@proxy-checkout/server-js 0.0.4-pr-76.21.1 → 0.0.4-pr-76.22.1

package/dist/cjs/cart.js

@@ -0,0 +1,26 @@
+"use strict";
+/**
+ * Typed cart-snapshot validation.
+ *
+ * The cart snapshot is merchant-defined and opaque to Proxy, so the SDK keeps
+ * the shape app-owned but standardizes the parse step: pass a zod-style schema
+ * (or a plain validator function) and get a typed cart or a structured error.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseProxyCart = parseProxyCart;
+const errors_js_1 = require("./errors.js");
+/** Run a cart snapshot through a validator, wrapping failures in a structured SDK error. */
+function parseProxyCart(cartSnapshot, validator) {
+    try {
+        return typeof validator === "function"
+            ? validator(cartSnapshot)
+            : validator.parse(cartSnapshot);
+    }
+    catch (cause) {
+        throw new errors_js_1.ProxyCheckoutValidationError("Proxy cart snapshot failed validation.", {
+            cause,
+            code: "cart_invalid",
+            field: "cart_snapshot",
+        });
+    }
+}

package/dist/cjs/client.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProxyCheckoutServerClient = void 0;
+exports.createProxyCheckoutServerClient = createProxyCheckoutServerClient;
+const events_js_1 = require("./events.js");
+const http_client_js_1 = require("./http-client.js");
+const sessions_js_1 = require("./sessions.js");
+const subscriptions_js_1 = require("./subscriptions.js");
+const webhook_handler_js_1 = require("./webhook-handler.js");
+const webhooks_js_1 = require("./webhooks.js");
+class ProxyCheckoutServerClient {
+    apiHost;
+    sessions;
+    subscriptions;
+    /** Current-state lifecycle resolver for signed webhook events. */
+    events;
+    /** Webhook delivery handling: `handle`, `process`, `constructEvent`. */
+    webhooks;
+    /** Webhook endpoint management API (create/list/rotate). */
+    webhookEndpoints;
+    constructor(options) {
+        const httpClient = new http_client_js_1.ProxyCheckoutHttpClient({
+            apiHost: options.apiHost,
+            apiKey: options.apiKey,
+            fetchImpl: options.fetch,
+        });
+        this.apiHost = httpClient.apiHost;
+        this.sessions = new sessions_js_1.ProxySessionsResource(httpClient, {
+            payHost: options.payHost,
+            publishableKey: options.publishableKey,
+        });
+        this.subscriptions = new subscriptions_js_1.ProxySubscriptionsResource(httpClient, this.sessions);
+        this.events = new events_js_1.ProxyEventsResource(this.sessions, this.subscriptions);
+        this.webhooks = new webhook_handler_js_1.ProxyWebhooksResource(this.events);
+        this.webhookEndpoints = new webhooks_js_1.ProxyWebhookEndpointsResource(httpClient);
+    }
+}
+exports.ProxyCheckoutServerClient = ProxyCheckoutServerClient;
+function createProxyCheckoutServerClient(options) {
+    return new ProxyCheckoutServerClient(options);
+}

