@curless/agentbank-core 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md ADDED
@@ -0,0 +1,27 @@
1
+ # @curless/agentbank-core
2
+
3
+ Shared, **edge-safe** runtime primitives for the agentbank SDKs. Built on the
4
+ Web Crypto API (`globalThis.crypto`) with **no `node:crypto` dependency**, so
5
+ every SDK that depends on it runs unchanged on Node 18+, Vercel Edge,
6
+ Cloudflare Workers and Deno.
7
+
8
+ Most apps don't install this directly — it comes in as a dependency of
9
+ `@curless/agentbank-sdk`, `@curless/agentbank-merchant-sdk` and
10
+ `@curless/agentbank-protocols`.
11
+
12
+ ## Crypto
13
+
14
+ ```ts
15
+ import { hmacSha256Hex, randomHex, timingSafeEqualHex } from '@curless/agentbank-core';
16
+
17
+ const nonce = randomHex(32); // 64-char hex, sync
18
+ const sig = await hmacSha256Hex(secret, `${ts}.${body}`); // HMAC-SHA256, async
19
+ const ok = timingSafeEqualHex(sig, expected); // constant-time compare
20
+ ```
21
+
22
+ `hmacSha256Hex` is byte-for-byte identical to
23
+ `node:crypto.createHmac('sha256', secret).update(message).digest('hex')`, so
24
+ signatures stay compatible with the agentbank server. It is async because
25
+ `crypto.subtle.sign` has no synchronous form on edge runtimes.
26
+
27
+ MIT
@@ -0,0 +1,4 @@
1
+ export declare const randomHex: (bytes?: number) => string;
2
+ export declare const hmacSha256Hex: (secret: string, message: string) => Promise<string>;
3
+ export declare const timingSafeEqualHex: (a: string, b: string) => boolean;
4
+ //# sourceMappingURL=crypto.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAmBA,eAAO,MAAM,SAAS,GAAI,cAAU,KAAG,MAC0B,CAAC;AAOlE,eAAO,MAAM,aAAa,GAAU,QAAQ,MAAM,EAAE,SAAS,MAAM,KAAG,OAAO,CAAC,MAAM,CAUnF,CAAC;AAKF,eAAO,MAAM,kBAAkB,GAAI,GAAG,MAAM,EAAE,GAAG,MAAM,KAAG,OAKzD,CAAC"}
package/dist/crypto.js ADDED
@@ -0,0 +1,40 @@
1
+ // Edge-safe crypto for the agentbank SDKs.
2
+ //
3
+ // Uses the Web Crypto API (`globalThis.crypto`) instead of `node:crypto`, so
4
+ // the SDKs that depend on this run unchanged on Node 18+, Vercel Edge,
5
+ // Cloudflare Workers and Deno — none of which expose `node:crypto`. The HMAC
6
+ // helper is async because `crypto.subtle.sign` is Promise-based (there is no
7
+ // synchronous form on the edge); random + compare stay synchronous.
8
+ const encoder = new TextEncoder();
9
+ const toHex = (buf) => {
10
+ const bytes = buf instanceof Uint8Array ? buf : new Uint8Array(buf);
11
+ let out = '';
12
+ for (const b of bytes)
13
+ out += b.toString(16).padStart(2, '0');
14
+ return out;
15
+ };
16
+ // Cryptographically strong random hex string of `bytes` bytes (default 32 →
17
+ // 64 hex chars). Synchronous — `getRandomValues` is sync on every runtime.
18
+ export const randomHex = (bytes = 32) => toHex(globalThis.crypto.getRandomValues(new Uint8Array(bytes)));
19
+ // HMAC-SHA256 of `message` under `secret`, hex-encoded. Byte-for-byte
20
+ // identical to `node:crypto.createHmac('sha256', secret).update(message)
21
+ // .digest('hex')`, so signatures stay compatible with the agentbank server
22
+ // (which signs with node:crypto). Note: WebCrypto rejects a zero-length key
23
+ // (`secret`) — a misconfiguration we throw on rather than sign with.
