@webhooks-cc/sdk 0.5.0 → 1.0.0

package/dist/index.js

@@ -18,15 +18,20 @@ var __copyProps = (to, from, except, desc) => {
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/index.ts
-var index_exports = {};
-__export(index_exports, {
+var src_exports = {};
+__export(src_exports, {
   ApiError: () => ApiError,
   NotFoundError: () => NotFoundError,
   RateLimitError: () => RateLimitError,
+  TEMPLATE_METADATA: () => TEMPLATE_METADATA,
   TimeoutError: () => TimeoutError,
   UnauthorizedError: () => UnauthorizedError,
+  WebhookFlowBuilder: () => WebhookFlowBuilder,
   WebhooksCC: () => WebhooksCC,
   WebhooksCCError: () => WebhooksCCError,
+  diffRequests: () => diffRequests,
+  extractJsonField: () => extractJsonField,
+  isDiscordWebhook: () => isDiscordWebhook,
   isGitHubWebhook: () => isGitHubWebhook,
   isLinearWebhook: () => isLinearWebhook,
   isPaddleWebhook: () => isPaddleWebhook,
@@ -38,14 +43,30 @@ __export(index_exports, {
   matchAll: () => matchAll,
   matchAny: () => matchAny,
   matchBodyPath: () => matchBodyPath,
+  matchBodySubset: () => matchBodySubset,
+  matchContentType: () => matchContentType,
   matchHeader: () => matchHeader,
   matchJsonField: () => matchJsonField,
   matchMethod: () => matchMethod,
+  matchPath: () => matchPath,
+  matchQueryParam: () => matchQueryParam,
+  parseBody: () => parseBody,
   parseDuration: () => parseDuration,
+  parseFormBody: () => parseFormBody,
   parseJsonBody: () => parseJsonBody,
-  parseSSE: () => parseSSE
+  parseSSE: () => parseSSE,
+  verifyDiscordSignature: () => verifyDiscordSignature,
+  verifyGitHubSignature: () => verifyGitHubSignature,
+  verifyLinearSignature: () => verifyLinearSignature,
+  verifyPaddleSignature: () => verifyPaddleSignature,
+  verifyShopifySignature: () => verifyShopifySignature,
+  verifySignature: () => verifySignature,
+  verifySlackSignature: () => verifySlackSignature,
+  verifyStandardWebhookSignature: () => verifyStandardWebhookSignature,
+  verifyStripeSignature: () => verifyStripeSignature,
+  verifyTwilioSignature: () => verifyTwilioSignature
 });
-module.exports = __toCommonJS(index_exports);
+module.exports = __toCommonJS(src_exports);
 
 // src/errors.ts
 var WebhooksCCError = class extends Error {
@@ -84,7 +105,7 @@ var RateLimitError = class extends WebhooksCCError {
 };
 
 // src/utils.ts
-var DURATION_REGEX = /^(\d+(?:\.\d+)?)\s*(ms|s|m|h)$/;
+var DURATION_REGEX = /^(\d+(?:\.\d+)?)\s*(ms|s|m|h|d)$/;
 function parseDuration(input) {
   if (typeof input === "number") {
     if (!Number.isFinite(input) || input < 0) {
@@ -114,6 +135,8 @@ function parseDuration(input) {
       return value * 6e4;
     case "h":
       return value * 36e5;
+    case "d":
+      return value * 864e5;
     default:
       throw new Error(`Invalid duration: "${input}"`);
   }
@@ -199,14 +222,95 @@ var DEFAULT_TEMPLATE_BY_PROVIDER = {
   stripe: "payment_intent.succeeded",
   github: "push",
   shopify: "orders/create",
-  twilio: "messaging.inbound"
+  twilio: "messaging.inbound",
+  slack: "event_callback",
+  paddle: "transaction.completed",
+  linear: "issue.create"
 };
 var PROVIDER_TEMPLATES = {
   stripe: ["payment_intent.succeeded", "checkout.session.completed", "invoice.paid"],
   github: ["push", "pull_request.opened", "ping"],
   shopify: ["orders/create", "orders/paid", "products/update", "app/uninstalled"],
-  twilio: ["messaging.inbound", "messaging.status_callback", "voice.incoming_call"]
+  twilio: ["messaging.inbound", "messaging.status_callback", "voice.incoming_call"],
+  slack: ["event_callback", "slash_command", "url_verification"],
+  paddle: ["transaction.completed", "subscription.created", "subscription.updated"],
+  linear: ["issue.create", "issue.update", "comment.create"]
 };
+var TEMPLATE_PROVIDERS = [
+  "stripe",
+  "github",
+  "shopify",
+  "twilio",
+  "slack",
+  "paddle",
+  "linear",
+  "standard-webhooks"
+];
+var TEMPLATE_METADATA = Object.freeze({
+  stripe: Object.freeze({
+    provider: "stripe",
+    templates: Object.freeze([...PROVIDER_TEMPLATES.stripe]),
+    defaultTemplate: DEFAULT_TEMPLATE_BY_PROVIDER.stripe,
+    secretRequired: true,
+    signatureHeader: "stripe-signature",
+    signatureAlgorithm: "hmac-sha256"
+  }),
+  github: Object.freeze({
+    provider: "github",
+    templates: Object.freeze([...PROVIDER_TEMPLATES.github]),
+    defaultTemplate: DEFAULT_TEMPLATE_BY_PROVIDER.github,
+    secretRequired: true,
+    signatureHeader: "x-hub-signature-256",
+    signatureAlgorithm: "hmac-sha256"
+  }),
+  shopify: Object.freeze({
+    provider: "shopify",
+    templates: Object.freeze([...PROVIDER_TEMPLATES.shopify]),
+    defaultTemplate: DEFAULT_TEMPLATE_BY_PROVIDER.shopify,
+    secretRequired: true,
+    signatureHeader: "x-shopify-hmac-sha256",
+    signatureAlgorithm: "hmac-sha256"
+  }),
+  twilio: Object.freeze({
+    provider: "twilio",
+    templates: Object.freeze([...PROVIDER_TEMPLATES.twilio]),
+    defaultTemplate: DEFAULT_TEMPLATE_BY_PROVIDER.twilio,
+    secretRequired: true,
+    signatureHeader: "x-twilio-signature",
+    signatureAlgorithm: "hmac-sha1"
+  }),
+  slack: Object.freeze({
+    provider: "slack",
+    templates: Object.freeze([...PROVIDER_TEMPLATES.slack]),
+    defaultTemplate: DEFAULT_TEMPLATE_BY_PROVIDER.slack,
+    secretRequired: true,
+    signatureHeader: "x-slack-signature",
+    signatureAlgorithm: "hmac-sha256"
+  }),
+  paddle: Object.freeze({
+    provider: "paddle",
+    templates: Object.freeze([...PROVIDER_TEMPLATES.paddle]),
+    defaultTemplate: DEFAULT_TEMPLATE_BY_PROVIDER.paddle,
+    secretRequired: true,
+    signatureHeader: "paddle-signature",
+    signatureAlgorithm: "hmac-sha256"
+  }),
+  linear: Object.freeze({
+    provider: "linear",
+    templates: Object.freeze([...PROVIDER_TEMPLATES.linear]),
+    defaultTemplate: DEFAULT_TEMPLATE_BY_PROVIDER.linear,
+    secretRequired: true,
+    signatureHeader: "linear-signature",
+    signatureAlgorithm: "hmac-sha256"
+  }),
+  "standard-webhooks": Object.freeze({
+    provider: "standard-webhooks",
+    templates: Object.freeze([]),
+    secretRequired: true,
+    signatureHeader: "webhook-signature",
+    signatureAlgorithm: "hmac-sha256"
+  })
+});
 function randomHex(length) {
   const bytes = new Uint8Array(Math.ceil(length / 2));
   globalThis.crypto.getRandomValues(bytes);
@@ -609,6 +713,181 @@ function buildTemplatePayload(provider, template, event, now, bodyOverride) {
     };
   }
   if (provider !== "twilio") {
+    if (provider === "slack") {
+      const eventCallbackPayload = {
+        token: randomHex(24),
+        team_id: `T${randomHex(8).toUpperCase()}`,
+        api_app_id: `A${randomHex(8).toUpperCase()}`,
+        type: "event_callback",
+        event: {
+          type: "app_mention",
+          user: `U${randomHex(8).toUpperCase()}`,
+          text: "hello from webhooks.cc",
+          ts: `${nowSec}.000100`,
+          channel: `C${randomHex(8).toUpperCase()}`,
+          event_ts: `${nowSec}.000100`
+        },
+        event_id: `Ev${randomHex(12)}`,
+        event_time: nowSec,
+        authed_users: [`U${randomHex(8).toUpperCase()}`]
+      };
+      const verificationPayload = {
+        token: randomHex(24),
+        challenge: randomHex(16),
+        type: "url_verification"
+      };
+      const defaultSlashCommand = {
+        token: randomHex(24),
+        team_id: `T${randomHex(8).toUpperCase()}`,
+        team_domain: "webhooks-cc",
+        channel_id: `C${randomHex(8).toUpperCase()}`,
+        channel_name: "general",
+        user_id: `U${randomHex(8).toUpperCase()}`,
+        user_name: "webhooks-bot",
+        command: "/webhook-test",
+        text: "hello world",
+        response_url: "https://hooks.slack.com/commands/demo",
+        trigger_id: randomHex(12)
+      };
+      if (template === "slash_command") {
+        let body2;
+        if (bodyOverride === void 0) {
+          body2 = formEncode(defaultSlashCommand);
+        } else if (typeof bodyOverride === "string") {
+          body2 = bodyOverride;
+        } else {
+          const params = asStringRecord(bodyOverride);
+          if (!params) {
+            throw new Error("Slack slash_command body override must be a string or an object");
+          }
+          body2 = formEncode(params);
+        }
+        return {
+          body: body2,
+          contentType: "application/x-www-form-urlencoded",
+          headers: {
+            "user-agent": "Slackbot 1.0 (+https://api.slack.com/robots)"
+          }
+        };
+      }
+      const payload = bodyOverride ?? (template === "url_verification" ? verificationPayload : eventCallbackPayload);
+      const body = typeof payload === "string" ? payload : JSON.stringify(payload);
+      return {
+        body,
+        contentType: "application/json",
+        headers: {
+          "user-agent": "Slackbot 1.0 (+https://api.slack.com/robots)"
+        }
+      };
+    }
+    if (provider === "paddle") {
+      const payloadByTemplate = {
+        "transaction.completed": {
+          event_id: randomUuid(),
+          event_type: "transaction.completed",
+          occurred_at: nowIso,
+          notification_id: randomUuid(),
+          data: {
+            id: `txn_${randomHex(12)}`,
+            status: "completed",
+            customer_id: `ctm_${randomHex(12)}`,
+            currency_code: "USD",
+            total: "49.00"
+          }
+        },
+        "subscription.created": {
+          event_id: randomUuid(),
+          event_type: "subscription.created",
+          occurred_at: nowIso,
+          notification_id: randomUuid(),
+          data: {
+            id: `sub_${randomHex(12)}`,
+            status: "active",
+            customer_id: `ctm_${randomHex(12)}`,
