@centralping/ergo 0.1.0-beta.1 → 0.1.0-beta.3

package/lib/cookie/cookie.js

@@ -9,11 +9,10 @@
  * immediately by defaulting `maxAge` to 0.
  *
  * @module lib/cookie/cookie
- * @version 0.1.0
  * @since 0.1.0
  *
  * @example
- * import bake from 'ergo/lib/cookie/cookie';
+ * import bake from '@centralping/ergo/lib/cookie/cookie';
  *
  * const c = bake('session', 'abc123', {maxAge: 3600, sameSite: 'Lax'});
  * c.toHeader(); // 'session=abc123; Path=/; Max-Age=3600; SameSite=Lax; Secure; HttpOnly'

package/lib/cookie/index.js

@@ -5,7 +5,6 @@
  * and `jar` for creating a cookie jar instance that manages cookie state for a request.
  *
  * @module lib/cookie
- * @version 0.1.0
  * @since 0.1.0
  * @requires ./parse.js
  * @requires ./jar.js

package/lib/cookie/jar.js

@@ -4,7 +4,7 @@
  * Creates a cookie jar with dual-storage semantics for per-request cookie management.
  *
  * **Incoming cookies** (from the `Cookie` header) are parsed as raw `name: value` strings
- * and stored as own properties via `Object.assign()`. Per RFC 6265 §5.4, the browser sends
+ * and stored as own properties. Per RFC 6265 §5.4, the browser sends
  * only `name=value` pairs — no directives. Access them directly: `jar.session`.
  *
  * **Outgoing cookies** (created via `set()`) are full cookie objects with directives,
@@ -19,14 +19,13 @@
  * - `toHeader()` — serializes outgoing cookies to `Set-Cookie` header strings
  *
  * @module lib/cookie/jar
- * @version 0.1.0
  * @since 0.1.0
  * @requires ./cookie.js
  * @requires ../../utils/iterables/index.js
  *
  * @example
- * import jar from 'ergo/lib/cookie/jar';
- * import parse from 'ergo/lib/cookie/parse';
+ * import jar from '@centralping/ergo/lib/cookie/jar';
+ * import parse from '@centralping/ergo/lib/cookie/parse';
  *
  * const cookies = jar(parse('session=abc123; lang=en'));
  * cookies.session;     // => 'abc123' (incoming, own property)
@@ -91,16 +90,21 @@ const clay = Object.create(
 /**
  * Creates a cookie jar pre-populated from a parsed cookie object.
  *
+ * Incoming cookie names that collide with jar prototype methods or own properties
+ * (`set`, `get`, `clear`, `toHeader`, `isJar`, `size`, `jar`) are silently dropped
+ * to prevent `TypeError` from strict-mode assignment to non-writable properties.
+ *
  * @param {object} [cookies={}] - Initial cookie values (from `parse()`)
  * @returns {object} - Cookie jar with `get`, `set`, `clear`, `toHeader`, `size` members
  */
 function jar(cookies = {}) {
-  return Object.assign(
-    Object.create(clay, {
-      jar: {
-        value: new Map()
-      }
-    }),
-    cookies
-  );
+  const instance = Object.create(clay, {jar: {value: new Map()}});
+
+  for (const key of Object.keys(cookies)) {
+    if (!(key in instance)) {
+      instance[key] = cookies[key];
+    }
+  }
+
+  return instance;
 }

package/lib/cookie/parse.js

@@ -10,7 +10,6 @@
  * to protect against header-stuffing attacks.
  *
  * @module lib/cookie/parse
- * @version 0.1.0
  * @since 0.1.0
  * @requires ../../utils/iterables/index.js
  *
@@ -18,7 +17,7 @@
  * @see {@link https://www.rfc-editor.org/rfc/rfc2109 RFC 2109 - HTTP State Management Mechanism (obsoleted)}
  *
  * @example
- * import parse from 'ergo/lib/cookie/parse';
+ * import parse from '@centralping/ergo/lib/cookie/parse';
  *
  * parse('session=abc123; user=alice');
  * // => {session: 'abc123', user: 'alice'}

package/lib/cors.js

@@ -15,13 +15,12 @@
  * @see {@link https://www.w3.org/TR/2014/REC-cors-20140116/}
  *
  * @module lib/cors
- * @version 0.1.0
  * @since 0.1.0
  * @requires ../utils/type.js
  * @requires ../utils/flat-array.js
  *
  * @example
- * import cors from 'ergo/lib/cors';
+ * import cors from '@centralping/ergo/lib/cors';
  *
  * const corsValidator = cors({
  *   origins: ['https://app.example.com'],

