@riverbankcms/sdk 0.7.2 → 0.7.3

package/dist/server/chunk-2IZ6S225.js

@@ -0,0 +1,122 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _optionalChain(ops) { let lastAccessLHS = undefined; let value = ops[0]; let i = 1; while (i < ops.length) { const op = ops[i]; const fn = ops[i + 1]; i += 2; if ((op === 'optionalAccess' || op === 'optionalCall') && value == null) { return undefined; } if (op === 'access' || op === 'optionalAccess') { lastAccessLHS = value; value = fn(value); } else if (op === 'call' || op === 'optionalCall') { value = fn((...args) => value.call(lastAccessLHS, ...args)); lastAccessLHS = undefined; } } return value; }// src/env.ts
+var RiverbankEnvError = class extends Error {
+  constructor(message, missingVars) {
+    super(message);
+    this.missingVars = missingVars;
+    this.name = "RiverbankEnvError";
+  }
+};
+function getEnvPrefix(target) {
+  return target === "remote" ? "RIVERBANK_REMOTE" : "RIVERBANK_LOCAL";
+}
+function detectTarget() {
+  const env = _optionalChain([process, 'access', _ => _.env, 'access', _2 => _2.RIVERBANK_ENV, 'optionalAccess', _3 => _3.toLowerCase, 'call', _4 => _4()]);
+  if (env === "remote" || env === "production" || env === "prod") {
+    return "remote";
+  }
+  return "local";
+}
+function detectPreviewMode() {
+  const previewMode = process.env.RIVERBANK_PREVIEW_MODE;
+  if (previewMode !== void 0 && previewMode !== "") {
+    return previewMode === "true";
+  }
+  const previewLegacy = process.env.RIVERBANK_PREVIEW;
+  if (previewLegacy !== void 0 && previewLegacy !== "") {
+    return previewLegacy === "true";
+  }
+  return process.env.VERCEL_ENV === "preview";
+}
+function validateKeyType(key, expectedType) {
+  const isPreviewKey = key.startsWith("bld_preview_sk_");
+  const isContentKey = key.startsWith("bld_live_sk_");
+  if (expectedType === "preview" && !isPreviewKey) {
+    if (isContentKey) {
+      throw new RiverbankEnvError(
+        `Preview mode is enabled (RIVERBANK_PREVIEW_MODE=true) but a content key was provided. Preview mode requires a preview API key (bld_preview_sk_...) to access draft content. Either:
+  1. Set RIVERBANK_*_PREVIEW_API_KEY with your preview key, or
+  2. Set RIVERBANK_PREVIEW_MODE=false to fetch published content instead.`,
+        []
+      );
+    }
+    throw new RiverbankEnvError(
+      `Invalid API key format for preview mode. Expected key starting with bld_preview_sk_`,
+      []
+    );
+  }
+  if (expectedType === "content" && !isContentKey) {
+    if (isPreviewKey) {
+      console.debug(
+        "[getRiverbankEnv] Using preview key for published content. Consider using a content key (bld_live_sk_...) for production."
+      );
+      return;
+    }
+    throw new RiverbankEnvError(
+      `Invalid API key format for content access. Expected key starting with bld_live_sk_ or bld_preview_sk_`,
+      []
+    );
+  }
+}
+function isPreviewMode() {
+  return detectPreviewMode();
+}
+function getRiverbankTarget() {
+  return detectTarget();
+}
+function getRiverbankEnv() {
+  const target = detectTarget();
+  const previewMode = detectPreviewMode();
+  const prefix = getEnvPrefix(target);
+  const siteId = process.env[`${prefix}_SITE_ID`];
+  const dashboardUrl = process.env[`${prefix}_DASHBOARD_URL`];
+  const contentKey = process.env[`${prefix}_API_KEY`];
+  const previewKey = process.env[`${prefix}_PREVIEW_API_KEY`];
+  const missingVars = [];
+  if (!siteId) missingVars.push(`${prefix}_SITE_ID`);
+  if (!dashboardUrl) missingVars.push(`${prefix}_DASHBOARD_URL`);
+  let apiKey;
+  let keyType;
+  if (previewMode) {
+    apiKey = previewKey;
+    keyType = "preview";
+    if (!apiKey) {
+      missingVars.push(`${prefix}_PREVIEW_API_KEY`);
+    }
+  } else {
+    apiKey = contentKey || previewKey;
+    keyType = contentKey ? "content" : "preview";
+    if (!apiKey) {
+      missingVars.push(`${prefix}_API_KEY`);
+    }
+  }
+  if (missingVars.length > 0) {
+    throw new RiverbankEnvError(
+      `Missing required environment variables for Riverbank SDK:
+` + missingVars.map((v) => `  - ${v}`).join("\n") + `
+
+Current settings: RIVERBANK_ENV=${process.env.RIVERBANK_ENV || "local"}, RIVERBANK_PREVIEW_MODE=${process.env.RIVERBANK_PREVIEW_MODE || "false"}`,
+      missingVars
+    );
+  }
+  validateKeyType(apiKey, keyType);
+  let baseUrl = dashboardUrl;
+  if (!baseUrl.endsWith("/api")) {
+    baseUrl = baseUrl.replace(/\/$/, "") + "/api";
+  }
+  return {
+    target,
+    previewMode,
+    siteId,
+    baseUrl,
+    apiKey,
+    keyType
+  };
+}
+
+
+
+
+
+
+exports.RiverbankEnvError = RiverbankEnvError; exports.isPreviewMode = isPreviewMode; exports.getRiverbankTarget = getRiverbankTarget; exports.getRiverbankEnv = getRiverbankEnv;
+//# sourceMappingURL=chunk-2IZ6S225.js.map

