spaps-sdk 1.10.0 → 1.10.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -6,6 +6,24 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and
6
6
 
7
7
  ## [Unreleased]
8
8
 
9
+ ### Added
10
+
11
+ - Added `issueReporting.getAttachmentAccess(attachmentId)` as the canonical screenshot access helper while keeping `getAttachmentAccessUrl` as a backward-compatible alias.
12
+
13
+ ## [1.10.1] - 2026-05-16
14
+
15
+ ### Added
16
+
17
+ - Added issue-reporting screenshot attachment helpers for private upload, list, access URL, delete, and attach-by-ID create/update/reply flows.
18
+
19
+ ## [1.10.0] - 2026-05-11
20
+
21
+ - Added usage-control SDK support for authorizing usage and recording immutable usage events against SPAPS.
22
+
23
+ ## [1.9.0] - 2026-05-11
24
+
25
+ - Maintenance: align the SDK package version after release automation.
26
+
9
27
  ## [1.8.0] - 2026-05-11
10
28
 
11
29
  - Maintenance: align the SDK package version after release automation.
package/README.md CHANGED
@@ -23,7 +23,7 @@ This package targets `Node.js >=14`.
23
23
 
24
24
  | Need | Package gives you |
25
25
  | --- | --- |
26
- | One client for many SPAPS surfaces | `auth`, `payments`, `sessions`, `secureMessages`, `issueReporting`, `appLinks`, `email`, `entitlements`, `usage`, `skillEvals`, `dayrate`, `admin`, and `cfo` namespaces |
26
+ | One client for many SPAPS surfaces | `auth`, `payments`, `sessions`, `secureMessages`, `issueReporting`, `appLinks`, `marketing`, `email`, `entitlements`, `usage`, `skillEvals`, `dayrate`, `admin`, and `cfo` namespaces |
27
27
  | Local development without extra config | Localhost URLs automatically enable local mode |
28
28
  | Browser and server usage | `publishableKey`, `secretKey`, or legacy `apiKey` support |
29
29
  | Shared contracts | Re-exports a large slice of `spaps-types` |
@@ -84,8 +84,9 @@ Relevant environment variables:
84
84
  | `payments` | Checkout sessions, products, prices, subscriptions, and crypto helpers |
85
85
  | `sessions` | Session lookup, validation, and lifecycle helpers |
86
86
  | `secureMessages` | Secure-message create/list helpers |
87
- | `issueReporting` | Status, history, create, update, reply, and voice-token flows |
87
+ | `issueReporting` | Status, history, create, update, reply, voice-token, and private screenshot attachment flows |
88
88
  | `appLinks` | Authenticated create and public resolve helpers for application-scoped short links |
89
+ | `marketing` | Browser-safe attribution/experiment event emission and server-side experiment results |
89
90
  | `email` | Template lookup, preview, and send helpers |
90
91
  | `entitlements` | User and resource entitlement queries |
91
92
  | `usage` | Secret-key usage authorization and immutable usage recording |
@@ -124,6 +125,37 @@ const voiceToken = await spaps.issueReporting.createVoiceToken();
124
125
  console.log(voiceToken.provider, voiceToken.model_id);
125
126
  ```
126
127
 
128
+ ### Issue Reporting Screenshot Attachments
129
+
130
+ Screenshots are uploaded as private pending hosted assets first. Create, update, or reply calls then send only attachment IDs; do not put raw image bytes, data URLs, or base64 payloads in issue notes or target metadata.
