spaps-sdk 1.12.0 → 1.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import * as spaps_types from 'spaps-types';
2
- import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, ListProjectGrantsResponse, ProjectAccessCheckResponse, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportAttachmentOut, ListIssueReportAttachmentsResponse, IssueReportAttachmentAccessResponse, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, ListIssueReportMessagesResponse, CreateReporterMessageRequest, IssueReportMessage, CreateOperatorMessageRequest, RetractOperatorMessageRequest, CreateAppLinkRequest, AppLink, UpdateAppLinkRequest, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlFeaturesResponse, UsageControlStatusRequest, UsageControlStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
- export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreateOperatorMessageRequest, CreatePriceRequest, CreateProductRequest, CreateReporterMessageRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportAttachmentAccessResponse, IssueReportAttachmentOut, IssueReportListResult, IssueReportMessage, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, ListIssueReportAttachmentsResponse, ListIssueReportMessagesResponse, ListProjectGrantsResponse, Price, Product, ProductSyncResult, ProjectAccessCheckResponse, ProjectGrant, ProjectGrantStatus, ReplyIssueReportRequest, ResourceType, RetractOperatorMessageRequest, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateAppLinkRequest, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlFeaturesResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, UsageControlStatusRequest, UsageControlStatusResponse, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
2
+ import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CryptoReconcileResult, CreateSecureMessageRequest, SecureMessage, ListProjectGrantsResponse, ProjectAccessCheckResponse, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportAttachmentOut, ListIssueReportAttachmentsResponse, IssueReportAttachmentAccessResponse, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, ListIssueReportMessagesResponse, CreateReporterMessageRequest, IssueReportMessage, CreateOperatorMessageRequest, RetractOperatorMessageRequest, CreateAppLinkRequest, AppLink, UpdateAppLinkRequest, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlFeaturesResponse, UsageControlStatusRequest, UsageControlStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
+ export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreateOperatorMessageRequest, CreatePriceRequest, CreateProductRequest, CreateReporterMessageRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, CryptoReconcileResult, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportAttachmentAccessResponse, IssueReportAttachmentOut, IssueReportListResult, IssueReportMessage, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, ListIssueReportAttachmentsResponse, ListIssueReportMessagesResponse, ListProjectGrantsResponse, Price, Product, ProductSyncResult, ProjectAccessCheckResponse, ProjectGrant, ProjectGrantStatus, ReplyIssueReportRequest, ResourceType, RetractOperatorMessageRequest, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateAppLinkRequest, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlFeaturesResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, UsageControlStatusRequest, UsageControlStatusResponse, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
4
4
 
5
5
  /**
6
6
  * Permission checking utilities for SPAPS SDK
@@ -403,6 +403,100 @@ interface MarketingExperimentResultsResponse {
403
403
  variants: MarketingExperimentVariantResult[];
404
404
  decision: MarketingExperimentDecision;
405
405
  }
406
+ interface MfaRequiredAuthResponse {
407
+ mfa_required: true;
408
+ challenge_id: string;
409
+ challenge: string;
410
+ expires_at: string;
411
+ methods: string[];
412
+ }
413
+ type AuthMethodResponse = AuthResponse | MfaRequiredAuthResponse;
414
+ type AuthDiscoveryMethod = 'password' | 'magic_link' | 'wallet:solana' | 'wallet:ethereum' | 'wallet:base' | 'wallet:bitcoin' | 'oidc:google' | 'oidc:apple' | 'oidc:github' | 'webauthn' | 'sms';
415
+ interface AuthMethodDescriptor {
416
+ method: AuthDiscoveryMethod;
417
+ enabled: boolean;
418
+ config: Record<string, unknown>;
419
+ }
420
+ interface AuthMethodsResponse {
421
+ methods: AuthMethodDescriptor[];
422
+ }
423
+ interface OidcNonceResponse {
424
+ challenge_id: string;
425
+ nonce: string;
426
+ expires_at: string;
427
+ }
428
+ interface OidcSignInRequest {
429
+ provider: string;
430
+ id_token: string;
431
+ challenge_id: string;
432
+ username?: string;
433
+ }
434
+ interface WebAuthnOptionsResponse {
435
+ challenge_id: string;
436
+ expires_at: string;
437
+ options: Record<string, unknown>;
438
+ }
439
+ interface WebAuthnRegisterVerifyRequest {
440
+ challenge_id: string;
441
+ credential: Record<string, unknown>;
442
+ }
443
+ interface WebAuthnRegisterVerifyResponse {
444
+ credential_id: string;
445
+ relying_party_id: string;
446
+ sign_count: number;
447
+ created_at: string;
448
+ }
449
+ interface WebAuthnAssertionOptionsRequest {
450
+ email?: string;
451
+ }
452
+ interface WebAuthnAssertionVerifyRequest {
453
+ challenge_id: string;
454
+ credential: Record<string, unknown>;
455
+ }
456
+ interface MfaTotpEnrollResponse {
457
+ secret: string;
458
+ provisioning_uri: string;
459
+ issuer: string;
460
+ account_name: string;
461
+ }
462
+ interface MfaTotpActivateRequest {
463
+ code: string;
464
+ }
465
+ interface MfaTotpActivateResponse {
466
+ recovery_codes: string[];
467
+ activated_at: string;
468
+ }
469
+ interface MfaVerifyRequest {
470
+ challenge_id: string;
471
+ challenge: string;
472
+ code?: string;
473
+ recovery_code?: string;
474
+ }
475
+ interface MfaVerifyResponse extends AuthResponse {
476
+ mfa_method: string;
477
+ recovery_codes_remaining?: number | null;
478
+ }
479
+ interface MfaTotpDisableRequest {