+            next_billed_at: nowIso
+          }
+        },
+        "subscription.updated": {
+          event_id: randomUuid(),
+          event_type: "subscription.updated",
+          occurred_at: nowIso,
+          notification_id: randomUuid(),
+          data: {
+            id: `sub_${randomHex(12)}`,
+            status: "past_due",
+            customer_id: `ctm_${randomHex(12)}`,
+            next_billed_at: nowIso
+          }
+        }
+      };
+      const payload = bodyOverride ?? payloadByTemplate[template];
+      const body = typeof payload === "string" ? payload : JSON.stringify(payload);
+      return {
+        body,
+        contentType: "application/json",
+        headers: {
+          "user-agent": "Paddle/1.0"
+        }
+      };
+    }
+    if (provider === "linear") {
+      const issueId = randomUuid();
+      const payloadByTemplate = {
+        "issue.create": {
+          action: "create",
+          type: "Issue",
+          webhookTimestamp: nowIso,
+          data: {
+            id: issueId,
+            identifier: "ENG-42",
+            title: "Investigate webhook retry regression",
+            description: "Created from the webhooks.cc Linear template",
+            url: `https://linear.app/webhooks-cc/issue/ENG-42/${issueId}`
+          }
+        },
+        "issue.update": {
+          action: "update",
+          type: "Issue",
+          webhookTimestamp: nowIso,
+          data: {
+            id: issueId,
+            identifier: "ENG-42",
+            title: "Investigate webhook retry regression",
+            state: {
+              name: "In Progress"
+            },
+            url: `https://linear.app/webhooks-cc/issue/ENG-42/${issueId}`
+          }
+        },
+        "comment.create": {
+          action: "create",
+          type: "Comment",
+          webhookTimestamp: nowIso,
+          data: {
+            id: randomUuid(),
+            body: "Looks good from the webhook sandbox.",
+            issue: {
+              id: issueId,
+              identifier: "ENG-42",
+              title: "Investigate webhook retry regression"
+            },
+            user: {
+              id: randomUuid(),
+              name: "webhooks.cc bot"
+            }
+          }
+        }
+      };
+      const payload = bodyOverride ?? payloadByTemplate[template];
+      const body = typeof payload === "string" ? payload : JSON.stringify(payload);
+      return {
+        body,
+        contentType: "application/json",
+        headers: {
+          "user-agent": "Linear/1.0"
+        }
+      };
+    }
     throw new Error(`Unsupported provider: ${provider}`);
   }
   const defaultTwilioParamsByTemplate = {
@@ -759,6 +1038,19 @@ function buildTwilioSignaturePayload(endpointUrl, params) {
   }
   return payload;
 }
+function decodeStandardWebhookSecret(secret) {
+  let rawSecret = secret;
+  const hadPrefix = rawSecret.startsWith("whsec_");
+  if (hadPrefix) {
+    rawSecret = rawSecret.slice(6);
+  }
+  try {
+    return fromBase64(rawSecret);
+  } catch {
+    const raw = hadPrefix ? secret : rawSecret;
+    return new TextEncoder().encode(raw);
+  }
+}
 async function buildTemplateSendOptions(endpointUrl, options) {
   if (options.provider === "standard-webhooks") {
     const method2 = (options.method ?? "POST").toUpperCase();
@@ -767,11 +1059,7 @@ async function buildTemplateSendOptions(endpointUrl, options) {
     const msgId = options.event ? `msg_${options.event}_${randomHex(8)}` : `msg_${randomHex(16)}`;
     const timestamp = options.timestamp ?? Math.floor(Date.now() / 1e3);
     const signingInput = `${msgId}.${timestamp}.${body}`;
-    let rawSecret = options.secret;
-    if (rawSecret.startsWith("whsec_")) {
-      rawSecret = rawSecret.slice(6);
-    }
-    const secretBytes = fromBase64(rawSecret);
+    const secretBytes = decodeStandardWebhookSecret(options.secret);
     const signature = await hmacSignRaw("SHA-256", secretBytes, signingInput);
     return {
       method: method2,
@@ -819,6 +1107,21 @@ async function buildTemplateSendOptions(endpointUrl, options) {
     const signature = await hmacSign("SHA-1", options.secret, signaturePayload);
     headers["x-twilio-signature"] = toBase64(signature);
   }
+  if (provider === "slack") {
+    const timestamp = options.timestamp ?? Math.floor(Date.now() / 1e3);
+    const signature = await hmacSign("SHA-256", options.secret, `v0:${timestamp}:${built.body}`);
+    headers["x-slack-request-timestamp"] = String(timestamp);
+    headers["x-slack-signature"] = `v0=${toHex(signature)}`;
+  }
+  if (provider === "paddle") {
+    const timestamp = options.timestamp ?? Math.floor(Date.now() / 1e3);
+    const signature = await hmacSign("SHA-256", options.secret, `${timestamp}:${built.body}`);
+    headers["paddle-signature"] = `ts=${timestamp};h1=${toHex(signature)}`;
+  }
+  if (provider === "linear") {
+    const signature = await hmacSign("SHA-256", options.secret, built.body);
+    headers["linear-signature"] = `sha256=${toHex(signature)}`;
+  }
   return {
     method,
     headers: {
@@ -829,11 +1132,579 @@ async function buildTemplateSendOptions(endpointUrl, options) {
   };
 }
 
+// src/request-export.ts
+var OMITTED_EXPORT_HEADERS = /* @__PURE__ */ new Set([
+  "host",
+  "connection",
+  "content-length",
+  "transfer-encoding",
+  "keep-alive",
+  "te",
+  "trailer",
+  "upgrade",
+  "authorization",
+  "cookie",
+  "proxy-authorization",
+  "set-cookie",
+  "accept-encoding",
+  "cdn-loop",
+  "cf-connecting-ip",
+  "cf-ipcountry",
+  "cf-ray",
+  "cf-visitor",
+  "via",
+  "x-forwarded-for",
+  "x-forwarded-host",
+  "x-forwarded-proto",
+  "x-real-ip",
+  "true-client-ip"
+]);
+var VALID_HTTP_METHOD = /^[A-Z]+$/;
+function normalizePath(path) {
+  return path.startsWith("/") ? path : `/${path}`;
+}
+function buildRequestUrl(endpointUrl, request) {
+  const url = new URL(`${endpointUrl}${normalizePath(request.path)}`);
+  for (const [key, value] of Object.entries(request.queryParams)) {
+    url.searchParams.set(key, value);
+  }
+  return url.toString();
+}
+function shouldIncludeHeader(name) {
+  return !OMITTED_EXPORT_HEADERS.has(name.toLowerCase());
+}
+function escapeForShellDoubleQuotes(value) {
+  return value.replace(/\\/g, "\\\\").replace(/"/g, '\\"').replace(/`/g, "\\`").replace(/\$/g, "\\$").replace(/\n/g, "\\n").replace(/\r/g, "\\r");
+}
+function escapeForShellSingleQuotes(value) {
+  return value.replace(/'/g, "'\\''");
+}
+function buildCurlExport(endpointUrl, requests) {
+  return requests.map((request) => {
+    const method = VALID_HTTP_METHOD.test(request.method) ? request.method : "GET";
+    const parts = [`curl -X ${method}`];
+    for (const [key, value] of Object.entries(request.headers)) {
+      if (!shouldIncludeHeader(key)) {
+        continue;
+      }
+      parts.push(`-H "${escapeForShellDoubleQuotes(key)}: ${escapeForShellDoubleQuotes(value)}"`);
+    }
+    if (request.body) {
+      parts.push(`-d '${escapeForShellSingleQuotes(request.body)}'`);
+    }
+    parts.push(`"${escapeForShellDoubleQuotes(buildRequestUrl(endpointUrl, request))}"`);
+    return parts.join(" \\\n  ");
+  });
+}
+function buildHarExport(endpointUrl, requests, creatorVersion) {
+  return {
+    log: {
+      version: "1.2",
+      creator: {
+        name: "@webhooks-cc/sdk",
+        version: creatorVersion
+      },
+      entries: requests.map((request) => {
+        const contentType = request.contentType ?? "application/octet-stream";
+        return {
+          startedDateTime: new Date(request.receivedAt).toISOString(),
+          time: 0,
+          request: {
+            method: request.method,
+            url: buildRequestUrl(endpointUrl, request),
+            httpVersion: "HTTP/1.1",
+            headers: Object.entries(request.headers).filter(([key]) => shouldIncludeHeader(key)).map(([name, value]) => ({ name, value })),
+            queryString: Object.entries(request.queryParams).map(([name, value]) => ({
+              name,
+              value
+            })),
+            headersSize: -1,
+            bodySize: request.body ? new TextEncoder().encode(request.body).length : 0,
+            ...request.body ? {
+              postData: {
+                mimeType: contentType,
+                text: request.body
+              }
+            } : {}
+          },
+          response: {
+            status: 0,
+            statusText: "",
+            httpVersion: "HTTP/1.1",
+            headers: [],
+            cookies: [],
+            content: {
+              size: 0,
+              mimeType: "x-unknown"
+            },
+            redirectURL: "",
+            headersSize: -1,
+            bodySize: -1
+          },
+          cache: {},
+          timings: {
+            send: 0,
+            wait: 0,
+            receive: 0
+          }
+        };
+      })
+    }
+  };
+}
+
+// src/verify.ts
+function requireSecret(secret, functionName) {
+  if (!secret || typeof secret !== "string") {
+    throw new Error(`${functionName} requires a non-empty secret`);
+  }
+}
+function getHeader(headers, name) {
+  const target = name.toLowerCase();
+  for (const [key, value] of Object.entries(headers)) {
+    if (key.toLowerCase() === target) {
+      return value;
+    }
+  }
+  return void 0;
+}
+function normalizeBody(body) {
+  return body ?? "";
+}
+function hexToBytes(hex) {
+  const normalized = hex.trim().toLowerCase();
+  if (!/^[a-f0-9]+$/.test(normalized) || normalized.length % 2 !== 0) {
+    throw new Error("Expected a hex-encoded value");
+  }
+  const bytes = new Uint8Array(normalized.length / 2);
+  for (let index = 0; index < normalized.length; index += 2) {
+    bytes[index / 2] = parseInt(normalized.slice(index, index + 2), 16);
+  }
+  return bytes;
