Struct Client 

pub struct Client { /* private fields */ }

Client for Harmont API

Harmont’s user-facing REST authentication API.

Version: 0

Implementations

impl Client

pub fn new(baseurl: &str) -> Self

Create a new client.

baseurl is the base URL provided to the internal reqwest::Client, and should include a scheme and hostname, as well as port and a path stem if applicable.

pub fn new_with_client(baseurl: &str, client: Client) -> Self

Construct a new client with an existing reqwest::Client, allowing more control over its configuration.

baseurl is the base URL provided to the internal reqwest::Client, and should include a scheme and hostname, as well as port and a path stem if applicable.

impl Client

pub async fn recover_finalize<'a>( &'a self, body: &'a RecoverFinalizeRequest, ) -> Result<ResponseValue<AuthTokenResponse>, Error<Error>>

Finalize account recovery

Consumes the magic link + challenge, registers a fresh passkey, and returns a session token.

Sends a POST request to /api/v0/auth/recover/finalize

Arguments:

• body: Finalize request

pub async fn disconnect_github_installation<'a>( &'a self, org: &'a str, id: i64, ) -> Result<ResponseValue<()>, Error<Error>>

Disconnect a GitHub installation from the organization

Unbinds the installation (by GitHub numeric id) from this organization. Idempotent: a 204 is returned whether or not the installation was bound to this organization.

Sends a DELETE request to /api/v0/organizations/{org}/github/installations/{id}

Arguments:

• org: The organization slug.
• id: The GitHub numeric installation id.

pub async fn cli_claim<'a>( &'a self, body: &'a CliClaimRequest, ) -> Result<ResponseValue<CliTokenResponse>, Error<Error>>

Claim a transferred session token (CLI loopback poll)

The CLI polls with the nonce it generated; on a match within the 60s window it receives the raw session token (single-use).

Sends a POST request to /api/v0/auth/cli/claim

Arguments:

• body: Claim request

pub async fn list_jobs<'a>( &'a self, org: &'a str, pipeline: &'a str, number: i64, ) -> Result<ResponseValue<JobList>, Error<Error>>

List a build’s jobs

Returns the build’s jobs in DAG creation order.

Sends a GET request to /api/v0/organizations/{org}/pipelines/{pipeline}/builds/{number}/jobs

Arguments:

• org: The organization slug.
• pipeline: The pipeline slug.
• number: The build number.

pub async fn list_passkeys<'a>( &'a self, ) -> Result<ResponseValue<PasskeyListResponse>, Error<()>>

List the current user’s passkeys

Sends a GET request to /api/v0/user/passkeys

pub async fn passkey_login_finalize<'a>( &'a self, body: &'a PasskeyLoginFinalizeRequest, ) -> Result<ResponseValue<TokenResponse>, Error<Error>>

Finalize passkey login

Verifies the assertion against the resolved credential, advances the sign-counter, and returns a session token.

Sends a POST request to /api/v0/auth/passkey/login/finalize

Arguments:

• body: Login finalize request

pub async fn get_build_source<'a>( &'a self, build_uuid: &'a str, ) -> Result<ResponseValue<ByteStream>, Error<Error>>

Serve a build’s source archive (runner-token auth)

Streams the gzipped source tarball uploaded for a build to the in-VM sandbox/agent. Authenticated with the build’s runner token via Authorization: Bearer <runner_token> (NOT a session bearer token); the token is validated against the build’s stored hash with a constant-time compare and is NOT consumed.

Sends a GET request to /api/v0/internal/builds/{build_uuid}/source.tar.gz

Arguments:

• build_uuid: The build’s external id (UUID).

pub async fn auth_github<'a>( &'a self, body: &'a AuthGithubRequest, ) -> Result<ResponseValue<AuthTokenResponse>, Error<Error>>

Sign in with GitHub

Exchanges a GitHub authorization code for a Harmont session token, creating the user and their personal org on first sign-in.

Sends a POST request to /api/v0/auth/github

Arguments:

• body: GitHub OAuth callback

pub async fn logout<'a>(&'a self) -> Result<ResponseValue<()>, Error<()>>

Log out (revoke the current bearer token)

Revokes the bearer token used for this request. The token can no longer be used to authenticate. Idempotent.

Sends a POST request to /api/v0/auth/logout

pub async fn list_github_installation_repos<'a>( &'a self, org: &'a str, id: i64, ) -> Result<ResponseValue<GithubRepoList>, Error<Error>>

List repositories for a connected installation

Returns the mirrored repositories for one installation, scoped to this organization. An installation bound to another organization (or unknown) yields an empty list.

