@sylphx/sdk 0.9.0 → 0.10.1

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-import { SdkBillingPlan, SdkBillingSubscription, BillingCheckoutRequest, BillingCheckoutResponse, BillingPortalRequest, BillingPortalResponse, BillingBalanceResponse, BillingUsageResponse, SdkConsentType, UserConsent as UserConsent$1, AIModel as AIModel$1, GetModelsResponse, GetRateLimitResponse, GetUsageResponse, ReferralLeaderboardEntry, ReferralRewardDefaults as ReferralRewardDefaults$1, WebhookDelivery as WebhookDelivery$1, DeviceApproveRequest, DeviceApproveResponse, DeviceDenyRequest, DeviceDenyResponse, DeviceInitResponse, DeviceInitRequest, DevicePollResponse, LoginRequest as LoginRequest$1, LoginResponse as LoginResponse$1, UserFullProfile as UserFullProfile$1, LogoutInput, PlatformPasswordChangeRequest, PlatformPasswordChangeResponse, PlatformPasswordSetRequest, PlatformPasswordSetResponse, PlatformPasswordStatusResponse, RefreshTokenInput, RefreshTokenResult, PlatformSessionRenameRequest, PlatformSessionRenameResponse, PlatformSessionRevokeAllResponse, PlatformSessionRevokeRequest, PlatformSessionRevokeOtherResponse, PlatformSessionRevokeResponse, PlatformSessionsListResponse, AuthUserDeleteRequest, AuthUserDeleteResponse, AuthUserExportResponse, RegisterRequest as RegisterRequest$1, RegisterResponse as RegisterResponse$1, ResendEmailVerificationRequest as ResendEmailVerificationRequest$1, ResendEmailVerificationResponse as ResendEmailVerificationResponse$1, AuthTokensResponse, TwoFactorVerifyRequest as TwoFactorVerifyRequest$1, OAuthIntrospectResponse, PlatformAuditQueryRequest, PlatformAuditQueryResponse, PlatformRateLimitStatusRequest, PlatformRateLimitStatusResponse, PlatformRateLimitStrategiesListRequest, PlatformRateLimitStrategiesListResponse, PlatformRateLimitStrategyDeleteRequest, PlatformRateLimitStrategyDeleteResponse, PlatformRateLimitStrategyUpsertRequest, PlatformRateLimitStrategyUpsertResponse, CreateOrgInput as CreateOrgInput$1, InviteMemberInput as InviteMemberInput$1, OrgSdkRole, OrgInvitation, OrgMember, MembershipInfo, UpdateOrgInput as UpdateOrgInput$1, Organization } from '@sylphx/contract';
-export { BillingBalanceResponse as BalanceResponse, BillingCheckoutRequest as CheckoutRequest, BillingCheckoutResponse as CheckoutResponse, Organization, BillingPortalRequest as PortalRequest, BillingPortalResponse as PortalResponse, BillingUsageResponse as UsageResponse } from '@sylphx/contract';
+import { SdkBillingPlan, SdkBillingSubscription, BillingCheckoutRequest, BillingCheckoutResponse, BillingPortalRequest, BillingPortalResponse, BillingBalanceResponse, BillingUsageResponse, SdkConsentType, UserConsent as UserConsent$1, AIModel as AIModel$1, GetModelsResponse, GetRateLimitResponse, GetUsageResponse, ReferralLeaderboardEntry, ReferralRewardDefaults as ReferralRewardDefaults$1, WebhookDelivery as WebhookDelivery$1, DeviceApproveRequest, DeviceApproveResponse, DeviceDenyRequest, DeviceDenyResponse, DeviceInitResponse, DeviceInitRequest, DevicePollResponse, LoginRequest as LoginRequest$1, LoginResponse as LoginResponse$1, UserFullProfile as UserFullProfile$1, LogoutInput, PlatformPasswordChangeRequest, PlatformPasswordChangeResponse, PlatformPasswordSetRequest, PlatformPasswordSetResponse, PlatformPasswordStatusResponse, RefreshTokenInput, RefreshTokenResult, PlatformSessionRenameRequest, PlatformSessionRenameResponse, PlatformSessionRevokeAllResponse, PlatformSessionRevokeRequest, PlatformSessionRevokeOtherResponse, PlatformSessionRevokeResponse, PlatformSessionsListResponse, AuthUserDeleteRequest, AuthUserDeleteResponse, AuthUserExportResponse, RegisterRequest as RegisterRequest$1, RegisterResponse as RegisterResponse$1, ResendEmailVerificationRequest as ResendEmailVerificationRequest$1, ResendEmailVerificationResponse as ResendEmailVerificationResponse$1, AuthTokensResponse, TwoFactorVerifyRequest as TwoFactorVerifyRequest$1, OAuthIntrospectResponse, PlatformAuditQueryRequest, PlatformAuditQueryResponse, PlatformRateLimitStatusRequest, PlatformRateLimitStatusResponse, PlatformRateLimitStrategiesListRequest, PlatformRateLimitStrategiesListResponse, PlatformRateLimitStrategyDeleteRequest, PlatformRateLimitStrategyDeleteResponse, PlatformRateLimitStrategyUpsertRequest, PlatformRateLimitStrategyUpsertResponse, File as File$1, UploadId, FileId, FileVersion, FileVersionId, CreateOrgInput as CreateOrgInput$1, InviteMemberInput as InviteMemberInput$1, OrgSdkRole, OrgInvitation, OrgMember, MembershipInfo, UpdateOrgInput as UpdateOrgInput$1, Organization } from '@sylphx/contract';
+export { BillingBalanceResponse as BalanceResponse, BillingCheckoutRequest as CheckoutRequest, BillingCheckoutResponse as CheckoutResponse, FileId, FileVersion, FileVersionId, FileVisibility, Organization, BillingPortalRequest as PortalRequest, BillingPortalResponse as PortalResponse, SignedUrlDisposition, File as StorageFile, UploadId, BillingUsageResponse as UsageResponse } from '@sylphx/contract';
 
 /**
  * Functions Admin namespace — Platform-plane function-bundle admin
@@ -95,7 +95,7 @@ interface PlatformRealtimeDeleteChannelResult {
  *
  * Invariants:
  *   - Protocol is always `sylphx:` (no exceptions)
- *   - Credential matches `(pk|sk)_(dev|stg|prod|prev)_[a-f0-9]{32,64}`
+ *   - Credential matches `(pk|sk)_(dev|stg|prod|prev)(_{ref})?_{hex}`
  *   - Host's first DNS label is the resource slug (validated by slug regex)
  *   - `apiBaseUrl` is always HTTPS, with `/v{version}` appended (default `v1`)
  *
@@ -135,7 +135,7 @@ declare class InvalidConnectionUrlError extends Error {
  * import { createClient } from '@sylphx/sdk'
  *
  * const sylphx = createClient(process.env.SYLPHX_URL!)
- * // Parses: sylphx://pk_prod_{hex}@bold-river-a1b2c3.api.sylphx.com
+ * // Parses: sylphx://pk_prod_{ref?}_{hex}@bold-river-a1b2c3.api.sylphx.com
  * ```
  */
 
@@ -207,7 +207,7 @@ interface SylphxClientInput {
  * @example Connection URL (recommended)
  * ```typescript
  * const sylphx = createClient(process.env.NEXT_PUBLIC_SYLPHX_URL!)
- * // Parses: sylphx://pk_prod_{hex}@bold-river-a1b2c3.api.sylphx.com
+ * // Parses: sylphx://pk_prod_{ref?}_{hex}@bold-river-a1b2c3.api.sylphx.com
  * ```
  *
  * @example Explicit components
@@ -228,7 +228,7 @@ declare function createClient(input: string | SylphxClientInput): SylphxConfig;
  * @example Connection URL (recommended)
  * ```typescript
  * const sylphx = createServerClient(process.env.SYLPHX_SECRET_URL!)
