spaps-sdk 1.10.1 → 1.10.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -8,6 +8,12 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and
8
8
 
9
9
  ### Added
10
10
 
11
+ - Added `issueReporting.getAttachmentAccess(attachmentId)` as the canonical screenshot access helper while keeping `getAttachmentAccessUrl` as a backward-compatible alias.
12
+
13
+ ## [1.10.1] - 2026-05-16
14
+
15
+ ### Added
16
+
11
17
  - Added issue-reporting screenshot attachment helpers for private upload, list, access URL, delete, and attach-by-ID create/update/reply flows.
12
18
 
13
19
  ## [1.10.0] - 2026-05-11
package/README.md CHANGED
@@ -23,7 +23,7 @@ This package targets `Node.js >=14`.
23
23
 
24
24
  | Need | Package gives you |
25
25
  | --- | --- |
26
- | One client for many SPAPS surfaces | `auth`, `payments`, `sessions`, `secureMessages`, `issueReporting`, `appLinks`, `email`, `entitlements`, `usage`, `skillEvals`, `dayrate`, `admin`, and `cfo` namespaces |
26
+ | One client for many SPAPS surfaces | `auth`, `payments`, `sessions`, `secureMessages`, `issueReporting`, `appLinks`, `marketing`, `email`, `entitlements`, `usage`, `skillEvals`, `dayrate`, `admin`, and `cfo` namespaces |
27
27
  | Local development without extra config | Localhost URLs automatically enable local mode |
28
28
  | Browser and server usage | `publishableKey`, `secretKey`, or legacy `apiKey` support |
29
29
  | Shared contracts | Re-exports a large slice of `spaps-types` |
@@ -86,6 +86,7 @@ Relevant environment variables:
86
86
  | `secureMessages` | Secure-message create/list helpers |
87
87
  | `issueReporting` | Status, history, create, update, reply, voice-token, and private screenshot attachment flows |
88
88
  | `appLinks` | Authenticated create and public resolve helpers for application-scoped short links |
89
+ | `marketing` | Browser-safe attribution/experiment event emission and server-side experiment results |
89
90
  | `email` | Template lookup, preview, and send helpers |
90
91
  | `entitlements` | User and resource entitlement queries |
91
92
  | `usage` | Secret-key usage authorization and immutable usage recording |
@@ -149,7 +150,7 @@ const issue = await spaps.issueReporting.create({
149
150
  attachment_ids: [attachment.id],
150
151
  });
151
152
 
152
- const access = await spaps.issueReporting.getAttachmentAccessUrl(attachment.id);
153
+ const access = await spaps.issueReporting.getAttachmentAccess(attachment.id);
153
154
  console.log(issue.id, access.expires_in_seconds);
154
155
  ```
155
156
 
@@ -174,6 +175,41 @@ const link = await spaps.appLinks.create({
174
175
  });
175
176
 
176
177
  console.log(`/${link.app_slug}/${link.username}/${link.slug}`);
178
+
179
+ await spaps.appLinks.update(link.username, link.slug, {
180
+ metadata: { diagram_state: "pako:new-state" },
181
+ });
182
+ ```
183
+
184
+ ### Marketing Events
185
+
186
+ Use `marketing.emit` in the browser with a publishable key for anonymous
187
+ attribution touches or experiment exposures. Use `marketing.getExperimentResults`
188
+ from a trusted server or agent with a secret key to read revenue-backed results
189
+ and the conservative stop signal.
190
+
191
+ ```ts
192
+ const browserSpaps = new SPAPSClient({
193
+ apiUrl: "https://api.example.test",
194
+ publishableKey: "spaps_pub_example",
195
+ });
196
+
197
+ await browserSpaps.marketing.emit({
198
+ anon_id: "anon_01HY...",
199
+ event_type: "experiment_exposure",
200
+ experiment_id: "landing-hero-copy",
201
+ variant_id: "treatment",
202
+ dedupe_key: "landing-hero-copy:anon_01HY:treatment",
203
+ timestamp: new Date().toISOString(),
204
+ });
205
+
206
+ const serverSpaps = new SPAPSClient({
207
+ apiUrl: "https://api.example.test",
208
+ secretKey: process.env.SPAPS_SECRET_KEY,
209
+ });
210
+
211
+ const results = await serverSpaps.marketing.getExperimentResults("landing-hero-copy");
212
+ console.log(results.decision.recommendation, results.decision.winner_variant_id);
177
213
  ```
178
214
 
179
215
  ### Server-Side Usage Control
@@ -448,7 +484,7 @@ npm run test:readme
448
484
  ## Metadata
449
485
 
450
486
  - `package_name`: `spaps-sdk`
451
- - `latest_version`: `1.10.0`
487
+ - `latest_version`: `1.10.1`
452
488
  - `minimum_runtime`: `Node.js >=14.0.0`
453
489
  - `api_base_url`: `https://api.sweetpotato.dev`
454
490
 
package/dist/index.d.mts CHANGED
@@ -1,6 +1,6 @@
1
1
  import * as spaps_types from 'spaps-types';
2
- import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportAttachmentOut, ListIssueReportAttachmentsResponse, IssueReportAttachmentAccessResponse, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlFeaturesResponse, UsageControlStatusRequest, UsageControlStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
- export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportAttachmentAccessResponse, IssueReportAttachmentOut, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, ListIssueReportAttachmentsResponse, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlFeaturesResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, UsageControlStatusRequest, UsageControlStatusResponse, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
2
+ import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportAttachmentOut, ListIssueReportAttachmentsResponse, IssueReportAttachmentAccessResponse, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, ListIssueReportMessagesResponse, CreateReporterMessageRequest, IssueReportMessage, CreateOperatorMessageRequest, RetractOperatorMessageRequest, CreateAppLinkRequest, AppLink, UpdateAppLinkRequest, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlFeaturesResponse, UsageControlStatusRequest, UsageControlStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
+ export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreateOperatorMessageRequest, CreatePriceRequest, CreateProductRequest, CreateReporterMessageRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportAttachmentAccessResponse, IssueReportAttachmentOut, IssueReportListResult, IssueReportMessage, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, ListIssueReportAttachmentsResponse, ListIssueReportMessagesResponse, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, RetractOperatorMessageRequest, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateAppLinkRequest, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlFeaturesResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, UsageControlStatusRequest, UsageControlStatusResponse, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
4
4
 
5
5
  /**
6
6
  * Permission checking utilities for SPAPS SDK
@@ -336,6 +336,73 @@ interface EmailTemplatePreview {
336
336
  html: string;
337
337
  text?: string;
338
338
  }
339
+ type MarketingEventType = 'attribution_touch' | 'experiment_exposure';
340
+ type MarketingExperimentRecommendation = 'continue' | 'continue_srm_warning' | 'stop_for_winner';
341
+ type MarketingExperimentSrmStatus = 'pass' | 'warning' | 'not_applicable';
342
+ interface MarketingEventIngestRequest {
343
+ application_id?: string;
344
+ anon_id: string;
345
+ event_type: MarketingEventType;
346
+ experiment_id?: string | null;
347
+ variant_id?: string | null;
348
+ variant?: string | null;
349
+ metadata?: Record<string, unknown> | null;
350
+ dedupe_key?: string | null;
351
+ timestamp?: string | null;
352
+ observed_at?: string | null;
353
+ }
354
+ interface MarketingEventIngestResponse {
355
+ id: string;
356
+ application_id: string;
357
+ anon_id: string;
358
+ event_type: MarketingEventType;
359
+ experiment_id?: string | null;
360
+ variant?: string | null;
361
+ dedupe_key: string;
362
+ ts: string;
363
+ created_at: string;
364
+ }
365
+ interface MarketingExperimentVariantResult {
366
+ variant_id: string | null;
367
+ exposures: number;
368
+ conversions: number;
369
+ conversion_rate: number;
370
+ revenue: Record<string, number>;
371
+ }
372
+ interface MarketingExperimentMinSampleDecision {
373
+ met: boolean;
374
+ min_exposures_per_variant: number;
375
+ min_total_conversions: number;
376
+ observed_min_exposures: number;
377
+ observed_total_conversions: number;
378
+ }
379
+ interface MarketingExperimentSrmDecision {
380
+ status: MarketingExperimentSrmStatus;
381
+ expected_share?: number | null;
382
+ max_share_ratio?: number | null;
383
+ min_share_ratio?: number | null;
384
+ }
385
+ interface MarketingExperimentEffectDecision {
386
+ leader_variant_id?: string | null;
387
+ runner_up_variant_id?: string | null;
388
+ absolute_lift?: number | null;
389
+ relative_lift?: number | null;
390
+ }
391
+ interface MarketingExperimentDecision {
392
+ decisive: boolean;
393
+ recommendation: MarketingExperimentRecommendation;
394
+ winner_variant_id?: string | null;
395
+ reason_codes: string[];
396
+ min_sample: MarketingExperimentMinSampleDecision;
397
+ srm: MarketingExperimentSrmDecision;
398
+ effect: MarketingExperimentEffectDecision;
399
+ }
400
+ interface MarketingExperimentResultsResponse {
401
+ application_id: string;
402
+ experiment_id: string;
403
+ variants: MarketingExperimentVariantResult[];
404
+ decision: MarketingExperimentDecision;
405
+ }
339
406
  interface EntitlementListParams {
340
407
  /** Filter by entitlement key */
341
408
  key?: string;
@@ -708,7 +775,7 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
708
775
  * Note: For publishable key contexts, only `resource_type=user` is permitted.
