@primitivedotdev/sdk 0.24.0 → 0.25.1

package/dist/api/generated/sdk.gen.js

@@ -28,7 +28,7 @@ export const pollCliLogin = (options) => (options.client ?? client).post({
     url: '/cli/login/poll',
     ...options,
     headers: {
-        'Content-Type': 'application/json',
+        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
         ...options.headers
     }
 });
@@ -64,7 +64,7 @@ export const updateAccount = (options) => (options.client ?? client).patch({
     url: '/account',
     ...options,
     headers: {
-        'Content-Type': 'application/json',
+        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
         ...options.headers
     }
 });
@@ -143,7 +143,7 @@ export const addDomain = (options) => (options.client ?? client).post({
     url: '/domains',
     ...options,
     headers: {
-        'Content-Type': 'application/json',
+        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
         ...options.headers
     }
 });
@@ -169,7 +169,7 @@ export const updateDomain = (options) => (options.client ?? client).patch({
     url: '/domains/{id}',
     ...options,
     headers: {
-        'Content-Type': 'application/json',
+        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
         ...options.headers
     }
 });
@@ -327,7 +327,7 @@ export const replyToEmail = (options) => (options.client ?? client).post({
     url: '/emails/{id}/reply',
     ...options,
     headers: {
-        'Content-Type': 'application/json',
+        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
         ...options.headers
     }
 });
@@ -405,7 +405,7 @@ export const createEndpoint = (options) => (options.client ?? client).post({
     url: '/endpoints',
     ...options,
     headers: {
-        'Content-Type': 'application/json',
+        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
         ...options.headers
     }
 });
@@ -434,7 +434,7 @@ export const updateEndpoint = (options) => (options.client ?? client).patch({
     url: '/endpoints/{id}',
     ...options,
     headers: {
-        'Content-Type': 'application/json',
+        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
         ...options.headers
     }
 });
@@ -475,7 +475,7 @@ export const createFilter = (options) => (options.client ?? client).post({
     url: '/filters',
     ...options,
     headers: {
-        'Content-Type': 'application/json',
+        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
         ...options.headers
     }
 });
@@ -497,7 +497,7 @@ export const updateFilter = (options) => (options.client ?? client).patch({
     url: '/filters/{id}',
     ...options,
     headers: {
-        'Content-Type': 'application/json',
+        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
         ...options.headers
     }
 });
@@ -590,7 +590,7 @@ export const sendEmail = (options) => (options.client ?? client).post({
     url: '/send-mail',
     ...options,
     headers: {
-        'Content-Type': 'application/json',
+        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
         ...options.headers
     }
 });
@@ -683,7 +683,7 @@ export const createFunction = (options) => (options.client ?? client).post({
     url: '/functions',
     ...options,
     headers: {
-        'Content-Type': 'application/json',
+        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
         ...options.headers
     }
 });
@@ -739,7 +739,7 @@ export const updateFunction = (options) => (options.client ?? client).put({
     url: '/functions/{id}',
     ...options,
     headers: {
-        'Content-Type': 'application/json',
+        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
         ...options.headers
     }
 });
@@ -747,8 +747,14 @@ export const updateFunction = (options) => (options.client ?? client).put({
  * Send a test invocation
  *
  * Sends a real test email from a Primitive-controlled sender to a
- * synthetic local-part on one of the org's verified inbound
- * domains. The function fires through the normal MX delivery
+ * local-part on one of the org's verified inbound domains. By
+ * default the recipient is a synthetic
+ * `__primitive_function_test+<random>@<domain>` address that
+ * every handler's catch-all routing receives identically; pass
+ * `local_part` to override and exercise routing logic that
+ * branches on a specific recipient (the common pattern when one
+ * function handles multiple inboxes like `summarize@` and
+ * `action@`). The function fires through the normal MX delivery
  * path, so reply / send-mail calls from inside the handler
  * against the inbound's `email.id` work the same as in
  * production. Returns immediately after the send is queued; the
@@ -758,12 +764,18 @@ export const updateFunction = (options) => (options.client ?? client).put({
  * Requires that the function is currently `deployed`. Returns 422
  * if the function is in `pending` or `failed` state, or if the
  * org has no verified inbound domain to receive the test mail.
+ * Returns 400 if `local_part` is set to a value that does not
+ * match the local-part character set.
  *
  */
 export const testFunction = (options) => (options.client ?? client).post({
     security: [{ scheme: 'bearer', type: 'http' }],
     url: '/functions/{id}/test',
-    ...options
+    ...options,
+    headers: {
+        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
+        ...options.headers
+    }
 });
 /**
  * List a function's secrets
@@ -804,7 +816,7 @@ export const createFunctionSecret = (options) => (options.client ?? client).post
     url: '/functions/{id}/secrets',
     ...options,
     headers: {
-        'Content-Type': 'application/json',
+        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
         ...options.headers
     }
 });
@@ -838,7 +850,7 @@ export const setFunctionSecret = (options) => (options.client ?? client).put({
     url: '/functions/{id}/secrets/{key}',
     ...options,
     headers: {
-        'Content-Type': 'application/json',
+        ...(options.body !== undefined && { 'Content-Type': 'application/json' }),
         ...options.headers
     }
 });

package/dist/api/index.d.ts

@@ -1,2 +1,3 @@
