@neetru/sdk 3.1.2 → 3.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +56 -5
- package/dist/auth.cjs +255 -18
- package/dist/auth.cjs.map +1 -1
- package/dist/auth.d.cts +1 -1
- package/dist/auth.d.ts +1 -1
- package/dist/auth.mjs +255 -18
- package/dist/auth.mjs.map +1 -1
- package/dist/catalog.cjs.map +1 -1
- package/dist/catalog.d.cts +1 -1
- package/dist/catalog.d.ts +1 -1
- package/dist/catalog.mjs.map +1 -1
- package/dist/checkout.cjs +22 -7
- package/dist/checkout.cjs.map +1 -1
- package/dist/checkout.d.cts +1 -1
- package/dist/checkout.d.ts +1 -1
- package/dist/checkout.mjs +22 -7
- package/dist/checkout.mjs.map +1 -1
- package/dist/db-react.d.cts +1 -1
- package/dist/db-react.d.ts +1 -1
- package/dist/db.cjs +59 -3
- package/dist/db.cjs.map +1 -1
- package/dist/db.d.cts +1 -1
- package/dist/db.d.ts +1 -1
- package/dist/db.mjs +59 -3
- package/dist/db.mjs.map +1 -1
- package/dist/entitlements.cjs.map +1 -1
- package/dist/entitlements.d.cts +1 -1
- package/dist/entitlements.d.ts +1 -1
- package/dist/entitlements.mjs.map +1 -1
- package/dist/errors.cjs.map +1 -1
- package/dist/errors.d.cts +11 -6
- package/dist/errors.d.ts +11 -6
- package/dist/errors.mjs.map +1 -1
- package/dist/firestore-compat.d.cts +1 -1
- package/dist/firestore-compat.d.ts +1 -1
- package/dist/index.cjs +267 -22
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +2 -2
- package/dist/index.d.ts +2 -2
- package/dist/index.mjs +267 -22
- package/dist/index.mjs.map +1 -1
- package/dist/mocks.cjs +25 -0
- package/dist/mocks.cjs.map +1 -1
- package/dist/mocks.d.cts +18 -1
- package/dist/mocks.d.ts +18 -1
- package/dist/mocks.mjs +25 -0
- package/dist/mocks.mjs.map +1 -1
- package/dist/notifications.cjs.map +1 -1
- package/dist/notifications.d.cts +1 -1
- package/dist/notifications.d.ts +1 -1
- package/dist/notifications.mjs.map +1 -1
- package/dist/react.d.cts +1 -1
- package/dist/react.d.ts +1 -1
- package/dist/support.cjs.map +1 -1
- package/dist/support.d.cts +1 -1
- package/dist/support.d.ts +1 -1
- package/dist/support.mjs.map +1 -1
- package/dist/telemetry.cjs +2 -1
- package/dist/telemetry.cjs.map +1 -1
- package/dist/telemetry.d.cts +1 -1
- package/dist/telemetry.d.ts +1 -1
- package/dist/telemetry.mjs +2 -1
- package/dist/telemetry.mjs.map +1 -1
- package/dist/{types-B3XFHD4A.d.ts → types-CRIIjqzC.d.ts} +105 -12
- package/dist/{types-DePdSU3P.d.cts → types-DvMdYbfV.d.cts} +105 -12
- package/dist/usage.cjs.map +1 -1
- package/dist/usage.d.cts +1 -1
- package/dist/usage.d.ts +1 -1
- package/dist/usage.mjs.map +1 -1
- package/dist/webhooks.cjs +11 -3
- package/dist/webhooks.cjs.map +1 -1
- package/dist/webhooks.d.cts +1 -1
- package/dist/webhooks.d.ts +1 -1
- package/dist/webhooks.mjs +11 -3
- package/dist/webhooks.mjs.map +1 -1
- package/package.json +1 -1
package/dist/telemetry.mjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../src/errors.ts","../src/idempotency.ts","../src/http.ts","../src/telemetry.ts"],"names":["err","message"],"mappings":";AAwCO,IAAM,WAAA,GAAN,MAAM,YAAA,SAAoB,KAAA,CAAM;AAAA,EACrB,IAAA;AAAA,EACA,MAAA;AAAA,EACA,SAAA;AAAA,EAEhB,WAAA,CACE,IAAA,EACA,OAAA,EACA,MAAA,EACA,SAAA,EACA;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,aAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AAEjB,IAAA,MAAA,CAAO,cAAA,CAAe,IAAA,EAAM,YAAA,CAAY,SAAS,CAAA;AAAA,EACnD;AACF,CAAA;;;ACzBO,SAAS,sBAAA,GAAiC;AAG/C,EAAA,MAAM,YACJ,OAAO,UAAA,KAAe,eAAe,QAAA,IAAY,UAAA,GAC5C,WAA0D,MAAA,GAC3D,MAAA;AACN,EAAA,IAAI,SAAA,IAAa,OAAO,SAAA,CAAU,UAAA,KAAe,UAAA,EAAY;AAC3D,IAAA,OAAO,UAAU,UAAA,EAAW;AAAA,EAC9B;AACA,EAAA,MAAM,IAAI,WAAA;AAAA,IACR,qBAAA;AAAA,IACA;AAAA,GACF;AACF;;;ACJA,IAAM,aAAA,GAAwC;AAAA;AAAA;AAAA,EAG5C,CAAA,EAAG;AACL,CAAA;AAGA,SAAS,cAAc,CAAA,EAAmB;AACxC,EAAA,OAAO,CAAA,CAAE,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,IAAK,CAAA;AAC5B;AAMA,SAAS,aAAA,CAAc,GAAW,CAAA,EAAmB;AACnD,EAAA,MAAM,MAAA,GAAS,cAAc,CAAC,CAAA,CAAE,MAAM,GAAG,CAAA,CAAE,IAAI,MAAM,CAAA;AACrD,EAAA,MAAM,MAAA,GAAS,cAAc,CAAC,CAAA,CAAE,MAAM,GAAG,CAAA,CAAE,IAAI,MAAM,CAAA;AACrD,EAAA,MAAM,MAAM,IAAA,CAAK,GAAA,CAAI,MAAA,CAAO,MAAA,EAAQ,OAAO,MAAM,CAAA;AACjD,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,GAAA,EAAK,CAAA,EAAA,EAAK;AAC5B,IAAA,MAAM,EAAA,GAAK,MAAA,CAAO,CAAC,CAAA,IAAK,CAAA;AACxB,IAAA,MAAM,EAAA,GAAK,MAAA,CAAO,CAAC,CAAA,IAAK,CAAA;AACxB,IAAA,IAAI,EAAA,KAAO,EAAA,EAAI,OAAO,EAAA,GAAK,EAAA;AAAA,EAC7B;AACA,EAAA,OAAO,CAAA;AACT;AAGA,SAAS,WAAA,GAAsB;AAC7B,EAAA,IAAI;AAIF,IAAA,MAAM,MAAO,UAAA,CAAmB,sBAAA;AAChC,IAAA,IAAI,GAAA,EAAK,OAAO,QAAA,CAAS,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,IAAK,GAAA,EAAK,EAAE,CAAA;AAAA,EACvD,CAAA,CAAA,MAAQ;AAAA,EAER;AACA,EAAA,OAAO,CAAA;AACT;AAGA,IAAM,iBAAA,uBAAwB,GAAA,EAAY;AAMnC,SAAS,uBAAuB,WAAA,EAA2B;AAChE,EAAA,IAAI,CAAC,WAAA,EAAa;AAClB,EAAA,MAAM,WAAW,WAAA,EAAY;AAC7B,EAAA,MAAM,OAAA,GAAU,cAAc,QAAQ,CAAA;AACtC,EAAA,IAAI,CAAC,OAAA,EAAS;AACd,EAAA,MAAM,QAAA,GAAW,cAAc,WAAW,CAAA;AAC1C,EAAA,IAAI,aAAA,CAAc,QAAA,EAAU,OAAO,CAAA,GAAI,CAAA,EAAG;AACxC,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA;AACnC,IAAA,IAAI,CAAC,iBAAA,CAAkB,GAAA,CAAI,GAAG,CAAA,EAAG;AAC/B,MAAA,iBAAA,CAAkB,IAAI,GAAG,CAAA;AACzB,MAAA,OAAA,CAAQ,IAAA;AAAA,QACN,CAAA,4CAAA,EAAsC,WAAW,CAAA,0CAAA,EAC1C,OAAO,oBAAoB,QAAQ,CAAA,qGAAA;AAAA,OAE5C;AAAA,IACF;AAAA,EACF;AACF;AAsCA,IAAM,oBAAA,GAAuB,CAAA;AAC7B,IAAM,qBAAA,GAAwB,CAAA;AAC9B,IAAM,+BAAe,IAAI,GAAA,CAAI,CAAC,KAAA,EAAO,MAAM,CAAC,CAAA;AAC5C,IAAM,eAAA,uBAAsB,GAAA,CAAqB;AAAA,EAC/C,cAAA;AAAA,EACA,cAAA;AAAA,EACA;AACF,CAAC,CAAA;AAGD,SAAS,UAAU,OAAA,EAAyB;AAC1C,EAAA,MAAM,IAAA,GAAO,GAAA,GAAM,IAAA,CAAK,GAAA,CAAI,GAAG,OAAO,CAAA;AACtC,EAAA,MAAM,SAAS,IAAA,GAAO,GAAA,IAAO,IAAA,CAAK,MAAA,KAAW,CAAA,GAAI,CAAA,CAAA;AACjD,EAAA,OAAO,KAAK,GAAA,CAAI,EAAA,EAAI,KAAK,KAAA,CAAM,IAAA,GAAO,MAAM,CAAC,CAAA;AAC/C;AAUA,IAAM,kBAAA,GAAqB,GAAA;AAE3B,SAAS,gBAAgB,KAAA,EAAqC;AAC5D,EAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AACnB,EAAA,MAAM,IAAA,GAAO,OAAO,KAAK,CAAA;AACzB,EAAA,IAAI,MAAA,CAAO,QAAA,CAAS,IAAI,CAAA,IAAK,QAAQ,CAAA,EAAG,OAAO,IAAA,CAAK,GAAA,CAAI,IAAA,CAAK,KAAA,CAAM,IAAA,GAAO,GAAI,GAAG,kBAAkB,CAAA;AACnG,EAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,KAAK,CAAA;AAC/B,EAAA,IAAI,MAAA,CAAO,QAAA,CAAS,MAAM,CAAA,EAAG;AAC3B,IAAA,MAAM,KAAA,GAAQ,MAAA,GAAS,IAAA,CAAK,GAAA,EAAI;AAChC,IAAA,IAAI,QAAQ,CAAA,EAAG,OAAO,IAAA,CAAK,GAAA,CAAI,OAAO,kBAAkB,CAAA;AAAA,EAC1D;AACA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,MAAM,EAAA,EAA2B;AACxC,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,EAAE,CAAC,CAAA;AACzD;AAGA,SAAS,aAAa,MAAA,EAAiC;AACrD,EAAA,IAAI,MAAA,KAAW,KAAK,OAAO,cAAA;AAC3B,EAAA,IAAI,MAAA,KAAW,KAAK,OAAO,WAAA;AAC3B,EAAA,IAAI,MAAA,KAAW,KAAK,OAAO,WAAA;AAC3B,EAAA,IAAI,MAAA,KAAW,KAAK,OAAO,UAAA;AAC3B,EAAA,IAAI,MAAA,KAAW,GAAA,IAAO,MAAA,KAAW,GAAA,EAAK,OAAO,mBAAA;AAC7C,EAAA,IAAI,MAAA,KAAW,KAAK,OAAO,cAAA;AAC3B,EAAA,IAAI,MAAA,IAAU,KAAK,OAAO,cAAA;AAC1B,EAAA,OAAO,SAAA;AACT;AAEA,SAAS,QAAA,CAAS,OAAA,EAAiB,IAAA,EAAc,KAAA,EAA6C;AAE5F,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAA;AACvC,EAAA,MAAM,IAAI,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA,GAAI,IAAA,GAAO,IAAI,IAAI,CAAA,CAAA;AAChD,EAAA,MAAM,MAAM,IAAI,GAAA,CAAI,GAAG,IAAI,CAAA,EAAG,CAAC,CAAA,CAAE,CAAA;AACjC,EAAA,IAAI,KAAA,EAAO;AACT,IAAA,KAAA,MAAW,CAAC,CAAA,EAAG,CAAC,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AAC1C,MAAA,IAAI,MAAM,MAAA,EAAW;AACrB,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,CAAA,EAAG,MAAA,CAAO,CAAC,CAAC,CAAA;AAAA,IACnC;AAAA,EACF;AACA,EAAA,OAAO,IAAI,QAAA,EAAS;AACtB;AAGA,eAAe,SAAS,GAAA,EAAiC;AACvD,EAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,EAAK;AAC5B,EAAA,IAAI,CAAC,MAAM,OAAO,MAAA;AAClB,EAAA,IAAI;AACF,IAAA,OAAO,IAAA,CAAK,MAAM,IAAI,CAAA;AAAA,EACxB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,MAAA;AAAA,EACT;AACF;AAQA,eAAsB,WAAA,CACpB,QACA,IAAA,EACY;AACZ,EAAA,MAAM,MAAA,GAAS,KAAK,MAAA,IAAU,KAAA;AAC9B,EAAA,MAAM,MAAM,QAAA,CAAS,MAAA,CAAO,SAAS,IAAA,CAAK,IAAA,EAAM,KAAK,KAAK,CAAA;AAE1D,EAAA,MAAM,cAAA,GAAiB,YAAA,CAAa,GAAA,CAAI,MAAM,IAC1C,oBAAA,GACA,qBAAA;AACJ,EAAA,MAAM,UAAA,GAAa,KAAK,OAAA,IAAW,cAAA;AAEnC,EAAA,MAAM,OAAA,GAAkC;AAAA,IACtC,MAAA,EAAQ,kBAAA;AAAA,IACR,GAAG,IAAA,CAAK;AAAA,GACV;AAEA,EAAA,IAAI,KAAK,WAAA,EAAa;AACpB,IAAA,IAAI,CAAC,OAAO,MAAA,EAAQ;AAClB,MAAA,MAAM,IAAI,WAAA;AAAA,QACR,iBAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF;AACA,IAAA,OAAA,CAAQ,aAAA,GAAgB,CAAA,OAAA,EAAU,MAAA,CAAO,MAAM,CAAA,CAAA;AAAA,EACjD;AAGA,EAAA,IAAI,KAAK,cAAA,EAAgB;AACvB,IAAA,MAAM,MACJ,OAAO,IAAA,CAAK,mBAAmB,QAAA,GAC3B,IAAA,CAAK,iBACL,sBAAA,EAAuB;AAC7B,IAAA,OAAA,CAAQ,iBAAiB,CAAA,GAAI,GAAA;AAAA,EAC/B;AAGA,EAAA,MAAM,UAAA,GACJ,IAAA,CAAK,IAAA,KAAS,MAAA,IAAa,MAAA,KAAW,KAAA,IAAS,MAAA,KAAW,QAAA,GACtD,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,IAAI,CAAA,GACxB,MAAA;AACN,EAAA,IAAI,eAAe,MAAA,EAAW;AAC5B,IAAA,OAAA,CAAQ,cAAc,CAAA,GAAI,kBAAA;AAAA,EAC5B;AAEA,EAAA,IAAI,SAAA,GAAgC,IAAA;AAEpC,EAAA,KAAA,IAAS,OAAA,GAAU,CAAA,EAAG,OAAA,IAAW,UAAA,EAAY,OAAA,EAAA,EAAW;AACtD,IAAA,MAAM,IAAA,GAAoB,EAAE,MAAA,EAAQ,OAAA,EAAQ;AAC5C,IAAA,IAAI,UAAA,KAAe,MAAA,EAAW,IAAA,CAAK,IAAA,GAAO,UAAA;AAG1C,IAAA,IAAA,CAAK,MAAA,GAAS,WAAA,CAAY,OAAA,CAAQ,GAAM,CAAA;AAExC,IAAA,IAAI,GAAA;AACJ,IAAA,IAAI;AACF,MAAA,GAAA,GAAM,MAAM,MAAA,CAAO,KAAA,CAAM,GAAA,EAAK,IAAI,CAAA;AAAA,IACpC,SAASA,IAAAA,EAAK;AACZ,MAAA,MAAMC,QAAAA,GACJD,IAAAA,YAAe,YAAA,IAAgBA,IAAAA,CAAI,IAAA,KAAS,cAAA,GACxC,kCAAA,GACA,CAAA,eAAA,EAAkBA,IAAAA,YAAe,KAAA,GAAQA,IAAAA,CAAI,OAAA,GAAU,cAAc,CAAA,CAAA;AAC3E,MAAA,SAAA,GAAY,IAAI,WAAA,CAAY,eAAA,EAAiBC,QAAO,CAAA;AACpD,MAAA,IAAI,UAAU,UAAA,EAAY;AACxB,QAAA,MAAM,KAAA,CAAM,SAAA,CAAU,OAAO,CAAC,CAAA;AAC9B,QAAA;AAAA,MACF;AACA,MAAA,MAAM,SAAA;AAAA,IACR;AAEA,IAAA,MAAM,SAAA,GACJ,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,cAAc,KAAK,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,kBAAkB,CAAA,IAAK,MAAA;AAE5E,IAAA,IAAI,IAAI,EAAA,EAAI;AAEV,MAAA,MAAM,WAAA,GAAc,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,kBAAkB,CAAA;AACtD,MAAA,IAAI,WAAA,yBAAoC,WAAW,CAAA;AACnD,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,GAAG,CAAA;AACjC,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,MAAM,IAAA,GAAQ,MAAM,QAAA,CAAS,GAAG,CAAA;AAGhC,IAAA,IAAI,IAAA,GAAe,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AAC1C,IAAA,IAAI,OAAA,GAAU,CAAA,KAAA,EAAQ,GAAA,CAAI,MAAM,CAAA,CAAA;AAChC,IAAA,IAAI,IAAA,IAAQ,OAAO,IAAA,KAAS,QAAA,IAAY,WAAW,IAAA,EAAM;AACvD,MAAA,MAAM,WAAW,IAAA,CAAK,KAAA;AACtB,MAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,QAAA,OAAA,GAAU,QAAA;AAAA,MACZ,CAAA,MAAA,IAAW,QAAA,IAAY,OAAO,QAAA,KAAa,QAAA,EAAU;AACnD,QAAA,IAAI,OAAO,QAAA,CAAS,IAAA,KAAS,QAAA,SAAiB,QAAA,CAAS,IAAA;AACvD,QAAA,IAAI,OAAO,QAAA,CAAS,OAAA,KAAY,QAAA,YAAoB,QAAA,CAAS,OAAA;AAAA,MAC/D;AAAA,IACF;AACA,IAAA,MAAM,MAAM,IAAI,WAAA,CAAY,MAAM,OAAA,EAAS,GAAA,CAAI,QAAQ,SAAS,CAAA;AAChE,IAAA,SAAA,GAAY,GAAA;AAEZ,IAAA,MAAM,WAAA,GAAc,eAAA,CAAgB,GAAA,CAAI,IAAuB,CAAA;AAC/D,IAAA,IAAI,WAAA,IAAe,UAAU,UAAA,EAAY;AACvC,MAAA,MAAM,aAAa,eAAA,CAAgB,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,aAAa,CAAC,CAAA;AACjE,MAAA,MAAM,KAAA,GAAQ,UAAA,IAAc,SAAA,CAAU,OAAO,CAAA;AAC7C,MAAA,MAAM,MAAM,KAAK,CAAA;AACjB,MAAA;AAAA,IACF;AACA,IAAA,MAAM,GAAA;AAAA,EACR;AAGA,EAAA,MAAM,SAAA,IAAa,IAAI,WAAA,CAAY,SAAA,EAAW,6BAA6B,CAAA;AAC7E;;;ACpTA,IAAM,mBAAiD,CAAC,OAAA,EAAS,MAAA,EAAQ,MAAA,EAAQ,SAAS,OAAO,CAAA;AAEjG,SAAS,WAAW,KAAA,EAA+E;AACjG,EAAA,QAAQ,KAAA;AAAO,IACb,KAAK,OAAA;AAAS,MAAA,OAAO,OAAA,CAAQ,KAAA,CAAM,IAAA,CAAK,OAAO,CAAA;AAAA,IAC/C,KAAK,MAAA;AAAQ,MAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,IAAA,CAAK,OAAO,CAAA;AAAA,IAC7C,KAAK,MAAA;AAAQ,MAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,IAAA,CAAK,OAAO,CAAA;AAAA,IAC7C,KAAK,OAAA;AAAS,MAAA,OAAO,OAAA,CAAQ,KAAA,CAAM,IAAA,CAAK,OAAO,CAAA;AAAA,IAC/C,KAAK,OAAA;AAAS,MAAA,OAAO,OAAA,CAAQ,KAAA,CAAM,IAAA,CAAK,OAAO,CAAA;AAAA,IAC/C;AAAS,MAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,IAAA,CAAK,OAAO,CAAA;AAAA;AAE5C;AAGA,IAAM,cAAA,GAAiB,GAAA;AAEvB,IAAM,eAAA,GAAkB,EAAA;AAEjB,SAAS,yBAAyB,MAAA,EAAwB;AAE/D,EAAA,MAAM,QAA+B,EAAC;AACtC,EAAA,IAAI,UAAA,GAAmD,IAAA;AAEvD,EAAA,IAAI,cAAA,GAAuC,IAAA;AAE3C,EAAA,eAAe,UAAA,GAA4B;AACzC,IAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AAGxB,IAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,MAAA,CAAO,CAAA,EAAG,MAAM,MAAM,CAAA;AAK1C,IAAA,MAAM,OAAO,OAAA,CAAQ,UAAA;AAAA,MACnB,KAAA,CAAM,GAAA,CAAI,OAAO,EAAA,KAAO;AACtB,QAAA,IAAI;AACF,UAAA,MAAM,IAAA,GAAgC,EAAE,IAAA,EAAM,EAAA,CAAG,IAAA,EAAK;AACtD,UAAA,IAAI,EAAA,CAAG,UAAA,IAAc,OAAO,EAAA,CAAG,eAAe,QAAA,EAAU;AACtD,YAAA,IAAA,CAAK,aAAa,EAAA,CAAG,UAAA;AAAA,UACvB;AACA,UAAA,IAAI,EAAA,CAAG,SAAA,EAAW,IAAA,CAAK,SAAA,GAAY,EAAA,CAAG,SAAA;AACtC,UAAA,MAAM,YAA6B,MAAA,EAAQ;AAAA,YACzC,MAAA,EAAQ,MAAA;AAAA,YACR,IAAA,EAAM,6BAAA;AAAA,YACN,IAAA;AAAA,YACA,WAAA,EAAa,IAAA;AAAA,YACb,OAAA,EAAS;AAAA,WACV,CAAA;AAAA,QACH,SAAS,GAAA,EAAK;AACZ,UAAA,IAAI,OAAO,YAAY,WAAA,EAAa;AAClC,YAAA,OAAA,CAAQ,IAAA,CAAK,qDAAA,EAAuD,EAAA,CAAG,IAAA,EAAM,GAAG,CAAA;AAAA,UAClF;AAAA,QACF;AAAA,MACF,CAAC;AAAA,KACH;AAEA,IAAA,cAAA,GAAiB,IAAA,CAAK,KAAK,MAAM;AAAE,MAAA,cAAA,GAAiB,IAAA;AAAA,IAAM,CAAC,CAAA;AAM3D,IAAA,MAAM,IAAA;AACN,IAAA,UAAA,GAAa,IAAA;AAEb,IAAA,IAAI,KAAA,CAAM,SAAS,CAAA,EAAG;AACpB,MAAA,aAAA,EAAc;AAAA,IAChB;AAAA,EACF;AAEA,EAAA,SAAS,aAAA,GAAsB;AAC7B,IAAA,IAAI,UAAA,EAAY;AAChB,IAAA,UAAA,GAAa,WAAW,MAAM;AAC5B,MAAA,KAAK,UAAA,EAAW;AAAA,IAClB,GAAG,cAAc,CAAA;AAAA,EACnB;AAEA,EAAA,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAaL,MAAM,MAAM,KAAA,EAAwD;AAClE,MAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,QAAA,MAAM,IAAI,WAAA,CAAY,mBAAA,EAAqB,yBAAyB,CAAA;AAAA,MACtE;AACA,MAAA,IAAI,OAAO,KAAA,CAAM,IAAA,KAAS,YAAY,KAAA,CAAM,IAAA,CAAK,WAAW,CAAA,EAAG;AAC7D,QAAA,MAAM,IAAI,WAAA,CAAY,mBAAA,EAAqB,wBAAwB,CAAA;AAAA,MACrE;AACA,MAAA,IAAI,KAAA,CAAM,IAAA,CAAK,MAAA,GAAS,GAAA,EAAK;AAC3B,QAAA,MAAM,IAAI,WAAA,CAAY,mBAAA,EAAqB,0BAA0B,CAAA;AAAA,MACvE;AAEA,MAAA,MAAM,IAAA,GAAgC,EAAE,IAAA,EAAM,KAAA,CAAM,IAAA,EAAK;AACzD,MAAA,IAAI,KAAA,CAAM,UAAA,IAAc,OAAO,KAAA,CAAM,eAAe,QAAA,EAAU;AAC5D,QAAA,IAAA,CAAK,aAAa,KAAA,CAAM,UAAA;AAAA,MAC1B;AACA,MAAA,IAAI,KAAA,CAAM,SAAA,EAAW,IAAA,CAAK,SAAA,GAAY,KAAA,CAAM,SAAA;AAE5C,MAAA,MAAM,GAAA,GAAM,MAAM,WAAA,CAA6B,MAAA,EAAQ;AAAA,QACrD,MAAA,EAAQ,MAAA;AAAA,QACR,IAAA,EAAM,6BAAA;AAAA,QACN,IAAA;AAAA,QACA,WAAA,EAAa;AAAA,OACd,CAAA;AAED,MAAA,IAAI,CAAC,OAAO,GAAA,CAAI,EAAA,KAAO,QAAQ,OAAO,GAAA,CAAI,YAAY,QAAA,EAAU;AAC9D,QAAA,MAAM,IAAI,WAAA,CAAY,kBAAA,EAAoB,oCAAoC,CAAA;AAAA,MAChF;AACA,MAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,OAAA,EAAS,IAAI,OAAA,EAAQ;AAAA,IAC1C,