@primitivedotdev/sdk 0.8.0 → 0.10.0

package/dist/{types-CIOzt1FY.d.ts → types-9vXGZjPd.d.ts}

@@ -17,13 +17,6 @@
  * via the `definition` "ForwardResult".
  */
 type ForwardResult$1 = (ForwardResultInline$1 | ForwardResultAttachmentAnalyzed$1 | ForwardResultAttachmentSkipped$1);
-/**
- * Valid webhook version format (YYYY-MM-DD date string). The SDK accepts any valid date-formatted version, not just the current one, for forward and backward compatibility.
- *
- * This interface was referenced by `EmailReceivedEvent`'s JSON-Schema
- * via the `definition` "WebhookVersion".
- */
-
 /**
  * Webhook payload for the `email.received` event.
  *
@@ -693,17 +686,9 @@ interface DkimSignature$1 {
    * Optional in self-hosted environments.
    */
   algo: (string | null);
-} //#endregion
+}
+//#endregion
 //#region src/types.d.ts
-
-/**
- * Webhook payload for the `email.received` event.
- *
- * This is delivered to your webhook endpoint when Primitive receives an email matching your domain configuration.
- *
- * This interface was referenced by `EmailReceivedEvent`'s JSON-Schema
- * via the `definition` "EmailReceivedEvent".
- */
 type EmailReceivedEvent = EmailReceivedEvent$1;
 type EventType = EmailReceivedEvent["event"];
 declare const EventType: {
@@ -814,6 +799,5 @@ interface UnknownEvent {
 }
 type KnownWebhookEvent = EmailReceivedEvent;
 type WebhookEvent = KnownWebhookEvent | UnknownEvent;
-
 //#endregion
-export { AuthConfidence as AuthConfidence$1, AuthVerdict as AuthVerdict$1, DkimResult as DkimResult$1, DkimSignature, DmarcPolicy as DmarcPolicy$1, DmarcResult as DmarcResult$1, EmailAddress, EmailAnalysis, EmailAuth, EmailReceivedEvent, EventType as EventType$1, ForwardAnalysis, ForwardOriginalSender, ForwardResult, ForwardResultAttachmentAnalyzed, ForwardResultAttachmentSkipped, ForwardResultInline, ForwardVerdict as ForwardVerdict$1, ForwardVerification, KnownWebhookEvent, ParsedData, ParsedDataComplete, ParsedDataFailed, ParsedError, ParsedStatus as ParsedStatus$1, RawContent, RawContentDownloadOnly, RawContentInline, SpfResult as SpfResult$1, UnknownEvent, ValidateEmailAuthResult, WebhookAttachment, WebhookEvent };
+export { UnknownEvent as A, ParsedDataFailed as C, RawContentDownloadOnly as D, RawContent as E, WebhookAttachment as M, WebhookEvent as N, RawContentInline as O, ParsedDataComplete as S, ParsedStatus as T, ForwardResultInline as _, DmarcPolicy as a, KnownWebhookEvent as b, EmailAnalysis as c, EventType as d, ForwardAnalysis as f, ForwardResultAttachmentSkipped as g, ForwardResultAttachmentAnalyzed as h, DkimSignature as i, ValidateEmailAuthResult as j, SpfResult as k, EmailAuth as l, ForwardResult as m, AuthVerdict as n, DmarcResult as o, ForwardOriginalSender as p, DkimResult as r, EmailAddress as s, AuthConfidence as t, EmailReceivedEvent as u, ForwardVerdict as v, ParsedError as w, ParsedData as x, ForwardVerification as y };

package/dist/webhook/index.d.ts

@@ -1,4 +1,4 @@
-import { AuthConfidence$1 as AuthConfidence, AuthVerdict$1 as AuthVerdict, DkimResult$1 as DkimResult, DkimSignature, DmarcPolicy$1 as DmarcPolicy, DmarcResult$1 as DmarcResult, EmailAddress, EmailAnalysis, EmailAuth, EmailReceivedEvent, EventType$1 as EventType, ForwardAnalysis, ForwardOriginalSender, ForwardResult, ForwardResultAttachmentAnalyzed, ForwardResultAttachmentSkipped, ForwardResultInline, ForwardVerdict$1 as ForwardVerdict, ForwardVerification, KnownWebhookEvent, ParsedData, ParsedDataComplete, ParsedDataFailed, ParsedError, ParsedStatus$1 as ParsedStatus, RawContent, RawContentDownloadOnly, RawContentInline, SpfResult$1 as SpfResult, UnknownEvent, ValidateEmailAuthResult, WebhookAttachment, WebhookEvent } from "../types-CIOzt1FY.js";
-import { ReceivedEmail, ReceivedEmailAddress, ReceivedEmailThread, buildForwardSubject$1 as buildForwardSubject, buildReplySubject$1 as buildReplySubject, formatAddress$1 as formatAddress, normalizeReceivedEmail$1 as normalizeReceivedEmail, parseHeaderAddress$1 as parseHeaderAddress } from "../received-email-C67Z7Dha.js";
-import { DecodeRawEmailOptions, GenerateDownloadTokenOptions, HandleWebhookOptions, LEGACY_CONFIRMED_HEADER$1 as LEGACY_CONFIRMED_HEADER, LEGACY_SIGNATURE_HEADER$1 as LEGACY_SIGNATURE_HEADER, PAYLOAD_ERRORS$1 as PAYLOAD_ERRORS, PRIMITIVE_CONFIRMED_HEADER$1 as PRIMITIVE_CONFIRMED_HEADER, PRIMITIVE_SIGNATURE_HEADER$1 as PRIMITIVE_SIGNATURE_HEADER, PrimitiveWebhookError$1 as PrimitiveWebhookError, RAW_EMAIL_ERRORS$1 as RAW_EMAIL_ERRORS, RawEmailDecodeError$1 as RawEmailDecodeError, RawEmailDecodeErrorCode, ReceiveRequestOptions, STANDARD_WEBHOOK_ID_HEADER$1 as STANDARD_WEBHOOK_ID_HEADER, STANDARD_WEBHOOK_SIGNATURE_HEADER$1 as STANDARD_WEBHOOK_SIGNATURE_HEADER, STANDARD_WEBHOOK_TIMESTAMP_HEADER$1 as