@ovra/ts-sdk 0.5.0 → 0.5.2

package/README.md

@@ -1,496 +1,154 @@
-# Ovra TypeScript SDK
+# Ovra SDK for TypeScript
 
-[![NPM version](https://img.shields.io/npm/v/@ovra/ts-sdk.svg)](https://www.npmjs.com/package/@ovra/ts-sdk)
-[![NPM downloads](https://img.shields.io/npm/dm/@ovra/ts-sdk.svg)](https://www.npmjs.com/package/@ovra/ts-sdk)
+[![npm](https://img.shields.io/npm/v/@ovra/ts-sdk.svg)](https://www.npmjs.com/package/@ovra/ts-sdk)
+[![downloads](https://img.shields.io/npm/dm/@ovra/ts-sdk.svg)](https://www.npmjs.com/package/@ovra/ts-sdk)
+[![types](https://img.shields.io/npm/types/@ovra/ts-sdk.svg)](https://www.npmjs.com/package/@ovra/ts-sdk)
 
-The official TypeScript SDK for the [Ovra API](https://getovra.com) — payment
-infrastructure for AI agents. Issue virtual Visa cards, declare and approve
-spending intents, settle payments under signed mandates, and reconcile from
-the same typed surface.
+The Ovra SDK for TypeScript provides access to the [Ovra API](https://getovra.com)
+— payment infrastructure for AI agents — from server-side TypeScript or JavaScript.
 
-**Version: `0.5.0`** — fully bound to the `/v1/*` API. Regenerated
-from `apps/api/openapi.json`; releases ship manually for now (see
-[Publishing](#publishing) below — auto-publish is wired but pending
-on GH Actions billing). See the repo
-[CHANGELOG](https://github.com/ovra/ovra/blob/main/CHANGELOG.md) for the
-v0 → v1 migration notes.
+## Documentation
 
-**0.4.0 is a breaking release.** The `/v1/credentials/*` and
-`/v1/authorization-grants/*` rails were removed (alongside MCP
-`ovra_pay`); the AP2 agentic-commerce buy is now the canonical payment
-flow. The `ovra.credentials` namespace is gone — use
-`ovra.agenticCommerce.{search, buy, getOrder, listOrders, verifyOrder,
-refundOrder}` instead. See "Agentic Commerce surface" below.
+Full documentation lives at **[app.getovra.com/docs/quickstart](https://app.getovra.com/docs/quickstart)**.
+Error reference at **[app.getovra.com/docs/errors](https://app.getovra.com/docs/errors)**.
 
-## Install
+## Installation
 
 ```sh
 npm install @ovra/ts-sdk
 ```
 
-Requirements: Node.js 20+, or any runtime with `fetch` (Bun, Deno,
-Cloudflare Workers, Vercel Edge).
-
-## Quickstart
-
-Grab an API key at [getovra.com/dashboard](https://getovra.com/dashboard) →
-Settings → API keys, then drop straight into the canonical **one-call buy**:
+## Getting started
 
 ```ts
 import { Ovra } from "@ovra/ts-sdk";
 
-const ovra = new Ovra({ apiKey: process.env.OVRA_API_KEY! });
+const ovra = new Ovra({
+  apiKey: process.env.OVRA_API_KEY!, // sk_test_… in sandbox, sk_live_… in prod
+});
 
-// `ovra.pay()` wraps the AP2 agentic-commerce buy — DPAN mint + the
-// 4-mandate AP2 chain + capture + receipt in one round-trip. Amount is
-// EUR (decimal); the SDK converts to cents on the wire.
 const result = await ovra.pay({
-  agentId: "agt_…",      // an active agent in your workspace
-  offerId: "off_…",      // catalog offer id (see ovra.agenticCommerce.search)
-  merchant: "Notion",
-  amount: 79.0,          // €79.00
-  purpose: "Monthly Notion Team Plan renewal",
+  agentId: "agt_…",
+  offerId: "aic_openai-1000",
+  merchant: "OpenAI",
+  amount: 10.0,
+  purpose: "Top up OpenAI credits",
 });
 
 if (result.status === "completed") {
-  console.log(result.orderId, result.order.authorization.network_auth_code);
-} else {
-  console.error("buy failed:", result.reason);
+  console.log(result.orderId);                               // cmo_…
+  console.log(result.order.amount);                          // { amount: 1000, currency: "eur" }
+  console.log(result.order.authorization.network_auth_code); // "000123"
 }
 ```
 
-Prefer the raw operation? Same call, different envelope shape:
+`ovra.pay()` declares the intent, runs the policy gate, debits the wallet,
+mints the DPAN, signs the 4-mandate AP2 chain, captures with the merchant,
+and returns the order envelope in a single round-trip.
 