709
776
  * Non-user resource types will return a 403 error (enforced server-side).
710
777
  *
711
- * @param resourceType - The resource type (e.g. "user", "company", "org", "system").
778
+ * @param resourceType - The resource type (e.g. "user", "company", "org", "system", "project").
712
779
  * @param resourceId - Optional specific resource ID.
713
780
  */
714
781
  listByResource: (resourceType: ResourceType, resourceId?: string) => Promise<Entitlement[]>;
@@ -744,6 +811,12 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
744
811
  /**
745
812
  * Return a short-lived private attachment access URL.
746
813
  */
814
+ getAttachmentAccess: (attachmentId: string) => Promise<IssueReportAttachmentAccessResponse>;
815
+ /**
816
+ * Return a short-lived private attachment access URL.
817
+ *
818
+ * @deprecated Use getAttachmentAccess(attachmentId).
819
+ */
747
820
  getAttachmentAccessUrl: (attachmentId: string) => Promise<IssueReportAttachmentAccessResponse>;
748
821
  /**
749
822
  * Soft-delete one owned screenshot attachment.
@@ -761,6 +834,46 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
761
834
  * Reply to a resolved or ignored issue report and reopen the linked case.
762
835
  */
763
836
  reply: (issueReportId: string, payload: ReplyIssueReportRequest) => Promise<IssueReport>;
837
+ /**
838
+ * List the chronological, reporter-visible message thread for one owned
839
+ * issue report. Only active, reporter-visible rows are returned; retracted
840
+ * or superseded operator messages are excluded and raw audit payloads are
841
+ * never exposed. `needs_response` badges an open clarification request.
842
+ */
843
+ listMessages: (issueReportId: string) => Promise<ListIssueReportMessagesResponse>;
844
+ /**
845
+ * Submit a reporter clarification response on one owned issue report. This
846
+ * does NOT reopen a closed case (use `reply` for that). Idempotent on
847
+ * `idempotency_key`: same key + same body returns the existing message,
848
+ * same key + different body returns 409 ISSUE_REPORT_MESSAGE_CONFLICT.
849
+ */
850
+ submitMessage: (issueReportId: string, payload: CreateReporterMessageRequest) => Promise<IssueReportMessage>;
851
+ /**
852
+ * Triage-operator message commands. These require a secret key context and a
853
+ * triage role/capability; publishable browser contexts are rejected by the
854
+ * server. Provide the secret key as the SDK's API key.
855
+ */
856
+ triage: {
857
+ /**
858
+ * List all projection rows for an app-scoped report (including corrected
859
+ * rows) for authorized triage operators.
860
+ */
861
+ listMessages: (issueReportId: string) => Promise<ListIssueReportMessagesResponse>;
862
+ /**
863
+ * Post a clarification_request or final_response reporter-visible message
864
+ * as a triage operator. Idempotent on `idempotency_key`; a key reused with
865
+ * a different body returns 409. A final_response can drive a terminal
866
+ * lifecycle transition via `resolve_case`; the internal resolution_note is
867
+ * never auto-displayed to reporters.
868
+ */
869
+ postMessage: (issueReportId: string, payload: CreateOperatorMessageRequest) => Promise<IssueReportMessage>;
870
+ /**
871
+ * Retract an operator-authored message. The body is retained; the row's
872
+ * state is marked `retracted`. Retracting an already-retracted message is
873
+ * a safe no-op.
874
+ */
875
+ retractMessage: (issueReportId: string, messageId: string, payload?: RetractOperatorMessageRequest) => Promise<IssueReportMessage>;
876
+ };
764
877
  };
765
878
  /**
766
879
  * Application-scoped short links for browser apps that need stable public URLs.
@@ -770,6 +883,10 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
770
883
  * Create a short link owned by the authenticated user.
771
884
  */
772
885
  create: (payload: CreateAppLinkRequest) => Promise<AppLink>;
886
+ /**
887
+ * Update a short link owned by the authenticated user.
888
+ */
889
+ update: (username: string, slug: string, payload: UpdateAppLinkRequest) => Promise<AppLink>;
773
890
  /**
774
891
  * Resolve a public short link for the active application.
775
892
  */
@@ -777,6 +894,30 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
777
894
  track?: boolean;
778
895
  }) => Promise<AppLink>;
779
896
  };
897
+ /**
898
+ * Marketing events and experiment results.
899
+ *
900
+ * Use a publishable key for browser-side event emission. Use a secret key
901
+ * from a trusted server or agent process when reading experiment results.
902
+ */
903
+ marketing: {
904
+ /**
905
+ * Emit one anonymous attribution touch or experiment exposure.
906
+ */
907
+ emit: (payload: MarketingEventIngestRequest) => Promise<MarketingEventIngestResponse>;
908
+ /**
909
+ * Alias for emit(), matching the backend ingest endpoint language.
910
+ */
911
+ ingest: (payload: MarketingEventIngestRequest) => Promise<MarketingEventIngestResponse>;
912
+ /**
913
+ * Read per-variant experiment results and the conservative stop signal.
914
+ */
915
+ getExperimentResults: (experimentId: string) => Promise<MarketingExperimentResultsResponse>;
916
+ /**
917
+ * Short alias for getExperimentResults().
