@agentpress/sdk 0.5.4 → 0.6.0

package/dist/index.d.mts

@@ -111,12 +111,48 @@ interface KeyRotationEvent {
   /** Present only on `type: "emergency"` rotations. */
   reason?: string;
 }
+/** Per-tool approval mode for action webhooks: run automatically, always
+ *  require human approval, or let the agent decide per call. Mirrors the core
+ *  `ToolApprovalMode`. */
+type ToolApprovalMode = "allow" | "ask" | "agent";
+/**
+ * Typed shape of the JSON body sent to `POST /webhooks/actions/:org/:identifier`.
+ * `WebhookSendParams.payload` is intentionally `Record<string, unknown>`; use
+ * this interface to type your payload object for editor help.
+ */
+interface ActionWebhookPayload {
+  /** Event type (e.g. "review.created"). */
+  eventType: string;
+  /** External system's unique id for idempotency. */
+  externalId?: string;
+  /** External user id (resolved via `authProvider`) or an internal user UUID. */
+  userId?: string;
+  /** Registered external auth provider name used to resolve `userId`. */
+  authProvider?: string;
+  /** Override the webhook's default action rule. */
+  actionRuleId?: string;
+  /** Extra per-request instructions appended to the rule's instructions. */
+  instructions?: string;
+  /**
+   * Per-request tool-approval overrides keyed by tool name. Honored only when
+   * the webhook has `allowApprovalOverride` enabled in AgentPress. A user's
+   * always_deny preference still wins over any override.
+   */
+  toolApprovals?: Record<string, ToolApprovalMode>;
+  /** Arbitrary event data forwarded to the agent as sourceData. */
+  data?: Record<string, unknown>;
+}
 /** Parameters for {@link WebhooksClient.send}. */
 interface WebhookSendParams {
-  /** Webhook action name (matches an action rule on the server). */
+  /** Action webhook identifier (used in `/webhooks/actions/:org/:identifier`). */
   action: string;
   /** Arbitrary payload data forwarded to the webhook handler. */
   payload: Record<string, unknown>;
+  /**
+   * Verification scheme for the outbound request. Defaults to Svix signing
+   * with the client's `webhookSecret`.
+   */
+  auth?: WebhookSendAuth;
 }
 /** Parameters for verifying an inbound webhook signature via {@link WebhooksClient.verify} or {@link WebhooksClient.verifyOrThrow}. */
 interface WebhookVerifyParams {
@@ -136,6 +172,7 @@ interface WebhookResponse {
   actionId?: string;
   /** `true` if an action with the same `externalId` already existed (idempotency). */
   alreadyExists?: boolean;
+  /** `true` when AgentPress accepted the event but intentionally skipped dispatch. */
   skipped?: boolean;
   /**
    * `true` when AgentPress accepted the event (HTTP 202) but could not create
@@ -145,15 +182,69 @@ interface WebhookResponse {
    * is returned in this case; use {@link eventId} to correlate.
    */
   buffered?: boolean;
-  /** UUID of the buffered `webhook_events` row (present when `buffered` is `true`). */
+  /** UUID of the persisted `webhook_events` row for buffered or skipped events. */
   eventId?: string;
-  /** Machine-readable reason the event was buffered (e.g. `"no_action_rule_configured"`). */
+  /** Machine-readable reason the event was buffered or skipped. */
   reason?: string;
   data?: Record<string, unknown>;
 }
+/** Authentication options for {@link WebhooksClient.send}. */
+type WebhookSendAuth = {
+  scheme: "svix"; /** Action webhook secret. Defaults to the client's `webhookSecret`. */
+  secret?: string; /** Optional stable message id for deterministic tests/retries. */
+  msgId?: string; /** Unix timestamp in seconds. Defaults to now. */
+  timestamp?: number;
+} | {
+  scheme: "hmac_sha256"; /** Action webhook secret. Defaults to the client's `webhookSecret`. */
+  secret?: string; /** Unix timestamp in seconds. Defaults to now. */
+  timestamp?: number;
+} | {
+  scheme: "shared_token"; /** Action webhook token. Defaults to the client's `webhookSecret`. */
+  token?: string;
+} | {
+  /** No verification headers. Only use for intentionally public webhooks. */scheme: "none";
+};
+/** Response from sending an event to the legacy Actions listener endpoint. */
+interface WebhookIngestResponse {
+  /** UUID of the persisted `webhook_events` row. */
+  eventId: string;
+  /** True when the event matched an existing source/dedupe key. */
+  duplicate: boolean;
+}
+/** Authentication options for {@link WebhooksClient.sendToActionsListener}. */
+type WebhookIngestAuth = {
+  scheme: "svix"; /** Listener secret shown once on create/rotation. */
+  secret: string; /** Optional stable message id for deterministic tests/retries. */
+  msgId?: string; /** Unix timestamp in seconds. Defaults to now. */
+  timestamp?: number;
+} | {
+  scheme: "hmac_sha256"; /** Listener secret shown once on create/rotation. */
+  secret: string; /** Unix timestamp in seconds. Defaults to now. */
+  timestamp?: number;
+} | {
+  scheme: "shared_token"; /** Listener token shown once on create/rotation. */
+  token: string;
+} | {
+  /** Secret-URL listener. The endpoint URL itself is the credential. */scheme: "none";
+};
+/** Parameters for sending directly to the legacy Actions listener endpoint. */
+interface WebhookIngestSendParams {
+  /** Listener identifier used in `/webhooks/ingest/:org/:identifier`. */
+  identifier: string;
+  /** Arbitrary JSON payload to buffer and route through the listener. */
+  payload: Record<string, unknown>;
+  /** Auth scheme matching the listener verification setting. */
+  auth: WebhookIngestAuth;
+}
+/** Preferred response name for Actions listener integrations. */
+type ActionsListenerResponse = WebhookIngestResponse;
+/** Preferred auth name for Actions listener integrations. */
+type ActionsListenerAuth = WebhookIngestAuth;
+/** Preferred parameter name for {@link WebhooksClient.sendToActionsListener}. */
+type ActionsListenerSendParams = WebhookIngestSendParams;
 /** Parameters for {@link signHmacWebhookRequest}. */
 interface SignHmacWebhookRequestParams {
-  /** The webhook listener's shared secret. */
+  /** The action webhook's shared secret. */
   secret: string;
   /**
    * The exact raw request body string that will be sent. The signature is
@@ -173,71 +264,75 @@ interface SignedHmacWebhookRequest {
   };
 }
 /**
- * Verification scheme for an inbound webhook listener
- * (`POST /webhooks/ingest/:org/:identifier`).
+ * Verification scheme for an action webhook
+ * (`POST /webhooks/actions/:org/:identifier`).
  *
  * - `"svix"` — Svix-style signing (`svix-id` / `svix-timestamp` / `svix-signature`).
  * - `"hmac_sha256"` — `x-webhook-timestamp` + `x-webhook-signature` headers;
  *   sign with {@link signHmacWebhookRequest}.
  * - `"shared_token"` — `Authorization: Bearer <token>` or `x-webhook-token`;
  *   build with {@link sharedTokenHeaders}.
- * - `"none"` — capability URL: the unguessable random suffix appended to the
- *   endpoint identifier at creation time is the credential.
+ * - `"none"` — no verification headers; intended only for deliberately public
+ *   or legacy endpoints.
  */
 type WebhookVerificationScheme = "svix" | "hmac_sha256" | "shared_token" | "none";
-/** Environment label for an inbound webhook listener. */
+/** Preferred verification-scheme name for Actions listener integrations. */
+type ActionsListenerVerificationScheme = WebhookVerificationScheme;
+/** Environment label for an action webhook. */
 type WebhookEnvironment = "dev" | "sandbox" | "prod";
-/** Per-listener routing configuration ({@link IWebhookListenerConfig.routingConfig}). */
-interface IWebhookListenerRoutingConfig {
-  /** Event types to skip (marked `skipped`, never dispatched to an agent). */
+/** Preferred environment name for Actions listener integrations. */
+type ActionsListenerEnvironment = WebhookEnvironment;
+/** Per-action-webhook routing configuration. */
+interface IActionWebhookRoutingConfig {
+  /** Legacy listener compatibility: event types to log but never dispatch. */
   ignoredEventTypes?: string[];
-  /**
-   * `"route"` dispatches buffered events to the target agent;
-   * `"buffer_only"` accepts + logs events but skips agent dispatch.
