feat: Console SDK update for version 8.1.1

[ChiragAgg5k]

This PR contains updates to the Console SDK for version 8.1.1.

[greptile-apps]

Greptile Summary

This PR bumps the Console SDK from version 8.0.0 to 8.1.1, adding new models and a getHeaders() utility method while aligning the VCS service return types with the backend's actual response shapes.

Key changes:

• src/client.ts: Version header updated to 8.1.1; new getHeaders() method returns a shallow copy of the internal headers map (correctly using the local Headers type alias, not the DOM's Headers interface).
• src/models.ts: Three new types added — ProviderRepositoryRuntime, ProviderRepositoryRuntimeList, and DetectionRuntime; UsageOrganization and UsageProject extended with realtime connection/message/bandwidth statistics.
• src/services/vcs.ts: createRepositoryDetection() and listRepositories() return types broadened to union types to reflect that the API can return either a runtime or framework variant depending on the type parameter.
• package.json: files field added to restrict npm publish artifacts to dist/ and types/ only — fixing the 8.1.1 patch concern.
• package-lock.json / .gitignore / publish.yml: Lockfile committed for reproducibility; npm ci used in CI to match it; .gitignore added to keep the repo clean.

Confidence Score: 5/5

Safe to merge — no logic errors or runtime issues found; all remaining findings are non-blocking style/improvement suggestions.

All three inline comments are P2 (style/improvement): a type inconsistency in the variables field that may be intentional, an opportunity to use discriminated overloads for better DX, and deprecated transitive devDependencies that don't affect end users. No P0/P1 issues were found. The core logic — the new getHeaders() shallow copy, the union return types, the new model shapes, and the package.json files field fix — are all correct.

src/models.ts — worth confirming whether ProviderRepositoryRuntime.variables: string[] vs DetectionVariable[] is intentional; package-lock.json — deprecated transitive devDependencies worth a follow-up upgrade ticket.

Important Files Changed

Filename	Overview
src/client.ts	Version bumped to 8.1.1 and new getHeaders() method added returning a shallow copy of internal headers; local Headers type is correctly used as return type
src/models.ts	New models added (ProviderRepositoryRuntime, ProviderRepositoryRuntimeList, DetectionRuntime) and existing models extended with realtime stats; notable inconsistency: ProviderRepositoryRuntime.variables is string[] while DetectionRuntime.variables and DetectionFramework.variables are DetectionVariable[]
src/services/vcs.ts	Return types for createRepositoryDetection() and listRepositories() broadened to union types; could use discriminated overloads on the type parameter for better type inference
package.json	Version bumped to 8.1.1 and files field added to restrict npm publishing to dist/ and types/ only
package-lock.json	New lockfile added; contains glob@8.1.0 (deprecated with security advisory notice) and inflight@1.0.6 (deprecated) as transitive devDependencies
.github/workflows/publish.yml	Switched npm install to npm ci in the publish workflow — correct approach for reproducible CI installs now that a lockfile is committed
.gitignore	New gitignore added ignoring node_modules, dist build artifacts, and types; includes exceptions for dist/cjs/package.json and dist/esm/package.json

_{Reviews (1): Last reviewed commit: "chore: update Console SDK to 8.1.1" | Re-trigger Greptile}

[greptile-apps]

variables type inconsistency across detection models

ProviderRepositoryRuntime.variables is typed as string[], whereas the structurally related DetectionRuntime.variables and DetectionFramework.variables are both typed as DetectionVariable[]. If these represent the same concept (environment variables surfaced from .env files), having two different representations can surprise callers who work with both types.

If the API genuinely returns raw strings here (e.g. just variable names rather than { name, value } objects), this is intentional — but a comment explaining the distinction would help future maintainers.

Suggested change

	/**
	/**
	* Environment variables found in .env files (raw variable names).
	*/
	variables: string[];

[greptile-apps]

Opportunity to use discriminated overloads for precise return types

Both createRepositoryDetection and listRepositories accept a type parameter whose value ('runtime' vs 'framework') fully determines the response shape, yet the signatures return a union, forcing callers to perform their own type narrowing.

TypeScript overloads keyed on the string literal value would let the compiler infer the correct type automatically:

createRepositoryDetection(params: { ..., type: 'runtime', ... }): Promise<Models.DetectionRuntime>;
createRepositoryDetection(params: { ..., type: 'framework', ... }): Promise<Models.DetectionFramework>;
createRepositoryDetection(params: { ..., type: VCSDetectionType, ... }): Promise<Models.DetectionRuntime | Models.DetectionFramework>;

The same pattern applies to listRepositories. This is a non-blocking improvement but would provide a significantly better developer experience for SDK consumers.

_{Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!}

[greptile-apps]

Deprecated transitive devDependencies with security advisories

The lockfile pins two deprecated transitive devDependencies:

• glob@8.1.0 (via @rollup/plugin-commonjs) — npm marks this version as containing "widely publicised security vulnerabilities"; the npm registry advisory explicitly recommends upgrading to a current version.
• inflight@1.0.6 (via glob) — deprecated for memory leaks.

Since these are devDependencies they do not ship to end users, but they run during the build/publish pipeline. It is worth upgrading @rollup/plugin-commonjs to a version that pulls in glob@10+ (where the vulnerabilities are fixed), or at minimum tracking this as a known risk until the upstream plugin ships a fix.

[ChiragAgg5k]

Closing in favor of a conflict-free PR