@hello-bill/node 2.2.0-beta.3 → 2.2.0-beta.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. package/CHANGELOG.md +2 -0
  2. package/dist/express/index.d.cts +3 -2
  3. package/dist/express/index.d.ts +3 -2
  4. package/dist/express/index.js +18 -0
  5. package/dist/express/index.js.map +1 -1
  6. package/dist/express/index.mjs +18 -0
  7. package/dist/express/index.mjs.map +1 -1
  8. package/dist/hono/index.d.cts +2 -2
  9. package/dist/hono/index.d.ts +2 -2
  10. package/dist/hono/index.js +17 -0
  11. package/dist/hono/index.js.map +1 -1
  12. package/dist/hono/index.mjs +17 -0
  13. package/dist/hono/index.mjs.map +1 -1
  14. package/dist/{index-weK_H8io.d.cts → index-D1Y88dmC.d.cts} +12 -1
  15. package/dist/{index-CtQgDuFR.d.ts → index-sSyUfAhM.d.ts} +12 -1
  16. package/dist/index.d.cts +4 -4
  17. package/dist/index.d.ts +4 -4
  18. package/dist/index.js +17 -0
  19. package/dist/index.js.map +1 -1
  20. package/dist/index.mjs +17 -0
  21. package/dist/index.mjs.map +1 -1
  22. package/dist/koa/index.d.cts +2 -2
  23. package/dist/koa/index.d.ts +2 -2
  24. package/dist/koa/index.js +17 -0
  25. package/dist/koa/index.js.map +1 -1
  26. package/dist/koa/index.mjs +17 -0
  27. package/dist/koa/index.mjs.map +1 -1
  28. package/dist/next/index.d.cts +2 -2
  29. package/dist/next/index.d.ts +2 -2
  30. package/dist/next/index.js +17 -0
  31. package/dist/next/index.js.map +1 -1
  32. package/dist/next/index.mjs +17 -0
  33. package/dist/next/index.mjs.map +1 -1
  34. package/dist/types/index.d.cts +2 -2
  35. package/dist/types/index.d.ts +2 -2
  36. package/dist/types/index.js.map +1 -1
  37. package/dist/types/index.mjs.map +1 -1
  38. package/dist/webhook/index.d.cts +2 -2
  39. package/dist/webhook/index.d.ts +2 -2
  40. package/dist/{webhooks-iwkEPw9n.d.cts → webhooks-CfpQ4PEE.d.cts} +9 -0
  41. package/dist/{webhooks-iwkEPw9n.d.ts → webhooks-CfpQ4PEE.d.ts} +9 -0
  42. package/package.json +1 -1
@@ -1,5 +1,5 @@
1
- import { Y as IsoDateTime, R as RequestId } from '../webhooks-iwkEPw9n.cjs';
2
- export { A as Address, i as AddressObject, j as AddressesObject, k as ApiVersion, l as AppDeeplinks, m as BankDetailsCollected, n as BankDetailsConsent, o as BankDetailsObject, B as BankDetailsRequest, b as BankDetailsResponse, p as BankDetailsStatus, q as BillType, r as BreakdownCoverProduct, s as BroadbandProduct, t as BuildingStyle, u as BuildingType, v as CacheStatus, w as ClientMode, x as Consent, y as ContextEntry, z as CouncilTaxProduct, C as CreateCustomerInput, D as CreditCheckAddress, E as CreditCheckObject, F as Customer, a as CustomerCreateResponse, g as CustomerId, h as CustomerStatusResponse, G as CustomerType, H as DataCompleteness, I as DiscoveryStatus, J as Email, K as EnergyProduct, M as Environment, N as EpcRating, O as FeatureFlags, Q as FinalRead, T as FuelType, U as HeatingType, V as HomeInsuranceProduct, W as IdempotencyKey, X as IsoDate, Z as LoASignature, _ as LoaId, L as LoaListResponse, $ as LoaRecord, a0 as LocationRole, a1 as MaskedSortCode, a2 as Meters, a3 as MobileProduct, a4 as MoveIn, a5 as MoveObject, a6 as MoveOut, a7 as MoveOutNotificationFailed, a8 as MoveOutNotificationSent, a9 as MoveOutNotifyFlags, aa as MoveOutReason, ab as MoveOutStatus, ac as NearbyPoi, ad as OccupantObject, ae as OccupantType, af as OnboardingInfo, ag as OverallStatus, ah as Paginated, ai as Person, aj as PhoneNumber, ak as Postcode, al as Product, am as ProductBase, an as ProductCategory, ao as ProductConfidence, ap as ProductId, aq as ProductSetup, P as ProductsQuery, e as ProductsResponse, ar as PropertyDetailObject, f as PropertyDetailResponse, as as PropertyLocation, at as PropertyObject, au as PropertyType, av as PropertyTypeCode, aw as PropertyTypeSubcode, ax as ProvidedFieldPath, ay as SESSION_IDEMPOTENCY_TTL_MS, az as SavingsSummaryResponse, aA as SelectedProduct, aB as SessionAccountCreated, aC as SessionAppDeferred, aD as SessionAppInstalled, aE as SessionDetailsConfirmed, aF as SessionEmbedOpened, d as SessionGetResponse, aG as SessionLoaSigned, S as SessionPayload, aH as SessionProductsSelected, c as SessionResponse, aI as SetupStatus, aJ as SetupStatusChanged, aK as SignatureImage, aL as StoredBankDetails, aM as SubscriptionChanged, aN as SubscriptionStatus, aO as Title, aP as TvLicenceProduct, aQ as Url, aR as WaterProduct, aS as WebhookEvent, aT as WebhookEventBase, aU as WebhookEventId, aV as WebhookEventType } from '../webhooks-iwkEPw9n.cjs';
1
+ import { Y as IsoDateTime, R as RequestId } from '../webhooks-CfpQ4PEE.cjs';
2
