@tollara/service-sdk 0.0.1 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # Tollara SDK (JavaScript/TypeScript)
2
2
 
3
- **Package:** `@tollara/service-sdk` (version **0.0.1** in this repo)
3
+ **Package:** `@tollara/service-sdk` (version **0.0.2** in this repo)
4
4
 
5
5
  Verify inbound HMAC, validate **service keys**, run usage pre-flight (service-key **and** JWT paths), **gateway invoke** (sync/async), report usage, progress, completion, and poll async job status.
6
6
 
@@ -41,13 +41,13 @@ if (estimate) {
41
41
 
42
42
  ### Verify signature and user context together
43
43
 
44
- Verification defaults to signing version **v2** (newer user-context suffix, no quota segment in the signed material). `verifySignatureFromHeaders` also reads `X-Tollara-Signing-Version` when present.
44
+ Verification uses HMAC user-context **v3** when `X-Tollara-Signing-Version` is `"3"` (`serviceProductId`, `subscriptionStatus`); **v2** when `"2"`; legacy v1 when the header is absent.
45
45
 
46
46
  ```ts
47
- import { verifySignatureFromHeadersAndGetUserContext } from '@tollara/service-sdk';
47
+ import { grantAccess, verifySignatureFromHeadersAndGetUserContext } from '@tollara/service-sdk';
48
48
 
49
49
  const ctx = verifySignatureFromHeadersAndGetUserContext(serviceSecret, headers, rawBody);
50
- if (ctx) { /* trusted */ }
50
+ if (ctx && grantAccess(ctx.subscriptionStatus)) { /* trusted + invoke-eligible */ }
51
51
  ```
52
52
 
53
53
  ## Install
@@ -58,9 +58,10 @@ npm install @tollara/service-sdk
58
58
 
59
59
  ## API highlights
60
60
 
61
- - `TollaraHeaders` — canonical `X-Tollara-*` names (including signing-version for gateway HMAC v2)
62
- - `buildGatewayUserContextString` / `buildGatewayUserContextStringV2` — inbound suffix helpers
63
- - `verifyInboundHmac` / `verifySignatureFromHeaders` — inbound gateway HMAC
61
+ - `TollaraHeaders` — canonical `X-Tollara-*` names (including signing-version for gateway HMAC v3)
62
+ - `buildGatewayUserContextStringV3` — inbound suffix helper for production gateway forwards
63
+ - `grantAccess` invoke eligibility from `subscriptionStatus` (validate/gateway v3)
64
+ - `verifyInboundHmac` / `verifySignatureFromHeaders` — inbound gateway HMAC (v3 when `X-Tollara-Signing-Version` is `"3"`)
64
65
  - `getUserContext` — parses headers (case-insensitive keys)
65
66
  - `TollaraClient` — validate key, estimates, invoke, usage reporting, gateway polling
66
67
  - `validateServiceKey` / `estimateUsage` — Core **service-key** paths; response HMAC verified when headers present
@@ -130,16 +131,20 @@ await reportUsage({
130
131
  URLs come from the platform (`progress_url`, `callback_url`).
131
132
 
132
133
  ```ts
133
- import { CompletionStatus, reportProgress, reportCompletionWithResult } from '@tollara/service-sdk';
134
+ import { CompletionStatus, reportProgress, reportCompletion } from '@tollara/service-sdk';
134
135
 
135
- await reportProgress({
136
+ const progress = await reportProgress({
136
137
  progressUrl,
137
138
  requestId,
138
139
  stage: 'processing',
139
140
  percentageComplete: 50,
140
141
  serviceSecret,
141
142
  });
142
- await reportCompletionWithResult({
143
+ if (!progress.success) {
144
+ console.error(progress.httpStatus, progress.responseBody);
145
+ }
146
+
147
+ const complete = await reportCompletion({
143
148
  callbackUrl,
144
149
  requestId,
145
150
  status: CompletionStatus.Completed,
package/dist/index.d.mts CHANGED
@@ -3,10 +3,15 @@ declare const TollaraHeaders: {
3
3
  readonly SIGNATURE: "X-Tollara-Signature";
4
4
  readonly TIMESTAMP: "X-Tollara-Timestamp";
5
5
  readonly USER_ID: "X-Tollara-User-ID";
6
+ /** @deprecated v1/v2 only; v3 uses SERVICE_PRODUCT_ID */
