@invonetwork/web-sdk 0.2.1 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +48 -1
- package/LICENSE +18 -17
- package/README.md +495 -393
- package/dist/chunk-EEWOAUXO.js +249 -0
- package/dist/index.cjs +188 -63
- package/dist/index.d.cts +9 -9
- package/dist/index.d.ts +9 -9
- package/dist/index.js +54 -31
- package/dist/server.cjs +474 -59
- package/dist/server.d.cts +177 -13
- package/dist/server.d.ts +177 -13
- package/dist/server.js +339 -29
- package/dist/{errors-DV5QsftP.d.cts → types-CBMLNwbe.d.cts} +152 -42
- package/dist/{errors-DV5QsftP.d.ts → types-CBMLNwbe.d.ts} +152 -42
- package/package.json +10 -2
- package/dist/chunk-A44O4KC3.js +0 -147
package/CHANGELOG.md
CHANGED
|
@@ -1,7 +1,53 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
3
|
All notable changes to `@invonetwork/web-sdk` are documented here. This project follows
|
|
4
|
-
[Semantic Versioning](https://semver.org/).
|
|
4
|
+
[Semantic Versioning](https://semver.org/). Releases are managed with
|
|
5
|
+
[changesets](https://github.com/changesets/changesets).
|
|
6
|
+
|
|
7
|
+
## [0.4.0] — 2026-06-30
|
|
8
|
+
|
|
9
|
+
Additive release — more server reads, edge-ready webhooks, cancellation, and tooling.
|
|
10
|
+
|
|
11
|
+
- **`getInboundPending({ playerEmail | playerPhone })`** — live, unclaimed inbound
|
|
12
|
+
sends/transfers for a player (the source of truth behind the "you have X to collect"
|
|
13
|
+
badge; pairs with `transfer.claim_pending`).
|
|
14
|
+
- **`verifyWebhookAsync`** — Web Crypto variant of `verifyWebhook` that runs on
|
|
15
|
+
Cloudflare Workers / Deno / Vercel+Netlify Edge / Bun / browsers; and
|
|
16
|
+
**`createWebhookHandler`** — a zero-dep Fetch-API `(Request) => Promise<Response>`
|
|
17
|
+
webhook route handler (Next.js App Router, Workers, Deno, Hono, Bun).
|
|
18
|
+
- **`iterateItemPurchaseHistory`** — async iterator that pages through a player's
|
|
19
|
+
full item-purchase history.
|
|
20
|
+
- **Per-call `AbortSignal`** — every method accepts an optional `{ signal }`; an
|
|
21
|
+
aborted call throws `InvoError` code `ABORTED` and is never retried.
|
|
22
|
+
- **Tooling**: ESLint (+ lint in CI), changesets release automation, `SECURITY.md`,
|
|
23
|
+
and `CODEOWNERS`.
|
|
24
|
+
|
|
25
|
+
## [0.3.0] — 2026-06-30
|
|
26
|
+
|
|
27
|
+
Additive release — new server capabilities plus transport resilience/observability.
|
|
28
|
+
|
|
29
|
+
- **Webhook verification** (`/server`): `verifyWebhook(rawBody, signatureHeader, secret | secrets, opts?)`
|
|
30
|
+
— constant-time HMAC-SHA256 over `${t}.${rawBody}`, 5-minute replay window,
|
|
31
|
+
multi-secret rotation; returns a typed `InvoWebhookEvent` discriminated union
|
|
32
|
+
(`purchase.*`, `item.purchased`, `transfer.*`, `payout.status_changed`, `webhook.test`).
|
|
33
|
+
Throws `InvoError` (`WEBHOOK_SIGNATURE_INVALID` / `WEBHOOK_TIMESTAMP_EXPIRED` /
|
|
34
|
+
`WEBHOOK_MALFORMED` / `WEBHOOK_SECRET_MISSING`). Server-only; the browser bundle
|
|
35
|
+
stays crypto-free. Independently security-audited.
