npm - @stigmer/sdk - Versions diffs - 0.0.36 - Mend

@stigmer/sdk 0.0.36

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (138) hide show

package/LICENSE +190 -0
package/README.md +199 -0
package/config.d.ts +40 -0
package/config.d.ts.map +1 -0
package/config.js +17 -0
package/config.js.map +1 -0
package/errors.d.ts +77 -0
package/errors.d.ts.map +1 -0
package/errors.js +163 -0
package/errors.js.map +1 -0
package/gen/agent.d.ts +56 -0
package/gen/agent.d.ts.map +1 -0
package/gen/agent.js +113 -0
package/gen/agent.js.map +1 -0
package/gen/agentexecution.d.ts +68 -0
package/gen/agentexecution.d.ts.map +1 -0
package/gen/agentexecution.js +197 -0
package/gen/agentexecution.js.map +1 -0
package/gen/agentinstance.d.ts +26 -0
package/gen/agentinstance.d.ts.map +1 -0
package/gen/agentinstance.js +92 -0
package/gen/agentinstance.js.map +1 -0
package/gen/apikey.d.ts +25 -0
package/gen/apikey.d.ts.map +1 -0
package/gen/apikey.js +85 -0
package/gen/apikey.js.map +1 -0
package/gen/client.d.ts +76 -0
package/gen/client.d.ts.map +1 -0
package/gen/client.js +77 -0
package/gen/client.js.map +1 -0
package/gen/environment.d.ts +23 -0
package/gen/environment.d.ts.map +1 -0
package/gen/environment.js +86 -0
package/gen/environment.js.map +1 -0
package/gen/errors.d.ts +15 -0
package/gen/errors.d.ts.map +1 -0
package/gen/errors.js +52 -0
package/gen/errors.js.map +1 -0
package/gen/executioncontext.d.ts +24 -0
package/gen/executioncontext.d.ts.map +1 -0
package/gen/executioncontext.js +87 -0
package/gen/executioncontext.js.map +1 -0
package/gen/iampolicy.d.ts +34 -0
package/gen/iampolicy.d.ts.map +1 -0
package/gen/iampolicy.js +107 -0
package/gen/iampolicy.js.map +1 -0
package/gen/identityaccount.d.ts +35 -0
package/gen/identityaccount.d.ts.map +1 -0
package/gen/identityaccount.js +113 -0
package/gen/identityaccount.js.map +1 -0
package/gen/identityprovider.d.ts +27 -0
package/gen/identityprovider.d.ts.map +1 -0
package/gen/identityprovider.js +90 -0
package/gen/identityprovider.js.map +1 -0
package/gen/mcpserver.d.ts +50 -0
package/gen/mcpserver.d.ts.map +1 -0
package/gen/mcpserver.js +124 -0
package/gen/mcpserver.js.map +1 -0
package/gen/organization.d.ts +31 -0
package/gen/organization.d.ts.map +1 -0
package/gen/organization.js +102 -0
package/gen/organization.js.map +1 -0
package/gen/project.d.ts +24 -0
package/gen/project.d.ts.map +1 -0
package/gen/project.js +84 -0
package/gen/project.js.map +1 -0
package/gen/session.d.ts +49 -0
package/gen/session.d.ts.map +1 -0
package/gen/session.js +94 -0
package/gen/session.js.map +1 -0
package/gen/skill.d.ts +26 -0
package/gen/skill.d.ts.map +1 -0
package/gen/skill.js +101 -0
package/gen/skill.js.map +1 -0
package/gen/types.d.ts +43 -0
package/gen/types.d.ts.map +1 -0
package/gen/types.js +3 -0
package/gen/types.js.map +1 -0
package/gen/workflow.d.ts +51 -0
package/gen/workflow.d.ts.map +1 -0
package/gen/workflow.js +85 -0
package/gen/workflow.js.map +1 -0
package/gen/workflowexecution.d.ts +37 -0
package/gen/workflowexecution.d.ts.map +1 -0
package/gen/workflowexecution.js +161 -0
package/gen/workflowexecution.js.map +1 -0
package/gen/workflowinstance.d.ts +26 -0
package/gen/workflowinstance.d.ts.map +1 -0
package/gen/workflowinstance.js +92 -0
package/gen/workflowinstance.js.map +1 -0
package/index.d.ts +23 -0
package/index.d.ts.map +1 -0
package/index.js +26 -0
package/index.js.map +1 -0
package/internal/interceptors.d.ts +25 -0
package/internal/interceptors.d.ts.map +1 -0
package/internal/interceptors.js +75 -0
package/internal/interceptors.js.map +1 -0
package/package.json +40 -0
package/search.d.ts +41 -0
package/search.d.ts.map +1 -0
package/search.js +45 -0
package/search.js.map +1 -0
package/src/config.ts +64 -0
package/src/errors.ts +219 -0
package/src/gen/agent.ts +146 -0
package/src/gen/agentexecution.ts +205 -0
package/src/gen/agentinstance.ts +91 -0
package/src/gen/apikey.ts +86 -0
package/src/gen/client.ts +99 -0
package/src/gen/environment.ts +86 -0
package/src/gen/errors.ts +74 -0
package/src/gen/executioncontext.ts +87 -0
package/src/gen/iampolicy.ts +108 -0
package/src/gen/identityaccount.ts +115 -0
package/src/gen/identityprovider.ts +94 -0
package/src/gen/mcpserver.ts +147 -0
package/src/gen/organization.ts +103 -0
package/src/gen/project.ts +85 -0
package/src/gen/session.ts +120 -0
package/src/gen/skill.ts +102 -0
package/src/gen/types.ts +51 -0
package/src/gen/workflow.ts +116 -0
package/src/gen/workflowexecution.ts +147 -0
package/src/gen/workflowinstance.ts +91 -0
package/src/index.ts +124 -0
package/src/internal/interceptors.ts +83 -0
package/src/search.ts +71 -0
package/src/stigmer.ts +83 -0
package/src/transport.ts +46 -0
package/stigmer.d.ts +57 -0
package/stigmer.d.ts.map +1 -0
package/stigmer.js +64 -0
package/stigmer.js.map +1 -0
package/transport.d.ts +13 -0
package/transport.d.ts.map +1 -0
package/transport.js +34 -0
package/transport.js.map +1 -0

