@sparkvault/sdk 1.24.1 → 1.24.2

package/dist/config.d.ts

@@ -4,6 +4,16 @@
 export interface SparkVaultConfig {
     /** Account ID for Identity operations */
     accountId: string;
+    /** Core API origin. Defaults to https://api.sparkvault.com. A trailing /v1 is accepted and normalized. */
+    apiBaseUrl?: string;
+    /** Identity App API base URL. Defaults to https://api.sparkvault.com/v1/apps/identity. */
+    identityBaseUrl?: string;
+    /** Static SparkVault Core access token for authenticated API calls. */
+    accessToken?: string;
+    /** Dynamic SparkVault Core access token provider for authenticated API calls. */
+    getAccessToken?: () => string | null | Promise<string | null>;
+    /** Optional API key for server-side SDK use. */
+    apiKey?: string;
     /** Request timeout in milliseconds (default: 30000) */
     timeout?: number;
     /**
@@ -15,14 +25,23 @@ export interface SparkVaultConfig {
     preloadConfig?: boolean;
     /** Enable backdrop blur on dialogs (default: true) */
     backdropBlur?: boolean;
+    /**
+     * Optional host allowlist for backend-issued ingot download URLs.
+     * When omitted, the SDK preserves the existing HTTPS-only validation behavior.
+     */
+    allowedDownloadHostPatterns?: RegExp[];
 }
 export interface ResolvedConfig {
     accountId: string;
     timeout: number;
     apiBaseUrl: string;
     identityBaseUrl: string;
+    accessToken?: string;
+    getAccessToken?: () => string | null | Promise<string | null>;
+    apiKey?: string;
     preloadConfig: boolean;
     backdropBlur: boolean;
+    allowedDownloadHostPatterns?: RegExp[];
 }
 export declare function resolveConfig(config: SparkVaultConfig): ResolvedConfig;
 export declare function validateConfig(config: SparkVaultConfig): void;

package/dist/health.d.ts

@@ -0,0 +1,18 @@
+import type { ResolvedConfig } from './config';
+export interface HealthCheckOptions {
+    timeout?: number;
+}
+export interface HealthCheckResult {
+    online: boolean;
+    status: string;
+    httpStatus?: number;
+    checkedAt: number;
+    error?: string;
+}
+export declare class HealthModule {
+    private readonly config;
+    constructor(config: ResolvedConfig);
+    check(options?: HealthCheckOptions): Promise<HealthCheckResult>;
+    isOnline(options?: HealthCheckOptions): Promise<boolean>;
+    private readStatus;
+}

package/dist/http.d.ts

@@ -19,6 +19,8 @@ export interface ApiResponse<T = unknown> {
 export declare class HttpClient {
     private readonly config;
     constructor(config: ResolvedConfig);
+    private getDefaultHeaders;
+    private getAccessToken;
     request<T = unknown>(path: string, options?: RequestOptions): Promise<ApiResponse<T>>;
     /**
      * Execute the actual HTTP request (internal implementation)
@@ -31,6 +33,7 @@ export declare class HttpClient {
     private isRetryableError;
     private parseResponse;
     private createErrorFromResponse;
+    private unwrapApiResponse;
     get<T = unknown>(path: string, options?: Omit<RequestOptions, 'method' | 'body'>): Promise<ApiResponse<T>>;
     post<T = unknown>(path: string, body?: unknown, options?: Omit<RequestOptions, 'method'>): Promise<ApiResponse<T>>;
     put<T = unknown>(path: string, body?: unknown, options?: Omit<RequestOptions, 'method'>): Promise<ApiResponse<T>>;

