@terminal3/t3n-sdk 3.3.0 → 3.4.1

package/dist/src/types/token.d.ts

@@ -1,102 +0,0 @@
-/**
- * Token-metering types — T3-TS-030 wire shapes.
- *
- * Mirrors `node/primitives/src/token.rs`. `u128` fields land on the
- * wire as JSON numbers (same convention as the existing
- * `token.get-balance` response) — JS clients with histories that
- * exceed 2⁵³ tokens should switch to a streaming JSON parser; the
- * common case fits in `number` losslessly.
- */
-/**
- * `primitives::token::BalanceRow` — caller's credit row.
- *
- * `available` and `reserved` are `u128` on the server; the wire
- * format is a JSON number. Callers should not assume bigint until
- * the SDK migrates to a streaming parser (tracked separately).
- */
-export interface BalanceRow {
-    available: number;
-    reserved: number;
-    last_settled_seq_no: number;
-    version: number;
-    credit_exhausted: boolean;
-}
-/**
- * `primitives::token::TokenTxKind` snake_case wire alphabet. Every
- * value listed here is accepted by the server-side
- * `token.get-usage` `kinds` filter.
- */
-export type TokenTxKind = "mint" | "burn" | "charge" | "transfer" | "bridge_mint_attest" | "bridge_burn_attest";
-/**
- * Per-caller view direction. `"in"` = caller's balance went up;
- * `"out"` = caller's balance went down. Derived host-side from
- * `(caller_did, tx.src, tx.dst)`; the same `seq_no` appears in both
- * parties' usage feeds with opposite directions on a transfer.
- */
-export type Direction = "in" | "out";
-/**
- * Discriminated union mirroring `primitives::token::ChargeReason`.
- * Present only when the row's `kind === "charge"`.
- */
-export type ChargeReason = {
-    kind: "contract_register";
-    script_name: string;
-    version: string;
-} | {
-    kind: "invocation";
-    script_name: string;
-    function: string;
-    fuel_consumed: number;
-    fuel_tokens: number;
-    host_call_count: number;
-    host_call_tokens: number;
-} | {
-    kind: "kv_bytes";
-    map: string;
-} | {
-    kind: "cas_bytes";
-    backend: string;
-} | {
-    kind: "outbox_egress";
-    upstream: string;
-};
-/**
- * One row in the caller's usage feed — a per-caller projection of
- * the underlying `TokenTx`. `counterparty` is the other party from
- * the caller's perspective: `tx.dst` on outbound entries, `tx.src`
- * on inbound. `null` when the underlying tx has no counterparty
- * (mints have no `src`; burns and charges have no `dst`).
- */
-export interface UsageEntry {
-    seq_no: number;
-    kind: TokenTxKind;
-    amount: number;
-    timestamp_ms: number;
-    direction: Direction;
-    counterparty?: string | null;
-    reason?: ChargeReason | null;
-    note?: string | null;
-}
-/**
- * Response shape of `token.get-usage` — caller's balance plus a
- * paginated slice of their most-recent `token:tx_log` entries.
- *
- * `next_cursor` is the inclusive upper-bound `seq_no` to pass back
- * as `after_seq` to fetch the next page. `null` (or absent) means
- * the caller's history is fully drained.
- */
-export interface UsagePage {
-    balance: BalanceRow;
-    entries: UsageEntry[];
-    next_cursor?: number | null;
-}
-/**
- * Request shape — all fields optional. `limit` clamps to
- * `1..=200` server-side; out-of-range values snap silently to the
- * bounds. `kinds: []` is treated as "no filter".
- */
-export interface GetUsageOptions {
-    limit?: number;
-    after_seq?: number;
-    kinds?: TokenTxKind[];
-}