package/lib/csrf.js

@@ -9,13 +9,12 @@
  * can be reissued without changing the UUID.
  *
  * @module lib/csrf
- * @version 0.1.0
  * @since 0.1.0
  * @requires node:crypto
  * @requires ../utils/type.js
  *
  * @example
- * import {issue, verify} from 'ergo/lib/csrf';
+ * import {issue, verify} from '@centralping/ergo/lib/csrf';
  *
  * const {token, uuid} = issue('my-secret');
  * // token => 'base64-encoded-hmac'

package/lib/from-connect.js

@@ -23,12 +23,11 @@
  *   no-mutation convention but is accepted at the interop boundary.
  *
  * @module lib/from-connect
- * @version 0.1.0
  * @since 0.1.0
  *
  * @example
- * import {compose, handler} from 'ergo';
- * import fromConnect from 'ergo/lib/from-connect';
+ * import {compose, handler} from '@centralping/ergo';
+ * import fromConnect from '@centralping/ergo/lib/from-connect';
  * import helmet from 'helmet';
  *
  * const pipeline = compose(

package/lib/idempotency.js

@@ -0,0 +1,139 @@
+/**
+ * @fileoverview Idempotency-Key shared primitives.
+ *
+ * Provides the core building blocks for idempotent request handling per
+ * draft-ietf-httpapi-idempotency-key-header-07. The `IdempotencyStore`
+ * manages key lifecycle (storage, expiry, replay). `parseIdempotencyKey`
+ * extracts the key value from the RFC 8941 structured field header.
+ * `generateFingerprint` creates a SHA-256 hash of the request body for
+ * detecting key reuse with different payloads.
+ *
+ * Used by:
+ * - `http/idempotency.js` (ergo pipeline middleware)
+ *
+ * @module lib/idempotency
+ * @since 0.1.0-beta.2
+ *
+ * @example
+ * import {IdempotencyStore, parseIdempotencyKey, generateFingerprint}
+ *   from '@centralping/ergo/lib/idempotency';
+ *
+ * const store = new IdempotencyStore();
+ * const key = parseIdempotencyKey(req.headers['idempotency-key']);
+ * const fingerprint = generateFingerprint(body);
+ *
+ * @see {@link https://datatracker.ietf.org/doc/draft-ietf-httpapi-idempotency-key-header/ Idempotency-Key Header (IETF Draft)}
+ * @see {@link https://www.rfc-editor.org/rfc/rfc8941 RFC 8941 - Structured Field Values}
+ */
+import {createHash} from 'node:crypto';
+
+const SF_STRING_RE = /^"([^"\\]*(?:\\.[^"\\]*)*)"$/;
+const DEFAULT_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours
+
+/**
+ * In-memory idempotency key store with TTL-based expiry.
+ *
+ * Entries transition through states: `processing` -> `complete`.
+ * Expired entries are pruned lazily on `get()` calls.
+ */
+export class IdempotencyStore {
+  constructor({maxKeys = 10_000, ttlMs = DEFAULT_TTL_MS} = {}) {
+    this._entries = new Map();
+    this._maxKeys = maxKeys;
+    this._ttlMs = ttlMs;
+  }
+
+  /**
+   * Retrieve a stored entry by key. Returns `undefined` if not found or expired.
+   * @param {string} key - Idempotency key
+   * @returns {{fingerprint: string, response: object, status: string, expiresAt: number} | undefined}
+   */
+  get(key) {
+    const entry = this._entries.get(key);
+    if (!entry) return undefined;
+
+    if (Date.now() > entry.expiresAt) {
+      this._entries.delete(key);
+      return undefined;
+    }
+
+    return entry;
+  }
+
+  /**
+   * Store a new idempotency entry in `processing` state.
+   * @param {string} key - Idempotency key
+   * @param {string} fingerprint - Request body fingerprint
+   */
+  set(key, fingerprint) {
+    if (this._entries.size >= this._maxKeys) {
+      const oldest = this._entries.keys().next().value;
+      this._entries.delete(oldest);
+    }
+
+    const entry = Object.create(null);
+    entry.fingerprint = fingerprint;
+    entry.response = undefined;
+    entry.status = 'processing';
+    entry.expiresAt = Date.now() + this._ttlMs;
+    this._entries.set(key, entry);
+  }
+
+  /**
+   * Mark an entry as complete with the response to replay.
+   * @param {string} key - Idempotency key
+   * @param {object} response - Response accumulator snapshot to replay
+   */
+  complete(key, response) {
+    const entry = this._entries.get(key);
+    if (entry) {
+      entry.status = 'complete';
+      entry.response = response;
+    }
+  }
+
+  /**
+   * Remove an entry (e.g. on request failure where replay is not desired).
+   * @param {string} key - Idempotency key
+   */
+  delete(key) {
+    this._entries.delete(key);
+  }
+}
+
+/**
+ * Parse an `Idempotency-Key` header value as an RFC 8941 sf-string.
+ *
+ * The draft specifies the header is an Item Structured Header whose value
+ * is a String. This means the wire format is `"value"` (double-quoted).
+ * Returns `undefined` for missing, empty, or malformed values.
+ *
+ * @param {string | undefined} header - Raw header value
+ * @returns {string | undefined} - Parsed key value, or undefined
+ */
+export function parseIdempotencyKey(header) {
+  if (!header) return undefined;
+
+  const trimmed = header.trim();
+  const match = SF_STRING_RE.exec(trimmed);
+  if (!match) return undefined;
+
+  const inner = match[1];
+  if (inner.replace(/\\["\\]/g, '').includes('\\')) return undefined;
+  return inner.replace(/\\(["\\])/g, '$1');
+}
+
+/**
+ * Generate a SHA-256 fingerprint of the request body.
+ *
+ * Used to detect key reuse with different payloads (which should return 409).
+ * Accepts strings or Buffers. Returns the hex digest.
+ *
+ * @param {string | Buffer} body - Serialized request body
+ * @returns {string} - Hex-encoded SHA-256 hash
+ */
+export function generateFingerprint(body) {
+  return createHash('sha256')
+    .update(body ?? '')
+    .digest('hex');
+}

