npm - @pymthouse/builder-sdk - Versions diffs - 0.4.3 → 0.4.5 - Mend

@pymthouse/builder-sdk 0.4.3 → 0.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

package/README.md +120 -5
package/dist/{client-zCskUJag.d.ts → client-BhNz0ZAA.d.ts} +9 -3
package/dist/{client-C0HgAugK.d.cts → client-GP-mTEI7.d.cts} +9 -3
package/dist/device.d.cts +1 -1
package/dist/device.d.ts +1 -1
package/dist/env.cjs +40 -3
package/dist/env.cjs.map +1 -1
package/dist/env.d.cts +2 -2
package/dist/env.d.ts +2 -2
package/dist/env.js +40 -3
package/dist/env.js.map +1 -1
package/dist/errors-C9-V_zSi.d.cts +13 -0
package/dist/errors-C9-V_zSi.d.ts +13 -0
package/dist/{index-D5wdxNYy.d.cts → index-M0tsyotJ.d.cts} +2 -2
package/dist/{index-DFJ6qcK0.d.ts → index-rC8smShg.d.ts} +2 -2
package/dist/index.cjs +40 -3
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +6 -17
package/dist/index.d.ts +6 -17
package/dist/index.js +40 -3
package/dist/index.js.map +1 -1
package/dist/{proxy-KrA1vEmh.d.ts → proxy-CZLY0IfL.d.cts} +5 -2
package/dist/{proxy-0wa8QZIU.d.cts → proxy-D36SpZ6k.d.ts} +5 -2
package/dist/signer/gateway.cjs +542 -0
package/dist/signer/gateway.cjs.map +1 -0
package/dist/signer/gateway.d.cts +81 -0
package/dist/signer/gateway.d.ts +81 -0
package/dist/signer/gateway.js +538 -0
package/dist/signer/gateway.js.map +1 -0
package/dist/signer/server.cjs +225 -0
package/dist/signer/server.cjs.map +1 -1
package/dist/signer/server.d.cts +35 -4
package/dist/signer/server.d.ts +35 -4
package/dist/signer/server.js +219 -1
package/dist/signer/server.js.map +1 -1
package/dist/signer/webhook/adapters/api-key.d.cts +1 -1
package/dist/signer/webhook/adapters/api-key.d.ts +1 -1
package/dist/signer/webhook/adapters/composite.d.cts +1 -1
package/dist/signer/webhook/adapters/composite.d.ts +1 -1
package/dist/signer/webhook/adapters/oidc.cjs.map +1 -1
package/dist/signer/webhook/adapters/oidc.d.cts +3 -3
package/dist/signer/webhook/adapters/oidc.d.ts +3 -3
package/dist/signer/webhook/adapters/oidc.js.map +1 -1
package/dist/signer/webhook/adapters/trusted-headers.d.cts +1 -1
package/dist/signer/webhook/adapters/trusted-headers.d.ts +1 -1
package/dist/signer/webhook.cjs +40 -6
package/dist/signer/webhook.cjs.map +1 -1
package/dist/signer/webhook.d.cts +23 -6
package/dist/signer/webhook.d.ts +23 -6
package/dist/signer/webhook.js +37 -7
package/dist/signer/webhook.js.map +1 -1
package/dist/tokens.d.cts +1 -1
package/dist/tokens.d.ts +1 -1
package/dist/{types-BORaHW_x.d.cts → types-CcP67AZm.d.cts} +2 -0
package/dist/{types-BORaHW_x.d.ts → types-CcP67AZm.d.ts} +2 -0
package/dist/{verifier-Be9WAjFF.d.cts → verifier-D8z3spC0.d.cts} +2 -0
package/dist/{verifier-Be9WAjFF.d.ts → verifier-D8z3spC0.d.ts} +2 -0
package/dist/verify.d.cts +1 -1
package/dist/verify.d.ts +1 -1
package/package.json +6 -1

package/dist/index.d.cts CHANGED Viewed

@@ -1,8 +1,9 @@
 export { NETWORK_USD_PER_MICRO, applyRetailRateToNetworkMicros, defaultRetailRateUsd, markupPercentToRetailRateUsd, parseMarkupPercentInput, parseRetailRateUsd, retailRateUsdPerMillion, retailRateUsdToMarkupPercent } from './plan-pricing.cjs';
