npm - @siglume/direct-request-payment - Versions diffs - 0.1.0 → 0.3.0 - Mend

@siglume/direct-request-payment 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/CHANGELOG.md +50 -0
package/README.md +271 -104
package/dist/index.cjs +253 -1
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +131 -1
package/dist/index.d.ts +131 -1
package/dist/index.js +253 -1
package/dist/index.js.map +1 -1
package/docs/announcement-ja.md +64 -0
package/docs/api-reference.md +209 -51
package/docs/merchant-quickstart.md +183 -142
package/docs/pricing.md +36 -19
package/docs/security.md +14 -0
package/examples/express-checkout.ts +3 -2
package/examples/setup-merchant.ts +17 -0
package/package.json +15 -1

package/dist/index.d.cts CHANGED Viewed

@@ -1,5 +1,6 @@
 declare const DEFAULT_SIGLUME_API_BASE = "https://siglume.com/v1";
 declare const DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME = "siglume-external-402-v1";
+declare const DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME = "siglume-external-402-recurring-v1";
 declare const DIRECT_REQUEST_PAYMENT_MODE = "external_402";
 declare const DIRECT_REQUEST_PAYMENT_RECEIPT_KIND = "api_store_direct_payment";
 declare const DIRECT_REQUEST_PAYMENT_ALLOWANCE_RECEIPT_KIND = "api_store_direct_payment_allowance";
@@ -29,6 +30,28 @@ interface ParsedDirectRequestPaymentChallenge {
     nonce: string;
     signature: string;
 }
+/** "monthly" authorizes a Siglume-swept subscription; "daily" authorizes a
+ *  scheduled autopay (at most one charge per day, merchant-triggered). */
+type DirectRequestPaymentRecurringCadence = "monthly" | "daily";
+interface DirectRequestPaymentRecurringChallengeInput {
+    merchant: string;
+    amount_minor: number;
+    currency: DirectRequestPaymentCurrency | string;
+    cadence: DirectRequestPaymentRecurringCadence | string;
+    secret: string;
+    nonce?: string;
+}
+interface DirectRequestPaymentRecurringChallenge {
+    scheme: typeof DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME;
+    merchant: string;
+    amount_minor: number;
+    currency: DirectRequestPaymentCurrency;
+    cadence: DirectRequestPaymentRecurringCadence;
+    nonce: string;
+    signature: string;
+    challenge: string;
+    challenge_hash: string;
+}
 interface Web3TransactionRequest {
     network?: string;
     chain_id?: number;
@@ -109,6 +132,78 @@ interface DirectRequestPaymentClientOptions {
     timeout_ms?: number;
     user_agent?: string;
 }
+type DirectRequestPaymentBillingPlan = "launch" | "free" | "starter" | "growth" | "pro";
+interface DirectRequestPaymentMerchantAccount {
+    merchant_account_id: string;
+    merchant: string;
+    merchant_user_id: string;
+    user_wallet_id?: string | null;
+    billing_mandate_id?: string | null;
+    display_name?: string | null;
+    status?: string | null;
+    billing_status?: string | null;
+    billing_plan?: string | null;
+    billing_currency?: string | null;
+    token_symbol?: string | null;
+    monthly_fee_minor?: number | null;
+    settlement_fee_bps?: number | null;
+    settlement_fee_min_minor?: number | null;
+    included_monthly_payments?: number | null;
+    metadata_jsonb?: Record<string, unknown>;
+    [key: string]: unknown;
+}
+interface DirectRequestPaymentMerchantSetupInput {
+    merchant: string;
+    display_name?: string;
+    billing_plan?: DirectRequestPaymentBillingPlan | string;
+    billing_currency?: DirectRequestPaymentCurrency | string;
+    allowed_currencies?: Record<string, string> | Array<DirectRequestPaymentCurrency | string>;
+    webhook_callback_url?: string;
+    billing_mandate_cap_minor?: number;
+    max_amount_minor?: number;
+}
+interface DirectRequestPaymentMerchantBillingMandateInput {
+    currency?: DirectRequestPaymentCurrency | string;
+    billing_currency?: DirectRequestPaymentCurrency | string;
+    max_amount_minor?: number;
+}
+interface DirectRequestPaymentMerchantResponse {
+    merchant_account: DirectRequestPaymentMerchantAccount;
+    challenge_secret?: string | null;
+    challenge_secret_created?: boolean;
+    created?: boolean | null;
+    listing_id?: string | null;
+    mandate?: Record<string, unknown> | null;
+    next_steps?: Record<string, unknown>;
+}
+interface DirectRequestPaymentWebhookSubscriptionInput {
+    callback_url: string;
+    description?: string;
+    event_types?: string[];
+    metadata?: Record<string, unknown>;
+}
+interface DirectRequestPaymentWebhookSubscription {
+    webhook_subscription_id?: string;
+    subscription_id?: string;
+    id?: string;
+    callback_url?: string;
+    signing_secret?: string;
+    status?: string;
+    event_types?: string[];
+    [key: string]: unknown;
+}
+interface DirectRequestPaymentCheckoutSetupInput extends DirectRequestPaymentMerchantSetupInput {
