quantum-ai-sdk 0.5.0 → 0.6.0

package/dist/chat.js

@@ -92,12 +92,33 @@ export async function* chatStream(client, req, signal) {
                         event.delta = raw.delta;
                         break;
                     case "tool_use":
+                        // Legacy atomic event — kept for back-compat with backends
+                        // that haven't yet shipped the triplet (v0.6+).
                         event.tool_use = {
                             id: String(raw.id ?? ""),
                             name: String(raw.name ?? ""),
                             input: raw.input ?? {},
                         };
                         break;
+                    case "tool_use_start":
+                        event.tool_use_start = {
+                            id: String(raw.id ?? ""),
+                            name: String(raw.name ?? ""),
+                        };
+                        break;
+                    case "tool_use_input_delta":
+                        event.tool_use_input_delta = {
+                            id: String(raw.id ?? ""),
+                            partial_json: String(raw.partial_json ?? ""),
+                        };
+                        break;
+                    case "tool_use_complete":
+                        event.tool_use_complete = {
+                            id: String(raw.id ?? ""),
+                            name: String(raw.name ?? ""),
+                            input: raw.input ?? {},
+                        };
+                        break;
                     case "usage":
                         event.usage = {
                             input_tokens: raw.input_tokens ?? 0,

package/dist/index.d.ts

@@ -6,6 +6,9 @@ export type { RealtimeConfig, RealtimeEvent, RealtimeSession } from "./realtime.
 export { contact } from "./contact.js";
 export type { BillingRequest, BillingEntry, BillingResponse } from "./compute-billing.js";
 export type { ClientOptions, ResponseMeta, ChatRequest, ChatMessage, ChatTool, ContentBlock, ChatUsage, ChatResponse, StreamEvent, StreamDelta, StreamToolUse, SessionChatRequest, SessionChatResponse, SessionToolResult, ContextConfig, ContextMetadata, AgentRequest, AgentWorkerConfig, AgentEvent, MissionRequest, MissionWorkerConfig, MissionEvent, ImageRequest, ImageResponse, GeneratedImage, ImageEditRequest, ImageEditResponse, TTSRequest, TTSResponse, STTRequest, STTResponse, MusicRequest, MusicClip, MusicResponse, SoundEffectRequest, SoundEffectResponse, DialogueRequest, DialogueResponse, DialogueVoice, SpeechToSpeechRequest, SpeechToSpeechResponse, IsolateVoiceRequest, IsolateVoiceResponse, RemixVoiceRequest, RemixVoiceResponse, DubRequest, DubResponse, AlignRequest, AlignResponse, AlignedWord, VoiceDesignRequest, VoiceDesignResponse, VoicePreview, StarfishTTSRequest, StarfishTTSResponse, VideoRequest, VideoResponse, GeneratedVideo, VideoStudioRequest, VideoTranslateRequest, PhotoAvatarRequest, DigitalTwinRequest, AsyncJobResponse, AvatarsResponse, HeyGenAvatar, HeyGenTemplatesResponse, HeyGenTemplate, HeyGenVoicesResponse, HeyGenVoice, EmbedRequest, EmbedResponse, DocumentRequest, DocumentResponse, ChunkDocumentRequest, ChunkDocumentResponse, DocumentChunk, ProcessDocumentRequest, ProcessDocumentResponse, RAGSearchRequest, RAGSearchResponse, RAGResult, RAGCorpus, SurrealRAGSearchRequest, SurrealRAGSearchResponse, SurrealRAGResult, SurrealRAGProvidersResponse, SurrealRAGProviderInfo, ModelInfo, PricingInfo, BalanceResponse, UsageEntry, UsageResponse, UsageQuery, UsageSummaryMonth, UsageSummaryResponse, PricingEntry, AccountPricingResponse, JobCreateRequest, JobCreateResponse, JobStatusResponse, JobListResponse, JobStreamEvent, JobListItem, CreateKeyRequest, CreateKeyResponse, KeyDetails, ListKeysResponse, ComputeTemplate, TemplatesResponse, ProvisionRequest, ProvisionResponse, ComputeInstanceInfo, InstancesResponse, InstanceDetailInfo, InstanceResponse, SSHKeyRequest, DeleteResponse, VoiceInfo, VoicesResponse, CloneVoiceRequest, CloneVoiceResponse, ContactRequest, BatchJobInput, BatchSubmitRequest, BatchSubmitResponse, BatchJsonlResponse, BatchJobInfo, BatchJobsResponse, CreditPack, CreditPacksResponse, CreditPurchaseRequest, CreditPurchaseResponse, CreditBalanceResponse, CreditTier, CreditTiersResponse, DevProgramApplyRequest, DevProgramApplyResponse, AuthUser, AuthResponse, AuthAppleRequest, WebSearchRequest, WebSearchResponse, WebSearchResult, NewsResult, VideoSearchResult, LLMContextRequest, LLMContextResponse, ContentChunk, ContextSource, SearchAnswerRequest, SearchAnswerResponse, SearchAnswerChoice, SearchCitation, StatusResponse, Citation, CollectionsListResponse, CollectionDocumentsResponse, CollectionSearchResponse, CreateCollectionRequest, DeleteCollectionResponse, ModelsResponse, RagCorporaResponse, Infobox, Discussion, TextToSpeechRequest, TextToSpeechResponse, SpeechToTextRequest, SpeechToTextResponse, ContactResponse, ContextChunk, ContextOptions, HeyGenAvatarsResponse, JobAcceptedResponse, JobListEntry, PostProcess, RealtimeSessionResponse, SearchMessage, SearchOptions, ScrapeTarget, ScrapeRequest, ScrapeResponse, ScreenshotURL, ScreenshotRequest, ScreenshotResult, ScreenshotResponse, } from "./types.js";
+export type { VisionRequest, VisionContext, VisionResponse, DetectedObject, QualityAssessment, RelevanceCheck, OcrResult, TextOverlay, } from "./vision.js";
+export type { MissionCreateRequest, MissionChatRequest, MissionPlanUpdate, MissionConfirmStructure, MissionApproveRequest, MissionImportRequest, MissionCreateResponse, MissionDetail, MissionTask, MissionListResponse, MissionChatResponse, MissionChatUsage, MissionCheckpoint, MissionCheckpointsResponse, MissionStatusResponse, } from "./missions.js";
+export type { SecurityScanUrlRequest, SecurityScanHtmlRequest, SecurityReportRequest, SecurityScanResponse, SecurityAssessment, SecurityFinding, SecurityCheckResponse, SecurityBlocklistResponse, SecurityBlocklistEntry, SecurityReportResponse, } from "./security.js";
 export { DEFAULT_BASE_URL, TICKS_PER_USD } from "./types.js";
 import type { ChatMessage } from "./types.js";
 /** Create a user message. */

