@sylphx/sdk 0.3.3 → 0.3.5

package/dist/nextjs/index.d.cts

@@ -4724,7 +4724,7 @@ interface components {
 		OrgInvitation: {
 			/**
 			 * @description Invitation ID
-			 * @example ivt_3Zb83qVQxkHMJPZ8VrJfQ2
+			 * @example inv_3Zb83qVQxkHMJPZ8VrJfQ2
 			 */
 			id: string
 			/**
@@ -4794,7 +4794,7 @@ interface components {
 			/**
 			 * Format: uuid
 			 * @description Invitation token (ID)
-			 * @example ivt_3Zb83qVQxkHMJPZ8VrJfQ2
+			 * @example inv_3Zb83qVQxkHMJPZ8VrJfQ2
 			 */
 			token: string
 		}
@@ -6053,33 +6053,36 @@ declare const SESSION_TOKEN_LIFETIME_MS: number;
  * Platform ID utilities for the Sylphx SDK
  *
  * Converts between raw UUIDs (used internally / in JWT sub claims) and
- * prefixed base58 IDs (used in all API responses and JWT pid claims).
+ * prefixed TypeID strings (used in all API responses and JWT pid claims).
  *
- * Same alphabet and encoding logic as the platform server.
- * No external dependencies — pure TypeScript.
+ * Uses TypeID spec v0.3.0 (Crockford base32, case-insensitive).
+ * Also accepts legacy base58 format for backward compatibility.
+ *
+ * No external dependencies — pure TypeScript implementation of Crockford base32.
  *
  * @example
  * ```ts
  * import { encodeUserId, decodeUserId } from '@sylphx/sdk/nextjs'
  *
  * const prefixed = encodeUserId('018f4a3b-1c2d-7000-9abc-def012345678')
- * // => 'user_3Zb83qVQxkHMJPZ8VrJfQ2'
+ * // => 'user_01h2xcejqtf2nbrexx3vqjhp41'
  *
- * const uuid = decodeUserId('user_3Zb83qVQxkHMJPZ8VrJfQ2')
+ * const uuid = decodeUserId('user_01h2xcejqtf2nbrexx3vqjhp41')
  * // => '018f4a3b-1c2d-7000-9abc-def012345678'
  * ```
  */
 /**
- * Encode a raw UUID as a prefixed base58 user ID.
+ * Encode a raw UUID as a prefixed TypeID user ID.
  *
  * @param uuid - Raw UUID string (with or without dashes)
- * @returns Prefixed platform ID: `user_<base58>`
+ * @returns Prefixed TypeID: `user_<crockford_base32>`
  */
 declare function encodeUserId(uuid: string): string;
 /**
- * Decode a prefixed base58 user ID back to a raw UUID.
+ * Decode a prefixed user ID back to a raw UUID.
+ * Accepts both TypeID (current) and base58 (legacy) formats.
  *
- * @param prefixedId - Prefixed platform ID: `user_<base58>`
+ * @param prefixedId - Prefixed user ID: `user_<encoded>`
  * @returns Raw UUID string, or null if invalid
  */
 declare function decodeUserId(prefixedId: string): string | null;

