diff --git a/.release-please-manifest.json b/.release-please-manifest.json
index 4758222..53ecb86 100644
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@@ -1,3 +1,3 @@
{
- ".": "0.32.0"
+ ".": "0.33.0"
}
diff --git a/.stats.yml b/.stats.yml
index ad62343..207d899 100644
--- a/.stats.yml
+++ b/.stats.yml
@@ -1,4 +1,4 @@
-configured_endpoints: 108
-openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/kernel%2Fkernel-f967d3024897a6125d5d18c4577dbb2cc22d742d487e6a43165198685f992379.yml
-openapi_spec_hash: e1c40ef0aee3a79168eb9cc854a9e403
-config_hash: 3b1fbbb6bda0dac7e8b42e155cd7da56
+configured_endpoints: 100
+openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/kernel%2Fkernel-13e82ae9e725e2c3ca19da7248a7a9c8696a0dfe088654cf26aea07c76d6567a.yml
+openapi_spec_hash: 6d4151a6066a8474bc56923299aec18a
+config_hash: 82f0a04081a3ab7111d3a9c68cd3ff2b
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a4620f5..be7246d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,18 @@
# Changelog
+## 0.33.0 (2026-02-10)
+
+Full Changelog: [v0.32.0...v0.33.0](https://github.com/kernel/kernel-node-sdk/compare/v0.32.0...v0.33.0)
+
+### Features
+
+* Browser API endpoint grouping ([063a950](https://github.com/kernel/kernel-node-sdk/commit/063a950e3111a3ea560bbd8ae23b1062f9ddc646))
+
+
+### Refactors
+
+* **api:** remove deprecated agent-auth endpoints from stainless.… ([fd445dd](https://github.com/kernel/kernel-node-sdk/commit/fd445dd9d345fb084758b7217a7d0af2232d3b51))
+
## 0.32.0 (2026-02-07)
Full Changelog: [v0.31.2...v0.32.0](https://github.com/kernel/kernel-node-sdk/compare/v0.31.2...v0.32.0)
diff --git a/api.md b/api.md
index 8037ef0..9c757f5 100644
--- a/api.md
+++ b/api.md
@@ -278,40 +278,6 @@ Methods:
- client.browserPools.flush(idOrName) -> void
- client.browserPools.release(idOrName, { ...params }) -> void
-# Agents
-
-## Auth
-
-Types:
-
-- AgentAuthInvocationResponse
-- AgentAuthSubmitResponse
-- AuthAgent
-- AuthAgentCreateRequest
-- AuthAgentInvocationCreateRequest
-- AuthAgentInvocationCreateResponse
-- DiscoveredField
-
-Methods:
-
-- client.agents.auth.create({ ...params }) -> AuthAgent
-- client.agents.auth.retrieve(id) -> AuthAgent
-- client.agents.auth.list({ ...params }) -> AuthAgentsOffsetPagination
-- client.agents.auth.delete(id) -> void
-
-### Invocations
-
-Types:
-
-- InvocationExchangeResponse
-
-Methods:
-
-- client.agents.auth.invocations.create({ ...params }) -> AuthAgentInvocationCreateResponse
-- client.agents.auth.invocations.retrieve(invocationID) -> AgentAuthInvocationResponse
-- client.agents.auth.invocations.exchange(invocationID, { ...params }) -> InvocationExchangeResponse
-- client.agents.auth.invocations.submit(invocationID, { ...params }) -> AgentAuthSubmitResponse
-
# Credentials
Types:
diff --git a/package.json b/package.json
index 6409714..77382fa 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "@onkernel/sdk",
- "version": "0.32.0",
+ "version": "0.33.0",
"description": "The official TypeScript library for the Kernel API",
"author": "Kernel <>",
"types": "dist/index.d.ts",
diff --git a/src/client.ts b/src/client.ts
index 5732b17..212b67c 100644
--- a/src/client.ts
+++ b/src/client.ts
@@ -97,7 +97,6 @@ import {
ProxyListResponse,
ProxyRetrieveResponse,
} from './resources/proxies';
-import { Agents } from './resources/agents/agents';
import { Auth } from './resources/auth/auth';
import {
BrowserCreateParams,
@@ -898,7 +897,6 @@ export class Kernel {
proxies: API.Proxies = new API.Proxies(this);
extensions: API.Extensions = new API.Extensions(this);
browserPools: API.BrowserPools = new API.BrowserPools(this);
- agents: API.Agents = new API.Agents(this);
credentials: API.Credentials = new API.Credentials(this);
credentialProviders: API.CredentialProviders = new API.CredentialProviders(this);
}
@@ -912,7 +910,6 @@ Kernel.Auth = Auth;
Kernel.Proxies = Proxies;
Kernel.Extensions = Extensions;
Kernel.BrowserPools = BrowserPools;
-Kernel.Agents = Agents;
Kernel.Credentials = Credentials;
Kernel.CredentialProviders = CredentialProviders;
@@ -1015,8 +1012,6 @@ export declare namespace Kernel {
type BrowserPoolReleaseParams as BrowserPoolReleaseParams,
};
- export { Agents as Agents };
-
export {
Credentials as Credentials,
type CreateCredentialRequest as CreateCredentialRequest,
diff --git a/src/resources/agents.ts b/src/resources/agents.ts
deleted file mode 100644
index 0c43db0..0000000
--- a/src/resources/agents.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-export * from './agents/index';
diff --git a/src/resources/agents/agents.ts b/src/resources/agents/agents.ts
deleted file mode 100644
index dd0955e..0000000
--- a/src/resources/agents/agents.ts
+++ /dev/null
@@ -1,39 +0,0 @@
-// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-import { APIResource } from '../../core/resource';
-import * as AuthAPI from './auth/auth';
-import {
- AgentAuthInvocationResponse,
- AgentAuthSubmitResponse,
- Auth,
- AuthAgent,
- AuthAgentCreateRequest,
- AuthAgentInvocationCreateRequest,
- AuthAgentInvocationCreateResponse,
- AuthAgentsOffsetPagination,
- AuthCreateParams,
