@proxy-checkout/server-js 0.0.1 → 0.0.3-pr-76.12.1

package/dist/webhook-events.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Canonical outbound Proxy webhook event types and predicates.
+ *
+ * These mirror the event types the Proxy API can deliver to merchant webhook
+ * endpoints. Use the predicates instead of comparing raw strings so customer
+ * integration code does not encode the event taxonomy by hand.
+ */
+export declare const PROXY_WEBHOOK_EVENT_TYPES: {
+    readonly paymentAttemptCancelled: "payment_attempt.cancelled";
+    readonly paymentAttemptFailed: "payment_attempt.failed";
+    readonly paymentAttemptSucceeded: "payment_attempt.succeeded";
+    readonly sessionCancelled: "proxy_session.cancelled";
+    readonly sessionExpired: "proxy_session.expired";
+    readonly sessionFailed: "proxy_session.failed";
+    readonly sessionMerchantActionRequired: "proxy_session.merchant_action_required";
+    readonly sessionPaid: "proxy_session.paid";
+    readonly sessionProvisionable: "proxy_session.provisionable";
+    readonly subscriptionCancelled: "subscription.cancelled";
+    readonly subscriptionCancelScheduled: "subscription.cancel_scheduled";
+    readonly subscriptionPaymentFailed: "subscription.payment_failed";
+    readonly subscriptionRenewed: "subscription.renewed";
+};
+export type ProxyWebhookEventType = (typeof PROXY_WEBHOOK_EVENT_TYPES)[keyof typeof PROXY_WEBHOOK_EVENT_TYPES];
+/** True for `proxy_session.*` events. */
+export declare function isProxySessionEvent(eventType: string): boolean;
+/** True for `subscription.*` events. */
+export declare function isProxySubscriptionEvent(eventType: string): boolean;
+/** True for `payment_attempt.*` events. */
+export declare function isProxyPaymentAttemptEvent(eventType: string): boolean;

package/dist/webhook-events.js

@@ -0,0 +1,53 @@
+/**
+ * Canonical outbound Proxy webhook event types and predicates.
+ *
+ * These mirror the event types the Proxy API can deliver to merchant webhook
+ * endpoints. Use the predicates instead of comparing raw strings so customer
+ * integration code does not encode the event taxonomy by hand.
+ */
+export const PROXY_WEBHOOK_EVENT_TYPES = {
+    paymentAttemptCancelled: "payment_attempt.cancelled",
+    paymentAttemptFailed: "payment_attempt.failed",
+    paymentAttemptSucceeded: "payment_attempt.succeeded",
+    sessionCancelled: "proxy_session.cancelled",
+    sessionExpired: "proxy_session.expired",
+    sessionFailed: "proxy_session.failed",
+    sessionMerchantActionRequired: "proxy_session.merchant_action_required",
+    sessionPaid: "proxy_session.paid",
+    sessionProvisionable: "proxy_session.provisionable",
+    subscriptionCancelled: "subscription.cancelled",
+    subscriptionCancelScheduled: "subscription.cancel_scheduled",
+    subscriptionPaymentFailed: "subscription.payment_failed",
+    subscriptionRenewed: "subscription.renewed",
+};
+const SESSION_EVENT_TYPES = new Set([
+    PROXY_WEBHOOK_EVENT_TYPES.sessionCancelled,
+    PROXY_WEBHOOK_EVENT_TYPES.sessionExpired,
+    PROXY_WEBHOOK_EVENT_TYPES.sessionFailed,
+    PROXY_WEBHOOK_EVENT_TYPES.sessionMerchantActionRequired,
+    PROXY_WEBHOOK_EVENT_TYPES.sessionPaid,
+    PROXY_WEBHOOK_EVENT_TYPES.sessionProvisionable,
+]);
+const SUBSCRIPTION_EVENT_TYPES = new Set([
+    PROXY_WEBHOOK_EVENT_TYPES.subscriptionCancelScheduled,
+    PROXY_WEBHOOK_EVENT_TYPES.subscriptionCancelled,
+    PROXY_WEBHOOK_EVENT_TYPES.subscriptionPaymentFailed,
+    PROXY_WEBHOOK_EVENT_TYPES.subscriptionRenewed,
+]);
+const PAYMENT_ATTEMPT_EVENT_TYPES = new Set([
+    PROXY_WEBHOOK_EVENT_TYPES.paymentAttemptCancelled,
+    PROXY_WEBHOOK_EVENT_TYPES.paymentAttemptFailed,
+    PROXY_WEBHOOK_EVENT_TYPES.paymentAttemptSucceeded,
+]);
+/** True for `proxy_session.*` events. */
+export function isProxySessionEvent(eventType) {
+    return SESSION_EVENT_TYPES.has(eventType);
+}
+/** True for `subscription.*` events. */
+export function isProxySubscriptionEvent(eventType) {
+    return SUBSCRIPTION_EVENT_TYPES.has(eventType);
+}
+/** True for `payment_attempt.*` events. */
+export function isProxyPaymentAttemptEvent(eventType) {
+    return PAYMENT_ATTEMPT_EVENT_TYPES.has(eventType);
+}

