@syfthub/sdk 0.1.0 → 0.2.0

package/dist/index.d.ts

@@ -21,8 +21,8 @@ interface AuthTokens {
  * Internal HTTP client for making API requests.
  *
  * Handles:
- * - Bearer token authentication
- * - Automatic token refresh on 401 responses
+ * - Bearer token authentication (JWT or API token)
+ * - Automatic token refresh on 401 responses (JWT only)
  * - JSON serialization/deserialization
  * - snake_case <-> camelCase conversion
  * - Error handling and exception mapping
@@ -32,6 +32,7 @@ declare class HTTPClient {
     private readonly timeout;
     private accessToken;
     private refreshToken;
+    private apiToken;
     private isRefreshing;
     private refreshPromise;
     /**
@@ -42,21 +43,38 @@ declare class HTTPClient {
      */
     constructor(baseUrl: string, timeout?: number);
     /**
-     * Set authentication tokens.
+     * Set JWT authentication tokens.
+     * Clears any API token if set.
      */
     setTokens(access: string, refresh: string): void;
     /**
-     * Get current authentication tokens.
+     * Set API token for authentication.
+     * Clears any JWT tokens if set.
+     *
+     * @param token - The API token (starts with "syft_")
+     */
+    setApiToken(token: string): void;
+    /**
+     * Get current JWT authentication tokens.
+     * Returns null if using API token authentication.
      */
     getTokens(): AuthTokens | null;
     /**
-     * Clear authentication tokens.
+     * Check if using API token authentication.
+     */
+    isUsingApiToken(): boolean;
+    /**
+     * Clear all authentication (JWT and API tokens).
      */
     clearTokens(): void;
     /**
-     * Check if the client has valid tokens.
+     * Check if the client has valid authentication (JWT or API token).
      */
     hasTokens(): boolean;
+    /**
+     * Get the current bearer token (API token or JWT access token).
+     */
+    private getBearerToken;
     /**
      * Make a GET request.
      */
@@ -108,6 +126,184 @@ declare class HTTPClient {
     private attemptTokenRefresh;
 }
 
+/**
+ * API Token models for managing personal access tokens.
+ */
+/**
+ * Permission scopes for API tokens.
+ */
+type APITokenScope = 'read' | 'write' | 'full';
+/**
+ * API token representation (without the actual token value).
+ */
+interface APIToken {
+    /** Unique token identifier */
+    id: number;
+    /** User-friendly label for the token */
+    name: string;
+    /** First characters of the token for identification (e.g., 'syft_pat_aB3d') */
+    tokenPrefix: string;
+    /** Permission scopes */
+    scopes: readonly APITokenScope[];
+    /** Expiration timestamp, null if never expires */
+    expiresAt: Date | null;
+    /** Last time the token was used for authentication */
+    lastUsedAt: Date | null;
+    /** IP address from the last authentication */
+    lastUsedIp: string | null;
+    /** Whether the token is active (not revoked) */
+    isActive: boolean;
+    /** When the token was created */
+    createdAt: Date;
+    /** When the token was last updated */
+    updatedAt: Date | null;
+}
+/**
+ * Response when creating a new API token.
+ * IMPORTANT: The token is only shown ONCE in this response!
+ */
+interface APITokenCreateResponse extends APIToken {
+    /** The full API token. SAVE THIS NOW - it will not be shown again! */
+    token: string;
+}
+/**
+ * Input for creating a new API token.
+ */
+interface CreateAPITokenInput {
+    /** User-friendly label for the token (e.g., 'CI/CD Pipeline') */
+    name: string;
+    /** Permission scopes. Defaults to ['full'] if not specified. */
+    scopes?: APITokenScope[];
+    /** Optional expiration timestamp. Null means never expires. */
+    expiresAt?: Date | null;
+}
+/**
+ * Input for updating an API token.
+ */
+interface UpdateAPITokenInput {
+    /** New name for the token */
+    name: string;
+}
+/**
+ * Response for listing API tokens.
+ */
+interface APITokenListResponse {
+    /** List of API tokens */
+    tokens: APIToken[];
+    /** Total number of tokens */
+    total: number;
+}
+
+/**
+ * Resource for managing API tokens.
+ */
+
+/**
+ * Resource for managing API tokens.
+ *
+ * API tokens provide an alternative to username/password authentication.
+ * They are ideal for CI/CD pipelines, scripts, and programmatic access.
+ *
+ * @example
+ * // Create a new token
+ * const result = await client.apiTokens.create({
+ *   name: 'CI/CD Pipeline',
+ *   scopes: ['write'],
+ * });
+ * console.log('Save this token:', result.token);
+ *
+ * // List all tokens
+ * const { tokens } = await client.apiTokens.list();
+ *
+ * // Revoke a token
+ * await client.apiTokens.revoke(tokenId);
+ */
+declare class APITokensResource {
+    private readonly http;
+    constructor(http: HTTPClient);
+    /**
+     * Create a new API token.
+     *
+     * IMPORTANT: The returned token is only shown ONCE!
+     * Make sure to save it immediately - it cannot be retrieved later.
+     *
+     * @param input - Token creation options
+     * @returns The created token with the full token value
+     *
+     * @example
+     * const result = await client.apiTokens.create({
+     *   name: 'CI/CD Pipeline',
+     *   scopes: ['write'],
+     *   expiresAt: new Date('2025-12-31'),
+     * });
+     *
+     * // SAVE THIS TOKEN - it will not be shown again!
+     * console.log(result.token);
+     */
+    create(input: CreateAPITokenInput): Promise<APITokenCreateResponse>;
+    /**
+     * List all API tokens for the current user.
+     *
+     * By default, only active tokens are returned.
+     * Note: The full token value is never returned - only the prefix.
+     *
+     * @param options - List options
+     * @returns List of tokens and total count
+     *
+     * @example
+     * // List active tokens
+     * const { tokens, total } = await client.apiTokens.list();
+     *
+     * // Include revoked tokens
+     * const all = await client.apiTokens.list({ includeInactive: true });
+     */
+    list(options?: {
+        includeInactive?: boolean;
+        skip?: number;
+        limit?: number;
+    }): Promise<APITokenListResponse>;
+    /**
+     * Get a single API token by ID.
+     *
+     * Note: The full token value is never returned - only the prefix.
+     *
+     * @param tokenId - The token ID
+     * @returns The token details
+     *
+     * @example
+     * const token = await client.apiTokens.get(123);
+     * console.log(token.name, token.lastUsedAt);
+     */
+    get(tokenId: number): Promise<APIToken>;
+    /**
+     * Update an API token's name.
+     *
+     * Only the name can be updated. Scopes and expiration cannot be
+     * changed after creation.
+     *
+     * @param tokenId - The token ID
+     * @param input - Update options
+     * @returns The updated token
+     *
+     * @example
+     * const updated = await client.apiTokens.update(123, {
+     *   name: 'New Name',
+     * });
+     */
+    update(tokenId: number, input: UpdateAPITokenInput): Promise<APIToken>;
+    /**
+     * Revoke an API token.
+     *
+     * The token becomes immediately unusable. This action cannot be undone.
+     *
+     * @param tokenId - The token ID to revoke
+     *
+     * @example
+     * await client.apiTokens.revoke(123);
+     */
+    revoke(tokenId: number): Promise<void>;
+}
+
 /**
  * Visibility levels for endpoints.
  */
@@ -116,7 +312,7 @@ declare const Visibility: {
     readonly PUBLIC: "public";
     /** Only visible to the owner and collaborators */
     readonly PRIVATE: "private";
-    /** Visible to authenticated users within the organization */
+    /** Behaves like private — only visible to the owner */
     readonly INTERNAL: "internal";
 };
 type Visibility = (typeof Visibility)[keyof typeof Visibility];
@@ -128,6 +324,10 @@ declare const EndpointType: {
     readonly MODEL: "model";
     /** Data source endpoint */
     readonly DATA_SOURCE: "data_source";
+    /** Both model and data source endpoint */
+    readonly MODEL_DATA_SOURCE: "model_data_source";
+    /** Agent endpoint with session-based interaction */
+    readonly AGENT: "agent";
 };
 type EndpointType = (typeof EndpointType)[keyof typeof EndpointType];
 /**
@@ -142,18 +342,6 @@ declare const UserRole: {
     readonly GUEST: "guest";
 };
 type UserRole = (typeof UserRole)[keyof typeof UserRole];
-/**
- * Organization member roles.
- */
-declare const OrganizationRole: {
-    /** Organization owner with full control */
-    readonly OWNER: "owner";
-    /** Administrator with management privileges */
-    readonly ADMIN: "admin";
-    /** Regular member */
-    readonly MEMBER: "member";
-};
-type OrganizationRole = (typeof OrganizationRole)[keyof typeof OrganizationRole];
 
