@ar-agents/mercadopago 0.9.0 → 0.11.0

package/CHANGELOG.md

@@ -1,5 +1,47 @@
 # Changelog
 
+## 0.11.0
+
+### Minor Changes — Composability + cross-LATAM + fraud scoring
+
+**Tool middleware pattern (NEW)**: composable wrappers around any AI SDK tool. Ships `withAuditLog`, `withRateLimit`, `withMetrics`, `withRetry` + `compose()` + `applyToAllTools()`. Add audit + rate-limit + metrics to every tool with a single config block instead of wiring each concern into the tool implementation.
+
+**TaxID validation cross-LATAM (NEW)**: `validateTaxId(input, type)` for AR (DNI/CUIT/CUIL with modulo-11), BR (CPF/CNPJ two-step weighted), MX (RFC structure), CL (RUT with K), CO (NIT modulo-11), UY (RUT 12-digit), PE (RUC 11-digit + prefix). `detectAndValidate(input, country)` auto-detects type from length. New `validate_tax_id` agent tool. Pure, no network.
+
+**`additional_info` on `create_payment` (fraud scoring enrichment)**: `payer` profile (registration_date, authentication_type, is_first_purchase, is_prime_user, last_purchase), `shipments` (receiver_address, express_shipment, local_pickup), `ip_address`, `referral_url`. Per MP RG 5286/2023, payments without enrichment have 3-5x higher rejection rate — this is a real conversion uplift. Documented in tool description so the agent surfaces it proactively.
+
+**VercelKVAuditLog (NEW)**: production audit-log adapter in `@ar-agents/mercadopago/vercel-kv` subpath. Storage layout: per-entry key + ZSET indexes by day/actor/tenant for O(log N) time-range queries. Backed by Vercel KV (Upstash Redis).
+
+**Migration guide vs `mercadopago` (official SDK)** — `MIGRATION.md` shipped in tarball with side-by-side mappings, conceptual table, "when to use both" section.
+
+**CI fixes**: build packages BEFORE typecheck (was failing for facturacion → identity workspace dep with subpath exports). Release workflow now `workflow_dispatch` only (was spamming failure emails on every push because changesets/action couldn't create PRs without explicit repo permission).
+
+**New tools**: `validate_tax_id`. Tool count: **87** (was 86).
+
+**Quality**: 284 tests pass (was 245; +39 v0.11 tests covering middleware, taxId, and more). publint clean, attw 🟢 across 3 subpaths. Bundle: main 42.9 KB brotli'd (size budget bumped 40→50 KB).
+
+## 0.10.0
+
+### Minor Changes — Compliance + DX + observability deepening
+
+**Audit logging system (NEW)**: `AuditLogger` + `AuditLogAdapter` + `InMemoryAuditLog`. Captures every state-mutating tool call (operation, actor, tenantId, inputHash, outcome, errorCode, resourceId, idempotencyKey, durationMs). PII-conscious by default (`redact: true` hashes input, `redact: false` logs raw). Pluggable storage — InMemory shipped, plug your own Postgres/S3/SIEM.
+
+**Webhook idempotency dedup (NEW)**: `WebhookDedup` class short-circuits duplicate MP webhook deliveries. MP retries on 5xx over an 8-day window — without dedup your handler processes the same event 5+ times. TTL default 7 days. Two modes: mark-on-first-sight and at-least-once.
+
+**Pagination helpers (NEW)**: `paginate()` generic + 7 typed wrappers (payments, subscriptions, account movements, settlements, merchant orders, plans, subscription payments). AsyncIterable streaming, bounded concurrency, `maxItems` cap.
+
+**Token bucket rate limiting (NEW)**: `TokenBucketRateLimiter` — proactive client-side limiter with **adaptive learning** from MP's `x-rate-limit-remaining` headers.
+
+**AR issuer cuotas catalog (NEW)**: `AR_ISSUER_PROMOS` + `AHORA_PROGRAM_PROMOS` — embedded knowledge of AR bank promos. 14 issuer promos (Naranja, Galicia, Santander, Macro, BBVA, ICBC, Patagonia, Nación, Provincia, Ciudad). New `find_applicable_promos` tool.
+
+**OpenTelemetry instrumentation subpath (NEW)**: `@ar-agents/mercadopago/otel` exports `createOtelHooks({ serviceName })`. Auto-emits spans + histograms + counters + gauges. `@opentelemetry/api` is OPTIONAL peer dep — graceful no-op fallback.
