npm - @neetru/sdk - Versions diffs - 1.1.0 → 1.2.0 - Mend

@neetru/sdk 1.1.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (83) hide show

package/CHANGELOG.md +33 -3
package/README.md +135 -159
package/dist/auth.cjs +486 -40
package/dist/auth.cjs.map +1 -1
package/dist/auth.d.cts +1 -1
package/dist/auth.d.ts +1 -1
package/dist/auth.mjs +486 -40
package/dist/auth.mjs.map +1 -1
package/dist/catalog.cjs +64 -21
package/dist/catalog.cjs.map +1 -1
package/dist/catalog.d.cts +2 -2
package/dist/catalog.d.ts +2 -2
package/dist/catalog.mjs +64 -21
package/dist/catalog.mjs.map +1 -1
package/dist/checkout.cjs +61 -15
package/dist/checkout.cjs.map +1 -1
package/dist/checkout.d.cts +1 -1
package/dist/checkout.d.ts +1 -1
package/dist/checkout.mjs +61 -15
package/dist/checkout.mjs.map +1 -1
package/dist/db.cjs +67 -22
package/dist/db.cjs.map +1 -1
package/dist/db.d.cts +1 -1
package/dist/db.d.ts +1 -1
package/dist/db.mjs +67 -22
package/dist/db.mjs.map +1 -1
package/dist/entitlements.cjs +102 -21
package/dist/entitlements.cjs.map +1 -1
package/dist/entitlements.d.cts +11 -5
package/dist/entitlements.d.ts +11 -5
package/dist/entitlements.mjs +102 -21
package/dist/entitlements.mjs.map +1 -1
package/dist/index.cjs +491 -41
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +3 -3
package/dist/index.d.ts +3 -3
package/dist/index.mjs +488 -42
package/dist/index.mjs.map +1 -1
package/dist/mocks.cjs +3 -2
package/dist/mocks.cjs.map +1 -1
package/dist/mocks.d.cts +4 -2
package/dist/mocks.d.ts +4 -2
package/dist/mocks.mjs +3 -2
package/dist/mocks.mjs.map +1 -1
package/dist/notifications.cjs +296 -0
package/dist/notifications.cjs.map +1 -0
package/dist/notifications.d.cts +1 -0
package/dist/notifications.d.ts +1 -0
package/dist/notifications.mjs +293 -0
package/dist/notifications.mjs.map +1 -0
package/dist/react.cjs +7 -3
package/dist/react.cjs.map +1 -1
package/dist/react.d.cts +1 -1
package/dist/react.d.ts +1 -1
package/dist/react.mjs +7 -3
package/dist/react.mjs.map +1 -1
package/dist/support.cjs +61 -15
package/dist/support.cjs.map +1 -1
package/dist/support.d.cts +1 -1
package/dist/support.d.ts +1 -1
package/dist/support.mjs +61 -15
package/dist/support.mjs.map +1 -1
package/dist/telemetry.cjs +131 -16
package/dist/telemetry.cjs.map +1 -1
package/dist/telemetry.d.cts +17 -1
package/dist/telemetry.d.ts +17 -1
package/dist/telemetry.mjs +131 -16
package/dist/telemetry.mjs.map +1 -1
package/dist/{types-BA53dd8S.d.cts → types-CQAfwqUS.d.cts} +172 -8
package/dist/{types-BA53dd8S.d.ts → types-CQAfwqUS.d.ts} +172 -8
package/dist/usage.cjs +61 -15
package/dist/usage.cjs.map +1 -1
package/dist/usage.d.cts +1 -1
package/dist/usage.d.ts +1 -1
package/dist/usage.mjs +61 -15
package/dist/usage.mjs.map +1 -1
package/dist/webhooks.cjs +316 -0
package/dist/webhooks.cjs.map +1 -0
package/dist/webhooks.d.cts +1 -0
package/dist/webhooks.d.ts +1 -0
package/dist/webhooks.mjs +312 -0
package/dist/webhooks.mjs.map +1 -0
package/package.json +22 -6

package/dist/webhooks.mjs ADDED Viewed

@@ -0,0 +1,312 @@
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+// src/errors.ts
+var NeetruError = class _NeetruError extends Error {
+  code;
+  status;
+  requestId;
+  constructor(code, message, status, requestId) {
+    super(message);
+    this.name = "NeetruError";
+    this.code = code;
+    this.status = status;
+    this.requestId = requestId;
+    Object.setPrototypeOf(this, _NeetruError.prototype);
+  }
+};
+// src/http.ts
+var DEFAULT_RETRIES = 2;
+var RETRYABLE_CODES = /* @__PURE__ */ new Set([
+  "rate_limited",
+  "server_error",
+  "network_error"
+]);
+function backoffMs(attempt) {
+  const base = 200 * Math.pow(4, attempt);
+  const jitter = base * 0.2 * (Math.random() * 2 - 1);
+  return Math.max(50, Math.round(base + jitter));
+}
+function parseRetryAfter(value) {
+  if (!value) return null;
+  const secs = Number(value);
+  if (Number.isFinite(secs) && secs >= 0) return Math.round(secs * 1e3);
+  const dateMs = Date.parse(value);
+  if (Number.isFinite(dateMs)) {
+    const delta = dateMs - Date.now();
+    if (delta > 0) return delta;
+  }
+  return null;
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function statusToCode(status) {
+  if (status === 401) return "unauthorized";
+  if (status === 403) return "forbidden";
+  if (status === 404) return "not_found";
+  if (status === 422 || status === 400) return "validation_failed";
+  if (status === 429) return "rate_limited";
+  if (status >= 500) return "server_error";
+  return "unknown";
+}
+function buildUrl(baseUrl, path, query) {
+  const base = baseUrl.replace(/\/+$/, "");
+  const p = path.startsWith("/") ? path : `/${path}`;
+  const url = new URL(`${base}${p}`);
+  if (query) {
+    for (const [k, v] of Object.entries(query)) {
+      if (v === void 0) continue;
+      url.searchParams.set(k, String(v));
+    }
+  }
+  return url.toString();
+}
+async function safeJson(res) {
+  const text = await res.text();
+  if (!text) return void 0;
+  try {
+    return JSON.parse(text);
+  } catch {
+    return void 0;
+  }
+}
+async function httpRequest(config, opts) {
+  const method = opts.method ?? "GET";
+  const url = buildUrl(config.baseUrl, opts.path, opts.query);
+  const maxRetries = opts.retries ?? DEFAULT_RETRIES;
+  const headers = {
+    accept: "application/json",
+    ...opts.headers
+  };
+  if (opts.requireAuth) {
+    if (!config.apiKey) {
+      throw new NeetruError(
+        "missing_api_key",
+        "This operation requires an apiKey. Pass it to createNeetruClient({ apiKey }) or set NEETRU_API_KEY env var."
