@pymthouse/builder-sdk 0.4.4 → 0.4.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +120 -5
- package/dist/{client-zCskUJag.d.ts → client-BhNz0ZAA.d.ts} +9 -3
- package/dist/{client-C0HgAugK.d.cts → client-GP-mTEI7.d.cts} +9 -3
- package/dist/device.d.cts +1 -1
- package/dist/device.d.ts +1 -1
- package/dist/env.cjs +40 -3
- package/dist/env.cjs.map +1 -1
- package/dist/env.d.cts +2 -2
- package/dist/env.d.ts +2 -2
- package/dist/env.js +40 -3
- package/dist/env.js.map +1 -1
- package/dist/{index-CAIAYJv7.d.cts → index-M0tsyotJ.d.cts} +1 -1
- package/dist/{index-BL1wpOki.d.ts → index-rC8smShg.d.ts} +1 -1
- package/dist/index.cjs +40 -3
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +4 -4
- package/dist/index.d.ts +4 -4
- package/dist/index.js +40 -3
- package/dist/index.js.map +1 -1
- package/dist/{proxy-KrA1vEmh.d.ts → proxy-CZLY0IfL.d.cts} +5 -2
- package/dist/{proxy-0wa8QZIU.d.cts → proxy-D36SpZ6k.d.ts} +5 -2
- package/dist/signer/gateway.cjs +542 -0
- package/dist/signer/gateway.cjs.map +1 -0
- package/dist/signer/gateway.d.cts +81 -0
- package/dist/signer/gateway.d.ts +81 -0
- package/dist/signer/gateway.js +538 -0
- package/dist/signer/gateway.js.map +1 -0
- package/dist/signer/server.cjs +225 -0
- package/dist/signer/server.cjs.map +1 -1
- package/dist/signer/server.d.cts +35 -4
- package/dist/signer/server.d.ts +35 -4
- package/dist/signer/server.js +219 -1
- package/dist/signer/server.js.map +1 -1
- package/dist/signer/webhook/adapters/oidc.d.cts +2 -2
- package/dist/signer/webhook/adapters/oidc.d.ts +2 -2
- package/dist/signer/webhook.d.cts +3 -3
- package/dist/signer/webhook.d.ts +3 -3
- package/dist/tokens.d.cts +1 -1
- package/dist/tokens.d.ts +1 -1
- package/dist/{types-BORaHW_x.d.cts → types-CcP67AZm.d.cts} +2 -0
- package/dist/{types-BORaHW_x.d.ts → types-CcP67AZm.d.ts} +2 -0
- package/dist/verify.d.cts +1 -1
- package/dist/verify.d.ts +1 -1
- package/package.json +6 -1
package/dist/index.d.cts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
export { NETWORK_USD_PER_MICRO, applyRetailRateToNetworkMicros, defaultRetailRateUsd, markupPercentToRetailRateUsd, parseMarkupPercentInput, parseRetailRateUsd, retailRateUsdPerMillion, retailRateUsdToMarkupPercent } from './plan-pricing.cjs';
|
|
2
|
-
import { S as SignedTicketIngestInput, F as FetchLike, f as SignedTicketIngestResult, r as UsageByUserRow, s as UsageForExternalUser, e as UsageApiResponse, n as MeScopeUsagePayload, t as UsageByPipelineModelRow, u as UsageByPipelineModelFiatRow, O as OidcDiscoveryDocument, v as AppManifestResponse } from './types-
|
|
3
|
-
export { w as AllowancePolicy, x as AppManifestCapability, A as AppUserRecord, q as ApproveDeviceLoginInput, B as BillingProduct, y as BillingSyncState, z as BillingSyncStatus, E as CapabilityPriceRule, C as ClientCredentialsTokenResponse, D as DeviceApprovalInput, o as GetAppManifestResult, G as GetDiscoveryOptions, l as GrantSource, L as ListBillingProductsResult, p as MintSignerSessionForExternalUserInput, M as MintUserAccessTokenInput, b as MintUserAccessTokenResponse, c as MintUserSignerSessionTokenInput, a as ParsedDeviceApprovalRedirect, h as PlanSyncResult, P as PmtHouseClientOptions, H as SignerRoutingConfig, g as SignerRoutingResponse, T as TokenExchangeResponse, U as UpsertAppUserInput, i as UsageBalanceResponse, I as UsageDailyPipelineRow, d as UsageQueryInput, J as UsageTotals, k as UserAllowanceGrantInput, j as UserAllowancesResponse, K as UserCreditGrantInput, N as UserCreditsResponse, m as UserSubscriptionResponse } from './types-