131
+
132
+ ```ts
133
+ spaps.setAccessToken(accessToken);
134
+
135
+ const file = new File([pngBytes], "protocol-save-failure.png", {
136
+ type: "image/png",
137
+ });
138
+ const attachment = await spaps.issueReporting.uploadAttachment(file);
139
+
140
+ const issue = await spaps.issueReporting.create({
141
+ target: {
142
+ component_key: "patient_protocol_widget",
143
+ component_label: "Patient Protocol Widget",
144
+ page_url: "/patients/123/protocol",
145
+ surface_ref: "daily-log",
146
+ metadata: { section: "daily log" },
147
+ },
148
+ note: "The save action silently fails after I edit today's protocol note.",
149
+ reporter_role_hint: "practitioner",
150
+ attachment_ids: [attachment.id],
151
+ });
152
+
153
+ const access = await spaps.issueReporting.getAttachmentAccess(attachment.id);
154
+ console.log(issue.id, access.expires_in_seconds);
155
+ ```
156
+
157
+ SPAPS accepts PNG, JPEG, and WebP screenshots up to 10 MiB each, with at most 5 retained screenshots per report. The hosted object remains private; callers fetch a short-lived access URL after normal issue-reporting authorization succeeds. SPAPS does not redact screenshot contents, so host apps should warn users when a capture may include sensitive data.
158
+
127
159
  ### Application Short Links
128
160
 
129
161
  Use `appLinks` when a browser app needs a stable public URL for large local state, such as compressed diagram state.
@@ -143,6 +175,41 @@ const link = await spaps.appLinks.create({
143
175
  });
144
176
 
145
177
  console.log(`/${link.app_slug}/${link.username}/${link.slug}`);
178
+
179
+ await spaps.appLinks.update(link.username, link.slug, {
180
+ metadata: { diagram_state: "pako:new-state" },
181
+ });
182
+ ```
183
+
184
+ ### Marketing Events
185
+
186
+ Use `marketing.emit` in the browser with a publishable key for anonymous
187
+ attribution touches or experiment exposures. Use `marketing.getExperimentResults`
188
+ from a trusted server or agent with a secret key to read revenue-backed results
189
+ and the conservative stop signal.
190
+
191
+ ```ts
192
+ const browserSpaps = new SPAPSClient({
193
+ apiUrl: "https://api.example.test",
194
+ publishableKey: "spaps_pub_example",
195
+ });
196
+
197
+ await browserSpaps.marketing.emit({
198
+ anon_id: "anon_01HY...",
199
+ event_type: "experiment_exposure",
200
+ experiment_id: "landing-hero-copy",
201
+ variant_id: "treatment",
202
+ dedupe_key: "landing-hero-copy:anon_01HY:treatment",
203
+ timestamp: new Date().toISOString(),
204
+ });
205
+
206
+ const serverSpaps = new SPAPSClient({
207
+ apiUrl: "https://api.example.test",
208
+ secretKey: process.env.SPAPS_SECRET_KEY,
209
+ });
210
+
211
+ const results = await serverSpaps.marketing.getExperimentResults("landing-hero-copy");
212
+ console.log(results.decision.recommendation, results.decision.winner_variant_id);
146
213
  ```
147
214
 
148
215
  ### Server-Side Usage Control
@@ -192,8 +259,9 @@ await spaps.usage.record({
192
259
  });
193
260
  ```
194
261
 
195
- The legacy `/api/usage/features` and `/api/usage/history` routes remain
196
- not-implemented stubs and are not exposed through this SDK namespace.
262
+ For dashboard and policy views, use `spaps.usage.listFeatures()`,
263
+ `spaps.usage.getStatus(...)`, and `spaps.usage.listHistory(...)` from the same
264
+ trusted backend context.
