@mercuryo-ai/magicpay-sdk 0.1.0-test.2

package/dist/agentbrowse.js

@@ -0,0 +1,174 @@
+import { resolveSecretCatalogContext, resolveCatalogHost } from './secret-flow.js';
+function isStoredSecretKind(purpose) {
+    return purpose === 'login' || purpose === 'identity' || purpose === 'payment_card';
+}
+function candidateConfidence(formFieldKeys, candidateFieldKeys) {
+    const intersectionCount = candidateFieldKeys.filter((fieldKey) => formFieldKeys.has(fieldKey)).length;
+    if (intersectionCount === 0) {
+        return 'low';
+    }
+    if (intersectionCount === formFieldKeys.size) {
+        return 'high';
+    }
+    return 'medium';
+}
+function buildRequestFields(form, candidate) {
+    const allowedFieldKeys = candidate.fieldKeys && candidate.fieldKeys.length > 0 ? new Set(candidate.fieldKeys) : null;
+    return form.fields
+        .filter((field) => !allowedFieldKeys || allowedFieldKeys.has(field.fieldKey))
+        .map((field) => field.fieldKey);
+}
+function restrictObservedFormToCandidateFields(form, candidate) {
+    if (!candidate?.fieldKeys || candidate.fieldKeys.length === 0) {
+        return form;
+    }
+    const allowedFieldKeys = new Set(candidate.fieldKeys);
+    const filteredFields = form.fields.filter((field) => allowedFieldKeys.has(field.fieldKey));
+    if (filteredFields.length === 0 || filteredFields.length === form.fields.length) {
+        return filteredFields.length === 0 ? form : { ...form, fields: filteredFields };
+    }
+    return {
+        ...form,
+        fields: filteredFields,
+    };
+}
+function normalizeObservedFormHost(urlOrHost, catalog) {
+    if (typeof urlOrHost === 'string' && urlOrHost.trim().length > 0) {
+        try {
+            return {
+                host: resolveCatalogHost(urlOrHost),
+            };
+        }
+        catch {
+            return {
+                host: null,
+                reason: 'The provided page URL or host could not be resolved into a usable MagicPay catalog host.',
+            };
+        }
+    }
+    if (catalog?.host) {
+        return {
+            host: catalog.host,
+        };
+    }
+    return {
+        host: null,
+        reason: 'No page URL, host, or catalog host was available for secret request creation.',
+    };
+}
+export function buildObservedFormStoredSecretCandidates(form, catalog) {
+    if (!catalog || !isStoredSecretKind(form.purpose)) {
+        return [];
+    }
+    const formFieldKeys = new Set(form.fields.map((field) => field.fieldKey));
+    return catalog.storedSecrets
+        .filter((secret) => secret.kind === form.purpose &&
+        secret.fieldKeys.some((fieldKey) => formFieldKeys.has(fieldKey)))
+        .map((secret) => ({
+        storedSecretRef: secret.storedSecretRef,
+        kind: secret.kind,
+        scope: secret.scope,
+        displayName: secret.displayName,
+        matchConfidence: candidateConfidence(formFieldKeys, secret.fieldKeys),
+        intentRequired: secret.intentRequired,
+        fieldKeys: [...secret.fieldKeys],
+        fieldPolicies: secret.fieldPolicies ? { ...secret.fieldPolicies } : undefined,
+    }));
+}
+export function findObservedFormStoredSecretCandidate(form, catalog, storedSecretRef) {
+    if (!storedSecretRef) {
+        return null;
+    }
+    return (buildObservedFormStoredSecretCandidates(form, catalog).find((candidate) => candidate.storedSecretRef === storedSecretRef) ?? null);
+}
+export function enrichObservedFormWithStoredSecrets(form, catalog) {
+    return {
+        ...form,
+        storedSecretCandidates: buildObservedFormStoredSecretCandidates(form, catalog),
+    };
+}
+export function enrichObservedFormsWithStoredSecrets(forms, catalog) {
+    return forms.map((form) => enrichObservedFormWithStoredSecrets(form, catalog));
+}
+export function enrichObservedFormsForUrl(forms, catalogByHost, urlOrHost) {
+    return enrichObservedFormsWithStoredSecrets(forms, resolveSecretCatalogContext(catalogByHost, urlOrHost).catalog);
+}
+export function buildRequestInputForObservedForm(params) {
+    const initialHost = normalizeObservedFormHost(params.urlOrHost, params.catalog ?? null);
+    if (!initialHost.host) {
+        return {
+            success: false,
+            kind: 'host_resolution_failed',
+            reason: initialHost.reason ??
+                'MagicPay could not determine a usable host for secret request creation.',
+            host: null,
+            catalog: params.catalog ?? null,
+            fillableForm: params.fillableForm,
+        };
+    }
+    const resolvedCatalog = params.catalog ?? null;
+    const candidate = findObservedFormStoredSecretCandidate(params.fillableForm, resolvedCatalog, params.storedSecretRef);
+    if (!resolvedCatalog) {
+        return {
+            success: false,
+            kind: 'stored_secret_not_available',
+            reason: 'No stored-secret catalog is available for the observed form and host.',
+            host: initialHost.host,
+            catalog: null,
+            fillableForm: params.fillableForm,
+        };
+    }
+    if (!candidate) {
+        return {
+            success: false,
+            kind: 'stored_secret_not_available',
+            reason: 'The provided stored secret is not available for the observed form and host.',
+            host: initialHost.host,
+            catalog: resolvedCatalog,
+            fillableForm: params.fillableForm,
+        };
+    }
+    const pageRef = params.page?.ref ?? params.fillableForm.pageRef;
+    return {
+        success: true,
+        host: initialHost.host,
+        catalog: resolvedCatalog,
+        candidate,
+        input: {
+            sessionId: params.sessionId,
+            clientRequestId: params.clientRequestId ?? `magicpay-sdk-request-${Date.now()}`,
+            fillRef: params.fillableForm.fillRef,
+            purpose: params.fillableForm.purpose,
+            merchantName: params.merchantName,
+            page: {
+                ref: pageRef,
+                ...(params.page?.url ? { url: params.page.url } : {}),
+                ...(params.page?.title ? { title: params.page.title } : {}),
+            },
+            secretHint: {
+                storedSecretRef: candidate.storedSecretRef,
+                credentialName: candidate.displayName,
+                kind: candidate.kind,
+                host: initialHost.host,
+                ...(params.fillableForm.scopeRef ? { scopeRef: params.fillableForm.scopeRef } : {}),
+                fields: buildRequestFields(params.fillableForm, candidate),
+            },
+            ...(params.run ? { run: params.run } : {}),
+            ...(params.step ? { step: params.step } : {}),
+        },
+        fillableForm: params.fillableForm,
+    };
+}
+export function prepareProtectedFillFromClaim(params) {
+    const storedSecretRef = params.claim.secret.storedSecretRef ?? params.request?.storedSecretRef ?? null;
+    const storedSecretCandidate = findObservedFormStoredSecretCandidate(params.fillableForm, params.catalog, storedSecretRef ?? undefined);
+    return {
+        fillableForm: restrictObservedFormToCandidateFields(params.fillableForm, storedSecretCandidate ?? undefined),
+        storedSecretCandidate,
+        protectedValues: { ...params.claim.secret.values },
+        storedSecretRef,
+        ...(storedSecretCandidate?.fieldPolicies
+            ? { fieldPolicies: storedSecretCandidate.fieldPolicies }
+            : {}),
+    };
+}