package/lib/json-api-query/index.js

@@ -7,7 +7,6 @@
  * Original: `@centralping/json-api-query`. Vendored and upgraded to AJV 8 / JSON Schema 2020-12.
  *
  * @module lib/json-api-query
- * @version 0.1.0
  * @since 0.1.0
  * @requires ./schema.json
  * @requires ./validate.js

package/lib/json-api-query/validate.js

@@ -9,13 +9,12 @@
  * to handle single-value query parameters that may be strings instead of arrays.
  *
  * @module lib/json-api-query/validate
- * @version 0.1.0
  * @since 0.1.0
  * @requires ajv/dist/2020.js
  * @requires ./schema.json
  *
  * @example
- * import validate from 'ergo/lib/json-api-query/validate';
+ * import validate from '@centralping/ergo/lib/json-api-query/validate';
  *
  * const validator = validate();
  * const valid = validator({include: ['author'], fields: {articles: ['title']}});

package/lib/link.js

@@ -2,22 +2,23 @@
  * @fileoverview RFC 8288 Web Linking utilities.
  *
  * Provides functions for formatting `Link` response headers per RFC 8288.
- * `formatLinkHeader` is the low-level formatter; `paginationLinks` is a
- * convenience helper that generates `first`, `prev`, `next`, `last` link
- * objects from pagination parameters.
+ * `formatLinkHeader` is the low-level formatter; `paginationLinks` and
+ * `cursorPaginationLinks` are convenience helpers that generate link objects
+ * for offset-based and cursor-based pagination respectively.
  *
  * These are pure utility functions (not middleware). Consumers wire the
  * formatted header value into the accumulator's `headers` array for `send()`.
  *
  * @module lib/link
- * @version 0.1.0
  * @since 0.1.0
  *
  * @see {@link https://www.rfc-editor.org/rfc/rfc8288 RFC 8288 - Web Linking}
  *
  * @example
- * import {formatLinkHeader, paginationLinks} from 'ergo/lib/link';
+ * import {formatLinkHeader, paginationLinks, cursorPaginationLinks}
+ *   from '@centralping/ergo/lib/link';
  *
+ * // Offset-based pagination
  * const links = paginationLinks({
  *   baseUrl: '/articles',
  *   searchParams: 'sort=date',
@@ -27,6 +28,15 @@
  * });
  * const header = formatLinkHeader(links);
  * // '</articles?sort=date&page=1&per_page=25>; rel="first", ...'
+ *
+ * // Cursor-based pagination
+ * const cursorLinks = cursorPaginationLinks({
+ *   baseUrl: '/articles',
+ *   searchParams: 'sort=date',
+ *   nextCursor: 'eyJpZCI6NDJ9.abc123'
+ * });
+ * const cursorHeader = formatLinkHeader(cursorLinks);
+ * // '</articles?sort=date>; rel="first", </articles?sort=date&cursor=eyJpZCI6NDJ9.abc123>; rel="next"'
  */
 import sanitizeQuotedString from './sanitize-quoted-string.js';
 