197
265
 
198
266
  ### Skill Evals
199
267
 
@@ -416,7 +484,7 @@ npm run test:readme
416
484
  ## Metadata
417
485
 
418
486
  - `package_name`: `spaps-sdk`
419
- - `latest_version`: `1.8.0`
487
+ - `latest_version`: `1.10.1`
420
488
  - `minimum_runtime`: `Node.js >=14.0.0`
421
489
  - `api_base_url`: `https://api.sweetpotato.dev`
422
490
 
package/dist/index.d.mts CHANGED
@@ -1,6 +1,6 @@
1
1
  import * as spaps_types from 'spaps-types';
2
- import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
- export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
2
+ import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportAttachmentOut, ListIssueReportAttachmentsResponse, IssueReportAttachmentAccessResponse, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, ListIssueReportMessagesResponse, CreateReporterMessageRequest, IssueReportMessage, CreateOperatorMessageRequest, RetractOperatorMessageRequest, CreateAppLinkRequest, AppLink, UpdateAppLinkRequest, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlFeaturesResponse, UsageControlStatusRequest, UsageControlStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
+ export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreateOperatorMessageRequest, CreatePriceRequest, CreateProductRequest, CreateReporterMessageRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportAttachmentAccessResponse, IssueReportAttachmentOut, IssueReportListResult, IssueReportMessage, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, ListIssueReportAttachmentsResponse, ListIssueReportMessagesResponse, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, RetractOperatorMessageRequest, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateAppLinkRequest, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlFeaturesResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, UsageControlStatusRequest, UsageControlStatusResponse, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
4
4
 
5
5
  /**
6
6
  * Permission checking utilities for SPAPS SDK
@@ -336,6 +336,73 @@ interface EmailTemplatePreview {
336
336
  html: string;
337
337
  text?: string;
338
338
  }
339
+ type MarketingEventType = 'attribution_touch' | 'experiment_exposure';
340
+ type MarketingExperimentRecommendation = 'continue' | 'continue_srm_warning' | 'stop_for_winner';
341
+ type MarketingExperimentSrmStatus = 'pass' | 'warning' | 'not_applicable';
342
+ interface MarketingEventIngestRequest {
343
+ application_id?: string;
344
+ anon_id: string;
345
+ event_type: MarketingEventType;
346
+ experiment_id?: string | null;
347
+ variant_id?: string | null;
348
+ variant?: string | null;
349
+ metadata?: Record<string, unknown> | null;
350
+ dedupe_key?: string | null;
351
+ timestamp?: string | null;
352
+ observed_at?: string | null;
353
+ }
354
+ interface MarketingEventIngestResponse {
355
+ id: string;
356
+ application_id: string;
357
+ anon_id: string;
358
+ event_type: MarketingEventType;
359
+ experiment_id?: string | null;
360
+ variant?: string | null;
361
+ dedupe_key: string;
362
+ ts: string;
363
+ created_at: string;
364
+ }
365
+ interface MarketingExperimentVariantResult {
366
+ variant_id: string | null;
367
+ exposures: number;
368
+ conversions: number;
369
+ conversion_rate: number;
370
+ revenue: Record<string, number>;
371
+ }
372
+ interface MarketingExperimentMinSampleDecision {
373
+ met: boolean;
374
+ min_exposures_per_variant: number;
375
+ min_total_conversions: number;
376
+ observed_min_exposures: number;
377
+ observed_total_conversions: number;
378
+ }
379
+ interface MarketingExperimentSrmDecision {
380
+ status: MarketingExperimentSrmStatus;
381
+ expected_share?: number | null;
382
+ max_share_ratio?: number | null;
383
+ min_share_ratio?: number | null;
384
+ }
385
+ interface MarketingExperimentEffectDecision {
386
+ leader_variant_id?: string | null;
387
+ runner_up_variant_id?: string | null;
388
+ absolute_lift?: number | null;
389
+ relative_lift?: number | null;
390
+ }
391
+ interface MarketingExperimentDecision {
392
+ decisive: boolean;
393
+ recommendation: MarketingExperimentRecommendation;
394
+ winner_variant_id?: string | null;
395
+ reason_codes: string[];
396
+ min_sample: MarketingExperimentMinSampleDecision;
397
+ srm: MarketingExperimentSrmDecision;
398
+ effect: MarketingExperimentEffectDecision;
399
+ }
400
+ interface MarketingExperimentResultsResponse {
401
+ application_id: string;
402
+ experiment_id: string;
403
+ variants: MarketingExperimentVariantResult[];
404
+ decision: MarketingExperimentDecision;
405
+ }
339
406
  interface EntitlementListParams {
340
407
  /** Filter by entitlement key */
341
408
  key?: string;
@@ -360,6 +427,9 @@ interface IssueReportListParams {
360
427
  interface IssueReportStatusParams {
361
428
  scope?: SupportedIssueReportScope;
362
429
  }
430
+ interface IssueReportAttachmentUploadOptions {
431
+ filename?: string;
432
+ }
363
433
  declare class X402PaymentRequiredSDKError extends Error {
364
434
  readonly paymentRequiredHeader: string;
365
435
  readonly response: unknown;
@@ -705,7 +775,7 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
705
775
  * Note: For publishable key contexts, only `resource_type=user` is permitted.
