@genvoris/node 1.0.0 → 1.1.0

package/LICENSE

@@ -1,21 +1,21 @@
-MIT License
-
-Copyright (c) 2025 Genvoris
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+MIT License
+
+Copyright (c) 2025 Genvoris
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,132 +1,184 @@
-# @genvoris/node
-
-Official Node.js SDK for the [Genvoris Virtual Try-On API](https://docs.genvoris.org).
-
-## Requirements
-
-Node.js **18** or higher (uses native `fetch`).
-
-## Installation
-
-```bash
-npm install @genvoris/node
-```
-
-## Quick start
-
-```ts
-import Genvoris from '@genvoris/node';
-
-const gv = new Genvoris({ apiKey: process.env.GENVORIS_API_KEY! });
-
-// Create a customer
-const customer = await gv.customers.create({
-  externalId: 'user_42',
-  email: 'shopper@example.com',
-  planId: 'pln_xxxxxxxx',
-});
-
-// Mint a session token for the widget
-const session = await gv.sessions.mint({ customerId: customer.id });
-// → pass session.token to your frontend
-```
-
-## Resources
-
-### Customers
-
-```ts
-await gv.customers.create({ externalId, email?, planId?, metadata? })
-await gv.customers.retrieve(id)
-await gv.customers.update(id, { email?, planId?, status?, resetPeriod? })
-await gv.customers.list({ status?, limit?, cursor? })
-await gv.customers.cancel(id)
-await gv.customers.usage(id)
-await gv.customers.sessions(id)
-```
-
-### Plans
-
-```ts
-await gv.plans.list({ include_inactive? })
-await gv.plans.create({ name, monthlyTryOns, externalPriceId?, active? })
-await gv.plans.retrieve(id)
-await gv.plans.update(id, { name?, monthlyTryOns?, active? })
-await gv.plans.archive(id)
-```
-
-### Sessions
-
-```ts
-await gv.sessions.mint({ customerId, ttlSeconds? })
-```
-
-### Webhooks
-
-```ts
-await gv.webhooks.list()
-await gv.webhooks.create({ url, secret, events })
-await gv.webhooks.test(id)
-await gv.webhooks.delete(id)
-```
-
-## Webhook verification
-
-```ts
-import { WebhooksResource } from '@genvoris/node';
-
-// In your Express / Next.js handler — pass the raw body, not parsed JSON
-const event = WebhooksResource.verify({
-  payload: req.body,
-  header: req.header('x-genvoris-signature') ?? '',
-  secret: process.env.GENVORIS_WEBHOOK_SECRET!,
-});
-
-console.log(event.type, event.data);
-```
-
-The signature format is `t=<unix>,v1=<hex>`. The signed string is `${timestamp}.${rawBody}` using HMAC-SHA256. Verification uses `crypto.timingSafeEqual`.
-
-## Error handling
-
-```ts
-import {
-  GenvorisAPIError,
-  GenvorisAuthError,
-  GenvorisRateLimitError,
-  GenvorisValidationError,
-} from '@genvoris/node';
-
-try {
-  await gv.customers.retrieve('cus_missing');
-} catch (err) {
-  if (err instanceof GenvorisAuthError) {
-    // 401 / 403 — bad or revoked key
-  } else if (err instanceof GenvorisRateLimitError) {
-    console.log(`retry after ${err.retryAfterSeconds}s`);
-  } else if (err instanceof GenvorisValidationError) {
-    console.error(err.fieldErrors);
-  } else if (err instanceof GenvorisAPIError) {
-    console.error(err.status, err.code, err.requestId);
-  }
-}
-```
-
-The client automatically retries `429`, `502`, `503`, and `504` responses using exponential backoff with jitter (`min(2^n × 250 ms, 8 000 ms)`), up to `maxRetries` (default: 3).
-
-## Configuration
-
-```ts
-const gv = new Genvoris({
-  apiKey: 'gvk_live_...',
-  baseUrl: 'https://genvoris.org/api/v1', // default
-  timeoutMs: 30_000,                       // default 30 s
-  maxRetries: 3,                           // default 3
-  defaultHeaders: { 'X-My-Header': 'val' },
-  fetch: customFetch,                      // bring-your-own fetch
-});
-```
-
-## License
-
-MIT — see [LICENSE](./LICENSE).
+# @genvoris/node
+
+Official Node.js SDK for the [Genvoris Virtual Try-On API](https://docs.genvoris.org).
+
+## Requirements
+
+Node.js **18** or higher (uses native `fetch`).
+
+## Installation
+
+```bash
+npm install @genvoris/node
+```
+
+## Quick start
+
+```ts
+import Genvoris from '@genvoris/node';
+
+// Server-side only. Never expose GENVORIS_API_KEY in browser code.
+const gv = new Genvoris({ apiKey: process.env.GENVORIS_API_KEY! });
+
+// Create a customer
+const customer = await gv.customers.create({
+  externalId: 'user_42',
+  email: 'shopper@example.com',
+  planId: 'pln_xxxxxxxx',
+});
+
+// Mint a session token for the widget
+const session = await gv.sessions.mint({ customerId: customer.id });
