@hogsend/client 0.7.0 → 0.8.0

package/dist/index.cjs

@@ -22,7 +22,8 @@ var index_exports = {};
 __export(index_exports, {
   Hogsend: () => Hogsend,
   HogsendAPIError: () => HogsendAPIError,
-  RateLimitError: () => RateLimitError
+  RateLimitError: () => RateLimitError,
+  verifyHogsendWebhook: () => verifyHogsendWebhook
 });
 module.exports = __toCommonJS(index_exports);
 
@@ -144,6 +145,7 @@ function createHttpClient(config) {
     get: (path, query) => request("GET", path, { query }),
     post: (path, body, extras) => request("POST", path, { body, extras }),
     put: (path, body, extras) => request("PUT", path, { body, extras }),
+    patch: (path, body, extras) => request("PATCH", path, { body, extras }),
     del: (path, body) => request("DELETE", path, { body })
   };
 }
@@ -335,6 +337,87 @@ var ListsResource = class {
   }
 };
 
+// src/resources/webhooks.ts
+var BASE = "/v1/admin/webhooks";
+var WebhooksResource = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /**
+   * Register a new endpoint subscribed to one or more outbound event types.
+   * Returns the endpoint INCLUDING the full signing `secret` — this is the
+   * only time (besides rotate) the secret is returned. Store it now.
+   */
+  create(input) {
+    return this.http.post(BASE, {
+      url: input.url,
+      eventTypes: input.eventTypes,
+      description: input.description,
+      disabled: input.disabled
+    });
+  }
+  /**
+   * List endpoints (newest first). Disabled endpoints are hidden unless
+   * `includeDisabled` is set. Returns the endpoints array (unwrapped from the
+   * `{ endpoints, total, limit, offset }` envelope).
+   */
+  async list(opts) {
+    const res = await this.http.get(BASE, {
+      limit: opts?.limit,
+      offset: opts?.offset,
+      includeDisabled: opts?.includeDisabled === void 0 ? void 0 : String(opts.includeDisabled)
+    });
+    return res.endpoints;
+  }
+  /** Fetch one endpoint by id (404 → {@link HogsendAPIError}). */
+  get(id) {
+    return this.http.get(`${BASE}/${encodeURIComponent(id)}`);
+  }
+  /**
+   * Patch an endpoint. Only the provided fields change; `description: null`
+   * clears the description. Does NOT return or rotate the secret.
+   */
+  update(id, input) {
+    return this.http.patch(
+      `${BASE}/${encodeURIComponent(id)}`,
+      {
+        url: input.url,
+        eventTypes: input.eventTypes,
+        description: input.description,
+        disabled: input.disabled
+      }
+    );
+  }
+  /** Hard-delete an endpoint (cascade drops its deliveries). */
+  delete(id) {
+    return this.http.del(
+      `${BASE}/${encodeURIComponent(id)}`
+    );
+  }
+  /**
+   * Rotate the signing secret. The OLD secret is invalidated immediately (hard
+   * cutover) — update every subscriber with the returned new `secret` (returned
+   * ONCE).
+   */
+  rotateSecret(id) {
+    return this.http.post(
+      `${BASE}/${encodeURIComponent(id)}/rotate-secret`,
+      {}
+    );
+  }
+  /**
+   * Enqueue an out-of-band `webhook.test` delivery to the endpoint, delivered
+   * regardless of its subscribed `eventTypes`. Returns the 202 enqueue ack.
+   */
+  sendTest(id) {
+    return this.http.post(
+      `${BASE}/${encodeURIComponent(id)}/test`,
+      {}
+    );
+  }
+};
+
 // src/hogsend.ts
 var Hogsend = class {
   contacts;
@@ -342,6 +425,13 @@ var Hogsend = class {
   emails;
   lists;
   campaigns;
+  /**
+   * Manage outbound webhook endpoints (the signed event stream Hogsend emits to
+   * subscriber URLs). REQUIRES a full-admin `apiKey` — this resource hits the
+   * admin plane (`/v1/admin/webhooks`), NOT the ingest data plane the other
+   * resources use. See {@link WebhooksResource}.
+   */
+  webhooks;
   constructor(opts) {
     if (!opts.baseUrl) {
       throw new TypeError("Hogsend: `baseUrl` is required.");
@@ -361,12 +451,76 @@ var Hogsend = class {
     this.emails = new EmailsResource(http);
     this.lists = new ListsResource(http);
     this.campaigns = new CampaignsResource(http);
+    this.webhooks = new WebhooksResource(http);
   }
 };
+
+// src/internal/verify.ts
+var import_node_crypto = require("crypto");
+var import_svix = require("svix");
+var TOLERANCE_SECONDS = 5 * 60;
+function normalizeHeaders(headers) {
+  const out = {};
+  for (const [key, value] of Object.entries(headers)) {
+    out[key.toLowerCase()] = value;
+  }
+  return out;
+}
+function verifyHogsendWebhook(opts) {
+  const headers = normalizeHeaders(opts.headers);
+  const id = headers["webhook-id"] ?? headers["svix-id"];
+  const timestamp = headers["webhook-timestamp"] ?? headers["svix-timestamp"];
+  const signature = headers["webhook-signature"] ?? headers["svix-signature"];
+  if (!id || !timestamp || !signature) {
+    throw new Error(
+      "verifyHogsendWebhook: missing Webhook-Id / Webhook-Timestamp / Webhook-Signature header"
+    );
+  }
+  try {
+    const wh = new import_svix.Webhook(opts.secret);
+    return wh.verify(opts.payload, {
+      "svix-id": id,
+      "svix-timestamp": timestamp,
+      "svix-signature": signature
+    });
+  } catch {
+    return verifyWithNodeCrypto({
+      payload: opts.payload,
+      secret: opts.secret,
+      id,
+      timestamp,
+      signature
+    });
+  }
+}
+function verifyWithNodeCrypto(opts) {
+  const ts = Number.parseInt(opts.timestamp, 10);
+  if (!Number.isFinite(ts)) {
+    throw new Error("verifyHogsendWebhook: invalid Webhook-Timestamp");
+  }
+  const now = Math.floor(Date.now() / 1e3);
+  if (Math.abs(now - ts) > TOLERANCE_SECONDS) {
+    throw new Error("verifyHogsendWebhook: timestamp outside tolerance window");
+  }
+  const key = opts.secret.startsWith("whsec_") ? Buffer.from(opts.secret.slice(6), "base64") : Buffer.from(opts.secret, "base64");
+  const signedContent = `${opts.id}.${opts.timestamp}.${opts.payload}`;
+  const expected = (0, import_node_crypto.createHmac)("sha256", key).update(signedContent).digest("base64");
+  const expectedBuf = Buffer.from(expected);
+  const matched = opts.signature.split(" ").some((part) => {
+    const sig = part.startsWith("v1,") ? part.slice(3) : part;
+    const candidate = Buffer.from(sig);
+    return candidate.length === expectedBuf.length && (0, import_node_crypto.timingSafeEqual)(candidate, expectedBuf);
+  });
+  if (!matched) {
+    throw new Error("verifyHogsendWebhook: signature verification failed");
+  }
+  return JSON.parse(opts.payload);
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   Hogsend,
   HogsendAPIError,
-  RateLimitError
+  RateLimitError,
+  verifyHogsendWebhook
 });
 //# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/index.ts","../src/errors.ts","../src/internal/http.ts","../src/resources/campaigns.ts","../src/internal/identity.ts","../src/resources/contacts.ts","../src/resources/emails.ts","../src/resources/events.ts","../src/resources/lists.ts","../src/hogsend.ts"],"sourcesContent":["export { HogsendAPIError, RateLimitError } from \"./errors.js\";\nexport { Hogsend } from \"./hogsend.js\";\nexport type {\n  Campaign,\n  CampaignAudienceKind,\n  CampaignStatus,\n  Contact,\n  DeleteContactInput,\n  DeleteContactResult,\n  ExitResult,\n  FindContactsInput,\n  HogsendOptions,\n  Identity,\n  IngestResult,\n  ListSummary,\n  SendCampaignInput,\n  SendCampaignResult,\n  SendEmailInput,\n  SendEmailResult,\n  SendEventInput,\n  SubscribeInput,\n  SubscribeResult,\n  UnsubscribeResult,\n  UpsertContactInput,\n  UpsertContactResult,\n} from \"./types.js\";\n","/**\n * A non-2xx response — or a transport-level failure — from the Hogsend data\n * plane. `status` is the HTTP status code, or `0` when the request never\n * reached the server (DNS/connect/timeout). `body` is the parsed JSON body when\n * available, else the raw text, else `undefined`.\n */\nexport class HogsendAPIError extends Error {\n  readonly status: number;\n  readonly body: unknown;\n\n  constructor(message: string, status: number, body: unknown) {\n    super(message);\n    this.name = \"HogsendAPIError\";\n    this.status = status;\n    this.body = body;\n    // Restore prototype chain for instanceof across transpile targets.\n    Object.setPrototypeOf(this, new.target.prototype);\n  }\n}\n\n/**\n * A `429 Too Many Requests` response. `retryAfter` is the parsed `Retry-After`\n * header in seconds when present (the server sends it on 429 for `/v1/emails`).\n */\nexport class RateLimitError extends HogsendAPIError {\n  readonly retryAfter?: number;\n\n  constructor(message: string, body: unknown, retryAfter?: number) {\n    super(message, 429, body);\n    this.name = \"RateLimitError\";\n    this.retryAfter = retryAfter;\n    Object.setPrototypeOf(this, new.target.prototype);\n  }\n}\n","import { HogsendAPIError, RateLimitError } from \"../errors.js\";\n\n/** Query params accepted by `get` — undefined values are dropped. */\nexport type Query = Record<string, string | number | undefined>;\n\n/** Per-request extras (currently just an idempotency header passthrough). */\nexport interface RequestExtras {\n  /** Sent as the `Idempotency-Key` header when set. */\n  idempotencyKey?: string;\n}\n\nexport interface HttpClientConfig {\n  baseUrl: string;\n  apiKey: string;\n  fetch?: typeof fetch;\n  timeoutMs?: number;\n  headers?: Record<string, string>;\n}\n\n/** A minimal, self-contained data-plane HTTP client over native fetch. */\nexport interface HttpClient {\n  get<T = unknown>(path: string, query?: Query): Promise<T>;\n  post<T = unknown>(\n    path: string,\n    body: unknown,\n    extras?: RequestExtras,\n  ): Promise<T>;\n  put<T = unknown>(\n    path: string,\n    body: unknown,\n    extras?: RequestExtras,\n  ): Promise<T>;\n  del<T = unknown>(path: string, body?: unknown): Promise<T>;\n}\n\nconst DEFAULT_TIMEOUT_MS = 30_000;\n\nfunction buildUrl(baseUrl: string, path: string, query?: Query): string {\n  const url = new URL(path.startsWith(\"/\") ? path : `/${path}`, `${baseUrl}/`);\n  if (query) {\n    for (const [key, value] of Object.entries(query)) {\n      if (value === undefined) continue;\n      url.searchParams.set(key, String(value));\n    }\n  }\n  return url.toString();\n}\n\nfunction bodyMessage(status: number, body: unknown): string {\n  if (body && typeof body === \"object\") {\n    // Application-handler envelope: `{ error: \"human message\" }`.\n    const errField = (body as { error?: unknown }).error;\n    if (typeof errField === \"string\") {\n      return `${status}: ${errField}`;\n    }\n    // @hono/zod-openapi default-hook validation envelope:\n    // `{ success: false, error: <ZodError> }` (no defaultHook configured). The\n    // structured ZodError is preserved on `err.body`; surface a short, readable\n    // summary for `err.message` instead of the generic fallback.\n    if (\n      (body as { success?: unknown }).success === false &&\n      errField &&\n      typeof errField === \"object\"\n    ) {\n      const summary = JSON.stringify(errField).slice(0, 200);\n      return `${status}: validation failed ${summary}`;\n    }\n  }\n  return `request failed with status ${status}`;\n}\n\n/** Parse a `Retry-After` header (seconds form) into a number, else undefined. */\nfunction parseRetryAfter(value: string | null): number | undefined {\n  if (!value) return undefined;\n  const seconds = Number.parseInt(value, 10);\n  return Number.isFinite(seconds) ? seconds : undefined;\n}\n\n/**\n * Builds an {@link HttpClient} bound to a config. Native `fetch`, JSON in/out,\n * `Authorization: Bearer <apiKey>`. Throws typed errors:\n *   - {@link RateLimitError} on 429 (with parsed `Retry-After`),\n *   - {@link HogsendAPIError} on any other non-2xx,\n *   - {@link HogsendAPIError} with `status === 0` on a transport failure\n *     (DNS/connect/abort/timeout).\n */\nexport function createHttpClient(config: HttpClientConfig): HttpClient {\n  const doFetch = config.fetch ?? fetch;\n  const timeoutMs = config.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n  const extraHeaders = config.headers ?? {};\n\n  async function request<T>(\n    method: string,\n    path: string,\n    opts: { query?: Query; body?: unknown; extras?: RequestExtras },\n  ): Promise<T> {\n    const headers: Record<string, string> = {\n      Accept: \"application/json\",\n      Authorization: `Bearer ${config.apiKey}`,\n      ...extraHeaders,\n    };\n    if (opts.body !== undefined) {\n      headers[\"Content-Type\"] = \"application/json\";\n    }\n    if (opts.extras?.idempotencyKey) {\n      headers[\"Idempotency-Key\"] = opts.extras.idempotencyKey;\n    }\n\n    const url = buildUrl(config.baseUrl, path, opts.query);\n\n    const controller = new AbortController();\n    const timer = setTimeout(() => controller.abort(), timeoutMs);\n\n    let res: Response;\n    try {\n      res = await doFetch(url, {\n        method,\n        headers,\n        body: opts.body !== undefined ? JSON.stringify(opts.body) : undefined,\n        signal: controller.signal,\n      });\n    } catch (cause) {\n      const msg = cause instanceof Error ? cause.message : String(cause);\n      throw new HogsendAPIError(\n        `cannot reach ${config.baseUrl} (${msg})`,\n        0,\n        undefined,\n      );\n    } finally {\n      clearTimeout(timer);\n    }\n\n    const text = await res.text();\n    let parsed: unknown;\n    if (text.length > 0) {\n      try {\n        parsed = JSON.parse(text);\n      } catch {\n        parsed = text;\n      }\n    }\n\n    if (!res.ok) {\n      if (res.status === 429) {\n        throw new RateLimitError(\n          bodyMessage(res.status, parsed),\n          parsed,\n          parseRetryAfter(res.headers.get(\"Retry-After\")),\n        );\n      }\n      throw new HogsendAPIError(\n        bodyMessage(res.status, parsed),\n        res.status,\n        parsed,\n      );\n    }\n\n    return parsed as T;\n  }\n\n  return {\n    get: <T>(path: string, query?: Query) => request<T>(\"GET\", path, { query }),\n    post: <T>(path: string, body: unknown, extras?: RequestExtras) =>\n      request<T>(\"POST\", path, { body, extras }),\n    put: <T>(path: string, body: unknown, extras?: RequestExtras) =>\n      request<T>(\"PUT\", path, { body, extras }),\n    del: <T>(path: string, body?: unknown) =>\n      request<T>(\"DELETE\", path, { body }),\n  };\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport type {\n  Campaign,\n  SendCampaignInput,\n  SendCampaignResult,\n} from \"../types.js\";\n\n/** The `campaigns.*` resource bound to an {@link HttpClient}. */\nexport class CampaignsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /**\n   * Queue a broadcast: durably send one template to every subscribed member of\n   * a `list` (or every active member of a `bucket`). Exactly one of `list` /\n   * `bucket` must be set; `template`/`props` are type-checked against the\n   * augmented `TemplateRegistryMap` when `@hogsend/email` is installed, else\n   * degrade to `{ template: string; props? }`.\n   *\n   * Returns the 202 enqueue ack (`{ campaignId, status }`); the actual sends run\n   * asynchronously in the worker. Poll {@link CampaignsResource.get} for counts.\n   */\n  send(input: SendCampaignInput): Promise<SendCampaignResult> {\n    // The discriminated union narrows `template`/`props` and the audience; index\n    // into the input via a permissive view to build the wire body without\n    // re-discriminating.\n    const body = input as SendCampaignInput & {\n      list?: string;\n      bucket?: string;\n      props?: Record<string, unknown>;\n    };\n    return this.http.post<SendCampaignResult>(\"/v1/campaigns\", {\n      name: body.name,\n      list: body.list,\n      bucket: body.bucket,\n      template: body.template,\n      props: body.props,\n      from: body.from,\n      subject: body.subject,\n    });\n  }\n\n  /** Fetch a campaign's current status + send counts. */\n  get(id: string): Promise<Campaign> {\n    return this.http.get<Campaign>(`/v1/campaigns/${encodeURIComponent(id)}`);\n  }\n}\n","/**\n * Runtime guard mirroring the `Identity` union: at least one of `email` /\n * `userId` must be a non-empty string. The type system enforces this at the\n * call site, but runtime callers (plain JS, untyped data) can still violate it,\n * so we fail fast with a clear message before issuing the request.\n */\nexport function assertIdentity(input: {\n  email?: string;\n  userId?: string;\n}): void {\n  const hasEmail = typeof input.email === \"string\" && input.email.length > 0;\n  const hasUserId = typeof input.userId === \"string\" && input.userId.length > 0;\n  if (!hasEmail && !hasUserId) {\n    throw new TypeError(\n      \"Hogsend: an identity is required — pass `email`, `userId`, or both.\",\n    );\n  }\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport { assertIdentity } from \"../internal/identity.js\";\nimport type {\n  Contact,\n  DeleteContactInput,\n  DeleteContactResult,\n  FindContactsInput,\n  UpsertContactInput,\n  UpsertContactResult,\n} from \"../types.js\";\n\n/** The `contacts.*` resource bound to an {@link HttpClient}. */\nexport class ContactsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /**\n   * Upsert a contact by identity. Resolves/merges server-side and optionally\n   * applies list membership. Returns `{ id, created, linked }`.\n   */\n  async upsert(input: UpsertContactInput): Promise<UpsertContactResult> {\n    assertIdentity(input);\n    return this.http.put<UpsertContactResult>(\"/v1/contacts\", {\n      email: input.email,\n      userId: input.userId,\n      properties: input.properties,\n      lists: input.lists,\n    });\n  }\n\n  /** Find non-deleted contacts by `email` or `userId`. */\n  async find(input: FindContactsInput): Promise<Contact[]> {\n    const query: Record<string, string | undefined> = {\n      email: \"email\" in input ? input.email : undefined,\n      userId: \"userId\" in input ? input.userId : undefined,\n    };\n    const res = await this.http.get<{ contacts: Contact[] }>(\n      \"/v1/contacts/find\",\n      query,\n    );\n    return res.contacts;\n  }\n\n  /** Soft-delete a contact by identity. */\n  async delete(input: DeleteContactInput): Promise<DeleteContactResult> {\n    assertIdentity(input);\n    return this.http.del<DeleteContactResult>(\"/v1/contacts\", {\n      email: input.email,\n      userId: input.userId,\n    });\n  }\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport type { SendEmailInput, SendEmailResult } from \"../types.js\";\n\n/** The `emails.*` resource bound to an {@link HttpClient}. */\nexport class EmailsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /**\n   * Send a transactional email by template. Recipient is `to` (raw address) or\n   * `userId` (resolved server-side). `template`/`props` are type-checked against\n   * the augmented `TemplateRegistryMap` when `@hogsend/email` is installed,\n   * else degrade to `{ template: string; props? }`.\n   */\n  send(input: SendEmailInput): Promise<SendEmailResult> {\n    // The discriminated union narrows `template`/`props`; index into the input\n    // via a permissive view to build the wire body without re-discriminating.\n    const body = input as SendEmailInput & {\n      props?: Record<string, unknown>;\n    };\n    return this.http.post<SendEmailResult>(\n      \"/v1/emails\",\n      {\n        to: body.to,\n        userId: body.userId,\n        template: body.template,\n        props: body.props,\n        from: body.from,\n        subject: body.subject,\n        replyTo: body.replyTo,\n        category: body.category,\n        skipPreferenceCheck: body.skipPreferenceCheck,\n        idempotencyKey: body.idempotencyKey,\n      },\n      body.idempotencyKey ? { idempotencyKey: body.idempotencyKey } : undefined,\n    );\n  }\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport { assertIdentity } from \"../internal/identity.js\";\nimport type { IngestResult, SendEventInput } from \"../types.js\";\n\n/** The `events.*` resource bound to an {@link HttpClient}. */\nexport class EventsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /**\n   * Send an event through the ingestion pipeline. The two property bags are\n   * kept distinct: `eventProperties` feed `trigger.where`/`exitOn`,\n   * `contactProperties` merge onto the contact. Optionally apply list\n   * membership. Returns the ingest result (stored + exit evaluations).\n   *\n   * `idempotencyKey` is sent both as the `Idempotency-Key` header (which wins\n   * server-side) and in the body, matching `POST /v1/events`.\n   */\n  send(input: SendEventInput): Promise<IngestResult> {\n    assertIdentity(input);\n    return this.http.post<IngestResult>(\n      \"/v1/events\",\n      {\n        name: input.name,\n        email: input.email,\n        userId: input.userId,\n        eventProperties: input.eventProperties,\n        contactProperties: input.contactProperties,\n        lists: input.lists,\n        idempotencyKey: input.idempotencyKey,\n      },\n      input.idempotencyKey\n        ? { idempotencyKey: input.idempotencyKey }\n        : undefined,\n    );\n  }\n\n  /** Alias of {@link EventsResource.send}. */\n  track(input: SendEventInput): Promise<IngestResult> {\n    return this.send(input);\n  }\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport { assertIdentity } from \"../internal/identity.js\";\nimport type {\n  ListSummary,\n  SubscribeInput,\n  SubscribeResult,\n  UnsubscribeResult,\n} from \"../types.js\";\n\n/** The `lists.*` resource bound to an {@link HttpClient}. */\nexport class ListsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /** List all code-defined lists. */\n  async list(): Promise<ListSummary[]> {\n    const res = await this.http.get<{ lists: ListSummary[] }>(\"/v1/lists\");\n    return res.lists;\n  }\n\n  /** Subscribe an identity to a list. */\n  async subscribe(input: SubscribeInput): Promise<SubscribeResult> {\n    assertIdentity(input);\n    const res = await this.http.post<{ list: string; subscribed: boolean }>(\n      `/v1/lists/${encodeURIComponent(input.list)}/subscribe`,\n      { email: input.email, userId: input.userId },\n    );\n    return { subscribed: res.subscribed };\n  }\n\n  /** Unsubscribe an identity from a list. */\n  async unsubscribe(input: SubscribeInput): Promise<UnsubscribeResult> {\n    assertIdentity(input);\n    const res = await this.http.post<{ list: string; subscribed: boolean }>(\n      `/v1/lists/${encodeURIComponent(input.list)}/unsubscribe`,\n      { email: input.email, userId: input.userId },\n    );\n    return { unsubscribed: res.subscribed === false };\n  }\n}\n","import { createHttpClient } from \"./internal/http.js\";\nimport { CampaignsResource } from \"./resources/campaigns.js\";\nimport { ContactsResource } from \"./resources/contacts.js\";\nimport { EmailsResource } from \"./resources/emails.js\";\nimport { EventsResource } from \"./resources/events.js\";\nimport { ListsResource } from \"./resources/lists.js\";\nimport type { HogsendOptions } from \"./types.js\";\n\n/**\n * Typed HTTP client for the Hogsend data plane.