480
+ code: string;
481
+ }
482
+ interface MfaTotpDisableResponse {
483
+ message: string;
484
+ }
485
+ interface SmsOtpRequest {
486
+ phone_number: string;
487
+ }
488
+ interface SmsOtpRequestResponse {
489
+ challenge_id: string;
490
+ expires_at: string;
491
+ message: string;
492
+ delivery_status: 'sent' | 'failed' | string;
493
+ delivery_error_code?: string | null;
494
+ }
495
+ interface SmsOtpVerifyRequest {
496
+ phone_number: string;
497
+ code: string;
498
+ challenge_id: string;
499
+ }
406
500
  interface EntitlementListParams {
407
501
  /** Filter by entitlement key */
408
502
  key?: string;
@@ -433,6 +527,254 @@ interface CurrentUserProjectAccessParams {
433
527
  /** Project entitlement key to check, such as "pds.project.viewer" */
434
528
  entitlementKey: string;
435
529
  }
530
+ interface SessionContext {
531
+ user: User$1;
532
+ entitlements: Entitlement[];
533
+ entitlements_count: number;
534
+ wallets: Array<Record<string, unknown>>;
535
+ tier?: string | null;
536
+ mfa_enrolled: boolean;
537
+ methods_hint?: string | null;
538
+ }
539
+ interface WhitelistEntry {
540
+ id?: string;
541
+ application_id?: string;
542
+ email: string;
543
+ tier?: string;
544
+ bypass_payment?: boolean;
545
+ metadata?: Record<string, unknown> | null;
546
+ created_by?: string | null;
547
+ created_at?: string;
548
+ updated_at?: string;
549
+ }
550
+ interface WhitelistCheckResponse {
551
+ entry?: WhitelistEntry | null;
552
+ message: string;
553
+ }
554
+ interface WhitelistMutationResponse {
555
+ entry: WhitelistEntry;
556
+ message: string;
557
+ }
558
+ interface WhitelistBulkEntry {
559
+ email: string;
560
+ tier?: string;
561
+ metadata?: Record<string, unknown> | null;
562
+ }
563
+ interface WhitelistBulkAddRequest {
564
+ emails: WhitelistBulkEntry[];
565
+ }
566
+ interface WhitelistBulkFailedEntry {
567
+ email: string;
568
+ error: string;
569
+ }
570
+ interface WhitelistBulkAddResponse {
571
+ message: string;
572
+ successful: WhitelistEntry[];
573
+ failed: WhitelistBulkFailedEntry[];
574
+ total: number;
575
+ }
576
+ interface WhitelistListParams {
577
+ limit?: number;
578
+ offset?: number;
579
+ tier?: string;
580
+ }
581
+ interface WhitelistListResponse {
582
+ entries: WhitelistEntry[];
583
+ total: number;
584
+ }
585
+ interface WhitelistStatsResponse {
586
+ stats: {
587
+ enabled: boolean;
588
+ total: number;
589
+ tierBreakdown: Array<{
590
+ tier: string;
591
+ count: number;
592
+ }>;
593
+ };
594
+ }
595
+ interface WhitelistAddRequest {
596
+ email: string;
597
+ tier?: string;
598
+ bypass_payment?: boolean;
599
+ metadata?: Record<string, unknown> | null;
600
+ }
601
+ interface WhitelistUpdateRequest {
602
+ tier?: string;
603
+ bypass_payment?: boolean;
604
+ metadata?: Record<string, unknown> | null;
605
+ }
606
+ interface BatchEmailsResponse {
607
+ emails: Record<string, string | null>;
608
+ total: number;
609
+ with_email: number;
610
+ }
611
+ interface UserBatchInfo {
612
+ email?: string | null;
613
+ active_entitlements?: Array<Record<string, unknown>> | null;
614
+ upcoming_bookings?: Array<Record<string, unknown>> | null;
615
+ }
616
+ interface BatchUsersResponse {
617
+ users: Record<string, UserBatchInfo>;
618
+ }
619
+ type MembershipStatus = 'active' | 'pending' | 'removed';
620
+ interface Membership {
621
+ id: string;
622
+ user_id: string;
623
+ email?: string | null;
624
+ application_id: string;
625
+ status: MembershipStatus;
626
+ permissions?: Record<string, unknown> | null;
627
+ capabilities: Record<string, unknown>;
628
+ metadata?: Record<string, unknown> | null;
629
+ created_at?: string | null;
630
+ updated_at?: string | null;
631
+ removed_at?: string | null;
632
+ }
633
+ interface MembershipInvitation {
634
+ id: string;
635
+ email: string;
636
+ application_id: string;
637
+ status: 'pending';
638
+ permissions?: Record<string, unknown> | null;
639
+ capabilities: Record<string, unknown>;
640
+ metadata?: Record<string, unknown> | null;
641
+ created_at?: string | null;
642
+ updated_at?: string | null;
643
+ }
644
+ interface ListMembershipsResponse {
645
+ memberships: Membership[];
646
+ invitations: MembershipInvitation[];
647
+ }
648
+ interface MembershipMutationRequest {
649
+ user_id?: string;
650
+ email?: string;
651
+ permissions?: Record<string, unknown> | null;
652
+ capabilities?: Record<string, unknown>;
653
+ metadata?: Record<string, unknown> | null;
654
+ }
655
+ interface MembershipMutationResponse {
656
+ result: 'created' | 'reactivated' | 'updated' | 'noop' | 'invited';
657
+ membership?: Membership | null;
658
+ invitation?: MembershipInvitation | null;
659
+ }
660
+ interface MembershipRemoveResponse {
661
+ user_id: string;
662
+ application_id: string;
663
+ status: 'removed';
664
+ removed_at?: string | null;
665
+ }
666
+ interface AccountDeletionResponse {
667
+ user_id: string;
668
+ deleted_at: string;
669
+ already_deleted: boolean;
670
+ revoked_refresh_tokens: number;
671
+ scrubbed_linked_identities: number;
672
+ removed_memberships: number;
673
+ }
674
+ interface ListMembershipsParams {
675
+ status?: string;
676
+ limit?: number;
677
+ offset?: number;
678
+ cursor?: string;
679
+ }
680
+ interface SupportActor {
681
+ type: string;
682
+ id?: string | null;
683
+ }
684
+ interface SupportCaseSummary {
685
+ id: string;
686
+ application_id: string;
687
+ external_case_ref?: string | null;
688
+ title?: string | null;
689
+ status: string;
690
+ priority: string;
691
+ highest_severity: string;
692
+ assigned_to_user_id?: string | null;
693
+ first_event_at: string;
694
+ last_event_at: string;
695
+ resolved_at?: string | null;
696
+ created_at: string;
697
+ updated_at: string;
698
+ }
699
+ interface SupportCaseEvent {
700
+ id: string;
701
+ case_id: string;
702
+ event_key: string;
703
+ source_channel: string;
704
+ event_type: string;
705
+ severity: string;
706
+ actor: SupportActor;
707
