@postrun/js 0.1.0

package/dist/server.d.cts

@@ -0,0 +1,34 @@
+import { cD as TokensMintData, f5 as PostrunClient, fo as TokensMintResponse } from './types.gen-DGCs7eB8.cjs';
+
+/**
+ * The body for minting a scoped token — the generated request shape (snake_case,
+ * the exact wire contract). `scopes` is the closed `resource:action` union and
+ * `profile_scope` the `{ type, values }` selector, both derived from the spec so
+ * they can never drift. Money/structural writes are NOT scopes: those endpoints
+ * are secret-key-only and a browser token simply cannot reach them, by design.
+ */
+type MintTokenInput = TokensMintData['body'];
+interface PostrunServerOptions {
+    /** Your secret `pr_` API key. NEVER expose this to a browser. */
+    secretKey: string;
+    /** Override the API base URL (defaults to the production gateway). */
+    baseUrl?: string;
+}
+interface PostrunServer {
+    /** A typed client authenticated with the secret key — for any server-side call. */
+    readonly client: PostrunClient;
+    readonly tokens: {
+        /** Mint a short-lived, scoped frontend token from the secret key. */
+        mint(input: MintTokenInput): Promise<TokensMintResponse>;
+    };
+}
+/**
+ * Create a server-side Postrun client from a secret `pr_` key. Its primary job
+ * is `tokens.mint` — issue a short-lived, scoped token your frontend hands to
+ * `createPostrunClient`, so the secret key never reaches the browser. The raw
+ * `client` is exposed for any other server-side call (e.g. the generated SDK
+ * functions: `postsCreate({ client })`).
+ */
+declare function createPostrunServer(options: PostrunServerOptions): PostrunServer;
+
+export { type MintTokenInput, type PostrunServer, type PostrunServerOptions, createPostrunServer };

package/dist/server.d.ts

@@ -0,0 +1,34 @@
+import { cD as TokensMintData, f5 as PostrunClient, fo as TokensMintResponse } from './types.gen-DGCs7eB8.js';
+
+/**
+ * The body for minting a scoped token — the generated request shape (snake_case,
+ * the exact wire contract). `scopes` is the closed `resource:action` union and
+ * `profile_scope` the `{ type, values }` selector, both derived from the spec so
+ * they can never drift. Money/structural writes are NOT scopes: those endpoints
+ * are secret-key-only and a browser token simply cannot reach them, by design.
+ */
+type MintTokenInput = TokensMintData['body'];
+interface PostrunServerOptions {
+    /** Your secret `pr_` API key. NEVER expose this to a browser. */
+    secretKey: string;
+    /** Override the API base URL (defaults to the production gateway). */
+    baseUrl?: string;
+}
+interface PostrunServer {
+    /** A typed client authenticated with the secret key — for any server-side call. */
+    readonly client: PostrunClient;
+    readonly tokens: {
+        /** Mint a short-lived, scoped frontend token from the secret key. */
+        mint(input: MintTokenInput): Promise<TokensMintResponse>;
+    };
+}
+/**
+ * Create a server-side Postrun client from a secret `pr_` key. Its primary job
+ * is `tokens.mint` — issue a short-lived, scoped token your frontend hands to
+ * `createPostrunClient`, so the secret key never reaches the browser. The raw
+ * `client` is exposed for any other server-side call (e.g. the generated SDK
+ * functions: `postsCreate({ client })`).
+ */
+declare function createPostrunServer(options: PostrunServerOptions): PostrunServer;
+
+export { type MintTokenInput, type PostrunServer, type PostrunServerOptions, createPostrunServer };

package/dist/server.js

@@ -0,0 +1,30 @@
+import { createPostrunClient, tokensMint } from './chunk-A545VJ5X.js';
+import './chunk-IMU3SG45.js';
+
+// src/server.ts
+function assertServerOnly() {
+  if (typeof window !== "undefined" && typeof window.document !== "undefined") {
+    throw new Error(
+      "createPostrunServer must run only on a server \u2014 it holds your secret pr_ key. In the browser, use createPostrunClient with a minted scoped token instead."
+    );
+  }
+}
+function createPostrunServer(options) {
+  assertServerOnly();
+  if (!options.secretKey) {
+    throw new Error("createPostrunServer requires a secret `pr_` key (secretKey).");
+  }
+  const client = createPostrunClient({
+    baseUrl: options.baseUrl,
+    getToken: () => options.secretKey
+  });
+  async function mint(input) {
+    const { data } = await tokensMint({ client, body: input });
+    return data;
+  }
+  return { client, tokens: { mint } };
+}
+
+export { createPostrunServer };
+//# sourceMappingURL=server.js.map
+//# sourceMappingURL=server.js.map