- * // Parses: sylphx://sk_prod_{hex}@bold-river-a1b2c3.api.sylphx.com
+ * // Parses: sylphx://sk_prod_{ref?}_{hex}@bold-river-a1b2c3.api.sylphx.com
  * ```
  *
  * @example Explicit components
@@ -354,7 +354,7 @@ declare function installGlobalDebugHelpers(): void;
  * import { createRestClient } from '@sylphx/sdk'
  *
  * const client = createRestClient({
- *   secretKey: process.env.SYLPHX_SECRET_KEY!,
+ *   secretKey: createServerClient(process.env.SYLPHX_SECRET_URL!).secretKey!,
  * })
  *
  * const { data: user, error } = await client.GET('/auth/me')
@@ -488,6 +488,10 @@ interface Middleware {
     onRequest?: (ctx: {
         request: Request;
     }) => Promise<Request | undefined> | Request | undefined;
+    onFetch?: (ctx: {
+        request: Request;
+        next: (request: Request) => Promise<Response>;
+    }) => Promise<Response | undefined> | Response | undefined;
     onResponse?: (ctx: {
         request: Request;
         response: Response;
@@ -573,7 +577,7 @@ declare function getCircuitBreakerState(): {
  * @example
  * ```typescript
  * const client = createRestClient({
- *   secretKey: process.env.SYLPHX_SECRET_KEY!,
+ *   secretKey: createServerClient(process.env.SYLPHX_SECRET_URL!).secretKey!,
  * })
  *
  * const { data: user } = await client.GET('/auth/me')
@@ -594,7 +598,7 @@ declare function createRestClient(config: RestClientConfig): RestClient;
  * @example
  * ```typescript
  * const client = createDynamicRestClient({
- *   secretKey: process.env.SYLPHX_SECRET_KEY!,
+ *   secretKey: createServerClient(process.env.SYLPHX_SECRET_URL!).secretKey!,
  *   getAccessToken: async () => (await cookies()).get('session')?.value,
  * })
  * ```
@@ -1912,6 +1916,18 @@ interface OrgTokenPayload {
     /** RBAC role key (e.g. "hr_manager", "admin"). Permissions resolved server-side. */
     org_role: string;
 }
+interface OrgScopedTokenResponse {
+    /** Org-scoped access token. */
+    token: string;
+    /** Org-scoped access token, matching the SDK's token naming convention. */
+    accessToken: string;
+    /** Token lifetime in seconds, when provided by the runtime. */
+    expiresIn?: number;
+    /** Bearer token type, when provided by the runtime. */
+    tokenType?: string;
+    /** User envelope returned by the runtime for session hydration. */
+    user?: User;
+}
 /**
  * Invite a user request payload.
  */
@@ -2129,9 +2145,14 @@ declare function inviteUser(config: SylphxConfig, input: InviteUserRequest): Pro
  * The returned access_token JWT includes org_id, org_slug, org_role claims.
  *
  * @example
- * const tokens = await switchOrg(withToken(config, currentToken), 'org_xxx')
+ * const { token } = await getOrgScopedToken(withToken(config, currentToken), 'org_xxx')
+ */
+declare function getOrgScopedToken(config: SylphxConfig, orgId: string): Promise<OrgScopedTokenResponse>;
+/**
+ * @deprecated Use getOrgScopedToken(config, orgId). Kept as the shorter
+ * organization switch alias for existing SDK callers.
  */
-declare function switchOrg(config: SylphxConfig, orgId: string): Promise<TokenResponse>;
+declare function switchOrg(config: SylphxConfig, orgId: string): Promise<OrgScopedTokenResponse>;
 type DeviceInitInput = DeviceInitRequest;
 type DeviceGrant = DeviceInitResponse;
 type DevicePollResult = DevicePollResponse;
@@ -3371,7 +3392,7 @@ interface StreamMessage<T = unknown> {
  * import { createConfig, realtimeEmit } from '@sylphx/sdk'
  *
  * // Server: emit events to connected clients
- * const config = createConfig({ secretKey: process.env.SYLPHX_SECRET_KEY! })
+ * const config = createConfig({ secretKey: createServerClient(process.env.SYLPHX_SECRET_URL!).secretKey! })
  * await realtimeEmit(config, {
  *   channel: 'orders',
  *   event: 'order.created',
@@ -3684,320 +3705,132 @@ declare function createTracker(config: SylphxConfig, defaultAnonymousId?: string
     getAnonymousId: () => string;
 };
 
-interface UploadProgressEvent {
-    /** Bytes uploaded */
-    loaded: number;
-    /** Total bytes */
-    total: number;
-    /** Progress percentage (0-100) */
-    progress: number;
-}
-interface UploadResult {
-    /** Public URL of uploaded file */
-    url: string;
-    /** File path/key in storage */
-    pathname: string;
-    /** Content type */
-    contentType: string;
-    /** File size in bytes */
-    size: number;
-}
-
 /**
- * Storage Functions
+ * Storage SDK — pure functional, namespaced. Per ADR-100.
  *
- * Pure functions for file storage operations.
+ * Wire is the contract in `@sylphx/contract` (`schemas/storage.ts` +
+ * `endpoints/storage.ts`). This module is the only public surface for
+ * uploads / files; consumers import the `storage` namespace.
  *
- * ## Industry Patterns Implemented
- * - AbortController cancellation (Vercel Blob pattern)
- * - Exponential backoff with jitter (AWS S3 pattern: 5 retries, 1s base)
- * - Concurrent chunk uploads (Vercel pattern: 3 concurrent)
+ * Features (built-in defaults, ADR-100 §2.8):
+ * - Idempotency-Key auto-generated (UUIDv7) on every POST
+ * - Single-part PUT or multipart, picked server-side from `size`
+ * - Streaming SHA-256 via the Web Crypto API
+ * - Resumable: persists `(uploadId, completedParts[])` to localStorage when available
+ * - AbortSignal cancellation; auto-DELETE upload session on abort
+ * - Exponential backoff with full jitter (5 retries, 1s base, 30s cap)
+ * - Progress: byte-accurate via XHR (browser) or stream sampling (node)
  *
- * Wire-shape types are re-exported from `@sylphx/contract` (ADR-084). The
- * contract is the single source of truth — this module only adds ergonomic
- * aliases (`StorageFile`, `UploadUrlRequest`, `UploadUrlResponse`) and local
- * convenience shapes (`FileInfo`, `FileUploadOptions`, `SignedUrlOptions`,
- * `SignedUrlResult`) that pre-date the contract and are preserved for SDK
- * surface compatibility.
+ * No vendor SDKs. Pure `fetch` + `XMLHttpRequest`.
  */
 
-interface FileUploadOptions {
-    /** Folder path */
-    path?: string;
-    /** File type (file, avatar, etc.) */
-    type?: 'file' | 'avatar';
-    /** User ID (for avatar uploads) */
-    userId?: string;
-    /** Progress callback */
-    onProgress?: (event: UploadProgressEvent) => void;
-    /**
-     * Enable multipart upload for large files.
-     * - `true`: Always use multipart upload
-     * - `false`: Never use multipart upload
-     * - `'auto'` (default): Auto-enable for files > 5MB
-     *
-     * Multipart uploads support files up to 5TB with better
-     * reliability for large files.
-     */
-    multipart?: boolean | 'auto';
-    /**
-     * AbortSignal to cancel the upload.
-     * Vercel Blob pattern - enables cancellation of in-progress uploads.
