@siglume/direct-request-payment 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (16) hide show
  1. package/CHANGELOG.md +50 -0
  2. package/README.md +271 -104
  3. package/dist/index.cjs +253 -1
  4. package/dist/index.cjs.map +1 -1
  5. package/dist/index.d.cts +131 -1
  6. package/dist/index.d.ts +131 -1
  7. package/dist/index.js +253 -1
  8. package/dist/index.js.map +1 -1
  9. package/docs/announcement-ja.md +64 -0
  10. package/docs/api-reference.md +209 -51
  11. package/docs/merchant-quickstart.md +183 -142
  12. package/docs/pricing.md +36 -19
  13. package/docs/security.md +14 -0
  14. package/examples/express-checkout.ts +3 -2
  15. package/examples/setup-merchant.ts +17 -0
  16. package/package.json +15 -1
package/dist/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/index.ts"],"sourcesContent":["export const DEFAULT_SIGLUME_API_BASE = \"https://siglume.com/v1\";\r\nexport const DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME = \"siglume-external-402-v1\";\r\nexport const DIRECT_REQUEST_PAYMENT_MODE = \"external_402\";\r\nexport const DIRECT_REQUEST_PAYMENT_RECEIPT_KIND = \"api_store_direct_payment\";\r\nexport const DIRECT_REQUEST_PAYMENT_ALLOWANCE_RECEIPT_KIND = \"api_store_direct_payment_allowance\";\r\nexport const DIRECT_REQUEST_PAYMENT_REFERENCE_TYPE = \"api_store_direct_payment_requirement\";\r\nexport const DEFAULT_WEBHOOK_TOLERANCE_SECONDS = 300;\r\n\r\nexport type DirectRequestPaymentCurrency = \"JPY\" | \"USD\";\r\nexport type DirectRequestPaymentToken = \"JPYC\" | \"USDC\";\r\n\r\nexport interface DirectRequestPaymentChallengeInput {\r\n merchant: string;\r\n amount_minor: number;\r\n currency: DirectRequestPaymentCurrency | string;\r\n secret: string;\r\n nonce?: string;\r\n}\r\n\r\nexport interface DirectRequestPaymentChallenge {\r\n scheme: typeof DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME;\r\n merchant: string;\r\n amount_minor: number;\r\n currency: DirectRequestPaymentCurrency;\r\n nonce: string;\r\n signature: string;\r\n challenge: string;\r\n challenge_hash: string;\r\n}\r\n\r\nexport interface ParsedDirectRequestPaymentChallenge {\r\n scheme: string;\r\n nonce: string;\r\n signature: string;\r\n}\r\n\r\nexport interface Web3TransactionRequest {\r\n network?: string;\r\n chain_id?: number;\r\n from?: string;\r\n to?: string;\r\n data?: string;\r\n value?: string | number;\r\n metadata_jsonb?: Record<string, unknown>;\r\n [key: string]: unknown;\r\n}\r\n\r\nexport interface DirectPaymentRequirement {\r\n direct_payment_requirement_id: string;\r\n requirement_id: string;\r\n id: string;\r\n mode: string;\r\n merchant?: string | null;\r\n challenge_hash?: string | null;\r\n buyer_user_id: string;\r\n agent_id?: string | null;\r\n product_listing_id: string;\r\n listing_id: string;\r\n access_grant_id?: string | null;\r\n capability_key: string;\r\n requirement_hash: string;\r\n request_hash: string;\r\n siglume_signature: string;\r\n token_symbol: string;\r\n currency: string;\r\n amount_minor: number;\r\n fee_bps: number;\r\n status: string;\r\n expires_at?: string | null;\r\n confirmed_at?: string | null;\r\n spent_at?: string | null;\r\n chain_receipt_id?: string | null;\r\n transaction_request: Web3TransactionRequest;\r\n approve_transaction_request?: Web3TransactionRequest | null;\r\n buyer_confirmation?: string | null;\r\n non_custodial: boolean;\r\n metadata_jsonb?: Record<string, unknown>;\r\n created_at?: string | null;\r\n updated_at?: string | null;\r\n}\r\n\r\nexport interface DirectPaymentRequirementCreateInput {\r\n merchant: string;\r\n amount_minor: number;\r\n currency: DirectRequestPaymentCurrency | string;\r\n challenge: string;\r\n token_symbol?: DirectRequestPaymentToken | string;\r\n allowance_amount_minor?: number;\r\n metadata?: Record<string, unknown>;\r\n}\r\n\r\nexport interface DirectPaymentVerifyInput {\r\n receipt_id?: string | null;\r\n chain_receipt_id?: string | null;\r\n await_finality?: boolean;\r\n await_required_status?: string | null;\r\n await_timeout_seconds?: number;\r\n await_poll_seconds?: number;\r\n}\r\n\r\nexport interface Web3PreparedTransactionExecutePayload {\r\n transaction_request: Web3TransactionRequest;\r\n receipt_kind: string;\r\n reference_type: typeof DIRECT_REQUEST_PAYMENT_REFERENCE_TYPE;\r\n reference_id: string;\r\n metadata?: Record<string, unknown>;\r\n await_finality?: boolean;\r\n}\r\n\r\nexport interface Web3PreparedTransactionExecuteResult {\r\n receipt?: Record<string, unknown>;\r\n finalization?: Record<string, unknown>;\r\n [key: string]: unknown;\r\n}\r\n\r\nexport interface DirectRequestPaymentClientOptions {\r\n auth_token?: string;\r\n base_url?: string;\r\n fetch?: typeof fetch;\r\n timeout_ms?: number;\r\n user_agent?: string;\r\n}\r\n\r\nexport interface SiglumeEnvelopeMeta {\r\n request_id?: string | null;\r\n trace_id?: string | null;\r\n [key: string]: unknown;\r\n}\r\n\r\nexport interface WebhookSignatureVerification {\r\n timestamp: number;\r\n signature: string;\r\n}\r\n\r\nexport interface DirectRequestPaymentWebhookEvent {\r\n id: string;\r\n type: \"direct_payment.confirmed\" | string;\r\n api_version: string;\r\n occurred_at: string;\r\n data: {\r\n mode?: string;\r\n merchant?: string;\r\n direct_payment_requirement_id?: string;\r\n requirement_id?: string;\r\n challenge_hash?: string;\r\n amount_minor?: number;\r\n currency?: string;\r\n token_symbol?: string;\r\n status?: string;\r\n [key: string]: unknown;\r\n };\r\n [key: string]: unknown;\r\n}\r\n\r\nexport class SiglumeDirectRequestPaymentError extends Error {\r\n constructor(message: string) {\r\n super(message);\r\n this.name = \"SiglumeDirectRequestPaymentError\";\r\n }\r\n}\r\n\r\nexport class SiglumeApiError extends SiglumeDirectRequestPaymentError {\r\n readonly status: number;\r\n readonly code: string;\r\n readonly data: unknown;\r\n\r\n constructor(message: string, options: { status: number; code?: string; data?: unknown }) {\r\n super(message);\r\n this.name = \"SiglumeApiError\";\r\n this.status = options.status;\r\n this.code = options.code ?? \"SIGLUME_API_ERROR\";\r\n this.data = options.data;\r\n }\r\n}\r\n\r\nexport class SiglumeWebhookSignatureError extends SiglumeDirectRequestPaymentError {\r\n constructor(message: string) {\r\n super(message);\r\n this.name = \"SiglumeWebhookSignatureError\";\r\n }\r\n}\r\n\r\nexport class SiglumeWebhookPayloadError extends SiglumeDirectRequestPaymentError {\r\n constructor(message: string) {\r\n super(message);\r\n this.name = \"SiglumeWebhookPayloadError\";\r\n }\r\n}\r\n\r\nexport class DirectRequestPaymentClient {\r\n readonly auth_token: string;\r\n readonly base_url: string;\r\n readonly timeout_ms: number;\r\n readonly user_agent: string;\r\n private readonly fetch_impl: typeof fetch;\r\n\r\n constructor(options: DirectRequestPaymentClientOptions = {}) {\r\n const authToken = options.auth_token ?? envValue(\"SIGLUME_AUTH_TOKEN\");\r\n if (!authToken) {\r\n throw new SiglumeDirectRequestPaymentError(\r\n \"A buyer Siglume bearer token is required for Direct Request Payment API calls. Developer Portal API keys are not accepted.\",\r\n );\r\n }\r\n const fetchImpl = options.fetch ?? globalThis.fetch;\r\n if (!fetchImpl) {\r\n throw new SiglumeDirectRequestPaymentError(\"A fetch implementation is required in this runtime.\");\r\n }\r\n this.auth_token = authToken;\r\n this.base_url = (options.base_url ?? envValue(\"SIGLUME_API_BASE\") ?? DEFAULT_SIGLUME_API_BASE).replace(/\\/+$/, \"\");\r\n this.timeout_ms = Math.max(1, Math.trunc(options.timeout_ms ?? 15000));\r\n this.user_agent = options.user_agent ?? \"@siglume/direct-request-payment/0.1.0\";\r\n this.fetch_impl = fetchImpl;\r\n }\r\n\r\n async createPaymentRequirement(input: DirectPaymentRequirementCreateInput): Promise<DirectPaymentRequirement> {\r\n const payload: Record<string, unknown> = {\r\n mode: DIRECT_REQUEST_PAYMENT_MODE,\r\n merchant: normalizeMerchant(input.merchant),\r\n amount_minor: positiveInteger(input.amount_minor, \"amount_minor\"),\r\n currency: normalizeCurrency(input.currency),\r\n challenge: requireNonEmpty(input.challenge, \"challenge\"),\r\n };\r\n if (input.token_symbol !== undefined) {\r\n payload.token_symbol = normalizeToken(input.token_symbol);\r\n }\r\n if (input.allowance_amount_minor !== undefined) {\r\n payload.allowance_amount_minor = positiveInteger(input.allowance_amount_minor, \"allowance_amount_minor\");\r\n }\r\n if (input.metadata !== undefined) {\r\n payload.metadata = cloneJsonObject(input.metadata, \"metadata\");\r\n }\r\n return this.request<DirectPaymentRequirement>(\"POST\", \"/market/api-store/direct-payments/requirements\", payload);\r\n }\r\n\r\n async getPaymentRequirement(requirement_id: string): Promise<DirectPaymentRequirement> {\r\n return this.request<DirectPaymentRequirement>(\r\n \"GET\",\r\n `/market/api-store/direct-payments/requirements/${encodeURIComponent(requireNonEmpty(requirement_id, \"requirement_id\"))}`,\r\n );\r\n }\r\n\r\n async verifyPaymentRequirement(\r\n requirement_id: string,\r\n input: DirectPaymentVerifyInput,\r\n ): Promise<DirectPaymentRequirement> {\r\n return this.request<DirectPaymentRequirement>(\r\n \"POST\",\r\n `/market/api-store/direct-payments/requirements/${encodeURIComponent(requireNonEmpty(requirement_id, \"requirement_id\"))}/verify`,\r\n input,\r\n );\r\n }\r\n\r\n async executePreparedTransaction(\r\n payload: Web3PreparedTransactionExecutePayload,\r\n ): Promise<Web3PreparedTransactionExecuteResult> {\r\n return this.request<Web3PreparedTransactionExecuteResult>(\r\n \"POST\",\r\n \"/market/web3/transactions/execute-prepared\",\r\n payload,\r\n );\r\n }\r\n\r\n async executePaymentTransaction(\r\n requirement: DirectPaymentRequirement,\r\n options: { await_finality?: boolean; metadata?: Record<string, unknown> } = {},\r\n ): Promise<Web3PreparedTransactionExecuteResult> {\r\n return this.executePreparedTransaction(buildPaymentExecutionPayload(requirement, options));\r\n }\r\n\r\n async executeAllowanceTransaction(\r\n requirement: DirectPaymentRequirement,\r\n options: { await_finality?: boolean; metadata?: Record<string, unknown> } = {},\r\n ): Promise<Web3PreparedTransactionExecuteResult> {\r\n return this.executePreparedTransaction(buildAllowanceExecutionPayload(requirement, options));\r\n }\r\n\r\n async request<T>(method: string, path: string, json_body?: unknown): Promise<T> {\r\n const controller = new AbortController();\r\n const timeout = setTimeout(() => controller.abort(), this.timeout_ms);\r\n try {\r\n const headers: Record<string, string> = {\r\n \"Accept\": \"application/json\",\r\n \"Authorization\": `Bearer ${this.auth_token}`,\r\n \"User-Agent\": this.user_agent,\r\n };\r\n let body: string | undefined;\r\n if (json_body !== undefined) {\r\n headers[\"Content-Type\"] = \"application/json\";\r\n body = JSON.stringify(json_body);\r\n }\r\n const response = await this.fetch_impl(`${this.base_url}${path}`, {\r\n method,\r\n headers,\r\n body,\r\n signal: controller.signal,\r\n });\r\n const rawText = await response.text();\r\n const parsed = rawText ? parseJson(rawText) : {};\r\n if (!response.ok) {\r\n const error = isRecord(parsed) && isRecord(parsed.error) ? parsed.error : {};\r\n const code = stringOrNull(error.code) ?? stringOrNull((parsed as Record<string, unknown>).code) ?? `HTTP_${response.status}`;\r\n const message = stringOrNull(error.message) ?? stringOrNull((parsed as Record<string, unknown>).message) ?? response.statusText;\r\n throw new SiglumeApiError(message, { status: response.status, code, data: parsed });\r\n }\r\n if (isRecord(parsed) && \"data\" in parsed) {\r\n return parsed.data as T;\r\n }\r\n return parsed as T;\r\n } finally {\r\n clearTimeout(timeout);\r\n }\r\n }\r\n}\r\n\r\nexport async function createDirectRequestPaymentChallenge(\r\n input: DirectRequestPaymentChallengeInput,\r\n): Promise<DirectRequestPaymentChallenge> {\r\n const merchant = normalizeMerchant(input.merchant);\r\n const amount_minor = positiveInteger(input.amount_minor, \"amount_minor\");\r\n const currency = normalizeCurrency(input.currency);\r\n const nonce = input.nonce ? normalizeChallengeNonce(input.nonce) : await randomNonce();\r\n const signature = await createDirectRequestPaymentChallengeSignature(input.secret, {\r\n merchant,\r\n amount_minor,\r\n currency,\r\n nonce,\r\n });\r\n const challenge = `${DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME}:${nonce}:${signature}`;\r\n return {\r\n scheme: DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME,\r\n merchant,\r\n amount_minor,\r\n currency,\r\n nonce,\r\n signature,\r\n challenge,\r\n challenge_hash: await sha256Prefixed(challenge),\r\n };\r\n}\r\n\r\nexport async function createDirectRequestPaymentChallengeSignature(\r\n secret: string,\r\n input: {\r\n merchant: string;\r\n amount_minor: number;\r\n currency: DirectRequestPaymentCurrency | string;\r\n nonce: string;\r\n },\r\n): Promise<string> {\r\n const normalizedSecret = requireNonEmpty(secret, \"secret\");\r\n const merchant = normalizeMerchant(input.merchant);\r\n const amount = positiveInteger(input.amount_minor, \"amount_minor\");\r\n const currency = normalizeCurrency(input.currency);\r\n const nonce = normalizeChallengeNonce(input.nonce);\r\n const material = `${merchant}:${amount}:${currency}:${nonce}`;\r\n return hmacSha256Hex(normalizedSecret, new TextEncoder().encode(material));\r\n}\r\n\r\nexport function parseDirectRequestPaymentChallenge(challenge: string): ParsedDirectRequestPaymentChallenge {\r\n const parts = requireNonEmpty(challenge, \"challenge\").split(\":\");\r\n if (parts.length !== 3) {\r\n throw new SiglumeDirectRequestPaymentError(\"Direct Request Payment challenge must be scheme:nonce:signature.\");\r\n }\r\n const [scheme, nonce, signature] = parts;\r\n if (!scheme || !nonce || !signature) {\r\n throw new SiglumeDirectRequestPaymentError(\"Direct Request Payment challenge is incomplete.\");\r\n }\r\n return { scheme, nonce, signature };\r\n}\r\n\r\nexport async function verifyDirectRequestPaymentChallenge(\r\n secret: string,\r\n input: {\r\n merchant: string;\r\n amount_minor: number;\r\n currency: DirectRequestPaymentCurrency | string;\r\n challenge: string;\r\n },\r\n): Promise<boolean> {\r\n const parsed = parseDirectRequestPaymentChallenge(input.challenge);\r\n if (parsed.scheme !== DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME) {\r\n return false;\r\n }\r\n const expected = await createDirectRequestPaymentChallengeSignature(secret, {\r\n merchant: input.merchant,\r\n amount_minor: input.amount_minor,\r\n currency: input.currency,\r\n nonce: parsed.nonce,\r\n });\r\n return timingSafeEqualHex(expected, parsed.signature);\r\n}\r\n\r\nexport async function directRequestPaymentChallengeHash(challenge: string): Promise<string> {\r\n return sha256Prefixed(requireNonEmpty(challenge, \"challenge\"));\r\n}\r\n\r\nexport async function directRequestPaymentRequestHash(input: {\r\n merchant: string;\r\n amount_minor: number;\r\n currency: DirectRequestPaymentCurrency | string;\r\n challenge: string;\r\n}): Promise<string> {\r\n const material = `${normalizeMerchant(input.merchant)}${positiveInteger(input.amount_minor, \"amount_minor\")}${normalizeCurrency(input.currency)}${requireNonEmpty(input.challenge, \"challenge\")}`;\r\n return sha256Prefixed(material);\r\n}\r\n\r\nexport function buildPaymentExecutionPayload(\r\n requirement: DirectPaymentRequirement,\r\n options: { await_finality?: boolean; metadata?: Record<string, unknown> } = {},\r\n): Web3PreparedTransactionExecutePayload {\r\n return buildPreparedTransactionExecutionPayload(requirement, requirement.transaction_request, {\r\n receipt_kind: DIRECT_REQUEST_PAYMENT_RECEIPT_KIND,\r\n await_finality: options.await_finality,\r\n metadata: options.metadata,\r\n });\r\n}\r\n\r\nexport function buildAllowanceExecutionPayload(\r\n requirement: DirectPaymentRequirement,\r\n options: { await_finality?: boolean; metadata?: Record<string, unknown> } = {},\r\n): Web3PreparedTransactionExecutePayload {\r\n const approveRequest = requirement.approve_transaction_request;\r\n if (!approveRequest || Object.keys(approveRequest).length === 0) {\r\n throw new SiglumeDirectRequestPaymentError(\"This payment requirement does not include an allowance approval transaction.\");\r\n }\r\n return buildPreparedTransactionExecutionPayload(requirement, approveRequest, {\r\n receipt_kind: DIRECT_REQUEST_PAYMENT_ALLOWANCE_RECEIPT_KIND,\r\n await_finality: options.await_finality,\r\n metadata: options.metadata,\r\n });\r\n}\r\n\r\nexport function buildPreparedTransactionExecutionPayload(\r\n requirement: DirectPaymentRequirement,\r\n transaction_request: Web3TransactionRequest,\r\n options: {\r\n receipt_kind: string;\r\n await_finality?: boolean;\r\n metadata?: Record<string, unknown>;\r\n },\r\n): Web3PreparedTransactionExecutePayload {\r\n const metadata = {\r\n ...(isRecord(transaction_request.metadata_jsonb) ? transaction_request.metadata_jsonb : {}),\r\n ...(options.metadata ?? {}),\r\n };\r\n return {\r\n transaction_request,\r\n receipt_kind: requireNonEmpty(options.receipt_kind, \"receipt_kind\"),\r\n reference_type: DIRECT_REQUEST_PAYMENT_REFERENCE_TYPE,\r\n reference_id: requirement.requirement_id,\r\n metadata,\r\n await_finality: Boolean(options.await_finality),\r\n };\r\n}\r\n\r\nexport async function computeWebhookSignature(\r\n signing_secret: string,\r\n body: Uint8Array | ArrayBuffer | string | Record<string, unknown>,\r\n options: { timestamp: number },\r\n): Promise<string> {\r\n if (!signing_secret) {\r\n throw new SiglumeWebhookSignatureError(\"SIGLUME webhook signing secret is required.\");\r\n }\r\n const timestamp = Math.trunc(options.timestamp);\r\n const bytes = bodyBytes(body);\r\n const prefix = new TextEncoder().encode(`${timestamp}.