package/dist/missions.d.ts

@@ -0,0 +1,280 @@
+import type { QuantumClient } from "./client.js";
+/** Worker configuration within a mission. */
+export interface MissionWorkerConfig {
+    /** Model to use for this worker. */
+    model: string;
+    /** Cost tier: "cheap", "mid", "expensive". */
+    tier: string;
+    /** Worker description / capabilities. */
+    description?: string;
+}
+/** Request body for creating a mission. */
+export interface MissionCreateRequest {
+    /** High-level task description. */
+    goal: string;
+    /** Strategy: "wave" (default), "dag", "mapreduce", "refinement", "branch". */
+    strategy?: string;
+    /** Conductor model (default: claude-sonnet-4-6). */
+    conductorModel?: string;
+    /** Worker team configuration (keyed by worker name). */
+    workers?: Record<string, MissionWorkerConfig>;
+    /** Maximum orchestration steps (default: 25). */
+    maxSteps?: number;
+    /** Custom system prompt for the conductor. */
+    systemPrompt?: string;
+    /** Existing session ID for context continuity. */
+    sessionId?: string;
+}
+/** Request body for chatting with a mission's architect. */
+export interface MissionChatRequest {
+    /** Message to send to the architect. */
+    message: string;
+    /** Enable streaming (not yet supported). */
+    stream?: boolean;
+}
+/** Request body for updating a mission plan. */
+export interface MissionPlanUpdate {
+    /** Updated task list. */
+    tasks?: Record<string, unknown>[];
+    /** Updated worker configuration. */
+    workers?: Record<string, MissionWorkerConfig>;
+    /** Additional system prompt. */
+    systemPrompt?: string;
+    /** Updated max steps. */
+    maxSteps?: number;
+    /** Additional context to inject. */
+    context?: string;
+}
+/** Request body for confirming/rejecting a mission structure. */
+export interface MissionConfirmStructure {
+    /** Whether the structure is approved. */
+    confirmed: boolean;
+    /** Rejection reason or modification notes. */
+    feedback?: string;
+}
+/** Request body for approving a completed mission. */
+export interface MissionApproveRequest {
+    /** Git commit SHA associated with the mission output. */
+    commitSha?: string;
+    /** Approval comment. */
+    comment?: string;
+}
+/** Request body for importing a plan as a new mission. */
+export interface MissionImportRequest {
+    /** Mission goal. */
+    goal: string;
+    /** Strategy. */
+    strategy?: string;
+    /** Conductor model. */
+    conductorModel?: string;
+    /** Worker configuration. */
+    workers?: Record<string, MissionWorkerConfig>;
+    /** Pre-defined tasks. */
+    tasks: Record<string, unknown>[];
+    /** System prompt. */
+    systemPrompt?: string;
+    /** Maximum steps. */
+    maxSteps?: number;
+    /** Auto-execute after import. */
+    autoExecute?: boolean;
+}
+/** Response from mission creation. */
+export interface MissionCreateResponse {
+    /** Mission identifier. */
+    missionId: string;
+    /** Initial status. */
+    status: string;
+    /** Session ID for conversation context. */
+    sessionId?: string;
+    /** Conductor model used. */
+    conductorModel?: string;
+    /** Strategy used. */
+    strategy?: string;
+    /** Worker configuration. */
+    workers?: Record<string, MissionWorkerConfig>;
+    /** Creation timestamp. */
+    createdAt?: string;
+    /** Request identifier. */
+    requestId?: string;
+}
+/** A task within a mission. */
+export interface MissionTask {
+    /** Task identifier. */
+    id?: string;
+    /** Task name. */
+    name?: string;
+    /** Task description. */
+    description?: string;
+    /** Assigned worker name. */
+    worker?: string;
+    /** Model used. */
+    model?: string;
+    /** Task status. */
+    status?: string;
+    /** Task result. */
+    result?: string;
+    /** Error message if failed. */
+    error?: string;
+    /** Step number. */
+    step: number;
+    /** Input tokens used. */
+    tokensIn: number;
+    /** Output tokens used. */
+    tokensOut: number;
+}
+/** Mission detail (from GET /missions/{id}). */
+export interface MissionDetail {
+    /** Mission identifier. */
+    id?: string;
+    /** User who created the mission. */
+    userId?: string;
+    /** Mission goal. */
+    goal?: string;
+    /** Strategy. */
+    strategy?: string;
+    /** Conductor model. */
+    conductorModel?: string;
+    /** Current status. */
+    status?: string;
+    /** Creation timestamp. */
+    createdAt?: string;
+    /** Start timestamp. */
+    startedAt?: string;
+    /** Completion timestamp. */
+    completedAt?: string;
+    /** Error message if failed. */
+    error?: string;
+    /** Total cost in ticks. */
+    costTicks: number;
+    /** Number of steps executed. */
+    totalSteps: number;
+    /** Session ID. */
+    sessionId?: string;
+    /** Final result text. */
+    result?: string;
+    /** Tasks within the mission. */
+    tasks: MissionTask[];
+    /** Whether the mission was approved. */
+    approved: boolean;
+    /** Commit SHA (if approved). */
+    commitSha?: string;
+}
+/** Response from listing missions. */
+export interface MissionListResponse {
+    /** List of missions. */
+    missions: MissionDetail[];
+}
+/** Token usage for a mission chat response. */
+export interface MissionChatUsage {
+    inputTokens: number;
+    outputTokens: number;
+}
+/** Response from chatting with the architect. */
+export interface MissionChatResponse {
+    /** Mission identifier. */
+    missionId?: string;
+    /** Architect's response content. */
+    content?: string;
+    /** Model used. */
+    model?: string;
+    /** Cost in ticks. */
+    costTicks: number;
+    /** Token usage. */
+    usage?: MissionChatUsage;
+}
+/** A git checkpoint within a mission. */
+export interface MissionCheckpoint {
+    /** Checkpoint identifier. */
+    id?: string;
+    /** Commit SHA. */
+    commitSha?: string;
+    /** Checkpoint message. */
+    message?: string;
+    /** Creation timestamp. */
+    createdAt?: string;
+}
+/** Response from listing checkpoints. */
+export interface MissionCheckpointsResponse {
+    missionId?: string;
+    checkpoints: MissionCheckpoint[];
+}
+/** Generic status response for mission operations. */
+export interface MissionStatusResponse {
+    missionId?: string;
+    status?: string;
+    confirmed?: boolean;
+    approved?: boolean;
+    deleted?: boolean;
+    updated?: boolean;
+    commitSha?: string;
+}
+/**
+ * Create and execute a mission asynchronously.
+ * @internal
+ */
+export declare function missionCreate(client: QuantumClient, req: MissionCreateRequest): Promise<MissionCreateResponse>;
+/**
+ * List missions for the authenticated user.
+ * @internal
+ */
+export declare function missionList(client: QuantumClient, status?: string): Promise<MissionListResponse>;
+/**
+ * Get mission details including tasks.
+ * @internal
+ */
+export declare function missionGet(client: QuantumClient, missionId: string): Promise<MissionDetail>;
+/**
+ * Delete a mission.
+ * @internal
+ */
+export declare function missionDelete(client: QuantumClient, missionId: string): Promise<MissionStatusResponse>;
+/**
+ * Cancel a running mission.
+ * @internal
+ */
+export declare function missionCancel(client: QuantumClient, missionId: string): Promise<MissionStatusResponse>;
+/**
+ * Pause a running mission.
+ * @internal
+ */
+export declare function missionPause(client: QuantumClient, missionId: string): Promise<MissionStatusResponse>;
+/**
+ * Resume a paused mission.
+ * @internal
+ */
+export declare function missionResume(client: QuantumClient, missionId: string): Promise<MissionStatusResponse>;
+/**
+ * Chat with the mission's architect.
+ * @internal
+ */
+export declare function missionChat(client: QuantumClient, missionId: string, req: MissionChatRequest): Promise<MissionChatResponse>;
+/**
+ * Retry a failed task.
+ * @internal
+ */
+export declare function missionRetryTask(client: QuantumClient, missionId: string, taskId: string): Promise<MissionStatusResponse>;
+/**
+ * Approve a completed mission.
+ * @internal
+ */
+export declare function missionApprove(client: QuantumClient, missionId: string, req: MissionApproveRequest): Promise<MissionStatusResponse>;
+/**
+ * Update the mission plan.
+ * @internal
+ */
+export declare function missionUpdatePlan(client: QuantumClient, missionId: string, req: MissionPlanUpdate): Promise<MissionStatusResponse>;
+/**
+ * Confirm or reject the proposed execution structure.
+ * @internal
+ */
+export declare function missionConfirmStructure(client: QuantumClient, missionId: string, req: MissionConfirmStructure): Promise<MissionStatusResponse>;
+/**
+ * List git checkpoints for a mission.
+ * @internal
+ */
+export declare function missionCheckpoints(client: QuantumClient, missionId: string): Promise<MissionCheckpointsResponse>;
+/**
+ * Import an existing plan as a new mission.
+ * @internal
+ */
+export declare function missionImport(client: QuantumClient, req: MissionImportRequest): Promise<MissionCreateResponse>;

