@contractspec/example.openbanking-powens 1.57.0 → 1.58.0

package/dist/node/index.js

@@ -0,0 +1,228 @@
+// src/docs/openbanking-powens.docblock.ts
+import { registerDocBlocks } from "@contractspec/lib.contracts/docs";
+var blocks = [
+  {
+    id: "docs.examples.openbanking-powens",
+    title: "Open Banking — Powens (example)",
+    summary: "Framework-neutral OAuth callback + webhook handler patterns for Powens, orchestrating canonical sync workflows.",
+    kind: "reference",
+    visibility: "public",
+    route: "/docs/examples/openbanking-powens",
+    tags: ["openbanking", "powens", "integration", "example"],
+    body: `## What this example shows
+- OAuth callback handler: exchange auth code, map powens user, enqueue sync workflow.
+- Webhook handler: verify signature, route event → workflow, optionally refresh balances.
+
+## Guardrails
+- Secrets via secret providers/env only.
+- Verify webhook signatures.
+- Keep side effects explicit: enqueue workflows instead of mutating canonical stores inline.`
+  },
+  {
+    id: "docs.examples.openbanking-powens.usage",
+    title: "Open Banking — Powens — Usage",
+    summary: "How to integrate the handlers in a fetch-compatible runtime.",
+    kind: "usage",
+    visibility: "public",
+    route: "/docs/examples/openbanking-powens/usage",
+    tags: ["openbanking", "usage"],
+    body: `## Usage
+- Wire \`powensOAuthCallbackHandler(req)\` at your OAuth redirect route.
+- Wire \`powensWebhookHandler(req)\` at your webhook route.
+
+## Notes
+- Replace the fake stores with your app-layer persistence.
+- Enqueue ContractSpec workflows for canonical upserts and telemetry.`
+  }
+];
+registerDocBlocks(blocks);
+// src/example.ts
+import { defineExample } from "@contractspec/lib.contracts";
+var example = defineExample({
+  meta: {
+    key: "openbanking-powens",
+    version: "1.0.0",
+    title: "Open Banking — Powens",
+    description: "OAuth callback + webhook handler patterns for Powens open banking integration (provider + workflow orchestration).",
+    kind: "integration",
+    visibility: "public",
+    stability: "experimental",
+    owners: ["@platform.core"],
+    tags: ["openbanking", "powens", "oauth", "webhooks", "integrations"]
+  },
+  docs: {
+    rootDocId: "docs.examples.openbanking-powens",
+    usageDocId: "docs.examples.openbanking-powens.usage"
+  },
+  entrypoints: {
+    packageName: "@contractspec/example.openbanking-powens",
+    docs: "./docs"
+  },
+  surfaces: {
+    templates: true,
+    sandbox: { enabled: true, modes: ["markdown", "specs"] },
+    studio: { enabled: true, installable: true },
+    mcp: { enabled: true }
+  }
+});
+var example_default = example;
+
+// src/handlers/oauth-callback.ts
+import { PowensOpenBankingProvider } from "@contractspec/integration.providers-impls/impls/powens-openbanking";
+async function powensOAuthCallbackHandler(req) {
+  const url = new URL(req.url);
+  const code = url.searchParams.get("code");
+  const state = url.searchParams.get("state");
+  const userUuid = url.searchParams.get("user_uuid");
+  if (!code || !state || !userUuid) {
+    return new Response("Missing Powens OAuth params", { status: 400 });
+  }
+  const connection = await getConnectionByState(state);
+  if (!connection) {
+    return new Response("Unknown Powens OAuth state", { status: 404 });
+  }
+  const secrets = await getPowensSecretsForConnection(connection.meta.id);
+  const provider = new PowensOpenBankingProvider({
+    clientId: secrets.clientId,
+    clientSecret: secrets.clientSecret,
+    apiKey: secrets.apiKey,
+    environment: connection.config.environment,
+    baseUrl: connection.config.baseUrl
+  });
+  const preview = await provider.listAccounts({
+    tenantId: connection.meta.tenantId,
+    connectionId: connection.meta.id,
+    userId: userUuid
+  });
+  await connection.storePowensUser({
