spaps-sdk 1.6.7 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -6,7 +6,17 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and
6
6
 
7
7
  ## [Unreleased]
8
8
 
9
- - No changes yet.
9
+ - Added `dayrate.getCheckoutStatus(sessionId)` and checkout-status response types for Bookme/dayrate confirmation polling.
10
+ - Added browser-safe runtime helpers: guarded environment reads, `TokenManager.decodePayload()`, and SPAPS envelope unwrapping/type guards.
11
+ - Added `headerProvider` SDK config for per-request custom context headers without overriding SDK-managed auth headers.
12
+
13
+ ## [1.6.8] - 2026-04-25
14
+
15
+ - Maintenance: align the published SDK package version after release automation.
16
+
17
+ ## [1.6.7] - 2026-04-25
18
+
19
+ - Maintenance: align the published SDK package version after release automation.
10
20
 
11
21
  ## [1.6.6] - 2026-04-20
12
22
 
package/README.md CHANGED
@@ -23,7 +23,7 @@ This package targets `Node.js >=14`.
23
23
 
24
24
  | Need | Package gives you |
25
25
  | --- | --- |
26
- | One client for many SPAPS surfaces | `auth`, `payments`, `sessions`, `secureMessages`, `issueReporting`, `email`, `entitlements`, `dayrate`, `admin`, and `cfo` namespaces |
26
+ | One client for many SPAPS surfaces | `auth`, `payments`, `sessions`, `secureMessages`, `issueReporting`, `appLinks`, `email`, `entitlements`, `skillEvals`, `dayrate`, `admin`, and `cfo` namespaces |
27
27
  | Local development without extra config | Localhost URLs automatically enable local mode |
28
28
  | Browser and server usage | `publishableKey`, `secretKey`, or legacy `apiKey` support |
29
29
  | Shared contracts | Re-exports a large slice of `spaps-types` |
@@ -67,6 +67,7 @@ Constructor values take precedence over environment variables.
67
67
  | `secretKey` | Server-side key for privileged access |
68
68
  | `apiKey` | Legacy key field kept for compatibility |
69
69
  | `timeout` | Request timeout override |
70
+ | `headerProvider` | Optional function returning custom headers to add to every SDK request without overriding `Authorization` or `X-API-Key` |
70
71
 
71
72
  Relevant environment variables:
72
73
 
@@ -84,9 +85,11 @@ Relevant environment variables:
84
85
  | `sessions` | Session lookup, validation, and lifecycle helpers |
85
86
  | `secureMessages` | Secure-message create/list helpers |
86
87
  | `issueReporting` | Status, history, create, update, reply, and voice-token flows |
88
+ | `appLinks` | Authenticated create and public resolve helpers for application-scoped short links |
87
89
  | `email` | Template lookup, preview, and send helpers |
88
90
  | `entitlements` | User and resource entitlement queries |
89
- | `dayrate` | Availability and booking helpers |
91
+ | `skillEvals` | Paid blind skill-eval cases, review rooms, controlled reveal, and governance snapshots |
92
+ | `dayrate` | Availability, Stripe booking, x402 booking-hold, and checkout-status helpers |
90
93
  | `admin` | Product and pricing admin helpers |
91
94
  | `cfo` | CFO-facing reporting endpoints |
92
95
 