 /**
  * User account information.
@@ -170,6 +358,12 @@ interface User {
     readonly updatedAt: Date | null;
     /** Domain for endpoint URL construction (e.g., "api.example.com" or "api.example.com:8080") */
     readonly domain: string | null;
+    /** Custom aggregator URL for RAG/chat workflows */
+    readonly aggregatorUrl: string | null;
+    /** Markdown bio shown on the user's public profile */
+    readonly bio?: string | null;
+    /** Whether the user's email is shown on their public profile */
+    readonly isEmailPublic?: boolean;
 }
 /**
  * Input for user registration.
@@ -204,6 +398,54 @@ interface UserUpdateInput {
     avatarUrl?: string;
     /** Domain for endpoint URL construction (no protocol, e.g., "api.example.com:8080") */
     domain?: string;
+    /** Custom aggregator URL for RAG/chat workflows */
+    aggregatorUrl?: string;
+    /** Markdown bio shown on the user's public profile */
+    bio?: string;
+    /** Whether the user's email is shown on their public profile */
+    isEmailPublic?: boolean;
+}
+/**
+ * Result of user registration.
+ *
+ * When `requiresEmailVerification` is true, tokens are null and the client
+ * must call `auth.verifyOtp()` before the user can log in.
+ */
+interface RegisterResult {
+    readonly user: User;
+    /** Whether the user must verify their email via OTP before receiving tokens. */
+    readonly requiresEmailVerification: boolean;
+}
+/**
+ * Input for verifying a registration OTP.
+ */
+interface VerifyOTPInput {
+    email: string;
+    /** 6-digit numeric code sent to the user's email */
+    code: string;
+}
+/**
+ * Input for requesting a password reset.
+ */
+interface PasswordResetRequestInput {
+    email: string;
+}
+/**
+ * Input for confirming a password reset with OTP.
+ */
+interface PasswordResetConfirmInput {
+    email: string;
+    /** 6-digit numeric OTP code */
+    code: string;
+    newPassword: string;
+}
+/**
+ * Platform authentication configuration (from GET /auth/config).
+ */
+interface AuthConfig {
+    readonly requireEmailVerification: boolean;
+    readonly smtpConfigured: boolean;
+    readonly passwordResetEnabled: boolean;
 }
 /**
  * Input for changing password.
@@ -224,6 +466,75 @@ interface AccountingCredentials {
     /** Password for authenticating with the accounting service (null if not configured) */
     readonly password: string | null;
 }
+/**
+ * Input for sending a heartbeat.
+ */
+interface HeartbeatInput {
+    /** Full URL of this space (e.g., "https://myspace.example.com") */
+    url: string;
+    /** Time-to-live in seconds (1-3600, server caps at 600). Default is 300. */
+    ttlSeconds?: number;
+}
+/**
+ * Response from the heartbeat endpoint.
+ *
+ * The heartbeat mechanism allows SyftAI Spaces to signal their availability
+ * to SyftHub. The server returns the effective TTL (which may be capped)
+ * and the expiration time.
+ */
+interface HeartbeatResponse {
+    /** Status of the heartbeat (typically 'ok') */
+    readonly status: string;
+    /** When the heartbeat was received (ISO 8601 string) */
+    readonly receivedAt: Date;
+    /** When the heartbeat will expire (ISO 8601 string) */
+    readonly expiresAt: Date;
+    /** Extracted domain from the URL */
+    readonly domain: string;
+    /** Effective TTL applied (may be capped by server) */
+    readonly ttlSeconds: number;
+}
+/**
+ * A user's aggregator configuration.
+ *
+ * Aggregators are custom RAG orchestration service endpoints that users can
+ * configure to use for chat operations. Each user can have multiple aggregator
+ * configurations, with one set as the default.
+ */
+interface UserAggregator {
+    /** Unique aggregator configuration ID */
+    readonly id: number;
+    /** Owner user ID */
+    readonly userId: number;
+    /** Display name for the aggregator */
+    readonly name: string;
+    /** Aggregator service URL */
+    readonly url: string;
+    /** Whether this is the user's default aggregator */
+    readonly isDefault: boolean;
+    /** When the aggregator was created */
+    readonly createdAt: Date;
+    /** When the aggregator was last updated */
+    readonly updatedAt: Date;
+}
+/**
+ * Input for creating an aggregator configuration.
+ */
+interface UserAggregatorCreateInput {
+    /** Display name for the aggregator */
+    name: string;
+    /** Aggregator service URL */
+    url: string;
+}
+/**
+ * Input for updating an aggregator configuration.
+ */
+interface UserAggregatorUpdateInput {
+    /** New display name (optional) */
+    name?: string;
+    /** New aggregator URL (optional) */
+    url?: string;
+}
 
 /**
  * Policy configuration for an endpoint.
@@ -249,8 +560,7 @@ interface Connection {
  */
 interface Endpoint {
     readonly id: number;
-    readonly userId: number | null;
-    readonly organizationId: number | null;
+    readonly userId: number;
     readonly name: string;
     readonly slug: string;
     readonly description: string;
@@ -287,6 +597,42 @@ interface EndpointPublic {
     readonly createdAt: Date;
     readonly updatedAt: Date;
 }
+/**
+ * Search result with relevance score from semantic search.
+ *
+ * Extends the public endpoint fields with a relevance score indicating
+ * how well the endpoint matches the search query.
+ */
+interface EndpointSearchResult {
+    readonly name: string;
+    readonly slug: string;
+    readonly description: string;
+    readonly type: EndpointType;
+    readonly ownerUsername: string;
+    /** Number of contributors (user IDs not exposed for privacy) */
+    readonly contributorsCount: number;
+    readonly version: string;
+    readonly readme: string;
+    readonly tags: readonly string[];
+    readonly starsCount: number;
+    readonly policies: readonly Policy[];
+    readonly connect: readonly Connection[];
+    readonly createdAt: Date;
+    readonly updatedAt: Date;
+    /** Relevance score from semantic search (0.0-1.0) */
+    readonly relevanceScore: number;
+}
+/**
+ * Options for semantic search.
+ */
+interface SearchOptions {
+    /** Maximum number of results to return (default: 10) */
+    topK?: number;
+    /** Filter by endpoint type */
+    type?: EndpointType;
+    /** Minimum relevance score threshold (0.0-1.0, default: 0.0) */
+    minScore?: number;
+}
 /**
  * Input for creating a new endpoint.
  */
@@ -317,13 +663,6 @@ interface EndpointUpdateInput {
     connect?: Connection[];
     contributors?: number[];
 }
-/**
- * Get the owner type for an endpoint.
- *
- * @param endpoint - The endpoint to check
- * @returns 'user' if user-owned, 'organization' if org-owned
- */
-declare function getEndpointOwnerType(endpoint: Endpoint): 'user' | 'organization';
 /**
  * Get the full path for a public endpoint (owner/slug format).
  *
@@ -331,148 +670,82 @@ declare function getEndpointOwnerType(endpoint: Endpoint): 'user' | 'organizatio
  * @returns The path in "owner/slug" format
  */
 declare function getEndpointPublicPath(endpoint: EndpointPublic): string;
-
 /**
- * Accounting Models
+ * Response from the sync endpoints operation.
  *
- * Models for the external accounting service. The accounting service manages
- * user balances and transactions, and uses its own authentication separate
- * from SyftHub.
- */
-/**
- * Transaction status in the accounting service.
+ * Contains details about the sync operation including how many endpoints
+ * were deleted, how many were created, and the full list of created endpoints.
  */
-declare const TransactionStatus: {
-    /** Transaction created, awaiting confirmation */
-    readonly PENDING: "pending";
-    /** Transaction confirmed, funds transferred */
-    readonly COMPLETED: "completed";
-    /** Transaction cancelled, no funds transferred */
-    readonly CANCELLED: "cancelled";
-};
-type TransactionStatus = (typeof TransactionStatus)[keyof typeof TransactionStatus];
-/**
- * Who created or resolved a transaction.
- */
-declare const CreatorType: {
-    /** System-initiated transaction */
-    readonly SYSTEM: "system";
-    /** Sender-initiated transaction */
-    readonly SENDER: "sender";
-    /** Recipient-initiated transaction (delegated) */
-    readonly RECIPIENT: "recipient";
-};
-type CreatorType = (typeof CreatorType)[keyof typeof CreatorType];
-/**
- * User from accounting service with balance.
- *
- * This represents the user's account in the external accounting service,
- * which is separate from the SyftHub user account.
- */
-interface AccountingUser {
-    readonly id: string;
-    readonly email: string;
-    readonly balance: number;
-    readonly organization: string | null;
+interface SyncEndpointsResponse {
+    /** Number of endpoints created */
+    readonly synced: number;
+    /** Number of endpoints deleted */
+    readonly deleted: number;
+    /** List of created endpoints with full details */
+    readonly endpoints: readonly Endpoint[];
 }
+
 /**
- * Transaction record from accounting service.
- *
- * Transactions go through a lifecycle:
- * 1. Created (status=PENDING)
- * 2. Confirmed or Cancelled (status=COMPLETED or CANCELLED)
+ * Accounting Models (MPP Wallet)
  *
- * The createdBy field indicates who initiated the transaction:
- * - SENDER: Direct transaction by the payer
- * - RECIPIENT: Delegated transaction using a token
- * - SYSTEM: System-initiated transaction
- *
- * The resolvedBy field indicates who confirmed/cancelled.
- */
-interface Transaction {
-    readonly id: string;
-    readonly senderEmail: string;
-    readonly recipientEmail: string;
-    readonly amount: number;
-    readonly status: TransactionStatus;
-    readonly createdBy: CreatorType;
-    readonly resolvedBy: CreatorType | null;
-    readonly createdAt: Date;
-    readonly resolvedAt: Date | null;
-    readonly appName: string | null;
-    readonly appEpPath: string | null;
-}
-/**
- * Input for creating a direct transaction.
+ * Models for the MPP wallet system. Replaces the previous external accounting
+ * service models with wallet-based types for the Micropayment Protocol.
  */
-interface CreateTransactionInput {
-    /** Email of the recipient */
-    recipientEmail: string;
-    /** Amount to transfer (must be > 0) */
-    amount: number;
-    /** Optional app name for context (e.g., "syftai-space") */
-    appName?: string;
-    /** Optional endpoint path for context (e.g., "alice/model") */
-    appEpPath?: string;
-}
 /**
- * Input for creating a delegated transaction.
+ * Wallet information for the current user.
  */
-interface CreateDelegatedTransactionInput {
-    /** Email of the sender who created the token */
-    senderEmail: string;
-    /** Amount to transfer (must be > 0) */
-    amount: number;
-    /** JWT token from sender's createTransactionToken() */
-    token: string;
+interface WalletInfo {
+    /** Wallet address (null if no wallet configured) */
+    address: string | null;
+    /** Whether a wallet exists for this user */
+    exists: boolean;
 }
 /**
- * Input for updating password.
+ * Wallet balance and recent activity.
  */
-interface UpdatePasswordInput {
-    /** Current password for verification */
-    currentPassword: string;
-    /** New password to set */
-    newPassword: string;
+interface WalletBalance {
+    /** Current balance amount */
+    balance: number;
+    /** Currency identifier */
+    currency: string;
+    /** Recent transactions for this wallet */
+    recent_transactions: WalletTransaction[];
+    /** Whether a wallet is configured */
+    wallet_configured: boolean;
 }
 /**
- * Raw transaction response from API (before date parsing).
+ * A wallet transaction record.
  */
-interface TransactionResponse {
+interface WalletTransaction {
+    /** Unique transaction identifier */
     id: string;
-    senderEmail: string;
-    recipientEmail: string;
+    /** Email of the sender */
+    sender_email: string;
+    /** Email of the recipient */
+    recipient_email: string;
+    /** Transaction amount */
     amount: number;
-    status: TransactionStatus;
-    createdBy: CreatorType;
-    resolvedBy: CreatorType | null;
-    createdAt: string;
-    resolvedAt: string | null;
-    appName: string | null;
-    appEpPath: string | null;
+    /** Transaction status (e.g., "completed", "pending") */
+    status: string;
+    /** When the transaction was created (ISO 8601) */
+    created_at: string;
+    /** App name associated with the transaction */
+    app_name?: string;
+    /** Endpoint path associated with the transaction */
+    app_ep_path?: string;
 }
 /**
- * Token response from createTransactionToken.
+ * Response from transaction tokens endpoint.
+ *
+ * @deprecated Transaction tokens are no longer used. Payments are handled
+ * via the MPP 402 flow. Kept for backward compatibility with getTransactionTokens().
  */
-interface TransactionTokenResponse {
-    token: string;
+interface TransactionTokensResponse {
+    /** Mapping of owner_username to transaction token */
+    tokens: Record<string, string>;
+    /** Mapping of owner_username to error message (for failed tokens) */
+    errors: Record<string, string>;
 }
-/**
- * Parse a transaction response into a Transaction object.
- */
-declare function parseTransaction(response: TransactionResponse): Transaction;
-/**
- * Check if a transaction is pending.
- */
-declare function isTransactionPending(tx: Transaction): boolean;
-/**
- * Check if a transaction is completed.
- */
-declare function isTransactionCompleted(tx: Transaction): boolean;
-/**
- * Check if a transaction is cancelled.
- */
-declare function isTransactionCancelled(tx: Transaction): boolean;
 