706
776
  * Non-user resource types will return a 403 error (enforced server-side).
707
777
  *
708
- * @param resourceType - The resource type (e.g. "user", "company", "org", "system").
778
+ * @param resourceType - The resource type (e.g. "user", "company", "org", "system", "project").
709
779
  * @param resourceId - Optional specific resource ID.
710
780
  */
711
781
  listByResource: (resourceType: ResourceType, resourceId?: string) => Promise<Entitlement[]>;
@@ -730,6 +800,28 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
730
800
  * Create a new canonical issue report.
731
801
  */
732
802
  create: (payload: CreateIssueReportRequest) => Promise<IssueReport>;
803
+ /**
804
+ * Upload one private pending screenshot attachment.
805
+ */
806
+ uploadAttachment: (file: Blob, options?: IssueReportAttachmentUploadOptions) => Promise<IssueReportAttachmentOut>;
807
+ /**
808
+ * List non-deleted screenshot attachments for one issue report.
809
+ */
810
+ listAttachments: (issueReportId: string) => Promise<ListIssueReportAttachmentsResponse>;
811
+ /**
812
+ * Return a short-lived private attachment access URL.
813
+ */
814
+ getAttachmentAccess: (attachmentId: string) => Promise<IssueReportAttachmentAccessResponse>;
815
+ /**
816
+ * Return a short-lived private attachment access URL.
817
+ *
818
+ * @deprecated Use getAttachmentAccess(attachmentId).
819
+ */
820
+ getAttachmentAccessUrl: (attachmentId: string) => Promise<IssueReportAttachmentAccessResponse>;
821
+ /**
822
+ * Soft-delete one owned screenshot attachment.
823
+ */
824
+ deleteAttachment: (attachmentId: string) => Promise<void>;
733
825
  /**
734
826
  * Create a short-lived voice transcription token for issue reporting.
735
827
  */
@@ -742,6 +834,46 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
742
834
  * Reply to a resolved or ignored issue report and reopen the linked case.
743
835
  */
744
836
  reply: (issueReportId: string, payload: ReplyIssueReportRequest) => Promise<IssueReport>;
837
+ /**
838
+ * List the chronological, reporter-visible message thread for one owned
839
+ * issue report. Only active, reporter-visible rows are returned; retracted
840
+ * or superseded operator messages are excluded and raw audit payloads are
841
+ * never exposed. `needs_response` badges an open clarification request.
842
+ */
843
+ listMessages: (issueReportId: string) => Promise<ListIssueReportMessagesResponse>;
844
+ /**
845
+ * Submit a reporter clarification response on one owned issue report. This
846
+ * does NOT reopen a closed case (use `reply` for that). Idempotent on
847
+ * `idempotency_key`: same key + same body returns the existing message,
848
+ * same key + different body returns 409 ISSUE_REPORT_MESSAGE_CONFLICT.
849
+ */
850
+ submitMessage: (issueReportId: string, payload: CreateReporterMessageRequest) => Promise<IssueReportMessage>;
851
+ /**
852
+ * Triage-operator message commands. These require a secret key context and a
853
+ * triage role/capability; publishable browser contexts are rejected by the
854
+ * server. Provide the secret key as the SDK's API key.
855
+ */
856
+ triage: {
857
+ /**
858
+ * List all projection rows for an app-scoped report (including corrected
859
+ * rows) for authorized triage operators.