package/dist/client.d.ts

@@ -0,0 +1,50 @@
+import type { MagicPayGatewayConfig } from './gateway.js';
+import { type CompleteRemoteSessionOutcome } from './session-flow.js';
+import { type CompleteRemoteSessionInput, type CreateRemoteSessionInput, type SessionResponse } from './session-client.js';
+import { type ClaimSecretRequestOutcome, type CreateSecretRequestInput, type CreateSecretRequestResult, type SecretCatalog, type SecretRequestPollOutcome, type SecretRequestPollUntilOptions, type SecretRequestPollUntilOutcome } from './secret-flow.js';
+import type { SecretRequestPollAttempt } from './secret-flow.js';
+import { type RemoteSessionState } from './request-flow.js';
+/**
+ * Top-level client configuration for the consumer-facing MagicPay SDK.
+ */
+export interface MagicPayClientOptions {
+    gateway: MagicPayGatewayConfig;
+    fetchImpl?: typeof fetch;
+}
+/**
+ * Per-request transport options for high-level client calls.
+ */
+export interface MagicPayClientRequestOptions {
+    signal?: AbortSignal;
+    timeoutMs?: number;
+}
+export interface MagicPayPollUntilOptions extends SecretRequestPollUntilOptions {
+    onAttempt?: (attempt: SecretRequestPollAttempt) => void;
+}
+/**
+ * High-level MagicPay client.
+ *
+ * The root client owns networked session and secret-request flows.
+ * Domain helpers live in `@mercuryo-ai/magicpay-sdk/core`.
+ * AgentBrowse bridge helpers live in `@mercuryo-ai/magicpay-sdk/agentbrowse`.
+ */
+export interface MagicPayClient {
+    readonly gateway: MagicPayGatewayConfig;
+    readonly sessions: {
+        create(input: CreateRemoteSessionInput, options?: MagicPayClientRequestOptions): Promise<SessionResponse>;
+        get(sessionId: string, options?: MagicPayClientRequestOptions): Promise<SessionResponse>;
+        getState(sessionId: string, options?: MagicPayClientRequestOptions): Promise<RemoteSessionState>;
+        describe(session: SessionResponse): RemoteSessionState;
+        completeWithOutcome(sessionId: string, input: CompleteRemoteSessionInput, options?: MagicPayClientRequestOptions): Promise<CompleteRemoteSessionOutcome>;
+    };
+    readonly secrets: {
+        fetchCatalog(sessionId: string, urlOrHost: string, options?: MagicPayClientRequestOptions): Promise<SecretCatalog>;
+        createRequest(input: CreateSecretRequestInput, options?: MagicPayClientRequestOptions): Promise<CreateSecretRequestResult>;
+        poll(sessionId: string, requestId: string, options?: MagicPayClientRequestOptions): Promise<SecretRequestPollOutcome>;
+        pollUntil(sessionId: string, requestId: string, options?: MagicPayPollUntilOptions): Promise<SecretRequestPollUntilOutcome>;
+        claim(sessionId: string, requestId: string, options?: MagicPayClientRequestOptions): Promise<ClaimSecretRequestOutcome>;
+        claim(sessionId: string, requestId: string, claimId: string, options?: MagicPayClientRequestOptions): Promise<ClaimSecretRequestOutcome>;
+    };
+}
+export declare function createMagicPayClient(options: MagicPayClientOptions): MagicPayClient;
+//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,qBAAqB,EAA0B,MAAM,cAAc,CAAC;AAClF,OAAO,EAEL,KAAK,4BAA4B,EAClC,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAGL,KAAK,0BAA0B,EAC/B,KAAK,wBAAwB,EAC7B,KAAK,eAAe,EACrB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAML,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,EAC9B,KAAK,aAAa,EAClB,KAAK,wBAAwB,EAC7B,KAAK,6BAA6B,EAClC,KAAK,6BAA6B,EACnC,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,kBAAkB,CAAC;AACjE,OAAO,EAA8B,KAAK,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAExF;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC,OAAO,EAAE,qBAAqB,CAAC;IAC/B,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC3C,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,wBAAyB,SAAQ,6BAA6B;IAC7E,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,wBAAwB,KAAK,IAAI,CAAC;CACzD;AAED;;;;;;GAMG;AACH,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,OAAO,EAAE,qBAAqB,CAAC;IACxC,QAAQ,CAAC,QAAQ,EAAE;QACjB,MAAM,CACJ,KAAK,EAAE,wBAAwB,EAC/B,OAAO,CAAC,EAAE,4BAA4B,GACrC,OAAO,CAAC,eAAe,CAAC,CAAC;QAC5B,GAAG,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,4BAA4B,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;QACzF,QAAQ,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,4BAA4B,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACjG,QAAQ,CAAC,OAAO,EAAE,eAAe,GAAG,kBAAkB,CAAC;QACvD,mBAAmB,CACjB,SAAS,EAAE,MAAM,EACjB,KAAK,EAAE,0BAA0B,EACjC,OAAO,CAAC,EAAE,4BAA4B,GACrC,OAAO,CAAC,4BAA4B,CAAC,CAAC;KAC1C,CAAC;IACF,QAAQ,CAAC,OAAO,EAAE;QAChB,YAAY,CACV,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,4BAA4B,GACrC,OAAO,CAAC,aAAa,CAAC,CAAC;QAC1B,aAAa,CACX,KAAK,EAAE,wBAAwB,EAC/B,OAAO,CAAC,EAAE,4BAA4B,GACrC,OAAO,CAAC,yBAAyB,CAAC,CAAC;QACtC,IAAI,CACF,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,4BAA4B,GACrC,OAAO,CAAC,wBAAwB,CAAC,CAAC;QACrC,SAAS,CACP,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,wBAAwB,GACjC,OAAO,CAAC,6BAA6B,CAAC,CAAC;QAC1C,KAAK,CACH,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE,4BAA4B,GACrC,OAAO,CAAC,yBAAyB,CAAC,CAAC;QACtC,KAAK,CACH,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,4BAA4B,GACrC,OAAO,CAAC,yBAAyB,CAAC,CAAC;KACvC,CAAC;CACH;AAiBD,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,qBAAqB,GAAG,cAAc,CAgGnF"}