-```ts
-const { data: order } = await ovra.agenticCommerce.buy({
-  body: {
-    agent_id: "agt_…",
-    offer_id: "off_…",
-    purpose: "Monthly Notion Team Plan renewal",
-  },
-});
-console.log(order.order_id, order.status);
-```
+Need the lower-level primitives (custom approval UI, manual intent, raw
+generated operations)? See [app.getovra.com/docs/quickstart](https://app.getovra.com/docs/quickstart).
 
-Need the lower-level intent / checkout pipeline (custom approval UI,
-out-of-band capture)? The primitives are still here:
+## Requirements
 
-```ts
-// 1. Provision an agent. `policy` is required — fetch one via
-//    `ovra.policies.list()`. `profile.purpose` is required.
-const { data: agent } = await ovra.agents.create({
-  body: {
-    name: "Notion Buyer",
-    policy: "po_…",
-    profile: { purpose: "Monthly Notion Team Plan renewal" },
-  },
-});
-
-// 2. Declare a spending intent (`agent`, not `agent_id`).
-const { data: intent } = await ovra.intents.create({
-  body: {
-    agent: agent.id,
-    merchant: "Notion",
-    amount: { amount: 7900, currency: "eur" }, // €79.00
-    purpose: "Monthly Notion Team Plan renewal",
-  },
-});
-
-// 3. Approve the intent (production: this comes from the human
-//    approving in the dashboard or a passkey assertion).
-await ovra.intents.approve({ path: { id: intent.id } });
-
-// 4. Execute the checkout — `intent` + `target_url` (the merchant URL
-//    the DPAN will be submitted to) are both required.
-const { data: result } = await ovra.checkout.execute({
-  body: {
-    intent: intent.id,
-    target_url: "https://www.notion.so/checkout",
-  },
-});
-
-console.log(result.transaction_id, result.status);
-```
-
-Amounts on the wire are integers in the currency's minor units
-(`amount: 7900` = €79.00). Card PAN / CVV are **never** returned — only
-`last4` and a tokenized DPAN reach your code.
+Node.js 20+, or any runtime with global `fetch` (Bun, Deno, Cloudflare
+Workers, Vercel Edge).
 
 ## Authentication
 
-The constructor accepts any Ovra credential prefix. Pick the smallest scope
-that fits the call site.
+The constructor accepts any Ovra credential prefix. Pick the smallest
+scope that fits the call site.
 
-| Prefix              | What it is             | Use when                                                            |
-| ------------------- | ---------------------- | ------------------------------------------------------------------- |
-| `sk_live_…`         | Full workspace key     | Server-side production code that needs to mint/rotate/manage.       |
-| `sk_test_…`         | Full key, sandbox mode | Local dev and CI; `livemode: false` on every response.              |
-| `rk_…` / `rk_test_…` | Restricted key         | Read + scoped writes; blocked from key, webhook, billing, policy mutations. Safe to embed in less-trusted runtimes. |
-| `at_…`              | Agent token            | Scoped to one agent with a hard spend cap. The credential you ship to an agent runtime. |
+| Prefix         | What                  | Use when                                                                       |
+| -------------- | --------------------- | ------------------------------------------------------------------------------ |
+| `sk_live_…`    | Full live key         | Server-side prod code that mints / rotates / manages.                          |
+| `sk_test_…`    | Full sandbox key      | Local dev + CI. Every envelope returns `livemode: false`.                      |
+| `rk_…`         | Restricted key        | Read + scoped writes. Blocked from keys / webhooks / billing / policies.       |
+| `at_…`         | Agent token           | Bound to one agent with a hard spend cap. Safe to ship to an agent runtime.    |
 
 ```ts
 const ovra = new Ovra({
   apiKey: process.env.OVRA_API_KEY!,
-  // Sent as the `X-Ovra-Client-App` header on every request — used for
-  // analytics and to help support trace issues back to your integration.
-  appInfo: { name: "AcmeCRM", version: "1.4.2" },
+  appInfo: { name: "AcmeCRM", version: "1.4.2" }, // X-Ovra-Client-App
 });
 
-// Best-effort scope hint derived from the key prefix — useful for
-// dev-time logging only; the server is the source of truth.
-//   sk_* → "full"   |   rk_* → "restricted"   |   at_* → "agent"
-console.log(ovra.keyScope);
+// Dev-time scope hint (not enforced — server is the source of truth):
+console.log(ovra.keyScope); // "full" | "restricted" | "agent" | "unknown"
 ```
 