\n *\n * ```ts\n * const hs = new Hogsend({ baseUrl: \"https://api.example.com\", apiKey: \"hsk_…\" });\n * await hs.contacts.upsert({ email: \"a@b.com\", properties: { plan: \"pro\" } });\n * await hs.events.send({ userId: \"u_1\", name: \"signup\" });\n * ```\n */\nexport class Hogsend {\n  readonly contacts: ContactsResource;\n  readonly events: EventsResource;\n  readonly emails: EmailsResource;\n  readonly lists: ListsResource;\n  readonly campaigns: CampaignsResource;\n\n  constructor(opts: HogsendOptions) {\n    if (!opts.baseUrl) {\n      throw new TypeError(\"Hogsend: `baseUrl` is required.\");\n    }\n    if (!opts.apiKey) {\n      throw new TypeError(\"Hogsend: `apiKey` is required.\");\n    }\n\n    const http = createHttpClient({\n      baseUrl: opts.baseUrl.replace(/\\/+$/, \"\"),\n      apiKey: opts.apiKey,\n      fetch: opts.fetch,\n      timeoutMs: opts.timeoutMs,\n      headers: opts.headers,\n    });\n\n    this.contacts = new ContactsResource(http);\n    this.events = new EventsResource(http);\n    this.emails = new EmailsResource(http);\n    this.lists = new ListsResource(http);\n    this.campaigns = new CampaignsResource(http);\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACMO,IAAM,kBAAN,cAA8B,MAAM;AAAA,EAChC;AAAA,EACA;AAAA,EAET,YAAY,SAAiB,QAAgB,MAAe;AAC1D,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,OAAO;AAEZ,WAAO,eAAe,MAAM,WAAW,SAAS;AAAA,EAClD;AACF;AAMO,IAAM,iBAAN,cAA6B,gBAAgB;AAAA,EACzC;AAAA,EAET,YAAY,SAAiB,MAAe,YAAqB;AAC/D,UAAM,SAAS,KAAK,IAAI;AACxB,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,WAAO,eAAe,MAAM,WAAW,SAAS;AAAA,EAClD;AACF;;;ACEA,IAAM,qBAAqB;AAE3B,SAAS,SAAS,SAAiB,MAAc,OAAuB;AACtE,QAAM,MAAM,IAAI,IAAI,KAAK,WAAW,GAAG,IAAI,OAAO,IAAI,IAAI,IAAI,GAAG,OAAO,GAAG;AAC3E,MAAI,OAAO;AACT,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,KAAK,GAAG;AAChD,UAAI,UAAU,OAAW;AACzB,UAAI,aAAa,IAAI,KAAK,OAAO,KAAK,CAAC;AAAA,IACzC;AAAA,EACF;AACA,SAAO,IAAI,SAAS;AACtB;AAEA,SAAS,YAAY,QAAgB,MAAuB;AAC1D,MAAI,QAAQ,OAAO,SAAS,UAAU;AAEpC,UAAM,WAAY,KAA6B;AAC/C,QAAI,OAAO,aAAa,UAAU;AAChC,aAAO,GAAG,MAAM,KAAK,QAAQ;AAAA,IAC/B;AAKA,QACG,KAA+B,YAAY,SAC5C,YACA,OAAO,aAAa,UACpB;AACA,YAAM,UAAU,KAAK,UAAU,QAAQ,EAAE,MAAM,GAAG,GAAG;AACrD,aAAO,GAAG,MAAM,uBAAuB,OAAO;AAAA,IAChD;AAAA,EACF;AACA,SAAO,8BAA8B,MAAM;AAC7C;AAGA,SAAS,gBAAgB,OAA0C;AACjE,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,UAAU,OAAO,SAAS,OAAO,EAAE;AACzC,SAAO,OAAO,SAAS,OAAO,IAAI,UAAU;AAC9C;AAUO,SAAS,iBAAiB,QAAsC;AACrE,QAAM,UAAU,OAAO,SAAS;AAChC,QAAM,YAAY,OAAO,aAAa;AACtC,QAAM,eAAe,OAAO,WAAW,CAAC;AAExC,iBAAe,QACb,QACA,MACA,MACY;AACZ,UAAM,UAAkC;AAAA,MACtC,QAAQ;AAAA,MACR,eAAe,UAAU,OAAO,MAAM;AAAA,MACtC,GAAG;AAAA,IACL;AACA,QAAI,KAAK,SAAS,QAAW;AAC3B,cAAQ,cAAc,IAAI;AAAA,IAC5B;AACA,QAAI,KAAK,QAAQ,gBAAgB;AAC/B,cAAQ,iBAAiB,IAAI,KAAK,OAAO;AAAA,IAC3C;AAEA,UAAM,MAAM,SAAS,OAAO,SAAS,MAAM,KAAK,KAAK;AAErD,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,QAAQ,WAAW,MAAM,WAAW,MAAM,GAAG,SAAS;AAE5D,QAAI;AACJ,QAAI;AACF,YAAM,MAAM,QAAQ,KAAK;AAAA,QACvB;AAAA,QACA;AAAA,QACA,MAAM,KAAK,SAAS,SAAY,KAAK,UAAU,KAAK,IAAI,IAAI;AAAA,QAC5D,QAAQ,WAAW;AAAA,MACrB,CAAC;AAAA,IACH,SAAS,OAAO;AACd,YAAM,MAAM,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACjE,YAAM,IAAI;AAAA,QACR,gBAAgB,OAAO,OAAO,KAAK,GAAG;AAAA,QACtC;AAAA,QACA;AAAA,MACF;AAAA,IACF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAEA,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI;AACJ,QAAI,KAAK,SAAS,GAAG;AACnB,UAAI;AACF,iBAAS,KAAK,MAAM,IAAI;AAAA,MAC1B,QAAQ;AACN,iBAAS;AAAA,MACX;AAAA,IACF;AAEA,QAAI,CAAC,IAAI,IAAI;AACX,UAAI,IAAI,WAAW,KAAK;AACtB,cAAM,IAAI;AAAA,UACR,YAAY,IAAI,QAAQ,MAAM;AAAA,UAC9B;AAAA,UACA,gBAAgB,IAAI,QAAQ,IAAI,aAAa,CAAC;AAAA,QAChD;AAAA,MACF;AACA,YAAM,IAAI;AAAA,QACR,YAAY,IAAI,QAAQ,MAAM;AAAA,QAC9B,IAAI;AAAA,QACJ;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,KAAK,CAAI,MAAc,UAAkB,QAAW,OAAO,MAAM,EAAE,MAAM,CAAC;AAAA,IAC1E,MAAM,CAAI,MAAc,MAAe,WACrC,QAAW,QAAQ,MAAM,EAAE,MAAM,OAAO,CAAC;AAAA,IAC3C,KAAK,CAAI,MAAc,MAAe,WACpC,QAAW,OAAO,MAAM,EAAE,MAAM,OAAO,CAAC;AAAA,IAC1C,KAAK,CAAI,MAAc,SACrB,QAAW,UAAU,MAAM,EAAE,KAAK,CAAC;AAAA,EACvC;AACF;;;ACjKO,IAAM,oBAAN,MAAwB;AAAA,EAC7B,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAY7B,KAAK,OAAuD;AAI1D,UAAM,OAAO;AAKb,WAAO,KAAK,KAAK,KAAyB,iBAAiB;AAAA,MACzD,MAAM,KAAK;AAAA,MACX,MAAM,KAAK;AAAA,MACX,QAAQ,KAAK;AAAA,MACb,UAAU,KAAK;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,MAAM,KAAK;AAAA,MACX,SAAS,KAAK;AAAA,IAChB,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,IAAI,IAA+B;AACjC,WAAO,KAAK,KAAK,IAAc,iBAAiB,mBAAmB,EAAE,CAAC,EAAE;AAAA,EAC1E;AACF;;;ACvCO,SAAS,eAAe,OAGtB;AACP,QAAM,WAAW,OAAO,MAAM,UAAU,YAAY,MAAM,MAAM,SAAS;AACzE,QAAM,YAAY,OAAO,MAAM,WAAW,YAAY,MAAM,OAAO,SAAS;AAC5E,MAAI,CAAC,YAAY,CAAC,WAAW;AAC3B,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACF;;;ACLO,IAAM,mBAAN,MAAuB;AAAA,EAC5B,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAM7B,MAAM,OAAO,OAAyD;AACpE,mBAAe,KAAK;AACpB,WAAO,KAAK,KAAK,IAAyB,gBAAgB;AAAA,MACxD,OAAO,MAAM;AAAA,MACb,QAAQ,MAAM;AAAA,MACd,YAAY,MAAM;AAAA,MAClB,OAAO,MAAM;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,KAAK,OAA8C;AACvD,UAAM,QAA4C;AAAA,MAChD,OAAO,WAAW,QAAQ,MAAM,QAAQ;AAAA,MACxC,QAAQ,YAAY,QAAQ,MAAM,SAAS;AAAA,IAC7C;AACA,UAAM,MAAM,MAAM,KAAK,KAAK;AAAA,MAC1B;AAAA,MACA;AAAA,IACF;AACA,WAAO,IAAI;AAAA,EACb;AAAA;AAAA,EAGA,MAAM,OAAO,OAAyD;AACpE,mBAAe,KAAK;AACpB,WAAO,KAAK,KAAK,IAAyB,gBAAgB;AAAA,MACxD,OAAO,MAAM;AAAA,MACb,QAAQ,MAAM;AAAA,IAChB,CAAC;AAAA,EACH;AACF;;;AC9CO,IAAM,iBAAN,MAAqB;AAAA,EAC1B,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQ7B,KAAK,OAAiD;AAGpD,UAAM,OAAO;AAGb,WAAO,KAAK,KAAK;AAAA,MACf;AAAA,MACA;AAAA,QACE,IAAI,KAAK;AAAA,QACT,QAAQ,KAAK;AAAA,QACb,UAAU,KAAK;AAAA,QACf,OAAO,KAAK;AAAA,QACZ,MAAM,KAAK;AAAA,QACX,SAAS,KAAK;AAAA,QACd,SAAS,KAAK;AAAA,QACd,UAAU,KAAK;AAAA,QACf,qBAAqB,KAAK;AAAA,QAC1B,gBAAgB,KAAK;AAAA,MACvB;AAAA,MACA,KAAK,iBAAiB,EAAE,gBAAgB,KAAK,eAAe,IAAI;AAAA,IAClE;AAAA,EACF;AACF;;;AC/BO,IAAM,iBAAN,MAAqB;AAAA,EAC1B,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAW7B,KAAK,OAA8C;AACjD,mBAAe,KAAK;AACpB,WAAO,KAAK,KAAK;AAAA,MACf;AAAA,MACA;AAAA,QACE,MAAM,MAAM;AAAA,QACZ,OAAO,MAAM;AAAA,QACb,QAAQ,MAAM;AAAA,QACd,iBAAiB,MAAM;AAAA,QACvB,mBAAmB,MAAM;AAAA,QACzB,OAAO,MAAM;AAAA,QACb,gBAAgB,MAAM;AAAA,MACxB;AAAA,MACA,MAAM,iBACF,EAAE,gBAAgB,MAAM,eAAe,IACvC;AAAA,IACN;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,OAA8C;AAClD,WAAO,KAAK,KAAK,KAAK;AAAA,EACxB;AACF;;;AC9BO,IAAM,gBAAN,MAAoB;AAAA,EACzB,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA,EAG7B,MAAM,OAA+B;AACnC,UAAM,MAAM,MAAM,KAAK,KAAK,IAA8B,WAAW;AACrE,WAAO,IAAI;AAAA,EACb;AAAA;AAAA,EAGA,MAAM,UAAU,OAAiD;AAC/D,mBAAe,KAAK;AACpB,UAAM,MAAM,MAAM,KAAK,KAAK;AAAA,MAC1B,aAAa,mBAAmB,MAAM,IAAI,CAAC;AAAA,MAC3C,EAAE,OAAO,MAAM,OAAO,QAAQ,MAAM,OAAO;AAAA,IAC7C;AACA,WAAO,EAAE,YAAY,IAAI,WAAW;AAAA,EACtC;AAAA;AAAA,EAGA,MAAM,YAAY,OAAmD;AACnE,mBAAe,KAAK;AACpB,UAAM,MAAM,MAAM,KAAK,KAAK;AAAA,MAC1B,aAAa,mBAAmB,MAAM,IAAI,CAAC;AAAA,MAC3C,EAAE,OAAO,MAAM,OAAO,QAAQ,MAAM,OAAO;AAAA,IAC7C;AACA,WAAO,EAAE,cAAc,IAAI,eAAe,MAAM;AAAA,EAClD;AACF;;;ACrBO,IAAM,UAAN,MAAc;AAAA,EACV;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAET,YAAY,MAAsB;AAChC,QAAI,CAAC,KAAK,SAAS;AACjB,YAAM,IAAI,UAAU,iCAAiC;AAAA,IACvD;AACA,QAAI,CAAC,KAAK,QAAQ;AAChB,YAAM,IAAI,UAAU,gCAAgC;AAAA,IACtD;AAEA,UAAM,OAAO,iBAAiB;AAAA,MAC5B,SAAS,KAAK,QAAQ,QAAQ,QAAQ,EAAE;AAAA,MACxC,QAAQ,KAAK;AAAA,MACb,OAAO,KAAK;AAAA,MACZ,WAAW,KAAK;AAAA,MAChB,SAAS,KAAK;AAAA,IAChB,CAAC;AAED,SAAK,WAAW,IAAI,iBAAiB,IAAI;AACzC,SAAK,SAAS,IAAI,eAAe,IAAI;AACrC,SAAK,SAAS,IAAI,eAAe,IAAI;AACrC,SAAK,QAAQ,IAAI,cAAc,IAAI;AACnC,SAAK,YAAY,IAAI,kBAAkB,IAAI;AAAA,EAC7C;AACF;","names":[]}
+{"version":3,"sources":["../src/index.ts","../src/errors.ts","../src/internal/http.ts","../src/resources/campaigns.ts","../src/internal/identity.ts","../src/resources/contacts.ts","../src/resources/emails.ts","../src/resources/events.ts","../src/resources/lists.ts","../src/resources/webhooks.ts","../src/hogsend.ts","../src/internal/verify.ts"],"sourcesContent":["export { HogsendAPIError, RateLimitError } from \"./errors.js\";\nexport { Hogsend } from \"./hogsend.js\";\nexport { verifyHogsendWebhook } from \"./internal/verify.js\";\nexport type {\n  Campaign,\n  CampaignAudienceKind,\n  CampaignStatus,\n  Contact,\n  CreatedWebhookEndpoint,\n  CreateWebhookInput,\n  DeleteContactInput,\n  DeleteContactResult,\n  ExitResult,\n  FindContactsInput,\n  HogsendOptions,\n  Identity,\n  IngestResult,\n  ListSummary,\n  OutboundEventType,\n  RotateWebhookSecretResult,\n  SendCampaignInput,\n  SendCampaignResult,\n  SendEmailInput,\n  SendEmailResult,\n  SendEventInput,\n  SubscribeInput,\n  SubscribeResult,\n  UnsubscribeResult,\n  UpdateWebhookInput,\n  UpsertContactInput,\n  UpsertContactResult,\n  WebhookEndpoint,\n} from \"./types.js\";\n","/**\n * A non-2xx response — or a transport-level failure — from the Hogsend data\n * plane. `status` is the HTTP status code, or `0` when the request never\n * reached the server (DNS/connect/timeout). `body` is the parsed JSON body when\n * available, else the raw text, else `undefined`.\n */\nexport class HogsendAPIError extends Error {\n  readonly status: number;\n  readonly body: unknown;\n\n  constructor(message: string, status: number, body: unknown) {\n    super(message);\n    this.name = \"HogsendAPIError\";\n    this.status = status;\n    this.body = body;\n    // Restore prototype chain for instanceof across transpile targets.\n    Object.setPrototypeOf(this, new.target.prototype);\n  }\n}\n\n/**\n * A `429 Too Many Requests` response. `retryAfter` is the parsed `Retry-After`\n * header in seconds when present (the server sends it on 429 for `/v1/emails`).\n */\nexport class RateLimitError extends HogsendAPIError {\n  readonly retryAfter?: number;\n\n  constructor(message: string, body: unknown, retryAfter?: number) {\n    super(message, 429, body);\n    this.name = \"RateLimitError\";\n    this.retryAfter = retryAfter;\n    Object.setPrototypeOf(this, new.target.prototype);\n  }\n}\n","import { HogsendAPIError, RateLimitError } from \"../errors.js\";\n\n/** Query params accepted by `get` — undefined values are dropped. */\nexport type Query = Record<string, string | number | undefined>;\n\n/** Per-request extras (currently just an idempotency header passthrough). */\nexport interface RequestExtras {\n  /** Sent as the `Idempotency-Key` header when set. */\n  idempotencyKey?: string;\n}\n\nexport interface HttpClientConfig {\n  baseUrl: string;\n  apiKey: string;\n  fetch?: typeof fetch;\n  timeoutMs?: number;\n  headers?: Record<string, string>;\n}\n\n/** A minimal, self-contained data-plane HTTP client over native fetch. */\nexport interface HttpClient {\n  get<T = unknown>(path: string, query?: Query): Promise<T>;\n  post<T = unknown>(\n    path: string,\n    body: unknown,\n    extras?: RequestExtras,\n  ): Promise<T>;\n  put<T = unknown>(\n    path: string,\n    body: unknown,\n    extras?: RequestExtras,\n  ): Promise<T>;\n  patch<T = unknown>(\n    path: string,\n    body: unknown,\n    extras?: RequestExtras,\n  ): Promise<T>;\n  del<T = unknown>(path: string, body?: unknown): Promise<T>;\n}\n\nconst DEFAULT_TIMEOUT_MS = 30_000;\n\nfunction buildUrl(baseUrl: string, path: string, query?: Query): string {\n  const url = new URL(path.startsWith(\"/\") ? path : `/${path}`, `${baseUrl}/`);\n  if (query) {\n    for (const [key, value] of Object.entries(query)) {\n      if (value === undefined) continue;\n      url.searchParams.set(key, String(value));\n    }\n  }\n  return url.toString();\n}\n\nfunction bodyMessage(status: number, body: unknown): string {\n  if (body && typeof body === \"object\") {\n    // Application-handler envelope: `{ error: \"human message\" }`.\n    const errField = (body as { error?: unknown }).error;\n    if (typeof errField === \"string\") {\n      return `${status}: ${errField}`;\n    }\n    // @hono/zod-openapi default-hook validation envelope:\n    // `{ success: false, error: <ZodError> }` (no defaultHook configured). The\n    // structured ZodError is preserved on `err.body`; surface a short, readable\n    // summary for `err.message` instead of the generic fallback.\n    if (\n      (body as { success?: unknown }).success === false &&\n      errField &&\n      typeof errField === \"object\"\n    ) {\n      const summary = JSON.stringify(errField).slice(0, 200);\n      return `${status}: validation failed ${summary}`;\n    }\n  }\n  return `request failed with status ${status}`;\n}\n\n/** Parse a `Retry-After` header (seconds form) into a number, else undefined. */\nfunction parseRetryAfter(value: string | null): number | undefined {\n  if (!value) return undefined;\n  const seconds = Number.parseInt(value, 10);\n  return Number.isFinite(seconds) ? seconds : undefined;\n}\n\n/**\n * Builds an {@link HttpClient} bound to a config. Native `fetch`, JSON in/out,\n * `Authorization: Bearer <apiKey>`. Throws typed errors:\n *   - {@link RateLimitError} on 429 (with parsed `Retry-After`),\n *   - {@link HogsendAPIError} on any other non-2xx,\n *   - {@link HogsendAPIError} with `status === 0` on a transport failure\n *     (DNS/connect/abort/timeout).\n */\nexport function createHttpClient(config: HttpClientConfig): HttpClient {\n  const doFetch = config.fetch ?? fetch;\n  const timeoutMs = config.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n  const extraHeaders = config.headers ?? {};\n\n  async function request<T>(\n    method: string,\n    path: string,\n    opts: { query?: Query; body?: unknown; extras?: RequestExtras },\n  ): Promise<T> {\n    const headers: Record<string, string> = {\n      Accept: \"application/json\",\n      Authorization: `Bearer ${config.apiKey}`,\n      ...extraHeaders,\n    };\n    if (opts.body !== undefined) {\n      headers[\"Content-Type\"] = \"application/json\";\n    }\n    if (opts.extras?.idempotencyKey) {\n      headers[\"Idempotency-Key\"] = opts.extras.idempotencyKey;\n    }\n\n    const url = buildUrl(config.baseUrl, path, opts.query);\n\n    const controller = new AbortController();\n    const timer = setTimeout(() => controller.abort(), timeoutMs);\n\n    let res: Response;\n    try {\n      res = await doFetch(url, {\n        method,\n        headers,\n        body: opts.body !== undefined ? JSON.stringify(opts.body) : undefined,\n        signal: controller.signal,\n      });\n    } catch (cause) {\n      const msg = cause instanceof Error ? cause.message : String(cause);\n      throw new HogsendAPIError(\n        `cannot reach ${config.baseUrl} (${msg})`,\n        0,\n        undefined,\n      );\n    } finally {\n      clearTimeout(timer);\n    }\n\n    const text = await res.text();\n    let parsed: unknown;\n    if (text.length > 0) {\n      try {\n        parsed = JSON.parse(text);\n      } catch {\n        parsed = text;\n      }\n    }\n\n    if (!res.ok) {\n      if (res.status === 429) {\n        throw new RateLimitError(\n          bodyMessage(res.status, parsed),\n          parsed,\n          parseRetryAfter(res.headers.get(\"Retry-After\")),\n        );\n      }\n      throw new HogsendAPIError(\n        bodyMessage(res.status, parsed),\n        res.status,\n        parsed,\n      );\n    }\n\n    return parsed as T;\n  }\n\n  return {\n    get: <T>(path: string, query?: Query) => request<T>(\"GET\", path, { query }),\n    post: <T>(path: string, body: unknown, extras?: RequestExtras) =>\n      request<T>(\"POST\", path, { body, extras }),\n    put: <T>(path: string, body: unknown, extras?: RequestExtras) =>\n      request<T>(\"PUT\", path, { body, extras }),\n    patch: <T>(path: string, body: unknown, extras?: RequestExtras) =>\n      request<T>(\"PATCH\", path, { body, extras }),\n    del: <T>(path: string, body?: unknown) =>\n      request<T>(\"DELETE\", path, { body }),\n  };\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport type {\n  Campaign,\n  SendCampaignInput,\n  SendCampaignResult,\n} from \"../types.js\";\n\n/** The `campaigns.*` resource bound to an {@link HttpClient}. */\nexport class CampaignsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /**\n   * Queue a broadcast: durably send one template to every subscribed member of\n   * a `list` (or every active member of a `bucket`). Exactly one of `list` /\n   * `bucket` must be set; `template`/`props` are type-checked against the\n   * augmented `TemplateRegistryMap` when `@hogsend/email` is installed, else\n   * degrade to `{ template: string; props? }`.\n   *\n   * Returns the 202 enqueue ack (`{ campaignId, status }`); the actual sends run\n   * asynchronously in the worker. Poll {@link CampaignsResource.get} for counts.\n   */\n  send(input: SendCampaignInput): Promise<SendCampaignResult> {\n    // The discriminated union narrows `template`/`props` and the audience; index\n    // into the input via a permissive view to build the wire body without\n    // re-discriminating.\n    const body = input as SendCampaignInput & {\n      list?: string;\n      bucket?: string;\n      props?: Record<string, unknown>;\n    };\n    return this.http.post<SendCampaignResult>(\"/v1/campaigns\", {\n      name: body.name,\n      list: body.list,\n      bucket: body.bucket,\n      template: body.template,\n      props: body.props,\n      from: body.from,\n      subject: body.subject,\n    });\n  }\n\n  /** Fetch a campaign's current status + send counts. */\n  get(id: string): Promise<Campaign> {\n    return this.http.get<Campaign>(`/v1/campaigns/${encodeURIComponent(id)}`);\n  }\n}\n","/**\n * Runtime guard mirroring the `Identity` union: at least one of `email` /\n * `userId` must be a non-empty string. The type system enforces this at the\n * call site, but runtime callers (plain JS, untyped data) can still violate it,\n * so we fail fast with a clear message before issuing the request.\n */\nexport function assertIdentity(input: {\n  email?: string;\n  userId?: string;\n}): void {\n  const hasEmail = typeof input.email === \"string\" && input.email.length > 0;\n  const hasUserId = typeof input.userId === \"string\" && input.userId.length > 0;\n  if (!hasEmail && !hasUserId) {\n    throw new TypeError(\n      \"Hogsend: an identity is required — pass `email`, `userId`, or both.\",\n    );\n  }\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport { assertIdentity } from \"../internal/identity.js\";\nimport type {\n  Contact,\n  DeleteContactInput,\n  DeleteContactResult,\n  FindContactsInput,\n  UpsertContactInput,\n  UpsertContactResult,\n} from \"../types.js\";\n\n/** The `contacts.*` resource bound to an {@link HttpClient}. */\nexport class ContactsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /**\n   * Upsert a contact by identity. Resolves/merges server-side and optionally\n   * applies list membership. Returns `{ id, created, linked }`.\n   */\n  async upsert(input: UpsertContactInput): Promise<UpsertContactResult> {\n    assertIdentity(input);\n    return this.http.put<UpsertContactResult>(\"/v1/contacts\", {\n      email: input.email,\n      userId: input.userId,\n      properties: input.properties,\n      lists: input.lists,\n    });\n  }\n\n  /** Find non-deleted contacts by `email` or `userId`. */\n  async find(input: FindContactsInput): Promise<Contact[]> {\n    const query: Record<string, string | undefined> = {\n      email: \"email\" in input ? input.email : undefined,\n      userId: \"userId\" in input ? input.userId : undefined,\n    };\n    const res = await this.http.get<{ contacts: Contact[] }>(\n      \"/v1/contacts/find\",\n      query,\n    );\n    return res.contacts;\n  }\n\n  /** Soft-delete a contact by identity. */\n  async delete(input: DeleteContactInput): Promise<DeleteContactResult> {\n    assertIdentity(input);\n    return this.http.del<DeleteContactResult>(\"/v1/contacts\", {\n      email: input.email,\n      userId: input.userId,\n    });\n  }\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport type { SendEmailInput, SendEmailResult } from \"../types.js\";\n\n/** The `emails.*` resource bound to an {@link HttpClient}. */\nexport class EmailsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /**\n   * Send a transactional email by template. Recipient is `to` (raw address) or\n   * `userId` (resolved server-side). `template`/`props` are type-checked against\n   * the augmented `TemplateRegistryMap` when `@hogsend/email` is installed,\n   * else degrade to `{ template: string; props? }`.\n   */\n  send(input: SendEmailInput): Promise<SendEmailResult> {\n    // The discriminated union narrows `template`/`props`; index into the input\n    // via a permissive view to build the wire body without re-discriminating.\n    const body = input as SendEmailInput & {\n      props?: Record<string, unknown>;\n    };\n    return this.http.post<SendEmailResult>(\n      \"/v1/emails\",\n      {\n        to: body.to,\n        userId: body.userId,\n        template: body.template,\n        props: body.props,\n        from: body.from,\n        subject: body.subject,\n        replyTo: body.replyTo,\n        category: body.category,\n        skipPreferenceCheck: body.skipPreferenceCheck,\n        idempotencyKey: body.idempotencyKey,\n      },\n      body.idempotencyKey ? { idempotencyKey: body.idempotencyKey } : undefined,\n    );\n  }\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport { assertIdentity } from \"../internal/identity.js\";\nimport type { IngestResult, SendEventInput } from \"../types.js\";\n\n/** The `events.*` resource bound to an {@link HttpClient}. */\nexport class EventsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /**\n   * Send an event through the ingestion pipeline. The two property bags are\n   * kept distinct: `eventProperties` feed `trigger.where`/`exitOn`,\n   * `contactProperties` merge onto the contact. Optionally apply list\n   * membership. Returns the ingest result (stored + exit evaluations).\n   *\n   * `idempotencyKey` is sent both as the `Idempotency-Key` header (which wins\n   * server-side) and in the body, matching `POST /v1/events`.