@middag-io/licensing 0.1.0

package/README.md

@@ -0,0 +1,72 @@
+# @middag-io/licensing
+
+Protected code delivery for MIDDAG products.
+
+`@middag-io/licensing` standardizes how MIDDAG plugins (Moodle, WordPress,
+and future hosts) ship licensed JavaScript modules through a CDN. The
+package owns the technical contract (placeholders, manifest schema, types).
+The licensing worker owns the policy (which install gets which module,
+when, signed with what key).
+
+## Install
+
+```bash
+npm install @middag-io/licensing
+```
+
+Published to GitHub Packages (`@middag-io` scope). Configure `.npmrc` with
+a token that has `read:packages` for installs and `write:packages` for
+releases.
+
+## Subpath exports
+
+| Import | Purpose |
+|---|---|
+| `@middag-io/licensing` | Shared contract types (`CONTRACT_VERSION`, `PLACEHOLDERS`, manifest interfaces). |
+| `@middag-io/licensing/contract` | Same as root — explicit subpath. |
+| `@middag-io/licensing/build` | Vite plugin and CLI helpers that inject placeholders and emit `manifest.template.json`. Node-only. |
+| `@middag-io/licensing/client` | Runtime loader for the host. Validates the worker-issued manifest and dynamically imports protected modules. |
+
+## Status
+
+v0.0.2 — first implemented release. Tracks the protected-delivery worker
+contract that shipped in `worker-ts-middag-licensing` v0.1.4 (ADR-012,
+T1-T6). The Vite plugin emits `manifest.template.json` with SHA-384
+hashes; the runtime loader verifies the worker-issued JWS against the
+worker JWKS, validates the bootstrap (install / host / product /
+contract version), and dynamic-imports modules with recomputed SRI.
+
+Locked placeholder set (worker substitutes these per install):
+
+- `__MIDDAG_HOST_ORIGIN__`
+- `__MIDDAG_INSTALL_ID__`
+- `__MIDDAG_KID__`
+- `__MIDDAG_BUNDLE_EXPIRES_AT__`
+- `__MIDDAG_NONCE__`
+
+Adding, removing, or renaming a token is a coordinated worker change
+(`src/lib/manifest-materialize.ts:PLACEHOLDERS`) and a `CONTRACT_VERSION`
+bump.
+
+Design contract:
+[`worker-ts-middag-licensing/docs/explanation/spec-licensing-js-lib.md`](https://github.com/middag-io/worker-ts-middag-licensing/blob/main/docs/explanation/spec-licensing-js-lib.md).
+
+## Development
+
+```bash
+npm install
+npm run build
+npm run typecheck
+npm run test
+npm run lint
+```
+
+## Release
+
+1. `npm run changeset` to record the intent.
+2. Merge to `main`. The Release workflow opens a "Version Packages" PR.
+3. Merge that PR to publish.
+
+## License
+
+Proprietary — MIDDAG.

package/dist/build/index.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Build-time entry point for @middag-io/licensing.
+ *
+ * Exposes a Vite plugin that:
+ *
+ *   1. Scans each protected module's emitted artifact for the locked
+ *      `__MIDDAG_*__` placeholder tokens.
+ *   2. Computes a SHA-384 hash of the placeholder-bearing template bytes
+ *      (informational — the worker re-hashes post-substitution per install).
+ *   3. Emits `manifest.template.json` next to the bundle so product CI can
+ *      upload it together with the artifacts to the worker's BUILDS bucket.
+ *
+ * The plugin does NOT substitute placeholders at build time — the developer
+ * writes the literal token (e.g. `__MIDDAG_INSTALL_ID__`) in their source,
+ * and the worker substitutes per-install at materialization. Build-time
+ * substitution would mean every install ships the same identifying bytes,
+ * defeating the per-install rotation that ADR-012 §"Protection model" relies
+ * on.
