lemma-sdk 0.2.2 → 0.2.4

package/dist/browser/lemma-client.js

@@ -3,7 +3,7 @@
 "./browser.js": function (module, exports, require) {
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ApiError = exports.AuthManager = exports.LemmaClient = void 0;
+exports.ApiError = exports.resolveSafeRedirectUri = exports.buildAuthUrl = exports.AuthManager = exports.LemmaClient = void 0;
 /**
  * Browser bundle entry point.
  * Exposes LemmaClient as globalThis.LemmaClient.LemmaClient
@@ -18,6 +18,8 @@ var client_js_1 = require("./client.js");
 Object.defineProperty(exports, "LemmaClient", { enumerable: true, get: function () { return client_js_1.LemmaClient; } });
 var auth_js_1 = require("./auth.js");
 Object.defineProperty(exports, "AuthManager", { enumerable: true, get: function () { return auth_js_1.AuthManager; } });
+Object.defineProperty(exports, "buildAuthUrl", { enumerable: true, get: function () { return auth_js_1.buildAuthUrl; } });
+Object.defineProperty(exports, "resolveSafeRedirectUri", { enumerable: true, get: function () { return auth_js_1.resolveSafeRedirectUri; } });
 var http_js_1 = require("./http.js");
 Object.defineProperty(exports, "ApiError", { enumerable: true, get: function () { return http_js_1.ApiError; } });
 