-   */
+  /** Legacy listener compatibility: buffer events without dispatching. */
   mode?: "route" | "buffer_only";
   /** Retention window in days for processed/skipped events. */
   retentionDays?: number;
-  /** Sender IPs allowed to hit the ingest endpoint. Empty/omitted = all. */
+  /** Sender IPs allowed to hit the webhook endpoint. Empty/omitted = all. */
   ipAllowlist?: string[];
-  /**
-   * Webhook-specific guidance appended to the agent prompt on every
-   * dispatched event (payload shapes, which tools to call, etc.).
-   */
-  instructions?: string;
-  /** Ingest quota for this listener. Defaults to 100, capped at 1000. */
+  /** Browser sender origins allowed to hit the webhook endpoint. Empty/omitted = all. */
+  allowedOrigins?: string[];
+  /** Request quota for this action webhook. Defaults to 100/minute, capped at 1000. */
   rateLimitPerMinute?: number;
+  /** Legacy listener compatibility. New instructions should live on the action rule. */
+  instructions?: string;
 }
-/**
- * An inbound webhook listener as configured in AgentPress. Listeners receive
- * external events on `POST /webhooks/ingest/:org/:identifier`, buffer them
- * durably, and route them into actions for the target agent.
- */
-interface IWebhookListenerConfig {
+/** Compatibility routing-config name for Actions listener integrations. */
+type IWebhookListenerRoutingConfig = IActionWebhookRoutingConfig;
+/** Preferred routing-config name for Actions listener integrations. */
+type IActionsListenerRoutingConfig = IActionWebhookRoutingConfig;
+/** Action webhook configuration as exposed to SDK consumers. */
+interface IActionWebhookConfig {
   /** Human-readable display name. */
   name: string;
-  /** Stable slug used in the ingest URL path. */
+  /** Stable slug used in the webhook URL path. */
   identifier: string;
   /** How inbound requests are authenticated. */
   verificationScheme: WebhookVerificationScheme;
-  /** Environment label for the listener. */
+  /** Environment label for the webhook. */
   environment: WebhookEnvironment;
-  /** Disabled listeners reject inbound events at the edge. */
+  /** Disabled webhooks reject inbound events at the edge. */
   enabled: boolean;
-  /** Agent on the listener's default action rule (quick-setup path). */
+  /** Agent on the default action rule. */
   targetAgentId: string | null;
   /** Fallback user actions run as when the payload does not resolve one. */
   runAsUserId: string | null;
   /** Routing, retention, and rate-limit configuration. */
-  routingConfig: IWebhookListenerRoutingConfig;
+  routingConfig: IActionWebhookRoutingConfig;
 }
+/** Compatibility config name for Actions listener integrations. */
+type IWebhookListenerConfig = IActionWebhookConfig;
+/** Preferred config name for Actions listener integrations. */
+type IActionsListenerConfig = IActionWebhookConfig;
 /**
- * An action rule's listen subscription. Rules that subscribe to a listening
+ * An action rule's webhook subscription. Rules that subscribe to an action
  * webhook receive its buffered events in addition to the webhook's default
- * rule, so one listening URL can fan out to several rules.
+ * rule, so one action webhook can fan out to several rules.
  */
-interface IActionRuleListenSubscription {
-  /** Webhook listener this rule subscribes to; `null` = no subscription. */
+interface IActionRuleWebhookSubscription {
+  /** Action webhook this rule subscribes to; `null` = no subscription. */
   listenWebhookId: string | null;
   /** Event types to receive; empty array = all event types. */
   listenEventTypes: string[];
@@ -263,6 +358,11 @@ interface StagedToolCall {
    * callbacks may contain a plain string.
    */
   summary?: string | StagedToolCallSummary;
+  /**
+   * For agent-decided approvals: the agent's one-line rationale for requiring
+   * approval. Untrusted, bounded audit metadata — not authorization evidence.
+   */
+  agentApprovalRationale?: string;
 }
 /** Parameters for {@link ActionsClient.approve}. */
 interface ApproveActionParams {
@@ -359,13 +459,14 @@ interface ActionCallbackPayload {
   [key: string]: unknown;
 }
 /** Mode of a user tool approval rule. */
-type ApprovalMode = "always_allow" | "always_deny";
+type ApprovalMode = "always_allow" | "always_deny" | "agent_decides";
 /**
- * Mode accepted by settings UIs that sync Allow/Ask choices. `always_allow`
- * persists an allow rule. `ask` means no stored allow rule for that listed
- * tool. `always_deny` is intentionally not accepted by sync.
+ * Mode accepted by settings UIs that sync Allow/Ask/Agent choices.
+ * `always_allow` persists an allow rule, `agent_decides` persists an
+ * agent-decide rule, and `ask` means no stored rule for that listed tool.
+ * `always_deny` is intentionally not accepted by sync.
  */
-type ApprovalRuleSyncMode = "always_allow" | "ask";
+type ApprovalRuleSyncMode = "always_allow" | "agent_decides" | "ask";
 /**
  * A persisted rule that auto-approves (or auto-denies) a specific
  * `(user, webhook, tool)` triple, bypassing the per-action approval prompt.
@@ -420,6 +521,8 @@ interface WebhookApprovalToolMetadata {
   destructiveHint: boolean | null;
   /** True/false when known; null when the tool catalog does not expose it. */
   sensitiveHint: boolean | null;
+  /** The rule's configured default approval mode for this tool, when exposed. */
+  mode?: "ask" | "agent";
 }
 /** Webhook metadata plus the ordered approval-tool catalog for partner UIs. */
 interface WebhookApprovalMetadata {
@@ -778,7 +881,8 @@ declare class WebhooksClient {
   constructor(options: ResolvedOptions, http: HttpClient);
   /**
    * Send an arbitrary webhook payload to AgentPress.
-   * Signs the payload with HMAC-SHA256 (Svix-compatible).
+   * Signs the payload with the verification scheme configured on the action
+   * webhook. Defaults to Svix-compatible signing.
    *
    * On the happy path the response is synchronous: `{ success: true,
    * actionId, data }`, or `{ success, actionId, alreadyExists: true, data }`
@@ -791,11 +895,25 @@ declare class WebhooksClient {
    * auto-processes once an operator fixes the configuration, so check
    * {@link WebhookResponse.buffered} before relying on `actionId`.
    *
-   * @throws ConfigurationError if webhookSecret is not configured
+   * @throws ConfigurationError if the selected verification scheme needs a
+   * secret/token and none is configured
    * @throws HttpError on non-2xx response
    * @throws TimeoutError if request exceeds timeout
    */
   send(params: WebhookSendParams): Promise<WebhookResponse>;
+  /**
+   * Send a payload to the legacy Actions listener ingestion endpoint
+   * (`POST /webhooks/ingest/:org/:identifier`).
+   *
+   * New integrations should prefer {@link send}; this method is kept for
+   * existing listener integrations and SDK patch compatibility.
+   */
+  sendToActionsListener(params: ActionsListenerSendParams): Promise<ActionsListenerResponse>;
+  /**
+   * @deprecated Use {@link sendToActionsListener}. Kept as a compatibility
+   * alias for integrations created before the Actions listener naming update.
+   */
+  sendToListener(params: WebhookIngestSendParams): Promise<WebhookIngestResponse>;
   /**
    * Verify an inbound Svix webhook signature.
    *
@@ -924,11 +1042,11 @@ declare class KeyRotationVerifyError extends AgentPressError {
   constructor(reason: KeyRotationVerifyErrorReason, message: string);
 }
 //#endregion
-//#region src/webhooks/ingestSigning.d.ts
+//#region src/webhooks/actionWebhookSigning.d.ts
 /**
- * Sign an outbound request for an AgentPress inbound webhook listener that
- * uses the `hmac_sha256` verification scheme
- * (`POST /webhooks/ingest/:org/:identifier`).
+ * Sign an outbound request for an AgentPress action webhook that uses the
+ * `hmac_sha256` verification scheme
+ * (`POST /webhooks/actions/:org/:identifier`).
