npm - @pymthouse/builder-sdk - Versions diffs - 0.4.1-rc.2 → 0.4.1 - Mend

@pymthouse/builder-sdk 0.4.1-rc.2 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

package/README.md +10 -10
package/dist/env.cjs +4 -13
package/dist/env.cjs.map +1 -1
package/dist/env.js +4 -13
package/dist/env.js.map +1 -1
package/dist/{index-B0ryx942.d.cts → index-D5wdxNYy.d.cts} +1 -1
package/dist/{index-CvV5syf_.d.ts → index-DFJ6qcK0.d.ts} +1 -1
package/dist/index.cjs +4 -13
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +1 -1
package/dist/index.d.ts +1 -1
package/dist/index.js +4 -13
package/dist/index.js.map +1 -1
package/dist/{proxy-JrT6raU_.d.cts → proxy-0wa8QZIU.d.cts} +16 -2
package/dist/{proxy-U32DFNuj.d.ts → proxy-KrA1vEmh.d.ts} +16 -2
package/dist/signer/server.cjs +89 -72
package/dist/signer/server.cjs.map +1 -1
package/dist/signer/server.d.cts +2 -2
package/dist/signer/server.d.ts +2 -2
package/dist/signer/server.js +89 -72
package/dist/signer/server.js.map +1 -1
package/dist/signer/webhook/adapters/api-key.cjs +1 -1
package/dist/signer/webhook/adapters/api-key.cjs.map +1 -1
package/dist/signer/webhook/adapters/api-key.d.cts +1 -1
package/dist/signer/webhook/adapters/api-key.d.ts +1 -1
package/dist/signer/webhook/adapters/api-key.js +1 -1
package/dist/signer/webhook/adapters/api-key.js.map +1 -1
package/dist/signer/webhook/adapters/composite.cjs +1 -1
package/dist/signer/webhook/adapters/composite.cjs.map +1 -1
package/dist/signer/webhook/adapters/composite.d.cts +1 -1
package/dist/signer/webhook/adapters/composite.d.ts +1 -1
package/dist/signer/webhook/adapters/composite.js +1 -1
package/dist/signer/webhook/adapters/composite.js.map +1 -1
package/dist/signer/webhook/adapters/oidc.cjs +6 -3
package/dist/signer/webhook/adapters/oidc.cjs.map +1 -1
package/dist/signer/webhook/adapters/oidc.d.cts +2 -2
package/dist/signer/webhook/adapters/oidc.d.ts +2 -2
package/dist/signer/webhook/adapters/oidc.js +6 -3
package/dist/signer/webhook/adapters/oidc.js.map +1 -1
package/dist/signer/webhook/adapters/trusted-headers.cjs +1 -1
package/dist/signer/webhook/adapters/trusted-headers.cjs.map +1 -1
package/dist/signer/webhook/adapters/trusted-headers.d.cts +1 -1
package/dist/signer/webhook/adapters/trusted-headers.d.ts +1 -1
package/dist/signer/webhook/adapters/trusted-headers.js +1 -1
package/dist/signer/webhook/adapters/trusted-headers.js.map +1 -1
package/dist/signer/webhook.cjs +7 -71
package/dist/signer/webhook.cjs.map +1 -1
package/dist/signer/webhook.d.cts +5 -14
package/dist/signer/webhook.d.ts +5 -14
package/dist/signer/webhook.js +8 -70
package/dist/signer/webhook.js.map +1 -1
package/dist/{verifier-B-WFDMz6.d.cts → verifier-Be9WAjFF.d.cts} +3 -2
package/dist/{verifier-B-WFDMz6.d.ts → verifier-Be9WAjFF.d.ts} +3 -2
package/package.json +2 -8
package/dist/signer/webhook/adapters/oauth1.cjs +0 -18
package/dist/signer/webhook/adapters/oauth1.cjs.map +0 -1
package/dist/signer/webhook/adapters/oauth1.d.cts +0 -19
package/dist/signer/webhook/adapters/oauth1.d.ts +0 -19
package/dist/signer/webhook/adapters/oauth1.js +0 -16
package/dist/signer/webhook/adapters/oauth1.js.map +0 -1