24
+ export const hmacSha256Hex = async (secret, message) => {
25
+ const key = await globalThis.crypto.subtle.importKey('raw', encoder.encode(secret), { name: 'HMAC', hash: 'SHA-256' }, false, ['sign']);
26
+ const signature = await globalThis.crypto.subtle.sign('HMAC', key, encoder.encode(message));
27
+ return toHex(signature);
28
+ };
29
+ // Constant-time comparison of two hex strings. Returns false on a length
30
+ // mismatch; otherwise compares every char so timing doesn't leak where they
31
+ // differ. Use for verifying HMAC signatures (never `===`).
32
+ export const timingSafeEqualHex = (a, b) => {
33
+ if (a.length !== b.length)
34
+ return false;
35
+ let diff = 0;
36
+ for (let i = 0; i < a.length; i++)
37
+ diff |= a.charCodeAt(i) ^ b.charCodeAt(i);
38
+ return diff === 0;
39
+ };
40
+ //# sourceMappingURL=crypto.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"crypto.js","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA,2CAA2C;AAC3C,EAAE;AACF,6EAA6E;AAC7E,uEAAuE;AACvE,6EAA6E;AAC7E,6EAA6E;AAC7E,oEAAoE;AAEpE,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;AAElC,MAAM,KAAK,GAAG,CAAC,GAA6B,EAAU,EAAE;IACtD,MAAM,KAAK,GAAG,GAAG,YAAY,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;IACpE,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,MAAM,CAAC,IAAI,KAAK;QAAE,GAAG,IAAI,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC9D,OAAO,GAAG,CAAC;AACb,CAAC,CAAC;AAEF,4EAA4E;AAC5E,2EAA2E;AAC3E,MAAM,CAAC,MAAM,SAAS,GAAG,CAAC,KAAK,GAAG,EAAE,EAAU,EAAE,CAC9C,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AAElE,sEAAsE;AACtE,yEAAyE;AACzE,2EAA2E;AAC3E,4EAA4E;AAC5E,qEAAqE;AACrE,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAAE,MAAc,EAAE,OAAe,EAAmB,EAAE;IACtF,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAClD,KAAK,EACL,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EACtB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;IAC5F,OAAO,KAAK,CAAC,SAAS,CAAC,CAAC;AAC1B,CAAC,CAAC;AAEF,yEAAyE;AACzE,4EAA4E;AAC5E,2DAA2D;AAC3D,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAAC,CAAS,EAAE,CAAS,EAAW,EAAE;IAClE,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC7E,OAAO,IAAI,KAAK,CAAC,CAAC;AACpB,CAAC,CAAC"}
@@ -0,0 +1,7 @@
1
+ export declare class AgentbankError extends Error {
2
+ readonly status: number;
3
+ readonly code: string;
4
+ readonly details?: unknown;
5
+ constructor(status: number, code: string, message: string, details?: unknown);
6
+ }
7
+ //# sourceMappingURL=errors.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAOA,qBAAa,cAAe,SAAQ,KAAK;IACvC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;gBAEf,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,OAAO;CAO7E"}
package/dist/errors.js ADDED
@@ -0,0 +1,20 @@
1
+ // Thrown for any non-2xx agentbank response. `code` is the agentbank error
2
+ // code (e.g. CONFLICT, FORBIDDEN, NOT_FOUND) or the OAuth error code
3
+ // (e.g. invalid_client); `status` is the HTTP status.
4
+ //
5
+ // Lives in @curless/agentbank-core so every SDK throws the SAME class —
6
+ // `err instanceof AgentbankError` works whether the error came from the
7
+ // buyer SDK, the merchant SDK, or a protocol helper.
