@hookflo/tern 2.0.0 → 2.0.2-experimental.0

package/README.md

@@ -3,6 +3,10 @@
 A robust, algorithm-agnostic webhook verification framework that supports multiple platforms with accurate signature verification and payload retrieval.
 The same framework that secures webhook verification at [Hookflo](https://hookflo.com).
 
+⭐ Star this repo to support the project and help others discover it!  
+
+💬 Join the discussion & contribute in our Discord: [Hookflo Community](https://discord.com/invite/SNmCjU97nr)
+
 ```bash
 npm install @hookflo/tern
 ```
@@ -24,6 +28,12 @@ Supports HMAC-SHA256, HMAC-SHA1, HMAC-SHA512, and custom algorithms
 - **Flexible Configuration**: Custom signature configurations for any webhook format
 - **Type Safe**: Full TypeScript support with comprehensive type definitions
 - **Framework Agnostic**: Works with Express.js, Next.js, Cloudflare Workers, and more
+- **Body-Parser Safe Adapters**: Read raw request bodies correctly to avoid signature mismatch issues
+- **Multi-Provider Verification**: Verify and auto-detect across multiple providers with one API
+- **Payload Normalization**: Opt-in normalized event shape to reduce provider lock-in
+- **Category-aware Migration**: Normalize within provider categories (payment/auth/infrastructure) for safe platform switching
+- **Strong Typed Normalized Schemas**: Category types like `PaymentWebhookNormalized` and `AuthWebhookNormalized` for safe migrations
+- **Foundational Error Taxonomy**: Stable `errorCode` values (`INVALID_SIGNATURE`, `MISSING_SIGNATURE`, etc.)
 
 ## Why Tern?
 
@@ -65,6 +75,78 @@ if (result.isValid) {
 }
 ```
 
+### Universal Verification (auto-detect platform)
+
+```typescript
+import { WebhookVerificationService } from '@hookflo/tern';
+
+const result = await WebhookVerificationService.verifyAny(request, {
+  stripe: process.env.STRIPE_WEBHOOK_SECRET,
+  github: process.env.GITHUB_WEBHOOK_SECRET,
+  clerk: process.env.CLERK_WEBHOOK_SECRET,
+});
+
+if (result.isValid) {
+  console.log(`Verified ${result.platform} webhook`);
+}
+```
+
+### Category-aware Payload Normalization
+
+### Strongly-Typed Normalized Payloads
+
+```typescript
+import {
+  WebhookVerificationService,
+  PaymentWebhookNormalized,
+} from '@hookflo/tern';
+
+const result = await WebhookVerificationService.verifyWithPlatformConfig<PaymentWebhookNormalized>(
+  request,
+  'stripe',
+  process.env.STRIPE_WEBHOOK_SECRET!,
+  300,
+  { enabled: true, category: 'payment' },
+);
+
+if (result.isValid && result.payload?.event === 'payment.succeeded') {
+  // result.payload is strongly typed
+  console.log(result.payload.amount, result.payload.customer_id);
+}
+```
+
+```typescript
+import { WebhookVerificationService, getPlatformsByCategory } from '@hookflo/tern';
+
+// Discover migration-compatible providers in the same category
+const paymentPlatforms = getPlatformsByCategory('payment');
+// ['stripe', 'polar', ...]
+
+const result = await WebhookVerificationService.verifyWithPlatformConfig(
+  request,
+  'stripe',
+  process.env.STRIPE_WEBHOOK_SECRET!,
+  300,
+  {
+    enabled: true,
+    category: 'payment',
+    includeRaw: true,
+  },
+);
+
+console.log(result.payload);
+// {
+//   event: 'payment.succeeded',
+//   amount: 5000,
+//   currency: 'USD',
+//   customer_id: 'cus_123',
+//   transaction_id: 'pi_123',
+//   provider: 'stripe',
+//   category: 'payment',
+//   _raw: {...}
+// }
+```
+
 ### Platform-Specific Usage
 
 ```typescript
@@ -132,6 +214,7 @@ const result = await WebhookVerificationService.verify(request, stripeConfig);
 - **Vercel**: HMAC-SHA256
 - **Polar**: HMAC-SHA256
 - **Supabase**: Token-based authentication
+- **GitLab**: Token-based authentication 
 
 ## Custom Platform Configuration
 
@@ -231,80 +314,59 @@ const timestampedConfig = {
 
 ## Framework Integration
 
-### Express.js
+### Express.js middleware (body-parser safe)
 
 ```typescript
-app.post('/webhooks/stripe', async (req, res) => {
-  const result = await WebhookVerificationService.verifyWithPlatformConfig(
-    req,
-    'stripe',
-    process.env.STRIPE_WEBHOOK_SECRET
-  );
-
-  if (!result.isValid) {
-    return res.status(400).json({ error: result.error });
-  }
-
-  // Process the webhook
-  console.log('Stripe event:', result.payload.type);
-  res.json({ received: true });
-});
+import express from 'express';
+import { createWebhookMiddleware } from '@hookflo/tern/express';
+
+const app = express();
+
+app.post(
+  '/webhooks/stripe',
+  createWebhookMiddleware({
+    platform: 'stripe',
+    secret: process.env.STRIPE_WEBHOOK_SECRET!,
+    normalize: true,
+  }),
+  (req, res) => {
+    const event = (req as any).webhook.payload;
+    res.json({ received: true, event: event.event });
+  },
+);
 ```
 
-### Next.js API Route
+### Next.js App Router
 
 ```typescript
-// pages/api/webhooks/github.js
-export default async function handler(req, res) {
-  if (req.method !== 'POST') {
-    return res.status(405).json({ error: 'Method not allowed' });
-  }
-
-  const result = await WebhookVerificationService.verifyWithPlatformConfig(
-    req,
-    'github',
-    process.env.GITHUB_WEBHOOK_SECRET
-  );
-
-  if (!result.isValid) {
-    return res.status(400).json({ error: result.error });
-  }
+import { createWebhookHandler } from '@hookflo/tern/nextjs';
 
-  // Handle GitHub webhook
-  const event = req.headers['x-github-event'];
-  console.log('GitHub event:', event);
-  
-  res.json({ received: true });
-}
+export const POST = createWebhookHandler({
+  platform: 'github',
+  secret: process.env.GITHUB_WEBHOOK_SECRET!,
+  handler: async (payload) => ({ received: true, event: payload.event ?? payload.type }),
+});
 ```
 