package/dist/nextjs/index.d.ts

@@ -4724,7 +4724,7 @@ interface components {
 		OrgInvitation: {
 			/**
 			 * @description Invitation ID
-			 * @example ivt_3Zb83qVQxkHMJPZ8VrJfQ2
+			 * @example inv_3Zb83qVQxkHMJPZ8VrJfQ2
 			 */
 			id: string
 			/**
@@ -4794,7 +4794,7 @@ interface components {
 			/**
 			 * Format: uuid
 			 * @description Invitation token (ID)
-			 * @example ivt_3Zb83qVQxkHMJPZ8VrJfQ2
+			 * @example inv_3Zb83qVQxkHMJPZ8VrJfQ2
 			 */
 			token: string
 		}
@@ -6053,33 +6053,36 @@ declare const SESSION_TOKEN_LIFETIME_MS: number;
  * Platform ID utilities for the Sylphx SDK
  *
  * Converts between raw UUIDs (used internally / in JWT sub claims) and
- * prefixed base58 IDs (used in all API responses and JWT pid claims).
+ * prefixed TypeID strings (used in all API responses and JWT pid claims).
  *
- * Same alphabet and encoding logic as the platform server.
- * No external dependencies — pure TypeScript.
+ * Uses TypeID spec v0.3.0 (Crockford base32, case-insensitive).
+ * Also accepts legacy base58 format for backward compatibility.
+ *
+ * No external dependencies — pure TypeScript implementation of Crockford base32.
  *
  * @example
  * ```ts
  * import { encodeUserId, decodeUserId } from '@sylphx/sdk/nextjs'
  *
  * const prefixed = encodeUserId('018f4a3b-1c2d-7000-9abc-def012345678')
- * // => 'user_3Zb83qVQxkHMJPZ8VrJfQ2'
+ * // => 'user_01h2xcejqtf2nbrexx3vqjhp41'
  *
- * const uuid = decodeUserId('user_3Zb83qVQxkHMJPZ8VrJfQ2')
+ * const uuid = decodeUserId('user_01h2xcejqtf2nbrexx3vqjhp41')
  * // => '018f4a3b-1c2d-7000-9abc-def012345678'
  * ```
  */
 /**
- * Encode a raw UUID as a prefixed base58 user ID.
+ * Encode a raw UUID as a prefixed TypeID user ID.
  *
  * @param uuid - Raw UUID string (with or without dashes)
- * @returns Prefixed platform ID: `user_<base58>`
+ * @returns Prefixed TypeID: `user_<crockford_base32>`
  */
 declare function encodeUserId(uuid: string): string;
 /**
- * Decode a prefixed base58 user ID back to a raw UUID.
+ * Decode a prefixed user ID back to a raw UUID.
+ * Accepts both TypeID (current) and base58 (legacy) formats.
  *
- * @param prefixedId - Prefixed platform ID: `user_<base58>`
+ * @param prefixedId - Prefixed user ID: `user_<encoded>`
  * @returns Raw UUID string, or null if invalid
  */
 declare function decodeUserId(prefixedId: string): string | null;

package/dist/nextjs/index.js

@@ -85,6 +85,7 @@ var JWK_CACHE_TTL_MS = 60 * 60 * 1e3;
 var ETAG_CACHE_TTL_MS = 5 * 60 * 1e3;
 
 // src/key-validation.ts
+var PUBLIC_KEY_PATTERN = /^pk_(dev|stg|prod)_[a-z0-9]{12}_[a-f0-9]{32}$/;
 var APP_ID_PATTERN = /^app_(dev|stg|prod)_[a-z0-9_-]+$/;
 var SECRET_KEY_PATTERN = /^sk_(dev|stg|prod)_[a-z0-9_-]+$/;
 var ENV_PREFIX_MAP = {
@@ -175,6 +176,9 @@ function validateKeyForType(key, keyType, pattern, envVarName) {
     issues: [...issues, "invalid-format"]
   };
 }
+function validatePublicKey(key) {
+  return validateKeyForType(key, "publicKey", PUBLIC_KEY_PATTERN, "NEXT_PUBLIC_SYLPHX_KEY");
+}
 function validateAppId(key) {
   return validateKeyForType(key, "appId", APP_ID_PATTERN, "NEXT_PUBLIC_SYLPHX_APP_ID");
 }
@@ -203,22 +207,23 @@ function validateAndSanitizeSecretKey(key) {
 }
 function detectEnvironment(key) {
   const sanitized = key.trim().toLowerCase();
+  if (sanitized.startsWith("pk_")) {
+    const result = validatePublicKey(sanitized);
+    if (!result.valid) throw new Error(result.error);
+    return result.environment;
+  }
   if (sanitized.startsWith("sk_")) {
     const result = validateSecretKey(sanitized);
-    if (!result.valid) {
-      throw new Error(result.error);
-    }
+    if (!result.valid) throw new Error(result.error);
     return result.environment;
   }
   if (sanitized.startsWith("app_")) {
     const result = validateAppId(sanitized);
-    if (!result.valid) {
-      throw new Error(result.error);
-    }
+    if (!result.valid) throw new Error(result.error);
     return result.environment;
   }
   throw new Error(
-    `[Sylphx] Invalid key format. Key must start with 'sk_' (secret) or 'app_' (App ID).`
+    `[Sylphx] Invalid key format. Key must start with 'pk_' (publishable), 'sk_' (secret), or 'app_' (legacy App ID).`
   );
 }
 function getCookieNamespace(secretKey) {
@@ -1730,31 +1735,41 @@ async function jwtVerify(jwt, key, options) {
 }
 
