@siglume/direct-request-payment 0.3.6 → 0.4.1

package/dist/index.d.cts

@@ -162,6 +162,42 @@ interface DirectRequestPaymentMerchantSetupInput {
     webhook_callback_url?: string;
     billing_mandate_cap_minor?: number;
     max_amount_minor?: number;
+    checkout_allowed_origins?: string[];
+}
+interface HostedCheckoutSessionCreateInput {
+    merchant: string;
+    amount_minor: number;
+    currency: DirectRequestPaymentCurrency | string;
+    nonce: string;
+    success_url: string;
+    cancel_url: string;
+    metadata?: Record<string, unknown>;
+}
+interface HostedCheckoutSessionCreateResult {
+    checkout_url: string;
+    session_id: string;
+    challenge_hash: string;
+    status?: string;
+    expires_at?: string | null;
+}
+interface HostedCheckoutSession {
+    session_id: string;
+    merchant: string;
+    currency: string;
+    token_symbol: string;
+    amount_minor: number;
+    status: string;
+    challenge_hash: string;
+    requirement_id?: string | null;
+    success_url: string;
+    cancel_url: string;
+    expires_at?: string | null;
+    authenticated_at?: string | null;
+    paid_at?: string | null;
+    cancelled_at?: string | null;
+    created_at?: string | null;
+    metadata_jsonb?: Record<string, unknown>;
+    [key: string]: unknown;
 }
 interface DirectRequestPaymentMerchantBillingMandateInput {
     currency?: DirectRequestPaymentCurrency | string;
@@ -246,6 +282,9 @@ declare class SiglumeApiError extends SiglumeDirectRequestPaymentError {
         data?: unknown;
     });
 }
+declare class HostedCheckoutNotAvailableError extends SiglumeApiError {
+    constructor(message?: string);
+}
 declare class SiglumeWebhookSignatureError extends SiglumeDirectRequestPaymentError {
     constructor(message: string);
 }
@@ -281,12 +320,27 @@ declare class DirectRequestPaymentMerchantClient {
     private readonly fetch_impl;
     constructor(options?: DirectRequestPaymentClientOptions);
     setupMerchant(input: DirectRequestPaymentMerchantSetupInput): Promise<DirectRequestPaymentMerchantResponse>;
+    /**
+     * Create a Hosted Checkout session (Stripe-Checkout-equivalent for human web
+     * shoppers). Siglume authors the challenge server-side, persists a single-use
+     * expiring session, and returns a `checkout_url`. Redirect the shopper there;
+     * they log into Siglume, approve, and pay from their own wallet, then return
+     * to your `success_url`. Fulfill on the `direct_payment.confirmed` webhook
+     * (the source of truth), exactly as with the agent flow.
+     *
+     * `success_url`/`cancel_url` must be on an origin you registered via
+     * `checkout_allowed_origins` (or your `webhook_callback_url` origin).