package/dist/webhook-handler.d.ts

@@ -0,0 +1,84 @@
+/**
+ * Server SDK webhook delivery handler.
+ *
+ * `handle` turns a verified Proxy webhook into a current-state lifecycle
+ * decision and runs the merchant's entitlement callback, with optional
+ * idempotency via a pluggable {@link ProxyWebhookStore}. It owns signature
+ * verification, duplicate/in-flight handling, retryable responses, and
+ * current-state retrieval so customer webhook routes stay tiny.
+ */
+import type { ProxyEventsResource, ResolvedProxyEvent, ResolvedProxyEventKind } from "./events.js";
+import { type ProxyWebhookEvent } from "./webhooks.js";
+/** Seconds advertised in `Retry-After` when an event is already in flight. */
+export declare const PROXY_WEBHOOK_RETRY_AFTER_SECONDS = 30;
+export type ProxyWebhookClaimResult = "claimed" | "duplicate" | "processing";
+export type ProxyWebhookOutcome = "duplicate" | "ignored" | "processed" | "processing";
+/** Compact, lifecycle-free audit record handed to a {@link ProxyWebhookStore}. */
+export interface ProxyWebhookProcessRecord {
+    readonly kind: ResolvedProxyEventKind;
+    readonly sessionId: string | null;
+    readonly subscriptionId: string | null;
+}
+/**
+ * Optional merchant-owned idempotency/audit store. The handler treats already
+ * processed events as success and concurrently in-flight events as retryable;
+ * it never classifies lifecycle itself.
+ */
+export interface ProxyWebhookStore {
+    /** Atomically claim an event id. Return "duplicate" if already processed, "processing" if in flight. */
+    claim(event: ProxyWebhookEvent): Promise<ProxyWebhookClaimResult> | ProxyWebhookClaimResult;
+    /** Mark a claimed event failed so it can be retried/reclaimed. */
+    markFailed(eventId: string, error: unknown): Promise<void> | void;
+    /** Mark a claimed event processed (idempotency commit). */
+    markProcessed(eventId: string, record: ProxyWebhookProcessRecord): Promise<void> | void;
+}
+export interface ProxyWebhookPayloadInput {
+    readonly body: Buffer | string;
+    readonly signature?: string | null;
+}
+/** A web `Request` (Next route handler, Hono, Cloudflare Worker) or an explicit body/signature pair (Express/Node). */
+export type ProxyWebhookRequestInput = ProxyWebhookPayloadInput | Request;
+export interface ProxyWebhookHandlerOptions {
+    /** Merchant entitlement callback, invoked once per claimed event after current-state resolution. */
+    readonly onResolved: (resolved: ResolvedProxyEvent) => Promise<void> | void;
+    /** Optional request id forwarded to the current-state retrieval calls. */
+    readonly requestId?: string;
+    /** Endpoint signing secret. */
+    readonly secret: string;
+    /** Optional idempotency/audit store. Omit for at-least-once delivery with idempotent fulfillment. */
+    readonly store?: ProxyWebhookStore;
+    /** Signature timestamp tolerance in seconds (default 300). */
+    readonly toleranceSeconds?: number;
+}
+export interface ProxyWebhookProcessResult {
+    readonly event: ProxyWebhookEvent;
+    readonly outcome: ProxyWebhookOutcome;
+    readonly resolved: ResolvedProxyEvent | null;
+    readonly retryable: boolean;
+    readonly statusCode: number;
+}
+export declare class ProxyWebhooksResource {
+    private readonly events;
+    constructor(events: ProxyEventsResource);
+    /** Low-level: verify + construct the event without resolving lifecycle. */
+    constructEvent(input: {
+        body: Buffer | string;
+        header: string | null | undefined;
+        secret: string;
+        toleranceSeconds?: number;
+    }): ProxyWebhookEvent;
+    /**
+     * Framework-agnostic processing. Verifies the signature, applies the store,
+     * resolves current state, runs `onResolved`, and returns response metadata.
+     * Throws {@link ProxyWebhookSignatureVerificationError} on a bad signature so
+     * non-Response frameworks (Express) can map it to 400.
+     */
+    process(input: ProxyWebhookRequestInput, options: ProxyWebhookHandlerOptions): Promise<ProxyWebhookProcessResult>;
+    /**
+     * Turnkey handler for web `Request` frameworks. Returns a `Response` with the
+     * right status (200 success/duplicate, 409 + `Retry-After` in flight, 400 on
+     * bad signature). Re-throws merchant `onResolved` errors so the platform can
+     * surface a 500 and Proxy retries.
+     */
+    handle(input: ProxyWebhookRequestInput, options: ProxyWebhookHandlerOptions): Promise<Response>;
+}