918
+ */
919
+ getResults: (experimentId: string) => Promise<MarketingExperimentResultsResponse>;
920
+ };
780
921
  private static envVar;
781
922
  constructor(config?: SPAPSConfig);
782
923
  /** Raw API request helper that returns an ApiResponse-like shape */
@@ -1154,6 +1295,8 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1154
1295
  recordUsage(payload: UsageControlRecordRequest): Promise<UsageControlRecordResponse>;
1155
1296
  getUsageStatus(query: UsageControlStatusRequest): Promise<UsageControlStatusResponse>;
1156
1297
  listUsageHistory(query?: UsageControlHistoryRequest): Promise<UsageControlHistoryResponse>;
1298
+ emitMarketingEvent(payload: MarketingEventIngestRequest): Promise<MarketingEventIngestResponse>;
1299
+ getMarketingExperimentResults(experimentId: string): Promise<MarketingExperimentResultsResponse>;
1157
1300
  private createSecureMessage;
1158
1301
  private listSecureMessages;
1159
1302
  /**
@@ -1335,4 +1478,4 @@ declare function createServerClient(secretKey: string, options?: Omit<SPAPSConfi
1335
1478
  */
1336
1479
  declare function detectKeyType(key: string): ApiKeyType | null;
1337
1480
 
1338
- export { type AdminConfig, type ApiKeyType, type CheckoutLineItem, type CheckoutLineItemPriceData, type CreateCheckoutSessionPayload, type CreateSkillEvalCaseRequest, type CreateSkillEvalGovernanceSnapshotRequest, DEFAULT_ADMIN_ACCOUNTS, type EmailSendOptions, type EmailSendResult, type EmailTemplate, type EmailTemplatePreview, type EntitlementCheckResult, type EntitlementListParams, type FeatureContext, type FeatureDefinition, FeatureEvaluator, type HeaderProvider, type ImportSkillEvalGovernanceOutcomeRequest, type IssueReportAttachmentUploadOptions, type IssueReportListParams, type IssueReportStatusParams, type PermissionCheckResult, PermissionChecker, type RespondToSkillEvalReviewRequest, type RevealSkillEvalEvidenceRequest, RoleHierarchy, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, type SPAPSEnvelope, type SkillEvalAccessMode, type SkillEvalActorAccess, type SkillEvalCandidateInput, type SkillEvalCandidateResponse, type SkillEvalCasePolicy, type SkillEvalCaseResponse, type SkillEvalConfidence, type SkillEvalCreateOptions, type SkillEvalDisclosurePolicy, type SkillEvalEligibilitySource, type SkillEvalGovernanceOutcomeResult, type SkillEvalGovernancePurpose, type SkillEvalGovernanceSnapshotResult, type SkillEvalInsight, type SkillEvalInsightsResponse, type SkillEvalModelEffort, type SkillEvalMutationOptions, type SkillEvalPosterResponse, type SkillEvalPosterResponseResult, type SkillEvalRevealField, type SkillEvalRevealResult, type SkillEvalReviewMarkInput, type SkillEvalReviewMarkKind, type SkillEvalReviewResponse, type SkillEvalReviewRoom, type SkillEvalReviewerEligibilityInput, type SkillEvalRewardEvent, type SubmitSkillEvalReviewRequest, type TemplateVariable, TokenManager, WalletUtils, WebSocketAuthHelper, type WebSocketAuthHelperConfig, type X402ExecuteActionOptions, X402PaymentRequiredSDKError, type X402ReceiptListParams, type X402VerifyHandoffOptions, canAccessAdmin, createBrowserClient, createPermissionChecker, createServerClient, SPAPSClient as default, defaultPermissionChecker, detectKeyType, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, isEnvelope, isErrorEnvelope, isSuccessEnvelope, unwrapEnvelope, unwrapNestedData, verifyCryptoWebhookSignature };
1481
+ export { type AdminConfig, type ApiKeyType, type CheckoutLineItem, type CheckoutLineItemPriceData, type CreateCheckoutSessionPayload, type CreateSkillEvalCaseRequest, type CreateSkillEvalGovernanceSnapshotRequest, DEFAULT_ADMIN_ACCOUNTS, type EmailSendOptions, type EmailSendResult, type EmailTemplate, type EmailTemplatePreview, type EntitlementCheckResult, type EntitlementListParams, type FeatureContext, type FeatureDefinition, FeatureEvaluator, type HeaderProvider, type ImportSkillEvalGovernanceOutcomeRequest, type IssueReportAttachmentUploadOptions, type IssueReportListParams, type IssueReportStatusParams, type MarketingEventIngestRequest, type MarketingEventIngestResponse, type MarketingEventType, type MarketingExperimentDecision, type MarketingExperimentEffectDecision, type MarketingExperimentMinSampleDecision, type MarketingExperimentRecommendation, type MarketingExperimentResultsResponse, type MarketingExperimentSrmDecision, type MarketingExperimentSrmStatus, type MarketingExperimentVariantResult, type PermissionCheckResult, PermissionChecker, type RespondToSkillEvalReviewRequest, type RevealSkillEvalEvidenceRequest, RoleHierarchy, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, type SPAPSEnvelope, type SkillEvalAccessMode, type SkillEvalActorAccess, type SkillEvalCandidateInput, type SkillEvalCandidateResponse, type SkillEvalCasePolicy, type SkillEvalCaseResponse, type SkillEvalConfidence, type SkillEvalCreateOptions, type SkillEvalDisclosurePolicy, type SkillEvalEligibilitySource, type SkillEvalGovernanceOutcomeResult, type SkillEvalGovernancePurpose, type SkillEvalGovernanceSnapshotResult, type SkillEvalInsight, type SkillEvalInsightsResponse, type SkillEvalModelEffort, type SkillEvalMutationOptions, type SkillEvalPosterResponse, type SkillEvalPosterResponseResult, type SkillEvalRevealField, type SkillEvalRevealResult, type SkillEvalReviewMarkInput, type SkillEvalReviewMarkKind, type SkillEvalReviewResponse, type SkillEvalReviewRoom, type SkillEvalReviewerEligibilityInput, type SkillEvalRewardEvent, type SubmitSkillEvalReviewRequest, type TemplateVariable, TokenManager, WalletUtils, WebSocketAuthHelper, type WebSocketAuthHelperConfig, type X402ExecuteActionOptions, X402PaymentRequiredSDKError, type X402ReceiptListParams, type X402VerifyHandoffOptions, canAccessAdmin, createBrowserClient, createPermissionChecker, createServerClient, SPAPSClient as default, defaultPermissionChecker, detectKeyType, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, isEnvelope, isErrorEnvelope, isSuccessEnvelope, unwrapEnvelope, unwrapNestedData, verifyCryptoWebhookSignature };
package/dist/index.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import * as spaps_types from 'spaps-types';
2
- import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportAttachmentOut, ListIssueReportAttachmentsResponse, IssueReportAttachmentAccessResponse, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlFeaturesResponse, UsageControlStatusRequest, UsageControlStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
- export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportAttachmentAccessResponse, IssueReportAttachmentOut, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, ListIssueReportAttachmentsResponse, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlFeaturesResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, UsageControlStatusRequest, UsageControlStatusResponse, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
2
+ import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportAttachmentOut, ListIssueReportAttachmentsResponse, IssueReportAttachmentAccessResponse, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, ListIssueReportMessagesResponse, CreateReporterMessageRequest, IssueReportMessage, CreateOperatorMessageRequest, RetractOperatorMessageRequest, CreateAppLinkRequest, AppLink, UpdateAppLinkRequest, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlFeaturesResponse, UsageControlStatusRequest, UsageControlStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
