npm - @sakeetech/viva-payments-core - Versions diffs - 0.2.1 - Mend

@sakeetech/viva-payments-core 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (203) hide show

package/LICENSE +21 -0
package/README.md +413 -0
package/dist/auth/http.d.ts +44 -0
package/dist/auth/http.d.ts.map +1 -0
package/dist/auth/http.js +80 -0
package/dist/auth/http.js.map +1 -0
package/dist/auth/index.d.ts +19 -0
package/dist/auth/index.d.ts.map +1 -0
package/dist/auth/index.js +18 -0
package/dist/auth/index.js.map +1 -0
package/dist/auth/oauth2-strategy.d.ts +117 -0
package/dist/auth/oauth2-strategy.d.ts.map +1 -0
package/dist/auth/oauth2-strategy.js +217 -0
package/dist/auth/oauth2-strategy.js.map +1 -0
package/dist/auth/reseller-strategy.d.ts +65 -0
package/dist/auth/reseller-strategy.d.ts.map +1 -0
package/dist/auth/reseller-strategy.js +68 -0
package/dist/auth/reseller-strategy.js.map +1 -0
package/dist/auth/single-flight.d.ts +81 -0
package/dist/auth/single-flight.d.ts.map +1 -0
package/dist/auth/single-flight.js +160 -0
package/dist/auth/single-flight.js.map +1 -0
package/dist/auth/token-cache.d.ts +50 -0
package/dist/auth/token-cache.d.ts.map +1 -0
package/dist/auth/token-cache.js +59 -0
package/dist/auth/token-cache.js.map +1 -0
package/dist/errors/api-error.d.ts +15 -0
package/dist/errors/api-error.d.ts.map +1 -0
package/dist/errors/api-error.js +18 -0
package/dist/errors/api-error.js.map +1 -0
package/dist/errors/auth-error.d.ts +14 -0
package/dist/errors/auth-error.d.ts.map +1 -0
package/dist/errors/auth-error.js +17 -0
package/dist/errors/auth-error.js.map +1 -0
package/dist/errors/base.d.ts +59 -0
package/dist/errors/base.d.ts.map +1 -0
package/dist/errors/base.js +51 -0
package/dist/errors/base.js.map +1 -0
package/dist/errors/index.d.ts +18 -0
package/dist/errors/index.d.ts.map +1 -0
package/dist/errors/index.js +16 -0
package/dist/errors/index.js.map +1 -0
package/dist/errors/mode-mismatch-error.d.ts +19 -0
package/dist/errors/mode-mismatch-error.d.ts.map +1 -0
package/dist/errors/mode-mismatch-error.js +22 -0
package/dist/errors/mode-mismatch-error.js.map +1 -0
package/dist/errors/rate-limit-error.d.ts +20 -0
package/dist/errors/rate-limit-error.d.ts.map +1 -0
package/dist/errors/rate-limit-error.js +20 -0
package/dist/errors/rate-limit-error.js.map +1 -0
package/dist/errors/validation-error.d.ts +14 -0
package/dist/errors/validation-error.d.ts.map +1 -0
package/dist/errors/validation-error.js +17 -0
package/dist/errors/validation-error.js.map +1 -0
package/dist/errors/webhook-error.d.ts +14 -0
package/dist/errors/webhook-error.d.ts.map +1 -0
package/dist/errors/webhook-error.js +17 -0
package/dist/errors/webhook-error.js.map +1 -0
package/dist/index.d.ts +15 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +15 -0
package/dist/index.js.map +1 -0
package/dist/isv/accounts.d.ts +38 -0
package/dist/isv/accounts.d.ts.map +1 -0
package/dist/isv/accounts.js +60 -0
package/dist/isv/accounts.js.map +1 -0
package/dist/isv/client.d.ts +187 -0
package/dist/isv/client.d.ts.map +1 -0
package/dist/isv/client.js +465 -0
package/dist/isv/client.js.map +1 -0
package/dist/isv/index.d.ts +52 -0
package/dist/isv/index.d.ts.map +1 -0
package/dist/isv/index.js +53 -0
package/dist/isv/index.js.map +1 -0
package/dist/isv/legacy-basic-client.d.ts +122 -0
package/dist/isv/legacy-basic-client.d.ts.map +1 -0
package/dist/isv/legacy-basic-client.js +281 -0
package/dist/isv/legacy-basic-client.js.map +1 -0
package/dist/isv/payments.d.ts +199 -0
package/dist/isv/payments.d.ts.map +1 -0
package/dist/isv/payments.js +385 -0
package/dist/isv/payments.js.map +1 -0
package/dist/isv/sources.d.ts +80 -0
package/dist/isv/sources.d.ts.map +1 -0
package/dist/isv/sources.js +112 -0
package/dist/isv/sources.js.map +1 -0
package/dist/isv/webhooks-api.d.ts +48 -0
package/dist/isv/webhooks-api.d.ts.map +1 -0
package/dist/isv/webhooks-api.js +66 -0
package/dist/isv/webhooks-api.js.map +1 -0
package/dist/legacy/client.d.ts +199 -0
package/dist/legacy/client.d.ts.map +1 -0
package/dist/legacy/client.js +351 -0
package/dist/legacy/client.js.map +1 -0
package/dist/legacy/index.d.ts +15 -0
package/dist/legacy/index.d.ts.map +1 -0
package/dist/legacy/index.js +14 -0
package/dist/legacy/index.js.map +1 -0
package/dist/observability/context.d.ts +30 -0
package/dist/observability/context.d.ts.map +1 -0
package/dist/observability/context.js +40 -0
package/dist/observability/context.js.map +1 -0
package/dist/observability/index.d.ts +15 -0