+    create_webhook_subscription?: boolean;
+    prepare_billing_mandate?: boolean;
+    webhook_event_types?: string[];
+    webhook_description?: string;
+}
+interface DirectRequestPaymentCheckoutSetupResult {
+    merchant: DirectRequestPaymentMerchantResponse;
+    billing_mandate?: DirectRequestPaymentMerchantResponse | null;
+    webhook_subscription?: DirectRequestPaymentWebhookSubscription | null;
+    env: Record<string, string>;
+}
 interface SiglumeEnvelopeMeta {
     request_id?: string | null;
     trace_id?: string | null;
@@ -177,6 +272,21 @@ declare class DirectRequestPaymentClient {
     }): Promise<Web3PreparedTransactionExecuteResult>;
     request<T>(method: string, path: string, json_body?: unknown): Promise<T>;
 }
+declare class DirectRequestPaymentMerchantClient {
+    readonly auth_token: string;
+    readonly base_url: string;
+    readonly timeout_ms: number;
+    readonly user_agent: string;
+    private readonly fetch_impl;
+    constructor(options?: DirectRequestPaymentClientOptions);
+    setupMerchant(input: DirectRequestPaymentMerchantSetupInput): Promise<DirectRequestPaymentMerchantResponse>;
+    getMerchant(merchant: string): Promise<DirectRequestPaymentMerchantResponse>;
+    rotateChallengeSecret(merchant: string): Promise<DirectRequestPaymentMerchantResponse>;
+    prepareBillingMandate(merchant: string, input?: DirectRequestPaymentMerchantBillingMandateInput): Promise<DirectRequestPaymentMerchantResponse>;
+    createWebhookSubscription(input: DirectRequestPaymentWebhookSubscriptionInput): Promise<DirectRequestPaymentWebhookSubscription>;
+    setupCheckout(input: DirectRequestPaymentCheckoutSetupInput): Promise<DirectRequestPaymentCheckoutSetupResult>;
+    request<T>(method: string, path: string, json_body?: unknown): Promise<T>;
+}
 declare function createDirectRequestPaymentChallenge(input: DirectRequestPaymentChallengeInput): Promise<DirectRequestPaymentChallenge>;
 declare function createDirectRequestPaymentChallengeSignature(secret: string, input: {
     merchant: string;
@@ -185,6 +295,26 @@ declare function createDirectRequestPaymentChallengeSignature(secret: string, in
     nonce: string;
 }): Promise<string>;
 declare function parseDirectRequestPaymentChallenge(challenge: string): ParsedDirectRequestPaymentChallenge;
+/** Merchant-side, ONE-TIME approval of a recurring authorization: amount +
+ *  currency + cadence are bound into the HMAC. Recurring charges afterwards
+ *  are deliberately challenge-free — the on-chain mandate cap/cadence and the
+ *  amount frozen on the Siglume authorization are the per-charge integrity
+ *  checks. Cadence "monthly" = subscription, "daily" = scheduled autopay. */
+declare function createDirectRequestPaymentRecurringChallenge(input: DirectRequestPaymentRecurringChallengeInput): Promise<DirectRequestPaymentRecurringChallenge>;
+declare function createDirectRequestPaymentRecurringChallengeSignature(secret: string, input: {
+    merchant: string;
+    amount_minor: number;
+    currency: DirectRequestPaymentCurrency | string;
+    cadence: DirectRequestPaymentRecurringCadence | string;
+    nonce: string;
+}): Promise<string>;
+declare function verifyDirectRequestPaymentRecurringChallenge(secret: string, input: {
+    merchant: string;
+    amount_minor: number;
+    currency: DirectRequestPaymentCurrency | string;
+    cadence: DirectRequestPaymentRecurringCadence | string;
+    challenge: string;
+}): Promise<boolean>;
 declare function verifyDirectRequestPaymentChallenge(secret: string, input: {
     merchant: string;
     amount_minor: number;
@@ -232,4 +362,4 @@ declare function verifyDirectRequestPaymentWebhook(signing_secret: string, body:
 declare const createExternal402Challenge: typeof createDirectRequestPaymentChallenge;
 declare const verifyExternal402Challenge: typeof verifyDirectRequestPaymentChallenge;
-export { DEFAULT_SIGLUME_API_BASE, DEFAULT_WEBHOOK_TOLERANCE_SECONDS, DIRECT_REQUEST_PAYMENT_ALLOWANCE_RECEIPT_KIND, DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME, DIRECT_REQUEST_PAYMENT_MODE, DIRECT_REQUEST_PAYMENT_RECEIPT_KIND, DIRECT_REQUEST_PAYMENT_REFERENCE_TYPE, type DirectPaymentRequirement, type DirectPaymentRequirementCreateInput, type DirectPaymentVerifyInput, type DirectRequestPaymentChallenge, type DirectRequestPaymentChallengeInput, DirectRequestPaymentClient, type DirectRequestPaymentClientOptions, type DirectRequestPaymentCurrency, type DirectRequestPaymentToken, type DirectRequestPaymentWebhookEvent, type ParsedDirectRequestPaymentChallenge, SiglumeApiError, SiglumeDirectRequestPaymentError, type SiglumeEnvelopeMeta, SiglumeWebhookPayloadError, SiglumeWebhookSignatureError, type Web3PreparedTransactionExecutePayload, type Web3PreparedTransactionExecuteResult, type Web3TransactionRequest, type WebhookSignatureVerification, buildAllowanceExecutionPayload, buildPaymentExecutionPayload, buildPreparedTransactionExecutionPayload, buildWebhookSignatureHeader, computeWebhookSignature, createDirectRequestPaymentChallenge, createDirectRequestPaymentChallengeSignature, createExternal402Challenge, directRequestPaymentChallengeHash, directRequestPaymentRequestHash, parseDirectRequestPaymentChallenge, parseDirectRequestPaymentWebhookEvent, verifyDirectRequestPaymentChallenge, verifyDirectRequestPaymentWebhook, verifyExternal402Challenge, verifyWebhookSignature };