STANDARD_WEBHOOK_TIMESTAMP_HEADER, SignResult, StandardWebhooksSignResult, StandardWebhooksVerifyOptions, VERIFICATION_ERRORS$1 as VERIFICATION_ERRORS, VerifyDownloadTokenOptions, VerifyDownloadTokenResult, VerifyOptions, WEBHOOK_VERSION$1 as WEBHOOK_VERSION, WebhookErrorCode, WebhookHeaders, WebhookPayloadError$1 as WebhookPayloadError, WebhookPayloadErrorCode, WebhookValidationError$1 as WebhookValidationError, WebhookValidationErrorCode, WebhookVerificationError$1 as WebhookVerificationError, WebhookVerificationErrorCode, confirmedHeaders$1 as confirmedHeaders, decodeRawEmail$1 as decodeRawEmail, emailReceivedEventJsonSchema$1 as emailReceivedEventJsonSchema, generateDownloadToken$1 as generateDownloadToken, getDownloadTimeRemaining$1 as getDownloadTimeRemaining, handleWebhook$1 as handleWebhook, isDownloadExpired$1 as isDownloadExpired, isEmailReceivedEvent$1 as isEmailReceivedEvent, isRawIncluded$1 as isRawIncluded, parseWebhookEvent$1 as parseWebhookEvent, receive$1 as receive, safeValidateEmailReceivedEvent$1 as safeValidateEmailReceivedEvent, signStandardWebhooksPayload$1 as signStandardWebhooksPayload, signWebhookPayload$1 as signWebhookPayload, validateEmailAuth$1 as validateEmailAuth, validateEmailReceivedEvent$1 as validateEmailReceivedEvent, verifyDownloadToken$1 as verifyDownloadToken, verifyRawEmailDownload$1 as verifyRawEmailDownload, verifyStandardWebhooksSignature$1 as verifyStandardWebhooksSignature, verifyWebhookSignature$1 as verifyWebhookSignature } from "../index-CuuP1JkG.js";
+import { A as UnknownEvent, C as ParsedDataFailed, D as RawContentDownloadOnly, E as RawContent, M as WebhookAttachment, N as WebhookEvent, O as RawContentInline, S as ParsedDataComplete, T as ParsedStatus, _ as ForwardResultInline, a as DmarcPolicy, b as KnownWebhookEvent, c as EmailAnalysis, d as EventType, f as ForwardAnalysis, g as ForwardResultAttachmentSkipped, h as ForwardResultAttachmentAnalyzed, i as DkimSignature, j as ValidateEmailAuthResult, k as SpfResult, l as EmailAuth, m as ForwardResult, n as AuthVerdict, o as DmarcResult, p as ForwardOriginalSender, r as DkimResult, s as EmailAddress, t as AuthConfidence, u as EmailReceivedEvent, v as ForwardVerdict, w as ParsedError, x as ParsedData, y as ForwardVerification } from "../types-9vXGZjPd.js";
+import { a as buildReplySubject, c as parseHeaderAddress, i as buildForwardSubject, n as ReceivedEmailAddress, o as formatAddress, r as ReceivedEmailThread, s as normalizeReceivedEmail, t as ReceivedEmail } from "../received-email-DNjpq_Wt.js";
+import { A as VerifyOptions, B as PAYLOAD_ERRORS, C as signStandardWebhooksPayload, D as PRIMITIVE_CONFIRMED_HEADER, E as LEGACY_SIGNATURE_HEADER, F as VerifyDownloadTokenResult, G as VERIFICATION_ERRORS, H as RAW_EMAIL_ERRORS, I as generateDownloadToken, J as WebhookPayloadErrorCode, K as WebhookErrorCode, L as verifyDownloadToken, M as verifyWebhookSignature, N as GenerateDownloadTokenOptions, O as PRIMITIVE_SIGNATURE_HEADER, P as VerifyDownloadTokenOptions, Q as WebhookVerificationErrorCode, R as safeValidateEmailReceivedEvent, S as StandardWebhooksVerifyOptions, T as LEGACY_CONFIRMED_HEADER, U as RawEmailDecodeError, V as PrimitiveWebhookError, W as RawEmailDecodeErrorCode, X as WebhookValidationErrorCode, Y as WebhookValidationError, Z as WebhookVerificationError, _ as emailReceivedEventJsonSchema, a as confirmedHeaders, b as STANDARD_WEBHOOK_TIMESTAMP_HEADER, c as handleWebhook, d as isRawIncluded, f as parseWebhookEvent, g as validateEmailAuth, h as WEBHOOK_VERSION, i as WebhookHeaders, j as signWebhookPayload, k as SignResult, l as isDownloadExpired, m as verifyRawEmailDownload, n as HandleWebhookOptions, o as decodeRawEmail, p as receive, q as WebhookPayloadError, r as ReceiveRequestOptions, s as getDownloadTimeRemaining, t as DecodeRawEmailOptions, u as isEmailReceivedEvent, v as STANDARD_WEBHOOK_ID_HEADER, w as verifyStandardWebhooksSignature, x as StandardWebhooksSignResult, y as STANDARD_WEBHOOK_SIGNATURE_HEADER, z as validateEmailReceivedEvent } from "../index-CbEivn3S.js";
 export { AuthConfidence, AuthVerdict, DecodeRawEmailOptions, DkimResult, DkimSignature, DmarcPolicy, DmarcResult, EmailAddress, EmailAnalysis, EmailAuth, EmailReceivedEvent, EventType, ForwardAnalysis, ForwardOriginalSender, ForwardResult, ForwardResultAttachmentAnalyzed, ForwardResultAttachmentSkipped, ForwardResultInline, ForwardVerdict, ForwardVerification, GenerateDownloadTokenOptions, HandleWebhookOptions, KnownWebhookEvent, LEGACY_CONFIRMED_HEADER, LEGACY_SIGNATURE_HEADER, PAYLOAD_ERRORS, PRIMITIVE_CONFIRMED_HEADER, PRIMITIVE_SIGNATURE_HEADER, ParsedData, ParsedDataComplete, ParsedDataFailed, ParsedError, ParsedStatus, PrimitiveWebhookError, RAW_EMAIL_ERRORS, RawContent, RawContentDownloadOnly, RawContentInline