6
7
  readonly PLAN: "X-Tollara-Plan";
8
+ readonly SERVICE_PRODUCT_ID: "X-Tollara-Service-Product-ID";
7
9
  readonly ROLES: "X-Tollara-Roles";
10
+ /** @deprecated v1 only */
8
11
  readonly QUOTA_REMAINING: "X-Tollara-Quota-Remaining";
12
+ /** @deprecated v1/v2 only; v3 uses SUBSCRIPTION_STATUS */
9
13
  readonly SUBSCRIPTION_ACTIVE: "X-Tollara-Subscription-Active";
14
+ readonly SUBSCRIPTION_STATUS: "X-Tollara-Subscription-Status";
10
15
  readonly BILLING_MODEL: "X-Tollara-Billing-Model";
11
16
  readonly MEASUREMENT_TYPE: "X-Tollara-Measurement-Type";
12
17
  readonly UNIT_LABEL: "X-Tollara-Unit-Label";
@@ -32,11 +37,21 @@ declare function constantTimeEquals(a: string, b: string): boolean;
32
37
  */
33
38
  declare function validateHmacSignature(signature: string, payloadString: string, key: string): boolean;
34
39
 
40
+ /** Whether subscriptionStatus grants invoke access (validation/gateway v3). */
41
+ declare function grantAccess(subscriptionStatus: string | null | undefined): boolean;
42
+
35
43
  interface UserContext {
36
44
  userId: string | null;
45
+ /** v3: service product id; v1/v2 legacy: plan name in {@link plan}. */
46
+ serviceProductId: string | null;
47
+ /** @deprecated v1/v2 only */
37
48
  plan: string | null;
38
49
  roles: string[];
50
+ /** @deprecated v1 only */
39
51
  quotaRemaining: number | null;
52
+ /** v3: uppercase subscription status. */
53
+ subscriptionStatus: string | null;
54
+ /** @deprecated v1/v2 only */
40
55
  subscriptionActive: boolean;
41
56
  billingModelType: string | null;
42
57
  measurementType: string | null;
@@ -47,24 +62,32 @@ interface VerifySignatureInput {
47
62
  timestamp: string;
48
63
  payload: string | object | null;
49
64
  userId: string | null;
50
- plan: string | null;
65
+ /** v3 */
66
+ serviceProductId?: string | null;
67
+ /** v1/v2 */
68
+ plan?: string | null;
51
69
  roles: string[];
52
- quotaRemaining: number | string | null;
53
- /** Must match X-Tollara-Subscription-Active for verification. */
54
- subscriptionActive: boolean;
70
+ /** v1 only */
71
+ quotaRemaining?: number | string | null;
72
+ /** v3 */
73
+ subscriptionStatus?: string | null;
74
+ /** v1/v2 */
75
+ subscriptionActive?: boolean;
55
76
  billingModelType?: string | null;
56
77
  measurementType?: string | null;
57
78
  unitLabel?: string | null;
58
- /** When `2`, uses HMAC user-context v2 (see TollaraHeaders.SIGNING_VERSION). */
79
+ /** `3` = v3; `2` = v2; absent = v1 */
59
80
  signingVersion?: string | null;
60
81
  }
61
- /** User fields that participate in inbound HMAC userContextString (docs/hmac-spec.md). */
82
+ /** User fields that participate in inbound HMAC userContextString. */
62
83
  interface SignedUserContext {
63
84
  userId: string | null;
64
- plan: string | null;
85
+ serviceProductId?: string | null;
86
+ plan?: string | null;
65
87
  roles: string[];
66
- quotaRemaining: number | string | null;
67
- subscriptionActive: boolean;
88
+ quotaRemaining?: number | string | null;
89
+ subscriptionStatus?: string | null;
90
+ subscriptionActive?: boolean;
68
91
  billingModelType?: string | null;
69
92
  measurementType?: string | null;
70
93
  unitLabel?: string | null;
@@ -79,14 +102,16 @@ interface InboundHmacRequest {
79
102
  /** Loose header map (e.g. Node/Express lowercases keys). */
80
103
  type HeaderBag = Record<string, string | string[] | undefined | null>;
81
104
  /**
82
- * Gateway inbound HMAC suffix: userId + plan + rolesCsv + quota + subscriptionActive + billing + measurement + unit.
105
+ * Gateway inbound HMAC suffix v1: userId + plan + rolesCsv + quota + subscriptionActive + billing fields.