+}
+function timingSafeEqual(left, right) {
+  if (left.length !== right.length) {
+    return false;
+  }
+  let mismatch = 0;
+  for (let i = 0; i < left.length; i++) {
+    mismatch |= left.charCodeAt(i) ^ right.charCodeAt(i);
+  }
+  return mismatch === 0;
+}
+function parseStripeHeader(signatureHeader) {
+  if (!signatureHeader) {
+    return null;
+  }
+  let timestamp;
+  const signatures = [];
+  for (const part of signatureHeader.split(",")) {
+    const trimmed = part.trim();
+    if (!trimmed) {
+      continue;
+    }
+    const separatorIndex = trimmed.indexOf("=");
+    if (separatorIndex === -1) {
+      continue;
+    }
+    const key = trimmed.slice(0, separatorIndex).trim();
+    const value = trimmed.slice(separatorIndex + 1).trim();
+    if (!value) {
+      continue;
+    }
+    if (key === "t") {
+      timestamp = value;
+      continue;
+    }
+    if (key === "v1") {
+      signatures.push(value.toLowerCase());
+    }
+  }
+  if (!timestamp || signatures.length === 0) {
+    return null;
+  }
+  return { timestamp, signatures };
+}
+function parseStandardSignatures(signatureHeader) {
+  if (!signatureHeader) {
+    return [];
+  }
+  const matches = Array.from(
+    signatureHeader.matchAll(/v1,([A-Za-z0-9+/=]+)/g),
+    (match) => match[1]
+  );
+  if (matches.length > 0) {
+    return matches;
+  }
+  const [version, signature] = signatureHeader.split(",", 2);
+  if (version?.trim() === "v1" && signature?.trim()) {
+    return [signature.trim()];
+  }
+  return [];
+}
+function parsePaddleSignature(signatureHeader) {
+  if (!signatureHeader) {
+    return null;
+  }
+  let timestamp;
+  const signatures = [];
+  for (const part of signatureHeader.split(/[;,]/)) {
+    const trimmed = part.trim();
+    if (!trimmed) {
+      continue;
+    }
+    const separatorIndex = trimmed.indexOf("=");
+    if (separatorIndex === -1) {
+      continue;
+    }
+    const key = trimmed.slice(0, separatorIndex).trim().toLowerCase();
+    const value = trimmed.slice(separatorIndex + 1).trim();
+    if (!value) {
+      continue;
+    }
+    if (key === "ts") {
+      timestamp = value;
+      continue;
+    }
+    if (key === "h1") {
+      signatures.push(value.toLowerCase());
+    }
+  }
+  if (!timestamp || signatures.length === 0) {
+    return null;
+  }
+  return { timestamp, signatures };
+}
+function toTwilioParams(body) {
+  if (body === void 0) {
+    return [];
+  }
+  if (typeof body === "string") {
+    return Array.from(new URLSearchParams(body).entries());
+  }
+  return Object.entries(body).map(([key, value]) => [key, String(value)]);
+}
+async function verifyStripeSignature(body, signatureHeader, secret) {
+  requireSecret(secret, "verifyStripeSignature");
+  const parsed = parseStripeHeader(signatureHeader);
+  if (!parsed) {
+    return false;
+  }
+  const expected = toHex(
+    await hmacSign("SHA-256", secret, `${parsed.timestamp}.${normalizeBody(body)}`)
+  ).toLowerCase();
+  return parsed.signatures.some((signature) => timingSafeEqual(signature, expected));
+}
+async function verifyGitHubSignature(body, signatureHeader, secret) {
+  requireSecret(secret, "verifyGitHubSignature");
+  if (!signatureHeader) {
+    return false;
+  }
+  const match = signatureHeader.trim().match(/^sha256=(.+)$/i);
+  if (!match) {
+    return false;
+  }
+  const expected = toHex(await hmacSign("SHA-256", secret, normalizeBody(body))).toLowerCase();
+  return timingSafeEqual(match[1].toLowerCase(), expected);
+}
+async function verifyShopifySignature(body, signatureHeader, secret) {
+  requireSecret(secret, "verifyShopifySignature");
+  if (!signatureHeader) {
+    return false;
+  }
+  const expected = toBase64(await hmacSign("SHA-256", secret, normalizeBody(body)));
+  return timingSafeEqual(signatureHeader.trim(), expected);
+}
+async function verifyTwilioSignature(url, body, signatureHeader, secret) {
+  requireSecret(secret, "verifyTwilioSignature");
+  if (!url) {
+    throw new Error("verifyTwilioSignature requires the signed URL");
+  }
+  if (!signatureHeader) {
+    return false;
+  }
+  const expected = toBase64(
+    await hmacSign("SHA-1", secret, buildTwilioSignaturePayload(url, toTwilioParams(body)))
+  );
+  return timingSafeEqual(signatureHeader.trim(), expected);
+}
+async function verifySlackSignature(body, headers, secret) {
+  requireSecret(secret, "verifySlackSignature");
+  const signatureHeader = getHeader(headers, "x-slack-signature");
+  const timestamp = getHeader(headers, "x-slack-request-timestamp");
+  if (!signatureHeader || !timestamp) {
+    return false;
+  }
+  const match = signatureHeader.trim().match(/^v0=(.+)$/i);
+  if (!match) {
+    return false;
+  }
+  const expected = toHex(
+    await hmacSign("SHA-256", secret, `v0:${timestamp}:${normalizeBody(body)}`)
+  ).toLowerCase();
+  return timingSafeEqual(match[1].toLowerCase(), expected);
+}
+async function verifyPaddleSignature(body, signatureHeader, secret) {
+  requireSecret(secret, "verifyPaddleSignature");
+  const parsed = parsePaddleSignature(signatureHeader);
+  if (!parsed) {
+    return false;
+  }
+  const expected = toHex(
+    await hmacSign("SHA-256", secret, `${parsed.timestamp}:${normalizeBody(body)}`)
+  ).toLowerCase();
+  return parsed.signatures.some((signature) => timingSafeEqual(signature, expected));
+}
+async function verifyLinearSignature(body, signatureHeader, secret) {
+  requireSecret(secret, "verifyLinearSignature");
+  if (!signatureHeader) {
+    return false;
+  }
+  const match = signatureHeader.trim().match(/^(?:sha256=)?(.+)$/i);
+  if (!match) {
+    return false;
+  }
+  const expected = toHex(await hmacSign("SHA-256", secret, normalizeBody(body))).toLowerCase();
+  return timingSafeEqual(match[1].toLowerCase(), expected);
+}
+async function verifyDiscordSignature(body, headers, publicKey) {
+  if (!publicKey || typeof publicKey !== "string") {
+    throw new Error("verifyDiscordSignature requires a non-empty public key");
+  }
+  const signatureHeader = getHeader(headers, "x-signature-ed25519");
+  const timestamp = getHeader(headers, "x-signature-timestamp");
+  if (!signatureHeader || !timestamp) {
+    return false;
+  }
+  if (!globalThis.crypto?.subtle) {
+    throw new Error("crypto.subtle is required for Discord signature verification");
+  }
+  try {
+    const publicKeyBytes = hexToBytes(publicKey);
+    const signatureBytes = hexToBytes(signatureHeader);
+    const publicKeyData = new Uint8Array(publicKeyBytes.byteLength);
+    publicKeyData.set(publicKeyBytes);
+    const signatureData = new Uint8Array(signatureBytes.byteLength);
+    signatureData.set(signatureBytes);
+    const key = await globalThis.crypto.subtle.importKey(
+      "raw",
+      publicKeyData,
+      { name: "Ed25519" },
+      false,
+      ["verify"]
+    );
+    return await globalThis.crypto.subtle.verify(
+      "Ed25519",
+      key,
+      signatureData,
+      new TextEncoder().encode(`${timestamp}${normalizeBody(body)}`)
+    );
+  } catch {
+    return false;
+  }
+}
+async function verifyStandardWebhookSignature(body, headers, secret) {
+  requireSecret(secret, "verifyStandardWebhookSignature");
+  const messageId = getHeader(headers, "webhook-id");
+  const timestamp = getHeader(headers, "webhook-timestamp");
+  const signatureHeader = getHeader(headers, "webhook-signature");
+  if (!messageId || !timestamp || !signatureHeader) {
+    return false;
+  }
+  const expected = toBase64(
+    await hmacSignRaw(
+      "SHA-256",
+      decodeStandardWebhookSecret(secret),
+      `${messageId}.${timestamp}.${normalizeBody(body)}`
+    )
+  );
+  return parseStandardSignatures(signatureHeader).some(
+    (signature) => timingSafeEqual(signature, expected)
+  );
+}
+async function verifySignature(request, options) {
+  let valid = false;
+  if (options.provider === "stripe") {
+    valid = await verifyStripeSignature(
+      request.body,
+      getHeader(request.headers, "stripe-signature"),
+      options.secret
+    );
+  }
+  if (options.provider === "github") {
+    valid = await verifyGitHubSignature(
+      request.body,
+      getHeader(request.headers, "x-hub-signature-256"),
+      options.secret
+    );
+  }
+  if (options.provider === "shopify") {
+    valid = await verifyShopifySignature(
+      request.body,
+      getHeader(request.headers, "x-shopify-hmac-sha256"),
+      options.secret
+    );
+  }
+  if (options.provider === "twilio") {
+    if (!options.url) {
+      throw new Error('verifySignature for provider "twilio" requires options.url');
+    }
+    valid = await verifyTwilioSignature(
+      options.url,
+      request.body,
+      getHeader(request.headers, "x-twilio-signature"),
+      options.secret
+    );
+  }
+  if (options.provider === "slack") {
+    valid = await verifySlackSignature(request.body, request.headers, options.secret);
+  }
+  if (options.provider === "paddle") {
+    valid = await verifyPaddleSignature(
+      request.body,
+      getHeader(request.headers, "paddle-signature"),
+      options.secret
+    );
+  }
+  if (options.provider === "linear") {
+    valid = await verifyLinearSignature(
+      request.body,
+      getHeader(request.headers, "linear-signature"),
+      options.secret
+    );
+  }
+  if (options.provider === "discord") {
+    valid = await verifyDiscordSignature(request.body, request.headers, options.publicKey);
+  }
+  if (options.provider === "standard-webhooks") {
+    valid = await verifyStandardWebhookSignature(request.body, request.headers, options.secret);
+  }
+  return { valid };
+}
+
+// src/flow.ts
+var WebhookFlowBuilder = class {
+  constructor(client) {
+    this.client = client;
+    this.createOptions = {};
+    this.deleteAfterRun = false;
+  }
+  createEndpoint(options = {}) {