8
+ export class AgentbankError extends Error {
9
+ status;
10
+ code;
11
+ details;
12
+ constructor(status, code, message, details) {
13
+ super(message);
14
+ this.name = 'AgentbankError';
15
+ this.status = status;
16
+ this.code = code;
17
+ this.details = details;
18
+ }
19
+ }
20
+ //# sourceMappingURL=errors.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,2EAA2E;AAC3E,qEAAqE;AACrE,sDAAsD;AACtD,EAAE;AACF,wEAAwE;AACxE,wEAAwE;AACxE,qDAAqD;AACrD,MAAM,OAAO,cAAe,SAAQ,KAAK;IAC9B,MAAM,CAAS;IACf,IAAI,CAAS;IACb,OAAO,CAAW;IAE3B,YAAY,MAAc,EAAE,IAAY,EAAE,OAAe,EAAE,OAAiB;QAC1E,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;QAC7B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;CACF"}
package/dist/http.d.ts ADDED
@@ -0,0 +1,12 @@
1
+ import { AgentbankError } from './errors.js';
2
+ export type FetchLike = typeof fetch;
3
+ export type RequestOptions = {
4
+ query?: Record<string, string | number | undefined>;
5
+ body?: unknown;
6
+ idempotencyKey?: string;
7
+ skipAuth?: boolean;
8
+ };
9
+ export declare const buildUrl: (baseUrl: string, path: string, query?: RequestOptions["query"]) => string;
10
+ export declare const toError: (status: number, json: unknown) => AgentbankError;
11
+ export declare const sendJson: <T>(fetchImpl: FetchLike, url: string, method: string, headers: Record<string, string>, body: unknown) => Promise<T>;
12
+ //# sourceMappingURL=http.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAO7C,MAAM,MAAM,SAAS,GAAG,OAAO,KAAK,CAAC;AAErC,MAAM,MAAM,cAAc,GAAG;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC,CAAC;IACpD,IAAI,CAAC,EAAE,OAAO,CAAC;IAEf,cAAc,CAAC,EAAE,MAAM,CAAC;IAExB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB,CAAC;AAGF,eAAO,MAAM,QAAQ,GACnB,SAAS,MAAM,EACf,MAAM,MAAM,EACZ,QAAQ,cAAc,CAAC,OAAO,CAAC,KAC9B,MAQF,CAAC;AAIF,eAAO,MAAM,OAAO,GAAI,QAAQ,MAAM,EAAE,MAAM,OAAO,KAAG,cAiBvD,CAAC;AAKF,eAAO,MAAM,QAAQ,GAAU,CAAC,EAC9B,WAAW,SAAS,EACpB,KAAK,MAAM,EACX,QAAQ,MAAM,EACd,SAAS,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAC/B,MAAM,OAAO,KACZ,OAAO,CAAC,CAAC,CAUX,CAAC"}
package/dist/http.js ADDED
@@ -0,0 +1,43 @@
1
+ import { AgentbankError } from './errors.js';
2
+ // Build a fully-qualified URL with query params (undefined values dropped).
3
+ export const buildUrl = (baseUrl, path, query) => {
4
+ const url = new URL(`${baseUrl}${path}`);
5
+ if (query) {
6
+ for (const [k, v] of Object.entries(query)) {
7
+ if (v !== undefined)
8
+ url.searchParams.set(k, String(v));
9
+ }
10
+ }
11
+ return url.toString();
12
+ };
13
+ // Map both agentbank's `{ error: { code, message, details } }` and the OAuth
14
+ // `{ error, error_description }` shapes to AgentbankError.
15
+ export const toError = (status, json) => {
16
+ if (json && typeof json === 'object') {
17
+ const o = json;
18
+ if (o.error && typeof o.error === 'object') {
19
+ const e = o.error;
20
+ return new AgentbankError(status, String(e.code ?? 'error'), String(e.message ?? 'request failed'), e.details);
21
+ }
22
+ if (typeof o.error === 'string') {
23
+ return new AgentbankError(status, o.error, String(o.error_description ?? o.error));
24
+ }
25
+ }
26
+ return new AgentbankError(status, 'error', `request failed with status ${status}`);
27
+ };
28
+ // Send a JSON request, parse the JSON response, and throw AgentbankError on a
29
+ // non-2xx. Headers (incl. auth) are built by the caller. Body is JSON-encoded
30
+ // unless undefined.
