@agentpress/sdk 0.2.78 → 0.2.82

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist/index.cjs +337 -341
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +193 -186
  4. package/dist/index.d.cts.map +1 -0
  5. package/dist/index.d.mts +313 -0
  6. package/dist/index.d.mts.map +1 -0
  7. package/dist/index.mjs +330 -308
  8. package/dist/index.mjs.map +1 -1
  9. package/package.json +12 -8
  10. package/dist/index.d.ts +0 -306
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts","../src/errors.ts","../src/utils.ts","../src/webhooks/signing.ts","../src/actions/client.ts","../src/http.ts","../src/webhooks/client.ts","../src/client.ts"],"sourcesContent":["export { ActionsClient } from \"./actions/client\";\nexport { AgentPress } from \"./client\";\nexport {\n AgentPressError,\n ConfigurationError,\n HttpError,\n TimeoutError,\n WebhookSignatureError,\n} from \"./errors\";\nexport type {\n ActionCallbackPayload,\n ActionEventType,\n ActionManageResponse,\n ActionStatus,\n AgentPressOptions,\n AgentResponse,\n ApproveActionParams,\n RejectActionParams,\n StagedToolCall,\n ToolCallResult,\n WebhookResponse,\n WebhookSendParams,\n WebhookVerifyParams,\n} from \"./types\";\n","/**\n * Base error class for all SDK errors. Catch this to handle any error\n * thrown by the AgentPress SDK regardless of specific type.\n */\nexport class AgentPressError extends Error {\n constructor(message: string) {\n super(message);\n this.name = \"AgentPressError\";\n Object.setPrototypeOf(this, new.target.prototype);\n }\n}\n\n/**\n * Thrown at construction time when `AgentPressOptions` contains invalid values\n * (e.g., non-positive timeout, malformed `webhookSecret`).\n */\nexport class ConfigurationError extends AgentPressError {\n constructor(message: string) {\n super(message);\n this.name = \"ConfigurationError\";\n Object.setPrototypeOf(this, new.target.prototype);\n }\n}\n\n/**\n * Thrown when the API returns a non-2xx HTTP response.\n *\n * Properties:\n * - `statusCode` - HTTP status code (e.g., 401, 404, 500)\n * - `responseBody` - Raw response body text for debugging\n * - `url` - The full request URL that failed\n */\nexport class HttpError extends AgentPressError {\n public readonly statusCode: number;\n public readonly responseBody: string;\n public readonly url: string;\n\n constructor(statusCode: number, responseBody: string, url: string) {\n super(`HTTP ${statusCode} from ${url}`);\n this.name = \"HttpError\";\n this.statusCode = statusCode;\n this.responseBody = responseBody;\n this.url = url;\n Object.setPrototypeOf(this, new.target.prototype);\n }\n}\n\n/** Thrown when a request exceeds the configured `timeout` (default 30s). */\nexport class TimeoutError extends AgentPressError {\n constructor(url: string, timeout: number) {\n super(`Request to ${url} timed out after ${timeout}ms`);\n this.name = \"TimeoutError\";\n Object.setPrototypeOf(this, new.target.prototype);\n }\n}\n\n/** Thrown by {@link WebhooksClient.verifyOrThrow} when an inbound webhook signature is invalid or expired. */\nexport class WebhookSignatureError extends AgentPressError {\n constructor(message: string) {\n super(message);\n this.name = \"WebhookSignatureError\";\n Object.setPrototypeOf(this, new.target.prototype);\n }\n}\n","import { randomUUID } from \"node:crypto\";\n\nexport function randomMessageId(): string {\n return `msg_${randomUUID()}`;\n}\n","import { createHmac, timingSafeEqual } from \"node:crypto\";\n\nconst SIGNATURE_PREFIX = \"v1,\";\nconst DEFAULT_TOLERANCE_SECONDS = 5 * 60; // 5 minutes\n\n/**\n * Sign a webhook payload using Svix-compatible HMAC-SHA256.\n *\n * @param secret - The webhook secret (with \"whsec_\" prefix)\n * @param msgId - Unique message ID (e.g., \"msg_<uuid>\")\n * @param timestamp - Unix timestamp in seconds\n * @param body - JSON stringified payload\n * @returns Signature string in format \"v1,<base64>\"\n */\nexport function sign(\n secret: string,\n msgId: string,\n timestamp: number,\n body: string,\n): string {\n const secretBytes = Buffer.from(secret.replace(/^whsec_/, \"\"), \"base64\");\n const message = `${msgId}.${timestamp}.${body}`;\n const signature = createHmac(\"sha256\", secretBytes)\n .update(message)\n .digest(\"base64\");\n return `${SIGNATURE_PREFIX}${signature}`;\n}\n\n/**\n * Verify a Svix webhook signature.\n *\n * @param secret - The webhook secret (with \"whsec_\" prefix)\n * @param payload - Raw request body (string or Buffer)\n * @param headers - Svix headers object\n * @param toleranceSeconds - Max age of signature in seconds (default: 5 min)\n * @returns true if valid, false if invalid or expired\n */\nexport function verify(\n secret: string,\n payload: string | Buffer,\n headers: {\n \"svix-id\": string;\n \"svix-timestamp\": string;\n \"svix-signature\": string;\n },\n toleranceSeconds: number = DEFAULT_TOLERANCE_SECONDS,\n): boolean {\n const msgId = headers[\"svix-id\"];\n const timestampStr = headers[\"svix-timestamp\"];\n const signatureHeader = headers[\"svix-signature\"];\n\n const timestamp = parseInt(timestampStr, 10);\n if (Number.isNaN(timestamp)) return false;\n\n const now = Math.floor(Date.now() / 1000);\n if (Math.abs(now - timestamp) > toleranceSeconds) return false;\n\n const body =\n typeof payload === \"string\" ? payload : payload.toString(\"utf-8\");\n const expected = sign(secret, msgId, timestamp, body);\n\n const signatures = signatureHeader.split(\" \");\n const expectedBuf = Buffer.from(expected);\n\n for (const sig of signatures) {\n const sigBuf = Buffer.from(sig);\n if (\n sigBuf.length === expectedBuf.length &&\n timingSafeEqual(sigBuf, expectedBuf)\n ) {\n return true;\n }\n }\n\n return false;\n}\n","import { ConfigurationError } from \"../errors\";\nimport type { HttpClient } from \"../http\";\nimport type {\n ActionManageResponse,\n ApproveActionParams,\n RejectActionParams,\n ResolvedOptions,\n} from \"../types\";\nimport { randomMessageId } from \"../utils\";\nimport { sign } from \"../webhooks/signing\";\n\n/**\n * Client for programmatically approving or rejecting staged actions.\n * Uses HMAC-SHA256 signing (Svix-compatible), identical to {@link WebhooksClient}.\n *\n * @example\n * ```ts\n * const client = new AgentPress({ webhookSecret: \"whsec_...\", org: \"my-org\" });\n *\n * // Approve a staged action\n * await client.actions.approve(\"act_123\", {\n * action: \"my_webhook_action\",\n * });\n *\n * // Reject with a reason\n * await client.actions.reject(\"act_456\", {\n * action: \"my_webhook_action\",\n * reason: \"Insufficient data\",\n * });\n * ```\n */\nexport class ActionsClient {\n private readonly options: ResolvedOptions;\n private readonly http: HttpClient;\n\n constructor(options: ResolvedOptions, http: HttpClient) {\n this.options = options;\n this.http = http;\n }\n\n /**\n * Approve a staged action, optionally modifying the tool call.\n *\n * @throws ConfigurationError if webhookSecret is not configured\n * @throws HttpError on non-2xx response\n * @throws TimeoutError if request exceeds timeout\n */\n async approve(\n actionId: string,\n params: ApproveActionParams,\n ): Promise<ActionManageResponse> {\n return this.manage(actionId, params.action, \"approve\", {\n editedToolCall: params.editedToolCall,\n });\n }\n\n /**\n * Reject a staged action.\n *\n * @throws ConfigurationError if webhookSecret is not configured\n * @throws HttpError on non-2xx response\n * @throws TimeoutError if request exceeds timeout\n */\n async reject(\n actionId: string,\n params: RejectActionParams,\n ): Promise<ActionManageResponse> {\n return this.manage(actionId, params.action, \"reject\", {\n reason: params.reason,\n });\n }\n\n private async manage(\n actionId: string,\n webhookAction: string,\n operation: \"approve\" | \"reject\",\n body: Record<string, unknown>,\n ): Promise<ActionManageResponse> {\n if (!this.options.webhookSecret) {\n throw new ConfigurationError(\n \"webhookSecret is required for action management operations\",\n );\n }\n\n const path = `/webhooks/actions/${this.options.org}/${webhookAction}/manage/${actionId}/${operation}`;\n const bodyStr = JSON.stringify(body);\n const msgId = randomMessageId();\n const timestamp = Math.floor(Date.now() / 1000);\n const signature = sign(\n this.options.webhookSecret,\n msgId,\n timestamp,\n bodyStr,\n );\n\n return this.http.request<ActionManageResponse>(path, {\n method: \"POST\",\n body: bodyStr,\n headers: {\n \"svix-id\": msgId,\n \"svix-timestamp\": String(timestamp),\n \"svix-signature\": signature,\n },\n });\n }\n}\n","import { AgentPressError, HttpError, TimeoutError } from \"./errors\";\nimport type { ResolvedOptions } from \"./types\";\n\n/**\n * Internal shared HTTP client. Not part of the public API -- used by\n * namespace clients (e.g., `WebhooksClient`) to make authenticated requests.