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAYA,MAAM,KAAA,EAAkC;AACtC,MAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACzC,MAAA,IAAI,OAAO,KAAA,CAAM,IAAA,KAAS,YAAY,KAAA,CAAM,IAAA,CAAK,WAAW,CAAA,EAAG;AAC/D,MAAA,IAAI,KAAA,CAAM,IAAA,CAAK,MAAA,GAAS,GAAA,EAAK;AAC7B,MAAA,KAAA,CAAM,KAAK,KAAK,CAAA;AAChB,MAAA,IAAI,KAAA,CAAM,UAAU,eAAA,EAAiB;AAEnC,QAAA,IAAI,UAAA,EAAY;AAAE,UAAA,YAAA,CAAa,UAAU,CAAA;AAAG,UAAA,UAAA,GAAa,IAAA;AAAA,QAAM;AAC/D,QAAA,KAAK,UAAA,EAAW;AAAA,MAClB,CAAA,MAAO;AACL,QAAA,aAAA,EAAc;AAAA,MAChB;AAAA,IACF,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,KAAA,GAAuB;AAC3B,MAAA,IAAI,UAAA,EAAY;AACd,QAAA,YAAA,CAAa,UAAU,CAAA;AACvB,QAAA,UAAA,GAAa,IAAA;AAAA,MACf;AAEA,MAAA,IAAI,gBAAgB,MAAM,cAAA;AAC1B,MAAA,MAAM,UAAA,EAAW;AAAA,IACnB,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAiBA,MAAM,IAAI,KAAA,EAAoD;AAC5D,MAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,QAAA,MAAM,IAAI,WAAA,CAAY,mBAAA,EAAqB,uBAAuB,CAAA;AAAA,MACpE;AACA,MAAA,IAAI,CAAC,gBAAA,CAAiB,QAAA,CAAS,KAAA,CAAM,KAAK,CAAA,EAAG;AAC3C,QAAA,MAAM,IAAI,YAAY,mBAAA,EAAqB,CAAA,qBAAA,EAAwB,iBAAiB,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,CAAA;AAAA,MAClG;AACA,MAAA,IAAI,OAAO,KAAA,CAAM,OAAA,KAAY,YAAY,KAAA,CAAM,OAAA,CAAQ,WAAW,CAAA,EAAG;AACnE,QAAA,MAAM,IAAI,WAAA,CAAY,mBAAA,EAAqB,qBAAqB,CAAA;AAAA,MAClE;AACA,MAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,MAAA,GAAS,GAAA,EAAO;AAChC,QAAA,MAAM,IAAI,WAAA,CAAY,mBAAA,EAAqB,wBAAwB,CAAA;AAAA,MACrE;AAGA,MAAA,IAAI,MAAA,CAAO,QAAQ,KAAA,EAAO;AACxB,QAAA,MAAM,EAAA,GAAK,UAAA,CAAW,KAAA,CAAM,KAAK,CAAA;AACjC,QAAA,EAAA,CAAG,CAAA,aAAA,EAAgB,KAAA,CAAM,KAAK,CAAA,EAAA,EAAK,KAAA,CAAM,OAAO,CAAA,CAAA,EAAI,KAAA,CAAM,QAAA,IAAY,EAAE,CAAA;AACxE,QAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,IAAA,EAAM,MAAA,EAAO;AAAA,MAClC;AAEA,MAAA,MAAM,IAAA,GAAgC;AAAA,QACpC,OAAO,KAAA,CAAM,KAAA;AAAA,QACb,SAAS,KAAA,CAAM;AAAA,OACjB;AACA,MAAA,IAAI,KAAA,CAAM,QAAA,EAAU,IAAA,CAAK,QAAA,GAAW,KAAA,CAAM,QAAA;AAC1C,MAAA,IAAI,KAAA,CAAM,WAAA,EAAa,IAAA,CAAK,WAAA,GAAc,KAAA,CAAM,WAAA;AAIhD,MAAA,IAAI,MAAM,KAAA,CAAM,aAAA;AAChB,MAAA,IAAI,CAAC,GAAA,EAAK;AACR,QAAA,IAAI;AAEF,UAAA,MAAM,IAAK,UAAA,CAAmB,qBAAA;AAC9B,UAAA,IAAI,OAAO,CAAA,KAAM,QAAA,IAAY,CAAA,CAAE,MAAA,GAAS,GAAG,GAAA,GAAM,CAAA;AAAA,QACnD,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAEA,MAAA,MAAM,UAAkC,EAAC;AACzC,MAAA,IAAI,GAAA,EAAK,OAAA,CAAQ,kBAAkB,CAAA,GAAI,GAAA;AAEvC,MAAA,MAAM,GAAA,GAAM,MAAM,WAAA,CAAuB,MAAA,EAAQ;AAAA,QAC/C,MAAA,EAAQ,MAAA;AAAA,QACR,IAAA,EAAM,2BAAA;AAAA,QACN,IAAA;AAAA,QACA,WAAA,EAAa,IAAA;AAAA,QACb;AAAA,OACD,CAAA;AAED,MAAA,IAAI,CAAC,GAAA,IAAO,GAAA,CAAI,EAAA,KAAO,IAAA,EAAM;AAC3B,QAAA,MAAM,IAAI,WAAA,CAAY,kBAAA,EAAoB,mCAAmC,CAAA;AAAA,MAC/E;AACA,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,IAAA;AAAA,QACJ,OAAO,OAAO,GAAA,CAAI,KAAA,KAAU,QAAA,GAAW,IAAI,KAAA,GAAQ,MAAA;AAAA,QACnD,IAAA,EAAM;AAAA,OACR;AAAA,IACF;AAAA,GACF;AACF","file":"telemetry.mjs","sourcesContent":["/**\r\n * Erros tipados do SDK.\r\n *\r\n * Todo erro lançado pelo SDK estende `NeetruError` — caller pode discriminar\r\n * por `.code` (string estável) sem parsing de message.\r\n */\r\n\r\n/** Códigos de erro estáveis do SDK. Adicionar aqui requer minor bump. */\r\nexport type NeetruErrorCode =\r\n | 'invalid_config'\r\n | 'missing_api_key'\r\n | 'unauthorized'\r\n | 'forbidden'\r\n | 'not_found'\r\n | 'rate_limited'\r\n | 'validation_failed'\r\n | 'network_error'\r\n | 'invalid_response'\r\n | 'server_error'\r\n | 'token_expired'\r\n | 'token_invalid_signature'\r\n | 'token_invalid_audience'\r\n | 'token_invalid_issuer'\r\n /** 3.0: runtime não expõe API necessária (ex: WebCrypto ausente). */\r\n | 'runtime_unsupported'\r\n /** HTTP 409 — colisão de idempotência ou conflito de recurso. */\r\n | 'conflict'\r\n | 'unknown';\r\n\r\n/**\r\n * Erro tipado padrão do SDK. Sempre lançado em vez de Error genérico.\r\n *\r\n * @example\r\n * ```ts\r\n * try { await client.catalog.list(); }\r\n * catch (e) {\r\n * if (e instanceof NeetruError && e.code === 'rate_limited') retry();\r\n * }\r\n * ```\r\n */\r\nexport class NeetruError extends Error {\r\n public readonly code: NeetruErrorCode | string;\r\n public readonly status?: number;\r\n public readonly requestId?: string;\r\n\r\n constructor(\r\n code: NeetruErrorCode | string,\r\n message: string,\r\n status?: number,\r\n requestId?: string,\r\n ) {\r\n super(message);\r\n this.name = 'NeetruError';\r\n this.code = code;\r\n this.status = status;\r\n this.requestId = requestId;\r\n // Preserva o prototype chain ao herdar de Error (downlevel quirk de TS).\r\n Object.setPrototypeOf(this, NeetruError.prototype);\r\n }\r\n}\r\n","/**\n * Idempotency-Key helper — gera UUID v4 cripto-seguro para identificar\n * mutations não-idempotentes (`usage.report`, `support.createTicket`,\n * `notifications.send`, `webhooks.test`).\n *\n * Estratégia 3.0:\n * - SDK gera UUID v4 por chamada via `randomUUID()` (WebCrypto.subtle não\n * necessário aqui — `crypto.randomUUID()` está em Node 14.17+ e em todos\n * os browsers/Edge runtimes modernos).\n * - Header `Idempotency-Key: <uuid>` é injetado pelo `httpRequest` quando\n * `opts.idempotencyKey === true` OU caller passa explicit `opts.idempotencyKeyValue`.\n * - Core dedup em coleção `usage_idempotency_keys/{key}` TTL 24h (vide\n * `docs/CORE_CHANGES_REQUIRED.md` §2). Se Core ainda não dedupa, o header\n * é benign (ignorado).\n *\n * Defesa em camadas: combinado com `retries: 0` em POSTs (vide http.ts), o\n * risco de double-write em transientes vai pra zero.\n */\nimport { NeetruError } from './errors';\n\n/**\n * Gera UUID v4 criptograficamente seguro. Universal: Node 14.17+, browsers\n * modernos, Edge runtimes (Workers/Vercel Edge/Cloudflare).\n *\n * Fallback puro-JS removido em 3.0 — `crypto.randomUUID()` é ubíquo desde\n * 2022. Se runtime não tem, lança `NeetruError('runtime_unsupported')`\n * (consumer deve polyfillar).\n *\n * **L-01 fix (Opus review 2026-05-27):** antes lançava `Error` cru, que\n * não era pego por `catch (err) { if (err instanceof NeetruError) ... }`\n * dos consumers. Agora throw canonical.\n *\n * @throws NeetruError('runtime_unsupported') se `crypto.randomUUID` não disponível.\n */\nexport function generateIdempotencyKey(): string {\n // WebCrypto (browser/Edge) e Node 14.17+ expõem `crypto.randomUUID()`.\n // Node anterior precisa de `node:crypto` mas SDK 3.0 exige Node ≥20 (vide engines).\n const cryptoObj: { randomUUID?: () => string } | undefined =\n typeof globalThis !== 'undefined' && 'crypto' in globalThis\n ? (globalThis as { crypto?: { randomUUID?: () => string } }).crypto\n : undefined;\n if (cryptoObj && typeof cryptoObj.randomUUID === 'function') {\n return cryptoObj.randomUUID();\n }\n throw new NeetruError(\n 'runtime_unsupported',\n 'crypto.randomUUID not available in this runtime. SDK 3.0 requires Node ≥20 or modern browser/Edge.',\n );\n}\n\n/** Regex UUID v4 — validação para uso interno. */\nexport const UUID_V4_RE =\n /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;\n","/**\r\n * HTTP transport interno do SDK.\r\n *\r\n * Responsabilidades:\r\n * - Construir URL absoluta a partir de `baseUrl` + path\r\n * - Injetar Bearer token quando `requireAuth=true`\r\n * - Mapear status HTTP → `NeetruError` com `code` estável\r\n * - Parse defensivo de JSON (não lança em body vazio em 204)\r\n * - Retry/backoff exponencial em `rate_limited` (429), `server_error` (5xx)\r\n * e `network_error` (timeout/falha de rede). Honra `Retry-After` quando\r\n * presente.\r\n * - **Captura `X-Neetru-Version`** das respostas e emite `console.warn` quando\r\n * o Core está abaixo da versão mínima para a major do SDK.\r\n *\r\n * Política de retries (mudança breaking 3.0):\r\n * - GET/HEAD: default 2 retries (3 tentativas total) — idempotente, seguro.\r\n * - POST/PUT/PATCH/DELETE: default **0 retries** — mutations podem duplicar\r\n * side effects (ex: `usage.report` incrementa contador). Caller pode\r\n * reativar passando `retries: N` explicitamente ou usar `Idempotency-Key`\r\n * header (gerado automaticamente se `opts.idempotencyKey=true`).\r\n *\r\n * Idempotency-Key (3.0):\r\n * - `opts.idempotencyKey === true` → SDK gera UUID v4 e injeta header.\r\n * - `opts.idempotencyKey === 'uuid-string'` → usa o valor passado.\r\n * - Caller mantém retentos client-side se quiser; Core dedup serverside\r\n * (vide `docs/CORE_CHANGES_REQUIRED.md` §2).\r\n */\r\nimport { NeetruError, type NeetruErrorCode } from './errors';\r\nimport { generateIdempotencyKey } from './idempotency';\r\nimport type { ResolvedConfig } from './types';\r\n\r\n// ─── Compat Matrix SDK↔Core ──────────────────────────────────────────────────\r\n\r\n/**\r\n * Matriz de compatibilidade SDK major → versão mínima do Core.\r\n *\r\n * Formato do Core: CalVer `YYYY.MM.patch+revision` (ex: `2026.05.1+neetru-core-00096-79t`).\r\n * A comparação é feita apenas nas partes `YYYY.MM.patch` (prefixo antes de `+`).\r\n *\r\n * Quando o Core reporta `X-Neetru-Version` abaixo do mínimo para a SDK major\r\n * corrente, o SDK emite `console.warn` uma única vez por sessão de processo.\r\n *\r\n * Atualize esta tabela a cada major de SDK.\r\n */\r\nconst COMPAT_MATRIX: Record<number, string> = {\r\n // SDK major 3.x requer Core ≥ 2026.05.1 (suporte a X-Neetru-Version header,\r\n // runTransaction write-after-read, verifyWebhookRequest, webhooks 3.0+)\r\n 3: '2026.05.1',\r\n};\r\n\r\n/** CalVer sem sufixo `+revision`. Ex: `2026.05.1+abc` → `2026.05.1`. */\r\nfunction stripRevision(v: string): string {\r\n return v.split('+')[0] ?? v;\r\n}\r\n\r\n/**\r\n * Compara dois CalVer (`YYYY.MM.patch`). Retorna negativo se `a < b`,\r\n * positivo se `a > b`, 0 se iguais. Partes não numéricas tratadas como 0.\r\n */\r\nfunction compareCalVer(a: string, b: string): number {\r\n const partsA = stripRevision(a).split('.').map(Number);\r\n const partsB = stripRevision(b).split('.').map(Number);\r\n const len = Math.max(partsA.length, partsB.length);\r\n for (let i = 0; i < len; i++) {\r\n const pa = partsA[i] ?? 0;\r\n const pb = partsB[i] ?? 0;\r\n if (pa !== pb) return pa - pb;\r\n }\r\n return 0;\r\n}\r\n\r\n/** Lê a SDK major a partir da string `VERSION` exportada de `./index`. Fallback 3. */\r\nfunction getSdkMajor(): number {\r\n try {\r\n // Importação estática não disponível aqui (evita ciclo). Usa variável injetada\r\n // em tempo de build pela tsup via `define`. Fallback para 3 (current major).\r\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\r\n const ver = (globalThis as any).__NEETRU_SDK_VERSION__ as string | undefined;\r\n if (ver) return parseInt(ver.split('.')[0] ?? '3', 10);\r\n } catch {\r\n // ignore\r\n }\r\n return 3;\r\n}\r\n\r\n/** Aviso emitido no máximo uma vez por major detectada pra não spammar logs. */\r\nconst _warnedCoreTooOld = new Set<string>();\r\n\r\n/**\r\n * Verifica se a versão do Core (`X-Neetru-Version`) é compatível com a SDK major.\r\n * Emite `console.warn` quando incompatível (uma vez por processo por versão detectada).\r\n */\r\nexport function checkCoreVersionCompat(coreVersion: string): void {\r\n if (!coreVersion) return;\r\n const sdkMajor = getSdkMajor();\r\n const minCore = COMPAT_MATRIX[sdkMajor];\r\n if (!minCore) return; // sem restrição para esta major\r\n const stripped = stripRevision(coreVersion);\r\n if (compareCalVer(stripped, minCore) < 0) {\r\n const key = `${sdkMajor}:${stripped}`;\r\n if (!_warnedCoreTooOld.has(key)) {\r\n _warnedCoreTooOld.add(key);\r\n console.warn(\r\n `[Neetru SDK] Atenção: Core versão \"${coreVersion}\" é anterior ao mínimo recomendado` +\r\n ` \"${minCore}\" para SDK major ${sdkMajor}. Alguns recursos podem não funcionar` +\r\n ` corretamente. Atualize o Core para a versão mais recente.`,\r\n );\r\n }\r\n }\r\n}\r\n\r\n/** Opções da request HTTP. */\r\nexport interface HttpRequestOptions {\r\n method?: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';\r\n /** Path relativo (ex: `/api/v1/cli/catalog`). Concatenado a `baseUrl`. */\r\n path: string;\r\n /** Query string params (chave → valor primitivo). Valores `undefined` ignorados. */\r\n query?: Record<string, string | number | boolean | undefined>;\r\n /** Body JSON-serializável. Ignorado em GET/DELETE. */\r\n body?: unknown;\r\n /**\r\n * Se true, injeta `Authorization: Bearer <apiKey>`. Lança `missing_api_key`\r\n * se config.apiKey ausente. Default false.\r\n */\r\n requireAuth?: boolean;\r\n /** Cabeçalhos extras. */\r\n headers?: Record<string, string>;\r\n /**\r\n * Número de retries em códigos transientes (`rate_limited`, `server_error`,\r\n * `network_error`).\r\n *\r\n * Default (3.0):\r\n * - GET/HEAD: 2 (= 3 tentativas total) — idempotente, seguro.\r\n * - POST/PUT/PATCH/DELETE: 0 — mutations podem duplicar side effects.\r\n *\r\n * Caller pode reativar passando explicitamente: `retries: 2`.\r\n */\r\n retries?: number;\r\n /**\r\n * Injeta `Idempotency-Key` header pra dedup serverside (3.0):\r\n * - `true` → SDK gera UUID v4 cripto-seguro automaticamente.\r\n * - string → usa o valor passado (deve ser UUID v4).\r\n * - `undefined`/`false` → sem header.\r\n */\r\n idempotencyKey?: boolean | string;\r\n}\r\n\r\nconst DEFAULT_RETRIES_READ = 2;\r\nconst DEFAULT_RETRIES_WRITE = 0;\r\nconst READ_METHODS = new Set(['GET', 'HEAD']);\r\nconst RETRYABLE_CODES = new Set<NeetruErrorCode>([\r\n 'rate_limited',\r\n 'server_error',\r\n 'network_error',\r\n]);\r\n\r\n/** Backoff exponencial com jitter ±20%. attempt: 0=primeira, 1=primeiro retry, ... */\r\nfunction backoffMs(attempt: number): number {\r\n const base = 200 * Math.pow(4, attempt); // 200ms, 800ms, 3.2s, ...\r\n const jitter = base * 0.2 * (Math.random() * 2 - 1);\r\n return Math.max(50, Math.round(base + jitter));\r\n}\r\n\r\n/**\r\n * Honra `Retry-After` header (segundos ou HTTP-date). Retorna ms ou null se\r\n * inválido. RFC 9110 §10.2.3.\r\n *\r\n * Bug fix: sem teto, um servidor hostil/mal-configurado poderia retornar\r\n * `Retry-After: 86400` (24h) ou uma HTTP-date anos no futuro, pendurando o\r\n * processo indefinidamente. Aplica teto de MAX_RETRY_AFTER_MS em ambos os caminhos.