package/dist/client.js

@@ -0,0 +1,61 @@
+import { completeRemoteSessionWithOutcome, } from './session-flow.js';
+import { createRemoteSession, getRemoteSession, } from './session-client.js';
+import { claimSecretRequest, createSecretRequest, fetchSecretCatalog, pollSecretRequest, pollSecretRequestUntil, } from './secret-flow.js';
+import { describeRemoteSessionState } from './request-flow.js';
+function toRequestOptions(fetchImpl, options) {
+    return {
+        ...(fetchImpl ? { fetchImpl } : {}),
+        ...(options?.signal ? { signal: options.signal } : {}),
+        ...(options?.timeoutMs !== undefined ? { timeoutMs: options.timeoutMs } : {}),
+    };
+}
+function buildClaimId() {
+    return `magicpay-sdk-claim-${Date.now()}`;
+}
+export function createMagicPayClient(options) {
+    const { gateway, fetchImpl } = options;
+    return {
+        gateway,
+        sessions: {
+            async create(input, request) {
+                return createRemoteSession(gateway, input, toRequestOptions(fetchImpl, request));
+            },
+            async get(sessionId, request) {
+                return getRemoteSession(gateway, sessionId, toRequestOptions(fetchImpl, request));
+            },
+            async getState(sessionId, request) {
+                return describeRemoteSessionState(await getRemoteSession(gateway, sessionId, toRequestOptions(fetchImpl, request)));
+            },
+            describe(session) {
+                return describeRemoteSessionState(session);
+            },
+            async completeWithOutcome(sessionId, input, request) {
+                return completeRemoteSessionWithOutcome(gateway, sessionId, input, toRequestOptions(fetchImpl, request));
+            },
+        },
+        secrets: {
+            async fetchCatalog(sessionId, urlOrHost, request) {
+                return fetchSecretCatalog(gateway, sessionId, urlOrHost, toRequestOptions(fetchImpl, request));
+            },
+            async createRequest(input, request) {
+                return createSecretRequest(gateway, input, toRequestOptions(fetchImpl, request));
+            },
+            async poll(sessionId, requestId, request) {
+                return pollSecretRequest(gateway, sessionId, requestId, toRequestOptions(fetchImpl, request));
+            },
+            async pollUntil(sessionId, requestId, pollOptions) {
+                return pollSecretRequestUntil(gateway, sessionId, requestId, {
+                    ...(fetchImpl ? { fetchImpl } : {}),
+                    ...(pollOptions ?? {}),
+                });
+            },
+            async claim(sessionId, requestId, claimIdOrOptions, maybeOptions) {
+                const claimId = typeof claimIdOrOptions === 'string'
+                    ? claimIdOrOptions
+                    : buildClaimId();
+                const request = typeof claimIdOrOptions === 'string' ? maybeOptions : claimIdOrOptions;
+                return claimSecretRequest(gateway, sessionId, requestId, claimId, toRequestOptions(fetchImpl, request));
+            },
+        },
+    };
+}

package/dist/core.d.ts

@@ -0,0 +1,7 @@
+export { classifySessionRequestDomain, describeRemoteSessionState, describeSessionRequestState, isApprovalRequestType, isPaymentFlowRequestType, isSessionRequestTerminal, } from './request-flow.js';
+export type { RemoteSessionState, SessionPhase, SessionRequestDomain, SessionRequestLike, SessionRequestState, SessionRequestStatus, SessionRequestType, } from './request-flow.js';
+export { buildCompleteRemoteSessionInput, buildCreateRemoteSessionInput, classifyCompleteRemoteSessionFailure, completeRemoteSessionWithOutcome, } from './session-flow.js';
+export type { CompleteRemoteSessionFailureKind, CompleteRemoteSessionOutcome, RemoteSessionPageSummary, } from './session-flow.js';
+export { claimSecretRequest, createSecretRequest, describeSecretRequestStatus, evaluateSecretRequestForFill, fetchSecretCatalog, pollSecretRequest, pollSecretRequestUntil, resolveSecretCatalogContext, resolveCatalogHost, } from './secret-flow.js';
+export type { ClaimSecretRequestOutcome, ClaimSecretRequestResult, CreateSecretRequestInput, CreateSecretRequestResult, ProtectedFieldPolicy, SecretCatalog, SecretCatalogByHost, SecretClaimFailureKind, SecretRequestPollAttempt, SecretRequestContextMismatchReason, SecretRequestFillReadiness, SecretRequestHint, SecretRequestHintField, SecretRequestPollFailureKind, SecretRequestPollOutcome, SecretRequestPollResult, SecretRequestPollUntilFailureKind, SecretRequestPollUntilOptions, SecretRequestPollUntilOutcome, SecretRequestSession, SecretRequestSnapshot, SecretRequestStatus, SecretRequestStatusContract, SecretRequestType, StoredSecretApplicability, StoredSecretApplicabilityTarget, StoredSecretFieldKey, StoredSecretFieldPolicies, StoredSecretKind, StoredSecretMetadata, StoredSecretScope, } from './secret-flow.js';
+//# sourceMappingURL=core.d.ts.map

package/dist/core.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"core.d.ts","sourceRoot":"","sources":["../src/core.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,4BAA4B,EAC5B,0BAA0B,EAC1B,2BAA2B,EAC3B,qBAAqB,EACrB,wBAAwB,EACxB,wBAAwB,GACzB,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EACV,kBAAkB,EAClB,YAAY,EACZ,oBAAoB,EACpB,kBAAkB,EAClB,mBAAmB,EACnB,oBAAoB,EACpB,kBAAkB,GACnB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,+BAA+B,EAC/B,6BAA6B,EAC7B,oCAAoC,EACpC,gCAAgC,GACjC,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EACV,gCAAgC,EAChC,4BAA4B,EAC5B,wBAAwB,GACzB,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EACL,kBAAkB,EAClB,mBAAmB,EACnB,2BAA2B,EAC3B,4BAA4B,EAC5B,kBAAkB,EAClB,iBAAiB,EACjB,sBAAsB,EACtB,2BAA2B,EAC3B,kBAAkB,GACnB,MAAM,kBAAkB,CAAC;AAC1B,YAAY,EACV,yBAAyB,EACzB,wBAAwB,EACxB,wBAAwB,EACxB,yBAAyB,EACzB,oBAAoB,EACpB,aAAa,EACb,mBAAmB,EACnB,sBAAsB,EACtB,wBAAwB,EACxB,kCAAkC,EAClC,0BAA0B,EAC1B,iBAAiB,EACjB,sBAAsB,EACtB,4BAA4B,EAC5B,wBAAwB,EACxB,uBAAuB,EACvB,iCAAiC,EACjC,6BAA6B,EAC7B,6BAA6B,EAC7B,oBAAoB,EACpB,qBAAqB,EACrB,mBAAmB,EACnB,2BAA2B,EAC3B,iBAAiB,EACjB,yBAAyB,EACzB,+BAA+B,EAC/B,oBAAoB,EACpB,yBAAyB,EACzB,gBAAgB,EAChB,oBAAoB,EACpB,iBAAiB,GAClB,MAAM,kBAAkB,CAAC"}