+ correlation_id?: string | null;
708
+ occurred_at: string;
709
+ received_at: string;
710
+ payload: Record<string, unknown>;
711
+ }
712
+ interface SupportTelemetryIngestRequest {
713
+ event_key: string;
714
+ occurred_at: string;
715
+ source_channel: string;
716
+ event_type: string;
717
+ severity: string;
718
+ actor: SupportActor;
719
+ payload: Record<string, unknown>;
720
+ application_id?: string | null;
721
+ correlation_id?: string | null;
722
+ external_case_ref?: string | null;
723
+ title?: string | null;
724
+ }
725
+ interface SupportTelemetryIngestResponse {
726
+ event_id: string;
727
+ case_id: string;
728
+ created_case: boolean;
729
+ deduplicated: boolean;
730
+ case_status: string;
731
+ }
732
+ interface SupportTelemetryListCasesParams {
733
+ application_id?: string;
734
+ status?: string;
735
+ priority?: string;
736
+ severity_gte?: string;
737
+ assigned_to_user_id?: string;
738
+ limit?: number;
739
+ offset?: number;
740
+ }
741
+ interface SupportTelemetryListCasesResponse {
742
+ items: SupportCaseSummary[];
743
+ total: number;
744
+ }
745
+ interface SupportTelemetryCaseDetailResponse {
746
+ case: SupportCaseSummary;
747
+ events: SupportCaseEvent[];
748
+ event_total: number;
749
+ }
750
+ interface SupportTelemetryPatchCaseRequest {
751
+ status?: string;
752
+ priority?: string;
753
+ assigned_to_user_id?: string | null;
754
+ resolution_note?: string | null;
755
+ }
756
+ interface SupportTelemetryPatchCaseResponse {
757
+ case: {
758
+ id: string;
759
+ status: string;
760
+ priority: string;
761
+ assigned_to_user_id?: string | null;
762
+ resolved_at?: string | null;
763
+ updated_at: string;
764
+ };
765
+ }
766
+ interface SupportTelemetryCaseByExternalResponse {
767
+ case: {
768
+ id: string;
769
+ application_id: string;
770
+ external_case_ref?: string | null;
771
+ status: string;
772
+ priority: string;
773
+ assigned_to_user_id?: string | null;
774
+ resolved_at?: string | null;
775
+ updated_at: string;
776
+ };
777
+ }
436
778
  type SupportedIssueReportScope = Extract<IssueReportScope, 'mine'>;
437
779
  interface IssueReportListParams {
438
780
  status?: IssueReportStatus;
@@ -459,6 +801,44 @@ declare class X402PaymentRequiredSDKError extends Error {
459
801
  readonly response: unknown;
460
802
  constructor(paymentRequiredHeader: string, response: unknown);
461
803
  }
804
+ interface SPAPSSDKErrorOptions {
805
+ message: string;
806
+ code?: string;
807
+ status?: number;
808
+ details?: unknown;
809
+ requestId?: string;
810
+ diagnostics?: SPAPSErrorDiagnostic[];
811
+ remediations?: SPAPSErrorRemediation[];
812
+ }
813
+ interface SPAPSErrorDiagnostic {
814
+ code: string;
815
+ message: string;
816
+ status?: number | null;
817
+ details?: unknown;
818
+ }
819
+ interface SPAPSErrorRemediation {
820
+ kind: string;
821
+ label?: string | null;
822
+ method?: string | null;
823
+ path?: string | null;
824
+ cli?: string | null;
825
+ requires?: string[];
826
+ details?: unknown;
827
+ command_template?: string | null;
828
+ safe_to_execute?: boolean | null;
829
+ operator_gate_required?: boolean | null;
830
+ }
831
+ declare class SPAPSSDKError extends Error {
832
+ readonly code?: string;
833
+ readonly status?: number;
834
+ readonly statusCode?: number;
835
+ readonly details?: unknown;
836
+ readonly requestId?: string;
837
+ readonly request_id?: string;
838
+ readonly diagnostics: SPAPSErrorDiagnostic[];
839
+ readonly remediations: SPAPSErrorRemediation[];
840
+ constructor(options: SPAPSSDKErrorOptions);
841
+ }
462
842
  interface X402ExecuteActionOptions {
463
843
  paymentSignature?: string;
464
844
  target: string;
@@ -474,6 +854,284 @@ interface X402VerifyHandoffOptions {
474
854
  resourceKey: string;
475
855
  actionKey: string;
476
856
  }
857
+ type CapabilityDecisionOutcome = 'allowed' | 'needs_login' | 'needs_entitlement' | 'needs_payment' | 'needs_approval' | 'usage_limited' | 'policy_denied' | 'unknown_resource' | 'blocked';
858
+ type PreparedCapabilityActionStatus = CapabilityDecisionOutcome | 'ready';
859
+ type CapabilityGraphRowStatus = 'active' | 'stale' | 'tombstoned';
860
+ type PreparedCapabilitySideEffect = 'none' | 'read' | 'mutation' | 'unknown';
861
+ type CapabilityActionEnvironment = 'local' | 'development' | 'staging' | 'production';
862
+ interface CapabilityDecisionActor {
863
+ actor_type?: string;
864
+ actor_ref?: string;
865
+ user_id?: string;
866
+ email?: string;
867
+ agent_id?: string;
868
+ wallet_addresses?: string[];
869
+ authenticated?: boolean;
870
+ metadata?: Record<string, unknown>;
871
+ }
872
+ interface CapabilityDecisionResource {
873
+ resource_type: string;
874
+ resource_ref: string;
875
+ resource_id?: string;
876
+ resource_key?: string;
877
+ metadata?: Record<string, unknown>;
878
+ }
879
+ interface CapabilityControlHints {
880
+ entitlement_key?: string;
881
+ entitlement_resource_type?: string;
882
+ entitlement_resource_id?: string;
883
+ policy_name?: string;
884
+ policy_context?: Record<string, unknown>;
885
+ usage_feature_key?: string;
886
+ usage_dimensions?: Record<string, number>;
887
+ x402_resource_key?: string;
888
+ approval_id?: string;
889
+ approval_required?: boolean;
890
+ authority_scope?: string;
891
+ }
892
+ interface AccessDecisionRequest {
893
+ actor: CapabilityDecisionActor;
894
+ action: string;
895
+ resource: CapabilityDecisionResource;
896
+ controls?: CapabilityControlHints;
897
+ idempotency_key?: string;
898
+ correlation_id?: string;
899
+ context?: Record<string, unknown>;
900
+ expires_at?: string;
901
+ }
902
+ interface CapabilityDecisionReason {
903
+ code: string;
904
+ message: string;
905
+ details?: Record<string, unknown>;
906
+ }
907
+ interface CapabilityDecisionFact {
908
+ node_key?: string | null;
909
+ node_type?: string | null;
910
+ label?: string | null;
911
+ source_domain: string;
912
+ source_ref?: string | null;
913
+ details?: Record<string, unknown>;
914
+ }
915
