@nehorai/credits 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Nehorai Hadad
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/adapters/generic.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Generic credits adapter - framework agnostic
+ *
+ * This adapter uses standard JavaScript APIs and works in any
+ * JavaScript environment (Node.js, browser, etc.).
+ */
+import type { CreditsAdapter, CreditsAdapterConfig } from "./types";
+/**
+ * Create a generic credits adapter
+ *
+ * This adapter:
+ * - Authenticates users via the provided auth provider
+ * - Reserves credits before action execution
+ * - Commits credits on success, releases on failure
+ * - Logs usage asynchronously via the deferred executor
+ */
+export declare function createGenericAdapter(config: CreditsAdapterConfig): CreditsAdapter;
+//# sourceMappingURL=generic.d.ts.map

package/dist/adapters/generic.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"generic.d.ts","sourceRoot":"","sources":["../../src/adapters/generic.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,KAAK,EAAgB,cAAc,EAAE,oBAAoB,EAAuB,MAAM,SAAS,CAAC;AAgBvG;;;;;;;;GAQG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,oBAAoB,GAAG,cAAc,CAgIjF"}

package/dist/adapters/generic.js

@@ -0,0 +1,147 @@
+/**
+ * Generic credits adapter - framework agnostic
+ *
+ * This adapter uses standard JavaScript APIs and works in any
+ * JavaScript environment (Node.js, browser, etc.).
+ */
+import { commitReservationWithJournal, releaseReservationWithJournal, reserveCreditsForOperation, } from "../core/operations";
+/**
+ * Generate a unique request ID
+ */
+function generateRequestId() {
+    const timestamp = Date.now();
+    const randomPart = Math.random().toString(36).substring(2, 14);
+    return `req_${timestamp}_${randomPart}`;
+}
+/**
+ * Create a generic credits adapter
+ *
+ * This adapter:
+ * - Authenticates users via the provided auth provider
+ * - Reserves credits before action execution
+ * - Commits credits on success, releases on failure
+ * - Logs usage asynchronously via the deferred executor
+ */
+export function createGenericAdapter(config) {
+    const { repository, authProvider, deferred, operationCosts } = config;
+    function getOperationCost(operationType) {
+        return operationCosts[operationType] ?? 0;
+    }
+    function logUsage(params) {
+        deferred.defer(async () => {
+            await repository.logUsage({
+                userId: params.userId,
+                operationType: params.operationType,
+                provider: "gemini",
+                creditsUsed: params.creditsUsed,
+                success: params.success,
+                errorMessage: params.errorMessage,
+                resourceId: params.resourceId,
+                resourceType: params.resourceType,
+                requestId: params.requestId,
+            });
+        });
+    }
+    return {
+        withCredits(options, handler) {
+            return async (data) => {
+                const requestId = generateRequestId();
+                // Authenticate
+                const user = await authProvider.getCurrentUser();
+                if (!user?.id) {
+                    return { success: false, error: "Authentication required" };
+                }
+                // Handle preview mode - skip credit handling entirely
+                if (isPreviewMode(data)) {
+                    const dummyReservation = createDummyReservation(user.id, options.operationType);
+                    return handler(user, data, dummyReservation);
+                }
+                // Calculate cost
+                const cost = options.customCost ?? getOperationCost(options.operationType);
+                // Reserve credits
+                let reservation;
+                try {
+                    reservation = await reserveCreditsForOperation(repository, user.id, cost, options.operationType);
+                }
+                catch (error) {
+                    const message = error instanceof Error ? error.message : "Failed to reserve credits";
+                    logUsage({
+                        userId: user.id,
+                        operationType: options.operationType,
+                        creditsUsed: 0,
+                        success: false,
+                        errorMessage: message,
+                        resourceId: options.resourceId,
+                        resourceType: options.resourceType,
+                        requestId,
+                    });
+                    return { success: false, error: message };
+                }
+                // Execute action
+                try {
+                    const result = await handler(user, data, reservation);
+                    if (result.success) {
+                        await commitReservationWithJournal(repository, user.id, reservation.id);
+                        logUsage({
+                            userId: user.id,
+                            operationType: options.operationType,
+                            creditsUsed: cost,
+                            success: true,
+                            resourceId: options.resourceId,
+                            resourceType: options.resourceType,
+                            requestId,
+                        });
+                    }
+                    else {
+                        await releaseReservationWithJournal(repository, user.id, reservation.id);
+                        logUsage({
+                            userId: user.id,
+                            operationType: options.operationType,
+                            creditsUsed: 0,
+                            success: false,
+                            errorMessage: result.error,
+                            resourceId: options.resourceId,
+                            resourceType: options.resourceType,
+                            requestId,
+                        });
+                    }
+                    return result;
+                }
+                catch (error) {
+                    const message = error instanceof Error ? error.message : "An unexpected error occurred";
+                    await releaseReservationWithJournal(repository, user.id, reservation.id);
+                    logUsage({
+                        userId: user.id,
+                        operationType: options.operationType,
+                        creditsUsed: 0,
+                        success: false,
+                        errorMessage: message,
+                        resourceId: options.resourceId,
+                        resourceType: options.resourceType,
+                        requestId,
+                    });
+                    console.error("Action error:", error);
+                    return { success: false, error: message };
+                }
+            };
+        },
+    };
+}
+function isPreviewMode(data) {
+    return (typeof data === "object" &&
+        data !== null &&
+        "preview" in data &&
+        data.preview === true);
+}
+function createDummyReservation(userId, operationType) {
+    return {
+        id: "preview-mode",
+        userId,
+        amount: 0,
+        operationType,
+        status: "released",
+        createdAt: new Date().toISOString(),
+        expiresAt: new Date().toISOString(),
+    };
+}
+//# sourceMappingURL=generic.js.map

