npm - @primitivedotdev/sdk - Versions diffs - 1.2.1 → 1.3.0 - Mend

@primitivedotdev/sdk 1.2.1 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/api/index.d.ts +2 -2
package/dist/api/index.js +3 -3
package/dist/{api-JvyzQsXn.js → api-DacG4JSU.js} +191 -1
package/dist/{index-DdSffRr0.d.ts → index-X7RsDaVi.d.ts} +311 -2
package/dist/index.d.ts +183 -3
package/dist/index.js +196 -3
package/dist/openapi/index.js +1 -1
package/dist/{operations.generated-CvXrZUzc.js → operations.generated-DSMTMcWh.js} +549 -0
package/package.json +5 -4

package/dist/index.js CHANGED Viewed

@@ -1,10 +1,203 @@
-import { c as PrimitiveApiError, n as client, r as createPrimitiveClient, t as PrimitiveClient } from "./api-JvyzQsXn.js";
+import { i as createPrimitiveClient, l as PrimitiveApiError, n as PrimitiveClient, r as client } from "./api-DacG4JSU.js";
 import { a as VERIFICATION_ERRORS, c as WebhookVerificationError, d as formatAddress, f as normalizeReceivedEmail, i as RawEmailDecodeError, l as buildForwardSubject, n as PrimitiveWebhookError, o as WebhookPayloadError, p as parseHeaderAddress, r as RAW_EMAIL_ERRORS, s as WebhookValidationError, t as PAYLOAD_ERRORS, u as buildReplySubject } from "./errors-BPJGp9I6.js";
 import { A as PRIMITIVE_CONFIRMED_HEADER, C as STANDARD_WEBHOOK_ID_HEADER, D as verifyStandardWebhooksSignature, E as signStandardWebhooksPayload, F as verifyDownloadToken, I as safeValidateEmailReceivedEvent, L as validateEmailReceivedEvent, M as signWebhookPayload, N as verifyWebhookSignature, O as LEGACY_CONFIRMED_HEADER, P as generateDownloadToken, S as emailReceivedEventJsonSchema, T as STANDARD_WEBHOOK_TIMESTAMP_HEADER, _ as DmarcResult, a as isDownloadExpired, b as ParsedStatus, c as parseWebhookEvent, d as WEBHOOK_VERSION, f as validateEmailAuth, g as DmarcPolicy, h as DkimResult, i as handleWebhook, j as PRIMITIVE_SIGNATURE_HEADER, k as LEGACY_SIGNATURE_HEADER, l as receive, m as AuthVerdict, n as decodeRawEmail, o as isEmailReceivedEvent, p as AuthConfidence, r as getDownloadTimeRemaining, s as isRawIncluded, t as confirmedHeaders, u as verifyRawEmailDownload, v as EventType, w as STANDARD_WEBHOOK_SIGNATURE_HEADER, x as SpfResult, y as ForwardVerdict } from "./webhook-BAwK8EOG.js";
+import { concat, hexToBytes, keccak256, stringToBytes } from "viem";
+//#region src/x402/sign.ts
+/**
+* x402 client-side signing.
+*
+* The payer signs an EIP-3009 `transferWithAuthorization` over the customer's
+* own key; the key never leaves them. This module derives the interaction-bound
+* nonce and assembles the EIP-712 typed data and the wire payload. The byte
+* layout here MUST match the platform verifier exactly; a normative test vector
+* (see sign.test.ts) locks the nonce derivation to the same value the server
+* recomputes.
+*/
+/** A challenge nonce is 32 bytes rendered as 64 lowercase hex chars, no 0x. */
+const CHALLENGE_NONCE_RE = /^[0-9a-f]{64}$/;
+/** Single-byte domain separator between the variable-length string fields. */
+const FIELD_SEPARATOR = new Uint8Array([0]);
+/**
+* Derive the EIP-3009 nonce bound to a specific interaction step:
+*
+*   keccak256( utf8(lower(interaction_id)) || 0x00
+*            || utf8(lower(challenge_step_id)) || 0x00
+*            || hexdecode(challenge_nonce) )
+*
+* The `0x00` separators pin the field boundaries (undelimited concatenation of
+* variable-length strings is collision-ambiguous), and the challenge nonce is
+* decoded to its 32 raw bytes before hashing. The platform recomputes this and
+* rejects a mismatch.
+*/
+function deriveEip3009Nonce(input) {
+	if (!CHALLENGE_NONCE_RE.test(input.challengeNonce)) throw new Error("challengeNonce must be exactly 64 lowercase hex chars (32 bytes), no 0x prefix");
+	return keccak256(concat([
+		stringToBytes(input.interactionId.toLowerCase()),
+		FIELD_SEPARATOR,
+		stringToBytes(input.challengeStepId.toLowerCase()),
+		FIELD_SEPARATOR,
+		hexToBytes(`0x${input.challengeNonce}`)
+	]));
+}
+/**
+* The EIP-3009 `TransferWithAuthorization` EIP-712 type. The field order and
+* types are part of the on-chain contract and MUST NOT change.