package/dist/cjs/consistency.js

@@ -0,0 +1,36 @@
+"use strict";
+/**
+ * Buyer-reference and session linkage consistency checks.
+ *
+ * Proxy current-state retrieval is the source of truth, but the SDK still
+ * guards that the records it stitches together actually belong to the same
+ * buyer and session before a merchant acts on them.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.assertSubscriptionMatchesSession = assertSubscriptionMatchesSession;
+exports.assertCartBuyerReference = assertCartBuyerReference;
+const errors_js_1 = require("./errors.js");
+/**
+ * Assert that a subscription belongs to the given original session and that the
+ * buyer references agree. Throws {@link ProxyCheckoutValidationError} otherwise.
+ */
+function assertSubscriptionMatchesSession(subscription, session) {
+    if (subscription.originalProxySessionId !== session.id) {
+        throw new errors_js_1.ProxyCheckoutValidationError(`Proxy subscription ${subscription.id} is not linked to session ${session.id}.`, { code: "subscription_session_mismatch", field: "original_proxy_session_id" });
+    }
+    if (subscription.buyerReference !== session.buyerReference) {
+        throw new errors_js_1.ProxyCheckoutValidationError(`Proxy subscription ${subscription.id} buyer reference does not match session ${session.id}.`, { code: "buyer_reference_mismatch", field: "buyer_reference" });
+    }
+}
+/**
+ * Assert that a cart-embedded buyer reference, when present, matches the session
+ * buyer reference. A `null`/`undefined` cart buyer reference is allowed (the
+ * cart simply does not carry one).
+ */
+function assertCartBuyerReference(cartBuyerReference, session) {
+    if (cartBuyerReference !== null &&
+        cartBuyerReference !== undefined &&
+        cartBuyerReference !== session.buyerReference) {
+        throw new errors_js_1.ProxyCheckoutValidationError(`Proxy session ${session.id} cart buyer reference does not match the session buyer reference.`, { code: "buyer_reference_mismatch", field: "cart.buyerReference" });
+    }
+}

package/dist/cjs/errors.js

@@ -0,0 +1,59 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProxyCheckoutApiError = exports.ProxyCheckoutValidationError = void 0;
+exports.toApiError = toApiError;
+/**
+ * Raised when the SDK receives Proxy data it cannot safely normalize, for
+ * example an invalid date string, a cart snapshot that fails the merchant
+ * schema, or a buyer-reference / provider-binding consistency violation.
+ */
+class ProxyCheckoutValidationError extends Error {
+    name = "ProxyCheckoutValidationError";
+    code;
+    field;
+    cause;
+    constructor(message, details) {
+        super(message);
+        this.code = details.code;
+        this.field = details.field;
+        this.cause = details.cause;
+    }
+}
+exports.ProxyCheckoutValidationError = ProxyCheckoutValidationError;
+class ProxyCheckoutApiError extends Error {
+    name = "ProxyCheckoutApiError";
+    code;
+    requestId;
+    responseBody;
+    statusCode;
+    constructor(message, details) {
+        super(message);
+        this.code = details.code;
+        this.requestId = details.requestId;
+        this.responseBody = details.responseBody;
+        this.statusCode = details.statusCode;
+    }
+}
+exports.ProxyCheckoutApiError = ProxyCheckoutApiError;
+function toApiError(statusCode, responseBody, headerRequestId) {
+    const error = readApiError(responseBody);
+    const message = error.message ?? `Proxy API request failed with status ${statusCode}.`;
+    return new ProxyCheckoutApiError(message, {
+        code: error.code,
+        requestId: error.requestId ?? headerRequestId,
+        responseBody,
+        statusCode,
+    });
+}
+function readApiError(responseBody) {
+    const body = isRecord(responseBody) ? responseBody : undefined;
+    const error = body && isRecord(body.error) ? body.error : undefined;
+    return {
+        code: typeof error?.code === "string" ? error.code : undefined,
+        message: typeof error?.message === "string" ? error.message : undefined,
+        requestId: typeof error?.request_id === "string" ? error.request_id : undefined,
+    };
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}