+    this.createOptions = { ...this.createOptions, ...options };
+    return this;
+  }
+  setMock(mockResponse) {
+    this.mockResponse = mockResponse;
+    return this;
+  }
+  send(options = {}) {
+    this.sendStep = { kind: "send", options };
+    return this;
+  }
+  sendTemplate(options) {
+    this.sendStep = { kind: "sendTemplate", options };
+    return this;
+  }
+  waitForCapture(options = {}) {
+    this.waitOptions = options;
+    return this;
+  }
+  verifySignature(options) {
+    this.verificationOptions = options;
+    return this;
+  }
+  replayTo(targetUrl) {
+    this.replayTargetUrl = targetUrl;
+    return this;
+  }
+  cleanup() {
+    this.deleteAfterRun = true;
+    return this;
+  }
+  async run() {
+    let endpoint;
+    let result;
+    let request;
+    try {
+      endpoint = await this.client.endpoints.create(this.createOptions);
+      if (this.mockResponse !== void 0) {
+        await this.client.endpoints.update(endpoint.slug, {
+          mockResponse: this.mockResponse
+        });
+      }
+      if (this.sendStep?.kind === "send") {
+        await this.client.endpoints.send(endpoint.slug, this.sendStep.options);
+      }
+      if (this.sendStep?.kind === "sendTemplate") {
+        await this.client.endpoints.sendTemplate(endpoint.slug, this.sendStep.options);
+      }
+      if (this.waitOptions) {
+        request = await this.client.requests.waitFor(endpoint.slug, this.waitOptions);
+      }
+      let verification;
+      if (this.verificationOptions) {
+        if (!request) {
+          throw new Error("Flow verification requires waitForCapture() to run first");
+        }
+        const resolvedUrl = typeof this.verificationOptions.url === "function" ? this.verificationOptions.url(endpoint, request) : this.verificationOptions.url ?? (this.verificationOptions.provider === "twilio" ? endpoint.url : void 0);
+        if (this.verificationOptions.provider === "discord") {
+          verification = await verifySignature(request, {
+            provider: "discord",
+            publicKey: this.verificationOptions.publicKey
+          });
+        } else {
+          verification = await verifySignature(request, {
+            provider: this.verificationOptions.provider,
+            secret: this.verificationOptions.secret,
+            ...resolvedUrl ? { url: resolvedUrl } : {}
+          });
+        }
+      }
+      let replayResponse;
+      if (this.replayTargetUrl) {
+        if (!request) {
+          throw new Error("Flow replay requires waitForCapture() to run first");
+        }
+        replayResponse = await this.client.requests.replay(request.id, this.replayTargetUrl);
+      }
+      result = {
+        endpoint,
+        request,
+        verification,
+        replayResponse,
+        cleanedUp: false
+      };
+      return result;
+    } finally {
+      if (this.deleteAfterRun && endpoint) {
+        try {
+          await this.client.endpoints.delete(endpoint.slug);
+          if (result) {
+            result.cleanedUp = true;
+          }
+        } catch (error) {
+          if (error instanceof NotFoundError) {
+            if (result) {
+              result.cleanedUp = true;
+            }
+          }
+        }
+      }
+    }
+  }
+};
+
 // src/client.ts
 var DEFAULT_BASE_URL = "https://webhooks.cc";
 var DEFAULT_WEBHOOK_URL = "https://go.webhooks.cc";
 var DEFAULT_TIMEOUT = 3e4;
-var SDK_VERSION = "0.5.0";
+var DEFAULT_RETRY_ATTEMPTS = 1;
+var DEFAULT_RETRY_BACKOFF_MS = 1e3;
+var DEFAULT_RETRY_STATUSES = [429, 500, 502, 503, 504];
+var SDK_VERSION = "0.6.0";
+var WAIT_FOR_LOOKBACK_MS = 5 * 60 * 1e3;
+var DEFAULT_EXPORT_PAGE_SIZE = 100;
+var PROVIDER_PARAM_DESCRIPTION = TEMPLATE_PROVIDERS.map((provider) => `"${provider}"`).join("|");
 var MIN_POLL_INTERVAL = 10;
 var MAX_POLL_INTERVAL = 6e4;
 var ALLOWED_METHODS = /* @__PURE__ */ new Set(["GET", "HEAD", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"]);
@@ -894,28 +1765,235 @@ function validatePathSegment(segment, name) {
     );
   }
 }
-var WebhooksCC = class {
-  constructor(options) {
-    this.endpoints = {
-      create: async (options = {}) => {
-        return this.request("POST", "/endpoints", options);
-      },
-      list: async () => {
-        return this.request("GET", "/endpoints");
-      },
-      get: async (slug) => {
-        validatePathSegment(slug, "slug");
-        return this.request("GET", `/endpoints/${slug}`);
-      },
-      update: async (slug, options) => {
-        validatePathSegment(slug, "slug");
-        if (options.mockResponse && options.mockResponse !== null) {
-          const { status } = options.mockResponse;
-          if (!Number.isInteger(status) || status < 100 || status > 599) {
-            throw new Error(`Invalid mock response status: ${status}. Must be an integer 100-599.`);
-          }
-        }
-        return this.request("PATCH", `/endpoints/${slug}`, options);
+function resolveTimestampFilter(value, now) {
+  if (typeof value === "number") {
+    return value;
+  }
+  const trimmed = value.trim();
+  if (trimmed.length === 0) {
+    throw new Error("Invalid timestamp filter: value cannot be empty");
+  }
+  const asNumber = Number(trimmed);
+  if (!Number.isNaN(asNumber)) {
+    return asNumber;
+  }
+  return now - parseDuration(trimmed);
+}
+function buildSearchQuery(filters, includePagination) {
+  const params = new URLSearchParams();
+  const now = Date.now();
+  if (filters.slug !== void 0) {
+    validatePathSegment(filters.slug, "slug");
+    params.set("slug", filters.slug);
+  }
+  if (filters.method !== void 0) {
+    params.set("method", filters.method);
+  }
+  if (filters.q !== void 0) {
+    params.set("q", filters.q);
+  }
+  if (filters.from !== void 0) {
+    params.set("from", String(resolveTimestampFilter(filters.from, now)));
+  }
+  if (filters.to !== void 0) {
+    params.set("to", String(resolveTimestampFilter(filters.to, now)));
+  }
+  if (includePagination && filters.limit !== void 0) {
+    params.set("limit", String(filters.limit));
+  }
+  if (includePagination && filters.offset !== void 0) {
+    params.set("offset", String(filters.offset));
+  }
+  if (includePagination && filters.order !== void 0) {
+    params.set("order", filters.order);
+  }
+  const query = params.toString();
+  return query ? `?${query}` : "";
+}
+function buildClearQuery(options = {}) {
+  const params = new URLSearchParams();
+  if (options.before !== void 0) {
+    params.set("before", String(resolveTimestampFilter(options.before, Date.now())));
+  }
+  const query = params.toString();
+  return query ? `?${query}` : "";
+}
+function buildPaginatedListQuery(options = {}) {
+  const params = new URLSearchParams();
+  if (options.limit !== void 0) {
+    params.set("limit", String(options.limit));
+  }
+  if (options.cursor !== void 0) {
+    params.set("cursor", options.cursor);
+  }
+  const query = params.toString();
+  return query ? `?${query}` : "";
+}
+function parseRetryAfterHeader(response) {
+  const retryAfterHeader = response.headers.get("retry-after");
+  if (!retryAfterHeader) {
+    return void 0;
+  }
+  const parsedSeconds = parseInt(retryAfterHeader, 10);
+  if (!Number.isNaN(parsedSeconds) && parsedSeconds >= 0) {
+    return parsedSeconds;
+  }
+  return void 0;
+}
+function normalizeRetryOptions(retry) {
+  const maxAttempts = Math.max(1, Math.floor(retry?.maxAttempts ?? DEFAULT_RETRY_ATTEMPTS));
+  const backoffMs = Math.max(0, Math.floor(retry?.backoffMs ?? DEFAULT_RETRY_BACKOFF_MS));
+  return {
+    maxAttempts,
+    backoffMs,
+    retryOn: new Set(retry?.retryOn ?? DEFAULT_RETRY_STATUSES)
+  };
+}
+function normalizeExportPageSize(limit) {
+  if (limit === void 0) {
+    return DEFAULT_EXPORT_PAGE_SIZE;
+  }
+  return Math.max(1, Math.min(DEFAULT_EXPORT_PAGE_SIZE, Math.floor(limit)));
+}
+function buildStreamPath(slug, since) {
+  const params = new URLSearchParams();
+  if (since !== void 0) {
+    params.set("since", String(Math.max(0, Math.floor(since))));
+  }
+  const query = params.toString();
+  return `/api/stream/${slug}${query ? `?${query}` : ""}`;
+}
+function normalizeReconnectBackoff(value) {
+  if (value === void 0) {
+    return DEFAULT_RETRY_BACKOFF_MS;
+  }
+  return Math.max(0, parseDuration(value));
+}
+function shouldReconnectStreamError(error) {
+  if (error instanceof UnauthorizedError || error instanceof NotFoundError) {
+    return false;
+  }
+  if (error instanceof WebhooksCCError) {
+    return error.statusCode === 429 || error.statusCode >= 500;
+  }
+  return error instanceof Error;
+}
+function parseStreamRequest(data) {
+  try {
+    const parsed = JSON.parse(data);
+    if (typeof parsed.endpointId !== "string" || typeof parsed.method !== "string" || typeof parsed.receivedAt !== "number" || typeof parsed.headers !== "object" || parsed.headers === null) {
+      return null;
+    }
+    return {
+      id: typeof parsed._id === "string" ? parsed._id : typeof parsed.id === "string" ? parsed.id : "",
+      endpointId: parsed.endpointId,
+      method: parsed.method,
+      path: typeof parsed.path === "string" ? parsed.path : "/",
+      headers: parsed.headers,
+      body: typeof parsed.body === "string" ? parsed.body : void 0,
+      queryParams: typeof parsed.queryParams === "object" && parsed.queryParams !== null ? parsed.queryParams : {},
+      contentType: typeof parsed.contentType === "string" ? parsed.contentType : void 0,
+      ip: typeof parsed.ip === "string" ? parsed.ip : "unknown",
+      size: typeof parsed.size === "number" ? parsed.size : 0,
+      receivedAt: parsed.receivedAt
+    };
+  } catch {
+    return null;
+  }
+}
+async function collectMatchingRequests(fetchRequests, options) {
+  const timeout = parseDuration(options.timeout ?? 3e4);