\n   */\n  send(input: SendEventInput): Promise<IngestResult> {\n    assertIdentity(input);\n    return this.http.post<IngestResult>(\n      \"/v1/events\",\n      {\n        name: input.name,\n        email: input.email,\n        userId: input.userId,\n        eventProperties: input.eventProperties,\n        contactProperties: input.contactProperties,\n        lists: input.lists,\n        idempotencyKey: input.idempotencyKey,\n      },\n      input.idempotencyKey\n        ? { idempotencyKey: input.idempotencyKey }\n        : undefined,\n    );\n  }\n\n  /** Alias of {@link EventsResource.send}. */\n  track(input: SendEventInput): Promise<IngestResult> {\n    return this.send(input);\n  }\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport { assertIdentity } from \"../internal/identity.js\";\nimport type {\n  ListSummary,\n  SubscribeInput,\n  SubscribeResult,\n  UnsubscribeResult,\n} from \"../types.js\";\n\n/** The `lists.*` resource bound to an {@link HttpClient}. */\nexport class ListsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /** List all code-defined lists. */\n  async list(): Promise<ListSummary[]> {\n    const res = await this.http.get<{ lists: ListSummary[] }>(\"/v1/lists\");\n    return res.lists;\n  }\n\n  /** Subscribe an identity to a list. */\n  async subscribe(input: SubscribeInput): Promise<SubscribeResult> {\n    assertIdentity(input);\n    const res = await this.http.post<{ list: string; subscribed: boolean }>(\n      `/v1/lists/${encodeURIComponent(input.list)}/subscribe`,\n      { email: input.email, userId: input.userId },\n    );\n    return { subscribed: res.subscribed };\n  }\n\n  /** Unsubscribe an identity from a list. */\n  async unsubscribe(input: SubscribeInput): Promise<UnsubscribeResult> {\n    assertIdentity(input);\n    const res = await this.http.post<{ list: string; subscribed: boolean }>(\n      `/v1/lists/${encodeURIComponent(input.list)}/unsubscribe`,\n      { email: input.email, userId: input.userId },\n    );\n    return { unsubscribed: res.subscribed === false };\n  }\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport type {\n  CreatedWebhookEndpoint,\n  CreateWebhookInput,\n  RotateWebhookSecretResult,\n  UpdateWebhookInput,\n  WebhookEndpoint,\n} from \"../types.js\";\n\nconst BASE = \"/v1/admin/webhooks\";\n\n/**\n * The `webhooks.*` resource — manage outbound webhook endpoints (the\n * Svix-style signed event stream Hogsend emits to subscriber URLs).\n *\n * IMPORTANT: unlike the rest of the client (which uses an `ingest`-scoped data\n * key), this resource targets the ADMIN plane (`/v1/admin/webhooks`) and\n * REQUIRES a full-admin key. Signing-secret management is the same trust class\n * as API-key management — a leaked ingest key must never register an\n * exfiltration endpoint. Construct the client with an admin `apiKey`.\n *\n * The full signing `secret` (`whsec_…`) is returned ONCE — on\n * {@link WebhooksResource.create} and {@link WebhooksResource.rotateSecret}.\n * `list`/`get` only ever expose the display `secretPrefix`. Store it on create.\n */\nexport class WebhooksResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /**\n   * Register a new endpoint subscribed to one or more outbound event types.\n   * Returns the endpoint INCLUDING the full signing `secret` — this is the\n   * only time (besides rotate) the secret is returned. Store it now.\n   */\n  create(input: CreateWebhookInput): Promise<CreatedWebhookEndpoint> {\n    return this.http.post<CreatedWebhookEndpoint>(BASE, {\n      url: input.url,\n      eventTypes: input.eventTypes,\n      description: input.description,\n      disabled: input.disabled,\n    });\n  }\n\n  /**\n   * List endpoints (newest first). Disabled endpoints are hidden unless\n   * `includeDisabled` is set. Returns the endpoints array (unwrapped from the\n   * `{ endpoints, total, limit, offset }` envelope).\n   */\n  async list(opts?: {\n    limit?: number;\n    offset?: number;\n    includeDisabled?: boolean;\n  }): Promise<WebhookEndpoint[]> {\n    const res = await this.http.get<{ endpoints: WebhookEndpoint[] }>(BASE, {\n      limit: opts?.limit,\n      offset: opts?.offset,\n      includeDisabled:\n        opts?.includeDisabled === undefined\n          ? undefined\n          : String(opts.includeDisabled),\n    });\n    return res.endpoints;\n  }\n\n  /** Fetch one endpoint by id (404 → {@link HogsendAPIError}). */\n  get(id: string): Promise<WebhookEndpoint> {\n    return this.http.get<WebhookEndpoint>(`${BASE}/${encodeURIComponent(id)}`);\n  }\n\n  /**\n   * Patch an endpoint. Only the provided fields change; `description: null`\n   * clears the description. Does NOT return or rotate the secret.\n   */\n  update(id: string, input: UpdateWebhookInput): Promise<WebhookEndpoint> {\n    return this.http.patch<WebhookEndpoint>(\n      `${BASE}/${encodeURIComponent(id)}`,\n      {\n        url: input.url,\n        eventTypes: input.eventTypes,\n        description: input.description,\n        disabled: input.disabled,\n      },\n    );\n  }\n\n  /** Hard-delete an endpoint (cascade drops its deliveries). */\n  delete(id: string): Promise<{ deleted: boolean }> {\n    return this.http.del<{ deleted: boolean }>(\n      `${BASE}/${encodeURIComponent(id)}`,\n    );\n  }\n\n  /**\n   * Rotate the signing secret. The OLD secret is invalidated immediately (hard\n   * cutover) — update every subscriber with the returned new `secret` (returned\n   * ONCE).\n   */\n  rotateSecret(id: string): Promise<RotateWebhookSecretResult> {\n    return this.http.post<RotateWebhookSecretResult>(\n      `${BASE}/${encodeURIComponent(id)}/rotate-secret`,\n      {},\n    );\n  }\n\n  /**\n   * Enqueue an out-of-band `webhook.test` delivery to the endpoint, delivered\n   * regardless of its subscribed `eventTypes`. Returns the 202 enqueue ack.\n   */\n  sendTest(\n    id: string,\n  ): Promise<{ enqueued: boolean; eventType: \"webhook.test\" }> {\n    return this.http.post<{ enqueued: boolean; eventType: \"webhook.test\" }>(\n      `${BASE}/${encodeURIComponent(id)}/test`,\n      {},\n    );\n  }\n}\n","import { createHttpClient } from \"./internal/http.js\";\nimport { CampaignsResource } from \"./resources/campaigns.js\";\nimport { ContactsResource } from \"./resources/contacts.js\";\nimport { EmailsResource } from \"./resources/emails.js\";\nimport { EventsResource } from \"./resources/events.js\";\nimport { ListsResource } from \"./resources/lists.js\";\nimport { WebhooksResource } from \"./resources/webhooks.js\";\nimport type { HogsendOptions } from \"./types.js\";\n\n/**\n * Typed HTTP client for the Hogsend data plane.\n *\n * ```ts\n * const hs = new Hogsend({ baseUrl: \"https://api.example.com\", apiKey: \"hsk_…\" });\n * await hs.contacts.upsert({ email: \"a@b.com\", properties: { plan: \"pro\" } });\n * await hs.events.send({ userId: \"u_1\", name: \"signup\" });\n * ```\n */\nexport class Hogsend {\n  readonly contacts: ContactsResource;\n  readonly events: EventsResource;\n  readonly emails: EmailsResource;\n  readonly lists: ListsResource;\n  readonly campaigns: CampaignsResource;\n  /**\n   * Manage outbound webhook endpoints (the signed event stream Hogsend emits to\n   * subscriber URLs). REQUIRES a full-admin `apiKey` — this resource hits the\n   * admin plane (`/v1/admin/webhooks`), NOT the ingest data plane the other\n   * resources use. See {@link WebhooksResource}.\n   */\n  readonly webhooks: WebhooksResource;\n\n  constructor(opts: HogsendOptions) {\n    if (!opts.baseUrl) {\n      throw new TypeError(\"Hogsend: `baseUrl` is required.\");\n    }\n    if (!opts.apiKey) {\n      throw new TypeError(\"Hogsend: `apiKey` is required.\");\n    }\n\n    const http = createHttpClient({\n      baseUrl: opts.baseUrl.replace(/\\/+$/, \"\"),\n      apiKey: opts.apiKey,\n      fetch: opts.fetch,\n      timeoutMs: opts.timeoutMs,\n      headers: opts.headers,\n    });\n\n    this.contacts = new ContactsResource(http);\n    this.events = new EventsResource(http);\n    this.emails = new EmailsResource(http);\n    this.lists = new ListsResource(http);\n    this.campaigns = new CampaignsResource(http);\n    this.webhooks = new WebhooksResource(http);\n  }\n}\n","import { createHmac, timingSafeEqual } from \"node:crypto\";\nimport { Webhook } from \"svix\";\n\n/** Default tolerance (seconds) for the timestamp freshness check. */\nconst TOLERANCE_SECONDS = 5 * 60;\n\n/**\n * Lowercase every header key so callers can pass the Title-Case headers Hogsend\n * sends (`Webhook-Id`/`Webhook-Timestamp`/`Webhook-Signature`) OR the lowercase\n * form a framework may hand back. Svix expects lowercase `svix-*`/`webhook-*`.\n */\nfunction normalizeHeaders(\n  headers: Record<string, string>,\n): Record<string, string> {\n  const out: Record<string, string> = {};\n  for (const [key, value] of Object.entries(headers)) {\n    out[key.toLowerCase()] = value;\n  }\n  return out;\n}\n\n/**\n * Verify and parse an INBOUND Hogsend outbound-webhook delivery, the\n * subscriber-side counterpart of the engine's signing. Use this in a handler\n * that receives Hogsend's signed POSTs to confirm authenticity before trusting\n * the body.\n *\n * Pass the RAW request body bytes (the exact string Hogsend signed — never a\n * re-stringified object), the request headers, and the endpoint's `whsec_…`\n * signing secret (from create / rotate-secret). Returns the parsed event\n * envelope (`{ id, type, timestamp, data }`) on success.\n *\n * Throws on a bad signature, a missing signature header, or a timestamp outside\n * the 5-minute tolerance window.\n *\n * Implementation: wraps svix's `Webhook.verify` (constant-time, tolerance-\n * checked); if svix cannot run for any reason it falls back to a pure\n * `node:crypto` HMAC-SHA256 check over `${id}.${timestamp}.${body}` with a\n * `timingSafeEqual` compare against the `v1,<base64>` signature(s).\n *\n * @example\n * ```ts\n * import { verifyHogsendWebhook } from \"@hogsend/client\";\n *\n * app.post(\"/webhooks/hogsend\", async (req, res) => {\n *   const body = await readRawBody(req); // the exact bytes\n *   try {\n *     const event = verifyHogsendWebhook({\n *       payload: body,\n *       headers: req.headers,\n *       secret: process.env.HOGSEND_WEBHOOK_SECRET!,\n *     });\n *     // handle event.type ...\n *     res.sendStatus(200);\n *   } catch {\n *     res.sendStatus(401);\n *   }\n * });\n * ```\n */\nexport function verifyHogsendWebhook(opts: {\n  payload: string;\n  headers: Record<string, string>;\n  secret: string;\n}): unknown {\n  const headers = normalizeHeaders(opts.headers);\n  const id = headers[\"webhook-id\"] ?? headers[\"svix-id\"];\n  const timestamp = headers[\"webhook-timestamp\"] ?? headers[\"svix-timestamp\"];\n  const signature = headers[\"webhook-signature\"] ?? headers[\"svix-signature\"];\n\n  if (!id || !timestamp || !signature) {\n    throw new Error(\n      \"verifyHogsendWebhook: missing Webhook-Id / Webhook-Timestamp / Webhook-Signature header\",\n    );\n  }\n\n  try {\n    const wh = new Webhook(opts.secret);\n    return wh.verify(opts.payload, {\n      \"svix-id\": id,\n      \"svix-timestamp\": timestamp,\n      \"svix-signature\": signature,\n    });\n  } catch {\n    // svix unavailable (tree-shaken) or threw — fall back to node:crypto. We\n    // re-run the SAME canonical check so a genuine signature/timestamp failure\n    // still throws; only a svix-internal/import failure is \"rescued\".\n    return verifyWithNodeCrypto({\n      payload: opts.payload,\n      secret: opts.secret,\n      id,\n      timestamp,\n      signature,\n    });\n  }\n}\n\n/**\n * Pure `node:crypto` verification of the Svix signature scheme. Mirrors the\n * documented fallback in the engine's webhook-signing lib:\n * `HMAC_SHA256(base64-decoded secret, `${id}.${ts}.${body}`)` → `v1,<base64>`,\n * `timingSafeEqual` against each space-separated signature in the header.\n */\nfunction verifyWithNodeCrypto(opts: {\n  payload: string;\n  secret: string;\n  id: string;\n  timestamp: string;\n  signature: string;\n}): unknown {\n  const ts = Number.parseInt(opts.timestamp, 10);\n  if (!Number.isFinite(ts)) {\n    throw new Error(\"verifyHogsendWebhook: invalid Webhook-Timestamp\");\n  }\n  const now = Math.floor(Date.now() / 1000);\n  if (Math.abs(now - ts) > TOLERANCE_SECONDS) {\n    throw new Error(\"verifyHogsendWebhook: timestamp outside tolerance window\");\n  }\n\n  // The secret is `whsec_<base64>`; the signing key is the base64-decoded body.\n  const key = opts.secret.startsWith(\"whsec_\")\n    ? Buffer.from(opts.secret.slice(6), \"base64\")\n    : Buffer.from(opts.secret, \"base64\");\n  const signedContent = `${opts.id}.${opts.timestamp}.${opts.payload}`;\n  const expected = createHmac(\"sha256\", key)\n    .update(signedContent)\n    .digest(\"base64\");\n  const expectedBuf = Buffer.from(expected);\n\n  // The header is space-separated `v1,<sig>` pairs; accept if ANY matches.\n  const matched = opts.signature.split(\" \").some((part) => {\n    const sig = part.startsWith(\"v1,\") ? part.slice(3) : part;\n    const candidate = Buffer.from(sig);\n    return (\n      candidate.length === expectedBuf.length &&\n      timingSafeEqual(candidate, expectedBuf)\n    );\n  });\n\n  if (!matched) {\n    throw new Error(\"verifyHogsendWebhook: signature verification failed\");\n  }\n\n  return JSON.parse(opts.payload);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACMO,IAAM,kBAAN,cAA8B,MAAM;AAAA,EAChC;AAAA,EACA;AAAA,EAET,YAAY,SAAiB,QAAgB,MAAe;AAC1D,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,OAAO;AAEZ,WAAO,eAAe,MAAM,WAAW,SAAS;AAAA,EAClD;AACF;AAMO,IAAM,iBAAN,cAA6B,gBAAgB;AAAA,EACzC;AAAA,EAET,YAAY,SAAiB,MAAe,YAAqB;AAC/D,UAAM,SAAS,KAAK,IAAI;AACxB,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,WAAO,eAAe,MAAM,WAAW,SAAS;AAAA,EAClD;AACF;;;ACOA,IAAM,qBAAqB;AAE3B,SAAS,SAAS,SAAiB,MAAc,OAAuB;AACtE,QAAM,MAAM,IAAI,IAAI,KAAK,WAAW,GAAG,IAAI,OAAO,IAAI,IAAI,IAAI,GAAG,OAAO,GAAG;AAC3E,MAAI,OAAO;AACT,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,KAAK,GAAG;AAChD,UAAI,UAAU,OAAW;AACzB,UAAI,aAAa,IAAI,KAAK,OAAO,KAAK,CAAC;AAAA,IACzC;AAAA,EACF;AACA,SAAO,IAAI,SAAS;AACtB;AAEA,SAAS,YAAY,QAAgB,MAAuB;AAC1D,MAAI,QAAQ,OAAO,SAAS,UAAU;AAEpC,UAAM,WAAY,KAA6B;AAC/C,QAAI,OAAO,aAAa,UAAU;AAChC,aAAO,GAAG,MAAM,KAAK,QAAQ;AAAA,IAC/B;AAKA,QACG,KAA+B,YAAY,SAC5C,YACA,OAAO,aAAa,UACpB;AACA,YAAM,UAAU,KAAK,UAAU,QAAQ,EAAE,MAAM,GAAG,GAAG;AACrD,aAAO,GAAG,MAAM,uBAAuB,OAAO;AAAA,IAChD;AAAA,EACF;AACA,SAAO,8BAA8B,MAAM;AAC7C;AAGA,SAAS,gBAAgB,OAA0C;AACjE,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,UAAU,OAAO,SAAS,OAAO,EAAE;AACzC,SAAO,OAAO,SAAS,OAAO,IAAI,UAAU;AAC9C;AAUO,SAAS,iBAAiB,QAAsC;AACrE,QAAM,UAAU,OAAO,SAAS;AAChC,QAAM,YAAY,OAAO,aAAa;AACtC,QAAM,eAAe,OAAO,WAAW,CAAC;AAExC,iBAAe,QACb,QACA,MACA,MACY;AACZ,UAAM,UAAkC;AAAA,MACtC,QAAQ;AAAA,MACR,eAAe,UAAU,OAAO,MAAM;AAAA,MACtC,GAAG;AAAA,IACL;AACA,QAAI,KAAK,SAAS,QAAW;AAC3B,cAAQ,cAAc,IAAI;AAAA,IAC5B;AACA,QAAI,KAAK,QAAQ,gBAAgB;AAC/B,cAAQ,iBAAiB,IAAI,KAAK,OAAO;AAAA,IAC3C;AAEA,UAAM,MAAM,SAAS,OAAO,SAAS,MAAM,KAAK,KAAK;AAErD,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,QAAQ,WAAW,MAAM,WAAW,MAAM,GAAG,SAAS;AAE5D,QAAI;AACJ,QAAI;AACF,YAAM,MAAM,QAAQ,KAAK;AAAA,QACvB;AAAA,QACA;AAAA,QACA,MAAM,KAAK,SAAS,SAAY,KAAK,UAAU,KAAK,IAAI,IAAI;AAAA,QAC5D,QAAQ,WAAW;AAAA,MACrB,CAAC;AAAA,IACH,SAAS,OAAO;AACd,YAAM,MAAM,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACjE,YAAM,IAAI;AAAA,QACR,gBAAgB,OAAO,OAAO,KAAK,GAAG;AAAA,QACtC;AAAA,QACA;AAAA,MACF;AAAA,IACF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAEA,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI;AACJ,QAAI,KAAK,SAAS,GAAG;AACnB,UAAI;AACF,iBAAS,KAAK,MAAM,IAAI;AAAA,MAC1B,QAAQ;AACN,iBAAS;AAAA,MACX;AAAA,IACF;AAEA,QAAI,CAAC,IAAI,IAAI;AACX,UAAI,IAAI,WAAW,KAAK;AACtB,cAAM,IAAI;AAAA,UACR,YAAY,IAAI,QAAQ,MAAM;AAAA,UAC9B;AAAA,UACA,gBAAgB,IAAI,QAAQ,IAAI,aAAa,CAAC;AAAA,QAChD;AAAA,MACF;AACA,YAAM,IAAI;AAAA,QACR,YAAY,IAAI,QAAQ,MAAM;AAAA,QAC9B,IAAI;AAAA,QACJ;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,KAAK,CAAI,MAAc,UAAkB,QAAW,OAAO,MAAM,EAAE,MAAM,CAAC;AAAA,IAC1E,MAAM,CAAI,MAAc,MAAe,WACrC,QAAW,QAAQ,MAAM,EAAE,MAAM,OAAO,CAAC;AAAA,IAC3C,KAAK,CAAI,MAAc,MAAe,WACpC,QAAW,OAAO,MAAM,EAAE,MAAM,OAAO,CAAC;AAAA,IAC1C,OAAO,CAAI,MAAc,MAAe,WACtC,QAAW,SAAS,MAAM,EAAE,MAAM,OAAO,CAAC;AAAA,IAC5C,KAAK,CAAI,MAAc,SACrB,QAAW,UAAU,MAAM,EAAE,KAAK,CAAC;AAAA,EACvC;AACF;;;ACxKO,IAAM,oBAAN,MAAwB;AAAA,EAC7B,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAY7B,KAAK,OAAuD;AAI1D,UAAM,OAAO;AAKb,WAAO,KAAK,KAAK,KAAyB,iBAAiB;AAAA,MACzD,MAAM,KAAK;AAAA,MACX,MAAM,KAAK;AAAA,MACX,QAAQ,KAAK;AAAA,MACb,UAAU,KAAK;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,MAAM,KAAK;AAAA,MACX,SAAS,KAAK;AAAA,IAChB,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,IAAI,IAA+B;AACjC,WAAO,KAAK,KAAK,IAAc,iBAAiB,mBAAmB,EAAE,CAAC,EAAE;AAAA,EAC1E;AACF;;;ACvCO,SAAS,eAAe,OAGtB;AACP,QAAM,WAAW,OAAO,MAAM,UAAU,YAAY,MAAM,MAAM,SAAS;AACzE,QAAM,YAAY,OAAO,MAAM,WAAW,YAAY,MAAM,OAAO,SAAS;AAC5E,MAAI,CAAC,YAAY,CAAC,WAAW;AAC3B,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACF;;;ACLO,IAAM,mBAAN,MAAuB;AAAA,EAC5B,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAM7B,MAAM,OAAO,OAAyD;AACpE,mBAAe,KAAK;AACpB,WAAO,KAAK,KAAK,IAAyB,gBAAgB;AAAA,MACxD,OAAO,MAAM;AAAA,MACb,QAAQ,MAAM;AAAA,MACd,YAAY,MAAM;AAAA,MAClB,OAAO,MAAM;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,KAAK,OAA8C;AACvD,UAAM,QAA4C;AAAA,MAChD,OAAO,WAAW,QAAQ,MAAM,QAAQ;AAAA,MACxC,QAAQ,YAAY,QAAQ,MAAM,SAAS;AAAA,IAC7C;AACA,UAAM,MAAM,MAAM,KAAK,KAAK;AAAA,MAC1B;AAAA,MACA;AAAA,IACF;AACA,WAAO,IAAI;AAAA,EACb;AAAA;AAAA,EAGA,MAAM,OAAO,OAAyD;AACpE,mBAAe,KAAK;AACpB,WAAO,KAAK,KAAK,IAAyB,gBAAgB;AAAA,MACxD,OAAO,MAAM;AAAA,MACb,QAAQ,MAAM;AAAA,IAChB,CAAC;AAAA,EACH;AACF;;;AC9CO,IAAM,iBAAN,MAAqB;AAAA,EAC1B,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQ7B,KAAK,OAAiD;AAGpD,UAAM,OAAO;AAGb,WAAO,KAAK,KAAK;AAAA,MACf;AAAA,MACA;AAAA,QACE,IAAI,KAAK;AAAA,QACT,QAAQ,KAAK;AAAA,QACb,UAAU,KAAK;AAAA,QACf,OAAO,KAAK;AAAA,QACZ,MAAM,KAAK;AAAA,QACX,SAAS,KAAK;AAAA,QACd,SAAS,KAAK;AAAA,QACd,UAAU,KAAK;AAAA,QACf,qBAAqB,KAAK;AAAA,QAC1B,gBAAgB,KAAK;AAAA,MACvB;AAAA,MACA,KAAK,iBAAiB,EAAE,gBAAgB,KAAK,eAAe,IAAI;AAAA,IAClE;AAAA,EACF;AACF;;;AC/BO,IAAM,iBAAN,MAAqB;AAAA,EAC1B,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAW7B,KAAK,OAA8C;AACjD,mBAAe,KAAK;AACpB,WAAO,KAAK,KAAK;AAAA,MACf;AAAA,MACA;AAAA,QACE,MAAM,MAAM;AAAA,QACZ,OAAO,MAAM;AAAA,QACb,QAAQ,MAAM;AAAA,QACd,iBAAiB,MAAM;AAAA,QACvB,mBAAmB,MAAM;AAAA,QACzB,OAAO,MAAM;AAAA,QACb,gBAAgB,MAAM;AAAA,MACxB;AAAA,MACA,MAAM,iBACF,EAAE,gBAAgB,MAAM,eAAe,IACvC;AAAA,IACN;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,OAA8C;AAClD,WAAO,KAAK,KAAK,KAAK;AAAA,EACxB;AACF;;;AC9BO,IAAM,gBAAN,MAAoB;AAAA,EACzB,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA,EAG7B,MAAM,OAA+B;AACnC,UAAM,MAAM,MAAM,KAAK,KAAK,IAA8B,WAAW;AACrE,WAAO,IAAI;AAAA,EACb;AAAA;AAAA,EAGA,MAAM,UAAU,OAAiD;AAC/D,mBAAe,KAAK;AACpB,UAAM,MAAM,MAAM,KAAK,KAAK;AAAA,MAC1B,aAAa,mBAAmB,MAAM,IAAI,CAAC;AAAA,MAC3C,EAAE,OAAO,MAAM,OAAO,QAAQ,MAAM,OAAO;AAAA,IAC7C;AACA,WAAO,EAAE,YAAY,IAAI,WAAW;AAAA,EACtC;AAAA;AAAA,EAGA,MAAM,YAAY,OAAmD;AACnE,mBAAe,KAAK;AACpB,UAAM,MAAM,MAAM,KAAK,KAAK;AAAA,MAC1B,aAAa,mBAAmB,MAAM,IAAI,CAAC;AAAA,MAC3C,EAAE,OAAO,MAAM,OAAO,QAAQ,MAAM,OAAO;AAAA,IAC7C;AACA,WAAO,EAAE,cAAc,IAAI,eAAe,MAAM;AAAA,EAClD;AACF;;;AC7BA,IAAM,OAAO;AAgBN,IAAM,mBAAN,MAAuB;AAAA,EAC5B,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAO7B,OAAO,OAA4D;AACjE,WAAO,KAAK,KAAK,KAA6B,MAAM;AAAA,MAClD,KAAK,MAAM;AAAA,MACX,YAAY,MAAM;AAAA,MAClB,aAAa,MAAM;AAAA,MACnB,UAAU,MAAM;AAAA,IAClB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,KAAK,MAIoB;AAC7B,UAAM,MAAM,MAAM,KAAK,KAAK,IAAsC,MAAM;AAAA,MACtE,OAAO,MAAM;AAAA,MACb,QAAQ,MAAM;AAAA,MACd,iBACE,MAAM,oBAAoB,SACtB,SACA,OAAO,KAAK,eAAe;AAAA,IACnC,CAAC;AACD,WAAO,IAAI;AAAA,EACb;AAAA;AAAA,EAGA,IAAI,IAAsC;AACxC,WAAO,KAAK,KAAK,IAAqB,GAAG,IAAI,IAAI,mBAAmB,EAAE,CAAC,EAAE;AAAA,EAC3E;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,IAAY,OAAqD;AACtE,WAAO,KAAK,KAAK;AAAA,MACf,GAAG,IAAI,IAAI,mBAAmB,EAAE,CAAC;AAAA,MACjC;AAAA,QACE,KAAK,MAAM;AAAA,QACX,YAAY,MAAM;AAAA,QAClB,aAAa,MAAM;AAAA,QACnB,UAAU,MAAM;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAAA;AAAA,EAGA,OAAO,IAA2C;AAChD,WAAO,KAAK,KAAK;AAAA,MACf,GAAG,IAAI,IAAI,mBAAmB,EAAE,CAAC;AAAA,IACnC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,IAAgD;AAC3D,WAAO,KAAK,KAAK;AAAA,MACf,GAAG,IAAI,IAAI,mBAAmB,EAAE,CAAC;AAAA,MACjC,CAAC;AAAA,IACH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,SACE,IAC2D;AAC3D,WAAO,KAAK,KAAK;AAAA,MACf,GAAG,IAAI,IAAI,mBAAmB,EAAE,CAAC;AAAA,MACjC,CAAC;AAAA,IACH;AAAA,EACF;AACF;;;ACjGO,IAAM,UAAN,MAAc;AAAA,EACV;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA;AAAA,EAET,YAAY,MAAsB;AAChC,QAAI,CAAC,KAAK,SAAS;AACjB,YAAM,IAAI,UAAU,iCAAiC;AAAA,IACvD;AACA,QAAI,CAAC,KAAK,QAAQ;AAChB,YAAM,IAAI,UAAU,gCAAgC;AAAA,IACtD;AAEA,UAAM,OAAO,iBAAiB;AAAA,MAC5B,SAAS,KAAK,QAAQ,QAAQ,QAAQ,EAAE;AAAA,MACxC,QAAQ,KAAK;AAAA,MACb,OAAO,KAAK;AAAA,MACZ,WAAW,KAAK;AAAA,MAChB,SAAS,KAAK;AAAA,IAChB,CAAC;AAED,SAAK,WAAW,IAAI,iBAAiB,IAAI;AACzC,SAAK,SAAS,IAAI,eAAe,IAAI;AACrC,SAAK,SAAS,IAAI,eAAe,IAAI;AACrC,SAAK,QAAQ,IAAI,cAAc,IAAI;AACnC,SAAK,YAAY,IAAI,kBAAkB,IAAI;AAC3C,SAAK,WAAW,IAAI,iBAAiB,IAAI;AAAA,EAC3C;AACF;;;ACvDA,yBAA4C;AAC5C,kBAAwB;AAGxB,IAAM,oBAAoB,IAAI;AAO9B,SAAS,iBACP,SACwB;AACxB,QAAM,MAA8B,CAAC;AACrC,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,OAAO,GAAG;AAClD,QAAI,IAAI,YAAY,CAAC,IAAI;AAAA,EAC3B;AACA,SAAO;AACT;AAyCO,SAAS,qBAAqB,MAIzB;AACV,QAAM,UAAU,iBAAiB,KAAK,OAAO;AAC7C,QAAM,KAAK,QAAQ,YAAY,KAAK,QAAQ,SAAS;AACrD,QAAM,YAAY,QAAQ,mBAAmB,KAAK,QAAQ,gBAAgB;AAC1E,QAAM,YAAY,QAAQ,mBAAmB,KAAK,QAAQ,gBAAgB;AAE1E,MAAI,CAAC,MAAM,CAAC,aAAa,CAAC,WAAW;AACnC,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,MAAI;AACF,UAAM,KAAK,IAAI,oBAAQ,KAAK,MAAM;AAClC,WAAO,GAAG,OAAO,KAAK,SAAS;AAAA,MAC7B,WAAW;AAAA,MACX,kBAAkB;AAAA,MAClB,kBAAkB;AAAA,IACpB,CAAC;AAAA,EACH,QAAQ;AAIN,WAAO,qBAAqB;AAAA,MAC1B,SAAS,KAAK;AAAA,MACd,QAAQ,KAAK;AAAA,MACb;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AACF;AAQA,SAAS,qBAAqB,MAMlB;AACV,QAAM,KAAK,OAAO,SAAS,KAAK,WAAW,EAAE;AAC7C,MAAI,CAAC,OAAO,SAAS,EAAE,GAAG;AACxB,UAAM,IAAI,MAAM,iDAAiD;AAAA,EACnE;AACA,QAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AACxC,MAAI,KAAK,IAAI,MAAM,EAAE,IAAI,mBAAmB;AAC1C,UAAM,IAAI,MAAM,0DAA0D;AAAA,EAC5E;AAGA,QAAM,MAAM,KAAK,OAAO,WAAW,QAAQ,IACvC,OAAO,KAAK,KAAK,OAAO,MAAM,CAAC,GAAG,QAAQ,IAC1C,OAAO,KAAK,KAAK,QAAQ,QAAQ;AACrC,QAAM,gBAAgB,GAAG,KAAK,EAAE,IAAI,KAAK,SAAS,IAAI,KAAK,OAAO;AAClE,QAAM,eAAW,+BAAW,UAAU,GAAG,EACtC,OAAO,aAAa,EACpB,OAAO,QAAQ;AAClB,QAAM,cAAc,OAAO,KAAK,QAAQ;AAGxC,QAAM,UAAU,KAAK,UAAU,MAAM,GAAG,EAAE,KAAK,CAAC,SAAS;AACvD,UAAM,MAAM,KAAK,WAAW,KAAK,IAAI,KAAK,MAAM,CAAC,IAAI;AACrD,UAAM,YAAY,OAAO,KAAK,GAAG;AACjC,WACE,UAAU,WAAW,YAAY,cACjC,oCAAgB,WAAW,WAAW;AAAA,EAE1C,CAAC;AAED,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,qDAAqD;AAAA,EACvE;AAEA,SAAO,KAAK,MAAM,KAAK,OAAO;AAChC;","names":[]}

