@calmlens/js-sdk 0.0.0

package/cjs/Classification.js

@@ -0,0 +1,117 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CLASSIFICATION_REPORT_SCHEMA = exports.CLASSIFICATION_LABEL_SCHEMA = exports.CATEGORIES_SCHEMA = exports.CLASSIFICATION_CATEGORY_REPORT_SCHEMA = exports.LIKELIHOOD_SCHEMA = exports.getCategoryInfo = exports.CLASSIFICATION_CATEGORY_INFO = exports.CLASSIFICATION_CATEGORY_INFO_SCHEMA = exports.CLASSIFICATION_CATEGORY_SCHEMA = exports.CLASSIFICATION_CATEGORIES = void 0;
+var zod = require("zod/v4");
+var SchemaUtils_1 = require("./SchemaUtils");
+// OpenAI Content Moderation Categories (Merged subcategories)
+exports.CLASSIFICATION_CATEGORIES = [
+    "sexual",
+    "violence",
+    "gore",
+    "self-harm",
+    "harassment",
+    "hate",
+    "illicit",
+    "child-exploitation",
+];
+exports.CLASSIFICATION_CATEGORY_SCHEMA = zod.enum(exports.CLASSIFICATION_CATEGORIES);
+// Type to define category information including whether it's text-only
+exports.CLASSIFICATION_CATEGORY_INFO_SCHEMA = zod.object({
+    category: exports.CLASSIFICATION_CATEGORY_SCHEMA,
+    displayName: (0, SchemaUtils_1.saneStringField)(),
+    description: (0, SchemaUtils_1.saneStringField)(),
+    textOnly: zod.boolean(),
+    supportsImages: zod.boolean(),
+});
+// Category information mapping
+exports.CLASSIFICATION_CATEGORY_INFO = {
+    sexual: {
+        category: "sexual",
+        displayName: "Sexual Content",
+        description: "Content meant to arouse sexual excitement, such as the description of sexual activity, or that promotes sexual services.",
+        textOnly: false,
+        supportsImages: true,
+    },
+    violence: {
+        category: "violence",
+        displayName: "Violence",
+        description: "Content that depicts death, violence, or physical injury.",
+        textOnly: false,
+        supportsImages: true,
+    },
+    gore: {
+        category: "gore",
+        displayName: "Gore",
+        description: "Content that depicts death, violence, or physical injury in graphic, explicit detail.",
+        textOnly: false,
+        supportsImages: true,
+    },
+    "self-harm": {
+        category: "self-harm",
+        displayName: "Self-Harm",
+        description: "Content that promotes, encourages, or depicts acts of self-harm, including intent and instructions for self-harm activities.",
+        textOnly: false,
+        supportsImages: true,
+    },
+    harassment: {
+        category: "harassment",
+        displayName: "Harassment",
+        description: "Content that expresses, incites, or promotes harassing language towards any target, including threatening harassment.",
+        textOnly: true,
+        supportsImages: false,
+    },
+    hate: {
+        category: "hate",
+        displayName: "Hate Speech",
+        description: "Content that expresses, incites, or promotes hate based on race, gender, ethnicity, religion, nationality, sexual orientation, disability status, or caste, including threatening hate speech.",
+        textOnly: true,
+        supportsImages: false,
+    },
+    illicit: {
+        category: "illicit",
+        displayName: "Illicit Content",
+        description: "Content that gives advice or instruction on how to commit illicit acts, including violent illegal activities.",
+        textOnly: true,
+        supportsImages: false,
+    },
+    "child-exploitation": {
+        category: "child-exploitation",
+        displayName: "Child Exploitation",
+        description: "Content that sexualizes, grooms, abuses, or otherwise exploits children under 18 years old.",
+        textOnly: true,
+        supportsImages: false,
+    },
+};
+// Helper function to get category info
+var getCategoryInfo = function (category) {
+    return exports.CLASSIFICATION_CATEGORY_INFO[category];
+};
+exports.getCategoryInfo = getCategoryInfo;
+exports.LIKELIHOOD_SCHEMA = zod.enum([
+    "VERY_UNLIKELY",
+    "UNLIKELY",
+    "POSSIBLE",
+    "LIKELY",
+    "VERY_LIKELY",
+]);
+exports.CLASSIFICATION_CATEGORY_REPORT_SCHEMA = zod.object({
+    category: exports.CLASSIFICATION_CATEGORY_SCHEMA,
+    likelihood: exports.LIKELIHOOD_SCHEMA,
+    score: zod.number(),
+});
+exports.CATEGORIES_SCHEMA = zod.partialRecord(exports.CLASSIFICATION_CATEGORY_SCHEMA, exports.CLASSIFICATION_CATEGORY_REPORT_SCHEMA);
+exports.CLASSIFICATION_LABEL_SCHEMA = zod.object({
+    description: (0, SchemaUtils_1.saneStringField)(),
+    score: zod.number(),
+    topicalityScore: zod.number().nullish(),
+    likelihood: exports.LIKELIHOOD_SCHEMA,
+    knowledgeBaseId: (0, SchemaUtils_1.saneStringField)().nullish(),
+});
+exports.CLASSIFICATION_REPORT_SCHEMA = zod.object({
+    processedAt: zod.number(),
+    categories: exports.CATEGORIES_SCHEMA,
+    flagged: zod.boolean(),
+    score: zod.number(),
+    notes: (0, SchemaUtils_1.saneStringField)().nullish(),
+    labels: zod.array(exports.CLASSIFICATION_LABEL_SCHEMA).nullish(),
+});

