@vertesia/client 1.0.0 → 1.1.0-dev.20260427.060440Z

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vertesia/client",
-  "version": "1.0.0",
+  "version": "1.1.0-dev.20260427.060440Z",
   "type": "module",
   "types": "./lib/types/index.d.ts",
   "files": [
@@ -13,21 +13,21 @@
     "@eslint/js": "^10.0.1",
     "@rollup/plugin-commonjs": "^28.0.3",
     "@rollup/plugin-node-resolve": "^16.0.1",
+    "@rollup/plugin-terser": "^0.4.4",
     "@rollup/plugin-typescript": "^12.1.2",
-    "@types/node": "^22.19.2",
+    "@types/node": "^25.6.0",
     "eslint": "^10.0.2",
     "rollup": "^4.59.0",
-    "@rollup/plugin-terser": "^0.4.4",
     "ts-dual-module": "^0.6.3",
-    "typescript": "^5.9.3",
-    "typescript-eslint": "^8.56.1",
+    "typescript": "^6.0.2",
+    "typescript-eslint": "^8.58.1",
     "vitest": "^4.0.16"
   },
   "dependencies": {
     "eventsource": "^3.0.6",
-    "@llumiverse/common": "1.0.0",
-    "@vertesia/api-fetch-client": "1.0.0",
-    "@vertesia/common": "1.0.0"
+    "@llumiverse/common": "1.1.0-dev.20260427.054520Z",
+    "@vertesia/common": "1.1.0-dev.20260427.060440Z",
+    "@vertesia/api-fetch-client": "1.1.0-dev.20260427.060440Z"
   },
   "ts_dual_module": {
     "outDir": "lib"

package/src/AnalyticsApi.ts

@@ -25,10 +25,11 @@ export default class AnalyticsApi extends ApiTopic {
         return this.get('/runs/time-series' + (qs ? '?' + qs : ''));
     }
 
-    runsTokenUsage(query?: DateRangeQuery): Promise<TokenUsageSummary> {
+    runsTokenUsage(query?: DateRangeQuery, environmentId?: string): Promise<TokenUsageSummary> {
         const params = new URLSearchParams();
         if (query?.start) params.set('start', query.start);
         if (query?.end) params.set('end', query.end);
+        if (environmentId) params.set('environment', environmentId);
         const qs = params.toString();
         return this.get('/runs/token-usage' + (qs ? '?' + qs : ''));
     }

package/src/AppsApi.ts

@@ -1,5 +1,5 @@
 import { ApiTopic, ClientBase, ServerError } from "@vertesia/api-fetch-client";
-import type { AppInstallation, AppInstallationKind, AppInstallationPayload, AppInstallationWithManifest, AppManifest, AppManifestData, AppToolCollection, ProjectRef, RequireAtLeastOne } from "@vertesia/common";
+import type { AppInstallation, AppInstallationKind, AppInstallationPayload, AppInstallationWithManifest, AppManifest, AppManifestData, AppToolCollection, ProjectRef, RequireAtLeastOne, ValidateUrlRequest, ValidateUrlResponse } from "@vertesia/common";
 
 export interface OrphanedAppInstallation extends Omit<AppInstallation, 'manifest'> {
     manifest: null,
@@ -40,11 +40,18 @@ export default class AppsApi extends ApiTopic {
      * Install the app with the given id in the current project.
      * @param appId - the id of the app to install
      */
-    install(appId: string, settings?: Record<string, any>): Promise<AppInstallation> {
+    install(
+        appId: string,
+        settings?: Record<string, unknown>,
+        oauthParams?: Record<string, { client_id?: string; client_secret?: string; scopes?: string[] }>,
+        oauthProviderParams?: Record<string, { client_id?: string; client_secret?: string; scopes?: string[] }>,
+    ): Promise<AppInstallation> {
         return this.post(`/install`, {
             payload: {
                 app_id: appId,
-                settings
+                settings,
+                oauth_params: oauthParams,
+                oauth_provider_params: oauthProviderParams,
             } satisfies AppInstallationPayload
         });
     }
@@ -131,4 +138,20 @@ export default class AppsApi extends ApiTopic {
         });
     }
 
