@tokenite/shared 1.0.1 → 1.1.0

package/dist/schemas/access-token.js

@@ -7,6 +7,7 @@ export const accessTokenSchema = z.object({
     budgetLimit: z.number().positive(),
     budgetSpent: z.number().default(0),
     isRevoked: z.boolean().default(false),
+    consentVersionAtIssue: z.number().int().positive().default(1),
     createdAt: z.string().datetime(),
 });
 export const authorizeAppRequest = z.object({

package/dist/schemas/app.d.ts

@@ -3,6 +3,7 @@ export declare const modelStrategySchema: z.ZodEnum<{
     any: "any";
     tier: "tier";
     models: "models";
+    none: "none";
 }>;
 export type ModelStrategy = z.infer<typeof modelStrategySchema>;
 export declare const tierSchema: z.ZodEnum<{
@@ -17,169 +18,126 @@ export declare const appSchema: z.ZodObject<{
     builderId: z.ZodString;
     name: z.ZodString;
     callbackUrl: z.ZodString;
-    requiredProviders: z.ZodArray<z.ZodEnum<{
-        anthropic: "anthropic";
-        openai: "openai";
-        bedrock: "bedrock";
-        google: "google";
-        grok: "grok";
-    }>>;
-    preferredProviders: z.ZodDefault<z.ZodArray<z.ZodEnum<{
-        anthropic: "anthropic";
-        openai: "openai";
-        bedrock: "bedrock";
-        google: "google";
-        grok: "grok";
-    }>>>;
-    allowSubstitution: z.ZodDefault<z.ZodBoolean>;
-    allowedModels: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    allowedModels: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
     modelStrategy: z.ZodDefault<z.ZodEnum<{
         any: "any";
         tier: "tier";
         models: "models";
+        none: "none";
     }>>;
-    requiredTier: z.ZodOptional<z.ZodEnum<{
+    requiredTier: z.ZodOptional<z.ZodNullable<z.ZodEnum<{
         cheap: "cheap";
         fast: "fast";
         smart: "smart";
         reasoning: "reasoning";
-    }>>;
+    }>>>;
     allowsManagedAgents: z.ZodDefault<z.ZodBoolean>;
     websiteUrl: z.ZodOptional<z.ZodString>;
     description: z.ZodOptional<z.ZodString>;
-    iconUrl: z.ZodOptional<z.ZodString>;
+    iconUrl: z.ZodOptional<z.ZodNullable<z.ZodString>>;
     appSecret: z.ZodString;
+    consentVersion: z.ZodDefault<z.ZodNumber>;
     createdAt: z.ZodString;
 }, z.core.$strip>;
 export type App = z.infer<typeof appSchema>;
 export declare const createAppRequestBase: z.ZodObject<{
     name: z.ZodString;
     callbackUrl: z.ZodString;
-    requiredProviders: z.ZodArray<z.ZodEnum<{
-        anthropic: "anthropic";
-        openai: "openai";
-        bedrock: "bedrock";
-        google: "google";
-        grok: "grok";
-    }>>;
-    preferredProviders: z.ZodDefault<z.ZodArray<z.ZodEnum<{
-        anthropic: "anthropic";
-        openai: "openai";
-        bedrock: "bedrock";
-        google: "google";
-        grok: "grok";
-    }>>>;
-    allowSubstitution: z.ZodDefault<z.ZodBoolean>;
-    allowedModels: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    allowedModels: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
     modelStrategy: z.ZodDefault<z.ZodEnum<{
         any: "any";
         tier: "tier";
         models: "models";
+        none: "none";
     }>>;