package/dist/observability/index.d.ts.map +1 -0
package/dist/observability/index.js +11 -0
package/dist/observability/index.js.map +1 -0
package/dist/observability/logger.d.ts +81 -0
package/dist/observability/logger.d.ts.map +1 -0
package/dist/observability/logger.js +127 -0
package/dist/observability/logger.js.map +1 -0
package/dist/observability/metrics.d.ts +37 -0
package/dist/observability/metrics.d.ts.map +1 -0
package/dist/observability/metrics.js +40 -0
package/dist/observability/metrics.js.map +1 -0
package/dist/observability/redact.d.ts +21 -0
package/dist/observability/redact.d.ts.map +1 -0
package/dist/observability/redact.js +72 -0
package/dist/observability/redact.js.map +1 -0
package/dist/observability/tracer.d.ts +25 -0
package/dist/observability/tracer.d.ts.map +1 -0
package/dist/observability/tracer.js +18 -0
package/dist/observability/tracer.js.map +1 -0
package/dist/payments/client.d.ts +247 -0
package/dist/payments/client.d.ts.map +1 -0
package/dist/payments/client.js +488 -0
package/dist/payments/client.js.map +1 -0
package/dist/payments/index.d.ts +14 -0
package/dist/payments/index.d.ts.map +1 -0
package/dist/payments/index.js +13 -0
package/dist/payments/index.js.map +1 -0
package/dist/refunds/fast-refund-client.d.ts +128 -0
package/dist/refunds/fast-refund-client.d.ts.map +1 -0
package/dist/refunds/fast-refund-client.js +138 -0
package/dist/refunds/fast-refund-client.js.map +1 -0
package/dist/refunds/index.d.ts +19 -0
package/dist/refunds/index.d.ts.map +1 -0
package/dist/refunds/index.js +17 -0
package/dist/refunds/index.js.map +1 -0
package/dist/refunds/strategy.d.ts +78 -0
package/dist/refunds/strategy.d.ts.map +1 -0
package/dist/refunds/strategy.js +75 -0
package/dist/refunds/strategy.js.map +1 -0
package/dist/types/auth.d.ts +80 -0
package/dist/types/auth.d.ts.map +1 -0
package/dist/types/auth.js +12 -0
package/dist/types/auth.js.map +1 -0
package/dist/types/card-types.d.ts +48 -0
package/dist/types/card-types.d.ts.map +1 -0
package/dist/types/card-types.js +62 -0
package/dist/types/card-types.js.map +1 -0
package/dist/types/common.d.ts +160 -0
package/dist/types/common.d.ts.map +1 -0
package/dist/types/common.js +70 -0
package/dist/types/common.js.map +1 -0
package/dist/types/index.d.ts +21 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +21 -0
package/dist/types/index.js.map +1 -0
package/dist/types/isv-accounts.d.ts +109 -0
package/dist/types/isv-accounts.d.ts.map +1 -0
package/dist/types/isv-accounts.js +22 -0
package/dist/types/isv-accounts.js.map +1 -0
package/dist/types/isv-payments.d.ts +262 -0
package/dist/types/isv-payments.d.ts.map +1 -0
package/dist/types/isv-payments.js +19 -0
package/dist/types/isv-payments.js.map +1 -0
package/dist/types/status.d.ts +125 -0
package/dist/types/status.d.ts.map +1 -0
package/dist/types/status.js +19 -0
package/dist/types/status.js.map +1 -0
package/dist/types/webhook-events.d.ts +447 -0
package/dist/types/webhook-events.d.ts.map +1 -0
package/dist/types/webhook-events.js +76 -0
package/dist/types/webhook-events.js.map +1 -0
package/dist/webhooks/challenge-response.d.ts +28 -0
package/dist/webhooks/challenge-response.d.ts.map +1 -0
package/dist/webhooks/challenge-response.js +35 -0
package/dist/webhooks/challenge-response.js.map +1 -0
package/dist/webhooks/event-types.d.ts +44 -0
package/dist/webhooks/event-types.d.ts.map +1 -0
package/dist/webhooks/event-types.js +50 -0
package/dist/webhooks/event-types.js.map +1 -0
package/dist/webhooks/extract-client-ip.d.ts +40 -0
package/dist/webhooks/extract-client-ip.d.ts.map +1 -0
package/dist/webhooks/extract-client-ip.js +72 -0
package/dist/webhooks/extract-client-ip.js.map +1 -0
package/dist/webhooks/hmac-verify.d.ts +38 -0
package/dist/webhooks/hmac-verify.d.ts.map +1 -0
package/dist/webhooks/hmac-verify.js +92 -0
package/dist/webhooks/hmac-verify.js.map +1 -0
package/dist/webhooks/index.d.ts +19 -0
package/dist/webhooks/index.d.ts.map +1 -0
package/dist/webhooks/index.js +19 -0
package/dist/webhooks/index.js.map +1 -0
package/dist/webhooks/ip-allowlist.d.ts +59 -0
package/dist/webhooks/ip-allowlist.d.ts.map +1 -0
package/dist/webhooks/ip-allowlist.js +147 -0
package/dist/webhooks/ip-allowlist.js.map +1 -0
package/dist/webhooks/status-lattice.d.ts +72 -0
package/dist/webhooks/status-lattice.d.ts.map +1 -0
package/dist/webhooks/status-lattice.js +208 -0
package/dist/webhooks/status-lattice.js.map +1 -0
package/package.json +85 -0

