@primitivedotdev/sdk 0.25.0 → 0.25.1

package/dist/api/index.d.ts

@@ -1,2 +1,3 @@
-import { $ as replyToEmail, $a as TestEndpointError, $i as ReplayDeliveryResponses, $n as EmailDetail, $o as RequestOptions, $r as GetWebhookSecretResponses, $t as CreateFunctionSecretInput, A as deleteFunction, Aa as SendPermissionAnyRecipient, Ai as ListFunctionSecretsResponse, An as DeleteFunctionSecretErrors, Ao as UpdateFilterError, Ar as GetFunctionError, At as ClientOptions, B as getStorageStats, Ba as SetFunctionSecretErrors, Bi as ListSentEmailsResponse, Bn as DiscardEmailContentResponses, Bo as UpdateFunctionResponses, Br as GetSentEmailError, Bt as CreateFilterInput, C as createFilter, Ca as SendEmailError, Ci as ListFiltersError, Cn as DeleteFunctionData, Co as UpdateEndpointData, Cr as GetAccountResponses, Ct as CliLogoutData, D as deleteEmail, Da as SendMailInput, Di as ListFunctionSecretsData, Dn as DeleteFunctionResponses, Do as UpdateEndpointResponse, Dr as GetEmailResponse, Dt as CliLogoutResponse, E as deleteDomain, Ea as SendEmailResponses, Ei as ListFiltersResponses, En as DeleteFunctionResponse, Eo as UpdateEndpointInput, Er as GetEmailErrors, Et as CliLogoutInput, F as getAccount, Fa as SentEmailDetail, Fi as ListFunctionsResponse, Fn as DiscardContentResult, Fo as UpdateFunctionData, Fr as GetSendPermissionsError, Ft as CreateEndpointResponse, G as listEndpoints, Ga as StartCliLoginError, Gi as PollCliLoginErrors, Gn as DownloadAttachmentsErrors, Go as VerifyDomainResponse, Gr as GetStorageStatsError, Gt as CreateFunctionErrors, H as listDeliveries, Ha as SetFunctionSecretResponse, Hi as PaginationMeta, Hn as DomainVerifyResult, Ho as VerifyDomainData, Hr as GetSentEmailResponse, Ht as CreateFilterResponses, I as getEmail, Ia as SentEmailStatus, Ii as ListFunctionsResponses, In as DiscardEmailContentData, Io as UpdateFunctionError, Ir as GetSendPermissionsErrors, It as CreateEndpointResponses, J as listFunctions, Ja as StartCliLoginResponse, Ji as PollCliLoginResponses, Jn as DownloadRawEmailData, Jo as Client, Jr as GetStorageStatsResponses, Jt as CreateFunctionResponses, K as listFilters, Ka as StartCliLoginErrors, Ki as PollCliLoginInput, Kn as DownloadAttachmentsResponse, Ko as VerifyDomainResponses, Kr as GetStorageStatsErrors, Kt as CreateFunctionInput, L as getFunction, La as SentEmailSummary, Li as ListSentEmailsData, Ln as DiscardEmailContentError, Lo as UpdateFunctionErrors, Lr as GetSendPermissionsResponse, Lt as CreateFilterData, M as discardEmailContent, Ma as SendPermissionRule, Mi as ListFunctionsData, Mn as DeleteFunctionSecretResponses, Mo as UpdateFilterInput, Mr as GetFunctionResponse, Mt as CreateEndpointError, N as downloadAttachments, Na as SendPermissionYourDomain, Ni as ListFunctionsError, Nn as DeliveryStatus, No as UpdateFilterResponse, Nr as GetFunctionResponses, Nt as CreateEndpointErrors, O as deleteEndpoint, Oa as SendMailResult, Oi as ListFunctionSecretsError, On as DeleteFunctionSecretData, Oo as UpdateEndpointResponses, Or as GetEmailResponses, Ot as CliLogoutResponses, P as downloadRawEmail, Pa as SendPermissionsMeta, Pi as ListFunctionsErrors, Pn as DeliverySummary, Po as UpdateFilterResponses, Pr as GetSendPermissionsData, Pt as CreateEndpointInput, Q as replayEmailWebhooks, Qa as TestEndpointData, Qi as ReplayDeliveryResponse, Qn as DownloadRawEmailResponses, Qo as Options$1, Qr as GetWebhookSecretResponse, Qt as CreateFunctionSecretErrors, R as getSendPermissions, Ra as SetFunctionSecretData, Ri as ListSentEmailsError, Rn as DiscardEmailContentErrors, Ro as UpdateFunctionInput, Rr as GetSendPermissionsResponses, Rt as CreateFilterError, S as createEndpoint, Sa as SendEmailData, Si as ListFiltersData, Sn as DeleteFilterResponses, So as UpdateDomainResponses, Sr as GetAccountResponse, St as CliLoginStartResult, T as createFunctionSecret, Ta as SendEmailResponse, Ti as ListFiltersResponse, Tn as DeleteFunctionErrors, To as UpdateEndpointErrors, Tr as GetEmailError, Tt as CliLogoutErrors, U as listDomains, Ua as SetFunctionSecretResponses, Ui as PollCliLoginData, Un as DownloadAttachmentsData, Uo as VerifyDomainError, Ur as GetSentEmailResponses, Ut as CreateFunctionData, V as getWebhookSecret, Va as SetFunctionSecretInput, Vi as ListSentEmailsResponses, Vn as Domain, Vo as VerifiedDomain, Vr as GetSentEmailErrors, Vt as CreateFilterResponse, W as listEmails, Wa as StartCliLoginData, Wi as PollCliLoginError, Wn as DownloadAttachmentsError, Wo as VerifyDomainErrors, Wr as GetStorageStatsData, Wt as CreateFunctionError, X as pollCliLogin, Xa as StorageStats, Xi as ReplayDeliveryError, Xn as DownloadRawEmailErrors, Xo as Config, Xr as GetWebhookSecretError, Xt as CreateFunctionSecretData, Y as listSentEmails, Ya as StartCliLoginResponses, Yi as ReplayDeliveryData, Yn as DownloadRawEmailError, Yo as ClientOptions$1, Yr as GetWebhookSecretData, Yt as CreateFunctionResult, Z as replayDelivery, Za as SuccessEnvelope, Zi as ReplayDeliveryErrors, Zn as DownloadRawEmailResponse, Zo as CreateClientConfig, Zr as GetWebhookSecretErrors, Zt as CreateFunctionSecretError, _ as createPrimitiveClient, _a as SearchEmailsData, _i as ListEndpointsError, _n as DeleteEndpointResponses, _o as UpdateDomainData, _r as GateDenial, _t as AddDomainErrors, a as PrimitiveApiClientOptions, aa as ReplayResult, ai as ListDeliveriesResponses, an as DeleteDomainErrors, ao as TestFunctionErrors, ar as EmailSearchResult, at as testEndpoint, b as addDomain, ba as SearchEmailsResponse, bi as ListEndpointsResponses, bn as DeleteFilterErrors, bo as UpdateDomainInput, br as GetAccountError, bt as AddDomainResponses, c as PrimitiveClient, ca as ReplyToEmailErrors, ci as ListDomainsErrors, cn as DeleteEmailData, co as TestInvocationResult, cr as EmailWebhookStatus, ct as updateDomain, d as RequestOptions$1, da as ResourceId, di as ListEmailsData, dn as DeleteEmailResponse, do as UpdateAccountData, dr as Filter, dt as updateFunction, ea as ReplayEmailWebhooksData, ei as Limit, en as CreateFunctionSecretResponse, eo as TestEndpointErrors, er as EmailDetailReply, es as RequestResult, et as rotateWebhookSecret, f as SendInput, fa as RotateWebhookSecretData, fi as ListEmailsError, fn as DeleteEmailResponses, fo as UpdateAccountError, fr as FunctionDeployStatus, ft as verifyDomain, g as createPrimitiveApiClient, ga as RotateWebhookSecretResponses, gi as ListEndpointsData, gn as DeleteEndpointResponse, go as UpdateAccountResponses, gr as FunctionSecretWriteResult, gt as AddDomainError, h as client, ha as RotateWebhookSecretResponse, hi as ListEmailsResponses, hn as DeleteEndpointErrors, ho as UpdateAccountResponse, hr as FunctionSecretListItem, ht as AddDomainData, i as PrimitiveApiClient, ia as ReplayEmailWebhooksResponses, ii as ListDeliveriesResponse, in as