@curless/agentbank-core 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +27 -0
- package/dist/crypto.d.ts +4 -0
- package/dist/crypto.d.ts.map +1 -0
- package/dist/crypto.js +40 -0
- package/dist/crypto.js.map +1 -0
- package/dist/errors.d.ts +7 -0
- package/dist/errors.d.ts.map +1 -0
- package/dist/errors.js +20 -0
- package/dist/errors.js.map +1 -0
- package/dist/http.d.ts +12 -0
- package/dist/http.d.ts.map +1 -0
- package/dist/http.js +43 -0
- package/dist/http.js.map +1 -0
- package/dist/index.d.ts +5 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +8 -0
- package/dist/index.js.map +1 -0
- package/dist/types.d.ts +80 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +6 -0
- package/dist/types.js.map +1 -0
- package/package.json +45 -0
package/README.md
ADDED
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
# @curless/agentbank-core
|
|
2
|
+
|
|
3
|
+
Shared, **edge-safe** runtime primitives for the agentbank SDKs. Built on the
|
|
4
|
+
Web Crypto API (`globalThis.crypto`) with **no `node:crypto` dependency**, so
|
|
5
|
+
every SDK that depends on it runs unchanged on Node 18+, Vercel Edge,
|
|
6
|
+
Cloudflare Workers and Deno.
|
|
7
|
+
|
|
8
|
+
Most apps don't install this directly — it comes in as a dependency of
|
|
9
|
+
`@curless/agentbank-sdk`, `@curless/agentbank-merchant-sdk` and
|
|
10
|
+
`@curless/agentbank-protocols`.
|
|
11
|
+
|
|
12
|
+
## Crypto
|
|
13
|
+
|
|
14
|
+
```ts
|
|
15
|
+
import { hmacSha256Hex, randomHex, timingSafeEqualHex } from '@curless/agentbank-core';
|
|
16
|
+
|
|
17
|
+
const nonce = randomHex(32); // 64-char hex, sync
|
|
18
|
+
const sig = await hmacSha256Hex(secret, `${ts}.${body}`); // HMAC-SHA256, async
|
|
19
|
+
const ok = timingSafeEqualHex(sig, expected); // constant-time compare
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
`hmacSha256Hex` is byte-for-byte identical to
|
|
23
|
+
`node:crypto.createHmac('sha256', secret).update(message).digest('hex')`, so
|
|
24
|
+
signatures stay compatible with the agentbank server. It is async because
|
|
25
|
+
`crypto.subtle.sign` has no synchronous form on edge runtimes.
|
|
26
|
+
|
|
27
|
+
MIT
|
package/dist/crypto.d.ts
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAmBA,eAAO,MAAM,SAAS,GAAI,cAAU,KAAG,MAC0B,CAAC;AAOlE,eAAO,MAAM,aAAa,GAAU,QAAQ,MAAM,EAAE,SAAS,MAAM,KAAG,OAAO,CAAC,MAAM,CAUnF,CAAC;AAKF,eAAO,MAAM,kBAAkB,GAAI,GAAG,MAAM,EAAE,GAAG,MAAM,KAAG,OAKzD,CAAC"}
|
package/dist/crypto.js
ADDED
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
// Edge-safe crypto for the agentbank SDKs.
|
|
2
|
+
//
|
|
3
|
+
// Uses the Web Crypto API (`globalThis.crypto`) instead of `node:crypto`, so
|
|
4
|
+
// the SDKs that depend on this run unchanged on Node 18+, Vercel Edge,
|
|
5
|
+
// Cloudflare Workers and Deno — none of which expose `node:crypto`. The HMAC
|
|
6
|
+
// helper is async because `crypto.subtle.sign` is Promise-based (there is no
|
|
7
|
+
// synchronous form on the edge); random + compare stay synchronous.
|
|
8
|
+
const encoder = new TextEncoder();
|
|
9
|
+
const toHex = (buf) => {
|
|
10
|
+
const bytes = buf instanceof Uint8Array ? buf : new Uint8Array(buf);
|
|
11
|
+
let out = '';
|
|
12
|
+
for (const b of bytes)
|
|
13
|
+
out += b.toString(16).padStart(2, '0');
|
|
14
|
+
return out;
|
|
15
|
+
};
|
|
16
|
+
// Cryptographically strong random hex string of `bytes` bytes (default 32 →
|
|
17
|
+
// 64 hex chars). Synchronous — `getRandomValues` is sync on every runtime.