`);\r\n const payload = new Uint8Array(prefix.length + bytes.length);\r\n payload.set(prefix, 0);\r\n payload.set(bytes, prefix.length);\r\n return hmacSha256Hex(signing_secret, payload);\r\n}\r\n\r\nexport async function buildWebhookSignatureHeader(\r\n signing_secret: string,\r\n body: Uint8Array | ArrayBuffer | string | Record<string, unknown>,\r\n options: { timestamp?: number } = {},\r\n): Promise<string> {\r\n const timestamp = Math.trunc(options.timestamp ?? Date.now() / 1000);\r\n const signature = await computeWebhookSignature(signing_secret, body, { timestamp });\r\n return `t=${timestamp},v1=${signature}`;\r\n}\r\n\r\nexport async function verifyWebhookSignature(\r\n signing_secret: string,\r\n body: Uint8Array | ArrayBuffer | string | Record<string, unknown>,\r\n signature_header: string,\r\n options: { tolerance_seconds?: number; now?: number } = {},\r\n): Promise<WebhookSignatureVerification> {\r\n const { timestamp, signature } = parseSignatureHeader(signature_header);\r\n const toleranceSeconds = Math.max(1, Math.trunc(options.tolerance_seconds ?? DEFAULT_WEBHOOK_TOLERANCE_SECONDS));\r\n const nowSeconds = Math.trunc(options.now ?? Date.now() / 1000);\r\n if (Math.abs(nowSeconds - timestamp) > toleranceSeconds) {\r\n throw new SiglumeWebhookSignatureError(\"Webhook timestamp is outside the allowed tolerance window.\");\r\n }\r\n const expected = await computeWebhookSignature(signing_secret, body, { timestamp });\r\n if (!(await timingSafeEqualHex(expected, signature))) {\r\n throw new SiglumeWebhookSignatureError(\"Webhook signature did not match.\");\r\n }\r\n return { timestamp, signature };\r\n}\r\n\r\nexport function parseDirectRequestPaymentWebhookEvent(payload: unknown): DirectRequestPaymentWebhookEvent {\r\n const event = requireRecord(payload, \"webhook event\");\r\n const data = requireRecord(event.data, \"webhook event data\");\r\n const parsed = {\r\n ...event,\r\n id: requireNonEmpty(stringOrNull(event.id) ?? \"\", \"webhook event id\"),\r\n type: requireNonEmpty(stringOrNull(event.type) ?? \"\", \"webhook event type\"),\r\n api_version: requireNonEmpty(stringOrNull(event.api_version) ?? \"\", \"webhook api_version\"),\r\n occurred_at: requireNonEmpty(stringOrNull(event.occurred_at) ?? \"\", \"webhook occurred_at\"),\r\n data: { ...data },\r\n } as DirectRequestPaymentWebhookEvent;\r\n if (parsed.type === \"direct_payment.confirmed\" && parsed.data.mode !== DIRECT_REQUEST_PAYMENT_MODE) {\r\n throw new SiglumeWebhookPayloadError(\"direct_payment.confirmed webhook must carry data.mode='external_402'.\");\r\n }\r\n return parsed;\r\n}\r\n\r\nexport async function verifyDirectRequestPaymentWebhook(\r\n signing_secret: string,\r\n body: Uint8Array | ArrayBuffer | string | Record<string, unknown>,\r\n signature_header: string,\r\n options: { tolerance_seconds?: number; now?: number } = {},\r\n): Promise<{ event: DirectRequestPaymentWebhookEvent; verification: WebhookSignatureVerification }> {\r\n const verification = await verifyWebhookSignature(signing_secret, body, signature_header, options);\r\n const text = new TextDecoder().decode(bodyBytes(body));\r\n let parsed: unknown;\r\n try {\r\n parsed = JSON.parse(text);\r\n } catch (error) {\r\n throw new SiglumeWebhookPayloadError(\"Webhook body must contain valid JSON.\");\r\n }\r\n return { event: parseDirectRequestPaymentWebhookEvent(parsed), verification };\r\n}\r\n\r\nexport const createExternal402Challenge = createDirectRequestPaymentChallenge;\r\nexport const verifyExternal402Challenge = verifyDirectRequestPaymentChallenge;\r\n\r\nfunction normalizeMerchant(value: string): string {\r\n const merchant = requireNonEmpty(value, \"merchant\").toLowerCase();\r\n if (!/^[a-z0-9][a-z0-9._-]{0,95}$/.test(merchant)) {\r\n throw new SiglumeDirectRequestPaymentError(\"merchant must be a lowercase key using letters, numbers, dot, underscore, or hyphen.\");\r\n }\r\n return merchant;\r\n}\r\n\r\nfunction normalizeCurrency(value: string): DirectRequestPaymentCurrency {\r\n const currency = requireNonEmpty(value, \"currency\").toUpperCase();\r\n if (currency !== \"JPY\" && currency !== \"USD\") {\r\n throw new SiglumeDirectRequestPaymentError(\"currency must be JPY or USD.\");\r\n }\r\n return currency;\r\n}\r\n\r\nfunction normalizeToken(value: string): DirectRequestPaymentToken {\r\n const token = requireNonEmpty(value, \"token_symbol\").toUpperCase();\r\n if (token !== \"JPYC\" && token !== \"USDC\") {\r\n throw new SiglumeDirectRequestPaymentError(\"token_symbol must be JPYC or USDC.\");\r\n }\r\n return token;\r\n}\r\n\r\nfunction positiveInteger(value: number, name: string): number {\r\n const parsed = Number(value);\r\n if (!Number.isSafeInteger(parsed) || parsed <= 0) {\r\n throw new SiglumeDirectRequestPaymentError(`${name} must be a positive safe integer.`);\r\n }\r\n return parsed;\r\n}\r\n\r\nfunction requireNonEmpty(value: string, name: string): string {\r\n const text = String(value ?? \"\").trim();\r\n if (!text) {\r\n throw new SiglumeDirectRequestPaymentError(`${name} is required.`);\r\n }\r\n return text;\r\n}\r\n\r\nfunction normalizeChallengeNonce(value: string): string {\r\n const nonce = requireNonEmpty(value, \"nonce\");\r\n if (nonce.includes(\":\")) {\r\n throw new SiglumeDirectRequestPaymentError(\"nonce must not contain ':'.\");\r\n }\r\n return nonce;\r\n}\r\n\r\nfunction cloneJsonObject(value: Record<string, unknown>, name: string): Record<string, unknown> {\r\n try {\r\n const cloned = JSON.parse(JSON.stringify(value)) as unknown;\r\n if (!isRecord(cloned)) {\r\n throw new Error(\"not an object\");\r\n }\r\n return cloned;\r\n } catch (error) {\r\n throw new SiglumeDirectRequestPaymentError(`${name} must be a JSON-serializable object.`);\r\n }\r\n}\r\n\r\nfunction parseJson(rawText: string): unknown {\r\n try {\r\n return JSON.parse(rawText);\r\n } catch (error) {\r\n throw new SiglumeApiError(\"Siglume API returned invalid JSON.\", {\r\n status: 502,\r\n code: \"INVALID_JSON_RESPONSE\",\r\n data: rawText,\r\n });\r\n }\r\n}\r\n\r\nfunction stringOrNull(value: unknown): string | null {\r\n if (typeof value !== \"string\") {\r\n return null;\r\n }\r\n const text = value.trim();\r\n return text ? text : null;\r\n}\r\n\r\nfunction isRecord(value: unknown): value is Record<string, unknown> {\r\n return typeof value === \"object\" && value !== null && !Array.isArray(value);\r\n}\r\n\r\nfunction requireRecord(value: unknown, name: string): Record<string, unknown> {\r\n if (!isRecord(value)) {\r\n throw new SiglumeWebhookPayloadError(`${name} must be an object.`);\r\n }\r\n return value;\r\n}\r\n\r\nfunction envValue(name: string): string | undefined {\r\n if (typeof process === \"undefined\") {\r\n return undefined;\r\n }\r\n const value = process.env[name];\r\n return value && value.trim() ? value.trim() : undefined;\r\n}\r\n\r\nfunction bodyBytes(body: Uint8Array | ArrayBuffer | string | Record<string, unknown>): Uint8Array {\r\n if (body instanceof Uint8Array) {\r\n return body;\r\n }\r\n if (body instanceof ArrayBuffer) {\r\n return new Uint8Array(body);\r\n }\r\n if (typeof body === \"string\") {\r\n return new TextEncoder().encode(body);\r\n }\r\n if (isRecord(body)) {\r\n return new TextEncoder().encode(JSON.stringify(body));\r\n }\r\n throw new SiglumeWebhookPayloadError(\"Webhook body must be raw bytes, a string, or a JSON object.\");\r\n}\r\n\r\nfunction parseSignatureHeader(signatureHeader: string): { timestamp: number; signature: string } {\r\n let timestamp: number | null = null;\r\n let signature: string | null = null;\r\n for (const item of String(signatureHeader ?? \"\").split(\",\")) {\r\n const [key, value] = item.trim().split(\"=\", 2);\r\n if (key === \"t\") {\r\n const parsed = Number.parseInt(value ?? \"\", 10);\r\n if (!Number.isFinite(parsed)) {\r\n throw new SiglumeWebhookSignatureError(\"Webhook signature timestamp is invalid.\");\r\n }\r\n timestamp = parsed;\r\n }\r\n if (key === \"v1\") {\r\n signature = String(value ?? \"\").trim();\r\n }\r\n }\r\n if (timestamp === null || !signature) {\r\n throw new SiglumeWebhookSignatureError(\"Webhook signature header is incomplete.\");\r\n }\r\n return { timestamp, signature };\r\n}\r\n\r\nasync function randomNonce(): Promise<string> {\r\n if (globalThis.crypto?.randomUUID) {\r\n return globalThis.crypto.randomUUID();\r\n }\r\n const bytes = new Uint8Array(16);\r\n if (globalThis.crypto?.getRandomValues) {\r\n globalThis.crypto.getRandomValues(bytes);\r\n } else if (typeof process !== \"undefined\" && process.versions?.node) {\r\n const crypto = await import(\"node:crypto\");\r\n bytes.set(crypto.randomBytes(16));\r\n } else {\r\n throw new SiglumeDirectRequestPaymentError(\"Crypto random number generation is unavailable in this runtime.\");\r\n }\r\n return bytesToHex(bytes);\r\n}\r\n\r\nasync function hmacSha256Hex(secret: string, payload: Uint8Array): Promise<string> {\r\n if (globalThis.crypto?.subtle) {\r\n const stablePayload = new Uint8Array(payload.byteLength);\r\n stablePayload.set(payload);\r\n const key = await globalThis.crypto.subtle.importKey(\r\n \"raw\",\r\n new TextEncoder().encode(secret),\r\n { name: \"HMAC\", hash: \"SHA-256\" },\r\n false,\r\n [\"sign\"],\r\n );\r\n const digest = await globalThis.crypto.subtle.sign(\"HMAC\", key, stablePayload);\r\n return bytesToHex(new Uint8Array(digest));\r\n }\r\n if (typeof process !== \"undefined\" && process.versions?.node) {\r\n const crypto = await import(\"node:crypto\");\r\n return crypto.createHmac(\"sha256\", secret).update(Buffer.from(payload)).digest(\"hex\");\r\n }\r\n throw new SiglumeDirectRequestPaymentError(\"Web Crypto is required for HMAC-SHA256 in this runtime.\");\r\n}\r\n\r\nasync function sha256Prefixed(material: string): Promise<string> {\r\n const bytes = new TextEncoder().encode(material);\r\n if (globalThis.crypto?.subtle) {\r\n const digest = await globalThis.crypto.subtle.digest(\"SHA-256\", bytes);\r\n return `sha256:${bytesToHex(new Uint8Array(digest))}`;\r\n }\r\n if (typeof process !== \"undefined\" && process.versions?.node) {\r\n const crypto = await import(\"node:crypto\");\r\n return `sha256:${crypto.createHash(\"sha256\").update(Buffer.from(bytes)).digest(\"hex\")}`;\r\n }\r\n throw new SiglumeDirectRequestPaymentError(\"Web Crypto is required for SHA-256 in this runtime.\");\r\n}\r\n\r\nfunction bytesToHex(bytes: Uint8Array): string {\r\n return [...bytes].map((item) => item.toString(16).padStart(2, \"0\")).join(\"\");\r\n}\r\n\r\nfunction hexToBytes(hex: string): Uint8Array {\r\n const normalized = String(hex ?? \"\").trim().toLowerCase();\r\n if (normalized.length % 2 !== 0 || !/^[0-9a-f]*$/.test(normalized)) {\r\n throw new SiglumeWebhookSignatureError(\"Hex digest is invalid.\");\r\n }\r\n const bytes = new Uint8Array(normalized.length / 2);\r\n for (let index = 0; index < normalized.length; index += 2) {\r\n bytes[index / 2] = Number.parseInt(normalized.slice(index, index + 2), 16);\r\n }\r\n return bytes;\r\n}\r\n\r\nasync function timingSafeEqualHex(left: string, right: string): Promise<boolean> {\r\n const leftBytes = hexToBytes(left);\r\n const rightBytes = hexToBytes(right);\r\n if (leftBytes.length !== rightBytes.length) {\r\n return false;\r\n }\r\n let diff = 0;\r\n for (let index = 0; index < leftBytes.length; index += 1) {\r\n diff |= leftBytes[index]! ^ rightBytes[index]!;\r\n }\r\n return diff === 0;\r\n}\r\n"],"mappings":";AAAO,IAAM,2BAA2B;AACjC,IAAM,0CAA0C;AAChD,IAAM,8BAA8B;AACpC,IAAM,sCAAsC;AAC5C,IAAM,gDAAgD;AACtD,IAAM,wCAAwC;AAC9C,IAAM,oCAAoC;AAoJ1C,IAAM,mCAAN,cAA+C,MAAM;AAAA,EAC1D,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,kBAAN,cAA8B,iCAAiC;AAAA,EAC3D;AAAA,EACA;AAAA,EACA;AAAA,EAET,YAAY,SAAiB,SAA4D;AACvF,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS,QAAQ;AACtB,SAAK,OAAO,QAAQ,QAAQ;AAC5B,SAAK,OAAO,QAAQ;AAAA,EACtB;AACF;AAEO,IAAM,+BAAN,cAA2C,iCAAiC;AAAA,EACjF,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,6BAAN,cAAyC,iCAAiC;AAAA,EAC/E,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,6BAAN,MAAiC;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACQ;AAAA,EAEjB,YAAY,UAA6C,CAAC,GAAG;AAC3D,UAAM,YAAY,QAAQ,cAAc,SAAS,oBAAoB;AACrE,QAAI,CAAC,WAAW;AACd,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AACA,UAAM,YAAY,QAAQ,SAAS,WAAW;AAC9C,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,iCAAiC,qDAAqD;AAAA,IAClG;AACA,SAAK,aAAa;AAClB,SAAK,YAAY,QAAQ,YAAY,SAAS,kBAAkB,KAAK,0BAA0B,QAAQ,QAAQ,EAAE;AACjH,SAAK,aAAa,KAAK,IAAI,GAAG,KAAK,MAAM,QAAQ,cAAc,IAAK,CAAC;AACrE,SAAK,aAAa,QAAQ,cAAc;AACxC,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,MAAM,yBAAyB,OAA+E;AAC5G,UAAM,UAAmC;AAAA,MACvC,MAAM;AAAA,MACN,UAAU,kBAAkB,MAAM,QAAQ;AAAA,MAC1C,cAAc,gBAAgB,MAAM,cAAc,cAAc;AAAA,MAChE,UAAU,kBAAkB,MAAM,QAAQ;AAAA,MAC1C,WAAW,gBAAgB,MAAM,WAAW,WAAW;AAAA,IACzD;AACA,QAAI,MAAM,iBAAiB,QAAW;AACpC,cAAQ,eAAe,eAAe,MAAM,YAAY;AAAA,IAC1D;AACA,QAAI,MAAM,2BAA2B,QAAW;AAC9C,cAAQ,yBAAyB,gBAAgB,MAAM,wBAAwB,wBAAwB;AAAA,IACzG;AACA,QAAI,MAAM,aAAa,QAAW;AAChC,cAAQ,WAAW,gBAAgB,MAAM,UAAU,UAAU;AAAA,IAC/D;AACA,WAAO,KAAK,QAAkC,QAAQ,kDAAkD,OAAO;AAAA,EACjH;AAAA,EAEA,MAAM,sBAAsB,gBAA2D;AACrF,WAAO,KAAK;AAAA,MACV;AAAA,MACA,kDAAkD,mBAAmB,gBAAgB,gBAAgB,gBAAgB,CAAC,CAAC;AAAA,IACzH;AAAA,EACF;AAAA,EAEA,MAAM,yBACJ,gBACA,OACmC;AACnC,WAAO,KAAK;AAAA,MACV;AAAA,MACA,kDAAkD,mBAAmB,gBAAgB,gBAAgB,gBAAgB,CAAC,CAAC;AAAA,MACvH;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,2BACJ,SAC+C;AAC/C,WAAO,KAAK;AAAA,MACV;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,0BACJ,aACA,UAA4E,CAAC,GAC9B;AAC/C,WAAO,KAAK,2BAA2B,6BAA6B,aAAa,OAAO,CAAC;AAAA,EAC3F;AAAA,EAEA,MAAM,4BACJ,aACA,UAA4E,CAAC,GAC9B;AAC/C,WAAO,KAAK,2BAA2B,+BAA+B,aAAa,OAAO,CAAC;AAAA,EAC7F;AAAA,EAEA,MAAM,QAAW,QAAgB,MAAc,WAAiC;AAC9E,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,UAAU,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,UAAU;AACpE,QAAI;AACF,YAAM,UAAkC;AAAA,QACtC,UAAU;AAAA,QACV,iBAAiB,UAAU,KAAK,UAAU;AAAA,QAC1C,cAAc,KAAK;AAAA,MACrB;AACA,UAAI;AACJ,UAAI,cAAc,QAAW;AAC3B,gBAAQ,cAAc,IAAI;AAC1B,eAAO,KAAK,UAAU,SAAS;AAAA,MACjC;AACA,YAAM,WAAW,MAAM,KAAK,WAAW,GAAG,KAAK,QAAQ,GAAG,IAAI,IAAI;AAAA,QAChE;AAAA,QACA;AAAA,QACA;AAAA,QACA,QAAQ,WAAW;AAAA,MACrB,CAAC;AACD,YAAM,UAAU,MAAM,SAAS,KAAK;AACpC,YAAM,SAAS,UAAU,UAAU,OAAO,IAAI,CAAC;AAC/C,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,QAAQ,SAAS,MAAM,KAAK,SAAS,OAAO,KAAK,IAAI,OAAO,QAAQ,CAAC;AAC3E,cAAM,OAAO,aAAa,MAAM,IAAI,KAAK,aAAc,OAAmC,IAAI,KAAK,QAAQ,SAAS,MAAM;AAC1H,cAAM,UAAU,aAAa,MAAM,OAAO,KAAK,aAAc,OAAmC,OAAO,KAAK,SAAS;AACrH,cAAM,IAAI,gBAAgB,SAAS,EAAE,QAAQ,SAAS,QAAQ,MAAM,MAAM,OAAO,CAAC;AAAA,MACpF;AACA,UAAI,SAAS,MAAM,KAAK,UAAU,QAAQ;AACxC,eAAO,OAAO;AAAA,MAChB;AACA,aAAO;AAAA,IACT,UAAE;AACA,mBAAa,OAAO;AAAA,IACtB;AAAA,EACF;AACF;AAEA,eAAsB,oCACpB,OACwC;AACxC,QAAM,WAAW,kBAAkB,MAAM,QAAQ;AACjD,QAAM,eAAe,gBAAgB,MAAM,cAAc,cAAc;AACvE,QAAM,WAAW,kBAAkB,MAAM,QAAQ;AACjD,QAAM,QAAQ,MAAM,QAAQ,wBAAwB,MAAM,KAAK,IAAI,MAAM,YAAY;AACrF,QAAM,YAAY,MAAM,6CAA6C,MAAM,QAAQ;AAAA,IACjF;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACD,QAAM,YAAY,GAAG,uCAAuC,IAAI,KAAK,IAAI,SAAS;AAClF,SAAO;AAAA,IACL,QAAQ;AAAA,IACR;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,gBAAgB,MAAM,eAAe,SAAS;AAAA,EAChD;AACF;AAEA,eAAsB,6CACpB,QACA,OAMiB;AACjB,QAAM,mBAAmB,gBAAgB,QAAQ,QAAQ;AACzD,QAAM,WAAW,kBAAkB,MAAM,QAAQ;AACjD,QAAM,SAAS,gBAAgB,MAAM,cAAc,cAAc;AACjE,QAAM,WAAW,kBAAkB,MAAM,QAAQ;AACjD,QAAM,QAAQ,wBAAwB,MAAM,KAAK;AACjD,QAAM,WAAW,GAAG,QAAQ,IAAI,MAAM,IAAI,QAAQ,IAAI,KAAK;AAC3D,SAAO,cAAc,kBAAkB,IAAI,YAAY,EAAE,OAAO,QAAQ,CAAC;AAC3E;AAEO,SAAS,mCAAmC,WAAwD;AACzG,QAAM,QAAQ,gBAAgB,WAAW,WAAW,EAAE,MAAM,GAAG;AAC/D,MAAI,MAAM,WAAW,GAAG;AACtB,UAAM,IAAI,iCAAiC,kEAAkE;AAAA,EAC/G;AACA,QAAM,CAAC,QAAQ,OAAO,SAAS,IAAI;AACnC,MAAI,CAAC,UAAU,CAAC,SAAS,CAAC,WAAW;AACnC,UAAM,IAAI,iCAAiC,iDAAiD;AAAA,EAC9F;AACA,SAAO,EAAE,QAAQ,OAAO,UAAU;AACpC;AAEA,eAAsB,oCACpB,QACA,OAMkB;AAClB,QAAM,SAAS,mCAAmC,MAAM,SAAS;AACjE,MAAI,OAAO,WAAW,yCAAyC;AAC7D,WAAO;AAAA,EACT;AACA,QAAM,WAAW,MAAM,6CAA6C,QAAQ;AAAA,IAC1E,UAAU,MAAM;AAAA,IAChB,cAAc,MAAM;AAAA,IACpB,UAAU,MAAM;AAAA,IAChB,OAAO,OAAO;AAAA,EAChB,CAAC;AACD,SAAO,mBAAmB,UAAU,OAAO,SAAS;AACtD;AAEA,eAAsB,kCAAkC,WAAoC;AAC1F,SAAO,eAAe,gBAAgB,WAAW,WAAW,CAAC;AAC/D;AAEA,eAAsB,gCAAgC,OAKlC;AAClB,QAAM,WAAW,GAAG,kBAAkB,MAAM,QAAQ,CAAC,GAAG,gBAAgB,MAAM,cAAc,cAAc,CAAC,GAAG,kBAAkB,MAAM,QAAQ,CAAC,GAAG,gBAAgB,MAAM,WAAW,WAAW,CAAC;AAC/L,SAAO,eAAe,QAAQ;AAChC;AAEO,SAAS,6BACd,aACA,UAA4E,CAAC,GACtC;AACvC,SAAO,yCAAyC,aAAa,YAAY,qBAAqB;AAAA,IAC5F,cAAc;AAAA,IACd,gBAAgB,QAAQ;AAAA,IACxB,UAAU,QAAQ;AAAA,EACpB,CAAC;AACH;AAEO,SAAS,+BACd,aACA,UAA4E,CAAC,GACtC;AACvC,QAAM,iBAAiB,YAAY;AACnC,MAAI,CAAC,kBAAkB,OAAO,KAAK,cAAc,EAAE,WAAW,GAAG;AAC/D,UAAM,IAAI,iCAAiC,8EAA8E;AAAA,EAC3H;AACA,SAAO,yCAAyC,aAAa,gBAAgB;AAAA,IAC3E,cAAc;AAAA,IACd,gBAAgB,QAAQ;AAAA,IACxB,UAAU,QAAQ;AAAA,EACpB,CAAC;AACH;AAEO,SAAS,yCACd,aACA,qBACA,SAKuC;AACvC,QAAM,WAAW;AAAA,IACf,GAAI,SAAS,oBAAoB,cAAc,IAAI,oBAAoB,iBAAiB,CAAC;AAAA,IACzF,GAAI,QAAQ,YAAY,CAAC;AAAA,EAC3B;AACA,SAAO;AAAA,IACL;AAAA,IACA,cAAc,gBAAgB,QAAQ,cAAc,cAAc;AAAA,IAClE,gBAAgB;AAAA,IAChB,cAAc,YAAY;AAAA,IAC1B;AAAA,IACA,gBAAgB,QAAQ,QAAQ,cAAc;AAAA,EAChD;AACF;AAEA,eAAsB,wBACpB,gBACA,MACA,SACiB;AACjB,MAAI,CAAC,gBAAgB;AACnB,UAAM,IAAI,6BAA6B,6CAA6C;AAAA,EACtF;AACA,QAAM,YAAY,KAAK,MAAM,QAAQ,SAAS;AAC9C,QAAM,QAAQ,UAAU,IAAI;AAC5B,QAAM,SAAS,IAAI,YAAY,EAAE,OAAO,GAAG,SAAS,GAAG;AACvD,QAAM,UAAU,IAAI,WAAW,OAAO,SAAS,MAAM,MAAM;AAC3D,UAAQ,IAAI,QAAQ,CAAC;AACrB,UAAQ,IAAI,OAAO,OAAO,MAAM;AAChC,SAAO,cAAc,gBAAgB,OAAO;AAC9C;AAEA,eAAsB,4BACpB,gBACA,MACA,UAAkC,CAAC,GAClB;AACjB,QAAM,YAAY,KAAK,MAAM,QAAQ,aAAa,KAAK,IAAI,IAAI,GAAI;AACnE,QAAM,YAAY,MAAM,wBAAwB,gBAAgB,MAAM,EAAE,UAAU,CAAC;AACnF,SAAO,KAAK,SAAS,OAAO,SAAS;AACvC;AAEA,eAAsB,uBACpB,gBACA,MACA,kBACA,UAAwD,CAAC,GAClB;AACvC,QAAM,EAAE,WAAW,UAAU,IAAI,qBAAqB,gBAAgB;AACtE,QAAM,mBAAmB,KAAK,IAAI,GAAG,KAAK,MAAM,QAAQ,qBAAqB,iCAAiC,CAAC;AAC/G,QAAM,aAAa,KAAK,MAAM,QAAQ,OAAO,KAAK,IAAI,IAAI,GAAI;AAC9D,MAAI,KAAK,IAAI,aAAa,SAAS,IAAI,kBAAkB;AACvD,UAAM,IAAI,6BAA6B,4DAA4D;AAAA,EACrG;AACA,QAAM,WAAW,MAAM,wBAAwB,gBAAgB,MAAM,EAAE,UAAU,CAAC;AAClF,MAAI,CAAE,MAAM,mBAAmB,UAAU,SAAS,GAAI;AACpD,UAAM,IAAI,6BAA6B,kCAAkC;AAAA,EAC3E;AACA,SAAO,EAAE,WAAW,UAAU;AAChC;AAEO,SAAS,sCAAsC,SAAoD;AACxG,QAAM,QAAQ,cAAc,SAAS,eAAe;AACpD,QAAM,OAAO,cAAc,MAAM,MAAM,oBAAoB;AAC3D,QAAM,SAAS;AAAA,IACb,GAAG;AAAA,IACH,IAAI,gBAAgB,aAAa,MAAM,EAAE,KAAK,IAAI,kBAAkB;AAAA,IACpE,MAAM,gBAAgB,aAAa,MAAM,IAAI,KAAK,IAAI,oBAAoB;AAAA,IAC1E,aAAa,gBAAgB,aAAa,MAAM,WAAW,KAAK,IAAI,qBAAqB;AAAA,IACzF,aAAa,gBAAgB,aAAa,MAAM,WAAW,KAAK,IAAI,qBAAqB;AAAA,IACzF,MAAM,EAAE,GAAG,KAAK;AAAA,EAClB;AACA,MAAI,OAAO,SAAS,8BAA8B,OAAO,KAAK,SAAS,6BAA6B;AAClG,UAAM,IAAI,2BAA2B,uEAAuE;AAAA,EAC9G;AACA,SAAO;AACT;AAEA,eAAsB,kCACpB,gBACA,MACA,kBACA,UAAwD,CAAC,GACyC;AAClG,QAAM,eAAe,MAAM,uBAAuB,gBAAgB,MAAM,kBAAkB,OAAO;AACjG,QAAM,OAAO,IAAI,YAAY,EAAE,OAAO,UAAU,IAAI,CAAC;AACrD,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,IAAI;AAAA,EAC1B,SAAS,OAAO;AACd,UAAM,IAAI,2BAA2B,uCAAuC;AAAA,EAC9E;AACA,SAAO,EAAE,OAAO,sCAAsC,MAAM,GAAG,aAAa;AAC9E;AAEO,IAAM,6BAA6B;AACnC,IAAM,6BAA6B;AAE1C,SAAS,kBAAkB,OAAuB;AAChD,QAAM,WAAW,gBAAgB,OAAO,UAAU,EAAE,YAAY;AAChE,MAAI,CAAC,8BAA8B,KAAK,QAAQ,GAAG;AACjD,UAAM,IAAI,iCAAiC,sFAAsF;AAAA,EACnI;AACA,SAAO;AACT;AAEA,SAAS,kBAAkB,OAA6C;AACtE,QAAM,WAAW,gBAAgB,OAAO,UAAU,EAAE,YAAY;AAChE,MAAI,aAAa,SAAS,aAAa,OAAO;AAC5C,UAAM,IAAI,iCAAiC,8BAA8B;AAAA,EAC3E;AACA,SAAO;AACT;AAEA,SAAS,eAAe,OAA0C;AAChE,QAAM,QAAQ,gBAAgB,OAAO,cAAc,EAAE,YAAY;AACjE,MAAI,UAAU,UAAU,UAAU,QAAQ;AACxC,UAAM,IAAI,iCAAiC,oCAAoC;AAAA,EACjF;AACA,SAAO;AACT;AAEA,SAAS,gBAAgB,OAAe,MAAsB;AAC5D,QAAM,SAAS,OAAO,KAAK;AAC3B,MAAI,CAAC,OAAO,cAAc,MAAM,KAAK,UAAU,GAAG;AAChD,UAAM,IAAI,iCAAiC,GAAG,IAAI,mCAAmC;AAAA,EACvF;AACA,SAAO;AACT;AAEA,SAAS,gBAAgB,OAAe,MAAsB;AAC5D,QAAM,OAAO,OAAO,SAAS,EAAE,EAAE,KAAK;AACtC,MAAI,CAAC,MAAM;AACT,UAAM,IAAI,iCAAiC,GAAG,IAAI,eAAe;AAAA,EACnE;AACA,SAAO;AACT;AAEA,SAAS,wBAAwB,OAAuB;AACtD,QAAM,QAAQ,gBAAgB,OAAO,OAAO;AAC5C,MAAI,MAAM,SAAS,GAAG,GAAG;AACvB,UAAM,IAAI,iCAAiC,6BAA6B;AAAA,EAC1E;AACA,SAAO;AACT;AAEA,SAAS,gBAAgB,OAAgC,MAAuC;AAC9F,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,KAAK,UAAU,KAAK,CAAC;AAC/C,QAAI,CAAC,SAAS,MAAM,GAAG;AACrB,YAAM,IAAI,MAAM,eAAe;AAAA,IACjC;AACA,WAAO;AAAA,EACT,SAAS,OAAO;AACd,UAAM,IAAI,iCAAiC,GAAG,IAAI,sCAAsC;AAAA,EAC1F;AACF;AAEA,SAAS,UAAU,SAA0B;AAC3C,MAAI;AACF,WAAO,KAAK,MAAM,OAAO;AAAA,EAC3B,SAAS,OAAO;AACd,UAAM,IAAI,gBAAgB,sCAAsC;AAAA,MAC9D,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AACF;AAEA,SAAS,aAAa,OAA+B;AACnD,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO;AAAA,EACT;AACA,QAAM,OAAO,MAAM,KAAK;AACxB,SAAO,OAAO,OAAO;AACvB;AAEA,SAAS,SAAS,OAAkD;AAClE,SAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,KAAK;AAC5E;AAEA,SAAS,cAAc,OAAgB,MAAuC;AAC5E,MAAI,CAAC,SAAS,KAAK,GAAG;AACpB,UAAM,IAAI,2BAA2B,GAAG,IAAI,qBAAqB;AAAA,EACnE;AACA,SAAO;AACT;AAEA,SAAS,SAAS,MAAkC;AAClD,MAAI,OAAO,YAAY,aAAa;AAClC,WAAO;AAAA,EACT;AACA,QAAM,QAAQ,QAAQ,IAAI,IAAI;AAC9B,SAAO,SAAS,MAAM,KAAK,IAAI,MAAM,KAAK,IAAI;AAChD;AAEA,SAAS,UAAU,MAA+E;AAChG,MAAI,gBAAgB,YAAY;AAC9B,WAAO;AAAA,EACT;AACA,MAAI,gBAAgB,aAAa;AAC/B,WAAO,IAAI,WAAW,IAAI;AAAA,EAC5B;AACA,MAAI,OAAO,SAAS,UAAU;AAC5B,WAAO,IAAI,YAAY,EAAE,OAAO,IAAI;AAAA,EACtC;AACA,MAAI,SAAS,IAAI,GAAG;AAClB,WAAO,IAAI,YAAY,EAAE,OAAO,KAAK,UAAU,IAAI,CAAC;AAAA,EACtD;AACA,QAAM,IAAI,2BAA2B,6DAA6D;AACpG;AAEA,SAAS,qBAAqB,iBAAmE;AAC/F,MAAI,YAA2B;AAC/B,MAAI,YAA2B;AAC/B,aAAW,QAAQ,OAAO,mBAAmB,EAAE,EAAE,MAAM,GAAG,GAAG;AAC3D,UAAM,CAAC,KAAK,KAAK,IAAI,KAAK,KAAK,EAAE,MAAM,KAAK,CAAC;AAC7C,QAAI,QAAQ,KAAK;AACf,YAAM,SAAS,OAAO,SAAS,SAAS,IAAI,EAAE;AAC9C,UAAI,CAAC,OAAO,SAAS,MAAM,GAAG;AAC5B,cAAM,IAAI,6BAA6B,yCAAyC;AAAA,MAClF;AACA,kBAAY;AAAA,IACd;AACA,QAAI,QAAQ,MAAM;AAChB,kBAAY,OAAO,SAAS,EAAE,EAAE,KAAK;AAAA,IACvC;AAAA,EACF;AACA,MAAI,cAAc,QAAQ,CAAC,WAAW;AACpC,UAAM,IAAI,6BAA6B,yCAAyC;AAAA,EAClF;AACA,SAAO,EAAE,WAAW,UAAU;AAChC;AAEA,eAAe,cAA+B;AAC5C,MAAI,WAAW,QAAQ,YAAY;AACjC,WAAO,WAAW,OAAO,WAAW;AAAA,EACtC;AACA,QAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,MAAI,WAAW,QAAQ,iBAAiB;AACtC,eAAW,OAAO,gBAAgB,KAAK;AAAA,EACzC,WAAW,OAAO,YAAY,eAAe,QAAQ,UAAU,MAAM;AACnE,UAAM,SAAS,MAAM,OAAO,QAAa;AACzC,UAAM,IAAI,OAAO,YAAY,EAAE,CAAC;AAAA,EAClC,OAAO;AACL,UAAM,IAAI,iCAAiC,iEAAiE;AAAA,EAC9G;AACA,SAAO,WAAW,KAAK;AACzB;AAEA,eAAe,cAAc,QAAgB,SAAsC;AACjF,MAAI,WAAW,QAAQ,QAAQ;AAC7B,UAAM,gBAAgB,IAAI,WAAW,QAAQ,UAAU;AACvD,kBAAc,IAAI,OAAO;AACzB,UAAM,MAAM,MAAM,WAAW,OAAO,OAAO;AAAA,MACzC;AAAA,MACA,IAAI,YAAY,EAAE,OAAO,MAAM;AAAA,MAC/B,EAAE,MAAM,QAAQ,MAAM,UAAU;AAAA,MAChC;AAAA,MACA,CAAC,MAAM;AAAA,IACT;AACA,UAAM,SAAS,MAAM,WAAW,OAAO,OAAO,KAAK,QAAQ,KAAK,aAAa;AAC7E,WAAO,WAAW,IAAI,WAAW,MAAM,CAAC;AAAA,EAC1C;AACA,MAAI,OAAO,YAAY,eAAe,QAAQ,UAAU,MAAM;AAC5D,UAAM,SAAS,MAAM,OAAO,QAAa;AACzC,WAAO,OAAO,WAAW,UAAU,MAAM,EAAE,OAAO,OAAO,KAAK,OAAO,CAAC,EAAE,OAAO,KAAK;AAAA,EACtF;AACA,QAAM,IAAI,iCAAiC,yDAAyD;AACtG;AAEA,eAAe,eAAe,UAAmC;AAC/D,QAAM,QAAQ,IAAI,YAAY,EAAE,OAAO,QAAQ;AAC/C,MAAI,WAAW,QAAQ,QAAQ;AAC7B,UAAM,SAAS,MAAM,WAAW,OAAO,OAAO,OAAO,WAAW,KAAK;AACrE,WAAO,UAAU,WAAW,IAAI,WAAW,MAAM,CAAC,CAAC;AAAA,EACrD;AACA,MAAI,OAAO,YAAY,eAAe,QAAQ,UAAU,MAAM;AAC5D,UAAM,SAAS,MAAM,OAAO,QAAa;AACzC,WAAO,UAAU,OAAO,WAAW,QAAQ,EAAE,OAAO,OAAO,KAAK,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;AAAA,EACvF;AACA,QAAM,IAAI,iCAAiC,qDAAqD;AAClG;AAEA,SAAS,WAAW,OAA2B;AAC7C,SAAO,CAAC,GAAG,KAAK,EAAE,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AAC7E;AAEA,SAAS,WAAW,KAAyB;AAC3C,QAAM,aAAa,OAAO,OAAO,EAAE,EAAE,KAAK,EAAE,YAAY;AACxD,MAAI,WAAW,SAAS,MAAM,KAAK,CAAC,cAAc,KAAK,UAAU,GAAG;AAClE,UAAM,IAAI,6BAA6B,wBAAwB;AAAA,EACjE;AACA,QAAM,QAAQ,IAAI,WAAW,WAAW,SAAS,CAAC;AAClD,WAAS,QAAQ,GAAG,QAAQ,WAAW,QAAQ,SAAS,GAAG;AACzD,UAAM,QAAQ,CAAC,IAAI,OAAO,SAAS,WAAW,MAAM,OAAO,QAAQ,CAAC,GAAG,EAAE;AAAA,EAC3E;AACA,SAAO;AACT;AAEA,eAAe,mBAAmB,MAAc,OAAiC;AAC/E,QAAM,YAAY,WAAW,IAAI;AACjC,QAAM,aAAa,WAAW,KAAK;AACnC,MAAI,UAAU,WAAW,WAAW,QAAQ;AAC1C,WAAO;AAAA,EACT;AACA,MAAI,OAAO;AACX,WAAS,QAAQ,GAAG,QAAQ,UAAU,QAAQ,SAAS,GAAG;AACxD,YAAQ,UAAU,KAAK,IAAK,WAAW,KAAK;AAAA,EAC9C;AACA,SAAO,SAAS;AAClB;","names":[]}
1
+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["export const DEFAULT_SIGLUME_API_BASE = \"https://siglume.com/v1\";\r\nexport const DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME = \"siglume-external-402-v1\";\r\n// Recurring (subscription / scheduled autopay) approval uses a DISTINCT scheme\r\n// with cadence bound into the HMAC, so a one-time checkout challenge can never\r\n// be replayed as a recurring authorization and vice versa.\r\nexport const DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME = \"siglume-external-402-recurring-v1\";\r\nexport const DIRECT_REQUEST_PAYMENT_MODE = \"external_402\";\r\nexport const DIRECT_REQUEST_PAYMENT_RECEIPT_KIND = \"api_store_direct_payment\";\r\nexport const DIRECT_REQUEST_PAYMENT_ALLOWANCE_RECEIPT_KIND = \"api_store_direct_payment_allowance\";\r\nexport const DIRECT_REQUEST_PAYMENT_REFERENCE_TYPE = \"api_store_direct_payment_requirement\";\r\nexport const DEFAULT_WEBHOOK_TOLERANCE_SECONDS = 300;\r\n\r\nexport type DirectRequestPaymentCurrency = \"JPY\" | \"USD\";\r\nexport type DirectRequestPaymentToken = \"JPYC\" | \"USDC\";\r\n\r\nexport interface DirectRequestPaymentChallengeInput {\r\n merchant: string;\r\n amount_minor: number;\r\n currency: DirectRequestPaymentCurrency | string;\r\n secret: string;\r\n nonce?: string;\r\n}\r\n\r\nexport interface DirectRequestPaymentChallenge {\r\n scheme: typeof DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME;\r\n merchant: string;\r\n amount_minor: number;\r\n currency: DirectRequestPaymentCurrency;\r\n nonce: string;\r\n signature: string;\r\n challenge: string;\r\n challenge_hash: string;\r\n}\r\n\r\nexport interface ParsedDirectRequestPaymentChallenge {\r\n scheme: string;\r\n nonce: string;\r\n signature: string;\r\n}\r\n\r\n/** \"monthly\" authorizes a Siglume-swept subscription; \"daily\" authorizes a\r\n * scheduled autopay (at most one charge per day, merchant-triggered). */\r\nexport type DirectRequestPaymentRecurringCadence = \"monthly\" | \"daily\";\r\n\r\nexport interface DirectRequestPaymentRecurringChallengeInput {\r\n merchant: string;\r\n amount_minor: number;\r\n currency: DirectRequestPaymentCurrency | string;\r\n cadence: DirectRequestPaymentRecurringCadence | string;\r\n secret: string;\r\n nonce?: string;\r\n}\r\n\r\nexport interface DirectRequestPaymentRecurringChallenge {\r\n scheme: typeof DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME;\r\n merchant: string;\r\n amount_minor: number;\r\n currency: DirectRequestPaymentCurrency;\r\n cadence: DirectRequestPaymentRecurringCadence;\r\n nonce: string;\r\n signature: string;\r\n challenge: string;\r\n challenge_hash: string;\r\n}\r\n\r\nexport interface Web3TransactionRequest {\r\n network?: string;\r\n chain_id?: number;\r\n from?: string;\r\n to?: string;\r\n data?: string;\r\n value?: string | number;\r\n metadata_jsonb?: Record<string, unknown>;\r\n [key: string]: unknown;\r\n}\r\n\r\nexport interface DirectPaymentRequirement {\r\n direct_payment_requirement_id: string;\r\n requirement_id: string;\r\n id: string;\r\n mode: string;\r\n merchant?: string | null;\r\n challenge_hash?: string | null;\r\n buyer_user_id: string;\r\n agent_id?: string | null;\r\n product_listing_id: string;\r\n listing_id: string;\r\n access_grant_id?: string | null;\r\n capability_key: string;\r\n requirement_hash: string;\r\n request_hash: string;\r\n siglume_signature: string;\r\n token_symbol: string;\r\n currency: string;\r\n amount_minor: number;\r\n fee_bps: number;\r\n status: string;\r\n expires_at?: string | null;\r\n confirmed_at?: string | null;\r\n spent_at?: string | null;\r\n chain_receipt_id?: string | null;\r\n transaction_request: Web3TransactionRequest;\r\n approve_transaction_request?: Web3TransactionRequest | null;\r\n buyer_confirmation?: string | null;\r\n non_custodial: boolean;\r\n metadata_jsonb?: Record<string, unknown>;\r\n created_at?: string | null;\r\n updated_at?: string | null;\r\n}\r\n\r\nexport interface DirectPaymentRequirementCreateInput {\r\n merchant: string;\r\n amount_minor: number;\r\n currency: DirectRequestPaymentCurrency | string;\r\n challenge: string;\r\n token_symbol?: DirectRequestPaymentToken | string;\r\n allowance_amount_minor?: number;\r\n metadata?: Record<string, unknown>;\r\n}\r\n\r\nexport interface DirectPaymentVerifyInput {\r\n receipt_id?: string | null;\r\n chain_receipt_id?: string | null;\r\n await_finality?: boolean;\r\n await_required_status?: string | null;\r\n await_timeout_seconds?: number;\r\n await_poll_seconds?: number;\r\n}\r\n\r\nexport interface Web3PreparedTransactionExecutePayload {\r\n transaction_request: Web3TransactionRequest;\r\n receipt_kind: string;\r\n reference_type: typeof DIRECT_REQUEST_PAYMENT_REFERENCE_TYPE;\r\n reference_id: string;\r\n metadata?: Record<string, unknown>;\r\n await_finality?: boolean;\r\n}\r\n\r\nexport interface Web3PreparedTransactionExecuteResult {\r\n receipt?: Record<string, unknown>;\r\n finalization?: Record<string, unknown>;\r\n [key: string]: unknown;\r\n}\r\n\r\nexport interface DirectRequestPaymentClientOptions {\r\n auth_token?: string;\r\n base_url?: string;\r\n fetch?: typeof fetch;\r\n timeout_ms?: number;\r\n user_agent?: string;\r\n}\r\n\r\nexport type DirectRequestPaymentBillingPlan = \"launch\" | \"free\" | \"starter\" | \"growth\" | \"pro\";\r\n\r\nexport interface DirectRequestPaymentMerchantAccount {\r\n merchant_account_id: string;\r\n merchant: string;\r\n merchant_user_id: string;\r\n user_wallet_id?: string | null;\r\n billing_mandate_id?: string | null;\r\n display_name?: string | null;\r\n status?: string | null;\r\n billing_status?: string | null;\r\n billing_plan?: string | null;\r\n billing_currency?: string | null;\r\n token_symbol?: string | null;\r\n monthly_fee_minor?: number | null;\r\n settlement_fee_bps?: number | null;\r\n settlement_fee_min_minor?: number | null;\r\n included_monthly_payments?: number | null;\r\n metadata_jsonb?: Record<string, unknown>;\r\n [key: string]: unknown;\r\n}\r\n\r\nexport interface DirectRequestPaymentMerchantSetupInput {\r\n merchant: string;\r\n display_name?: string;\r\n billing_plan?: DirectRequestPaymentBillingPlan | string;\r\n billing_currency?: DirectRequestPaymentCurrency | string;\r\n allowed_currencies?: Record<string, string> | Array<DirectRequestPaymentCurrency | string>;\r\n webhook_callback_url?: string;\r\n billing_mandate_cap_minor?: number;\r\n max_amount_minor?: number;\r\n}\r\n\r\nexport interface DirectRequestPaymentMerchantBillingMandateInput {\r\n currency?: DirectRequestPaymentCurrency | string;\r\n billing_currency?: DirectRequestPaymentCurrency | string;\r\n max_amount_minor?: number;\r\n}\r\n\r\nexport interface DirectRequestPaymentMerchantResponse {\r\n merchant_account: DirectRequestPaymentMerchantAccount;\r\n challenge_secret?: string | null;\r\n challenge_secret_created?: boolean;\r\n created?: boolean | null;\r\n listing_id?: string | null;\r\n mandate?: Record<string, unknown> | null;\r\n next_steps?: Record<string, unknown>;\r\n}\r\n\r\nexport interface DirectRequestPaymentWebhookSubscriptionInput {\r\n callback_url: string;\r\n description?: string;\r\n event_types?: string[];\r\n metadata?: Record<string, unknown>;\r\n}\r\n\r\nexport interface DirectRequestPaymentWebhookSubscription {\r\n webhook_subscription_id?: string;\r\n subscription_id?: string;\r\n id?: string;\r\n callback_url?: string;\r\n signing_secret?: string;\r\n status?: string;\r\n event_types?: string[];\r\n [key: string]: unknown;\r\n}\r\n\r\nexport interface DirectRequestPaymentCheckoutSetupInput extends DirectRequestPaymentMerchantSetupInput {\r\n create_webhook_subscription?: boolean;\r\n prepare_billing_mandate?: boolean;\r\n webhook_event_types?: string[];\r\n webhook_description?: string;\r\n}\r\n\r\nexport interface DirectRequestPaymentCheckoutSetupResult {\r\n merchant: DirectRequestPaymentMerchantResponse;\r\n billing_mandate?: DirectRequestPaymentMerchantResponse | null;\r\n webhook_subscription?: DirectRequestPaymentWebhookSubscription | null;\r\n env: Record<string, string>;\r\n}\r\n\r\nexport interface SiglumeEnvelopeMeta {\r\n request_id?: string | null;\r\n trace_id?: string | null;\r\n [key: string]: unknown;\r\n}\r\n\r\nexport interface WebhookSignatureVerification {\r\n timestamp: number;\r\n signature: string;\r\n}\r\n\r\nexport interface DirectRequestPaymentWebhookEvent {\r\n id: string;\r\n type: \"direct_payment.confirmed\" | string;\r\n api_version: string;\r\n occurred_at: string;\r\n data: {\r\n mode?: string;\r\n merchant?: string;\r\n direct_payment_requirement_id?: string;\r\n requirement_id?: string;\r\n challenge_hash?: string;\r\n amount_minor?: number;\r\n currency?: string;\r\n token_symbol?: string;\r\n status?: string;\r\n [key: string]: unknown;\r\n };\r\n [key: string]: unknown;\r\n}\r\n\r\nexport class SiglumeDirectRequestPaymentError extends Error {\r\n constructor(message: string) {\r\n super(message);\r\n this.name = \"SiglumeDirectRequestPaymentError\";\r\n }\r\n}\r\n\r\nexport class SiglumeApiError extends SiglumeDirectRequestPaymentError {\r\n readonly status: number;\r\n readonly code: string;\r\n readonly data: unknown;\r\n\r\n constructor(message: string, options: { status: number; code?: string; data?: unknown }) {\r\n super(message);\r\n this.name = \"SiglumeApiError\";\r\n this.status = options.status;\r\n this.code = options.code ?? \"SIGLUME_API_ERROR\";\r\n this.data = options.data;\r\n }\r\n}\r\n\r\nexport class SiglumeWebhookSignatureError extends SiglumeDirectRequestPaymentError {\r\n constructor(message: string) {\r\n super(message);\r\n this.name = \"SiglumeWebhookSignatureError\";\r\n }\r\n}\r\n\r\nexport class SiglumeWebhookPayloadError extends SiglumeDirectRequestPaymentError {\r\n constructor(message: string) {\r\n super(message);\r\n this.name = \"SiglumeWebhookPayloadError\";\r\n }\r\n}\r\n\r\nexport class DirectRequestPaymentClient {\r\n readonly auth_token: string;\r\n readonly base_url: string;\r\n readonly timeout_ms: number;\r\n readonly user_agent: string;\r\n private readonly fetch_impl: typeof fetch;\r\n\r\n constructor(options: DirectRequestPaymentClientOptions = {}) {\r\n const authToken = options.auth_token ?? envValue(\"SIGLUME_AUTH_TOKEN\");\r\n if (!authToken) {\r\n throw new SiglumeDirectRequestPaymentError(\r\n \"A buyer Siglume bearer token is required for Direct Request Payment API calls. Developer Portal API keys are not accepted.\",\r\n );\r\n }\r\n const fetchImpl = options.fetch ?? globalThis.fetch;\r\n if (!fetchImpl) {\r\n throw new SiglumeDirectRequestPaymentError(\"A fetch implementation is required in this runtime.\");\r\n }\r\n this.auth_token = authToken;\r\n this.base_url = (options.base_url ?? envValue(\"SIGLUME_API_BASE\") ?? DEFAULT_SIGLUME_API_BASE).replace(/\\/+$/, \"\");\r\n this.timeout_ms = Math.max(1, Math.trunc(options.timeout_ms ?? 15000));\r\n this.user_agent = options.user_agent ?? \"@siglume/direct-request-payment/0.3.0\";\r\n this.fetch_impl = fetchImpl;\r\n }\r\n\r\n async createPaymentRequirement(input: DirectPaymentRequirementCreateInput): Promise<DirectPaymentRequirement> {\r\n const payload: Record<string, unknown> = {\r\n mode: DIRECT_REQUEST_PAYMENT_MODE,\r\n merchant: normalizeMerchant(input.merchant),\r\n amount_minor: positiveInteger(input.amount_minor, \"amount_minor\"),\r\n currency: normalizeCurrency(input.currency),\r\n challenge: requireNonEmpty(input.challenge, \"challenge\"),\r\n };\r\n if (input.token_symbol !== undefined) {\r\n payload.token_symbol = normalizeToken(input.token_symbol);\r\n }\r\n if (input.allowance_amount_minor !== undefined) {\r\n payload.allowance_amount_minor = positiveInteger(input.allowance_amount_minor, \"allowance_amount_minor\");\r\n }\r\n if (input.metadata !