package/dist/errors/validation-error.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import { VivaError, type VivaErrorOptions } from './base.js';
+/**
+ * Thrown for local pre-flight validation failures.
+ *
+ * Examples: multi-tenant cart rejected at `initiatePayment` (plan P19),
+ * amount out of range, missing required field before the HTTP call is made.
+ *
+ * Maps to `MedusaError(Types.INVALID_DATA)` in the adapter layer.
+ */
+export declare class VivaValidationError extends VivaError {
+    readonly code: "VIVA_VALIDATION_ERROR";
+    constructor(opts: VivaErrorOptions);
+}
+//# sourceMappingURL=validation-error.d.ts.map

package/dist/errors/validation-error.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"validation-error.d.ts","sourceRoot":"","sources":["../../src/errors/validation-error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAE7D;;;;;;;GAOG;AACH,qBAAa,mBAAoB,SAAQ,SAAS;IAChD,QAAQ,CAAC,IAAI,EAAG,uBAAuB,CAAU;gBAErC,IAAI,EAAE,gBAAgB;CAInC"}

package/dist/errors/validation-error.js ADDED Viewed

@@ -0,0 +1,17 @@
+import { VivaError } from './base.js';
+/**
+ * Thrown for local pre-flight validation failures.
+ *
+ * Examples: multi-tenant cart rejected at `initiatePayment` (plan P19),
+ * amount out of range, missing required field before the HTTP call is made.
+ *
+ * Maps to `MedusaError(Types.INVALID_DATA)` in the adapter layer.
+ */
+export class VivaValidationError extends VivaError {
+    code = 'VIVA_VALIDATION_ERROR';
+    constructor(opts) {
+        super(opts);
+        this.name = 'VivaValidationError';
+    }
+}
+//# sourceMappingURL=validation-error.js.map