package/dist/cjs/events.js

@@ -0,0 +1,151 @@
+"use strict";
+/**
+ * Current-state lifecycle resolver for signed Proxy webhook events.
+ *
+ * A webhook is only a wakeup: this resolver re-reads the authoritative session
+ * and subscription state with the merchant secret key and returns a typed
+ * lifecycle decision. It never grants from webhook payload fields, and it
+ * classifies subscription events from current state rather than event order.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProxyEventsResource = void 0;
+const consistency_js_1 = require("./consistency.js");
+const lifecycle_js_1 = require("./lifecycle.js");
+const webhook_events_js_1 = require("./webhook-events.js");
+class ProxyEventsResource {
+    sessions;
+    subscriptions;
+    constructor(sessions, subscriptions) {
+        this.sessions = sessions;
+        this.subscriptions = subscriptions;
+    }
+    /**
+     * Resolve a signed webhook event into a current-state lifecycle decision by
+     * re-reading the authoritative session/subscription with the secret key.
+     */
+    async resolveCurrentState(event, options = {}) {
+        if ((0, webhook_events_js_1.isProxySubscriptionEvent)(event.type)) {
+            return this.resolveSubscriptionEvent(event, options);
+        }
+        if ((0, webhook_events_js_1.isProxySessionEvent)(event.type)) {
+            return this.resolveSessionEvent(event, options);
+        }
+        return ignored(event, `Event type ${event.type} is not a lifecycle event.`, {
+            sessionId: readEventString(event.data.proxy_session_id),
+            subscriptionId: readEventString(event.data.subscription_id),
+        });
+    }
+    async resolveSessionEvent(event, options) {
+        const sessionId = extractSessionId(event);
+        if (sessionId === null) {
+            return ignored(event, "Session event is missing proxy_session_id.", {
+                sessionId: null,
+                subscriptionId: readEventString(event.data.subscription_id),
+            });
+        }
+        const session = await this.sessions.retrieve(sessionId, options);
+        if ((0, lifecycle_js_1.isSessionProvisionable)(session)) {
+            const subscriptionId = readEventString(event.data.subscription_id);
+            let subscription = null;
+            if (subscriptionId !== null) {
+                subscription = await this.subscriptions.retrieve(subscriptionId, options);
+                (0, consistency_js_1.assertSubscriptionMatchesSession)(subscription, session);
+            }
+            return {
+                accessEndsAt: subscription === null ? null : (0, lifecycle_js_1.subscriptionAccessEndsAt)(subscription),
+                event,
+                kind: "initial_provision",
+                session,
+                subscription,
+                willRenew: subscription === null ? null : (0, lifecycle_js_1.subscriptionWillRenew)(subscription),
+            };
+        }
+        if ((0, lifecycle_js_1.isSessionTerminal)(session)) {
+            return { event, kind: "terminal_session", session };
+        }
+        return ignored(event, `Session ${session.id} status ${session.status} is not yet actionable.`, {
+            sessionId: session.id,
+            subscriptionId: null,
+        });
+    }
+    async resolveSubscriptionEvent(event, options) {
+        const subscriptionId = readEventString(event.data.subscription_id);
+        if (subscriptionId === null) {
+            return ignored(event, "Subscription event is missing subscription_id.", {
+                sessionId: readEventString(event.data.proxy_session_id),
+                subscriptionId: null,
+            });
+        }
+        const subscription = await this.subscriptions.retrieve(subscriptionId, options);
+        const session = await this.sessions.retrieve(subscription.originalProxySessionId, options);
+        (0, consistency_js_1.assertSubscriptionMatchesSession)(subscription, session);
+        const accessEndsAt = (0, lifecycle_js_1.subscriptionAccessEndsAt)(subscription);
+        if ((0, lifecycle_js_1.isSubscriptionEnded)(subscription)) {
+            return {
+                accessEndsAt,
+                event,
+                kind: "subscription_cancelled",
+                session,
+                subscription,
+                willRenew: false,
+            };
+        }
+        if (subscription.cancelAtPeriodEnd) {
+            return {
+                accessEndsAt,
+                event,
+                kind: "subscription_cancel_scheduled",
+                session,
+                subscription,
+                willRenew: false,
+            };
+        }
+        if ((0, lifecycle_js_1.isSubscriptionPaymentAtRisk)(subscription)) {
+            return {
+                accessEndsAt,
+                event,
+                kind: "payment_risk",
+                latestPaymentStatus: subscription.latestPaymentStatus,
+                session,
+                subscription,
+                willRenew: (0, lifecycle_js_1.subscriptionWillRenew)(subscription),
+            };
+        }
+        return {
+            accessEndsAt,
+            event,
+            kind: "subscription_renewed",
+            session,
+            subscription,
+            willRenew: (0, lifecycle_js_1.subscriptionWillRenew)(subscription),
+        };
+    }
+}
+exports.ProxyEventsResource = ProxyEventsResource;
+function ignored(event, reason, ids) {
+    return {
+        event,
+        kind: "ignored",
+        reason,
+        sessionId: ids.sessionId,
+        subscriptionId: ids.subscriptionId,
+    };
+}
+/** Read the session id from an event, handling the nested `proxy_session.expired` payload. */
+function extractSessionId(event) {
+    const direct = readEventString(event.data.proxy_session_id);
+    if (direct !== null) {
+        return direct;
+    }
+    const nested = event.data.proxy_session;
+    if (isRecord(nested)) {
+        return readEventString(nested.id);
+    }
+    return null;
+}
+function readEventString(value) {
+    return typeof value === "string" && value.length > 0 ? value : null;
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}