+ export { A as Address, i as AddressObject, j as AddressesObject, k as ApiVersion, l as AppDeeplinks, m as BankDetailsCollected, n as BankDetailsConsent, o as BankDetailsObject, B as BankDetailsRequest, b as BankDetailsResponse, p as BankDetailsStatus, q as BillType, r as BreakdownCoverProduct, s as BroadbandProduct, t as BuildingStyle, u as BuildingType, v as CacheStatus, w as ClientMode, x as Consent, y as ContextEntry, z as CouncilTaxProduct, C as CreateCustomerInput, D as CreditCheckAddress, E as CreditCheckObject, F as Customer, a as CustomerCreateResponse, g as CustomerId, h as CustomerStatusResponse, G as CustomerType, H as DataCompleteness, I as DiscoveryStatus, J as Email, K as EnergyProduct, M as Environment, N as EpcRating, O as FeatureFlags, Q as FinalRead, T as FuelType, U as HeatingType, V as HomeInsuranceProduct, W as IdempotencyKey, X as IsoDate, Z as LoASignature, _ as LoaId, L as LoaListResponse, $ as LoaRecord, a0 as LocationRole, a1 as MaskedSortCode, a2 as Meters, a3 as MobileProduct, a4 as MoveIn, a5 as MoveObject, a6 as MoveOut, a7 as MoveOutNotificationFailed, a8 as MoveOutNotificationSent, a9 as MoveOutNotifyFlags, aa as MoveOutReason, ab as MoveOutStatus, ac as NearbyPoi, ad as OccupantObject, ae as OccupantType, af as OnboardingInfo, ag as OverallStatus, ah as Paginated, ai as Person, aj as PhoneNumber, ak as Postcode, al as Product, am as ProductBase, an as ProductCategory, ao as ProductConfidence, ap as ProductId, aq as ProductSetup, P as ProductsQuery, e as ProductsResponse, ar as PropertyDetailObject, f as PropertyDetailResponse, as as PropertyLocation, at as PropertyObject, au as PropertyType, av as PropertyTypeCode, aw as PropertyTypeSubcode, ax as ProvidedFieldPath, ay as SESSION_IDEMPOTENCY_TTL_MS, az as SavingsSummaryResponse, aA as SelectedProduct, aB as SessionAccountCreated, aC as SessionAppDeferred, aD as SessionAppInstalled, aE as SessionDetailsConfirmed, aF as SessionEmbedOpened, d as SessionGetResponse, aG as SessionLoaSigned, S as SessionPayload, aH as SessionProductsSelected, c as SessionResponse, aI as SetupStatus, aJ as SetupStatusChanged, aK as SignatureImage, aL as StoredBankDetails, aM as SubscriptionChanged, aN as SubscriptionStatus, aO as Title, aP as TvLicenceProduct, aQ as Url, aR as WaterProduct, aS as WebhookEvent, aT as WebhookEventBase, aU as WebhookEventId, aV as WebhookEventType } from '../webhooks-CfpQ4PEE.cjs';
3
3
 
4
4
  /**
5
5
  * AnyVan move slot types.
@@ -1,5 +1,5 @@
1
- import { Y as IsoDateTime, R as RequestId } from '../webhooks-iwkEPw9n.js';
2
- export { A as Address, i as AddressObject, j as AddressesObject, k as ApiVersion, l as AppDeeplinks, m as BankDetailsCollected, n as BankDetailsConsent, o as BankDetailsObject, B as BankDetailsRequest, b as BankDetailsResponse, p as BankDetailsStatus, q as BillType, r as BreakdownCoverProduct, s as BroadbandProduct, t as BuildingStyle, u as BuildingType, v as CacheStatus, w as ClientMode, x as Consent, y as ContextEntry, z as CouncilTaxProduct, C as CreateCustomerInput, D as CreditCheckAddress, E as CreditCheckObject, F as Customer, a as CustomerCreateResponse, g as CustomerId, h as CustomerStatusResponse, G as CustomerType, H as DataCompleteness, I as DiscoveryStatus, J as Email, K as EnergyProduct, M as Environment, N as EpcRating, O as FeatureFlags, Q as FinalRead, T as FuelType, U as HeatingType, V as HomeInsuranceProduct, W as IdempotencyKey, X as IsoDate, Z as LoASignature, _ as LoaId, L as LoaListResponse, $ as LoaRecord, a0 as LocationRole, a1 as MaskedSortCode, a2 as Meters, a3 as MobileProduct, a4 as MoveIn, a5 as MoveObject, a6 as MoveOut, a7 as MoveOutNotificationFailed, a8 as MoveOutNotificationSent, a9 as MoveOutNotifyFlags, aa as MoveOutReason, ab as MoveOutStatus, ac as NearbyPoi, ad as OccupantObject, ae as OccupantType, af as OnboardingInfo, ag as OverallStatus, ah as Paginated, ai as Person, aj as PhoneNumber, ak as Postcode, al as Product, am as ProductBase, an as ProductCategory, ao as ProductConfidence, ap as ProductId, aq as ProductSetup, P as ProductsQuery, e as ProductsResponse, ar as PropertyDetailObject, f as PropertyDetailResponse, as as PropertyLocation, at as PropertyObject, au as PropertyType, av as PropertyTypeCode, aw as PropertyTypeSubcode, ax as ProvidedFieldPath, ay as SESSION_IDEMPOTENCY_TTL_MS, az as SavingsSummaryResponse, aA as SelectedProduct, aB as SessionAccountCreated, aC as SessionAppDeferred, aD as SessionAppInstalled, aE as SessionDetailsConfirmed, aF as SessionEmbedOpened, d as SessionGetResponse, aG as SessionLoaSigned, S as SessionPayload, aH as SessionProductsSelected, c as SessionResponse, aI as SetupStatus, aJ as SetupStatusChanged, aK as SignatureImage, aL as StoredBankDetails, aM as SubscriptionChanged, aN as SubscriptionStatus, aO as Title, aP as TvLicenceProduct, aQ as Url, aR as WaterProduct, aS as WebhookEvent, aT as WebhookEventBase, aU as WebhookEventId, aV as WebhookEventType } from '../webhooks-iwkEPw9n.js';
1
+ import { Y as IsoDateTime, R as RequestId } from '../webhooks-CfpQ4PEE.js';
2
+ export { A as Address, i as AddressObject, j as AddressesObject, k as ApiVersion, l as AppDeeplinks, m as BankDetailsCollected, n as BankDetailsConsent, o as BankDetailsObject, B as BankDetailsRequest, b as BankDetailsResponse, p as BankDetailsStatus, q as BillType, r as BreakdownCoverProduct, s as BroadbandProduct, t as BuildingStyle, u as BuildingType, v as CacheStatus, w as ClientMode, x as Consent, y as ContextEntry, z as CouncilTaxProduct, C as CreateCustomerInput, D as CreditCheckAddress, E as CreditCheckObject, F as Customer, a as CustomerCreateResponse, g as CustomerId, h as CustomerStatusResponse, G as CustomerType, H as DataCompleteness, I as DiscoveryStatus, J as Email, K as EnergyProduct, M as Environment, N as EpcRating, O as FeatureFlags, Q as FinalRead, T as FuelType, U as HeatingType, V as HomeInsuranceProduct, W as