@@ -94,3 +104,45 @@ export function paginationLinks({baseUrl, page, perPage, total, searchParams = '
 
   return links;
 }
+
+/**
+ * Generates cursor-based pagination link objects for first, prev, and next pages.
+ *
+ * Unlike offset pagination, cursor-based pagination uses opaque continuation
+ * tokens instead of page numbers. There is no `last` link because the total
+ * number of pages is unknown in cursor-based schemes.
+ *
+ * The `first` link is always present and points to the base URL without any
+ * cursor parameter (requesting the first page). `prev` and `next` are
+ * included only when the corresponding cursor token is provided.
+ *
+ * @param {object} options - Cursor pagination parameters
+ * @param {string} options.baseUrl - Base URL path (e.g. '/articles')
+ * @param {string} [options.searchParams=''] - Additional query parameters to preserve
+ *   (e.g. 'sort=date&filter=active'). Appended before the cursor parameter.
+ * @param {string} [options.nextCursor] - Opaque cursor token for the next page
+ * @param {string} [options.prevCursor] - Opaque cursor token for the previous page
+ * @returns {Array<{href: string, rel: string}>} - Array of link objects
+ */
+export function cursorPaginationLinks({baseUrl, searchParams = '', nextCursor, prevCursor}) {
+  const base = searchParams ? `${baseUrl}?${searchParams}` : baseUrl;
+  const sep = searchParams ? '&' : '?';
+
+  const links = [{href: base, rel: 'first'}];
+
+  if (prevCursor !== undefined) {
+    links.push({
+      href: `${base}${sep}cursor=${encodeURIComponent(prevCursor)}`,
+      rel: 'prev'
+    });
+  }
+
+  if (nextCursor !== undefined) {
+    links.push({
+      href: `${base}${sep}cursor=${encodeURIComponent(nextCursor)}`,
+      rel: 'next'
+    });
+  }
+
+  return links;
+}

package/lib/prefer.js

@@ -13,11 +13,10 @@
  * - `http/prefer.js` (ergo pipeline middleware)
  *
  * @module lib/prefer
- * @version 0.1.0
  * @since 0.1.0
  *
  * @example
- * import parsePrefer from 'ergo/lib/prefer';
+ * import parsePrefer from '@centralping/ergo/lib/prefer';
  *
  * parsePrefer('return=minimal');
  * // {return: 'minimal'}

package/lib/query.js

@@ -11,12 +11,11 @@
  * JSON:API query parameter parsing.
  *
  * @module lib/query
- * @version 0.1.0
  * @since 0.1.0
  * @requires ../utils/set.js
  *
  * @example
- * import parse from 'ergo/lib/query';
+ * import parse from '@centralping/ergo/lib/query';
  *
  * parse('include=author&fields%5Barticles%5D=title%2Cbody');
  * // => {include: 'author', fields: {articles: ['title', 'body']}}

package/lib/rate-limit.js

@@ -12,11 +12,10 @@
  * - `ergo-router/lib/transport/rate-limit.js` (transport-level rate limiting)
  *
  * @module lib/rate-limit
- * @version 0.1.0
  * @since 0.1.0
  *
  * @example
- * import {MemoryStore, checkRateLimit, defaultKeyGenerator} from 'ergo/lib/rate-limit';
+ * import {MemoryStore, checkRateLimit, defaultKeyGenerator} from '@centralping/ergo/lib/rate-limit';
  *
  * const store = new MemoryStore();
  * const key = defaultKeyGenerator(req);

package/lib/sanitize-quoted-string.js

@@ -7,7 +7,6 @@
  * `WWW-Authenticate`, `Link`, and `Set-Cookie`.
  *
  * @module lib/sanitize-quoted-string
- * @version 0.1.0
  * @since 0.1.0
  */
 