-     *
-     * @example
-     * ```typescript
-     * const controller = new AbortController()
-     * // Cancel after 30 seconds
-     * setTimeout(() => controller.abort(), 30000)
-     * await uploadFile(config, file, { signal: controller.signal })
-     * ```
-     */
+interface UploadProgressEvent {
+    loaded: number;
+    total: number;
+    partsCompleted: number;
+    partsTotal: number;
+}
+interface UploadCreateOptions {
+    /** Logical name; preserved as metadata. Defaults to `blob.name` if `File`. */
+    filename?: string;
+    /** MIME type override; defaults to `blob.type` or `application/octet-stream`. */
+    contentType?: string;
+    /** Logical folder path within the project namespace. */
+    folder?: string;
+    /** Defaults to `'private'`. */
+    visibility?: 'public' | 'private';
+    /** Arbitrary user-attached metadata. */
+    metadata?: Record<string, unknown>;
+    /** Pre-computed SHA-256 (hex). If absent, the SDK computes it. */
+    checksumSha256?: string;
+    /** Fail when a file already exists at `(folder, filename)`. */
+    ifNoneMatch?: '*';
+    /** Cancellation. Aborts in-flight PUTs and triggers `DELETE /uploads/{id}`. */
     signal?: AbortSignal;
-    /**
-     * Idempotency key for safe retries (Stripe pattern)
-     *
-     * Prevents duplicate uploads if the same request is retried.
-     * Use a unique key per logical upload operation.
-     *
-     * @example `upload-${userId}-${fileName}-${fileHash}`
-     */
+    /** Override the auto-generated UUIDv7 idempotency key. */
     idempotencyKey?: string;
+    /** Progress callback. */
+    onProgress?: (event: UploadProgressEvent) => void;
 }
-interface FileInfo {
-    id: string;
-    url: string;
-    name: string;
-    size: number;
-    contentType: string;
-    isPrivate: boolean;
-    createdAt: string;
+interface ListFilesOptions {
+    folder?: string;
+    cursor?: string;
+    limit?: number;
+    includeDeleted?: boolean;
 }
 interface SignedUrlOptions {
-    /** Expiration in seconds (default: 3600, max: 604800 = 7 days) */
     expiresIn?: number;
-    /** Force download (attachment) vs inline display (default: attachment) */
     disposition?: 'attachment' | 'inline';
-    /** Restrict access to specific user */
     userId?: string;
 }
-interface SignedUrlResult {
-    /** The signed download URL */
-    url: string;
-    /** When the URL expires (ISO string) */
-    expiresAt: string;
-    /** File metadata */
-    file: {
-        id: string;
-        filename: string;
-        mimeType: string;
-        sizeBytes: number;
-        isPrivate: boolean;
-    };
+interface CopyFileOptions {
+    folder?: string;
+    filename?: string;
+    visibility?: 'public' | 'private';
+    metadata?: Record<string, unknown>;
 }
-/**
- * Upload a file to storage
- *
- * Uses client-side upload for optimal performance (direct to CDN).
- *
- * ## Industry-Standard Features
- * - **Cancellation**: AbortController support (Vercel Blob pattern)
- * - **Retry**: Exponential backoff with jitter (AWS S3 pattern: 5 retries)
- * - **Progress**: Real-time upload progress tracking
- *
- * ## File Size Limits
- * - Standard uploads: up to 500MB
- * - For files > 500MB: use React hooks with `multipart: true` (supports up to 5TB)
- *
- * ## Multipart Uploads
- * For large files (> 5MB), multipart uploads provide:
- * - Better reliability with chunked uploads
- * - Resumable upload capability
- * - Progress tracking per chunk
- *
- * Use the `multipart` option or React hooks for large files:
- * ```typescript
- * // React hooks (recommended for large files)
- * const { upload } = useStorage()
- * await upload(file, { multipart: true })
- * ```
- *
- * @example
- * ```typescript
- * const file = new File(['Hello'], 'hello.txt', { type: 'text/plain' })
- * const result = await uploadFile(config, file, {
- *   path: 'documents',
- *   onProgress: (e) => console.log(`${e.progress}%`),
- * })
- *
- * console.log(result.url)
- * ```
- *
- * @example Cancellation
- * ```typescript
- * const controller = new AbortController()
- * setTimeout(() => controller.abort(), 30000) // Cancel after 30s
- *
- * try {
- *   await uploadFile(config, file, { signal: controller.signal })
- * } catch (e) {
- *   if (e.name === 'AbortError') {
- *     console.log('Upload cancelled')
- *   }
- * }
- * ```
- */
-declare function uploadFile(config: SylphxConfig, file: File, options?: FileUploadOptions): Promise<UploadResult>;
-/**
- * Upload a user avatar
- *
- * @example
- * ```typescript
- * const avatar = await uploadAvatar(config, file, 'user-123')
- * console.log(avatar.url)
- * ```
- */
-declare function uploadAvatar(config: SylphxConfig, file: File, userId: string, options?: Pick<FileUploadOptions, 'onProgress'>): Promise<UploadResult>;
-/**
- * Delete a file
- *
- * @example
- * ```typescript
- * await deleteFile(config, 'file-123')
- * ```
- */
-declare function deleteFile(config: SylphxConfig, fileId: string): Promise<void>;
-/**
- * Get a file's URL by ID
- *
- * @example
- * ```typescript
- * const url = await getFileUrl(config, 'file-123')
- * ```
- */
-declare function getFileUrl(config: SylphxConfig, fileId: string): Promise<string>;
-/**
- * Get file info by ID
- *
- * @example
- * ```typescript
- * const info = await getFileInfo(config, 'file-123')
- * console.log(info.name, info.size)
- * ```
- */
-declare function getFileInfo(config: SylphxConfig, fileId: string): Promise<FileInfo>;
-/**
- * A single version of a stored file. Mirrors the contract
- * `StorageFileVersion` shape.
- */
-interface StorageFileVersion {
-    id: string;
-    fileId: string;
-    versionNumber: number;
-    sizeBytes: number;
-    contentType: string | null;
-    checksumSha256: string | null;
-    createdAt: string;
-    createdBy: string | null;
-    isCurrent: boolean;
+declare function uploadsCreate(config: SylphxConfig, blob: Blob | File, options: UploadCreateOptions): Promise<File$1>;
+declare function uploadsAbort(config: SylphxConfig, uploadId: UploadId | string): Promise<void>;
+interface ListPage {
+    files: File$1[];
+    nextCursor: string | null;
 }
+declare function filesList(config: SylphxConfig, options?: ListFilesOptions): AsyncIterable<File$1> & {
+    fetchPage: (cursor?: string) => Promise<ListPage>;
+};
+declare function filesGet(config: SylphxConfig, fileId: FileId | string): Promise<File$1>;
+declare function filesDelete(config: SylphxConfig, fileId: FileId | string): Promise<{
+    id: FileId;
+    isDeleted: true;
+}>;
+declare function filesRestore(config: SylphxConfig, fileId: FileId | string): Promise<File$1>;
+declare function filesSignedUrl(config: SylphxConfig, fileId: FileId | string, options?: SignedUrlOptions): Promise<{
+    url: string;
+    expiresAt: string;
+    file: File$1;
+}>;
+declare function filesCopy(config: SylphxConfig, fileId: FileId | string, options: CopyFileOptions): Promise<File$1>;
+declare function filesVersionsList(config: SylphxConfig, fileId: FileId | string): Promise<FileVersion[]>;
+declare function filesVersionsRestore(config: SylphxConfig, fileId: FileId | string, versionId: FileVersionId | string): Promise<{
+    file: File$1;
+    version: FileVersion;
+}>;
 /**
- * List all versions of a file, newest first.
- *
- * Versions beyond the per-file retention cap (default 10) are pruned
- * automatically on each upload — this list reflects the retained window.
- *
- * @example
- * ```ts
- * const versions = await listFileVersions(config, 'file_abc')
- * const current = versions.find(v => v.isCurrent)
- * ```
- */
-declare function listFileVersions(config: SylphxConfig, fileId: string): Promise<StorageFileVersion[]>;
-/**
- * Restore an older version as the new current. The operation creates a
- * NEW version row pointing at the old object — the old row is NOT
- * mutated, preserving the audit trail.
- *
- * Rate-limited to 10/min/project.
- *
- * @example
- * ```ts
- * const restored = await restoreFileVersion(config, 'file_abc', 'fver_xyz')
- * console.log(restored.versionNumber) // e.g. 5 (the new current version #)
- * ```
- */
-declare function restoreFileVersion(config: SylphxConfig, fileId: string, versionId: string): Promise<StorageFileVersion>;
-/**
- * Soft-delete a file. The version history is retained so
- * {@link restoreFile} can reverse the operation.
