npm - @nordsym/apiclaw - Versions diffs - 2.0.0 → 2.2.0 - Mend

@nordsym/apiclaw 2.0.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

package/.claude/settings.local.json +5 -1
package/convex/_generated/api.d.ts +8 -0
package/convex/_listWorkspaces.ts +13 -0
package/convex/crons.ts +15 -0
package/convex/funnel.ts +431 -0
package/convex/guards.ts +174 -0
package/convex/http.ts +334 -8
package/convex/nurture.ts +355 -0
package/convex/schema.ts +70 -0
package/convex/workspaces.ts +185 -0
package/dist/funnel-client.d.ts +24 -0
package/dist/funnel-client.d.ts.map +1 -0
package/dist/funnel-client.js +131 -0
package/dist/funnel-client.js.map +1 -0
package/dist/funnel.test.d.ts +2 -0
package/dist/funnel.test.d.ts.map +1 -0
package/dist/funnel.test.js +145 -0
package/dist/funnel.test.js.map +1 -0
package/dist/index.js +338 -120
package/dist/index.js.map +1 -1
package/dist/postinstall.d.ts +0 -5
package/dist/postinstall.d.ts.map +1 -1
package/dist/postinstall.js +24 -3
package/dist/postinstall.js.map +1 -1
package/dist/registration-guard.d.ts +29 -0
package/dist/registration-guard.d.ts.map +1 -0
package/dist/registration-guard.js +87 -0
package/dist/registration-guard.js.map +1 -0
package/package.json +1 -1
package/src/funnel-client.ts +168 -0
package/src/funnel.test.ts +187 -0
package/src/index.ts +381 -145
package/src/postinstall.ts +24 -2
package/src/registration-guard.ts +117 -0

package/src/postinstall.ts CHANGED Viewed

@@ -1,14 +1,36 @@
 #!/usr/bin/env node
 /**
  * APIClaw Postinstall Hook
- * Prints a welcome message with links after install.
- * No network calls. No side effects.
+ * Prints a welcome message with links and fires ONE anonymous funnel
+ * event (install) so we can measure top-of-funnel truthfully.
+ *
+ * Disable telemetry: APICLAW_TELEMETRY=false
  */
+import { emitFunnelEvent, hasLocalMarker, setLocalMarker } from './funnel-client.js';
+import { getMachineFingerprint, detectMCPClient } from './session.js';
 const CYAN = '\x1b[36m';
 const RESET = '\x1b[0m';
 const DIM = '\x1b[2m';
+try {
+  const fp = getMachineFingerprint();
+  const dedupeKey = `install:${fp}`;
+  if (!hasLocalMarker(dedupeKey)) {
+    emitFunnelEvent({
+      event: 'install',
+      fingerprint: fp,
+      mcpClient: detectMCPClient(),
+      platform: process.platform,
+      version: process.env.npm_package_version || 'unknown',
+      dedupeKey,
+    });
+    setLocalMarker(dedupeKey);
+  }
+} catch {
+  /* never block install */
+}
 console.log('');
 console.log(`  🦞 APIClaw installed successfully!`);
 console.log('');

package/src/registration-guard.ts ADDED Viewed

@@ -0,0 +1,117 @@
+/**
+ * Client-side registration guard — single source of truth for "does this
+ * workspaceContext pass the verified-owner check before an API call".
+ *
+ * Free paths (discover_apis, list_* , *_help) do NOT call this.
+ * Paying paths (call_api single + chain, capability, resume_chain) DO.
+ */
+export interface WorkspaceContextLike {
+  sessionToken: string;
+  workspaceId: string;
+  email: string;
+  tier: string;
+  status: string;
+  usageRemaining: number;
+  usageCount: number;
+}
+export type GuardResult =
+  | { ok: true; ctx: WorkspaceContextLike }
+  | { ok: false; reason: GuardReason; payload: Record<string, unknown> };
+export type GuardReason =
+  | "no_session"
+  | "not_verified"
+  | "quota_exceeded"
+  | "pending_verification";
+// Paths that are allowed without a verified owner.
+export const FREE_CALL_PATHS = new Set<string>([
+  "discover_apis",
+  "list_categories",
+  "list_connected",
+  "list_capabilities",
+  "apiclaw_help",
+  "register_owner",
+  "verify_code",
+  "check_workspace_status",
+  "remind_owner",
+  "get_chain_status",
+  "setup_metered_billing",
+  "get_usage_summary",
+  "estimate_cost",
+  "check_balance",
+  "add_credits",
+  "get_api_details",
+  "purchase_access",
+]);
+// Paths that MUST go through requireVerifiedOwner.
+export const ENFORCED_CALL_PATHS = new Set<string>([
+  "call_api",
+  "capability",
+  "resume_chain",
+]);
+export function requireVerifiedOwner(
+  workspaceContext: WorkspaceContextLike | null
+): GuardResult {
+  if (!workspaceContext) {
+    return {
+      ok: false,
+      reason: "no_session",
+      payload: {
+        status: "registration_required",
+        error: "Registration required to call APIs.",
+        message:
+          "Ask the user for their email, then call register_owner({ email }). A 6-digit code will be sent. Then call verify_code with the code.",
+        action: "register_owner",
+        free_tier: "50 API calls/month -- completely free.",
+      },
+    };
+  }
+  if (!workspaceContext.email) {
+    return {
+      ok: false,
+      reason: "pending_verification",
+      payload: {
+        status: "registration_required",
+        error: "Workspace is not linked to a verified email yet.",
+        message: "Run register_owner({ email }) and verify_code to activate.",
+        action: "register_owner",
+      },
+    };
+  }
+  if (workspaceContext.status !== "active") {
+    return {
+      ok: false,
+      reason: "not_verified",
+      payload: {
+        status: "pending_verification",
+        error: `Workspace status: ${workspaceContext.status}. Please verify your email.`,
+        action: "verify_code",
+      },
+    };
+  }
+  if (workspaceContext.usageRemaining === 0) {
+    return {
+      ok: false,
+      reason: "quota_exceeded",
+      payload: {
+        status: "quota_exceeded",
+        error:
+          workspaceContext.tier === "free"
+            ? "You've hit the free tier limit. Upgrade at https://apiclaw.cloud/upgrade."
+            : "Quota exceeded.",
+        upgrade_url: "https://apiclaw.cloud/upgrade",
+        action: "upgrade",
+      },
+    };
+  }
+  return { ok: true, ctx: workspaceContext };
+}