 ### Cloudflare Workers
 
 ```typescript
-addEventListener('fetch', event => {
-  event.respondWith(handleRequest(event.request));
+import { createWebhookHandler } from '@hookflo/tern/cloudflare';
+
+const handleStripe = createWebhookHandler({
+  platform: 'stripe',
+  secretEnv: 'STRIPE_WEBHOOK_SECRET',
+  handler: async (payload) => ({ received: true, event: payload.event ?? payload.type }),
 });
 
-async function handleRequest(request) {
-  if (request.url.includes('/webhooks/clerk')) {
-    const result = await WebhookVerificationService.verifyWithPlatformConfig(
-      request,
-      'clerk',
-      CLERK_WEBHOOK_SECRET
-    );
-
-    if (!result.isValid) {
-      return new Response(JSON.stringify({ error: result.error }), {
-        status: 400,
-        headers: { 'Content-Type': 'application/json' }
-      });
+export default {
+  async fetch(request: Request, env: Record<string, string>) {
+    if (new URL(request.url).pathname === '/webhooks/stripe') {
+      return handleStripe(request, env);
     }
-
-    // Process Clerk webhook
-    console.log('Clerk event:', result.payload.type);
-    return new Response(JSON.stringify({ received: true }));
-  }
-}
+    return new Response('Not Found', { status: 404 });
+  },
+};
 ```
 
 ## API Reference
@@ -315,14 +377,22 @@ async function handleRequest(request) {
 
 Verifies a webhook using the provided configuration.
 
-#### `verifyWithPlatformConfig(request: Request, platform: WebhookPlatform, secret: string, toleranceInSeconds?: number): Promise<WebhookVerificationResult>`
+#### `verifyWithPlatformConfig(request: Request, platform: WebhookPlatform, secret: string, toleranceInSeconds?: number, normalize?: boolean | NormalizeOptions): Promise<WebhookVerificationResult>`
+
+Simplified verification using platform-specific configurations with optional payload normalization.
 
-Simplified verification using platform-specific configurations.
+#### `verifyAny(request: Request, secrets: Record<string, string>, toleranceInSeconds?: number, normalize?: boolean | NormalizeOptions): Promise<WebhookVerificationResult>`
+
+Auto-detects platform from headers and verifies against one or more provider secrets.
 
 #### `verifyTokenBased(request: Request, webhookId: string, webhookToken: string): Promise<WebhookVerificationResult>`
 
 Verifies token-based webhooks (like Supabase).
 
+#### `getPlatformsByCategory(category: 'payment' | 'auth' | 'ecommerce' | 'infrastructure'): WebhookPlatform[]`
+
+Returns built-in providers that normalize into a shared schema for the given migration category.
+
 ### Types
 