IdempotencyKey, X as IsoDate, Z as LoASignature, _ as LoaId, L as LoaListResponse, $ as LoaRecord, a0 as LocationRole, a1 as MaskedSortCode, a2 as Meters, a3 as MobileProduct, a4 as MoveIn, a5 as MoveObject, a6 as MoveOut, a7 as MoveOutNotificationFailed, a8 as MoveOutNotificationSent, a9 as MoveOutNotifyFlags, aa as MoveOutReason, ab as MoveOutStatus, ac as NearbyPoi, ad as OccupantObject, ae as OccupantType, af as OnboardingInfo, ag as OverallStatus, ah as Paginated, ai as Person, aj as PhoneNumber, ak as Postcode, al as Product, am as ProductBase, an as ProductCategory, ao as ProductConfidence, ap as ProductId, aq as ProductSetup, P as ProductsQuery, e as ProductsResponse, ar as PropertyDetailObject, f as PropertyDetailResponse, as as PropertyLocation, at as PropertyObject, au as PropertyType, av as PropertyTypeCode, aw as PropertyTypeSubcode, ax as ProvidedFieldPath, ay as SESSION_IDEMPOTENCY_TTL_MS, az as SavingsSummaryResponse, aA as SelectedProduct, aB as SessionAccountCreated, aC as SessionAppDeferred, aD as SessionAppInstalled, aE as SessionDetailsConfirmed, aF as SessionEmbedOpened, d as SessionGetResponse, aG as SessionLoaSigned, S as SessionPayload, aH as SessionProductsSelected, c as SessionResponse, aI as SetupStatus, aJ as SetupStatusChanged, aK as SignatureImage, aL as StoredBankDetails, aM as SubscriptionChanged, aN as SubscriptionStatus, aO as Title, aP as TvLicenceProduct, aQ as Url, aR as WaterProduct, aS as WebhookEvent, aT as WebhookEventBase, aU as WebhookEventId, aV as WebhookEventType } from '../webhooks-CfpQ4PEE.js';
3
3
 
4
4
  /**
5
5
  * AnyVan move slot types.
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/types/session.ts","../../src/types/errors.ts"],"names":[],"mappings":";;;AAyGO,IAAM,0BAAA,GAA6B,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;;;ACzBlD,IAAM,uBAAA,uBAA8B,GAAA,CAAY,CAAC,KAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAG,CAAC","file":"index.js","sourcesContent":["/**\n * Session lifecycle types.\n * POST /partner/sessions creates a session and returns a short-lived session_token\n * that the embed presents to the frontend-facing endpoints.\n */\n\nimport type {\n AddressObject,\n Consent,\n ContextEntry,\n Customer,\n IsoDateTime,\n Meters,\n MoveIn,\n MoveOut,\n ProvidedFieldPath,\n OccupantObject,\n PropertyObject,\n} from './common.js';\n\nexport interface AddressesObject {\n /** The property the customer is moving INTO. Where utilities are set up. */\n current: PropertyObject;\n /** The property the customer is moving OUT of, if applicable. */\n previous?: PropertyObject;\n}\n\nexport interface MoveObject {\n in: MoveIn;\n out?: MoveOut;\n}\n\n/**\n * Canonical snake_case shape the SDK sends to POST /partner/sessions.\n * `buildSessionPayload(req)` on the server is responsible for assembling this\n * from whatever shape the partner's host page provides.\n */\nexport interface SessionPayload {\n /** Partner-controlled correlation. Echoed back on webhooks as `data.referral_id`. */\n referral_id?: string;\n customer: Customer;\n occupants?: OccupantObject[];\n addresses: AddressesObject;\n move: MoveObject;\n meters?: Meters;\n consent: Consent;\n context?: ContextEntry[];\n}\n\n/**\n * Per-session toggles that gate embed pages and filter product categories.\n * Snake_case end-to-end; the embed reads the `feature_flags` envelope as-is.\n */\nexport interface FeatureFlags {\n /** When false, the embed hides the Direct Debit page. */\n direct_debit: boolean;\n /** When false, the embed hides the Letter of Authority signing page. */\n loa_signing: boolean;\n /** When false, the API filters out removal-services products. */\n allow_removal_services: boolean;\n /** When false, the API filters out electoral-roll products. */\n allow_electoral_roll: boolean;\n}\n\n/** Response from POST /partner/sessions. */\nexport interface SessionResponse {\n session_id: string;\n /** Short-lived JWT (300s) the embed presents to the SDK-mounted endpoints. */\n session_token: string;\n embed_base_url: string;\n /** Initial discovery status. Embed polls /products until complete. */\n discovery_status: 'running' | 'complete';\n estimated_ready_seconds?: number;\n /** Dot-notation paths of fields HelloBill received. Drives adaptive UI. */\n provided_fields: ProvidedFieldPath[];\n /** ISO 8601. Session resource expires after 90 days. */\n expires_at: IsoDateTime;\n /** Optional for back-compat with fixtures and pre-feature_flags payloads. */\n feature_flags?: FeatureFlags;\n}\n\n/**\n * Response from GET /partner/sessions/:id.\n *\n * Per spec §3.7, the endpoint echoes back the full SessionPayload the partner\n * originally sent to POST /partner/sessions, extended with server-assigned fields.\n * This is distinct from SessionResponse (POST projection) which carries session_token\n * and embed_base_url but not the original payload fields.\n */\nexport interface SessionGetResponse extends SessionPayload {\n /** Stable server-assigned session identifier. */\n session_id: string;\n /** ISO 8601 timestamp when the session was created. */\n created_at: IsoDateTime;\n /** ISO 8601 session expiry (90 days from creation). */\n expires_at: IsoDateTime;\n /** Lifecycle status of the session. */\n status: 'created' | 'customer_created' | 'expired';\n}\n\n/**\n * Idempotency window for POST /sessions: 24h on\n * email + addresses.current.postcode + addresses.current.address_line_1.