@waffo/pancake-ts 0.1.3 → 0.1.7

package/CHANGELOG.md

@@ -4,6 +4,80 @@ All notable changes to `@waffo/pancake-ts` will be documented in this file.
 
 Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), versioning follows [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.1.7] - 2026-03-20
+
+### Added
+
+- **Custom webhook public key** — `WaffoPancakeConfig.webhookPublicKey` accepts `string` (shared) or `{ test?, prod? }` (per-environment) to override built-in keys.
+- **Multi-level key resolution** — Webhook public key is resolved per environment: `options.publicKey` (per-call) → config key → `WAFFO_WEBHOOK_{TEST|PROD}_PUBLIC_KEY` env var → `WAFFO_WEBHOOK_PUBLIC_KEY` env var → built-in hardcoded key.
+- **`client.webhooks.verify()`** — New resource namespace on the client instance. Injects config-level keys into the resolution chain automatically; supports per-call override via `options.publicKey`.
+- **`VerifyWebhookOptions.publicKey`** — Per-call override for the standalone `verifyWebhook()` function (highest priority, skips all resolution).
+- **`VerifyWebhookOptions.publicKeys`** — Config-level key(s) for the resolution chain (typically injected by `client.webhooks.verify()`).
+- **`WebhookPublicKeys` type** — `string | { test?: string; prod?: string }`, exported from the package.
+- **Public key normalization** — `normalizePublicKey()` handles the same flexible input formats as `normalizePrivateKey`: literal `\n` from environment variables, Windows `\r\n` line endings, raw base64 without PEM headers, single-line base64, and PKCS#1 (`BEGIN RSA PUBLIC KEY`) format. Applied automatically at every level of the resolution chain.
+
+## [0.1.6] - 2026-03-18
+
+### Changed
+
+- **Types (BREAKING)** — `PriceInfo` removes `taxIncluded` field. Prices now only require `amount` and `taxCategory`. The system internally defaults to tax-exclusive pricing; `taxIncluded` may be re-introduced in a future version.
+- **Types (BREAKING)** — `Store` removes `isPublic` field from response type. `UpdateStoreParams` removes `isPublic` field from input type. Store visibility is no longer configurable (defaults to private).
+
+### Migration
+
+Remove `taxIncluded` from all `PriceInfo` / `Prices` objects:
+
+```diff
+ const { product } = await client.onetimeProducts.create({
+   storeId: "store_xxx",
+   name: "My Product",
+   prices: {
+-    USD: { amount: 2900, taxIncluded: false, taxCategory: "digital_goods" },
++    USD: { amount: 2900, taxCategory: "digital_goods" },
+   },
+ });
+```
+
+Remove `isPublic` from `stores.update()` calls:
+
+```diff
+ const { store } = await client.stores.update({
+   id: "store_xxx",
+-  isPublic: true,
+   name: "Updated Name",
+ });
+```
+
+## [0.1.5] - 2026-03-18
+
+### Changed
+
+- **Types** — `CheckoutThemeSettings` removes `checkoutColorTextSecondary` field (7→6 fields). The secondary text color is now derived server-side from `checkoutColorText` and `checkoutColorCard` via color mixing. Merchants only need to configure 5 base color/radius fields; the remaining 7 PSP variables are computed automatically.
+
+### Migration
+
+If your code references `checkoutColorTextSecondary`, remove it. The field is no longer accepted by the API and is silently ignored in stored data.
