npm - @vencav/shoptet-client - Versions diffs - 0.1.0 - Mend

@vencav/shoptet-client 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2025 Václav Vracovský
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,151 @@
+# @vencav/shoptet-client
+TypeScript client for the [Shoptet](https://www.shoptet.cz/) Private API. Covers orders, stock, pricelists, and webhook signature validation.
+## Install
+```bash
+npm install @vencav/shoptet-client axios
+```
+`axios` is a peer dependency and must be installed separately.
+## Usage
+```ts
+import { createShoptetClient } from "@vencav/shoptet-client";
+const client = createShoptetClient(
+  {
+    apiUrl: "https://api.myshop.shoptet.com", // must be HTTPS
+    oauthAccessToken: "your-private-api-token",
+    webhookSecret: "your-webhook-secret",
+  },
+  {
+    maxBatchSize: 300, // optional, default 300 (Shoptet API hard limit)
+  }
+);
+```
+All methods return a `Result<T>` — either `{ status: "ok"; data: T }` or `{ status: "error"; error: Error }`. No method throws.
+## API
+### `getOrder(orderCode)`
+```ts
+const result = await client.getOrder("OBJ-2024-001");
+if (result.status === "error") {
+  console.error(result.error.message);
+} else {
+  console.log(result.data.code, result.data.customer.email);
+}
+```
+### `createOrder(order, options?)`
+Creates an order via `POST /api/orders`. Accepts a `CreateOrderRequest` object and optional suppression flags.
+```ts
+const result = await client.createOrder(
+  {
+    externalCode: "EXT-001",
+    currency: { code: "CZK" },
+    email: "customer@example.com",
+    items: [
+      {
+        itemType: "product",
+        code: "SKU-123",
+        name: "Product name",
+        amount: "1.000",
+        unitPriceWithVat: "299.00",
+        vatRate: "21.00",
+      },
+    ],
+  },
+  {
+    suppressEmailSending: true,
+    suppressDocumentGeneration: true,
+  }
+);
+```
+### `batchUpdateStock(items)`
+Updates stock quantities. Quantities are relative movements (positive = add, negative = subtract).
+```ts
+const result = await client.batchUpdateStock([
+  { productCode: "SKU-123", quantity: 10 },
+  { productCode: "SKU-456", quantity: -3 },
+]);
+if (result.status === "ok") {
+  console.log(`${result.data.success} updated, ${result.data.failed} failed`);
+  for (const err of result.data.errors) {
+    console.error(`${err.code}: ${err.error}`);
+  }
+}
+```
+> **Note:** The Shoptet API hard limit is 300 items per request. `batchUpdateStock` returns `Result.error` if `items.length` exceeds `maxBatchSize` (configurable via options, default 300).
+### `batchUpdatePrices(items)`
+Updates selling prices (with VAT) on the default pricelist.
+```ts
+const result = await client.batchUpdatePrices([
+  { code: "SKU-123", price: 299.9 },
+  { code: "SKU-456", price: 149.0 },
+]);
+```
+Same `{ success, failed, errors }` shape as `batchUpdateStock`.
+### `validateWebhookSignature(payload, signature)`
+Validates the `Shoptet-Webhook-Signature` header using HMAC-SHA1. Returns `true` if valid.
+```ts
+app.post("/webhook", (req, res) => {
+  const signature = req.headers["shoptet-webhook-signature"] ?? "";
+  if (!client.validateWebhookSignature(req.rawBody, signature)) {
+    return res.status(401).json({ error: "Invalid signature" });
+  }
+  // process webhook...
+});
+```
+### `getDefaultStockId()` / `getDefaultPricelistId()`
+Returns the ID of the first warehouse / pricelist found in Shoptet. Result is cached after the first successful call. Useful if you need the IDs for custom requests.
+## Result type
+All methods return `Result<T>`, re-exported from `@vencav/result`:
+```ts
+type Result<T, E = Error> =
+  | { status: "ok"; data: T }
+  | { status: "error"; error: E };
+```
+Check with `result.status === "ok"` or use the exported `Result.isOk()` / `Result.isError()` helpers.
+```ts
+import { Result } from "@vencav/shoptet-client";
+```
+## Security
+- Webhook signatures are validated using `crypto.timingSafeEqual` to prevent timing attacks.
+- The API token is sent in a request header (`Shoptet-Private-API-Token`). If you use error-reporting tools (Sentry, Datadog), configure them to scrub this header from outgoing HTTP request metadata.
+## TypeScript
+Full type definitions are included. Key exported types: `ShoptetCredentials`, `ShoptetClientOptions`, `ShoptetOrder`, `ShoptetOrderItem`, `CreateOrderRequest`, `CreateOrderOptions`.
+## License
+MIT

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,271 @@
+'use strict';
+var axios = require('axios');
+var crypto = require('crypto');
+var result = require('@vencav/result');
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+var axios__default = /*#__PURE__*/_interopDefault(axios);
+var crypto__default = /*#__PURE__*/_interopDefault(crypto);
+// src/client.ts
+var SHOPTET_API_BATCH_LIMIT = 300;
+var SHOPTET_API_TIMEOUT_MS = 3e4;
+var SUPPRESS_FLAGS = [