+ interface CapabilityDecisionNextAction {
916
+ kind: string;
917
+ label?: string | null;
918
+ method?: string | null;
919
+ path?: string | null;
920
+ cli?: string | null;
921
+ requires?: string[];
922
+ details?: Record<string, unknown>;
923
+ }
924
+ interface CapabilityDecisionSource {
925
+ kind: string;
926
+ ref: string;
927
+ url?: string | null;
928
+ }
929
+ interface AccessDecisionResponse {
930
+ allowed: boolean;
931
+ outcome: CapabilityDecisionOutcome;
932
+ decision_trace_id: string;
933
+ decision_key: string;
934
+ reasons: CapabilityDecisionReason[];
935
+ facts: CapabilityDecisionFact[];
936
+ next_actions: CapabilityDecisionNextAction[];
937
+ sources: CapabilityDecisionSource[];
938
+ }
939
+ interface ActionPreparationRequest {
940
+ access: AccessDecisionRequest;
941
+ include_command_templates?: boolean;
942
+ operator_labels?: string[];
943
+ environment?: CapabilityActionEnvironment;
944
+ }
945
+ interface PreparedCapabilityNextAction extends CapabilityDecisionNextAction {
946
+ side_effect: PreparedCapabilitySideEffect;
947
+ safe_to_execute: boolean;
948
+ operator_gate_required: boolean;
949
+ command_template?: string | null;
950
+ }
951
+ interface PreparedCapabilityExecution {
952
+ ready: boolean;
953
+ side_effect: PreparedCapabilitySideEffect;
954
+ safe_to_execute: boolean;
955
+ operator_gate_required: boolean;
956
+ required_authorizations: string[];
957
+ warnings: string[];
958
+ }
959
+ interface ActionPreparationResponse {
960
+ status: PreparedCapabilityActionStatus;
961
+ allowed: boolean;
962
+ decision_trace_id: string;
963
+ decision_key: string;
964
+ action: string;
965
+ resource_type: string;
966
+ resource_ref: string;
967
+ execution: PreparedCapabilityExecution;
968
+ reasons: CapabilityDecisionReason[];
969
+ facts: CapabilityDecisionFact[];
970
+ next_actions: PreparedCapabilityNextAction[];
971
+ sources: CapabilityDecisionSource[];
972
+ }
973
+ interface PersistedDecisionTraceStep {
974
+ id: string;
975
+ step_order: number;
976
+ step_name: string;
977
+ status: string;
978
+ source_domain: string;
979
+ source_ref?: string | null;
980
+ graph_node_keys: string[];
981
+ graph_edge_keys: string[];
982
+ elapsed_ms: number;
983
+ inputs: Record<string, unknown>;
984
+ outputs: Record<string, unknown>;
985
+ created_at: string;
986
+ }
987
+ interface PersistedDecisionTrace {
988
+ id: string;
989
+ application_id: string;
990
+ decision_key: string;
991
+ idempotency_key?: string | null;
992
+ actor_type: string;
993
+ actor_ref: string;
994
+ action: string;
995
+ resource_type: string;
996
+ resource_ref: string;
997
+ allowed: boolean;
998
+ outcome: CapabilityDecisionOutcome;
999
+ authority_scope: string;
1000
+ correlation_id?: string | null;
1001
+ request_hash: string;
1002
+ reasons: Record<string, unknown>[];
1003
+ facts: Record<string, unknown>[];
1004
+ next_actions: Record<string, unknown>[];
1005
+ sources: Record<string, unknown>[];
1006
+ redaction_profile: string;
1007
+ expires_at?: string | null;
1008
+ created_at: string;
1009
+ steps: PersistedDecisionTraceStep[];
1010
+ }
1011
+ interface GraphExplainResponse {
1012
+ decision: PersistedDecisionTrace;
1013
+ graph_node_keys: string[];
1014
+ graph_edge_keys: string[];
1015
+ }
1016
+ interface CapabilityGraphNode {
1017
+ id: string;
1018
+ node_key: string;
1019
+ node_type: string;
1020
+ label: string;
1021
+ source_domain: string;
1022
+ source_ref: string;
1023
+ status: CapabilityGraphRowStatus;
1024
+ metadata: Record<string, unknown>;
1025
+ observed_at: string;
1026
+ source_updated_at?: string | null;
1027
+ stale_after?: string | null;
1028
+ projection_run_id?: string | null;
1029
+ created_at: string;
1030
+ updated_at: string;
1031
+ }
1032
+ interface CapabilityGraphProjectionStatus {
1033
+ projection_run_id?: string | null;
1034
+ projection_status: string;
1035
+ observed_at?: string | null;
1036
+ graph_hash?: string | null;
1037
+ node_count: number;
1038
+ edge_count: number;
1039
+ stale_node_count: number;
1040
+ stale_edge_count: number;
1041
+ degraded: boolean;
1042
+ reason?: string | null;
1043
+ }
1044
+ interface CapabilityGraphNodesQuery {
1045
+ node_type?: string;
1046
+ status?: CapabilityGraphRowStatus | string;
1047
+ q?: string;
1048
+ cursor?: string;
1049
+ limit?: number;
1050
+ application_id?: string;
1051
+ }
1052
+ interface CapabilityGraphNodesResponse {
1053
+ nodes: CapabilityGraphNode[];
1054
+ count: number;
1055
+ next_cursor?: string | null;
1056
+ projection?: CapabilityGraphProjectionStatus | null;
1057
+ }
1058
+ interface CapabilityGraphPathsQuery {
1059
+ from_node_key: string;
1060
+ to_node_key: string;
1061
+ max_depth?: number;
1062
+ limit?: number;
1063
+ include_stale?: boolean;
1064
+ application_id?: string;
1065
+ }
1066
+ interface CapabilityGraphPath {
1067
+ node_keys: string[];
1068
+ edge_keys: string[];
1069
+ }
1070
+ interface CapabilityGraphPathsResponse {
1071
+ paths: CapabilityGraphPath[];
1072
+ count: number;
1073
+ projection?: CapabilityGraphProjectionStatus | null;
1074
+ }
1075
+ interface CapabilityGraphImpactQuery {
1076
+ node_key: string;
1077
+ max_depth?: number;
1078
+ limit?: number;
1079
+ include_stale?: boolean;
1080
+ application_id?: string;
1081
+ }
1082
+ interface CapabilityGraphImpactResponse {
1083
+ start_node_key: string;
1084
+ impacted_node_keys: string[];
1085
+ impacted_edge_keys: string[];
1086
+ counts_by_node_type: Record<string, number>;
1087
+ risk_flags: string[];
1088
+ projection?: CapabilityGraphProjectionStatus | null;
1089
+ }
1090
+ interface CapabilityGraphRefreshSourceTiming {
1091
+ source: string;
1092
+ row_count: number;
1093
+ node_count: number;
1094
+ edge_count: number;
1095
+ elapsed_ms: number;
1096
+ }
1097
+ interface CapabilityGraphRefreshPhase2Gate {
1098
+ scale_factor: number;
1099
+ projected_total_elapsed_ms: number;
1100
+ total_threshold_ms: number;
1101