@@ -120,6 +123,86 @@ const voiceToken = await spaps.issueReporting.createVoiceToken();
120
123
  console.log(voiceToken.provider, voiceToken.model_id);
121
124
  ```
122
125
 
126
+ ### Application Short Links
127
+
128
+ Use `appLinks` when a browser app needs a stable public URL for large local state, such as compressed diagram state.
129
+
130
+ ```ts
131
+ const spaps = new SPAPSClient({
132
+ apiUrl: "https://api.example.test",
133
+ publishableKey: "spaps_pub_example",
134
+ });
135
+ spaps.setAccessToken(accessToken);
136
+
137
+ const link = await spaps.appLinks.create({
138
+ app_slug: "mmdx",
139
+ resource_kind: "mermaid-diagram",
140
+ target_path: "/diagrams",
141
+ metadata: { diagram_state: "pako:..." },
142
+ });
143
+
144
+ console.log(`/${link.app_slug}/${link.username}/${link.slug}`);
145
+ ```
146
+
147
+ ### Skill Evals
148
+
149
+ Use `skillEvals` for SPAPS-owned blind comparative review cases. Paid creation uses the same `PAYMENT-SIGNATURE` header shape as the x402 namespace.
150
+
151
+ ```ts
152
+ const signedPayment = "base64-x402-payment";
153
+
154
+ const created = await spaps.skillEvals.createCase(
155
+ {
156
+ title: "Docs skill comparison",
157
+ task_claim: "Compare both implementations.",
158
+ success_criteria: ["Finds repo boundaries"],
159
+ candidates: [
160
+ {
161
+ candidate_id: "A",
162
+ output_ref: "spaps-artifact://case/a",
163
+ evidence_summary: "Validation passed",
164
+ artifact_hash: "sha256:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
165
+ artifact_mime: "text/markdown",
166
+ skill_version_digest: "sha256:1111111111111111111111111111111111111111111111111111111111111111",
167
+ provenance_ref: "skill://private/a",
168
+ },
169
+ {
170
+ candidate_id: "B",
171
+ output_ref: "spaps-artifact://case/b",
172
+ evidence_summary: "Validation passed",
173
+ artifact_hash: "sha256:bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
174
+ artifact_mime: "text/markdown",
175
+ skill_version_digest: "sha256:2222222222222222222222222222222222222222222222222222222222222222",
176
+ provenance_ref: "skill://private/b",
177
+ },
178
+ ],
179
+ idempotency_key: "eval-create-001",
180
+ },
181
+ { paymentSignature: signedPayment }
182
+ );
183
+
184
+ const room = await spaps.skillEvals.getReviewRoom(created.case_id);
185
+ console.log(room.reviewer_state);
186
+ ```
187
+
188
+ ### Custom Context Headers
189
+
190
+ Use `headerProvider` when an app needs to attach tenant, app, or principal context to SDK requests:
191
+
192
+ ```ts
193
+ const spaps = new SPAPSClient({
194
+ apiUrl: "https://api.example.test",
195
+ publishableKey: "spaps_pub_example",
196
+ headerProvider: () => ({
197
+ "X-Tenant-Role": resolveTenantRole(),
198
+ "X-App-Slug": "unclawg",
199
+ "X-Principal-Id": resolvePrincipalId(),
200
+ }),
201
+ });
202
+ ```
203
+
204
+ The provider runs on each request. Headers named `Authorization` or `X-API-Key` are ignored because the SDK manages those from `setAccessToken()`, `publishableKey`, `secretKey`, or `apiKey`.
205
+
123
206
  ### Permission Helpers With Explicit Admin Config
124
207
 
125
208
  ```ts
@@ -142,6 +225,27 @@ const isAdmin = isAdminAccount("admin@example.com", customAdmins);
142
225
  console.log(role, adminCheck.allowed, isAdmin);
143
226
  ```
144
227
 
228
+ ### Runtime Helpers
229
+
230
+ ```ts
231
+ import {
232
+ TokenManager,
233
+ isErrorEnvelope,
234
+ unwrapEnvelope,
235
+ unwrapNestedData,
236
+ } from "spaps-sdk";
237
+
238
+ const payload = TokenManager.decodePayload(accessToken);
239
+ const response = unwrapEnvelope(await spaps.health());
240
+ const items = unwrapNestedData(listResponse);
241
+
242
+ if (isErrorEnvelope(errorBody)) {
243
+ console.error(errorBody.error.code, errorBody.error.message);
244
+ }
245
+ ```
246
+
247
+ `decodePayload()` returns `null` for invalid JWTs or non-object payloads. The envelope helpers accept unknown API payloads so apps can handle SPAPS success/error envelopes without copying ad hoc response guards.
248
+
145
249
  ### Convenience Helpers
146
250
 
147
251
  ```ts
@@ -215,7 +319,7 @@ npm run test:readme
215
319
  ## Metadata
216
320
 
