@trustsig/sdk 1.0.0 → 1.2.1

package/README.md

@@ -1,49 +1,104 @@
-# TrustSig Enterprise SDK
+# TrustSig SDK
 
-TrustSig Node.js and Edge SDK for integrating TrustSig token verification in your backend services.
+Node.js, Edge, and React SDK for TrustSig bot protection and risk verification.
 
-## Features
+This repository is an NPM workspace with isolated packages. Backend cryptography is not bundled into client applications, and frontend frameworks are not required on backend edge workers.
 
-- Universal Compatibility (Node.js, Next.js Edge, Cloudflare Workers, Deno)
-- Zero-Dependency Core Cryptography (via `@noble/ciphers`)
-- Local Decryption (Zero Latency)
-- Remote API Verification
+## Packages
 
-## Installation
+| Package | Environment | Purpose |
+| --- | --- | --- |
+| `@trustsig/react` | Browser / SSR | React Context Provider and hooks. |
+| `@trustsig/client` | Browser | Vanilla JavaScript DOM token generator. |
+| `@trustsig/server` | Node.js / Edge | Cryptography and API verification. |
+| `@trustsig/types` | Shared | TypeScript interfaces. |
+
+## 1. Client-Side (React/Next.js)
 
 ```bash
-npm install @trustsig/sdk
+npm install @trustsig/react
+```
+
+### Setup Provider
+```tsx
+import { TrustSigProvider } from '@trustsig/react';
+
+export default function RootLayout({ children }) {
+  return (
+    <TrustSigProvider siteKey="YOUR_PUBLIC_KEY" interceptRequests={true}>
+      {children}
+    </TrustSigProvider>
+  );
+}
 ```
 
