@curless/agentbank-merchant-sdk 0.0.5 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/dist/client.d.ts +2 -6
- package/dist/client.d.ts.map +1 -1
- package/dist/client.js +2 -28
- package/dist/client.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/types.d.ts +1 -79
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +3 -2
- package/dist/types.js.map +1 -1
- package/dist/webhooks.d.ts +2 -2
- package/dist/webhooks.d.ts.map +1 -1
- package/dist/webhooks.js +11 -8
- package/dist/webhooks.js.map +1 -1
- package/package.json +12 -10
package/README.md
CHANGED
|
@@ -6,7 +6,7 @@ TikTok Shop seller service, anything that wants to **accept agent payments**)
|
|
|
6
6
|
and you get:
|
|
7
7
|
|
|
8
8
|
- **`AgentbankMerchant`** — typed client for `PaymentIntents` (create/get/capture/list across ACP / x402 / AP2 / UCP / A2A) and `WebhookEndpoints`.
|
|
9
|
-
- **`verifyWebhook` / `parseVerifiedWebhook`** — HMAC-SHA256 signature verification (Stripe-style `t=…,v1=…`), constant-time.
|
|
9
|
+
- **`verifyWebhook` / `parseVerifiedWebhook`** — HMAC-SHA256 signature verification (Stripe-style `t=…,v1=…`), constant-time, **edge-safe** (Web Crypto, runs on Vercel Edge / Cloudflare Workers). Async — `await` them.
|
|
10
10
|
- **`x402`** — `buildChallenge()` to emit your own canonical 402 from your route, `decodeXPaymentHeader()` to parse what the agent paid with.
|
|
11
11
|
|
|
12
12
|
Zero runtime dependencies (pure `fetch` + `node:crypto`). Node 18+.
|
|
@@ -30,8 +30,8 @@ const pi = await client.paymentIntents.create({
|
|
|
30
30
|
idempotencyKey: req.headers['idempotency-key'],
|
|
31
31
|
});
|
|
32
32
|
|
|
33
|
-
// Verify an inbound agentbank webhook
|
|
34
|
-
const event = parseVerifiedWebhook(
|
|
33
|
+
// Verify an inbound agentbank webhook (edge-safe; HMAC is async)
|
|
34
|
+
const event = await parseVerifiedWebhook(
|
|
35
35
|
process.env.WEBHOOK_SECRET!, // whsec_… from /v1/webhook-endpoints
|
|
36
36
|
await req.text(), // RAW body, NOT JSON-parsed
|
|
37
37
|
req.headers['x-agentbank-signature'],
|
package/dist/client.d.ts
CHANGED
|
@@ -1,14 +1,10 @@
|
|
|
1
|
+
import { type FetchLike, type RequestOptions } from '@curless/agentbank-core';
|
|
1
2
|
import { BalanceTransactionsResource } from './resources/balance-transactions.js';
|
|
2
3
|
import { CustomersResource } from './resources/customers.js';
|
|
3
4
|
import { PaymentIntentsResource } from './resources/payment-intents.js';
|
|
4
5
|
import { PaymentLinksResource } from './resources/payment-links.js';
|
|
5
6
|
import { WebhookEndpointsResource } from './resources/webhook-endpoints.js';
|
|
6
|
-
export type FetchLike
|
|
7
|
-
export type RequestOptions = {
|
|
8
|
-
query?: Record<string, string | number | undefined>;
|
|
9
|
-
body?: unknown;
|
|
10
|
-
idempotencyKey?: string;
|
|
11
|
-
};
|
|
7
|
+
export type { FetchLike, RequestOptions } from '@curless/agentbank-core';
|
|
12
8
|
export type AgentbankMerchantOptions = {
|
|
13
9
|
baseUrl: string;
|
|
14
10
|
apiKey: string;
|