 #### `WebhookVerificationResult`
@@ -331,6 +401,7 @@ Verifies token-based webhooks (like Supabase).
 interface WebhookVerificationResult {
   isValid: boolean;
   error?: string;
+  errorCode?: WebhookErrorCode;
   platform: WebhookPlatform;
   payload?: any;
   metadata?: {
@@ -349,6 +420,7 @@ interface WebhookConfig {
   secret: string;
   toleranceInSeconds?: number;
   signatureConfig?: SignatureConfig;
+  normalize?: boolean | NormalizeOptions;
 }
 ```
 
@@ -422,4 +494,5 @@ MIT License - see [LICENSE](./LICENSE) for details.
 
 - [Documentation](./USAGE.md)
 - [Framework Summary](./FRAMEWORK_SUMMARY.md)
+- [Architecture Guide](./ARCHITECTURE.md)
 - [Issues](https://github.com/Hookflo/tern/issues)

package/dist/adapters/cloudflare.d.ts

@@ -0,0 +1,11 @@
+import { WebhookPlatform, NormalizeOptions } from '../types';
+export interface CloudflareWebhookHandlerOptions<TEnv = Record<string, unknown>, TResponse = unknown> {
+    platform: WebhookPlatform;
+    secret?: string;
+    secretEnv?: string;
+    toleranceInSeconds?: number;
+    normalize?: boolean | NormalizeOptions;
+    onError?: (error: Error) => void;
+    handler: (payload: any, env: TEnv, metadata: Record<string, any>) => Promise<TResponse> | TResponse;
+}
+export declare function createWebhookHandler<TEnv = Record<string, unknown>, TResponse = unknown>(options: CloudflareWebhookHandlerOptions<TEnv, TResponse>): (request: Request, env: TEnv) => Promise<Response>;

package/dist/adapters/cloudflare.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createWebhookHandler = createWebhookHandler;
+const index_1 = require("../index");
+function createWebhookHandler(options) {
+    return async (request, env) => {
+        try {
+            const secret = options.secret
+                || (options.secretEnv ? env[options.secretEnv] : undefined);
+            if (!secret) {
+                return Response.json({ error: 'Webhook secret is not configured' }, { status: 500 });
+            }
+            const result = await index_1.WebhookVerificationService.verifyWithPlatformConfig(request, options.platform, secret, options.toleranceInSeconds, options.normalize);
+            if (!result.isValid) {
+                return Response.json({ error: result.error, platform: result.platform }, { status: 400 });
+            }
+            const data = await options.handler(result.payload, env, result.metadata || {});
+            return Response.json(data);
+        }
+        catch (error) {
+            options.onError?.(error);
+            return Response.json({ error: error.message }, { status: 500 });
+        }
+    };
+}

package/dist/adapters/express.d.ts

@@ -0,0 +1,18 @@
+import { WebhookPlatform, WebhookVerificationResult, NormalizeOptions } from '../types';
+import { MinimalNodeRequest } from './shared';
+export interface ExpressLikeResponse {
+    status: (code: number) => ExpressLikeResponse;
+    json: (payload: unknown) => unknown;
+}
+export interface ExpressLikeRequest extends MinimalNodeRequest {
+    webhook?: WebhookVerificationResult;
+}
+export type ExpressLikeNext = () => void;
+export interface ExpressWebhookMiddlewareOptions {
+    platform: WebhookPlatform;
+    secret: string;
+    toleranceInSeconds?: number;
+    normalize?: boolean | NormalizeOptions;
+    onError?: (error: Error) => void;
+}
+export declare function createWebhookMiddleware(options: ExpressWebhookMiddlewareOptions): (req: ExpressLikeRequest, res: ExpressLikeResponse, next: ExpressLikeNext) => Promise<void>;

package/dist/adapters/express.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createWebhookMiddleware = createWebhookMiddleware;
+const index_1 = require("../index");
+const shared_1 = require("./shared");
+function createWebhookMiddleware(options) {
+    return async (req, res, next) => {
+        try {
+            const webRequest = await (0, shared_1.toWebRequest)(req);
+            const result = await index_1.WebhookVerificationService.verifyWithPlatformConfig(webRequest, options.platform, options.secret, options.toleranceInSeconds, options.normalize);
+            if (!result.isValid) {
+                res.status(400).json({ error: result.error, platform: result.platform });
+                return;
+            }
+            req.webhook = result;
+            next();
+        }
+        catch (error) {
+            options.onError?.(error);
+            res.status(500).json({ error: error.message });
+        }
+    };
+}

package/dist/adapters/index.d.ts

@@ -0,0 +1,4 @@
+export { createWebhookMiddleware, ExpressWebhookMiddlewareOptions, ExpressLikeRequest, ExpressLikeResponse, } from './express';
+export { createWebhookHandler as createNextjsWebhookHandler, NextWebhookHandlerOptions, } from './nextjs';
+export { createWebhookHandler as createCloudflareWebhookHandler, CloudflareWebhookHandlerOptions, } from './cloudflare';
+export { toWebRequest, extractRawBody } from './shared';

package/dist/adapters/index.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractRawBody = exports.toWebRequest = exports.createCloudflareWebhookHandler = exports.createNextjsWebhookHandler = exports.createWebhookMiddleware = void 0;
+var express_1 = require("./express");
+Object.defineProperty(exports, "createWebhookMiddleware", { enumerable: true, get: function () { return express_1.createWebhookMiddleware; } });
+var nextjs_1 = require("./nextjs");
+Object.defineProperty(exports, "createNextjsWebhookHandler", { enumerable: true, get: function () { return nextjs_1.createWebhookHandler; } });
+var cloudflare_1 = require("./cloudflare");
+Object.defineProperty(exports, "createCloudflareWebhookHandler", { enumerable: true, get: function () { return cloudflare_1.createWebhookHandler; } });
+var shared_1 = require("./shared");
+Object.defineProperty(exports, "toWebRequest", { enumerable: true, get: function () { return shared_1.toWebRequest; } });
+Object.defineProperty(exports, "extractRawBody", { enumerable: true, get: function () { return shared_1.extractRawBody; } });

package/dist/adapters/nextjs.d.ts

@@ -0,0 +1,10 @@
+import { WebhookPlatform, NormalizeOptions } from '../types';
+export interface NextWebhookHandlerOptions<TResponse = unknown> {
+    platform: WebhookPlatform;
+    secret: string;
+    toleranceInSeconds?: number;
+    normalize?: boolean | NormalizeOptions;
+    onError?: (error: Error) => void;
+    handler: (payload: any, metadata: Record<string, any>) => Promise<TResponse> | TResponse;
+}
+export declare function createWebhookHandler<TResponse = unknown>(options: NextWebhookHandlerOptions<TResponse>): (request: Request) => Promise<Response>;

package/dist/adapters/nextjs.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createWebhookHandler = createWebhookHandler;
+const index_1 = require("../index");
+function createWebhookHandler(options) {
+    return async (request) => {
+        try {
+            const result = await index_1.WebhookVerificationService.verifyWithPlatformConfig(request, options.platform, options.secret, options.toleranceInSeconds, options.normalize);
+            if (!result.isValid) {
+                return Response.json({ error: result.error, platform: result.platform }, { status: 400 });
+            }
+            const data = await options.handler(result.payload, result.metadata || {});