-    requiredTier: z.ZodOptional<z.ZodEnum<{
+    requiredTier: z.ZodOptional<z.ZodNullable<z.ZodEnum<{
         cheap: "cheap";
         fast: "fast";
         smart: "smart";
         reasoning: "reasoning";
-    }>>;
+    }>>>;
     allowsManagedAgents: z.ZodDefault<z.ZodBoolean>;
     websiteUrl: z.ZodOptional<z.ZodString>;
     description: z.ZodOptional<z.ZodString>;
-    iconUrl: z.ZodOptional<z.ZodString>;
+    iconUrl: z.ZodOptional<z.ZodNullable<z.ZodString>>;
 }, z.core.$strip>;
+type StrategyShape = {
+    modelStrategy?: ModelStrategy;
+    requiredTier?: RequiredTier | null;
+    allowedModels?: readonly string[] | null;
+    allowsManagedAgents?: boolean;
+};
+export declare const hasAtLeastOneCapability: (v: StrategyShape) => boolean;
+export declare const AT_LEAST_ONE_CAPABILITY_MESSAGE = "App must enable at least one capability \u2014 direct proxy calls or Managed Agents";
 export declare const createAppRequest: z.ZodType<{
     name: string;
     callbackUrl: string;
-    requiredProviders: ("anthropic" | "openai" | "bedrock" | "google" | "grok")[];
-    preferredProviders: ("anthropic" | "openai" | "bedrock" | "google" | "grok")[];
-    allowSubstitution: boolean;
-    modelStrategy: "any" | "tier" | "models";
+    modelStrategy: "any" | "tier" | "models" | "none";
     allowsManagedAgents: boolean;
-    allowedModels?: string[] | undefined;
-    requiredTier?: "cheap" | "fast" | "smart" | "reasoning" | undefined;
+    allowedModels?: string[] | null | undefined;
+    requiredTier?: "cheap" | "fast" | "smart" | "reasoning" | null | undefined;
     websiteUrl?: string | undefined;
     description?: string | undefined;
-    iconUrl?: string | undefined;
+    iconUrl?: string | null | undefined;
 }, unknown, z.core.$ZodTypeInternals<{
     name: string;
     callbackUrl: string;
-    requiredProviders: ("anthropic" | "openai" | "bedrock" | "google" | "grok")[];
-    preferredProviders: ("anthropic" | "openai" | "bedrock" | "google" | "grok")[];
-    allowSubstitution: boolean;
-    modelStrategy: "any" | "tier" | "models";
+    modelStrategy: "any" | "tier" | "models" | "none";
     allowsManagedAgents: boolean;
-    allowedModels?: string[] | undefined;
-    requiredTier?: "cheap" | "fast" | "smart" | "reasoning" | undefined;
+    allowedModels?: string[] | null | undefined;
+    requiredTier?: "cheap" | "fast" | "smart" | "reasoning" | null | undefined;
     websiteUrl?: string | undefined;
     description?: string | undefined;
-    iconUrl?: string | undefined;
+    iconUrl?: string | null | undefined;
 }, unknown>>;
 export type CreateAppRequest = z.infer<typeof createAppRequest>;
 export declare const updateAppRequest: z.ZodType<{
     name?: string | undefined;
     callbackUrl?: string | undefined;
-    requiredProviders?: ("anthropic" | "openai" | "bedrock" | "google" | "grok")[] | undefined;
-    preferredProviders?: ("anthropic" | "openai" | "bedrock" | "google" | "grok")[] | undefined;
-    allowSubstitution?: boolean | undefined;
-    allowedModels?: string[] | undefined;
-    modelStrategy?: "any" | "tier" | "models" | undefined;