Sends a GET request to /api/v0/organizations/{org}/github/installations/{id}/repos

Arguments:

• org: The organization slug.
• id: The GitHub numeric installation id.

pub async fn list_github_installations<'a>( &'a self, org: &'a str, ) -> Result<ResponseValue<GithubInstallationList>, Error<Error>>

List connected GitHub installations

Returns the organization’s connected, non-deleted GitHub App installations.

Sends a GET request to /api/v0/organizations/{org}/github/installations

Arguments:

• org: The organization slug.

pub async fn connect_github_installation<'a>( &'a self, org: &'a str, body: &'a ConnectInstallationRequest, ) -> Result<ResponseValue<GithubInstallation>, Error<Error>>

Connect a GitHub installation to the organization

Binds an existing GitHub App installation (by GitHub numeric id) to this organization. The installation must already be mirrored from a prior installation.created webhook. Binding an installation that is connected to a different organization yields 409; an unknown installation yields 404.

Sends a POST request to /api/v0/organizations/{org}/github/installations

Arguments:

• org: The organization slug.
• body: The GitHub installation to connect

pub async fn passkey_signup_options<'a>( &'a self, body: &'a PasskeySignupOptionsRequest, ) -> Result<ResponseValue<PasskeyChallengeResponse>, Error<Error>>

Get passkey sign-up creation options

Validates the verification token and returns WebAuthn credential-creation options plus the server-side challenge id to echo back on finalize.

Sends a POST request to /api/v0/auth/passkey/signup/options

Arguments:

• body: Options request

pub async fn passkey_register_options<'a>( &'a self, ) -> Result<ResponseValue<PasskeyRegisterOptionsResponse>, Error<Error>>

Get options to add a passkey

Returns WebAuthn credential-creation options for the current user, excluding their already-registered credentials, plus the challenge id.

Sends a POST request to /api/v0/auth/passkey/register/options

pub async fn list_api_tokens<'a>( &'a self, ) -> Result<ResponseValue<ApiTokenListResponse>, Error<()>>

List the current user’s API keys

Sends a GET request to /api/v0/user/api-tokens

pub async fn create_api_token<'a>( &'a self, body: &'a ApiTokenCreateRequest, ) -> Result<ResponseValue<ApiTokenCreateResponse>, Error<()>>

Create a personal API key

Returns the raw secret in the response body. It is shown only once and cannot be retrieved later.

Sends a POST request to /api/v0/user/api-tokens

Arguments:

• body: Create request

pub async fn passkey_signup_finalize<'a>( &'a self, body: &'a PasskeySignupFinalizeRequest, ) -> Result<ResponseValue<AuthTokenResponse>, Error<Error>>

Finalize passkey sign-up

Verifies the attestation, consumes the verification token, creates the user + passkey, and returns a session token.

Sends a POST request to /api/v0/auth/passkey/signup/finalize

Arguments:

• body: Finalize request

pub async fn cli_transfer<'a>( &'a self, body: &'a CliTransferRequest, ) -> Result<ResponseValue<()>, Error<()>>

Hand a session token to a locally-running CLI (loopback)

Mints a fresh session token for the current user and parks it under the CLI-supplied nonce for 60 seconds. The CLI claims it via the claim endpoint.

Sends a POST request to /api/v0/auth/cli/transfer

Arguments:

• body: Transfer request

pub async fn list_billing_transactions<'a>( &'a self, org: &'a str, cursor: Option<&'a str>, limit: Option<i64>, ) -> Result<ResponseValue<TransactionList>, Error<Error>>

List an organization’s ledger entries

Returns the organization’s ledger entries, newest first, cursor-paginated.

Sends a GET request to /api/v0/billing/transactions/{org}

Arguments:

• org: The organization slug.
• cursor: Opaque cursor from a previous page’s next_cursor.
• limit: Page size (1–100, default 50).

pub async fn list_builds<'a>( &'a self, org: &'a str, pipeline: &'a str, cursor: Option<&'a str>, limit: Option<i64>, ) -> Result<ResponseValue<BuildList>, Error<Error>>

List a pipeline’s builds

Returns the pipeline’s builds, newest first, paginated.

Sends a GET request to /api/v0/organizations/{org}/pipelines/{pipeline}/builds

Arguments:

• org: The organization slug.
• pipeline: The pipeline slug.
• cursor: Opaque cursor from a previous page’s next_cursor.
• limit: Page size (1–100, default 50).

pub async fn create_build<'a>( &'a self, org: &'a str, pipeline: &'a str, body: &'a CreateBuildRequest, ) -> Result<ResponseValue<Build>, Error<Error>>

Create a build

Creates a build for the pipeline and starts execution in-process. When pipeline_ir is supplied the IR is materialised directly; when it is absent the engine renders the pipeline’s IR in a sandbox VM first (rendering never happens on the API host). A manual build against a pipeline that disallows manual builds yields 403; an IR that fails to render/parse/plan yields 422 (the build row is created with its error fields set).