31
+ export const sendJson = async (fetchImpl, url, method, headers, body) => {
32
+ const res = await fetchImpl(url, {
33
+ method,
34
+ headers,
35
+ body: body === undefined ? undefined : JSON.stringify(body),
36
+ });
37
+ const text = await res.text();
38
+ const json = text ? JSON.parse(text) : undefined;
39
+ if (!res.ok)
40
+ throw toError(res.status, json);
41
+ return json;
42
+ };
43
+ //# sourceMappingURL=http.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"http.js","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAkB7C,4EAA4E;AAC5E,MAAM,CAAC,MAAM,QAAQ,GAAG,CACtB,OAAe,EACf,IAAY,EACZ,KAA+B,EACvB,EAAE;IACV,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,OAAO,GAAG,IAAI,EAAE,CAAC,CAAC;IACzC,IAAI,KAAK,EAAE,CAAC;QACV,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;YAC3C,IAAI,CAAC,KAAK,SAAS;gBAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC,CAAC;AAEF,6EAA6E;AAC7E,2DAA2D;AAC3D,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,MAAc,EAAE,IAAa,EAAkB,EAAE;IACvE,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,IAA+B,CAAC;QAC1C,IAAI,CAAC,CAAC,KAAK,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC3C,MAAM,CAAC,GAAG,CAAC,CAAC,KAAgC,CAAC;YAC7C,OAAO,IAAI,cAAc,CACvB,MAAM,EACN,MAAM,CAAC,CAAC,CAAC,IAAI,IAAI,OAAO,CAAC,EACzB,MAAM,CAAC,CAAC,CAAC,OAAO,IAAI,gBAAgB,CAAC,EACrC,CAAC,CAAC,OAAO,CACV,CAAC;QACJ,CAAC;QACD,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YAChC,OAAO,IAAI,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,iBAAiB,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QACrF,CAAC;IACH,CAAC;IACD,OAAO,IAAI,cAAc,CAAC,MAAM,EAAE,OAAO,EAAE,8BAA8B,MAAM,EAAE,CAAC,CAAC;AACrF,CAAC,CAAC;AAEF,8EAA8E;AAC9E,8EAA8E;AAC9E,oBAAoB;AACpB,MAAM,CAAC,MAAM,QAAQ,GAAG,KAAK,EAC3B,SAAoB,EACpB,GAAW,EACX,MAAc,EACd,OAA+B,EAC/B,IAAa,EACD,EAAE;IACd,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,GAAG,EAAE;QAC/B,MAAM;QACN,OAAO;QACP,IAAI,EAAE,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;KAC5D,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;IAC9B,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAa,CAAC,CAAC,CAAC,SAAS,CAAC;IAC9D,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,MAAM,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAC7C,OAAO,IAAS,CAAC;AACnB,CAAC,CAAC"}
@@ -0,0 +1,5 @@
1
+ export { hmacSha256Hex, randomHex, timingSafeEqualHex } from './crypto.js';
2
+ export { AgentbankError } from './errors.js';
3
+ export { type FetchLike, type RequestOptions, buildUrl, sendJson, toError } from './http.js';
4
+ export type { BalanceTransaction, Customer, CustomerStatus, LedgerEntryView, Paginated, PaymentIntent, PaymentIntentLedger, PaymentIntentStatus, PaymentLink, PaymentLinkItem, PaymentLinkStatus, PaymentProtocol, } from './types.js';
5
+ //# sourceMappingURL=index.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAC3E,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,KAAK,SAAS,EAAE,KAAK,cAAc,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC7F,YAAY,EACV,kBAAkB,EAClB,QAAQ,EACR,cAAc,EACd,eAAe,EACf,SAAS,EACT,aAAa,EACb,mBAAmB,EACnB,mBAAmB,EACnB,WAAW,EACX,eAAe,EACf,iBAAiB,EACjB,eAAe,GAChB,MAAM,YAAY,CAAC"}
package/dist/index.js ADDED
@@ -0,0 +1,8 @@
1
+ // @curless/agentbank-core — shared, edge-safe runtime primitives for the
2
+ // agentbank SDKs. The buyer / merchant / protocol packages build on this so
3
+ // there's one implementation: one crypto path, one error class, one HTTP +
4
+ // type surface.