\n * `move.out` is NOT part of the key — partners cannot retroactively change shape.\n */\nexport const SESSION_IDEMPOTENCY_TTL_MS = 24 * 60 * 60 * 1000;\n","/**\n * Spec error envelope.\n * Returned with non-2xx responses from the Partner API and surfaced verbatim by the SDK.\n */\n\nimport type { RequestId } from './common.js';\n\n/**\n * Error codes follow `<category>.<specific>` naming and match the v15 §12 catalog.\n */\nexport type ErrorCode =\n // validation.*\n | 'validation.missing_required_field'\n | 'validation.invalid_field_value'\n | 'validation.invalid_enum_value'\n // consent.*\n | 'consent.required'\n // product.*\n | 'product.id_expired'\n // loa.*\n | 'loa.coverage_missing'\n | 'loa.coverage_excess'\n | 'loa.session_mismatch'\n | 'loa.template_changed'\n | 'loa.selection_changed'\n // signature_image.*\n | 'signature_image.invalid'\n | 'signature_image.too_large'\n | 'signature_image.dimensions_invalid'\n // address.*\n | 'address.line_too_long'\n | 'address.postcode_invalid'\n // move_out.*\n | 'move_out.requires_previous_property'\n | 'move_out.invalid_date'\n // final_read.*\n | 'final_read.implausible'\n // customer.*\n | 'customer.address_invalid'\n | 'customer.not_found'\n // bank_details.*\n | 'bank_details.invalid_sort_code'\n | 'bank_details.invalid_account_number'\n | 'bank_details.modulus_check_failed'\n | 'bank_details.session_locked'\n // auth.*\n | 'auth.invalid_credentials'\n | 'auth.token_expired'\n | 'auth.token_malformed'\n | 'auth.insufficient_scope'\n // session.*\n | 'session.not_found'\n // rate.*\n | 'rate.limited'\n // internal.*\n | 'internal.error'\n // discovery.*\n | 'discovery.unavailable';\n\nexport type ErrorType =\n | 'authentication_error'\n | 'validation_error'\n | 'rate_limit_error'\n | 'api_error';\n\nexport interface ErrorEnvelope {\n error: {\n type: ErrorType;\n code: ErrorCode;\n message: string;\n /** Path of the offending field (e.g. \"addresses.current.postcode\"). */\n param?: string;\n /** For validation.missing_required_field — dot-notation list of missing fields. */\n missing_fields?: string[];\n /** Echo of `X-HelloBill-Request-Id` for support correlation. */\n request_id: RequestId;\n };\n}\n\n/** HTTP statuses the SDK retries automatically with exponential backoff. */\nexport const RETRYABLE_HTTP_STATUSES = new Set<number>([429, 500, 502, 503, 504]);\n"]}
1
+ {"version":3,"sources":["../../src/types/session.ts","../../src/types/errors.ts"],"names":[],"mappings":";;;AAmHO,IAAM,0BAAA,GAA6B,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;;;ACnClD,IAAM,uBAAA,uBAA8B,GAAA,CAAY,CAAC,KAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAG,CAAC","file":"index.js","sourcesContent":["/**\n * Session lifecycle types.\n * POST /partner/sessions creates a session and returns a short-lived session_token\n * that the embed presents to the frontend-facing endpoints.\n */\n\nimport type {\n AddressObject,\n Consent,\n ContextEntry,\n Customer,\n IsoDateTime,\n Meters,\n MoveIn,\n MoveOut,\n ProvidedFieldPath,\n OccupantObject,\n PropertyObject,\n} from './common.js';\n\nexport interface AddressesObject {\n /** The property the customer is moving INTO. Where utilities are set up. */\n current: PropertyObject;\n /** The property the customer is moving OUT of, if applicable. */\n previous?: PropertyObject;\n}\n\nexport interface MoveObject {\n in: MoveIn;\n out?: MoveOut;\n}\n\n/**\n * Canonical snake_case shape the SDK sends to POST /partner/sessions.\n * `buildSessionPayload(req)` on the server is responsible for assembling this\n * from whatever shape the partner's host page provides.\n */\nexport interface SessionPayload {\n /** Partner-controlled correlation. Echoed back on webhooks as `data.referral_id`. */\n referral_id?: string;\n customer: Customer;\n occupants?: OccupantObject[];\n addresses: AddressesObject;\n move: MoveObject;\n meters?: Meters;\n consent: Consent;\n context?: ContextEntry[];\n /** Per-session override of the onboarding journey; server resolves the default when omitted. */\n journey_type?: JourneyType;\n}\n\n/**\n * Onboarding journey the session runs. `move_in` is the default (setting up\n * utilities at a property being moved into); `move` covers a move between properties.\n */\nexport type JourneyType = 'move_in' | 'move';\n\n/**\n * Per-session toggles that gate embed pages and filter product categories.\n * Snake_case end-to-end; the embed reads the `feature_flags` envelope as-is.