217
321
  - `package_name`: `spaps-sdk`
218
- - `latest_version`: `1.6.6`
322
+ - `latest_version`: `1.6.8`
219
323
  - `minimum_runtime`: `Node.js >=14.0.0`
220
324
  - `api_base_url`: `https://api.sweetpotato.dev`
221
325
 
package/dist/index.d.mts CHANGED
@@ -1,6 +1,6 @@
1
1
  import * as spaps_types from 'spaps-types';
2
- import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, Subscription, UsageBalance, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
- export { AdminPermission, AdminRole, AdminUser, ApiResponse, AuthResponse, CheckoutSession, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, Entitlement, IssueReport, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest, UsageBalance, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, createSecureMessageRequestSchema, secureMessageMetadataSchema, secureMessageSchema } from 'spaps-types';
2
+ import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, Subscription, UsageBalance, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
+ export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest, UsageBalance, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, secureMessageMetadataSchema, secureMessageSchema } from 'spaps-types';
4
4
 
5
5
  /**
6
6
  * Permission checking utilities for SPAPS SDK
@@ -244,6 +244,8 @@ declare class WebSocketAuthHelper {
244
244
  }
245
245
 
246
246
  type ApiKeyType = 'publishable' | 'secret';
247
+ /** Returns custom headers to merge into every SDK request. Called per request. */
248
+ type HeaderProvider = () => Record<string, string>;
247
249
  interface SPAPSConfig {
248
250
  apiUrl?: string;
249
251
  /** @deprecated Use publishableKey or secretKey instead */
@@ -254,6 +256,10 @@ interface SPAPSConfig {
254
256
  secretKey?: string;
255
257
  autoDetect?: boolean;
256
258
  timeout?: number;
259
+ /** Additive custom header provider. Called on each request.
260
+ * Returned headers are merged but cannot override SDK-managed
261
+ * `Authorization` or `X-API-Key` headers. */
262
+ headerProvider?: HeaderProvider;
257
263
  }
258
264
  interface CheckoutLineItemPriceData {
259
265
  currency: string;
@@ -354,6 +360,158 @@ interface IssueReportListParams {
354
360
  interface IssueReportStatusParams {
355
361
  scope?: SupportedIssueReportScope;
356
362
  }
363
+ declare class X402PaymentRequiredSDKError extends Error {
364
+ readonly paymentRequiredHeader: string;
365
+ readonly response: unknown;
366
+ constructor(paymentRequiredHeader: string, response: unknown);
367
+ }
368
+ interface X402ExecuteActionOptions {
369
+ paymentSignature?: string;
370
+ target: string;
371
+ bridgeToken?: string;
372
+ bridge_token?: string;
373
+ }
374
+ interface X402ReceiptListParams {
375
+ resourceKey?: string;
376
+ limit?: number;
377
+ offset?: number;
378
+ }
379
+ interface X402VerifyHandoffOptions {
380
+ resourceKey: string;
381
+ actionKey: string;
382
+ }
383
+ type SkillEvalDisclosurePolicy = 'blind_then_controlled_reveal';
384
+ type SkillEvalEligibilitySource = 'admin_assigned' | 'entitlement' | 'policy_import' | 'manual_override';
385
+ type SkillEvalConfidence = 'low' | 'medium' | 'high';
386
+ type SkillEvalPosterResponse = 'accepted' | 'rejected' | 'needs_clarification' | 'applied';
387
+ type SkillEvalRevealField = 'skill_version_digest' | 'provenance_ref';
388
+ type SkillEvalGovernancePurpose = 'adopt_skill' | 'retire_skill' | 'merge_skill' | 'split_skill' | 'reviewer_policy' | 'fund_bounty';
389
+ interface SkillEvalCandidateInput {
390
+ candidate_id: string;
391
+ output_ref: string;
392
+ evidence_summary: string;
393
+ artifact_hash: string;
394
+ artifact_mime: string;
395
+ skill_version_digest: string;
396
+ provenance_ref: string;
397
+ }
398
+ interface SkillEvalReviewerEligibilityInput {
