npm - @sylphx/sdk - Versions diffs - 0.3.4 → 0.3.5 - Mend

@sylphx/sdk 0.3.4 → 0.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/dist/server/index.d.cts CHANGED Viewed

@@ -19782,18 +19782,20 @@ interface AccessTokenPayload {
  * 4. No silent fixes - Transparency over convenience (but warn + continue)
  * 5. Single Source of Truth - All key logic in one place
  *
- * Key Formats (OAuth 2.0 Standard):
- * - App ID: app_(dev|stg|prod)_[identifier] — Public identifier (like OAuth client_id)
- * - Secret Key: sk_(dev|stg|prod)_[identifier] — Server-side only (like OAuth client_secret)
+ * Key Formats (ADR-021):
+ * - Publishable key: pk_(dev|stg|prod)_{ref}_{32hex} — client-safe (new)
+ * - Secret Key:      sk_(dev|stg|prod)_{ref}_{64hex} — server-side only
  *
- * Identifier Types:
- * - Customer apps: 32 hex chars
- * - Platform apps: platform_{app-slug} (e.g., platform_sylphx-console)
+ * Legacy Key Formats (backward-compat):
+ * - App ID (old):    app_(dev|stg|prod)_[identifier] — Public identifier
+ *
+ * Special Internal Formats (NOT rotated):
+ * - Console bootstrap: app_prod_platform_{slug} / sk_prod_platform_{slug}
  */
 /** Environment type derived from key prefix */
 type EnvironmentType = 'development' | 'staging' | 'production';
-/** Key type - appId (public) or secret (server) */
-type KeyType = 'appId' | 'secret';
+/** Key type - publicKey (pk_*), appId (legacy app_*), or secret (sk_*) */
+type KeyType = 'publicKey' | 'appId' | 'secret';
 /** Validation result with clear error information */
 interface KeyValidationResult {
     /** Whether the key is valid (possibly after sanitization) */
@@ -19812,7 +19814,9 @@ interface KeyValidationResult {
     issues?: string[];
 }
 /**
- * Validate an App ID and return detailed results
+ * Validate a legacy App ID (app_*) and return detailed results.
+ *
+ * @deprecated Use validatePublicKey() for new pk_* keys (ADR-021).
  *
  * @example
  * ```typescript
@@ -19827,8 +19831,9 @@ interface KeyValidationResult {
  */
 declare function validateAppId(key: string | undefined | null): KeyValidationResult;
 /**
- * Validate and sanitize App ID, logging warnings
+ * Validate and sanitize App ID, logging warnings.
  *
+ * @deprecated Use validateAndSanitizePublicKey() for new pk_* keys (ADR-021).
  * @throws Error if the key is invalid and cannot be sanitized
  * @returns The sanitized App ID
  */
@@ -19887,17 +19892,19 @@ declare function isProductionKey(key: string): boolean;
  */
 declare function getCookieNamespace(secretKey: string): string;
 /**
- * Detect the type of key (App ID or Secret Key)
+ * Detect the type of key.
  *
- * @returns 'appId', 'secret', or null if unknown
+ * @returns 'publicKey' (pk_*), 'appId' (legacy app_*), 'secret' (sk_*), or null if unknown
  */
 declare function detectKeyType(key: string): KeyType | null;
 /**
- * Check if a key is an App ID
+ * Check if a key is an App ID (legacy app_* format)
+ *
+ * @deprecated Use isPublishableKey() to also accept new pk_* keys
  */
 declare function isAppId(key: string): boolean;
 /**
- * Check if a key is a secret key
+ * Check if a key is a secret key (sk_*)
  */
 declare function isSecretKey(key: string): boolean;
 /**

package/dist/server/index.d.ts CHANGED Viewed

@@ -19782,18 +19782,20 @@ interface AccessTokenPayload {
  * 4. No silent fixes - Transparency over convenience (but warn + continue)
  * 5. Single Source of Truth - All key logic in one place
  *
- * Key Formats (OAuth 2.0 Standard):
- * - App ID: app_(dev|stg|prod)_[identifier] — Public identifier (like OAuth client_id)
- * - Secret Key: sk_(dev|stg|prod)_[identifier] — Server-side only (like OAuth client_secret)
+ * Key Formats (ADR-021):
+ * - Publishable key: pk_(dev|stg|prod)_{ref}_{32hex} — client-safe (new)
+ * - Secret Key:      sk_(dev|stg|prod)_{ref}_{64hex} — server-side only
  *
- * Identifier Types:
- * - Customer apps: 32 hex chars
- * - Platform apps: platform_{app-slug} (e.g., platform_sylphx-console)
+ * Legacy Key Formats (backward-compat):
+ * - App ID (old):    app_(dev|stg|prod)_[identifier] — Public identifier
+ *
+ * Special Internal Formats (NOT rotated):
+ * - Console bootstrap: app_prod_platform_{slug} / sk_prod_platform_{slug}
  */
 /** Environment type derived from key prefix */
 type EnvironmentType = 'development' | 'staging' | 'production';
-/** Key type - appId (public) or secret (server) */
-type KeyType = 'appId' | 'secret';
+/** Key type - publicKey (pk_*), appId (legacy app_*), or secret (sk_*) */
+type KeyType = 'publicKey' | 'appId' | 'secret';
 /** Validation result with clear error information */
 interface KeyValidationResult {
     /** Whether the key is valid (possibly after sanitization) */
@@ -19812,7 +19814,9 @@ interface KeyValidationResult {
     issues?: string[];
 }
 /**
- * Validate an App ID and return detailed results
+ * Validate a legacy App ID (app_*) and return detailed results.
+ *
+ * @deprecated Use validatePublicKey() for new pk_* keys (ADR-021).
  *
  * @example
  * ```typescript
@@ -19827,8 +19831,9 @@ interface KeyValidationResult {
  */
 declare function validateAppId(key: string | undefined | null): KeyValidationResult;
 /**
- * Validate and sanitize App ID, logging warnings
+ * Validate and sanitize App ID, logging warnings.
  *
+ * @deprecated Use validateAndSanitizePublicKey() for new pk_* keys (ADR-021).
  * @throws Error if the key is invalid and cannot be sanitized
  * @returns The sanitized App ID
  */
@@ -19887,17 +19892,19 @@ declare function isProductionKey(key: string): boolean;
  */
 declare function getCookieNamespace(secretKey: string): string;
 /**
- * Detect the type of key (App ID or Secret Key)
+ * Detect the type of key.
  *
- * @returns 'appId', 'secret', or null if unknown
+ * @returns 'publicKey' (pk_*), 'appId' (legacy app_*), 'secret' (sk_*), or null if unknown
  */
 declare function detectKeyType(key: string): KeyType | null;
 /**
- * Check if a key is an App ID
+ * Check if a key is an App ID (legacy app_* format)
+ *
+ * @deprecated Use isPublishableKey() to also accept new pk_* keys
  */
 declare function isAppId(key: string): boolean;
 /**
- * Check if a key is a secret key
+ * Check if a key is a secret key (sk_*)
  */
 declare function isSecretKey(key: string): boolean;
 /**