+  "suppressDocumentGeneration",
+  "suppressEmailSending",
+  "suppressProductChecking",
+  "suppressStockMovements",
+  "suppressHistoricalMandatoryFields",
+  "suppressHistoricalPaymentChecking",
+  "suppressHistoricalShippingChecking"
+];
+var requireNonEmpty = (ctx, value, name) => {
+  if (!value) throw new Error(`${ctx}: ${name} must not be empty`);
+};
+var resolvePositiveInt = (ctx, value, fallback, name) => {
+  const resolved = value ?? fallback;
+  if (!Number.isInteger(resolved) || resolved < 1) {
+    throw new Error(`${ctx}: ${name} must be a positive integer`);
+  }
+  return resolved;
+};
+var validateHttpsUrl = (ctx, raw, fieldName = "url") => {
+  let url;
+  try {
+    url = new URL(raw);
+  } catch {
+    throw new Error(`${ctx}: ${fieldName} is not a valid URL`);
+  }
+  if (url.protocol !== "https:") throw new Error(`${ctx}: ${fieldName} must use HTTPS`);
+  if (url.username || url.password) throw new Error(`${ctx}: ${fieldName} must not contain credentials`);
+};
+var apiCall = async (promise) => {
+  try {
+    return result.Result.ok((await promise).data);
+  } catch (error) {
+    if (axios__default.default.isAxiosError(error)) {
+      const apiErrors = error.response?.data?.errors;
+      if (Array.isArray(apiErrors) && apiErrors.length > 0) {
+        const msg = joinMessages(apiErrors);
+        return result.Result.error(new Error(`Shoptet API error (${error.response?.status}): ${msg}`));
+      }
+      return result.Result.error(new Error(error.message || "Unknown error"));
+    }
+    return result.Result.error(error instanceof Error ? error : new Error(String(error)));
+  }
+};
+var joinMessages = (errors) => errors.map((e) => e.message).join(", ");
+var parseResponseErrors = (raw) => (raw ?? []).map((e) => ({ code: e.instance ?? "unknown", error: e.message ?? "Unknown error" }));
+var buildSuppressParams = (options) => {
+  const params = new URLSearchParams();
+  for (const flag of SUPPRESS_FLAGS) {
+    if (options[flag]) params.set(flag, "true");
+  }
+  return params;
+};
+var scrubSensitiveHeaders = (headers) => {
+  if (!headers || typeof headers !== "object") return;
+  const axiosHeaders = headers;
+  if (typeof axiosHeaders.delete === "function") {
+    axiosHeaders.delete("Shoptet-Private-API-Token");
+    return;
+  }
+  const headerEntries = Object.keys(headers);
+  for (const key of headerEntries) {
+    if (key.toLowerCase() === "shoptet-private-api-token") {
+      delete headers[key];
+    }
+  }
+};
+var checkWebhookSignature = (secret, payload, signature) => {
+  const expected = crypto__default.default.createHmac("sha1", secret).update(payload).digest("hex");
+  try {
+    return crypto__default.default.timingSafeEqual(
+      Uint8Array.from(Buffer.from(signature, "hex")),
+      Uint8Array.from(Buffer.from(expected, "hex"))
+    );
+  } catch {
+    return false;
+  }
+};
+var fetchOrder = async (client, orderCode) => {
+  const result$1 = await apiCall(
+    client.get(`/api/orders/${encodeURIComponent(orderCode)}`)
+  );
+  if (result.Result.isError(result$1)) return result$1;
+  if (result$1.data.errors?.length) {
+    const msg = joinMessages(result$1.data.errors);
+    return result.Result.error(new Error(`Shoptet API error: ${msg}`));
+  }
+  const order = result$1.data.data?.order;
+  if (!order) {
+    return result.Result.error(new Error("Shoptet API returned no order data"));
+  }
+  return result.Result.ok(order);
+};
+var fetchStockId = async (client) => {
+  const result$1 = await apiCall(
+    client.get("/api/stocks")
+  );
+  if (result.Result.isError(result$1)) return result$1;
+  const stocks = result$1.data.data?.stocks;
+  if (!stocks || stocks.length === 0) {
+    return result.Result.error(new Error("No stocks (warehouses) found in Shoptet"));
+  }
+  return result.Result.ok(stocks[0].id);
+};
+var fetchPricelistId = async (client) => {
+  const result$1 = await apiCall(
+    client.get("/api/pricelists")
+  );
+  if (result.Result.isError(result$1)) return result$1;
+  const pricelists = result$1.data.data?.priceLists ?? result$1.data.data?.pricelists;
+  if (!pricelists || pricelists.length === 0) {
+    return result.Result.error(new Error("No pricelists found in Shoptet"));
+  }
+  return result.Result.ok(pricelists[0].id);
+};
+var updateStock = async (client, getStockId, maxBatchSize, items) => {
+  if (items.length === 0) return result.Result.ok({ success: 0, failed: 0, errors: [] });
+  if (items.length > maxBatchSize) {
+    return result.Result.error(new Error(`batchUpdateStock: too many items (${items.length} > ${maxBatchSize})`));
+  }
+  const invalidQuantity = items.find((item) => !Number.isFinite(item.quantity));
+  if (invalidQuantity) {
+    return result.Result.error(
+      new Error(`batchUpdateStock: invalid quantity for "${invalidQuantity.productCode}" (${invalidQuantity.quantity})`)