+// → pass session.token to your frontend
+```
+
+## Resources
+
+### Customers
+
+```ts
+await gv.customers.create({ externalId, email?, planId?, metadata? })
+await gv.customers.retrieve(id)
+await gv.customers.update(id, { email?, planId?, status?, resetPeriod? })
+await gv.customers.list({ status?, limit?, cursor? })
+await gv.customers.cancel(id)
+await gv.customers.usage(id)
+await gv.customers.sessions(id)
+```
+
+### Plans
+
+```ts
+await gv.plans.list({ include_inactive? })
+await gv.plans.create({ name, monthlyTryOns, externalPriceId?, active? })
+await gv.plans.retrieve(id)
+await gv.plans.update(id, { name?, monthlyTryOns?, active? })
+await gv.plans.archive(id)
+```
+
+### Sessions
+
+```ts
+await gv.sessions.mint({ customerId, ttlSeconds? })
+```
+
+### Events
+
+```ts
+await gv.events.track({
+  sessionId: 'session_12345678',
+  eventType: 'WIDGET_OPENED',
+  productId: 'sku_123',
+  productTitle: 'Linen Shirt',
+  pageUrl: 'https://store.example/products/linen-shirt',
+})
+
+await gv.events.trackBatch([
+  { sessionId, eventType: 'PHOTO_UPLOADED' },
+  { sessionId, eventType: 'TRYON_GENERATED', productId },
+])
+```
+
+### Conversions and returns
+
+```ts
+await gv.conversions.create({
+  orderId: 'order_1001',
+  platform: 'custom',
+  amountCents: 12900,
+  currency: 'USD',
+  quantity: 1,
+  productId: 'sku_123',
+  productTitle: 'Linen Shirt',
+  sessionId: 'session_12345678',
+  customerEmail: 'shopper@example.com',
+})
+
+await gv.returns.create({
+  orderId: 'order_1001',
+  platform: 'custom',
+  refundedAmountCents: 12900,
+  currency: 'USD',
+  reason: 'size_exchange',
+})
+```
+
+### Webhooks
+
+```ts
+await gv.webhooks.list()
+await gv.webhooks.create({ url, secret, events })
+await gv.webhooks.test(id)
+await gv.webhooks.delete(id)
+```
+
+## Hosted widget integration
+
+Use this SDK from your backend to mint short-lived customer session tokens, record conversions/returns, and verify webhooks. For browser-hosted widgets, route try-on and analytics calls through your own same-origin endpoint or another approved public-widget flow; do not place `gvk_live_...` keys in HTML or client JavaScript.
+
+A typical flow is:
+
+1. Backend uses `gv.customers.create(...)` and `gv.sessions.mint(...)`.
+2. Frontend loads `https://api.genvoris.org/widget.js?no_fab=1` with a same-origin `data-api-url`/`data-events-url` and the minted customer token.
+3. Backend records orders with `gv.conversions.create(...)` and refunds with `gv.returns.create(...)`.
+
+## Webhook verification
+
+```ts
+import { WebhooksResource } from '@genvoris/node';
+
+// In your Express / Next.js handler — pass the raw body, not parsed JSON
+const event = WebhooksResource.verify({
+  payload: req.body,
+  header: req.header('x-genvoris-signature') ?? '',
+  secret: process.env.GENVORIS_WEBHOOK_SECRET!,
+});
+
+console.log(event.type, event.data);
+```
+
+The signature format is `t=<unix>,v1=<hex>`. The signed string is `${timestamp}.${rawBody}` using HMAC-SHA256. Verification uses `crypto.timingSafeEqual`.
+
+## Error handling
+
+```ts
+import {
+  GenvorisAPIError,
+  GenvorisAuthError,
+  GenvorisRateLimitError,
+  GenvorisValidationError,
+} from '@genvoris/node';
+
+try {
+  await gv.customers.retrieve('cus_missing');
+} catch (err) {
+  if (err instanceof GenvorisAuthError) {
+    // 401 / 403 — bad or revoked key
+  } else if (err instanceof GenvorisRateLimitError) {
+    console.log(`retry after ${err.retryAfterSeconds}s`);
+  } else if (err instanceof GenvorisValidationError) {
+    console.error(err.fieldErrors);
+  } else if (err instanceof GenvorisAPIError) {
+    console.error(err.status, err.code, err.requestId);
+  }
+}
+```
+
+The client automatically retries `429`, `502`, `503`, and `504` responses using exponential backoff with jitter (`min(2^n × 250 ms, 8 000 ms)`), up to `maxRetries` (default: 3).
+
+## Configuration
+
+```ts
+const gv = new Genvoris({
+  apiKey: process.env.GENVORIS_API_KEY!,
+  baseUrl: 'https://genvoris.org/api/v1', // default
+  timeoutMs: 30_000,                       // default 30 s
+  maxRetries: 3,                           // default 3
+  defaultHeaders: { 'X-My-Header': 'val' },
+  fetch: customFetch,                      // bring-your-own fetch
+});
+```
+
+## License
+
+MIT — see [LICENSE](./LICENSE).

