This document answers one question: how ready is @putdotio/sdk by domain right now?
Readiness here is based on four things:
- the namespace exists in
src/domains - the domain has source-backed verification notes and code review
- the domain has a runnable live test target
- the remaining gaps are understood
- namespace coverage is effectively complete for the current planned public domains
- unit verification now covers all production code under
src/**with a global 90% coverage guardrail - live coverage exists for every implemented domain
- the main remaining work is depth of verification, not breadth of implementation
The last recorded full live sweep confirmed:
- all domain live targets completed successfully in a normal live run
auth-credentialsrequires credential bootstrap secrets instead of silently degrading- no remaining full-sweep failures were caused by SDK contract mismatches
| Level | Meaning |
|---|---|
high |
implemented, source-backed, live-covered, and already pressure-tested |
good |
implemented and live-covered, with known gaps mostly in edge-case depth |
medium |
implemented, but still needs more endpoint-by-endpoint verification |
| Domain | Live target(s) | Readiness | Main remaining gaps |
|---|---|---|---|
auth |
auth, auth-credentials |
high |
destructive reset-password and broader 2FA mutation flows still need a safer dedicated sandbox beyond credentialed bootstrap coverage |
oauth |
oauth |
high |
main remaining risk is future backend drift in admin-only popular shape variance, not basic owned-app CRUD |
account |
account |
high |
destructive account actions, username/mail/password mutations, and broader two-factor settings flows still need careful live coverage |
config |
config |
high |
mostly solid; remaining work is publication polish, not contract uncertainty |
files |
files, file-direct, file-tasks |
high |
more endpoint-by-endpoint coverage for rarer file flows and more conditional branches |
transfers |
transfers |
high |
broader status and mutation-path coverage would still help |
events |
events |
high |
successful getTorrent(...) still wants a dedicated upload-backed fixture |
download-links |
download-links |
high |
more unusual media/task payload branches would still help |
rss |
rss |
high |
create/update coverage now requires a known-good RSS fixture URL; a failed-item live fixture would still help prove failure_reason branches |
friends |
friends |
high |
friendship and shared-folder coverage now requires a configured secondary account fixture |
friend-invites |
friend-invites |
good |
positive invite lookup now requires a pre-seeded unused secondary invite; accepted-user lifecycle still wants a dedicated second account |
sharing |
sharing |
high |
broader share/public-share mutation permutations would still help; public-share coverage now fails loudly when quota is spent |
payment |
payment |
high |
owner-only actions now require an owner/prepaid fixture; sub-account restriction checks require an explicit sub-account token |
trash |
trash |
high |
larger-scale bulk restore/delete and rarer lock-timeout fixtures would still help, but top-level vs child semantics are now live-covered |
zips |
zips |
high |
larger-input and rarer terminal/error-state coverage would still help, but cursor-based bulk creation is now live-covered |
family |
family |
good |
positive invite lookup now requires a pre-seeded unused secondary invite; positive member lifecycle still needs a dedicated second account |
ifttt |
ifttt |
high |
payment-disabled and rate-limit behavior still need broader controlled verification |
tunnel |
tunnel |
high |
simple surface; main remaining risk is future backend drift, not current contract uncertainty |
If we want to raise confidence meaningfully from here, the highest-value follow-ups are:
- deepen
filesverification for more conditional response branches - deepen
transfersverification for more status and mutation paths - expand risky auth/account mutation verification with safer dedicated credentials
- deepen the remaining
goodlong-tail domains where positive mutation coverage is still intentionally thin
The next confidence gains should come from four sources, in this order:
- current frontend call-site parity for the most-used domains
- backend route, serializer, and test verification for conditional fields and errors
- deeper live coverage for risky mutations and branch-heavy payloads
- dedicated fixtures for the domains where shared-account probing would leave persistent state behind
These are now in place:
- the built
distartifact is what live verification exercises lint:packageruns standard package-surface checks withpublintand Are The Types Wrong- compatibility checks install the packed tarball into external Node, browser, and Bun consumers
- runtime expectations and required host Web APIs are documented in
README.md