spaps-sdk 1.11.0 → 1.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.mts CHANGED
@@ -1,6 +1,6 @@
1
1
  import * as spaps_types from 'spaps-types';
2
- import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, ListProjectGrantsResponse, ProjectAccessCheckResponse, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportAttachmentOut, ListIssueReportAttachmentsResponse, IssueReportAttachmentAccessResponse, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, ListIssueReportMessagesResponse, CreateReporterMessageRequest, IssueReportMessage, CreateOperatorMessageRequest, RetractOperatorMessageRequest, CreateAppLinkRequest, AppLink, UpdateAppLinkRequest, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlFeaturesResponse, UsageControlStatusRequest, UsageControlStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
- export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreateOperatorMessageRequest, CreatePriceRequest, CreateProductRequest, CreateReporterMessageRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportAttachmentAccessResponse, IssueReportAttachmentOut, IssueReportListResult, IssueReportMessage, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, ListIssueReportAttachmentsResponse, ListIssueReportMessagesResponse, ListProjectGrantsResponse, Price, Product, ProductSyncResult, ProjectAccessCheckResponse, ProjectGrant, ProjectGrantStatus, ReplyIssueReportRequest, ResourceType, RetractOperatorMessageRequest, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateAppLinkRequest, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlFeaturesResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, UsageControlStatusRequest, UsageControlStatusResponse, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
2
+ import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CryptoReconcileResult, CreateSecureMessageRequest, SecureMessage, ListProjectGrantsResponse, ProjectAccessCheckResponse, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportAttachmentOut, ListIssueReportAttachmentsResponse, IssueReportAttachmentAccessResponse, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, ListIssueReportMessagesResponse, CreateReporterMessageRequest, IssueReportMessage, CreateOperatorMessageRequest, RetractOperatorMessageRequest, CreateAppLinkRequest, AppLink, UpdateAppLinkRequest, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlFeaturesResponse, UsageControlStatusRequest, UsageControlStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
+ export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreateOperatorMessageRequest, CreatePriceRequest, CreateProductRequest, CreateReporterMessageRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, CryptoReconcileResult, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportAttachmentAccessResponse, IssueReportAttachmentOut, IssueReportListResult, IssueReportMessage, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, ListIssueReportAttachmentsResponse, ListIssueReportMessagesResponse, ListProjectGrantsResponse, Price, Product, ProductSyncResult, ProjectAccessCheckResponse, ProjectGrant, ProjectGrantStatus, ReplyIssueReportRequest, ResourceType, RetractOperatorMessageRequest, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateAppLinkRequest, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlFeaturesResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, UsageControlStatusRequest, UsageControlStatusResponse, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
4
4
 
5
5
  /**
6
6
  * Permission checking utilities for SPAPS SDK
@@ -403,6 +403,100 @@ interface MarketingExperimentResultsResponse {
403
403
  variants: MarketingExperimentVariantResult[];
404
404
  decision: MarketingExperimentDecision;
405
405
  }
406
+ interface MfaRequiredAuthResponse {
407
+ mfa_required: true;
408
+ challenge_id: string;
409
+ challenge: string;
410
+ expires_at: string;
411
+ methods: string[];
412
+ }
413
+ type AuthMethodResponse = AuthResponse | MfaRequiredAuthResponse;
414
+ type AuthDiscoveryMethod = 'password' | 'magic_link' | 'wallet:solana' | 'wallet:ethereum' | 'wallet:base' | 'wallet:bitcoin' | 'oidc:google' | 'oidc:apple' | 'oidc:github' | 'webauthn' | 'sms';
415
+ interface AuthMethodDescriptor {
416
+ method: AuthDiscoveryMethod;
417
+ enabled: boolean;
418
+ config: Record<string, unknown>;
419
+ }
420
+ interface AuthMethodsResponse {
421
+ methods: AuthMethodDescriptor[];
422
+ }
423
+ interface OidcNonceResponse {
424
+ challenge_id: string;
425
+ nonce: string;
426
+ expires_at: string;
427
+ }
428
+ interface OidcSignInRequest {
429
+ provider: string;
430
+ id_token: string;
431
+ challenge_id: string;
432
+ username?: string;
433
+ }
434
+ interface WebAuthnOptionsResponse {
435
+ challenge_id: string;
436
+ expires_at: string;
437
+ options: Record<string, unknown>;
438
+ }
439
+ interface WebAuthnRegisterVerifyRequest {
440
+ challenge_id: string;
441
+ credential: Record<string, unknown>;
442
+ }
443
+ interface WebAuthnRegisterVerifyResponse {
444
+ credential_id: string;
445
+ relying_party_id: string;
446
+ sign_count: number;
447
+ created_at: string;
448
+ }
449
+ interface WebAuthnAssertionOptionsRequest {
450
+ email?: string;
451
+ }
452
+ interface WebAuthnAssertionVerifyRequest {
453
+ challenge_id: string;
454
+ credential: Record<string, unknown>;
455
+ }
456
+ interface MfaTotpEnrollResponse {
457
+ secret: string;
458
+ provisioning_uri: string;
459
+ issuer: string;
460
+ account_name: string;
461
+ }
462
+ interface MfaTotpActivateRequest {
463
+ code: string;
464
+ }
465
+ interface MfaTotpActivateResponse {
466
+ recovery_codes: string[];
467
+ activated_at: string;
468
+ }
469
+ interface MfaVerifyRequest {
470
+ challenge_id: string;
471
+ challenge: string;
472
+ code?: string;
473
+ recovery_code?: string;
474
+ }
475
+ interface MfaVerifyResponse extends AuthResponse {
476
+ mfa_method: string;
477
+ recovery_codes_remaining?: number | null;
478
+ }
479
+ interface MfaTotpDisableRequest {
480
+ code: string;
481
+ }
482
+ interface MfaTotpDisableResponse {
483
+ message: string;
484
+ }
485
+ interface SmsOtpRequest {
486
+ phone_number: string;
487
+ }
488
+ interface SmsOtpRequestResponse {
489
+ challenge_id: string;
490
+ expires_at: string;
491
+ message: string;
492
+ delivery_status: 'sent' | 'failed' | string;
493
+ delivery_error_code?: string | null;
494
+ }
495
+ interface SmsOtpVerifyRequest {
496
+ phone_number: string;
497
+ code: string;
498
+ challenge_id: string;
499
+ }
406
500
  interface EntitlementListParams {
407
501
  /** Filter by entitlement key */
408
502
  key?: string;
@@ -433,6 +527,254 @@ interface CurrentUserProjectAccessParams {
433
527
  /** Project entitlement key to check, such as "pds.project.viewer" */
434
528
  entitlementKey: string;
435
529
  }
530
+ interface SessionContext {
531
+ user: User$1;
532
+ entitlements: Entitlement[];
533
+ entitlements_count: number;
534
+ wallets: Array<Record<string, unknown>>;
535
+ tier?: string | null;
536
+ mfa_enrolled: boolean;
537
+ methods_hint?: string | null;
538
+ }
539
+ interface WhitelistEntry {
540
+ id?: string;
541
+ application_id?: string;
542
+ email: string;
543
+ tier?: string;