 /**
  * Chat-related types for the SyftHub SDK.
@@ -579,6 +852,8 @@ interface ChatResponse {
     metadata: ChatMetadata;
     /** Token usage if available */
     usage?: TokenUsage;
+    /** Normalized contribution scores per source (owner/slug to fraction 0-1) */
+    profitShare?: Record<string, number>;
 }
 /**
  * A chat message for model queries.
@@ -609,6 +884,16 @@ interface ChatOptions {
     similarityThreshold?: number;
     /** AbortSignal for request cancellation */
     signal?: AbortSignal;
+    /** Custom aggregator URL to use instead of the default */
+    aggregatorUrl?: string;
+    /** Peer token for NATS tunneling (auto-fetched if tunneling endpoints detected) */
+    peerToken?: string;
+    /** Peer channel for NATS replies (auto-fetched if tunneling endpoints detected) */
+    peerChannel?: string;
+    /** Use guest mode for unauthenticated access to policy-free endpoints */
+    guestMode?: boolean;
+    /** Conversation history (prior turns) for multi-turn context */
+    messages?: Message[];
 }
 /**
  * Options for querying a data source directly.
@@ -664,16 +949,43 @@ interface RetrievalCompleteEvent {
     totalDocuments: number;
     timeMs: number;
 }
+/**
+ * Fired when document reranking begins (after all sources complete).
+ */
+interface RerankingStartEvent {
+    type: 'reranking_start';
+    /** Number of documents being reranked */
+    documents: number;
+}
+/**
+ * Fired when document reranking completes.
+ */
+interface RerankingCompleteEvent {
+    type: 'reranking_complete';
+    /** Number of documents after reranking */
+    documents: number;
+    /** Time taken for reranking in milliseconds */
+    timeMs: number;
+}
 /**
  * Fired when model generation begins.
  */
 interface GenerationStartEvent {
     type: 'generation_start';
 }
+/**
+ * Fired periodically during non-streaming model generation to indicate progress.
+ * Emitted every ~3 seconds while waiting for the model response.
+ */
+interface GenerationHeartbeatEvent {
+    type: 'generation_heartbeat';
+    /** Milliseconds elapsed since generation_start */
+    elapsedMs: number;
+}
 /**
  * Fired for each token from the model.
  */
-interface TokenEvent {
+interface TokenEvent$1 {
     type: 'token';
     content: string;
 }
@@ -689,6 +1001,14 @@ interface DoneEvent {
     metadata: ChatMetadata;
     /** Token usage if available (only from non-streaming mode) */
     usage?: TokenUsage;
+    /** Normalized contribution scores per source (owner/slug to fraction 0-1) */
+    profitShare?: Record<string, number>;
+    /**
+     * Clean response text with attribution markers stripped.
+     * Present when attribution ran (data sources were used). Frontends should
+     * replace the streamed content with this field to remove raw <cite:[N]> tags.
+     */
+    response?: string;
 }
 /**
  * Fired on error.
@@ -717,7 +1037,7 @@ interface ErrorEvent {
  *   }
  * }
  */
-type ChatStreamEvent = RetrievalStartEvent | SourceCompleteEvent | RetrievalCompleteEvent | GenerationStartEvent | TokenEvent | DoneEvent | ErrorEvent;
+type ChatStreamEvent = RetrievalStartEvent | SourceCompleteEvent | RetrievalCompleteEvent | RerankingStartEvent | RerankingCompleteEvent | GenerationStartEvent | GenerationHeartbeatEvent | TokenEvent$1 | DoneEvent | ErrorEvent;
 