+     */
+    createCheckoutSession(input: HostedCheckoutSessionCreateInput): Promise<HostedCheckoutSessionCreateResult>;
+    /** Read a Hosted Checkout session's status (open / authenticated / paid / expired / cancelled / failed). */
+    getCheckoutSession(session_id: string): Promise<HostedCheckoutSession>;
     getMerchant(merchant: string): Promise<DirectRequestPaymentMerchantResponse>;
     rotateChallengeSecret(merchant: string): Promise<DirectRequestPaymentMerchantResponse>;
     prepareBillingMandate(merchant: string, input?: DirectRequestPaymentMerchantBillingMandateInput): Promise<DirectRequestPaymentMerchantResponse>;
     createWebhookSubscription(input: DirectRequestPaymentWebhookSubscriptionInput): Promise<DirectRequestPaymentWebhookSubscription>;
     setupCheckout(input: DirectRequestPaymentCheckoutSetupInput): Promise<DirectRequestPaymentCheckoutSetupResult>;
     request<T>(method: string, path: string, json_body?: unknown): Promise<T>;
+    private requestHostedCheckout;
 }
 declare function createDirectRequestPaymentChallenge(input: DirectRequestPaymentChallengeInput): Promise<DirectRequestPaymentChallenge>;
 declare function createDirectRequestPaymentChallengeSignature(secret: string, input: {
@@ -365,4 +419,4 @@ declare const verifyExternal402Challenge: typeof verifyDirectRequestPaymentChall
 declare const createExternal402RecurringChallenge: typeof createDirectRequestPaymentRecurringChallenge;
 declare const verifyExternal402RecurringChallenge: typeof verifyDirectRequestPaymentRecurringChallenge;
 
-export { DEFAULT_SIGLUME_API_BASE, DEFAULT_WEBHOOK_TOLERANCE_SECONDS, DIRECT_REQUEST_PAYMENT_ALLOWANCE_RECEIPT_KIND, DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME, DIRECT_REQUEST_PAYMENT_MODE, DIRECT_REQUEST_PAYMENT_RECEIPT_KIND, DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME, DIRECT_REQUEST_PAYMENT_REFERENCE_TYPE, type DirectPaymentRequirement, type DirectPaymentRequirementCreateInput, type DirectPaymentVerifyInput, type DirectRequestPaymentBillingPlan, type DirectRequestPaymentChallenge, type DirectRequestPaymentChallengeInput, type DirectRequestPaymentCheckoutSetupInput, type DirectRequestPaymentCheckoutSetupResult, DirectRequestPaymentClient, type DirectRequestPaymentClientOptions, type DirectRequestPaymentCurrency, type DirectRequestPaymentMerchantAccount, type DirectRequestPaymentMerchantBillingMandateInput, DirectRequestPaymentMerchantClient, type DirectRequestPaymentMerchantResponse, type DirectRequestPaymentMerchantSetupInput, type DirectRequestPaymentRecurringCadence, type DirectRequestPaymentRecurringChallenge, type DirectRequestPaymentRecurringChallengeInput, type DirectRequestPaymentToken, type DirectRequestPaymentWebhookEvent, type DirectRequestPaymentWebhookSubscription, type DirectRequestPaymentWebhookSubscriptionInput, type ParsedDirectRequestPaymentChallenge, SiglumeApiError, SiglumeDirectRequestPaymentError, type SiglumeEnvelopeMeta, SiglumeWebhookPayloadError, SiglumeWebhookSignatureError, type Web3PreparedTransactionExecutePayload, type Web3PreparedTransactionExecuteResult, type Web3TransactionRequest, type WebhookSignatureVerification, buildAllowanceExecutionPayload, buildPaymentExecutionPayload, buildPreparedTransactionExecutionPayload, buildWebhookSignatureHeader, computeWebhookSignature, createDirectRequestPaymentChallenge, createDirectRequestPaymentChallengeSignature, createDirectRequestPaymentRecurringChallenge, createDirectRequestPaymentRecurringChallengeSignature, createExternal402Challenge, createExternal402RecurringChallenge, directRequestPaymentChallengeHash, directRequestPaymentRequestHash, parseDirectRequestPaymentChallenge, parseDirectRequestPaymentWebhookEvent, verifyDirectRequestPaymentChallenge, verifyDirectRequestPaymentRecurringChallenge, verifyDirectRequestPaymentWebhook, verifyExternal402Challenge, verifyExternal402RecurringChallenge, verifyWebhookSignature };