544
+ bypass_payment?: boolean;
545
+ metadata?: Record<string, unknown> | null;
546
+ created_by?: string | null;
547
+ created_at?: string;
548
+ updated_at?: string;
549
+ }
550
+ interface WhitelistCheckResponse {
551
+ entry?: WhitelistEntry | null;
552
+ message: string;
553
+ }
554
+ interface WhitelistMutationResponse {
555
+ entry: WhitelistEntry;
556
+ message: string;
557
+ }
558
+ interface WhitelistBulkEntry {
559
+ email: string;
560
+ tier?: string;
561
+ metadata?: Record<string, unknown> | null;
562
+ }
563
+ interface WhitelistBulkAddRequest {
564
+ emails: WhitelistBulkEntry[];
565
+ }
566
+ interface WhitelistBulkFailedEntry {
567
+ email: string;
568
+ error: string;
569
+ }
570
+ interface WhitelistBulkAddResponse {
571
+ message: string;
572
+ successful: WhitelistEntry[];
573
+ failed: WhitelistBulkFailedEntry[];
574
+ total: number;
575
+ }
576
+ interface WhitelistListParams {
577
+ limit?: number;
578
+ offset?: number;
579
+ tier?: string;
580
+ }
581
+ interface WhitelistListResponse {
582
+ entries: WhitelistEntry[];
583
+ total: number;
584
+ }
585
+ interface WhitelistStatsResponse {
586
+ stats: {
587
+ enabled: boolean;
588
+ total: number;
589
+ tierBreakdown: Array<{
590
+ tier: string;
591
+ count: number;
592
+ }>;
593
+ };
594
+ }
595
+ interface WhitelistAddRequest {
596
+ email: string;
597
+ tier?: string;
598
+ bypass_payment?: boolean;
599
+ metadata?: Record<string, unknown> | null;
600
+ }
601
+ interface WhitelistUpdateRequest {
602
+ tier?: string;
603
+ bypass_payment?: boolean;
604
+ metadata?: Record<string, unknown> | null;
605
+ }
606
+ interface BatchEmailsResponse {
607
+ emails: Record<string, string | null>;
608
+ total: number;
609
+ with_email: number;
610
+ }
611
+ interface UserBatchInfo {
612
+ email?: string | null;
613
+ active_entitlements?: Array<Record<string, unknown>> | null;
614
+ upcoming_bookings?: Array<Record<string, unknown>> | null;
615
+ }
616
+ interface BatchUsersResponse {
617
+ users: Record<string, UserBatchInfo>;
618
+ }
619
+ type MembershipStatus = 'active' | 'pending' | 'removed';
620
+ interface Membership {
621
+ id: string;
622
+ user_id: string;
623
+ email?: string | null;
624
+ application_id: string;
625
+ status: MembershipStatus;
626
+ permissions?: Record<string, unknown> | null;
627
+ capabilities: Record<string, unknown>;
628
+ metadata?: Record<string, unknown> | null;
629
+ created_at?: string | null;
630
+ updated_at?: string | null;
631
+ removed_at?: string | null;
632
+ }
633
+ interface MembershipInvitation {
634
+ id: string;
635
+ email: string;
636
+ application_id: string;
637
+ status: 'pending';
638
+ permissions?: Record<string, unknown> | null;
639
+ capabilities: Record<string, unknown>;
640
+ metadata?: Record<string, unknown> | null;
641
+ created_at?: string | null;
642
+ updated_at?: string | null;
643
+ }
644
+ interface ListMembershipsResponse {
645
+ memberships: Membership[];
646
+ invitations: MembershipInvitation[];
647
+ }
648
+ interface MembershipMutationRequest {
649
+ user_id?: string;
650
+ email?: string;
651
+ permissions?: Record<string, unknown> | null;
652
+ capabilities?: Record<string, unknown>;
653
+ metadata?: Record<string, unknown> | null;
654
+ }
655
+ interface MembershipMutationResponse {
656
+ result: 'created' | 'reactivated' | 'updated' | 'noop' | 'invited';
657
+ membership?: Membership | null;
658
+ invitation?: MembershipInvitation | null;
659
+ }
660
+ interface MembershipRemoveResponse {
661
+ user_id: string;
662
+ application_id: string;
663
+ status: 'removed';
664
+ removed_at?: string | null;
665
+ }
666
+ interface AccountDeletionResponse {
667
+ user_id: string;
668
+ deleted_at: string;
669
+ already_deleted: boolean;
670
+ revoked_refresh_tokens: number;
671
+ scrubbed_linked_identities: number;
672
+ removed_memberships: number;
673
+ }
674
+ interface ListMembershipsParams {
675
+ status?: string;
676
+ limit?: number;
677
+ offset?: number;
678
+ cursor?: string;
679
+ }
680
+ interface SupportActor {
681
+ type: string;
682
+ id?: string | null;
683
+ }
684
+ interface SupportCaseSummary {
685
+ id: string;
686
+ application_id: string;
687
+ external_case_ref?: string | null;
688
+ title?: string | null;
689
+ status: string;
690
+ priority: string;
691
+ highest_severity: string;
692
+ assigned_to_user_id?: string | null;
693
+ first_event_at: string;
694
+ last_event_at: string;
695
+ resolved_at?: string | null;
696
+ created_at: string;
697
+ updated_at: string;
698
+ }
699
+ interface SupportCaseEvent {
700
+ id: string;
701
+ case_id: string;
702
+ event_key: string;
703
+ source_channel: string;
704
+ event_type: string;
705
+ severity: string;
706
+ actor: SupportActor;
707
+ correlation_id?: string | null;
708
+ occurred_at: string;
709
+ received_at: string;
710
+ payload: Record<string, unknown>;
711
+ }
712
+ interface SupportTelemetryIngestRequest {
713
+ event_key: string;
714
+ occurred_at: string;
715
+ source_channel: string;
716
+ event_type: string;
717
+ severity: string;
718
+ actor: SupportActor;
719
+ payload: Record<string, unknown>;
720
+ application_id?: string | null;
721
+ correlation_id?: string | null;
722
+ external_case_ref?: string | null;
723
+ title?: string | null;
724
+ }
725
+ interface SupportTelemetryIngestResponse {
726
+ event_id: string;
727
+ case_id: string;
728
+ created_case: boolean;
729
+ deduplicated: boolean;
730
+ case_status: string;
731
+ }
732
+ interface SupportTelemetryListCasesParams {
733
+ application_id?: string;
734
+ status?: string;
735
+ priority?: string;
736
+ severity_gte?: string;
737
+ assigned_to_user_id?: string;
738
+ limit?: number;
739
+ offset?: number;
740
+ }
741
+ interface SupportTelemetryListCasesResponse {
742
+ items: SupportCaseSummary[];
743
+ total: number;
744
+ }
745
+ interface SupportTelemetryCaseDetailResponse {
746
+ case: SupportCaseSummary;
747
+ events: SupportCaseEvent[];
748
+ event_total: number;
749
+ }
750
+ interface SupportTelemetryPatchCaseRequest {
751
+ status?: string;
752
+ priority?: string;
753
+ assigned_to_user_id?: string | null;
754
+ resolution_note?: string | null;
755
+ }
756
+ interface SupportTelemetryPatchCaseResponse {
757
+ case: {
758
+ id: string;
759
+ status: string;
760
+ priority: string;
761
+ assigned_to_user_id?: string | null;
762
+ resolved_at?: string | null;
763
+ updated_at: string;
764
+ };
765
+ }
766
+ interface SupportTelemetryCaseByExternalResponse {
767
+ case: {
768
+ id: string;
769
+ application_id: string;
770
+ external_case_ref?: string | null;
771
+ status: string;
772
+ priority: string;
773
+ assigned_to_user_id?: string | null;
774
+ resolved_at?: string | null;
775
+ updated_at: string;
776
+ };
777
+ }
436
778
  type SupportedIssueReportScope = Extract<IssueReportScope, 'mine'>;
437
779
  interface IssueReportListParams {
438
780
  status?: IssueReportStatus;
@@ -444,13 +786,59 @@ interface IssueReportStatusParams {
444
786
  scope?: SupportedIssueReportScope;
445
787
  }
446
788
  interface IssueReportAttachmentUploadOptions {
789
+ /**
790
+ * Optional filename to send in the multipart `file` part. File objects keep
791
+ * their own name when this is omitted.