\r\n */\r\nconst MAX_RETRY_AFTER_MS = 60_000; // 60s — teto razoável para retry automático\r\n\r\nfunction parseRetryAfter(value: string | null): number | null {\r\n if (!value) return null;\r\n const secs = Number(value);\r\n if (Number.isFinite(secs) && secs >= 0) return Math.min(Math.round(secs * 1000), MAX_RETRY_AFTER_MS);\r\n const dateMs = Date.parse(value);\r\n if (Number.isFinite(dateMs)) {\r\n const delta = dateMs - Date.now();\r\n if (delta > 0) return Math.min(delta, MAX_RETRY_AFTER_MS);\r\n }\r\n return null;\r\n}\r\n\r\nfunction sleep(ms: number): Promise<void> {\r\n return new Promise((resolve) => setTimeout(resolve, ms));\r\n}\r\n\r\n/** Mapeamento status → code estável do NeetruError. */\r\nfunction statusToCode(status: number): NeetruErrorCode {\r\n if (status === 401) return 'unauthorized';\r\n if (status === 403) return 'forbidden';\r\n if (status === 404) return 'not_found';\r\n if (status === 409) return 'conflict'; // Bug fix: 409 vira 'conflict' (não 'unknown')\r\n if (status === 422 || status === 400) return 'validation_failed';\r\n if (status === 429) return 'rate_limited';\r\n if (status >= 500) return 'server_error';\r\n return 'unknown';\r\n}\r\n\r\nfunction buildUrl(baseUrl: string, path: string, query?: HttpRequestOptions['query']): string {\r\n // Trim trailing slash em base e leading em path pra evitar `//`.\r\n const base = baseUrl.replace(/\\/+$/, '');\r\n const p = path.startsWith('/') ? path : `/${path}`;\r\n const url = new URL(`${base}${p}`);\r\n if (query) {\r\n for (const [k, v] of Object.entries(query)) {\r\n if (v === undefined) continue;\r\n url.searchParams.set(k, String(v));\r\n }\r\n }\r\n return url.toString();\r\n}\r\n\r\n/** Parse JSON defensivo — retorna `undefined` em body vazio. */\r\nasync function safeJson(res: Response): Promise<unknown> {\r\n const text = await res.text();\r\n if (!text) return undefined;\r\n try {\r\n return JSON.parse(text);\r\n } catch {\r\n return undefined;\r\n }\r\n}\r\n\r\n/**\r\n * Executa request HTTP. Em sucesso retorna body parseado; em erro lança\r\n * `NeetruError` com `code` derivado do status. Aplica retry/backoff\r\n * automático em códigos transientes (rate_limited/server_error/network_error)\r\n * conforme `opts.retries` (default 2 = 3 tentativas).\r\n */\r\nexport async function httpRequest<T>(\r\n config: ResolvedConfig,\r\n opts: HttpRequestOptions,\r\n): Promise<T> {\r\n const method = opts.method ?? 'GET';\r\n const url = buildUrl(config.baseUrl, opts.path, opts.query);\r\n // Default por método: reads tentam 2x, writes 0x. Caller override sempre vence.\r\n const defaultRetries = READ_METHODS.has(method)\r\n ? DEFAULT_RETRIES_READ\r\n : DEFAULT_RETRIES_WRITE;\r\n const maxRetries = opts.retries ?? defaultRetries;\r\n\r\n const headers: Record<string, string> = {\r\n accept: 'application/json',\r\n ...opts.headers,\r\n };\r\n\r\n if (opts.requireAuth) {\r\n if (!config.apiKey) {\r\n throw new NeetruError(\r\n 'missing_api_key',\r\n 'This operation requires an apiKey. Pass it to createNeetruClient({ apiKey }) or set NEETRU_API_KEY env var.',\r\n );\r\n }\r\n headers.authorization = `Bearer ${config.apiKey}`;\r\n }\r\n\r\n // Idempotency-Key: gerado por chamada se solicitado. UUID v4 cripto-seguro.\r\n if (opts.idempotencyKey) {\r\n const key =\r\n typeof opts.idempotencyKey === 'string'\r\n ? opts.idempotencyKey\r\n : generateIdempotencyKey();\r\n headers['idempotency-key'] = key;\r\n }\r\n\r\n // Body só é serializado uma vez — reusado entre tentativas.\r\n const bodyString =\r\n opts.body !== undefined && method !== 'GET' && method !== 'DELETE'\r\n ? JSON.stringify(opts.body)\r\n : undefined;\r\n if (bodyString !== undefined) {\r\n headers['content-type'] = 'application/json';\r\n }\r\n\r\n let lastError: NeetruError | null = null;\r\n\r\n for (let attempt = 0; attempt <= maxRetries; attempt++) {\r\n const init: RequestInit = { method, headers };\r\n if (bodyString !== undefined) init.body = bodyString;\r\n // BUG-020 fix (2026-05-13): timeout default 30s. AbortSignal.timeout\r\n // requer Node 18+ ou browsers recentes.\r\n init.signal = AbortSignal.timeout(30_000);\r\n\r\n let res: Response;\r\n try {\r\n res = await config.fetch(url, init);\r\n } catch (err) {\r\n const message =\r\n err instanceof DOMException && err.name === 'TimeoutError'\r\n ? 'Network error: timeout after 30s'\r\n : `Network error: ${err instanceof Error ? err.message : 'fetch failed'}`;\r\n lastError = new NeetruError('network_error', message);\r\n if (attempt < maxRetries) {\r\n await sleep(backoffMs(attempt));\r\n continue;\r\n }\r\n throw lastError;\r\n }\r\n\r\n const requestId =\r\n res.headers.get('x-request-id') ?? res.headers.get('x-correlation-id') ?? undefined;\r\n\r\n if (res.ok) {\r\n // Captura X-Neetru-Version e verifica compat com a SDK major.\r\n const coreVersion = res.headers.get('x-neetru-version');\r\n if (coreVersion) checkCoreVersionCompat(coreVersion);\r\n const parsed = await safeJson(res);\r\n return parsed as T;\r\n }\r\n\r\n const body = (await safeJson(res)) as\r\n | { error?: { code?: string; message?: string } | string }\r\n | undefined;\r\n let code: string = statusToCode(res.status);\r\n let message = `HTTP ${res.status}`;\r\n if (body && typeof body === 'object' && 'error' in body) {\r\n const errField = body.error;\r\n if (typeof errField === 'string') {\r\n message = errField;\r\n } else if (errField && typeof errField === 'object') {\r\n if (typeof errField.code === 'string') code = errField.code;\r\n if (typeof errField.message === 'string') message = errField.message;\r\n }\r\n }\r\n const err = new NeetruError(code, message, res.status, requestId);\r\n lastError = err;\r\n\r\n const isRetryable = RETRYABLE_CODES.has(code as NeetruErrorCode);\r\n if (isRetryable && attempt < maxRetries) {\r\n const retryAfter = parseRetryAfter(res.headers.get('retry-after'));\r\n const delay = retryAfter ?? backoffMs(attempt);\r\n await sleep(delay);\r\n continue;\r\n }\r\n throw err;\r\n }\r\n\r\n // Unreachable — loop sempre retorna ou lança. Safety net.\r\n throw lastError ?? new NeetruError('unknown', 'unexpected httpRequest exit');\r\n}\r\n","/**\r\n * Telemetria — emite eventos do produto cliente pro Core.\r\n *\r\n * APIs disponíveis:\r\n * - `event(input)` — chamada single-shot, await retorna { ok, eventId }.\r\n * `POST /api/sdk/v1/telemetry/event` — persiste em `usage_events/{id}`.\r\n * - `track(input)` — fire-and-forget (v1.2). Enqueue + flush 500ms debounce.\r\n * Reusa o mesmo endpoint mas não bloqueia o caller — ideal pra alta\r\n * frequência (cliques, page-views). Falhas viram warning no console.\r\n * - `flush()` — força flush imediato da queue (chamar antes de unload).\r\n * - `log(input)` — log estruturado `POST /api/sdk/v1/telemetry/log` com\r\n * Bearer + correlationId. Em `NEETRU_ENV=dev` cai pra console.{level}.\r\n */\r\nimport { NeetruError } from './errors';\r\nimport { httpRequest } from './http';\r\nimport type {\r\n ResolvedConfig,\r\n TelemetryEventAck,\r\n TelemetryEventInput,\r\n TelemetryLogAck,\r\n TelemetryLogInput,\r\n TelemetryLogLevel,\r\n} from './types';\r\n\r\ninterface RawTelemetryAck {\r\n ok?: boolean;\r\n eventId?: string;\r\n}\r\n\r\ninterface RawLogAck {\r\n ok?: boolean;\r\n logId?: string;\r\n}\r\n\r\nconst VALID_LOG_LEVELS: readonly TelemetryLogLevel[] = ['debug', 'info', 'warn', 'error', 'fatal'];\r\n\r\nfunction consoleFor(level: TelemetryLogLevel): (message?: unknown, ...optional: unknown[]) => void {\r\n switch (level) {\r\n case 'debug': return console.debug.bind(console);\r\n case 'info': return console.info.bind(console);\r\n case 'warn': return console.warn.bind(console);\r\n case 'error': return console.error.bind(console);\r\n case 'fatal': return console.error.bind(console);\r\n default: return console.log.bind(console);\r\n }\r\n}\r\n\r\n/** Janela de debounce do `track()` antes de drenar a queue. */\r\nconst TRACK_FLUSH_MS = 500;\r\n/** Limite de eventos na queue antes de flush forçado (defensivo). */\r\nconst TRACK_MAX_QUEUE = 50;\r\n\r\nexport function createTelemetryNamespace(config: ResolvedConfig) {\r\n // Queue local pra track() — fire-and-forget batchado.\r\n const queue: TelemetryEventInput[] = [];\r\n let flushTimer: ReturnType<typeof setTimeout> | null = null;\r\n // bug: flush() precisava aguardar drain já em voo p/ não resolver antes do envio\r\n let _inflightDrain: Promise<void> | null = null;\r\n\r\n async function drainQueue(): Promise<void> {\r\n if (queue.length === 0) return;\r\n // (a) Capture the current batch BEFORE the async boundary so that any\r\n // track() call arriving during the await works on a clean queue.\r\n const batch = queue.splice(0, queue.length);\r\n // NOTE: flushTimer is intentionally NOT cleared here. Clearing it before\r\n // the await would let a concurrent track() schedule a second timer, fire\r\n // it while this flush is still in-flight, and produce duplicate concurrent\r\n // drainQueue calls. We clear it only after the await (see below).\r\n const work = Promise.allSettled(\r\n batch.map(async (ev) => {\r\n try {\r\n const body: Record<string, unknown> = { name: ev.name };\r\n if (ev.properties && typeof ev.properties === 'object') {\r\n body.properties = ev.properties;\r\n }\r\n if (ev.timestamp) body.timestamp = ev.timestamp;\r\n await httpRequest<RawTelemetryAck>(config, {\r\n method: 'POST',\r\n path: '/api/sdk/v1/telemetry/event',\r\n body,\r\n requireAuth: true,\r\n retries: 1,\r\n });\r\n } catch (err) {\r\n if (typeof console !== 'undefined') {\r\n console.warn('[neetru-sdk] telemetry.track flush failed for event', ev.name, err);\r\n }\r\n }\r\n }),\r\n );\r\n // Registra promise em voo para que flush() possa aguardar (bug finding 4)\r\n _inflightDrain = work.then(() => { _inflightDrain = null; });\r\n // (b) Release the timer slot AFTER the await so that any track() calls\r\n // that arrived during the flush and called scheduleFlush() were\r\n // correctly suppressed (flushTimer was still set). Now that the\r\n // in-flight requests are done we reset it and, if new events were\r\n // enqueued while we were awaiting, schedule the next flush.\r\n await work;\r\n flushTimer = null;\r\n // (c) If events arrived during the flush window, schedule the next drain.\r\n if (queue.length > 0) {\r\n scheduleFlush();\r\n }\r\n }\r\n\r\n function scheduleFlush(): void {\r\n if (flushTimer) return;\r\n flushTimer = setTimeout(() => {\r\n void drainQueue();\r\n }, TRACK_FLUSH_MS);\r\n }\r\n\r\n return {\r\n /**\r\n * Persiste um evento de uso. Lança `NeetruError` em qualquer falha\r\n * (incluindo rate-limit).\r\n *\r\n * @example\r\n * ```ts\r\n * await client.telemetry.event({\r\n * name: 'dashboard_opened',\r\n * properties: { plan: 'pro', tab: 'overview' },\r\n * });\r\n * ```\r\n */\r\n async event(input: TelemetryEventInput): Promise<TelemetryEventAck> {\r\n if (!input || typeof input !== 'object') {\r\n throw new NeetruError('validation_failed', 'event input is required');\r\n }\r\n if (typeof input.name !== 'string' || input.name.length === 0) {\r\n throw new NeetruError('validation_failed', 'event.name is required');\r\n }\r\n if (input.name.length > 128) {\r\n throw new NeetruError('validation_failed', 'event.name max 128 chars');\r\n }\r\n\r\n const body: Record<string, unknown> = { name: input.name };\r\n if (input.properties && typeof input.properties === 'object') {\r\n body.properties = input.properties;\r\n }\r\n if (input.timestamp) body.timestamp = input.timestamp;\r\n\r\n const raw = await httpRequest<RawTelemetryAck>(config, {\r\n method: 'POST',\r\n path: '/api/sdk/v1/telemetry/event',\r\n body,\r\n requireAuth: true,\r\n });\r\n\r\n if (!raw || raw.ok !== true || typeof raw.eventId !== 'string') {\r\n throw new NeetruError('invalid_response', 'Telemetry response missing eventId');\r\n }\r\n return { ok: true, eventId: raw.eventId };\r\n },\r\n\r\n /**\r\n * Fire-and-forget: enqueue + flush 500ms debounce. Não retorna `eventId`\r\n * — falhas são logadas como warning. Ideal pra alta frequência.\r\n *\r\n * @example\r\n * ```ts\r\n * client.telemetry.track({ name: 'page_view', properties: { path: '/' } });\r\n * // segue execução; flush async em background\r\n * ```\r\n */\r\n track(input: TelemetryEventInput): void {\r\n if (!input || typeof input !== 'object') return;\r\n if (typeof input.name !== 'string' || input.name.length === 0) return;\r\n if (input.name.length > 128) return;\r\n queue.push(input);\r\n if (queue.length >= TRACK_MAX_QUEUE) {\r\n // bug: timer pendente não era cancelado → dois drainQueue() concorrentes\r\n if (flushTimer) { clearTimeout(flushTimer); flushTimer = null; }\r\n void drainQueue();\r\n } else {\r\n scheduleFlush();\r\n }\r\n },\r\n\r\n /**\r\n * Força flush imediato da queue de `track()`. Resolva antes de\r\n * page unload / SSR boundary pra não perder eventos.\r\n */\r\n async flush(): Promise<void> {\r\n if (flushTimer) {\r\n clearTimeout(flushTimer);\r\n flushTimer = null;\r\n }\r\n // bug: flush() resolvia antes do drain já em voo terminar (finding 4)\r\n if (_inflightDrain) await _inflightDrain;\r\n await drainQueue();\r\n },\r\n\r\n /**\r\n * Registra um log estruturado per-product (Sprint 6).\r\n *\r\n * - `NEETRU_ENV=dev`: console.{level}, retorna ack mock.\r\n * - workspace/prod: HTTP POST com Bearer auth + correlationId no header.\r\n *\r\n * @example\r\n * ```ts\r\n * await client.telemetry.log({\r\n * level: 'error',\r\n * message: 'Falha ao calcular total',\r\n * metadata: { orderId: 'o-123' },\r\n * });\r\n * ```\r\n */\r\n async log(input: TelemetryLogInput): Promise<TelemetryLogAck> {\r\n if (!input || typeof input !== 'object') {\r\n throw new NeetruError('validation_failed', 'log input is required');\r\n }\r\n if (!VALID_LOG_LEVELS.includes(input.level)) {\r\n throw new NeetruError('validation_failed', `level must be one of ${VALID_LOG_LEVELS.join(', ')}`);\r\n }\r\n if (typeof input.message !== 'string' || input.message.length === 0) {\r\n throw new NeetruError('validation_failed', 'message is required');\r\n }\r\n if (input.message.length > 4_000) {\r\n throw new NeetruError('validation_failed', 'message max 4000 chars');\r\n }\r\n\r\n // Dev mode: console only, no network.\r\n if (config.env === 'dev') {\r\n const fn = consoleFor(input.level);\r\n fn(`[neetru-sdk] ${input.level}: ${input.message}`, input.metadata ?? {});\r\n return { ok: true, mode: 'mock' };\r\n }\r\n\r\n const body: Record<string, unknown> = {\r\n level: input.level,\r\n message: input.message,\r\n };\r\n if (input.metadata) body.metadata = input.metadata;\r\n if (input.productSlug) body.productSlug = input.productSlug;\r\n\r\n // CorrelationId: explicit input wins; senão tenta lê de globalThis (set\r\n // por instrumentação do consumer).\r\n let cid = input.correlationId;\r\n if (!cid) {\r\n try {\r\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\r\n const g = (globalThis as any).NEETRU_CORRELATION_ID;\r\n if (typeof g === 'string' && g.length > 0) cid = g;\r\n } catch {\r\n /* ignore */\r\n }\r\n }\r\n\r\n const headers: Record<string, string> = {};\r\n if (cid) headers['x-correlation-id'] = cid;\r\n\r\n const raw = await httpRequest<RawLogAck>(config, {\r\n method: 'POST',\r\n path: '/api/sdk/v1/telemetry/log',\r\n body,\r\n requireAuth: true,\r\n headers,\r\n });\r\n\r\n if (!raw || raw.ok !== true) {\r\n throw new NeetruError('invalid_response', 'Telemetry log response missing ok');\r\n }\r\n return {\r\n ok: true,\r\n logId: typeof raw.logId === 'string' ? raw.logId : undefined,\r\n mode: 'http',\r\n };\r\n },\r\n };\r\n}\r\n"]}
