@tokenite/sdk 2.3.0 → 2.4.0

package/dist/client.d.ts

@@ -41,11 +41,13 @@ export declare const Tokenite: (config: TokeniteConfig) => {
     /**
      * Build the authorization URL for a full-page redirect.
      *
-     * Pass `prompt: 'consent'` on "Sign in with Tokenite" buttons that
-     * follow a sign-out, so the user sees the consent screen again
-     * instead of being silently re-authorized:
+     * Pass `prompt: 'select_account'` on "Sign in with Tokenite" buttons
+     * that follow a sign-out — Tokenite shows a "Continue as <email>?"
+     * card with a "Use a different account" option instead of silently
+     * dropping the user back into the app. The user's existing spending
+     * limit is preserved (no budget re-entry):
      * ```typescript
-     * res.redirect(tk.getAuthorizeUrl({ prompt: 'consent' }));
+     * res.redirect(tk.getAuthorizeUrl({ prompt: 'select_account' }));
      * ```
      */
     getAuthorizeUrl: (options?: AuthorizeOptions) => string;
@@ -71,11 +73,13 @@ export declare const Tokenite: (config: TokeniteConfig) => {
      * });
      * ```
      *
-     * Pass `prompt: 'consent'` to force a fresh consent screen — use on
-     * the "Sign in with Tokenite" button shown after the user signed out
-     * of your app, so they don't silently re-authorize:
+     * On a "Sign in with Tokenite" button shown after the user signed
+     * out, pass `prompt: 'select_account'` — Tokenite shows a "Continue
+     * as <email>?" card with a "Use a different account" option instead
+     * of silently re-authorizing. The user's existing spending limit is
+     * preserved:
      * ```typescript
-     * const { code } = await tk.popup({ prompt: 'consent' });
+     * const { code } = await tk.popup({ prompt: 'select_account' });
      * ```
      */
     popup: (options?: PopupOptions) => Promise<PopupResult>;

package/dist/client.js

@@ -100,11 +100,13 @@ export const Tokenite = (config) => {
         /**
          * Build the authorization URL for a full-page redirect.
          *
-         * Pass `prompt: 'consent'` on "Sign in with Tokenite" buttons that
-         * follow a sign-out, so the user sees the consent screen again
-         * instead of being silently re-authorized:
+         * Pass `prompt: 'select_account'` on "Sign in with Tokenite" buttons
+         * that follow a sign-out — Tokenite shows a "Continue as <email>?"
+         * card with a "Use a different account" option instead of silently
+         * dropping the user back into the app. The user's existing spending
+         * limit is preserved (no budget re-entry):
          * ```typescript
-         * res.redirect(tk.getAuthorizeUrl({ prompt: 'consent' }));
+         * res.redirect(tk.getAuthorizeUrl({ prompt: 'select_account' }));
          * ```
          */
         getAuthorizeUrl: (options) => buildAuthorizeUrl(options),
@@ -130,11 +132,13 @@ export const Tokenite = (config) => {
          * });
          * ```
          *
-         * Pass `prompt: 'consent'` to force a fresh consent screen — use on
-         * the "Sign in with Tokenite" button shown after the user signed out
-         * of your app, so they don't silently re-authorize:
+         * On a "Sign in with Tokenite" button shown after the user signed
+         * out, pass `prompt: 'select_account'` — Tokenite shows a "Continue
+         * as <email>?" card with a "Use a different account" option instead
+         * of silently re-authorizing. The user's existing spending limit is
+         * preserved:
          * ```typescript
-         * const { code } = await tk.popup({ prompt: 'consent' });
+         * const { code } = await tk.popup({ prompt: 'select_account' });
          * ```
          */
         popup: (options) => {
@@ -315,17 +319,17 @@ const handleAuthMessage = (event, baseUrl, resolve, reject, cleanup) => {
 };
 const openIframeModal = (url, width, height, baseUrl) => {
     const overlay = document.createElement('div');
-    overlay.style.cssText = `
-    position: fixed; inset: 0; z-index: 999999;
-    background: rgba(0,0,0,0.5); backdrop-filter: blur(2px);
-    display: flex; align-items: center; justify-content: center;
+    overlay.style.cssText = `
+    position: fixed; inset: 0; z-index: 999999;
+    background: rgba(0,0,0,0.5); backdrop-filter: blur(2px);
+    display: flex; align-items: center; justify-content: center;
   `;
     const container = document.createElement('div');
-    container.style.cssText = `
-    background: white; border-radius: 12px; overflow: hidden;
-    box-shadow: 0 20px 60px rgba(0,0,0,0.3);
-    width: ${width}px; max-width: calc(100vw - 32px);
-    height: ${height}px; max-height: calc(100vh - 32px);
+    container.style.cssText = `
+    background: white; border-radius: 12px; overflow: hidden;
+    box-shadow: 0 20px 60px rgba(0,0,0,0.3);
+    width: ${width}px; max-width: calc(100vw - 32px);
+    height: ${height}px; max-height: calc(100vh - 32px);
   `;
     const iframe = document.createElement('iframe');
     iframe.src = url;