+export { DEFAULT_SIGLUME_API_BASE, DEFAULT_WEBHOOK_TOLERANCE_SECONDS, DIRECT_REQUEST_PAYMENT_ALLOWANCE_RECEIPT_KIND, DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME, DIRECT_REQUEST_PAYMENT_MODE, DIRECT_REQUEST_PAYMENT_RECEIPT_KIND, DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME, DIRECT_REQUEST_PAYMENT_REFERENCE_TYPE, type DirectPaymentRequirement, type DirectPaymentRequirementCreateInput, type DirectPaymentVerifyInput, type DirectRequestPaymentBillingPlan, type DirectRequestPaymentChallenge, type DirectRequestPaymentChallengeInput, type DirectRequestPaymentCheckoutSetupInput, type DirectRequestPaymentCheckoutSetupResult, DirectRequestPaymentClient, type DirectRequestPaymentClientOptions, type DirectRequestPaymentCurrency, type DirectRequestPaymentMerchantAccount, type DirectRequestPaymentMerchantBillingMandateInput, DirectRequestPaymentMerchantClient, type DirectRequestPaymentMerchantResponse, type DirectRequestPaymentMerchantSetupInput, type DirectRequestPaymentRecurringCadence, type DirectRequestPaymentRecurringChallenge, type DirectRequestPaymentRecurringChallengeInput, type DirectRequestPaymentToken, type DirectRequestPaymentWebhookEvent, type DirectRequestPaymentWebhookSubscription, type DirectRequestPaymentWebhookSubscriptionInput, type ParsedDirectRequestPaymentChallenge, SiglumeApiError, SiglumeDirectRequestPaymentError, type SiglumeEnvelopeMeta, SiglumeWebhookPayloadError, SiglumeWebhookSignatureError, type Web3PreparedTransactionExecutePayload, type Web3PreparedTransactionExecuteResult, type Web3TransactionRequest, type WebhookSignatureVerification, buildAllowanceExecutionPayload, buildPaymentExecutionPayload, buildPreparedTransactionExecutionPayload, buildWebhookSignatureHeader, computeWebhookSignature, createDirectRequestPaymentChallenge, createDirectRequestPaymentChallengeSignature, createDirectRequestPaymentRecurringChallenge, createDirectRequestPaymentRecurringChallengeSignature, createExternal402Challenge, directRequestPaymentChallengeHash, directRequestPaymentRequestHash, parseDirectRequestPaymentChallenge, parseDirectRequestPaymentWebhookEvent, verifyDirectRequestPaymentChallenge, verifyDirectRequestPaymentRecurringChallenge, verifyDirectRequestPaymentWebhook, verifyExternal402Challenge, verifyWebhookSignature };

package/dist/index.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 declare const DEFAULT_SIGLUME_API_BASE = "https://siglume.com/v1";
 declare const DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME = "siglume-external-402-v1";
+declare const DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME = "siglume-external-402-recurring-v1";
 declare const DIRECT_REQUEST_PAYMENT_MODE = "external_402";
 declare const DIRECT_REQUEST_PAYMENT_RECEIPT_KIND = "api_store_direct_payment";
 declare const DIRECT_REQUEST_PAYMENT_ALLOWANCE_RECEIPT_KIND = "api_store_direct_payment_allowance";
@@ -29,6 +30,28 @@ interface ParsedDirectRequestPaymentChallenge {
     nonce: string;
     signature: string;
 }
+/** "monthly" authorizes a Siglume-swept subscription; "daily" authorizes a
+ *  scheduled autopay (at most one charge per day, merchant-triggered). */
+type DirectRequestPaymentRecurringCadence = "monthly" | "daily";
+interface DirectRequestPaymentRecurringChallengeInput {
+    merchant: string;
+    amount_minor: number;
+    currency: DirectRequestPaymentCurrency | string;
+    cadence: DirectRequestPaymentRecurringCadence | string;
+    secret: string;
+    nonce?: string;
+}
+interface DirectRequestPaymentRecurringChallenge {
+    scheme: typeof DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME;
+    merchant: string;
+    amount_minor: number;
+    currency: DirectRequestPaymentCurrency;
+    cadence: DirectRequestPaymentRecurringCadence;
+    nonce: string;
+    signature: string;
+    challenge: string;
+    challenge_hash: string;
+}
 interface Web3TransactionRequest {
     network?: string;
     chain_id?: number;
@@ -109,6 +132,78 @@ interface DirectRequestPaymentClientOptions {
     timeout_ms?: number;
     user_agent?: string;
 }
+type DirectRequestPaymentBillingPlan = "launch" | "free" | "starter" | "growth" | "pro";
+interface DirectRequestPaymentMerchantAccount {