-Test-mode keys produce objects with `livemode: false`; live keys produce
-`livemode: true`. Whenever the API is deployed against the sandbox card
-issuer, **every** response is `livemode: false` regardless of key — the
-whole workspace is sandbox until the real issuer ships.
-
-## Money
-
-Money is `{ amount, currency }` everywhere on the wire. `amount` is an
-integer in minor units; `currency` is a three-letter ISO code lowercased.
-
-| Display      | Wire value                                |
-| ------------ | ----------------------------------------- |
-| €50.00       | `{ amount: 5000, currency: "eur" }`       |
-| €0.99        | `{ amount: 99, currency: "eur" }`         |
-| £1,234.56    | `{ amount: 123456, currency: "gbp" }`     |
-| ¥1,000 (JPY) | `{ amount: 1000, currency: "jpy" }` (JPY has no minor units; treat the integer as the whole-yen amount.) |
-
-Floats and decimal strings are rejected at the validation layer. There is
-no implicit unit conversion — what you send is what gets compared against
-the policy.
-
-## Timestamps
-
-Every timestamp is an ISO 8601 string in the `created` field
-(`"2026-05-25T18:04:16Z"`). The legacy `created_at` / `createdAt` / epoch
-millis variants are gone.
-
 ## Errors
 
-API errors throw a typed subclass of `OvraError`. Branch on type, status,
-or — preferred — `code`:
+Errors are typed exceptions per category — branch on `e.code` (machine-
+readable), show `e.message` to humans, link to `e.docUrl` from your own UI.
 
 ```ts
-import {
-  Ovra,
-  OvraError,
-  OvraNotFoundError,
-  OvraRateLimitError,
-} from "@ovra/ts-sdk";
+import { OvraError } from "@ovra/ts-sdk";
 
 try {
-  await ovra.cards.get({ path: { id: "crd_…" } });
-} catch (err) {
-  if (err instanceof OvraNotFoundError) {
-    // 404 — card doesn't exist or isn't yours
-  } else if (err instanceof OvraRateLimitError) {
-    // 429 — back off and retry
-  } else if (err instanceof OvraError && err.code === "E_POLICY_DENIED") {
-    // policy gate refused the spend; `err.message` is the human string,
-    // `err.param` points at the offending body field if any.
-  } else {
-    throw err;
+  await ovra.pay({ agentId, offerId, merchant, amount });
+} catch (e) {
+  if (!(e instanceof OvraError)) throw e;
+  switch (e.code) {
+    case "E_INSUFFICIENT_FUNDS":     return topUpAndRetry();
+    case "E_POLICY_LIMIT_EXCEEDED":  return showLimits(e.message);
+    case "E_OFFER_EXPIRED":          return refreshOffer();
+    case "E_FSM_INVALID_TRANSITION": return refetchOrder();
+    default:                          return reportError(e.message, e.docUrl);
   }
 }
 ```
 
-On the wire, every error body matches the v1 envelope:
-
-```json
-{
-  "error": {
-    "type": "policy_error",
-    "code": "E_POLICY_DENIED",
-    "message": "Spend exceeds the configured policy limit.",
-    "param": "amount",
-    "doc_url": "https://docs.getovra.com/errors/E_POLICY_DENIED",
-    "request_id": "req_…",
-    "status": 403
-  }
-}
-```
-
-The thrown `OvraError` flattens that envelope onto the instance —
-`err.type`, `err.code`, `err.message`, `err.param`, `err.docUrl`,
-`err.requestId`, `err.status`. Branch on `err.code` — it's typed,
-~50 canonical values, stable across releases. Never parse `err.message`
-— it's a human string and may change.
+Every envelope carries `code`, `type`, `message`, `param`, `docUrl`,
+`requestId`, `status`. Full reference: [app.getovra.com/docs/errors](https://app.getovra.com/docs/errors).
 