+    );
+  }
+  const stockIdResult = await getStockId();
+  if (result.Result.isError(stockIdResult)) {
+    return result.Result.ok({
+      success: 0,
+      failed: items.length,
+      errors: items.map((item) => ({ code: item.productCode, error: stockIdResult.error.message }))
+    });
+  }
+  const result$1 = await apiCall(
+    client.patch(
+      `/api/stocks/${stockIdResult.data}/movements`,
+      { data: items.map((item) => ({ productCode: item.productCode, quantity: item.quantity })) }
+    )
+  );
+  if (result.Result.isError(result$1)) {
+    return result.Result.ok({
+      success: 0,
+      failed: items.length,
+      errors: items.map((item) => ({ code: item.productCode, error: result$1.error.message }))
+    });
+  }
+  const errors = parseResponseErrors(result$1.data.errors);
+  return result.Result.ok({ success: items.length - errors.length, failed: errors.length, errors });
+};
+var updatePrices = async (client, getPricelistId, maxBatchSize, items) => {
+  if (items.length === 0) return result.Result.ok({ success: 0, failed: 0, errors: [] });
+  if (items.length > maxBatchSize) {
+    return result.Result.error(new Error(`batchUpdatePrices: too many items (${items.length} > ${maxBatchSize})`));
+  }
+  const invalidPrice = items.find((item) => !Number.isFinite(item.price) || item.price < 0);
+  if (invalidPrice) {
+    return result.Result.error(
+      new Error(`batchUpdatePrices: invalid price for "${invalidPrice.code}" (${invalidPrice.price})`)
+    );
+  }
+  const pricelistIdResult = await getPricelistId();
+  if (result.Result.isError(pricelistIdResult)) {
+    return result.Result.ok({
+      success: 0,
+      failed: items.length,
+      errors: items.map((item) => ({ code: item.code, error: pricelistIdResult.error.message }))
+    });
+  }
+  const result$1 = await apiCall(
+    client.patch(
+      `/api/pricelists/${pricelistIdResult.data}`,
+      {
+        data: items.map((item) => ({
+          code: item.code,
+          includingVat: true,
+          price: { price: item.price.toFixed(2) }
+        }))
+      }
+    )
+  );
+  if (result.Result.isError(result$1)) {
+    return result.Result.ok({
+      success: 0,
+      failed: items.length,
+      errors: items.map((item) => ({ code: item.code, error: result$1.error.message }))
+    });
+  }
+  const errors = parseResponseErrors(result$1.data.errors);
+  return result.Result.ok({ success: items.length - errors.length, failed: errors.length, errors });
+};
+var postOrder = async (client, order, orderOptions) => {
+  const qs = buildSuppressParams(orderOptions).toString();
+  const url = `/api/orders${qs ? `?${qs}` : ""}`;
+  const result$1 = await apiCall(
+    client.post(url, { data: order })
+  );
+  if (result.Result.isError(result$1)) return result$1;
+  if (result$1.data.errors?.length) {
+    const msg = joinMessages(result$1.data.errors);
+    return result.Result.error(new Error(`Shoptet API errors: ${msg}`));
+  }
+  const createdOrder = result$1.data.data?.order;
+  if (!createdOrder) {
+    return result.Result.error(new Error("Shoptet API returned no order data"));
+  }
+  return result.Result.ok(createdOrder);
+};
+var createIdResolver = (fetch) => {
+  let cached = null;
+  return async () => {
+    if (cached !== null) return result.Result.ok(cached);
+    const result$1 = await fetch();
+    if (result.Result.isOk(result$1)) cached = result$1.data;
+    return result$1;
+  };
+};
+var createShoptetClient = (credentials, options = {}) => {
+  validateHttpsUrl("ShoptetClient", credentials.apiUrl, "apiUrl");
+  requireNonEmpty("ShoptetClient", credentials.oauthAccessToken, "oauthAccessToken");
+  requireNonEmpty("ShoptetClient", credentials.webhookSecret, "webhookSecret");
+  const maxBatchSize = resolvePositiveInt("ShoptetClient", options.maxBatchSize, SHOPTET_API_BATCH_LIMIT, "maxBatchSize");
+  const timeoutMs = resolvePositiveInt("ShoptetClient", options.timeoutMs, SHOPTET_API_TIMEOUT_MS, "timeoutMs");
+  const client = axios__default.default.create({
+    baseURL: credentials.apiUrl,
+    timeout: timeoutMs,
+    headers: {
+      "Content-Type": "application/vnd.shoptet.v1.0+json",
+      "Shoptet-Private-API-Token": credentials.oauthAccessToken
+    }
+  });
+  client.interceptors.response.use(void 0, (error) => {
+    if (axios__default.default.isAxiosError(error)) {
+      scrubSensitiveHeaders(error.config?.headers);
+    }
+    return Promise.reject(error);
+  });
+  const getDefaultStockId = createIdResolver(() => fetchStockId(client));
+  const getDefaultPricelistId = createIdResolver(() => fetchPricelistId(client));
+  return {
+    validateWebhookSignature: (payload, signature) => checkWebhookSignature(credentials.webhookSecret, payload, signature),
+    getOrder: (orderCode) => fetchOrder(client, orderCode),
+    getDefaultStockId,