 /**
  * Authentication resource for login, register, and session management.
@@ -803,7 +1123,7 @@ declare class AuthResource {
      *   }
      * }
      */
-    register(input: UserRegisterInput): Promise<User>;
+    register(input: UserRegisterInput): Promise<RegisterResult>;
     /**
      * Login with username/email and password.
      *
@@ -845,6 +1165,81 @@ declare class AuthResource {
      * @throws {ValidationError} If new password doesn't meet requirements
      */
     changePassword(currentPassword: string, newPassword: string): Promise<void>;
+    /**
+     * Get the platform's authentication configuration.
+     *
+     * No authentication required. Use this to determine whether email
+     * verification or password reset is available.
+     *
+     * @returns AuthConfig with feature flags
+     */
+    getAuthConfig(): Promise<AuthConfig>;
+    /**
+     * Verify a registration OTP and receive auth tokens.
+     *
+     * After registering when email verification is required, call this with
+     * the 6-digit code sent to the user's email.
+     *
+     * Idempotent: if the user is already verified, tokens are issued immediately.
+     *
+     * @param input - Email and 6-digit code
+     * @returns The authenticated User
+     * @throws {APIError} If the code is invalid or max attempts exceeded
+     */
+    verifyOtp(input: VerifyOTPInput): Promise<User>;
+    /**
+     * Resend the registration OTP code.
+     *
+     * Rate-limited. Always returns successfully to prevent email enumeration.
+     *
+     * @param email - Email address to resend the OTP to
+     */
+    resendOtp(email: string): Promise<void>;
+    /**
+     * Request a password reset OTP.
+     *
+     * Always returns successfully to prevent email enumeration.
+     * If SMTP is not configured on the server, this is a no-op.
+     *
+     * @param input - Email address for password reset
+     */
+    requestPasswordReset(input: PasswordResetRequestInput): Promise<void>;
+    /**
+     * Confirm a password reset with OTP and set a new password.
+     *
+     * @param input - Email, 6-digit code, and new password
+     * @throws {APIError} If the code is invalid or max attempts exceeded
+     */
+    confirmPasswordReset(input: PasswordResetConfirmInput): Promise<void>;
+    /**
+     * Get a peer token for NATS communication with tunneling spaces.
+     *
+     * Peer tokens are short-lived credentials that allow the aggregator to
+     * communicate with tunneling SyftAI Spaces via NATS pub/sub.
+     *
+     * @param targetUsernames - Usernames of the tunneling spaces to communicate with
+     * @returns PeerTokenResponse with token, channel, expiry, and NATS URL
+     * @throws {AuthenticationError} If not authenticated
+     *
+     * @example
+     * const peer = await client.auth.getPeerToken(['alice', 'bob']);
+     * console.log(`Peer channel: ${peer.peerChannel}, expires in ${peer.expiresIn}s`);
+     */
+    getPeerToken(targetUsernames: string[]): Promise<PeerTokenResponse>;
+    /**
+     * Get a guest peer token for NATS communication without authentication.
+     *
+     * Guest peer tokens are rate-limited by IP address. They use the same
+     * response format as authenticated peer tokens.
+     *
+     * @param targetUsernames - Usernames of the tunneling spaces to communicate with
+     * @returns PeerTokenResponse with token, channel, expiry, and NATS URL
+     *
+     * @example
+     * const peer = await client.auth.getGuestPeerToken(['alice']);
+     * console.log(`Guest peer channel: ${peer.peerChannel}`);
+     */
+    getGuestPeerToken(targetUsernames: string[]): Promise<PeerTokenResponse>;
     /**
      * Get a satellite token for a specific audience (target service).
      *
@@ -880,27 +1275,65 @@ declare class AuthResource {
      */
     getSatelliteTokens(audiences: string[]): Promise<Map<string, string>>;
     /**
-     * Get transaction tokens for multiple endpoint owners.
+     * Get a guest satellite token for a specific audience (target service).
+     *
+     * Guest tokens allow unauthenticated users to access policy-free endpoints.
+     * No authentication is required to call this method.
      *
-     * Transaction tokens are short-lived JWTs that pre-authorize the endpoint owner
-     * (recipient) to charge the current user (sender) for usage. These tokens are
-     * created via the accounting service and passed to the aggregator.
+     * @param audience - Target service identifier (username of the service owner)
+     * @returns Satellite token response with token and expiry
+     * @throws {ValidationError} If audience is invalid or inactive
      *
-     * This is used by the chat flow to enable billing for endpoint usage.
+     * @example
+     * // Get a guest token for querying alice's policy-free endpoints
+     * const tokenResponse = await client.auth.getGuestSatelliteToken('alice');
+     */
+    getGuestSatelliteToken(audience: string): Promise<SatelliteTokenResponse>;
+    /**
+     * Get guest satellite tokens for multiple audiences in parallel.
      *
-     * @param ownerUsernames - Array of endpoint owner usernames
-     * @returns TransactionTokensResponse with tokens map and any errors
-     * @throws {AuthenticationError} If not authenticated
+     * No authentication is required to call this method.
+     *
+     * @param audiences - Array of unique audience identifiers (usernames)
+     * @returns Map of audience to satellite token
      *
      * @example
-     * // Get transaction tokens for endpoint owners
-     * const response = await client.auth.getTransactionTokens(['alice', 'bob']);
-     * console.log(`Got ${Object.keys(response.tokens).length} tokens`);
-     * if (Object.keys(response.errors).length > 0) {
-     *   console.log('Some tokens failed:', response.errors);
-     * }
+     * const tokens = await client.auth.getGuestSatelliteTokens(['alice', 'bob']);
+     */
+    getGuestSatelliteTokens(audiences: string[]): Promise<Map<string, string>>;
+    /**
+     * Get transaction tokens for multiple endpoint owners.
+     *
+     * @deprecated Transaction tokens are no longer needed. Payments are handled
+     * via the MPP 402 flow. This method is kept for backward compatibility and
+     * always returns empty tokens/errors.
+     *
+     * @param ownerUsernames - Array of endpoint owner usernames (ignored)
+     * @returns TransactionTokensResponse with empty tokens and errors
      */
     getTransactionTokens(ownerUsernames: string[]): Promise<TransactionTokensResponse>;
+    /**
+     * Get the current access token (JWT or API token).
+     *
+     * This is used by the chat flow to pass the user's Hub token to the
+     * aggregator for the MPP payment callback.
+     *
+     * @returns The current access token, or null if not authenticated
+     */
+    getAccessToken(): string | null;
+}
+/**
+ * Response from peer token endpoint.
+ */
+interface PeerTokenResponse {
+    /** Short-lived token for NATS authentication */
+    peerToken: string;
+    /** Unique reply channel for receiving responses */
+    peerChannel: string;
+    /** Seconds until the token expires */
+    expiresIn: number;
+    /** NATS server URL for WebSocket connections */
+    natsUrl: string;
 }
 /**
  * Response from satellite token endpoint.
@@ -911,14 +1344,130 @@ interface SatelliteTokenResponse {
     /** Seconds until the token expires */
     expiresIn: number;
 }
+
 /**
- * Response from transaction tokens endpoint.
+ * Resource for managing user's aggregator configurations.
+ *
+ * Aggregators are custom RAG orchestration service endpoints that users can
+ * configure to use for chat operations. Each user can have multiple aggregator
+ * configurations, with one set as the default.
+ *
+ * The first aggregator created is automatically set as the default. Only one
+ * aggregator can be the default at a time; setting a new default automatically
+ * unsets the previous one.
+ *
+ * @example
+ * // List all aggregators
+ * const aggregators = await client.users.aggregators.list();
+ * for (const agg of aggregators) {
+ *   console.log(`${agg.name}: ${agg.url}`);
+ * }
+ *
+ * @example
+ * // Create a new aggregator
+ * const agg = await client.users.aggregators.create({
+ *   name: 'My Custom Aggregator',
+ *   url: 'https://my-aggregator.example.com'
+ * });
+ *
+ * @example
+ * // Set as default
+ * const defaultAgg = await client.users.aggregators.setDefault(agg.id);
  */
-interface TransactionTokensResponse {
-    /** Mapping of owner_username to transaction token */
-    tokens: Record<string, string>;
-    /** Mapping of owner_username to error message (for failed tokens) */
-    errors: Record<string, string>;
+declare class AggregatorsResource {
+    private readonly http;
+    constructor(http: HTTPClient);
+    /**
+     * List all aggregator configurations for the current user.
+     *
+     * @returns Array of UserAggregator objects
+     * @throws {AuthenticationError} If not authenticated
+     *
+     * @example
+     * const aggregators = await client.users.aggregators.list();
+     * for (const agg of aggregators) {
+     *   if (agg.isDefault) {
+     *     console.log(`Default: ${agg.name}`);
+     *   }
+     * }
+     */
+    list(): Promise<UserAggregator[]>;
+    /**
+     * Get a specific aggregator configuration by ID.
+     *
+     * @param aggregatorId - The aggregator ID
+     * @returns The UserAggregator object
+     * @throws {AuthenticationError} If not authenticated
+     * @throws {NotFoundError} If aggregator not found
+     *
+     * @example
+     * const agg = await client.users.aggregators.get(1);
+     * console.log(`${agg.name}: ${agg.url}`);
+     */
+    get(aggregatorId: number): Promise<UserAggregator>;
+    /**
+     * Create a new aggregator configuration.
+     *
+     * The first aggregator created is automatically set as the default.
+     *
+     * @param input - Aggregator creation input
+     * @returns The created UserAggregator object
+     * @throws {AuthenticationError} If not authenticated
+     * @throws {ValidationError} If input is invalid
+     *
+     * @example
+     * const agg = await client.users.aggregators.create({
+     *   name: 'My Custom Aggregator',
+     *   url: 'https://my-aggregator.example.com'
+     * });
+     * console.log(`Created: ${agg.id}`);
+     */
+    create(input: UserAggregatorCreateInput): Promise<UserAggregator>;
+    /**
+     * Update an aggregator configuration.
+     *
+     * Only provided fields will be updated.
+     *
+     * @param aggregatorId - The aggregator ID to update
+     * @param input - Fields to update
+     * @returns The updated UserAggregator object
+     * @throws {AuthenticationError} If not authenticated
+     * @throws {NotFoundError} If aggregator not found
+     * @throws {ValidationError} If input is invalid
+     *
+     * @example
+     * const agg = await client.users.aggregators.update(1, {
+     *   name: 'Updated Name'
+     * });
+     */
+    update(aggregatorId: number, input: UserAggregatorUpdateInput): Promise<UserAggregator>;
+    /**
+     * Delete an aggregator configuration.
+     *
+     * @param aggregatorId - The aggregator ID to delete
+     * @throws {AuthenticationError} If not authenticated
+     * @throws {NotFoundError} If aggregator not found
+     *
+     * @example
+     * await client.users.aggregators.delete(1);
+     */
+    delete(aggregatorId: number): Promise<void>;
+    /**
+     * Set an aggregator as the default.
+     *
+     * Only one aggregator can be the default at a time. Setting a new default
+     * automatically unsets the previous one.
+     *
+     * @param aggregatorId - The aggregator ID to set as default
+     * @returns The updated UserAggregator object with isDefault=true
+     * @throws {AuthenticationError} If not authenticated
+     * @throws {NotFoundError} If aggregator not found
+     *
+     * @example
+     * const agg = await client.users.aggregators.setDefault(2);
+     * console.log(`${agg.name} is now the default`);
+     */
+    setDefault(aggregatorId: number): Promise<UserAggregator>;
 }
 
 /**
@@ -938,10 +1487,41 @@ interface TransactionTokensResponse {
  * @example
  * // Check if email is available
  * const available = await client.users.checkEmail('new@example.com');
+ *
+ * @example
+ * // Manage aggregators
+ * const aggregators = await client.users.aggregators.list();
+ * const newAgg = await client.users.aggregators.create({
+ *   name: 'My Aggregator',
+ *   url: 'https://my-aggregator.example.com'
+ * });
  */
 declare class UsersResource {
     private readonly http;
+    private _aggregators?;
     constructor(http: HTTPClient);
+    /**
+     * Access aggregator management operations.
+     *
+     * @returns AggregatorsResource for managing user's aggregator configurations
+     *
+     * @example
+     * // List aggregators
+     * const aggregators = await client.users.aggregators.list();
+     * for (const agg of aggregators) {
+     *   console.log(`${agg.name}: ${agg.url}`);
+     * }
+     *
+     * // Create aggregator
+     * const agg = await client.users.aggregators.create({
+     *   name: 'My Aggregator',
+     *   url: 'https://my-aggregator.example.com'
+     * });
+     *
+     * // Set as default
+     * await client.users.aggregators.setDefault(agg.id);
+     */
+    get aggregators(): AggregatorsResource;
     /**
      * Update the current user's profile.
      *
@@ -983,6 +1563,38 @@ declare class UsersResource {
      * }
      */
     getAccountingCredentials(): Promise<AccountingCredentials>;
+    /**
+     * Send a heartbeat to indicate this SyftAI Space is alive.
+     *
+     * The heartbeat mechanism allows SyftAI Spaces to signal their availability
+     * to SyftHub. This should be called periodically (before the TTL expires)
+     * to maintain the "active" status.
+     *
+     * @param input - Heartbeat parameters
+     * @param input.url - Full URL of this space (e.g., "https://myspace.example.com").
+     *                    The server extracts the domain from this URL.
+     * @param input.ttlSeconds - Time-to-live in seconds (1-3600). The server caps this
+     *                           at a maximum of 600 seconds (10 minutes). Default is 300
+     *                           seconds (5 minutes).
+     * @returns HeartbeatResponse containing status, expiry time, domain, and effective TTL
+     * @throws {AuthenticationError} If not authenticated
+     * @throws {ValidationError} If URL or TTL is invalid
+     *
+     * @example
+     * // Send heartbeat with default TTL (300 seconds)
+     * const response = await client.users.sendHeartbeat({
+     *   url: 'https://myspace.example.com'
+     * });
+     * console.log(`Next heartbeat before: ${response.expiresAt}`);
+     *
+     * @example
+     * // Send heartbeat with custom TTL
+     * const response = await client.users.sendHeartbeat({
+     *   url: 'https://myspace.example.com',
+     *   ttlSeconds: 600  // Maximum allowed
+     * });
+     */
+    sendHeartbeat(input: HeartbeatInput): Promise<HeartbeatResponse>;
 }
 
 /**
@@ -1110,13 +1722,6 @@ declare class MyEndpointsResource {
      * @throws {Error} If path format is invalid
      */
     private parsePath;
-    /**
-     * Resolve an endpoint path to its ID.
-     *
-     * @param path - Endpoint path in "owner/slug" format
-     * @returns The endpoint ID
-     */
-    private resolveEndpointId;
     /**
      * List the current user's endpoints.
      *
@@ -1129,12 +1734,11 @@ declare class MyEndpointsResource {
      * Create a new endpoint.
      *
      * @param input - Endpoint creation details
-     * @param organizationId - Optional organization ID (for org-owned endpoints)
      * @returns The created Endpoint
      * @throws {AuthenticationError} If not authenticated
      * @throws {ValidationError} If input validation fails
      */
-    create(input: EndpointCreateInput, organizationId?: number): Promise<Endpoint>;
+    create(input: EndpointCreateInput): Promise<Endpoint>;
     /**
      * Get a specific endpoint by path.
      *
@@ -1167,12 +1771,47 @@ declare class MyEndpointsResource {
      * @throws {AuthorizationError} If not owner/admin
      */
     delete(path: string): Promise<void>;
+    /**
+     * Synchronize user's endpoints with provided list.
+     *
+     * This is a DESTRUCTIVE operation that:
+     * 1. Deletes ALL existing endpoints owned by the current user
+     * 2. Creates ALL endpoints from the provided list
+     * 3. Is ATOMIC: either all endpoints sync successfully, or none do
+     *
+     * Important Notes:
+     * - Stars on existing endpoints will be lost (reset to 0)
+     * - Endpoint IDs will change (new IDs assigned)
+     * - Maximum 100 endpoints per sync request
+     *
+     * @param endpoints - List of endpoint specifications to sync.
+     *                    Pass an empty array to delete ALL user endpoints.
+     * @returns SyncEndpointsResponse with synced count, deleted count, and created endpoints
+     * @throws {AuthenticationError} If not authenticated
+     * @throws {ValidationError} If any endpoint fails validation (entire batch rejected)
+     *
+     * @example
+     * // Sync with new endpoints
+     * const result = await client.myEndpoints.sync([
+     *   { name: 'Model A', type: 'model', visibility: 'public' },
+     *   { name: 'Data Source B', type: 'data_source', visibility: 'private' },
+     * ]);
+     * console.log(`Deleted ${result.deleted}, created ${result.synced} endpoints`);
+     *
+     * @example
+     * // Clear all endpoints
+     * const result = await client.myEndpoints.sync([]);
+     * console.log(`Deleted ${result.deleted} endpoints`);
+     */
+    sync(endpoints?: EndpointCreateInput[]): Promise<SyncEndpointsResponse>;
 }
 
