@hypawave/sdk 0.3.0 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +2 -2
- package/CHANGELOG.md +25 -0
- package/README.md +3 -1
- package/dist/index.d.mts +7 -0
- package/dist/index.d.ts +7 -0
- package/package.json +1 -1
- package/skills/hypawave/SKILL.md +2 -2
package/AGENTS.md
CHANGED
|
@@ -91,12 +91,12 @@ For Paths 3a / 3b, there is no SDK — use raw HTTP with pubkey signatures per t
|
|
|
91
91
|
|
|
92
92
|
## Non-negotiables
|
|
93
93
|
|
|
94
|
-
1. **Preimage is mandatory** for principal settlements. Pay via a wallet that returns the preimage (LND, Core Lightning, LNbits admin key, Alby/NWC, Phoenixd). Consumer wallets like Wallet of Satoshi or Phoenix mobile cannot satisfy this.
|
|
94
|
+
1. **Preimage is mandatory** for principal settlements. Pay via a wallet that returns the preimage (LND, Core Lightning, LNbits admin key, Alby/NWC, Phoenixd). Consumer wallets like Wallet of Satoshi or Phoenix mobile cannot satisfy this. The wallet also needs **funded outbound liquidity ≥ amount + fees** — a fresh/empty node or "fee-credit" balance can't pay even when total balance ≥ price. For small or test payments, a **custodial wallet over NWC (e.g. Coinos)** skips channel setup entirely — only funding is needed.
|
|
95
95
|
2. **Confirm before unlocking.** Always submit preimage to the confirm endpoint before requesting file keys or download URLs.
|
|
96
96
|
3. **Funds flow buyer→seller directly.** Never route principal through any Hypawave endpoint. Only activation fees (small, Hypawave-issued bolt11s) go to Hypawave.
|
|
97
97
|
4. **Honor `terms_hash`** on Path 3b offers. If the server returns `409 terms_changed`, re-read the offer before paying.
|
|
98
98
|
5. **Do not invent endpoints.** If a field or path is not in openapi.json, it does not exist.
|
|
99
|
-
6. **Encrypt client-side** for file attachments. AES-256-GCM. Hypawave never sees plaintext.
|
|
99
|
+
6. **Encrypt client-side** for file attachments. AES-256-GCM. Hypawave never sees plaintext. `storeFile` requires `ciphertext_sha256` (SHA-256 hex of the bytes you upload) — Hypawave verifies + seals it so buyers can verify what they download.
|
|
100
100
|
|
|
101
101
|
## When you hit something the manual doesn't cover
|
|
102
102
|
|
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,31 @@ All notable changes to `@hypawave/sdk` are documented here.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [0.4.1]
|
|
9
|
+
|
|
10
|
+
### Changed
|
|
11
|
+
- Docs only — no API changes. Clarified payer-wallet requirements in `README.md`,
|
|
12
|
+
`AGENTS.md`, and the bundled `skills/hypawave/SKILL.md`: the wallet needs
|
|
13
|
+
**funded outbound liquidity ≥ amount + fees** (a fresh/empty node or Phoenix
|
|
14
|
+
"fee-credit" balance can't pay even when total balance ≥ price), and for small
|
|
15
|
+
or test payments a **custodial wallet over NWC (e.g. Coinos)** avoids channel
|
|
16
|
+
setup entirely — only funding is needed. Mirrors the buyer-wallet guidance in
|
|
17
|
+
`llms.txt`.
|
|
18
|
+
|
|
19
|
+
## [0.4.0]
|
|
20
|
+
|
|
21
|
+
### Added
|
|
22
|
+
- `StoreFileParams.ciphertext_sha256` (**required**) — the lowercase-hex SHA-256
|
|
23
|
+
of the exact ciphertext you upload. Hypawave verifies it against the stored
|
|
24
|
+
bytes and seals them at the first bolt11 mint, and returns it at key retrieval
|
|
25
|
+
so buyers can verify downloaded bytes before decrypting (content integrity /
|
|
26
|
+
anti-bait-and-switch).
|
|
27
|
+
|
|
28
|
+
### Changed
|
|
29
|
+
- `storeFile()` now requires `ciphertext_sha256`. Compute `sha256` over the same
|
|
30
|
+
bytes you PUT to the presigned upload URL and pass it through. Calls without it
|
|
31
|
+
are rejected by the API with `400 validation_error`.
|
|
32
|
+
|
|
8
33
|
## [0.3.0]
|
|
9
34
|
|
|
10
35
|
### Added
|
package/README.md
CHANGED
|
@@ -44,6 +44,8 @@ This SDK requires **programmable Lightning infrastructure** that exposes the pre
|
|
|
44
44
|
|
|
45
45
|
- LND, CLN, Alby API, LNbits, NWC, or equivalent
|
|
46
46
|
|
|
47
|
+
The wallet also needs **funded outbound liquidity ≥ amount + routing fees** — a fresh/empty node or a "fee-credit" balance (e.g. Phoenix below the channel-open threshold) cannot pay even when total balance ≥ price; only spendable channel liquidity counts. For small or test payments, a **custodial wallet over NWC (e.g. Coinos)** skips channel setup entirely — no liquidity minimum, only funding is needed.