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 export { Tokenite } from './client.js';
-export type { TokeniteConfig, AuthorizeOptions, OAuthPrompt, PopupOptions, PopupResult, TokenResponse, Provider, ProxyCallOptions, ProxyUsage, ProxySuccess, ProxyError, ProxyResponse, ErrorSource, ProviderInfo, AppInfo, UserInfo, AccessContext, TopUpOptions, TopUpResult, CallWithRecoveryOptions, } from './types.js';
+export type { TokeniteConfig, AuthorizeOptions, OAuthPrompt, PopupOptions, PopupResult, TokenResponse, Provider, ProxyCallOptions, ProxyUsage, ProxySuccess, ProxyError, ProxyResponse, ErrorSource, ProviderInfo, ModelInfo, TierInfo, AppInfo, UserInfo, AccessContext, TopUpOptions, TopUpResult, CallWithRecoveryOptions, } from './types.js';
 export { isProxyError, isProxySuccess } from './types.js';
 export { parseCallback } from './parse-callback.js';
 export type { CallbackResult, CallbackSuccess, CallbackError, CallbackReason, ParseCallbackOptions, } from './parse-callback.js';

package/dist/types.d.ts

@@ -15,18 +15,20 @@ export type TokeniteConfig = {
  * re-prompt the user even when they have an existing session and/or
  * an existing grant for this app.
  *
- * - `'consent'` — re-show the consent screen even if the user has
- *   already authorized this app. Use this on "Sign in with Tokenite"
- *   buttons that follow a sign-out, so users don't silently
- *   re-authorize without a chance to pick a different account or
- *   cancel.
+ * - `'select_account'` — **recommended for "Sign in with Tokenite"
+ *   buttons that follow a sign-out.** Interrupts the silent re-auth
+ *   that would otherwise drop the user straight back into your app:
+ *   instead Tokenite shows a "Continue as <email>?" confirmation card
+ *   with a "Use a different account" option. The user's existing
+ *   spending limit is preserved — they aren't asked to re-set it.
+ * - `'consent'` — re-show the **full** consent screen (budget input
+ *   and all), discarding any existing grant. Use this only when you
+ *   want the user to actively re-set their budget; for the common
+ *   "they signed out, now they're signing back in" case, prefer
+ *   `'select_account'`.
  * - `'login'` — request that the user re-authenticate. Today this
  *   behaves the same as `'consent'` on Tokenite (full session-cookie
  *   clear is a TODO); the consent screen still shows.
- * - `'select_account'` — show the account picker. Tokenite already
- *   does this automatically when the user has multiple accounts;
- *   passing it explicitly is a hint for future apps that always want
- *   the picker.
  * - `'none'` — never show UI; fail if interaction is required.
  *   Currently treated as the default (silent reauth).
  *
@@ -41,9 +43,11 @@ export type AuthorizeOptions = {
     /** Suggested budget amount (user can override on consent screen) */
     readonly suggestedBudget?: number;
     /**
-     * OAuth `prompt` parameter. Most common use: pass `'consent'` to
-     * force a fresh consent screen on sign-in (prevents silent reauth
-     * after the user signed out of the app). See {@link OAuthPrompt}.
+     * OAuth `prompt` parameter. Most common use: pass `'select_account'`
+     * on "Sign in with Tokenite" buttons that follow a sign-out — it
+     * stops the silent reauth that would otherwise drop the user
+     * straight back into your app, and shows a "Continue as <email>?"
+     * confirmation card instead. See {@link OAuthPrompt}.
      */
     readonly prompt?: OAuthPrompt;
 };
@@ -67,9 +71,11 @@ export type PopupOptions = {
     /** Modal/popup height in pixels. Default: 620 */
     readonly height?: number;
     /**
-     * OAuth `prompt` parameter. Most common use: pass `'consent'` to
-     * force a fresh consent screen on sign-in (prevents silent reauth
-     * after the user signed out of the app). See {@link OAuthPrompt}.
+     * OAuth `prompt` parameter. Most common use: pass `'select_account'`
+     * on "Sign in with Tokenite" buttons that follow a sign-out — it
+     * stops the silent reauth that would otherwise drop the user
+     * straight back into your app, and shows a "Continue as <email>?"
+     * confirmation card instead. See {@link OAuthPrompt}.
      */
     readonly prompt?: OAuthPrompt;
 };
@@ -244,6 +250,50 @@ export type ProviderInfo = {
     /** Whether the logo is a glyph/symbol or a full wordmark */
     readonly logoStyle: 'symbol' | 'wordmark';
 };
+/**
+ * A model the access token may call, scoped to the app's model strategy
+ * and the holder's provider keys.
+ *
+ * - `servedBy` — every provider that hosts this model (catalog fact).
+ * - `callableNow` — the subset the holder can run *right now* (they hold
+ *   a key for it). Empty means the model is visible but not yet usable —
+ *   render it disabled, or prompt the user to add a key.
+ *
+ * Pass `slug` as the `model` field in `tk.call()`.
+ */
+export type ModelInfo = {
+    /** Stable Tokenite model slug — pass this as `model` in tk.call() */
+    readonly slug: string;
+    /** Human-readable name, e.g. "Claude Haiku 4.5" */
+    readonly displayName: string;
+    /** The lab that built the model */
+    readonly creator: 'anthropic' | 'openai' | 'google' | 'grok';
+    /** Capability tiers this model satisfies (cheap / fast / smart / reasoning) */
+    readonly tiers: readonly string[];
+    /** Feature capabilities, e.g. "vision", "tools", "thinking" */
+    readonly capabilities: readonly string[];
+    /** Every provider that serves this model */
+    readonly servedBy: readonly Provider[];
+    /** Providers the holder can run it through right now (subset of servedBy) */
+    readonly callableNow: readonly Provider[];
+    /** Indicative price per million tokens */
+    readonly pricing: {
+        readonly inputPerMillion: number;
+        readonly outputPerMillion: number;
+    };
+};
+/**
+ * A provider-agnostic capability bucket. Use this for a "pick a speed /
+ * quality" UI where the user never sees a model name.
+ */
+export type TierInfo = {
+    /** Tier id: "cheap" | "fast" | "smart" | "reasoning" */
+    readonly id: string;
+    /** Whether the holder can run at least one model in this tier */
+    readonly reachable: boolean;
+    /** A representative callable model slug for this tier, or null */
+    readonly recommendedModel: string | null;
+};
 /** Summary of the app the access token belongs to */
 export type AppInfo = {
     readonly id: string;
@@ -268,5 +318,18 @@ export type AccessContext = {
     readonly app: AppInfo;
     readonly user: UserInfo;
     readonly providers: readonly ProviderInfo[];
+    /**
+     * Models the token may call — already filtered to the app's strategy
+     * and the user's keys. Render a picker from this; no need to maintain
+     * your own model list. Each entry's `callableNow` says whether it's
+     * usable now or needs a key.
+     */
+    readonly models: readonly ModelInfo[];
+    /**
+     * Provider-agnostic capability buckets. For a "pick a tier" UI where
+     * the user never sees a model name — `recommendedModel` gives you a
+     * concrete slug to pass to `tk.call()`.
+     */
+    readonly tiers: readonly TierInfo[];
 };
 //# sourceMappingURL=types.d.ts.map