== undefined) {\r\n payload.metadata = cloneJsonObject(input.metadata, \"metadata\");\r\n }\r\n return this.request<DirectPaymentRequirement>(\"POST\", \"/market/api-store/direct-payments/requirements\", payload);\r\n }\r\n\r\n async getPaymentRequirement(requirement_id: string): Promise<DirectPaymentRequirement> {\r\n return this.request<DirectPaymentRequirement>(\r\n \"GET\",\r\n `/market/api-store/direct-payments/requirements/${encodeURIComponent(requireNonEmpty(requirement_id, \"requirement_id\"))}`,\r\n );\r\n }\r\n\r\n async verifyPaymentRequirement(\r\n requirement_id: string,\r\n input: DirectPaymentVerifyInput,\r\n ): Promise<DirectPaymentRequirement> {\r\n return this.request<DirectPaymentRequirement>(\r\n \"POST\",\r\n `/market/api-store/direct-payments/requirements/${encodeURIComponent(requireNonEmpty(requirement_id, \"requirement_id\"))}/verify`,\r\n input,\r\n );\r\n }\r\n\r\n async executePreparedTransaction(\r\n payload: Web3PreparedTransactionExecutePayload,\r\n ): Promise<Web3PreparedTransactionExecuteResult> {\r\n return this.request<Web3PreparedTransactionExecuteResult>(\r\n \"POST\",\r\n \"/market/web3/transactions/execute-prepared\",\r\n payload,\r\n );\r\n }\r\n\r\n async executePaymentTransaction(\r\n requirement: DirectPaymentRequirement,\r\n options: { await_finality?: boolean; metadata?: Record<string, unknown> } = {},\r\n ): Promise<Web3PreparedTransactionExecuteResult> {\r\n return this.executePreparedTransaction(buildPaymentExecutionPayload(requirement, options));\r\n }\r\n\r\n async executeAllowanceTransaction(\r\n requirement: DirectPaymentRequirement,\r\n options: { await_finality?: boolean; metadata?: Record<string, unknown> } = {},\r\n ): Promise<Web3PreparedTransactionExecuteResult> {\r\n return this.executePreparedTransaction(buildAllowanceExecutionPayload(requirement, options));\r\n }\r\n\r\n async request<T>(method: string, path: string, json_body?: unknown): Promise<T> {\r\n const controller = new AbortController();\r\n const timeout = setTimeout(() => controller.abort(), this.timeout_ms);\r\n try {\r\n const headers: Record<string, string> = {\r\n \"Accept\": \"application/json\",\r\n \"Authorization\": `Bearer ${this.auth_token}`,\r\n \"User-Agent\": this.user_agent,\r\n };\r\n let body: string | undefined;\r\n if (json_body !== undefined) {\r\n headers[\"Content-Type\"] = \"application/json\";\r\n body = JSON.stringify(json_body);\r\n }\r\n const response = await this.fetch_impl(`${this.base_url}${path}`, {\r\n method,\r\n headers,\r\n body,\r\n signal: controller.signal,\r\n });\r\n const rawText = await response.text();\r\n const parsed = rawText ? parseJson(rawText) : {};\r\n if (!response.ok) {\r\n const error = isRecord(parsed) && isRecord(parsed.error) ? parsed.error : {};\r\n const code = stringOrNull(error.code) ?? stringOrNull((parsed as Record<string, unknown>).code) ?? `HTTP_${response.status}`;\r\n const message = stringOrNull(error.message) ?? stringOrNull((parsed as Record<string, unknown>).message) ?? response.statusText;\r\n throw new SiglumeApiError(message, { status: response.status, code, data: parsed });\r\n }\r\n if (isRecord(parsed) && \"data\" in parsed) {\r\n return parsed.data as T;\r\n }\r\n return parsed as T;\r\n } finally {\r\n clearTimeout(timeout);\r\n }\r\n }\r\n}\r\n\r\nexport class DirectRequestPaymentMerchantClient {\r\n readonly auth_token: string;\r\n readonly base_url: string;\r\n readonly timeout_ms: number;\r\n readonly user_agent: string;\r\n private readonly fetch_impl: typeof fetch;\r\n\r\n constructor(options: DirectRequestPaymentClientOptions = {}) {\r\n const authToken = options.auth_token ?? envValue(\"SIGLUME_MERCHANT_AUTH_TOKEN\") ?? envValue(\"SIGLUME_AUTH_TOKEN\");\r\n if (!authToken) {\r\n throw new SiglumeDirectRequestPaymentError(\r\n \"A merchant Siglume bearer token is required for Direct Request Payment merchant setup. Developer Portal API keys are not accepted.\",\r\n );\r\n }\r\n const fetchImpl = options.fetch ?? globalThis.fetch;\r\n if (!fetchImpl) {\r\n throw new SiglumeDirectRequestPaymentError(\"A fetch implementation is required in this runtime.\");\r\n }\r\n this.auth_token = authToken;\r\n this.base_url = (options.base_url ?? envValue(\"SIGLUME_API_BASE\") ?? DEFAULT_SIGLUME_API_BASE).replace(/\\/+$/, \"\");\r\n this.timeout_ms = Math.max(1, Math.trunc(options.timeout_ms ?? 15000));\r\n this.user_agent = options.user_agent ?? \"@siglume/direct-request-payment/0.3.0\";\r\n this.fetch_impl = fetchImpl;\r\n }\r\n\r\n async setupMerchant(input: DirectRequestPaymentMerchantSetupInput): Promise<DirectRequestPaymentMerchantResponse> {\r\n const payload: Record<string, unknown> = {\r\n merchant: normalizeSelfServiceMerchant(input.merchant),\r\n billing_plan: normalizeBillingPlan(input.billing_plan ?? \"launch\"),\r\n billing_currency: normalizeCurrency(input.billing_currency ?? \"JPY\"),\r\n };\r\n if (input.display_name !== undefined) {\r\n payload.display_name = requireNonEmpty(input.display_name, \"display_name\");\r\n }\r\n if (input.allowed_currencies !== undefined) {\r\n payload.allowed_currencies = normalizeAllowedCurrencies(input.allowed_currencies);\r\n }\r\n if (input.webhook_callback_url !== undefined) {\r\n payload.webhook_callback_url = requireNonEmpty(input.webhook_callback_url, \"webhook_callback_url\");\r\n }\r\n if (input.billing_mandate_cap_minor !== undefined) {\r\n payload.billing_mandate_cap_minor = positiveInteger(input.billing_mandate_cap_minor, \"billing_mandate_cap_minor\");\r\n }\r\n if (input.max_amount_minor !== undefined) {\r\n payload.max_amount_minor = positiveInteger(input.max_amount_minor, \"max_amount_minor\");\r\n }\r\n return this.request<DirectRequestPaymentMerchantResponse>(\"POST\", \"/market/api-store/direct-payments/merchants\", payload);\r\n }\r\n\r\n async getMerchant(merchant: string): Promise<DirectRequestPaymentMerchantResponse> {\r\n return this.request<DirectRequestPaymentMerchantResponse>(\r\n \"GET\",\r\n `/market/api-store/direct-payments/merchants/${encodeURIComponent(normalizeSelfServiceMerchant(merchant))}`,\r\n );\r\n }\r\n\r\n async rotateChallengeSecret(merchant: string): Promise<DirectRequestPaymentMerchantResponse> {\r\n return this.request<DirectRequestPaymentMerchantResponse>(\r\n \"POST\",\r\n `/market/api-store/direct-payments/merchants/${encodeURIComponent(normalizeSelfServiceMerchant(merchant))}/challenge-secret/rotate`,\r\n );\r\n }\r\n\r\n async prepareBillingMandate(\r\n merchant: string,\r\n input: DirectRequestPaymentMerchantBillingMandateInput = {},\r\n ): Promise<DirectRequestPaymentMerchantResponse> {\r\n const payload: Record<string, unknown> = {};\r\n if (input.currency !== undefined) {\r\n payload.currency = normalizeCurrency(input.currency);\r\n }\r\n if (input.billing_currency !== undefined) {\r\n payload.billing_currency = normalizeCurrency(input.billing_currency);\r\n }\r\n if (input.max_amount_minor !== undefined) {\r\n payload.max_amount_minor = positiveInteger(input.max_amount_minor, \"max_amount_minor\");\r\n }\r\n return this.request<DirectRequestPaymentMerchantResponse>(\r\n \"POST\",\r\n `/market/api-store/direct-payments/merchants/${encodeURIComponent(normalizeSelfServiceMerchant(merchant))}/billing-mandate`,\r\n payload,\r\n );\r\n }\r\n\r\n async createWebhookSubscription(\r\n input: DirectRequestPaymentWebhookSubscriptionInput,\r\n ): Promise<DirectRequestPaymentWebhookSubscription> {\r\n const payload: Record<string, unknown> = {\r\n callback_url: requireNonEmpty(input.callback_url, \"callback_url\"),\r\n event_types: input.event_types?.length\r\n ? input.event_types.map((eventType) => requireNonEmpty(eventType, \"event_type\"))\r\n : [\"direct_payment.confirmed\", \"direct_payment.spent\"],\r\n };\r\n if (input.description !== undefined) {\r\n payload.description = requireNonEmpty(input.description, \"description\");\r\n }\r\n if (input.metadata !== undefined) {\r\n payload.metadata = cloneJsonObject(input.metadata, \"metadata\");\r\n }\r\n return this.request<DirectRequestPaymentWebhookSubscription>(\"POST\", \"/market/webhooks/subscriptions\", payload);\r\n }\r\n\r\n async setupCheckout(input: DirectRequestPaymentCheckoutSetupInput): Promise<DirectRequestPaymentCheckoutSetupResult> {\r\n const merchant = await this.setupMerchant(input);\r\n const merchantKey = merchant.merchant_account.merchant;\r\n const billing_mandate = input.prepare_billing_mandate === false\r\n ? null\r\n : await this.prepareBillingMandate(merchantKey, {\r\n billing_currency: merchant.merchant_account.billing_currency ?? input.billing_currency ?? \"JPY\",\r\n max_amount_minor: input.max_amount_minor ?? input.billing_mandate_cap_minor,\r\n });\r\n const shouldCreateWebhook = input.create_webhook_subscription ?? Boolean(input.webhook_callback_url);\r\n const webhook_subscription = shouldCreateWebhook && input.webhook_callback_url\r\n ? await this.createWebhookSubscription({\r\n callback_url: input.webhook_callback_url,\r\n description: input.webhook_description ?? `${merchantKey} Direct Request Payment`,\r\n event_types: input.webhook_event_types,\r\n metadata: { merchant: merchantKey, sdk: \"@siglume/direct-request-payment\" },\r\n })\r\n : null;\r\n const env: Record<string, string> = {\r\n SIGLUME_DIRECT_PAYMENT_MERCHANT: merchantKey,\r\n };\r\n if (merchant.challenge_secret) {\r\n env.SIGLUME_DIRECT_PAYMENT_CHALLENGE_SECRET = merchant.challenge_secret;\r\n }\r\n const webhookSecret = stringOrNull(webhook_subscription?.signing_secret);\r\n if (webhookSecret) {\r\n env.SIGLUME_WEBHOOK_SECRET = webhookSecret;\r\n }\r\n return { merchant, billing_mandate, webhook_subscription, env };\r\n }\r\n\r\n async request<T>(method: string, path: string, json_body?: unknown): Promise<T> {\r\n const controller = new AbortController();\r\n const timeout = setTimeout(() => controller.abort(), this.timeout_ms);\r\n try {\r\n const headers: Record<string, string> = {\r\n \"Accept\": \"application/json\",\r\n \"Authorization\": `Bearer ${this.auth_token}`,\r\n \"User-Agent\": this.user_agent,\r\n };\r\n let body: string | undefined;\r\n if (json_body !== undefined) {\r\n headers[\"Content-Type\"] = \"application/json\";\r\n body = JSON.stringify(json_body);\r\n }\r\n const response = await this.fetch_impl(`${this.base_url}${path}`, {\r\n method,\r\n headers,\r\n body,\r\n signal: controller.signal,\r\n });\r\n const rawText = await response.text();\r\n const parsed = rawText ? parseJson(rawText) : {};\r\n if (!response.ok) {\r\n const error = isRecord(parsed) && isRecord(parsed.error) ? parsed.error : {};\r\n const code = stringOrNull(error.code) ?? stringOrNull((parsed as Record<string, unknown>).code) ?? `HTTP_${response.status}`;\r\n const message = stringOrNull(error.message) ?? stringOrNull((parsed as Record<string, unknown>).message) ?? response.statusText;\r\n throw new SiglumeApiError(message, { status: response.status, code, data: parsed });\r\n }\r\n if (isRecord(parsed) && \"data\" in parsed) {\r\n return parsed.data as T;\r\n }\r\n return parsed as T;\r\n } finally {\r\n clearTimeout(timeout);\r\n }\r\n }\r\n}\r\n\r\nexport async function createDirectRequestPaymentChallenge(\r\n input: DirectRequestPaymentChallengeInput,\r\n): Promise<DirectRequestPaymentChallenge> {\r\n const merchant = normalizeMerchant(input.merchant);\r\n const amount_minor = positiveInteger(input.amount_minor, \"amount_minor\");\r\n const currency = normalizeCurrency(input.currency);\r\n const nonce = input.nonce ? normalizeChallengeNonce(input.nonce) : await randomNonce();\r\n const signature = await createDirectRequestPaymentChallengeSignature(input.secret, {\r\n merchant,\r\n amount_minor,\r\n currency,\r\n nonce,\r\n });\r\n const challenge = `${DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME}:${nonce}:${signature}`;\r\n return {\r\n scheme: DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME,\r\n merchant,\r\n amount_minor,\r\n currency,\r\n nonce,\r\n signature,\r\n challenge,\r\n challenge_hash: await sha256Prefixed(challenge),\r\n };\r\n}\r\n\r\nexport async function createDirectRequestPaymentChallengeSignature(\r\n secret: string,\r\n input: {\r\n merchant: string;\r\n amount_minor: number;\r\n currency: DirectRequestPaymentCurrency | string;\r\n nonce: string;\r\n },\r\n): Promise<string> {\r\n const normalizedSecret = requireNonEmpty(secret, \"secret\");\r\n const merchant = normalizeMerchant(input.merchant);\r\n const amount = positiveInteger(input.amount_minor, \"amount_minor\");\r\n const currency = normalizeCurrency(input.currency);\r\n const nonce = normalizeChallengeNonce(input.nonce);\r\n const material = `${merchant}:${amount}:${currency}:${nonce}`;\r\n return hmacSha256Hex(normalizedSecret, new TextEncoder().encode(material));\r\n}\r\n\r\nexport function parseDirectRequestPaymentChallenge(challenge: string): ParsedDirectRequestPaymentChallenge {\r\n const parts = requireNonEmpty(challenge, \"challenge\").split(\":\");\r\n if (parts.length !== 3) {\r\n throw new SiglumeDirectRequestPaymentError(\"Direct Request Payment challenge must be scheme:nonce:signature.\");\r\n }\r\n const [scheme, nonce, signature] = parts;\r\n if (!scheme || !nonce || !signature) {\r\n throw new SiglumeDirectRequestPaymentError(\"Direct Request Payment challenge is incomplete.\");\r\n }\r\n return { scheme, nonce, signature };\r\n}\r\n\r\n/** Merchant-side, ONE-TIME approval of a recurring authorization: amount +\r\n * currency + cadence are bound into the HMAC. Recurring charges afterwards\r\n * are deliberately challenge-free — the on-chain mandate cap/cadence and the\r\n * amount frozen on the Siglume authorization are the per-charge integrity\r\n * checks. Cadence \"monthly\" = subscription, \"daily\" = scheduled autopay. */\r\nexport async function createDirectRequestPaymentRecurringChallenge(\r\n input: DirectRequestPaymentRecurringChallengeInput,\r\n): Promise<DirectRequestPaymentRecurringChallenge> {\r\n const merchant = normalizeMerchant(input.merchant);\r\n const amount_minor = positiveInteger(input.amount_minor, \"amount_minor\");\r\n const currency = normalizeCurrency(input.currency);\r\n const cadence = normalizeRecurringCadence(input.cadence);\r\n const nonce = input.nonce ? normalizeChallengeNonce(input.nonce) : await randomNonce();\r\n const signature = await createDirectRequestPaymentRecurringChallengeSignature(input.secret, {\r\n merchant,\r\n amount_minor,\r\n currency,\r\n cadence,\r\n nonce,\r\n });\r\n const challenge = `${DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME}:${nonce}:${signature}`;\r\n return {\r\n scheme: DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME,\r\n merchant,\r\n amount_minor,\r\n currency,\r\n cadence,\r\n nonce,\r\n signature,\r\n challenge,\r\n challenge_hash: await sha256Prefixed(challenge),\r\n };\r\n}\r\n\r\nexport async function createDirectRequestPaymentRecurringChallengeSignature(\r\n secret: string,\r\n input: {\r\n merchant: string;\r\n amount_minor: number;\r\n currency: DirectRequestPaymentCurrency | string;\r\n cadence: DirectRequestPaymentRecurringCadence | string;\r\n nonce: string;\r\n },\r\n): Promise<string> {\r\n const normalizedSecret = requireNonEmpty(secret, \"secret\");\r\n const merchant = normalizeMerchant(input.merchant);\r\n const amount = positiveInteger(input.amount_minor, \"amount_minor\");\r\n const currency = normalizeCurrency(input.currency);\r\n const cadence = normalizeRecurringCadence(input.cadence);\r\n const nonce = normalizeChallengeNonce(input.nonce);\r\n // MUST stay byte-identical to the server's\r\n // _external_402_recurring_challenge_signature — both sides change together.\r\n const material = `${merchant}:${amount}:${currency}:${cadence}:${nonce}`;\r\n return hmacSha256Hex(normalizedSecret, new TextEncoder().encode(material));\r\n}\r\n\r\nexport async function verifyDirectRequestPaymentRecurringChallenge(\r\n secret: string,\r\n input: {\r\n merchant: string;\r\n amount_minor: number;\r\n currency: DirectRequestPaymentCurrency | string;\r\n cadence: DirectRequestPaymentRecurringCadence | string;\r\n challenge: string;\r\n },\r\n): Promise<boolean> {\r\n const parsed = parseDirectRequestPaymentChallenge(input.challenge);\r\n if (parsed.scheme !== DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME) {\r\n return false;\r\n }\r\n const expected = await createDirectRequestPaymentRecurringChallengeSignature(secret, {\r\n merchant: input.merchant,\r\n amount_minor: input.amount_minor,\r\n currency: input.currency,\r\n cadence: input.cadence,\r\n nonce: parsed.nonce,\r\n });\r\n return timingSafeEqualHex(expected, parsed.signature);\r\n}\r\n\r\nexport async function verifyDirectRequestPaymentChallenge(\r\n secret: string,\r\n input: {\r\n merchant: string;\r\n amount_minor: number;\r\n currency: DirectRequestPaymentCurrency | string;\r\n challenge: string;\r\n },\r\n): Promise<boolean> {\r\n const parsed = parseDirectRequestPaymentChallenge(input.challenge);\r\n if (parsed.scheme !== DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME) {\r\n return false;\r\n }\r\n const expected = await createDirectRequestPaymentChallengeSignature(secret, {\r\n merchant: input.merchant,\r\n amount_minor: input.amount_minor,\r\n currency: input.currency,\r\n nonce: parsed.nonce,\r\n });\r\n return timingSafeEqualHex(expected, parsed.signature);\r\n}\r\n\r\nexport async function directRequestPaymentChallengeHash(challenge: string): Promise<string> {\r\n return sha256Prefixed(requireNonEmpty(challenge, \"challenge\"));\r\n}\r\n\r\nexport async function directRequestPaymentRequestHash(input: {\r\n merchant: string;\r\n amount_minor: number;\r\n currency: DirectRequestPaymentCurrency | string;\r\n challenge: string;\r\n}): Promise<string> {\r\n const material = `${normalizeMerchant(input.merchant)}${positiveInteger(input.amount_minor, \"amount_minor\")}${normalizeCurrency(input.currency)}${requireNonEmpty(input.challenge, \"challenge\")}`;\r\n return sha256Prefixed(material);\r\n}\r\n\r\nexport function buildPaymentExecutionPayload(\r\n requirement: DirectPaymentRequirement,\r\n options: { await_finality?: boolean; metadata?: Record<string, unknown> } = {},\r\n): Web3PreparedTransactionExecutePayload {\r\n return buildPreparedTransactionExecutionPayload(requirement, requirement.transaction_request, {\r\n receipt_kind: DIRECT_REQUEST_PAYMENT_RECEIPT_KIND,\r\n await_finality: options.await_finality,\r\n metadata: options.metadata,\r\n });\r\n}\r\n\r\nexport function buildAllowanceExecutionPayload(\r\n requirement: DirectPaymentRequirement,\r\n options: { await_finality?: boolean; metadata?: Record<string, unknown> } = {},\r\n): Web3PreparedTransactionExecutePayload {\r\n const approveRequest = requirement.approve_transaction_request;\r\n if (!approveRequest || Object.keys(approveRequest).length === 0) {\r\n throw new SiglumeDirectRequestPaymentError(\"This payment requirement does not include an allowance approval transaction.