package/dist/adapters/generic.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"generic.js","sourceRoot":"","sources":["../../src/adapters/generic.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,OAAO,EACL,4BAA4B,EAC5B,6BAA6B,EAC7B,0BAA0B,GAC3B,MAAM,oBAAoB,CAAC;AAE5B;;GAEG;AACH,SAAS,iBAAiB;IACxB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/D,OAAO,OAAO,SAAS,IAAI,UAAU,EAAE,CAAC;AAC1C,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAA4B;IAC/D,MAAM,EAAE,UAAU,EAAE,YAAY,EAAE,QAAQ,EAAE,cAAc,EAAE,GAAG,MAAM,CAAC;IAEtE,SAAS,gBAAgB,CAAC,aAAqB;QAC7C,OAAO,cAAc,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC;IAC5C,CAAC;IAED,SAAS,QAAQ,CAAC,MASjB;QACC,QAAQ,CAAC,KAAK,CAAC,KAAK,IAAI,EAAE;YACxB,MAAM,UAAU,CAAC,QAAQ,CAAC;gBACxB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,aAAa,EAAE,MAAM,CAAC,aAAa;gBACnC,QAAQ,EAAE,QAAQ;gBAClB,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,YAAY,EAAE,MAAM,CAAC,YAAY;gBACjC,UAAU,EAAE,MAAM,CAAC,UAAU;gBAC7B,YAAY,EAAE,MAAM,CAAC,YAAY;gBACjC,SAAS,EAAE,MAAM,CAAC,SAAS;aAC5B,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,WAAW,CACT,OAA2B,EAC3B,OAA6C;YAE7C,OAAO,KAAK,EAAE,IAAY,EAAkC,EAAE;gBAC5D,MAAM,SAAS,GAAG,iBAAiB,EAAE,CAAC;gBAEtC,eAAe;gBACf,MAAM,IAAI,GAAG,MAAM,YAAY,CAAC,cAAc,EAAE,CAAC;gBACjD,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC;oBACd,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC;gBAC9D,CAAC;gBAED,sDAAsD;gBACtD,IAAI,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;oBACxB,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;oBAChF,OAAO,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,gBAAgB,CAAC,CAAC;gBAC/C,CAAC;gBAED,iBAAiB;gBACjB,MAAM,IAAI,GAAG,OAAO,CAAC,UAAU,IAAI,gBAAgB,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;gBAE3E,kBAAkB;gBAClB,IAAI,WAAgC,CAAC;gBACrC,IAAI,CAAC;oBACH,WAAW,GAAG,MAAM,0BAA0B,CAC5C,UAAU,EACV,IAAI,CAAC,EAAE,EACP,IAAI,EACJ,OAAO,CAAC,aAAa,CACtB,CAAC;gBACJ,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B,CAAC;oBACrF,QAAQ,CAAC;wBACP,MAAM,EAAE,IAAI,CAAC,EAAE;wBACf,aAAa,EAAE,OAAO,CAAC,aAAa;wBACpC,WAAW,EAAE,CAAC;