package/dist/index.d.ts

@@ -4,6 +4,16 @@
 interface SparkVaultConfig {
     /** Account ID for Identity operations */
     accountId: string;
+    /** Core API origin. Defaults to https://api.sparkvault.com. A trailing /v1 is accepted and normalized. */
+    apiBaseUrl?: string;
+    /** Identity App API base URL. Defaults to https://api.sparkvault.com/v1/apps/identity. */
+    identityBaseUrl?: string;
+    /** Static SparkVault Core access token for authenticated API calls. */
+    accessToken?: string;
+    /** Dynamic SparkVault Core access token provider for authenticated API calls. */
+    getAccessToken?: () => string | null | Promise<string | null>;
+    /** Optional API key for server-side SDK use. */
+    apiKey?: string;
     /** Request timeout in milliseconds (default: 30000) */
     timeout?: number;
     /**
@@ -15,14 +25,41 @@ interface SparkVaultConfig {
     preloadConfig?: boolean;
     /** Enable backdrop blur on dialogs (default: true) */
     backdropBlur?: boolean;
+    /**
+     * Optional host allowlist for backend-issued ingot download URLs.
+     * When omitted, the SDK preserves the existing HTTPS-only validation behavior.
+     */
+    allowedDownloadHostPatterns?: RegExp[];
 }
 interface ResolvedConfig {
     accountId: string;
     timeout: number;
     apiBaseUrl: string;
     identityBaseUrl: string;
+    accessToken?: string;
+    getAccessToken?: () => string | null | Promise<string | null>;
+    apiKey?: string;
     preloadConfig: boolean;
     backdropBlur: boolean;
+    allowedDownloadHostPatterns?: RegExp[];
+}
+
+interface HealthCheckOptions {
+    timeout?: number;
+}
+interface HealthCheckResult {
+    online: boolean;
+    status: string;
+    httpStatus?: number;
+    checkedAt: number;
+    error?: string;
+}
+declare class HealthModule {
+    private readonly config;
+    constructor(config: ResolvedConfig);
+    check(options?: HealthCheckOptions): Promise<HealthCheckResult>;
+    isOnline(options?: HealthCheckOptions): Promise<boolean>;
+    private readStatus;
 }
 
 /**
@@ -272,6 +309,8 @@ interface ApiResponse<T = unknown> {
 declare class HttpClient {
     private readonly config;
     constructor(config: ResolvedConfig);
+    private getDefaultHeaders;
+    private getAccessToken;
     request<T = unknown>(path: string, options?: RequestOptions): Promise<ApiResponse<T>>;
     /**
      * Execute the actual HTTP request (internal implementation)
@@ -284,6 +323,7 @@ declare class HttpClient {
     private isRetryableError;
     private parseResponse;
     private createErrorFromResponse;
+    private unwrapApiResponse;
     get<T = unknown>(path: string, options?: Omit<RequestOptions, 'method' | 'body'>): Promise<ApiResponse<T>>;
     post<T = unknown>(path: string, body?: unknown, options?: Omit<RequestOptions, 'method'>): Promise<ApiResponse<T>>;
     put<T = unknown>(path: string, body?: unknown, options?: Omit<RequestOptions, 'method'>): Promise<ApiResponse<T>>;
@@ -324,16 +364,14 @@ interface Vault {
 interface UnsealedVault {
     /** Vault ID */
     id: string;
-    /** Vault name */
-    name: string;
-    /** Vault Access Token (short-lived session) */
+    /** Vault Access Token (short-lived session, required for all ingot operations) */
     vatToken: string;
+    /** VAT issued-at timestamp (Unix seconds) */
+    issuedAt: number;
     /** VAT expiry timestamp (Unix seconds) */
     expiresAt: number;
-    /** Number of ingots in vault */
-    ingotCount: number;
-    /** Total storage used in bytes */
-    storageBytes: number;
+    /** VAT lifetime in seconds */
+    ttlSeconds: number;
 }
 interface VaultSummary {
     /** Vault ID */
@@ -360,8 +398,18 @@ interface Ingot {
     size: number;
     /** Creation timestamp (Unix seconds) */
     createdAt: number;
-    /** Ingot type: 'standard' or 'structured' */
-    type: 'standard' | 'structured';
+}
+interface CreatedIngot {
+    /** Ingot ID */
+    id: string;
+    /** Ingot name */
+    name: string;
+    /** Content type (MIME) */
+    contentType: string;
+    /** Size in bytes */
+    size: number;
+    /** Forge upload session expiry (Unix seconds) */
+    uploadExpiresAt: number;
 }
 interface UploadIngotOptions {
     /** File to upload */
@@ -370,6 +418,8 @@ interface UploadIngotOptions {
     name?: string;
     /** Content type (auto-detected if not provided) */
     contentType?: string;
+    /** Progress callback for Forge/TUS upload */
+    onProgress?: (bytesUploaded: number, bytesTotal: number) => void;
 }
 