|
|
4
|
-
import { S as SignerUsageSnapshot } from './proxy-
|
|
5
|
-
export { P as PmtHouseClient, b as buildDeviceCodeResource, n as normalizeUserCode } from './client-
|
|
2
|
+
import { S as SignedTicketIngestInput, F as FetchLike, f as SignedTicketIngestResult, r as UsageByUserRow, s as UsageForExternalUser, e as UsageApiResponse, n as MeScopeUsagePayload, t as UsageByPipelineModelRow, u as UsageByPipelineModelFiatRow, O as OidcDiscoveryDocument, v as AppManifestResponse } from './types-CcP67AZm.cjs';
|
|
3
|
+
export { w as AllowancePolicy, x as AppManifestCapability, A as AppUserRecord, q as ApproveDeviceLoginInput, B as BillingProduct, y as BillingSyncState, z as BillingSyncStatus, E as CapabilityPriceRule, C as ClientCredentialsTokenResponse, D as DeviceApprovalInput, o as GetAppManifestResult, G as GetDiscoveryOptions, l as GrantSource, L as ListBillingProductsResult, p as MintSignerSessionForExternalUserInput, M as MintUserAccessTokenInput, b as MintUserAccessTokenResponse, c as MintUserSignerSessionTokenInput, a as ParsedDeviceApprovalRedirect, h as PlanSyncResult, P as PmtHouseClientOptions, H as SignerRoutingConfig, g as SignerRoutingResponse, T as TokenExchangeResponse, U as UpsertAppUserInput, i as UsageBalanceResponse, I as UsageDailyPipelineRow, d as UsageQueryInput, J as UsageTotals, k as UserAllowanceGrantInput, j as UserAllowancesResponse, K as UserCreditGrantInput, N as UserCreditsResponse, m as UserSubscriptionResponse } from './types-CcP67AZm.cjs';
|
|
4
|
+
import { S as SignerUsageSnapshot } from './proxy-CZLY0IfL.cjs';
|
|
5
|
+
export { P as PmtHouseClient, b as buildDeviceCodeResource, n as normalizeUserCode } from './client-GP-mTEI7.cjs';
|
|
6
6
|
export { P as PmtHouseError, t as toPmtHouseError } from './errors-C9-V_zSi.cjs';
|
|
7
7
|
export { PYMTHOUSE_NOT_CONFIGURED_MESSAGE, getBuilderApiV1BaseFromIssuerUrl, getPymthouseIssuerOrigin, getPymthouseIssuerUrlFromEnv, getPymthousePublicClientIdFromEnv, isPymthouseConfigured, readPymthouseEnv } from './config.cjs';
|
|
8
8
|
import { AuthorizationServer } from 'oauth4webapi';
|
package/dist/index.d.ts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
export { NETWORK_USD_PER_MICRO, applyRetailRateToNetworkMicros, defaultRetailRateUsd, markupPercentToRetailRateUsd, parseMarkupPercentInput, parseRetailRateUsd, retailRateUsdPerMillion, retailRateUsdToMarkupPercent } from './plan-pricing.js';
|
|
2
|
-
import { S as SignedTicketIngestInput, F as FetchLike, f as SignedTicketIngestResult, r as UsageByUserRow, s as UsageForExternalUser, e as UsageApiResponse, n as MeScopeUsagePayload, t as UsageByPipelineModelRow, u as UsageByPipelineModelFiatRow, O as OidcDiscoveryDocument, v as AppManifestResponse } from './types-
|
|
3
|
-