+    tenantUserId: connection.meta.tenantUserId,
+    powensUserUuid: userUuid,
+    authCode: code
+  });
+  await enqueueWorkflow("pfo.workflow.sync-openbanking-accounts", {
+    tenantId: connection.meta.tenantId,
+    userUuid,
+    connectionId: connection.meta.id,
+    previewAccounts: preview.accounts
+  });
+  const redirectBase = process.env.APP_DASHBOARD_URL ?? "";
+  return Response.redirect(`${redirectBase}/banking/linked?tenant=${connection.meta.tenantId}`, 302);
+}
+async function getConnectionByState(state) {
+  const record = fakeDatabase.connections.find((conn) => conn.state === state);
+  return record ?? null;
+}
+async function getPowensSecretsForConnection(connectionId) {
+  const secret = fakeSecretStore[connectionId];
+  if (!secret)
+    throw new Error(`Missing Powens secrets for ${connectionId}`);
+  return secret;
+}
+async function enqueueWorkflow(name, input) {
+  await fakeWorkflowQueue.enqueue({ name, input });
+}
+var fakeDatabase = {
+  connections: []
+};
+var fakeSecretStore = {};
+var fakeWorkflowQueue = {
+  enqueue: async (_payload) => {}
+};
+
+// src/handlers/webhook-handler.ts
+import { createHmac, timingSafeEqual } from "crypto";
+import { PowensOpenBankingProvider as PowensOpenBankingProvider2 } from "@contractspec/integration.providers-impls/impls/powens-openbanking";
+async function powensWebhookHandler(req) {
+  const signature = req.headers.get("x-powens-signature");
+  const stateHeader = req.headers.get("x-powens-state");
+  const payload = await req.text();
+  if (!signature || !stateHeader) {
+    return new Response("Missing Powens signature headers", { status: 400 });
+  }
+  const connection = await getConnectionByState2(stateHeader);
+  if (!connection) {
+    return new Response("Unknown Powens state header", { status: 404 });
+  }
+  const secrets = await getPowensSecretsForConnection2(connection.meta.id);
+  if (!verifySignature(payload, signature, secrets.webhookSecret)) {
+    return new Response("Invalid Powens webhook signature", { status: 401 });
+  }
+  const event = JSON.parse(payload);
+  const provider = new PowensOpenBankingProvider2({
+    clientId: secrets.clientId,
+    clientSecret: secrets.clientSecret,
+    apiKey: secrets.apiKey,
+    environment: connection.config.environment,
+    baseUrl: connection.config.baseUrl
+  });
+  switch (event.type) {
+    case "connection.updated":
+    case "user.sync.completed": {
+      await enqueueWorkflow2("pfo.workflow.sync-openbanking-accounts", {
+        tenantId: connection.meta.tenantId,
+        connectionId: connection.meta.id,
+        userUuid: event.user_uuid
+      });
+      break;
+    }
+    case "transactions.created":
+    case "transactions.updated": {
+      await enqueueWorkflow2("pfo.workflow.sync-openbanking-transactions", {
+        tenantId: connection.meta.tenantId,
+        connectionId: connection.meta.id,
+        userUuid: event.user_uuid,
+        accountId: event.account_uuid
+      });
+      break;
+    }
+    default:
+      await logUnmappedEvent(event);
+  }
+  if (event.account_uuid) {
+    await provider.getBalances({
+      tenantId: connection.meta.tenantId,
+      connectionId: connection.meta.id,
+      accountId: event.account_uuid
+    });
+  }
+  return new Response("OK", { status: 200 });
+}
+function verifySignature(payload, signature, secret) {
+  const digest = createHmac("sha256", secret).update(payload).digest("hex");
+  const a = Buffer.from(digest, "hex");
+  const b = Buffer.from(signature, "hex");
+  return a.length === b.length && timingSafeEqual(a, b);
+}
+async function getConnectionByState2(state) {
+  return fakeDatabase2.connections.find((conn) => conn.state === state) ?? null;
+}
+async function getPowensSecretsForConnection2(connectionId) {
+  const secret = fakeSecretStore2[connectionId];
+  if (!secret)
+    throw new Error(`Missing Powens secrets for ${connectionId}`);