|
|
18
|
+
export const randomHex = (bytes = 32) => toHex(globalThis.crypto.getRandomValues(new Uint8Array(bytes)));
|
|
19
|
+
// HMAC-SHA256 of `message` under `secret`, hex-encoded. Byte-for-byte
|
|
20
|
+
// identical to `node:crypto.createHmac('sha256', secret).update(message)
|
|
21
|
+
// .digest('hex')`, so signatures stay compatible with the agentbank server
|
|
22
|
+
// (which signs with node:crypto). Note: WebCrypto rejects a zero-length key
|
|
23
|
+
// (`secret`) — a misconfiguration we throw on rather than sign with.
|
|
24
|
+
export const hmacSha256Hex = async (secret, message) => {
|
|
25
|
+
const key = await globalThis.crypto.subtle.importKey('raw', encoder.encode(secret), { name: 'HMAC', hash: 'SHA-256' }, false, ['sign']);
|
|
26
|
+
const signature = await globalThis.crypto.subtle.sign('HMAC', key, encoder.encode(message));
|
|
27
|
+
return toHex(signature);
|
|
28
|
+
};
|
|
29
|
+
// Constant-time comparison of two hex strings. Returns false on a length
|
|
30
|
+
// mismatch; otherwise compares every char so timing doesn't leak where they
|
|
31
|
+
// differ. Use for verifying HMAC signatures (never `===`).
|
|
32
|
+
export const timingSafeEqualHex = (a, b) => {
|
|
33
|
+
if (a.length !== b.length)
|
|
34
|
+
return false;
|
|
35
|
+
let diff = 0;
|
|
36
|
+
for (let i = 0; i < a.length; i++)
|
|
37
|
+
diff |= a.charCodeAt(i) ^ b.charCodeAt(i);
|
|
38
|
+
return diff === 0;
|
|
39
|
+
};
|
|
40
|
+
//# sourceMappingURL=crypto.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA,2CAA2C;AAC3C,EAAE;AACF,6EAA6E;AAC7E,uEAAuE;AACvE,6EAA6E;AAC7E,6EAA6E;AAC7E,oEAAoE;AAEpE,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAElC,MAAM,KAAK,GAAG,CAAC,GAA6B,EAAU,EAAE;IACtD,MAAM,KAAK,GAAG,GAAG,YAAY,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;IACpE,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,MAAM,CAAC,IAAI,KAAK;QAAE,GAAG,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC9D,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAEF,4EAA4E;AAC5E,2EAA2E;AAC3E,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,KAAK,GAAG,EAAE,EAAU,EAAE,CAC9C,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AAElE,sEAAsE;AACtE,yEAAyE;AACzE,2EAA2E;AAC3E,4EAA4E;AAC5E,qEAAqE;AACrE,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAAE,MAAc,EAAE,OAAe,EAAmB,EAAE;IACtF,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAClD,KAAK,EACL,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EACtB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;IAC5F,OAAO,KAAK,CAAC,SAAS,CAAC,CAAC;AAC1B,CAAC,CAAC;AAEF,yEAAyE;AACzE,4EAA4E;AAC5E,2DAA2D;AAC3D,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAS,EAAE,CAAS,EAAW,EAAE;IAClE,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC7E,OAAO,IAAI,KAAK,CAAC,CAAC;AACpB,CAAC,CAAC"}
|
package/dist/errors.d.ts
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAOA,qBAAa,cAAe,SAAQ,KAAK;IACvC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;gBAEf,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO;CAO7E"}
|
package/dist/errors.js
ADDED
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
// Thrown for any non-2xx agentbank response. `code` is the agentbank error
|
|
2
|
+
// code (e.g. CONFLICT, FORBIDDEN, NOT_FOUND) or the OAuth error code
|
|
3
|
+
// (e.g. invalid_client); `status` is the HTTP status.
|
|
4
|
+
//
|
|
5
|
+
// Lives in @curless/agentbank-core so every SDK throws the SAME class —
|
|
6
|
+
// `err instanceof AgentbankError` works whether the error came from the
|
|
7
|
+
// buyer SDK, the merchant SDK, or a protocol helper.