package/dist/index.d.mts

@@ -161,6 +161,12 @@ interface SessionMintParams {
     /** JWT lifetime in seconds. Default: 900 (15 min). */
     ttlSeconds?: number;
 }
+interface SessionRevokeParams {
+    /** Genvoris customer ID or your `externalId`. */
+    customerId: string;
+    /** The `jti` claim of the session token to revoke. */
+    jti: string;
+}
 interface MintedSession {
     token: string;
     token_type: 'Bearer';
@@ -176,6 +182,10 @@ interface MintedSession {
         period_end: string | null;
     };
 }
+interface RevokedSession {
+    jti: string;
+    revoked: true;
+}
 declare class SessionsResource {
     private readonly config;
     constructor(config: GenvorisConfig);
@@ -186,6 +196,14 @@ declare class SessionsResource {
      * Genvoris widget — never exposed in client-side code directly.
      */
     mint({ customerId, ttlSeconds }: SessionMintParams): Promise<MintedSession>;
+    /**
+     * Revoke a previously minted session token by its `jti` claim.
+     *
+     * Use this on end-customer logout or when a token is suspected
+     * compromised. The token is rejected immediately even though its
+     * signature and expiry are otherwise still valid. Idempotent.
+     */
+    revoke({ customerId, jti }: SessionRevokeParams): Promise<RevokedSession>;
 }
 
 interface WebhookCreateParams {
@@ -265,6 +283,82 @@ declare class WebhooksResource {
     static verify<T extends Record<string, unknown> = Record<string, unknown>>({ payload, header, secret, toleranceSeconds, }: WebhookVerifyOptions): GenvorisEvent<T>;
 }
 
+type WidgetEventType = 'WIDGET_OPENED' | 'PHOTO_UPLOADED' | 'TRYON_GENERATED' | 'TRYON_VIEWED' | 'RESULT_SHARED' | 'ADDED_TO_CART' | 'CHECKOUT_STARTED' | 'CLOSED';
+interface WidgetEventInput {
+    sessionId: string;
+    eventType: WidgetEventType;
+    productId?: string;
+    productTitle?: string;
+    pageUrl?: string;
+    metadata?: Record<string, unknown>;
+}
+interface EventBatchInput {
+    events: WidgetEventInput[];
+}
+interface EventsAccepted {
+    accepted: number;
+}
+declare class EventsResource {
+    private readonly config;
+    constructor(config: GenvorisConfig);
+    /** Track one hosted-widget funnel event. */
+    track(event: WidgetEventInput): Promise<EventsAccepted>;
+    /** Track a batch of 1–50 hosted-widget funnel events. */
+    trackBatch(events: WidgetEventInput[]): Promise<EventsAccepted>;
+}
+
+type ConversionPlatform = 'shopify' | 'woocommerce' | 'custom';
+interface ConversionCreateParams {
+    /** Platform order ID. Duplicate order IDs are idempotently deduped per merchant/platform. */
+    orderId: string;
+    platform: ConversionPlatform;
+    /** Order value in integer cents. */
+    amountCents: number;
+    /** ISO 4217 currency code. Defaults to USD server-side. */
+    currency?: string;
+    quantity?: number;
+    productId?: string;
+    productTitle?: string;
+    /** Widget session ID for hard attribution. */
+    sessionId?: string;
+    /** Hashed by the portal before storage. */
+    customerEmail?: string;
+    /** Soft-attribution lookback window. Default: 1440 minutes. */
+    attributionWindowMinutes?: number;
+}
+interface ConversionEvent {
+    id: string;
+    attributedFromTryOn: boolean;
+    deduped?: boolean;
+}
+declare class ConversionsResource {
+    private readonly config;
+    constructor(config: GenvorisConfig);
+    /** Store an order conversion for attribution/lift analytics. */
+    create(params: ConversionCreateParams): Promise<ConversionEvent>;
+}
+
+interface ReturnCreateParams {
+    /** Platform order ID matching a conversion when possible. */
+    orderId: string;
+    platform: ConversionPlatform;
+    /** Refunded amount in integer cents. */
+    refundedAmountCents: number;
+    /** ISO 4217 currency code. Defaults to USD server-side. */
+    currency?: string;
+    reason?: string;
+}
+interface ReturnEvent {
+    id: string;
+    conversionEventId: string | null;
+}
+declare class ReturnsResource {
+    private readonly config;
+    constructor(config: GenvorisConfig);
+    /** Store a return/refund event for conversion and returns-saved analytics. */
+    create(params: ReturnCreateParams): Promise<ReturnEvent>;
+}
+
 declare class GenvorisAPIError extends Error {
     readonly status: number;
     readonly code: string;
@@ -322,7 +416,10 @@ declare class Genvoris {
     readonly plans: PlansResource;
     readonly sessions: SessionsResource;
     readonly webhooks: WebhooksResource;
+    readonly events: EventsResource;
+    readonly conversions: ConversionsResource;
+    readonly returns: ReturnsResource;
     constructor(config: GenvorisConfig);
 }
 