- AuthListParams,
- DiscoveredField,
-} from './auth/auth';
-
-export class Agents extends APIResource {
- auth: AuthAPI.Auth = new AuthAPI.Auth(this._client);
-}
-
-Agents.Auth = Auth;
-
-export declare namespace Agents {
- export {
- Auth as Auth,
- type AgentAuthInvocationResponse as AgentAuthInvocationResponse,
- type AgentAuthSubmitResponse as AgentAuthSubmitResponse,
- type AuthAgent as AuthAgent,
- type AuthAgentCreateRequest as AuthAgentCreateRequest,
- type AuthAgentInvocationCreateRequest as AuthAgentInvocationCreateRequest,
- type AuthAgentInvocationCreateResponse as AuthAgentInvocationCreateResponse,
- type DiscoveredField as DiscoveredField,
- type AuthAgentsOffsetPagination as AuthAgentsOffsetPagination,
- type AuthCreateParams as AuthCreateParams,
- type AuthListParams as AuthListParams,
- };
-}
diff --git a/src/resources/agents/auth.ts b/src/resources/agents/auth.ts
deleted file mode 100644
index b64faa1..0000000
--- a/src/resources/agents/auth.ts
+++ /dev/null
@@ -1,3 +0,0 @@
-// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-export * from './auth/index';
diff --git a/src/resources/agents/auth/auth.ts b/src/resources/agents/auth/auth.ts
deleted file mode 100644
index c812518..0000000
--- a/src/resources/agents/auth/auth.ts
+++ /dev/null
@@ -1,599 +0,0 @@
-// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-import { APIResource } from '../../../core/resource';
-import * as InvocationsAPI from './invocations';
-import {
- InvocationCreateParams,
- InvocationExchangeParams,
- InvocationExchangeResponse,
- InvocationSubmitParams,
- Invocations,
-} from './invocations';
-import { APIPromise } from '../../../core/api-promise';
-import { OffsetPagination, type OffsetPaginationParams, PagePromise } from '../../../core/pagination';
-import { buildHeaders } from '../../../internal/headers';
-import { RequestOptions } from '../../../internal/request-options';
-import { path } from '../../../internal/utils/path';
-
-export class Auth extends APIResource {
- invocations: InvocationsAPI.Invocations = new InvocationsAPI.Invocations(this._client);
-
- /**
- * **Deprecated: Use POST /auth/connections instead.** Creates a new auth agent for
- * the specified domain and profile combination, or returns an existing one if it
- * already exists. This is idempotent - calling with the same domain and profile
- * will return the same agent. Does NOT start an invocation - use POST
- * /agents/auth/invocations to start an auth flow.
- *
- * @deprecated
- */
- create(body: AuthCreateParams, options?: RequestOptions): APIPromise {
- return this._client.post('/agents/auth', { body, ...options });
- }
-
- /**
- * **Deprecated: Use GET /auth/connections/{id} instead.** Retrieve an auth agent
- * by its ID. Returns the current authentication status of the managed profile.
- *
- * @deprecated
- */
- retrieve(id: string, options?: RequestOptions): APIPromise {
- return this._client.get(path`/agents/auth/${id}`, options);
- }
-
- /**
- * **Deprecated: Use GET /auth/connections instead.** List auth agents with
- * optional filters for profile_name and domain.
- *
- * @deprecated
- */
- list(
- query: AuthListParams | null | undefined = {},
- options?: RequestOptions,
- ): PagePromise {
- return this._client.getAPIList('/agents/auth', OffsetPagination, { query, ...options });
- }
-
- /**
- * **Deprecated: Use DELETE /auth/connections/{id} instead.** Deletes an auth agent
- * and terminates its workflow. This will:
- *
- * - Soft delete the auth agent record
- * - Gracefully terminate the agent's Temporal workflow
- * - Cancel any in-progress invocations
- *
- * @deprecated
- */
- delete(id: string, options?: RequestOptions): APIPromise {
- return this._client.delete(path`/agents/auth/${id}`, {
- ...options,
- headers: buildHeaders([{ Accept: '*/*' }, options?.headers]),
- });
- }
-}
-
-export type AuthAgentsOffsetPagination = OffsetPagination;
-
-/**
- * Response from get invocation endpoint
- */
-export interface AgentAuthInvocationResponse {
- /**
- * App name (org name at time of invocation creation)
- */
- app_name: string;
-
- /**
- * Domain for authentication
- */
- domain: string;
-
- /**
- * When the handoff code expires
- */
- expires_at: string;
-
- /**
- * Invocation status
- */
- status: 'IN_PROGRESS' | 'SUCCESS' | 'EXPIRED' | 'CANCELED' | 'FAILED';
-
- /**
- * Current step in the invocation workflow
- */
- step:
- | 'initialized'
- | 'discovering'
- | 'awaiting_input'
- | 'awaiting_external_action'
- | 'submitting'
- | 'completed'
- | 'expired';
-
- /**
- * The session type:
- *
- * - login: User-initiated authentication
- * - reauth: System-triggered re-authentication (via health check)
- */
- type: 'login' | 'reauth';
-
- /**
- * Error message explaining why the invocation failed (present when status=FAILED)
- */
- error_message?: string | null;
-
- /**
- * Instructions for user when external action is required (present when
- * step=awaiting_external_action)
- */
- external_action_message?: string | null;
-
- /**
- * Browser live view URL for debugging the invocation
- */
- live_view_url?: string | null;
-
