npm - @pymthouse/builder-sdk - Versions diffs - 0.4.3 → 0.4.5 - Mend

@pymthouse/builder-sdk 0.4.3 → 0.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

package/README.md +120 -5
package/dist/{client-zCskUJag.d.ts → client-BhNz0ZAA.d.ts} +9 -3
package/dist/{client-C0HgAugK.d.cts → client-GP-mTEI7.d.cts} +9 -3
package/dist/device.d.cts +1 -1
package/dist/device.d.ts +1 -1
package/dist/env.cjs +40 -3
package/dist/env.cjs.map +1 -1
package/dist/env.d.cts +2 -2
package/dist/env.d.ts +2 -2
package/dist/env.js +40 -3
package/dist/env.js.map +1 -1
package/dist/errors-C9-V_zSi.d.cts +13 -0
package/dist/errors-C9-V_zSi.d.ts +13 -0
package/dist/{index-D5wdxNYy.d.cts → index-M0tsyotJ.d.cts} +2 -2
package/dist/{index-DFJ6qcK0.d.ts → index-rC8smShg.d.ts} +2 -2
package/dist/index.cjs +40 -3
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +6 -17
package/dist/index.d.ts +6 -17
package/dist/index.js +40 -3
package/dist/index.js.map +1 -1
package/dist/{proxy-KrA1vEmh.d.ts → proxy-CZLY0IfL.d.cts} +5 -2
package/dist/{proxy-0wa8QZIU.d.cts → proxy-D36SpZ6k.d.ts} +5 -2
package/dist/signer/gateway.cjs +542 -0
package/dist/signer/gateway.cjs.map +1 -0
package/dist/signer/gateway.d.cts +81 -0
package/dist/signer/gateway.d.ts +81 -0
package/dist/signer/gateway.js +538 -0
package/dist/signer/gateway.js.map +1 -0
package/dist/signer/server.cjs +225 -0
package/dist/signer/server.cjs.map +1 -1
package/dist/signer/server.d.cts +35 -4
package/dist/signer/server.d.ts +35 -4
package/dist/signer/server.js +219 -1
package/dist/signer/server.js.map +1 -1
package/dist/signer/webhook/adapters/api-key.d.cts +1 -1
package/dist/signer/webhook/adapters/api-key.d.ts +1 -1
package/dist/signer/webhook/adapters/composite.d.cts +1 -1
package/dist/signer/webhook/adapters/composite.d.ts +1 -1
package/dist/signer/webhook/adapters/oidc.cjs.map +1 -1
package/dist/signer/webhook/adapters/oidc.d.cts +3 -3
package/dist/signer/webhook/adapters/oidc.d.ts +3 -3
package/dist/signer/webhook/adapters/oidc.js.map +1 -1
package/dist/signer/webhook/adapters/trusted-headers.d.cts +1 -1
package/dist/signer/webhook/adapters/trusted-headers.d.ts +1 -1
package/dist/signer/webhook.cjs +40 -6
package/dist/signer/webhook.cjs.map +1 -1
package/dist/signer/webhook.d.cts +23 -6
package/dist/signer/webhook.d.ts +23 -6
package/dist/signer/webhook.js +37 -7
package/dist/signer/webhook.js.map +1 -1
package/dist/tokens.d.cts +1 -1
package/dist/tokens.d.ts +1 -1
package/dist/{types-BORaHW_x.d.cts → types-CcP67AZm.d.cts} +2 -0
package/dist/{types-BORaHW_x.d.ts → types-CcP67AZm.d.ts} +2 -0
package/dist/{verifier-Be9WAjFF.d.cts → verifier-D8z3spC0.d.cts} +2 -0
package/dist/{verifier-Be9WAjFF.d.ts → verifier-D8z3spC0.d.ts} +2 -0
package/dist/verify.d.cts +1 -1
package/dist/verify.d.ts +1 -1
package/package.json +6 -1

package/dist/errors-C9-V_zSi.d.cts ADDED Viewed

@@ -0,0 +1,13 @@
+declare class PmtHouseError extends Error {
+    readonly status: number;
+    readonly code: string;
+    readonly details?: unknown;
+    constructor(message: string, { status, code, details, }?: {
+        status?: number;
+        code?: string;
+        details?: unknown;
+    });
+}
+declare function toPmtHouseError(error: unknown, fallbackMessage: string): PmtHouseError;
+export { PmtHouseError as P, toPmtHouseError as t };

package/dist/errors-C9-V_zSi.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+declare class PmtHouseError extends Error {
+    readonly status: number;
+    readonly code: string;
+    readonly details?: unknown;
+    constructor(message: string, { status, code, details, }?: {
+        status?: number;
+        code?: string;
+        details?: unknown;
+    });
+}
+declare function toPmtHouseError(error: unknown, fallbackMessage: string): PmtHouseError;
+export { PmtHouseError as P, toPmtHouseError as t };

