forkit-connect 0.1.0 → 0.1.3

package/dist/v1/api.d.ts

@@ -233,16 +233,77 @@ export interface DeploymentListResponse {
     } | null;
     sessions?: DeploymentSessionResponse[];
 }
+export interface DeploymentScopeQuery {
+    workspaceId?: string | null;
+    projectId?: string | null;
+}
+export interface DeploymentSummaryResponse {
+    gaid?: string | null;
+    summary?: DeploymentListResponse['summary'] | null;
+}
+export interface DeploymentLivenessResponse {
+    gaid?: string | null;
+    checkinStatus?: string | null;
+    lastCheckinAt?: string | null;
+    metadata?: Record<string, unknown> | null;
+}
+export interface PassportLedgerEntry {
+    id?: string | null;
+    eventType?: string | null;
+    eventGroup?: string | null;
+    actorType?: string | null;
+    actorLabel?: string | null;
+    occurredAt?: string | null;
+    reasonRequired?: boolean | null;
+    approvalState?: string | null;
+    metadata?: Record<string, unknown> | null;
+}
+export interface PassportLedgerPolicy {
+    canExport?: boolean;
+    viewerRole?: string | null;
+    retentionDays?: number | null;
+}
+export interface PassportLedgerResponse {
+    gaid?: string | null;
+    ledger?: PassportLedgerEntry[];
+    total?: number | null;
+    hasMore?: boolean;
+    visibility?: 'full' | 'public_safe' | string;
+    policy?: PassportLedgerPolicy | null;
+}
+export interface PassportLedgerQuery {
+    limit?: number;
+    actorTypes?: string | string[];
+    eventGroups?: string | string[];
+    q?: string;
+    download?: 'json' | 'csv';
+}
+export type DeploymentSessionControlAction = 'pause' | 'resume' | 'revoke';
+export interface DeploymentSessionControlRequest {
+    reason?: string;
+}
 export declare class ConnectApiClient {
     private readonly config;
     constructor(config: ConnectApiConfig);
+    private buildApiUrl;
+    private buildPassportApiPath;
+    private appendScopeParams;
+    private appendCsvParam;
     private getHeaders;
     private parseContract;
     getPassportsMine(limit?: number): Promise<ApiCallResult>;
     getProductSummary(): Promise<ApiCallResult>;
     createPassportDraft(payload: Record<string, unknown>): Promise<ApiCallResult>;
     pushRuntimeSignalEvent(payload: Record<string, unknown>): Promise<ApiCallResult>;
-    getDeployments(gaid: string): Promise<ApiCallResult>;
+    pushRuntimeRunLog(payload: Record<string, unknown>): Promise<ApiCallResult>;
+    getDeployments(gaid: string, scope?: DeploymentScopeQuery): Promise<ApiCallResult>;
+    getDeploymentSummary(gaid: string, scope?: DeploymentScopeQuery): Promise<ApiCallResult>;
+    getDeploymentLiveness(gaid: string, scope?: DeploymentScopeQuery): Promise<ApiCallResult>;
+    getPassportLedger(gaid: string, query?: PassportLedgerQuery, scope?: DeploymentScopeQuery): Promise<ApiCallResult>;
+    controlDeploymentSession(gaid: string, sessionId: string, action: DeploymentSessionControlAction, payload?: DeploymentSessionControlRequest, scope?: DeploymentScopeQuery): Promise<ApiCallResult>;
+    pauseDeploymentSession(gaid: string, sessionId: string, payload?: DeploymentSessionControlRequest, scope?: DeploymentScopeQuery): Promise<ApiCallResult>;
+    resumeDeploymentSession(gaid: string, sessionId: string, payload?: DeploymentSessionControlRequest, scope?: DeploymentScopeQuery): Promise<ApiCallResult>;
+    revokeDeploymentSession(gaid: string, sessionId: string, payload?: DeploymentSessionControlRequest, scope?: DeploymentScopeQuery): Promise<ApiCallResult>;
     sendDeploymentCheckin(gaid: string, payload: DeploymentCheckinRequest): Promise<ApiCallResult>;
     getProfileAccess(): Promise<ApiCallResult>;
     getWorkspaceProjects(workspaceId: string): Promise<ApiCallResult>;

