# Raw memories — SDK update (handoff-aligned)

**Status:** Web SDK **8.3.15+**  
**Security:** Backend `authorizedData.rawMemories` + route guards (not optional policy).

---

## Backend contract (confirm with API team)

### `POST /getAPIurlMobile`

| Field | Type | SDK usage |
|-------|------|-----------|
| `authorizedData.rawMemories` | `boolean` | **Authoritative** — if `false`, SDK must not send `includeLlmData: true`, must not call `/llm-data/history`, and must not treat user UI approval as granted. |
| `authorizedData.llmData` | `boolean` (legacy) | Read only when `rawMemories` is absent (transition). |
| `rawMemoriesPolicy` | `{ offered: boolean, code?: string, connectorPlatforms?: string[] }` | UX: hide consent + raw connectors when `offered === false`. |
| `traitIntent` | `object` | Passed through on `onComplete` — SDK does **not** call `/api/trait-intents/resolve`. |

### Optional UI only — `GET /api/raw-memories/policy`

| Field | Type | SDK usage |
|-------|------|-----------|
| `rawMemoriesAvailable` | `boolean` | Prefetch before handoff to hide raw UI early (not security). |
| `code` | `string` | e.g. `APP_NOT_APPROVED_FOR_RAW_MEMORIES`, `RAW_MEMORIES_ALLOWED` |

Headers: `x-api-key` (required on handoff in production); optional `x-onairos-app-id` on policy prefetch.

**Trusted app id:** Backend allowlist uses `req.appId` from the developer API key, not client `Info.appId` / `webpageName`.

---

## SDK behavior summary

1. **Before handoff:** optional policy prefetch → `rawMemoriesOffered` state (`true` / `false` / `null`).
2. **Data Request:** hide Raw Memories row when `rawMemoriesOffered === false`; require explicit `requestData` / `rawMemoriesOnly` / `rawMemoriesConfig` when unknown (`null`).
3. **Onboarding:** strip raw-export connectors only when the host requested **raw export** (`rawMemoriesOnly`, `rawMemoriesConfig`, or `'rawMemories'` in `requestData`) **and** `rawMemoriesOffered === false`. **`personality` / `preferences` + `allowedPlatforms` including ChatGPT** keeps ChatGPT connect for server-side training; raw export stays blocked on handoff.
4. **Handoff request:** omit `LLMData` confirmation when `rawMemoriesOffered === false`.
5. **After handoff:** `includeLlmData` and history fetch gated on `authorizedData.rawMemories === true`.
6. **Exports:** `normalizeAuthorizedData`, `isRawMemoriesAuthorized`, `fetchRawMemoriesPolicyForUiOptional`, etc. from `onairos`.

---

## Integrator checklist

- [ ] Register app API key; do not rely on `webpageName` for raw access.
- [ ] Do not set `requestData={['rawMemories']}` unless Onairos approved the app (e.g. Juno).
- [ ] Read `onComplete` → `authorizedData.rawMemories` before using `apiResponse.llmData`.
- [ ] Use `traitIntent` from handoff / `onComplete`, not a separate resolve call.

---

## Parity

Mirror in React Native / Capacitor: same field names and gating order as `docs/CROSS_SDK_PARITY.md` § raw tier.