+    batchUpdateStock: (items) => updateStock(client, getDefaultStockId, maxBatchSize, items),
+    getDefaultPricelistId,
+    batchUpdatePrices: (items) => updatePrices(client, getDefaultPricelistId, maxBatchSize, items),
+    createOrder: (order, orderOptions = {}) => postOrder(client, order, orderOptions)
+  };
+};
+Object.defineProperty(exports, "Result", {
+  enumerable: true,
+  get: function () { return result.Result; }
+});
+exports.createShoptetClient = createShoptetClient;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/client.ts"],"names":["Result","axios","crypto","result"],"mappings":";;;;;;;;;;;;AA0BA,IAAM,uBAAA,GAA0B,GAAA;AAChC,IAAM,sBAAA,GAAyB,GAAA;AAE/B,IAAM,cAAA,GAAiB;AAAA,EACrB,4BAAA;AAAA,EACA,sBAAA;AAAA,EACA,yBAAA;AAAA,EACA,wBAAA;AAAA,EACA,mCAAA;AAAA,EACA,mCAAA;AAAA,EACA;AACF,CAAA;AAIA,IAAM,eAAA,GAAkB,CAAC,GAAA,EAAa,KAAA,EAAe,IAAA,KAAuB;AAC1E,EAAA,IAAI,CAAC,OAAO,MAAM,IAAI,MAAM,CAAA,EAAG,GAAG,CAAA,EAAA,EAAK,IAAI,CAAA,kBAAA,CAAoB,CAAA;AACjE,CAAA;AAEA,IAAM,kBAAA,GAAqB,CAAC,GAAA,EAAa,KAAA,EAA2B,UAAkB,IAAA,KAAyB;AAC7G,EAAA,MAAM,WAAW,KAAA,IAAS,QAAA;AAC1B,EAAA,IAAI,CAAC,MAAA,CAAO,SAAA,CAAU,QAAQ,CAAA,IAAK,WAAW,CAAA,EAAG;AAC/C,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA,EAAA,EAAK,IAAI,CAAA,2BAAA,CAA6B,CAAA;AAAA,EAC9D;AACA,EAAA,OAAO,QAAA;AACT,CAAA;AAEA,IAAM,gBAAA,GAAmB,CAAC,GAAA,EAAa,GAAA,EAAa,YAAY,KAAA,KAAgB;AAC9E,EAAA,IAAI,GAAA;AACJ,EAAA,IAAI;AACF,IAAA,GAAA,GAAM,IAAI,IAAI,GAAG,CAAA;AAAA,EACnB,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA,EAAA,EAAK,SAAS,CAAA,mBAAA,CAAqB,CAAA;AAAA,EAC3D;AACA,EAAA,IAAI,GAAA,CAAI,QAAA,KAAa,QAAA,EAAU,MAAM,IAAI,MAAM,CAAA,EAAG,GAAG,CAAA,EAAA,EAAK,SAAS,CAAA,eAAA,CAAiB,CAAA;AACpF,EAAA,IAAI,GAAA,CAAI,QAAA,IAAY,GAAA,CAAI,QAAA,EAAU,MAAM,IAAI,KAAA,CAAM,CAAA,EAAG,GAAG,CAAA,EAAA,EAAK,SAAS,CAAA,6BAAA,CAA+B,CAAA;AACvG,CAAA;AAIA,IAAM,OAAA,GAAU,OAAU,OAAA,KAA2D;AACnF,EAAA,IAAI;AACF,IAAA,OAAOA,aAAA,CAAO,EAAA,CAAA,CAAI,MAAM,OAAA,EAAS,IAAI,CAAA;AAAA,EACvC,SAAS,KAAA,EAAgB;AACvB,IAAA,IAAIC,sBAAA,CAAM,YAAA,CAAa,KAAK,CAAA,EAAG;AAC7B,MAAA,MAAM,SAAA,GAAY,KAAA,CAAM,QAAA,EAAU,IAAA,EAAM,MAAA;AACxC,MAAA,IAAI,MAAM,OAAA,CAAQ,SAAS,CAAA,IAAK,SAAA,CAAU,SAAS,CAAA,EAAG;AACpD,QAAA,MAAM,GAAA,GAAM,aAAa,SAAuC,CAAA;AAChE,QAAA,OAAOD,aAAA,CAAO,KAAA,CAAM,IAAI,KAAA,CAAM,CAAA,mBAAA,EAAsB,KAAA,CAAM,QAAA,EAAU,MAAM,CAAA,GAAA,EAAM,GAAG,CAAA,CAAE,CAAC,CAAA;AAAA,MACxF;AACA,MAAA,OAAOA,cAAO,KAAA,CAAM,IAAI,MAAM,KAAA,CAAM,OAAA,IAAW,eAAe,CAAC,CAAA;AAAA,IACjE;AACA,IAAA,OAAOA,aAAA,CAAO,KAAA,CAAM,KAAA,YAAiB,KAAA,GAAQ,KAAA,GAAQ,IAAI,KAAA,CAAM,MAAA,CAAO,KAAK,CAAC,CAAC,CAAA;AAAA,EAC/E;AACF,CAAA;AAIA,IAAM,YAAA,GAAe,CAAC,MAAA,KACpB,MAAA,CAAO,GAAA,CAAI,CAAC,CAAA,KAAM,CAAA,CAAE,OAAO,CAAA,CAAE,IAAA,CAAK,IAAI,CAAA;AAExC,IAAM,sBAAsB,CAC1B,GAAA,KAAA,CAEC,OAAO,EAAC,EAAG,IAAI,CAAC,CAAA,MAAO,EAAE,IAAA,EAAM,EAAE,QAAA,IAAY,SAAA,EAAW,OAAO,CAAA,CAAE,OAAA,IAAW,iBAAgB,CAAE,CAAA;AAEjG,IAAM,mBAAA,GAAsB,CAAC,OAAA,KAAiD;AAC5E,EAAA,MAAM,MAAA,GAAS,IAAI,eAAA,EAAgB;AACnC,EAAA,KAAA,MAAW,QAAQ,cAAA,EAAgB;AACjC,IAAA,IAAI,QAAQ,IAAI,CAAA,EAAG,MAAA,CAAO,GAAA,CAAI,MAAM,MAAM,CAAA;AAAA,EAC5C;AACA,EAAA,OAAO,MAAA;AACT,CAAA;AAEA,IAAM,qBAAA,GAAwB,CAAC,OAAA,KAA2B;AACxD,EAAA,IAAI,CAAC,OAAA,IAAW,OAAO,OAAA,KAAY,QAAA,EAAU;AAE7C,EAAA,MAAM,YAAA,GAAe,OAAA;AACrB,EAAA,IAAI,OAAO,YAAA,CAAa,MAAA,KAAW,UAAA,EAAY;AAC7C,IAAA,YAAA,CAAa,OAAO,2BAA2B,CAAA;AAC/C,IAAA;AAAA,EACF;AAEA,EAAA,MAAM,aAAA,GAAgB,MAAA,CAAO,IAAA,CAAK,OAAkC,CAAA;AACpE,EAAA,KAAA,MAAW,OAAO,aAAA,EAAe;AAC/B,IAAA,IAAI,GAAA,CAAI,WAAA,EAAY,KAAM,2BAAA,EAA6B;AACrD,MAAA,OAAQ,QAAoC,GAAG,CAAA;AAAA,IACjD;AAAA,EACF;AACF,CAAA;AAIA,IAAM,qBAAA,GAAwB,CAAC,MAAA,EAAgB,OAAA,EAAiB,SAAA,KAA+B;AAC7F,EAAA,MAAM,QAAA,GAAWE,uBAAA,CAAO,UAAA,CAAW,MAAA,EAAQ,MAAM,EAAE,MAAA,CAAO,OAAO,CAAA,CAAE,MAAA,CAAO,KAAK,CAAA;AAC/E,EAAA,IAAI;AACF,IAAA,OAAOA,uBAAA,CAAO,eAAA;AAAA,MACZ,WAAW,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,SAAA,EAAW,KAAK,CAAC,CAAA;AAAA,MAC7C,WAAW,IAAA,CAAK,MAAA,CAAO,IAAA,CAAK,QAAA,EAAU,KAAK,CAAC;AAAA,KAC9C;AAAA,EACF,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF,CAAA;AAEA,IAAM,UAAA,GAAa,OAAO,MAAA,EAAuB,SAAA,KAAqD;AACpG,EAAA,MAAMC,WAAS,MAAM,OAAA;AAAA,IACnB,OAAO,GAAA,CAAiD,CAAA,YAAA,EAAe,kBAAA,CAAmB,SAAS,CAAC,CAAA,CAAE;AAAA,GACxG;AACA,EAAA,IAAIH,aAAA,CAAO,OAAA,CAAQG,QAAM,CAAA,EAAG,OAAOA,QAAA;AACnC,EAAA,IAAIA,QAAA,CAAO,IAAA,CAAK,MAAA,EAAQ,MAAA,EAAQ;AAC9B,IAAA,MAAM,GAAA,GAAM,YAAA,CAAaA,QAAA,CAAO,IAAA,CAAK,MAAM,CAAA;AAC3C,IAAA,OAAOH,cAAO,KAAA,CAAM,IAAI,MAAM,CAAA,mBAAA,EAAsB,GAAG,EAAE,CAAC,CAAA;AAAA,EAC5D;AACA,EAAA,MAAM,KAAA,GAAQG,QAAA,CAAO,IAAA,CAAK,IAAA,EAAM,KAAA;AAChC,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,OAAOH,aAAA,CAAO,KAAA,CAAM,IAAI,KAAA,CAAM,oCAAoC,CAAC,CAAA;AAAA,EACrE;AACA,EAAA,OAAOA,aAAA,CAAO,GAAG,KAAK,CAAA;AACxB,CAAA;AAEA,IAAM,YAAA,GAAe,OAAO,MAAA,KAAmD;AAC7E,EAAA,MAAMG,WAAS,MAAM,OAAA;AAAA,IACnB,MAAA,CAAO,IAAgE,aAAa;AAAA,GACtF;AACA,EAAA,IAAIH,aAAA,CAAO,OAAA,CAAQG,QAAM,CAAA,EAAG,OAAOA,QAAA;AACnC,EAAA,MAAM,MAAA,GAASA,QAAA,CAAO,IAAA,CAAK,IAAA,EAAM,MAAA;AACjC,EAAA,IAAI,CAAC,MAAA,IAAU,MAAA,CAAO,MAAA,KAAW,CAAA,EAAG;AAClC,IAAA,OAAOH,aAAA,CAAO,KAAA,CAAM,IAAI,KAAA,CAAM,yCAAyC,CAAC,CAAA;AAAA,EAC1E;AACA,EAAA,OAAOA,aAAA,CAAO,EAAA,CAAG,MAAA,CAAO,CAAC,EAAE,EAAE,CAAA;AAC/B,CAAA;AAEA,IAAM,gBAAA,GAAmB,OAAO,MAAA,KAAmD;AACjF,EAAA,MAAMG,WAAS,MAAM,OAAA;AAAA,IACnB,MAAA,CAAO,IAKJ,iBAAiB;AAAA,GACtB;AACA,EAAA,IAAIH,aAAA,CAAO,OAAA,CAAQG,QAAM,CAAA,EAAG,OAAOA,QAAA;AACnC,EAAA,MAAM,aAAaA,QAAA,CAAO,IAAA,CAAK,MAAM,UAAA,IAAcA,QAAA,CAAO,KAAK,IAAA,EAAM,UAAA;AACrE,EAAA,IAAI,CAAC,UAAA,IAAc,UAAA,CAAW,MAAA,KAAW,CAAA,EAAG;AAC1C,IAAA,OAAOH,aAAA,CAAO,KAAA,CAAM,IAAI,KAAA,CAAM,gCAAgC,CAAC,CAAA;AAAA,EACjE;AACA,EAAA,OAAOA,aAAA,CAAO,EAAA,CAAG,UAAA,CAAW,CAAC,EAAE,EAAE,CAAA;AACnC,CAAA;AAEA,IAAM,WAAA,GAAc,OAClB,MAAA,EACA,UAAA,EACA,cACA,KAAA,KACuC;AACvC,EAAA,IAAI,KAAA,CAAM,MAAA,KAAW,CAAA,EAAG,OAAOA,cAAO,EAAA,CAAG,EAAE,OAAA,EAAS,CAAA,EAAG,MAAA,EAAQ,CAAA,EAAG,MAAA,EAAQ,IAAI,CAAA;AAC9E,EAAA,IAAI,KAAA,CAAM,SAAS,YAAA,EAAc;AAC/B,IAAA,OAAOA,aAAA,CAAO,KAAA,CAAM,IAAI,KAAA,CAAM,CAAA,kCAAA,EAAqC,MAAM,MAAM,CAAA,GAAA,EAAM,YAAY,CAAA,CAAA,CAAG,CAAC,CAAA;AAAA,EACvG;AAEA,EAAA,MAAM,eAAA,GAAkB,KAAA,CAAM,IAAA,CAAK,CAAC,IAAA,KAAS,CAAC,MAAA,CAAO,QAAA,CAAS,IAAA,CAAK,QAAQ,CAAC,CAAA;AAC5E,EAAA,IAAI,eAAA,EAAiB;AACnB,IAAA,OAAOA,aAAA,CAAO,KAAA;AAAA,MACZ,IAAI,MAAM,CAAA,wCAAA,EAA2C,eAAA,CAAgB,WAAW,CAAA,GAAA,EAAM,eAAA,CAAgB,QAAQ,CAAA,CAAA,CAAG;AAAA,KACnH;AAAA,EACF;AAEA,EAAA,MAAM,aAAA,GAAgB,MAAM,UAAA,EAAW;AACvC,EAAA,IAAIA,aAAA,CAAO,OAAA,CAAQ,aAAa,CAAA,EAAG;AACjC,IAAA,OAAOA,cAAO,EAAA,CAAG;AAAA,MACf,OAAA,EAAS,CAAA;AAAA,MACT,QAAQ,KAAA,CAAM,MAAA;AAAA,MACd,MAAA,EAAQ,KAAA,CAAM,GAAA,CAAI,CAAC,IAAA,MAAU,EAAE,IAAA,EAAM,IAAA,CAAK,WAAA,EAAa,KAAA,EAAO,aAAA,CAAc,KAAA,CAAM,SAAQ,CAAE;AAAA,KAC7F,CAAA;AAAA,EACH;AAEA,EAAA,MAAMG,WAAS,MAAM,OAAA;AAAA,IACnB,MAAA,CAAO,KAAA;AAAA,MACL,CAAA,YAAA,EAAe,cAAc,IAAI,CAAA,UAAA,CAAA;AAAA,MACjC,EAAE,IAAA,EAAM,KAAA,CAAM,GAAA,CAAI,CAAC,IAAA,MAAU,EAAE,WAAA,EAAa,IAAA,CAAK,WAAA,EAAa,QAAA,EAAU,IAAA,CAAK,QAAA,GAAW,CAAA;AAAE;AAC5F,GACF;AAEA,EAAA,IAAIH,aAAA,CAAO,OAAA,CAAQG,QAAM,CAAA,EAAG;AAC1B,IAAA,OAAOH,cAAO,EAAA,CAAG;AAAA,MACf,OAAA,EAAS,CAAA;AAAA,MACT,QAAQ,KAAA,CAAM,MAAA;AAAA,MACd,MAAA,EAAQ,KAAA,CAAM,GAAA,CAAI,CAAC,IAAA,MAAU,EAAE,IAAA,EAAM,IAAA,CAAK,WAAA,EAAa,KAAA,EAAOG,QAAA,CAAO,KAAA,CAAM,SAAQ,CAAE;AAAA,KACtF,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,MAAA,GAAS,mBAAA,CAAoBA,QAAA,CAAO,IAAA,CAAK,MAAM,CAAA;AACrD,EAAA,OAAOH,aAAA,CAAO,EAAA,CAAG,EAAE,OAAA,EAAS,KAAA,CAAM,MAAA,GAAS,MAAA,CAAO,MAAA,EAAQ,MAAA,EAAQ,MAAA,CAAO,MAAA,EAAQ,MAAA,EAAQ,CAAA;AAC3F,CAAA;AAEA,IAAM,YAAA,GAAe,OACnB,MAAA,EACA,cAAA,EACA,cACA,KAAA,KACuC;AACvC,EAAA,IAAI,KAAA,CAAM,MAAA,KAAW,CAAA,EAAG,OAAOA,cAAO,EAAA,CAAG,EAAE,OAAA,EAAS,CAAA,EAAG,MAAA,EAAQ,CAAA,EAAG,MAAA,EAAQ,IAAI,CAAA;AAC9E,EAAA,IAAI,KAAA,CAAM,SAAS,YAAA,EAAc;AAC/B,IAAA,OAAOA,aAAA,CAAO,KAAA,CAAM,IAAI,KAAA,CAAM,CAAA,mCAAA,EAAsC,MAAM,MAAM,CAAA,GAAA,EAAM,YAAY,CAAA,CAAA,CAAG,CAAC,CAAA;AAAA,EACxG;AAEA,EAAA,MAAM,YAAA,GAAe,KAAA,CAAM,IAAA,CAAK,CAAC,IAAA,KAAS,CAAC,MAAA,CAAO,QAAA,CAAS,IAAA,CAAK,KAAK,CAAA,IAAK,IAAA,CAAK,QAAQ,CAAC,CAAA;AACxF,EAAA,IAAI,YAAA,EAAc;AAChB,IAAA,OAAOA,aAAA,CAAO,KAAA;AAAA,MACZ,IAAI,MAAM,CAAA,sCAAA,EAAyC,YAAA,CAAa,IAAI,CAAA,GAAA,EAAM,YAAA,CAAa,KAAK,CAAA,CAAA,CAAG;AAAA,KACjG;AAAA,EACF;AAEA,EAAA,MAAM,iBAAA,GAAoB,MAAM,cAAA,EAAe;AAC/C,EAAA,IAAIA,aAAA,CAAO,OAAA,CAAQ,iBAAiB,CAAA,EAAG;AACrC,IAAA,OAAOA,cAAO,EAAA,CAAG;AAAA,MACf,OAAA,EAAS,CAAA;AAAA,MACT,QAAQ,KAAA,CAAM,MAAA;AAAA,MACd,MAAA,EAAQ,KAAA,CAAM,GAAA,CAAI,CAAC,IAAA,MAAU,EAAE,IAAA,EAAM,IAAA,CAAK,IAAA,EAAM,KAAA,EAAO,iBAAA,CAAkB,KAAA,CAAM,SAAQ,CAAE;AAAA,KAC1F,CAAA;AAAA,EACH;AAEA,EAAA,MAAMG,WAAS,MAAM,OAAA;AAAA,IACnB,MAAA,CAAO,KAAA;AAAA,MACL,CAAA,gBAAA,EAAmB,kBAAkB,IAAI,CAAA,CAAA;AAAA,MACzC;AAAA,QACE,IAAA,EAAM,KAAA,CAAM,GAAA,CAAI,CAAC,IAAA,MAAU;AAAA,UACzB,MAAM,IAAA,CAAK,IAAA;AAAA,UACX,YAAA,EAAc,IAAA;AAAA,UACd,OAAO,EAAE,KAAA,EAAO,KAAK,KAAA,CAAM,OAAA,CAAQ,CAAC,CAAA;AAAE,SACxC,CAAE;AAAA;AACJ;AACF,GACF;AAEA,EAAA,IAAIH,aAAA,CAAO,OAAA,CAAQG,QAAM,CAAA,EAAG;AAC1B,IAAA,OAAOH,cAAO,EAAA,CAAG;AAAA,MACf,OAAA,EAAS,CAAA;AAAA,MACT,QAAQ,KAAA,CAAM,MAAA;AAAA,MACd,MAAA,EAAQ,KAAA,CAAM,GAAA,CAAI,CAAC,IAAA,MAAU,EAAE,IAAA,EAAM,IAAA,CAAK,IAAA,EAAM,KAAA,EAAOG,QAAA,CAAO,KAAA,CAAM,SAAQ,CAAE;AAAA,KAC/E,CAAA;AAAA,EACH;AAEA,EAAA,MAAM,MAAA,GAAS,mBAAA,CAAoBA,QAAA,CAAO,IAAA,CAAK,MAAM,CAAA;AACrD,EAAA,OAAOH,aAAA,CAAO,EAAA,CAAG,EAAE,OAAA,EAAS,KAAA,CAAM,MAAA,GAAS,MAAA,CAAO,MAAA,EAAQ,MAAA,EAAQ,MAAA,CAAO,MAAA,EAAQ,MAAA,EAAQ,CAAA;AAC3F,CAAA;AAEA,IAAM,SAAA,GAAY,OAChB,MAAA,EACA,KAAA,EACA,YAAA,KACkC;AAClC,EAAA,MAAM,EAAA,GAAK,mBAAA,CAAoB,YAAY,CAAA,CAAE,QAAA,EAAS;AACtD,EAAA,MAAM,MAAM,CAAA,WAAA,EAAc,EAAA,GAAK,CAAA,CAAA,EAAI,EAAE,KAAK,EAAE,CAAA,CAAA;AAE5C,EAAA,MAAMG,WAAS,MAAM,OAAA;AAAA,IACnB,OAAO,IAAA,CAAkD,GAAA,EAAK,EAAE,IAAA,EAAM,OAAO;AAAA,GAC/E;AACA,EAAA,IAAIH,aAAA,CAAO,OAAA,CAAQG,QAAM,CAAA,EAAG,OAAOA,QAAA;AACnC,EAAA,IAAIA,QAAA,CAAO,IAAA,CAAK,MAAA,EAAQ,MAAA,EAAQ;AAC9B,IAAA,MAAM,GAAA,GAAM,YAAA,CAAaA,QAAA,CAAO,IAAA,CAAK,MAAM,CAAA;AAC3C,IAAA,OAAOH,cAAO,KAAA,CAAM,IAAI,MAAM,CAAA,oBAAA,EAAuB,GAAG,EAAE