792
+ */
447
793
  filename?: string;
448
794
  }
795
+ declare const ISSUE_REPORT_ATTACHMENT_ALLOWED_MIME_TYPES: readonly ["image/png", "image/jpeg", "image/webp"];
796
+ type IssueReportAttachmentMimeType = typeof ISSUE_REPORT_ATTACHMENT_ALLOWED_MIME_TYPES[number];
797
+ declare const ISSUE_REPORT_ATTACHMENT_MAX_BYTES: number;
798
+ declare const ISSUE_REPORT_ATTACHMENT_MAX_RETAINED = 5;
449
799
  declare class X402PaymentRequiredSDKError extends Error {
450
800
  readonly paymentRequiredHeader: string;
451
801
  readonly response: unknown;
452
802
  constructor(paymentRequiredHeader: string, response: unknown);
453
803
  }
804
+ interface SPAPSSDKErrorOptions {
805
+ message: string;
806
+ code?: string;
807
+ status?: number;
808
+ details?: unknown;
809
+ requestId?: string;
810
+ diagnostics?: SPAPSErrorDiagnostic[];
811
+ remediations?: SPAPSErrorRemediation[];
812
+ }
813
+ interface SPAPSErrorDiagnostic {
814
+ code: string;
815
+ message: string;
816
+ status?: number | null;
817
+ details?: unknown;
818
+ }
819
+ interface SPAPSErrorRemediation {
820
+ kind: string;
821
+ label?: string | null;
822
+ method?: string | null;
823
+ path?: string | null;
824
+ cli?: string | null;
825
+ requires?: string[];
826
+ details?: unknown;
827
+ command_template?: string | null;
828
+ safe_to_execute?: boolean | null;
829
+ operator_gate_required?: boolean | null;
830
+ }
831
+ declare class SPAPSSDKError extends Error {
832
+ readonly code?: string;
833
+ readonly status?: number;
834
+ readonly statusCode?: number;
835
+ readonly details?: unknown;
836
+ readonly requestId?: string;
837
+ readonly request_id?: string;
838
+ readonly diagnostics: SPAPSErrorDiagnostic[];
839
+ readonly remediations: SPAPSErrorRemediation[];
840
+ constructor(options: SPAPSSDKErrorOptions);
841
+ }
454
842
  interface X402ExecuteActionOptions {
455
843
  paymentSignature?: string;
456
844
  target: string;
@@ -466,6 +854,284 @@ interface X402VerifyHandoffOptions {
466
854
  resourceKey: string;
467
855
  actionKey: string;
468
856
  }
857
+ type CapabilityDecisionOutcome = 'allowed' | 'needs_login' | 'needs_entitlement' | 'needs_payment' | 'needs_approval' | 'usage_limited' | 'policy_denied' | 'unknown_resource' | 'blocked';
858
+ type PreparedCapabilityActionStatus = CapabilityDecisionOutcome | 'ready';
859
+ type CapabilityGraphRowStatus = 'active' | 'stale' | 'tombstoned';
860
+ type PreparedCapabilitySideEffect = 'none' | 'read' | 'mutation' | 'unknown';
861
+ type CapabilityActionEnvironment = 'local' | 'development' | 'staging' | 'production';
862
+ interface CapabilityDecisionActor {
863
+ actor_type?: string;
864
+ actor_ref?: string;
865
+ user_id?: string;
866
+ email?: string;
867
+ agent_id?: string;
868
+ wallet_addresses?: string[];
869
+ authenticated?: boolean;
870
+ metadata?: Record<string, unknown>;
871
+ }
872
+ interface CapabilityDecisionResource {
873
+ resource_type: string;
874
+ resource_ref: string;
875
+ resource_id?: string;
876
+ resource_key?: string;
877
+ metadata?: Record<string, unknown>;
878
+ }
879
+ interface CapabilityControlHints {
880
+ entitlement_key?: string;
881
+ entitlement_resource_type?: string;
882
+ entitlement_resource_id?: string;
883
+ policy_name?: string;
884
+ policy_context?: Record<string, unknown>;
885
+ usage_feature_key?: string;
886
+ usage_dimensions?: Record<string, number>;
887
+ x402_resource_key?: string;
888
+ approval_id?: string;
889
+ approval_required?: boolean;
890
+ authority_scope?: string;
891
+ }
892
+ interface AccessDecisionRequest {
893
+ actor: CapabilityDecisionActor;
894
+ action: string;
895
+ resource: CapabilityDecisionResource;
896
+ controls?: CapabilityControlHints;
897
+ idempotency_key?: string;
898
+ correlation_id?: string;
899
+ context?: Record<string, unknown>;
900
+ expires_at?: string;
901
+ }
902
+ interface CapabilityDecisionReason {
903
+ code: string;
904
+ message: string;
905
+ details?: Record<string, unknown>;
906
+ }
907
+ interface CapabilityDecisionFact {
908
+ node_key?: string | null;
909
+ node_type?: string | null;
910
+ label?: string | null;
911
+ source_domain: string;
912
+ source_ref?: string | null;
913
+ details?: Record<string, unknown>;
914
+ }
915
+ interface CapabilityDecisionNextAction {
916
+ kind: string;
917
+ label?: string | null;
918
+ method?: string | null;
919
+ path?: string | null;
920
+ cli?: string | null;
921
+ requires?: string[];
922
+ details?: Record<string, unknown>;
923
+ }
924
+ interface CapabilityDecisionSource {
925
+ kind: string;
926
+ ref: string;
927
+ url?: string | null;
928
+ }
929
+ interface AccessDecisionResponse {
930
+ allowed: boolean;
931
+ outcome: CapabilityDecisionOutcome;
932
+ decision_trace_id: string;
933
+ decision_key: string;
934
+ reasons: CapabilityDecisionReason[];
935
+ facts: CapabilityDecisionFact[];
936
+ next_actions: CapabilityDecisionNextAction[];
937
+ sources: CapabilityDecisionSource[];
938
+ }
939
+ interface ActionPreparationRequest {
940
+ access: AccessDecisionRequest;
941
+ include_command_templates?: boolean;
942
+ operator_labels?: string[];
943
+ environment?: CapabilityActionEnvironment;
944
+ }
945
+ interface PreparedCapabilityNextAction extends CapabilityDecisionNextAction {
946
+ side_effect: PreparedCapabilitySideEffect;
947
+ safe_to_execute: boolean;
948
+ operator_gate_required: boolean;
949