package/dist/cjs/http-client.js

@@ -0,0 +1,84 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProxyCheckoutHttpClient = void 0;
+const errors_js_1 = require("./errors.js");
+const version_js_1 = require("./version.js");
+class ProxyCheckoutHttpClient {
+    apiHost;
+    apiKey;
+    fetchImpl;
+    constructor({ apiHost, apiKey, fetchImpl, }) {
+        assertSecretKey(apiKey);
+        const resolvedFetch = fetchImpl ?? globalThis.fetch;
+        if (typeof resolvedFetch !== "function") {
+            throw new Error("Proxy Checkout server SDK requires a fetch implementation.");
+        }
+        this.apiHost = normalizeApiHost(apiHost);
+        this.apiKey = apiKey;
+        this.fetchImpl = resolvedFetch;
+    }
+    async request(method, path, body, options = {}) {
+        const response = await this.fetchImpl(`${this.apiHost}${path}`, {
+            ...(body === undefined ? {} : { body: JSON.stringify(body) }),
+            headers: buildHeaders(this.apiKey, options, body !== undefined),
+            method,
+        });
+        const responseBody = await readResponseBody(response);
+        if (!response.ok) {
+            const headerRequestId = response.headers.get("x-request-id") || undefined;
+            throw (0, errors_js_1.toApiError)(response.status, responseBody, headerRequestId);
+        }
+        return responseBody;
+    }
+}
+exports.ProxyCheckoutHttpClient = ProxyCheckoutHttpClient;
+function buildHeaders(apiKey, options, hasJsonBody) {
+    const headers = {
+        accept: "application/json",
+        authorization: `Bearer ${apiKey}`,
+        "user-agent": version_js_1.proxyCheckoutServerSdkUserAgent,
+    };
+    if (hasJsonBody) {
+        headers["content-type"] = "application/json";
+    }
+    if (options.idempotencyKey !== undefined) {
+        headers["idempotency-key"] = options.idempotencyKey;
+    }
+    if (options.requestId !== undefined) {
+        headers["x-request-id"] = options.requestId;
+    }
+    return headers;
+}
+async function readResponseBody(response) {
+    const text = await response.text();
+    if (!text) {
+        return undefined;
+    }
+    try {
+        return JSON.parse(text);
+    }
+    catch {
+        return text;
+    }
+}
+function assertSecretKey(apiKey) {
+    if (!apiKey.startsWith("sk_test_") && !apiKey.startsWith("sk_live_")) {
+        throw new Error("Proxy Checkout secret key must start with sk_test_ or sk_live_.");
+    }
+}
+function normalizeApiHost(apiHost) {
+    if (apiHost === undefined) {
+        return "https://api.proxycheckout.com";
+    }
+    let url;
+    try {
+        url = new URL(apiHost);
+    }
+    catch {
+        throw new Error(`Invalid apiHost URL: ${apiHost}. Make sure it is an absolute HTTP or HTTPS URL.`);
+    }
+    if (url.protocol !== "http:" && url.protocol !== "https:") {
+        throw new Error(`Invalid apiHost URL: ${apiHost}. Make sure it is an absolute HTTP or HTTPS URL.`);
+    }
+    return `${url.origin}${url.pathname}`.replace(/\/$/, "");
+}

