@openwop/openwop 1.1.1 → 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. package/README.md +4 -0
  2. package/dist/client.d.ts +80 -1
  3. package/dist/client.d.ts.map +1 -1
  4. package/dist/client.js +186 -0
  5. package/dist/client.js.map +1 -1
  6. package/dist/cost-attribution.d.ts +49 -0
  7. package/dist/cost-attribution.d.ts.map +1 -0
  8. package/dist/cost-attribution.js +65 -0
  9. package/dist/cost-attribution.js.map +1 -0
  10. package/dist/envelope-directive.d.ts +77 -0
  11. package/dist/envelope-directive.d.ts.map +1 -0
  12. package/dist/envelope-directive.js +89 -0
  13. package/dist/envelope-directive.js.map +1 -0
  14. package/dist/event-helpers.d.ts +95 -0
  15. package/dist/event-helpers.d.ts.map +1 -0
  16. package/dist/event-helpers.js +160 -0
  17. package/dist/event-helpers.js.map +1 -0
  18. package/dist/index.d.ts +14 -1
  19. package/dist/index.d.ts.map +1 -1
  20. package/dist/index.js +34 -0
  21. package/dist/index.js.map +1 -1
  22. package/dist/parse-refusal.d.ts +114 -0
  23. package/dist/parse-refusal.d.ts.map +1 -0
  24. package/dist/parse-refusal.js +216 -0
  25. package/dist/parse-refusal.js.map +1 -0
  26. package/dist/registry-helpers.d.ts +118 -0
  27. package/dist/registry-helpers.d.ts.map +1 -0
  28. package/dist/registry-helpers.js +82 -0
  29. package/dist/registry-helpers.js.map +1 -0
  30. package/dist/types.d.ts +376 -1
  31. package/dist/types.d.ts.map +1 -1
  32. package/dist/types.js.map +1 -1
  33. package/dist/webhook-helpers.d.ts +73 -0
  34. package/dist/webhook-helpers.d.ts.map +1 -0
  35. package/dist/webhook-helpers.js +97 -0
  36. package/dist/webhook-helpers.js.map +1 -0
  37. package/package.json +1 -1
  38. package/src/client.ts +218 -0
  39. package/src/cost-attribution.ts +72 -0
  40. package/src/envelope-directive.ts +110 -0
  41. package/src/event-helpers.ts +238 -0
  42. package/src/index.ts +117 -0
  43. package/src/parse-refusal.ts +311 -0
  44. package/src/registry-helpers.ts +173 -0
  45. package/src/types.ts +424 -0
  46. package/src/webhook-helpers.ts +131 -0
package/src/types.ts CHANGED
@@ -18,6 +18,7 @@ export type RunStatus =
18
18
  | 'paused'
19
19
  | 'waiting-approval'
20
20
  | 'waiting-input'
21
+ | 'waiting-external'
21
22
  | 'completed'
22
23
  | 'failed'
23
24
  | 'cancelled';
@@ -54,6 +55,24 @@ export interface RunSnapshot {
54
55
  variables?: Record<string, unknown>;
55
56
  channels?: Record<string, unknown>;
56
57
  error?: { code?: string; message?: string };
58
+ /** Linkage back to the parent run when this run was spawned via
59
+ * `core.subWorkflow`. Per `interrupt-profiles.md §openwop-interrupt-
60
+ * cascade-cancel`: child runs preserve `parentRunId` + `parentNodeId`
61
+ * so cancellation can cascade. Absent for top-level runs. */
62
+ parentRunId?: string;
63
+ parentNodeId?: string;
64
+ /** Surfaced for `waiting-*` runs per `interrupt.md §"Signed-token
65
+ * callback"`. Carries the open interrupt's metadata so clients can
66
+ * resolve via `POST /v1/interrupts/{token}` without consulting a
67
+ * separate endpoint. Hosts MAY omit `data` to keep payloads small;
68
+ * the token + callbackUrl are the load-bearing fields. */
69
+ interrupt?: {
70
+ kind: string;
71
+ nodeId: string;
72
+ interruptToken?: string;
73
+ callbackUrl?: string;
74
+ data?: unknown;
75
+ };
57
76
  }
58
77
 
59
78
  /**
@@ -103,6 +122,80 @@ export interface CancelRunResponse {
103
122
  status: 'cancelled' | 'cancelling';
104
123
  }
105
124
 
125
+ /**
126
+ * Portable JSON diagnostic export for a single run per
127
+ * `spec/v1/debug-bundle.md` + `schemas/debug-bundle.schema.json`.