+
+```diff
+ const theme: CheckoutThemeSettings = {
+   checkoutLogo: null,
+   checkoutColorPrimary: "#6366f1",
+   checkoutColorBackground: "#ffffff",
+   checkoutColorCard: "#f9fafb",
+   checkoutColorText: "#111827",
+-  checkoutColorTextSecondary: "#6b7280",
+   checkoutBorderRadius: "0.5rem",
+ };
+```
+
+## [0.1.4] - 2026-03-16
+
+### Changed
+
+- **Types** — `CheckoutSettings` adds `defaultDarkMode: boolean` field to match API response (store create/update)
+- **Types** — `CreateCheckoutSessionParams` adds optional `darkMode` field for dark mode override
+- **Types** — `CreateCheckoutSessionParams.storeId` changed from optional to required to match API spec
+
 ## [0.1.3] - 2026-03-11
 
 ### Added

package/README.md

@@ -31,8 +31,8 @@ const { product } = await client.onetimeProducts.create({
   storeId: store.id,
   name: "E-Book: TypeScript Handbook",
   prices: {
-    USD: { amount: 2900, taxIncluded: false, taxCategory: "digital_goods" },
-    EUR: { amount: 2700, taxIncluded: true, taxCategory: "digital_goods" },
+    USD: { amount: 2900, taxCategory: "digital_goods" },
+    EUR: { amount: 2700, taxCategory: "digital_goods" },
   },
 });
 
@@ -59,6 +59,7 @@ const result = await client.graphql.query<{ stores: Array<{ id: string; name: st
 | `privateKey` | `string` | Yes | RSA private key (see [Private Key Formats](#private-key-formats) below) |
 | `baseUrl` | `string` | No | API base URL (default: `https://waffo-pancake-auth-service.vercel.app`) |
 | `fetch` | `typeof fetch` | No | Custom fetch implementation |
+| `webhookPublicKey` | `string \| { test?, prod? }` | No | Custom webhook public key(s) (see [Webhook Public Key Resolution](#webhook-public-key-resolution) below) |
 
 ### Private Key Formats
 
@@ -82,6 +83,53 @@ new WaffoPancake({ merchantId: "m_1", privateKey: fs.readFileSync("key.pem", "ut
 new WaffoPancake({ merchantId: "m_1", privateKey: rawBase64String });                   // raw base64
 ```
 
+### Webhook Public Key Resolution
+
+The SDK resolves the webhook verification public key per environment using a multi-level fallback chain:
+
+| Priority | Source | Description |
+|----------|--------|-------------|
+| 1 | `options.publicKey` | Per-call override (highest priority, skips all resolution) |
+| 2 | `config.webhookPublicKey[env]` | Config object per-environment key |
+| 3 | `config.webhookPublicKey` (string) | Config shared key (both environments) |
+| 4 | `WAFFO_WEBHOOK_TEST_PUBLIC_KEY` / `WAFFO_WEBHOOK_PROD_PUBLIC_KEY` | Environment variable per-environment |
+| 5 | `WAFFO_WEBHOOK_PUBLIC_KEY` | Environment variable shared |
+| 6 | Built-in hardcoded key | SDK-embedded Waffo public key (default) |
+
+```typescript
+// Shared key for both environments
+new WaffoPancake({ merchantId: "m_1", privateKey: "...", webhookPublicKey: "MIIBIjAN..." });
+
+// Per-environment keys
+new WaffoPancake({
+  merchantId: "m_1",
+  privateKey: "...",
+  webhookPublicKey: {
+    test: process.env.WAFFO_TEST_PUB_KEY!,
+    prod: process.env.WAFFO_PROD_PUB_KEY!,
+  },
+});
+
+// Or rely on environment variables (no config needed)
+// export WAFFO_WEBHOOK_TEST_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----\n..."
+// export WAFFO_WEBHOOK_PROD_PUBLIC_KEY="-----BEGIN PUBLIC KEY-----\n..."