wBACd,OAAO,EAAE,KAAK;wBACd,YAAY,EAAE,OAAO;wBACrB,UAAU,EAAE,OAAO,CAAC,UAAU;wBAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;wBAClC,SAAS;qBACV,CAAC,CAAC;oBACH,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;gBAC5C,CAAC;gBAED,iBAAiB;gBACjB,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;oBAEtD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;wBACnB,MAAM,4BAA4B,CAAC,UAAU,EAAE,IAAI,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC;wBACxE,QAAQ,CAAC;4BACP,MAAM,EAAE,IAAI,CAAC,EAAE;4BACf,aAAa,EAAE,OAAO,CAAC,aAAa;4BACpC,WAAW,EAAE,IAAI;4BACjB,OAAO,EAAE,IAAI;4BACb,UAAU,EAAE,OAAO,CAAC,UAAU;4BAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;4BAClC,SAAS;yBACV,CAAC,CAAC;oBACL,CAAC;yBAAM,CAAC;wBACN,MAAM,6BAA6B,CAAC,UAAU,EAAE,IAAI,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC;wBACzE,QAAQ,CAAC;4BACP,MAAM,EAAE,IAAI,CAAC,EAAE;4BACf,aAAa,EAAE,OAAO,CAAC,aAAa;4BACpC,WAAW,EAAE,CAAC;4BACd,OAAO,EAAE,KAAK;4BACd,YAAY,EAAE,MAAM,CAAC,KAAK;4BAC1B,UAAU,EAAE,OAAO,CAAC,UAAU;4BAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;4BAClC,SAAS;yBACV,CAAC,CAAC;oBACL,CAAC;oBAED,OAAO,MAAM,CAAC;gBAChB,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,8BAA8B,CAAC;oBACxF,MAAM,6BAA6B,CAAC,UAAU,EAAE,IAAI,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC;oBACzE,QAAQ,CAAC;wBACP,MAAM,EAAE,IAAI,CAAC,EAAE;wBACf,aAAa,EAAE,OAAO,CAAC,aAAa;wBACpC,WAAW,EAAE,CAAC;wBACd,OAAO,EAAE,KAAK;wBACd,YAAY,EAAE,OAAO;wBACrB,UAAU,EAAE,OAAO,CAAC,UAAU;wBAC9B,YAAY,EAAE,OAAO,CAAC,YAAY;wBAClC,SAAS;qBACV,CAAC,CAAC;oBACH,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC;oBACtC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;gBAC5C,CAAC;YACH,CAAC,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,IAAa;IAClC,OAAO,CACL,OAAO,IAAI,KAAK,QAAQ;QACxB,IAAI,KAAK,IAAI;QACb,SAAS,IAAI,IAAI;QAChB,IAAgC,CAAC,OAAO,KAAK,IAAI,CACnD,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAAC,MAAc,EAAE,aAAqB;IACnE,OAAO;QACL,EAAE,EAAE,cAAc;QAClB,MAAM;QACN,MAAM,EAAE,CAAC;QACT,aAAa;QACb,MAAM,EAAE,UAAU;QAClB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC"}