 /**
  * Options for browsing endpoints.
  */
 interface BrowseOptions {
+    /** Filter by endpoint type ('model' or 'data_source') */
+    endpointType?: string;
     /** Number of items per page (default: 20) */
     pageSize?: number;
 }
@@ -1180,11 +1819,22 @@ interface BrowseOptions {
  * Options for trending endpoints.
  */
 interface TrendingOptions {
+    /** Filter by endpoint type ('model' or 'data_source') */
+    endpointType?: string;
     /** Minimum number of stars */
     minStars?: number;
     /** Number of items per page (default: 20) */
     pageSize?: number;
 }
+/**
+ * Options for listing guest-accessible endpoints.
+ */
+interface GuestAccessibleOptions {
+    /** Filter by endpoint type ('model' or 'data_source') */
+    endpointType?: string;
+    /** Number of items per page (default: 20) */
+    pageSize?: number;
+}
 /**
  * Hub resource for browsing and discovering public endpoints.
  *
@@ -1203,6 +1853,13 @@ interface TrendingOptions {
  * }
  *
  * @example
+ * // Semantic search for endpoints
+ * const results = await client.hub.search('machine learning for images');
+ * for (const result of results) {
+ *   console.log(`${result.ownerUsername}/${result.slug}: ${result.relevanceScore.toFixed(2)}`);
+ * }
+ *
+ * @example
  * // Get a specific endpoint
  * const endpoint = await client.hub.get('alice/cool-api');
  * console.log(endpoint.readme);
@@ -1237,8 +1894,12 @@ declare class HubResource {
     /**
      * Browse all public endpoints.
      *
-     * @param options - Pagination options
+     * @param options - Filter and pagination options
      * @returns PageIterator that lazily fetches endpoints
+     *
+     * @example
+     * // Browse only model endpoints
+     * const models = await client.hub.browse({ endpointType: 'model' }).firstPage();
      */
     browse(options?: BrowseOptions): PageIterator<EndpointPublic>;
     /**
@@ -1246,8 +1907,61 @@ declare class HubResource {
      *
      * @param options - Filter and pagination options
      * @returns PageIterator that lazily fetches endpoints
+     *
+     * @example
+     * // Get trending models only
+     * const models = await client.hub.trending({ endpointType: 'model' }).firstPage();
      */
     trending(options?: TrendingOptions): PageIterator<EndpointPublic>;
+    /**
+     * List endpoints accessible to unauthenticated (guest) users.
+     *
+     * Guest-accessible endpoints are public, active, and have no policies attached.
+     * No authentication is required to call this method.
+     *
+     * @param options - Filter and pagination options
+     * @returns PageIterator that lazily fetches guest-accessible endpoints
+     *
+     * @example
+     * // List all guest-accessible endpoints
+     * for await (const endpoint of client.hub.guestAccessible()) {
+     *   console.log(`${endpoint.ownerUsername}/${endpoint.slug}: ${endpoint.name}`);
+     * }
+     *
+     * @example
+     * // List only guest-accessible models
+     * const models = await client.hub.guestAccessible({ endpointType: 'model' }).firstPage();
+     */
+    guestAccessible(options?: GuestAccessibleOptions): PageIterator<EndpointPublic>;
+    /**
+     * Search for endpoints using semantic search.
+     *
+     * Uses RAG-powered semantic search to find endpoints that match the
+     * natural language query. Returns results sorted by relevance score.
+     *
+     * Note: If RAG is not configured on the server (no OpenAI API key),
+     * this method returns an empty array.
+     *
+     * @param query - Natural language search query (e.g., "machine learning models for image classification")
+     * @param options - Search options (topK, type filter, minScore)
+     * @returns Promise resolving to array of EndpointSearchResult with relevance scores.
+     *          Returns empty array if query is too short (<3 chars) or no matches found.
+     *
+     * @example
+     * // Search for machine learning models
+     * const results = await client.hub.search('image classification models');
+     * for (const result of results) {
+     *   console.log(`${result.ownerUsername}/${result.slug}: ${result.relevanceScore.toFixed(2)}`);
+     * }
+     *
+     * @example
+     * // Filter by type and minimum score
+     * const dataSources = await client.hub.search('customer data', {
+     *   type: EndpointType.DATA_SOURCE,
+     *   minScore: 0.5,
+     * });
+     */
+    search(query: string, options?: SearchOptions): Promise<EndpointSearchResult[]>;
     /**
      * Get an endpoint by its path.
      *
@@ -1275,6 +1989,22 @@ declare class HubResource {
      * @throws {NotFoundError} If endpoint not found
      */
     unstar(path: string): Promise<void>;
+    /**
+     * Get the owner/slug paths of a collective's approved member endpoints,
+     * optionally narrowed to a single shared-endpoint subset.
+     *
+     * Used by the chat resource to expand both `collective/<slug>` and
+     * `collective/<slug>/<shared-slug>` data-source references into the
+     * individual endpoint paths before building the aggregator request.
+     *
+     * @param slug - The collective slug (e.g. "genomics-research")
+     * @param sharedSlug - Optional curated-subset slug. When provided, only the
+     *   intersection of the subset's configured endpoints with the collective's
+     *   currently approved members is returned. Omit for "all approved members".
+     * @returns Array of "owner/slug" path strings
+     * @throws {NotFoundError} If the collective (or shared endpoint) does not exist
+     */
+    getCollectiveEndpointPaths(slug: string, sharedSlug?: string): Promise<string[]>;
     /**
      * Check if you have starred an endpoint.
      *
@@ -1287,295 +2017,176 @@ declare class HubResource {
 }
 
 /**
- * Accounting Resource for SyftHub SDK
+ * Accounting Resource for SyftHub SDK (MPP Wallet)
  *
- * This module connects to an external accounting/billing service for managing
- * user balances and transactions. The accounting service is separate from SyftHub
- * and uses its own authentication (Basic auth with email/password).
+ * This module provides wallet management operations via the SyftHub API.
+ * Payments are handled through the MPP (Micropayment Protocol) 402 flow,
+ * replacing the previous external accounting service with direct wallet support.
  *
  * @example
  * ```typescript
- * // Create accounting client
- * const accounting = new AccountingResource({
- *   url: 'https://accounting.example.com',
- *   email: 'user@example.com',
- *   password: 'secret'
- * });
- *
- * // Get user balance
- * const user = await accounting.getUser();
- * console.log(`Balance: ${user.balance}`);
- *
- * // Create a transaction
- * const tx = await accounting.createTransaction({
- *   recipientEmail: 'recipient@example.com',
- *   amount: 10.0,
- *   appName: 'syftai-space',
- *   appEpPath: 'alice/my-model'
- * });
- *
- * // Confirm the transaction
- * await accounting.confirmTransaction(tx.id);
+ * // Initialize via client (after login)
+ * await client.auth.login('alice', 'password');
+ * await client.initAccounting();
+ *
+ * // Get wallet info
+ * const wallet = await client.accounting.getWallet();
+ * console.log(`Wallet address: ${wallet.address}`);
+ *
+ * // Get balance
+ * const balance = await client.accounting.getBalance();
+ * console.log(`Balance: ${balance.balance} ${balance.currency}`);
+ *
+ * // Get transactions
+ * const transactions = await client.accounting.getTransactions();
+ * for (const tx of transactions) {
+ *   console.log(`${tx.created_at}: ${tx.amount} from ${tx.sender_email}`);
+ * }
  * ```
  */
 