export { w as AllowancePolicy, x as AppManifestCapability, A as AppUserRecord, q as ApproveDeviceLoginInput, B as BillingProduct, y as BillingSyncState, z as BillingSyncStatus, E as CapabilityPriceRule, C as ClientCredentialsTokenResponse, D as DeviceApprovalInput, o as GetAppManifestResult, G as GetDiscoveryOptions, l as GrantSource, L as ListBillingProductsResult, p as MintSignerSessionForExternalUserInput, M as MintUserAccessTokenInput, b as MintUserAccessTokenResponse, c as MintUserSignerSessionTokenInput, a as ParsedDeviceApprovalRedirect, h as PlanSyncResult, P as PmtHouseClientOptions, H as SignerRoutingConfig, g as SignerRoutingResponse, T as TokenExchangeResponse, U as UpsertAppUserInput, i as UsageBalanceResponse, I as UsageDailyPipelineRow, d as UsageQueryInput, J as UsageTotals, k as UserAllowanceGrantInput, j as UserAllowancesResponse, K as UserCreditGrantInput, N as UserCreditsResponse, m as UserSubscriptionResponse } from './types-
|
|
4
|
-
import { S as SignerUsageSnapshot } from './proxy-
|
|
5
|
-
export { P as PmtHouseClient, b as buildDeviceCodeResource, n as normalizeUserCode } from './client-
|
|
2
|
+
import { S as SignedTicketIngestInput, F as FetchLike, f as SignedTicketIngestResult, r as UsageByUserRow, s as UsageForExternalUser, e as UsageApiResponse, n as MeScopeUsagePayload, t as UsageByPipelineModelRow, u as UsageByPipelineModelFiatRow, O as OidcDiscoveryDocument, v as AppManifestResponse } from './types-CcP67AZm.js';
|
|
3
|
+
export { w as AllowancePolicy, x as AppManifestCapability, A as AppUserRecord, q as ApproveDeviceLoginInput, B as BillingProduct, y as BillingSyncState, z as BillingSyncStatus, E as CapabilityPriceRule, C as ClientCredentialsTokenResponse, D as DeviceApprovalInput, o as GetAppManifestResult, G as GetDiscoveryOptions, l as GrantSource, L as ListBillingProductsResult, p as MintSignerSessionForExternalUserInput, M as MintUserAccessTokenInput, b as MintUserAccessTokenResponse, c as MintUserSignerSessionTokenInput, a as ParsedDeviceApprovalRedirect, h as PlanSyncResult, P as PmtHouseClientOptions, H as SignerRoutingConfig, g as SignerRoutingResponse, T as TokenExchangeResponse, U as UpsertAppUserInput, i as UsageBalanceResponse, I as UsageDailyPipelineRow, d as UsageQueryInput, J as UsageTotals, k as UserAllowanceGrantInput, j as UserAllowancesResponse, K as UserCreditGrantInput, N as UserCreditsResponse, m as UserSubscriptionResponse } from './types-CcP67AZm.js';
|
|
4
|
+
import { S as SignerUsageSnapshot } from './proxy-D36SpZ6k.js';
|
|
5
|
+
export { P as PmtHouseClient, b as buildDeviceCodeResource, n as normalizeUserCode } from './client-BhNz0ZAA.js';
|
|
6
6
|
export { P as PmtHouseError, t as toPmtHouseError } from './errors-C9-V_zSi.js';
|
|
7
7
|
export { PYMTHOUSE_NOT_CONFIGURED_MESSAGE, getBuilderApiV1BaseFromIssuerUrl, getPymthouseIssuerOrigin, getPymthouseIssuerUrlFromEnv, getPymthousePublicClientIdFromEnv, isPymthouseConfigured, readPymthouseEnv } from './config.js';
|
|
8
8
|
import { AuthorizationServer } from 'oauth4webapi';
|
package/dist/index.js
CHANGED
|
@@ -336,6 +336,32 @@ var init_mint_token = __esm({
|
|
|
336
336
|
}
|
|
337
337
|
});
|
|
338
338
|
|
|
339
|
+
// src/signer/direct-signer.ts
|
|
340
|
+
function assertDirectSignerBaseUrl(signerBaseUrl) {
|
|
341
|
+
let parsed;
|
|
342
|
+
try {
|
|
343
|
+
parsed = new URL(signerBaseUrl.trim());
|
|
344
|
+
} catch {
|
|
345
|
+