+new WaffoPancake({ merchantId: "m_1", privateKey: "..." });
+// => SDK auto-reads from env vars, falls back to built-in keys
+```
+
+### Public Key Formats
+
+All public key inputs (config, env vars, per-call) accept the same flexible formats as private keys:
+
+| Format | Example | Notes |
+|--------|---------|-------|
+| Standard SPKI PEM | `-----BEGIN PUBLIC KEY-----\n...` | Recommended |
+| PKCS#1 PEM | `-----BEGIN RSA PUBLIC KEY-----\n...` | Also accepted |
+| Literal `\n` (env vars) | `"-----BEGIN PUBLIC KEY-----\\nMIIB..."` | Common when stored in `.env` or CI secrets |
+| Windows line endings | `\r\n` | Converted to `\n` |
+| Raw base64 (no headers) | `MIIBIjANBgkqhki...` | Wrapped with SPKI headers automatically |
+| Single-line base64 with headers | Header + all base64 on one line + footer | Re-wrapped to 64-char lines |
+
 ## Resources
 
 | Namespace | Methods | Description |
@@ -95,6 +143,7 @@ new WaffoPancake({ merchantId: "m_1", privateKey: rawBase64String });
 | `client.orders` | `cancelSubscription()` | Order management (pending→canceled, active→canceling) |
 | `client.checkout` | `createSession()` | Create a checkout session with trial toggle, billing detail, and price snapshot |
 | `client.graphql` | `query<T>()` | Typed GraphQL queries (Query only, no Mutations) |
+| `client.webhooks` | `verify<T>()` | Webhook signature verification (uses configured `webhookPublicKey` or built-in keys) |
 
 See [API Reference](docs/api-reference.md) for complete parameter tables and return types.
 
@@ -260,9 +309,9 @@ const { product } = await client.onetimeProducts.create({
   name: "E-Book: TypeScript Handbook",
   description: "Complete TypeScript guide for developers",
   prices: {
-    USD: { amount: 2900, taxIncluded: false, taxCategory: TaxCategory.DigitalGoods },
-    EUR: { amount: 2700, taxIncluded: true, taxCategory: TaxCategory.DigitalGoods },
-    JPY: { amount: 4500, taxIncluded: true, taxCategory: TaxCategory.DigitalGoods },
+    USD: { amount: 2900, taxCategory: TaxCategory.DigitalGoods },
+    EUR: { amount: 2700, taxCategory: TaxCategory.DigitalGoods },
+    JPY: { amount: 4500, taxCategory: TaxCategory.DigitalGoods },
   },
   media: [{ type: "image", url: "https://example.com/cover.jpg", alt: "Book cover" }],
   metadata: { sku: "ebook-ts-001" },
@@ -272,7 +321,7 @@ const { product } = await client.onetimeProducts.create({
 await client.onetimeProducts.update({
   id: product.id,
   name: "E-Book: TypeScript Handbook v2",
-  prices: { USD: { amount: 3900, taxIncluded: false, taxCategory: "digital_goods" } },
+  prices: { USD: { amount: 3900, taxCategory: "digital_goods" } },
 });
 
 // Publish test version → production
@@ -291,7 +340,7 @@ const { product } = await client.subscriptionProducts.create({
   storeId: "store_xxx",
   name: "Pro Plan",
   billingPeriod: BillingPeriod.Monthly,
-  prices: { USD: { amount: 999, taxIncluded: false, taxCategory: TaxCategory.SaaS } },
+  prices: { USD: { amount: 999, taxCategory: TaxCategory.SaaS } },
   description: "Unlimited access to all features",
 });
 
@@ -348,6 +397,7 @@ const session = await client.checkout.createSession({
 
 // Subscription with trial and billing detail
 const subSession = await client.checkout.createSession({
+  storeId: "store_xxx",
   productId: "prod_yyy",
   productType: CheckoutSessionProductType.Subscription,
   currency: "USD",
@@ -390,7 +440,9 @@ See [GraphQL Guide](docs/graphql-guide.md) for introspection, filters, paginatio
 
 ## Webhook Verification
 
-The SDK exports a standalone `verifyWebhook()` function with **embedded RSA-SHA256 public keys** for both test and production environments. No need to manage keys yourself.