|
|
8
|
+
export class AgentbankError extends Error {
|
|
9
|
+
status;
|
|
10
|
+
code;
|
|
11
|
+
details;
|
|
12
|
+
constructor(status, code, message, details) {
|
|
13
|
+
super(message);
|
|
14
|
+
this.name = 'AgentbankError';
|
|
15
|
+
this.status = status;
|
|
16
|
+
this.code = code;
|
|
17
|
+
this.details = details;
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
//# sourceMappingURL=errors.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,2EAA2E;AAC3E,qEAAqE;AACrE,sDAAsD;AACtD,EAAE;AACF,wEAAwE;AACxE,wEAAwE;AACxE,qDAAqD;AACrD,MAAM,OAAO,cAAe,SAAQ,KAAK;IAC9B,MAAM,CAAS;IACf,IAAI,CAAS;IACb,OAAO,CAAW;IAE3B,YAAY,MAAc,EAAE,IAAY,EAAE,OAAe,EAAE,OAAiB;QAC1E,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;QAC7B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;CACF"}
|
package/dist/http.d.ts
ADDED
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { AgentbankError } from './errors.js';
|
|
2
|
+
export type FetchLike = typeof fetch;
|
|
3
|
+
export type RequestOptions = {
|
|
4
|
+
query?: Record<string, string | number | undefined>;
|
|
5
|
+
body?: unknown;
|
|
6
|
+
idempotencyKey?: string;
|
|
7
|
+
skipAuth?: boolean;
|
|
8
|
+
};
|
|
9
|
+
export declare const buildUrl: (baseUrl: string, path: string, query?: RequestOptions["query"]) => string;
|
|
10
|
+
export declare const toError: (status: number, json: unknown) => AgentbankError;
|
|
11
|
+
export declare const sendJson: <T>(fetchImpl: FetchLike, url: string, method: string, headers: Record<string, string>, body: unknown) => Promise<T>;
|
|
12
|
+
//# sourceMappingURL=http.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAO7C,MAAM,MAAM,SAAS,GAAG,OAAO,KAAK,CAAC;AAErC,MAAM,MAAM,cAAc,GAAG;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC,CAAC;IACpD,IAAI,CAAC,EAAE,OAAO,CAAC;IAEf,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB,CAAC;AAGF,eAAO,MAAM,QAAQ,GACnB,SAAS,MAAM,EACf,MAAM,MAAM,EACZ,QAAQ,cAAc,CAAC,OAAO,CAAC,KAC9B,MAQF,CAAC;AAIF,eAAO,MAAM,OAAO,GAAI,QAAQ,MAAM,EAAE,MAAM,OAAO,KAAG,cAiBvD,CAAC;AAKF,eAAO,MAAM,QAAQ,GAAU,CAAC,EAC9B,WAAW,SAAS,EACpB,KAAK,MAAM,EACX,QAAQ,MAAM,EACd,SAAS,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC/B,MAAM,OAAO,KACZ,OAAO,CAAC,CAAC,CAUX,CAAC"}
|
package/dist/http.js
ADDED
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
import { AgentbankError } from './errors.js';
|
|
2
|
+
// Build a fully-qualified URL with query params (undefined values dropped).
|
|
3
|
+
export const buildUrl = (baseUrl, path, query) => {
|
|
4
|
+
const url = new URL(`${baseUrl}${path}`);
|
|
5
|
+
if (query) {
|
|
6
|
+
for (const [k, v] of Object.entries(query)) {
|
|
7
|
+
if (v !== undefined)
|
|
8
|
+
url.searchParams.set(k, String(v));
|
|
9
|
+
}
|
|
10
|
+
}
|
|
11
|
+
return url.toString();
|
|
12
|
+
};
|
|
13
|
+
// Map both agentbank's `{ error: { code, message, details } }` and the OAuth
|
|
14
|
+
// `{ error, error_description }` shapes to AgentbankError.
|
|
15
|
+
export const toError = (status, json) => {
|
|
16
|
+
if (json && typeof json === 'object') {
|
|
17
|
+
const o = json;
|
|
18
|
+
if (o.error && typeof o.error === 'object') {
|
|
19
|
+
const e = o.error;
|
|
20
|
+
return new AgentbankError(status, String(e.code ?? 'error'), String(e.message ?? 'request failed'), e.details);
|
|
21
|
+
}
|
|
22
|
+
if (typeof o.error === 'string') {
|
|
23
|
+
return new AgentbankError(status, o.error, String(o.error_description ?? o.error));
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
return new AgentbankError(status, 'error', `request failed with status ${status}`);
|
|
27
|
+
};
|
|
28
|
+
// Send a JSON request, parse the JSON response, and throw AgentbankError on a
|
|
29
|
+
// non-2xx. Headers (incl. auth) are built by the caller. Body is JSON-encoded
|
|
30
|
+
// unless undefined.