  *
  * Produces the two headers AgentPress verifies:
  *
@@ -943,7 +1061,7 @@ declare class KeyRotationVerifyError extends AgentPressError {
  * ```ts
  * const rawBody = JSON.stringify({ eventType: "review.created", data: {...} });
  * const { headers } = signHmacWebhookRequest({ secret, rawBody });
- * await fetch(ingestUrl, {
+ * await fetch(actionWebhookUrl, {
  *   method: "POST",
  *   body: rawBody,
  *   headers: { "content-type": "application/json", ...headers },
@@ -952,8 +1070,8 @@ declare class KeyRotationVerifyError extends AgentPressError {
  */
 declare function signHmacWebhookRequest(params: SignHmacWebhookRequestParams): SignedHmacWebhookRequest;
 /**
- * Build the auth header for an AgentPress inbound webhook listener that uses
- * the `shared_token` verification scheme. AgentPress also accepts
+ * Build the auth header for an AgentPress action webhook that uses the
+ * `shared_token` verification scheme. AgentPress also accepts
  * `Authorization: Bearer <token>`; this helper uses the dedicated
  * `x-webhook-token` header so it never collides with other auth middleware.
  */
@@ -961,5 +1079,5 @@ declare function sharedTokenHeaders(token: string): {
   "x-webhook-token": string;
 };
 //#endregion
-export { ACTION_EVENT_TYPES, type ActionCallbackPayload, type ActionEventType, type ActionManageResponse, type ActionStatus, ActionsClient, AgentPress, AgentPressError, type AgentPressOptions, type AgentResponse, type ApprovalMode, type ApprovalRuleSyncMode, type ApproveActionParams, ConfigurationError, type CreateUserApprovalParams, type DeleteUserApprovalParams, type GetUserApprovalWebhookMetadataParams, HttpError, type IActionRuleListenSubscription, type IWebhookListenerConfig, type IWebhookListenerRoutingConfig, type KeyRotationEvent, KeyRotationVerifyError, type KeyRotationVerifyErrorReason, type KeyRotationVerifyParams, type ListUserApprovalsParams, type ListUserApprovalsResponse, type PartnerMcpOptions, type PartnerTokenClaims, PartnerTokenError, type PartnerTokenErrorReason, PartnersClient, type RejectActionParams, type SignHmacWebhookRequestParams, type SignedHmacWebhookRequest, type StagedToolCall, type StagedToolCallSummary, type SyncUserApprovalRule, type SyncUserApprovalsParams, type SyncUserApprovalsResponse, TimeoutError, type ToolCallResult, type UpdateUserApprovalParams, UserApprovalsClient, type UserToolApproval, type WebhookApprovalMetadata, type WebhookApprovalToolMetadata, type WebhookEnvironment, type WebhookResponse, type WebhookSendParams, WebhookSignatureError, type WebhookVerificationScheme, type WebhookVerifyParams, WebhooksClient, sharedTokenHeaders, signHmacWebhookRequest };
+export { ACTION_EVENT_TYPES, type ActionCallbackPayload, type ActionEventType, type ActionManageResponse, type ActionStatus, type ActionWebhookPayload, ActionsClient, type ActionsListenerAuth, type ActionsListenerEnvironment, type ActionsListenerResponse, type ActionsListenerSendParams, type ActionsListenerVerificationScheme, AgentPress, AgentPressError, type AgentPressOptions, type AgentResponse, type ApprovalMode, type ApprovalRuleSyncMode, type ApproveActionParams, ConfigurationError, type CreateUserApprovalParams, type DeleteUserApprovalParams, type GetUserApprovalWebhookMetadataParams, HttpError, type IActionRuleWebhookSubscription, type IActionWebhookConfig, type IActionWebhookRoutingConfig, type IActionsListenerConfig, type IActionsListenerRoutingConfig, type IWebhookListenerConfig, type IWebhookListenerRoutingConfig, type KeyRotationEvent, KeyRotationVerifyError, type KeyRotationVerifyErrorReason, type KeyRotationVerifyParams, type ListUserApprovalsParams, type ListUserApprovalsResponse, type PartnerMcpOptions, type PartnerTokenClaims, PartnerTokenError, type PartnerTokenErrorReason, PartnersClient, type RejectActionParams, type SignHmacWebhookRequestParams, type SignedHmacWebhookRequest, type StagedToolCall, type StagedToolCallSummary, type SyncUserApprovalRule, type SyncUserApprovalsParams, type SyncUserApprovalsResponse, TimeoutError, type ToolApprovalMode, type ToolCallResult, type UpdateUserApprovalParams, UserApprovalsClient, type UserToolApproval, type WebhookApprovalMetadata, type WebhookApprovalToolMetadata, type WebhookEnvironment, type WebhookIngestAuth, type WebhookIngestResponse, type WebhookIngestSendParams, type WebhookResponse, type WebhookSendAuth, type WebhookSendParams, WebhookSignatureError, type WebhookVerificationScheme, type WebhookVerifyParams, WebhooksClient, sharedTokenHeaders, signHmacWebhookRequest };