package/dist/{index-D5wdxNYy.d.cts → index-M0tsyotJ.d.cts} RENAMED Viewed

@@ -1,5 +1,5 @@
-import { F as FetchLike } from './types-BORaHW_x.cjs';
-import { U as UsageIdentity, P as PaymentWebhookRequest, V as VerifiedEndUserAuth, E as EndUserAuthVerifier } from './verifier-Be9WAjFF.cjs';
+import { F as FetchLike } from './types-CcP67AZm.cjs';
+import { U as UsageIdentity, P as PaymentWebhookRequest, V as VerifiedEndUserAuth, E as EndUserAuthVerifier } from './verifier-D8z3spC0.cjs';
 import { TrustedHeadersEndUserAuthConfig } from './signer/webhook/adapters/trusted-headers.cjs';
 type WebhookIdentityClaimMapping = {

package/dist/{index-DFJ6qcK0.d.ts → index-rC8smShg.d.ts} RENAMED Viewed

@@ -1,5 +1,5 @@
-import { F as FetchLike } from './types-BORaHW_x.js';
-import { U as UsageIdentity, P as PaymentWebhookRequest, V as VerifiedEndUserAuth, E as EndUserAuthVerifier } from './verifier-Be9WAjFF.js';
+import { F as FetchLike } from './types-CcP67AZm.js';
+import { U as UsageIdentity, P as PaymentWebhookRequest, V as VerifiedEndUserAuth, E as EndUserAuthVerifier } from './verifier-D8z3spC0.js';
 import { TrustedHeadersEndUserAuthConfig } from './signer/webhook/adapters/trusted-headers.js';
 type WebhookIdentityClaimMapping = {

package/dist/index.cjs CHANGED Viewed

@@ -338,6 +338,32 @@ var init_mint_token = __esm({
   }
 });
+// src/signer/direct-signer.ts
+function assertDirectSignerBaseUrl(signerBaseUrl) {
+  let parsed;
+  try {
+    parsed = new URL(signerBaseUrl.trim());
+  } catch {
+    throw new exports.PmtHouseError("signer URL must be an absolute http(s) URL", {
+      status: 400,
+      code: "invalid_signer_url"
+    });
+  }
+  const pathname = stripTrailingSlashes(parsed.pathname);
+  if (pathname === "/api/signer" || pathname.startsWith("/api/signer/")) {
+    throw new exports.PmtHouseError(
+      "signer URL must be the remote signer DMZ base, not a dashboard /api/signer/* proxy path. Exchange at the platform facade, then call signer endpoints directly using signerUrl from the exchange response.",
+      { status: 400, code: "invalid_signer_url" }
+    );
+  }
+}
+var init_direct_signer = __esm({
+  "src/signer/direct-signer.ts"() {
+    init_string_utils();
+    init_errors();
+  }
+});
 // src/signer/device-exchange.ts
 function extractSignerAccessTokenFromExchangeBody(body) {
   const tokenObj = body.token;
@@ -570,6 +596,9 @@ async function exchangeApiKeyForSigner(options) {
   const accessToken = extractSignerAccessTokenFromExchangeBody(parsed);
   const signerUrlRaw = parsed.signerUrl ?? parsed.signer_url;
   const signerUrl = typeof signerUrlRaw === "string" && signerUrlRaw.trim() ? signerUrlRaw.trim() : void 0;
+  if (signerUrl) {
+    assertDirectSignerBaseUrl(signerUrl);
+  }
   return normalizeDeviceExchangeResponse(
     {
       access_token: accessToken,
@@ -632,6 +661,7 @@ var init_api_key_exchange = __esm({
     init_fetch_json();
     init_handler_errors();
     init_device_exchange();
+    init_direct_signer();
     EXCHANGE_RESPONSE_ERROR2 = "invalid_exchange_response";
   }
 });
@@ -1340,8 +1370,14 @@ var PmtHouseClient = class {
     });
   }
   /**
-   * Exchange a dashboard API key for a signer session via a trusted facade (recommended)
-   * or directly when M2M credentials are available on this client.
+   * Exchange a dashboard API key for a short-lived signer JWT via a trusted facade.
+   *
+   * `facadeUrl` is used only for `POST {facadeUrl}/api/pymthouse/keys/exchange`.
+   * After exchange, call signer RPCs directly at `signerUrl` from the response
+   * (e.g. `{signerUrl}/sign-orchestrator-info`), not via dashboard `/api/signer/*`.
+   *
+   * When M2M credentials are available on this client, omit `facadeUrl` to exchange
+   * directly against the PymtHouse issuer.
    */
   async exchangeApiKeyForSignerSession(input) {
     if (input.facadeUrl?.trim()) {
@@ -1358,7 +1394,8 @@ var PmtHouseClient = class {
         token_type: exchanged.token_type,
         expires_in: exchanged.expires_in,
         scope: exchanged.scope,
-        issued_token_type: "urn:ietf:params:oauth:token-type:access_token"
+        issued_token_type: "urn:ietf:params:oauth:token-type:access_token",
+        signerUrl: exchanged.signerUrl
       };
     }
     const userToken = await this.exchangeApiKeyForUserAccessToken({