+
+**3DS challenge resolution (NEW)**: `confirmChallengeAndPoll()` polls after the buyer completes the issuer challenge. New `confirm_3ds_challenge` tool — completes the FULL 3DS flow.
+
+**New tools**: `find_applicable_promos`, `confirm_3ds_challenge`, `search_payments_all`, `list_settlements_all`. Tool count: **86** (was 82).
+
+**Quality**: 245 tests pass (was 222). publint clean, attw 🟢 across 3 subpaths (`.`, `/vercel-kv`, `/otel`). Optional peer deps: `@vercel/kv`, `@opentelemetry/api`.
+
 ## 0.9.0
 
 ### Minor Changes — Production hardening: circuit breaker, deadline propagation, property-based tests, real MP sandbox integration tests, benchmarks

package/MIGRATION.md

@@ -0,0 +1,176 @@
+# Migration guide — `mercadopago` (official SDK) → `@ar-agents/mercadopago`
+
+If you're already using MP's official Node SDK and want to switch to (or
+add on top of) the agent toolkit, this guide shows the side-by-side mapping.
+
+The agent toolkit is **not** a drop-in replacement — it's a layer ABOVE
+the underlying API designed for AI agents. You can use both packages in
+the same project: keep `mercadopago` for traditional server flows, add
+`@ar-agents/mercadopago` for the agent layer.
+
+## Conceptual mapping
+
+| `mercadopago` (official) | `@ar-agents/mercadopago` |
+|---|---|
+| `MercadoPagoConfig({ accessToken })` | `new MercadoPagoClient({ accessToken })` |
+| `new Payment(config)` | Same `MercadoPagoClient` (single object, no per-resource client) |
+| `payment.create({ body })` | `client.createPayment(params)` (camelCase params) |
+| `payment.get({ id })` | `client.getPayment(id)` |
+| `payment.search({ options })` | `client.searchPayments(filter)` |
+| `preApproval.create({ body })` | `client.createPreapproval(params)` |
+| `customer.search({ options: { criteria: 'desc', email } })` | `client.searchCustomers({ email })` |
+| Manual webhook signature check | `verifyWebhookSignature({ ... })` (HMAC + replay protection) |
+| Manual idempotency key generation | Auto-generated by tool layer (deterministic SHA-256) |
+| Manual retry logic | Built-in retry budget + circuit breaker |
+| Manual installments display | `findApplicablePromos({ issuer, ... })` |
+
+## Side-by-side: create a payment
+
+**Before (`mercadopago`):**
+
+```ts
+import { MercadoPagoConfig, Payment } from "mercadopago";
+
+const config = new MercadoPagoConfig({ accessToken: process.env.MP_ACCESS_TOKEN! });
+const payment = new Payment(config);
+
+const created = await payment.create({
+  body: {
+    transaction_amount: 100,
+    payment_method_id: "visa",
+    payer: { email: "buyer@test.com" },
+    token: cardToken,
+    description: "Test",
+    external_reference: "order-123",
+  },
+});
+console.log(created.id, created.status);
+```
+
+**After (`@ar-agents/mercadopago` — direct client):**
+
+```ts
+import { MercadoPagoClient } from "@ar-agents/mercadopago";
+
+const client = new MercadoPagoClient({ accessToken: process.env.MP_ACCESS_TOKEN! });
+
+const created = await client.createPayment({
+  transactionAmount: 100,           // camelCase
+  paymentMethodId: "visa",
+  payerEmail: "buyer@test.com",     // flat (not nested under `payer`)
+  token: cardToken,
+  description: "Test",
+  externalReference: "order-123",
+});
+console.log(created.id, created.status);
+```
+
+**After (`@ar-agents/mercadopago` — agent tool):**
+
+```ts
+import { MercadoPagoClient, mercadoPagoTools, InMemoryStateAdapter } from "@ar-agents/mercadopago";
+
+const client = new MercadoPagoClient({ accessToken: process.env.MP_ACCESS_TOKEN! });
+const tools = mercadoPagoTools(client, {
+  state: new InMemoryStateAdapter(),
+  backUrl: "https://yourapp.com/done",
+});
+
+// Tool runs from inside an Agent.generate() call:
+// "Cobrale 100 pesos a buyer@test.com"
+```
+
+## Side-by-side: webhook signature verification
+
+**Before (`mercadopago`)**: not provided — you implement HMAC-SHA256 yourself
+from the docs.