package/dist/cjs/index.js

@@ -0,0 +1,55 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyProxyWebhookSignature = exports.proxyCheckoutWebhookEndpointEndpoints = exports.ProxyWebhookSignatureVerificationError = exports.ProxyWebhookEndpointsResource = exports.PROXY_SIGNATURE_HEADER = exports.constructProxyWebhookEvent = exports.ProxyWebhooksResource = exports.PROXY_WEBHOOK_RETRY_AFTER_SECONDS = exports.PROXY_WEBHOOK_EVENT_TYPES = exports.isProxySubscriptionEvent = exports.isProxySessionEvent = exports.isProxyPaymentAttemptEvent = exports.proxyCheckoutServerSdkVersion = exports.proxyCheckoutServerSdkUserAgent = exports.proxyCheckoutServerSdkName = exports.proxyCheckoutSubscriptionEndpoints = exports.ProxySubscriptionsResource = exports.proxyCheckoutServerEndpoints = exports.ProxySessionsResource = exports.ProxySessionCartResource = exports.TERMINAL_SESSION_STATUSES = exports.subscriptionWillRenew = exports.subscriptionAccessEndsAt = exports.requireProxyDate = exports.parseOptionalProxyDate = exports.PROVISIONABLE_SESSION_STATUSES = exports.isSubscriptionPaymentAtRisk = exports.isSubscriptionEnded = exports.isSessionTerminal = exports.isSessionProvisionable = exports.ENDED_SUBSCRIPTION_STATUSES = exports.AT_RISK_SUBSCRIPTION_STATUSES = exports.ProxyEventsResource = exports.ProxyCheckoutValidationError = exports.ProxyCheckoutApiError = exports.assertSubscriptionMatchesSession = exports.assertCartBuyerReference = exports.ProxyCheckoutServerClient = exports.createProxyCheckoutServerClient = exports.parseProxyCart = void 0;
+var cart_js_1 = require("./cart.js");
+Object.defineProperty(exports, "parseProxyCart", { enumerable: true, get: function () { return cart_js_1.parseProxyCart; } });
+var client_js_1 = require("./client.js");
+Object.defineProperty(exports, "createProxyCheckoutServerClient", { enumerable: true, get: function () { return client_js_1.createProxyCheckoutServerClient; } });
+Object.defineProperty(exports, "ProxyCheckoutServerClient", { enumerable: true, get: function () { return client_js_1.ProxyCheckoutServerClient; } });
+var consistency_js_1 = require("./consistency.js");
+Object.defineProperty(exports, "assertCartBuyerReference", { enumerable: true, get: function () { return consistency_js_1.assertCartBuyerReference; } });
+Object.defineProperty(exports, "assertSubscriptionMatchesSession", { enumerable: true, get: function () { return consistency_js_1.assertSubscriptionMatchesSession; } });
+var errors_js_1 = require("./errors.js");
+Object.defineProperty(exports, "ProxyCheckoutApiError", { enumerable: true, get: function () { return errors_js_1.ProxyCheckoutApiError; } });
+Object.defineProperty(exports, "ProxyCheckoutValidationError", { enumerable: true, get: function () { return errors_js_1.ProxyCheckoutValidationError; } });
+var events_js_1 = require("./events.js");
+Object.defineProperty(exports, "ProxyEventsResource", { enumerable: true, get: function () { return events_js_1.ProxyEventsResource; } });
+var lifecycle_js_1 = require("./lifecycle.js");
+Object.defineProperty(exports, "AT_RISK_SUBSCRIPTION_STATUSES", { enumerable: true, get: function () { return lifecycle_js_1.AT_RISK_SUBSCRIPTION_STATUSES; } });
+Object.defineProperty(exports, "ENDED_SUBSCRIPTION_STATUSES", { enumerable: true, get: function () { return lifecycle_js_1.ENDED_SUBSCRIPTION_STATUSES; } });
+Object.defineProperty(exports, "isSessionProvisionable", { enumerable: true, get: function () { return lifecycle_js_1.isSessionProvisionable; } });
+Object.defineProperty(exports, "isSessionTerminal", { enumerable: true, get: function () { return lifecycle_js_1.isSessionTerminal; } });
+Object.defineProperty(exports, "isSubscriptionEnded", { enumerable: true, get: function () { return lifecycle_js_1.isSubscriptionEnded; } });
+Object.defineProperty(exports, "isSubscriptionPaymentAtRisk", { enumerable: true, get: function () { return lifecycle_js_1.isSubscriptionPaymentAtRisk; } });
+Object.defineProperty(exports, "PROVISIONABLE_SESSION_STATUSES", { enumerable: true, get: function () { return lifecycle_js_1.PROVISIONABLE_SESSION_STATUSES; } });
+Object.defineProperty(exports, "parseOptionalProxyDate", { enumerable: true, get: function () { return lifecycle_js_1.parseOptionalProxyDate; } });