\n * @internal\n */\nexport class HttpClient {\n private readonly baseUrl: string;\n private readonly timeout: number;\n private readonly onRequest?: ResolvedOptions[\"onRequest\"];\n private readonly onResponse?: ResolvedOptions[\"onResponse\"];\n\n constructor(options: ResolvedOptions) {\n this.baseUrl = options.baseUrl;\n this.timeout = options.timeout;\n this.onRequest = options.onRequest;\n this.onResponse = options.onResponse;\n }\n\n /**\n * Send an HTTP request to the API. Constructs the full URL from `baseUrl` + `path`,\n * applies the configured timeout via `AbortSignal`, fires `onRequest`/`onResponse`\n * hooks, and parses the JSON response.\n *\n * @throws {TimeoutError} If the request exceeds the configured timeout.\n * @throws {HttpError} If the API returns a non-2xx status code.\n * @throws {AgentPressError} On network failures or non-JSON responses.\n */\n async request<T>(path: string, init: RequestInit): Promise<T> {\n const url = `${this.baseUrl}${path}`;\n\n const headers = new Headers(init.headers);\n if (!headers.has(\"Content-Type\")) {\n headers.set(\"Content-Type\", \"application/json\");\n }\n\n const requestInit: RequestInit = {\n ...init,\n headers,\n signal: AbortSignal.timeout(this.timeout),\n };\n\n this.onRequest?.(url, requestInit);\n\n let response: Response;\n try {\n // biome-ignore lint/style/noRestrictedGlobals: SDK is a standalone package that uses raw fetch\n response = await fetch(url, requestInit);\n } catch (error: unknown) {\n if (\n error instanceof Error &&\n (error.name === \"TimeoutError\" || error.name === \"AbortError\")\n ) {\n throw new TimeoutError(url, this.timeout);\n }\n const message =\n error instanceof Error ? error.message : \"Unknown fetch error\";\n throw new AgentPressError(`Request to ${url} failed: ${message}`);\n }\n\n this.onResponse?.(url, response.clone());\n\n const text = await response.text();\n\n if (!response.ok) {\n throw new HttpError(response.status, text, url);\n }\n\n try {\n return JSON.parse(text) as T;\n } catch {\n throw new AgentPressError(\n `Expected JSON response from ${url} but received: ${text.slice(0, 200)}`,\n );\n }\n }\n}\n","import {\n AgentPressError,\n ConfigurationError,\n WebhookSignatureError,\n} from \"../errors\";\nimport type { HttpClient } from \"../http\";\nimport type {\n ActionCallbackPayload,\n ResolvedOptions,\n WebhookResponse,\n WebhookSendParams,\n WebhookVerifyParams,\n} from \"../types\";\nimport { randomMessageId } from \"../utils\";\nimport { sign, verify as verifySig } from \"./signing\";\n\nexport class WebhooksClient {\n private readonly options: ResolvedOptions;\n private readonly http: HttpClient;\n\n constructor(options: ResolvedOptions, http: HttpClient) {\n this.options = options;\n this.http = http;\n }\n\n /**\n * Send an arbitrary webhook payload to AgentPress.\n * Signs the payload with HMAC-SHA256 (Svix-compatible).\n *\n * @throws ConfigurationError if webhookSecret is not configured\n * @throws HttpError on non-2xx response\n * @throws TimeoutError if request exceeds timeout\n */\n async send(params: WebhookSendParams): Promise<WebhookResponse> {\n if (!this.options.webhookSecret) {\n throw new ConfigurationError(\n \"webhookSecret is required for webhook operations\",\n );\n }\n\n const path = `/webhooks/actions/${this.options.org}/${params.action}`;\n const body = JSON.stringify(params.payload);\n const msgId = randomMessageId();\n const timestamp = Math.floor(Date.now() / 1000);\n const signature = sign(this.options.webhookSecret, msgId, timestamp, body);\n\n return this.http.request<WebhookResponse>(path, {\n method: \"POST\",\n body,\n headers: {\n \"svix-id\": msgId,\n \"svix-timestamp\": String(timestamp),\n \"svix-signature\": signature,\n },\n });\n }\n\n /**\n * Verify an inbound Svix webhook signature.\n *\n * @returns true if valid, false if invalid or expired\n * @throws ConfigurationError if webhookSecret is not configured\n */\n verify(params: WebhookVerifyParams): boolean {\n if (!this.options.webhookSecret) {\n throw new ConfigurationError(\n \"webhookSecret is required for webhook verification\",\n );\n }\n\n return verifySig(\n this.options.webhookSecret,\n params.payload,\n params.headers,\n );\n }\n\n /**\n * Verify an inbound Svix webhook signature, throwing on failure.\n * Useful for middleware patterns where invalid signatures should halt processing.\n *\n * @throws WebhookSignatureError if signature is invalid or expired\n * @throws ConfigurationError if webhookSecret is not configured\n */\n verifyOrThrow(params: WebhookVerifyParams): void {\n if (!this.verify(params)) {\n throw new WebhookSignatureError(\"Invalid webhook signature\");\n }\n }\n\n /**\n * Verify and parse an inbound webhook from AgentPress.\n * Combines signature verification with JSON parsing and type casting.\n * This is the recommended way to handle incoming webhooks.\n *\n * @throws WebhookSignatureError if signature is invalid or expired\n * @throws ConfigurationError if webhookSecret is not configured\n * @throws AgentPressError if payload is not valid JSON\n */\n constructEvent(params: WebhookVerifyParams): ActionCallbackPayload {\n this.verifyOrThrow(params);\n const body =\n typeof params.payload === \"string\"\n ? params.payload\n : params.payload.toString(\"utf-8\");\n try {\n return JSON.parse(body) as ActionCallbackPayload;\n } catch {\n throw new AgentPressError(\"Webhook payload is not valid JSON\");\n }\n }\n}\n","import { ActionsClient } from \"./actions/client\";\nimport { ConfigurationError } from \"./errors\";\nimport { HttpClient } from \"./http\";\nimport type { AgentPressOptions, ResolvedOptions } from \"./types\";\nimport { WebhooksClient } from \"./webhooks/client\";\n\n/**\n * Main entry point for the AgentPress SDK. Provides namespaced access to API\n * resources (e.g., `client.webhooks.send()`, `client.actions.approve()`).\n * Validates all configuration options at construction time, so invalid config fails fast.\n *\n * @example\n * ```ts\n * const client = new AgentPress({\n * apiKey: \"ak_...\",\n * webhookSecret: \"whsec_...\",\n * });\n * await client.webhooks.send({ action: \"my_action\", payload: { ... } });\n * await client.actions.approve(\"act_123\", { action: \"my_action\" });\n * ```\n */\nexport class AgentPress {\n /** Webhook operations: send outbound webhooks and verify inbound signatures. */\n public readonly webhooks: WebhooksClient;\n /** Action management: approve or reject staged actions. */\n public readonly actions: ActionsClient;\n\n /**\n * @param options - SDK configuration. All fields are optional with sensible defaults.\n * @throws {ConfigurationError} If `timeout` is non-positive or `webhookSecret` has an invalid prefix.\n */\n constructor(options: AgentPressOptions = {}) {\n const resolved = resolveOptions(options);\n const http = new HttpClient(resolved);\n this.webhooks = new WebhooksClient(resolved, http);\n this.actions = new ActionsClient(resolved, http);\n }\n}\n\nfunction resolveOptions(options: AgentPressOptions): ResolvedOptions {\n const baseUrl = (options.baseUrl ?? \"https://api.agent.press\").replace(\n /\\/+$/,\n \"\",\n );\n const timeout = options.timeout ?? 30_000;\n const org = options.org ?? \"default-org\";\n\n if (timeout <= 0 || !Number.isFinite(timeout)) {\n throw new ConfigurationError(\"timeout must be a positive number\");\n }\n\n if (\n options.webhookSecret !