-export { type Customer, type CustomerCreateParams, type CustomerList, type CustomerListParams, type CustomerSession, type CustomerSessionList, type CustomerUpdateParams, type CustomerUsage, GenvorisAPIError, GenvorisAuthError, type GenvorisConfig, type GenvorisEvent, GenvorisRateLimitError, GenvorisValidationError, type MintedSession, type Plan, type PlanCreateParams, type PlanList, type PlanListParams, type PlanUpdateParams, type SessionMintParams, type WebhookCreateParams, type WebhookEndpoint, type WebhookEndpointList, type WebhookVerifyOptions, WebhooksResource, Genvoris as default };
+export { type ConversionCreateParams, type ConversionEvent, type ConversionPlatform, type Customer, type CustomerCreateParams, type CustomerList, type CustomerListParams, type CustomerSession, type CustomerSessionList, type CustomerUpdateParams, type CustomerUsage, type EventBatchInput, type EventsAccepted, GenvorisAPIError, GenvorisAuthError, type GenvorisConfig, type GenvorisEvent, GenvorisRateLimitError, GenvorisValidationError, type MintedSession, type Plan, type PlanCreateParams, type PlanList, type PlanListParams, type PlanUpdateParams, type ReturnCreateParams, type ReturnEvent, type SessionMintParams, type WebhookCreateParams, type WebhookEndpoint, type WebhookEndpointList, type WebhookVerifyOptions, WebhooksResource, type WidgetEventInput, type WidgetEventType, Genvoris as default };

package/dist/index.d.ts

@@ -161,6 +161,12 @@ interface SessionMintParams {
     /** JWT lifetime in seconds. Default: 900 (15 min). */
     ttlSeconds?: number;
 }
+interface SessionRevokeParams {
+    /** Genvoris customer ID or your `externalId`. */
+    customerId: string;
+    /** The `jti` claim of the session token to revoke. */
+    jti: string;
+}
 interface MintedSession {
     token: string;
     token_type: 'Bearer';
@@ -176,6 +182,10 @@ interface MintedSession {
         period_end: string | null;
     };
 }
+interface RevokedSession {
+    jti: string;
+    revoked: true;
+}
 declare class SessionsResource {
     private readonly config;
     constructor(config: GenvorisConfig);
@@ -186,6 +196,14 @@ declare class SessionsResource {
      * Genvoris widget — never exposed in client-side code directly.
      */
     mint({ customerId, ttlSeconds }: SessionMintParams): Promise<MintedSession>;
+    /**
+     * Revoke a previously minted session token by its `jti` claim.
+     *
+     * Use this on end-customer logout or when a token is suspected
+     * compromised. The token is rejected immediately even though its
+     * signature and expiry are otherwise still valid. Idempotent.
+     */
+    revoke({ customerId, jti }: SessionRevokeParams): Promise<RevokedSession>;
 }
 
 interface WebhookCreateParams {
@@ -265,6 +283,82 @@ declare class WebhooksResource {
     static verify<T extends Record<string, unknown> = Record<string, unknown>>({ payload, header, secret, toleranceSeconds, }: WebhookVerifyOptions): GenvorisEvent<T>;
 }
 
