0,0 +1,18 @@
+import type { ResolvedConfig } from './config';
+export interface HealthCheckOptions {
+    timeout?: number;
+}
+export interface HealthCheckResult {
+    online: boolean;
+    status: string;
+    httpStatus?: number;
+    checkedAt: number;
+    error?: string;
+}
+export declare class HealthModule {
+    private readonly config;
+    constructor(config: ResolvedConfig);
+    check(options?: HealthCheckOptions): Promise<HealthCheckResult>;
+    isOnline(options?: HealthCheckOptions): Promise<boolean>;
+    private readStatus;
+}

package/dist/http.d.ts

@@ -19,6 +19,8 @@ export interface ApiResponse<T = unknown> {
 export declare class HttpClient {
     private readonly config;
     constructor(config: ResolvedConfig);
+    private getDefaultHeaders;
+    private getAccessToken;
     request<T = unknown>(path: string, options?: RequestOptions): Promise<ApiResponse<T>>;
     /**
      * Execute the actual HTTP request (internal implementation)
@@ -31,6 +33,7 @@ export declare class HttpClient {
     private isRetryableError;
     private parseResponse;
     private createErrorFromResponse;
+    private unwrapApiResponse;
     get<T = unknown>(path: string, options?: Omit<RequestOptions, 'method' | 'body'>): Promise<ApiResponse<T>>;
     post<T = unknown>(path: string, body?: unknown, options?: Omit<RequestOptions, 'method'>): Promise<ApiResponse<T>>;
     put<T = unknown>(path: string, body?: unknown, options?: Omit<RequestOptions, 'method'>): Promise<ApiResponse<T>>;

package/dist/identity/api.d.ts

@@ -35,13 +35,18 @@ export declare class IdentityApi extends SparkVaultApi {
      */
     isConfigPreloaded(): boolean;
     /**
-     * Check if an email has registered passkeys and validate email domain
+     * Check if an identity (email or phone) has registered passkeys.
      *
      * Returns:
-     * - email_valid: whether the email domain has valid MX records
-     * - has_passkey: whether any passkeys are registered (only meaningful if email_valid)
+     * - identity_valid: identity passes per-type validity check
+     *   (email: MX lookup; phone: E.164 format)
+     * - has_passkey: whether any passkeys are registered for this identity
+     *   (cross-tenant — single global RP)
+     * - email_valid: legacy alias for identity_valid, present for backward
+     *   compatibility with older SDK versions
      */
-    checkPasskey(email: string): Promise<{
+    checkPasskey(identity: string, identityType?: 'email' | 'phone'): Promise<{
+        identity_valid: boolean;
         email_valid: boolean;
         has_passkey: boolean;
     }>;
@@ -68,9 +73,9 @@ export declare class IdentityApi extends SparkVaultApi {
         authContext?: AuthContext;
     }): Promise<TotpVerifyResponse>;
     /**
-     * Start passkey registration
+     * Start passkey registration for an identity (email or phone).
      */
-    startPasskeyRegister(email: string): Promise<PasskeyChallengeResponse>;
+    startPasskeyRegister(identity: string, identityType?: 'email' | 'phone'): Promise<PasskeyChallengeResponse>;
     /**
      * Complete passkey registration
      */
@@ -79,9 +84,9 @@ export declare class IdentityApi extends SparkVaultApi {
         credential: PublicKeyCredential;
     }): Promise<PasskeyVerifyResponse>;
     /**
-     * Start passkey verification
+     * Start passkey verification for an identity (email or phone).
      */
-    startPasskeyVerify(email: string, authContext?: AuthContext): Promise<PasskeyChallengeResponse>;
+    startPasskeyVerify(identity: string, identityType?: 'email' | 'phone', authContext?: AuthContext): Promise<PasskeyChallengeResponse>;
     /**
      * Complete passkey verification
      */

package/dist/index.d.ts

@@ -4,6 +4,16 @@
 interface SparkVaultConfig {
     /** Account ID for Identity operations */
     accountId: string;
+    /** Core API origin. Defaults to https://api.sparkvault.com. A trailing /v1 is accepted and normalized. */
+    apiBaseUrl?: string;
+    /** Identity App API base URL. Defaults to https://api.sparkvault.com/v1/apps/identity. */
+    identityBaseUrl?: string;
+    /** Static SparkVault Core access token for authenticated API calls. */
+    accessToken?: string;
+    /** Dynamic SparkVault Core access token provider for authenticated API calls. */
+    getAccessToken?: () => string | null | Promise<string | null>;
+    /** Optional API key for server-side SDK use. */
+    apiKey?: string;
     /** Request timeout in milliseconds (default: 30000) */
     timeout?: number;
     /**
@@ -15,14 +25,41 @@ interface SparkVaultConfig {
     preloadConfig?: boolean;
     /** Enable backdrop blur on dialogs (default: true) */
     backdropBlur?: boolean;
+    /**
+     * Optional host allowlist for backend-issued ingot download URLs.
+     * When omitted, the SDK preserves the existing HTTPS-only validation behavior.
+     */
+    allowedDownloadHostPatterns?: RegExp[];
 }
 interface ResolvedConfig {
     accountId: string;
     timeout: number;
     apiBaseUrl: string;
     identityBaseUrl: string;
+    accessToken?: string;
+    getAccessToken?: () => string | null | Promise<string | null>;
+    apiKey?: string;
     preloadConfig: boolean;
     backdropBlur: boolean;
+    allowedDownloadHostPatterns?: RegExp[];
+}
+
+interface HealthCheckOptions {
+    timeout?: number;
+}
+interface HealthCheckResult {
+    online: boolean;
+    status: string;
+    httpStatus?: number;
+    checkedAt: number;
+    error?: string;
+}
+declare class HealthModule {
+    private readonly config;
+    constructor(config: ResolvedConfig);
+    check(options?: HealthCheckOptions): Promise<HealthCheckResult>;
+    isOnline(options?: HealthCheckOptions): Promise<boolean>;
+    private readStatus;
 }
 