|
|
31
|
+
export const sendJson = async (fetchImpl, url, method, headers, body) => {
|
|
32
|
+
const res = await fetchImpl(url, {
|
|
33
|
+
method,
|
|
34
|
+
headers,
|
|
35
|
+
body: body === undefined ? undefined : JSON.stringify(body),
|
|
36
|
+
});
|
|
37
|
+
const text = await res.text();
|
|
38
|
+
const json = text ? JSON.parse(text) : undefined;
|
|
39
|
+
if (!res.ok)
|
|
40
|
+
throw toError(res.status, json);
|
|
41
|
+
return json;
|
|
42
|
+
};
|
|
43
|
+
//# sourceMappingURL=http.js.map
|
package/dist/http.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"http.js","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAkB7C,4EAA4E;AAC5E,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,OAAe,EACf,IAAY,EACZ,KAA+B,EACvB,EAAE;IACV,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,OAAO,GAAG,IAAI,EAAE,CAAC,CAAC;IACzC,IAAI,KAAK,EAAE,CAAC;QACV,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,IAAI,CAAC,KAAK,SAAS;gBAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC,CAAC;AAEF,6EAA6E;AAC7E,2DAA2D;AAC3D,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,MAAc,EAAE,IAAa,EAAkB,EAAE;IACvE,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,IAA+B,CAAC;QAC1C,IAAI,CAAC,CAAC,KAAK,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC3C,MAAM,CAAC,GAAG,CAAC,CAAC,KAAgC,CAAC;YAC7C,OAAO,IAAI,cAAc,CACvB,MAAM,EACN,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI,OAAO,CAAC,EACzB,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,gBAAgB,CAAC,EACrC,CAAC,CAAC,OAAO,CACV,CAAC;QACJ,CAAC;QACD,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YAChC,OAAO,IAAI,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,iBAAiB,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QACrF,CAAC;IACH,CAAC;IACD,OAAO,IAAI,cAAc,CAAC,MAAM,EAAE,OAAO,EAAE,8BAA8B,MAAM,EAAE,CAAC,CAAC;AACrF,CAAC,CAAC;AAEF,8EAA8E;AAC9E,8EAA8E;AAC9E,oBAAoB;AACpB,MAAM,CAAC,MAAM,QAAQ,GAAG,KAAK,EAC3B,SAAoB,EACpB,GAAW,EACX,MAAc,EACd,OAA+B,EAC/B,IAAa,EACD,EAAE;IACd,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE;QAC/B,MAAM;QACN,OAAO;QACP,IAAI,EAAE,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;KAC5D,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;IAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAa,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9D,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,MAAM,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAC7C,OAAO,IAAS,CAAC;AACnB,CAAC,CAAC"}
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
export { hmacSha256Hex, randomHex, timingSafeEqualHex } from './crypto.js';
|
|
2
|
+
export { AgentbankError } from './errors.js';
|
|
3
|
+
export { type FetchLike, type RequestOptions, buildUrl, sendJson, toError } from './http.js';
|
|
4
|
+
export type { BalanceTransaction, Customer, CustomerStatus, LedgerEntryView, Paginated, PaymentIntent, PaymentIntentLedger, PaymentIntentStatus, PaymentLink, PaymentLinkItem, PaymentLinkStatus, PaymentProtocol, } from './types.js';
|
|
5
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAC3E,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,KAAK,SAAS,EAAE,KAAK,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC7F,YAAY,EACV,kBAAkB,EAClB,QAAQ,EACR,cAAc,EACd,eAAe,EACf,SAAS,EACT,aAAa,EACb,mBAAmB,EACnB,mBAAmB,EACnB,WAAW,EACX,eAAe,EACf,iBAAiB,EACjB,eAAe,GAChB,MAAM,YAAY,CAAC"}
|
package/dist/index.js
ADDED
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
// @curless/agentbank-core — shared, edge-safe runtime primitives for the
|
|
2
|
+
// agentbank SDKs. The buyer / merchant / protocol packages build on this so
|
|
3
|
+
// there's one implementation: one crypto path, one error class, one HTTP +
|
|
4
|
+
// type surface.