throw new PmtHouseError("signer URL must be an absolute http(s) URL", {
|
|
346
|
+
status: 400,
|
|
347
|
+
code: "invalid_signer_url"
|
|
348
|
+
});
|
|
349
|
+
}
|
|
350
|
+
const pathname = stripTrailingSlashes(parsed.pathname);
|
|
351
|
+
if (pathname === "/api/signer" || pathname.startsWith("/api/signer/")) {
|
|
352
|
+
throw new PmtHouseError(
|
|
353
|
+
"signer URL must be the remote signer DMZ base, not a dashboard /api/signer/* proxy path. Exchange at the platform facade, then call signer endpoints directly using signerUrl from the exchange response.",
|
|
354
|
+
{ status: 400, code: "invalid_signer_url" }
|
|
355
|
+
);
|
|
356
|
+
}
|
|
357
|
+
}
|
|
358
|
+
var init_direct_signer = __esm({
|
|
359
|
+
"src/signer/direct-signer.ts"() {
|
|
360
|
+
init_string_utils();
|
|
361
|
+
init_errors();
|
|
362
|
+
}
|
|
363
|
+
});
|
|
364
|
+
|
|
339
365
|
// src/signer/device-exchange.ts
|
|
340
366
|
function extractSignerAccessTokenFromExchangeBody(body) {
|
|
341
367
|
const tokenObj = body.token;
|
|
@@ -568,6 +594,9 @@ async function exchangeApiKeyForSigner(options) {
|
|
|
568
594
|
const accessToken = extractSignerAccessTokenFromExchangeBody(parsed);
|
|
569
595
|
const signerUrlRaw = parsed.signerUrl ?? parsed.signer_url;
|
|
570
596
|
const signerUrl = typeof signerUrlRaw === "string" && signerUrlRaw.trim() ? signerUrlRaw.trim() : void 0;
|
|
597
|
+
if (signerUrl) {
|
|
598
|
+
assertDirectSignerBaseUrl(signerUrl);
|
|
599
|
+
}
|
|
571
600
|
return normalizeDeviceExchangeResponse(
|
|
572
601
|
{
|
|
573
602
|
access_token: accessToken,
|
|
@@ -630,6 +659,7 @@ var init_api_key_exchange = __esm({
|
|
|
630
659
|
init_fetch_json();
|
|
631
660
|
init_handler_errors();
|
|
632
661
|
init_device_exchange();
|
|
662
|
+
init_direct_signer();
|
|
633
663
|
EXCHANGE_RESPONSE_ERROR2 = "invalid_exchange_response";
|
|
634
664
|
}
|
|
635
665
|
});
|
|
@@ -1338,8 +1368,14 @@ var PmtHouseClient = class {
|
|
|
1338
1368
|
});
|
|
1339
1369
|
}
|
|
1340
1370
|
/**
|
|
1341
|
-
* Exchange a dashboard API key for a signer
|
|
1342
|
-
*
|
|
1371
|
+
* Exchange a dashboard API key for a short-lived signer JWT via a trusted facade.
|
|
1372
|
+
*
|
|
1373
|
+
* `facadeUrl` is used only for `POST {facadeUrl}/api/pymthouse/keys/exchange`.
|
|
1374
|
+
* After exchange, call signer RPCs directly at `signerUrl` from the response
|
|
1375
|
+
* (e.g. `{signerUrl}/sign-orchestrator-info`), not via dashboard `/api/signer/*`.
|
|
1376
|
+
*
|
|
1377
|
+
* When M2M credentials are available on this client, omit `facadeUrl` to exchange
|
|
1378
|
+
* directly against the PymtHouse issuer.
|
|
1343
1379
|
*/
|
|
1344
1380
|
async exchangeApiKeyForSignerSession(input) {
|
|
1345
1381
|
if (input.facadeUrl?.trim()) {
|
|
@@ -1356,7 +1392,8 @@ var PmtHouseClient = class {
|
|
|
1356
1392
|
token_type: exchanged.token_type,
|
|
1357
1393
|
expires_in: exchanged.expires_in,
|
|
1358
1394
|
scope: exchanged.scope,
|
|
1359
|
-
issued_token_type: "urn:ietf:params:oauth:token-type:access_token"
|
|
1395
|
+
issued_token_type: "urn:ietf:params:oauth:token-type:access_token",
|
|
1396
|
+
signerUrl: exchanged.signerUrl
|
|
1360
1397
|
};
|
|
1361
1398
|
}
|
|
1362
1399
|
const userToken = await this.exchangeApiKeyForUserAccessToken({
|