83
106
  */
84
107
  declare function buildGatewayUserContextString(userId: string | null, plan: string | null, roles: string[], quotaRemaining: number | string | null, subscriptionActive: boolean, billingModelType: string | null, measurementType: string | null, unitLabel: string | null): string;
85
108
  /** Gateway HMAC user-context v2: leading `2`, then userId, plan, roles, subscription, billing fields (no quota). */
86
109
  declare function buildGatewayUserContextStringV2(userId: string | null, plan: string | null, roles: string[], subscriptionActive: boolean, billingModelType: string | null, measurementType: string | null, unitLabel: string | null): string;
110
+ /** Gateway HMAC user-context v3: leading `3`, serviceProductId, subscriptionStatus (see MAIN-SDK-API-SPEC §4). */
111
+ declare function buildGatewayUserContextStringV3(userId: string | null, serviceProductId: string | null, roles: string[], subscriptionStatus: string | null, billingModelType: string | null, measurementType: string | null, unitLabel: string | null): string;
87
112
  /**
88
113
  * Verifies HMAC on an inbound gateway request.
89
- * Canonical string: payload + timestamp + userContextString (see docs/hmac-spec.md).
114
+ * Canonical string: payload + timestamp + userContextString (see docs-sdk/MAIN-SDK-API-SPEC.md §4).
90
115
  */
91
116
  declare function verifySignature(serviceSecret: string, input: VerifySignatureInput): boolean;
92
117
  /**
@@ -99,46 +124,84 @@ declare function verifyInboundHmac(serviceSecret: string, request: InboundHmacRe
99
124
  declare function verifySignatureFromHeaders(serviceSecret: string, headers: HeaderBag, payload: string | object | null): boolean;
100
125
  /**
101
126
  * Verifies inbound HMAC; if valid returns user context, else `null` (do not trust headers).
102
- * Parses `X-Tollara-*` headers into {@link UserContext} (case-insensitive header names).
103
127
  */
104
128
  declare function verifySignatureFromHeadersAndGetUserContext(serviceSecret: string, headers: HeaderBag, payload: string | object | null): UserContext | null;
105
129
  declare function getUserContext(headers: HeaderBag): UserContext;
106
130
 
131
+ /** Shared usage breakdown for estimate and report responses (MAIN-SDK-API-SPEC). */
132
+ interface UsageBreakdown {
133
+ unitsUsed?: number;
134
+ baseUnitsUsed?: number;
135
+ overageUnits?: number;
136
+ chargeableOverageUnits?: number;
137
+ surplusOverageUnits?: number;
138
+ overageCost?: number;
139
+ totalOverageCost?: number;
140
+ unitsRemaining?: number;
141
+ /** PREPAID: credit balance after this chunk. */
142
+ remainingCredits?: number;
143
+ remainingSpendingCap?: number;
144
+ totalUnitsUsedThisCycle?: number;
145
+ isOverLimit?: boolean;
146
+ isOverage?: boolean;
147
+ isOverageAllowed?: boolean;
148
+ }
149
+ declare function parseUsageBreakdown(raw: unknown): UsageBreakdown | null;
150
+
107
151
  interface ServiceKeyValidationResult {
108
152
  userId: string | null;
109
153
  serviceId: string | null;
110
154
  /** Core service-key row id when present in the validate JSON body. */
111
155
  serviceKeyId: string | null;
112
- plan: string | null;
156
+ serviceProductId: string | null;
113
157
  roles: string[];
114
- quotaRemaining: number | null;
115
- subscriptionActive: boolean;
158
+ subscriptionStatus: string | null;
159
+ validationSchemaVersion: number;
116
160
  billingModelType: string | null;
117
161
  measurementType: string | null;
118
162
  unitLabel: string | null;
163
+ /** Whether {@link subscriptionStatus} grants invoke access. */
164
+ grantAccess: boolean;
119
165
  }
120
166
  interface UsageEstimateResult {
121
167
  sufficientCredits: boolean;
122
168
  wouldExceedCap: boolean;
123
169
  wouldAllow: boolean;
124
170
  estimatedCost: number | null;
125
- remainingCredits: number | null;
126
- remainingSpendingCap: number | null;
127
171
  billingModelType: string | null;
128
172
  measurementType: string | null;
129
173
  unitLabel: string | null;
130
- breakdown: Record<string, unknown> | null;
174
+ breakdown: UsageBreakdown | null;
131
175
  estimateSchemaVersion: number;
132
176
  timestamp: number;
133
177
  httpStatus: number;
134
178
  }
179
+ /** Canonical failure codes for validateServiceKeyWithOutcome (see docs-sdk §2.1.1). */
180
+ type ValidationFailureCode = 'MISSING_KEY' | 'NETWORK' | 'HTTP_ERROR' | 'MISSING_SIGNATURE_HEADERS' | 'HMAC_MISMATCH' | 'INVALID_KEY' | 'PARSE_ERROR';
181
+ type ServiceKeyValidationOutcome = {
182
+ ok: true;
183
+ result: ServiceKeyValidationResult;
184
+ } | {
185
+ ok: false;
186
+ code: ValidationFailureCode;
187
+ message?: string;
188
+ httpStatus?: number;
189
+ };
190
+ /**
191
+ * Validates a service key via the Tollara API and verifies response HMAC.