-import { $ as replyToEmail, $a as TestEndpointError, $i as ReplayDeliveryResponses, $n as EmailDetail, $o as RequestOptions, $r as GetWebhookSecretResponses, $t as CreateFunctionSecretInput, A as deleteFunction, Aa as SendPermissionAnyRecipient, Ai as ListFunctionSecretsResponse, An as DeleteFunctionSecretErrors, Ao as UpdateFilterError, Ar as GetFunctionError, At as ClientOptions, B as getStorageStats, Ba as SetFunctionSecretErrors, Bi as ListSentEmailsResponse, Bn as DiscardEmailContentResponses, Bo as UpdateFunctionResponses, Br as GetSentEmailError, Bt as CreateFilterInput, C as createFilter, Ca as SendEmailError, Ci as ListFiltersError, Cn as DeleteFunctionData, Co as UpdateEndpointData, Cr as GetAccountResponses, Ct as CliLogoutData, D as deleteEmail, Da as SendMailInput, Di as ListFunctionSecretsData, Dn as DeleteFunctionResponses, Do as UpdateEndpointResponse, Dr as GetEmailResponse, Dt as CliLogoutResponse, E as deleteDomain, Ea as SendEmailResponses, Ei as ListFiltersResponses, En as DeleteFunctionResponse, Eo as UpdateEndpointInput, Er as GetEmailErrors, Et as CliLogoutInput, F as getAccount, Fa as SentEmailDetail, Fi as ListFunctionsResponse, Fn as DiscardContentResult, Fo as UpdateFunctionData, Fr as GetSendPermissionsError, Ft as CreateEndpointResponse, G as listEndpoints, Ga as StartCliLoginError, Gi as PollCliLoginErrors, Gn as DownloadAttachmentsErrors, Go as VerifyDomainResponse, Gr as GetStorageStatsError, Gt as CreateFunctionErrors, H as listDeliveries, Ha as SetFunctionSecretResponse, Hi as PaginationMeta, Hn as DomainVerifyResult, Ho as VerifyDomainData, Hr as GetSentEmailResponse, Ht as CreateFilterResponses, I as getEmail, Ia as SentEmailStatus, Ii as ListFunctionsResponses, In as DiscardEmailContentData, Io as UpdateFunctionError, Ir as GetSendPermissionsErrors, It as CreateEndpointResponses, J as listFunctions, Ja as StartCliLoginResponse, Ji as PollCliLoginResponses, Jn as DownloadRawEmailData, Jo as Client, Jr as GetStorageStatsResponses, Jt as CreateFunctionResponses, K as listFilters, Ka as StartCliLoginErrors, Ki as PollCliLoginInput, Kn as DownloadAttachmentsResponse, Ko as VerifyDomainResponses, Kr as GetStorageStatsErrors, Kt as CreateFunctionInput, L as getFunction, La as SentEmailSummary, Li as ListSentEmailsData, Ln as DiscardEmailContentError, Lo as UpdateFunctionErrors, Lr as GetSendPermissionsResponse, Lt as CreateFilterData, M as discardEmailContent, Ma as SendPermissionRule, Mi as ListFunctionsData, Mn as DeleteFunctionSecretResponses, Mo as UpdateFilterInput, Mr as GetFunctionResponse, Mt as CreateEndpointError, N as downloadAttachments, Na as SendPermissionYourDomain, Ni as ListFunctionsError, Nn as DeliveryStatus, No as UpdateFilterResponse, Nr as GetFunctionResponses, Nt as CreateEndpointErrors, O as deleteEndpoint, Oa as SendMailResult, Oi as ListFunctionSecretsError, On as DeleteFunctionSecretData, Oo as UpdateEndpointResponses, Or as GetEmailResponses, Ot as CliLogoutResponses, P as downloadRawEmail, Pa as SendPermissionsMeta, Pi as ListFunctionsErrors, Pn as DeliverySummary, Po as UpdateFilterResponses, Pr as GetSendPermissionsData, Pt as CreateEndpointInput, Q as replayEmailWebhooks, Qa as TestEndpointData, Qi as ReplayDeliveryResponse, Qn as DownloadRawEmailResponses, Qo as Options$1, Qr as GetWebhookSecretResponse, Qt as CreateFunctionSecretErrors, R as getSendPermissions, Ra as SetFunctionSecretData, Ri as ListSentEmailsError, Rn as DiscardEmailContentErrors, Ro as UpdateFunctionInput, Rr as GetSendPermissionsResponses, Rt as CreateFilterError, S as createEndpoint, Sa as SendEmailData, Si as ListFiltersData, Sn as DeleteFilterResponses, So as UpdateDomainResponses, Sr as GetAccountResponse, St as CliLoginStartResult, T as createFunctionSecret, Ta as SendEmailResponse, Ti as ListFiltersResponse, Tn as DeleteFunctionErrors, To as UpdateEndpointErrors, Tr as GetEmailError, Tt as CliLogoutErrors, U as listDomains, Ua as SetFunctionSecretResponses, Ui as PollCliLoginData, Un as DownloadAttachmentsData, Uo as VerifyDomainError, Ur as GetSentEmailResponses, Ut as CreateFunctionData, V as getWebhookSecret, Va as SetFunctionSecretInput, Vi as ListSentEmailsResponses, Vn as Domain, Vo as VerifiedDomain, Vr as GetSentEmailErrors, Vt as CreateFilterResponse, W as listEmails, Wa as StartCliLoginData, Wi as PollCliLoginError, Wn as DownloadAttachmentsError, Wo as VerifyDomainErrors, Wr as GetStorageStatsData, Wt as CreateFunctionError, X as pollCliLogin, Xa as StorageStats, Xi as ReplayDeliveryError, Xn as DownloadRawEmailErrors, Xo as Config, Xr as GetWebhookSecretError, Xt as CreateFunctionSecretData, Y as listSentEmails, Ya as StartCliLoginResponses, Yi as ReplayDeliveryData, Yn as DownloadRawEmailError, Yo as ClientOptions$1, Yr as GetWebhookSecretData, Yt as CreateFunctionResult, Z as replayDelivery, Za as SuccessEnvelope, Zi as ReplayDeliveryErrors, Zn as DownloadRawEmailResponse, Zo as CreateClientConfig, Zr as GetWebhookSecretErrors, Zt as CreateFunctionSecretError, _ as createPrimitiveClient, _a as SearchEmailsData, _i as ListEndpointsError, _n as DeleteEndpointResponses, _o as UpdateDomainData, _r as GateDenial, _t as AddDomainErrors, a as PrimitiveApiClientOptions, aa as ReplayResult, ai as ListDeliveriesResponses, an as DeleteDomainErrors, ao as TestFunctionErrors, ar as EmailSearchResult, at as testEndpoint, b as addDomain, ba as SearchEmailsResponse, bi as ListEndpointsResponses, bn as DeleteFilterErrors, bo as UpdateDomainInput, br as GetAccountError, bt as AddDomainResponses, c as PrimitiveClient, ca as ReplyToEmailErrors, ci as ListDomainsErrors, cn as DeleteEmailData, co as TestInvocationResult, cr as EmailWebhookStatus, ct as updateDomain, d as RequestOptions$1, da as ResourceId, di as ListEmailsData, dn as DeleteEmailResponse, do as UpdateAccountData, dr as Filter, dt as updateFunction, ea as ReplayEmailWebhooksData, ei as Limit, en as CreateFunctionSecretResponse, eo as TestEndpointErrors, er as EmailDetailReply, es as RequestResult, et as rotateWebhookSecret, f as SendInput, fa as RotateWebhookSecretData, fi as ListEmailsError, fn as DeleteEmailResponses, fo as UpdateAccountError, fr as FunctionDeployStatus, ft as verifyDomain, g as createPrimitiveApiClient, ga as RotateWebhookSecretResponses, gi as ListEndpointsData, gn as DeleteEndpointResponse, go as UpdateAccountResponses, gr as FunctionSecretWriteResult, gt as AddDomainError, h as client, ha as RotateWebhookSecretResponse, hi as ListEmailsResponses, hn as