@dominusnode/sdk 1.0.0

package/dist/cjs/resources/teams.d.ts

@@ -0,0 +1,93 @@
+import type { HttpClient } from "../http.js";
+export interface Team {
+    id: string;
+    name: string;
+    ownerId: string;
+    maxMembers: number;
+    status: string;
+    balanceCents: number;
+    createdAt: string;
+}
+export interface TeamMember {
+    id: string;
+    teamId: string;
+    userId: string;
+    email: string;
+    role: string;
+    joinedAt: string;
+}
+export interface TeamInvite {
+    id: string;
+    teamId: string;
+    email: string;
+    role: string;
+    token: string;
+    expiresAt: string;
+    createdAt: string;
+}
+export interface TeamKey {
+    id: string;
+    keyPrefix: string;
+    label: string;
+    createdAt: string;
+}
+export interface TeamKeyCreateResponse {
+    id: string;
+    key: string;
+    keyPrefix: string;
+    label: string;
+}
+export interface TeamListResponse {
+    teams: Team[];
+}
+export interface TeamDeleteResponse {
+    refundedCents: number;
+}
+export interface TeamFundResponse {
+    transaction: TeamTransaction;
+}
+export interface TeamTransaction {
+    id: string;
+    teamId: string;
+    type: string;
+    amountCents: number;
+    description: string;
+    createdAt: string;
+}
+export interface TeamTransactionsResponse {
+    transactions: TeamTransaction[];
+}
+export interface TeamMembersResponse {
+    members: TeamMember[];
+}
+export interface TeamInvitesResponse {
+    invites: TeamInvite[];
+}
+export interface TeamKeysResponse {
+    keys: TeamKey[];
+}
+export declare class TeamsResource {
+    private http;
+    constructor(http: HttpClient);
+    create(name: string, maxMembers?: number): Promise<Team>;
+    list(): Promise<Team[]>;
+    get(teamId: string): Promise<Team>;
+    update(teamId: string, updates: {
+        name?: string;
+        maxMembers?: number;
+    }): Promise<Team>;
+    delete(teamId: string): Promise<TeamDeleteResponse>;
+    fundWallet(teamId: string, amountCents: number): Promise<TeamFundResponse>;
+    getTransactions(teamId: string, limit?: number, offset?: number): Promise<TeamTransactionsResponse>;
+    listMembers(teamId: string): Promise<TeamMembersResponse>;
+    addMember(teamId: string, email: string, role?: string): Promise<TeamMember>;
+    updateMemberRole(teamId: string, userId: string, role: string): Promise<TeamMember>;
+    removeMember(teamId: string, userId: string): Promise<void>;
+    createInvite(teamId: string, email: string, role?: string): Promise<TeamInvite>;
+    listInvites(teamId: string): Promise<TeamInvitesResponse>;
+    cancelInvite(teamId: string, inviteId: string): Promise<void>;
+    acceptInvite(token: string): Promise<TeamMember>;
+    createKey(teamId: string, label: string): Promise<TeamKeyCreateResponse>;
+    listKeys(teamId: string): Promise<TeamKeysResponse>;
+    revokeKey(teamId: string, keyId: string): Promise<void>;
+}

