npm - @pymthouse/builder-sdk - Versions diffs - 0.4.5 → 0.4.6 - Mend

@pymthouse/builder-sdk 0.4.5 → 0.4.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/{client-GP-mTEI7.d.cts → client-CEBVgCD7.d.cts} +19 -1
package/dist/{client-BhNz0ZAA.d.ts → client-D-p6v8ju.d.ts} +19 -1
package/dist/env.cjs +24 -6
package/dist/env.cjs.map +1 -1
package/dist/env.d.cts +1 -1
package/dist/env.d.ts +1 -1
package/dist/env.js +24 -6
package/dist/env.js.map +1 -1
package/dist/index.cjs +24 -6
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +1 -1
package/dist/index.d.ts +1 -1
package/dist/index.js +24 -6
package/dist/index.js.map +1 -1
package/package.json +1 -1

package/dist/index.d.cts CHANGED Viewed

@@ -2,7 +2,7 @@ export { NETWORK_USD_PER_MICRO, applyRetailRateToNetworkMicros, defaultRetailRat
 import { S as SignedTicketIngestInput, F as FetchLike, f as SignedTicketIngestResult, r as UsageByUserRow, s as UsageForExternalUser, e as UsageApiResponse, n as MeScopeUsagePayload, t as UsageByPipelineModelRow, u as UsageByPipelineModelFiatRow, O as OidcDiscoveryDocument, v as AppManifestResponse } from './types-CcP67AZm.cjs';
 export { w as AllowancePolicy, x as AppManifestCapability, A as AppUserRecord, q as ApproveDeviceLoginInput, B as BillingProduct, y as BillingSyncState, z as BillingSyncStatus, E as CapabilityPriceRule, C as ClientCredentialsTokenResponse, D as DeviceApprovalInput, o as GetAppManifestResult, G as GetDiscoveryOptions, l as GrantSource, L as ListBillingProductsResult, p as MintSignerSessionForExternalUserInput, M as MintUserAccessTokenInput, b as MintUserAccessTokenResponse, c as MintUserSignerSessionTokenInput, a as ParsedDeviceApprovalRedirect, h as PlanSyncResult, P as PmtHouseClientOptions, H as SignerRoutingConfig, g as SignerRoutingResponse, T as TokenExchangeResponse, U as UpsertAppUserInput, i as UsageBalanceResponse, I as UsageDailyPipelineRow, d as UsageQueryInput, J as UsageTotals, k as UserAllowanceGrantInput, j as UserAllowancesResponse, K as UserCreditGrantInput, N as UserCreditsResponse, m as UserSubscriptionResponse } from './types-CcP67AZm.cjs';
 import { S as SignerUsageSnapshot } from './proxy-CZLY0IfL.cjs';
-export { P as PmtHouseClient, b as buildDeviceCodeResource, n as normalizeUserCode } from './client-GP-mTEI7.cjs';
+export { P as PmtHouseClient, b as buildDeviceCodeResource, n as normalizeUserCode } from './client-CEBVgCD7.cjs';
 export { P as PmtHouseError, t as toPmtHouseError } from './errors-C9-V_zSi.cjs';
 export { PYMTHOUSE_NOT_CONFIGURED_MESSAGE, getBuilderApiV1BaseFromIssuerUrl, getPymthouseIssuerOrigin, getPymthouseIssuerUrlFromEnv, getPymthousePublicClientIdFromEnv, isPymthouseConfigured, readPymthouseEnv } from './config.cjs';
 import { AuthorizationServer } from 'oauth4webapi';