package/dist/src/types/user.d.ts

@@ -1,236 +0,0 @@
-/**
- * MAT-1374 — wire types for the explicit `otp-request` /
- * `otp-verify` / slim `user-upsert` exports on `tee:user/contracts`
- * (`tee:user@2.0.0`).
- *
- * Pre-2.0.0 the user contract dispatched OTP request and OTP verify
- * implicitly from the input shape of a single `user-upsert` call.
- * 2.0.0 splits that surface into three explicit functions; the
- * shapes here mirror the Rust types in
- * `node/tee_contracts/user/src/otp_types.rs` and
- * `node/tee_contracts/user/src/upsert_types.rs`.
- *
- * Keep the two in sync — bytes flow directly from the contract
- * through the JSON-RPC envelope into the SDK wrappers
- * (`T3nClient.otpRequest`, `T3nClient.otpVerify`,
- * `T3nClient.submitUserInput`).
- */
-import { T3nError } from "../utils/errors";
-/**
- * OTP delivery channel. Matches the `OtpContactChannel` Rust enum
- * with `serde(rename_all = "snake_case")`.
- */
-export type OtpChannel = "email" | "sms";
-/**
- * Discriminated OTP contact target. Mirrors the Rust `OtpRequest` enum
- * (`email_channel` / `sms_channel` on the wire). Exactly one branch is
- * set — no parallel optional email + phone with a separate channel tag.
- *
- * The legacy `keys.generic_api.otp_channel` body shadow was removed
- * in 2.0.0 — the contract rejects calls carrying it with a
- * `legacy_field` error.
- */
-export type OtpRequestInput = {
-    emailChannel: {
-        emailAddress: string;
-    };
-} | {
-    smsChannel: {
-        phoneNumber: string;
-    };
-};
-/**
- * Response returned by `otp-request`. Mirrors `OtpResponse` in
- * `otp_types.rs`.
- *
- * - `contact` echoes the OTP destination so clients that race
- *   multiple channels can correlate replies.
- * - `expiresAtSec` is the Unix-second TTL the host minted for the
- *   pending OTP. Absent in `skip_otp` test environments.
- * - `status` is `"otp_pending"` on the happy path. `"otp_failed"`
- *   only appears on retry without a fresh request — usually you
- *   shouldn't see it on `otp-request`.
- * - `txHash` is the host-enriched ledger ref for the OTP-pending
- *   write (the contract leaves it `null`; the host injects).
- * - `isNewProfile` is `true` on a fresh DID's first OTP request —
- *   read this to detect "did the user just register".
- */
-export interface OtpRequestResult {
-    contact: string;
-    channel: OtpChannel;
-    expiresAtSec?: number;
-    status?: string;
-    txHash?: string;
-    isNewProfile?: boolean;
-}
-/**
- * Input to `T3nClient.otpVerify`. `otpCode` is mandatory; `request`
- * repeats the same discriminated contact shape as {@link OtpRequestInput}.
- */
-export interface OtpVerifyInput {
-    otpCode: string;
-    request: OtpRequestInput;
-}
-/**
- * Suggestion surfaced when the bind-target contact already belongs
- * to another DID. The contract refuses to silently steal the
- * authenticator; the caller must resolve the merge (typically via
- * `merge-profiles`) before re-attempting verify.
- */
-export interface OtpMergeSuggestion {
-    existingDid: string;
-    currentDid: string;
-    email?: string;
-    phone?: string;
-    channel: OtpChannel;
-}
-/**
- * Response returned by `otp-verify`. Mirrors
- * `OtpVerifyResponse` in `otp_types.rs`.
- *
- * - `email` is populated on `channel = "email"` success;
- *   `phone` on `channel = "sms"` success. Mutually exclusive on
- *   the happy path.
- * - `status` carries `"otp_failed"` / `"otp_expired"` on retry; the
- *   happy path leaves it `undefined`.
- * - `mergeSuggestion` is set when the contact-to-bind is already
- *   owned by another DID. Wire it into your merge UX.
- */
-export interface OtpVerifyResult {
-    txHash?: string;
-    did: string;
-    channel: OtpChannel;
-    email?: string;
-    phone?: string;
-    status?: string;
-    mergeSuggestion?: OtpMergeSuggestion;
-    isNewProfile?: boolean;
-}
-/**
- * Level-1 user-input fields accepted by the slim `user-upsert`.
- * The Rust contract validates these via `validate_profile`; the
- * shape is intentionally open so callers can add provider-specific
- * fields on top of the canonical six.
- */
-export interface UserInputProfile {
-    firstName?: string;
-    lastName?: string;
-    email_address?: string;
-    phone_number?: string;
-    birthdate?: string;
-    nationality?: string;
-    campaign_code?: string;
-    role?: string;
-    [key: string]: unknown;
-}
-/**
- * Input to `T3nClient.submitUserInput`. Maps onto the slim