package/dist/errors/validation-error.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"validation-error.js","sourceRoot":"","sources":["../../src/errors/validation-error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAyB,MAAM,WAAW,CAAC;AAE7D;;;;;;;GAOG;AACH,MAAM,OAAO,mBAAoB,SAAQ,SAAS;IACvC,IAAI,GAAG,uBAAgC,CAAC;IAEjD,YAAY,IAAsB;QAChC,KAAK,CAAC,IAAI,CAAC,CAAC;QACZ,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAC;IACpC,CAAC;CACF"}

package/dist/errors/webhook-error.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import { VivaError, type VivaErrorOptions } from './base.js';
+/**
+ * Thrown when webhook verification or shape validation fails.
+ *
+ * Covers: HMAC signature mismatch, unknown event type, malformed payload,
+ * IP allowlist rejection (layer a), challenge-response failure (layer b).
+ *
+ * The webhook handler returns 401 (no payload processing) when this is thrown.
+ */
+export declare class VivaWebhookError extends VivaError {
+    readonly code: "VIVA_WEBHOOK_ERROR";
+    constructor(opts: VivaErrorOptions);
+}
+//# sourceMappingURL=webhook-error.d.ts.map

package/dist/errors/webhook-error.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"webhook-error.d.ts","sourceRoot":"","sources":["../../src/errors/webhook-error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,KAAK,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAE7D;;;;;;;GAOG;AACH,qBAAa,gBAAiB,SAAQ,SAAS;IAC7C,QAAQ,CAAC,IAAI,EAAG,oBAAoB,CAAU;gBAElC,IAAI,EAAE,gBAAgB;CAInC"}

package/dist/errors/webhook-error.js ADDED Viewed

@@ -0,0 +1,17 @@
+import { VivaError } from './base.js';
+/**
+ * Thrown when webhook verification or shape validation fails.
+ *
+ * Covers: HMAC signature mismatch, unknown event type, malformed payload,
+ * IP allowlist rejection (layer a), challenge-response failure (layer b).
+ *
+ * The webhook handler returns 401 (no payload processing) when this is thrown.
+ */
+export class VivaWebhookError extends VivaError {
+    code = 'VIVA_WEBHOOK_ERROR';
+    constructor(opts) {
+        super(opts);
+        this.name = 'VivaWebhookError';
+    }
+}
+//# sourceMappingURL=webhook-error.js.map

package/dist/errors/webhook-error.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"webhook-error.js","sourceRoot":"","sources":["../../src/errors/webhook-error.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAyB,MAAM,WAAW,CAAC;AAE7D;;;;;;;GAOG;AACH,MAAM,OAAO,gBAAiB,SAAQ,SAAS;IACpC,IAAI,GAAG,oBAA6B,CAAC;IAE9C,YAAY,IAAsB;QAChC,KAAK,CAAC,IAAI,CAAC,CAAC;QACZ,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF"}

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+/**
+ * viva-payments-core
+ *
+ * Framework-agnostic Viva Wallet client for ISV (Independent Software Vendor)
+ * integrations. Zero Medusa or Vendure imports.
+ *
+ * Subpath exports:
+ *   - viva-payments-core/auth       OAuth2 + Reseller auth strategies
+ *   - viva-payments-core/isv        ISV payments, connected accounts, webhooks API
+ *   - viva-payments-core/webhooks   verification, event types, status lattice
+ *   - viva-payments-core/types      TypeScript types for the Viva API surface
+ *   - viva-payments-core/errors     VivaApiError, VivaAuthError, etc.
+ */
+export declare const VERSION = "0.0.0";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,eAAO,MAAM,OAAO,UAAU,CAAC"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,15 @@
+/**
+ * viva-payments-core
+ *
+ * Framework-agnostic Viva Wallet client for ISV (Independent Software Vendor)
+ * integrations. Zero Medusa or Vendure imports.
+ *
+ * Subpath exports:
+ *   - viva-payments-core/auth       OAuth2 + Reseller auth strategies
+ *   - viva-payments-core/isv        ISV payments, connected accounts, webhooks API
+ *   - viva-payments-core/webhooks   verification, event types, status lattice
+ *   - viva-payments-core/types      TypeScript types for the Viva API surface
+ *   - viva-payments-core/errors     VivaApiError, VivaAuthError, etc.
+ */
+export const VERSION = "0.0.0";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,MAAM,CAAC,MAAM,OAAO,GAAG,OAAO,CAAC"}