package/dist/core.js

@@ -0,0 +1,3 @@
+export { classifySessionRequestDomain, describeRemoteSessionState, describeSessionRequestState, isApprovalRequestType, isPaymentFlowRequestType, isSessionRequestTerminal, } from './request-flow.js';
+export { buildCompleteRemoteSessionInput, buildCreateRemoteSessionInput, classifyCompleteRemoteSessionFailure, completeRemoteSessionWithOutcome, } from './session-flow.js';
+export { claimSecretRequest, createSecretRequest, describeSecretRequestStatus, evaluateSecretRequestForFill, fetchSecretCatalog, pollSecretRequest, pollSecretRequestUntil, resolveSecretCatalogContext, resolveCatalogHost, } from './secret-flow.js';

package/dist/gateway.d.ts

@@ -0,0 +1,67 @@
+/**
+ * Connection settings for a trusted MagicPay caller.
+ *
+ * Use backend-owned credentials here. The SDK is not meant to expose this
+ * configuration directly to an untrusted browser runtime.
+ */
+export interface MagicPayGatewayConfig {
+    apiKey: string;
+    apiUrl: string;
+}
+/**
+ * Request-scoped transport options for low-level MagicPay API calls.
+ */
+export interface MagicPayRequestOptions {
+    fetchImpl?: typeof fetch;
+    signal?: AbortSignal;
+    timeoutMs?: number;
+}
+export interface AgentBackendStats {
+    monthly_spend: number;
+    intent_count_month: number;
+    active_subscriptions: number;
+    avg_risk_score: number;
+}
+export interface AgentBackendProfile {
+    id: string;
+    name: string;
+    description: string | null;
+    status: string;
+    budget_limit: number | null;
+    daily_limit: number | null;
+    transaction_limit: number | null;
+    created_at: string;
+    stats: AgentBackendStats | null;
+}
+export declare class MagicPayRequestError extends Error {
+    readonly status: number;
+    readonly payload: unknown;
+    readonly errorCode: string | null;
+    readonly responseText: string;
+    readonly contentType: string | null;
+    constructor(message: string, options: {
+        status: number;
+        payload: unknown;
+        errorCode?: string | null;
+        responseText?: string;
+        contentType?: string | null;
+    });
+}
+export declare function isMagicPayAbortError(error: unknown): boolean;
+export declare function getMagicPayErrorCode(payload: unknown): string | null;
+export declare function getMagicPayErrorMessage(payload: unknown): string | null;
+export declare function isMagicPayRequestErrorStatus(error: unknown, status: number): boolean;
+export declare function matchesMagicPayRequestErrorMessage(error: unknown, expected: string | readonly string[]): boolean;
+export declare function requestMagicPayJson<TResponse>(gateway: MagicPayGatewayConfig, method: 'GET' | 'POST', url: string, body?: unknown, options?: MagicPayRequestOptions): Promise<TResponse>;
+export declare function normalizeMagicPayGatewayConfig(gateway: MagicPayGatewayConfig): MagicPayGatewayConfig;
+export declare function buildMagicPayAgentMeUrl(apiUrl: string): string;
+export declare function buildMagicPaySessionsUrl(apiUrl: string): string;
+export declare function buildMagicPaySessionUrl(apiUrl: string, sessionId: string): string;
+export declare function buildMagicPaySessionSecretsCatalogUrl(apiUrl: string, sessionId: string): string;
+export declare function buildMagicPaySessionEventsUrl(apiUrl: string, sessionId: string): string;
+export declare function buildMagicPayCompleteSessionUrl(apiUrl: string, sessionId: string): string;
+export declare function buildMagicPaySessionSecretRequestsUrl(apiUrl: string, sessionId: string): string;
+export declare function buildMagicPaySessionSecretRequestUrl(apiUrl: string, sessionId: string, requestId: string): string;
+export declare function buildMagicPayClaimSecretUrl(apiUrl: string, sessionId: string, requestId: string): string;
+export declare function getAuthenticatedAgent(gateway: MagicPayGatewayConfig, options?: MagicPayRequestOptions): Promise<AgentBackendProfile>;
+//# sourceMappingURL=gateway.d.ts.map