 // src/lib/ids.ts
+var CB32 = "0123456789abcdefghjkmnpqrstvwxyz";
+var CB32_MAP = Object.fromEntries([...CB32].map((c, i) => [c, i]));
 var B58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
 var B58_MAP = Object.fromEntries([...B58].map((c, i) => [c, i]));
-function encodeUserId(uuid) {
-  const hex = uuid.replace(/-/g, "");
-  if (hex.length !== 32)
-    throw new Error("Invalid UUID: expected 32 hex chars after stripping dashes");
-  let n = BigInt("0x" + hex);
-  let r = "";
-  while (n > 0n) {
-    r = B58[Number(n % 58n)] + r;
-    n /= 58n;
+function cb32Encode(hex) {
+  const num = BigInt(`0x${hex}`);
+  const chars = [];
+  let n = num;
+  for (let i = 0; i < 26; i++) {
+    chars.unshift(CB32[Number(n & 0x1fn)]);
+    n >>= 5n;
+  }
+  return chars.join("");
+}
+function cb32Decode(str) {
+  if (str.length !== 26) return null;
+  let n = 0n;
+  for (const c of str.toLowerCase()) {
+    const idx = CB32_MAP[c];
+    if (idx === void 0) return null;
+    n = n << 5n | BigInt(idx);
   }
-  return `user_${r}`;
+  return n.toString(16).padStart(32, "0");
 }
-function decodeUserId(prefixedId) {
-  if (!prefixedId.startsWith("user_")) return null;
-  const enc = prefixedId.slice(5);
-  if (!enc) return null;
+function b58Decode(str) {
   let n = 0n;
-  for (const c of enc) {
+  for (const c of str) {
     const i = B58_MAP[c] ?? -1;
     if (i === -1) return null;
     n = n * 58n + BigInt(i);
   }
   const hex = n.toString(16).padStart(32, "0");
+  return hex.length === 32 ? hex : null;
+}
+function hexToUuid(hex) {
   return [
     hex.slice(0, 8),
     hex.slice(8, 12),
@@ -1763,6 +1778,24 @@ function decodeUserId(prefixedId) {
     hex.slice(20)
   ].join("-");
 }
+function encodeUserId(uuid) {
+  const hex = uuid.replace(/-/g, "");
+  if (hex.length !== 32)
+    throw new Error("Invalid UUID: expected 32 hex chars after stripping dashes");
+  return `user_${cb32Encode(hex)}`;
+}
+function decodeUserId(prefixedId) {
+  if (!prefixedId.startsWith("user_")) return null;
+  const enc = prefixedId.slice(5);
+  if (!enc) return null;
+  if (enc.length === 26) {
+    const hex2 = cb32Decode(enc);
+    if (hex2) return hexToUuid(hex2);
+  }
+  const hex = b58Decode(enc);
+  if (hex) return hexToUuid(hex);
+  return null;
+}
 
 // src/server/index.ts
 function isJwksResponse(data) {