package/dist/client.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,SAAS,EAAE,KAAK,cAAc,EAAsB,MAAM,yBAAyB,CAAC;AAClG,OAAO,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAC;AAClF,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,wBAAwB,EAAE,MAAM,kCAAkC,CAAC;AAE5E,YAAY,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAEzE,MAAM,MAAM,wBAAwB,GAAG;IACrC,OAAO,EAAE,MAAM,CAAC;IAEhB,MAAM,EAAE,MAAM,CAAC;IAEf,KAAK,CAAC,EAAE,SAAS,CAAC;CACnB,CAAC;AAOF,qBAAa,iBAAiB;IAC5B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;IACtC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAEhC,QAAQ,CAAC,cAAc,EAAE,sBAAsB,CAAC;IAChD,QAAQ,CAAC,YAAY,EAAE,oBAAoB,CAAC;IAC5C,QAAQ,CAAC,gBAAgB,EAAE,wBAAwB,CAAC;IACpD,QAAQ,CAAC,SAAS,EAAE,iBAAiB,CAAC;IACtC,QAAQ,CAAC,mBAAmB,EAAE,2BAA2B,CAAC;gBAE9C,IAAI,EAAE,wBAAwB;IAW1C,gBAAgB;IACV,OAAO,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,GAAE,cAAmB,GAAG,OAAO,CAAC,CAAC,CAAC;CActF"}
|
package/dist/client.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { buildUrl, sendJson } from '@curless/agentbank-core';
|
|
2
2
|
import { BalanceTransactionsResource } from './resources/balance-transactions.js';
|
|
3
3
|
import { CustomersResource } from './resources/customers.js';
|
|
4
4
|
import { PaymentIntentsResource } from './resources/payment-intents.js';
|
|
@@ -30,39 +30,13 @@ export class AgentbankMerchant {
|
|
|
30
30
|
}
|
|
31
31
|
/** @internal */
|
|
32
32
|
async request(method, path, opts = {}) {
|
|
33
|
-
const url = new URL(`${this.baseUrl}${path}`);
|
|
34
|
-
if (opts.query) {
|
|
35
|
-
for (const [k, v] of Object.entries(opts.query)) {
|
|
36
|
-
if (v !== undefined)
|
|
37
|
-
url.searchParams.set(k, String(v));
|
|
38
|
-
}
|
|
39
|
-
}
|
|
40
33
|
const headers = {
|
|
41
34
|
'content-type': 'application/json',
|
|
42
35
|
authorization: `Bearer ${this.apiKey}`,
|
|
43
36
|
};
|
|
44
37
|
if (opts.idempotencyKey)
|
|
45
38
|
headers['idempotency-key'] = opts.idempotencyKey;
|
|
46
|
-
|
|
47
|
-
method,
|
|
48
|
-
headers,
|
|
49
|
-
body: opts.body === undefined ? undefined : JSON.stringify(opts.body),
|
|
50
|
-
});
|
|
51
|
-
const text = await res.text();
|
|
52
|
-
const json = text ? JSON.parse(text) : undefined;
|
|
53
|
-
if (!res.ok)
|
|
54
|
-
throw toError(res.status, json);
|
|
55
|
-
return json;
|
|
39
|
+
return sendJson(this.fetchImpl, buildUrl(this.baseUrl, path, opts.query), method, headers, opts.body);
|
|
56
40
|
}
|
|
57
41
|
}
|
|
58
|
-
const toError = (status, json) => {
|
|
59
|
-
if (json && typeof json === 'object') {
|
|
60
|
-
const o = json;
|
|
61
|
-
if (o.error && typeof o.error === 'object') {
|
|
62
|
-
const e = o.error;
|
|
63
|
-
return new AgentbankError(status, String(e.code ?? 'error'), String(e.message ?? 'request failed'), e.details);
|
|
64
|
-
}
|
|
65
|
-
}
|
|
66
|
-
return new AgentbankError(status, 'error', `request failed with status ${status}`);
|
|
67
|
-
};
|
|
68
42
|
//# sourceMappingURL=client.js.map
|
package/dist/client.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAuC,QAAQ,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AAClG,OAAO,EAAE,2BAA2B,EAAE,MAAM,qCAAqC,CAAC;AAClF,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,sBAAsB,EAAE,MAAM,gCAAgC,CAAC;AACxE,OAAO,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AACpE,OAAO,EAAE,wBAAwB,EAAE,MAAM,kCAAkC,CAAC;AAY5E,wEAAwE;AACxE,sEAAsE;AACtE,sEAAsE;AACtE,iEAAiE;AACjE,gCAAgC;AAChC,MAAM,OAAO,iBAAiB;IACnB,OAAO,CAAS;IACR,SAAS,CAAY;IACrB,MAAM,CAAS;IAEvB,cAAc,CAAyB;IACvC,YAAY,CAAuB;IACnC,gBAAgB,CAA2B;IAC3C,SAAS,CAAoB;IAC7B,mBAAmB,CAA8B;IAE1D,YAAY,IAA8B;QACxC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QAChD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;QAC1B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC;QACrC,IAAI,CAAC,cAAc,GAAG,IAAI,sBAAsB,CAAC,IAAI,CAAC,CAAC;QACvD,IAAI,CAAC,YAAY,GAAG,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAAC;QACnD,IAAI,CAAC,gBAAgB,GAAG,IAAI,wBAAwB,CAAC,IAAI,CAAC,CAAC;QAC3D,IAAI,CAAC,SAAS,GAAG,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,CAAC,mBAAmB,GAAG,IAAI,2BAA2B,CAAC,IAAI,CAAC,CAAC;IACnE,CAAC;IAED,gBAAgB;IAChB,KAAK,CAAC,OAAO,CAAI,MAAc,EAAE,IAAY,EAAE,OAAuB,EAAE;QACtE,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,kBAAkB;YAClC,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE;SACvC,CAAC;QACF,IAAI,IAAI,CAAC,cAAc;YAAE,OAAO,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC;QAC1E,OAAO,QAAQ,CACb,IAAI,CAAC,SAAS,EACd,QAAQ,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,EACxC,MAAM,EACN,OAAO,EACP,IAAI,CAAC,IAAI,CACV,CAAC;IACJ,CAAC;CACF"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
export { AgentbankMerchant } from './client.js';
|
|
2
2
|
export type { AgentbankMerchantOptions, FetchLike, RequestOptions, } from './client.js';
|
|
3
|
-
export { AgentbankError } from '
|
|
3
|
+
export { AgentbankError } from '@curless/agentbank-core';
|
|
4
4
|
export type { BalanceTransaction, Customer, CustomerStatus, LedgerEntryView, Paginated, PaymentIntent, PaymentIntentLedger, PaymentIntentStatus, PaymentLink, PaymentLinkItem, PaymentLinkStatus, PaymentProtocol, WebhookEndpoint, WebhookEndpointWithSecret, X402PaymentRequirements, } from './types.js';
|
|
5
5
|
export type { CreateCustomerInput, UpdateCustomerInput } from './resources/customers.js';
|
|
6
6
|
export type { CreatePaymentIntentInput } from './resources/payment-intents.js';
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,YAAY,EACV,wBAAwB,EACxB,SAAS,EACT,cAAc,GACf,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,cAAc,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAChD,YAAY,EACV,wBAAwB,EACxB,SAAS,EACT,cAAc,GACf,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AACzD,YAAY,EACV,kBAAkB,EAClB,QAAQ,EACR,cAAc,EACd,eAAe,EACf,SAAS,EACT,aAAa,EACb,mBAAmB,EACnB,mBAAmB,EACnB,WAAW,EACX,eAAe,EACf,iBAAiB,EACjB,eAAe,EACf,eAAe,EACf,yBAAyB,EACzB,uBAAuB,GACxB,MAAM,YAAY,CAAC;AACpB,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AACzF,YAAY,EAAE,wBAAwB,EAAE,MAAM,gCAAgC,CAAC;AAC/E,YAAY,EAAE,sBAAsB,EAAE,MAAM,8BAA8B,CAAC;AAC3E,YAAY,EAAE,0BAA0B,EAAE,MAAM,kCAAkC,CAAC;AACnF,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,aAAa,GACd,MAAM,eAAe,CAAC;AACvB,YAAY,EAAE,oBAAoB,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAExE,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,CAAC;AAChB,YAAY,EACV,mBAAmB,EACnB,eAAe,EACf,iBAAiB,GAClB,MAAM,WAAW,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
export { AgentbankMerchant } from './client.js';
|
|
2
|
-
export { AgentbankError } from '
|
|
2
|
+
export { AgentbankError } from '@curless/agentbank-core';
|
|
3
3
|
export { WEBHOOK_SIGNATURE_HEADER, parseVerifiedWebhook, verifyWebhook, } from './webhooks.js';
|
|
4
4
|
// x402 helpers — namespaced so consumers `import { x402 } from ...`.