192
+ * Returns a discriminated outcome with canonical failure codes (§2.1.1).
193
+ */
194
+ declare function validateServiceKeyWithOutcome(params: {
195
+ baseUrl?: string | null;
196
+ serviceKey: string;
197
+ serviceId: string | null;
198
+ serviceSecret: string;
199
+ fetch?: typeof globalThis.fetch;
200
+ }): Promise<ServiceKeyValidationOutcome>;
135
201
  /**
136
202
  * Validates a service key via the Tollara API and verifies response HMAC.
137
- * Uses `baseUrl` (default production API origin) + `/api/v1/service-keys/validate`.
138
- * Optional in-memory cache with 60s TTL via {@link createValidationCache}.
139
203
  */
140
204
  declare function validateServiceKey(params: {
141
- /** API origin; defaults to `https://api.tollara.ai`. */
142
205
  baseUrl?: string | null;
143
206
  serviceKey: string;
144
207
  serviceId: string | null;
@@ -146,8 +209,7 @@ declare function validateServiceKey(params: {
146
209
  fetch?: typeof globalThis.fetch;
147
210
  }): Promise<ServiceKeyValidationResult | null>;
148
211
  /**
149
- * Usage pre-flight for a service key (Core). Same trust model as {@link validateServiceKey}: JSON body, response HMAC.
150
- * Verifies signatures on 200 / 403 / 429 when `X-Tollara-Signature` and `X-Tollara-Timestamp` are present.
212
+ * Usage pre-flight for a service key (Core). Same trust model as {@link validateServiceKey}.
151
213
  */
152
214
  declare function estimateUsage(params: {
153
215
  baseUrl?: string | null;
@@ -157,9 +219,7 @@ declare function estimateUsage(params: {
157
219
  estimatedUnits: number;
158
220
  fetch?: typeof globalThis.fetch;
159
221
  }): Promise<UsageEstimateResult | null>;
160
- /**
161
- * Core JWT usage estimate (`POST …/billing/usage/estimate`). Not HMAC-signed (spec §2.2).
162
- */
222
+ /** Core JWT usage estimate (`POST …/billing/usage/estimate`). Not HMAC-signed (spec §2.2). */
163
223
  declare function estimateUsageWithJwt(params: {
164
224
  baseUrl?: string | null;
165
225
  corePathPrefix?: string | null;
@@ -169,9 +229,7 @@ declare function estimateUsageWithJwt(params: {
169
229
  estimatedUnits: number;
170
230
  fetch?: typeof globalThis.fetch;
171
231
  }): Promise<UsageEstimateResult | null>;
172
- /**
173
- * Simple cache for validateServiceKey (optional).
174
- */
232
+ /** Simple cache for validateServiceKey (optional). */
175
233
  declare function createValidationCache(): {
176
234
  get(serviceKey: string): ServiceKeyValidationResult | null;
177
235
  set(serviceKey: string, result: ServiceKeyValidationResult): void;
@@ -188,13 +246,25 @@ declare enum CompletionStatus {
188
246
 
189
247
  /** Default Tollara API origin (production). */
190
248
  declare const DEFAULT_API_URL = "https://api.tollara.ai";
191
- /** Path segments joined to `baseUrl` for each service (not part of the public URL API). */
249
+ /** Path segments joined to `baseUrl` for each service (Docker/local default). */
192
250
  declare const DEFAULT_CORE_PATH_PREFIX = "/api/v1";
193
251
  declare const DEFAULT_GATEWAY_PATH_PREFIX = "/api";
194
252
  declare const DEFAULT_USAGE_PATH_PREFIX = "/api/usage";
253
+ /** ECS / hosted api.tollara.ai path prefixes (see MAIN-SDK-API-SPEC.md). */
254
+ declare const ECS_CORE_PATH_PREFIX = "/core/api/v1";
255
+ declare const ECS_GATEWAY_PATH_PREFIX = "/gateway/api/v1";
256
+ declare const ECS_USAGE_PATH_PREFIX = "/usage/api/v1";
195
257
 
196
- /** Builds `{baseUrl}/api/usage/report` using the default usage path. */
258
+ /** Builds usage report URL for the given API origin (Docker or hosted ECS). */
197
259
  declare function buildUsageReportUrl(baseUrl: string): string;
260
+ type UsageCallbackResult = {
261
+ success: boolean;
262
+ httpStatus: number;
263
+ httpStatusText: string;
264
+ requestUrl: string;
265
+ responseBody?: string;
266
+ networkError?: string;
267
+ };
198
268
  type ReportProgressParams = {
199
269
  progressUrl: string;
200
270
  requestId: string;
@@ -205,10 +275,8 @@ type ReportProgressParams = {
205
275
  serviceSecret: string;
206
276
  fetch?: typeof globalThis.fetch;
207
277
  };
208
- /**
209
- * POST to progressUrl with signed body (optional errorMessage).