package/cjs/SchemaUtils.d.ts

@@ -0,0 +1,11 @@
+import * as zod from "zod/v4";
+export declare const primaryUuidField: () => zod.ZodString;
+export declare const uuidField: () => zod.ZodString;
+export declare const createdAtField: () => zod.ZodNumber;
+export declare const updatedAtField: () => zod.ZodOptional<zod.ZodNumber>;
+export interface SaneStringOptions {
+    type?: "small" | "medium" | "large";
+    minWidth?: number;
+}
+export declare const saneStringField: (options?: SaneStringOptions) => zod.ZodPipe<zod.ZodString, zod.ZodTransform<string, string>>;
+export declare const urlField: () => zod.ZodPipe<zod.ZodString, zod.ZodTransform<string, string>>;

package/cjs/SchemaUtils.js

@@ -0,0 +1,63 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.urlField = exports.saneStringField = exports.updatedAtField = exports.createdAtField = exports.uuidField = exports.primaryUuidField = void 0;
+var zod = require("zod/v4");
+var zodbase_1 = require("zodbase");
+var ValidationUtils_1 = require("./ValidationUtils");
+var primaryUuidField = function () {
+    return zod
+        .string()
+        .uuid({
+        version: "v4",
+    })
+        .meta((0, zodbase_1.meta)([(0, zodbase_1.primaryKey)()]));
+};
+exports.primaryUuidField = primaryUuidField;
+var uuidField = function () {
+    return zod.string().uuid({
+        version: "v4",
+    });
+};
+exports.uuidField = uuidField;
+var createdAtField = function () { return zod.number().int(); };
+exports.createdAtField = createdAtField;
+var updatedAtField = function () {
+    return zod
+        .number()
+        .int()
+        .optional()
+        .meta((0, zodbase_1.meta)([(0, zodbase_1.updatedAt)()]));
+};
+exports.updatedAtField = updatedAtField;
+var SIZE_LIMITS = {
+    small: 64,
+    medium: 200,
+    large: 1500,
+};
+var saneStringField = function (options) {
+    return zod
+        .string()
+        .transform(function (value) { return value.trim(); })
+        .refine(function (value) {
+        if ((options === null || options === void 0 ? void 0 : options.minWidth) && value.length < options.minWidth) {
+            return false;
+        }
+        return true;
+    }, "Not long enough")
+        .refine(function (value) {
+        var _a;
+        var sizeLimit = SIZE_LIMITS[(_a = options === null || options === void 0 ? void 0 : options.type) !== null && _a !== void 0 ? _a : "medium"];
+        return typeof value === "string" && value.length < sizeLimit;
+    }, "Too long");
+};
+exports.saneStringField = saneStringField;
+var urlField = function () {
+    return (0, exports.saneStringField)().refine(function (value) {
+        /*if (encodeURI(value) !== value) {
+          return false;
+        }*/
+        var parsedUrl = (0, ValidationUtils_1.validateUrl)(value);
+        return Boolean(parsedUrl);
+    }, "Invalid link");
+};
+exports.urlField = urlField;

package/cjs/SharedTypes.d.ts

@@ -0,0 +1,13 @@
+import type { AssetVisibility } from "./Asset";
+export type SubmitAssetOptions = ({
+    file: string;
+    fileType: string;
+    url?: string;
+} | {
+    url: string;
+}) & {
+    name: string;
+    description?: string;
+    keepAfterProcessing?: boolean;
+    visibility?: AssetVisibility;
+};

package/cjs/SharedTypes.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/cjs/ValidationUtils.d.ts