+
+**After (`@ar-agents/mercadopago`):**
+
+```ts
+import { verifyWebhookSignature, parseWebhookEvent } from "@ar-agents/mercadopago";
+
+export async function POST(req: Request) {
+  const rawBody = await req.text();
+  const event = parseWebhookEvent(JSON.parse(rawBody));
+  const verified = await verifyWebhookSignature({
+    requestId: req.headers.get("x-request-id"),
+    dataId: event!.dataId,
+    signatureHeader: req.headers.get("x-signature"),
+    secret: process.env.MP_WEBHOOK_SECRET!,
+    // 5-min replay protection by default
+  });
+  if (!verified) return new Response("unauthorized", { status: 401 });
+  // ...
+}
+```
+
+## Side-by-side: idempotency
+
+**Before (`mercadopago`)**: pass `requestOptions: { idempotencyKey: "..." }`
+manually on each call. You compute the key yourself.
+
+**After (`@ar-agents/mercadopago`)**: tools auto-derive a deterministic
+idempotency key from the meaningful inputs (SHA-256 of `external_reference`,
+amount, payment_method, etc.). Same input → same key → MP dedupes safely
+across retries. No manual work.
+
+## Side-by-side: retries + timeouts
+
+**Before**: implement your own retry loop + AbortController.
+
+**After**: built into `MercadoPagoClient`:
+
+```ts
+new MercadoPagoClient({
+  accessToken: "...",
+  requestTimeoutMs: 30_000,    // default 30s
+  maxRetries: 1,               // default 1, retries 5xx + 429
+  circuitBreaker: new CircuitBreaker({ failureThreshold: 5 }),
+  // Honors Retry-After on 429 automatically
+});
+```
+
+## What this toolkit adds that the official SDK doesn't have
+
+- **Agent tool layer** for Vercel AI SDK 6+ (`mercadoPagoTools()`)
+- **Webhook HMAC + replay protection** (`verifyWebhookSignature` async)
+- **Circuit breaker** with state machine
+- **Deadline propagation** via parent `AbortSignal`
+- **W3C Trace Context** propagation (OpenTelemetry compat sin peer dep)
+- **Audit logging** with pluggable adapter (`AuditLogger` + `InMemoryAuditLog`)
+- **Webhook idempotency dedup** (`WebhookDedup` — short-circuits MP retries)
+- **Pagination helpers** (`paginate()` AsyncIterable for 7 endpoints)
+- **Token bucket rate limiter** with adaptive learning from MP headers
+- **AR issuer cuotas catalog** (`AR_ISSUER_PROMOS`, `findApplicablePromos`)
+- **OpenTelemetry instrumentation subpath** (`@ar-agents/mercadopago/otel`)
+- **Tool middleware pattern** (`withAuditLog`, `withRateLimit`, `withMetrics`, `withRetry`)
+- **3DS challenge resolution** (`confirmChallengeAndPoll`)
+- **TaxID validation cross-LATAM** (DNI/CUIT/CPF/CNPJ/RFC/RUT/NIT/RUC)
+- **Status detail explainer** (`explainPaymentStatus` — Spanish actionable guidance)
+- **Marketplace fee calculator** (`computeMarketplaceFee`)
+- **Vercel KV state adapters** (subscription state + OAuth tokens + idempotency cache + audit log)
+- **Cookbook** with 8 production-grade recipes
+- **Edge Runtime support** (Web Crypto, no `node:crypto`)
+- **Property-based testing** with fast-check (~1500 random scenarios)
+- **Failure injection tests** + integration tests vs MP sandbox
+- **Benchmarks** (`pnpm bench`)
+
+## When to keep using `mercadopago` (official) instead
+
+- Your codebase is already deeply integrated with the official SDK
+- You don't need the agent layer (no Vercel AI SDK)
+- You operate primarily server-side with cron jobs and don't care about
+  agent ergonomics, audit logs, circuit breakers, or status explainers
+
+## When to add `@ar-agents/mercadopago`
+
+- You're building anything with an AI agent (Claude, GPT, Gemini)
+- You're deploying to Vercel and want first-class KV adapters
+- You need **production-grade webhook handling** (HMAC + dedup + replay protection)
+- You operate a **marketplace** with per-seller OAuth flows
+- You need **compliance-grade audit logging** for refunds/payments
+- You want **AR-specific knowledge** (cuotas catalog, status_detail explainer in Spanish, AR landmines documented)
+- You want **OpenTelemetry-native** observability without writing instrumentation glue
+
+You can use BOTH packages in the same project — they don't conflict.