package/dist/webhook-handler.js

@@ -0,0 +1,154 @@
+/**
+ * Server SDK webhook delivery handler.
+ *
+ * `handle` turns a verified Proxy webhook into a current-state lifecycle
+ * decision and runs the merchant's entitlement callback, with optional
+ * idempotency via a pluggable {@link ProxyWebhookStore}. It owns signature
+ * verification, duplicate/in-flight handling, retryable responses, and
+ * current-state retrieval so customer webhook routes stay tiny.
+ */
+import { constructProxyWebhookEvent, PROXY_SIGNATURE_HEADER, ProxyWebhookSignatureVerificationError, } from "./webhooks.js";
+/** Seconds advertised in `Retry-After` when an event is already in flight. */
+export const PROXY_WEBHOOK_RETRY_AFTER_SECONDS = 30;
+export class ProxyWebhooksResource {
+    events;
+    constructor(events) {
+        this.events = events;
+    }
+    /** Low-level: verify + construct the event without resolving lifecycle. */
+    constructEvent(input) {
+        return constructProxyWebhookEvent(input);
+    }
+    /**
+     * Framework-agnostic processing. Verifies the signature, applies the store,
+     * resolves current state, runs `onResolved`, and returns response metadata.
+     * Throws {@link ProxyWebhookSignatureVerificationError} on a bad signature so
+     * non-Response frameworks (Express) can map it to 400.
+     */
+    async process(input, options) {
+        const { body, signature } = await readWebhookPayload(input);
+        const event = constructProxyWebhookEvent({
+            body,
+            header: signature,
+            secret: options.secret,
+            toleranceSeconds: options.toleranceSeconds,
+        });
+        const { store } = options;
+        if (store !== undefined) {
+            const claim = await store.claim(event);
+            if (claim === "duplicate") {
+                return {
+                    event,
+                    outcome: "duplicate",
+                    resolved: null,
+                    retryable: false,
+                    statusCode: 200,
+                };
+            }
+            if (claim === "processing") {
+                return {
+                    event,
+                    outcome: "processing",
+                    resolved: null,
+                    retryable: true,
+                    statusCode: 409,
+                };
+            }
+        }
+        let resolved;
+        try {
+            resolved = await this.events.resolveCurrentState(event, { requestId: options.requestId });
+            await options.onResolved(resolved);
+        }
+        catch (error) {
+            if (store !== undefined) {
+                await store.markFailed(event.id, error);
+            }
+            throw error;
+        }
+        if (store !== undefined) {
+            await store.markProcessed(event.id, toProcessRecord(resolved));
+        }
