@vellumai/assistant 0.3.4 → 0.3.6

package/src/amazon/request-extractor.ts

@@ -0,0 +1,135 @@
+/**
+ * Extracts REST endpoint templates from a session recording and persists them
+ * to disk so the Amazon client can use captured URL patterns instead of
+ * stale static fallbacks.
+ *
+ * Captured requests are saved to ~/.vellum/workspace/data/amazon/captured-requests.json
+ */
+
+import { join } from 'node:path';
+import { mkdirSync, writeFileSync, readFileSync, existsSync } from 'node:fs';
+import { getDataDir } from '../util/platform.js';
+import type { SessionRecording } from '../tools/browser/network-recording-types.js';
+
+export type AmazonRequestKey =
+  | 'search'
+  | 'addToCart'
+  | 'addToCartFresh'
+  | 'viewCart'
+  | 'freshDeliveryWindows'
+  | 'placeOrder';
+
+export interface CapturedRequest {
+  key: AmazonRequestKey;
+  method: string;
+  urlPattern: string;
+  capturedAt: number;
+  /** POST body fields extracted from recordings (keys only, values omitted). */
+  bodyFields?: string[];
+}
+
+function getCapturedRequestsPath(): string {
+  return join(getDataDir(), 'amazon', 'captured-requests.json');
+}
+
+/**
+ * Classify an Amazon URL to a logical key.
+ * Returns null if the URL doesn't match any known pattern.
+ */
+function classifyUrl(url: string, method: string): AmazonRequestKey | null {
+  const withoutQuery = url.split('?')[0];
+
+  if (url.includes('/s?') || /\/s\/[^/]/.test(withoutQuery)) return 'search';
+  if (withoutQuery.includes('/alm/addtofreshcart') && method === 'POST') return 'addToCartFresh';
+  if (withoutQuery.includes('/gp/add-to-cart') || withoutQuery.includes('/cart/smart-add')) return 'addToCart';
+  // Prefer the lightweight JSON endpoint over the HTML cart page
+  if (withoutQuery.includes('/cart/add-to-cart/get-cart-items')) return 'viewCart';
+  if (withoutQuery.includes('/gp/cart/view') || withoutQuery.endsWith('/cart/') || withoutQuery.endsWith('/cart')) return 'viewCart';
+  if (withoutQuery.includes('/fresh/deliverywindows')) return 'freshDeliveryWindows';
+  if (withoutQuery.includes('/gp/buy/spc') && method === 'POST') return 'placeOrder';
+
+  return null;
+}
+
+/**
+ * Extract REST endpoint templates from a session recording's network entries.
+ * Filters for amazon.com URLs, classifies them, deduplicates by key
+ * (keeps last occurrence).
+ */
+export function extractRequests(recording: SessionRecording): CapturedRequest[] {
+  const byKey = new Map<AmazonRequestKey, CapturedRequest>();
+
+  for (const entry of recording.networkEntries) {
+    const url = entry.request.url;
+    if (!url.includes('amazon.com')) continue;
+
+    const method = (entry.request.method ?? 'GET').toUpperCase();
+    const key = classifyUrl(url, method);
+    if (!key) continue;
+
+    // Use base URL (without query params) as the pattern
+    const urlPattern = url.split('?')[0];
+
+    // Extract field names from JSON POST bodies (values omitted — they're session-specific)
+    let bodyFields: string[] | undefined;
+    const postData = entry.request.postData;
+    if (postData && method === 'POST') {
+      try {
+        const parsed = JSON.parse(postData);
+        if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+          bodyFields = Object.keys(parsed);
+        }
+      } catch {
+        // form-encoded body — extract field names
+        bodyFields = postData
+          .split('&')
+          .map(p => decodeURIComponent(p.split('=')[0]))
+          .filter(Boolean);
+      }
+    }
+
+    byKey.set(key, {
+      key,
+      method,
+      urlPattern,
+      capturedAt: entry.timestamp,
+      ...(bodyFields ? { bodyFields } : {}),
+    });
+  }
+
+  return Array.from(byKey.values());
+}
+
+/**
+ * Merge new captured requests with existing ones on disk (newer wins),
+ * then write to disk.
+ */
+export function saveRequests(requests: CapturedRequest[]): string {
+  const existing = loadCapturedRequests();
+
+  for (const req of requests) {
+    const prev = existing[req.key];
+    if (!prev || req.capturedAt >= prev.capturedAt) {
+      existing[req.key] = req;
+    }
+  }
+
+  const filePath = getCapturedRequestsPath();
+  mkdirSync(join(filePath, '..'), { recursive: true });
+  writeFileSync(filePath, JSON.stringify(existing, null, 2), 'utf-8');
+  return filePath;
+}
+
+/**
+ * Load captured requests from disk. Returns a map keyed by logical key.
+ */
+export function loadCapturedRequests(): Record<string, CapturedRequest> {
+  const filePath = getCapturedRequestsPath();
+  if (!existsSync(filePath)) return {};
+  try {
+    const data = readFileSync(filePath, 'utf-8');
+    return JSON.parse(data) as Record<string, CapturedRequest>;
+  } catch {
+    return {};
+  }
+}