package/dist/index.d.cts

@@ -32,6 +32,7 @@ interface HttpClient {
     get<T = unknown>(path: string, query?: Query): Promise<T>;
     post<T = unknown>(path: string, body: unknown, extras?: RequestExtras): Promise<T>;
     put<T = unknown>(path: string, body: unknown, extras?: RequestExtras): Promise<T>;
+    patch<T = unknown>(path: string, body: unknown, extras?: RequestExtras): Promise<T>;
     del<T = unknown>(path: string, body?: unknown): Promise<T>;
 }
 
@@ -161,6 +162,64 @@ interface SubscribeResult {
 interface UnsubscribeResult {
     unsubscribed: boolean;
 }
+/**
+ * The 12-event outbound catalog. MIRRORS the engine's `WEBHOOK_EVENT_TYPES`
+ * (`@hogsend/engine` lib/webhook-signing.ts) — the client cannot import the
+ * engine, so the union is re-declared here. A drift check keeps them in sync.
+ * The `webhook.test` sentinel is NOT a member (out-of-band).
+ */
+type OutboundEventType = "contact.created" | "contact.updated" | "contact.deleted" | "contact.unsubscribed" | "email.sent" | "email.delivered" | "email.opened" | "email.clicked" | "email.bounced" | "journey.completed" | "bucket.entered" | "bucket.left";
+/**
+ * A managed outbound webhook endpoint as returned by `/v1/admin/webhooks` list
+ * + get. NEVER carries the full signing `secret` — only its display
+ * `secretPrefix`. The full secret is returned exactly once, on create and
+ * rotate-secret, as {@link CreatedWebhookEndpoint} / {@link RotateWebhookSecretResult}.
+ */
+interface WebhookEndpoint {
+    id: string;
+    url: string;
+    description: string | null;
+    eventTypes: OutboundEventType[];
+    /** Safe-to-display prefix, e.g. `whsec_AbCd`. The full secret is never here. */
+    secretPrefix: string;
+    status: "enabled" | "disabled";
+    organizationId: string | null;
+    /** ISO string of the last delivery attempt, or null if never delivered. */
+    lastDeliveryAt: string | null;
+    createdAt: string;
+    updatedAt: string;
+}
+/**
+ * The create / rotate response: a {@link WebhookEndpoint} PLUS the full signing
+ * `secret` (`whsec_…`). Returned ONCE — store it now, it is never recoverable
+ * from list/get.
+ */
+type CreatedWebhookEndpoint = WebhookEndpoint & {
+    secret: string;
+};
+/** Body for `hs.webhooks.create`. At least one event type is required. */
+interface CreateWebhookInput {
+    url: string;
+    eventTypes: OutboundEventType[];
+    description?: string;
+    disabled?: boolean;
+}
+/**
+ * Body for `hs.webhooks.update` (PATCH semantics — only provided fields change).
+ * `description: null` clears the description.
+ */
+interface UpdateWebhookInput {
+    url?: string;
+    eventTypes?: OutboundEventType[];
+    description?: string | null;
+    disabled?: boolean;
+}
+/** Result of `hs.webhooks.rotateSecret` — the NEW full secret, returned once. */
+interface RotateWebhookSecretResult {
+    id: string;
+    secret: string;
+    secretPrefix: string;
+}
 /**
  * `true` when `TemplateRegistryMap` carries no augmented keys (consumer has not
  * declared their templates). `[keyof TemplateRegistryMap] extends [never]` is
@@ -314,6 +373,66 @@ declare class ListsResource {
     unsubscribe(input: SubscribeInput): Promise<UnsubscribeResult>;
 }
 
+/**
+ * The `webhooks.*` resource — manage outbound webhook endpoints (the
+ * Svix-style signed event stream Hogsend emits to subscriber URLs).
+ *
+ * IMPORTANT: unlike the rest of the client (which uses an `ingest`-scoped data
+ * key), this resource targets the ADMIN plane (`/v1/admin/webhooks`) and
+ * REQUIRES a full-admin key. Signing-secret management is the same trust class
+ * as API-key management — a leaked ingest key must never register an
+ * exfiltration endpoint. Construct the client with an admin `apiKey`.
+ *
+ * The full signing `secret` (`whsec_…`) is returned ONCE — on
+ * {@link WebhooksResource.create} and {@link WebhooksResource.rotateSecret}.
+ * `list`/`get` only ever expose the display `secretPrefix`. Store it on create.
+ */
+declare class WebhooksResource {
+    private readonly http;
+    constructor(http: HttpClient);
+    /**
+     * Register a new endpoint subscribed to one or more outbound event types.
+     * Returns the endpoint INCLUDING the full signing `secret` — this is the
+     * only time (besides rotate) the secret is returned. Store it now.
+     */
+    create(input: CreateWebhookInput): Promise<CreatedWebhookEndpoint>;
+    /**
+     * List endpoints (newest first). Disabled endpoints are hidden unless
+     * `includeDisabled` is set. Returns the endpoints array (unwrapped from the
+     * `{ endpoints, total, limit, offset }` envelope).
+     */
+    list(opts?: {
+        limit?: number;
+        offset?: number;
+        includeDisabled?: boolean;
+    }): Promise<WebhookEndpoint[]>;
+    /** Fetch one endpoint by id (404 → {@link HogsendAPIError}). */
+    get(id: string): Promise<WebhookEndpoint>;
+    /**
+     * Patch an endpoint. Only the provided fields change; `description: null`
+     * clears the description. Does NOT return or rotate the secret.
+     */
+    update(id: string, input: UpdateWebhookInput): Promise<WebhookEndpoint>;
+    /** Hard-delete an endpoint (cascade drops its deliveries). */
+    delete(id: string): Promise<{
+        deleted: boolean;
+    }>;
+    /**
+     * Rotate the signing secret. The OLD secret is invalidated immediately (hard
+     * cutover) — update every subscriber with the returned new `secret` (returned
+     * ONCE).
+     */
+    rotateSecret(id: string): Promise<RotateWebhookSecretResult>;
+    /**
+     * Enqueue an out-of-band `webhook.test` delivery to the endpoint, delivered
+     * regardless of its subscribed `eventTypes`. Returns the 202 enqueue ack.
+     */
+    sendTest(id: string): Promise<{
+        enqueued: boolean;
+        eventType: "webhook.test";
+    }>;
+}
+
 /**
  * Typed HTTP client for the Hogsend data plane.
  *
@@ -329,7 +448,59 @@ declare class Hogsend {
     readonly emails: EmailsResource;
     readonly lists: ListsResource;
     readonly campaigns: CampaignsResource;
+    /**
+     * Manage outbound webhook endpoints (the signed event stream Hogsend emits to
+     * subscriber URLs). REQUIRES a full-admin `apiKey` — this resource hits the
+     * admin plane (`/v1/admin/webhooks`), NOT the ingest data plane the other
+     * resources use. See {@link WebhooksResource}.
+     */
+    readonly webhooks: WebhooksResource;
     constructor(opts: HogsendOptions);
 }
 
-export { type Campaign, type CampaignAudienceKind, type CampaignStatus, type Contact, type DeleteContactInput, type DeleteContactResult, type ExitResult, type FindContactsInput, Hogsend, HogsendAPIError, type HogsendOptions, type Identity, type IngestResult, type ListSummary, RateLimitError, type SendCampaignInput, type SendCampaignResult, type SendEmailInput, type SendEmailResult, type SendEventInput, type SubscribeInput, type SubscribeResult, type UnsubscribeResult, type UpsertContactInput, type UpsertContactResult };
+/**
+ * Verify and parse an INBOUND Hogsend outbound-webhook delivery, the
+ * subscriber-side counterpart of the engine's signing. Use this in a handler
+ * that receives Hogsend's signed POSTs to confirm authenticity before trusting
+ * the body.
+ *
+ * Pass the RAW request body bytes (the exact string Hogsend signed — never a
+ * re-stringified object), the request headers, and the endpoint's `whsec_…`
+ * signing secret (from create / rotate-secret). Returns the parsed event
+ * envelope (`{ id, type, timestamp, data }`) on success.
+ *
+ * Throws on a bad signature, a missing signature header, or a timestamp outside
+ * the 5-minute tolerance window.
+ *
+ * Implementation: wraps svix's `Webhook.verify` (constant-time, tolerance-
+ * checked); if svix cannot run for any reason it falls back to a pure
+ * `node:crypto` HMAC-SHA256 check over `${id}.${timestamp}.${body}` with a
+ * `timingSafeEqual` compare against the `v1,<base64>` signature(s).
+ *
+ * @example
+ * ```ts
+ * import { verifyHogsendWebhook } from "@hogsend/client";
+ *
+ * app.post("/webhooks/hogsend", async (req, res) => {
+ *   const body = await readRawBody(req); // the exact bytes
+ *   try {
+ *     const event = verifyHogsendWebhook({
+ *       payload: body,
+ *       headers: req.headers,
+ *       secret: process.env.HOGSEND_WEBHOOK_SECRET!,
+ *     });
+ *     // handle event.type ...
+ *     res.sendStatus(200);
+ *   } catch {
+ *     res.sendStatus(401);
+ *   }
+ * });
+ * ```
+ */
+declare function verifyHogsendWebhook(opts: {
+    payload: string;
+    headers: Record<string, string>;
+    secret: string;
+}): unknown;
+
+export { type Campaign, type CampaignAudienceKind, type CampaignStatus, type Contact, type CreateWebhookInput, type CreatedWebhookEndpoint, type DeleteContactInput, type DeleteContactResult, type ExitResult, type FindContactsInput, Hogsend, HogsendAPIError, type HogsendOptions, type Identity, type IngestResult, type ListSummary, type OutboundEventType, RateLimitError, type RotateWebhookSecretResult, type SendCampaignInput, type SendCampaignResult, type SendEmailInput, type SendEmailResult, type SendEventInput, type SubscribeInput, type SubscribeResult, type UnsubscribeResult, type UpdateWebhookInput, type UpsertContactInput, type UpsertContactResult, type WebhookEndpoint, verifyHogsendWebhook };

package/dist/index.d.ts

@@ -32,6 +32,7 @@ interface HttpClient {
     get<T = unknown>(path: string, query?: Query): Promise<T>;
     post<T = unknown>(path: string, body: unknown, extras?: RequestExtras): Promise<T>;
     put<T = unknown>(path: string, body: unknown, extras?: RequestExtras): Promise<T>;
+    patch<T = unknown>(path: string, body: unknown, extras?: RequestExtras): Promise<T>;
     del<T = unknown>(path: string, body?: unknown): Promise<T>;
 }
 