package/dist/cjs/resources/teams.js

@@ -0,0 +1,82 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TeamsResource = void 0;
+class TeamsResource {
+    http;
+    constructor(http) {
+        this.http = http;
+    }
+    async create(name, maxMembers) {
+        const body = { name };
+        if (maxMembers !== undefined)
+            body.maxMembers = maxMembers;
+        return this.http.post("/api/teams", body);
+    }
+    async list() {
+        return this.http.get("/api/teams");
+    }
+    async get(teamId) {
+        return this.http.get(`/api/teams/${encodeURIComponent(teamId)}`);
+    }
+    async update(teamId, updates) {
+        return this.http.patch(`/api/teams/${encodeURIComponent(teamId)}`, updates);
+    }
+    async delete(teamId) {
+        return this.http.delete(`/api/teams/${encodeURIComponent(teamId)}`);
+    }
+    async fundWallet(teamId, amountCents) {
+        if (!Number.isInteger(amountCents) || amountCents <= 0 || amountCents > 2_147_483_647) {
+            throw new Error("amountCents must be a positive integer <= 2,147,483,647");
+        }
+        return this.http.post(`/api/teams/${encodeURIComponent(teamId)}/wallet/fund`, { amountCents });
+    }
+    async getTransactions(teamId, limit, offset) {
+        const params = new URLSearchParams();
+        if (limit !== undefined)
+            params.set("limit", String(limit));
+        if (offset !== undefined)
+            params.set("offset", String(offset));
+        const qs = params.toString();
+        return this.http.get(`/api/teams/${encodeURIComponent(teamId)}/wallet/transactions${qs ? `?${qs}` : ""}`);
+    }
+    async listMembers(teamId) {
+        return this.http.get(`/api/teams/${encodeURIComponent(teamId)}/members`);
+    }
+    async addMember(teamId, email, role) {
+        const body = { email };
+        if (role !== undefined)
+            body.role = role;
+        return this.http.post(`/api/teams/${encodeURIComponent(teamId)}/members`, body);
+    }
+    async updateMemberRole(teamId, userId, role) {
+        return this.http.patch(`/api/teams/${encodeURIComponent(teamId)}/members/${encodeURIComponent(userId)}`, { role });
+    }
+    async removeMember(teamId, userId) {
+        await this.http.delete(`/api/teams/${encodeURIComponent(teamId)}/members/${encodeURIComponent(userId)}`);
+    }
+    async createInvite(teamId, email, role) {
+        const body = { email };
+        if (role !== undefined)
+            body.role = role;
+        return this.http.post(`/api/teams/${encodeURIComponent(teamId)}/invites`, body);
+    }
+    async listInvites(teamId) {
+        return this.http.get(`/api/teams/${encodeURIComponent(teamId)}/invites`);
+    }
+    async cancelInvite(teamId, inviteId) {
+        await this.http.delete(`/api/teams/${encodeURIComponent(teamId)}/invites/${encodeURIComponent(inviteId)}`);
+    }
+    async acceptInvite(token) {
+        return this.http.post(`/api/teams/invites/${encodeURIComponent(token)}/accept`, {});
+    }
+    async createKey(teamId, label) {
+        return this.http.post(`/api/teams/${encodeURIComponent(teamId)}/keys`, { label });
+    }
+    async listKeys(teamId) {
+        return this.http.get(`/api/teams/${encodeURIComponent(teamId)}/keys`);
+    }
+    async revokeKey(teamId, keyId) {
+        await this.http.delete(`/api/teams/${encodeURIComponent(teamId)}/keys/${encodeURIComponent(keyId)}`);
+    }
+}
+exports.TeamsResource = TeamsResource;

package/dist/cjs/resources/wallet-auth.d.ts

@@ -0,0 +1,66 @@
+import type { HttpClient } from "../http.js";
+import type { TokenManager } from "../token-manager.js";
+import type { User } from "../types.js";
+export interface WalletChallenge {
+    challenge: string;
+    expiresAt: string;
+}
+export interface WalletVerifyResult {
+    token: string;
+    refreshToken: string;
+    user: User;
+    /** When true, the user must complete MFA before authentication is granted. */
+    mfaRequired?: boolean;
+    /** Challenge token to pass to auth.verifyMfa() when mfaRequired is true. */
+    mfaChallengeToken?: string;
+}
+export interface WalletLinkResult {
+    success: boolean;
+    walletAddress: string;
+}
+/**
+ * Wallet-based authentication using EIP-191 signed messages.
+ *
+ * Allows Ethereum wallet holders to authenticate by signing a server-issued
+ * challenge message. Supports account creation, login, and linking a wallet
+ * to an existing account.
+ */
+export declare class WalletAuthResource {
+    private http;
+    private tokenManager;
+    constructor(http: HttpClient, tokenManager: TokenManager);
+    /**
+     * Request a signature challenge for the given Ethereum address.
+     *
+     * The returned challenge must be signed with the wallet's private key
+     * and submitted via `verify()` to complete authentication.
+     *
+     * This endpoint does not require authentication.
+     */
+    challenge(address: string): Promise<WalletChallenge>;
+    /**
+     * Submit a signed challenge to create an account or log in.
+     *
+     * If the address is not yet associated with an account, a new one is created.
+     * Returns JWT tokens and user information on success.
+     * Tokens are automatically stored for subsequent authenticated requests.
+     *
+     * This endpoint does not require authentication.
+     *
+     * @param address - Ethereum address (0x-prefixed, 40 hex chars)
+     * @param signature - EIP-191 signature of the challenge message
+     * @param challenge - Optional: the challenge string (server looks up internally)
+     */
+    verify(address: string, signature: string, challenge?: string): Promise<WalletVerifyResult>;
+    /**
+     * Link an Ethereum wallet to the currently authenticated account.
+     *
+     * Requires JWT authentication. The challenge must have been previously
+     * obtained via `challenge()` and signed with the wallet.
+     *
+     * @param address - Ethereum address
+     * @param signature - EIP-191 signature
+     * @param challenge - Optional: the challenge string
+     */
+    link(address: string, signature: string, challenge?: string): Promise<WalletLinkResult>;
+}