package/dist/server/chunk-2IZ6S225.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["/Users/will/Projects/Business/cms/builder/packages/sdk/dist/server/chunk-2IZ6S225.js","../../src/env.ts"],"names":[],"mappings":"AAAA;ACgDO,IAAM,kBAAA,EAAN,MAAA,QAAgC,MAAM;AAAA,EAC3C,WAAA,CACE,OAAA,EACgB,WAAA,EAChB;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAFG,IAAA,IAAA,CAAA,YAAA,EAAA,WAAA;AAGhB,IAAA,IAAA,CAAK,KAAA,EAAO,mBAAA;AAAA,EACd;AACF,CAAA;AASA,SAAS,YAAA,CAAa,MAAA,EAAoC;AACxD,EAAA,OAAO,OAAA,IAAW,SAAA,EAAW,mBAAA,EAAqB,iBAAA;AACpD;AAKA,SAAS,YAAA,CAAA,EAAmC;AAC1C,EAAA,MAAM,IAAA,kBAAM,OAAA,mBAAQ,GAAA,qBAAI,aAAA,6BAAe,WAAA,mBAAY,GAAA;AACnD,EAAA,GAAA,CAAI,IAAA,IAAQ,SAAA,GAAY,IAAA,IAAQ,aAAA,GAAgB,IAAA,IAAQ,MAAA,EAAQ;AAC9D,IAAA,OAAO,QAAA;AAAA,EACT;AACA,EAAA,OAAO,OAAA;AACT;AAMA,SAAS,iBAAA,CAAA,EAA6B;AAEpC,EAAA,MAAM,YAAA,EAAc,OAAA,CAAQ,GAAA,CAAI,sBAAA;AAChC,EAAA,GAAA,CAAI,YAAA,IAAgB,KAAA,EAAA,GAAa,YAAA,IAAgB,EAAA,EAAI;AACnD,IAAA,OAAO,YAAA,IAAgB,MAAA;AAAA,EACzB;AAGA,EAAA,MAAM,cAAA,EAAgB,OAAA,CAAQ,GAAA,CAAI,iBAAA;AAClC,EAAA,GAAA,CAAI,cAAA,IAAkB,KAAA,EAAA,GAAa,cAAA,IAAkB,EAAA,EAAI;AACvD,IAAA,OAAO,cAAA,IAAkB,MAAA;AAAA,EAC3B;AAGA,EAAA,OAAO,OAAA,CAAQ,GAAA,CAAI,WAAA,IAAe,SAAA;AACpC;AAKA,SAAS,eAAA,CAAgB,GAAA,EAAa,YAAA,EAA2C;AAC/E,EAAA,MAAM,aAAA,EAAe,GAAA,CAAI,UAAA,CAAW,iBAAiB,CAAA;AACrD,EAAA,MAAM,aAAA,EAAe,GAAA,CAAI,UAAA,CAAW,cAAc,CAAA;AAElD,EAAA,GAAA,CAAI,aAAA,IAAiB,UAAA,GAAa,CAAC,YAAA,EAAc;AAC/C,IAAA,GAAA,CAAI,YAAA,EAAc;AAChB,MAAA,MAAM,IAAI,iBAAA;AAAA,QACR,CAAA;AAAA;AAAA,yEAAA,CAAA;AAAA,QAKA,CAAC;AAAA,MACH,CAAA;AAAA,IACF;AACA,IAAA,MAAM,IAAI,iBAAA;AAAA,MACR,CAAA,mFAAA,CAAA;AAAA,MACA,CAAC;AAAA,IACH,CAAA;AAAA,EACF;AAEA,EAAA,GAAA,CAAI,aAAA,IAAiB,UAAA,GAAa,CAAC,YAAA,EAAc;AAC/C,IAAA,GAAA,CAAI,YAAA,EAAc;AAGhB,MAAA,OAAA,CAAQ,KAAA;AAAA,QACN;AAAA,MAEF,CAAA;AACA,MAAA,MAAA;AAAA,IACF;AACA,IAAA,MAAM,IAAI,iBAAA;AAAA,MACR,CAAA,qGAAA,CAAA;AAAA,MACA,CAAC;AAAA,IACH,CAAA;AAAA,EACF;AACF;AAsBO,SAAS,aAAA,CAAA,EAAyB;AACvC,EAAA,OAAO,iBAAA,CAAkB,CAAA;AAC3B;AASO,SAAS,kBAAA,CAAA,EAAyC;AACvD,EAAA,OAAO,YAAA,CAAa,CAAA;AACtB;AAsCO,SAAS,eAAA,CAAA,EAAsC;AACpD,EAAA,MAAM,OAAA,EAAS,YAAA,CAAa,CAAA;AAC5B,EAAA,MAAM,YAAA,EAAc,iBAAA,CAAkB,CAAA;AACtC,EAAA,MAAM,OAAA,EAAS,YAAA,CAAa,MAAM,CAAA;AAGlC,EAAA,MAAM,OAAA,EAAS,OAAA,CAAQ,GAAA,CAAI,CAAA,EAAA;AACN,EAAA;AAGM,EAAA;AACA,EAAA;AAGI,EAAA;AACN,EAAA;AACN,EAAA;AAGf,EAAA;AACA,EAAA;AAEa,EAAA;AACN,IAAA;AACC,IAAA;AACG,IAAA;AACS,MAAA;AACtB,IAAA;AACK,EAAA;AAEkB,IAAA;AACA,IAAA;AACV,IAAA;AACS,MAAA;AACtB,IAAA;AACF,EAAA;AAE4B,EAAA;AAChB,IAAA;AACR,MAAA;AACyB;AACvB;AAAA,gCAAA;AAEF,MAAA;AACF,IAAA;AACF,EAAA;AAGyB,EAAA;AAGX,EAAA;AACc,EAAA;AACA,IAAA;AAC5B,EAAA;AAEO,EAAA;AACL,IAAA;AACA,IAAA;AACA,IAAA;AACA,IAAA;AACA,IAAA;AACA,IAAA;AACF,EAAA;AACF;ADnK8B;AACA;AACA;AACA;AACA;AACA;AACA","file":"/Users/will/Projects/Business/cms/builder/packages/sdk/dist/server/chunk-2IZ6S225.js","sourcesContent":[null,"/**\n * Environment detection utilities for SDK\n *\n * Provides helpers for detecting preview mode and auto-selecting the correct API key.\n *\n * @example\n * ```ts\n * import { getRiverbankEnv } from '@riverbankcms/sdk/env';\n * import { createRiverbankClient } from '@riverbankcms/sdk';\n *\n * const env = getRiverbankEnv();\n * const client = createRiverbankClient({\n *   apiKey: env.apiKey,\n *   baseUrl: env.baseUrl,\n * });\n * ```\n */\n\n// ============================================================================\n// Types\n// ============================================================================\n\n/**\n * Environment target: 'local' for development, 'remote' for production\n */\nexport type RiverbankEnvTarget = 'local' | 'remote';\n\n/**\n * Runtime environment configuration\n */\nexport interface RiverbankEnvConfig {\n  /** The detected environment target */\n  target: RiverbankEnvTarget;\n  /** Whether preview mode is enabled */\n  previewMode: boolean;\n  /** Site ID */\n  siteId: string;\n  /** Dashboard/API base URL */\n  baseUrl: string;\n  /** The auto-selected API key (preview or content key based on mode) */\n  apiKey: string;\n  /** The type of key being used */\n  keyType: 'preview' | 'content';\n}\n\n/**\n * Error thrown when required environment variables are missing\n */\nexport class RiverbankEnvError extends Error {\n  constructor(\n    message: string,\n    public readonly missingVars: string[]\n  ) {\n    super(message);\n    this.name = 'RiverbankEnvError';\n  }\n}\n\n// ============================================================================\n// Internal Helpers\n// ============================================================================\n\n/**\n * Get the environment variable prefix based on target\n */\nfunction getEnvPrefix(target: RiverbankEnvTarget): string {\n  return target === 'remote' ? 'RIVERBANK_REMOTE' : 'RIVERBANK_LOCAL';\n}\n\n/**\n * Detect the environment target from RIVERBANK_ENV\n */\nfunction detectTarget(): RiverbankEnvTarget {\n  const env = process.env.RIVERBANK_ENV?.toLowerCase();\n  if (env === 'remote' || env === 'production' || env === 'prod') {\n    return 'remote';\n  }\n  return 'local';\n}\n\n/**\n * Detect if preview mode is enabled.\n * Uses RIVERBANK_PREVIEW_MODE first, then falls back to RIVERBANK_PREVIEW for backward compat.\n */\nfunction detectPreviewMode(): boolean {\n  // RIVERBANK_PREVIEW_MODE takes precedence (new convention)\n  const previewMode = process.env.RIVERBANK_PREVIEW_MODE;\n  if (previewMode !== undefined && previewMode !== '') {\n    return previewMode === 'true';\n  }\n\n  // Fall back to RIVERBANK_PREVIEW (backward compatibility)\n  const previewLegacy = process.env.RIVERBANK_PREVIEW;\n  if (previewLegacy !== undefined && previewLegacy !