+ projected_slowest_source_elapsed_ms: number;
1102
+ source_threshold_ms: number;
1103
+ recommendation: 'full_refresh_ok' | 'investigate_incremental';
1104
+ }
1105
+ interface CapabilityGraphRefreshDiagnostics {
1106
+ total_elapsed_ms: number;
1107
+ source_timings: CapabilityGraphRefreshSourceTiming[];
1108
+ phase2_gate?: CapabilityGraphRefreshPhase2Gate | null;
1109
+ }
1110
+ interface CapabilityGraphRefreshResponse {
1111
+ projection_run_id: string;
1112
+ status: string;
1113
+ node_count: number;
1114
+ edge_count: number;
1115
+ observation_count: number;
1116
+ stale_node_count: number;
1117
+ stale_edge_count: number;
1118
+ diagnostics: CapabilityGraphRefreshDiagnostics;
1119
+ }
1120
+ interface CapabilityGraphContractResponse {
1121
+ version: string;
1122
+ endpoints: Array<Record<string, unknown>>;
1123
+ decision_outcomes: CapabilityDecisionOutcome[];
1124
+ prepared_action_statuses: PreparedCapabilityActionStatus[];
1125
+ graph_row_statuses: CapabilityGraphRowStatus[];
1126
+ graph_node_types?: string[];
1127
+ graph_edge_types?: string[];
1128
+ graph_source_domains?: string[];
1129
+ source_domain_notes?: Record<string, string>;
1130
+ error_codes?: Array<Record<string, unknown>>;
1131
+ cli?: Record<string, unknown>;
1132
+ sdk_helpers?: Record<string, string[]>;
1133
+ docs?: Array<Record<string, unknown>>;
1134
+ }
477
1135
  type SkillEvalDisclosurePolicy = 'blind_then_controlled_reveal';
478
1136
  type SkillEvalEligibilitySource = 'admin_assigned' | 'entitlement' | 'policy_import' | 'manual_override';
479
1137
  type SkillEvalConfidence = 'low' | 'medium' | 'high';
@@ -723,9 +1381,15 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
723
1381
  private unwrapApiResponse;
724
1382
  private skillEvalMutationConfig;
725
1383
  private requireCurrentUserIdFromAccessToken;
1384
+ private requireAccessToken;
1385
+ private authConfig;
726
1386
  private isAxiosResponse;
727
1387
  private isResponseLikeWithData;
728
1388
  private isApiResponse;
1389
+ private static isMfaRequiredAuthResponse;
1390
+ private normalizeAuthPayload;
1391
+ private storeAuthTokens;
1392
+ private unwrapAuthMethodResponse;
729
1393
  private static isSdkManagedHeader;
730
1394
  private static hasHeader;
731
1395
  private static setHeader;
@@ -738,13 +1402,7 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
738
1402
  updateProduct: (productId: string, updates: UpdateProductRequest) => Promise<{
739
1403
  data: Product;
740
1404
  }>;
741
- deleteProduct: (productId: string) => Promise<{
742
- data: {
743
- id: string;
744
- active: boolean;
745
- archived: boolean;
746
- };
747
- }>;
1405
+ deleteProduct: (productId: string) => Promise<void>;
748
1406
  createPrice: (priceData: CreatePriceRequest) => Promise<{
749
1407
  data: Price;
750
1408
  }>;
@@ -758,11 +1416,7 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
758
1416
  adminMetadata?: any;
759
1417
  };
760
1418
  }>;
761
- triggerCryptoReconcile: (opts?: CryptoReconcileRequest) => Promise<{
762
- job_id: string;
763
- scheduled_at: string;
764
- cursor?: Record<string, unknown>;
765
- }>;
1419
+ triggerCryptoReconcile: (opts?: CryptoReconcileRequest) => Promise<CryptoReconcileResult>;
766
1420
  };
767
1421
  secureMessages: {
768
1422
  create: (payload: CreateSecureMessageRequest<SecureMessageMetadata>) => Promise<SecureMessage<SecureMessageMetadata>>;
@@ -933,6 +1587,55 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
933
1587
  track?: boolean;
934
1588
  }) => Promise<AppLink>;
935
1589
  };
1590
+ /**
1591
+ * Application email whitelist helpers.
1592
+ *
1593
+ * `check` is API-key scoped. Mutations and admin reads require an
1594
+ * authenticated admin JWT plus the configured API key.
1595
+ */
1596
+ whitelist: {
1597
+ check: (email: string) => Promise<WhitelistCheckResponse>;
1598
+ add: (payload: WhitelistAddRequest) => Promise<WhitelistMutationResponse>;
1599
+ bulkAdd: (payload: WhitelistBulkAddRequest) => Promise<WhitelistBulkAddResponse>;
1600
+ list: (params?: WhitelistListParams) => Promise<WhitelistListResponse>;
1601
+ update: (email: string, payload: WhitelistUpdateRequest) => Promise<WhitelistMutationResponse>;
1602
+ stats: () => Promise<WhitelistStatsResponse>;
1603
+ clear: () => Promise<void>;
1604
+ remove: (email: string) => Promise<void>;
1605
+ };
1606
+ /**
1607
+ * User lookup and app membership administration helpers.
1608
+ */
1609
+ users: {
1610
+ getEmailsBatch: (userIds: string[]) => Promise<BatchEmailsResponse>;
1611
+ getUsersBatch: (userIds: string[]) => Promise<BatchUsersResponse>;
1612
+ memberships: {
1613
+ list: (params?: ListMembershipsParams) => Promise<ListMembershipsResponse>;
1614
+ add: (payload: MembershipMutationRequest) => Promise<MembershipMutationResponse>;
1615
+ remove: (userId: string) => Promise<MembershipRemoveResponse>;
1616
+ deleteAccount: (userId: string, params?: {
1617
+ confirm_forfeit_active_access?: boolean;
1618
+ }) => Promise<AccountDeletionResponse>;
1619
+ };
1620
+ };
1621
+ /**
1622
+ * Trusted-service support telemetry helpers.
1623
+ *
1624
+ * These endpoints require a secret API key. Case lifecycle patching also
1625
+ * requires a super-admin JWT.
1626
+ */
1627
+ supportTelemetry: {
1628
+ ingestEvent: (payload: SupportTelemetryIngestRequest) => Promise<SupportTelemetryIngestResponse>;
1629
+ listCases: (params?: SupportTelemetryListCasesParams) => Promise<SupportTelemetryListCasesResponse>;
1630
+ getCase: (caseId: string, params?: {
1631
+ event_limit?: number;
1632
+ event_offset?: number;
1633
+ }) => Promise<SupportTelemetryCaseDetailResponse>;
1634
+ patchCase: (caseId: string, payload: SupportTelemetryPatchCaseRequest) => Promise<SupportTelemetryPatchCaseResponse>;
1635
+ getCaseByExternalRef: (externalCaseRef: string, params?: {
1636
+ application_id?: string;
1637
+ }) => Promise<SupportTelemetryCaseByExternalResponse>;
1638
+ };
936
1639
  /**
937
1640
  * Marketing events and experiment results.