@@ -161,6 +162,64 @@ interface SubscribeResult {
 interface UnsubscribeResult {
     unsubscribed: boolean;
 }
+/**
+ * The 12-event outbound catalog. MIRRORS the engine's `WEBHOOK_EVENT_TYPES`
+ * (`@hogsend/engine` lib/webhook-signing.ts) — the client cannot import the
+ * engine, so the union is re-declared here. A drift check keeps them in sync.
+ * The `webhook.test` sentinel is NOT a member (out-of-band).
+ */
+type OutboundEventType = "contact.created" | "contact.updated" | "contact.deleted" | "contact.unsubscribed" | "email.sent" | "email.delivered" | "email.opened" | "email.clicked" | "email.bounced" | "journey.completed" | "bucket.entered" | "bucket.left";
+/**
+ * A managed outbound webhook endpoint as returned by `/v1/admin/webhooks` list
+ * + get. NEVER carries the full signing `secret` — only its display
+ * `secretPrefix`. The full secret is returned exactly once, on create and
+ * rotate-secret, as {@link CreatedWebhookEndpoint} / {@link RotateWebhookSecretResult}.
+ */
+interface WebhookEndpoint {
+    id: string;
+    url: string;
+    description: string | null;
+    eventTypes: OutboundEventType[];
+    /** Safe-to-display prefix, e.g. `whsec_AbCd`. The full secret is never here. */
+    secretPrefix: string;
+    status: "enabled" | "disabled";
+    organizationId: string | null;
+    /** ISO string of the last delivery attempt, or null if never delivered. */
+    lastDeliveryAt: string | null;
+    createdAt: string;
+    updatedAt: string;
+}
+/**
+ * The create / rotate response: a {@link WebhookEndpoint} PLUS the full signing
+ * `secret` (`whsec_…`). Returned ONCE — store it now, it is never recoverable
+ * from list/get.
+ */
+type CreatedWebhookEndpoint = WebhookEndpoint & {
+    secret: string;
+};
+/** Body for `hs.webhooks.create`. At least one event type is required. */
+interface CreateWebhookInput {
+    url: string;
+    eventTypes: OutboundEventType[];
+    description?: string;
+    disabled?: boolean;
+}
+/**
+ * Body for `hs.webhooks.update` (PATCH semantics — only provided fields change).
+ * `description: null` clears the description.
+ */
+interface UpdateWebhookInput {
+    url?: string;
+    eventTypes?: OutboundEventType[];
+    description?: string | null;
+    disabled?: boolean;
+}
+/** Result of `hs.webhooks.rotateSecret` — the NEW full secret, returned once. */
+interface RotateWebhookSecretResult {
+    id: string;
+    secret: string;
+    secretPrefix: string;
+}
 /**
  * `true` when `TemplateRegistryMap` carries no augmented keys (consumer has not
  * declared their templates). `[keyof TemplateRegistryMap] extends [never]` is
@@ -314,6 +373,66 @@ declare class ListsResource {
     unsubscribe(input: SubscribeInput): Promise<UnsubscribeResult>;
 }
 
+/**
+ * The `webhooks.*` resource — manage outbound webhook endpoints (the
+ * Svix-style signed event stream Hogsend emits to subscriber URLs).
+ *
+ * IMPORTANT: unlike the rest of the client (which uses an `ingest`-scoped data
+ * key), this resource targets the ADMIN plane (`/v1/admin/webhooks`) and
+ * REQUIRES a full-admin key. Signing-secret management is the same trust class
+ * as API-key management — a leaked ingest key must never register an
+ * exfiltration endpoint. Construct the client with an admin `apiKey`.
+ *
+ * The full signing `secret` (`whsec_…`) is returned ONCE — on
+ * {@link WebhooksResource.create} and {@link WebhooksResource.rotateSecret}.
+ * `list`/`get` only ever expose the display `secretPrefix`. Store it on create.
+ */
+declare class WebhooksResource {
+    private readonly http;
+    constructor(http: HttpClient);
+    /**
+     * Register a new endpoint subscribed to one or more outbound event types.
+     * Returns the endpoint INCLUDING the full signing `secret` — this is the
+     * only time (besides rotate) the secret is returned. Store it now.
+     */
+    create(input: CreateWebhookInput): Promise<CreatedWebhookEndpoint>;
+    /**
+     * List endpoints (newest first). Disabled endpoints are hidden unless
+     * `includeDisabled` is set. Returns the endpoints array (unwrapped from the
+     * `{ endpoints, total, limit, offset }` envelope).
+     */
+    list(opts?: {
+        limit?: number;
+        offset?: number;
+        includeDisabled?: boolean;
+    }): Promise<WebhookEndpoint[]>;
+    /** Fetch one endpoint by id (404 → {@link HogsendAPIError}). */
+    get(id: string): Promise<WebhookEndpoint>;
+    /**
+     * Patch an endpoint. Only the provided fields change; `description: null`
+     * clears the description. Does NOT return or rotate the secret.
+     */
+    update(id: string, input: UpdateWebhookInput): Promise<WebhookEndpoint>;
+    /** Hard-delete an endpoint (cascade drops its deliveries). */
+    delete(id: string): Promise<{
+        deleted: boolean;
+    }>;
+    /**
+     * Rotate the signing secret. The OLD secret is invalidated immediately (hard
+     * cutover) — update every subscriber with the returned new `secret` (returned
+     * ONCE).
+     */
+    rotateSecret(id: string): Promise<RotateWebhookSecretResult>;
+    /**
+     * Enqueue an out-of-band `webhook.test` delivery to the endpoint, delivered
+     * regardless of its subscribed `eventTypes`. Returns the 202 enqueue ack.
+     */
+    sendTest(id: string): Promise<{
+        enqueued: boolean;
+        eventType: "webhook.test";
+    }>;
+}
+
 /**
  * Typed HTTP client for the Hogsend data plane.
  *
@@ -329,7 +448,59 @@ declare class Hogsend {
     readonly emails: EmailsResource;
     readonly lists: ListsResource;
     readonly campaigns: CampaignsResource;
+    /**
+     * Manage outbound webhook endpoints (the signed event stream Hogsend emits to
+     * subscriber URLs). REQUIRES a full-admin `apiKey` — this resource hits the
+     * admin plane (`/v1/admin/webhooks`), NOT the ingest data plane the other
+     * resources use. See {@link WebhooksResource}.
+     */
+    readonly webhooks: WebhooksResource;
     constructor(opts: HogsendOptions);
 }
 
-export { type Campaign, type CampaignAudienceKind, type CampaignStatus, type Contact, type DeleteContactInput, type DeleteContactResult, type ExitResult, type FindContactsInput, Hogsend, HogsendAPIError, type HogsendOptions, type Identity, type IngestResult, type ListSummary, RateLimitError, type SendCampaignInput, type SendCampaignResult, type SendEmailInput, type SendEmailResult, type SendEventInput, type SubscribeInput, type SubscribeResult, type UnsubscribeResult, type UpsertContactInput, type UpsertContactResult };
+/**
+ * Verify and parse an INBOUND Hogsend outbound-webhook delivery, the
+ * subscriber-side counterpart of the engine's signing. Use this in a handler
+ * that receives Hogsend's signed POSTs to confirm authenticity before trusting
+ * the body.
+ *
+ * Pass the RAW request body bytes (the exact string Hogsend signed — never a
+ * re-stringified object), the request headers, and the endpoint's `whsec_…`
+ * signing secret (from create / rotate-secret). Returns the parsed event
+ * envelope (`{ id, type, timestamp, data }`) on success.
+ *
+ * Throws on a bad signature, a missing signature header, or a timestamp outside
+ * the 5-minute tolerance window.
+ *
+ * Implementation: wraps svix's `Webhook.verify` (constant-time, tolerance-
+ * checked); if svix cannot run for any reason it falls back to a pure
+ * `node:crypto` HMAC-SHA256 check over `${id}.${timestamp}.${body}` with a
+ * `timingSafeEqual` compare against the `v1,<base64>` signature(s).
+ *
+ * @example
+ * ```ts
+ * import { verifyHogsendWebhook } from "@hogsend/client";
+ *
+ * app.post("/webhooks/hogsend", async (req, res) => {
+ *   const body = await readRawBody(req); // the exact bytes
+ *   try {
+ *     const event = verifyHogsendWebhook({
+ *       payload: body,
+ *       headers: req.headers,
+ *       secret: process.env.HOGSEND_WEBHOOK_SECRET!,
+ *     });
+ *     // handle event.type ...
+ *     res.sendStatus(200);
+ *   } catch {
+ *     res.sendStatus(401);
+ *   }
+ * });
+ * ```
+ */
+declare function verifyHogsendWebhook(opts: {
+    payload: string;
+    headers: Record<string, string>;
+    secret: string;
+}): unknown;
+
+export { type Campaign, type CampaignAudienceKind, type CampaignStatus, type Contact, type CreateWebhookInput, type CreatedWebhookEndpoint, type DeleteContactInput, type DeleteContactResult, type ExitResult, type FindContactsInput, Hogsend, HogsendAPIError, type HogsendOptions, type Identity, type IngestResult, type ListSummary, type OutboundEventType, RateLimitError, type RotateWebhookSecretResult, type SendCampaignInput, type SendCampaignResult, type SendEmailInput, type SendEmailResult, type SendEventInput, type SubscribeInput, type SubscribeResult, type UnsubscribeResult, type UpdateWebhookInput, type UpsertContactInput, type UpsertContactResult, type WebhookEndpoint, verifyHogsendWebhook };

package/dist/index.js

@@ -116,6 +116,7 @@ function createHttpClient(config) {
     get: (path, query) => request("GET", path, { query }),
     post: (path, body, extras) => request("POST", path, { body, extras }),
     put: (path, body, extras) => request("PUT", path, { body, extras }),
+    patch: (path, body, extras) => request("PATCH", path, { body, extras }),
     del: (path, body) => request("DELETE", path, { body })
   };
 }
@@ -307,6 +308,87 @@ var ListsResource = class {
   }
 };
 