+export { DEFAULT_SIGLUME_API_BASE, DEFAULT_WEBHOOK_TOLERANCE_SECONDS, DIRECT_REQUEST_PAYMENT_ALLOWANCE_RECEIPT_KIND, DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME, DIRECT_REQUEST_PAYMENT_MODE, DIRECT_REQUEST_PAYMENT_RECEIPT_KIND, DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME, DIRECT_REQUEST_PAYMENT_REFERENCE_TYPE, type DirectPaymentRequirement, type DirectPaymentRequirementCreateInput, type DirectPaymentVerifyInput, type DirectRequestPaymentBillingPlan, type DirectRequestPaymentChallenge, type DirectRequestPaymentChallengeInput, type DirectRequestPaymentCheckoutSetupInput, type DirectRequestPaymentCheckoutSetupResult, DirectRequestPaymentClient, type DirectRequestPaymentClientOptions, type DirectRequestPaymentCurrency, type DirectRequestPaymentMerchantAccount, type DirectRequestPaymentMerchantBillingMandateInput, DirectRequestPaymentMerchantClient, type DirectRequestPaymentMerchantResponse, type DirectRequestPaymentMerchantSetupInput, type DirectRequestPaymentRecurringCadence, type DirectRequestPaymentRecurringChallenge, type DirectRequestPaymentRecurringChallengeInput, type DirectRequestPaymentToken, type DirectRequestPaymentWebhookEvent, type DirectRequestPaymentWebhookSubscription, type DirectRequestPaymentWebhookSubscriptionInput, HostedCheckoutNotAvailableError, type HostedCheckoutSession, type HostedCheckoutSessionCreateInput, type HostedCheckoutSessionCreateResult, type ParsedDirectRequestPaymentChallenge, SiglumeApiError, SiglumeDirectRequestPaymentError, type SiglumeEnvelopeMeta, SiglumeWebhookPayloadError, SiglumeWebhookSignatureError, type Web3PreparedTransactionExecutePayload, type Web3PreparedTransactionExecuteResult, type Web3TransactionRequest, type WebhookSignatureVerification, buildAllowanceExecutionPayload, buildPaymentExecutionPayload, buildPreparedTransactionExecutionPayload, buildWebhookSignatureHeader, computeWebhookSignature, createDirectRequestPaymentChallenge, createDirectRequestPaymentChallengeSignature, createDirectRequestPaymentRecurringChallenge, createDirectRequestPaymentRecurringChallengeSignature, createExternal402Challenge, createExternal402RecurringChallenge, directRequestPaymentChallengeHash, directRequestPaymentRequestHash, parseDirectRequestPaymentChallenge, parseDirectRequestPaymentWebhookEvent, verifyDirectRequestPaymentChallenge, verifyDirectRequestPaymentRecurringChallenge, verifyDirectRequestPaymentWebhook, verifyExternal402Challenge, verifyExternal402RecurringChallenge, verifyWebhookSignature };

package/dist/index.d.ts

@@ -162,6 +162,42 @@ interface DirectRequestPaymentMerchantSetupInput {
     webhook_callback_url?: string;
     billing_mandate_cap_minor?: number;
     max_amount_minor?: number;
+    checkout_allowed_origins?: string[];
+}
+interface HostedCheckoutSessionCreateInput {
+    merchant: string;
+    amount_minor: number;
+    currency: DirectRequestPaymentCurrency | string;
+    nonce: string;
+    success_url: string;
+    cancel_url: string;
+    metadata?: Record<string, unknown>;
+}
+interface HostedCheckoutSessionCreateResult {
+    checkout_url: string;
+    session_id: string;
+    challenge_hash: string;
+    status?: string;
+    expires_at?: string | null;
+}
+interface HostedCheckoutSession {
+    session_id: string;
+    merchant: string;
+    currency: string;
+    token_symbol: string;
+    amount_minor: number;
+    status: string;
+    challenge_hash: string;
+    requirement_id?: string | null;
+    success_url: string;
+    cancel_url: string;
+    expires_at?: string | null;
+    authenticated_at?: string | null;
+    paid_at?: string | null;
+    cancelled_at?: string | null;
+    created_at?: string | null;
+    metadata_jsonb?: Record<string, unknown>;
+    [key: string]: unknown;
 }
 interface DirectRequestPaymentMerchantBillingMandateInput {
     currency?: DirectRequestPaymentCurrency | string;
@@ -246,6 +282,9 @@ declare class SiglumeApiError extends SiglumeDirectRequestPaymentError {
         data?: unknown;
     });
 }
+declare class HostedCheckoutNotAvailableError extends SiglumeApiError {
+    constructor(message?: string);
+}
 declare class SiglumeWebhookSignatureError extends SiglumeDirectRequestPaymentError {
     constructor(message: string);
 }
@@ -281,12 +320,27 @@ declare class DirectRequestPaymentMerchantClient {
     private readonly fetch_impl;
     constructor(options?: DirectRequestPaymentClientOptions);
     setupMerchant(input: DirectRequestPaymentMerchantSetupInput): Promise<DirectRequestPaymentMerchantResponse>;
+    /**
+     * Create a Hosted Checkout session (Stripe-Checkout-equivalent for human web
+     * shoppers). Siglume authors the challenge server-side, persists a single-use
+     * expiring session, and returns a `checkout_url`. Redirect the shopper there;
+     * they log into Siglume, approve, and pay from their own wallet, then return
+     * to your `success_url`. Fulfill on the `direct_payment.confirmed` webhook
+     * (the source of truth), exactly as with the agent flow.