+            return Response.json(data);
+        }
+        catch (error) {
+            options.onError?.(error);
+            return Response.json({ error: error.message }, { status: 500 });
+        }
+    };
+}

package/dist/adapters/shared.d.ts

@@ -0,0 +1,13 @@
+export interface MinimalNodeRequest {
+    method?: string;
+    headers: Record<string, string | string[] | undefined>;
+    body?: unknown;
+    protocol?: string;
+    get?: (name: string) => string | undefined;
+    originalUrl?: string;
+    url?: string;
+    on?: (event: string, cb: (chunk?: any) => void) => void;
+}
+export declare function extractRawBody(request: MinimalNodeRequest): Promise<string>;
+export declare function toHeadersInit(headers: Record<string, string | string[] | undefined>): HeadersInit;
+export declare function toWebRequest(request: MinimalNodeRequest): Promise<Request>;

package/dist/adapters/shared.js

@@ -0,0 +1,67 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractRawBody = extractRawBody;
+exports.toHeadersInit = toHeadersInit;
+exports.toWebRequest = toWebRequest;
+function getHeaderValue(headers, name) {
+    const value = headers[name.toLowerCase()] ?? headers[name];
+    if (Array.isArray(value)) {
+        return value.join(',');
+    }
+    return value;
+}
+async function readIncomingMessageBody(request) {
+    if (!request.on) {
+        return '';
+    }
+    const chunks = [];
+    return new Promise((resolve, reject) => {
+        request.on?.('data', (chunk) => {
+            if (typeof chunk === 'string') {
+                chunks.push(chunk);
+                return;
+            }
+            chunks.push(Buffer.from(chunk ?? '').toString('utf8'));
+        });
+        request.on?.('end', () => resolve(chunks.join('')));
+        request.on?.('error', reject);
+    });
+}
+async function extractRawBody(request) {
+    const body = request.body;
+    if (typeof body === 'string') {
+        return body;
+    }
+    if (Buffer.isBuffer(body)) {
+        return body.toString('utf8');
+    }
+    if (body && typeof body === 'object') {
+        return JSON.stringify(body);
+    }
+    return readIncomingMessageBody(request);
+}
+function toHeadersInit(headers) {
+    const normalized = new Headers();
+    for (const [key, value] of Object.entries(headers)) {
+        if (!value) {
+            continue;
+        }
+        if (Array.isArray(value)) {
+            normalized.set(key, value.join(','));
+            continue;
+        }
+        normalized.set(key, value);
+    }
+    return normalized;
+}
+async function toWebRequest(request) {
+    const protocol = request.protocol || 'https';
+    const host = request.get?.('host') || getHeaderValue(request.headers, 'host') || 'localhost';
+    const path = request.originalUrl || request.url || '/';
+    const rawBody = await extractRawBody(request);
+    return new Request(`${protocol}://${host}${path}`, {
+        method: request.method || 'POST',
+        headers: toHeadersInit(request.headers),
+        body: rawBody,
+    });
+}

package/dist/cloudflare.d.ts

@@ -0,0 +1,2 @@
+export { createWebhookHandler } from './adapters/cloudflare';
+export type { CloudflareWebhookHandlerOptions } from './adapters/cloudflare';

package/dist/cloudflare.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createWebhookHandler = void 0;
+var cloudflare_1 = require("./adapters/cloudflare");
+Object.defineProperty(exports, "createWebhookHandler", { enumerable: true, get: function () { return cloudflare_1.createWebhookHandler; } });

package/dist/express.d.ts

@@ -0,0 +1,2 @@
+export { createWebhookMiddleware } from './adapters/express';
+export type { ExpressWebhookMiddlewareOptions, ExpressLikeRequest, ExpressLikeResponse, } from './adapters/express';

package/dist/express.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createWebhookMiddleware = void 0;
+var express_1 = require("./adapters/express");
+Object.defineProperty(exports, "createWebhookMiddleware", { enumerable: true, get: function () { return express_1.createWebhookMiddleware; } });

package/dist/index.d.ts

@@ -1,17 +1,21 @@
-import { WebhookConfig, WebhookVerificationResult, WebhookPlatform, SignatureConfig } from './types';
+import { WebhookConfig, WebhookVerificationResult, WebhookPlatform, SignatureConfig, MultiPlatformSecrets, NormalizeOptions } from './types';
 export declare class WebhookVerificationService {
-    static verify(request: Request, config: WebhookConfig): Promise<WebhookVerificationResult>;
+    static verify<TPayload = unknown>(request: Request, config: WebhookConfig): Promise<WebhookVerificationResult<TPayload>>;
     private static getVerifier;
     private static createAlgorithmBasedVerifier;
     private static getLegacyVerifier;
-    static verifyWithPlatformConfig(request: Request, platform: WebhookPlatform, secret: string, toleranceInSeconds?: number): Promise<WebhookVerificationResult>;
+    static verifyWithPlatformConfig<TPayload = unknown>(request: Request, platform: WebhookPlatform, secret: string, toleranceInSeconds?: number, normalize?: boolean | NormalizeOptions): Promise<WebhookVerificationResult<TPayload>>;
+    static verifyAny<TPayload = unknown>(request: Request, secrets: MultiPlatformSecrets, toleranceInSeconds?: number, normalize?: boolean | NormalizeOptions): Promise<WebhookVerificationResult<TPayload>>;
+    static detectPlatform(request: Request): WebhookPlatform;
     static getPlatformsUsingAlgorithm(algorithm: string): WebhookPlatform[];
     static platformUsesAlgorithm(platform: WebhookPlatform, algorithm: string): boolean;
     static validateSignatureConfig(config: SignatureConfig): boolean;
-    static verifyTokenBased(request: Request, webhookId: string, webhookToken: string): Promise<WebhookVerificationResult>;
+    static verifyTokenBased<TPayload = unknown>(request: Request, webhookId: string, webhookToken: string): Promise<WebhookVerificationResult<TPayload>>;
 }
 export * from './types';
 export { getPlatformAlgorithmConfig, platformUsesAlgorithm, getPlatformsUsingAlgorithm, validateSignatureConfig, } from './platforms/algorithms';
 export { createAlgorithmVerifier } from './verifiers/algorithms';
 export { createCustomVerifier } from './verifiers/custom-algorithms';
+export { normalizePayload, getPlatformNormalizationCategory, getPlatformsByCategory, } from './normalization/simple';
+export * from './adapters';
 export default WebhookVerificationService;

package/dist/index.js

@@ -14,22 +14,25 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createCustomVerifier = exports.createAlgorithmVerifier = exports.validateSignatureConfig = exports.getPlatformsUsingAlgorithm = exports.platformUsesAlgorithm = exports.getPlatformAlgorithmConfig = exports.WebhookVerificationService = void 0;
+exports.getPlatformsByCategory = exports.getPlatformNormalizationCategory = exports.normalizePayload = exports.createCustomVerifier = exports.createAlgorithmVerifier = exports.validateSignatureConfig = exports.getPlatformsUsingAlgorithm = exports.platformUsesAlgorithm = exports.getPlatformAlgorithmConfig = exports.WebhookVerificationService = void 0;
 const algorithms_1 = require("./verifiers/algorithms");
 const custom_algorithms_1 = require("./verifiers/custom-algorithms");
 const algorithms_2 = require("./platforms/algorithms");
+const simple_1 = require("./normalization/simple");