860
+ */
861
+ listMessages: (issueReportId: string) => Promise<ListIssueReportMessagesResponse>;
862
+ /**
863
+ * Post a clarification_request or final_response reporter-visible message
864
+ * as a triage operator. Idempotent on `idempotency_key`; a key reused with
865
+ * a different body returns 409. A final_response can drive a terminal
866
+ * lifecycle transition via `resolve_case`; the internal resolution_note is
867
+ * never auto-displayed to reporters.
868
+ */
869
+ postMessage: (issueReportId: string, payload: CreateOperatorMessageRequest) => Promise<IssueReportMessage>;
870
+ /**
871
+ * Retract an operator-authored message. The body is retained; the row's
872
+ * state is marked `retracted`. Retracting an already-retracted message is
873
+ * a safe no-op.
874
+ */
875
+ retractMessage: (issueReportId: string, messageId: string, payload?: RetractOperatorMessageRequest) => Promise<IssueReportMessage>;
876
+ };
745
877
  };
746
878
  /**
747
879
  * Application-scoped short links for browser apps that need stable public URLs.
@@ -751,6 +883,10 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
751
883
  * Create a short link owned by the authenticated user.
752
884
  */
753
885
  create: (payload: CreateAppLinkRequest) => Promise<AppLink>;
886
+ /**
887
+ * Update a short link owned by the authenticated user.
888
+ */
889
+ update: (username: string, slug: string, payload: UpdateAppLinkRequest) => Promise<AppLink>;
754
890
  /**
755
891
  * Resolve a public short link for the active application.
756
892
  */
@@ -758,6 +894,30 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
758
894
  track?: boolean;
759
895
  }) => Promise<AppLink>;
760
896
  };
897
+ /**
898
+ * Marketing events and experiment results.
899
+ *
900
+ * Use a publishable key for browser-side event emission. Use a secret key
901
+ * from a trusted server or agent process when reading experiment results.
902
+ */
903
+ marketing: {
904
+ /**
905
+ * Emit one anonymous attribution touch or experiment exposure.
906
+ */
907
+ emit: (payload: MarketingEventIngestRequest) => Promise<MarketingEventIngestResponse>;
908
+ /**
909
+ * Alias for emit(), matching the backend ingest endpoint language.
910
+ */
911
+ ingest: (payload: MarketingEventIngestRequest) => Promise<MarketingEventIngestResponse>;
912
+ /**
913
+ * Read per-variant experiment results and the conservative stop signal.
914
+ */
915
+ getExperimentResults: (experimentId: string) => Promise<MarketingExperimentResultsResponse>;
916
+ /**
917
+ * Short alias for getExperimentResults().
918
+ */
919
+ getResults: (experimentId: string) => Promise<MarketingExperimentResultsResponse>;
920
+ };
761
921
  private static envVar;
762
922
  constructor(config?: SPAPSConfig);
763
923
  /** Raw API request helper that returns an ApiResponse-like shape */
@@ -963,7 +1123,7 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
963
1123
  updateProductSuperAdmin: (productId: string, updates: any) => Promise<any>;
964
1124
  deleteProductSuperAdmin: (productId: string) => Promise<any>;
965
1125
  createProductWithPrice: (payload: any) => Promise<any>;
966
- createProductWithPriceSuperAdmin: (productId: string, payload: any) => Promise<any>;
1126
+ createProductWithPriceSuperAdmin: (applicationId: string, payload: any) => Promise<any>;
967
1127
  setDefaultPrice: (productId: string, payload: {
968
1128
  price_id: string;
969
1129
  }) => Promise<any>;
@@ -1099,6 +1259,14 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1099
1259
  * after work completes.
1100
1260
  */
1101
1261
  usage: {
1262
+ /**
1263
+ * List active usage feature definitions for this application.
1264
+ */
1265
+ listFeatures: () => Promise<UsageControlFeaturesResponse>;
1266
+ /**
1267
+ * Fetch current window usage status without creating an authorization.