- *
- * This is an alias of {@link deleteFile} — the SDK `deleteFile` function
- * ALSO soft-deletes (ADR-089 Phase 5.8 changed DELETE semantics from
- * hard-delete to soft-delete). `softDeleteFile` is the explicit name for
- * code clarity.
- *
- * @example
- * ```ts
- * await softDeleteFile(config, 'file_abc')
- * // Later…
- * await restoreFile(config, 'file_abc')
- * ```
- */
-declare function softDeleteFile(config: SylphxConfig, fileId: string): Promise<void>;
-/**
- * Reverse a soft-delete. Fails if the file is not currently soft-deleted
- * (explicit over silent to catch admin-UI bugs).
- *
- * @example
- * ```ts
- * const file = await restoreFile(config, 'file_abc')
- * ```
- */
-declare function restoreFile(config: SylphxConfig, fileId: string): Promise<FileInfo>;
-/**
- * Download the payload of a specific historical version via a short-lived
- * signed URL. Useful for diffing current vs a previous version or serving
- * an older variant to an admin audit UI.
- *
- * Internally calls {@link getSignedUrl} after flipping the version to be
- * "temporarily current" would NOT be safe, so instead the server minted
- * URL carries the explicit `versionId`. The resulting blob is streamed
- * directly from storage — no server round-trip for the bytes.
+ * `storage` namespace — the only public surface for storage in `@sylphx/sdk`.
  *
  * @example
  * ```ts
- * const blob = await downloadFileVersion(config, 'file_abc', 'fver_xyz')
- * const bytes = new Uint8Array(await blob.arrayBuffer())
- * ```
- */
-declare function downloadFileVersion(config: SylphxConfig, fileId: string, versionId: string): Promise<Blob>;
-/**
- * Generate a signed URL for accessing a private file
- *
- * Signed URLs provide time-limited access to private files without
- * exposing permanent URLs. Useful for:
- * - Secure document downloads
- * - Private media streaming
- * - Temporary file sharing
+ * import { storage } from '@sylphx/sdk'
  *
- * @example
- * ```typescript
- * // Generate a download URL valid for 1 hour
- * const { url, expiresAt } = await getSignedUrl(config, 'file-123')
- *
- * // Generate an inline preview URL valid for 5 minutes
- * const preview = await getSignedUrl(config, 'file-123', {
- *   expiresIn: 300,
- *   disposition: 'inline',
+ * const file = await storage.uploads.create(config, blob, {
+ *   filename: 'report.pdf',
+ *   folder: 'documents',
+ *   onProgress: (e) => console.log(`${e.loaded}/${e.total}`),
  * })
  *
- * // Restrict access to a specific user
- * const userOnly = await getSignedUrl(config, 'file-123', {
- *   userId: 'user-456',
- * })
+ * for await (const f of storage.files.list(config, { folder: 'documents' })) {
+ *   console.log(f.id, f.filename)
+ * }
  * ```
  */
-declare function getSignedUrl(config: SylphxConfig, fileId: string, options?: SignedUrlOptions): Promise<SignedUrlResult>;
+declare const storage: {
+    readonly uploads: {
+        readonly create: typeof uploadsCreate;
+        readonly abort: typeof uploadsAbort;
+    };
+    readonly files: {
+        readonly list: typeof filesList;
+        readonly get: typeof filesGet;
+        readonly delete: typeof filesDelete;
+        readonly restore: typeof filesRestore;
+        readonly signedUrl: typeof filesSignedUrl;
+        readonly copy: typeof filesCopy;
+        readonly versions: {
+            readonly list: typeof filesVersionsList;
+            readonly restore: typeof filesVersionsRestore;
+        };
+    };
+};
 
 /**
  * Push Notification Service Worker Template
@@ -6262,7 +6095,7 @@ declare function assignMemberRole(config: SylphxConfig, orgIdOrSlug: string, mem
  * import { createConfig, getSecret, getSecrets, listSecretKeys } from '@sylphx/sdk'
  *
  * const config = createConfig({
- *   secretKey: process.env.SYLPHX_SECRET_KEY!,
+ *   secretKey: createServerClient(process.env.SYLPHX_SECRET_URL!).secretKey!,
  * })
  *
  * // Get a single secret
@@ -6413,7 +6246,7 @@ declare function getAllSecrets(config: SylphxConfig, environmentId?: string): Pr
  * import { createConfig, indexDocument, search, batchIndex } from '@sylphx/sdk'
  *
  * const config = createConfig({
- *   secretKey: process.env.SYLPHX_SECRET_KEY!,
+ *   secretKey: createServerClient(process.env.SYLPHX_SECRET_URL!).secretKey!,
  * })
  *
  * // Index a document
@@ -6829,7 +6662,7 @@ declare function trackClick(config: SylphxConfig, input: TrackClickInput): Promi
  * ```ts
  * import { createConfig, getDatabaseConnectionString } from '@sylphx/sdk'
  *
- * const config = createConfig({ secretKey: process.env.SYLPHX_SECRET_KEY! })
+ * const config = createConfig({ secretKey: createServerClient(process.env.SYLPHX_SECRET_URL!).secretKey! })
  * const { connectionString } = await getDatabaseConnectionString(config)
  *
  * const pool = new Pool({ connectionString })
@@ -6944,7 +6777,7 @@ interface KvZMember {
  * ```ts
  * import { createConfig, kvSet, kvGet, kvDelete } from '@sylphx/sdk'
  *
- * const config = createConfig({ secretKey: process.env.SYLPHX_SECRET_KEY! })
+ * const config = createConfig({ secretKey: createServerClient(process.env.SYLPHX_SECRET_URL!).secretKey! })
  *
  * // Basic key-value operations
  * await kvSet(config, { key: 'user:123', value: { name: 'Alice' }, ex: 3600 })
@@ -7290,7 +7123,7 @@ declare function kvSetJSON<T>(config: SylphxConfig, key: string, value: T, optio
  * ```ts
  * import { createConfig, triggerDeploy, getDeployStatus } from '@sylphx/sdk'
  *
- * const config = createConfig({ secretKey: process.env.SYLPHX_SECRET_KEY! })
+ * const config = createConfig({ secretKey: createServerClient(process.env.SYLPHX_SECRET_URL!).secretKey! })
  *
  * // Trigger a deployment
  * const deploy = await triggerDeploy(config, { envId: 'env_prod_xxx' })
@@ -7649,7 +7482,7 @@ declare function captureMessage(config: SylphxConfig, message: string, options?:
  * ```typescript
  * import { createServerClient, SandboxClient } from '@sylphx/sdk'
  *
- * const config = createServerClient(process.env.SYLPHX_URL!)
+ * const config = createServerClient(process.env.SYLPHX_SECRET_URL!)
  *
  * // Create sandbox (Platform waits for pod ready before returning)
  * const sandbox = await SandboxClient.create(config)
@@ -8004,7 +7837,7 @@ declare class SandboxClient {
  * ```typescript
  * import { createServerClient, RunsClient } from '@sylphx/sdk'
  *
- * const config = createServerClient(process.env.SYLPHX_URL!)
+ * const config = createServerClient(process.env.SYLPHX_SECRET_URL!)
  *
  * const run = await RunsClient.create(config, {
  *   image: 'registry.sylphx.com/sylphx/my-trainer:abc123',
@@ -8239,7 +8072,7 @@ declare class RunHandle {
  *
  * @example
  * ```typescript
- * const config = createServerClient(process.env.SYLPHX_URL!)
+ * const config = createServerClient(process.env.SYLPHX_SECRET_URL!)
  *
  * // Run a worker and wait for completion
  * const result = await RunsClient.create(config, { ... }).then(w => w.wait())
@@ -8384,7 +8217,7 @@ declare const WorkersClient: {
  * ### Cron → Task
  * ```typescript
  * import { createServerClient, TriggersClient } from '@sylphx/sdk'
- * const config = createServerClient(process.env.SYLPHX_URL!)