, RawEmailDecodeError, RawEmailDecodeErrorCode, ReceiveRequestOptions, ReceivedEmail, ReceivedEmailAddress, ReceivedEmailThread, STANDARD_WEBHOOK_ID_HEADER, STANDARD_WEBHOOK_SIGNATURE_HEADER, STANDARD_WEBHOOK_TIMESTAMP_HEADER, SignResult, SpfResult, StandardWebhooksSignResult, StandardWebhooksVerifyOptions, UnknownEvent, VERIFICATION_ERRORS, ValidateEmailAuthResult, VerifyDownloadTokenOptions, VerifyDownloadTokenResult, VerifyOptions, WEBHOOK_VERSION, WebhookAttachment, WebhookErrorCode, WebhookEvent, WebhookHeaders, WebhookPayloadError, WebhookPayloadErrorCode, WebhookValidationError, WebhookValidationErrorCode, WebhookVerificationError, WebhookVerificationErrorCode, buildForwardSubject, buildReplySubject, confirmedHeaders, decodeRawEmail, emailReceivedEventJsonSchema, formatAddress, generateDownloadToken, getDownloadTimeRemaining, handleWebhook, isDownloadExpired, isEmailReceivedEvent, isRawIncluded, normalizeReceivedEmail, parseHeaderAddress, parseWebhookEvent, receive, safeValidateEmailReceivedEvent, signStandardWebhooksPayload, signWebhookPayload, validateEmailAuth, validateEmailReceivedEvent, verifyDownloadToken, verifyRawEmailDownload, verifyStandardWebhooksSignature, verifyWebhookSignature };

package/dist/webhook/index.js

@@ -1,5 +1,3 @@
-import "../address-parser-CfPHs3mE.js";
-import { buildForwardSubject, buildReplySubject, formatAddress, normalizeReceivedEmail, parseHeaderAddress } from "../received-email-Q6Cha3wc.js";
-import { AuthConfidence, AuthVerdict, DkimResult, DmarcPolicy, DmarcResult, EventType, ForwardVerdict, LEGACY_CONFIRMED_HEADER, LEGACY_SIGNATURE_HEADER, PAYLOAD_ERRORS, PRIMITIVE_CONFIRMED_HEADER, PRIMITIVE_SIGNATURE_HEADER, ParsedStatus, PrimitiveWebhookError, RAW_EMAIL_ERRORS, RawEmailDecodeError, STANDARD_WEBHOOK_ID_HEADER, STANDARD_WEBHOOK_SIGNATURE_HEADER, STANDARD_WEBHOOK_TIMESTAMP_HEADER, SpfResult, VERIFICATION_ERRORS, WEBHOOK_VERSION, WebhookPayloadError, WebhookValidationError, WebhookVerificationError, confirmedHeaders, decodeRawEmail, emailReceivedEventJsonSchema, generateDownloadToken, getDownloadTimeRemaining, handleWebhook, isDownloadExpired, isEmailReceivedEvent, isRawIncluded, parseWebhookEvent, receive, safeValidateEmailReceivedEvent, signStandardWebhooksPayload, signWebhookPayload, validateEmailAuth, validateEmailReceivedEvent, verifyDownloadToken, verifyRawEmailDownload, verifyStandardWebhooksSignature, verifyWebhookSignature } from "../webhook-2TALcBQz.js";
-
-export { AuthConfidence, AuthVerdict, DkimResult, DmarcPolicy, DmarcResult, EventType, ForwardVerdict, LEGACY_CONFIRMED_HEADER, LEGACY_SIGNATURE_HEADER, PAYLOAD_ERRORS, PRIMITIVE_CONFIRMED_HEADER, PRIMITIVE_SIGNATURE_HEADER, ParsedStatus, PrimitiveWebhookError, RAW_EMAIL_ERRORS, RawEmailDecodeError, STANDARD_WEBHOOK_ID_HEADER, STANDARD_WEBHOOK_SIGNATURE_HEADER, STANDARD_WEBHOOK_TIMESTAMP_HEADER, SpfResult, VERIFICATION_ERRORS, WEBHOOK_VERSION, WebhookPayloadError, WebhookValidationError, WebhookVerificationError, buildForwardSubject, buildReplySubject, confirmedHeaders, decodeRawEmail, emailReceivedEventJsonSchema, formatAddress, generateDownloadToken, getDownloadTimeRemaining, handleWebhook, isDownloadExpired, isEmailReceivedEvent, isRawIncluded, normalizeReceivedEmail, parseHeaderAddress, parseWebhookEvent, receive, safeValidateEmailReceivedEvent, signStandardWebhooksPayload, signWebhookPayload, validateEmailAuth, validateEmailReceivedEvent, verifyDownloadToken, verifyRawEmailDownload, verifyStandardWebhooksSignature, verifyWebhookSignature };
+import { a as parseHeaderAddress, i as normalizeReceivedEmail, n as buildReplySubject, r as formatAddress, t as buildForwardSubject } from "../received-email-D6tKtWwW.js";
+import { A as PRIMITIVE_CONFIRMED_HEADER, B as RAW_EMAIL_ERRORS, C as STANDARD_WEBHOOK_ID_HEADER, D as verifyStandardWebhooksSignature, E as signStandardWebhooksPayload, F as verifyDownloadToken, G as WebhookVerificationError, H as VERIFICATION_ERRORS, I as safeValidateEmailReceivedEvent, L as validateEmailReceivedEvent, M as signWebhookPayload, N as verifyWebhookSignature, O as LEGACY_CONFIRMED_HEADER, P as generateDownloadToken, R as PAYLOAD_ERRORS, S as emailReceivedEventJsonSchema, T as STANDARD_WEBHOOK_TIMESTAMP_HEADER, U as WebhookPayloadError, V as RawEmailDecodeError, W as WebhookValidationError, _ as DmarcResult, a as isDownloadExpired, b as ParsedStatus, c as parseWebhookEvent, d as WEBHOOK_VERSION, f as validateEmailAuth, g as DmarcPolicy, h as DkimResult, i as handleWebhook, j as PRIMITIVE_SIGNATURE_HEADER, k as LEGACY_SIGNATURE_HEADER, l as receive, m as AuthVerdict, n as decodeRawEmail, o as isEmailReceivedEvent, p as AuthConfidence, r as getDownloadTimeRemaining, s as isRawIncluded, t as confirmedHeaders, u as verifyRawEmailDownload, v as EventType, w as STANDARD_WEBHOOK_SIGNATURE_HEADER, x as SpfResult, y as ForwardVerdict, z as PrimitiveWebhookError } from "../webhook-zkN4wUTs.js";