@@ -0,0 +1 @@
+export declare const validateUrl: (url: string) => URL | undefined;

package/cjs/ValidationUtils.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validateUrl = void 0;
+var VALID_PREFIXES = ["http://", "https://", "mailto:", "tel:", "sms:"];
+var EMAIL_REGEX = /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/;
+var PHONE_REGEX = /^\+?[0-9]+$/;
+var validateUrl = function (url) {
+    if (!url) {
+        return undefined;
+    }
+    var parsedUrl = url;
+    if (!VALID_PREFIXES.some(function (prefix) { return parsedUrl.startsWith(prefix); })) {
+        if (EMAIL_REGEX.test(parsedUrl)) {
+            parsedUrl = "mailto:".concat(parsedUrl);
+        }
+        else if (PHONE_REGEX.test(parsedUrl)) {
+            parsedUrl = "tel:".concat(parsedUrl);
+        }
+        else {
+            parsedUrl = "https://".concat(parsedUrl);
+        }
+    }
+    try {
+        var url_1 = new URL(parsedUrl);
+        if (url_1.protocol.includes("http") && !url_1.host.includes(".")) {
+            return undefined;
+        }
+        return url_1;
+    }
+    catch (error) { }
+    return undefined;
+};
+exports.validateUrl = validateUrl;

package/cjs/index.d.ts

@@ -0,0 +1,3 @@
+export { default as CalmLensClient } from "./CalmLensClient";
+export type { CalmLensClientOptions } from "./CalmLensTypes";
+export { verifyWebhookSignature } from "./CalmLensUtils";

package/cjs/index.js

@@ -0,0 +1,8 @@
+"use strict";
+/// <reference types="typescript" />
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyWebhookSignature = exports.CalmLensClient = void 0;
+var CalmLensClient_1 = require("./CalmLensClient");
+Object.defineProperty(exports, "CalmLensClient", { enumerable: true, get: function () { return CalmLensClient_1.default; } });
+var CalmLensUtils_1 = require("./CalmLensUtils");
+Object.defineProperty(exports, "verifyWebhookSignature", { enumerable: true, get: function () { return CalmLensUtils_1.verifyWebhookSignature; } });