+     *
+     * `success_url`/`cancel_url` must be on an origin you registered via
+     * `checkout_allowed_origins` (or your `webhook_callback_url` origin).
+     */
+    createCheckoutSession(input: HostedCheckoutSessionCreateInput): Promise<HostedCheckoutSessionCreateResult>;
+    /** Read a Hosted Checkout session's status (open / authenticated / paid / expired / cancelled / failed). */
+    getCheckoutSession(session_id: string): Promise<HostedCheckoutSession>;
     getMerchant(merchant: string): Promise<DirectRequestPaymentMerchantResponse>;
     rotateChallengeSecret(merchant: string): Promise<DirectRequestPaymentMerchantResponse>;
     prepareBillingMandate(merchant: string, input?: DirectRequestPaymentMerchantBillingMandateInput): Promise<DirectRequestPaymentMerchantResponse>;
     createWebhookSubscription(input: DirectRequestPaymentWebhookSubscriptionInput): Promise<DirectRequestPaymentWebhookSubscription>;
     setupCheckout(input: DirectRequestPaymentCheckoutSetupInput): Promise<DirectRequestPaymentCheckoutSetupResult>;
     request<T>(method: string, path: string, json_body?: unknown): Promise<T>;
+    private requestHostedCheckout;
 }
 declare function createDirectRequestPaymentChallenge(input: DirectRequestPaymentChallengeInput): Promise<DirectRequestPaymentChallenge>;
 declare function createDirectRequestPaymentChallengeSignature(secret: string, input: {
@@ -365,4 +419,4 @@ declare const verifyExternal402Challenge: typeof verifyDirectRequestPaymentChall
 declare const createExternal402RecurringChallenge: typeof createDirectRequestPaymentRecurringChallenge;
 declare const verifyExternal402RecurringChallenge: typeof verifyDirectRequestPaymentRecurringChallenge;
 
-export { DEFAULT_SIGLUME_API_BASE, DEFAULT_WEBHOOK_TOLERANCE_SECONDS, DIRECT_REQUEST_PAYMENT_ALLOWANCE_RECEIPT_KIND, DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME, DIRECT_REQUEST_PAYMENT_MODE, DIRECT_REQUEST_PAYMENT_RECEIPT_KIND, DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME, DIRECT_REQUEST_PAYMENT_REFERENCE_TYPE, type DirectPaymentRequirement, type DirectPaymentRequirementCreateInput, type DirectPaymentVerifyInput, type DirectRequestPaymentBillingPlan, type DirectRequestPaymentChallenge, type DirectRequestPaymentChallengeInput, type DirectRequestPaymentCheckoutSetupInput, type DirectRequestPaymentCheckoutSetupResult, DirectRequestPaymentClient, type DirectRequestPaymentClientOptions, type DirectRequestPaymentCurrency, type DirectRequestPaymentMerchantAccount, type DirectRequestPaymentMerchantBillingMandateInput, DirectRequestPaymentMerchantClient, type DirectRequestPaymentMerchantResponse, type DirectRequestPaymentMerchantSetupInput, type DirectRequestPaymentRecurringCadence, type DirectRequestPaymentRecurringChallenge, type DirectRequestPaymentRecurringChallengeInput, type DirectRequestPaymentToken, type DirectRequestPaymentWebhookEvent, type DirectRequestPaymentWebhookSubscription, type DirectRequestPaymentWebhookSubscriptionInput, type ParsedDirectRequestPaymentChallenge, SiglumeApiError, SiglumeDirectRequestPaymentError, type