@@ -50,11 +52,11 @@ const tasks_js_1 = require("./namespaces/tasks.js");
 const users_js_1 = require("./namespaces/users.js");
 const workflows_js_1 = require("./namespaces/workflows.js");
 class LemmaClient {
-    constructor(overrides = {}) {
+    constructor(overrides = {}, internalOptions = {}) {
         this._config = (0, config_js_1.resolveConfig)(overrides);
         this._currentPodId = this._config.podId;
         this._podId = this._config.podId;
-        this.auth = new auth_js_1.AuthManager(this._config.apiUrl, this._config.authUrl);
+        this.auth = internalOptions.authManager ?? new auth_js_1.AuthManager(this._config.apiUrl, this._config.authUrl);
         this._http = new http_js_1.HttpClient(this._config.apiUrl, this.auth);
         this._generated = new generated_js_1.GeneratedClientAdapter(this._config.apiUrl, this.auth);
         const podIdFn = () => {
@@ -89,7 +91,7 @@ class LemmaClient {
     }
     /** Return a new client scoped to a specific pod, sharing auth state. */
     withPod(podId) {
-        return new LemmaClient({ ...this._config, podId });
+        return new LemmaClient({ ...this._config, podId }, { authManager: this.auth });
     }
     get podId() {
         return this._currentPodId;
@@ -192,7 +194,11 @@ function resolveConfig(overrides = {}) {
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthManager = void 0;
+exports.buildAuthUrl = buildAuthUrl;
+exports.resolveSafeRedirectUri = resolveSafeRedirectUri;
+const session_1 = require("supertokens-web-js/recipe/session");
 const supertokens_js_1 = require("./supertokens.js");
+const DEFAULT_BLOCKED_REDIRECT_PATHS = ["/login", "/signup", "/auth"];
 const LOCALSTORAGE_TOKEN_KEY = "lemma_token";
 const QUERY_PARAM_TOKEN_KEY = "lemma_token";
 function detectInjectedToken() {
@@ -227,6 +233,79 @@ function detectInjectedToken() {
     catch { /* ignore */ }
     return null;
 }
+function normalizePath(path) {
+    const trimmed = path.trim();
+    if (!trimmed)
+        return "/";
+    if (trimmed === "/")
+        return "/";
+    const withLeadingSlash = trimmed.startsWith("/") ? trimmed : `/${trimmed}`;
+    return withLeadingSlash.endsWith("/") ? withLeadingSlash.slice(0, -1) : withLeadingSlash;
+}
+function resolveAuthPath(basePath, path) {
+    const normalizedBase = normalizePath(basePath);
+    if (!path || !path.trim()) {
+        return normalizedBase;
+    }
+    const segment = path.trim().replace(/^\/+/, "");
+    if (!segment) {
+        return normalizedBase;
+    }
+    return `${normalizedBase}/${segment}`.replace(/\/{2,}/g, "/");
+}
+function isBlockedLocalPath(pathname, blockedPaths) {
+    const normalizedPathname = normalizePath(pathname);
+    return blockedPaths.some((rawBlockedPath) => {
+        const blockedPath = normalizePath(rawBlockedPath);
+        return normalizedPathname === blockedPath || normalizedPathname.startsWith(`${blockedPath}/`);
+    });
+}
+function normalizeOrigin(rawOrigin) {
+    const parsed = new URL(rawOrigin);
+    return parsed.origin;
+}
+function buildAuthUrl(authUrl, options = {}) {
+    const url = new URL(authUrl);
+    url.pathname = resolveAuthPath(url.pathname, options.path);
+    for (const [key, value] of Object.entries(options.params ?? {})) {
+        if (value === null || value === undefined)
+            continue;
+        if (Array.isArray(value)) {
+            url.searchParams.delete(key);
+            for (const item of value) {
+                url.searchParams.append(key, String(item));
+            }
+            continue;
+        }
+        url.searchParams.set(key, String(value));
+    }
+    if (options.mode === "signup") {
+        url.searchParams.set("show", "signup");
+    }
+    if (options.redirectUri && options.redirectUri.trim()) {
+        url.searchParams.set("redirect_uri", options.redirectUri);
+    }
+    return url.toString();
+}
+function resolveSafeRedirectUri(rawValue, options) {
+    const siteOrigin = normalizeOrigin(options.siteOrigin);
+    const blockedPaths = options.blockedPaths ?? DEFAULT_BLOCKED_REDIRECT_PATHS;
+    const fallbackTarget = options.fallback ?? "/";
+    const fallback = new URL(fallbackTarget, siteOrigin).toString();
+    if (!rawValue || !rawValue.trim()) {
+        return fallback;
+    }
+    try {
+        const parsed = new URL(rawValue, siteOrigin);
+        if (parsed.origin === siteOrigin && isBlockedLocalPath(parsed.pathname, blockedPaths)) {
+            return fallback;
+        }
+        return parsed.toString();
+    }
+    catch {
+        return fallback;
+    }
+}
 class AuthManager {
     constructor(apiUrl, authUrl) {
         this.state = { status: "loading", user: null };
@@ -266,6 +345,109 @@ class AuthManager {
         this.state = state;
         this.notify();
     }
+    assertBrowserContext() {
+        if (typeof window === "undefined") {
+            throw new Error("This auth method is only available in browser environments.");
+        }
+    }
+    getCookie(name) {
+        if (typeof document === "undefined")
+            return undefined;
+        const escaped = name.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+        const match = document.cookie.match(new RegExp(`(?:^|; )${escaped}=([^;]*)`));
+        return match ? decodeURIComponent(match[1]) : undefined;
+    }
+    clearInjectedToken() {
+        this.injectedToken = null;
+        if (typeof window === "undefined")
+            return;
+        try {
+            sessionStorage.removeItem(LOCALSTORAGE_TOKEN_KEY);
+        }
+        catch {
+            // ignore storage errors
+        }
+        try {
+            localStorage.removeItem(LOCALSTORAGE_TOKEN_KEY);
+        }
+        catch {
+            // ignore storage errors
+        }
+    }
+    async rawSignOutViaBackend() {
+        const antiCsrf = this.getCookie("sAntiCsrf");
+        const headers = {
+            Accept: "application/json",
+            "Content-Type": "application/json",
+            rid: "anti-csrf",
+            "fdi-version": "4.2",
+            "st-auth-mode": "cookie",
+        };
+        if (antiCsrf) {