package/dist/missions.js

@@ -0,0 +1,278 @@
+// ── Wire format helpers ──────────────────────────────────────────
+/** @internal */
+function createReqToWire(req) {
+    const out = { goal: req.goal };
+    if (req.strategy !== undefined)
+        out.strategy = req.strategy;
+    if (req.conductorModel !== undefined)
+        out.conductor_model = req.conductorModel;
+    if (req.workers !== undefined)
+        out.workers = req.workers;
+    if (req.maxSteps !== undefined)
+        out.max_steps = req.maxSteps;
+    if (req.systemPrompt !== undefined)
+        out.system_prompt = req.systemPrompt;
+    if (req.sessionId !== undefined)
+        out.session_id = req.sessionId;
+    return out;
+}
+/** @internal */
+function chatReqToWire(req) {
+    const out = { message: req.message };
+    if (req.stream !== undefined)
+        out.stream = req.stream;
+    return out;
+}
+/** @internal */
+function planUpdateToWire(req) {
+    const out = {};
+    if (req.tasks !== undefined)
+        out.tasks = req.tasks;
+    if (req.workers !== undefined)
+        out.workers = req.workers;
+    if (req.systemPrompt !== undefined)
+        out.system_prompt = req.systemPrompt;
+    if (req.maxSteps !== undefined)
+        out.max_steps = req.maxSteps;
+    if (req.context !== undefined)
+        out.context = req.context;
+    return out;
+}
+/** @internal */
+function approveReqToWire(req) {
+    const out = {};
+    if (req.commitSha !== undefined)
+        out.commit_sha = req.commitSha;
+    if (req.comment !== undefined)
+        out.comment = req.comment;
+    return out;
+}
+/** @internal */
+function importReqToWire(req) {
+    const out = { goal: req.goal, tasks: req.tasks };
+    if (req.strategy !== undefined)
+        out.strategy = req.strategy;
+    if (req.conductorModel !== undefined)
+        out.conductor_model = req.conductorModel;
+    if (req.workers !== undefined)
+        out.workers = req.workers;
+    if (req.systemPrompt !== undefined)
+        out.system_prompt = req.systemPrompt;
+    if (req.maxSteps !== undefined)
+        out.max_steps = req.maxSteps;
+    if (req.autoExecute !== undefined)
+        out.auto_execute = req.autoExecute;
+    return out;
+}
+/** @internal */
+function taskFromWire(raw) {
+    return {
+        id: raw.id,
+        name: raw.name,
+        description: raw.description,
+        worker: raw.worker,
+        model: raw.model,
+        status: raw.status,
+        result: raw.result,
+        error: raw.error,
+        step: raw.step ?? 0,
+        tokensIn: raw.tokens_in ?? 0,
+        tokensOut: raw.tokens_out ?? 0,
+    };
+}
+/** @internal */
+function detailFromWire(raw) {
+    const tasks = (raw.tasks ?? []).map(taskFromWire);
+    return {
+        id: raw.id,
+        userId: raw.user_id,
+        goal: raw.goal,
+        strategy: raw.strategy,
+        conductorModel: raw.conductor_model,
+        status: raw.status,
+        createdAt: raw.created_at,
+        startedAt: raw.started_at,
+        completedAt: raw.completed_at,
+        error: raw.error,
+        costTicks: raw.cost_ticks ?? 0,
+        totalSteps: raw.total_steps ?? 0,
+        sessionId: raw.session_id,
+        result: raw.result,
+        tasks,
+        approved: raw.approved ?? false,
+        commitSha: raw.commit_sha,
+    };
+}
+/** @internal */
+function createRespFromWire(raw) {
+    return {
+        missionId: raw.mission_id ?? "",
+        status: raw.status ?? "",
+        sessionId: raw.session_id,
+        conductorModel: raw.conductor_model,
+        strategy: raw.strategy,
+        workers: raw.workers,
+        createdAt: raw.created_at,
+        requestId: raw.request_id,
+    };
+}
+/** @internal */
+function chatRespFromWire(raw) {
+    let usage;
+    if (raw.usage) {
+        const u = raw.usage;
+        usage = {
+            inputTokens: u.input_tokens ?? 0,
+            outputTokens: u.output_tokens ?? 0,
+        };
+    }
+    return {
+        missionId: raw.mission_id,
+        content: raw.content,
+        model: raw.model,
+        costTicks: raw.cost_ticks ?? 0,
+        usage,
+    };
+}
+/** @internal */
+function statusRespFromWire(raw) {
+    return {
+        missionId: raw.mission_id,
+        status: raw.status,
+        confirmed: raw.confirmed,
+        approved: raw.approved,
+        deleted: raw.deleted,
+        updated: raw.updated,
+        commitSha: raw.commit_sha,
+    };
+}
+/** @internal */
+function checkpointFromWire(raw) {