+// src/resources/webhooks.ts
+var BASE = "/v1/admin/webhooks";
+var WebhooksResource = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /**
+   * Register a new endpoint subscribed to one or more outbound event types.
+   * Returns the endpoint INCLUDING the full signing `secret` — this is the
+   * only time (besides rotate) the secret is returned. Store it now.
+   */
+  create(input) {
+    return this.http.post(BASE, {
+      url: input.url,
+      eventTypes: input.eventTypes,
+      description: input.description,
+      disabled: input.disabled
+    });
+  }
+  /**
+   * List endpoints (newest first). Disabled endpoints are hidden unless
+   * `includeDisabled` is set. Returns the endpoints array (unwrapped from the
+   * `{ endpoints, total, limit, offset }` envelope).
+   */
+  async list(opts) {
+    const res = await this.http.get(BASE, {
+      limit: opts?.limit,
+      offset: opts?.offset,
+      includeDisabled: opts?.includeDisabled === void 0 ? void 0 : String(opts.includeDisabled)
+    });
+    return res.endpoints;
+  }
+  /** Fetch one endpoint by id (404 → {@link HogsendAPIError}). */
+  get(id) {
+    return this.http.get(`${BASE}/${encodeURIComponent(id)}`);
+  }
+  /**
+   * Patch an endpoint. Only the provided fields change; `description: null`
+   * clears the description. Does NOT return or rotate the secret.
+   */
+  update(id, input) {
+    return this.http.patch(
+      `${BASE}/${encodeURIComponent(id)}`,
+      {
+        url: input.url,
+        eventTypes: input.eventTypes,
+        description: input.description,
+        disabled: input.disabled
+      }
+    );
+  }
+  /** Hard-delete an endpoint (cascade drops its deliveries). */
+  delete(id) {
+    return this.http.del(
+      `${BASE}/${encodeURIComponent(id)}`
+    );
+  }
+  /**
+   * Rotate the signing secret. The OLD secret is invalidated immediately (hard
+   * cutover) — update every subscriber with the returned new `secret` (returned
+   * ONCE).
+   */
+  rotateSecret(id) {
+    return this.http.post(
+      `${BASE}/${encodeURIComponent(id)}/rotate-secret`,
+      {}
+    );
+  }
+  /**
+   * Enqueue an out-of-band `webhook.test` delivery to the endpoint, delivered
+   * regardless of its subscribed `eventTypes`. Returns the 202 enqueue ack.
+   */
+  sendTest(id) {
+    return this.http.post(
+      `${BASE}/${encodeURIComponent(id)}/test`,
+      {}
+    );
+  }
+};
+
 // src/hogsend.ts
 var Hogsend = class {
   contacts;
@@ -314,6 +396,13 @@ var Hogsend = class {
   emails;
   lists;
   campaigns;
+  /**
+   * Manage outbound webhook endpoints (the signed event stream Hogsend emits to
+   * subscriber URLs). REQUIRES a full-admin `apiKey` — this resource hits the
+   * admin plane (`/v1/admin/webhooks`), NOT the ingest data plane the other
+   * resources use. See {@link WebhooksResource}.
+   */
+  webhooks;
   constructor(opts) {
     if (!opts.baseUrl) {
       throw new TypeError("Hogsend: `baseUrl` is required.");
@@ -333,11 +422,75 @@ var Hogsend = class {
     this.emails = new EmailsResource(http);
     this.lists = new ListsResource(http);
     this.campaigns = new CampaignsResource(http);
+    this.webhooks = new WebhooksResource(http);
   }
 };
+
+// src/internal/verify.ts
+import { createHmac, timingSafeEqual } from "crypto";
+import { Webhook } from "svix";
+var TOLERANCE_SECONDS = 5 * 60;
+function normalizeHeaders(headers) {
+  const out = {};
+  for (const [key, value] of Object.entries(headers)) {
+    out[key.toLowerCase()] = value;
+  }
+  return out;
+}
+function verifyHogsendWebhook(opts) {
+  const headers = normalizeHeaders(opts.headers);
+  const id = headers["webhook-id"] ?? headers["svix-id"];
+  const timestamp = headers["webhook-timestamp"] ?? headers["svix-timestamp"];
+  const signature = headers["webhook-signature"] ?? headers["svix-signature"];
+  if (!id || !timestamp || !signature) {
+    throw new Error(
+      "verifyHogsendWebhook: missing Webhook-Id / Webhook-Timestamp / Webhook-Signature header"
+    );
+  }
+  try {
+    const wh = new Webhook(opts.secret);
+    return wh.verify(opts.payload, {
+      "svix-id": id,
+      "svix-timestamp": timestamp,
+      "svix-signature": signature
+    });
+  } catch {
+    return verifyWithNodeCrypto({
+      payload: opts.payload,
+      secret: opts.secret,
+      id,
+      timestamp,
+      signature
+    });
+  }
+}
+function verifyWithNodeCrypto(opts) {
+  const ts = Number.parseInt(opts.timestamp, 10);
+  if (!Number.isFinite(ts)) {
+    throw new Error("verifyHogsendWebhook: invalid Webhook-Timestamp");
+  }
+  const now = Math.floor(Date.now() / 1e3);
+  if (Math.abs(now - ts) > TOLERANCE_SECONDS) {
+    throw new Error("verifyHogsendWebhook: timestamp outside tolerance window");
+  }
+  const key = opts.secret.startsWith("whsec_") ? Buffer.from(opts.secret.slice(6), "base64") : Buffer.from(opts.secret, "base64");
+  const signedContent = `${opts.id}.${opts.timestamp}.${opts.payload}`;
+  const expected = createHmac("sha256", key).update(signedContent).digest("base64");
+  const expectedBuf = Buffer.from(expected);
+  const matched = opts.signature.split(" ").some((part) => {
+    const sig = part.startsWith("v1,") ? part.slice(3) : part;
+    const candidate = Buffer.from(sig);
+    return candidate.length === expectedBuf.length && timingSafeEqual(candidate, expectedBuf);
+  });
+  if (!matched) {
+    throw new Error("verifyHogsendWebhook: signature verification failed");
+  }
+  return JSON.parse(opts.payload);
+}
 export {
   Hogsend,
   HogsendAPIError,
-  RateLimitError
+  RateLimitError,
+  verifyHogsendWebhook
 };
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/errors.ts","../src/internal/http.ts","../src/resources/campaigns.ts","../src/internal/identity.ts","../src/resources/contacts.ts","../src/resources/emails.ts","../src/resources/events.ts","../src/resources/lists.ts","../src/hogsend.ts"],"sourcesContent":["/**\n * A non-2xx response — or a transport-level failure — from the Hogsend data\n * plane. `status` is the HTTP status code, or `0` when the request never\n * reached the server (DNS/connect/timeout). `body` is the parsed JSON body when\n * available, else the raw text, else `undefined`.\n */\nexport class HogsendAPIError extends Error {\n  readonly status: number;\n  readonly body: unknown;\n\n  constructor(message: string, status: number, body: unknown) {\n    super(message);\n    this.name = \"HogsendAPIError\";\n    this.status = status;\n    this.body = body;\n    // Restore prototype chain for instanceof across transpile targets.\n    Object.setPrototypeOf(this, new.target.prototype);\n  }\n}\n\n/**\n * A `429 Too Many Requests` response. `retryAfter` is the parsed `Retry-After`\n * header in seconds when present (the server sends it on 429 for `/v1/emails`).\n */\nexport class RateLimitError extends HogsendAPIError {\n  readonly retryAfter?: number;\n\n  constructor(message: string, body: unknown, retryAfter?: number) {\n    super(message, 429, body);\n    this.name = \"RateLimitError\";\n    this.retryAfter = retryAfter;\n    Object.setPrototypeOf(this, new.target.prototype);\n  }\n}\n","import { HogsendAPIError, RateLimitError } from \"../errors.js\";\n\n/** Query params accepted by `get` — undefined values are dropped. */\nexport type Query = Record<string, string | number | undefined>;\n\n/** Per-request extras (currently just an idempotency header passthrough). */\nexport interface RequestExtras {\n  /** Sent as the `Idempotency-Key` header when set. */\n  idempotencyKey?: string;\n}\n\nexport interface HttpClientConfig {\n  baseUrl: string;\n  apiKey: string;\n  fetch?: typeof fetch;\n  timeoutMs?: number;\n  headers?: Record<string, string>;\n}\n\n/** A minimal, self-contained data-plane HTTP client over native fetch. */\nexport interface HttpClient {\n  get<T = unknown>(path: string, query?: Query): Promise<T>;\n  post<T = unknown>(\n    path: string,\n    body: unknown,\n    extras?: RequestExtras,\n  ): Promise<T>;\n  put<T = unknown>(\n    path: string,\n    body: unknown,\n    extras?: RequestExtras,\n  ): Promise<T>;\n  del<T = unknown>(path: string, body?: unknown): Promise<T>;\n}\n\nconst DEFAULT_TIMEOUT_MS = 30_000;\n\nfunction buildUrl(baseUrl: string, path: string, query?: Query): string {\n  const url = new URL(path.startsWith(\"/\") ? path : `/${path}`, `${baseUrl}/`);\n  if (query) {\n    for (const [key, value] of Object.entries(query)) {\n      if (value === undefined) continue;\n      url.searchParams.set(key, String(value));\n    }\n  }\n  return url.toString();\n}\n\nfunction bodyMessage(status: number, body: unknown): string {\n  if (body && typeof body === \"object\") {\n    // Application-handler envelope: `{ error: \"human message\" }`.\n    const errField = (body as { error?: unknown }).error;\n    if (typeof errField === \"string\") {\n      return `${status}: ${errField}`;\n    }\n    // @hono/zod-openapi default-hook validation envelope:\n    // `{ success: false, error: <ZodError> }` (no defaultHook configured). The\n    // structured ZodError is preserved on `err.body`; surface a short, readable\n    // summary for `err.message` instead of the generic fallback.\n    if (\n      (body as { success?: unknown }).success === false &&\n      errField &&\n      typeof errField === \"object\"\n    ) {\n      const summary = JSON.stringify(errField).slice(0, 200);\n      return `${status}: validation failed ${summary}`;\n    }\n  }\n  return `request failed with status ${status}`;\n}\n\n/** Parse a `Retry-After` header (seconds form) into a number, else undefined. */\nfunction parseRetryAfter(value: string | null): number | undefined {\n  if (!value) return undefined;\n  const seconds = Number.parseInt(value, 10);\n  return Number.isFinite(seconds) ? seconds : undefined;\n}\n\n/**\n * Builds an {@link HttpClient} bound to a config. Native `fetch`, JSON in/out,\n * `Authorization: Bearer <apiKey>`. Throws typed errors:\n *   - {@link RateLimitError} on 429 (with parsed `Retry-After`),\n *   - {@link HogsendAPIError} on any other non-2xx,\n *   - {@link HogsendAPIError} with `status === 0` on a transport failure\n *     (DNS/connect/abort/timeout).\n */\nexport function createHttpClient(config: HttpClientConfig): HttpClient {\n  const doFetch = config.fetch ?? fetch;\n  const timeoutMs = config.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n  const extraHeaders = config.headers ?? {};\n\n  async function request<T>(\n    method: string,\n    path: string,\n    opts: { query?: Query; body?: unknown; extras?: RequestExtras },\n  ): Promise<T> {\n    const headers: Record<string, string> = {\n      Accept: \"application/json\",\n      Authorization: `Bearer ${config.apiKey}`,\n      ...extraHeaders,\n    };\n    if (opts.body !== undefined) {\n      headers[\"Content-Type\"] = \"application/json\";\n    }\n    if (opts.extras?.idempotencyKey) {\n      headers[\"Idempotency-Key\"] = opts.extras.idempotencyKey;\n    }\n\n    const url = buildUrl(config.baseUrl, path, opts.query);\n\n    const controller = new AbortController();\n    const timer = setTimeout(() => controller.abort(), timeoutMs);\n\n    let res: Response;\n    try {\n      res = await doFetch(url, {\n        method,\n        headers,\n        body: opts.body !== undefined ? JSON.stringify(opts.body) : undefined,\n        signal: controller.signal,\n      });\n    } catch (cause) {\n      const msg = cause instanceof Error ? cause.message : String(cause);\n      throw new HogsendAPIError(\n        `cannot reach ${config.baseUrl} (${msg})`,\n        0,\n        undefined,\n      );\n    } finally {\n      clearTimeout(timer);\n    }\n\n    const text = await res.text();\n    let parsed: unknown;\n    if (text.length > 0) {\n      try {\n        parsed = JSON.parse(text);\n      } catch {\n        parsed = text;\n      }\n    }\n\n    if (!res.ok) {\n      if (res.status === 429) {\n        throw new RateLimitError(\n          bodyMessage(res.status, parsed),\n          parsed,\n          parseRetryAfter(res.headers.get(\"Retry-After\")),\n        );\n      }\n      throw new HogsendAPIError(\n        bodyMessage(res.status, parsed),\n        res.status,\n        parsed,\n      );\n    }\n\n    return parsed as T;\n  }\n\n  return {\n    get: <T>(path: string, query?: Query) => request<T>(\"GET\", path, { query }),\n    post: <T>(path: string, body: unknown, extras?: RequestExtras) =>\n      request<T>(\"POST\", path, { body, extras }),\n    put: <T>(path: string, body: unknown, extras?: RequestExtras) =>\n      request<T>(\"PUT\", path, { body, extras }),\n    del: <T>(path: string, body?: unknown) =>\n      request<T>(\"DELETE\", path, { body }),\n  };\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport type {\n  Campaign,\n  SendCampaignInput,\n  SendCampaignResult,\n} from \"../types.js\";\n\n/** The `campaigns.*` resource bound to an {@link HttpClient}. */\nexport class CampaignsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /**\n   * Queue a broadcast: durably send one template to every subscribed member of\n   * a `list` (or every active member of a `bucket`). Exactly one of `list` /\n   * `bucket` must be set; `template`/`props` are type-checked against the\n   * augmented `TemplateRegistryMap` when `@hogsend/email` is installed, else\n   * degrade to `{ template: string; props? }`.\n   *\n   * Returns the 202 enqueue ack (`{ campaignId, status }`); the actual sends run\n   * asynchronously in the worker. Poll {@link CampaignsResource.get} for counts.\n   */\n  send(input: SendCampaignInput): Promise<SendCampaignResult> {\n    // The discriminated union narrows `template`/`props` and the audience; index\n    // into the input via a permissive view to build the wire body without\n    // re-discriminating.\n    const body = input as SendCampaignInput & {\n      list?: string;\n      bucket?: string;\n      props?: Record<string, unknown>;\n    };\n    return this.http.post<SendCampaignResult>(\"/v1/campaigns\", {\n      name: body.name,\n      list: body.list,\n      bucket: body.bucket,\n      template: body.template,\n      props: body.props,\n      from: body.from,\n      subject: body.subject,\n    });\n  }\n\n  /** Fetch a campaign's current status + send counts. */\n  get(id: string): Promise<Campaign> {\n    return this.http.get<Campaign>(`/v1/campaigns/${encodeURIComponent(id)}`);\n  }\n}\n","/**\n * Runtime guard mirroring the `Identity` union: at least one of `email` /\n * `userId` must be a non-empty string. The type system enforces this at the\n * call site, but runtime callers (plain JS, untyped data) can still violate it,\n * so we fail fast with a clear message before issuing the request.\n */\nexport function assertIdentity(input: {\n  email?: string;\n  userId?: string;\n}): void {\n  const hasEmail = typeof input.email === \"string\" && input.email.length > 0;\n  const hasUserId = typeof input.userId === \"string\" && input.userId.length > 0;\n  if (!hasEmail && !hasUserId) {\n    throw new TypeError(\n      \"Hogsend: an identity is required — pass `email`, `userId`, or both.\",\n    );\n  }\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport { assertIdentity } from \"../internal/identity.js\";\nimport type {\n  Contact,\n  DeleteContactInput,\n  DeleteContactResult,\n  FindContactsInput,\n  UpsertContactInput,\n  UpsertContactResult,\n} from \"../types.js\";\n\n/** The `contacts.*` resource bound to an {@link HttpClient}. */\nexport class ContactsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /**\n   * Upsert a contact by identity. Resolves/merges server-side and optionally\n   * applies list membership. Returns `{ id, created, linked }`.\n   */\n  async upsert(input: UpsertContactInput): Promise<UpsertContactResult> {\n    assertIdentity(input);\n    return this.http.put<UpsertContactResult>(\"/v1/contacts\", {\n      email: input.email,\n      userId: input.userId,\n      properties: input.properties,\n      lists: input.lists,\n    });\n  }\n\n  /** Find non-deleted contacts by `email` or `userId`. */\n  async find(input: FindContactsInput): Promise<Contact[]> {\n    const query: Record<string, string | undefined> = {\n      email: \"email\" in input ? input.email : undefined,\n      userId: \"userId\" in input ? input.userId : undefined,\n    };\n    const res = await this.http.get<{ contacts: Contact[] }>(\n      \"/v1/contacts/find\",\n      query,\n    );\n    return res.contacts;\n  }\n\n  /** Soft-delete a contact by identity. */\n  async delete(input: DeleteContactInput): Promise<DeleteContactResult> {\n    assertIdentity(input);\n    return this.http.del<DeleteContactResult>(\"/v1/contacts\", {\n      email: input.email,\n      userId: input.userId,\n    });\n  }\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport type { SendEmailInput, SendEmailResult } from \"../types.js\";\n\n/** The `emails.*` resource bound to an {@link HttpClient}. */\nexport class EmailsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /**\n   * Send a transactional email by template. Recipient is `to` (raw address) or\n   * `userId` (resolved server-side). `template`/`props` are type-checked against\n   * the augmented `TemplateRegistryMap` when `@hogsend/email` is installed,\n   * else degrade to `{ template: string; props? }`.\n   */\n  send(input: SendEmailInput): Promise<SendEmailResult> {\n    // The discriminated union narrows `template`/`props`; index into the input\n    // via a permissive view to build the wire body without re-discriminating.\n    const body = input as SendEmailInput & {\n      props?: Record<string, unknown>;\n    };\n    return this.http.post<SendEmailResult>(\n      \"/v1/emails\",\n      {\n        to: body.to,\n        userId: body.userId,\n        template: body.template,\n        props: body.props,\n        from: body.from,\n        subject: body.subject,\n        replyTo: body.replyTo,\n        category: body.category,\n        skipPreferenceCheck: body.skipPreferenceCheck,\n        idempotencyKey: body.idempotencyKey,\n      },\n      body.idempotencyKey ? { idempotencyKey: body.idempotencyKey } : undefined,\n    );\n  }\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport { assertIdentity } from \"../internal/identity.js\";\nimport type { IngestResult, SendEventInput } from \"../types.js\";\n\n/** The `events.*` resource bound to an {@link HttpClient}. */\nexport class EventsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /**\n   * Send an event through the ingestion pipeline. The two property bags are\n   * kept distinct: `eventProperties` feed `trigger.where`/`exitOn`,\n   * `contactProperties` merge onto the contact. Optionally apply list\n   * membership. Returns the ingest result (stored + exit evaluations).\n   *\n   * `idempotencyKey` is sent both as the `Idempotency-Key` header (which wins\n   * server-side) and in the body, matching `POST /v1/events`.\n   */\n  send(input: SendEventInput): Promise<IngestResult> {\n    assertIdentity(input);\n    return this.http.post<IngestResult>(\n      \"/v1/events\",\n      {\n        name: input.name,\n        email: input.email,\n        userId: input.userId,\n        eventProperties: input.eventProperties,\n        contactProperties: input.contactProperties,\n        lists: input.lists,\n        idempotencyKey: input.idempotencyKey,\n      },\n      input.idempotencyKey\n        ? { idempotencyKey: input.idempotencyKey }\n        : undefined,\n    );\n  }\n\n  /** Alias of {@link EventsResource.send}. */\n  track(input: SendEventInput): Promise<IngestResult> {\n    return this.send(input);\n  }\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport { assertIdentity } from \"../internal/identity.js\";\nimport type {\n  ListSummary,\n  SubscribeInput,\n  SubscribeResult,\n  UnsubscribeResult,\n} from \"../types.js\";\n\n/** The `lists.*` resource bound to an {@link HttpClient}. */\nexport class ListsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /** List all code-defined lists. */\n  async list(): Promise<ListSummary[]> {\n    const res = await this.http.get<{ lists: ListSummary[] }>(\"/v1/lists\");\n    return res.lists;\n  }\n\n  /** Subscribe an identity to a list. */\n  async subscribe(input: SubscribeInput): Promise<SubscribeResult> {\n    assertIdentity(input);\n    const res = await this.http.post<{ list: string; subscribed: boolean }>(\n      `/v1/lists/${encodeURIComponent(input.list)}/subscribe`,\n      { email: input.email, userId: input.userId },\n    );\n    return { subscribed: res.subscribed };\n  }\n\n  /** Unsubscribe an identity from a list. */\n  async unsubscribe(input: SubscribeInput): Promise<UnsubscribeResult> {\n    assertIdentity(input);\n    const res = await this.http.post<{ list: string; subscribed: boolean }>(\n      `/v1/lists/${encodeURIComponent(input.list)}/unsubscribe`,\n      { email: input.email, userId: input.userId },\n    );\n    return { unsubscribed: res.subscribed === false };\n  }\n}\n","import { createHttpClient } from \"./internal/http.js\";\nimport { CampaignsResource } from \"./resources/campaigns.js\";\nimport { ContactsResource } from \"./resources/contacts.js\";\nimport { EmailsResource } from \"./resources/emails.js\";\nimport { EventsResource } from \"./resources/events.js\";\nimport { ListsResource } from \"./resources/lists.js\";\nimport type { HogsendOptions } from \"./types.js\";\n\n/**\n * Typed HTTP client for the Hogsend data plane.\n *\n * ```ts\n * const hs = new Hogsend({ baseUrl: \"https://api.example.com\", apiKey: \"hsk_…\" });\n * await hs.contacts.upsert({ email: \"a@b.com\", properties: { plan: \"pro\" } });\n * await hs.events.send({ userId: \"u_1\", name: \"signup\" });\n * ```\n */\nexport class Hogsend {\n  readonly contacts: ContactsResource;\n  readonly events: EventsResource;\n  readonly emails: EmailsResource;\n  readonly lists: ListsResource;\n  readonly campaigns: CampaignsResource;\n\n  constructor(opts: HogsendOptions) {\n    if (!opts.baseUrl) {\n      throw new TypeError(\"Hogsend: `baseUrl` is required.