+Two ways to verify webhooks: the **standalone function** `verifyWebhook()` with built-in public keys, or the **client instance method** `client.webhooks.verify()` which uses the configured `webhookPublicKey`.
+
+### Option A — Standalone Function (built-in keys)
 
 ```typescript
 import { verifyWebhook, WebhookEventType } from "@waffo/pancake-ts";
@@ -444,7 +496,34 @@ const event = verifyWebhook(body, sig, { environment: "prod" });
 const event = verifyWebhook(body, sig, { toleranceMs: 0 }); // disable replay check
 ```
 
-See [Webhook Guide](docs/webhook-guide.md) for all 10 event types, signature algorithm, and best practices.
+### Option B — Client Instance Method (multi-level key resolution)
+
+`client.webhooks.verify()` uses the [multi-level fallback chain](#webhook-public-key-resolution) automatically: config keys → env vars → built-in keys.
+
+```typescript
+// Per-environment keys via config
+const client = new WaffoPancake({
+  merchantId: process.env.WAFFO_MERCHANT_ID!,
+  privateKey: process.env.WAFFO_PRIVATE_KEY!,
+  webhookPublicKey: {
+    test: process.env.WAFFO_TEST_PUB_KEY!,
+    prod: process.env.WAFFO_PROD_PUB_KEY!,
+  },
+});
+const event = client.webhooks.verify(rawBody, sig, { environment: "prod" });
+
+// Or rely on env vars (WAFFO_WEBHOOK_TEST_PUBLIC_KEY / WAFFO_WEBHOOK_PROD_PUBLIC_KEY)
+const client2 = new WaffoPancake({
+  merchantId: process.env.WAFFO_MERCHANT_ID!,
+  privateKey: process.env.WAFFO_PRIVATE_KEY!,
+});
+const event2 = client2.webhooks.verify(rawBody, sig); // auto-detect environment
+
+// Per-call override (highest priority, skips all resolution)
+const event3 = client.webhooks.verify(rawBody, sig, { publicKey: oneOffKey });
+```
+
+See [Webhook Guide](docs/webhook-guide.md) for event types, signature algorithm, public key resolution, and best practices.
 
 ## Error Handling
 
@@ -503,7 +582,7 @@ Runtime-accessible values. Both `Enum.Value` and string literal syntax are suppo
 
 ### Types
 
-See [API Reference — Types](docs/api-reference.md#types) for the full list of 40+ exported interfaces.
+Key types: `WaffoPancakeConfig`, `WebhookPublicKeys`, `VerifyWebhookOptions`, `WebhookEvent<T>`, `Store`, `OnetimeProductDetail`, `SubscriptionProductDetail`, `CheckoutSessionResult`, `GraphQLResponse<T>`, and 30+ more. See [API Reference — Types](docs/api-reference.md#types) for the full list.
 
 ## Development
 
@@ -536,7 +615,8 @@ src/
     ├── subscription-product-groups.ts
     ├── orders.ts
     ├── checkout.ts
-    └── graphql.ts
+    ├── graphql.ts
+    └── webhooks.ts
 docs/
 ├── api-reference.md       # Complete API reference
 ├── graphql-guide.md       # GraphQL usage guide

package/dist/index.cjs

@@ -63,6 +63,10 @@ var PKCS8_HEADER = "-----BEGIN PRIVATE KEY-----";
 var PKCS8_FOOTER = "-----END PRIVATE KEY-----";
 var PKCS1_HEADER = "-----BEGIN RSA PRIVATE KEY-----";
 var PKCS1_FOOTER = "-----END RSA PRIVATE KEY-----";
+var SPKI_HEADER = "-----BEGIN PUBLIC KEY-----";
+var SPKI_FOOTER = "-----END PUBLIC KEY-----";
+var PKCS1_PUB_HEADER = "-----BEGIN RSA PUBLIC KEY-----";
+var PKCS1_PUB_FOOTER = "-----END RSA PUBLIC KEY-----";
 function normalizePrivateKey(raw) {
   if (!raw || !raw.trim()) {
     throw new Error(
@@ -108,6 +112,51 @@ ${PKCS8_FOOTER}`;
   }
   return pem;
 }
+function normalizePublicKey(raw) {
+  if (!raw || !raw.trim()) {
+    throw new Error(
+      "Public key is empty. Provide an RSA public key in PEM format."