- /**
- * MFA method options to choose from (present when step=awaiting_input and MFA
- * selection is required)
- */
- mfa_options?: Array | null;
-
- /**
- * Fields currently awaiting input (present when step=awaiting_input)
- */
- pending_fields?: Array | null;
-
- /**
- * SSO buttons available on the page (present when step=awaiting_input)
- */
- pending_sso_buttons?: Array | null;
-
- /**
- * SSO provider being used for authentication (e.g., google, github, microsoft)
- */
- sso_provider?: string | null;
-
- /**
- * Names of fields that have been submitted (present when step=submitting or later)
- */
- submitted_fields?: Array | null;
-}
-
-export namespace AgentAuthInvocationResponse {
- /**
- * An MFA method option for verification
- */
- export interface MfaOption {
- /**
- * The visible option text
- */
- label: string;
-
- /**
- * The MFA delivery method type (includes password for auth method selection pages)
- */
- type: 'sms' | 'call' | 'email' | 'totp' | 'push' | 'password';
-
- /**
- * Additional instructions from the site
- */
- description?: string | null;
-
- /**
- * The masked destination (phone/email) if shown
- */
- target?: string | null;
- }
-
- /**
- * An SSO button for signing in with an external identity provider
- */
- export interface PendingSSOButton {
- /**
- * Visible button text
- */
- label: string;
-
- /**
- * Identity provider name
- */
- provider: string;
-
- /**
- * XPath selector for the button
- */
- selector: string;
- }
-}
-
-/**
- * Response from submit endpoint - returns immediately after submission is accepted
- */
-export interface AgentAuthSubmitResponse {
- /**
- * Whether the submission was accepted for processing
- */
- accepted: boolean;
-}
-
-/**
- * An auth agent that manages authentication for a specific domain and profile
- * combination
- */
-export interface AuthAgent {
- /**
- * Unique identifier for the auth agent
- */
- id: string;
-
- /**
- * Target domain for authentication
- */
- domain: string;
-
- /**
- * Name of the profile associated with this auth agent
- */
- profile_name: string;
-
- /**
- * Current authentication status of the managed profile
- */
- status: 'AUTHENTICATED' | 'NEEDS_AUTH';
-
- /**
- * Additional domains that are valid for this auth agent's authentication flow
- * (besides the primary domain). Useful when login pages redirect to different
- * domains.
- *
- * The following SSO/OAuth provider domains are automatically allowed by default
- * and do not need to be specified:
- *
- * - Google: accounts.google.com
- * - Microsoft/Azure AD: login.microsoftonline.com, login.live.com
- * - Okta: _.okta.com, _.oktapreview.com
- * - Auth0: _.auth0.com, _.us.auth0.com, _.eu.auth0.com, _.au.auth0.com
- * - Apple: appleid.apple.com
- * - GitHub: github.com
- * - Facebook/Meta: www.facebook.com
- * - LinkedIn: www.linkedin.com
- * - Amazon Cognito: \*.amazoncognito.com
- * - OneLogin: \*.onelogin.com
- * - Ping Identity: _.pingone.com, _.pingidentity.com
- */
- allowed_domains?: Array;
-
- /**
- * Whether automatic re-authentication is possible (has credential_id, selectors,
- * and login_url)
- */
- can_reauth?: boolean;
-
- /**
- * Reason why automatic re-authentication is or is not possible
- */
- can_reauth_reason?: string;
-
- /**
- * Reference to credentials for managed auth. Use one of:
- *
- * - { name } for Kernel credentials
- * - { provider, path } for external provider item
- * - { provider, auto: true } for external provider domain lookup
- */
- credential?: AuthAgent.Credential;
-
- /**
- * ID of the linked Kernel credential for automatic re-authentication (deprecated,
- * use credential)
- */
- credential_id?: string;
-
- /**
- * Whether this auth agent has stored selectors for deterministic re-authentication
- */
- has_selectors?: boolean;
-
- /**
- * When the last authentication check was performed
- */
- last_auth_check_at?: string;
-
- /**
- * URL where the browser landed after successful login. Query parameters and
- * fragments are stripped for privacy.
- */
- post_login_url?: string;
-}
-
-export namespace AuthAgent {
- /**
- * Reference to credentials for managed auth. Use one of:
- *
- * - { name } for Kernel credentials
- * - { provider, path } for external provider item
- * - { provider, auto: true } for external provider domain lookup
- */
- export interface Credential {
- /**
- * If true, lookup by domain from the specified provider
- */
- auto?: boolean;
-
- /**
- * Kernel credential name
- */
- name?: string;
-
- /**
- * Provider-specific path (e.g., "VaultName/ItemName" for 1Password)
- */
- path?: string;
-
- /**
- * External provider name (e.g., "my-1p")
- */
- provider?: string;
- }
-}
-
-/**
- * Request to create or find an auth agent
- */
-export interface AuthAgentCreateRequest {
- /**
- * Domain for authentication
- */
- domain: string;
-
- /**
- * Name of the profile to use for this auth agent
- */
- profile_name: string;
-
- /**
- * Additional domains that are valid for this auth agent's authentication flow
- * (besides the primary domain). Useful when login pages redirect to different
- * domains.