|
|
5
5
|
import * as x402 from './x402.js';
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAMhD,OAAO,EAAE,cAAc,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAMhD,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAsBzD,OAAO,EACL,wBAAwB,EACxB,oBAAoB,EACpB,aAAa,GACd,MAAM,eAAe,CAAC;AAEvB,qEAAqE;AACrE,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -1,42 +1,4 @@
|
|
|
1
|
-
export type
|
|
2
|
-
export type PaymentProtocol = 'a2a' | 'acp' | 'ap2' | 'ucp' | 'mcp' | 'x402' | 'tap' | 'mc' | 'direct';
|
|
3
|
-
export type PaymentIntent = {
|
|
4
|
-
id: string;
|
|
5
|
-
organizationId: string | null;
|
|
6
|
-
agentId?: string | null;
|
|
7
|
-
curlessMerchantId: string;
|
|
8
|
-
protocol: PaymentProtocol;
|
|
9
|
-
rail?: string | null;
|
|
10
|
-
status: PaymentIntentStatus;
|
|
11
|
-
amount: number;
|
|
12
|
-
currency: string;
|
|
13
|
-
railReference?: string | null;
|
|
14
|
-
idempotencyKey?: string | null;
|
|
15
|
-
createdAt: string;
|
|
16
|
-
updatedAt: string;
|
|
17
|
-
settledAt?: string | null;
|
|
18
|
-
};
|
|
19
|
-
export type PaymentLinkStatus = 'active' | 'inactive' | 'expired';
|
|
20
|
-
export type PaymentLinkItem = {
|
|
21
|
-
catalogItemId: string;
|
|
22
|
-
quantity: number;
|
|
23
|
-
unitPrice: number;
|
|
24
|
-
};
|
|
25
|
-
export type PaymentLink = {
|
|
26
|
-
id: string;
|
|
27
|
-
url: string;
|
|
28
|
-
mode: 'test' | 'live';
|
|
29
|
-
curlessMerchantId: string;
|
|
30
|
-
amount: number;
|
|
31
|
-
currency: string;
|
|
32
|
-
description?: string | null;
|
|
33
|
-
items: PaymentLinkItem[];
|
|
34
|
-
status: PaymentLinkStatus;
|
|
35
|
-
maxUses?: number | null;
|
|
36
|
-
useCount: number;
|
|
37
|
-
expiresAt?: string | null;
|
|
38
|
-
createdAt: string;
|
|
39
|
-
};
|
|
1
|
+
export type { BalanceTransaction, Customer, CustomerStatus, LedgerEntryView, Paginated, PaymentIntent, PaymentIntentLedger, PaymentIntentStatus, PaymentLink, PaymentLinkItem, PaymentLinkStatus, PaymentProtocol, } from '@curless/agentbank-core';
|
|
40
2
|
export type WebhookEndpoint = {
|
|
41
3
|
id: string;
|
|
42
4
|
url: string;
|
|
@@ -48,46 +10,6 @@ export type WebhookEndpoint = {
|
|
|
48
10
|
export type WebhookEndpointWithSecret = WebhookEndpoint & {
|
|
49
11
|
secret: string;
|
|
50
12
|
};
|
|
51
|
-
export type CustomerStatus = 'active' | 'disabled';
|
|
52
|
-
export type Customer = {
|
|
53
|
-
id: string;
|
|
54
|
-
organizationId: string;
|
|
55
|
-
externalId?: string | null;
|
|
56
|
-
email?: string | null;
|
|
57
|
-
name?: string | null;
|
|
58
|
-
status: CustomerStatus;
|
|
59
|
-
curlessWalletId?: string | null;
|
|
60
|
-
metadata: Record<string, unknown>;
|
|
61
|
-
createdAt: string;
|
|
62
|
-
updatedAt: string;
|
|
63
|
-
};
|
|
64
|
-
export type Paginated<T> = {
|
|
65
|
-
data: T[];
|
|
66
|
-
pagination: {
|
|
67
|
-
limit: number;
|
|
68
|
-
offset: number;
|
|
69
|
-
count: number;
|
|
70
|
-
};
|
|
71
|
-
};
|
|
72
|
-
export type LedgerEntryView = {
|
|
73