package/dist/adapters/index.d.ts

@@ -0,0 +1,3 @@
+export type { ActionResult, CreditActionHandler, CreditsAdapterConfig, CreditsAdapter, } from "./types";
+export { createGenericAdapter } from "./generic";
+//# sourceMappingURL=index.d.ts.map

package/dist/adapters/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/adapters/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,YAAY,EACZ,mBAAmB,EACnB,oBAAoB,EACpB,cAAc,GACf,MAAM,SAAS,CAAC;AAEjB,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC"}

package/dist/adapters/index.js

@@ -0,0 +1,2 @@
+export { createGenericAdapter } from "./generic";
+//# sourceMappingURL=index.js.map

package/dist/adapters/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/adapters/index.ts"],"names":[],"mappings":"AAOA,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAC"}

package/dist/adapters/types.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Adapter types for the credits system
+ *
+ * Defines the interface for framework-specific adapters that wrap
+ * credit operations with different execution strategies.
+ */
+import type { PortableReservation, WithCreditsOptions } from "../core/types";
+import type { CreditsUser, ICreditsAuthProvider } from "../auth/types";
+import type { ICreditRepository } from "../repository/types";
+import type { DeferredExecutor } from "../core";
+/**
+ * Generic action result type
+ */
+export interface ActionResult<T> {
+    success: boolean;
+    data?: T;
+    error?: string;
+}
+/**
+ * Handler function signature for credit-wrapped actions
+ */
+export type CreditActionHandler<TInput, TOutput> = (user: CreditsUser, data: TInput, reservation: PortableReservation) => Promise<ActionResult<TOutput>>;
+/**
+ * Configuration for creating a credits adapter
+ */
+export interface CreditsAdapterConfig {
+    /** Repository for credit operations */
+    repository: ICreditRepository;
+    /** Auth provider for user authentication */
+    authProvider: ICreditsAuthProvider;
+    /** Deferred executor for background tasks */
+    deferred: DeferredExecutor;
+    /** Operation cost lookup table */
+    operationCosts: Record<string, number>;
+}
+/**
+ * Interface for credits adapters
+ */
+export interface CreditsAdapter {
+    /**
+     * Wrap an action function with credit handling
+     */
+    withCredits<TInput, TOutput>(options: WithCreditsOptions, handler: CreditActionHandler<TInput, TOutput>): (data: TInput) => Promise<ActionResult<TOutput>>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/adapters/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/adapters/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC;AAC7E,OAAO,KAAK,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AACvE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAEhD;;GAEG;AACH,MAAM,WAAW,YAAY,CAAC,CAAC;IAC7B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,CAAC,CAAC;IACT,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,CAAC,MAAM,EAAE,OAAO,IAAI,CACjD,IAAI,EAAE,WAAW,EACjB,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,mBAAmB,KAC7B,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;AAEpC;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,uCAAuC;IACvC,UAAU,EAAE,iBAAiB,CAAC;IAC9B,4CAA4C;IAC5C,YAAY,EAAE,oBAAoB,CAAC;IACnC,6CAA6C;IAC7C,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,kCAAkC;IAClC,cAAc,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACxC;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B;;OAEG;IACH,WAAW,CAAC,MAAM,EAAE,OAAO,EACzB,OAAO,EAAE,kBAAkB,EAC3B,OAAO,EAAE,mBAAmB,CAAC,MAAM,EAAE,OAAO,CAAC,GAC5C,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC;CACrD"}

package/dist/adapters/types.js

@@ -0,0 +1,8 @@
+/**
+ * Adapter types for the credits system
+ *
+ * Defines the interface for framework-specific adapters that wrap
+ * credit operations with different execution strategies.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/adapters/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/adapters/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}

package/dist/auth/api-key.d.ts

@@ -0,0 +1,37 @@
+import type { ICreditsAuthProvider, CreditsUser } from "./types";
+/**
+ * Verify a Bearer token from an Authorization header
+ *
+ * @param header - The Authorization header value (e.g., "Bearer secret123")
+ * @param secret - The expected secret value
+ * @returns True if token is valid
+ */
+export declare function verifyBearerToken(header: string | null, secret: string): boolean;
+/**
+ * API Key auth provider for admin routes
+ *
+ * Uses Bearer token authentication for external API access
+ * The API key is stored in CREDITS_ADMIN_API_KEY environment variable
+ */
+export declare class ApiKeyCreditsProvider implements ICreditsAuthProvider {
+    private readonly apiKey;
+    private isValidated;
+    constructor(authHeader?: string | null, apiKey?: string);
+    getCurrentUser(): Promise<CreditsUser | null>;
+    verifyAdminAccess(): Promise<boolean>;
+}
+/**
+ * Verify an API key from a request header
+ * @param authHeader - Authorization header value
+ * @param apiKey - Optional API key to use (defaults to CREDITS_ADMIN_API_KEY env var)
+ * @returns True if API key is valid
+ */
+export declare function verifyAdminApiKey(authHeader: string | null, apiKey?: string): boolean;
+/**
+ * Create an API key auth provider from a request
+ * @param request - Request object with headers
+ * @param apiKey - Optional API key to use
+ * @returns API key auth provider
+ */
+export declare function createApiKeyProvider(request: Request, apiKey?: string): ApiKeyCreditsProvider;
+//# sourceMappingURL=api-key.d.ts.map