package/dist/server/index.js CHANGED Viewed

@@ -1413,6 +1413,7 @@ function exponentialBackoff(attempt, baseDelay = BASE_RETRY_DELAY_MS, maxDelay =
 }
 // src/key-validation.ts
+var PUBLIC_KEY_PATTERN = /^pk_(dev|stg|prod)_[a-z0-9]{12}_[a-f0-9]{32}$/;
 var APP_ID_PATTERN = /^app_(dev|stg|prod)_[a-z0-9_-]+$/;
 var SECRET_KEY_PATTERN = /^sk_(dev|stg|prod)_[a-z0-9_-]+$/;
 var ENV_PREFIX_MAP = {
@@ -1503,6 +1504,9 @@ function validateKeyForType(key, keyType, pattern, envVarName) {
     issues: [...issues, "invalid-format"]
   };
 }
+function validatePublicKey(key) {
+  return validateKeyForType(key, "publicKey", PUBLIC_KEY_PATTERN, "NEXT_PUBLIC_SYLPHX_KEY");
+}
 function validateAppId(key) {
   return validateKeyForType(key, "appId", APP_ID_PATTERN, "NEXT_PUBLIC_SYLPHX_APP_ID");
 }
@@ -1531,22 +1535,23 @@ function validateAndSanitizeSecretKey(key) {
 }
 function detectEnvironment(key) {
   const sanitized = key.trim().toLowerCase();
+  if (sanitized.startsWith("pk_")) {
+    const result = validatePublicKey(sanitized);
+    if (!result.valid) throw new Error(result.error);
+    return result.environment;
+  }
   if (sanitized.startsWith("sk_")) {
     const result = validateSecretKey(sanitized);
-    if (!result.valid) {
-      throw new Error(result.error);
-    }
+    if (!result.valid) throw new Error(result.error);
     return result.environment;
   }
   if (sanitized.startsWith("app_")) {
     const result = validateAppId(sanitized);
-    if (!result.valid) {
-      throw new Error(result.error);
-    }
+    if (!result.valid) throw new Error(result.error);
     return result.environment;
   }
   throw new Error(
-    `[Sylphx] Invalid key format. Key must start with 'sk_' (secret) or 'app_' (App ID).`
+    `[Sylphx] Invalid key format. Key must start with 'pk_' (publishable), 'sk_' (secret), or 'app_' (legacy App ID).`
   );
 }
 function isDevelopmentKey(key) {
@@ -1562,6 +1567,7 @@ function getCookieNamespace(secretKey) {
 }
 function detectKeyType(key) {
   const sanitized = key.trim().toLowerCase();
+  if (sanitized.startsWith("pk_")) return "publicKey";
   if (sanitized.startsWith("app_")) return "appId";
   if (sanitized.startsWith("sk_")) return "secret";
   return null;
@@ -1574,6 +1580,9 @@ function isSecretKey(key) {
 }
 function validateKey(key) {
   const keyType = key ? detectKeyType(key) : null;
+  if (keyType === "publicKey") {
+    return validatePublicKey(key);
+  }
   if (keyType === "appId") {
     return validateAppId(key);
   }
@@ -1583,7 +1592,7 @@ function validateKey(key) {
   return {
     valid: false,
     sanitizedKey: "",
-    error: key ? `Invalid key format. Keys must start with 'app_' (App ID) or 'sk_' (Secret Key), followed by environment (dev/stg/prod) and identifier. Got: ${key.slice(0, 20)}...` : "API key is required but was not provided.",
+    error: key ? `Invalid key format. Keys must start with 'pk_' (publishable), 'app_' (legacy), or 'sk_' (secret), followed by environment (dev/stg/prod). Got: ${key.slice(0, 20)}...` : "API key is required but was not provided.",
     issues: key ? ["invalid_format"] : ["missing"]
   };
 }