 /**
@@ -503,6 +553,7 @@ interface UploadCallable {
     close(): void;
 }
 declare class VaultsModule {
+    private readonly config;
     private readonly http;
     private readonly uploadModule;
     /**
@@ -562,7 +613,7 @@ declare class VaultsModule {
      *   name: 'document.pdf'
      * });
      */
-    uploadIngot(vault: UnsealedVault, options: UploadIngotOptions): Promise<Ingot>;
+    uploadIngot(vault: UnsealedVault, options: UploadIngotOptions): Promise<CreatedIngot>;
     /**
      * Download an ingot from an unsealed vault.
      *
@@ -588,6 +639,7 @@ declare class VaultsModule {
     deleteIngot(vault: UnsealedVault, ingotId: string): Promise<void>;
     private validateCreateOptions;
     private validateUploadOptions;
+    private validateDownloadUrl;
 }
 
 /**
@@ -667,6 +719,8 @@ declare class SparkVault {
     readonly identity: IdentityModule;
     /** Persistent encrypted storage module */
     readonly vaults: VaultsModule;
+    /** API availability checks */
+    readonly health: HealthModule;
     private readonly config;
     private constructor();
     /**
@@ -692,4 +746,4 @@ declare global {
 }
 
 export { AuthenticationError, AuthorizationError, NetworkError, PopupBlockedError, SparkVault, SparkVaultError, TimeoutError, UserCancelledError, ValidationError, SparkVault as default, logger, setDebugMode };
-export type { AuthMethod, CreateVaultOptions, AttachOptions as IdentityAttachOptions, Ingot, SparkVaultConfig, Theme, TokenClaims, UnsealedVault, UploadAttachOptions, UploadBranding, UploadIngotOptions, UploadOptions, UploadProgress, UploadResult, Vault, VaultSummary, VaultUploadConfig, VerifyOptions, VerifyResult };
+export type { AuthMethod, CreateVaultOptions, CreatedIngot, HealthCheckOptions, HealthCheckResult, AttachOptions as IdentityAttachOptions, Ingot, SparkVaultConfig, Theme, TokenClaims, UnsealedVault, UploadAttachOptions, UploadBranding, UploadIngotOptions, UploadOptions, UploadProgress, UploadResult, Vault, VaultSummary, VaultUploadConfig, VerifyOptions, VerifyResult };