\n */\nexport interface FeatureFlags {\n /** When false, the embed hides the Direct Debit page. */\n direct_debit: boolean;\n /** When false, the embed hides the Letter of Authority signing page. */\n loa_signing: boolean;\n /** When false, the API filters out removal-services products. */\n allow_removal_services: boolean;\n /** When false, the API filters out electoral-roll products. */\n allow_electoral_roll: boolean;\n}\n\n/** Response from POST /partner/sessions. */\nexport interface SessionResponse {\n session_id: string;\n /** Short-lived JWT (300s) the embed presents to the SDK-mounted endpoints. */\n session_token: string;\n embed_base_url: string;\n /** Initial discovery status. Embed polls /products until complete. */\n discovery_status: 'running' | 'complete';\n estimated_ready_seconds?: number;\n /** Dot-notation paths of fields HelloBill received. Drives adaptive UI. */\n provided_fields: ProvidedFieldPath[];\n /** ISO 8601. Session resource expires after 90 days. */\n expires_at: IsoDateTime;\n /** Optional for back-compat with fixtures and pre-feature_flags payloads. */\n feature_flags?: FeatureFlags;\n /** Resolved journey echoed back; optional for back-compat with pre-journey_type payloads. */\n journey_type?: JourneyType;\n}\n\n/**\n * Response from GET /partner/sessions/:id.\n *\n * Per spec §3.7, the endpoint echoes back the full SessionPayload the partner\n * originally sent to POST /partner/sessions, extended with server-assigned fields.\n * This is distinct from SessionResponse (POST projection) which carries session_token\n * and embed_base_url but not the original payload fields.\n */\nexport interface SessionGetResponse extends SessionPayload {\n /** Stable server-assigned session identifier. */\n session_id: string;\n /** ISO 8601 timestamp when the session was created. */\n created_at: IsoDateTime;\n /** ISO 8601 session expiry (90 days from creation). */\n expires_at: IsoDateTime;\n /** Lifecycle status of the session. */\n status: 'created' | 'customer_created' | 'expired';\n}\n\n/**\n * Idempotency window for POST /sessions: 24h on\n * email + addresses.current.postcode + addresses.current.address_line_1.\n * `move.out` is NOT part of the key — partners cannot retroactively change shape.\n */\nexport const SESSION_IDEMPOTENCY_TTL_MS = 24 * 60 * 60 * 1000;\n","/**\n * Spec error envelope.\n * Returned with non-2xx responses from the Partner API and surfaced verbatim by the SDK.\n */\n\nimport type { RequestId } from './common.js';\n\n/**\n * Error codes follow `<category>.<specific>` naming and match the v15 §12 catalog.\n */\nexport type ErrorCode =\n // validation.*\n | 'validation.missing_required_field'\n | 'validation.invalid_field_value'\n | 'validation.invalid_enum_value'\n // consent.*\n | 'consent.required'\n // product.*\n | 'product.id_expired'\n // loa.*\n | 'loa.coverage_missing'\n | 'loa.coverage_excess'\n | 'loa.session_mismatch'\n | 'loa.template_changed'\n | 'loa.selection_changed'\n // signature_image.*\n | 'signature_image.invalid'\n | 'signature_image.too_large'\n | 'signature_image.dimensions_invalid'\n // address.*\n | 'address.line_too_long'\n | 'address.postcode_invalid'\n // move_out.*\n | 'move_out.requires_previous_property'\n | 'move_out.invalid_date'\n // final_read.*\n | 'final_read.implausible'\n // customer.*\n | 'customer.address_invalid'\n | 'customer.not_found'\n // bank_details.*\n | 'bank_details.invalid_sort_code'\n | 'bank_details.invalid_account_number'\n | 'bank_details.modulus_check_failed'\n | 'bank_details.session_locked'\n // auth.*\n | 'auth.invalid_credentials'\n | 'auth.token_expired'\n | 'auth.token_malformed'\n | 'auth.insufficient_scope'\n // session.*\n | 'session.not_found'\n // rate.*\n | 'rate.limited'\n // internal.*\n | 'internal.error'\n // discovery.*\n | 'discovery.unavailable';\n\nexport type ErrorType =\n | 'authentication_error'\n | 'validation_error'\n | 'rate_limit_error'\n | 'api_error';\n\nexport interface ErrorEnvelope {\n error: {\n type: ErrorType;\n code: ErrorCode;\n message: string;\n /** Path of the offending field (e.g. \"addresses.current.postcode\"). */\n param?: string;\n /** For validation.missing_required_field — dot-notation list of missing fields. */\n missing_fields?: string[];\n /** Echo of `X-HelloBill-Request-Id` for support correlation. */\n request_id: RequestId;\n };\n}\n\n/** HTTP statuses the SDK retries automatically with exponential backoff. */\nexport const RETRYABLE_HTTP_STATUSES = new Set<number>([429, 500, 502, 503, 504]);\n"]}
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/types/session.ts","../../src/types/errors.ts"],"names":[],"mappings":";AAyGO,IAAM,0BAAA,GAA6B,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;;;ACzBlD,IAAM,uBAAA,uBAA8B,GAAA,CAAY,CAAC,KAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAG,CAAC","file":"index.mjs","sourcesContent":["/**\n * Session lifecycle types.\n * POST /partner/sessions creates a session and returns a short-lived session_token\n * that the embed presents to the frontend-facing endpoints.\n */\n\nimport type {\n AddressObject,\n Consent,\n ContextEntry,\n Customer,\n IsoDateTime,\n Meters,\n MoveIn,\n MoveOut,\n ProvidedFieldPath,\n OccupantObject,\n PropertyObject,\n} from './common.js';\n\nexport interface AddressesObject {\n /** The property the customer is moving INTO. Where utilities are set up. */\n current: PropertyObject;\n /** The property the customer is moving OUT of, if applicable. */\n previous?: PropertyObject;\n}\n\nexport interface MoveObject {\n in: MoveIn;\n out?: MoveOut;\n}\n\n/**\n * Canonical snake_case shape the SDK sends to POST /partner/sessions.\n * `buildSessionPayload(req)` on the server is responsible for assembling this\n * from whatever shape the partner's host page provides.