 //# sourceMappingURL=index.d.mts.map

package/dist/index.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.mts","names":[],"sources":["../src/types.ts","../src/http.ts","../src/actions/client.ts","../src/partners/client.ts","../src/userApprovals/client.ts","../src/webhooks/client.ts","../src/client.ts","../src/errors.ts","../src/webhooks/ingestSigning.ts"],"mappings":";;UACiB,iBAAA;EAAiB;EAEhC,aAAA;EAkBa;EAhBb,MAAA;EAoBqC;EAlBrC,OAAA;EAkB6C;EAhB7C,OAAA;EAJA;EAMA,GAAA;EAFA;;;;;;;;;EAYA,UAAA,GAAa,iBAAA;EAIwB;EAFrC,SAAA,IAAa,GAAA,UAAa,IAAA,EAAM,WAAA;EAEa;EAA7C,UAAA,IAAc,GAAA,UAAa,QAAA,EAAU,QAAA;AAAA;;UAItB,iBAAA;EAAiB;;;;;;;EAQhC,OAAA;EAqBiB;AAInB;;;;EAnBE,MAAA;EAuBA;EArBA,QAAA;EAyBA;EAvBA,mBAAA;EA2BA;;;;;EArBA,cAAA;EAiCC;;AAAW;AAId;EAhCE,iBAAA;AAAA;;UAIe,kBAAA;EA8BG;EA5BlB,GAAA;EAkCS;EAhCT,KAAA;EAgCe;EA9Bf,YAAA;EAkC+B;EAhC/B,GAAA;EAgC+B;EA9B/B,GAAA;EAgCA;EA9BA,GAAA;EAgCA;EA9BA,GAAA;EAkCA;EAhCA,GAAA;EAoCA;EAlCA,MAAA;EAkCM;EAhCN,SAAA;EAoCgC;EAlChC,WAAA;EAsCe;EAAA,CApCd,GAAA;AAAA;;UAIc,uBAAA;EAgCA;EA9Bf,OAAA,WAAkB,MAAA;EAkCgB;;;;;EA5BlC,OAAA,EAAS,MAAM;AAAA;;UAIA,gBAAA;EACf,KAAA;EACA,IAAA;EACA,UAAA;EACA,aAAA;;EAEA,SAAA;EA+BA;EA7BA,WAAA;EAiCA;EA/BA,OAAA;EAwCA;EAtCA,MAAA;AAAA;;UAIe,iBAAA;EAuCF;EArCb,MAAA;EA2Ce;EAzCf,OAAA,EAAS,MAAM;AAAA;;UAIA,mBAAA;EA6Cf;EA3CA,OAAA,WAAkB,MAAM;EA6Cf;EA3CT,OAAA;IACE,SAAA;IACA,gBAAA;IACA,gBAAA;EAAA;AAAA;;UAKa,eAAA;EACf,OAAA;EA4CuB;EA1CvB,QAAA;EA4DmC;EA1DnC,aAAA;EACA,OAAA;EAyDmC;AAOrC;;;;AAA8B;AAG9B;EA3DE,QAAA;;EAEA,OAAA;EA2DA;EAzDA,MAAA;EACA,IAAA,GAAO,MAAM;AAAA;;UAME,4BAAA;EAkEG;EAhElB,MAAA;EAwEe;;;;;EAlEf,OAAA;EAkF4C;EAhF5C,SAAA;AAAA;;UAIe,wBAAA;EAkEK;EAhEpB,OAAA;IAkEa,+DAhEX,qBAAA,UAoEF;IAlEE,qBAAA;EAAA;AAAA;;AAsE0C;AAQ9C;;;;AAIkB;AAMlB;;;;AAA2B;KAtEf,yBAAA;;KAOA,kBAAA;;UAGK,6BAAA;EA+EA;EA7Ef,iBAAA;;;AAiFM;AAIR;EAhFE,IAAA;;EAEA,aAAA;EA+EA;EA7EA,WAAA;EA+EA;;;;EA1EA,YAAA;EA+EwC;EA7ExC,kBAAA;AAAA;;;;;;UAQe,sBAAA;EA+EF;EA7Eb,IAAA;EAuFQ;EArFR,UAAA;EAyFe;EAvFf,kBAAA,EAAoB,yBAAA;;EAEpB,WAAA,EAAa,kBAAA;EAyFP;EAvFN,OAAA;EA2FmC;EAzFnC,aAAA;EA4FoB;EA1FpB,WAAA;EAyFA;EAvFA,aAAA,EAAe,6BAAA;AAAA;;AAwFK;AAMtB;;;UAtFiB,6BAAA;EAsFO;EApFtB,eAAA;EA+F6B;EA7F7B,gBAAgB;AAAA;;KAMN,eAAA;;cASC,kBAAA,WAA6B,eAAe;;UAUxC,qBAAA;EA2EA;EAzEf,KAAA;;EAEA,MAAM;AAAA;;UAIS,cAAA;EACf,QAAA;EACA,UAAA;EACA,SAAA,EAAW,MAAA;EA2EyB;;;;EAtEpC,OAAA,YAAmB,qBAAqB;AAAA;;UAIzB,mBAAA;EA2Fa;EAzF5B,MAAA;EAkEA;EAhEA,cAAA;IACE,QAAA;IACA,SAAA,EAAW,MAAM;EAAA;EAmEnB;;;;;;;;EAzDA,QAAA;AAAA;;UAIe,kBAAA;EAuEA;EArEf,MAAA;EA4EA;EA1EA,MAAM;AAAA;;UAIS,oBAAA;EACf,OAAA;EACA,QAAA;EACA,MAAA,EAAQ,YAAY;AAAA;AAkFtB;AAAA,KA5EY,YAAA;;UAWK,cAAA;EACf,QAAA;EACA,SAAA,EAAW,MAAM;EACjB,MAAA;AAAA;;UAIe,aAAA;EAwEA;EAtEf,IAAA;;EAEA,SAAA,EAAW,cAAc;AAAA;;;;;UAOV,qBAAA;EACf,QAAA;EACA,MAAA,EAAQ,YAAA;EACR,UAAA;EAsEA;EApEA,SAAA,EAAW,eAAA;EAoEF;EAlET,aAAA;EAsEsC;EApEtC,cAAA,EAAgB,cAAA;EAoEsB;EAlEtC,UAAA;EA2EA;EAzEA,WAAA;EAgFY;EA9EZ,aAAA;EAkFe;EAhFf,UAAA,EAAY,MAAA;;EAEZ,UAAA;EA+E2B;EA7E3B,MAAA;EAiF0C;EA/E1C,QAAA;EA+E0C;EA7E1C,aAAA,EAAe,aAAA;EAiFf;EA/EA,YAAA;EAmFA;;;AAEa;EAhFb,YAAA;IACE,IAAA;IACA,QAAA;IACA,WAAA;IACA,WAAA;EAAA;EAsFF;EAnFA,eAAA;EAuFA;EAAA,CArFC,GAAA;AAAA;;KAMS,YAAA;;;AAuFD;AAIX;;KApFY,oBAAA;;;;;;UAOK,gBAAA;EACf,EAAA;EACA,KAAA;EACA,MAAA;EACA,eAAA;EACA,QAAA;EACA,IAAA,EAAM,YAAY;EAuGH;EArGf,SAAA;;EAEA,SAAA;EAqGA;EAnGA,SAAA;AAAA;;UAIe,uBAAA;EAiGC;EA/FhB,iBAAA;EAmGe;;;;AAEE;AAInB;EAlGE,MAAA;;;AAoGiB;AAGnB;;;EAhGE,YAAA;AAAA;;UAIe,yBAAA;EACf,SAAA,EAAW,gBAAgB;AAAA;AAmG7B;AAAA,UA/FiB,2BAAA;;EAEf,QAAA;EA+FA;EA7FA,KAAA;EAwGA;EAtGA,WAAA;EA2GO;EAzGP,eAAA;EAyG2B;EAvG3B,aAAA;AAAA;;UAIe,uBAAA;EAwGf;EAtGA,EAAA;EAuGA;EArGA,eAAA;EAyGE;EAvGF,iBAAA;EA2GE;EAzGF,WAAA;EA8GA;EA5GA,IAAA;EA4GkB;EA1GlB,KAAA;EA8G8B;EA5G9B,mBAAA;EAkHa;EAhHb,cAAA,EAAgB,2BAA2B;EAkH9B;EAhHb,SAAA;AAAA;;UAIe,wBAAA;EAuGf;EArGA,iBAAA;EAuGA;;;;;EAjGA,MAAA;EAoGa;;AAAiB;AAIhC;;;;EAhGE,YAAA;EAkGA;;;;;EA5FA,eAAA;EAgGiB;EA9FjB,QAAA;;EAEA,IAAA,GAAO,YAAA;ECphBI;EDshBX,SAAA,GAAY,IAAI