package/esm/Asset.d.ts

@@ -0,0 +1,109 @@
+import * as zod from "zod/v4";
+export declare const ASSET_STATUS_SCHEMA: zod.ZodEnum<{
+    error: "error";
+    pending: "pending";
+    approved: "approved";
+    rejected: "rejected";
+}>;
+export type AssetStatus = zod.infer<typeof ASSET_STATUS_SCHEMA>;
+export declare const ASSET_TYPE_SCHEMA: zod.ZodEnum<{
+    image: "image";
+    video: "video";
+    audio: "audio";
+    document: "document";
+    website: "website";
+}>;
+export type AssetType = zod.infer<typeof ASSET_TYPE_SCHEMA>;
+export declare const ASSET_VISIBILITY_SCHEMA: zod.ZodEnum<{
+    public: "public";
+    private: "private";
+}>;
+export type AssetVisibility = zod.infer<typeof ASSET_VISIBILITY_SCHEMA>;
+export declare const ASSET_SCHEMA: zod.ZodObject<{
+    id: zod.ZodString;
+    projectId: zod.ZodString;
+    sizeInBytes: zod.ZodOptional<zod.ZodNullable<zod.ZodNumber>>;
+    userId: zod.ZodOptional<zod.ZodNullable<zod.ZodPipe<zod.ZodString, zod.ZodTransform<string, string>>>>;
+    parentId: zod.ZodOptional<zod.ZodNullable<zod.ZodString>>;
+    createdAt: zod.ZodNumber;
+    updatedAt: zod.ZodOptional<zod.ZodNumber>;
+    name: zod.ZodPipe<zod.ZodString, zod.ZodTransform<string, string>>;
+    fileFormat: zod.ZodOptional<zod.ZodNullable<zod.ZodPipe<zod.ZodString, zod.ZodTransform<string, string>>>>;
+    fileExtension: zod.ZodOptional<zod.ZodNullable<zod.ZodPipe<zod.ZodString, zod.ZodTransform<string, string>>>>;
+    description: zod.ZodOptional<zod.ZodNullable<zod.ZodPipe<zod.ZodString, zod.ZodTransform<string, string>>>>;
+    externalId: zod.ZodOptional<zod.ZodNullable<zod.ZodPipe<zod.ZodString, zod.ZodTransform<string, string>>>>;
+    externalUrl: zod.ZodOptional<zod.ZodNullable<zod.ZodString>>;
+    previewImageId: zod.ZodOptional<zod.ZodNullable<zod.ZodPipe<zod.ZodString, zod.ZodTransform<string, string>>>>;
+    storageId: zod.ZodOptional<zod.ZodNullable<zod.ZodPipe<zod.ZodString, zod.ZodTransform<string, string>>>>;
+    averageColor: zod.ZodOptional<zod.ZodNullable<zod.ZodPipe<zod.ZodString, zod.ZodTransform<string, string>>>>;
+    type: zod.ZodEnum<{
+        image: "image";
+        video: "video";
+        audio: "audio";
+        document: "document";
+        website: "website";
+    }>;
+    previewHash: zod.ZodOptional<zod.ZodNullable<zod.ZodPipe<zod.ZodString, zod.ZodTransform<string, string>>>>;
+    metadata: zod.ZodOptional<zod.ZodNullable<zod.ZodAny>>;
+    tags: zod.ZodOptional<zod.ZodNullable<zod.ZodArray<zod.ZodPipe<zod.ZodString, zod.ZodTransform<string, string>>>>>;
+    report: zod.ZodOptional<zod.ZodNullable<zod.ZodObject<{
+        processedAt: zod.ZodNumber;
+        categories: zod.ZodRecord<zod.ZodEnum<{
+            sexual: "sexual";
+            violence: "violence";
+            gore: "gore";
+            "self-harm": "self-harm";
+            harassment: "harassment";
+            hate: "hate";
+            illicit: "illicit";
+            "child-exploitation": "child-exploitation";
+        }> & zod.z.core.$partial, zod.ZodObject<{
+            category: zod.ZodEnum<{
+                sexual: "sexual";
+                violence: "violence";
+                gore: "gore";
+                "self-harm": "self-harm";
+                harassment: "harassment";
+                hate: "hate";
+                illicit: "illicit";
+                "child-exploitation": "child-exploitation";
+            }>;
+            likelihood: zod.ZodEnum<{
+                VERY_UNLIKELY: "VERY_UNLIKELY";
+                UNLIKELY: "UNLIKELY";
+                POSSIBLE: "POSSIBLE";
+                LIKELY: "LIKELY";
+                VERY_LIKELY: "VERY_LIKELY";
+            }>;
+            score: zod.ZodNumber;
+        }, zod.z.core.$strip>>;
+        flagged: zod.ZodBoolean;
+        score: zod.ZodNumber;
+        notes: zod.ZodOptional<zod.ZodNullable<zod.ZodPipe<zod.ZodString, zod.ZodTransform<string, string>>>>;
+        labels: zod.ZodOptional<zod.ZodNullable<zod.ZodArray<zod.ZodObject<{
+            description: zod.ZodPipe<zod.ZodString, zod.ZodTransform<string, string>>;
+            score: zod.ZodNumber;
+            topicalityScore: zod.ZodOptional<zod.ZodNullable<zod.ZodNumber>>;
+            likelihood: zod.ZodEnum<{
+                VERY_UNLIKELY: "VERY_UNLIKELY";
+                UNLIKELY: "UNLIKELY";
+                POSSIBLE: "POSSIBLE";
+                LIKELY: "LIKELY";
+                VERY_LIKELY: "VERY_LIKELY";
+            }>;
+            knowledgeBaseId: zod.ZodOptional<zod.ZodNullable<zod.ZodPipe<zod.ZodString, zod.ZodTransform<string, string>>>>;
+        }, zod.z.core.$strip>>>>;
+    }, zod.z.core.$strip>>>;
+    status: zod.ZodEnum<{
+        error: "error";
+        pending: "pending";
+        approved: "approved";
+        rejected: "rejected";
+    }>;
+    keepAfterProcessing: zod.ZodOptional<zod.ZodNullable<zod.ZodBoolean>>;
+    visibility: zod.ZodOptional<zod.ZodNullable<zod.ZodEnum<{
+        public: "public";
+        private: "private";
+    }>>>;
+}, zod.z.core.$strip>;
+export type Asset = zod.infer<typeof ASSET_SCHEMA>;