|
-
transactionId: string;
|
|
74
|
-
purpose: string;
|
|
75
|
-
referenceType?: string | null;
|
|
76
|
-
referenceId?: string | null;
|
|
77
|
-
walletId: string;
|
|
78
|
-
walletKind?: string | null;
|
|
79
|
-
direction: 'debit' | 'credit';
|
|
80
|
-
amount: number;
|
|
81
|
-
currency: string;
|
|
82
|
-
createdAt: string;
|
|
83
|
-
};
|
|
84
|
-
export type PaymentIntentLedger = {
|
|
85
|
-
paymentIntentId: string;
|
|
86
|
-
data: LedgerEntryView[];
|
|
87
|
-
};
|
|
88
|
-
export type BalanceTransaction = LedgerEntryView & {
|
|
89
|
-
paymentIntentId: string;
|
|
90
|
-
};
|
|
91
13
|
export type X402PaymentRequirements = {
|
|
92
14
|
scheme: 'exact';
|
|
93
15
|
network: string;
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAIA,YAAY,EACV,kBAAkB,EAClB,QAAQ,EACR,cAAc,EACd,eAAe,EACf,SAAS,EACT,aAAa,EACb,mBAAmB,EACnB,mBAAmB,EACnB,WAAW,EACX,eAAe,EACf,iBAAiB,EACjB,eAAe,GAChB,MAAM,yBAAyB,CAAC;AAEjC,MAAM,MAAM,eAAe,GAAG;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAGF,MAAM,MAAM,yBAAyB,GAAG,eAAe,GAAG;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAI7E,MAAM,MAAM,uBAAuB,GAAG;IACpC,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CAC7C,CAAC"}
|
package/dist/types.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
|
-
// Resource types mirror the agentbank API.
|
|
2
|
-
//
|
|
1
|
+
// Resource types mirror the agentbank API. The shapes shared with the buyer
|
|
2
|
+
// SDK come from @curless/agentbank-core (one definition); merchant-specific
|
|
3
|
+
// types (webhook endpoints, x402 requirements) are defined here.
|
|
3
4
|
export {};
|
|
4
5
|
//# sourceMappingURL=types.js.map
|
package/dist/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,4EAA4E;AAC5E,iEAAiE"}
|
package/dist/webhooks.d.ts
CHANGED
|
@@ -3,12 +3,12 @@ export type VerifyWebhookOptions = {
|
|
|
3
3
|
toleranceSec?: number;
|
|
4
4
|
nowSec?: number;
|
|
5
5
|
};
|
|
6
|
-
export declare const verifyWebhook: (secret: string, rawBody: string, signatureHeader: string | undefined | null, opts?: VerifyWebhookOptions) => boolean
|
|
6
|
+
export declare const verifyWebhook: (secret: string, rawBody: string, signatureHeader: string | undefined | null, opts?: VerifyWebhookOptions) => Promise<boolean>;
|
|
7
7
|
export type WebhookEvent = {
|
|
8
8
|
id: string;
|
|
9
9
|
type: string;
|
|
10
10
|
data: Record<string, unknown>;
|
|
11
11
|
createdAt?: string;
|
|
12
12
|
};
|
|
13
|
-
export declare const parseVerifiedWebhook: (secret: string, rawBody: string, signatureHeader: string | undefined | null, opts?: VerifyWebhookOptions) => WebhookEvent
|
|
13
|
+
export declare const parseVerifiedWebhook: (secret: string, rawBody: string, signatureHeader: string | undefined | null, opts?: VerifyWebhookOptions) => Promise<WebhookEvent>;
|
|
14
14
|
//# sourceMappingURL=webhooks.d.ts.map
|