|
|
1
|
+
{"version":3,"sources":["../src/errors.ts","../src/idempotency.ts","../src/http.ts","../src/telemetry.ts"],"names":["err","message"],"mappings":";AA6CO,IAAM,WAAA,GAAN,MAAM,YAAA,SAAoB,KAAA,CAAM;AAAA,EACrB,IAAA;AAAA,EACA,MAAA;AAAA,EACA,SAAA;AAAA,EAEhB,WAAA,CACE,IAAA,EACA,OAAA,EACA,MAAA,EACA,SAAA,EACA;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,aAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,MAAA,GAAS,MAAA;AACd,IAAA,IAAA,CAAK,SAAA,GAAY,SAAA;AAEjB,IAAA,MAAA,CAAO,cAAA,CAAe,IAAA,EAAM,YAAA,CAAY,SAAS,CAAA;AAAA,EACnD;AACF,CAAA;;;AC9BO,SAAS,sBAAA,GAAiC;AAG/C,EAAA,MAAM,YACJ,OAAO,UAAA,KAAe,eAAe,QAAA,IAAY,UAAA,GAC5C,WAA0D,MAAA,GAC3D,MAAA;AACN,EAAA,IAAI,SAAA,IAAa,OAAO,SAAA,CAAU,UAAA,KAAe,UAAA,EAAY;AAC3D,IAAA,OAAO,UAAU,UAAA,EAAW;AAAA,EAC9B;AACA,EAAA,MAAM,IAAI,WAAA;AAAA,IACR,qBAAA;AAAA,IACA;AAAA,GACF;AACF;;;ACJA,IAAM,aAAA,GAAwC;AAAA;AAAA;AAAA,EAG5C,CAAA,EAAG;AACL,CAAA;AAGA,SAAS,cAAc,CAAA,EAAmB;AACxC,EAAA,OAAO,CAAA,CAAE,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,IAAK,CAAA;AAC5B;AAMA,SAAS,aAAA,CAAc,GAAW,CAAA,EAAmB;AACnD,EAAA,MAAM,MAAA,GAAS,cAAc,CAAC,CAAA,CAAE,MAAM,GAAG,CAAA,CAAE,IAAI,MAAM,CAAA;AACrD,EAAA,MAAM,MAAA,GAAS,cAAc,CAAC,CAAA,CAAE,MAAM,GAAG,CAAA,CAAE,IAAI,MAAM,CAAA;AACrD,EAAA,MAAM,MAAM,IAAA,CAAK,GAAA,CAAI,MAAA,CAAO,MAAA,EAAQ,OAAO,MAAM,CAAA;AACjD,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,GAAA,EAAK,CAAA,EAAA,EAAK;AAC5B,IAAA,MAAM,EAAA,GAAK,MAAA,CAAO,CAAC,CAAA,IAAK,CAAA;AACxB,IAAA,MAAM,EAAA,GAAK,MAAA,CAAO,CAAC,CAAA,IAAK,CAAA;AACxB,IAAA,IAAI,EAAA,KAAO,EAAA,EAAI,OAAO,EAAA,GAAK,EAAA;AAAA,EAC7B;AACA,EAAA,OAAO,CAAA;AACT;AAGA,SAAS,WAAA,GAAsB;AAC7B,EAAA,IAAI;AAIF,IAAA,MAAM,MAAO,UAAA,CAAmB,sBAAA;AAChC,IAAA,IAAI,GAAA,EAAK,OAAO,QAAA,CAAS,GAAA,CAAI,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,IAAK,GAAA,EAAK,EAAE,CAAA;AAAA,EACvD,CAAA,CAAA,MAAQ;AAAA,EAER;AACA,EAAA,OAAO,CAAA;AACT;AAGA,IAAM,iBAAA,uBAAwB,GAAA,EAAY;AAMnC,SAAS,uBAAuB,WAAA,EAA2B;AAChE,EAAA,IAAI,CAAC,WAAA,EAAa;AAClB,EAAA,MAAM,WAAW,WAAA,EAAY;AAC7B,EAAA,MAAM,OAAA,GAAU,cAAc,QAAQ,CAAA;AACtC,EAAA,IAAI,CAAC,OAAA,EAAS;AACd,EAAA,MAAM,QAAA,GAAW,cAAc,WAAW,CAAA;AAC1C,EAAA,IAAI,aAAA,CAAc,QAAA,EAAU,OAAO,CAAA,GAAI,CAAA,EAAG;AACxC,IAAA,MAAM,GAAA,GAAM,CAAA,EAAG,QAAQ,CAAA,CAAA,EAAI,QAAQ,CAAA,CAAA;AACnC,IAAA,IAAI,CAAC,iBAAA,CAAkB,GAAA,CAAI,GAAG,CAAA,EAAG;AAC/B,MAAA,iBAAA,CAAkB,IAAI,GAAG,CAAA;AACzB,MAAA,OAAA,CAAQ,IAAA;AAAA,QACN,CAAA,4CAAA,EAAsC,WAAW,CAAA,0CAAA,EAC1C,OAAO,oBAAoB,QAAQ,CAAA,qGAAA;AAAA,OAE5C;AAAA,IACF;AAAA,EACF;AACF;AAsCA,IAAM,oBAAA,GAAuB,CAAA;AAC7B,IAAM,qBAAA,GAAwB,CAAA;AAC9B,IAAM,+BAAe,IAAI,GAAA,CAAI,CAAC,KAAA,EAAO,MAAM,CAAC,CAAA;AAC5C,IAAM,eAAA,uBAAsB,GAAA,CAAqB;AAAA,EAC/C,cAAA;AAAA,EACA,cAAA;AAAA,EACA;AACF,CAAC,CAAA;AAGD,SAAS,UAAU,OAAA,EAAyB;AAC1C,EAAA,MAAM,IAAA,GAAO,GAAA,GAAM,IAAA,CAAK,GAAA,CAAI,GAAG,OAAO,CAAA;AACtC,EAAA,MAAM,SAAS,IAAA,GAAO,GAAA,IAAO,IAAA,CAAK,MAAA,KAAW,CAAA,GAAI,CAAA,CAAA;AACjD,EAAA,OAAO,KAAK,GAAA,CAAI,EAAA,EAAI,KAAK,KAAA,CAAM,IAAA,GAAO,MAAM,CAAC,CAAA;AAC/C;AAUA,IAAM,kBAAA,GAAqB,GAAA;AAE3B,SAAS,gBAAgB,KAAA,EAAqC;AAC5D,EAAA,IAAI,CAAC,OAAO,OAAO,IAAA;AACnB,EAAA,MAAM,IAAA,GAAO,OAAO,KAAK,CAAA;AACzB,EAAA,IAAI,MAAA,CAAO,QAAA,CAAS,IAAI,CAAA,IAAK,QAAQ,CAAA,EAAG,OAAO,IAAA,CAAK,GAAA,CAAI,IAAA,CAAK,KAAA,CAAM,IAAA,GAAO,GAAI,GAAG,kBAAkB,CAAA;AACnG,EAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,KAAK,CAAA;AAC/B,EAAA,IAAI,MAAA,CAAO,QAAA,CAAS,MAAM,CAAA,EAAG;AAC3B,IAAA,MAAM,KAAA,GAAQ,MAAA,GAAS,IAAA,CAAK,GAAA,EAAI;AAChC,IAAA,IAAI,QAAQ,CAAA,EAAG,OAAO,IAAA,CAAK,GAAA,CAAI,OAAO,kBAAkB,CAAA;AAAA,EAC1D;AACA,EAAA,OAAO,IAAA;AACT;AAEA,SAAS,MAAM,EAAA,EAA2B;AACxC,EAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,YAAY,UAAA,CAAW,OAAA,EAAS,EAAE,CAAC,CAAA;AACzD;AAGA,SAAS,aAAa,MAAA,EAAiC;AACrD,EAAA,IAAI,MAAA,KAAW,KAAK,OAAO,cAAA;AAC3B,EAAA,IAAI,MAAA,KAAW,KAAK,OAAO,WAAA;AAC3B,EAAA,IAAI,MAAA,KAAW,KAAK,OAAO,WAAA;AAC3B,EAAA,IAAI,MAAA,KAAW,KAAK,OAAO,UAAA;AAC3B,EAAA,IAAI,MAAA,KAAW,GAAA,IAAO,MAAA,KAAW,GAAA,EAAK,OAAO,mBAAA;AAC7C,EAAA,IAAI,MAAA,KAAW,KAAK,OAAO,cAAA;AAC3B,EAAA,IAAI,MAAA,IAAU,KAAK,OAAO,cAAA;AAC1B,EAAA,OAAO,SAAA;AACT;AAEA,SAAS,QAAA,CAAS,OAAA,EAAiB,IAAA,EAAc,KAAA,EAA6C;AAE5F,EAAA,MAAM,IAAA,GAAO,OAAA,CAAQ,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAA;AACvC,EAAA,MAAM,IAAI,IAAA,CAAK,UAAA,CAAW,GAAG,CAAA,GAAI,IAAA,GAAO,IAAI,IAAI,CAAA,CAAA;AAChD,EAAA,MAAM,MAAM,IAAI,GAAA,CAAI,GAAG,IAAI,CAAA,EAAG,CAAC,CAAA,CAAE,CAAA;AACjC,EAAA,IAAI,KAAA,EAAO;AACT,IAAA,KAAA,MAAW,CAAC,CAAA,EAAG,CAAC,KAAK,MAAA,CAAO,OAAA,CAAQ,KAAK,CAAA,EAAG;AAC1C,MAAA,IAAI,MAAM,MAAA,EAAW;AACrB,MAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,CAAA,EAAG,MAAA,CAAO,CAAC,CAAC,CAAA;AAAA,IACnC;AAAA,EACF;AACA,EAAA,OAAO,IAAI,QAAA,EAAS;AACtB;AAGA,eAAe,SAAS,GAAA,EAAiC;AACvD,EAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,EAAK;AAC5B,EAAA,IAAI,CAAC,MAAM,OAAO,MAAA;AAClB,EAAA,IAAI;AACF,IAAA,OAAO,IAAA,CAAK,MAAM,IAAI,CAAA;AAAA,EACxB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,MAAA;AAAA,EACT;AACF;AAQA,eAAsB,WAAA,CACpB,QACA,IAAA,EACY;AACZ,EAAA,MAAM,MAAA,GAAS,KAAK,MAAA,IAAU,KAAA;AAC9B,EAAA,MAAM,MAAM,QAAA,CAAS,MAAA,CAAO,SAAS,IAAA,CAAK,IAAA,EAAM,KAAK,KAAK,CAAA;AAE1D,EAAA,MAAM,cAAA,GAAiB,YAAA,CAAa,GAAA,CAAI,MAAM,IAC1C,oBAAA,GACA,qBAAA;AACJ,EAAA,MAAM,UAAA,GAAa,KAAK,OAAA,IAAW,cAAA;AAEnC,EAAA,MAAM,OAAA,GAAkC;AAAA,IACtC,MAAA,EAAQ,kBAAA;AAAA,IACR,GAAG,IAAA,CAAK;AAAA,GACV;AAEA,EAAA,IAAI,KAAK,WAAA,EAAa;AACpB,IAAA,IAAI,CAAC,OAAO,MAAA,EAAQ;AAClB,MAAA,MAAM,IAAI,WAAA;AAAA,QACR,iBAAA;AAAA,QACA;AAAA,OACF;AAAA,IACF;AACA,IAAA,OAAA,CAAQ,aAAA,GAAgB,CAAA,OAAA,EAAU,MAAA,CAAO,MAAM,CAAA,CAAA;AAAA,EACjD;AAGA,EAAA,IAAI,KAAK,cAAA,EAAgB;AACvB,IAAA,MAAM,MACJ,OAAO,IAAA,CAAK,mBAAmB,QAAA,GAC3B,IAAA,CAAK,iBACL,sBAAA,EAAuB;AAC7B,IAAA,OAAA,CAAQ,iBAAiB,CAAA,GAAI,GAAA;AAAA,EAC/B;AAGA,EAAA,MAAM,UAAA,GACJ,IAAA,CAAK,IAAA,KAAS,MAAA,IAAa,MAAA,KAAW,KAAA,IAAS,MAAA,KAAW,QAAA,GACtD,IAAA,CAAK,SAAA,CAAU,IAAA,CAAK,IAAI,CAAA,GACxB,MAAA;AACN,EAAA,IAAI,eAAe,MAAA,EAAW;AAC5B,IAAA,OAAA,CAAQ,cAAc,CAAA,GAAI,kBAAA;AAAA,EAC5B;AAEA,EAAA,IAAI,SAAA,GAAgC,IAAA;AAEpC,EAAA,KAAA,IAAS,OAAA,GAAU,CAAA,EAAG,OAAA,IAAW,UAAA,EAAY,OAAA,EAAA,EAAW;AACtD,IAAA,MAAM,IAAA,GAAoB,EAAE,MAAA,EAAQ,OAAA,EAAQ;AAC5C,IAAA,IAAI,UAAA,KAAe,MAAA,EAAW,IAAA,CAAK,IAAA,GAAO,UAAA;AAG1C,IAAA,IAAA,CAAK,MAAA,GAAS,WAAA,CAAY,OAAA,CAAQ,GAAM,CAAA;AAExC,IAAA,IAAI,GAAA;AACJ,IAAA,IAAI;AACF,MAAA,GAAA,GAAM,MAAM,MAAA,CAAO,KAAA,CAAM,GAAA,EAAK,IAAI,CAAA;AAAA,IACpC,SAASA,IAAAA,EAAK;AACZ,MAAA,MAAMC,QAAAA,GACJD,IAAAA,YAAe,YAAA,IAAgBA,IAAAA,CAAI,IAAA,KAAS,cAAA,GACxC,kCAAA,GACA,CAAA,eAAA,EAAkBA,IAAAA,YAAe,KAAA,GAAQA,IAAAA,CAAI,OAAA,GAAU,cAAc,CAAA,CAAA;AAC3E,MAAA,SAAA,GAAY,IAAI,WAAA,CAAY,eAAA,EAAiBC,QAAO,CAAA;AACpD,MAAA,IAAI,UAAU,UAAA,EAAY;AACxB,QAAA,MAAM,KAAA,CAAM,SAAA,CAAU,OAAO,CAAC,CAAA;AAC9B,QAAA;AAAA,MACF;AACA,MAAA,MAAM,SAAA;AAAA,IACR;AAEA,IAAA,MAAM,SAAA,GACJ,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,cAAc,KAAK,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,kBAAkB,CAAA,IAAK,MAAA;AAE5E,IAAA,IAAI,IAAI,EAAA,EAAI;AAEV,MAAA,MAAM,WAAA,GAAc,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,kBAAkB,CAAA;AACtD,MAAA,IAAI,WAAA,yBAAoC,WAAW,CAAA;AACnD,MAAA,MAAM,MAAA,GAAS,MAAM,QAAA,CAAS,GAAG,CAAA;AACjC,MAAA,OAAO,MAAA;AAAA,IACT;AAEA,IAAA,MAAM,IAAA,GAAQ,MAAM,QAAA,CAAS,GAAG,CAAA;AAGhC,IAAA,IAAI,IAAA,GAAe,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AAC1C,IAAA,IAAI,OAAA,GAAU,CAAA,KAAA,EAAQ,GAAA,CAAI,MAAM,CAAA,CAAA;AAChC,IAAA,IAAI,IAAA,IAAQ,OAAO,IAAA,KAAS,QAAA,IAAY,WAAW,IAAA,EAAM;AACvD,MAAA,MAAM,WAAW,IAAA,CAAK,KAAA;AACtB,MAAA,IAAI,OAAO,aAAa,QAAA,EAAU;AAChC,QAAA,OAAA,GAAU,QAAA;AAAA,MACZ,CAAA,MAAA,IAAW,QAAA,IAAY,OAAO,QAAA,KAAa,QAAA,EAAU;AACnD,QAAA,IAAI,OAAO,QAAA,CAAS,IAAA,KAAS,QAAA,SAAiB,QAAA,CAAS,IAAA;AACvD,QAAA,IAAI,OAAO,QAAA,CAAS,OAAA,KAAY,QAAA,YAAoB,QAAA,CAAS,OAAA;AAAA,MAC/D;AAAA,IACF;AACA,IAAA,MAAM,MAAM,IAAI,WAAA,CAAY,MAAM,OAAA,EAAS,GAAA,CAAI,QAAQ,SAAS,CAAA;AAChE,IAAA,SAAA,GAAY,GAAA;AAEZ,IAAA,MAAM,WAAA,GAAc,eAAA,CAAgB,GAAA,CAAI,IAAuB,CAAA;AAC/D,IAAA,IAAI,WAAA,IAAe,UAAU,UAAA,EAAY;AACvC,MAAA,MAAM,aAAa,eAAA,CAAgB,GAAA,CAAI,OAAA,CAAQ,GAAA,CAAI,aAAa,CAAC,CAAA;AACjE,MAAA,MAAM,KAAA,GAAQ,UAAA,IAAc,SAAA,CAAU,OAAO,CAAA;AAC7C,MAAA,MAAM,MAAM,KAAK,CAAA;AACjB,MAAA;AAAA,IACF;AACA,IAAA,MAAM,GAAA;AAAA,EACR;AAGA,EAAA,MAAM,SAAA,IAAa,IAAI,WAAA,CAAY,SAAA,EAAW,6BAA6B,CAAA;AAC7E;;;ACpTA,IAAM,mBAAiD,CAAC,OAAA,EAAS,MAAA,EAAQ,MAAA,EAAQ,SAAS,OAAO,CAAA;AAEjG,SAAS,WAAW,KAAA,EAA+E;AACjG,EAAA,QAAQ,KAAA;AAAO,IACb,KAAK,OAAA;AAAS,MAAA,OAAO,OAAA,CAAQ,KAAA,CAAM,IAAA,CAAK,OAAO,CAAA;AAAA,IAC/C,KAAK,MAAA;AAAQ,MAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,IAAA,CAAK,OAAO,CAAA;AAAA,IAC7C,KAAK,MAAA;AAAQ,MAAA,OAAO,OAAA,CAAQ,IAAA,CAAK,IAAA,CAAK,OAAO,CAAA;AAAA,IAC7C,KAAK,OAAA;AAAS,MAAA,OAAO,OAAA,CAAQ,KAAA,CAAM,IAAA,CAAK,OAAO,CAAA;AAAA,IAC/C,KAAK,OAAA;AAAS,MAAA,OAAO,OAAA,CAAQ,KAAA,CAAM,IAAA,CAAK,OAAO,CAAA;AAAA,IAC/C;AAAS,MAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,IAAA,CAAK,OAAO,CAAA;AAAA;AAE5C;AAGA,IAAM,cAAA,GAAiB,GAAA;AAEvB,IAAM,eAAA,GAAkB,EAAA;AAEjB,SAAS,yBAAyB,MAAA,EAAwB;AAE/D,EAAA,MAAM,QAA+B,EAAC;AACtC,EAAA,IAAI,UAAA,GAAmD,IAAA;AAEvD,EAAA,IAAI,cAAA,GAAuC,IAAA;AAE3C,EAAA,eAAe,UAAA,GAA4B;AACzC,IAAA,IAAI,KAAA,CAAM,WAAW,CAAA,EAAG;AAGxB,IAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,MAAA,CAAO,CAAA,EAAG,MAAM,MAAM,CAAA;AAK1C,IAAA,MAAM,OAAO,OAAA,CAAQ,UAAA;AAAA,MACnB,KAAA,CAAM,GAAA,CAAI,OAAO,EAAA,KAAO;AACtB,QAAA,IAAI;AACF,UAAA,MAAM,IAAA,GAAgC,EAAE,IAAA,EAAM,EAAA,CAAG,IAAA,EAAK;AACtD,UAAA,IAAI,EAAA,CAAG,UAAA,IAAc,OAAO,EAAA,CAAG,eAAe,QAAA,EAAU;AACtD,YAAA,IAAA,CAAK,aAAa,EAAA,CAAG,UAAA;AAAA,UACvB;AACA,UAAA,IAAI,EAAA,CAAG,SAAA,EAAW,IAAA,CAAK,SAAA,GAAY,EAAA,CAAG,SAAA;AACtC,UAAA,MAAM,YAA6B,MAAA,EAAQ;AAAA,YACzC,MAAA,EAAQ,MAAA;AAAA,YACR,IAAA,EAAM,6BAAA;AAAA,YACN,IAAA;AAAA,YACA,WAAA,EAAa,IAAA;AAAA,YACb,OAAA,EAAS;AAAA,WACV,CAAA;AAAA,QACH,SAAS,GAAA,EAAK;AACZ,UAAA,IAAI,OAAO,YAAY,WAAA,EAAa;AAClC,YAAA,OAAA,CAAQ,IAAA,CAAK,qDAAA,EAAuD,EAAA,CAAG,IAAA,EAAM,GAAG,CAAA;AAAA,UAClF;AAAA,QACF;AAAA,MACF,CAAC;AAAA,KACH;AAEA,IAAA,cAAA,GAAiB,IAAA,CAAK,KAAK,MAAM;AAAE,MAAA,cAAA,GAAiB,IAAA;AAAA,IAAM,CAAC,CAAA;AAM3D,IAAA,MAAM,IAAA;AACN,IAAA,UAAA,GAAa,IAAA;AAEb,IAAA,IAAI,KAAA,CAAM,SAAS,CAAA,EAAG;AACpB,MAAA,aAAA,EAAc;AAAA,IAChB;AAAA,EACF;AAEA,EAAA,SAAS,aAAA,GAAsB;AAC7B,IAAA,IAAI,UAAA,EAAY;AAChB,IAAA,UAAA,GAAa,WAAW,MAAM;AAC5B,MAAA,KAAK,UAAA,EAAW;AAAA,IAClB,GAAG,cAAc,CAAA;AAAA,EACnB;AAEA,EAAA,OAAO;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAaL,MAAM,MAAM,KAAA,EAAwD;AAClE,MAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,QAAA,MAAM,IAAI,WAAA,CAAY,mBAAA,EAAqB,yBAAyB,CAAA;AAAA,MACtE;AACA,MAAA,IAAI,OAAO,KAAA,CAAM,IAAA,KAAS,YAAY,KAAA,CAAM,IAAA,CAAK,WAAW,CAAA,EAAG;AAC7D,QAAA,MAAM,IAAI,WAAA,CAAY,mBAAA,EAAqB,wBAAwB,CAAA;AAAA,MACrE;AACA,MAAA,IAAI,KAAA,CAAM,IAAA,CAAK,MAAA,GAAS,GAAA,EAAK;AAC3B,QAAA,MAAM,IAAI,WAAA,CAAY,mBAAA,EAAqB,0BAA0B,CAAA;AAAA,MACvE;AAEA,MAAA,MAAM,IAAA,GAAgC,EAAE,IAAA,EAAM,KAAA,CAAM,IAAA,EAAK;AACzD,MAAA,IAAI,KAAA,CAAM,UAAA,IAAc,OAAO,KAAA,CAAM,eAAe,QAAA,EAAU;AAC5D,QAAA,IAAA,CAAK,aAAa,KAAA,CAAM,UAAA;AAAA,MAC1B;AACA,MAAA,IAAI,KAAA,CAAM,SAAA,EAAW,IAAA,CAAK,SAAA,GAAY,KAAA,CAAM,SAAA;AAE5C,MAAA,MAAM,GAAA,GAAM,MAAM,WAAA,CAA6B,MAAA,EAAQ;AAAA,QACrD,MAAA,EAAQ,MAAA;AAAA,QACR,IAAA,EAAM,6BAAA;AAAA,QACN,IAAA;AAAA,QACA,WAAA,EAAa;AAAA,OACd,CAAA;AAED,MAAA,IAAI,CAAC,OAAO,GAAA,CAAI,EAAA,KAAO,QAAQ,OAAO,GAAA,CAAI,YAAY,QAAA,EAAU;AAC9D,QAAA,MAAM,IAAI,WAAA,CAAY,kBAAA,EAAoB,oCAAoC,CAAA;AAAA,MAChF;AACA,MAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,OAAA,EAAS,IAAI,OAAA,EAAQ;AAAA,IAC1C,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAYA,MAAM,KAAA,EAAkC;AACtC,MAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACzC,MAAA,IAAI,OAAO,KAAA,CAAM,IAAA,KAAS,YAAY,KAAA,CAAM,IAAA,CAAK,WAAW,CAAA,EAAG;AAC/D,MAAA,IAAI,KAAA,CAAM,IAAA,CAAK,MAAA,GAAS,GAAA,EAAK;AAC7B,MAAA,KAAA,CAAM,KAAK,KAAK,CAAA;AAChB,MAAA,IAAI,KAAA,CAAM,UAAU,eAAA,EAAiB;AAEnC,QAAA,IAAI,UAAA,EAAY;AAAE,UAAA,YAAA,CAAa,UAAU,CAAA;AAAG,UAAA,UAAA,GAAa,IAAA;AAAA,QAAM;AAC/D,QAAA,KAAK,UAAA,EAAW;AAAA,MAClB,CAAA,MAAO;AACL,QAAA,aAAA,EAAc;AAAA,MAChB;AAAA,IACF,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,MAAM,KAAA,GAAuB;AAC3B,MAAA,IAAI,UAAA,EAAY;AACd,QAAA,YAAA,CAAa,UAAU,CAAA;AACvB,QAAA,UAAA,GAAa,IAAA;AAAA,MACf;AAEA,MAAA,IAAI,gBAAgB,MAAM,cAAA;AAC1B,MAAA,MAAM,UAAA,EAAW;AAAA,IACnB,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAiBA,MAAM,IAAI,KAAA,EAAoD;AAC5D,MAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,QAAA,MAAM,IAAI,WAAA,CAAY,mBAAA,EAAqB,uBAAuB,CAAA;AAAA,MACpE;AACA,MAAA,IAAI,CAAC,gBAAA,CAAiB,QAAA,CAAS,KAAA,CAAM,KAAK,CAAA,EAAG;AAC3C,QAAA,MAAM,IAAI,YAAY,mBAAA,EAAqB,CAAA,qBAAA,EAAwB,iBAAiB,IAAA,CAAK,IAAI,CAAC,CAAA,CAAE,CAAA;AAAA,MAClG;AACA,MAAA,IAAI,OAAO,KAAA,CAAM,OAAA,KAAY,YAAY,KAAA,CAAM,OAAA,CAAQ,WAAW,CAAA,EAAG;AACnE,QAAA,MAAM,IAAI,WAAA,CAAY,mBAAA,EAAqB,qBAAqB,CAAA;AAAA,MAClE;AACA,MAAA,IAAI,KAAA,CAAM,OAAA,CAAQ,MAAA,GAAS,GAAA,EAAO;AAChC,QAAA,MAAM,IAAI,WAAA,CAAY,mBAAA,EAAqB,wBAAwB,CAAA;AAAA,MACrE;AAGA,MAAA,IAAI,MAAA,CAAO,QAAQ,KAAA,EAAO;AACxB,QAAA,MAAM,EAAA,GAAK,UAAA,CAAW,KAAA,CAAM,KAAK,CAAA;AACjC,QAAA,EAAA,CAAG,CAAA,aAAA,EAAgB,KAAA,CAAM,KAAK,CAAA,EAAA,EAAK,KAAA,CAAM,OAAO,CAAA,CAAA,EAAI,KAAA,CAAM,QAAA,IAAY,EAAE,CAAA;AACxE,QAAA,OAAO,EAAE,EAAA,EAAI,IAAA,EAAM,IAAA,EAAM,MAAA,EAAO;AAAA,MAClC;AAEA,MAAA,MAAM,IAAA,GAAgC;AAAA,QACpC,OAAO,KAAA,CAAM,KAAA;AAAA,QACb,SAAS,KAAA,CAAM;AAAA,OACjB;AACA,MAAA,IAAI,KAAA,CAAM,QAAA,EAAU,IAAA,CAAK,QAAA,GAAW,KAAA,CAAM,QAAA;AAI1C,MAAA,MAAM,WAAA,GAAc,KAAA,CAAM,WAAA,IAAe,MAAA,CAAO,SAAA;AAChD,MAAA,IAAI,WAAA,OAAkB,WAAA,GAAc,WAAA;AAIpC,MAAA,IAAI,MAAM,KAAA,CAAM,aAAA;AAChB,MAAA,IAAI,CAAC,GAAA,EAAK;AACR,QAAA,IAAI;AAEF,UAAA,MAAM,IAAK,UAAA,CAAmB,qBAAA;AAC9B,UAAA,IAAI,OAAO,CAAA,KAAM,QAAA,IAAY,CAAA,CAAE,MAAA,GAAS,GAAG,GAAA,GAAM,CAAA;AAAA,QACnD,CAAA,CAAA,MAAQ;AAAA,QAER;AAAA,MACF;AAEA,MAAA,MAAM,UAAkC,EAAC;AACzC,MAAA,IAAI,GAAA,EAAK,OAAA,CAAQ,kBAAkB,CAAA,GAAI,GAAA;AAEvC,MAAA,MAAM,GAAA,GAAM,MAAM,WAAA,CAAuB,MAAA,EAAQ;AAAA,QAC/C,MAAA,EAAQ,MAAA;AAAA,QACR,IAAA,EAAM,2BAAA;AAAA,QACN,IAAA;AAAA,QACA,WAAA,EAAa,IAAA;AAAA,QACb;AAAA,OACD,CAAA;AAED,MAAA,IAAI,CAAC,GAAA,IAAO,GAAA,CAAI,EAAA,KAAO,IAAA,EAAM;AAC3B,QAAA,MAAM,IAAI,WAAA,CAAY,kBAAA,EAAoB,mCAAmC,CAAA;AAAA,MAC/E;AACA,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,IAAA;AAAA,QACJ,OAAO,OAAO,GAAA,CAAI,KAAA,KAAU,QAAA,GAAW,IAAI,KAAA,GAAQ,MAAA;AAAA,QACnD,IAAA,EAAM;AAAA,OACR;AAAA,IACF;AAAA,GACF;AACF","file":"telemetry.mjs","sourcesContent":["/**\r\n * Erros tipados do SDK.