DeleteDomainError, io as TestFunctionError, ir as EmailSearchMeta, it as startCliLogin, j as deleteFunctionSecret, ja as SendPermissionManagedZone, ji as ListFunctionSecretsResponses, jn as DeleteFunctionSecretResponse, jo as UpdateFilterErrors, jr as GetFunctionErrors, jt as CreateEndpointData, k as deleteFilter, ka as SendPermissionAddress, ki as ListFunctionSecretsErrors, kn as DeleteFunctionSecretError, ko as UpdateFilterData, kr as GetFunctionData, kt as CliLogoutResult, l as PrimitiveClientOptions, la as ReplyToEmailResponse, li as ListDomainsResponse, ln as DeleteEmailError, lo as TestResult, lr as Endpoint, lt as updateEndpoint, m as SendThreadInput, ma as RotateWebhookSecretErrors, mi as ListEmailsResponse, mn as DeleteEndpointError, mo as UpdateAccountInput, mr as FunctionListItem, mt as AccountUpdated, n as DEFAULT_API_BASE_URL_2, na as ReplayEmailWebhooksErrors, ni as ListDeliveriesError, nn as Cursor, no as TestEndpointResponses, nr as EmailSearchFacets, ns as Auth, nt as sendEmail, o as PrimitiveApiError, oa as ReplyToEmailData, oi as ListDomainsData, on as DeleteDomainResponse, oo as TestFunctionResponse, or as EmailStatus, ot as testFunction, p as SendResult, pa as RotateWebhookSecretError, pi as ListEmailsErrors, pn as DeleteEndpointData, po as UpdateAccountErrors, pr as FunctionDetail, pt as Account, q as listFunctionSecrets, qa as StartCliLoginInput, qi as PollCliLoginResponse, qn as DownloadAttachmentsResponses, qo as WebhookSecret, qr as GetStorageStatsResponse, qt as CreateFunctionResponse, r as ForwardInput, ra as ReplayEmailWebhooksResponse, ri as ListDeliveriesErrors, rn as DeleteDomainData, ro as TestFunctionData, rr as EmailSearchHighlights, rt as setFunctionSecret, s as PrimitiveApiErrorDetails, sa as ReplyToEmailError, si as ListDomainsError, sn as DeleteDomainResponses, so as TestFunctionResponses, sr as EmailSummary, st as updateAccount, t as DEFAULT_API_BASE_URL_1, ta as ReplayEmailWebhooksError, ti as ListDeliveriesData, tn as CreateFunctionSecretResponses, to as TestEndpointResponse, tr as EmailSearchFacetBucket, ts as ResponseStyle, tt as searchEmails, u as ReplyInput, ua as ReplyToEmailResponses, ui as ListDomainsResponses, un as DeleteEmailErrors, uo as UnverifiedDomain, ur as ErrorResponse, ut as updateFilter, v as operations, va as SearchEmailsError, vi as ListEndpointsErrors, vn as DeleteFilterData, vo as UpdateDomainError, vr as GateFix, vt as AddDomainInput, w as createFunction, wa as SendEmailErrors, wi as ListFiltersErrors, wn as DeleteFunctionError, wo as UpdateEndpointError, wr as GetEmailData, wt as CliLogoutError, x as cliLogout, xa as SearchEmailsResponses, xi as ListEnvelope, xn as DeleteFilterResponse, xo as UpdateDomainResponse, xr as GetAccountErrors, xt as CliLoginPollResult, y as Options, ya as SearchEmailsErrors, yi as ListEndpointsResponse, yn as DeleteFilterError, yo as UpdateDomainErrors, yr as GetAccountData, yt as AddDomainResponse, z as getSentEmail, za as SetFunctionSecretError, zi as ListSentEmailsErrors, zn as DiscardEmailContentResponse, zo as UpdateFunctionResponse, zr as GetSentEmailData, zt as CreateFilterErrors } from "../index-jLAAV6Sq.js";
-export { Account, AccountUpdated, AddDomainData, AddDomainError, AddDomainErrors, AddDomainInput, AddDomainResponse, AddDomainResponses, Auth, CliLoginPollResult, CliLoginStartResult, CliLogoutData, CliLogoutError, CliLogoutErrors, CliLogoutInput, CliLogoutResponse, CliLogoutResponses, CliLogoutResult, ClientOptions, CreateClientConfig, CreateEndpointData, CreateEndpointError, CreateEndpointErrors, CreateEndpointInput, CreateEndpointResponse, CreateEndpointResponses, CreateFilterData, CreateFilterError, CreateFilterErrors, CreateFilterInput, CreateFilterResponse, CreateFilterResponses, CreateFunctionData, CreateFunctionError, CreateFunctionErrors, CreateFunctionInput, CreateFunctionResponse, CreateFunctionResponses, CreateFunctionResult, CreateFunctionSecretData, CreateFunctionSecretError, CreateFunctionSecretErrors, CreateFunctionSecretInput, CreateFunctionSecretResponse, CreateFunctionSecretResponses, Cursor, DEFAULT_API_BASE_URL_1, DEFAULT_API_BASE_URL_2, DeleteDomainData, DeleteDomainError, DeleteDomainErrors, DeleteDomainResponse, DeleteDomainResponses, DeleteEmailData, DeleteEmailError, DeleteEmailErrors, DeleteEmailResponse, DeleteEmailResponses, DeleteEndpointData, DeleteEndpointError, DeleteEndpointErrors, DeleteEndpointResponse, DeleteEndpointResponses, DeleteFilterData, DeleteFilterError, DeleteFilterErrors, DeleteFilterResponse, DeleteFilterResponses, DeleteFunctionData, DeleteFunctionError, DeleteFunctionErrors, DeleteFunctionResponse, DeleteFunctionResponses, DeleteFunctionSecretData, DeleteFunctionSecretError, DeleteFunctionSecretErrors, DeleteFunctionSecretResponse, DeleteFunctionSecretResponses, DeliveryStatus, DeliverySummary, DiscardContentResult, DiscardEmailContentData, DiscardEmailContentError, DiscardEmailContentErrors, DiscardEmailContentResponse, DiscardEmailContentResponses, Domain, DomainVerifyResult, DownloadAttachmentsData, DownloadAttachmentsError, DownloadAttachmentsErrors, DownloadAttachmentsResponse, DownloadAttachmentsResponses, DownloadRawEmailData, DownloadRawEmailError, DownloadRawEmailErrors, DownloadRawEmailResponse, DownloadRawEmailResponses, EmailDetail, EmailDetailReply, EmailSearchFacetBucket, EmailSearchFacets, EmailSearchHighlights, EmailSearchMeta, EmailSearchResult, EmailStatus, EmailSummary, EmailWebhookStatus, Endpoint, ErrorResponse, Filter, ForwardInput, FunctionDeployStatus, FunctionDetail, FunctionListItem, FunctionSecretListItem, FunctionSecretWriteResult, GateDenial, GateFix, GetAccountData, GetAccountError, GetAccountErrors, GetAccountResponse, GetAccountResponses, GetEmailData, GetEmailError, GetEmailErrors, GetEmailResponse, GetEmailResponses, GetFunctionData, GetFunctionError, GetFunctionErrors, GetFunctionResponse, GetFunctionResponses, GetSendPermissionsData, GetSendPermissionsError, GetSendPermissionsErrors, GetSendPermissionsResponse, GetSendPermissionsResponses, GetSentEmailData, GetSentEmailError, GetSentEmailErrors, GetSentEmailResponse, GetSentEmailResponses, GetStorageStatsData, GetStorageStatsError, GetStorageStatsErrors, GetStorageStatsResponse, GetStorageStatsResponses, GetWebhookSecretData, GetWebhookSecretError, GetWebhookSecretErrors, GetWebhookSecretResponse, GetWebhookSecretResponses, Limit, ListDeliveriesData, ListDeliveriesError, ListDeliveriesErrors, ListDeliveriesResponse, ListDeliveriesResponses, ListDomainsData, ListDomainsError, ListDomainsErrors, ListDomainsResponse, ListDomainsResponses, ListEmailsData, ListEmailsError, ListEmailsErrors, ListEmailsResponse, ListEmailsResponses, ListEndpointsData, ListEndpointsError, ListEndpointsErrors, ListEndpointsResponse, ListEndpointsResponses, ListEnvelope, ListFiltersData, ListFiltersError, ListFiltersErrors, ListFiltersResponse, ListFiltersResponses, ListFunctionSecretsData, ListFunctionSecretsError, ListFunctionSecretsErrors, ListFunctionSecretsResponse, ListFunctionSecretsResponses, ListFunctionsData, ListFunctionsError, ListFunctionsErrors, ListFunctionsResponse, ListFunctionsResponses, ListSentEmailsData, ListSentEmailsError, ListSentEmailsErrors, ListSentEmailsResponse, ListSentEmailsResponses, Options, PaginationMeta, PollCliLoginData, PollCliLoginError, PollCliLoginErrors, PollCliLoginInput, PollCliLoginResponse, PollCliLoginResponses, PrimitiveApiClient, PrimitiveApiClientOptions, PrimitiveApiError, PrimitiveApiErrorDetails, PrimitiveClient, PrimitiveClientOptions, Client