package/dist/gateway.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"gateway.d.ts","sourceRoot":"","sources":["../src/gateway.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;IACzB,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,iBAAiB;IAChC,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,oBAAoB,EAAE,MAAM,CAAC;IAC7B,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,iBAAiB,GAAG,IAAI,CAAC;CACjC;AAED,qBAAa,oBAAqB,SAAQ,KAAK;IAC7C,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;gBAGlC,OAAO,EAAE,MAAM,EACf,OAAO,EAAE;QACP,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,OAAO,CAAC;QACjB,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC1B,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;KAC7B;CAUJ;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,OAAO,GAAG,OAAO,CAE5D;AA6CD,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAsBpE;AAED,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI,CAuBvE;AA6BD,wBAAgB,4BAA4B,CAAC,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAEpF;AAED,wBAAgB,kCAAkC,CAChD,KAAK,EAAE,OAAO,EACd,QAAQ,EAAE,MAAM,GAAG,SAAS,MAAM,EAAE,GACnC,OAAO,CAWT;AAgGD,wBAAsB,mBAAmB,CAAC,SAAS,EACjD,OAAO,EAAE,qBAAqB,EAC9B,MAAM,EAAE,KAAK,GAAG,MAAM,EACtB,GAAG,EAAE,MAAM,EACX,IAAI,CAAC,EAAE,OAAO,EACd,OAAO,GAAE,sBAA2B,GACnC,OAAO,CAAC,SAAS,CAAC,CA4CpB;AAED,wBAAgB,8BAA8B,CAC5C,OAAO,EAAE,qBAAqB,GAC7B,qBAAqB,CAKvB;AAED,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAE9D;AAED,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAE/D;AAED,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAEjF;AAED,wBAAgB,qCAAqC,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAE/F;AAED,wBAAgB,6BAA6B,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAEvF;AAED,wBAAgB,+BAA+B,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAEzF;AAED,wBAAgB,qCAAqC,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAE/F;AAED,wBAAgB,oCAAoC,CAClD,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GAChB,MAAM,CAER;AAED,wBAAgB,2BAA2B,CACzC,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,SAAS,EAAE,MAAM,GAChB,MAAM,CAER;AAED,wBAAsB,qBAAqB,CACzC,OAAO,EAAE,qBAAqB,EAC9B,OAAO,GAAE,sBAA2B,GACnC,OAAO,CAAC,mBAAmB,CAAC,CAS9B"}