+ * const config = createServerClient(process.env.SYLPHX_SECRET_URL!)
  *
  * const trigger = await TriggersClient.create(config, {
  *   name: 'daily-cleanup',
@@ -9461,4 +9294,4 @@ declare const functions: {
     };
 };
 
-export { ACHIEVEMENT_TIER_CONFIG, type AIListModelsOptions, type AIListModelsResponse, type AIMessage, type AIMessageRole, type AIModel, type AIModelInfo, type AIModelsResponse, type AIProvider, type AIRateLimitInfo, type AIRateLimitResponse, type AIRequestType, type AIStreamChunk, type AITool, type AIToolCall, type AIUsageResponse, type AIUsageStats, type AccessTokenPayload, type AchievementCategory, type AchievementCriteria, type AchievementCriterion, type AchievementDefinition, type AchievementTier, type AchievementType, type AchievementUnlockEvent, type AdminUser, type AuditQueryFilter, type AuditQueryResult, AuthenticationError, AuthorizationError, type BackupCodesResult, type BatchEvent, type BatchIndexInput, type BatchIndexResult, type Breadcrumb, type BuildLog, type BuildLogHistoryResponse, type CaptureExceptionRequest, type CaptureMessageRequest, type ChallengeMethod, type ChallengeType, type ChallengeVerifyInput, type ChallengeVerifyResult, type ChatCompletionInput, type ChatCompletionResponse, type ChatInput, type ChatMessage, type ChatResult, type ChatStreamChunk, type CircuitBreakerConfig, CircuitBreakerOpenError, type CircuitState, type CommandResult, type ConsentCategory, type ConsentHistoryEntry, type ConsentHistoryResult, type ConsentPurposeDefaults, type ConsentType, type ContentPart, type CreateOrgInput, type CreatePermissionInput, type CreatePromoInput, type CreateRoleInput, type CreateRunOptions, type CreateTriggerOptions, type CriteriaOperator, type CronInput, type CronSchedule, type CronSource, type DatabaseConnectionInfo, type DatabaseStatus, type DatabaseStatusInfo, type DebugCategory, type DeduplicationConfig, type DeleteAccountResult, type DeleteDocumentInput, type DeployHistoryResponse, type DeployInfo, type DeployStatus, type DeviceApproveInput, type DeviceApproveResult, type DeviceDenyInput, type DeviceDenyResult, type DeviceGrant, type DeviceInitInput, type DevicePollResult, type DynamicRestClient, ERROR_CODE_STATUS, type EmailChangeInput, type EmailConfirmInput, type EmbedInput, type EmbedResult, type EmbeddingInput, type EmbeddingResponse, type LeaderboardEntry as EngagementLeaderboardEntry, type LeaderboardResult as EngagementLeaderboardResult, type EnvVar, type ErrorCode, type ErrorResponse, type EventSource, type ExceptionFrame, type ExceptionValue, type ExecEvent, type ExecOptions, type ExecResult, type FacetsResponse, type FileEvent, type FileInfo, type FileUploadOptions, type FlagContext, type FlagResult, type GetConsentHistoryInput, type GetConsentsInput, type GetFacetsInput, type GetSecretInput, type GetSecretResult, type GetSecretsInput, type GetSecretsResult, type HttpTarget, type IdentifyInput, type ImpersonationActive, type ImpersonationEndResult, type ImpersonationInfo, type ImpersonationStartResult, type IndexDocumentInput, type IndexDocumentResult, type IngestLogsResult, InvalidConnectionUrlError, type InviteMemberInput, type InviteUserRequest, type InviteUserResponse, type KvExpireRequest, type KvHgetRequest, type KvHgetallRequest, type KvHsetRequest, type KvIncrRequest, type KvLpushRequest, type KvLrangeRequest, type KvMgetRequest, type KvMsetRequest, type KvRateLimitRequest, type KvRateLimitResult, type KvScanOptions, type KvScanResult, type KvSetOptions, type KvSetRequest, type KvZMember, type KvZaddRequest, type KvZrangeRequest, type LeaderboardAggregation, type LeaderboardDefinition, type LeaderboardEntry$1 as LeaderboardEntry, type LeaderboardOptions, type LeaderboardQueryOptions, type LeaderboardResetPeriod, type LeaderboardResult$1 as LeaderboardResult, type LeaderboardSortDirection, type LinkAnonymousConsentsInput, type ListPromosOptions, type ListPromosResult, type ListRedemptionsOptions, type ListRedemptionsResult, type ListRunsOptions, type ListRunsResult, type ListScheduledEmailsOptions, type ListSecretKeysInput, type ListTriggersResult, type ListUsersOptions, type ListUsersResult, type LogEntry, type LogLevel, type LoginHistoryEntry, type LoginRequest, type LoginResponse, type MeResponse, type MemberPermissionsResult, type MintAccessTokenClaims, type MintAccessTokenResult, type MonitoringResponse, type MonitoringSeverity, type NativeStepContext, type NativeTaskDefinition, type TaskRunStatus as NativeTaskRunStatus, NetworkError, NotFoundError, type OAuthAuthorizeInput, type OAuthAuthorizeResult, type OAuthCodeExchangeInput, type OAuthProvider, type OAuthProvidersResult, type OidcDiscoveryDocument, type OidcUserInfoResponse, type OrgRole, type OrgTokenPayload, type OrganizationInvitation, type OrganizationMember, type OrganizationMembership, type PageInput, type PaginatedResponse, type PaginationInput, type ParsedConnectionUrl, type PasskeyRegistrationInput, type PasskeyRegistrationOptions, type PasskeySummary, type PasskeysList, type PasswordSetInput, type Permission, type PkceMethod, type Plan, type PlatformAccessTokenClaims, type PlatformFunctionsDownloadBundleResult, type PlatformLogoutInput, type PlatformPasswordChangeInput, type PlatformPasswordChangeResult, type PlatformPasswordSetInput, type PlatformPasswordSetResult, type PlatformPasswordStatusResult, type PlatformRealtimeChannel, type PlatformRealtimeCreateChannelResult, type PlatformRealtimeDeleteChannelResult, type PlatformRealtimeListChannelsResult, type PlatformRealtimeStatusResult, type PlatformRefreshInput, type PlatformRefreshResult, type PlatformSessionRenameInput, type PlatformSessionRenameResult, type PlatformSessionRevokeAllResult, type PlatformSessionRevokeInput, type PlatformSessionRevokeOtherResult, type PlatformSessionRevokeResult, type PlatformSessionsListResult, type PlatformUserDeleteInput, type PlatformUserDeleteResult, type PlatformUserExportResult, type PlatformUserRecord, type PlatformUserResolution, type ProcessEvent, type ProcessInfo, type ProcessStartOptions, type ProcessSummary, type ProjectMetadata, type PromoCode, type PromoRedemption, type PromoStatus, type PromoType, type PromoValidationPreview, type PublishEventResult, type PushCampaign, type PushCampaignStats, type PushCampaignVariant, type PushNotification, type PushNotificationPayload, type PushSegment, type PushSegmentFilter, type PushServiceWorkerConfig, type PushSubscription, type QueryLogsOptions, type QueryLogsResult, RETRYABLE_CODES, RateLimitError, type RateLimitStatusFilter, type RateLimitStatusResult, type RateLimitStrategiesFilter, type RateLimitStrategiesResult, type RateLimitStrategyDeleteInput, type RateLimitStrategyDeleteResult, type RateLimitStrategyUpsertInput, type RateLimitStrategyUpsertResult, type RealtimeEmitRequest, type RealtimeEmitResponse, type RealtimeHistoryRequest, type RealtimeHistoryResponse, type RecordActivityInput, type RecordActivityResult, type RedeemPromoInput, type RedeemPromoResult, type RedeemReferralInput, type RedeemResult, type ReferralCode, type ReferralStats, type RegisterInput, type RegisterRequest, type RegisterResponse, type ResendEmailVerificationRequest, type