@webhooks-cc/sdk 1.2.0 → 1.3.0

package/dist/{chunk-7IMPSHQY.mjs → chunk-NSGVJJSF.mjs}

@@ -26,11 +26,16 @@ var TimeoutError = class extends WebhooksCCError {
   }
 };
 var RateLimitError = class extends WebhooksCCError {
-  constructor(retryAfter) {
-    const message = retryAfter ? `Rate limited, retry after ${retryAfter}s` : "Rate limited";
+  constructor(retryAfter, meta) {
+    const message = retryAfter !== void 0 ? `Rate limited, retry after ${retryAfter}s` : "Rate limited";
     super(429, message);
     this.name = "RateLimitError";
     this.retryAfter = retryAfter;
+    if (meta) {
+      this.limit = meta.limit;
+      this.remaining = meta.remaining;
+      this.reset = meta.reset;
+    }
   }
 };
 

package/dist/{diff-DbTsOT_n.d.mts → diff-CRMlHQPX.d.mts}

@@ -18,6 +18,10 @@ interface Endpoint {
     name?: string;
     /** Full URL where webhooks should be sent (undefined if server is misconfigured) */
     url?: string;
+    /** URL to POST a JSON summary to after each captured request (e.g. Slack/Discord webhook) */
+    notificationUrl?: string;
+    /** Ordered conditional response rules (first match wins, then falls back to default mock) */
+    responseRules?: ResponseRule[];
     /** Whether the endpoint auto-expires and may be cleaned up automatically */
     isEphemeral?: boolean;
     /** Unix timestamp (ms) when the endpoint expires, if ephemeral */
@@ -29,6 +33,34 @@ interface Endpoint {
     /** Team this endpoint was shared from (present when shared with you) */
     fromTeam?: TeamShare;
 }
+/** A single condition within a response rule. */
+interface ResponseRuleCondition {
+    /** Field to match: method, path, header, body_contains, body_path, query */
+    field: "method" | "path" | "header" | "body_contains" | "body_path" | "query";
+    /** Comparison operator */
+    op: "eq" | "contains" | "starts_with" | "matches" | "exists";
+    /** Value to compare against (not required for "exists") */
+    value?: string;
+    /** Header name or query param name (required for header/query conditions) */
+    name?: string;
+    /** JSON dot-notation path (required for body_path conditions) */
+    path?: string;
+}
+/** A conditional response rule: when conditions match, return this response. */
+interface ResponseRule {
+    /** Stable identifier for UI drag-reorder */
+    id?: string;
+    /** Human-readable rule name */
+    name?: string;
+    /** Whether this rule is active (default: true) */
+    enabled?: boolean;
+    /** How to combine conditions: "and" (all match) or "or" (any match). Default: "and" */
+    logic?: "and" | "or";
+    /** Conditions to evaluate against the incoming request */
+    conditions: ResponseRuleCondition[];
+    /** Response to return when conditions match */
+    response: MockResponse;
+}
 /** Mock response returned by the receiver instead of the default 200 OK. */
 interface MockResponse {
     /** HTTP status code (100-599) */
@@ -57,6 +89,8 @@ interface Request {
     headers: Record<string, string>;
     /** Request body, if present */
     body?: string;
+    /** Base64-encoded raw bytes, present only for non-UTF-8 payloads */
+    bodyRaw?: string;
     /** URL query parameters */
     queryParams: Record<string, string>;
     /** Content-Type header value, if present */
@@ -121,6 +155,10 @@ interface CreateEndpointOptions {
     expiresIn?: number | string;
     /** Optional mock response to configure at creation time */
     mockResponse?: MockResponse;
+    /** URL to POST a JSON summary to after each captured request */
+    notificationUrl?: string;
+    /** Ordered conditional response rules */
+    responseRules?: ResponseRule[];
 }
 /**
  * Options for updating an existing endpoint.
@@ -130,6 +168,10 @@ interface UpdateEndpointOptions {
     name?: string;
     /** Mock response config, or null to clear */
     mockResponse?: MockResponse | null;
+    /** Notification webhook URL, or null to clear */
+    notificationUrl?: string | null;
+    /** Ordered conditional response rules, or null to clear */
+    responseRules?: ResponseRule[] | null;
 }
 /**
  * Options for sending a test webhook to an endpoint.
@@ -488,11 +530,26 @@ declare class NotFoundError extends WebhooksCCError {
 declare class TimeoutError extends WebhooksCCError {
     constructor(timeoutMs: number);
 }
+/** Rate limit metadata from X-RateLimit-* response headers. */
+interface RateLimitMeta {
+    /** Maximum number of requests allowed in the current window. */
+    limit: number;
+    /** Number of requests remaining in the current window. */
+    remaining: number;
+    /** Unix epoch timestamp (seconds) when the rate limit window resets. */
+    reset: number;
+}
 /** Thrown when the API returns 429 Too Many Requests. */
 declare class RateLimitError extends WebhooksCCError {
     /** Seconds until the rate limit resets, if provided by the server. */
     readonly retryAfter?: number;
-    constructor(retryAfter?: number);
+    /** Maximum number of requests allowed in the current window. */
+    readonly limit?: number;
+    /** Number of requests remaining in the current window. */
+    readonly remaining?: number;
+    /** Unix epoch timestamp (seconds) when the rate limit window resets. */
+    readonly reset?: number;
+    constructor(retryAfter?: number, meta?: RateLimitMeta);
 }
 
 interface FlowClient {
@@ -711,4 +768,4 @@ type ComparableRequest = Pick<Request, "method" | "path" | "headers" | "body"> &
  */
 declare function diffRequests(left: ComparableRequest | SearchResult, right: ComparableRequest | SearchResult, options?: DiffRequestsOptions): DiffResult;
 
-export { type WebhookFlowResult as $, ApiError as A, type BodyDiff as B, type ClearRequestsOptions as C, type DiffRequestsOptions as D, type Endpoint as E, type FormBodyValue as F, type TextBodyDiff as G, type HarExport as H, TimeoutError as I, type JsonBodyDiff as J, type UpdateEndpointOptions as K, type ListPaginatedRequestsOptions as L, type MockResponse as M, NotFoundError as N, type OperationDescription as O, type ParsedBody as P, type UsageInfo as Q, type Request as R, type SearchResult as S, type TeamShare as T, UnauthorizedError as U, type VerifySignatureOptions as V, type ValueDifference as W, type VerifyProvider as X, type WaitForAllOptions as Y, type WaitForOptions as Z, WebhookFlowBuilder as _, type ParsedFormBody as a, type WebhookFlowVerifyOptions as a0, WebhooksCC as a1, WebhooksCCError as a2, diffRequests as a3, type SignatureVerificationResult as b, type ClientHooks as c, type ClientOptions as d, type CreateEndpointOptions as e, type CurlExport as f, type DiffResult as g, type ErrorHookInfo as h, type ExportRequestsOptions as i, type HeaderDiff as j, type ListRequestsOptions as k, type PaginatedResult as l, RateLimitError as m, type RequestDifferences as n, type RequestHookInfo as o, type RequestsExport as p, type ResponseHookInfo as q, type RetryOptions as r, type SDKDescription as s, type SearchFilters as t, type SendOptions as u, type SendTemplateOptions as v, type SendToOptions as w, type SubscribeOptions as x, type TemplateProvider as y, type TemplateProviderInfo as z };
+export { type WaitForAllOptions as $, ApiError as A, type BodyDiff as B, type ClearRequestsOptions as C, type DiffRequestsOptions as D, type Endpoint as E, type FormBodyValue as F, type SubscribeOptions as G, type HarExport as H, type TemplateProvider as I, type JsonBodyDiff as J, type TemplateProviderInfo as K, type ListPaginatedRequestsOptions as L, type MockResponse as M, NotFoundError as N, type OperationDescription as O, type ParsedBody as P, type TextBodyDiff as Q, type Request as R, type SendTemplateOptions as S, type TeamShare as T, TimeoutError as U, type VerifySignatureOptions as V, UnauthorizedError as W, type UpdateEndpointOptions as X, type UsageInfo as Y, type ValueDifference as Z, type VerifyProvider as _, type ParsedFormBody as a, type WaitForOptions as a0, WebhookFlowBuilder as a1, type WebhookFlowResult as a2, type WebhookFlowVerifyOptions as a3, WebhooksCC as a4, WebhooksCCError as a5, diffRequests as a6, type SendOptions as b, type ResponseRule as c, type SearchResult as d, type SignatureVerificationResult as e, type ClientHooks as f, type ClientOptions as g, type CreateEndpointOptions as h, type CurlExport as i, type DiffResult as j, type ErrorHookInfo as k, type ExportRequestsOptions as l, type HeaderDiff as m, type ListRequestsOptions as n, type PaginatedResult as o, RateLimitError as p, type RateLimitMeta as q, type RequestDifferences as r, type RequestHookInfo as s, type RequestsExport as t, type ResponseHookInfo as u, type ResponseRuleCondition as v, type RetryOptions as w, type SDKDescription as x, type SearchFilters as y, type SendToOptions as z };