package/dist/v1/api.js

@@ -23,6 +23,36 @@ class ConnectApiClient {
     constructor(config) {
         this.config = config;
     }
+    buildApiUrl(path, params) {
+        const query = params && params.toString();
+        return `${this.config.baseUrl}${path}${query ? `?${query}` : ''}`;
+    }
+    buildPassportApiPath(gaid, suffix = '') {
+        return `/api/v1/passports/${encodeURIComponent(gaid)}${suffix}`;
+    }
+    appendScopeParams(params, scope) {
+        const workspaceId = String(scope?.workspaceId || '').trim();
+        const projectId = String(scope?.projectId || '').trim();
+        if (workspaceId) {
+            params.set('workspaceId', workspaceId);
+        }
+        if (projectId) {
+            params.set('projectId', projectId);
+        }
+    }
+    appendCsvParam(params, key, value) {
+        if (Array.isArray(value)) {
+            const normalized = value.map((entry) => String(entry || '').trim()).filter(Boolean);
+            if (normalized.length) {
+                params.set(key, normalized.join(','));
+            }
+            return;
+        }
+        const normalized = String(value || '').trim();
+        if (normalized) {
+            params.set(key, normalized);
+        }
+    }
     getHeaders(extra) {
         const headers = {
             'Content-Type': 'application/json',
@@ -122,8 +152,39 @@ class ConnectApiClient {
             contract: this.parseContract(res),
         };
     }
-    async getDeployments(gaid) {
-        const url = `${this.config.baseUrl}/api/v1/passports/${encodeURIComponent(gaid)}/deployments`;
+    async pushRuntimeRunLog(payload) {
+        const url = `${this.config.baseUrl}/api/v1/runtime-signals/runs`;
+        const res = await fetch(url, {
+            method: 'POST',
+            headers: this.getHeaders(),
+            body: JSON.stringify(payload),
+        });
+        return {
+            ok: res.ok,
+            status: res.status,
+            body: await this.parseBody(res),
+            contract: this.parseContract(res),
+        };
+    }
+    async getDeployments(gaid, scope) {
+        const params = new URLSearchParams();
+        this.appendScopeParams(params, scope);
+        const url = this.buildApiUrl(this.buildPassportApiPath(gaid, '/deployments'), params);
+        const res = await fetch(url, {
+            method: 'GET',
+            headers: this.getHeaders(),
+        });
+        return {
+            ok: res.ok,
+            status: res.status,
+            body: await this.parseBody(res),
+            contract: this.parseContract(res),
+        };
+    }
+    async getDeploymentSummary(gaid, scope) {
+        const params = new URLSearchParams();
+        this.appendScopeParams(params, scope);
+        const url = this.buildApiUrl(this.buildPassportApiPath(gaid, '/deployments/summary'), params);
         const res = await fetch(url, {
             method: 'GET',
             headers: this.getHeaders(),
@@ -135,6 +196,74 @@ class ConnectApiClient {
             contract: this.parseContract(res),
         };
     }
+    async getDeploymentLiveness(gaid, scope) {
+        const params = new URLSearchParams();
+        this.appendScopeParams(params, scope);
+        const url = this.buildApiUrl(this.buildPassportApiPath(gaid, '/liveness'), params);
+        const res = await fetch(url, {
+            method: 'GET',
+            headers: this.getHeaders(),
+        });
+        return {
+            ok: res.ok,
+            status: res.status,
+            body: await this.parseBody(res),
+            contract: this.parseContract(res),
+        };
+    }
+    async getPassportLedger(gaid, query = {}, scope) {
+        const params = new URLSearchParams();
+        if (Number.isFinite(query.limit) && Number(query.limit) > 0) {
+            params.set('limit', String(Math.floor(Number(query.limit))));
+        }
+        this.appendCsvParam(params, 'actorTypes', query.actorTypes);
+        this.appendCsvParam(params, 'eventGroups', query.eventGroups);
+        const textQuery = String(query.q || '').trim();
+        if (textQuery) {
+            params.set('q', textQuery);
+        }
+        if (query.download) {
+            params.set('download', query.download);
+        }
+        this.appendScopeParams(params, scope);
+        const url = this.buildApiUrl(this.buildPassportApiPath(gaid, '/ledger'), params);
+        const res = await fetch(url, {
+            method: 'GET',
+            headers: this.getHeaders(),
+        });
+        return {
+            ok: res.ok,
+            status: res.status,
+            body: await this.parseBody(res),
+            contract: this.parseContract(res),
+        };
+    }
+    async controlDeploymentSession(gaid, sessionId, action, payload = {}, scope) {
+        const params = new URLSearchParams();
+        this.appendScopeParams(params, scope);
+        const path = this.buildPassportApiPath(gaid, `/deployments/${encodeURIComponent(sessionId)}/${action}`);
+        const url = this.buildApiUrl(path, params);
+        const res = await fetch(url, {
+            method: 'POST',
+            headers: this.getHeaders(),
+            body: JSON.stringify(payload),
+        });
+        return {
+            ok: res.ok,
+            status: res.status,
+            body: await this.parseBody(res),
+            contract: this.parseContract(res),
+        };
+    }
+    async pauseDeploymentSession(gaid, sessionId, payload = {}, scope) {
+        return this.controlDeploymentSession(gaid, sessionId, 'pause', payload, scope);
+    }
+    async resumeDeploymentSession(gaid, sessionId, payload = {}, scope) {
+        return this.controlDeploymentSession(gaid, sessionId, 'resume', payload, scope);
+    }
+    async revokeDeploymentSession(gaid, sessionId, payload = {}, scope) {
+        return this.controlDeploymentSession(gaid, sessionId, 'revoke', payload, scope);
+    }
     async sendDeploymentCheckin(gaid, payload) {
         const url = `${this.config.baseUrl}/api/v1/passports/${encodeURIComponent(gaid)}/deployments/checkin`;
         const res = await fetch(url, {

