@zeroxyz/sdk 0.9.0 → 0.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +14 -0
- package/README.md +42 -6
- package/dist/{chunk-T6JT5NV5.js → chunk-A7WZYQXS.js} +529 -150
- package/dist/chunk-A7WZYQXS.js.map +1 -0
- package/dist/{chunk-O7QJMY3Y.cjs → chunk-IFVGW4ZN.cjs} +534 -150
- package/dist/chunk-IFVGW4ZN.cjs.map +1 -0
- package/dist/{client-Du4zQHef.d.cts → client-D_ohktBl.d.cts} +178 -19
- package/dist/{client-Du4zQHef.d.ts → client-D_ohktBl.d.ts} +178 -19
- package/dist/index.cjs +303 -36
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +109 -3
- package/dist/index.d.ts +109 -3
- package/dist/index.js +232 -2
- package/dist/index.js.map +1 -1
- package/dist/testing.cjs +2 -2
- package/dist/testing.d.cts +1 -1
- package/dist/testing.d.ts +1 -1
- package/dist/testing.js +1 -1
- package/package.json +2 -2
- package/dist/chunk-O7QJMY3Y.cjs.map +0 -1
- package/dist/chunk-T6JT5NV5.js.map +0 -1
package/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,20 @@ All notable changes to `@zeroxyz/sdk` will be documented in this file.
|
|
|
4
4
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html) — with the pre-1.0 caveat that minor versions may include breaking changes.
|
|
6
6
|
|
|
7
|
+
## 0.10.0
|
|
8
|
+
|
|
9
|
+
### Changed
|
|
10
|
+
|
|
11
|
+
- **BREAKING: `client.wallet.address` is now an async method** (was a sync getter). In account mode it resolves the configured account's address locally (no network, same value as before); in session mode — where the getter used to return `null` — it now resolves the user's managed (Privy-embedded) wallet, provisioning one on first call. It throws instead of returning `null` when the client has no credentials. Migration: `client.wallet.address` → `await client.wallet.address()`. (ZERO-433)
|
|
12
|
+
- **BREAKING: `client.wallet.migrateAuthorization()` removed** along with the `MigrateAuthorization` / `MigrateAuthorizationResponse` types. It existed solely for the CLI's legacy BYO→managed sweep (`zero wallet migrate`), which is removed — usage was near zero and net-new users never need it (ZERO-465). The server route still exists; its removal is tracked separately.
|
|
13
|
+
|
|
14
|
+
### Added
|
|
15
|
+
|
|
16
|
+
- **`client.auth.agent`** — the auth.md agent-account lifecycle (AuthKit Agents), moved from the CLI so any consumer can mint and claim autonomous agent accounts: `signup()` (anonymous registration → assertion exchange → Zero session, all in one call), plus the granular `register()`, `exchangeAssertion()`, `exchangeAtZero()`, `startClaim()`, `completeClaim()`, and `endpoints()` (RFC 9728/8414 discovery, cached). Failures on the AuthKit-hosted surface throw the new `ZeroAgentAuthError` (`status`, `body`, `serverCode`). Exported types: `AgentSignupResult`, `AgentRegistration`, `AgentToken`, `AgentZeroSession`, `AgentClaimAttempt`, `AgentVerifiedIdentity`, `CompleteClaimResult`, `AgentAuthEndpoints`. (ZERO-433)
|
|
17
|
+
- **`client.ping()`** — polls `/health` until the API is ready (bounded attempts, never throws). For warming a cold container before dependent work. (ZERO-433)
|
|
18
|
+
- **`BugReports.create()` generates an idempotency key by default** when `idempotencyKey` is omitted; pass `contextSeed` to make the auto-key deterministic per context. Previously only the CLI deduplicated bug reports. (ZERO-433)
|
|
19
|
+
- Pure helpers lifted from the CLI so all consumers share them: `inferSchema(value)`, `tryParseJson(text)`, `urlMatchesTemplate(url, template)`, plus schema-rendering helpers (`sampleValueFor`, `placeholderFor`, `paramAttrs`, `schemaTypeLabel`, `constraintHint`) and `centsToDollars(cents)`. A number of further exports (display formatters, chain constants, `detectAgentHost`, redaction helpers) are marked `@internal` — they exist so Zero's own surfaces render identically and aren't part of the supported partner contract. (ZERO-433)
|
|
20
|
+
|
|
7
21
|
## 0.9.0
|
|
8
22
|
|
|
9
23
|
### Added
|
package/README.md
CHANGED
|
@@ -118,6 +118,14 @@ await client.fetch(cap.url, {
|
|
|
118
118
|
|
|
119
119
|
If you'd rather inspect the schema yourself, the SDK exports the pure helpers it uses: `extractInputEnvelope(bodySchema, method)` (the query-param / body schema nodes), `unwrapTransportEnvelope(exampleRequest)` (the inner request from a stored example), and `normalizeTransportEnvelopeRequest(url, { method, body })` (the `{ url, method, body }` the wire request should use).