package/gen/workflowinstance.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"workflowinstance.js","sourceRoot":"","sources":["../../src/gen/workflowinstance.ts"],"names":[],"mappings":"AAAA,kDAAkD;AAElD,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAErC,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAE,YAAY,EAA+B,MAAM,qBAAqB,CAAC;AAChF,OAAO,EAAE,sBAAsB,EAAyB,MAAM,+DAA+D,CAAC;AAC9H,OAAO,EAAE,iCAAiC,EAAE,MAAM,mEAAmE,CAAC;AACtH,OAAO,EAAE,wBAAwB,EAAkJ,MAAM,8DAA8D,CAAC;AACxP,OAAO,EAAE,+BAA+B,EAAE,MAAM,iEAAiE,CAAC;AAClH,OAAO,EAAE,0BAA0B,EAAE,MAAM,gEAAgE,CAAC;AAC5G,OAAO,EAAE,0BAA0B,EAAE,MAAM,sDAAsD,CAAC;AAClG,OAAO,EAAE,yBAAyB,EAAE,MAAM,4DAA4D,CAAC;AAEvG,yDAAyD;AACzD,MAAM,OAAO,sBAAsB;IAChB,OAAO,CAAmD;IAC1D,KAAK,CAAiD;IAEvE,YAAY,SAAoB;QAC9B,IAAI,CAAC,OAAO,GAAG,YAAY,CAAC,iCAAiC,EAAE,SAAS,CAAC,CAAC;QAC1E,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC,+BAA+B,EAAE,SAAS,CAAC,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,KAAK,CAAC,KAA4B;QACtC,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,0BAA0B,CAAC,KAAK,CAAC,CAAC,CAAC;QACrE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YAAC,MAAM,SAAS,CAAC,CAAC,CAAC,CAAC;QAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAA4B;QACvC,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,0BAA0B,CAAC,KAAK,CAAC,CAAC,CAAC;QACtE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YAAC,MAAM,SAAS,CAAC,CAAC,CAAC,CAAC;QAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,KAA4B;QACvC,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,0BAA0B,CAAC,KAAK,CAAC,CAAC,CAAC;QACtE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YAAC,MAAM,SAAS,CAAC,CAAC,CAAC,CAAC;QAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAU;QACrB,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,wBAAwB,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QACpF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YAAC,MAAM,SAAS,CAAC,CAAC,CAAC,CAAC;QAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,EAAU;QAClB,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,wBAAwB,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QAC/E,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YAAC,MAAM,SAAS,CAAC,CAAC,CAAC,CAAC;QAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,KAA4C;QAC9D,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAC/C,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YAAC,MAAM,SAAS,CAAC,CAAC,CAAC,CAAC;QAAC,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,GAAgB;QACnC,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC,CAAC;QAClF,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YAAC,MAAM,SAAS,CAAC,CAAC,CAAC,CAAC;QAAC,CAAC;IACrC,CAAC;CACF;AAWD,SAAS,0BAA0B,CAAC,KAA4B;IAC9D,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAAC,EAAE;QACnD,UAAU,EAAE,uBAAuB;QACnC,IAAI,EAAE,kBAAkB;QACxB,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,yBAAyB,CAAC,EAAE;YACzD,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,GAAG,EAAE,KAAK,CAAC,GAAG;SACf,CAAC;QACF,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,0BAA0B,CAAC,EAAE;YACtD,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,OAAO,EAAE,KAAK,CAAC,OAAO;SACvB,CAAC;KACH,CAAqB,CAAC;AACzB,CAAC"}