package/dist/{diff-DbTsOT_n.d.ts → diff-CRMlHQPX.d.ts}

@@ -18,6 +18,10 @@ interface Endpoint {
     name?: string;
     /** Full URL where webhooks should be sent (undefined if server is misconfigured) */
     url?: string;
+    /** URL to POST a JSON summary to after each captured request (e.g. Slack/Discord webhook) */
+    notificationUrl?: string;
+    /** Ordered conditional response rules (first match wins, then falls back to default mock) */
+    responseRules?: ResponseRule[];
     /** Whether the endpoint auto-expires and may be cleaned up automatically */
     isEphemeral?: boolean;
     /** Unix timestamp (ms) when the endpoint expires, if ephemeral */
@@ -29,6 +33,34 @@ interface Endpoint {
     /** Team this endpoint was shared from (present when shared with you) */
     fromTeam?: TeamShare;
 }
+/** A single condition within a response rule. */
+interface ResponseRuleCondition {
+    /** Field to match: method, path, header, body_contains, body_path, query */
+    field: "method" | "path" | "header" | "body_contains" | "body_path" | "query";
+    /** Comparison operator */
+    op: "eq" | "contains" | "starts_with" | "matches" | "exists";
+    /** Value to compare against (not required for "exists") */
+    value?: string;
+    /** Header name or query param name (required for header/query conditions) */
+    name?: string;
+    /** JSON dot-notation path (required for body_path conditions) */
+    path?: string;
+}
+/** A conditional response rule: when conditions match, return this response. */
+interface ResponseRule {
+    /** Stable identifier for UI drag-reorder */
+    id?: string;
+    /** Human-readable rule name */
+    name?: string;
+    /** Whether this rule is active (default: true) */
+    enabled?: boolean;
+    /** How to combine conditions: "and" (all match) or "or" (any match). Default: "and" */
+    logic?: "and" | "or";
+    /** Conditions to evaluate against the incoming request */
+    conditions: ResponseRuleCondition[];
+    /** Response to return when conditions match */
+    response: MockResponse;
+}
 /** Mock response returned by the receiver instead of the default 200 OK. */
 interface MockResponse {
     /** HTTP status code (100-599) */
@@ -57,6 +89,8 @@ interface Request {
     headers: Record<string, string>;
     /** Request body, if present */
     body?: string;
+    /** Base64-encoded raw bytes, present only for non-UTF-8 payloads */
+    bodyRaw?: string;
     /** URL query parameters */
     queryParams: Record<string, string>;
     /** Content-Type header value, if present */
@@ -121,6 +155,10 @@ interface CreateEndpointOptions {
     expiresIn?: number | string;
     /** Optional mock response to configure at creation time */
     mockResponse?: MockResponse;
+    /** URL to POST a JSON summary to after each captured request */
+    notificationUrl?: string;
+    /** Ordered conditional response rules */
+    responseRules?: ResponseRule[];
 }
 /**
  * Options for updating an existing endpoint.
@@ -130,6 +168,10 @@ interface UpdateEndpointOptions {
     name?: string;
     /** Mock response config, or null to clear */
     mockResponse?: MockResponse | null;
+    /** Notification webhook URL, or null to clear */
+    notificationUrl?: string | null;
+    /** Ordered conditional response rules, or null to clear */
+    responseRules?: ResponseRule[] | null;
 }
 /**
  * Options for sending a test webhook to an endpoint.
@@ -488,11 +530,26 @@ declare class NotFoundError extends WebhooksCCError {
 declare class TimeoutError extends WebhooksCCError {
     constructor(timeoutMs: number);
 }
+/** Rate limit metadata from X-RateLimit-* response headers. */
+interface RateLimitMeta {
+    /** Maximum number of requests allowed in the current window. */
+    limit: number;
+    /** Number of requests remaining in the current window. */
+    remaining: number;
+    /** Unix epoch timestamp (seconds) when the rate limit window resets. */
+    reset: number;
+}
 /** Thrown when the API returns 429 Too Many Requests. */
 declare class RateLimitError extends WebhooksCCError {
     /** Seconds until the rate limit resets, if provided by the server. */
     readonly retryAfter?: number;
-    constructor(retryAfter?: number);
+    /** Maximum number of requests allowed in the current window. */
+    readonly limit?: number;
+    /** Number of requests remaining in the current window. */
+    readonly remaining?: number;
+    /** Unix epoch timestamp (seconds) when the rate limit window resets. */
+    readonly reset?: number;
+    constructor(retryAfter?: number, meta?: RateLimitMeta);
 }
 
 interface FlowClient {
@@ -711,4 +768,4 @@ type ComparableRequest = Pick<Request, "method" | "path" | "headers" | "body"> &
  */
 declare function diffRequests(left: ComparableRequest | SearchResult, right: ComparableRequest | SearchResult, options?: DiffRequestsOptions): DiffResult;
 
-export { type WebhookFlowResult as $, ApiError as A, type BodyDiff as B, type ClearRequestsOptions as C, type DiffRequestsOptions as D, type Endpoint as E, type FormBodyValue as F, type TextBodyDiff as G, type HarExport as H, TimeoutError as I, type JsonBodyDiff as J, type UpdateEndpointOptions as K, type ListPaginatedRequestsOptions as L, type MockResponse as M, NotFoundError as N, type OperationDescription as O, type ParsedBody as P, type UsageInfo as Q, type Request as R, type SearchResult as S, type TeamShare as T, UnauthorizedError as U, type VerifySignatureOptions as V, type ValueDifference as W, type VerifyProvider as X, type WaitForAllOptions as Y, type WaitForOptions as Z, WebhookFlowBuilder as _, type ParsedFormBody as a, type WebhookFlowVerifyOptions as a0, WebhooksCC as a1, WebhooksCCError as a2, diffRequests as a3, type SignatureVerificationResult as b, type ClientHooks as c, type ClientOptions as d, type CreateEndpointOptions as e, type CurlExport as f, type DiffResult as g, type ErrorHookInfo as h, type ExportRequestsOptions as i, type HeaderDiff as j, type ListRequestsOptions as k, type PaginatedResult as l, RateLimitError as m, type RequestDifferences as n, type RequestHookInfo as o, type RequestsExport as p, type ResponseHookInfo as q, type RetryOptions as r, type SDKDescription as s, type SearchFilters as t, type SendOptions as u, type SendTemplateOptions as v, type SendToOptions as w, type SubscribeOptions as x, type TemplateProvider as y, type TemplateProviderInfo as z };
+export { type WaitForAllOptions as $, ApiError as A, type BodyDiff as B, type ClearRequestsOptions as C, type DiffRequestsOptions as D, type Endpoint as E, type FormBodyValue as F, type SubscribeOptions as G, type HarExport as H, type TemplateProvider as I, type JsonBodyDiff as J, type TemplateProviderInfo as K, type ListPaginatedRequestsOptions as L, type MockResponse as M, NotFoundError as N, type OperationDescription as O, type ParsedBody as P, type TextBodyDiff as Q, type Request as R, type SendTemplateOptions as S, type TeamShare as T, TimeoutError as U, type VerifySignatureOptions as V, UnauthorizedError as W, type UpdateEndpointOptions as X, type UsageInfo as Y, type ValueDifference as Z, type VerifyProvider as _, type ParsedFormBody as a, type WaitForOptions as a0, WebhookFlowBuilder as a1, type WebhookFlowResult as a2, type WebhookFlowVerifyOptions as a3, WebhooksCC as a4, WebhooksCCError as a5, diffRequests as a6, type SendOptions as b, type ResponseRule as c, type SearchResult as d, type SignatureVerificationResult as e, type ClientHooks as f, type ClientOptions as g, type CreateEndpointOptions as h, type CurlExport as i, type DiffResult as j, type ErrorHookInfo as k, type ExportRequestsOptions as l, type HeaderDiff as m, type ListRequestsOptions as n, type PaginatedResult as o, RateLimitError as p, type RateLimitMeta as q, type RequestDifferences as r, type RequestHookInfo as s, type RequestsExport as t, type ResponseHookInfo as u, type ResponseRuleCondition as v, type RetryOptions as w, type SDKDescription as x, type SearchFilters as y, type SendToOptions as z };