package/dist/sparkvault.cjs.js

@@ -70,14 +70,25 @@ class PopupBlockedError extends SparkVaultError {
  */
 const API_URL = 'https://api.sparkvault.com';
 const IDENTITY_URL = 'https://api.sparkvault.com/v1/apps/identity';
+function normalizeApiBaseUrl(url) {
+    const trimmed = url.replace(/\/+$/, '');
+    return trimmed.endsWith('/v1') ? trimmed.slice(0, -3) : trimmed;
+}
+function normalizeBaseUrl(url) {
+    return url.replace(/\/+$/, '');
+}
 function resolveConfig(config) {
     return {
         accountId: config.accountId,
         timeout: config.timeout ?? 30000,
-        apiBaseUrl: API_URL,
-        identityBaseUrl: IDENTITY_URL,
+        apiBaseUrl: normalizeApiBaseUrl(config.apiBaseUrl ?? API_URL),
+        identityBaseUrl: normalizeBaseUrl(config.identityBaseUrl ?? IDENTITY_URL),
+        accessToken: config.accessToken,
+        getAccessToken: config.getAccessToken,
+        apiKey: config.apiKey,
         preloadConfig: config.preloadConfig !== false, // Default: true
         backdropBlur: config.backdropBlur !== false, // Default: true
+        allowedDownloadHostPatterns: config.allowedDownloadHostPatterns,
     };
 }
 function validateConfig(config) {
@@ -194,6 +205,31 @@ class HttpClient {
     constructor(config) {
         this.config = config;
     }
+    async getDefaultHeaders(headers, hasJsonBody) {
+        const requestHeaders = {
+            Accept: 'application/json',
+            ...headers,
+        };
+        if (hasJsonBody) {
+            requestHeaders['Content-Type'] = 'application/json';
+        }
+        if (!requestHeaders.Authorization) {
+            const token = await this.getAccessToken();
+            if (token) {
+                requestHeaders.Authorization = `Bearer ${token}`;
+            }
+        }
+        if (this.config.apiKey && !requestHeaders['X-API-Key']) {
+            requestHeaders['X-API-Key'] = this.config.apiKey;
+        }
+        return requestHeaders;
+    }
+    async getAccessToken() {
+        if (this.config.getAccessToken) {
+            return this.config.getAccessToken();
+        }
+        return this.config.accessToken ?? null;
+    }
     async request(path, options = {}) {
         const { retry } = options;
         // Per CLAUDE.md §7: Wrap with retry logic if enabled
@@ -213,11 +249,7 @@ class HttpClient {
     async executeRequest(path, options) {
         const { method = 'GET', headers = {}, body, timeout = this.config.timeout, } = options;
         const url = `${this.config.apiBaseUrl}${path}`;
-        const requestHeaders = {
-            'Content-Type': 'application/json',
-            Accept: 'application/json',
-            ...headers,
-        };
+        const requestHeaders = await this.getDefaultHeaders(headers, body !== undefined);
         const controller = new AbortController();
         const timeoutId = setTimeout(() => controller.abort(), timeout);
         try {
@@ -228,12 +260,12 @@ class HttpClient {
                 signal: controller.signal,
             });
             clearTimeout(timeoutId);
-            const data = await this.parseResponse(response);
+            const parsed = await this.parseResponse(response);
             if (!response.ok) {
-                throw this.createErrorFromResponse(response.status, data);
+                throw this.createErrorFromResponse(response.status, parsed);
             }
             return {
-                data,
+                data: this.unwrapApiResponse(parsed),
                 status: response.status,
                 headers: response.headers,
             };
@@ -287,13 +319,23 @@ class HttpClient {
         // Safely extract error fields with runtime type checking
         const errorData = typeof data === 'object' && data !== null ? data : {};
         const record = errorData;
-        const message = (typeof record.message === 'string' ? record.message : null) ??
+        const nestedError = typeof record.error === 'object' && record.error !== null
+            ? record.error
+            : null;
+        const message = (typeof nestedError?.message === 'string' ? nestedError.message : null) ??
+            (typeof record.message === 'string' ? record.message : null) ??
             (typeof record.error === 'string' ? record.error : null) ??
             'Request failed';
-        const code = typeof record.code === 'string' ? record.code : 'api_error';
-        const details = typeof record.details === 'object' && record.details !== null
+        const code = (typeof nestedError?.code === 'string' ? nestedError.code : null) ??
+            (typeof record.code === 'string' ? record.code : null) ??
+            'api_error';
+        const nestedDetails = typeof nestedError?.details === 'object' && nestedError.details !== null
+            ? nestedError.details
+            : undefined;
+        const topLevelDetails = typeof record.details === 'object' && record.details !== null
             ? record.details
             : undefined;
+        const details = nestedDetails ?? topLevelDetails;
         switch (status) {
             case 400:
                 return new ValidationError(message, details);
@@ -305,6 +347,15 @@ class HttpClient {
                 return new SparkVaultError(message, code, status, details);
         }
     }
+    unwrapApiResponse(data) {
+        if (typeof data === 'object' && data !== null) {
+            const record = data;
+            if ('data' in record && ('meta' in record || 'error' in record)) {
+                return record.data;
+            }
+        }
+        return data;
+    }
     get(path, options) {
         return this.request(path, { ...options, method: 'GET' });
     }
@@ -342,10 +393,7 @@ class HttpClient {
     async executeRequestRaw(path, options) {
         const { method = 'GET', headers = {}, body, timeout = this.config.timeout, } = options;
         const url = `${this.config.apiBaseUrl}${path}`;
-        const requestHeaders = {
-            'Content-Type': 'application/json',
-            ...headers,
-        };
+        const requestHeaders = await this.getDefaultHeaders(headers, body !== undefined);
         const controller = new AbortController();
         const timeoutId = setTimeout(() => controller.abort(), timeout);
         try {
@@ -379,6 +427,63 @@ class HttpClient {
     }
 }
 