package/index.d.ts ADDED Viewed

@@ -0,0 +1,23 @@
+export { Stigmer } from "./stigmer";
+export { type StigmerConfig, type TokenProvider } from "./config";
+export { StigmerError, type ErrorCode, isNotFound, isUnauthenticated, isPermissionDenied, isRetryable, type ErrorCategory, isConnectError, classifyError, isRetryableError, getUserMessage, type RpcErrorMetadata, annotateRpcError, getRpcMetadata, } from "./errors";
+export { SearchClient, type SearchParams, type SearchResponse, ApiResourceKind, } from "./search";
+export { type DeleteResourceInput, type ResourceRef, type Page, type ListParams, type ListResult, type EnvSpecInput, type EnvVarInput, } from "./gen/types";
+export { AgentClient, type AgentInput, type McpServerUsageInput, type ToolApprovalOverrideInput, type SubAgentInput, type McpAccessInput, } from "./gen/agent";
+export { AgentExecutionClient, type AgentExecutionInput, type ExecutionConfigInput, type ContextManagementConfigInput, type AttachmentInput, } from "./gen/agentexecution";
+export { AgentInstanceClient, type AgentInstanceInput, } from "./gen/agentinstance";
+export { ApiKeyClient, type ApiKeyInput } from "./gen/apikey";
+export { EnvironmentClient, type EnvironmentInput, } from "./gen/environment";
+export { ExecutionContextClient, type ExecutionContextInput, } from "./gen/executioncontext";
+export { IamPolicyClient, type IamPolicyInput, type ApiResourceRefInput, } from "./gen/iampolicy";
+export { IdentityAccountClient, type IdentityAccountInput, } from "./gen/identityaccount";
+export { IdentityProviderClient, type IdentityProviderInput, } from "./gen/identityprovider";
+export { McpServerClient, type McpServerInput, type StdioServerConfigInput, type HttpServerConfigInput, type ToolApprovalPolicyInput, } from "./gen/mcpserver";
+export { OrganizationClient, type OrganizationInput, } from "./gen/organization";
+export { ProjectClient, type ProjectInput } from "./gen/project";
+export { SessionClient, type SessionInput, type WorkspaceEntryInput, type WorkspaceSourceInput, type GitRepoSourceInput, type LocalPathSourceInput, } from "./gen/session";
+export { SkillClient, type SkillInput } from "./gen/skill";
+export { WorkflowClient, type WorkflowInput, type WorkflowDocumentInput, type WorkflowTaskInput, type ExportInput, type FlowControlInput, } from "./gen/workflow";
+export { WorkflowExecutionClient, type WorkflowExecutionInput, } from "./gen/workflowexecution";
+export { WorkflowInstanceClient, type WorkflowInstanceInput, } from "./gen/workflowinstance";
+//# sourceMappingURL=index.d.ts.map

package/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC,OAAO,EAAE,KAAK,aAAa,EAAE,KAAK,aAAa,EAAE,MAAM,UAAU,CAAC;AAGlE,OAAO,EACL,YAAY,EACZ,KAAK,SAAS,EACd,UAAU,EACV,iBAAiB,EACjB,kBAAkB,EAClB,WAAW,EACX,KAAK,aAAa,EAClB,cAAc,EACd,aAAa,EACb,gBAAgB,EAChB,cAAc,EACd,KAAK,gBAAgB,EACrB,gBAAgB,EAChB,cAAc,GACf,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,YAAY,EACZ,KAAK,YAAY,EACjB,KAAK,cAAc,EACnB,eAAe,GAChB,MAAM,UAAU,CAAC;AAGlB,OAAO,EACL,KAAK,mBAAmB,EACxB,KAAK,WAAW,EAChB,KAAK,IAAI,EACT,KAAK,UAAU,EACf,KAAK,UAAU,EACf,KAAK,YAAY,EACjB,KAAK,WAAW,GACjB,MAAM,aAAa,CAAC;AAGrB,OAAO,EACL,WAAW,EACX,KAAK,UAAU,EACf,KAAK,mBAAmB,EACxB,KAAK,yBAAyB,EAC9B,KAAK,aAAa,EAClB,KAAK,cAAc,GACpB,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,oBAAoB,EACpB,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,4BAA4B,EACjC,KAAK,eAAe,GACrB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,mBAAmB,EACnB,KAAK,kBAAkB,GACxB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAE,KAAK,WAAW,EAAE,MAAM,cAAc,CAAC;AAC9D,OAAO,EACL,iBAAiB,EACjB,KAAK,gBAAgB,GACtB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,sBAAsB,EACtB,KAAK,qBAAqB,GAC3B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,eAAe,EACf,KAAK,cAAc,EACnB,KAAK,mBAAmB,GACzB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,qBAAqB,EACrB,KAAK,oBAAoB,GAC1B,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,sBAAsB,EACtB,KAAK,qBAAqB,GAC3B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,eAAe,EACf,KAAK,cAAc,EACnB,KAAK,sBAAsB,EAC3B,KAAK,qBAAqB,EAC1B,KAAK,uBAAuB,GAC7B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,kBAAkB,EAClB,KAAK,iBAAiB,GACvB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,KAAK,YAAY,EAAE,MAAM,eAAe,CAAC;AACjE,OAAO,EACL,aAAa,EACb,KAAK,YAAY,EACjB,KAAK,mBAAmB,EACxB,KAAK,oBAAoB,EACzB,KAAK,kBAAkB,EACvB,KAAK,oBAAoB,GAC1B,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,WAAW,EAAE,KAAK,UAAU,EAAE,MAAM,aAAa,CAAC;AAC3D,OAAO,EACL,cAAc,EACd,KAAK,aAAa,EAClB,KAAK,qBAAqB,EAC1B,KAAK,iBAAiB,EACtB,KAAK,WAAW,EAChB,KAAK,gBAAgB,GACtB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,uBAAuB,EACvB,KAAK,sBAAsB,GAC5B,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,sBAAsB,EACtB,KAAK,qBAAqB,GAC3B,MAAM,wBAAwB,CAAC"}