 /**
  * Options for creating an AccountingResource.
+ *
+ * @deprecated The old AccountingResourceOptions with external service credentials
+ * are no longer needed. Use the HTTPClient-based constructor instead.
  */
 interface AccountingResourceOptions {
-    /** Accounting service URL */
+    /** @deprecated No longer used - wallet API is accessed via SyftHub */
     url: string;
-    /** Email for Basic auth */
+    /** @deprecated No longer used */
     email: string;
-    /** Password for Basic auth */
+    /** @deprecated No longer used */
     password: string;
-    /** Request timeout in milliseconds (default: 30000) */
+    /** @deprecated No longer used */
     timeout?: number;
 }
 /**
  * Options for listing transactions.
+ *
+ * @deprecated Use getTransactions() which returns all transactions directly.
  */
 interface TransactionsOptions {
     /** Number of items per page (default: 20) */
     pageSize?: number;
 }
 /**
- * Handle accounting/billing operations with external service.
+ * Wallet and payment operations via the SyftHub API.
  *
- * The accounting service manages user balances and transactions. It uses
- * Basic auth (email/password) for authentication, which is separate from
- * SyftHub's JWT-based authentication.
+ * Manages MPP (Micropayment Protocol) wallets for users. Payments for
+ * endpoint usage are handled automatically via the 402 payment flow
+ * between the aggregator and SyftAI-Space instances.
  *
- * Transaction Workflow:
- * 1. Sender creates transaction (status=PENDING)
- * 2. Either party confirms (status=COMPLETED) or cancels (status=CANCELLED)
+ * @example
+ * ```typescript
+ * // Get wallet info
+ * const wallet = await client.accounting.getWallet();
+ * if (!wallet.exists) {
+ *   // Create a new wallet
+ *   const result = await client.accounting.createWallet();
+ *   console.log(`Created wallet: ${result.address}`);
+ * }
  *
- * Delegated Transaction Workflow:
- * 1. Sender creates a transaction token for recipient
- * 2. Recipient uses token to create delegated transaction
- * 3. Recipient confirms the transaction
+ * // Check balance
+ * const balance = await client.accounting.getBalance();
+ * console.log(`Balance: ${balance.balance} ${balance.currency}`);
+ * ```
  */
 declare class AccountingResource {
-    private readonly baseUrl;
-    private readonly email;
-    private readonly password;
-    private readonly timeout;
-    private readonly authHeader;
-    constructor(options: AccountingResourceOptions);
-    /**
-     * Make an authenticated request to the accounting service.
-     */
-    private request;
-    /**
-     * Make a request using Bearer token auth (for delegated transactions).
-     */
-    private requestWithToken;
-    /**
-     * Get the current user's account information including balance.
-     *
-     * @returns AccountingUser with id, email, balance, and organization
-     * @throws {AuthenticationError} If authentication fails
-     * @throws {APIError} On other errors
-     *
-     * @example
-     * ```typescript
-     * const user = await accounting.getUser();
-     * console.log(`Balance: ${user.balance}`);
-     * console.log(`Organization: ${user.organization}`);
-     * ```
-     */
-    getUser(): Promise<AccountingUser>;
-    /**
-     * Update the user's password.
-     *
-     * @param currentPassword - Current password for verification
-     * @param newPassword - New password to set
-     * @throws {AuthenticationError} If current password is wrong
-     * @throws {ValidationError} If new password doesn't meet requirements
-     *
-     * @example
-     * ```typescript
-     * await accounting.updatePassword('old_secret', 'new_secret');
-     * ```
-     */
-    updatePassword(currentPassword: string, newPassword: string): Promise<void>;
-    /**
-     * Update the user's organization.
-     *
-     * @param organization - New organization name
-     * @throws {AuthenticationError} If authentication fails
-     *
-     * @example
-     * ```typescript
-     * await accounting.updateOrganization('OpenMined');
-     * ```
-     */
-    updateOrganization(organization: string): Promise<void>;
+    private readonly http;
+    constructor(http: HTTPClient);
     /**
-     * List account transactions with pagination.
+     * Get the current user's wallet information.
      *
-     * Returns a lazy iterator that fetches pages on demand.
-     *
-     * @param options - Pagination options
-     * @returns PageIterator that yields Transaction objects
+     * @returns WalletInfo with address and existence status
+     * @throws {AuthenticationError} If not authenticated
      *
      * @example
      * ```typescript
-     * // Iterate through all transactions
-     * for await (const tx of accounting.getTransactions()) {
-     *   console.log(`${tx.createdAt}: ${tx.amount} from ${tx.senderEmail}`);
+     * const wallet = await client.accounting.getWallet();
+     * if (wallet.exists) {
+     *   console.log(`Wallet address: ${wallet.address}`);
+     * } else {
+     *   console.log('No wallet configured');
      * }
-     *
-     * // Get first page only
-     * const firstPage = await accounting.getTransactions().firstPage();
-     *
-     * // Get all transactions
-     * const allTxs = await accounting.getTransactions().all();
-     * ```
-     */
-    getTransactions(options?: TransactionsOptions): PageIterator<Transaction>;
-    /**
-     * Get a specific transaction by ID.
-     *
-     * @param transactionId - The transaction ID
-     * @returns Transaction object
-     * @throws {NotFoundError} If transaction not found
-     *
-     * @example
-     * ```typescript
-     * const tx = await accounting.getTransaction('tx_123');
-     * console.log(`Status: ${tx.status}`);
-     * ```
-     */
-    getTransaction(transactionId: string): Promise<Transaction>;
-    /**
-     * Create a new transaction (direct transfer).
-     *
-     * Creates a PENDING transaction that must be confirmed or cancelled.
-     * The transaction is created by the sender (current user).
-     *
-     * @param input - Transaction details
-     * @returns Transaction in PENDING status
-     * @throws {ValidationError} If amount <= 0 or insufficient balance
-     *
-     * @example
-     * ```typescript
-     * const tx = await accounting.createTransaction({
-     *   recipientEmail: 'bob@example.com',
-     *   amount: 10.0,
-     *   appName: 'syftai-space',
-     *   appEpPath: 'alice/my-model'
-     * });
-     * console.log(`Created transaction ${tx.id}: ${tx.status}`);
-     *
-     * // Later, confirm or cancel
-     * await accounting.confirmTransaction(tx.id);
      * ```
      */
-    createTransaction(input: CreateTransactionInput): Promise<Transaction>;
+    getWallet(): Promise<WalletInfo>;
     /**
-     * Confirm a pending transaction.
-     *
-     * Confirms the transaction, transferring funds from sender to recipient.
-     * Can be called by either the sender or recipient.
+     * Get the current user's wallet balance and recent transactions.
      *
-     * @param transactionId - The transaction ID to confirm
-     * @returns Transaction in COMPLETED status
-     * @throws {NotFoundError} If transaction not found
-     * @throws {ValidationError} If transaction is not in PENDING status
+     * @returns WalletBalance with balance, currency, and recent transactions
+     * @throws {AuthenticationError} If not authenticated
      *
      * @example
      * ```typescript
-     * const tx = await accounting.confirmTransaction('tx_123');
-     * console.log(`Confirmed: ${tx.status}`); // "completed"
+     * const balance = await client.accounting.getBalance();
+     * console.log(`Balance: ${balance.balance} ${balance.currency}`);
+     * console.log(`Wallet configured: ${balance.wallet_configured}`);
      * ```
      */
-    confirmTransaction(transactionId: string): Promise<Transaction>;
+    getBalance(): Promise<WalletBalance>;
     /**
-     * Cancel a pending transaction.
-     *
-     * Cancels the transaction without transferring funds.
-     * Can be called by either the sender or recipient.
+     * Get the current user's wallet transactions.
      *
-     * @param transactionId - The transaction ID to cancel
-     * @returns Transaction in CANCELLED status
-     * @throws {NotFoundError} If transaction not found
-     * @throws {ValidationError} If transaction is not in PENDING status
+     * @returns Array of WalletTransaction objects
+     * @throws {AuthenticationError} If not authenticated
      *
      * @example
      * ```typescript
-     * const tx = await accounting.cancelTransaction('tx_123');
-     * console.log(`Cancelled: ${tx.status}`); // "cancelled"
+     * const transactions = await client.accounting.getTransactions();
+     * for (const tx of transactions) {
+     *   console.log(`${tx.created_at}: ${tx.amount} ${tx.status}`);
+     * }
      * ```
      */
-    cancelTransaction(transactionId: string): Promise<Transaction>;
+    getTransactions(): Promise<WalletTransaction[]>;
     /**
-     * Create a transaction token for delegated transfers.
+     * Create a new wallet for the current user.
      *
-     * Creates a JWT token that authorizes the recipient to create a
-     * transaction on behalf of the sender (current user). The token
-     * is short-lived (typically ~5 minutes).
+     * Generates a new wallet with a fresh keypair. The wallet address
+     * is returned and stored on the server.
      *
-     * Use this when you want to pre-authorize a payment that will be
-     * initiated by the recipient (e.g., a service charging for usage).
-     *
-     * @param recipientEmail - Email of the authorized recipient
-     * @returns JWT token string to share with recipient
+     * @returns Object with the new wallet address
+     * @throws {AuthenticationError} If not authenticated
+     * @throws {ValidationError} If user already has a wallet
      *
      * @example
      * ```typescript
-     * // Sender creates token
-     * const token = await accounting.createTransactionToken('service@example.com');
-     *
-     * // Share token with recipient out-of-band
-     * // Recipient uses token to create delegated transaction
+     * const result = await client.accounting.createWallet();
+     * console.log(`New wallet address: ${result.address}`);
      * ```
      */
-    createTransactionToken(recipientEmail: string): Promise<string>;
+    createWallet(): Promise<{
+        address: string;
+    }>;
     /**
-     * Create a delegated transaction using a pre-authorized token.
-     *
-     * Creates a transaction on behalf of the sender using their token.
-     * This is typically used by services to charge users for usage.
+     * Import an existing wallet using a private key.
      *
-     * The token authenticates the request instead of Basic auth.
-     *
-     * @param senderEmail - Email of the sender who created the token
-     * @param amount - Amount to transfer (must be > 0)
-     * @param token - JWT token from sender's createTransactionToken()
-     * @returns Transaction in PENDING status (createdBy=RECIPIENT)
-     * @throws {AuthenticationError} If token is invalid or expired
-     * @throws {ValidationError} If amount <= 0
+     * @param privateKey - The private key to import
+     * @returns Object with the imported wallet address
+     * @throws {AuthenticationError} If not authenticated
+     * @throws {ValidationError} If the private key is invalid
      *
      * @example
      * ```typescript
-     * // Recipient creates transaction using sender's token
-     * const tx = await accounting.createDelegatedTransaction(
-     *   'alice@example.com',
-     *   5.0,
-     *   aliceToken
-     * );
-     *
-     * // Recipient confirms the transaction
-     * await accounting.confirmTransaction(tx.id);
+     * const result = await client.accounting.importWallet('0x...');
+     * console.log(`Imported wallet address: ${result.address}`);
      * ```
      */
-    createDelegatedTransaction(senderEmail: string, amount: number, token: string): Promise<Transaction>;
+    importWallet(privateKey: string): Promise<{
+        address: string;
+    }>;
 }
 /**
  * Create a new AccountingResource instance.
  *
- * @param options - Configuration options
- * @returns AccountingResource instance
+ * @deprecated Use the SyftHubClient's built-in accounting resource instead.
+ * The wallet API is now accessed through the SyftHub HTTP client, not
+ * a separate external service.
  *
- * @example
- * ```typescript
- * const accounting = createAccountingResource({
- *   url: process.env.ACCOUNTING_URL!,
- *   email: process.env.ACCOUNTING_EMAIL!,
- *   password: process.env.ACCOUNTING_PASSWORD!
- * });
- * ```
+ * @param options - Configuration options (ignored, kept for backward compatibility)
+ * @returns AccountingResource instance
  */
 declare function createAccountingResource(options: AccountingResourceOptions): AccountingResource;
 
@@ -1704,6 +2315,225 @@ declare class AccountingServiceUnavailableError extends SyftHubError {
     constructor(message?: string, detail?: unknown | undefined);
 }
 