,CAAC,CAAA;AAAA,EAC7D;AACA,EAAA,MAAM,YAAA,GAAeG,QAAA,CAAO,IAAA,CAAK,IAAA,EAAM,KAAA;AACvC,EAAA,IAAI,CAAC,YAAA,EAAc;AACjB,IAAA,OAAOH,aAAA,CAAO,KAAA,CAAM,IAAI,KAAA,CAAM,oCAAoC,CAAC,CAAA;AAAA,EACrE;AACA,EAAA,OAAOA,aAAA,CAAO,GAAG,YAAY,CAAA;AAC/B,CAAA;AAIA,IAAM,gBAAA,GAAmB,CAAC,KAAA,KAAyC;AACjE,EAAA,IAAI,MAAA,GAAwB,IAAA;AAC5B,EAAA,OAAO,YAAqC;AAC1C,IAAA,IAAI,MAAA,KAAW,IAAA,EAAM,OAAOA,aAAA,CAAO,GAAG,MAAM,CAAA;AAC5C,IAAA,MAAMG,QAAA,GAAS,MAAM,KAAA,EAAM;AAC3B,IAAA,IAAIH,aAAA,CAAO,IAAA,CAAKG,QAAM,CAAA,WAAYA,QAAA,CAAO,IAAA;AACzC,IAAA,OAAOA,QAAA;AAAA,EACT,CAAA;AACF,CAAA;AAIO,IAAM,mBAAA,GAAsB,CACjC,WAAA,EACA,OAAA,GAAgC,EAAC,KAC9B;AACH,EAAA,gBAAA,CAAiB,eAAA,EAAiB,WAAA,CAAY,MAAA,EAAQ,QAAQ,CAAA;AAC9D,EAAA,eAAA,CAAgB,eAAA,EAAiB,WAAA,CAAY,gBAAA,EAAkB,kBAAkB,CAAA;AACjF,EAAA,eAAA,CAAgB,eAAA,EAAiB,WAAA,CAAY,aAAA,EAAe,eAAe,CAAA;AAE3E,EAAA,MAAM,eAAe,kBAAA,CAAmB,eAAA,EAAiB,OAAA,CAAQ,YAAA,EAAc,yBAAyB,cAAc,CAAA;AACtH,EAAA,MAAM,YAAY,kBAAA,CAAmB,eAAA,EAAiB,OAAA,CAAQ,SAAA,EAAW,wBAAwB,WAAW,CAAA;AAE5G,EAAA,MAAM,MAAA,GAASF,uBAAM,MAAA,CAAO;AAAA,IAC1B,SAAS,WAAA,CAAY,MAAA;AAAA,IACrB,OAAA,EAAS,SAAA;AAAA,IACT,OAAA,EAAS;AAAA,MACP,cAAA,EAAgB,mCAAA;AAAA,MAChB,6BAA6B,WAAA,CAAY;AAAA;AAC3C,GACD,CAAA;AAED,EAAA,MAAA,CAAO,YAAA,CAAa,QAAA,CAAS,GAAA,CAAI,MAAA,EAAW,CAAC,KAAA,KAAmB;AAC9D,IAAA,IAAIA,sBAAA,CAAM,YAAA,CAAa,KAAK,CAAA,EAAG;AAC7B,MAAA,qBAAA,CAAsB,KAAA,CAAM,QAAQ,OAAO,CAAA;AAAA,IAC7C;AACA,IAAA,OAAO,OAAA,CAAQ,OAAO,KAAK,CAAA;AAAA,EAC7B,CAAC,CAAA;AAED,EAAA,MAAM,iBAAA,GAAoB,gBAAA,CAAiB,MAAM,YAAA,CAAa,MAAM,CAAC,CAAA;AACrE,EAAA,MAAM,qBAAA,GAAwB,gBAAA,CAAiB,MAAM,gBAAA,CAAiB,MAAM,CAAC,CAAA;AAE7E,EAAA,OAAO;AAAA,IACL,wBAAA,EAA0B,CAAC,OAAA,EAAiB,SAAA,KAC1C,sBAAsB,WAAA,CAAY,aAAA,EAAe,SAAS,SAAS,CAAA;AAAA,IACrE,QAAA,EAAU,CAAC,SAAA,KACT,UAAA,CAAW,QAAQ,SAAS,CAAA;AAAA,IAC9B,iBAAA;AAAA,IACA,kBAAkB,CAAC,KAAA,KACjB,YAAY,MAAA,EAAQ,iBAAA,EAAmB,cAAc,KAAK,CAAA;AAAA,IAC5D,qBAAA;AAAA,IACA,mBAAmB,CAAC,KAAA,KAClB,aAAa,MAAA,EAAQ,qBAAA,EAAuB,cAAc,KAAK,CAAA;AAAA,IACjE,WAAA,EAAa,CAAC,KAAA,EAA2B,YAAA,GAAmC,EAAC,KAC3E,SAAA,CAAU,MAAA,EAAQ,KAAA,EAAO,YAAY;AAAA,GACzC;AACF","file":"index.cjs","sourcesContent":["import axios, { AxiosInstance, AxiosResponse } from \"axios\";\nimport crypto from \"crypto\";\nimport { Result } from \"@vencav/result\";\nimport type { CreateOrderOptions, CreateOrderRequest, ShoptetApiResponse, ShoptetOrder } from \"./types\";\n\nexport interface ShoptetCredentials {\n readonly oauthAccessToken: string;\n readonly apiUrl: string;\n readonly webhookSecret: string;\n}\n\nexport interface ShoptetClientOptions {\n /** Maximum items per batch request. Shoptet API hard limit is 300. Default: 300. */\n readonly maxBatchSize?: number;\n /** Request timeout in milliseconds. Default: 30000. */\n readonly timeoutMs?: number;\n}\n\nexport type BatchUpdateResult = {\n readonly success: number;\n readonly failed: number;\n readonly errors: ReadonlyArray<{ readonly code: string; readonly error: string }>;\n};\n\nexport type ShoptetClient = ReturnType<typeof createShoptetClient>;\n\nconst SHOPTET_API_BATCH_LIMIT = 300;\nconst SHOPTET_API_TIMEOUT_MS = 30_000;\n\nconst SUPPRESS_FLAGS = [\n \"suppressDocumentGeneration\",\n \"suppressEmailSending\",\n \"suppressProductChecking\",\n \"suppressStockMovements\",\n \"suppressHistoricalMandatoryFields\",\n \"suppressHistoricalPaymentChecking\",\n \"suppressHistoricalShippingChecking\",\n] as const satisfies ReadonlyArray<keyof CreateOrderOptions>;\n\n// ── Validation helpers ──────────────────────────────────────\n\nconst requireNonEmpty = (ctx: string, value: string, name: string): void => {\n if (!value) throw new Error(`${ctx}: ${name} must not be empty`);\n};\n\nconst resolvePositiveInt = (ctx: string, value: number | undefined, fallback: number, name: string): number => {\n const resolved = value ?? fallback;\n if (!Number.isInteger(resolved) || resolved < 1) {\n throw new Error(`${ctx}: ${name} must be a positive integer`);\n }\n return resolved;\n};\n\nconst validateHttpsUrl = (ctx: string, raw: string, fieldName = \"url\"): void => {\n let url: URL;\n try {\n url = new URL(raw);\n } catch {\n throw new Error(`${ctx}: ${fieldName} is not a valid URL`);\n }\n if (url.protocol !== \"https:\") throw new Error(`${ctx}: ${fieldName} must use HTTPS`);\n if (url.username || url.password) throw new Error(`${ctx}: ${fieldName} must not contain credentials`);\n};\n\n// ── Core API helper ─────────────────────────────────────────\n\nconst apiCall = async <T>(promise: Promise<AxiosResponse<T>>): Promise<Result<T>> => {\n try {\n return Result.ok((await promise).data);\n } catch (error: unknown) {\n if (axios.isAxiosError(error)) {\n const apiErrors = error.response?.data?.errors;\n if (Array.isArray(apiErrors) && apiErrors.length > 0) {\n const msg = joinMessages(apiErrors as Array<{ message: string }>);\n return Result.error(new Error(`Shoptet API error (${error.response?.status}): ${msg}`));\n }\n return Result.error(new