package/src/amazon/session.ts

@@ -0,0 +1,109 @@
+/**
+ * Amazon session persistence.
+ * Stores/loads auth cookies from a recording or manual login.
+ */
+
+import { existsSync, readFileSync, writeFileSync, mkdirSync, unlinkSync } from 'node:fs';
+import { join } from 'node:path';
+import { getDataDir } from '../util/platform.js';
+import type { SessionRecording, ExtractedCredential } from '../tools/browser/network-recording-types.js';
+
+export interface AmazonSession {
+  cookies: ExtractedCredential[];
+  importedAt: string;
+  recordingId?: string;
+}
+
+function getSessionDir(): string {
+  return join(getDataDir(), 'amazon');
+}
+
+function getSessionPath(): string {
+  return join(getSessionDir(), 'session.json');
+}
+
+export function loadSession(): AmazonSession | null {
+  const path = getSessionPath();
+  if (!existsSync(path)) return null;
+  try {
+    return JSON.parse(readFileSync(path, 'utf-8')) as AmazonSession;
+  } catch {
+    return null;
+  }
+}
+
+export function saveSession(session: AmazonSession): void {
+  const dir = getSessionDir();
+  if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
+  writeFileSync(getSessionPath(), JSON.stringify(session, null, 2));
+}
+
+export function clearSession(): void {
+  const path = getSessionPath();
+  if (existsSync(path)) {
+    unlinkSync(path);
+  }
+}
+
+/**
+ * Import cookies from a Ride Shotgun recording file.
+ * Validates that the recording contains Amazon's required auth cookies.
+ */
+export function importFromRecording(recordingPath: string): AmazonSession {
+  if (!existsSync(recordingPath)) {
+    throw new Error(`Recording not found: ${recordingPath}`);
+  }
+  const recording = JSON.parse(readFileSync(recordingPath, 'utf-8')) as SessionRecording;
+  if (!recording.cookies?.length) {
+    throw new Error('Recording contains no cookies');
+  }
+
+  const cookieNames = new Set(recording.cookies.map(c => c.name));
+
+  if (!cookieNames.has('session-id')) {
+    throw new Error(
+      'Recording is missing required Amazon cookie: session-id. ' +
+      'Make sure you are logged in to Amazon.',
+    );
+  }
+  if (!cookieNames.has('ubid-main')) {
+    throw new Error(
+      'Recording is missing required Amazon cookie: ubid-main. ' +
+      'Make sure you are logged in to Amazon.',
+    );
+  }
+  if (!cookieNames.has('at-main') && !cookieNames.has('x-main')) {
+    throw new Error(
+      'Recording is missing required Amazon auth cookie (at-main or x-main). ' +
+      'Make sure you are fully logged in to Amazon.',
+    );
+  }
+
+  const session: AmazonSession = {
+    cookies: recording.cookies,
+    importedAt: new Date().toISOString(),
+    recordingId: recording.id,
+  };
+  saveSession(session);
+  return session;
+}
+
+/**
+ * Build a Cookie header string from the session.
+ */
+export function getCookieHeader(session: AmazonSession): string {
+  return session.cookies
+    .map(c => `${c.name}=${c.value}`)
+    .join('; ');
+}
+
+/**
+ * Get the anti-CSRF token from session cookies.
+ * Amazon uses anti-csrftoken-a2z or csrf-main for cart POST requests.
+ */
+export function getAntiCsrfToken(session: AmazonSession): string | undefined {
+  return (
+    session.cookies.find(c => c.name === 'anti-csrftoken-a2z')?.value ??
+    session.cookies.find(c => c.name === 'csrf-main')?.value
+  );
+}

package/src/autonomy/autonomy-store.ts

@@ -7,9 +7,10 @@
  * preferences), so it belongs on disk rather than in the SQLite database.
  */
 