SiglumeEnvelopeMeta, SiglumeWebhookPayloadError, SiglumeWebhookSignatureError, type Web3PreparedTransactionExecutePayload, type Web3PreparedTransactionExecuteResult, type Web3TransactionRequest, type WebhookSignatureVerification, buildAllowanceExecutionPayload, buildPaymentExecutionPayload, buildPreparedTransactionExecutionPayload, buildWebhookSignatureHeader, computeWebhookSignature, createDirectRequestPaymentChallenge, createDirectRequestPaymentChallengeSignature, createDirectRequestPaymentRecurringChallenge, createDirectRequestPaymentRecurringChallengeSignature, createExternal402Challenge, createExternal402RecurringChallenge, directRequestPaymentChallengeHash, directRequestPaymentRequestHash, parseDirectRequestPaymentChallenge, parseDirectRequestPaymentWebhookEvent, verifyDirectRequestPaymentChallenge, verifyDirectRequestPaymentRecurringChallenge, verifyDirectRequestPaymentWebhook, verifyExternal402Challenge, verifyExternal402RecurringChallenge, verifyWebhookSignature };
+export { DEFAULT_SIGLUME_API_BASE, DEFAULT_WEBHOOK_TOLERANCE_SECONDS, DIRECT_REQUEST_PAYMENT_ALLOWANCE_RECEIPT_KIND, DIRECT_REQUEST_PAYMENT_CHALLENGE_SCHEME, DIRECT_REQUEST_PAYMENT_MODE, DIRECT_REQUEST_PAYMENT_RECEIPT_KIND, DIRECT_REQUEST_PAYMENT_RECURRING_CHALLENGE_SCHEME, DIRECT_REQUEST_PAYMENT_REFERENCE_TYPE, type DirectPaymentRequirement, type DirectPaymentRequirementCreateInput, type DirectPaymentVerifyInput, type DirectRequestPaymentBillingPlan, type DirectRequestPaymentChallenge, type DirectRequestPaymentChallengeInput, type DirectRequestPaymentCheckoutSetupInput, type DirectRequestPaymentCheckoutSetupResult, DirectRequestPaymentClient, type DirectRequestPaymentClientOptions, type DirectRequestPaymentCurrency, type DirectRequestPaymentMerchantAccount, type DirectRequestPaymentMerchantBillingMandateInput, DirectRequestPaymentMerchantClient, type DirectRequestPaymentMerchantResponse, type DirectRequestPaymentMerchantSetupInput, type DirectRequestPaymentRecurringCadence, type DirectRequestPaymentRecurringChallenge, type DirectRequestPaymentRecurringChallengeInput, type DirectRequestPaymentToken, type DirectRequestPaymentWebhookEvent, type DirectRequestPaymentWebhookSubscription, type DirectRequestPaymentWebhookSubscriptionInput, HostedCheckoutNotAvailableError, type HostedCheckoutSession, type HostedCheckoutSessionCreateInput, type HostedCheckoutSessionCreateResult, type ParsedDirectRequestPaymentChallenge, SiglumeApiError, SiglumeDirectRequestPaymentError, type SiglumeEnvelopeMeta, SiglumeWebhookPayloadError, SiglumeWebhookSignatureError, type Web3PreparedTransactionExecutePayload, type Web3PreparedTransactionExecuteResult, type Web3TransactionRequest, type WebhookSignatureVerification, buildAllowanceExecutionPayload, buildPaymentExecutionPayload, buildPreparedTransactionExecutionPayload, buildWebhookSignatureHeader, computeWebhookSignature, createDirectRequestPaymentChallenge, createDirectRequestPaymentChallengeSignature, createDirectRequestPaymentRecurringChallenge, createDirectRequestPaymentRecurringChallengeSignature, createExternal402Challenge, createExternal402RecurringChallenge, directRequestPaymentChallengeHash, directRequestPaymentRequestHash, parseDirectRequestPaymentChallenge, parseDirectRequestPaymentWebhookEvent, verifyDirectRequestPaymentChallenge, verifyDirectRequestPaymentRecurringChallenge, verifyDirectRequestPaymentWebhook, verifyExternal402Challenge, verifyExternal402RecurringChallenge, verifyWebhookSignature };

