npm - @omnixhq/ucp-client - Versions diffs - 2.0.0 → 2.2.0 - Mend

@omnixhq/ucp-client 2.0.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/README.md +33 -0
package/dist/adapters/anthropic.d.cts +1 -1
package/dist/adapters/anthropic.d.ts +1 -1
package/dist/adapters/langchain.d.cts +1 -1
package/dist/adapters/langchain.d.ts +1 -1
package/dist/adapters/mcp.d.cts +1 -1
package/dist/adapters/mcp.d.ts +1 -1
package/dist/adapters/openai.d.cts +1 -1
package/dist/adapters/openai.d.ts +1 -1
package/dist/adapters/vercel-ai.d.cts +1 -1
package/dist/adapters/vercel-ai.d.ts +1 -1
package/dist/{catch-errors-jyrE4r9F.d.cts → catch-errors-BoytVKBJ.d.cts} +16 -5
package/dist/catch-errors-BoytVKBJ.d.cts.map +1 -0
package/dist/{catch-errors-BW8p9Abt.d.ts → catch-errors-lijeGf45.d.ts} +16 -5
package/dist/catch-errors-lijeGf45.d.ts.map +1 -0
package/dist/index.cjs +182 -0
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +6918 -6138
package/dist/index.d.cts.map +1 -1
package/dist/index.d.ts +6918 -6138
package/dist/index.d.ts.map +1 -1
package/dist/index.js +178 -1
package/dist/index.js.map +1 -1
package/package.json +1 -1
package/dist/catch-errors-BW8p9Abt.d.ts.map +0 -1
package/dist/catch-errors-jyrE4r9F.d.cts.map +0 -1

package/README.md CHANGED Viewed

@@ -167,8 +167,41 @@ if (client.checkout) {
 console.log(Object.keys(client.paymentHandlers));
 // e.g., ['com.google.pay', 'dev.shopify.shop_pay']
+client.signingKeys; // JWK[] — EC P-256 keys for webhook verification
+```
+## Webhook signature verification
+UCP businesses sign webhook POST requests with a detached JWS in the `Request-Signature` header (RFC 7797). The JWT header MUST include a `kid` claim identifying the signing key.
+Use `createWebhookVerifier` to get a stateful verifier that fetches and caches signing keys from the business's discovery profile. It automatically re-fetches on a `kid` cache miss to support zero-downtime key rotation.
+```typescript
+import { createWebhookVerifier } from '@omnixhq/ucp-client';
+const verifier = createWebhookVerifier('https://store.example.com');
+// In your webhook handler — MUST respond quickly with 2xx, process async:
+const valid = await verifier.verify(rawBody, req.headers['request-signature']);
+if (!valid) return res.status(401).send('Invalid signature');
+// Safe to process
 ```
+Keys are loaded lazily on the first `verify()` call from `<gatewayUrl>/.well-known/ucp` and cached by `kid`. A `kid` not found in cache triggers one re-fetch (key rotation support).
+If you already have signing keys loaded (e.g. from `client.signingKeys`), use `verifyRequestSignature` directly:
+```typescript
+import { UCPClient, verifyRequestSignature } from '@omnixhq/ucp-client';
+const client = await UCPClient.connect(config);
+const valid = await verifyRequestSignature(rawBody, signature, client.signingKeys);
+```
+See [examples/webhook-verification.ts](./examples/webhook-verification.ts) for a complete HTTP server example.
 ## Framework adapters
 Ready-made adapters convert `getAgentTools()` output to each framework's native format — no manual mapping.

package/dist/adapters/anthropic.d.cts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-jyrE4r9F.cjs";
+import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-BoytVKBJ.cjs";
 //#region src/adapters/anthropic.d.ts
 interface AnthropicInputSchema {

package/dist/adapters/anthropic.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-BW8p9Abt.js";
+import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-lijeGf45.js";
 //#region src/adapters/anthropic.d.ts
 interface AnthropicInputSchema {

package/dist/adapters/langchain.d.cts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-jyrE4r9F.cjs";
+import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-BoytVKBJ.cjs";
 //#region src/adapters/langchain.d.ts
 interface LangChainTool {

package/dist/adapters/langchain.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-BW8p9Abt.js";
+import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-lijeGf45.js";
 //#region src/adapters/langchain.d.ts
 interface LangChainTool {

package/dist/adapters/mcp.d.cts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-jyrE4r9F.cjs";
+import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-BoytVKBJ.cjs";
 //#region src/adapters/mcp.d.ts
 interface MCPInputSchema {

package/dist/adapters/mcp.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-BW8p9Abt.js";
+import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-lijeGf45.js";
 //#region src/adapters/mcp.d.ts
 interface MCPInputSchema {

package/dist/adapters/openai.d.cts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-jyrE4r9F.cjs";
+import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-BoytVKBJ.cjs";
 //#region src/adapters/openai.d.ts
 interface OpenAIFunction {

package/dist/adapters/openai.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-BW8p9Abt.js";
+import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-lijeGf45.js";
 //#region src/adapters/openai.d.ts
 interface OpenAIFunction {

package/dist/adapters/vercel-ai.d.cts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-jyrE4r9F.cjs";
+import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-BoytVKBJ.cjs";
 //#region src/adapters/vercel-ai.d.ts
 interface VercelAISchema {

package/dist/adapters/vercel-ai.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-BW8p9Abt.js";
+import { AdapterOptions, AgentTool, JsonSchema } from "../catch-errors-lijeGf45.js";
 //#region src/adapters/vercel-ai.d.ts
 interface VercelAISchema {

package/dist/{catch-errors-jyrE4r9F.d.cts → catch-errors-BoytVKBJ.d.cts} RENAMED Viewed

@@ -48,7 +48,14 @@ interface LocalizationContext {
   readonly address_region?: string;
   readonly postal_code?: string;
 }
+/**
+ * A JSON Web Key (RFC 7517).
+ * Extends the TypeScript stdlib `JsonWebKey` with the `kid` claim required by UCP for webhook
+ * signature verification (the stdlib definition omits `kid`).