128
+ *
129
+ * Hosts MAY omit non-required fields. Consumers MUST treat masked /
130
+ * omitted / hashed values as the spec-canonical content per the host's
131
+ * advertised `redactionMode` — they are NOT placeholders for missing
132
+ * data.
133
+ */
134
+ export interface DebugBundle {
135
+ bundleVersion: string;
136
+ generatedAt: string;
137
+ host: { name?: string; version?: string; vendor?: string };
138
+ run: Record<string, unknown>;
139
+ events: ReadonlyArray<Record<string, unknown>>;
140
+ redactionApplied: boolean;
141
+ /** Reflects the host's `capabilities.compliance.defaultMode`. */
142
+ redactionMode: 'mask' | 'omit' | 'hash' | 'passthrough';
143
+ /** True when the bundle hit the host's size cap; pair with `truncatedReason`. */
144
+ truncated?: boolean;
145
+ truncatedReason?: string;
146
+ [key: string]: unknown;
147
+ }
148
+
149
+ export interface DebugBundleOptions {
150
+ /** Optional host-extension query parameter to lower the size cap for testing. Spec-canonical hosts SHOULD prefer `host.<vendor>.<query>` namespacing; this is the SQLite-reference convention. */
151
+ maxEvents?: number;
152
+ }
153
+
154
+ export interface RegisterWebhookRequest {
155
+ /** Receiver URL the host will POST signed deliveries to. */
156
+ url: string;
157
+ /** Event types to subscribe to (subset of the `RunEventType` enum). */
158
+ events: readonly string[];
159
+ /** Optional pre-shared secret; if omitted the host generates one and returns it in the response. */
160
+ secret?: string;
161
+ /** Optional tag filter — only events from runs carrying these tags are delivered. */
162
+ tags?: readonly string[];
163
+ }
164
+
165
+ export interface RegisterWebhookResponse {
166
+ /** Server-issued opaque subscription id; pass to `webhooks.unregister`. */
167
+ subscriptionId: string;
168
+ url: string;
169
+ /**
170
+ * The signing secret. **Returned ONCE on registration** — the host
171
+ * cannot recover it later. Store it server-side for HMAC verification.
172
+ */
173
+ secret: string;
174
+ eventTypes: readonly string[];
175
+ createdAt: string;
176
+ }
177
+
178
+ export interface PauseRunRequest {
179
+ reason?: string;
180
+ drainPolicy?: 'immediate' | 'drain-current-node';
181
+ }
182
+
183
+ export interface PauseRunResponse {
184
+ runId: string;
185
+ status: 'paused';
186
+ pausedAt?: string;
187
+ }
188
+
189
+ export interface ResumeRunRequest {
190
+ reason?: string;
191
+ }
192
+
193
+ export interface ResumeRunResponse {
194
+ runId: string;
195
+ status: 'running';
196
+ resumedAt?: string;
197
+ }
198
+
106
199
  // rest-endpoints.md §"POST /v1/runs:bulk-cancel" (closes R1).
107
200
  export interface BulkCancelRunsRequest {
108
201
  runIds: readonly string[];
@@ -388,9 +481,100 @@ export interface AgentsCapability {
388
481
  reasoning?: {
389
482
  verbosity: ReasoningVerbosity;
390
483
  tokenLimit?: number;
484
+ /** RFC 0024. When `true`, host MAY emit `agent.reasoning.delta`
485
+ * events incrementally while a reasoning block is still open,
486
+ * in addition to the final `agent.reasoned`. Consumers that
487
+ * only read `agent.reasoned` remain correct (the closing event
488
+ * is authoritative). */
489
+ streaming?: boolean;
391
490
  };
392
491
  }
393
492
 
493
+ // ─── agent.* event payloads (RFC 0002 §B + RFC 0024) ────────────────────
494
+ //
495
+ // Mirror of `schemas/run-event-payloads.schema.json#$defs.agent*`. Field
496
+ // names + types match the canonical wire contract verbatim; the `[key:
497
+ // string]: unknown` index signature reflects the deliberate
498
+ // `additionalProperties: true` carve-out on the agent.* payloads (Phase
499
+ // 1 of the multi-agent shift). When the canonical schema changes, these
500
+ // interfaces MUST be updated in lock-step — see the assertion in
501
+ // `__tests__/event-helpers.test.ts` that exercises every required field.