-    requiredTier?: "cheap" | "fast" | "smart" | "reasoning" | undefined;
+    allowedModels?: string[] | null | undefined;
+    modelStrategy?: "any" | "tier" | "models" | "none" | undefined;
+    requiredTier?: "cheap" | "fast" | "smart" | "reasoning" | null | undefined;
     allowsManagedAgents?: boolean | undefined;
     websiteUrl?: string | undefined;
     description?: string | undefined;
-    iconUrl?: string | undefined;
+    iconUrl?: string | null | undefined;
 }, unknown, z.core.$ZodTypeInternals<{
     name?: string | undefined;
     callbackUrl?: string | undefined;
-    requiredProviders?: ("anthropic" | "openai" | "bedrock" | "google" | "grok")[] | undefined;
-    preferredProviders?: ("anthropic" | "openai" | "bedrock" | "google" | "grok")[] | undefined;
-    allowSubstitution?: boolean | undefined;
-    allowedModels?: string[] | undefined;
-    modelStrategy?: "any" | "tier" | "models" | undefined;
-    requiredTier?: "cheap" | "fast" | "smart" | "reasoning" | undefined;
+    allowedModels?: string[] | null | undefined;
+    modelStrategy?: "any" | "tier" | "models" | "none" | undefined;
+    requiredTier?: "cheap" | "fast" | "smart" | "reasoning" | null | undefined;
     allowsManagedAgents?: boolean | undefined;
     websiteUrl?: string | undefined;
     description?: string | undefined;
-    iconUrl?: string | undefined;
+    iconUrl?: string | null | undefined;
 }, unknown>>;
 export type UpdateAppRequest = z.infer<typeof updateAppRequest>;
 export declare const appResponse: z.ZodObject<{
-    name: z.ZodString;
+    callbackUrl: z.ZodString;
+    allowedModels: z.ZodOptional<z.ZodNullable<z.ZodArray<z.ZodString>>>;
     id: z.ZodString;
-    createdAt: z.ZodString;
     builderId: z.ZodString;
-    callbackUrl: z.ZodString;
-    requiredProviders: z.ZodArray<z.ZodEnum<{
-        anthropic: "anthropic";
-        openai: "openai";
-        bedrock: "bedrock";
-        google: "google";
-        grok: "grok";
-    }>>;
-    preferredProviders: z.ZodDefault<z.ZodArray<z.ZodEnum<{
-        anthropic: "anthropic";
-        openai: "openai";
-        bedrock: "bedrock";
-        google: "google";
-        grok: "grok";
-    }>>>;
-    allowSubstitution: z.ZodDefault<z.ZodBoolean>;
-    allowedModels: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    name: z.ZodString;
     modelStrategy: z.ZodDefault<z.ZodEnum<{
         any: "any";
         tier: "tier";
         models: "models";
+        none: "none";
     }>>;
-    requiredTier: z.ZodOptional<z.ZodEnum<{
+    requiredTier: z.ZodOptional<z.ZodNullable<z.ZodEnum<{
         cheap: "cheap";
         fast: "fast";
         smart: "smart";
         reasoning: "reasoning";
-    }>>;
+    }>>>;
     allowsManagedAgents: z.ZodDefault<z.ZodBoolean>;
     websiteUrl: z.ZodOptional<z.ZodString>;
     description: z.ZodOptional<z.ZodString>;
-    iconUrl: z.ZodOptional<z.ZodString>;
+    iconUrl: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    consentVersion: z.ZodDefault<z.ZodNumber>;
+    createdAt: z.ZodString;
 }, z.core.$strip>;
 export type AppResponse = z.infer<typeof appResponse>;
+export {};
 //# sourceMappingURL=app.d.ts.map