+ */
+type JWK = JsonWebKey & {
+  readonly kid?: string;
+};
 //#endregion
 //#region src/types/payment.d.ts
 //# sourceMappingURL=common.d.ts.map
@@ -157,9 +164,10 @@ interface CompleteCheckoutPayload {
   readonly ap2?: {
     readonly checkout_mandate?: string;
   };
-} //#endregion
-//#region src/capabilities/checkout.d.ts
+}
+//#endregion
+//#region src/capabilities/checkout.d.ts
 //# sourceMappingURL=checkout.d.ts.map
 type FulfillmentPatch = Omit<UpdateCheckoutPayload, 'fulfillment' | 'discounts'>;
 /**
@@ -189,6 +197,7 @@ type UCPSpecOrder = Order;
 interface WebhookEvent {
   readonly event_id: string;
   readonly created_time: string;
+  readonly order: UCPSpecOrder;
   readonly [key: string]: unknown;
 }
@@ -307,6 +316,8 @@ interface ToolDescriptor {
 interface ConnectedClient {
   /** The server's UCP discovery profile. */
   readonly profile: UCPProfile;
+  /** JWK signing keys from the discovery profile. Used for verifying incoming webhook signatures. */
+  readonly signingKeys: readonly JWK[];
   /** Checkout operations. Null if server does not support `dev.ucp.shopping.checkout`. */
   readonly checkout: CheckoutCapability | null;
   /** Order operations. Null if server does not support `dev.ucp.shopping.order`. */
@@ -431,5 +442,5 @@ type ToolErrorResult = {
 };
 //#endregion
-export { AdapterOptions, AgentTool, AuthorizationParams, BuyerConsent, CardCredential$1 as CardCredential, CheckoutCapability, CheckoutExtensions, CheckoutSession, CheckoutSessionStatus, CompleteCheckoutPayload, ConnectedClient, CreateCheckoutPayload, DEFAULT_UCP_VERSION, IdentityLinkingCapability, JsonSchema, LocalizationContext, OAuthServerMetadata, OrderCapability, PaymentCredential, PaymentHandlerInstance, PaymentHandlerMap, PaymentInstrument, PostalAddress, TokenCredential$1 as TokenCredential, TokenExchangeParams, TokenRefreshParams, TokenResponse, TokenRevokeParams, ToolDescriptor, ToolErrorResult, UCPClient, UCPClientConfig, UCPProfile, UCPSpecOrder, UCP_CAPABILITIES, UpdateCheckoutPayload, WebhookEvent, connect, getAgentTools };
-//# sourceMappingURL=catch-errors-jyrE4r9F.d.cts.map
+export { AdapterOptions, AgentTool, AuthorizationParams, BuyerConsent, CardCredential$1 as CardCredential, CheckoutCapability, CheckoutExtensions, CheckoutSession, CheckoutSessionStatus, CompleteCheckoutPayload, ConnectedClient, CreateCheckoutPayload, DEFAULT_UCP_VERSION, IdentityLinkingCapability, JWK, JsonSchema, LocalizationContext, OAuthServerMetadata, OrderCapability, PaymentCredential, PaymentHandlerInstance, PaymentHandlerMap, PaymentInstrument, PostalAddress, TokenCredential$1 as TokenCredential, TokenExchangeParams, TokenRefreshParams, TokenResponse, TokenRevokeParams, ToolDescriptor, ToolErrorResult, UCPClient, UCPClientConfig, UCPProfile, UCPSpecOrder, UCP_CAPABILITIES, UpdateCheckoutPayload, WebhookEvent, connect, getAgentTools };
+//# sourceMappingURL=catch-errors-BoytVKBJ.d.cts.map

package/dist/catch-errors-BoytVKBJ.d.cts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"catch-errors-BoytVKBJ.d.cts","names":[],"sources":["../src/http.ts","../src/types/common.ts","../src/types/payment.ts","../src/types/checkout.ts","../src/capabilities/checkout.ts","../src/types/order.ts","../src/capabilities/order.ts","../src/types/identity-linking.ts","../src/capabilities/identity-linking.ts","../src/types/config.ts","../src/UCPClient.ts","../src/agent-tools.ts","../src/adapters/catch-errors.ts"],"sourcesContent":null,"mappings":";;;;KAMK,UAAA;KAEO,KAAA;UAEK,gBAAA;EAJZ,SAAA,UAAU,EAAA,MAAA;EAEH,SAAK,eAAA,EAAA,MAAA;EAEA,SAAA,UAAgB,EAAA,MAAA;EASpB,SAAA,gBAAU,CAAA,EAAA,MAAA;EAAA,SAAA,WAAA,CAAA,EAAA,MAAA;EAAA,SAQD,mBAAA,CAAA,EAXW,KAWX;;AAsBE,cA9BX,UAAA,CA8BW;EAAU,iBAAiC,UAAA;EAAO,iBAwC7B,eAAA;EAAC,iBAAT,UAAA;EAAO,iBAAM,gBAAA;EAAC,iBAAA,WAAA;;sBA9D7B;kCAWY;ECtCjB,OAAA,CAAA,MAAA,EDiDO,UCjDM,EAAA,IAAA,EAAA,MAAA,EAAA,IAAA,CAAA,EAAA,OAAA,CAAA,EDiDqC,OCjDrC,CAAA,OAAA,CAAA;EAYb,QAAA,CAAA,CAAA,CAAA,CAAA,IAAY,EAAA,OAAA,EAAA,MAAA,ED6EQ,OC7ER,CD6EgB,CC7EhB,CAAA,CAAA,ED6EqB,CC7ErB;EAOZ,QAAA,iBAAmB;;;UAnBnB,aAAA;;;;EDMZ,SAAA,gBAAU,CAAA,EAAA,MAAA;EAEH,SAAK,gBAAA,CAAA,EAAA,MAAA;EAEA,SAAA,cAAgB,CAAA,EAAA,MAMA;EAGpB,SAAA,eAAU,CAAA,EAAA,MAAA;EAAA,SAAA,WAAA,CAAA,EAAA,MAAA;EAAA,SAQD,YAAA,CAAA,EAAA,MAAA;;AAsBE,UCrCP,YAAA,CDqCO;EAAU,SAAiC,SAAA,CAAA,EAAA,OAAA;EAAO,SAwC7B,WAAA,CAAA,EAAA,OAAA;EAAC,SAAT,SAAA,CAAA,EAAA,OAAA;EAAO,SAAM,YAAA,CAAA,EAAA,OAAA;AAAC;UCtElC,mBAAA;;;EAnBA,SAAA,WAAa,CAAA,EAAA,MAAA;AAY9B;AAOA;;;;;KAWY,GAAA,GAAM;EAAN,SAAG,GAAA,CAAA,EAAA,MAAG;;;;;KCzBN,iBAAA,GAAkB;KAClB,gBAAA,GAAiB;KAEjB,iBAAA,GAAoB,oBAAkB;AFAtC,UEIK,iBAAA,CFJA;EAEA,SAAA,EAAA,EAAA,MAAgB;EASpB,SAAA,UAAU,EAAA,MAAA;EAAA,SAAA,IAAA,EAAA,MAAA;EAAA,SAQD,KAAA,CAAA,EAAA,MAAA;EAAgB,SAWJ,WAAA,CAAA,EAAA,MAAA;EAAU,SAWpB,YAAA,CAAA,EAAA,MAAA;EAAU,SAAiC,QAAA,CAAA,EAAA,OAAA;EAAO,SAwC7B,OAAA,CAAA,EErExB,QFqEwB,CErEf,MFqEe,CAAA,MAAA,EAAA,OAAA,CAAA,CAAA;EAAC,SAAT,UAAA,CAAA,EEpEb,iBFoEa;EAAO,SAAM,eAAA,CAAA,EEnErB,aFmEqB;AAAC;UEhElC,sBAAA;;;EDzBA,SAAA,IAAA,EAAA,MAAa;EAYb,SAAA,MAAY,EAAA,MAAA;EAOZ,SAAA,MAAA,CAAA,ECWG,QDXgB,CCWP,MDXO,CAAA,MAAA,EAAA,OAAA,CAAA,CAAA;;UCcnB,iBAAA;yCACwB;;;;;;KC9B7B,eAAA,GAAkB;AHEzB,KGDO,qBAAA,GAAwB,sBHCrB;AAEH,UGDK,kBAAA,CHCA;EAEA,SAAA,WAAgB,EAAA,OAAA;EASpB,SAAA,QAAU,EAAA,OAAA;EAAA,SAAA,YAAA,EAAA,OAAA;EAAA,SAQD,UAAA,EAAA,OAAA;;AAsBE,UGnCP,qBAAA,CHmCO;EAAU,SAAiC,UAAA,EGlC5C,aHkC4C,CAAA;IAwCtB,SAAA,IAAA,EAAA;MAAR,SAAA,EAAA,EAAA,MAAA;IAAa,CAAA;IAAC,SAAA,QAAA,EAAA,MAAA;;;;ICzFlC,SAAA,UAAa,CAAA,EAAA,MAAA;IAYb,SAAA,SAAY,CAAA,EAAA,MAAA;IAOZ,SAAA,KAAA,CAAA,EAAA,MAAmB;;uBEMb;;qBAEF;;IFGT,SAAG,WAAG,CAAA,EAAU,SAAA,OAAA,EAAA;;;;ACzBhB,UC6BK,qBAAA,CD7Ba;EAClB,SAAA,KAAA,CAAA,EAAA;IAEA,SAAA,UAAiB,CAAA,EAAA,MAAA;IAAA,SAAA,SAAA,CAAA,EAAA,MAAA;IAAG,SAAA,KAAA,CAAA,EAAA,MAAA;IAAkB,SAAA,YAAA,CAAA,EAAA,MAAA;IAAc,SAAA,OAAA,CAAA,ECgCzC,YDhCyC;EAI/C,CAAA;EAAiB,SAAA,WAAA,CAAA,EAAA;IAQJ,SAAA,YAAA,CAAA,ECuBF,aDvBE,CAAA;MAAT,SAAA,EAAA,EAAA,MAAA;MACG,SAAA,OAAA,EAAA;QACK,SAAA,cAAA,CAAA,EAAA,MAAA;QAAa,SAAA,gBAAA,CAAA,EAAA,MAAA;QAGzB,SAAA,cAAsB,CAAA,EAAA,MAAA;QAAA,SAAA,WAAA,CAAA,EAAA,MAAA;QAKV,SAAA,eAAA,CAAA,EAAA,MAAA;MAAT,CAAA;IAAQ,CAAA,CAAA;IAGX,SAAA,OAAiB,CAAA,ECoBX,aDnBkB,CAAA;;;;MC9B7B,SAAA,uBAAkB,CAAA,EAAA,MAAA;MAClB,SAAA,MAAA,CAAqB,EAqDT,aArDY,CAAA;QAEnB,SAAkB,EAAA,EAAA,MAAA;QAOlB,SAAA,kBAAqB,CAAA,EAAA,MAAA;MAAA,CAAA,CAAA;IACf,CAAA,CAAA;EAAa,CAAA;EAUD,SAEd,OAAA,CAAA,EAAA;IAAmB,SAAA,WAAA,CAAA,EAsCb,aAtCa,CAsCC,iBAtCD,CAAA;EAOvB,CAAA;EAAqB,SAAA,SAAA,CAAA,EAAA;IAMf,SAAA,KAAA,CAAA,EAAA,SAAA,MAAA,EAAA;EAAY,CAAA;EAGM,SAejB,OAAA,CAAA,EAYH,mBAZG;;AAOiB,UAQxB,uBAAA,CARwB;EAAiB,SAA/B,OAAA,CAAA,EAAA;IAKN,SAAA,WAAA,EAKK,aALL,CAKmB,iBALnB,CAAA;EAAmB,CAAA;EAGvB,SAAA,YAAA,CAAA,EAIS,iBAJc;EAAA,SAAA,YAAA,CAAA,EAKd,QALc,CAKL,MALK,CAAA,MAAA,EAAA,OAAA,CAAA,CAAA;EAAA,SAEA,GAAA,CAAA,EAAA;IAAd,SAAA,gBAAA,CAAA,EAAA,MAAA;EAAa,CAAA;;;;;;KC7DlC,gBAAA,GAAmB,KAAK;;AJbM;AAOnC;AAEA;AASa,cICA,kBAAA,CJDU;EAAA,iBAAA,IAAA;EAAA;EAQe,SAWJ,UAAA,EIhBX,kBJgBW;EAAU,WAWpB,CAAA,IAAA,EIxBG,UJwBH,EAAA,UAAA,EIvBR,kBJuBQ;EAAU,MAAiC,CAAA,OAAA,EIlB3C,qBJkB2C,CAAA,EIlBnB,OJkBmB,CIlBX,eJkBW,CAAA;EAAO,GAwC7B,CAAA,EAAA,EAAA,MAAA,CAAA,EIrDpB,OJqDoB,CIrDZ,eJqDY,CAAA;EAAC,MAAT,CAAA,EAAA,EAAA,MAAA,EAAA,KAAA,EIhDH,qBJgDG,CAAA,EIhDqB,OJgDrB,CIhD6B,eJgD7B,CAAA;EAAO,QAAM,CAAA,EAAA,EAAA,MAAA,EAAA,OAAA,EIvCZ,uBJuCY,CAAA,EIvCc,OJuCd,CIvCsB,eJuCtB,CAAA;EAAC,MAAA,CAAA,EAAA,EAAA,MAAA,CAAA,EI9BvB,OJ8BuB,CI9Bf,eJ8Be,CAAA;mDInBvC,mBACP,QAAQ;yFAWD,mBACP