+    merchant_account_id: string;
+    merchant: string;
+    merchant_user_id: string;
+    user_wallet_id?: string | null;
+    billing_mandate_id?: string | null;
+    display_name?: string | null;
+    status?: string | null;
+    billing_status?: string | null;
+    billing_plan?: string | null;
+    billing_currency?: string | null;
+    token_symbol?: string | null;
+    monthly_fee_minor?: number | null;
+    settlement_fee_bps?: number | null;
+    settlement_fee_min_minor?: number | null;
+    included_monthly_payments?: number | null;
+    metadata_jsonb?: Record<string, unknown>;
+    [key: string]: unknown;
+}
+interface DirectRequestPaymentMerchantSetupInput {
+    merchant: string;
+    display_name?: string;
+    billing_plan?: DirectRequestPaymentBillingPlan | string;
+    billing_currency?: DirectRequestPaymentCurrency | string;
+    allowed_currencies?: Record<string, string> | Array<DirectRequestPaymentCurrency | string>;
+    webhook_callback_url?: string;
+    billing_mandate_cap_minor?: number;
+    max_amount_minor?: number;
+}
+interface DirectRequestPaymentMerchantBillingMandateInput {
+    currency?: DirectRequestPaymentCurrency | string;
+    billing_currency?: DirectRequestPaymentCurrency | string;
+    max_amount_minor?: number;
+}
+interface DirectRequestPaymentMerchantResponse {
+    merchant_account: DirectRequestPaymentMerchantAccount;
+    challenge_secret?: string | null;
+    challenge_secret_created?: boolean;
+    created?: boolean | null;
+    listing_id?: string | null;
+    mandate?: Record<string, unknown> | null;
+    next_steps?: Record<string, unknown>;
+}
+interface DirectRequestPaymentWebhookSubscriptionInput {
+    callback_url: string;
+    description?: string;
+    event_types?: string[];
+    metadata?: Record<string, unknown>;
+}
+interface DirectRequestPaymentWebhookSubscription {
+    webhook_subscription_id?: string;
+    subscription_id?: string;
+    id?: string;
+    callback_url?: string;
+    signing_secret?: string;
+    status?: string;
+    event_types?: string[];
+    [key: string]: unknown;
+}
+interface DirectRequestPaymentCheckoutSetupInput extends DirectRequestPaymentMerchantSetupInput {
+    create_webhook_subscription?: boolean;
+    prepare_billing_mandate?: boolean;
+    webhook_event_types?: string[];
+    webhook_description?: string;
+}
+interface DirectRequestPaymentCheckoutSetupResult {
+    merchant: DirectRequestPaymentMerchantResponse;
+    billing_mandate?: DirectRequestPaymentMerchantResponse | null;
+    webhook_subscription?: DirectRequestPaymentWebhookSubscription | null;
+    env: Record<string, string>;
+}
 interface SiglumeEnvelopeMeta {
     request_id?: string | null;
     trace_id?: string | null;
@@ -177,6 +272,21 @@ declare class DirectRequestPaymentClient {
     }): Promise<Web3PreparedTransactionExecuteResult>;
     request<T>(method: string, path: string, json_body?: unknown): Promise<T>;
 }
+declare class DirectRequestPaymentMerchantClient {
+    readonly auth_token: string;
+    readonly base_url: string;
+    readonly timeout_ms: number;
+    readonly user_agent: string;
+    private readonly fetch_impl;
+    constructor(options?: DirectRequestPaymentClientOptions);
+    setupMerchant(input: DirectRequestPaymentMerchantSetupInput): Promise<DirectRequestPaymentMerchantResponse>;
+    getMerchant(merchant: string): Promise<DirectRequestPaymentMerchantResponse>;
+    rotateChallengeSecret(merchant: string): Promise<DirectRequestPaymentMerchantResponse>;
+    prepareBillingMandate(merchant: string, input?: DirectRequestPaymentMerchantBillingMandateInput): Promise<DirectRequestPaymentMerchantResponse>;
+    createWebhookSubscription(input: DirectRequestPaymentWebhookSubscriptionInput): Promise<DirectRequestPaymentWebhookSubscription>;
+    setupCheckout(input: DirectRequestPaymentCheckoutSetupInput): Promise<DirectRequestPaymentCheckoutSetupResult>;
+    request<T>(method: string, path: string, json_body?: unknown): Promise<T>;
+}
 declare function createDirectRequestPaymentChallenge(input: DirectRequestPaymentChallengeInput): Promise<DirectRequestPaymentChallenge>;
 declare function createDirectRequestPaymentChallengeSignature(secret: string, input: {
     merchant: string;
@@ -185,6 +295,26 @@ declare function createDirectRequestPaymentChallengeSignature(secret: string, in
     nonce: string;
 }): Promise<string>;
 declare function parseDirectRequestPaymentChallenge(challenge: string): ParsedDirectRequestPaymentChallenge;
+/** Merchant-side, ONE-TIME approval of a recurring authorization: amount +
+ *  currency + cadence are bound into the HMAC. Recurring charges afterwards
+ *  are deliberately challenge-free — the on-chain mandate cap/cadence and the
+ *  amount frozen on the Siglume authorization are the per-charge integrity