== '') {\n    return previewLegacy === 'true';\n  }\n\n  // Fall back to Vercel environment detection\n  return process.env.VERCEL_ENV === 'preview';\n}\n\n/**\n * Validate that an API key matches the expected format for its type\n */\nfunction validateKeyType(key: string, expectedType: 'preview' | 'content'): void {\n  const isPreviewKey = key.startsWith('bld_preview_sk_');\n  const isContentKey = key.startsWith('bld_live_sk_');\n\n  if (expectedType === 'preview' && !isPreviewKey) {\n    if (isContentKey) {\n      throw new RiverbankEnvError(\n        `Preview mode is enabled (RIVERBANK_PREVIEW_MODE=true) but a content key was provided. ` +\n          `Preview mode requires a preview API key (bld_preview_sk_...) to access draft content. ` +\n          `Either:\\n` +\n          `  1. Set RIVERBANK_*_PREVIEW_API_KEY with your preview key, or\\n` +\n          `  2. Set RIVERBANK_PREVIEW_MODE=false to fetch published content instead.`,\n        []\n      );\n    }\n    throw new RiverbankEnvError(\n      `Invalid API key format for preview mode. Expected key starting with bld_preview_sk_`,\n      []\n    );\n  }\n\n  if (expectedType === 'content' && !isContentKey) {\n    if (isPreviewKey) {\n      // This is actually fine - preview keys can access both draft and published content\n      // Just log a note that they could use a more restrictive key\n      console.debug(\n        '[getRiverbankEnv] Using preview key for published content. ' +\n          'Consider using a content key (bld_live_sk_...) for production.'\n      );\n      return;\n    }\n    throw new RiverbankEnvError(\n      `Invalid API key format for content access. Expected key starting with bld_live_sk_ or bld_preview_sk_`,\n      []\n    );\n  }\n}\n\n// ============================================================================\n// Public API\n// ============================================================================\n\n/**\n * Detects if the current environment is in preview mode.\n *\n * Precedence:\n * 1. RIVERBANK_PREVIEW_MODE env var (explicit override) - 'true' or 'false'\n * 2. RIVERBANK_PREVIEW env var (legacy) - 'true' or 'false'\n * 3. VERCEL_ENV === 'preview' (Vercel preview deployments)\n * 4. Default: false (production behavior)\n *\n * In preview mode:\n * - Draft content is visible\n * - ISR revalidation is more aggressive\n * - Cache bypass may be enabled\n *\n * @returns true if in preview mode, false otherwise\n */\nexport function isPreviewMode(): boolean {\n  return detectPreviewMode();\n}\n\n/**\n * Get the current environment target.\n *\n * This is a convenience function for checking `RIVERBANK_ENV`.\n *\n * @returns 'local' or 'remote'\n */\nexport function getRiverbankTarget(): RiverbankEnvTarget {\n  return detectTarget();\n}\n\n/**\n * Get runtime environment configuration with automatic API key selection.\n *\n * This helper reads environment variables and automatically selects the correct\n * API key based on the current environment and preview mode:\n *\n * - When `RIVERBANK_PREVIEW_MODE=true`: Uses preview API key (bld_preview_sk_...)\n * - When `RIVERBANK_PREVIEW_MODE=false` (default): Uses content API key (bld_live_sk_...)\n *\n * Environment variable patterns:\n * - `RIVERBANK_ENV`: 'local' (default) or 'remote'\n * - `RIVERBANK_PREVIEW_MODE`: 'true' or 'false' (default)\n * - `RIVERBANK_{LOCAL|REMOTE}_SITE_ID`: Site ID\n * - `RIVERBANK_{LOCAL|REMOTE}_DASHBOARD_URL`: Dashboard URL\n * - `RIVERBANK_{LOCAL|REMOTE}_API_KEY`: Content/live API key\n * - `RIVERBANK_{LOCAL|REMOTE}_PREVIEW_API_KEY`: Preview API key\n *\n * @returns Environment configuration with auto-selected API key\n * @throws {RiverbankEnvError} If required environment variables are missing\n *\n * @example\n * ```ts\n * // lib/builder-client.ts\n * import { getRiverbankEnv } from '@riverbankcms/sdk/env';\n * import { createRiverbankClient } from '@riverbankcms/sdk';\n *\n * const env = getRiverbankEnv();\n *\n * export const client = createRiverbankClient({\n *   apiKey: env.apiKey,\n *   baseUrl: env.baseUrl,\n * });\n *\n * export const siteId = env.siteId;\n * ```\n */\nexport function getRiverbankEnv(): RiverbankEnvConfig {\n  const target = detectTarget();\n  const previewMode = detectPreviewMode();\n  const prefix = getEnvPrefix(target);\n\n  // Required vars\n  const siteId = process.env[`${prefix}_SITE_ID`];\n  const dashboardUrl = process.env[`${prefix}_DASHBOARD_URL`];\n\n  // API keys - pick based on preview mode\n  const contentKey = process.env[`${prefix}_API_KEY`];\n  const previewKey = process.env[`${prefix}_PREVIEW_API_KEY`];\n\n  // Collect missing required vars\n  const missingVars: string[] = [];\n  if (!siteId) missingVars.push(`${prefix}_SITE_ID`);\n  if (!dashboardUrl) missingVars.push(`${prefix}_DASHBOARD_URL`);\n\n  // Select the appropriate key\n  let apiKey: string | undefined;\n  let keyType: 'preview' | 'content';\n\n  if (previewMode) {\n    apiKey = previewKey;\n    keyType = 'preview';\n    if (!apiKey) {\n      missingVars.push(`${prefix}_PREVIEW_API_KEY`);\n    }\n  } else {\n    // For published content, prefer content key but allow preview key as fallback\n    apiKey = contentKey || previewKey;\n    keyType = contentKey ? 'content' : 'preview';\n    if (!apiKey) {\n      missingVars.push(`${prefix}_API_KEY`);\n    }\n  }\n\n  if (missingVars.length > 0) {\n    throw new RiverbankEnvError(\n      `Missing required environment variables for Riverbank SDK:\\n` +\n        missingVars.map((v) => `  - ${v}`).join('\\n') +\n        `\\n\\nCurrent settings: RIVERBANK_ENV=${process.env.RIVERBANK_ENV || 'local'}, ` +\n        `RIVERBANK_PREVIEW_MODE=${process.env.RIVERBANK_PREVIEW_MODE || 'false'}`,\n      missingVars\n    );\n  }\n\n  // Validate key type matches expected usage\n  validateKeyType(apiKey!, keyType);\n\n  // Construct base URL (ensure it ends with /api)\n  let baseUrl = dashboardUrl!;\n  if (!baseUrl.endsWith('/api')) {\n    baseUrl = baseUrl.replace(/\\/$/, '') + '/api';\n  }\n\n  return {\n    target,\n    previewMode,\n    siteId: siteId!,\n    baseUrl,\n    apiKey: apiKey!,\n    keyType,\n  };\n}\n"]}