502
+
503
+ /** `agent.reasoned` payload (RFC 0002 §B). Fired once per closed
504
+ * reasoning block. The `reasoning` field is authoritative — when a
505
+ * streaming host also emitted `agent.reasoning.delta` events, this
506
+ * event still carries the complete trace (possibly after host-side
507
+ * truncation under `verbosity: 'summary'`). */
508
+ export interface AgentReasonedPayload {
509
+ agentId: string;
510
+ reasoning: string;
511
+ verbosity?: ReasoningVerbosity;
512
+ [key: string]: unknown;
513
+ }
514
+
515
+ /** `agent.reasoning.delta` payload (RFC 0024). Incremental reasoning
516
+ * chunk emitted while a reasoning block is still open. Consumers
517
+ * concatenate `delta` strings in `sequence` order to reconstruct
518
+ * the in-progress trace; the closing `agent.reasoned` event carries
519
+ * the authoritative final content. */
520
+ export interface AgentReasoningDeltaPayload {
521
+ agentId: string;
522
+ delta: string;
523
+ sequence: number;
524
+ verbosity?: ReasoningVerbosity;
525
+ [key: string]: unknown;
526
+ }
527
+
528
+ /** `agent.toolCalled` payload (RFC 0002 §B). Pairs with `agent.toolReturned`
529
+ * via shared `callId`; the toolReturned event's `causationId` equals
530
+ * the toolCalled event's `eventId`. */
531
+ export interface AgentToolCalledPayload {
532
+ agentId: string;
533
+ toolName: string;
534
+ callId: string;
535
+ inputs?: unknown;
536
+ [key: string]: unknown;
537
+ }
538
+
539
+ /** `agent.toolReturned` payload (RFC 0002 §B). `outcome` and `error`
540
+ * are mutually exclusive: success returns set `outcome`; failures set
541
+ * `error`. Hosts that need stricter validation layer it host-side. */
542
+ export interface AgentToolReturnedPayload {
543
+ agentId: string;
544
+ toolName: string;
545
+ callId: string;
546
+ outcome?: unknown;
547
+ error?: ErrorEnvelope;
548
+ [key: string]: unknown;
549
+ }
550
+
551
+ /** `agent.handoff` payload (RFC 0002 §B). Note the distinct field
552
+ * names — `fromAgentId` / `toAgentId`, NOT a single `agentId` like
553
+ * the other agent.* events. */
554
+ export interface AgentHandoffPayload {
555
+ fromAgentId: string;
556
+ toAgentId: string;
557
+ reason?: string;
558
+ [key: string]: unknown;
559
+ }
560
+
561
+ /** `agent.decided` payload (RFC 0002 §B). `confidence` in `[0, 1]`
562
+ * drives the low-confidence escalation contract (`node.suspended
563
+ * { reason: 'low-confidence' }`) when below the resolved threshold. */
564
+ export interface AgentDecidedPayload {
565
+ agentId: string;
566
+ decision: unknown;
567
+ confidence?: number;
568
+ [key: string]: unknown;
569
+ }
570
+
571
+ /** A `RunEventDoc` narrowed to a specific event-type discriminator +
572
+ * payload shape. Returned by the `isAgent*` type guards in
573
+ * `event-helpers.ts`. */
574
+ export interface TypedRunEvent<T> extends RunEventDoc {
575
+ payload: T;
576
+ }
577
+
394
578
  // ─── Auth profile claims (Phase I.5 + I.6) ──────────────────────────────
395
579
 
396
580
  /** Profile identifiers per auth-profiles.md. */
@@ -419,6 +603,246 @@ export interface DiscoveryAuthScopedCapability {
419
603
  mode: 'same-endpoint';
420
604
  }
421
605
 
606
+ // ---------------------------------------------------------------------------
607
+ // AI Envelope (DRAFT v1.x — `spec/v1/ai-envelope.md`)
608
+ //
609
+ // Inbound LLM-emission envelope. Distinct from `RunEventDoc` (outbound event
610
+ // log) and `ErrorEnvelope` (host HTTP error response). Top-level shape is
611
+ // closed; payload shape is selected by `type` and validated against a
612
+ // per-kind JSON Schema advertised via `Capabilities.supportedEnvelopes` +
613
+ // `Capabilities.schemaVersions`. See spec doc for full normative prose.