package/index.js ADDED Viewed

@@ -0,0 +1,26 @@
+// Public API for @stigmer/sdk
+// Top-level client
+export { Stigmer } from "./stigmer";
+// Error handling
+export { StigmerError, isNotFound, isUnauthenticated, isPermissionDenied, isRetryable, isConnectError, classifyError, isRetryableError, getUserMessage, annotateRpcError, getRpcMetadata, } from "./errors";
+// Search client
+export { SearchClient, ApiResourceKind, } from "./search";
+// Re-export all resource client classes and input types
+export { AgentClient, } from "./gen/agent";
+export { AgentExecutionClient, } from "./gen/agentexecution";
+export { AgentInstanceClient, } from "./gen/agentinstance";
+export { ApiKeyClient } from "./gen/apikey";
+export { EnvironmentClient, } from "./gen/environment";
+export { ExecutionContextClient, } from "./gen/executioncontext";
+export { IamPolicyClient, } from "./gen/iampolicy";
+export { IdentityAccountClient, } from "./gen/identityaccount";
+export { IdentityProviderClient, } from "./gen/identityprovider";
+export { McpServerClient, } from "./gen/mcpserver";
+export { OrganizationClient, } from "./gen/organization";
+export { ProjectClient } from "./gen/project";
+export { SessionClient, } from "./gen/session";
+export { SkillClient } from "./gen/skill";
+export { WorkflowClient, } from "./gen/workflow";
+export { WorkflowExecutionClient, } from "./gen/workflowexecution";
+export { WorkflowInstanceClient, } from "./gen/workflowinstance";
+//# sourceMappingURL=index.js.map

package/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAE9B,mBAAmB;AACnB,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAKpC,iBAAiB;AACjB,OAAO,EACL,YAAY,EAEZ,UAAU,EACV,iBAAiB,EACjB,kBAAkB,EAClB,WAAW,EAEX,cAAc,EACd,aAAa,EACb,gBAAgB,EAChB,cAAc,EAEd,gBAAgB,EAChB,cAAc,GACf,MAAM,UAAU,CAAC;AAElB,gBAAgB;AAChB,OAAO,EACL,YAAY,EAGZ,eAAe,GAChB,MAAM,UAAU,CAAC;AAalB,wDAAwD;AACxD,OAAO,EACL,WAAW,GAMZ,MAAM,aAAa,CAAC;AACrB,OAAO,EACL,oBAAoB,GAKrB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EACL,mBAAmB,GAEpB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,YAAY,EAAoB,MAAM,cAAc,CAAC;AAC9D,OAAO,EACL,iBAAiB,GAElB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,sBAAsB,GAEvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,eAAe,GAGhB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,qBAAqB,GAEtB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EACL,sBAAsB,GAEvB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,eAAe,GAKhB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EACL,kBAAkB,GAEnB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAqB,MAAM,eAAe,CAAC;AACjE,OAAO,EACL,aAAa,GAMd,MAAM,eAAe,CAAC;AACvB,OAAO,EAAE,WAAW,EAAmB,MAAM,aAAa,CAAC;AAC3D,OAAO,EACL,cAAc,GAMf,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,uBAAuB,GAExB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EACL,sBAAsB,GAEvB,MAAM,wBAAwB,CAAC"}

package/internal/interceptors.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import { type Interceptor } from "@connectrpc/connect";
+import type { TokenProvider } from "../config";
+/**
+ * Create an interceptor that attaches `Authorization: Bearer <token>` to
+ * every outgoing request. Supports both static API keys and dynamic token
+ * providers.
+ */
+export declare function createAuthInterceptor(getAccessToken: TokenProvider): Interceptor;
+/**
+ * Interceptor that annotates every error with the RPC method name and
+ * service path that produced it. Must run before error-transforming
+ * interceptors so the raw request context is available.
+ */
+export declare const rpcMetadataInterceptor: Interceptor;
+/**
+ * Interceptor that strips gRPC status-code prefixes (e.g., `[internal]`)
+ * from error messages. The structured code remains on `ConnectError.code`.
+ */
+export declare const errorStripInterceptor: Interceptor;
+/**
+ * Create an interceptor that invokes a callback on UNAUTHENTICATED (code 16).
+ * The callback fires at most once per client to prevent cascading redirects.
+ */
+export declare function createAuthRedirectInterceptor(onUnauthenticated: () => void): Interceptor;
+//# sourceMappingURL=interceptors.d.ts.map

package/internal/interceptors.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"interceptors.d.ts","sourceRoot":"","sources":["../../src/internal/interceptors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAsB,KAAK,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAC3E,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAG/C;;;;GAIG;AACH,wBAAgB,qBAAqB,CACnC,cAAc,EAAE,aAAa,GAC5B,WAAW,CAQb;AAED;;;;GAIG;AACH,eAAO,MAAM,sBAAsB,EAAE,WAgBlC,CAAC;AAEJ;;;GAGG;AACH,eAAO,MAAM,qBAAqB,EAAE,WASnC,CAAC;AAEF;;;GAGG;AACH,wBAAgB,6BAA6B,CAC3C,iBAAiB,EAAE,MAAM,IAAI,GAC5B,WAAW,CAiBb"}

