vanta-auditor-api-sdk 0.2.0 → 0.3.0

package/src/hooks/types.ts

@@ -2,6 +2,7 @@
  * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
  */
 
+import { SDKOptions } from "../lib/config.js";
 import { HTTPClient, RequestInput } from "../lib/http.js";
 import { RetryConfig } from "../lib/retries.js";
 import { SecurityState } from "../lib/security.js";
@@ -13,6 +14,7 @@ export type HookContext = {
   securitySource?: any | (() => Promise<any>);
   retryConfig: RetryConfig;
   resolvedSecurity: SecurityState | null;
+  options: SDKOptions;
 };
 
 export type Awaitable<T> = T | Promise<T>;

package/src/index.ts

@@ -4,4 +4,6 @@
 
 export * from "./lib/config.js";
 export * as files from "./lib/files.js";
+export { HTTPClient } from "./lib/http.js";
+export type { Fetcher, HTTPClientOptions } from "./lib/http.js";
 export * from "./sdk/sdk.js";

package/src/lib/config.ts

@@ -37,6 +37,10 @@ export type SDKOptions = {
    * Allows overriding the default server URL used by the SDK
    */
   serverURL?: string | undefined;
+  /**
+   * Allows overriding the default user agent used by the SDK
+   */
+  userAgent?: string | undefined;
   /**
    * Allows overriding the default retry config used by the SDK
    */
@@ -65,8 +69,8 @@ export function serverURLFromOptions(options: SDKOptions): URL | null {
 export const SDK_METADATA = {
   language: "typescript",
   openapiDocVersion: "1.0.0",
-  sdkVersion: "0.2.0",
-  genVersion: "2.578.0",
+  sdkVersion: "0.3.0",
+  genVersion: "2.658.3",
   userAgent:
-    "speakeasy-sdk/typescript 0.2.0 2.578.0 1.0.0 vanta-auditor-api-sdk",
+    "speakeasy-sdk/typescript 0.3.0 2.658.3 1.0.0 vanta-auditor-api-sdk",
 } as const;

package/src/lib/files.ts

@@ -38,3 +38,45 @@ export async function readableStreamToArrayBuffer(
 
   return concatenatedChunks.buffer as ArrayBuffer;
 }
+
+/**
+ * Determines the MIME content type based on a file's extension.
+ * Returns null if the extension is not recognized.
+ */
+export function getContentTypeFromFileName(fileName: string): string | null {
+  if (!fileName) return null;
+
+  const ext = fileName.toLowerCase().split(".").pop();
+  if (!ext) return null;
+
+  const mimeTypes: Record<string, string> = {
+    json: "application/json",
+    xml: "application/xml",
+    html: "text/html",
+    htm: "text/html",
+    txt: "text/plain",
+    csv: "text/csv",
+    pdf: "application/pdf",
+    png: "image/png",
+    jpg: "image/jpeg",
+    jpeg: "image/jpeg",
+    gif: "image/gif",
+    svg: "image/svg+xml",
+    js: "application/javascript",
+    css: "text/css",
+    zip: "application/zip",
+    tar: "application/x-tar",
+    gz: "application/gzip",
+    mp4: "video/mp4",
+    mp3: "audio/mpeg",
+    wav: "audio/wav",
+    webp: "image/webp",
+    ico: "image/x-icon",
+    woff: "font/woff",
+    woff2: "font/woff2",
+    ttf: "font/ttf",
+    otf: "font/otf",
+  };
+
+  return mimeTypes[ext] || null;
+}

package/src/lib/matchers.ts

@@ -3,11 +3,10 @@
  */
 
 import { APIError } from "../models/errors/apierror.js";
-import { SDKValidationError } from "../models/errors/sdkvalidationerror.js";
-import { Result } from "../types/fp.js";
+import { ResponseValidationError } from "../models/errors/responsevalidationerror.js";
+import { ERR, OK, Result } from "../types/fp.js";
 import { matchResponse, matchStatusCode, StatusCodePredicate } from "./http.js";
 import { isPlainObject } from "./is-plain-object.js";
-import { safeParse } from "./schemas.js";
 
 export type Encoding =
   | "jsonl"
@@ -176,17 +175,19 @@ export type MatchedError<Matchers> = Matchers extends Matcher<any, infer E>[]
   : never;
 export type MatchFunc<T, E> = (
   response: Response,
+  request: Request,
   options?: { resultKey?: string; extraFields?: Record<string, unknown> },
 ) => Promise<[result: Result<T, E>, raw: unknown]>;
 