;AAAA;;UAID,wBAAA;ECpgB4C;EDsgB3D,iBAAA;EACA,IAAA,GAAO,YAAA;EACP,SAAA,GAAY,IAAI;AAAA;;UAID,wBAAA;EC9hBE;EDgiBjB,iBAAiB;AAAA;;UAIF,oCAAA;EClhBD;EDohBd,iBAAiB;AAAA;AAAA,UAGF,oBAAA;ECvhBoC;EDyhBnD,QAAA;ECzhB4D;ED2hB5D,IAAA,EAAM,oBAAoB;AAAA;;UAIX,uBAAA;EE9hBJ;EFgiBX,iBAAA;;;;;EAKA,MAAA;EElhBG;;;;;EFwhBH,YAAA;EE1iBiB;;;;EF+iBjB,KAAA,EAAO,oBAAoB;AAAA;AAAA,UAGZ,yBAAA;EEniBT;EFqiBN,SAAA,EAAW,gBAAgB;EAC3B,OAAA;IEpiBE,4EFsiBA,SAAA,UEriBS;IFuiBT,QAAA,UEphBA;IFshBA,OAAA,UErhBA;IFuhBA,SAAA,UEthBS;IFwhBT,aAAA;EAAA;EElhBkB;EFqhBpB,kBAAA;AAAA;;UAIe,eAAA;EACf,OAAA;EACA,OAAA;EACA,GAAA;EACA,aAAA;EACA,MAAA;EACA,UAAA,GAAa,yBAAA;EACb,SAAA,GAAY,iBAAA;EACZ,UAAA,GAAa,iBAAA;AAAA;;UAIE,yBAAA;EACf,OAAA;EACA,MAAA;EACA,QAAA;EACA,mBAAA;EACA,cAAA;EACA,iBAAA;AAAA;;;AAvnBF;;;;;AAAA,cCOa,UAAA;EAAA,iBACM,OAAA;EAAA,iBACA,OAAA;EAAA,iBACA,SAAA;EAAA,iBACA,UAAA;cAEL,OAAA,EAAS,eAAA;EDLrB;;;;;;;;;ECqBM,OAAA,IAAW,IAAA,UAAc,IAAA,EAAM,WAAA,GAAc,OAAA,CAAQ,CAAA;AAAA;;;;;;;;;;;;;;;;;;;;;;;cCChD,aAAA;EAAA,iBACM,OAAA;EAAA,iBACA,IAAA;cAEL,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,UAAA;EFN7B;;;;;;;EEkBT,OAAA,CACJ,QAAA,UACA,MAAA,EAAQ,mBAAA,GACP,OAAA,CAAQ,oBAAA;EFGX;;;AAKiB;AAInB;;;EEMQ,MAAA,CACJ,QAAA,UACA,MAAA,EAAQ,kBAAA,GACP,OAAA,CAAQ,oBAAA;EAAA,QAMG,MAAA;AAAA;;;AF5EhB;;;;;;;AAAA,cGwBa,cAAA;EAAA,iBACM,OAAA;EAAA,iBACA,UAAA;EAAA,QACT,IAAA;EAAA,QACA,SAAA;cAEI,OAAA,EAAS,eAAA;EHVrB;;;;;;;;;;;AAI6C;EGuBvC,WAAA,CAAY,KAAA,WAAgB,OAAA,CAAQ,kBAAA;EHnBV;;;;;;EG+G1B,WAAA,IAAe,OAAA;EAAA,QASb,aAAA;EAAA,QASA,OAAA;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;AHrIqC;AAI/C;;;;;;;;;;cIuBa,mBAAA;EAAA,iBACM,OAAA;EAAA,iBACA,IAAA;cAEL,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,UAAA;;;;;;;;;;;;;EAiBtC,IAAA,CACJ,MAAA,EAAQ,uBAAA,GACP,OAAA,CAAQ,yBAAA;EJWV;;AAAW;AAId;;;;;;;;EIQQ,kBAAA,CACJ,MAAA,EAAQ,oCAAA,GACP,OAAA,CAAQ,uBAAA;EJFI;AAIjB;;;;;;;;;;;;EImBQ,MAAA,CAAO,MAAA,EAAQ,wBAAA,GAA2B,OAAA,CAAQ,gBAAA;EJPlD;AAIR;;;;;;;;AAIiB;AAIjB;;EI4BQ,IAAA,CACJ,MAAA,EAAQ,uBAAA,GACP,OAAA,CAAQ,yBAAA;EJ5Ba;;;;;;;EIiDlB,MAAA,CACJ,EAAA,UACA,MAAA,EAAQ,wBAAA,GACP,OAAA,CAAQ,gBAAA;EJ/CO;AAKpB;;;;;;;EIgEQ,MAAA,CACJ,EAAA,UACA,MAAA,EAAQ,wBAAA,GACP,OAAA;IAAU,OAAA;EAAA;EJjDb;EAAA,QI0Dc,IAAA;AAAA;;;cCnMH,cAAA;EAAA,iBACM,OAAA;EAAA,iBACA,IAAA;cAEL,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,UAAA;ELEP;;;;;;;;;;;;;;;;;;;EKsB/B,IAAA,CAAK,MAAA,EAAQ,iBAAA,GAAoB,OAAA,CAAQ,eAAA;ELlBhC;;;;;;EKgDf,MAAA,CAAO,MAAA,EAAQ,mBAAA;EL9Bf;;;;AAWiB;AAInB;;EKoCE,aAAA,CAAc,MAAA,EAAQ,mBAAA;ELpCW;;;;;;;;;EKmDjC,cAAA,CAAe,MAAA,EAAQ,mBAAA,GAAsB,qBAAA;EL/B7C;;;;AAIY;AAId;;;;EK6CE,iBAAA,CAAkB,MAAA,EAAQ,uBAAA,GAA0B,gBAAA;AAAA;;;;;;;;;;;;;;;;;;cC5GzC,UAAA;ENFG;EAAA,SMIE,QAAA,EAAU,cAAA;ENJC;EAAA,SMMX,OAAA,EAAS,aAAA;ENNoB;EAAA,SMQ7B,aAAA,EAAe,mBAAA;ENJC;EAAA,SMMhB,QAAA,EAAU,cAAA;ENNM;;;;cMYpB,OAAA,GAAS,iBAAA;AAAA;;;;ANxCvB;;;cOGa,eAAA,SAAwB,KAAK;cAC5B,OAAA;AAAA;;;;;cAWD,kBAAA,SAA2B,eAAe;cACzC,OAAA;AAAA;;;;;;;;;cAeD,SAAA,SAAkB,eAAe;EAAA,SAC5B,UAAA;EAAA,SACA,YAAA;EAAA,SACA,GAAA;cAEJ,UAAA,UAAoB,YAAA,UAAsB,GAAA;AAAA;;cAW3C,YAAA,SAAqB,eAAe;cACnC,GAAA,UAAa,OAAA;AAAA;;cAQd,qBAAA,SAA8B,eAAe;cAC5C,OAAA;AAAA;;KAQF,uBAAA;APJZ;;;;;AAAA,cOqBa,iBAAA,SAA0B,eAAA;EAAA,SACrB,MAAA,EAAQ,uBAAA;cAEZ,MAAA,EAAQ,uBAAA,EAAyB,OAAA;AAAA;;KASnC,4BAAA;;;;;cAYC,sBAAA,SAA+B,eAAA;EAAA,SAC1B,MAAA,EAAQ,4BAAA;cAEZ,MAAA,EAAQ,4BAAA,EAA8B,OAAA;AAAA;;;AP7GpD;;;;;;;;;;;;;;;;;;;;;;;;AAwB+C;AAxB/C,iBQ+BgB,sBAAA,CACd,MAAA,EAAQ,4BAAA,GACP,wBAAwB;;;;;;;iBAqBX,kBAAA,CAAmB,KAAA;EACjC,iBAAiB;AAAA"}
+{"version":3,"file":"index.d.mts","names":[],"sources":["../src/types.ts","../src/http.ts","../src/actions/client.ts","../src/partners/client.ts","../src/userApprovals/client.ts","../src/webhooks/client.ts","../src/client.ts","../src/errors.ts","../src/webhooks/actionWebhookSigning.ts"],"mappings":";;UACiB,iBAAA;EAAiB;EAEhC,aAAA;EAkBa;EAhBb,MAAA;EAoBqC;EAlBrC,OAAA;EAkB6C;EAhB7C,OAAA;EAJA;EAMA,GAAA;EAFA;;;;;;;;;EAYA,UAAA,GAAa,iBAAA;EAIwB;EAFrC,SAAA,IAAa,GAAA,UAAa,IAAA,EAAM,WAAA;EAEa;EAA7C,UAAA,IAAc,GAAA,UAAa,QAAA,EAAU,QAAA;AAAA;;UAItB,iBAAA;EAAiB;;;;;;;EAQhC,OAAA;EAqBiB;AAInB;;;;EAnBE,MAAA;EAuBA;EArBA,QAAA;EAyBA;EAvBA,mBAAA;EA2BA;;;;;EArBA,cAAA;EAiCC;;AAAW;AAId;EAhCE,iBAAA;AAAA;;UAIe,kBAAA;EA8BG;EA5BlB,GAAA;EAkCS;EAhCT,KAAA;EAgCe;EA9Bf,YAAA;EAkC+B;EAhC/B,GAAA;EAgC+B;