TypeScript SDKAPI reference
Bastion client
The Bastion class — constructor signature, ClientOptions, and exposed resources.
The Bastion class is the only stateful object in the SDK. Construct it once at startup and reuse it for the lifetime of your process.
Signature
class Bastion {
constructor(options?: ClientOptions);
readonly apiKey: string;
readonly baseURL: string;
readonly chat: ChatResource;
readonly models: ModelsResource;
readonly images: ImagesResource;
readonly audio: AudioResource;
}ClientOptions
| Field | Type | Default | Notes |
|---|---|---|---|
apiKey | string | process.env.BASTION_API_KEY | Required at runtime. Constructor throws if missing in both places. |
baseURL | string | https://api.bastion.qubittron.com | Trailing slash is stripped. Override for self-hosted gateways or local dev. |
fetch | typeof globalThis.fetch | globalThis.fetch.bind(globalThis) | Inject a custom fetch (e.g. undici with a connect timeout, or a proxy-aware fetch). |
defaultHeaders | Record<string, string> | {} | Sent on every request. Cannot override Authorization — the SDK applies the Bearer token last. |
import { Bastion } from "@qubittron/bastion-sdk";
const client = new Bastion({
apiKey: process.env.BASTION_API_KEY,
baseURL: "https://api.bastion.qubittron.com",
defaultHeaders: {
"x-trace-id": crypto.randomUUID(),
},
});Auth precedence
options.apiKey(constructor arg)process.env.BASTION_API_KEY(Node / Bun)- Throw — synchronously, with a message pointing the caller at either fix.
The SDK never reads OPENAI_API_KEY or any other variable.
What's reachable from the client
client.chat.completions.create(params)client.models.list()client.images.generate(params)client.audio.speech(params)client.audio.transcriptions.create(params)
Header handling
Every request sends:
Accept: application/json (or text/event-stream when streaming)
User-Agent: @qubittron/bastion-sdk/<version>
Content-Type: application/json (omitted for multipart requests)
Authorization: Bearer <apiKey>defaultHeaders and per-call headers merge into the above. Authorization is always applied last — by design — so a stray defaultHeaders.Authorization cannot leak a wrong key onto a request.
Lifecycle
Bastion is stateless beyond the fields documented above. No background timers, no keepalive pool. Garbage-collecting a client is safe; you don't need to call a close() method.