 export function match<T, E>(
   ...matchers: Array<Matcher<T, E>>
-): MatchFunc<T, E | APIError | SDKValidationError> {
+): MatchFunc<T, E | APIError | ResponseValidationError> {
   return async function matchFunc(
     response: Response,
+    request: Request,
     options?: { resultKey?: string; extraFields?: Record<string, unknown> },
   ): Promise<
-    [result: Result<T, E | APIError | SDKValidationError>, raw: unknown]
+    [result: Result<T, E | APIError | ResponseValidationError>, raw: unknown]
   > {
     let raw: unknown;
     let matcher: Matcher<T, E> | undefined;
@@ -205,21 +206,22 @@ export function match<T, E>(
     }
 
     if (!matcher) {
-      const responseBody = await response.text();
       return [{
         ok: false,
-        error: new APIError(
-          "Unexpected API response status or content-type",
+        error: new APIError("Unexpected Status or Content-Type", {
           response,
-          responseBody,
-        ),
-      }, responseBody];
+          request,
+          body: await response.text().catch(() => ""),
+        }),
+      }, raw];
     }
 
     const encoding = matcher.enc;
+    let body = "";
     switch (encoding) {
       case "json":
-        raw = await response.json();
+        body = await response.text();
+        raw = JSON.parse(body);
         break;
       case "jsonl":
         raw = response.body;
@@ -231,16 +233,19 @@ export function match<T, E>(
         raw = response.body;
         break;
       case "text":
-        raw = await response.text();
+        body = await response.text();
+        raw = body;
         break;
       case "sse":
         raw = response.body;
         break;
       case "nil":
-        raw = await discardResponseBody(response);
+        body = await response.text();
+        raw = undefined;
         break;
       case "fail":
-        raw = await response.text();
+        body = await response.text();
+        raw = body;
         break;
       default:
         encoding satisfies never;
@@ -250,11 +255,7 @@ export function match<T, E>(
     if (matcher.enc === "fail") {
       return [{
         ok: false,
-        error: new APIError(
-          "API error occurred",
-          response,
-          typeof raw === "string" ? raw : "",
-        ),
+        error: new APIError("API error occurred", { request, response, body }),
       }, raw];
     }
 
@@ -266,6 +267,9 @@ export function match<T, E>(
         ...options?.extraFields,
         ...(matcher.hdrs ? { Headers: unpackHeaders(response.headers) } : null),
         ...(isPlainObject(raw) ? raw : null),
+        request$: request,
+        response$: response,
+        body$: body,
       };
     } else if (resultKey) {
       data = {
@@ -284,18 +288,20 @@ export function match<T, E>(
     }
 
     if ("err" in matcher) {
-      const result = safeParse(
+      const result = safeParseResponse(
         data,
         (v: unknown) => matcher.schema.parse(v),
         "Response validation failed",
+        { request, response, body },
       );
       return [result.ok ? { ok: false, error: result.value } : result, raw];
     } else {
       return [
-        safeParse(
+        safeParseResponse(
           data,
           (v: unknown) => matcher.schema.parse(v),
           "Response validation failed",
+          { request, response, body },
         ),
         raw,
       ];
@@ -318,25 +324,22 @@ export function unpackHeaders(headers: Headers): Record<string, string[]> {
   return out;
 }
 
-/**
- * Discards the response body to free up resources.
- *
- * To learn why this is need, see the undici docs:
- * https://undici.nodejs.org/#/?id=garbage-collection
- */
-export async function discardResponseBody(res: Response) {
-  const reader = res.body?.getReader();
-  if (reader == null) {
-    return;
-  }
-
+function safeParseResponse<Inp, Out>(
+  rawValue: Inp,
+  fn: (value: Inp) => Out,
+  errorMessage: string,
+  httpMeta: { response: Response; request: Request; body: string },
+): Result<Out, ResponseValidationError> {
   try {
-    let done = false;
-    while (!done) {
-      const res = await reader.read();
-      done = res.done;
-    }
-  } finally {
-    reader.releaseLock();
+    return OK(fn(rawValue));
+  } catch (err) {
+    return ERR(
+      new ResponseValidationError(errorMessage, {
+        cause: err,
+        rawValue,
+        rawMessage: errorMessage,
+        ...httpMeta,
+      }),
+    );
   }
 }

package/src/lib/sdks.ts

@@ -47,12 +47,14 @@ export type RequestOptions = {
    */
   serverURL?: string | URL;
   /**
+   * @deprecated `fetchOptions` has been flattened into `RequestOptions`.
+   *
    * Sets various request options on the `fetch` call made by an SDK method.
    *
    * @see {@link https://developer.mozilla.org/en-US/docs/Web/API/Request/Request#options|Request}
    */
   fetchOptions?: Omit<RequestInit, "method" | "body">;
-};
+} & Omit<RequestInit, "method" | "body">;
 
 type RequestConfig = {
   method: string;
@@ -63,6 +65,7 @@ type RequestConfig = {
   headers?: HeadersInit;
   security?: SecurityState | null;
   uaHeader?: string;
+  userAgent?: string | undefined;
   timeoutMs?: number;
 };
 