package/dist/server/chunk-4CV4JOE5.js

@@ -0,0 +1,27 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true});var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+
+
+
+
+exports.__esm = __esm; exports.__export = __export; exports.__toCommonJS = __toCommonJS;
+//# sourceMappingURL=chunk-4CV4JOE5.js.map

package/dist/server/chunk-4CV4JOE5.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["/Users/will/Projects/Business/cms/builder/packages/sdk/dist/server/chunk-4CV4JOE5.js"],"names":[],"mappings":"AAAA,6EAAI,UAAU,EAAE,MAAM,CAAC,cAAc;AACrC,IAAI,iBAAiB,EAAE,MAAM,CAAC,wBAAwB;AACtD,IAAI,kBAAkB,EAAE,MAAM,CAAC,mBAAmB;AAClD,IAAI,aAAa,EAAE,MAAM,CAAC,SAAS,CAAC,cAAc;AAClD,IAAI,MAAM,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,SAAS,MAAM,CAAC,EAAE;AAC3C,EAAE,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG;AACrE,CAAC;AACD,IAAI,SAAS,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG;AAChC,EAAE,IAAI,CAAC,IAAI,KAAK,GAAG,GAAG;AACtB,IAAI,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,UAAU,EAAE,KAAK,CAAC,CAAC;AACjE,CAAC;AACD,IAAI,YAAY,EAAE,CAAC,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,GAAG;AAC9C,EAAE,GAAG,CAAC,KAAK,GAAG,OAAO,KAAK,IAAI,SAAS,GAAG,OAAO,KAAK,IAAI,UAAU,EAAE;AACtE,IAAI,IAAI,CAAC,IAAI,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC;AAC3C,MAAM,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,IAAI,MAAM;AACvD,QAAQ,SAAS,CAAC,EAAE,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,KAAK,EAAE,gBAAgB,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC;AAC1H,EAAE;AACF,EAAE,OAAO,EAAE;AACX,CAAC;AACD,IAAI,aAAa,EAAE,CAAC,GAAG,EAAE,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;AAC1F;AACA;AACE;AACA;AACA;AACF,wFAAC","file":"/Users/will/Projects/Business/cms/builder/packages/sdk/dist/server/chunk-4CV4JOE5.js"}