package/README.md CHANGED Viewed

@@ -126,21 +126,18 @@ reference **integration security** webhook that validates end-user credentials a
 returns `UsageIdentity` to the signer (`POST /authorize`).
 Transport (signer shared-secret auth, wire protocol) is separate from **end-user
-auth strategies** (`EndUserAuthVerifier`). OIDC/JWT is the default MVP; OAuth 1.0
-has a stub verifier for future integrations.
+auth strategies** (`EndUserAuthVerifier`). OIDC/JWT is the default; an API-key
+adapter and a composite "first match" adapter are also provided, and you can
+plug in any custom verifier.
 ```ts
 import {
+  createApiKeyEndUserVerifier,
   createOidcRemoteSignerWebhookConfig,
   createRemoteSignerAuthorizeHandler,
-  readOidcRemoteSignerWebhookConfigFromEnv,
-  startRemoteSignerWebhookServer,
   type EndUserAuthVerifier,
 } from "@pymthouse/builder-sdk/signer/webhook";
-// Standalone sidecar (loads JWT_ISSUER, JWT_AUDIENCE, WEBHOOK_SECRET from env)
-startRemoteSignerWebhookServer();
 // OIDC (default): Auth0, pymthouse issuer, etc.
 const authorize = createRemoteSignerAuthorizeHandler(
   createOidcRemoteSignerWebhookConfig({
@@ -151,6 +148,12 @@ const authorize = createRemoteSignerAuthorizeHandler(
   }),
 );
+// API key: resolve your own keys to a UsageIdentity
+const apiKeyVerifier = createApiKeyEndUserVerifier({
+  issuer: process.env.JWT_ISSUER!,
+  resolveApiKey: async (key) => (await lookup(key)) ?? null,
+});
 // Custom provider: implement EndUserAuthVerifier
 const customConfig = {
   webhookSecret: process.env.WEBHOOK_SECRET!,
@@ -167,9 +170,6 @@ const customConfig = {
 Env vars align with `auth0-livepeer` bootstrap output (`.env.livepeer`). For Auth0,
 set `CLAIM_CLIENT_ID=azp` and `USAGE_SUBJECT_TYPE=auth0_user_id`.
-OAuth 1.0: `createOAuth1EndUserVerifier` exists as a stub; signature verification
-is not implemented yet.
 ## Subpath exports
 | Import | Purpose |

package/dist/env.cjs CHANGED Viewed

@@ -213,14 +213,8 @@ var init_fetch_json = __esm({
 });
 // src/signer/handler-errors.ts
-function isPmtHouseError(error) {
-  if (error instanceof PmtHouseError) {
-    return true;
-  }
-  return error instanceof Error && typeof error.status === "number" && typeof error.code === "string";
-}
 function signerHandlerErrorResponse(error) {
-  if (isPmtHouseError(error)) {
+  if (error instanceof PmtHouseError) {
     return new Response(
       JSON.stringify({
         error: error.code,
@@ -273,9 +267,6 @@ var init_json_fields = __esm({
 });
 // src/signer/mint-token.ts
-function signerJwtAudience(issuerUrl) {
-  return stripTrailingSlashes(issuerUrl);
-}
 function parseMintUserSignerTokenResponse(body, ttlRefreshRatio = DEFAULT_TTL_REFRESH_RATIO) {
   const accessToken = readStringField(body, "access_token", TOKEN_RESPONSE_ERROR, "Token response");
   const expiresIn = readExpiresIn(body, TOKEN_RESPONSE_ERROR);
@@ -302,11 +293,11 @@ function parseMintUserSignerTokenResponse(body, ttlRefreshRatio = DEFAULT_TTL_RE
     lifetimeGrantedUsdMicros
   };
 }
-var DEFAULT_TTL_REFRESH_RATIO, TOKEN_RESPONSE_ERROR;
+var LIVEPEER_REMOTE_SIGNER_AUDIENCE, DEFAULT_TTL_REFRESH_RATIO, TOKEN_RESPONSE_ERROR;
 var init_mint_token = __esm({
   "src/signer/mint-token.ts"() {
-    init_string_utils();
     init_json_fields();
+    LIVEPEER_REMOTE_SIGNER_AUDIENCE = "livepeer-remote-signer";
     DEFAULT_TTL_REFRESH_RATIO = 0.8;
     TOKEN_RESPONSE_ERROR = "invalid_token_response";
   }
@@ -373,7 +364,7 @@ async function mintSignerTokenFromDeviceToken(options) {
       code: "oidc_discovery_invalid"
     });
   }
-  const audience = options.audience?.trim() || signerJwtAudience(issuerUrl);
+  const audience = options.audience?.trim() || LIVEPEER_REMOTE_SIGNER_AUDIENCE;
   const params = new URLSearchParams({
     grant_type: TOKEN_EXCHANGE_GRANT,
     subject_token: options.deviceToken,