@@ -94,19 +97,21 @@ export class ClientSDK {
     } else {
       this.#hooks = new SDKHooks();
     }
-    this._options = { ...options, hooks: this.#hooks };
-
     const url = serverURLFromOptions(options);
     if (url) {
       url.pathname = url.pathname.replace(/\/+$/, "") + "/";
     }
+
     const { baseURL, client } = this.#hooks.sdkInit({
       baseURL: url,
       client: options.httpClient || new HTTPClient(),
     });
     this._baseURL = baseURL;
     this.#httpClient = client;
-    this.#logger = options.debugLogger;
+
+    this._options = { ...options, hooks: this.#hooks };
+
+    this.#logger = this._options.debugLogger;
     if (!this.#logger && env().VANTA_DEBUG) {
       this.#logger = console;
     }
@@ -172,7 +177,9 @@ export class ClientSDK {
     cookie = cookie.startsWith("; ") ? cookie.slice(2) : cookie;
     headers.set("cookie", cookie);
 
-    const userHeaders = new Headers(options?.fetchOptions?.headers);
+    const userHeaders = new Headers(
+      options?.headers ?? options?.fetchOptions?.headers,
+    );
     for (const [k, v] of userHeaders) {
       headers.set(k, v);
     }
@@ -180,23 +187,22 @@ export class ClientSDK {
     // Only set user agent header in non-browser-like environments since CORS
     // policy disallows setting it in browsers e.g. Chrome throws an error.
     if (!isBrowserLike) {
-      headers.set(conf.uaHeader ?? "user-agent", SDK_METADATA.userAgent);
+      headers.set(
+        conf.uaHeader ?? "user-agent",
+        conf.userAgent ?? SDK_METADATA.userAgent,
+      );
     }
 
-    let fetchOptions = options?.fetchOptions;
+    const fetchOptions: Omit<RequestInit, "method" | "body"> = {
+      ...options?.fetchOptions,
+      ...options,
+    };
     if (!fetchOptions?.signal && conf.timeoutMs && conf.timeoutMs > 0) {
       const timeoutSignal = AbortSignal.timeout(conf.timeoutMs);
-      if (!fetchOptions) {
-        fetchOptions = { signal: timeoutSignal };
-      } else {
-        fetchOptions.signal = timeoutSignal;
-      }
+      fetchOptions.signal = timeoutSignal;
     }
 
     if (conf.body instanceof ReadableStream) {
-      if (!fetchOptions) {
-        fetchOptions = {};
-      }
       Object.assign(fetchOptions, { duplex: "half" });
     }
 

package/src/lib/security.ts

@@ -7,8 +7,8 @@ import { env } from "./env.js";
 
 type OAuth2PasswordFlow = {
   username: string;
-  password?: string | undefined;
-  clientID: string;
+  password: string;
+  clientID?: string | undefined;
   clientSecret?: string | undefined;
   tokenURL: string;
 };

package/src/mcp-server/cli/start/command.ts

@@ -6,7 +6,6 @@ import { buildCommand } from "@stricli/core";
 import { numberParser } from "@stricli/core";
 import * as z from "zod";
 import { consoleLoggerLevels } from "../../console-logger.js";
-import { mcpScopes } from "../../scopes.js";
 
 export const startCommand = buildCommand({
   loader: async () => {
@@ -37,18 +36,6 @@ export const startCommand = buildCommand({
           return z.string().parse(value);
         },
       },
-      ...(mcpScopes.length
-        ? {
-          scope: {
-            kind: "enum",
-            brief:
-              "Mount tools/resources that match given scope (repeatable flag)",
-            values: mcpScopes,
-            variadic: true,
-            optional: true,
-          },
-        }
-        : {}),
       "bearer-auth": {
         kind: "parsed",
         brief: "Sets the bearerAuth auth field for the API",