+ */
+import type { Plugin } from "vite";
+import { CONTRACT_VERSION, PLACEHOLDERS, type ManifestTemplate, type ModuleDefinition } from "../contract/index.js";
+export interface LicensingPluginOptions {
+    product: string;
+    release: string;
+    buildId: string;
+    modules: ModuleDefinition[];
+    /** Manifest filename (defaults to `manifest.template.json`). */
+    manifestFilename?: string;
+    /**
+     * Behaviour when a protected module's emitted bytes contain none of the
+     * locked placeholders. Default `error` because shipping a "protected"
+     * module that has nothing to substitute is almost always a mistake (the
+     * developer forgot to insert the tokens, or a minifier renamed them).
+     * Set `warn` for libraries that only use a subset of placeholders.
+     */
+    onMissingPlaceholders?: "error" | "warn";
+}
+export declare function licensingPlugin(options: LicensingPluginOptions): Plugin;
+/** Convenience helper for tests / scripts that want the empty template. */
+export declare function emptyManifestTemplate(opts: {
+    product: string;
+    release: string;
+    buildId: string;
+}): ManifestTemplate;
+export { CONTRACT_VERSION, PLACEHOLDERS };
+export type { ManifestTemplate, ModuleDefinition };
+//# sourceMappingURL=index.d.ts.map

package/dist/build/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/build/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAIH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,MAAM,CAAC;AACnC,OAAO,EACL,gBAAgB,EAChB,YAAY,EACZ,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EAEtB,MAAM,sBAAsB,CAAC;AAE9B,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,gBAAgB,EAAE,CAAC;IAC5B,gEAAgE;IAChE,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;;;;OAMG;IACH,qBAAqB,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;CAC1C;AA6BD,wBAAgB,eAAe,CAAC,OAAO,EAAE,sBAAsB,GAAG,MAAM,CA8EvE;AAmBD,2EAA2E;AAC3E,wBAAgB,qBAAqB,CAAC,IAAI,EAAE;IAC1C,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB,GAAG,gBAAgB,CAQnB;AAED,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,CAAC;AAC1C,YAAY,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,CAAC"}

package/dist/build/index.js

@@ -0,0 +1,113 @@
+import { CONTRACT_VERSION, PLACEHOLDERS } from "../contract/index.js";
+import { createHash } from "node:crypto";
+import { posix } from "node:path";
+//#region src/build/index.ts
+/**
+* Build-time entry point for @middag-io/licensing.
+*
+* Exposes a Vite plugin that:
+*
+*   1. Scans each protected module's emitted artifact for the locked
+*      `__MIDDAG_*__` placeholder tokens.
+*   2. Computes a SHA-384 hash of the placeholder-bearing template bytes
+*      (informational — the worker re-hashes post-substitution per install).
+*   3. Emits `manifest.template.json` next to the bundle so product CI can
+*      upload it together with the artifacts to the worker's BUILDS bucket.
+*
+* The plugin does NOT substitute placeholders at build time — the developer
+* writes the literal token (e.g. `__MIDDAG_INSTALL_ID__`) in their source,
+* and the worker substitutes per-install at materialization. Build-time
+* substitution would mean every install ships the same identifying bytes,
+* defeating the per-install rotation that ADR-012 §"Protection model" relies
+* on.