package/dist/auth/api-key.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key.d.ts","sourceRoot":"","sources":["../../src/auth/api-key.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAwBjE;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAUhF;AAED;;;;;GAKG;AACH,qBAAa,qBAAsB,YAAW,oBAAoB;IAChE,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAqB;IAC5C,OAAO,CAAC,WAAW,CAAS;gBAEhB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,EAAE,MAAM,CAAC,EAAE,MAAM;IASjD,cAAc,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAa7C,iBAAiB,IAAI,OAAO,CAAC,OAAO,CAAC;CAG5C;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAarF;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,qBAAqB,CAG7F"}

package/dist/auth/api-key.js

@@ -0,0 +1,94 @@
+/**
+ * Timing-safe string comparison to prevent timing attacks
+ */
+function timingSafeEqual(a, b) {
+    if (!a || !b) {
+        return false;
+    }
+    // Pad strings to same length to prevent length-based timing attacks
+    const maxLength = Math.max(a.length, b.length);
+    const paddedA = a.padEnd(maxLength);
+    const paddedB = b.padEnd(maxLength);
+    let result = 0;
+    for (let i = 0; i < maxLength; i++) {
+        result |= paddedA.charCodeAt(i) ^ paddedB.charCodeAt(i);
+    }
+    // Also check that lengths were originally equal
+    return result === 0 && a.length === b.length;
+}
+/**
+ * Verify a Bearer token from an Authorization header
+ *
+ * @param header - The Authorization header value (e.g., "Bearer secret123")
+ * @param secret - The expected secret value
+ * @returns True if token is valid
+ */
+export function verifyBearerToken(header, secret) {
+    if (!header || !secret) {
+        return false;
+    }
+    // Extract token from "Bearer {token}" format
+    const token = header.replace(/^Bearer\s+/i, "");
+    // Use timing-safe comparison
+    return timingSafeEqual(token, secret);
+}
+/**
+ * API Key auth provider for admin routes
+ *
+ * Uses Bearer token authentication for external API access
+ * The API key is stored in CREDITS_ADMIN_API_KEY environment variable
+ */
+export class ApiKeyCreditsProvider {
+    apiKey;
+    isValidated = false;
+    constructor(authHeader, apiKey) {
+        this.apiKey = apiKey ?? process.env.CREDITS_ADMIN_API_KEY;
+        // Validate the provided auth header using timing-safe comparison
+        if (authHeader && this.apiKey) {
+            this.isValidated = verifyBearerToken(authHeader, this.apiKey);
+        }
+    }
+    async getCurrentUser() {
+        if (!this.isValidated) {
+            return null;
+        }
+        // API key auth returns a special "admin" user
+        return {
+            id: "api-admin",
+            email: "api@admin.internal",
+            name: "API Admin",
+        };
+    }
+    async verifyAdminAccess() {
+        return this.isValidated;
+    }
+}
+/**
+ * Verify an API key from a request header
+ * @param authHeader - Authorization header value
+ * @param apiKey - Optional API key to use (defaults to CREDITS_ADMIN_API_KEY env var)
+ * @returns True if API key is valid
+ */
+export function verifyAdminApiKey(authHeader, apiKey) {
+    if (!authHeader) {
+        return false;
+    }
+    const expectedKey = apiKey ?? process.env.CREDITS_ADMIN_API_KEY;
+    if (!expectedKey) {
+        console.warn("CREDITS_ADMIN_API_KEY not configured");
+        return false;
+    }
+    // Use timing-safe comparison to prevent timing attacks
+    return verifyBearerToken(authHeader, expectedKey);
+}
+/**
+ * Create an API key auth provider from a request
+ * @param request - Request object with headers
+ * @param apiKey - Optional API key to use
+ * @returns API key auth provider
+ */
+export function createApiKeyProvider(request, apiKey) {
+    const authHeader = request.headers.get("Authorization");
+    return new ApiKeyCreditsProvider(authHeader, apiKey);
+}
+//# sourceMappingURL=api-key.js.map