\r\n *\r\n * Todo erro lançado pelo SDK estende `NeetruError` — caller pode discriminar\r\n * por `.code` (string estável) sem parsing de message.\r\n */\r\n\r\n/** Códigos de erro estáveis do SDK. Adicionar aqui requer minor bump. */\r\nexport type NeetruErrorCode =\r\n | 'invalid_config'\r\n | 'missing_api_key'\r\n | 'unauthorized'\r\n | 'forbidden'\r\n | 'not_found'\r\n | 'rate_limited'\r\n | 'validation_failed'\r\n | 'network_error'\r\n | 'invalid_response'\r\n | 'server_error'\r\n | 'token_expired'\r\n | 'token_invalid_signature'\r\n | 'token_invalid_audience'\r\n | 'token_invalid_issuer'\r\n /** 3.0: runtime não expõe API necessária (ex: WebCrypto ausente). */\r\n | 'runtime_unsupported'\r\n /**\r\n * 3.1.3 (bug_c1c96a00): o `state` retornado pelo IdP no callback OIDC não bate com o gerado em\r\n * `signIn` (CSRF). Também usado quando não há transação OIDC pendente.\r\n */\r\n | 'oidc_state_mismatch'\r\n /** HTTP 409 — colisão de idempotência ou conflito de recurso. */\r\n | 'conflict'\r\n | 'unknown';\r\n\r\n/**\r\n * Erro tipado padrão do SDK. Sempre lançado em vez de Error genérico.\r\n *\r\n * @example\r\n * ```ts\r\n * try { await client.catalog.list(); }\r\n * catch (e) {\r\n * if (e instanceof NeetruError && e.code === 'rate_limited') retry();\r\n * }\r\n * ```\r\n */\r\nexport class NeetruError extends Error {\r\n public readonly code: NeetruErrorCode | string;\r\n public readonly status?: number;\r\n public readonly requestId?: string;\r\n\r\n constructor(\r\n code: NeetruErrorCode | string,\r\n message: string,\r\n status?: number,\r\n requestId?: string,\r\n ) {\r\n super(message);\r\n this.name = 'NeetruError';\r\n this.code = code;\r\n this.status = status;\r\n this.requestId = requestId;\r\n // Preserva o prototype chain ao herdar de Error (downlevel quirk de TS).\r\n Object.setPrototypeOf(this, NeetruError.prototype);\r\n }\r\n}\r\n","/**\n * Idempotency-Key helper — gera UUID v4 cripto-seguro para identificar\n * mutations não-idempotentes (`usage.report`, `support.createTicket`,\n * `notifications.send`, `webhooks.test`).\n *\n * Estratégia 3.0:\n * - SDK gera UUID v4 por chamada via `randomUUID()` (WebCrypto.subtle não\n * necessário aqui — `crypto.randomUUID()` está em Node 14.17+ e em todos\n * os browsers/Edge runtimes modernos).\n * - Header `Idempotency-Key: <uuid>` é injetado pelo `httpRequest` quando\n * `opts.idempotencyKey === true` OU caller passa explicit `opts.idempotencyKeyValue`.\n * - Core dedup em coleção `usage_idempotency_keys/{key}` TTL 24h (vide\n * `docs/CORE_CHANGES_REQUIRED.md` §2). Se Core ainda não dedupa, o header\n * é benign (ignorado).\n *\n * Defesa em camadas: combinado com `retries: 0` em POSTs (vide http.ts), o\n * risco de double-write em transientes vai pra zero.\n */\nimport { NeetruError } from './errors';\n\n/**\n * Gera UUID v4 criptograficamente seguro. Universal: Node 14.17+, browsers\n * modernos, Edge runtimes (Workers/Vercel Edge/Cloudflare).\n *\n * Fallback puro-JS removido em 3.0 — `crypto.randomUUID()` é ubíquo desde\n * 2022. Se runtime não tem, lança `NeetruError('runtime_unsupported')`\n * (consumer deve polyfillar).\n *\n * **L-01 fix (Opus review 2026-05-27):** antes lançava `Error` cru, que\n * não era pego por `catch (err) { if (err instanceof NeetruError) ... }`\n * dos consumers. Agora throw canonical.\n *\n * @throws NeetruError('runtime_unsupported') se `crypto.randomUUID` não disponível.\n */\nexport function generateIdempotencyKey(): string {\n // WebCrypto (browser/Edge) e Node 14.17+ expõem `crypto.randomUUID()`.\n // Node anterior precisa de `node:crypto` mas SDK 3.0 exige Node ≥20 (vide engines).\n const cryptoObj: { randomUUID?: () => string } | undefined =\n typeof globalThis !== 'undefined' && 'crypto' in globalThis\n ? (globalThis as { crypto?: { randomUUID?: () => string } }).crypto\n : undefined;\n if (cryptoObj && typeof cryptoObj.randomUUID === 'function') {\n return cryptoObj.randomUUID();\n }\n throw new NeetruError(\n 'runtime_unsupported',\n 'crypto.randomUUID not available in this runtime. SDK 3.0 requires Node ≥20 or modern browser/Edge.',\n );\n}\n\n/** Regex UUID v4 — validação para uso interno. */\nexport const UUID_V4_RE =\n /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;\n","/**\r\n * HTTP transport interno do SDK.\r\n *\r\n * Responsabilidades:\r\n * - Construir URL absoluta a partir de `baseUrl` + path\r\n * - Injetar Bearer token quando `requireAuth=true`\r\n * - Mapear status HTTP → `NeetruError` com `code` estável\r\n * - Parse defensivo de JSON (não lança em body vazio em 204)\r\n * - Retry/backoff exponencial em `rate_limited` (429), `server_error` (5xx)\r\n * e `network_error` (timeout/falha de rede). Honra `Retry-After` quando\r\n * presente.\r\n * - **Captura `X-Neetru-Version`** das respostas e emite `console.warn` quando\r\n * o Core está abaixo da versão mínima para a major do SDK.\r\n *\r\n * Política de retries (mudança breaking 3.0):\r\n * - GET/HEAD: default 2 retries (3 tentativas total) — idempotente, seguro.\r\n * - POST/PUT/PATCH/DELETE: default **0 retries** — mutations podem duplicar\r\n * side effects (ex: `usage.report` incrementa contador). Caller pode\r\n * reativar passando `retries: N` explicitamente ou usar `Idempotency-Key`\r\n * header (gerado automaticamente se `opts.idempotencyKey=true`).\r\n *\r\n * Idempotency-Key (3.0):\r\n * - `opts.idempotencyKey === true` → SDK gera UUID v4 e injeta header.\r\n * - `opts.idempotencyKey === 'uuid-string'` → usa o valor passado.\r\n * - Caller mantém retentos client-side se quiser; Core dedup serverside\r\n * (vide `docs/CORE_CHANGES_REQUIRED.md` §2).\r\n */\r\nimport { NeetruError, type NeetruErrorCode } from './errors';\r\nimport { generateIdempotencyKey } from './idempotency';\r\nimport type { ResolvedConfig } from './types';\r\n\r\n// ─── Compat Matrix SDK↔Core ──────────────────────────────────────────────────\r\n\r\n/**\r\n * Matriz de compatibilidade SDK major → versão mínima do Core.\r\n *\r\n * Formato do Core: CalVer `YYYY.MM.patch+revision` (ex: `2026.05.1+neetru-core-00096-79t`).\r\n * A comparação é feita apenas nas partes `YYYY.MM.patch` (prefixo antes de `+`).\r\n *\r\n * Quando o Core reporta `X-Neetru-Version` abaixo do mínimo para a SDK major\r\n * corrente, o SDK emite `console.warn` uma única vez por sessão de processo.\r\n *\r\n * Atualize esta tabela a cada major de SDK.\r\n */\r\nconst COMPAT_MATRIX: Record<number, string> = {\r\n // SDK major 3.x requer Core ≥ 2026.05.1 (suporte a X-Neetru-Version header,\r\n // runTransaction write-after-read, verifyWebhookRequest, webhooks 3.0+)\r\n 3: '2026.05.1',\r\n};\r\n\r\n/** CalVer sem sufixo `+revision`. Ex: `2026.05.1+abc` → `2026.05.1`. */\r\nfunction stripRevision(v: string): string {\r\n return v.split('+')[0] ?? v;\r\n}\r\n\r\n/**\r\n * Compara dois CalVer (`YYYY.MM.patch`). Retorna negativo se `a < b`,\r\n * positivo se `a > b`, 0 se iguais. Partes não numéricas tratadas como 0.\r\n */\r\nfunction compareCalVer(a: string, b: string): number {\r\n const partsA = stripRevision(a).split('.').map(Number);\r\n const partsB = stripRevision(b).split('.').map(Number);\r\n const len = Math.max(partsA.length, partsB.length);\r\n for (let i = 0; i < len; i++) {\r\n const pa = partsA[i] ?? 0;\r\n const pb = partsB[i] ?? 0;\r\n if (pa !== pb) return pa - pb;\r\n }\r\n return 0;\r\n}\r\n\r\n/** Lê a SDK major a partir da string `VERSION` exportada de `./index`. Fallback 3. */\r\nfunction getSdkMajor(): number {\r\n try {\r\n // Importação estática não disponível aqui (evita ciclo). Usa variável injetada\r\n // em tempo de build pela tsup via `define`. Fallback para 3 (current major).\r\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\r\n const ver = (globalThis as any).__NEETRU_SDK_VERSION__ as string | undefined;\r\n if (ver) return parseInt(ver.split('.')[0] ?? '3', 10);\r\n } catch {\r\n // ignore\r\n }\r\n return 3;\r\n}\r\n\r\n/** Aviso emitido no máximo uma vez por major detectada pra não spammar logs. */\r\nconst _warnedCoreTooOld = new Set<string>();\r\n\r\n/**\r\n * Verifica se a versão do Core (`X-Neetru-Version`) é compatível com a SDK major.\r\n * Emite `console.warn` quando incompatível (uma vez por processo por versão detectada).\r\n */\r\nexport function checkCoreVersionCompat(coreVersion: string): void {\r\n if (!coreVersion) return;\r\n const sdkMajor = getSdkMajor();\r\n const minCore = COMPAT_MATRIX[sdkMajor];\r\n if (!minCore) return; // sem restrição para esta major\r\n const stripped = stripRevision(coreVersion);\r\n if (compareCalVer(stripped, minCore) < 0) {\r\n const key = `${sdkMajor}:${stripped}`;\r\n if (!_warnedCoreTooOld.has(key)) {\r\n _warnedCoreTooOld.add(key);\r\n console.warn(\r\n `[Neetru SDK] Atenção: Core versão \"${coreVersion}\" é anterior ao mínimo recomendado` +\r\n ` \"${minCore}\" para SDK major ${sdkMajor}. Alguns recursos podem não funcionar` +\r\n ` corretamente. Atualize o Core para a versão mais recente.`,\r\n );\r\n }\r\n }\r\n}\r\n\r\n/** Opções da request HTTP. */\r\nexport interface HttpRequestOptions {\r\n method?: 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';\r\n /** Path relativo (ex: `/api/v1/cli/catalog`). Concatenado a `baseUrl`. */\r\n path: string;\r\n /** Query string params (chave → valor primitivo). Valores `undefined` ignorados. */\r\n query?: Record<string, string | number | boolean | undefined>;\r\n /** Body JSON-serializável. Ignorado em GET/DELETE. */\r\n body?: unknown;\r\n /**\r\n * Se true, injeta `Authorization: Bearer <apiKey>`. Lança `missing_api_key`\r\n * se config.apiKey ausente. Default false.\r\n */\r\n requireAuth?: boolean;\r\n /** Cabeçalhos extras. */\r\n headers?: Record<string, string>;\r\n /**\r\n * Número de retries em códigos transientes (`rate_limited`, `server_error`,\r\n * `network_error`).\r\n *\r\n * Default (3.0):\r\n * - GET/HEAD: 2 (= 3 tentativas total) — idempotente, seguro.\r\n * - POST/PUT/PATCH/DELETE: 0 — mutations podem duplicar side effects.\r\n *\r\n * Caller pode reativar passando explicitamente: `retries: 2`.\r\n */\r\n retries?: number;\r\n /**\r\n * Injeta `Idempotency-Key` header pra dedup serverside (3.0):\r\n * - `true` → SDK gera UUID v4 cripto-seguro automaticamente.\r\n * - string → usa o valor passado (deve ser UUID v4).\r\n * - `undefined`/`false` → sem header.\r\n */\r\n idempotencyKey?: boolean | string;\r\n}\r\n\r\nconst DEFAULT_RETRIES_READ = 2;\r\nconst DEFAULT_RETRIES_WRITE = 0;\r\nconst READ_METHODS = new Set(['GET', 'HEAD']);\r\nconst RETRYABLE_CODES = new Set<NeetruErrorCode>([\r\n 'rate_limited',\r\n 'server_error',\r\n 'network_error',\r\n]);\r\n\r\n/** Backoff exponencial com jitter ±20%. attempt: 0=primeira, 1=primeiro retry, ... */\r\nfunction backoffMs(attempt: number): number {\r\n const base = 200 * Math.pow(4, attempt); // 200ms, 800ms, 3.2s, ...\r\n const jitter = base * 0.2 * (Math.random() * 2 - 1);\r\n return Math.max(50, Math.round(base + jitter));\r\n}\r\n\r\n/**\r\n * Honra `Retry-After` header (segundos ou HTTP-date). Retorna ms ou null se\r\n * inválido. RFC 9110 §10.2.3.\r\n *\r\n * Bug fix: sem teto, um servidor hostil/mal-configurado poderia retornar\r\n * `Retry-After: 86400` (24h) ou uma HTTP-date anos no futuro, pendurando o\r\n * processo indefinidamente. Aplica teto de MAX_RETRY_AFTER_MS em ambos os caminhos.\r\n */\r\nconst MAX_RETRY_AFTER_MS = 60_000; // 60s — teto razoável para retry automático\r\n\r\nfunction parseRetryAfter(value: string | null): number | null {\r\n if (!value) return null;\r\n const secs = Number(value);\r\n if (Number.isFinite(secs) && secs >= 0) return Math.min(Math.round(secs * 1000), MAX_RETRY_AFTER_MS);\r\n const dateMs = Date.parse(value);\r\n if (Number.isFinite(dateMs)) {\r\n const delta = dateMs - Date.now();\r\n if (delta > 0) return Math.min(delta, MAX_RETRY_AFTER_MS);\r\n }\r\n return null;\r\n}\r\n\r\nfunction sleep(ms: number): Promise<void> {\r\n return new Promise((resolve) => setTimeout(resolve, ms));\r\n}\r\n\r\n/** Mapeamento status → code estável do NeetruError. */\r\nfunction statusToCode(status: number): NeetruErrorCode {\r\n if (status === 401) return 'unauthorized';\r\n if (status === 403) return 'forbidden';\r\n if (status === 404) return 'not_found';\r\n if (status === 409) return 'conflict'; // Bug fix: 409 vira 'conflict' (não 'unknown')\r\n if (status === 422 || status === 400) return 'validation_failed';\r\n if (status === 429) return 'rate_limited';\r\n if (status >= 500) return 'server_error';\r\n return 'unknown';\r\n}\r\n\r\nfunction buildUrl(baseUrl: string, path: string, query?: HttpRequestOptions['query']): string {\r\n // Trim trailing slash em base e leading em path pra evitar `//`.