|
|
48
|
+
|
|
47
49
|
**Consumer wallets (Wallet of Satoshi, Phoenix, etc.) do not reliably expose the preimage and are not suitable for agent integrations.** Files and data will not unlock without a preimage.
|
|
48
50
|
|
|
49
51
|
## Install
|
|
@@ -384,7 +386,7 @@ Additional methods available — see types for full signatures, or [openapi.json
|
|
|
384
386
|
- `listInvoices(params?)` — list invoices with filters and pagination
|
|
385
387
|
- `getPayerReceipt(invoiceId, preimage)` — payer receipt fetch using the Lightning preimage as proof of payment (no API key needed)
|
|
386
388
|
- `getUploadUrl(params)` — signed URL for encrypted file upload (creator side)
|
|
387
|
-
- `storeFile(params)` — register an uploaded file against an invoice
|
|
389
|
+
- `storeFile(params)` — register an uploaded file against an invoice (requires `ciphertext_sha256`: the SHA-256 hex of the bytes you uploaded; Hypawave verifies + seals it so buyers can verify what they download)
|
|
388
390
|
- `storeFileKey(params)` — register a file's encryption key against an invoice
|
|
389
391
|
|
|
390
392
|
## Error Handling
|
package/dist/index.d.mts
CHANGED
|
@@ -108,6 +108,13 @@ interface StoreFileParams {
|
|
|
108
108
|
file_name: string;
|
|
109
109
|
encrypted_file_url: string;
|
|
110
110
|
iv_hex: string;
|
|
111
|
+
/**
|
|
112
|
+
* Lowercase-hex SHA-256 of the exact ciphertext uploaded to storage. Required.
|
|
113
|
+
* Hypawave verifies it against the stored bytes and seals them at the first
|
|
114
|
+
* bolt11 mint, and returns it at key retrieval so buyers can verify what they
|
|
115
|
+
* download. Compute over the same bytes you PUT to the presigned upload URL.
|
|
116
|
+
*/
|
|
117
|
+
ciphertext_sha256: string;
|
|
111
118
|
key_hash?: string;
|
|
112
119
|
size?: number;
|
|
113
120
|
}
|
package/dist/index.d.ts
CHANGED
|
@@ -108,6 +108,13 @@ interface StoreFileParams {
|
|
|
108
108
|
file_name: string;
|
|
109
109
|
encrypted_file_url: string;
|
|
110
110
|
iv_hex: string;
|
|
111
|
+
/**
|
|
112
|
+
* Lowercase-hex SHA-256 of the exact ciphertext uploaded to storage. Required.
|
|
113
|
+
* Hypawave verifies it against the stored bytes and seals them at the first
|
|
114
|
+
* bolt11 mint, and returns it at key retrieval so buyers can verify what they
|
|
115
|
+
* download. Compute over the same bytes you PUT to the presigned upload URL.
|
|
116
|
+
*/
|
|
117
|
+
ciphertext_sha256: string;
|
|
111
118
|
key_hash?: string;
|
|
112
119
|
size?: number;
|
|
113
120
|
}
|
package/package.json
CHANGED
package/skills/hypawave/SKILL.md
CHANGED
|
@@ -86,12 +86,12 @@ For Paths 3a / 3b, there is no SDK — use raw HTTP with pubkey signatures per t
|
|
|
86
86
|
|
|
87
87
|
## Non-negotiables
|
|
88
88
|
|
|
89
|
-
1. **Preimage is mandatory** for principal settlements. Pay via a wallet that returns the preimage (LND, Core Lightning, LNbits admin key, Alby/NWC, Phoenixd). Consumer wallets like Wallet of Satoshi or Phoenix mobile cannot satisfy this.
|
|
89
|
+
1. **Preimage is mandatory** for principal settlements. Pay via a wallet that returns the preimage (LND, Core Lightning, LNbits admin key, Alby/NWC, Phoenixd). Consumer wallets like Wallet of Satoshi or Phoenix mobile cannot satisfy this. The wallet also needs **funded outbound liquidity ≥ amount + fees** — a fresh/empty node or "fee-credit" balance can't pay even when total balance ≥ price. For small or test payments, a **custodial wallet over NWC (e.g. Coinos)** skips channel setup entirely — only funding is needed.
|
|
90
90
|
2. **Confirm before unlocking.** Always submit preimage to the confirm endpoint before requesting file keys or download URLs.
|
|
91
91
|
3. **Funds flow buyer→seller directly.** Never route principal through any Hypawave endpoint. Only activation fees (small, Hypawave-issued bolt11s) go to Hypawave.
|
|
92
92
|
4. **Honor `terms_hash`** on Path 3b offers. If the server returns `409 terms_changed`, re-read the offer before paying.
|
|
93
93
|
5. **Do not invent endpoints.** If a field or path is not in openapi.json, it does not exist.
|
|
94
|
-
6. **Encrypt client-side** for file attachments. AES-256-GCM. Hypawave never sees plaintext.
|
|
94
|
+
6. **Encrypt client-side** for file attachments. AES-256-GCM. Hypawave never sees plaintext. `storeFile` requires `ciphertext_sha256` (SHA-256 hex of the bytes you upload) — Hypawave verifies + seals it so buyers can verify what they download.
|
|
95
95
|
|
|
96
96
|
## When you hit something the manual doesn't cover
|
|
97
97
|
|