as PrimitiveGeneratedApiClient, ClientOptions$1 as PrimitiveGeneratedApiClientOptions, Config as PrimitiveGeneratedApiConfig, Options$1 as PrimitiveGeneratedApiOptions, RequestOptions as PrimitiveGeneratedApiRequestOptions, RequestResult as PrimitiveGeneratedApiRequestResult, ReplayDeliveryData, ReplayDeliveryError, ReplayDeliveryErrors, ReplayDeliveryResponse, ReplayDeliveryResponses, ReplayEmailWebhooksData, ReplayEmailWebhooksError, ReplayEmailWebhooksErrors, ReplayEmailWebhooksResponse, ReplayEmailWebhooksResponses, ReplayResult, ReplyInput, ReplyToEmailData, ReplyToEmailError, ReplyToEmailErrors, ReplyToEmailResponse, ReplyToEmailResponses, RequestOptions$1 as RequestOptions, ResourceId, ResponseStyle, RotateWebhookSecretData, RotateWebhookSecretError, RotateWebhookSecretErrors, RotateWebhookSecretResponse, RotateWebhookSecretResponses, SearchEmailsData, SearchEmailsError, SearchEmailsErrors, SearchEmailsResponse, SearchEmailsResponses, SendEmailData, SendEmailError, SendEmailErrors, SendEmailResponse, SendEmailResponses, SendInput, SendMailInput, SendMailResult, SendPermissionAddress, SendPermissionAnyRecipient, SendPermissionManagedZone, SendPermissionRule, SendPermissionYourDomain, SendPermissionsMeta, SendResult, SendThreadInput, SentEmailDetail, SentEmailStatus, SentEmailSummary, SetFunctionSecretData, SetFunctionSecretError, SetFunctionSecretErrors, SetFunctionSecretInput, SetFunctionSecretResponse, SetFunctionSecretResponses, StartCliLoginData, StartCliLoginError, StartCliLoginErrors, StartCliLoginInput, StartCliLoginResponse, StartCliLoginResponses, StorageStats, SuccessEnvelope, TestEndpointData, TestEndpointError, TestEndpointErrors, TestEndpointResponse, TestEndpointResponses, TestFunctionData, TestFunctionError, TestFunctionErrors, TestFunctionResponse, TestFunctionResponses, TestInvocationResult, TestResult, UnverifiedDomain, UpdateAccountData, UpdateAccountError, UpdateAccountErrors, UpdateAccountInput, UpdateAccountResponse, UpdateAccountResponses, UpdateDomainData, UpdateDomainError, UpdateDomainErrors, UpdateDomainInput, UpdateDomainResponse, UpdateDomainResponses, UpdateEndpointData, UpdateEndpointError, UpdateEndpointErrors, UpdateEndpointInput, UpdateEndpointResponse, UpdateEndpointResponses, UpdateFilterData, UpdateFilterError, UpdateFilterErrors, UpdateFilterInput, UpdateFilterResponse, UpdateFilterResponses, UpdateFunctionData, UpdateFunctionError, UpdateFunctionErrors, UpdateFunctionInput, UpdateFunctionResponse, UpdateFunctionResponses, VerifiedDomain, VerifyDomainData, VerifyDomainError, VerifyDomainErrors, VerifyDomainResponse, VerifyDomainResponses, WebhookSecret, addDomain, cliLogout, client, createEndpoint, createFilter, createFunction, createFunctionSecret, createPrimitiveApiClient, createPrimitiveClient, deleteDomain, deleteEmail, deleteEndpoint, deleteFilter, deleteFunction, deleteFunctionSecret, discardEmailContent, downloadAttachments, downloadRawEmail, getAccount, getEmail, getFunction, getSendPermissions, getSentEmail, getStorageStats, getWebhookSecret, listDeliveries, listDomains, listEmails, listEndpoints, listFilters, listFunctionSecrets, listFunctions, listSentEmails, operations, pollCliLogin, replayDelivery, replayEmailWebhooks, replyToEmail, rotateWebhookSecret, searchEmails, sendEmail, setFunctionSecret, startCliLogin, testEndpoint, testFunction, updateAccount, updateDomain, updateEndpoint, updateFilter, updateFunction, verifyDomain };
+import { f as WebhookVerificationError, p as WebhookVerificationErrorCode } from "../errors-C53fe686.js";
+import { $ as pollCliLogin, $a as StorageStats, $i as ReplayDeliveryError, $n as DownloadRawEmailErrors, $o as Config, $r as GetWebhookSecretError, $t as CreateFunctionSecretData, A as deleteEmail, Aa as SendMailInput, Ai as ListFunctionSecretsData, An as DeleteFunctionResponses, Ao as UpdateEndpointResponse, Ar as GetEmailResponse, At as CliLogoutResponse, B as getFunction, Ba as SentEmailSummary, Bi as ListSentEmailsData, Bn as DiscardEmailContentError, Bo as UpdateFunctionErrors, Br as GetSendPermissionsResponse, Bt as CreateFilterData, C as addDomain, Ca as SearchEmailsResponse, Ci as ListEndpointsResponses, Cn as DeleteFilterErrors, Co as UpdateDomainInput, Cr as GetAccountError, Ct as AddDomainResponses, D as createFunction, Da as SendEmailErrors, Di as ListFiltersErrors, Dn as DeleteFunctionError, Do as UpdateEndpointError, Dr as GetEmailData, Dt as CliLogoutError, E as createFilter, Ea as SendEmailError, Ei as ListFiltersError, En as DeleteFunctionData, Eo as UpdateEndpointData, Er as GetAccountResponses, Et as CliLogoutData, F as discardEmailContent, Fa as SendPermissionRule, Fi as ListFunctionsData, Fn as DeleteFunctionSecretResponses, Fo as UpdateFilterInput, Fr as GetFunctionResponse, Ft as CreateEndpointError, G as listDeliveries, Ga as SetFunctionSecretResponse, Gi as PaginationMeta, Gn as DomainVerifyResult, Go as VerifyDomainData, Gr as GetSentEmailResponse, Gt as CreateFilterResponses, H as getSentEmail, Ha as SetFunctionSecretError, Hi as ListSentEmailsErrors, Hn as DiscardEmailContentResponse, Ho as UpdateFunctionResponse, Hr as GetSentEmailData, Ht as CreateFilterErrors, I as downloadAttachments, Ia as SendPermissionYourDomain, Ii as ListFunctionsError, In as DeliveryStatus, Io as UpdateFilterResponse, Ir as GetFunctionResponses, It as CreateEndpointErrors, J as listEndpoints, Ja as StartCliLoginError, Ji as PollCliLoginErrors, Jn as DownloadAttachmentsErrors, Jo as VerifyDomainResponse, Jr as GetStorageStatsError, Jt as CreateFunctionErrors, K as listDomains, Ka as SetFunctionSecretResponses, Ki as PollCliLoginData, Kn as DownloadAttachmentsData, Ko as VerifyDomainError, Kr as GetSentEmailResponses, Kt as CreateFunctionData, L as downloadRawEmail, La as SendPermissionsMeta, Li as ListFunctionsErrors, Ln as DeliverySummary, Lo as UpdateFilterResponses, Lr as GetSendPermissionsData, Lt as CreateEndpointInput, M as deleteFilter, Ma as SendPermissionAddress, Mi as ListFunctionSecretsErrors, Mn as