+  return secret;
+}
+async function enqueueWorkflow2(name, input) {
+  await fakeWorkflowQueue2.enqueue({ name, input });
+}
+async function logUnmappedEvent(_event) {
+  await fakeTelemetryLogger.record({
+    event: "openbanking.webhook.unmapped",
+    payload: "redacted"
+  });
+}
+var fakeDatabase2 = {
+  connections: []
+};
+var fakeSecretStore2 = {};
+var fakeWorkflowQueue2 = {
+  enqueue: async (_payload) => {}
+};
+var fakeTelemetryLogger = {
+  record: async (_payload) => {}
+};
+export {
+  powensWebhookHandler,
+  powensOAuthCallbackHandler,
+  example_default as example
+};

package/package.json

@@ -1,51 +1,87 @@
 {
   "name": "@contractspec/example.openbanking-powens",
-  "version": "1.57.0",
+  "version": "1.58.0",
   "description": "OpenBanking Powens example: OAuth callback + webhook handler patterns (provider + workflows).",
   "type": "module",
   "types": "./dist/index.d.ts",
   "exports": {
-    ".": "./dist/index.js",
-    "./docs": "./dist/docs/index.js",
-    "./docs/openbanking-powens.docblock": "./dist/docs/openbanking-powens.docblock.js",
-    "./example": "./dist/example.js",
-    "./handlers/oauth-callback": "./dist/handlers/oauth-callback.js",
-    "./handlers/webhook-handler": "./dist/handlers/webhook-handler.js",
-    "./*": "./*"
+    ".": "./src/index.ts",
+    "./docs": "./src/docs/index.ts",
+    "./docs/index": "./src/docs/index.ts",
+    "./docs/openbanking-powens.docblock": "./src/docs/openbanking-powens.docblock.ts",
+    "./example": "./src/example.ts",
+    "./handlers/oauth-callback": "./src/handlers/oauth-callback.ts",
+    "./handlers/webhook-handler": "./src/handlers/webhook-handler.ts"
   },
   "scripts": {
     "publish:pkg": "bun publish --tolerate-republish --ignore-scripts --verbose",
     "publish:pkg:canary": "bun publish:pkg --tag canary",
-    "build": "bun build:types && bun build:bundle",
-    "build:bundle": "tsdown",
-    "build:types": "tsc --noEmit",
-    "dev": "bun build:bundle --watch",
+    "build": "bun run prebuild && bun run build:bundle && bun run build:types",
+    "build:bundle": "contractspec-bun-build transpile",
+    "build:types": "contractspec-bun-build types",
+    "dev": "contractspec-bun-build dev",
     "clean": "rimraf dist .turbo",
     "lint": "bun lint:fix",
     "lint:fix": "eslint src --fix",
     "lint:check": "eslint src",
-    "test": "bun test"
+    "test": "bun test",
+    "prebuild": "contractspec-bun-build prebuild",
+    "typecheck": "tsc --noEmit"
   },
   "dependencies": {
-    "@contractspec/integration.providers-impls": "1.57.0",
-    "@contractspec/lib.contracts": "1.57.0"
+    "@contractspec/integration.providers-impls": "1.58.0",
+    "@contractspec/lib.contracts": "1.58.0"
   },
   "devDependencies": {
-    "@contractspec/tool.tsdown": "1.57.0",
-    "@contractspec/tool.typescript": "1.57.0",
-    "tsdown": "^0.20.3",
-    "typescript": "^5.9.3"
+    "@contractspec/tool.typescript": "1.58.0",
+    "typescript": "^5.9.3",
+    "@contractspec/tool.bun": "1.57.0"
   },
   "publishConfig": {
     "access": "public",
     "exports": {
-      ".": "./dist/index.js",
-      "./docs": "./dist/docs/index.js",
-      "./docs/openbanking-powens.docblock": "./dist/docs/openbanking-powens.docblock.js",
-      "./example": "./dist/example.js",
-      "./handlers/oauth-callback": "./dist/handlers/oauth-callback.js",
-      "./handlers/webhook-handler": "./dist/handlers/webhook-handler.js",
-      "./*": "./*"
+      ".": {
+        "types": "./dist/index.d.ts",
+        "bun": "./dist/index.js",
+        "node": "./dist/node/index.mjs",
+        "default": "./dist/index.js"
+      },
+      "./docs": {
+        "types": "./dist/docs/index.d.ts",
+        "bun": "./dist/docs/index.js",
+        "node": "./dist/node/docs/index.mjs",
+        "default": "./dist/docs/index.js"
+      },