+ command_template?: string | null;
950
+ }
951
+ interface PreparedCapabilityExecution {
952
+ ready: boolean;
953
+ side_effect: PreparedCapabilitySideEffect;
954
+ safe_to_execute: boolean;
955
+ operator_gate_required: boolean;
956
+ required_authorizations: string[];
957
+ warnings: string[];
958
+ }
959
+ interface ActionPreparationResponse {
960
+ status: PreparedCapabilityActionStatus;
961
+ allowed: boolean;
962
+ decision_trace_id: string;
963
+ decision_key: string;
964
+ action: string;
965
+ resource_type: string;
966
+ resource_ref: string;
967
+ execution: PreparedCapabilityExecution;
968
+ reasons: CapabilityDecisionReason[];
969
+ facts: CapabilityDecisionFact[];
970
+ next_actions: PreparedCapabilityNextAction[];
971
+ sources: CapabilityDecisionSource[];
972
+ }
973
+ interface PersistedDecisionTraceStep {
974
+ id: string;
975
+ step_order: number;
976
+ step_name: string;
977
+ status: string;
978
+ source_domain: string;
979
+ source_ref?: string | null;
980
+ graph_node_keys: string[];
981
+ graph_edge_keys: string[];
982
+ elapsed_ms: number;
983
+ inputs: Record<string, unknown>;
984
+ outputs: Record<string, unknown>;
985
+ created_at: string;
986
+ }
987
+ interface PersistedDecisionTrace {
988
+ id: string;
989
+ application_id: string;
990
+ decision_key: string;
991
+ idempotency_key?: string | null;
992
+ actor_type: string;
993
+ actor_ref: string;
994
+ action: string;
995
+ resource_type: string;
996
+ resource_ref: string;
997
+ allowed: boolean;
998
+ outcome: CapabilityDecisionOutcome;
999
+ authority_scope: string;
1000
+ correlation_id?: string | null;
1001
+ request_hash: string;
1002
+ reasons: Record<string, unknown>[];
1003
+ facts: Record<string, unknown>[];
1004
+ next_actions: Record<string, unknown>[];
1005
+ sources: Record<string, unknown>[];
1006
+ redaction_profile: string;
1007
+ expires_at?: string | null;
1008
+ created_at: string;
1009
+ steps: PersistedDecisionTraceStep[];
1010
+ }
1011
+ interface GraphExplainResponse {
1012
+ decision: PersistedDecisionTrace;
1013
+ graph_node_keys: string[];
1014
+ graph_edge_keys: string[];
1015
+ }
1016
+ interface CapabilityGraphNode {
1017
+ id: string;
1018
+ node_key: string;
1019
+ node_type: string;
1020
+ label: string;
1021
+ source_domain: string;
1022
+ source_ref: string;
1023
+ status: CapabilityGraphRowStatus;
1024
+ metadata: Record<string, unknown>;
1025
+ observed_at: string;
1026
+ source_updated_at?: string | null;
1027
+ stale_after?: string | null;
1028
+ projection_run_id?: string | null;
1029
+ created_at: string;
1030
+ updated_at: string;
1031
+ }
1032
+ interface CapabilityGraphProjectionStatus {
1033
+ projection_run_id?: string | null;
1034
+ projection_status: string;
1035
+ observed_at?: string | null;
1036
+ graph_hash?: string | null;
1037
+ node_count: number;
1038
+ edge_count: number;
1039
+ stale_node_count: number;
1040
+ stale_edge_count: number;
1041
+ degraded: boolean;
1042
+ reason?: string | null;
1043
+ }
1044
+ interface CapabilityGraphNodesQuery {
1045
+ node_type?: string;
1046
+ status?: CapabilityGraphRowStatus | string;
1047
+ q?: string;
1048
+ cursor?: string;
1049
+ limit?: number;
1050
+ application_id?: string;
1051
+ }
1052
+ interface CapabilityGraphNodesResponse {
1053
+ nodes: CapabilityGraphNode[];
1054
+ count: number;
1055
+ next_cursor?: string | null;
1056
+ projection?: CapabilityGraphProjectionStatus | null;
1057
+ }
1058
+ interface CapabilityGraphPathsQuery {
1059
+ from_node_key: string;
1060
+ to_node_key: string;
1061
+ max_depth?: number;
1062
+ limit?: number;
1063
+ include_stale?: boolean;
1064
+ application_id?: string;
1065
+ }
1066
+ interface CapabilityGraphPath {
1067
+ node_keys: string[];
1068
+ edge_keys: string[];
1069
+ }
1070
+ interface CapabilityGraphPathsResponse {
1071
+ paths: CapabilityGraphPath[];
1072
+ count: number;
1073
+ projection?: CapabilityGraphProjectionStatus | null;
1074
+ }
1075
+ interface CapabilityGraphImpactQuery {
1076
+ node_key: string;
1077
+ max_depth?: number;
1078
+ limit?: number;
1079
+ include_stale?: boolean;
1080
+ application_id?: string;
1081
+ }
1082
+ interface CapabilityGraphImpactResponse {
1083
+ start_node_key: string;
1084
+ impacted_node_keys: string[];
1085
+ impacted_edge_keys: string[];
1086
+ counts_by_node_type: Record<string, number>;
1087
+ risk_flags: string[];
1088
+ projection?: CapabilityGraphProjectionStatus | null;
1089
+ }
1090
+ interface CapabilityGraphRefreshSourceTiming {
1091
+ source: string;
1092
+ row_count: number;
1093
+ node_count: number;
1094
+ edge_count: number;
1095
+ elapsed_ms: number;
1096
+ }
1097
+ interface CapabilityGraphRefreshPhase2Gate {
1098
+ scale_factor: number;
1099
+ projected_total_elapsed_ms: number;
1100
+ total_threshold_ms: number;
1101
+ projected_slowest_source_elapsed_ms: number;
1102
+ source_threshold_ms: number;
1103
+ recommendation: 'full_refresh_ok' | 'investigate_incremental';
1104
+ }
1105
+ interface CapabilityGraphRefreshDiagnostics {
1106
+ total_elapsed_ms: number;
1107
+ source_timings: CapabilityGraphRefreshSourceTiming[];
1108
+ phase2_gate?: CapabilityGraphRefreshPhase2Gate | null;
1109
+ }
1110
+ interface CapabilityGraphRefreshResponse {
1111
+ projection_run_id: string;
1112
+ status: string;
1113
+ node_count: number;
1114
+ edge_count: number;
1115
+ observation_count: number;
1116
+ stale_node_count: number;