package/dist/isv/accounts.d.ts ADDED Viewed

@@ -0,0 +1,38 @@
+/**
+ * IsvAccounts — ISV Connected Account API methods.
+ *
+ * Probe-verified 2026-05-11 against the live demo environment. Endpoints below
+ * match the canonical spec at `docs/payment-isv-api.yaml`.
+ *
+ *   - createConnectedAccount   → POST /isv/v1/accounts
+ *   - retrieveConnectedAccount → GET  /isv/v1/accounts/{accountId}
+ *
+ * Update is NOT implemented: the ISV spec exposes no update endpoint. The
+ * merchant edits their own account via the Viva self-care UI.
+ *
+ * Auth: OAuth2 Bearer with scopes
+ *   `urn:viva:payments:core:api:isv urn:viva:payments:core:api:redirectcheckout`.
+ */
+import type { IsvHttpClient } from './client.js';
+import type { CreateConnectedAccountRequest, CreateConnectedAccountResponse, GetConnectedAccountResponse, ConnectedAccountId } from '../types/index.js';
+export declare class IsvAccounts {
+    private readonly client;
+    constructor(client: IsvHttpClient);
+    /**
+     * Create a connected merchant account.
+     *
+     * Returns `{accountId, invitation: {email, redirectUrl, created}}`. Share
+     * `invitation.redirectUrl` with the merchant to complete Viva-hosted KYC.
+     * The onboarding URL is only functional in production.
+     */
+    createConnectedAccount(req: CreateConnectedAccountRequest): Promise<CreateConnectedAccountResponse>;
+    /**
+     * Retrieve a connected account.
+     *
+     * Returns the verification status (`verified`), the assigned `merchantId`
+     * (null until KYC is complete), and `acquiringEnabled` (true when the
+     * merchant can accept card payments).
+     */
+    retrieveConnectedAccount(connectedAccountId: ConnectedAccountId): Promise<GetConnectedAccountResponse>;
+}
+//# sourceMappingURL=accounts.d.ts.map

package/dist/isv/accounts.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"accounts.d.ts","sourceRoot":"","sources":["../../src/isv/accounts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,KAAK,EACV,6BAA6B,EAC7B,8BAA8B,EAC9B,2BAA2B,EAC3B,kBAAkB,EACnB,MAAM,mBAAmB,CAAC;AAE3B,qBAAa,WAAW;IACV,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,aAAa;IAElD;;;;;;OAMG;IACG,sBAAsB,CAC1B,GAAG,EAAE,6BAA6B,GACjC,OAAO,CAAC,8BAA8B,CAAC;IAkB1C;;;;;;OAMG;IACG,wBAAwB,CAC5B,kBAAkB,EAAE,kBAAkB,GACrC,OAAO,CAAC,2BAA2B,CAAC;CAQxC"}

package/dist/isv/accounts.js ADDED Viewed

@@ -0,0 +1,60 @@
+/**
+ * IsvAccounts — ISV Connected Account API methods.
+ *
+ * Probe-verified 2026-05-11 against the live demo environment. Endpoints below
+ * match the canonical spec at `docs/payment-isv-api.yaml`.
+ *
+ *   - createConnectedAccount   → POST /isv/v1/accounts
+ *   - retrieveConnectedAccount → GET  /isv/v1/accounts/{accountId}
+ *
+ * Update is NOT implemented: the ISV spec exposes no update endpoint. The
+ * merchant edits their own account via the Viva self-care UI.
+ *
+ * Auth: OAuth2 Bearer with scopes
+ *   `urn:viva:payments:core:api:isv urn:viva:payments:core:api:redirectcheckout`.
+ */
+export class IsvAccounts {
+    client;
+    constructor(client) {
+        this.client = client;
+    }
+    /**
+     * Create a connected merchant account.
+     *
+     * Returns `{accountId, invitation: {email, redirectUrl, created}}`. Share
+     * `invitation.redirectUrl` with the merchant to complete Viva-hosted KYC.
+     * The onboarding URL is only functional in production.
+     */
+    async createConnectedAccount(req) {
+        const wireBody = {
+            email: req.email,
+            returnUrl: req.returnUrl,
+        };
+        if (req.branding !== undefined) {
+            wireBody['branding'] = req.branding;
+        }
+        return this.client.request({
+            method: 'POST',
+            path: '/isv/v1/accounts',
+            body: wireBody,
+            idempotent: true,
+            endpoint: 'POST /isv/v1/accounts',
+        });
+    }
+    /**
+     * Retrieve a connected account.
+     *
+     * Returns the verification status (`verified`), the assigned `merchantId`
+     * (null until KYC is complete), and `acquiringEnabled` (true when the
+     * merchant can accept card payments).
+     */
+    async retrieveConnectedAccount(connectedAccountId) {
+        return this.client.request({
+            method: 'GET',
+            path: `/isv/v1/accounts/${connectedAccountId}`,
+            idempotent: true,
+            endpoint: 'GET /isv/v1/accounts/{accountId}',
+        });
+    }
+}
+//# sourceMappingURL=accounts.js.map