- *
- * The following SSO/OAuth provider domains are automatically allowed by default
- * and do not need to be specified:
- *
- * - Google: accounts.google.com
- * - Microsoft/Azure AD: login.microsoftonline.com, login.live.com
- * - Okta: _.okta.com, _.oktapreview.com
- * - Auth0: _.auth0.com, _.us.auth0.com, _.eu.auth0.com, _.au.auth0.com
- * - Apple: appleid.apple.com
- * - GitHub: github.com
- * - Facebook/Meta: www.facebook.com
- * - LinkedIn: www.linkedin.com
- * - Amazon Cognito: \*.amazoncognito.com
- * - OneLogin: \*.onelogin.com
- * - Ping Identity: _.pingone.com, _.pingidentity.com
- */
- allowed_domains?: Array;
-
- /**
- * Optional name of an existing credential to use for this auth agent. If provided,
- * the credential will be linked to the agent and its values will be used to
- * auto-fill the login form on invocation.
- */
- credential_name?: string;
-
- /**
- * Optional login page URL. If provided, will be stored on the agent and used to
- * skip discovery in future invocations.
- */
- login_url?: string;
-
- /**
- * Optional proxy configuration
- */
- proxy?: AuthAgentCreateRequest.Proxy;
-}
-
-export namespace AuthAgentCreateRequest {
- /**
- * Optional proxy configuration
- */
- export interface Proxy {
- /**
- * ID of the proxy to use
- */
- proxy_id?: string;
- }
-}
-
-/**
- * Request to create an invocation for an existing auth agent
- */
-export interface AuthAgentInvocationCreateRequest {
- /**
- * ID of the auth agent to create an invocation for
- */
- auth_agent_id: string;
-
- /**
- * If provided, saves the submitted credentials under this name upon successful
- * login. The credential will be linked to the auth agent for automatic
- * re-authentication.
- */
- save_credential_as?: string;
-}
-
-/**
- * Response from creating an invocation. Always returns an invocation_id.
- */
-export interface AuthAgentInvocationCreateResponse {
- /**
- * When the handoff code expires.
- */
- expires_at: string;
-
- /**
- * One-time code for handoff.
- */
- handoff_code: string;
-
- /**
- * URL to redirect user to.
- */
- hosted_url: string;
-
- /**
- * Unique identifier for the invocation.
- */
- invocation_id: string;
-
- /**
- * The session type:
- *
- * - login: User-initiated authentication
- * - reauth: System-triggered re-authentication (via health check)
- */
- type: 'login' | 'reauth';
-}
-
-/**
- * A discovered form field
- */
-export interface DiscoveredField {
- /**
- * Field label
- */
- label: string;
-
- /**
- * Field name
- */
- name: string;
-
- /**
- * CSS selector for the field
- */
- selector: string;
-
- /**
- * Field type
- */
- type: 'text' | 'email' | 'password' | 'tel' | 'number' | 'url' | 'code' | 'totp';
-
- /**
- * If this field is associated with an MFA option, the type of that option (e.g.,
- * password field linked to "Enter password" option)
- */
- linked_mfa_type?: 'sms' | 'call' | 'email' | 'totp' | 'push' | 'password' | null;
-
- /**
- * Field placeholder
- */
- placeholder?: string;
-
- /**
- * Whether field is required
- */
- required?: boolean;
-}
-
-export interface AuthCreateParams {
- /**
- * Domain for authentication
- */
- domain: string;
-
- /**
- * Name of the profile to use for this auth agent
- */
- profile_name: string;
-
- /**
- * Additional domains that are valid for this auth agent's authentication flow
- * (besides the primary domain). Useful when login pages redirect to different
- * domains.
- *
- * The following SSO/OAuth provider domains are automatically allowed by default
- * and do not need to be specified:
- *
- * - Google: accounts.google.com
- * - Microsoft/Azure AD: login.microsoftonline.com, login.live.com
- * - Okta: _.okta.com, _.oktapreview.com
- * - Auth0: _.auth0.com, _.us.auth0.com, _.eu.auth0.com, _.au.auth0.com
- * - Apple: appleid.apple.com
- * - GitHub: github.com
- * - Facebook/Meta: www.facebook.com
- * - LinkedIn: www.linkedin.com
- * - Amazon Cognito: \*.amazoncognito.com
- * - OneLogin: \*.onelogin.com
- * - Ping Identity: _.pingone.com, _.pingidentity.com
- */
- allowed_domains?: Array;
-
- /**
- * Optional name of an existing credential to use for this auth agent. If provided,
- * the credential will be linked to the agent and its values will be used to
- * auto-fill the login form on invocation.
- */
- credential_name?: string;
-
- /**
- * Optional login page URL. If provided, will be stored on the agent and used to
- * skip discovery in future invocations.