package/dist/index.d.mts

@@ -1,5 +1,5 @@
-import { R as Request, P as ParsedBody, a as ParsedFormBody, S as SearchResult, V as VerifySignatureOptions, b as SignatureVerificationResult } from './diff-DbTsOT_n.mjs';
-export { A as ApiError, B as BodyDiff, C as ClearRequestsOptions, c as ClientHooks, d as ClientOptions, e as CreateEndpointOptions, f as CurlExport, D as DiffRequestsOptions, g as DiffResult, E as Endpoint, h as ErrorHookInfo, i as ExportRequestsOptions, F as FormBodyValue, H as HarExport, j as HeaderDiff, J as JsonBodyDiff, L as ListPaginatedRequestsOptions, k as ListRequestsOptions, M as MockResponse, N as NotFoundError, O as OperationDescription, l as PaginatedResult, m as RateLimitError, n as RequestDifferences, o as RequestHookInfo, p as RequestsExport, q as ResponseHookInfo, r as RetryOptions, s as SDKDescription, t as SearchFilters, u as SendOptions, v as SendTemplateOptions, w as SendToOptions, x as SubscribeOptions, T as TeamShare, y as TemplateProvider, z as TemplateProviderInfo, G as TextBodyDiff, I as TimeoutError, U as UnauthorizedError, K as UpdateEndpointOptions, Q as UsageInfo, W as ValueDifference, X as VerifyProvider, Y as WaitForAllOptions, Z as WaitForOptions, _ as WebhookFlowBuilder, $ as WebhookFlowResult, a0 as WebhookFlowVerifyOptions, a1 as WebhooksCC, a2 as WebhooksCCError, a3 as diffRequests } from './diff-DbTsOT_n.mjs';
+import { R as Request, P as ParsedBody, a as ParsedFormBody, S as SendTemplateOptions, b as SendOptions, M as MockResponse, c as ResponseRule, d as SearchResult, V as VerifySignatureOptions, e as SignatureVerificationResult } from './diff-CRMlHQPX.mjs';
+export { A as ApiError, B as BodyDiff, C as ClearRequestsOptions, f as ClientHooks, g as ClientOptions, h as CreateEndpointOptions, i as CurlExport, D as DiffRequestsOptions, j as DiffResult, E as Endpoint, k as ErrorHookInfo, l as ExportRequestsOptions, F as FormBodyValue, H as HarExport, m as HeaderDiff, J as JsonBodyDiff, L as ListPaginatedRequestsOptions, n as ListRequestsOptions, N as NotFoundError, O as OperationDescription, o as PaginatedResult, p as RateLimitError, q as RateLimitMeta, r as RequestDifferences, s as RequestHookInfo, t as RequestsExport, u as ResponseHookInfo, v as ResponseRuleCondition, w as RetryOptions, x as SDKDescription, y as SearchFilters, z as SendToOptions, G as SubscribeOptions, T as TeamShare, I as TemplateProvider, K as TemplateProviderInfo, Q as TextBodyDiff, U as TimeoutError, W as UnauthorizedError, X as UpdateEndpointOptions, Y as UsageInfo, Z as ValueDifference, _ as VerifyProvider, $ as WaitForAllOptions, a0 as WaitForOptions, a1 as WebhookFlowBuilder, a2 as WebhookFlowResult, a3 as WebhookFlowVerifyOptions, a4 as WebhooksCC, a5 as WebhooksCCError, a6 as diffRequests } from './diff-CRMlHQPX.mjs';
 
 /**
  * Safely parse a JSON request body.
@@ -140,6 +140,8 @@ interface SSEFrame {
  */
 declare function parseSSE(stream: ReadableStream<Uint8Array>): AsyncGenerator<SSEFrame, void, undefined>;
 
+declare const TEMPLATE_PROVIDERS: readonly ["stripe", "github", "shopify", "twilio", "slack", "paddle", "linear", "sendgrid", "clerk", "discord", "vercel", "gitlab", "standard-webhooks"];
+declare const VERIFY_PROVIDERS: readonly ["stripe", "github", "shopify", "twilio", "slack", "paddle", "linear", "clerk", "discord", "vercel", "gitlab", "standard-webhooks"];
 declare const TEMPLATE_METADATA: Readonly<{
     stripe: Readonly<{
         provider: "stripe";
@@ -241,6 +243,24 @@ declare const TEMPLATE_METADATA: Readonly<{
         signatureAlgorithm: "hmac-sha256";
     }>;
 }>;
+/**
+ * Build method/headers/body for a provider template webhook.
+ */
+declare function buildTemplateSendOptions(endpointUrl: string, options: SendTemplateOptions): Promise<SendOptions>;
+
+declare const MOCK_RESPONSE_STATUS_MIN = 100;
+declare const MOCK_RESPONSE_STATUS_MAX = 599;
+declare const MOCK_RESPONSE_DELAY_MIN = 0;
+declare const MOCK_RESPONSE_DELAY_MAX = 30000;
+declare const MAX_RESPONSE_RULES = 50;
+declare const MAX_CONDITIONS_PER_RULE = 10;
+declare const MAX_CONDITION_VALUE_LEN = 4096;
+declare const MAX_CONDITION_NAME_LEN = 256;
+declare const MAX_CONDITION_PATH_LEN = 256;
+declare const MAX_RULE_NAME_LEN = 200;
+declare const MAX_GLOB_PATTERN_LEN = 500;
+declare function validateMockResponse(mockResponse: MockResponse, fieldName?: string): void;
+declare function validateResponseRules(rules: ResponseRule[]): void;
 
 type VerifyableRequest = Pick<Request, "body" | "headers"> | Pick<SearchResult, "body" | "headers">;
 /**
@@ -299,4 +319,4 @@ declare function verifyStandardWebhookSignature(body: string | undefined, header
  */
 declare function verifySignature(request: VerifyableRequest, options: VerifySignatureOptions): Promise<SignatureVerificationResult>;
 