package/dist/v1/credential-store.d.ts

@@ -20,6 +20,7 @@ export interface ConnectCredentialStoreStatus {
     available: boolean;
     detail: string;
     legacyPlaintextFilePresent: boolean;
+    plaintextFallbackActive: boolean;
 }
 type WindowsDpapiOperation = 'status' | 'read' | 'write' | 'delete';
 interface WindowsDpapiCommandOptions {

package/dist/v1/credential-store.js

@@ -19,6 +19,7 @@ class ConnectCredentialStoreError extends Error {
 exports.ConnectCredentialStoreError = ConnectCredentialStoreError;
 const SERVICE_BASE_NAME = 'ForkitConnect';
 const LEGACY_SERVICE_NAME = SERVICE_BASE_NAME;
+const LINUX_SECRET_TOOL_TIMEOUT_MS = 1200;
 function nowIso() {
     return new Date().toISOString();
 }
@@ -274,6 +275,7 @@ class LinuxSecretServiceBackend {
             ...this.baseArgs(account),
         ], {
             encoding: 'utf8',
+            timeout: LINUX_SECRET_TOOL_TIMEOUT_MS,
         });
         if (result.error) {
             const detail = errnoCode(result.error) === 'ENOENT'
@@ -298,6 +300,7 @@ class LinuxSecretServiceBackend {
         ], {
             encoding: 'utf8',
             input: `${value}\n`,
+            timeout: LINUX_SECRET_TOOL_TIMEOUT_MS,
         });
         if (result.error) {
             const detail = errnoCode(result.error) === 'ENOENT'
@@ -316,6 +319,7 @@ class LinuxSecretServiceBackend {
             ...this.baseArgs(account),
         ], {
             encoding: 'utf8',
+            timeout: LINUX_SECRET_TOOL_TIMEOUT_MS,
         });
         if (result.error) {
             const detail = errnoCode(result.error) === 'ENOENT'
@@ -338,6 +342,7 @@ class LinuxSecretServiceBackend {
         }
         const result = (0, node_child_process_1.spawnSync)('secret-tool', ['search', 'service', this.serviceName], {
             encoding: 'utf8',
+            timeout: LINUX_SECRET_TOOL_TIMEOUT_MS,
         });
         if (result.error) {
             return {
@@ -495,7 +500,7 @@ class ConnectCredentialStore {
         this.credentialFile = node_path_1.default.join(stateDir, 'credentials.v1.json');
         this.backend = backend ?? createDefaultSecureCredentialBackend(stateDir);
         this.legacyBackend = legacyBackend === undefined ? createLegacySecureCredentialBackend() : legacyBackend;
-        this.allowPlaintextFallback = process.env.FORKIT_CONNECT_ALLOW_PLAINTEXT_FALLBACK !== '0';
+        this.allowPlaintextFallback = process.env.FORKIT_CONNECT_ALLOW_PLAINTEXT_FALLBACK === '1';
     }
     getCredentialFilePath() {
         return this.credentialFile;
@@ -504,14 +509,18 @@ class ConnectCredentialStore {
         const backendStatus = this.backend.getStatus();
         const legacyPlaintextFilePresent = node_fs_1.default.existsSync(this.credentialFile);
         const fallbackActive = this.allowPlaintextFallback && legacyPlaintextFilePresent;
+        const disabledFallbackDetail = !this.allowPlaintextFallback && legacyPlaintextFilePresent
+            ? ` Plaintext fallback is disabled by default; remove ${this.credentialFile} after migrating credentials into secure storage.`
+            : '';
         const detail = fallbackActive
             ? `${this.lastBackendError?.message ?? backendStatus.detail} Connect is using local plaintext credential fallback at ${this.credentialFile}.`
-            : this.lastBackendError?.message ?? backendStatus.detail;
+            : `${this.lastBackendError?.message ?? backendStatus.detail}${disabledFallbackDetail}`;
         return {
             backend: backendStatus.backend,
             available: fallbackActive || (backendStatus.available && !this.lastBackendError),
             detail,
             legacyPlaintextFilePresent,
+            plaintextFallbackActive: fallbackActive,
         };
     }
     migrateLegacyPlaintextFile() {
@@ -603,6 +612,9 @@ class ConnectCredentialStore {
         return `runtimeSignal:${gaid}`;
     }
     readAccount(account) {
+        if (this.cache.has(account)) {
+            return this.cache.get(account) ?? null;
+        }
         try {
             const current = this.backend.read(account);
             if (current) {
@@ -631,7 +643,7 @@ class ConnectCredentialStore {
             }
             return legacy;
         }
-        this.cache.delete(account);
+        this.cache.set(account, null);
         return null;
     }
     writeAccount(account, value) {