+            headers["anti-csrf"] = antiCsrf;
+        }
+        const separator = this.apiUrl.includes("?") ? "&" : "?";
+        const signOutUrl = `${this.apiUrl.replace(/\/$/, "")}/st/auth/signout${separator}superTokensDoNotDoInterception=true`;
+        await fetch(signOutUrl, {
+            method: "POST",
+            credentials: "include",
+            headers,
+        });
+    }
+    /**
+     * Check whether a cookie-backed session is active without mutating auth state.
+     */
+    async isAuthenticatedViaCookie() {
+        if (this.injectedToken) {
+            return this.isAuthenticated();
+        }
+        try {
+            const response = await fetch(`${this.apiUrl}/users/me`, {
+                method: "GET",
+                credentials: "include",
+                headers: { Accept: "application/json" },
+            });
+            return response.status !== 401;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Return a browser access token from the session layer.
+     * Throws if no token is available.
+     */
+    async getAccessToken() {
+        if (this.injectedToken) {
+            return this.injectedToken;
+        }
+        this.assertBrowserContext();
+        (0, supertokens_js_1.ensureCookieSessionSupport)(this.apiUrl, () => this.markUnauthenticated());
+        const token = await session_1.default.getAccessToken();
+        if (!token) {
+            throw new Error("Token unavailable");
+        }
+        return token;
+    }
+    /**
+     * Force a refresh-token flow and return the new access token.
+     */
+    async refreshAccessToken() {
+        if (this.injectedToken) {
+            return this.injectedToken;
+        }
+        this.assertBrowserContext();
+        (0, supertokens_js_1.ensureCookieSessionSupport)(this.apiUrl, () => this.markUnauthenticated());
+        const refreshed = await session_1.default.attemptRefreshingSession();
+        if (!refreshed) {
+            throw new Error("Session refresh failed");
+        }
+        const token = await session_1.default.getAccessToken();
+        if (!token) {
+            throw new Error("Token unavailable");
+        }
+        return token;
+    }
     /**
      * Build request headers for an API call.
      * Uses Bearer token if one was injected, otherwise omits Authorization
@@ -324,17 +506,55 @@ class AuthManager {
     markUnauthenticated() {
         this.setState({ status: "unauthenticated", user: null });
     }
+    /**
+     * Sign out the current user session.
+     * Returns true when the session is no longer active.
+     */
+    async signOut() {
+        if (this.injectedToken) {
+            this.clearInjectedToken();
+            this.markUnauthenticated();
+            return true;
+        }
+        this.assertBrowserContext();
+        (0, supertokens_js_1.ensureCookieSessionSupport)(this.apiUrl, () => this.markUnauthenticated());
+        try {
+            await session_1.default.signOut();
+        }
+        catch {
+            // continue with raw fallback
+        }
+        if (await this.isAuthenticatedViaCookie()) {
+            try {
+                await this.rawSignOutViaBackend();
+            }
+            catch {
+                // best effort fallback only
+            }
+        }
+        const isAuthenticated = await this.isAuthenticatedViaCookie();
+        if (!isAuthenticated) {
+            this.markUnauthenticated();
+        }
+        return !isAuthenticated;
+    }
+    /**
+     * Build auth URL for login/signup/custom auth sub-path.
+     */
+    getAuthUrl(options = {}) {
+        return buildAuthUrl(this.authUrl, options);
+    }
     /**
      * Redirect to the auth service, passing the current URL as redirect_uri.
      * After the user authenticates, the auth service should redirect back to
      * the original URL and set the session cookie.
      */
-    redirectToAuth() {
+    redirectToAuth(options = {}) {
         if (typeof window === "undefined") {
             return;
         }
-        const redirectUri = encodeURIComponent(window.location.href);
-        window.location.href = `${this.authUrl}?redirect_uri=${redirectUri}`;
+        const redirectUri = options.redirectUri ?? window.location.href;
+        window.location.href = this.getAuthUrl({ ...options, redirectUri });
     }
 }
 exports.AuthManager = AuthManager;
@@ -1241,8 +1461,7 @@ class AssistantsNamespace {
         return this.http.request("GET", `/pods/${this.podId()}/assistants`, {
             params: {
                 limit: options.limit ?? 100,
-                page_token: options.pageToken ?? options.cursor,
-                cursor: options.cursor,
+                page_token: options.page_token,
             },
         });
     }
@@ -1269,16 +1488,14 @@ class ConversationsNamespace {
         this.messages = {
             list: (conversationId, options = {}) => this.http.request("GET", `/conversations/${conversationId}/messages`, {
                 params: {
-                    pod_id: this.resolvePodId(options.podId),
+                    pod_id: this.resolvePodId(options.pod_id),
                     limit: options.limit ?? 20,
-                    page_token: options.pageToken ?? options.cursor,
-                    cursor: options.cursor,
-                    order: options.order,
+                    page_token: options.page_token,
                 },
             }),
             send: (conversationId, payload, options = {}) => this.http.request("POST", `/conversations/${conversationId}/messages`, {
                 params: {
-                    pod_id: this.resolvePodId(options.podId),
+                    pod_id: this.resolvePodId(options.pod_id),
                 },
                 body: payload,
             }),
@@ -1305,58 +1522,55 @@ class ConversationsNamespace {
     list(options = {}) {
         return this.http.request("GET", "/conversations", {
             params: {
-                assistant_id: options.assistantName ?? options.assistantId,
-                pod_id: this.resolvePodId(options.podId),