+export { AuthConfidence, AuthVerdict, DkimResult, DmarcPolicy, DmarcResult, EventType, ForwardVerdict, LEGACY_CONFIRMED_HEADER, LEGACY_SIGNATURE_HEADER, PAYLOAD_ERRORS, PRIMITIVE_CONFIRMED_HEADER, PRIMITIVE_SIGNATURE_HEADER, ParsedStatus, PrimitiveWebhookError, RAW_EMAIL_ERRORS, RawEmailDecodeError, STANDARD_WEBHOOK_ID_HEADER, STANDARD_WEBHOOK_SIGNATURE_HEADER, STANDARD_WEBHOOK_TIMESTAMP_HEADER, SpfResult, VERIFICATION_ERRORS, WEBHOOK_VERSION, WebhookPayloadError, WebhookValidationError, WebhookVerificationError, buildForwardSubject, buildReplySubject, confirmedHeaders, decodeRawEmail, emailReceivedEventJsonSchema, formatAddress, generateDownloadToken, getDownloadTimeRemaining, handleWebhook, isDownloadExpired, isEmailReceivedEvent, isRawIncluded, normalizeReceivedEmail, parseHeaderAddress, parseWebhookEvent, receive, safeValidateEmailReceivedEvent, signStandardWebhooksPayload, signWebhookPayload, validateEmailAuth, validateEmailReceivedEvent, verifyDownloadToken, verifyRawEmailDownload, verifyStandardWebhooksSignature, verifyWebhookSignature };

package/dist/{webhook-2TALcBQz.js → webhook-zkN4wUTs.js}

@@ -1,7 +1,10 @@
-import { normalizeReceivedEmail } from "./received-email-Q6Cha3wc.js";
+import { i as normalizeReceivedEmail } from "./received-email-D6tKtWwW.js";
 import { createHash, createHmac, timingSafeEqual } from "node:crypto";
-
 //#region src/generated/email-received-event.validator.generated.ts
+/**
+* AUTO-GENERATED - DO NOT EDIT
+* Run `pnpm generate:validator` to regenerate.
+*/
 var email_received_event_validator_generated_default = validate10;
 const schema12 = {
 	"type": "object",
@@ -183,12 +186,12 @@ const schema12 = {
 	],
 	"description": "Webhook payload for the `email.received` event.\n\nThis is delivered to your webhook endpoint when Primitive receives an email matching your domain configuration."
 };
-const pattern0 = new RegExp("^evt_[a-f0-9]{64}$", "u");
-const pattern1 = new RegExp("^(?:(?:\\d{4}-(?:(?:01|03|05|07|08|10|12)-(?:0[1-9]|[12]\\d|3[01])|(?:04|06|09|11)-(?:0[1-9]|[12]\\d|30)|02-(?:0[1-9]|1\\d|2[0-8])))|(?:(?:[02468][048]00|[13579][26]00|\\d{2}(?:0[48]|[2468][048]|[13579][26]))-02-29))$", "u");
-const pattern4 = new RegExp("^https?://", "u");
+const pattern0 = /* @__PURE__ */ new RegExp("^evt_[a-f0-9]{64}$", "u");
+const pattern1 = /* @__PURE__ */ new RegExp("^(?:(?:\\d{4}-(?:(?:01|03|05|07|08|10|12)-(?:0[1-9]|[12]\\d|3[01])|(?:04|06|09|11)-(?:0[1-9]|[12]\\d|30)|02-(?:0[1-9]|1\\d|2[0-8])))|(?:(?:[02468][048]00|[13579][26]00|\\d{2}(?:0[48]|[2468][048]|[13579][26]))-02-29))$", "u");
+const pattern4 = /* @__PURE__ */ new RegExp("^https?://", "u");
 const formats0 = /^\d{4}-(?:0[1-9]|1[0-2])-(?:0[1-9]|[12]\d|3[01])[T\t ](?:[01]\d|2[0-3]):[0-5]\d:[0-5]\d(?:\.\d+)?(?:[Zz]|[+-](?:[01]\d|2[0-3]):?[0-5]\d)$/;
 const formats4 = /^(?:[a-z][a-z0-9+\-.]*:)(?:\/?\/(?:(?:[a-z0-9\-._~!$&'()*+,;=:]|%[0-9a-f]{2})*@)?(?:\[(?:(?:(?:(?:[0-9a-f]{1,4}:){6}|::(?:[0-9a-f]{1,4}:){5}|(?:[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){4}|(?:(?:[0-9a-f]{1,4}:){0,1}[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){3}|(?:(?:[0-9a-f]{1,4}:){0,2}[0-9a-f]{1,4})?::(?:[0-9a-f]{1,4}:){2}|(?:(?:[0-9a-f]{1,4}:){0,3}[0-9a-f]{1,4})?::[0-9a-f]{1,4}:|(?:(?:[0-9a-f]{1,4}:){0,4}[0-9a-f]{1,4})?::)(?:[0-9a-f]{1,4}:[0-9a-f]{1,4}|(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?))|(?:(?:[0-9a-f]{1,4}:){0,5}[0-9a-f]{1,4})?::[0-9a-f]{1,4}|(?:(?:[0-9a-f]{1,4}:){0,6}[0-9a-f]{1,4})?::)|[Vv][0-9a-f]+\.[a-z0-9\-._~!$&'()*+,;=:]+)\]|(?:(?:25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d\d?)|(?:[a-z0-9\-._~!$&'()*+,;=]|%[0-9a-f]{2})*)(?::\d*)?(?:\/(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})*)*|\/(?:(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})+(?:\/(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})*)*)?|(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})+(?:\/(?:[a-z0-9\-._~!$&'()*+,;=:@]|%[0-9a-f]{2})*)*)(?:\?(?:[a-z0-9\-._~!$&'()*+,;=:@/?]|%[0-9a-f]{2})*)?(?:#(?:[a-z0-9\-._~!$&'()*+,;=:@/?]|%[0-9a-f]{2})*)?$/i;
-const pattern2 = new RegExp("^[a-fA-F0-9]{64}$", "u");
+const pattern2 = /* @__PURE__ */ new RegExp("^[a-fA-F0-9]{64}$", "u");
 function validate12(data, { instancePath = "", parentData, parentDataProperty, rootData = data } = {}) {
 	let vErrors = null;
 	let errors = 0;
@@ -5628,7 +5631,6 @@ function validate10(data, { instancePath = "", parentData, parentDataProperty, r
 	validate10.errors = vErrors;
 	return errors === 0;
 }
-
 //#endregion
 //#region src/webhook/errors.ts
 /**
@@ -5847,7 +5849,6 @@ var RawEmailDecodeError = class extends PrimitiveWebhookError {