+        return {
+            event,
+            outcome: resolved.kind === "ignored" ? "ignored" : "processed",
+            resolved,
+            retryable: false,
+            statusCode: 200,
+        };
+    }
+    /**
+     * Turnkey handler for web `Request` frameworks. Returns a `Response` with the
+     * right status (200 success/duplicate, 409 + `Retry-After` in flight, 400 on
+     * bad signature). Re-throws merchant `onResolved` errors so the platform can
+     * surface a 500 and Proxy retries.
+     */
+    async handle(input, options) {
+        let result;
+        try {
+            result = await this.process(input, options);
+        }
+        catch (error) {
+            if (error instanceof ProxyWebhookSignatureVerificationError) {
+                return jsonResponse(400, {
+                    error: { code: "invalid_signature", message: error.message },
+                });
+            }
+            throw error;
+        }
+        return toWebhookResponse(result);
+    }
+}
+function toWebhookResponse(result) {
+    const headers = { "content-type": "application/json" };
+    if (result.retryable) {
+        headers["retry-after"] = String(PROXY_WEBHOOK_RETRY_AFTER_SECONDS);
+    }
+    return new Response(JSON.stringify({ ok: !result.retryable, outcome: result.outcome }), {
+        headers,
+        status: result.statusCode,
+    });
+}
+function jsonResponse(status, body) {
+    return new Response(JSON.stringify(body), {
+        headers: { "content-type": "application/json" },
+        status,
+    });
+}
+function toProcessRecord(resolved) {
+    switch (resolved.kind) {
+        case "ignored":
+            return {
+                kind: resolved.kind,
+                sessionId: resolved.sessionId,
+                subscriptionId: resolved.subscriptionId,
+            };
+        case "terminal_session":
+            return { kind: resolved.kind, sessionId: resolved.session.id, subscriptionId: null };
+        case "initial_provision":
+            return {
+                kind: resolved.kind,
+                sessionId: resolved.session.id,
+                subscriptionId: resolved.subscription?.id ?? null,
+            };
+        default:
+            return {
+                kind: resolved.kind,
+                sessionId: resolved.session.id,
+                subscriptionId: resolved.subscription.id,
+            };
+    }
+}
+async function readWebhookPayload(input) {
+    if (isFetchRequest(input)) {
+        return {
+            body: await input.text(),
+            signature: input.headers.get(PROXY_SIGNATURE_HEADER),
+        };
+    }
+    const body = typeof input.body === "string" ? input.body : input.body.toString("utf8");
+    return { body, signature: input.signature ?? null };
+}
+function isFetchRequest(input) {
+    return typeof input.text === "function";
+}