|
|
5
|
+
export { hmacSha256Hex, randomHex, timingSafeEqualHex } from './crypto.js';
|
|
6
|
+
export { AgentbankError } from './errors.js';
|
|
7
|
+
export { buildUrl, sendJson, toError } from './http.js';
|
|
8
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,yEAAyE;AACzE,4EAA4E;AAC5E,2EAA2E;AAC3E,gBAAgB;AAChB,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAC3E,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAuC,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC"}
|
package/dist/types.d.ts
ADDED
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
export type PaymentIntentStatus = 'initiated' | 'authorized' | 'authorizing' | 'captured' | 'settled' | 'reconciled' | 'failed' | 'partially_refunded' | 'refunded' | 'disputed';
|
|
2
|
+
export type PaymentProtocol = 'a2a' | 'acp' | 'ap2' | 'ucp' | 'mcp' | 'x402' | 'tap' | 'skyfire' | 'mpp' | 'mc' | 'direct';
|
|
3
|
+
export type PaymentIntent = {
|
|
4
|
+
id: string;
|
|
5
|
+
organizationId: string | null;
|
|
6
|
+
agentId?: string | null;
|
|
7
|
+
curlessMerchantId: string;
|
|
8
|
+
protocol: PaymentProtocol;
|
|
9
|
+
rail?: string | null;
|
|
10
|
+
status: PaymentIntentStatus;
|
|
11
|
+
amount: number;
|
|
12
|
+
currency: string;
|
|
13
|
+
railReference?: string | null;
|
|
14
|
+
idempotencyKey?: string | null;
|
|
15
|
+
createdAt: string;
|
|
16
|
+
updatedAt: string;
|
|
17
|
+
settledAt?: string | null;
|
|
18
|
+
};
|
|
19
|
+
export type CustomerStatus = 'active' | 'disabled';
|
|
20
|
+
export type Customer = {
|
|
21
|
+
id: string;
|
|
22
|
+
organizationId: string;
|
|
23
|
+
externalId?: string | null;
|
|
24
|
+
email?: string | null;
|
|
25
|
+
name?: string | null;
|
|
26
|
+
status: CustomerStatus;
|
|
27
|
+
curlessWalletId?: string | null;
|
|
28
|
+
metadata: Record<string, unknown>;
|
|
29
|
+
createdAt: string;
|
|
30
|
+
updatedAt: string;
|
|
31
|
+
};
|
|
32
|
+
export type PaymentLinkStatus = 'active' | 'inactive' | 'expired';
|
|
33
|
+
export type PaymentLinkItem = {
|
|
34
|
+
catalogItemId: string;
|
|
35
|
+
quantity: number;
|
|
36
|
+
unitPrice: number;
|
|
37
|
+
};
|
|
38
|
+
export type PaymentLink = {
|
|
39
|
+
id: string;
|
|
40
|
+
url: string;
|
|
41
|
+
mode: 'test' | 'live';
|
|
42
|
+
curlessMerchantId: string;
|
|
43
|
+
amount: number;
|
|
44
|
+
currency: string;
|
|
45
|
+
description?: string | null;
|
|
46
|
+
items: PaymentLinkItem[];
|
|
47
|
+
status: PaymentLinkStatus;
|
|
48
|
+
maxUses?: number | null;
|
|
49
|
+
useCount: number;
|
|
50
|
+
expiresAt?: string | null;
|
|
51
|
+
createdAt: string;
|
|
52
|
+
};
|
|
53
|
+
export type Paginated<T> = {
|
|
54
|
+
data: T[];
|
|
55
|
+
pagination: {
|
|
56
|
+
limit: number;
|
|
57
|
+
offset: number;
|
|
58
|
+
count: number;
|
|
59
|
+
};
|
|
60
|
+
};
|
|
61
|
+
export type LedgerEntryView = {
|
|
62
|
+
transactionId: string;
|
|
63
|
+
purpose: string;
|
|
64
|
+
referenceType?: string | null;
|
|
65
|
+
referenceId?: string | null;
|
|
66
|
+
walletId: string;
|
|
67
|
+
walletKind?: string | null;
|
|
68
|
+
direction: 'debit' | 'credit';
|
|
69
|
+
amount: number;
|
|
70
|
+
currency: string;
|
|
71
|
+
createdAt: string;
|
|
72
|
+
};
|
|
73
|
+
export type PaymentIntentLedger = {
|
|
74
|
+
paymentIntentId: string;
|
|
75
|
+
data: LedgerEntryView[];
|
|
76
|
+
};
|
|
77
|
+
export type BalanceTransaction = LedgerEntryView & {
|
|
78
|
+
paymentIntentId: string;
|
|
79
|
+
};