,QAAQ;kHAoBD,mBACP,QAAQ;EHxGI,kBAAa,CAAA,EAAA,EAAA,MAAA,EAAA,KAAA,EAAA,SAAA,MAAA,EAAA,EAAA,KAAA,CAAA,EG2HlB,gBH3HkB,CAAA,EG4HzB,OH5HyB,CG4HjB,eH5HiB,CAAA;EAYb,QAAA,eAAY;AAO7B;;;;KIjBY,YAAA,GAAe;UAEV,YAAA;;ELEZ,SAAA,YAAU,EAAA,MAAA;EAEH,SAAK,KAAA,EKDC,YLCD;EAEA,UAAA,GAAA,EAAA,MAAgB,CAAA,EAAA,OAMA;AAGjC;;;;;;cMda,eAAA;ENCR,iBAAU,IAAA;EAEH,WAAK,CAAA,IAAA,EMFoB,UNEpB;EAEA;EASJ,GAAA,CAAA,EAAA,EAAA,MAAU,CAAA,EMVE,ONUF,CMVU,YNUV,CAAA;EAAA;EAAA,MAQD,CAAA,EAAA,EAAA,MAAA,EAAA,OAAA,EMZc,MNYd,CAAA,MAAA,EAAA,OAAA,CAAA,CAAA,EMZwC,ONYxC,CMZgD,YNYhD,CAAA;;;;;;UO3BL,mBAAA;;;;EPMZ,SAAA,mBAAU,EAAA,MAAA;EAEH,SAAK,gBAAA,EAAA,SAAA,MAAA,EAAA;EAEA,SAAA,wBAMgB,EAAK,SAAA,MAAA,EAAA;EAGzB,SAAA,qBAAU,EAAA,SAAA,MAAA,EAAA;EAAA,SAAA,qCAAA,EAAA,SAAA,MAAA,EAAA;EAAA,SAQD,qBAAA,CAAA,EAAA,MAAA;;AAsBE,UOrCP,mBAAA,CPqCO;EAAU,SAAiC,SAAA,EAAA,MAAA;EAAO,SAwC7B,YAAA,EAAA,MAAA;EAAC,SAAT,KAAA,CAAA,EAAA,MAAA;EAAO,SAAM,KAAA,CAAA,EAAA,MAAA;AAAC;UOtElC,aAAA;;;ENnBA,SAAA,UAAa,CAAA,EAAA,MAAA;EAYb,SAAA,aAAY,CAAA,EAAA,MAAA;EAOZ,SAAA,KAAA,CAAA,EAAA,MAAmB;;UMQnB,mBAAA;;;;ENGL,SAAG,YAAG,EAAA,MAAU;;UMIX,kBAAA;;EL7BL,SAAA,aAAe,EAAA,MAAA;EACf,SAAA,aAAc,EAAA,MAAG;AAE7B;AAA6B,UKgCZ,iBAAA,CLhCY;EAAA,SAAG,SAAA,EAAA,MAAA;EAAe,SAAG,aAAA,EAAA,MAAA;EAAc,SAAA,KAAA,EAAA,MAAA;EAI/C,SAAA,eAAiB,CAAA,EAAA,cAAA,GAAA,eAAA;;;;;;;;;AFXC;AAOvB,cQiBC,yBAAA,CRjBI;EAEA,iBAAA,QAAgB;EASpB,WAAA,CAAA,QAAU,EQOkB,mBRPlB;EAAA;EAAA,mBAQD,CAAA,MAAA,EQEQ,mBRFR,CAAA,EAAA,MAAA;EAAgB,YAWJ,CAAA,MAAA,EQGL,mBRHK,CAAA,EQGiB,ORHjB,CQGyB,aRHzB,CAAA;EAAU,YAWpB,CAAA,MAAA,EQEK,kBRFL,CAAA,EQE0B,ORF1B,CQEkC,aRFlC,CAAA;EAAU,WAAiC,CAAA,MAAA,EQWvC,iBRXuC,CAAA,EQWnB,ORXmB,CAAA,IAAA,CAAA;EAAO,WAwC7B,CAAA,CAAA,EQT5B,QRS4B,CQTnB,mBRSmB,CAAA;EAAC,QAAT,YAAA;;;;;AAAc;USzFlC,eAAA;;;;ETMZ,SAAA,gBAAU,CAAA,EAAA,MAAA;AAEf;AAEiB,cSHJ,mBAAA,GTSyB,YAAA;AAGzB,cSVA,gBTUU,EAAA;EAAA,SAAA,QAAA,EAAA,2BAAA;EAAA,SAQD,WAAA,EAAA,8BAAA;EAAgB,SAWJ,QAAA,EAAA,2BAAA;EAAU,SAWpB,aAAA,EAAA,gCAAA;EAAU,SAAiC,KAAA,EAAA,wBAAA;EAAO,SAwC7B,gBAAA,EAAA,iCAAA;EAAC,SAAT,WAAA,EAAA,8BAAA;CAAO;;;;AAAO;;AAnDjB,KUpBtB,UAAA,GAAa,mBVoBS;;AAWiC,UU5BlD,cAAA,CV4BkD;EAAO,SAwC7B,IAAA,EAAA,MAAA;EAAC,SAAT,UAAA,EAAA,MAAA;EAAO,SAAM,WAAA,EAAA,MAAA;AAAC;;;;ACzFnD;AAYiB,USmBA,eAAA,CTnBY;EAOZ;oBScG;;iCAEa;;qBAEZ;ETPT;kBSSM;;4BAEU;ERpChB;EACA,SAAA,eAAc,EQqCE,iBRrCC;EAEjB;EAAiB,aAAA,EAAA,EAAA,SQqCD,cRrCC,EAAA;EAAA;;AAAmC;AAIhE;EAAkC,aAAA,EAAA,EAAA,SQsCN,SRtCM,EAAA;;;;;AAUQ;AAG1C;;;;AAK4B;AAG5B;;;;AC7BA;AACA;AAEiB,iBO6DK,OAAA,CP7Da,MAAA,EO8DzB,eP9DyB,EAAA,OAOG,CAPH,EAAA;EAOlB,SAAA,mBAAqB,CAAA,EOwDO,KPxDP;CAAA,CAAA,EOyDnC,OPzDmC,COyD3B,ePzD2B,CAAA;;;;AAaE;AAOxC;;;;;;;;AAoCqB,cOkDR,SAAA,CPlDQ;EAAmB,QAAA,WAAA,CAAA;EAGvB,OAAA,OAAA,EAAA,OOoDD,OPpDwB;;;;;;;UQtEvB,UAAA;;EXGZ,SAAA,UAAU,CAAA,EWDS,QXCT,CWDkB,MXClB,CAAA,MAAA,EWDiC,UXCjC,CAAA,CAAA;EAEH,SAAK,QAAA,CAAA,EAAA,SAAA,MAAA,EAAA;EAEA,SAAA,KAAA,CAAA,EWHE,UXGc;EASpB,SAAA,IAAU,CAAA,EAAA,SAAA,MAAA,EAAA;EAAA,SAAA,WAAA,CAAA,EAAA,MAAA;EAAA,SAQD,OAAA,CAAA,EAAA,OAAA;;;;;;AA8D4B,UWxEjC,SAAA,CXwEiC;EAAC,SAAA,IAAA,EAAA,MAAA;;uBWrE5B;6BACM,4BAA4B;AVrBzD;AAYA;AAOA;;;;;;AAWA;;;;ACzBA;AACA;AAEA;;;;AAAgE;AAIhE;;;;;;AAU0C;AAG1C;;;;AAK4B;AAG5B;;;;AC7BY,iBQsDI,aAAA,CRtDc,MAAA,EQsDQ,eRtDgB,CAAA,EAAA,SQsDW,SRtDX,EAAA;;;;AACtD;USHiB,cAAA;;;KAIL,eAAA;EZAP,SAAA,KAAU,EAAA,MAAA;AAEf,CAAA,GAAY;EAEK,SAAA,mBAAgB,EAMA,IAAA;EAGpB,SAAA,YAAU,EAAA,MAAA;CAAA"}

package/dist/{catch-errors-BW8p9Abt.d.ts → catch-errors-lijeGf45.d.ts} RENAMED Viewed

@@ -48,7 +48,14 @@ interface LocalizationContext {
   readonly address_region?: string;
   readonly postal_code?: string;
 }
+/**
+ * A JSON Web Key (RFC 7517).
+ * Extends the TypeScript stdlib `JsonWebKey` with the `kid` claim required by UCP for webhook
+ * signature verification (the stdlib definition omits `kid`).