package/dist/index.d.ts CHANGED Viewed

@@ -2,7 +2,7 @@ export { NETWORK_USD_PER_MICRO, applyRetailRateToNetworkMicros, defaultRetailRat
 import { S as SignedTicketIngestInput, F as FetchLike, f as SignedTicketIngestResult, r as UsageByUserRow, s as UsageForExternalUser, e as UsageApiResponse, n as MeScopeUsagePayload, t as UsageByPipelineModelRow, u as UsageByPipelineModelFiatRow, O as OidcDiscoveryDocument, v as AppManifestResponse } from './types-CcP67AZm.js';
 export { w as AllowancePolicy, x as AppManifestCapability, A as AppUserRecord, q as ApproveDeviceLoginInput, B as BillingProduct, y as BillingSyncState, z as BillingSyncStatus, E as CapabilityPriceRule, C as ClientCredentialsTokenResponse, D as DeviceApprovalInput, o as GetAppManifestResult, G as GetDiscoveryOptions, l as GrantSource, L as ListBillingProductsResult, p as MintSignerSessionForExternalUserInput, M as MintUserAccessTokenInput, b as MintUserAccessTokenResponse, c as MintUserSignerSessionTokenInput, a as ParsedDeviceApprovalRedirect, h as PlanSyncResult, P as PmtHouseClientOptions, H as SignerRoutingConfig, g as SignerRoutingResponse, T as TokenExchangeResponse, U as UpsertAppUserInput, i as UsageBalanceResponse, I as UsageDailyPipelineRow, d as UsageQueryInput, J as UsageTotals, k as UserAllowanceGrantInput, j as UserAllowancesResponse, K as UserCreditGrantInput, N as UserCreditsResponse, m as UserSubscriptionResponse } from './types-CcP67AZm.js';
 import { S as SignerUsageSnapshot } from './proxy-D36SpZ6k.js';
-export { P as PmtHouseClient, b as buildDeviceCodeResource, n as normalizeUserCode } from './client-BhNz0ZAA.js';
+export { P as PmtHouseClient, b as buildDeviceCodeResource, n as normalizeUserCode } from './client-D-p6v8ju.js';
 export { P as PmtHouseError, t as toPmtHouseError } from './errors-C9-V_zSi.js';
 export { PYMTHOUSE_NOT_CONFIGURED_MESSAGE, getBuilderApiV1BaseFromIssuerUrl, getPymthouseIssuerOrigin, getPymthouseIssuerUrlFromEnv, getPymthousePublicClientIdFromEnv, isPymthouseConfigured, readPymthouseEnv } from './config.js';
 import { AuthorizationServer } from 'oauth4webapi';

package/dist/index.js CHANGED Viewed

@@ -1467,8 +1467,13 @@ var PmtHouseClient = class {
     params.set("subject_token", input.userJwt);
     params.set("subject_token_type", SUBJECT_ACCESS_TOKEN_TYPE2);
     params.set("requested_token_type", REQUESTED_ACCESS_TOKEN_TYPE);
-    const resourceCandidate = typeof input.resource === "string" && input.resource.trim() !== "" ? input.resource.trim() : this.issuerUrl;
-    params.set("resource", stripTrailingSlashes(resourceCandidate));
+    if (typeof input.scope === "string" && input.scope.trim() !== "") {
+      params.set("scope", input.scope.trim());
+    }
+    if (!input.omitResource) {
+      const resourceCandidate = typeof input.resource === "string" && input.resource.trim() !== "" ? input.resource.trim() : this.issuerUrl;
+      params.set("resource", stripTrailingSlashes(resourceCandidate));
+    }
     try {
       const response = await genericTokenEndpointRequest(
         as,
@@ -1754,18 +1759,31 @@ var PmtHouseClient = class {
     };
   }
   /**
-   * Upsert an external user, mint a short-lived JWT, and exchange for an opaque signer session.
+   * Upsert an external user, mint a short-lived JWT, and exchange it for a
+   * long-lived opaque (`pmth_*`) signer session.
+   *
+   * Performs the *documented* remote-signer-session exchange (see
+   * `builder-api.md` → "Remote signer session exchange"): the RFC 8693 token
+   * exchange is sent with `scope=sign:job` and **no `resource` indicator**,
+   * which selects the PymtHouse gateway/opaque path. A prior implementation set
+   * `resource = issuer`, which routed to the signer-JWT path and returned a JWT
+   * that {@link parseSignerSessionExchange} then rejected as non-opaque.
    */
   async mintSignerSessionForExternalUser(input) {
+    const scope = input.scope ?? SIGN_JOB_SCOPE;
     await this.upsertAppUser({
       externalUserId: input.externalUserId,
       email: input.email,
       status: "active"
     });
-    const exchange = await this.mintUserSignerSessionToken({
+    const userToken = await this.mintUserAccessToken({
       externalUserId: input.externalUserId,
-      scope: input.scope ?? SIGN_JOB_SCOPE,
-      resource: this.issuerUrl
+      scope
+    });
+    const exchange = await this.exchangeForSignerSession({
+      userJwt: userToken.access_token,
+      omitResource: true,
+      scope
     });
     return parseSignerSessionExchange(exchange);
   }