- */
- login_url?: string;
-
- /**
- * Optional proxy configuration
- */
- proxy?: AuthCreateParams.Proxy;
-}
-
-export namespace AuthCreateParams {
- /**
- * Optional proxy configuration
- */
- export interface Proxy {
- /**
- * ID of the proxy to use
- */
- proxy_id?: string;
- }
-}
-
-export interface AuthListParams extends OffsetPaginationParams {
- /**
- * Filter by domain
- */
- domain?: string;
-
- /**
- * Filter by profile name
- */
- profile_name?: string;
-}
-
-Auth.Invocations = Invocations;
-
-export declare namespace Auth {
- export {
- type AgentAuthInvocationResponse as AgentAuthInvocationResponse,
- type AgentAuthSubmitResponse as AgentAuthSubmitResponse,
- type AuthAgent as AuthAgent,
- type AuthAgentCreateRequest as AuthAgentCreateRequest,
- type AuthAgentInvocationCreateRequest as AuthAgentInvocationCreateRequest,
- type AuthAgentInvocationCreateResponse as AuthAgentInvocationCreateResponse,
- type DiscoveredField as DiscoveredField,
- type AuthAgentsOffsetPagination as AuthAgentsOffsetPagination,
- type AuthCreateParams as AuthCreateParams,
- type AuthListParams as AuthListParams,
- };
-
- export {
- Invocations as Invocations,
- type InvocationExchangeResponse as InvocationExchangeResponse,
- type InvocationCreateParams as InvocationCreateParams,
- type InvocationExchangeParams as InvocationExchangeParams,
- type InvocationSubmitParams as InvocationSubmitParams,
- };
-}
diff --git a/src/resources/agents/auth/index.ts b/src/resources/agents/auth/index.ts
deleted file mode 100644
index 490ad25..0000000
--- a/src/resources/agents/auth/index.ts
+++ /dev/null
@@ -1,22 +0,0 @@
-// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-export {
- Auth,
- type AgentAuthInvocationResponse,
- type AgentAuthSubmitResponse,
- type AuthAgent,
- type AuthAgentCreateRequest,
- type AuthAgentInvocationCreateRequest,
- type AuthAgentInvocationCreateResponse,
- type DiscoveredField,
- type AuthCreateParams,
- type AuthListParams,
- type AuthAgentsOffsetPagination,
-} from './auth';
-export {
- Invocations,
- type InvocationExchangeResponse,
- type InvocationCreateParams,
- type InvocationExchangeParams,
- type InvocationSubmitParams,
-} from './invocations';
diff --git a/src/resources/agents/auth/invocations.ts b/src/resources/agents/auth/invocations.ts
deleted file mode 100644
index b41ea8e..0000000
--- a/src/resources/agents/auth/invocations.ts
+++ /dev/null
@@ -1,137 +0,0 @@
-// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-import { APIResource } from '../../../core/resource';
-import * as AuthAPI from './auth';
-import { APIPromise } from '../../../core/api-promise';
-import { RequestOptions } from '../../../internal/request-options';
-import { path } from '../../../internal/utils/path';
-
-export class Invocations extends APIResource {
- /**
- * **Deprecated: Use POST /auth/connections/{id}/login instead.** Creates a new
- * authentication invocation for the specified auth agent. This starts the auth
- * flow and returns a hosted URL for the user to complete authentication.
- *
- * @deprecated
- */
- create(
- body: InvocationCreateParams,
- options?: RequestOptions,
- ): APIPromise {
- return this._client.post('/agents/auth/invocations', { body, ...options });
- }
-
- /**
- * **Deprecated: Use GET /auth/connections/{id} instead.** Returns invocation
- * details including status, app_name, and domain. Supports both API key and JWT
- * (from exchange endpoint) authentication.
- *
- * @deprecated
- */
- retrieve(invocationID: string, options?: RequestOptions): APIPromise {
- return this._client.get(path`/agents/auth/invocations/${invocationID}`, options);
- }
-
- /**
- * **Deprecated: Use POST /auth/connections/{id}/exchange instead.** Validates the
- * handoff code and returns a JWT token for subsequent requests. No authentication
- * required (the handoff code serves as the credential).
- *
- * @deprecated
- */
- exchange(
- invocationID: string,
- body: InvocationExchangeParams,
- options?: RequestOptions,
- ): APIPromise {
- return this._client.post(path`/agents/auth/invocations/${invocationID}/exchange`, { body, ...options });
- }
-
- /**
- * **Deprecated: Use POST /auth/connections/{id}/submit instead.** Submits field
- * values for the discovered login form. Returns immediately after submission is
- * accepted. Poll the invocation endpoint to track progress and get results.
- *
- * @deprecated
- */
- submit(
- invocationID: string,
- body: InvocationSubmitParams,
- options?: RequestOptions,
- ): APIPromise {
- return this._client.post(path`/agents/auth/invocations/${invocationID}/submit`, { body, ...options });
- }
-}
-
-/**
- * Response from exchange endpoint
- */
-export interface InvocationExchangeResponse {
- /**
- * Invocation ID
- */
- invocation_id: string;
-
- /**
- * JWT token with invocation_id claim (30 minute TTL)
- */
- jwt: string;
-}
-
-export interface InvocationCreateParams {
- /**
- * ID of the auth agent to create an invocation for
- */
- auth_agent_id: string;
-
- /**
- * If provided, saves the submitted credentials under this name upon successful
- * login. The credential will be linked to the auth agent for automatic
- * re-authentication.