package/package.json

@@ -1,53 +1,54 @@
-{
-  "name": "@tokenite/sdk",
-  "version": "2.3.0",
-  "description": "SDK for integrating \"Login with Tokenite\" into your app. Your users bring their own AI tokens — you pay nothing.",
-  "type": "module",
-  "exports": {
-    ".": {
-      "types": "./dist/index.d.ts",
-      "import": "./dist/index.js"
-    },
-    "./admin": {
-      "types": "./dist/admin/index.d.ts",
-      "import": "./dist/admin/index.js"
-    }
-  },
-  "files": [
-    "dist",
-    "README.md",
-    "LICENSE"
-  ],
-  "keywords": [
-    "tokenite",
-    "llm",
-    "ai",
-    "proxy",
-    "oauth",
-    "byok",
-    "anthropic",
-    "openai",
-    "google"
-  ],
-  "license": "MIT",
-  "engines": {
-    "node": ">=18"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/eran-broder/tokenite-sdk.git"
-  },
-  "homepage": "https://github.com/eran-broder/tokenite-sdk#readme",
-  "bugs": {
-    "url": "https://github.com/eran-broder/tokenite-sdk/issues"
-  },
-  "devDependencies": {
-    "tsx": "^4.0.0",
-    "typescript": "^5.0.0"
-  },
-  "scripts": {
-    "build": "tsc && npm run generate-readme",
-    "typecheck": "tsc --noEmit",
-    "generate-readme": "npx tsx scripts/generate-readme.ts"
-  }
-}
+{
+  "name": "@tokenite/sdk",
+  "version": "2.4.0",
+  "description": "SDK for integrating \"Login with Tokenite\" into your app. Your users bring their own AI tokens — you pay nothing.",
+  "type": "module",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./admin": {
+      "types": "./dist/admin/index.d.ts",
+      "import": "./dist/admin/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc && npm run generate-readme",
+    "typecheck": "tsc --noEmit",
+    "generate-readme": "npx tsx scripts/generate-readme.ts",
+    "prepack": "tsc && npm run generate-readme && node -e \"import('node:fs/promises').then(async fs => { const files = await fs.readdir('dist', { recursive: true }); for (const f of files) if (f.endsWith('.map') || f.endsWith('.tsbuildinfo')) await fs.rm('dist/' + f); })\""
+  },
+  "keywords": [
+    "tokenite",
+    "llm",
+    "ai",
+    "proxy",
+    "oauth",
+    "byok",
+    "anthropic",
+    "openai",
+    "google"
+  ],
+  "license": "MIT",
+  "engines": {
+    "node": ">=18"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/eran-broder/tokenite-sdk.git"
+  },
+  "homepage": "https://github.com/eran-broder/tokenite-sdk#readme",
+  "bugs": {
+    "url": "https://github.com/eran-broder/tokenite-sdk/issues"
+  },
+  "devDependencies": {
+    "tsx": "^4.0.0",
+    "typescript": "^5.0.0"
+  }
+}