 ## Idempotency
 
-Mutating requests (`POST`, `PATCH`, `DELETE`) require an `Idempotency-Key`
-header. **The SDK auto-mints a fresh UUID per call**, so retries through
-the built-in retry policy are safe by default. Override per-call when you
-want explicit deduplication across processes:
+Every mutating call is idempotent by default — the SDK mints a UUID
+`Idempotency-Key` per logical operation and reuses it across retries.
+Replays inside the 24h dedup window return the original response with
+`X-Idempotent-Replayed: true`. Pass your own key for cross-process dedup:
 
 ```ts
-await ovra.transfers.create({
-  headers: { "Idempotency-Key": "transfer-2026-q2-invoice-4711" },
-  body: {
-    from_wallet: "wal_…",
-    to_beneficiary: "ben_…",
-    amount: { amount: 250000, currency: "eur" },
-  },
+await ovra.intents.create({
+  body: { agent: "agt_…", merchant: "Notion", amount: { amount: 7900, currency: "eur" }, purpose: "…" },
+  headers: { "Idempotency-Key": "your-stable-key" },
 });
 ```
 
-Re-sending the same key + identical body returns the original response.
-Re-sending the same key with a *different* body returns
-`E_IDEMPOTENCY_CONFLICT` (HTTP 409). An in-flight collision returns
-`E_IDEMPOTENCY_IN_FLIGHT`.
+## MCP server
 