+ export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreateOperatorMessageRequest, CreatePriceRequest, CreateProductRequest, CreateReporterMessageRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportAttachmentAccessResponse, IssueReportAttachmentOut, IssueReportListResult, IssueReportMessage, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, ListIssueReportAttachmentsResponse, ListIssueReportMessagesResponse, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, RetractOperatorMessageRequest, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateAppLinkRequest, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlFeaturesResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, UsageControlStatusRequest, UsageControlStatusResponse, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
4
4
 
5
5
  /**
6
6
  * Permission checking utilities for SPAPS SDK
@@ -336,6 +336,73 @@ interface EmailTemplatePreview {
336
336
  html: string;
337
337
  text?: string;
338
338
  }
339
+ type MarketingEventType = 'attribution_touch' | 'experiment_exposure';
340
+ type MarketingExperimentRecommendation = 'continue' | 'continue_srm_warning' | 'stop_for_winner';
341
+ type MarketingExperimentSrmStatus = 'pass' | 'warning' | 'not_applicable';
342
+ interface MarketingEventIngestRequest {
343
+ application_id?: string;
344
+ anon_id: string;
345
+ event_type: MarketingEventType;
346
+ experiment_id?: string | null;
347
+ variant_id?: string | null;
348
+ variant?: string | null;
349
+ metadata?: Record<string, unknown> | null;
350
+ dedupe_key?: string | null;
351
+ timestamp?: string | null;
352
+ observed_at?: string | null;
353
+ }
354
+ interface MarketingEventIngestResponse {
355
+ id: string;
356
+ application_id: string;
357
+ anon_id: string;
358
+ event_type: MarketingEventType;
359
+ experiment_id?: string | null;
360
+ variant?: string | null;
361
+ dedupe_key: string;
362
+ ts: string;
363
+ created_at: string;
364
+ }
365
+ interface MarketingExperimentVariantResult {
366
+ variant_id: string | null;
367
+ exposures: number;
368
+ conversions: number;
369
+ conversion_rate: number;
370
+ revenue: Record<string, number>;
371
+ }
372
+ interface MarketingExperimentMinSampleDecision {
373
+ met: boolean;
374
+ min_exposures_per_variant: number;
375
+ min_total_conversions: number;
376
+ observed_min_exposures: number;
377
+ observed_total_conversions: number;
378
+ }
379
+ interface MarketingExperimentSrmDecision {
380
+ status: MarketingExperimentSrmStatus;
381
+ expected_share?: number | null;
382
+ max_share_ratio?: number | null;
383
+ min_share_ratio?: number | null;
384
+ }
385
+ interface MarketingExperimentEffectDecision {
386
+ leader_variant_id?: string | null;
387
+ runner_up_variant_id?: string | null;
388
+ absolute_lift?: number | null;
389
+ relative_lift?: number | null;
390
+ }
391
+ interface MarketingExperimentDecision {
392
+ decisive: boolean;
393
+ recommendation: MarketingExperimentRecommendation;
394
+ winner_variant_id?: string | null;
395
+ reason_codes: string[];
396
+ min_sample: MarketingExperimentMinSampleDecision;
397
+ srm: MarketingExperimentSrmDecision;
398
+ effect: MarketingExperimentEffectDecision;
399
+ }
400
+ interface MarketingExperimentResultsResponse {
401
+ application_id: string;
402
+ experiment_id: string;
403
+ variants: MarketingExperimentVariantResult[];
404
+ decision: MarketingExperimentDecision;
405
+ }
339
406
  interface EntitlementListParams {
340
407
  /** Filter by entitlement key */
341
408
  key?: string;
@@ -708,7 +775,7 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
708
775
  * Note: For publishable key contexts, only `resource_type=user` is permitted.
709
776
  * Non-user resource types will return a 403 error (enforced server-side).
710
777
  *
711
- * @param resourceType - The resource type (e.g. "user", "company", "org", "system").
778
+ * @param resourceType - The resource type (e.g. "user", "company", "org", "system", "project").
712
779
  * @param resourceId - Optional specific resource ID.
713
780
  */
714
781
  listByResource: (resourceType: ResourceType, resourceId?: string) => Promise<Entitlement[]>;
@@ -744,6 +811,12 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
744
811
  /**
745
812
  * Return a short-lived private attachment access URL.
746
813
  */
814
+ getAttachmentAccess: (attachmentId: string) => Promise<IssueReportAttachmentAccessResponse>;
815
+ /**
816
+ * Return a short-lived private attachment access URL.
817
+ *
818
+ * @deprecated Use getAttachmentAccess(attachmentId).
819
+ */
747
820
  getAttachmentAccessUrl: (attachmentId: string) => Promise<IssueReportAttachmentAccessResponse>;
748
821
  /**
749
822
  * Soft-delete one owned screenshot attachment.
@@ -761,6 +834,46 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
761
834
  * Reply to a resolved or ignored issue report and reopen the linked case.
762
835
  */
763
836
  reply: (issueReportId: string, payload: ReplyIssueReportRequest) => Promise<IssueReport>;
837
+ /**
838
+ * List the chronological, reporter-visible message thread for one owned
839
+ * issue report. Only active, reporter-visible rows are returned; retracted
840
+ * or superseded operator messages are excluded and raw audit payloads are
841
+ * never exposed. `needs_response` badges an open clarification request.
842
+ */
843
+ listMessages: (issueReportId: string) => Promise<ListIssueReportMessagesResponse>;
844
+ /**
845
+ * Submit a reporter clarification response on one owned issue report. This
846
+ * does NOT reopen a closed case (use `reply` for that). Idempotent on
847
+ * `idempotency_key`: same key + same body returns the existing message,
848
+ * same key + different body returns 409 ISSUE_REPORT_MESSAGE_CONFLICT.
849
+ */
850
+ submitMessage: (issueReportId: string, payload: CreateReporterMessageRequest) => Promise<IssueReportMessage>;
851
+ /**
852
+ * Triage-operator message commands. These require a secret key context and a
853
+ * triage role/capability; publishable browser contexts are rejected by the
854
+ * server. Provide the secret key as the SDK's API key.
855
+ */
856
+ triage: {
857
+ /**
858
+ * List all projection rows for an app-scoped report (including corrected
859
+ * rows) for authorized triage operators.
860
+ */
861
+ listMessages: (issueReportId: string) => Promise<ListIssueReportMessagesResponse>;
862
+ /**
863
+ * Post a clarification_request or final_response reporter-visible message
864
+ * as a triage operator. Idempotent on `idempotency_key`; a key reused with
865
+ * a different body returns 409. A final_response can drive a terminal
866
+ * lifecycle transition via `resolve_case`; the internal resolution_note is
867
+ * never auto-displayed to reporters.
868
+ */
869
+ postMessage: (issueReportId: string, payload: CreateOperatorMessageRequest) => Promise<IssueReportMessage>;
870
+ /**
871
+ * Retract an operator-authored message. The body is retained; the row's
872
+ * state is marked `retracted`. Retracting an already-retracted message is
873
+ * a safe no-op.