+*/
+var PLACEHOLDER_ENTRIES = Object.entries(PLACEHOLDERS);
+function sha384Sri(bytes) {
+	return `sha384-${createHash("sha384").update(bytes).digest("base64")}`;
+}
+function placeholdersSeen(source) {
+	const seen = [];
+	for (const [key, token] of PLACEHOLDER_ENTRIES) if (source.includes(token)) seen.push(key);
+	return seen;
+}
+function normalizeEntry(entry) {
+	return entry.split(/[\\/]+/).filter(Boolean).join("/");
+}
+function licensingPlugin(options) {
+	const manifestFilename = options.manifestFilename ?? "manifest.template.json";
+	const onMissing = options.onMissingPlaceholders ?? "error";
+	return {
+		name: "@middag-io/licensing",
+		apply: "build",
+		enforce: "post",
+		async generateBundle(_outputOptions, bundle) {
+			const emitted = /* @__PURE__ */ new Map();
+			for (const [filename, chunk] of Object.entries(bundle)) {
+				const norm = normalizeEntry(filename);
+				let bytes;
+				if (chunk.type === "chunk") bytes = new TextEncoder().encode(chunk.code);
+				else if (chunk.type === "asset") {
+					const source = chunk.source;
+					bytes = typeof source === "string" ? new TextEncoder().encode(source) : new Uint8Array(source);
+				}
+				if (bytes) emitted.set(norm, bytes);
+			}
+			const moduleEntries = [];
+			const missing = [];
+			for (const mod of options.modules) {
+				const key = normalizeEntry(mod.entry);
+				const bytes = emitted.get(key) ?? emitted.get(posix.basename(key)) ?? findByBasenameSuffix(emitted, key);
+				if (!bytes) this.error(`@middag-io/licensing: module "${mod.name}" declared entry "${mod.entry}" was not present in this build output`);
+				const seen = placeholdersSeen(new TextDecoder().decode(bytes));
+				if (seen.length === 0) missing.push(mod.name);
+				moduleEntries.push({
+					name: mod.name,
+					entry: mod.entry,
+					extension: mod.extension,
+					entitlements: mod.entitlements,
+					filename: key,
+					hash_sha384: sha384Sri(bytes),
+					placeholders_seen: seen
+				});
+			}
+			if (missing.length > 0) {
+				const msg = `@middag-io/licensing: protected module(s) had no placeholders: ${missing.join(", ")}. Ensure your source code uses tokens from PLACEHOLDERS (e.g. __MIDDAG_INSTALL_ID__) and that no plugin renames or strips them.`;
+				if (onMissing === "error") this.error(msg);
+				else this.warn(msg);
+			}
+			const template = {
+				contract_version: CONTRACT_VERSION,
+				product: options.product,
+				release: options.release,
+				build_id: options.buildId,
+				modules: moduleEntries
+			};
+			this.emitFile({
+				type: "asset",
+				fileName: manifestFilename,
+				source: JSON.stringify(template, null, 2) + "\n"
+			});
+		}
+	};
+}
+function findByBasenameSuffix(emitted, declared) {
+	const base = posix.basename(declared).replace(/\.[^.]+$/, "");
+	for (const [filename, bytes] of emitted) {
+		const file = posix.basename(filename);
+		if (file.startsWith(base + "-") || file === posix.basename(declared)) return bytes;
+	}
+}
+/** Convenience helper for tests / scripts that want the empty template. */
+function emptyManifestTemplate(opts) {
+	return {
+		contract_version: CONTRACT_VERSION,
+		product: opts.product,
+		release: opts.release,
+		build_id: opts.buildId,
+		modules: []
+	};
+}
+//#endregion