\");\r\n }\r\n return buildPreparedTransactionExecutionPayload(requirement, approveRequest, {\r\n receipt_kind: DIRECT_REQUEST_PAYMENT_ALLOWANCE_RECEIPT_KIND,\r\n await_finality: options.await_finality,\r\n metadata: options.metadata,\r\n });\r\n}\r\n\r\nexport function buildPreparedTransactionExecutionPayload(\r\n requirement: DirectPaymentRequirement,\r\n transaction_request: Web3TransactionRequest,\r\n options: {\r\n receipt_kind: string;\r\n await_finality?: boolean;\r\n metadata?: Record<string, unknown>;\r\n },\r\n): Web3PreparedTransactionExecutePayload {\r\n const metadata = {\r\n ...(isRecord(transaction_request.metadata_jsonb) ? transaction_request.metadata_jsonb : {}),\r\n ...(options.metadata ?? {}),\r\n };\r\n return {\r\n transaction_request,\r\n receipt_kind: requireNonEmpty(options.receipt_kind, \"receipt_kind\"),\r\n reference_type: DIRECT_REQUEST_PAYMENT_REFERENCE_TYPE,\r\n reference_id: requirement.requirement_id,\r\n metadata,\r\n await_finality: Boolean(options.await_finality),\r\n };\r\n}\r\n\r\nexport async function computeWebhookSignature(\r\n signing_secret: string,\r\n body: Uint8Array | ArrayBuffer | string | Record<string, unknown>,\r\n options: { timestamp: number },\r\n): Promise<string> {\r\n if (!signing_secret) {\r\n throw new SiglumeWebhookSignatureError(\"SIGLUME webhook signing secret is required.\");\r\n }\r\n const timestamp = Math.trunc(options.timestamp);\r\n const bytes = bodyBytes(body);\r\n const prefix = new TextEncoder().encode(`${timestamp}.`);\r\n const payload = new Uint8Array(prefix.length + bytes.length);\r\n payload.set(prefix, 0);\r\n payload.set(bytes, prefix.length);\r\n return hmacSha256Hex(signing_secret, payload);\r\n}\r\n\r\nexport async function buildWebhookSignatureHeader(\r\n signing_secret: string,\r\n body: Uint8Array | ArrayBuffer | string | Record<string, unknown>,\r\n options: { timestamp?: number } = {},\r\n): Promise<string> {\r\n const timestamp = Math.trunc(options.timestamp ?? Date.now() / 1000);\r\n const signature = await computeWebhookSignature(signing_secret, body, { timestamp });\r\n return `t=${timestamp},v1=${signature}`;\r\n}\r\n\r\nexport async function verifyWebhookSignature(\r\n signing_secret: string,\r\n body: Uint8Array | ArrayBuffer | string | Record<string, unknown>,\r\n signature_header: string,\r\n options: { tolerance_seconds?: number; now?: number } = {},\r\n): Promise<WebhookSignatureVerification> {\r\n const { timestamp, signature } = parseSignatureHeader(signature_header);\r\n const toleranceSeconds = Math.max(1, Math.trunc(options.tolerance_seconds ?? DEFAULT_WEBHOOK_TOLERANCE_SECONDS));\r\n const nowSeconds = Math.trunc(options.now ?? Date.now() / 1000);\r\n if (Math.abs(nowSeconds - timestamp) > toleranceSeconds) {\r\n throw new SiglumeWebhookSignatureError(\"Webhook timestamp is outside the allowed tolerance window.\");\r\n }\r\n const expected = await computeWebhookSignature(signing_secret, body, { timestamp });\r\n if (!(await timingSafeEqualHex(expected, signature))) {\r\n throw new SiglumeWebhookSignatureError(\"Webhook signature did not match.\");\r\n }\r\n return { timestamp, signature };\r\n}\r\n\r\nexport function parseDirectRequestPaymentWebhookEvent(payload: unknown): DirectRequestPaymentWebhookEvent {\r\n const event = requireRecord(payload, \"webhook event\");\r\n const data = requireRecord(event.data, \"webhook event data\");\r\n const parsed = {\r\n ...event,\r\n id: requireNonEmpty(stringOrNull(event.id) ?? \"\", \"webhook event id\"),\r\n type: requireNonEmpty(stringOrNull(event.type) ?? \"\", \"webhook event type\"),\r\n api_version: requireNonEmpty(stringOrNull(event.api_version) ?? \"\", \"webhook api_version\"),\r\n occurred_at: requireNonEmpty(stringOrNull(event.occurred_at) ?? \"\", \"webhook occurred_at\"),\r\n data: { ...data },\r\n } as DirectRequestPaymentWebhookEvent;\r\n if (parsed.type === \"direct_payment.confirmed\" && parsed.data.mode !== DIRECT_REQUEST_PAYMENT_MODE) {\r\n throw new SiglumeWebhookPayloadError(\"direct_payment.confirmed webhook must carry data.mode='external_402'.\");\r\n }\r\n return parsed;\r\n}\r\n\r\nexport async function verifyDirectRequestPaymentWebhook(\r\n signing_secret: string,\r\n body: Uint8Array | ArrayBuffer | string | Record<string, unknown>,\r\n signature_header: string,\r\n options: { tolerance_seconds?: number; now?: number } = {},\r\n): Promise<{ event: DirectRequestPaymentWebhookEvent; verification: WebhookSignatureVerification }> {\r\n const verification = await verifyWebhookSignature(signing_secret, body, signature_header, options);\r\n const text = new TextDecoder().decode(bodyBytes(body));\r\n let parsed: unknown;\r\n try {\r\n parsed = JSON.parse(text);\r\n } catch (error) {\r\n throw new SiglumeWebhookPayloadError(\"Webhook body must contain valid JSON.\");\r\n }\r\n return { event: parseDirectRequestPaymentWebhookEvent(parsed), verification };\r\n}\r\n\r\nexport const createExternal402Challenge = createDirectRequestPaymentChallenge;\r\nexport const verifyExternal402Challenge = verifyDirectRequestPaymentChallenge;\r\n\r\nfunction normalizeMerchant(value: string): string {\r\n const merchant = requireNonEmpty(value, \"merchant\").toLowerCase();\r\n if (!/^[a-z0-9][a-z0-9._-]{0,95}$/.test(merchant)) {\r\n throw new SiglumeDirectRequestPaymentError(\"merchant must be a lowercase key using letters, numbers, dot, underscore, or hyphen.\");\r\n }\r\n return merchant;\r\n}\r\n\r\nfunction normalizeSelfServiceMerchant(value: string): string {\r\n const merchant = requireNonEmpty(value, \"merchant\").toLowerCase();\r\n if (!/^[a-z0-9][a-z0-9_-]{2,63}$/.test(merchant)) {\r\n throw new SiglumeDirectRequestPaymentError(\"merchant must be 3-64 chars using lowercase letters, numbers, underscore, or hyphen.\");\r\n }\r\n return merchant;\r\n}\r\n\r\nfunction normalizeBillingPlan(value: string): DirectRequestPaymentBillingPlan {\r\n const plan = requireNonEmpty(value, \"billing_plan\").toLowerCase();\r\n if (plan === \"launch\" || plan === \"free\" || plan === \"starter\" || plan === \"growth\" || plan === \"pro\") {\r\n return plan;\r\n }\r\n throw new SiglumeDirectRequestPaymentError(\"billing_plan must be launch, starter, growth, or pro.\");\r\n}\r\n\r\nfunction normalizeCurrency(value: string): DirectRequestPaymentCurrency {\r\n const currency = requireNonEmpty(value, \"currency\").toUpperCase();\r\n if (currency !== \"JPY\" && currency !== \"USD\") {\r\n throw new SiglumeDirectRequestPaymentError(\"currency must be JPY or USD.\");\r\n }\r\n return currency;\r\n}\r\n\r\nfunction normalizeToken(value: string): DirectRequestPaymentToken {\r\n const token = requireNonEmpty(value, \"token_symbol\").toUpperCase();\r\n if (token !== \"JPYC\" && token !== \"USDC\") {\r\n throw new SiglumeDirectRequestPaymentError(\"token_symbol must be JPYC or USDC.\");\r\n }\r\n return token;\r\n}\r\n\r\nfunction normalizeAllowedCurrencies(value: Record<string, string> | Array<DirectRequestPaymentCurrency | string>): Record<string, string> {\r\n const normalized: Record<string, string> = {};\r\n if (Array.isArray(value)) {\r\n for (const item of value) {\r\n const currency = normalizeCurrency(item);\r\n normalized[currency] = defaultTokenForCurrency(currency);\r\n }\r\n } else if (isRecord(value)) {\r\n for (const [rawCurrency, rawToken] of Object.entries(value)) {\r\n normalized[normalizeCurrency(rawCurrency)] = normalizeToken(String(rawToken));\r\n }\r\n } else {\r\n throw new SiglumeDirectRequestPaymentError(\"allowed_currencies must be an array or a currency-to-token object.\");\r\n }\r\n if (Object.keys(normalized).length === 0) {\r\n throw new SiglumeDirectRequestPaymentError(\"allowed_currencies must include at least one currency.\");\r\n }\r\n return normalized;\r\n}\r\n\r\nfunction defaultTokenForCurrency(currency: DirectRequestPaymentCurrency): DirectRequestPaymentToken {\r\n return currency === \"JPY\" ? \"JPYC\" : \"USDC\";\r\n}\r\n\r\nfunction positiveInteger(value: number, name: string): number {\r\n const parsed = Number(value);\r\n if (!Number.isSafeInteger(parsed) || parsed <= 0) {\r\n throw new SiglumeDirectRequestPaymentError(`${name} must be a positive safe integer.`);\r\n }\r\n return parsed;\r\n}\r\n\r\nfunction requireNonEmpty(value: string, name: string): string {\r\n const text = String(value ?? \"\").trim();\r\n if (!text) {\r\n throw new SiglumeDirectRequestPaymentError(`${name} is required.`);\r\n }\r\n return text;\r\n}\r\n\r\nfunction normalizeChallengeNonce(value: string): string {\r\n const nonce = requireNonEmpty(value, \"nonce\");\r\n if (nonce.includes(\":\")) {\r\n throw new SiglumeDirectRequestPaymentError(\"nonce must not contain ':'.\");\r\n }\r\n return nonce;\r\n}\r\n\r\nfunction normalizeRecurringCadence(value: string): DirectRequestPaymentRecurringCadence {\r\n const cadence = requireNonEmpty(value, \"cadence\").toLowerCase();\r\n if (cadence !== \"monthly\" && cadence !== \"daily\") {\r\n throw new SiglumeDirectRequestPaymentError(\r\n 'cadence must be \"monthly\" (subscription) or \"daily\" (scheduled autopay).',\r\n );\r\n }\r\n return cadence;\r\n}\r\n\r\nfunction cloneJsonObject(value: Record<string, unknown>, name: string): Record<string, unknown> {\r\n try {\r\n const cloned = JSON.parse(JSON.stringify(value)) as unknown;\r\n if (!isRecord(cloned)) {\r\n throw new Error(\"not an object\");\r\n }\r\n return cloned;\r\n } catch (error) {\r\n throw new SiglumeDirectRequestPaymentError(`${name} must be a JSON-serializable object.`);\r\n }\r\n}\r\n\r\nfunction parseJson(rawText: string): unknown {\r\n try {\r\n return JSON.parse(rawText);\r\n } catch (error) {\r\n throw new SiglumeApiError(\"Siglume API returned invalid JSON.\", {\r\n status: 502,\r\n code: \"INVALID_JSON_RESPONSE\",\r\n data: rawText,\r\n });\r\n }\r\n}\r\n\r\nfunction stringOrNull(value: unknown): string | null {\r\n if (typeof value !== \"string\") {\r\n return null;\r\n }\r\n const text = value.trim();\r\n return text ? text : null;\r\n}\r\n\r\nfunction isRecord(value: unknown): value is Record<string, unknown> {\r\n return typeof value === \"object\" && value !== null && !Array.isArray(value);\r\n}\r\n\r\nfunction requireRecord(value: unknown, name: string): Record<string, unknown> {\r\n if (!isRecord(value)) {\r\n throw new SiglumeWebhookPayloadError(`${name} must be an object.`);\r\n }\r\n return value;\r\n}\r\n\r\nfunction envValue(name: string): string | undefined {\r\n if (typeof process === \"undefined\") {\r\n return undefined;\r\n }\r\n const value = process.env[name];\r\n return value && value.trim() ? value.trim() : undefined;\r\n}\r\n\r\nfunction bodyBytes(body: Uint8Array | ArrayBuffer | string | Record<string, unknown>): Uint8Array {\r\n if (body instanceof Uint8Array) {\r\n return body;\r\n }\r\n if (body instanceof ArrayBuffer) {\r\n return new Uint8Array(body);\r\n }\r\n if (typeof body === \"string\") {\r\n return new TextEncoder().encode(body);\r\n }\r\n if (isRecord(body)) {\r\n return new TextEncoder().encode(JSON.stringify(body));\r\n }\r\n throw new SiglumeWebhookPayloadError(\"Webhook body must be raw bytes, a string, or a JSON object.\");\r\n}\r\n\r\nfunction parseSignatureHeader(signatureHeader: string): { timestamp: number; signature: string } {\r\n let timestamp: number | null = null;\r\n let signature: string | null = null;\r\n for (const item of String(signatureHeader ?? \"\").split(\",\")) {\r\n const [key, value] = item.trim().split(\"=\", 2);\r\n if (key === \"t\") {\r\n const parsed = Number.parseInt(value ?? \"\", 10);\r\n if (!Number.isFinite(parsed)) {\r\n throw new SiglumeWebhookSignatureError(\"Webhook signature timestamp is invalid.\");\r\n }\r\n timestamp = parsed;\r\n }\r\n if (key === \"v1\") {\r\n signature = String(value ?? \"\").trim();\r\n }\r\n }\r\n if (timestamp === null || !signature) {\r\n throw new SiglumeWebhookSignatureError(\"Webhook signature header is incomplete.\");\r\n }\r\n return { timestamp, signature };\r\n}\r\n\r\nasync function randomNonce(): Promise<string> {\r\n if (globalThis.crypto?.randomUUID) {\r\n return globalThis.crypto.randomUUID();\r\n }\r\n const bytes = new Uint8Array(16);\r\n if (globalThis.crypto?.getRandomValues) {\r\n globalThis.crypto.getRandomValues(bytes);\r\n } else if (typeof process !== \"undefined\" && process.versions?.node) {\r\n const crypto = await import(\"node:crypto\");\r\n bytes.set(crypto.randomBytes(16));\r\n } else {\r\n throw new SiglumeDirectRequestPaymentError(\"Crypto random number generation is unavailable in this runtime.\");\r\n }\r\n return bytesToHex(bytes);\r\n}\r\n\r\nasync function hmacSha256Hex(secret: string, payload: Uint8Array): Promise<string> {\r\n if (globalThis.crypto?.subtle) {\r\n const stablePayload = new Uint8Array(payload.byteLength);\r\n stablePayload.set(payload);\r\n const key = await globalThis.crypto.subtle.importKey(\r\n \"raw\",\r\n new TextEncoder().encode(secret),\r\n { name: \"HMAC\", hash: \"SHA-256\" },\r\n false,\r\n [\"sign\"],\r\n );\r\n const digest = await globalThis.crypto.subtle.sign(\"HMAC\", key, stablePayload);\r\n return bytesToHex(new Uint8Array(digest));\r\n }\r\n if (typeof process !== \"undefined\" && process.versions?.node) {\r\n const crypto = await import(\"node:crypto\");\r\n return crypto.createHmac(\"sha256\", secret).update(Buffer.from(payload)).digest(\"hex\");\r\n }\r\n throw new SiglumeDirectRequestPaymentError(\"Web Crypto is required for HMAC-SHA256 in this runtime.\");\r\n}\r\n\r\nasync function sha256Prefixed(material: string): Promise<string> {\r\n const bytes = new TextEncoder().encode(material);\r\n if (globalThis.crypto?.subtle) {\r\n const digest = await globalThis.crypto.subtle.digest(\"SHA-256\", bytes);\r\n return `sha256:${bytesToHex(new Uint8Array(digest))}`;\r\n }\r\n if (typeof process !== \"undefined\" && process.versions?.node) {\r\n const crypto = await import(\"node:crypto\");\r\n return `sha256:${crypto.createHash(\"sha256\").update(Buffer.from(bytes)).digest(\"hex\")}`;\r\n }\r\n throw new SiglumeDirectRequestPaymentError(\"Web Crypto is required for SHA-256 in this runtime.\");\r\n}\r\n\r\nfunction bytesToHex(bytes: Uint8Array): string {\r\n return [...bytes].map((item) => item.toString(16).padStart(2, \"0\")).join(\"\");\r\n}\r\n\r\nfunction hexToBytes(hex: string): Uint8Array {\r\n const normalized = String(hex ?? \"\").trim().toLowerCase();\r\n if (normalized.length % 2 !== 0 || !/^[0-9a-f]*$/.test(normalized)) {\r\n throw new SiglumeWebhookSignatureError(\"Hex digest is invalid.\");\r\n }\r\n const bytes = new Uint8Array(normalized.length / 2);\r\n for (let index = 0; index < normalized.length; index += 2) {\r\n bytes[index / 2] = Number.parseInt(normalized.slice(index, index + 2), 16);\r\n }\r\n return bytes;\r\n}\r\n\r\nasync function timingSafeEqualHex(left: string, right: string): Promise<boolean> {\r\n const leftBytes = hexToBytes(left);\r\n const rightBytes = hexToBytes(right);\r\n if (leftBytes.length !== rightBytes.length) {\r\n return false;\r\n }\r\n let diff = 0;\r\n for (let index = 0; index < leftBytes.length; index += 1) {\r\n diff |= leftBytes[index]! ^ rightBytes[index]!;\r\n }\r\n return diff === 0;\r\n}\r\n"],"mappings":";AAAQ,IAAM,2BAA2B;AAClC,IAAM,0CAA0C;AAIhD,IAAM,oDAAoD;AAC1D,IAAM,8BAA8B;AACpC,IAAM,sCAAsC;AAC5C,IAAM,gDAAgD;AACtD,IAAM,wCAAwC;AAC9C,IAAM,oCAAoC;AA8P1C,IAAM,mCAAN,cAA+C,MAAM;AAAA,EAC1D,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,kBAAN,cAA8B,iCAAiC;AAAA,EAC3D;AAAA,EACA;AAAA,EACA;AAAA,EAET,YAAY,SAAiB,SAA4D;AACvF,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,SAAS,QAAQ;AACtB,SAAK,OAAO,QAAQ,QAAQ;AAC5B,SAAK,OAAO,QAAQ;AAAA,EACtB;AACF;AAEO,IAAM,+BAAN,cAA2C,iCAAiC;AAAA,EACjF,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,6BAAN,cAAyC,iCAAiC;AAAA,EAC/E,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,6BAAN,MAAiC;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACQ;AAAA,EAEjB,YAAY,UAA6C,CAAC,GAAG;AAC3D,UAAM,YAAY,QAAQ,cAAc,SAAS,oBAAoB;AACrE,QAAI,CAAC,WAAW;AACd,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AACA,UAAM,YAAY,QAAQ,SAAS,WAAW;AAC9C,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,iCAAiC,qDAAqD;AAAA,IAClG;AACA,SAAK,aAAa;AAClB,SAAK,YAAY,QAAQ,YAAY,SAAS,kBAAkB,KAAK,0BAA0B,QAAQ,QAAQ,EAAE;AACjH,SAAK,aAAa,KAAK,IAAI,GAAG,KAAK,MAAM,QAAQ,cAAc,IAAK,CAAC;AACrE,SAAK,aAAa,QAAQ,cAAc;AACxC,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,MAAM,yBAAyB,OAA+E;AAC5G,UAAM,UAAmC;AAAA,MACvC,MAAM;AAAA,MACN,UAAU,kBAAkB,MAAM,QAAQ;AAAA,MAC1C,cAAc,gBAAgB,MAAM,cAAc,cAAc;AAAA,MAChE,UAAU,kBAAkB,MAAM,QAAQ;AAAA,MAC1C,WAAW,gBAAgB,MAAM,WAAW,WAAW;AAAA,IACzD;AACA,QAAI,MAAM,iBAAiB,QAAW;AACpC,cAAQ,eAAe,eAAe,MAAM,YAAY;AAAA,IAC1D;AACA,QAAI,MAAM,2BAA2B,QAAW;AAC9C,cAAQ,yBAAyB,gBAAgB,MAAM,wBAAwB,wBAAwB;AAAA,IACzG;AACA,QAAI,MAAM,aAAa,QAAW;AAChC,cAAQ,WAAW,gBAAgB,MAAM,UAAU,UAAU;AAAA,IAC/D;AACA,WAAO,KAAK,QAAkC,QAAQ,kDAAkD,OAAO;AAAA,EACjH;AAAA,EAEA,MAAM,sBAAsB,gBAA2D;AACrF,WAAO,KAAK;AAAA,MACV;AAAA,MACA,kDAAkD,mBAAmB,gBAAgB,gBAAgB,gBAAgB,CAAC,CAAC;AAAA,IACzH;AAAA,EACF;AAAA,EAEA,MAAM,yBACJ,gBACA,OACmC;AACnC,WAAO,KAAK;AAAA,MACV;AAAA,MACA,kDAAkD,mBAAmB,gBAAgB,gBAAgB,gBAAgB,CAAC,CAAC;AAAA,MACvH;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,2BACJ,SAC+C;AAC/C,WAAO,KAAK;AAAA,MACV;AAAA,MACA;AAAA,MACA;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,0BACJ,aACA,UAA4E,CAAC,GAC9B;AAC/C,WAAO,KAAK,2BAA2B,6BAA6B,aAAa,OAAO,CAAC;AAAA,EAC3F;AAAA,EAEA,MAAM,4BACJ,aACA,UAA4E,CAAC,GAC9B;AAC/C,WAAO,KAAK,2BAA2B,+BAA+B,aAAa,OAAO,CAAC;AAAA,EAC7F;AAAA,EAEA,MAAM,QAAW,QAAgB,MAAc,WAAiC;AAC9E,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,UAAU,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,UAAU;AACpE,QAAI;AACF,YAAM,UAAkC;AAAA,QACtC,UAAU;AAAA,QACV,iBAAiB,UAAU,KAAK,UAAU;AAAA,QAC1C,cAAc,KAAK;AAAA,MACrB;AACA,UAAI;AACJ,UAAI,cAAc,QAAW;AAC3B,gBAAQ,cAAc,IAAI;AAC1B,eAAO,KAAK,UAAU,SAAS;AAAA,MACjC;AACA,YAAM,WAAW,MAAM,KAAK,WAAW,GAAG,KAAK,QAAQ,GAAG,IAAI,IAAI;AAAA,QAChE;AAAA,QACA;AAAA,QACA;AAAA