+    return {
+        id: raw.id,
+        commitSha: raw.commit_sha,
+        message: raw.message,
+        createdAt: raw.created_at,
+    };
+}
+// ── Client methods ───────────────────────────────────────────────
+/**
+ * Create and execute a mission asynchronously.
+ * @internal
+ */
+export async function missionCreate(client, req) {
+    const { data } = await client._doJSON("POST", "/qai/v1/missions/create", createReqToWire(req));
+    return createRespFromWire(data);
+}
+/**
+ * List missions for the authenticated user.
+ * @internal
+ */
+export async function missionList(client, status) {
+    const path = status
+        ? `/qai/v1/missions/list?status=${encodeURIComponent(status)}`
+        : "/qai/v1/missions/list";
+    const { data } = await client._doJSON("GET", path, undefined);
+    const missions = (data.missions ?? []).map(detailFromWire);
+    return { missions };
+}
+/**
+ * Get mission details including tasks.
+ * @internal
+ */
+export async function missionGet(client, missionId) {
+    const { data } = await client._doJSON("GET", `/qai/v1/missions/${encodeURIComponent(missionId)}`, undefined);
+    return detailFromWire(data);
+}
+/**
+ * Delete a mission.
+ * @internal
+ */
+export async function missionDelete(client, missionId) {
+    const { data } = await client._doJSON("DELETE", `/qai/v1/missions/${encodeURIComponent(missionId)}`, undefined);
+    return statusRespFromWire(data);
+}
+/**
+ * Cancel a running mission.
+ * @internal
+ */
+export async function missionCancel(client, missionId) {
+    const { data } = await client._doJSON("POST", `/qai/v1/missions/${encodeURIComponent(missionId)}/cancel`, undefined);
+    return statusRespFromWire(data);
+}
+/**
+ * Pause a running mission.
+ * @internal
+ */
+export async function missionPause(client, missionId) {
+    const { data } = await client._doJSON("POST", `/qai/v1/missions/${encodeURIComponent(missionId)}/pause`, undefined);
+    return statusRespFromWire(data);
+}
+/**
+ * Resume a paused mission.
+ * @internal
+ */
+export async function missionResume(client, missionId) {
+    const { data } = await client._doJSON("POST", `/qai/v1/missions/${encodeURIComponent(missionId)}/resume`, undefined);
+    return statusRespFromWire(data);
+}
+/**
+ * Chat with the mission's architect.
+ * @internal
+ */
+export async function missionChat(client, missionId, req) {
+    const { data } = await client._doJSON("POST", `/qai/v1/missions/${encodeURIComponent(missionId)}/chat`, chatReqToWire(req));
+    return chatRespFromWire(data);
+}
+/**
+ * Retry a failed task.
+ * @internal
+ */
+export async function missionRetryTask(client, missionId, taskId) {
+    const { data } = await client._doJSON("POST", `/qai/v1/missions/${encodeURIComponent(missionId)}/retry/${encodeURIComponent(taskId)}`, undefined);
+    return statusRespFromWire(data);
+}
+/**
+ * Approve a completed mission.
+ * @internal
+ */
+export async function missionApprove(client, missionId, req) {
+    const { data } = await client._doJSON("POST", `/qai/v1/missions/${encodeURIComponent(missionId)}/approve`, approveReqToWire(req));
+    return statusRespFromWire(data);
+}
+/**
+ * Update the mission plan.
+ * @internal
+ */
+export async function missionUpdatePlan(client, missionId, req) {
+    const { data } = await client._doJSON("PUT", `/qai/v1/missions/${encodeURIComponent(missionId)}/plan`, planUpdateToWire(req));
+    return statusRespFromWire(data);
+}
+/**
+ * Confirm or reject the proposed execution structure.
+ * @internal
+ */
+export async function missionConfirmStructure(client, missionId, req) {
+    const { data } = await client._doJSON("POST", `/qai/v1/missions/${encodeURIComponent(missionId)}/confirm-structure`, req);
+    return statusRespFromWire(data);
+}
+/**
+ * List git checkpoints for a mission.
+ * @internal
+ */
+export async function missionCheckpoints(client, missionId) {
+    const { data } = await client._doJSON("GET", `/qai/v1/missions/${encodeURIComponent(missionId)}/checkpoints`, undefined);
+    const checkpoints = (data.checkpoints ?? []).map(checkpointFromWire);
+    return {
+        missionId: data.mission_id,
+        checkpoints,
+    };
+}
+/**
+ * Import an existing plan as a new mission.
+ * @internal
+ */
+export async function missionImport(client, req) {
+    const { data } = await client._doJSON("POST", "/qai/v1/missions/import", importReqToWire(req));
+    return createRespFromWire(data);
+}