package/dist/isv/accounts.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"accounts.js","sourceRoot":"","sources":["../../src/isv/accounts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAUH,MAAM,OAAO,WAAW;IACO;IAA7B,YAA6B,MAAqB;QAArB,WAAM,GAAN,MAAM,CAAe;IAAG,CAAC;IAEtD;;;;;;OAMG;IACH,KAAK,CAAC,sBAAsB,CAC1B,GAAkC;QAElC,MAAM,QAAQ,GAA4B;YACxC,KAAK,EAAE,GAAG,CAAC,KAAK;YAChB,SAAS,EAAE,GAAG,CAAC,SAAS;SACzB,CAAC;QACF,IAAI,GAAG,CAAC,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC/B,QAAQ,CAAC,UAAU,CAAC,GAAG,GAAG,CAAC,QAAQ,CAAC;QACtC,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAiC;YACzD,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,kBAAkB;YACxB,IAAI,EAAE,QAAQ;YACd,UAAU,EAAE,IAAI;YAChB,QAAQ,EAAE,uBAAuB;SAClC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,wBAAwB,CAC5B,kBAAsC;QAEtC,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAA8B;YACtD,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,oBAAoB,kBAAkB,EAAE;YAC9C,UAAU,EAAE,IAAI;YAChB,QAAQ,EAAE,kCAAkC;SAC7C,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/isv/client.d.ts ADDED Viewed