 		this.suggestion = RAW_EMAIL_ERRORS[code].suggestion;
 	}
 };
-
 //#endregion
 //#region src/validation.ts
 const validateSchema = email_received_event_validator_generated_default;
@@ -5871,7 +5872,7 @@ function resolveValueAtPath(input, instancePath) {
 			current = current[key];
 			continue;
 		}
-		return void 0;
+		return;
 	}
 	return current;
 }
@@ -5942,10 +5943,9 @@ function formatValidationIssue(error, input) {
 		}
 		case "format": {
 			const format = String(error.params.format ?? "unknown format");
-			const humanFormat = format === "uri" ? "valid URI" : `valid ${format}`;
 			return {
 				field,
-				message: `Invalid value for ${field}: must be a ${humanFormat}`,
+				message: `Invalid value for ${field}: must be a ${format === "uri" ? "valid URI" : `valid ${format}`}`,
 				suggestion: field.endsWith("url") ? `Check that ${fromFieldLabel(field)} is a complete URL including the scheme.` : `Check the format of ${fromFieldLabel(field)} in the webhook payload.`
 			};
 		}
@@ -5980,10 +5980,9 @@ function formatValidationIssue(error, input) {
 		}
 		case "minItems": {
 			const limit = Number(error.params.limit ?? 0);
-			const itemLabel = limit === 1 ? "item" : "items";
 			return {
 				field,
-				message: `Invalid value for ${field}: must have at least ${limit} ${itemLabel}`,
+				message: `Invalid value for ${field}: must have at least ${limit} ${limit === 1 ? "item" : "items"}`,
 				suggestion: `Add more entries to ${fromFieldLabel(field)} in the webhook payload.`
 			};
 		}
@@ -6000,22 +5999,16 @@ function formatValidationIssue(error, input) {
 				suggestion: `Check that ${fromFieldLabel(field)} meets the minimum length requirement.`
 			};
 		}
-		case "minimum": {
-			const limit = Number(error.params.limit ?? 0);
-			return {
-				field,
-				message: `Invalid value for ${field}: must be >= ${limit}`,
-				suggestion: `Check that ${fromFieldLabel(field)} meets the minimum allowed value.`
-			};
-		}
-		case "maximum": {
-			const limit = Number(error.params.limit ?? 0);
-			return {
-				field,
-				message: `Invalid value for ${field}: must be <= ${limit}`,
-				suggestion: `Check that ${fromFieldLabel(field)} stays within the maximum allowed value.`
-			};
-		}
+		case "minimum": return {
+			field,
+			message: `Invalid value for ${field}: must be >= ${Number(error.params.limit ?? 0)}`,
+			suggestion: `Check that ${fromFieldLabel(field)} meets the minimum allowed value.`
+		};
+		case "maximum": return {
+			field,
+			message: `Invalid value for ${field}: must be <= ${Number(error.params.limit ?? 0)}`,
+			suggestion: `Check that ${fromFieldLabel(field)} stays within the maximum allowed value.`
+		};
 		default: return {
 			field,
 			message: `Validation failed for ${field}: ${error.message ?? error.keyword}`,
@@ -6043,9 +6036,31 @@ function safeValidateEmailReceivedEvent(input) {
 		data: input
 	};
 }
-
 //#endregion
 //#region src/webhook/download-tokens.ts
+/**
+* Signed download tokens.
+*
+* A download token is a self-describing bearer credential for fetching a
+* specific email's raw bytes or attachment bundle from a per-deployment
+* download endpoint. It binds:
+*
+* - `email_id` — the specific email the token authorizes.
+* - `aud` — a caller-chosen audience label (e.g. the resource kind being
+*   downloaded). Tokens minted for one audience will not verify under another.
+* - `exp` — an absolute expiration time (unix seconds).
+*
+* Format: `<base64url(payload)>.<base64url(signature)>` where `signature`
+* is HMAC-SHA256 over the base64url-encoded payload using the shared secret.
+*
+* The audience is an opaque caller-chosen string. Both the issuer and the
+* verifier must agree on the exact bytes; the SDK does not prescribe a
+* convention. New integrations are encouraged to namespace audiences
+* (e.g. `primitive:raw-download`).
+*
+* Tokens are stateless: verification needs only the shared secret. Keep
+* expirations as short as operationally tolerable.
+*/
 const BASE64URL_PATTERN = /^[A-Za-z0-9_-]+$/;
 /**
 * Issue a signed download token.
@@ -6060,15 +6075,13 @@ const BASE64URL_PATTERN = /^[A-Za-z0-9_-]+$/;
 */
 function generateDownloadToken(params) {
 	const { emailId, expiresAt, audience, secret } = params;
-	const payload = {
+	const payloadJson = JSON.stringify({
 		email_id: emailId,
 		exp: expiresAt,
 		aud: audience
-	};
-	const payloadJson = JSON.stringify(payload);
+	});
 	const payloadStr = Buffer.from(payloadJson, "utf8").toString("base64url");
-	const signature = createHmac("sha256", secret).update(payloadStr).digest("base64url");
-	return `${payloadStr}.${signature}`;
+	return `${payloadStr}.${createHmac("sha256", secret).update(payloadStr).digest("base64url")}`;
 }
 /**
 * Verify a signed download token.