package/dist/audit-B9Nhj3PH.d.cts

@@ -0,0 +1,294 @@
+/**
+ * In-memory record of a subscription. The lib persists the MP-side fields
+ * needed to reason about a subscription without hitting the API every time
+ * (status, last webhook info, customer email, etc.) plus a free-form metadata
+ * bag for callers to attach business context (tenant id, plan name, etc.).
+ */
+interface SubscriptionStateRecord {
+    status?: string;
+    payerEmail?: string;
+    amount?: number;
+    currency?: string;
+    frequency?: number;
+    frequencyType?: string;
+    initPoint?: string;
+    externalReference?: string;
+    createdAt?: string;
+    cancelledAt?: string;
+    lastWebhookStatus?: string;
+    lastWebhookAt?: string;
+    metadata?: Record<string, unknown>;
+}
+/**
+ * Persistence surface for subscription state. Implementations may back this
+ * with Upstash Redis, Vercel KV, Postgres, in-memory, or anything that
+ * supports the three operations. The default `InMemoryStateAdapter` is
+ * provided for tests and trivial single-process deployments; production
+ * setups should plug in a durable store.
+ */
+interface SubscriptionStateAdapter {
+    set(id: string, state: Partial<SubscriptionStateRecord>): Promise<void>;
+    get(id: string): Promise<SubscriptionStateRecord | null>;
+    list?(): Promise<string[]>;
+}
+/**
+ * Volatile, single-process state adapter. Useful for tests and demos. Do not
+ * use in production: state is lost on restart and is not safe across tenants.
+ */
+declare class InMemoryStateAdapter implements SubscriptionStateAdapter {
+    private readonly store;
+    set(id: string, state: Partial<SubscriptionStateRecord>): Promise<void>;
+    get(id: string): Promise<SubscriptionStateRecord | null>;
+    list(): Promise<string[]>;
+    /** Test helper: drop everything. Not part of the adapter interface. */
+    reset(): void;
+}
+interface OAuthTokenRecord {
+    user_id: string;
+    access_token: string;
+    refresh_token: string;
+    /** Unix-ms timestamp when access_token expires. */
+    expires_at: number;
+    /** OAuth scope granted, if any. */
+    scope?: string;
+    /** Optional: any business metadata you want to attach (tenant id, etc.). */
+    metadata?: Record<string, unknown>;
+}
+interface OAuthTokenStore {
+    /** Persist (or update) the token for `user_id`. */
+    set(userId: string, token: OAuthTokenRecord): Promise<void>;
+    /** Fetch the stored token, or null if no token registered for that seller. */
+    get(userId: string): Promise<OAuthTokenRecord | null>;
+    /** Forget a seller's token (e.g., they revoked the app). */
+    delete(userId: string): Promise<void>;
+    /** Optional: enumerate all sellers (useful for batch refresh jobs). */
+    list?(): Promise<string[]>;
+}
+/**
+ * Volatile, single-process OAuth token store. NOT for production marketplace
+ * setups — tokens are lost on restart. Plug in `VercelKVOAuthTokenStore`
+ * (from `@ar-agents/mercadopago/vercel-kv`) or your own Postgres-backed
+ * implementation.
+ */
+declare class InMemoryOAuthTokenStore implements OAuthTokenStore {
+    private readonly store;
+    set(userId: string, token: OAuthTokenRecord): Promise<void>;
+    get(userId: string): Promise<OAuthTokenRecord | null>;
+    delete(userId: string): Promise<void>;
+    list(): Promise<string[]>;
+    /** Test helper. */
+    reset(): void;
+}
+interface IdempotencyCache {
+    /** Get the cached response for a key, or null if not present / expired. */
+    get<T>(key: string): Promise<T | null>;
+    /**
+     * Store a response under `key`. `ttlSeconds` defaults to 24h — match MP's
+     * own idempotency window so the cache becomes irrelevant once MP would
+     * forget anyway.
+     */
+    set<T>(key: string, value: T, ttlSeconds?: number): Promise<void>;
+    /** Forget a cache entry (force a re-fetch on next call). */
+    delete(key: string): Promise<void>;
+}
+/**
+ * Volatile, single-process idempotency cache. Tests + dev only.