399
+ reviewer_actor_id: string;
400
+ eligibility_source?: SkillEvalEligibilitySource;
401
+ }
402
+ interface CreateSkillEvalCaseRequest {
403
+ title: string;
404
+ task_claim: string;
405
+ success_criteria: string[];
406
+ candidates: SkillEvalCandidateInput[];
407
+ disclosure_policy?: SkillEvalDisclosurePolicy;
408
+ idempotency_key: string;
409
+ reviewer_eligibility?: SkillEvalReviewerEligibilityInput[];
410
+ }
411
+ interface SkillEvalCreateOptions {
412
+ paymentSignature?: string;
413
+ }
414
+ interface SkillEvalMutationOptions {
415
+ ifMatch?: string | number;
416
+ caseVersion?: number;
417
+ }
418
+ interface SkillEvalCaseResponse {
419
+ case_id: string;
420
+ status: string;
421
+ review_room_url?: string;
422
+ x402_action_key?: string;
423
+ x402_receipt_id?: string | null;
424
+ payload_fingerprint?: string;
425
+ case_version: number;
426
+ created_at?: string | null;
427
+ updated_at?: string | null;
428
+ idempotent_replay?: boolean;
429
+ title?: string;
430
+ task_claim?: string;
431
+ success_criteria?: string[];
432
+ candidates?: SkillEvalCandidateResponse[];
433
+ }
434
+ interface SkillEvalCandidateResponse {
435
+ candidate_id: string;
436
+ output_ref: string;
437
+ evidence_summary: string;
438
+ artifact_hash: string;
439
+ artifact_mime: string;
440
+ skill_version_digest?: string;
441
+ provenance_ref?: string;
442
+ }
443
+ interface SkillEvalReviewRoom {
444
+ case_id: string;
445
+ status: string;
446
+ task_claim: string;
447
+ success_criteria: string[];
448
+ candidates: SkillEvalCandidateResponse[];
449
+ reviewer_state: string;
450
+ case_version: number;
451
+ }
452
+ interface SubmitSkillEvalReviewRequest {
453
+ winner_candidate_id: string;
454
+ rationale: string;
455
+ missing_from_winner: string;
456
+ criteria_challenge?: string | null;
457
+ confidence: SkillEvalConfidence;
458
+ }
459
+ interface SkillEvalRewardEvent {
460
+ reward_event_id?: string;
461
+ event_kind: 'participation' | 'accepted_insight' | 'applied_insight' | 'delayed_bonus_candidate';
462
+ }
463
+ interface SkillEvalReviewResponse {
464
+ review_id: string;
465
+ status: string;
466
+ reward_event?: SkillEvalRewardEvent | null;
467
+ }
468
+ interface RespondToSkillEvalReviewRequest {
469
+ response: SkillEvalPosterResponse;
470
+ reason: string;
471
+ skill_change_ref?: string | null;
472
+ }
473
+ interface SkillEvalPosterResponseResult {
474
+ response_id: string;
475
+ response: SkillEvalPosterResponse;
476
+ skill_change_ref?: string | null;
477
+ reward_event?: SkillEvalRewardEvent | null;
478
+ }
479
+ interface RevealSkillEvalEvidenceRequest {
480
+ fields: SkillEvalRevealField[];
481
+ reason: string;
482
+ }
483
+ interface SkillEvalRevealResult {
484
+ reveal_id: string;
485
+ case_id: string;
486
+ status: string;
487
+ revealed_fields: SkillEvalRevealField[];
488
+ }
489
+ interface CreateSkillEvalGovernanceSnapshotRequest {
490
+ proposal_purpose: SkillEvalGovernancePurpose;
491
+ summary?: Record<string, unknown>;
492
+ realms_proposal_ref?: string | null;
493
+ }
494
+ interface SkillEvalGovernanceSnapshotResult {
495
+ snapshot_id: string;
496
+ case_id: string;
497
+ summary: Record<string, unknown>;
498
+ content_hash: string;
499
+ proposal_purpose: SkillEvalGovernancePurpose;
500
+ realms_proposal_ref?: string | null;
501
+ status: string;
502
+ }
503
+ interface ImportSkillEvalGovernanceOutcomeRequest {
504
+ outcome_status: string;
505
+ realms_proposal_ref?: string | null;
506
+ outcome_ref?: string | null;
507
+ notes?: Record<string, unknown>;
508
+ }
509
+ interface SkillEvalGovernanceOutcomeResult {
510
+ snapshot_id: string;
511
+ case_id: string;
512
+ status: string;
513
+ realms_proposal_ref?: string | null;
514
+ }
357
515
 