package/dist/security.d.ts

@@ -0,0 +1,158 @@
+import type { QuantumClient } from "./client.js";
+/** Request body for scanning a URL for prompt injection. */
+export interface SecurityScanUrlRequest {
+    /** URL to scan. */
+    url: string;
+}
+/** Request body for scanning raw HTML content. */
+export interface SecurityScanHtmlRequest {
+    /** Raw HTML to scan. */
+    html: string;
+    /** Rendered visible text (for structural analysis). */
+    visibleText?: string;
+    /** Source URL (for context). */
+    url?: string;
+}
+/** Request body for reporting a suspicious URL. */
+export interface SecurityReportRequest {
+    /** URL to report. */
+    url: string;
+    /** Description of the suspected threat. */
+    description?: string;
+    /** Category of the suspected threat. */
+    category?: string;
+}
+/** A single detected injection pattern. */
+export interface SecurityFinding {
+    /** Category: "instruction_override", "role_impersonation", "data_exfiltration", etc. */
+    category: string;
+    /** Pattern that matched. */
+    pattern: string;
+    /** Offending content (truncated). */
+    content: string;
+    /** Location in the page. */
+    location: string;
+    /** Threat level for this finding. */
+    threat: string;
+    /** Detection confidence (0.0 - 1.0). */
+    confidence: number;
+    /** Human-readable description. */
+    description: string;
+}
+/** Threat assessment for a scanned page. */
+export interface SecurityAssessment {
+    /** Source URL. */
+    url: string;
+    /** Overall threat level: "none", "low", "medium", "high", "critical". */
+    threatLevel: string;
+    /** Numeric threat score (0.0 - 100.0). */
+    threatScore: number;
+    /** Individual findings. */
+    findings: SecurityFinding[];
+    /** Length of hidden text content detected. */
+    hiddenTextLength: number;
+    /** Length of visible text content. */
+    visibleTextLength: number;
+    /** Ratio of hidden to total content. */
+    hiddenRatio: number;
+    /** Human-readable summary. */
+    summary: string;
+}
+/** Response from a security scan. */
+export interface SecurityScanResponse {
+    /** Full threat assessment. */
+    assessment: SecurityAssessment;
+    /** Request identifier. */
+    requestId: string;
+}
+/** Response from checking a URL against the registry. */
+export interface SecurityCheckResponse {
+    /** URL that was checked. */
+    url: string;
+    /** Whether the URL is blocked. */
+    blocked: boolean;
+    /** Threat level (if blocked). */
+    threatLevel?: string;
+    /** Threat score (if blocked). */
+    threatScore?: number;
+    /** Detection categories (if blocked). */
+    categories?: string[];
+    /** First seen timestamp. */
+    firstSeen?: string;
+    /** Last seen timestamp. */
+    lastSeen?: string;
+    /** Number of reports. */
+    reportCount?: number;
+    /** Registry status: "confirmed", "suspected". */
+    status?: string;
+    /** Human-readable message. */
+    message?: string;
+}
+/** A single blocklist entry. */
+export interface SecurityBlocklistEntry {
+    /** Entry identifier. */
+    id?: string;
+    /** Blocked URL. */
+    url: string;
+    /** Registry status. */
+    status: string;
+    /** Threat level. */
+    threatLevel: string;
+    /** Threat score. */
+    threatScore: number;
+    /** Detection categories. */
+    categories: string[];
+    /** Number of findings. */
+    findingsCount: number;
+    /** Hidden content ratio. */
+    hiddenRatio: number;
+    /** First seen timestamp. */
+    firstSeen?: string;
+    /** Summary. */
+    summary: string;
+}
+/** Response from the blocklist feed. */
+export interface SecurityBlocklistResponse {
+    /** Blocklist entries. */
+    entries: SecurityBlocklistEntry[];
+    /** Total count. */
+    count: number;
+    /** Filter status used. */
+    status: string;
+}
+/** Response from reporting a URL. */
+export interface SecurityReportResponse {
+    /** URL that was reported. */
+    url: string;
+    /** Report status: "existing" or "suspected". */
+    status: string;
+    /** Message. */
+    message: string;
+    /** Threat level (if already in registry). */
+    threatLevel?: string;
+}
+/**
+ * Scan a URL for prompt injection attacks.
+ * @internal
+ */
+export declare function securityScanUrl(client: QuantumClient, url: string): Promise<SecurityScanResponse>;
+/**
+ * Scan raw HTML content for prompt injection.
+ * @internal
+ */
+export declare function securityScanHtml(client: QuantumClient, req: SecurityScanHtmlRequest): Promise<SecurityScanResponse>;
+/**
+ * Check a URL against the injection registry.
+ * @internal
+ */
+export declare function securityCheck(client: QuantumClient, url: string): Promise<SecurityCheckResponse>;
+/**
+ * Get the injection blocklist feed.
+ * @internal
+ */
+export declare function securityBlocklist(client: QuantumClient, status?: string): Promise<SecurityBlocklistResponse>;
+/**
+ * Report a suspicious URL.
+ * @internal
+ */
+export declare function securityReport(client: QuantumClient, req: SecurityReportRequest): Promise<SecurityReportResponse>;