+type WidgetEventType = 'WIDGET_OPENED' | 'PHOTO_UPLOADED' | 'TRYON_GENERATED' | 'TRYON_VIEWED' | 'RESULT_SHARED' | 'ADDED_TO_CART' | 'CHECKOUT_STARTED' | 'CLOSED';
+interface WidgetEventInput {
+    sessionId: string;
+    eventType: WidgetEventType;
+    productId?: string;
+    productTitle?: string;
+    pageUrl?: string;
+    metadata?: Record<string, unknown>;
+}
+interface EventBatchInput {
+    events: WidgetEventInput[];
+}
+interface EventsAccepted {
+    accepted: number;
+}
+declare class EventsResource {
+    private readonly config;
+    constructor(config: GenvorisConfig);
+    /** Track one hosted-widget funnel event. */
+    track(event: WidgetEventInput): Promise<EventsAccepted>;
+    /** Track a batch of 1–50 hosted-widget funnel events. */
+    trackBatch(events: WidgetEventInput[]): Promise<EventsAccepted>;
+}
+
+type ConversionPlatform = 'shopify' | 'woocommerce' | 'custom';
+interface ConversionCreateParams {
+    /** Platform order ID. Duplicate order IDs are idempotently deduped per merchant/platform. */
+    orderId: string;
+    platform: ConversionPlatform;
+    /** Order value in integer cents. */
+    amountCents: number;
+    /** ISO 4217 currency code. Defaults to USD server-side. */
+    currency?: string;
+    quantity?: number;
+    productId?: string;
+    productTitle?: string;
+    /** Widget session ID for hard attribution. */
+    sessionId?: string;
+    /** Hashed by the portal before storage. */
+    customerEmail?: string;
+    /** Soft-attribution lookback window. Default: 1440 minutes. */
+    attributionWindowMinutes?: number;
+}
+interface ConversionEvent {
+    id: string;
+    attributedFromTryOn: boolean;
+    deduped?: boolean;
+}
+declare class ConversionsResource {
+    private readonly config;
+    constructor(config: GenvorisConfig);
+    /** Store an order conversion for attribution/lift analytics. */
+    create(params: ConversionCreateParams): Promise<ConversionEvent>;
+}
+
+interface ReturnCreateParams {
+    /** Platform order ID matching a conversion when possible. */
+    orderId: string;
+    platform: ConversionPlatform;
+    /** Refunded amount in integer cents. */
+    refundedAmountCents: number;
+    /** ISO 4217 currency code. Defaults to USD server-side. */
+    currency?: string;
+    reason?: string;
+}
+interface ReturnEvent {
+    id: string;
+    conversionEventId: string | null;
+}
+declare class ReturnsResource {
+    private readonly config;
+    constructor(config: GenvorisConfig);
+    /** Store a return/refund event for conversion and returns-saved analytics. */
+    create(params: ReturnCreateParams): Promise<ReturnEvent>;
+}
+
 declare class GenvorisAPIError extends Error {
     readonly status: number;
     readonly code: string;
@@ -322,7 +416,10 @@ declare class Genvoris {
     readonly plans: PlansResource;
     readonly sessions: SessionsResource;
     readonly webhooks: WebhooksResource;
+    readonly events: EventsResource;
+    readonly conversions: ConversionsResource;
+    readonly returns: ReturnsResource;
     constructor(config: GenvorisConfig);
 }
 
-export { type Customer, type CustomerCreateParams, type CustomerList, type CustomerListParams, type CustomerSession, type CustomerSessionList, type CustomerUpdateParams, type CustomerUsage, GenvorisAPIError, GenvorisAuthError, type GenvorisConfig, type GenvorisEvent, GenvorisRateLimitError, GenvorisValidationError, type MintedSession, type Plan, type PlanCreateParams, type PlanList, type PlanListParams, type PlanUpdateParams, type SessionMintParams, type WebhookCreateParams, type WebhookEndpoint, type WebhookEndpointList, type WebhookVerifyOptions, WebhooksResource, Genvoris as default };
+export { type ConversionCreateParams, type ConversionEvent, type ConversionPlatform, type Customer, type CustomerCreateParams, type CustomerList, type CustomerListParams, type CustomerSession, type CustomerSessionList, type CustomerUpdateParams, type CustomerUsage, type EventBatchInput, type EventsAccepted, GenvorisAPIError, GenvorisAuthError, type GenvorisConfig, type GenvorisEvent, GenvorisRateLimitError, GenvorisValidationError, type MintedSession, type Plan, type PlanCreateParams, type PlanList, type PlanListParams, type PlanUpdateParams, type ReturnCreateParams, type ReturnEvent, type SessionMintParams, type WebhookCreateParams, type WebhookEndpoint, type WebhookEndpointList, type WebhookVerifyOptions, WebhooksResource, type WidgetEventInput, type WidgetEventType, Genvoris as default };