+ *  checks. Cadence "monthly" = subscription, "daily" = scheduled autopay. */
+declare function createDirectRequestPaymentRecurringChallenge(input: DirectRequestPaymentRecurringChallengeInput): Promise<DirectRequestPaymentRecurringChallenge>;
+declare function createDirectRequestPaymentRecurringChallengeSignature(secret: string, input: {
+    merchant: string;
+    amount_minor: number;
+    currency: DirectRequestPaymentCurrency | string;
+    cadence: DirectRequestPaymentRecurringCadence | string;
+    nonce: string;
+}): Promise<string>;
+declare function verifyDirectRequestPaymentRecurringChallenge(secret: string, input: {
+    merchant: string;
+    amount_minor: number;
+    currency: DirectRequestPaymentCurrency | string;
+    cadence: DirectRequestPaymentRecurringCadence | string;
+    challenge: string;
+}): Promise<boolean>;
 declare function verifyDirectRequestPaymentChallenge(secret: string, input: {
     merchant: string;
     amount_minor: number;
@@ -232,4 +362,4 @@ declare function verifyDirectRequestPaymentWebhook(signing_secret: string, body:
 declare const createExternal402Challenge: typeof createDirectRequestPaymentChallenge;
 declare const verifyExternal402Challenge: typeof verifyDirectRequestPaymentChallenge;
-export { DEFAULT_SIGLUME_API_BASE, DEFAULT_WEBHOOK_TOLERANCE_SECONDS, DIRECT_REQUEST_PAYMENT_ALLOWANCE_RECEIPT_KIND, DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME, DIRECT_REQUEST_PAYMENT_MODE, DIRECT_REQUEST_PAYMENT_RECEIPT_KIND, DIRECT_REQUEST_PAYMENT_REFERENCE_TYPE, type DirectPaymentRequirement, type DirectPaymentRequirementCreateInput, type DirectPaymentVerifyInput, type DirectRequestPaymentChallenge, type DirectRequestPaymentChallengeInput, DirectRequestPaymentClient, type DirectRequestPaymentClientOptions, type DirectRequestPaymentCurrency, type DirectRequestPaymentToken, type DirectRequestPaymentWebhookEvent, type ParsedDirectRequestPaymentChallenge, SiglumeApiError, SiglumeDirectRequestPaymentError, type SiglumeEnvelopeMeta, SiglumeWebhookPayloadError, SiglumeWebhookSignatureError, type Web3PreparedTransactionExecutePayload, type Web3PreparedTransactionExecuteResult, type Web3TransactionRequest, type WebhookSignatureVerification, buildAllowanceExecutionPayload, buildPaymentExecutionPayload, buildPreparedTransactionExecutionPayload, buildWebhookSignatureHeader, computeWebhookSignature, createDirectRequestPaymentChallenge, createDirectRequestPaymentChallengeSignature, createExternal402Challenge, directRequestPaymentChallengeHash, directRequestPaymentRequestHash, parseDirectRequestPaymentChallenge, parseDirectRequestPaymentWebhookEvent, verifyDirectRequestPaymentChallenge, verifyDirectRequestPaymentWebhook, verifyExternal402Challenge, verifyWebhookSignature };
+export { DEFAULT_SIGLUME_API_BASE, DEFAULT_WEBHOOK_TOLERANCE_SECONDS, DIRECT_REQUEST_PAYMENT_ALLOWANCE_RECEIPT_KIND, DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME, DIRECT_REQUEST_PAYMENT_MODE, DIRECT_REQUEST_PAYMENT_RECEIPT_KIND, DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME, DIRECT_REQUEST_PAYMENT_REFERENCE_TYPE, type DirectPaymentRequirement, type DirectPaymentRequirementCreateInput, type DirectPaymentVerifyInput, type DirectRequestPaymentBillingPlan, type DirectRequestPaymentChallenge, type DirectRequestPaymentChallengeInput, type DirectRequestPaymentCheckoutSetupInput, type DirectRequestPaymentCheckoutSetupResult, DirectRequestPaymentClient, type DirectRequestPaymentClientOptions, type DirectRequestPaymentCurrency, type DirectRequestPaymentMerchantAccount, type DirectRequestPaymentMerchantBillingMandateInput, DirectRequestPaymentMerchantClient, type DirectRequestPaymentMerchantResponse, type DirectRequestPaymentMerchantSetupInput, type DirectRequestPaymentRecurringCadence, type DirectRequestPaymentRecurringChallenge, type DirectRequestPaymentRecurringChallengeInput, type DirectRequestPaymentToken, type DirectRequestPaymentWebhookEvent, type DirectRequestPaymentWebhookSubscription, type DirectRequestPaymentWebhookSubscriptionInput, type ParsedDirectRequestPaymentChallenge, SiglumeApiError, SiglumeDirectRequestPaymentError, type SiglumeEnvelopeMeta, SiglumeWebhookPayloadError, SiglumeWebhookSignatureError, type Web3PreparedTransactionExecutePayload, type Web3PreparedTransactionExecuteResult, type Web3TransactionRequest, type WebhookSignatureVerification, buildAllowanceExecutionPayload, buildPaymentExecutionPayload, buildPreparedTransactionExecutionPayload, buildWebhookSignatureHeader, computeWebhookSignature, createDirectRequestPaymentChallenge, createDirectRequestPaymentChallengeSignature, createDirectRequestPaymentRecurringChallenge, createDirectRequestPaymentRecurringChallengeSignature, createExternal402Challenge, directRequestPaymentChallengeHash, directRequestPaymentRequestHash, parseDirectRequestPaymentChallenge, parseDirectRequestPaymentWebhookEvent, verifyDirectRequestPaymentChallenge, verifyDirectRequestPaymentRecurringChallenge, verifyDirectRequestPaymentWebhook, verifyExternal402Challenge, verifyWebhookSignature };