\n */\nexport interface SessionPayload {\n /** Partner-controlled correlation. Echoed back on webhooks as `data.referral_id`. */\n referral_id?: string;\n customer: Customer;\n occupants?: OccupantObject[];\n addresses: AddressesObject;\n move: MoveObject;\n meters?: Meters;\n consent: Consent;\n context?: ContextEntry[];\n}\n\n/**\n * Per-session toggles that gate embed pages and filter product categories.\n * Snake_case end-to-end; the embed reads the `feature_flags` envelope as-is.\n */\nexport interface FeatureFlags {\n /** When false, the embed hides the Direct Debit page. */\n direct_debit: boolean;\n /** When false, the embed hides the Letter of Authority signing page. */\n loa_signing: boolean;\n /** When false, the API filters out removal-services products. */\n allow_removal_services: boolean;\n /** When false, the API filters out electoral-roll products. */\n allow_electoral_roll: boolean;\n}\n\n/** Response from POST /partner/sessions. */\nexport interface SessionResponse {\n session_id: string;\n /** Short-lived JWT (300s) the embed presents to the SDK-mounted endpoints. */\n session_token: string;\n embed_base_url: string;\n /** Initial discovery status. Embed polls /products until complete. */\n discovery_status: 'running' | 'complete';\n estimated_ready_seconds?: number;\n /** Dot-notation paths of fields HelloBill received. Drives adaptive UI. */\n provided_fields: ProvidedFieldPath[];\n /** ISO 8601. Session resource expires after 90 days. */\n expires_at: IsoDateTime;\n /** Optional for back-compat with fixtures and pre-feature_flags payloads. */\n feature_flags?: FeatureFlags;\n}\n\n/**\n * Response from GET /partner/sessions/:id.\n *\n * Per spec §3.7, the endpoint echoes back the full SessionPayload the partner\n * originally sent to POST /partner/sessions, extended with server-assigned fields.\n * This is distinct from SessionResponse (POST projection) which carries session_token\n * and embed_base_url but not the original payload fields.\n */\nexport interface SessionGetResponse extends SessionPayload {\n /** Stable server-assigned session identifier. */\n session_id: string;\n /** ISO 8601 timestamp when the session was created. */\n created_at: IsoDateTime;\n /** ISO 8601 session expiry (90 days from creation). */\n expires_at: IsoDateTime;\n /** Lifecycle status of the session. */\n status: 'created' | 'customer_created' | 'expired';\n}\n\n/**\n * Idempotency window for POST /sessions: 24h on\n * email + addresses.current.postcode + addresses.current.address_line_1.\n * `move.out` is NOT part of the key — partners cannot retroactively change shape.\n */\nexport const SESSION_IDEMPOTENCY_TTL_MS = 24 * 60 * 60 * 1000;\n","/**\n * Spec error envelope.\n * Returned with non-2xx responses from the Partner API and surfaced verbatim by the SDK.\n */\n\nimport type { RequestId } from './common.js';\n\n/**\n * Error codes follow `<category>.<specific>` naming and match the v15 §12 catalog.\n */\nexport type ErrorCode =\n // validation.*\n | 'validation.missing_required_field'\n | 'validation.invalid_field_value'\n | 'validation.invalid_enum_value'\n // consent.*\n | 'consent.required'\n // product.*\n | 'product.id_expired'\n // loa.*\n | 'loa.coverage_missing'\n | 'loa.coverage_excess'\n | 'loa.session_mismatch'\n | 'loa.template_changed'\n | 'loa.selection_changed'\n // signature_image.*\n | 'signature_image.invalid'\n | 'signature_image.too_large'\n | 'signature_image.dimensions_invalid'\n // address.*\n | 'address.line_too_long'\n | 'address.postcode_invalid'\n // move_out.*\n | 'move_out.requires_previous_property'\n | 'move_out.invalid_date'\n // final_read.*\n | 'final_read.implausible'\n // customer.*\n | 'customer.address_invalid'\n | 'customer.not_found'\n // bank_details.*\n | 'bank_details.invalid_sort_code'\n | 'bank_details.invalid_account_number'\n | 'bank_details.modulus_check_failed'\n | 'bank_details.session_locked'\n // auth.*\n | 'auth.invalid_credentials'\n | 'auth.token_expired'\n | 'auth.token_malformed'\n | 'auth.insufficient_scope'\n // session.*\n | 'session.not_found'\n // rate.*\n | 'rate.limited'\n // internal.*\n | 'internal.error'\n // discovery.*\n | 'discovery.unavailable';\n\nexport type ErrorType =\n | 'authentication_error'\n | 'validation_error'\n | 'rate_limit_error'\n | 'api_error';\n\nexport interface ErrorEnvelope {\n error: {\n type: ErrorType;\n code: ErrorCode;\n message: string;\n /** Path of the offending field (e.g. \"addresses.current.postcode\"). */\n param?: string;\n /** For validation.missing_required_field — dot-notation list of missing fields. */\n missing_fields?: string[];\n /** Echo of `X-HelloBill-Request-Id` for support correlation. */\n request_id: RequestId;\n };\n}\n\n/** HTTP statuses the SDK retries automatically with exponential backoff. */\nexport const RETRYABLE_HTTP_STATUSES = new Set<number>([429, 500, 502, 503, 504]);\n"]}
1
