@havenpay/server 1.0.0 → 1.0.1

package/README.md

@@ -1,160 +1,254 @@
-# Havenpay Server SDK
+# @havenpay/server
 
-Backend-only TypeScript SDK for Havenpay merchant integrations.
+Server-side TypeScript SDK for Havenpay.
 
-This package is for trusted server runtimes only. It uses secret API keys, server-side webhook verification, and management APIs that must never be imported by `@havenpay/web` or `@havenpay/react-native`.
+`@havenpay/server` is the backend SDK for secret-key operations: PaymentIntent creation, project management, API key lifecycle, account lifecycle, provider account credential-reference management, refund requests, ledger-backed balance transaction reads, webhook endpoint management, event replay, and raw-body webhook signature verification.
 
-## Implemented Surface
+Use it only from trusted backend infrastructure. Never bundle it into browsers, React Native apps, edge pages that expose client code, or public UI packages.
+
+## Install
+
+```sh
+bun add @havenpay/server
+```
+
+```sh
+npm install @havenpay/server
+```
+
+## Use it for
+
+- Creating PaymentIntents from a merchant server.
+- Returning a short-lived payment `clientSecret` to browser or mobile clients.
+- Managing projects, API keys, connected accounts, webhook endpoints, and events.
+- Verifying Havenpay webhook signatures against the exact raw request body.
+- Managing provider account encrypted credential references.
+- Reading balance transactions and creating refund requests through server-only APIs.
+
+## Quickstart
 
 ```ts
+import { randomUUID } from 'node:crypto'
 import { Havenpay } from '@havenpay/server'
 
-const _havenpay = new Havenpay({
-  secretKey: process.env.HAVENPAY_SECRET_KEY!,
+const havenpay = new Havenpay({
+  secretKey: process.env.HAVENPAY_SECRET_KEY,
   apiVersion: '2026-05-24.haven',
+  retry: {
+    maxAttempts: 3,
+    initialDelayMs: 100,
+    maxDelayMs: 2000,
+  },
+  timeoutMs: 30000,
 })
 
-const _intent = await havenpay.paymentIntents.create({
+const intent = await havenpay.paymentIntents.create({
   projectId: 'proj_...',
   amount: 1000,
   currency: 'usd',
-  customer: { phone: '+263771234567' },
-  mobileMoney: { provider: 'fake', phone: '+263771234567' },
-  idempotencyKey: crypto.randomUUID(),
+  customer: {
+    phone: '+263771234567',
+  },
+  mobileMoney: {
+    provider: 'omari',
+    phone: '+263771234567',
+  },
+  metadata: {
+    orderId: 'order_123',
+  },
+  idempotencyKey: randomUUID(),
+})
+
+return Response.json({
+  paymentIntentId: intent.id,
+  clientSecret: intent.clientSecret,
 })
 ```
 
-Available resources:
+Send `clientSecret` only to the client that is completing this one payment. Keep `secretKey` on the server.
 
-- `accounts.create/list/update`
-- `apiKeys.create/list/revoke`
-- `balanceTransactions.list`
-- `events.list/replay`
-- `paymentIntents.create/retrieve`
-- `projects.create/list/update/archive/getConfig`
-- `providerAccounts.create/list/rotate/revoke`
-- `refunds.create/retrieve/list`
-- `webhookEndpoints.create/list/update/delete`
-- `webhooks.constructEvent`
+## Webhook verification
 
-## Error Handling
+Webhook verification requires the exact raw body bytes sent by Havenpay. Do not parse JSON before signature verification.
 
-Non-2xx REST responses throw `HavenpayApiError`. The class extends `Error` and preserves the legacy message format:
+```ts
+import { Havenpay } from '@havenpay/server'
 