package/dist/index.js CHANGED Viewed

@@ -1,6 +1,7 @@
 // src/index.ts
 var DEFAULT_SIGLUME_API_BASE = "https://siglume.com/v1";
 var DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME = "siglume-external-402-v1";
+var DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME = "siglume-external-402-recurring-v1";
 var DIRECT_REQUEST_PAYMENT_MODE = "external_402";
 var DIRECT_REQUEST_PAYMENT_RECEIPT_KIND = "api_store_direct_payment";
 var DIRECT_REQUEST_PAYMENT_ALLOWANCE_RECEIPT_KIND = "api_store_direct_payment_allowance";
@@ -56,7 +57,7 @@ var DirectRequestPaymentClient = class {
     this.auth_token = authToken;
     this.base_url = (options.base_url ?? envValue("SIGLUME_API_BASE") ?? DEFAULT_SIGLUME_API_BASE).replace(/\/+$/, "");
     this.timeout_ms = Math.max(1, Math.trunc(options.timeout_ms ?? 15e3));
-    this.user_agent = options.user_agent ?? "@siglume/direct-request-payment/0.1.0";
+    this.user_agent = options.user_agent ?? "@siglume/direct-request-payment/0.3.0";
     this.fetch_impl = fetchImpl;
   }
   async createPaymentRequirement(input) {
@@ -141,6 +142,157 @@ var DirectRequestPaymentClient = class {
     }
   }
 };
+var DirectRequestPaymentMerchantClient = class {
+  auth_token;
+  base_url;
+  timeout_ms;
+  user_agent;
+  fetch_impl;
+  constructor(options = {}) {
+    const authToken = options.auth_token ?? envValue("SIGLUME_MERCHANT_AUTH_TOKEN") ?? envValue("SIGLUME_AUTH_TOKEN");
+    if (!authToken) {
+      throw new SiglumeDirectRequestPaymentError(
+        "A merchant Siglume bearer token is required for Direct Request Payment merchant setup. Developer Portal API keys are not accepted."
+      );
+    }
+    const fetchImpl = options.fetch ?? globalThis.fetch;
+    if (!fetchImpl) {
+      throw new SiglumeDirectRequestPaymentError("A fetch implementation is required in this runtime.");
+    }
+    this.auth_token = authToken;
+    this.base_url = (options.base_url ?? envValue("SIGLUME_API_BASE") ?? DEFAULT_SIGLUME_API_BASE).replace(/\/+$/, "");
+    this.timeout_ms = Math.max(1, Math.trunc(options.timeout_ms ?? 15e3));
+    this.user_agent = options.user_agent ?? "@siglume/direct-request-payment/0.3.0";
+    this.fetch_impl = fetchImpl;
+  }
+  async setupMerchant(input) {
+    const payload = {
+      merchant: normalizeSelfServiceMerchant(input.merchant),
+      billing_plan: normalizeBillingPlan(input.billing_plan ?? "launch"),
+      billing_currency: normalizeCurrency(input.billing_currency ?? "JPY")
+    };
+    if (input.display_name !== void 0) {
+      payload.display_name = requireNonEmpty(input.display_name, "display_name");
+    }
+    if (input.allowed_currencies !== void 0) {
+      payload.allowed_currencies = normalizeAllowedCurrencies(input.allowed_currencies);
+    }
+    if (input.webhook_callback_url !== void 0) {
+      payload.webhook_callback_url = requireNonEmpty(input.webhook_callback_url, "webhook_callback_url");
+    }
+    if (input.billing_mandate_cap_minor !== void 0) {
+      payload.billing_mandate_cap_minor = positiveInteger(input.billing_mandate_cap_minor, "billing_mandate_cap_minor");
+    }
+    if (input.max_amount_minor !== void 0) {
+      payload.max_amount_minor = positiveInteger(input.max_amount_minor, "max_amount_minor");
+    }
+    return this.request("POST", "/market/api-store/direct-payments/merchants", payload);
+  }
+  async getMerchant(merchant) {
+    return this.request(
+      "GET",
+      `/market/api-store/direct-payments/merchants/${encodeURIComponent(normalizeSelfServiceMerchant(merchant))}`
+    );
+  }
+  async rotateChallengeSecret(merchant) {
+    return this.request(
+      "POST",
+      `/market/api-store/direct-payments/merchants/${encodeURIComponent(normalizeSelfServiceMerchant(merchant))}/challenge-secret/rotate`
+    );
+  }
+  async prepareBillingMandate(merchant, input = {}) {
+    const payload = {};
+    if (input.currency !== void 0) {
+      payload.currency = normalizeCurrency(input.currency);
+    }
+    if (input.billing_currency !== void 0) {
+      payload.billing_currency = normalizeCurrency(input.billing_currency);
+    }
+    if (input.max_amount_minor !== void 0) {
+      payload.max_amount_minor = positiveInteger(input.max_amount_minor, "max_amount_minor");
+    }
+    return this.request(
+      "POST",
+      `/market/api-store/direct-payments/merchants/${encodeURIComponent(normalizeSelfServiceMerchant(merchant))}/billing-mandate`,
+      payload
+    );
+  }
+  async createWebhookSubscription(input) {
+    const payload = {