+      "./docs/index": {
+        "types": "./dist/docs/index.d.ts",
+        "bun": "./dist/docs/index.js",
+        "node": "./dist/node/docs/index.mjs",
+        "default": "./dist/docs/index.js"
+      },
+      "./docs/openbanking-powens.docblock": {
+        "types": "./dist/docs/openbanking-powens.docblock.d.ts",
+        "bun": "./dist/docs/openbanking-powens.docblock.js",
+        "node": "./dist/node/docs/openbanking-powens.docblock.mjs",
+        "default": "./dist/docs/openbanking-powens.docblock.js"
+      },
+      "./example": {
+        "types": "./dist/example.d.ts",
+        "bun": "./dist/example.js",
+        "node": "./dist/node/example.mjs",
+        "default": "./dist/example.js"
+      },
+      "./handlers/oauth-callback": {
+        "types": "./dist/handlers/oauth-callback.d.ts",
+        "bun": "./dist/handlers/oauth-callback.js",
+        "node": "./dist/node/handlers/oauth-callback.mjs",
+        "default": "./dist/handlers/oauth-callback.js"
+      },
+      "./handlers/webhook-handler": {
+        "types": "./dist/handlers/webhook-handler.d.ts",
+        "bun": "./dist/handlers/webhook-handler.js",
+        "node": "./dist/node/handlers/webhook-handler.mjs",
+        "default": "./dist/handlers/webhook-handler.js"
+      }
     },
     "registry": "https://registry.npmjs.org/"
   },

package/tsdown.config.js

@@ -1,5 +1,4 @@
-import { defineConfig } from 'tsdown';
-import { moduleLibrary } from '@contractspec/tool.tsdown';
+import { defineConfig, moduleLibrary } from '@contractspec/tool.bun';
 
 export default defineConfig(() => ({
   ...moduleLibrary,

package/.turbo/turbo-build$colon$bundle.log

@@ -1,44 +0,0 @@
-$ tsdown
-ℹ tsdown v0.20.3 powered by rolldown v1.0.0-rc.3
-ℹ config file: /home/runner/work/contractspec/contractspec/packages/examples/openbanking-powens/tsdown.config.js 
-ℹ entry: src/example.ts, src/index.ts, src/docs/index.ts, src/docs/openbanking-powens.docblock.ts, src/handlers/oauth-callback.ts, src/handlers/webhook-handler.ts
-ℹ target: esnext
-ℹ tsconfig: tsconfig.json
-ℹ Build start
-ℹ Cleaning 21 files
-ℹ dist/handlers/webhook-handler.js              3.32 kB │ gzip: 1.23 kB
-ℹ dist/handlers/oauth-callback.js               2.42 kB │ gzip: 1.02 kB
-ℹ dist/docs/openbanking-powens.docblock.js      1.57 kB │ gzip: 0.76 kB
-ℹ dist/example.js                               1.03 kB │ gzip: 0.54 kB
-ℹ dist/index.js                                 0.28 kB │ gzip: 0.15 kB
-ℹ dist/docs/index.js                            0.04 kB │ gzip: 0.06 kB
-ℹ dist/handlers/webhook-handler.js.map          6.40 kB │ gzip: 2.17 kB
-ℹ dist/handlers/oauth-callback.js.map           4.79 kB │ gzip: 1.80 kB
-ℹ dist/docs/openbanking-powens.docblock.js.map  2.07 kB │ gzip: 0.94 kB
-ℹ dist/example.js.map                           1.50 kB │ gzip: 0.74 kB
-ℹ dist/handlers/webhook-handler.d.ts.map        0.17 kB │ gzip: 0.15 kB
-ℹ dist/handlers/oauth-callback.d.ts.map         0.17 kB │ gzip: 0.15 kB
-ℹ dist/example.d.ts.map                         0.13 kB │ gzip: 0.13 kB
-ℹ dist/example.d.ts                             0.25 kB │ gzip: 0.17 kB
-ℹ dist/index.d.ts                               0.25 kB │ gzip: 0.13 kB
-ℹ dist/handlers/oauth-callback.d.ts             0.22 kB │ gzip: 0.17 kB
-ℹ dist/handlers/webhook-handler.d.ts            0.21 kB │ gzip: 0.16 kB
-ℹ dist/docs/index.d.ts                          0.01 kB │ gzip: 0.03 kB
-ℹ dist/docs/openbanking-powens.docblock.d.ts    0.01 kB │ gzip: 0.03 kB
-ℹ 19 files, total: 24.84 kB
-src/handlers/webhook-handler.ts (7:44) [UNRESOLVED_IMPORT] Warning: Could not resolve 'crypto' in src/handlers/webhook-handler.ts
-   ╭─[ src/handlers/webhook-handler.ts:7:45 ]
-   │
- 7 │ import { createHmac, timingSafeEqual } from 'crypto';
-   │                                             ────┬───  
-   │                                                 ╰───── Module not found, treating it as an external dependency