+    /**
+     * Update the tool allowlist for an app installation.
+     * Pass null to remove all restrictions (all tools permitted).
+     */
+    updateToolAllowlist(installId: string, tool_allowlist: string[] | null): Promise<AppInstallationWithManifest> {
+        return this.put(`/installations/${installId}/tool-allowlist`, { payload: { tool_allowlist } });
+    }
+
+    /**
+     * Validate that a URL is safe to use as a remote tool/activity endpoint.
+     * Throws a ServerError(400) if the URL is blocked (SSRF protection).
+     */
+    validateUrl(url: string): Promise<ValidateUrlResponse> {
+        return this.post('/validate-url', { payload: { url } satisfies ValidateUrlRequest });
+    }
+
 }

package/src/AuditTrailApi.ts

@@ -13,7 +13,9 @@ export default class AuditTrailApi extends ApiTopic {
         if (query?.resourceTypes?.length) params.set('resourceTypes', query.resourceTypes.join(','));
         if (query?.resourceId) params.set('resourceId', query.resourceId);
         if (query?.principalId) params.set('principalId', query.principalId);
-        if (query?.principalUserId) params.set('principalUserId', query.principalUserId);
+        if (query?.principalType) params.set('principalType', query.principalType);
+        if (query?.effectivePrincipalId) params.set('effectivePrincipalId', query.effectivePrincipalId);
+        if (query?.hasEffectivePrincipal !== undefined) params.set('hasEffectivePrincipal', String(query.hasEffectivePrincipal));
         if (query?.projectId) params.set('projectId', query.projectId);
         if (query?.from) params.set('from', query.from);
         if (query?.to) params.set('to', query.to);

package/src/GroupsApi.ts

@@ -89,4 +89,13 @@ export class GroupsApi extends ApiTopic {
     removeMember(groupId: string, userId: string): Promise<UserGroup> {
         return this.del('/' + groupId + '/members/' + userId);
     }
+
+    /**
+     * Sync the account's members group with current organization members.
+     * Creates the group if it doesn't exist.
+     * @returns The synced UserGroup object
+     */
+    syncMembers(): Promise<UserGroup> {
+        return this.post('/sync-members');
+    }
 }

package/src/InteractionsApi.ts

@@ -301,7 +301,12 @@ export default class InteractionsApi extends ApiTopic {
      * @param options Optional environment and/or model to resolve with
      * @returns ResolvedInteractionExecutionInfo with the resolved environment and model
      */
-    resolve(nameOrId: string, options?: { environment?: string; model?: string }): Promise<ResolvedInteractionExecutionInfo> {
+    resolve(nameOrId: string, options?: {
+        environment?: string;
+        model?: string;
+        hasImage?: boolean;
+        hasVideo?: boolean;
+    }): Promise<ResolvedInteractionExecutionInfo> {
         return this.get(`/resolve/${encodeURIComponent(nameOrId)}`, {
             query: options
         });

package/src/OAuthClientsApi.ts

@@ -0,0 +1,33 @@
+import { ApiTopic, ClientBase } from '@vertesia/api-fetch-client';
+import type {
+    CreateOAuthClientPayload,
+    OAuthClient,
+    OAuthClientCreateResponse,
+    UpdateOAuthClientPayload,
+} from '@vertesia/common';
+
+export default class OAuthClientsApi extends ApiTopic {
+    constructor(parent: ClientBase) {
+        super(parent, '/api/v1/oauth-clients');
+    }
+
+    list(): Promise<OAuthClient[]> {
+        return this.get('/');
+    }
+
+    retrieve(clientId: string): Promise<OAuthClient> {
+        return this.get(`/${clientId}`);
+    }
+
+    create(payload: CreateOAuthClientPayload): Promise<OAuthClientCreateResponse> {
+        return this.post('/', { payload });
+    }
+
+    update(clientId: string, payload: UpdateOAuthClientPayload): Promise<OAuthClient> {
+        return this.put(`/${clientId}`, { payload });
+    }
+
+    remove(clientId: string): Promise<{ success: true }> {
+        return this.del(`/${clientId}`);
+    }
+}