+*/
+const TRANSFER_WITH_AUTHORIZATION_TYPES = { TransferWithAuthorization: [
+	{
+		name: "from",
+		type: "address"
+	},
+	{
+		name: "to",
+		type: "address"
+	},
+	{
+		name: "value",
+		type: "uint256"
+	},
+	{
+		name: "validAfter",
+		type: "uint256"
+	},
+	{
+		name: "validBefore",
+		type: "uint256"
+	},
+	{
+		name: "nonce",
+		type: "bytes32"
+	}
+] };
+function transferWithAuthorizationTypedData(domain, auth) {
+	return {
+		domain: {
+			name: domain.name,
+			version: domain.version,
+			chainId: domain.chainId,
+			verifyingContract: domain.verifyingContract
+		},
+		types: TRANSFER_WITH_AUTHORIZATION_TYPES,
+		primaryType: "TransferWithAuthorization",
+		message: auth
+	};
+}
+/** Assemble the wire payload from a signed authorization. */
+function toPaymentPayload(network, auth, signature) {
+	return {
+		x402Version: 1,
+		scheme: "exact",
+		network,
+		payload: {
+			signature,
+			authorization: {
+				from: auth.from,
+				to: auth.to,
+				value: auth.value.toString(),
+				validAfter: auth.validAfter.toString(),
+				validBefore: auth.validBefore.toString(),
+				nonce: auth.nonce
+			}
+		}
+	};
+}
+//#endregion
+//#region src/x402/client.ts
+const CHAIN_IDS = {
+	"base-sepolia": 84532,
+	base: 8453
+};
+const CLOCK_SKEW_SEC = 300;
+const SETTLEMENT_MARGIN_SEC = 300;
+const DEFAULT_BASE_URL = "https://api.primitive.dev";
+var X402Error = class extends Error {
+	status;
+	body;
+	constructor(message, status, body) {
+		super(message);
+		this.name = "X402Error";
+		this.status = status;
+		this.body = body;
+	}
+};
+var X402Client = class {
+	#apiKey;
+	#baseUrl;
+	#fetch;
+	constructor(options = {}) {
+		this.#apiKey = options.apiKey ?? process.env.PRIMITIVE_API_KEY ?? "";
+		this.#baseUrl = (options.baseUrl ?? DEFAULT_BASE_URL).replace(/\/+$/, "");
+		this.#fetch = options.fetch ?? fetch;
+	}
+	async #request(method, path, body) {
+		const res = await this.#fetch(`${this.#baseUrl}${path}`, {
+			method,
+			headers: {
+				authorization: `Bearer ${this.#apiKey}`,
+				"content-type": "application/json"
+			},
+			body: body === void 0 ? void 0 : JSON.stringify(body)
+		});
+		const json = await res.json().catch(() => ({}));
+		if (!res.ok || json.success === false) throw new X402Error(json.error?.message ?? `request failed with ${res.status}`, res.status, json);
+		return json.data ?? json;
+	}
+	/** Request a payment (payee side). Returns the challenge to hand to the payer. */
+	charge(input) {
+		const body = {
+			amount: input.amount,
+			network: input.network ?? "base-sepolia"
+		};
+		if (input.payerOrg) body.payer_org = input.payerOrg;
+		if (input.description) body.description = input.description;
+		if (input.resource) body.resource = input.resource;
+		if (input.expiresIn !== void 0) body.expires_in = input.expiresIn;
+		return this.#request("POST", "/v1/x402/challenges", body);
+	}
+	/**
+	* Pay a challenge (payer side). Derives the interaction-bound authorization,
+	* signs it locally with the caller's key, and submits it for settlement.