|
|
36
|
+
- **`getPlayerBalance({ playerEmail | playerId })`** (`/server`): typed `player` / `balances` / `summary`.
|
|
37
|
+
- **Automatic retries**: network errors/timeouts, `429` (honoring `retry_after`), and
|
|
38
|
+
`5xx` are retried with exponential backoff + jitter. New config `maxRetries`
|
|
39
|
+
(default 2, `0` disables) and `retryBaseDelayMs` (default 250).
|
|
40
|
+
- **Observability hooks**: optional `onRequest` / `onResponse` / `onError` on both
|
|
41
|
+
entries (best-effort/non-throwing); `InvoError.requestId` carries the backend
|
|
42
|
+
request id for support/tracing.
|
|
43
|
+
- **Typed reads**: `confirmPayment` → `ConfirmPaymentResult`; `getOrderDetails` /
|
|
44
|
+
`getItemOrderDetails` → `OrderDetailsResult`; `getItemPurchaseHistory` →
|
|
45
|
+
`ItemHistoryResult` (previously untyped `Record`). All keep `raw`.
|
|
46
|
+
- **Light validation**: `mintPlayerToken` and `createCheckout` require a non-blank
|
|
47
|
+
`playerEmail` (throws `INVALID_INPUT` before the network call).
|
|
48
|
+
- **License**: `package.json` `license` is now `SEE LICENSE IN LICENSE` (was
|
|
49
|
+
`UNLICENSED`); `LICENSE` rewritten as an explicit install-and-use grant for
|
|
50
|
+
building INVO integrations.
|
|
5
51
|
|
|
6
52
|
## [0.2.1] — 2026-06-30
|
|
7
53
|
|
|
@@ -53,6 +99,7 @@ Initial scaffold.
|
|
|
53
99
|
- Contracts extracted + auditor-verified against the INVO backend.
|
|
54
100
|
|
|
55
101
|
### Hardening (independent red-team pass)
|
|
102
|
+
|
|
56
103
|
- **Guardian/minor `202` path no longer mismapped to `verificationMethod:"sms"`** —
|
|
57
104
|
`initiateSend`/`initiateTransfer` now return `verificationMethod: undefined` and a
|
|
58
105
|
`guardianApproval` block on the guardian path, so callers don't route into the
|
package/LICENSE
CHANGED
|
@@ -1,17 +1,18 @@
|
|
|
1
|
-
Copyright (c) 2026 Invo Tech Inc. All rights reserved.
|
|
2
|
-
|
|
3
|
-
This software and associated documentation files (the "Software") are the
|
|
4
|
-
proprietary
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
1
|
+
Copyright (c) 2026 Invo Tech Inc. All rights reserved.
|
|
2
|
+
|
|
3
|
+
This software and associated documentation files (the "Software") are the
|
|
4
|
+
proprietary property of Invo Tech Inc. ("INVO"). The Software is licensed, not
|
|
5
|
+
sold.
|
|
6
|
+
|
|
7
|
+
GRANT. INVO grants you a non-exclusive, non-transferable, royalty-free license to
|
|
8
|
+
install and use the Software, in unmodified form, solely to build and operate
|
|
9
|
+
integrations with the INVO platform, subject to INVO's developer terms at
|
|
10
|
+
https://invo.network.
|
|
11
|
+
|
|
12
|
+
RESTRICTIONS. Except as expressly permitted above, you may not copy, modify,
|
|
13
|
+
distribute, sublicense, sell, or create derivative works of the Software, or
|
|
14
|
+
remove any proprietary notices, without INVO's prior written consent.
|
|
15
|
+
|
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
17
|
+
IMPLIED. IN NO EVENT SHALL INVO BE LIABLE FOR ANY CLAIM, DAMAGES, OR OTHER
|
|
18
|
+
LIABILITY ARISING FROM, OUT OF, OR IN CONNECTION WITH THE SOFTWARE.
|