- * `user-upsert` request shape: `{ profile, organisation_did?,
- * attestations?, keys? }`.
- */
-export interface SubmitUserInputArgs {
-    profile: UserInputProfile;
-    organisationDid?: string;
-    attestations?: unknown;
-    keys?: Record<string, unknown>;
-    /**
-     * KYC webhook orphan-attestation flow. When set, the contract
-     * skips the email-not-verified gate and only records the
-     * attestation if the DID has no profile yet (T3-TS-026 §13).
-     * Most callers should leave this `undefined`.
-     */
-    requireExistingUser?: boolean;
-    /**
-     * MAT-1618 testnet self-admit. When `true`, the contract additionally
-     * runs the self-admit side-effect after the profile commit: writes
-     * the caller's DID into `idx:_tenants` + `idx:_tenant_quotas` and
-     * mints any operator-configured welcome credits. Inspect the
-     * `tenantAdmit` field on the response for the outcome.
-     *
-     * Testnet-only. Production clusters return
-     * `tenantAdmit.status = "refused"` with
-     * `reason = "not_testnet" | "self_admit_disabled" | "not_eth_derived"`.
-     * The profile commit always succeeds regardless of the inner outcome.
-     *
-     * Most callers should leave this `undefined`.
-     */
-    becomeDevTenant?: boolean;
-}
-/**
- * MAT-1618 self-admit projection from `user-upsert`. Present only
- * when the caller set `becomeDevTenant: true` on the request.
- *
- * - `status: "admitted"` — first call for this DID; tenant record
- *   committed and (if configured) welcome credits minted into
- *   `grantedCredits`.
- * - `status: "already-admitted"` — replay; idempotent no-op.
- * - `status: "refused"` — the cluster declined the self-admit;
- *   `reason` is the machine-readable cause (`not_testnet`,
- *   `self_admit_disabled`, `not_eth_derived`), `detail` is a
- *   human-readable string.
- */
-export type TenantAdmitStatus = "admitted" | "already-admitted" | "refused";
-export interface TenantAdmitProjection {
-    status: TenantAdmitStatus;
-    grantedCredits?: string;
-    reason?: string;
-    detail?: string;
-}
-/**
- * Response shape returned by the slim `user-upsert`. Carries the
- * post-merge tx hash plus the L1 merge diagnostics
- * (`refusedFields`, `mergeSuggestion`) the pre-2.0.0 omnibus
- * `UpsertResponse` already surfaced.
- */
-export interface SubmitUserInputResult {
-    txHash?: string;
-    refusedFields?: string[];
-    mergeSuggestion?: OtpMergeSuggestion;
-    userFound?: boolean;
-    /**
-     * MAT-1618 self-admit projection. Present only when the caller
-     * set `becomeDevTenant: true` on the request.
-     */
-    tenantAdmit?: TenantAdmitProjection;
-}
-/**
- * Discriminator for {@link UserUpsertError}. Mirrors the
- * `UserUpsertError` Rust enum and its `<code>:<detail>` wire
- * format (see `upsert_types.rs::UserUpsertError::code`). Branch
- * with a `switch` over `kind`.
- *
- * - `EmailNotVerified` — the slim `user-upsert` was called against
- *   a DID that has no verified email and no proving authenticator.
- *   Run `otpRequest` + `otpVerify` first (or accept an
- *   OIDC/Email-authed session).
- * - `LegacyField` — caller passed a pre-2.0.0 dispatch field
- *   (`otp_code` to a non-verify export, or
- *   `keys.generic_api.otp_channel` anywhere). Migrate the call
- *   site to the new explicit functions.
- * - `UserNotFound` — `requireExistingUser` was set but no profile
- *   exists for the DID. The attestation is recorded for audit;
- *   no profile created.
- */
-export type UserUpsertErrorKind = "EmailNotVerified" | "LegacyField" | "UserNotFound";
-/**
- * Typed wrapper for the `<code>:<detail>` errors the slim
- * `user-upsert` and the OTP entry points emit. `kind` is the
- * structured discriminator the SDK derives from the error code
- * prefix; `code` and `detail` retain the wire components for
- * fall-through logging.
- *
- * Throw site: `T3nClient.submitUserInput` (and friends) when the
- * contract returns a string error matching the
- * `<code>:<detail>` shape.
- */
-export declare class UserUpsertError extends T3nError {
-    readonly kind: UserUpsertErrorKind | "Unknown";
-    readonly detail: string;
-    constructor(code: string, detail: string);
-    /**
-     * Try to parse a contract error string into a `UserUpsertError`.
-     * Returns `null` if `raw` doesn't match the `<code>:<detail>`
-     * shape — caller falls back to a generic error.
-     */
-    static fromWire(raw: string): UserUpsertError | null;
-}