package/dist/client.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=client.test.d.ts.map

package/dist/client.test.js

@@ -1,66 +0,0 @@
-import { describe, it, expect } from 'vitest';
-import { TokenWallet } from './client.js';
-const tw = TokenWallet({
-    clientId: 'test-app-id',
-    clientSecret: 'test-secret',
-    redirectUri: 'https://myapp.com/callback',
-    baseUrl: 'https://tokenwallet.ai',
-    proxyUrl: 'https://api.tokenwallet.ai',
-});
-describe('TokenWallet', () => {
-    describe('getAuthorizeUrl', () => {
-        it('builds correct OAuth URL', () => {
-            const url = tw.getAuthorizeUrl({ state: 'abc123' });
-            expect(url).toBe('https://tokenwallet.ai/oauth/authorize?client_id=test-app-id&redirect_uri=https%3A%2F%2Fmyapp.com%2Fcallback&response_type=code&state=abc123');
-        });
-        it('auto-generates state if not provided', () => {
-            const url = tw.getAuthorizeUrl();
-            expect(url).toContain('state=');
-            expect(url).toContain('client_id=test-app-id');
-        });
-        it('generates different state each time', () => {
-            const url1 = tw.getAuthorizeUrl();
-            const url2 = tw.getAuthorizeUrl();
-            const state1 = new URL(url1).searchParams.get('state');
-            const state2 = new URL(url2).searchParams.get('state');
-            expect(state1).not.toBe(state2);
-        });
-        it('includes suggested budget and period when provided', () => {
-            const url = tw.getAuthorizeUrl({ state: 's1', suggestedBudget: 10, suggestedPeriod: 'weekly' });
-            const parsed = new URL(url);
-            expect(parsed.searchParams.get('suggested_budget')).toBe('10');
-            expect(parsed.searchParams.get('suggested_period')).toBe('weekly');
-        });
-        it('omits budget params when not provided', () => {
-            const url = tw.getAuthorizeUrl({ state: 's2' });
-            const parsed = new URL(url);
-            expect(parsed.searchParams.has('suggested_budget')).toBe(false);
-            expect(parsed.searchParams.has('suggested_period')).toBe(false);
-        });
-    });
-    describe('proxyUrl', () => {
-        it('returns correct URL for anthropic', () => {
-            expect(tw.proxyUrl('anthropic')).toBe('https://api.tokenwallet.ai/anthropic');
-        });
-        it('returns correct URL for openai', () => {
-            expect(tw.proxyUrl('openai')).toBe('https://api.tokenwallet.ai/openai');
-        });
-        it('returns correct URL for google', () => {
-            expect(tw.proxyUrl('google')).toBe('https://api.tokenwallet.ai/google');
-        });
-    });
-    describe('exchangeCode', () => {
-        it('throws if clientSecret is not set', async () => {
-            const noSecret = TokenWallet({ clientId: 'x', redirectUri: 'http://x.com/cb' });
-            await expect(noSecret.exchangeCode('code123')).rejects.toThrow('clientSecret is required');
-        });
-    });
-    describe('defaults', () => {
-        it('uses default base URL', () => {
-            const client = TokenWallet({ clientId: 'x', redirectUri: 'http://x.com/cb' });
-            expect(client.baseUrl).toBe('https://tokenwallet.ai');
-            expect(client.proxyBase).toBe('https://api.tokenwallet.ai');
-        });
-    });
-});
-//# sourceMappingURL=client.test.js.map