938
1641
  *
@@ -987,7 +1690,10 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
987
1690
  getUser(): Promise<{
988
1691
  data: User$1;
989
1692
  }>;
1693
+ getSessionContext(): Promise<SessionContext>;
990
1694
  auth: {
1695
+ getMethods: () => Promise<AuthMethodsResponse>;
1696
+ getSessionContext: () => Promise<SessionContext>;
991
1697
  /**
992
1698
  * Verify magic link token without mutating token state.
993
1699
  * Returns a simple success object from the API.
@@ -999,12 +1705,16 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
999
1705
  message: string;
1000
1706
  chain_type?: "solana" | "ethereum" | "bitcoin" | "base";
1001
1707
  username?: string;
1002
- }) => Promise<any>;
1003
- authenticateWallet: (walletAddress: string, signFn: (message: string) => Promise<string> | string, chainType?: "solana" | "ethereum" | "bitcoin" | "base", username?: string) => Promise<any>;
1708
+ }) => Promise<AuthMethodResponse>;
1709
+ authenticateWallet: (walletAddress: string, signFn: (message: string) => Promise<string> | string, chainType?: "solana" | "ethereum" | "bitcoin" | "base", username?: string) => Promise<AuthMethodResponse>;
1004
1710
  signInWithPassword: (payload: {
1005
1711
  email: string;
1006
1712
  password: string;
1007
- }) => Promise<any>;
1713
+ }) => Promise<AuthMethodResponse>;
1714
+ login: (payload: {
1715
+ email: string;
1716
+ password: string;
1717
+ }) => Promise<AuthMethodResponse>;
1008
1718
  requestMagicLink: (payload: {
1009
1719
  email: string;
1010
1720
  redirect_url?: string;
@@ -1028,6 +1738,10 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1028
1738
  }) => Promise<{
1029
1739
  message: string;
1030
1740
  }>;
1741
+ deleteCurrentAccount: (payload: {
1742
+ password: string;
1743
+ confirm_forfeit_active_access?: boolean;
1744
+ }) => Promise<AccountDeletionResponse>;
1031
1745
  register: (payload: {
1032
1746
  email: string;
1033
1747
  password: string;
@@ -1039,7 +1753,30 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1039
1753
  verifyMagicLink: (payload: {
1040
1754
  token: string;
1041
1755
  type?: string;
1042
- }) => Promise<AuthResponse>;
1756
+ state?: string;
1757
+ }) => Promise<AuthMethodResponse>;
1758
+ oidc: {
1759
+ getNonce: () => Promise<OidcNonceResponse>;
1760
+ signIn: (payload: OidcSignInRequest) => Promise<AuthMethodResponse>;
1761
+ };
1762
+ webauthn: {
1763
+ registerOptions: () => Promise<WebAuthnOptionsResponse>;
1764
+ registerVerify: (payload: WebAuthnRegisterVerifyRequest) => Promise<WebAuthnRegisterVerifyResponse>;
1765
+ assertionOptions: (payload?: WebAuthnAssertionOptionsRequest) => Promise<WebAuthnOptionsResponse>;
1766
+ assertionVerify: (payload: WebAuthnAssertionVerifyRequest) => Promise<AuthMethodResponse>;
1767
+ };
1768
+ mfa: {
1769
+ totp: {
1770
+ enroll: () => Promise<MfaTotpEnrollResponse>;
1771
+ activate: (payload: MfaTotpActivateRequest) => Promise<MfaTotpActivateResponse>;
1772
+ disable: (payload: MfaTotpDisableRequest) => Promise<MfaTotpDisableResponse>;
1773
+ };
1774
+ verify: (payload: MfaVerifyRequest) => Promise<MfaVerifyResponse>;
1775
+ };
1776
+ sms: {
1777
+ request: (payload: SmsOtpRequest) => Promise<SmsOtpRequestResponse>;
1778
+ verify: (payload: SmsOtpVerifyRequest) => Promise<AuthMethodResponse>;
1779
+ };
1043
1780
  solana: {
1044
1781
  linkWallet: (payload: {
1045
1782
  wallet_address: string;
@@ -1092,11 +1829,7 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1092
1829
  createInvoice: (payload: CreateCryptoInvoiceRequest) => Promise<spaps_types.CryptoInvoice>;
1093
1830
  getInvoice: (invoiceId: string) => Promise<spaps_types.CryptoInvoice>;
1094
1831
  getInvoiceStatus: (invoiceId: string) => Promise<CryptoInvoiceStatusSnapshot>;
1095
- reconcile: (options?: CryptoReconcileRequest) => Promise<{
1096
- job_id: string;
1097
- scheduled_at: string;
1098
- cursor?: Record<string, unknown>;
1099
- }>;
1832
+ reconcile: (options?: CryptoReconcileRequest) => Promise<CryptoReconcileResult>;
1100
1833
  };
1101
1834
  createCheckoutSession: (payload: CreateCheckoutSessionPayload) => Promise<CheckoutSession>;
1102
1835
  createPaymentCheckout: (params: {
@@ -1160,7 +1893,7 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1160
1893
  }) => Promise<any>;
1161
1894
  listAllProductsSuperAdmin: () => Promise<any>;
1162
1895
  updateProductSuperAdmin: (productId: string, updates: any) => Promise<any>;
1163
- deleteProductSuperAdmin: (productId: string) => Promise<any>;
1896
+ deleteProductSuperAdmin: (productId: string) => Promise<void>;
1164
1897
  createProductWithPrice: (payload: any) => Promise<any>;
1165
1898
  createProductWithPriceSuperAdmin: (applicationId: string, payload: any) => Promise<any>;
1166
1899
  setDefaultPrice: (productId: string, payload: {
@@ -1172,7 +1905,7 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1172
1905
  createDefaultNewPrice: (productId: string, payload: any) => Promise<any>;
1173
1906
  superAdminListAllProducts: () => Promise<any>;
1174
1907
  superAdminUpdateProduct: (productId: string, updates: any) => Promise<any>;
1175
- superAdminArchiveProduct: (productId: string) => Promise<any>;
1908
+ superAdminArchiveProduct: (productId: string) => Promise<void>;
1176
1909
  superAdminCreateProductWithPrice: (applicationId: string, payload: any) => Promise<any>;
1177
1910
  superAdminCreatePriceAndSetDefault: (productId: string, payload: any) => Promise<any>;
1178
1911
  superAdminSetDefaultPrice: (productId: string, payload: {
@@ -1186,8 +1919,8 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1186
1919
  starting_after?: string;
1187
1920
  }) => Promise<any>;
1188
1921
  validate: () => Promise<any>;
1189
- revoke: (sessionId: string) => Promise<any>;
1190
- revokeAll: () => Promise<any>;
1922
+ revoke: (sessionId: string) => Promise<void>;
1923
+ revokeAll: () => Promise<void>;
1191
1924
  touch: () => Promise<any>;
1192
1925
  };
1193
1926
  /**
@@ -1319,6 +2052,35 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1319
2052
  */
1320
2053
  listHistory: (query?: UsageControlHistoryRequest) => Promise<UsageControlHistoryResponse>;
1321
2054
  };
2055
+ /**
2056
+ * Agent-oriented access decisions and action preparation.