\r\n const base = baseUrl.replace(/\\/+$/, '');\r\n const p = path.startsWith('/') ? path : `/${path}`;\r\n const url = new URL(`${base}${p}`);\r\n if (query) {\r\n for (const [k, v] of Object.entries(query)) {\r\n if (v === undefined) continue;\r\n url.searchParams.set(k, String(v));\r\n }\r\n }\r\n return url.toString();\r\n}\r\n\r\n/** Parse JSON defensivo — retorna `undefined` em body vazio. */\r\nasync function safeJson(res: Response): Promise<unknown> {\r\n const text = await res.text();\r\n if (!text) return undefined;\r\n try {\r\n return JSON.parse(text);\r\n } catch {\r\n return undefined;\r\n }\r\n}\r\n\r\n/**\r\n * Executa request HTTP. Em sucesso retorna body parseado; em erro lança\r\n * `NeetruError` com `code` derivado do status. Aplica retry/backoff\r\n * automático em códigos transientes (rate_limited/server_error/network_error)\r\n * conforme `opts.retries` (default 2 = 3 tentativas).\r\n */\r\nexport async function httpRequest<T>(\r\n config: ResolvedConfig,\r\n opts: HttpRequestOptions,\r\n): Promise<T> {\r\n const method = opts.method ?? 'GET';\r\n const url = buildUrl(config.baseUrl, opts.path, opts.query);\r\n // Default por método: reads tentam 2x, writes 0x. Caller override sempre vence.\r\n const defaultRetries = READ_METHODS.has(method)\r\n ? DEFAULT_RETRIES_READ\r\n : DEFAULT_RETRIES_WRITE;\r\n const maxRetries = opts.retries ?? defaultRetries;\r\n\r\n const headers: Record<string, string> = {\r\n accept: 'application/json',\r\n ...opts.headers,\r\n };\r\n\r\n if (opts.requireAuth) {\r\n if (!config.apiKey) {\r\n throw new NeetruError(\r\n 'missing_api_key',\r\n 'This operation requires an apiKey. Pass it to createNeetruClient({ apiKey }) or set NEETRU_API_KEY env var.',\r\n );\r\n }\r\n headers.authorization = `Bearer ${config.apiKey}`;\r\n }\r\n\r\n // Idempotency-Key: gerado por chamada se solicitado. UUID v4 cripto-seguro.\r\n if (opts.idempotencyKey) {\r\n const key =\r\n typeof opts.idempotencyKey === 'string'\r\n ? opts.idempotencyKey\r\n : generateIdempotencyKey();\r\n headers['idempotency-key'] = key;\r\n }\r\n\r\n // Body só é serializado uma vez — reusado entre tentativas.\r\n const bodyString =\r\n opts.body !== undefined && method !== 'GET' && method !== 'DELETE'\r\n ? JSON.stringify(opts.body)\r\n : undefined;\r\n if (bodyString !== undefined) {\r\n headers['content-type'] = 'application/json';\r\n }\r\n\r\n let lastError: NeetruError | null = null;\r\n\r\n for (let attempt = 0; attempt <= maxRetries; attempt++) {\r\n const init: RequestInit = { method, headers };\r\n if (bodyString !== undefined) init.body = bodyString;\r\n // BUG-020 fix (2026-05-13): timeout default 30s. AbortSignal.timeout\r\n // requer Node 18+ ou browsers recentes.\r\n init.signal = AbortSignal.timeout(30_000);\r\n\r\n let res: Response;\r\n try {\r\n res = await config.fetch(url, init);\r\n } catch (err) {\r\n const message =\r\n err instanceof DOMException && err.name === 'TimeoutError'\r\n ? 'Network error: timeout after 30s'\r\n : `Network error: ${err instanceof Error ? err.message : 'fetch failed'}`;\r\n lastError = new NeetruError('network_error', message);\r\n if (attempt < maxRetries) {\r\n await sleep(backoffMs(attempt));\r\n continue;\r\n }\r\n throw lastError;\r\n }\r\n\r\n const requestId =\r\n res.headers.get('x-request-id') ?? res.headers.get('x-correlation-id') ?? undefined;\r\n\r\n if (res.ok) {\r\n // Captura X-Neetru-Version e verifica compat com a SDK major.\r\n const coreVersion = res.headers.get('x-neetru-version');\r\n if (coreVersion) checkCoreVersionCompat(coreVersion);\r\n const parsed = await safeJson(res);\r\n return parsed as T;\r\n }\r\n\r\n const body = (await safeJson(res)) as\r\n | { error?: { code?: string; message?: string } | string }\r\n | undefined;\r\n let code: string = statusToCode(res.status);\r\n let message = `HTTP ${res.status}`;\r\n if (body && typeof body === 'object' && 'error' in body) {\r\n const errField = body.error;\r\n if (typeof errField === 'string') {\r\n message = errField;\r\n } else if (errField && typeof errField === 'object') {\r\n if (typeof errField.code === 'string') code = errField.code;\r\n if (typeof errField.message === 'string') message = errField.message;\r\n }\r\n }\r\n const err = new NeetruError(code, message, res.status, requestId);\r\n lastError = err;\r\n\r\n const isRetryable = RETRYABLE_CODES.has(code as NeetruErrorCode);\r\n if (isRetryable && attempt < maxRetries) {\r\n const retryAfter = parseRetryAfter(res.headers.get('retry-after'));\r\n const delay = retryAfter ?? backoffMs(attempt);\r\n await sleep(delay);\r\n continue;\r\n }\r\n throw err;\r\n }\r\n\r\n // Unreachable — loop sempre retorna ou lança. Safety net.\r\n throw lastError ?? new NeetruError('unknown', 'unexpected httpRequest exit');\r\n}\r\n","/**\r\n * Telemetria — emite eventos do produto cliente pro Core.\r\n *\r\n * APIs disponíveis:\r\n * - `event(input)` — chamada single-shot, await retorna { ok, eventId }.\r\n * `POST /api/sdk/v1/telemetry/event` — persiste em `usage_events/{id}`.\r\n * - `track(input)` — fire-and-forget (v1.2). Enqueue + flush 500ms debounce.\r\n * Reusa o mesmo endpoint mas não bloqueia o caller — ideal pra alta\r\n * frequência (cliques, page-views). Falhas viram warning no console.\r\n * - `flush()` — força flush imediato da queue (chamar antes de unload).\r\n * - `log(input)` — log estruturado `POST /api/sdk/v1/telemetry/log` com\r\n * Bearer + correlationId. Em `NEETRU_ENV=dev` cai pra console.{level}.\r\n */\r\nimport { NeetruError } from './errors';\r\nimport { httpRequest } from './http';\r\nimport type {\r\n ResolvedConfig,\r\n TelemetryEventAck,\r\n TelemetryEventInput,\r\n TelemetryLogAck,\r\n TelemetryLogInput,\r\n TelemetryLogLevel,\r\n} from './types';\r\n\r\ninterface RawTelemetryAck {\r\n ok?: boolean;\r\n eventId?: string;\r\n}\r\n\r\ninterface RawLogAck {\r\n ok?: boolean;\r\n logId?: string;\r\n}\r\n\r\nconst VALID_LOG_LEVELS: readonly TelemetryLogLevel[] = ['debug', 'info', 'warn', 'error', 'fatal'];\r\n\r\nfunction consoleFor(level: TelemetryLogLevel): (message?: unknown, ...optional: unknown[]) => void {\r\n switch (level) {\r\n case 'debug': return console.debug.bind(console);\r\n case 'info': return console.info.bind(console);\r\n case 'warn': return console.warn.bind(console);\r\n case 'error': return console.error.bind(console);\r\n case 'fatal': return console.error.bind(console);\r\n default: return console.log.bind(console);\r\n }\r\n}\r\n\r\n/** Janela de debounce do `track()` antes de drenar a queue. */\r\nconst TRACK_FLUSH_MS = 500;\r\n/** Limite de eventos na queue antes de flush forçado (defensivo). */\r\nconst TRACK_MAX_QUEUE = 50;\r\n\r\nexport function createTelemetryNamespace(config: ResolvedConfig) {\r\n // Queue local pra track() — fire-and-forget batchado.\r\n const queue: TelemetryEventInput[] = [];\r\n let flushTimer: ReturnType<typeof setTimeout> | null = null;\r\n // bug: flush() precisava aguardar drain já em voo p/ não resolver antes do envio\r\n let _inflightDrain: Promise<void> | null = null;\r\n\r\n async function drainQueue(): Promise<void> {\r\n if (queue.length === 0) return;\r\n // (a) Capture the current batch BEFORE the async boundary so that any\r\n // track() call arriving during the await works on a clean queue.\r\n const batch = queue.splice(0, queue.length);\r\n // NOTE: flushTimer is intentionally NOT cleared here. Clearing it before\r\n // the await would let a concurrent track() schedule a second timer, fire\r\n // it while this flush is still in-flight, and produce duplicate concurrent\r\n // drainQueue calls. We clear it only after the await (see below).\r\n const work = Promise.allSettled(\r\n batch.map(async (ev) => {\r\n try {\r\n const body: Record<string, unknown> = { name: ev.name };\r\n if (ev.properties && typeof ev.properties === 'object') {\r\n body.properties = ev.properties;\r\n }\r\n if (ev.timestamp) body.timestamp = ev.timestamp;\r\n await httpRequest<RawTelemetryAck>(config, {\r\n method: 'POST',\r\n path: '/api/sdk/v1/telemetry/event',\r\n body,\r\n requireAuth: true,\r\n retries: 1,\r\n });\r\n } catch (err) {\r\n if (typeof console !== 'undefined') {\r\n console.warn('[neetru-sdk] telemetry.track flush failed for event', ev.name, err);\r\n }\r\n }\r\n }),\r\n );\r\n // Registra promise em voo para que flush() possa aguardar (bug finding 4)\r\n _inflightDrain = work.then(() => { _inflightDrain = null; });\r\n // (b) Release the timer slot AFTER the await so that any track() calls\r\n // that arrived during the flush and called scheduleFlush() were\r\n // correctly suppressed (flushTimer was still set). Now that the\r\n // in-flight requests are done we reset it and, if new events were\r\n // enqueued while we were awaiting, schedule the next flush.\r\n await work;\r\n flushTimer = null;\r\n // (c) If events arrived during the flush window, schedule the next drain.\r\n if (queue.length > 0) {\r\n scheduleFlush();\r\n }\r\n }\r\n\r\n function scheduleFlush(): void {\r\n if (flushTimer) return;\r\n flushTimer = setTimeout(() => {\r\n void drainQueue();\r\n }, TRACK_FLUSH_MS);\r\n }\r\n\r\n return {\r\n /**\r\n * Persiste um evento de uso. Lança `NeetruError` em qualquer falha\r\n * (incluindo rate-limit).\r\n *\r\n * @example\r\n * ```ts\r\n * await client.telemetry.event({\r\n * name: 'dashboard_opened',\r\n * properties: { plan: 'pro', tab: 'overview' },\r\n * });\r\n * ```\r\n */\r\n async event(input: TelemetryEventInput): Promise<TelemetryEventAck> {\r\n if (!input || typeof input !== 'object') {\r\n throw new NeetruError('validation_failed', 'event input is required');\r\n }\r\n if (typeof input.name !== 'string' || input.name.length === 0) {\r\n throw new NeetruError('validation_failed', 'event.name is required');\r\n }\r\n if (input.name.length > 128) {\r\n throw new NeetruError('validation_failed', 'event.name max 128 chars');\r\n }\r\n\r\n const body: Record<string, unknown> = { name: input.name };\r\n if (input.properties && typeof input.properties === 'object') {\r\n body.properties = input.properties;\r\n }\r\n if (input.timestamp) body.timestamp = input.timestamp;\r\n\r\n const raw = await httpRequest<RawTelemetryAck>(config, {\r\n method: 'POST',\r\n path: '/api/sdk/v1/telemetry/event',\r\n body,\r\n requireAuth: true,\r\n });\r\n\r\n if (!raw || raw.ok !== true || typeof raw.eventId !== 'string') {\r\n throw new NeetruError('invalid_response', 'Telemetry response missing eventId');\r\n }\r\n return { ok: true, eventId: raw.eventId };\r\n },\r\n\r\n /**\r\n * Fire-and-forget: enqueue + flush 500ms debounce. Não retorna `eventId`\r\n * — falhas são logadas como warning. Ideal pra alta frequência.\r\n *\r\n * @example\r\n * ```ts\r\n * client.telemetry.track({ name: 'page_view', properties: { path: '/' } });\r\n * // segue execução; flush async em background\r\n * ```\r\n */\r\n track(input: TelemetryEventInput): void {\r\n if (!input || typeof input !== 'object') return;\r\n if (typeof input.name !== 'string' || input.name.length === 0) return;\r\n if (input.name.length > 128) return;\r\n queue.push(input);\r\n if (queue.length >= TRACK_MAX_QUEUE) {\r\n // bug: timer pendente não era cancelado → dois drainQueue() concorrentes\r\n if (flushTimer) { clearTimeout(flushTimer); flushTimer = null; }\r\n void drainQueue();\r\n } else {\r\n scheduleFlush();\r\n }\r\n },\r\n\r\n /**\r\n * Força flush imediato da queue de `track()`. Resolva antes de\r\n * page unload / SSR boundary pra não perder eventos.\r\n */\r\n async flush(): Promise<void> {\r\n if (flushTimer) {\r\n clearTimeout(flushTimer);\r\n flushTimer = null;\r\n }\r\n // bug: flush() resolvia antes do drain já em voo terminar (finding 4)\r\n if (_inflightDrain) await _inflightDrain;\r\n await drainQueue();\r\n },\r\n\r\n /**\r\n * Registra um log estruturado per-product (Sprint 6).\r\n *\r\n * - `NEETRU_ENV=dev`: console.{level}, retorna ack mock.\r\n * - workspace/prod: HTTP POST com Bearer auth + correlationId no header.\r\n *\r\n * @example\r\n * ```ts\r\n * await client.telemetry.log({\r\n * level: 'error',\r\n * message: 'Falha ao calcular total',\r\n * metadata: { orderId: 'o-123' },\r\n * });\r\n * ```\r\n */\r\n async log(input: TelemetryLogInput): Promise<TelemetryLogAck> {\r\n if (!input || typeof input !== 'object') {\r\n throw new NeetruError('validation_failed', 'log input is required');\r\n }\r\n if (!VALID_LOG_LEVELS.includes(input.level)) {\r\n throw new NeetruError('validation_failed', `level must be one of ${VALID_LOG_LEVELS.join(', ')}`);\r\n }\r\n if (typeof input.message !== 'string' || input.message.length === 0) {\r\n throw new NeetruError('validation_failed', 'message is required');\r\n }\r\n if (input.message.length > 4_000) {\r\n throw new NeetruError('validation_failed', 'message max 4000 chars');\r\n }\r\n\r\n // Dev mode: console only, no network.\r\n if (config.env === 'dev') {\r\n const fn = consoleFor(input.level);\r\n fn(`[neetru-sdk] ${input.level}: ${input.message}`, input.metadata ?? {});\r\n return { ok: true, mode: 'mock' };\r\n }\r\n\r\n const body: Record<string, unknown> = {\r\n level: input.level,\r\n message: input.message,\r\n };\r\n if (input.metadata) body.metadata = input.metadata;\r\n // C4 (auditoria 2026-06-10): o Core exige productSlug fail-closed (400 sem\r\n // ele). Quando o consumer não passa explicito, default pro config.productId\r\n // (mesmo contrato de usage.report/support). O backend NÃO infere o slug.\r\n const productSlug = input.productSlug ?? config.productId;\r\n if (productSlug) body.productSlug = productSlug;\r\n\r\n // CorrelationId: explicit input wins; senão tenta lê de globalThis (set\r\n // por instrumentação do consumer).\r\n let cid = input.correlationId;\r\n if (!cid) {\r\n try {\r\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\r\n const g = (globalThis as any).NEETRU_CORRELATION_ID;\r\n if (typeof g === 'string' && g.length > 0) cid = g;\r\n } catch {\r\n /* ignore */\r\n }\r\n }\r\n\r\n const headers: Record<string, string> = {};\r\n if (cid) headers['x-correlation-id'] = cid;\r\n\r\n const raw = await httpRequest<RawLogAck>(config, {\r\n method: 'POST',\r\n path: '/api/sdk/v1/telemetry/log',\r\n body,\r\n requireAuth: true,\r\n headers,\r\n });\r\n\r\n if (!raw || raw.ok !== true) {\r\n throw new NeetruError('invalid_response', 'Telemetry log response missing ok');\r\n }\r\n return {\r\n ok: true,\r\n logId: typeof raw.logId === 'string' ? raw.logId : undefined,\r\n mode: 'http',\r\n };\r\n },\r\n };\r\n}\r\n"]}
|
|
@@ -21,6 +21,20 @@ interface CheckoutStartInput {
|
|
|
21
21
|
* Passe `false` se quiser controlar o redirect manualmente.