package/dist/schemas/app.js

@@ -1,41 +1,47 @@
 import { z } from 'zod';
-import { providerSchema } from './provider.js';
-export const modelStrategySchema = z.enum(['any', 'tier', 'models']);
-export const tierSchema = z.enum(['cheap', 'fast', 'smart', 'reasoning']);
+import { ALL_MODELS } from '../catalog/models/index.js';
+import { TIERS } from '../catalog/tiers.js';
+import { enumKeys } from '../type-utils.js';
+export const modelStrategySchema = z.enum(['any', 'tier', 'models', 'none']);
+export const tierSchema = z.enum(enumKeys(TIERS));
+const httpsUrl = z.string().url().refine((u) => /^https?:\/\//i.test(u), { message: 'URL must use http:// or https:// scheme' });
+const knownModelSlugs = ALL_MODELS.map((m) => m.slug);
+const allowedModelsField = z
+    .array(z.string())
+    .refine((slugs) => slugs.every((s) => knownModelSlugs.includes(s)), { message: `allowedModels must be slugs from the model catalog` })
+    .nullish();
 export const appSchema = z.object({
     id: z.string().uuid(),
     builderId: z.string().uuid(),
     name: z.string().min(1).max(100),
-    callbackUrl: z.string().url(),
-    requiredProviders: z.array(providerSchema),
-    preferredProviders: z.array(providerSchema).default([]),
-    allowSubstitution: z.boolean().default(false),
-    allowedModels: z.array(z.string()).optional(),
+    callbackUrl: httpsUrl,
+    allowedModels: allowedModelsField,
     modelStrategy: modelStrategySchema.default('any'),
-    requiredTier: tierSchema.optional(),
+    requiredTier: tierSchema.nullish(),
     allowsManagedAgents: z.boolean().default(false),
-    websiteUrl: z.string().url().optional(),
+    websiteUrl: httpsUrl.optional(),
     description: z.string().max(500).optional(),
-    iconUrl: z.string().url().optional(),
+    iconUrl: httpsUrl.nullish(),
     appSecret: z.string(),
+    consentVersion: z.number().int().positive().default(1),
     createdAt: z.string().datetime(),
 });
 export const createAppRequestBase = z.object({
     name: z.string().min(1).max(100),
-    callbackUrl: z.string().url(),
-    requiredProviders: z.array(providerSchema).min(1),
-    preferredProviders: z.array(providerSchema).default([]),
-    allowSubstitution: z.boolean().default(false),
-    allowedModels: z.array(z.string()).optional(),
+    callbackUrl: httpsUrl,
+    allowedModels: allowedModelsField,
     modelStrategy: modelStrategySchema.default('any'),
-    requiredTier: tierSchema.optional(),
+    requiredTier: tierSchema.nullish(),
     allowsManagedAgents: z.boolean().default(false),
-    websiteUrl: z.string().url().optional(),
+    websiteUrl: httpsUrl.optional(),
     description: z.string().max(500).optional(),
-    iconUrl: z.string().url().optional(),
+    iconUrl: httpsUrl.nullish(),
 });
 const refineStrategy = (s) => s.refine((v) => v.modelStrategy !== 'tier' || !!v.requiredTier, { message: "modelStrategy='tier' requires requiredTier", path: ['requiredTier'] }).refine((v) => v.modelStrategy !== 'models' || (v.allowedModels?.length ?? 0) > 0, { message: "modelStrategy='models' requires non-empty allowedModels", path: ['allowedModels'] });
-export const createAppRequest = refineStrategy(createAppRequestBase);
+export const hasAtLeastOneCapability = (v) => v.modelStrategy !== 'none' || v.allowsManagedAgents === true;
+export const AT_LEAST_ONE_CAPABILITY_MESSAGE = 'App must enable at least one capability — direct proxy calls or Managed Agents';
+const refineCapabilityFloor = (s) => s.refine(hasAtLeastOneCapability, { message: AT_LEAST_ONE_CAPABILITY_MESSAGE, path: ['modelStrategy'] });
+export const createAppRequest = refineCapabilityFloor(refineStrategy(createAppRequestBase));
 export const updateAppRequest = refineStrategy(createAppRequestBase.partial());
 export const appResponse = appSchema.omit({ appSecret: true });
 //# sourceMappingURL=app.js.map