-                organization_id: options.organizationId,
+                assistant_id: options.assistant_id,
+                pod_id: this.resolvePodId(options.pod_id),
+                organization_id: options.organization_id,
                 limit: options.limit ?? 20,
-                page_token: options.pageToken ?? options.cursor,
-                cursor: options.cursor,
+                page_token: options.page_token,
             },
         });
     }
-    listByAssistant(assistantName, options = {}) {
-        return this.list({ ...options, assistantName });
+    listByAssistant(assistantId, options = {}) {
+        return this.list({ ...options, assistant_id: assistantId });
     }
     create(payload) {
         return this.http.request("POST", "/conversations", {
             body: {
                 ...payload,
-                assistant_id: payload.assistant_id ?? payload.assistant_name,
                 pod_id: this.resolvePodId(payload.pod_id),
             },
         });
     }
-    createForAssistant(assistantName, payload = {}) {
+    createForAssistant(assistantId, payload = {}) {
         return this.create({
             ...payload,
-            assistant_name: assistantName,
-            pod_id: payload.pod_id,
+            assistant_id: assistantId,
         });
     }
     get(conversationId, options = {}) {
         return this.http.request("GET", `/conversations/${conversationId}`, {
             params: {
-                pod_id: this.resolvePodId(options.podId),
+                pod_id: this.resolvePodId(options.pod_id),
             },
         });
     }
     update(conversationId, payload, options = {}) {
         return this.http.request("PATCH", `/conversations/${conversationId}`, {
             params: {
-                pod_id: this.resolvePodId(options.podId),
+                pod_id: this.resolvePodId(options.pod_id),
             },
             body: payload,
         });
     }
     delete(conversationId, options = {}) {
-        const scopedPodId = this.requirePodId(options.podId);
+        const scopedPodId = this.requirePodId(options.pod_id);
         return this.http.request("DELETE", `/pods/${scopedPodId}/conversations/${conversationId}`);
     }
     sendMessageStream(conversationId, payload, options = {}) {
         return this.http.stream(`/conversations/${conversationId}/messages`, {
             method: "POST",
             params: {
-                pod_id: this.resolvePodId(options.podId),
+                pod_id: this.resolvePodId(options.pod_id),
             },
             body: payload,
             signal: options.signal,
@@ -1369,7 +1583,7 @@ class ConversationsNamespace {
     resumeStream(conversationId, options = {}) {
         return this.http.stream(`/conversations/${conversationId}/stream`, {
             params: {
-                pod_id: this.resolvePodId(options.podId),
+                pod_id: this.resolvePodId(options.pod_id),
             },
             signal: options.signal,
             headers: {
@@ -1380,7 +1594,7 @@ class ConversationsNamespace {
     stopRun(conversationId, options = {}) {
         return this.http.request("PATCH", `/conversations/${conversationId}/stop`, {
             params: {
-                pod_id: this.resolvePodId(options.podId),
+                pod_id: this.resolvePodId(options.pod_id),
             },
             body: {},
         });
@@ -3973,14 +4187,15 @@ class ResourcesNamespace {
         return this.http.request("GET", `/files/${resourceType}/${resourceId}/list`, {
             params: {
                 path: options.path,
+                limit: options.limit ?? 100,
+                page_token: options.page_token,
             },
         });
     }
     upload(resourceType, resourceId, file, options = {}) {
         const formData = new FormData();
-        const fieldName = options.fieldName ?? "file";
         const name = options.name ?? (file instanceof File ? file.name : "upload.bin");
-        formData.append(fieldName, file, name);
+        formData.append("file", file, name);
         return this.http.request("POST", `/files/${resourceType}/${resourceId}/upload`, {
             params: {
                 path: options.path,
@@ -4242,12 +4457,10 @@ class TasksNamespace {
             list: (taskId, options = {}) => this.http.request("GET", `/pods/${this.podId()}/tasks/${taskId}/messages`, {
                 params: {
                     limit: options.limit ?? 100,
-                    page_token: options.pageToken ?? options.cursor,
-                    cursor: options.cursor,
+                    page_token: options.page_token,
                 },
             }),
-            add: (taskId, content) => {
-                const payload = { content };
+            add: (taskId, payload) => {
                 return this.http.request("POST", `/pods/${this.podId()}/tasks/${taskId}/messages`, {
                     body: payload,
                 });
@@ -4257,25 +4470,15 @@ class TasksNamespace {
     list(options = {}) {
         return this.http.request("GET", `/pods/${this.podId()}/tasks`, {
             params: {
-                agent_name: options.agentName,
-                agent_id: options.agentId,
+                agent_name: options.agent_name,
                 limit: options.limit ?? 100,
-                page_token: options.pageToken ?? options.cursor,
-                cursor: options.cursor,
+                page_token: options.page_token,
             },
         });
     }
-    create(options) {
-        if (!options.agentId && !options.agentName) {
-            throw new Error("Either agentId or agentName is required.");
-        }
+    create(payload) {
         return this.http.request("POST", `/pods/${this.podId()}/tasks`, {
-            body: {
-                agent_id: options.agentId,
-                agent_name: options.agentName ?? options.agentId,
-                input_data: options.input,
-                runtime_account_ids: options.runtimeAccountIds,
-            },
+            body: payload,
         });
     }
     get(taskId) {