DeleteFunctionSecretError, Mo as UpdateFilterData, Mr as GetFunctionData, Mt as CliLogoutResult, N as deleteFunction, Na as SendPermissionAnyRecipient, Ni as ListFunctionSecretsResponse, Nn as DeleteFunctionSecretErrors, No as UpdateFilterError, Nr as GetFunctionError, Nt as ClientOptions, O as createFunctionSecret, Oa as SendEmailResponse, Oi as ListFiltersResponse, On as DeleteFunctionErrors, Oo as UpdateEndpointErrors, Or as GetEmailError, Ot as CliLogoutErrors, P as deleteFunctionSecret, Pa as SendPermissionManagedZone, Pi as ListFunctionSecretsResponses, Pn as DeleteFunctionSecretResponse, Po as UpdateFilterErrors, Pr as GetFunctionErrors, Pt as CreateEndpointData, Q as listSentEmails, Qa as StartCliLoginResponses, Qi as ReplayDeliveryData, Qn as DownloadRawEmailError, Qo as ClientOptions$1, Qr as GetWebhookSecretData, Qt as CreateFunctionResult, R as getAccount, Ra as SentEmailDetail, Ri as ListFunctionsResponse, Rn as DiscardContentResult, Ro as UpdateFunctionData, Rr as GetSendPermissionsError, Rt as CreateEndpointResponse, S as Options, Sa as SearchEmailsErrors, Si as ListEndpointsResponse, Sn as DeleteFilterError, So as UpdateDomainErrors, Sr as GetAccountData, St as AddDomainResponse, T as createEndpoint, Ta as SendEmailData, Ti as ListFiltersData, Tn as DeleteFilterResponses, To as UpdateDomainResponses, Tr as GetAccountResponse, Tt as CliLoginStartResult, U as getStorageStats, Ua as SetFunctionSecretErrors, Ui as ListSentEmailsResponse, Un as DiscardEmailContentResponses, Uo as UpdateFunctionResponses, Ur as GetSentEmailError, Ut as CreateFilterInput, V as getSendPermissions, Va as SetFunctionSecretData, Vi as ListSentEmailsError, Vn as DiscardEmailContentErrors, Vo as UpdateFunctionInput, Vr as GetSendPermissionsResponses, Vt as CreateFilterError, W as getWebhookSecret, Wa as SetFunctionSecretInput, Wi as ListSentEmailsResponses, Wn as Domain, Wo as VerifiedDomain, Wr as GetSentEmailErrors, Wt as CreateFilterResponse, X as listFunctionSecrets, Xa as StartCliLoginInput, Xi as PollCliLoginResponse, Xn as DownloadAttachmentsResponses, Xo as WebhookSecret, Xr as GetStorageStatsResponse, Xt as CreateFunctionResponse, Y as listFilters, Ya as StartCliLoginErrors, Yi as PollCliLoginInput, Yn as DownloadAttachmentsResponse, Yo as VerifyDomainResponses, Yr as GetStorageStatsErrors, Yt as CreateFunctionInput, Z as listFunctions, Za as StartCliLoginResponse, Zi as PollCliLoginResponses, Zn as DownloadRawEmailData, Zo as Client, Zr as GetStorageStatsResponses, Zt as CreateFunctionResponses, _ as createPrimitiveClient, _a as RotateWebhookSecretErrors, _i as ListEmailsResponse, _n as DeleteEndpointError, _o as UpdateAccountInput, _r as FunctionListItem, _t as AccountUpdated, a as PrimitiveApiClientOptions, aa as ReplayEmailWebhooksErrors, ai as ListDeliveriesError, an as Cursor, ao as TestEndpointResponses, ar as EmailSearchFacets, as as Auth, at as sendEmail, b as VerifyOptions, ba as SearchEmailsData, bi as ListEndpointsError, bn as DeleteEndpointResponses, bo as UpdateDomainData, br as GateDenial, bt as AddDomainErrors, c as PrimitiveClient, ca as ReplayResult, ci as ListDeliveriesResponses, cn as DeleteDomainErrors, co as TestFunctionErrors, cr as EmailSearchResult, ct as testEndpoint, d as RequestOptions$1, da as ReplyToEmailErrors, di as ListDomainsErrors, dn as DeleteEmailData, do as TestInvocationResult, dr as EmailWebhookStatus, dt as updateDomain, ea as ReplayDeliveryErrors, ei as GetWebhookSecretErrors, en as CreateFunctionSecretError, eo as SuccessEnvelope, er as DownloadRawEmailResponse, es as CreateClientConfig, et as replayDelivery, f as SendInput, fa as ReplyToEmailResponse, fi as ListDomainsResponse, fn as DeleteEmailError, fo as TestResult, fr as Endpoint, ft as updateEndpoint, g as createPrimitiveApiClient, ga as RotateWebhookSecretError, gi as ListEmailsErrors, gn as DeleteEndpointData, go as UpdateAccountErrors, gr as FunctionDetail, gt as Account, h as client, ha as RotateWebhookSecretData, hi as ListEmailsError, hn as DeleteEmailResponses, ho as UpdateAccountError, hr as FunctionDeployStatus, ht as verifyDomain, i as PrimitiveApiClient, ia as ReplayEmailWebhooksError, ii as ListDeliveriesData, in as CreateFunctionSecretResponses, io as TestEndpointResponse, ir as EmailSearchFacetBucket, is as ResponseStyle, it as searchEmails, j as deleteEndpoint, ja as SendMailResult, ji as ListFunctionSecretsError, jn as DeleteFunctionSecretData, jo as UpdateEndpointResponses, jr as GetEmailResponses, jt as CliLogoutResponses, k as deleteDomain, ka as SendEmailResponses, ki as ListFiltersResponses, kn as DeleteFunctionResponse, ko as UpdateEndpointInput, kr as GetEmailErrors, kt as CliLogoutInput, l as PrimitiveClientOptions, la as ReplyToEmailData, li as ListDomainsData, ln as DeleteDomainResponse, lo as TestFunctionResponse, lr as EmailStatus, lt as testFunction, m as SendThreadInput, ma as ResourceId, mi as ListEmailsData, mn as DeleteEmailResponse, mo as UpdateAccountData, mr as Filter, mt as updateFunction, n as DEFAULT_API_BASE_URL_2, na as ReplayDeliveryResponses, ni as GetWebhookSecretResponses, nn as CreateFunctionSecretInput, no as TestEndpointError, nr as EmailDetail, ns as RequestOptions, nt as replyToEmail, o as PrimitiveApiError, oa as ReplayEmailWebhooksResponse, oi as ListDeliveriesErrors, on as DeleteDomainData, oo as TestFunctionData, or as EmailSearchHighlights, ot as setFunctionSecret, p as SendResult, pa as ReplyToEmailResponses, pi as ListDomainsResponses, pn as DeleteEmailErrors, po as UnverifiedDomain, pr as ErrorResponse, pt as updateFilter, q as listEmails, qa as StartCliLoginData, qi as PollCliLoginError, qn as DownloadAttachmentsError, qo as VerifyDomainErrors, qr as GetStorageStatsData, qt as CreateFunctionError, r as ForwardInput, ra as ReplayEmailWebhooksData, ri as Limit, rn as CreateFunctionSecretResponse, ro as TestEndpointErrors, rr as EmailDetailReply, rs as RequestResult, rt as rotateWebhookSecret, s as PrimitiveApiErrorDetails, sa as ReplayEmailWebhooksResponses, si as ListDeliveriesResponse, sn as DeleteDomainError, so as TestFunctionError, sr as EmailSearchMeta, st as startCliLogin, t as DEFAULT_API_BASE_URL_1, ta as ReplayDeliveryResponse, ti as GetWebhookSecretResponse, tn as CreateFunctionSecretErrors, to as TestEndpointData, tr as DownloadRawEmailResponses, ts as Options$1, tt as replayEmailWebhooks, u as ReplyInput, ua as ReplyToEmailError, ui as ListDomainsError, un as DeleteDomainResponses, uo as TestFunctionResponses, ur as EmailSummary, ut as updateAccount, v as operations, va as RotateWebhookSecretResponse, vi as ListEmailsResponses, vn as DeleteEndpointErrors, vo as UpdateAccountResponse, vr as FunctionSecretListItem, vt as AddDomainData, w as cliLogout, wa as SearchEmailsResponses, wi as ListEnvelope, wn as DeleteFilterResponse, wo as UpdateDomainResponse, wr as GetAccountErrors, wt as CliLoginPollResult, x as verifyWebhookSignature, xa as SearchEmailsError, xi as ListEndpointsErrors, xn as DeleteFilterData, xo as UpdateDomainError, xr as GateFix, xt as AddDomainInput, y as PRIMITIVE_SIGNATURE_HEADER, ya as RotateWebhookSecretResponses, yi as ListEndpointsData, yn as DeleteEndpointResponse, yo as UpdateAccountResponses, yr as FunctionSecretWriteResult, yt as AddDomainError, z as getEmail, za as SentEmailStatus, zi as ListFunctionsResponses, zn as DiscardEmailContentData, zo as UpdateFunctionError, zr as GetSendPermissionsErrors, zt as CreateEndpointResponses } from "../index-DdITDPea.js";