- */
- save_credential_as?: string;
-}
-
-export interface InvocationExchangeParams {
- /**
- * Handoff code from start endpoint
- */
- code: string;
-}
-
-export type InvocationSubmitParams =
- | InvocationSubmitParams.Variant0
- | InvocationSubmitParams.Variant1
- | InvocationSubmitParams.Variant2;
-
-export declare namespace InvocationSubmitParams {
- export interface Variant0 {
- /**
- * Values for the discovered login fields
- */
- field_values: { [key: string]: string };
- }
-
- export interface Variant1 {
- /**
- * Selector of SSO button to click
- */
- sso_button: string;
- }
-
- export interface Variant2 {
- /**
- * The MFA delivery method type (includes password for auth method selection pages)
- */
- selected_mfa_type: 'sms' | 'call' | 'email' | 'totp' | 'push' | 'password';
- }
-}
-
-export declare namespace Invocations {
- export {
- type InvocationExchangeResponse as InvocationExchangeResponse,
- type InvocationCreateParams as InvocationCreateParams,
- type InvocationExchangeParams as InvocationExchangeParams,
- type InvocationSubmitParams as InvocationSubmitParams,
- };
-}
diff --git a/src/resources/agents/index.ts b/src/resources/agents/index.ts
deleted file mode 100644
index 65bd5a4..0000000
--- a/src/resources/agents/index.ts
+++ /dev/null
@@ -1,16 +0,0 @@
-// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-export { Agents } from './agents';
-export {
- Auth,
- type AgentAuthInvocationResponse,
- type AgentAuthSubmitResponse,
- type AuthAgent,
- type AuthAgentCreateRequest,
- type AuthAgentInvocationCreateRequest,
- type AuthAgentInvocationCreateResponse,
- type DiscoveredField,
- type AuthCreateParams,
- type AuthListParams,
- type AuthAgentsOffsetPagination,
-} from './auth/index';
diff --git a/src/resources/auth/connections.ts b/src/resources/auth/connections.ts
index 8925092..bb0190a 100644
--- a/src/resources/auth/connections.ts
+++ b/src/resources/auth/connections.ts
@@ -2,7 +2,6 @@
import { APIResource } from '../../core/resource';
import * as Shared from '../shared';
-import * as AuthAPI from '../agents/auth/auth';
import { APIPromise } from '../../core/api-promise';
import { OffsetPagination, type OffsetPaginationParams, PagePromise } from '../../core/pagination';
import { Stream } from '../../core/streaming';
@@ -12,8 +11,8 @@ import { path } from '../../internal/utils/path';
export class Connections extends APIResource {
/**
- * Creates managed authentication for a profile and domain combination. Returns 409
- * Conflict if managed auth already exists for the given profile and domain.
+ * Creates an auth connection for a profile and domain combination. Returns 409
+ * Conflict if an auth connection already exists for the given profile and domain.
*
* @example
* ```ts
@@ -28,8 +27,8 @@ export class Connections extends APIResource {
}
/**
- * Retrieve managed auth by its ID. Includes current flow state if a login is in
- * progress.
+ * Retrieve an auth connection by its ID. Includes current flow state if a login is
+ * in progress.
*
* @example
* ```ts
@@ -43,7 +42,7 @@ export class Connections extends APIResource {
}
/**
- * List managed auths with optional filters for profile_name and domain.
+ * List auth connections with optional filters for profile_name and domain.
*
* @example
* ```ts
@@ -61,9 +60,9 @@ export class Connections extends APIResource {
}
/**
- * Deletes managed auth and terminates its workflow. This will:
+ * Deletes an auth connection and terminates its workflow. This will:
*
- * - Delete the managed auth record
+ * - Delete the auth connection record
* - Terminate the Temporal workflow
* - Cancel any in-progress login flows
*
@@ -98,8 +97,8 @@ export class Connections extends APIResource {
}
/**
- * Starts a login flow for the managed auth. Returns immediately with a hosted URL
- * for the user to complete authentication, or triggers automatic re-auth if
+ * Starts a login flow for the auth connection. Returns immediately with a hosted
+ * URL for the user to complete authentication, or triggers automatic re-auth if
* credentials are stored.
*
* @example
@@ -118,8 +117,8 @@ export class Connections extends APIResource {
}
/**
- * Submits field values for the login form. Poll the managed auth to track progress
- * and get results.
+ * Submits field values for the login form. Poll the auth connection to track
+ * progress and get results.
*
* @example
* ```ts
@@ -158,7 +157,7 @@ export interface LoginRequest {
*/
export interface LoginResponse {
/**
- * Managed auth ID
+ * Auth connection ID
*/
id: string;
@@ -195,7 +194,7 @@ export interface LoginResponse {
*/
export interface ManagedAuth {
/**
- * Unique identifier for the managed auth
+ * Unique identifier for the auth connection
*/
id: string;
@@ -205,7 +204,7 @@ export interface ManagedAuth {
domain: string;
/**
- * Name of the profile associated with this managed auth
+ * Name of the profile associated with this auth connection
*/
profile_name: string;
@@ -247,7 +246,7 @@ export interface ManagedAuth {
can_reauth_reason?: string;
/**
- * Reference to credentials for managed auth. Use one of:
+ * Reference to credentials for the auth connection. Use one of:
*
* - { name } for Kernel credentials
* - { provider, path } for external provider item
@@ -258,7 +257,7 @@ export interface ManagedAuth {
/**
* Fields awaiting input (present when flow_step=awaiting_input)
*/
- discovered_fields?: Array | null;
+ discovered_fields?: Array | null;
/**
* Error message (present when flow_status=failed)
@@ -350,7 +349,7 @@ export interface ManagedAuth {
export namespace ManagedAuth {
/**
- * Reference to credentials for managed auth. Use one of:
+ * Reference to credentials for the auth connection. Use one of:
*
* - { name } for Kernel credentials
* - { provider, path } for external provider item
@@ -378,6 +377,47 @@ export namespace ManagedAuth {
provider?: string;
}
+ /**
+ * A discovered form field
+ */
+ export interface DiscoveredField {
+ /**
+ * Field label
+ */
+ label: string;
+
+ /**
+ * Field name
+ */
+ name: string;
+
+ /**
+ * CSS selector for the field
+ */
+ selector: string;
+
+ /**
+ * Field type
+ */
+ type: 'text' | 'email' | 'password' | 'tel' | 'number' | 'url' | 'code' | 'totp';
+
+ /**
+ * If this field is associated with an MFA option, the type of that option (e.g.,
+ * password field linked to "Enter password" option)
+ */
+ linked_mfa_type?: 'sms' | 'call' | 'email' | 'totp' | 'push' | 'password' | null;
+
+ /**
+ * Field placeholder
+ */
+ placeholder?: string;
+
+ /**
+ * Whether field is required
+ */
+ required?: boolean;
+ }
+
/**
* An MFA method option for verification
*/
@@ -425,7 +465,7 @@ export namespace ManagedAuth {
}
/**
- * Request to create managed auth for a profile and domain
+ * Request to create an auth connection for a profile and domain
*/
export interface ManagedAuthCreateRequest {
/**
@@ -460,7 +500,7 @@ export interface ManagedAuthCreateRequest {
allowed_domains?: Array;
/**
- * Reference to credentials for managed auth. Use one of:
+ * Reference to credentials for the auth connection. Use one of:
*
* - { name } for Kernel credentials
* - { provider, path } for external provider item
@@ -489,7 +529,7 @@ export interface ManagedAuthCreateRequest {
export namespace ManagedAuthCreateRequest {
/**
- * Reference to credentials for managed auth. Use one of:
+ * Reference to credentials for the auth connection. Use one of:
*
* - { name } for Kernel credentials
* - { provider, path } for external provider item
@@ -594,7 +634,7 @@ export namespace ConnectionFollowResponse {
/**
* Fields awaiting input (present when flow_step=AWAITING_INPUT).