-   │ 
-   │ Help: The "main" field here was ignored. Main fields must be configured explicitly when using the "neutral" platform.
-───╯
-
-[PLUGIN_TIMINGS] Warning: Your build spent significant time in plugins. Here is a breakdown:
-  - tsdown:external (62%)
-  - rolldown-plugin-dts:generate (37%)
-See https://rolldown.rs/options/checks#plugintimings for more details.
-
-✔ Build complete in 14025ms

package/dist/docs/openbanking-powens.docblock.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"openbanking-powens.docblock.js","names":[],"sources":["../../src/docs/openbanking-powens.docblock.ts"],"sourcesContent":["import type { DocBlock } from '@contractspec/lib.contracts/docs';\nimport { registerDocBlocks } from '@contractspec/lib.contracts/docs';\n\nconst blocks: DocBlock[] = [\n  {\n    id: 'docs.examples.openbanking-powens',\n    title: 'Open Banking — Powens (example)',\n    summary:\n      'Framework-neutral OAuth callback + webhook handler patterns for Powens, orchestrating canonical sync workflows.',\n    kind: 'reference',\n    visibility: 'public',\n    route: '/docs/examples/openbanking-powens',\n    tags: ['openbanking', 'powens', 'integration', 'example'],\n    body: `## What this example shows\\n- OAuth callback handler: exchange auth code, map powens user, enqueue sync workflow.\\n- Webhook handler: verify signature, route event → workflow, optionally refresh balances.\\n\\n## Guardrails\\n- Secrets via secret providers/env only.\\n- Verify webhook signatures.\\n- Keep side effects explicit: enqueue workflows instead of mutating canonical stores inline.`,\n  },\n  {\n    id: 'docs.examples.openbanking-powens.usage',\n    title: 'Open Banking — Powens — Usage',\n    summary: 'How to integrate the handlers in a fetch-compatible runtime.',\n    kind: 'usage',\n    visibility: 'public',\n    route: '/docs/examples/openbanking-powens/usage',\n    tags: ['openbanking', 'usage'],\n    body: `## Usage\\n- Wire \\`powensOAuthCallbackHandler(req)\\` at your OAuth redirect route.\\n- Wire \\`powensWebhookHandler(req)\\` at your webhook route.\\n\\n## Notes\\n- Replace the fake stores with your app-layer persistence.\\n- Enqueue ContractSpec workflows for canonical upserts and telemetry.`,\n  },\n];\n\nregisterDocBlocks(blocks);\n"],"mappings":";;;AA2BA,kBAxB2B,CACzB;CACE,IAAI;CACJ,OAAO;CACP,SACE;CACF,MAAM;CACN,YAAY;CACZ,OAAO;CACP,MAAM;EAAC;EAAe;EAAU;EAAe;EAAU;CACzD,MAAM;CACP,EACD;CACE,IAAI;CACJ,OAAO;CACP,SAAS;CACT,MAAM;CACN,YAAY;CACZ,OAAO;CACP,MAAM,CAAC,eAAe,QAAQ;CAC9B,MAAM;CACP,CACF,CAEwB"}

package/dist/example.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"example.js","names":[],"sources":["../src/example.ts"],"sourcesContent":["import { defineExample } from '@contractspec/lib.contracts';\n\nconst example = defineExample({\n  meta: {\n    key: 'openbanking-powens',\n    version: '1.0.0',\n    title: 'Open Banking — Powens',\n    description:\n      'OAuth callback + webhook handler patterns for Powens open banking integration (provider + workflow orchestration).',\n    kind: 'integration',\n    visibility: 'public',\n    stability: 'experimental',\n    owners: ['@platform.core'],\n    tags: ['openbanking', 'powens', 'oauth', 'webhooks', 'integrations'],\n  },\n  docs: {\n    rootDocId: 'docs.examples.openbanking-powens',\n    usageDocId: 'docs.examples.openbanking-powens.usage',\n  },\n  entrypoints: {\n    packageName: '@contractspec/example.openbanking-powens',\n    docs: './docs',\n  },\n  surfaces: {\n    templates: true,\n    sandbox: { enabled: true, modes: ['markdown', 'specs'] },\n    studio: { enabled: true, installable: true },\n    mcp: { enabled: true },\n  },\n});\n\nexport default example;\n"],"mappings":";;;AAEA,MAAM,UAAU,cAAc;CAC5B,MAAM;EACJ,KAAK;EACL,SAAS;EACT,OAAO;EACP,aACE;EACF,MAAM;EACN,YAAY;EACZ,WAAW;EACX,QAAQ,CAAC,iBAAiB;EAC1B,MAAM;GAAC;GAAe;GAAU;GAAS;GAAY;GAAe;EACrE;CACD,MAAM;EACJ,WAAW;EACX,YAAY;EACb;CACD,aAAa;EACX,aAAa;EACb,MAAM;EACP;CACD,UAAU;EACR,WAAW;EACX,SAAS;GAAE,SAAS;GAAM,OAAO,CAAC,YAAY,QAAQ;GAAE;EACxD,QAAQ;GAAE,SAAS;GAAM,aAAa;GAAM;EAC5C,KAAK,EAAE,SAAS,MAAM;EACvB;CACF,CAAC"}