+class HealthModule {
+    constructor(config) {
+        this.config = config;
+    }
+    async check(options = {}) {
+        const checkedAt = Math.floor(Date.now() / 1000);
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), options.timeout ?? this.config.timeout);
+        try {
+            const response = await fetch(`${this.config.apiBaseUrl}/health`, {
+                method: 'GET',
+                headers: { Accept: 'application/json' },
+                signal: controller.signal,
+            });
+            return {
+                online: response.ok,
+                status: response.ok ? await this.readStatus(response) : 'unhealthy',
+                httpStatus: response.status,
+                checkedAt,
+            };
+        }
+        catch (err) {
+            return {
+                online: false,
+                status: 'unreachable',
+                checkedAt,
+                error: err instanceof Error ? err.message : String(err),
+            };
+        }
+        finally {
+            clearTimeout(timeoutId);
+        }
+    }
+    async isOnline(options = {}) {
+        const result = await this.check(options);
+        return result.online;
+    }
+    async readStatus(response) {
+        try {
+            const body = await response.json();
+            const data = typeof body === 'object' && body !== null && 'data' in body
+                ? body.data
+                : body;
+            if (typeof data === 'object' && data !== null) {
+                const status = data.status;
+                if (typeof status === 'string' && status) {
+                    return status;
+                }
+            }
+        }
+        catch {
+            return response.ok ? 'healthy' : 'unhealthy';
+        }
+        return response.ok ? 'healthy' : 'unhealthy';
+    }
+}
+
 /**
  * SparkVault API Base
  *
@@ -9553,6 +9658,7 @@ class VaultUploadModule {
  */
 class VaultsModule {
     constructor(config, http) {
+        this.config = config;
         this.http = http;
         this.uploadModule = new VaultUploadModule(config);
         // Create callable that also has attach/close methods
@@ -9600,13 +9706,15 @@ class VaultsModule {
         }
         const cleanId = vaultId.startsWith('vlt_') ? vaultId : `vlt_${vaultId}`;
         const response = await this.http.post(`/v1/vaults/${cleanId}/unseal`, { vmk });
+        if (!response.data.vat) {
+            throw new ValidationError('Unseal response did not include a vault access token');
+        }
         return {
             id: response.data.vault_id,
-            name: response.data.name,
-            vatToken: response.data.vat_token,
+            vatToken: response.data.vat,
+            issuedAt: response.data.issued_at,
             expiresAt: response.data.expires_at,
-            ingotCount: response.data.ingot_count,
-            storageBytes: response.data.storage_bytes,
+            ttlSeconds: response.data.ttl_seconds,
         };
     }
     /**
@@ -9651,22 +9759,26 @@ class VaultsModule {
      */
     async uploadIngot(vault, options) {
         this.validateUploadOptions(options);
-        const name = options.name ?? (options.file instanceof File ? options.file.name : 'unnamed');
-        const contentType = options.contentType ?? options.file.type ?? 'application/octet-stream';
+        const requestedName = options.name ?? getBlobName(options.file);
+        const requestedContentType = options.contentType ?? options.file.type ?? 'application/octet-stream';
         const createResponse = await this.http.post(`/v1/vaults/${vault.id}/ingots`, {
-            name,
-            content_type: contentType,
+            name: requestedName,
+            content_type: requestedContentType,
             size_bytes: options.file.size,
         }, {
-            headers: { Authorization: `Bearer ${vault.vatToken}` },
+            headers: { 'X-Vault-Access-Token': vault.vatToken },