2057
+ *
2058
+ * `check` intentionally resolves for denied decisions; inspect
2059
+ * `allowed`, `outcome`, and `next_actions` to decide what to do next.
2060
+ */
2061
+ access: {
2062
+ check: (payload: AccessDecisionRequest) => Promise<AccessDecisionResponse>;
2063
+ decide: (payload: AccessDecisionRequest) => Promise<AccessDecisionResponse>;
2064
+ prepareAction: (payload: ActionPreparationRequest) => Promise<ActionPreparationResponse>;
2065
+ getDecision: (decisionTraceId: string) => Promise<PersistedDecisionTrace>;
2066
+ explain: (decisionTraceId: string) => Promise<GraphExplainResponse>;
2067
+ };
2068
+ /**
2069
+ * Capability graph inspection helpers. These require a secret key.
2070
+ */
2071
+ graph: {
2072
+ listNodes: (query?: CapabilityGraphNodesQuery) => Promise<CapabilityGraphNodesResponse>;
2073
+ getPaths: (query: CapabilityGraphPathsQuery) => Promise<CapabilityGraphPathsResponse>;
2074
+ getImpact: (query: CapabilityGraphImpactQuery) => Promise<CapabilityGraphImpactResponse>;
2075
+ explain: (decisionTraceId: string) => Promise<GraphExplainResponse>;
2076
+ refresh: (correlationId?: string, applicationId?: string) => Promise<CapabilityGraphRefreshResponse>;
2077
+ };
2078
+ /**
2079
+ * Machine-readable capability graph contract for agents and SDK adapters.
2080
+ */
2081
+ contract: {
2082
+ get: () => Promise<CapabilityGraphContractResponse>;
2083
+ };
1322
2084
  createCheckoutSession(priceId: string, successUrl: string, cancelUrl?: string): Promise<{
1323
2085
  data: CheckoutSession;
1324
2086
  }>;
@@ -1369,13 +2131,7 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1369
2131
  /**
1370
2132
  * Archive (soft delete) a Stripe product (Admin required)
1371
2133
  */
1372
- deleteProduct(productId: string): Promise<{
1373
- data: {
1374
- id: string;
1375
- active: boolean;
1376
- archived: boolean;
1377
- };
1378
- }>;
2134
+ deleteProduct(productId: string): Promise<void>;
1379
2135
  /**
1380
2136
  * Create a new price for a product (Admin required)
1381
2137
  */
@@ -1467,6 +2223,15 @@ interface SPAPSEnvelope<T = unknown> {
1467
2223
  message: string;
1468
2224
  details?: unknown;
1469
2225
  };
2226
+ request_id?: string;
2227
+ timestamp?: string;
2228
+ metadata?: {
2229
+ request_id?: string;
2230
+ timestamp?: string;
2231
+ [key: string]: unknown;
2232
+ };
2233
+ diagnostics?: SPAPSErrorDiagnostic[];
2234
+ remediations?: SPAPSErrorRemediation[];
1470
2235
  }
1471
2236
  declare function isEnvelope(value: unknown): value is SPAPSEnvelope;
1472
2237
  declare function isSuccessEnvelope<T = unknown>(value: unknown): value is SPAPSEnvelope<T> & {
@@ -1517,4 +2282,4 @@ declare function createServerClient(secretKey: string, options?: Omit<SPAPSConfi
1517
2282
  */
1518
2283
  declare function detectKeyType(key: string): ApiKeyType | null;
1519
2284
 
1520
- export { type AdminConfig, type ApiKeyType, type CheckoutLineItem, type CheckoutLineItemPriceData, type CreateCheckoutSessionPayload, type CreateSkillEvalCaseRequest, type CreateSkillEvalGovernanceSnapshotRequest, type CurrentUserProjectAccessParams, type CurrentUserProjectGrantListParams, DEFAULT_ADMIN_ACCOUNTS, type EmailSendOptions, type EmailSendResult, type EmailTemplate, type EmailTemplatePreview, type EntitlementCheckResult, type EntitlementListParams, type FeatureContext, type FeatureDefinition, FeatureEvaluator, type HeaderProvider, ISSUE_REPORT_ATTACHMENT_ALLOWED_MIME_TYPES, ISSUE_REPORT_ATTACHMENT_MAX_BYTES, ISSUE_REPORT_ATTACHMENT_MAX_RETAINED, type ImportSkillEvalGovernanceOutcomeRequest, type IssueReportAttachmentMimeType, type IssueReportAttachmentUploadOptions, type IssueReportListParams, type IssueReportStatusParams, type MarketingEventIngestRequest, type MarketingEventIngestResponse, type MarketingEventType, type MarketingExperimentDecision, type MarketingExperimentEffectDecision, type MarketingExperimentMinSampleDecision, type MarketingExperimentRecommendation, type MarketingExperimentResultsResponse, type MarketingExperimentSrmDecision, type MarketingExperimentSrmStatus, type MarketingExperimentVariantResult, type PermissionCheckResult, PermissionChecker, type RespondToSkillEvalReviewRequest, type RevealSkillEvalEvidenceRequest, RoleHierarchy, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, type SPAPSEnvelope, type SkillEvalAccessMode, type SkillEvalActorAccess, type SkillEvalCandidateInput, type SkillEvalCandidateResponse, type SkillEvalCasePolicy, type SkillEvalCaseResponse, type SkillEvalConfidence, type SkillEvalCreateOptions, type SkillEvalDisclosurePolicy, type SkillEvalEligibilitySource, type SkillEvalGovernanceOutcomeResult, type SkillEvalGovernancePurpose, type SkillEvalGovernanceSnapshotResult, type SkillEvalInsight, type SkillEvalInsightsResponse, type SkillEvalModelEffort, type SkillEvalMutationOptions, type SkillEvalPosterResponse, type SkillEvalPosterResponseResult, type SkillEvalRevealField, type SkillEvalRevealResult, type SkillEvalReviewMarkInput, type SkillEvalReviewMarkKind, type SkillEvalReviewResponse, type SkillEvalReviewRoom, type SkillEvalReviewerEligibilityInput, type SkillEvalRewardEvent, type SubmitSkillEvalReviewRequest, type TemplateVariable, TokenManager, WalletUtils, WebSocketAuthHelper, type WebSocketAuthHelperConfig, type X402ExecuteActionOptions, X402PaymentRequiredSDKError, type X402ReceiptListParams, type X402VerifyHandoffOptions, canAccessAdmin, createBrowserClient, createPermissionChecker, createServerClient, SPAPSClient as default, defaultPermissionChecker, detectKeyType, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, isEnvelope, isErrorEnvelope, isSuccessEnvelope, unwrapEnvelope, unwrapNestedData, verifyCryptoWebhookSignature };
2285