+      );
+    }
+    headers.authorization = `Bearer ${config.apiKey}`;
+  }
+  const bodyString = opts.body !== void 0 && method !== "GET" && method !== "DELETE" ? JSON.stringify(opts.body) : void 0;
+  if (bodyString !== void 0) {
+    headers["content-type"] = "application/json";
+  }
+  let lastError = null;
+  for (let attempt = 0; attempt <= maxRetries; attempt++) {
+    const init = { method, headers };
+    if (bodyString !== void 0) init.body = bodyString;
+    init.signal = AbortSignal.timeout(3e4);
+    let res;
+    try {
+      res = await config.fetch(url, init);
+    } catch (err2) {
+      const message2 = err2 instanceof DOMException && err2.name === "TimeoutError" ? "Network error: timeout after 30s" : `Network error: ${err2 instanceof Error ? err2.message : "fetch failed"}`;
+      lastError = new NeetruError("network_error", message2);
+      if (attempt < maxRetries) {
+        await sleep(backoffMs(attempt));
+        continue;
+      }
+      throw lastError;
+    }
+    const requestId = res.headers.get("x-request-id") ?? res.headers.get("x-correlation-id") ?? void 0;
+    if (res.ok) {
+      const parsed = await safeJson(res);
+      return parsed;
+    }
+    const body = await safeJson(res);
+    let code = statusToCode(res.status);
+    let message = `HTTP ${res.status}`;
+    if (body && typeof body === "object" && "error" in body) {
+      const errField = body.error;
+      if (typeof errField === "string") {
+        message = errField;
+      } else if (errField && typeof errField === "object") {
+        if (typeof errField.code === "string") code = errField.code;
+        if (typeof errField.message === "string") message = errField.message;
+      }
+    }
+    const err = new NeetruError(code, message, res.status, requestId);
+    lastError = err;
+    const isRetryable = RETRYABLE_CODES.has(code);
+    if (isRetryable && attempt < maxRetries) {
+      const retryAfter = parseRetryAfter(res.headers.get("retry-after"));
+      const delay = retryAfter ?? backoffMs(attempt);
+      await sleep(delay);
+      continue;
+    }
+    throw err;
+  }
+  throw lastError ?? new NeetruError("unknown", "unexpected httpRequest exit");
+}
+// src/webhooks.ts
+function verifyWebhookSignature(payload, signature, secret) {
+  if (!signature || !secret) return false;
+  const sigHex = signature.startsWith("sha256=") ? signature.slice(7) : signature;
+  if (!/^[0-9a-f]+$/i.test(sigHex)) return false;
+  let nodeCrypto;
+  try {
+    nodeCrypto = __require("crypto");
+  } catch {
+    if (typeof console !== "undefined") {
+      console.warn(
+        "[neetru-sdk] verifyWebhookSignature requires Node crypto. In browser, use WebCrypto subtle.verify directly."
+      );
+    }
+    return false;
+  }
+  const computed = nodeCrypto.createHmac("sha256", secret).update(payload).digest("hex");
+  const a = Buffer.from(computed, "hex");
+  const b = Buffer.from(sigHex.toLowerCase(), "hex");
+  if (a.length !== b.length) return false;
+  return nodeCrypto.timingSafeEqual(a, b);
+}
+var VALID_EVENTS = [
+  "subscription.activated",
+  "subscription.cancelled",
+  "subscription.payment_failed",
+  "subscription.trial_ending",
+  "usage.quota_exceeded",
+  "account.suspended",
+  "account.reactivated",
+  "support.ticket_replied"
+];
+function toEndpoint(raw) {
+  if (!raw || typeof raw !== "object") {
+    throw new NeetruError("invalid_response", "Webhook response is not an object");
+  }
+  const r = raw;
+  if (typeof r.id !== "string") {
+    throw new NeetruError("invalid_response", "Webhook missing id");
+  }
+  return {
+    id: r.id,
+    url: typeof r.url === "string" ? r.url : "",
+    events: Array.isArray(r.events) ? r.events.filter(
+      (e) => VALID_EVENTS.includes(e)
+    ) : [],
+    hasSecret: r.hasSecret === true,
+    status: r.status === "active" || r.status === "degraded" || r.status === "disabled" ? r.status : "active",
+    lastDeliveryAt: typeof r.lastDeliveryAt === "string" ? r.lastDeliveryAt : void 0,
+    consecutiveFailures: typeof r.consecutiveFailures === "number" ? r.consecutiveFailures : void 0,
+    createdAt: typeof r.createdAt === "string" ? r.createdAt : (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function validateInput(input) {
+  if (!input.url || typeof input.url !== "string") {
+    throw new NeetruError("validation_failed", "url \xE9 obrigat\xF3ria");
+  }
+  try {
+    const parsed = new URL(input.url);
+    if (parsed.protocol !== "https:" && parsed.protocol !== "http:") {
+      throw new Error("invalid protocol");
+    }
+  } catch {
+    throw new NeetruError("validation_failed", `url inv\xE1lida: ${input.url}`);
+  }
+  if (!Array.isArray(input.events) || input.events.length === 0) {
+    throw new NeetruError("validation_failed", "events deve ter pelo menos 1 evento");
+  }
+  for (const ev of input.events) {
+    if (!VALID_EVENTS.includes(ev)) {
+      throw new NeetruError("validation_failed", `evento desconhecido: ${ev}`);
+    }
+  }
+  if (input.secret !== void 0 && input.secret.length < 16) {
+    throw new NeetruError("validation_failed", "secret deve ter \u226516 chars (recomendado 32+)");
+  }
+}
+function createWebhooksNamespace(config) {
+  return {
+    async register(input) {
+      validateInput(input);
+      const raw = await httpRequest(config, {
+        method: "POST",
+        path: "/api/sdk/v1/webhooks",
+        body: input,
+        requireAuth: true
+      });
+      return toEndpoint(raw);
+    },
+    async list() {
+      const raw = await httpRequest(config, {
+        method: "GET",
+        path: "/api/sdk/v1/webhooks",
+        requireAuth: true
+      });
+      const list = Array.isArray(raw?.endpoints) ? raw.endpoints : [];