package/dist/browser.d.ts

@@ -9,5 +9,5 @@
  *   </script>
  */
 export { LemmaClient } from "./client.js";
-export { AuthManager } from "./auth.js";
+export { AuthManager, buildAuthUrl, resolveSafeRedirectUri } from "./auth.js";
 export { ApiError } from "./http.js";

package/dist/browser.js

@@ -9,5 +9,5 @@
  *   </script>
  */
 export { LemmaClient } from "./client.js";
-export { AuthManager } from "./auth.js";
+export { AuthManager, buildAuthUrl, resolveSafeRedirectUri } from "./auth.js";
 export { ApiError } from "./http.js";

package/dist/client.d.ts

@@ -21,6 +21,9 @@ import { WorkflowsNamespace } from "./namespaces/workflows.js";
 export type { LemmaConfig };
 export { AuthManager };
 export type { AuthState, AuthListener };
+interface LemmaClientInternalOptions {
+    authManager?: AuthManager;
+}
 export declare class LemmaClient {
     private readonly _config;
     private readonly _podId;
@@ -48,7 +51,7 @@ export declare class LemmaClient {
     readonly podMembers: PodMembersNamespace;
     readonly organizations: OrganizationsNamespace;
     readonly podSurfaces: PodSurfacesNamespace;
-    constructor(overrides?: Partial<LemmaConfig>);
+    constructor(overrides?: Partial<LemmaConfig>, internalOptions?: LemmaClientInternalOptions);
     /** Change the active pod ID for subsequent calls. */
     setPodId(podId: string): void;
     /** Return a new client scoped to a specific pod, sharing auth state. */