package/dist/security.js

@@ -0,0 +1,135 @@
+// ── Wire format helpers ──────────────────────────────────────────
+/** @internal */
+function scanHtmlToWire(req) {
+    const out = { html: req.html };
+    if (req.visibleText !== undefined)
+        out.visible_text = req.visibleText;
+    if (req.url !== undefined)
+        out.url = req.url;
+    return out;
+}
+/** @internal */
+function findingFromWire(raw) {
+    return {
+        category: raw.category ?? "",
+        pattern: raw.pattern ?? "",
+        content: raw.content ?? "",
+        location: raw.location ?? "",
+        threat: raw.threat ?? "",
+        confidence: raw.confidence ?? 0,
+        description: raw.description ?? "",
+    };
+}
+/** @internal */
+function assessmentFromWire(raw) {
+    const findings = (raw.findings ?? []).map(findingFromWire);
+    return {
+        url: raw.url ?? "",
+        threatLevel: raw.threat_level ?? "",
+        threatScore: raw.threat_score ?? 0,
+        findings,
+        hiddenTextLength: raw.hidden_text_length ?? 0,
+        visibleTextLength: raw.visible_text_length ?? 0,
+        hiddenRatio: raw.hidden_ratio ?? 0,
+        summary: raw.summary ?? "",
+    };
+}
+/** @internal */
+function scanRespFromWire(raw) {
+    return {
+        assessment: assessmentFromWire(raw.assessment ?? {}),
+        requestId: raw.request_id ?? "",
+    };
+}
+/** @internal */
+function checkRespFromWire(raw) {
+    return {
+        url: raw.url ?? "",
+        blocked: raw.blocked ?? false,
+        threatLevel: raw.threat_level,
+        threatScore: raw.threat_score,
+        categories: raw.categories,
+        firstSeen: raw.first_seen,
+        lastSeen: raw.last_seen,
+        reportCount: raw.report_count,
+        status: raw.status,
+        message: raw.message,
+    };
+}
+/** @internal */
+function blocklistEntryFromWire(raw) {
+    return {
+        id: raw.id,
+        url: raw.url ?? "",
+        status: raw.status ?? "",
+        threatLevel: raw.threat_level ?? "",
+        threatScore: raw.threat_score ?? 0,
+        categories: raw.categories ?? [],
+        findingsCount: raw.findings_count ?? 0,
+        hiddenRatio: raw.hidden_ratio ?? 0,
+        firstSeen: raw.first_seen,
+        summary: raw.summary ?? "",
+    };
+}
+/** @internal */
+function blocklistRespFromWire(raw) {
+    const entries = (raw.entries ?? []).map(blocklistEntryFromWire);
+    return {
+        entries,
+        count: raw.count ?? 0,
+        status: raw.status ?? "",
+    };
+}
+/** @internal */
+function reportRespFromWire(raw) {
+    return {
+        url: raw.url ?? "",
+        status: raw.status ?? "",
+        message: raw.message ?? "",
+        threatLevel: raw.threat_level,
+    };
+}
+// ── Client methods ───────────────────────────────────────────────
+/**
+ * Scan a URL for prompt injection attacks.
+ * @internal
+ */
+export async function securityScanUrl(client, url) {
+    const { data } = await client._doJSON("POST", "/qai/v1/security/scan-url", { url });
+    return scanRespFromWire(data);
+}
+/**
+ * Scan raw HTML content for prompt injection.
+ * @internal
+ */
+export async function securityScanHtml(client, req) {
+    const { data } = await client._doJSON("POST", "/qai/v1/security/scan-html", scanHtmlToWire(req));
+    return scanRespFromWire(data);
+}
+/**
+ * Check a URL against the injection registry.
+ * @internal
+ */
+export async function securityCheck(client, url) {
+    const { data } = await client._doJSON("GET", `/qai/v1/security/check?url=${encodeURIComponent(url)}`, undefined);
+    return checkRespFromWire(data);
+}
+/**
+ * Get the injection blocklist feed.
+ * @internal
+ */
+export async function securityBlocklist(client, status) {
+    const path = status
+        ? `/qai/v1/security/blocklist?status=${encodeURIComponent(status)}`
+        : "/qai/v1/security/blocklist";
+    const { data } = await client._doJSON("GET", path, undefined);
+    return blocklistRespFromWire(data);
+}
+/**
+ * Report a suspicious URL.
+ * @internal
+ */
+export async function securityReport(client, req) {
+    const { data } = await client._doJSON("POST", "/qai/v1/security/report", req);
+    return reportRespFromWire(data);
+}