         });
+        const created = createResponse.data;
+        if (!created.forge_url) {
+            throw new ValidationError('Upload endpoint did not return a Forge upload URL');
+        }
+        await uploadBlobWithTus(options.file, created.forge_url, created.name, created.content_type, options.onProgress);
         return {
-            id: createResponse.data.ingot_id,
-            name: createResponse.data.name,
-            contentType: createResponse.data.content_type,
-            size: createResponse.data.size_bytes,
-            createdAt: createResponse.data.created_at,
-            type: createResponse.data.ingot_type,
+            id: created.ingot_id,
+            name: created.name,
+            contentType: created.content_type,
+            size: created.size_bytes,
+            uploadExpiresAt: created.expires_at,
         };
     }
     /**
@@ -9678,10 +9790,14 @@ class VaultsModule {
      */
     async downloadIngot(vault, ingotId) {
         const cleanId = ingotId.startsWith('ing_') ? ingotId : `ing_${ingotId}`;
-        return this.http.requestRaw(`/v1/vaults/${vault.id}/ingots/${cleanId}/download`, {
-            method: 'POST',
-            headers: { Authorization: `Bearer ${vault.vatToken}` },
+        const response = await this.http.post(`/v1/vaults/${vault.id}/ingots/${cleanId}/download`, undefined, {
+            headers: { 'X-Vault-Access-Token': vault.vatToken },
         });
+        if (!response.data.download_url) {
+            throw new ValidationError('Download endpoint did not return a download URL');
+        }
+        this.validateDownloadUrl(response.data.download_url);
+        return fetchBlobWithTimeout(response.data.download_url);
     }
     /**
      * List all ingots in an unsealed vault.
@@ -9692,7 +9808,7 @@ class VaultsModule {
      */
     async listIngots(vault) {
         const response = await this.http.get(`/v1/vaults/${vault.id}/ingots`, {
-            headers: { Authorization: `Bearer ${vault.vatToken}` },
+            headers: { 'X-Vault-Access-Token': vault.vatToken },
         });
         return response.data.ingots.map((i) => ({
             id: i.ingot_id,
@@ -9700,7 +9816,6 @@ class VaultsModule {
             contentType: i.content_type,
             size: i.size_bytes,
             createdAt: i.created_at,
-            type: i.ingot_type,
         }));
     }
     /**
@@ -9712,7 +9827,7 @@ class VaultsModule {
     async deleteIngot(vault, ingotId) {
         const cleanId = ingotId.startsWith('ing_') ? ingotId : `ing_${ingotId}`;
         await this.http.delete(`/v1/vaults/${vault.id}/ingots/${cleanId}`, {
-            headers: { Authorization: `Bearer ${vault.vatToken}` },
+            headers: { 'X-Vault-Access-Token': vault.vatToken },
         });
     }
     validateCreateOptions(options) {
@@ -9731,6 +9846,117 @@ class VaultsModule {
             throw new ValidationError('File cannot be empty');
         }
     }
+    validateDownloadUrl(downloadUrl) {
+        let parsed;
+        try {
+            parsed = new URL(downloadUrl);
+        }
+        catch {
+            throw new ValidationError('Invalid download URL from server');
+        }
+        if (parsed.protocol !== 'https:') {
+            throw new ValidationError('Download URL must use HTTPS');
+        }
+        const allowedHosts = this.config.allowedDownloadHostPatterns;
+        if (!allowedHosts?.length) {
+            return;
+        }
+        if (!allowedHosts.some(pattern => pattern.test(parsed.hostname))) {
+            throw new ValidationError('Invalid download URL from server');
+        }
+    }
+}
+function getBlobName(file) {
+    if (typeof File !== 'undefined' && file instanceof File && file.name) {
+        return file.name;
+    }
+    return 'unnamed';
+}
+function base64Encode(value) {
+    return btoa(unescape(encodeURIComponent(value)));
+}
+async function uploadBlobWithTus(file, forgeUrl, filename, contentType, onProgress) {