package/dist/webhooks.d.ts

@@ -0,0 +1,84 @@
+import type { ProxyCheckoutHttpClient } from "./http-client.js";
+import type { JsonObject, ProxyCheckoutServerRequestOptions } from "./types.js";
+export interface WebhookEndpoint {
+    readonly createdAt: string;
+    readonly eventSchemaVersion: string;
+    readonly eventTypes: string[] | null;
+    readonly id: string;
+    readonly previousSigningSecretExpiresAt: string | null;
+    readonly status: string;
+    readonly updatedAt: string;
+    readonly url: string;
+}
+export interface CreateWebhookEndpointInput extends ProxyCheckoutServerRequestOptions {
+    readonly eventTypes?: string[];
+    readonly url: string;
+}
+export interface UpdateWebhookEndpointInput extends ProxyCheckoutServerRequestOptions {
+    readonly eventTypes?: string[];
+    readonly status?: "active" | "inactive";
+    readonly url?: string;
+}
+export interface RotateWebhookEndpointSecretInput extends ProxyCheckoutServerRequestOptions {
+    readonly previousSigningSecretExpiresAt: Date | string;
+}
+export interface WebhookEndpointSecretResult {
+    readonly signingSecret: string;
+    readonly webhookEndpoint: WebhookEndpoint;
+}
+export interface VerifyProxyWebhookSignatureInput {
+    readonly body: Buffer | string;
+    readonly header: string | null | undefined;
+    readonly secret: string;
+    readonly toleranceSeconds?: number;
+}
+export interface ConstructProxyWebhookEventInput extends VerifyProxyWebhookSignatureInput {
+}
+export interface ProxyWebhookEvent {
+    readonly data: JsonObject;
+    readonly id: string;
+    readonly schemaVersion: string;
+    readonly type: string;
+}
+export declare const PROXY_SIGNATURE_HEADER = "proxy-signature";
+/** Raised when a webhook payload fails signature verification. */
+export declare class ProxyWebhookSignatureVerificationError extends Error {
+    readonly name = "ProxyWebhookSignatureVerificationError";
+}
+export declare const proxyCheckoutWebhookEndpointEndpoints: readonly [{
+    readonly method: "GET";
+    readonly operation: "webhookEndpoints.list";
+    readonly path: "/webhook_endpoints";
+}, {
+    readonly method: "POST";
+    readonly operation: "webhookEndpoints.create";
+    readonly path: "/webhook_endpoints";
+}, {
+    readonly method: "GET";
+    readonly operation: "webhookEndpoints.get";
+    readonly path: "/webhook_endpoints/:id";
+}, {
+    readonly method: "PATCH";
+    readonly operation: "webhookEndpoints.update";
+    readonly path: "/webhook_endpoints/:id";
+}, {
+    readonly method: "POST";
+    readonly operation: "webhookEndpoints.archive";
+    readonly path: "/webhook_endpoints/:id/archive";
+}, {
+    readonly method: "POST";
+    readonly operation: "webhookEndpoints.rotateSecret";
+    readonly path: "/webhook_endpoints/:id/rotate_secret";
+}];
+export declare class ProxyWebhookEndpointsResource {
+    private readonly httpClient;
+    constructor(httpClient: ProxyCheckoutHttpClient);
+    list(options?: ProxyCheckoutServerRequestOptions): Promise<WebhookEndpoint[]>;
+    create(input: CreateWebhookEndpointInput): Promise<WebhookEndpointSecretResult>;
+    get(webhookEndpointId: string, options?: ProxyCheckoutServerRequestOptions): Promise<WebhookEndpoint>;
+    update(webhookEndpointId: string, input: UpdateWebhookEndpointInput): Promise<WebhookEndpoint>;
+    archive(webhookEndpointId: string, options?: ProxyCheckoutServerRequestOptions): Promise<WebhookEndpoint>;
+    rotateSecret(webhookEndpointId: string, input: RotateWebhookEndpointSecretInput): Promise<WebhookEndpointSecretResult>;
+}
+export declare function verifyProxyWebhookSignature(input: VerifyProxyWebhookSignatureInput): boolean;
+export declare function constructProxyWebhookEvent(input: ConstructProxyWebhookEventInput): ProxyWebhookEvent;