+ export { type AccessDecisionRequest, type AccessDecisionResponse, type AccountDeletionResponse, type ActionPreparationRequest, type ActionPreparationResponse, type AdminConfig, type ApiKeyType, type AuthDiscoveryMethod, type AuthMethodDescriptor, type AuthMethodResponse, type AuthMethodsResponse, type BatchEmailsResponse, type BatchUsersResponse, type CapabilityActionEnvironment, type CapabilityControlHints, type CapabilityDecisionActor, type CapabilityDecisionFact, type CapabilityDecisionNextAction, type CapabilityDecisionOutcome, type CapabilityDecisionReason, type CapabilityDecisionResource, type CapabilityDecisionSource, type CapabilityGraphContractResponse, type CapabilityGraphImpactQuery, type CapabilityGraphImpactResponse, type CapabilityGraphNode, type CapabilityGraphNodesQuery, type CapabilityGraphNodesResponse, type CapabilityGraphPath, type CapabilityGraphPathsQuery, type CapabilityGraphPathsResponse, type CapabilityGraphProjectionStatus, type CapabilityGraphRefreshDiagnostics, type CapabilityGraphRefreshPhase2Gate, type CapabilityGraphRefreshResponse, type CapabilityGraphRefreshSourceTiming, type CapabilityGraphRowStatus, type CheckoutLineItem, type CheckoutLineItemPriceData, type CreateCheckoutSessionPayload, type CreateSkillEvalCaseRequest, type CreateSkillEvalGovernanceSnapshotRequest, type CurrentUserProjectAccessParams, type CurrentUserProjectGrantListParams, DEFAULT_ADMIN_ACCOUNTS, type EmailSendOptions, type EmailSendResult, type EmailTemplate, type EmailTemplatePreview, type EntitlementCheckResult, type EntitlementListParams, type FeatureContext, type FeatureDefinition, FeatureEvaluator, type GraphExplainResponse, type HeaderProvider, ISSUE_REPORT_ATTACHMENT_ALLOWED_MIME_TYPES, ISSUE_REPORT_ATTACHMENT_MAX_BYTES, ISSUE_REPORT_ATTACHMENT_MAX_RETAINED, type ImportSkillEvalGovernanceOutcomeRequest, type IssueReportAttachmentMimeType, type IssueReportAttachmentUploadOptions, type IssueReportListParams, type IssueReportStatusParams, type ListMembershipsParams, type ListMembershipsResponse, type MarketingEventIngestRequest, type MarketingEventIngestResponse, type MarketingEventType, type MarketingExperimentDecision, type MarketingExperimentEffectDecision, type MarketingExperimentMinSampleDecision, type MarketingExperimentRecommendation, type MarketingExperimentResultsResponse, type MarketingExperimentSrmDecision, type MarketingExperimentSrmStatus, type MarketingExperimentVariantResult, type Membership, type MembershipInvitation, type MembershipMutationRequest, type MembershipMutationResponse, type MembershipRemoveResponse, type MembershipStatus, type MfaRequiredAuthResponse, type MfaTotpActivateRequest, type MfaTotpActivateResponse, type MfaTotpDisableRequest, type MfaTotpDisableResponse, type MfaTotpEnrollResponse, type MfaVerifyRequest, type MfaVerifyResponse, type OidcNonceResponse, type OidcSignInRequest, type PermissionCheckResult, PermissionChecker, type PersistedDecisionTrace, type PersistedDecisionTraceStep, type PreparedCapabilityActionStatus, type PreparedCapabilityExecution, type PreparedCapabilityNextAction, type PreparedCapabilitySideEffect, type RespondToSkillEvalReviewRequest, type RevealSkillEvalEvidenceRequest, RoleHierarchy, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, type SPAPSEnvelope, type SPAPSErrorDiagnostic, type SPAPSErrorRemediation, SPAPSSDKError, type SPAPSSDKErrorOptions, type SessionContext, type SkillEvalAccessMode, type SkillEvalActorAccess, type SkillEvalCandidateInput, type SkillEvalCandidateResponse, type SkillEvalCasePolicy, type SkillEvalCaseResponse, type SkillEvalConfidence, type SkillEvalCreateOptions, type SkillEvalDisclosurePolicy, type SkillEvalEligibilitySource, type SkillEvalGovernanceOutcomeResult, type SkillEvalGovernancePurpose, type SkillEvalGovernanceSnapshotResult, type SkillEvalInsight, type SkillEvalInsightsResponse, type SkillEvalModelEffort, type SkillEvalMutationOptions, type SkillEvalPosterResponse, type SkillEvalPosterResponseResult, type SkillEvalRevealField, type SkillEvalRevealResult, type SkillEvalReviewMarkInput, type SkillEvalReviewMarkKind, type SkillEvalReviewResponse, type SkillEvalReviewRoom, type SkillEvalReviewerEligibilityInput, type SkillEvalRewardEvent, type SmsOtpRequest, type SmsOtpRequestResponse, type SmsOtpVerifyRequest, type SubmitSkillEvalReviewRequest, type SupportActor, type SupportCaseEvent, type SupportCaseSummary, type SupportTelemetryCaseByExternalResponse, type SupportTelemetryCaseDetailResponse, type SupportTelemetryIngestRequest, type SupportTelemetryIngestResponse, type SupportTelemetryListCasesParams, type SupportTelemetryListCasesResponse, type SupportTelemetryPatchCaseRequest, type SupportTelemetryPatchCaseResponse, type TemplateVariable, TokenManager, type UserBatchInfo, WalletUtils, type WebAuthnAssertionOptionsRequest, type WebAuthnAssertionVerifyRequest, type WebAuthnOptionsResponse, type WebAuthnRegisterVerifyRequest, type WebAuthnRegisterVerifyResponse, WebSocketAuthHelper, type WebSocketAuthHelperConfig, type WhitelistAddRequest, type WhitelistBulkAddRequest, type WhitelistBulkAddResponse, type WhitelistBulkEntry, type WhitelistBulkFailedEntry, type WhitelistCheckResponse, type WhitelistEntry, type WhitelistListParams, type WhitelistListResponse, type WhitelistMutationResponse, type WhitelistStatsResponse, type WhitelistUpdateRequest, type X402ExecuteActionOptions, X402PaymentRequiredSDKError, type X402ReceiptListParams, type X402VerifyHandoffOptions, canAccessAdmin, createBrowserClient, createPermissionChecker, createServerClient, SPAPSClient as default, defaultPermissionChecker, detectKeyType, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, isEnvelope, isErrorEnvelope, isSuccessEnvelope, unwrapEnvelope, unwrapNestedData, verifyCryptoWebhookSignature };