EA9B/B,GAAA;EAgCA;EA9BA,GAAA;EAgCA;EA9BA,GAAA;EAkCA;EAhCA,GAAA;EAoCA;EAlCA,MAAA;EAkCM;EAhCN,SAAA;EAsC0B;EApC1B,WAAA;EAoC0B;EAAA,CAlCzB,GAAA;AAAA;;UAIc,uBAAA;EAuDgB;EArD/B,OAAA,WAAkB,MAAA;EAuDX;;;;;EAjDP,OAAA,EAAS,MAAM;AAAA;;UAIA,gBAAA;EACf,KAAA;EACA,IAAA;EACA,UAAA;EACA,aAAA;EAyCO;EAvCP,SAAA;EAuCa;EArCb,WAAA;EAyCgC;EAvChC,OAAA;EAgDsB;EA9CtB,MAAA;AAAA;;;;KAMU,gBAAA;AAwCY;AAIxB;;;;AAJwB,UAjCP,oBAAA;EAuCG;EArClB,SAAA;EAwCE;EAtCF,UAAA;EAwCE;EAtCF,MAAA;EAsCkB;EApClB,YAAA;EAyC8B;EAvC9B,YAAA;EA2Da;EAzDb,YAAA;EAwCA;;;;;EAlCA,aAAA,GAAgB,MAAA,SAAe,gBAAA;EAmD/B;EAjDA,IAAA,GAAO,MAAA;AAAA;AAiDM;AAAA,UA7CE,iBAAA;EAiDU;EA/CzB,MAAA;EA+CyB;EA7CzB,OAAA,EAAS,MAAA;EAiDL;;;;EA5CJ,IAAA,GAAO,eAAe;AAAA;;UAIP,mBAAA;EA4DX;EA1DJ,OAAA,WAAkB,MAAM;EA0Dd;EAxDV,OAAA;IACE,SAAA;IACA,gBAAA;IACA,gBAAA;EAAA;AAAA;;UAKa,eAAA;EACf,OAAA;EA6DI;EA3DJ,QAAA;EA+DI;EA7DJ,aAAA;EAkEI;EAhEJ,OAAA;EAoEI;;;;;AASM;AAIZ;EAzEE,QAAA;;EAEA,OAAA;EAyEA;EAvEA,MAAA;EACA,IAAA,GAAO,MAAM;AAAA;;KAIH,eAAA;EAEN,MAAA,UAwEM;EAtEN,MAAA;EAEA,KAAA,WAoEqD;EAlErD,SAAA;AAAA;EAGA,MAAA,iBAkE6C;EAhE7C,MAAA,WAmEM;EAjEN,SAAA;AAAA;EAGA,MAAA,kBA8DyD;EA5DzD,KAAA;AAAA;6EAIA,MAAA;AAAA;;UAIW,qBAAA;EAmEN;EAjET,OAAA;EAqEe;EAnEf,SAAS;AAAA;;KAIC,iBAAA;EAEN,MAAA,UAmEF;EAjEE,MAAA,UAiEmB;EA/DnB,KAAA,WAiF+B;EA/E/B,SAAA;AAAA;EAGA,MAAA,iBAmFM;EAjFN,MAAA;EAEA,SAAA;AAAA;EAGA,MAAA,kBA+EwB;EA7ExB,KAAA;AAAA;EA6EwB,sEAzExB,MAAA;AAAA;;UAIW,uBAAA;EAwE0C;EAtEzD,UAAA;EAyE0C;EAvE1C,OAAA,EAAS,MAAA;EAuEiC;EArE1C,IAAA,EAAM,iBAAiB;AAAA;;KAIb,uBAAA,GAA0B,qBAAqB;;KAG/C,mBAAA,GAAsB,iBAAiB;;KAGvC,yBAAA,GAA4B,uBAAuB;AAyEjD;AAAA,UApEG,4BAAA;EAwEwB;EAtEvC,MAAA;EAsEqE;AAAA;AAGvE;;;EAnEE,OAAA;EAmEqE;EAjErE,SAAA;AAAA;;UAIe,wBAAA;EAwEF;EAtEb,OAAA;IA8E0C,+DA5ExC,qBAAA,UA8DF;IA5DE,qBAAA;EAAA;AAAA;;;;;;;;;AA0EwC;AAI5C;;;KA5DY,yBAAA;AA4D6C;AAAA,KArD7C,iCAAA,GAAoC,yBAAyB;;KAG7D,kBAAA;;KAGA,0BAAA,GAA6B,kBAAkB;AAyD3D;AAAA,UAtDiB,2BAAA;;EAEf,iBAAA;EAwDgB;EAtDhB,IAAA;EA4DyB;EA1DzB,aAAA;EA0DyB;EAxDzB,WAAA;EAiEW;EA/DX,cAAA;;EAEA,kBAAA;EA6DuD;EA3DvD,YAAA;AAAA;;KAIU,6BAAA,GAAgC,2BAA2B;AAqE/D;AAAA,KAlEI,6BAAA,GAAgC,2BAA2B;;UAGtD,oBAAA;EA2EyB;EAzExC,IAAA;EAmEA;EAjEA,UAAA;EAkEW;EAhEX,kBAAA,EAAoB,yBAAA;EAqED;EAnEnB,WAAA,EAAa,kBAAA;EAwES;EAtEtB,OAAA;EA0Ee;EAxEf,aAAA;;EAEA,WAAA;EAwEA;EAtEA,aAAA,EAAe,2BAAA;AAAA;;KAIL,sBAAA,GAAyB,oBAAoB;;KAG7C,sBAAA,GAAyB,oBAAoB;AA6E/C;AAIV;;;;AAJU,UAtEO,8BAAA;EAkFA;EAhFf,eAAA;;EAEA,gBAAgB;AAAA;;KAMN,eAAA;;cASC,kBAAA,WAA6B,eAAe;AAkEnC;AAAA,UAxDL,qBAAA;EA8DO;EA5DtB,KAAA;EA4DsB;EA1DtB,MAAM;AAAA;;UAIS,cAAA;EACf,QAAA;EACA,UAAA;EACA,SAAA,EAAW,MAAA;EAgEA;;;AACL;EA5DN,OAAA,YAAmB,qBAAqB;EAgEZ;;;;EA3D5B,sBAAA;AAAA;;UAIe,mBAAA;EAkEA;EAhEf,MAAA;;EAEA,cAAA;IACE,QAAA;IACA,SAAA,EAAW,MAAM;EAAA;EAqFJ;;;;;;;;EA3Ef,QAAA;AAAA;;UAIe,kBAAA;EAyDf;EAvDA,MAAA;EA2DA;EAzDA,MAAM;AAAA;;UAIS,oBAAA;EACf,OAAA;EACA,QAAA;EACA,MAAA,EAAQ,YAAY;AAAA;;KAMV,YAAA;;UAWK,cAAA;EACf,QAAA;EACA,SAAA,EAAW,MAAM;EACjB,MAAA;AAAA;AAwDY;AAAA,UApDG,aAAA;EA0DO;EAxDtB,IAAA;EAwDsB;EAtDtB,SAAA,EAAW,cAAc;AAAA;;;;AA8DK;UAvDf,qBAAA;EACf,QAAA;EACA,MAAA,EAAQ,YAAA;EACR,UAAA;EA4DA;EA1DA,SAAA,EAAW,eAAA;EA4DX;EA1DA,aAAA;EA4DA;EA1DA,cAAA,EAAgB,cAAA;EA2DV;EAzDN,UAAA;EA6DA;EA3DA,WAAA;EA6DS;EA3DT,aAAA;EA+De;EA7Df,UAAA,EAAY,MAAA;;EAEZ,UAAA;EA6DA;EA3DA,MAAA;EAyEA;EAvEA,QAAA;EAuEY;EArEZ,aAAA,EAAe,aAAA;EAyEyB;EAvExC,YAAA;EAwEA;AAA2B;AAI7B;;EAvEE,YAAA;IACE,IAAA;IACA,QAAA;IACA,WAAA;IACA,WAAA;EAAA;EA6EF;EA1EA,eAAA;EA4EI;EAAA,CA1EH,GAAA;AAAA;;KAMS,YAAA;;;;;;;KAQA,oBAAA;;;;;;UAOK,gBAAA;EACf,EAAA;EACA,KAAA;EACA,MAAA;EACA,eAAA;EACA,QAAA;EACA,IAAA,EAAM,YAAY;EAyFlB;EAvFA,SAAA;EA+FA;EA7FA,SAAA;EA+FO;EA7FP,SAAA;AAAA;;UAIe,uBAAA;EA+FA;EA7Ff,iBAAA;;;;;;;EAOA,MAAA;EA0FgB;AAAA;AAIlB;;;;EAvFE,YAAA;AAAA;;UAIe,yBAAA;EACf,SAAA,EAAW,gBAAgB;AAAA;AA6F7B;AAAA,UAzFiB,2BAAA;;EAEf,QAAA;EAyFA;EAvFA,KAAA;EAyFM;EAvFN,WAAA;EAuF0B;EArF1B,eAAA;EAyFsC;EAvFtC,aAAA;EAyG2B;EAvG3B,IAAA;AAAA;;UAIe,uBAAA;EAmGR;EAjGP,EAAA;EAiG2B;EA/F3B,eAAA;EAkGwC;EAhGxC,iBAAA;EAkG2B;EAhG3B,WAAA;EAgGW;EA9FX,IAAA;EAiGE;EA/FF,KAAA;EAmGE;EAjGF,mBAAA;EAqGE;EAnGF,cAAA,EAAgB,2BAA2B;EAsGzB;EApGlB,SAAA;AAAA;;UAIe,wBAAA;EA0GF;EAxGb,iBAAA;EA0Ga;;;;;EApGb,MAAA;EAgGA;;;;;;;EAxFA,YAAA;EA4F8B;AAAA;AAIhC;;;EA1FE,eAAA;EA2FA;EAzFA,QAAA;EA2FA;EAzFA,IAAA,GAAO,YAAA;EA2FP;EAzFA,SAAA,GAAY,IAAI;AAAA;AA0FC;AAAA,UAtFF,wBAAA;;EAEf,iBAAA;EACA,IAAA,GAAO,YAAA;EACP,SAAA,GAAY,IAAI;AAAA;;UAID,wBAAA;ECxpB4C;ED0pB3D,iBAAiB;AAAA;;UAIF,oCAAA;EClrBE;EDorBjB,iBAAiB;AAAA;AAAA,UAGF,oBAAA;ECnrBM;EDqrBrB,QAAA;ECrqBM;EDuqBN,IAAA,EAAM,oBAAoB;AAAA;;UAIX,uBAAA;EC3qBoC;ED6qBnD,iBAAA;EC7qB4D;AAAA;;;EDkrB5D,MAAA;EEjrBW;;;;;EFurBX,YAAA;EEpqBW;;;;EFyqBX,KAAA,EAAO,oBAAoB;AAAA;AAAA,UAGZ,yBAAA;EE9rBE;EFgsBjB,SAAA,EAAW,gBAAgB;EAC3B,OAAA;IE9rBqB,4EFgsBnB,SAAA,UEhsB0C;IFksB1C,QAAA,UEtrBI;IFwrBJ,OAAA,UEtrBQ;IFwrBR,SAAA,UEvrBC;IFyrBD,aAAA;EAAA;EEtqBA;EFyqBF,kBAAA;AAAA;;UAIe,eAAA;EACf,OAAA;EACA,OAAA;EACA,GAAA;EACA,aAAA;EACA,MAAA;EACA,UAAA,GAAa,yBAAA;EACb,SAAA,GAAY,iBAAA;EACZ,UAAA,GAAa,iBAAA;AAAA;;UAIE,yBAAA;EACf,OAAA;EACA,MAAA;EACA,QAAA;EACA,mBAAA;EACA,cAAA;EACA,iBAAA;AAAA;;;AAnwBF;;;;;AAAA,cCOa,UAAA;EAAA,iBACM,OAAA;EAAA,iBACA,OAAA;EAAA,iBACA,SAAA;EAAA,iBACA,UAAA;cAEL,OAAA,EAAS,eAAA;EDLrB;;;;;;;;;ECqBM,OAAA,IAAW,IAAA,UAAc,IAAA,EAAM,WAAA,GAAc,OAAA,CAAQ,CAAA;AAAA;;;;;;;;;;;;;;;;;;;;;;;cCChD,aAAA;EAAA,iBACM,OAAA;EAAA,iBACA,IAAA;cAEL,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,UAAA;EFN7B;;;;;;;EEkBT,OAAA,CACJ,QAAA,UACA,MAAA,EAAQ,mBAAA,GACP,OAAA,CAAQ,oBAAA;EFGX;;;AAKiB;AAInB;;;EEMQ,MAAA,CACJ,QAAA,UACA,MAAA,EAAQ,kBAAA,GACP,OAAA,CAAQ,oBAAA;EAAA,QAMG,MAAA;AAAA;;;AF5EhB;;;;;;;AAAA,cGwBa,cAAA;EAAA,iBACM,OAAA;EAAA,iBACA,UAAA;EAAA,QACT,IAAA;EAAA,QACA,SAAA;cAEI,OAAA,EAAS,eAAA;EHVrB;;;;;;;;;;;AAI6C;EGuBvC,WAAA,CAAY,KAAA,WAAgB,OAAA,CAAQ,kBAAA;EHnBV;;;;;;EG+G1B,WAAA,IAAe,OAAA;EAAA,QASb,aAAA;EAAA,QASA,OAAA;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;AHrIqC;AAI/C;;;;;;;;;;cIuBa,mBAAA;EAAA,iBACM,OAAA;EAAA,iBACA,IAAA;cAEL,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,UAAA;;;;;;;;;;;;;EAiBtC,IAAA,CACJ,MAAA,EAAQ,uBAAA,GACP,OAAA,CAAQ,yBAAA;EJWV;;AAAW;AAId;;;;;;;;EIQQ,kBAAA,CACJ,MAAA,EAAQ,oCAAA,GACP,OAAA,CAAQ,uBAAA;EJFI;AAIjB;;;;;;;;;;;;EImBQ,MAAA,CAAO,MAAA,EAAQ,wBAAA,GAA2B,OAAA,CAAQ,gBAAA;EJPlD;AAMR;;;;AAA4B;AAO5B;;;;;;EI2BQ,IAAA,CACJ,MAAA,EAAQ,uBAAA,GACP,OAAA,CAAQ,yBAAA;EJTE;;;;;;;EI8BP,MAAA,CACJ,EAAA,UACA,MAAA,EAAQ,wBAAA,GACP,OAAA,CAAQ,gBAAA;EJnCK;;;;;AAEH;AAIf;;EImDQ,MAAA,CACJ,EAAA,UACA,MAAA,EAAQ,wBAAA,GACP,OAAA;IAAU,OAAA;EAAA;EJlDb;EAAA,QI2Dc,IAAA;AAAA;;;cC1KH,cAAA;EAAA,iBACM,OAAA;EAAA,iBACA,IAAA;cAEL,OAAA,EAAS,eAAA,EAAiB,IAAA,EAAM,UAAA;ELvBP;;;;;;;;;;;;;;;;;;;AAAQ;AAI/C;EK6CQ,IAAA,CAAK,MAAA,EAAQ,iBAAA,GAAoB,OAAA,CAAQ,eAAA;;;;;;;;EAuDzC,qBAAA,CACJ,MAAA,EAAQ,yBAAA,GACP,OAAA,CAAQ,uBAAA;ELzEM;AAAA;AAInB;;EK4GQ,cAAA,CACJ,MAAA,EAAQ,uBAAA,GACP,OAAA,CAAQ,qBAAA;EL9GsB;;;;;;EKwHjC,MAAA,CAAO,MAAA,EAAQ,mBAAA;EL1Gf;;;;;;;EK+HA,aAAA,CAAc,MAAA,EAAQ,mBAAA;ELjHP;;;;;;;;;EKgIf,cAAA,CAAe,MAAA,EAAQ,mBAAA,GAAsB,qBAAA;ELpH9B;;;;;;;;;EK0If,iBAAA,CAAkB,MAAA,EAAQ,uBAAA,GAA0B,gBAAA;AAAA;;;;;;;;;;;;;;;;;;cCrNzC,UAAA;ENFG;EAAA,SMIE,QAAA,EAAU,cAAA;ENJC;EAAA,SMMX,OAAA,EAAS,aAAA;ENNoB;EAAA,SMQ7B,aAAA,EAAe,mBAAA;ENJC;EAAA,SMMhB,QAAA,EAAU,cAAA;ENNM;;;;cMYpB,OAAA,GAAS,iBAAA;AAAA;;;;ANxCvB;;;cOGa,eAAA,SAAwB,KAAK;cAC5B,OAAA;AAAA;;;;;cAWD,kBAAA,SAA2B,eAAe;cACzC,OAAA;AAAA;;;;;;;;;cAeD,SAAA,SAAkB,eAAe;EAAA,SAC5B,UAAA;EAAA,SACA,YAAA;EAAA,SACA,GAAA;cAEJ,UAAA,UAAoB,YAAA,UAAsB,GAAA;AAAA;;cAW3C,YAAA,SAAqB,eAAe;cACnC,GAAA,UAAa,OAAA;AAAA;;cAQd,qBAAA,SAA8B,eAAe;cAC5C,OAAA;AAAA;;KAQF,uBAAA;APJZ;;;;;AAAA,cOqBa,iBAAA,SAA0B,eAAA;EAAA,SACrB,MAAA,EAAQ,uBAAA;cAEZ,MAAA,EAAQ,uBAAA,EAAyB,OAAA;AAAA;;KASnC,4BAAA;;;;;cAYC,sBAAA,SAA+B,eAAA;EAAA,SAC1B,MAAA,EAAQ,4BAAA;cAEZ,MAAA,EAAQ,4BAAA,EAA8B,OAAA;AAAA;;;AP7GpD;;;;;;;;;;;;;;;;;;;;;;;;AAwB+C;AAxB/C,iBQ+BgB,sBAAA,CACd,MAAA,EAAQ,4BAAA,GACP,wBAAwB;;;;;;;iBAqBX,kBAAA,CAAmB,KAAA;EACjC,iBAAiB;AAAA"}

package/dist/index.mjs

@@ -606,7 +606,57 @@ function validatePayload(raw) {
 	return event;
 }
 //#endregion
+//#region src/webhooks/actionWebhookSigning.ts
+/**
+* Sign an outbound request for an AgentPress action webhook that uses the
+* `hmac_sha256` verification scheme
+* (`POST /webhooks/actions/:org/:identifier`).
+*
+* Produces the two headers AgentPress verifies:
+*
+* - `x-webhook-timestamp` — unix seconds; AgentPress rejects timestamps more
+*   than 5 minutes from its own clock.
+* - `x-webhook-signature` — `v1=<hex HMAC-SHA256 of "${timestamp}.${rawBody}">`.
+*
+* Send the exact `rawBody` string you signed — any re-serialization after
+* signing (re-ordered keys, whitespace changes) invalidates the signature.