|
|
22
22
|
*/
|
|
23
23
|
autoRedirect?: boolean;
|
|
24
|
+
/**
|
|
25
|
+
* **C2 (auditoria 2026-06-10):** access_token OIDC do **usuário final** que
|
|
26
|
+
* está assinando. OBRIGATÓRIO no modo HTTP real — o endpoint de checkout do
|
|
27
|
+
* Core (`/api/v1/checkout/intents`) autentica a identidade do cliente (Bearer
|
|
28
|
+
* access_token OIDC ou cookie de sessão), NÃO a chave de API do SDK (`nrt_*`).
|
|
29
|
+
* Enviar a chave `nrt_*` resultava em 401 sempre. O SDK é BFF-pattern: o app
|
|
30
|
+
* consumidor gerencia o ciclo OIDC e passa o access_token aqui.
|
|
31
|
+
*/
|
|
32
|
+
accessToken?: string;
|
|
33
|
+
}
|
|
34
|
+
/** Auth por chamada do checkout — access_token OIDC do usuário final. */
|
|
35
|
+
interface CheckoutAuthOpts {
|
|
36
|
+
/** access_token OIDC do usuário final (vide CheckoutStartInput.accessToken). */
|
|
37
|
+
accessToken?: string;
|
|
24
38
|
}
|
|
25
39
|
interface CheckoutStartResult {
|
|
26
40
|
intentId: string;
|
|
@@ -54,10 +68,10 @@ interface CheckoutNamespace {
|
|
|
54
68
|
* Dev mode (`NEETRU_ENV=dev`): retorna URL fake `https://localhost:9003/portal/checkout/mock-XXXX`.
|
|
55
69
|
*/
|
|
56
70
|
start(input: CheckoutStartInput): Promise<CheckoutStartResult>;
|
|
57
|
-
/** Lê estado atual do intent (Core). */
|
|
58
|
-
get(intentId: string): Promise<CheckoutIntentInfo>;
|
|
59
|
-
/** Cancela um intent que ainda não virou `stripe_redirected`. */
|
|
60
|
-
cancel(intentId: string): Promise<{
|
|
71
|
+
/** Lê estado atual do intent (Core). Requer `opts.accessToken` no HTTP real. */
|
|
72
|
+
get(intentId: string, opts?: CheckoutAuthOpts): Promise<CheckoutIntentInfo>;
|
|
73
|
+
/** Cancela um intent que ainda não virou `stripe_redirected`. Requer `opts.accessToken` no HTTP real. */
|
|
74
|
+
cancel(intentId: string, opts?: CheckoutAuthOpts): Promise<{
|
|
61
75
|
ok: true;
|
|
62
76
|
alreadyCancelled: boolean;
|
|
63
77
|
}>;
|
|
@@ -73,8 +87,8 @@ interface CheckoutNamespace {
|
|
|
73
87
|
declare class MockCheckout implements CheckoutNamespace {
|
|
74
88
|
private readonly intents;
|
|
75
89
|
start(input: CheckoutStartInput): Promise<CheckoutStartResult>;
|
|
76
|
-
get(intentId: string): Promise<CheckoutIntentInfo>;
|
|
77
|
-
cancel(intentId: string): Promise<{
|
|
90
|
+
get(intentId: string, _opts?: CheckoutAuthOpts): Promise<CheckoutIntentInfo>;
|
|
91
|
+
cancel(intentId: string, _opts?: CheckoutAuthOpts): Promise<{
|
|
78
92
|
ok: true;
|
|
79
93
|
alreadyCancelled: boolean;
|
|
80
94
|
}>;
|
|
@@ -228,10 +242,20 @@ interface WebhooksNamespace {
|
|
|
228
242
|
* Constant-time compare via byte-level XOR accumulator (não usa
|
|
229
243
|
* `timingSafeEqual` do Node porque WebCrypto não tem equivalente direto).
|
|
230
244
|
*
|
|
245
|
+
* **3.1.3 (auditoria 2026-06-10)**: o Core assina HMAC sobre
|
|
246
|
+
* `` `${timestamp}.${rawBody}` `` (vide `computeWebhookSignature` em
|
|
247
|
+
* `functions/src/lib/webhook-delivery-core.ts`) — o `timestamp` é o valor do
|
|
248
|
+
* header `X-Neetru-Timestamp`. Passe-o no 4º parâmetro; sem ele o HMAC é
|
|
249
|
+
* computado só sobre o body e NUNCA confere com entregas reais do Core.
|
|
250
|
+
* Prefira `verifyWebhookRequest`, que lê os headers e já faz tudo.
|
|
251
|
+
*
|
|
231
252
|
* @param payload Corpo cru da request (string ou Uint8Array). NÃO use o objeto
|
|
232
253
|
* parseado — JSON.stringify pode diferir do que foi assinado.
|
|
233
254
|
* @param signature Header `X-Neetru-Signature` recebido (formato `sha256=<hex>`).
|
|
234
255
|
* @param secret Secret registrado em `webhooks.register({ secret })`.
|
|
256
|
+
* @param timestamp Valor do header `X-Neetru-Timestamp` (ms epoch). Quando
|
|
257
|
+
* presente, o HMAC cobre `` `${timestamp}.${payload}` ``
|
|
258
|
+
* (esquema canônico do Core — replay protection embutida).
|
|
235
259
|
* @returns Promise<boolean> — true se assinatura confere, false caso contrário.
|
|
236
260
|
*
|
|
237
261
|
* @example
|
|
@@ -240,7 +264,8 @@ interface WebhooksNamespace {
|
|
|
240
264
|
* export async function POST(req: Request) {
|
|
241
265
|
* const raw = await req.text();
|
|
242
266
|
* const sig = req.headers.get('X-Neetru-Signature');
|
|
243
|
-
* const
|
|
267
|
+
* const ts = req.headers.get('X-Neetru-Timestamp');
|
|
268
|
+
* const ok = await verifyWebhookSignature(raw, sig, process.env.NEETRU_WEBHOOK_SECRET!, ts ?? undefined);
|
|
244
269
|
* if (!ok) return new Response('unauthorized', { status: 401 });
|
|
245
270
|
* const event = JSON.parse(raw);
|
|
246
271
|
* // ... handle event
|
|
@@ -252,7 +277,7 @@ interface WebhooksNamespace {
|
|
|
252
277
|
* Não retorna `false` silencioso — caller precisa distinguir "assinatura
|
|
253
278
|
* inválida" (return false) de "ambiente não suporta" (throw).
|
|
254
279
|
*/
|
|
255
|
-
declare function verifyWebhookSignature(payload: string | Uint8Array, signature: string | null | undefined, secret: string): Promise<boolean>;
|
|
280
|
+
declare function verifyWebhookSignature(payload: string | Uint8Array, signature: string | null | undefined, secret: string, timestamp?: string | number): Promise<boolean>;
|
|
256
281
|
/**
|
|
257
282
|
* Opções de `verifyWebhookRequest`.
|
|
258
283
|
*/
|
|
@@ -1660,6 +1685,17 @@ interface NeetruClientConfig {
|
|
|
1660
1685
|
* (entitlements, telemetry) lançam `missing_api_key` se ausente.
|
|
1661
1686
|
*/
|
|
1662
1687
|
apiKey?: string;
|
|
1688
|
+
/**
|
|
1689
|
+
* 3.1.3 — `client_id` do client OIDC confidencial do produto, registrado em
|
|
1690
|
+
* `oidc_clients/{id}` no Core (par id + segredo, modelo Firebase/Facebook).
|
|
1691
|
+
*
|
|
1692
|
+
* Usado como `client_id` no fluxo `auth.signIn()` (Authorization Code + PKCE).
|
|
1693
|
+
* É **distinto** do `keyId` embutido na `apiKey` (`nrt_<keyId>_<secret>`), que
|
|
1694
|
+
* identifica a API key de máquina — não um client OIDC. Se ausente, `signIn`
|
|
1695
|
+
* cai no `keyId` por compat, mas o `/authorize` do Core só reconhece um
|
|
1696
|
+
* `oidc_clients` válido, então registre e passe `oidcClientId` em produção.
|
|
1697
|
+
*/
|
|
1698
|
+
oidcClientId?: string;
|
|
1663
1699
|
/**
|
|
1664
1700
|
* URL base da API Neetru. Default: `https://api.neetru.com`.
|
|
1665
1701
|
* Útil em testes apontando pra staging ou mock server.
|
|
@@ -1803,7 +1839,8 @@ interface TelemetryLogInput {
|
|
|
1803
1839
|
metadata?: Record<string, unknown>;
|
|
1804
1840
|
/** Override correlationId (default: lê dos headers/env automaticamente). */
|
|
1805
1841
|
correlationId?: string;
|
|
1806
|
-
/** Slug do produto
|
|
1842
|
+
/** Slug do produto. Se ausente, o SDK usa `config.productId` como default
|
|
1843
|
+
* (o backend NÃO infere — exige productSlug no body, fail-closed). */
|
|
1807
1844
|
productSlug?: string;
|
|
1808
1845
|
}
|
|
1809
1846
|
interface TelemetryLogAck {
|
|
@@ -1914,12 +1951,66 @@ interface SignInOptions {
|
|
|
1914
1951
|
postLoginRedirect?: string;
|
|
1915
1952
|
}
|
|
1916
1953
|
type AuthStateListener = (user: NeetruUser | null) => void;
|
|
1954
|
+
/**
|
|
1955
|
+
* 3.1.3 — Resultado de `auth.handleRedirectCallback()`: o material que o **backend
|
|
1956
|
+
* do produto** (confidential client) usa pra trocar o code por tokens no
|
|
1957
|
+
* endpoint `/api/v1/oauth/token` (POST x-www-form-urlencoded, `grant_type=
|
|
1958
|
+
* authorization_code`, autenticação `Basic base64(clientId:clientSecret)`).
|
|
1959
|
+
*
|
|
1960
|
+
* O SDK nunca faz essa troca no browser (exigiria o `client_secret`). Ele só
|
|
1961
|
+
* gera/valida o PKCE + state e entrega estes campos pro lado servidor.
|
|
1962
|
+
*/
|
|
1963
|
+
interface RedirectCallbackResult {
|
|
1964
|
+
/** `authorization_code` emitido pelo IdP — single-use, TTL curto. */
|
|
1965
|
+
code: string;
|
|
1966
|
+
/** PKCE `code_verifier` (RFC 7636) — enviar junto do code no `/token`. */
|
|
1967
|
+
codeVerifier: string;
|
|
1968
|
+
/**
|
|
1969
|
+
* `redirect_uri` exato usado no `/authorize`. O `/token` exige reenvio
|
|
1970
|
+
* idêntico (exact match) — passe este valor sem alterar.
|
|
1971
|
+
*/
|
|
1972
|
+
redirectUri: string;
|
|
1973
|
+
/**
|
|
1974
|
+
* `nonce` enviado no `/authorize`. O backend deve validar que o claim
|
|
1975
|
+
* `nonce` do `id_token` retornado bate com este valor (anti-replay OIDC).
|
|
1976
|
+
*/
|
|
1977
|
+
nonce: string;
|
|
1978
|
+
/** `state` validado (CSRF). Exposto pra logging/correlação. */
|
|
1979
|
+
state: string;
|
|
1980
|
+
/**
|
|
1981
|
+
* Destino pós-login que o app passou em `signIn({ postLoginRedirect })`.
|
|
1982
|
+
* `undefined` se não informado.
|
|
1983
|
+
*/
|
|
1984
|
+
postLoginRedirect?: string;
|
|
1985
|
+
}
|
|
1917
1986
|
interface AuthNamespace {
|
|
1918
1987
|
/**
|
|
1919
|
-
* Inicia fluxo de login OIDC
|
|
1920
|
-
* direto sem redirect. Em
|
|
1988
|
+
* Inicia fluxo de login OIDC (Authorization Code + PKCE). Em dev
|
|
1989
|
+
* (`NEETRU_ENV=dev`) retorna mock user direto sem redirect. Em browser
|
|
1990
|
+
* gera `state` (CSRF), `nonce` e o par PKCE `code_verifier`/`code_challenge`
|
|
1991
|
+
* (S256), persiste a transação em `sessionStorage` e redireciona pro
|
|
1992
|
+
* `/authorize`. Complete o fluxo no retorno com `handleRedirectCallback()`.
|
|
1921
1993
|
*/
|
|
1922
1994
|
signIn(options?: SignInOptions): Promise<NeetruUser | void>;
|
|
1995
|
+
/**
|
|
1996
|
+
* 3.1.3 — Processa o retorno do IdP após `signIn`. Lê `code` + `state` da URL
|
|
1997
|
+
* (default `location.href`; passe `currentUrl` pra override), valida o
|
|
1998
|
+
* `state` contra a transação salva em `signIn` (CSRF), consome a transação
|
|
1999
|
+
* (single-use), limpa os params da URL e devolve o material pro backend
|
|
2000
|
+
* trocar por tokens. Retorna `null` se a URL não é um callback (sem `code`).
|
|
2001
|
+
*
|
|
2002
|
+
* @throws {NeetruError} `oidc_state_mismatch` se o `state` não bate ou não há
|
|
2003
|
+
* transação pendente; ou um erro com `.code` = o `error` do IdP (ex:
|
|
2004
|
+
* `access_denied`) quando a URL traz `?error=`.
|
|
2005
|
+
*/
|
|
2006
|
+
handleRedirectCallback(currentUrl?: string): Promise<RedirectCallbackResult | null>;
|
|
2007
|
+
/**
|
|
2008
|
+
* 3.1.3 — Retorna o `id_token` cru (string JWT) que o app armazenou em
|
|
2009
|
+
* `localStorage['neetru_id_token']`, ou `null` se ausente/expirado. Útil pra
|
|
2010
|
+
* mandar como `Authorization: Bearer` ao BFF do produto. Para os claims
|
|
2011
|
+
* decodificados use `getUser()`; para validar assinatura use `verifyToken()`.
|
|
2012
|
+
*/
|
|
2013
|
+
getIdToken(): string | null;
|
|
1923
2014
|
/** Limpa session local + revoga refresh token no servidor. */
|
|
1924
2015
|
signOut(): Promise<void>;
|
|
1925
2016
|
/** Retorna o user atual (do id_token cached) ou `null` se não logado. */
|
|
@@ -2138,6 +2229,8 @@ type NeetruEnv = 'dev' | 'workspace' | 'prod';
|
|
|
2138
2229
|
*/
|
|
2139
2230
|
interface ResolvedConfig {
|
|
2140
2231
|
readonly apiKey?: string;
|
|
2232
|
+
/** 3.1.3 — client_id OIDC confidencial do produto (vide NeetruClientConfig). */
|
|
2233
|
+
readonly oidcClientId?: string;
|
|
2141
2234
|
readonly baseUrl: string;
|
|
2142
2235
|
readonly fetch: typeof globalThis.fetch;
|
|
2143
2236
|
/** Resolved env — `dev` | `workspace` | `prod`. Default `prod`. */
|
|
@@ -2153,4 +2246,4 @@ interface CatalogListOptions {
|
|
|
2153
2246
|
includeDrafts?: boolean;
|
|
2154
2247
|
}
|
|
2155
2248
|
|
|
2156
|
-
export { type
|
|
2249
|
+
export { type ProductStatus as $, type AuthNamespace as A, type NeetruClient as B, type CatalogListOptions as C, DEFAULT_BASE_URL as D, type EntitlementCheck as E, type FieldSentinel as F, type NeetruClientConfig as G, type NeetruDb as H, type IncrementSentinel as I, type NeetruDbDocuments as J, type NeetruDbEngine as K, type ListNotificationsOptions as L, MockCheckout as M, NEETRU_SENTINEL_KEY as N, NeetruDbError as O, type NeetruDbErrorCode as P, type NeetruDbOptions as Q, type NeetruDbTransport as R, type NeetruEnv as S, type NeetruSqlClient as T, type NeetruUser as U, type NotificationScopeOptions as V, type NotificationsNamespace as W, type Product as X, type ProductNotification as Y, type ProductNotificationSeverity as Z, type ProductPlan as _, type AuthStateListener as a, type RealtimeTransport as a0, type RedirectCallbackResult as a1, type RegisterWebhookInput as a2, type ResolvedConfig as a3, type SendNotificationInput as a4, type ServerTimestampSentinel as a5, type SignInOptions as a6, type SqlOptions as a7, type SupportNamespace as a8, type SupportSeverity as a9, increment as aA, isFieldSentinel as aB, isIncrementSentinel as aC, isServerTimestampSentinel as aD, serverTimestamp as aE, verifyWebhookRequest as aF, verifyWebhookSignature as aG, type SupportStatus as aa, type SupportTicket as ab, type SyncState as ac, type TelemetryEventAck as ad, type TelemetryEventInput as ae, type TelemetryLogAck as af, type TelemetryLogInput as ag, type Unsubscribe as ah, type UsageEventInput as ai, type UsageNamespace as aj, type UsageQuota as ak, type VerifyTokenOptions as al, type VerifyWebhookRequestOptions as am, type VerifyWebhookRequestResult as an, type WebhookEndpoint as ao, type WebhookEvent as ap, type WebhookScopeOptions as aq, type WebhookTestResult as ar, type WebhooksNamespace as as, type WithFieldSentinels as at, createCheckoutNamespace as au, createNeetruDb as av, createNotificationsNamespace as aw, createRestSyncTransport as ax, createWebhooksNamespace as ay, getWebSocketRealtimeClient as az, type CatalogListResponse as b, type CheckoutAuthOpts as c, type CheckoutIntentInfo as d, type CheckoutIntentStatus as e, type CheckoutNamespace as f, type CheckoutStartInput as g, type CheckoutStartResult as h, type CheckoutTenantType as i, type ConflictRecord as j, type CreateOfflineDocumentsOptions as k, type CreateTicketInput as l, type DbBatchOp as m, type DbChangeType as n, type DbCollectionRef$1 as o, type DbDoc as p, type DbDocRef as q, type DbGetResult as r, type DbListResult as s, type DbNamespace as t, type DbQuery$1 as u, type DbSqlLease as v, type DbWhereFilter as w, type DbWhereFilter$1 as x, MockNotifications as y, MockWebhooks as z };
|
|
@@ -21,6 +21,20 @@ interface CheckoutStartInput {
|
|
|
21
21
|
* Passe `false` se quiser controlar o redirect manualmente.
