@simplr-ai/node 1.0.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  Simplr's **server-side** SDK for Node.js — run fraud/identity checks, score orders, ingest edge logs, and verify webhook signatures, all with your secret key.
4
4
 
5
- > This is the backend SDK. For client-side device signals, RUM, and feature-flag evaluation use [`@simplr-ai/fraud-sdk`](https://www.npmjs.com/package/@simplr-ai/fraud-sdk) (browser) or `simplify_fraud` (Flutter).
5
+ > This is the backend SDK. For client-side device signals, RUM, and feature-flag evaluation use [`@simplr-ai/js`](https://www.npmjs.com/package/@simplr-ai/js) (browser) or `simplr_fraud` (Flutter).
6
6
 
7
7
  Docs: https://docs.simplr.so/docs/sdks/node
8
8
 
@@ -73,7 +73,7 @@ import { Simplr } from "@simplr-ai/node";
73
73
  const simplr = new Simplr({ apiKey: process.env.SIMPLR_API_KEY! });
74
74
  const app = express();
75
75
 
76
- app.post("/hooks/simplify", express.raw({ type: "application/json" }), (req, res) => {
76
+ app.post("/hooks/simplr", express.raw({ type: "application/json" }), (req, res) => {
77
77
  const sig = req.header("X-Simplr-Signature")!;
78
78
  try {
79
79
  const event = simplr.webhooks.constructEvent(req.body, sig, process.env.SIMPLR_WEBHOOK_SECRET!);
@@ -87,6 +87,136 @@ app.post("/hooks/simplify", express.raw({ type: "application/json" }), (req, res
87
87
 
88
88
  `verify(payload, header, secret, { toleranceSec })` returns a boolean; `constructEvent(...)` returns the parsed event or throws `WebhookVerificationError`.
89
89
 