+Object.defineProperty(exports, "requireProxyDate", { enumerable: true, get: function () { return lifecycle_js_1.requireProxyDate; } });
+Object.defineProperty(exports, "subscriptionAccessEndsAt", { enumerable: true, get: function () { return lifecycle_js_1.subscriptionAccessEndsAt; } });
+Object.defineProperty(exports, "subscriptionWillRenew", { enumerable: true, get: function () { return lifecycle_js_1.subscriptionWillRenew; } });
+Object.defineProperty(exports, "TERMINAL_SESSION_STATUSES", { enumerable: true, get: function () { return lifecycle_js_1.TERMINAL_SESSION_STATUSES; } });
+var sessions_js_1 = require("./sessions.js");
+Object.defineProperty(exports, "ProxySessionCartResource", { enumerable: true, get: function () { return sessions_js_1.ProxySessionCartResource; } });
+Object.defineProperty(exports, "ProxySessionsResource", { enumerable: true, get: function () { return sessions_js_1.ProxySessionsResource; } });
+Object.defineProperty(exports, "proxyCheckoutServerEndpoints", { enumerable: true, get: function () { return sessions_js_1.proxyCheckoutServerEndpoints; } });
+var subscriptions_js_1 = require("./subscriptions.js");
+Object.defineProperty(exports, "ProxySubscriptionsResource", { enumerable: true, get: function () { return subscriptions_js_1.ProxySubscriptionsResource; } });
+Object.defineProperty(exports, "proxyCheckoutSubscriptionEndpoints", { enumerable: true, get: function () { return subscriptions_js_1.proxyCheckoutSubscriptionEndpoints; } });
+var version_js_1 = require("./version.js");
+Object.defineProperty(exports, "proxyCheckoutServerSdkName", { enumerable: true, get: function () { return version_js_1.proxyCheckoutServerSdkName; } });
+Object.defineProperty(exports, "proxyCheckoutServerSdkUserAgent", { enumerable: true, get: function () { return version_js_1.proxyCheckoutServerSdkUserAgent; } });
+Object.defineProperty(exports, "proxyCheckoutServerSdkVersion", { enumerable: true, get: function () { return version_js_1.proxyCheckoutServerSdkVersion; } });
+var webhook_events_js_1 = require("./webhook-events.js");
+Object.defineProperty(exports, "isProxyPaymentAttemptEvent", { enumerable: true, get: function () { return webhook_events_js_1.isProxyPaymentAttemptEvent; } });
+Object.defineProperty(exports, "isProxySessionEvent", { enumerable: true, get: function () { return webhook_events_js_1.isProxySessionEvent; } });
+Object.defineProperty(exports, "isProxySubscriptionEvent", { enumerable: true, get: function () { return webhook_events_js_1.isProxySubscriptionEvent; } });
+Object.defineProperty(exports, "PROXY_WEBHOOK_EVENT_TYPES", { enumerable: true, get: function () { return webhook_events_js_1.PROXY_WEBHOOK_EVENT_TYPES; } });
+var webhook_handler_js_1 = require("./webhook-handler.js");
+Object.defineProperty(exports, "PROXY_WEBHOOK_RETRY_AFTER_SECONDS", { enumerable: true, get: function () { return webhook_handler_js_1.PROXY_WEBHOOK_RETRY_AFTER_SECONDS; } });
+Object.defineProperty(exports, "ProxyWebhooksResource", { enumerable: true, get: function () { return webhook_handler_js_1.ProxyWebhooksResource; } });
+var webhooks_js_1 = require("./webhooks.js");
+Object.defineProperty(exports, "constructProxyWebhookEvent", { enumerable: true, get: function () { return webhooks_js_1.constructProxyWebhookEvent; } });
+Object.defineProperty(exports, "PROXY_SIGNATURE_HEADER", { enumerable: true, get: function () { return webhooks_js_1.PROXY_SIGNATURE_HEADER; } });
+Object.defineProperty(exports, "ProxyWebhookEndpointsResource", { enumerable: true, get: function () { return webhooks_js_1.ProxyWebhookEndpointsResource; } });
+Object.defineProperty(exports, "ProxyWebhookSignatureVerificationError", { enumerable: true, get: function () { return webhooks_js_1.ProxyWebhookSignatureVerificationError; } });
+Object.defineProperty(exports, "proxyCheckoutWebhookEndpointEndpoints", { enumerable: true, get: function () { return webhooks_js_1.proxyCheckoutWebhookEndpointEndpoints; } });
+Object.defineProperty(exports, "verifyProxyWebhookSignature", { enumerable: true, get: function () { return webhooks_js_1.verifyProxyWebhookSignature; } });