-## Pagination
-
-Every list method is cursor-paginated and returns the canonical envelope
-directly — the SDK auto-strips hey-api's outer `{data, request, response}`
-wrapper for any `list*` call so you get the list shape verbatim:
-
-```ts
-const page1 = await ovra.cards.list({ query: { limit: 50 } });
-//      ^? { object: "list", data: Card[], has_more, next_cursor, url }
-
-for (const card of page1.data) {
-  console.log(card.id, card.last4);
-}
-
-if (page1.has_more) {
-  const page2 = await ovra.cards.list({
-    query: { limit: 50, starting_after: page1.next_cursor! },
-  });
-}
-```
-
-Or use the `paginate` helper to iterate the full set:
-
-```ts
-import { paginate } from "@ovra/ts-sdk";
-
-for await (const card of paginate(
-  (args) => ovra.cards.list({ query: args }),
-  { limit: 50 },
-)) {
-  console.log(card.id, card.last4);
-}
-```
-
-The wire envelope (what `page1` deserializes to):
+Want to call Ovra from Claude / Cursor / any MCP client? The same surface
+ships as [`@ovra/mcp`](https://www.npmjs.com/package/@ovra/mcp) (10 tools).
+Add to `.mcp.json`:
 
 ```json
 {
-  "object": "list",
-  "data": [ /* … */ ],
-  "has_more": true,
-  "next_cursor": "card_01HE…",
-  "url": "/v1/cards"
-}
-```
-
-## Retries
-
-Connection errors and 5xx / 429 / 408 responses retry automatically with
-jittered exponential backoff (500 ms → 4 s, 30 s wall-clock budget).
-Tune or disable per-client:
-
-```ts
-const ovra = new Ovra({
-  apiKey: "…",
-  retry: { maxRetries: 5, maxElapsedMs: 60_000 },
-  // or: retry: false
-});
-```
-
-## Agentic Commerce surface
-
-The AP2 sandbox is the canonical buy pipeline as of 0.4.0. Catalog
-discovery, the buy orchestrator, and the UCP-shaped order envelope
-(line_items / fulfillment / adjustments / totals / permalink_url) all
-live under `ovra.agenticCommerce`:
-
-```ts
-// Browse the 10-vertical catalog
-const offers = await ovra.agenticCommerce.search({
-  body: { vertical: "saas-subscriptions", query: { merchant: "notion", plan: "team" } },
-});
-
-// One-call buy — mints DPAN + signs the 4-mandate AP2 chain + captures.
-// The route reads `agent_id`, `offer_id`, `purpose`, optional `card_id`
-// + `intent_id`. Amount + merchant are derived from the offer.
-const order = await ovra.agenticCommerce.buy({
-  body: {
-    agent_id: "agt_…",
-    offer_id: "off_…",
-    purpose: "Monthly Notion Team Plan renewal",
-  },
-});
-
-// Re-verify the AP2 chain against the cached mandate set
-const check = await ovra.agenticCommerce.verifyOrder({
-  path: { order_id: order.data.order_id },
-});
-
-// UCP-conformant refund — append to adjustments, debit totals, flip
-// status to REFUNDED (full) or COMPENSATED (partial)
-await ovra.agenticCommerce.refundOrder({
-  path: { order_id: order.data.order_id },
-  body: { amount_cents: 7900, reason: "customer cancelled" },
-});
-```
-
-## Resource coverage
-
-`Ovra` binds every `/v1/*` resource as an ergonomic namespace —
-33 namespaces, 141 operations total, all of them auto-typed from the
-generated client. Listed by domain:
-
-### Money
-
-- `wallets` — `list`, `create`, `get`, `update`, `delete`
-- `transfers` — `list`, `create`, `get`
-- `beneficiaries` — `list`, `create`, `get`, `update`, `delete`
-- `refunds` — `list`, `create`, `get`
-- `paymentRequests` — `list`, `create`, `get`, `cancel`
-- `ledgerEntries` — `list`, `get` (double-entry ledger, read-only)
-- `billing` — `getSubscription`, `createSubscription`,
-  `createPortalSession`, `getPaymentMethod`, `setupPaymentMethod`,
-  `fundWallet`, `getSepaInstructions`, `getBalance`, `collectOverage`
-- `invoices` — `list`, `get`
-
-### Agents & spending
-
-- `agents` — `list`, `create`, `get`, `update`, `delete`, `freeze`,
-  `unfreeze`, `getByExternalId`
-- `cards` — `list`, `create`, `get`, `update`, `freeze`, `unfreeze`,
-  `close`, `rotate`
-- `intents` — `list`, `create`, `get`, `approve`, `deny`, `cancel`,
-  `issueCredentials`, `confirmPayment`
-- `transactions` — `list`, `get` (read-only)
-- `checkout` — `execute`, `confirm`
-- `agenticCommerce` — `listVerticals`, `search`, `getOffer`,
-  `getMerchantJwk`, `buy`, `listOrders`, `getOrder`, `verifyOrder`,
-  `refundOrder`
-- `runs` — `create`, `get`
-- `outcomes` — `list`, `create`, `get`
-- `forecast` — `get`
-- `pay()` — one-call buy convenience wrapper around
-  `agenticCommerce.buy`
-
-### Compliance & governance
-
-- `policies` — `list`, `create`, `get`, `update`, `delete`, `apply`
-- `approvalPolicies` — `create`, `get`, `update`, `delete`
-- `disputes` — `list`, `create`, `get`, `resolve`, `listEvidence`,
-  `addEvidence` (nested per-dispute)
-- `disputeEvidence` — `list`, `create` (standalone file uploads)
-- `riskEvents` — `list`, `listViolations`, `listFraudAlerts`,
-  `updateFraudAlert`, `getAgentRisk`, `unfreezeAgent`, `getConfig`,
-  `updateConfig`, `getSummary`
-- `auditEvents` — `list`, `get`, `verifyChain` (tamper-evident)
-- `accessEvents` — `list`, `get`
-- `metrics` — `list`
-
-### Identity & access
-
-- `customers` — `me`, `create`, `get`, `update`
-- `apiKeys` — `list`, `create`, `get`, `delete` (requires `sk_*` scope)
-- `delegations` — `list`, `create`, `get`, `delete` (mint `at_*` tokens)
-- `passkeys` — `list`, `revoke`
-- `merchantCategories` — `list`, `get` (MCC lookup)
-
-### Webhooks & notifications
-
-- `webhooks` — `list`, `create`, `get`, `update`, `delete`,
-  `rotateSecret`, `ping`, `listDeliveries`
-- `notifications` — `list`, `unreadCount`, `markRead`, `markAllRead`
-  (user-scoped — token credential, not `sk_*`)
-- `pushSubscriptions` — `getVapidPublicKey`, `register`, `delete`
-  (Web Push for the approve PWA)
-
-### Scope requirements
-
-Most write namespaces require an `sk_*` workspace key. The following
-will 403 with a restricted (`rk_*`) or agent (`at_*`) token:
-
-- `apiKeys.*`, `delegations.create|delete`, `webhooks.*` mutations,
-  `policies.*` mutations, `approvalPolicies.*`, `billing.*` mutations,
-  `riskEvents.updateConfig|unfreezeAgent`, `customers.create|update`
-
-Reads on those surfaces are allowed with `rk_*`. `notifications`,
-`pushSubscriptions`, and `passkeys` are user-scoped — they want a
-session credential, not a workspace key.
-
-### Plan requirements
-
-A handful of namespaces are gated on the workspace's billing plan and
-will throw `E_PLAN_UPGRADE_REQUIRED` (HTTP 402) or
-`E_PERMISSION_DENIED` (HTTP 403) on Starter:
-
-- **Business plan or higher** — `auditEvents.*`, `metrics.*`,
-  `riskEvents.*`, `delegations.*`
-
-Catch the error and surface the upgrade prompt:
-
-```ts
-try {
-  await ovra.auditEvents.list();
-} catch (err) {
-  if (err instanceof OvraError && err.code === "E_PLAN_UPGRADE_REQUIRED") {
-    // route the user to getovra.com/dashboard/billing
+  "mcpServers": {
+    "ovra": {
+      "command": "npx",
+      "args": ["-y", "@ovra/mcp"],
+      "env": { "OVRA_API_KEY": "sk_test_…" }
+    }
   }
 }
 ```
 