== undefined &&\n !options.webhookSecret.startsWith(\"whsec_\")\n ) {\n throw new ConfigurationError('webhookSecret must start with \"whsec_\"');\n }\n\n return {\n baseUrl,\n timeout,\n org,\n webhookSecret: options.webhookSecret,\n apiKey: options.apiKey,\n onRequest: options.onRequest,\n onResponse: options.onResponse,\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACIO,IAAM,kBAAN,cAA8B,MAAM;AAAA,EACzC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,WAAW,SAAS;AAAA,EAClD;AACF;AAMO,IAAM,qBAAN,cAAiC,gBAAgB;AAAA,EACtD,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,WAAW,SAAS;AAAA,EAClD;AACF;AAUO,IAAM,YAAN,cAAwB,gBAAgB;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EAEhB,YAAY,YAAoB,cAAsB,KAAa;AACjE,UAAM,QAAQ,UAAU,SAAS,GAAG,EAAE;AACtC,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,SAAK,eAAe;AACpB,SAAK,MAAM;AACX,WAAO,eAAe,MAAM,WAAW,SAAS;AAAA,EAClD;AACF;AAGO,IAAM,eAAN,cAA2B,gBAAgB;AAAA,EAChD,YAAY,KAAa,SAAiB;AACxC,UAAM,cAAc,GAAG,oBAAoB,OAAO,IAAI;AACtD,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,WAAW,SAAS;AAAA,EAClD;AACF;AAGO,IAAM,wBAAN,cAAoC,gBAAgB;AAAA,EACzD,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,WAAO,eAAe,MAAM,WAAW,SAAS;AAAA,EAClD;AACF;;;AC/DA,yBAA2B;AAEpB,SAAS,kBAA0B;AACxC,SAAO,WAAO,+BAAW,CAAC;AAC5B;;;ACJA,IAAAA,sBAA4C;AAE5C,IAAM,mBAAmB;AACzB,IAAM,4BAA4B,IAAI;AAW/B,SAAS,KACd,QACA,OACA,WACA,MACQ;AACR,QAAM,cAAc,OAAO,KAAK,OAAO,QAAQ,WAAW,EAAE,GAAG,QAAQ;AACvE,QAAM,UAAU,GAAG,KAAK,IAAI,SAAS,IAAI,IAAI;AAC7C,QAAM,gBAAY,gCAAW,UAAU,WAAW,EAC/C,OAAO,OAAO,EACd,OAAO,QAAQ;AAClB,SAAO,GAAG,gBAAgB,GAAG,SAAS;AACxC;AAWO,SAAS,OACd,QACA,SACA,SAKA,mBAA2B,2BAClB;AACT,QAAM,QAAQ,QAAQ,SAAS;AAC/B,QAAM,eAAe,QAAQ,gBAAgB;AAC7C,QAAM,kBAAkB,QAAQ,gBAAgB;AAEhD,QAAM,YAAY,SAAS,cAAc,EAAE;AAC3C,MAAI,OAAO,MAAM,SAAS,EAAG,QAAO;AAEpC,QAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AACxC,MAAI,KAAK,IAAI,MAAM,SAAS,IAAI,iBAAkB,QAAO;AAEzD,QAAM,OACJ,OAAO,YAAY,WAAW,UAAU,QAAQ,SAAS,OAAO;AAClE,QAAM,WAAW,KAAK,QAAQ,OAAO,WAAW,IAAI;AAEpD,QAAM,aAAa,gBAAgB,MAAM,GAAG;AAC5C,QAAM,cAAc,OAAO,KAAK,QAAQ;AAExC,aAAW,OAAO,YAAY;AAC5B,UAAM,SAAS,OAAO,KAAK,GAAG;AAC9B,QACE,OAAO,WAAW,YAAY,cAC9B,qCAAgB,QAAQ,WAAW,GACnC;AACA,aAAO;AAAA,IACT;AAAA,EACF;AAEA,SAAO;AACT;;;AC5CO,IAAM,gBAAN,MAAoB;AAAA,EACR;AAAA,EACA;AAAA,EAEjB,YAAY,SAA0B,MAAkB;AACtD,SAAK,UAAU;AACf,SAAK,OAAO;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,QACJ,UACA,QAC+B;AAC/B,WAAO,KAAK,OAAO,UAAU,OAAO,QAAQ,WAAW;AAAA,MACrD,gBAAgB,OAAO;AAAA,IACzB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,MAAM,OACJ,UACA,QAC+B;AAC/B,WAAO,KAAK,OAAO,UAAU,OAAO,QAAQ,UAAU;AAAA,MACpD,QAAQ,OAAO;AAAA,IACjB,CAAC;AAAA,EACH;AAAA,EAEA,MAAc,OACZ,UACA,eACA,WACA,MAC+B;AAC/B,QAAI,CAAC,KAAK,QAAQ,eAAe;AAC/B,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,UAAM,OAAO,qBAAqB,KAAK,QAAQ,GAAG,IAAI,aAAa,WAAW,QAAQ,IAAI,SAAS;AACnG,UAAM,UAAU,KAAK,UAAU,IAAI;AACnC,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAC9C,UAAM,YAAY;AAAA,MAChB,KAAK,QAAQ;AAAA,MACb;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAEA,WAAO,KAAK,KAAK,QAA8B,MAAM;AAAA,MACnD,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,SAAS;AAAA,QACP,WAAW;AAAA,QACX,kBAAkB,OAAO,SAAS;AAAA,QAClC,kBAAkB;AAAA,MACpB;AAAA,IACF,CAAC;AAAA,EACH;AACF;;;ACjGO,IAAM,aAAN,MAAiB;AAAA,EACL;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAEjB,YAAY,SAA0B;AACpC,SAAK,UAAU,QAAQ;AACvB,SAAK,UAAU,QAAQ;AACvB,SAAK,YAAY,QAAQ;AACzB,SAAK,aAAa,QAAQ;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,QAAW,MAAc,MAA+B;AAC5D,UAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI;AAElC,UAAM,UAAU,IAAI,QAAQ,KAAK,OAAO;AACxC,QAAI,CAAC,QAAQ,IAAI,cAAc,GAAG;AAChC,cAAQ,IAAI,gBAAgB,kBAAkB;AAAA,IAChD;AAEA,UAAM,cAA2B;AAAA,MAC/B,GAAG;AAAA,MACH;AAAA,MACA,QAAQ,YAAY,QAAQ,KAAK,OAAO;AAAA,IAC1C;AAEA,SAAK,YAAY,KAAK,WAAW;AAEjC,QAAI;AACJ,QAAI;AAEF,iBAAW,MAAM,MAAM,KAAK,WAAW;AAAA,IACzC,SAAS,OAAgB;AACvB,UACE,iBAAiB,UAChB,MAAM,SAAS,kBAAkB,MAAM,SAAS,eACjD;AACA,cAAM,IAAI,aAAa,KAAK,KAAK,OAAO;AAAA,MAC1C;AACA,YAAM,UACJ,iBAAiB,QAAQ,MAAM,UAAU;AAC3C,YAAM,IAAI,gBAAgB,cAAc,GAAG,YAAY,OAAO,EAAE;AAAA,IAClE;AAEA,SAAK,aAAa,KAAK,SAAS,MAAM,CAAC;AAEvC,UAAM,OAAO,MAAM,SAAS,KAAK;AAEjC,QAAI,CAAC,SAAS,IAAI;AAChB,YAAM,IAAI,UAAU,SAAS,QAAQ,MAAM,GAAG;AAAA,IAChD;AAEA,QAAI;AACF,aAAO,KAAK,MAAM,IAAI;AAAA,IACxB,QAAQ;AACN,YAAM,IAAI;AAAA,QACR,+BAA+B,GAAG,kBAAkB,KAAK,MAAM,GAAG,GAAG,CAAC;AAAA,MACxE;AAAA,IACF;AAAA,EACF;AACF;;;AC9DO,IAAM,iBAAN,MAAqB;AAAA,EACT;AAAA,EACA;AAAA,EAEjB,YAAY,SAA0B,MAAkB;AACtD,SAAK,UAAU;AACf,SAAK,OAAO;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,KAAK,QAAqD;AAC9D,QAAI,CAAC,KAAK,QAAQ,eAAe;AAC/B,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,UAAM,OAAO,qBAAqB,KAAK,QAAQ,GAAG,IAAI,OAAO,MAAM;AACnE,UAAM,OAAO,KAAK,UAAU,OAAO,OAAO;AAC1C,UAAM,QAAQ,gBAAgB;AAC9B,UAAM,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAC9C,UAAM,YAAY,KAAK,KAAK,QAAQ,eAAe,OAAO,WAAW,IAAI;AAEzE,WAAO,KAAK,KAAK,QAAyB,MAAM;AAAA,MAC9C,QAAQ;AAAA,MACR;AAAA,MACA,SAAS;AAAA,QACP,WAAW;AAAA,QACX,kBAAkB,OAAO,SAAS;AAAA,QAClC,kBAAkB;AAAA,MACpB;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAO,QAAsC;AAC3C,QAAI,CAAC,KAAK,QAAQ,eAAe;AAC/B,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,MACL,KAAK,QAAQ;AAAA,MACb,OAAO;AAAA,MACP,OAAO;AAAA,IACT;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASA,cAAc,QAAmC;AAC/C,QAAI,CAAC,KAAK,OAAO,MAAM,GAAG;AACxB,YAAM,IAAI,sBAAsB,2BAA2B;AAAA,IAC7D;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,eAAe,QAAoD;AACjE,SAAK,cAAc,MAAM;AACzB,UAAM,OACJ,OAAO,OAAO,YAAY,WACtB,OAAO,UACP,OAAO,QAAQ,SAAS,OAAO;AACrC,QAAI;AACF,aAAO,KAAK,MAAM,IAAI;AAAA,IACxB,QAAQ;AACN,YAAM,IAAI,gBAAgB,mCAAmC;AAAA,IAC/D;AAAA,EACF;AACF;;;AC1FO,IAAM,aAAN,MAAiB;AAAA;AAAA,EAEN;AAAA;AAAA,EAEA;AAAA;AAAA;AAAA;AAAA;AAAA,EAMhB,YAAY,UAA6B,CAAC,GAAG;AAC3C,UAAM,WAAW,eAAe,OAAO;AACvC,UAAM,OAAO,IAAI,WAAW,QAAQ;AACpC,SAAK,WAAW,IAAI,eAAe,UAAU,IAAI;AACjD,SAAK,UAAU,IAAI,cAAc,UAAU,IAAI;AAAA,EACjD;AACF;AAEA,SAAS,eAAe,SAA6C;AACnE,QAAM,WAAW,QAAQ,WAAW,2BAA2B;AAAA,IAC7D;AAAA,IACA;AAAA,EACF;AACA,QAAM,UAAU,QAAQ,WAAW;AACnC,QAAM,MAAM,QAAQ,OAAO;AAE3B,MAAI,WAAW,KAAK,CAAC,OAAO,SAAS,OAAO,GAAG;AAC7C,UAAM,IAAI,mBAAmB,mCAAmC;AAAA,EAClE;AAEA,MACE,QAAQ,kBAAkB,UAC1B,CAAC,QAAQ,cAAc,WAAW,QAAQ,GAC1C;AACA,UAAM,IAAI,mBAAmB,wCAAwC;AAAA,EACvE;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,eAAe,QAAQ;AAAA,IACvB,QAAQ,QAAQ;AAAA,IAChB,WAAW,QAAQ;AAAA,IACnB,YAAY,QAAQ;AAAA,EACtB;AACF;","names":["import_node_crypto"]}
1
+ {"version":3,"file":"index.cjs","names":["verifySig"],"sources":["../src/errors.ts","../src/utils.ts","../src/webhooks/signing.ts","../src/actions/client.ts","../src/http.ts","../src/webhooks/client.ts","../src/client.ts"],"sourcesContent":["/**\n * Base error class for all SDK errors. Catch this to handle any error\n * thrown by the AgentPress SDK regardless of specific type.\n */\nexport class AgentPressError extends Error {\n constructor(message: string) {\n super(message);\n this.name = \"AgentPressError\";\n Object.setPrototypeOf(this, new.target.prototype);\n }\n}\n\n/**\n * Thrown at construction time when `AgentPressOptions` contains invalid values\n * (e.g., non-positive timeout, malformed `webhookSecret`).\n */\nexport class ConfigurationError extends AgentPressError {\n constructor(message: string) {\n super(message);\n this.name = \"ConfigurationError\";\n Object.setPrototypeOf(this, new.target.prototype);\n }\n}\n\n/**\n * Thrown when the API returns a non-2xx HTTP response.\n *\n * Properties:\n * - `statusCode` - HTTP status code (e.g., 401, 404, 500)\n * - `responseBody` - Raw response body text for debugging\n * - `url` - The full request URL that failed\n */\nexport class HttpError extends AgentPressError {\n public readonly statusCode: number;\n public readonly responseBody: string;\n public readonly url: string;\n\n constructor(statusCode: number, responseBody: string, url: string) {\n super(`HTTP ${statusCode} from ${url}`);\n this.name = \"HttpError\";\n this.statusCode = statusCode;\n this.responseBody = responseBody;\n this.url = url;\n Object.setPrototypeOf(this, new.target.prototype);\n }\n}\n\n/** Thrown when a request exceeds the configured `timeout` (default 30s). */\nexport class TimeoutError extends AgentPressError {\n constructor(url: string, timeout: number) {\n super(`Request to ${url} timed out after ${timeout}ms`);\n this.name = \"TimeoutError\";\n Object.setPrototypeOf(this, new.target.prototype);\n }\n}\n\n/** Thrown by {@link WebhooksClient.verifyOrThrow} when an inbound webhook signature is invalid or expired. */\nexport class WebhookSignatureError extends AgentPressError {\n constructor(message: string) {\n super(message);\n this.name = \"WebhookSignatureError\";\n Object.setPrototypeOf(this, new.target.prototype);\n }\n}\n","import { randomUUID } from \"node:crypto\";\n\nexport function randomMessageId(): string {\n return `msg_${randomUUID()}`;\n}\n","import { createHmac, timingSafeEqual } from \"node:crypto\";\n\nconst SIGNATURE_PREFIX = \"v1,\";\nconst DEFAULT_TOLERANCE_SECONDS = 5 * 60; // 5 minutes\n\n/**\n * Sign a webhook payload using Svix-compatible HMAC-SHA256.