package/dist/cjs/lifecycle.js

@@ -0,0 +1,109 @@
+"use strict";
+/**
+ * SDK-owned normalization of Proxy session and subscription lifecycle.
+ *
+ * These helpers turn raw Proxy state into the small set of derived facts a
+ * merchant entitlement layer actually needs (`willRenew`, `accessEndsAt`,
+ * terminal/provisionable predicates) so every customer does not re-encode
+ * Proxy lifecycle semantics by hand.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AT_RISK_SUBSCRIPTION_STATUSES = exports.ENDED_SUBSCRIPTION_STATUSES = exports.TERMINAL_SESSION_STATUSES = exports.PROVISIONABLE_SESSION_STATUSES = void 0;
+exports.requireProxyDate = requireProxyDate;
+exports.parseOptionalProxyDate = parseOptionalProxyDate;
+exports.isSessionProvisionable = isSessionProvisionable;
+exports.isSessionTerminal = isSessionTerminal;
+exports.subscriptionWillRenew = subscriptionWillRenew;
+exports.subscriptionAccessEndsAt = subscriptionAccessEndsAt;
+exports.isSubscriptionEnded = isSubscriptionEnded;
+exports.isSubscriptionPaymentAtRisk = isSubscriptionPaymentAtRisk;
+const errors_js_1 = require("./errors.js");
+/** Session statuses that mean the payer has paid and entitlement may be granted. */
+exports.PROVISIONABLE_SESSION_STATUSES = new Set(["paid", "provisionable"]);
+/**
+ * Session statuses that are terminal from the SDK's lifecycle perspective — the
+ * automatic flow has stopped and the merchant must observe the outcome. This
+ * includes `merchant_action_required`, which halts the session pending merchant
+ * intervention; classifying it here keeps a `proxy_session.merchant_action_required`
+ * event from silently resolving to `ignored` and being marked processed.
+ */
+exports.TERMINAL_SESSION_STATUSES = new Set([
+    "cancelled",
+    "expired",
+    "failed",
+    "merchant_action_required",
+    "provisioned",
+    "provisioning_failed",
+]);
+/** Subscription statuses that mean the subscription is no longer active. */
+exports.ENDED_SUBSCRIPTION_STATUSES = new Set([
+    "canceled",
+    "ended",
+    "incomplete_expired",
+]);
+/** Subscription statuses that indicate a payment problem on an otherwise live subscription. */
+exports.AT_RISK_SUBSCRIPTION_STATUSES = new Set(["past_due", "unpaid"]);
+/** Parse a required ISO date from Proxy, throwing a structured error when missing/invalid. */
+function requireProxyDate(value, field) {
+    const date = parseOptionalProxyDate(value, field);
+    if (date === null) {
+        throw new errors_js_1.ProxyCheckoutValidationError(`Proxy date field ${field} is required.`, {
+            code: "invalid_date",
+            field,
+        });
+    }
+    return date;
+}
+/** Parse an optional ISO date from Proxy, returning null when absent and throwing when invalid. */
+function parseOptionalProxyDate(value, field = "date") {
+    if (value === null || value === undefined || value === "") {
+        return null;
+    }
+    const date = new Date(value);
+    if (Number.isNaN(date.getTime())) {
+        throw new errors_js_1.ProxyCheckoutValidationError(`Proxy date field ${field} is not a valid date.`, {
+            code: "invalid_date",
+            field,
+        });
+    }
+    return date;
+}
+/** True once the payer has paid / the session is provisionable for entitlement. */
+function isSessionProvisionable(session) {
+    return exports.PROVISIONABLE_SESSION_STATUSES.has(session.status);
+}
+/** True once the session has reached a terminal state. */
+function isSessionTerminal(session) {
+    return exports.TERMINAL_SESSION_STATUSES.has(session.status);
+}
+/**
+ * Whether the subscription is expected to renew at the end of the current period.
+ * A subscription will not renew once it is scheduled to cancel or has ended.
+ */
+function subscriptionWillRenew(subscription) {
+    if (subscription.cancelAtPeriodEnd) {
+        return false;
+    }
+    if (subscription.endedAt !== null) {
+        return false;
+    }
+    return !exports.ENDED_SUBSCRIPTION_STATUSES.has(subscription.status);
+}
+/**
+ * The instant at which paid access should end given current subscription state.
+ * Prefers an explicit `endedAt` (hard stop) over the current period boundary.
+ * Returns null when neither is known.
+ */
+function subscriptionAccessEndsAt(subscription) {
+    return (parseOptionalProxyDate(subscription.endedAt, "subscription.endedAt") ??
+        parseOptionalProxyDate(subscription.currentPeriodEnd, "subscription.currentPeriodEnd"));
+}
+/** True when the subscription has ended (cancelled / expired / explicitly ended). */
+function isSubscriptionEnded(subscription) {
+    return subscription.endedAt !== null || exports.ENDED_SUBSCRIPTION_STATUSES.has(subscription.status);
+}
+/** True when the subscription is live but has a payment problem (past_due / unpaid / failed). */
+function isSubscriptionPaymentAtRisk(subscription) {
+    return (exports.AT_RISK_SUBSCRIPTION_STATUSES.has(subscription.status) ||
+        subscription.latestPaymentStatus === "failed");
+}