package/lib/security-headers.js

@@ -11,11 +11,10 @@
  * `{maxAge, includeSubDomains, preload}` for programmatic construction.
  *
  * @module lib/security-headers
- * @version 0.1.0
  * @since 0.1.0
  *
  * @example
- * import buildSecurityHeaderTuples from 'ergo/lib/security-headers';
+ * import buildSecurityHeaderTuples from '@centralping/ergo/lib/security-headers';
  *
  * const tuples = buildSecurityHeaderTuples({
  *   xFrameOptions: 'SAMEORIGIN',

package/lib/validate.js

@@ -8,13 +8,12 @@
  * Used by `http/validate.js` as the pure-logic backing implementation.
  *
  * @module lib/validate
- * @version 0.1.0
  * @since 0.1.0
  * @requires ajv
  * @requires ../utils/http-errors.js
  *
  * @example
- * import createValidator from 'ergo/lib/validate';
+ * import createValidator from '@centralping/ergo/lib/validate';
  *
  * const validate = createValidator({
  *   type: 'object',

package/lib/vary.js

@@ -5,7 +5,6 @@
  * Uses Set-based deduplication with case-insensitive comparison.
  *
  * @module lib/vary
- * @version 0.1.0
  * @since 0.1.0
  */
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@centralping/ergo",
-  "version": "0.1.0-beta.1",
+  "version": "0.1.0-beta.3",
   "description": "A Fast Fail REST API toolkit for Node.js -- composable middleware with structured Negotiation, Authorization, Validation, and Execution stages.",
   "main": "http/index.js",
   "type": "module",
@@ -109,7 +109,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "homepage": "https://github.com/CentralPing/ergo",
+  "homepage": "https://centralping.github.io/packages/ergo/",
   "funding": {
     "type": "github",
     "url": "https://github.com/sponsors/jasoncust"

package/types/http/idempotency.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Create an idempotency middleware.
+ *
+ * @param {object} [options]
+ * @param {object} [options.store] - Pluggable store (must implement get/set/complete/delete).
+ *   Defaults to an in-memory store with 24h TTL.
+ * @param {number} [options.ttlMs=86400000] - TTL for stored entries in milliseconds (default: 24h).
+ *   Only used when creating the default in-memory store.
+ * @param {boolean} [options.required=false] - When true, returns 400 if the header is missing
+ *   on applicable methods
+ * @param {Set<string>|string[]} [options.methods] - HTTP methods to apply idempotency to
+ *   (default: POST, PATCH)
+ * @returns {function} - Middleware `(req, res, domainAcc) => {value?, response?}`
+ */
+export default function idempotency({ store, ttlMs, required, methods }?: {
+    store?: object | undefined;
+    ttlMs?: number | undefined;
+    required?: boolean | undefined;
+    methods?: string[] | Set<string> | undefined;
+}): Function;

package/types/http/main.d.ts

@@ -75,6 +75,7 @@ declare const _default: {
     }) => object;
     fromConnect: typeof fromConnect;
     httpErrors: typeof httpErrors;
+    idempotency: typeof idempotency;
     jsonApiQuery: (...options: any[]) => Function;
     logger: ({ log, error: logError, uuid, headerRequestIdName, headerRequestIpName, redactHeaders }?: {
         log?: Function | undefined;
@@ -129,6 +130,7 @@ import cors from './cors.js';
 import csrf from './csrf.js';
 import fromConnect from '../lib/from-connect.js';
 import httpErrors from '../utils/http-errors.js';
+import idempotency from './idempotency.js';
 import jsonApiQuery from './json-api-query.js';
 import logger from './logger.js';
 import prefer from './prefer.js';
@@ -139,4 +141,4 @@ import url from './url.js';
 import send from './send.js';
 import timeout from './timeout.js';
 import validate from './validate.js';
-export { compose, createResponseAcc, mergeResponse, handler, accepts, authorization, body, cacheControl, compress, cookie, cors, csrf, fromConnect, httpErrors, jsonApiQuery, logger, prefer, precondition, rateLimit, securityHeaders, url, send, timeout, validate };
+export { compose, createResponseAcc, mergeResponse, handler, accepts, authorization, body, cacheControl, compress, cookie, cors, csrf, fromConnect, httpErrors, idempotency, jsonApiQuery, logger, prefer, precondition, rateLimit, securityHeaders, url, send, timeout, validate };