|
|
22
22
|
*/
|
|
23
23
|
autoRedirect?: boolean;
|
|
24
|
+
/**
|
|
25
|
+
* **C2 (auditoria 2026-06-10):** access_token OIDC do **usuário final** que
|
|
26
|
+
* está assinando. OBRIGATÓRIO no modo HTTP real — o endpoint de checkout do
|
|
27
|
+
* Core (`/api/v1/checkout/intents`) autentica a identidade do cliente (Bearer
|
|
28
|
+
* access_token OIDC ou cookie de sessão), NÃO a chave de API do SDK (`nrt_*`).
|
|
29
|
+
* Enviar a chave `nrt_*` resultava em 401 sempre. O SDK é BFF-pattern: o app
|
|
30
|
+
* consumidor gerencia o ciclo OIDC e passa o access_token aqui.
|
|
31
|
+
*/
|
|
32
|
+
accessToken?: string;
|
|
33
|
+
}
|
|
34
|
+
/** Auth por chamada do checkout — access_token OIDC do usuário final. */
|
|
35
|
+
interface CheckoutAuthOpts {
|
|
36
|
+
/** access_token OIDC do usuário final (vide CheckoutStartInput.accessToken). */
|
|
37
|
+
accessToken?: string;
|
|
24
38
|
}
|
|
25
39
|
interface CheckoutStartResult {
|
|
26
40
|
intentId: string;
|
|
@@ -54,10 +68,10 @@ interface CheckoutNamespace {
|
|
|
54
68
|
* Dev mode (`NEETRU_ENV=dev`): retorna URL fake `https://localhost:9003/portal/checkout/mock-XXXX`.
|
|
55
69
|
*/
|
|
56
70
|
start(input: CheckoutStartInput): Promise<CheckoutStartResult>;
|
|
57
|
-
/** Lê estado atual do intent (Core). */
|
|
58
|
-
get(intentId: string): Promise<CheckoutIntentInfo>;
|
|
59
|
-
/** Cancela um intent que ainda não virou `stripe_redirected`. */
|
|
60
|
-
cancel(intentId: string): Promise<{
|
|
71
|
+
/** Lê estado atual do intent (Core). Requer `opts.accessToken` no HTTP real. */
|
|
72
|
+
get(intentId: string, opts?: CheckoutAuthOpts): Promise<CheckoutIntentInfo>;
|
|
73
|
+
/** Cancela um intent que ainda não virou `stripe_redirected`. Requer `opts.accessToken` no HTTP real. */
|
|
74
|
+
cancel(intentId: string, opts?: CheckoutAuthOpts): Promise<{
|
|
61
75
|
ok: true;
|
|
62
76
|
alreadyCancelled: boolean;
|
|
63
77
|
}>;
|
|
@@ -73,8 +87,8 @@ interface CheckoutNamespace {
|
|
|
73
87
|
declare class MockCheckout implements CheckoutNamespace {
|
|
74
88
|
private readonly intents;
|
|
75
89
|
start(input: CheckoutStartInput): Promise<CheckoutStartResult>;
|
|
76
|
-
get(intentId: string): Promise<CheckoutIntentInfo>;
|
|
77
|
-
cancel(intentId: string): Promise<{
|
|
90
|
+
get(intentId: string, _opts?: CheckoutAuthOpts): Promise<CheckoutIntentInfo>;
|
|
91
|
+
cancel(intentId: string, _opts?: CheckoutAuthOpts): Promise<{
|
|
78
92
|
ok: true;
|
|
79
93
|
alreadyCancelled: boolean;
|
|
80
94
|
}>;
|
|
@@ -228,10 +242,20 @@ interface WebhooksNamespace {
|
|
|
228
242
|
* Constant-time compare via byte-level XOR accumulator (não usa
|
|
229
243
|
* `timingSafeEqual` do Node porque WebCrypto não tem equivalente direto).
|
|
230
244
|
*
|
|
245
|
+
* **3.1.3 (auditoria 2026-06-10)**: o Core assina HMAC sobre
|
|
246
|
+
* `` `${timestamp}.${rawBody}` `` (vide `computeWebhookSignature` em
|
|
247
|
+
* `functions/src/lib/webhook-delivery-core.ts`) — o `timestamp` é o valor do
|
|
248
|
+
* header `X-Neetru-Timestamp`. Passe-o no 4º parâmetro; sem ele o HMAC é
|
|
249
|
+
* computado só sobre o body e NUNCA confere com entregas reais do Core.
|
|
250
|
+
* Prefira `verifyWebhookRequest`, que lê os headers e já faz tudo.
|
|
251
|
+
*
|
|
231
252
|
* @param payload Corpo cru da request (string ou Uint8Array). NÃO use o objeto
|
|
232
253
|
* parseado — JSON.stringify pode diferir do que foi assinado.
|
|
233
254
|
* @param signature Header `X-Neetru-Signature` recebido (formato `sha256=<hex>`).
|
|
234
255
|
* @param secret Secret registrado em `webhooks.register({ secret })`.
|
|
256
|
+
* @param timestamp Valor do header `X-Neetru-Timestamp` (ms epoch). Quando
|
|
257
|
+
* presente, o HMAC cobre `` `${timestamp}.${payload}` ``
|
|
258
|
+
* (esquema canônico do Core — replay protection embutida).
|
|
235
259
|
* @returns Promise<boolean> — true se assinatura confere, false caso contrário.
|
|
236
260
|
*
|
|
237
261
|
* @example
|
|
@@ -240,7 +264,8 @@ interface WebhooksNamespace {
|
|
|
240
264
|
* export async function POST(req: Request) {
|
|
241
265
|
* const raw = await req.text();
|
|
242
266
|
* const sig = req.headers.get('X-Neetru-Signature');
|
|
243
|
-
* const
|
|
267
|
+
* const ts = req.headers.get('X-Neetru-Timestamp');
|
|
268
|
+
* const ok = await verifyWebhookSignature(raw, sig, process.env.NEETRU_WEBHOOK_SECRET!, ts ?? undefined);
|
|
244
269
|
* if (!ok) return new Response('unauthorized', { status: 401 });
|
|
245
270
|
* const event = JSON.parse(raw);
|
|
246
271
|
* // ... handle event
|
|
@@ -252,7 +277,7 @@ interface WebhooksNamespace {
|
|
|
252
277
|
* Não retorna `false` silencioso — caller precisa distinguir "assinatura
|
|
253
278
|
* inválida" (return false) de "ambiente não suporta" (throw).
|
|
254
279
|
*/
|
|
255
|
-
declare function verifyWebhookSignature(payload: string | Uint8Array, signature: string | null | undefined, secret: string): Promise<boolean>;
|
|
280
|
+
declare function verifyWebhookSignature(payload: string | Uint8Array, signature: string | null | undefined, secret: string, timestamp?: string | number): Promise<boolean>;
|
|
256
281
|
/**
|
|
257
282
|
* Opções de `verifyWebhookRequest`.
|
|
258
283
|
*/
|
|
@@ -1660,6 +1685,17 @@ interface NeetruClientConfig {
|
|
|
1660
1685
|
* (entitlements, telemetry) lançam `missing_api_key` se ausente.
|
|
1661
1686
|
*/
|
|
1662
1687
|
apiKey?: string;
|
|
1688
|
+
/**
|
|
1689
|
+
* 3.1.3 — `client_id` do client OIDC confidencial do produto, registrado em
|
|
1690
|
+
* `oidc_clients/{id}` no Core (par id + segredo, modelo Firebase/Facebook).
|
|
1691
|
+
*
|
|
1692
|
+
* Usado como `client_id` no fluxo `auth.signIn()` (Authorization Code + PKCE).
|
|
1693
|
+
* É **distinto** do `keyId` embutido na `apiKey` (`nrt_<keyId>_<secret>`), que
|
|
1694
|
+
* identifica a API key de máquina — não um client OIDC. Se ausente, `signIn`
|
|
1695
|
+
* cai no `keyId` por compat, mas o `/authorize` do Core só reconhece um
|
|
1696
|
+
* `oidc_clients` válido, então registre e passe `oidcClientId` em produção.
|
|
1697
|
+
*/
|
|
1698
|
+
oidcClientId?: string;
|
|
1663
1699
|
/**
|
|
1664
1700
|
* URL base da API Neetru. Default: `https://api.neetru.com`.
|
|
1665
1701
|
* Útil em testes apontando pra staging ou mock server.
|
|
@@ -1803,7 +1839,8 @@ interface TelemetryLogInput {
|
|
|
1803
1839
|
metadata?: Record<string, unknown>;
|
|
1804
1840
|
/** Override correlationId (default: lê dos headers/env automaticamente). */
|
|
1805
1841
|
correlationId?: string;
|
|
1806
|
-
/** Slug do produto
|
|
1842
|
+
/** Slug do produto. Se ausente, o SDK usa `config.productId` como default
|
|
1843
|
+
* (o backend NÃO infere — exige productSlug no body, fail-closed). */
|
|
1807
1844
|
productSlug?: string;
|
|
1808
1845
|
}
|
|
1809
1846
|
interface TelemetryLogAck {
|
|
@@ -1914,12 +1951,66 @@ interface SignInOptions {
|
|
|
1914
1951
|
postLoginRedirect?: string;
|
|
1915
1952
|
}
|
|
1916
1953
|
type AuthStateListener = (user: NeetruUser | null) => void;
|
|
1954
|
+
/**
|
|
1955
|
+
* 3.1.3 — Resultado de `auth.handleRedirectCallback()`: o material que o **backend
|
|
1956
|
+
* do produto** (confidential client) usa pra trocar o code por tokens no
|
|
1957
|
+
* endpoint `/api/v1/oauth/token` (POST x-www-form-urlencoded, `grant_type=
|
|
1958
|
+
* authorization_code`, autenticação `Basic base64(clientId:clientSecret)`).
|
|
1959
|
+
*
|
|
1960
|
+
* O SDK nunca faz essa troca no browser (exigiria o `client_secret`). Ele só
|
|
1961
|
+
* gera/valida o PKCE + state e entrega estes campos pro lado servidor.
|
|
1962
|
+
*/
|
|
1963
|
+
interface RedirectCallbackResult {
|
|
1964
|
+
/** `authorization_code` emitido pelo IdP — single-use, TTL curto. */
|
|
1965
|
+
code: string;
|
|
1966
|
+
/** PKCE `code_verifier` (RFC 7636) — enviar junto do code no `/token`. */
|
|
1967
|
+
codeVerifier: string;
|
|
1968
|
+
/**
|
|
1969
|
+
* `redirect_uri` exato usado no `/authorize`. O `/token` exige reenvio
|
|
1970
|
+
* idêntico (exact match) — passe este valor sem alterar.
|
|
1971
|
+
*/
|
|
1972
|
+
redirectUri: string;
|
|
1973
|
+
/**
|
|
1974
|
+
* `nonce` enviado no `/authorize`. O backend deve validar que o claim
|
|
1975
|
+
* `nonce` do `id_token` retornado bate com este valor (anti-replay OIDC).
|
|
1976
|
+
*/
|
|
1977
|
+
nonce: string;
|
|
1978
|
+
/** `state` validado (CSRF). Exposto pra logging/correlação. */
|
|
1979
|
+
state: string;
|
|
1980
|
+
/**
|
|
1981
|
+
* Destino pós-login que o app passou em `signIn({ postLoginRedirect })`.
|
|
1982
|
+
* `undefined` se não informado.
|
|
1983
|
+
*/
|
|
1984
|
+
postLoginRedirect?: string;
|
|
1985
|
+
}
|
|
1917
1986
|
interface AuthNamespace {
|
|
1918
1987
|
/**
|
|
1919
|
-
* Inicia fluxo de login OIDC
|
|
1920
|
-
* direto sem redirect. Em
|
|
1988
|
+
* Inicia fluxo de login OIDC (Authorization Code + PKCE). Em dev
|
|
1989
|
+
* (`NEETRU_ENV=dev`) retorna mock user direto sem redirect. Em browser
|
|
1990
|
+
* gera `state` (CSRF), `nonce` e o par PKCE `code_verifier`/`code_challenge`
|
|
1991
|
+
* (S256), persiste a transação em `sessionStorage` e redireciona pro
|
|
1992
|
+
* `/authorize`. Complete o fluxo no retorno com `handleRedirectCallback()`.
|
|
1921
1993
|
*/
|
|
1922
1994
|
signIn(options?: SignInOptions): Promise<NeetruUser | void>;
|
|
1995
|
+
/**
|
|
1996
|
+
* 3.1.3 — Processa o retorno do IdP após `signIn`. Lê `code` + `state` da URL
|
|
1997
|
+
* (default `location.href`; passe `currentUrl` pra override), valida o
|
|
1998
|
+
* `state` contra a transação salva em `signIn` (CSRF), consome a transação
|
|
1999
|
+
* (single-use), limpa os params da URL e devolve o material pro backend
|
|
2000
|
+
* trocar por tokens. Retorna `null` se a URL não é um callback (sem `code`).
|
|
2001
|
+
*
|
|
2002
|
+
* @throws {NeetruError} `oidc_state_mismatch` se o `state` não bate ou não há
|
|
2003
|
+
* transação pendente; ou um erro com `.code` = o `error` do IdP (ex:
|
|
2004
|
+
* `access_denied`) quando a URL traz `?error=`.
|
|
2005
|
+
*/
|
|
2006
|
+
handleRedirectCallback(currentUrl?: string): Promise<RedirectCallbackResult | null>;
|
|
2007
|
+
/**
|
|
2008
|
+
* 3.1.3 — Retorna o `id_token` cru (string JWT) que o app armazenou em
|
|
2009
|
+
* `localStorage['neetru_id_token']`, ou `null` se ausente/expirado. Útil pra
|
|
2010
|
+
* mandar como `Authorization: Bearer` ao BFF do produto. Para os claims
|
|
2011
|
+
* decodificados use `getUser()`; para validar assinatura use `verifyToken()`.
|
|
2012
|
+
*/
|
|
2013
|
+
getIdToken(): string | null;
|
|
1923
2014
|
/** Limpa session local + revoga refresh token no servidor. */
|
|
1924
2015
|
signOut(): Promise<void>;
|
|
1925
2016
|
/** Retorna o user atual (do id_token cached) ou `null` se não logado. */
|
|
@@ -2138,6 +2229,8 @@ type NeetruEnv = 'dev' | 'workspace' | 'prod';
|
|
|
2138
2229
|
*/
|
|
2139
2230
|
interface ResolvedConfig {
|
|
2140
2231
|
readonly apiKey?: string;
|
|
2232
|
+
/** 3.1.3 — client_id OIDC confidencial do produto (vide NeetruClientConfig). */
|
|
2233
|
+
readonly oidcClientId?: string;
|
|
2141
2234
|
readonly baseUrl: string;
|
|
2142
2235
|
readonly fetch: typeof globalThis.fetch;
|
|
2143
2236
|
/** Resolved env — `dev` | `workspace` | `prod`. Default `prod`. */
|
|
@@ -2153,4 +2246,4 @@ interface CatalogListOptions {
|
|
|
2153
2246
|
includeDrafts?: boolean;
|
|
2154
2247
|
}
|
|
2155
2248
|
|
|
2156
|
-
export { type
|
|
2249
|
+
export { type ProductStatus as $, type AuthNamespace as A, type NeetruClient as B, type CatalogListOptions as C, DEFAULT_BASE_URL as D, type EntitlementCheck as E, type FieldSentinel as F, type NeetruClientConfig as G, type NeetruDb as H, type IncrementSentinel as I, type NeetruDbDocuments as J, type NeetruDbEngine as K, type ListNotificationsOptions as L, MockCheckout as M, NEETRU_SENTINEL_KEY as N, NeetruDbError as O, type NeetruDbErrorCode as P, type NeetruDbOptions as Q, type NeetruDbTransport as R, type NeetruEnv as S, type NeetruSqlClient as T, type NeetruUser as U, type NotificationScopeOptions as V, type NotificationsNamespace as W, type Product as X, type ProductNotification as Y, type ProductNotificationSeverity as Z, type ProductPlan as _, type AuthStateListener as a, type RealtimeTransport as a0, type RedirectCallbackResult as a1, type RegisterWebhookInput as a2, type ResolvedConfig as a3, type SendNotificationInput as a4, type ServerTimestampSentinel as a5, type SignInOptions as a6, type SqlOptions as a7, type SupportNamespace as a8, type SupportSeverity as a9, increment as aA, isFieldSentinel as aB, isIncrementSentinel as aC, isServerTimestampSentinel as aD, serverTimestamp as aE, verifyWebhookRequest as aF, verifyWebhookSignature as aG, type SupportStatus as aa, type SupportTicket as ab, type SyncState as ac, type TelemetryEventAck as ad, type TelemetryEventInput as ae, type TelemetryLogAck as af, type TelemetryLogInput as ag, type Unsubscribe as ah, type UsageEventInput as ai, type UsageNamespace as aj, type UsageQuota as ak, type VerifyTokenOptions as al, type VerifyWebhookRequestOptions as am, type VerifyWebhookRequestResult as an, type WebhookEndpoint as ao, type WebhookEvent as ap, type WebhookScopeOptions as aq, type WebhookTestResult as ar, type WebhooksNamespace as as, type WithFieldSentinels as at, createCheckoutNamespace as au, createNeetruDb as av, createNotificationsNamespace as aw, createRestSyncTransport as ax, createWebhooksNamespace as ay, getWebSocketRealtimeClient as az, type CatalogListResponse as b, type CheckoutAuthOpts as c, type CheckoutIntentInfo as d, type CheckoutIntentStatus as e, type CheckoutNamespace as f, type CheckoutStartInput as g, type CheckoutStartResult as h, type CheckoutTenantType as i, type ConflictRecord as j, type CreateOfflineDocumentsOptions as k, type CreateTicketInput as l, type DbBatchOp as m, type DbChangeType as n, type DbCollectionRef$1 as o, type DbDoc as p, type DbDocRef as q, type DbGetResult as r, type DbListResult as s, type DbNamespace as t, type DbQuery$1 as u, type DbSqlLease as v, type DbWhereFilter as w, type DbWhereFilter$1 as x, MockNotifications as y, MockWebhooks as z };
|