-export { ParsedBody, ParsedFormBody, Request, type SSEFrame, SearchResult, SignatureVerificationResult, TEMPLATE_METADATA, VerifySignatureOptions, extractJsonField, isClerkWebhook, isDiscordWebhook, isGitHubWebhook, isGitLabWebhook, isLinearWebhook, isPaddleWebhook, isSendGridWebhook, isShopifyWebhook, isSlackWebhook, isStandardWebhook, isStripeWebhook, isTwilioWebhook, isVercelWebhook, matchAll, matchAny, matchBodyPath, matchBodySubset, matchContentType, matchHeader, matchJsonField, matchMethod, matchPath, matchQueryParam, parseBody, parseDuration, parseFormBody, parseJsonBody, parseSSE, verifyClerkSignature, verifyDiscordSignature, verifyGitHubSignature, verifyGitLabSignature, verifyLinearSignature, verifyPaddleSignature, verifyShopifySignature, verifySignature, verifySlackSignature, verifyStandardWebhookSignature, verifyStripeSignature, verifyTwilioSignature, verifyVercelSignature };
+export { MAX_CONDITIONS_PER_RULE, MAX_CONDITION_NAME_LEN, MAX_CONDITION_PATH_LEN, MAX_CONDITION_VALUE_LEN, MAX_GLOB_PATTERN_LEN, MAX_RESPONSE_RULES, MAX_RULE_NAME_LEN, MOCK_RESPONSE_DELAY_MAX, MOCK_RESPONSE_DELAY_MIN, MOCK_RESPONSE_STATUS_MAX, MOCK_RESPONSE_STATUS_MIN, MockResponse, ParsedBody, ParsedFormBody, Request, ResponseRule, type SSEFrame, SearchResult, SendOptions, SendTemplateOptions, SignatureVerificationResult, TEMPLATE_METADATA, TEMPLATE_PROVIDERS, VERIFY_PROVIDERS, VerifySignatureOptions, buildTemplateSendOptions, extractJsonField, isClerkWebhook, isDiscordWebhook, isGitHubWebhook, isGitLabWebhook, isLinearWebhook, isPaddleWebhook, isSendGridWebhook, isShopifyWebhook, isSlackWebhook, isStandardWebhook, isStripeWebhook, isTwilioWebhook, isVercelWebhook, matchAll, matchAny, matchBodyPath, matchBodySubset, matchContentType, matchHeader, matchJsonField, matchMethod, matchPath, matchQueryParam, parseBody, parseDuration, parseFormBody, parseJsonBody, parseSSE, validateMockResponse, validateResponseRules, verifyClerkSignature, verifyDiscordSignature, verifyGitHubSignature, verifyGitLabSignature, verifyLinearSignature, verifyPaddleSignature, verifyShopifySignature, verifySignature, verifySlackSignature, verifyStandardWebhookSignature, verifyStripeSignature, verifyTwilioSignature, verifyVercelSignature };

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-import { R as Request, P as ParsedBody, a as ParsedFormBody, S as SearchResult, V as VerifySignatureOptions, b as SignatureVerificationResult } from './diff-DbTsOT_n.js';
-export { A as ApiError, B as BodyDiff, C as ClearRequestsOptions, c as ClientHooks, d as ClientOptions, e as CreateEndpointOptions, f as CurlExport, D as DiffRequestsOptions, g as DiffResult, E as Endpoint, h as ErrorHookInfo, i as ExportRequestsOptions, F as FormBodyValue, H as HarExport, j as HeaderDiff, J as JsonBodyDiff, L as ListPaginatedRequestsOptions, k as ListRequestsOptions, M as MockResponse, N as NotFoundError, O as OperationDescription, l as PaginatedResult, m as RateLimitError, n as RequestDifferences, o as RequestHookInfo, p as RequestsExport, q as ResponseHookInfo, r as RetryOptions, s as SDKDescription, t as SearchFilters, u as SendOptions, v as SendTemplateOptions, w as SendToOptions, x as SubscribeOptions, T as TeamShare, y as TemplateProvider, z as TemplateProviderInfo, G as TextBodyDiff, I as TimeoutError, U as UnauthorizedError, K as UpdateEndpointOptions, Q as UsageInfo, W as ValueDifference, X as VerifyProvider, Y as WaitForAllOptions, Z as WaitForOptions, _ as WebhookFlowBuilder, $ as WebhookFlowResult, a0 as WebhookFlowVerifyOptions, a1 as WebhooksCC, a2 as WebhooksCCError, a3 as diffRequests } from './diff-DbTsOT_n.js';
+import { R as Request, P as ParsedBody, a as ParsedFormBody, S as SendTemplateOptions, b as SendOptions, M as MockResponse, c as ResponseRule, d as SearchResult, V as VerifySignatureOptions, e as SignatureVerificationResult } from './diff-CRMlHQPX.js';
+export { A as ApiError, B as BodyDiff, C as ClearRequestsOptions, f as ClientHooks, g as ClientOptions, h as CreateEndpointOptions, i as CurlExport, D as DiffRequestsOptions, j as DiffResult, E as Endpoint, k as ErrorHookInfo, l as ExportRequestsOptions, F as FormBodyValue, H as HarExport, m as HeaderDiff, J as JsonBodyDiff, L as ListPaginatedRequestsOptions, n as ListRequestsOptions, N as NotFoundError, O as OperationDescription, o as PaginatedResult, p as RateLimitError, q as RateLimitMeta, r as RequestDifferences, s as RequestHookInfo, t as RequestsExport, u as ResponseHookInfo, v as ResponseRuleCondition, w as RetryOptions, x as SDKDescription, y as SearchFilters, z as SendToOptions, G as SubscribeOptions, T as TeamShare, I as TemplateProvider, K as TemplateProviderInfo, Q as TextBodyDiff, U as TimeoutError, W as UnauthorizedError, X as UpdateEndpointOptions, Y as UsageInfo, Z as ValueDifference, _ as VerifyProvider, $ as WaitForAllOptions, a0 as WaitForOptions, a1 as WebhookFlowBuilder, a2 as WebhookFlowResult, a3 as WebhookFlowVerifyOptions, a4 as WebhooksCC, a5 as WebhooksCCError, a6 as diffRequests } from './diff-CRMlHQPX.js';
 
 /**
  * Safely parse a JSON request body.
@@ -140,6 +140,8 @@ interface SSEFrame {
  */
 declare function parseSSE(stream: ReadableStream<Uint8Array>): AsyncGenerator<SSEFrame, void, undefined>;
 
+declare const TEMPLATE_PROVIDERS: readonly ["stripe", "github", "shopify", "twilio", "slack", "paddle", "linear", "sendgrid", "clerk", "discord", "vercel", "gitlab", "standard-webhooks"];
+declare const VERIFY_PROVIDERS: readonly ["stripe", "github", "shopify", "twilio", "slack", "paddle", "linear", "clerk", "discord", "vercel", "gitlab", "standard-webhooks"];
 declare const TEMPLATE_METADATA: Readonly<{
     stripe: Readonly<{
         provider: "stripe";
@@ -241,6 +243,24 @@ declare const TEMPLATE_METADATA: Readonly<{
         signatureAlgorithm: "hmac-sha256";
     }>;
 }>;
+/**
+ * Build method/headers/body for a provider template webhook.
+ */
+declare function buildTemplateSendOptions(endpointUrl: string, options: SendTemplateOptions): Promise<SendOptions>;
+
+declare const MOCK_RESPONSE_STATUS_MIN = 100;
+declare const MOCK_RESPONSE_STATUS_MAX = 599;
+declare const MOCK_RESPONSE_DELAY_MIN = 0;
+declare const MOCK_RESPONSE_DELAY_MAX = 30000;
+declare const MAX_RESPONSE_RULES = 50;
+declare const MAX_CONDITIONS_PER_RULE = 10;
+declare const MAX_CONDITION_VALUE_LEN = 4096;
+declare const MAX_CONDITION_NAME_LEN = 256;
+declare const MAX_CONDITION_PATH_LEN = 256;
+declare const MAX_RULE_NAME_LEN = 200;
+declare const MAX_GLOB_PATTERN_LEN = 500;
+declare function validateMockResponse(mockResponse: MockResponse, fieldName?: string): void;
+declare function validateResponseRules(rules: ResponseRule[]): void;
 
 type VerifyableRequest = Pick<Request, "body" | "headers"> | Pick<SearchResult, "body" | "headers">;
 /**
@@ -299,4 +319,4 @@ declare function verifyStandardWebhookSignature(body: string | undefined, header
  */
 declare function verifySignature(request: VerifyableRequest, options: VerifySignatureOptions): Promise<SignatureVerificationResult>;
 