package/types/http/precondition.d.ts

@@ -10,11 +10,10 @@
  * inspection that short-circuits before authorization, body parsing, or execution.
  *
  * @module http/precondition
- * @version 0.1.0
  * @since 0.1.0
  *
  * @example
- * import {compose, precondition} from 'ergo';
+ * import {compose, precondition} from '@centralping/ergo';
  *
  * // Enforce on all requests (method scoping handled by pipeline builder)
  * const pipeline = compose(

package/types/lib/attach-instance.d.ts

@@ -5,7 +5,6 @@
  * `x-request-id` header, formatted as a `urn:uuid:` URI.
  *
  * @module lib/attach-instance
- * @version 0.1.0
  * @since 0.1.0
  */
 /**

package/types/lib/cookie/jar.d.ts

@@ -2,6 +2,10 @@ export default jar;
 /**
  * Creates a cookie jar pre-populated from a parsed cookie object.
  *
+ * Incoming cookie names that collide with jar prototype methods or own properties
+ * (`set`, `get`, `clear`, `toHeader`, `isJar`, `size`, `jar`) are silently dropped
+ * to prevent `TypeError` from strict-mode assignment to non-writable properties.
+ *
  * @param {object} [cookies={}] - Initial cookie values (from `parse()`)
  * @returns {object} - Cookie jar with `get`, `set`, `clear`, `toHeader`, `size` members
  */

package/types/lib/from-connect.d.ts

@@ -23,12 +23,11 @@
  *   no-mutation convention but is accepted at the interop boundary.
  *
  * @module lib/from-connect
- * @version 0.1.0
  * @since 0.1.0
  *
  * @example
- * import {compose, handler} from 'ergo';
- * import fromConnect from 'ergo/lib/from-connect';
+ * import {compose, handler} from '@centralping/ergo';
+ * import fromConnect from '@centralping/ergo/lib/from-connect';
  * import helmet from 'helmet';
  *
  * const pipeline = compose(

package/types/lib/idempotency.d.ts

@@ -0,0 +1,64 @@
+/**
+ * Parse an `Idempotency-Key` header value as an RFC 8941 sf-string.
+ *
+ * The draft specifies the header is an Item Structured Header whose value
+ * is a String. This means the wire format is `"value"` (double-quoted).
+ * Returns `undefined` for missing, empty, or malformed values.
+ *
+ * @param {string | undefined} header - Raw header value
+ * @returns {string | undefined} - Parsed key value, or undefined
+ */
+export function parseIdempotencyKey(header: string | undefined): string | undefined;
+/**
+ * Generate a SHA-256 fingerprint of the request body.
+ *
+ * Used to detect key reuse with different payloads (which should return 409).
+ * Accepts strings or Buffers. Returns the hex digest.
+ *
+ * @param {string | Buffer} body - Serialized request body
+ * @returns {string} - Hex-encoded SHA-256 hash
+ */
+export function generateFingerprint(body: string | Buffer): string;
+/**
+ * In-memory idempotency key store with TTL-based expiry.
+ *
+ * Entries transition through states: `processing` -> `complete`.
+ * Expired entries are pruned lazily on `get()` calls.
+ */
+export class IdempotencyStore {
+    constructor({ maxKeys, ttlMs }?: {
+        maxKeys?: number | undefined;
+        ttlMs?: number | undefined;
+    });
+    _entries: Map<any, any>;
+    _maxKeys: number;
+    _ttlMs: number;
+    /**
+     * Retrieve a stored entry by key. Returns `undefined` if not found or expired.
+     * @param {string} key - Idempotency key
+     * @returns {{fingerprint: string, response: object, status: string, expiresAt: number} | undefined}
+     */
+    get(key: string): {
+        fingerprint: string;
+        response: object;
+        status: string;
+        expiresAt: number;
+    } | undefined;
+    /**
+     * Store a new idempotency entry in `processing` state.
+     * @param {string} key - Idempotency key
+     * @param {string} fingerprint - Request body fingerprint
+     */
+    set(key: string, fingerprint: string): void;
+    /**
+     * Mark an entry as complete with the response to replay.
+     * @param {string} key - Idempotency key
+     * @param {object} response - Response accumulator snapshot to replay
+     */
+    complete(key: string, response: object): void;
+    /**
+     * Remove an entry (e.g. on request failure where replay is not desired).
+     * @param {string} key - Idempotency key
+     */
+    delete(key: string): void;
+}