DeleteEndpointErrors, ho as UpdateAccountResponse, hr as FunctionSecretListItem, ht as AddDomainData, i as PrimitiveApiClient, ia as ReplayEmailWebhooksResponses, ii as ListDeliveriesResponse, in as DeleteDomainError, io as TestFunctionError, ir as EmailSearchMeta, it as startCliLogin, j as deleteFunctionSecret, ja as SendPermissionManagedZone, ji as ListFunctionSecretsResponses, jn as DeleteFunctionSecretResponse, jo as UpdateFilterErrors, jr as GetFunctionErrors, jt as CreateEndpointData, k as deleteFilter, ka as SendPermissionAddress, ki as ListFunctionSecretsErrors, kn as DeleteFunctionSecretError, ko as UpdateFilterData, kr as GetFunctionData, kt as CliLogoutResult, l as PrimitiveClientOptions, la as ReplyToEmailResponse, li as ListDomainsResponse, ln as DeleteEmailError, lo as TestResult, lr as Endpoint, lt as updateEndpoint, m as SendThreadInput, ma as RotateWebhookSecretErrors, mi as ListEmailsResponse, mn as DeleteEndpointError, mo as UpdateAccountInput, mr as FunctionListItem, mt as AccountUpdated, n as DEFAULT_API_BASE_URL_2, na as ReplayEmailWebhooksErrors, ni as ListDeliveriesError, nn as Cursor, no as TestEndpointResponses, nr as EmailSearchFacets, ns as Auth, nt as sendEmail, o as PrimitiveApiError, oa as ReplyToEmailData, oi as ListDomainsData, on as DeleteDomainResponse, oo as TestFunctionResponse, or as EmailStatus, ot as testFunction, p as SendResult, pa as RotateWebhookSecretError, pi as ListEmailsErrors, pn as DeleteEndpointData, po as UpdateAccountErrors, pr as FunctionDetail, pt as Account, q as listFunctionSecrets, qa as StartCliLoginInput, qi as PollCliLoginResponse, qn as DownloadAttachmentsResponses, qo as WebhookSecret, qr as GetStorageStatsResponse, qt as CreateFunctionResponse, r as ForwardInput, ra as ReplayEmailWebhooksResponse, ri as ListDeliveriesErrors, rn as DeleteDomainData, ro as TestFunctionData, rr as EmailSearchHighlights, rt as setFunctionSecret, s as PrimitiveApiErrorDetails, sa as ReplyToEmailError, si as ListDomainsError, sn as DeleteDomainResponses, so as TestFunctionResponses, sr as EmailSummary, st as updateAccount, t as DEFAULT_API_BASE_URL_1, ta as ReplayEmailWebhooksError, ti as ListDeliveriesData, tn as CreateFunctionSecretResponses, to as TestEndpointResponse, tr as EmailSearchFacetBucket, ts as ResponseStyle, tt as searchEmails, u as ReplyInput, ua as ReplyToEmailResponses, ui as ListDomainsResponses, un as DeleteEmailErrors, uo as UnverifiedDomain, ur as ErrorResponse, ut as updateFilter, v as operations, va as SearchEmailsError, vi as ListEndpointsErrors, vn as DeleteFilterData, vo as UpdateDomainError, vr as GateFix, vt as AddDomainInput, w as createFunction, wa as SendEmailErrors, wi as ListFiltersErrors, wn as DeleteFunctionError, wo as UpdateEndpointError, wr as GetEmailData, wt as CliLogoutError, x as cliLogout, xa as SearchEmailsResponses, xi as ListEnvelope, xn as DeleteFilterResponse, xo as UpdateDomainResponse, xr as GetAccountErrors, xt as CliLoginPollResult, y as Options, ya as SearchEmailsErrors, yi as ListEndpointsResponse, yn as DeleteFilterError, yo as UpdateDomainErrors, yr as GetAccountData, yt as AddDomainResponse, z as getSentEmail, za as SetFunctionSecretError, zi as ListSentEmailsErrors, zn as DiscardEmailContentResponse, zo as UpdateFunctionResponse, zr as GetSentEmailData, zt as CreateFilterErrors } from "../index-QTYQpSFt.js";
-export { Account, AccountUpdated, AddDomainData, AddDomainError, AddDomainErrors, AddDomainInput, AddDomainResponse, AddDomainResponses, Auth, CliLoginPollResult, CliLoginStartResult, CliLogoutData, CliLogoutError, CliLogoutErrors, CliLogoutInput, CliLogoutResponse, CliLogoutResponses, CliLogoutResult, ClientOptions, CreateClientConfig, CreateEndpointData, CreateEndpointError, CreateEndpointErrors, CreateEndpointInput, CreateEndpointResponse, CreateEndpointResponses, CreateFilterData, CreateFilterError, CreateFilterErrors, CreateFilterInput, CreateFilterResponse, CreateFilterResponses, CreateFunctionData, CreateFunctionError, CreateFunctionErrors, CreateFunctionInput, CreateFunctionResponse, CreateFunctionResponses, CreateFunctionResult, CreateFunctionSecretData, CreateFunctionSecretError, CreateFunctionSecretErrors, CreateFunctionSecretInput, CreateFunctionSecretResponse, CreateFunctionSecretResponses, Cursor, DEFAULT_API_BASE_URL_1, DEFAULT_API_BASE_URL_2, DeleteDomainData, DeleteDomainError, DeleteDomainErrors, DeleteDomainResponse, DeleteDomainResponses, DeleteEmailData, DeleteEmailError, DeleteEmailErrors, DeleteEmailResponse, DeleteEmailResponses, DeleteEndpointData, DeleteEndpointError, DeleteEndpointErrors, DeleteEndpointResponse, DeleteEndpointResponses, DeleteFilterData, DeleteFilterError, DeleteFilterErrors, DeleteFilterResponse, DeleteFilterResponses, DeleteFunctionData, DeleteFunctionError, DeleteFunctionErrors, DeleteFunctionResponse, DeleteFunctionResponses, DeleteFunctionSecretData, DeleteFunctionSecretError, DeleteFunctionSecretErrors, DeleteFunctionSecretResponse, DeleteFunctionSecretResponses, DeliveryStatus, DeliverySummary, DiscardContentResult, DiscardEmailContentData, DiscardEmailContentError, DiscardEmailContentErrors, DiscardEmailContentResponse, DiscardEmailContentResponses, Domain, DomainVerifyResult, DownloadAttachmentsData, DownloadAttachmentsError, DownloadAttachmentsErrors, DownloadAttachmentsResponse, DownloadAttachmentsResponses, DownloadRawEmailData, DownloadRawEmailError, DownloadRawEmailErrors, DownloadRawEmailResponse, DownloadRawEmailResponses, EmailDetail, EmailDetailReply, EmailSearchFacetBucket, EmailSearchFacets, EmailSearchHighlights, EmailSearchMeta, EmailSearchResult, EmailStatus, EmailSummary, EmailWebhookStatus, Endpoint, ErrorResponse, Filter, ForwardInput, FunctionDeployStatus, FunctionDetail, FunctionListItem, FunctionSecretListItem, FunctionSecretWriteResult, GateDenial, GateFix, GetAccountData, GetAccountError, GetAccountErrors, GetAccountResponse, GetAccountResponses, GetEmailData, GetEmailError, GetEmailErrors, GetEmailResponse, GetEmailResponses, GetFunctionData, GetFunctionError, GetFunctionErrors, GetFunctionResponse, GetFunctionResponses, GetSendPermissionsData, GetSendPermissionsError, GetSendPermissionsErrors, GetSendPermissionsResponse, GetSendPermissionsResponses, GetSentEmailData, GetSentEmailError, GetSentEmailErrors, GetSentEmailResponse, GetSentEmailResponses, GetStorageStatsData, GetStorageStatsError, GetStorageStatsErrors, GetStorageStatsResponse, GetStorageStatsResponses, GetWebhookSecretData, GetWebhookSecretError, GetWebhookSecretErrors, GetWebhookSecretResponse, GetWebhookSecretResponses, Limit, ListDeliveriesData, ListDeliveriesError, ListDeliveriesErrors, ListDeliveriesResponse, ListDeliveriesResponses, ListDomainsData, ListDomainsError, ListDomainsErrors, ListDomainsResponse, ListDomainsResponses, ListEmailsData, ListEmailsError, ListEmailsErrors, ListEmailsResponse, ListEmailsResponses, ListEndpointsData, ListEndpointsError, ListEndpointsErrors, ListEndpointsResponse, ListEndpointsResponses, ListEnvelope, ListFiltersData, ListFiltersError, ListFiltersErrors, ListFiltersResponse, ListFiltersResponses, ListFunctionSecretsData, ListFunctionSecretsError, ListFunctionSecretsErrors, ListFunctionSecretsResponse, ListFunctionSecretsResponses, ListFunctionsData, ListFunctionsError, ListFunctionsErrors, ListFunctionsResponse, ListFunctionsResponses, ListSentEmailsData, ListSentEmailsError, ListSentEmailsErrors, ListSentEmailsResponse, ListSentEmailsResponses, Options, PaginationMeta, PollCliLoginData, PollCliLoginError, PollCliLoginErrors, PollCliLoginInput, PollCliLoginResponse, PollCliLoginResponses, PrimitiveApiClient, PrimitiveApiClientOptions, PrimitiveApiError, PrimitiveApiErrorDetails, PrimitiveClient, PrimitiveClientOptions, Client as PrimitiveGeneratedApiClient, ClientOptions$1 as PrimitiveGeneratedApiClientOptions, Config as PrimitiveGeneratedApiConfig, Options$1 as PrimitiveGeneratedApiOptions, RequestOptions as PrimitiveGeneratedApiRequestOptions, RequestResult as PrimitiveGeneratedApiRequestResult, ReplayDeliveryData, ReplayDeliveryError, ReplayDeliveryErrors, ReplayDeliveryResponse, ReplayDeliveryResponses, ReplayEmailWebhooksData, ReplayEmailWebhooksError, ReplayEmailWebhooksErrors, ReplayEmailWebhooksResponse, ReplayEmailWebhooksResponses, ReplayResult, ReplyInput, ReplyToEmailData, ReplyToEmailError, ReplyToEmailErrors, ReplyToEmailResponse, ReplyToEmailResponses, RequestOptions$1 as RequestOptions, ResourceId, ResponseStyle, RotateWebhookSecretData, RotateWebhookSecretError, RotateWebhookSecretErrors, RotateWebhookSecretResponse, RotateWebhookSecretResponses, SearchEmailsData, SearchEmailsError, SearchEmailsErrors, SearchEmailsResponse, SearchEmailsResponses, SendEmailData, SendEmailError, SendEmailErrors, SendEmailResponse, SendEmailResponses, SendInput, SendMailInput, SendMailResult, SendPermissionAddress, SendPermissionAnyRecipient, SendPermissionManagedZone, SendPermissionRule, SendPermissionYourDomain, SendPermissionsMeta, SendResult, SendThreadInput, SentEmailDetail, SentEmailStatus, SentEmailSummary, SetFunctionSecretData, SetFunctionSecretError, SetFunctionSecretErrors, SetFunctionSecretInput, SetFunctionSecretResponse, SetFunctionSecretResponses, StartCliLoginData, StartCliLoginError, StartCliLoginErrors, StartCliLoginInput, StartCliLoginResponse, StartCliLoginResponses, StorageStats, SuccessEnvelope, TestEndpointData, TestEndpointError, TestEndpointErrors, TestEndpointResponse, TestEndpointResponses, TestFunctionData, TestFunctionError, TestFunctionErrors, TestFunctionResponse, TestFunctionResponses, TestInvocationResult, TestResult, UnverifiedDomain, UpdateAccountData, UpdateAccountError, UpdateAccountErrors, UpdateAccountInput, UpdateAccountResponse, UpdateAccountResponses, UpdateDomainData, UpdateDomainError, UpdateDomainErrors, UpdateDomainInput, UpdateDomainResponse, UpdateDomainResponses, UpdateEndpointData, UpdateEndpointError, UpdateEndpointErrors, UpdateEndpointInput, UpdateEndpointResponse, UpdateEndpointResponses, UpdateFilterData, UpdateFilterError, UpdateFilterErrors, UpdateFilterInput, UpdateFilterResponse, UpdateFilterResponses, UpdateFunctionData, UpdateFunctionError, UpdateFunctionErrors, UpdateFunctionInput, UpdateFunctionResponse, UpdateFunctionResponses, VerifiedDomain, VerifyDomainData, VerifyDomainError, VerifyDomainErrors, VerifyDomainResponse, VerifyDomainResponses, WebhookSecret, addDomain, cliLogout, client, createEndpoint, createFilter, createFunction, createFunctionSecret, createPrimitiveApiClient, createPrimitiveClient, deleteDomain, deleteEmail, deleteEndpoint, deleteFilter, deleteFunction, deleteFunctionSecret, discardEmailContent, downloadAttachments, downloadRawEmail, getAccount, getEmail, getFunction, getSendPermissions, getSentEmail, getStorageStats, getWebhookSecret, listDeliveries, listDomains, listEmails, listEndpoints, listFilters, listFunctionSecrets, listFunctions, listSentEmails, operations, pollCliLogin, replayDelivery, replayEmailWebhooks, replyToEmail, rotateWebhookSecret, searchEmails, sendEmail, setFunctionSecret, startCliLogin, testEndpoint, testFunction, updateAccount, updateDomain, updateEndpoint, updateFilter, updateFunction, verifyDomain };
+import { f as WebhookVerificationError, p as WebhookVerificationErrorCode } from "../errors-C53fe686.js";
+import { $ as pollCliLogin, $a as StorageStats, $i as ReplayDeliveryError, $n as DownloadRawEmailErrors, $o as Config, $r as GetWebhookSecretError, $t as CreateFunctionSecretData, A as deleteEmail, Aa as SendMailInput, Ai as ListFunctionSecretsData, An as DeleteFunctionResponses, Ao as UpdateEndpointResponse, Ar as GetEmailResponse, At as CliLogoutResponse, B as getFunction, Ba as SentEmailSummary, Bi as ListSentEmailsData, Bn as DiscardEmailContentError, Bo as UpdateFunctionErrors, Br as GetSendPermissionsResponse, Bt as CreateFilterData, C as addDomain, Ca as SearchEmailsResponse, Ci as ListEndpointsResponses, Cn as DeleteFilterErrors, Co as UpdateDomainInput, Cr as GetAccountError, Ct as AddDomainResponses, D as createFunction, Da as SendEmailErrors, Di as ListFiltersErrors, Dn as DeleteFunctionError, Do as UpdateEndpointError, Dr as GetEmailData, Dt as CliLogoutError, E as createFilter, Ea as SendEmailError, Ei as ListFiltersError, En as DeleteFunctionData, Eo as UpdateEndpointData, Er as GetAccountResponses, Et as CliLogoutData, F as discardEmailContent, Fa as SendPermissionRule, Fi as ListFunctionsData, Fn as DeleteFunctionSecretResponses, Fo as UpdateFilterInput, Fr as GetFunctionResponse, Ft as CreateEndpointError, G as listDeliveries, Ga as SetFunctionSecretResponse, Gi as PaginationMeta, Gn as DomainVerifyResult, Go as