package/dist/schemas/cli-login.js

@@ -1,10 +1,11 @@
 import { z } from 'zod';
+import { enumValues } from '../type-utils.js';
 export const CliLoopbackHost = {
     V4: '127.0.0.1',
     V6: '[::1]',
     Localhost: 'localhost',
 };
-const cliLoopbackHostSchema = z.enum([CliLoopbackHost.V4, CliLoopbackHost.V6, CliLoopbackHost.Localhost]);
+const cliLoopbackHostSchema = z.enum(enumValues(CliLoopbackHost));
 export const cliLoginParamsSchema = z.object({
     port: z.coerce.number().int().min(1).max(65535),
     state: z.string().min(8).max(128),

package/dist/schemas/error-codes.d.ts

@@ -54,6 +54,16 @@ export declare const proxyErrorCodes: {
         readonly status: 403;
         readonly message: "App does not have the managed-agents scope";
     };
+    readonly PROXY_NOT_ALLOWED: {
+        readonly code: "PROXY_NOT_ALLOWED";
+        readonly status: 403;
+        readonly message: "App does not allow direct provider calls; use the managed-agents endpoints instead";
+    };
+    readonly CONSENT_OUTDATED: {
+        readonly code: "CONSENT_OUTDATED";
+        readonly status: 401;
+        readonly message: "App requirements have changed since you authorized";
+    };
     readonly SPONSORED_POOL_EXHAUSTED: {
         readonly code: "SPONSORED_POOL_EXHAUSTED";
         readonly status: 402;
@@ -146,6 +156,10 @@ export declare const apiErrorCodes: {
     readonly DECRYPTION_FAILED: "DECRYPTION_FAILED";
     readonly DB_INSERT_FAILED: "DB_INSERT_FAILED";
     readonly FETCH_FAILED: "FETCH_FAILED";
+    readonly PAYLOAD_TOO_LARGE: "PAYLOAD_TOO_LARGE";
+    readonly INVALID_REDIRECT_URI: "INVALID_REDIRECT_URI";
+    readonly ACCOUNT_DELETED: "ACCOUNT_DELETED";
+    readonly RATE_LIMITED_PROXY: "RATE_LIMITED_PROXY";
 };
 export type ProxyErrorCode = keyof typeof proxyErrorCodes;
 export type ProviderErrorCode = keyof typeof providerErrorCodes;

package/dist/schemas/error-codes.js

@@ -10,6 +10,8 @@ export const proxyErrorCodes = {
     APP_NOT_FOUND: { code: 'APP_NOT_FOUND', status: 404, message: 'Application not found' },
     MODEL_NOT_ALLOWED: { code: 'MODEL_NOT_ALLOWED', status: 403, message: 'Model not in allowed models list' },
     AGENT_SCOPE_MISSING: { code: 'AGENT_SCOPE_MISSING', status: 403, message: 'App does not have the managed-agents scope' },
+    PROXY_NOT_ALLOWED: { code: 'PROXY_NOT_ALLOWED', status: 403, message: 'App does not allow direct provider calls; use the managed-agents endpoints instead' },
+    CONSENT_OUTDATED: { code: 'CONSENT_OUTDATED', status: 401, message: 'App requirements have changed since you authorized' },
     SPONSORED_POOL_EXHAUSTED: { code: 'SPONSORED_POOL_EXHAUSTED', status: 402, message: 'Sponsored credits pool is exhausted' },
     SPONSORED_KEY_UNAVAILABLE: { code: 'SPONSORED_KEY_UNAVAILABLE', status: 402, message: 'Sponsored key is no longer active' },
     SPONSORED_PROVIDER_MISMATCH: { code: 'SPONSORED_PROVIDER_MISMATCH', status: 402, message: 'Sponsored key does not cover requested provider' },
@@ -58,5 +60,9 @@ export const apiErrorCodes = {
     DECRYPTION_FAILED: 'DECRYPTION_FAILED',
     DB_INSERT_FAILED: 'DB_INSERT_FAILED',
     FETCH_FAILED: 'FETCH_FAILED',
+    PAYLOAD_TOO_LARGE: 'PAYLOAD_TOO_LARGE',
+    INVALID_REDIRECT_URI: 'INVALID_REDIRECT_URI',
+    ACCOUNT_DELETED: 'ACCOUNT_DELETED',
+    RATE_LIMITED_PROXY: 'RATE_LIMITED_PROXY',
 };
 //# sourceMappingURL=error-codes.js.map