package/dist/v1/service.d.ts

@@ -1,5 +1,6 @@
+import { type ApiCallResult } from './api';
 import { type ObservedAgentToolCallInput, type ObservedAgentToolCallResult, type ObservedAgentToolName } from './agent-observation';
-import { type SecureCredentialBackend } from './credential-store';
+import { type ConnectCredentialStoreStatus, type SecureCredentialBackend } from './credential-store';
 import { type AgentProcessMetadata, type ProcessListEntry } from './process-scout';
 import { LocalStateStore } from './state';
 import { type VitalityPulseDependencies } from './vitality-pulse';
@@ -141,7 +142,7 @@ interface RemotePassportReconcileResult {
 }
 export interface TrainInitResult {
     buildSession: BuildSession;
-    draftAction: 'draft_created' | 'draft_queued';
+    draftAction: 'bound' | 'draft_created' | 'draft_queued';
     draftId: string | null;
     gaid: string | null;
     payload: Record<string, unknown>;
@@ -262,11 +263,23 @@ export interface ConnectStatusOverview {
 export declare class ConnectV1Service {
     private readonly stateStore;
     private readonly credentialStore;
+    private smartInboxBackgroundRefreshInFlight;
     constructor(stateDir?: string, options?: {
         credentialBackend?: SecureCredentialBackend;
         legacyCredentialBackend?: SecureCredentialBackend | null;
     });
     getStateStore(): LocalStateStore;
+    private cloneInboxSnapshot;
+    private withInboxFreshness;
+    private persistSmartInboxSnapshot;
+    getSmartRegistrationInbox(options?: {
+        forceRefresh?: boolean;
+        preferSnapshot?: boolean;
+        maxSnapshotAgeMs?: number;
+        refreshInBackground?: boolean;
+    }): SmartRegistrationInbox;
+    refreshSmartRegistrationInboxInBackground(): void;
+    prewarmSmartRegistrationInbox(): Promise<void>;
     private getStoredSessionRef;
     private getEnvironmentSessionRef;
     private getActiveSessionRef;
@@ -325,6 +338,7 @@ export declare class ConnectV1Service {
     private buildStandardBindingConsentProfile;
     bindWorkspaceProject(workspaceId: string | null, projectId: string | null): Promise<ConnectBindingScopeSelectionResult>;
     getStatus(): StatusResult;
+    getCredentialStoreStatus(): ConnectCredentialStoreStatus;
     getConfig(): ConnectConfig;
     getServiceEntitlements(): ServiceEntitlements;
     private getApiClient;
@@ -389,6 +403,8 @@ export declare class ConnectV1Service {
     private buildModelVerificationSummary;
     private buildRuntimeVerificationSummary;
     private findConnectableModelForRuntime;
+    private hasExactBoundPassportForModel;
+    private runtimeHasExactBoundModelDuplicate;
     private clearModelReviewDeferral;
     private buildPassportMatchSuggestionForModel;
     private normalizeRemotePassportList;
@@ -402,8 +418,12 @@ export declare class ConnectV1Service {
     private findAgentModelCandidate;
     private getDefaultRuntimeSignalApiKey;
     private findBindingByGaid;
+    private findTrainingAnchorBinding;
+    private anchorBuildSessionToBinding;
+    private resolveRuntimeRunScope;
     private getPrimaryBoundBinding;
     private setRuntimeSignalApiKeyForGaid;
+    private clearRuntimeSignalApiKeyForGaid;