package/dist/cjs/resources/wallet-auth.js

@@ -0,0 +1,105 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WalletAuthResource = void 0;
+// Ethereum address validation: 0x followed by 40 hex characters
+const ETH_ADDRESS_RE = /^0x[0-9a-fA-F]{40}$/;
+// EIP-191 signature format: 0x prefix + 130 hex chars (65 bytes)
+const EIP191_SIGNATURE_RE = /^0x[0-9a-fA-F]{130}$/;
+const MAX_SIGNATURE_LENGTH = 200;
+function validateAddress(address) {
+    if (!address || typeof address !== "string") {
+        throw new Error("address is required and must be a string");
+    }
+    if (!ETH_ADDRESS_RE.test(address)) {
+        throw new Error("address must be a valid Ethereum address (0x followed by 40 hex characters)");
+    }
+}
+function validateSignature(signature) {
+    if (!signature || typeof signature !== "string") {
+        throw new Error("signature is required and must be a string");
+    }
+    // Max length check before regex
+    if (signature.length > MAX_SIGNATURE_LENGTH) {
+        throw new Error(`signature must not exceed ${MAX_SIGNATURE_LENGTH} characters`);
+    }
+    // EIP-191 format validation
+    if (!EIP191_SIGNATURE_RE.test(signature)) {
+        throw new Error("signature must be a valid EIP-191 signature (0x followed by 130 hex characters)");
+    }
+}
+/**
+ * Wallet-based authentication using EIP-191 signed messages.
+ *
+ * Allows Ethereum wallet holders to authenticate by signing a server-issued
+ * challenge message. Supports account creation, login, and linking a wallet
+ * to an existing account.
+ */
+class WalletAuthResource {
+    http;
+    tokenManager;
+    constructor(http, tokenManager) {
+        this.http = http;
+        this.tokenManager = tokenManager;
+    }
+    /**
+     * Request a signature challenge for the given Ethereum address.
+     *
+     * The returned challenge must be signed with the wallet's private key
+     * and submitted via `verify()` to complete authentication.
+     *
+     * This endpoint does not require authentication.
+     */
+    async challenge(address) {
+        validateAddress(address);
+        return this.http.post("/api/auth/wallet/challenge", { address }, false);
+    }
+    /**
+     * Submit a signed challenge to create an account or log in.
+     *
+     * If the address is not yet associated with an account, a new one is created.
+     * Returns JWT tokens and user information on success.
+     * Tokens are automatically stored for subsequent authenticated requests.
+     *
+     * This endpoint does not require authentication.
+     *
+     * @param address - Ethereum address (0x-prefixed, 40 hex chars)
+     * @param signature - EIP-191 signature of the challenge message
+     * @param challenge - Optional: the challenge string (server looks up internally)
+     */
+    async verify(address, signature, challenge) {
+        validateAddress(address);
+        validateSignature(signature);
+        const body = { address, signature };
+        if (challenge)
+            body.challenge = challenge;
+        const result = await this.http.post("/api/auth/wallet/verify", body, false);
+        // Detect MFA-required response — don't store tokens, surface to caller
+        if (result.mfaRequired) {
+            return result;
+        }
+        // Store tokens after verify (matching Python/Go/Java SDKs)
+        if (result.token && result.refreshToken) {
+            this.tokenManager.setTokens(result.token, result.refreshToken);
+        }
+        return result;
+    }
+    /**
+     * Link an Ethereum wallet to the currently authenticated account.
+     *
+     * Requires JWT authentication. The challenge must have been previously
+     * obtained via `challenge()` and signed with the wallet.
+     *
+     * @param address - Ethereum address
+     * @param signature - EIP-191 signature
+     * @param challenge - Optional: the challenge string
+     */
+    async link(address, signature, challenge) {
+        validateAddress(address);
+        validateSignature(signature);
+        const body = { address, signature };
+        if (challenge)
+            body.challenge = challenge;
+        return this.http.post("/api/auth/wallet/link", body);
+    }
+}
+exports.WalletAuthResource = WalletAuthResource;