+    );
+  }
+  let pem = raw.replace(/\\n/g, "\n").replace(/\r\n/g, "\n");
+  pem = pem.trim();
+  const hasSpkiHeader = pem.includes(SPKI_HEADER);
+  const hasPkcs1PubHeader = pem.includes(PKCS1_PUB_HEADER);
+  const hasHeader = hasSpkiHeader || hasPkcs1PubHeader;
+  if (hasHeader) {
+    const base64 = pem.replace(/-----BEGIN (?:RSA )?PUBLIC KEY-----/g, "").replace(/-----END (?:RSA )?PUBLIC KEY-----/g, "").replace(/\s+/g, "");
+    if (!base64) {
+      throw new Error(
+        "Public key contains PEM headers but no key data. Check the key content."
+      );
+    }
+    const header = hasPkcs1PubHeader ? PKCS1_PUB_HEADER : SPKI_HEADER;
+    const footer = hasPkcs1PubHeader ? PKCS1_PUB_FOOTER : SPKI_FOOTER;
+    const wrapped = base64.match(/.{1,64}/g).join("\n");
+    pem = `${header}
+${wrapped}
+${footer}`;
+  } else {
+    const base64 = pem.replace(/\s+/g, "");
+    if (!/^[A-Za-z0-9+/]+=*$/.test(base64)) {
+      throw new Error(
+        "Public key is not valid PEM or base64. Expected an RSA public key in PEM format or raw base64."
+      );
+    }
+    const wrapped = base64.match(/.{1,64}/g).join("\n");
+    pem = `${SPKI_HEADER}
+${wrapped}
+${SPKI_FOOTER}`;
+  }
+  try {
+    (0, import_node_crypto.createPublicKey)(pem);
+  } catch {
+    throw new Error(
+      "Public key could not be parsed. Ensure it is a valid RSA public key in SPKI or PKCS#1 (PEM) format."
+    );
+  }
+  return pem;
+}
 function signRequest(method, path, timestamp, body, privateKey) {
   const bodyHash = (0, import_node_crypto.createHash)("sha256").update(body).digest("base64");
   const canonicalRequest = `${method}
@@ -259,7 +308,7 @@ var OnetimeProductsResource = class {
    * const { product } = await client.onetimeProducts.create({
    *   storeId: "store_xxx",
    *   name: "E-Book",
-   *   prices: { USD: { amount: 2900, taxIncluded: false, taxCategory: "digital_goods" } },
+   *   prices: { USD: { amount: 2900, taxCategory: "digital_goods" } },
    * });
    */
   async create(params) {
@@ -275,7 +324,7 @@ var OnetimeProductsResource = class {
    * const { product } = await client.onetimeProducts.update({
    *   id: "prod_xxx",
    *   name: "E-Book v2",
-   *   prices: { USD: { amount: 3900, taxIncluded: false, taxCategory: "digital_goods" } },
+   *   prices: { USD: { amount: 3900, taxCategory: "digital_goods" } },
    * });
    */
   async update(params) {
@@ -416,7 +465,6 @@ var StoresResource = class {
    * const { store } = await client.stores.update({
    *   id: "store_xxx",
    *   name: "Updated Name",
-   *   supportEmail: "help@example.com",
    * });
    */
   async update(params) {
@@ -515,7 +563,7 @@ var SubscriptionProductsResource = class {
    *   storeId: "store_xxx",
    *   name: "Pro Plan",
    *   billingPeriod: "monthly",
-   *   prices: { USD: { amount: 999, taxIncluded: false, taxCategory: "saas" } },
+   *   prices: { USD: { amount: 999, taxCategory: "saas" } },
    * });
    */
   async create(params) {
@@ -532,7 +580,7 @@ var SubscriptionProductsResource = class {
    *   id: "prod_xxx",
    *   name: "Pro Plan v2",
    *   billingPeriod: "monthly",
-   *   prices: { USD: { amount: 1499, taxIncluded: false, taxCategory: "saas" } },