-export { ParsedBody, ParsedFormBody, Request, type SSEFrame, SearchResult, SignatureVerificationResult, TEMPLATE_METADATA, VerifySignatureOptions, extractJsonField, isClerkWebhook, isDiscordWebhook, isGitHubWebhook, isGitLabWebhook, isLinearWebhook, isPaddleWebhook, isSendGridWebhook, isShopifyWebhook, isSlackWebhook, isStandardWebhook, isStripeWebhook, isTwilioWebhook, isVercelWebhook, matchAll, matchAny, matchBodyPath, matchBodySubset, matchContentType, matchHeader, matchJsonField, matchMethod, matchPath, matchQueryParam, parseBody, parseDuration, parseFormBody, parseJsonBody, parseSSE, verifyClerkSignature, verifyDiscordSignature, verifyGitHubSignature, verifyGitLabSignature, verifyLinearSignature, verifyPaddleSignature, verifyShopifySignature, verifySignature, verifySlackSignature, verifyStandardWebhookSignature, verifyStripeSignature, verifyTwilioSignature, verifyVercelSignature };
+export { MAX_CONDITIONS_PER_RULE, MAX_CONDITION_NAME_LEN, MAX_CONDITION_PATH_LEN, MAX_CONDITION_VALUE_LEN, MAX_GLOB_PATTERN_LEN, MAX_RESPONSE_RULES, MAX_RULE_NAME_LEN, MOCK_RESPONSE_DELAY_MAX, MOCK_RESPONSE_DELAY_MIN, MOCK_RESPONSE_STATUS_MAX, MOCK_RESPONSE_STATUS_MIN, MockResponse, ParsedBody, ParsedFormBody, Request, ResponseRule, type SSEFrame, SearchResult, SendOptions, SendTemplateOptions, SignatureVerificationResult, TEMPLATE_METADATA, TEMPLATE_PROVIDERS, VERIFY_PROVIDERS, VerifySignatureOptions, buildTemplateSendOptions, extractJsonField, isClerkWebhook, isDiscordWebhook, isGitHubWebhook, isGitLabWebhook, isLinearWebhook, isPaddleWebhook, isSendGridWebhook, isShopifyWebhook, isSlackWebhook, isStandardWebhook, isStripeWebhook, isTwilioWebhook, isVercelWebhook, matchAll, matchAny, matchBodyPath, matchBodySubset, matchContentType, matchHeader, matchJsonField, matchMethod, matchPath, matchQueryParam, parseBody, parseDuration, parseFormBody, parseJsonBody, parseSSE, validateMockResponse, validateResponseRules, verifyClerkSignature, verifyDiscordSignature, verifyGitHubSignature, verifyGitLabSignature, verifyLinearSignature, verifyPaddleSignature, verifyShopifySignature, verifySignature, verifySlackSignature, verifyStandardWebhookSignature, verifyStripeSignature, verifyTwilioSignature, verifyVercelSignature };

package/dist/index.js

@@ -21,14 +21,28 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var src_exports = {};
 __export(src_exports, {
   ApiError: () => ApiError,
+  MAX_CONDITIONS_PER_RULE: () => MAX_CONDITIONS_PER_RULE,
+  MAX_CONDITION_NAME_LEN: () => MAX_CONDITION_NAME_LEN,
+  MAX_CONDITION_PATH_LEN: () => MAX_CONDITION_PATH_LEN,
+  MAX_CONDITION_VALUE_LEN: () => MAX_CONDITION_VALUE_LEN,
+  MAX_GLOB_PATTERN_LEN: () => MAX_GLOB_PATTERN_LEN,
+  MAX_RESPONSE_RULES: () => MAX_RESPONSE_RULES,
+  MAX_RULE_NAME_LEN: () => MAX_RULE_NAME_LEN,
+  MOCK_RESPONSE_DELAY_MAX: () => MOCK_RESPONSE_DELAY_MAX,
+  MOCK_RESPONSE_DELAY_MIN: () => MOCK_RESPONSE_DELAY_MIN,
+  MOCK_RESPONSE_STATUS_MAX: () => MOCK_RESPONSE_STATUS_MAX,
+  MOCK_RESPONSE_STATUS_MIN: () => MOCK_RESPONSE_STATUS_MIN,
   NotFoundError: () => NotFoundError,
   RateLimitError: () => RateLimitError,
   TEMPLATE_METADATA: () => TEMPLATE_METADATA,
+  TEMPLATE_PROVIDERS: () => TEMPLATE_PROVIDERS,
   TimeoutError: () => TimeoutError,
   UnauthorizedError: () => UnauthorizedError,
+  VERIFY_PROVIDERS: () => VERIFY_PROVIDERS,
   WebhookFlowBuilder: () => WebhookFlowBuilder,
   WebhooksCC: () => WebhooksCC,
   WebhooksCCError: () => WebhooksCCError,
+  buildTemplateSendOptions: () => buildTemplateSendOptions,
   diffRequests: () => diffRequests,
   extractJsonField: () => extractJsonField,
   isClerkWebhook: () => isClerkWebhook,
@@ -59,6 +73,8 @@ __export(src_exports, {
   parseFormBody: () => parseFormBody,
   parseJsonBody: () => parseJsonBody,
   parseSSE: () => parseSSE,
+  validateMockResponse: () => validateMockResponse,
+  validateResponseRules: () => validateResponseRules,
   verifyClerkSignature: () => verifyClerkSignature,
   verifyDiscordSignature: () => verifyDiscordSignature,
   verifyGitHubSignature: () => verifyGitHubSignature,
@@ -103,11 +119,16 @@ var TimeoutError = class extends WebhooksCCError {
   }
 };
 var RateLimitError = class extends WebhooksCCError {
-  constructor(retryAfter) {
-    const message = retryAfter ? `Rate limited, retry after ${retryAfter}s` : "Rate limited";
+  constructor(retryAfter, meta) {
+    const message = retryAfter !== void 0 ? `Rate limited, retry after ${retryAfter}s` : "Rate limited";
     super(429, message);
     this.name = "RateLimitError";
     this.retryAfter = retryAfter;
+    if (meta) {
+      this.limit = meta.limit;
+      this.remaining = meta.remaining;
+      this.reset = meta.reset;
+    }
   }
 };
 
@@ -268,6 +289,20 @@ var TEMPLATE_PROVIDERS = [
   "gitlab",
   "standard-webhooks"
 ];
+var VERIFY_PROVIDERS = [
+  "stripe",
+  "github",
+  "shopify",
+  "twilio",
+  "slack",
+  "paddle",
+  "linear",
+  "clerk",
+  "discord",
+  "vercel",
+  "gitlab",
+  "standard-webhooks"
+];
 var TEMPLATE_METADATA = Object.freeze({
   stripe: Object.freeze({
     provider: "stripe",
@@ -2181,6 +2216,122 @@ var WebhookFlowBuilder = class {
   }
 };
 