package/dist/gateway.js

@@ -0,0 +1,271 @@
+export class MagicPayRequestError extends Error {
+    status;
+    payload;
+    errorCode;
+    responseText;
+    contentType;
+    constructor(message, options) {
+        super(message);
+        this.name = 'MagicPayRequestError';
+        this.status = options.status;
+        this.payload = options.payload;
+        this.errorCode = options.errorCode ?? null;
+        this.responseText = options.responseText ?? '';
+        this.contentType = options.contentType ?? null;
+    }
+}
+export function isMagicPayAbortError(error) {
+    return error instanceof Error && error.name === 'AbortError';
+}
+function normalizeApiUrl(value) {
+    return value.replace(/\/$/, '');
+}
+function appendApiPath(apiUrl, suffix) {
+    return `${normalizeApiUrl(apiUrl)}${suffix.startsWith('/') ? suffix : `/${suffix}`}`;
+}
+function asJsonRecord(value) {
+    return value && typeof value === 'object' && !Array.isArray(value)
+        ? value
+        : null;
+}
+function getHeaderValue(headers, name) {
+    return typeof headers?.get === 'function' ? headers.get(name) : null;
+}
+function parseJsonResponseBody(rawText) {
+    if (rawText.length === 0) {
+        return { payload: null, parseError: null };
+    }
+    try {
+        return {
+            payload: JSON.parse(rawText),
+            parseError: null,
+        };
+    }
+    catch (error) {
+        if (error instanceof SyntaxError) {
+            return {
+                payload: null,
+                parseError: error,
+            };
+        }
+        throw error;
+    }
+}
+export function getMagicPayErrorCode(payload) {
+    if (payload instanceof MagicPayRequestError) {
+        if (payload.errorCode) {
+            return payload.errorCode;
+        }
+        return getMagicPayErrorCode(payload.payload);
+    }
+    const record = asJsonRecord(payload);
+    if (!record) {
+        return null;
+    }
+    if (typeof record.error_code === 'string' && record.error_code.trim().length > 0) {
+        return record.error_code.trim();
+    }
+    if (typeof record.code === 'string' && record.code.trim().length > 0) {
+        return record.code.trim();
+    }
+    return deriveFallbackMagicPayErrorCode(getMagicPayErrorMessage(record));
+}
+export function getMagicPayErrorMessage(payload) {
+    if (payload instanceof MagicPayRequestError) {
+        const payloadMessage = getMagicPayErrorMessage(payload.payload);
+        if (payloadMessage) {
+            return payloadMessage;
+        }
+        return payload.message;
+    }
+    const record = asJsonRecord(payload);
+    if (!record) {
+        return null;
+    }
+    if (typeof record.error === 'string' && record.error.trim().length > 0) {
+        return record.error.trim();
+    }
+    if (typeof record.message === 'string' && record.message.trim().length > 0) {
+        return record.message.trim();
+    }
+    return null;
+}
+function normalizeErrorMessageForMatch(value) {
+    return value.trim().replace(/[.!?]+$/, '').toLowerCase();
+}
+const FALLBACK_ERROR_CODES_BY_MESSAGE = new Map([
+    ['this workflow session is already closed', 'session_closed'],
+    ['workflow session is already closed', 'session_closed'],
+    ['this secret request is not approved yet', 'secret_request_not_fulfilled'],
+    ['this secret request does not have usable secret values', 'secret_request_not_fulfilled'],
+    [
+        'this secret request does not have resolved secret values yet',
+        'secret_request_not_fulfilled',
+    ],
+    ['secret_request_not_fulfilled', 'secret_request_not_fulfilled'],
+    ['a secret payload was already claimed for this request', 'secret_request_already_claimed'],
+    ['this secret request is already claimed', 'secret_request_already_claimed'],
+    ['secret_request_already_claimed', 'secret_request_already_claimed'],
+]);
+function deriveFallbackMagicPayErrorCode(message) {
+    if (!message) {
+        return null;
+    }
+    return FALLBACK_ERROR_CODES_BY_MESSAGE.get(normalizeErrorMessageForMatch(message)) ?? null;
+}
+export function isMagicPayRequestErrorStatus(error, status) {
+    return error instanceof MagicPayRequestError && error.status === status;
+}
+export function matchesMagicPayRequestErrorMessage(error, expected) {
+    const actualMessage = getMagicPayErrorMessage(error);
+    if (!actualMessage) {
+        return false;
+    }
+    const normalizedActual = normalizeErrorMessageForMatch(actualMessage);
+    const expectedMessages = Array.isArray(expected) ? expected : [expected];
+    return expectedMessages.some((candidate) => normalizeErrorMessageForMatch(candidate) === normalizedActual);
+}
+function buildMagicPayRequestError(response, payload, rawText) {
+    return new MagicPayRequestError(getMagicPayErrorMessage(payload) ?? `MagicPay API request failed with HTTP ${response.status}`, {
+        status: response.status,
+        payload,
+        errorCode: getMagicPayErrorCode(payload),
+        responseText: rawText,
+        contentType: getHeaderValue(response.headers, 'content-type'),
+    });
+}
+function buildMagicPayResponseParseError(response, rawText) {