package/esm/Asset.js

@@ -0,0 +1,36 @@
+import * as zod from "zod/v4";
+import { CLASSIFICATION_REPORT_SCHEMA } from "./Classification";
+import { createdAtField, primaryUuidField, saneStringField, updatedAtField, uuidField, } from "./SchemaUtils";
+export const ASSET_STATUS_SCHEMA = zod.enum(["pending", "approved", "rejected", "error"]);
+export const ASSET_TYPE_SCHEMA = zod.enum(["image", "video", "audio", "document", "website"]);
+export const ASSET_VISIBILITY_SCHEMA = zod.enum(["public", "private"]);
+export const ASSET_SCHEMA = zod.object({
+    id: primaryUuidField(),
+    projectId: uuidField(),
+    sizeInBytes: zod.number().nullish(),
+    userId: saneStringField().nullish(),
+    parentId: uuidField().nullish(),
+    createdAt: createdAtField(),
+    updatedAt: updatedAtField(),
+    name: saneStringField({
+        type: "large",
+    }),
+    fileFormat: saneStringField().nullish(),
+    fileExtension: saneStringField().nullish(),
+    description: saneStringField({
+        type: "large",
+    }).nullish(),
+    externalId: saneStringField().nullish(),
+    externalUrl: zod.string().url().nullish(),
+    previewImageId: saneStringField().nullish(),
+    storageId: saneStringField().nullish(),
+    averageColor: saneStringField().nullish(),
+    type: ASSET_TYPE_SCHEMA,
+    previewHash: saneStringField().nullish(),
+    metadata: zod.any().nullish(),
+    tags: zod.array(saneStringField()).nullish(),
+    report: CLASSIFICATION_REPORT_SCHEMA.nullish(),
+    status: ASSET_STATUS_SCHEMA,
+    keepAfterProcessing: zod.boolean().nullish(),
+    visibility: ASSET_VISIBILITY_SCHEMA.nullish(),
+});

package/esm/CalmLensClient.d.ts

@@ -0,0 +1,41 @@
+import type { Asset } from "./Asset";
+import type { SubmitAssetOptions } from "./SharedTypes";
+import type { CalmLensClientOptions } from "./CalmLensTypes";
+export default class CalmLensClient {
+    private options;
+    private readonly api;
+    private readonly endpoints;
+    /**
+     * Validates a webhook signature to ensure the webhook payload is authentic.
+     *
+     * @param payload - The webhook payload (string or object)
+     * @param signatureHex - The signature from the 'x-calmlens-signature' header
+     * @param secret - The webhook secret used to sign the payload
+     * @returns Promise<boolean> - True if the signature is valid, false otherwise
+     *
+     * @example
+     * ```javascript
+     * // In your webhook handler
+     * const signature = req.headers['x-calmlens-signature'];
+     * const payload = req.body;
+     * const isValid = await CalmLensClient.verifyWebhookSignature(payload, signature, WEBHOOK_SECRET);
+     *
+     * if (!isValid) {
+     *   return res.status(401).send('Unauthorized');
+     * }
+     * ```
+     */
+    static verifyWebhookSignature(payload: string | object, signatureHex: string, secret: string): Promise<boolean>;
+    constructor(options: CalmLensClientOptions);
+    submitAsset(options: SubmitAssetOptions): Promise<Asset>;
+    getAsset(assetId: string): Promise<Asset>;
+    listAssets(options?: {
+        pageIndex?: number;
+        pageSize?: number;
+    }): Promise<{
+        items: Asset[];
+        total: number;
+        pageIndex: number;
+        pageSize: number;
+    }>;
+}