1117
+ stale_edge_count: number;
1118
+ diagnostics: CapabilityGraphRefreshDiagnostics;
1119
+ }
1120
+ interface CapabilityGraphContractResponse {
1121
+ version: string;
1122
+ endpoints: Array<Record<string, unknown>>;
1123
+ decision_outcomes: CapabilityDecisionOutcome[];
1124
+ prepared_action_statuses: PreparedCapabilityActionStatus[];
1125
+ graph_row_statuses: CapabilityGraphRowStatus[];
1126
+ graph_node_types?: string[];
1127
+ graph_edge_types?: string[];
1128
+ graph_source_domains?: string[];
1129
+ source_domain_notes?: Record<string, string>;
1130
+ error_codes?: Array<Record<string, unknown>>;
1131
+ cli?: Record<string, unknown>;
1132
+ sdk_helpers?: Record<string, string[]>;
1133
+ docs?: Array<Record<string, unknown>>;
1134
+ }
469
1135
  type SkillEvalDisclosurePolicy = 'blind_then_controlled_reveal';
470
1136
  type SkillEvalEligibilitySource = 'admin_assigned' | 'entitlement' | 'policy_import' | 'manual_override';
471
1137
  type SkillEvalConfidence = 'low' | 'medium' | 'high';
@@ -715,9 +1381,15 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
715
1381
  private unwrapApiResponse;
716
1382
  private skillEvalMutationConfig;
717
1383
  private requireCurrentUserIdFromAccessToken;
1384
+ private requireAccessToken;
1385
+ private authConfig;
718
1386
  private isAxiosResponse;
719
1387
  private isResponseLikeWithData;
720
1388
  private isApiResponse;
1389
+ private static isMfaRequiredAuthResponse;
1390
+ private normalizeAuthPayload;
1391
+ private storeAuthTokens;
1392
+ private unwrapAuthMethodResponse;
721
1393
  private static isSdkManagedHeader;
722
1394
  private static hasHeader;
723
1395
  private static setHeader;
@@ -730,13 +1402,7 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
730
1402
  updateProduct: (productId: string, updates: UpdateProductRequest) => Promise<{
731
1403
  data: Product;
732
1404
  }>;
733
- deleteProduct: (productId: string) => Promise<{
734
- data: {
735
- id: string;
736
- active: boolean;
737
- archived: boolean;
738
- };
739
- }>;
1405
+ deleteProduct: (productId: string) => Promise<void>;
740
1406
  createPrice: (priceData: CreatePriceRequest) => Promise<{
741
1407
  data: Price;
742
1408
  }>;
@@ -750,11 +1416,7 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
750
1416
  adminMetadata?: any;
751
1417
  };
752
1418
  }>;
753
- triggerCryptoReconcile: (opts?: CryptoReconcileRequest) => Promise<{
754
- job_id: string;
755
- scheduled_at: string;
756
- cursor?: Record<string, unknown>;
757
- }>;
1419
+ triggerCryptoReconcile: (opts?: CryptoReconcileRequest) => Promise<CryptoReconcileResult>;
758
1420
  };
759
1421
  secureMessages: {
760
1422
  create: (payload: CreateSecureMessageRequest<SecureMessageMetadata>) => Promise<SecureMessage<SecureMessageMetadata>>;
@@ -925,6 +1587,55 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
925
1587
  track?: boolean;
926
1588
  }) => Promise<AppLink>;
927
1589
  };
1590
+ /**
1591
+ * Application email whitelist helpers.
1592
+ *
1593
+ * `check` is API-key scoped. Mutations and admin reads require an
1594
+ * authenticated admin JWT plus the configured API key.
1595
+ */
1596
+ whitelist: {
1597
+ check: (email: string) => Promise<WhitelistCheckResponse>;
1598
+ add: (payload: WhitelistAddRequest) => Promise<WhitelistMutationResponse>;
1599
+ bulkAdd: (payload: WhitelistBulkAddRequest) => Promise<WhitelistBulkAddResponse>;
1600
+ list: (params?: WhitelistListParams) => Promise<WhitelistListResponse>;
1601
+ update: (email: string, payload: WhitelistUpdateRequest) => Promise<WhitelistMutationResponse>;
1602
+ stats: () => Promise<WhitelistStatsResponse>;
1603
+ clear: () => Promise<void>;
1604
+ remove: (email: string) => Promise<void>;
1605
+ };
1606
+ /**
1607
+ * User lookup and app membership administration helpers.
1608
+ */
1609
+ users: {
1610
+ getEmailsBatch: (userIds: string[]) => Promise<BatchEmailsResponse>;
1611
+ getUsersBatch: (userIds: string[]) => Promise<BatchUsersResponse>;
1612
+ memberships: {
1613
+ list: (params?: ListMembershipsParams) => Promise<ListMembershipsResponse>;
1614
+ add: (payload: MembershipMutationRequest) => Promise<MembershipMutationResponse>;
1615
+ remove: (userId: string) => Promise<MembershipRemoveResponse>;
1616
+ deleteAccount: (userId: string, params?: {
1617
+ confirm_forfeit_active_access?: boolean;
1618
+ }) => Promise<AccountDeletionResponse>;
1619
+ };
1620
+ };
1621
+ /**
1622
+ * Trusted-service support telemetry helpers.
1623
+ *
1624
+ * These endpoints require a secret API key. Case lifecycle patching also
1625
+ * requires a super-admin JWT.
1626
+ */
1627
+ supportTelemetry: {
1628
+ ingestEvent: (payload: SupportTelemetryIngestRequest) => Promise<SupportTelemetryIngestResponse>;
1629
+ listCases: (params?: SupportTelemetryListCasesParams) => Promise<SupportTelemetryListCasesResponse>;
1630
+ getCase: (caseId: string, params?: {
1631
+ event_limit?: number;
1632
+ event_offset?: number;
1633
+ }) => Promise<SupportTelemetryCaseDetailResponse>;
1634
+ patchCase: (caseId: string, payload: SupportTelemetryPatchCaseRequest) => Promise<SupportTelemetryPatchCaseResponse>;
1635
+ getCaseByExternalRef: (externalCaseRef: string, params?: {
1636
+ application_id?: string;
1637
+ }) => Promise<SupportTelemetryCaseByExternalResponse>;
1638
+ };
928
1639
  /**
929
1640
  * Marketing events and experiment results.