package/dist/types.d.ts

@@ -84,12 +84,39 @@ export interface StreamToolUse {
     name: string;
     input: Record<string, unknown>;
 }
+/** New since v0.6: tool-use streaming triplet. */
+export interface StreamToolUseStart {
+    id: string;
+    name: string;
+}
+export interface StreamToolUseInputDelta {
+    id: string;
+    /** Raw JSON fragment — may not parse on its own; accumulate until tool_use_complete. */
+    partial_json: string;
+}
+export interface StreamToolUseComplete {
+    id: string;
+    name: string;
+    /** Server-accumulated, fully-parsed tool arguments. */
+    input: Record<string, unknown>;
+}
 export interface StreamEvent {
     type: string;
-    /** Event type (e.g. "content_delta", "thinking_delta", "tool_use", "usage", "error", "done"). */
+    /** Event type (e.g. "content_delta", "thinking_delta", "tool_use_start",
+     *  "tool_use_input_delta", "tool_use_complete", "tool_use" (legacy),
+     *  "usage", "error", "done"). */
     event_type?: string;
     delta?: StreamDelta;
+    /** Populated for the legacy atomic "tool_use" event. New code should
+     *  prefer the triplet (tool_use_start / tool_use_input_delta /
+     *  tool_use_complete). */
     tool_use?: StreamToolUse;
+    /** Populated for "tool_use_start" events. */
+    tool_use_start?: StreamToolUseStart;
+    /** Populated for "tool_use_input_delta" events. */
+    tool_use_input_delta?: StreamToolUseInputDelta;
+    /** Populated for "tool_use_complete" events. */
+    tool_use_complete?: StreamToolUseComplete;
     usage?: ChatUsage;
     error?: string;
     done?: boolean;
@@ -99,6 +126,11 @@ export interface RawStreamEvent {
     type?: string;
     delta?: StreamDelta;
     tool_use?: StreamToolUse;
+    /** Fields shared by the triplet — flattened in the wire format. */
+    id?: string;
+    name?: string;
+    input?: Record<string, unknown>;
+    partial_json?: string;
     usage?: ChatUsage;
     message?: string;
     input_tokens?: number;

package/dist/vision.d.ts

@@ -0,0 +1,130 @@
+import type { QuantumClient } from "./client.js";
+/** Domain context for relevance analysis. */
+export interface VisionContext {
+    /** Installation type (e.g. "solar", "heat_pump", "ev_charger"). */
+    installationType?: string;
+    /** Phase (e.g. "pre_install", "installation", "post_install"). */
+    phase?: string;
+    /** Expected items for relevance checking. */
+    expectedItems?: string[];
+}
+/** Request body for vision analysis endpoints. */
+export interface VisionRequest {
+    /** Base64-encoded image (with or without data: prefix). */
+    imageBase64?: string;
+    /** Image URL (fetched by the model provider). */
+    imageUrl?: string;
+    /** Model to use. Default: gemini-2.5-flash. */
+    model?: string;
+    /** Analysis profile: "combined" (default), "scene", "objects", "ocr", "quality". */
+    profile?: string;
+    /** Domain context for relevance checking. */
+    context?: VisionContext;
+}
+/** A detected object with bounding box. */
+export interface DetectedObject {
+    /** Object label. */
+    label: string;
+    /** Detection confidence (0.0 - 1.0). */
+    confidence: number;
+    /** Bounding box: [y_min, x_min, y_max, x_max] normalised to 0-1000. */
+    boundingBox: [number, number, number, number];
+}
+/** Image quality assessment. */
+export interface QualityAssessment {
+    /** Overall rating: "good", "acceptable", "poor". */
+    overall: string;
+    /** Quality score (0.0 - 1.0). */
+    score: number;
+    /** Blur level: "none", "slight", "significant". */
+    blur: string;
+    /** Lighting: "well_lit", "dim", "dark". */
+    darkness: string;
+    /** Resolution: "high", "adequate", "low". */
+    resolution: string;
+    /** Exposure: "correct", "over", "under". */
+    exposure: string;
+    /** Specific issues found. */
+    issues: string[];
+}
+/** Relevance check against expected content. */
+export interface RelevanceCheck {
+    /** Whether the image is relevant to the context. */
+    relevant: boolean;
+    /** Relevance score (0.0 - 1.0). */
+    score: number;
+    /** Items expected based on context. */
+    expectedItems: string[];
+    /** Items actually found in the image. */
+    foundItems: string[];
+    /** Expected but not found. */
+    missingItems: string[];
+    /** Found but not expected. */
+    unexpectedItems: string[];
+    /** Additional notes. */
+    notes?: string;
+}
+/** A detected text region in the image. */
+export interface TextOverlay {
+    /** Extracted text content. */
+    text: string;
+    /** Bounding box: [y_min, x_min, y_max, x_max] normalised to 0-1000. */
+    boundingBox?: [number, number, number, number];
+    /** Overlay type: "gps", "timestamp", "address", "label", "other". */
+    type?: string;
+}
+/** OCR / text extraction result. */
+export interface OcrResult {
+    /** All extracted text concatenated. */
+    text?: string;
+    /** Extracted metadata (GPS, timestamp, address, etc.). */
+    metadata: Record<string, string>;
+    /** Individual text overlays with positions. */
+    overlays: TextOverlay[];
+}
+/** Full vision analysis response. */
+export interface VisionResponse {
+    /** Scene description. */
+    caption?: string;
+    /** Suggested tags (lowercase_snake_case). */
+    tags: string[];
+    /** Detected objects with bounding boxes. */
+    objects: DetectedObject[];
+    /** Image quality assessment. */
+    quality?: QualityAssessment;
+    /** Relevance check against context. */
+    relevance?: RelevanceCheck;
+    /** Extracted text and overlay metadata. */
+    ocr?: OcrResult;
+    /** Model used. */
+    model: string;
+    /** Cost in ticks. */
+    costTicks: number;
+    /** Request identifier. */
+    requestId: string;
+}
+/**
+ * Full combined vision analysis (scene + objects + quality + OCR + relevance).
+ * @internal
+ */
+export declare function visionAnalyze(client: QuantumClient, req: VisionRequest): Promise<VisionResponse>;
+/**
+ * Object detection with bounding boxes.
+ * @internal
+ */
+export declare function visionDetect(client: QuantumClient, req: VisionRequest): Promise<VisionResponse>;
+/**
+ * Scene description and tags.
+ * @internal
+ */
+export declare function visionDescribe(client: QuantumClient, req: VisionRequest): Promise<VisionResponse>;
+/**
+ * Text extraction and overlay metadata (OCR).
+ * @internal
+ */
+export declare function visionOcr(client: QuantumClient, req: VisionRequest): Promise<VisionResponse>;
+/**
+ * Image quality assessment.
+ * @internal
+ */
+export declare function visionQuality(client: QuantumClient, req: VisionRequest): Promise<VisionResponse>;