package/esm/CalmLensClient.js

@@ -0,0 +1,142 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { Api } from "api-def";
+import { verifyWebhookSignature } from "./CalmLensUtils";
+const createApi = (options) => {
+    const api = new Api({
+        name: "Calm Lens",
+        baseUrl: options.baseUrl,
+        middleware: [
+            {
+                beforeSend: (context) => {
+                    context.updateHeaders({
+                        "X-Api-Key": options.apiKey,
+                    });
+                },
+            },
+        ],
+    });
+    return api;
+};
+// API endpoint definitions
+const createEndpoints = (api) => {
+    const postUploadAsset = api
+        .endpoint()
+        .bodyOf()
+        .paramsOf()
+        .responseOf()
+        .build({
+        id: "postUploadAsset",
+        method: "post",
+        path: "/projects/:projectId/assets",
+    });
+    const getAsset = api.endpoint().paramsOf().responseOf().build({
+        id: "getAsset",
+        method: "get",
+        path: "/projects/:projectId/assets/:assetId",
+    });
+    const getAssetsPage = api
+        .endpoint()
+        .queryOf()
+        .paramsOf()
+        .responseOf()
+        .build({
+        id: "getAssetsPage",
+        method: "get",
+        path: "/projects/:projectId/assets/page",
+    });
+    return {
+        postUploadAsset,
+        getAsset,
+        getAssetsPage,
+    };
+};
+export default class CalmLensClient {
+    /**
+     * Validates a webhook signature to ensure the webhook payload is authentic.
+     *
+     * @param payload - The webhook payload (string or object)
+     * @param signatureHex - The signature from the 'x-calmlens-signature' header
+     * @param secret - The webhook secret used to sign the payload
+     * @returns Promise<boolean> - True if the signature is valid, false otherwise
+     *
+     * @example
+     * ```javascript
+     * // In your webhook handler
+     * const signature = req.headers['x-calmlens-signature'];
+     * const payload = req.body;
+     * const isValid = await CalmLensClient.verifyWebhookSignature(payload, signature, WEBHOOK_SECRET);
+     *
+     * if (!isValid) {
+     *   return res.status(401).send('Unauthorized');
+     * }
+     * ```
+     */
+    static verifyWebhookSignature(payload, signatureHex, secret) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return verifyWebhookSignature(payload, signatureHex, secret);
+        });
+    }
+    constructor(options) {
+        var _a;
+        this.options = options;
+        if (!options.apiKey) {
+            throw new Error("API key is required");
+        }
+        if (!options.projectId) {
+            throw new Error("Project ID is required");
+        }
+        this.options.baseUrl = (_a = this.options.baseUrl) !== null && _a !== void 0 ? _a : "https://api.calmlens.com";
+        this.api = createApi(this.options);
+        this.endpoints = createEndpoints(this.api);
+    }
+    submitAsset(options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!("file" in options) && !("url" in options)) {
+                throw new Error("Either file content or URL is required");
+            }
+            if (!options.name) {
+                throw new Error("Asset name is required");
+            }
+            const result = yield this.endpoints.postUploadAsset.submit({
+                body: options,
+                params: {
+                    projectId: this.options.projectId,
+                },
+            });
+            return result.data;
+        });
+    }
+    getAsset(assetId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!assetId) {
+                throw new Error("Asset ID is required");
+            }
+            const result = yield this.endpoints.getAsset.submit({
+                params: {
+                    projectId: this.options.projectId,
+                    assetId,
+                },
+            });
+            return result.data;
+        });
+    }
+    listAssets() {
+        return __awaiter(this, arguments, void 0, function* (options = {}) {
+            const result = yield this.endpoints.getAssetsPage.submit({
+                params: {
+                    projectId: this.options.projectId,
+                },
+                query: options,
+            });
+            return result.data;
+        });
+    }
+}

package/esm/CalmLensTypes.d.ts

@@ -0,0 +1,5 @@
+export interface CalmLensClientOptions {
+    apiKey: string;
+    projectId: string;
+    baseUrl?: string;
+}

package/esm/CalmLensTypes.js

@@ -0,0 +1 @@
+export {};

package/esm/CalmLensUtils.d.ts

@@ -0,0 +1 @@
+export declare function verifyWebhookSignature(payload: string | object, signatureHex: string, secret: string): Promise<boolean>;

package/esm/CalmLensUtils.js

@@ -0,0 +1,28 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+export function verifyWebhookSignature(payload, signatureHex, secret) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const encoder = new TextEncoder();
+        const normalizePayload = typeof payload === "string" ? payload : JSON.stringify(payload);
+        const key = yield crypto.subtle.importKey("raw", encoder.encode(secret), { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
+        const sig = yield crypto.subtle.sign("HMAC", key, encoder.encode(normalizePayload));
+        const hex = Array.from(new Uint8Array(sig))
+            .map((b) => b.toString(16).padStart(2, "0"))
+            .join("");
+        // Timing-safe equality not available in Node <20 cross-platform via subtle; compare length and constant-time loop
+        if (hex.length !== signatureHex.length)
+            return false;
+        let diff = 0;
+        for (let i = 0; i < hex.length; i++) {
+            diff |= hex.charCodeAt(i) ^ signatureHex.charCodeAt(i);
+        }
+        return diff === 0;
+    });
+}