+ */
+declare class InMemoryIdempotencyCache implements IdempotencyCache {
+    private readonly store;
+    get<T>(key: string): Promise<T | null>;
+    set<T>(key: string, value: T, ttlSeconds?: number): Promise<void>;
+    delete(key: string): Promise<void>;
+    /** Test helper. */
+    reset(): void;
+}
+
+/**
+ * Compute SHA-256 hash of `input`. Returns the full 64-char hex digest.
+ *
+ * Used for deterministic idempotency keys derived from caller-meaningful
+ * fields. Truncate the output to 32 chars for storage if needed.
+ */
+declare function sha256Hex(input: string): Promise<string>;
+
+/**
+ * Audit logging — financial-grade compliance trail for every state-mutating
+ * operation. Captures who/what/when/idempotency_key/before/after/result.
+ *
+ * # Why this is a tier-1 feature
+ *
+ * Every mature payment integration has an audit log. The compliance officer
+ * asks "show me every refund issued in March 2026 by user X" and you need
+ * to answer in <60 seconds. Without an audit log, you're trawling through
+ * application logs hoping nothing was filtered out.
+ *
+ * # What gets logged
+ *
+ * Every **state-mutating** tool call automatically:
+ * - `create_payment`, `charge_saved_card`, `cancel_payment`, `capture_payment`
+ * - `refund_payment`
+ * - `create_subscription`, `cancel/pause/resume_subscription`, `update_subscription`
+ * - `create_order`, `capture_order`, `cancel_order`
+ * - `create_payment_preference`, `update_payment_preference`
+ * - `create_customer`, `update_customer`, `create_customer_card`, `delete_customer_card`
+ * - `create_subscription_plan`, `update_subscription_plan`
+ * - `create_store/pos`, `update_store/pos`, `delete_store/pos`
+ * - `create_qr_payment`, `cancel_qr_payment`
+ * - `create_point_payment_intent`, `cancel_point_payment_intent`, `update_point_device_mode`
+ * - OAuth: `oauth_exchange_code`, `oauth_refresh_token`
+ * - `register_bank_account`
+ * - `create_webhook`, `update_webhook`, `delete_webhook`
+ *
+ * **Read-only** tools do NOT emit audit entries (would flood the log without
+ * value): get_*, search_*, list_*, calculate_*, validate_*, lookup_*, analyze_*.
+ *
+ * # PII handling
+ *
+ * The audit log captures `inputSummary` (a deterministic hash of the input
+ * fields, NOT the raw input) by default. Configure `redact: false` to log
+ * raw inputs (payer email, CUIT, etc.) — only when your data-residency
+ * policy permits.
+ *
+ * # Storage
+ *
+ * Pluggable adapter pattern. Ships:
+ * - `InMemoryAuditLog` — for tests + single-process demos.
+ * - `VercelKVAuditLog` (in `/vercel-kv` subpath) — production-ready, KV-backed
+ *   with daily-bucket indexing for efficient time-range queries.
+ *
+ * Implement your own for Postgres / S3 / SIEM integration.
+ */
+
+type AuditOperation = "create_payment" | "charge_saved_card" | "cancel_payment" | "capture_payment" | "refund_payment" | "create_subscription" | "cancel_subscription" | "pause_subscription" | "resume_subscription" | "update_subscription" | "subscribe_to_plan" | "create_subscription_plan" | "update_subscription_plan" | "create_order" | "capture_order" | "cancel_order" | "update_order" | "create_payment_preference" | "update_payment_preference" | "create_customer" | "update_customer" | "create_customer_card" | "delete_customer_card" | "create_store" | "update_store" | "delete_store" | "create_pos" | "update_pos" | "delete_pos" | "create_qr_payment" | "cancel_qr_payment" | "create_point_payment_intent" | "cancel_point_payment_intent" | "update_point_device_mode" | "oauth_exchange_code" | "oauth_refresh_token" | "register_bank_account" | "create_webhook" | "update_webhook" | "delete_webhook" | (string & {});
+interface AuditEntry {
+    /**
+     * Unique entry id. Format: `mpaud-{ISO date}-{random}`. Use as primary
+     * key in your storage layer.
+     */
+    id: string;
+    /** ISO 8601 timestamp. */
+    timestamp: string;
+    /** The MP operation performed. */
+    operation: AuditOperation;
+    /**
+     * Logical actor that initiated the call. Caller-provided. Examples:
+     * `"agent:billing-bot"`, `"user:42"`, `"cron:daily-charge"`.
+     *
+     * Defaults to `"unknown"` when not provided. **Always pass this in
+     * production** — without it, your compliance trail is meaningless.