\");\n    }\n    if (!opts.apiKey) {\n      throw new TypeError(\"Hogsend: `apiKey` is required.\");\n    }\n\n    const http = createHttpClient({\n      baseUrl: opts.baseUrl.replace(/\\/+$/, \"\"),\n      apiKey: opts.apiKey,\n      fetch: opts.fetch,\n      timeoutMs: opts.timeoutMs,\n      headers: opts.headers,\n    });\n\n    this.contacts = new ContactsResource(http);\n    this.events = new EventsResource(http);\n    this.emails = new EmailsResource(http);\n    this.lists = new ListsResource(http);\n    this.campaigns = new CampaignsResource(http);\n  }\n}\n"],"mappings":";AAMO,IAAM,kBAAN,cAA8B,MAAM;AAAA,EAChC;AAAA,EACA;AAAA,EAET,YAAY,SAAiB,QAAgB,MAAe;AAC1D,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,OAAO;AAEZ,WAAO,eAAe,MAAM,WAAW,SAAS;AAAA,EAClD;AACF;AAMO,IAAM,iBAAN,cAA6B,gBAAgB;AAAA,EACzC;AAAA,EAET,YAAY,SAAiB,MAAe,YAAqB;AAC/D,UAAM,SAAS,KAAK,IAAI;AACxB,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,WAAO,eAAe,MAAM,WAAW,SAAS;AAAA,EAClD;AACF;;;ACEA,IAAM,qBAAqB;AAE3B,SAAS,SAAS,SAAiB,MAAc,OAAuB;AACtE,QAAM,MAAM,IAAI,IAAI,KAAK,WAAW,GAAG,IAAI,OAAO,IAAI,IAAI,IAAI,GAAG,OAAO,GAAG;AAC3E,MAAI,OAAO;AACT,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,KAAK,GAAG;AAChD,UAAI,UAAU,OAAW;AACzB,UAAI,aAAa,IAAI,KAAK,OAAO,KAAK,CAAC;AAAA,IACzC;AAAA,EACF;AACA,SAAO,IAAI,SAAS;AACtB;AAEA,SAAS,YAAY,QAAgB,MAAuB;AAC1D,MAAI,QAAQ,OAAO,SAAS,UAAU;AAEpC,UAAM,WAAY,KAA6B;AAC/C,QAAI,OAAO,aAAa,UAAU;AAChC,aAAO,GAAG,MAAM,KAAK,QAAQ;AAAA,IAC/B;AAKA,QACG,KAA+B,YAAY,SAC5C,YACA,OAAO,aAAa,UACpB;AACA,YAAM,UAAU,KAAK,UAAU,QAAQ,EAAE,MAAM,GAAG,GAAG;AACrD,aAAO,GAAG,MAAM,uBAAuB,OAAO;AAAA,IAChD;AAAA,EACF;AACA,SAAO,8BAA8B,MAAM;AAC7C;AAGA,SAAS,gBAAgB,OAA0C;AACjE,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,UAAU,OAAO,SAAS,OAAO,EAAE;AACzC,SAAO,OAAO,SAAS,OAAO,IAAI,UAAU;AAC9C;AAUO,SAAS,iBAAiB,QAAsC;AACrE,QAAM,UAAU,OAAO,SAAS;AAChC,QAAM,YAAY,OAAO,aAAa;AACtC,QAAM,eAAe,OAAO,WAAW,CAAC;AAExC,iBAAe,QACb,QACA,MACA,MACY;AACZ,UAAM,UAAkC;AAAA,MACtC,QAAQ;AAAA,MACR,eAAe,UAAU,OAAO,MAAM;AAAA,MACtC,GAAG;AAAA,IACL;AACA,QAAI,KAAK,SAAS,QAAW;AAC3B,cAAQ,cAAc,IAAI;AAAA,IAC5B;AACA,QAAI,KAAK,QAAQ,gBAAgB;AAC/B,cAAQ,iBAAiB,IAAI,KAAK,OAAO;AAAA,IAC3C;AAEA,UAAM,MAAM,SAAS,OAAO,SAAS,MAAM,KAAK,KAAK;AAErD,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,QAAQ,WAAW,MAAM,WAAW,MAAM,GAAG,SAAS;AAE5D,QAAI;AACJ,QAAI;AACF,YAAM,MAAM,QAAQ,KAAK;AAAA,QACvB;AAAA,QACA;AAAA,QACA,MAAM,KAAK,SAAS,SAAY,KAAK,UAAU,KAAK,IAAI,IAAI;AAAA,QAC5D,QAAQ,WAAW;AAAA,MACrB,CAAC;AAAA,IACH,SAAS,OAAO;AACd,YAAM,MAAM,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACjE,YAAM,IAAI;AAAA,QACR,gBAAgB,OAAO,OAAO,KAAK,GAAG;AAAA,QACtC;AAAA,QACA;AAAA,MACF;AAAA,IACF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAEA,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI;AACJ,QAAI,KAAK,SAAS,GAAG;AACnB,UAAI;AACF,iBAAS,KAAK,MAAM,IAAI;AAAA,MAC1B,QAAQ;AACN,iBAAS;AAAA,MACX;AAAA,IACF;AAEA,QAAI,CAAC,IAAI,IAAI;AACX,UAAI,IAAI,WAAW,KAAK;AACtB,cAAM,IAAI;AAAA,UACR,YAAY,IAAI,QAAQ,MAAM;AAAA,UAC9B;AAAA,UACA,gBAAgB,IAAI,QAAQ,IAAI,aAAa,CAAC;AAAA,QAChD;AAAA,MACF;AACA,YAAM,IAAI;AAAA,QACR,YAAY,IAAI,QAAQ,MAAM;AAAA,QAC9B,IAAI;AAAA,QACJ;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,KAAK,CAAI,MAAc,UAAkB,QAAW,OAAO,MAAM,EAAE,MAAM,CAAC;AAAA,IAC1E,MAAM,CAAI,MAAc,MAAe,WACrC,QAAW,QAAQ,MAAM,EAAE,MAAM,OAAO,CAAC;AAAA,IAC3C,KAAK,CAAI,MAAc,MAAe,WACpC,QAAW,OAAO,MAAM,EAAE,MAAM,OAAO,CAAC;AAAA,IAC1C,KAAK,CAAI,MAAc,SACrB,QAAW,UAAU,MAAM,EAAE,KAAK,CAAC;AAAA,EACvC;AACF;;;ACjKO,IAAM,oBAAN,MAAwB;AAAA,EAC7B,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAY7B,KAAK,OAAuD;AAI1D,UAAM,OAAO;AAKb,WAAO,KAAK,KAAK,KAAyB,iBAAiB;AAAA,MACzD,MAAM,KAAK;AAAA,MACX,MAAM,KAAK;AAAA,MACX,QAAQ,KAAK;AAAA,MACb,UAAU,KAAK;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,MAAM,KAAK;AAAA,MACX,SAAS,KAAK;AAAA,IAChB,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,IAAI,IAA+B;AACjC,WAAO,KAAK,KAAK,IAAc,iBAAiB,mBAAmB,EAAE,CAAC,EAAE;AAAA,EAC1E;AACF;;;ACvCO,SAAS,eAAe,OAGtB;AACP,QAAM,WAAW,OAAO,MAAM,UAAU,YAAY,MAAM,MAAM,SAAS;AACzE,QAAM,YAAY,OAAO,MAAM,WAAW,YAAY,MAAM,OAAO,SAAS;AAC5E,MAAI,CAAC,YAAY,CAAC,WAAW;AAC3B,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACF;;;ACLO,IAAM,mBAAN,MAAuB;AAAA,EAC5B,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAM7B,MAAM,OAAO,OAAyD;AACpE,mBAAe,KAAK;AACpB,WAAO,KAAK,KAAK,IAAyB,gBAAgB;AAAA,MACxD,OAAO,MAAM;AAAA,MACb,QAAQ,MAAM;AAAA,MACd,YAAY,MAAM;AAAA,MAClB,OAAO,MAAM;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,KAAK,OAA8C;AACvD,UAAM,QAA4C;AAAA,MAChD,OAAO,WAAW,QAAQ,MAAM,QAAQ;AAAA,MACxC,QAAQ,YAAY,QAAQ,MAAM,SAAS;AAAA,IAC7C;AACA,UAAM,MAAM,MAAM,KAAK,KAAK;AAAA,MAC1B;AAAA,MACA;AAAA,IACF;AACA,WAAO,IAAI;AAAA,EACb;AAAA;AAAA,EAGA,MAAM,OAAO,OAAyD;AACpE,mBAAe,KAAK;AACpB,WAAO,KAAK,KAAK,IAAyB,gBAAgB;AAAA,MACxD,OAAO,MAAM;AAAA,MACb,QAAQ,MAAM;AAAA,IAChB,CAAC;AAAA,EACH;AACF;;;AC9CO,IAAM,iBAAN,MAAqB;AAAA,EAC1B,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQ7B,KAAK,OAAiD;AAGpD,UAAM,OAAO;AAGb,WAAO,KAAK,KAAK;AAAA,MACf;AAAA,MACA;AAAA,QACE,IAAI,KAAK;AAAA,QACT,QAAQ,KAAK;AAAA,QACb,UAAU,KAAK;AAAA,QACf,OAAO,KAAK;AAAA,QACZ,MAAM,KAAK;AAAA,QACX,SAAS,KAAK;AAAA,QACd,SAAS,KAAK;AAAA,QACd,UAAU,KAAK;AAAA,QACf,qBAAqB,KAAK;AAAA,QAC1B,gBAAgB,KAAK;AAAA,MACvB;AAAA,MACA,KAAK,iBAAiB,EAAE,gBAAgB,KAAK,eAAe,IAAI;AAAA,IAClE;AAAA,EACF;AACF;;;AC/BO,IAAM,iBAAN,MAAqB;AAAA,EAC1B,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAW7B,KAAK,OAA8C;AACjD,mBAAe,KAAK;AACpB,WAAO,KAAK,KAAK;AAAA,MACf;AAAA,MACA;AAAA,QACE,MAAM,MAAM;AAAA,QACZ,OAAO,MAAM;AAAA,QACb,QAAQ,MAAM;AAAA,QACd,iBAAiB,MAAM;AAAA,QACvB,mBAAmB,MAAM;AAAA,QACzB,OAAO,MAAM;AAAA,QACb,gBAAgB,MAAM;AAAA,MACxB;AAAA,MACA,MAAM,iBACF,EAAE,gBAAgB,MAAM,eAAe,IACvC;AAAA,IACN;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,OAA8C;AAClD,WAAO,KAAK,KAAK,KAAK;AAAA,EACxB;AACF;;;AC9BO,IAAM,gBAAN,MAAoB;AAAA,EACzB,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA,EAG7B,MAAM,OAA+B;AACnC,UAAM,MAAM,MAAM,KAAK,KAAK,IAA8B,WAAW;AACrE,WAAO,IAAI;AAAA,EACb;AAAA;AAAA,EAGA,MAAM,UAAU,OAAiD;AAC/D,mBAAe,KAAK;AACpB,UAAM,MAAM,MAAM,KAAK,KAAK;AAAA,MAC1B,aAAa,mBAAmB,MAAM,IAAI,CAAC;AAAA,MAC3C,EAAE,OAAO,MAAM,OAAO,QAAQ,MAAM,OAAO;AAAA,IAC7C;AACA,WAAO,EAAE,YAAY,IAAI,WAAW;AAAA,EACtC;AAAA;AAAA,EAGA,MAAM,YAAY,OAAmD;AACnE,mBAAe,KAAK;AACpB,UAAM,MAAM,MAAM,KAAK,KAAK;AAAA,MAC1B,aAAa,mBAAmB,MAAM,IAAI,CAAC;AAAA,MAC3C,EAAE,OAAO,MAAM,OAAO,QAAQ,MAAM,OAAO;AAAA,IAC7C;AACA,WAAO,EAAE,cAAc,IAAI,eAAe,MAAM;AAAA,EAClD;AACF;;;ACrBO,IAAM,UAAN,MAAc;AAAA,EACV;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAET,YAAY,MAAsB;AAChC,QAAI,CAAC,KAAK,SAAS;AACjB,YAAM,IAAI,UAAU,iCAAiC;AAAA,IACvD;AACA,QAAI,CAAC,KAAK,QAAQ;AAChB,YAAM,IAAI,UAAU,gCAAgC;AAAA,IACtD;AAEA,UAAM,OAAO,iBAAiB;AAAA,MAC5B,SAAS,KAAK,QAAQ,QAAQ,QAAQ,EAAE;AAAA,MACxC,QAAQ,KAAK;AAAA,MACb,OAAO,KAAK;AAAA,MACZ,WAAW,KAAK;AAAA,MAChB,SAAS,KAAK;AAAA,IAChB,CAAC;AAED,SAAK,WAAW,IAAI,iBAAiB,IAAI;AACzC,SAAK,SAAS,IAAI,eAAe,IAAI;AACrC,SAAK,SAAS,IAAI,eAAe,IAAI;AACrC,SAAK,QAAQ,IAAI,cAAc,IAAI;AACnC,SAAK,YAAY,IAAI,kBAAkB,IAAI;AAAA,EAC7C;AACF;","names":[]}
+{"version":3,"sources":["../src/errors.ts","../src/internal/http.ts","../src/resources/campaigns.ts","../src/internal/identity.ts","../src/resources/contacts.ts","../src/resources/emails.ts","../src/resources/events.ts","../src/resources/lists.ts","../src/resources/webhooks.ts","../src/hogsend.ts","../src/internal/verify.ts"],"sourcesContent":["/**\n * A non-2xx response — or a transport-level failure — from the Hogsend data\n * plane. `status` is the HTTP status code, or `0` when the request never\n * reached the server (DNS/connect/timeout). `body` is the parsed JSON body when\n * available, else the raw text, else `undefined`.\n */\nexport class HogsendAPIError extends Error {\n  readonly status: number;\n  readonly body: unknown;\n\n  constructor(message: string, status: number, body: unknown) {\n    super(message);\n    this.name = \"HogsendAPIError\";\n    this.status = status;\n    this.body = body;\n    // Restore prototype chain for instanceof across transpile targets.\n    Object.setPrototypeOf(this, new.target.prototype);\n  }\n}\n\n/**\n * A `429 Too Many Requests` response. `retryAfter` is the parsed `Retry-After`\n * header in seconds when present (the server sends it on 429 for `/v1/emails`).\n */\nexport class RateLimitError extends HogsendAPIError {\n  readonly retryAfter?: number;\n\n  constructor(message: string, body: unknown, retryAfter?: number) {\n    super(message, 429, body);\n    this.name = \"RateLimitError\";\n    this.retryAfter = retryAfter;\n    Object.setPrototypeOf(this, new.target.prototype);\n  }\n}\n","import { HogsendAPIError, RateLimitError } from \"../errors.js\";\n\n/** Query params accepted by `get` — undefined values are dropped. */\nexport type Query = Record<string, string | number | undefined>;\n\n/** Per-request extras (currently just an idempotency header passthrough). */\nexport interface RequestExtras {\n  /** Sent as the `Idempotency-Key` header when set. */\n  idempotencyKey?: string;\n}\n\nexport interface HttpClientConfig {\n  baseUrl: string;\n  apiKey: string;\n  fetch?: typeof fetch;\n  timeoutMs?: number;\n  headers?: Record<string, string>;\n}\n\n/** A minimal, self-contained data-plane HTTP client over native fetch. */\nexport interface HttpClient {\n  get<T = unknown>(path: string, query?: Query): Promise<T>;\n  post<T = unknown>(\n    path: string,\n    body: unknown,\n    extras?: RequestExtras,\n  ): Promise<T>;\n  put<T = unknown>(\n    path: string,\n    body: unknown,\n    extras?: RequestExtras,\n  ): Promise<T>;\n  patch<T = unknown>(\n    path: string,\n    body: unknown,\n    extras?: RequestExtras,\n  ): Promise<T>;\n  del<T = unknown>(path: string, body?: unknown): Promise<T>;\n}\n\nconst DEFAULT_TIMEOUT_MS = 30_000;\n\nfunction buildUrl(baseUrl: string, path: string, query?: Query): string {\n  const url = new URL(path.startsWith(\"/\") ? path : `/${path}`, `${baseUrl}/`);\n  if (query) {\n    for (const [key, value] of Object.entries(query)) {\n      if (value === undefined) continue;\n      url.searchParams.set(key, String(value));\n    }\n  }\n  return url.toString();\n}\n\nfunction bodyMessage(status: number, body: unknown): string {\n  if (body && typeof body === \"object\") {\n    // Application-handler envelope: `{ error: \"human message\" }`.\n    const errField = (body as { error?: unknown }).error;\n    if (typeof errField === \"string\") {\n      return `${status}: ${errField}`;\n    }\n    // @hono/zod-openapi default-hook validation envelope:\n    // `{ success: false, error: <ZodError> }` (no defaultHook configured). The\n    // structured ZodError is preserved on `err.body`; surface a short, readable\n    // summary for `err.message` instead of the generic fallback.\n    if (\n      (body as { success?: unknown }).success === false &&\n      errField &&\n      typeof errField === \"object\"\n    ) {\n      const summary = JSON.stringify(errField).slice(0, 200);\n      return `${status}: validation failed ${summary}`;\n    }\n  }\n  return `request failed with status ${status}`;\n}\n\n/** Parse a `Retry-After` header (seconds form) into a number, else undefined. */\nfunction parseRetryAfter(value: string | null): number | undefined {\n  if (!value) return undefined;\n  const seconds = Number.parseInt(value, 10);\n  return Number.isFinite(seconds) ? seconds : undefined;\n}\n\n/**\n * Builds an {@link HttpClient} bound to a config. Native `fetch`, JSON in/out,\n * `Authorization: Bearer <apiKey>`. Throws typed errors:\n *   - {@link RateLimitError} on 429 (with parsed `Retry-After`),\n *   - {@link HogsendAPIError} on any other non-2xx,\n *   - {@link HogsendAPIError} with `status === 0` on a transport failure\n *     (DNS/connect/abort/timeout).\n */\nexport function createHttpClient(config: HttpClientConfig): HttpClient {\n  const doFetch = config.fetch ?? fetch;\n  const timeoutMs = config.timeoutMs ?? DEFAULT_TIMEOUT_MS;\n  const extraHeaders = config.headers ?? {};\n\n  async function request<T>(\n    method: string,\n    path: string,\n    opts: { query?: Query; body?: unknown; extras?: RequestExtras },\n  ): Promise<T> {\n    const headers: Record<string, string> = {\n      Accept: \"application/json\",\n      Authorization: `Bearer ${config.apiKey}`,\n      ...extraHeaders,\n    };\n    if (opts.body !== undefined) {\n      headers[\"Content-Type\"] = \"application/json\";\n    }\n    if (opts.extras?.idempotencyKey) {\n      headers[\"Idempotency-Key\"] = opts.extras.idempotencyKey;\n    }\n\n    const url = buildUrl(config.baseUrl, path, opts.query);\n\n    const controller = new AbortController();\n    const timer = setTimeout(() => controller.abort(), timeoutMs);\n\n    let res: Response;\n    try {\n      res = await doFetch(url, {\n        method,\n        headers,\n        body: opts.body !== undefined ? JSON.stringify(opts.body) : undefined,\n        signal: controller.signal,\n      });\n    } catch (cause) {\n      const msg = cause instanceof Error ? cause.message : String(cause);\n      throw new HogsendAPIError(\n        `cannot reach ${config.baseUrl} (${msg})`,\n        0,\n        undefined,\n      );\n    } finally {\n      clearTimeout(timer);\n    }\n\n    const text = await res.text();\n    let parsed: unknown;\n    if (text.length > 0) {\n      try {\n        parsed = JSON.parse(text);\n      } catch {\n        parsed = text;\n      }\n    }\n\n    if (!res.ok) {\n      if (res.status === 429) {\n        throw new RateLimitError(\n          bodyMessage(res.status, parsed),\n          parsed,\n          parseRetryAfter(res.headers.get(\"Retry-After\")),\n        );\n      }\n      throw new HogsendAPIError(\n        bodyMessage(res.status, parsed),\n        res.status,\n        parsed,\n      );\n    }\n\n    return parsed as T;\n  }\n\n  return {\n    get: <T>(path: string, query?: Query) => request<T>(\"GET\", path, { query }),\n    post: <T>(path: string, body: unknown, extras?: RequestExtras) =>\n      request<T>(\"POST\", path, { body, extras }),\n    put: <T>(path: string, body: unknown, extras?: RequestExtras) =>\n      request<T>(\"PUT\", path, { body, extras }),\n    patch: <T>(path: string, body: unknown, extras?: RequestExtras) =>\n      request<T>(\"PATCH\", path, { body, extras }),\n    del: <T>(path: string, body?: unknown) =>\n      request<T>(\"DELETE\", path, { body }),\n  };\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport type {\n  Campaign,\n  SendCampaignInput,\n  SendCampaignResult,\n} from \"../types.js\";\n\n/** The `campaigns.*` resource bound to an {@link HttpClient}. */\nexport class CampaignsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /**\n   * Queue a broadcast: durably send one template to every subscribed member of\n   * a `list` (or every active member of a `bucket`). Exactly one of `list` /\n   * `bucket` must be set; `template`/`props` are type-checked against the\n   * augmented `TemplateRegistryMap` when `@hogsend/email` is installed, else\n   * degrade to `{ template: string; props? }`.\n   *\n   * Returns the 202 enqueue ack (`{ campaignId, status }`); the actual sends run\n   * asynchronously in the worker. Poll {@link CampaignsResource.get} for counts.\n   */\n  send(input: SendCampaignInput): Promise<SendCampaignResult> {\n    // The discriminated union narrows `template`/`props` and the audience; index\n    // into the input via a permissive view to build the wire body without\n    // re-discriminating.\n    const body = input as SendCampaignInput & {\n      list?: string;\n      bucket?: string;\n      props?: Record<string, unknown>;\n    };\n    return this.http.post<SendCampaignResult>(\"/v1/campaigns\", {\n      name: body.name,\n      list: body.list,\n      bucket: body.bucket,\n      template: body.template,\n      props: body.props,\n      from: body.from,\n      subject: body.subject,\n    });\n  }\n\n  /** Fetch a campaign's current status + send counts. */\n  get(id: string): Promise<Campaign> {\n    return this.http.get<Campaign>(`/v1/campaigns/${encodeURIComponent(id)}`);\n  }\n}\n","/**\n * Runtime guard mirroring the `Identity` union: at least one of `email` /\n * `userId` must be a non-empty string. The type system enforces this at the\n * call site, but runtime callers (plain JS, untyped data) can still violate it,\n * so we fail fast with a clear message before issuing the request.\n */\nexport function assertIdentity(input: {\n  email?: string;\n  userId?: string;\n}): void {\n  const hasEmail = typeof input.email === \"string\" && input.email.length > 0;\n  const hasUserId = typeof input.userId === \"string\" && input.userId.length > 0;\n  if (!hasEmail && !hasUserId) {\n    throw new TypeError(\n      \"Hogsend: an identity is required — pass `email`, `userId`, or both.\",\n    );\n  }\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport { assertIdentity } from \"../internal/identity.js\";\nimport type {\n  Contact,\n  DeleteContactInput,\n  DeleteContactResult,\n  FindContactsInput,\n  UpsertContactInput,\n  UpsertContactResult,\n} from \"../types.js\";\n\n/** The `contacts.*` resource bound to an {@link HttpClient}. */\nexport class ContactsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /**\n   * Upsert a contact by identity. Resolves/merges server-side and optionally\n   * applies list membership. Returns `{ id, created, linked }`.\n   */\n  async upsert(input: UpsertContactInput): Promise<UpsertContactResult> {\n    assertIdentity(input);\n    return this.http.put<UpsertContactResult>(\"/v1/contacts\", {\n      email: input.email,\n      userId: input.userId,\n      properties: input.properties,\n      lists: input.lists,\n    });\n  }\n\n  /** Find non-deleted contacts by `email` or `userId`. */\n  async find(input: FindContactsInput): Promise<Contact[]> {\n    const query: Record<string, string | undefined> = {\n      email: \"email\" in input ? input.email : undefined,\n      userId: \"userId\" in input ? input.userId : undefined,\n    };\n    const res = await this.http.get<{ contacts: Contact[] }>(\n      \"/v1/contacts/find\",\n      query,\n    );\n    return res.contacts;\n  }\n\n  /** Soft-delete a contact by identity. */\n  async delete(input: DeleteContactInput): Promise<DeleteContactResult> {\n    assertIdentity(input);\n    return this.http.del<DeleteContactResult>(\"/v1/contacts\", {\n      email: input.email,\n      userId: input.userId,\n    });\n  }\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport type { SendEmailInput, SendEmailResult } from \"../types.js\";\n\n/** The `emails.*` resource bound to an {@link HttpClient}. */\nexport class EmailsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /**\n   * Send a transactional email by template. Recipient is `to` (raw address) or\n   * `userId` (resolved server-side). `template`/`props` are type-checked against\n   * the augmented `TemplateRegistryMap` when `@hogsend/email` is installed,\n   * else degrade to `{ template: string; props? }`.\n   */\n  send(input: SendEmailInput): Promise<SendEmailResult> {\n    // The discriminated union narrows `template`/`props`; index into the input\n    // via a permissive view to build the wire body without re-discriminating.\n    const body = input as SendEmailInput & {\n      props?: Record<string, unknown>;\n    };\n    return this.http.post<SendEmailResult>(\n      \"/v1/emails\",\n      {\n        to: body.to,\n        userId: body.userId,\n        template: body.template,\n        props: body.props,\n        from: body.from,\n        subject: body.subject,\n        replyTo: body.replyTo,\n        category: body.category,\n        skipPreferenceCheck: body.skipPreferenceCheck,\n        idempotencyKey: body.idempotencyKey,\n      },\n      body.idempotencyKey ? { idempotencyKey: body.idempotencyKey } : undefined,\n    );\n  }\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport { assertIdentity } from \"../internal/identity.js\";\nimport type { IngestResult, SendEventInput } from \"../types.js\";\n\n/** The `events.*` resource bound to an {@link HttpClient}. */\nexport class EventsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /**\n   * Send an event through the ingestion pipeline. The two property bags are\n   * kept distinct: `eventProperties` feed `trigger.where`/`exitOn`,\n   * `contactProperties` merge onto the contact. Optionally apply list\n   * membership. Returns the ingest result (stored + exit evaluations).\n   *\n   * `idempotencyKey` is sent both as the `Idempotency-Key` header (which wins\n   * server-side) and in the body, matching `POST /v1/events`.\n   */\n  send(input: SendEventInput): Promise<IngestResult> {\n    assertIdentity(input);\n    return this.http.post<IngestResult>(\n      \"/v1/events\",\n      {\n        name: input.name,\n        email: input.email,\n        userId: input.userId,\n        eventProperties: input.eventProperties,\n        contactProperties: input.contactProperties,\n        lists: input.lists,\n        idempotencyKey: input.idempotencyKey,\n      },\n      input.idempotencyKey\n        ? { idempotencyKey: input.idempotencyKey }\n        : undefined,\n    );\n  }\n\n  /** Alias of {@link EventsResource.send}. */\n  track(input: SendEventInput): Promise<IngestResult> {\n    return this.send(input);\n  }\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport { assertIdentity } from \"../internal/identity.js\";\nimport type {\n  ListSummary,\n  SubscribeInput,\n  SubscribeResult,\n  UnsubscribeResult,\n} from \"../types.js\";\n\n/** The `lists.