+    if (typeof XMLHttpRequest === 'undefined') {
+        throw new ValidationError('XMLHttpRequest is required for browser ingot uploads');
+    }
+    const tusVersion = '1.0.0';
+    const defaultChunkSize = 50 * 1024 * 1024;
+    const url = new URL(forgeUrl);
+    const istk = url.searchParams.get('istk');
+    const endpoint = `${url.origin}${url.pathname}`;
+    if (!istk) {
+        throw new ValidationError('Forge upload URL is missing ISTK');
+    }
+    const createResponse = await fetch(endpoint, {
+        method: 'POST',
+        headers: {
+            'Tus-Resumable': tusVersion,
+            'Upload-Length': String(file.size),
+            'Upload-Metadata': `filename ${base64Encode(filename)},filetype ${base64Encode(contentType)}`,
+            'X-ISTK': istk,
+        },
+    });
+    if (!createResponse.ok) {
+        const errorText = await createResponse.text();
+        throw new Error(`Failed to create upload session: ${createResponse.status} ${errorText}`);
+    }
+    const location = createResponse.headers.get('Location');
+    const chunkSizeHeader = createResponse.headers.get('X-Chunk-Size');
+    const chunkSize = chunkSizeHeader ? parseInt(chunkSizeHeader, 10) : defaultChunkSize;
+    if (!location) {
+        throw new Error('Server did not return upload location');
+    }
+    const uploadUrl = location.startsWith('http') ? location : `${url.origin}${location}`;
+    let offset = 0;
+    while (offset < file.size) {
+        const chunkStart = offset;
+        const chunkEnd = Math.min(offset + chunkSize, file.size);
+        const chunk = file.slice(chunkStart, chunkEnd);
+        offset = await uploadChunkWithProgress(uploadUrl, chunk, chunkStart, file.size, tusVersion, istk, onProgress);
+    }
+}
+function uploadChunkWithProgress(uploadUrl, chunk, chunkStart, totalSize, tusVersion, istk, onProgress) {
+    return new Promise((resolve, reject) => {
+        const xhr = new XMLHttpRequest();
+        xhr.upload.onprogress = (event) => {
+            if (event.lengthComputable) {
+                onProgress?.(chunkStart + event.loaded, totalSize);
+            }
+        };
+        xhr.onload = () => {
+            if (xhr.status >= 200 && xhr.status < 300) {
+                const newOffsetHeader = xhr.getResponseHeader('Upload-Offset');
+                const newOffset = newOffsetHeader ? parseInt(newOffsetHeader, 10) : chunkStart + chunk.size;
+                resolve(newOffset);
+            }
+            else {
+                reject(new Error(`Chunk upload failed with status ${xhr.status}`));
+            }
+        };
+        xhr.onerror = () => reject(new Error('Chunk upload failed'));
+        xhr.ontimeout = () => reject(new Error('Chunk upload timed out'));
+        xhr.onabort = () => reject(new Error('Upload cancelled'));
+        xhr.open('PATCH', uploadUrl);
+        xhr.setRequestHeader('Tus-Resumable', tusVersion);
+        xhr.setRequestHeader('Upload-Offset', String(chunkStart));
+        xhr.setRequestHeader('Content-Type', 'application/offset+octet-stream');
+        xhr.setRequestHeader('X-ISTK', istk);
+        xhr.send(chunk);
+    });
+}
+async function fetchBlobWithTimeout(url, timeout = 300000) {
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), timeout);
+    try {
+        const response = await fetch(url, { signal: controller.signal });
+        if (!response.ok) {
+            throw new Error(`Download failed with status ${response.status}`);
+        }
+        return response.blob();
+    }
+    finally {
+        clearTimeout(timeoutId);
+    }
 }
 
 /**
@@ -9917,6 +10143,7 @@ class SparkVault {
         const http = new HttpClient(this.config);
         this.identity = new IdentityModule(this.config);
         this.vaults = new VaultsModule(this.config, http);
+        this.health = new HealthModule(this.config);
     }
     /**
      * Initialize the SparkVault SDK.