\n *\n * @param secret - The webhook secret (with \"whsec_\" prefix)\n * @param msgId - Unique message ID (e.g., \"msg_<uuid>\")\n * @param timestamp - Unix timestamp in seconds\n * @param body - JSON stringified payload\n * @returns Signature string in format \"v1,<base64>\"\n */\nexport function sign(\n secret: string,\n msgId: string,\n timestamp: number,\n body: string,\n): string {\n const secretBytes = Buffer.from(secret.replace(/^whsec_/, \"\"), \"base64\");\n const message = `${msgId}.${timestamp}.${body}`;\n const signature = createHmac(\"sha256\", secretBytes)\n .update(message)\n .digest(\"base64\");\n return `${SIGNATURE_PREFIX}${signature}`;\n}\n\n/**\n * Verify a Svix webhook signature.\n *\n * @param secret - The webhook secret (with \"whsec_\" prefix)\n * @param payload - Raw request body (string or Buffer)\n * @param headers - Svix headers object\n * @param toleranceSeconds - Max age of signature in seconds (default: 5 min)\n * @returns true if valid, false if invalid or expired\n */\nexport function verify(\n secret: string,\n payload: string | Buffer,\n headers: {\n \"svix-id\": string;\n \"svix-timestamp\": string;\n \"svix-signature\": string;\n },\n toleranceSeconds: number = DEFAULT_TOLERANCE_SECONDS,\n): boolean {\n const msgId = headers[\"svix-id\"];\n const timestampStr = headers[\"svix-timestamp\"];\n const signatureHeader = headers[\"svix-signature\"];\n\n const timestamp = parseInt(timestampStr, 10);\n if (Number.isNaN(timestamp)) return false;\n\n const now = Math.floor(Date.now() / 1000);\n if (Math.abs(now - timestamp) > toleranceSeconds) return false;\n\n const body =\n typeof payload === \"string\" ? payload : payload.toString(\"utf-8\");\n const expected = sign(secret, msgId, timestamp, body);\n\n const signatures = signatureHeader.split(\" \");\n const expectedBuf = Buffer.from(expected);\n\n for (const sig of signatures) {\n const sigBuf = Buffer.from(sig);\n if (\n sigBuf.length === expectedBuf.length &&\n timingSafeEqual(sigBuf, expectedBuf)\n ) {\n return true;\n }\n }\n\n return false;\n}\n","import { ConfigurationError } from \"../errors\";\nimport type { HttpClient } from \"../http\";\nimport type {\n ActionManageResponse,\n ApproveActionParams,\n RejectActionParams,\n ResolvedOptions,\n} from \"../types\";\nimport { randomMessageId } from \"../utils\";\nimport { sign } from \"../webhooks/signing\";\n\n/**\n * Client for programmatically approving or rejecting staged actions.\n * Uses HMAC-SHA256 signing (Svix-compatible), identical to {@link WebhooksClient}.\n *\n * @example\n * ```ts\n * const client = new AgentPress({ webhookSecret: \"whsec_...\", org: \"my-org\" });\n *\n * // Approve a staged action\n * await client.actions.approve(\"act_123\", {\n * action: \"my_webhook_action\",\n * });\n *\n * // Reject with a reason\n * await client.actions.reject(\"act_456\", {\n * action: \"my_webhook_action\",\n * reason: \"Insufficient data\",\n * });\n * ```\n */\nexport class ActionsClient {\n private readonly options: ResolvedOptions;\n private readonly http: HttpClient;\n\n constructor(options: ResolvedOptions, http: HttpClient) {\n this.options = options;\n this.http = http;\n }\n\n /**\n * Approve a staged action, optionally modifying the tool call.\n *\n * @throws ConfigurationError if webhookSecret is not configured\n * @throws HttpError on non-2xx response\n * @throws TimeoutError if request exceeds timeout\n */\n async approve(\n actionId: string,\n params: ApproveActionParams,\n ): Promise<ActionManageResponse> {\n return this.manage(actionId, params.action, \"approve\", {\n editedToolCall: params.editedToolCall,\n });\n }\n\n /**\n * Reject a staged action.\n *\n * @throws ConfigurationError if webhookSecret is not configured\n * @throws HttpError on non-2xx response\n * @throws TimeoutError if request exceeds timeout\n */\n async reject(\n actionId: string,\n params: RejectActionParams,\n ): Promise<ActionManageResponse> {\n return this.manage(actionId, params.action, \"reject\", {\n reason: params.reason,\n });\n }\n\n private async manage(\n actionId: string,\n webhookAction: string,\n operation: \"approve\" | \"reject\",\n body: Record<string, unknown>,\n ): Promise<ActionManageResponse> {\n if (!this.options.webhookSecret) {\n throw new ConfigurationError(\n \"webhookSecret is required for action management operations\",\n );\n }\n\n const path = `/webhooks/actions/${this.options.org}/${webhookAction}/manage/${actionId}/${operation}`;\n const bodyStr = JSON.stringify(body);\n const msgId = randomMessageId();\n const timestamp = Math.floor(Date.now() / 1000);\n const signature = sign(\n this.options.webhookSecret,\n msgId,\n timestamp,\n bodyStr,\n );\n\n return this.http.request<ActionManageResponse>(path, {\n method: \"POST\",\n body: bodyStr,\n headers: {\n \"svix-id\": msgId,\n \"svix-timestamp\": String(timestamp),\n \"svix-signature\": signature,\n },\n });\n }\n}\n","import { AgentPressError, HttpError, TimeoutError } from \"./errors\";\nimport type { ResolvedOptions } from \"./types\";\n\n/**\n * Internal shared HTTP client. Not part of the public API -- used by\n * namespace clients (e.g., `WebhooksClient`) to make authenticated requests.\n * @internal\n */\nexport class HttpClient {\n private readonly baseUrl: string;\n private readonly timeout: number;\n private readonly onRequest?: ResolvedOptions[\"onRequest\"];\n private readonly onResponse?: ResolvedOptions[\"onResponse\"];\n\n constructor(options: ResolvedOptions) {\n this.baseUrl = options.baseUrl;\n this.timeout = options.timeout;\n this.onRequest = options.onRequest;\n this.onResponse = options.onResponse;\n }\n\n /**\n * Send an HTTP request to the API. Constructs the full URL from `baseUrl` + `path`,\n * applies the configured timeout via `AbortSignal`, fires `onRequest`/`onResponse`\n * hooks, and parses the JSON response.\n *\n * @throws {TimeoutError} If the request exceeds the configured timeout.\n * @throws {HttpError} If the API returns a non-2xx status code.\n * @throws {AgentPressError} On network failures or non-JSON responses.\n */\n async request<T>(path: string, init: RequestInit): Promise<T> {\n const url = `${this.baseUrl}${path}`;\n\n const headers = new Headers(init.headers);\n if (!headers.has(\"Content-Type\")) {\n headers.set(\"Content-Type\", \"application/json\");\n }\n\n const requestInit: RequestInit = {\n ...init,\n headers,\n signal: AbortSignal.timeout(this.timeout),\n };\n\n this.onRequest?.(url, requestInit);\n\n let response: Response;\n try {\n // biome-ignore lint/style/noRestrictedGlobals: SDK is a standalone package that uses raw fetch\n response = await fetch(url, requestInit);\n } catch (error: unknown) {\n if (\n error instanceof Error &&\n (error.name === \"TimeoutError\" || error.name === \"AbortError\")\n ) {\n throw new TimeoutError(url, this.timeout);\n }\n const message =\n error instanceof Error ? error.message : \"Unknown fetch error\";\n throw new AgentPressError(`Request to ${url} failed: ${message}`);\n }\n\n this.onResponse?.(url, response.clone());\n\n const text = await response.text();\n\n if (!response.ok) {\n throw new HttpError(response.status, text, url);\n }\n\n try {\n return JSON.parse(text) as T;\n } catch {\n throw new AgentPressError(\n `Expected JSON response from ${url} but received: ${text.slice(0, 200)}`,\n );\n }\n }\n}\n","import {\n AgentPressError,\n ConfigurationError,\n WebhookSignatureError,\n} from \"../errors\";\nimport type { HttpClient } from \"../http\";\nimport type {\n ActionCallbackPayload,\n ResolvedOptions,\n WebhookResponse,\n WebhookSendParams,\n WebhookVerifyParams,\n} from \"../types\";\nimport { randomMessageId } from \"../utils\";\nimport { sign, verify as verifySig } from \"./signing\";\n\nexport class WebhooksClient {\n private readonly options: ResolvedOptions;\n private readonly http: HttpClient;\n\n constructor(options: ResolvedOptions, http: HttpClient) {\n this.options = options;\n this.http = http;\n }\n\n /**\n * Send an arbitrary webhook payload to AgentPress.