*` resource bound to an {@link HttpClient}. */\nexport class ListsResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /** List all code-defined lists. */\n  async list(): Promise<ListSummary[]> {\n    const res = await this.http.get<{ lists: ListSummary[] }>(\"/v1/lists\");\n    return res.lists;\n  }\n\n  /** Subscribe an identity to a list. */\n  async subscribe(input: SubscribeInput): Promise<SubscribeResult> {\n    assertIdentity(input);\n    const res = await this.http.post<{ list: string; subscribed: boolean }>(\n      `/v1/lists/${encodeURIComponent(input.list)}/subscribe`,\n      { email: input.email, userId: input.userId },\n    );\n    return { subscribed: res.subscribed };\n  }\n\n  /** Unsubscribe an identity from a list. */\n  async unsubscribe(input: SubscribeInput): Promise<UnsubscribeResult> {\n    assertIdentity(input);\n    const res = await this.http.post<{ list: string; subscribed: boolean }>(\n      `/v1/lists/${encodeURIComponent(input.list)}/unsubscribe`,\n      { email: input.email, userId: input.userId },\n    );\n    return { unsubscribed: res.subscribed === false };\n  }\n}\n","import type { HttpClient } from \"../internal/http.js\";\nimport type {\n  CreatedWebhookEndpoint,\n  CreateWebhookInput,\n  RotateWebhookSecretResult,\n  UpdateWebhookInput,\n  WebhookEndpoint,\n} from \"../types.js\";\n\nconst BASE = \"/v1/admin/webhooks\";\n\n/**\n * The `webhooks.*` resource — manage outbound webhook endpoints (the\n * Svix-style signed event stream Hogsend emits to subscriber URLs).\n *\n * IMPORTANT: unlike the rest of the client (which uses an `ingest`-scoped data\n * key), this resource targets the ADMIN plane (`/v1/admin/webhooks`) and\n * REQUIRES a full-admin key. Signing-secret management is the same trust class\n * as API-key management — a leaked ingest key must never register an\n * exfiltration endpoint. Construct the client with an admin `apiKey`.\n *\n * The full signing `secret` (`whsec_…`) is returned ONCE — on\n * {@link WebhooksResource.create} and {@link WebhooksResource.rotateSecret}.\n * `list`/`get` only ever expose the display `secretPrefix`. Store it on create.\n */\nexport class WebhooksResource {\n  constructor(private readonly http: HttpClient) {}\n\n  /**\n   * Register a new endpoint subscribed to one or more outbound event types.\n   * Returns the endpoint INCLUDING the full signing `secret` — this is the\n   * only time (besides rotate) the secret is returned. Store it now.\n   */\n  create(input: CreateWebhookInput): Promise<CreatedWebhookEndpoint> {\n    return this.http.post<CreatedWebhookEndpoint>(BASE, {\n      url: input.url,\n      eventTypes: input.eventTypes,\n      description: input.description,\n      disabled: input.disabled,\n    });\n  }\n\n  /**\n   * List endpoints (newest first). Disabled endpoints are hidden unless\n   * `includeDisabled` is set. Returns the endpoints array (unwrapped from the\n   * `{ endpoints, total, limit, offset }` envelope).\n   */\n  async list(opts?: {\n    limit?: number;\n    offset?: number;\n    includeDisabled?: boolean;\n  }): Promise<WebhookEndpoint[]> {\n    const res = await this.http.get<{ endpoints: WebhookEndpoint[] }>(BASE, {\n      limit: opts?.limit,\n      offset: opts?.offset,\n      includeDisabled:\n        opts?.includeDisabled === undefined\n          ? undefined\n          : String(opts.includeDisabled),\n    });\n    return res.endpoints;\n  }\n\n  /** Fetch one endpoint by id (404 → {@link HogsendAPIError}). */\n  get(id: string): Promise<WebhookEndpoint> {\n    return this.http.get<WebhookEndpoint>(`${BASE}/${encodeURIComponent(id)}`);\n  }\n\n  /**\n   * Patch an endpoint. Only the provided fields change; `description: null`\n   * clears the description. Does NOT return or rotate the secret.\n   */\n  update(id: string, input: UpdateWebhookInput): Promise<WebhookEndpoint> {\n    return this.http.patch<WebhookEndpoint>(\n      `${BASE}/${encodeURIComponent(id)}`,\n      {\n        url: input.url,\n        eventTypes: input.eventTypes,\n        description: input.description,\n        disabled: input.disabled,\n      },\n    );\n  }\n\n  /** Hard-delete an endpoint (cascade drops its deliveries). */\n  delete(id: string): Promise<{ deleted: boolean }> {\n    return this.http.del<{ deleted: boolean }>(\n      `${BASE}/${encodeURIComponent(id)}`,\n    );\n  }\n\n  /**\n   * Rotate the signing secret. The OLD secret is invalidated immediately (hard\n   * cutover) — update every subscriber with the returned new `secret` (returned\n   * ONCE).\n   */\n  rotateSecret(id: string): Promise<RotateWebhookSecretResult> {\n    return this.http.post<RotateWebhookSecretResult>(\n      `${BASE}/${encodeURIComponent(id)}/rotate-secret`,\n      {},\n    );\n  }\n\n  /**\n   * Enqueue an out-of-band `webhook.test` delivery to the endpoint, delivered\n   * regardless of its subscribed `eventTypes`. Returns the 202 enqueue ack.\n   */\n  sendTest(\n    id: string,\n  ): Promise<{ enqueued: boolean; eventType: \"webhook.test\" }> {\n    return this.http.post<{ enqueued: boolean; eventType: \"webhook.test\" }>(\n      `${BASE}/${encodeURIComponent(id)}/test`,\n      {},\n    );\n  }\n}\n","import { createHttpClient } from \"./internal/http.js\";\nimport { CampaignsResource } from \"./resources/campaigns.js\";\nimport { ContactsResource } from \"./resources/contacts.js\";\nimport { EmailsResource } from \"./resources/emails.js\";\nimport { EventsResource } from \"./resources/events.js\";\nimport { ListsResource } from \"./resources/lists.js\";\nimport { WebhooksResource } from \"./resources/webhooks.js\";\nimport type { HogsendOptions } from \"./types.js\";\n\n/**\n * Typed HTTP client for the Hogsend data plane.\n *\n * ```ts\n * const hs = new Hogsend({ baseUrl: \"https://api.example.com\", apiKey: \"hsk_…\" });\n * await hs.contacts.upsert({ email: \"a@b.com\", properties: { plan: \"pro\" } });\n * await hs.events.send({ userId: \"u_1\", name: \"signup\" });\n * ```\n */\nexport class Hogsend {\n  readonly contacts: ContactsResource;\n  readonly events: EventsResource;\n  readonly emails: EmailsResource;\n  readonly lists: ListsResource;\n  readonly campaigns: CampaignsResource;\n  /**\n   * Manage outbound webhook endpoints (the signed event stream Hogsend emits to\n   * subscriber URLs). REQUIRES a full-admin `apiKey` — this resource hits the\n   * admin plane (`/v1/admin/webhooks`), NOT the ingest data plane the other\n   * resources use. See {@link WebhooksResource}.\n   */\n  readonly webhooks: WebhooksResource;\n\n  constructor(opts: HogsendOptions) {\n    if (!opts.baseUrl) {\n      throw new TypeError(\"Hogsend: `baseUrl` is required.\");\n    }\n    if (!opts.apiKey) {\n      throw new TypeError(\"Hogsend: `apiKey` is required.\");\n    }\n\n    const http = createHttpClient({\n      baseUrl: opts.baseUrl.replace(/\\/+$/, \"\"),\n      apiKey: opts.apiKey,\n      fetch: opts.fetch,\n      timeoutMs: opts.timeoutMs,\n      headers: opts.headers,\n    });\n\n    this.contacts = new ContactsResource(http);\n    this.events = new EventsResource(http);\n    this.emails = new EmailsResource(http);\n    this.lists = new ListsResource(http);\n    this.campaigns = new CampaignsResource(http);\n    this.webhooks = new WebhooksResource(http);\n  }\n}\n","import { createHmac, timingSafeEqual } from \"node:crypto\";\nimport { Webhook } from \"svix\";\n\n/** Default tolerance (seconds) for the timestamp freshness check. */\nconst TOLERANCE_SECONDS = 5 * 60;\n\n/**\n * Lowercase every header key so callers can pass the Title-Case headers Hogsend\n * sends (`Webhook-Id`/`Webhook-Timestamp`/`Webhook-Signature`) OR the lowercase\n * form a framework may hand back. Svix expects lowercase `svix-*`/`webhook-*`.\n */\nfunction normalizeHeaders(\n  headers: Record<string, string>,\n): Record<string, string> {\n  const out: Record<string, string> = {};\n  for (const [key, value] of Object.entries(headers)) {\n    out[key.toLowerCase()] = value;\n  }\n  return out;\n}\n\n/**\n * Verify and parse an INBOUND Hogsend outbound-webhook delivery, the\n * subscriber-side counterpart of the engine's signing. Use this in a handler\n * that receives Hogsend's signed POSTs to confirm authenticity before trusting\n * the body.\n *\n * Pass the RAW request body bytes (the exact string Hogsend signed — never a\n * re-stringified object), the request headers, and the endpoint's `whsec_…`\n * signing secret (from create / rotate-secret). Returns the parsed event\n * envelope (`{ id, type, timestamp, data }`) on success.\n *\n * Throws on a bad signature, a missing signature header, or a timestamp outside\n * the 5-minute tolerance window.\n *\n * Implementation: wraps svix's `Webhook.verify` (constant-time, tolerance-\n * checked); if svix cannot run for any reason it falls back to a pure\n * `node:crypto` HMAC-SHA256 check over `${id}.${timestamp}.${body}` with a\n * `timingSafeEqual` compare against the `v1,<base64>` signature(s).\n *\n * @example\n * ```ts\n * import { verifyHogsendWebhook } from \"@hogsend/client\";\n *\n * app.post(\"/webhooks/hogsend\", async (req, res) => {\n *   const body = await readRawBody(req); // the exact bytes\n *   try {\n *     const event = verifyHogsendWebhook({\n *       payload: body,\n *       headers: req.headers,\n *       secret: process.env.HOGSEND_WEBHOOK_SECRET!,\n *     });\n *     // handle event.type ...\n *     res.sendStatus(200);\n *   } catch {\n *     res.sendStatus(401);\n *   }\n * });\n * ```\n */\nexport function verifyHogsendWebhook(opts: {\n  payload: string;\n  headers: Record<string, string>;\n  secret: string;\n}): unknown {\n  const headers = normalizeHeaders(opts.headers);\n  const id = headers[\"webhook-id\"] ?? headers[\"svix-id\"];\n  const timestamp = headers[\"webhook-timestamp\"] ?? headers[\"svix-timestamp\"];\n  const signature = headers[\"webhook-signature\"] ?? headers[\"svix-signature\"];\n\n  if (!id || !timestamp || !signature) {\n    throw new Error(\n      \"verifyHogsendWebhook: missing Webhook-Id / Webhook-Timestamp / Webhook-Signature header\",\n    );\n  }\n\n  try {\n    const wh = new Webhook(opts.secret);\n    return wh.verify(opts.payload, {\n      \"svix-id\": id,\n      \"svix-timestamp\": timestamp,\n      \"svix-signature\": signature,\n    });\n  } catch {\n    // svix unavailable (tree-shaken) or threw — fall back to node:crypto. We\n    // re-run the SAME canonical check so a genuine signature/timestamp failure\n    // still throws; only a svix-internal/import failure is \"rescued\".\n    return verifyWithNodeCrypto({\n      payload: opts.payload,\n      secret: opts.secret,\n      id,\n      timestamp,\n      signature,\n    });\n  }\n}\n\n/**\n * Pure `node:crypto` verification of the Svix signature scheme. Mirrors the\n * documented fallback in the engine's webhook-signing lib:\n * `HMAC_SHA256(base64-decoded secret, `${id}.${ts}.${body}`)` → `v1,<base64>`,\n * `timingSafeEqual` against each space-separated signature in the header.\n */\nfunction verifyWithNodeCrypto(opts: {\n  payload: string;\n  secret: string;\n  id: string;\n  timestamp: string;\n  signature: string;\n}): unknown {\n  const ts = Number.parseInt(opts.timestamp, 10);\n  if (!Number.isFinite(ts)) {\n    throw new Error(\"verifyHogsendWebhook: invalid Webhook-Timestamp\");\n  }\n  const now = Math.floor(Date.now() / 1000);\n  if (Math.abs(now - ts) > TOLERANCE_SECONDS) {\n    throw new Error(\"verifyHogsendWebhook: timestamp outside tolerance window\");\n  }\n\n  // The secret is `whsec_<base64>`; the signing key is the base64-decoded body.\n  const key = opts.secret.startsWith(\"whsec_\")\n    ? Buffer.from(opts.secret.slice(6), \"base64\")\n    : Buffer.from(opts.secret, \"base64\");\n  const signedContent = `${opts.id}.${opts.timestamp}.${opts.payload}`;\n  const expected = createHmac(\"sha256\", key)\n    .update(signedContent)\n    .digest(\"base64\");\n  const expectedBuf = Buffer.from(expected);\n\n  // The header is space-separated `v1,<sig>` pairs; accept if ANY matches.\n  const matched = opts.signature.split(\" \").some((part) => {\n    const sig = part.startsWith(\"v1,\") ? part.slice(3) : part;\n    const candidate = Buffer.from(sig);\n    return (\n      candidate.length === expectedBuf.length &&\n      timingSafeEqual(candidate, expectedBuf)\n    );\n  });\n\n  if (!matched) {\n    throw new Error(\"verifyHogsendWebhook: signature verification failed\");\n  }\n\n  return JSON.parse(opts.payload);\n}\n"],"mappings":";AAMO,IAAM,kBAAN,cAA8B,MAAM;AAAA,EAChC;AAAA,EACA;AAAA,EAET,YAAY,SAAiB,QAAgB,MAAe;AAC1D,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS;AACd,SAAK,OAAO;AAEZ,WAAO,eAAe,MAAM,WAAW,SAAS;AAAA,EAClD;AACF;AAMO,IAAM,iBAAN,cAA6B,gBAAgB;AAAA,EACzC;AAAA,EAET,YAAY,SAAiB,MAAe,YAAqB;AAC/D,UAAM,SAAS,KAAK,IAAI;AACxB,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,WAAO,eAAe,MAAM,WAAW,SAAS;AAAA,EAClD;AACF;;;ACOA,IAAM,qBAAqB;AAE3B,SAAS,SAAS,SAAiB,MAAc,OAAuB;AACtE,QAAM,MAAM,IAAI,IAAI,KAAK,WAAW,GAAG,IAAI,OAAO,IAAI,IAAI,IAAI,GAAG,OAAO,GAAG;AAC3E,MAAI,OAAO;AACT,eAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,KAAK,GAAG;AAChD,UAAI,UAAU,OAAW;AACzB,UAAI,aAAa,IAAI,KAAK,OAAO,KAAK,CAAC;AAAA,IACzC;AAAA,EACF;AACA,SAAO,IAAI,SAAS;AACtB;AAEA,SAAS,YAAY,QAAgB,MAAuB;AAC1D,MAAI,QAAQ,OAAO,SAAS,UAAU;AAEpC,UAAM,WAAY,KAA6B;AAC/C,QAAI,OAAO,aAAa,UAAU;AAChC,aAAO,GAAG,MAAM,KAAK,QAAQ;AAAA,IAC/B;AAKA,QACG,KAA+B,YAAY,SAC5C,YACA,OAAO,aAAa,UACpB;AACA,YAAM,UAAU,KAAK,UAAU,QAAQ,EAAE,MAAM,GAAG,GAAG;AACrD,aAAO,GAAG,MAAM,uBAAuB,OAAO;AAAA,IAChD;AAAA,EACF;AACA,SAAO,8BAA8B,MAAM;AAC7C;AAGA,SAAS,gBAAgB,OAA0C;AACjE,MAAI,CAAC,MAAO,QAAO;AACnB,QAAM,UAAU,OAAO,SAAS,OAAO,EAAE;AACzC,SAAO,OAAO,SAAS,OAAO,IAAI,UAAU;AAC9C;AAUO,SAAS,iBAAiB,QAAsC;AACrE,QAAM,UAAU,OAAO,SAAS;AAChC,QAAM,YAAY,OAAO,aAAa;AACtC,QAAM,eAAe,OAAO,WAAW,CAAC;AAExC,iBAAe,QACb,QACA,MACA,MACY;AACZ,UAAM,UAAkC;AAAA,MACtC,QAAQ;AAAA,MACR,eAAe,UAAU,OAAO,MAAM;AAAA,MACtC,GAAG;AAAA,IACL;AACA,QAAI,KAAK,SAAS,QAAW;AAC3B,cAAQ,cAAc,IAAI;AAAA,IAC5B;AACA,QAAI,KAAK,QAAQ,gBAAgB;AAC/B,cAAQ,iBAAiB,IAAI,KAAK,OAAO;AAAA,IAC3C;AAEA,UAAM,MAAM,SAAS,OAAO,SAAS,MAAM,KAAK,KAAK;AAErD,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,QAAQ,WAAW,MAAM,WAAW,MAAM,GAAG,SAAS;AAE5D,QAAI;AACJ,QAAI;AACF,YAAM,MAAM,QAAQ,KAAK;AAAA,QACvB;AAAA,QACA;AAAA,QACA,MAAM,KAAK,SAAS,SAAY,KAAK,UAAU,KAAK,IAAI,IAAI;AAAA,QAC5D,QAAQ,WAAW;AAAA,MACrB,CAAC;AAAA,IACH,SAAS,OAAO;AACd,YAAM,MAAM,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AACjE,YAAM,IAAI;AAAA,QACR,gBAAgB,OAAO,OAAO,KAAK,GAAG;AAAA,QACtC;AAAA,QACA;AAAA,MACF;AAAA,IACF,UAAE;AACA,mBAAa,KAAK;AAAA,IACpB;AAEA,UAAM,OAAO,MAAM,IAAI,KAAK;AAC5B,QAAI;AACJ,QAAI,KAAK,SAAS,GAAG;AACnB,UAAI;AACF,iBAAS,KAAK,MAAM,IAAI;AAAA,MAC1B,QAAQ;AACN,iBAAS;AAAA,MACX;AAAA,IACF;AAEA,QAAI,CAAC,IAAI,IAAI;AACX,UAAI,IAAI,WAAW,KAAK;AACtB,cAAM,IAAI;AAAA,UACR,YAAY,IAAI,QAAQ,MAAM;AAAA,UAC9B;AAAA,UACA,gBAAgB,IAAI,QAAQ,IAAI,aAAa,CAAC;AAAA,QAChD;AAAA,MACF;AACA,YAAM,IAAI;AAAA,QACR,YAAY,IAAI,QAAQ,MAAM;AAAA,QAC9B,IAAI;AAAA,QACJ;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,KAAK,CAAI,MAAc,UAAkB,QAAW,OAAO,MAAM,EAAE,MAAM,CAAC;AAAA,IAC1E,MAAM,CAAI,MAAc,MAAe,WACrC,QAAW,QAAQ,MAAM,EAAE,MAAM,OAAO,CAAC;AAAA,IAC3C,KAAK,CAAI,MAAc,MAAe,WACpC,QAAW,OAAO,MAAM,EAAE,MAAM,OAAO,CAAC;AAAA,IAC1C,OAAO,CAAI,MAAc,MAAe,WACtC,QAAW,SAAS,MAAM,EAAE,MAAM,OAAO,CAAC;AAAA,IAC5C,KAAK,CAAI,MAAc,SACrB,QAAW,UAAU,MAAM,EAAE,KAAK,CAAC;AAAA,EACvC;AACF;;;ACxKO,IAAM,oBAAN,MAAwB;AAAA,EAC7B,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAY7B,KAAK,OAAuD;AAI1D,UAAM,OAAO;AAKb,WAAO,KAAK,KAAK,KAAyB,iBAAiB;AAAA,MACzD,MAAM,KAAK;AAAA,MACX,MAAM,KAAK;AAAA,MACX,QAAQ,KAAK;AAAA,MACb,UAAU,KAAK;AAAA,MACf,OAAO,KAAK;AAAA,MACZ,MAAM,KAAK;AAAA,MACX,SAAS,KAAK;AAAA,IAChB,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,IAAI,IAA+B;AACjC,WAAO,KAAK,KAAK,IAAc,iBAAiB,mBAAmB,EAAE,CAAC,EAAE;AAAA,EAC1E;AACF;;;ACvCO,SAAS,eAAe,OAGtB;AACP,QAAM,WAAW,OAAO,MAAM,UAAU,YAAY,MAAM,MAAM,SAAS;AACzE,QAAM,YAAY,OAAO,MAAM,WAAW,YAAY,MAAM,OAAO,SAAS;AAC5E,MAAI,CAAC,YAAY,CAAC,WAAW;AAC3B,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACF;;;ACLO,IAAM,mBAAN,MAAuB;AAAA,EAC5B,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAM7B,MAAM,OAAO,OAAyD;AACpE,mBAAe,KAAK;AACpB,WAAO,KAAK,KAAK,IAAyB,gBAAgB;AAAA,MACxD,OAAO,MAAM;AAAA,MACb,QAAQ,MAAM;AAAA,MACd,YAAY,MAAM;AAAA,MAClB,OAAO,MAAM;AAAA,IACf,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,MAAM,KAAK,OAA8C;AACvD,UAAM,QAA4C;AAAA,MAChD,OAAO,WAAW,QAAQ,MAAM,QAAQ;AAAA,MACxC,QAAQ,YAAY,QAAQ,MAAM,SAAS;AAAA,IAC7C;AACA,UAAM,MAAM,MAAM,KAAK,KAAK;AAAA,MAC1B;AAAA,MACA;AAAA,IACF;AACA,WAAO,IAAI;AAAA,EACb;AAAA;AAAA,EAGA,MAAM,OAAO,OAAyD;AACpE,mBAAe,KAAK;AACpB,WAAO,KAAK,KAAK,IAAyB,gBAAgB;AAAA,MACxD,OAAO,MAAM;AAAA,MACb,QAAQ,MAAM;AAAA,IAChB,CAAC;AAAA,EACH;AACF;;;AC9CO,IAAM,iBAAN,MAAqB;AAAA,EAC1B,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQ7B,KAAK,OAAiD;AAGpD,UAAM,OAAO;AAGb,WAAO,KAAK,KAAK;AAAA,MACf;AAAA,MACA;AAAA,QACE,IAAI,KAAK;AAAA,QACT,QAAQ,KAAK;AAAA,QACb,UAAU,KAAK;AAAA,QACf,OAAO,KAAK;AAAA,QACZ,MAAM,KAAK;AAAA,QACX,SAAS,KAAK;AAAA,QACd,SAAS,KAAK;AAAA,QACd,UAAU,KAAK;AAAA,QACf,qBAAqB,KAAK;AAAA,QAC1B,gBAAgB,KAAK;AAAA,MACvB;AAAA,MACA,KAAK,iBAAiB,EAAE,gBAAgB,KAAK,eAAe,IAAI;AAAA,IAClE;AAAA,EACF;AACF;;;AC/BO,IAAM,iBAAN,MAAqB;AAAA,EAC1B,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAW7B,KAAK,OAA8C;AACjD,mBAAe,KAAK;AACpB,WAAO,KAAK,KAAK;AAAA,MACf;AAAA,MACA;AAAA,QACE,MAAM,MAAM;AAAA,QACZ,OAAO,MAAM;AAAA,QACb,QAAQ,MAAM;AAAA,QACd,iBAAiB,MAAM;AAAA,QACvB,mBAAmB,MAAM;AAAA,QACzB,OAAO,MAAM;AAAA,QACb,gBAAgB,MAAM;AAAA,MACxB;AAAA,MACA,MAAM,iBACF,EAAE,gBAAgB,MAAM,eAAe,IACvC;AAAA,IACN;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,OAA8C;AAClD,WAAO,KAAK,KAAK,KAAK;AAAA,EACxB;AACF;;;AC9BO,IAAM,gBAAN,MAAoB;AAAA,EACzB,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA,EAG7B,MAAM,OAA+B;AACnC,UAAM,MAAM,MAAM,KAAK,KAAK,IAA8B,WAAW;AACrE,WAAO,IAAI;AAAA,EACb;AAAA;AAAA,EAGA,MAAM,UAAU,OAAiD;AAC/D,mBAAe,KAAK;AACpB,UAAM,MAAM,MAAM,KAAK,KAAK;AAAA,MAC1B,aAAa,mBAAmB,MAAM,IAAI,CAAC;AAAA,MAC3C,EAAE,OAAO,MAAM,OAAO,QAAQ,MAAM,OAAO;AAAA,IAC7C;AACA,WAAO,EAAE,YAAY,IAAI,WAAW;AAAA,EACtC;AAAA;AAAA,EAGA,MAAM,YAAY,OAAmD;AACnE,mBAAe,KAAK;AACpB,UAAM,MAAM,MAAM,KAAK,KAAK;AAAA,MAC1B,aAAa,mBAAmB,MAAM,IAAI,CAAC;AAAA,MAC3C,EAAE,OAAO,MAAM,OAAO,QAAQ,MAAM,OAAO;AAAA,IAC7C;AACA,WAAO,EAAE,cAAc,IAAI,eAAe,MAAM;AAAA,EAClD;AACF;;;AC7BA,IAAM,OAAO;AAgBN,IAAM,mBAAN,MAAuB;AAAA,EAC5B,YAA6B,MAAkB;AAAlB;AAAA,EAAmB;AAAA,EAAnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAO7B,OAAO,OAA4D;AACjE,WAAO,KAAK,KAAK,KAA6B,MAAM;AAAA,MAClD,KAAK,MAAM;AAAA,MACX,YAAY,MAAM;AAAA,MAClB,aAAa,MAAM;AAAA,MACnB,UAAU,MAAM;AAAA,IAClB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,KAAK,MAIoB;AAC7B,UAAM,MAAM,MAAM,KAAK,KAAK,IAAsC,MAAM;AAAA,MACtE,OAAO,MAAM;AAAA,MACb,QAAQ,MAAM;AAAA,MACd,iBACE,MAAM,oBAAoB,SACtB,SACA,OAAO,KAAK,eAAe;AAAA,IACnC,CAAC;AACD,WAAO,IAAI;AAAA,EACb;AAAA;AAAA,EAGA,IAAI,IAAsC;AACxC,WAAO,KAAK,KAAK,IAAqB,GAAG,IAAI,IAAI,mBAAmB,EAAE,CAAC,EAAE;AAAA,EAC3E;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,IAAY,OAAqD;AACtE,WAAO,KAAK,KAAK;AAAA,MACf,GAAG,IAAI,IAAI,mBAAmB,EAAE,CAAC;AAAA,MACjC;AAAA,QACE,KAAK,MAAM;AAAA,QACX,YAAY,MAAM;AAAA,QAClB,aAAa,MAAM;AAAA,QACnB,UAAU,MAAM;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AAAA;AAAA,EAGA,OAAO,IAA2C;AAChD,WAAO,KAAK,KAAK;AAAA,MACf,GAAG,IAAI,IAAI,mBAAmB,EAAE,CAAC;AAAA,IACnC;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,aAAa,IAAgD;AAC3D,WAAO,KAAK,KAAK;AAAA,MACf,GAAG,IAAI,IAAI,mBAAmB,EAAE,CAAC;AAAA,MACjC,CAAC;AAAA,IACH;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,SACE,IAC2D;AAC3D,WAAO,KAAK,KAAK;AAAA,MACf,GAAG,IAAI,IAAI,mBAAmB,EAAE,CAAC;AAAA,MACjC,CAAC;AAAA,IACH;AAAA,EACF;AACF;;;ACjGO,IAAM,UAAN,MAAc;AAAA,EACV;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA;AAAA,EAET,YAAY,MAAsB;AAChC,QAAI,CAAC,KAAK,SAAS;AACjB,YAAM,IAAI,UAAU,iCAAiC;AAAA,IACvD;AACA,QAAI,CAAC,KAAK,QAAQ;AAChB,YAAM,IAAI,UAAU,gCAAgC;AAAA,IACtD;AAEA,UAAM,OAAO,iBAAiB;AAAA,MAC5B,SAAS,KAAK,QAAQ,QAAQ,QAAQ,EAAE;AAAA,MACxC,QAAQ,KAAK;AAAA,MACb,OAAO,KAAK;AAAA,MACZ,WAAW,KAAK;AAAA,MAChB,SAAS,KAAK;AAAA,IAChB,CAAC;AAED,SAAK,WAAW,IAAI,iBAAiB,IAAI;AACzC,SAAK,SAAS,IAAI,eAAe,IAAI;AACrC,SAAK,SAAS,IAAI,eAAe,IAAI;AACrC,SAAK,QAAQ,IAAI,cAAc,IAAI;AACnC,SAAK,YAAY,IAAI,kBAAkB,IAAI;AAC3C,SAAK,WAAW,IAAI,iBAAiB,IAAI;AAAA,EAC3C;AACF;;;ACvDA,SAAS,YAAY,uBAAuB;AAC5C,SAAS,eAAe;AAGxB,IAAM,oBAAoB,IAAI;AAO9B,SAAS,iBACP,SACwB;AACxB,QAAM,MAA8B,CAAC;AACrC,aAAW,CAAC,KAAK,KAAK,KAAK,OAAO,QAAQ,OAAO,GAAG;AAClD,QAAI,IAAI,YAAY,CAAC,IAAI;AAAA,EAC3B;AACA,SAAO;AACT;AAyCO,SAAS,qBAAqB,MAIzB;AACV,QAAM,UAAU,iBAAiB,KAAK,OAAO;AAC7C,QAAM,KAAK,QAAQ,YAAY,KAAK,QAAQ,SAAS;AACrD,QAAM,YAAY,QAAQ,mBAAmB,KAAK,QAAQ,gBAAgB;AAC1E,QAAM,YAAY,QAAQ,mBAAmB,KAAK,QAAQ,gBAAgB;AAE1E,MAAI,CAAC,MAAM,CAAC,aAAa,CAAC,WAAW;AACnC,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,MAAI;AACF,UAAM,KAAK,IAAI,QAAQ,KAAK,MAAM;AAClC,WAAO,GAAG,OAAO,KAAK,SAAS;AAAA,MAC7B,WAAW;AAAA,MACX,kBAAkB;AAAA,MAClB,kBAAkB;AAAA,IACpB,CAAC;AAAA,EACH,QAAQ;AAIN,WAAO,qBAAqB;AAAA,MAC1B,SAAS,KAAK;AAAA,MACd,QAAQ,KAAK;AAAA,MACb;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,EACH;AACF;AAQA,SAAS,qBAAqB,MAMlB;AACV,QAAM,KAAK,OAAO,SAAS,KAAK,WAAW,EAAE;AAC7C,MAAI,CAAC,OAAO,SAAS,EAAE,GAAG;AACxB,UAAM,IAAI,MAAM,iDAAiD;AAAA,EACnE;AACA,QAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AACxC,MAAI,KAAK,IAAI,MAAM,EAAE,IAAI,mBAAmB;AAC1C,UAAM,IAAI,MAAM,0DAA0D;AAAA,EAC5E;AAGA,QAAM,MAAM,KAAK,OAAO,WAAW,QAAQ,IACvC,OAAO,KAAK,KAAK,OAAO,MAAM,CAAC,GAAG,QAAQ,IAC1C,OAAO,KAAK,KAAK,QAAQ,QAAQ;AACrC,QAAM,gBAAgB,GAAG,KAAK,EAAE,IAAI,KAAK,SAAS,IAAI,KAAK,OAAO;AAClE,QAAM,WAAW,WAAW,UAAU,GAAG,EACtC,OAAO,aAAa,EACpB,OAAO,QAAQ;AAClB,QAAM,cAAc,OAAO,KAAK,QAAQ;AAGxC,QAAM,UAAU,KAAK,UAAU,MAAM,GAAG,EAAE,KAAK,CAAC,SAAS;AACvD,UAAM,MAAM,KAAK,WAAW,KAAK,IAAI,KAAK,MAAM,CAAC,IAAI;AACrD,UAAM,YAAY,OAAO,KAAK,GAAG;AACjC,WACE,UAAU,WAAW,YAAY,UACjC,gBAAgB,WAAW,WAAW;AAAA,EAE1C,CAAC;AAED,MAAI,CAAC,SAAS;AACZ,UAAM,IAAI,MAAM,qDAAqD;AAAA,EACvE;AAEA,SAAO,KAAK,MAAM,KAAK,OAAO;AAChC;","names":[]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hogsend/client",
-  "version": "0.7.0",
+  "version": "0.8.0",
   "type": "module",
   "license": "MIT",
   "description": "Typed HTTP client for the Hogsend data plane (contacts, events, emails, lists).",
@@ -27,24 +27,19 @@
   "publishConfig": {
     "access": "public"
   },
-  "peerDependencies": {
-    "@hogsend/email": "^0.7.0"
-  },
-  "peerDependenciesMeta": {
-    "@hogsend/email": {
-      "optional": true
-    }
-  },
   "devDependencies": {
     "@types/node": "^22.15.3",
     "tsup": "^8.5.1",
     "vitest": "^4.1.7",
-    "@hogsend/email": "^0.7.0",
+    "@hogsend/email": "^0.8.0",
     "@repo/typescript-config": "0.0.0"
   },
   "engines": {
     "node": ">=22"
   },
+  "dependencies": {
+    "svix": "^1.95.1"
+  },
   "scripts": {
     "build": "tsup",
     "check-types": "tsc --noEmit",