930
1641
  *
@@ -979,7 +1690,10 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
979
1690
  getUser(): Promise<{
980
1691
  data: User$1;
981
1692
  }>;
1693
+ getSessionContext(): Promise<SessionContext>;
982
1694
  auth: {
1695
+ getMethods: () => Promise<AuthMethodsResponse>;
1696
+ getSessionContext: () => Promise<SessionContext>;
983
1697
  /**
984
1698
  * Verify magic link token without mutating token state.
985
1699
  * Returns a simple success object from the API.
@@ -991,12 +1705,16 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
991
1705
  message: string;
992
1706
  chain_type?: "solana" | "ethereum" | "bitcoin" | "base";
993
1707
  username?: string;
994
- }) => Promise<any>;
995
- authenticateWallet: (walletAddress: string, signFn: (message: string) => Promise<string> | string, chainType?: "solana" | "ethereum" | "bitcoin" | "base", username?: string) => Promise<any>;
1708
+ }) => Promise<AuthMethodResponse>;
1709
+ authenticateWallet: (walletAddress: string, signFn: (message: string) => Promise<string> | string, chainType?: "solana" | "ethereum" | "bitcoin" | "base", username?: string) => Promise<AuthMethodResponse>;
996
1710
  signInWithPassword: (payload: {
997
1711
  email: string;
998
1712
  password: string;
999
- }) => Promise<any>;
1713
+ }) => Promise<AuthMethodResponse>;
1714
+ login: (payload: {
1715
+ email: string;
1716
+ password: string;
1717
+ }) => Promise<AuthMethodResponse>;
1000
1718
  requestMagicLink: (payload: {
1001
1719
  email: string;
1002
1720
  redirect_url?: string;
@@ -1020,6 +1738,10 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1020
1738
  }) => Promise<{
1021
1739
  message: string;
1022
1740
  }>;
1741
+ deleteCurrentAccount: (payload: {
1742
+ password: string;
1743
+ confirm_forfeit_active_access?: boolean;
1744
+ }) => Promise<AccountDeletionResponse>;
1023
1745
  register: (payload: {
1024
1746
  email: string;
1025
1747
  password: string;
@@ -1031,7 +1753,30 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1031
1753
  verifyMagicLink: (payload: {
1032
1754
  token: string;
1033
1755
  type?: string;
1034
- }) => Promise<AuthResponse>;
1756
+ state?: string;
1757
+ }) => Promise<AuthMethodResponse>;
1758
+ oidc: {
1759
+ getNonce: () => Promise<OidcNonceResponse>;
1760
+ signIn: (payload: OidcSignInRequest) => Promise<AuthMethodResponse>;
1761
+ };
1762
+ webauthn: {
1763
+ registerOptions: () => Promise<WebAuthnOptionsResponse>;
1764
+ registerVerify: (payload: WebAuthnRegisterVerifyRequest) => Promise<WebAuthnRegisterVerifyResponse>;
1765
+ assertionOptions: (payload?: WebAuthnAssertionOptionsRequest) => Promise<WebAuthnOptionsResponse>;
1766
+ assertionVerify: (payload: WebAuthnAssertionVerifyRequest) => Promise<AuthMethodResponse>;
1767
+ };
1768
+ mfa: {
1769
+ totp: {
1770
+ enroll: () => Promise<MfaTotpEnrollResponse>;
1771
+ activate: (payload: MfaTotpActivateRequest) => Promise<MfaTotpActivateResponse>;
1772
+ disable: (payload: MfaTotpDisableRequest) => Promise<MfaTotpDisableResponse>;
1773
+ };
1774
+ verify: (payload: MfaVerifyRequest) => Promise<MfaVerifyResponse>;
1775
+ };
1776
+ sms: {
1777
+ request: (payload: SmsOtpRequest) => Promise<SmsOtpRequestResponse>;
1778
+ verify: (payload: SmsOtpVerifyRequest) => Promise<AuthMethodResponse>;
1779
+ };
1035
1780
  solana: {
1036
1781
  linkWallet: (payload: {
1037
1782
  wallet_address: string;
@@ -1084,11 +1829,7 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1084
1829
  createInvoice: (payload: CreateCryptoInvoiceRequest) => Promise<spaps_types.CryptoInvoice>;
1085
1830
  getInvoice: (invoiceId: string) => Promise<spaps_types.CryptoInvoice>;
1086
1831
  getInvoiceStatus: (invoiceId: string) => Promise<CryptoInvoiceStatusSnapshot>;
1087
- reconcile: (options?: CryptoReconcileRequest) => Promise<{
1088
- job_id: string;
1089
- scheduled_at: string;
1090
- cursor?: Record<string, unknown>;
1091
- }>;
1832
+ reconcile: (options?: CryptoReconcileRequest) => Promise<CryptoReconcileResult>;
1092
1833
  };
1093
1834
  createCheckoutSession: (payload: CreateCheckoutSessionPayload) => Promise<CheckoutSession>;
1094
1835
  createPaymentCheckout: (params: {
@@ -1152,7 +1893,7 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1152
1893
  }) => Promise<any>;
1153
1894
  listAllProductsSuperAdmin: () => Promise<any>;
1154
1895
  updateProductSuperAdmin: (productId: string, updates: any) => Promise<any>;
1155
- deleteProductSuperAdmin: (productId: string) => Promise<any>;
1896
+ deleteProductSuperAdmin: (productId: string) => Promise<void>;
1156
1897
  createProductWithPrice: (payload: any) => Promise<any>;
1157
1898
  createProductWithPriceSuperAdmin: (applicationId: string, payload: any) => Promise<any>;
1158
1899
  setDefaultPrice: (productId: string, payload: {
@@ -1164,7 +1905,7 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1164
1905
  createDefaultNewPrice: (productId: string, payload: any) => Promise<any>;
1165
1906
  superAdminListAllProducts: () => Promise<any>;
1166
1907
  superAdminUpdateProduct: (productId: string, updates: any) => Promise<any>;
1167
- superAdminArchiveProduct: (productId: string) => Promise<any>;
1908
+ superAdminArchiveProduct: (productId: string) => Promise<void>;
1168
1909
  superAdminCreateProductWithPrice: (applicationId: string, payload: any) => Promise<any>;
1169
1910
  superAdminCreatePriceAndSetDefault: (productId: string, payload: any) => Promise<any>;
1170
1911
  superAdminSetDefaultPrice: (productId: string, payload: {
@@ -1178,8 +1919,8 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1178
1919
  starting_after?: string;
1179
1920
  }) => Promise<any>;
1180
1921
  validate: () => Promise<any>;
1181
- revoke: (sessionId: string) => Promise<any>;
1182
- revokeAll: () => Promise<any>;
1922
+ revoke: (sessionId: string) => Promise<void>;
1923
+ revokeAll: () => Promise<void>;
1183
1924
  touch: () => Promise<any>;
1184
1925
  };
1185
1926
  /**
@@ -1311,6 +2052,35 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1311
2052
  */
1312
2053
  listHistory: (query?: UsageControlHistoryRequest) => Promise<UsageControlHistoryResponse>;
1313
2054
  };
2055
+ /**
2056
+ * Agent-oriented access decisions and action preparation.