+    return new MagicPayRequestError(`MagicPay API returned a non-JSON response for HTTP ${response.status}`, {
+        status: response.status,
+        payload: null,
+        responseText: rawText,
+        contentType: getHeaderValue(response.headers, 'content-type'),
+    });
+}
+function buildMagicPayTimeoutError(timeoutMs) {
+    return new MagicPayRequestError(`MagicPay API request timed out after ${timeoutMs}ms`, {
+        status: 0,
+        payload: null,
+        errorCode: 'request_timeout',
+    });
+}
+function createRequestSignal(sourceSignal, timeoutMs) {
+    if (timeoutMs !== undefined && (!Number.isFinite(timeoutMs) || timeoutMs < 0)) {
+        throw new RangeError('MagicPay request timeout must be a finite non-negative number.');
+    }
+    if (!sourceSignal && timeoutMs === undefined) {
+        return {
+            signal: undefined,
+            cleanup: () => { },
+            didTimeout: () => false,
+        };
+    }
+    const controller = new AbortController();
+    let didTimeout = false;
+    let timeoutId;
+    const abortFromSource = () => {
+        controller.abort(sourceSignal?.reason);
+    };
+    if (sourceSignal) {
+        if (sourceSignal.aborted) {
+            controller.abort(sourceSignal.reason);
+        }
+        else {
+            sourceSignal.addEventListener('abort', abortFromSource, { once: true });
+        }
+    }
+    if (timeoutMs !== undefined) {
+        timeoutId = setTimeout(() => {
+            didTimeout = true;
+            controller.abort(buildMagicPayTimeoutError(timeoutMs));
+        }, timeoutMs);
+    }
+    return {
+        signal: controller.signal,
+        cleanup: () => {
+            if (timeoutId) {
+                clearTimeout(timeoutId);
+            }
+            if (sourceSignal) {
+                sourceSignal.removeEventListener('abort', abortFromSource);
+            }
+        },
+        didTimeout: () => didTimeout,
+    };
+}
+export async function requestMagicPayJson(gateway, method, url, body, options = {}) {
+    const normalizedGateway = normalizeMagicPayGatewayConfig(gateway);
+    const { signal, cleanup, didTimeout } = createRequestSignal(options.signal, options.timeoutMs);
+    try {
+        const response = await (options.fetchImpl ?? fetch)(url, {
+            method,
+            headers: {
+                authorization: `Bearer ${normalizedGateway.apiKey}`,
+                ...(body === undefined ? {} : { 'content-type': 'application/json' }),
+            },
+            ...(body === undefined ? {} : { body: JSON.stringify(body) }),
+            ...(signal ? { signal } : {}),
+        });
+        const rawText = await response.text();
+        const { payload, parseError } = parseJsonResponseBody(rawText);
+        if (parseError) {
+            throw buildMagicPayResponseParseError(response, rawText);
+        }
+        if (!response.ok) {
+            throw buildMagicPayRequestError(response, payload, rawText);
+        }
+        return payload;
+    }
+    catch (error) {
+        if (didTimeout() && isMagicPayAbortError(error)) {
+            throw buildMagicPayTimeoutError(options.timeoutMs ?? 0);
+        }
+        if (error instanceof MagicPayRequestError) {
+            throw error;
+        }
+        if (signal?.aborted && signal.reason instanceof MagicPayRequestError) {
+            throw signal.reason;
+        }
+        throw error;
+    }
+    finally {
+        cleanup();
+    }
+}
+export function normalizeMagicPayGatewayConfig(gateway) {
+    return {
+        apiKey: gateway.apiKey,
+        apiUrl: normalizeApiUrl(gateway.apiUrl),
+    };
+}
+export function buildMagicPayAgentMeUrl(apiUrl) {
+    return appendApiPath(apiUrl, '/agent/me');
+}
+export function buildMagicPaySessionsUrl(apiUrl) {
+    return appendApiPath(apiUrl, '/sessions');
+}
+export function buildMagicPaySessionUrl(apiUrl, sessionId) {
+    return appendApiPath(apiUrl, `/sessions/${sessionId}`);
+}
+export function buildMagicPaySessionSecretsCatalogUrl(apiUrl, sessionId) {
+    return appendApiPath(apiUrl, `/sessions/${sessionId}/secrets/catalog`);
+}
+export function buildMagicPaySessionEventsUrl(apiUrl, sessionId) {
+    return appendApiPath(apiUrl, `/sessions/${sessionId}/events`);
+}
+export function buildMagicPayCompleteSessionUrl(apiUrl, sessionId) {
+    return appendApiPath(apiUrl, `/sessions/${sessionId}/complete`);
+}
+export function buildMagicPaySessionSecretRequestsUrl(apiUrl, sessionId) {
+    return appendApiPath(apiUrl, `/sessions/${sessionId}/secret-requests`);
+}
+export function buildMagicPaySessionSecretRequestUrl(apiUrl, sessionId, requestId) {
+    return appendApiPath(apiUrl, `/sessions/${sessionId}/secret-requests/${requestId}`);
+}
+export function buildMagicPayClaimSecretUrl(apiUrl, sessionId, requestId) {
+    return appendApiPath(apiUrl, `/sessions/${sessionId}/secret-requests/${requestId}/claim-secret`);
+}
+export async function getAuthenticatedAgent(gateway, options = {}) {
+    const normalizedGateway = normalizeMagicPayGatewayConfig(gateway);
+    return requestMagicPayJson(normalizedGateway, 'GET', buildMagicPayAgentMeUrl(normalizedGateway.apiUrl), undefined, options);
+}