874
+ */
875
+ retractMessage: (issueReportId: string, messageId: string, payload?: RetractOperatorMessageRequest) => Promise<IssueReportMessage>;
876
+ };
764
877
  };
765
878
  /**
766
879
  * Application-scoped short links for browser apps that need stable public URLs.
@@ -770,6 +883,10 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
770
883
  * Create a short link owned by the authenticated user.
771
884
  */
772
885
  create: (payload: CreateAppLinkRequest) => Promise<AppLink>;
886
+ /**
887
+ * Update a short link owned by the authenticated user.
888
+ */
889
+ update: (username: string, slug: string, payload: UpdateAppLinkRequest) => Promise<AppLink>;
773
890
  /**
774
891
  * Resolve a public short link for the active application.
775
892
  */
@@ -777,6 +894,30 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
777
894
  track?: boolean;
778
895
  }) => Promise<AppLink>;
779
896
  };
897
+ /**
898
+ * Marketing events and experiment results.
899
+ *
900
+ * Use a publishable key for browser-side event emission. Use a secret key
901
+ * from a trusted server or agent process when reading experiment results.
902
+ */
903
+ marketing: {
904
+ /**
905
+ * Emit one anonymous attribution touch or experiment exposure.
906
+ */
907
+ emit: (payload: MarketingEventIngestRequest) => Promise<MarketingEventIngestResponse>;
908
+ /**
909
+ * Alias for emit(), matching the backend ingest endpoint language.
910
+ */
911
+ ingest: (payload: MarketingEventIngestRequest) => Promise<MarketingEventIngestResponse>;
912
+ /**
913
+ * Read per-variant experiment results and the conservative stop signal.
914
+ */
915
+ getExperimentResults: (experimentId: string) => Promise<MarketingExperimentResultsResponse>;
916
+ /**
917
+ * Short alias for getExperimentResults().
918
+ */
919
+ getResults: (experimentId: string) => Promise<MarketingExperimentResultsResponse>;
920
+ };
780
921
  private static envVar;
781
922
  constructor(config?: SPAPSConfig);
782
923
  /** Raw API request helper that returns an ApiResponse-like shape */
@@ -1154,6 +1295,8 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1154
1295
  recordUsage(payload: UsageControlRecordRequest): Promise<UsageControlRecordResponse>;
1155
1296
  getUsageStatus(query: UsageControlStatusRequest): Promise<UsageControlStatusResponse>;
1156
1297
  listUsageHistory(query?: UsageControlHistoryRequest): Promise<UsageControlHistoryResponse>;
1298
+ emitMarketingEvent(payload: MarketingEventIngestRequest): Promise<MarketingEventIngestResponse>;
1299
+ getMarketingExperimentResults(experimentId: string): Promise<MarketingExperimentResultsResponse>;
1157
1300
  private createSecureMessage;
1158
1301
  private listSecureMessages;
1159
1302
  /**
@@ -1335,4 +1478,4 @@ declare function createServerClient(secretKey: string, options?: Omit<SPAPSConfi
1335
1478
  */
1336
1479
  declare function detectKeyType(key: string): ApiKeyType | null;
1337
1480
 
1338
- export { type AdminConfig, type ApiKeyType, type CheckoutLineItem, type CheckoutLineItemPriceData, type CreateCheckoutSessionPayload, type CreateSkillEvalCaseRequest, type CreateSkillEvalGovernanceSnapshotRequest, DEFAULT_ADMIN_ACCOUNTS, type EmailSendOptions, type EmailSendResult, type EmailTemplate, type EmailTemplatePreview, type EntitlementCheckResult, type EntitlementListParams, type FeatureContext, type FeatureDefinition, FeatureEvaluator, type HeaderProvider, type ImportSkillEvalGovernanceOutcomeRequest, type IssueReportAttachmentUploadOptions, type IssueReportListParams, type IssueReportStatusParams, type PermissionCheckResult, PermissionChecker, type RespondToSkillEvalReviewRequest, type RevealSkillEvalEvidenceRequest, RoleHierarchy, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, type SPAPSEnvelope, type SkillEvalAccessMode, type SkillEvalActorAccess, type SkillEvalCandidateInput, type SkillEvalCandidateResponse, type SkillEvalCasePolicy, type SkillEvalCaseResponse, type SkillEvalConfidence, type SkillEvalCreateOptions, type SkillEvalDisclosurePolicy, type SkillEvalEligibilitySource, type SkillEvalGovernanceOutcomeResult, type SkillEvalGovernancePurpose, type SkillEvalGovernanceSnapshotResult, type SkillEvalInsight, type SkillEvalInsightsResponse, type SkillEvalModelEffort, type SkillEvalMutationOptions, type SkillEvalPosterResponse, type SkillEvalPosterResponseResult, type SkillEvalRevealField, type SkillEvalRevealResult, type SkillEvalReviewMarkInput, type SkillEvalReviewMarkKind, type SkillEvalReviewResponse, type SkillEvalReviewRoom, type SkillEvalReviewerEligibilityInput, type SkillEvalRewardEvent, type SubmitSkillEvalReviewRequest, type TemplateVariable, TokenManager, WalletUtils, WebSocketAuthHelper, type WebSocketAuthHelperConfig, type X402ExecuteActionOptions, X402PaymentRequiredSDKError, type X402ReceiptListParams, type X402VerifyHandoffOptions, canAccessAdmin, createBrowserClient, createPermissionChecker, createServerClient, SPAPSClient as default, defaultPermissionChecker, detectKeyType, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, isEnvelope, isErrorEnvelope, isSuccessEnvelope, unwrapEnvelope, unwrapNestedData, verifyCryptoWebhookSignature };
1481
+ export { type AdminConfig, type ApiKeyType, type CheckoutLineItem, type CheckoutLineItemPriceData, type CreateCheckoutSessionPayload, type CreateSkillEvalCaseRequest, type CreateSkillEvalGovernanceSnapshotRequest, DEFAULT_ADMIN_ACCOUNTS, type EmailSendOptions, type EmailSendResult, type EmailTemplate, type EmailTemplatePreview, type EntitlementCheckResult, type EntitlementListParams, type FeatureContext, type FeatureDefinition, FeatureEvaluator, type HeaderProvider, type ImportSkillEvalGovernanceOutcomeRequest, type IssueReportAttachmentUploadOptions, type IssueReportListParams, type IssueReportStatusParams, type MarketingEventIngestRequest, type MarketingEventIngestResponse, type MarketingEventType, type MarketingExperimentDecision, type MarketingExperimentEffectDecision, type MarketingExperimentMinSampleDecision, type MarketingExperimentRecommendation, type MarketingExperimentResultsResponse, type MarketingExperimentSrmDecision, type MarketingExperimentSrmStatus, type MarketingExperimentVariantResult, type PermissionCheckResult, PermissionChecker, type RespondToSkillEvalReviewRequest, type RevealSkillEvalEvidenceRequest, RoleHierarchy, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, type SPAPSEnvelope, type SkillEvalAccessMode, type SkillEvalActorAccess, type SkillEvalCandidateInput, type SkillEvalCandidateResponse, type SkillEvalCasePolicy, type SkillEvalCaseResponse, type SkillEvalConfidence, type SkillEvalCreateOptions, type SkillEvalDisclosurePolicy, type SkillEvalEligibilitySource, type SkillEvalGovernanceOutcomeResult, type SkillEvalGovernancePurpose, type SkillEvalGovernanceSnapshotResult, type SkillEvalInsight, type SkillEvalInsightsResponse, type SkillEvalModelEffort, type SkillEvalMutationOptions, type SkillEvalPosterResponse, type SkillEvalPosterResponseResult, type SkillEvalRevealField, type SkillEvalRevealResult, type SkillEvalReviewMarkInput, type SkillEvalReviewMarkKind, type SkillEvalReviewResponse, type SkillEvalReviewRoom, type SkillEvalReviewerEligibilityInput, type SkillEvalRewardEvent, type SubmitSkillEvalReviewRequest, type TemplateVariable, TokenManager, WalletUtils, WebSocketAuthHelper, type WebSocketAuthHelperConfig, type X402ExecuteActionOptions, X402PaymentRequiredSDKError, type X402ReceiptListParams, type X402VerifyHandoffOptions, canAccessAdmin, createBrowserClient, createPermissionChecker, createServerClient, SPAPSClient as default, defaultPermissionChecker, detectKeyType, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, isEnvelope, isErrorEnvelope, isSuccessEnvelope, unwrapEnvelope, unwrapNestedData, verifyCryptoWebhookSignature };
package/dist/index.js CHANGED
@@ -672,7 +672,7 @@ var SPAPSClient = class _SPAPSClient {
672
672
  * @param userId - Optional user ID override (secret key contexts only).