package/dist/auth/api-key.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key.js","sourceRoot":"","sources":["../../src/auth/api-key.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,SAAS,eAAe,CAAC,CAAS,EAAE,CAAS;IAC3C,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QACb,OAAO,KAAK,CAAC;IACf,CAAC;IAED,oEAAoE;IACpE,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,OAAO,GAAG,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpC,MAAM,OAAO,GAAG,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEpC,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,MAAM,IAAI,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC1D,CAAC;IAED,gDAAgD;IAChD,OAAO,MAAM,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,CAAC;AAC/C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAqB,EAAE,MAAc;IACrE,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,6CAA6C;IAC7C,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;IAEhD,6BAA6B;IAC7B,OAAO,eAAe,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;AACxC,CAAC;AAED;;;;;GAKG;AACH,MAAM,OAAO,qBAAqB;IACf,MAAM,CAAqB;IACpC,WAAW,GAAG,KAAK,CAAC;IAE5B,YAAY,UAA0B,EAAE,MAAe;QACrD,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;QAE1D,iEAAiE;QACjE,IAAI,UAAU,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAC9B,IAAI,CAAC,WAAW,GAAG,iBAAiB,CAAC,UAAU,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,8CAA8C;QAC9C,OAAO;YACL,EAAE,EAAE,WAAW;YACf,KAAK,EAAE,oBAAoB;YAC3B,IAAI,EAAE,WAAW;SAClB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,iBAAiB;QACrB,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,UAAyB,EAAE,MAAe;IAC1E,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,WAAW,GAAG,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;IAChE,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QACrD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,uDAAuD;IACvD,OAAO,iBAAiB,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;AACpD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAAC,OAAgB,EAAE,MAAe;IACpE,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACxD,OAAO,IAAI,qBAAqB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC"}

package/dist/auth/index.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Credits auth providers - barrel exports
+ *
+ * Provides authentication abstraction for credits system
+ */
+export type { ICreditsAuthProvider, CreditsAuthProviderFactory, CreditsUser, } from "./types";
+export { ApiKeyCreditsProvider, verifyAdminApiKey, createApiKeyProvider, verifyBearerToken, } from "./api-key";
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,YAAY,EACV,oBAAoB,EACpB,0BAA0B,EAC1B,WAAW,GACZ,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,oBAAoB,EACpB,iBAAiB,GAClB,MAAM,WAAW,CAAC"}

package/dist/auth/index.js

@@ -0,0 +1,8 @@
+/**
+ * Credits auth providers - barrel exports
+ *
+ * Provides authentication abstraction for credits system
+ */
+// API Key implementation (for admin routes)
+export { ApiKeyCreditsProvider, verifyAdminApiKey, createApiKeyProvider, verifyBearerToken, } from "./api-key";
+//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AASH,4CAA4C;AAC5C,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,oBAAoB,EACpB,iBAAiB,GAClB,MAAM,WAAW,CAAC"}

package/dist/auth/types.d.ts

@@ -0,0 +1,31 @@
+/**
+ * Authenticated user information for credits operations
+ */
+export interface CreditsUser {
+    id: string;
+    email?: string | null;
+    name?: string | null;
+}
+/**
+ * Auth provider interface for credits system
+ *
+ * Implementations can use any auth system (NextAuth, JWT, API keys, etc.)
+ */
+export interface ICreditsAuthProvider {
+    /**
+     * Get the currently authenticated user
+     * @returns User information or null if not authenticated
+     */
+    getCurrentUser(): Promise<CreditsUser | null>;
+    /**
+     * Verify if a user has admin access for credits management
+     * @param userId - User ID to check
+     * @returns True if user has admin access
+     */
+    verifyAdminAccess(userId: string): Promise<boolean>;
+}
+/**
+ * Factory type for creating auth provider instances
+ */
+export type CreditsAuthProviderFactory = () => ICreditsAuthProvider;
+//# sourceMappingURL=types.d.ts.map

package/dist/auth/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACnC;;;OAGG;IACH,cAAc,IAAI,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IAE9C;;;;OAIG;IACH,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACrD;AAED;;GAEG;AACH,MAAM,MAAM,0BAA0B,GAAG,MAAM,oBAAoB,CAAC"}