package/dist/src/utils/contract-version.d.ts

@@ -1,5 +0,0 @@
-export interface CurrentVersionResponse {
-    current_version: string;
-}
-export declare function getScriptVersion(rpcUrl: string, scriptName: string): Promise<string>;
-export declare function resetScriptVersionCacheForTests(): void;

package/dist/src/utils/crypto.d.ts

@@ -1,52 +0,0 @@
-/**
- * Cryptographic utilities for T3n SDK
- *
- * Cross-platform crypto support:
- * - Browsers: Uses Web Crypto API (global crypto)
- * - Node.js 19+: Uses global crypto
- * - Node.js 16-18: Imports crypto module
- */
-/**
- * Generate a cryptographically secure random string
- * @param length - Length of the random string in bytes
- * @returns Base64-encoded random string
- */
-export declare function generateRandomString(length?: number): string;
-/**
- * Generate a UUID v4
- * @returns UUID string
- */
-export declare function generateUUID(): string;
-/**
- * Fill an array with cryptographically secure random values
- * Cross-platform wrapper for crypto.getRandomValues
- * @param array - Array to fill with random values
- * @returns The same array (for compatibility with Web Crypto API)
- */
-export declare function getRandomValues(array: Uint8Array): Uint8Array;
-/**
- * Convert a string to Uint8Array
- * @param str - String to convert
- * @returns Uint8Array representation
- */
-export declare function stringToBytes(str: string): Uint8Array;
-/**
- * Convert Uint8Array to string
- * @param bytes - Bytes to convert
- * @returns String representation
- */
-export declare function bytesToString(bytes: Uint8Array): string;
-export declare function bytesToBase64(bytes: Uint8Array): string;
-export declare function base64ToBytes(base64: string): Uint8Array;
-/**
- * Sign raw bytes using EIP-191 format (Ethereum Signed Message)
- * This is used for signing webhook payloads for provider authentication
- *
- * Format: "\x19Ethereum Signed Message:\n{len}" + bytes
- * Then hash with Keccak256 and sign
- *
- * @param privateKey - Ethereum private key (0x prefixed hex string)
- * @param bytes - Raw bytes to sign
- * @returns Hex-encoded signature with 0x prefix (65 bytes: r + s + v)
- */
-export declare function signRawBytesWithEip191(privateKey: string, bytes: Uint8Array): Promise<string>;