-import { S as SignedTicketIngestInput, F as FetchLike, f as SignedTicketIngestResult, r as UsageByUserRow, s as UsageForExternalUser, e as UsageApiResponse, n as MeScopeUsagePayload, t as UsageByPipelineModelRow, u as UsageByPipelineModelFiatRow, O as OidcDiscoveryDocument, v as AppManifestResponse } from './types-BORaHW_x.cjs';
-export { w as AllowancePolicy, x as AppManifestCapability, A as AppUserRecord, q as ApproveDeviceLoginInput, B as BillingProduct, y as BillingSyncState, z as BillingSyncStatus, E as CapabilityPriceRule, C as ClientCredentialsTokenResponse, D as DeviceApprovalInput, o as GetAppManifestResult, G as GetDiscoveryOptions, l as GrantSource, L as ListBillingProductsResult, p as MintSignerSessionForExternalUserInput, M as MintUserAccessTokenInput, b as MintUserAccessTokenResponse, c as MintUserSignerSessionTokenInput, a as ParsedDeviceApprovalRedirect, h as PlanSyncResult, P as PmtHouseClientOptions, H as SignerRoutingConfig, g as SignerRoutingResponse, T as TokenExchangeResponse, U as UpsertAppUserInput, i as UsageBalanceResponse, I as UsageDailyPipelineRow, d as UsageQueryInput, J as UsageTotals, k as UserAllowanceGrantInput, j as UserAllowancesResponse, K as UserCreditGrantInput, N as UserCreditsResponse, m as UserSubscriptionResponse } from './types-BORaHW_x.cjs';
-import { S as SignerUsageSnapshot } from './proxy-0wa8QZIU.cjs';
-export { P as PmtHouseClient, b as buildDeviceCodeResource, n as normalizeUserCode } from './client-C0HgAugK.cjs';
+import { S as SignedTicketIngestInput, F as FetchLike, f as SignedTicketIngestResult, r as UsageByUserRow, s as UsageForExternalUser, e as UsageApiResponse, n as MeScopeUsagePayload, t as UsageByPipelineModelRow, u as UsageByPipelineModelFiatRow, O as OidcDiscoveryDocument, v as AppManifestResponse } from './types-CcP67AZm.cjs';
+export { w as AllowancePolicy, x as AppManifestCapability, A as AppUserRecord, q as ApproveDeviceLoginInput, B as BillingProduct, y as BillingSyncState, z as BillingSyncStatus, E as CapabilityPriceRule, C as ClientCredentialsTokenResponse, D as DeviceApprovalInput, o as GetAppManifestResult, G as GetDiscoveryOptions, l as GrantSource, L as ListBillingProductsResult, p as MintSignerSessionForExternalUserInput, M as MintUserAccessTokenInput, b as MintUserAccessTokenResponse, c as MintUserSignerSessionTokenInput, a as ParsedDeviceApprovalRedirect, h as PlanSyncResult, P as PmtHouseClientOptions, H as SignerRoutingConfig, g as SignerRoutingResponse, T as TokenExchangeResponse, U as UpsertAppUserInput, i as UsageBalanceResponse, I as UsageDailyPipelineRow, d as UsageQueryInput, J as UsageTotals, k as UserAllowanceGrantInput, j as UserAllowancesResponse, K as UserCreditGrantInput, N as UserCreditsResponse, m as UserSubscriptionResponse } from './types-CcP67AZm.cjs';
+import { S as SignerUsageSnapshot } from './proxy-CZLY0IfL.cjs';
+export { P as PmtHouseClient, b as buildDeviceCodeResource, n as normalizeUserCode } from './client-GP-mTEI7.cjs';
+export { P as PmtHouseError, t as toPmtHouseError } from './errors-C9-V_zSi.cjs';
 export { PYMTHOUSE_NOT_CONFIGURED_MESSAGE, getBuilderApiV1BaseFromIssuerUrl, getPymthouseIssuerOrigin, getPymthouseIssuerUrlFromEnv, getPymthousePublicClientIdFromEnv, isPymthouseConfigured, readPymthouseEnv } from './config.cjs';
 import { AuthorizationServer } from 'oauth4webapi';