|
|
80
|
+
//# sourceMappingURL=types.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAKA,MAAM,MAAM,mBAAmB,GAC3B,WAAW,GACX,YAAY,GACZ,aAAa,GACb,UAAU,GACV,SAAS,GACT,YAAY,GACZ,QAAQ,GACR,oBAAoB,GACpB,UAAU,GACV,UAAU,CAAC;AAEf,MAAM,MAAM,eAAe,GACvB,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,MAAM,GACN,KAAK,GACL,SAAS,GACT,KAAK,GACL,IAAI,GACJ,QAAQ,CAAC;AAEb,MAAM,MAAM,aAAa,GAAG;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,QAAQ,EAAE,eAAe,CAAC;IAC1B,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,MAAM,EAAE,mBAAmB,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG,QAAQ,GAAG,UAAU,CAAC;AAGnD,MAAM,MAAM,QAAQ,GAAG;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,MAAM,EAAE,cAAc,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,CAAC;AAElE,MAAM,MAAM,eAAe,GAAG;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,EAAE,EAAE,MAAM,CAAC;IAEX,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,KAAK,EAAE,eAAe,EAAE,CAAC;IACzB,MAAM,EAAE,iBAAiB,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,SAAS,CAAC,CAAC,IAAI;IACzB,IAAI,EAAE,CAAC,EAAE,CAAC;IACV,UAAU,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;CAC9D,CAAC;AAKF,MAAM,MAAM,eAAe,GAAG;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,SAAS,EAAE,OAAO,GAAG,QAAQ,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAGF,MAAM,MAAM,mBAAmB,GAAG;IAChC,eAAe,EAAE,MAAM,CAAC;IACxB,IAAI,EAAE,eAAe,EAAE,CAAC;CACzB,CAAC;AAGF,MAAM,MAAM,kBAAkB,GAAG,eAAe,GAAG;IAAE,eAAe,EAAE,MAAM,CAAA;CAAE,CAAC"}
|
package/dist/types.js
ADDED
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
// Shared API resource types — the shapes both the buyer and merchant SDKs
|
|
2
|
+
// return. Kept loose (some fields optional) so a minor server-side addition
|
|
3
|
+
// doesn't break consumers. SDK-specific types (Agent, SpendAuthorization,
|
|
4
|
+
// WebhookEndpoint, …) live in each SDK's own types module.
|
|
5
|
+
export {};
|
|
6
|
+
//# sourceMappingURL=types.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,4EAA4E;AAC5E,0EAA0E;AAC1E,2DAA2D"}
|
package/package.json
ADDED
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@curless/agentbank-core",
|
|
3
|
+
"version": "0.0.1",
|
|
4
|
+
"description": "Shared runtime primitives for the agentbank SDKs. Edge-safe crypto (Web Crypto API, no node:crypto) so the buyer / merchant / protocol SDKs run unchanged on Node 18+, Vercel Edge, Cloudflare Workers and Deno.",
|
|
5
|
+
"license": "MIT",
|
|
6
|
+
"type": "module",
|
|
7
|
+
"files": [
|
|
8
|
+
"dist",
|
|
9
|
+
"README.md"
|
|
10
|
+
],
|
|
11
|
+
"publishConfig": {
|
|
12
|
+
"access": "public"
|
|
13
|
+
},
|
|
14
|
+
"exports": {
|
|
15
|
+
".": {
|
|
16
|
+
"types": "./dist/index.d.ts",
|
|
17
|
+
"default": "./dist/index.js"
|
|
18
|
+
},
|
|
19
|
+
"./crypto": {
|
|
20
|
+
"types": "./dist/crypto.d.ts",
|
|
21
|
+
"default": "./dist/crypto.js"
|
|
22
|
+
}
|
|
23
|
+
},
|
|
24
|
+
"devDependencies": {
|
|
25
|
+
"@types/node": "^22.10.1",
|
|
26
|
+
"typescript": "^5.6.3",
|
|
27
|
+
"vitest": "^2.1.9"
|
|
28
|
+
},
|
|
29
|
+
"engines": {
|
|
30
|
+
"node": ">=18"
|
|
31
|
+
},
|
|
32
|
+
"keywords": [
|
|
33
|
+
"agentbank",
|
|
34
|
+
"curless",
|
|
35
|
+
"webcrypto",
|
|
36
|
+
"edge-runtime",
|
|
37
|
+
"hmac"
|
|
38
|
+
],
|
|
39
|
+
"scripts": {
|
|
40
|
+
"build": "tsc",
|
|
41
|
+
"typecheck": "tsc --noEmit",
|
|
42
|
+
"test": "vitest run",
|
|
43
|
+
"clean": "rm -rf dist"
|
|
44
|
+
}
|
|
45
|
+
}
|