package/dist/index.js

@@ -64,12 +64,12 @@ var GenvorisValidationError = class extends GenvorisAPIError {
 var RETRY_STATUSES = /* @__PURE__ */ new Set([429, 502, 503, 504]);
 var MAX_DELAY_MS = 8e3;
 var DEFAULT_BASE_URL = "https://genvoris.org/api/v1";
-var SDK_VERSION = "1.0.0";
+var SDK_VERSION = "1.1.0";
 function sleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
 async function request(config, path, opts = {}, attempt = 0) {
-  const { method = "GET", body, query } = opts;
+  const { method = "GET", body, query, contentType } = opts;
   const fetchFn = config.fetch ?? globalThis.fetch;
   const baseUrl = (config.baseUrl ?? DEFAULT_BASE_URL).replace(/\/$/, "");
   let url = `${baseUrl}${path}`;
@@ -88,20 +88,33 @@ async function request(config, path, opts = {}, attempt = 0) {
   );
   let res;
   try {
+    const headers = {
+      Authorization: `Bearer ${config.apiKey}`,
+      "User-Agent": `genvoris-node/${SDK_VERSION}`,
+      Accept: "application/json",
+      ...config.defaultHeaders
+    };
+    if (body !== void 0 || contentType) {
+      headers["Content-Type"] = contentType ?? "application/json";
+    }
     res = await fetchFn(url, {
       method,
-      headers: {
-        Authorization: `Bearer ${config.apiKey}`,
-        "Content-Type": "application/json",
-        "User-Agent": `genvoris-node/${SDK_VERSION}`,
-        ...config.defaultHeaders
-      },
+      headers,
       body: body !== void 0 ? JSON.stringify(body) : void 0,
       signal: controller.signal
     });
-  } finally {
+  } catch (err) {
     clearTimeout(timerId);
+    if (attempt < (config.maxRetries ?? 3)) {
+      const target = Math.pow(2, attempt) * 250;
+      const jittered = target * (0.7 + Math.random() * 0.6);
+      const delay = Math.min(jittered, MAX_DELAY_MS);
+      await sleep(delay);
+      return request(config, path, opts, attempt + 1);
+    }
+    throw err;
   }
+  clearTimeout(timerId);
   if (res.ok) {
     if (res.status === 204) return void 0;
     return res.json();
@@ -112,13 +125,14 @@ async function request(config, path, opts = {}, attempt = 0) {
     errBody = await res.json();
   } catch {
   }
-  const code = errBody.error ?? "unknown_error";
-  const message = errBody.message ?? code;
+  const code = errBody.error || "unknown_error";
+  const message = errBody.message || code;
   if (RETRY_STATUSES.has(res.status)) {
     const maxRetries = config.maxRetries ?? 3;
     if (attempt < maxRetries) {
-      const base = Math.min(Math.pow(2, attempt) * 250, MAX_DELAY_MS);
-      const delay = Math.random() * base;
+      const target = Math.pow(2, attempt) * 250;
+      const jittered = target * (0.7 + Math.random() * 0.6);
+      const delay = Math.min(jittered, MAX_DELAY_MS);
       await sleep(delay);
       return request(config, path, opts, attempt + 1);
     }
@@ -262,12 +276,29 @@ var SessionsResource = class {
       }
     );
   }
+  /**
+   * Revoke a previously minted session token by its `jti` claim.
+   *
+   * Use this on end-customer logout or when a token is suspected
+   * compromised. The token is rejected immediately even though its
+   * signature and expiry are otherwise still valid. Idempotent.
+   */
+  revoke({ customerId, jti }) {
+    return request(
+      this.config,
+      `/customers/${encodeURIComponent(customerId)}/sessions/${encodeURIComponent(jti)}`,
+      { method: "DELETE" }
+    );
+  }
 };
 
 // src/resources/webhooks.ts
 var import_node_crypto = require("crypto");
 function hexToBytes(hex) {
   if (hex.length % 2 !== 0) throw new Error("genvoris: invalid hex string");
+  if (!/^[a-f0-9]+$/i.test(hex)) {
+    throw new Error("genvoris: invalid hex string \u2014 non-hex characters");
+  }
   const bytes = new Uint8Array(hex.length / 2);
   for (let i = 0; i < bytes.length; i++) {
     bytes[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
@@ -362,6 +393,55 @@ var WebhooksResource = class {
   }
 };
 