\n * Signs the payload with HMAC-SHA256 (Svix-compatible).\n *\n * @throws ConfigurationError if webhookSecret is not configured\n * @throws HttpError on non-2xx response\n * @throws TimeoutError if request exceeds timeout\n */\n async send(params: WebhookSendParams): Promise<WebhookResponse> {\n if (!this.options.webhookSecret) {\n throw new ConfigurationError(\n \"webhookSecret is required for webhook operations\",\n );\n }\n\n const path = `/webhooks/actions/${this.options.org}/${params.action}`;\n const body = JSON.stringify(params.payload);\n const msgId = randomMessageId();\n const timestamp = Math.floor(Date.now() / 1000);\n const signature = sign(this.options.webhookSecret, msgId, timestamp, body);\n\n return this.http.request<WebhookResponse>(path, {\n method: \"POST\",\n body,\n headers: {\n \"svix-id\": msgId,\n \"svix-timestamp\": String(timestamp),\n \"svix-signature\": signature,\n },\n });\n }\n\n /**\n * Verify an inbound Svix webhook signature.\n *\n * @returns true if valid, false if invalid or expired\n * @throws ConfigurationError if webhookSecret is not configured\n */\n verify(params: WebhookVerifyParams): boolean {\n if (!this.options.webhookSecret) {\n throw new ConfigurationError(\n \"webhookSecret is required for webhook verification\",\n );\n }\n\n return verifySig(\n this.options.webhookSecret,\n params.payload,\n params.headers,\n );\n }\n\n /**\n * Verify an inbound Svix webhook signature, throwing on failure.\n * Useful for middleware patterns where invalid signatures should halt processing.\n *\n * @throws WebhookSignatureError if signature is invalid or expired\n * @throws ConfigurationError if webhookSecret is not configured\n */\n verifyOrThrow(params: WebhookVerifyParams): void {\n if (!this.verify(params)) {\n throw new WebhookSignatureError(\"Invalid webhook signature\");\n }\n }\n\n /**\n * Verify and parse an inbound webhook from AgentPress.\n * Combines signature verification with JSON parsing and type casting.\n * This is the recommended way to handle incoming webhooks.\n *\n * @throws WebhookSignatureError if signature is invalid or expired\n * @throws ConfigurationError if webhookSecret is not configured\n * @throws AgentPressError if payload is not valid JSON\n */\n constructEvent(params: WebhookVerifyParams): ActionCallbackPayload {\n this.verifyOrThrow(params);\n const body =\n typeof params.payload === \"string\"\n ? params.payload\n : params.payload.toString(\"utf-8\");\n try {\n return JSON.parse(body) as ActionCallbackPayload;\n } catch {\n throw new AgentPressError(\"Webhook payload is not valid JSON\");\n }\n }\n}\n","import { ActionsClient } from \"./actions/client\";\nimport { ConfigurationError } from \"./errors\";\nimport { HttpClient } from \"./http\";\nimport type { AgentPressOptions, ResolvedOptions } from \"./types\";\nimport { WebhooksClient } from \"./webhooks/client\";\n\n/**\n * Main entry point for the AgentPress SDK. Provides namespaced access to API\n * resources (e.g., `client.webhooks.send()`, `client.actions.approve()`).\n * Validates all configuration options at construction time, so invalid config fails fast.\n *\n * @example\n * ```ts\n * const client = new AgentPress({\n * apiKey: \"ak_...\",\n * webhookSecret: \"whsec_...\",\n * });\n * await client.webhooks.send({ action: \"my_action\", payload: { ... } });\n * await client.actions.approve(\"act_123\", { action: \"my_action\" });\n * ```\n */\nexport class AgentPress {\n /** Webhook operations: send outbound webhooks and verify inbound signatures. */\n public readonly webhooks: WebhooksClient;\n /** Action management: approve or reject staged actions. */\n public readonly actions: ActionsClient;\n\n /**\n * @param options - SDK configuration. All fields are optional with sensible defaults.\n * @throws {ConfigurationError} If `timeout` is non-positive or `webhookSecret` has an invalid prefix.\n */\n constructor(options: AgentPressOptions = {}) {\n const resolved = resolveOptions(options);\n const http = new HttpClient(resolved);\n this.webhooks = new WebhooksClient(resolved, http);\n this.actions = new ActionsClient(resolved, http);\n }\n}\n\nfunction resolveOptions(options: AgentPressOptions): ResolvedOptions {\n const baseUrl = (options.baseUrl ?? \"https://api.agent.press\").replace(\n /\\/+$/,\n \"\",\n );\n const timeout = options.timeout ?? 30_000;\n const org = options.org ?? \"default-org\";\n\n if (timeout <= 0 || !Number.isFinite(timeout)) {\n throw new ConfigurationError(\"timeout must be a positive number\");\n }\n\n if (\n options.webhookSecret !== undefined &&\n !options.webhookSecret.startsWith(\"whsec_\")\n ) {\n throw new ConfigurationError('webhookSecret must start with \"whsec_\"');\n }\n\n return {\n baseUrl,\n timeout,\n org,\n webhookSecret: options.webhookSecret,\n apiKey: options.apiKey,\n onRequest: options.onRequest,\n onResponse: options.onResponse,\n };\n}\n"],"mappings":";;;;;;;AAIA,IAAa,kBAAb,cAAqC,MAAM;CACzC,YAAY,SAAiB;AAC3B,QAAM,QAAQ;AACd,OAAK,OAAO;AACZ,SAAO,eAAe,MAAM,IAAI,OAAO,UAAU;;;;;;;AAQrD,IAAa,qBAAb,cAAwC,gBAAgB;CACtD,YAAY,SAAiB;AAC3B,QAAM,QAAQ;AACd,OAAK,OAAO;AACZ,SAAO,eAAe,MAAM,IAAI,OAAO,UAAU;;;;;;;;;;;AAYrD,IAAa,YAAb,cAA+B,gBAAgB;CAC7C;CACA;CACA;CAEA,YAAY,YAAoB,cAAsB,KAAa;AACjE,QAAM,QAAQ,WAAW,QAAQ,MAAM;AACvC,OAAK,OAAO;AACZ,OAAK,aAAa;AAClB,OAAK,eAAe;AACpB,OAAK,MAAM;AACX,SAAO,eAAe,MAAM,IAAI,OAAO,UAAU;;;;AAKrD,IAAa,eAAb,cAAkC,gBAAgB;CAChD,YAAY,KAAa,SAAiB;AACxC,QAAM,cAAc,IAAI,mBAAmB,QAAQ,IAAI;AACvD,OAAK,OAAO;AACZ,SAAO,eAAe,MAAM,IAAI,OAAO,UAAU;;;;AAKrD,IAAa,wBAAb,cAA2C,gBAAgB;CACzD,YAAY,SAAiB;AAC3B,QAAM,QAAQ;AACd,OAAK,OAAO;AACZ,SAAO,eAAe,MAAM,IAAI,OAAO,UAAU;;;;;AC3DrD,SAAgB,kBAA0B;AACxC,QAAO,QAAA,GAAA,YAAA,aAAmB;;;;ACD5B,MAAM,mBAAmB;AACzB,MAAM,4BAA4B;;;;;;;;;;AAWlC,SAAgB,KACd,QACA,OACA,WACA,MACQ;CACR,MAAM,cAAc,OAAO,KAAK,OAAO,QAAQ,WAAW,GAAG,EAAE,SAAS;CACxE,MAAM,UAAU,GAAG,MAAM,GAAG,UAAU,GAAG;AAIzC,QAAO,GAAG,oBAAA,GAAA,YAAA,YAHmB,UAAU,YAAY,CAChD,OAAO,QAAQ,CACf,OAAO,SAAS;;;;;;;;;;;AAarB,SAAgB,OACd,QACA,SACA,SAKA,mBAA2B,2BAClB;CACT,MAAM,QAAQ,QAAQ;CACtB,MAAM,eAAe,QAAQ;CAC7B,MAAM,kBAAkB,QAAQ;CAEhC,MAAM,YAAY,SAAS,cAAc,GAAG;AAC5C,KAAI,OAAO,MAAM,UAAU,CAAE,QAAO;CAEpC,MAAM,MAAM,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK;AACzC,KAAI,KAAK,IAAI,MAAM,UAAU,GAAG,iBAAkB,QAAO;CAIzD,MAAM,WAAW,KAAK,QAAQ,OAAO,WADnC,OAAO,YAAY,WAAW,UAAU,QAAQ,SAAS,QAAQ,CACd;CAErD,MAAM,aAAa,gBAAgB,MAAM,IAAI;CAC7C,MAAM,cAAc,OAAO,KAAK,SAAS;AAEzC,MAAK,MAAM,OAAO,YAAY;EAC5B,MAAM,SAAS,OAAO,KAAK,IAAI;AAC/B,MACE,OAAO,WAAW,YAAY,WAAA,GAAA,YAAA,iBACd,QAAQ,YAAY,CAEpC,QAAO;;AAIX,QAAO;;;;;;;;;;;;;;;;;;;;;;;;AC3CT,IAAa,gBAAb,MAA2B;CACzB;CACA;CAEA,YAAY,SAA0B,MAAkB;AACtD,OAAK,UAAU;AACf,OAAK,OAAO;;;;;;;;;CAUd,MAAM,QACJ,UACA,QAC+B;AAC/B,SAAO,KAAK,OAAO,UAAU,OAAO,QAAQ,WAAW,EACrD,gBAAgB,OAAO,gBACxB,CAAC;;;;;;;;;CAUJ,MAAM,OACJ,UACA,QAC+B;AAC/B,SAAO,KAAK,OAAO,UAAU,OAAO,QAAQ,UAAU,EACpD,QAAQ,OAAO,QAChB,CAAC;;CAGJ,MAAc,OACZ,UACA,eACA,WACA,MAC+B;AAC/B,MAAI,CAAC,KAAK,QAAQ,cAChB,OAAM,IAAI,mBACR,6DACD;EAGH,MAAM,OAAO,qBAAqB,KAAK,QAAQ,IAAI,GAAG,cAAc,UAAU,SAAS,GAAG;EAC1F,MAAM,UAAU,KAAK,UAAU,KAAK;EACpC,MAAM,QAAQ,iBAAiB;EAC/B,MAAM,YAAY,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK;EAC/C,MAAM,YAAY,KAChB,KAAK,QAAQ,eACb,OACA,WACA,QACD;AAED,SAAO,KAAK,KAAK,QAA8B,MAAM;GACnD,QAAQ;GACR,MAAM;GACN,SAAS;IACP,WAAW;IACX,kBAAkB,OAAO,UAAU;IACnC,kBAAkB;IACnB;GACF,CAAC;;;;;;;;;;AC/FN,IAAa,aAAb,MAAwB;CACtB;CACA;CACA;CACA;CAEA,YAAY,SAA0B;AACpC,OAAK,UAAU,QAAQ;AACvB,OAAK,UAAU,QAAQ;AACvB,OAAK,YAAY,QAAQ;AACzB,OAAK,aAAa,QAAQ;;;;;;;;;;;CAY5B,MAAM,QAAW,MAAc,MAA+B;EAC5D,MAAM,MAAM,GAAG,KAAK,UAAU;EAE9B,MAAM,UAAU,IAAI,QAAQ,KAAK,QAAQ;AACzC,MAAI,CAAC,QAAQ,IAAI,eAAe,CAC9B,SAAQ,IAAI,gBAAgB,mBAAmB;EAGjD,MAAM,cAA2B;GAC/B,GAAG;GACH;GACA,QAAQ,YAAY,QAAQ,KAAK,QAAQ;GAC1C;AAED,OAAK,YAAY,KAAK,YAAY;EAElC,IAAI;AACJ,MAAI;AAEF,cAAW,MAAM,MAAM,KAAK,YAAY;WACjC,OAAgB;AACvB,OACE,iBAAiB,UAChB,MAAM,SAAS,kBAAkB,MAAM,SAAS,cAEjD,OAAM,IAAI,aAAa,KAAK,KAAK,QAAQ;AAI3C,SAAM,IAAI,gBAAgB,cAAc,IAAI,WAD1C,iBAAiB,QAAQ,MAAM,UAAU,wBACsB;;AAGnE,OAAK,aAAa,KAAK,SAAS,OAAO,CAAC;EAExC,MAAM,OAAO,MAAM,SAAS,MAAM;AAElC,MAAI,CAAC,SAAS,GACZ,OAAM,IAAI,UAAU,SAAS,QAAQ,MAAM,IAAI;AAGjD,MAAI;AACF,UAAO,KAAK,MAAM,KAAK;UACjB;AACN,SAAM,IAAI,gBACR,+BAA+B,IAAI,iBAAiB,KAAK,MAAM,GAAG,IAAI,GACvE;;;;;;AC3DP,IAAa,iBAAb,MAA4B;CAC1B;CACA;CAEA,YAAY,SAA0B,MAAkB;AACtD,OAAK,UAAU;AACf,OAAK,OAAO;;;;;;;;;;CAWd,MAAM,KAAK,QAAqD;AAC9D,MAAI,CAAC,KAAK,QAAQ,cAChB,OAAM,IAAI,mBACR,mDACD;EAGH,MAAM,OAAO,qBAAqB,KAAK,QAAQ,IAAI,GAAG,OAAO;EAC7D,MAAM,OAAO,KAAK,UAAU,OAAO,QAAQ;EAC3C,MAAM,QAAQ,iBAAiB;EAC/B,MAAM,YAAY,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK;EAC/C,MAAM,YAAY,KAAK,KAAK,QAAQ,eAAe,OAAO,WAAW,KAAK;AAE1E,SAAO,KAAK,KAAK,QAAyB,MAAM;GAC9C,QAAQ;GACR;GACA,SAAS;IACP,WAAW;IACX,kBAAkB,OAAO,UAAU;IACnC,kBAAkB;IACnB;GACF,CAAC;;;;;;;;CASJ,OAAO,QAAsC;AAC3C,MAAI,CAAC,KAAK,QAAQ,cAChB,OAAM,IAAI,mBACR,qDACD;AAGH,SAAOA,OACL,KAAK,QAAQ,eACb,OAAO,SACP,OAAO,QACR;;;;;;;;;CAUH,cAAc,QAAmC;AAC/C,MAAI,CAAC,KAAK,OAAO,OAAO,CACtB,OAAM,IAAI,sBAAsB,4BAA4B;;;;;;;;;;;CAahE,eAAe,QAAoD;AACjE,OAAK,cAAc,OAAO;EAC1B,MAAM,OACJ,OAAO,OAAO,YAAY,WACtB,OAAO,UACP,OAAO,QAAQ,SAAS,QAAQ;AACtC,MAAI;AACF,UAAO,KAAK,MAAM,KAAK;UACjB;AACN,SAAM,IAAI,gBAAgB,oCAAoC;;;;;;;;;;;;;;;;;;;;;ACvFpE,IAAa,aAAb,MAAwB;;CAEtB;;CAEA;;;;;CAMA,YAAY,UAA6B,EAAE,EAAE;EAC3C,MAAM,WAAW,eAAe,QAAQ;EACxC,MAAM,OAAO,IAAI,WAAW,SAAS;AACrC,OAAK,WAAW,IAAI,eAAe,UAAU,KAAK;AAClD,OAAK,UAAU,IAAI,cAAc,UAAU,KAAK;;;AAIpD,SAAS,eAAe,SAA6C;CACnE,MAAM,WAAW,QAAQ,WAAW,2BAA2B,QAC7D,QACA,GACD;CACD,MAAM,UAAU,QAAQ,WAAW;CACnC,MAAM,MAAM,QAAQ,OAAO;AAE3B,KAAI,WAAW,KAAK,CAAC,OAAO,SAAS,QAAQ,CAC3C,OAAM,IAAI,mBAAmB,oCAAoC;AAGnE,KACE,QAAQ,kBAAkB,KAAA,KAC1B,CAAC,QAAQ,cAAc,WAAW,SAAS,CAE3C,OAAM,IAAI,mBAAmB,2CAAyC;AAGxE,QAAO;EACL;EACA;EACA;EACA,eAAe,QAAQ;EACvB,QAAQ,QAAQ;EAChB,WAAW,QAAQ;EACnB,YAAY,QAAQ;EACrB"}
package/dist/index.d.cts CHANGED
@@ -1,161 +1,164 @@
1
+ //#region src/types.d.ts
1
2
  /** Constructor options for the {@link AgentPress} client. All fields are optional. */
2
3
  interface AgentPressOptions {
3
- /** Svix webhook signing secret for verifying inbound webhooks. Must start with `"whsec_"`. */
4
- webhookSecret?: string;
5
- /** API key for authenticated requests. */
6
- apiKey?: string;
7
- /** @default "https://api.agent.press" */
8
- baseUrl?: string;
9
- /** Request timeout in milliseconds. Must be a positive finite number. @default 30000 */
10
- timeout?: number;
11
- /** Organization identifier sent with requests. @default "default-org" */
12
- org?: string;
13
- /** Hook called before every outbound HTTP request (useful for logging/tracing). */
14
- onRequest?: (url: string, init: RequestInit) => void;
15
- /** Hook called after every HTTP response is received. */
16
- onResponse?: (url: string, response: Response) => void;
4
+ /** Svix webhook signing secret for verifying inbound webhooks. Must start with `"whsec_"`. */
5
+ webhookSecret?: string;
6
+ /** API key for authenticated requests. */
7
+ apiKey?: string;
8
+ /** @default "https://api.agent.press" */
9
+ baseUrl?: string;
10
+ /** Request timeout in milliseconds. Must be a positive finite number. @default 30000 */
11
+ timeout?: number;
12
+ /** Organization identifier sent with requests. @default "default-org" */
13
+ org?: string;
14
+ /** Hook called before every outbound HTTP request (useful for logging/tracing). */
15
+ onRequest?: (url: string, init: RequestInit) => void;
16
+ /** Hook called after every HTTP response is received. */
17
+ onResponse?: (url: string, response: Response) => void;
17
18
  }
18
19
  /** Parameters for {@link WebhooksClient.send}. */
19
20
  interface WebhookSendParams {
20
- /** Webhook action name (matches an action rule on the server). */
21
- action: string;
22
- /** Arbitrary payload data forwarded to the webhook handler. */
23
- payload: Record<string, unknown>;
21
+ /** Webhook action name (matches an action rule on the server). */
22
+ action: string;
23
+ /** Arbitrary payload data forwarded to the webhook handler. */
24
+ payload: Record<string, unknown>;
24
25
  }
25
26
  /** Parameters for verifying an inbound webhook signature via {@link WebhooksClient.verify} or {@link WebhooksClient.verifyOrThrow}. */
26
27
  interface WebhookVerifyParams {
27
- /** Raw request body (string or Buffer) -- must not be parsed/modified. */
28
- payload: string | Buffer;
29
- /** Svix signature headers from the incoming request. */
30
- headers: {
31
- "svix-id": string;
32
- "svix-timestamp": string;
33
- "svix-signature": string;
34
- };
28
+ /** Raw request body (string or Buffer) -- must not be parsed/modified. */
29
+ payload: string | Buffer;
30
+ /** Svix signature headers from the incoming request. */
31
+ headers: {
32
+ "svix-id": string;
33
+ "svix-timestamp": string;
34
+ "svix-signature": string;
35
+ };
35
36
  }
36
37
  /** Response from webhook send operations. */
37
38
  interface WebhookResponse {
38
- success: boolean;
39
- /** UUID of the created action (present on successful creation). */
40
- actionId?: string;
41
- /** `true` if an action with the same `externalId` already existed (idempotency). */
42
- alreadyExists?: boolean;
43
- skipped?: boolean;
44
- data?: Record<string, unknown>;
39
+ success: boolean;
40
+ /** UUID of the created action (present on successful creation). */
41
+ actionId?: string;
42
+ /** `true` if an action with the same `externalId` already existed (idempotency). */
43
+ alreadyExists?: boolean;
44
+ skipped?: boolean;
45
+ data?: Record<string, unknown>;
45
46
  }
46
47
  /** Action lifecycle event types emitted by AgentPress. */
47
48
  type ActionEventType = "action.pending_approval" | "action.approved" | "action.completed" | "action.failed" | "action.rejected" | "action.expired";
48
49
  /** A tool call staged for approval (present when eventType is "action.pending_approval"). */
49
50
  interface StagedToolCall {
50
- toolName: string;
51
- toolCallId: string;
52
- arguments: Record<string, unknown>;
51
+ toolName: string;
52
+ toolCallId: string;
53
+ arguments: Record<string, unknown>;
53
54
  }
54
55
  /** Parameters for {@link ActionsClient.approve}. */
55
56
  interface ApproveActionParams {
56
- /** Webhook action identifier (from callback's webhookAction field). */
57
- action: string;
58
- /** Optionally modify the tool call arguments before execution. */
59
- editedToolCall?: {
60
- toolName: string;
61
- arguments: Record<string, unknown>;
62
- };
57
+ /** Webhook action identifier (from callback's webhookAction field). */
58
+ action: string;
59
+ /** Optionally modify the tool call arguments before execution. */
60
+ editedToolCall?: {
61
+ toolName: string;
62
+ arguments: Record<string, unknown>;
63
+ };
63
64
  }
64
65
  /** Parameters for {@link ActionsClient.reject}. */
65
66
  interface RejectActionParams {
66
- /** Webhook action identifier (from callback's webhookAction field). */
67
- action: string;
68
- /** Reason for rejection. */
69
- reason?: string;
67
+ /** Webhook action identifier (from callback's webhookAction field). */
68
+ action: string;
69
+ /** Reason for rejection. */
70
+ reason?: string;
70
71
  }
71
72
  /** Response from action approve/reject operations. */
72
73
  interface ActionManageResponse {
73
- success: boolean;
74
- actionId: string;
75
- status: ActionStatus;
74
+ success: boolean;
75
+ actionId: string;
76
+ status: ActionStatus;
76
77
  }
77
78
  /** Status of an action in the AgentPress system. */
78
79
  type ActionStatus = "pending" | "staged" | "approved" | "rejected" | "completed" | "failed" | "expired";
79
80
  /** A tool call made by the agent during action processing. */
80
81
  interface ToolCallResult {
81
- toolName: string;
82
- arguments: Record<string, unknown>;
83
- result: unknown;
82
+ toolName: string;
83
+ arguments: Record<string, unknown>;
84
+ result: unknown;
84
85
  }
85
86
  /** The agent's response after processing an action. */
86
87
  interface AgentResponse {
87
- /** The agent's text response, if any. */
88
- text: string | null;
89
- /** Tool calls made by the agent during processing. */
90
- toolCalls: ToolCallResult[];
88
+ /** The agent's text response, if any. */
89
+ text: string | null;
90
+ /** Tool calls made by the agent during processing. */
91
+ toolCalls: ToolCallResult[];
91
92
  }
92
93
  /**
93
94
  * Payload received from AgentPress outbound webhooks (post-event callbacks).