Sends a POST request to /api/v0/organizations/{org}/pipelines/{pipeline}/builds

Arguments:

• org: The organization slug.
• pipeline: The pipeline slug.
• body: Build attributes

pub async fn cli_redeem<'a>( &'a self, body: &'a CliRedeemRequest, ) -> Result<ResponseValue<CliTokenResponse>, Error<Error>>

Redeem a CLI paste code for a session token

The CLI submits the paste code the user typed in; on a match within the 5m window it receives the raw session token (single-use).

Sends a POST request to /api/v0/auth/cli/redeem

Arguments:

• body: Redeem request

pub async fn get_build_log_token<'a>( &'a self, org: &'a str, pipeline: &'a str, number: i64, ) -> Result<ResponseValue<LogTokenResponse>, Error<Error>>

Mint a build-scoped log token

Returns a short-lived (~1 hour) HMAC token the SSE log stream accepts, scoped to this build. Pass it as the stream’s token query parameter.

Sends a GET request to /api/v0/organizations/{org}/pipelines/{pipeline}/builds/{number}/ log-token

Arguments:

• org: The organization slug.
• pipeline: The pipeline slug.
• number: The build number.

pub async fn get_job<'a>( &'a self, org: &'a str, pipeline: &'a str, number: i64, job_id: &'a str, ) -> Result<ResponseValue<Job>, Error<Error>>

Get a job

Returns a single job within the build. A job_id that belongs to another build is reported as 404.

Sends a GET request to /api/v0/organizations/{org}/pipelines/{pipeline}/builds/{number}/jobs/ {job_id}

Arguments:

• org: The organization slug.
• pipeline: The pipeline slug.
• number: The build number.
• job_id: The job id.

pub async fn sync_github_installation<'a>( &'a self, org: &'a str, id: i64, ) -> Result<ResponseValue<GithubInstallation>, Error<Error>>

Sync a connected installation’s repositories

Triggers a live sync: lists the installation’s repositories from GitHub and reconciles the mirror. Returns the installation. The installation must be connected to this organization.

Sends a POST request to /api/v0/organizations/{org}/github/installations/{id}/sync

Arguments:

• org: The organization slug.
• id: The GitHub numeric installation id.

pub async fn passkey_signup_begin<'a>( &'a self, body: &'a PasskeySignupBeginRequest, ) -> Result<ResponseValue<()>, Error<Error>>

Begin passkey sign-up

Runs the access gate and emails a verification link. Always returns 204 on the allowed path (never reveals whether the email already has an account).

Sends a POST request to /api/v0/auth/passkey/signup/begin

Arguments:

• body: Sign-up request

pub async fn auth_google<'a>( &'a self, body: &'a AuthGoogleRequest, ) -> Result<ResponseValue<AuthTokenResponse>, Error<Error>>

Sign in with Google

Exchanges a Google authorization code for a Harmont session token, creating the user and their personal org on first sign-in.

Sends a POST request to /api/v0/auth/google

Arguments:

• body: Google OAuth callback

pub async fn cli_code<'a>( &'a self, ) -> Result<ResponseValue<CliCodeResponse>, Error<()>>

Mint a human-typeable CLI paste code

Mints a fresh session token for the current user and a short paste code (valid 5 minutes) the user re-types into the CLI to redeem it.

Sends a POST request to /api/v0/auth/cli/code

pub async fn cancel_build<'a>( &'a self, org: &'a str, pipeline: &'a str, number: i64, ) -> Result<ResponseValue<Build>, Error<Error>>

Cancel a build

Cancels an in-flight build in-process (transitions non-terminal jobs and tears down their sandboxes). Idempotent: cancelling an already-terminal build is a no-op. Returns the reloaded build with its updated state.

Sends a PUT request to /api/v0/organizations/{org}/pipelines/{pipeline}/builds/{number}/ cancel

Arguments:

• org: The organization slug.
• pipeline: The pipeline slug.
• number: The build number.

pub async fn list_organizations<'a>( &'a self, cursor: Option<&'a str>, limit: Option<i64>, ) -> Result<ResponseValue<OrganizationList>, Error<()>>

List the current user’s organizations

Returns the organizations the authenticated user is a member of, paginated.