|
|
120
120
|
|
|
121
|
+
Additional utilities exported from `@zeroxyz/sdk`:
|
|
122
|
+
|
|
123
|
+
- `inferSchema(value)` — deterministic structural walk of a JSON value to a JSON-schema-ish draft (types + field names, no values). Useful for logging anonymized request/response shapes.
|
|
124
|
+
- `tryParseJson(text)` — returns parsed JSON or `null` on failure (no throw).
|
|
125
|
+
- `urlMatchesTemplate(url, template)` — returns `true` when a URL matches a path template like `https://api.example.com/users/{id}`. Mirrors the server-side `templateToRegex` logic.
|
|
126
|
+
|
|
127
|
+
A few further exports (display formatters, chain constants) exist so Zero's own surfaces (CLI, MCP plugin) render identically; they're marked `@internal` and aren't part of the supported partner contract.
|
|
128
|
+
|
|
121
129
|
```ts
|
|
122
130
|
const result = await client.fetch(url, {
|
|
123
131
|
method: "POST",
|
|
@@ -178,7 +186,7 @@ for (const warning of result.warnings ?? []) {
|
|
|
178
186
|
| `payment` | `PaymentResult \| null` | `{ protocol, chain, txHash, amount, asset, … }` when a payment settled; `null` on a free call. |
|
|
179
187
|
| `runId` | `string \| null` | The recorded run, for `runs.review()`. **`null` unless you pass `capabilityId`** (and a wallet is configured). |
|
|
180
188
|
| `latencyMs` | `number` | End-to-end call latency. |
|
|
181
|
-
| `upstreamError` | `UpstreamError?` | Present on `server_error` — the capability's own 4xx/5xx detail. |
|
|
189
|
+
| `upstreamError` | `UpstreamError?` | Present on `server_error` — the capability's own 4xx/5xx detail (`status`, `message`, `snippetHash`). Carries a `fixHint` string for caller-fixable 4xx shapes (wrong HTTP method, unparseable JSON body, unrecognized/extra fields, content-type mismatch, missing required field). |
|
|
182
190
|
| `warnings` | `string[]?` | Non-fatal notes (truncated body, MPP close failure, …) — keyed by `FETCH_WARNINGS`. |
|
|
183
191
|
| `runTrackingSkipped` | `string[]?` | Why a run wasn't recorded (e.g. no `capabilityId`) — keyed by `FETCH_SKIP_REASONS`. |
|
|
184
192
|
|
|
@@ -200,8 +208,9 @@ The wallet you construct the client with **is** the agent's identity — paid ca
|
|
|
200
208
|
The same two primitives serve both:
|
|
201
209
|
|
|
202
210
|
```ts
|
|
203
|
-
// The
|
|
204
|
-
|
|
211
|
+
// The address this client acts as. Account mode resolves locally; session
|
|
212
|
+
// mode resolves the user's primary managed wallet (provisioning on first call).
|
|
213
|
+
await client.wallet.address();
|
|
205
214
|
|
|
206
215
|
// Balance in USDC. Sums Base + Tempo by default; pass a chain for just one.
|
|
207
216
|
const { amount } = await client.wallet.balance(); // e.g. "12.50"
|
|
@@ -212,7 +221,7 @@ const onBase = await client.wallet.balance({ chain: "base" });
|
|
|
212
221
|
const url = await client.wallet.fundingUrl({ amount: "10" });
|
|
213
222
|
```
|
|
214
223
|
|
|
215
|
-
Poll `balance()` to decide when to top up. Then either open `fundingUrl()` yourself to refill the shared wallet — from an ops dashboard, a low-balance alert, or alongside a direct USDC transfer to `wallet.address` — or hand the link to the end user. Either way the link is **single-use** and burns when opened, so generate it at the moment of funding and don't pre-open one you intend to give to someone else.