94
95
  * This is what your server receives when an action completes.
95
96
  */
96
97
  interface ActionCallbackPayload {
97
- actionId: string;
98
- status: ActionStatus;
99
- actionType: string;
100
- /** Lifecycle event type (e.g., "action.pending_approval", "action.completed"). */
101
- eventType: ActionEventType;
102
- /** Webhook action identifier used to create this action. Needed for approve/reject. */
103
- webhookAction: string | null;
104
- /** Tool awaiting approval (present only when eventType is "action.pending_approval"). */
105
- stagedToolCall: StagedToolCall | null;
106
- /** ISO 8601 timestamp of when the action completed. */
107
- completedAt: string;
108
- /** Original data from the inbound webhook that triggered this action. */
109
- sourceData: Record<string, unknown>;
110
- /** External system identifier. */
111
- externalId: string | null;
112
- /** AgentPress user ID associated with this action. */
113
- userId: string | null;
114
- /** Thread ID if the action created a conversation. */
115
- threadId: string | null;
116
- /** The agent's response including text and tool call results. */
117
- agentResponse: AgentResponse;
118
- /** Error message if the action failed. */
119
- errorMessage: string | null;
120
- /** Reason provided if the action was rejected by a human reviewer. */
121
- rejectionReason: string | null;
122
- /** Additional custom fields from post-event configuration. */
123
- [key: string]: unknown;
98
+ actionId: string;
99
+ status: ActionStatus;
100
+ actionType: string;
101
+ /** Lifecycle event type (e.g., "action.pending_approval", "action.completed"). */
102
+ eventType: ActionEventType;
103
+ /** Webhook action identifier used to create this action. Needed for approve/reject. */
104
+ webhookAction: string | null;
105
+ /** Tool awaiting approval (present only when eventType is "action.pending_approval"). */
106
+ stagedToolCall: StagedToolCall | null;
107
+ /** ISO 8601 timestamp of when the action completed. */
108
+ completedAt: string;
109
+ /** Original data from the inbound webhook that triggered this action. */
110
+ sourceData: Record<string, unknown>;
111
+ /** External system identifier. */
112
+ externalId: string | null;
113
+ /** AgentPress user ID associated with this action. */
114
+ userId: string | null;
115
+ /** Thread ID if the action created a conversation. */
116
+ threadId: string | null;
117
+ /** The agent's response including text and tool call results. */
118
+ agentResponse: AgentResponse;
119
+ /** Error message if the action failed. */
120
+ errorMessage: string | null;
121
+ /** Reason provided if the action was rejected by a human reviewer. */
122
+ rejectionReason: string | null;
123
+ /** Additional custom fields from post-event configuration. */
124
+ [key: string]: unknown;
124
125
  }
125
126
  /** @internal Resolved (validated, defaulted) options. Not exported from the public API. */
126
127
  interface ResolvedOptions {
127
- baseUrl: string;
128
- timeout: number;
129
- org: string;
130
- webhookSecret?: string;
131
- apiKey?: string;
132
- onRequest?: AgentPressOptions["onRequest"];
133
- onResponse?: AgentPressOptions["onResponse"];
128
+ baseUrl: string;
129
+ timeout: number;
130
+ org: string;
131
+ webhookSecret?: string;
132
+ apiKey?: string;
133
+ onRequest?: AgentPressOptions["onRequest"];
134
+ onResponse?: AgentPressOptions["onResponse"];
134
135
  }
135
-
136
+ //#endregion
137
+ //#region src/http.d.ts
136
138
  /**
137
139
  * Internal shared HTTP client. Not part of the public API -- used by
138
140
  * namespace clients (e.g., `WebhooksClient`) to make authenticated requests.
139
141
  * @internal
140
142
  */
141
143
  declare class HttpClient {
142
- private readonly baseUrl;
143
- private readonly timeout;
144
- private readonly onRequest?;
145
- private readonly onResponse?;
146
- constructor(options: ResolvedOptions);
147
- /**
148
- * Send an HTTP request to the API. Constructs the full URL from `baseUrl` + `path`,
149
- * applies the configured timeout via `AbortSignal`, fires `onRequest`/`onResponse`
150
- * hooks, and parses the JSON response.
151
- *
152
- * @throws {TimeoutError} If the request exceeds the configured timeout.
153
- * @throws {HttpError} If the API returns a non-2xx status code.
154
- * @throws {AgentPressError} On network failures or non-JSON responses.
155
- */
156
- request<T>(path: string, init: RequestInit): Promise<T>;
144
+ private readonly baseUrl;
145
+ private readonly timeout;
146
+ private readonly onRequest?;
147
+ private readonly onResponse?;
148
+ constructor(options: ResolvedOptions);
149
+ /**
150
+ * Send an HTTP request to the API. Constructs the full URL from `baseUrl` + `path`,
151
+ * applies the configured timeout via `AbortSignal`, fires `onRequest`/`onResponse`
152
+ * hooks, and parses the JSON response.
153
+ *
154
+ * @throws {TimeoutError} If the request exceeds the configured timeout.
155
+ * @throws {HttpError} If the API returns a non-2xx status code.
156
+ * @throws {AgentPressError} On network failures or non-JSON responses.
157
+ */
158
+ request<T>(path: string, init: RequestInit): Promise<T>;
157
159
  }
158
-
160
+ //#endregion
161
+ //#region src/actions/client.d.ts
159
162
  /**
160
163
  * Client for programmatically approving or rejecting staged actions.
161
164
  * Uses HMAC-SHA256 signing (Svix-compatible), identical to {@link WebhooksClient}.
@@ -177,68 +180,70 @@ declare class HttpClient {
177
180
  * ```
178
181
  */
179
182
  declare class ActionsClient {
180
- private readonly options;
181
- private readonly http;
182
- constructor(options: ResolvedOptions, http: HttpClient);
183
- /**
184
- * Approve a staged action, optionally modifying the tool call.
185
- *
186
- * @throws ConfigurationError if webhookSecret is not configured
187
- * @throws HttpError on non-2xx response
188
- * @throws TimeoutError if request exceeds timeout
189
- */
190
- approve(actionId: string, params: ApproveActionParams): Promise<ActionManageResponse>;
191
- /**
192
- * Reject a staged action.
193
- *
194
- * @throws ConfigurationError if webhookSecret is not configured
195
- * @throws HttpError on non-2xx response
196
- * @throws TimeoutError if request exceeds timeout
197
- */
198
- reject(actionId: string, params: RejectActionParams): Promise<ActionManageResponse>;
199
- private manage;
183
+ private readonly options;
184
+ private readonly http;
185
+ constructor(options: ResolvedOptions, http: HttpClient);
186
+ /**
187
+ * Approve a staged action, optionally modifying the tool call.
188
+ *
189
+ * @throws ConfigurationError if webhookSecret is not configured
190
+ * @throws HttpError on non-2xx response
191
+ * @throws TimeoutError if request exceeds timeout
192
+ */
193
+ approve(actionId: string, params: ApproveActionParams): Promise<ActionManageResponse>;
194
+ /**
195
+ * Reject a staged action.
196
+ *
197
+ * @throws ConfigurationError if webhookSecret is not configured
198
+ * @throws HttpError on non-2xx response
199
+ * @throws TimeoutError if request exceeds timeout
200
+ */
201
+ reject(actionId: string, params: RejectActionParams): Promise<ActionManageResponse>;
202
+ private manage;
200
203
  }
201
-
204
+ //#endregion
205
+ //#region src/webhooks/client.d.ts
202
206
  declare class WebhooksClient {
203
- private readonly options;
204
- private readonly http;
205
- constructor(options: ResolvedOptions, http: HttpClient);
206
- /**
207
- * Send an arbitrary webhook payload to AgentPress.
208
- * Signs the payload with HMAC-SHA256 (Svix-compatible).
209
- *
210
- * @throws ConfigurationError if webhookSecret is not configured
211
- * @throws HttpError on non-2xx response
212
- * @throws TimeoutError if request exceeds timeout
213
- */
214
- send(params: WebhookSendParams): Promise<WebhookResponse>;
215
- /**
216
- * Verify an inbound Svix webhook signature.
217
- *
218
- * @returns true if valid, false if invalid or expired
219
- * @throws ConfigurationError if webhookSecret is not configured
220
- */
221
- verify(params: WebhookVerifyParams): boolean;
222
- /**
223
- * Verify an inbound Svix webhook signature, throwing on failure.
224
- * Useful for middleware patterns where invalid signatures should halt processing.
225
- *
226
- * @throws WebhookSignatureError if signature is invalid or expired
227
- * @throws ConfigurationError if webhookSecret is not configured
228
- */
229
- verifyOrThrow(params: WebhookVerifyParams): void;
230
- /**
231
- * Verify and parse an inbound webhook from AgentPress.
232
- * Combines signature verification with JSON parsing and type casting.
233
- * This is the recommended way to handle incoming webhooks.
234
- *
235
- * @throws WebhookSignatureError if signature is invalid or expired
236
- * @throws ConfigurationError if webhookSecret is not configured
237
- * @throws AgentPressError if payload is not valid JSON
238
- */
239
- constructEvent(params: WebhookVerifyParams): ActionCallbackPayload;
207
+ private readonly options;
208
+ private readonly http;
209
+ constructor(options: ResolvedOptions, http: HttpClient);
210
+ /**
211
+ * Send an arbitrary webhook payload to AgentPress.
212
+ * Signs the payload with HMAC-SHA256 (Svix-compatible).
213
+ *
214
+ * @throws ConfigurationError if webhookSecret is not configured
215
+ * @throws HttpError on non-2xx response
216
+ * @throws TimeoutError if request exceeds timeout
217
+ */
218
+ send(params: WebhookSendParams): Promise<WebhookResponse>;
219
+ /**
220
+ * Verify an inbound Svix webhook signature.
221
+ *
222
+ * @returns true if valid, false if invalid or expired
223
+ * @throws ConfigurationError if webhookSecret is not configured
224
+ */
225
+ verify(params: WebhookVerifyParams): boolean;
226
+ /**
227
+ * Verify an inbound Svix webhook signature, throwing on failure.
228
+ * Useful for middleware patterns where invalid signatures should halt processing.