+/**
+ * TypeScript type definitions for agent events, session state, and message payloads.
+ */
+/**
+ * Agent session state machine states.
+ */
+type AgentSessionState = 'idle' | 'connecting' | 'running' | 'awaiting_input' | 'completed' | 'failed' | 'cancelled' | 'error';
+interface ThinkingEvent {
+    type: 'agent.thinking';
+    payload: {
+        content: string;
+        is_streaming: boolean;
+    };
+}
+interface ToolCallEvent {
+    type: 'agent.tool_call';
+    payload: {
+        tool_call_id: string;
+        tool_name: string;
+        arguments: Record<string, unknown>;
+        requires_confirmation: boolean;
+        description?: string;
+    };
+}
+interface ToolResultEvent {
+    type: 'agent.tool_result';
+    payload: {
+        tool_call_id: string;
+        status: 'success' | 'error';
+        result?: unknown;
+        error?: string;
+        duration_ms?: number;
+    };
+}
+interface AgentMessageEvent {
+    type: 'agent.message';
+    payload: {
+        content: string;
+        is_complete: boolean;
+    };
+}
+interface TokenEvent {
+    type: 'agent.token';
+    payload: {
+        token: string;
+    };
+}
+interface StatusEvent {
+    type: 'agent.status';
+    payload: {
+        status: string;
+        detail: string;
+        progress?: number;
+    };
+}
+interface RequestInputEvent {
+    type: 'agent.request_input';
+    payload: {
+        prompt: string;
+    };
+}
+interface SessionCreatedEvent {
+    type: 'session.created';
+    payload: {
+        session_id: string;
+    };
+}
+interface SessionCompletedEvent {
+    type: 'session.completed';
+    payload: {
+        session_id: string;
+    };
+}
+interface SessionFailedEvent {
+    type: 'session.failed';
+    payload: {
+        error: string;
+        reason: string;
+    };
+}
+interface AgentErrorEvent {
+    type: 'agent.error';
+    payload: {
+        code: string;
+        message: string;
+        recoverable: boolean;
+    };
+}
+/**
+ * Union type of all possible agent events.
+ */
+type AgentEvent = ThinkingEvent | ToolCallEvent | ToolResultEvent | AgentMessageEvent | TokenEvent | StatusEvent | RequestInputEvent | SessionCreatedEvent | SessionCompletedEvent | SessionFailedEvent | AgentErrorEvent;
+/**
+ * Configuration for agent sessions.
+ */
+interface AgentConfig {
+    maxTokens?: number;
+    temperature?: number;
+    systemPrompt?: string;
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Message in conversation history.
+ */
+interface AgentHistoryMessage {
+    role: string;
+    content: string;
+}
+/**
+ * Options for starting an agent session.
+ */
+interface AgentSessionOptions {
+    /** The initial prompt */
+    prompt: string;
+    /** Endpoint in "owner/slug" format or { owner, slug } object */
+    endpoint: string | {
+        owner: string;
+        slug: string;
+    };
+    /** Optional agent configuration */
+    config?: AgentConfig;
+    /** Optional conversation history */
+    messages?: AgentHistoryMessage[];
+    /** Optional AbortSignal for cancellation */
+    signal?: AbortSignal;
+}
+
+/**
+ * Agent resource for bidirectional agent sessions via WebSocket.
+ *
+ * @example
+ * const session = await client.agent.startSession({
+ *   prompt: 'Help me refactor this code',
+ *   endpoint: 'alice/code-assistant',
+ * });
+ *
+ * for await (const event of session.events()) {
+ *   switch (event.type) {
+ *     case 'agent.message':
+ *       console.log(event.payload.content);
+ *       break;
+ *     case 'agent.tool_call':
+ *       if (event.payload.requires_confirmation) {
+ *         await session.confirm(event.payload.tool_call_id);
+ *       }
+ *       break;
+ *   }
+ * }
+ */
+
+/**
+ * Error thrown during agent session operations.
+ */
+declare class AgentSessionError extends SyftHubError {
+    readonly code?: string | undefined;
+    constructor(message: string, code?: string | undefined);
+}
+/**
+ * AgentResource manages agent session lifecycle.
+ */
+declare class AgentResource {
+    private readonly auth;
+    private readonly aggregatorUrl;
+    constructor(auth: AuthResource, aggregatorUrl: string);
+    /**
+     * Start a new agent session.
+     *
+     * @param options - Session options including prompt, endpoint, and config
+     * @returns An AgentSessionClient for interacting with the session
+     */
+    startSession(options: AgentSessionOptions): Promise<AgentSessionClient>;
+}
+/**
+ * Client for an active agent session.
+ * Provides both async iterable and callback-based APIs for receiving events.
+ */
+declare class AgentSessionClient {
+    private readonly ws;
+    readonly sessionId: string;
+    private _state;
+    private _sequenceCounter;
+    private _messageQueue;
+    private _messageResolvers;
+    private _closed;
+    constructor(ws: WebSocket, sessionId: string);
+    /** Current session state */
+    get state(): AgentSessionState;
+    /**
+     * Async generator yielding agent events.
+     *
+     * @example
+     * for await (const event of session.events()) {
+     *   console.log(event.type, event.payload);
+     * }
+     */
+    events(): AsyncGenerator<AgentEvent>;
+    /**
+     * Register an event handler.
+     *
+     * @param eventType - The event type to listen for, or '*' for all events
+     * @param handler - Callback function
+     */
+    on(eventType: string, handler: (event: AgentEvent) => void): void;
+    /** Send a user message to the agent */
+    sendMessage(content: string): void;
+    /** Confirm a tool call */
+    confirm(toolCallId: string): void;
+    /** Deny a tool call */
+    deny(toolCallId: string, reason?: string): void;
+    /** Cancel the session */
+    cancel(): void;
+    /** Close the session and WebSocket */
+    close(): void;
+    private _send;
+    private _handleMessage;
+    private _handleClose;
+    private _nextEvent;
+}
+
 /**
  * Chat resource for RAG-augmented conversations via the Aggregator service.
  *
@@ -1757,6 +2587,11 @@ declare class ChatResource {
     private readonly auth;
     private readonly aggregatorUrl;
     constructor(hub: HubResource, auth: AuthResource, aggregatorUrl: string);
+    /**
+     * Check if an endpoint type matches the expected type.
+     * A model_data_source endpoint matches both 'model' and 'data_source'.
+     */
+    private static typeMatches;
     /**
      * Convert any endpoint format to EndpointRef with URL and owner info.
      * The ownerUsername is critical for satellite token authentication.
@@ -1770,16 +2605,16 @@ declare class ChatResource {
     /**
      * Get satellite tokens for all unique endpoint owners.
      * Returns a map of owner username to satellite token.
+     *
+     * @param owners - Array of unique owner usernames
+     * @param guestMode - If true, fetch guest tokens (no auth required)
      */
     private getSatelliteTokensForOwners;
     /**
-     * Get transaction tokens for all unique endpoint owners.
-     * Returns a map of owner username to transaction token.
-     *
-     * Transaction tokens are used for billing - they authorize the endpoint
-     * owner to charge the current user for usage.
+     * Get the user's Hub access token for MPP payment flow.
+     * Returns null if in guest mode or not authenticated.
      */
-    private getTransactionTokensForOwners;
+    private getUserToken;
     /**
      * Type guard for EndpointRef.
      */
@@ -1788,10 +2623,42 @@ declare class ChatResource {
      * Type guard for EndpointPublic.
      */
     private isEndpointPublic;
+    private static readonly COLLECTIVE_PREFIX;
+    private static readonly TUNNELING_PREFIX;
+    /**
+     * Expand any `collective/<slug>` (or `collective/<slug>/<shared-slug>`)
+     * entries in the data-sources list into the individual `owner/slug` paths
+     * of the collective's approved members.
+     *
+     * Path forms recognised:
+     * - `collective/<slug>` → every approved member (backward-compatible)
+     * - `collective/<slug>/all` → equivalent alias of the above
+     * - `collective/<slug>/<shared-slug>` → the named subset, intersected with
+     *   the collective's currently approved members
+     *
+     * Non-collective entries pass through unchanged. String paths are
+     * deduplicated so a regular endpoint that also belongs to a selected
+     * collective is not queried twice.
+     */
+    private expandCollectivePaths;
+    /**
+     * Check if any endpoints use tunneling URLs and extract target usernames.
+     */
+    private collectTunnelingUsernames;
+    /**
+     * Shared request preparation for complete() and stream().
+     * Resolves endpoints, fetches tokens, and builds the aggregator request body.
+     * Returns the request body and the resolved aggregator URL.
+     */
+    private prepareRequest;
+    /**
+     * Parse an error response from the aggregator into an AggregatorError.
+     */
+    private handleAggregatorErrorResponse;
     /**
      * Build the request body for the aggregator.
      * Includes endpoint_tokens mapping for satellite token authentication.
-     * Includes transaction_tokens mapping for billing authorization.
+     * Includes user_token for MPP payment callback authorization.
      * User identity is derived from satellite tokens, not passed in request body.
      */
     private buildRequestBody;
@@ -1822,7 +2689,7 @@ declare class ChatResource {
      * This method automatically:
      * 1. Resolves endpoints and extracts owner information
      * 2. Exchanges Hub tokens for satellite tokens (one per unique owner)
-     * 3. Fetches transaction tokens for billing authorization
+     * 3. Passes the user's Hub access token for MPP payment authorization
      * 4. Sends tokens to the aggregator for forwarding to SyftAI-Space
      *
      * @param options - Chat completion options
@@ -1837,7 +2704,7 @@ declare class ChatResource {
      * This method automatically:
      * 1. Resolves endpoints and extracts owner information
      * 2. Exchanges Hub tokens for satellite tokens (one per unique owner)
-     * 3. Fetches transaction tokens for billing authorization
+     * 3. Passes the user's Hub access token for MPP payment authorization
      * 4. Sends tokens to the aggregator for forwarding to SyftAI-Space
      *
      * @param options - Chat completion options
@@ -1848,6 +2715,7 @@ declare class ChatResource {
      * Parse an SSE event into a typed event object.
      */
     private parseSSEEvent;
+    private getAvailableEndpoints;
     /**
      * Get model endpoints that have connection URLs configured.
      *
@@ -1969,20 +2837,12 @@ interface SyftHubClientOptions {
      */
     aggregatorUrl?: string;
     /**
-     * Base URL for the accounting service (optional).
-     * Falls back to SYFTHUB_ACCOUNTING_URL environment variable.
+     * API token for authentication (alternative to username/password login).
+     * If provided, the client will be authenticated immediately without needing to call login().
+     * Falls back to SYFTHUB_API_TOKEN environment variable.
+     * @example 'syft_pat_xxxxx...'
      */
-    accountingUrl?: string;
-    /**
-     * Email for accounting service authentication (optional).
-     * Falls back to SYFTHUB_ACCOUNTING_EMAIL environment variable.
-     */
-    accountingEmail?: string;
-    /**
-     * Password for accounting service authentication (optional).
-     * Falls back to SYFTHUB_ACCOUNTING_PASSWORD environment variable.
-     */
-    accountingPassword?: string;
+    apiToken?: string;
 }
 /**
  * SyftHub SDK client for interacting with the SyftHub API.
@@ -2029,15 +2889,16 @@ interface SyftHubClientOptions {
  */
 declare class SyftHubClient {
     private readonly http;
-    private readonly options;
     private readonly aggregatorUrl;
     private _auth?;
     private _users?;
     private _myEndpoints?;
     private _hub?;
     private _accounting?;
+    private _agent?;
     private _chat?;
     private _syftai?;
+    private _apiTokens?;
     /**
      * Create a new SyftHub client.
      *
@@ -2079,28 +2940,60 @@ declare class SyftHubClient {
      */
     get hub(): HubResource;
     /**
-     * Accounting resource for billing and transactions.
+     * Agent resource for bidirectional agent sessions via WebSocket.
+     *
+     * @example
+     * const session = await client.agent.startSession({
+     *   prompt: 'Help me refactor this code',
+     *   endpoint: 'alice/code-assistant',
+     * });
+     *
+     * for await (const event of session.events()) {
+     *   console.log(event.type, event.payload);
+     * }
+     */
+    get agent(): AgentResource;
+    /**
+     * Accounting resource for wallet and payment operations.
      *
-     * The accounting service is external and uses separate credentials
-     * (email/password Basic auth) from SyftHub's JWT authentication.
+     * Provides access to MPP wallet management (balance, transactions,
+     * wallet creation/import). Uses the same SyftHub JWT authentication
+     * as other resources.
      *
-     * Credentials can be provided via:
-     * - Constructor options: accountingUrl, accountingEmail, accountingPassword
-     * - Environment variables: SYFTHUB_ACCOUNTING_URL, SYFTHUB_ACCOUNTING_EMAIL, SYFTHUB_ACCOUNTING_PASSWORD
+     * You must call `initAccounting()` after login to initialize this resource,
+     * or access it directly if already initialized.
      *
-     * @throws {SyftHubError} If accounting credentials are not configured
+     * @throws {AuthenticationError} If not initialized
      *
      * @example
-     * const user = await client.accounting.getUser();
-     * console.log(`Balance: ${user.balance}`);
+     * // Login first, then initialize accounting
+     * await client.auth.login('alice', 'password');
+     * await client.initAccounting();
      *
-     * // Create a transaction
-     * const tx = await client.accounting.createTransaction({
-     *   recipientEmail: 'bob@example.com',
-     *   amount: 10.0
-     * });
+     * // Now accounting is available
+     * const wallet = await client.accounting.getWallet();
+     * const balance = await client.accounting.getBalance();
      */
     get accounting(): AccountingResource;
+    /**
+     * Initialize the accounting (wallet) resource.
+     *
+     * The wallet API uses the same SyftHub authentication as other resources.
+     * This method simply verifies authentication and creates the resource.
+     *
+     * @returns The initialized AccountingResource
+     * @throws {AuthenticationError} If not authenticated
+     *
+     * @example
+     * // Login first, then initialize accounting
+     * await client.auth.login('alice', 'password');
+     * await client.initAccounting();
+     *
+     * // Now accounting is available
+     * const wallet = await client.accounting.getWallet();
+     * const balance = await client.accounting.getBalance();
+     */
+    initAccounting(): Promise<AccountingResource>;
     /**
      * Chat resource for RAG-augmented conversations via the Aggregator.
      *
@@ -2153,6 +3046,33 @@ declare class SyftHubClient {
      * });
      */
     get syftai(): SyftAIResource;
+    /**
+     * API Tokens resource for managing personal access tokens.
+     *
+     * API tokens provide an alternative to username/password authentication.
+     * They are ideal for CI/CD pipelines, scripts, and programmatic access.
+     *
+     * @example
+     * // Create a new token
+     * const result = await client.apiTokens.create({
+     *   name: 'CI/CD Pipeline',
+     *   scopes: ['write'],
+     * });
+     * console.log('Save this token:', result.token);
+     *
+     * // List all tokens
+     * const { tokens } = await client.apiTokens.list();
+     *
+     * // Revoke a token
+     * await client.apiTokens.revoke(tokenId);
+     */
+    get apiTokens(): APITokensResource;
+    /**
+     * Check if the client is using API token authentication.
+     *
+     * @returns True if authenticated with an API token (vs JWT)
+     */
+    get isUsingApiToken(): boolean;
     /**
      * Get current authentication tokens.
      *
@@ -2188,19 +3108,19 @@ declare class SyftHubClient {
      */
     get isAuthenticated(): boolean;
     /**
-     * Check if accounting service is configured.
+     * Check if the accounting (wallet) resource has been initialized.
      *
-     * Use this to check if accounting credentials are available before
-     * accessing the `accounting` property, which will throw if not configured.
+     * Use this to check if accounting is available before accessing
+     * the `accounting` property, which will throw if not initialized.
      *
-     * @returns True if accounting url, email, and password are all configured
+     * @returns True if accounting has been initialized via `initAccounting()`
      *
      * @example
-     * if (client.isAccountingConfigured) {
-     *   const user = await client.accounting.getUser();
+     * if (client.isAccountingInitialized) {
+     *   const wallet = await client.accounting.getWallet();
      * }
      */
-    get isAccountingConfigured(): boolean;
+    get isAccountingInitialized(): boolean;
     /**
      * Close the client and clean up resources.
      *
@@ -2209,4 +3129,4 @@ declare class SyftHubClient {
     close(): void;
 }
 