package/dist/server/{chunk-AET56TQX.mjs → chunk-5LRR64Y6.mjs}

@@ -1,15 +1,42 @@
 // src/webhooks/verify.ts
 import crypto from "crypto";
 import { z } from "zod";
+var WebhookEventSchema = z.enum([
+  "page.published",
+  "entry.published",
+  "navigation.updated",
+  "theme.updated",
+  "site.settings_updated"
+]);
+var PagePublishedDataSchema = z.object({
+  pageId: z.string(),
+  path: z.string(),
+  slug: z.string().optional()
+});
+var EntryPublishedDataSchema = z.object({
+  entryId: z.string(),
+  path: z.string(),
+  contentType: z.string()
+});
+var NavigationUpdatedDataSchema = z.object({
+  menuId: z.string().optional()
+});
+var EmptyDataSchema = z.object({});
+var WebhookDataSchema = z.union([
+  PagePublishedDataSchema,
+  EntryPublishedDataSchema,
+  NavigationUpdatedDataSchema,
+  EmptyDataSchema
+]);
 var WebhookPayloadSchema = z.object({
-  /** Event type (e.g., 'page.published', 'entry.published') */
-  event: z.string(),
+  /** Event type */
+  event: WebhookEventSchema,
   /** ISO timestamp of when the event occurred */
   timestamp: z.string(),
   /** Site ID that triggered the event */
   siteId: z.string(),
-  /** Event-specific data (varies by event type) */
-  data: z.record(z.string(), z.any()),
+  /** Event-specific data (shape depends on event type) */
+  data: z.record(z.string(), z.unknown()),
   /** Cache invalidation tags (for tag-based revalidation) */
   tags: z.array(z.string()).optional()
 });
@@ -42,4 +69,4 @@ export {
   verifyWebhookSignature,
   parseWebhookPayload
 };
-//# sourceMappingURL=chunk-AET56TQX.mjs.map
+//# sourceMappingURL=chunk-5LRR64Y6.mjs.map

package/dist/server/chunk-5LRR64Y6.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/webhooks/verify.ts"],"sourcesContent":["/**\n * Webhook verification utilities for Riverbank SDK\n *\n * Provides framework-agnostic webhook signature verification and payload parsing.\n */\n\nimport crypto from 'crypto';\nimport { z } from 'zod';\n\n// ============================================================================\n// Webhook Event Types\n// ============================================================================\n\n/**\n * Supported webhook event types.\n * Keep in sync with apps/dashboard/src/lib/db/helpers/webhooks.ts\n */\nexport const WebhookEventSchema = z.enum([\n  'page.published',\n  'entry.published',\n  'navigation.updated',\n  'theme.updated',\n  'site.settings_updated',\n]);\n\nexport type WebhookEvent = z.infer<typeof WebhookEventSchema>;\n\n// ============================================================================\n// Event-Specific Data Schemas\n// ============================================================================\n\n/** Data for page.published events */\nexport const PagePublishedDataSchema = z.object({\n  pageId: z.string(),\n  path: z.string(),\n  slug: z.string().optional(),\n});\n\n/** Data for entry.published events */\nexport const EntryPublishedDataSchema = z.object({\n  entryId: z.string(),\n  path: z.string(),\n  contentType: z.string(),\n});\n\n/** Data for navigation.updated events */\nexport const NavigationUpdatedDataSchema = z.object({\n  menuId: z.string().optional(),\n});\n\n/** Data for theme.updated and site.settings_updated events (empty) */\nexport const EmptyDataSchema = z.object({});\n\n/**\n * Combined data schema that accepts any valid event data.\n * The actual shape depends on the event type.\n */\nexport const WebhookDataSchema = z.union([\n  PagePublishedDataSchema,\n  EntryPublishedDataSchema,\n  NavigationUpdatedDataSchema,\n  EmptyDataSchema,\n]);\n\nexport type PagePublishedData = z.infer<typeof PagePublishedDataSchema>;\nexport type EntryPublishedData = z.infer<typeof EntryPublishedDataSchema>;\nexport type NavigationUpdatedData = z.infer<typeof NavigationUpdatedDataSchema>;\n\n// ============================================================================\n// Webhook Payload Schema\n// ============================================================================\n\n/**\n * Zod schema for webhook payload validation.\n */\nexport const WebhookPayloadSchema = z.object({\n  /** Event type */\n  event: WebhookEventSchema,\n  /** ISO timestamp of when the event occurred */\n  timestamp: z.string(),\n  /** Site ID that triggered the event */\n  siteId: z.string(),\n  /** Event-specific data (shape depends on event type) */\n  data: z.record(z.string(), z.unknown()),\n  /** Cache invalidation tags (for tag-based revalidation) */\n  tags: z.array(z.string()).optional(),\n});\n\n/**\n * Webhook payload structure sent by the CMS.\n */\nexport type WebhookPayload = z.infer<typeof WebhookPayloadSchema>;\n\n/**\n * Type-safe webhook payload with discriminated data based on event type.\n */\nexport type TypedWebhookPayload =\n  | { event: 'page.published'; data: PagePublishedData; siteId: string; timestamp: string; tags?: string[] }\n  | { event: 'entry.published'; data: EntryPublishedData; siteId: string; timestamp: string; tags?: string[] }\n  | { event: 'navigation.updated'; data: NavigationUpdatedData; siteId: string; timestamp: string; tags?: string[] }\n  | { event: 'theme.updated'; data: Record<string, never>; siteId: string; timestamp: string; tags?: string[] }\n  | { event: 'site.settings_updated'; data: Record<string, never>; siteId: string; timestamp: string; tags?: string[] };\n\n/**\n * Verify a webhook signature using HMAC-SHA256.\n *\n * Uses timing-safe comparison to prevent timing attacks.\n *\n * @param payload - The raw request body as a string\n * @param signature - The X-Riverbank-Signature header value\n * @param secret - The webhook signing secret (RIVERBANK_WEBHOOK_SECRET)\n * @returns true if signature is valid, false otherwise\n *\n * @example\n * ```ts\n * const body = await request.text();\n * const signature = request.headers.get('x-riverbank-signature');\n * const secret = process.env.RIVERBANK_WEBHOOK_SECRET;\n *\n * if (!verifyWebhookSignature(body, signature, secret)) {\n *   return new Response('Invalid signature', { status: 401 });\n * }\n * ```\n */\nexport function verifyWebhookSignature(\n  payload: string,\n  signature: string,\n  secret: string\n): boolean {\n  const expectedSignature = crypto\n    .createHmac('sha256', secret)\n    .update(payload)\n    .digest('hex');\n\n  // Length check before timing-safe comparison\n  // timingSafeEqual throws if lengths differ\n  if (signature.length !== expectedSignature.length) {\n    return false;\n  }\n\n  // Timing-safe comparison to prevent timing attacks\n  return crypto.timingSafeEqual(\n    Buffer.from(signature),\n    Buffer.from(expectedSignature)\n  );\n}\n\n/**\n * Result type for webhook payload parsing.\n */\nexport type ParseWebhookResult =\n  | { success: true; payload: WebhookPayload }\n  | { success: false; error: string };\n\n/**\n * Parse and validate a webhook payload from the request body.\n *\n * Uses Zod schema validation to ensure the payload has the expected structure.\n *\n * @param body - The raw request body as a string\n * @returns A result object with either the validated payload or an error message\n *\n * @example\n * ```ts\n * const body = await request.text();\n * const result = parseWebhookPayload(body);\n * if (!result.success) {\n *   return new Response(result.error, { status: 400 });\n * }\n * console.log(`Received ${result.payload.event} for site ${result.payload.siteId}`);\n * ```\n */\nexport function parseWebhookPayload(body: string): ParseWebhookResult {\n  let parsed: unknown;\n  try {\n    parsed = JSON.parse(body);\n  } catch {\n    return { success: false, error: 'Invalid JSON' };\n  }\n\n  const result = WebhookPayloadSchema.safeParse(parsed);\n  if (!result.success) {\n    return { success: false, error: `Invalid payload: ${result.error.message}` };\n  }\n\n  return { success: true, payload: result.data };\n}\n"],"mappings":";AAMA,OAAO,YAAY;AACnB,SAAS,SAAS;AAUX,IAAM,qBAAqB,EAAE,KAAK;AAAA,EACvC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AASM,IAAM,0BAA0B,EAAE,OAAO;AAAA,EAC9C,QAAQ,EAAE,OAAO;AAAA,EACjB,MAAM,EAAE,OAAO;AAAA,EACf,MAAM,EAAE,OAAO,EAAE,SAAS;AAC5B,CAAC;AAGM,IAAM,2BAA2B,EAAE,OAAO;AAAA,EAC/C,SAAS,EAAE,OAAO;AAAA,EAClB,MAAM,EAAE,OAAO;AAAA,EACf,aAAa,EAAE,OAAO;AACxB,CAAC;AAGM,IAAM,8BAA8B,EAAE,OAAO;AAAA,EAClD,QAAQ,EAAE,OAAO,EAAE,SAAS;AAC9B,CAAC;AAGM,IAAM,kBAAkB,EAAE,OAAO,CAAC,CAAC;AAMnC,IAAM,oBAAoB,EAAE,MAAM;AAAA,EACvC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAaM,IAAM,uBAAuB,EAAE,OAAO;AAAA;AAAA,EAE3C,OAAO;AAAA;AAAA,EAEP,WAAW,EAAE,OAAO;AAAA;AAAA,EAEpB,QAAQ,EAAE,OAAO;AAAA;AAAA,EAEjB,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,QAAQ,CAAC;AAAA;AAAA,EAEtC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AACrC,CAAC;AAsCM,SAAS,uBACd,SACA,WACA,QACS;AACT,QAAM,oBAAoB,OACvB,WAAW,UAAU,MAAM,EAC3B,OAAO,OAAO,EACd,OAAO,KAAK;AAIf,MAAI,UAAU,WAAW,kBAAkB,QAAQ;AACjD,WAAO;AAAA,EACT;AAGA,SAAO,OAAO;AAAA,IACZ,OAAO,KAAK,SAAS;AAAA,IACrB,OAAO,KAAK,iBAAiB;AAAA,EAC/B;AACF;AA2BO,SAAS,oBAAoB,MAAkC;AACpE,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,IAAI;AAAA,EAC1B,QAAQ;AACN,WAAO,EAAE,SAAS,OAAO,OAAO,eAAe;AAAA,EACjD;AAEA,QAAM,SAAS,qBAAqB,UAAU,MAAM;AACpD,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,EAAE,SAAS,OAAO,OAAO,oBAAoB,OAAO,MAAM,OAAO,GAAG;AAAA,EAC7E;AAEA,SAAO,EAAE,SAAS,MAAM,SAAS,OAAO,KAAK;AAC/C;","names":[]}