package/internal/interceptors.js ADDED Viewed

@@ -0,0 +1,75 @@
+import { ConnectError, Code } from "@connectrpc/connect";
+import { annotateRpcError } from "../errors";
+/**
+ * Create an interceptor that attaches `Authorization: Bearer <token>` to
+ * every outgoing request. Supports both static API keys and dynamic token
+ * providers.
+ */
+export function createAuthInterceptor(getAccessToken) {
+    return (next) => async (request) => {
+        const token = await getAccessToken();
+        if (token) {
+            request.header.set("Authorization", `Bearer ${token}`);
+        }
+        return next(request);
+    };
+}
+/**
+ * Interceptor that annotates every error with the RPC method name and
+ * service path that produced it. Must run before error-transforming
+ * interceptors so the raw request context is available.
+ */
+export const rpcMetadataInterceptor = (next) => async (request) => {
+    try {
+        return await next(request);
+    }
+    catch (error) {
+        if (error !== null && typeof error === "object") {
+            const segments = request.url.split("/");
+            const method = segments.at(-1) ?? "";
+            const service = segments.at(-2) ?? "";
+            annotateRpcError(error, {
+                method: method.charAt(0).toLowerCase() + method.slice(1),
+                path: `/${service}/${method}`,
+            });
+        }
+        throw error;
+    }
+};
+/**
+ * Interceptor that strips gRPC status-code prefixes (e.g., `[internal]`)
+ * from error messages. The structured code remains on `ConnectError.code`.
+ */
+export const errorStripInterceptor = (next) => async (request) => {
+    try {
+        return await next(request);
+    }
+    catch (error) {
+        if (error instanceof Error && error.message) {
+            error.message = error.message.replace(/^\[.*?]\s*/, "");
+        }
+        throw error;
+    }
+};
+/**
+ * Create an interceptor that invokes a callback on UNAUTHENTICATED (code 16).
+ * The callback fires at most once per client to prevent cascading redirects.
+ */
+export function createAuthRedirectInterceptor(onUnauthenticated) {
+    let fired = false;
+    return (next) => async (request) => {
+        try {
+            return await next(request);
+        }
+        catch (error) {
+            if (!fired &&
+                error instanceof ConnectError &&
+                error.code === Code.Unauthenticated) {
+                fired = true;
+                onUnauthenticated();
+            }
+            throw error;
+        }
+    };
+}
+//# sourceMappingURL=interceptors.js.map

package/internal/interceptors.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"interceptors.js","sourceRoot":"","sources":["../../src/internal/interceptors.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,IAAI,EAAoB,MAAM,qBAAqB,CAAC;AAE3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAE7C;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CACnC,cAA6B;IAE7B,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;QACjC,MAAM,KAAK,GAAG,MAAM,cAAc,EAAE,CAAC;QACrC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,KAAK,EAAE,CAAC,CAAC;QACzD,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC,CAAC;IACvB,CAAC,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,sBAAsB,GACjC,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IAC1B,IAAI,CAAC;QACH,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACxC,MAAM,MAAM,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACrC,MAAM,OAAO,GAAG,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACtC,gBAAgB,CAAC,KAAK,EAAE;gBACtB,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;gBACxD,IAAI,EAAE,IAAI,OAAO,IAAI,MAAM,EAAE;aAC9B,CAAC,CAAC;QACL,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC,CAAC;AAEJ;;;GAGG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAgB,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IAC5E,IAAI,CAAC;QACH,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,IAAI,KAAK,YAAY,KAAK,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;YAC5C,KAAK,CAAC,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,EAAE,EAAE,CAAC,CAAC;QAC1D,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,6BAA6B,CAC3C,iBAA6B;IAE7B,IAAI,KAAK,GAAG,KAAK,CAAC;IAClB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;QACjC,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC;QAC7B,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,IACE,CAAC,KAAK;gBACN,KAAK,YAAY,YAAY;gBAC7B,KAAK,CAAC,IAAI,KAAK,IAAI,CAAC,eAAe,EACnC,CAAC;gBACD,KAAK,GAAG,IAAI,CAAC;gBACb,iBAAiB,EAAE,CAAC;YACtB,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/package.json ADDED Viewed

@@ -0,0 +1,40 @@
+{
+  "name": "@stigmer/sdk",
+  "version": "0.0.36",
+  "description": "Stigmer TypeScript SDK — typed API client for all Stigmer platform resources",
+  "license": "Apache-2.0",
+  "type": "module",
+  "sideEffects": false,
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/stigmer/stigmer.git",
+    "directory": "sdk/typescript"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "keywords": [
+    "stigmer",
+    "sdk",
+    "api-client",
+    "grpc-web",
+    "connect-rpc",
+    "ai-agents"
+  ],
+  "main": "./index.js",
+  "types": "./index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./index.d.ts",
+      "import": "./index.js"
+    }
+  },
+  "dependencies": {
+    "@connectrpc/connect": "^2.0.0",
+    "@connectrpc/connect-web": "^2.0.0"
+  },
+  "peerDependencies": {
+    "@bufbuild/protobuf": "^2.0.0",
+    "@stigmer/protos": "0.0.36"
+  }
+}

package/search.d.ts ADDED Viewed

@@ -0,0 +1,41 @@
+import { type Transport } from "@connectrpc/connect";
+import { ApiResourceKind } from "@stigmer/protos/ai/stigmer/commons/apiresource/apiresourcekind/api_resource_kind_pb";
+import type { SearchResult } from "@stigmer/protos/ai/stigmer/search/v1/io_pb";
+/** Re-export ApiResourceKind for use with SearchClient. */
+export { ApiResourceKind };
+/** Parameters for a cross-resource search query. */
+export interface SearchParams {
+    /** Resource kinds to include in the search. */
+    readonly kinds: ApiResourceKind[];
+    /** Organization slug to scope the query. */
+    readonly org: string;
+    /** Free-text search query. */
+    readonly query?: string;
+    /** Whether to exclude public (non-org) resources from results. */
+    readonly excludePublic?: boolean;
+    /** Pagination parameters. */
+    readonly page?: {
+        num: number;
+        size: number;
+    };
+}
+/** A page of cross-resource search results. */
+export interface SearchResponse {
+    readonly entries: SearchResult[];
+    readonly totalCount: number;
+    readonly totalPages: number;
+}
+/**
+ * Cross-resource search client.
+ *
+ * Unlike the per-resource `list()` methods (which search within a single
+ * resource kind), `SearchClient.query()` searches across multiple resource
+ * kinds in a single call.
+ */
+export declare class SearchClient {
+    private readonly search;
+    constructor(transport: Transport);
+    /** Perform a cross-resource search. */
+    query(params: SearchParams): Promise<SearchResponse>;
+}
+//# sourceMappingURL=search.d.ts.map