614
+ // ---------------------------------------------------------------------------
615
+
616
+ /** Wire metadata on every AI Envelope. */
617
+ export interface EnvelopeMeta {
618
+ /** Provenance of this emission. */
619
+ source: 'ai-generation' | 'user' | 'system';
620
+ /** Mirrors `RunEventDoc.contentTrust`. Hosts MUST set 'untrusted' for MCP / A2A origin. */
621
+ contentTrust?: 'trusted' | 'untrusted';
622
+ /** ISO 8601 UTC timestamp. */
623
+ ts: string;
624
+ /** Optional W3C trace-context for distributed tracing. */
625
+ traceparent?: string;
626
+ /** Optional human-readable label for ops dashboards. */
627
+ label?: string;
628
+ }
629
+
630
+ /** Chunking info for streamed emissions. (in-flight) */
631
+ export interface PartialInfo {
632
+ isPartial: boolean;
633
+ index: number;
634
+ /** -1 when total is unknown (streaming without precount). */
635
+ total: number;
636
+ }
637
+
638
+ /** Canonical inbound LLM-emission wire shape per `spec/v1/ai-envelope.md`. */
639
+ export interface AIEnvelope<TPayload = unknown> {
640
+ /** Discriminator for payload shape, kind routing, and Envelope Contract gate. */
641
+ type: string;
642
+ /** Per-kind schema version. Absent → treat as 0. */
643
+ schemaVersion?: number;
644
+ /** Globally unique envelope id. Engine-assigned if absent on receipt. */
645
+ envelopeId: string;
646
+ /** Caller-stable id for dedup, replay short-circuit, and causal chaining. */
647
+ correlationId: string;
648
+ /** Set when the emitting node is identifiable. */
649
+ nodeId?: string;
650
+ /** Discriminated payload. Shape selected by `type`. */
651
+ payload: TPayload;
652
+ /** Wire metadata. */
653
+ meta: EnvelopeMeta;
654
+ /** Present when this is one fragment of a streamed emission. */
655
+ partial?: PartialInfo;
656
+ }
657
+
658
+ /** Per-typeId envelope-kind permission set per `ai-envelope.md` §"Envelope Contract". */
659
+ export interface EnvelopeContract {
660
+ /** Kinds the engine will accept from this node. */
661
+ accepts: string[];
662
+ /** Refusal behavior for non-`accepts`, non-universal kinds. */
663
+ refusalMode: 'fail-node' | 'discard-and-warn';
664
+ }
665
+
666
+ /** Returned by the engine's `acceptEnvelope` path. */
667
+ export type EnvelopeOutcome =
668
+ | { status: 'accepted'; recordedEventIds: string[] }
669
+ | { status: 'gated'; reason: string; gate: EnvelopeContractRefusal }
670
+ | { status: 'invalid'; reason: string; details: ValidationDetail[] }
671
+ | { status: 'breached'; reason: string; capKind: 'envelopes' | 'schema' | 'clarification' };
672
+
673
+ export interface EnvelopeContractRefusal {
674
+ refusedType: string;
675
+ acceptedTypes: string[];
676
+ refusalMode: 'fail-node' | 'discard-and-warn';
677
+ }
678
+
679
+ export interface ValidationDetail {
680
+ path: string;
681
+ message: string;
682
+ }
683
+
684
+ /** Optional capability advertisement. Default when absent: 'warn'. */
685
+ export type EnvelopeStrictness = 'warn' | 'strict';
686
+
687
+ /** Optional capability advertisement per `ai-envelope.md` §"Capability handshake integration". */
688
+ export interface EnvelopeContractsCapability {
689
+ advertised: boolean;
690
+ }
691
+
692
+ // Universal-kind payloads. Per-kind schemas at `schemas/envelopes/<kind>.schema.json`.