+     */
+    actor: string;
+    /** Optional tenant/seller id for multi-tenant marketplace setups. */
+    tenantId?: string;
+    /**
+     * SHA-256 hex of the meaningful input fields (deterministic). Useful as
+     * a join key with the IdempotencyCache. Does NOT contain raw PII.
+     */
+    inputHash: string;
+    /**
+     * Optional raw input — only populated when `redact: false` was configured.
+     * Defaults to undefined to comply with data-minimization principles.
+     */
+    inputRaw?: Record<string, unknown>;
+    /** Outcome: success or error code. */
+    outcome: "ok" | "error";
+    /** Error code when `outcome === "error"`. */
+    errorCode?: string;
+    /** Error message when `outcome === "error"`. */
+    errorMessage?: string;
+    /**
+     * MP resource id created/updated by the operation (e.g., payment id).
+     * Allows joining audit entries to the actual MP resource.
+     */
+    resourceId?: string;
+    /** Idempotency key passed to MP (for join with MP-side dedup logs). */
+    idempotencyKey?: string;
+    /** Duration in ms. */
+    durationMs?: number;
+    /** Free-form metadata bag. */
+    metadata?: Record<string, unknown>;
+}
+interface AuditLogAdapter {
+    append(entry: AuditEntry): Promise<void>;
+    /** Query a time range. Optional — implementations that don't support it can omit. */
+    query?(filter: {
+        actor?: string;
+        operation?: AuditOperation;
+        tenantId?: string;
+        from?: string;
+        to?: string;
+        limit?: number;
+    }): Promise<AuditEntry[]>;
+}
+/**
+ * Volatile, single-process audit log. Tests + dev only. Production deployments
+ * must use a durable adapter (`VercelKVAuditLog`, your Postgres/S3 impl, etc.)
+ */
+declare class InMemoryAuditLog implements AuditLogAdapter {
+    private readonly entries;
+    append(entry: AuditEntry): Promise<void>;
+    query(filter: {
+        actor?: string;
+        operation?: AuditOperation;
+        tenantId?: string;
+        from?: string;
+        to?: string;
+        limit?: number;
+    }): Promise<AuditEntry[]>;
+    /** All entries (test helper, not part of the adapter interface). */
+    all(): AuditEntry[];
+    reset(): void;
+}
+/**
+ * Audit logger — the user-facing facade that builds + ships entries.
+ *
+ * @example
+ * ```ts
+ * const audit = new AuditLogger({
+ *   adapter: new InMemoryAuditLog(),
+ *   defaultActor: "agent:billing-bot",
+ *   redact: true, // default — hashes input, no raw PII
+ * });
+ *
+ * const tools = mercadoPagoTools(client, {
+ *   state, backUrl, audit,
+ * });
+ * ```
+ */
+declare class AuditLogger {
+    private readonly adapter;
+    private readonly defaultActor;
+    private readonly redact;
+    private readonly hash;
+    constructor(options: {
+        adapter: AuditLogAdapter;
+        defaultActor?: string;
+        redact?: boolean;
+        /** Override hash (testing). */
+        hashFn?: typeof sha256Hex;
+    });
+    /**
+     * Wrap a tool execute() function with auto-audit. The returned function:
+     * 1. Computes inputHash before the call.
+     * 2. Invokes the original execute().
+     * 3. On success, appends an entry with outcome="ok" + resourceId.
+     * 4. On failure, appends an entry with outcome="error" + errorCode/Message.
+     * 5. Re-throws the error transparently.
+     */
+    record<I, O>(args: {
+        operation: AuditOperation;
+        input: I;
+        actor?: string;
+        tenantId?: string;
+        idempotencyKey?: string;
+        /**
+         * Function that extracts the resourceId from the result. Default: tries
+         * `result.id`, `result.payment_id`, `result.subscription_id`, `result.order_id`.
+         */
+        extractResourceId?: (result: O) => string | undefined;
+        /** The actual operation to execute. */
+        fn: () => Promise<O>;
+    }): Promise<O>;
+}
+
+export { AuditLogger as A, type IdempotencyCache as I, type OAuthTokenRecord as O, type SubscriptionStateAdapter as S, type AuditOperation as a, type AuditEntry as b, type AuditLogAdapter as c, InMemoryAuditLog as d, InMemoryIdempotencyCache as e, InMemoryOAuthTokenStore as f, InMemoryStateAdapter as g, type OAuthTokenStore as h, type SubscriptionStateRecord as i };