673
673
  */
674
674
  check: async (key, userId) => {
675
- const q = new URLSearchParams({ key });
675
+ const q = new URLSearchParams({ entitlement_key: key });
676
676
  if (userId) q.append("user_id", userId);
677
677
  const res = await this.client.get(
678
678
  `/api/entitlements/check?${q.toString()}`,
@@ -686,7 +686,7 @@ var SPAPSClient = class _SPAPSClient {
686
686
  * Note: For publishable key contexts, only `resource_type=user` is permitted.
687
687
  * Non-user resource types will return a 403 error (enforced server-side).
688
688
  *
689
- * @param resourceType - The resource type (e.g. "user", "company", "org", "system").
689
+ * @param resourceType - The resource type (e.g. "user", "company", "org", "system", "project").
690
690
  * @param resourceId - Optional specific resource ID.
691
691
  */
692
692
  listByResource: async (resourceType, resourceId) => {
@@ -793,7 +793,7 @@ var SPAPSClient = class _SPAPSClient {
793
793
  /**
794
794
  * Return a short-lived private attachment access URL.
795
795
  */
796
- getAttachmentAccessUrl: async (attachmentId) => {
796
+ getAttachmentAccess: async (attachmentId) => {
797
797
  const res = await this.client.get(
798
798
  `/api/v1/issue-reports/attachments/${encodeURIComponent(attachmentId)}/access`,
799
799
  this.accessToken ? { headers: { Authorization: `Bearer ${this.accessToken}` } } : void 0
@@ -803,6 +803,14 @@ var SPAPSClient = class _SPAPSClient {
803
803
  "Failed to get issue report attachment access URL"
804
804
  );
805
805
  },
806
+ /**
807
+ * Return a short-lived private attachment access URL.
808
+ *
809
+ * @deprecated Use getAttachmentAccess(attachmentId).
810
+ */
811
+ getAttachmentAccessUrl: async (attachmentId) => {
812
+ return this.issueReporting.getAttachmentAccess(attachmentId);
813
+ },
806
814
  /**
807
815
  * Soft-delete one owned screenshot attachment.
808
816
  */
@@ -844,6 +852,82 @@ var SPAPSClient = class _SPAPSClient {
844
852
  this.accessToken ? { headers: { Authorization: `Bearer ${this.accessToken}` } } : void 0
845
853
  );
846
854
  return this.unwrapApiResponse(res, "Failed to reply to issue report");
855
+ },
856
+ /**
857
+ * List the chronological, reporter-visible message thread for one owned
858
+ * issue report. Only active, reporter-visible rows are returned; retracted
859
+ * or superseded operator messages are excluded and raw audit payloads are
860
+ * never exposed. `needs_response` badges an open clarification request.
861
+ */
862
+ listMessages: async (issueReportId) => {
863
+ const res = await this.client.get(
864
+ `/api/v1/issue-reports/${issueReportId}/messages`,
865
+ this.accessToken ? { headers: { Authorization: `Bearer ${this.accessToken}` } } : void 0
866
+ );
867
+ return this.unwrapApiResponse(res, "Failed to list issue report messages");
868
+ },
869
+ /**
870
+ * Submit a reporter clarification response on one owned issue report. This
871
+ * does NOT reopen a closed case (use `reply` for that). Idempotent on
872
+ * `idempotency_key`: same key + same body returns the existing message,
873
+ * same key + different body returns 409 ISSUE_REPORT_MESSAGE_CONFLICT.
874
+ */
875
+ submitMessage: async (issueReportId, payload) => {
876
+ const res = await this.client.post(
877
+ `/api/v1/issue-reports/${issueReportId}/messages`,
878
+ payload,
879
+ this.accessToken ? { headers: { Authorization: `Bearer ${this.accessToken}` } } : void 0
880
+ );
881
+ return this.unwrapApiResponse(res, "Failed to submit issue report message");
882
+ },
883
+ /**
884
+ * Triage-operator message commands. These require a secret key context and a
885
+ * triage role/capability; publishable browser contexts are rejected by the
886
+ * server. Provide the secret key as the SDK's API key.
887
+ */
888
+ triage: {
889
+ /**
890
+ * List all projection rows for an app-scoped report (including corrected
891
+ * rows) for authorized triage operators.
892
+ */
893
+ listMessages: async (issueReportId) => {
894
+ const res = await this.client.get(
895
+ `/api/v1/issue-reports/triage/${issueReportId}/messages`,
896
+ this.accessToken ? { headers: { Authorization: `Bearer ${this.accessToken}` } } : void 0
897
+ );
898
+ return this.unwrapApiResponse(
899
+ res,
900
+ "Failed to list triage issue report messages"
901
+ );
902
+ },
903
+ /**
904
+ * Post a clarification_request or final_response reporter-visible message
905
+ * as a triage operator. Idempotent on `idempotency_key`; a key reused with
906
+ * a different body returns 409. A final_response can drive a terminal
907
+ * lifecycle transition via `resolve_case`; the internal resolution_note is
908
+ * never auto-displayed to reporters.
909
+ */
910
+ postMessage: async (issueReportId, payload) => {
911
+ const res = await this.client.post(
912
+ `/api/v1/issue-reports/triage/${issueReportId}/messages`,
913
+ payload,
914
+ this.accessToken ? { headers: { Authorization: `Bearer ${this.accessToken}` } } : void 0
915
+ );
916
+ return this.unwrapApiResponse(res, "Failed to post triage issue report message");
917
+ },
918
+ /**
919
+ * Retract an operator-authored message. The body is retained; the row's
920
+ * state is marked `retracted`. Retracting an already-retracted message is
921
+ * a safe no-op.