+export { CONTRACT_VERSION, PLACEHOLDERS, emptyManifestTemplate, licensingPlugin };
+
+//# sourceMappingURL=index.js.map

package/dist/build/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","names":[],"sources":["../../src/build/index.ts"],"sourcesContent":["/**\n * Build-time entry point for @middag-io/licensing.\n *\n * Exposes a Vite plugin that:\n *\n *   1. Scans each protected module's emitted artifact for the locked\n *      `__MIDDAG_*__` placeholder tokens.\n *   2. Computes a SHA-384 hash of the placeholder-bearing template bytes\n *      (informational — the worker re-hashes post-substitution per install).\n *   3. Emits `manifest.template.json` next to the bundle so product CI can\n *      upload it together with the artifacts to the worker's BUILDS bucket.\n *\n * The plugin does NOT substitute placeholders at build time — the developer\n * writes the literal token (e.g. `__MIDDAG_INSTALL_ID__`) in their source,\n * and the worker substitutes per-install at materialization. Build-time\n * substitution would mean every install ships the same identifying bytes,\n * defeating the per-install rotation that ADR-012 §\"Protection model\" relies\n * on.\n */\n\nimport { createHash } from \"node:crypto\";\nimport { posix } from \"node:path\";\nimport type { Plugin } from \"vite\";\nimport {\n  CONTRACT_VERSION,\n  PLACEHOLDERS,\n  type ManifestTemplate,\n  type ModuleDefinition,\n  type PlaceholderKey,\n} from \"../contract/index.js\";\n\nexport interface LicensingPluginOptions {\n  product: string;\n  release: string;\n  buildId: string;\n  modules: ModuleDefinition[];\n  /** Manifest filename (defaults to `manifest.template.json`). */\n  manifestFilename?: string;\n  /**\n   * Behaviour when a protected module's emitted bytes contain none of the\n   * locked placeholders. Default `error` because shipping a \"protected\"\n   * module that has nothing to substitute is almost always a mistake (the\n   * developer forgot to insert the tokens, or a minifier renamed them).\n   * Set `warn` for libraries that only use a subset of placeholders.\n   */\n  onMissingPlaceholders?: \"error\" | \"warn\";\n}\n\nconst PLACEHOLDER_ENTRIES = Object.entries(PLACEHOLDERS) as Array<\n  [PlaceholderKey, (typeof PLACEHOLDERS)[PlaceholderKey]]\n>;\n\nfunction sha384Sri(bytes: Uint8Array): string {\n  const digest = createHash(\"sha384\").update(bytes).digest(\"base64\");\n  return `sha384-${digest}`;\n}\n\nfunction placeholdersSeen(source: string): PlaceholderKey[] {\n  const seen: PlaceholderKey[] = [];\n  for (const [key, token] of PLACEHOLDER_ENTRIES) {\n    if (source.includes(token)) seen.push(key);\n  }\n  return seen;\n}\n\nfunction normalizeEntry(entry: string): string {\n  // Vite's emit pipeline keys assets by their forward-slash path relative to\n  // outDir. Convert any Windows-style separators so Vite-on-Windows matches\n  // the same key Vite-on-macOS would produce.