package/dist/webhooks.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webhooks.d.ts","sourceRoot":"","sources":["../src/webhooks.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"webhooks.d.ts","sourceRoot":"","sources":["../src/webhooks.ts"],"names":[],"mappings":"AAcA,eAAO,MAAM,wBAAwB,0BAA0B,CAAC;AAEhE,MAAM,MAAM,oBAAoB,GAAG;IAEjC,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,eAAO,MAAM,aAAa,GACxB,QAAQ,MAAM,EACd,SAAS,MAAM,EACf,iBAAiB,MAAM,GAAG,SAAS,GAAG,IAAI,EAC1C,OAAM,oBAAyB,KAC9B,OAAO,CAAC,OAAO,CAajB,CAAC;AAIF,MAAM,MAAM,YAAY,GAAG;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,eAAO,MAAM,oBAAoB,GAC/B,QAAQ,MAAM,EACd,SAAS,MAAM,EACf,iBAAiB,MAAM,GAAG,SAAS,GAAG,IAAI,EAC1C,OAAM,oBAAyB,KAC9B,OAAO,CAAC,YAAY,CAYtB,CAAC"}
|
package/dist/webhooks.js
CHANGED
|
@@ -1,12 +1,17 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { hmacSha256Hex, timingSafeEqualHex } from '@curless/agentbank-core';
|
|
2
2
|
// HMAC-SHA256 webhook signature verification (Stripe-style). The signed
|
|
3
3
|
// content is `${timestamp}.${rawBody}` and the header value is
|
|
4
4
|
// `t=<unix seconds>,v1=<hex hmac>`. Header name: `x-agentbank-signature`.
|
|
5
5
|
//
|
|
6
|
+
// Edge-safe: the HMAC runs on the Web Crypto API via @curless/agentbank-core
|
|
7
|
+
// (no node:crypto), so this verifies webhooks in Vercel Edge / Cloudflare
|
|
8
|
+
// Workers handlers as well as Node. Web Crypto's HMAC is async, so these
|
|
9
|
+
// functions return Promises.
|
|
10
|
+
//
|
|
6
11
|
// Always verify against the RAW request body — DO NOT parse JSON first
|
|
7
12
|
// or you'll re-serialize differently and the HMAC won't match.
|
|
8
13
|
export const WEBHOOK_SIGNATURE_HEADER = 'x-agentbank-signature';
|
|
9
|
-
export const verifyWebhook = (secret, rawBody, signatureHeader, opts = {}) => {
|
|
14
|
+
export const verifyWebhook = async (secret, rawBody, signatureHeader, opts = {}) => {
|
|
10
15
|
if (!signatureHeader)
|
|
11
16
|
return false;
|
|
12
17
|
const toleranceSec = opts.toleranceSec ?? 300;
|
|
@@ -18,13 +23,11 @@ export const verifyWebhook = (secret, rawBody, signatureHeader, opts = {}) => {
|
|
|
18
23
|
return false;
|
|
19
24
|
if (Math.abs(nowSec - t) > toleranceSec)
|
|
20
25
|
return false;
|
|
21
|
-
const expected =
|
|
22
|
-
|
|
23
|
-
const want = Buffer.from(expected);
|
|
24
|
-
return got.length === want.length && timingSafeEqual(got, want);
|
|
26
|
+
const expected = await hmacSha256Hex(secret, `${t}.${rawBody}`);
|
|
27
|
+
return timingSafeEqualHex(v1, expected);
|
|
25
28
|
};
|
|
26
|
-
export const parseVerifiedWebhook = (secret, rawBody, signatureHeader, opts = {}) => {
|
|
27
|
-
if (!verifyWebhook(secret, rawBody, signatureHeader, opts)) {
|
|
29
|
+
export const parseVerifiedWebhook = async (secret, rawBody, signatureHeader, opts = {}) => {
|
|
30
|
+
if (!(await verifyWebhook(secret, rawBody, signatureHeader, opts))) {
|
|
28
31
|
throw new Error('invalid webhook signature');
|
|
29
32
|
}
|
|
30
33
|
let event;
|