package/dist/server.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/server.ts"],"names":[],"mappings":";;;;AA+BA,SAAS,gBAAA,GAAyB;AAChC,EAAA,IAAI,OAAO,MAAA,KAAW,WAAA,IAAe,OAAO,MAAA,CAAO,aAAa,WAAA,EAAa;AAC3E,IAAA,MAAM,IAAI,KAAA;AAAA,MACR;AAAA,KAEF;AAAA,EACF;AACF;AASO,SAAS,oBAAoB,OAAA,EAA8C;AAChF,EAAA,gBAAA,EAAiB;AACjB,EAAA,IAAI,CAAC,QAAQ,SAAA,EAAW;AACtB,IAAA,MAAM,IAAI,MAAM,8DAA8D,CAAA;AAAA,EAChF;AAEA,EAAA,MAAM,SAAS,mBAAA,CAAoB;AAAA,IACjC,SAAS,OAAA,CAAQ,OAAA;AAAA,IACjB,QAAA,EAAU,MAAM,OAAA,CAAQ;AAAA,GACzB,CAAA;AAED,EAAA,eAAe,KAAK,KAAA,EAAoD;AACtE,IAAA,MAAM,EAAE,MAAK,GAAI,MAAM,WAAW,EAAE,MAAA,EAAQ,IAAA,EAAM,KAAA,EAAO,CAAA;AACzD,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,OAAO,EAAE,MAAA,EAAQ,MAAA,EAAQ,EAAE,MAAK,EAAE;AACpC","file":"server.js","sourcesContent":["import { createPostrunClient } from './client';\nimport type { PostrunClient } from './client';\nimport { tokensMint } from './client/sdk.gen';\nimport type { TokensMintData, TokensMintResponse } from './client/types.gen';\n\n/**\n * The body for minting a scoped token — the generated request shape (snake_case,\n * the exact wire contract). `scopes` is the closed `resource:action` union and\n * `profile_scope` the `{ type, values }` selector, both derived from the spec so\n * they can never drift. Money/structural writes are NOT scopes: those endpoints\n * are secret-key-only and a browser token simply cannot reach them, by design.\n */\nexport type MintTokenInput = TokensMintData['body'];\n\nexport interface PostrunServerOptions {\n  /** Your secret `pr_` API key. NEVER expose this to a browser. */\n  secretKey: string;\n  /** Override the API base URL (defaults to the production gateway). */\n  baseUrl?: string;\n}\n\nexport interface PostrunServer {\n  /** A typed client authenticated with the secret key — for any server-side call. */\n  readonly client: PostrunClient;\n  readonly tokens: {\n    /** Mint a short-lived, scoped frontend token from the secret key. */\n    mint(input: MintTokenInput): Promise<TokensMintResponse>;\n  };\n}\n\n/** The secret key must never reach a browser — fail loudly if it would. */\nfunction assertServerOnly(): void {\n  if (typeof window !== 'undefined' && typeof window.document !== 'undefined') {\n    throw new Error(\n      'createPostrunServer must run only on a server — it holds your secret pr_ key. ' +\n        'In the browser, use createPostrunClient with a minted scoped token instead.',\n    );\n  }\n}\n\n/**\n * Create a server-side Postrun client from a secret `pr_` key. Its primary job\n * is `tokens.mint` — issue a short-lived, scoped token your frontend hands to\n * `createPostrunClient`, so the secret key never reaches the browser. The raw\n * `client` is exposed for any other server-side call (e.g. the generated SDK\n * functions: `postsCreate({ client })`).\n */\nexport function createPostrunServer(options: PostrunServerOptions): PostrunServer {\n  assertServerOnly();\n  if (!options.secretKey) {\n    throw new Error('createPostrunServer requires a secret `pr_` key (secretKey).');\n  }\n\n  const client = createPostrunClient({\n    baseUrl: options.baseUrl,\n    getToken: () => options.secretKey,\n  });\n\n  async function mint(input: MintTokenInput): Promise<TokensMintResponse> {\n    const { data } = await tokensMint({ client, body: input });\n    return data;\n  }\n\n  return { client, tokens: { mint } };\n}\n"]}