package/dist/cjs/package.json

@@ -0,0 +1,3 @@
+{
+  "type": "commonjs"
+}

package/dist/cjs/response-validators.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requireJsonObject = requireJsonObject;
+exports.requireString = requireString;
+exports.requireNullableString = requireNullableString;
+exports.requireInteger = requireInteger;
+exports.requireNullableInteger = requireNullableInteger;
+exports.requireBoolean = requireBoolean;
+exports.requireStringArrayOrNull = requireStringArrayOrNull;
+function requireJsonObject(value, operation) {
+    if (!isRecord(value)) {
+        throw new Error(`Proxy API response for ${operation} must be a JSON object.`);
+    }
+    return value;
+}
+function requireString(value, field) {
+    if (typeof value !== "string") {
+        throw new Error(`Proxy API response field ${field} must be a string.`);
+    }
+    return value;
+}
+function requireNullableString(value, field) {
+    if (value === null) {
+        return null;
+    }
+    return requireString(value, field);
+}
+function requireInteger(value, field) {
+    if (typeof value !== "number" || !Number.isInteger(value)) {
+        throw new Error(`Proxy API response field ${field} must be an integer.`);
+    }
+    return value;
+}
+function requireNullableInteger(value, field) {
+    if (value === null) {
+        return null;
+    }
+    if (typeof value !== "number" || !Number.isInteger(value)) {
+        throw new Error(`Proxy API response field ${field} must be an integer or null.`);
+    }
+    return value;
+}
+function requireBoolean(value, field) {
+    if (typeof value !== "boolean") {
+        throw new Error(`Proxy API response field ${field} must be a boolean.`);
+    }
+    return value;
+}
+function requireStringArrayOrNull(value, field) {
+    if (value === null) {
+        return null;
+    }
+    if (!Array.isArray(value) || !value.every((item) => typeof item === "string")) {
+        throw new Error(`Proxy API response field ${field} must be an array or null.`);
+    }
+    return value;
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}