-### Tree-shaking
-
-Prefer raw functions over the class? Every operation is also exported
-from `@ovra/ts-sdk/api`:
-
-```ts
-import { listApiKeys } from "@ovra/ts-sdk/api";
-const keys = await listApiKeys({ query: { limit: 10 } });
-```
-
-The full inventory is in `apps/api/openapi.json` (single source of
-truth — the SDK is regenerated from it on every release).
-
-## Publishing
-
-> **Status (2026-05-28):** auto-publish via
-> `.github/workflows/sdk-publish.yaml` is wired correctly but
-> **currently blocked at the runner-allocation step** — the GitHub
-> account has a billing issue ("recent account payments have failed
-> or your spending limit needs to be increased"). All workflow runs
-> exit in ~3-5 s before the YAML steps start. Until billing is
-> restored, every release ships via the manual script below; both
-> `0.4.0` and `0.4.1` were published this way.
+## Resource coverage
 
-Manual release flow (single command — runs regen + build + version
-check + `npm publish`):
+33 typed namespaces — agents, cards, wallets, intents, transactions,
+agentic-commerce (search / buy / order / refund / verify), policies,
+delegations, customers, disputes, webhooks, audit, billing, and 20 more.
+Generated functions for every operation are also accessible as raw exports.
 
-```sh
-# Bump packages/sdk/package.json version first (semver: patch / minor / major)
-pnpm --filter @ovra/ts-sdk version patch --no-git-tag-version
-
-# Then publish (refuses if local <= remote, or if git tree is dirty)
-pnpm run publish:sdk            # or: pnpm --filter @ovra/ts-sdk run publish-manual
-pnpm run publish:sdk:dry        # dry-run (no upload, full pipeline otherwise)
-```
+See the [API reference](https://app.getovra.com/docs/errors) for the full
+list with scope and plan requirements.
 
-The script lives at `scripts/publish-sdk.sh`. Requirements: logged in
-to npm as a publisher on the `@ovra` scope (`npm login`), clean git
-tree, local version strictly greater than the version currently on
-npm.
+## Support
 
-Once GH Actions billing is restored, every push to `main` that
-touches `apps/api/openapi.json`, `packages/sdk/src/**`,
-`packages/sdk/openapi-ts.config.ts`, or `packages/sdk/package.json`
-will regenerate, bump (patch), and publish automatically — the
-workflow is already in place.
+- Documentation: [app.getovra.com/docs/quickstart](https://app.getovra.com/docs/quickstart)
+- Issues: [github.com/ovra/ovra/issues](https://github.com/ovra/ovra/issues)
+- Email: support@getovra.com
 
 ## License
 
-Commercial — see [LICENSE](./LICENSE). The Ovra service requires a paid
-subscription.
+UNLICENSED — internal use only until the public release lands.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ovra/ts-sdk",
-  "version": "0.5.0",
+  "version": "0.5.2",
   "description": "Official TypeScript SDK for the Ovra API — payment infrastructure for AI agents.",
   "author": "Ovra",
   "license": "SEE LICENSE IN LICENSE",