5
+ export { hmacSha256Hex, randomHex, timingSafeEqualHex } from './crypto.js';
6
+ export { AgentbankError } from './errors.js';
7
+ export { buildUrl, sendJson, toError } from './http.js';
8
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,yEAAyE;AACzE,4EAA4E;AAC5E,2EAA2E;AAC3E,gBAAgB;AAChB,OAAO,EAAE,aAAa,EAAE,SAAS,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AAC3E,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAuC,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC"}
@@ -0,0 +1,80 @@
1
+ export type PaymentIntentStatus = 'initiated' | 'authorized' | 'authorizing' | 'captured' | 'settled' | 'reconciled' | 'failed' | 'partially_refunded' | 'refunded' | 'disputed';
2
+ export type PaymentProtocol = 'a2a' | 'acp' | 'ap2' | 'ucp' | 'mcp' | 'x402' | 'tap' | 'skyfire' | 'mpp' | 'mc' | 'direct';
3
+ export type PaymentIntent = {
4
+ id: string;
5
+ organizationId: string | null;
6
+ agentId?: string | null;
7
+ curlessMerchantId: string;
8
+ protocol: PaymentProtocol;
9
+ rail?: string | null;
10
+ status: PaymentIntentStatus;
11
+ amount: number;
12
+ currency: string;
13
+ railReference?: string | null;
14
+ idempotencyKey?: string | null;
15
+ createdAt: string;
16
+ updatedAt: string;
17
+ settledAt?: string | null;
18
+ };
19
+ export type CustomerStatus = 'active' | 'disabled';
20
+ export type Customer = {
21
+ id: string;
22
+ organizationId: string;
23
+ externalId?: string | null;
24
+ email?: string | null;
25
+ name?: string | null;
26
+ status: CustomerStatus;
27
+ curlessWalletId?: string | null;
28
+ metadata: Record<string, unknown>;
29
+ createdAt: string;
30
+ updatedAt: string;
31
+ };
32
+ export type PaymentLinkStatus = 'active' | 'inactive' | 'expired';
33
+ export type PaymentLinkItem = {
34
+ catalogItemId: string;
35
+ quantity: number;
36
+ unitPrice: number;
37
+ };
38
+ export type PaymentLink = {
39
+ id: string;
40
+ url: string;
41
+ mode: 'test' | 'live';
42
+ curlessMerchantId: string;
43
+ amount: number;
44
+ currency: string;
45
+ description?: string | null;
46
+ items: PaymentLinkItem[];
47
+ status: PaymentLinkStatus;
48
+ maxUses?: number | null;
49
+ useCount: number;
50
+ expiresAt?: string | null;
51
+ createdAt: string;
52
+ };
53
+ export type Paginated<T> = {
54
+ data: T[];
55
+ pagination: {
56
+ limit: number;
57
+ offset: number;
58
+ count: number;
59
+ };
60
+ };
61
+ export type LedgerEntryView = {
62
+ transactionId: string;
63
+ purpose: string;
64
+ referenceType?: string | null;
65
+ referenceId?: string | null;
66
+ walletId: string;
67
+ walletKind?: string | null;
68
+ direction: 'debit' | 'credit';
69
+ amount: number;
70
+ currency: string;
71
+ createdAt: string;
72
+ };
73
+ export type PaymentIntentLedger = {
74
+ paymentIntentId: string;
75
+ data: LedgerEntryView[];
76
+ };
77
+ export type BalanceTransaction = LedgerEntryView & {
78
+ paymentIntentId: string;
79
+ };
80