+// src/resources/events.ts
+var EventsResource = class {
+  constructor(config) {
+    this.config = config;
+  }
+  /** Track one hosted-widget funnel event. */
+  track(event) {
+    return request(this.config, "/events", {
+      method: "POST",
+      body: event
+    });
+  }
+  /** Track a batch of 1–50 hosted-widget funnel events. */
+  trackBatch(events) {
+    return request(this.config, "/events", {
+      method: "POST",
+      body: { events }
+    });
+  }
+};
+
+// src/resources/conversions.ts
+var ConversionsResource = class {
+  constructor(config) {
+    this.config = config;
+  }
+  /** Store an order conversion for attribution/lift analytics. */
+  create(params) {
+    return request(this.config, "/conversions", {
+      method: "POST",
+      body: params
+    });
+  }
+};
+
+// src/resources/returns.ts
+var ReturnsResource = class {
+  constructor(config) {
+    this.config = config;
+  }
+  /** Store a return/refund event for conversion and returns-saved analytics. */
+  create(params) {
+    return request(this.config, "/returns", {
+      method: "POST",
+      body: params
+    });
+  }
+};
+
 // src/index.ts
 var Genvoris = class {
   constructor(config) {
@@ -372,6 +452,9 @@ var Genvoris = class {
     this.plans = new PlansResource(config);
     this.sessions = new SessionsResource(config);
     this.webhooks = new WebhooksResource(config);
+    this.events = new EventsResource(config);
+    this.conversions = new ConversionsResource(config);
+    this.returns = new ReturnsResource(config);
   }
 };
 // Annotate the CommonJS export names for ESM import in node:

package/dist/index.mjs

@@ -33,12 +33,12 @@ var GenvorisValidationError = class extends GenvorisAPIError {
 var RETRY_STATUSES = /* @__PURE__ */ new Set([429, 502, 503, 504]);
 var MAX_DELAY_MS = 8e3;
 var DEFAULT_BASE_URL = "https://genvoris.org/api/v1";
-var SDK_VERSION = "1.0.0";
+var SDK_VERSION = "1.1.0";
 function sleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
 async function request(config, path, opts = {}, attempt = 0) {
-  const { method = "GET", body, query } = opts;
+  const { method = "GET", body, query, contentType } = opts;
   const fetchFn = config.fetch ?? globalThis.fetch;
   const baseUrl = (config.baseUrl ?? DEFAULT_BASE_URL).replace(/\/$/, "");
   let url = `${baseUrl}${path}`;
@@ -57,20 +57,33 @@ async function request(config, path, opts = {}, attempt = 0) {
   );
   let res;
   try {
+    const headers = {
+      Authorization: `Bearer ${config.apiKey}`,
+      "User-Agent": `genvoris-node/${SDK_VERSION}`,
+      Accept: "application/json",
+      ...config.defaultHeaders
+    };
+    if (body !== void 0 || contentType) {
+      headers["Content-Type"] = contentType ?? "application/json";
+    }
     res = await fetchFn(url, {
       method,
-      headers: {
-        Authorization: `Bearer ${config.apiKey}`,
-        "Content-Type": "application/json",
-        "User-Agent": `genvoris-node/${SDK_VERSION}`,
-        ...config.defaultHeaders
-      },
+      headers,
       body: body !== void 0 ? JSON.stringify(body) : void 0,
       signal: controller.signal
     });
-  } finally {
+  } catch (err) {
     clearTimeout(timerId);
+    if (attempt < (config.maxRetries ?? 3)) {
+      const target = Math.pow(2, attempt) * 250;
+      const jittered = target * (0.7 + Math.random() * 0.6);
+      const delay = Math.min(jittered, MAX_DELAY_MS);
+      await sleep(delay);
+      return request(config, path, opts, attempt + 1);
+    }
+    throw err;
   }
+  clearTimeout(timerId);
   if (res.ok) {
     if (res.status === 204) return void 0;
     return res.json();
@@ -81,13 +94,14 @@ async function request(config, path, opts = {}, attempt = 0) {
     errBody = await res.json();
   } catch {
   }
-  const code = errBody.error ?? "unknown_error";
-  const message = errBody.message ?? code;
+  const code = errBody.error || "unknown_error";
+  const message = errBody.message || code;
   if (RETRY_STATUSES.has(res.status)) {
     const maxRetries = config.maxRetries ?? 3;
     if (attempt < maxRetries) {
-      const base = Math.min(Math.pow(2, attempt) * 250, MAX_DELAY_MS);
-      const delay = Math.random() * base;
+      const target = Math.pow(2, attempt) * 250;
+      const jittered = target * (0.7 + Math.random() * 0.6);
+      const delay = Math.min(jittered, MAX_DELAY_MS);
       await sleep(delay);
       return request(config, path, opts, attempt + 1);
     }
@@ -231,12 +245,29 @@ var SessionsResource = class {
       }
     );
   }
+  /**
+   * Revoke a previously minted session token by its `jti` claim.
+   *
+   * Use this on end-customer logout or when a token is suspected
+   * compromised. The token is rejected immediately even though its
+   * signature and expiry are otherwise still valid. Idempotent.
+   */
+  revoke({ customerId, jti }) {
+    return request(
+      this.config,
+      `/customers/${encodeURIComponent(customerId)}/sessions/${encodeURIComponent(jti)}`,
+      { method: "DELETE" }
+    );
+  }
 };
 