,QACA,QAAQ,WAAW;AAAA,MACrB,CAAC;AACD,YAAM,UAAU,MAAM,SAAS,KAAK;AACpC,YAAM,SAAS,UAAU,UAAU,OAAO,IAAI,CAAC;AAC/C,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,QAAQ,SAAS,MAAM,KAAK,SAAS,OAAO,KAAK,IAAI,OAAO,QAAQ,CAAC;AAC3E,cAAM,OAAO,aAAa,MAAM,IAAI,KAAK,aAAc,OAAmC,IAAI,KAAK,QAAQ,SAAS,MAAM;AAC1H,cAAM,UAAU,aAAa,MAAM,OAAO,KAAK,aAAc,OAAmC,OAAO,KAAK,SAAS;AACrH,cAAM,IAAI,gBAAgB,SAAS,EAAE,QAAQ,SAAS,QAAQ,MAAM,MAAM,OAAO,CAAC;AAAA,MACpF;AACA,UAAI,SAAS,MAAM,KAAK,UAAU,QAAQ;AACxC,eAAO,OAAO;AAAA,MAChB;AACA,aAAO;AAAA,IACT,UAAE;AACA,mBAAa,OAAO;AAAA,IACtB;AAAA,EACF;AACF;AAEO,IAAM,qCAAN,MAAyC;AAAA,EACrC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACQ;AAAA,EAEjB,YAAY,UAA6C,CAAC,GAAG;AAC3D,UAAM,YAAY,QAAQ,cAAc,SAAS,6BAA6B,KAAK,SAAS,oBAAoB;AAChH,QAAI,CAAC,WAAW;AACd,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AACA,UAAM,YAAY,QAAQ,SAAS,WAAW;AAC9C,QAAI,CAAC,WAAW;AACd,YAAM,IAAI,iCAAiC,qDAAqD;AAAA,IAClG;AACA,SAAK,aAAa;AAClB,SAAK,YAAY,QAAQ,YAAY,SAAS,kBAAkB,KAAK,0BAA0B,QAAQ,QAAQ,EAAE;AACjH,SAAK,aAAa,KAAK,IAAI,GAAG,KAAK,MAAM,QAAQ,cAAc,IAAK,CAAC;AACrE,SAAK,aAAa,QAAQ,cAAc;AACxC,SAAK,aAAa;AAAA,EACpB;AAAA,EAEA,MAAM,cAAc,OAA8F;AAChH,UAAM,UAAmC;AAAA,MACvC,UAAU,6BAA6B,MAAM,QAAQ;AAAA,MACrD,cAAc,qBAAqB,MAAM,gBAAgB,QAAQ;AAAA,MACjE,kBAAkB,kBAAkB,MAAM,oBAAoB,KAAK;AAAA,IACrE;AACA,QAAI,MAAM,iBAAiB,QAAW;AACpC,cAAQ,eAAe,gBAAgB,MAAM,cAAc,cAAc;AAAA,IAC3E;AACA,QAAI,MAAM,uBAAuB,QAAW;AAC1C,cAAQ,qBAAqB,2BAA2B,MAAM,kBAAkB;AAAA,IAClF;AACA,QAAI,MAAM,yBAAyB,QAAW;AAC5C,cAAQ,uBAAuB,gBAAgB,MAAM,sBAAsB,sBAAsB;AAAA,IACnG;AACA,QAAI,MAAM,8BAA8B,QAAW;AACjD,cAAQ,4BAA4B,gBAAgB,MAAM,2BAA2B,2BAA2B;AAAA,IAClH;AACA,QAAI,MAAM,qBAAqB,QAAW;AACxC,cAAQ,mBAAmB,gBAAgB,MAAM,kBAAkB,kBAAkB;AAAA,IACvF;AACA,WAAO,KAAK,QAA8C,QAAQ,+CAA+C,OAAO;AAAA,EAC1H;AAAA,EAEA,MAAM,YAAY,UAAiE;AACjF,WAAO,KAAK;AAAA,MACV;AAAA,MACA,+CAA+C,mBAAmB,6BAA6B,QAAQ,CAAC,CAAC;AAAA,IAC3G;AAAA,EACF;AAAA,EAEA,MAAM,sBAAsB,UAAiE;AAC3F,WAAO,KAAK;AAAA,MACV;AAAA,MACA,+CAA+C,mBAAmB,6BAA6B,QAAQ,CAAC,CAAC;AAAA,IAC3G;AAAA,EACF;AAAA,EAEA,MAAM,sBACJ,UACA,QAAyD,CAAC,GACX;AAC/C,UAAM,UAAmC,CAAC;AAC1C,QAAI,MAAM,aAAa,QAAW;AAChC,cAAQ,WAAW,kBAAkB,MAAM,QAAQ;AAAA,IACrD;AACA,QAAI,MAAM,qBAAqB,QAAW;AACxC,cAAQ,mBAAmB,kBAAkB,MAAM,gBAAgB;AAAA,IACrE;AACA,QAAI,MAAM,qBAAqB,QAAW;AACxC,cAAQ,mBAAmB,gBAAgB,MAAM,kBAAkB,kBAAkB;AAAA,IACvF;AACA,WAAO,KAAK;AAAA,MACV;AAAA,MACA,+CAA+C,mBAAmB,6BAA6B,QAAQ,CAAC,CAAC;AAAA,MACzG;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,0BACJ,OACkD;AAClD,UAAM,UAAmC;AAAA,MACvC,cAAc,gBAAgB,MAAM,cAAc,cAAc;AAAA,MAChE,aAAa,MAAM,aAAa,SAC5B,MAAM,YAAY,IAAI,CAAC,cAAc,gBAAgB,WAAW,YAAY,CAAC,IAC7E,CAAC,4BAA4B,sBAAsB;AAAA,IACzD;AACA,QAAI,MAAM,gBAAgB,QAAW;AACnC,cAAQ,cAAc,gBAAgB,MAAM,aAAa,aAAa;AAAA,IACxE;AACA,QAAI,MAAM,aAAa,QAAW;AAChC,cAAQ,WAAW,gBAAgB,MAAM,UAAU,UAAU;AAAA,IAC/D;AACA,WAAO,KAAK,QAAiD,QAAQ,kCAAkC,OAAO;AAAA,EAChH;AAAA,EAEA,MAAM,cAAc,OAAiG;AACnH,UAAM,WAAW,MAAM,KAAK,cAAc,KAAK;AAC/C,UAAM,cAAc,SAAS,iBAAiB;AAC9C,UAAM,kBAAkB,MAAM,4BAA4B,QACtD,OACA,MAAM,KAAK,sBAAsB,aAAa;AAAA,MAC9C,kBAAkB,SAAS,iBAAiB,oBAAoB,MAAM,oBAAoB;AAAA,MAC1F,kBAAkB,MAAM,oBAAoB,MAAM;AAAA,IACpD,CAAC;AACH,UAAM,sBAAsB,MAAM,+BAA+B,QAAQ,MAAM,oBAAoB;AACnG,UAAM,uBAAuB,uBAAuB,MAAM,uBACtD,MAAM,KAAK,0BAA0B;AAAA,MACrC,cAAc,MAAM;AAAA,MACpB,aAAa,MAAM,uBAAuB,GAAG,WAAW;AAAA,MACxD,aAAa,MAAM;AAAA,MACnB,UAAU,EAAE,UAAU,aAAa,KAAK,kCAAkC;AAAA,IAC5E,CAAC,IACC;AACJ,UAAM,MAA8B;AAAA,MAClC,iCAAiC;AAAA,IACnC;AACA,QAAI,SAAS,kBAAkB;AAC7B,UAAI,0CAA0C,SAAS;AAAA,IACzD;AACA,UAAM,gBAAgB,aAAa,sBAAsB,cAAc;AACvE,QAAI,eAAe;AACjB,UAAI,yBAAyB;AAAA,IAC/B;AACA,WAAO,EAAE,UAAU,iBAAiB,sBAAsB,IAAI;AAAA,EAChE;AAAA,EAEA,MAAM,QAAW,QAAgB,MAAc,WAAiC;AAC9E,UAAM,aAAa,IAAI,gBAAgB;AACvC,UAAM,UAAU,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,UAAU;AACpE,QAAI;AACF,YAAM,UAAkC;AAAA,QACtC,UAAU;AAAA,QACV,iBAAiB,UAAU,KAAK,UAAU;AAAA,QAC1C,cAAc,KAAK;AAAA,MACrB;AACA,UAAI;AACJ,UAAI,cAAc,QAAW;AAC3B,gBAAQ,cAAc,IAAI;AAC1B,eAAO,KAAK,UAAU,SAAS;AAAA,MACjC;AACA,YAAM,WAAW,MAAM,KAAK,WAAW,GAAG,KAAK,QAAQ,GAAG,IAAI,IAAI;AAAA,QAChE;AAAA,QACA;AAAA,QACA;AAAA,QACA,QAAQ,WAAW;AAAA,MACrB,CAAC;AACD,YAAM,UAAU,MAAM,SAAS,KAAK;AACpC,YAAM,SAAS,UAAU,UAAU,OAAO,IAAI,CAAC;AAC/C,UAAI,CAAC,SAAS,IAAI;AAChB,cAAM,QAAQ,SAAS,MAAM,KAAK,SAAS,OAAO,KAAK,IAAI,OAAO,QAAQ,CAAC;AAC3E,cAAM,OAAO,aAAa,MAAM,IAAI,KAAK,aAAc,OAAmC,IAAI,KAAK,QAAQ,SAAS,MAAM;AAC1H,cAAM,UAAU,aAAa,MAAM,OAAO,KAAK,aAAc,OAAmC,OAAO,KAAK,SAAS;AACrH,cAAM,IAAI,gBAAgB,SAAS,EAAE,QAAQ,SAAS,QAAQ,MAAM,MAAM,OAAO,CAAC;AAAA,MACpF;AACA,UAAI,SAAS,MAAM,KAAK,UAAU,QAAQ;AACxC,eAAO,OAAO;AAAA,MAChB;AACA,aAAO;AAAA,IACT,UAAE;AACA,mBAAa,OAAO;AAAA,IACtB;AAAA,EACF;AACF;AAEA,eAAsB,oCACpB,OACwC;AACxC,QAAM,WAAW,kBAAkB,MAAM,QAAQ;AACjD,QAAM,eAAe,gBAAgB,MAAM,cAAc,cAAc;AACvE,QAAM,WAAW,kBAAkB,MAAM,QAAQ;AACjD,QAAM,QAAQ,MAAM,QAAQ,wBAAwB,MAAM,KAAK,IAAI,MAAM,YAAY;AACrF,QAAM,YAAY,MAAM,6CAA6C,MAAM,QAAQ;AAAA,IACjF;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACD,QAAM,YAAY,GAAG,uCAAuC,IAAI,KAAK,IAAI,SAAS;AAClF,SAAO;AAAA,IACL,QAAQ;AAAA,IACR;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,gBAAgB,MAAM,eAAe,SAAS;AAAA,EAChD;AACF;AAEA,eAAsB,6CACpB,QACA,OAMiB;AACjB,QAAM,mBAAmB,gBAAgB,QAAQ,QAAQ;AACzD,QAAM,WAAW,kBAAkB,MAAM,QAAQ;AACjD,QAAM,SAAS,gBAAgB,MAAM,cAAc,cAAc;AACjE,QAAM,WAAW,kBAAkB,MAAM,QAAQ;AACjD,QAAM,QAAQ,wBAAwB,MAAM,KAAK;AACjD,QAAM,WAAW,GAAG,QAAQ,IAAI,MAAM,IAAI,QAAQ,IAAI,KAAK;AAC3D,SAAO,cAAc,kBAAkB,IAAI,YAAY,EAAE,OAAO,QAAQ,CAAC;AAC3E;AAEO,SAAS,mCAAmC,WAAwD;AACzG,QAAM,QAAQ,gBAAgB,WAAW,WAAW,EAAE,MAAM,GAAG;AAC/D,MAAI,MAAM,WAAW,GAAG;AACtB,UAAM,IAAI,iCAAiC,kEAAkE;AAAA,EAC/G;AACA,QAAM,CAAC,QAAQ,OAAO,SAAS,IAAI;AACnC,MAAI,CAAC,UAAU,CAAC,SAAS,CAAC,WAAW;AACnC,UAAM,IAAI,iCAAiC,iDAAiD;AAAA,EAC9F;AACA,SAAO,EAAE,QAAQ,OAAO,UAAU;AACpC;AAOA,eAAsB,6CACpB,OACiD;AACjD,QAAM,WAAW,kBAAkB,MAAM,QAAQ;AACjD,QAAM,eAAe,gBAAgB,MAAM,cAAc,cAAc;AACvE,QAAM,WAAW,kBAAkB,MAAM,QAAQ;AACjD,QAAM,UAAU,0BAA0B,MAAM,OAAO;AACvD,QAAM,QAAQ,MAAM,QAAQ,wBAAwB,MAAM,KAAK,IAAI,MAAM,YAAY;AACrF,QAAM,YAAY,MAAM,sDAAsD,MAAM,QAAQ;AAAA,IAC1F;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF,CAAC;AACD,QAAM,YAAY,GAAG,iDAAiD,IAAI,KAAK,IAAI,SAAS;AAC5F,SAAO;AAAA,IACL,QAAQ;AAAA,IACR;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA,gBAAgB,MAAM,eAAe,SAAS;AAAA,EAChD;AACF;AAEA,eAAsB,sDACpB,QACA,OAOiB;AACjB,QAAM,mBAAmB,gBAAgB,QAAQ,QAAQ;AACzD,QAAM,WAAW,kBAAkB,MAAM,QAAQ;AACjD,QAAM,SAAS,gBAAgB,MAAM,cAAc,cAAc;AACjE,QAAM,WAAW,kBAAkB,MAAM,QAAQ;AACjD,QAAM,UAAU,0BAA0B,MAAM,OAAO;AACvD,QAAM,QAAQ,wBAAwB,MAAM,KAAK;AAGjD,QAAM,WAAW,GAAG,QAAQ,IAAI,MAAM,IAAI,QAAQ,IAAI,OAAO,IAAI,KAAK;AACtE,SAAO,cAAc,kBAAkB,IAAI,YAAY,EAAE,OAAO,QAAQ,CAAC;AAC3E;AAEA,eAAsB,6CACpB,QACA,OAOkB;AAClB,QAAM,SAAS,mCAAmC,MAAM,SAAS;AACjE,MAAI,OAAO,WAAW,mDAAmD;AACvE,WAAO;AAAA,EACT;AACA,QAAM,WAAW,MAAM,sDAAsD,QAAQ;AAAA,IACnF,UAAU,MAAM;AAAA,IAChB,cAAc,MAAM;AAAA,IACpB,UAAU,MAAM;AAAA,IAChB,SAAS,MAAM;AAAA,IACf,OAAO,OAAO;AAAA,EAChB,CAAC;AACD,SAAO,mBAAmB,UAAU,OAAO,SAAS;AACtD;AAEA,eAAsB,oCACpB,QACA,OAMkB;AAClB,QAAM,SAAS,mCAAmC,MAAM,SAAS;AACjE,MAAI,OAAO,WAAW,yCAAyC;AAC7D,WAAO;AAAA,EACT;AACA,QAAM,WAAW,MAAM,6CAA6C,QAAQ;AAAA,IAC1E,UAAU,MAAM;AAAA,IAChB,cAAc,MAAM;AAAA,IACpB,UAAU,MAAM;AAAA,IAChB,OAAO,OAAO;AAAA,EAChB,CAAC;AACD,SAAO,mBAAmB,UAAU,OAAO,SAAS;AACtD;AAEA,eAAsB,kCAAkC,WAAoC;AAC1F,SAAO,eAAe,gBAAgB,WAAW,WAAW,CAAC;AAC/D;AAEA,eAAsB,gCAAgC,OAKlC;AAClB,QAAM,WAAW,GAAG,kBAAkB,MAAM,QAAQ,CAAC,GAAG,gBAAgB,MAAM,cAAc,cAAc,CAAC,GAAG,kBAAkB,MAAM,QAAQ,CAAC,GAAG,gBAAgB,MAAM,WAAW,WAAW,CAAC;AAC/L,SAAO,eAAe,QAAQ;AAChC;AAEO,SAAS,6BACd,aACA,UAA4E,CAAC,GACtC;AACvC,SAAO,yCAAyC,aAAa,YAAY,qBAAqB;AAAA,IAC5F,cAAc;AAAA,IACd,gBAAgB,QAAQ;AAAA,IACxB,UAAU,QAAQ;AAAA,EACpB,CAAC;AACH;AAEO,SAAS,+BACd,aACA,UAA4E,CAAC,GACtC;AACvC,QAAM,iBAAiB,YAAY;AACnC,MAAI,CAAC,kBAAkB,OAAO,KAAK,cAAc,EAAE,WAAW,GAAG;AAC/D,UAAM,IAAI,iCAAiC,8EAA8E;AAAA,EAC3H;AACA,SAAO,yCAAyC,aAAa,gBAAgB;AAAA,IAC3E,cAAc;AAAA,IACd,gBAAgB,QAAQ;AAAA,IACxB,UAAU,QAAQ;AAAA,EACpB,CAAC;AACH;AAEO,SAAS,yCACd,aACA,qBACA,SAKuC;AACvC,QAAM,WAAW;AAAA,IACf,GAAI,SAAS,oBAAoB,cAAc,IAAI,oBAAoB,iBAAiB,CAAC;AAAA,IACzF,GAAI,QAAQ,YAAY,CAAC;AAAA,EAC3B;AACA,SAAO;AAAA,IACL;AAAA,IACA,cAAc,gBAAgB,QAAQ,cAAc,cAAc;AAAA,IAClE,gBAAgB;AAAA,IAChB,cAAc,YAAY;AAAA,IAC1B;AAAA,IACA,gBAAgB,QAAQ,QAAQ,cAAc;AAAA,EAChD;AACF;AAEA,eAAsB,wBACpB,gBACA,MACA,SACiB;AACjB,MAAI,CAAC,gBAAgB;AACnB,UAAM,IAAI,6BAA6B,6CAA6C;AAAA,EACtF;AACA,QAAM,YAAY,KAAK,MAAM,QAAQ,SAAS;AAC9C,QAAM,QAAQ,UAAU,IAAI;AAC5B,QAAM,SAAS,IAAI,YAAY,EAAE,OAAO,GAAG,SAAS,GAAG;AACvD,QAAM,UAAU,IAAI,WAAW,OAAO,SAAS,MAAM,MAAM;AAC3D,UAAQ,IAAI,QAAQ,CAAC;AACrB,UAAQ,IAAI,OAAO,OAAO,MAAM;AAChC,SAAO,cAAc,gBAAgB,OAAO;AAC9C;AAEA,eAAsB,4BACpB,gBACA,MACA,UAAkC,CAAC,GAClB;AACjB,QAAM,YAAY,KAAK,MAAM,QAAQ,aAAa,KAAK,IAAI,IAAI,GAAI;AACnE,QAAM,YAAY,MAAM,wBAAwB,gBAAgB,MAAM,EAAE,UAAU,CAAC;AACnF,SAAO,KAAK,SAAS,OAAO,SAAS;AACvC;AAEA,eAAsB,uBACpB,gBACA,MACA,kBACA,UAAwD,CAAC,GAClB;AACvC,QAAM,EAAE,WAAW,UAAU,IAAI,qBAAqB,gBAAgB;AACtE,QAAM,mBAAmB,KAAK,IAAI,GAAG,KAAK,MAAM,QAAQ,qBAAqB,iCAAiC,CAAC;AAC/G,QAAM,aAAa,KAAK,MAAM,QAAQ,OAAO,KAAK,IAAI,IAAI,GAAI;AAC9D,MAAI,KAAK,IAAI,aAAa,SAAS,IAAI,kBAAkB;AACvD,UAAM,IAAI,6BAA6B,4DAA4D;AAAA,EACrG;AACA,QAAM,WAAW,MAAM,wBAAwB,gBAAgB,MAAM,EAAE,UAAU,CAAC;AAClF,MAAI,CAAE,MAAM,mBAAmB,UAAU,SAAS,GAAI;AACpD,UAAM,IAAI,6BAA6B,kCAAkC;AAAA,EAC3E;AACA,SAAO,EAAE,WAAW,UAAU;AAChC;AAEO,SAAS,sCAAsC,SAAoD;AACxG,QAAM,QAAQ,cAAc,SAAS,eAAe;AACpD,QAAM,OAAO,cAAc,MAAM,MAAM,oBAAoB;AAC3D,QAAM,SAAS;AAAA,IACb,GAAG;AAAA,IACH,IAAI,gBAAgB,aAAa,MAAM,EAAE,KAAK,IAAI,kBAAkB;AAAA,IACpE,MAAM,gBAAgB,aAAa,MAAM,IAAI,KAAK,IAAI,oBAAoB;AAAA,IAC1E,aAAa,gBAAgB,aAAa,MAAM,WAAW,KAAK,IAAI,qBAAqB;AAAA,IACzF,aAAa,gBAAgB,aAAa,MAAM,WAAW,KAAK,IAAI,qBAAqB;AAAA,IACzF,MAAM,EAAE,GAAG,KAAK;AAAA,EAClB;AACA,MAAI,OAAO,SAAS,8BAA8B,OAAO,KAAK,SAAS,6BAA6B;AAClG,UAAM,IAAI,2BAA2B,uEAAuE;AAAA,EAC9G;AACA,SAAO;AACT;AAEA,eAAsB,kCACpB,gBACA,MACA,kBACA,UAAwD,CAAC,GACyC;AAClG,QAAM,eAAe,MAAM,uBAAuB,gBAAgB,MAAM,kBAAkB,OAAO;AACjG,QAAM,OAAO,IAAI,YAAY,EAAE,OAAO,UAAU,IAAI,CAAC;AACrD,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,IAAI;AAAA,EAC1B,SAAS,OAAO;AACd,UAAM,IAAI,2BAA2B,uCAAuC;AAAA,EAC9E;AACA,SAAO,EAAE,OAAO,sCAAsC,MAAM,GAAG,aAAa;AAC9E;AAEO,IAAM,6BAA6B;AACnC,IAAM,6BAA6B;AAE1C,SAAS,kBAAkB,OAAuB;AAChD,QAAM,WAAW,gBAAgB,OAAO,UAAU,EAAE,YAAY;AAChE,MAAI,CAAC,8BAA8B,KAAK,QAAQ,GAAG;AACjD,UAAM,IAAI,iCAAiC,sFAAsF;AAAA,EACnI;AACA,SAAO;AACT;AAEA,SAAS,6BAA6B,OAAuB;AAC3D,QAAM,WAAW,gBAAgB,OAAO,UAAU,EAAE,YAAY;AAChE,MAAI,CAAC,6BAA6B,KAAK,QAAQ,GAAG;AAChD,UAAM,IAAI,iCAAiC,sFAAsF;AAAA,EACnI;AACA,SAAO;AACT;AAEA,SAAS,qBAAqB,OAAgD;AAC5E,QAAM,OAAO,gBAAgB,OAAO,cAAc,EAAE,YAAY;AAChE,MAAI,SAAS,YAAY,SAAS,UAAU,SAAS,aAAa,SAAS,YAAY,SAAS,OAAO;AACrG,WAAO;AAAA,EACT;AACA,QAAM,IAAI,iCAAiC,uDAAuD;AACpG;AAEA,SAAS,kBAAkB,OAA6C;AACtE,QAAM,WAAW,gBAAgB,OAAO,UAAU,EAAE,YAAY;AAChE,MAAI,aAAa,SAAS,aAAa,OAAO;AAC5C,UAAM,IAAI,iCAAiC,8BAA8B;AAAA,EAC3E;AACA,SAAO;AACT;AAEA,SAAS,eAAe,OAA0C;AAChE,QAAM,QAAQ,gBAAgB,OAAO,cAAc,EAAE,YAAY;AACjE,MAAI,UAAU,UAAU,UAAU,QAAQ;AACxC,UAAM,IAAI,iCAAiC,oCAAoC;AAAA,EACjF;AACA,SAAO;AACT;AAEA,SAAS,2BAA2B,OAAsG;AACxI,QAAM,aAAqC,CAAC;AAC5C,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,eAAW,QAAQ,OAAO;AACxB,YAAM,WAAW,kBAAkB,IAAI;AACvC,iBAAW,QAAQ,IAAI,wBAAwB,QAAQ;AAAA,IACzD;AAAA,EACF,WAAW,SAAS,KAAK,GAAG;AAC1B,eAAW,CAAC,aAAa,QAAQ,KAAK,OAAO,QAAQ,KAAK,GAAG;AAC3D,iBAAW,kBAAkB,WAAW,CAAC,IAAI,eAAe,OAAO,QAAQ,CAAC;AAAA,IAC9E;AAAA,EACF,OAAO;AACL,UAAM,IAAI,iCAAiC,oEAAoE;AAAA,EACjH;AACA,MAAI,OAAO,KAAK,UAAU,EAAE,WAAW,GAAG;AACxC,UAAM,IAAI,iCAAiC,wDAAwD;AAAA,EACrG;AACA,SAAO;AACT;AAEA,SAAS,wBAAwB,UAAmE;AAClG,SAAO,aAAa,QAAQ,SAAS;AACvC;AAEA,SAAS,gBAAgB,OAAe,MAAsB;AAC5D,QAAM,SAAS,OAAO,KAAK;AAC3B,MAAI,CAAC,OAAO,cAAc,MAAM,KAAK,UAAU,GAAG;AAChD,UAAM,IAAI,iCAAiC,GAAG,IAAI,mCAAmC;AAAA,EACvF;AACA,SAAO;AACT;AAEA,SAAS,gBAAgB,OAAe,MAAsB;AAC5D,QAAM,OAAO,OAAO,SAAS,EAAE,EAAE,KAAK;AACtC,MAAI,CAAC,MAAM;AACT,UAAM,IAAI,iCAAiC,GAAG,IAAI,eAAe;AAAA,EACnE;AACA,SAAO;AACT;AAEA,SAAS,wBAAwB,OAAuB;AACtD,QAAM,QAAQ,gBAAgB,OAAO,OAAO;AAC5C,MAAI,MAAM,SAAS,GAAG,GAAG;AACvB,UAAM,IAAI,iCAAiC,6BAA6B;AAAA,EAC1E;AACA,SAAO;AACT;AAEA,SAAS,0BAA0B,OAAqD;AACtF,QAAM,UAAU,gBAAgB,OAAO,SAAS,EAAE,YAAY;AAC9D,MAAI,YAAY,aAAa,YAAY,SAAS;AAChD,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AACA,SAAO;AACT;AAEA,SAAS,gBAAgB,OAAgC,MAAuC;AAC9F,MAAI;AACF,UAAM,SAAS,KAAK,MAAM,KAAK,UAAU,KAAK,CAAC;AAC/C,QAAI,CAAC,SAAS,MAAM,GAAG;AACrB,YAAM,IAAI,MAAM,eAAe;AAAA,IACjC;AACA,WAAO;AAAA,EACT,SAAS,OAAO;AACd,UAAM,IAAI,iCAAiC,GAAG,IAAI,sCAAsC;AAAA,EAC1F;AACF;AAEA,SAAS,UAAU,SAA0B;AAC3C,MAAI;AACF,WAAO,KAAK,MAAM,OAAO;AAAA,EAC3B,SAAS,OAAO;AACd,UAAM,IAAI,gBAAgB,sCAAsC;AAAA,MAC9D,QAAQ;AAAA,MACR,MAAM;AAAA,MACN,MAAM;AAAA,IACR,CAAC;AAAA,EACH;AACF;AAEA,SAAS,aAAa,OAA+B;AACnD,MAAI,OAAO,UAAU,UAAU;AAC7B,WAAO;AAAA,EACT;AACA,QAAM,OAAO,MAAM,KAAK;AACxB,SAAO,OAAO,OAAO;AACvB;AAEA,SAAS,SAAS,OAAkD;AAClE,SAAO,OAAO,UAAU,YAAY,UAAU,QAAQ,CAAC,MAAM,QAAQ,KAAK;AAC5E;AAEA,SAAS,cAAc,OAAgB,MAAuC;AAC5E,MAAI,CAAC,SAAS,KAAK,GAAG;AACpB,UAAM,IAAI,2BAA2B,GAAG,IAAI,qBAAqB;AAAA,EACnE;AACA,SAAO;AACT;AAEA,SAAS,SAAS,MAAkC;AAClD,MAAI,OAAO,YAAY,aAAa;AAClC,WAAO;AAAA,EACT;AACA,QAAM,QAAQ,QAAQ,IAAI,IAAI;AAC9B,SAAO,SAAS,MAAM,KAAK,IAAI,MAAM,KAAK,IAAI;AAChD;AAEA,SAAS,UAAU,MAA+E;AAChG,MAAI,gBAAgB,YAAY;AAC9B,WAAO;AAAA,EACT;AACA,MAAI,gBAAgB,aAAa;AAC/B,WAAO,IAAI,WAAW,IAAI;AAAA,EAC5B;AACA,MAAI,OAAO,SAAS,UAAU;AAC5B,WAAO,IAAI,YAAY,EAAE,OAAO,IAAI;AAAA,EACtC;AACA,MAAI,SAAS,IAAI,GAAG;AAClB,WAAO,IAAI,YAAY,EAAE,OAAO,KAAK,UAAU,IAAI,CAAC;AAAA,EACtD;AACA,QAAM,IAAI,2BAA2B,6DAA6D;AACpG;AAEA,SAAS,qBAAqB,iBAAmE;AAC/F,MAAI,YAA2B;AAC/B,MAAI,YAA2B;AAC/B,aAAW,QAAQ,OAAO,mBAAmB,EAAE,EAAE,MAAM,GAAG,GAAG;AAC3D,UAAM,CAAC,KAAK,KAAK,IAAI,KAAK,KAAK,EAAE,MAAM,KAAK,CAAC;AAC7C,QAAI,QAAQ,KAAK;AACf,YAAM,SAAS,OAAO,SAAS,SAAS,IAAI,EAAE;AAC9C,UAAI,CAAC,OAAO,SAAS,MAAM,GAAG;AAC5B,cAAM,IAAI,6BAA6B,yCAAyC;AAAA,MAClF;AACA,kBAAY;AAAA,IACd;AACA,QAAI,QAAQ,MAAM;AAChB,kBAAY,OAAO,SAAS,EAAE,EAAE,KAAK;AAAA,IACvC;AAAA,EACF;AACA,MAAI,cAAc,QAAQ,CAAC,WAAW;AACpC,UAAM,IAAI,6BAA6B,yCAAyC;AAAA,EAClF;AACA,SAAO,EAAE,WAAW,UAAU;AAChC;AAEA,eAAe,cAA+B;AAC5C,MAAI,WAAW,QAAQ,YAAY;AACjC,WAAO,WAAW,OAAO,WAAW;AAAA,EACtC;AACA,QAAM,QAAQ,IAAI,WAAW,EAAE;AAC/B,MAAI,WAAW,QAAQ,iBAAiB;AACtC,eAAW,OAAO,gBAAgB,KAAK;AAAA,EACzC,WAAW,OAAO,YAAY,eAAe,QAAQ,UAAU,MAAM;AACnE,UAAM,SAAS,MAAM,OAAO,QAAa;AACzC,UAAM,IAAI,OAAO,YAAY,EAAE,CAAC;AAAA,EAClC,OAAO;AACL,UAAM,IAAI,iCAAiC,iEAAiE;AAAA,EAC9G;AACA,SAAO,WAAW,KAAK;AACzB;AAEA,eAAe,cAAc,QAAgB,SAAsC;AACjF,MAAI,WAAW,QAAQ,QAAQ;AAC7B,UAAM,gBAAgB,IAAI,WAAW,QAAQ,UAAU;AACvD,kBAAc,IAAI,OAAO;AACzB,UAAM,MAAM,MAAM,WAAW,OAAO,OAAO;AAAA,MACzC;AAAA,MACA,IAAI,YAAY,EAAE,OAAO,MAAM;AAAA,MAC/B,EAAE,MAAM,QAAQ,MAAM,UAAU;AAAA,MAChC;AAAA,MACA,CAAC,MAAM;AAAA,IACT;AACA,UAAM,SAAS,MAAM,WAAW,OAAO,OAAO,KAAK,QAAQ,KAAK,aAAa;AAC7E,WAAO,WAAW,IAAI,WAAW,MAAM,CAAC;AAAA,EAC1C;AACA,MAAI,OAAO,YAAY,eAAe,QAAQ,UAAU,MAAM;AAC5D,UAAM,SAAS,MAAM,OAAO,QAAa;AACzC,WAAO,OAAO,WAAW,UAAU,MAAM,EAAE,OAAO,OAAO,KAAK,OAAO,CAAC,EAAE,OAAO,KAAK;AAAA,EACtF;AACA,QAAM,IAAI,iCAAiC,yDAAyD;AACtG;AAEA,eAAe,eAAe,UAAmC;AAC/D,QAAM,QAAQ,IAAI,YAAY,EAAE,OAAO,QAAQ;AAC/C,MAAI,WAAW,QAAQ,QAAQ;AAC7B,UAAM,SAAS,MAAM,WAAW,OAAO,OAAO,OAAO,WAAW,KAAK;AACrE,WAAO,UAAU,WAAW,IAAI,WAAW,MAAM,CAAC,CAAC;AAAA,EACrD;AACA,MAAI,OAAO,YAAY,eAAe,QAAQ,UAAU,MAAM;AAC5D,UAAM,SAAS,MAAM,OAAO,QAAa;AACzC,WAAO,UAAU,OAAO,WAAW,QAAQ,EAAE,OAAO,OAAO,KAAK,KAAK,CAAC,EAAE,OAAO,KAAK,CAAC;AAAA,EACvF;AACA,QAAM,IAAI,iCAAiC,qDAAqD;AAClG;AAEA,SAAS,WAAW,OAA2B;AAC7C,SAAO,CAAC,GAAG,KAAK,EAAE,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAAE,KAAK,EAAE;AAC7E;AAEA,SAAS,WAAW,KAAyB;AAC3C,QAAM,aAAa,OAAO,OAAO,EAAE,EAAE,KAAK,EAAE,YAAY;AACxD,MAAI,WAAW,SAAS,MAAM,KAAK,CAAC,cAAc,KAAK,UAAU,GAAG;AAClE,UAAM,IAAI,6BAA6B,wBAAwB;AAAA,EACjE;AACA,QAAM,QAAQ,IAAI,WAAW,WAAW,SAAS,CAAC;AAClD,WAAS,QAAQ,GAAG,QAAQ,WAAW,QAAQ,SAAS,GAAG;AACzD,UAAM,QAAQ,CAAC,IAAI,OAAO,SAAS,WAAW,MAAM,OAAO,QAAQ,CAAC,GAAG,EAAE;AAAA,EAC3E;AACA,SAAO;AACT;AAEA,eAAe,mBAAmB,MAAc,OAAiC;AAC/E,QAAM,YAAY,WAAW,IAAI;AACjC,QAAM,aAAa,WAAW,KAAK;AACnC,MAAI,UAAU,WAAW,WAAW,QAAQ;AAC1C,WAAO;AAAA,EACT;AACA,MAAI,OAAO;AACX,WAAS,QAAQ,GAAG,QAAQ,UAAU,QAAQ,SAAS,GAAG;AACxD,YAAQ,UAAU,KAAK,IAAK,WAAW,KAAK;AAAA,EAC9C;AACA,SAAO,SAAS;AAClB;","names":[]}
package/docs/announcement-ja.md ADDED
@@ -0,0 +1,64 @@
1
+ # Siglume Direct Request Payment SDK 公開ドラフト
2
+
3
+ Siglume Direct Request Payment 向けの外部事業者用SDKを公開しました。
4
+
5
+ - npm: https://www.npmjs.com/package/@siglume/direct-request-payment
6
+ - PyPI: https://pypi.org/project/siglume-direct-request-payment/
7
+ - GitHub: https://github.com/taihei-05/siglume-direct-request-payment
8
+
9
+ このSDKは、外部EC、予約サービス、会員制サービス、API販売、AtoAの都度課金などで、Siglumeウォレット決済を自社プロダクトに組み込むためのSDKです。
10
+
11
+ ## できること
12
+
13
+ - merchant JWT によるセルフサービスの導入設定
14
+ - merchant key の作成
15
+ - challenge secret の発行とローテーション
16
+ - billing mandate の準備
17
+ - webhook subscription の作成
18
+ - merchant server 側での署名付き challenge 生成
19
+ - buyer JWT による payment requirement 作成
20
+ - prepared transaction の実行補助
21
+ - `direct_payment.confirmed` webhook の署名検証
22
+
23
+ Developer Portal の `cli_` API key を使うSDKではありません。導入設定は merchant の Siglume JWT、支払い作成は buyer の Siglume JWT で行います。
24
+
25
+ ## 最短導入
26
+
27
+ ```ts
28
+ import { DirectRequestPaymentMerchantClient } from "@siglume/direct-request-payment";
29
+
30
+ const merchant = new DirectRequestPaymentMerchantClient({
31
+ auth_token: process.env.SIGLUME_MERCHANT_AUTH_TOKEN!,
32
+ });
33
+
34
+ const setup = await merchant.setupCheckout({
35
+ merchant: "example_merchant",
36
+ display_name: "Example Merchant",
37
+ billing_plan: "launch",
38
+ billing_currency: "JPY",
39
+ webhook_callback_url: "https://merchant.example/siglume/webhook",
40
+ max_amount_minor: 100000,
41
+ });
42
+
43
+ console.log(setup.env);
44
+ ```
45
+
46
+ `setup.env` に、サーバー側で保存すべき `SIGLUME_DIRECT_PAYMENT_MERCHANT`、`SIGLUME_DIRECT_PAYMENT_CHALLENGE_SECRET`、`SIGLUME_WEBHOOK_SECRET` が返ります。
47
+
48
+ ## 料金
49
+
50
+ | Plan | Monthly fee (JPY / USD) | Payment fee |
51
+ | --- | ---: | ---: |
52
+ | Launch | JPY 0 / USD 0 | 1.8% |
53
+ | Starter | JPY 980 / USD 6.00 | 1.0% |
54
+ | Growth | JPY 2,980 / USD 18.00 | 0.7% |
55
+ | Pro | JPY 9,800 / USD 60.00 | 0.5% |
56
+
57
+ すべての決済にプラン料率の手数料が発生します。最低手数料は 1 決済あたり JPY 30(USD マーチャントは USD 0.20)です。手数料は決済時に差し引かれ、マーチャントは純額を受け取ります。月額料金は merchant billing mandate 経由で請求されます。
58
+
59
+ ## 注意点
60
+
61
+ - challenge secret と webhook secret はサーバー側だけに保存してください。
62
+ - merchant JWT で購入者ウォレットを課金することはできません。
63
+ - buyer の支払い作成には buyer JWT が必要です。
64
+ - 本番受付前に billing mandate の承認状態を確認してください。
package/docs/api-reference.md CHANGED
@@ -1,36 +1,50 @@
1
1
  # API Reference
2
2
 