210
- */
211
- declare function reportProgress(params: ReportProgressParams): Promise<boolean>;
278
+ /** POST to progressUrl with signed body (optional errorMessage). */
279
+ declare function reportProgress(params: ReportProgressParams): Promise<UsageCallbackResult>;
212
280
  type ReportCompletionParams = {
213
281
  callbackUrl: string;
214
282
  requestId: string;
@@ -220,28 +288,18 @@ type ReportCompletionParams = {
220
288
  serviceSecret: string;
221
289
  fetch?: typeof globalThis.fetch;
222
290
  };
223
- /**
224
- * POST completion with status and optional units (defaults to 0).
225
- */
226
- declare function reportCompletion(params: Pick<ReportCompletionParams, 'callbackUrl' | 'requestId' | 'status' | 'serviceSecret' | 'fetch'> & {
227
- units?: number | null;
228
- }): Promise<boolean>;
229
- /**
230
- * POST completion with inline result text.
231
- */
232
- declare function reportCompletionWithResult(params: Pick<ReportCompletionParams, 'callbackUrl' | 'requestId' | 'status' | 'result' | 'units' | 'serviceSecret' | 'fetch'>): Promise<boolean>;
233
- /**
234
- * POST to callbackUrl with signed body (all optional fields).
235
- */
236
- declare function reportCompletionFull(params: ReportCompletionParams): Promise<boolean>;
291
+ /** POST to callbackUrl with signed completion body. */
292
+ declare function reportCompletion(params: ReportCompletionParams): Promise<UsageCallbackResult>;
237
293
  interface UsageReportResponse {
294
+ reportSchemaVersion?: number;
238
295
  status?: string;
239
- warning?: string;
240
- isOverLimit?: boolean;
241
- remainingRequestsPerPeriod?: number;
242
- remainingTimeUnitsPerPeriod?: number;
243
- remainingSpendingCap?: number;
244
- overageRate?: number;
296
+ warning?: string | null;
297
+ userId?: string;
298
+ serviceId?: string;
299
+ billingModelType?: string | null;
300
+ measurementType?: string | null;
301
+ unitLabel?: string | null;
302
+ breakdown?: UsageBreakdown | null;
245
303
  }
246
304
  /**
247
305
  * POST usage report with signed body (`{baseUrl}/api/usage/report`).
@@ -346,6 +404,7 @@ declare class TollaraClient {
346
404
  private readonly fetchFn;
347
405
  constructor(options?: TollaraClientOptions);
348
406
  validateServiceKey(serviceKey: string): Promise<ServiceKeyValidationResult | null>;
407
+ validateServiceKeyWithOutcome(serviceKey: string): Promise<ServiceKeyValidationOutcome>;
349
408
  estimateUsage(serviceKey: string, estimatedUnits: number): Promise<UsageEstimateResult | null>;
350
409
  /**
351
410
  * Core JWT usage estimate (`POST …/billing/usage/estimate`). Response is not HMAC-signed.