+*
+* @example
+* ```ts
+* const rawBody = JSON.stringify({ eventType: "review.created", data: {...} });
+* const { headers } = signHmacWebhookRequest({ secret, rawBody });
+* await fetch(actionWebhookUrl, {
+*   method: "POST",
+*   body: rawBody,
+*   headers: { "content-type": "application/json", ...headers },
+* });
+* ```
+*/
+function signHmacWebhookRequest(params) {
+	const timestamp = Math.floor(params.timestamp ?? Date.now() / 1e3).toString();
+	return { headers: {
+		"x-webhook-timestamp": timestamp,
+		"x-webhook-signature": `v1=${createHmac("sha256", params.secret).update(`${timestamp}.${params.rawBody}`).digest("hex")}`
+	} };
+}
+/**
+* Build the auth header for an AgentPress action webhook that uses the
+* `shared_token` verification scheme. AgentPress also accepts
+* `Authorization: Bearer <token>`; this helper uses the dedicated
+* `x-webhook-token` header so it never collides with other auth middleware.
+*/
+function sharedTokenHeaders(token) {
+	return { "x-webhook-token": token };
+}
+//#endregion
 //#region src/webhooks/client.ts
+function pathSegment(value) {
+	return encodeURIComponent(value);
+}
+function requireSecret(scheme, secret) {
+	if (!secret) throw new ConfigurationError(`webhookSecret or auth.${scheme === "shared_token" ? "token" : "secret"} is required for ${scheme} action webhook sends`);
+	return secret;
+}
 var WebhooksClient = class {
 	options;
 	http;
@@ -616,7 +666,8 @@ var WebhooksClient = class {
 	}
 	/**
 	* Send an arbitrary webhook payload to AgentPress.
-	* Signs the payload with HMAC-SHA256 (Svix-compatible).
+	* Signs the payload with the verification scheme configured on the action
+	* webhook. Defaults to Svix-compatible signing.
 	*
 	* On the happy path the response is synchronous: `{ success: true,
 	* actionId, data }`, or `{ success, actionId, alreadyExists: true, data }`
@@ -629,28 +680,81 @@ var WebhooksClient = class {
 	* auto-processes once an operator fixes the configuration, so check
 	* {@link WebhookResponse.buffered} before relying on `actionId`.
 	*
-	* @throws ConfigurationError if webhookSecret is not configured
+	* @throws ConfigurationError if the selected verification scheme needs a
+	* secret/token and none is configured
 	* @throws HttpError on non-2xx response
 	* @throws TimeoutError if request exceeds timeout
 	*/
 	async send(params) {
-		if (!this.options.webhookSecret) throw new ConfigurationError("webhookSecret is required for webhook operations");
-		const path = `/webhooks/actions/${this.options.org}/${params.action}`;
+		const path = `/webhooks/actions/${pathSegment(this.options.org)}/${pathSegment(params.action)}`;
 		const body = JSON.stringify(params.payload);
-		const msgId = randomMessageId();
-		const timestamp = Math.floor(Date.now() / 1e3);
-		const signature = sign(this.options.webhookSecret, msgId, timestamp, body);
+		const auth = params.auth ?? { scheme: "svix" };
+		const headers = {};
+		if (auth.scheme === "svix") {
+			const secret = requireSecret("svix", auth.secret ?? this.options.webhookSecret);
+			const msgId = auth.msgId ?? randomMessageId();
+			const timestamp = Math.floor(auth.timestamp ?? Date.now() / 1e3);
+			Object.assign(headers, {
+				"svix-id": msgId,
+				"svix-timestamp": String(timestamp),
+				"svix-signature": sign(secret, msgId, timestamp, body)
+			});
+		} else if (auth.scheme === "hmac_sha256") {
+			const secret = requireSecret("hmac_sha256", auth.secret ?? this.options.webhookSecret);
+			Object.assign(headers, signHmacWebhookRequest({
+				secret,
+				rawBody: body,
+				timestamp: auth.timestamp
+			}).headers);
+		} else if (auth.scheme === "shared_token") {
+			const token = requireSecret("shared_token", auth.token ?? this.options.webhookSecret);
+			Object.assign(headers, sharedTokenHeaders(token));
+		}
 		return this.http.request(path, {
 			method: "POST",
 			body,
-			headers: {
+			headers
+		});
+	}
+	/**
+	* Send a payload to the legacy Actions listener ingestion endpoint
+	* (`POST /webhooks/ingest/:org/:identifier`).
+	*
+	* New integrations should prefer {@link send}; this method is kept for
+	* existing listener integrations and SDK patch compatibility.
+	*/
+	async sendToActionsListener(params) {
+		const path = `/webhooks/ingest/${pathSegment(this.options.org)}/${pathSegment(params.identifier)}`;
+		const body = JSON.stringify(params.payload);
+		const headers = {};
+		if (params.auth.scheme === "svix") {
+			const msgId = params.auth.msgId ?? randomMessageId();
+			const timestamp = Math.floor(params.auth.timestamp ?? Date.now() / 1e3);
+			Object.assign(headers, {
 				"svix-id": msgId,
 				"svix-timestamp": String(timestamp),
-				"svix-signature": signature
-			}
+				"svix-signature": sign(params.auth.secret, msgId, timestamp, body)
+			});
+		} else if (params.auth.scheme === "hmac_sha256") Object.assign(headers, signHmacWebhookRequest({
+			secret: params.auth.secret,
+			rawBody: body,
+			timestamp: params.auth.timestamp
+		}).headers);
+		else if (params.auth.scheme === "shared_token") Object.assign(headers, sharedTokenHeaders(params.auth.token));
+		return this.http.request(path, {
+			method: "POST",
+			body,
+			headers
 		});
 	}
 	/**
+	* @deprecated Use {@link sendToActionsListener}. Kept as a compatibility
+	* alias for integrations created before the Actions listener naming update.
+	*/
+	async sendToListener(params) {
+		return this.sendToActionsListener(params);
+	}
+	/**
 	* Verify an inbound Svix webhook signature.
 	*
 	* @returns true if valid, false if invalid or expired
@@ -792,49 +896,6 @@ const ACTION_EVENT_TYPES = [
 	"action.expired"
 ];
 //#endregion
-//#region src/webhooks/ingestSigning.ts
-/**
-* Sign an outbound request for an AgentPress inbound webhook listener that
-* uses the `hmac_sha256` verification scheme
-* (`POST /webhooks/ingest/:org/:identifier`).
-*
-* Produces the two headers AgentPress verifies:
-*
-* - `x-webhook-timestamp` — unix seconds; AgentPress rejects timestamps more
-*   than 5 minutes from its own clock.
-* - `x-webhook-signature` — `v1=<hex HMAC-SHA256 of "${timestamp}.${rawBody}">`.
-*
-* Send the exact `rawBody` string you signed — any re-serialization after
-* signing (re-ordered keys, whitespace changes) invalidates the signature.
-*
-* @example
-* ```ts
-* const rawBody = JSON.stringify({ eventType: "review.created", data: {...} });
-* const { headers } = signHmacWebhookRequest({ secret, rawBody });
-* await fetch(ingestUrl, {
-*   method: "POST",
-*   body: rawBody,
-*   headers: { "content-type": "application/json", ...headers },
-* });
-* ```
-*/
-function signHmacWebhookRequest(params) {
-	const timestamp = Math.floor(params.timestamp ?? Date.now() / 1e3).toString();
-	return { headers: {
-		"x-webhook-timestamp": timestamp,
-		"x-webhook-signature": `v1=${createHmac("sha256", params.secret).update(`${timestamp}.${params.rawBody}`).digest("hex")}`
-	} };
-}
-/**
-* Build the auth header for an AgentPress inbound webhook listener that uses
-* the `shared_token` verification scheme. AgentPress also accepts
-* `Authorization: Bearer <token>`; this helper uses the dedicated
-* `x-webhook-token` header so it never collides with other auth middleware.
-*/
-function sharedTokenHeaders(token) {
-	return { "x-webhook-token": token };
-}
-//#endregion
 export { ACTION_EVENT_TYPES, ActionsClient, AgentPress, AgentPressError, ConfigurationError, HttpError, KeyRotationVerifyError, PartnerTokenError, PartnersClient, TimeoutError, UserApprovalsClient, WebhookSignatureError, WebhooksClient, sharedTokenHeaders, signHmacWebhookRequest };
 
 //# sourceMappingURL=index.mjs.map