2057
+ *
2058
+ * `check` intentionally resolves for denied decisions; inspect
2059
+ * `allowed`, `outcome`, and `next_actions` to decide what to do next.
2060
+ */
2061
+ access: {
2062
+ check: (payload: AccessDecisionRequest) => Promise<AccessDecisionResponse>;
2063
+ decide: (payload: AccessDecisionRequest) => Promise<AccessDecisionResponse>;
2064
+ prepareAction: (payload: ActionPreparationRequest) => Promise<ActionPreparationResponse>;
2065
+ getDecision: (decisionTraceId: string) => Promise<PersistedDecisionTrace>;
2066
+ explain: (decisionTraceId: string) => Promise<GraphExplainResponse>;
2067
+ };
2068
+ /**
2069
+ * Capability graph inspection helpers. These require a secret key.
2070
+ */
2071
+ graph: {
2072
+ listNodes: (query?: CapabilityGraphNodesQuery) => Promise<CapabilityGraphNodesResponse>;
2073
+ getPaths: (query: CapabilityGraphPathsQuery) => Promise<CapabilityGraphPathsResponse>;
2074
+ getImpact: (query: CapabilityGraphImpactQuery) => Promise<CapabilityGraphImpactResponse>;
2075
+ explain: (decisionTraceId: string) => Promise<GraphExplainResponse>;
2076
+ refresh: (correlationId?: string, applicationId?: string) => Promise<CapabilityGraphRefreshResponse>;
2077
+ };
2078
+ /**
2079
+ * Machine-readable capability graph contract for agents and SDK adapters.
2080
+ */
2081
+ contract: {
2082
+ get: () => Promise<CapabilityGraphContractResponse>;
2083
+ };
1314
2084
  createCheckoutSession(priceId: string, successUrl: string, cancelUrl?: string): Promise<{
1315
2085
  data: CheckoutSession;
1316
2086
  }>;
@@ -1361,13 +2131,7 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1361
2131
  /**
1362
2132
  * Archive (soft delete) a Stripe product (Admin required)
1363
2133
  */
1364
- deleteProduct(productId: string): Promise<{
1365
- data: {
1366
- id: string;
1367
- active: boolean;
1368
- archived: boolean;
1369
- };
1370
- }>;
2134
+ deleteProduct(productId: string): Promise<void>;
1371
2135
  /**
1372
2136
  * Create a new price for a product (Admin required)
1373
2137
  */
@@ -1459,6 +2223,15 @@ interface SPAPSEnvelope<T = unknown> {
1459
2223
  message: string;
1460
2224
  details?: unknown;
1461
2225
  };
2226
+ request_id?: string;
2227
+ timestamp?: string;
2228
+ metadata?: {
2229
+ request_id?: string;
2230
+ timestamp?: string;
2231
+ [key: string]: unknown;
2232
+ };
2233
+ diagnostics?: SPAPSErrorDiagnostic[];
2234
+ remediations?: SPAPSErrorRemediation[];
1462
2235
  }
1463
2236
  declare function isEnvelope(value: unknown): value is SPAPSEnvelope;
1464
2237
  declare function isSuccessEnvelope<T = unknown>(value: unknown): value is SPAPSEnvelope<T> & {
@@ -1509,4 +2282,4 @@ declare function createServerClient(secretKey: string, options?: Omit<SPAPSConfi
1509
2282
  */
1510
2283
  declare function detectKeyType(key: string): ApiKeyType | null;
1511
2284
 
1512
- export { type AdminConfig, type ApiKeyType, type CheckoutLineItem, type CheckoutLineItemPriceData, type CreateCheckoutSessionPayload, type CreateSkillEvalCaseRequest, type CreateSkillEvalGovernanceSnapshotRequest, type CurrentUserProjectAccessParams, type CurrentUserProjectGrantListParams, DEFAULT_ADMIN_ACCOUNTS, type EmailSendOptions, type EmailSendResult, type EmailTemplate, type EmailTemplatePreview, type EntitlementCheckResult, type EntitlementListParams, type FeatureContext, type FeatureDefinition, FeatureEvaluator, type HeaderProvider, type ImportSkillEvalGovernanceOutcomeRequest, type IssueReportAttachmentUploadOptions, type IssueReportListParams, type IssueReportStatusParams, type MarketingEventIngestRequest, type MarketingEventIngestResponse, type MarketingEventType, type MarketingExperimentDecision, type MarketingExperimentEffectDecision, type MarketingExperimentMinSampleDecision, type MarketingExperimentRecommendation, type MarketingExperimentResultsResponse, type MarketingExperimentSrmDecision, type MarketingExperimentSrmStatus, type MarketingExperimentVariantResult, type PermissionCheckResult, PermissionChecker, type RespondToSkillEvalReviewRequest, type RevealSkillEvalEvidenceRequest, RoleHierarchy, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, type SPAPSEnvelope, type SkillEvalAccessMode, type SkillEvalActorAccess, type SkillEvalCandidateInput, type SkillEvalCandidateResponse, type SkillEvalCasePolicy, type SkillEvalCaseResponse, type SkillEvalConfidence, type SkillEvalCreateOptions, type SkillEvalDisclosurePolicy, type SkillEvalEligibilitySource, type SkillEvalGovernanceOutcomeResult, type SkillEvalGovernancePurpose, type SkillEvalGovernanceSnapshotResult, type SkillEvalInsight, type SkillEvalInsightsResponse, type SkillEvalModelEffort, type SkillEvalMutationOptions, type SkillEvalPosterResponse, type SkillEvalPosterResponseResult, type SkillEvalRevealField, type SkillEvalRevealResult, type SkillEvalReviewMarkInput, type SkillEvalReviewMarkKind, type SkillEvalReviewResponse, type SkillEvalReviewRoom, type SkillEvalReviewerEligibilityInput, type SkillEvalRewardEvent, type SubmitSkillEvalReviewRequest, type TemplateVariable, TokenManager, WalletUtils, WebSocketAuthHelper, type WebSocketAuthHelperConfig, type X402ExecuteActionOptions, X402PaymentRequiredSDKError, type X402ReceiptListParams, type X402VerifyHandoffOptions, canAccessAdmin, createBrowserClient, createPermissionChecker, createServerClient, SPAPSClient as default, defaultPermissionChecker, detectKeyType, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, isEnvelope, isErrorEnvelope, isSuccessEnvelope, unwrapEnvelope, unwrapNestedData, verifyCryptoWebhookSignature };
2285