+// src/validation.ts
+var MOCK_RESPONSE_STATUS_MIN = 100;
+var MOCK_RESPONSE_STATUS_MAX = 599;
+var MOCK_RESPONSE_DELAY_MIN = 0;
+var MOCK_RESPONSE_DELAY_MAX = 3e4;
+var MAX_RESPONSE_RULES = 50;
+var MAX_CONDITIONS_PER_RULE = 10;
+var VALID_CONDITION_FIELDS = /* @__PURE__ */ new Set([
+  "method",
+  "path",
+  "header",
+  "body_contains",
+  "body_path",
+  "query"
+]);
+var VALID_CONDITION_OPS = /* @__PURE__ */ new Set(["eq", "contains", "starts_with", "matches", "exists"]);
+var VALID_OPS_BY_FIELD = {
+  method: /* @__PURE__ */ new Set(["eq"]),
+  path: /* @__PURE__ */ new Set(["eq", "contains", "starts_with", "matches"]),
+  header: /* @__PURE__ */ new Set(["exists", "eq", "contains"]),
+  body_contains: /* @__PURE__ */ new Set(["contains"]),
+  body_path: /* @__PURE__ */ new Set(["exists", "eq", "contains"]),
+  query: /* @__PURE__ */ new Set(["exists", "eq"])
+};
+var MAX_CONDITION_VALUE_LEN = 4096;
+var MAX_CONDITION_NAME_LEN = 256;
+var MAX_CONDITION_PATH_LEN = 256;
+var MAX_RULE_NAME_LEN = 200;
+var MAX_GLOB_PATTERN_LEN = 500;
+function validateMockResponse(mockResponse, fieldName = "mock response") {
+  const { status, body, headers, delay } = mockResponse;
+  if (!Number.isInteger(status) || status < MOCK_RESPONSE_STATUS_MIN || status > MOCK_RESPONSE_STATUS_MAX) {
+    throw new Error(
+      `Invalid ${fieldName} status: ${status}. Must be an integer ${MOCK_RESPONSE_STATUS_MIN}-${MOCK_RESPONSE_STATUS_MAX}.`
+    );
+  }
+  if (body !== void 0 && typeof body !== "string") {
+    throw new Error(`Invalid ${fieldName} body: must be a string.`);
+  }
+  if (headers !== void 0) {
+    if (typeof headers !== "object" || headers === null || Array.isArray(headers)) {
+      throw new Error(`Invalid ${fieldName} headers: must be a Record<string, string>.`);
+    }
+    for (const val of Object.values(headers)) {
+      if (typeof val !== "string") {
+        throw new Error(`Invalid ${fieldName} headers: all values must be strings.`);
+      }
+    }
+  }
+  if (delay !== void 0 && (!Number.isInteger(delay) || delay < MOCK_RESPONSE_DELAY_MIN || delay > MOCK_RESPONSE_DELAY_MAX)) {
+    throw new Error(
+      `Invalid ${fieldName} delay: ${delay}. Must be an integer ${MOCK_RESPONSE_DELAY_MIN}-${MOCK_RESPONSE_DELAY_MAX}.`
+    );
+  }
+}
+function validateResponseRules(rules) {
+  if (!Array.isArray(rules)) {
+    throw new Error("responseRules must be an array");
+  }
+  if (rules.length > MAX_RESPONSE_RULES) {
+    throw new Error(`responseRules: max ${MAX_RESPONSE_RULES} rules allowed`);
+  }
+  for (let i = 0; i < rules.length; i++) {
+    const rule = rules[i];
+    const prefix = `responseRules[${i}]`;
+    if (rule.name !== void 0 && (typeof rule.name !== "string" || rule.name.length > MAX_RULE_NAME_LEN)) {
+      throw new Error(`${prefix}: name must be a string (max ${MAX_RULE_NAME_LEN} chars)`);
+    }
+    if (!Array.isArray(rule.conditions) || rule.conditions.length === 0) {
+      throw new Error(`${prefix}: conditions must be a non-empty array`);
+    }
+    if (rule.conditions.length > MAX_CONDITIONS_PER_RULE) {
+      throw new Error(`${prefix}: max ${MAX_CONDITIONS_PER_RULE} conditions per rule`);
+    }
+    if (rule.logic !== void 0 && rule.logic !== "and" && rule.logic !== "or") {
+      throw new Error(`${prefix}: logic must be "and" or "or"`);
+    }
+    for (let j = 0; j < rule.conditions.length; j++) {
+      const c = rule.conditions[j];
+      const cp = `${prefix}.conditions[${j}]`;
+      if (!VALID_CONDITION_FIELDS.has(c.field)) {
+        throw new Error(`${cp}: invalid field "${c.field}"`);
+      }
+      if (!VALID_CONDITION_OPS.has(c.op)) {
+        throw new Error(`${cp}: invalid op "${c.op}"`);
+      }
+      const fieldOps = VALID_OPS_BY_FIELD[c.field];
+      if (fieldOps && !fieldOps.has(c.op)) {
+        throw new Error(`${cp}: op "${c.op}" is not valid for field "${c.field}"`);
+      }
+      if (c.value !== void 0 && typeof c.value === "string" && c.value.length > MAX_CONDITION_VALUE_LEN) {
+        throw new Error(`${cp}: value too long (max ${MAX_CONDITION_VALUE_LEN} chars)`);
+      }
+      if (c.name !== void 0 && typeof c.name === "string" && c.name.length > MAX_CONDITION_NAME_LEN) {
+        throw new Error(`${cp}: name too long (max ${MAX_CONDITION_NAME_LEN} chars)`);
+      }
+      if (c.path !== void 0 && typeof c.path === "string" && c.path.length > MAX_CONDITION_PATH_LEN) {
+        throw new Error(`${cp}: path too long (max ${MAX_CONDITION_PATH_LEN} chars)`);
+      }
+      if ((c.field === "header" || c.field === "query") && (!c.name || c.name.length === 0)) {
+        throw new Error(`${cp}: name is required for ${c.field} conditions`);
+      }
+      if (c.field === "body_path" && (!c.path || c.path.length === 0)) {
+        throw new Error(`${cp}: path is required for body_path conditions`);
+      }
+      if (c.op !== "exists" && (c.value === void 0 || c.value === null)) {
+        throw new Error(`${cp}: value is required when op is "${c.op}"`);
+      }
+      if (c.op === "matches" && c.value && c.value.length > MAX_GLOB_PATTERN_LEN) {
+        throw new Error(`${cp}: matches pattern too long (max ${MAX_GLOB_PATTERN_LEN} chars)`);
+      }
+    }
+    validateMockResponse(rule.response, `${prefix}.response`);
+  }
+}
+
 // src/client.ts
 var DEFAULT_BASE_URL = "https://webhooks.cc";
 var DEFAULT_WEBHOOK_URL = "https://go.webhooks.cc";
@@ -2188,7 +2339,7 @@ var DEFAULT_TIMEOUT = 3e4;
 var DEFAULT_RETRY_ATTEMPTS = 1;
 var DEFAULT_RETRY_BACKOFF_MS = 1e3;
 var DEFAULT_RETRY_STATUSES = [429, 500, 502, 503, 504];
-var SDK_VERSION = "0.6.0";
+var SDK_VERSION = true ? "1.3.0" : "0.0.0-dev";
 var WAIT_FOR_LOOKBACK_MS = 5 * 60 * 1e3;
 var DEFAULT_EXPORT_PAGE_SIZE = 100;
 var PROVIDER_PARAM_DESCRIPTION = TEMPLATE_PROVIDERS.map((provider) => `"${provider}"`).join("|");
@@ -2238,7 +2389,19 @@ function mapStatusToError(status, message, response) {