+  const rawPollInterval = parseDuration(options.pollInterval ?? 500);
+  const safePollInterval = Math.max(
+    MIN_POLL_INTERVAL,
+    Math.min(MAX_POLL_INTERVAL, rawPollInterval)
+  );
+  const desiredCount = Math.max(1, Math.floor(options.count));
+  const start = Date.now();
+  let lastChecked = start - WAIT_FOR_LOOKBACK_MS;
+  let iterations = 0;
+  const MAX_ITERATIONS = 1e4;
+  const collected = [];
+  const seenRequestIds = /* @__PURE__ */ new Set();
+  while (Date.now() - start < timeout && iterations < MAX_ITERATIONS) {
+    iterations++;
+    const checkTime = Date.now();
+    try {
+      const requests = (await fetchRequests(lastChecked)).slice().sort((left, right) => left.receivedAt - right.receivedAt);
+      lastChecked = checkTime;
+      for (const request of requests) {
+        if (seenRequestIds.has(request.id)) {
+          continue;
+        }
+        seenRequestIds.add(request.id);
+        if (options.match && !options.match(request)) {
+          continue;
+        }
+        collected.push(request);
+        if (collected.length >= desiredCount) {
+          return collected.slice(0, desiredCount);
+        }
+      }
+    } catch (error) {
+      if (error instanceof WebhooksCCError) {
+        if (error instanceof UnauthorizedError || error instanceof NotFoundError) {
+          throw error;
+        }
+        if (error.statusCode < 500 && !(error instanceof RateLimitError)) {
+          throw error;
+        }
+      }
+    }
+    await sleep(safePollInterval);
+  }
+  throw new TimeoutError(timeout);
+}
+function validateMockResponse(mockResponse, fieldName) {
+  const { status } = mockResponse;
+  if (!Number.isInteger(status) || status < 100 || status > 599) {
+    throw new Error(`Invalid ${fieldName} status: ${status}. Must be an integer 100-599.`);
+  }
+}
+var WebhooksCC = class {
+  constructor(options) {
+    this.endpoints = {
+      create: async (options = {}) => {
+        if (options.mockResponse) {
+          validateMockResponse(options.mockResponse, "mock response");
+        }
+        const body = {};
+        if (options.name !== void 0) {
+          body.name = options.name;
+        }
+        if (options.mockResponse !== void 0) {
+          body.mockResponse = options.mockResponse;
+        }
+        const isEphemeral = options.ephemeral === true || options.expiresIn !== void 0;
+        if (isEphemeral) {
+          body.isEphemeral = true;
+        }
+        if (options.expiresIn !== void 0) {
+          const durationMs = parseDuration(options.expiresIn);
+          if (durationMs <= 0) {
+            throw new Error("expiresIn must be greater than 0");
+          }
+          body.expiresAt = Date.now() + durationMs;
+        }
+        return this.request("POST", "/endpoints", body);
+      },
+      list: async () => {
+        return this.request("GET", "/endpoints");
+      },
+      get: async (slug) => {
+        validatePathSegment(slug, "slug");
+        return this.request("GET", `/endpoints/${slug}`);
+      },
+      update: async (slug, options) => {
+        validatePathSegment(slug, "slug");
+        if (options.mockResponse && options.mockResponse !== null) {
+          validateMockResponse(options.mockResponse, "mock response");
+        }
+        return this.request("PATCH", `/endpoints/${slug}`, options);
       },
       delete: async (slug) => {
         validatePathSegment(slug, "slug");
@@ -956,6 +2034,78 @@ var WebhooksCC = class {
         return this.endpoints.send(slug, sendOptions);
       }
     };
+    this.templates = {
+      listProviders: () => {
+        return [...TEMPLATE_PROVIDERS];
+      },
+      get: (provider) => {
+        return TEMPLATE_METADATA[provider];
+      }
+    };
+    this.usage = async () => {
+      return this.request("GET", "/usage");
+    };
+    this.flow = () => {
+      return new WebhookFlowBuilder(this);
+    };
+    /**
+     * Build a request without sending it. Returns the computed method, URL,
+     * headers, and body — including any provider signatures. Useful for
+     * debugging what sendTo would actually send.
+     *
+     * @param url - Target URL (http or https)
+     * @param options - Same options as sendTo
+     * @returns The computed request details
+     */
+    this.buildRequest = async (url, options = {}) => {
+      let parsed;
+      try {
+        parsed = new URL(url);
+      } catch {
+        throw new Error(`Invalid URL: "${url}" is not a valid URL`);
+      }
+      if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+        throw new Error("Invalid URL: only http and https protocols are supported");
+      }
+      if (options.provider) {
+        if (!options.secret || typeof options.secret !== "string") {
+          throw new Error("buildRequest with a provider requires a non-empty secret");
+        }
+        const sendOptions = await buildTemplateSendOptions(url, {
+          provider: options.provider,
+          template: options.template,
+          secret: options.secret,
+          event: options.event,
+          body: options.body,
+          method: options.method,
+          headers: options.headers,
+          timestamp: options.timestamp
+        });
+        return {
+          url,
+          method: (sendOptions.method ?? "POST").toUpperCase(),
+          headers: sendOptions.headers ?? {},
+          body: sendOptions.body !== void 0 ? typeof sendOptions.body === "string" ? sendOptions.body : JSON.stringify(sendOptions.body) : void 0
+        };
+      }
+      const method = (options.method ?? "POST").toUpperCase();
+      if (!ALLOWED_METHODS.has(method)) {
+        throw new Error(
+          `Invalid HTTP method: "${options.method}". Must be one of: ${[...ALLOWED_METHODS].join(", ")}`
+        );
+      }
+      const headers = { ...options.headers ?? {} };
+      const hasContentType = Object.keys(headers).some((k) => k.toLowerCase() === "content-type");
+      if (options.body !== void 0 && !hasContentType) {
+        headers["Content-Type"] = "application/json";
+      }
+      return {
+        url,
+        method,
+        headers,
+        body: options.body !== void 0 ? typeof options.body === "string" ? options.body : JSON.stringify(options.body) : void 0
+      };
+    };
     /**
      * Send a webhook directly to any URL with optional provider signing.
      * Use this for local integration testing — send properly signed webhooks
@@ -1027,10 +2177,86 @@ var WebhooksCC = class {
           `/endpoints/${endpointSlug}/requests${query ? `?${query}` : ""}`
         );
       },
+      listPaginated: async (endpointSlug, options = {}) => {
+        validatePathSegment(endpointSlug, "endpointSlug");
+        return this.request(
+          "GET",
+          `/endpoints/${endpointSlug}/requests/paginated${buildPaginatedListQuery(options)}`
+        );
+      },
       get: async (requestId) => {
         validatePathSegment(requestId, "requestId");
         return this.request("GET", `/requests/${requestId}`);
       },
+      waitForAll: async (endpointSlug, options) => {
+        validatePathSegment(endpointSlug, "endpointSlug");
+        const listLimit = Math.min(1e3, Math.max(100, Math.floor(options.count) * 2));
+        return collectMatchingRequests(
+          (since) => this.requests.list(endpointSlug, {
+            since,
+            limit: listLimit
+          }),
+          options
+        );
+      },
+      search: async (filters = {}) => {
+        return this.request(
+          "GET",
+          `/search/requests${buildSearchQuery(filters, true)}`
+        );
+      },
+      count: async (filters = {}) => {
+        const response = await this.request(
+          "GET",
+          `/search/requests/count${buildSearchQuery(filters, false)}`
+        );
+        return response.count;
+      },
+      clear: async (endpointSlug, options = {}) => {
+        validatePathSegment(endpointSlug, "endpointSlug");
+        await this.request(
+          "DELETE",
+          `/endpoints/${endpointSlug}/requests${buildClearQuery(options)}`
+        );
+      },
+      export: async (endpointSlug, options) => {
+        validatePathSegment(endpointSlug, "endpointSlug");
+        const endpoint = await this.endpoints.get(endpointSlug);
+        const endpointUrl = endpoint.url ?? `${this.webhookUrl}/w/${endpoint.slug}`;
+        const requests = [];
+        const pageSize = normalizeExportPageSize(options.limit);
+        let cursor;
+        while (true) {
+          const remaining = options.limit !== void 0 ? Math.max(0, options.limit - requests.length) : pageSize;
+          if (options.limit !== void 0 && remaining === 0) {
+            break;
+          }
+          const page = await this.requests.listPaginated(endpointSlug, {
+            limit: options.limit !== void 0 ? Math.min(pageSize, remaining) : pageSize,
+            cursor
+          });
+          for (const request of page.items) {
+            if (options.since !== void 0 && request.receivedAt <= options.since) {
+              continue;
+            }
+            requests.push(request);
+            if (options.limit !== void 0 && requests.length >= options.limit) {
+              break;
+            }
+          }
+          if (!page.hasMore || !page.cursor) {
+            break;
+          }
+          if (options.limit !== void 0 && requests.length >= options.limit) {
+            break;
+          }
+          cursor = page.cursor;
+        }
+        if (options.format === "curl") {
+          return buildCurlExport(endpointUrl, requests);
+        }
+        return buildHarExport(endpointUrl, requests, SDK_VERSION);
+      },
       /**
        * Polls for incoming requests until one matches or timeout expires.