+      return list.map(toEndpoint);
+    },
+    async unregister(id) {
+      if (!id) throw new NeetruError("validation_failed", "id obrigat\xF3rio");
+      await httpRequest(config, {
+        method: "DELETE",
+        path: `/api/sdk/v1/webhooks/${encodeURIComponent(id)}`,
+        requireAuth: true
+      });
+      return { ok: true };
+    },
+    async test(id) {
+      if (!id) throw new NeetruError("validation_failed", "id obrigat\xF3rio");
+      const raw = await httpRequest(config, {
+        method: "POST",
+        path: `/api/sdk/v1/webhooks/${encodeURIComponent(id)}/test`,
+        requireAuth: true
+      });
+      if (!raw || typeof raw !== "object") {
+        return { ok: false, error: "invalid response" };
+      }
+      const r = raw;
+      return {
+        ok: r.ok === true,
+        statusCode: typeof r.statusCode === "number" ? r.statusCode : void 0,
+        durationMs: typeof r.durationMs === "number" ? r.durationMs : void 0,
+        error: typeof r.error === "string" ? r.error : void 0
+      };
+    }
+  };
+}
+var MockWebhooks = class {
+  endpoints = /* @__PURE__ */ new Map();
+  nextId = 1;
+  async register(input) {
+    validateInput(input);
+    const id = `mock_wh_${this.nextId++}`;
+    const endpoint = {
+      id,
+      url: input.url,
+      events: input.events,
+      hasSecret: !!input.secret,
+      status: "active",
+      createdAt: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    this.endpoints.set(id, endpoint);
+    return endpoint;
+  }
+  async list() {
+    return [...this.endpoints.values()];
+  }
+  async unregister(id) {
+    if (!this.endpoints.has(id)) {
+      throw new NeetruError("not_found", `Webhook ${id} n\xE3o encontrado`);
+    }
+    this.endpoints.delete(id);
+    return { ok: true };
+  }
+  async test(id) {
+    if (!this.endpoints.has(id)) {
+      throw new NeetruError("not_found", `Webhook ${id} n\xE3o encontrado`);
+    }
+    return { ok: true, statusCode: 200, durationMs: 42 };
+  }
+};
+export { MockWebhooks, createWebhooksNamespace, verifyWebhookSignature };
+//# sourceMappingURL=webhooks.mjs.map
+//# sourceMappingURL=webhooks.mjs.map

package/dist/webhooks.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/errors.ts","../src/http.ts","../src/webhooks.ts"],"names":["err","message"],"mappings":";;;;;;;;AAgCO,IAAM,WAAA,GAAN,MAAM,YAAA,SAAoB,KAAA,CAAM;AAAA,EACrB,IAAA;AAAA,EACA,MAAA;AAAA,EACA,SAAA;AAAA,EAEhB,WAAA,CACE,IAAA,EACA,OAAA,EACA,MAAA,EACA,SAAA,EACA;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,aAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AAEjB,IAAA,MAAA,CAAO,cAAA,CAAe,IAAA,EAAM,YAAA,CAAY,SAAS,CAAA;AAAA,EACnD;AACF,CAAA;;;ACXA,IAAM,eAAA,GAAkB,CAAA;AACxB,IAAM,eAAA,uBAAsB,GAAA,CAAqB;AAAA,EAC/C,cAAA;AAAA,EACA,cAAA;AAAA,EACA;AACF,CAAC,CAAA;AAGD,SAAS,UAAU,OAAA,EAAyB;AAC1C,EAAA,MAAM,IAAA,GAAO,GAAA,GAAM,IAAA,CAAK,GAAA,CAAI,GAAG,OAAO,CAAA;AACtC,EAAA,MAAM,SAAS,IAAA,GAAO,GAAA,IAAO,IAAA,CAAK,MAAA,KAAW,CAAA,GAAI,CAAA,CAAA;AACjD,EAAA,OAAO,KAAK,GAAA,CAAI,EAAA,EAAI,KAAK,KAAA,CAAM,IAAA,GAAO,MAAM,CAAC,CAAA;AAC/C;AAMA,SAAS,gBAAgB,KAAA,EAAqC;AAC5D,EAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AACnB,EAAA,MAAM,IAAA,GAAO,OAAO,KAAK,CAAA;AACzB,EAAA,IAAI,MAAA,CAAO,QAAA,CAAS,IAAI,CAAA,IAAK,IAAA,IAAQ,GAAG,OAAO,IAAA,CAAK,KAAA,CAAM,IAAA,GAAO,GAAI,CAAA;AACrE,EAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,KAAK,CAAA;AAC/B,EAAA,IAAI,MAAA,CAAO,QAAA,CAAS,MAAM,CAAA,EAAG;AAC3B,IAAA,MAAM,KAAA,GAAQ,MAAA,GAAS,IAAA,CAAK,GAAA,EAAI;AAChC,IAAA,IAAI,KAAA,GAAQ,GAAG,OAAO,KAAA;AAAA,EACxB;AACA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,MAAM,EAAA,EAA2B;AACxC,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,EAAE,CAAC,CAAA;AACzD;AAGA,SAAS,aAAa,MAAA,EAAiC;AACrD,EAAA,IAAI,MAAA,KAAW,KAAK,OAAO,cAAA;AAC3B,EAAA,IAAI,MAAA,KAAW,KAAK,OAAO,WAAA;AAC3B,EAAA,IAAI,MAAA,KAAW,KAAK,OAAO,WAAA;AAC3B,EAAA,IAAI,MAAA,KAAW,GAAA,IAAO,MAAA,KAAW,GAAA,EAAK,OAAO,mBAAA;AAC7C,EAAA,IAAI,MAAA,KAAW,KAAK,OAAO,cAAA;AAC3B,EAAA,IAAI,MAAA,IAAU,KAAK,OAAO,cAAA;AAC1B,EAAA,OAAO,SAAA;AACT;AAEA,SAAS,QAAA,CAAS,OAAA,EAAiB,IAAA,EAAc,KAAA,EAA6C;AAE5F,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAA;AACvC,EAAA,MAAM,IAAI,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA,GAAI,IAAA,GAAO,IAAI,IAAI,CAAA,CAAA;AAChD,EAAA,MAAM,MAAM,IAAI,GAAA,CAAI,GAAG,IAAI,CAAA,EAAG,CAAC,CAAA,CAAE,CAAA;AACjC,EAAA,IAAI,KAAA,EAAO;AACT,IAAA,KAAA,MAAW,CAAC,CAAA,EAAG,CAAC,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AAC1C,MAAA,IAAI,MAAM,MAAA,EAAW;AACrB,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,CAAA,EAAG,MAAA,CAAO,CAAC,CAAC,CAAA;AAAA,IACnC;AAAA,EACF;AACA,EAAA,OAAO,IAAI,QAAA,EAAS;AACtB;AAGA,eAAe,SAAS,GAAA,EAAiC;AACvD,EAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,EAAK;AAC5B,EAAA,IAAI,CAAC,MAAM,OAAO,MAAA;AAClB,EAAA,IAAI;AACF,IAAA,OAAO,IAAA,CAAK,MAAM,IAAI,CAAA;AAAA,EACxB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,MAAA;AAAA,EACT;AACF;AAQA,eAAsB,WAAA,CACpB,QACA,IAAA,EACY;AACZ,EAAA,MAAM,MAAA,GAAS,KAAK,MAAA,IAAU,KAAA;AAC9B,EAAA,MAAM,MAAM,QAAA,CAAS,MAAA,CAAO,SAAS,IAAA,CAAK,IAAA,EAAM,KAAK,KAAK,CAAA;AAC1D,EAAA,MAAM,UAAA,GAAa,KAAK,OAAA,IAAW,eAAA;AAEnC,EAAA,MAAM,OAAA,GAAkC;AAAA,IACtC,MAAA,EAAQ,kBAAA;AAAA,IACR,GAAG,IAAA,CAAK;AAAA,GACV;AAEA,EAAA,IAAI,KAAK,WAAA,EAAa;AACpB,IAAA,IAAI,CAAC,OAAO,MAAA,EAAQ;AAClB,MAAA,MAAM,IAAI,WAAA;AAAA,QACR,iBAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF;AACA,IAAA,OAAA,CAAQ,aAAA,GAAgB,CAAA,OAAA,EAAU,MAAA,CAAO,MAAM,CAAA,CAAA;AAAA,EACjD;AAGA,EAAA,MAAM,UAAA,GACJ,IAAA,CAAK,IAAA,KAAS,MAAA,IAAa,MAAA,KAAW,KAAA,IAAS,MAAA,KAAW,QAAA,GACtD,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,IAAI,CAAA,GACxB,MAAA;AACN,EAAA,IAAI,eAAe,MAAA,EAAW;AAC5B,IAAA,OAAA,CAAQ,cAAc,CAAA,GAAI,kBAAA;AAAA,EAC5B;AAEA,EAAA,IAAI,SAAA,GAAgC,IAAA;AAEpC,EAAA,KAAA,IAAS,OAAA,GAAU,CAAA,EAAG,OAAA,IAAW,UAAA,EAAY,OAAA,EAAA,EAAW;AACtD,IAAA,MAAM,IAAA,GAAoB,EAAE,MAAA,EAAQ,OAAA,EAAQ;AAC5C,IAAA,IAAI,UAAA,KAAe,MAAA,EAAW,IAAA,CAAK,IAAA,GAAO,UAAA;AAG1C,IAAA,IAAA,CAAK,MAAA,GAAS,WAAA,CAAY,OAAA,CAAQ,GAAM,CAAA;AAExC,IAAA,IAAI,GAAA;AACJ,IAAA,IAAI;AACF,MAAA,GAAA,GAAM,MAAM,MAAA,CAAO,KAAA,CAAM,GAAA,EAAK,IAAI,CAAA;AAAA,IACpC,SAASA,IAAAA,EAAK;AACZ,MAAA,MAAMC,QAAAA,GACJD,IAAAA,YAAe,YAAA,IAAgBA,IAAAA,CAAI,IAAA,KAAS,cAAA,GACxC,kCAAA,GACA,CAAA,eAAA,EAAkBA,IAAAA,YAAe,KAAA,GAAQA,IAAAA,CAAI,OAAA,GAAU,cAAc,CAAA,CAAA;AAC3E,MAAA,SAAA,GAAY,IAAI,WAAA,CAAY,eAAA,EAAiBC,QAAO,CAAA;AACpD,MAAA,IAAI,UAAU,UAAA,EAAY;AACxB,QAAA,MAAM,KAAA,CAAM,SAAA,CAAU,OAAO,CAAC,CAAA;AAC9B,QAAA;AAAA,MACF;AACA,MAAA,MAAM,SAAA;AAAA,IACR;AAEA,IAAA,MAAM,SAAA,GACJ,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,cAAc,KAAK,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,kBAAkB,CAAA,IAAK,MAAA;AAE5E,IAAA,IAAI,IAAI,EAAA,EAAI;AACV,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,GAAG,CAAA;AACjC,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,MAAM,IAAA,GAAQ,MAAM,QAAA,CAAS,GAAG,CAAA;AAGhC,IAAA,IAAI,IAAA,GAAe,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AAC1C,IAAA,IAAI,OAAA,GAAU,CAAA,KAAA,EAAQ,GAAA,CAAI,MAAM,CAAA,CAAA;AAChC,IAAA,IAAI,IAAA,IAAQ,OAAO,IAAA,KAAS,QAAA,IAAY,WAAW,IAAA,EAAM;AACvD,MAAA,MAAM,WAAW,IAAA,CAAK,KAAA;AACtB,MAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,QAAA,OAAA,GAAU,QAAA;AAAA,MACZ,CAAA,MAAA,IAAW,QAAA,IAAY,OAAO,QAAA,KAAa,QAAA,EAAU;AACnD,QAAA,IAAI,OAAO,QAAA,CAAS,IAAA,KAAS,QAAA,SAAiB,QAAA,CAAS,IAAA;AACvD,QAAA,IAAI,OAAO,QAAA,CAAS,OAAA,KAAY,QAAA,YAAoB,QAAA,CAAS,OAAA;AAAA,MAC/D;AAAA,IACF;AACA,IAAA,MAAM,MAAM,IAAI,WAAA,CAAY,MAAM,OAAA,EAAS,GAAA,CAAI,QAAQ,SAAS,CAAA;AAChE,IAAA,SAAA,GAAY,GAAA;AAEZ,IAAA,MAAM,WAAA,GAAc,eAAA,CAAgB,GAAA,CAAI,IAAuB,CAAA;AAC/D,IAAA,IAAI,WAAA,IAAe,UAAU,UAAA,EAAY;AACvC,MAAA,MAAM,aAAa,eAAA,CAAgB,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,aAAa,CAAC,CAAA;AACjE,MAAA,MAAM,KAAA,GAAQ,UAAA,IAAc,SAAA,CAAU,OAAO,CAAA;AAC7C,MAAA,MAAM,MAAM,KAAK,CAAA;AACjB,MAAA;AAAA,IACF;AACA,IAAA,MAAM,GAAA;AAAA,EACR;AAGA,EAAA,MAAM,SAAA,IAAa,IAAI,WAAA,CAAY,SAAA,EAAW,6BAA6B,CAAA;AAC7E;;;AClGO,SAAS,sBAAA,CACd,OAAA,EACA,SAAA,EACA,MAAA,EACS;AACT,EAAA,IAAI,CAAC,SAAA,IAAa,CAAC,MAAA,EAAQ,OAAO,KAAA;AAElC,EAAA,MAAM,MAAA,GAAS,UAAU,UAAA,CAAW,SAAS,IAAI,SAAA,CAAU,KAAA,CAAM,CAAC,CAAA,GAAI,SAAA;AACtE,EAAA,IAAI,CAAC,cAAA,CAAe,IAAA,CAAK,MAAM,GAAG,OAAO,KAAA;AAOzC,EAAA,IAAI,UAAA;AACJ,EAAA,IAAI;AAEF,IAAA,UAAA,GAAa,UAAQ,QAAa,CAAA;AAAA,EACpC,CAAA,CAAA,MAAQ;AACN,IAAA,IAAI,OAAO,YAAY,WAAA,EAAa;AAClC,MAAA,OAAA,CAAQ,IAAA;AAAA,QACN;AAAA,OACF;AAAA,IACF;AACA,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,MAAM,QAAA,GAAW,UAAA,CAAW,UAAA,CAAW,QAAA,EAAU,MAAM,EAAE,MAAA,CAAO,OAAO,CAAA,CAAE,MAAA,CAAO,KAAK,CAAA;AACrF,EAAA,MAAM,CAAA,GAAI,MAAA,CAAO,IAAA,CAAK,QAAA,EAAU,KAAK,CAAA;AACrC,EAAA,MAAM,IAAI,MAAA,CAAO,IAAA,CAAK,MAAA,CAAO,WAAA,IAAe,KAAK,CAAA;AACjD,EAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ,OAAO,KAAA;AAClC,EAAA,OAAO,UAAA,CAAW,eAAA,CAAgB,CAAA,EAAG,CAAC,CAAA;AACxC;AAIA,IAAM,YAAA,GAAwC;AAAA,EAC5C,wBAAA;AAAA,EACA,wBAAA;AAAA,EACA,6BAAA;AAAA,EACA,2BAAA;AAAA,EACA,sBAAA;AAAA,EACA,mBAAA;AAAA,EACA,qBAAA;AAAA,EACA;AACF,CAAA;AAEA,SAAS,WAAW,GAAA,EAA+B;AACjD,EAAA,IAAI,CAAC,GAAA,IAAO,OAAO,GAAA,KAAQ,QAAA,EAAU;AACnC,IAAA,MAAM,IAAI,WAAA,CAAY,kBAAA,EAAoB,mCAAmC,CAAA;AAAA,EAC/E;AACA,EAAA,MAAM,CAAA,GAAI,GAAA;AACV,EAAA,IAAI,OAAO,CAAA,CAAE,EAAA,KAAO,QAAA,EAAU;AAC5B,IAAA,MAAM,IAAI,WAAA,CAAY,kBAAA,EAAoB,oBAAoB,CAAA;AAAA,EAChE;AACA,EAAA,OAAO;AAAA,IACL,IAAI,CAAA,CAAE,EAAA;AAAA,IACN,KAAK,OAAO,CAAA,CAAE,GAAA,KAAQ,QAAA,GAAW,EAAE,GAAA,GAAM,EAAA;AAAA,IACzC,QAAQ,KAAA,CAAM,OAAA,CAAQ,EAAE,MAAM,CAAA,GACzB,EAAE,MAAA,CAAqB,MAAA;AAAA,MAAO,CAAC,CAAA,KAC9B,YAAA,CAAa,QAAA,CAAS,CAAiB;AAAA,QAEzC,EAAC;AAAA,IACL,SAAA,EAAW,EAAE,SAAA,KAAc,IAAA;AAAA,IAC3B,MAAA,EACE,CAAA,CAAE,MAAA,KAAW,QAAA,IAAY,CAAA,CAAE,MAAA,KAAW,UAAA,IAAc,CAAA,CAAE,MAAA,KAAW,UAAA,GAC7D,CAAA,CAAE,MAAA,GACF,QAAA;AAAA,IACN,gBAAgB,OAAO,CAAA,CAAE,cAAA,KAAmB,QAAA,GAAW,EAAE,cAAA,GAAiB,MAAA;AAAA,IAC1E,qBACE,OAAO,CAAA,CAAE,mBAAA,KAAwB,QAAA,GAAW,EAAE,mBAAA,GAAsB,MAAA;AAAA,IACtE,SAAA,EAAW,OAAO,CAAA,CAAE,SAAA,KAAc,QAAA,GAAW,EAAE,SAAA,GAAA,iBAAY,IAAI,IAAA,EAAK,EAAE,WAAA;AAAY,GACpF;AACF;AAEA,SAAS,cAAc,KAAA,EAAmC;AACxD,EAAA,IAAI,CAAC,KAAA,CAAM,GAAA,IAAO,OAAO,KAAA,CAAM,QAAQ,QAAA,EAAU;AAC/C,IAAA,MAAM,IAAI,WAAA,CAAY,mBAAA,EAAqB,yBAAmB,CAAA;AAAA,EAChE;AACA,EAAA,IAAI;AACF,IAAA,MAAM,MAAA,GAAS,IAAI,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA;AAChC,IAAA,IAAI,MAAA,CAAO,QAAA,KAAa,QAAA,IAAY,MAAA,CAAO,aAAa,OAAA,EAAS;AAC/D,MAAA,MAAM,IAAI,MAAM,kBAAkB,CAAA;AAAA,IACpC;AAAA,EAEF,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,WAAA,CAAY,mBAAA,EAAqB,CAAA,iBAAA,EAAiB,KAAA,CAAM,GAAG,CAAA,CAAE,CAAA;AAAA,EACzE;AACA,EAAA,IAAI,CAAC,MAAM,OAAA,CAAQ,KAAA,CAAM,MAAM,CAAA,IAAK,KAAA,CAAM,MAAA,CAAO,MAAA,KAAW,CAAA,EAAG;AAC7D,IAAA,MAAM,IAAI,WAAA,CAAY,mBAAA,EAAqB,qCAAqC,CAAA;AAAA,EAClF;AACA,EAAA,KAAA,MAAW,EAAA,IAAM,MAAM,MAAA,EAAQ;AAC7B,IAAA,IAAI,CAAC,YAAA,CAAa,QAAA,CAAS,EAAE,CAAA,EAAG;AAC9B,MAAA,MAAM,IAAI,WAAA,CAAY,mBAAA,EAAqB,CAAA,qBAAA,EAAwB,EAAE,CAAA,CAAE,CAAA;AAAA,IACzE;AAAA,EACF;AACA,EAAA,IAAI,MAAM,MAAA,KAAW,MAAA,IAAa,KAAA,CAAM,MAAA,CAAO,SAAS,EAAA,EAAI;AAC1D,IAAA,MAAM,IAAI,WAAA,CAAY,mBAAA,EAAqB,kDAA6C,CAAA;AAAA,EAC1F;AACF;AAEO,SAAS,wBAAwB,MAAA,EAA2C;AACjF,EAAA,OAAO;AAAA,IACL,MAAM,SAAS,KAAA,EAAO;AACpB,MAAA,aAAA,CAAc,KAAK,CAAA;AACnB,MAAA,MAAM,GAAA,GAAM,MAAM,WAAA,CAAqB,MAAA,EAAQ;AAAA,QAC7C,MAAA,EAAQ,MAAA;AAAA,QACR,IAAA,EAAM,sBAAA;AAAA,QACN,IAAA,EAAM,KAAA;AAAA,QACN,WAAA,EAAa;AAAA,OACd,CAAA;AACD,MAAA,OAAO,WAAW,GAAG,CAAA;AAAA,IACvB,CAAA;AAAA,IACA,MAAM,IAAA,GAAO;AACX,MAAA,MAAM,GAAA,GAAM,MAAM,WAAA,CAAuC,MAAA,EAAQ;AAAA,QAC/D,MAAA,EAAQ,KAAA;AAAA,QACR,IAAA,EAAM,sBAAA;AAAA,QACN,WAAA,EAAa;AAAA,OACd,CAAA;AACD,MAAA,MAAM,IAAA,GAAO,MAAM,OAAA,CAAQ,GAAA,EAAK,SAAS,CAAA,GAAI,GAAA,CAAI,YAAY,EAAC;AAC9D,MAAA,OAAO,IAAA,CAAK,IAAI,UAAU,CAAA;AAAA,IAC5B,CAAA;AAAA,IACA,MAAM,WAAW,EAAA,EAAI;AACnB,MAAA,IAAI,CAAC,EAAA,EAAI,MAAM,IAAI,WAAA,CAAY,qBAAqB,mBAAgB,CAAA;AACpE,MAAA,MAAM,YAAqB,MAAA,EAAQ;AAAA,QACjC,MAAA,EAAQ,QAAA;AAAA,QACR,IAAA,EAAM,CAAA,qBAAA,EAAwB,kBAAA,CAAmB,EAAE,CAAC,CAAA,CAAA;AAAA,QACpD,WAAA,EAAa;AAAA,OACd,CAAA;AACD,MAAA,OAAO,EAAE,IAAI,IAAA,EAAK;AAAA,IACpB,CAAA;AAAA,IACA,MAAM,KAAK,EAAA,EAAI;AACb,MAAA,IAAI,CAAC,EAAA,EAAI,MAAM,IAAI,WAAA,CAAY,qBAAqB,mBAAgB,CAAA;AACpE,MAAA,MAAM,GAAA,GAAM,MAAM,WAAA,CAAqB,MAAA,EAAQ;AAAA,QAC7C,MAAA,EAAQ,MAAA;AAAA,QACR,IAAA,EAAM,CAAA,qBAAA,EAAwB,kBAAA,CAAmB,EAAE,CAAC,CAAA,KAAA,CAAA;AAAA,QACpD,WAAA,EAAa;AAAA,OACd,CAAA;AACD,MAAA,IAAI,CAAC,GAAA,IAAO,OAAO,GAAA,KAAQ,QAAA,EAAU;AACnC,QAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,KAAA,EAAO,kBAAA,EAAmB;AAAA,MAChD;AACA,MAAA,MAAM,CAAA,GAAI,GAAA;AACV,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,EAAE,EAAA,KAAO,IAAA;AAAA,QACb,YAAY,OAAO,CAAA,CAAE,UAAA,KAAe,QAAA,GAAW,EAAE,UAAA,GAAa,MAAA;AAAA,QAC9D,YAAY,OAAO,CAAA,CAAE,UAAA,KAAe,QAAA,GAAW,EAAE,UAAA,GAAa,MAAA;AAAA,QAC9D,OAAO,OAAO,CAAA,CAAE,KAAA,KAAU,QAAA,GAAW,EAAE,KAAA,GAAQ;AAAA,OACjD;AAAA,IACF;AAAA,GACF;AACF;AAIO,IAAM,eAAN,MAAgD;AAAA,EAC7C,SAAA,uBAAgB,GAAA,EAA6B;AAAA,EAC7C,MAAA,GAAS,CAAA;AAAA,EAEjB,MAAM,SAAS,KAAA,EAAuD;AACpE,IAAA,aAAA,CAAc,KAAK,CAAA;AACnB,IAAA,MAAM,EAAA,GAAK,CAAA,QAAA,EAAW,IAAA,CAAK,MAAA,EAAQ,CAAA,CAAA;AACnC,IAAA,MAAM,QAAA,GAA4B;AAAA,MAChC,EAAA;AAAA,MACA,KAAK,KAAA,CAAM,GAAA;AAAA,MACX,QAAQ,KAAA,CAAM,MAAA;AAAA,MACd,SAAA,EAAW,CAAC,CAAC,KAAA,CAAM,MAAA;AAAA,MACnB,MAAA,EAAQ,QAAA;AAAA,MACR,SAAA,EAAA,iBAAW,IAAI,IAAA,EAAK,EAAE,WAAA;AAAY,KACpC;AACA,IAAA,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,EAAA,EAAI,QAAQ,CAAA;AAC/B,IAAA,OAAO,QAAA;AAAA,EACT;AAAA,EAEA,MAAM,IAAA,GAAmC;AACvC,IAAA,OAAO,CAAC,GAAG,IAAA,CAAK,SAAA,CAAU,QAAQ,CAAA;AAAA,EACpC;AAAA,EAEA,MAAM,WAAW,EAAA,EAAmC;AAClD,IAAA,IAAI,CAAC,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,EAAE,CAAA,EAAG;AAC3B,MAAA,MAAM,IAAI,WAAA,CAAY,WAAA,EAAa,CAAA,QAAA,EAAW,EAAE,CAAA,kBAAA,CAAiB,CAAA;AAAA,IACnE;AACA,IAAA,IAAA,CAAK,SAAA,CAAU,OAAO,EAAE,CAAA;AACxB,IAAA,OAAO,EAAE,IAAI,IAAA,EAAK;AAAA,EACpB;AAAA,EAEA,MAAM,KAAK,EAAA,EAAwC;AACjD,IAAA,IAAI,CAAC,IAAA,CAAK,SAAA,CAAU,GAAA,CAAI,EAAE,CAAA,EAAG;AAC3B,MAAA,MAAM,IAAI,WAAA,CAAY,WAAA,EAAa,CAAA,QAAA,EAAW,EAAE,CAAA,kBAAA,CAAiB,CAAA;AAAA,IACnE;AACA,IAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,UAAA,EAAY,GAAA,EAAK,YAAY,EAAA,EAAG;AAAA,EACrD;AACF","file":"webhooks.mjs","sourcesContent":["/**\n * Erros tipados do SDK.\n *\n * Todo erro lançado pelo SDK estende `NeetruError` — caller pode discriminar\n * por `.code` (string estável) sem parsing de message.\n */\n\n/** Códigos de erro estáveis do SDK. Adicionar aqui requer minor bump. */\nexport type NeetruErrorCode =\n | 'invalid_config'\n | 'missing_api_key'\n | 'unauthorized'\n | 'forbidden'\n | 'not_found'\n | 'rate_limited'\n | 'validation_failed'\n | 'network_error'\n | 'invalid_response'\n | 'server_error'\n | 'unknown';\n\n/**\n * Erro tipado padrão do SDK. Sempre lançado em vez de Error genérico.\n *\n * @example\n * ```ts\n * try { await client.catalog.list(); }\n * catch (e) {\n * if (e instanceof NeetruError && e.code === 'rate_limited') retry();\n * }\n * ```\n */\nexport class NeetruError extends Error {\n public readonly code: NeetruErrorCode | string;\n public readonly status?: number;\n public readonly requestId?: string;\n\n constructor(\n code: NeetruErrorCode | string,\n message: string,\n status?: number,\n requestId?: string,\n ) {\n super(message);\n this.name = 'NeetruError';\n this.code = code;\n this.status = status;\n this.requestId = requestId;\n // Preserva o prototype chain ao herdar de Error (downlevel quirk de TS).\n Object.setPrototypeOf(this, NeetruError.prototype);\n }\n}\n","/**\n * HTTP transport interno do SDK.\n *\n * Responsabilidades:\n * - Construir URL absoluta a partir de `baseUrl` + path\n * - Injetar Bearer token quando `requireAuth=true`\n * - Mapear status HTTP → `NeetruError` com `code` estável\n * - Parse defensivo de JSON (não lança em body vazio em 204)\n * - Retry/backoff exponencial em `rate_limited` (429), `server_error` (5xx)\n * e `network_error` (timeout/falha de rede). Honra `Retry-After` quando\n * presente. Default 2 retries (3 tentativas no total). Caller opta-out\n * com `retries: 0`.\n */\nimport { NeetruError, type NeetruErrorCode } from './errors';\nimport type { ResolvedConfig } from './types';\n\n/** Opções da request HTTP. */\nexport interface HttpRequestOptions {\n method?: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';\n /** Path relativo (ex: `/api/v1/cli/catalog`). Concatenado a `baseUrl`. */\n path: string;\n /** Query string params (chave → valor primitivo). Valores `undefined` ignorados. */\n query?: Record<string, string | number | boolean | undefined>;\n /** Body JSON-serializável. Ignorado em GET/DELETE. */\n body?: unknown;\n /**\n * Se true, injeta `Authorization: Bearer <apiKey>`. Lança `missing_api_key`\n * se config.apiKey ausente. Default false.\n */\n requireAuth?: boolean;\n /** Cabeçalhos extras. */\n headers?: Record<string, string>;\n /**\n * Número de retries em códigos transientes (`rate_limited`, `server_error`,\n * `network_error`). Default 2 (= 3 tentativas total). Caller passa `0` pra\n * desativar (útil em operações não-idempotentes específicas).\n */\n retries?: number;\n}\n\nconst DEFAULT_RETRIES = 2;\nconst RETRYABLE_CODES = new Set<NeetruErrorCode>([\n 'rate_limited',\n 'server_error',\n 'network_error',\n]);\n\n/** Backoff exponencial com jitter ±20%. attempt: 0=primeira, 1=primeiro retry, ... */\nfunction backoffMs(attempt: number): number {\n const base = 200 * Math.pow(4, attempt); // 200ms, 800ms, 3.2s, ...