+	*/
+	async pay(challenge, options) {
+		const chainId = CHAIN_IDS[challenge.network];
+		if (chainId === void 0) throw new X402Error(`unsupported network: ${challenge.network}`, 0);
+		const pr = challenge.payment_requirements;
+		const nonce = deriveEip3009Nonce({
+			interactionId: challenge.nonce_binding.interaction_id,
+			challengeStepId: challenge.nonce_binding.challenge_step_id,
+			challengeNonce: challenge.nonce_binding.challenge_nonce
+		});
+		const nowSec = Math.floor(Date.now() / 1e3);
+		const expiresAtMs = Date.parse(challenge.expires_at);
+		if (Number.isNaN(expiresAtMs)) throw new X402Error(`challenge has an invalid expires_at: ${challenge.expires_at}`, 0);
+		const expiresAtSec = Math.floor(expiresAtMs / 1e3);
+		const auth = {
+			from: options.signer.address,
+			to: pr.payTo,
+			value: BigInt(pr.maxAmountRequired),
+			validAfter: BigInt(nowSec - CLOCK_SKEW_SEC),
+			validBefore: BigInt(expiresAtSec + SETTLEMENT_MARGIN_SEC),
+			nonce
+		};
+		const signature = await options.signer.signTypedData(transferWithAuthorizationTypedData({
+			name: pr.extra.name,
+			version: pr.extra.version,
+			chainId,
+			verifyingContract: pr.asset
+		}, auth));
+		return this.#request("POST", `/v1/x402/challenges/${challenge.id}/pay`, { payment: toPaymentPayload(challenge.network, auth, signature) });
+	}
+};
+function createX402Client(options = {}) {
+	return new X402Client(options);
+}
+//#endregion
 //#region src/index.ts
 const primitive = {
 	client,
-	receive
+	receive,
+	/** Construct an x402 payments client. See `X402Client`. */
+	x402: createX402Client
 };
 //#endregion
-export { AuthConfidence, AuthVerdict, DkimResult, DmarcPolicy, DmarcResult, EventType, ForwardVerdict, LEGACY_CONFIRMED_HEADER, LEGACY_SIGNATURE_HEADER, PAYLOAD_ERRORS, PRIMITIVE_CONFIRMED_HEADER, PRIMITIVE_SIGNATURE_HEADER, ParsedStatus, PrimitiveApiError, PrimitiveClient, PrimitiveWebhookError, RAW_EMAIL_ERRORS, RawEmailDecodeError, STANDARD_WEBHOOK_ID_HEADER, STANDARD_WEBHOOK_SIGNATURE_HEADER, STANDARD_WEBHOOK_TIMESTAMP_HEADER, SpfResult, VERIFICATION_ERRORS, WEBHOOK_VERSION, WebhookPayloadError, WebhookValidationError, WebhookVerificationError, buildForwardSubject, buildReplySubject, client, confirmedHeaders, createPrimitiveClient, decodeRawEmail, primitive as default, emailReceivedEventJsonSchema, formatAddress, generateDownloadToken, getDownloadTimeRemaining, handleWebhook, isDownloadExpired, isEmailReceivedEvent, isRawIncluded, normalizeReceivedEmail, parseHeaderAddress, parseWebhookEvent, receive, safeValidateEmailReceivedEvent, signStandardWebhooksPayload, signWebhookPayload, validateEmailAuth, validateEmailReceivedEvent, verifyDownloadToken, verifyRawEmailDownload, verifyStandardWebhooksSignature, verifyWebhookSignature };
+export { AuthConfidence, AuthVerdict, DkimResult, DmarcPolicy, DmarcResult, EventType, ForwardVerdict, LEGACY_CONFIRMED_HEADER, LEGACY_SIGNATURE_HEADER, PAYLOAD_ERRORS, PRIMITIVE_CONFIRMED_HEADER, PRIMITIVE_SIGNATURE_HEADER, ParsedStatus, PrimitiveApiError, PrimitiveClient, PrimitiveWebhookError, RAW_EMAIL_ERRORS, RawEmailDecodeError, STANDARD_WEBHOOK_ID_HEADER, STANDARD_WEBHOOK_SIGNATURE_HEADER, STANDARD_WEBHOOK_TIMESTAMP_HEADER, SpfResult, VERIFICATION_ERRORS, WEBHOOK_VERSION, WebhookPayloadError, WebhookValidationError, WebhookVerificationError, X402Client, X402Error, buildForwardSubject, buildReplySubject, client, confirmedHeaders, createPrimitiveClient, createX402Client, decodeRawEmail, primitive as default, deriveEip3009Nonce, emailReceivedEventJsonSchema, formatAddress, generateDownloadToken, getDownloadTimeRemaining, handleWebhook, isDownloadExpired, isEmailReceivedEvent, isRawIncluded, normalizeReceivedEmail, parseHeaderAddress, parseWebhookEvent, receive, safeValidateEmailReceivedEvent, signStandardWebhooksPayload, signWebhookPayload, validateEmailAuth, validateEmailReceivedEvent, verifyDownloadToken, verifyRawEmailDownload, verifyStandardWebhooksSignature, verifyWebhookSignature };

package/dist/openapi/index.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import { n as openapiDocument, t as operationManifest } from "../operations.generated-CvXrZUzc.js";
+import { n as openapiDocument, t as operationManifest } from "../operations.generated-DSMTMcWh.js";
 export { openapiDocument, operationManifest };