        *
@@ -1044,47 +2270,11 @@ var WebhooksCC = class {
        * @throws Error if timeout expires or max iterations (10000) reached
        */
       waitFor: async (endpointSlug, options = {}) => {
-        validatePathSegment(endpointSlug, "endpointSlug");
-        const timeout = parseDuration(options.timeout ?? 3e4);
-        const rawPollInterval = parseDuration(options.pollInterval ?? 500);
-        const { match } = options;
-        const safePollInterval = Math.max(
-          MIN_POLL_INTERVAL,
-          Math.min(MAX_POLL_INTERVAL, rawPollInterval)
-        );
-        const start = Date.now();
-        let lastChecked = start - 5 * 60 * 1e3;
-        const MAX_ITERATIONS = 1e4;
-        let iterations = 0;
-        while (Date.now() - start < timeout && iterations < MAX_ITERATIONS) {
-          iterations++;
-          const checkTime = Date.now();
-          try {
-            const requests = await this.requests.list(endpointSlug, {
-              since: lastChecked,
-              limit: 100
-            });
-            lastChecked = checkTime;
-            const matched = match ? requests.find(match) : requests[0];
-            if (matched) {
-              return matched;
-            }
-          } catch (error) {
-            if (error instanceof WebhooksCCError) {
-              if (error instanceof UnauthorizedError) {
-                throw error;
-              }
-              if (error instanceof NotFoundError) {
-                throw error;
-              }
-              if (error.statusCode < 500 && !(error instanceof RateLimitError)) {
-                throw error;
-              }
-            }
-          }
-          await sleep(safePollInterval);
-        }
-        throw new TimeoutError(timeout);
+        const [request] = await this.requests.waitForAll(endpointSlug, {
+          ...options,
+          count: 1
+        });
+        return request;
       },
       /**
        * Replay a captured request to a target URL.
@@ -1127,20 +2317,25 @@ var WebhooksCC = class {
        * The connection is closed when the iterator is broken, the signal is aborted,
        * or the timeout expires.
        *
-       * No automatic reconnection — if the connection drops, the iterator ends.
+       * Reconnection is opt-in and resumes from the last yielded request timestamp.
        */
       subscribe: (slug, options = {}) => {
         validatePathSegment(slug, "slug");
-        const { signal, timeout } = options;
+        const { signal, timeout, reconnect = false, onReconnect } = options;
         const baseUrl = this.baseUrl;
         const apiKey = this.apiKey;
         const timeoutMs = timeout !== void 0 ? parseDuration(timeout) : void 0;
+        const maxReconnectAttempts = Math.max(0, Math.floor(options.maxReconnectAttempts ?? 5));
+        const reconnectBackoffMs = normalizeReconnectBackoff(options.reconnectBackoffMs);
         return {
           [Symbol.asyncIterator]() {
             const controller = new AbortController();
             let timeoutId;
             let iterator = null;
             let started = false;
+            let reconnectAttempts = 0;
+            let lastReceivedAt;
+            const seenRequestIds = /* @__PURE__ */ new Set();
             const onAbort = () => controller.abort();
             if (signal) {
               if (signal.aborted) {
@@ -1157,7 +2352,10 @@ var WebhooksCC = class {
               if (signal) signal.removeEventListener("abort", onAbort);
             };
             const start = async () => {
-              const url = `${baseUrl}/api/stream/${slug}`;
+              const url = `${baseUrl}${buildStreamPath(
+                slug,
+                lastReceivedAt !== void 0 ? lastReceivedAt - 1 : void 0
+              )}`;
               const connectController = new AbortController();
               const connectTimeout = setTimeout(() => connectController.abort(), 3e4);
               controller.signal.addEventListener("abort", () => connectController.abort(), {
@@ -1173,12 +2371,10 @@ var WebhooksCC = class {
                 clearTimeout(connectTimeout);
               }
               if (!response.ok) {
-                cleanup();
                 const text = await response.text();
                 throw mapStatusToError(response.status, text, response);
               }
               if (!response.body) {
-                cleanup();
                 throw new Error("SSE response has no body");
               }
               controller.signal.addEventListener(
@@ -1191,6 +2387,24 @@ var WebhooksCC = class {
               );
               return parseSSE(response.body);
             };
+            const reconnectStream = async () => {
+              if (!reconnect || reconnectAttempts >= maxReconnectAttempts || controller.signal.aborted) {
+                cleanup();
+                return false;
+              }
+              reconnectAttempts++;
+              try {
+                onReconnect?.(reconnectAttempts);
+              } catch {
+              }
+              await sleep(reconnectBackoffMs * 2 ** (reconnectAttempts - 1));
+              if (controller.signal.aborted) {
+                cleanup();
+                return false;
+              }
+              iterator = await start();
+              return true;
+            };
             return {
               [Symbol.asyncIterator]() {
                 return this;
@@ -1204,32 +2418,26 @@ var WebhooksCC = class {
                   while (iterator) {
                     const { done, value } = await iterator.next();
                     if (done) {
-                      cleanup();
+                      iterator = null;
+                      if (await reconnectStream()) {
+                        continue;
+                      }
                       return { done: true, value: void 0 };
                     }
+                    reconnectAttempts = 0;
                     if (value.event === "request") {
-                      try {
-                        const data = JSON.parse(value.data);
-                        if (!data.endpointId || !data.method || !data.headers || !data.receivedAt) {
-                          continue;
-                        }
-                        const req = {
-                          id: data._id ?? data.id,
-                          endpointId: data.endpointId,
-                          method: data.method,
-                          path: data.path ?? "/",
-                          headers: data.headers,
-                          body: data.body ?? void 0,
-                          queryParams: data.queryParams ?? {},
-                          contentType: data.contentType ?? void 0,
-                          ip: data.ip ?? "unknown",
-                          size: data.size ?? 0,
-                          receivedAt: data.receivedAt
-                        };
-                        return { done: false, value: req };
-                      } catch {
+                      const req = parseStreamRequest(value.data);
+                      if (!req) {
+                        continue;
+                      }
+                      if (req.id && seenRequestIds.has(req.id)) {
                         continue;
                       }
+                      if (req.id) {
+                        seenRequestIds.add(req.id);
+                      }
+                      lastReceivedAt = req.receivedAt;
+                      return { done: false, value: req };
                     }
                     if (value.event === "timeout" || value.event === "endpoint_deleted") {
                       cleanup();
@@ -1239,11 +2447,17 @@ var WebhooksCC = class {
                   cleanup();
                   return { done: true, value: void 0 };
                 } catch (error) {
-                  cleanup();
-                  controller.abort();
                   if (error instanceof Error && error.name === "AbortError") {
+                    cleanup();
+                    controller.abort();
                     return { done: true, value: void 0 };
                   }
+                  iterator = null;
+                  if (shouldReconnectStreamError(error) && await reconnectStream()) {
+                    return this.next();
+                  }
+                  cleanup();
+                  controller.abort();
                   throw error;
                 }
               },
@@ -1267,67 +2481,100 @@ var WebhooksCC = class {
     this.baseUrl = stripTrailingSlashes(options.baseUrl ?? DEFAULT_BASE_URL);
     this.webhookUrl = stripTrailingSlashes(options.webhookUrl ?? DEFAULT_WEBHOOK_URL);
     this.timeout = options.timeout ?? DEFAULT_TIMEOUT;
+    this.retry = normalizeRetryOptions(options.retry);
     this.hooks = options.hooks ?? {};
   }
   async request(method, path, body) {
     const url = `${this.baseUrl}/api${path}`;
-    const controller = new AbortController();
-    const timeoutId = setTimeout(() => controller.abort(), this.timeout);
-    const start = Date.now();
-    try {
-      this.hooks.onRequest?.({ method, url });
-    } catch {
-    }
-    try {
-      const response = await fetch(url, {
-        method,
-        headers: {
-          Authorization: `Bearer ${this.apiKey}`,
-          "Content-Type": "application/json"
-        },
-        body: body ? JSON.stringify(body) : void 0,
-        signal: controller.signal
-      });
-      const durationMs = Date.now() - start;
-      if (!response.ok) {
-        const errorText = await response.text();
-        const sanitizedError = errorText.length > 200 ? errorText.slice(0, 200) + "..." : errorText;
-        const error = mapStatusToError(response.status, sanitizedError, response);
-        try {
-          this.hooks.onError?.({ method, url, error, durationMs });
-        } catch {
-        }
-        throw error;
-      }
+    let attempt = 0;
+    while (true) {
+      attempt++;
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+      const start = Date.now();
       try {
-        this.hooks.onResponse?.({ method, url, status: response.status, durationMs });
+        this.hooks.onRequest?.({ method, url });
       } catch {
       }
-      if (response.status === 204 || response.headers.get("content-length") === "0") {
-        return void 0;
-      }
-      const contentType = response.headers.get("content-type");
-      if (contentType && !contentType.includes("application/json")) {
-        throw new Error(`Unexpected content type: ${contentType}`);
-      }
-      return response.json();
-    } catch (error) {
-      if (error instanceof Error && error.name === "AbortError") {
-        const timeoutError = new TimeoutError(this.timeout);
+      try {
+        const response = await fetch(url, {
+          method,
+          headers: {
+            Authorization: `Bearer ${this.apiKey}`,
+            "Content-Type": "application/json"
+          },
+          body: body ? JSON.stringify(body) : void 0,
+          signal: controller.signal
+        });
+        const durationMs = Date.now() - start;
+        if (!response.ok) {
+          const errorText = await response.text();
+          const sanitizedError = errorText.length > 200 ? errorText.slice(0, 200) + "..." : errorText;
+          const error = mapStatusToError(response.status, sanitizedError, response);
+          try {
+            this.hooks.onError?.({ method, url, error, durationMs });
+          } catch {
+          }
+          if (attempt < this.retry.maxAttempts && this.retry.retryOn.has(response.status)) {
+            const retryDelayMs = response.status === 429 && parseRetryAfterHeader(response) !== void 0 ? (parseRetryAfterHeader(response) ?? 0) * 1e3 : this.retry.backoffMs * 2 ** (attempt - 1);
+            await sleep(retryDelayMs);
+            continue;
+          }
+          throw error;
+        }
         try {
-          this.hooks.onError?.({
-            method,
-            url,
-            error: timeoutError,
-            durationMs: Date.now() - start
-          });
+          this.hooks.onResponse?.({ method, url, status: response.status, durationMs });
         } catch {
         }
-        throw timeoutError;
+        if (response.status === 204 || response.headers.get("content-length") === "0") {
+          return void 0;
+        }
+        const contentType = response.headers.get("content-type");
+        if (contentType && !contentType.includes("application/json")) {
+          throw new Error(`Unexpected content type: ${contentType}`);
+        }
+        return response.json();
+      } catch (error) {
+        if (error instanceof WebhooksCCError) {
+          throw error;
+        }
+        if (error instanceof Error && error.name === "AbortError") {
+          const timeoutError = new TimeoutError(this.timeout);
+          try {
+            this.hooks.onError?.({
+              method,
+              url,
+              error: timeoutError,
+              durationMs: Date.now() - start
+            });
+          } catch {
+          }
+          if (attempt < this.retry.maxAttempts) {
+            await sleep(this.retry.backoffMs * 2 ** (attempt - 1));
+            continue;
+          }
+          throw timeoutError;
+        }
+        const isNetworkError = error instanceof Error;
+        if (isNetworkError) {
+          try {
+            this.hooks.onError?.({
+              method,
+              url,
+              error,
+              durationMs: Date.now() - start
+            });
+          } catch {
+          }
+        }
+        if (attempt < this.retry.maxAttempts && isNetworkError) {
+          await sleep(this.retry.backoffMs * 2 ** (attempt - 1));
+          continue;
+        }
+        throw error;
+      } finally {
+        clearTimeout(timeoutId);
       }
-      throw error;
-    } finally {
-      clearTimeout(timeoutId);
     }
   }
   /** Returns a static description of all SDK operations (no API call). */
@@ -1337,7 +2584,12 @@ var WebhooksCC = class {
       endpoints: {
         create: {
           description: "Create a webhook endpoint",
-          params: { name: "string?" }
+          params: {
+            name: "string?",
+            ephemeral: "boolean?",
+            expiresIn: "number|string?",
+            mockResponse: "object?"