+ export { type AccessDecisionRequest, type AccessDecisionResponse, type AccountDeletionResponse, type ActionPreparationRequest, type ActionPreparationResponse, type AdminConfig, type ApiKeyType, type AuthDiscoveryMethod, type AuthMethodDescriptor, type AuthMethodResponse, type AuthMethodsResponse, type BatchEmailsResponse, type BatchUsersResponse, type CapabilityActionEnvironment, type CapabilityControlHints, type CapabilityDecisionActor, type CapabilityDecisionFact, type CapabilityDecisionNextAction, type CapabilityDecisionOutcome, type CapabilityDecisionReason, type CapabilityDecisionResource, type CapabilityDecisionSource, type CapabilityGraphContractResponse, type CapabilityGraphImpactQuery, type CapabilityGraphImpactResponse, type CapabilityGraphNode, type CapabilityGraphNodesQuery, type CapabilityGraphNodesResponse, type CapabilityGraphPath, type CapabilityGraphPathsQuery, type CapabilityGraphPathsResponse, type CapabilityGraphProjectionStatus, type CapabilityGraphRefreshDiagnostics, type CapabilityGraphRefreshPhase2Gate, type CapabilityGraphRefreshResponse, type CapabilityGraphRefreshSourceTiming, type CapabilityGraphRowStatus, type CheckoutLineItem, type CheckoutLineItemPriceData, type CreateCheckoutSessionPayload, type CreateSkillEvalCaseRequest, type CreateSkillEvalGovernanceSnapshotRequest, type CurrentUserProjectAccessParams, type CurrentUserProjectGrantListParams, DEFAULT_ADMIN_ACCOUNTS, type EmailSendOptions, type EmailSendResult, type EmailTemplate, type EmailTemplatePreview, type EntitlementCheckResult, type EntitlementListParams, type FeatureContext, type FeatureDefinition, FeatureEvaluator, type GraphExplainResponse, type HeaderProvider, ISSUE_REPORT_ATTACHMENT_ALLOWED_MIME_TYPES, ISSUE_REPORT_ATTACHMENT_MAX_BYTES, ISSUE_REPORT_ATTACHMENT_MAX_RETAINED, type ImportSkillEvalGovernanceOutcomeRequest, type IssueReportAttachmentMimeType, type IssueReportAttachmentUploadOptions, type IssueReportListParams, type IssueReportStatusParams, type ListMembershipsParams, type ListMembershipsResponse, type MarketingEventIngestRequest, type MarketingEventIngestResponse, type MarketingEventType, type MarketingExperimentDecision, type MarketingExperimentEffectDecision, type MarketingExperimentMinSampleDecision, type MarketingExperimentRecommendation, type MarketingExperimentResultsResponse, type MarketingExperimentSrmDecision, type MarketingExperimentSrmStatus, type MarketingExperimentVariantResult, type Membership, type MembershipInvitation, type MembershipMutationRequest, type MembershipMutationResponse, type MembershipRemoveResponse, type MembershipStatus, type MfaRequiredAuthResponse, type MfaTotpActivateRequest, type MfaTotpActivateResponse, type MfaTotpDisableRequest, type MfaTotpDisableResponse, type MfaTotpEnrollResponse, type MfaVerifyRequest, type MfaVerifyResponse, type OidcNonceResponse, type OidcSignInRequest, type PermissionCheckResult, PermissionChecker, type PersistedDecisionTrace, type PersistedDecisionTraceStep, type PreparedCapabilityActionStatus, type PreparedCapabilityExecution, type PreparedCapabilityNextAction, type PreparedCapabilitySideEffect, type RespondToSkillEvalReviewRequest, type RevealSkillEvalEvidenceRequest, RoleHierarchy, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, type SPAPSEnvelope, type SPAPSErrorDiagnostic, type SPAPSErrorRemediation, SPAPSSDKError, type SPAPSSDKErrorOptions, type SessionContext, type SkillEvalAccessMode, type SkillEvalActorAccess, type SkillEvalCandidateInput, type SkillEvalCandidateResponse, type SkillEvalCasePolicy, type SkillEvalCaseResponse, type SkillEvalConfidence, type SkillEvalCreateOptions, type SkillEvalDisclosurePolicy, type SkillEvalEligibilitySource, type SkillEvalGovernanceOutcomeResult, type SkillEvalGovernancePurpose, type SkillEvalGovernanceSnapshotResult, type SkillEvalInsight, type SkillEvalInsightsResponse, type SkillEvalModelEffort, type SkillEvalMutationOptions, type SkillEvalPosterResponse, type SkillEvalPosterResponseResult, type SkillEvalRevealField, type SkillEvalRevealResult, type SkillEvalReviewMarkInput, type SkillEvalReviewMarkKind, type SkillEvalReviewResponse, type SkillEvalReviewRoom, type SkillEvalReviewerEligibilityInput, type SkillEvalRewardEvent, type SmsOtpRequest, type SmsOtpRequestResponse, type SmsOtpVerifyRequest, type SubmitSkillEvalReviewRequest, type SupportActor, type SupportCaseEvent, type SupportCaseSummary, type SupportTelemetryCaseByExternalResponse, type SupportTelemetryCaseDetailResponse, type SupportTelemetryIngestRequest, type SupportTelemetryIngestResponse, type SupportTelemetryListCasesParams, type SupportTelemetryListCasesResponse, type SupportTelemetryPatchCaseRequest, type SupportTelemetryPatchCaseResponse, type TemplateVariable, TokenManager, type UserBatchInfo, WalletUtils, type WebAuthnAssertionOptionsRequest, type WebAuthnAssertionVerifyRequest, type WebAuthnOptionsResponse, type WebAuthnRegisterVerifyRequest, type WebAuthnRegisterVerifyResponse, WebSocketAuthHelper, type WebSocketAuthHelperConfig, type WhitelistAddRequest, type WhitelistBulkAddRequest, type WhitelistBulkAddResponse, type WhitelistBulkEntry, type WhitelistBulkFailedEntry, type WhitelistCheckResponse, type WhitelistEntry, type WhitelistListParams, type WhitelistListResponse, type WhitelistMutationResponse, type WhitelistStatsResponse, type WhitelistUpdateRequest, type X402ExecuteActionOptions, X402PaymentRequiredSDKError, type X402ReceiptListParams, type X402VerifyHandoffOptions, canAccessAdmin, createBrowserClient, createPermissionChecker, createServerClient, SPAPSClient as default, defaultPermissionChecker, detectKeyType, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, isEnvelope, isErrorEnvelope, isSuccessEnvelope, unwrapEnvelope, unwrapNestedData, verifyCryptoWebhookSignature };