@@ -6132,16 +6145,17 @@ function verifyDownloadToken(params) {
 		valid: false,
 		error: "Email ID mismatch"
 	};
-	const now = nowSeconds ?? Math.floor(Date.now() / 1e3);
-	if (exp <= now) return {
+	if (exp <= (nowSeconds ?? Math.floor(Date.now() / 1e3))) return {
 		valid: false,
 		error: "Token is expired"
 	};
 	return { valid: true };
 }
-
 //#endregion
 //#region src/webhook/encoding.ts
+/**
+* Buffer encoding utilities
+*/
 const utf8Decoder = new TextDecoder("utf-8", { fatal: true });
 /**
 * Convert a Buffer to string with strict UTF-8 validation.
@@ -6162,15 +6176,28 @@ function bufferToString(buffer, label) {
 		throw new WebhookPayloadError("INVALID_ENCODING", `${label} contains invalid UTF-8 bytes`, `Ensure the ${label} is valid UTF-8 encoded text. If the data is binary, it should be base64 encoded first.`, err instanceof Error ? err : void 0);
 	}
 }
-
 //#endregion
 //#region src/webhook/signing.ts
 /**
+* Webhook HMAC Signing (Stripe-style format)
+*
+* Implements HMAC-SHA256 signature for webhook security with timestamp validation.
+* Prevents replay attacks by including timestamp in signature.
+*
+* Header format:
+*   Primitive-Signature: t=<unix_seconds>,v1=<hex_hmac_sha256>
+*
+* Signed payload format: "{timestamp}.{raw_body}"
+*
+* This format matches Stripe's webhook signature scheme, which is widely understood
+* and easy to implement in any language with ~15 lines of code.
+*/
+/**
 * WeakMap cache for computed signatures.
 * Only works for Buffer bodies (strings cannot be WeakMap keys).
 * Automatically garbage collected when Buffer is no longer referenced.
 */
-const signatureCache = new WeakMap();
+const signatureCache = /* @__PURE__ */ new WeakMap();
 /**
 * Hash a secret for cache key comparison.
 * @internal
@@ -6187,7 +6214,7 @@ const PRIMITIVE_CONFIRMED_HEADER = "X-Primitive-Confirmed";
 /** Legacy confirmed header name kept for backward compatibility */
 const LEGACY_CONFIRMED_HEADER = "X-MyMX-Confirmed";
 /** Default max age for webhook requests (5 minutes) */
-const DEFAULT_TOLERANCE_SECONDS$1 = 5 * 60;
+const DEFAULT_TOLERANCE_SECONDS$1 = 300;
 /** Future clock skew tolerance (1 minute) */
 const FUTURE_TOLERANCE_SECONDS$1 = 60;
 /** Valid hex pattern for signature verification */
@@ -6208,8 +6235,7 @@ const UNIX_SECONDS_PATTERN = /^\d+$/;
 */
 function signWebhookPayload(rawBody, secret, timestamp) {
 	const ts = timestamp ?? Math.floor(Date.now() / 1e3);
-	const body = typeof rawBody === "string" ? rawBody : bufferToString(rawBody, "rawBody");
-	const signedPayloadString = `${ts}.${body}`;
+	const signedPayloadString = `${ts}.${typeof rawBody === "string" ? rawBody : bufferToString(rawBody, "rawBody")}`;
 	const hmac = createHmac("sha256", secret);
 	hmac.update(signedPayloadString);
 	const v1 = hmac.digest("hex");
@@ -6288,8 +6314,7 @@ function verifyWebhookSignature(opts) {
 	const parsed = parseSignatureHeader(signatureHeader);
 	if (!parsed) throw new WebhookVerificationError("INVALID_SIGNATURE_HEADER", "Invalid Primitive-Signature header format. Expected: t={timestamp},v1={signature}");
 	const { timestamp, signatures } = parsed;
-	const now = nowSeconds ?? Math.floor(Date.now() / 1e3);
-	const age = now - timestamp;
+	const age = (nowSeconds ?? Math.floor(Date.now() / 1e3)) - timestamp;
 	if (age > toleranceSeconds) throw new WebhookVerificationError("TIMESTAMP_OUT_OF_RANGE", `Webhook timestamp too old (${age}s). Max age is ${toleranceSeconds}s.`);
 	if (age < -FUTURE_TOLERANCE_SECONDS$1) throw new WebhookVerificationError("TIMESTAMP_OUT_OF_RANGE", "Webhook timestamp is too far in the future. Check server clock sync.");
 	const body = typeof rawBody === "string" ? rawBody : bufferToString(rawBody, "request body");
@@ -6318,13 +6343,10 @@ function verifyWebhookSignature(opts) {
 	}
 	for (const receivedHex of signatures) {
 		if (!isValidHex(receivedHex, 64)) continue;
-		const receivedBytes = Buffer.from(receivedHex, "hex");
-		const expectedBytes = Buffer.from(expectedHex, "hex");
-		if (timingSafeEqual(receivedBytes, expectedBytes)) return true;
+		if (timingSafeEqual(Buffer.from(receivedHex, "hex"), Buffer.from(expectedHex, "hex"))) return true;
 	}
 	const reserializationHint = detectReserializedBody(body);
-	const message = reserializationHint ? `No valid signature found. ${reserializationHint}` : "No valid signature found. Verify the webhook secret matches and you're using the raw request body (not re-serialized JSON).";
-	throw new WebhookVerificationError("SIGNATURE_MISMATCH", message);
+	throw new WebhookVerificationError("SIGNATURE_MISMATCH", reserializationHint ? `No valid signature found. ${reserializationHint}` : "No valid signature found. Verify the webhook secret matches and you're using the raw request body (not re-serialized JSON).");
 }
 /**
 * Detect if a body looks like it was re-serialized by a framework.