-export { APIError, AccountingAccountExistsError, type AccountingCredentials, AccountingResource, type AccountingResourceOptions, AccountingServiceUnavailableError, type AccountingUser, AggregatorError, type AuthTokens, AuthenticationError, AuthorizationError, type BrowseOptions, type ChatMetadata, type ChatOptions, ChatResource, type ChatResponse, type ChatStreamEvent, ConfigurationError, type Connection, type CreateDelegatedTransactionInput, type CreateTransactionInput, CreatorType, type Document, type DoneEvent, type Endpoint, type EndpointCreateInput, type EndpointPublic, type EndpointRef, EndpointResolutionError, EndpointType, type EndpointUpdateInput, type ErrorEvent, GenerationError, type GenerationStartEvent, InvalidAccountingPasswordError, type ListEndpointsOptions, type Message, NetworkError, NotFoundError, OrganizationRole, type PageFetcher, PageIterator, type PasswordChangeInput, type Policy, type QueryDataSourceOptions, type QueryModelOptions, type RetrievalCompleteEvent, RetrievalError, type RetrievalStartEvent, type SourceCompleteEvent, type SourceInfo, type SourceStatus, SyftAIResource, SyftHubClient, type SyftHubClientOptions, SyftHubError, type TokenEvent, type Transaction, type TransactionResponse, TransactionStatus, type TransactionTokenResponse, type TransactionsOptions, type TrendingOptions, type UpdatePasswordInput, type User, UserAlreadyExistsError, type UserRegisterInput, UserRole, type UserUpdateInput, ValidationError, Visibility, createAccountingResource, getEndpointOwnerType, getEndpointPublicPath, isTransactionCancelled, isTransactionCompleted, isTransactionPending, parseTransaction };
+export { APIError, type APIToken, type APITokenCreateResponse, type APITokenListResponse, type APITokenScope, APITokensResource, AccountingAccountExistsError, type AccountingCredentials, AccountingResource, type AccountingResourceOptions, AccountingServiceUnavailableError, type AgentConfig, type AgentErrorEvent, type AgentEvent, type AgentHistoryMessage, type AgentMessageEvent, type RequestInputEvent as AgentRequestInputEvent, AgentResource, AgentSessionClient, type SessionCompletedEvent as AgentSessionCompletedEvent, type SessionCreatedEvent as AgentSessionCreatedEvent, AgentSessionError, type SessionFailedEvent as AgentSessionFailedEvent, type AgentSessionOptions, type AgentSessionState, type StatusEvent as AgentStatusEvent, type ThinkingEvent as AgentThinkingEvent, type TokenEvent as AgentTokenEvent, type ToolCallEvent as AgentToolCallEvent, type ToolResultEvent as AgentToolResultEvent, AggregatorError, AggregatorsResource, type AuthConfig, type AuthTokens, AuthenticationError, AuthorizationError, type BrowseOptions, type ChatMetadata, type ChatOptions, ChatResource, type ChatResponse, type ChatStreamEvent, ConfigurationError, type Connection, type CreateAPITokenInput, type Document, type DocumentSource, type DoneEvent, type Endpoint, type EndpointCreateInput, type EndpointPublic, type EndpointRef, EndpointResolutionError, EndpointType, type EndpointUpdateInput, type ErrorEvent, GenerationError, type GenerationStartEvent, type HeartbeatInput, type HeartbeatResponse, InvalidAccountingPasswordError, type ListEndpointsOptions, type Message, NetworkError, NotFoundError, type PageFetcher, PageIterator, type PasswordChangeInput, type PasswordResetConfirmInput, type PasswordResetRequestInput, type Policy, type QueryDataSourceOptions, type QueryModelOptions, type RegisterResult, type RetrievalCompleteEvent, RetrievalError, type RetrievalStartEvent, type SourceCompleteEvent, type SourceInfo, type SourceStatus, SyftAIResource, SyftHubClient, type SyftHubClientOptions, SyftHubError, type SyncEndpointsResponse, type TokenEvent$1 as TokenEvent, type TransactionTokensResponse, type TransactionsOptions, type TrendingOptions, type UpdateAPITokenInput, type User, type UserAggregator, type UserAggregatorCreateInput, type UserAggregatorUpdateInput, UserAlreadyExistsError, type UserRegisterInput, UserRole, type UserUpdateInput, ValidationError, type VerifyOTPInput, Visibility, type WalletBalance, type WalletInfo, type WalletTransaction, createAccountingResource, getEndpointPublicPath };