\n const jitter = base * 0.2 * (Math.random() * 2 - 1);\n return Math.max(50, Math.round(base + jitter));\n}\n\n/**\n * Honra `Retry-After` header (segundos ou HTTP-date). Retorna ms ou null se\n * inválido. RFC 9110 §10.2.3.\n */\nfunction parseRetryAfter(value: string | null): number | null {\n if (!value) return null;\n const secs = Number(value);\n if (Number.isFinite(secs) && secs >= 0) return Math.round(secs * 1000);\n const dateMs = Date.parse(value);\n if (Number.isFinite(dateMs)) {\n const delta = dateMs - Date.now();\n if (delta > 0) return delta;\n }\n return null;\n}\n\nfunction sleep(ms: number): Promise<void> {\n return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\n/** Mapeamento status → code estável do NeetruError. */\nfunction statusToCode(status: number): NeetruErrorCode {\n if (status === 401) return 'unauthorized';\n if (status === 403) return 'forbidden';\n if (status === 404) return 'not_found';\n if (status === 422 || status === 400) return 'validation_failed';\n if (status === 429) return 'rate_limited';\n if (status >= 500) return 'server_error';\n return 'unknown';\n}\n\nfunction buildUrl(baseUrl: string, path: string, query?: HttpRequestOptions['query']): string {\n // Trim trailing slash em base e leading em path pra evitar `//`.\n const base = baseUrl.replace(/\\/+$/, '');\n const p = path.startsWith('/') ? path : `/${path}`;\n const url = new URL(`${base}${p}`);\n if (query) {\n for (const [k, v] of Object.entries(query)) {\n if (v === undefined) continue;\n url.searchParams.set(k, String(v));\n }\n }\n return url.toString();\n}\n\n/** Parse JSON defensivo — retorna `undefined` em body vazio. */\nasync function safeJson(res: Response): Promise<unknown> {\n const text = await res.text();\n if (!text) return undefined;\n try {\n return JSON.parse(text);\n } catch {\n return undefined;\n }\n}\n\n/**\n * Executa request HTTP. Em sucesso retorna body parseado; em erro lança\n * `NeetruError` com `code` derivado do status. Aplica retry/backoff\n * automático em códigos transientes (rate_limited/server_error/network_error)\n * conforme `opts.retries` (default 2 = 3 tentativas).\n */\nexport async function httpRequest<T>(\n config: ResolvedConfig,\n opts: HttpRequestOptions,\n): Promise<T> {\n const method = opts.method ?? 'GET';\n const url = buildUrl(config.baseUrl, opts.path, opts.query);\n const maxRetries = opts.retries ?? DEFAULT_RETRIES;\n\n const headers: Record<string, string> = {\n accept: 'application/json',\n ...opts.headers,\n };\n\n if (opts.requireAuth) {\n if (!config.apiKey) {\n throw new NeetruError(\n 'missing_api_key',\n 'This operation requires an apiKey. Pass it to createNeetruClient({ apiKey }) or set NEETRU_API_KEY env var.',\n );\n }\n headers.authorization = `Bearer ${config.apiKey}`;\n }\n\n // Body só é serializado uma vez — reusado entre tentativas.\n const bodyString =\n opts.body !== undefined && method !== 'GET' && method !== 'DELETE'\n ? JSON.stringify(opts.body)\n : undefined;\n if (bodyString !== undefined) {\n headers['content-type'] = 'application/json';\n }\n\n let lastError: NeetruError | null = null;\n\n for (let attempt = 0; attempt <= maxRetries; attempt++) {\n const init: RequestInit = { method, headers };\n if (bodyString !== undefined) init.body = bodyString;\n // BUG-020 fix (2026-05-13): timeout default 30s. AbortSignal.timeout\n // requer Node 18+ ou browsers recentes.\n init.signal = AbortSignal.timeout(30_000);\n\n let res: Response;\n try {\n res = await config.fetch(url, init);\n } catch (err) {\n const message =\n err instanceof DOMException && err.name === 'TimeoutError'\n ? 'Network error: timeout after 30s'\n : `Network error: ${err instanceof Error ? err.message : 'fetch failed'}`;\n lastError = new NeetruError('network_error', message);\n if (attempt < maxRetries) {\n await sleep(backoffMs(attempt));\n continue;\n }\n throw lastError;\n }\n\n const requestId =\n res.headers.get('x-request-id') ?? res.headers.get('x-correlation-id') ?? undefined;\n\n if (res.ok) {\n const parsed = await safeJson(res);\n return parsed as T;\n }\n\n const body = (await safeJson(res)) as\n | { error?: { code?: string; message?: string } | string }\n | undefined;\n let code: string = statusToCode(res.status);\n let message = `HTTP ${res.status}`;\n if (body && typeof body === 'object' && 'error' in body) {\n const errField = body.error;\n if (typeof errField === 'string') {\n message = errField;\n } else if (errField && typeof errField === 'object') {\n if (typeof errField.code === 'string') code = errField.code;\n if (typeof errField.message === 'string') message = errField.message;\n }\n }\n const err = new NeetruError(code, message, res.status, requestId);\n lastError = err;\n\n const isRetryable = RETRYABLE_CODES.has(code as NeetruErrorCode);\n if (isRetryable && attempt < maxRetries) {\n const retryAfter = parseRetryAfter(res.headers.get('retry-after'));\n const delay = retryAfter ?? backoffMs(attempt);\n await sleep(delay);\n continue;\n }\n throw err;\n }\n\n // Unreachable — loop sempre retorna ou lança. Safety net.\n throw lastError ?? new NeetruError('unknown', 'unexpected httpRequest exit');\n}\n","/**\n * Webhooks namespace (v1.2) — produtos SaaS registram endpoints HTTP no Core\n * pra receber notificações de eventos.\n *\n * Casos típicos:\n * - `subscription.activated` quando cliente conclui checkout\n * - `subscription.cancelled` / `subscription.payment_failed`\n * - `usage.quota_exceeded` quando produto bate teto mensal\n * - `account.suspended` quando staff Neetru suspende uma conta\n *\n * Pull-vs-push: o SDK existente é pull-only (`getQuota`, etc). Webhooks\n * fecham o gap pra eventos assíncronos sem o produto precisar fazer polling.