358
516
  declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Record<string, any>> {
359
517
  private client;
@@ -361,10 +519,17 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
361
519
  private accessToken?;
362
520
  private refreshToken?;
363
521
  private _isLocalMode;
522
+ private headerProvider?;
364
523
  private unwrapApiResponse;
524
+ private skillEvalMutationConfig;
365
525
  private isAxiosResponse;
366
526
  private isResponseLikeWithData;
367
527
  private isApiResponse;
528
+ private static isSdkManagedHeader;
529
+ private static hasHeader;
530
+ private static setHeader;
531
+ private static assertSafeHeaderValue;
532
+ private applyCustomHeaders;
368
533
  admin: {
369
534
  createProduct: (productData: CreateProductRequest) => Promise<{
370
535
  data: Product;
@@ -472,6 +637,22 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
472
637
  */
473
638
  reply: (issueReportId: string, payload: ReplyIssueReportRequest) => Promise<IssueReport>;
474
639
  };
640
+ /**
641
+ * Application-scoped short links for browser apps that need stable public URLs.
642
+ */
643
+ appLinks: {
644
+ /**
645
+ * Create a short link owned by the authenticated user.
646
+ */
647
+ create: (payload: CreateAppLinkRequest) => Promise<AppLink>;
648
+ /**
649
+ * Resolve a public short link for the active application.
650
+ */
651
+ get: (username: string, slug: string, options?: {
652
+ track?: boolean;
653
+ }) => Promise<AppLink>;
654
+ };
655
+ private static envVar;
475
656
  constructor(config?: SPAPSConfig);
476
657
  /** Raw API request helper that returns an ApiResponse-like shape */
477
658
  request<T = any>(method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH', url: string, data?: any, requiresAuth?: boolean): Promise<{
@@ -749,6 +930,31 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
749
930
  message: string;
750
931
  }>;
751
932
  };
933
+ /**
934
+ * x402 paid-resource namespace.
935
+ * Handles resource status checks, payment-gated actions, receipts, and handoff authorization.
936
+ */
937
+ x402: {
938
+ getResourceStatus: (resourceKey: string) => Promise<X402ResourceStatusResponse>;
939
+ executeAction: (resourceKey: string, actionKey: string, options: X402ExecuteActionOptions) => Promise<X402ActionResponse>;
940
+ getReceipt: (receiptId: string) => Promise<X402ReceiptResponse>;
941
+ listReceipts: (params?: X402ReceiptListParams) => Promise<X402ReceiptListResponse>;
942
+ verifyHandoff: (token: string, target: string, bridgeToken: string, options: X402VerifyHandoffOptions) => Promise<X402HandoffVerification>;
943
+ };
944
+ /**
945
+ * Blind comparative skill-eval namespace.
946
+ */
947
+ skillEvals: {
948
+ createCase: (payload: CreateSkillEvalCaseRequest, options?: SkillEvalCreateOptions) => Promise<SkillEvalCaseResponse>;
949
+ getCase: (caseId: string) => Promise<SkillEvalCaseResponse>;
950
+ getReviewRoom: (caseId: string) => Promise<SkillEvalReviewRoom>;
951
+ submitReview: (caseId: string, payload: SubmitSkillEvalReviewRequest, options?: SkillEvalMutationOptions) => Promise<SkillEvalReviewResponse>;
952
+ respondToReview: (caseId: string, reviewId: string, payload: RespondToSkillEvalReviewRequest, options?: SkillEvalMutationOptions) => Promise<SkillEvalPosterResponseResult>;
953