VerifyDomainData, Gr as GetSentEmailResponse, Gt as CreateFilterResponses, H as getSentEmail, Ha as SetFunctionSecretError, Hi as ListSentEmailsErrors, Hn as DiscardEmailContentResponse, Ho as UpdateFunctionResponse, Hr as GetSentEmailData, Ht as CreateFilterErrors, I as downloadAttachments, Ia as SendPermissionYourDomain, Ii as ListFunctionsError, In as DeliveryStatus, Io as UpdateFilterResponse, Ir as GetFunctionResponses, It as CreateEndpointErrors, J as listEndpoints, Ja as StartCliLoginError, Ji as PollCliLoginErrors, Jn as DownloadAttachmentsErrors, Jo as VerifyDomainResponse, Jr as GetStorageStatsError, Jt as CreateFunctionErrors, K as listDomains, Ka as SetFunctionSecretResponses, Ki as PollCliLoginData, Kn as DownloadAttachmentsData, Ko as VerifyDomainError, Kr as GetSentEmailResponses, Kt as CreateFunctionData, L as downloadRawEmail, La as SendPermissionsMeta, Li as ListFunctionsErrors, Ln as DeliverySummary, Lo as UpdateFilterResponses, Lr as GetSendPermissionsData, Lt as CreateEndpointInput, M as deleteFilter, Ma as SendPermissionAddress, Mi as ListFunctionSecretsErrors, Mn as DeleteFunctionSecretError, Mo as UpdateFilterData, Mr as GetFunctionData, Mt as CliLogoutResult, N as deleteFunction, Na as SendPermissionAnyRecipient, Ni as ListFunctionSecretsResponse, Nn as DeleteFunctionSecretErrors, No as UpdateFilterError, Nr as GetFunctionError, Nt as ClientOptions, O as createFunctionSecret, Oa as SendEmailResponse, Oi as ListFiltersResponse, On as DeleteFunctionErrors, Oo as UpdateEndpointErrors, Or as GetEmailError, Ot as CliLogoutErrors, P as deleteFunctionSecret, Pa as SendPermissionManagedZone, Pi as ListFunctionSecretsResponses, Pn as DeleteFunctionSecretResponse, Po as UpdateFilterErrors, Pr as GetFunctionErrors, Pt as CreateEndpointData, Q as listSentEmails, Qa as StartCliLoginResponses, Qi as ReplayDeliveryData, Qn as DownloadRawEmailError, Qo as ClientOptions$1, Qr as GetWebhookSecretData, Qt as CreateFunctionResult, R as getAccount, Ra as SentEmailDetail, Ri as ListFunctionsResponse, Rn as DiscardContentResult, Ro as UpdateFunctionData, Rr as GetSendPermissionsError, Rt as CreateEndpointResponse, S as Options, Sa as SearchEmailsErrors, Si as ListEndpointsResponse, Sn as DeleteFilterError, So as UpdateDomainErrors, Sr as GetAccountData, St as AddDomainResponse, T as createEndpoint, Ta as SendEmailData, Ti as ListFiltersData, Tn as DeleteFilterResponses, To as UpdateDomainResponses, Tr as GetAccountResponse, Tt as CliLoginStartResult, U as getStorageStats, Ua as SetFunctionSecretErrors, Ui as ListSentEmailsResponse, Un as DiscardEmailContentResponses, Uo as UpdateFunctionResponses, Ur as GetSentEmailError, Ut as CreateFilterInput, V as getSendPermissions, Va as SetFunctionSecretData, Vi as ListSentEmailsError, Vn as DiscardEmailContentErrors, Vo as UpdateFunctionInput, Vr as GetSendPermissionsResponses, Vt as CreateFilterError, W as getWebhookSecret, Wa as SetFunctionSecretInput, Wi as ListSentEmailsResponses, Wn as Domain, Wo as VerifiedDomain, Wr as GetSentEmailErrors, Wt as CreateFilterResponse, X as listFunctionSecrets, Xa as StartCliLoginInput, Xi as PollCliLoginResponse, Xn as DownloadAttachmentsResponses, Xo as WebhookSecret, Xr as GetStorageStatsResponse, Xt as CreateFunctionResponse, Y as listFilters, Ya as StartCliLoginErrors, Yi as PollCliLoginInput, Yn as DownloadAttachmentsResponse, Yo as VerifyDomainResponses, Yr as GetStorageStatsErrors, Yt as CreateFunctionInput, Z as listFunctions, Za as StartCliLoginResponse, Zi as PollCliLoginResponses, Zn as DownloadRawEmailData, Zo as Client, Zr as GetStorageStatsResponses, Zt as CreateFunctionResponses, _ as createPrimitiveClient, _a as RotateWebhookSecretErrors, _i as ListEmailsResponse, _n as DeleteEndpointError, _o as UpdateAccountInput, _r as FunctionListItem, _t as AccountUpdated, a as PrimitiveApiClientOptions, aa as ReplayEmailWebhooksErrors, ai as ListDeliveriesError, an as Cursor, ao as TestEndpointResponses, ar as EmailSearchFacets, as as Auth, at as sendEmail, b as VerifyOptions, ba as SearchEmailsData, bi as ListEndpointsError, bn as DeleteEndpointResponses, bo as UpdateDomainData, br as GateDenial, bt as AddDomainErrors, c as PrimitiveClient, ca as ReplayResult, ci as ListDeliveriesResponses, cn as DeleteDomainErrors, co as TestFunctionErrors, cr as EmailSearchResult, ct as testEndpoint, d as RequestOptions$1, da as ReplyToEmailErrors, di as ListDomainsErrors, dn as DeleteEmailData, do as TestInvocationResult, dr as EmailWebhookStatus, dt as updateDomain, ea as ReplayDeliveryErrors, ei as GetWebhookSecretErrors, en as CreateFunctionSecretError, eo as SuccessEnvelope, er as DownloadRawEmailResponse, es as CreateClientConfig, et as replayDelivery, f as SendInput, fa as ReplyToEmailResponse, fi as ListDomainsResponse, fn as DeleteEmailError, fo as TestResult, fr as Endpoint, ft as updateEndpoint, g as createPrimitiveApiClient, ga as RotateWebhookSecretError, gi as ListEmailsErrors, gn as DeleteEndpointData, go as UpdateAccountErrors, gr as FunctionDetail, gt as Account, h as client, ha as RotateWebhookSecretData, hi as ListEmailsError, hn as DeleteEmailResponses, ho as UpdateAccountError, hr as FunctionDeployStatus, ht as verifyDomain, i as PrimitiveApiClient, ia as ReplayEmailWebhooksError, ii as ListDeliveriesData, in as CreateFunctionSecretResponses, io as TestEndpointResponse, ir as EmailSearchFacetBucket, is as ResponseStyle, it as searchEmails, j as deleteEndpoint, ja as SendMailResult, ji as ListFunctionSecretsError, jn as DeleteFunctionSecretData, jo as UpdateEndpointResponses, jr as GetEmailResponses, jt as CliLogoutResponses, k as deleteDomain, ka as SendEmailResponses, ki as ListFiltersResponses, kn as DeleteFunctionResponse, ko as UpdateEndpointInput, kr as GetEmailErrors, kt as CliLogoutInput, l as PrimitiveClientOptions, la as ReplyToEmailData, li as ListDomainsData, ln as DeleteDomainResponse, lo as TestFunctionResponse, lr as EmailStatus, lt as testFunction, m as SendThreadInput, ma as ResourceId, mi as ListEmailsData, mn as DeleteEmailResponse, mo as UpdateAccountData, mr as Filter, mt as updateFunction, n as DEFAULT_API_BASE_URL_2, na as ReplayDeliveryResponses, ni as GetWebhookSecretResponses, nn as CreateFunctionSecretInput, no as TestEndpointError, nr as EmailDetail, ns as RequestOptions, nt as replyToEmail, o