\n *\n * Segurança:\n * - Endpoint do produto recebe HMAC SHA-256 em header `X-Neetru-Signature`\n * usando `secret` opcional do registro. Sem `secret`, header ausente —\n * produto deve usar HTTPS + IP allowlist.\n * - Replay protection: header `X-Neetru-Timestamp` (ms) — produto deve\n * rejeitar > 5min de skew.\n * - Retry: Core retenta 3x com backoff exponencial (1s, 5s, 25s) se 5xx\n * ou timeout. Após 3 falhas → marca endpoint `degraded` por 1h.\n *\n * Endpoints REST (em prod):\n * - `POST /api/sdk/v1/webhooks` — registra novo endpoint\n * - `GET /api/sdk/v1/webhooks` — lista endpoints do produto\n * - `DELETE /api/sdk/v1/webhooks/{id}` — remove endpoint\n * - `POST /api/sdk/v1/webhooks/{id}/test` — dispara evento de teste\n *\n * Mock em `NEETRU_ENV=dev`: tudo in-memory, sem rede.\n */\nimport { NeetruError } from './errors';\nimport { httpRequest } from './http';\nimport type { ResolvedConfig } from './types';\n\n/** Eventos Neetru que produtos podem assinar. Lista expansível por minor bump. */\nexport type WebhookEvent =\n | 'subscription.activated'\n | 'subscription.cancelled'\n | 'subscription.payment_failed'\n | 'subscription.trial_ending'\n | 'usage.quota_exceeded'\n | 'account.suspended'\n | 'account.reactivated'\n | 'support.ticket_replied';\n\nexport interface WebhookEndpoint {\n id: string;\n url: string;\n events: WebhookEvent[];\n /** Quando true, `X-Neetru-Signature` é enviado em cada dispatch. */\n hasSecret: boolean;\n status: 'active' | 'degraded' | 'disabled';\n /** ISO timestamp do último dispatch bem-sucedido. */\n lastDeliveryAt?: string;\n /** Quantos dispatches falharam consecutivos (resetado em sucesso). */\n consecutiveFailures?: number;\n createdAt: string;\n}\n\nexport interface RegisterWebhookInput {\n url: string;\n events: WebhookEvent[];\n /**\n * Secret pra HMAC SHA-256 (mín 16 chars). Recomendado.\n * Quando ausente, dispatches vão sem assinatura — produto deve ter\n * IP allowlist ou outra defesa.\n */\n secret?: string;\n}\n\nexport interface WebhookTestResult {\n ok: boolean;\n statusCode?: number;\n durationMs?: number;\n error?: string;\n}\n\nexport interface WebhooksNamespace {\n /** Registra um novo endpoint. */\n register(input: RegisterWebhookInput): Promise<WebhookEndpoint>;\n /** Lista endpoints registrados pelo produto. */\n list(): Promise<WebhookEndpoint[]>;\n /** Remove um endpoint. */\n unregister(id: string): Promise<{ ok: true }>;\n /** Dispara evento de teste pra validar conectividade. */\n test(id: string): Promise<WebhookTestResult>;\n}\n\n/**\n * Verifica assinatura HMAC SHA-256 de payload de webhook recebido pelo\n * produto consumer. Constant-time compare pra resistir a timing attack.\n *\n * @param payload Corpo cru da request (string ou Buffer). NÃO use o objeto\n * parseado — JSON.stringify pode diferir do que foi assinado.\n * @param signature Header `X-Neetru-Signature` recebido (formato `sha256=<hex>`).\n * @param secret Secret registrado em `webhooks.register({ secret })`.\n * @returns true se assinatura confere, false caso contrário.\n *\n * @example\n * ```ts\n * // Express handler\n * app.post('/webhooks/neetru', express.raw({ type: 'application/json' }), (req, res) => {\n * const sig = req.header('X-Neetru-Signature');\n * if (!verifyWebhookSignature(req.body, sig, process.env.WEBHOOK_SECRET!)) {\n * return res.status(401).end();\n * }\n * const event = JSON.parse(req.body.toString('utf8'));\n * // ... handle event\n * res.json({ ok: true });\n * });\n * ```\n */\nexport function verifyWebhookSignature(\n payload: string | Uint8Array,\n signature: string | null | undefined,\n secret: string,\n): boolean {\n if (!signature || !secret) return false;\n // Aceita \"sha256=<hex>\" ou \"<hex>\" cru.\n const sigHex = signature.startsWith('sha256=') ? signature.slice(7) : signature;\n if (!/^[0-9a-f]+$/i.test(sigHex)) return false;\n\n // Crypto API: Node tem `node:crypto`, browsers têm WebCrypto. Aqui usamos\n // node:crypto (SDK roda majoritariamente server-side em produto Node). Se\n // o consumer for browser puro precisando verificar, basta importar o\n // namespace direto e usar WebCrypto — não é o caso típico, então não\n // pagamos o custo de bundle.\n let nodeCrypto: typeof import('node:crypto');\n try {\n // eslint-disable-next-line @typescript-eslint/no-require-imports\n nodeCrypto = require('node:crypto');\n } catch {\n if (typeof console !== 'undefined') {\n console.warn(\n '[neetru-sdk] verifyWebhookSignature requires Node crypto. In browser, use WebCrypto subtle.verify directly.',\n );\n }\n return false;\n }\n\n const computed = nodeCrypto.createHmac('sha256', secret).update(payload).digest('hex');\n const a = Buffer.from(computed, 'hex');\n const b = Buffer.from(sigHex.toLowerCase(), 'hex');\n if (a.length !== b.length) return false;\n return nodeCrypto.timingSafeEqual(a, b);\n}\n\n// ─── HTTP impl ──────────────────────────────────────────────────────────────\n\nconst VALID_EVENTS: readonly WebhookEvent[] = [\n 'subscription.activated',\n 'subscription.cancelled',\n 'subscription.payment_failed',\n 'subscription.trial_ending',\n 'usage.quota_exceeded',\n 'account.suspended',\n 'account.reactivated',\n 'support.ticket_replied',\n];\n\nfunction toEndpoint(raw: unknown): WebhookEndpoint {\n if (!raw || typeof raw !== 'object') {\n throw new NeetruError('invalid_response', 'Webhook response is not an object');\n }\n const r = raw as Record<string, unknown>;\n if (typeof r.id !