 class WebhookVerificationService {
     static async verify(request, config) {
         const verifier = this.getVerifier(config);
-        const result = await verifier.verify(request);
+        const result = await verifier.verify(request.clone());
         // Ensure the platform is set correctly in the result
         if (result.isValid) {
             result.platform = config.platform;
+            if (config.normalize) {
+                result.payload = (0, simple_1.normalizePayload)(config.platform, result.payload, config.normalize);
+            }
         }
         return result;
     }
     static getVerifier(config) {
-        const platform = config.platform.toLowerCase();
         // If a custom signature config is provided, use the new algorithm-based framework
         if (config.signatureConfig) {
             return this.createAlgorithmBasedVerifier(config);
@@ -50,9 +53,8 @@ class WebhookVerificationService {
         return (0, algorithms_1.createAlgorithmVerifier)(secret, signatureConfig, config.platform, toleranceInSeconds);
     }
     static getLegacyVerifier(config) {
-        const platform = config.platform.toLowerCase();
         // For legacy support, we'll use the algorithm-based approach
-        const platformConfig = (0, algorithms_2.getPlatformAlgorithmConfig)(platform);
+        const platformConfig = (0, algorithms_2.getPlatformAlgorithmConfig)(config.platform);
         const configWithSignature = {
             ...config,
             signatureConfig: platformConfig.signatureConfig,
@@ -60,30 +62,72 @@ class WebhookVerificationService {
         return this.createAlgorithmBasedVerifier(configWithSignature);
     }
     // New method to create verifier using platform algorithm config
-    static async verifyWithPlatformConfig(request, platform, secret, toleranceInSeconds = 300) {
+    static async verifyWithPlatformConfig(request, platform, secret, toleranceInSeconds = 300, normalize = false) {
         const platformConfig = (0, algorithms_2.getPlatformAlgorithmConfig)(platform);
         const config = {
             platform,
             secret,
             toleranceInSeconds,
             signatureConfig: platformConfig.signatureConfig,
+            normalize,
         };
-        return await this.verify(request, config);
+        return this.verify(request, config);
+    }
+    static async verifyAny(request, secrets, toleranceInSeconds = 300, normalize = false) {
+        const requestClone = request.clone();
+        const detectedPlatform = this.detectPlatform(requestClone);
+        if (detectedPlatform !== 'unknown' && secrets[detectedPlatform]) {
+            return this.verifyWithPlatformConfig(requestClone, detectedPlatform, secrets[detectedPlatform], toleranceInSeconds, normalize);
+        }
+        for (const [platform, secret] of Object.entries(secrets)) {
+            if (!secret) {
+                continue;
+            }
+            const result = await this.verifyWithPlatformConfig(requestClone, platform.toLowerCase(), secret, toleranceInSeconds, normalize);
+            if (result.isValid) {
+                return result;
+            }
+        }
+        return {
+            isValid: false,
+            error: 'Unable to verify webhook with provided platform secrets',
+            errorCode: 'VERIFICATION_ERROR',
+            platform: detectedPlatform,
+        };
+    }
+    static detectPlatform(request) {
+        const headers = request.headers;
+        if (headers.has('stripe-signature'))
+            return 'stripe';
+        if (headers.has('x-hub-signature-256'))
+            return 'github';
+        if (headers.has('svix-signature'))
+            return 'clerk';
+        if (headers.has('webhook-signature'))
+            return 'dodopayments';
+        if (headers.has('x-gitlab-token'))
+            return 'gitlab';
+        if (headers.has('x-polar-signature'))
+            return 'polar';
+        if (headers.has('x-shopify-hmac-sha256'))
+            return 'shopify';
+        if (headers.has('x-vercel-signature'))
+            return 'vercel';
+        if (headers.has('x-webhook-token') && headers.has('x-webhook-id'))
+            return 'supabase';
+        return 'unknown';
     }
     // Helper method to get all platforms using a specific algorithm
     static getPlatformsUsingAlgorithm(algorithm) {
-        const { getPlatformsUsingAlgorithm } = require('./platforms/algorithms');
-        return getPlatformsUsingAlgorithm(algorithm);
+        return (0, algorithms_2.getPlatformsUsingAlgorithm)(algorithm);
     }
     // Helper method to check if a platform uses a specific algorithm
     static platformUsesAlgorithm(platform, algorithm) {
-        const { platformUsesAlgorithm } = require('./platforms/algorithms');
-        return platformUsesAlgorithm(platform, algorithm);
+        return (0, algorithms_2.platformUsesAlgorithm)(platform, algorithm);
     }
     // Helper method to validate signature config
     static validateSignatureConfig(config) {
-        const { validateSignatureConfig } = require('./platforms/algorithms');
-        return validateSignatureConfig(config);
+        return (0, algorithms_2.validateSignatureConfig)(config);
     }
     // Simple token-based verification for platforms like Supabase
     static async verifyTokenBased(request, webhookId, webhookToken) {
@@ -94,6 +138,7 @@ class WebhookVerificationService {
                 return {
                     isValid: false,
                     error: 'Missing required headers: x-webhook-id and x-webhook-token',
+                    errorCode: 'MISSING_TOKEN',
                     platform: 'custom',
                 };
             }
@@ -103,6 +148,7 @@ class WebhookVerificationService {
                 return {
                     isValid: false,
                     error: 'Invalid webhook ID or token',
+                    errorCode: 'INVALID_TOKEN',
                     platform: 'custom',
                 };
             }
@@ -117,7 +163,7 @@ class WebhookVerificationService {
             return {
                 isValid: true,
                 platform: 'custom',
-                payload,
+                payload: payload,
                 metadata: {
                     id: idHeader,
                     algorithm: 'token-based',
@@ -128,6 +174,7 @@ class WebhookVerificationService {
             return {
                 isValid: false,
                 error: `Token-based verification error: ${error.message}`,
+                errorCode: 'VERIFICATION_ERROR',
                 platform: 'custom',
             };
         }
@@ -144,4 +191,9 @@ var algorithms_4 = require("./verifiers/algorithms");
 Object.defineProperty(exports, "createAlgorithmVerifier", { enumerable: true, get: function () { return algorithms_4.createAlgorithmVerifier; } });
 var custom_algorithms_2 = require("./verifiers/custom-algorithms");
 Object.defineProperty(exports, "createCustomVerifier", { enumerable: true, get: function () { return custom_algorithms_2.createCustomVerifier; } });
+var simple_2 = require("./normalization/simple");
+Object.defineProperty(exports, "normalizePayload", { enumerable: true, get: function () { return simple_2.normalizePayload; } });