package/dist/auth/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/auth/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":""}

package/dist/config/costs.d.ts

@@ -0,0 +1,61 @@
+import type { SubscriptionTier, TierConfig } from "../core/types";
+import { getValidOperationTypes, isValidOperationType } from "./index";
+/**
+ * Get operation costs as a record
+ * Returns all configured operation costs from the current config
+ */
+export declare function getOperationCosts(): Record<string, number>;
+/**
+ * Get the credit cost for an operation type
+ * Uses the configuration system for dynamic costs
+ *
+ * @param type - Operation type (must be configured in the system)
+ * @returns Credit cost for the operation
+ * @throws Error if the operation type is not configured
+ */
+export declare function getOperationCost(type: string): number;
+export { getValidOperationTypes, isValidOperationType };
+/**
+ * Tier configurations with monthly limits and pricing
+ *
+ * NOTE: This is kept for backward compatibility.
+ * The actual configs are loaded from configuration.
+ * Use getTierConfig() instead of accessing this directly.
+ */
+export declare const TIER_CONFIGS: Record<SubscriptionTier, TierConfig>;
+/**
+ * Get tier configuration
+ * Uses the configuration system for dynamic configs
+ *
+ * @param tier - Subscription tier
+ * @returns Tier configuration
+ */
+export declare function getTierConfig(tier: SubscriptionTier): TierConfig;
+/**
+ * Get monthly credit limit for a tier
+ * Returns Infinity for unlimited tier
+ * Uses the configuration system for dynamic limits
+ *
+ * @param tier - Subscription tier
+ * @returns Monthly credit limit
+ */
+export declare function getMonthlyLimit(tier: SubscriptionTier): number;
+/**
+ * Default credits for new users (free tier)
+ * Uses the configuration system
+ */
+export declare const DEFAULT_FREE_CREDITS = 25;
+/**
+ * Get default free credits from configuration
+ */
+export declare function getDefaultFreeCredits(): number;
+/**
+ * Reservation expiry time in milliseconds
+ * Uses the configuration system
+ */
+export declare const RESERVATION_EXPIRY_MS: number;
+/**
+ * Get reservation expiry time from configuration
+ */
+export declare function getReservationExpiryMs(): number;
+//# sourceMappingURL=costs.d.ts.map

package/dist/config/costs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"costs.d.ts","sourceRoot":"","sources":["../../src/config/costs.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAClE,OAAO,EAKL,sBAAsB,EACtB,oBAAoB,EACrB,MAAM,SAAS,CAAC;AAEjB;;;GAGG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAE1D;AAED;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAErD;AAGD,OAAO,EAAE,sBAAsB,EAAE,oBAAoB,EAAE,CAAC;AAExD;;;;;;GAMG;AACH,eAAO,MAAM,YAAY,EAAE,MAAM,CAAC,gBAAgB,EAAE,UAAU,CAa7D,CAAC;AAEF;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,gBAAgB,GAAG,UAAU,CAEhE;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,gBAAgB,GAAG,MAAM,CAE9D;AAED;;;GAGG;AACH,eAAO,MAAM,oBAAoB,KAAK,CAAC;AAEvC;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,MAAM,CAE9C;AAED;;;GAGG;AACH,eAAO,MAAM,qBAAqB,QAAgB,CAAC;AAEnD;;GAEG;AACH,wBAAgB,sBAAsB,IAAI,MAAM,CAE/C"}