693
+
694
+ /** Payload of the universal `clarification.request` envelope kind. */
695
+ export interface ClarificationRequestPayload {
696
+ questions: Array<{
697
+ id: string;
698
+ question: string;
699
+ schema?: Record<string, unknown>;
700
+ }>;
701
+ contextType?: string;
702
+ }
703
+
704
+ /** Payload of the universal `schema.request` envelope kind. */
705
+ export interface SchemaRequestPayload {
706
+ envelopeType: string;
707
+ reason?: string;
708
+ }
709
+
710
+ /** Payload of the universal `schema.response` envelope kind (LLM ack). */
711
+ export interface SchemaResponsePayload {
712
+ envelopeType: string;
713
+ ack: true;
714
+ }
715
+
716
+ /**
717
+ * Payload of the universal `error` envelope kind (the LLM's deliberate error
718
+ * report). Distinct from `ErrorEnvelope` (the host's HTTP error response).
719
+ */
720
+ export interface AIEnvelopeErrorPayload {
721
+ code: string;
722
+ message: string;
723
+ details?: Record<string, unknown>;
724
+ }
725
+
726
+ // ── RFC 0027 + RFC 0028 — Prompt library (spec/v1/prompts.md) ──
727
+
728
+ /**
729
+ * Role a PromptTemplate plays when composed into an LLM call. Shared enum
730
+ * `$ref`-ed by every schema that names a prompt kind. Per
731
+ * `schemas/prompt-kind.schema.json`.
732
+ */
733
+ export type PromptKind = 'system' | 'user' | 'few-shot' | 'schema-hint';
734
+
735
+ /**
736
+ * Typed interpolation slot in a PromptTemplate. Bindings are validated
737
+ * against this declaration before composition. Per
738
+ * `schemas/prompt-template.schema.json#/$defs/PromptVariable`.
739
+ */
740
+ export interface PromptVariable {
741
+ name: string;
742
+ type: 'string' | 'number' | 'boolean' | 'array' | 'object';
743
+ required: boolean;
744
+ source?: 'input' | 'variable' | 'secret' | 'context';
745
+ extractPath?: string;
746
+ defaultValue?: unknown;
747
+ description?: string;
748
+ }
749
+
750
+ /**
751
+ * Named, versioned, variable-bound prompt body. Per
752
+ * `schemas/prompt-template.schema.json` + spec/v1/prompts.md §PromptTemplate.
753
+ *
754
+ * `meta.packName` + `meta.packVersion` are required when `meta.source: "pack"`
755
+ * (RFC 0028 §C); a JSON-Schema `if/then` conditional enforces this at the
756
+ * wire layer.
757
+ */
758
+ export interface PromptTemplate {
759
+ templateId: string;
760
+ version: string;
761
+ kind: PromptKind;
762
+ text: string;
763
+ name?: string;
764
+ description?: string;
765
+ variables?: PromptVariable[];
766
+ modelHints?: {
767
+ modelClass?: string;
768
+ temperature?: number;
769
+ maxTokens?: number;
770
+ envelopeType?: string;
771
+ };
772
+ tags?: string[];
773
+ meta?: {
774
+ author?: string;
775
+ createdAt?: string;
776
+ updatedAt?: string;
777
+ source?: 'host' | 'pack' | 'user';
778
+ packName?: string;
779
+ packVersion?: string;
780
+ };
781
+ }
782
+
783
+ /**
784
+ * Reference to a PromptTemplate. Two equivalent forms — the stringy URI
785
+ * `prompt:<templateId>[@<version>]` and the structured object — per
786
+ * `schemas/prompt-ref.schema.json`. The stringy form is canonical for
787
+ * inline use; the object form is canonical when `libraryId` disambiguation
788
+ * or per-reference `variableOverrides` are needed.