@@ -0,0 +1,187 @@
+/**
+ * IsvHttpClient — shared HTTP wrapper for all ISV API calls.
+ *
+ * Responsibilities:
+ *   - Resolve base URL from VivaEnvironment
+ *   - Inject Authorization header from AuthStrategy.getBearerToken()
+ *   - Bigint-safe JSON serialization (request body) and deserialization (response)
+ *   - Per-request timeout via AbortController
+ *   - Retry policy: idempotent requests retry 429 + 5xx up to 3 times with
+ *     exponential backoff [500, 1500, 4500]ms ±20% jitter
+ *   - Non-idempotent POST: only retry on connection-level errors (never on ack)
+ *   - 401 handling: force-refresh token once, retry same request once
+ *   - Error mapping to typed VivaError subclasses
+ *
+ * @see references/viva-docs/md/isv-credentials.txt:107 (auth credential types)
+ * @see references/viva-docs/md/isv-partner-program.txt:104 (ISV API overview)
+ */
+import type { Dispatcher } from 'undici';
+import type { AuthStrategy, VivaEnvironment } from '../types/index.js';
+import type { MetricsHook } from '../observability/index.js';
+export interface IsvHttpClientConfig {
+    environment: VivaEnvironment;
+    authStrategy: AuthStrategy;
+    /** Override undici dispatcher for tests (e.g. MockAgent). */
+    dispatcher?: Dispatcher;
+    /** Override global fetch. Defaults to undici fetch when dispatcher is provided, else global fetch. */
+    fetchImpl?: typeof fetch;
+    /** Clock override for tests. Defaults to Date.now. */
+    now?: () => number;
+    /**
+     * Exponential backoff schedule in milliseconds.
+     * Default: [500, 1500, 4500] per plan Auth Flow line 319.
+     *
+     * @see references/viva-docs/md/isv-partner-program.txt:104
+     */
+    retryBackoffsMs?: number[];
+    /**
+     * Jitter ratio applied to each backoff (±jitterRatio * backoff).
+     * Default: 0.2 (±20%).
+     *
+     * @see references/viva-docs/md/isv-partner-program.txt:104
+     */
+    jitterRatio?: number;
+    /** Default per-request timeout in milliseconds. Default: 30_000. */
+    defaultTimeoutMs?: number;
+    /** Optional metrics hook. Records viva_api_request_duration_seconds. */
+    metrics?: MetricsHook;
+}
+interface RequestOptions {
+    method: 'GET' | 'POST' | 'PATCH' | 'DELETE';
+    path: string;
+    query?: Record<string, string | number | bigint | undefined>;
+    body?: unknown;
+    /**
+     * Sets the `Idempotency-Key` header on the request.
+     *
+     * TODO(impl): Viva's exact idempotency header name is unconfirmed from local docs.
+     * Using `Idempotency-Key` (standard RFC 8929 / common vendor practice).
+     * If Viva uses a different name, update this constant.
+     * @see references/viva-docs/md/isv-partner-program.txt:104
+     */
+    idempotencyKey?: string;
+    timeoutMs?: number;
+    /**
+     * When true: retries on 429 and 5xx per the backoff schedule.
+     * When false: only retries on connection-level errors (never on ack).
+     *
+     * @see references/viva-docs/md/isv-partner-program.txt:104 (Auth Flow line 319)
+     */
+    idempotent: boolean;
+    /**
+     * Endpoint label for metrics: `${METHOD} ${pathTemplate}` (no query string).
+     * Example: `'POST /checkout/v2/orders'`
+     * Callers must supply the template (not the concrete URL with query params).
+     */
+    endpoint?: string;
+}
+/**
+ * Shared HTTP client for all ISV API endpoints.
+ *
+ * Constructed once per platform context (auth strategy + environment) and
+ * shared across IsvPayments, IsvAccounts, IsvWebhooks.
+ *
+ * @see references/viva-docs/md/isv-credentials.txt:107
+ * @see references/viva-docs/md/isv-partner-program.txt:104
+ */
+export declare class IsvHttpClient {
+    private readonly apiBaseUrl;
+    private readonly authStrategy;
+    private readonly dispatcher;
+    private readonly fetchImpl;
+    private readonly now;
+    private readonly backoffsMs;
+    private readonly jitterRatio;
+    private readonly defaultTimeoutMs;
+    private readonly metrics;
+    /**
+     * Last observed `x-viva-correlationid` header value.
+     * Updated after every successful HTTP response. Used by `requestWithMeta`.
+     * Probe-verified 2026-04-25: Viva includes this on every response.
+     */
+    private _vivaLastCorrelationId;
+    /**
+     * Last observed `x-viva-eventid` header value.
+     * Updated after every successful HTTP response. Used by `requestWithMeta`.
+     */
+    private _vivaLastEventId;
+    constructor(config: IsvHttpClientConfig);
+    /**
+     * Execute an outbound request to the Viva ISV API.
+     *
+     * Auth flow per plan Auth Flow line 317:
+     *   1. Get bearer token from authStrategy.
+     *   2. Execute request.
+     *   3. On 401: force-refresh token once, retry once.
+     *   4. Second 401 → VivaAuthError.
+     *
+     * Retry policy per plan Auth Flow line 319:
+     *   - Idempotent: retry 429 + 5xx up to MAX_RETRIES with backoff + jitter.
+     *   - Non-idempotent: retry only on connection-level errors.
+     *
+     * @see references/viva-docs/md/isv-credentials.txt:107 (auth strategy)
+     * @see references/viva-docs/md/isv-partner-program.txt:104 (retry policy)
+     */
+    request<T>(opts: RequestOptions): Promise<T>;
+    /**
+     * Like `request<T>` but also returns Viva tracing headers.
+     *
+     * Returns `{ data: T, vivaCorrelationId, vivaEventId }` for observability.
+     * Use this when the caller needs the `x-viva-correlationid` / `x-viva-eventid`
+     * values (e.g. to log them or attach them to structured traces).
+     *
+     * Probe-verified 2026-04-25: both headers are present on every Viva response.
+     *
+     * @see references/viva-docs/md/isv-partner-program.txt:104
+     */
+    requestWithMeta<T>(opts: RequestOptions): Promise<{
+        data: T;
+        vivaCorrelationId: string | undefined;
+        vivaEventId: string | undefined;
+    }>;
+    /**
+     * Executes the request with a single auth-refresh-then-retry cycle.
+     *
+     * On first 401: forceRefresh token, retry the request once.
+     * On second 401: throw VivaAuthError.
+     *
+     * @see references/viva-docs/md/isv-credentials.txt:107
+     */
+    private _withAuthRefresh;
+    /**
+     * Executes the request with the idempotent retry loop.
+     * Does NOT handle auth-refresh — that is the caller's responsibility.
+     *
+     * Viva tracing headers are extracted on every response:
+     *   - `x-viva-correlationid` (e.g. "26-115-EDAA55BC") — probe-verified 2026-04-25.
+     *   - `x-viva-eventid` (e.g. "0") — probe-verified 2026-04-25.
+     * On errors these are attached to the thrown VivaError. On success they are
+     * available via the `_vivaLastCorrelationId` / `_vivaLastEventId` fields for
+     * callers that need them (use `request<T>` for the raw value; use
+     * `requestWithMeta<T>` for explicit access to the tracing pair).
+     *
+     * @see references/viva-docs/md/isv-partner-program.txt:104 (Auth Flow line 319)
+     */
+    private _executeWithRetry;
+    /**
+     * Makes a single HTTP attempt. On connection-level errors:
+     *   - If idempotent: bubble up (outer loop handles retry).
+     *   - If NOT idempotent: retry once on connection-level errors per plan
+     *     Auth Flow line 319 (request never acked).
+     */
+    private _attempt;
+    private _buildUrl;
+    private _backoffMs;
+    private _retryAfterMs;
+    private _parseErrorBody;
+    private _isConnectionError;
+    /**
+     * Heuristic: was the abort triggered before any byte was received?
+     * Since AbortError doesn't carry this info directly, we treat all AbortErrors
+     * from our own timeout as "possibly not acked" — safe for non-idempotent retry.
+     */
+    private _isBeforeAck;
+    private _sleep;
+}
+export {};
+//# sourceMappingURL=client.d.ts.map