+   *   prices: { USD: { amount: 1499, taxCategory: "saas" } },
    * });
    */
   async update(params) {
@@ -567,32 +615,6 @@ var SubscriptionProductsResource = class {
   }
 };
 
-// src/client.ts
-var WaffoPancake = class {
-  http;
-  auth;
-  stores;
-  storeMerchants;
-  onetimeProducts;
-  subscriptionProducts;
-  subscriptionProductGroups;
-  orders;
-  checkout;
-  graphql;
-  constructor(config) {
-    this.http = new HttpClient(config);
-    this.auth = new AuthResource(this.http);
-    this.stores = new StoresResource(this.http);
-    this.storeMerchants = new StoreMerchantsResource(this.http);
-    this.onetimeProducts = new OnetimeProductsResource(this.http);
-    this.subscriptionProducts = new SubscriptionProductsResource(this.http);
-    this.subscriptionProductGroups = new SubscriptionProductGroupsResource(this.http);
-    this.orders = new OrdersResource(this.http);
-    this.checkout = new CheckoutResource(this.http);
-    this.graphql = new GraphQLResource(this.http);
-  }
-};
-
 // src/webhooks.ts
 var import_node_crypto3 = require("crypto");
 var DEFAULT_TOLERANCE_MS = 5 * 60 * 1e3;
@@ -632,6 +654,23 @@ function rsaVerify(signatureInput, v1, publicKey) {
   verifier.update(signatureInput);
   return verifier.verify(publicKey, v1, "base64");
 }
+function resolveKeyForEnv(env, configKeys) {
+  if (typeof configKeys === "string") {
+    return normalizePublicKey(configKeys);
+  }
+  if (configKeys?.[env]) {
+    return normalizePublicKey(configKeys[env]);
+  }
+  const envSpecific = env === "test" ? process.env.WAFFO_WEBHOOK_TEST_PUBLIC_KEY : process.env.WAFFO_WEBHOOK_PROD_PUBLIC_KEY;
+  if (envSpecific) {
+    return normalizePublicKey(envSpecific);
+  }
+  const generic = process.env.WAFFO_WEBHOOK_PUBLIC_KEY;
+  if (generic) {
+    return normalizePublicKey(generic);
+  }
+  return env === "test" ? TEST_PUBLIC_KEY : PROD_PUBLIC_KEY;
+}
 function verifyWebhook(payload, signatureHeader, options) {
   if (!signatureHeader) {
     throw new Error("Missing X-Waffo-Signature header");
@@ -651,27 +690,103 @@ function verifyWebhook(payload, signatureHeader, options) {
     }
   }
   const signatureInput = `${t}.${payload}`;
-  const env = options?.environment;
-  if (env === "test") {
-    if (!rsaVerify(signatureInput, v1, TEST_PUBLIC_KEY)) {
-      throw new Error("Invalid webhook signature (test key)");
-    }
-  } else if (env === "prod") {
-    if (!rsaVerify(signatureInput, v1, PROD_PUBLIC_KEY)) {
-      throw new Error("Invalid webhook signature (prod key)");
+  const directKey = options?.publicKey;
+  if (directKey) {
+    const normalizedKey = normalizePublicKey(directKey);
+    if (!rsaVerify(signatureInput, v1, normalizedKey)) {
+      throw new Error("Invalid webhook signature (custom key)");
     }
   } else {
-    const prodValid = rsaVerify(signatureInput, v1, PROD_PUBLIC_KEY);
-    if (!prodValid) {
-      const testValid = rsaVerify(signatureInput, v1, TEST_PUBLIC_KEY);
-      if (!testValid) {
-        throw new Error("Invalid webhook signature (tried both prod and test keys)");
+    const configKeys = options?.publicKeys;
+    const env = options?.environment;