ResendEmailVerificationResponse, type RestClient, type RestClientConfig, type RestDynamicConfig, type RetryConfig, type RevokeTokenOptions, type Role, type RollbackDeployRequest, type Run, RunHandle, type RunLogsResult, type RunResourceSpec, type RunResult, type RunStatus, type RunTarget, type RunVolumeMount, type CreateRunOptions as RunWorkerOptions, RunsClient, SandboxClient, type SandboxFile, SandboxFiles, type SandboxOptions, SandboxProcesses, type SandboxRecord, SandboxWatch, type ScheduleEmailOptions, type ScheduledEmail, type ScheduledEmailStats, type ScheduledEmailsResult, type SearchInput, type SearchResponse, type SearchResultItem, type SearchStatsResult, type SearchType, type SecretKeyInfo, type SecurityAlert, type SecurityAlertsList, type SecurityScoreResult, type SecuritySettings, type SendEmailOptions, type SendResult, type SendTemplatedEmailOptions, type SendToUserOptions, type SessionResult, type SetConsentsInput, type SetEnvVarRequest, type SignedUrlOptions, type SignedUrlResult, StepCompleteSignal, StepSleepSignal, type StorageFileVersion, type StoredLogEntry, type StreakDefinition, type StreakFrequency, type StreakState, type StreamMessage, type SubmitScoreInput, type SubmitScoreResult, type Subscription, type SuccessResponse, type SylphxClientInput, type SylphxConfig, type SylphxConfigInput, SylphxError, type SylphxErrorCode, type SylphxErrorOptions, type TaskInput, type TaskResult, type TaskStatus, type TaskTarget, type TextCompletionInput, type TextCompletionResponse, TimeoutError, type TokenIntrospectionResult, type TokenResponse, type Tool, type ToolCall, type TrackClickInput, type TrackInput, type Trigger, type TriggerDeployRequest, type TriggerSource, type TriggerSourceType, type TriggerStatus, type TriggerTarget, type TriggerTargetType, TriggersClient, type TwoFactorEnableResult, type TwoFactorSetupResult, type TwoFactorVerifyRequest, type UpdateOrgInput, type UpdatePromoInput, type UpdateRoleInput, type UpdateTriggerOptions, type UploadProgressEvent, type UploadResult, type UpsertDocumentInput, type UpsertDocumentResult, type User, type UserAchievement, type UserConsent, type UserDataExport, type UserFullProfile, type UserProfile, type UserSecuritySettings, type UserSession, type UserSessionsList, type UserUpdateProfileInput, type ValidatePromoInput, type ValidatePromoResult, ValidationError, type VisionInput, type WatchEntry, type WatchOptions, type WebhookConfig, type WebhookConfigUpdate, type WebhookDeliveriesResult, type WebhookDelivery, type WebhookStats, RunHandle as WorkerHandle, type RunLogsResult as WorkerLogsResult, type RunResourceSpec as WorkerResourceSpec, type RunResult as WorkerResult, type Run as WorkerRun, type RunStatus as WorkerStatus, type RunVolumeMount as WorkerVolumeMount, WorkersClient, acceptAllConsents, acceptOrganizationInvitation, assignMemberRole, audit, authorizeOAuth, batchIndex, canDeleteOrganization, canManageMembers, canManageSettings, cancelScheduledEmail, cancelTask, captureException, captureExceptionRaw, captureMessage, chat, chatStream, checkFlag, complete, confirmEmailChange, cookies, createCheckout, createClient, createConfig, createCron, createDynamicRestClient, createOrganization, createPermission, createPortalSession, createPromo, createRestClient, createRole, createServerClient, createServiceWorkerScript, createStepContext, createTasksHandler, createTracker, debugError, debugLog, debugTimer, debugWarn, declineOptionalConsents, deleteCron, deleteDocument, deleteEnvVar, deleteFile, deleteOrganization, deletePasskey, deletePermission, deletePromo, deleteRole, deleteUser, deleteUserAccount, device, disableDebug, disableTwoFactor, disconnectOAuthProvider, downloadFileVersion, dpop, embed, enableDebug, exchangeOAuthCode, exponentialBackoff, exportUserData, extendedSignUp, forgotPassword, functions, generateAnonymousId, generatePkce, getAchievement, getAchievementPoints, getAchievements, getAllFlags, getAllSecrets, getAllStreaks, getBackupCodes, getBillingBalance, getBillingUsage, getBuildLogHistory, getCircuitBreakerState, getConsentHistory, getConsentTypes, getDatabaseConnectionString, getDatabaseStatus, getDebugMode, getDeployHistory, getDeployStatus, getErrorCode, getErrorMessage, getFacets, getFileInfo, getFileUrl, getFlagPayload, getFlags, getLeaderboard, getMemberPermissions, getMyReferralCode, getOidcDiscoveryDocument, getOrganization, getOrganizationInvitations, getOrganizationMembers, getOrganizations, getPlans, getProjectMetadata, getPromo, getPushPreferences, getRealtimeHistory, getReferralLeaderboard, getReferralStats, getRestErrorMessage, getRole, getScheduledEmail, getScheduledEmailStats, getSearchStats, getSecret, getSecrets, getSecurityScore, getSession, getSignedUrl, getStreak, getSubscription, getTask, getUser, getUserByEmail, getUserConsents, getUserLeaderboardRank, getUserProfile, getUserSecurity, getVariant, getWebhookConfig, getWebhookDeliveries, getWebhookDelivery, getWebhookStats, hasAllPermissions, hasAnyPermission, hasConsent, hasError, hasPermission, hasRole, hasSecret, identify, impersonation, incrementAchievementProgress, indexDocument, ingestLogs, initPushServiceWorker, installGlobalDebugHelpers, introspectToken, inviteOrganizationMember, inviteUser, isEmailConfigured, isEnabled, isRetryableError, isSylphxError, kvDelete, kvExists, kvExpire, kvGet, kvGetJSON, kvHget, kvHgetall, kvHset, kvIncr, kvLpush, kvLrange, kvMget, kvMset, kvRateLimit, kvScan, kvSet, kvSetJSON, kvZadd, kvZrange, leaveOrganization, linkAnonymousConsents, listEnvVars, listFileVersions, listOAuthProviders, listPasskeys, listPermissions, listPromoRedemptions, listPromos, listRoles, listScheduledEmails, listSecretKeys, listSecurityAlerts, listTasks, listUserSessions, listUsers, markAllSecurityAlertsRead, markSecurityAlertRead, oauth, page, parseOAuthCallback, password, pauseCron, platformAuth, campaigns as pushCampaigns, segments as pushSegments, queryLogs, rateLimits, realtime, realtimeEmit, recordStreakActivity, recoverStreak, redeemPromo, redeemReferralCode, refreshToken, regenerateBackupCodes, regenerateReferralCode, registerPush, registerPushServiceWorker, removeOrganizationMember, renamePasskey, renameUserSession, replayWebhookDelivery, requestEmailChange, rescheduleEmail, resendVerificationEmail, resetCircuitBreaker, resetDebugModeCache, resetPassword, resetPlatformCookieCache, resetPlatformJwksCache, restoreFile, restoreFileVersion, resumeCron, revokeAllTokens, revokeOrganizationInvitation, revokeToken, revokeUserSession, rollbackDeploy, scheduleEmail, scheduleTask, search, sendEmail, sendEmailToUser, sendPush, sendTemplatedEmail, sessions, setConsents, setEnvVar, setPassword, setupTwoFactor, signIn, signOut, signUp, softDeleteFile, startPasskeyRegistration, streamToString, submitScore, suspendUser, switchOrg, toSylphxError, track, trackBatch, trackClick, triggerDeploy, unlockAchievement, unregisterPush, updateOrganization, updateOrganizationMemberRole, updatePromo, updatePushPreferences, updateRole, updateUser, updateUserMetadata, updateUserProfile, updateWebhookConfig, uploadAvatar, uploadFile, upsertDocument, user, userInfo, validatePromo, verifyAccessToken, verifyChallenge, verifyEmail, verifyPasskeyRegistration, verifySignature as verifyTaskSignature, verifyTwoFactor, verifyTwoFactorEnable, withToken };