+ lockReviews: (caseId: string, options?: SkillEvalMutationOptions) => Promise<SkillEvalCaseResponse>;
954
+ revealEvidence: (caseId: string, payload: RevealSkillEvalEvidenceRequest, options?: SkillEvalMutationOptions) => Promise<SkillEvalRevealResult>;
955
+ createGovernanceSnapshot: (caseId: string, payload: CreateSkillEvalGovernanceSnapshotRequest, options?: SkillEvalMutationOptions) => Promise<SkillEvalGovernanceSnapshotResult>;
956
+ importGovernanceOutcome: (snapshotId: string, payload: ImportSkillEvalGovernanceOutcomeRequest) => Promise<SkillEvalGovernanceOutcomeResult>;
957
+ };
752
958
  /**
753
959
  * DayRate (Dynamic Scheduling) namespace
754
960
  * For booking half-day sessions with dynamic pricing
@@ -769,6 +975,14 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
769
975
  * Reserves multiple slots with a single checkout session
770
976
  */
771
977
  createMultiBooking: (payload: DayrateMultiBookingRequest) => Promise<DayrateMultiBookingResponse>;
978
+ /**
979
+ * Create a single-slot booking hold backed by an x402 paid-resource action.
980
+ */
981
+ createX402Booking: (payload: DayrateX402BookingRequest) => Promise<DayrateX402BookingResponse>;
982
+ /**
983
+ * Get guest-safe checkout confirmation state for a Stripe session.
984
+ */
985
+ getCheckoutStatus: (sessionId: string) => Promise<DayrateCheckoutStatusResponse>;
772
986
  };
773
987
  createCheckoutSession(priceId: string, successUrl: string, cancelUrl?: string): Promise<{
774
988
  data: CheckoutSession;
@@ -878,6 +1092,7 @@ declare class TokenManager {
878
1092
  static getRefreshToken(): string | null;
879
1093
  static getStoredUser(): User$1 | null;
880
1094
  static clearTokens(): void;
1095
+ static decodePayload(token: string): Record<string, unknown> | null;
881
1096
  static isTokenExpired(token: string): boolean;
882
1097
  static autoRefreshToken(sdk: SPAPSClient): Promise<boolean>;
883
1098
  /**
@@ -903,6 +1118,29 @@ declare class WalletUtils {
903
1118
  static detectChainType(address: string): 'solana' | 'ethereum' | 'bitcoin' | null;
904
1119
  static isValidAddress(address: string, chainType?: 'solana' | 'ethereum' | 'bitcoin' | 'base'): boolean;
905
1120
  }
1121
+ interface SPAPSEnvelope<T = unknown> {
1122
+ success: boolean;
1123
+ data?: T;
1124
+ error?: {
1125
+ code: string;
1126
+ message: string;
1127
+ details?: unknown;
1128
+ };
1129
+ }
1130
+ declare function isEnvelope(value: unknown): value is SPAPSEnvelope;
1131
+ declare function isSuccessEnvelope<T = unknown>(value: unknown): value is SPAPSEnvelope<T> & {
1132
+ success: true;
1133
+ };
1134
+ declare function isErrorEnvelope(value: unknown): value is SPAPSEnvelope & {
1135
+ success: false;
1136
+ error: {
1137
+ code: string;
1138
+ message: string;
1139
+ details?: unknown;
1140
+ };
1141
+ };
1142
+ declare function unwrapEnvelope<T = unknown>(value: unknown, fallbackMessage?: string): T;
1143
+ declare function unwrapNestedData<T = unknown>(value: unknown): T;
906
1144
  /**
907
1145
  * Create a SPAPS client for browser/client-side usage
908
1146
  * Uses publishable key which is safe to expose in client bundles
@@ -938,4 +1176,4 @@ declare function createServerClient(secretKey: string, options?: Omit<SPAPSConfi
938
1176
  */
939
1177
  declare function detectKeyType(key: string): ApiKeyType | null;
940
1178
 