         const parsed = parseInt(retryAfterHeader, 10);
         retryAfter = Number.isNaN(parsed) ? void 0 : parsed;
       }
-      return new RateLimitError(retryAfter);
+      const limitHeader = response.headers.get("x-ratelimit-limit");
+      const remainingHeader = response.headers.get("x-ratelimit-remaining");
+      const resetHeader = response.headers.get("x-ratelimit-reset");
+      let meta;
+      if (limitHeader !== null && remainingHeader !== null && resetHeader !== null) {
+        const limit = parseInt(limitHeader, 10);
+        const remaining = parseInt(remainingHeader, 10);
+        const reset = parseInt(resetHeader, 10);
+        if (!Number.isNaN(limit) && !Number.isNaN(remaining) && !Number.isNaN(reset) && limit >= 0 && remaining >= 0 && reset >= 0) {
+          meta = { limit, remaining, reset };
+        }
+      }
+      return new RateLimitError(retryAfter, meta);
     }
     default:
       return new WebhooksCCError(status, message);
@@ -2435,15 +2598,6 @@ async function collectMatchingRequests(fetchRequests, options) {
   }
   throw new TimeoutError(timeout);
 }
-function validateMockResponse(mockResponse, fieldName) {
-  const { status, delay } = mockResponse;
-  if (!Number.isInteger(status) || status < 100 || status > 599) {
-    throw new Error(`Invalid ${fieldName} status: ${status}. Must be an integer 100-599.`);
-  }
-  if (delay !== void 0 && (!Number.isInteger(delay) || delay < 0 || delay > 3e4)) {
-    throw new Error(`Invalid ${fieldName} delay: ${delay}. Must be an integer 0-30000.`);
-  }
-}
 var WebhooksCC = class {
   constructor(options) {
     this.endpoints = {
@@ -2451,6 +2605,9 @@ var WebhooksCC = class {
         if (options.mockResponse) {
           validateMockResponse(options.mockResponse, "mock response");
         }
+        if (options.responseRules) {
+          validateResponseRules(options.responseRules);
+        }
         const body = {};
         if (options.name !== void 0) {
           body.name = options.name;
@@ -2458,6 +2615,12 @@ var WebhooksCC = class {
         if (options.mockResponse !== void 0) {
           body.mockResponse = options.mockResponse;
         }
+        if (options.notificationUrl !== void 0) {
+          body.notificationUrl = options.notificationUrl;
+        }
+        if (options.responseRules !== void 0) {
+          body.responseRules = options.responseRules;
+        }
         const isEphemeral = options.ephemeral === true || options.expiresIn !== void 0;
         if (isEphemeral) {
           body.isEphemeral = true;
@@ -2484,9 +2647,12 @@ var WebhooksCC = class {
       },
       update: async (slug, options) => {
         validatePathSegment(slug, "slug");
-        if (options.mockResponse && options.mockResponse !== null) {
+        if (options.mockResponse != null) {
           validateMockResponse(options.mockResponse, "mock response");
         }
+        if (options.responseRules != null) {
+          validateResponseRules(options.responseRules);
+        }
         return this.request("PATCH", `/endpoints/${slug}`, options);
       },
       delete: async (slug) => {
@@ -2796,7 +2962,18 @@ var WebhooksCC = class {
           }
         }
         const upperMethod = captured.method.toUpperCase();
-        const body = upperMethod === "GET" || upperMethod === "HEAD" ? void 0 : captured.body ?? void 0;
+        let body;
+        if (upperMethod === "GET" || upperMethod === "HEAD") {
+          body = void 0;
+        } else if (captured.bodyRaw) {
+          try {
+            body = Uint8Array.from(atob(captured.bodyRaw), (c) => c.charCodeAt(0));
+          } catch {
+            body = captured.body ?? void 0;
+          }
+        } else {
+          body = captured.body ?? void 0;
+        }
         return fetch(targetUrl, {
           method: captured.method,
           headers,
@@ -3082,7 +3259,9 @@ var WebhooksCC = class {
             name: "string?",
             ephemeral: "boolean?",
             expiresIn: "number|string?",
-            mockResponse: "object?"
+            mockResponse: "object?",
+            responseRules: "ResponseRule[]? \u2014 ordered conditional rules (first match wins, max 50). Each rule has conditions (field/op/value) and a response.",
+            notificationUrl: "string?"
           }
         },
         list: {
@@ -3095,7 +3274,13 @@ var WebhooksCC = class {
         },
         update: {
           description: "Update endpoint settings",
-          params: { slug: "string", name: "string?", mockResponse: "object?" }
+          params: {
+            slug: "string",
+            name: "string?",
+            mockResponse: "object? \u2014 default response when no rule matches",
+            responseRules: "ResponseRule[]|null? \u2014 conditional rules (first match wins), or null to clear",
+            notificationUrl: "string?"
+          }
         },
         delete: {
           description: "Delete endpoint and its requests",
@@ -3684,14 +3869,28 @@ function diffRequests(left, right, options = {}) {
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   ApiError,
+  MAX_CONDITIONS_PER_RULE,
+  MAX_CONDITION_NAME_LEN,
+  MAX_CONDITION_PATH_LEN,
+  MAX_CONDITION_VALUE_LEN,
+  MAX_GLOB_PATTERN_LEN,
+  MAX_RESPONSE_RULES,
+  MAX_RULE_NAME_LEN,
+  MOCK_RESPONSE_DELAY_MAX,
+  MOCK_RESPONSE_DELAY_MIN,
+  MOCK_RESPONSE_STATUS_MAX,
+  MOCK_RESPONSE_STATUS_MIN,
   NotFoundError,
   RateLimitError,
   TEMPLATE_METADATA,
+  TEMPLATE_PROVIDERS,
   TimeoutError,
   UnauthorizedError,
+  VERIFY_PROVIDERS,
   WebhookFlowBuilder,
   WebhooksCC,
   WebhooksCCError,
+  buildTemplateSendOptions,
   diffRequests,
   extractJsonField,
   isClerkWebhook,
@@ -3722,6 +3921,8 @@ function diffRequests(left, right, options = {}) {
   parseFormBody,
   parseJsonBody,
   parseSSE,
+  validateMockResponse,
+  validateResponseRules,
   verifyClerkSignature,
   verifyDiscordSignature,
   verifyGitHubSignature,