package/dist/webhooks.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"webhooks.js","sourceRoot":"","sources":["../src/webhooks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"webhooks.js","sourceRoot":"","sources":["../src/webhooks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE5E,wEAAwE;AACxE,+DAA+D;AAC/D,0EAA0E;AAC1E,EAAE;AACF,6EAA6E;AAC7E,0EAA0E;AAC1E,yEAAyE;AACzE,6BAA6B;AAC7B,EAAE;AACF,uEAAuE;AACvE,+DAA+D;AAE/D,MAAM,CAAC,MAAM,wBAAwB,GAAG,uBAAuB,CAAC;AAShE,MAAM,CAAC,MAAM,aAAa,GAAG,KAAK,EAChC,MAAc,EACd,OAAe,EACf,eAA0C,EAC1C,OAA6B,EAAE,EACb,EAAE;IACpB,IAAI,CAAC,eAAe;QAAE,OAAO,KAAK,CAAC;IACnC,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,GAAG,CAAC;IAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAE5D,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,eAAe,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAqB,CAAC,CAAC,CAAC;IAChG,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IAClC,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC5B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE;QAAE,OAAO,KAAK,CAAC;IAC7C,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,YAAY;QAAE,OAAO,KAAK,CAAC;IAEtD,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,OAAO,EAAE,CAAC,CAAC;IAChE,OAAO,kBAAkB,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;AAC1C,CAAC,CAAC;AAWF,MAAM,CAAC,MAAM,oBAAoB,GAAG,KAAK,EACvC,MAAc,EACd,OAAe,EACf,eAA0C,EAC1C,OAA6B,EAAE,EACR,EAAE;IACzB,IAAI,CAAC,CAAC,MAAM,aAAa,CAAC,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,CAAC,CAAC,EAAE,CAAC;QACnE,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IACD,IAAI,KAAmB,CAAC;IACxB,IAAI,CAAC;QACH,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAiB,CAAC;IAC9C,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC5C,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IACzE,OAAO,KAAK,CAAC;AACf,CAAC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@curless/agentbank-merchant-sdk",
|
|
3
|
-
"version": "0.0
|
|
4
|
-
"description": "Merchant-side SDK for agentbank — accept agent payments: PaymentIntents, webhook verification, x402 challenge helpers.",
|
|
3
|
+
"version": "0.1.0",
|
|
4
|
+
"description": "Merchant-side SDK for agentbank — accept agent payments: PaymentIntents, edge-safe webhook verification, x402 challenge helpers.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"type": "module",
|
|
7
7
|
"main": "dist/index.js",
|
|
@@ -16,12 +16,8 @@
|
|
|
16
16
|
"dist",
|
|
17
17
|
"README.md"
|
|
18
18
|
],
|
|
19
|
-
"
|
|
20
|
-
"
|
|
21
|
-
"typecheck": "tsc --noEmit",
|
|
22
|
-
"test": "vitest run",
|
|
23
|
-
"clean": "rm -rf dist",
|
|
24
|
-
"prepublishOnly": "npm run build"
|
|
19
|
+
"dependencies": {
|
|
20
|
+
"@curless/agentbank-core": "0.0.1"
|
|
25
21
|
},
|
|
26
22
|
"devDependencies": {
|
|
27
23
|
"@types/node": "^22.10.1",
|
|
@@ -39,5 +35,11 @@
|
|
|
39
35
|
"merchant",
|
|
40
36
|
"x402",
|
|
41
37
|
"webhook"
|
|
42
|
-
]
|
|
43
|
-
|
|
38
|
+
],
|
|
39
|
+
"scripts": {
|
|
40
|
+
"build": "tsc",
|
|
41
|
+
"typecheck": "tsc --noEmit",
|
|
42
|
+
"test": "vitest run",
|
|
43
|
+
"clean": "rm -rf dist"
|
|
44
|
+
}
|
|
45
|
+
}
|