package/dist/handlers/oauth-callback.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"oauth-callback.js","names":[],"sources":["../../src/handlers/oauth-callback.ts"],"sourcesContent":["/**\n * Example OAuth callback handler for Powens (open banking).\n *\n * This example stays framework-neutral: it operates on the standard `Request`\n * type so it can be used in Next.js, Elysia, or any fetch-compatible runtime.\n */\nimport { PowensOpenBankingProvider } from '@contractspec/integration.providers-impls/impls/powens-openbanking';\nimport type { PowensEnvironment } from '@contractspec/integration.providers-impls/impls/powens-client';\n\nexport async function powensOAuthCallbackHandler(req: Request) {\n  const url = new URL(req.url);\n  const code = url.searchParams.get('code');\n  const state = url.searchParams.get('state');\n  const userUuid = url.searchParams.get('user_uuid');\n\n  if (!code || !state || !userUuid) {\n    return new Response('Missing Powens OAuth params', { status: 400 });\n  }\n\n  const connection = await getConnectionByState(state);\n  if (!connection) {\n    return new Response('Unknown Powens OAuth state', { status: 404 });\n  }\n\n  const secrets = await getPowensSecretsForConnection(connection.meta.id);\n\n  const provider = new PowensOpenBankingProvider({\n    clientId: secrets.clientId,\n    clientSecret: secrets.clientSecret,\n    apiKey: secrets.apiKey,\n    environment: connection.config.environment as PowensEnvironment,\n    baseUrl: connection.config.baseUrl as string | undefined,\n  });\n\n  const preview = await provider.listAccounts({\n    tenantId: connection.meta.tenantId,\n    connectionId: connection.meta.id,\n    userId: userUuid,\n  });\n\n  await connection.storePowensUser({\n    tenantUserId: connection.meta.tenantUserId,\n    powensUserUuid: userUuid,\n    authCode: code,\n  });\n\n  await enqueueWorkflow('pfo.workflow.sync-openbanking-accounts', {\n    tenantId: connection.meta.tenantId,\n    userUuid,\n    connectionId: connection.meta.id,\n    previewAccounts: preview.accounts,\n  });\n\n  const redirectBase = process.env.APP_DASHBOARD_URL ?? '';\n  return Response.redirect(\n    `${redirectBase}/banking/linked?tenant=${connection.meta.tenantId}`,\n    302\n  );\n}\n\ninterface ExamplePowensSecrets {\n  clientId: string;\n  clientSecret: string;\n  apiKey?: string;\n}\n\ninterface ExampleIntegrationConnection {\n  meta: {\n    id: string;\n    tenantId: string;\n    tenantUserId: string;\n  };\n  config: {\n    environment: PowensEnvironment;\n    baseUrl?: string;\n  };\n  storePowensUser(input: {\n    tenantUserId: string;\n    powensUserUuid: string;\n    authCode: string;\n  }): Promise<void>;\n}\n\nasync function getConnectionByState(\n  state: string\n): Promise<ExampleIntegrationConnection | null> {\n  const record = fakeDatabase.connections.find((conn) => conn.state === state);\n  return record ?? null;\n}\n\nasync function getPowensSecretsForConnection(\n  connectionId: string\n): Promise<ExamplePowensSecrets> {\n  const secret = fakeSecretStore[connectionId];\n  if (!secret) throw new Error(`Missing Powens secrets for ${connectionId}`);\n  return secret;\n}\n\nasync function enqueueWorkflow(name: string, input: Record<string, unknown>) {\n  await fakeWorkflowQueue.enqueue({ name, input });\n}\n\nconst fakeDatabase = {\n  connections: [] as (ExampleIntegrationConnection & { state: string })[],\n};\n\nconst fakeSecretStore: Record<string, ExamplePowensSecrets> = {};\n\nconst fakeWorkflowQueue = {\n  enqueue: async (_payload: Record<string, unknown>) => {\n    /* no-op */\n  },\n};\n"],"mappings":";;;;;;;;;AASA,eAAsB,2BAA2B,KAAc;CAC7D,MAAM,MAAM,IAAI,IAAI,IAAI,IAAI;CAC5B,MAAM,OAAO,IAAI,aAAa,IAAI,OAAO;CACzC,MAAM,QAAQ,IAAI,aAAa,IAAI,QAAQ;CAC3C,MAAM,WAAW,IAAI,aAAa,IAAI,YAAY;AAElD,KAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,SACtB,QAAO,IAAI,SAAS,+BAA+B,EAAE,QAAQ,KAAK,CAAC;CAGrE,MAAM,aAAa,MAAM,qBAAqB,MAAM;AACpD,KAAI,CAAC,WACH,QAAO,IAAI,SAAS,8BAA8B,EAAE,QAAQ,KAAK,CAAC;CAGpE,MAAM,UAAU,MAAM,8BAA8B,WAAW,KAAK,GAAG;CAUvE,MAAM,UAAU,MARC,IAAI,0BAA0B;EAC7C,UAAU,QAAQ;EAClB,cAAc,QAAQ;EACtB,QAAQ,QAAQ;EAChB,aAAa,WAAW,OAAO;EAC/B,SAAS,WAAW,OAAO;EAC5B,CAAC,CAE6B,aAAa;EAC1C,UAAU,WAAW,KAAK;EAC1B,cAAc,WAAW,KAAK;EAC9B,QAAQ;EACT,CAAC;AAEF,OAAM,WAAW,gBAAgB;EAC/B,cAAc,WAAW,KAAK;EAC9B,gBAAgB;EAChB,UAAU;EACX,CAAC;AAEF,OAAM,gBAAgB,0CAA0C;EAC9D,UAAU,WAAW,KAAK;EAC1B;EACA,cAAc,WAAW,KAAK;EAC9B,iBAAiB,QAAQ;EAC1B,CAAC;CAEF,MAAM,eAAe,QAAQ,IAAI,qBAAqB;AACtD,QAAO,SAAS,SACd,GAAG,aAAa,yBAAyB,WAAW,KAAK,YACzD,IACD;;AA0BH,eAAe,qBACb,OAC8C;AAE9C,QADe,aAAa,YAAY,MAAM,SAAS,KAAK,UAAU,MAAM,IAC3D;;AAGnB,eAAe,8BACb,cAC+B;CAC/B,MAAM,SAAS,gBAAgB;AAC/B,KAAI,CAAC,OAAQ,OAAM,IAAI,MAAM,8BAA8B,eAAe;AAC1E,QAAO;;AAGT,eAAe,gBAAgB,MAAc,OAAgC;AAC3E,OAAM,kBAAkB,QAAQ;EAAE;EAAM;EAAO,CAAC;;AAGlD,MAAM,eAAe,EACnB,aAAa,EAAE,EAChB;AAED,MAAM,kBAAwD,EAAE;AAEhE,MAAM,oBAAoB,EACxB,SAAS,OAAO,aAAsC,IAGvD"}

package/dist/handlers/webhook-handler.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"webhook-handler.js","names":[],"sources":["../../src/handlers/webhook-handler.ts"],"sourcesContent":["/**\n * Example Powens webhook handler (fetch-compatible).\n *\n * Verifies signature, then enqueues the canonical workflows to keep the ledger\n * in sync. Unknown events are ignored (or can be recorded by the app layer).\n */\nimport { createHmac, timingSafeEqual } from 'crypto';\nimport { PowensOpenBankingProvider } from '@contractspec/integration.providers-impls/impls/powens-openbanking';\nimport type { PowensEnvironment } from '@contractspec/integration.providers-impls/impls/powens-client';\n\nexport async function powensWebhookHandler(req: Request) {\n  const signature = req.headers.get('x-powens-signature');\n  const stateHeader = req.headers.get('x-powens-state');\n  const payload = await req.text();\n\n  if (!signature || !stateHeader) {\n    return new Response('Missing Powens signature headers', { status: 400 });\n  }\n\n  const connection = await getConnectionByState(stateHeader);\n  if (!connection) {\n    return new Response('Unknown Powens state header', { status: 404 });\n  }\n\n  const secrets = await getPowensSecretsForConnection(connection.meta.id);\n  if (!verifySignature(payload, signature, secrets.webhookSecret)) {\n    return new Response('Invalid Powens webhook signature', { status: 401 });\n  }\n\n  const event = JSON.parse(payload) as PowensWebhookEvent;\n  const provider = new PowensOpenBankingProvider({\n    clientId: secrets.clientId,\n    clientSecret: secrets.clientSecret,\n    apiKey: secrets.apiKey,\n    environment: connection.config.environment as PowensEnvironment,\n    baseUrl: connection.config.baseUrl as string | undefined,\n  });\n\n  switch (event.type) {\n    case 'connection.updated':\n    case 'user.sync.completed': {\n      await enqueueWorkflow('pfo.workflow.sync-openbanking-accounts', {\n        tenantId: connection.meta.tenantId,\n        connectionId: connection.meta.id,\n        userUuid: event.user_uuid,\n      });\n      break;\n    }\n    case 'transactions.created':\n    case 'transactions.updated': {\n      await enqueueWorkflow('pfo.workflow.sync-openbanking-transactions', {\n        tenantId: connection.meta.tenantId,\n        connectionId: connection.meta.id,\n        userUuid: event.user_uuid,\n        accountId: event.account_uuid,\n      });\n      break;\n    }\n    default:\n      await logUnmappedEvent(event);\n  }\n\n  if (event.account_uuid) {\n    await provider.getBalances({\n      tenantId: connection.meta.tenantId,\n      