\n  return entry\n    .split(/[\\\\/]+/)\n    .filter(Boolean)\n    .join(\"/\");\n}\n\nexport function licensingPlugin(options: LicensingPluginOptions): Plugin {\n  const manifestFilename = options.manifestFilename ?? \"manifest.template.json\";\n  const onMissing = options.onMissingPlaceholders ?? \"error\";\n\n  return {\n    name: \"@middag-io/licensing\",\n    apply: \"build\",\n    enforce: \"post\",\n\n    async generateBundle(_outputOptions, bundle) {\n      const emitted = new Map<string, Uint8Array>();\n      for (const [filename, chunk] of Object.entries(bundle)) {\n        const norm = normalizeEntry(filename);\n        let bytes: Uint8Array | undefined;\n        if (chunk.type === \"chunk\") {\n          bytes = new TextEncoder().encode(chunk.code);\n        } else if (chunk.type === \"asset\") {\n          const source = chunk.source;\n          bytes =\n            typeof source === \"string\" ? new TextEncoder().encode(source) : new Uint8Array(source);\n        }\n        if (bytes) emitted.set(norm, bytes);\n      }\n\n      const moduleEntries: ManifestTemplate[\"modules\"] = [];\n      const missing: string[] = [];\n\n      for (const mod of options.modules) {\n        const key = normalizeEntry(mod.entry);\n        const bytes =\n          emitted.get(key) ??\n          emitted.get(posix.basename(key)) ??\n          findByBasenameSuffix(emitted, key);\n\n        if (!bytes) {\n          this.error(\n            `@middag-io/licensing: module \"${mod.name}\" declared entry \"${mod.entry}\" was not present in this build output`,\n          );\n        }\n\n        const source = new TextDecoder().decode(bytes);\n        const seen = placeholdersSeen(source);\n        if (seen.length === 0) {\n          missing.push(mod.name);\n        }\n\n        moduleEntries.push({\n          name: mod.name,\n          entry: mod.entry,\n          extension: mod.extension,\n          entitlements: mod.entitlements,\n          filename: key,\n          hash_sha384: sha384Sri(bytes),\n          placeholders_seen: seen,\n        });\n      }\n\n      if (missing.length > 0) {\n        const msg = `@middag-io/licensing: protected module(s) had no placeholders: ${missing.join(\", \")}. Ensure your source code uses tokens from PLACEHOLDERS (e.g. __MIDDAG_INSTALL_ID__) and that no plugin renames or strips them.`;\n        if (onMissing === \"error\") this.error(msg);\n        else this.warn(msg);\n      }\n\n      const template: ManifestTemplate = {\n        contract_version: CONTRACT_VERSION,\n        product: options.product,\n        release: options.release,\n        build_id: options.buildId,\n        modules: moduleEntries,\n      };\n\n      this.emitFile({\n        type: \"asset\",\n        fileName: manifestFilename,\n        source: JSON.stringify(template, null, 2) + \"\\n\",\n      });\n    },\n  };\n}\n\n// Some Vite/Rollup configs hash entry filenames. If the declared `entry` is\n// `dist/core.js` but Vite emits `core-abc123.js`, fall back to matching by\n// basename stem so a user-friendly entry path still resolves.\nfunction findByBasenameSuffix(\n  emitted: Map<string, Uint8Array>,\n  declared: string,\n): Uint8Array | undefined {\n  const base = posix.basename(declared).replace(/\\.[^.]