941
- export { type AdminConfig, type ApiKeyType, type CheckoutLineItem, type CheckoutLineItemPriceData, type CreateCheckoutSessionPayload, DEFAULT_ADMIN_ACCOUNTS, type EmailSendOptions, type EmailSendResult, type EmailTemplate, type EmailTemplatePreview, type EntitlementCheckResult, type EntitlementListParams, type FeatureContext, type FeatureDefinition, FeatureEvaluator, type IssueReportListParams, type IssueReportStatusParams, type PermissionCheckResult, PermissionChecker, RoleHierarchy, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, type TemplateVariable, TokenManager, WalletUtils, WebSocketAuthHelper, type WebSocketAuthHelperConfig, canAccessAdmin, createBrowserClient, createPermissionChecker, createServerClient, SPAPSClient as default, defaultPermissionChecker, detectKeyType, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, verifyCryptoWebhookSignature };
1179
+ export { type AdminConfig, type ApiKeyType, type CheckoutLineItem, type CheckoutLineItemPriceData, type CreateCheckoutSessionPayload, type CreateSkillEvalCaseRequest, type CreateSkillEvalGovernanceSnapshotRequest, DEFAULT_ADMIN_ACCOUNTS, type EmailSendOptions, type EmailSendResult, type EmailTemplate, type EmailTemplatePreview, type EntitlementCheckResult, type EntitlementListParams, type FeatureContext, type FeatureDefinition, FeatureEvaluator, type HeaderProvider, type ImportSkillEvalGovernanceOutcomeRequest, type IssueReportListParams, type IssueReportStatusParams, type PermissionCheckResult, PermissionChecker, type RespondToSkillEvalReviewRequest, type RevealSkillEvalEvidenceRequest, RoleHierarchy, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, type SPAPSEnvelope, type SkillEvalCandidateInput, type SkillEvalCandidateResponse, type SkillEvalCaseResponse, type SkillEvalConfidence, type SkillEvalCreateOptions, type SkillEvalDisclosurePolicy, type SkillEvalEligibilitySource, type SkillEvalGovernanceOutcomeResult, type SkillEvalGovernancePurpose, type SkillEvalGovernanceSnapshotResult, type SkillEvalMutationOptions, type SkillEvalPosterResponse, type SkillEvalPosterResponseResult, type SkillEvalRevealField, type SkillEvalRevealResult, type SkillEvalReviewResponse, type SkillEvalReviewRoom, type SkillEvalReviewerEligibilityInput, type SkillEvalRewardEvent, type SubmitSkillEvalReviewRequest, type TemplateVariable, TokenManager, WalletUtils, WebSocketAuthHelper, type WebSocketAuthHelperConfig, type X402ExecuteActionOptions, X402PaymentRequiredSDKError, type X402ReceiptListParams, type X402VerifyHandoffOptions, canAccessAdmin, createBrowserClient, createPermissionChecker, createServerClient, SPAPSClient as default, defaultPermissionChecker, detectKeyType, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, isEnvelope, isErrorEnvelope, isSuccessEnvelope, unwrapEnvelope, unwrapNestedData, verifyCryptoWebhookSignature };