package/dist/server/{chunk-VODFQMUW.js → chunk-NBTRDLCM.js}

@@ -1,15 +1,42 @@
 "use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }// src/webhooks/verify.ts
 var _crypto = require('crypto'); var _crypto2 = _interopRequireDefault(_crypto);
 var _zod = require('zod');
+var WebhookEventSchema = _zod.z.enum([
+  "page.published",
+  "entry.published",
+  "navigation.updated",
+  "theme.updated",
+  "site.settings_updated"
+]);
+var PagePublishedDataSchema = _zod.z.object({
+  pageId: _zod.z.string(),
+  path: _zod.z.string(),
+  slug: _zod.z.string().optional()
+});
+var EntryPublishedDataSchema = _zod.z.object({
+  entryId: _zod.z.string(),
+  path: _zod.z.string(),
+  contentType: _zod.z.string()
+});
+var NavigationUpdatedDataSchema = _zod.z.object({
+  menuId: _zod.z.string().optional()
+});
+var EmptyDataSchema = _zod.z.object({});
+var WebhookDataSchema = _zod.z.union([
+  PagePublishedDataSchema,
+  EntryPublishedDataSchema,
+  NavigationUpdatedDataSchema,
+  EmptyDataSchema
+]);
 var WebhookPayloadSchema = _zod.z.object({
-  /** Event type (e.g., 'page.published', 'entry.published') */
-  event: _zod.z.string(),
+  /** Event type */
+  event: WebhookEventSchema,
   /** ISO timestamp of when the event occurred */
   timestamp: _zod.z.string(),
   /** Site ID that triggered the event */
   siteId: _zod.z.string(),
-  /** Event-specific data (varies by event type) */
-  data: _zod.z.record(_zod.z.string(), _zod.z.any()),
+  /** Event-specific data (shape depends on event type) */
+  data: _zod.z.record(_zod.z.string(), _zod.z.unknown()),
   /** Cache invalidation tags (for tag-based revalidation) */
   tags: _zod.z.array(_zod.z.string()).optional()
 });
@@ -42,4 +69,4 @@ function parseWebhookPayload(body) {
 