@@ -6335,13 +6357,27 @@ function detectReserializedBody(body) {
 	if (/^\s*\{[\s\S]*\n\s{2,}/.test(body)) return "Request body appears re-serialized (pretty-printed). Use the raw request body before any JSON.parse() or JSON.stringify() calls.";
 	return null;
 }
-
 //#endregion
 //#region src/webhook/standard-webhooks.ts
+/**
+* Standard Webhooks Verification & Signing
+*
+* Implements the Standard Webhooks spec (standardwebhooks.com) for webhook
+* signature verification and payload signing.
+*
+* Header format:
+*   webhook-id: <msg_id>
+*   webhook-timestamp: <unix_seconds>
+*   webhook-signature: v1,<base64_hmac_sha256> [v1,<base64_2> ...]
+*
+* Signed payload format: "{msg_id}.{timestamp}.{raw_body}"
+*
+* Secrets are base64-encoded, optionally prefixed with "whsec_".
+*/
 const WHSEC_PREFIX = "whsec_";
 const BASE64_PATTERN$1 = /^[A-Za-z0-9+/]*={0,2}$/;
 /** Default max age for webhook requests (5 minutes) */
-const DEFAULT_TOLERANCE_SECONDS = 5 * 60;
+const DEFAULT_TOLERANCE_SECONDS = 300;
 /** Future clock skew tolerance (1 minute) */
 const FUTURE_TOLERANCE_SECONDS = 60;
 /** Standard Webhooks header names */
@@ -6362,7 +6398,7 @@ function prepareStandardWebhooksSecret(secret) {
 		return secret;
 	}
 	let keyStr = secret;
-	if (keyStr.startsWith(WHSEC_PREFIX)) keyStr = keyStr.slice(WHSEC_PREFIX.length);
+	if (keyStr.startsWith(WHSEC_PREFIX)) keyStr = keyStr.slice(6);
 	if (!keyStr || !BASE64_PATTERN$1.test(keyStr)) throw new WebhookVerificationError("MISSING_SECRET", "Standard Webhooks secret must be base64-encoded (optionally with whsec_ prefix)");
 	const decoded = Buffer.from(keyStr, "base64");
 	if (decoded.length === 0) throw new WebhookVerificationError("MISSING_SECRET", "Webhook secret is required but was empty or not provided");
@@ -6404,9 +6440,8 @@ function signStandardWebhooksPayload(rawBody, secret, msgId, timestamp) {
 	const key = prepareStandardWebhooksSecret(secret);
 	if (key.length === 0) throw new WebhookVerificationError("MISSING_SECRET", "Webhook secret is required but was empty or not provided");
 	const signedPayload = `${msgId}.${ts}.${body}`;
-	const sig = createHmac("sha256", key).update(signedPayload).digest("base64");
 	return {
-		signature: `v1,${sig}`,
+		signature: `v1,${createHmac("sha256", key).update(signedPayload).digest("base64")}`,
 		msgId,
 		timestamp: ts
 	};
@@ -6423,12 +6458,10 @@ function verifyStandardWebhooksSignature(opts) {
 	if (!timestampStr || !/^\d+$/.test(timestampStr)) throw new WebhookVerificationError("INVALID_SIGNATURE_HEADER", `Invalid webhook-timestamp header: "${timestampStr}". Expected a unix timestamp in seconds`);
 	const timestamp = Number(timestampStr);
 	if (!Number.isInteger(timestamp) || timestamp < 0) throw new WebhookVerificationError("INVALID_SIGNATURE_HEADER", `Invalid webhook-timestamp header: "${timestampStr}". Expected a unix timestamp in seconds`);
-	const now = nowSeconds ?? Math.floor(Date.now() / 1e3);
-	const age = now - timestamp;
+	const age = (nowSeconds ?? Math.floor(Date.now() / 1e3)) - timestamp;
 	if (age > toleranceSeconds) throw new WebhookVerificationError("TIMESTAMP_OUT_OF_RANGE", `Webhook timestamp too old (${age}s). Max age is ${toleranceSeconds}s.`);
 	if (age < -FUTURE_TOLERANCE_SECONDS) throw new WebhookVerificationError("TIMESTAMP_OUT_OF_RANGE", "Webhook timestamp is too far in the future. Check server clock sync.");
-	const body = typeof rawBody === "string" ? rawBody : bufferToString(rawBody, "request body");
-	const signedPayload = `${msgId}.${timestamp}.${body}`;
+	const signedPayload = `${msgId}.${timestamp}.${typeof rawBody === "string" ? rawBody : bufferToString(rawBody, "request body")}`;
 	const expectedSig = createHmac("sha256", key).update(signedPayload).digest("base64");
 	const signatures = parseStandardWebhooksSignatures(signatureHeader);
 	if (signatures.length === 0) throw new WebhookVerificationError("INVALID_SIGNATURE_HEADER", "Invalid webhook-signature header format. Expected: \"v1,<base64>\"");
@@ -6440,7 +6473,6 @@ function verifyStandardWebhooksSignature(opts) {
 	}
 	throw new WebhookVerificationError("SIGNATURE_MISMATCH", "No valid signature found. Verify the webhook secret matches and you're using the raw request body (not re-serialized JSON).");
 }
-
 //#endregion
 //#region src/schema.generated.ts
 const emailReceivedEventJsonSchema = {
@@ -7332,7 +7364,6 @@ const emailReceivedEventJsonSchema = {
 		}
 	}
 };
-
 //#endregion
 //#region src/types.ts
 const EventType = { EmailReceived: "email.received" };
@@ -7381,7 +7412,6 @@ const AuthVerdict = {
 	Suspicious: "suspicious",
 	Unknown: "unknown"
 };
-
 //#endregion
 //#region src/webhook/auth.ts
 /**
@@ -7578,7 +7608,6 @@ function validateEmailAuth(auth) {
 		reasons: ["Unable to determine email authenticity"]
 	};
 }
-
 //#endregion
 //#region src/webhook/version.ts
 /**
@@ -7594,10 +7623,13 @@ function validateEmailAuth(auth) {
 * need to handle version-specific behavior.