789
+ */
790
+ export type PromptRef =
791
+ | string
792
+ | {
793
+ libraryId?: string;
794
+ templateId: string;
795
+ version?: string;
796
+ variableOverrides?: Record<string, unknown>;
797
+ };
798
+
799
+ /** Filter set for `client.prompts.list(...)` per RFC 0028 §A. */
800
+ export interface ListPromptsRequest {
801
+ kind?: PromptKind;
802
+ tag?: string;
803
+ modelClass?: string;
804
+ source?: 'host' | 'pack' | 'user';
805
+ cursor?: string;
806
+ limit?: number;
807
+ }
808
+
809
+ export interface ListPromptsResponse {
810
+ items: PromptTemplate[];
811
+ nextCursor?: string;
812
+ }
813
+
814
+ /** Identifier set for `client.prompts.get(...)` per RFC 0028 §A. */
815
+ export interface GetPromptRequest {
816
+ templateId: string;
817
+ /** Pin to a SemVer version. When omitted, returns the latest. */
818
+ version?: string;
819
+ /** Disambiguate when multiple installed packs ship the same templateId. */
820
+ libraryId?: string;
821
+ }
822
+
823
+ /** Request shape for `client.prompts.render(...)` per RFC 0028 §A. */
824
+ export interface RenderPromptRequest {
825
+ ref: PromptRef;
826
+ variables: Record<string, unknown>;
827
+ /**
828
+ * Aggregate trust marker for the supplied bindings; propagated through
829
+ * composition per RFC 0027 §E. Defaults to `trusted` when omitted.
830
+ */
831
+ contentTrust?: 'trusted' | 'untrusted';
832
+ }
833
+
834
+ /** Response shape for `client.prompts.render(...)`. The `hash` and
835
+ * `variableHashes` are always present; `composed` populates only under
836
+ * `capabilities.prompts.observability: "full"`. Same deterministic-hash
837
+ * invariant as `prompt.composed` events (RFC 0027 §F). */
838
+ export interface RenderPromptResponse {
839
+ hash: string;
840
+ refs: string[];
841
+ variableHashes: Record<string, string>;
842
+ composed?: string;
843
+ contentTrust?: 'trusted' | 'untrusted';
844
+ }
845
+
422
846
  /**
423
847
  * Thrown when the server returns a non-2xx response. Carries the original
424
848
  * status, parsed error envelope (if available), the raw response text,
@@ -0,0 +1,131 @@
1
+ /**
2
+ * Webhook delivery-verification helpers per `spec/v1/webhooks.md`
3
+ * §"Signature recipe". Receivers MUST verify both the HMAC AND the
4
+ * timestamp freshness before accepting a delivery — verifying HMAC
5
+ * alone leaves the receiver open to replay attacks.
6
+ *
7
+ * The canonical signing recipe:
8
+ *
9
+ * hmac = HMAC-SHA256(secret, `${timestamp}.${rawBody}`)
10
+ * header `openwop-Webhook-Signature: v1=<hmac-hex>`
11
+ * header `openwop-Webhook-Timestamp: <unix-seconds>`
12
+ *
13
+ * Verification:
14
+ *
15
+ * 1. Parse the `v1=<hex>` value from the signature header.
16
+ * 2. Recompute `expected = HMAC-SHA256(secret, `${timestamp}.${rawBody}`)`.
17
+ * 3. Compare using **constant-time** equality (timing-safe).
18
+ * 4. Reject when `|now - timestamp|` exceeds the freshness window
19
+ * (default 5 minutes per `webhooks.md`'s recommendation).
20
+ *
21
+ * Implementation note: this helper uses `node:crypto`'s `timingSafeEqual`
22
+ * for the comparison. The browser-side equivalent (Web Crypto's
23
+ * `subtle.verify`) is not wrapped here — the SDK's runtime is Node.
24
+ *
25
+ * @module @openwop/openwop/webhook-helpers
26
+ */
27
+
28
+ import { createHmac, timingSafeEqual } from 'node:crypto';
29
+
30
+ /** Default freshness window per `spec/v1/webhooks.md` §"Replay attack resistance". */
31
+ export const DEFAULT_WEBHOOK_FRESHNESS_WINDOW_SECONDS = 300;
32
+
33
+ export interface VerifyWebhookSignatureOptions {
34
+ /**
35
+ * Maximum age in seconds for the delivery timestamp before it's
36
+ * treated as a replay. Default 300 (5 minutes) per the spec.
37
+ * Set to 0 to disable timestamp checks (NOT recommended).
38
+ */
39
+ freshnessWindowSeconds?: number;
40
+ /**
41
+ * Override the "now" timestamp in unix seconds. Useful for testing.
42
+ * Default `Math.floor(Date.now() / 1000)`.