package/src/mcp-server/cli/start/impl.ts

@@ -11,14 +11,12 @@ import {
   ConsoleLoggerLevel,
   createConsoleLogger,
 } from "../../console-logger.js";
-import { MCPScope } from "../../scopes.js";
 import { createMCPServer } from "../../server.js";
 
 interface StartCommandFlags {
   readonly transport: "stdio" | "sse";
   readonly port: number;
   readonly tool?: string[];
-  readonly scope?: MCPScope[];
   readonly "bearer-auth"?: string | undefined;
   readonly "server-url"?: string;
   readonly "server-index"?: SDKOptions["serverIdx"];
@@ -49,8 +47,7 @@ async function startStdio(flags: StartCommandFlags) {
   const server = createMCPServer({
     logger,
     allowedTools: flags.tool,
-    scopes: flags.scope,
-    ...{ bearerAuth: flags["bearer-auth"] },
+    ...{ bearerAuth: flags["bearer-auth"] ?? "" },
     serverURL: flags["server-url"],
     serverIdx: flags["server-index"],
   });
@@ -70,8 +67,7 @@ async function startSSE(flags: StartCommandFlags) {
   const mcpServer = createMCPServer({
     logger,
     allowedTools: flags.tool,
-    scopes: flags.scope,
-    ...{ bearerAuth: flags["bearer-auth"] },
+    ...{ bearerAuth: flags["bearer-auth"] ?? "" },
     serverURL: flags["server-url"],
     serverIdx: flags["server-index"],
   });

package/src/mcp-server/mcp-server.ts

@@ -19,7 +19,7 @@ const routes = buildRouteMap({
 export const app = buildApplication(routes, {
   name: "mcp",
   versionInfo: {
-    currentVersion: "0.2.0",
+    currentVersion: "0.3.0",
   },
 });
 

package/src/mcp-server/server.ts

@@ -34,7 +34,7 @@ export function createMCPServer(deps: {
 }) {
   const server = new McpServer({
     name: "Vanta",
-    version: "0.2.0",
+    version: "0.3.0",
   });
 
   const client = new VantaCore({

package/src/models/components/audit.ts

@@ -6,6 +6,11 @@ import * as z from "zod";
 import { safeParse } from "../../lib/schemas.js";
 import { Result as SafeParseResult } from "../../types/fp.js";
 import { SDKValidationError } from "../errors/sdkvalidationerror.js";
+import {
+  AuditFocus,
+  AuditFocus$inboundSchema,
+  AuditFocus$outboundSchema,
+} from "./auditfocus.js";
 
 export type Audit = {
   /**
@@ -35,7 +40,7 @@ export type Audit = {
   /**
    * Timestamp at which auditors gain access to the audit. Occurs before the audit window begins
    */
-  earlyAccessStartsDate: Date | null;
+  earlyAccessStartsAt: Date | null;
   /**
    * The name of the framework for the audit
    */
@@ -64,6 +69,7 @@ export type Audit = {
    * Timestamp when the audit was marked completed, and report was uploaded
    */
   completionDate: Date | null;
+  auditFocus: AuditFocus;
 };
 
 /** @internal */
@@ -79,7 +85,7 @@ export const Audit$inboundSchema: z.ZodType<Audit, z.ZodTypeDef, unknown> = z
     auditEndDate: z.string().datetime({ offset: true }).transform(v =>
       new Date(v)
     ),
-    earlyAccessStartsDate: z.nullable(
+    earlyAccessStartsAt: z.nullable(
       z.string().datetime({ offset: true }).transform(v => new Date(v)),
     ),
     framework: z.string(),
@@ -97,6 +103,7 @@ export const Audit$inboundSchema: z.ZodType<Audit, z.ZodTypeDef, unknown> = z
     completionDate: z.nullable(
       z.string().datetime({ offset: true }).transform(v => new Date(v)),
     ),
+    auditFocus: AuditFocus$inboundSchema,
   });
 
 /** @internal */
@@ -107,7 +114,7 @@ export type Audit$Outbound = {
   customerOrganizationId: string;
   auditStartDate: string;
   auditEndDate: string;
-  earlyAccessStartsDate: string | null;
+  earlyAccessStartsAt: string | null;
   framework: string;
   allowAuditorEmails: Array<string>;
   allowAllAuditors: boolean;
@@ -115,6 +122,7 @@ export type Audit$Outbound = {
   creationDate: string;
   modificationDate: string | null;
   completionDate: string | null;
+  auditFocus: string;
 };
 