922
+ */
923
+ retractMessage: async (issueReportId, messageId, payload = {}) => {
924
+ const res = await this.client.post(
925
+ `/api/v1/issue-reports/triage/${issueReportId}/messages/${messageId}/retract`,
926
+ payload,
927
+ this.accessToken ? { headers: { Authorization: `Bearer ${this.accessToken}` } } : void 0
928
+ );
929
+ return this.unwrapApiResponse(res, "Failed to retract triage issue report message");
930
+ }
847
931
  }
848
932
  };
849
933
  /**
@@ -861,6 +945,17 @@ var SPAPSClient = class _SPAPSClient {
861
945
  );
862
946
  return this.unwrapApiResponse(res, "Failed to create app link");
863
947
  },
948
+ /**
949
+ * Update a short link owned by the authenticated user.
950
+ */
951
+ update: async (username, slug, payload) => {
952
+ const res = await this.client.patch(
953
+ `/api/v1/app-links/${encodeURIComponent(username)}/${encodeURIComponent(slug)}`,
954
+ payload,
955
+ this.accessToken ? { headers: { Authorization: `Bearer ${this.accessToken}` } } : void 0
956
+ );
957
+ return this.unwrapApiResponse(res, "Failed to update app link");
958
+ },
864
959
  /**
865
960
  * Resolve a public short link for the active application.
866
961
  */
@@ -875,6 +970,58 @@ var SPAPSClient = class _SPAPSClient {
875
970
  return this.unwrapApiResponse(res, "Failed to get app link");
876
971
  }
877
972
  };
973
+ /**
974
+ * Marketing events and experiment results.
975
+ *
976
+ * Use a publishable key for browser-side event emission. Use a secret key
977
+ * from a trusted server or agent process when reading experiment results.
978
+ */
979
+ marketing = {
980
+ /**
981
+ * Emit one anonymous attribution touch or experiment exposure.
982
+ */
983
+ emit: async (payload) => {
984
+ if (payload.event_type === "experiment_exposure") {
985
+ if (!payload.experiment_id?.trim()) {
986
+ throw new Error("experiment_id is required for experiment_exposure events");
987
+ }
988
+ const variant = payload.variant_id ?? payload.variant;
989
+ if (!variant?.trim()) {
990
+ throw new Error("variant_id or variant is required for experiment_exposure events");
991
+ }
992
+ }
993
+ const res = await this.client.post("/api/marketing-events/ingest", payload);
994
+ return this.unwrapApiResponse(
995
+ res,
996
+ "Failed to emit marketing event"
997
+ );
998
+ },
999
+ /**
1000
+ * Alias for emit(), matching the backend ingest endpoint language.
1001
+ */
1002
+ ingest: async (payload) => {
1003
+ return this.marketing.emit(payload);
1004
+ },
1005
+ /**
1006
+ * Read per-variant experiment results and the conservative stop signal.
1007
+ */
1008
+ getExperimentResults: async (experimentId) => {
1009
+ const encodedExperimentId = encodeURIComponent(experimentId);
1010
+ const res = await this.client.get(
1011
+ `/api/marketing/experiments/${encodedExperimentId}/results`
1012
+ );
1013
+ return this.unwrapApiResponse(
1014
+ res,
1015
+ "Failed to get marketing experiment results"
1016
+ );
1017
+ },
1018
+ /**
1019
+ * Short alias for getExperimentResults().
1020
+ */
1021
+ getResults: async (experimentId) => {
1022
+ return this.marketing.getExperimentResults(experimentId);
1023
+ }
1024
+ };
878
1025
  static envVar(name) {
879
1026
  if (typeof process !== "undefined" && process.env) {
880
1027
  return process.env[name];
@@ -1763,6 +1910,12 @@ var SPAPSClient = class _SPAPSClient {
1763
1910
  async listUsageHistory(query = {}) {
1764
1911
  return this.usage.listHistory(query);
1765
1912
  }
1913
+ async emitMarketingEvent(payload) {
1914
+ return this.marketing.emit(payload);
1915
+ }
1916
+ async getMarketingExperimentResults(experimentId) {
1917
+ return this.marketing.getExperimentResults(experimentId);
1918
+ }
1766
1919
  // Secure Messaging Methods
1767
1920
  async createSecureMessage(payload) {
1768
1921
  const response = await this.client.post("/api/secure-messages", payload);
package/dist/index.mjs CHANGED
@@ -637,7 +637,7 @@ var SPAPSClient = class _SPAPSClient {
637
637
  * @param userId - Optional user ID override (secret key contexts only).
638
638
  */
639
639
  check: async (key, userId) => {
640
- const q = new URLSearchParams({ key });
640
+ const q = new URLSearchParams({ entitlement_key: key });
641
641
  if (userId) q.append("user_id", userId);
642
642
  const res = await this.client.get(
643
643
  `/api/entitlements/check?${q.toString()}`,
@@ -651,7 +651,7 @@ var SPAPSClient = class _SPAPSClient {
651
651
  * Note: For publishable key contexts, only `resource_type=user` is permitted.
652
652
  * Non-user resource types will return a 403 error (enforced server-side).
653
653
  *
654
- * @param resourceType - The resource type (e.g. "user", "company", "org", "system").
654
+ * @param resourceType - The resource type (e.g. "user", "company", "org", "system", "project").
655
655
  * @param resourceId - Optional specific resource ID.
656
656
  */
657
657
  listByResource: async (resourceType, resourceId) => {
@@ -758,7 +758,7 @@ var SPAPSClient = class _SPAPSClient {
758
758
  /**
759
759
  * Return a short-lived private attachment access URL.
760
760
  */
761
- getAttachmentAccessUrl: async (attachmentId) => {
761
+ getAttachmentAccess: async (attachmentId) => {
762
762
  const res = await this.client.get(
763
763
  `/api/v1/issue-reports/attachments/${encodeURIComponent(attachmentId)}/access`,
764
764
  this.accessToken ? { headers: { Authorization: `Bearer ${this.accessToken}` } } : void 0
@@ -768,6 +768,14 @@ var SPAPSClient = class _SPAPSClient {
768
768
  "Failed to get issue report attachment access URL"
769
769
  );
770
770
  },
771
+ /**
772
+ * Return a short-lived private attachment access URL.
773
+ *
774
+ * @deprecated Use getAttachmentAccess(attachmentId).
775
+ */
776
+ getAttachmentAccessUrl: async (attachmentId) => {
777
+ return this.issueReporting.getAttachmentAccess(attachmentId);
778
+ },
771
779
  /**
772
780
  * Soft-delete one owned screenshot attachment.
773
781
  */
@@ -809,6 +817,82 @@ var SPAPSClient = class _SPAPSClient {
809
817
  this.accessToken ? { headers: { Authorization: `Bearer ${this.accessToken}` } } : void 0
810
818
  );
811
819
  return this.unwrapApiResponse(res, "Failed to reply to issue report");
820
+ },
821
+ /**
822
+ * List the chronological, reporter-visible message thread for one owned
823
+ * issue report. Only active, reporter-visible rows are returned; retracted
824
+ * or superseded operator messages are excluded and raw audit payloads are
825
+ * never exposed. `needs_response` badges an open clarification request.
826
+ */
827
+ listMessages: async (issueReportId) => {
828
+ const res = await this.client.get(
829
+ `/api/v1/issue-reports/${issueReportId}/messages`,
830
+ this.accessToken ? { headers: { Authorization: `Bearer ${this.accessToken}` } } : void 0
831
+ );
832
+ return this.unwrapApiResponse(res, "Failed to list issue report messages");
833
+ },
834
+ /**
835
+ * Submit a reporter clarification response on one owned issue report. This
836
+ * does NOT reopen a closed case (use `reply` for that). Idempotent on
837
+ * `idempotency_key`: same key + same body returns the existing message,
838
+ * same key + different body returns 409 ISSUE_REPORT_MESSAGE_CONFLICT.