+          }
         },
         list: {
           description: "List all endpoints",
@@ -1363,18 +2615,48 @@ var WebhooksCC = class {
           description: "Send a provider template webhook with signed headers",
           params: {
             slug: "string",
-            provider: '"stripe"|"github"|"shopify"|"twilio"|"standard-webhooks"',
+            provider: PROVIDER_PARAM_DESCRIPTION,
             template: "string?",
             secret: "string",
             event: "string?"
           }
         }
       },
+      templates: {
+        listProviders: {
+          description: "List supported template providers",
+          params: {}
+        },
+        get: {
+          description: "Get static metadata for a template provider",
+          params: {
+            provider: PROVIDER_PARAM_DESCRIPTION
+          }
+        }
+      },
+      usage: {
+        description: "Get current request usage and remaining quota",
+        params: {}
+      },
+      flow: {
+        description: "Create a fluent webhook flow builder for common capture/verify/replay flows",
+        params: {}
+      },
       sendTo: {
         description: "Send a webhook directly to any URL with optional provider signing",
         params: {
           url: "string",
-          provider: '"stripe"|"github"|"shopify"|"twilio"|"standard-webhooks"?',
+          provider: `${PROVIDER_PARAM_DESCRIPTION}?`,
+          secret: "string?",
+          body: "unknown?",
+          headers: "Record<string, string>?"
+        }
+      },
+      buildRequest: {
+        description: "Build a request without sending it \u2014 returns computed method, URL, headers, and body including provider signatures",
+        params: {
+          url: "string",
+          provider: `${PROVIDER_PARAM_DESCRIPTION}?`,
           secret: "string?",
           body: "unknown?",
           headers: "Record<string, string>?"
@@ -1385,10 +2667,24 @@ var WebhooksCC = class {
           description: "List captured requests",
           params: { endpointSlug: "string", limit: "number?", since: "number?" }
         },
+        listPaginated: {
+          description: "List captured requests with cursor-based pagination",
+          params: { endpointSlug: "string", limit: "number?", cursor: "string?" }
+        },
         get: {
           description: "Get request by ID",
           params: { requestId: "string" }
         },
+        waitForAll: {
+          description: "Poll until multiple matching requests arrive",
+          params: {
+            endpointSlug: "string",
+            count: "number",
+            timeout: "number|string?",
+            pollInterval: "number|string?",
+            match: "function?"
+          }
+        },
         waitFor: {
           description: "Poll until a matching request arrives",
           params: {
@@ -1399,11 +2695,58 @@ var WebhooksCC = class {
         },
         subscribe: {
           description: "Stream requests via SSE",
-          params: { slug: "string", signal: "AbortSignal?", timeout: "number|string?" }
+          params: {
+            slug: "string",
+            signal: "AbortSignal?",
+            timeout: "number|string?",
+            reconnect: "boolean?",
+            maxReconnectAttempts: "number?",
+            reconnectBackoffMs: "number|string?",
+            onReconnect: "function?"
+          }
         },
         replay: {
           description: "Replay a captured request to a URL",
           params: { requestId: "string", targetUrl: "string" }
+        },
+        export: {
+          description: "Export captured requests as HAR or cURL commands",
+          params: {
+            endpointSlug: "string",
+            format: '"har"|"curl"',
+            limit: "number?",
+            since: "number?"
+          }
+        },
+        search: {
+          description: "Search retained requests across path, body, and headers",
+          params: {
+            slug: "string?",
+            method: "string?",
+            q: "string?",
+            from: "number|string?",
+            to: "number|string?",
+            limit: "number?",
+            offset: "number?",
+            order: '"asc"|"desc"?'
+          }
+        },
+        count: {
+          description: "Count retained requests matching search filters",
+          params: {
+            slug: "string?",
+            method: "string?",
+            q: "string?",
+            from: "number|string?",
+            to: "number|string?"
+          }
+        },
+        clear: {
+          description: "Delete captured requests for an endpoint",
+          params: {
+            endpointSlug: "string",
+            before: "number|string?"
+          }
         }
       }
     };
@@ -1419,6 +2762,49 @@ function stripTrailingSlashes(url) {
 }
 
 // src/helpers.ts
+function getHeaderValue(headers, name) {
+  const target = name.toLowerCase();
+  for (const [key, value] of Object.entries(headers)) {
+    if (key.toLowerCase() === target) {
+      return value;
+    }
+  }
+  return void 0;
+}
+function getContentType(request) {
+  return request.contentType ?? getHeaderValue(request.headers, "content-type");
+}
+function normalizeContentType(value) {
+  if (!value) {
+    return void 0;
+  }
+  return value.split(";", 1)[0]?.trim().toLowerCase();
+}
+function getJsonPathValue(body, path) {
+  const parts = path.split(".");
+  let current = body;
+  for (const part of parts) {
+    if (current === null || current === void 0) {
+      return void 0;
+    }
+    if (Array.isArray(current)) {
+      const index = Number(part);
+      if (!Number.isInteger(index) || index < 0 || index >= current.length) {
+        return void 0;
+      }
+      current = current[index];
+      continue;
+    }
+    if (typeof current !== "object") {
+      return void 0;
+    }
+    if (!Object.prototype.hasOwnProperty.call(current, part)) {
+      return void 0;
+    }
+    current = current[part];
+  }
+  return current;
+}
 function parseJsonBody(request) {
   if (!request.body) return void 0;
   try {
@@ -1441,6 +2827,50 @@ function matchJsonField(field, value) {
     return body[field] === value;
   };
 }
+function parseFormBody(request) {
+  if (!request.body) {
+    return void 0;
+  }
+  const contentType = normalizeContentType(getContentType(request));
+  if (contentType !== "application/x-www-form-urlencoded") {
+    return void 0;
+  }
+  const parsed = {};
+  for (const [key, value] of new URLSearchParams(request.body).entries()) {
+    const existing = parsed[key];
+    if (existing === void 0) {
+      parsed[key] = value;
+      continue;
+    }
+    if (Array.isArray(existing)) {
+      existing.push(value);
+      continue;
+    }
+    parsed[key] = [existing, value];
+  }
+  return parsed;
+}
+function parseBody(request) {
+  if (!request.body) {
+    return void 0;
+  }
+  const contentType = normalizeContentType(getContentType(request));
+  if (contentType === "application/json" || contentType?.endsWith("+json")) {
+    const parsed = parseJsonBody(request);
+    return parsed === void 0 ? request.body : parsed;
+  }
+  if (contentType === "application/x-www-form-urlencoded") {
+    return parseFormBody(request);
+  }
+  return request.body;
+}
+function extractJsonField(request, path) {
+  const body = parseJsonBody(request);
+  if (body === void 0) {
+    return void 0;
+  }
+  return getJsonPathValue(body, path);
+}
 function isShopifyWebhook(request) {
   return Object.keys(request.headers).some((k) => k.toLowerCase() === "x-shopify-hmac-sha256");
 }
@@ -1456,23 +2886,85 @@ function isPaddleWebhook(request) {
 function isLinearWebhook(request) {
   return Object.keys(request.headers).some((k) => k.toLowerCase() === "linear-signature");
 }
+function isDiscordWebhook(request) {
+  const keys = Object.keys(request.headers).map((k) => k.toLowerCase());
+  return keys.includes("x-signature-ed25519") && keys.includes("x-signature-timestamp");
+}
 function isStandardWebhook(request) {
   const keys = Object.keys(request.headers).map((k) => k.toLowerCase());
   return keys.includes("webhook-id") && keys.includes("webhook-timestamp") && keys.includes("webhook-signature");
 }
 
 // src/matchers.ts
+function getHeaderValue2(headers, name) {
+  const lowerName = name.toLowerCase();
+  for (const [key, value] of Object.entries(headers)) {
+    if (key.toLowerCase() === lowerName) {
+      return value;
+    }
+  }
+  return void 0;
+}
+function globToRegExp(pattern) {
+  let source = "^";
+  for (let index = 0; index < pattern.length; index++) {
+    const char = pattern[index];
+    if (char === "*") {
+      if (pattern[index + 1] === "*") {
+        source += ".*";