 /** @internal */
@@ -129,7 +137,7 @@ export const Audit$outboundSchema: z.ZodType<
   customerOrganizationId: z.string(),
   auditStartDate: z.date().transform(v => v.toISOString()),
   auditEndDate: z.date().transform(v => v.toISOString()),
-  earlyAccessStartsDate: z.nullable(z.date().transform(v => v.toISOString())),
+  earlyAccessStartsAt: z.nullable(z.date().transform(v => v.toISOString())),
   framework: z.string(),
   allowAuditorEmails: z.array(z.string()),
   allowAllAuditors: z.boolean(),
@@ -137,6 +145,7 @@ export const Audit$outboundSchema: z.ZodType<
   creationDate: z.date().transform(v => v.toISOString()),
   modificationDate: z.nullable(z.date().transform(v => v.toISOString())),
   completionDate: z.nullable(z.date().transform(v => v.toISOString())),
+  auditFocus: AuditFocus$outboundSchema,
 });
 
 /**

package/src/models/components/auditfocus.ts

@@ -0,0 +1,31 @@
+/*
+ * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+ */
+
+import * as z from "zod";
+import { ClosedEnum } from "../../types/enums.js";
+
+export const AuditFocus = {
+  External: "EXTERNAL",
+  Internal: "INTERNAL",
+} as const;
+export type AuditFocus = ClosedEnum<typeof AuditFocus>;
+
+/** @internal */
+export const AuditFocus$inboundSchema: z.ZodNativeEnum<typeof AuditFocus> = z
+  .nativeEnum(AuditFocus);
+
+/** @internal */
+export const AuditFocus$outboundSchema: z.ZodNativeEnum<typeof AuditFocus> =
+  AuditFocus$inboundSchema;
+
+/**
+ * @internal
+ * @deprecated This namespace will be removed in future versions. Use schemas and types that are exported directly from this module.
+ */
+export namespace AuditFocus$ {
+  /** @deprecated use `AuditFocus$inboundSchema` instead. */
+  export const inboundSchema = AuditFocus$inboundSchema;
+  /** @deprecated use `AuditFocus$outboundSchema` instead. */
+  export const outboundSchema = AuditFocus$outboundSchema;
+}

package/src/models/components/index.ts

@@ -8,6 +8,7 @@ export * from "./audit.js";
 export * from "./auditevidencestate.js";
 export * from "./auditevidencetype.js";
 export * from "./auditevidenceupdateinput.js";
+export * from "./auditfocus.js";
 export * from "./auditor.js";
 export * from "./auditorcontrol.js";
 export * from "./auditorenabledstatetransition.js";

package/src/models/errors/apierror.ts

@@ -2,26 +2,39 @@
  * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
  */
 
-export class APIError extends Error {
-  public readonly statusCode: number;
-  public readonly contentType: string;
+import { VantaError } from "./vantaerror.js";
 
+/** The fallback error class if no more specific error class is matched */
+export class APIError extends VantaError {
   constructor(
     message: string,
-    public readonly rawResponse: Response,
-    public readonly body: string = "",
+    httpMeta: {
+      response: Response;
+      request: Request;
+      body: string;
+    },
   ) {
-    const statusCode = rawResponse.status;
-    const contentType = rawResponse.headers.get("content-type") || "";
-    const bodyString = body.length > 0 ? `\n${body}` : "";
-
-    super(
-      `${message}: Status ${statusCode} Content-Type ${contentType} Body ${bodyString}`,
-    );
-
-    this.statusCode = statusCode;
-    this.contentType = contentType;
-
+    if (message) {
+      message += `: `;
+    }
+    message += `Status ${httpMeta.response.status}`;
+    const contentType = httpMeta.response.headers.get("content-type") || `""`;
+    if (contentType !== "application/json") {
+      message += ` Content-Type ${
+        contentType.includes(" ") ? `"${contentType}"` : contentType
+      }`;
+    }
+    const body = httpMeta.body || `""`;
+    message += body.length > 100 ? "\n" : ". ";
+    let bodyDisplay = body;
+    if (body.length > 10000) {
+      const truncated = body.substring(0, 10000);
+      const remaining = body.length - 10000;
+      bodyDisplay = `${truncated}...and ${remaining} more chars`;
+    }
+    message += `Body: ${bodyDisplay}`;
+    message = message.trim();
+    super(message, httpMeta);
     this.name = "APIError";
   }
 }

package/src/models/errors/index.ts

@@ -4,4 +4,5 @@
 
 export * from "./apierror.js";
 export * from "./httpclienterrors.js";
+export * from "./responsevalidationerror.js";
 export * from "./sdkvalidationerror.js";