 export { PYMTHOUSE_SIGNER_SESSION_TTL_MS, SIGNER_SESSION_EXPIRES_IN_SEC, SIGNER_SESSION_TTL_MS, SIGN_JOB_SCOPE, SignerSessionToken, computePymthouseExpiry, computeSignerSessionExpiry, decodeJwtExp, isLikelyOidcJwt, isOpaqueSignerSessionToken, parseSignerSessionExchange } from './tokens.cjs';
@@ -77,18 +78,6 @@ declare function buildMeScopeUsagePayload(usageByUser: UsageApiResponse, externa
 /** Default cap for parallel pipeline_model fetches per external user (matches NaaP BFF). */
 declare const DEFAULT_MAX_END_USER_IDS = 25;
-declare class PmtHouseError extends Error {
-    readonly status: number;
-    readonly code: string;
-    readonly details?: unknown;
-    constructor(message: string, { status, code, details, }?: {
-        status?: number;
-        code?: string;
-        details?: unknown;
-    });
-}
-declare function toPmtHouseError(error: unknown, fallbackMessage: string): PmtHouseError;
 declare function authorizationServerToOidcDocument(as: AuthorizationServer): OidcDiscoveryDocument;
 interface LoadAuthorizationServerOptions {
     force?: boolean;
@@ -104,4 +93,4 @@ declare function clearDiscoveryCache(issuerUrl?: string): void;
 declare function parseAppManifestResponse(json: unknown): AppManifestResponse;
 declare function computeManifestRevision(data: Pick<AppManifestResponse, "capabilities" | "excludedCapabilities" | "manifestVersion"> | null): string;
-export { AppManifestResponse, DEFAULT_MAX_END_USER_IDS, FetchLike, type LoadAuthorizationServerOptions, MeScopeUsagePayload, OidcDiscoveryDocument, PmtHouseError, SignedTicketIngestInput, SignedTicketIngestResult, UsageApiResponse, UsageByPipelineModelFiatRow, UsageByPipelineModelRow, UsageByUserRow, UsageForExternalUser, aggregateUsageByExternalUserId, authorizationServerToOidcDocument, buildMeScopeUsagePayload, clearDiscoveryCache, computeManifestRevision, fetchDiscoveryDocument, getEndUserIdsForExternalUser, getUsageRecordUserIdsForExternalUser, getUtcCalendarMonthIsoBounds, ingestSignedTicket, ingestSignedTicketsBatch, listUsageByPipelineModel, loadAuthorizationServer, mergeUsageByPipelineModel, parseAppManifestResponse, parseUsageDateParam, signerSnapshotToIngestPayload, summarizeUsageFiatForExternalUser, summarizeUsageForExternalUser, toPmtHouseError };
+export { AppManifestResponse, DEFAULT_MAX_END_USER_IDS, FetchLike, type LoadAuthorizationServerOptions, MeScopeUsagePayload, OidcDiscoveryDocument, SignedTicketIngestInput, SignedTicketIngestResult, UsageApiResponse, UsageByPipelineModelFiatRow, UsageByPipelineModelRow, UsageByUserRow, UsageForExternalUser, aggregateUsageByExternalUserId, authorizationServerToOidcDocument, buildMeScopeUsagePayload, clearDiscoveryCache, computeManifestRevision, fetchDiscoveryDocument, getEndUserIdsForExternalUser, getUsageRecordUserIdsForExternalUser, getUtcCalendarMonthIsoBounds, ingestSignedTicket, ingestSignedTicketsBatch, listUsageByPipelineModel, loadAuthorizationServer, mergeUsageByPipelineModel, parseAppManifestResponse, parseUsageDateParam, signerSnapshotToIngestPayload, summarizeUsageFiatForExternalUser, summarizeUsageForExternalUser };

package/dist/index.d.ts CHANGED Viewed

@@ -1,8 +1,9 @@