1268
+ */
1269
+ getStatus: (query: UsageControlStatusRequest) => Promise<UsageControlStatusResponse>;
1102
1270
  /**
1103
1271
  * Authorize proposed usage before a downstream job, inference, or action runs.
1104
1272
  */
@@ -1107,16 +1275,28 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1107
1275
  * Record immutable usage after work completes.
1108
1276
  */
1109
1277
  record: (payload: UsageControlRecordRequest) => Promise<UsageControlRecordResponse>;
1278
+ /**
1279
+ * List usage events in deterministic newest-first order.
1280
+ */
1281
+ listHistory: (query?: UsageControlHistoryRequest) => Promise<UsageControlHistoryResponse>;
1110
1282
  };
1111
1283
  createCheckoutSession(priceId: string, successUrl: string, cancelUrl?: string): Promise<{
1112
1284
  data: CheckoutSession;
1113
1285
  }>;
1114
- getSubscription(): Promise<{
1286
+ getSubscription(subscriptionId?: string): Promise<{
1287
+ data: Subscription | Subscription[];
1288
+ }>;
1289
+ cancelSubscription(subscriptionId?: string, options?: {
1290
+ immediately?: boolean;
1291
+ }): Promise<{
1115
1292
  data: Subscription;
1116
1293
  }>;
1117
- cancelSubscription(): Promise<void>;
1118
1294
  authorizeUsage(payload: UsageControlAuthorizeRequest): Promise<UsageControlAuthorizeResponse>;
1119
1295
  recordUsage(payload: UsageControlRecordRequest): Promise<UsageControlRecordResponse>;
1296
+ getUsageStatus(query: UsageControlStatusRequest): Promise<UsageControlStatusResponse>;
1297
+ listUsageHistory(query?: UsageControlHistoryRequest): Promise<UsageControlHistoryResponse>;
1298
+ emitMarketingEvent(payload: MarketingEventIngestRequest): Promise<MarketingEventIngestResponse>;
1299
+ getMarketingExperimentResults(experimentId: string): Promise<MarketingExperimentResultsResponse>;
1120
1300
  private createSecureMessage;
1121
1301
  private listSecureMessages;
1122
1302
  /**
@@ -1298,4 +1478,4 @@ declare function createServerClient(secretKey: string, options?: Omit<SPAPSConfi
1298
1478
  */
1299
1479
  declare function detectKeyType(key: string): ApiKeyType | null;
1300
1480
 
1301
- export { type AdminConfig, type ApiKeyType, type CheckoutLineItem, type CheckoutLineItemPriceData, type CreateCheckoutSessionPayload, type CreateSkillEvalCaseRequest, type CreateSkillEvalGovernanceSnapshotRequest, DEFAULT_ADMIN_ACCOUNTS, type EmailSendOptions, type EmailSendResult, type EmailTemplate, type EmailTemplatePreview, type EntitlementCheckResult, type EntitlementListParams, type FeatureContext, type FeatureDefinition, FeatureEvaluator, type HeaderProvider, type ImportSkillEvalGovernanceOutcomeRequest, type IssueReportListParams, type IssueReportStatusParams, type PermissionCheckResult, PermissionChecker, type RespondToSkillEvalReviewRequest, type RevealSkillEvalEvidenceRequest, RoleHierarchy, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, type SPAPSEnvelope, type SkillEvalAccessMode, type SkillEvalActorAccess, type SkillEvalCandidateInput, type SkillEvalCandidateResponse, type SkillEvalCasePolicy, type SkillEvalCaseResponse, type SkillEvalConfidence, type SkillEvalCreateOptions, type SkillEvalDisclosurePolicy, type SkillEvalEligibilitySource, type SkillEvalGovernanceOutcomeResult, type SkillEvalGovernancePurpose, type SkillEvalGovernanceSnapshotResult, type SkillEvalInsight, type SkillEvalInsightsResponse, type SkillEvalModelEffort, type SkillEvalMutationOptions, type SkillEvalPosterResponse, type SkillEvalPosterResponseResult, type