package/search.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"search.d.ts","sourceRoot":"","sources":["../src/search.ts"],"names":[],"mappings":"AAAA,OAAO,EAA6B,KAAK,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAKhF,OAAO,EAAE,eAAe,EAAE,MAAM,qFAAqF,CAAC;AACtH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,4CAA4C,CAAC;AAG/E,2DAA2D;AAC3D,OAAO,EAAE,eAAe,EAAE,CAAC;AAE3B,oDAAoD;AACpD,MAAM,WAAW,YAAY;IAC3B,+CAA+C;IAC/C,QAAQ,CAAC,KAAK,EAAE,eAAe,EAAE,CAAC;IAClC,4CAA4C;IAC5C,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,8BAA8B;IAC9B,QAAQ,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IACxB,kEAAkE;IAClE,QAAQ,CAAC,aAAa,CAAC,EAAE,OAAO,CAAC;IACjC,6BAA6B;IAC7B,QAAQ,CAAC,IAAI,CAAC,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;CAC/C;AAED,+CAA+C;AAC/C,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,OAAO,EAAE,YAAY,EAAE,CAAC;IACjC,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;CAC7B;AAED;;;;;;GAMG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAA+B;gBAE1C,SAAS,EAAE,SAAS;IAIhC,uCAAuC;IACjC,KAAK,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC,cAAc,CAAC;CAsB3D"}

package/search.js ADDED Viewed

@@ -0,0 +1,45 @@
+import { createClient } from "@connectrpc/connect";
+import { create } from "@bufbuild/protobuf";
+import { SearchService } from "@stigmer/protos/ai/stigmer/search/v1/query_pb";
+import { SearchRequestSchema } from "@stigmer/protos/ai/stigmer/search/v1/io_pb";
+import { PageInfoSchema } from "@stigmer/protos/ai/stigmer/commons/rpc/pagination_pb";
+import { ApiResourceKind } from "@stigmer/protos/ai/stigmer/commons/apiresource/apiresourcekind/api_resource_kind_pb";
+import { wrapError } from "./gen/errors";
+/** Re-export ApiResourceKind for use with SearchClient. */
+export { ApiResourceKind };
+/**
+ * Cross-resource search client.
+ *
+ * Unlike the per-resource `list()` methods (which search within a single
+ * resource kind), `SearchClient.query()` searches across multiple resource
+ * kinds in a single call.
+ */
+export class SearchClient {
+    search;
+    constructor(transport) {
+        this.search = createClient(SearchService, transport);
+    }
+    /** Perform a cross-resource search. */
+    async query(params) {
+        try {
+            const resp = await this.search.search(create(SearchRequestSchema, {
+                kinds: params.kinds,
+                query: params.query,
+                org: params.org,
+                excludePublic: params.excludePublic ?? false,
+                page: params.page
+                    ? create(PageInfoSchema, params.page)
+                    : undefined,
+            }));
+            return {
+                entries: resp.entries,
+                totalCount: resp.totalCount,
+                totalPages: resp.totalPages,
+            };
+        }
+        catch (e) {
+            throw wrapError(e);
+        }
+    }
+}
+//# sourceMappingURL=search.js.map

package/search.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"search.js","sourceRoot":"","sources":["../src/search.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAA+B,MAAM,qBAAqB,CAAC;AAChF,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAE,aAAa,EAAE,MAAM,+CAA+C,CAAC;AAC9E,OAAO,EAAE,mBAAmB,EAAE,MAAM,4CAA4C,CAAC;AACjF,OAAO,EAAE,cAAc,EAAE,MAAM,sDAAsD,CAAC;AACtF,OAAO,EAAE,eAAe,EAAE,MAAM,qFAAqF,CAAC;AAEtH,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAEzC,2DAA2D;AAC3D,OAAO,EAAE,eAAe,EAAE,CAAC;AAuB3B;;;;;;GAMG;AACH,MAAM,OAAO,YAAY;IACN,MAAM,CAA+B;IAEtD,YAAY,SAAoB;QAC9B,IAAI,CAAC,MAAM,GAAG,YAAY,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;IACvD,CAAC;IAED,uCAAuC;IACvC,KAAK,CAAC,KAAK,CAAC,MAAoB;QAC9B,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CACnC,MAAM,CAAC,mBAAmB,EAAE;gBAC1B,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,KAAK,EAAE,MAAM,CAAC,KAAK;gBACnB,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,aAAa,EAAE,MAAM,CAAC,aAAa,IAAI,KAAK;gBAC5C,IAAI,EAAE,MAAM,CAAC,IAAI;oBACf,CAAC,CAAC,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,IAAI,CAAC;oBACrC,CAAC,CAAC,SAAS;aACd,CAAC,CACH,CAAC;YACF,OAAO;gBACL,OAAO,EAAE,IAAI,CAAC,OAAO;gBACrB,UAAU,EAAE,IAAI,CAAC,UAAU;gBAC3B,UAAU,EAAE,IAAI,CAAC,UAAU;aAC5B,CAAC;QACJ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,SAAS,CAAC,CAAC,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;CACF"}