 export { NETWORK_USD_PER_MICRO, applyRetailRateToNetworkMicros, defaultRetailRateUsd, markupPercentToRetailRateUsd, parseMarkupPercentInput, parseRetailRateUsd, retailRateUsdPerMillion, retailRateUsdToMarkupPercent } from './plan-pricing.js';
-import { S as SignedTicketIngestInput, F as FetchLike, f as SignedTicketIngestResult, r as UsageByUserRow, s as UsageForExternalUser, e as UsageApiResponse, n as MeScopeUsagePayload, t as UsageByPipelineModelRow, u as UsageByPipelineModelFiatRow, O as OidcDiscoveryDocument, v as AppManifestResponse } from './types-BORaHW_x.js';
-export { w as AllowancePolicy, x as AppManifestCapability, A as AppUserRecord, q as ApproveDeviceLoginInput, B as BillingProduct, y as BillingSyncState, z as BillingSyncStatus, E as CapabilityPriceRule, C as ClientCredentialsTokenResponse, D as DeviceApprovalInput, o as GetAppManifestResult, G as GetDiscoveryOptions, l as GrantSource, L as ListBillingProductsResult, p as MintSignerSessionForExternalUserInput, M as MintUserAccessTokenInput, b as MintUserAccessTokenResponse, c as MintUserSignerSessionTokenInput, a as ParsedDeviceApprovalRedirect, h as PlanSyncResult, P as PmtHouseClientOptions, H as SignerRoutingConfig, g as SignerRoutingResponse, T as TokenExchangeResponse, U as UpsertAppUserInput, i as UsageBalanceResponse, I as UsageDailyPipelineRow, d as UsageQueryInput, J as UsageTotals, k as UserAllowanceGrantInput, j as UserAllowancesResponse, K as UserCreditGrantInput, N as UserCreditsResponse, m as UserSubscriptionResponse } from './types-BORaHW_x.js';
-import { S as SignerUsageSnapshot } from './proxy-KrA1vEmh.js';
-export { P as PmtHouseClient, b as buildDeviceCodeResource, n as normalizeUserCode } from './client-zCskUJag.js';
+import { S as SignedTicketIngestInput, F as FetchLike, f as SignedTicketIngestResult, r as UsageByUserRow, s as UsageForExternalUser, e as UsageApiResponse, n as MeScopeUsagePayload, t as UsageByPipelineModelRow, u as UsageByPipelineModelFiatRow, O as OidcDiscoveryDocument, v as AppManifestResponse } from './types-CcP67AZm.js';
+export { w as AllowancePolicy, x as AppManifestCapability, A as AppUserRecord, q as ApproveDeviceLoginInput, B as BillingProduct, y as BillingSyncState, z as BillingSyncStatus, E as CapabilityPriceRule, C as ClientCredentialsTokenResponse, D as DeviceApprovalInput, o as GetAppManifestResult, G as GetDiscoveryOptions, l as GrantSource, L as ListBillingProductsResult, p as MintSignerSessionForExternalUserInput, M as MintUserAccessTokenInput, b as MintUserAccessTokenResponse, c as MintUserSignerSessionTokenInput, a as ParsedDeviceApprovalRedirect, h as PlanSyncResult, P as PmtHouseClientOptions, H as SignerRoutingConfig, g as SignerRoutingResponse, T as TokenExchangeResponse, U as UpsertAppUserInput, i as UsageBalanceResponse, I as UsageDailyPipelineRow, d as UsageQueryInput, J as UsageTotals, k as UserAllowanceGrantInput, j as UserAllowancesResponse, K as UserCreditGrantInput, N as UserCreditsResponse, m as UserSubscriptionResponse } from './types-CcP67AZm.js';
+import { S as SignerUsageSnapshot } from './proxy-D36SpZ6k.js';
+export { P as PmtHouseClient, b as buildDeviceCodeResource, n as normalizeUserCode } from './client-BhNz0ZAA.js';
+export { P as PmtHouseError, t as toPmtHouseError } from './errors-C9-V_zSi.js';