 /**
@@ -272,6 +309,8 @@ interface ApiResponse<T = unknown> {
 declare class HttpClient {
     private readonly config;
     constructor(config: ResolvedConfig);
+    private getDefaultHeaders;
+    private getAccessToken;
     request<T = unknown>(path: string, options?: RequestOptions): Promise<ApiResponse<T>>;
     /**
      * Execute the actual HTTP request (internal implementation)
@@ -284,6 +323,7 @@ declare class HttpClient {
     private isRetryableError;
     private parseResponse;
     private createErrorFromResponse;
+    private unwrapApiResponse;
     get<T = unknown>(path: string, options?: Omit<RequestOptions, 'method' | 'body'>): Promise<ApiResponse<T>>;
     post<T = unknown>(path: string, body?: unknown, options?: Omit<RequestOptions, 'method'>): Promise<ApiResponse<T>>;
     put<T = unknown>(path: string, body?: unknown, options?: Omit<RequestOptions, 'method'>): Promise<ApiResponse<T>>;
@@ -324,16 +364,14 @@ interface Vault {
 interface UnsealedVault {
     /** Vault ID */
     id: string;
-    /** Vault name */
-    name: string;
-    /** Vault Access Token (short-lived session) */
+    /** Vault Access Token (short-lived session, required for all ingot operations) */
     vatToken: string;
+    /** VAT issued-at timestamp (Unix seconds) */
+    issuedAt: number;
     /** VAT expiry timestamp (Unix seconds) */
     expiresAt: number;
-    /** Number of ingots in vault */
-    ingotCount: number;
-    /** Total storage used in bytes */
-    storageBytes: number;
+    /** VAT lifetime in seconds */
+    ttlSeconds: number;
 }
 interface VaultSummary {
     /** Vault ID */
@@ -360,8 +398,18 @@ interface Ingot {
     size: number;
     /** Creation timestamp (Unix seconds) */
     createdAt: number;
-    /** Ingot type: 'standard' or 'structured' */
-    type: 'standard' | 'structured';
+}
+interface CreatedIngot {
+    /** Ingot ID */
+    id: string;
+    /** Ingot name */
+    name: string;
+    /** Content type (MIME) */
+    contentType: string;
+    /** Size in bytes */
+    size: number;
+    /** Forge upload session expiry (Unix seconds) */
+    uploadExpiresAt: number;
 }
 interface UploadIngotOptions {
     /** File to upload */
@@ -370,6 +418,8 @@ interface UploadIngotOptions {
     name?: string;
     /** Content type (auto-detected if not provided) */
     contentType?: string;
+    /** Progress callback for Forge/TUS upload */
+    onProgress?: (bytesUploaded: number, bytesTotal: number) => void;
 }
 
 /**
@@ -503,6 +553,7 @@ interface UploadCallable {
     close(): void;
 }
 declare class VaultsModule {
+    private readonly config;
     private readonly http;
     private readonly uploadModule;
     /**
@@ -562,7 +613,7 @@ declare class VaultsModule {
      *   name: 'document.pdf'
      * });
      */
-    uploadIngot(vault: UnsealedVault, options: UploadIngotOptions): Promise<Ingot>;
+    uploadIngot(vault: UnsealedVault, options: UploadIngotOptions): Promise<CreatedIngot>;
     /**
      * Download an ingot from an unsealed vault.
      *
@@ -588,6 +639,7 @@ declare class VaultsModule {
     deleteIngot(vault: UnsealedVault, ingotId: string): Promise<void>;
     private validateCreateOptions;
     private validateUploadOptions;
+    private validateDownloadUrl;
 }
 
 /**
@@ -667,6 +719,8 @@ declare class SparkVault {
     readonly identity: IdentityModule;
     /** Persistent encrypted storage module */
     readonly vaults: VaultsModule;
+    /** API availability checks */
+    readonly health: HealthModule;
     private readonly config;
     private constructor();
     /**
@@ -692,4 +746,4 @@ declare global {
 }
 
 export { AuthenticationError, AuthorizationError, NetworkError, PopupBlockedError, SparkVault, SparkVaultError, TimeoutError, UserCancelledError, ValidationError, SparkVault as default, logger, setDebugMode };
-export type { AuthMethod, CreateVaultOptions, AttachOptions as IdentityAttachOptions, Ingot, SparkVaultConfig, Theme, TokenClaims, UnsealedVault, UploadAttachOptions, UploadBranding, UploadIngotOptions, UploadOptions, UploadProgress, UploadResult, Vault, VaultSummary, VaultUploadConfig, VerifyOptions, VerifyResult };
+export type { AuthMethod, CreateVaultOptions, CreatedIngot, HealthCheckOptions, HealthCheckResult, AttachOptions as IdentityAttachOptions, Ingot, SparkVaultConfig, Theme, TokenClaims, UnsealedVault, UploadAttachOptions, UploadBranding, UploadIngotOptions, UploadOptions, UploadProgress, UploadResult, Vault, VaultSummary, VaultUploadConfig, VerifyOptions, VerifyResult };