package/dist/src/utils/errors.d.ts

@@ -1,144 +0,0 @@
-/**
- * Error classes for T3n SDK
- */
-/**
- * Base error class for T3n SDK errors
- */
-export declare class T3nError extends Error {
-    readonly code?: string | undefined;
-    constructor(message: string, code?: string | undefined);
-}
-/**
- * Error thrown when session is in invalid state for operation
- */
-export declare class SessionStateError extends T3nError {
-    readonly currentState: string;
-    constructor(message: string, currentState: string);
-}
-/**
- * Error thrown during authentication process
- */
-export declare class AuthenticationError extends T3nError {
-    readonly authMethod?: string | undefined;
-    constructor(message: string, authMethod?: string | undefined);
-}
-/**
- * Error thrown during handshake process
- */
-export declare class HandshakeError extends T3nError {
-    constructor(message: string);
-}
-/**
- * Error thrown when a session-authenticated SDK client detects that the
- * caller-owned session is no longer usable and the caller must
- * re-authenticate before the call can succeed.
- *
- * Unlike {@link OrgDataClient} (which owns its ETH-secret-driven session
- * and silently rebuilds it on expiry), {@link SessionOrgDataClient} is
- * handed a caller-owned `T3nClient` whose session is bound to an
- * interactive flow (typically SIWE). The SDK can't re-authenticate
- * non-interactively, so on the same wire patterns that the
- * self-owned client recovers from, the session-bound client translates
- * the underlying error into this class and rethrows. The original error
- * is preserved on the native ES2022 `cause` property.
- *
- * Callers branch on `instanceof SessionExpiredError` to route the user
- * to a re-auth UX (e.g. SIWE modal / login redirect) rather than
- * parsing the message of a raw {@link RpcError}.
- */
-export declare class SessionExpiredError extends T3nError {
-    constructor(cause: unknown);
-}
-/**
- * Error thrown during RPC communication.
- *
- * `message` is the human-readable error (preferring the server's
- * `error.data.detail` when present, with the request id appended in
- * `[<id>]` form so a UI that only surfaces `.message` still gives an
- * operator something to grep). The structured fields below preserve
- * the same info for callers that want to render or log them
- * separately — e.g. a toast that shows `detail` but surfaces
- * `requestId` in a "copy for support" affordance.
- */
-export declare class RpcError extends T3nError {
-    readonly rpcMethod?: string | undefined;
-    readonly httpStatus?: number | undefined;
-    /** Server-attached detail (JSON-RPC `error.data.detail`). User-facing kinds
-     *  carry the specific reason here; internal kinds omit it. */
-    readonly detail?: string | undefined;
-    /** Per-request correlation id (JSON-RPC `error.data.request_id`). */
-    readonly requestId?: string | undefined;
-    constructor(message: string, rpcMethod?: string | undefined, httpStatus?: number | undefined, 
-    /** Server-attached detail (JSON-RPC `error.data.detail`). User-facing kinds
-     *  carry the specific reason here; internal kinds omit it. */
-    detail?: string | undefined, 
-    /** Per-request correlation id (JSON-RPC `error.data.request_id`). */
-    requestId?: string | undefined);
-}
-/**
- * Error thrown when the cluster's T3-TS-030 metering chargepoint
- * denies a contract-register or contract-invocation request because
- * the billing DID's available balance is below the operation's cost.
- *
- * Recognised by the SDK from a stable wire format the node emits
- * for the `ServiceError::InsufficientCredit` variant — see
- * `node/api/src/error.rs::service_insufficient_credit_wire_format_is_stable`.
- * Subclass of `RpcError` so callers that catch the parent still see
- * the structured `httpStatus` / `requestId` fields; callers that
- * want the typed surface (frontends rendering an "out of credit"
- * banner) `instanceof InsufficientCreditError` to read `available`
- * and `required` directly.
- *
- * Terminal — do NOT retry. The next call needs either a mint to
- * `account` (admin operation) or a reduction in the requested
- * operation's cost.
- */
-export declare class InsufficientCreditError extends RpcError {
-    /** Hex DID (no `did:t3n:` prefix) the chargepoint billed. */
-    readonly account: string;
-    /** Tokens the chargepoint required (parsed from `required=`). */
-    readonly required: bigint;
-    /** Tokens available on `account` at check time (parsed from `available=`). */
-    readonly available: bigint;
-    constructor(message: string, 
-    /** Hex DID (no `did:t3n:` prefix) the chargepoint billed. */
-    account: string, 
-    /** Tokens the chargepoint required (parsed from `required=`). */
-    required: bigint, 
-    /** Tokens available on `account` at check time (parsed from `available=`). */
-    available: bigint, rpcMethod?: string, requestId?: string);
-}
-/**
- * Try to parse the node's stable `InsufficientCredit (account=..., required=..., available=...)`
- * wire format. Returns the typed error on match, `null` otherwise.
- * Callers wrap RPC error construction in this so a Forbidden whose
- * detail matches the format surfaces as the typed class.
- *
- * The format is pinned by a server-side test
- * (`api/src/error.rs::service_insufficient_credit_wire_format_is_stable`)
- * so a node change that breaks this parser also breaks CI.
- */
-export declare function tryParseInsufficientCredit(message: string, rpcMethod?: string, requestId?: string): InsufficientCreditError | null;
-/**
- * Error thrown when WASM operations fail
- */
-export declare class WasmError extends T3nError {
-    readonly operation?: string | undefined;
-    readonly payload?: unknown | undefined;
-    constructor(message: string, operation?: string | undefined, payload?: unknown | undefined);
-}
-/**
- * Decode WASM error message from comma-separated byte array format
- * WASM errors often come as "83,101,114,100,101..." which represents ASCII bytes
- *
- * @param errorMessage - The error message string that may contain comma-separated bytes
- * @returns Decoded error message if it was encoded, otherwise original message
- */
-export declare function decodeWasmErrorMessage(errorMessage: string): string;
-/**
- * Extract and decode error from WASM ComponentError
- *
- * @param error - The error object from WASM
- * @returns Decoded error message
- */
-export declare function extractWasmError(error: unknown): string;