package/src/OAuthGrantsApi.ts

@@ -0,0 +1,42 @@
+import { ApiTopic, ClientBase } from '@vertesia/api-fetch-client';
+import type {
+    BulkRevokeOAuthGrantsPayload,
+    ListOAuthGrantsQuery,
+    OAuthGrant,
+    OAuthGrantListResponse,
+    OAuthGrantRevokeResponse,
+} from '@vertesia/common';
+
+function toQueryRecord(query?: ListOAuthGrantsQuery): Record<string, string> | undefined {
+    if (!query) {
+        return undefined;
+    }
+
+    return Object.fromEntries(
+        Object.entries(query)
+            .filter(([, value]) => value !== undefined)
+            .map(([key, value]) => [key, String(value)]),
+    );
+}
+
+export default class OAuthGrantsApi extends ApiTopic {
+    constructor(parent: ClientBase) {
+        super(parent, '/api/v1/oauth-grants');
+    }
+
+    list(query?: ListOAuthGrantsQuery): Promise<OAuthGrantListResponse> {
+        return this.get('/', { query: toQueryRecord(query) });
+    }
+
+    retrieve(grantId: string): Promise<OAuthGrant> {
+        return this.get(`/${grantId}`);
+    }
+
+    revoke(grantId: string, query?: { include_consent?: boolean }): Promise<OAuthGrantRevokeResponse> {
+        return this.del(`/${grantId}`, { query });
+    }
+
+    revokeBulk(payload: BulkRevokeOAuthGrantsPayload): Promise<OAuthGrantRevokeResponse> {
+        return this.post('/revoke', { payload });
+    }
+}

package/src/OAuthProvidersApi.ts

@@ -0,0 +1,59 @@
+import { ApiTopic, ClientBase } from '@vertesia/api-fetch-client';
+import type {
+    CreateOAuthProviderPayload,
+    OAuthProvider,
+    OAuthProviderAuthStatus,
+    OAuthProviderAuthorizeResponse,
+    UpdateOAuthProviderPayload,
+} from '@vertesia/common';
+
+export default class OAuthProvidersApi extends ApiTopic {
+
+    constructor(parent: ClientBase) {
+        super(parent, '/api/v1/oauth-providers');
+    }
+
+    list(): Promise<OAuthProvider[]> {
+        return this.get('/');
+    }
+
+    retrieve(id: string): Promise<OAuthProvider> {
+        return this.get(`/${id}`);
+    }
+
+    create(payload: CreateOAuthProviderPayload): Promise<OAuthProvider> {
+        return this.post('/', { payload });
+    }
+
+    update(id: string, payload: UpdateOAuthProviderPayload): Promise<OAuthProvider> {
+        return this.put(`/${id}`, { payload });
+    }
+
+    remove(id: string): Promise<void> {
+        return this.del(`/${id}`);
+    }
+
+    authorize(id: string): Promise<OAuthProviderAuthorizeResponse> {
+        return this.get(`/${id}/authorize`);
+    }
+
+    exchange(code: string, state: string): Promise<{ success: boolean }> {
+        return this.post('/exchange', { payload: { code, state } });
+    }
+
+    getStatus(id: string): Promise<OAuthProviderAuthStatus> {
+        return this.get(`/${id}/status`);
+    }
+
+    connect(id: string): Promise<{ success: boolean }> {
+        return this.post(`/${id}/connect`, { payload: {} });
+    }
+
+    getToken(id: string): Promise<{ access_token: string }> {
+        return this.post(`/${id}/token`, { payload: {} });
+    }
+
+    disconnect(id: string): Promise<void> {
+        return this.del(`/${id}/disconnect`);
+    }
+}