+Object.defineProperty(exports, "getPlatformNormalizationCategory", { enumerable: true, get: function () { return simple_2.getPlatformNormalizationCategory; } });
+Object.defineProperty(exports, "getPlatformsByCategory", { enumerable: true, get: function () { return simple_2.getPlatformsByCategory; } });
+__exportStar(require("./adapters"), exports);
 exports.default = WebhookVerificationService;

package/dist/nextjs.d.ts

@@ -0,0 +1,2 @@
+export { createWebhookHandler } from './adapters/nextjs';
+export type { NextWebhookHandlerOptions } from './adapters/nextjs';

package/dist/nextjs.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createWebhookHandler = void 0;
+var nextjs_1 = require("./adapters/nextjs");
+Object.defineProperty(exports, "createWebhookHandler", { enumerable: true, get: function () { return nextjs_1.createWebhookHandler; } });

package/dist/normalization/simple.d.ts

@@ -0,0 +1,4 @@
+import { AnyNormalizedWebhook, NormalizeOptions, NormalizationCategory, WebhookPlatform } from '../types';
+export declare function getPlatformNormalizationCategory(platform: WebhookPlatform): NormalizationCategory | null;
+export declare function getPlatformsByCategory(category: NormalizationCategory): WebhookPlatform[];
+export declare function normalizePayload(platform: WebhookPlatform, payload: any, normalize?: boolean | NormalizeOptions): AnyNormalizedWebhook | unknown;

package/dist/normalization/simple.js

@@ -0,0 +1,138 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getPlatformNormalizationCategory = getPlatformNormalizationCategory;
+exports.getPlatformsByCategory = getPlatformsByCategory;
+exports.normalizePayload = normalizePayload;
+function readPath(payload, path) {
+    return path.split('.').reduce((acc, key) => {
+        if (acc === undefined || acc === null) {
+            return undefined;
+        }
+        return acc[key];
+    }, payload);
+}
+const platformNormalizers = {
+    stripe: {
+        platform: 'stripe',
+        category: 'payment',
+        normalize: (payload) => ({
+            category: 'payment',
+            event: readPath(payload, 'type') === 'payment_intent.succeeded'
+                ? 'payment.succeeded'
+                : 'payment.unknown',
+            amount: readPath(payload, 'data.object.amount_received')
+                ?? readPath(payload, 'data.object.amount'),
+            currency: String(readPath(payload, 'data.object.currency') ?? '').toUpperCase() || undefined,
+            customer_id: readPath(payload, 'data.object.customer'),
+            transaction_id: readPath(payload, 'data.object.id'),
+            metadata: {},
+            occurred_at: new Date().toISOString(),
+        }),
+    },
+    polar: {
+        platform: 'polar',
+        category: 'payment',
+        normalize: (payload) => ({
+            category: 'payment',
+            event: readPath(payload, 'event') === 'payment.completed'
+                ? 'payment.succeeded'
+                : 'payment.unknown',
+            amount: readPath(payload, 'payload.amount_cents'),
+            currency: String(readPath(payload, 'payload.currency_code') ?? '').toUpperCase() || undefined,
+            customer_id: readPath(payload, 'payload.customer_id'),
+            transaction_id: readPath(payload, 'payload.transaction_id'),
+            metadata: {},
+            occurred_at: new Date().toISOString(),
+        }),
+    },
+    clerk: {
+        platform: 'clerk',
+        category: 'auth',
+        normalize: (payload) => ({
+            category: 'auth',
+            event: readPath(payload, 'type') || 'auth.unknown',
+            user_id: readPath(payload, 'data.id'),
+            email: readPath(payload, 'data.email_addresses.0.email_address'),
+            metadata: {},
+            occurred_at: new Date().toISOString(),
+        }),
+    },
+    supabase: {
+        platform: 'supabase',
+        category: 'auth',
+        normalize: (payload) => ({
+            category: 'auth',
+            event: readPath(payload, 'type') || readPath(payload, 'event') || 'auth.unknown',
+            user_id: readPath(payload, 'record.id') || readPath(payload, 'id'),
+            email: readPath(payload, 'record.email') || readPath(payload, 'email'),
+            metadata: {},
+            occurred_at: new Date().toISOString(),
+        }),
+    },
+    vercel: {
+        platform: 'vercel',
+        category: 'infrastructure',
+        normalize: (payload) => ({
+            category: 'infrastructure',
+            event: readPath(payload, 'type') || 'deployment.unknown',
+            project_id: readPath(payload, 'payload.project.id'),
+            deployment_id: readPath(payload, 'payload.deployment.id'),
+            status: 'unknown',
+            metadata: {},
+            occurred_at: new Date().toISOString(),
+        }),
+    },
+};
+function getPlatformNormalizationCategory(platform) {
+    return platformNormalizers[platform]?.category || null;
+}
+function getPlatformsByCategory(category) {
+    return Object.values(platformNormalizers)
+        .filter((spec) => !!spec)
+        .filter((spec) => spec.category === category)
+        .map((spec) => spec.platform);
+}
+function resolveNormalizeOptions(normalize) {
+    if (typeof normalize === 'boolean') {
+        return {
+            enabled: normalize,
+            category: undefined,
+            includeRaw: true,
+        };
+    }
+    return {
+        enabled: normalize?.enabled ?? true,
+        category: normalize?.category,
+        includeRaw: normalize?.includeRaw ?? true,
+    };
+}
+function buildUnknownNormalizedPayload(platform, payload, category, includeRaw, warning) {
+    return {
+        category: category || 'infrastructure',
+        event: payload?.type ?? payload?.event ?? 'unknown',
+        _platform: platform,
+        _raw: includeRaw ? payload : undefined,
+        warning,
+        occurred_at: new Date().toISOString(),
+    };
+}
+function normalizePayload(platform, payload, normalize) {
+    const options = resolveNormalizeOptions(normalize);
+    if (!options.enabled) {
+        return payload;
+    }
+    const spec = platformNormalizers[platform];
+    const inferredCategory = spec?.category;
+    if (!spec) {
+        return buildUnknownNormalizedPayload(platform, payload, options.category, options.includeRaw);
+    }
+    if (options.category && options.category !== inferredCategory) {
+        return buildUnknownNormalizedPayload(platform, payload, inferredCategory, options.includeRaw, `Requested normalization category '${options.category}' does not match platform category '${inferredCategory}'`);
+    }
+    const normalized = spec.normalize(payload);
+    return {
+        ...normalized,
+        _platform: platform,
+        _raw: options.includeRaw ? payload : undefined,
+    };
+}

package/dist/platforms/algorithms.js

@@ -117,6 +117,20 @@ exports.platformAlgorithmConfigs = {
         },
         description: 'Supabase webhooks use token-based authentication',
     },
+    gitlab: {
+        platform: 'gitlab',
+        signatureConfig: {
+            algorithm: 'custom',
+            headerName: 'X-Gitlab-Token',
+            headerFormat: 'raw',
+            payloadFormat: 'raw',
+            customConfig: {
+                type: 'token-based',
+                idHeader: 'X-Gitlab-Token',
+            },
+        },