+ */
+type JWK = JsonWebKey & {
+  readonly kid?: string;
+};
 //#endregion
 //#region src/types/payment.d.ts
 //# sourceMappingURL=common.d.ts.map
@@ -157,9 +164,10 @@ interface CompleteCheckoutPayload {
   readonly ap2?: {
     readonly checkout_mandate?: string;
   };
-} //#endregion
-//#region src/capabilities/checkout.d.ts
+}
+//#endregion
+//#region src/capabilities/checkout.d.ts
 //# sourceMappingURL=checkout.d.ts.map
 type FulfillmentPatch = Omit<UpdateCheckoutPayload, 'fulfillment' | 'discounts'>;
 /**
@@ -189,6 +197,7 @@ type UCPSpecOrder = Order;
 interface WebhookEvent {
   readonly event_id: string;
   readonly created_time: string;
+  readonly order: UCPSpecOrder;
   readonly [key: string]: unknown;
 }
@@ -307,6 +316,8 @@ interface ToolDescriptor {
 interface ConnectedClient {
   /** The server's UCP discovery profile. */
   readonly profile: UCPProfile;
+  /** JWK signing keys from the discovery profile. Used for verifying incoming webhook signatures. */
+  readonly signingKeys: readonly JWK[];
   /** Checkout operations. Null if server does not support `dev.ucp.shopping.checkout`. */
   readonly checkout: CheckoutCapability | null;
   /** Order operations. Null if server does not support `dev.ucp.shopping.order`. */
@@ -431,5 +442,5 @@ type ToolErrorResult = {
 };
 //#endregion
-export { AdapterOptions, AgentTool, AuthorizationParams, BuyerConsent, CardCredential$1 as CardCredential, CheckoutCapability, CheckoutExtensions, CheckoutSession, CheckoutSessionStatus, CompleteCheckoutPayload, ConnectedClient, CreateCheckoutPayload, DEFAULT_UCP_VERSION, IdentityLinkingCapability, JsonSchema, LocalizationContext, OAuthServerMetadata, OrderCapability, PaymentCredential, PaymentHandlerInstance, PaymentHandlerMap, PaymentInstrument, PostalAddress, TokenCredential$1 as TokenCredential, TokenExchangeParams, TokenRefreshParams, TokenResponse, TokenRevokeParams, ToolDescriptor, ToolErrorResult, UCPClient, UCPClientConfig, UCPProfile, UCPSpecOrder, UCP_CAPABILITIES, UpdateCheckoutPayload, WebhookEvent, connect, getAgentTools };
-//# sourceMappingURL=catch-errors-BW8p9Abt.d.ts.map
+export { AdapterOptions, AgentTool, AuthorizationParams, BuyerConsent, CardCredential$1 as CardCredential, CheckoutCapability, CheckoutExtensions, CheckoutSession, CheckoutSessionStatus, CompleteCheckoutPayload, ConnectedClient, CreateCheckoutPayload, DEFAULT_UCP_VERSION, IdentityLinkingCapability, JWK, JsonSchema, LocalizationContext, OAuthServerMetadata, OrderCapability, PaymentCredential, PaymentHandlerInstance, PaymentHandlerMap, PaymentInstrument, PostalAddress, TokenCredential$1 as TokenCredential, TokenExchangeParams, TokenRefreshParams, TokenResponse, TokenRevokeParams, ToolDescriptor, ToolErrorResult, UCPClient, UCPClientConfig, UCPProfile, UCPSpecOrder, UCP_CAPABILITIES, UpdateCheckoutPayload, WebhookEvent, connect, getAgentTools };
+//# sourceMappingURL=catch-errors-lijeGf45.d.ts.map

package/dist/catch-errors-lijeGf45.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"catch-errors-lijeGf45.d.ts","names":[],"sources":["../src/http.ts","../src/types/common.ts","../src/types/payment.ts","../src/types/checkout.ts","../src/capabilities/checkout.ts","../src/types/order.ts","../src/capabilities/order.ts","../src/types/identity-linking.ts","../src/capabilities/identity-linking.ts","../src/types/config.ts","../src/UCPClient.ts","../src/agent-tools.ts","../src/adapters/catch-errors.ts"],"sourcesContent":null,"mappings":";;;;KAMK,UAAA;KAEO,KAAA;UAEK,gBAAA;EAJZ,SAAA,UAAU,EAAA,MAAA;EAEH,SAAK,eAAA,EAAA,MAAA;EAEA,SAAA,UAAgB,EAAA,MAAA;EASpB,SAAA,gBAAU,CAAA,EAAA,MAAA;EAAA,SAAA,WAAA,CAAA,EAAA,MAAA;EAAA,SAQD,mBAAA,CAAA,EAXW,KAWX;;AAsBE,cA9BX,UAAA,CA8BW;EAAU,iBAAiC,UAAA;EAAO,iBAwC7B,eAAA;EAAC,iBAAT,UAAA;EAAO,iBAAM,gBAAA;EAAC,iBAAA,WAAA;;sBA9D7B;kCAWY;ECtCjB,OAAA,CAAA,MAAA,EDiDO,UCjDM,EAAA,IAAA,EAAA,MAAA,EAAA,IAAA,CAAA,EAAA,OAAA,CAAA,EDiDqC,OCjDrC,CAAA,OAAA,CAAA;EAYb,QAAA,CAAA,CAAA,CAAA,CAAA,IAAY,EAAA,OAAA,EAAA,MAAA,ED6EQ,OC7ER,CD6EgB,CC7EhB,CAAA,CAAA,ED6EqB,CC7ErB;EAOZ,QAAA,iBAAmB;;;UAnBnB,aAAA;;;;EDMZ,SAAA,gBAAU,CAAA,EAAA,MAAA;EAEH,SAAK,gBAAA,CAAA,EAAA,MAAA;EAEA,SAAA,cAAgB,CAAA,EAAA,MAMA;EAGpB,SAAA,eAAU,CAAA,EAAA,MAAA;EAAA,SAAA,WAAA,CAAA,EAAA,MAAA;EAAA,SAQD,YAAA,CAAA,EAAA,MAAA;;AAsBE,UCrCP,YAAA,CDqCO;EAAU,SAAiC