connectionId: connection.meta.id,\n      accountId: event.account_uuid,\n    });\n  }\n\n  return new Response('OK', { status: 200 });\n}\n\ninterface PowensWebhookEvent {\n  type: string;\n  user_uuid: string;\n  connection_uuid: string;\n  account_uuid?: string;\n}\n\ninterface ExamplePowensSecrets {\n  clientId: string;\n  clientSecret: string;\n  apiKey?: string;\n  webhookSecret: string;\n}\n\ninterface ExampleIntegrationConnection {\n  meta: {\n    id: string;\n    tenantId: string;\n  };\n  config: {\n    environment: PowensEnvironment;\n    baseUrl?: string;\n  };\n}\n\nfunction verifySignature(payload: string, signature: string, secret: string) {\n  const digest = createHmac('sha256', secret).update(payload).digest('hex');\n  const a = Buffer.from(digest, 'hex');\n  const b = Buffer.from(signature, 'hex');\n  return a.length === b.length && timingSafeEqual(a, b);\n}\n\nasync function getConnectionByState(\n  state: string\n): Promise<ExampleIntegrationConnection | null> {\n  return fakeDatabase.connections.find((conn) => conn.state === state) ?? null;\n}\n\nasync function getPowensSecretsForConnection(\n  connectionId: string\n): Promise<ExamplePowensSecrets> {\n  const secret = fakeSecretStore[connectionId];\n  if (!secret) throw new Error(`Missing Powens secrets for ${connectionId}`);\n  return secret;\n}\n\nasync function enqueueWorkflow(name: string, input: Record<string, unknown>) {\n  await fakeWorkflowQueue.enqueue({ name, input });\n}\n\nasync function logUnmappedEvent(_event: PowensWebhookEvent) {\n  await fakeTelemetryLogger.record({\n    event: 'openbanking.webhook.unmapped',\n    payload: 'redacted',\n  });\n}\n\nconst fakeDatabase = {\n  connections: [] as (ExampleIntegrationConnection & { state: string })[],\n};\n\nconst fakeSecretStore: Record<string, ExamplePowensSecrets> = {};\n\nconst fakeWorkflowQueue = {\n  enqueue: async (_payload: Record<string, unknown>) => {\n    /* no-op */\n  },\n};\n\nconst fakeTelemetryLogger = {\n  record: async (_payload: Record<string, unknown>) => {\n    /* no-op */\n  },\n};\n"],"mappings":";;;;;;;;;;AAUA,eAAsB,qBAAqB,KAAc;CACvD,MAAM,YAAY,IAAI,QAAQ,IAAI,qBAAqB;CACvD,MAAM,cAAc,IAAI,QAAQ,IAAI,iBAAiB;CACrD,MAAM,UAAU,MAAM,IAAI,MAAM;AAEhC,KAAI,CAAC,aAAa,CAAC,YACjB,QAAO,IAAI,SAAS,oCAAoC,EAAE,QAAQ,KAAK,CAAC;CAG1E,MAAM,aAAa,MAAM,qBAAqB,YAAY;AAC1D,KAAI,CAAC,WACH,QAAO,IAAI,SAAS,+BAA+B,EAAE,QAAQ,KAAK,CAAC;CAGrE,MAAM,UAAU,MAAM,8BAA8B,WAAW,KAAK,GAAG;AACvE,KAAI,CAAC,gBAAgB,SAAS,WAAW,QAAQ,cAAc,CAC7D,QAAO,IAAI,SAAS,oCAAoC,EAAE,QAAQ,KAAK,CAAC;CAG1E,MAAM,QAAQ,KAAK,MAAM,QAAQ;CACjC,MAAM,WAAW,IAAI,0BAA0B;EAC7C,UAAU,QAAQ;EAClB,cAAc,QAAQ;EACtB,QAAQ,QAAQ;EAChB,aAAa,WAAW,OAAO;EAC/B,SAAS,WAAW,OAAO;EAC5B,CAAC;AAEF,SAAQ,MAAM,MAAd;EACE,KAAK;EACL,KAAK;AACH,SAAM,gBAAgB,0CAA0C;IAC9D,UAAU,WAAW,KAAK;IAC1B,cAAc,WAAW,KAAK;IAC9B,UAAU,MAAM;IACjB,CAAC;AACF;EAEF,KAAK;EACL,KAAK;AACH,SAAM,gBAAgB,8CAA8C;IAClE,UAAU,WAAW,KAAK;IAC1B,cAAc,WAAW,KAAK;IAC9B,UAAU,MAAM;IAChB,WAAW,MAAM;IAClB,CAAC;AACF;EAEF,QACE,OAAM,iBAAiB,MAAM;;AAGjC,KAAI,MAAM,aACR,OAAM,SAAS,YAAY;EACzB,UAAU,WAAW,KAAK;EAC1B,cAAc,WAAW,KAAK;EAC9B,WAAW,MAAM;EAClB,CAAC;AAGJ,QAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,KAAK,CAAC;;AA4B5C,SAAS,gBAAgB,SAAiB,WAAmB,QAAgB;CAC3E,MAAM,SAAS,WAAW,UAAU,OAAO,CAAC,OAAO,QAAQ,CAAC,OAAO,MAAM;CACzE,MAAM,IAAI,OAAO,KAAK,QAAQ,MAAM;CACpC,MAAM,IAAI,OAAO,KAAK,WAAW,MAAM;AACvC,QAAO,EAAE,WAAW,EAAE,UAAU,gBAAgB,GAAG,EAAE;;AAGvD,eAAe,qBACb,OAC8C;AAC9C,QAAO,aAAa,YAAY,MAAM,SAAS,KAAK,UAAU,MAAM,IAAI;;AAG1E,eAAe,8BACb,cAC+B;CAC/B,MAAM,SAAS,gBAAgB;AAC/B,KAAI,CAAC,OAAQ,OAAM,IAAI,MAAM,8BAA8B,eAAe;AAC1E,QAAO;;AAGT,eAAe,gBAAgB,MAAc,OAAgC;AAC3E,OAAM,kBAAkB,QAAQ;EAAE;EAAM;EAAO,CAAC;;AAGlD,eAAe,iBAAiB,QAA4B;AAC1D,OAAM,oBAAoB,OAAO;EAC/B,OAAO;EACP,SAAS;EACV,CAAC;;AAGJ,MAAM,eAAe,EACnB,aAAa,EAAE,EAChB;AAED,MAAM,kBAAwD,EAAE;AAEhE,MAAM,oBAAoB,EACxB,SAAS,OAAO,aAAsC,IAGvD;AAED,MAAM,sBAAsB,EAC1B,QAAQ,OAAO,aAAsC,IAGtD"}