package/dist/client.js

@@ -49,11 +49,11 @@ export class LemmaClient {
     podMembers;
     organizations;
     podSurfaces;
-    constructor(overrides = {}) {
+    constructor(overrides = {}, internalOptions = {}) {
         this._config = resolveConfig(overrides);
         this._currentPodId = this._config.podId;
         this._podId = this._config.podId;
-        this.auth = new AuthManager(this._config.apiUrl, this._config.authUrl);
+        this.auth = internalOptions.authManager ?? new AuthManager(this._config.apiUrl, this._config.authUrl);
         this._http = new HttpClient(this._config.apiUrl, this.auth);
         this._generated = new GeneratedClientAdapter(this._config.apiUrl, this.auth);
         const podIdFn = () => {
@@ -88,7 +88,7 @@ export class LemmaClient {
     }
     /** Return a new client scoped to a specific pod, sharing auth state. */
     withPod(podId) {
-        return new LemmaClient({ ...this._config, podId });
+        return new LemmaClient({ ...this._config, podId }, { authManager: this.auth });
     }
     get podId() {
         return this._currentPodId;

package/dist/index.d.ts

@@ -1,12 +1,11 @@
 export { LemmaClient } from "./client.js";
 export type { LemmaConfig } from "./client.js";
-export { AuthManager } from "./auth.js";
-export type { AuthState, AuthListener, AuthStatus, UserInfo } from "./auth.js";
+export { AuthManager, buildAuthUrl, resolveSafeRedirectUri } from "./auth.js";
+export type { AuthState, AuthListener, AuthStatus, UserInfo, AuthRedirectMode, BuildAuthUrlOptions, ResolveSafeRedirectUriOptions, } from "./auth.js";
 export { ApiError } from "./http.js";
-export type { Agent, Assistant, Conversation, ConversationMessage, ConversationModel, CreateAgentInput, CreateAssistantInput, CreateTaskOptions, CursorPage, ListRecordsOptions, Organization, OrganizationInvitation, OrganizationMember, Pod, PodConfig, PodMember, RecordFilter, RecordSort, RunFunctionOptions, StreamOptions, Task, TaskMessage, UpdateAgentInput, UpdateAssistantInput, UploadedIcon, User, WorkflowRunInputs, } from "./types.js";
+export * from "./types.js";
 export { readSSE, parseSSEJson } from "./streams.js";
 export type { SseRawEvent } from "./streams.js";
-export * from "./openapi_client/index.js";
 export type { AgentsNamespace } from "./namespaces/agents.js";
 export type { AssistantsNamespace, ConversationsNamespace } from "./namespaces/assistants.js";
 export type { DatastoresNamespace } from "./namespaces/datastores.js";

package/dist/index.js

@@ -1,5 +1,5 @@
 export { LemmaClient } from "./client.js";
-export { AuthManager } from "./auth.js";
+export { AuthManager, buildAuthUrl, resolveSafeRedirectUri } from "./auth.js";
 export { ApiError } from "./http.js";
+export * from "./types.js";
 export { readSSE, parseSSEJson } from "./streams.js";
-export * from "./openapi_client/index.js";

package/dist/namespaces/agents.d.ts

@@ -8,9 +8,9 @@ export declare class AgentsNamespace {
     list(options?: {
         limit?: number;
         pageToken?: string;
-    }): Promise<import("../index.js").AgentListResponse>;
-    create(payload: CreateAgentRequest): Promise<import("../index.js").AgentResponse>;
-    get(agentName: string): Promise<import("../index.js").AgentResponse>;
-    update(agentName: string, payload: UpdateAgentRequest): Promise<import("../index.js").AgentResponse>;
-    delete(agentName: string): Promise<import("../index.js").AgentMessageResponse>;
+    }): Promise<import("../types.js").AgentListResponse>;
+    create(payload: CreateAgentRequest): Promise<import("../types.js").AgentResponse>;
+    get(agentName: string): Promise<import("../types.js").AgentResponse>;
+    update(agentName: string, payload: UpdateAgentRequest): Promise<import("../types.js").AgentResponse>;
+    delete(agentName: string): Promise<import("../types.js").AgentMessageResponse>;
 }