+ //# sourceMappingURL=types.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAKA,MAAM,MAAM,mBAAmB,GAC3B,WAAW,GACX,YAAY,GACZ,aAAa,GACb,UAAU,GACV,SAAS,GACT,YAAY,GACZ,QAAQ,GACR,oBAAoB,GACpB,UAAU,GACV,UAAU,CAAC;AAEf,MAAM,MAAM,eAAe,GACvB,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,KAAK,GACL,MAAM,GACN,KAAK,GACL,SAAS,GACT,KAAK,GACL,IAAI,GACJ,QAAQ,CAAC;AAEb,MAAM,MAAM,aAAa,GAAG;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,QAAQ,EAAE,eAAe,CAAC;IAC1B,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,MAAM,EAAE,mBAAmB,CAAC;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,cAAc,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG,QAAQ,GAAG,UAAU,CAAC;AAGnD,MAAM,MAAM,QAAQ,GAAG;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,MAAM,EAAE,cAAc,CAAC;IACvB,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAChC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG,QAAQ,GAAG,UAAU,GAAG,SAAS,CAAC;AAElE,MAAM,MAAM,eAAe,GAAG;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,EAAE,EAAE,MAAM,CAAC;IAEX,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,GAAG,MAAM,CAAC;IACtB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,KAAK,EAAE,eAAe,EAAE,CAAC;IACzB,MAAM,EAAE,iBAAiB,CAAC;IAC1B,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,SAAS,CAAC,CAAC,IAAI;IACzB,IAAI,EAAE,CAAC,EAAE,CAAC;IACV,UAAU,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;CAC9D,CAAC;AAKF,MAAM,MAAM,eAAe,GAAG;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,SAAS,EAAE,OAAO,GAAG,QAAQ,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAGF,MAAM,MAAM,mBAAmB,GAAG;IAChC,eAAe,EAAE,MAAM,CAAC;IACxB,IAAI,EAAE,eAAe,EAAE,CAAC;CACzB,CAAC;AAGF,MAAM,MAAM,kBAAkB,GAAG,eAAe,GAAG;IAAE,eAAe,EAAE,MAAM,CAAA;CAAE,CAAC"}
package/dist/types.js ADDED
@@ -0,0 +1,6 @@
1
+ // Shared API resource types — the shapes both the buyer and merchant SDKs
2
+ // return. Kept loose (some fields optional) so a minor server-side addition
3
+ // doesn't break consumers. SDK-specific types (Agent, SpendAuthorization,
4
+ // WebhookEndpoint, …) live in each SDK's own types module.
5
+ export {};
6
+ //# sourceMappingURL=types.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,4EAA4E;AAC5E,0EAA0E;AAC1E,2DAA2D"}
package/package.json ADDED
@@ -0,0 +1,45 @@
1
+ {
2
+ "name": "@curless/agentbank-core",
3
+ "version": "0.0.1",
4
+ "description": "Shared runtime primitives for the agentbank SDKs. Edge-safe crypto (Web Crypto API, no node:crypto) so the buyer / merchant / protocol SDKs run unchanged on Node 18+, Vercel Edge, Cloudflare Workers and Deno.",
5
+ "license": "MIT",
6
+ "type": "module",
7
+ "files": [
8
+ "dist",
9
+ "README.md"
10
+ ],
11
+ "publishConfig": {
12
+ "access": "public"
13
+ },
14
+ "exports": {
15
+ ".": {
16
+ "types": "./dist/index.d.ts",
17
+ "default": "./dist/index.js"
18
+ },
19
+ "./crypto": {
20
+ "types": "./dist/crypto.d.ts",
21
+ "default": "./dist/crypto.js"
22
+ }
23
+ },
24
+ "devDependencies": {
25
+ "@types/node": "^22.10.1",
26
+ "typescript": "^5.6.3",
27
+ "vitest": "^2.1.9"
28
+ },
29
+ "engines": {
30
+ "node": ">=18"
31
+ },
32
+ "keywords": [
33
+ "agentbank",
34
+ "curless",
35
+ "webcrypto",
36
+ "edge-runtime",
37
+ "hmac"
38
+ ],
39
+ "scripts": {
40
+ "build": "tsc",
41
+ "typecheck": "tsc --noEmit",
42
+ "test": "vitest run",
43
+ "clean": "rm -rf dist"
44
+ }
45
+ }