+export { Account, AccountUpdated, AddDomainData, AddDomainError, AddDomainErrors, AddDomainInput, AddDomainResponse, AddDomainResponses, Auth, CliLoginPollResult, CliLoginStartResult, CliLogoutData, CliLogoutError, CliLogoutErrors, CliLogoutInput, CliLogoutResponse, CliLogoutResponses, CliLogoutResult, ClientOptions, CreateClientConfig, CreateEndpointData, CreateEndpointError, CreateEndpointErrors, CreateEndpointInput, CreateEndpointResponse, CreateEndpointResponses, CreateFilterData, CreateFilterError, CreateFilterErrors, CreateFilterInput, CreateFilterResponse, CreateFilterResponses, CreateFunctionData, CreateFunctionError, CreateFunctionErrors, CreateFunctionInput, CreateFunctionResponse, CreateFunctionResponses, CreateFunctionResult, CreateFunctionSecretData, CreateFunctionSecretError, CreateFunctionSecretErrors, CreateFunctionSecretInput, CreateFunctionSecretResponse, CreateFunctionSecretResponses, Cursor, DEFAULT_API_BASE_URL_1, DEFAULT_API_BASE_URL_2, DeleteDomainData, DeleteDomainError, DeleteDomainErrors, DeleteDomainResponse, DeleteDomainResponses, DeleteEmailData, DeleteEmailError, DeleteEmailErrors, DeleteEmailResponse, DeleteEmailResponses, DeleteEndpointData, DeleteEndpointError, DeleteEndpointErrors, DeleteEndpointResponse, DeleteEndpointResponses, DeleteFilterData, DeleteFilterError, DeleteFilterErrors, DeleteFilterResponse, DeleteFilterResponses, DeleteFunctionData, DeleteFunctionError, DeleteFunctionErrors, DeleteFunctionResponse, DeleteFunctionResponses, DeleteFunctionSecretData, DeleteFunctionSecretError, DeleteFunctionSecretErrors, DeleteFunctionSecretResponse, DeleteFunctionSecretResponses, DeliveryStatus, DeliverySummary, DiscardContentResult, DiscardEmailContentData, DiscardEmailContentError, DiscardEmailContentErrors, DiscardEmailContentResponse, DiscardEmailContentResponses, Domain, DomainVerifyResult, DownloadAttachmentsData, DownloadAttachmentsError, DownloadAttachmentsErrors, DownloadAttachmentsResponse, DownloadAttachmentsResponses, DownloadRawEmailData, DownloadRawEmailError, DownloadRawEmailErrors, DownloadRawEmailResponse, DownloadRawEmailResponses, EmailDetail, EmailDetailReply, EmailSearchFacetBucket, EmailSearchFacets, EmailSearchHighlights, EmailSearchMeta, EmailSearchResult, EmailStatus, EmailSummary, EmailWebhookStatus, Endpoint, ErrorResponse, Filter, ForwardInput, FunctionDeployStatus, FunctionDetail, FunctionListItem, FunctionSecretListItem, FunctionSecretWriteResult, GateDenial, GateFix, GetAccountData, GetAccountError, GetAccountErrors, GetAccountResponse, GetAccountResponses, GetEmailData, GetEmailError, GetEmailErrors, GetEmailResponse, GetEmailResponses, GetFunctionData, GetFunctionError, GetFunctionErrors, GetFunctionResponse, GetFunctionResponses, GetSendPermissionsData, GetSendPermissionsError, GetSendPermissionsErrors, GetSendPermissionsResponse, GetSendPermissionsResponses, GetSentEmailData, GetSentEmailError, GetSentEmailErrors, GetSentEmailResponse, GetSentEmailResponses, GetStorageStatsData, GetStorageStatsError, GetStorageStatsErrors, GetStorageStatsResponse, GetStorageStatsResponses, GetWebhookSecretData, GetWebhookSecretError, GetWebhookSecretErrors, GetWebhookSecretResponse, GetWebhookSecretResponses, Limit, ListDeliveriesData, ListDeliveriesError, ListDeliveriesErrors, ListDeliveriesResponse, ListDeliveriesResponses, ListDomainsData, ListDomainsError, ListDomainsErrors, ListDomainsResponse, ListDomainsResponses, ListEmailsData, ListEmailsError, ListEmailsErrors, ListEmailsResponse, ListEmailsResponses, ListEndpointsData, ListEndpointsError, ListEndpointsErrors, ListEndpointsResponse, ListEndpointsResponses, ListEnvelope, ListFiltersData, ListFiltersError, ListFiltersErrors, ListFiltersResponse, ListFiltersResponses, ListFunctionSecretsData, ListFunctionSecretsError, ListFunctionSecretsErrors, ListFunctionSecretsResponse, ListFunctionSecretsResponses, ListFunctionsData, ListFunctionsError, ListFunctionsErrors, ListFunctionsResponse, ListFunctionsResponses, ListSentEmailsData, ListSentEmailsError, ListSentEmailsErrors, ListSentEmailsResponse, ListSentEmailsResponses, Options, PRIMITIVE_SIGNATURE_HEADER, PaginationMeta, PollCliLoginData, PollCliLoginError, PollCliLoginErrors, PollCliLoginInput, PollCliLoginResponse, PollCliLoginResponses, PrimitiveApiClient, PrimitiveApiClientOptions, PrimitiveApiError, PrimitiveApiErrorDetails, PrimitiveClient, PrimitiveClientOptions, Client as PrimitiveGeneratedApiClient, ClientOptions$1 as PrimitiveGeneratedApiClientOptions, Config as PrimitiveGeneratedApiConfig, Options$1 as PrimitiveGeneratedApiOptions, RequestOptions as PrimitiveGeneratedApiRequestOptions, RequestResult as PrimitiveGeneratedApiRequestResult, ReplayDeliveryData, ReplayDeliveryError, ReplayDeliveryErrors, ReplayDeliveryResponse, ReplayDeliveryResponses, ReplayEmailWebhooksData, ReplayEmailWebhooksError, ReplayEmailWebhooksErrors, ReplayEmailWebhooksResponse, ReplayEmailWebhooksResponses, ReplayResult, ReplyInput, ReplyToEmailData, ReplyToEmailError, ReplyToEmailErrors, ReplyToEmailResponse, ReplyToEmailResponses, RequestOptions$1 as RequestOptions, ResourceId, ResponseStyle, RotateWebhookSecretData, RotateWebhookSecretError, RotateWebhookSecretErrors, RotateWebhookSecretResponse, RotateWebhookSecretResponses, SearchEmailsData, SearchEmailsError, SearchEmailsErrors, SearchEmailsResponse, SearchEmailsResponses, SendEmailData, SendEmailError, SendEmailErrors, SendEmailResponse, SendEmailResponses, SendInput, SendMailInput, SendMailResult, SendPermissionAddress, SendPermissionAnyRecipient, SendPermissionManagedZone, SendPermissionRule, SendPermissionYourDomain, SendPermissionsMeta, SendResult, SendThreadInput, SentEmailDetail, SentEmailStatus, SentEmailSummary, SetFunctionSecretData, SetFunctionSecretError, SetFunctionSecretErrors, SetFunctionSecretInput, SetFunctionSecretResponse, SetFunctionSecretResponses, StartCliLoginData, StartCliLoginError, StartCliLoginErrors, StartCliLoginInput, StartCliLoginResponse, StartCliLoginResponses, StorageStats, SuccessEnvelope, TestEndpointData, TestEndpointError, TestEndpointErrors, TestEndpointResponse, TestEndpointResponses, TestFunctionData, TestFunctionError, TestFunctionErrors, TestFunctionResponse, TestFunctionResponses, TestInvocationResult, TestResult, UnverifiedDomain, UpdateAccountData, UpdateAccountError, UpdateAccountErrors, UpdateAccountInput, UpdateAccountResponse, UpdateAccountResponses, UpdateDomainData, UpdateDomainError, UpdateDomainErrors, UpdateDomainInput, UpdateDomainResponse, UpdateDomainResponses, UpdateEndpointData, UpdateEndpointError, UpdateEndpointErrors, UpdateEndpointInput, UpdateEndpointResponse, UpdateEndpointResponses, UpdateFilterData, UpdateFilterError, UpdateFilterErrors, UpdateFilterInput, UpdateFilterResponse, UpdateFilterResponses, UpdateFunctionData, UpdateFunctionError, UpdateFunctionErrors, UpdateFunctionInput, UpdateFunctionResponse, UpdateFunctionResponses, VerifiedDomain, VerifyDomainData, VerifyDomainError, VerifyDomainErrors, VerifyDomainResponse, VerifyDomainResponses, VerifyOptions