     private resolveRuntimeSignalApiKeyForEvent;
     /**
      * Promote local-only events (no passport_gaid) by assigning the given gaid.
@@ -488,6 +508,27 @@ export declare class ConnectV1Service {
         metadata?: Record<string, unknown>;
     }): C2LifecycleEvent;
     getC2Status(): C2StatusResult;
+    emitRuntimeRunLog(input: {
+        gaid: string;
+        apiKey?: string | null;
+        provider: string;
+        model: string;
+        serviceName: string;
+        serviceKind?: string | null;
+        runId?: string | null;
+        externalRunId?: string | null;
+        status?: string | null;
+        startedAt?: string | null;
+        endedAt?: string | null;
+        promptTokens?: number | undefined;
+        completionTokens?: number | undefined;
+        cachedPromptTokens?: number | undefined;
+        reasoningTokens?: number | undefined;
+        latencyMs?: number | undefined;
+        estimatedCostCents?: number | undefined;
+        currency?: string | null;
+        summary?: string | null;
+    }): Promise<ApiCallResult>;
     private findAgentByIdOrName;
     private findAgentLink;
     private findLinkedModelForAgent;
@@ -540,7 +581,9 @@ export declare class ConnectV1Service {
     getAgentStatus(): AgentStatusResult;
     getAgentModelUsageLedger(selector?: string): AgentModelUsageLedgerSummary;
     buildSmartRegistrationInbox(): SmartRegistrationInbox;
-    getConnectStatusOverview(): ConnectStatusOverview;
+    getConnectStatusOverview(options?: {
+        includeInbox?: boolean;
+    }): ConnectStatusOverview;
     private resolveRecommendedNextAction;
     getTrayStatus(): TrayStatusResult;
     private getInboxDetailText;
@@ -552,6 +595,15 @@ export declare class ConnectV1Service {
     private getNotificationRuntimeLabel;
     private getNotificationSourceSummary;
     getNotificationCandidates(): NotificationCandidate[];
+    private getNotificationMetadataNumber;
+    private getMaxNotificationMetadataNumber;
+    private pluralizeNotificationNoun;
+    private buildConnectInboxReviewNotification;
+    private buildRuntimeAttentionNotification;
+    private buildGovernanceControlNotification;
+    private buildSyncAttentionNotification;
+    private getNotificationDeliveryCandidates;
+    getNotificationDeliveryPreview(candidates?: NotificationCandidate[]): NotificationCandidate[];
     private getNotificationTargetId;
     private wasNotificationRecentlyDelivered;
     private markNotificationDelivered;
@@ -669,9 +721,11 @@ export declare class ConnectV1Service {
     queueConfiguredHeartbeatRuntimeSignal(gaid: string | null): string | null;
     runDoctorChecks(): Promise<DoctorCheck[]>;
     markModelIgnored(modelName: string, digest: string): boolean;
+    ignoreDetectedModel(selector: string): boolean;
     deferDetectedModel(selector: string, deferHours?: number): boolean;
     markRuntimeIgnored(selector: string): boolean;
     deferRuntimeSuggestion(selector: string, deferHours?: number): boolean;
+    ignoreRuntimeSuggestion(selector: string): boolean;
     notImplemented(feature: string): never;
     ensureNoProductionPolicyBypass(): void;
     createEvidenceId(): string;