+$/, \"\");\n  for (const [filename, bytes] of emitted) {\n    const file = posix.basename(filename);\n    if (file.startsWith(base + \"-\") || file === posix.basename(declared)) {\n      return bytes;\n    }\n  }\n  return undefined;\n}\n\n/** Convenience helper for tests / scripts that want the empty template. */\nexport function emptyManifestTemplate(opts: {\n  product: string;\n  release: string;\n  buildId: string;\n}): ManifestTemplate {\n  return {\n    contract_version: CONTRACT_VERSION,\n    product: opts.product,\n    release: opts.release,\n    build_id: opts.buildId,\n    modules: [],\n  };\n}\n\nexport { CONTRACT_VERSION, PLACEHOLDERS };\nexport type { ManifestTemplate, ModuleDefinition };\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AAgDA,IAAM,sBAAsB,OAAO,QAAQ,YAAY;AAIvD,SAAS,UAAU,OAA2B;CAE5C,OAAO,UADQ,WAAW,QAAQ,EAAE,OAAO,KAAK,EAAE,OAAO,QACxC;AACnB;AAEA,SAAS,iBAAiB,QAAkC;CAC1D,MAAM,OAAyB,CAAC;CAChC,KAAK,MAAM,CAAC,KAAK,UAAU,qBACzB,IAAI,OAAO,SAAS,KAAK,GAAG,KAAK,KAAK,GAAG;CAE3C,OAAO;AACT;AAEA,SAAS,eAAe,OAAuB;CAI7C,OAAO,MACJ,MAAM,QAAQ,EACd,OAAO,OAAO,EACd,KAAK,GAAG;AACb;AAEA,SAAgB,gBAAgB,SAAyC;CACvE,MAAM,mBAAmB,QAAQ,oBAAoB;CACrD,MAAM,YAAY,QAAQ,yBAAyB;CAEnD,OAAO;EACL,MAAM;EACN,OAAO;EACP,SAAS;EAET,MAAM,eAAe,gBAAgB,QAAQ;GAC3C,MAAM,0BAAU,IAAI,IAAwB;GAC5C,KAAK,MAAM,CAAC,UAAU,UAAU,OAAO,QAAQ,MAAM,GAAG;IACtD,MAAM,OAAO,eAAe,QAAQ;IACpC,IAAI;IACJ,IAAI,MAAM,SAAS,SACjB,QAAQ,IAAI,YAAY,EAAE,OAAO,MAAM,IAAI;SACtC,IAAI,MAAM,SAAS,SAAS;KACjC,MAAM,SAAS,MAAM;KACrB,QACE,OAAO,WAAW,WAAW,IAAI,YAAY,EAAE,OAAO,MAAM,IAAI,IAAI,WAAW,MAAM;IACzF;IACA,IAAI,OAAO,QAAQ,IAAI,MAAM,KAAK;GACpC;GAEA,MAAM,gBAA6C,CAAC;GACpD,MAAM,UAAoB,CAAC;GAE3B,KAAK,MAAM,OAAO,QAAQ,SAAS;IACjC,MAAM,MAAM,eAAe,IAAI,KAAK;IACpC,MAAM,QACJ,QAAQ,IAAI,GAAG,KACf,QAAQ,IAAI,MAAM,SAAS,GAAG,CAAC,KAC/B,qBAAqB,SAAS,GAAG;IAEnC,IAAI,CAAC,OACH,KAAK,MACH,iCAAiC,IAAI,KAAK,oBAAoB,IAAI,MAAM,uCAC1E;IAIF,MAAM,OAAO,iBADE,IAAI,YAAY,EAAE,OAAO,KACV,CAAM;IACpC,IAAI,KAAK,WAAW,GAClB,QAAQ,KAAK,IAAI,IAAI;IAGvB,cAAc,KAAK;KACjB,MAAM,IAAI;KACV,OAAO,IAAI;KACX,WAAW,IAAI;KACf,cAAc,IAAI;KAClB,UAAU;KACV,aAAa,UAAU,KAAK;KAC5B,mBAAmB;IACrB,CAAC;GACH;GAEA,IAAI,QAAQ,SAAS,GAAG;IACtB,MAAM,MAAM,kEAAkE,QAAQ,KAAK,IAAI,EAAE;IACjG,IAAI,cAAc,SAAS,KAAK,MAAM,GAAG;SACpC,KAAK,KAAK,GAAG;GACpB;GAEA,MAAM,WAA6B;IACjC,kBAAkB;IAClB,SAAS,QAAQ;IACjB,SAAS,QAAQ;IACjB,UAAU,QAAQ;IAClB,SAAS;GACX;GAEA,KAAK,SAAS;IACZ,MAAM;IACN,UAAU;IACV,QAAQ,KAAK,UAAU,UAAU,MAAM,CAAC,IAAI;GAC9C,CAAC;EACH;CACF;AACF;AAKA,SAAS,qBACP,SACA,UACwB;CACxB,MAAM,OAAO,MAAM,SAAS,QAAQ,EAAE,QAAQ,YAAY,EAAE;CAC5D,KAAK,MAAM,CAAC,UAAU,UAAU,SAAS;EACvC,MAAM,OAAO,MAAM,SAAS,QAAQ;EACpC,IAAI,KAAK,WAAW,OAAO,GAAG,KAAK,SAAS,MAAM,SAAS,QAAQ,GACjE,OAAO;CAEX;AAEF;;AAGA,SAAgB,sBAAsB,MAIjB;CACnB,OAAO;EACL,kBAAkB;EAClB,SAAS,KAAK;EACd,SAAS,KAAK;EACd,UAAU,KAAK;EACf,SAAS,CAAC;CACZ;AACF"}

package/dist/client/index.d.ts

@@ -0,0 +1,74 @@
+/**
+ * Runtime loader for @middag-io/licensing.
+ *
+ * Runs inside the consuming host (Moodle, WordPress, ...). The browser never
+ * calls the worker's HMAC-protected `/v1/protected/manifest` endpoint — the
+ * PHP host bridge does that, persists the `ManifestResponse`, and serves it
+ * to the browser at `manifest_url` (per ADR-012 §"Server-side host bridge").
+ *
+ * This loader:
+ *
+ *   1. Fetches the manifest JSON from the host-served URL (or via a caller-
+ *      supplied `fetchManifest` for embedded use cases).
+ *   2. Verifies the JWS signature against the worker's JWKS endpoint
+ *      `${workerOrigin}/api/protected/jwks` (cached in-memory per kid).
+ *   3. Validates the decoded payload against the bootstrap context
+ *      (`install_id`, `host_origin`, `host_type`, `product`, `contract_version`)
+ *      so a manifest swapped between installs is rejected client-side.