package/dist/webhooks.js

@@ -0,0 +1,175 @@
+import { createHmac, timingSafeEqual } from "node:crypto";
+import { requireStringArrayOrNull as readStringArrayOrNull, requireNullableString as readStringOrNull, requireJsonObject, requireString, } from "./response-validators.js";
+export const PROXY_SIGNATURE_HEADER = "proxy-signature";
+/** Raised when a webhook payload fails signature verification. */
+export class ProxyWebhookSignatureVerificationError extends Error {
+    name = "ProxyWebhookSignatureVerificationError";
+}
+export const proxyCheckoutWebhookEndpointEndpoints = [
+    {
+        method: "GET",
+        operation: "webhookEndpoints.list",
+        path: "/webhook_endpoints",
+    },
+    {
+        method: "POST",
+        operation: "webhookEndpoints.create",
+        path: "/webhook_endpoints",
+    },
+    {
+        method: "GET",
+        operation: "webhookEndpoints.get",
+        path: "/webhook_endpoints/:id",
+    },
+    {
+        method: "PATCH",
+        operation: "webhookEndpoints.update",
+        path: "/webhook_endpoints/:id",
+    },
+    {
+        method: "POST",
+        operation: "webhookEndpoints.archive",
+        path: "/webhook_endpoints/:id/archive",
+    },
+    {
+        method: "POST",
+        operation: "webhookEndpoints.rotateSecret",
+        path: "/webhook_endpoints/:id/rotate_secret",
+    },
+];
+export class ProxyWebhookEndpointsResource {
+    httpClient;
+    constructor(httpClient) {
+        this.httpClient = httpClient;
+    }
+    async list(options = {}) {
+        const response = await this.httpClient.request("GET", "/webhook_endpoints", undefined, options);
+        const body = requireJsonObject(response, "webhookEndpoints.list");
+        const endpoints = body.webhook_endpoints;
+        if (!Array.isArray(endpoints)) {
+            throw new Error("Proxy API response field webhookEndpoints.list.webhookEndpoints must be an array.");
+        }
+        return endpoints.map(toWebhookEndpoint);
+    }
+    async create(input) {
+        const response = await this.httpClient.request("POST", "/webhook_endpoints", toWebhookEndpointBody(input), { requestId: input.requestId });
+        return toWebhookEndpointSecretResult(response, "webhookEndpoints.create");
+    }
+    async get(webhookEndpointId, options = {}) {
+        const response = await this.httpClient.request("GET", `/webhook_endpoints/${encodeURIComponent(webhookEndpointId)}`, undefined, options);
+        return toWebhookEndpointEnvelope(response, "webhookEndpoints.get");
+    }
+    async update(webhookEndpointId, input) {
+        const response = await this.httpClient.request("PATCH", `/webhook_endpoints/${encodeURIComponent(webhookEndpointId)}`, toWebhookEndpointBody(input), { requestId: input.requestId });
+        return toWebhookEndpointEnvelope(response, "webhookEndpoints.update");
+    }
+    async archive(webhookEndpointId, options = {}) {
+        const response = await this.httpClient.request("POST", `/webhook_endpoints/${encodeURIComponent(webhookEndpointId)}/archive`, undefined, options);
+        return toWebhookEndpointEnvelope(response, "webhookEndpoints.archive");
+    }
+    async rotateSecret(webhookEndpointId, input) {
+        const response = await this.httpClient.request("POST", `/webhook_endpoints/${encodeURIComponent(webhookEndpointId)}/rotate_secret`, {
+            previous_signing_secret_expires_at: input.previousSigningSecretExpiresAt instanceof Date
+                ? input.previousSigningSecretExpiresAt.toISOString()
+                : input.previousSigningSecretExpiresAt,
+        }, { requestId: input.requestId });
+        return toWebhookEndpointSecretResult(response, "webhookEndpoints.rotateSecret");
+    }
+}
+export function verifyProxyWebhookSignature(input) {
+    const parsed = parseSignatureHeader(input.header);
+    if (!parsed) {
+        return false;
+    }
+    const toleranceSeconds = input.toleranceSeconds ?? 300;
+    const nowSeconds = Math.floor(Date.now() / 1000);