-import { readFileSync, writeFileSync, existsSync, mkdirSync } from 'node:fs';
+import { writeFileSync, mkdirSync } from 'node:fs';
 import { join, dirname } from 'node:path';
 import { getWorkspaceDir } from '../util/platform.js';
+import { readTextFileSync } from '../util/fs.js';
 import { getLogger } from '../util/logger.js';
 import type { AutonomyConfig, AutonomyTier } from './types.js';
 import { DEFAULT_AUTONOMY_CONFIG, AUTONOMY_TIERS } from './types.js';
@@ -25,14 +26,13 @@ function getAutonomyConfigPath(): string {
  * Returns defaults if the file doesn't exist or is malformed.
  */
 export function getAutonomyConfig(): AutonomyConfig {
-  const configPath = getAutonomyConfigPath();
-  if (!existsSync(configPath)) {
+  const raw = readTextFileSync(getAutonomyConfigPath());
+  if (raw == null) {
     return structuredClone(DEFAULT_AUTONOMY_CONFIG);
   }
 
   try {
-    const raw = JSON.parse(readFileSync(configPath, 'utf-8'));
-    return validateAutonomyConfig(raw);
+    return validateAutonomyConfig(JSON.parse(raw));
   } catch (err) {
     log.warn({ err }, 'Failed to parse autonomy config; using defaults');
     return structuredClone(DEFAULT_AUTONOMY_CONFIG);

package/src/browser-extension-relay/client.ts

@@ -0,0 +1,124 @@
+/**
+ * Higher-level API over ExtensionRelayServer.
+ *
+ * Provides convenience wrappers for common operations:
+ *   - relayEval    — evaluate JS in a tab (drop-in for cdpEval)
+ *   - relayCookies — fetch cookies for a domain
+ *   - waitForExtension — poll until the extension connects
+ */
+
+import { extensionRelayServer } from './server.js';
+import type { CookieSpec } from './protocol.js';
+
+const WAIT_POLL_INTERVAL_MS = 250;
+
+/**
+ * Evaluate a JavaScript expression in a tab matching the given URL pattern.
+ *
+ * @param urlPattern   Glob or substring matched against open tab URLs.
+ * @param script       JS source string to evaluate in the tab's MAIN world.
+ * @param timeoutMs    Per-command timeout (default: server default).
+ * @returns            The return value of the script, as returned by the extension.
+ */
+export async function relayEval(
+  urlPattern: string,
+  script: string,
+  timeoutMs?: number,
+): Promise<unknown> {
+  // Find the tab first
+  const findResp = await extensionRelayServer.sendCommand(
+    { action: 'find_tab', url: urlPattern },
+    timeoutMs,
+  );
+  if (!findResp.success) {
+    throw new Error(`relayEval: find_tab failed — ${findResp.error ?? 'unknown error'}`);
+  }
+  const tabId = findResp.tabId;
+  if (tabId === undefined) {
+    throw new Error(`relayEval: no tab found matching "${urlPattern}"`);
+  }
+
+  const evalResp = await extensionRelayServer.sendCommand(
+    { action: 'evaluate', tabId, code: script },
+    timeoutMs,
+  );
+  if (!evalResp.success) {
+    throw new Error(`relayEval: evaluate failed — ${evalResp.error ?? 'unknown error'}`);
+  }
+  return evalResp.result;
+}
+
+/**
+ * Retrieve cookies for a domain.
+ *
+ * @param domain  e.g. "amazon.com"
+ * @returns       Array of cookie objects returned by the extension.
+ */
+export async function relayCookies(domain: string): Promise<unknown[]> {
+  const resp = await extensionRelayServer.sendCommand({ action: 'get_cookies', domain });
+  if (!resp.success) {
+    throw new Error(`relayCookies: failed — ${resp.error ?? 'unknown error'}`);
+  }
+  return Array.isArray(resp.result) ? resp.result : [];
+}
+
+/**
+ * Set a cookie via the extension.
+ */
+export async function relaySetCookie(cookie: CookieSpec): Promise<void> {
+  const resp = await extensionRelayServer.sendCommand({ action: 'set_cookie', cookie });
+  if (!resp.success) {
+    throw new Error(`relaySetCookie: failed — ${resp.error ?? 'unknown error'}`);
+  }
+}
+
+/**
+ * Navigate a tab (or open a new one) to a URL.
+ */
+export async function relayNavigate(url: string, tabId?: number): Promise<number> {
+  const resp = await extensionRelayServer.sendCommand({ action: 'navigate', url, tabId });
+  if (!resp.success) {
+    throw new Error(`relayNavigate: failed — ${resp.error ?? 'unknown error'}`);
+  }
+  return resp.tabId!;
+}
+
+/**
+ * Open a new tab and navigate to a URL.
+ */
+export async function relayNewTab(url: string): Promise<number> {
+  const resp = await extensionRelayServer.sendCommand({ action: 'new_tab', url });
+  if (!resp.success) {
+    throw new Error(`relayNewTab: failed — ${resp.error ?? 'unknown error'}`);
+  }
+  return resp.tabId!;
+}
+
+/**
+ * Take a screenshot of the currently visible tab.
+ *
+ * @param tabId  Optional tab ID; if omitted, captures the active tab in the focused window.
+ * @returns      Base64-encoded PNG data URL.
+ */
+export async function relayScreenshot(tabId?: number): Promise<string> {
+  const resp = await extensionRelayServer.sendCommand({ action: 'screenshot', tabId });
+  if (!resp.success) {
+    throw new Error(`relayScreenshot: failed — ${resp.error ?? 'unknown error'}`);
+  }
+  return resp.result as string;
+}
+
+/**
+ * Poll until the Chrome extension connects or the timeout expires.
+ *
+ * @param timeoutMs  Total wait time in ms (default: 10 000).
+ * @throws           Error if the extension does not connect within the timeout.
+ */
+export async function waitForExtension(timeoutMs = 10_000): Promise<void> {
+  const deadline = Date.now() + timeoutMs;
+  while (Date.now() < deadline) {
+    if (extensionRelayServer.getStatus().connected) return;
+    await new Promise<void>((resolve) => setTimeout(resolve, WAIT_POLL_INTERVAL_MS));
+  }
+  throw new Error(`waitForExtension: Chrome extension did not connect within ${timeoutMs}ms`);
+}