+ *   4. Loads a requested module by fetching its CDN URL, recomputing the
+ *      SRI hash against the bytes, and dynamic-importing from a Blob URL.
+ *      Native `import()` does not yet take an integrity attribute, so we
+ *      compute SRI ourselves before handing the bytes to the JS engine.
+ */
+import { type JWK } from "jose";
+import { CONTRACT_VERSION, type AuthorizedManifest, type HostType, type ManifestResponse } from "../contract/index.js";
+export interface CreateLicensingClientOptions {
+    hostType: HostType;
+    hostOrigin: string;
+    product: string;
+    installId: string;
+    /**
+     * Worker base origin used to fetch the JWKS, e.g.
+     * `https://licensing.middag.io`. Required unless `jwks` is supplied.
+     */
+    workerOrigin?: string;
+    /**
+     * Static JWKS document (escape hatch for tests / pre-fetched keys).
+     * When supplied, the loader skips the network fetch.
+     */
+    jwks?: {
+        keys: JWK[];
+    };
+    /**
+     * Manifest URL served by the host (PHP bridge). The body must be the
+     * JSON shape worker returns from POST /v1/protected/manifest.
+     */
+    manifestUrl?: string;
+    /** Caller-supplied manifest fetcher; overrides `manifestUrl` when given. */
+    fetchManifest?: () => Promise<ManifestResponse>;
+    /**
+     * Fetch implementation override. Defaults to `globalThis.fetch`. Tests
+     * can pass a mock here; SSR contexts can pass a polyfill.
+     */
+    fetch?: typeof fetch;
+    /**
+     * Clock skew tolerance in seconds when checking `bundle_expires_at`.
+     * Defaults to 60s.
+     */
+    clockSkewSeconds?: number;
+}
+export interface LicensingClient {
+    readonly manifest: AuthorizedManifest;
+    readonly response: ManifestResponse;
+    has(moduleName: string): boolean;
+    loadModule<T = unknown>(moduleName: string): Promise<T>;
+    refresh(): Promise<AuthorizedManifest>;
+}
+export declare class LicensingError extends Error {
+    readonly code: string;
+    constructor(code: string, message: string);
+}
+export declare function createLicensingClient(options: CreateLicensingClientOptions): Promise<LicensingClient>;
+export { CONTRACT_VERSION };
+export type { AuthorizedManifest, HostType, ManifestResponse };
+//# sourceMappingURL=index.d.ts.map

package/dist/client/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAEH,OAAO,EAA4B,KAAK,GAAG,EAAE,MAAM,MAAM,CAAC;AAC1D,OAAO,EACL,gBAAgB,EAChB,KAAK,kBAAkB,EACvB,KAAK,QAAQ,EACb,KAAK,gBAAgB,EACtB,MAAM,sBAAsB,CAAC;AAE9B,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;OAGG;IACH,IAAI,CAAC,EAAE;QAAE,IAAI,EAAE,GAAG,EAAE,CAAA;KAAE,CAAC;IACvB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,4EAA4E;IAC5E,aAAa,CAAC,EAAE,MAAM,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAChD;;;OAGG;IACH,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;IACrB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,QAAQ,EAAE,kBAAkB,CAAC;IACtC,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC;IACpC,GAAG,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC;IACjC,UAAU,CAAC,CAAC,GAAG,OAAO,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IACxD,OAAO,IAAI,OAAO,CAAC,kBAAkB,CAAC,CAAC;CACxC;AA0DD,qBAAa,cAAe,SAAQ,KAAK;aAErB,IAAI,EAAE,MAAM;gBAAZ,IAAI,EAAE,MAAM,EAC5B,OAAO,EAAE,MAAM;CAKlB;AA2ID,wBAAsB,qBAAqB,CACzC,OAAO,EAAE,4BAA4B,GACpC,OAAO,CAAC,eAAe,CAAC,CAmE1B;AAED,OAAO,EAAE,gBAAgB,EAAE,CAAC;AAC5B,YAAY,EAAE,kBAAkB,EAAE,QAAQ,EAAE,gBAAgB,EAAE,CAAC"}