839
+ */
840
+ submitMessage: async (issueReportId, payload) => {
841
+ const res = await this.client.post(
842
+ `/api/v1/issue-reports/${issueReportId}/messages`,
843
+ payload,
844
+ this.accessToken ? { headers: { Authorization: `Bearer ${this.accessToken}` } } : void 0
845
+ );
846
+ return this.unwrapApiResponse(res, "Failed to submit issue report message");
847
+ },
848
+ /**
849
+ * Triage-operator message commands. These require a secret key context and a
850
+ * triage role/capability; publishable browser contexts are rejected by the
851
+ * server. Provide the secret key as the SDK's API key.
852
+ */
853
+ triage: {
854
+ /**
855
+ * List all projection rows for an app-scoped report (including corrected
856
+ * rows) for authorized triage operators.
857
+ */
858
+ listMessages: async (issueReportId) => {
859
+ const res = await this.client.get(
860
+ `/api/v1/issue-reports/triage/${issueReportId}/messages`,
861
+ this.accessToken ? { headers: { Authorization: `Bearer ${this.accessToken}` } } : void 0
862
+ );
863
+ return this.unwrapApiResponse(
864
+ res,
865
+ "Failed to list triage issue report messages"
866
+ );
867
+ },
868
+ /**
869
+ * Post a clarification_request or final_response reporter-visible message
870
+ * as a triage operator. Idempotent on `idempotency_key`; a key reused with
871
+ * a different body returns 409. A final_response can drive a terminal
872
+ * lifecycle transition via `resolve_case`; the internal resolution_note is
873
+ * never auto-displayed to reporters.
874
+ */
875
+ postMessage: async (issueReportId, payload) => {
876
+ const res = await this.client.post(
877
+ `/api/v1/issue-reports/triage/${issueReportId}/messages`,
878
+ payload,
879
+ this.accessToken ? { headers: { Authorization: `Bearer ${this.accessToken}` } } : void 0
880
+ );
881
+ return this.unwrapApiResponse(res, "Failed to post triage issue report message");
882
+ },
883
+ /**
884
+ * Retract an operator-authored message. The body is retained; the row's
885
+ * state is marked `retracted`. Retracting an already-retracted message is
886
+ * a safe no-op.
887
+ */
888
+ retractMessage: async (issueReportId, messageId, payload = {}) => {
889
+ const res = await this.client.post(
890
+ `/api/v1/issue-reports/triage/${issueReportId}/messages/${messageId}/retract`,
891
+ payload,
892
+ this.accessToken ? { headers: { Authorization: `Bearer ${this.accessToken}` } } : void 0
893
+ );
894
+ return this.unwrapApiResponse(res, "Failed to retract triage issue report message");
895
+ }
812
896
  }
813
897
  };
814
898
  /**
@@ -826,6 +910,17 @@ var SPAPSClient = class _SPAPSClient {
826
910
  );
827
911
  return this.unwrapApiResponse(res, "Failed to create app link");
828
912
  },
913
+ /**
914
+ * Update a short link owned by the authenticated user.
915
+ */
916
+ update: async (username, slug, payload) => {
917
+ const res = await this.client.patch(
918
+ `/api/v1/app-links/${encodeURIComponent(username)}/${encodeURIComponent(slug)}`,
919
+ payload,
920
+ this.accessToken ? { headers: { Authorization: `Bearer ${this.accessToken}` } } : void 0
921
+ );
922
+ return this.unwrapApiResponse(res, "Failed to update app link");
923
+ },
829
924
  /**
830
925
  * Resolve a public short link for the active application.
831
926
  */
@@ -840,6 +935,58 @@ var SPAPSClient = class _SPAPSClient {
840
935
  return this.unwrapApiResponse(res, "Failed to get app link");
841
936
  }
842
937
  };
938
+ /**
939
+ * Marketing events and experiment results.
940
+ *
941
+ * Use a publishable key for browser-side event emission. Use a secret key
942
+ * from a trusted server or agent process when reading experiment results.
943
+ */
944
+ marketing = {
945
+ /**
946
+ * Emit one anonymous attribution touch or experiment exposure.
947
+ */
948
+ emit: async (payload) => {
949
+ if (payload.event_type === "experiment_exposure") {
950
+ if (!payload.experiment_id?.trim()) {
951
+ throw new Error("experiment_id is required for experiment_exposure events");
952
+ }
953
+ const variant = payload.variant_id ?? payload.variant;
954
+ if (!variant?.trim()) {
955
+ throw new Error("variant_id or variant is required for experiment_exposure events");
956
+ }
957
+ }
958
+ const res = await this.client.post("/api/marketing-events/ingest", payload);
959
+ return this.unwrapApiResponse(
960
+ res,
961
+ "Failed to emit marketing event"
962
+ );
963
+ },
964
+ /**
965
+ * Alias for emit(), matching the backend ingest endpoint language.
966
+ */
967
+ ingest: async (payload) => {
968
+ return this.marketing.emit(payload);
969
+ },
970
+ /**
971
+ * Read per-variant experiment results and the conservative stop signal.
972
+ */
973
+ getExperimentResults: async (experimentId) => {
974
+ const encodedExperimentId = encodeURIComponent(experimentId);
975
+ const res = await this.client.get(
976
+ `/api/marketing/experiments/${encodedExperimentId}/results`
977
+ );
978
+ return this.unwrapApiResponse(
979
+ res,
980
+ "Failed to get marketing experiment results"
981
+ );
982
+ },
983
+ /**
984
+ * Short alias for getExperimentResults().
985
+ */
986
+ getResults: async (experimentId) => {
987
+ return this.marketing.getExperimentResults(experimentId);
988
+ }
989
+ };
843
990
  static envVar(name) {
844
991
  if (typeof process !== "undefined" && process.env) {
845
992
  return process.env[name];
@@ -1728,6 +1875,12 @@ var SPAPSClient = class _SPAPSClient {
1728
1875
  async listUsageHistory(query = {}) {
1729
1876
  return this.usage.listHistory(query);
1730
1877
  }
1878
+ async emitMarketingEvent(payload) {
1879
+ return this.marketing.emit(payload);
1880
+ }
1881
+ async getMarketingExperimentResults(experimentId) {
1882
+ return this.marketing.getExperimentResults(experimentId);
1883
+ }
1731
1884
  // Secure Messaging Methods
1732
1885
  async createSecureMessage(payload) {
1733
1886
  const response = await this.client.post("/api/secure-messages", payload);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "spaps-sdk",
3
- "version": "1.10.1",
3
+ "version": "1.10.2",
4
4
  "description": "Sweet Potato Authentication & Payment Service SDK - Zero-config client with built-in permission checking, role-based access control, and dayrate scheduling",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -51,7 +51,7 @@
51
51
  "dependencies": {
52
52
  "axios": "^1.15.1",
53
53
  "cross-fetch": "^4.0.0",
54
- "spaps-types": "^1.4.0"
54
+ "spaps-types": "^1.4.2"
55
55
  },
56
56
  "devDependencies": {
57
57
  "@types/node": "^20.10.0",
@@ -81,4 +81,4 @@
81
81
  "engines": {
82
82
  "node": ">=14.0.0"
83
83
  }
84
- }
84
+ }