package/dist/vision.js

@@ -0,0 +1,124 @@
+// ── Wire format (snake_case JSON) ────────────────────────────────
+/** @internal Convert camelCase request to snake_case wire format. */
+function toWire(req) {
+    const out = {};
+    if (req.imageBase64 !== undefined)
+        out.image_base64 = req.imageBase64;
+    if (req.imageUrl !== undefined)
+        out.image_url = req.imageUrl;
+    if (req.model !== undefined)
+        out.model = req.model;
+    if (req.profile !== undefined)
+        out.profile = req.profile;
+    if (req.context) {
+        const ctx = {};
+        if (req.context.installationType !== undefined)
+            ctx.installation_type = req.context.installationType;
+        if (req.context.phase !== undefined)
+            ctx.phase = req.context.phase;
+        if (req.context.expectedItems !== undefined)
+            ctx.expected_items = req.context.expectedItems;
+        out.context = ctx;
+    }
+    return out;
+}
+/** @internal Convert snake_case wire response to camelCase. */
+function fromWire(raw) {
+    const objects = (raw.objects ?? []).map((o) => ({
+        label: o.label ?? "",
+        confidence: o.confidence ?? 0,
+        boundingBox: o.bounding_box ?? [0, 0, 0, 0],
+    }));
+    let quality;
+    if (raw.quality) {
+        const q = raw.quality;
+        quality = {
+            overall: q.overall ?? "",
+            score: q.score ?? 0,
+            blur: q.blur ?? "",
+            darkness: q.darkness ?? "",
+            resolution: q.resolution ?? "",
+            exposure: q.exposure ?? "",
+            issues: q.issues ?? [],
+        };
+    }
+    let relevance;
+    if (raw.relevance) {
+        const r = raw.relevance;
+        relevance = {
+            relevant: r.relevant ?? false,
+            score: r.score ?? 0,
+            expectedItems: r.expected_items ?? [],
+            foundItems: r.found_items ?? [],
+            missingItems: r.missing_items ?? [],
+            unexpectedItems: r.unexpected_items ?? [],
+            notes: r.notes,
+        };
+    }
+    let ocr;
+    if (raw.ocr) {
+        const o = raw.ocr;
+        const overlays = (o.overlays ?? []).map((ov) => ({
+            text: ov.text ?? "",
+            boundingBox: ov.bounding_box,
+            type: ov.type,
+        }));
+        ocr = {
+            text: o.text,
+            metadata: o.metadata ?? {},
+            overlays,
+        };
+    }
+    return {
+        caption: raw.caption,
+        tags: raw.tags ?? [],
+        objects,
+        quality,
+        relevance,
+        ocr,
+        model: raw.model ?? "",
+        costTicks: raw.cost_ticks ?? 0,
+        requestId: raw.request_id ?? "",
+    };
+}
+// ── Client methods ───────────────────────────────────────────────
+/**
+ * Full combined vision analysis (scene + objects + quality + OCR + relevance).
+ * @internal
+ */
+export async function visionAnalyze(client, req) {
+    const { data } = await client._doJSON("POST", "/qai/v1/vision/analyze", toWire(req));
+    return fromWire(data);
+}
+/**
+ * Object detection with bounding boxes.
+ * @internal
+ */
+export async function visionDetect(client, req) {
+    const { data } = await client._doJSON("POST", "/qai/v1/vision/detect", toWire(req));
+    return fromWire(data);
+}
+/**
+ * Scene description and tags.
+ * @internal
+ */
+export async function visionDescribe(client, req) {
+    const { data } = await client._doJSON("POST", "/qai/v1/vision/describe", toWire(req));
+    return fromWire(data);
+}
+/**
+ * Text extraction and overlay metadata (OCR).
+ * @internal
+ */
+export async function visionOcr(client, req) {
+    const { data } = await client._doJSON("POST", "/qai/v1/vision/ocr", toWire(req));
+    return fromWire(data);
+}
+/**
+ * Image quality assessment.
+ * @internal
+ */
+export async function visionQuality(client, req) {
+    const { data } = await client._doJSON("POST", "/qai/v1/vision/quality", toWire(req));
+    return fromWire(data);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "quantum-ai-sdk",
-  "version": "0.5.0",
+  "version": "0.6.0",
   "description": "Cosmic Duck SDK — 100+ AI endpoints across 10 providers",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",