as PrimitiveApiError, oa as ReplayEmailWebhooksResponse, oi as ListDeliveriesErrors, on as DeleteDomainData, oo as TestFunctionData, or as EmailSearchHighlights, ot as setFunctionSecret, p as SendResult, pa as ReplyToEmailResponses, pi as ListDomainsResponses, pn as DeleteEmailErrors, po as UnverifiedDomain, pr as ErrorResponse, pt as updateFilter, q as listEmails, qa as StartCliLoginData, qi as PollCliLoginError, qn as DownloadAttachmentsError, qo as VerifyDomainErrors, qr as GetStorageStatsData, qt as CreateFunctionError, r as ForwardInput, ra as ReplayEmailWebhooksData, ri as Limit, rn as CreateFunctionSecretResponse, ro as TestEndpointErrors, rr as EmailDetailReply, rs as RequestResult, rt as rotateWebhookSecret, s as PrimitiveApiErrorDetails, sa as ReplayEmailWebhooksResponses, si as ListDeliveriesResponse, sn as DeleteDomainError, so as TestFunctionError, sr as EmailSearchMeta, st as startCliLogin, t as DEFAULT_API_BASE_URL_1, ta as ReplayDeliveryResponse, ti as GetWebhookSecretResponse, tn as CreateFunctionSecretErrors, to as TestEndpointData, tr as DownloadRawEmailResponses, ts as Options$1, tt as replayEmailWebhooks, u as ReplyInput, ua as ReplyToEmailError, ui as ListDomainsError, un as DeleteDomainResponses, uo as TestFunctionResponses, ur as EmailSummary, ut as updateAccount, v as operations, va as RotateWebhookSecretResponse, vi as ListEmailsResponses, vn as DeleteEndpointErrors, vo as UpdateAccountResponse, vr as FunctionSecretListItem, vt as AddDomainData, w as cliLogout, wa as SearchEmailsResponses, wi as ListEnvelope, wn as DeleteFilterResponse, wo as UpdateDomainResponse, wr as GetAccountErrors, wt as CliLoginPollResult, x as verifyWebhookSignature, xa as SearchEmailsError, xi as ListEndpointsErrors, xn as DeleteFilterData, xo as UpdateDomainError, xr as GateFix, xt as AddDomainInput, y as PRIMITIVE_SIGNATURE_HEADER, ya as RotateWebhookSecretResponses, yi as ListEndpointsData, yn as DeleteEndpointResponse, yo as UpdateAccountResponses, yr as FunctionSecretWriteResult, yt as AddDomainError, z as getEmail, za as SentEmailStatus, zi as ListFunctionsResponses, zn as DiscardEmailContentData, zo as UpdateFunctionError, zr as GetSendPermissionsErrors, zt as CreateEndpointResponses } from "../index-DdITDPea.js";
+export { Account, AccountUpdated, AddDomainData, AddDomainError, AddDomainErrors, AddDomainInput, AddDomainResponse, AddDomainResponses, Auth, CliLoginPollResult, CliLoginStartResult, CliLogoutData, CliLogoutError, CliLogoutErrors, CliLogoutInput, CliLogoutResponse, CliLogoutResponses, CliLogoutResult, ClientOptions, CreateClientConfig, CreateEndpointData, CreateEndpointError, CreateEndpointErrors, CreateEndpointInput, CreateEndpointResponse, CreateEndpointResponses, CreateFilterData, CreateFilterError, CreateFilterErrors, CreateFilterInput, CreateFilterResponse, CreateFilterResponses, CreateFunctionData, CreateFunctionError, CreateFunctionErrors, CreateFunctionInput, CreateFunctionResponse, CreateFunctionResponses, CreateFunctionResult, CreateFunctionSecretData, CreateFunctionSecretError, CreateFunctionSecretErrors, CreateFunctionSecretInput, CreateFunctionSecretResponse, CreateFunctionSecretResponses, Cursor, DEFAULT_API_BASE_URL_1, DEFAULT_API_BASE_URL_2, DeleteDomainData, DeleteDomainError, DeleteDomainErrors, DeleteDomainResponse, DeleteDomainResponses, DeleteEmailData, DeleteEmailError, DeleteEmailErrors, DeleteEmailResponse, DeleteEmailResponses, DeleteEndpointData, DeleteEndpointError, DeleteEndpointErrors, DeleteEndpointResponse, DeleteEndpointResponses, DeleteFilterData, DeleteFilterError, DeleteFilterErrors, DeleteFilterResponse, DeleteFilterResponses, DeleteFunctionData, DeleteFunctionError, DeleteFunctionErrors, DeleteFunctionResponse, DeleteFunctionResponses, DeleteFunctionSecretData, DeleteFunctionSecretError, DeleteFunctionSecretErrors, DeleteFunctionSecretResponse, DeleteFunctionSecretResponses, DeliveryStatus, DeliverySummary, DiscardContentResult, DiscardEmailContentData, DiscardEmailContentError, DiscardEmailContentErrors, DiscardEmailContentResponse, DiscardEmailContentResponses, Domain, DomainVerifyResult, DownloadAttachmentsData, DownloadAttachmentsError, DownloadAttachmentsErrors, DownloadAttachmentsResponse, DownloadAttachmentsResponses, DownloadRawEmailData, DownloadRawEmailError, DownloadRawEmailErrors, DownloadRawEmailResponse, DownloadRawEmailResponses, EmailDetail, EmailDetailReply, EmailSearchFacetBucket, EmailSearchFacets, EmailSearchHighlights, EmailSearchMeta, EmailSearchResult, EmailStatus, EmailSummary, EmailWebhookStatus, Endpoint, ErrorResponse, Filter, ForwardInput, FunctionDeployStatus, FunctionDetail, FunctionListItem, FunctionSecretListItem, FunctionSecretWriteResult, GateDenial, GateFix, GetAccountData, GetAccountError, GetAccountErrors, GetAccountResponse, GetAccountResponses, GetEmailData, GetEmailError, GetEmailErrors, GetEmailResponse, GetEmailResponses, GetFunctionData, GetFunctionError, GetFunctionErrors, GetFunctionResponse, GetFunctionResponses, GetSendPermissionsData, GetSendPermissionsError, GetSendPermissionsErrors, GetSendPermissionsResponse, GetSendPermissionsResponses, GetSentEmailData, GetSentEmailError, GetSentEmailErrors, GetSentEmailResponse, GetSentEmailResponses, GetStorageStatsData, GetStorageStatsError, GetStorageStatsErrors, GetStorageStatsResponse, GetStorageStatsResponses, GetWebhookSecretData, GetWebhookSecretError, GetWebhookSecretErrors, GetWebhookSecretResponse, GetWebhookSecretResponses, Limit, ListDeliveriesData, ListDeliveriesError, ListDeliveriesErrors, ListDeliveriesResponse, ListDeliveriesResponses, ListDomainsData, ListDomainsError, ListDomainsErrors, ListDomainsResponse, ListDomainsResponses, ListEmailsData, ListEmailsError, ListEmailsErrors, ListEmailsResponse, ListEmailsResponses, ListEndpointsData, ListEndpointsError, ListEndpointsErrors, ListEndpointsResponse, ListEndpointsResponses, ListEnvelope, ListFiltersData, ListFiltersError, ListFiltersErrors, ListFiltersResponse, ListFiltersResponses, ListFunctionSecretsData, ListFunctionSecretsError, ListFunctionSecretsErrors, ListFunctionSecretsResponse, ListFunctionSecretsResponses, ListFunctionsData, ListFunctionsError, ListFunctionsErrors, ListFunctionsResponse, ListFunctionsResponses, ListSentEmailsData, ListSentEmailsError, ListSentEmailsErrors, ListSentEmailsResponse, ListSentEmailsResponses, Options, PRIMITIVE_SIGNATURE_HEADER, PaginationMeta, PollCliLoginData, PollCliLoginError, PollCliLoginErrors, PollCliLoginInput, PollCliLoginResponse, PollCliLoginResponses, PrimitiveApiClient, PrimitiveApiClientOptions, PrimitiveApiError, PrimitiveApiErrorDetails, PrimitiveClient, PrimitiveClientOptions, Client