package/src/browser-extension-relay/protocol.ts

@@ -0,0 +1,63 @@
+/**
+ * Protocol types for the Chrome extension relay bridge.
+ *
+ * Messages flow:
+ *   Assistant → ExtensionRelayServer → WebSocket → Chrome Extension → Tab (JS eval)
+ */
+
+export interface CookieSpec {
+  url: string;
+  name: string;
+  value: string;
+  domain?: string;
+  path?: string;
+  secure?: boolean;
+  httpOnly?: boolean;
+  expirationDate?: number;
+}
+
+/**
+ * Command sent from the server to the extension over WebSocket.
+ */
+export interface ExtensionCommand {
+  id: string; // UUID
+  action:
+    | 'evaluate'
+    | 'navigate'
+    | 'get_cookies'
+    | 'set_cookie'
+    | 'screenshot'
+    | 'find_tab'
+    | 'new_tab';
+  tabId?: number;
+  code?: string;     // for evaluate
+  url?: string;      // for navigate / find_tab / new_tab
+  domain?: string;   // for get_cookies
+  cookie?: CookieSpec;
+  timeoutMs?: number;
+}
+
+/**
+ * Response sent from the extension back to the server.
+ */
+export interface ExtensionResponse {
+  id: string;
+  success: boolean;
+  result?: unknown;
+  error?: string;
+  tabId?: number;
+}
+
+/**
+ * Periodic heartbeat from the extension to the server.
+ */
+export interface ExtensionHeartbeat {
+  type: 'heartbeat';
+  extensionVersion: string;
+  connectedTabs: number;
+}
+
+/**
+ * Any message received from the extension (heartbeat or command response).
+ */
+export type ExtensionInboundMessage = ExtensionHeartbeat | ExtensionResponse;