@@ -359,14 +418,20 @@ declare class TollaraClient {
359
418
  async?: boolean;
360
419
  }): Promise<GatewayInvokeResult | null>;
361
420
  reportUsage(userId: string, serviceId: string, unitsUsed: number): Promise<UsageReportResponse>;
362
- sendProgressUpdate(progressUrl: string, requestId: string, stage: string, percentageComplete: number, errorMessage?: string | null): Promise<boolean>;
421
+ sendProgressUpdate(progressUrl: string, requestId: string, stage: string, percentageComplete: number, errorMessage?: string | null): Promise<UsageCallbackResult>;
363
422
  sendCompletion(callbackUrl: string, requestId: string, status: CompletionStatus, units: number, options?: {
364
423
  result?: string | null;
365
424
  resultUrl?: string | null;
366
425
  contentType?: string | null;
367
- }): Promise<boolean>;
426
+ }): Promise<UsageCallbackResult>;
368
427
  getRequestStatus(requestId: string, serviceKey: string): Promise<GatewayPollResult>;
369
428
  getRequestResult(requestId: string, serviceKey: string): Promise<GatewayPollResult>;
370
429
  }
371
430
 
372
- export { CompletionStatus, DEFAULT_API_URL, DEFAULT_CORE_PATH_PREFIX, DEFAULT_GATEWAY_PATH_PREFIX, DEFAULT_USAGE_PATH_PREFIX, ENV_API_URL, ENV_SERVICE_ID, ENV_SERVICE_SECRET, type GatewayHttpMethod, type GatewayInvokeAsyncEnvelope, type GatewayInvokeResult, type GatewayPollResult, type HeaderBag, type InboundHmacRequest, type ReportCompletionParams, type ReportProgressParams, type ServiceKeyValidationResult, type SignedUserContext, TollaraClient, type TollaraClientOptions, type TollaraHeaderName, TollaraHeaders, type UsageEstimateResult, type UsageReportResponse, type UserContext, type VerifySignatureInput, buildGatewayUserContextString, buildGatewayUserContextStringV2, buildUsageReportUrl, calculateHmac, calculateHmacWithTimestamp, constantTimeEquals, createValidationCache, estimateUsage, estimateUsageWithJwt, getRequestResult, getRequestStatus, getUserContext, invokeService, reportCompletion, reportCompletionFull, reportCompletionWithResult, reportProgress, reportUsage, validateHmacSignature, validateServiceKey, verifyInboundHmac, verifySignature, verifySignatureFromHeaders, verifySignatureFromHeadersAndGetUserContext };
431
+ /** True for hosted Tollara API hosts (prod/PPE/branded *.api.tollara.ai). */
432
+ declare function isHostedTollaraApiOrigin(origin: string): boolean;
433
+ declare function resolveGatewayPathPrefix(baseUrl?: string | null, override?: string | null): string;
434
+ declare function resolveCorePathPrefix(baseUrl?: string | null, override?: string | null): string;
435
+ declare function resolveUsagePathPrefix(baseUrl?: string | null, override?: string | null): string;
436
+
437
+ export { CompletionStatus, DEFAULT_API_URL, DEFAULT_CORE_PATH_PREFIX, DEFAULT_GATEWAY_PATH_PREFIX, DEFAULT_USAGE_PATH_PREFIX, ECS_CORE_PATH_PREFIX, ECS_GATEWAY_PATH_PREFIX, ECS_USAGE_PATH_PREFIX, ENV_API_URL, ENV_SERVICE_ID, ENV_SERVICE_SECRET, type GatewayHttpMethod, type GatewayInvokeAsyncEnvelope, type GatewayInvokeResult, type GatewayPollResult, type HeaderBag, type InboundHmacRequest, type ReportCompletionParams, type ReportProgressParams, type ServiceKeyValidationOutcome, type ServiceKeyValidationResult, type SignedUserContext, TollaraClient, type TollaraClientOptions, type TollaraHeaderName, TollaraHeaders, type UsageBreakdown, type UsageCallbackResult, type UsageEstimateResult, type UsageReportResponse, type UserContext, type ValidationFailureCode, type VerifySignatureInput, buildGatewayUserContextString, buildGatewayUserContextStringV2, buildGatewayUserContextStringV3, buildUsageReportUrl, calculateHmac, calculateHmacWithTimestamp, constantTimeEquals, createValidationCache, estimateUsage, estimateUsageWithJwt, getRequestResult, getRequestStatus, getUserContext, grantAccess, invokeService, isHostedTollaraApiOrigin, parseUsageBreakdown, reportCompletion, reportProgress, reportUsage, resolveCorePathPrefix, resolveGatewayPathPrefix, resolveUsagePathPrefix, validateHmacSignature, validateServiceKey, validateServiceKeyWithOutcome, verifyInboundHmac, verifySignature, verifySignatureFromHeaders, verifySignatureFromHeadersAndGetUserContext };