-```text
-Havenpay API Error: <status> <body>
+const havenpay = new Havenpay({
+  secretKey: process.env.HAVENPAY_SECRET_KEY,
+})
+
+const event = havenpay.webhooks.constructEvent({
+  rawBody,
+  signature: request.headers.get('Havenpay-Signature') ?? '',
+  secret: process.env.HAVENPAY_WEBHOOK_SECRET,
+})
+
+switch (event.type) {
+  case 'payment_intent.succeeded':
+    // Fulfil the order in an idempotent server-side transaction.
+    break
+  case 'payment_intent.failed':
+    // Mark the order as failed only after validating the event payload.
+    break
+}
 ```
 
-It also exposes:
+## Main resources
 
-- `status`
-- `requestId`
-- `body`
-- `error`
-- `type`
-- `code`
+```text
+havenpay.accounts.create(...)
+havenpay.accounts.list(...)
+havenpay.accounts.update(...)
 
-```ts
-import { HavenpayApiError } from '@havenpay/server'
+havenpay.projects.create(...)
+havenpay.projects.list(...)
+havenpay.projects.update(...)
+havenpay.projects.archive(...)
+havenpay.projects.getConfig(...)
 
-try {
-  await havenpay.paymentIntents.retrieve('pi_missing')
-}
-catch (error) {
-  if (error instanceof HavenpayApiError) {
-    console.error(error.status, error.requestId, error.code)
-  }
-}
-```
+havenpay.apiKeys.create(...)
+havenpay.apiKeys.list(...)
+havenpay.apiKeys.revoke(...)
 
-Configured request timeouts throw `HavenpayTimeoutError`:
+havenpay.paymentIntents.create(...)
+havenpay.paymentIntents.retrieve(...)
 
-```ts
-import { HavenpayTimeoutError } from '@havenpay/server'
+havenpay.refunds.create(...)
+havenpay.refunds.retrieve(...)
+havenpay.refunds.list(...)
 
-try {
-  await havenpay.paymentIntents.retrieve('pi_slow')
-}
-catch (error) {
-  if (error instanceof HavenpayTimeoutError) {
-    console.error(error.timeoutMs)
-  }
-}
+havenpay.providerAccounts.create(...)
+havenpay.providerAccounts.list(...)
+havenpay.providerAccounts.rotate(...)
+havenpay.providerAccounts.revoke(...)
+
+havenpay.balanceTransactions.list(...)
+
+havenpay.webhookEndpoints.create(...)
+havenpay.webhookEndpoints.list(...)
+havenpay.webhookEndpoints.update(...)
+havenpay.webhookEndpoints.rotateSecret(...)
+havenpay.webhookEndpoints.delete(...)
+
+havenpay.events.list(...)
+havenpay.events.replay(...)
+
+havenpay.webhooks.constructEvent(...)
 ```
 
-## Retry Policy
+## Provider account credential references
 
-Retries are disabled by default. Configure `retry` to retry network failures and HTTP 5xx responses with exponential backoff:
+Provider account APIs accept encrypted credential references and key fingerprints. They must not accept or return raw provider secret material.
 
 ```ts
-const _havenpay = new Havenpay({
-  secretKey: process.env.HAVENPAY_SECRET_KEY!,
-  retry: {
-    maxAttempts: 3,
-    initialDelayMs: 100,
-    maxDelayMs: 2000,
+await havenpay.providerAccounts.create({
+  projectId: 'proj_...',
+  provider: 'omari',
+  encryptedCredentialRef: 'kms://havenpay/provider-credentials/...',
+  keyFingerprint: 'fp_...',
+  metadata: {
+    label: 'Primary test credential',
   },
 })
 ```
 
-- Safe reads may retry.
-- Mutating requests retry only when they carry an `Idempotency-Key`.
-- Do not retry validation, authentication, authorization, tenant-scope, or not-found errors without changing the request or credentials.
+Live provider capability should be enabled only when the provider adapter, credentials, contract tests, and operational reconciliation path prove that lane.
 
-## API-Version Pinning
+## Error handling
 
-Set `apiVersion` to send `X-Haven-API-Version` on server SDK REST requests:
+Non-2xx API responses throw `HavenpayApiError`.
 
 ```ts
-const _havenpay = new Havenpay({
-  secretKey: process.env.HAVENPAY_SECRET_KEY!,
-  apiVersion: '2026-05-24.haven',
-})
+import type { Havenpay } from '@havenpay/server'
+import { HavenpayApiError } from '@havenpay/server'
+
+async function _retrievePaymentIntent(havenpay: Havenpay) {
+  try {
+    return await havenpay.paymentIntents.retrieve('pi_...')
+  }
+  catch (error) {
+    if (error instanceof HavenpayApiError) {
+      console.error(error.status, error.code, error.requestId)
+    }
+
+    throw error
+  }
+}
 ```
 
-## Timeouts
+Errors expose request IDs and typed API metadata when the API returns the standard error envelope. Do not log request bodies, API keys, idempotency keys, webhook secrets, provider credentials, or client secrets.
 
-Set `timeoutMs` to apply a per-attempt timeout to server SDK REST requests:
+## Retry and timeout policy
 
-```ts
-const _havenpay = new Havenpay({
-  secretKey: process.env.HAVENPAY_SECRET_KEY!,
-  timeoutMs: 30000,
-})
-```
+Retries are disabled unless `retry` is configured.
 