3
- The TypeScript package is `@siglume/direct-request-payment`. The Python package
4
- is `siglume-direct-request-payment` and imports as
5
- `siglume_direct_request_payment`.
6
-
7
- ## `createDirectRequestPaymentChallenge(input)` / `create_direct_request_payment_challenge(...)`
3
+ The TypeScript package is `@siglume/direct-request-payment`. The Python package
4
+ is `siglume-direct-request-payment` and imports as
5
+ `siglume_direct_request_payment`.
6
+
7
+ ## Environment Variables
8
+
9
+ | Name | Used by | Purpose |
10
+ | --- | --- | --- |
11
+ | `SIGLUME_DIRECT_PAYMENT_CHALLENGE_SECRET` | merchant server | HMAC secret for order challenges |
12
+ | `SIGLUME_MERCHANT_AUTH_TOKEN` | merchant setup helper | merchant Siglume bearer token for self-service setup |
13
+ | `SIGLUME_AUTH_TOKEN` | buyer payment helper | buyer Siglume bearer token for API calls |
14
+ | `SIGLUME_API_BASE` | optional | API base URL override; defaults to `https://siglume.com/v1` |
15
+ | `SIGLUME_WEBHOOK_SECRET` | merchant server | webhook signing secret returned as `whsec_...` |
16
+
17
+ Do not use a Developer Portal `cli_` API key as either auth token. Merchant
18
+ setup is merchant-JWT authenticated; payment requirement creation is
19
+ buyer-JWT authenticated.
20
+
21
+ ## `createDirectRequestPaymentChallenge(input)` / `create_direct_request_payment_challenge(...)`
8
22
 