*/
- discovered_fields?: Array;
+ discovered_fields?: Array;
/**
* Error message (present when flow_status=FAILED).
@@ -646,6 +686,47 @@ export namespace ConnectionFollowResponse {
}
export namespace ManagedAuthStateEvent {
+ /**
+ * A discovered form field
+ */
+ export interface DiscoveredField {
+ /**
+ * Field label
+ */
+ label: string;
+
+ /**
+ * Field name
+ */
+ name: string;
+
+ /**
+ * CSS selector for the field
+ */
+ selector: string;
+
+ /**
+ * Field type
+ */
+ type: 'text' | 'email' | 'password' | 'tel' | 'number' | 'url' | 'code' | 'totp';
+
+ /**
+ * If this field is associated with an MFA option, the type of that option (e.g.,
+ * password field linked to "Enter password" option)
+ */
+ linked_mfa_type?: 'sms' | 'call' | 'email' | 'totp' | 'push' | 'password' | null;
+
+ /**
+ * Field placeholder
+ */
+ placeholder?: string;
+
+ /**
+ * Whether field is required
+ */
+ required?: boolean;
+ }
+
/**
* An MFA method option for verification
*/
@@ -726,7 +807,7 @@ export interface ConnectionCreateParams {
allowed_domains?: Array;
/**
- * Reference to credentials for managed auth. Use one of:
+ * Reference to credentials for the auth connection. Use one of:
*
* - { name } for Kernel credentials
* - { provider, path } for external provider item
@@ -755,7 +836,7 @@ export interface ConnectionCreateParams {
export namespace ConnectionCreateParams {
/**
- * Reference to credentials for managed auth. Use one of:
+ * Reference to credentials for the auth connection. Use one of:
*
* - { name } for Kernel credentials
* - { provider, path } for external provider item
diff --git a/src/resources/index.ts b/src/resources/index.ts
index d29baae..da81cec 100644
--- a/src/resources/index.ts
+++ b/src/resources/index.ts
@@ -1,7 +1,6 @@
// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
export * from './shared';
-export { Agents } from './agents/agents';
export {
Apps,
type AppListResponse,
diff --git a/src/version.ts b/src/version.ts
index b413d15..dc173dd 100644
--- a/src/version.ts
+++ b/src/version.ts
@@ -1 +1 @@
-export const VERSION = '0.32.0'; // x-release-please-version
+export const VERSION = '0.33.0'; // x-release-please-version
diff --git a/tests/api-resources/agents/auth/auth.test.ts b/tests/api-resources/agents/auth/auth.test.ts
deleted file mode 100644
index 1f8a923..0000000
--- a/tests/api-resources/agents/auth/auth.test.ts
+++ /dev/null
@@ -1,86 +0,0 @@
-// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-import Kernel from '@onkernel/sdk';
-
-const client = new Kernel({
- apiKey: 'My API Key',
- baseURL: process.env['TEST_API_BASE_URL'] ?? 'http://127.0.0.1:4010',
-});
-
-describe('resource auth', () => {
- // Prism tests are disabled
- test.skip('create: only required params', async () => {
- const responsePromise = client.agents.auth.create({ domain: 'netflix.com', profile_name: 'user-123' });
- const rawResponse = await responsePromise.asResponse();
- expect(rawResponse).toBeInstanceOf(Response);
- const response = await responsePromise;
- expect(response).not.toBeInstanceOf(Response);
- const dataAndResponse = await responsePromise.withResponse();
- expect(dataAndResponse.data).toBe(response);
- expect(dataAndResponse.response).toBe(rawResponse);
- });
-
- // Prism tests are disabled
- test.skip('create: required and optional params', async () => {
- const response = await client.agents.auth.create({
- domain: 'netflix.com',
- profile_name: 'user-123',
- allowed_domains: ['login.netflix.com', 'auth.netflix.com'],
- credential_name: 'my-netflix-login',
- login_url: 'https://netflix.com/login',
- proxy: { proxy_id: 'proxy_id' },
- });
- });
-
- // Prism tests are disabled
- test.skip('retrieve', async () => {
- const responsePromise = client.agents.auth.retrieve('id');
- const rawResponse = await responsePromise.asResponse();
- expect(rawResponse).toBeInstanceOf(Response);
- const response = await responsePromise;
- expect(response).not.toBeInstanceOf(Response);
- const dataAndResponse = await responsePromise.withResponse();
- expect(dataAndResponse.data).toBe(response);
- expect(dataAndResponse.response).toBe(rawResponse);
- });
-
- // Prism tests are disabled
- test.skip('list', async () => {
- const responsePromise = client.agents.auth.list();
- const rawResponse = await responsePromise.asResponse();
- expect(rawResponse).toBeInstanceOf(Response);
- const response = await responsePromise;
- expect(response).not.toBeInstanceOf(Response);
- const dataAndResponse = await responsePromise.withResponse();
- expect(dataAndResponse.data).toBe(response);
