Struct Client 

pub struct Client { /* private fields */ }

HTTP client with the bearer token baked into its default headers.

Cheap to clone (it’s a thin wrapper around reqwest::Client, which is itself an Arc internally), so prefer cloning over re-building.

Implementations

impl Client

pub fn new(base_url: impl Into<String>, token: Token) -> Result<Self>

Build a client for the given platform base URL, authenticated with token. The base URL’s trailing slash (if any) is stripped.

pub fn base_url(&self) -> &str

Base URL the client was configured with, with any trailing slash stripped. Useful for callers that want to print a clickable link alongside an API result ({base_url}/projects/…).

pub async fn get_json<T: DeserializeOwned>(&self, path: &str) -> Result<T>

GET {path} and decode the JSON response.

pub async fn get_json_query<T: DeserializeOwned, Q: Serialize + ?Sized>( &self, path: &str, query: &Q, ) -> Result<T>

GET {path}?query and decode the JSON response. query is any serde::Serialize — typically a &[(K, V)] or a struct.

pub async fn post_json<T: DeserializeOwned, B: Serialize + ?Sized>( &self, path: &str, body: &B, ) -> Result<T>

POST {path} with body serialized as JSON, decode the JSON response.

pub async fn post_empty(&self, path: &str) -> Result<()>

POST {path} with no body, expecting an empty/ignored response.

pub async fn post_empty_returning_json<T: DeserializeOwned>( &self, path: &str, ) -> Result<T>

POST {path} with no body, decoding the JSON response. The CLI uses this for …/finalize endpoints that take no body but return the updated row.

pub async fn delete(&self, path: &str) -> Result<()>

DELETE {path}.

pub async fn put_proxy_bytes(&self, path: &str, body: Vec<u8>) -> Result<()>

PUT {path} with body as application/octet-stream. Used by the CLI’s models push to ship bytes through the platform’s proxy upload route when R2 isn’t directly reachable.

pub async fn put_raw_bytes( &self, path: &str, content_type: &str, body: Vec<u8>, ) -> Result<()>

PUT {path} with body and a caller-chosen content type. The bearer’s auth header rides along (per the default-headers map), so this is for routes on the platform itself — not for presigned R2 PUTs. Voice recording bytes go through here.

pub async fn put_presigned_bytes( presigned_url: &str, body: Vec<u8>, ) -> Result<()>

PUT raw bytes to a presigned URL. Deliberately uses a fresh reqwest::Client (no auth headers) — adding Authorization: Bearer … would make S3/R2 reject the request because it’s not part of the SigV4 query-string signature.

pub async fn post_public_json<T: DeserializeOwned, B: Serialize + ?Sized>( base_url: &str, path: &str, body: &B, ) -> Result<T>

POST {base_url}{path} with body as JSON against a public, unauthenticated platform endpoint. Deliberately builds a fresh reqwest::Client (like Client::put_presigned_bytes) so the request carries no Authorization header: sending a bearer to a route that doesn’t expect one can trip surprising server-side branches, and a token-less request is the honest shape for an endpoint that runs before any sign-in.

Used by callers that report something before a user has authenticated — e.g. the anonymous first-run install heartbeat (see Client::install_heartbeat). For authenticated writes use Client::post_json.

pub async fn post_public_signed_json<T: DeserializeOwned, B: Serialize + ?Sized>( base_url: &str, path: &str, body: &B, cred: &ReleaseCredential, ) -> Result<T>

POST {base_url}{path} with body as JSON against a public, unauthenticated endpoint, signed with a release credential so the platform can verify the request came from a genuine release.

Like Client::post_public_json this builds a fresh, token-less reqwest::Client (the endpoint runs before any sign-in), but it additionally signs the request with the per-version key in cred and forwards cred’s certificate so the platform can establish trust from only the master public key, and reject stale replays — see [crate::sign] (and ReleaseCredential) for the scheme.

The exact JSON bytes serialized here are both what gets hashed into the signature and what is sent as the body, so the platform’s body-hash check lines up byte-for-byte. The X-WK-* headers carry the scheme version, timestamp, nonce, build version, per-version public key, certificate, and request signature.

General-purpose: any public endpoint that needs release attestation uses this. The anonymous first-run install heartbeat (see Client::install_heartbeat) is the first consumer.

pub async fn get_public_json<T: DeserializeOwned>( base_url: &str, path: &str, query: &[(&str, &str)], ) -> Result<T>

GET {base_url}{path}?{query} against a public, unauthenticated platform endpoint. Like Client::put_presigned_bytes, builds a fresh reqwest::Client so the request carries no Authorization header — sending one to an endpoint that doesn’t expect it can trigger surprising server-side branches and defeats edge-cache key uniformity.