 */
 const WEBHOOK_VERSION = "2025-12-14";
-
 //#endregion
 //#region src/webhook/parsing.ts
 /**
+* JSON parsing utilities with helpful error messages.
+* @internal
+*/
+/**
 * Parse a raw body string/Buffer into JSON with helpful error messages.
 *
 * Handles:
@@ -7618,12 +7650,10 @@ function parseJsonBody(rawBody) {
 		return JSON.parse(cleanBody);
 	} catch (e) {
 		const jsonError = e;
-		const positionMatch = jsonError.message.match(/position\s*(\d+)/i);
-		const position = positionMatch?.[1];
+		const position = jsonError.message.match(/position\s*(\d+)/i)?.[1];
 		throw new WebhookPayloadError("JSON_PARSE_FAILED", "Failed to parse webhook body as JSON", position ? `Invalid JSON at position ${position}. Check your web framework isn't truncating the request body.` : `Invalid JSON: ${jsonError.message}. Check the raw request body is valid JSON.`, jsonError);
 	}
 }
-
 //#endregion
 //#region src/webhook/index.ts
 const BASE64_PATTERN = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/;
@@ -7818,17 +7848,13 @@ function handleWebhook(options) {
 		secret,
 		toleranceSeconds
 	});
-	else {
-		const signature = getSignatureHeader(headers);
-		verifyWebhookSignature({
-			rawBody: body,
-			signatureHeader: signature,
-			secret,
-			toleranceSeconds
-		});
-	}
-	const parsed = parseJsonBody(body);
-	return validateEmailReceivedEvent(parsed);
+	else verifyWebhookSignature({
+		rawBody: body,
+		signatureHeader: getSignatureHeader(headers),
+		secret,
+		toleranceSeconds
+	});
+	return validateEmailReceivedEvent(parseJsonBody(body));
 }
 function receive(input, options) {
 	if (input instanceof Request) return receiveFromRequest(input, options);
@@ -7836,9 +7862,8 @@ function receive(input, options) {
 }
 async function receiveFromRequest(request, options) {
 	if (!options?.secret) throw new WebhookVerificationError("MISSING_SECRET", "Webhook secret is required but was empty or not provided");
-	const body = Buffer.from(await request.arrayBuffer());
 	return normalizeReceivedEmail(handleWebhook({
-		body,
+		body: Buffer.from(await request.arrayBuffer()),
 		headers: request.headers,
 		secret: options.secret,
 		toleranceSeconds: options.toleranceSeconds
@@ -7900,8 +7925,7 @@ function confirmedHeaders() {
 * ```
 */
 function isDownloadExpired(event, now = Date.now()) {
-	const expiresAt = new Date(event.email.content.download.expires_at).getTime();
-	return now >= expiresAt;
+	return now >= new Date(event.email.content.download.expires_at).getTime();
 }
 /**
 * Get the time remaining (in milliseconds) before the download URL expires.
@@ -8016,6 +8040,5 @@ function verifyRawEmailDownload(downloaded, event) {
 	if (hash !== expected.toLowerCase()) throw new RawEmailDecodeError("HASH_MISMATCH", `SHA-256 hash mismatch. Expected: ${expected}, got: ${hash}. The downloaded content may be corrupted.`);
 	return buffer;
 }
-
 //#endregion
-export { AuthConfidence, AuthVerdict, DkimResult, DmarcPolicy, DmarcResult, EventType, ForwardVerdict, LEGACY_CONFIRMED_HEADER, LEGACY_SIGNATURE_HEADER, PAYLOAD_ERRORS, PRIMITIVE_CONFIRMED_HEADER, PRIMITIVE_SIGNATURE_HEADER, ParsedStatus, PrimitiveWebhookError, RAW_EMAIL_ERRORS, RawEmailDecodeError, STANDARD_WEBHOOK_ID_HEADER, STANDARD_WEBHOOK_SIGNATURE_HEADER, STANDARD_WEBHOOK_TIMESTAMP_HEADER, SpfResult, VERIFICATION_ERRORS, WEBHOOK_VERSION, WebhookPayloadError, WebhookValidationError, WebhookVerificationError, confirmedHeaders, decodeRawEmail, emailReceivedEventJsonSchema, generateDownloadToken, getDownloadTimeRemaining, handleWebhook, isDownloadExpired, isEmailReceivedEvent, isRawIncluded, parseWebhookEvent, receive, safeValidateEmailReceivedEvent, signStandardWebhooksPayload, signWebhookPayload, validateEmailAuth, validateEmailReceivedEvent, verifyDownloadToken, verifyRawEmailDownload, verifyStandardWebhooksSignature, verifyWebhookSignature };
+export { PRIMITIVE_CONFIRMED_HEADER as A, RAW_EMAIL_ERRORS as B, STANDARD_WEBHOOK_ID_HEADER as C, verifyStandardWebhooksSignature as D, signStandardWebhooksPayload as E, verifyDownloadToken as F, WebhookVerificationError as G, VERIFICATION_ERRORS as H, safeValidateEmailReceivedEvent as I, validateEmailReceivedEvent as L, signWebhookPayload as M, verifyWebhookSignature as N, LEGACY_CONFIRMED_HEADER as O, generateDownloadToken as P, PAYLOAD_ERRORS as R, emailReceivedEventJsonSchema as S, STANDARD_WEBHOOK_TIMESTAMP_HEADER as T, WebhookPayloadError as U, RawEmailDecodeError as V, WebhookValidationError as W, DmarcResult as _, isDownloadExpired as a, ParsedStatus as b, parseWebhookEvent as c, WEBHOOK_VERSION as d, validateEmailAuth as f, DmarcPolicy as g, DkimResult as h, handleWebhook as i, PRIMITIVE_SIGNATURE_HEADER as j, LEGACY_SIGNATURE_HEADER as k, receive as l, AuthVerdict as m, decodeRawEmail as n, isEmailReceivedEvent as o, AuthConfidence as p, getDownloadTimeRemaining as r, isRawIncluded as s, confirmedHeaders as t, verifyRawEmailDownload as u, EventType as v, STANDARD_WEBHOOK_SIGNATURE_HEADER as w, SpfResult as x, ForwardVerdict as y, PrimitiveWebhookError as z };