package/src/OAuthServerApi.ts

@@ -0,0 +1,30 @@
+import { ApiTopic } from '@vertesia/api-fetch-client';
+import type {
+    ApproveOAuthAuthorizationRequestPayload,
+    CreateOAuthAuthorizationRequestPayload,
+    OAuthAuthorizationDecisionResponse,
+    OAuthAuthorizationRequest,
+} from '@vertesia/common';
+import type { ClientBase } from '@vertesia/api-fetch-client';
+
+export default class OAuthServerApi extends ApiTopic {
+    constructor(parent: ClientBase) {
+        super(parent, '/oauth');
+    }
+
+    createAuthorizationRequest(payload: CreateOAuthAuthorizationRequestPayload): Promise<OAuthAuthorizationRequest> {
+        return this.post('/requests', { payload });
+    }
+
+    retrieveRequest(requestId: string): Promise<OAuthAuthorizationRequest> {
+        return this.get(`/requests/${requestId}`);
+    }
+
+    approveRequest(requestId: string, payload: ApproveOAuthAuthorizationRequestPayload): Promise<OAuthAuthorizationDecisionResponse> {
+        return this.post(`/requests/${requestId}/approve`, { payload });
+    }
+
+    denyRequest(requestId: string): Promise<OAuthAuthorizationDecisionResponse> {
+        return this.post(`/requests/${requestId}/deny`, { payload: {} });
+    }
+}

package/src/RemoteMcpConnectionsApi.ts

@@ -0,0 +1,53 @@
+import { ApiTopic, ClientBase } from "@vertesia/api-fetch-client";
+import type {
+    McpOAuthConnectResponse,
+    McpOAuthDisconnectResponse,
+    McpOAuthTokenRequest,
+    McpOAuthTokenResponse,
+    OAuthAuthStatus,
+    OAuthAuthorizeResponse,
+    OAuthMetadataResponse
+} from "@vertesia/common";
+
+export default class RemoteMcpConnectionsApi extends ApiTopic {
+
+    constructor(parent: ClientBase) {
+        super(parent, "/api/v1/remote-mcp-connections");
+    }
+
+    getStatus(appInstallId: string): Promise<OAuthAuthStatus[]> {
+        return this.get(`/status/${appInstallId}`);
+    }
+
+    getCollectionStatus(appInstallId: string, collectionId: string): Promise<OAuthAuthStatus> {
+        return this.get(`/status/${appInstallId}/${collectionId}`);
+    }
+
+    getMetadata(appInstallId: string, collectionId: string): Promise<OAuthMetadataResponse> {
+        return this.get(`/metadata/${appInstallId}/${collectionId}`);
+    }
+
+    authorize(appInstallId: string, collectionId: string): Promise<OAuthAuthorizeResponse> {
+        return this.get(`/authorize/${appInstallId}/${collectionId}`);
+    }
+
+    connect(appInstallId: string, collectionId: string): Promise<McpOAuthConnectResponse> {
+        return this.post(`/connect/${appInstallId}/${collectionId}`, {});
+    }
+
+    disconnect(appInstallId: string, collectionId: string): Promise<McpOAuthDisconnectResponse> {
+        return this.del(`/disconnect/${appInstallId}/${collectionId}`);
+    }
+
+    getCollectionToken(appInstallId: string, collectionId: string): Promise<McpOAuthTokenResponse> {
+        return this.post('/token', {
+            payload: { app_install_id: appInstallId, collection_id: collectionId } satisfies McpOAuthTokenRequest,
+        });
+    }
+
+    getToken(mcpServerUrl: string): Promise<McpOAuthTokenResponse> {
+        return this.post('/token', {
+            payload: { mcp_server_url: mcpServerUrl } satisfies McpOAuthTokenRequest
+        });
+    }
+}

package/src/RunsApi.ts

@@ -7,6 +7,8 @@ import {
     FindPayload,
     PopulatedExecutionRun,
     RunCreatePayload,
+    ExecutionRunDocRef,
+    RunClonePayload,
     RunListingFilters,
     RunListingQueryOptions,
     RunSearchPayload,
@@ -143,19 +145,10 @@ export class RunsApi extends ApiTopic {
     }
 