package/dist/schemas/proxy-response.d.ts

@@ -39,8 +39,8 @@ export declare const proxyResponseSchema: z.ZodUnion<readonly [z.ZodObject<{
         code: z.ZodString;
         message: z.ZodString;
         source: z.ZodEnum<{
-            proxy: "proxy";
             provider: "provider";
+            proxy: "proxy";
         }>;
         details: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
     }, z.core.$strip>;

package/dist/schemas/sponsored-api-key.d.ts

@@ -31,6 +31,12 @@ export declare const addSponsoredApiKeyRequest: z.ZodObject<{
     perUserBudgetUsd: z.ZodOptional<z.ZodNumber>;
 }, z.core.$strip>;
 export type AddSponsoredApiKeyRequest = z.infer<typeof addSponsoredApiKeyRequest>;
+export declare const updateSponsoredApiKeyRequest: z.ZodObject<{
+    totalBudgetUsd: z.ZodOptional<z.ZodNumber>;
+    perUserBudgetUsd: z.ZodOptional<z.ZodNullable<z.ZodNumber>>;
+    isActive: z.ZodOptional<z.ZodBoolean>;
+}, z.core.$strip>;
+export type UpdateSponsoredApiKeyRequest = z.infer<typeof updateSponsoredApiKeyRequest>;
 export declare const sponsoredKeyConsumerSchema: z.ZodObject<{
     userId: z.ZodString;
     email: z.ZodString;
@@ -47,13 +53,13 @@ export declare const sponsoredApiKeyResponse: z.ZodObject<{
         grok: "grok";
     }>;
     id: z.ZodString;
-    createdAt: z.ZodString;
-    keyHint: z.ZodString;
-    isActive: z.ZodDefault<z.ZodBoolean>;
     appId: z.ZodString;
+    keyHint: z.ZodString;
     totalBudgetUsd: z.ZodNumber;
     totalSpentUsd: z.ZodDefault<z.ZodNumber>;
     perUserBudgetUsd: z.ZodNullable<z.ZodNumber>;
+    isActive: z.ZodDefault<z.ZodBoolean>;
+    createdAt: z.ZodString;
     consumers: z.ZodArray<z.ZodObject<{
         userId: z.ZodString;
         email: z.ZodString;

package/dist/schemas/sponsored-api-key.js

@@ -18,6 +18,11 @@ export const addSponsoredApiKeyRequest = z.object({
     totalBudgetUsd: z.number().positive(),
     perUserBudgetUsd: z.number().positive().optional(),
 });
+export const updateSponsoredApiKeyRequest = z.object({
+    totalBudgetUsd: z.number().positive().optional(),
+    perUserBudgetUsd: z.number().positive().nullable().optional(),
+    isActive: z.boolean().optional(),
+}).refine((v) => v.totalBudgetUsd !== undefined || v.perUserBudgetUsd !== undefined || v.isActive !== undefined, { message: 'Provide at least one field to update' });
 export const sponsoredKeyConsumerSchema = z.object({
     userId: z.string().uuid(),
     email: z.string(),