,SAAA,CAAA,EAAA,OAAA;EAAO,SAwC7B,WAAA,CAAA,EAAA,OAAA;EAAC,SAAT,SAAA,CAAA,EAAA,OAAA;EAAO,SAAM,YAAA,CAAA,EAAA,OAAA;AAAC;UCtElC,mBAAA;;;EAnBA,SAAA,WAAa,CAAA,EAAA,MAAA;AAY9B;AAOA;;;;;KAWY,GAAA,GAAM;EAAN,SAAG,GAAA,CAAA,EAAA,MAAG;;;;;KCzBN,iBAAA,GAAkB;KAClB,gBAAA,GAAiB;KAEjB,iBAAA,GAAoB,oBAAkB;AFAtC,UEIK,iBAAA,CFJA;EAEA,SAAA,EAAA,EAAA,MAAgB;EASpB,SAAA,UAAU,EAAA,MAAA;EAAA,SAAA,IAAA,EAAA,MAAA;EAAA,SAQD,KAAA,CAAA,EAAA,MAAA;EAAgB,SAWJ,WAAA,CAAA,EAAA,MAAA;EAAU,SAWpB,YAAA,CAAA,EAAA,MAAA;EAAU,SAAiC,QAAA,CAAA,EAAA,OAAA;EAAO,SAwC7B,OAAA,CAAA,EErExB,QFqEwB,CErEf,MFqEe,CAAA,MAAA,EAAA,OAAA,CAAA,CAAA;EAAC,SAAT,UAAA,CAAA,EEpEb,iBFoEa;EAAO,SAAM,eAAA,CAAA,EEnErB,aFmEqB;AAAC;UEhElC,sBAAA;;;EDzBA,SAAA,IAAA,EAAA,MAAa;EAYb,SAAA,MAAY,EAAA,MAAA;EAOZ,SAAA,MAAA,CAAA,ECWG,QDXgB,CCWP,MDXO,CAAA,MAAA,EAAA,OAAA,CAAA,CAAA;;UCcnB,iBAAA;yCACwB;;;;;;KC9B7B,eAAA,GAAkB;AHEzB,KGDO,qBAAA,GAAwB,sBHCrB;AAEH,UGDK,kBAAA,CHCA;EAEA,SAAA,WAAgB,EAAA,OAAA;EASpB,SAAA,QAAU,EAAA,OAAA;EAAA,SAAA,YAAA,EAAA,OAAA;EAAA,SAQD,UAAA,EAAA,OAAA;;AAsBE,UGnCP,qBAAA,CHmCO;EAAU,SAAiC,UAAA,EGlC5C,aHkC4C,CAAA;IAwCtB,SAAA,IAAA,EAAA;MAAR,SAAA,EAAA,EAAA,MAAA;IAAa,CAAA;IAAC,SAAA,QAAA,EAAA,MAAA;;;;ICzFlC,SAAA,UAAa,CAAA,EAAA,MAAA;IAYb,SAAA,SAAY,CAAA,EAAA,MAAA;IAOZ,SAAA,KAAA,CAAA,EAAA,MAAmB;;uBEMb;;qBAEF;;IFGT,SAAG,WAAG,CAAA,EAAU,SAAA,OAAA,EAAA;;;;ACzBhB,UC6BK,qBAAA,CD7Ba;EAClB,SAAA,KAAA,CAAA,EAAA;IAEA,SAAA,UAAiB,CAAA,EAAA,MAAA;IAAA,SAAA,SAAA,CAAA,EAAA,MAAA;IAAG,SAAA,KAAA,CAAA,EAAA,MAAA;IAAkB,SAAA,YAAA,CAAA,EAAA,MAAA;IAAc,SAAA,OAAA,CAAA,ECgCzC,YDhCyC;EAI/C,CAAA;EAAiB,SAAA,WAAA,CAAA,EAAA;IAQJ,SAAA,YAAA,CAAA,ECuBF,aDvBE,CAAA;MAAT,SAAA,EAAA,EAAA,MAAA;MACG,SAAA,OAAA,EAAA;QACK,SAAA,cAAA,CAAA,EAAA,MAAA;QAAa,SAAA,gBAAA,CAAA,EAAA,MAAA;QAGzB,SAAA,cAAsB,CAAA,EAAA,MAAA;QAAA,SAAA,WAAA,CAAA,EAAA,MAAA;QAKV,SAAA,eAAA,CAAA,EAAA,MAAA;MAAT,CAAA;IAAQ,CAAA,CAAA;IAGX,SAAA,OAAiB,CAAA,ECoBX,aDnBkB,CAAA;;;;MC9B7B,SAAA,uBAAkB,CAAA,EAAA,MAAA;MAClB,SAAA,MAAA,CAAqB,EAqDT,aArDY,CAAA;QAEnB,SAAkB,EAAA,EAAA,MAAA;QAOlB,SAAA,kBAAqB,CAAA,EAAA,MAAA;MAAA,CAAA,CAAA;IACf,CAAA,CAAA;EAAa,CAAA;EAUD,SAEd,OAAA,CAAA,EAAA;IAAmB,SAAA,WAAA,CAAA,EAsCb,aAtCa,CAsCC,iBAtCD,CAAA;EAOvB,CAAA;EAAqB,SAAA,SAAA,CAAA,EAAA;IAMf,SAAA,KAAA,CAAA,EAAA,SAAA,MAAA,EAAA;EAAY,CAAA;EAGM,SAejB,OAAA,CAAA,EAYH,mBAZG;;AAOiB,UAQxB,uBAAA,CARwB;EAAiB,SAA/B,OAAA,CAAA,EAAA;IAKN,SAAA,WAAA,EAKK,aALL,CAKmB,iBALnB,CAAA;EAAmB,CAAA;EAGvB,SAAA,YAAA,CAAA,EAIS,iBAJc;EAAA,SAAA,YAAA,CAAA,EAKd,QALc,CAKL,MALK,CAAA,MAAA,EAAA,OAAA,CAAA,CAAA;EAAA,SAEA,GAAA,CAAA,EAAA;IAAd,SAAA,gBAAA,CAAA,EAAA,MAAA;EAAa,CAAA;;;;;;KC7DlC,gBAAA,GAAmB,KAAK;;AJbM;AAOnC;AAEA;AASa,cICA,kBAAA,CJDU;EAAA,iBAAA,IAAA;EAAA;EAQe,SAWJ,UAAA,EIhBX,kBJgBW;EAAU,WAWpB,CAAA,IAAA,EIxBG,UJwBH,EAAA,UAAA,EIvBR,kBJuBQ;EAAU,MAAiC,CAAA,OAAA,EIlB3C,qBJkB2C,CAAA,EIlBnB,OJkBmB,CIlBX,eJkBW,CAAA;EAAO,GAwC7B,CAAA,EAAA,EAAA,MAAA,CAAA,EIrDpB,OJqDoB,CIrDZ,eJqDY,CAAA;EAAC,MAAT,CAAA,EAAA,EAAA,MAAA,EAAA,KAAA,EIhDH,qBJgDG,CAAA,EIhDqB,OJgDrB,CIhD6B,eJgD7B,CAAA;EAAO,QAAM,CAAA,EAAA,EAAA,MAAA,EAAA,OAAA,EIvCZ,uBJuCY,CAAA,EIvCc,OJuCd,CIvCsB,eJuCtB,CAAA;EAAC,MAAA,CAAA,EAAA,EAAA,MAAA,CAAA,EI9BvB,OJ8BuB,CI9Bf,eJ8Be,CAAA;mDInBvC,mBACP,QAAQ;yFAWD,mBACP,QAAQ;kHAoBD,mBACP,QAAQ;EHxGI,kBAAa,CAAA,EAAA,EAAA,MAAA,EAAA,KAAA,EAAA,SAAA,MAAA,EAAA,EAAA,KAAA,CAAA,EG2HlB,gBH3HkB,CAAA,EG4HzB,OH5HyB,CG4HjB,eH5HiB,CAAA;EAYb,QAAA,eAAY;AAO7B;;;;KIjBY,YAAA,GAAe;UAEV,YAAA;;ELEZ,SAAA,YAAU,EAAA,MAAA;EAEH,SAAK,KAAA,EKDC,YLCD;EAEA,UAAA,GAAA,EAAA,MAAgB,CAAA,EAAA,OAMA;AAGjC;;;;;;cMda,eAAA;ENCR,iBAAU,IAAA;EAEH,WAAK,CAAA,IAAA,EMFoB,UNEpB;EAEA;EASJ,GAAA,CAAA,EAAA,EAAA,MAAU,CAAA,EMVE,ONUF,CMVU,YNUV,CAAA;EAAA;EAAA,MAQD,CAAA,EAAA,EAAA,MAAA,EAAA,OAAA,EMZc,MNYd,CAAA,MAAA,EAAA,OAAA,CAAA,CAAA,EMZwC,ONYxC,CMZgD,YNYhD,CAAA;;;;;;UO3BL,mBAAA;;;;EPMZ,SAAA,mBAAU,EAAA,MAAA;EAEH,SAAK,gBAAA,EAAA,SAAA,MAAA,EAAA;EAEA,SAAA,wBAMgB,EAAK,SAAA,MAAA,EAAA;EAGzB,SAAA,qBAAU,EAAA,SAAA,MAAA,EAAA;EAAA,SAAA,qCAAA,EAAA,SAAA,MAAA,EAAA;EAAA,SAQD,qBAAA,CAAA,EAAA,MAAA;;AAsBE,UOrCP,mBAAA,CPqCO;EAAU,SAAiC,SAAA,EAAA,MAAA;EAAO,SAwC7B,YAAA,EAAA,MAAA;EAAC,SAAT,KAAA,CAAA,EAAA,MAAA;EAAO,SAAM,KAAA,CAAA,EAAA,MAAA;AAAC;UOtElC,aAAA;;;ENnBA,SAAA,UAAa,CAAA,EAAA,MAAA;EAYb,SAAA,aAAY,CAAA,EAAA,MAAA;EAOZ,SAAA,KAAA,CAAA,EAAA,MAAmB;;UMQnB,mBAAA;;;;ENGL,SAAG,YAAG,EAAA,MAAU;;UMIX,kBAAA;;EL7BL,SAAA,aAAe,EAAA,MAAA;EACf,SAAA,aAAc,EAAA,MAAG;AAE7B;AAA6B,UKgCZ,iBAAA,CLhCY;EAAA,SAAG,SAAA,EAAA,MAAA;EAAe,SAAG,aAAA,EAAA,