+ {"version":3,"sources":["../../src/types/session.ts","../../src/types/errors.ts"],"names":[],"mappings":";AAmHO,IAAM,0BAAA,GAA6B,EAAA,GAAK,EAAA,GAAK,EAAA,GAAK;;;ACnClD,IAAM,uBAAA,uBAA8B,GAAA,CAAY,CAAC,KAAK,GAAA,EAAK,GAAA,EAAK,GAAA,EAAK,GAAG,CAAC","file":"index.mjs","sourcesContent":["/**\n * Session lifecycle types.\n * POST /partner/sessions creates a session and returns a short-lived session_token\n * that the embed presents to the frontend-facing endpoints.\n */\n\nimport type {\n AddressObject,\n Consent,\n ContextEntry,\n Customer,\n IsoDateTime,\n Meters,\n MoveIn,\n MoveOut,\n ProvidedFieldPath,\n OccupantObject,\n PropertyObject,\n} from './common.js';\n\nexport interface AddressesObject {\n /** The property the customer is moving INTO. Where utilities are set up. */\n current: PropertyObject;\n /** The property the customer is moving OUT of, if applicable. */\n previous?: PropertyObject;\n}\n\nexport interface MoveObject {\n in: MoveIn;\n out?: MoveOut;\n}\n\n/**\n * Canonical snake_case shape the SDK sends to POST /partner/sessions.\n * `buildSessionPayload(req)` on the server is responsible for assembling this\n * from whatever shape the partner's host page provides.\n */\nexport interface SessionPayload {\n /** Partner-controlled correlation. Echoed back on webhooks as `data.referral_id`. */\n referral_id?: string;\n customer: Customer;\n occupants?: OccupantObject[];\n addresses: AddressesObject;\n move: MoveObject;\n meters?: Meters;\n consent: Consent;\n context?: ContextEntry[];\n /** Per-session override of the onboarding journey; server resolves the default when omitted. */\n journey_type?: JourneyType;\n}\n\n/**\n * Onboarding journey the session runs. `move_in` is the default (setting up\n * utilities at a property being moved into); `move` covers a move between properties.\n */\nexport type JourneyType = 'move_in' | 'move';\n\n/**\n * Per-session toggles that gate embed pages and filter product categories.\n * Snake_case end-to-end; the embed reads the `feature_flags` envelope as-is.\n */\nexport interface FeatureFlags {\n /** When false, the embed hides the Direct Debit page. */\n direct_debit: boolean;\n /** When false, the embed hides the Letter of Authority signing page. */\n loa_signing: boolean;\n /** When false, the API filters out removal-services products. */\n allow_removal_services: boolean;\n /** When false, the API filters out electoral-roll products. */\n allow_electoral_roll: boolean;\n}\n\n/** Response from POST /partner/sessions. */\nexport interface SessionResponse {\n session_id: string;\n /** Short-lived JWT (300s) the embed presents to the SDK-mounted endpoints. */\n session_token: string;\n embed_base_url: string;\n /** Initial discovery status. Embed polls /products until complete. */\n discovery_status: 'running' | 'complete';\n estimated_ready_seconds?: number;\n /** Dot-notation paths of fields HelloBill received. Drives adaptive UI. */\n provided_fields: ProvidedFieldPath[];\n /** ISO 8601. Session resource expires after 90 days. */\n expires_at: IsoDateTime;\n /** Optional for back-compat with fixtures and pre-feature_flags payloads. */\n feature_flags?: FeatureFlags;\n /** Resolved journey echoed back; optional for back-compat with pre-journey_type payloads. */\n journey_type?: JourneyType;\n}\n\n/**\n * Response from GET /partner/sessions/:id.\n *\n * Per spec §3.7, the endpoint echoes back the full SessionPayload the partner\n * originally sent to POST /partner/sessions, extended with server-assigned fields.\n * This is distinct from SessionResponse (POST projection) which carries session_token\n * and embed_base_url but not the original payload fields.\n */\nexport interface SessionGetResponse extends SessionPayload {\n /** Stable server-assigned session identifier. */\n session_id: string;\n /** ISO 8601 timestamp when the session was created. */\n created_at: IsoDateTime;\n /** ISO 8601 session expiry (90 days from creation). */\n expires_at: IsoDateTime;\n /** Lifecycle status of the session. */\n status: 'created' | 'customer_created' | 'expired';\n}\n\n/**\n * Idempotency window for POST /sessions: 24h on\n * email + addresses.current.postcode + addresses.current.address_line_1.\n * `move.out` is NOT part of the key — partners cannot retroactively change shape.\n */\nexport const SESSION_IDEMPOTENCY_TTL_MS = 24 * 60 * 60 * 1000;\n","/**\n * Spec error envelope.\n * Returned with non-2xx responses from the Partner API and surfaced verbatim by the SDK.\n */\n\nimport type { RequestId } from './common.js';\n\n/**\n * Error codes follow `<category>.<specific>` naming and match the v15 §12 catalog.\n */\nexport type ErrorCode =\n // validation.*\n | 'validation.missing_required_field'\n | 'validation.invalid_field_value'\n | 'validation.invalid_enum_value'\n // consent.*\n | 'consent.required'\n // product.*\n | 'product.id_expired'\n // loa.*\n | 'loa.coverage_missing'\n | 'loa.coverage_excess'\n | 'loa.session_mismatch'\n | 'loa.template_changed'\n | 'loa.selection_changed'\n // signature_image.*\n | 'signature_image.invalid'\n | 'signature_image.too_large'\n | 'signature_image.dimensions_invalid'\n // address.*\n | 'address.line_too_long'\n | 'address.postcode_invalid'\n // move_out.*\n | 'move_out.requires_previous_property'\n | 'move_out.invalid_date'\n // final_read.*\n | 'final_read.implausible'\n // customer.*\n | 'customer.address_invalid'\n | 'customer.not_found'\n // bank_details.*\n | 'bank_details.invalid_sort_code'\n | 'bank_details.invalid_account_number'\n | 'bank_details.modulus_check_failed'\n | 'bank_details.session_locked'\n // auth.