as VerifyWebhookSignatureOptions, WebhookSecret, WebhookVerificationError, WebhookVerificationErrorCode, addDomain, cliLogout, client, createEndpoint, createFilter, createFunction, createFunctionSecret, createPrimitiveApiClient, createPrimitiveClient, deleteDomain, deleteEmail, deleteEndpoint, deleteFilter, deleteFunction, deleteFunctionSecret, discardEmailContent, downloadAttachments, downloadRawEmail, getAccount, getEmail, getFunction, getSendPermissions, getSentEmail, getStorageStats, getWebhookSecret, listDeliveries, listDomains, listEmails, listEndpoints, listFilters, listFunctionSecrets, listFunctions, listSentEmails, operations, pollCliLogin, replayDelivery, replayEmailWebhooks, replyToEmail, rotateWebhookSecret, searchEmails, sendEmail, setFunctionSecret, startCliLogin, testEndpoint, testFunction, updateAccount, updateDomain, updateEndpoint, updateFilter, updateFunction, verifyDomain, verifyWebhookSignature };

package/dist/api/index.js

@@ -398,3 +398,9 @@ export function client(options = {}) {
 }
 export const operations = generatedOperations;
 export * from "./generated/index.js";
+// Web Crypto verifier for in-handler webhook verification. Mirrors
+// the surface of `verifyWebhookSignature` from `@primitivedotdev/sdk`
+// (the Node version) but implements HMAC-SHA256 with `crypto.subtle`
+// so it can be bundled into a Primitive Function without pulling in
+// a `node:crypto` polyfill.
+export { PRIMITIVE_SIGNATURE_HEADER, verifyWebhookSignature, WebhookVerificationError, } from "./verify-signature.js";

package/dist/api/verify-signature.js

@@ -0,0 +1,198 @@
+/**
+ * Workers-safe webhook signature verification.
+ *
+ * Mirrors `verifyWebhookSignature` from `@primitivedotdev/sdk` but
+ * implements the HMAC-SHA256 step with the Web Crypto API
+ * (`crypto.subtle`) instead of `node:crypto`. The Node version is
+ * still the right choice for server-side handlers running on Node
+ * (it's measurably faster and supports Buffer bodies); this one
+ * exists so a Primitive Function handler can bundle the verifier
+ * without dragging in a `node:crypto` polyfill that inflates the
+ * deploy artifact past the size cap.
+ *
+ * Available natively in Workers, Node 22+, browsers, Deno, and Bun.
+ * Zero polyfill weight, zero new runtime dependencies.
+ *
+ * Surface contract matches the Node verifier exactly: same input
+ * shape, same `WebhookVerificationError` class, same set of error
+ * codes. Existing callers can swap the import path with no other
+ * code changes:
+ *
+ *   // Node (existing):
+ *   import { verifyWebhookSignature } from '@primitivedotdev/sdk';
+ *
+ *   // Workers / in-handler (this file):
+ *   import { verifyWebhookSignature } from '@primitivedotdev/sdk/api';
+ */
+import { WebhookVerificationError } from "../webhook/errors.js";
+// Header name carrying the timestamp + signature. Must match the
+// constant of the same name in `../webhook/signing.ts`. Kept in two
+// places intentionally so this file has no dependency on the Node
+// signing module (which would drag `node:crypto` into the bundle).
+export const PRIMITIVE_SIGNATURE_HEADER = "Primitive-Signature";
+// Re-export so consumers can `import { verifyWebhookSignature,
+// WebhookVerificationError } from '@primitivedotdev/sdk/api'`
+// without a second import statement against `/webhook`.
+export { WebhookVerificationError } from "../webhook/errors.js";
+// 5 minute max-age tolerance matches `webhook/signing.ts`.
+const DEFAULT_TOLERANCE_SECONDS = 5 * 60;
+// 60 second future tolerance for clock skew.
+const FUTURE_TOLERANCE_SECONDS = 60;
+// HMAC-SHA256 hex digest is 64 characters. Accept either case to
+// stay byte-for-byte compatible with the Node verifier in
+// `../webhook/signing.ts`, which uses the same pattern with the `/i`
+// flag. Canonical Primitive signers emit lowercase, but tolerating
+// uppercase keeps third-party signers (and tests that hand-build
+// fixtures) from silently failing through to SIGNATURE_MISMATCH.
+const HEX_PATTERN = /^[0-9a-f]+$/i;
+const HEX_LENGTH = 64;
+const UNIX_SECONDS_PATTERN = /^\d{1,10}$/;
+function parseSignatureHeader(signatureHeader) {
+    if (!signatureHeader || typeof signatureHeader !== "string") {
+        return null;
+    }
+    const parts = signatureHeader.split(",");
+    let timestamp = null;
+    const signatures = [];
+    for (const part of parts) {
+        const idx = part.indexOf("=");
+        if (idx === -1)
+            continue;
+        const key = part.slice(0, idx).trim();
+        const value = part.slice(idx + 1).trim();
+        if (!key || !value)
+            continue;
+        if (key === "t") {
+            if (!UNIX_SECONDS_PATTERN.test(value))
+                continue;
+            const parsed = Number(value);
+            if (Number.isSafeInteger(parsed)) {
+                timestamp = parsed;
+            }
+        }
+        else if (key === "v1") {
+            signatures.push(value);
+        }
+    }
+    if (timestamp === null || signatures.length === 0) {
+        return null;
+    }
+    return { timestamp, signatures };
+}
+function isValidHex(str) {
+    return str.length === HEX_LENGTH && HEX_PATTERN.test(str);
+}
+function arrayBufferToHex(buffer) {
+    const bytes = new Uint8Array(buffer);
+    let hex = "";
+    for (let i = 0; i < bytes.length; i++) {
+        // biome-ignore lint/style/noNonNullAssertion: bytes[i] is always defined for valid index
+        hex += bytes[i].toString(16).padStart(2, "0");
+    }
+    return hex;
+}
+/**
+ * Constant-time comparison of two equal-length hex strings. Returns
+ * false if lengths differ (intentionally not a security issue: lengths
+ * are public). Iterates the full length regardless of mismatch so the
+ * timing signal does not reveal the position of the first divergence.