+      callback_url: requireNonEmpty(input.callback_url, "callback_url"),
+      event_types: input.event_types?.length ? input.event_types.map((eventType) => requireNonEmpty(eventType, "event_type")) : ["direct_payment.confirmed", "direct_payment.spent"]
+    };
+    if (input.description !== void 0) {
+      payload.description = requireNonEmpty(input.description, "description");
+    }
+    if (input.metadata !== void 0) {
+      payload.metadata = cloneJsonObject(input.metadata, "metadata");
+    }
+    return this.request("POST", "/market/webhooks/subscriptions", payload);
+  }
+  async setupCheckout(input) {
+    const merchant = await this.setupMerchant(input);
+    const merchantKey = merchant.merchant_account.merchant;
+    const billing_mandate = input.prepare_billing_mandate === false ? null : await this.prepareBillingMandate(merchantKey, {
+      billing_currency: merchant.merchant_account.billing_currency ?? input.billing_currency ?? "JPY",
+      max_amount_minor: input.max_amount_minor ?? input.billing_mandate_cap_minor
+    });
+    const shouldCreateWebhook = input.create_webhook_subscription ?? Boolean(input.webhook_callback_url);
+    const webhook_subscription = shouldCreateWebhook && input.webhook_callback_url ? await this.createWebhookSubscription({
+      callback_url: input.webhook_callback_url,
+      description: input.webhook_description ?? `${merchantKey} Direct Request Payment`,
+      event_types: input.webhook_event_types,
+      metadata: { merchant: merchantKey, sdk: "@siglume/direct-request-payment" }
+    }) : null;
+    const env = {
+      SIGLUME_DIRECT_PAYMENT_MERCHANT: merchantKey
+    };
+    if (merchant.challenge_secret) {
+      env.SIGLUME_DIRECT_PAYMENT_CHALLENGE_SECRET = merchant.challenge_secret;
+    }
+    const webhookSecret = stringOrNull(webhook_subscription?.signing_secret);
+    if (webhookSecret) {
+      env.SIGLUME_WEBHOOK_SECRET = webhookSecret;
+    }
+    return { merchant, billing_mandate, webhook_subscription, env };
+  }
+  async request(method, path, json_body) {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), this.timeout_ms);
+    try {
+      const headers = {
+        "Accept": "application/json",
+        "Authorization": `Bearer ${this.auth_token}`,
+        "User-Agent": this.user_agent
+      };
+      let body;
+      if (json_body !== void 0) {
+        headers["Content-Type"] = "application/json";
+        body = JSON.stringify(json_body);
+      }
+      const response = await this.fetch_impl(`${this.base_url}${path}`, {
+        method,
+        headers,
+        body,
+        signal: controller.signal
+      });
+      const rawText = await response.text();
+      const parsed = rawText ? parseJson(rawText) : {};
+      if (!response.ok) {
+        const error = isRecord(parsed) && isRecord(parsed.error) ? parsed.error : {};
+        const code = stringOrNull(error.code) ?? stringOrNull(parsed.code) ?? `HTTP_${response.status}`;
+        const message = stringOrNull(error.message) ?? stringOrNull(parsed.message) ?? response.statusText;
+        throw new SiglumeApiError(message, { status: response.status, code, data: parsed });
+      }
+      if (isRecord(parsed) && "data" in parsed) {
+        return parsed.data;
+      }
+      return parsed;
+    } finally {
+      clearTimeout(timeout);
+    }
+  }
+};
 async function createDirectRequestPaymentChallenge(input) {
   const merchant = normalizeMerchant(input.merchant);
   const amount_minor = positiveInteger(input.amount_minor, "amount_minor");
@@ -184,6 +336,56 @@ function parseDirectRequestPaymentChallenge(challenge) {
   }
   return { scheme, nonce, signature };
 }
+async function createDirectRequestPaymentRecurringChallenge(input) {
+  const merchant = normalizeMerchant(input.merchant);
+  const amount_minor = positiveInteger(input.amount_minor, "amount_minor");
+  const currency = normalizeCurrency(input.currency);
+  const cadence = normalizeRecurringCadence(input.cadence);
+  const nonce = input.nonce ? normalizeChallengeNonce(input.nonce) : await randomNonce();
+  const signature = await createDirectRequestPaymentRecurringChallengeSignature(input.secret, {
+    merchant,
+    amount_minor,
+    currency,
+    cadence,
+    nonce
+  });
+  const challenge = `${DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME}:${nonce}:${signature}`;
+  return {
+    scheme: DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME,
+    merchant,
+    amount_minor,
+    currency,
+    cadence,
+    nonce,
+    signature,
+    challenge,
+    challenge_hash: await sha256Prefixed(challenge)
+  };
+}
+async function createDirectRequestPaymentRecurringChallengeSignature(secret, input) {
+  const normalizedSecret = requireNonEmpty(secret, "secret");
+  const merchant = normalizeMerchant(input.merchant);