package/dist/schemas/topup.d.ts

@@ -0,0 +1,52 @@
+import { z } from 'zod';
+export declare const TopupMessageType: {
+    readonly Success: "tokenite:topup-success";
+    readonly Cancelled: "tokenite:topup-cancelled";
+};
+export declare const AuthMessageType: {
+    readonly Success: "tokenite:auth-success";
+    readonly Error: "tokenite:auth-error";
+};
+export declare const topupContextResponse: z.ZodObject<{
+    appName: z.ZodString;
+    appIconUrl: z.ZodNullable<z.ZodString>;
+    callbackUrl: z.ZodString;
+    tokenId: z.ZodString;
+    currentLimit: z.ZodNumber;
+    currentSpent: z.ZodNumber;
+}, z.core.$strip>;
+export type TopupContextResponse = z.infer<typeof topupContextResponse>;
+export declare const topupRaiseRequest: z.ZodObject<{
+    client_id: z.ZodString;
+    new_budget_limit: z.ZodNumber;
+}, z.core.$strip>;
+export type TopupRaiseRequest = z.infer<typeof topupRaiseRequest>;
+export declare const topupRaiseResponse: z.ZodObject<{
+    newLimit: z.ZodNumber;
+    remaining: z.ZodNumber;
+    callbackUrl: z.ZodString;
+}, z.core.$strip>;
+export type TopupRaiseResponse = z.infer<typeof topupRaiseResponse>;
+export declare const topupSuccessMessage: z.ZodObject<{
+    type: z.ZodLiteral<"tokenite:topup-success">;
+    newLimit: z.ZodNumber;
+    remaining: z.ZodNumber;
+}, z.core.$strip>;
+export declare const topupCancelledMessage: z.ZodObject<{
+    type: z.ZodLiteral<"tokenite:topup-cancelled">;
+}, z.core.$strip>;
+export declare const topupPostMessage: z.ZodDiscriminatedUnion<[z.ZodObject<{
+    type: z.ZodLiteral<"tokenite:topup-success">;
+    newLimit: z.ZodNumber;
+    remaining: z.ZodNumber;
+}, z.core.$strip>, z.ZodObject<{
+    type: z.ZodLiteral<"tokenite:topup-cancelled">;
+}, z.core.$strip>], "type">;
+export type TopupPostMessage = z.infer<typeof topupPostMessage>;
+export declare const fundingErrorDetails: z.ZodObject<{
+    remaining: z.ZodOptional<z.ZodNumber>;
+    currentLimit: z.ZodOptional<z.ZodNumber>;
+    currentSpent: z.ZodOptional<z.ZodNumber>;
+}, z.core.$loose>;
+export type FundingErrorDetails = z.infer<typeof fundingErrorDetails>;
+//# sourceMappingURL=topup.d.ts.map

package/dist/schemas/topup.js

@@ -0,0 +1,44 @@
+import { z } from 'zod';
+export const TopupMessageType = {
+    Success: 'tokenite:topup-success',
+    Cancelled: 'tokenite:topup-cancelled',
+};
+export const AuthMessageType = {
+    Success: 'tokenite:auth-success',
+    Error: 'tokenite:auth-error',
+};
+export const topupContextResponse = z.object({
+    appName: z.string(),
+    appIconUrl: z.string().nullable(),
+    callbackUrl: z.string().url(),
+    tokenId: z.string().uuid(),
+    currentLimit: z.number().nonnegative(),
+    currentSpent: z.number().nonnegative(),
+});
+export const topupRaiseRequest = z.object({
+    client_id: z.string().uuid(),
+    new_budget_limit: z.number().positive(),
+});
+export const topupRaiseResponse = z.object({
+    newLimit: z.number().nonnegative(),
+    remaining: z.number().nonnegative(),
+    callbackUrl: z.string().url(),
+});
+export const topupSuccessMessage = z.object({
+    type: z.literal(TopupMessageType.Success),
+    newLimit: z.number().nonnegative(),
+    remaining: z.number().nonnegative(),
+});
+export const topupCancelledMessage = z.object({
+    type: z.literal(TopupMessageType.Cancelled),
+});
+export const topupPostMessage = z.discriminatedUnion('type', [
+    topupSuccessMessage,
+    topupCancelledMessage,
+]);
+export const fundingErrorDetails = z.object({
+    remaining: z.number().nonnegative().optional(),
+    currentLimit: z.number().nonnegative().optional(),
+    currentSpent: z.number().nonnegative().optional(),
+}).passthrough();
+//# sourceMappingURL=topup.js.map