229
+ *
230
+ * @throws WebhookSignatureError if signature is invalid or expired
231
+ * @throws ConfigurationError if webhookSecret is not configured
232
+ */
233
+ verifyOrThrow(params: WebhookVerifyParams): void;
234
+ /**
235
+ * Verify and parse an inbound webhook from AgentPress.
236
+ * Combines signature verification with JSON parsing and type casting.
237
+ * This is the recommended way to handle incoming webhooks.
238
+ *
239
+ * @throws WebhookSignatureError if signature is invalid or expired
240
+ * @throws ConfigurationError if webhookSecret is not configured
241
+ * @throws AgentPressError if payload is not valid JSON
242
+ */
243
+ constructEvent(params: WebhookVerifyParams): ActionCallbackPayload;
240
244
  }
241
-
245
+ //#endregion
246
+ //#region src/client.d.ts
242
247
  /**
243
248
  * Main entry point for the AgentPress SDK. Provides namespaced access to API
244
249
  * resources (e.g., `client.webhooks.send()`, `client.actions.approve()`).
@@ -255,30 +260,31 @@ declare class WebhooksClient {
255
260
  * ```
256
261
  */
257
262
  declare class AgentPress {
258
- /** Webhook operations: send outbound webhooks and verify inbound signatures. */
259
- readonly webhooks: WebhooksClient;
260
- /** Action management: approve or reject staged actions. */
261
- readonly actions: ActionsClient;
262
- /**
263
- * @param options - SDK configuration. All fields are optional with sensible defaults.
264
- * @throws {ConfigurationError} If `timeout` is non-positive or `webhookSecret` has an invalid prefix.
265
- */
266
- constructor(options?: AgentPressOptions);
263
+ /** Webhook operations: send outbound webhooks and verify inbound signatures. */
264
+ readonly webhooks: WebhooksClient;
265
+ /** Action management: approve or reject staged actions. */
266
+ readonly actions: ActionsClient;
267
+ /**
268
+ * @param options - SDK configuration. All fields are optional with sensible defaults.
269
+ * @throws {ConfigurationError} If `timeout` is non-positive or `webhookSecret` has an invalid prefix.
270
+ */
271
+ constructor(options?: AgentPressOptions);
267
272
  }
268
-
273
+ //#endregion
274
+ //#region src/errors.d.ts
269
275
  /**
270
276
  * Base error class for all SDK errors. Catch this to handle any error
271
277
  * thrown by the AgentPress SDK regardless of specific type.
272
278
  */
273
279
  declare class AgentPressError extends Error {
274
- constructor(message: string);
280
+ constructor(message: string);
275
281
  }
276
282
  /**
277
283
  * Thrown at construction time when `AgentPressOptions` contains invalid values
278
284
  * (e.g., non-positive timeout, malformed `webhookSecret`).
279
285
  */
280
286
  declare class ConfigurationError extends AgentPressError {
281
- constructor(message: string);
287
+ constructor(message: string);
282
288
  }
283
289
  /**
284
290
  * Thrown when the API returns a non-2xx HTTP response.
@@ -289,18 +295,19 @@ declare class ConfigurationError extends AgentPressError {
289
295
  * - `url` - The full request URL that failed
290
296
  */
291
297
  declare class HttpError extends AgentPressError {
292
- readonly statusCode: number;
293
- readonly responseBody: string;
294
- readonly url: string;
295
- constructor(statusCode: number, responseBody: string, url: string);
298
+ readonly statusCode: number;
299
+ readonly responseBody: string;
300
+ readonly url: string;
301
+ constructor(statusCode: number, responseBody: string, url: string);
296
302
  }
297
303
  /** Thrown when a request exceeds the configured `timeout` (default 30s). */
298
304
  declare class TimeoutError extends AgentPressError {
299
- constructor(url: string, timeout: number);
305
+ constructor(url: string, timeout: number);
300
306
  }
301
307
  /** Thrown by {@link WebhooksClient.verifyOrThrow} when an inbound webhook signature is invalid or expired. */
302
308
  declare class WebhookSignatureError extends AgentPressError {
303
- constructor(message: string);
309
+ constructor(message: string);
304
310
  }
305
-
311
+ //#endregion
306
312
  export { type ActionCallbackPayload, type ActionEventType, type ActionManageResponse, type ActionStatus, ActionsClient, AgentPress, AgentPressError, type AgentPressOptions, type AgentResponse, type ApproveActionParams, ConfigurationError, HttpError, type RejectActionParams, type StagedToolCall, TimeoutError, type ToolCallResult, type WebhookResponse, type WebhookSendParams, WebhookSignatureError, type WebhookVerifyParams };
313
+ //# sourceMappingURL=index.d.cts.map
package/dist/index.d.cts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.cts","names":[],"sources":["../src/types.ts","../src/http.ts","../src/actions/client.ts","../src/webhooks/client.ts","../src/client.ts","../src/errors.ts"],"mappings":";;UACiB,iBAAA;EAAiB;EAEhC,aAAA;EAY6C;EAV7C,MAAA;EAAA;EAEA,OAAA;EAEA;EAAA,OAAA;EAIA;EAFA,GAAA;EAEgC;EAAhC,SAAA,IAAa,GAAA,UAAa,IAAA,EAAM,WAAA;EAEhC;EAAA,UAAA,IAAc,GAAA,UAAa,QAAA,EAAU,QAAA;AAAA;;UAItB,iBAAA;EAJ8B;EAM7C,MAAA;EAFgC;EAIhC,OAAA,EAAS,MAAA;AAAA;;UAIM,mBAAA;EAJN;EAMT,OAAA,WAAkB,MAAA;EANH;EAQf,OAAA;IACE,SAAA;IACA,gBAAA;IACA,gBAAA;EAAA;AAAA;;UAKa,eAAA;EACf,OAAA;EANE;EAQF,QAAA;EARkB;EAUlB,aAAA;EACA,OAAA;EACA,IAAA,GAAO,MAAA;AAAA;;KAMG,eAAA;;UASK,cAAA;EACf,QAAA;EACA,UAAA;EACA,SAAA,EAAW,MAAA;AAAA;AAZb;AAAA,UAgBiB,mBAAA;;EAEf,MAAA;EAlByB;EAoBzB,cAAA;IACE,QAAA;IACA,SAAA,EAAW,MAAA;EAAA;AAAA;;UAKE,kBAAA;EAfJ;EAiBX,MAAA;EAjBiB;EAmBjB,MAAA;AAAA;;UAIe,oBAAA;EACf,OAAA;EACA,QAAA;EACA,MAAA,EAAQ,YAAA;AAAA;;KAME,YAAA;;UAUK,cAAA;EACf,QAAA;EACA,SAAA,EAAW,MAAA;EACX,MAAA;AAAA;AAtBF;AAAA,UA0BiB,aAAA;;EAEf,IAAA;EA3BA;EA6BA,SAAA,EAAW,cAAA;AAAA;;;;AArBb;UA4BiB,qBAAA;EACf,QAAA;EACA,MAAA,EAAQ,YAAA;EACR,UAAA;EArBe;EAuBf,SAAA,EAAW,eAAA;;EAEX,aAAA;EAxBA;EA0BA,cAAA,EAAgB,cAAA;EAzBL;EA2BX,WAAA;EA1BM;EA4BN,UAAA,EAAY,MAAA;EAxBG;EA0Bf,UAAA;;EAEA,MAAA;EA1BA;EA4BA,QAAA;EA1BW;EA4BX,aAAA,EAAe,aAAA;EA5BU;EA8BzB,YAAA;EAvBoC;EAyBpC,eAAA;EAvBQ;EAAA,CAyBP,GAAA;AAAA;;UAIc,eAAA;EACf,OAAA;EACA,OAAA;EACA,GAAA;EACA,aAAA;EACA,MAAA;EACA,SAAA,GAAY,iBAAA;EACZ,UAAA,GAAa,iBAAA;AAAA;;;AAjKf;;;;;AAAA,cCOa,UAAA;EAAA,iBACM,OAAA;EAAA,iBACA,OAAA;EAAA,iBACA,SAAA;EAAA,iBACA,UAAA;cAEL,OAAA,EAAS,eAAA;EDDW;;;;;;;;AAMlC;ECWQ,OAAA,GAAA,CAAW,IAAA,UAAc,IAAA,EAAM,WAAA,GAAc,OAAA,CAAQ,CAAA;AAAA;;;;;;;;;;;;;;;;;;;;;ADX7D;;cEYa,aAAA;EAAA,iBACM,OAAA;EAAA,iBACA,IAAA;cAEL,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,UAAA;EFZnC;;;AAIX;;;;EEoBQ,OAAA,CACJ,QAAA,UACA,MAAA,EAAQ,mBAAA,GACP,OAAA,CAAQ,oBAAA;EFrBO;;;;;;;EEkCZ,MAAA,CACJ,QAAA,UACA,MAAA,EAAQ,kBAAA,GACP,OAAA,CAAQ,oBAAA;EAAA,QAMG,MAAA;AAAA;;;cCxDH,cAAA;EAAA,iBACM,OAAA;EAAA,iBACA,IAAA;cAEL,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,UAAA;EHf5C;;;;;;;;EG4BM,IAAA,CAAK,MAAA,EAAQ,iBAAA,GAAoB,OAAA,CAAQ,eAAA;EHlBjC;;;;;AAIhB;EG4CE,MAAA,CAAO,MAAA,EAAQ,mBAAA;;;;;;;;EAqBf,aAAA,CAAc,MAAA,EAAQ,mBAAA;EHzDY;;;;;;;;;EGwElC,cAAA,CAAe,MAAA,EAAQ,mBAAA,GAAsB,qBAAA;AAAA;;;;;;;;;;;;;;;;;;cC9ElC,UAAA;EJNkC;EAAA,SIQ7B,QAAA,EAAU,cAAA;EJJM;EAAA,SIMhB,OAAA,EAAS,aAAA;EJFV;;;;cIQH,OAAA,GAAS,iBAAA;AAAA;;;;AJ9BvB;;;cKGa,eAAA,SAAwB,KAAA;cACvB,OAAA;AAAA;;;;;cAWD,kBAAA,SAA2B,eAAA;cAC1B,OAAA;AAAA;;;;;;;ALEd;;cKaa,SAAA,SAAkB,eAAA;EAAA,SACb,UAAA;EAAA,SACA,YAAA;EAAA,SACA,GAAA;cAEJ,UAAA,UAAoB,YAAA,UAAsB,GAAA;AAAA;;cAW3C,YAAA,SAAqB,eAAA;cACpB,GAAA,UAAa,OAAA;AAAA;;cAQd,qBAAA,SAA8B,eAAA;cAC7B,OAAA;AAAA"}