package/dist/isv/client.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/isv/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAEzC,OAAO,KAAK,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AASvE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAsE7D,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,eAAe,CAAC;IAC7B,YAAY,EAAE,YAAY,CAAC;IAC3B,6DAA6D;IAC7D,UAAU,CAAC,EAAE,UAAU,CAAC;IACxB,sGAAsG;IACtG,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;IACzB,sDAAsD;IACtD,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;IACnB;;;;;OAKG;IACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAC3B;;;;;OAKG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,oEAAoE;IACpE,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,wEAAwE;IACxE,OAAO,CAAC,EAAE,WAAW,CAAC;CACvB;AAED,UAAU,cAAc;IACtB,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,OAAO,GAAG,QAAQ,CAAC;IAC5C,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,SAAS,CAAC,CAAC;IAC7D,IAAI,CAAC,EAAE,OAAO,CAAC;IACf;;;;;;;OAOG;IACH,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB;;;;;OAKG;IACH,UAAU,EAAE,OAAO,CAAC;IACpB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AA2BD;;;;;;;;GAQG;AACH,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAe;IAC5C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAyB;IACpD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAe;IACzC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAe;IACnC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAoB;IAC/C,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAS;IAC1C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;IAEtC;;;;OAIG;IACH,OAAO,CAAC,sBAAsB,CAAiC;IAE/D;;;OAGG;IACH,OAAO,CAAC,gBAAgB,CAAiC;gBAE7C,MAAM,EAAE,mBAAmB;IAmBvC;;;;;;;;;;;;;;;OAeG;IACG,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC;IAWlD;;;;;;;;;;OAUG;IACG,eAAe,CAAC,CAAC,EAAE,IAAI,EAAE,cAAc,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,CAAC,CAAC;QAAC,iBAAiB,EAAE,MAAM,GAAG,SAAS,CAAC;QAAC,WAAW,EAAE,MAAM,GAAG,SAAS,CAAA;KAAE,CAAC;IAkB5I;;;;;;;OAOG;YACW,gBAAgB;IAc9B;;;;;;;;;;;;;OAaG;YACW,iBAAiB;IAyF/B;;;;;OAKG;YACW,QAAQ;IA4EtB,OAAO,CAAC,SAAS;IAiBjB,OAAO,CAAC,UAAU;IAMlB,OAAO,CAAC,aAAa;IAWrB,OAAO,CAAC,eAAe;IA2BvB,OAAO,CAAC,kBAAkB;IAS1B;;;;OAIG;IACH,OAAO,CAAC,YAAY;IAIpB,OAAO,CAAC,MAAM;CAGf"}