Sends a GET request to /api/v0/organizations

Arguments:

• cursor: Opaque cursor from a previous page’s next_cursor.
• limit: Page size (1–100, default 50).

pub async fn create_checkout<'a>( &'a self, org: &'a str, body: &'a CheckoutRequest, ) -> Result<ResponseValue<CheckoutResponse>, Error<Error>>

Start a Stripe Checkout Session for a credit top-up

Creates a Stripe Checkout Session crediting the organization identified by the path (:org) and returns the hosted checkout URL to redirect the customer to. The body carries only the top-up amount_cents (a positive integer within supported bounds). The credit itself is posted asynchronously when Stripe fires the matching webhook.

Sends a POST request to /api/v0/billing/checkout/{org}

Arguments:

• org: The organization slug.
• body: The top-up amount

pub async fn recover_options<'a>( &'a self, body: &'a RecoverOptionsRequest, ) -> Result<ResponseValue<PasskeyChallengeResponse>, Error<Error>>

Get recovery passkey-creation options

Validates the magic-link token (without consuming it) and returns WebAuthn credential-creation options plus the challenge id to echo back on finalize.

Sends a POST request to /api/v0/auth/recover/options

Arguments:

• body: Options request

pub async fn stripe_webhook<'a>( &'a self, ) -> Result<ResponseValue<StripeWebhookResponse>, Error<Error>>

Receive a Stripe webhook event

Receives a Stripe webhook event and, for checkout.session.completed, posts the matching credit to the organization’s ledger and marks the checkout session complete. Not bearer-authenticated: the request is authenticated by Stripe’s Stripe-Signature header, verified against the raw request body and the endpoint’s webhook signing secret. Credit posting is idempotent — replaying the same event id posts the credit only once. Returns 200 for any verified event (handled or not) so Stripe stops retrying; a signature failure returns 400.

Sends a POST request to /api/v0/stripe/webhook

pub async fn get_current_user<'a>( &'a self, ) -> Result<ResponseValue<CurrentUserResponse>, Error<()>>

Get the current authenticated user

Returns the bearer-authenticated user and their personal-organization slug.

Sends a GET request to /api/v0/user

pub async fn delete_current_user<'a>( &'a self, ) -> Result<ResponseValue<()>, Error<Error>>

Delete the current user’s account

Sends a DELETE request to /api/v0/user

pub async fn update_current_user<'a>( &'a self, body: &'a UserUpdateRequest, ) -> Result<ResponseValue<CurrentUserResponse>, Error<Error>>

Update the current user’s display name

Sends a PATCH request to /api/v0/user

Arguments:

• body: Profile update

pub async fn list_pipelines<'a>( &'a self, org: &'a str, cursor: Option<&'a str>, limit: Option<i64>, ) -> Result<ResponseValue<PipelineList>, Error<Error>>

List an organization’s pipelines

Returns the organization’s non-archived pipelines, paginated. A slug the user cannot access is reported as 404.

Sends a GET request to /api/v0/organizations/{org}/pipelines

Arguments:

• org: The organization slug.
• cursor: Opaque cursor from a previous page’s next_cursor.
• limit: Page size (1–100, default 50).

pub async fn create_pipeline<'a>( &'a self, org: &'a str, body: &'a CreatePipelineRequest, ) -> Result<ResponseValue<Pipeline>, Error<Error>>

Create a pipeline

Creates a pipeline in the organization. The slug is derived from the name; a colliding slug within the organization yields 422.

Sends a POST request to /api/v0/organizations/{org}/pipelines

Arguments:

• org: The organization slug.
• body: Pipeline attributes

pub async fn ping<'a>( &'a self, ) -> Result<ResponseValue<PingResponse>, Error<()>>

Liveness probe

Returns {"status": "ok"} if the API is up. No auth required.

Sends a GET request to /api/v0/ping

pub async fn delete_passkey<'a>( &'a self, uuid: &'a str, ) -> Result<ResponseValue<()>, Error<Error>>

Delete one of the current user’s passkeys

Removes the passkey. Refused with 409 passkey_last_credential when it would leave the account with no passkeys. A passkey belonging to another user is 404.

Sends a DELETE request to /api/v0/user/passkeys/{uuid}

Arguments:

• uuid: The passkey id.

pub async fn get_organization<'a>( &'a self, org: &'a str, ) -> Result<ResponseValue<Organization>, Error<Error>>

Get an organization

Returns the organization identified by the path slug. A slug that does not exist or that the user is not a member of is reported as 404.

Sends a GET request to /api/v0/organizations/{org}

Arguments:

• org: The organization slug.

pub async fn recover_begin<'a>( &'a self, body: &'a RecoverBeginRequest, ) -> Result<ResponseValue<()>, Error<()>>

Begin account recovery

Emails a magic-link to the address if it maps to an account. Always returns 204 (never reveals whether the email has an account).