Error(error.message || \"Unknown error\"));\n }\n return Result.error(error instanceof Error ? error : new Error(String(error)));\n }\n};\n\n// ── Shared helpers ──────────────────────────────────────────\n\nconst joinMessages = (errors: ReadonlyArray<{ message: string }>): string =>\n errors.map((e) => e.message).join(\", \");\n\nconst parseResponseErrors = (\n raw: Array<{ instance?: string; message?: string }> | null | undefined\n): Array<{ code: string; error: string }> =>\n (raw ?? []).map((e) => ({ code: e.instance ?? \"unknown\", error: e.message ?? \"Unknown error\" }));\n\nconst buildSuppressParams = (options: CreateOrderOptions): URLSearchParams => {\n const params = new URLSearchParams();\n for (const flag of SUPPRESS_FLAGS) {\n if (options[flag]) params.set(flag, \"true\");\n }\n return params;\n};\n\nconst scrubSensitiveHeaders = (headers: unknown): void => {\n if (!headers || typeof headers !== \"object\") return;\n\n const axiosHeaders = headers as { delete?: (name: string) => void };\n if (typeof axiosHeaders.delete === \"function\") {\n axiosHeaders.delete(\"Shoptet-Private-API-Token\");\n return;\n }\n\n const headerEntries = Object.keys(headers as Record<string, unknown>);\n for (const key of headerEntries) {\n if (key.toLowerCase() === \"shoptet-private-api-token\") {\n delete (headers as Record<string, unknown>)[key];\n }\n }\n};\n\n// ── Pure API functions ──────────────────────────────────────\n\nconst checkWebhookSignature = (secret: string, payload: string, signature: string): boolean => {\n const expected = crypto.createHmac(\"sha1\", secret).update(payload).digest(\"hex\");\n try {\n return crypto.timingSafeEqual(\n Uint8Array.from(Buffer.from(signature, \"hex\")),\n Uint8Array.from(Buffer.from(expected, \"hex\"))\n );\n } catch {\n return false;\n }\n};\n\nconst fetchOrder = async (client: AxiosInstance, orderCode: string): Promise<Result<ShoptetOrder>> => {\n const result = await apiCall(\n client.get<ShoptetApiResponse<{ order: ShoptetOrder }>>(`/api/orders/${encodeURIComponent(orderCode)}`)\n );\n if (Result.isError(result)) return result;\n if (result.data.errors?.length) {\n const msg = joinMessages(result.data.errors);\n return Result.error(new Error(`Shoptet API error: ${msg}`));\n }\n const order = result.data.data?.order;\n if (!order) {\n return Result.error(new Error(\"Shoptet API returned no order data\"));\n }\n return Result.ok(order);\n};\n\nconst fetchStockId = async (client: AxiosInstance): Promise<Result<number>> => {\n const result = await apiCall(\n client.get<{ data: { stocks: Array<{ id: number; title: string }> } }>(\"/api/stocks\")\n );\n if (Result.isError(result)) return result;\n const stocks = result.data.data?.stocks;\n if (!stocks || stocks.length === 0) {\n return Result.error(new Error(\"No stocks (warehouses) found in Shoptet\"));\n }\n return Result.ok(stocks[0].id);\n};\n\nconst fetchPricelistId = async (client: AxiosInstance): Promise<Result<number>> => {\n const result = await apiCall(\n client.get<{\n data: {\n priceLists?: Array<{ id: number; name: string }>;\n pricelists?: Array<{ id: number; name: string }>;\n };\n }>(\"/api/pricelists\")\n );\n if (Result.isError(result)) return result;\n const pricelists = result.data.data?.priceLists ?? result.data.data?.pricelists;\n if (!pricelists || pricelists.length === 0) {\n return Result.error(new Error(\"No pricelists found in Shoptet\"));\n }\n return Result.ok(pricelists[0].id);\n};\n\nconst updateStock = async (\n client: AxiosInstance,\n getStockId: () => Promise<Result<number>>,\n maxBatchSize: number,\n items: Array<{ productCode: string; quantity: number }>\n): Promise<Result<BatchUpdateResult>> => {\n if (items.length === 0) return Result.ok({ success: 0, failed: 0, errors: [] });\n if (items.length > maxBatchSize) {\n return Result.error(new Error(`batchUpdateStock: too many items (${items.length} > ${maxBatchSize})`));\n }\n\n const invalidQuantity = items.find((item) => !Number.isFinite(item.quantity));\n if (invalidQuantity) {\n return Result.error(\n new Error(`batchUpdateStock: invalid quantity for \"${invalidQuantity.productCode}\" (${invalidQuantity.quantity})`)\n );\n }\n\n const stockIdResult = await getStockId();\n if (Result.isError(stockIdResult)) {\n return Result.ok({\n success: 0,\n failed: items.length,\n errors: items.map((item) => ({ code: item.productCode, error: stockIdResult.error.message })),\n });\n }\n\n const result = await apiCall(\n client.patch<{ errors?: Array<{ instance?: string; message?: string }> }>(\n `/api/stocks/${stockIdResult.data}/movements`,\n { data: items.map((item) => ({ productCode: item.productCode, quantity: item.quantity })) }\n )\n );\n\n if (Result.isError(result)) {\n return Result.ok({\n success: 0,\n failed: items.length,\n errors: items.map((item) => ({ code: item.productCode, error: result.error.message })),\n });\n }\n\n const errors = parseResponseErrors(result.data.errors);\n return Result.ok({ success: items.length - errors.length, failed: errors.length, errors });\n};\n\nconst updatePrices = async (\n client: AxiosInstance,\n getPricelistId: () => Promise<Result<number>>,\n maxBatchSize: number,\n items: Array<{ code: string; price: number }>\n): Promise<Result<BatchUpdateResult>> => {\n if (items.length === 0) return Result.ok({ success: 0, failed: 0, errors: [] });\n if (items.length > maxBatchSize) {\n return Result.error(new Error(`batchUpdatePrices: too many items (${items.length} > ${maxBatchSize})`));\n }\n\n const invalidPrice = items.find((item) => !Number.isFinite(item.price) || item.price < 0);\n if (invalidPrice) {\n return Result.error(\n new Error(`batchUpdatePrices: invalid price for \"${invalidPrice.code}\" (${invalidPrice.price})`)\n );\n }\n\n const pricelistIdResult = await getPricelistId();\n if (Result.isError(pricelistIdResult)) {\n return Result.ok({\n success: 0,\n failed: items.length,\n errors: items.map((item) => ({ code: item.code, error: pricelistIdResult.error.message })),\n });\n }\n\n const result = await apiCall(\n client.patch<{ errors?: Array<{ instance?: string; message?: string }> }>(\n `/api/pricelists/${pricelistIdResult.data}`,\n {\n data: items.map((item) => ({\n code: item.code,\n includingVat: true,\n price: { price: item.price.toFixed(2) },\n })),\n }\n )\n );\n\n if (Result.isError(result)) {\n return Result.ok({\n success: 0,\n failed: items.length,\n errors: items.map((item) => ({ code: item.code, error: result.error.message })),\n });\n }\n\n const errors = parseResponseErrors(result.data.errors);\n return Result.ok({ success: items.length - errors.length, failed: errors.length, errors });\n};\n\nconst postOrder = async (\n client: AxiosInstance,\n order: CreateOrderRequest,\n orderOptions: CreateOrderOptions\n): Promise<Result<ShoptetOrder>> => {\n const qs = buildSuppressParams(orderOptions).toString();\n const url = `/api/orders${qs ? `?${qs}` : \"\"}`;\n\n const result = await apiCall(\n client.post<ShoptetApiResponse<{ order: ShoptetOrder }>>(url, { data: order })\n );\n if (Result.isError(result)) return result;\n if (result.data.errors?.length) {\n const msg = joinMessages(result.data.errors);\n return Result.error(new Error(`Shoptet API errors: ${msg}`));\n }\n const createdOrder = result.data.data?.order;\n if (!createdOrder) {\n return Result.error(new Error(\"Shoptet API returned no order data\"));\n }\n return Result.ok(createdOrder);\n};\n\n// ── Caching resolvers ───────────────────────────────────────\n\nconst createIdResolver = (fetch: () => Promise<Result<number>>) => {\n let cached: number | null = null;\n return async (): Promise<Result<number>> => {\n if (cached !== null) return Result.ok(cached);\n const result = await fetch();\n if (Result.isOk(result)) cached = result.data;\n return result;\n };\n};\n\n// ── Factory ─────────────────────────────────────────────────\n\nexport const createShoptetClient = (\n credentials: ShoptetCredentials,\n options: ShoptetClientOptions = {}\n) => {\n validateHttpsUrl(\"ShoptetClient\", credentials.apiUrl, \"apiUrl\");\n requireNonEmpty(\"ShoptetClient\", credentials.oauthAccessToken, \"oauthAccessToken\");\n requireNonEmpty(\"ShoptetClient\", credentials.webhookSecret, \"webhookSecret\");\n\n const maxBatchSize = resolvePositiveInt(\"ShoptetClient\", options.maxBatchSize, SHOPTET_API_BATCH_LIMIT, \"maxBatchSize\");\n const timeoutMs = resolvePositiveInt(\"ShoptetClient\", options.timeoutMs, SHOPTET_API_TIMEOUT_MS, \"timeoutMs\");\n\n const client = axios.create({\n baseURL: credentials.apiUrl,\n timeout: timeoutMs,\n headers: {\n \"Content-Type\": \"application/vnd.shoptet.v1.0+json\",\n \"Shoptet-Private-API-Token\": credentials.oauthAccessToken,\n },\n });\n\n client.interceptors.response.use(undefined, (error: unknown) => {\n if (axios.isAxiosError(error)) {\n scrubSensitiveHeaders(error.config?.headers);\n }\n return Promise.reject(error);\n });\n\n const getDefaultStockId = createIdResolver(() => fetchStockId(client));\n const getDefaultPricelistId = createIdResolver(() => fetchPricelistId(client));\n\n return {\n validateWebhookSignature: (payload: string, signature: string) =>\n checkWebhookSignature(credentials.webhookSecret, payload, signature),\n getOrder: (orderCode: string) =>\n fetchOrder(client, orderCode),\n getDefaultStockId,\n batchUpdateStock: (items: Array<{ productCode: string; quantity: number }>) =>\n updateStock(client, getDefaultStockId, maxBatchSize, items),\n getDefaultPricelistId,\n batchUpdatePrices: (items: Array<{ code: string; price: number }>) =>\n updatePrices(client, getDefaultPricelistId, maxBatchSize, items),\n createOrder: (order: CreateOrderRequest, orderOptions: CreateOrderOptions = {}) =>\n postOrder(client, order, orderOptions),\n };\n};\n"]}