+export { ACHIEVEMENT_TIER_CONFIG, type AIListModelsOptions, type AIListModelsResponse, type AIMessage, type AIMessageRole, type AIModel, type AIModelInfo, type AIModelsResponse, type AIProvider, type AIRateLimitInfo, type AIRateLimitResponse, type AIRequestType, type AIStreamChunk, type AITool, type AIToolCall, type AIUsageResponse, type AIUsageStats, type AccessTokenPayload, type AchievementCategory, type AchievementCriteria, type AchievementCriterion, type AchievementDefinition, type AchievementTier, type AchievementType, type AchievementUnlockEvent, type AdminUser, type AuditQueryFilter, type AuditQueryResult, AuthenticationError, AuthorizationError, type BackupCodesResult, type BatchEvent, type BatchIndexInput, type BatchIndexResult, type Breadcrumb, type BuildLog, type BuildLogHistoryResponse, type CaptureExceptionRequest, type CaptureMessageRequest, type ChallengeMethod, type ChallengeType, type ChallengeVerifyInput, type ChallengeVerifyResult, type ChatCompletionInput, type ChatCompletionResponse, type ChatInput, type ChatMessage, type ChatResult, type ChatStreamChunk, type CircuitBreakerConfig, CircuitBreakerOpenError, type CircuitState, type CommandResult, type ConsentCategory, type ConsentHistoryEntry, type ConsentHistoryResult, type ConsentPurposeDefaults, type ConsentType, type ContentPart, type CopyFileOptions, type CreateOrgInput, type CreatePermissionInput, type CreatePromoInput, type CreateRoleInput, type CreateRunOptions, type CreateTriggerOptions, type CriteriaOperator, type CronInput, type CronSchedule, type CronSource, type DatabaseConnectionInfo, type DatabaseStatus, type DatabaseStatusInfo, type DebugCategory, type DeduplicationConfig, type DeleteAccountResult, type DeleteDocumentInput, type DeployHistoryResponse, type DeployInfo, type DeployStatus, type DeviceApproveInput, type DeviceApproveResult, type DeviceDenyInput, type DeviceDenyResult, type DeviceGrant, type DeviceInitInput, type DevicePollResult, type DynamicRestClient, ERROR_CODE_STATUS, type EmailChangeInput, type EmailConfirmInput, type EmbedInput, type EmbedResult, type EmbeddingInput, type EmbeddingResponse, type LeaderboardEntry as EngagementLeaderboardEntry, type LeaderboardResult as EngagementLeaderboardResult, type EnvVar, type ErrorCode, type ErrorResponse, type EventSource, type ExceptionFrame, type ExceptionValue, type ExecEvent, type ExecOptions, type ExecResult, type FacetsResponse, type FileEvent, type FlagContext, type FlagResult, type GetConsentHistoryInput, type GetConsentsInput, type GetFacetsInput, type GetSecretInput, type GetSecretResult, type GetSecretsInput, type GetSecretsResult, type HttpTarget, type IdentifyInput, type ImpersonationActive, type ImpersonationEndResult, type ImpersonationInfo, type ImpersonationStartResult, type IndexDocumentInput, type IndexDocumentResult, type IngestLogsResult, InvalidConnectionUrlError, type InviteMemberInput, type InviteUserRequest, type InviteUserResponse, type KvExpireRequest, type KvHgetRequest, type KvHgetallRequest, type KvHsetRequest, type KvIncrRequest, type KvLpushRequest, type KvLrangeRequest, type KvMgetRequest, type KvMsetRequest, type KvRateLimitRequest, type KvRateLimitResult, type KvScanOptions, type KvScanResult, type KvSetOptions, type KvSetRequest, type KvZMember, type KvZaddRequest, type KvZrangeRequest, type LeaderboardAggregation, type LeaderboardDefinition, type LeaderboardEntry$1 as LeaderboardEntry, type LeaderboardOptions, type LeaderboardQueryOptions, type LeaderboardResetPeriod, type LeaderboardResult$1 as LeaderboardResult, type LeaderboardSortDirection, type LinkAnonymousConsentsInput, type ListFilesOptions, type ListPromosOptions, type ListPromosResult, type ListRedemptionsOptions, type ListRedemptionsResult, type ListRunsOptions, type ListRunsResult, type ListScheduledEmailsOptions, type ListSecretKeysInput, type ListTriggersResult, type ListUsersOptions, type ListUsersResult, type LogEntry, type LogLevel, type LoginHistoryEntry, type LoginRequest, type LoginResponse, type MeResponse, type MemberPermissionsResult, type MintAccessTokenClaims, type MintAccessTokenResult, type MonitoringResponse, type MonitoringSeverity, type NativeStepContext, type NativeTaskDefinition, type TaskRunStatus as NativeTaskRunStatus, NetworkError, NotFoundError, type OAuthAuthorizeInput, type OAuthAuthorizeResult, type OAuthCodeExchangeInput, type OAuthProvider, type OAuthProvidersResult, type OidcDiscoveryDocument, type OidcUserInfoResponse, type OrgRole, type OrgScopedTokenResponse, type OrgTokenPayload, type OrganizationInvitation, type OrganizationMember, type OrganizationMembership, type PageInput, type PaginatedResponse, type PaginationInput, type ParsedConnectionUrl, type PasskeyRegistrationInput, type PasskeyRegistrationOptions, type PasskeySummary, type PasskeysList, type PasswordSetInput, type Permission, type PkceMethod, type Plan, type PlatformAccessTokenClaims, type PlatformFunctionsDownloadBundleResult, type PlatformLogoutInput, type PlatformPasswordChangeInput, type PlatformPasswordChangeResult, type PlatformPasswordSetInput, type PlatformPasswordSetResult, type PlatformPasswordStatusResult, type PlatformRealtimeChannel, type PlatformRealtimeCreateChannelResult, type PlatformRealtimeDeleteChannelResult, type PlatformRealtimeListChannelsResult, type PlatformRealtimeStatusResult, type PlatformRefreshInput, type PlatformRefreshResult, type PlatformSessionRenameInput, type PlatformSessionRenameResult, type PlatformSessionRevokeAllResult, type PlatformSessionRevokeInput, type PlatformSessionRevokeOtherResult, type PlatformSessionRevokeResult, type PlatformSessionsListResult, type PlatformUserDeleteInput, type PlatformUserDeleteResult, type PlatformUserExportResult, type PlatformUserRecord, type PlatformUserResolution, type ProcessEvent, type ProcessInfo, type ProcessStartOptions, type ProcessSummary, type ProjectMetadata, type PromoCode, type PromoRedemption, type PromoStatus, type PromoType, type PromoValidationPreview, type PublishEventResult, type PushCampaign, type PushCampaignStats, type PushCampaignVariant, type PushNotification, type PushNotificationPayload, type PushSegment, type PushSegmentFilter, type PushServiceWorkerConfig, type PushSubscription, type QueryLogsOptions, type QueryLogsResult, RETRYABLE_CODES, RateLimitError, type RateLimitStatusFilter, type RateLimitStatusResult, type RateLimitStrategiesFilter, type RateLimitStrategiesResult, type RateLimitStrategyDeleteInput, type RateLimitStrategyDeleteResult, type RateLimitStrategyUpsertInput, type RateLimitStrategyUpsertResult, type RealtimeEmitRequest, type RealtimeEmitResponse, type RealtimeHistoryRequest, type RealtimeHistoryResponse, type RecordActivityInput, type RecordActivityResult, type RedeemPromoInput, type RedeemPromoResult, type RedeemReferralInput, type RedeemResult, type ReferralCode, type ReferralStats, type RegisterInput, type RegisterRequest, type RegisterResponse, type ResendEmailVerificationRequest, type