package/dist/index.d.ts

@@ -0,0 +1,9 @@
+export { MagicPayRequestError, getMagicPayErrorCode, getMagicPayErrorMessage, isMagicPayRequestErrorStatus, } from './gateway.js';
+export type { MagicPayGatewayConfig } from './gateway.js';
+export { createMagicPayClient } from './client.js';
+export type { MagicPayClient, MagicPayClientRequestOptions, MagicPayClientOptions, MagicPayPollUntilOptions, } from './client.js';
+export type { RemoteSessionState, SessionPhase, SessionRequestDomain, SessionRequestLike, SessionRequestState, SessionRequestStatus, SessionRequestType, } from './request-flow.js';
+export type { CompleteRemoteSessionFailureKind, CompleteRemoteSessionOutcome, RemoteSessionPageSummary, } from './session-flow.js';
+export type { CompleteRemoteSessionInput, CompleteRemoteSessionResponse, CreateRemoteSessionInput, SessionResponse, } from './session-client.js';
+export type { CreateSecretRequestInput, CreateSecretRequestResult, ClaimSecretRequestOutcome, ClaimSecretRequestResult, ProtectedFieldPolicy, SecretCatalog, SecretCatalogByHost, SecretClaimFailureKind, SecretRequestPollAttempt, SecretRequestHint, SecretRequestHintField, SecretRequestPollFailureKind, SecretRequestPollOutcome, SecretRequestPollResult, SecretRequestPollUntilFailureKind, SecretRequestPollUntilOptions, SecretRequestPollUntilOutcome, SecretRequestSession, SecretRequestSnapshot, SecretRequestStatus, SecretRequestStatusContract, SecretRequestType, StoredSecretApplicability, StoredSecretApplicabilityTarget, StoredSecretFieldKey, StoredSecretFieldPolicies, StoredSecretKind, StoredSecretMetadata, StoredSecretScope, } from './secret-flow.js';
+//# sourceMappingURL=index.d.ts.map