 
 exports.WebhookPayloadSchema = WebhookPayloadSchema; exports.verifyWebhookSignature = verifyWebhookSignature; exports.parseWebhookPayload = parseWebhookPayload;
-//# sourceMappingURL=chunk-VODFQMUW.js.map
+//# sourceMappingURL=chunk-NBTRDLCM.js.map

package/dist/server/chunk-NBTRDLCM.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["/Users/will/Projects/Business/cms/builder/packages/sdk/dist/server/chunk-NBTRDLCM.js","../../src/webhooks/verify.ts"],"names":[],"mappings":"AAAA;ACMA,gFAAmB;AACnB,0BAAkB;AAUX,IAAM,mBAAA,EAAqB,MAAA,CAAE,IAAA,CAAK;AAAA,EACvC,gBAAA;AAAA,EACA,iBAAA;AAAA,EACA,oBAAA;AAAA,EACA,eAAA;AAAA,EACA;AACF,CAAC,CAAA;AASM,IAAM,wBAAA,EAA0B,MAAA,CAAE,MAAA,CAAO;AAAA,EAC9C,MAAA,EAAQ,MAAA,CAAE,MAAA,CAAO,CAAA;AAAA,EACjB,IAAA,EAAM,MAAA,CAAE,MAAA,CAAO,CAAA;AAAA,EACf,IAAA,EAAM,MAAA,CAAE,MAAA,CAAO,CAAA,CAAE,QAAA,CAAS;AAC5B,CAAC,CAAA;AAGM,IAAM,yBAAA,EAA2B,MAAA,CAAE,MAAA,CAAO;AAAA,EAC/C,OAAA,EAAS,MAAA,CAAE,MAAA,CAAO,CAAA;AAAA,EAClB,IAAA,EAAM,MAAA,CAAE,MAAA,CAAO,CAAA;AAAA,EACf,WAAA,EAAa,MAAA,CAAE,MAAA,CAAO;AACxB,CAAC,CAAA;AAGM,IAAM,4BAAA,EAA8B,MAAA,CAAE,MAAA,CAAO;AAAA,EAClD,MAAA,EAAQ,MAAA,CAAE,MAAA,CAAO,CAAA,CAAE,QAAA,CAAS;AAC9B,CAAC,CAAA;AAGM,IAAM,gBAAA,EAAkB,MAAA,CAAE,MAAA,CAAO,CAAC,CAAC,CAAA;AAMnC,IAAM,kBAAA,EAAoB,MAAA,CAAE,KAAA,CAAM;AAAA,EACvC,uBAAA;AAAA,EACA,wBAAA;AAAA,EACA,2BAAA;AAAA,EACA;AACF,CAAC,CAAA;AAaM,IAAM,qBAAA,EAAuB,MAAA,CAAE,MAAA,CAAO;AAAA;AAAA,EAE3C,KAAA,EAAO,kBAAA;AAAA;AAAA,EAEP,SAAA,EAAW,MAAA,CAAE,MAAA,CAAO,CAAA;AAAA;AAAA,EAEpB,MAAA,EAAQ,MAAA,CAAE,MAAA,CAAO,CAAA;AAAA;AAAA,EAEjB,IAAA,EAAM,MAAA,CAAE,MAAA,CAAO,MAAA,CAAE,MAAA,CAAO,CAAA,EAAG,MAAA,CAAE,OAAA,CAAQ,CAAC,CAAA;AAAA;AAAA,EAEtC,IAAA,EAAM,MAAA,CAAE,KAAA,CAAM,MAAA,CAAE,MAAA,CAAO,CAAC,CAAA,CAAE,QAAA,CAAS;AACrC,CAAC,CAAA;AAsCM,SAAS,sBAAA,CACd,OAAA,EACA,SAAA,EACA,MAAA,EACS;AACT,EAAA,MAAM,kBAAA,EAAoB,gBAAA,CACvB,UAAA,CAAW,QAAA,EAAU,MAAM,CAAA,CAC3B,MAAA,CAAO,OAAO,CAAA,CACd,MAAA,CAAO,KAAK,CAAA;AAIf,EAAA,GAAA,CAAI,SAAA,CAAU,OAAA,IAAW,iBAAA,CAAkB,MAAA,EAAQ;AACjD,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,OAAO,gBAAA,CAAO,eAAA;AAAA,IACZ,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA;AAAA,IACrB,MAAA,CAAO,IAAA,CAAK,iBAAiB;AAAA,EAC/B,CAAA;AACF;AA2BO,SAAS,mBAAA,CAAoB,IAAA,EAAkC;AACpE,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,OAAA,EAAS,IAAA,CAAK,KAAA,CAAM,IAAI,CAAA;AAAA,EAC1B,EAAA,UAAQ;AACN,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,eAAe,CAAA;AAAA,EACjD;AAEA,EAAA,MAAM,OAAA,EAAS,oBAAA,CAAqB,SAAA,CAAU,MAAM,CAAA;AACpD,EAAA,GAAA,CAAI,CAAC,MAAA,CAAO,OAAA,EAAS;AACnB,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,CAAA,iBAAA,EAAoB,MAAA,CAAO,KAAA,CAAM,OAAO,CAAA,EAAA;AAC1E,EAAA;AAE6C,EAAA;AAC/C;ADzH6E;AACA;AACA;AACA;AACA;AACA","file":"/Users/will/Projects/Business/cms/builder/packages/sdk/dist/server/chunk-NBTRDLCM.js","sourcesContent":[null,"/**\n * Webhook verification utilities for Riverbank SDK\n *\n * Provides framework-agnostic webhook signature verification and payload parsing.\n */\n\nimport crypto from 'crypto';\nimport { z } from 'zod';\n\n// ============================================================================\n// Webhook Event Types\n// ============================================================================\n\n/**\n * Supported webhook event types.\n * Keep in sync with apps/dashboard/src/lib/db/helpers/webhooks.ts\n */\nexport const WebhookEventSchema = z.enum([\n  'page.published',\n  'entry.published',\n  'navigation.updated',\n  'theme.updated',\n  'site.settings_updated',\n]);\n\nexport type WebhookEvent = z.infer<typeof WebhookEventSchema>;\n\n// ============================================================================\n// Event-Specific Data Schemas\n// ============================================================================\n\n/** Data for page.published events */\nexport const PagePublishedDataSchema = z.object({\n  pageId: z.string(),\n  path: z.string(),\n  slug: z.string().optional(),\n});\n\n/** Data for entry.published events */\nexport const EntryPublishedDataSchema = z.object({\n  entryId: z.string(),\n  path: z.string(),\n  contentType: z.string(),\n});\n\n/** Data for navigation.updated events */\nexport const NavigationUpdatedDataSchema = z.object({\n  menuId: z.string().optional(),\n});\n\n/** Data for theme.updated and site.settings_updated events (empty) */\nexport const EmptyDataSchema = z.object({});\n\n/**\n * Combined data schema that accepts any valid event data.\n * The actual shape depends on the event type.