package/dist/index.js

@@ -25,6 +25,12 @@ var SiglumeApiError = class extends SiglumeDirectRequestPaymentError {
     this.data = options.data;
   }
 };
+var HostedCheckoutNotAvailableError = class extends SiglumeApiError {
+  constructor(message = "Hosted Checkout is not enabled for this account yet (server rollout in progress).") {
+    super(message, { status: 409, code: "HOSTED_CHECKOUT_NOT_ENABLED" });
+    this.name = "HostedCheckoutNotAvailableError";
+  }
+};
 var SiglumeWebhookSignatureError = class extends SiglumeDirectRequestPaymentError {
   constructor(message) {
     super(message);
@@ -57,7 +63,7 @@ var DirectRequestPaymentClient = class {
     this.auth_token = authToken;
     this.base_url = (options.base_url ?? envValue("SIGLUME_API_BASE") ?? DEFAULT_SIGLUME_API_BASE).replace(/\/+$/, "");
     this.timeout_ms = Math.max(1, Math.trunc(options.timeout_ms ?? 15e3));
-    this.user_agent = options.user_agent ?? "@siglume/direct-request-payment/0.3.6";
+    this.user_agent = options.user_agent ?? "@siglume/direct-request-payment/0.4.1";
     this.fetch_impl = fetchImpl;
   }
   async createPaymentRequirement(input) {
@@ -162,7 +168,7 @@ var DirectRequestPaymentMerchantClient = class {
     this.auth_token = authToken;
     this.base_url = (options.base_url ?? envValue("SIGLUME_API_BASE") ?? DEFAULT_SIGLUME_API_BASE).replace(/\/+$/, "");
     this.timeout_ms = Math.max(1, Math.trunc(options.timeout_ms ?? 15e3));
-    this.user_agent = options.user_agent ?? "@siglume/direct-request-payment/0.3.6";
+    this.user_agent = options.user_agent ?? "@siglume/direct-request-payment/0.4.1";
     this.fetch_impl = fetchImpl;
   }
   async setupMerchant(input) {
@@ -186,8 +192,47 @@ var DirectRequestPaymentMerchantClient = class {
     if (input.max_amount_minor !== void 0) {
       payload.max_amount_minor = positiveInteger(input.max_amount_minor, "max_amount_minor");
     }
+    if (input.checkout_allowed_origins !== void 0) {
+      payload.checkout_allowed_origins = normalizeOriginList(input.checkout_allowed_origins);
+    }
     return this.request("POST", "/sdrp/direct-payments/merchants", payload);
   }
+  /**
+   * Create a Hosted Checkout session (Stripe-Checkout-equivalent for human web
+   * shoppers). Siglume authors the challenge server-side, persists a single-use
+   * expiring session, and returns a `checkout_url`. Redirect the shopper there;
+   * they log into Siglume, approve, and pay from their own wallet, then return
+   * to your `success_url`. Fulfill on the `direct_payment.confirmed` webhook
+   * (the source of truth), exactly as with the agent flow.
+   *
+   * `success_url`/`cancel_url` must be on an origin you registered via
+   * `checkout_allowed_origins` (or your `webhook_callback_url` origin).