package/dist/schemas/user.d.ts

@@ -8,7 +8,7 @@ export declare const userSchema: z.ZodObject<{
 export type User = z.infer<typeof userSchema>;
 export declare const createUserRequest: z.ZodObject<{
     email: z.ZodString;
-    password: z.ZodOptional<z.ZodString>;
+    password: z.ZodString;
 }, z.core.$strip>;
 export type CreateUserRequest = z.infer<typeof createUserRequest>;
 export declare const userResponse: z.ZodObject<{

package/dist/schemas/user.js

@@ -1,13 +1,16 @@
 import { z } from 'zod';
 export const userSchema = z.object({
     id: z.string().uuid(),
-    email: z.string().email(),
+    email: z.string().email().max(254),
     passwordHash: z.string().optional(),
     createdAt: z.string().datetime(),
 });
+// Password is required for the email/password register flow. Social
+// flows mint an account inside `loginOrCreateFromSocial`, never via
+// this schema. Removing the `.optional()` closes F-043.
 export const createUserRequest = z.object({
-    email: z.string().email(),
-    password: z.string().min(8).max(128).optional(),
+    email: z.string().email().max(254),
+    password: z.string().min(8).max(72),
 });
 export const userResponse = userSchema.omit({ passwordHash: true });
 //# sourceMappingURL=user.js.map

package/dist/type-utils.d.ts

@@ -0,0 +1,9 @@
+type StringKeys<T> = Extract<keyof T, string>;
+export type NonEmptyKeyTuple<T> = T extends Record<string, unknown> ? readonly [StringKeys<T>, ...StringKeys<T>[]] : never;
+export type NonEmptyValueTuple<T> = T extends Record<string, infer V> ? readonly [V, ...V[]] : never;
+export type NonEmptyEntryTuple<T> = T extends Record<string, infer V> ? readonly [readonly [StringKeys<T>, V], ...(readonly [StringKeys<T>, V])[]] : never;
+export declare const enumKeys: <T extends Record<string, unknown>>(obj: T) => NonEmptyKeyTuple<T>;
+export declare const enumValues: <T extends Record<string, unknown>>(obj: T) => NonEmptyValueTuple<T>;
+export declare const enumEntries: <T extends Record<string, unknown>>(obj: T) => NonEmptyEntryTuple<T>;
+export {};
+//# sourceMappingURL=type-utils.d.ts.map

package/dist/type-utils.js

@@ -0,0 +1,19 @@
+export const enumKeys = (obj) => {
+    const keys = Object.keys(obj);
+    if (keys.length === 0)
+        throw new Error('enumKeys requires a non-empty object');
+    return keys;
+};
+export const enumValues = (obj) => {
+    const values = Object.values(obj);
+    if (values.length === 0)
+        throw new Error('enumValues requires a non-empty object');
+    return values;
+};
+export const enumEntries = (obj) => {
+    const entries = Object.entries(obj);
+    if (entries.length === 0)
+        throw new Error('enumEntries requires a non-empty object');
+    return entries;
+};
+//# sourceMappingURL=type-utils.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tokenite/shared",
-  "version": "1.0.1",
+  "version": "1.1.0",
   "description": "Shared types, schemas, and model catalog for the Tokenite SDK and CLI. Public protocol surface.",
   "type": "module",
   "exports": {
@@ -16,6 +16,10 @@
       "types": "./dist/catalog/index.d.ts",
       "import": "./dist/catalog/index.js"
     },
+    "./assets": {
+      "types": "./dist/assets.d.ts",
+      "import": "./dist/assets.js"
+    },
     "./schemas/cli-login": {
       "types": "./dist/schemas/cli-login.d.ts",
       "import": "./dist/schemas/cli-login.js"
@@ -31,6 +35,7 @@
   },
   "files": [
     "dist",
+    "assets",
     "README.md",
     "LICENSE"
   ],