MAAA;EAAc,SAAA,KAAA,EAAA,MAAA;EAI/C,SAAA,eAAiB,CAAA,EAAA,cAAA,GAAA,eAAA;;;;;;;;;AFXC;AAOvB,cQiBC,yBAAA,CRjBI;EAEA,iBAAA,QAAgB;EASpB,WAAA,CAAA,QAAU,EQOkB,mBRPlB;EAAA;EAAA,mBAQD,CAAA,MAAA,EQEQ,mBRFR,CAAA,EAAA,MAAA;EAAgB,YAWJ,CAAA,MAAA,EQGL,mBRHK,CAAA,EQGiB,ORHjB,CQGyB,aRHzB,CAAA;EAAU,YAWpB,CAAA,MAAA,EQEK,kBRFL,CAAA,EQE0B,ORF1B,CQEkC,aRFlC,CAAA;EAAU,WAAiC,CAAA,MAAA,EQWvC,iBRXuC,CAAA,EQWnB,ORXmB,CAAA,IAAA,CAAA;EAAO,WAwC7B,CAAA,CAAA,EQT5B,QRS4B,CQTnB,mBRSmB,CAAA;EAAC,QAAT,YAAA;;;;;AAAc;USzFlC,eAAA;;;;ETMZ,SAAA,gBAAU,CAAA,EAAA,MAAA;AAEf;AAEiB,cSHJ,mBAAA,GTSyB,YAAA;AAGzB,cSVA,gBTUU,EAAA;EAAA,SAAA,QAAA,EAAA,2BAAA;EAAA,SAQD,WAAA,EAAA,8BAAA;EAAgB,SAWJ,QAAA,EAAA,2BAAA;EAAU,SAWpB,aAAA,EAAA,gCAAA;EAAU,SAAiC,KAAA,EAAA,wBAAA;EAAO,SAwC7B,gBAAA,EAAA,iCAAA;EAAC,SAAT,WAAA,EAAA,8BAAA;CAAO;;;;AAAO;;AAnDjB,KUpBtB,UAAA,GAAa,mBVoBS;;AAWiC,UU5BlD,cAAA,CV4BkD;EAAO,SAwC7B,IAAA,EAAA,MAAA;EAAC,SAAT,UAAA,EAAA,MAAA;EAAO,SAAM,WAAA,EAAA,MAAA;AAAC;;;;ACzFnD;AAYiB,USmBA,eAAA,CTnBY;EAOZ;oBScG;;iCAEa;;qBAEZ;ETPT;kBSSM;;4BAEU;ERpChB;EACA,SAAA,eAAc,EQqCE,iBRrCC;EAEjB;EAAiB,aAAA,EAAA,EAAA,SQqCD,cRrCC,EAAA;EAAA;;AAAmC;AAIhE;EAAkC,aAAA,EAAA,EAAA,SQsCN,SRtCM,EAAA;;;;;AAUQ;AAG1C;;;;AAK4B;AAG5B;;;;AC7BA;AACA;AAEiB,iBO6DK,OAAA,CP7Da,MAAA,EO8DzB,eP9DyB,EAAA,OAOG,CAPH,EAAA;EAOlB,SAAA,mBAAqB,CAAA,EOwDO,KPxDP;CAAA,CAAA,EOyDnC,OPzDmC,COyD3B,ePzD2B,CAAA;;;;AAaE;AAOxC;;;;;;;;AAoCqB,cOkDR,SAAA,CPlDQ;EAAmB,QAAA,WAAA,CAAA;EAGvB,OAAA,OAAA,EAAA,OOoDD,OPpDwB;;;;;;;UQtEvB,UAAA;;EXGZ,SAAA,UAAU,CAAA,EWDS,QXCT,CWDkB,MXClB,CAAA,MAAA,EWDiC,UXCjC,CAAA,CAAA;EAEH,SAAK,QAAA,CAAA,EAAA,SAAA,MAAA,EAAA;EAEA,SAAA,KAAA,CAAA,EWHE,UXGc;EASpB,SAAA,IAAU,CAAA,EAAA,SAAA,MAAA,EAAA;EAAA,SAAA,WAAA,CAAA,EAAA,MAAA;EAAA,SAQD,OAAA,CAAA,EAAA,OAAA;;;;;;AA8D4B,UWxEjC,SAAA,CXwEiC;EAAC,SAAA,IAAA,EAAA,MAAA;;uBWrE5B;6BACM,4BAA4B;AVrBzD;AAYA;AAOA;;;;;;AAWA;;;;ACzBA;AACA;AAEA;;;;AAAgE;AAIhE;;;;;;AAU0C;AAG1C;;;;AAK4B;AAG5B;;;;AC7BY,iBQsDI,aAAA,CRtDc,MAAA,EQsDQ,eRtDgB,CAAA,EAAA,SQsDW,SRtDX,EAAA;;;;AACtD;USHiB,cAAA;;;KAIL,eAAA;EZAP,SAAA,KAAU,EAAA,MAAA;AAEf,CAAA,GAAY;EAEK,SAAA,mBAAgB,EAMA,IAAA;EAGpB,SAAA,YAAU,EAAA,MAAA;CAAA"}

package/dist/index.cjs CHANGED Viewed

@@ -33,6 +33,20 @@ const UCPProfileSchema = __omnixhq_ucp_js_sdk.UcpDiscoveryProfileSchema.passthro
 const CreateCheckoutRequestSchema = __omnixhq_ucp_js_sdk.ExtendedCheckoutCreateRequestSchema.passthrough();
 const UpdateCheckoutRequestSchema = __omnixhq_ucp_js_sdk.ExtendedCheckoutUpdateRequestSchema.passthrough();
 const CompleteCheckoutRequestSchema = __omnixhq_ucp_js_sdk.CheckoutCompleteRequestSchema.passthrough();
+const WebhookEventSchema = zod.z.object({
+	event_id: zod.z.string(),
+	created_time: zod.z.string(),
+	order: __omnixhq_ucp_js_sdk.OrderSchema.passthrough()
+}).passthrough();
+const JWKSchema = zod.z.object({
+	kty: zod.z.string(),
+	kid: zod.z.string().optional(),
+	use: zod.z.string().optional(),
+	alg: zod.z.string().optional(),
+	crv: zod.z.string().optional(),
+	x: zod.z.string().optional(),
+	y: zod.z.string().optional()
+}).passthrough();
 //#endregion
 //#region src/http.ts
@@ -867,8 +881,10 @@ async function connect(config, options) {
 	const order = capabilityNames.has(UCP_CAPABILITIES.ORDER) ? new OrderCapability(http) : null;
 	const identityLinking = await buildIdentityLinking(config, capabilityNames);
 	const paymentHandlers = extractPaymentHandlers(profile);
+	const signingKeys = extractSigningKeys(profile);
 	const client = {
 		profile,
+		signingKeys,
 		checkout,
 		order,
 		identityLinking,
@@ -919,6 +935,16 @@ function extractPaymentHandlers(profile) {
 	if (!result.success) return {};
 	return result.data;
 }
+function extractSigningKeys(profile) {
+	const raw = profile["signing_keys"];
+	if (!Array.isArray(raw)) return [];
+	const keys = [];
+	for (const item of raw) {
+		const result = JWKSchema.safeParse(item);
+		if (result.success) keys.push(result.data);
+	}
+	return keys;
+}
 function buildCheckoutCapability(http, capabilityNames) {
 	if (!capabilityNames.has(UCP_CAPABILITIES.CHECKOUT)) return null;
 	const extensions = {
@@ -1023,6 +1049,157 @@ function buildToolDescriptors(checkout, order, identityLinking) {
 	return tools;
 }
+//#endregion
+//#region src/verify-signature.ts
+/**
+* Verifies a `Request-Signature` header (detached JWS per RFC 7797) over a raw request body.