ResendEmailVerificationResponse, type RestClient, type RestClientConfig, type RestDynamicConfig, type RetryConfig, type RevokeTokenOptions, type Role, type RollbackDeployRequest, type Run, RunHandle, type RunLogsResult, type RunResourceSpec, type RunResult, type RunStatus, type RunTarget, type RunVolumeMount, type CreateRunOptions as RunWorkerOptions, RunsClient, SandboxClient, type SandboxFile, SandboxFiles, type SandboxOptions, SandboxProcesses, type SandboxRecord, SandboxWatch, type ScheduleEmailOptions, type ScheduledEmail, type ScheduledEmailStats, type ScheduledEmailsResult, type SearchInput, type SearchResponse, type SearchResultItem, type SearchStatsResult, type SearchType, type SecretKeyInfo, type SecurityAlert, type SecurityAlertsList, type SecurityScoreResult, type SecuritySettings, type SendEmailOptions, type SendResult, type SendTemplatedEmailOptions, type SendToUserOptions, type SessionResult, type SetConsentsInput, type SetEnvVarRequest, type SignedUrlOptions, StepCompleteSignal, StepSleepSignal, type StoredLogEntry, type StreakDefinition, type StreakFrequency, type StreakState, type StreamMessage, type SubmitScoreInput, type SubmitScoreResult, type Subscription, type SuccessResponse, type SylphxClientInput, type SylphxConfig, type SylphxConfigInput, SylphxError, type SylphxErrorCode, type SylphxErrorOptions, type TaskInput, type TaskResult, type TaskStatus, type TaskTarget, type TextCompletionInput, type TextCompletionResponse, TimeoutError, type TokenIntrospectionResult, type TokenResponse, type Tool, type ToolCall, type TrackClickInput, type TrackInput, type Trigger, type TriggerDeployRequest, type TriggerSource, type TriggerSourceType, type TriggerStatus, type TriggerTarget, type TriggerTargetType, TriggersClient, type TwoFactorEnableResult, type TwoFactorSetupResult, type TwoFactorVerifyRequest, type UpdateOrgInput, type UpdatePromoInput, type UpdateRoleInput, type UpdateTriggerOptions, type UploadCreateOptions, type UploadProgressEvent, type UpsertDocumentInput, type UpsertDocumentResult, type User, type UserAchievement, type UserConsent, type UserDataExport, type UserFullProfile, type UserProfile, type UserSecuritySettings, type UserSession, type UserSessionsList, type UserUpdateProfileInput, type ValidatePromoInput, type ValidatePromoResult, ValidationError, type VisionInput, type WatchEntry, type WatchOptions, type WebhookConfig, type WebhookConfigUpdate, type WebhookDeliveriesResult, type WebhookDelivery, type WebhookStats, RunHandle as WorkerHandle, type RunLogsResult as WorkerLogsResult, type RunResourceSpec as WorkerResourceSpec, type RunResult as WorkerResult, type Run as WorkerRun, type RunStatus as WorkerStatus, type RunVolumeMount as WorkerVolumeMount, WorkersClient, acceptAllConsents, acceptOrganizationInvitation, assignMemberRole, audit, authorizeOAuth, batchIndex, canDeleteOrganization, canManageMembers, canManageSettings, cancelScheduledEmail, cancelTask, captureException, captureExceptionRaw, captureMessage, chat, chatStream, checkFlag, complete, confirmEmailChange, cookies, createCheckout, createClient, createConfig, createCron, createDynamicRestClient, createOrganization, createPermission, createPortalSession, createPromo, createRestClient, createRole, createServerClient, createServiceWorkerScript, createStepContext, createTasksHandler, createTracker, debugError, debugLog, debugTimer, debugWarn, declineOptionalConsents, deleteCron, deleteDocument, deleteEnvVar, deleteOrganization, deletePasskey, deletePermission, deletePromo, deleteRole, deleteUser, deleteUserAccount, device, disableDebug, disableTwoFactor, disconnectOAuthProvider, dpop, embed, enableDebug, exchangeOAuthCode, exponentialBackoff, exportUserData, extendedSignUp, forgotPassword, functions, generateAnonymousId, generatePkce, getAchievement, getAchievementPoints, getAchievements, getAllFlags, getAllSecrets, getAllStreaks, getBackupCodes, getBillingBalance, getBillingUsage, getBuildLogHistory, getCircuitBreakerState, getConsentHistory, getConsentTypes, getDatabaseConnectionString, getDatabaseStatus, getDebugMode, getDeployHistory, getDeployStatus, getErrorCode, getErrorMessage, getFacets, getFlagPayload, getFlags, getLeaderboard, getMemberPermissions, getMyReferralCode, getOidcDiscoveryDocument, getOrgScopedToken, getOrganization, getOrganizationInvitations, getOrganizationMembers, getOrganizations, getPlans, getProjectMetadata, getPromo, getPushPreferences, getRealtimeHistory, getReferralLeaderboard, getReferralStats, getRestErrorMessage, getRole, getScheduledEmail, getScheduledEmailStats, getSearchStats, getSecret, getSecrets, getSecurityScore, getSession, getStreak, getSubscription, getTask, getUser, getUserByEmail, getUserConsents, getUserLeaderboardRank, getUserProfile, getUserSecurity, getVariant, getWebhookConfig, getWebhookDeliveries, getWebhookDelivery, getWebhookStats, hasAllPermissions, hasAnyPermission, hasConsent, hasError, hasPermission, hasRole, hasSecret, identify, impersonation, incrementAchievementProgress, indexDocument, ingestLogs, initPushServiceWorker, installGlobalDebugHelpers, introspectToken, inviteOrganizationMember, inviteUser, isEmailConfigured, isEnabled, isRetryableError, isSylphxError, kvDelete, kvExists, kvExpire, kvGet, kvGetJSON, kvHget, kvHgetall, kvHset, kvIncr, kvLpush, kvLrange, kvMget, kvMset, kvRateLimit, kvScan, kvSet, kvSetJSON, kvZadd, kvZrange, leaveOrganization, linkAnonymousConsents, listEnvVars, listOAuthProviders, listPasskeys, listPermissions, listPromoRedemptions, listPromos, listRoles, listScheduledEmails, listSecretKeys, listSecurityAlerts, listTasks, listUserSessions, listUsers, markAllSecurityAlertsRead, markSecurityAlertRead, oauth, page, parseOAuthCallback, password, pauseCron, platformAuth, campaigns as pushCampaigns, segments as pushSegments, queryLogs, rateLimits, realtime, realtimeEmit, recordStreakActivity, recoverStreak, redeemPromo, redeemReferralCode, refreshToken, regenerateBackupCodes, regenerateReferralCode, registerPush, registerPushServiceWorker, removeOrganizationMember, renamePasskey, renameUserSession, replayWebhookDelivery, requestEmailChange, rescheduleEmail, resendVerificationEmail, resetCircuitBreaker, resetDebugModeCache, resetPassword, resetPlatformCookieCache, resetPlatformJwksCache, resumeCron, revokeAllTokens, revokeOrganizationInvitation, revokeToken, revokeUserSession, rollbackDeploy, scheduleEmail, scheduleTask, search, sendEmail, sendEmailToUser, sendPush, sendTemplatedEmail, sessions, setConsents, setEnvVar, setPassword, setupTwoFactor, signIn, signOut, signUp, startPasskeyRegistration, storage, streamToString, submitScore, suspendUser, switchOrg, toSylphxError, track, trackBatch, trackClick, triggerDeploy, unlockAchievement, unregisterPush, updateOrganization, updateOrganizationMemberRole, updatePromo, updatePushPreferences, updateRole, updateUser, updateUserMetadata, updateUserProfile, updateWebhookConfig, upsertDocument, user, userInfo, validatePromo, verifyAccessToken, verifyChallenge, verifyEmail, verifyPasskeyRegistration, verifySignature as verifyTaskSignature, verifyTwoFactor, verifyTwoFactorEnable, withToken };