 export { PYMTHOUSE_NOT_CONFIGURED_MESSAGE, getBuilderApiV1BaseFromIssuerUrl, getPymthouseIssuerOrigin, getPymthouseIssuerUrlFromEnv, getPymthousePublicClientIdFromEnv, isPymthouseConfigured, readPymthouseEnv } from './config.js';
 import { AuthorizationServer } from 'oauth4webapi';
 export { PYMTHOUSE_SIGNER_SESSION_TTL_MS, SIGNER_SESSION_EXPIRES_IN_SEC, SIGNER_SESSION_TTL_MS, SIGN_JOB_SCOPE, SignerSessionToken, computePymthouseExpiry, computeSignerSessionExpiry, decodeJwtExp, isLikelyOidcJwt, isOpaqueSignerSessionToken, parseSignerSessionExchange } from './tokens.js';
@@ -77,18 +78,6 @@ declare function buildMeScopeUsagePayload(usageByUser: UsageApiResponse, externa
 /** Default cap for parallel pipeline_model fetches per external user (matches NaaP BFF). */
 declare const DEFAULT_MAX_END_USER_IDS = 25;
-declare class PmtHouseError extends Error {
-    readonly status: number;
-    readonly code: string;
-    readonly details?: unknown;
-    constructor(message: string, { status, code, details, }?: {
-        status?: number;
-        code?: string;
-        details?: unknown;
-    });
-}
-declare function toPmtHouseError(error: unknown, fallbackMessage: string): PmtHouseError;
 declare function authorizationServerToOidcDocument(as: AuthorizationServer): OidcDiscoveryDocument;
 interface LoadAuthorizationServerOptions {
     force?: boolean;
@@ -104,4 +93,4 @@ declare function clearDiscoveryCache(issuerUrl?: string): void;
 declare function parseAppManifestResponse(json: unknown): AppManifestResponse;
 declare function computeManifestRevision(data: Pick<AppManifestResponse, "capabilities" | "excludedCapabilities" | "manifestVersion"> | null): string;
-export { AppManifestResponse, DEFAULT_MAX_END_USER_IDS, FetchLike, type LoadAuthorizationServerOptions, MeScopeUsagePayload, OidcDiscoveryDocument, PmtHouseError, SignedTicketIngestInput, SignedTicketIngestResult, UsageApiResponse, UsageByPipelineModelFiatRow, UsageByPipelineModelRow, UsageByUserRow, UsageForExternalUser, aggregateUsageByExternalUserId, authorizationServerToOidcDocument, buildMeScopeUsagePayload, clearDiscoveryCache, computeManifestRevision, fetchDiscoveryDocument, getEndUserIdsForExternalUser, getUsageRecordUserIdsForExternalUser, getUtcCalendarMonthIsoBounds, ingestSignedTicket, ingestSignedTicketsBatch, listUsageByPipelineModel, loadAuthorizationServer, mergeUsageByPipelineModel, parseAppManifestResponse, parseUsageDateParam, signerSnapshotToIngestPayload, summarizeUsageFiatForExternalUser, summarizeUsageForExternalUser, toPmtHouseError };
+export { AppManifestResponse, DEFAULT_MAX_END_USER_IDS, FetchLike, type LoadAuthorizationServerOptions, MeScopeUsagePayload, OidcDiscoveryDocument, SignedTicketIngestInput, SignedTicketIngestResult, UsageApiResponse, UsageByPipelineModelFiatRow, UsageByPipelineModelRow, UsageByUserRow, UsageForExternalUser, aggregateUsageByExternalUserId, authorizationServerToOidcDocument, buildMeScopeUsagePayload, clearDiscoveryCache, computeManifestRevision, fetchDiscoveryDocument, getEndUserIdsForExternalUser, getUsageRecordUserIdsForExternalUser, getUtcCalendarMonthIsoBounds, ingestSignedTicket, ingestSignedTicketsBatch, listUsageByPipelineModel, loadAuthorizationServer, mergeUsageByPipelineModel, parseAppManifestResponse, parseUsageDateParam, signerSnapshotToIngestPayload, summarizeUsageFiatForExternalUser, summarizeUsageForExternalUser };