+        index++;
+      } else {
+        source += "[^/]*";
+      }
+      continue;
+    }
+    source += /[\\^$+?.()|[\]{}]/.test(char) ? `\\${char}` : char;
+  }
+  source += "$";
+  return new RegExp(source);
+}
+function isDeepSubset(expected, actual) {
+  if (Array.isArray(expected)) {
+    return Array.isArray(actual) && expected.every((value, index) => isDeepSubset(value, actual[index]));
+  }
+  if (expected && typeof expected === "object") {
+    if (!actual || typeof actual !== "object" || Array.isArray(actual)) {
+      return false;
+    }
+    return Object.entries(expected).every(([key, value]) => {
+      if (!Object.prototype.hasOwnProperty.call(actual, key)) {
+        return false;
+      }
+      return isDeepSubset(value, actual[key]);
+    });
+  }
+  return Object.is(expected, actual);
+}
 function matchMethod(method) {
   const upper = method.toUpperCase();
   return (request) => request.method.toUpperCase() === upper;
 }
 function matchHeader(name, value) {
-  const lowerName = name.toLowerCase();
   return (request) => {
-    const entry = Object.entries(request.headers).find(([k]) => k.toLowerCase() === lowerName);
-    if (!entry) return false;
+    const headerValue = getHeaderValue2(request.headers, name);
+    if (headerValue === void 0) return false;
     if (value === void 0) return true;
-    return entry[1] === value;
+    return headerValue === value;
+  };
+}
+function matchPath(pattern) {
+  const regex = globToRegExp(pattern);
+  return (request) => regex.test(request.path);
+}
+function matchQueryParam(key, value) {
+  return (request) => {
+    if (!Object.prototype.hasOwnProperty.call(request.queryParams, key)) {
+      return false;
+    }
+    if (value === void 0) {
+      return true;
+    }
+    return request.queryParams[key] === value;
   };
 }
 function matchBodyPath(path, value) {
@@ -1497,6 +2989,23 @@ function matchBodyPath(path, value) {
     return current === value;
   };
 }
+function matchBodySubset(subset) {
+  return (request) => {
+    const body = parseJsonBody(request);
+    return isDeepSubset(subset, body);
+  };
+}
+function matchContentType(type) {
+  const expected = type.trim().toLowerCase();
+  return (request) => {
+    const raw = request.contentType ?? getHeaderValue2(request.headers, "content-type");
+    if (!raw) {
+      return false;
+    }
+    const normalized = raw.trim().toLowerCase();
+    return normalized === expected || normalized.startsWith(`${expected};`);
+  };
+}
 function matchAll(first, ...rest) {
   const matchers = [first, ...rest];
   return (request) => matchers.every((m) => m(request));
@@ -1505,15 +3014,173 @@ function matchAny(first, ...rest) {
   const matchers = [first, ...rest];
   return (request) => matchers.some((m) => m(request));
 }
+
+// src/diff.ts
+function isPlainObject(value) {
+  return Boolean(value) && typeof value === "object" && !Array.isArray(value);
+}
+function isJsonBody(body) {
+  if (body.length === 0) {
+    return { valid: false };
+  }
+  try {
+    return { valid: true, value: JSON.parse(body) };
+  } catch {
+    return { valid: false };
+  }
+}
+function areEqual(left, right) {
+  if (left === right) {
+    return true;
+  }
+  if (Array.isArray(left) && Array.isArray(right)) {
+    return left.length === right.length && left.every((value, index) => areEqual(value, right[index]));
+  }
+  if (isPlainObject(left) && isPlainObject(right)) {
+    const leftKeys = Object.keys(left);
+    const rightKeys = Object.keys(right);
+    return leftKeys.length === rightKeys.length && leftKeys.every((key) => areEqual(left[key], right[key]));
+  }
+  return Number.isNaN(left) && Number.isNaN(right);
+}
+function compareJsonValues(left, right, path, changes) {
+  if (areEqual(left, right)) {
+    return;
+  }
+  if (Array.isArray(left) && Array.isArray(right)) {
+    const maxLength = Math.max(left.length, right.length);
+    for (let index = 0; index < maxLength; index++) {
+      const nextPath = path ? `${path}.${index}` : String(index);
+      compareJsonValues(left[index], right[index], nextPath, changes);
+    }
+    return;
+  }
+  if (isPlainObject(left) && isPlainObject(right)) {
+    const keys = [.../* @__PURE__ */ new Set([...Object.keys(left), ...Object.keys(right)])].sort();
+    for (const key of keys) {
+      const nextPath = path ? `${path}.${key}` : key;
+      compareJsonValues(left[key], right[key], nextPath, changes);
+    }
+    return;
+  }
+  changes[path || "$"] = { left, right };
+}
+function formatJsonDiff(changes) {
+  return Object.entries(changes).map(
+    ([path, difference]) => `${path}: ${JSON.stringify(difference.left)} -> ${JSON.stringify(difference.right)}`
+  ).join("\n");
+}
+function formatTextDiff(left, right) {
+  const leftLines = left.split("\n");
+  const rightLines = right.split("\n");
+  const maxLength = Math.max(leftLines.length, rightLines.length);
+  const lines = [];
+  for (let index = 0; index < maxLength; index++) {
+    const leftLine = leftLines[index];
+    const rightLine = rightLines[index];
+    if (leftLine === rightLine) {
+      continue;
+    }
+    if (leftLine !== void 0) {
+      lines.push(`- ${leftLine}`);
+    }
+    if (rightLine !== void 0) {
+      lines.push(`+ ${rightLine}`);
+    }
+  }
+  return lines.join("\n");
+}
+function normalizeHeaders(headers, ignoredHeaders) {
+  const normalized = {};
+  for (const [key, value] of Object.entries(headers)) {
+    const lowerKey = key.toLowerCase();
+    if (!ignoredHeaders.has(lowerKey)) {
+      normalized[lowerKey] = value;
+    }
+  }
+  return normalized;
+}
+function diffHeaders(leftHeaders, rightHeaders, options) {
+  const ignoredHeaders = new Set(
+    (options.ignoreHeaders ?? []).map((header) => header.toLowerCase())
+  );
+  const left = normalizeHeaders(leftHeaders, ignoredHeaders);
+  const right = normalizeHeaders(rightHeaders, ignoredHeaders);
+  const leftKeys = new Set(Object.keys(left));
+  const rightKeys = new Set(Object.keys(right));
+  const added = [...rightKeys].filter((key) => !leftKeys.has(key)).sort();
+  const removed = [...leftKeys].filter((key) => !rightKeys.has(key)).sort();
+  const changed = {};
+  for (const key of [...leftKeys].filter((header) => rightKeys.has(header)).sort()) {
+    if (left[key] !== right[key]) {
+      changed[key] = { left: left[key], right: right[key] };
+    }
+  }
+  if (added.length === 0 && removed.length === 0 && Object.keys(changed).length === 0) {
+    return void 0;
+  }
+  return { added, removed, changed };
+}
+function diffBodies(leftBody, rightBody) {
+  const left = leftBody ?? "";
+  const right = rightBody ?? "";
+  if (left === right) {
+    return void 0;
+  }
+  const leftJson = isJsonBody(left);
+  const rightJson = isJsonBody(right);
+  if (leftJson.valid && rightJson.valid) {
+    const changed = {};
+    compareJsonValues(leftJson.value, rightJson.value, "", changed);
+    if (Object.keys(changed).length === 0) {
+      return void 0;
+    }
+    return {
+      type: "json",
+      changed,
+      diff: formatJsonDiff(changed)
+    };
+  }
+  return {
+    type: "text",
+    diff: formatTextDiff(left, right)
+  };
+}
+function diffRequests(left, right, options = {}) {
+  const differences = {};
+  if (left.method !== right.method) {
+    differences.method = { left: left.method, right: right.method };
+  }
+  if (left.path !== right.path) {
+    differences.path = { left: left.path, right: right.path };
+  }
+  const headerDiff = diffHeaders(left.headers, right.headers, options);
+  if (headerDiff) {
+    differences.headers = headerDiff;
+  }
+  const bodyDiff = diffBodies(left.body, right.body);
+  if (bodyDiff) {
+    differences.body = bodyDiff;
+  }
+  return {
+    matches: Object.keys(differences).length === 0,
+    differences
+  };
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   ApiError,
   NotFoundError,
   RateLimitError,
+  TEMPLATE_METADATA,
   TimeoutError,
   UnauthorizedError,
+  WebhookFlowBuilder,
   WebhooksCC,
   WebhooksCCError,
+  diffRequests,
+  extractJsonField,
+  isDiscordWebhook,
   isGitHubWebhook,
   isLinearWebhook,
   isPaddleWebhook,
@@ -1525,10 +3192,26 @@ function matchAny(first, ...rest) {
   matchAll,
   matchAny,
   matchBodyPath,
+  matchBodySubset,
+  matchContentType,
   matchHeader,
   matchJsonField,
   matchMethod,
+  matchPath,
+  matchQueryParam,
+  parseBody,
   parseDuration,
+  parseFormBody,
   parseJsonBody,
-  parseSSE
+  parseSSE,
+  verifyDiscordSignature,
+  verifyGitHubSignature,
+  verifyLinearSignature,
+  verifyPaddleSignature,
+  verifyShopifySignature,
+  verifySignature,
+  verifySlackSignature,
+  verifyStandardWebhookSignature,
+  verifyStripeSignature,
+  verifyTwilioSignature
 });