package/dist/config/costs.js

@@ -0,0 +1,86 @@
+import { getConfig, getConfigOperationCost, getConfigTierConfig, getConfigMonthlyLimit, getValidOperationTypes, isValidOperationType, } from "./index";
+/**
+ * Get operation costs as a record
+ * Returns all configured operation costs from the current config
+ */
+export function getOperationCosts() {
+    return { ...getConfig().operationCosts };
+}
+/**
+ * Get the credit cost for an operation type
+ * Uses the configuration system for dynamic costs
+ *
+ * @param type - Operation type (must be configured in the system)
+ * @returns Credit cost for the operation
+ * @throws Error if the operation type is not configured
+ */
+export function getOperationCost(type) {
+    return getConfigOperationCost(type);
+}
+// Re-export validation helpers for convenience
+export { getValidOperationTypes, isValidOperationType };
+/**
+ * Tier configurations with monthly limits and pricing
+ *
+ * NOTE: This is kept for backward compatibility.
+ * The actual configs are loaded from configuration.
+ * Use getTierConfig() instead of accessing this directly.
+ */
+export const TIER_CONFIGS = {
+    get free() {
+        return getConfig().tierConfigs.free;
+    },
+    get basic() {
+        return getConfig().tierConfigs.basic;
+    },
+    get premium() {
+        return getConfig().tierConfigs.premium;
+    },
+    get unlimited() {
+        return getConfig().tierConfigs.unlimited;
+    },
+};
+/**
+ * Get tier configuration
+ * Uses the configuration system for dynamic configs
+ *
+ * @param tier - Subscription tier
+ * @returns Tier configuration
+ */
+export function getTierConfig(tier) {
+    return getConfigTierConfig(tier);
+}
+/**
+ * Get monthly credit limit for a tier
+ * Returns Infinity for unlimited tier
+ * Uses the configuration system for dynamic limits
+ *
+ * @param tier - Subscription tier
+ * @returns Monthly credit limit
+ */
+export function getMonthlyLimit(tier) {
+    return getConfigMonthlyLimit(tier);
+}
+/**
+ * Default credits for new users (free tier)
+ * Uses the configuration system
+ */
+export const DEFAULT_FREE_CREDITS = 25; // Static fallback, actual value from getConfig().defaultFreeCredits
+/**
+ * Get default free credits from configuration
+ */
+export function getDefaultFreeCredits() {
+    return getConfig().defaultFreeCredits;
+}
+/**
+ * Reservation expiry time in milliseconds
+ * Uses the configuration system
+ */
+export const RESERVATION_EXPIRY_MS = 5 * 60 * 1000; // Static fallback
+/**
+ * Get reservation expiry time from configuration
+ */
+export function getReservationExpiryMs() {
+    return getConfig().reservationExpiryMs;
+}
+//# sourceMappingURL=costs.js.map

package/dist/config/costs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"costs.js","sourceRoot":"","sources":["../../src/config/costs.ts"],"names":[],"mappings":"AACA,OAAO,EACL,SAAS,EACT,sBAAsB,EACtB,mBAAmB,EACnB,qBAAqB,EACrB,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,SAAS,CAAC;AAEjB;;;GAGG;AACH,MAAM,UAAU,iBAAiB;IAC/B,OAAO,EAAE,GAAG,SAAS,EAAE,CAAC,cAAc,EAAE,CAAC;AAC3C,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,gBAAgB,CAAC,IAAY;IAC3C,OAAO,sBAAsB,CAAC,IAAI,CAAC,CAAC;AACtC,CAAC;AAED,+CAA+C;AAC/C,OAAO,EAAE,sBAAsB,EAAE,oBAAoB,EAAE,CAAC;AAExD;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,YAAY,GAAyC;IAChE,IAAI,IAAI;QACN,OAAO,SAAS,EAAE,CAAC,WAAW,CAAC,IAAK,CAAC;IACvC,CAAC;IACD,IAAI,KAAK;QACP,OAAO,SAAS,EAAE,CAAC,WAAW,CAAC,KAAM,CAAC;IACxC,CAAC;IACD,IAAI,OAAO;QACT,OAAO,SAAS,EAAE,CAAC,WAAW,CAAC,OAAQ,CAAC;IAC1C,CAAC;IACD,IAAI,SAAS;QACX,OAAO,SAAS,EAAE,CAAC,WAAW,CAAC,SAAU,CAAC;IAC5C,CAAC;CACF,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAAC,IAAsB;IAClD,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC;AACnC,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,eAAe,CAAC,IAAsB;IACpD,OAAO,qBAAqB,CAAC,IAAI,CAAC,CAAC;AACrC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,EAAE,CAAC,CAAC,oEAAoE;AAE5G;;GAEG;AACH,MAAM,UAAU,qBAAqB;IACnC,OAAO,SAAS,EAAE,CAAC,kBAAkB,CAAC;AACxC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,kBAAkB;AAEtE;;GAEG;AACH,MAAM,UAAU,sBAAsB;IACpC,OAAO,SAAS,EAAE,CAAC,mBAAmB,CAAC;AACzC,CAAC"}