== 'string') {\n throw new NeetruError('invalid_response', 'Webhook missing id');\n }\n return {\n id: r.id,\n url: typeof r.url === 'string' ? r.url : '',\n events: Array.isArray(r.events)\n ? (r.events as unknown[]).filter((e): e is WebhookEvent =>\n VALID_EVENTS.includes(e as WebhookEvent),\n )\n : [],\n hasSecret: r.hasSecret === true,\n status:\n r.status === 'active' || r.status === 'degraded' || r.status === 'disabled'\n ? r.status\n : 'active',\n lastDeliveryAt: typeof r.lastDeliveryAt === 'string' ? r.lastDeliveryAt : undefined,\n consecutiveFailures:\n typeof r.consecutiveFailures === 'number' ? r.consecutiveFailures : undefined,\n createdAt: typeof r.createdAt === 'string' ? r.createdAt : new Date().toISOString(),\n };\n}\n\nfunction validateInput(input: RegisterWebhookInput): void {\n if (!input.url || typeof input.url !== 'string') {\n throw new NeetruError('validation_failed', 'url é obrigatória');\n }\n try {\n const parsed = new URL(input.url);\n if (parsed.protocol !== 'https:' && parsed.protocol !== 'http:') {\n throw new Error('invalid protocol');\n }\n // Em prod, http: é warning (não bloqueia) — testes locais podem usar\n } catch {\n throw new NeetruError('validation_failed', `url inválida: ${input.url}`);\n }\n if (!Array.isArray(input.events) || input.events.length === 0) {\n throw new NeetruError('validation_failed', 'events deve ter pelo menos 1 evento');\n }\n for (const ev of input.events) {\n if (!VALID_EVENTS.includes(ev)) {\n throw new NeetruError('validation_failed', `evento desconhecido: ${ev}`);\n }\n }\n if (input.secret !== undefined && input.secret.length < 16) {\n throw new NeetruError('validation_failed', 'secret deve ter ≥16 chars (recomendado 32+)');\n }\n}\n\nexport function createWebhooksNamespace(config: ResolvedConfig): WebhooksNamespace {\n return {\n async register(input) {\n validateInput(input);\n const raw = await httpRequest<unknown>(config, {\n method: 'POST',\n path: '/api/sdk/v1/webhooks',\n body: input,\n requireAuth: true,\n });\n return toEndpoint(raw);\n },\n async list() {\n const raw = await httpRequest<{ endpoints?: unknown[] }>(config, {\n method: 'GET',\n path: '/api/sdk/v1/webhooks',\n requireAuth: true,\n });\n const list = Array.isArray(raw?.endpoints) ? raw.endpoints : [];\n return list.map(toEndpoint);\n },\n async unregister(id) {\n if (!id) throw new NeetruError('validation_failed', 'id obrigatório');\n await httpRequest<unknown>(config, {\n method: 'DELETE',\n path: `/api/sdk/v1/webhooks/${encodeURIComponent(id)}`,\n requireAuth: true,\n });\n return { ok: true };\n },\n async test(id) {\n if (!id) throw new NeetruError('validation_failed', 'id obrigatório');\n const raw = await httpRequest<unknown>(config, {\n method: 'POST',\n path: `/api/sdk/v1/webhooks/${encodeURIComponent(id)}/test`,\n requireAuth: true,\n });\n if (!raw || typeof raw !== 'object') {\n return { ok: false, error: 'invalid response' };\n }\n const r = raw as Record<string, unknown>;\n return {\n ok: r.ok === true,\n statusCode: typeof r.statusCode === 'number' ? r.statusCode : undefined,\n durationMs: typeof r.durationMs === 'number' ? r.durationMs : undefined,\n error: typeof r.error === 'string' ? r.error : undefined,\n };\n },\n };\n}\n\n// ─── Mock impl (dev / tests) ────────────────────────────────────────────────\n\nexport class MockWebhooks implements WebhooksNamespace {\n private endpoints = new Map<string, WebhookEndpoint>();\n private nextId = 1;\n\n async register(input: RegisterWebhookInput): Promise<WebhookEndpoint> {\n validateInput(input);\n const id = `mock_wh_${this.nextId++}`;\n const endpoint: WebhookEndpoint = {\n id,\n url: input.url,\n events: input.events,\n hasSecret: !!input.secret,\n status: 'active',\n createdAt: new Date().toISOString(),\n };\n this.endpoints.set(id, endpoint);\n return endpoint;\n }\n\n async list(): Promise<WebhookEndpoint[]> {\n return [...this.endpoints.values()];\n }\n\n async unregister(id: string): Promise<{ ok: true }> {\n if (!this.endpoints.has(id)) {\n throw new NeetruError('not_found', `Webhook ${id} não encontrado`);\n }\n this.endpoints.delete(id);\n return { ok: true };\n }\n\n async test(id: string): Promise<WebhookTestResult> {\n if (!this.endpoints.has(id)) {\n throw new NeetruError('not_found', `Webhook ${id} não encontrado`);\n }\n return { ok: true, statusCode: 200, durationMs: 42 };\n }\n}\n"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@neetru/sdk",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "Neetru SDK 1.1 — biblioteca runtime estável para consumir o ecossistema Neetru (auth OIDC, catalog, entitlements, telemetry, usage metering, support tickets, datastore, checkout).",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -66,13 +66,25 @@
       "types": "./dist/react.d.ts",
       "import": "./dist/react.mjs",
       "require": "./dist/react.cjs"
+    },
+    "./webhooks": {
+      "types": "./dist/webhooks.d.ts",
+      "import": "./dist/webhooks.mjs",
+      "require": "./dist/webhooks.cjs"
+    },
+    "./notifications": {
+      "types": "./dist/notifications.d.ts",
+      "import": "./dist/notifications.mjs",
+      "require": "./dist/notifications.cjs"
     }
   },
   "peerDependencies": {
     "react": "^18.0.0 || ^19.0.0"
   },
   "peerDependenciesMeta": {
-    "react": { "optional": true }
+    "react": {
+      "optional": true
+    }
   },
   "sideEffects": false,
   "scripts": {
@@ -82,14 +94,18 @@
     "lint": "tsc --noEmit",
     "docs:gen": "typedoc --options scripts/typedoc.config.json"
   },
-  "files": ["dist", "README.md", "CHANGELOG.md"],
+  "files": [
+    "dist",
+    "README.md",
+    "CHANGELOG.md"
+  ],
   "engines": {
-    "node": ">=18"
+    "node": ">=20"
   },
   "license": "UNLICENSED",
   "devDependencies": {
     "tsup": "^8.3.5",
-    "typedoc": "^0.26.0",
-    "typescript": "^5.7.0"
+    "typedoc": "^0.28.19",
+    "typescript": "^5.9.3"
   }
 }