as PrimitiveGeneratedApiClient, ClientOptions$1 as PrimitiveGeneratedApiClientOptions, Config as PrimitiveGeneratedApiConfig, Options$1 as PrimitiveGeneratedApiOptions, RequestOptions as PrimitiveGeneratedApiRequestOptions, RequestResult as PrimitiveGeneratedApiRequestResult, ReplayDeliveryData, ReplayDeliveryError, ReplayDeliveryErrors, ReplayDeliveryResponse, ReplayDeliveryResponses, ReplayEmailWebhooksData, ReplayEmailWebhooksError, ReplayEmailWebhooksErrors, ReplayEmailWebhooksResponse, ReplayEmailWebhooksResponses, ReplayResult, ReplyInput, ReplyToEmailData, ReplyToEmailError, ReplyToEmailErrors, ReplyToEmailResponse, ReplyToEmailResponses, RequestOptions$1 as RequestOptions, ResourceId, ResponseStyle, RotateWebhookSecretData, RotateWebhookSecretError, RotateWebhookSecretErrors, RotateWebhookSecretResponse, RotateWebhookSecretResponses, SearchEmailsData, SearchEmailsError, SearchEmailsErrors, SearchEmailsResponse, SearchEmailsResponses, SendEmailData, SendEmailError, SendEmailErrors, SendEmailResponse, SendEmailResponses, SendInput, SendMailInput, SendMailResult, SendPermissionAddress, SendPermissionAnyRecipient, SendPermissionManagedZone, SendPermissionRule, SendPermissionYourDomain, SendPermissionsMeta, SendResult, SendThreadInput, SentEmailDetail, SentEmailStatus, SentEmailSummary, SetFunctionSecretData, SetFunctionSecretError, SetFunctionSecretErrors, SetFunctionSecretInput, SetFunctionSecretResponse, SetFunctionSecretResponses, StartCliLoginData, StartCliLoginError, StartCliLoginErrors, StartCliLoginInput, StartCliLoginResponse, StartCliLoginResponses, StorageStats, SuccessEnvelope, TestEndpointData, TestEndpointError, TestEndpointErrors, TestEndpointResponse, TestEndpointResponses, TestFunctionData, TestFunctionError, TestFunctionErrors, TestFunctionResponse, TestFunctionResponses, TestInvocationResult, TestResult, UnverifiedDomain, UpdateAccountData, UpdateAccountError, UpdateAccountErrors, UpdateAccountInput, UpdateAccountResponse, UpdateAccountResponses, UpdateDomainData, UpdateDomainError, UpdateDomainErrors, UpdateDomainInput, UpdateDomainResponse, UpdateDomainResponses, UpdateEndpointData, UpdateEndpointError, UpdateEndpointErrors, UpdateEndpointInput, UpdateEndpointResponse, UpdateEndpointResponses, UpdateFilterData, UpdateFilterError, UpdateFilterErrors, UpdateFilterInput, UpdateFilterResponse, UpdateFilterResponses, UpdateFunctionData, UpdateFunctionError, UpdateFunctionErrors, UpdateFunctionInput, UpdateFunctionResponse, UpdateFunctionResponses, VerifiedDomain, VerifyDomainData, VerifyDomainError, VerifyDomainErrors, VerifyDomainResponse, VerifyDomainResponses, VerifyOptions as VerifyWebhookSignatureOptions, WebhookSecret, WebhookVerificationError, WebhookVerificationErrorCode, addDomain, cliLogout, client, createEndpoint, createFilter, createFunction, createFunctionSecret, createPrimitiveApiClient, createPrimitiveClient, deleteDomain, deleteEmail, deleteEndpoint, deleteFilter, deleteFunction, deleteFunctionSecret, discardEmailContent, downloadAttachments, downloadRawEmail, getAccount, getEmail, getFunction, getSendPermissions, getSentEmail, getStorageStats, getWebhookSecret, listDeliveries, listDomains, listEmails, listEndpoints, listFilters, listFunctionSecrets, listFunctions, listSentEmails, operations, pollCliLogin, replayDelivery, replayEmailWebhooks, replyToEmail, rotateWebhookSecret, searchEmails, sendEmail, setFunctionSecret, startCliLogin, testEndpoint, testFunction, updateAccount, updateDomain, updateEndpoint, updateFilter, updateFunction, verifyDomain, verifyWebhookSignature };

package/dist/api/index.js

@@ -398,3 +398,9 @@ export function client(options = {}) {
 }
 export const operations = generatedOperations;
 export * from "./generated/index.js";
+// Web Crypto verifier for in-handler webhook verification. Mirrors
+// the surface of `verifyWebhookSignature` from `@primitivedotdev/sdk`
+// (the Node version) but implements HMAC-SHA256 with `crypto.subtle`
+// so it can be bundled into a Primitive Function without pulling in
+// a `node:crypto` polyfill.
+export { PRIMITIVE_SIGNATURE_HEADER, verifyWebhookSignature, WebhookVerificationError, } from "./verify-signature.js";

package/dist/api/verify-signature.js

@@ -0,0 +1,198 @@
+/**
+ * Workers-safe webhook signature verification.
+ *
+ * Mirrors `verifyWebhookSignature` from `@primitivedotdev/sdk` but
+ * implements the HMAC-SHA256 step with the Web Crypto API
+ * (`crypto.subtle`) instead of `node:crypto`. The Node version is
+ * still the right choice for server-side handlers running on Node
+ * (it's measurably faster and supports Buffer bodies); this one
+ * exists so a Primitive Function handler can bundle the verifier
+ * without dragging in a `node:crypto` polyfill that inflates the
+ * deploy artifact past the size cap.
+ *
+ * Available natively in Workers, Node 22+, browsers, Deno, and Bun.
+ * Zero polyfill weight, zero new runtime dependencies.
+ *
+ * Surface contract matches the Node verifier exactly: same input
+ * shape, same `WebhookVerificationError` class, same set of error
+ * codes. Existing callers can swap the import path with no other
+ * code changes:
+ *
+ *   // Node (existing):
+ *   import { verifyWebhookSignature } from '@primitivedotdev/sdk';
+ *
+ *   // Workers / in-handler (this file):
+ *   import { verifyWebhookSignature } from '@primitivedotdev/sdk/api';
+ */
+import { WebhookVerificationError } from "../webhook/errors.js";
+// Header name carrying the timestamp + signature. Must match the
+// constant of the same name in `../webhook/signing.ts`. Kept in two
+// places intentionally so this file has no dependency on the Node
+// signing module (which would drag `node:crypto` into the bundle).
+export const PRIMITIVE_SIGNATURE_HEADER = "Primitive-Signature";
+// Re-export so consumers can `import { verifyWebhookSignature,
+// WebhookVerificationError } from '@primitivedotdev/sdk/api'`
+// without a second import statement against `/webhook`.