|
|
224
|
+
Poll `balance()` to decide when to top up. Then either open `fundingUrl()` yourself to refill the shared wallet — from an ops dashboard, a low-balance alert, or alongside a direct USDC transfer to the `wallet.address()` result — or hand the link to the end user. Either way the link is **single-use** and burns when opened, so generate it at the moment of funding and don't pre-open one you intend to give to someone else.
|
|
216
225
|
|
|
217
226
|
In **session mode** (acting for a Zero user) the wallet is Zero-managed, and a couple more methods apply:
|
|
218
227
|
|
|
@@ -221,14 +230,16 @@ await client.wallet.list(); // every wallet linked to the session user
|
|
|
221
230
|
await client.wallet.provision(); // create the user's managed wallet (idempotent)
|
|
222
231
|
```
|
|
223
232
|
|
|
224
|
-
|
|
233
|
+
`wallet.address()` covers the common case (resolve — or provision — the primary managed wallet); reach for `list()`/`provision()` directly only when you need the full wallet objects or explicit provisioning.
|
|
225
234
|
|
|
226
235
|
## Namespaces
|
|
227
236
|
|
|
228
237
|
Beyond `search()` and `fetch()`, the client groups the rest of the API into resource namespaces:
|
|
229
238
|
|
|
230
239
|
```ts
|
|
231
|
-
// Search — ranked capabilities for a query (no auth required)
|
|
240
|
+
// Search — ranked capabilities for a query (no auth required).
|
|
241
|
+
// No implicit price cap: omitting maxCost returns results at any price.
|
|
242
|
+
// Pass a value to cap costs (e.g. "0.05" for a tight cap, "0" for free-only).
|
|
232
243
|
const { capabilities } = await client.search("translate text to french", {
|
|
233
244
|
maxCost: "0.05", // optional: only results at or under this price
|
|
234
245
|
protocol: "x402", // optional: "x402" | "mpp"
|
|
@@ -272,8 +283,33 @@ await client.auth.logout(refreshToken); // revoke the session server-side
|
|
|
272
283
|
const device = await client.auth.device.start();
|
|
273
284
|
console.log(device.verificationUri, device.userCode);
|
|
274
285
|
const grant = await client.auth.device.poll(device.deviceCode);
|
|
286
|
+
|
|
287
|
+
// Agent accounts (auth.md) — fully autonomous signup, no browser or human.
|
|
288
|
+
// Persist registration.claimToken + registration.identityAssertion securely:
|
|
289
|
+
// they are returned exactly once. `session` is a Zero session for the account.
|
|
290
|
+
const { registration, session } = await client.auth.agent.signup();
|
|
291
|
+
|
|
292
|
+
// A human can claim ownership of the account later. startClaim() returns a
|
|
293
|
+
// hosted URL; the page shows the HUMAN a pairing code (the reverse of the
|
|
294
|
+
// device flow) which they read back for completeClaim().
|
|
295
|
+
if (registration.claimToken) {
|
|
296
|
+
const attempt = await client.auth.agent.startClaim({
|
|
297
|
+
claimToken: registration.claimToken,
|
|
298
|
+
email: "human@example.com",
|
|
299
|
+
});
|
|
300
|
+
console.log(attempt.verificationUri);
|
|
301
|
+
const claimed = await client.auth.agent.completeClaim({
|
|
302
|
+
claimToken: registration.claimToken,
|
|
303
|
+
userCode: "1234-5678", // read back by the human
|
|
304
|
+
});
|
|
305
|
+
// claimed.status: "ok" | "not_confirmed" | "invalid_code" | "expired" —
|
|
306
|
+
// on "ok", exchange the fresh assertion for a post-claim session:
|
|
307
|
+
// exchangeAssertion(claimed.identityAssertion) → exchangeAtZero(accessToken)
|
|
308
|
+
}
|
|
275
309
|
```
|
|
276
310
|
|
|
311
|
+
Errors from the AuthKit-hosted agent-auth surface throw `ZeroAgentAuthError` (`status`, `body`, and `serverCode` — the server's own error code, e.g. `claim_expired`).
|
|
312
|
+
|
|
277
313
|
## Multi-tenant servers
|
|
278
314
|
|
|
279
315
|
A server that signs as a different end-user wallet on each request shouldn't build a fresh `ZeroClient` every call. Pass the wallet per call, or derive a reusable sub-client:
|