+ */
+function timingSafeEqualHex(a, b) {
+    if (a.length !== b.length)
+        return false;
+    let diff = 0;
+    for (let i = 0; i < a.length; i++) {
+        diff |= a.charCodeAt(i) ^ b.charCodeAt(i);
+    }
+    return diff === 0;
+}
+async function computeHmacHex(secret, payload) {
+    const encoder = new TextEncoder();
+    const keyData = encoder.encode(secret);
+    const key = await crypto.subtle.importKey("raw", keyData, { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
+    const signature = await crypto.subtle.sign("HMAC", key, encoder.encode(payload));
+    return arrayBufferToHex(signature);
+}
+/**
+ * Verify a webhook signature using the Web Crypto API.
+ *
+ * Throws `WebhookVerificationError` on failure with a specific error
+ * code matching the Node verifier's set. Returns `true` on success.
+ *
+ * @example
+ * ```typescript
+ * import {
+ *   verifyWebhookSignature,
+ *   WebhookVerificationError,
+ *   PRIMITIVE_SIGNATURE_HEADER,
+ * } from '@primitivedotdev/sdk/api';
+ *
+ * export default {
+ *   async fetch(request: Request, env: { PRIMITIVE_WEBHOOK_SECRET: string }) {
+ *     const rawBody = await request.text();
+ *     try {
+ *       await verifyWebhookSignature({
+ *         rawBody,
+ *         signatureHeader: request.headers.get(PRIMITIVE_SIGNATURE_HEADER) ?? '',
+ *         secret: env.PRIMITIVE_WEBHOOK_SECRET,
+ *       });
+ *     } catch (err) {
+ *       if (err instanceof WebhookVerificationError) {
+ *         return new Response('invalid signature', { status: 401 });
+ *       }
+ *       throw err;
+ *     }
+ *     // ... process the webhook
+ *   },
+ * };
+ * ```
+ */
+export async function verifyWebhookSignature(opts) {
+    const { rawBody, signatureHeader, secret, toleranceSeconds = DEFAULT_TOLERANCE_SECONDS, nowSeconds, } = opts;
+    // `secret` is typed as `string` here (Node verifier also accepts
+    // Buffer, but Buffer isn't a thing in Workers and we deliberately
+    // don't include it in the Web Crypto API surface). `!secret` already
+    // catches undefined, null, and "" cleanly; no extra type guard
+    // needed.
+    if (!secret) {
+        throw new WebhookVerificationError("MISSING_SECRET", "Webhook secret is required but was empty or not provided");
+    }
+    const parsed = parseSignatureHeader(signatureHeader);
+    if (!parsed) {
+        throw new WebhookVerificationError("INVALID_SIGNATURE_HEADER", "Invalid Primitive-Signature header format. Expected: t={timestamp},v1={signature}");
+    }
+    const { timestamp, signatures } = parsed;
+    const now = nowSeconds ?? Math.floor(Date.now() / 1000);
+    const age = now - timestamp;
+    if (age > toleranceSeconds) {
+        throw new WebhookVerificationError("TIMESTAMP_OUT_OF_RANGE", `Webhook timestamp too old (${age}s). Max age is ${toleranceSeconds}s.`);
+    }
+    if (age < -FUTURE_TOLERANCE_SECONDS) {
+        throw new WebhookVerificationError("TIMESTAMP_OUT_OF_RANGE", "Webhook timestamp is too far in the future. Check server clock sync.");
+    }
+    const signedPayloadString = `${timestamp}.${rawBody}`;
+    const expectedHex = await computeHmacHex(secret, signedPayloadString);
+    // Walk every provided signature so a key-rotation header carrying
+    // [old, new] still verifies once the new key is live. Constant-time
+    // comparison per candidate so a partial-match attacker can't binary
+    // search hex characters by timing.
+    //
+    // Lowercase the candidate before comparing: HEX_PATTERN accepts
+    // either case (to match the Node verifier, which decodes via
+    // `Buffer.from(str, "hex")` and is case-insensitive), but
+    // expectedHex from `arrayBufferToHex` is always lowercase.
+    // Comparing raw `charCodeAt` would treat "AB" and "ab" as
+    // different and silently fail through to SIGNATURE_MISMATCH.
+    let anyMatch = false;
+    for (const candidate of signatures) {
+        if (!isValidHex(candidate))
+            continue;
+        if (timingSafeEqualHex(candidate.toLowerCase(), expectedHex)) {
+            anyMatch = true;
+        }
+    }
+    if (!anyMatch) {
+        throw new WebhookVerificationError("SIGNATURE_MISMATCH", "Webhook signature did not match. The body may have been modified in transit, or the secret may be out of date.");
+    }
+    return true;
+}

package/dist/{api-C3X14uId.js → api-CoP5vKPK.js}

@@ -1,5 +1,5 @@
 import { t as __exportAll } from "./chunk-pbuEa-1d.js";
-import { r as formatAddress } from "./received-email-D6tKtWwW.js";
+import { c as WebhookVerificationError, d as formatAddress } from "./errors-x91I_yEt.js";
 //#region src/api/generated/core/bodySerializer.gen.ts
 const jsonBodySerializer = { bodySerializer: (body) => JSON.stringify(body, (_key, value) => typeof value === "bigint" ? value.toString() : value) };
 //#endregion
@@ -1651,6 +1651,145 @@ const setFunctionSecret = (options) => (options.client ?? client$1).put({
 	}
 });
 //#endregion
+//#region src/api/verify-signature.ts
+/**
+* Workers-safe webhook signature verification.
+*
+* Mirrors `verifyWebhookSignature` from `@primitivedotdev/sdk` but
+* implements the HMAC-SHA256 step with the Web Crypto API
+* (`crypto.subtle`) instead of `node:crypto`. The Node version is
+* still the right choice for server-side handlers running on Node
+* (it's measurably faster and supports Buffer bodies); this one
+* exists so a Primitive Function handler can bundle the verifier
+* without dragging in a `node:crypto` polyfill that inflates the
+* deploy artifact past the size cap.
+*
+* Available natively in Workers, Node 22+, browsers, Deno, and Bun.
+* Zero polyfill weight, zero new runtime dependencies.
+*
+* Surface contract matches the Node verifier exactly: same input
+* shape, same `WebhookVerificationError` class, same set of error
+* codes. Existing callers can swap the import path with no other
+* code changes:
+*
+*   // Node (existing):
+*   import { verifyWebhookSignature } from '@primitivedotdev/sdk';
+*
+*   // Workers / in-handler (this file):
+*   import { verifyWebhookSignature } from '@primitivedotdev/sdk/api';
+*/
+const PRIMITIVE_SIGNATURE_HEADER = "Primitive-Signature";
+const DEFAULT_TOLERANCE_SECONDS = 300;
+const FUTURE_TOLERANCE_SECONDS = 60;
+const HEX_PATTERN = /^[0-9a-f]+$/i;
+const HEX_LENGTH = 64;
+const UNIX_SECONDS_PATTERN = /^\d{1,10}$/;
+function parseSignatureHeader(signatureHeader) {
+	if (!signatureHeader || typeof signatureHeader !== "string") return null;
+	const parts = signatureHeader.split(",");
+	let timestamp = null;
+	const signatures = [];
+	for (const part of parts) {
+		const idx = part.indexOf("=");
+		if (idx === -1) continue;
+		const key = part.slice(0, idx).trim();
+		const value = part.slice(idx + 1).trim();
+		if (!key || !value) continue;
+		if (key === "t") {
+			if (!UNIX_SECONDS_PATTERN.test(value)) continue;
+			const parsed = Number(value);
+			if (Number.isSafeInteger(parsed)) timestamp = parsed;
+		} else if (key === "v1") signatures.push(value);
+	}
+	if (timestamp === null || signatures.length === 0) return null;
+	return {
+		timestamp,
+		signatures
+	};
+}
+function isValidHex(str) {
+	return str.length === HEX_LENGTH && HEX_PATTERN.test(str);
+}
+function arrayBufferToHex(buffer) {
+	const bytes = new Uint8Array(buffer);
+	let hex = "";
+	for (let i = 0; i < bytes.length; i++) hex += bytes[i].toString(16).padStart(2, "0");
+	return hex;
+}
+/**
+* Constant-time comparison of two equal-length hex strings. Returns
+* false if lengths differ (intentionally not a security issue: lengths
+* are public). Iterates the full length regardless of mismatch so the
+* timing signal does not reveal the position of the first divergence.