+export { WebhookVerificationError } from "../webhook/errors.js";
+// 5 minute max-age tolerance matches `webhook/signing.ts`.
+const DEFAULT_TOLERANCE_SECONDS = 5 * 60;
+// 60 second future tolerance for clock skew.
+const FUTURE_TOLERANCE_SECONDS = 60;
+// HMAC-SHA256 hex digest is 64 characters. Accept either case to
+// stay byte-for-byte compatible with the Node verifier in
+// `../webhook/signing.ts`, which uses the same pattern with the `/i`
+// flag. Canonical Primitive signers emit lowercase, but tolerating
+// uppercase keeps third-party signers (and tests that hand-build
+// fixtures) from silently failing through to SIGNATURE_MISMATCH.
+const HEX_PATTERN = /^[0-9a-f]+$/i;
+const HEX_LENGTH = 64;
+const UNIX_SECONDS_PATTERN = /^\d{1,10}$/;
+function parseSignatureHeader(signatureHeader) {
+    if (!signatureHeader || typeof signatureHeader !== "string") {
+        return null;
+    }
+    const parts = signatureHeader.split(",");
+    let timestamp = null;
+    const signatures = [];
+    for (const part of parts) {
+        const idx = part.indexOf("=");
+        if (idx === -1)
+            continue;
+        const key = part.slice(0, idx).trim();
+        const value = part.slice(idx + 1).trim();
+        if (!key || !value)
+            continue;
+        if (key === "t") {
+            if (!UNIX_SECONDS_PATTERN.test(value))
+                continue;
+            const parsed = Number(value);
+            if (Number.isSafeInteger(parsed)) {
+                timestamp = parsed;
+            }
+        }
+        else if (key === "v1") {
+            signatures.push(value);
+        }
+    }
+    if (timestamp === null || signatures.length === 0) {
+        return null;
+    }
+    return { timestamp, signatures };
+}
+function isValidHex(str) {
+    return str.length === HEX_LENGTH && HEX_PATTERN.test(str);
+}
+function arrayBufferToHex(buffer) {
+    const bytes = new Uint8Array(buffer);
+    let hex = "";
+    for (let i = 0; i < bytes.length; i++) {
+        // biome-ignore lint/style/noNonNullAssertion: bytes[i] is always defined for valid index
+        hex += bytes[i].toString(16).padStart(2, "0");
+    }
+    return hex;
+}
+/**
+ * Constant-time comparison of two equal-length hex strings. Returns
+ * false if lengths differ (intentionally not a security issue: lengths
+ * are public). Iterates the full length regardless of mismatch so the
+ * timing signal does not reveal the position of the first divergence.
+ */
+function timingSafeEqualHex(a, b) {
+    if (a.length !== b.length)
+        return false;
+    let diff = 0;
+    for (let i = 0; i < a.length; i++) {
+        diff |= a.charCodeAt(i) ^ b.charCodeAt(i);
+    }
+    return diff === 0;
+}
+async function computeHmacHex(secret, payload) {
+    const encoder = new TextEncoder();
+    const keyData = encoder.encode(secret);
+    const key = await crypto.subtle.importKey("raw", keyData, { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
+    const signature = await crypto.subtle.sign("HMAC", key, encoder.encode(payload));
+    return arrayBufferToHex(signature);
+}
+/**
+ * Verify a webhook signature using the Web Crypto API.
+ *
+ * Throws `WebhookVerificationError` on failure with a specific error
+ * code matching the Node verifier's set. Returns `true` on success.
+ *
+ * @example
+ * ```typescript
+ * import {
+ *   verifyWebhookSignature,
+ *   WebhookVerificationError,
+ *   PRIMITIVE_SIGNATURE_HEADER,
+ * } from '@primitivedotdev/sdk/api';
+ *
+ * export default {
+ *   async fetch(request: Request, env: { PRIMITIVE_WEBHOOK_SECRET: string }) {
+ *     const rawBody = await request.text();
+ *     try {
+ *       await verifyWebhookSignature({
+ *         rawBody,
+ *         signatureHeader: request.headers.get(PRIMITIVE_SIGNATURE_HEADER) ?? '',
+ *         secret: env.PRIMITIVE_WEBHOOK_SECRET,
+ *       });
+ *     } catch (err) {
+ *       if (err instanceof WebhookVerificationError) {
+ *         return new Response('invalid signature', { status: 401 });
+ *       }
+ *       throw err;
+ *     }
+ *     // ... process the webhook
+ *   },
+ * };
+ * ```
+ */
+export async function verifyWebhookSignature(opts) {
+    const { rawBody, signatureHeader, secret, toleranceSeconds = DEFAULT_TOLERANCE_SECONDS, nowSeconds, } = opts;
+    // `secret` is typed as `string` here (Node verifier also accepts
+    // Buffer, but Buffer isn't a thing in Workers and we deliberately
+    // don't include it in the Web Crypto API surface). `!secret` already
+    // catches undefined, null, and "" cleanly; no extra type guard
+    // needed.
+    if (!secret) {
+        throw new WebhookVerificationError("MISSING_SECRET", "Webhook secret is required but was empty or not provided");
+    }
+    const parsed = parseSignatureHeader(signatureHeader);
+    if (!parsed) {
+        throw new WebhookVerificationError("INVALID_SIGNATURE_HEADER", "Invalid Primitive-Signature header format. Expected: t={timestamp},v1={signature}");
+    }
+    const { timestamp, signatures } = parsed;
+    const now = nowSeconds ?? Math.floor(Date.now() / 1000);
+    const age = now - timestamp;
+    if (age > toleranceSeconds) {
+        throw new WebhookVerificationError("TIMESTAMP_OUT_OF_RANGE", `Webhook timestamp too old (${age}s). Max age is ${toleranceSeconds}s.`);
+    }
+    if (age < -FUTURE_TOLERANCE_SECONDS) {
+        throw new WebhookVerificationError("TIMESTAMP_OUT_OF_RANGE", "Webhook timestamp is too far in the future. Check server clock sync.");
+    }
+    const signedPayloadString = `${timestamp}.${rawBody}`;
+    const expectedHex = await computeHmacHex(secret, signedPayloadString);
+    // Walk every provided signature so a key-rotation header carrying
+    // [old, new] still verifies once the new key is live. Constant-time
+    // comparison per candidate so a partial-match attacker can't binary
+    // search hex characters by timing.
+    //
+    // Lowercase the candidate before comparing: HEX_PATTERN accepts
+    // either case (to match the Node verifier, which decodes via
+    // `Buffer.from(str, "hex")` and is case-insensitive), but
+    // expectedHex from `arrayBufferToHex` is always lowercase.
+    // Comparing raw `charCodeAt` would treat "AB" and "ab" as
+    // different and silently fail through to SIGNATURE_MISMATCH.
+    let anyMatch = false;
+    for (const candidate of signatures) {
+        if (!isValidHex(candidate))
+            continue;
+        if (timingSafeEqualHex(candidate.toLowerCase(), expectedHex)) {
+            anyMatch = true;
+        }
+    }
+    if (!anyMatch) {
+        throw new WebhookVerificationError("SIGNATURE_MISMATCH", "Webhook signature did not match. The body may have been modified in transit, or the secret may be out of date.");
+    }
+    return true;
+}