package/src/config.ts ADDED Viewed

@@ -0,0 +1,64 @@
+/**
+ * Token provider callback for dynamic authentication.
+ * Called per-request, allowing token refresh and auth state changes.
+ * Return `null` to skip authentication for that request.
+ */
+export type TokenProvider = () => Promise<string | null> | string | null;
+/**
+ * Configuration for the Stigmer SDK client.
+ *
+ * Exactly one of `apiKey` or `getAccessToken` must be provided:
+ * - `apiKey`: Static API key for server-to-server usage.
+ * - `getAccessToken`: Dynamic token provider for browser or rotating credentials.
+ */
+export interface StigmerConfig {
+  /** Base URL of the Stigmer API server (e.g., "https://api.stigmer.io"). */
+  readonly baseUrl: string;
+  /** Static API key. Sent as `Authorization: Bearer <apiKey>` on every request. */
+  readonly apiKey?: string;
+  /** Dynamic token provider. Called per-request to obtain a Bearer token. */
+  readonly getAccessToken?: TokenProvider;
+  /**
+   * Called when the server returns UNAUTHENTICATED (code 16).
+   * Typically used to clear auth state and redirect to login.
+   * Invoked at most once per client instance to prevent cascading redirects.
+   */
+  readonly onUnauthenticated?: () => void;
+  /**
+   * Transport protocol to use for API communication.
+   * - `"grpc-web"` (default): gRPC-Web binary protocol. Compact, battle-tested.
+   * - `"connect"`: Connect protocol over HTTP/JSON. Easier to debug with standard HTTP tooling.
+   *
+   * Both protocols are supported by the Stigmer server.
+   */
+  readonly transport?: "grpc-web" | "connect";
+}
+/**
+ * Validate a StigmerConfig and throw a descriptive error for invalid configurations.
+ */
+export function validateConfig(config: StigmerConfig): void {
+  if (!config.baseUrl) {
+    throw new Error("stigmer: baseUrl is required");
+  }
+  const hasApiKey = typeof config.apiKey === "string" && config.apiKey.length > 0;
+  const hasTokenProvider = typeof config.getAccessToken === "function";
+  if (!hasApiKey && !hasTokenProvider) {
+    throw new Error(
+      "stigmer: either apiKey or getAccessToken must be provided",
+    );
+  }
+  if (hasApiKey && hasTokenProvider) {
+    throw new Error(
+      "stigmer: apiKey and getAccessToken are mutually exclusive — provide one, not both",
+    );
+  }
+}