package/dist/index.js CHANGED Viewed

@@ -336,6 +336,32 @@ var init_mint_token = __esm({
   }
 });
+// src/signer/direct-signer.ts
+function assertDirectSignerBaseUrl(signerBaseUrl) {
+  let parsed;
+  try {
+    parsed = new URL(signerBaseUrl.trim());
+  } catch {
+    throw new PmtHouseError("signer URL must be an absolute http(s) URL", {
+      status: 400,
+      code: "invalid_signer_url"
+    });
+  }
+  const pathname = stripTrailingSlashes(parsed.pathname);
+  if (pathname === "/api/signer" || pathname.startsWith("/api/signer/")) {
+    throw new PmtHouseError(
+      "signer URL must be the remote signer DMZ base, not a dashboard /api/signer/* proxy path. Exchange at the platform facade, then call signer endpoints directly using signerUrl from the exchange response.",
+      { status: 400, code: "invalid_signer_url" }
+    );
+  }
+}
+var init_direct_signer = __esm({
+  "src/signer/direct-signer.ts"() {
+    init_string_utils();
+    init_errors();
+  }
+});
 // src/signer/device-exchange.ts
 function extractSignerAccessTokenFromExchangeBody(body) {
   const tokenObj = body.token;
@@ -568,6 +594,9 @@ async function exchangeApiKeyForSigner(options) {
   const accessToken = extractSignerAccessTokenFromExchangeBody(parsed);
   const signerUrlRaw = parsed.signerUrl ?? parsed.signer_url;
   const signerUrl = typeof signerUrlRaw === "string" && signerUrlRaw.trim() ? signerUrlRaw.trim() : void 0;
+  if (signerUrl) {
+    assertDirectSignerBaseUrl(signerUrl);
+  }
   return normalizeDeviceExchangeResponse(
     {
       access_token: accessToken,
@@ -630,6 +659,7 @@ var init_api_key_exchange = __esm({
     init_fetch_json();
     init_handler_errors();
     init_device_exchange();
+    init_direct_signer();
     EXCHANGE_RESPONSE_ERROR2 = "invalid_exchange_response";
   }
 });
@@ -1338,8 +1368,14 @@ var PmtHouseClient = class {
     });
   }
   /**
-   * Exchange a dashboard API key for a signer session via a trusted facade (recommended)
-   * or directly when M2M credentials are available on this client.
+   * Exchange a dashboard API key for a short-lived signer JWT via a trusted facade.
+   *
+   * `facadeUrl` is used only for `POST {facadeUrl}/api/pymthouse/keys/exchange`.
+   * After exchange, call signer RPCs directly at `signerUrl` from the response
+   * (e.g. `{signerUrl}/sign-orchestrator-info`), not via dashboard `/api/signer/*`.
+   *
+   * When M2M credentials are available on this client, omit `facadeUrl` to exchange
+   * directly against the PymtHouse issuer.
    */
   async exchangeApiKeyForSignerSession(input) {
     if (input.facadeUrl?.trim()) {
@@ -1356,7 +1392,8 @@ var PmtHouseClient = class {
         token_type: exchanged.token_type,
         expires_in: exchanged.expires_in,
         scope: exchanged.scope,
-        issued_token_type: "urn:ietf:params:oauth:token-type:access_token"
+        issued_token_type: "urn:ietf:params:oauth:token-type:access_token",
+        signerUrl: exchanged.signerUrl
       };
     }
     const userToken = await this.exchangeApiKeyForUserAccessToken({