+    if (env === "test" || env === "prod") {
+      const key = resolveKeyForEnv(env, configKeys);
+      if (!rsaVerify(signatureInput, v1, key)) {
+        throw new Error(`Invalid webhook signature (${env} key)`);
+      }
+    } else {
+      const prodKey = resolveKeyForEnv("prod", configKeys);
+      if (!rsaVerify(signatureInput, v1, prodKey)) {
+        const testKey = resolveKeyForEnv("test", configKeys);
+        if (!rsaVerify(signatureInput, v1, testKey)) {
+          throw new Error("Invalid webhook signature (tried both prod and test keys)");
+        }
       }
     }
   }
   return JSON.parse(payload);
 }
 
+// src/resources/webhooks.ts
+var WebhooksResource = class {
+  /** @param publicKeys - Optional config-level public key(s) from WaffoPancakeConfig */
+  constructor(publicKeys) {
+    this.publicKeys = publicKeys;
+  }
+  /**
+   * Verify and parse an incoming webhook event.
+   *
+   * Key resolution order:
+   * 1. `options.publicKey` — per-call override (highest priority)
+   * 2. `config.webhookPublicKey[env]` or `config.webhookPublicKey` (string)
+   * 3. `WAFFO_WEBHOOK_{TEST|PROD}_PUBLIC_KEY` environment variable
+   * 4. `WAFFO_WEBHOOK_PUBLIC_KEY` environment variable
+   * 5. Built-in hardcoded key
+   *
+   * @param payload - Raw request body string (must be unparsed)
+   * @param signatureHeader - Value of the `X-Waffo-Signature` header
+   * @param options - Verification options (optional)
+   * @returns Parsed webhook event
+   * @throws Error if signature is invalid, header is malformed, or timestamp is stale
+   *
+   * @example
+   * const event = client.webhooks.verify(rawBody, signatureHeader);
+   *
+   * @example
+   * // Specify environment
+   * const event = client.webhooks.verify(rawBody, sig, { environment: "test" });
+   *
+   * @example
+   * // Per-call key override
+   * const event = client.webhooks.verify(rawBody, sig, { publicKey: oneOffKey });
+   */
+  verify(payload, signatureHeader, options) {
+    const mergedOptions = {
+      ...options,
+      publicKeys: options?.publicKeys ?? this.publicKeys
+    };
+    return verifyWebhook(payload, signatureHeader, mergedOptions);
+  }
+};
+
+// src/client.ts
+var WaffoPancake = class {
+  http;
+  auth;
+  stores;
+  storeMerchants;
+  onetimeProducts;
+  subscriptionProducts;
+  subscriptionProductGroups;
+  orders;
+  checkout;
+  graphql;
+  webhooks;
+  constructor(config) {
+    this.http = new HttpClient(config);
+    this.auth = new AuthResource(this.http);
+    this.stores = new StoresResource(this.http);
+    this.storeMerchants = new StoreMerchantsResource(this.http);
+    this.onetimeProducts = new OnetimeProductsResource(this.http);
+    this.subscriptionProducts = new SubscriptionProductsResource(this.http);
+    this.subscriptionProductGroups = new SubscriptionProductGroupsResource(this.http);
+    this.orders = new OrdersResource(this.http);
+    this.checkout = new CheckoutResource(this.http);
+    this.graphql = new GraphQLResource(this.http);
+    this.webhooks = new WebhooksResource(config.webhookPublicKey);
+  }
+};
+
 // src/types.ts
 var Environment = /* @__PURE__ */ ((Environment2) => {
   Environment2["Test"] = "test";