+    if (Math.abs(nowSeconds - parsed.timestamp) > toleranceSeconds) {
+        return false;
+    }
+    const body = typeof input.body === "string" ? input.body : input.body.toString("utf8");
+    const expected = createHmac("sha256", input.secret)
+        .update(`${parsed.timestamp}.${body}`)
+        .digest("hex");
+    return parsed.signatures.some((signature) => timingSafeEqualString(expected, signature));
+}
+export function constructProxyWebhookEvent(input) {
+    if (!verifyProxyWebhookSignature(input)) {
+        throw new ProxyWebhookSignatureVerificationError("Proxy webhook signature verification failed.");
+    }
+    const body = typeof input.body === "string" ? input.body : input.body.toString("utf8");
+    let parsed;
+    try {
+        parsed = JSON.parse(body);
+    }
+    catch {
+        throw new Error("Proxy webhook body must be valid JSON.");
+    }
+    const event = requireJsonObject(parsed, "webhookEvent");
+    return {
+        data: requireJsonObject(event.data, "webhookEvent.data"),
+        id: requireString(event.id, "webhookEvent.id"),
+        schemaVersion: requireString(event.schema_version, "webhookEvent.schemaVersion"),
+        type: requireString(event.type, "webhookEvent.type"),
+    };
+}
+function toWebhookEndpointBody(input) {
+    return {
+        ...(input.eventTypes === undefined ? {} : { event_types: input.eventTypes }),
+        ...(input.status === undefined ? {} : { status: input.status }),
+        ...(input.url === undefined ? {} : { url: input.url }),
+    };
+}
+function toWebhookEndpointSecretResult(response, operation) {
+    const body = requireJsonObject(response, operation);
+    return {
+        signingSecret: requireString(body.signing_secret, `${operation}.signingSecret`),
+        webhookEndpoint: toWebhookEndpoint(body.webhook_endpoint),
+    };
+}
+function toWebhookEndpointEnvelope(response, operation) {
+    const body = requireJsonObject(response, operation);
+    return toWebhookEndpoint(body.webhook_endpoint);
+}
+function toWebhookEndpoint(value) {
+    const body = requireJsonObject(value, "webhookEndpoint");
+    return {
+        createdAt: requireString(body.created_at, "webhookEndpoint.createdAt"),
+        eventSchemaVersion: requireString(body.event_schema_version, "webhookEndpoint.eventSchemaVersion"),
+        eventTypes: readStringArrayOrNull(body.event_types, "webhookEndpoint.eventTypes"),
+        id: requireString(body.id, "webhookEndpoint.id"),
+        previousSigningSecretExpiresAt: readStringOrNull(body.previous_signing_secret_expires_at, "webhookEndpoint.previousSigningSecretExpiresAt"),
+        status: requireString(body.status, "webhookEndpoint.status"),
+        updatedAt: requireString(body.updated_at, "webhookEndpoint.updatedAt"),
+        url: requireString(body.url, "webhookEndpoint.url"),
+    };
+}
+function parseSignatureHeader(header) {
+    if (!header) {
+        return undefined;
+    }
+    let timestamp;
+    const signatures = [];
+    for (const part of header.split(",")) {
+        const [rawKey, rawValue] = part.split("=", 2);
+        const key = rawKey?.trim();
+        const value = rawValue?.trim();
+        if (key === "t") {
+            timestamp = Number(value);
+        }
+        else if (key === "v1" && value) {
+            signatures.push(value);
+        }
+    }
+    if (timestamp === undefined || !Number.isSafeInteger(timestamp) || signatures.length === 0) {
+        return undefined;
+    }
+    return {
+        signatures,
+        timestamp,
+    };
+}
+function timingSafeEqualString(left, right) {
+    const leftBuffer = Buffer.from(left, "hex");
+    const rightBuffer = Buffer.from(right, "hex");
+    return leftBuffer.length === rightBuffer.length && timingSafeEqual(leftBuffer, rightBuffer);
+}

package/package.json

@@ -7,7 +7,7 @@
   "sideEffects": false,
   "type": "module",
   "types": "./dist/index.d.ts",
-  "version": "0.0.1",
+  "version": "0.0.3-pr-76.12.1",
   "devDependencies": {
     "@types/node": "^24.12.4",
     "@vitest/coverage-v8": "4.1.7",