+*/
+function timingSafeEqualHex(a, b) {
+	if (a.length !== b.length) return false;
+	let diff = 0;
+	for (let i = 0; i < a.length; i++) diff |= a.charCodeAt(i) ^ b.charCodeAt(i);
+	return diff === 0;
+}
+async function computeHmacHex(secret, payload) {
+	const encoder = new TextEncoder();
+	const keyData = encoder.encode(secret);
+	const key = await crypto.subtle.importKey("raw", keyData, {
+		name: "HMAC",
+		hash: "SHA-256"
+	}, false, ["sign"]);
+	return arrayBufferToHex(await crypto.subtle.sign("HMAC", key, encoder.encode(payload)));
+}
+/**
+* Verify a webhook signature using the Web Crypto API.
+*
+* Throws `WebhookVerificationError` on failure with a specific error
+* code matching the Node verifier's set. Returns `true` on success.
+*
+* @example
+* ```typescript
+* import {
+*   verifyWebhookSignature,
+*   WebhookVerificationError,
+*   PRIMITIVE_SIGNATURE_HEADER,
+* } from '@primitivedotdev/sdk/api';
+*
+* export default {
+*   async fetch(request: Request, env: { PRIMITIVE_WEBHOOK_SECRET: string }) {
+*     const rawBody = await request.text();
+*     try {
+*       await verifyWebhookSignature({
+*         rawBody,
+*         signatureHeader: request.headers.get(PRIMITIVE_SIGNATURE_HEADER) ?? '',
+*         secret: env.PRIMITIVE_WEBHOOK_SECRET,
+*       });
+*     } catch (err) {
+*       if (err instanceof WebhookVerificationError) {
+*         return new Response('invalid signature', { status: 401 });
+*       }
+*       throw err;
+*     }
+*     // ... process the webhook
+*   },
+* };
+* ```
+*/
+async function verifyWebhookSignature(opts) {
+	const { rawBody, signatureHeader, secret, toleranceSeconds = DEFAULT_TOLERANCE_SECONDS, nowSeconds } = opts;
+	if (!secret) throw new WebhookVerificationError("MISSING_SECRET", "Webhook secret is required but was empty or not provided");
+	const parsed = parseSignatureHeader(signatureHeader);
+	if (!parsed) throw new WebhookVerificationError("INVALID_SIGNATURE_HEADER", "Invalid Primitive-Signature header format. Expected: t={timestamp},v1={signature}");
+	const { timestamp, signatures } = parsed;
+	const age = (nowSeconds ?? Math.floor(Date.now() / 1e3)) - timestamp;
+	if (age > toleranceSeconds) throw new WebhookVerificationError("TIMESTAMP_OUT_OF_RANGE", `Webhook timestamp too old (${age}s). Max age is ${toleranceSeconds}s.`);
+	if (age < -FUTURE_TOLERANCE_SECONDS) throw new WebhookVerificationError("TIMESTAMP_OUT_OF_RANGE", "Webhook timestamp is too far in the future. Check server clock sync.");
+	const expectedHex = await computeHmacHex(secret, `${timestamp}.${rawBody}`);
+	let anyMatch = false;
+	for (const candidate of signatures) {
+		if (!isValidHex(candidate)) continue;
+		if (timingSafeEqualHex(candidate.toLowerCase(), expectedHex)) anyMatch = true;
+	}
+	if (!anyMatch) throw new WebhookVerificationError("SIGNATURE_MISMATCH", "Webhook signature did not match. The body may have been modified in transit, or the secret may be out of date.");
+	return true;
+}
+//#endregion
 //#region src/api/index.ts
 const DEFAULT_API_BASE_URL_1 = "https://www.primitive.dev/api/v1";
 const DEFAULT_API_BASE_URL_2 = "https://api.primitive.dev/v1";
@@ -1939,4 +2078,4 @@ function client(options = {}) {
 }
 const operations = sdk_gen_exports;
 //#endregion
-export { updateEndpoint as $, getStorageStats as A, pollCliLogin as B, downloadAttachments as C, getFunction as D, getEmail as E, listEndpoints as F, searchEmails as G, replayEmailWebhooks as H, listFilters as I, startCliLogin as J, sendEmail as K, listFunctionSecrets as L, listDeliveries as M, listDomains as N, getSendPermissions as O, listEmails as P, updateDomain as Q, listFunctions as R, discardEmailContent as S, getAccount as T, replyToEmail as U, replayDelivery as V, rotateWebhookSecret as W, testFunction as X, testEndpoint as Y, updateAccount as Z, deleteEmail as _, PrimitiveClient as a, deleteFunction as b, createPrimitiveClient as c, cliLogout as d, updateFilter as et, createEndpoint as f, deleteDomain as g, createFunctionSecret as h, PrimitiveApiError as i, getWebhookSecret as j, getSentEmail as k, operations as l, createFunction as m, DEFAULT_API_BASE_URL_2 as n, verifyDomain as nt, client as o, createFilter as p, setFunctionSecret as q, PrimitiveApiClient as r, createPrimitiveApiClient as s, DEFAULT_API_BASE_URL_1 as t, updateFunction as tt, addDomain as u, deleteEndpoint as v, downloadRawEmail as w, deleteFunctionSecret as x, deleteFilter as y, listSentEmails as z };
+export { updateAccount as $, getSendPermissions as A, listFunctions as B, deleteFunctionSecret as C, getAccount as D, downloadRawEmail as E, listDomains as F, replyToEmail as G, pollCliLogin as H, listEmails as I, sendEmail as J, rotateWebhookSecret as K, listEndpoints as L, getStorageStats as M, getWebhookSecret as N, getEmail as O, listDeliveries as P, testFunction as Q, listFilters as R, deleteFunction as S, downloadAttachments as T, replayDelivery as U, listSentEmails as V, replayEmailWebhooks as W, startCliLogin as X, setFunctionSecret as Y, testEndpoint as Z, createFunctionSecret as _, PrimitiveClient as a, deleteEndpoint as b, createPrimitiveClient as c, verifyWebhookSignature as d, updateDomain as et, addDomain as f, createFunction as g, createFilter as h, PrimitiveApiError as i, verifyDomain as it, getSentEmail as j, getFunction as k, operations as l, createEndpoint as m, DEFAULT_API_BASE_URL_2 as n, updateFilter as nt, client as o, cliLogout as p, searchEmails as q, PrimitiveApiClient as r, updateFunction as rt, createPrimitiveApiClient as s, DEFAULT_API_BASE_URL_1 as t, updateEndpoint as tt, PRIMITIVE_SIGNATURE_HEADER as u, deleteDomain as v, discardEmailContent as w, deleteFilter as x, deleteEmail as y, listFunctionSecrets as z };

package/dist/contract/index.d.ts

@@ -1,5 +1,5 @@
 import { C as ParsedDataFailed, D as RawContentDownloadOnly, M as WebhookAttachment, O as RawContentInline, S as ParsedDataComplete, c as EmailAnalysis, l as EmailAuth, s as EmailAddress, u as EmailReceivedEvent, w as ParsedError } from "../types-9vXGZjPd.js";
-import { C as signStandardWebhooksPayload, h as WEBHOOK_VERSION, j as signWebhookPayload, k as SignResult, x as StandardWebhooksSignResult } from "../index-CDlwyxdp.js";
+import { C as signStandardWebhooksPayload, h as WEBHOOK_VERSION, j as signWebhookPayload, k as SignResult, x as StandardWebhooksSignResult } from "../index-Dbx9udpX.js";
 
 //#region src/contract/contract.d.ts
 /** Maximum raw email size for inline inclusion (256 KB). */

package/dist/contract/index.js

@@ -1,4 +1,4 @@
-import { E as signStandardWebhooksPayload, L as validateEmailReceivedEvent, M as signWebhookPayload, d as WEBHOOK_VERSION } from "../webhook-rUjGV6Zu.js";
+import { E as signStandardWebhooksPayload, L as validateEmailReceivedEvent, M as signWebhookPayload, d as WEBHOOK_VERSION } from "../webhook-DJkfUnFZ.js";
 import { createHash } from "node:crypto";
 //#region src/contract/contract.ts
 /**