+        description: 'GitLab webhooks use HMAC-SHA256 with X-Gitlab-Token header',
+    },
     custom: {
         platform: 'custom',
         signatureConfig: {

package/dist/test.js

@@ -24,6 +24,10 @@ function createGitHubSignature(body, secret) {
     hmac.update(body);
     return `sha256=${hmac.digest('hex')}`;
 }
+function createGitLabSignature(body, secret) {
+    // GitLab just compares the token in X-Gitlab-Token header
+    return secret;
+}
 function createClerkSignature(body, secret, id, timestamp) {
     const signedContent = `${id}.${timestamp}.${body}`;
     const secretBytes = new Uint8Array(Buffer.from(secret.split('_')[1], 'base64'));
@@ -170,7 +174,9 @@ async function runTests() {
             'content-type': 'application/json',
         });
         const invalidResult = await index_1.WebhookVerificationService.verifyWithPlatformConfig(invalidRequest, 'stripe', testSecret);
-        console.log('   ✅ Invalid signature correctly rejected:', !invalidResult.isValid ? 'PASSED' : 'FAILED');
+        const invalidSigPassed = !invalidResult.isValid && (invalidResult.errorCode === 'INVALID_SIGNATURE'
+            || invalidResult.errorCode === 'TIMESTAMP_EXPIRED');
+        console.log('   ✅ Invalid signature correctly rejected:', invalidSigPassed ? 'PASSED' : 'FAILED');
         if (invalidResult.isValid) {
             console.log('   ❌ Should have been rejected');
         }
@@ -185,7 +191,8 @@ async function runTests() {
             'content-type': 'application/json',
         });
         const missingHeaderResult = await index_1.WebhookVerificationService.verifyWithPlatformConfig(missingHeaderRequest, 'stripe', testSecret);
-        console.log('   ✅ Missing headers correctly rejected:', !missingHeaderResult.isValid ? 'PASSED' : 'FAILED');
+        const missingHeaderPassed = !missingHeaderResult.isValid && missingHeaderResult.errorCode === 'MISSING_SIGNATURE';
+        console.log('   ✅ Missing headers correctly rejected:', missingHeaderPassed ? 'PASSED' : 'FAILED');
         if (missingHeaderResult.isValid) {
             console.log('   ❌ Should have been rejected');
         }
@@ -193,6 +200,95 @@ async function runTests() {
     catch (error) {
         console.log('   ❌ Missing headers test failed:', error);
     }
+    // Test 8: GitLab Webhook
+    console.log('\n8. Testing GitLab Webhook...');
+    try {
+        const gitlabSecret = testSecret;
+        const gitlabRequest = createMockRequest({
+            'X-Gitlab-Token': gitlabSecret,
+            'content-type': 'application/json',
+        });
+        const gitlabResult = await index_1.WebhookVerificationService.verifyWithPlatformConfig(gitlabRequest, 'gitlab', gitlabSecret);
+        console.log('   ✅ GitLab:', gitlabResult.isValid ? 'PASSED' : 'FAILED');
+        if (!gitlabResult.isValid) {
+            console.log('   ❌ Error:', gitlabResult.error);
+        }
+    }
+    catch (error) {
+        console.log('   ❌ GitLab test failed:', error);
+    }
+    // Test 9: GitLab Invalid Token
+    console.log('\n9. Testing GitLab Invalid Token...');
+    try {
+        const gitlabRequest = createMockRequest({
+            'X-Gitlab-Token': 'wrong_secret',
+            'content-type': 'application/json',
+        });
+        const gitlabResult = await index_1.WebhookVerificationService.verifyWithPlatformConfig(gitlabRequest, 'gitlab', testSecret);
+        console.log('   ✅ Invalid token correctly rejected:', !gitlabResult.isValid ? 'PASSED' : 'FAILED');
+    }
+    catch (error) {
+        console.log('   ❌ GitLab invalid token test failed:', error);
+    }
+    // Test 10: verifyAny should auto-detect Stripe
+    console.log('\n10. Testing verifyAny auto-detection...');
+    try {
+        const timestamp = Math.floor(Date.now() / 1000);
+        const stripeSignature = createStripeSignature(testBody, testSecret, timestamp);
+        const request = createMockRequest({
+            'stripe-signature': stripeSignature,
+            'content-type': 'application/json',
+        });
+        const result = await index_1.WebhookVerificationService.verifyAny(request, {
+            stripe: testSecret,
+            github: 'wrong-secret',
+        });
+        console.log('   ✅ verifyAny:', result.isValid && result.platform === 'stripe' ? 'PASSED' : 'FAILED');
+    }
+    catch (error) {
+        console.log('   ❌ verifyAny test failed:', error);
+    }
+    // Test 11: Normalization for Stripe
+    console.log('\n11. Testing payload normalization...');
+    try {
+        const normalizedStripeBody = JSON.stringify({
+            type: 'payment_intent.succeeded',
+            data: {
+                object: {
+                    id: 'pi_123',
+                    amount: 5000,
+                    currency: 'usd',
+                    customer: 'cus_456',
+                },
+            },
+        });
+        const timestamp = Math.floor(Date.now() / 1000);
+        const stripeSignature = createStripeSignature(normalizedStripeBody, testSecret, timestamp);
+        const request = createMockRequest({
+            'stripe-signature': stripeSignature,
+            'content-type': 'application/json',
+        }, normalizedStripeBody);
+        const result = await index_1.WebhookVerificationService.verifyWithPlatformConfig(request, 'stripe', testSecret, 300, true);
+        const payload = result.payload;
+        const passed = result.isValid
+            && payload.event === 'payment.succeeded'
+            && payload.currency === 'USD'
+            && payload.transaction_id === 'pi_123';
+        console.log('   ✅ Normalization:', passed ? 'PASSED' : 'FAILED');
+    }
+    catch (error) {
+        console.log('   ❌ Normalization test failed:', error);
+    }
+    // Test 12: Category-aware normalization registry
+    console.log('\n12. Testing category-based platform registry...');
+    try {
+        const paymentPlatforms = (0, index_1.getPlatformsByCategory)('payment');
+        const hasStripeAndPolar = paymentPlatforms.includes('stripe') && paymentPlatforms.includes('polar');
+        console.log('   ✅ Category registry:', hasStripeAndPolar ? 'PASSED' : 'FAILED');
+    }
+    catch (error) {
+        console.log('   ❌ Category registry test failed:', error);
+    }
     console.log('\n🎉 All tests completed!');
 }
 // Run tests if this file is executed directly

package/dist/types.d.ts

@@ -1,4 +1,4 @@
-export type WebhookPlatform = 'custom' | 'clerk' | 'supabase' | 'github' | 'stripe' | 'shopify' | 'vercel' | 'polar' | 'dodopayments' | 'unknown';
+export type WebhookPlatform = 'custom' | 'clerk' | 'supabase' | 'github' | 'stripe' | 'shopify' | 'vercel' | 'polar' | 'dodopayments' | 'gitlab' | 'unknown';
 export declare enum WebhookPlatformKeys {
     GitHub = "github",
     Stripe = "stripe",
@@ -8,6 +8,7 @@ export declare enum WebhookPlatformKeys {
     Vercel = "vercel",
     Polar = "polar",
     Supabase = "supabase",
+    GitLab = "gitlab",
     Custom = "custom",
     Unknown = "unknown"
 }
@@ -22,11 +23,76 @@ export interface SignatureConfig {
     payloadFormat?: 'raw' | 'timestamped' | 'custom';
     customConfig?: Record<string, any>;
 }
-export interface WebhookVerificationResult {
+export type WebhookErrorCode = 'MISSING_SIGNATURE' | 'INVALID_SIGNATURE' | 'TIMESTAMP_EXPIRED' | 'MISSING_TOKEN' | 'INVALID_TOKEN' | 'PLATFORM_NOT_SUPPORTED' | 'NORMALIZATION_ERROR' | 'VERIFICATION_ERROR';