package/dist/cjs/resources/x402.d.ts

@@ -0,0 +1,39 @@
+import type { HttpClient } from "../http.js";
+export interface X402Facilitator {
+    address: string;
+    chain: string;
+    network: string;
+}
+export interface X402Pricing {
+    perRequestCents: number;
+    perGbCents: number;
+    currency: string;
+}
+export interface X402Info {
+    supported: boolean;
+    enabled: boolean;
+    protocol: string;
+    version: string;
+    facilitators: X402Facilitator[];
+    pricing: X402Pricing;
+    currencies: string[];
+    walletType: string;
+    agenticWallets: boolean;
+}
+/**
+ * x402 (HTTP 402 Payment Required) protocol information.
+ *
+ * Provides details about x402 micropayment support, facilitator addresses,
+ * pricing, and supported chains/currencies for AI agent payments.
+ */
+export declare class X402Resource {
+    private http;
+    constructor(http: HttpClient);
+    /**
+     * Get x402 protocol information including facilitator details,
+     * pricing, supported chains, and currencies.
+     *
+     * This endpoint does not require authentication.
+     */
+    getInfo(): Promise<X402Info>;
+}

package/dist/cjs/resources/x402.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.X402Resource = void 0;
+/**
+ * x402 (HTTP 402 Payment Required) protocol information.
+ *
+ * Provides details about x402 micropayment support, facilitator addresses,
+ * pricing, and supported chains/currencies for AI agent payments.
+ */
+class X402Resource {
+    http;
+    constructor(http) {
+        this.http = http;
+    }
+    /**
+     * Get x402 protocol information including facilitator details,
+     * pricing, supported chains, and currencies.
+     *
+     * This endpoint does not require authentication.
+     */
+    async getInfo() {
+        return this.http.get("/api/x402/info", false);
+    }
+}
+exports.X402Resource = X402Resource;

package/dist/cjs/sessions.d.ts

@@ -0,0 +1,15 @@
+import type { HttpClient } from "./http.js";
+export interface ActiveSessionEntry {
+    id: string;
+    startedAt: string;
+    status: string;
+}
+export interface ActiveSessionsResponse {
+    sessions: ActiveSessionEntry[];
+}
+export declare class SessionsResource {
+    private http;
+    constructor(http: HttpClient);
+    /** Get all active proxy sessions for the authenticated user. */
+    getActive(): Promise<ActiveSessionsResponse>;
+}

package/dist/cjs/sessions.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionsResource = void 0;
+class SessionsResource {
+    http;
+    constructor(http) {
+        this.http = http;
+    }
+    /** Get all active proxy sessions for the authenticated user. */
+    async getActive() {
+        return this.http.get("/api/sessions/active");
+    }
+}
+exports.SessionsResource = SessionsResource;

package/dist/cjs/slots.d.ts

@@ -0,0 +1,9 @@
+import type { HttpClient } from "./http.js";
+import type { SlotsInfo, WaitlistJoinResult, WaitlistCount } from "./types.js";
+export declare class SlotsResource {
+    private http;
+    constructor(http: HttpClient);
+    getSlots(): Promise<SlotsInfo>;
+    joinWaitlist(email: string): Promise<WaitlistJoinResult>;
+    getWaitlistCount(): Promise<WaitlistCount>;
+}

package/dist/cjs/slots.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SlotsResource = void 0;
+class SlotsResource {
+    http;
+    constructor(http) {
+        this.http = http;
+    }
+    async getSlots() {
+        return this.http.get("/api/slots", false);
+    }
+    async joinWaitlist(email) {
+        return this.http.post("/api/waitlist/join", { email }, false);
+    }
+    async getWaitlistCount() {
+        return this.http.get("/api/waitlist/count", false);
+    }
+}
+exports.SlotsResource = SlotsResource;