*\n | 'auth.invalid_credentials'\n | 'auth.token_expired'\n | 'auth.token_malformed'\n | 'auth.insufficient_scope'\n // session.*\n | 'session.not_found'\n // rate.*\n | 'rate.limited'\n // internal.*\n | 'internal.error'\n // discovery.*\n | 'discovery.unavailable';\n\nexport type ErrorType =\n | 'authentication_error'\n | 'validation_error'\n | 'rate_limit_error'\n | 'api_error';\n\nexport interface ErrorEnvelope {\n error: {\n type: ErrorType;\n code: ErrorCode;\n message: string;\n /** Path of the offending field (e.g. \"addresses.current.postcode\"). */\n param?: string;\n /** For validation.missing_required_field — dot-notation list of missing fields. */\n missing_fields?: string[];\n /** Echo of `X-HelloBill-Request-Id` for support correlation. */\n request_id: RequestId;\n };\n}\n\n/** HTTP statuses the SDK retries automatically with exponential backoff. */\nexport const RETRYABLE_HTTP_STATUSES = new Set<number>([429, 500, 502, 503, 504]);\n"]}
@@ -1,2 +1,2 @@
1
- export { c as InMemoryWebhookDedupeStore, U as UnknownWebhookEventError, V as VerifyWebhookOptions, W as WebhookDedupeStore, f as WebhookHandlerContext, g as WebhookHandlerOptions, h as WebhookHandlers, i as WebhookVerificationError, k as createWebhookHandler, v as verifyWebhook, l as verifyWebhookSignature } from '../index-weK_H8io.cjs';
2
- import '../webhooks-iwkEPw9n.cjs';
1
+ export { c as InMemoryWebhookDedupeStore, U as UnknownWebhookEventError, V as VerifyWebhookOptions, W as WebhookDedupeStore, f as WebhookHandlerContext, g as WebhookHandlerOptions, h as WebhookHandlers, i as WebhookVerificationError, k as createWebhookHandler, v as verifyWebhook, l as verifyWebhookSignature } from '../index-D1Y88dmC.cjs';
2
+ import '../webhooks-CfpQ4PEE.cjs';
@@ -1,2 +1,2 @@
1
- export { c as InMemoryWebhookDedupeStore, U as UnknownWebhookEventError, V as VerifyWebhookOptions, W as WebhookDedupeStore, f as WebhookHandlerContext, g as WebhookHandlerOptions, h as WebhookHandlers, i as WebhookVerificationError, k as createWebhookHandler, v as verifyWebhook, l as verifyWebhookSignature } from '../index-CtQgDuFR.js';
2
- import '../webhooks-iwkEPw9n.js';
1
+ export { c as InMemoryWebhookDedupeStore, U as UnknownWebhookEventError, V as VerifyWebhookOptions, W as WebhookDedupeStore, f as WebhookHandlerContext, g as WebhookHandlerOptions, h as WebhookHandlers, i as WebhookVerificationError, k as createWebhookHandler, v as verifyWebhook, l as verifyWebhookSignature } from '../index-sSyUfAhM.js';
2
+ import '../webhooks-CfpQ4PEE.js';
@@ -256,7 +256,14 @@ interface SessionPayload {
256
256
  meters?: Meters;
257
257
  consent: Consent;
258
258
  context?: ContextEntry[];
259
+ /** Per-session override of the onboarding journey; server resolves the default when omitted. */
260
+ journey_type?: JourneyType;
259
261
  }
262
+ /**
263
+ * Onboarding journey the session runs. `move_in` is the default (setting up
264
+ * utilities at a property being moved into); `move` covers a move between properties.
265
+ */
266
+ type JourneyType = 'move_in' | 'move';
260
267
  /**
261
268
  * Per-session toggles that gate embed pages and filter product categories.
262
269
  * Snake_case end-to-end; the embed reads the `feature_flags` envelope as-is.
@@ -286,6 +293,8 @@ interface SessionResponse {
286
293
  expires_at: IsoDateTime;
287
294
  /** Optional for back-compat with fixtures and pre-feature_flags payloads. */
288
295
  feature_flags?: FeatureFlags;
296
+ /** Resolved journey echoed back; optional for back-compat with pre-journey_type payloads. */
297
+ journey_type?: JourneyType;
289
298
  }
290
299
  /**
291
300
  * Response from GET /partner/sessions/:id.
@@ -256,7 +256,14 @@ interface SessionPayload {
256
256
  meters?: Meters;
257
257
  consent: Consent;
258
258
  context?: ContextEntry[];
259
+ /** Per-session override of the onboarding journey; server resolves the default when omitted. */
260
+ journey_type?: JourneyType;
259
261
  }
262
+ /**
263
+ * Onboarding journey the session runs. `move_in` is the default (setting up
264
+ * utilities at a property being moved into); `move` covers a move between properties.
265
+ */
266
+ type JourneyType = 'move_in' | 'move';
260
267
  /**
261
268
  * Per-session toggles that gate embed pages and filter product categories.
262
269
  * Snake_case end-to-end; the embed reads the `feature_flags` envelope as-is.
@@ -286,6 +293,8 @@ interface SessionResponse {
286
293
  expires_at: IsoDateTime;
287
294
  /** Optional for back-compat with fixtures and pre-feature_flags payloads. */
288
295
  feature_flags?: FeatureFlags;
296
+ /** Resolved journey echoed back; optional for back-compat with pre-journey_type payloads. */
297
+ journey_type?: JourneyType;
289
298
  }
290
299
  /**
291
300
  * Response from GET /partner/sessions/:id.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@hello-bill/node",
3
- "version": "2.2.0-beta.3",
3
+ "version": "2.2.0-beta.5",
4
4
  "description": "Server-side SDK for the HelloBill Partner API. Framework-agnostic core with an Express adapter; ships a webhook verifier and the spec-derived TypeScript types.",
5
5
  "license": "MIT",
6
6
  "type": "module",