Sends a POST request to /api/v0/auth/recover/begin

Arguments:

• body: Recovery request

pub async fn get_build<'a>( &'a self, org: &'a str, pipeline: &'a str, number: i64, ) -> Result<ResponseValue<Build>, Error<Error>>

Get a build

Returns the build identified by its pipeline-scoped number. An unknown number (or one in another pipeline) is reported as 404.

Sends a GET request to /api/v0/organizations/{org}/pipelines/{pipeline}/builds/{number}

Arguments:

• org: The organization slug.
• pipeline: The pipeline slug.
• number: The build number.

pub async fn get_billing_usage<'a>( &'a self, org: &'a str, from: &'a str, to: &'a str, ) -> Result<ResponseValue<UsageResponse>, Error<Error>>

Get an organization’s VM usage

Aggregates the organization’s VM-lease usage over the half-open window [from, to) (both ISO-8601 timestamps): resource-seconds per dimension and the total billed cost in cents. Both from and to are required.

Sends a GET request to /api/v0/billing/usage/{org}

Arguments:

• org: The organization slug.
• from: Window start (inclusive), ISO-8601.
• to: Window end (exclusive), ISO-8601.

pub async fn get_pipeline<'a>( &'a self, org: &'a str, pipeline: &'a str, ) -> Result<ResponseValue<Pipeline>, Error<Error>>

Get a pipeline

Returns the pipeline identified by the path slug within the organization. An unknown slug (or one in another organization) is reported as 404.

Sends a GET request to /api/v0/organizations/{org}/pipelines/{pipeline}

Arguments:

• org: The organization slug.
• pipeline: The pipeline slug.

pub async fn passkey_register_finalize<'a>( &'a self, body: &'a PasskeyRegisterFinalizeRequest, ) -> Result<ResponseValue<Passkey>, Error<Error>>

Finalize adding a passkey

Verifies the attestation against the register challenge and stores the new passkey for the current user.

Sends a POST request to /api/v0/auth/passkey/register/finalize

Arguments:

• body: Finalize request

pub async fn revoke_api_token<'a>( &'a self, id: &'a str, ) -> Result<ResponseValue<()>, Error<Error>>

Revoke one of the current user’s API keys

Sends a DELETE request to /api/v0/user/api-tokens/{id}

Arguments:

• id: The API key id.

pub async fn get_billing_balance<'a>( &'a self, org: &'a str, ) -> Result<ResponseValue<BalanceResponse>, Error<Error>>

Get an organization’s balance

Returns the organization’s current balance in cents — the sum of every ledger entry (credits positive, debits negative). May be negative.

Sends a GET request to /api/v0/billing/balance/{org}

Arguments:

• org: The organization slug.

pub async fn passkey_login_options<'a>( &'a self, body: &'a PasskeyLoginOptionsRequest, ) -> Result<ResponseValue<PasskeyChallengeResponse>, Error<()>>

Get passkey login options

Starts a discoverable-credential login: returns WebAuthn request options with an empty allow-list plus the server-side challenge id.

Sends a POST request to /api/v0/auth/passkey/login/options

Arguments:

• body: Login options request

pub async fn redeem_coupon<'a>( &'a self, org: &'a str, body: &'a RedeemCouponRequest, ) -> Result<ResponseValue<RedeemCouponResponse>, Error<Error>>

Redeem a coupon for an organization

Redeems a coupon code for the organization identified by the path, crediting the org and returning the credit and resulting balance. The org is taken from the route; the body carries only the coupon code. Idempotent per org: a second redemption of the same coupon returns 409 coupon_already_claimed.

Sends a POST request to /api/v0/billing/coupon/redeem/{org}

Arguments:

• org: The organization slug.
• body: The coupon to redeem

pub async fn access_request<'a>( &'a self, body: &'a AccessRequestRequest, ) -> Result<ResponseValue<()>, Error<Error>>

Request access to Harmont

Records an access request (a sign-up attempt) and notifies the Harmont team. Rate-limited per client IP.

Sends a POST request to /api/v0/auth/access-request

Arguments:

• body: Access request

Trait Implementations

impl ClientInfo<()> for Client

fn api_version() -> &'static str

Get the version of this API.

fn baseurl(&self) -> &str

Get the base URL to which requests are made.

fn client(&self) -> &Client

Get the internal reqwest::Client used to make requests.

fn inner(&self) -> &()

Get the inner value of type T if one is specified.

impl Clone for Client

fn clone(&self) -> Client

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Client

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.