Used by callers that need to read public configuration before any user has signed in (e.g. provider-preset lookups during desktop-client onboarding). For authenticated reads use Client::get_json or Client::get_json_query.

pub async fn get_stream_to<W: AsyncWriteExt + Unpin>( &self, path: &str, sink: &mut W, ) -> Result<u64>

Stream a GET response body into sink. Returns the number of bytes written. Used for big payloads (manifests, audio clips) where holding the whole body in memory would be wasteful.

impl Client

pub async fn whoami(&self) -> Result<Me>

Fetch the signed-in user from /api/me. The canonical way to verify a freshly-minted token is reachable.

pub async fn revoke_current_token(&self) -> Result<()>

Revoke the bearer token this client is using. After this returns successfully, the same token will start producing 401s — drop the Client (and clear whatever storage held the token).

impl Client

pub async fn sync<E: SyncEndpoint>( &self, items: &[E::Record], ) -> Result<SyncResponse>

where E::Record: Clone + HasSyncEnvelope,

POST /api/voice/{E::RESOURCE}/sync — idempotent batch upload.

The platform upserts keyed by (user_id, item.source_id), so retries after a flaky connection are safe.

Batch size. The platform rejects batches over 100 items with HTTP 413. This method does not chunk for you — pass a slice you’re confident about, or use the daemon’s Uploader<E> which chunks at 50.

Schema version. Records whose envelope leaves schemaVersion unset (the common case — consumers don’t need to know the number) have it stamped with SyncEndpoint::CURRENT_SCHEMA_VERSION before serialization, so the platform always sees an explicit version. Records that set it explicitly are passed through untouched.

pub async fn list<E: SyncEndpoint>( &self, query: &E::Query, ) -> Result<Page<E::Record>>

GET /api/voice/{E::RESOURCE} — one page of the caller’s rows, newest first, scoped server-side to the bearer’s user.

impl Client

pub async fn install_heartbeat( base_url: &str, install_id: &str, app_version: &str, cred: &ReleaseCredential, ) -> Result<InstallHeartbeatResponse>

POST /api/voice/installs/heartbeat — the anonymous, no-auth first-run install ping. Detects the host environment internally and posts it alongside the caller-supplied install_id + app_version. Associated (not a method) because the endpoint is unauthenticated — there’s no token, and at first run there’s no signed-in Client to hang it off of.

Though unauthenticated, the request is signed with the release credential cred (a per-version Ed25519 key + master-issued certificate the consumer bakes in at build time) so the platform can verify it came from a genuine release and reject forged or replayed pings — see Client::post_public_signed_json and [crate::sign]. The platform needs only the master public key to verify.

base_url is the platform base (e.g. https://platform.wavekat.com).

impl Client

pub async fn sync_recordings( &self, items: &[VoiceRecordingRecord], ) -> Result<VoiceRecordingsSyncResponse>

POST /api/voice/recordings/sync — idempotent batch upsert of recording metadata. Returns the per-item r2Key the daemon should target for the follow-up bytes PUT, and whether bytes have already landed for each row.

Batch sizing rules match Client::sync: the platform rejects batches over 100 items; the daemon’s uploader chunks at 50.

pub async fn upload_recording_bytes( &self, source_id: &str, bytes: Vec<u8>, ) -> Result<()>

PUT /api/voice/recordings/{sourceId}/bytes — upload the WAV bytes for a recording whose metadata was previously synced via Client::sync_recordings. The platform refuses (HTTP 413) if bytes.len() disagrees with the synced sizeBytes.

source_id is path-segmented as-is; callers pass the daemon-side UUID they used for the metadata sync. Empty / path-traversal-shaped ids are not specifically guarded here — the platform’s Zod schema rejects them server-side, so a malformed id surfaces as a 4xx via Error::Http.

impl Client

pub async fn share_recording( &self, req: &ShareRecordingRequest, ) -> Result<ShareRecordingResponse>

POST /api/voice/recordings/{id}/share — create or update a share for an already-synced recording. Returns the capability link + token the desktop UI puts on the clipboard.

Per the 404-not-403 ownership rule (doc 21 §“Authorization”), asking to share a recording the caller doesn’t own surfaces as Error::Http with status 404 — existence doesn’t leak.

pub async fn revoke_recording_share( &self, recording_source_id: &str, ) -> Result<()>

DELETE /api/voice/recordings/{id}/share — revoke the share. The recording reverts to Private and any outstanding link returns 410.

Trait Implementations

impl Clone for Client

fn clone(&self) -> Client

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.