package/dist/cjs/token-manager.d.ts

@@ -0,0 +1,21 @@
+export declare class TokenManager {
+    private accessToken;
+    private refreshTokenValue;
+    private refreshPromise;
+    private refreshFn;
+    setTokens(access: string, refresh?: string): void;
+    setRefreshFunction(fn: (refreshToken: string) => Promise<{
+        accessToken: string;
+        refreshToken?: string;
+    }>): void;
+    getAccessToken(): string | null;
+    getRefreshToken(): string | null;
+    isExpired(token: string): boolean;
+    getValidToken(): Promise<string>;
+    /**
+     * Force a token refresh regardless of expiry state.
+     * Used after a 401 response to avoid re-using a rejected token.
+     */
+    forceRefresh(): Promise<string>;
+    clear(): void;
+}

package/dist/cjs/token-manager.js

@@ -0,0 +1,105 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenManager = void 0;
+const constants_js_1 = require("./constants.js");
+const errors_js_1 = require("./errors.js");
+class TokenManager {
+    accessToken = null;
+    refreshTokenValue = null;
+    refreshPromise = null;
+    refreshFn = null;
+    setTokens(access, refresh) {
+        this.accessToken = access;
+        if (refresh)
+            this.refreshTokenValue = refresh;
+    }
+    setRefreshFunction(fn) {
+        this.refreshFn = fn;
+    }
+    getAccessToken() {
+        return this.accessToken;
+    }
+    getRefreshToken() {
+        return this.refreshTokenValue;
+    }
+    isExpired(token) {
+        try {
+            const parts = token.split(".");
+            if (parts.length !== 3)
+                return true;
+            const payload = JSON.parse(Buffer.from(parts[1].replace(/-/g, "+").replace(/_/g, "/"), "base64").toString());
+            return payload.exp * 1000 < Date.now() + constants_js_1.TOKEN_REFRESH_BUFFER_MS;
+        }
+        catch {
+            return true;
+        }
+    }
+    async getValidToken() {
+        if (this.accessToken && !this.isExpired(this.accessToken)) {
+            return this.accessToken;
+        }
+        if (!this.refreshTokenValue || !this.refreshFn) {
+            throw new errors_js_1.AuthenticationError("No valid token and cannot refresh");
+        }
+        // Singleton refresh
+        if (this.refreshPromise)
+            return this.refreshPromise;
+        this.refreshPromise = (async () => {
+            try {
+                const result = await this.refreshFn(this.refreshTokenValue);
+                this.accessToken = result.accessToken;
+                if (result.refreshToken) {
+                    this.refreshTokenValue = result.refreshToken;
+                }
+                return this.accessToken;
+            }
+            catch (err) {
+                // Clear tokens on refresh failure to prevent rapid-fire retry loops
+                this.accessToken = null;
+                this.refreshTokenValue = null;
+                throw err;
+            }
+            finally {
+                this.refreshPromise = null;
+            }
+        })();
+        return this.refreshPromise;
+    }
+    /**
+     * Force a token refresh regardless of expiry state.
+     * Used after a 401 response to avoid re-using a rejected token.
+     */
+    async forceRefresh() {
+        if (!this.refreshTokenValue || !this.refreshFn) {
+            throw new errors_js_1.AuthenticationError("No valid token and cannot refresh");
+        }
+        // Singleton refresh (reuse in-flight refresh if one is already happening)
+        if (this.refreshPromise)
+            return this.refreshPromise;
+        this.refreshPromise = (async () => {
+            try {
+                const result = await this.refreshFn(this.refreshTokenValue);
+                this.accessToken = result.accessToken;
+                if (result.refreshToken) {
+                    this.refreshTokenValue = result.refreshToken;
+                }
+                return this.accessToken;
+            }
+            catch (err) {
+                this.accessToken = null;
+                this.refreshTokenValue = null;
+                throw err;
+            }
+            finally {
+                this.refreshPromise = null;
+            }
+        })();
+        return this.refreshPromise;
+    }
+    clear() {
+        this.accessToken = null;
+        this.refreshTokenValue = null;
+        this.refreshPromise = null;
+    }
+}
+exports.TokenManager = TokenManager;