package/dist/src/utils/index.d.ts

@@ -1,10 +0,0 @@
-/**
- * Utility exports for T3n SDK
- */
-export * from "./crypto";
-export * from "./contract-version";
-export * from "./errors";
-export * from "./logger";
-export * from "./redaction";
-export * from "./session";
-export * from "./shape";

package/dist/src/utils/logger.d.ts

@@ -1,102 +0,0 @@
-/**
- * Logger interface and implementations for T3n SDK
- *
- * Provides hierarchical log level control (DEBUG, INFO, WARN, ERROR) with
- * global defaults and per-component override capabilities.
- *
- * ## Usage
- *
- * ```typescript
- * import { getLogger, setGlobalLogLevel, LogLevel } from '@t3n-sdk/logger';
- *
- * // Use the global logger (defaults to ERROR level)
- * const logger = getLogger();
- * logger.error("This will be logged");
- * logger.debug("This will NOT be logged by default");
- *
- * // Enable debug logging globally
- * setGlobalLogLevel(LogLevel.DEBUG);
- * const debugLogger = getLogger();
- * debugLogger.debug("This will now be logged");
- *
- * // Create a logger with a specific level (overrides global)
- * const infoLogger = createLogger(LogLevel.INFO);
- * infoLogger.info("This will be logged");
- * infoLogger.debug("This will NOT be logged");
- * ```
- *
- * ## Log Levels
- *
- * - `DEBUG` (0): Most verbose, logs everything
- * - `INFO` (1): Logs info, warnings, and errors
- * - `WARN` (2): Logs warnings and errors only
- * - `ERROR` (3): Logs errors only (default)
- */
-/**
- * Log levels in hierarchical order (lower values = more verbose)
- */
-export declare enum LogLevel {
-    DEBUG = 0,
-    INFO = 1,
-    WARN = 2,
-    ERROR = 3
-}
-/**
- * Logger interface for SDK debugging and monitoring
- */
-export interface Logger {
-    /**
-     * Log a debug message (most verbose)
-     * @param args - Arguments to log
-     */
-    debug(...args: unknown[]): void;
-    /**
-     * Log an info message
-     * @param args - Arguments to log
-     */
-    info(...args: unknown[]): void;
-    /**
-     * Log a warning message
-     * @param args - Arguments to log
-     */
-    warn(...args: unknown[]): void;
-    /**
-     * Log an error message (least verbose)
-     * @param args - Arguments to log
-     */
-    error(...args: unknown[]): void;
-}
-/**
- * Set the global default log level for all components
- *
- * This affects all loggers created without an explicit log level.
- * The default global log level is LogLevel.ERROR (only errors are logged).
- *
- * @param level - The log level to set as default for all components
- *
- * @example
- * ```typescript
- * // Enable debug logging globally
- * setGlobalLogLevel(LogLevel.DEBUG);
- *
- * // Only log errors (default)
- * setGlobalLogLevel(LogLevel.ERROR);
- * ```
- */
-export declare function setGlobalLogLevel(level: LogLevel): void;
-/**
- * Get the current global log level
- * @returns The current global log level (default: LogLevel.ERROR)
- */
-export declare function getGlobalLogLevel(): LogLevel;
-/**
- * Create a logger instance with the specified log level
- * @param level - The log level for this logger. If not provided, defaults to the global log level (LogLevel.ERROR).
- * @returns Logger instance configured with the specified or default log level
- */
-export declare function createLogger(level?: LogLevel): Logger;
-/**
- * Get a logger instance using the global log level
- * @returns Logger instance with global log level (default: LogLevel.ERROR)
- */
-export declare function getLogger(): Logger;

package/dist/src/utils/redaction.d.ts

@@ -1,13 +0,0 @@
-/**
- * Secret redaction utilities for T3n SDK
- *
- * Provides functions to redact sensitive information before logging
- */
-/**
- * Redact secrets from values before logging
- */
-export declare function redactSecrets(value: unknown): unknown;
-/**
- * Redact secrets from a JSON string
- */
-export declare function redactSecretsFromJson(jsonString: string): string;