43
+ */
44
+ nowSeconds?: number;
45
+ }
46
+
47
+ export type VerifyWebhookOutcome =
48
+ | { valid: true }
49
+ | { valid: false; reason: 'signature_mismatch' | 'timestamp_expired' | 'timestamp_too_far_in_future' | 'malformed_signature_header' | 'malformed_timestamp_header' };
50
+
51
+ /**
52
+ * Verify a webhook delivery per `spec/v1/webhooks.md` §"Signature
53
+ * recipe". Returns `{ valid: true }` on success; otherwise
54
+ * `{ valid: false, reason }` so callers can log + alert appropriately.
55
+ *
56
+ * Callers MUST pass the **raw** body bytes — JSON-parsed-then-
57
+ * re-serialized bodies will fail verification because the host
58
+ * signs the exact bytes it delivered.
59
+ *
60
+ * @param secret The pre-shared secret returned from `webhooks.register`.
61
+ * @param signatureHeader The value of the `openwop-Webhook-Signature` header (e.g., `"v1=abc123…"`).
62
+ * @param timestampHeader The value of the `openwop-Webhook-Timestamp` header (unix seconds as string).
63
+ * @param rawBody The exact request body bytes the host POSTed.
64
+ */
65
+ export function verifyWebhookSignature(
66
+ secret: string,
67
+ signatureHeader: string,
68
+ timestampHeader: string,
69
+ rawBody: string | Buffer,
70
+ options: VerifyWebhookSignatureOptions = {},
71
+ ): VerifyWebhookOutcome {
72
+ // 1. Parse the signature header.
73
+ if (!signatureHeader.startsWith('v1=')) {
74
+ return { valid: false, reason: 'malformed_signature_header' };
75
+ }
76
+ const providedHex = signatureHeader.slice(3);
77
+ if (!/^[0-9a-f]+$/i.test(providedHex)) {
78
+ return { valid: false, reason: 'malformed_signature_header' };
79
+ }
80
+
81
+ // 2. Parse the timestamp.
82
+ const timestamp = Number(timestampHeader);
83
+ if (!Number.isInteger(timestamp) || timestamp <= 0) {
84
+ return { valid: false, reason: 'malformed_timestamp_header' };
85
+ }
86
+
87
+ // 3. Freshness check.
88
+ const window = options.freshnessWindowSeconds ?? DEFAULT_WEBHOOK_FRESHNESS_WINDOW_SECONDS;
89
+ if (window > 0) {
90
+ const now = options.nowSeconds ?? Math.floor(Date.now() / 1000);
91
+ const delta = now - timestamp;
92
+ if (delta > window) return { valid: false, reason: 'timestamp_expired' };
93
+ // Allow small future skew (within the window) but reject far-future timestamps.
94
+ if (delta < -window) return { valid: false, reason: 'timestamp_too_far_in_future' };
95
+ }
96
+
97
+ // 4. Recompute + constant-time compare.
98
+ const bodyStr = typeof rawBody === 'string' ? rawBody : rawBody.toString('utf8');
99
+ const signedBytes = `${timestamp}.${bodyStr}`;
100
+ const expectedHex = createHmac('sha256', secret).update(signedBytes, 'utf8').digest('hex');
101
+
102
+ const providedBuf = Buffer.from(providedHex, 'hex');
103
+ const expectedBuf = Buffer.from(expectedHex, 'hex');
104
+ if (providedBuf.length !== expectedBuf.length) {
105
+ return { valid: false, reason: 'signature_mismatch' };
106
+ }
107
+ if (!timingSafeEqual(providedBuf, expectedBuf)) {
108
+ return { valid: false, reason: 'signature_mismatch' };
109
+ }
110
+
111
+ return { valid: true };
112
+ }
113
+
114
+ /**
115
+ * Compute the canonical webhook signature for a payload — useful when
116
+ * implementing a host (forward direction) OR when generating test
117
+ * fixtures. Receivers verify via `verifyWebhookSignature`; this is the
118
+ * inverse.
119
+ */
120
+ export function signWebhookDelivery(
121
+ secret: string,
122
+ timestamp: number,
123
+ rawBody: string | Buffer,
124
+ ): { signatureHeader: string; timestampHeader: string } {
125
+ const bodyStr = typeof rawBody === 'string' ? rawBody : rawBody.toString('utf8');
126
+ const hex = createHmac('sha256', secret).update(`${timestamp}.${bodyStr}`, 'utf8').digest('hex');
127
+ return {
128
+ signatureHeader: `v1=${hex}`,
129
+ timestampHeader: String(timestamp),
130
+ };
131
+ }