@sylphx/sdk 0.3.3 → 0.3.5

package/dist/server/index.mjs

@@ -1338,6 +1338,7 @@ function exponentialBackoff(attempt, baseDelay = BASE_RETRY_DELAY_MS, maxDelay =
 }
 
 // src/key-validation.ts
+var PUBLIC_KEY_PATTERN = /^pk_(dev|stg|prod)_[a-z0-9]{12}_[a-f0-9]{32}$/;
 var APP_ID_PATTERN = /^app_(dev|stg|prod)_[a-z0-9_-]+$/;
 var SECRET_KEY_PATTERN = /^sk_(dev|stg|prod)_[a-z0-9_-]+$/;
 var ENV_PREFIX_MAP = {
@@ -1428,6 +1429,9 @@ function validateKeyForType(key, keyType, pattern, envVarName) {
     issues: [...issues, "invalid-format"]
   };
 }
+function validatePublicKey(key) {
+  return validateKeyForType(key, "publicKey", PUBLIC_KEY_PATTERN, "NEXT_PUBLIC_SYLPHX_KEY");
+}
 function validateAppId(key) {
   return validateKeyForType(key, "appId", APP_ID_PATTERN, "NEXT_PUBLIC_SYLPHX_APP_ID");
 }
@@ -1456,22 +1460,23 @@ function validateAndSanitizeSecretKey(key) {
 }
 function detectEnvironment(key) {
   const sanitized = key.trim().toLowerCase();
+  if (sanitized.startsWith("pk_")) {
+    const result = validatePublicKey(sanitized);
+    if (!result.valid) throw new Error(result.error);
+    return result.environment;
+  }
   if (sanitized.startsWith("sk_")) {
     const result = validateSecretKey(sanitized);
-    if (!result.valid) {
-      throw new Error(result.error);
-    }
+    if (!result.valid) throw new Error(result.error);
     return result.environment;
   }
   if (sanitized.startsWith("app_")) {
     const result = validateAppId(sanitized);
-    if (!result.valid) {
-      throw new Error(result.error);
-    }
+    if (!result.valid) throw new Error(result.error);
     return result.environment;
   }
   throw new Error(
-    `[Sylphx] Invalid key format. Key must start with 'sk_' (secret) or 'app_' (App ID).`
+    `[Sylphx] Invalid key format. Key must start with 'pk_' (publishable), 'sk_' (secret), or 'app_' (legacy App ID).`
   );
 }
 function isDevelopmentKey(key) {
@@ -1487,6 +1492,7 @@ function getCookieNamespace(secretKey) {
 }
 function detectKeyType(key) {
   const sanitized = key.trim().toLowerCase();
+  if (sanitized.startsWith("pk_")) return "publicKey";
   if (sanitized.startsWith("app_")) return "appId";
   if (sanitized.startsWith("sk_")) return "secret";
   return null;
@@ -1499,6 +1505,9 @@ function isSecretKey(key) {
 }
 function validateKey(key) {
   const keyType = key ? detectKeyType(key) : null;
+  if (keyType === "publicKey") {
+    return validatePublicKey(key);
+  }
   if (keyType === "appId") {
     return validateAppId(key);
   }
@@ -1508,7 +1517,7 @@ function validateKey(key) {
   return {
     valid: false,
     sanitizedKey: "",
-    error: key ? `Invalid key format. Keys must start with 'app_' (App ID) or 'sk_' (Secret Key), followed by environment (dev/stg/prod) and identifier. Got: ${key.slice(0, 20)}...` : "API key is required but was not provided.",
+    error: key ? `Invalid key format. Keys must start with 'pk_' (publishable), 'app_' (legacy), or 'sk_' (secret), followed by environment (dev/stg/prod). Got: ${key.slice(0, 20)}...` : "API key is required but was not provided.",
     issues: key ? ["invalid_format"] : ["missing"]
   };
 }
@@ -1906,31 +1915,41 @@ function createDynamicRestClient(config) {
 }
 
 // src/lib/ids.ts
+var CB32 = "0123456789abcdefghjkmnpqrstvwxyz";
+var CB32_MAP = Object.fromEntries([...CB32].map((c, i) => [c, i]));
 var B58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
 var B58_MAP = Object.fromEntries([...B58].map((c, i) => [c, i]));
-function encodeUserId(uuid) {
-  const hex = uuid.replace(/-/g, "");
-  if (hex.length !== 32)
-    throw new Error("Invalid UUID: expected 32 hex chars after stripping dashes");
-  let n = BigInt("0x" + hex);
-  let r = "";
-  while (n > 0n) {
-    r = B58[Number(n % 58n)] + r;
-    n /= 58n;
+function cb32Encode(hex) {
+  const num = BigInt(`0x${hex}`);
+  const chars = [];
+  let n = num;
+  for (let i = 0; i < 26; i++) {
+    chars.unshift(CB32[Number(n & 0x1fn)]);
+    n >>= 5n;
+  }
+  return chars.join("");
+}
+function cb32Decode(str) {
+  if (str.length !== 26) return null;
+  let n = 0n;
+  for (const c of str.toLowerCase()) {
+    const idx = CB32_MAP[c];
+    if (idx === void 0) return null;
+    n = n << 5n | BigInt(idx);
   }
-  return `user_${r}`;
+  return n.toString(16).padStart(32, "0");
 }
-function decodeUserId(prefixedId) {
-  if (!prefixedId.startsWith("user_")) return null;
-  const enc = prefixedId.slice(5);
-  if (!enc) return null;
+function b58Decode(str) {
   let n = 0n;
-  for (const c of enc) {
+  for (const c of str) {
     const i = B58_MAP[c] ?? -1;
     if (i === -1) return null;
     n = n * 58n + BigInt(i);
   }
   const hex = n.toString(16).padStart(32, "0");
+  return hex.length === 32 ? hex : null;
+}
+function hexToUuid(hex) {
   return [
     hex.slice(0, 8),
     hex.slice(8, 12),
@@ -1939,6 +1958,24 @@ function decodeUserId(prefixedId) {
     hex.slice(20)
   ].join("-");
 }
+function encodeUserId(uuid) {
+  const hex = uuid.replace(/-/g, "");
+  if (hex.length !== 32)
+    throw new Error("Invalid UUID: expected 32 hex chars after stripping dashes");
+  return `user_${cb32Encode(hex)}`;
+}
+function decodeUserId(prefixedId) {
+  if (!prefixedId.startsWith("user_")) return null;
+  const enc = prefixedId.slice(5);
+  if (!enc) return null;
+  if (enc.length === 26) {
+    const hex2 = cb32Decode(enc);
+    if (hex2) return hexToUuid(hex2);
+  }
+  const hex = b58Decode(enc);
+  if (hex) return hexToUuid(hex);
+  return null;
+}
 
 // src/server/ai.ts
 function createAI(options = {}) {