SkillEvalRevealField, type SkillEvalRevealResult, type SkillEvalReviewMarkInput, type SkillEvalReviewMarkKind, type SkillEvalReviewResponse, type SkillEvalReviewRoom, type SkillEvalReviewerEligibilityInput, type SkillEvalRewardEvent, type SubmitSkillEvalReviewRequest, type TemplateVariable, TokenManager, WalletUtils, WebSocketAuthHelper, type WebSocketAuthHelperConfig, type X402ExecuteActionOptions, X402PaymentRequiredSDKError, type X402ReceiptListParams, type X402VerifyHandoffOptions, canAccessAdmin, createBrowserClient, createPermissionChecker, createServerClient, SPAPSClient as default, defaultPermissionChecker, detectKeyType, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, isEnvelope, isErrorEnvelope, isSuccessEnvelope, unwrapEnvelope, unwrapNestedData, verifyCryptoWebhookSignature };
1481
+ export { type AdminConfig, type ApiKeyType, type CheckoutLineItem, type CheckoutLineItemPriceData, type CreateCheckoutSessionPayload, type CreateSkillEvalCaseRequest, type CreateSkillEvalGovernanceSnapshotRequest, DEFAULT_ADMIN_ACCOUNTS, type EmailSendOptions, type EmailSendResult, type EmailTemplate, type EmailTemplatePreview, type EntitlementCheckResult, type EntitlementListParams, type FeatureContext, type FeatureDefinition, FeatureEvaluator, type HeaderProvider, type ImportSkillEvalGovernanceOutcomeRequest, type IssueReportAttachmentUploadOptions, type IssueReportListParams, type IssueReportStatusParams, type MarketingEventIngestRequest, type MarketingEventIngestResponse, type MarketingEventType, type MarketingExperimentDecision, type MarketingExperimentEffectDecision, type MarketingExperimentMinSampleDecision, type MarketingExperimentRecommendation, type MarketingExperimentResultsResponse, type MarketingExperimentSrmDecision, type MarketingExperimentSrmStatus, type MarketingExperimentVariantResult, type PermissionCheckResult, PermissionChecker, type RespondToSkillEvalReviewRequest, type RevealSkillEvalEvidenceRequest, RoleHierarchy, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, type SPAPSEnvelope, type SkillEvalAccessMode, type SkillEvalActorAccess, type SkillEvalCandidateInput, type SkillEvalCandidateResponse, type SkillEvalCasePolicy, type SkillEvalCaseResponse, type SkillEvalConfidence, type SkillEvalCreateOptions, type SkillEvalDisclosurePolicy, type SkillEvalEligibilitySource, type SkillEvalGovernanceOutcomeResult, type SkillEvalGovernancePurpose, type SkillEvalGovernanceSnapshotResult, type SkillEvalInsight, type SkillEvalInsightsResponse, type SkillEvalModelEffort, type SkillEvalMutationOptions, type SkillEvalPosterResponse, type SkillEvalPosterResponseResult, type SkillEvalRevealField, type SkillEvalRevealResult, type SkillEvalReviewMarkInput, type SkillEvalReviewMarkKind, type SkillEvalReviewResponse, type SkillEvalReviewRoom, type SkillEvalReviewerEligibilityInput, type SkillEvalRewardEvent, type SubmitSkillEvalReviewRequest, type TemplateVariable, TokenManager, WalletUtils, WebSocketAuthHelper, type WebSocketAuthHelperConfig, type X402ExecuteActionOptions, X402PaymentRequiredSDKError, type X402ReceiptListParams, type X402VerifyHandoffOptions, canAccessAdmin, createBrowserClient, createPermissionChecker, createServerClient, SPAPSClient as default, defaultPermissionChecker, detectKeyType, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, isEnvelope, isErrorEnvelope, isSuccessEnvelope, unwrapEnvelope, unwrapNestedData, verifyCryptoWebhookSignature };