+   */
+  async createCheckoutSession(input) {
+    const payload = {
+      merchant: normalizeSelfServiceMerchant(input.merchant),
+      amount_minor: positiveInteger(input.amount_minor, "amount_minor"),
+      currency: normalizeCurrency(input.currency),
+      nonce: normalizeChallengeNonce(input.nonce),
+      success_url: requireNonEmpty(input.success_url, "success_url"),
+      cancel_url: requireNonEmpty(input.cancel_url, "cancel_url")
+    };
+    if (input.metadata !== void 0) {
+      payload.metadata = cloneJsonObject(input.metadata, "metadata");
+    }
+    return this.requestHostedCheckout(
+      "POST",
+      "/sdrp/direct-payments/checkout-sessions",
+      payload
+    );
+  }
+  /** Read a Hosted Checkout session's status (open / authenticated / paid / expired / cancelled / failed). */
+  async getCheckoutSession(session_id) {
+    return this.requestHostedCheckout(
+      "GET",
+      `/sdrp/direct-payments/checkout-sessions/${encodeURIComponent(requireNonEmpty(session_id, "session_id"))}`
+    );
+  }
   async getMerchant(merchant) {
     return this.request(
       "GET",
@@ -292,6 +337,16 @@ var DirectRequestPaymentMerchantClient = class {
       clearTimeout(timeout);
     }
   }
+  async requestHostedCheckout(method, path, json_body) {
+    try {
+      return await this.request(method, path, json_body);
+    } catch (error) {
+      if (isHostedCheckoutUnavailable(error)) {
+        throw new HostedCheckoutNotAvailableError();
+      }
+      throw error;
+    }
+  }
 };
 async function createDirectRequestPaymentChallenge(input) {
   const merchant = normalizeMerchant(input.merchant);
@@ -556,6 +611,29 @@ function normalizeAllowedCurrencies(value) {
 function defaultTokenForCurrency(currency) {
   return currency === "JPY" ? "JPYC" : "USDC";
 }
+function normalizeOriginList(value) {
+  if (!Array.isArray(value)) {
+    throw new SiglumeDirectRequestPaymentError("checkout_allowed_origins must be an array of origin URLs.");
+  }
+  const seen = /* @__PURE__ */ new Set();
+  const origins = [];
+  for (const item of value) {
+    let url;
+    try {
+      url = new URL(requireNonEmpty(String(item), "checkout_allowed_origins entry"));
+    } catch {
+      throw new SiglumeDirectRequestPaymentError(
+        "each checkout_allowed_origins entry must be an absolute origin such as https://shop.example.com."
+      );
+    }
+    const origin = `${url.protocol.toLowerCase()}//${url.host.toLowerCase()}`;
+    if (!seen.has(origin)) {
+      seen.add(origin);
+      origins.push(origin);
+    }
+  }
+  return origins;
+}
 function positiveInteger(value, name) {
   const parsed = Number(value);
   if (!Number.isSafeInteger(parsed) || parsed <= 0) {
@@ -615,6 +693,16 @@ function stringOrNull(value) {
   const text = value.trim();
   return text ? text : null;
 }
+function isHostedCheckoutUnavailable(error) {
+  if (!(error instanceof SiglumeApiError)) {
+    return false;
+  }
+  const code = error.code.toUpperCase();
+  if (error.status === 409 && (code === "HOSTED_CHECKOUT_NOT_ENABLED" || code === "FEATURE_DISABLED")) {
+    return true;
+  }
+  return error.status === 404 && (code === "HTTP_404" || code === "NOT_FOUND" || code === "ROUTE_NOT_FOUND" || code === "FEATURE_DISABLED");
+}
 function isRecord(value) {
   return typeof value === "object" && value !== null && !Array.isArray(value);
 }
@@ -751,6 +839,7 @@ export {
   DIRECT_REQUEST_PAYMENT_REFERENCE_TYPE,
   DirectRequestPaymentClient,
   DirectRequestPaymentMerchantClient,
+  HostedCheckoutNotAvailableError,
   SiglumeApiError,
   SiglumeDirectRequestPaymentError,
   SiglumeWebhookPayloadError,