package/src/browser-extension-relay/server.ts

@@ -0,0 +1,177 @@
+/**
+ * WebSocket server for the Chrome extension relay bridge.
+ *
+ * Holds a single active extension connection. Commands are sent as JSON
+ * and matched to pending Promises by UUID.
+ */
+
+import type { ServerWebSocket } from 'bun';
+import { getLogger } from '../util/logger.js';
+import type {
+  ExtensionCommand,
+  ExtensionResponse,
+  ExtensionHeartbeat,
+  ExtensionInboundMessage,
+} from './protocol.js';
+
+const log = getLogger('browser-extension-relay');
+
+const DEFAULT_COMMAND_TIMEOUT_MS = 30_000;
+
+interface PendingCommand {
+  resolve: (value: ExtensionResponse) => void;
+  reject: (reason: Error) => void;
+  timer: ReturnType<typeof setTimeout>;
+}
+
+export interface BrowserRelayWebSocketData {
+  wsType: 'browser-relay';
+  connectionId: string;
+}
+
+export interface ExtensionRelayStatus {
+  connected: boolean;
+  connectionId: string | null;
+  lastHeartbeatAt: number | null;
+  pendingCommandCount: number;
+}
+
+/**
+ * Manages the single active Chrome extension WebSocket connection and
+ * dispatches commands to it.
+ */
+export class ExtensionRelayServer {
+  private ws: ServerWebSocket<BrowserRelayWebSocketData> | null = null;
+  private connectionId: string | null = null;
+  private lastHeartbeatAt: number | null = null;
+  private pendingCommands = new Map<string, PendingCommand>();
+
+  // ── WebSocket lifecycle ────────────────────────────────────────────
+
+  handleOpen(ws: ServerWebSocket<BrowserRelayWebSocketData>): void {
+    const newId = ws.data.connectionId;
+
+    if (this.ws) {
+      log.warn(
+        { oldConnectionId: this.connectionId, newConnectionId: newId },
+        'Browser extension relay: new connection displaced an existing one',
+      );
+      try {
+        this.ws.close(1001, 'Displaced by new connection');
+      } catch {
+        // best-effort
+      }
+      this.rejectAllPending(new Error('Extension reconnected — previous commands cancelled'));
+    }
+
+    this.ws = ws;
+    this.connectionId = newId;
+    log.info({ connectionId: newId }, 'Browser extension relay connected');
+  }
+
+  handleMessage(ws: ServerWebSocket<BrowserRelayWebSocketData>, raw: string): void {
+    let msg: ExtensionInboundMessage;
+    try {
+      msg = JSON.parse(raw) as ExtensionInboundMessage;
+    } catch {
+      log.warn({ connectionId: ws.data.connectionId }, 'Browser extension relay: failed to parse message');
+      return;
+    }
+
+    if ('type' in msg && msg.type === 'heartbeat') {
+      this.handleHeartbeat(msg);
+      return;
+    }
+
+    // Otherwise it's a command response
+    const response = msg as ExtensionResponse;
+    const pending = this.pendingCommands.get(response.id);
+    if (!pending) {
+      log.warn({ id: response.id }, 'Browser extension relay: received response for unknown command id');
+      return;
+    }
+
+    clearTimeout(pending.timer);
+    this.pendingCommands.delete(response.id);
+    pending.resolve(response);
+  }
+
+  handleClose(ws: ServerWebSocket<BrowserRelayWebSocketData>, code: number, reason?: string): void {
+    const closedId = ws.data.connectionId;
+    if (this.connectionId !== closedId) {
+      // Stale close for a displaced connection — ignore
+      return;
+    }
+
+    log.info({ connectionId: closedId, code, reason }, 'Browser extension relay disconnected');
+    this.ws = null;
+    this.connectionId = null;
+    this.rejectAllPending(new Error(`Extension disconnected (code=${code})`));
+  }
+
+  // ── Command dispatch ───────────────────────────────────────────────
+
+  /**
+   * Send a command to the extension and wait for its response.
+   */
+  sendCommand(
+    command: Omit<ExtensionCommand, 'id'>,
+    timeoutMs: number = DEFAULT_COMMAND_TIMEOUT_MS,
+  ): Promise<ExtensionResponse> {
+    if (!this.ws) {
+      return Promise.reject(new Error('Browser extension is not connected'));
+    }
+
+    const id = crypto.randomUUID();
+    const fullCommand: ExtensionCommand = { ...command, id };
+
+    return new Promise<ExtensionResponse>((resolve, reject) => {
+      const timer = setTimeout(() => {
+        this.pendingCommands.delete(id);
+        reject(new Error(`Browser extension command timed out after ${timeoutMs}ms (action=${command.action})`));
+      }, timeoutMs);
+
+      this.pendingCommands.set(id, { resolve, reject, timer });
+
+      try {
+        this.ws!.send(JSON.stringify(fullCommand));
+      } catch (err) {
+        clearTimeout(timer);
+        this.pendingCommands.delete(id);
+        reject(err instanceof Error ? err : new Error(String(err)));
+      }
+    });
+  }
+
+  // ── Status ─────────────────────────────────────────────────────────
+
+  getStatus(): ExtensionRelayStatus {
+    return {
+      connected: !!this.ws,
+      connectionId: this.connectionId,
+      lastHeartbeatAt: this.lastHeartbeatAt,
+      pendingCommandCount: this.pendingCommands.size,
+    };
+  }
+
+  // ── Private helpers ────────────────────────────────────────────────
+
+  private handleHeartbeat(msg: ExtensionHeartbeat): void {
+    this.lastHeartbeatAt = Date.now();
+    log.debug(
+      { extensionVersion: msg.extensionVersion, connectedTabs: msg.connectedTabs },
+      'Browser extension heartbeat received',
+    );
+  }
+
+  private rejectAllPending(err: Error): void {
+    for (const [id, pending] of this.pendingCommands) {
+      clearTimeout(pending.timer);
+      pending.reject(err);
+      this.pendingCommands.delete(id);
+    }
+  }
+}
+
+/** Module-level singleton — imported by http-server and client. */
+export const extensionRelayServer = new ExtensionRelayServer();