 // src/resources/webhooks.ts
 import { createHmac, timingSafeEqual } from "crypto";
 function hexToBytes(hex) {
   if (hex.length % 2 !== 0) throw new Error("genvoris: invalid hex string");
+  if (!/^[a-f0-9]+$/i.test(hex)) {
+    throw new Error("genvoris: invalid hex string \u2014 non-hex characters");
+  }
   const bytes = new Uint8Array(hex.length / 2);
   for (let i = 0; i < bytes.length; i++) {
     bytes[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
@@ -331,6 +362,55 @@ var WebhooksResource = class {
   }
 };
 
+// src/resources/events.ts
+var EventsResource = class {
+  constructor(config) {
+    this.config = config;
+  }
+  /** Track one hosted-widget funnel event. */
+  track(event) {
+    return request(this.config, "/events", {
+      method: "POST",
+      body: event
+    });
+  }
+  /** Track a batch of 1–50 hosted-widget funnel events. */
+  trackBatch(events) {
+    return request(this.config, "/events", {
+      method: "POST",
+      body: { events }
+    });
+  }
+};
+
+// src/resources/conversions.ts
+var ConversionsResource = class {
+  constructor(config) {
+    this.config = config;
+  }
+  /** Store an order conversion for attribution/lift analytics. */
+  create(params) {
+    return request(this.config, "/conversions", {
+      method: "POST",
+      body: params
+    });
+  }
+};
+
+// src/resources/returns.ts
+var ReturnsResource = class {
+  constructor(config) {
+    this.config = config;
+  }
+  /** Store a return/refund event for conversion and returns-saved analytics. */
+  create(params) {
+    return request(this.config, "/returns", {
+      method: "POST",
+      body: params
+    });
+  }
+};
+
 // src/index.ts
 var Genvoris = class {
   constructor(config) {
@@ -341,6 +421,9 @@ var Genvoris = class {
     this.plans = new PlansResource(config);
     this.sessions = new SessionsResource(config);
     this.webhooks = new WebhooksResource(config);
+    this.events = new EventsResource(config);
+    this.conversions = new ConversionsResource(config);
+    this.returns = new ReturnsResource(config);
   }
 };
 export {

package/package.json

@@ -1,52 +1,55 @@
-{
-  "name": "@genvoris/node",
-  "version": "1.0.0",
-  "description": "Official Node.js SDK for the Genvoris Virtual Try-On API",
-  "main": "./dist/index.js",
-  "module": "./dist/index.mjs",
-  "types": "./dist/index.d.ts",
-  "exports": {
-    ".": {
-      "types": "./dist/index.d.ts",
-      "import": "./dist/index.mjs",
-      "require": "./dist/index.js"
-    }
-  },
-  "scripts": {
-    "build": "tsup src/index.ts --format cjs,esm --dts --clean",
-    "prepublishOnly": "npm run build"
-  },
-  "files": [
-    "dist",
-    "README.md",
-    "LICENSE"
-  ],
-  "engines": {
-    "node": ">=18"
-  },
-  "license": "MIT",
-  "publishConfig": {
-    "access": "public"
-  },
-  "keywords": [
-    "genvoris",
-    "virtual-try-on",
-    "vton",
-    "ecommerce",
-    "fashion",
-    "ai"
-  ],
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/DevSajjadAli/genvoris-node"
-  },
-  "homepage": "https://docs.genvoris.org",
-  "bugs": {
-    "url": "https://github.com/DevSajjadAli/genvoris-node/issues",
-    "email": "support@genvoris.org"
-  },
-  "devDependencies": {
-    "typescript": "^5.4.5",
-    "tsup": "^8.0.2"
-  }
-}
+{
+  "name": "@genvoris/node",
+  "version": "1.1.0",
+  "description": "Official Node.js SDK for the Genvoris Virtual Try-On API",
+  "main": "./dist/index.js",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
+    }
+  },
+  "scripts": {
+    "build": "tsup src/index.ts --format cjs,esm --dts --clean",
+    "pretest": "npm run build",
+    "test": "node --test",
+    "prepublishOnly": "npm run build"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "license": "MIT",
+  "publishConfig": {
+    "access": "public"
+  },
+  "keywords": [
+    "genvoris",
+    "virtual-try-on",
+    "vton",
+    "ecommerce",
+    "fashion",
+    "ai"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/DevSajjadAli/genvoris-node"
+  },
+  "homepage": "https://docs.genvoris.org",
+  "bugs": {
+    "url": "https://github.com/DevSajjadAli/genvoris-node/issues",
+    "email": "support@genvoris.org"
+  },
+  "devDependencies": {
+    "@types/node": ">=18",
+    "typescript": "^5.4.5",
+    "tsup": "^8.0.2"
+  }
+}