-Caller-provided abort signals are preserved by the shared request helper and are not converted into timeout errors.
+- Network failures and HTTP 5xx responses may retry.
+- Safe reads may retry.
+- Mutating requests retry only when they include an `Idempotency-Key`.
+- Validation, authentication, authorization, tenant-scope, and not-found errors should not be retried without changing the request or credentials.
+- `timeoutMs` applies per request attempt.
 
 ## Observability
 
-Set `onRequestEvent` to receive redacted server SDK request lifecycle events:
+`onRequestEvent` emits redacted server-side request lifecycle events.
 
 ```ts
 const _havenpay = new Havenpay({
-  secretKey: process.env.HAVENPAY_SECRET_KEY!,
+  secretKey: process.env.HAVENPAY_SECRET_KEY,
   onRequestEvent: (event) => {
-    console.info(event.type, event.operationName, event.requestId, event.status)
+    console.info({
+      type: event.type,
+      operationName: event.operationName,
+      requestId: event.requestId,
+      status: event.status,
+    })
   },
 })
 ```
 
-Events include method, path, generated operation name, attempt, status, error kind, and API response request ID only. They do not include headers, request bodies, API keys, idempotency keys, provider credentials, webhook secrets, or client secrets.
+Events include method, path, operation name, attempt number, status, error kind, and API response request ID only. They do not include headers, request bodies, API keys, idempotency keys, provider credentials, webhook secrets, or client secrets.
+
+## Security boundary
+
+This is a server-only package. It may use Node/Bun server capabilities and secret-key authentication. It must never be imported by:
+
+- `@havenpay/web`
+- `@havenpay/web-elements`
+- `@havenpay/react-native`
+- browser bundles
+- mobile client bundles
+
+Keep these values server-side:
 
-## Webhook Verification
+- `HAVENPAY_SECRET_KEY`
+- webhook signing secrets
+- provider credential references and fingerprints
+- account admin tokens
+- raw webhook request bodies
+- raw provider response payloads
 
-`webhooks.constructEvent` verifies the exact raw request body with the endpoint webhook secret:
+## Package boundaries
+
+Use:
+
+- `@havenpay/server` for trusted backend operations.
+- `@havenpay/web` for browser payment-sheet flows.
+- `@havenpay/web-elements` for optional browser custom elements.
+- `@havenpay/react-native` for Expo and bare React Native payment flows.
+- `@havenpay/core` for shared public types.
+
+Client apps should receive only a public `projectId` and the short-lived payment `clientSecret` required for one payment flow.
+
+## API-version pinning
+
+Pass `apiVersion` to send `X-Haven-API-Version` with SDK requests:
 
 ```ts
-const _event = havenpay.webhooks.constructEvent({
-  rawBody,
-  signature: request.headers.get('havenpay-signature') ?? '',
-  secret: process.env.HAVENPAY_WEBHOOK_SECRET!,
+const _havenpay = new Havenpay({
+  secretKey: process.env.HAVENPAY_SECRET_KEY,
+  apiVersion: '2026-05-24.haven',
 })
 ```
 
-## Boundaries
-
-- Do not use this package in browser or React Native code.
-- Do not pass provider credentials or webhook secrets to client SDKs.
-- Do not claim live provider support unless the provider adapter and tests prove it.
-- Public client integrations should use `projectId` plus a short-lived payment `clientSecret` through the Web or React Native SDKs.
+Pinning keeps backend integrations explicit as Havenpay evolves.

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "@havenpay/server",
   "type": "module",
-  "version": "1.0.0",
-  "description": "Official Server SDK for Havenpay",
+  "version": "1.0.1",
+  "description": "Server-side TypeScript SDK for Havenpay payment, project, webhook, and account APIs",
   "author": "7Haven",
   "license": "MIT",
-  "homepage": "https://pay.7haven.online",
+  "homepage": "https://github.com/7haveeen/haven-pay#readme",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/7haveeen/haven-pay.git",
@@ -16,9 +16,11 @@
     "havenpay",
     "payments",
     "zimbabwe",
+    "mobile-money",
+    "typescript",
+    "server-sdk",
     "omari",
     "onemoney",
-    "mobile-money",
     "payment-gateway"
   ],
   "sideEffects": false,
@@ -36,8 +38,7 @@
     "dist"
   ],
   "publishConfig": {
-    "access": "public",
-    "provenance": true
+    "access": "public"
   },
   "engines": {
     "node": ">=18.0.0"
@@ -52,7 +53,7 @@
     "prepublishOnly": "bun run build && bun run typecheck"
   },
   "dependencies": {
-    "@havenpay/core": "1.0.0"
+    "@havenpay/core": "1.0.1"
   },
   "devDependencies": {
     "@types/node": "24.9.1",