\n */\nexport const WebhookDataSchema = z.union([\n  PagePublishedDataSchema,\n  EntryPublishedDataSchema,\n  NavigationUpdatedDataSchema,\n  EmptyDataSchema,\n]);\n\nexport type PagePublishedData = z.infer<typeof PagePublishedDataSchema>;\nexport type EntryPublishedData = z.infer<typeof EntryPublishedDataSchema>;\nexport type NavigationUpdatedData = z.infer<typeof NavigationUpdatedDataSchema>;\n\n// ============================================================================\n// Webhook Payload Schema\n// ============================================================================\n\n/**\n * Zod schema for webhook payload validation.\n */\nexport const WebhookPayloadSchema = z.object({\n  /** Event type */\n  event: WebhookEventSchema,\n  /** ISO timestamp of when the event occurred */\n  timestamp: z.string(),\n  /** Site ID that triggered the event */\n  siteId: z.string(),\n  /** Event-specific data (shape depends on event type) */\n  data: z.record(z.string(), z.unknown()),\n  /** Cache invalidation tags (for tag-based revalidation) */\n  tags: z.array(z.string()).optional(),\n});\n\n/**\n * Webhook payload structure sent by the CMS.\n */\nexport type WebhookPayload = z.infer<typeof WebhookPayloadSchema>;\n\n/**\n * Type-safe webhook payload with discriminated data based on event type.\n */\nexport type TypedWebhookPayload =\n  | { event: 'page.published'; data: PagePublishedData; siteId: string; timestamp: string; tags?: string[] }\n  | { event: 'entry.published'; data: EntryPublishedData; siteId: string; timestamp: string; tags?: string[] }\n  | { event: 'navigation.updated'; data: NavigationUpdatedData; siteId: string; timestamp: string; tags?: string[] }\n  | { event: 'theme.updated'; data: Record<string, never>; siteId: string; timestamp: string; tags?: string[] }\n  | { event: 'site.settings_updated'; data: Record<string, never>; siteId: string; timestamp: string; tags?: string[] };\n\n/**\n * Verify a webhook signature using HMAC-SHA256.\n *\n * Uses timing-safe comparison to prevent timing attacks.\n *\n * @param payload - The raw request body as a string\n * @param signature - The X-Riverbank-Signature header value\n * @param secret - The webhook signing secret (RIVERBANK_WEBHOOK_SECRET)\n * @returns true if signature is valid, false otherwise\n *\n * @example\n * ```ts\n * const body = await request.text();\n * const signature = request.headers.get('x-riverbank-signature');\n * const secret = process.env.RIVERBANK_WEBHOOK_SECRET;\n *\n * if (!verifyWebhookSignature(body, signature, secret)) {\n *   return new Response('Invalid signature', { status: 401 });\n * }\n * ```\n */\nexport function verifyWebhookSignature(\n  payload: string,\n  signature: string,\n  secret: string\n): boolean {\n  const expectedSignature = crypto\n    .createHmac('sha256', secret)\n    .update(payload)\n    .digest('hex');\n\n  // Length check before timing-safe comparison\n  // timingSafeEqual throws if lengths differ\n  if (signature.length !== expectedSignature.length) {\n    return false;\n  }\n\n  // Timing-safe comparison to prevent timing attacks\n  return crypto.timingSafeEqual(\n    Buffer.from(signature),\n    Buffer.from(expectedSignature)\n  );\n}\n\n/**\n * Result type for webhook payload parsing.\n */\nexport type ParseWebhookResult =\n  | { success: true; payload: WebhookPayload }\n  | { success: false; error: string };\n\n/**\n * Parse and validate a webhook payload from the request body.\n *\n * Uses Zod schema validation to ensure the payload has the expected structure.\n *\n * @param body - The raw request body as a string\n * @returns A result object with either the validated payload or an error message\n *\n * @example\n * ```ts\n * const body = await request.text();\n * const result = parseWebhookPayload(body);\n * if (!result.success) {\n *   return new Response(result.error, { status: 400 });\n * }\n * console.log(`Received ${result.payload.event} for site ${result.payload.siteId}`);\n * ```\n */\nexport function parseWebhookPayload(body: string): ParseWebhookResult {\n  let parsed: unknown;\n  try {\n    parsed = JSON.parse(body);\n  } catch {\n    return { success: false, error: 'Invalid JSON' };\n  }\n\n  const result = WebhookPayloadSchema.safeParse(parsed);\n  if (!result.success) {\n    return { success: false, error: `Invalid payload: ${result.error.message}` };\n  }\n\n  return { success: true, payload: result.data };\n}\n"]}

package/dist/server/chunk-NFEGQTCC.mjs

@@ -0,0 +1,27 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+export {
+  __esm,
+  __export,
+  __toCommonJS
+};
+//# sourceMappingURL=chunk-NFEGQTCC.mjs.map