90
+ ## Server-side feature flags
91
+
92
+ Evaluate flags on the backend. Flag config is read with a **public** key (`pk_…`), so pass one alongside your secret key; evaluation is local and deterministic (same bucketing as the browser SDK).
93
+
94
+ ```ts
95
+ const simplr = new Simplr({
96
+ apiKey: process.env.SIMPLR_API_KEY!, // sk_… for checks/orders/etc.
97
+ publicKey: process.env.SIMPLR_PUBLIC_KEY!, // pk_… for flags
98
+ });
99
+
100
+ await simplr.flags.initialize();
101
+ simplr.flags.setUser("user_123");
102
+
103
+ if (simplr.flags.isEnabled("new-checkout")) {
104
+ // gate a backend code path
105
+ }
106
+ simplr.flags.isEnabled("beta", { userId: "u1", attributes: { plan: "growth" } });
107
+ ```
108
+
109
+ ### Targeting a named environment
110
+
111
+ `environment` accepts a named environment slug (e.g. `"dev"`, `"uat"`, `"prod"`) as well as the legacy `"live"`/`"test"` key modes. When omitted, the API falls back to the public key's own live/test mode.
112
+
113
+ ```ts
114
+ // On the Simplr client (forwarded to simplr.flags):
115
+ const simplr = new Simplr({ apiKey, publicKey, environment: "uat" });
116
+
117
+ // Or standalone:
118
+ import { SimplrFlags } from "@simplr-ai/node";
119
+ const flags = new SimplrFlags({ publicKey, environment: "uat" });
120
+ await flags.initialize();
121
+ ```
122
+
123
+ You can also use `SimplrFlags` standalone.
124
+
125
+ ## Profiles (`simplr.profiles`)
126
+
127
+ Anonymous user profiles + order fraud monitoring. Identify a user, score orders, read a user's risk, and report outcomes back to improve scoring.
128
+
129
+ ```ts
130
+ // Create/update an anonymous profile and (optionally) link a device.
131
+ const { profile, is_new } = await simplr.profiles.identify("user-123", {
132
+ profileType: "customer",
133
+ fingerprintHash: "9f2a…", // from a client device-signal collector
134
+ });
135
+
136
+ // Score an order.
137
+ const result = await simplr.profiles.submitOrder({
138
+ order_id: "order-1",
139
+ external_id: "user-123",
140
+ amount: 4999,
141
+ currency: "USD",
142
+ });
143
+
144
+ // Read a user's current risk profile.
145
+ const risk = await simplr.profiles.getProfileRisk("user-123");
146
+
147
+ // Feed back a confirmed outcome (chargeback, manual review, …).
148
+ await simplr.profiles.reportOutcome("user-123", "fraud"); // or "legitimate"
149
+ ```
150
+
151
+ ## RUM (`simplr.rum`)
152
+
153
+ Server-side Real User Monitoring. Events are batched and flushed to `/v1/rum/events`. The flush timer is installed with `unref()`, so it never keeps your process alive. There is no DOM auto-capture on the server — report views/actions/errors/logs explicitly.
154
+
155
+ ```ts
156
+ simplr.rum.initialize({ applicationId: "my-api", environment: "production" });
157
+
158
+ simplr.rum.setUser("user-123", { plan: "pro" });
159
+ simplr.rum.addAttribute("region", "eu-west-1");
160
+
161
+ simplr.rum.trackView("POST /checkout");
162
+ simplr.rum.trackAction("charge_card", { gateway: "stripe" });
163
+ simplr.rum.log("info", "checkout completed", { orderId: "order-1" });
164
+
165
+ try {
166
+ // …
167
+ } catch (err) {
168
+ simplr.rum.trackError(err as Error);
169
+ }
170
+
171
+ await simplr.rum.flush(); // force a flush
172
+ await simplr.rum.stopSession(); // emit session_end, flush, stop timer
173
+ ```
174
+
175
+ ## AI delegation (`simplr.ai`)
176
+
177
+ OAuth-like AI authentication — mint, validate, and revoke delegation tokens that an end user shares with their AI agent.
178
+
179
+ ```ts
180
+ // Mint a token (only returned once).
181
+ const delegation = await simplr.ai.createDelegation({
182
+ userId: "user-123",
183
+ binding: "verified_device",
184
+ expiresInDays: 7,
185
+ fingerprintHash: "9f2a…",
186
+ });
187
+
188
+ // Validate (introspect) an incoming token on your AI gateway.
189
+ const check = await simplr.ai.validate(token, { aiProvider: "anthropic", action: "read_orders" });
190
+ if (!check.valid) { /* reject */ }
191
+
192
+ // Manage delegations.
193
+ await simplr.ai.list("user-123");
194
+ await simplr.ai.get(delegation.delegationId);
195
+ await simplr.ai.stats();
196
+ await simplr.ai.revoke(delegation.delegationId, "user revoked");
197
+ await simplr.ai.revokeAllForUser("user-123", "logout"); // returns count
198
+
199
+ ```
200
+
201
+ > The browser SDK's interactive `connect()` popup flow is web-only and is intentionally omitted from the server SDK.
202
+
203
+ ## Admin / measurement (`SimplrAdmin`)
204
+
205
+ Dashboard operations — usage/measurement, feature-flag CRUD, and RUM analytics — require a **portal token** (JWT), not an API key:
206
+
207
+ ```ts
208
+ import { SimplrAdmin } from "@simplr-ai/node";
209
+
210
+ const admin = new SimplrAdmin({ token: process.env.SIMPLR_PORTAL_TOKEN! });
211
+
212
+ await admin.usage.stats(orgId); // usage counters
213
+ await admin.usage.billing(orgId); // per-service totals + estimated cost (API measurement)
214
+ await admin.flags.create(orgId, { key: "new-checkout", environment: "test", rollout_percentage: 10 });
215
+ await admin.flags.update(orgId, flagId, { rollout_percentage: 50 });
216
+ await admin.rum.overview(orgId, { application_id: "my-app" });
217
+ await admin.rum.sessions(orgId, { page: 1, limit: 50 });
218
+ ```
219
+
90
220
  ## Errors
91
221
 
92
222
  Non-2xx responses throw `SimplrError` with `.status` and `.body`.