     /**
-     * Restart a failed/terminated conversation workflow.
-     * Loads conversation history from the old run and starts a new workflow
-     * running the latest code.
+     * Clone an existing ExecutionRun for fork workflows.
+     * Creates a new run with the same interaction/config but fresh status.
      */
-    restart(runId: string): Promise<{ runId: string; workflowId: string }> {
-        return this.post(`/${runId}/restart`, {});
-    }
-
-    /**
-     * Fork a conversation workflow — works even if the original is still running.
-     * Creates a new workflow with the conversation history from the source run.
-     */
-    fork(runId: string): Promise<{ runId: string; workflowId: string }> {
-        return this.post(`/${runId}/fork`, {});
+    clone(payload: RunClonePayload): Promise<ExecutionRunDocRef> {
+        return this.post('/clone', { payload });
     }
 }

package/src/client.test.ts

@@ -62,15 +62,15 @@ describe('Test Vertesia Client', () => {
         expect(client.tokenServerUrl).toBe('https://sts.vertesia.io');
     });
 
-    test('Initialization with site api-staging.vertesia.io', () => {
+    test('Initialization with site api.dev1.vertesia.io', () => {
         const client = new VertesiaClient({
-            site: 'api-staging.vertesia.io',
+            site: 'api.dev1.vertesia.io',
         });
 
         expect(client).toBeDefined();
-        expect(client.baseUrl).toBe('https://api-staging.vertesia.io');
-        expect(client.storeUrl).toBe('https://api-staging.vertesia.io');
-        expect(client.tokenServerUrl).toBe('https://sts-staging.vertesia.io');
+        expect(client.baseUrl).toBe('https://api.dev1.vertesia.io');
+        expect(client.storeUrl).toBe('https://api.dev1.vertesia.io');
+        expect(client.tokenServerUrl).toBe('https://sts.dev1.vertesia.io');
     });
 
     test('Initialization with regional serverUrl (api.us1)', () => {
@@ -82,9 +82,7 @@ describe('Test Vertesia Client', () => {
         expect(client).toBeDefined();
         expect(client.baseUrl).toBe('https://api.us1.vertesia.io');
         expect(client.storeUrl).toBe('https://api.us1.vertesia.io');
-        // api.us1 → hostname startsWith("api") → replace api→sts → sts.us1.vertesia.io
-        // URL.toString() adds trailing /
-        expect(client.tokenServerUrl).toBe('https://sts.us1.vertesia.io/');
+        expect(client.tokenServerUrl).toBe('https://sts.us1.vertesia.io');
     });
 
     test('Initialization with regional serverUrl (api.eu1)', () => {
@@ -96,7 +94,7 @@ describe('Test Vertesia Client', () => {
         expect(client).toBeDefined();
         expect(client.baseUrl).toBe('https://api.eu1.vertesia.io');
         expect(client.storeUrl).toBe('https://api.eu1.vertesia.io');
-        expect(client.tokenServerUrl).toBe('https://sts.eu1.vertesia.io/');
+        expect(client.tokenServerUrl).toBe('https://sts.eu1.vertesia.io');
     });
 
     test('Initialization with regional preview serverUrl (api-preview.us1)', () => {
@@ -107,8 +105,8 @@ describe('Test Vertesia Client', () => {
 
         expect(client).toBeDefined();
         expect(client.baseUrl).toBe('https://api-preview.us1.vertesia.io');
-        // hostname includes "-preview." → routes to production STS (preview uses prod STS)
-        expect(client.tokenServerUrl).toBe('https://sts.vertesia.io');
+        // preview strips -preview., then api → sts: sts.us1.vertesia.io
+        expect(client.tokenServerUrl).toBe('https://sts.us1.vertesia.io');
     });
 
     test('Initialization with site localhost', () => {