package/src/bundler/app-bundler.ts

@@ -45,7 +45,7 @@ export function extractRemoteUrls(html: string): string[] {
   // Match src="..." attributes on any element
   const srcRe = /\bsrc\s*=\s*(?:"([^"]*?)"|'([^']*?)'|([^\s>]+))/gi;
   let m: RegExpExecArray | null;
-  while ((m = srcRe.exec(html)) !== null) {
+  while ((m = srcRe.exec(html)) != null) {
     const url = m[1] ?? m[2] ?? m[3];
     if (url && /^https?:\/\//i.test(url)) {
       urls.add(url);
@@ -55,7 +55,7 @@ export function extractRemoteUrls(html: string): string[] {
   // Match href="..." on any element except navigation/resolution tags (not assets).
   // Captures the tag name and href value so we can skip them.
   const hrefRe = /<(\w+)\b[^>]*?\bhref\s*=\s*(?:"([^"]*?)"|'([^']*?)'|([^\s>]+))[^>]*?\/?>/gi;
-  while ((m = hrefRe.exec(html)) !== null) {
+  while ((m = hrefRe.exec(html)) != null) {
     const tagName = m[1];
     if (['a', 'base', 'area'].includes(tagName.toLowerCase())) continue;
     const url = m[2] ?? m[3] ?? m[4];
@@ -66,7 +66,7 @@ export function extractRemoteUrls(html: string): string[] {
 
   // Match CSS url() references (inline styles and <style> blocks)
   const urlRe = /url\(\s*(?:"([^"]*?)"|'([^']*?)'|([^)"'\s]+))\s*\)/gi;
-  while ((m = urlRe.exec(html)) !== null) {
+  while ((m = urlRe.exec(html)) != null) {
     const url = m[1] ?? m[2] ?? m[3];
     if (url && /^https?:\/\//i.test(url)) {
       urls.add(url);

package/src/bundler/bundle-signer.ts

@@ -34,7 +34,7 @@ export type SigningCallback = (payload: string) => Promise<{
  * Recursively sort object keys alphabetically for canonical JSON.
  */
 function sortKeysDeep(obj: unknown): unknown {
-  if (obj === null || obj === undefined || typeof obj !== 'object') {
+  if (obj == null || typeof obj !== 'object') {
     return obj;
   }
   if (Array.isArray(obj)) {

package/src/bundler/signature-verifier.ts

@@ -23,7 +23,7 @@ export interface SignatureVerificationResult {
  * Recursively sort object keys alphabetically for canonical JSON.
  */
 function sortKeysDeep(obj: unknown): unknown {
-  if (obj === null || obj === undefined || typeof obj !== 'object') {
+  if (obj == null || typeof obj !== 'object') {
     return obj;
   }
   if (Array.isArray(obj)) {