- expect(dataAndResponse.response).toBe(rawResponse);
- });
-
- // Prism tests are disabled
- test.skip('list: request options and params are passed correctly', async () => {
- // ensure the request options are being passed correctly by passing an invalid HTTP method in order to cause an error
- await expect(
- client.agents.auth.list(
- {
- domain: 'domain',
- limit: 100,
- offset: 0,
- profile_name: 'profile_name',
- },
- { path: '/_stainless_unknown_path' },
- ),
- ).rejects.toThrow(Kernel.NotFoundError);
- });
-
- // Prism tests are disabled
- test.skip('delete', async () => {
- const responsePromise = client.agents.auth.delete('id');
- const rawResponse = await responsePromise.asResponse();
- expect(rawResponse).toBeInstanceOf(Response);
- const response = await responsePromise;
- expect(response).not.toBeInstanceOf(Response);
- const dataAndResponse = await responsePromise.withResponse();
- expect(dataAndResponse.data).toBe(response);
- expect(dataAndResponse.response).toBe(rawResponse);
- });
-});
diff --git a/tests/api-resources/agents/auth/invocations.test.ts b/tests/api-resources/agents/auth/invocations.test.ts
deleted file mode 100644
index b30496c..0000000
--- a/tests/api-resources/agents/auth/invocations.test.ts
+++ /dev/null
@@ -1,80 +0,0 @@
-// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.
-
-import Kernel from '@onkernel/sdk';
-
-const client = new Kernel({
- apiKey: 'My API Key',
- baseURL: process.env['TEST_API_BASE_URL'] ?? 'http://127.0.0.1:4010',
-});
-
-describe('resource invocations', () => {
- // Prism tests are disabled
- test.skip('create: only required params', async () => {
- const responsePromise = client.agents.auth.invocations.create({ auth_agent_id: 'abc123xyz' });
- const rawResponse = await responsePromise.asResponse();
- expect(rawResponse).toBeInstanceOf(Response);
- const response = await responsePromise;
- expect(response).not.toBeInstanceOf(Response);
- const dataAndResponse = await responsePromise.withResponse();
- expect(dataAndResponse.data).toBe(response);
- expect(dataAndResponse.response).toBe(rawResponse);
- });
-
- // Prism tests are disabled
- test.skip('create: required and optional params', async () => {
- const response = await client.agents.auth.invocations.create({
- auth_agent_id: 'abc123xyz',
- save_credential_as: 'my-netflix-login',
- });
- });
-
- // Prism tests are disabled
- test.skip('retrieve', async () => {
- const responsePromise = client.agents.auth.invocations.retrieve('invocation_id');
- const rawResponse = await responsePromise.asResponse();
- expect(rawResponse).toBeInstanceOf(Response);
- const response = await responsePromise;
- expect(response).not.toBeInstanceOf(Response);
- const dataAndResponse = await responsePromise.withResponse();
- expect(dataAndResponse.data).toBe(response);
- expect(dataAndResponse.response).toBe(rawResponse);
- });
-
- // Prism tests are disabled
- test.skip('exchange: only required params', async () => {
- const responsePromise = client.agents.auth.invocations.exchange('invocation_id', { code: 'abc123xyz' });
- const rawResponse = await responsePromise.asResponse();
- expect(rawResponse).toBeInstanceOf(Response);
- const response = await responsePromise;
- expect(response).not.toBeInstanceOf(Response);
- const dataAndResponse = await responsePromise.withResponse();
- expect(dataAndResponse.data).toBe(response);
- expect(dataAndResponse.response).toBe(rawResponse);
- });
-
- // Prism tests are disabled
- test.skip('exchange: required and optional params', async () => {
- const response = await client.agents.auth.invocations.exchange('invocation_id', { code: 'abc123xyz' });
- });
-
- // Prism tests are disabled
- test.skip('submit: only required params', async () => {
- const responsePromise = client.agents.auth.invocations.submit('invocation_id', {
- field_values: { email: 'user@example.com', password: '********' },
- });
- const rawResponse = await responsePromise.asResponse();
- expect(rawResponse).toBeInstanceOf(Response);
- const response = await responsePromise;
- expect(response).not.toBeInstanceOf(Response);
- const dataAndResponse = await responsePromise.withResponse();
- expect(dataAndResponse.data).toBe(response);
- expect(dataAndResponse.response).toBe(rawResponse);
- });
-
- // Prism tests are disabled
- test.skip('submit: required and optional params', async () => {
- const response = await client.agents.auth.invocations.submit('invocation_id', {
- field_values: { email: 'user@example.com', password: '********' },
- });
- });
-});