+*
+* Per UCP spec, the JWT header MUST include a `kid` claim identifying the signing key.
+* Returns `false` if `kid` is absent — do not fall back to guessing.
+*
+* @returns `true` if the signature is valid, `false` for any verification failure.
+*/
+async function verifyRequestSignature(body, signature, signingKeys) {
+	const parts = signature.split(".");
+	if (parts.length !== 3 || parts[1] !== "") return false;
+	const [headerB64, , sigB64] = parts;
+	let header;
+	try {
+		header = JSON.parse(new TextDecoder().decode(base64urlDecode(headerB64)));
+	} catch {
+		return false;
+	}
+	if (typeof header["alg"] !== "undefined" && header["alg"] !== "ES256") return false;
+	if (typeof header["kid"] !== "string") return false;
+	const kid = header["kid"];
+	const key = signingKeys.find((k) => k.kid === kid);
+	if (!key) return false;
+	let cryptoKey;
+	try {
+		cryptoKey = await crypto.subtle.importKey("jwk", key, {
+			name: "ECDSA",
+			namedCurve: "P-256"
+		}, false, ["verify"]);
+	} catch {
+		return false;
+	}
+	let sigBytes;
+	try {
+		sigBytes = base64urlDecode(sigB64);
+	} catch {
+		return false;
+	}
+	const signingInput = `${headerB64}.${Buffer.from(body).toString("base64url")}`;
+	try {
+		return await crypto.subtle.verify({
+			name: "ECDSA",
+			hash: "SHA-256"
+		}, cryptoKey, sigBytes, new TextEncoder().encode(signingInput));
+	} catch {
+		return false;
+	}
+}
+/**
+* Creates a {@link WebhookVerifier} bound to a specific business's UCP gateway.
+*
+* Signing keys are lazily loaded from `<gatewayUrl>/.well-known/ucp` on the first call
+* and cached by `kid`. A cache miss triggers a re-fetch to support key rotation.
+*
+* @example
+* ```typescript
+* import { createWebhookVerifier } from '@omnixhq/ucp-client';
+*
+* const verifier = createWebhookVerifier('https://store.example.com');
+*
+* // In your webhook handler:
+* const valid = await verifier.verify(rawBody, req.headers['request-signature']);
+* if (!valid) return res.status(401).send('Invalid signature');
+* ```
+*/
+function createWebhookVerifier(gatewayUrl) {
+	const baseUrl = gatewayUrl.replace(/\/+$/, "");
+	const keyCache = new Map();
+	let fetched = false;
+	async function loadKeys() {
+		const res = await fetch(`${baseUrl}/.well-known/ucp`);
+		if (!res.ok) return;
+		const profile = await res.json();
+		const rawKeys = profile["signing_keys"];
+		if (!Array.isArray(rawKeys)) return;
+		keyCache.clear();
+		for (const item of rawKeys) {
+			const parsed = JWKSchema.safeParse(item);
+			if (parsed.success && typeof parsed.data.kid === "string") keyCache.set(parsed.data.kid, parsed.data);
+		}
+		fetched = true;
+	}
+	return { async verify(body, signature) {
+		const kid = extractKid(signature);
+		if (kid === null) return false;
+		if (!fetched) await loadKeys();
+		if (!keyCache.has(kid)) await loadKeys();
+		const key = keyCache.get(kid);
+		if (!key) return false;
+		return verifyRequestSignature(body, signature, [key]);
+	} };
+}
+/** Extracts the `kid` from a detached JWS header without full verification. */
+function extractKid(signature) {
+	const parts = signature.split(".");
+	if (parts.length !== 3 || parts[1] !== "") return null;
+	try {
+		const header = JSON.parse(new TextDecoder().decode(base64urlDecode(parts[0])));
+		return typeof header["kid"] === "string" ? header["kid"] : null;
+	} catch {
+		return null;
+	}
+}
+function base64urlDecode(b64url) {
+	const b64 = b64url.replace(/-/g, "+").replace(/_/g, "/");
+	const padded = b64 + "=".repeat((4 - b64.length % 4) % 4);
+	const binaryStr = atob(padded);
+	const result = new Uint8Array(binaryStr.length);
+	for (let i = 0; i < binaryStr.length; i++) result[i] = binaryStr.charCodeAt(i);
+	return result;
+}
+//#endregion
+//#region src/parse-webhook-event.ts
+/**
+* Parses and validates a raw webhook request body as a UCP order event.
+*
+* Call this after verifying the `Request-Signature` header with
+* {@link createWebhookVerifier} or {@link verifyRequestSignature}.
+*
+* Throws {@link UCPError} with code `INVALID_WEBHOOK_PAYLOAD` if the body is
+* not valid JSON or does not conform to the UCP webhook event schema.
+*
+* @example
+* ```typescript
+* import { createWebhookVerifier, parseWebhookEvent } from '@omnixhq/ucp-client';
+*
+* const verifier = createWebhookVerifier('https://store.example.com');
+*
+* // In your webhook handler:
+* const valid = await verifier.verify(rawBody, req.headers['request-signature']);
+* if (!valid) return res.status(401).send('Invalid signature');
+*
+* const event = parseWebhookEvent(rawBody);
+* console.log(event.event_id, event.order.id);
+* ```
+*/
+function parseWebhookEvent(body) {
+	let raw;
+	try {
+		raw = JSON.parse(body);
+	} catch {
+		throw new require_errors.UCPError("INVALID_WEBHOOK_PAYLOAD", "Webhook body is not valid JSON");
+	}
+	const result = WebhookEventSchema.safeParse(raw);
+	if (!result.success) throw new require_errors.UCPError("INVALID_WEBHOOK_PAYLOAD", `Webhook payload validation failed: ${result.error.message}`);
+	return result.data;
+}
 //#endregion
 exports.AccountInfoSchema = __omnixhq_ucp_js_sdk.AccountInfoSchema
 exports.AdjustmentSchema = __omnixhq_ucp_js_sdk.AdjustmentSchema
@@ -1080,6 +1257,7 @@ exports.FulfillmentSchema = __omnixhq_ucp_js_sdk.FulfillmentSchema
 exports.IdentityLinkingCapability = IdentityLinkingCapability
 exports.ItemResponseSchema = __omnixhq_ucp_js_sdk.ItemResponseSchema
 exports.ItemSchema = __omnixhq_ucp_js_sdk.ItemSchema
+exports.JWKSchema = JWKSchema
 exports.LineItemResponseSchema = __omnixhq_ucp_js_sdk.LineItemResponseSchema
 exports.LineItemSchema = __omnixhq_ucp_js_sdk.LineItemSchema
 exports.LineItemUpdateRequestSchema = __omnixhq_ucp_js_sdk.LineItemUpdateRequestSchema
@@ -1132,6 +1310,10 @@ exports.UcpResponseOrderSchema = __omnixhq_ucp_js_sdk.UcpResponseOrderSchema
 exports.UcpReverseDomainNameSchema = __omnixhq_ucp_js_sdk.UcpReverseDomainNameSchema
 exports.UcpVersionSchema = __omnixhq_ucp_js_sdk.UcpVersionSchema
 exports.UpdateCheckoutRequestSchema = UpdateCheckoutRequestSchema
+exports.WebhookEventSchema = WebhookEventSchema
 exports.connect = connect
+exports.createWebhookVerifier = createWebhookVerifier
 exports.getAgentTools = getAgentTools
+exports.parseWebhookEvent = parseWebhookEvent
+exports.verifyRequestSignature = verifyRequestSignature
 //# sourceMappingURL=index.cjs.map