-## Usage
+### Usage
+```tsx
+import { useTrustSig } from '@trustsig/react';
+
+export function LoginForm() {
+  const { getResponse } = useTrustSig();
+
+  const handleSubmit = async (e) => {
+    e.preventDefault();
+    const token = await getResponse();
+    
+    await fetch('/api/login', {
+      method: 'POST',
+      headers: { 'X-TrustSig-Response': token || '' },
+      body: JSON.stringify({ email: "user@example.com" })
+    });
+  };
+
+  return (
+    <form onSubmit={handleSubmit}>
+      <button type="submit">Login</button>
+    </form>
+  );
+}
+```
+
+## 2. Client-Side (Vanilla JS / Vue)
+
+```bash
+npm install @trustsig/client
+```
+
+```javascript
+import { TrustSigClient } from '@trustsig/client';
+
+const client = new TrustSigClient({
+  siteKey: "YOUR_PUBLIC_KEY"
+});
+
+await client.load();
+const token = await client.getResponse();
+```
+
+## 3. Server-Side (Verification)
+
+```bash
+npm install @trustsig/server
+```
 
 ```typescript
-import { TrustSig } from '@trustsig/sdk';
+import { TrustSig } from '@trustsig/server';
 
-const trustsig = new TrustSig({
+const ts = new TrustSig({
   secretKey: process.env.TRUSTSIG_SECRET_KEY
 });
 
-const token = req.body['trustsig-response'];
+const token = request.headers.get('X-TrustSig-Response');
 
-const resultRemote = await trustsig.verifyRemote(token);
-if (resultRemote.action === 'BLOCK') {
-  throw new Error("Access Denied");
-}
+const resultLocal = ts.verifyLocal(token);
 
-const resultLocal = trustsig.verifyLocal(token);
 if (resultLocal.action === 'BLOCK') {
   throw new Error("Access Denied");
 }
-```
-
-## Verification Modes
-
-### Remote Verification (`verifyRemote`)
-Sends the token to the TrustSig Edge API for validation. Recommended for standard integrations.
 
-### Local Verification (`verifyLocal`)
-Decrypts the token locally using your Project Secret Key. Requires no outbound network requests. Recommended for high-throughput Edge environments.
+const resultRemote = await ts.verifyRemote(token);
 
-## Requirements
-- Node.js 18+ or standard Web Crypto API support.
+if (resultRemote.action === 'BLOCK') {
+  throw new Error("Access Denied");
+}
+```

package/package.json

@@ -1,21 +1,26 @@
 {
   "name": "@trustsig/sdk",
-  "version": "1.0.0",
-  "description": "TrustSig Enterprise SDK for Node.js and Edge environments",
-  "main": "./dist/index.js",
-  "module": "./dist/index.mjs",
-  "types": "./dist/index.d.ts",
+  "version": "1.2.1",
+  "description": "TrustSig SDK for Node.js, Edge, and browser environments",
   "scripts": {
-    "build": "tsup",
+    "build": "npm run build -w @trustsig/types && npm run build -w @trustsig/client && npm run build -w @trustsig/server && npm run build -w @trustsig/react",
     "test": "vitest run"
   },
   "dependencies": {
     "@noble/ciphers": "^1.1.0"
   },
   "devDependencies": {
-    "typescript": "^5.0.0",
+    "@testing-library/dom": "^10.4.1",
+    "@testing-library/react": "^16.3.2",
+    "@types/react": "^19.2.14",
+    "@types/react-dom": "^19.2.3",
+    "happy-dom": "^20.8.9",
+    "html-encoding-sniffer": "^6.0.0",
+    "react": "^19.2.4",
+    "react-dom": "^19.2.4",
     "tsup": "^8.0.0",
-    "vitest": "^1.0.0"
+    "typescript": "^5.0.0",
+    "vitest": "^1.6.1"
   },
   "files": [
     "dist"
@@ -27,8 +32,7 @@
   ],
   "author": "TrustSig",
   "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/TrustSig/TrustSigJS.git"
-  }
-}
+  "workspaces": [
+    "packages/*"
+  ]
+}

package/dist/index.d.mts

@@ -1,23 +0,0 @@
-interface TrustSigOptions {
-    secretKey: string;
-    endpoint?: string;
-}
-interface BotAnalysisResponse {
-    is_bot: boolean;
-    score: number;
-    action: string;
-    request_id: string;
-    factors: string[];
-    evidence: Record<string, any>;
-    site_key: string;
-}
-
-declare class TrustSig {
-    private secretKey;
-    private endpoint;
-    constructor(options: TrustSigOptions);
-    verifyLocal(token: string): BotAnalysisResponse;
-    verifyRemote(token: string): Promise<BotAnalysisResponse>;
-}
-
-export { type BotAnalysisResponse, TrustSig, type TrustSigOptions };

package/dist/index.d.ts

@@ -1,23 +0,0 @@
-interface TrustSigOptions {
-    secretKey: string;
-    endpoint?: string;
-}
-interface BotAnalysisResponse {
-    is_bot: boolean;
-    score: number;
-    action: string;
-    request_id: string;
-    factors: string[];
-    evidence: Record<string, any>;
-    site_key: string;
-}
-
-declare class TrustSig {
-    private secretKey;
-    private endpoint;
-    constructor(options: TrustSigOptions);
-    verifyLocal(token: string): BotAnalysisResponse;
-    verifyRemote(token: string): Promise<BotAnalysisResponse>;
-}
-
-export { type BotAnalysisResponse, TrustSig, type TrustSigOptions };

package/dist/index.js

@@ -1 +0,0 @@
-"use strict";var i=Object.defineProperty;var u=Object.getOwnPropertyDescriptor;var f=Object.getOwnPropertyNames;var l=Object.prototype.hasOwnProperty;var O=(r,t)=>{for(var e in t)i(r,e,{get:t[e],enumerable:!0})},R=(r,t,e,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let s of f(t))!l.call(r,s)&&s!==e&&i(r,s,{get:()=>t[s],enumerable:!(n=u(t,s))||n.enumerable});return r};var T=r=>R(i({},"__esModule",{value:!0}),r);var g={};O(g,{TrustSig:()=>c});module.exports=T(g);var a=require("@noble/ciphers/chacha");function A(r){let t=atob(r),e=t.length,n=new Uint8Array(e);for(let s=0;s<e;s++)n[s]=t.charCodeAt(s);return n}function y(r,t){let e=new Uint8Array(32),n=new TextEncoder().encode(r),s=Math.min(n.length,32);e.set(n.slice(0,s));let o=A(t);if(o.length<12)throw new Error("TOKEN_TOO_SHORT");let p=o.slice(0,12),d=o.slice(12),_=(0,a.chacha20poly1305)(e,p).decrypt(d),h=new TextDecoder().decode(_);return JSON.parse(h)}var c=class{secretKey;endpoint;constructor(t){if(!t.secretKey)throw new Error("SECRET_KEY_REQUIRED");this.secretKey=t.secretKey,this.endpoint=t.endpoint||"https://api.trustsig.com"}verifyLocal(t){try{let e=y(this.secretKey,t);return{is_bot:e.is_bot??!0,score:e.score??100,action:e.action??"BLOCK_MALFORMED_VERDICT",request_id:e.request_id??"",factors:e.factors??[],evidence:e.evidence??{},site_key:e.site_key??""}}catch{return{is_bot:!0,score:100,action:"BLOCK_CRYPTO_FAIL",request_id:"",factors:["CRYPTO_FAIL"],evidence:{},site_key:""}}}async verifyRemote(t){try{let e=await fetch(`${this.endpoint}/verify`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({secret:this.secretKey,response:t})});if(!e.ok)throw new Error("HTTP_ERROR");return await e.json()}catch{return{is_bot:!0,score:100,action:"BLOCK_API_FAIL",request_id:"",factors:["API_FAIL"],evidence:{},site_key:""}}}};0&&(module.exports={TrustSig});

package/dist/index.mjs

@@ -1 +0,0 @@
-import{chacha20poly1305 as _}from"@noble/ciphers/chacha";function h(n){let t=atob(n),e=t.length,r=new Uint8Array(e);for(let s=0;s<e;s++)r[s]=t.charCodeAt(s);return r}function i(n,t){let e=new Uint8Array(32),r=new TextEncoder().encode(n),s=Math.min(r.length,32);e.set(r.slice(0,s));let o=h(t);if(o.length<12)throw new Error("TOKEN_TOO_SHORT");let a=o.slice(0,12),y=o.slice(12),p=_(e,a).decrypt(y),d=new TextDecoder().decode(p);return JSON.parse(d)}var c=class{secretKey;endpoint;constructor(t){if(!t.secretKey)throw new Error("SECRET_KEY_REQUIRED");this.secretKey=t.secretKey,this.endpoint=t.endpoint||"https://api.trustsig.com"}verifyLocal(t){try{let e=i(this.secretKey,t);return{is_bot:e.is_bot??!0,score:e.score??100,action:e.action??"BLOCK_MALFORMED_VERDICT",request_id:e.request_id??"",factors:e.factors??[],evidence:e.evidence??{},site_key:e.site_key??""}}catch{return{is_bot:!0,score:100,action:"BLOCK_CRYPTO_FAIL",request_id:"",factors:["CRYPTO_FAIL"],evidence:{},site_key:""}}}async verifyRemote(t){try{let e=await fetch(`${this.endpoint}/verify`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({secret:this.secretKey,response:t})});if(!e.ok)throw new Error("HTTP_ERROR");return await e.json()}catch{return{is_bot:!0,score:100,action:"BLOCK_API_FAIL",request_id:"",factors:["API_FAIL"],evidence:{},site_key:""}}}};export{c as TrustSig};