9
23
  Creates the merchant-signed challenge required by Siglume.
10
24
 
11
- ```ts
12
- const challenge = await createDirectRequestPaymentChallenge({
25
+ ```ts
26
+ const challenge = await createDirectRequestPaymentChallenge({
13
27
  merchant: "example_merchant",
14
28
  amount_minor: 1200,
15
29
  currency: "JPY",
16
30
  secret: process.env.SIGLUME_DIRECT_PAYMENT_CHALLENGE_SECRET!,
17
31
  nonce: "order_123-attempt_1",
18
- });
19
- ```
20
-
21
- ```py
22
- import os
23
-
24
- challenge = create_direct_request_payment_challenge(
25
- merchant="example_merchant",
26
- amount_minor=1200,
27
- currency="JPY",
28
- secret=os.environ["SIGLUME_DIRECT_PAYMENT_CHALLENGE_SECRET"],
29
- nonce="order_123-attempt_1",
30
- )
31
- ```
32
-
33
- Returns:
32
+ });
33
+ ```
34
+
35
+ ```py
36
+ import os
37
+
38
+ challenge = create_direct_request_payment_challenge(
39
+ merchant="example_merchant",
40
+ amount_minor=1200,
41
+ currency="JPY",
42
+ secret=os.environ["SIGLUME_DIRECT_PAYMENT_CHALLENGE_SECRET"],
43
+ nonce="order_123-attempt_1",
44
+ )
45
+ ```
46
+
47
+ Returns:
34
48
 
35
49
  - `challenge`: value to pass to Siglume
36
50
  - `challenge_hash`: value to store on the order
@@ -40,12 +54,118 @@ Returns:
40
54
  `nonce` must not contain `:` because the platform challenge string is delimited
41
55
  as `scheme:nonce:signature`.
42
56
 
43
- ## `verifyDirectRequestPaymentChallenge(secret, input)` / `verify_direct_request_payment_challenge(...)`
57
+ ## `verifyDirectRequestPaymentChallenge(secret, input)` / `verify_direct_request_payment_challenge(...)`
44
58
 
45
59
  Verifies a challenge against merchant, amount, currency, and secret. This is
46
60
  useful in tests and internal checkout assertions.
47
61
 
48
- ## `DirectRequestPaymentClient`
62
+ ## `directRequestPaymentChallengeHash(challenge)` / `direct_request_payment_challenge_hash(...)`
63
+
64
+ Returns the `sha256:`-prefixed hash for an existing challenge string.
65
+
66
+ ## `directRequestPaymentRequestHash(input)` / `direct_request_payment_request_hash(...)`
67
+
68
+ Returns the SDK-side request hash material for merchant, amount, currency, and
69
+ challenge. This is mostly useful for tests and internal assertions.
70
+
71
+ ## `DirectRequestPaymentMerchantClient`
72
+
73
+ Use this client with the merchant's Siglume bearer token. It is the self-service
74
+ setup surface for an external merchant integrating Direct Request Payment.
75
+
76
+ ```ts
77
+ const merchant = new DirectRequestPaymentMerchantClient({
78
+ auth_token: merchantSiglumeBearerToken,
79
+ base_url: "https://siglume.com/v1",
80
+ });
81
+ ```
82
+
83
+ ```py
84
+ merchant = DirectRequestPaymentMerchantClient(
85
+ auth_token=merchant_siglume_bearer_token,
86
+ base_url="https://siglume.com/v1",
87
+ )
88
+ ```
89
+
90
+ ### `setupCheckout(input)` / `setup_checkout(...)`
91
+
92
+ High-level setup for most integrations. It calls merchant setup, billing mandate
93
+ preparation, and webhook subscription creation.
94
+
95
+ Input:
96
+
97
+ - `merchant`: self-service merchant key, 3-64 chars using lowercase letters,
98
+ numbers, `_`, or `-`
99
+ - `display_name`: optional public merchant name
100
+ - `billing_plan`: `launch`, `starter`, `growth`, or `pro`
101
+ - `billing_currency`: `JPY`; `USD` requires agreed USD/USDC billing terms
102
+ - `webhook_callback_url`: HTTPS callback URL for signed payment events
103
+ - `max_amount_minor`: optional billing mandate cap
104
+
105
+ Returns:
106
+
107
+ - `merchant`: merchant account setup response
108
+ - `billing_mandate`: billing mandate preparation response, when requested
109
+ - `webhook_subscription`: webhook subscription response, when created
110
+ - `env`: server environment values to store, including returned secrets
111
+
112
+ Secrets are returned only when created or rotated. Existing secrets are not
113
+ replayed by `getMerchant` / `get_merchant`.
114
+
115
+ ### `setupMerchant(input)` / `setup_merchant(...)`
116
+
117
+ Calls:
118
+
119
+ ```text
120
+ POST /v1/market/api-store/direct-payments/merchants
121
+ ```
122
+
123
+ Creates or updates the merchant account for the authenticated merchant user.
124
+
125
+ ### `getMerchant(merchant)` / `get_merchant(merchant)`
126
+
127
+ Calls:
128
+
129
+ ```text
130
+ GET /v1/market/api-store/direct-payments/merchants/{merchant}
131
+ ```
132
+
133
+ Returns setup and billing status without returning the challenge secret.
134
+
135
+ ### `rotateChallengeSecret(merchant)` / `rotate_challenge_secret(merchant)`
136
+
137
+ Calls:
138
+
139
+ ```text
140
+ POST /v1/market/api-store/direct-payments/merchants/{merchant}/challenge-secret/rotate
141
+ ```
142
+
143
+ Returns the new challenge secret once.
144
+
145
+ ### `prepareBillingMandate(merchant, input)` / `prepare_billing_mandate(...)`
146
+
147
+ Calls:
148
+
149
+ ```text
150
+ POST /v1/market/api-store/direct-payments/merchants/{merchant}/billing-mandate
151
+ ```
152
+
153
+ Creates or reuses the merchant billing mandate. If the returned mandate requires
154
+ wallet approval, complete that Siglume wallet step before accepting payments.
155
+
156
+ ### `createWebhookSubscription(input)` / `create_webhook_subscription(...)`
157
+
158
+ Calls:
159
+
160
+ ```text
161
+ POST /v1/market/webhooks/subscriptions
162
+ ```
163
+
164
+ Defaults event types to `direct_payment.confirmed` and
165
+ `direct_payment.spent`. The returned `signing_secret` is shown only at creation
166
+ or rotation.
167
+
168
+ ## `DirectRequestPaymentClient`
49
169
 
50
170
  Thin wrapper around the current Siglume Direct Request Payment HTTP contract.
51
171
  Use it with the authenticated buyer's Siglume bearer token. Developer Portal
@@ -54,21 +174,21 @@ Use it with the authenticated buyer's Siglume bearer token. Developer Portal
54
174
  Payment requirements include `fee_bps` from the Siglume platform. The SDK does
55
175
  not calculate merchant plan fees locally; see [Pricing](./pricing.md).
56
176
 
57
- ```ts
58
- const siglume = new DirectRequestPaymentClient({
59
- auth_token: buyerSiglumeBearerToken,
60
- base_url: "https://siglume.com/v1",
61
- });
62
- ```
63
-
64
- ```py
65
- siglume = DirectRequestPaymentClient(
66
- auth_token=buyer_siglume_bearer_token,
67
- base_url="https://siglume.com/v1",
68
- )
69
- ```
70
-
71
- ### `createPaymentRequirement(input)` / `create_payment_requirement(...)`
177
+ ```ts
178
+ const siglume = new DirectRequestPaymentClient({
179
+ auth_token: buyerSiglumeBearerToken,
180
+ base_url: "https://siglume.com/v1",
181
+ });
182
+ ```
183
+
184
+ ```py
185
+ siglume = DirectRequestPaymentClient(
186
+ auth_token=buyer_siglume_bearer_token,
187
+ base_url="https://siglume.com/v1",
188
+ )
189
+ ```
190
+
191
+ ### `createPaymentRequirement(input)` / `create_payment_requirement(...)`
72
192
 
73
193
  Calls:
74
194
 
@@ -78,7 +198,17 @@ POST /v1/market/api-store/direct-payments/requirements
78
198
 
79
199
  The SDK sends `mode="external_402"` internally.
80
200
 
81
- ### `executeAllowanceTransaction(requirement)` / `execute_allowance_transaction(...)`
201
+ Input:
202
+
203
+ - `merchant`: Siglume merchant key
204
+ - `amount_minor`: positive integer in minor currency units
205
+ - `currency`: `JPY` or `USD` when enabled for the merchant account
206
+ - `challenge`: merchant-signed challenge string
207
+ - `token_symbol`: optional `JPYC` or `USDC` when enabled for the merchant account
208
+ - `allowance_amount_minor`: optional positive integer
209
+ - `metadata`: optional JSON object
210
+
211
+ ### `executeAllowanceTransaction(requirement)` / `execute_allowance_transaction(...)`
82
212
 
83
213
  Executes `requirement.approve_transaction_request` through:
84
214
 
@@ -88,12 +218,12 @@ POST /v1/market/web3/transactions/execute-prepared
88
218
 
89
219
  Only call this when Siglume returned an approval transaction.
90
220
 
91
- ### `executePaymentTransaction(requirement)` / `execute_payment_transaction(...)`
221
+ ### `executePaymentTransaction(requirement)` / `execute_payment_transaction(...)`
92
222
 
93
223
  Executes `requirement.transaction_request` through the same prepared transaction
94
224
  route.
95
225
 
96
- ### `verifyPaymentRequirement(requirement_id, input)` / `verify_payment_requirement(...)`
226
+ ### `verifyPaymentRequirement(requirement_id, input)` / `verify_payment_requirement(...)`
97
227
 
98
228
  Calls:
99
229
 
@@ -101,16 +231,44 @@ Calls:
101
231
  POST /v1/market/api-store/direct-payments/requirements/{requirement_id}/verify
102
232
  ```
103
233
 
234
+ Input may include:
235
+
236
+ - `receipt_id`
237
+ - `chain_receipt_id`
238
+ - `await_finality`
239
+ - `await_required_status`
240
+ - `await_timeout_seconds`
241
+ - `await_poll_seconds`
242
+
104
243
  ## Webhook Helpers
105
244
 
106
- - `buildWebhookSignatureHeader(secret, body)` for tests
107
- - `verifyWebhookSignature(secret, body, header)`
108
- - `verifyDirectRequestPaymentWebhook(secret, body, header)`
109
- - `parseDirectRequestPaymentWebhookEvent(payload)`
110
- - Python equivalents use snake_case:
111
- `build_webhook_signature_header`, `verify_webhook_signature`,
112
- `verify_direct_request_payment_webhook`, and
113
- `parse_direct_request_payment_webhook_event`.
245
+ - `buildWebhookSignatureHeader(secret, body)` for tests
246
+ - `verifyWebhookSignature(secret, body, header)`
247
+ - `verifyDirectRequestPaymentWebhook(secret, body, header)`
248
+ - `parseDirectRequestPaymentWebhookEvent(payload)`
249
+ - Python equivalents use snake_case:
250
+ `build_webhook_signature_header`, `verify_webhook_signature`,
251
+ `verify_direct_request_payment_webhook`, and
252
+ `parse_direct_request_payment_webhook_event`.
114
253
 
115
254
  `verifyDirectRequestPaymentWebhook` verifies the signature and parses the event
116
255
  in one call.
256
+
257
+ ## Errors
258
+
259
+ TypeScript exports:
260
+
261
+ - `SiglumeDirectRequestPaymentError`
262
+ - `SiglumeApiError`
263
+ - `SiglumeWebhookSignatureError`
264
+ - `SiglumeWebhookPayloadError`
265
+
266
+ Python exports:
267
+
268
+ - `DirectRequestPaymentError`
269
+ - `SiglumeApiError`
270
+ - `SiglumeWebhookSignatureError`
271
+ - `SiglumeWebhookPayloadError`
272
+
273
+ `SiglumeApiError` includes the HTTP status, platform error code, and parsed
274
+ response data where available.