+export type NormalizationCategory = 'payment' | 'auth' | 'ecommerce' | 'infrastructure';
+export interface BaseNormalizedWebhook {
+    category: NormalizationCategory;
+    event: string;
+    _platform: WebhookPlatform | string;
+    _raw: unknown;
+    occurred_at?: string;
+}
+export type PaymentWebhookEvent = 'payment.succeeded' | 'payment.failed' | 'payment.refunded' | 'subscription.created' | 'subscription.cancelled' | 'payment.unknown';
+export interface PaymentWebhookNormalized extends BaseNormalizedWebhook {
+    category: 'payment';
+    event: PaymentWebhookEvent;
+    amount?: number;
+    currency?: string;
+    customer_id?: string;
+    transaction_id?: string;
+    subscription_id?: string;
+    refund_amount?: number;
+    failure_reason?: string;
+    metadata?: Record<string, string>;
+}
+export type AuthWebhookEvent = 'user.created' | 'user.updated' | 'user.deleted' | 'session.started' | 'session.ended' | 'auth.unknown';
+export interface AuthWebhookNormalized extends BaseNormalizedWebhook {
+    category: 'auth';
+    event: AuthWebhookEvent;
+    user_id?: string;
+    email?: string;
+    phone?: string;
+    metadata?: Record<string, string>;
+}
+export interface EcommerceWebhookNormalized extends BaseNormalizedWebhook {
+    category: 'ecommerce';
+    event: string;
+    order_id?: string;
+    customer_id?: string;
+    amount?: number;
+    currency?: string;
+    metadata?: Record<string, string>;
+}
+export interface InfrastructureWebhookNormalized extends BaseNormalizedWebhook {
+    category: 'infrastructure';
+    event: string;
+    project_id?: string;
+    deployment_id?: string;
+    status?: 'queued' | 'building' | 'ready' | 'error' | 'unknown';
+    metadata?: Record<string, string>;
+}
+export interface UnknownNormalizedWebhook extends BaseNormalizedWebhook {
+    event: string;
+    warning?: string;
+}
+export type NormalizedPayloadByCategory = {
+    payment: PaymentWebhookNormalized;
+    auth: AuthWebhookNormalized;
+    ecommerce: EcommerceWebhookNormalized;
+    infrastructure: InfrastructureWebhookNormalized;
+};
+export type AnyNormalizedWebhook = PaymentWebhookNormalized | AuthWebhookNormalized | EcommerceWebhookNormalized | InfrastructureWebhookNormalized | UnknownNormalizedWebhook;
+export interface NormalizeOptions {
+    enabled?: boolean;
+    category?: NormalizationCategory;
+    includeRaw?: boolean;
+}
+export interface WebhookVerificationResult<TPayload = unknown> {
     isValid: boolean;
     error?: string;
+    errorCode?: WebhookErrorCode;
     platform: WebhookPlatform;
-    payload?: any;
+    payload?: TPayload;
     metadata?: {
         timestamp?: string;
         id?: string | null;
@@ -38,6 +104,10 @@ export interface WebhookConfig {
     secret: string;
     toleranceInSeconds?: number;
     signatureConfig?: SignatureConfig;
+    normalize?: boolean | NormalizeOptions;
+}
+export interface MultiPlatformSecrets {
+    [platform: string]: string | undefined;
 }
 export interface PlatformAlgorithmConfig {
     platform: WebhookPlatform;

package/dist/types.js

@@ -11,6 +11,7 @@ var WebhookPlatformKeys;
     WebhookPlatformKeys["Vercel"] = "vercel";
     WebhookPlatformKeys["Polar"] = "polar";
     WebhookPlatformKeys["Supabase"] = "supabase";
+    WebhookPlatformKeys["GitLab"] = "gitlab";
     WebhookPlatformKeys["Custom"] = "custom";
     WebhookPlatformKeys["Unknown"] = "unknown";
 })(WebhookPlatformKeys || (exports.WebhookPlatformKeys = WebhookPlatformKeys = {}));

package/dist/verifiers/algorithms.js

@@ -185,6 +185,7 @@ class GenericHMACVerifier extends AlgorithmBasedVerifier {
                 return {
                     isValid: false,
                     error: `Missing signature header: ${this.config.headerName}`,
+                    errorCode: 'MISSING_SIGNATURE',
                     platform: this.platform,
                 };
             }
@@ -204,6 +205,7 @@ class GenericHMACVerifier extends AlgorithmBasedVerifier {
                 return {
                     isValid: false,
                     error: 'Webhook timestamp expired',
+                    errorCode: 'TIMESTAMP_EXPIRED',
                     platform: this.platform,
                 };
             }
@@ -228,6 +230,7 @@ class GenericHMACVerifier extends AlgorithmBasedVerifier {
                 return {
                     isValid: false,
                     error: 'Invalid signature',
+                    errorCode: 'INVALID_SIGNATURE',
                     platform: this.platform,
                 };
             }
@@ -252,6 +255,7 @@ class GenericHMACVerifier extends AlgorithmBasedVerifier {
             return {
                 isValid: false,
                 error: `${this.platform} verification error: ${error.message}`,
+                errorCode: 'VERIFICATION_ERROR',
                 platform: this.platform,
             };
         }

package/dist/verifiers/custom-algorithms.js

@@ -17,6 +17,7 @@ class TokenBasedVerifier extends base_1.WebhookVerifier {
                 return {
                     isValid: false,
                     error: `Missing token header: ${this.config.headerName}`,
+                    errorCode: 'MISSING_TOKEN',
                     platform: 'custom',
                 };
             }
@@ -26,6 +27,7 @@ class TokenBasedVerifier extends base_1.WebhookVerifier {
                 return {
                     isValid: false,
                     error: 'Invalid token',
+                    errorCode: 'INVALID_TOKEN',
                     platform: 'custom',
                 };
             }
@@ -51,6 +53,7 @@ class TokenBasedVerifier extends base_1.WebhookVerifier {
             return {
                 isValid: false,
                 error: `Token-based verification error: ${error.message}`,
+                errorCode: 'VERIFICATION_ERROR',
                 platform: 'custom',
             };
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hookflo/tern",
-  "version": "2.0.0",
+  "version": "2.0.2-experimental.0",
   "description": "A robust, scalable webhook verification framework supporting multiple platforms and signature algorithms",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -15,7 +15,7 @@
     "release:patch": "npm run build && npm version patch && npm publish",
     "release:minor": "npm run build && npm version minor && npm publish",
     "release:major": "npm run build && npm version major && npm publish",
-    "clean": "rm -rf dist",
+    "clean": "rimraf dist",
     "prebuild": "npm run clean"
   },
   "keywords": [
@@ -55,7 +55,9 @@
     "eslint-plugin-import": "^2.32.0",
     "jest": "29.5.0",
     "prettier": "3.0.0",
+    "rimraf": "^6.0.1",
     "ts-jest": "29.1.0",
+    "ts-node": "^10.9.2",
     "typescript": "^5.0.0"
   },
   "engines": {
@@ -68,5 +70,23 @@
   ],
   "publishConfig": {
     "access": "public"
+  },
+  "exports": {
+    ".": {
+      "require": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    },
+    "./express": {
+      "require": "./dist/express.js",
+      "types": "./dist/express.d.ts"
+    },
+    "./nextjs": {
+      "require": "./dist/nextjs.js",
+      "types": "./dist/nextjs.d.ts"
+    },
+    "./cloudflare": {
+      "require": "./dist/cloudflare.js",
+      "types": "./dist/cloudflare.d.ts"
+    }
   }
 }