package/src/errors.ts ADDED Viewed

@@ -0,0 +1,219 @@
+import { ConnectError, Code } from "@connectrpc/connect";
+import { StigmerError, type ErrorCode } from "./gen/errors";
+// Re-export generated error types
+export {
+  StigmerError,
+  type ErrorCode,
+  wrapError,
+  isNotFound,
+  isUnauthenticated,
+  isPermissionDenied,
+  isRetryable,
+} from "./gen/errors";
+/**
+ * Coarse-grained error categories derived from gRPC/Connect status codes.
+ * Each category maps to a distinct UX treatment:
+ *
+ * - `auth`         — session expired or missing credentials (redirect to login)
+ * - `permission`   — valid session but insufficient access (inline error)
+ * - `not-found`    — requested resource does not exist (inline error)
+ * - `validation`   — request rejected due to invalid input (inline / form error)
+ * - `server`       — unexpected server failure (inline error with retry)
+ * - `unavailable`  — server unreachable or overloaded (inline error with retry)
+ * - `cancelled`    — request aborted, usually by the user (silent)
+ * - `unknown`      — non-RPC error or unmapped code (inline error)
+ */
+export type ErrorCategory =
+  | "auth"
+  | "permission"
+  | "not-found"
+  | "validation"
+  | "server"
+  | "unavailable"
+  | "cancelled"
+  | "unknown";
+const CONNECT_CODE_TO_CATEGORY: Record<number, ErrorCategory> = {
+  [Code.Unauthenticated]: "auth",
+  [Code.PermissionDenied]: "permission",
+  [Code.NotFound]: "not-found",
+  [Code.InvalidArgument]: "validation",
+  [Code.FailedPrecondition]: "validation",
+  [Code.OutOfRange]: "validation",
+  [Code.AlreadyExists]: "validation",
+  [Code.Aborted]: "validation",
+  [Code.Internal]: "server",
+  [Code.Unknown]: "server",
+  [Code.DataLoss]: "server",
+  [Code.Unimplemented]: "server",
+  [Code.Unavailable]: "unavailable",
+  [Code.DeadlineExceeded]: "unavailable",
+  [Code.ResourceExhausted]: "unavailable",
+  [Code.Canceled]: "cancelled",
+};
+const ERROR_CODE_TO_CATEGORY: Record<ErrorCode, ErrorCategory> = {
+  unauthenticated: "auth",
+  "permission-denied": "permission",
+  "not-found": "not-found",
+  "invalid-argument": "validation",
+  "already-exists": "validation",
+  "failed-precondition": "validation",
+  "resource-exhausted": "unavailable",
+  internal: "server",
+  unavailable: "unavailable",
+  cancelled: "cancelled",
+  unknown: "server",
+};
+/**
+ * Narrow an unknown thrown value to {@link ConnectError}.
+ *
+ * Uses `ConnectError[Symbol.hasInstance]` which handles cross-package
+ * identity correctly (multiple copies of `@connectrpc/connect` in the
+ * dependency tree).
+ */
+export function isConnectError(error: unknown): error is ConnectError {
+  return error instanceof ConnectError;
+}
+/**
+ * Map any thrown value to an {@link ErrorCategory}.
+ *
+ * Handles both {@link StigmerError} (thrown by SDK methods) and raw
+ * {@link ConnectError} (from direct transport usage). All other values
+ * are classified as `"unknown"`.
+ */
+export function classifyError(error: unknown): ErrorCategory {
+  if (error instanceof StigmerError) {
+    return ERROR_CODE_TO_CATEGORY[error.code] ?? "unknown";
+  }
+  if (isConnectError(error)) {
+    return CONNECT_CODE_TO_CATEGORY[error.code] ?? "unknown";
+  }
+  return "unknown";
+}
+const RETRYABLE_CATEGORIES: ReadonlySet<ErrorCategory> = new Set([
+  "server",
+  "unavailable",
+]);
+/**
+ * Whether the error represents a transient failure worth retrying.
+ *
+ * Only `server` and `unavailable` categories are retryable. Auth, permission,
+ * not-found, and validation errors are deterministic — the same request
+ * will produce the same failure.
+ */
+export function isRetryableError(error: unknown): boolean {
+  return RETRYABLE_CATEGORIES.has(classifyError(error));
+}
+const CATEGORY_FALLBACKS: Record<ErrorCategory, string> = {
+  auth: "Your session has expired. Please sign in again.",
+  permission: "You do not have permission to perform this action.",
+  "not-found": "The requested resource was not found.",
+  validation: "The request contains invalid data.",
+  server: "An unexpected server error occurred. Please try again.",
+  unavailable:
+    "The server is temporarily unavailable. Please try again in a moment.",
+  cancelled: "The request was cancelled.",
+  unknown: "An unexpected error occurred.",
+};
+const INFRA_NOISE_PATTERNS: ReadonlyArray<readonly [RegExp, string]> = [
+  [/no healthy upstream/i, "The server is temporarily unavailable."],
+  [/ECONNREFUSED/i, "Unable to connect to the server."],
+  [/ECONNRESET/i, "The connection to the server was lost."],
+  [/ETIMEDOUT/i, "The request timed out. Please try again."],
+  [/fetch failed/i, "Unable to reach the server. Check your connection."],
+  [/network error/i, "A network error occurred. Check your connection."],
+  [/failed to fetch/i, "Unable to reach the server. Check your connection."],
+  [/load balancer/i, "The server is temporarily unavailable."],
+];
+/**
+ * Extract a clean, user-appropriate error message from any thrown value.
+ *
+ * 1. For {@link StigmerError} or {@link ConnectError}, uses the raw message
+ *    (which excludes the `[code]` prefix added by Connect-RPC).
+ * 2. Sanitizes infrastructure noise (e.g., "no healthy upstream") into
+ *    readable text.
+ * 3. Falls back to a category-specific default when the raw message is
+ *    empty or is infrastructure noise.
+ *
+ * @param error    — the thrown value (typically from a catch block)
+ * @param fallback — optional override for the default fallback message
+ */
+export function getUserMessage(error: unknown, fallback?: string): string {
+  const raw = extractRawMessage(error);
+  const sanitized = sanitizeMessage(raw);
+  if (sanitized) return sanitized;
+  const category = classifyError(error);
+  return fallback ?? CATEGORY_FALLBACKS[category];
+}
+function extractRawMessage(error: unknown): string {
+  if (error instanceof StigmerError) {
+    return error.message;
+  }
+  if (isConnectError(error)) {
+    return error.rawMessage;
+  }
+  if (error instanceof Error) {
+    return error.message;
+  }
+  if (typeof error === "string") {
+    return error;
+  }
+  return "";
+}
+function sanitizeMessage(message: string): string {
+  if (!message) return "";
+  for (const [pattern, replacement] of INFRA_NOISE_PATTERNS) {
+    if (pattern.test(message)) return replacement;
+  }
+  return message;
+}
+/**
+ * Metadata about the RPC call that produced an error. Attached by the
+ * SDK's metadata interceptor and readable via {@link getRpcMetadata}.
+ */
+export interface RpcErrorMetadata {
+  readonly method: string;
+  readonly path: string;
+}
+const rpcMetadataStore = new WeakMap<object, RpcErrorMetadata>();
+/**
+ * Attach RPC call metadata to an error object.
+ *
+ * Called by the metadata interceptor — application code should use
+ * {@link getRpcMetadata} to read metadata, not this function.
+ *
+ * @internal
+ */
+export function annotateRpcError(
+  error: object,
+  metadata: RpcErrorMetadata,
+): void {
+  rpcMetadataStore.set(error, metadata);
+}
+/**
+ * Retrieve RPC metadata previously attached by the metadata interceptor.
+ * Returns `undefined` if the error was not annotated.
+ */
+export function getRpcMetadata(error: unknown): RpcErrorMetadata | undefined {
+  if (error !== null && typeof error === "object") {
+    return rpcMetadataStore.get(error);
+  }
+  return undefined;
+}