+  const amount = positiveInteger(input.amount_minor, "amount_minor");
+  const currency = normalizeCurrency(input.currency);
+  const cadence = normalizeRecurringCadence(input.cadence);
+  const nonce = normalizeChallengeNonce(input.nonce);
+  const material = `${merchant}:${amount}:${currency}:${cadence}:${nonce}`;
+  return hmacSha256Hex(normalizedSecret, new TextEncoder().encode(material));
+}
+async function verifyDirectRequestPaymentRecurringChallenge(secret, input) {
+  const parsed = parseDirectRequestPaymentChallenge(input.challenge);
+  if (parsed.scheme !== DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME) {
+    return false;
+  }
+  const expected = await createDirectRequestPaymentRecurringChallengeSignature(secret, {
+    merchant: input.merchant,
+    amount_minor: input.amount_minor,
+    currency: input.currency,
+    cadence: input.cadence,
+    nonce: parsed.nonce
+  });
+  return timingSafeEqualHex(expected, parsed.signature);
+}
 async function verifyDirectRequestPaymentChallenge(secret, input) {
   const parsed = parseDirectRequestPaymentChallenge(input.challenge);
   if (parsed.scheme !== DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME) {
@@ -302,6 +504,20 @@ function normalizeMerchant(value) {
   }
   return merchant;
 }
+function normalizeSelfServiceMerchant(value) {
+  const merchant = requireNonEmpty(value, "merchant").toLowerCase();
+  if (!/^[a-z0-9][a-z0-9_-]{2,63}$/.test(merchant)) {
+    throw new SiglumeDirectRequestPaymentError("merchant must be 3-64 chars using lowercase letters, numbers, underscore, or hyphen.");
+  }
+  return merchant;
+}
+function normalizeBillingPlan(value) {
+  const plan = requireNonEmpty(value, "billing_plan").toLowerCase();
+  if (plan === "launch" || plan === "free" || plan === "starter" || plan === "growth" || plan === "pro") {
+    return plan;
+  }
+  throw new SiglumeDirectRequestPaymentError("billing_plan must be launch, starter, growth, or pro.");
+}
 function normalizeCurrency(value) {
   const currency = requireNonEmpty(value, "currency").toUpperCase();
   if (currency !== "JPY" && currency !== "USD") {
@@ -316,6 +532,28 @@ function normalizeToken(value) {
   }
   return token;
 }
+function normalizeAllowedCurrencies(value) {
+  const normalized = {};
+  if (Array.isArray(value)) {
+    for (const item of value) {
+      const currency = normalizeCurrency(item);
+      normalized[currency] = defaultTokenForCurrency(currency);
+    }
+  } else if (isRecord(value)) {
+    for (const [rawCurrency, rawToken] of Object.entries(value)) {
+      normalized[normalizeCurrency(rawCurrency)] = normalizeToken(String(rawToken));
+    }
+  } else {
+    throw new SiglumeDirectRequestPaymentError("allowed_currencies must be an array or a currency-to-token object.");
+  }
+  if (Object.keys(normalized).length === 0) {
+    throw new SiglumeDirectRequestPaymentError("allowed_currencies must include at least one currency.");
+  }
+  return normalized;
+}
+function defaultTokenForCurrency(currency) {
+  return currency === "JPY" ? "JPYC" : "USDC";
+}
 function positiveInteger(value, name) {
   const parsed = Number(value);
   if (!Number.isSafeInteger(parsed) || parsed <= 0) {
@@ -337,6 +575,15 @@ function normalizeChallengeNonce(value) {
   }
   return nonce;
 }
+function normalizeRecurringCadence(value) {
+  const cadence = requireNonEmpty(value, "cadence").toLowerCase();
+  if (cadence !== "monthly" && cadence !== "daily") {
+    throw new SiglumeDirectRequestPaymentError(
+      'cadence must be "monthly" (subscription) or "daily" (scheduled autopay).'
+    );
+  }
+  return cadence;
+}
 function cloneJsonObject(value, name) {
   try {
     const cloned = JSON.parse(JSON.stringify(value));
@@ -498,8 +745,10 @@ export {
   DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME,
   DIRECT_REQUEST_PAYMENT_MODE,
   DIRECT_REQUEST_PAYMENT_RECEIPT_KIND,
+  DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME,
   DIRECT_REQUEST_PAYMENT_REFERENCE_TYPE,
   DirectRequestPaymentClient,
+  DirectRequestPaymentMerchantClient,
   SiglumeApiError,
   SiglumeDirectRequestPaymentError,
   SiglumeWebhookPayloadError,
@@ -511,12 +760,15 @@ export {
   computeWebhookSignature,
   createDirectRequestPaymentChallenge,
   createDirectRequestPaymentChallengeSignature,
+  createDirectRequestPaymentRecurringChallenge,
+  createDirectRequestPaymentRecurringChallengeSignature,
   createExternal402Challenge,
   directRequestPaymentChallengeHash,
   directRequestPaymentRequestHash,
   parseDirectRequestPaymentChallenge,
   parseDirectRequestPaymentWebhookEvent,
   verifyDirectRequestPaymentChallenge,
+  verifyDirectRequestPaymentRecurringChallenge,
   verifyDirectRequestPaymentWebhook,
   verifyExternal402Challenge,
   verifyWebhookSignature