package/dist/index.mjs

@@ -6,7 +6,7 @@ import {
   WebhooksCCError,
   diffRequests,
   parseDuration
-} from "./chunk-7IMPSHQY.mjs";
+} from "./chunk-NSGVJJSF.mjs";
 
 // src/sse.ts
 async function* parseSSE(stream) {
@@ -127,6 +127,20 @@ var TEMPLATE_PROVIDERS = [
   "gitlab",
   "standard-webhooks"
 ];
+var VERIFY_PROVIDERS = [
+  "stripe",
+  "github",
+  "shopify",
+  "twilio",
+  "slack",
+  "paddle",
+  "linear",
+  "clerk",
+  "discord",
+  "vercel",
+  "gitlab",
+  "standard-webhooks"
+];
 var TEMPLATE_METADATA = Object.freeze({
   stripe: Object.freeze({
     provider: "stripe",
@@ -2040,6 +2054,122 @@ var WebhookFlowBuilder = class {
   }
 };
 
+// src/validation.ts
+var MOCK_RESPONSE_STATUS_MIN = 100;
+var MOCK_RESPONSE_STATUS_MAX = 599;
+var MOCK_RESPONSE_DELAY_MIN = 0;
+var MOCK_RESPONSE_DELAY_MAX = 3e4;
+var MAX_RESPONSE_RULES = 50;
+var MAX_CONDITIONS_PER_RULE = 10;
+var VALID_CONDITION_FIELDS = /* @__PURE__ */ new Set([
+  "method",
+  "path",
+  "header",
+  "body_contains",
+  "body_path",
+  "query"
+]);
+var VALID_CONDITION_OPS = /* @__PURE__ */ new Set(["eq", "contains", "starts_with", "matches", "exists"]);
+var VALID_OPS_BY_FIELD = {
+  method: /* @__PURE__ */ new Set(["eq"]),
+  path: /* @__PURE__ */ new Set(["eq", "contains", "starts_with", "matches"]),
+  header: /* @__PURE__ */ new Set(["exists", "eq", "contains"]),
+  body_contains: /* @__PURE__ */ new Set(["contains"]),
+  body_path: /* @__PURE__ */ new Set(["exists", "eq", "contains"]),
+  query: /* @__PURE__ */ new Set(["exists", "eq"])
+};
+var MAX_CONDITION_VALUE_LEN = 4096;
+var MAX_CONDITION_NAME_LEN = 256;
+var MAX_CONDITION_PATH_LEN = 256;
+var MAX_RULE_NAME_LEN = 200;
+var MAX_GLOB_PATTERN_LEN = 500;
+function validateMockResponse(mockResponse, fieldName = "mock response") {
+  const { status, body, headers, delay } = mockResponse;
+  if (!Number.isInteger(status) || status < MOCK_RESPONSE_STATUS_MIN || status > MOCK_RESPONSE_STATUS_MAX) {
+    throw new Error(
+      `Invalid ${fieldName} status: ${status}. Must be an integer ${MOCK_RESPONSE_STATUS_MIN}-${MOCK_RESPONSE_STATUS_MAX}.`
+    );
+  }
+  if (body !== void 0 && typeof body !== "string") {
+    throw new Error(`Invalid ${fieldName} body: must be a string.`);
+  }
+  if (headers !== void 0) {
+    if (typeof headers !== "object" || headers === null || Array.isArray(headers)) {
+      throw new Error(`Invalid ${fieldName} headers: must be a Record<string, string>.`);
+    }
+    for (const val of Object.values(headers)) {
+      if (typeof val !== "string") {
+        throw new Error(`Invalid ${fieldName} headers: all values must be strings.`);
+      }
+    }
+  }
+  if (delay !== void 0 && (!Number.isInteger(delay) || delay < MOCK_RESPONSE_DELAY_MIN || delay > MOCK_RESPONSE_DELAY_MAX)) {
+    throw new Error(
+      `Invalid ${fieldName} delay: ${delay}. Must be an integer ${MOCK_RESPONSE_DELAY_MIN}-${MOCK_RESPONSE_DELAY_MAX}.`
+    );
+  }
+}
+function validateResponseRules(rules) {
+  if (!Array.isArray(rules)) {
+    throw new Error("responseRules must be an array");
+  }
+  if (rules.length > MAX_RESPONSE_RULES) {
+    throw new Error(`responseRules: max ${MAX_RESPONSE_RULES} rules allowed`);
+  }
+  for (let i = 0; i < rules.length; i++) {
+    const rule = rules[i];
+    const prefix = `responseRules[${i}]`;
+    if (rule.name !== void 0 && (typeof rule.name !== "string" || rule.name.length > MAX_RULE_NAME_LEN)) {
+      throw new Error(`${prefix}: name must be a string (max ${MAX_RULE_NAME_LEN} chars)`);
+    }
+    if (!Array.isArray(rule.conditions) || rule.conditions.length === 0) {
+      throw new Error(`${prefix}: conditions must be a non-empty array`);
+    }
+    if (rule.conditions.length > MAX_CONDITIONS_PER_RULE) {
+      throw new Error(`${prefix}: max ${MAX_CONDITIONS_PER_RULE} conditions per rule`);
+    }
+    if (rule.logic !== void 0 && rule.logic !== "and" && rule.logic !== "or") {
+      throw new Error(`${prefix}: logic must be "and" or "or"`);
+    }
+    for (let j = 0; j < rule.conditions.length; j++) {
+      const c = rule.conditions[j];
+      const cp = `${prefix}.conditions[${j}]`;
+      if (!VALID_CONDITION_FIELDS.has(c.field)) {
+        throw new Error(`${cp}: invalid field "${c.field}"`);
+      }
+      if (!VALID_CONDITION_OPS.has(c.op)) {
+        throw new Error(`${cp}: invalid op "${c.op}"`);
+      }
+      const fieldOps = VALID_OPS_BY_FIELD[c.field];
+      if (fieldOps && !fieldOps.has(c.op)) {
+        throw new Error(`${cp}: op "${c.op}" is not valid for field "${c.field}"`);
+      }
+      if (c.value !== void 0 && typeof c.value === "string" && c.value.length > MAX_CONDITION_VALUE_LEN) {
+        throw new Error(`${cp}: value too long (max ${MAX_CONDITION_VALUE_LEN} chars)`);
+      }
+      if (c.name !== void 0 && typeof c.name === "string" && c.name.length > MAX_CONDITION_NAME_LEN) {
+        throw new Error(`${cp}: name too long (max ${MAX_CONDITION_NAME_LEN} chars)`);
+      }
+      if (c.path !== void 0 && typeof c.path === "string" && c.path.length > MAX_CONDITION_PATH_LEN) {
+        throw new Error(`${cp}: path too long (max ${MAX_CONDITION_PATH_LEN} chars)`);
+      }
+      if ((c.field === "header" || c.field === "query") && (!c.name || c.name.length === 0)) {
+        throw new Error(`${cp}: name is required for ${c.field} conditions`);
+      }
+      if (c.field === "body_path" && (!c.path || c.path.length === 0)) {
+        throw new Error(`${cp}: path is required for body_path conditions`);
+      }
+      if (c.op !== "exists" && (c.value === void 0 || c.value === null)) {
+        throw new Error(`${cp}: value is required when op is "${c.op}"`);
+      }
+      if (c.op === "matches" && c.value && c.value.length > MAX_GLOB_PATTERN_LEN) {
+        throw new Error(`${cp}: matches pattern too long (max ${MAX_GLOB_PATTERN_LEN} chars)`);
+      }
+    }
+    validateMockResponse(rule.response, `${prefix}.response`);
+  }
+}
+
 // src/client.ts
 var DEFAULT_BASE_URL = "https://webhooks.cc";
 var DEFAULT_WEBHOOK_URL = "https://go.webhooks.cc";
@@ -2047,7 +2177,7 @@ var DEFAULT_TIMEOUT = 3e4;
 var DEFAULT_RETRY_ATTEMPTS = 1;
 var DEFAULT_RETRY_BACKOFF_MS = 1e3;
 var DEFAULT_RETRY_STATUSES = [429, 500, 502, 503, 504];
-var SDK_VERSION = "0.6.0";
+var SDK_VERSION = true ? "1.3.0" : "0.0.0-dev";
 var WAIT_FOR_LOOKBACK_MS = 5 * 60 * 1e3;
 var DEFAULT_EXPORT_PAGE_SIZE = 100;
 var PROVIDER_PARAM_DESCRIPTION = TEMPLATE_PROVIDERS.map((provider) => `"${provider}"`).join("|");
@@ -2097,7 +2227,19 @@ function mapStatusToError(status, message, response) {
         const parsed = parseInt(retryAfterHeader, 10);
         retryAfter = Number.isNaN(parsed) ? void 0 : parsed;
       }
-      return new RateLimitError(retryAfter);
+      const limitHeader = response.headers.get("x-ratelimit-limit");
+      const remainingHeader = response.headers.get("x-ratelimit-remaining");
+      const resetHeader = response.headers.get("x-ratelimit-reset");
+      let meta;
+      if (limitHeader !== null && remainingHeader !== null && resetHeader !== null) {
+        const limit = parseInt(limitHeader, 10);
+        const remaining = parseInt(remainingHeader, 10);
+        const reset = parseInt(resetHeader, 10);
+        if (!Number.isNaN(limit) && !Number.isNaN(remaining) && !Number.isNaN(reset) && limit >= 0 && remaining >= 0 && reset >= 0) {
+          meta = { limit, remaining, reset };
+        }
+      }
+      return new RateLimitError(retryAfter, meta);
     }
     default:
       return new WebhooksCCError(status, message);
@@ -2294,15 +2436,6 @@ async function collectMatchingRequests(fetchRequests, options) {
   }
   throw new TimeoutError(timeout);
 }
-function validateMockResponse(mockResponse, fieldName) {
-  const { status, delay } = mockResponse;
-  if (!Number.isInteger(status) || status < 100 || status > 599) {
-    throw new Error(`Invalid ${fieldName} status: ${status}. Must be an integer 100-599.`);
-  }
-  if (delay !== void 0 && (!Number.isInteger(delay) || delay < 0 || delay > 3e4)) {
-    throw new Error(`Invalid ${fieldName} delay: ${delay}. Must be an integer 0-30000.`);
-  }
-}
 var WebhooksCC = class {
   constructor(options) {
     this.endpoints = {
@@ -2310,6 +2443,9 @@ var WebhooksCC = class {
         if (options.mockResponse) {
           validateMockResponse(options.mockResponse, "mock response");
         }
+        if (options.responseRules) {
+          validateResponseRules(options.responseRules);
+        }
         const body = {};
         if (options.name !== void 0) {
           body.name = options.name;
@@ -2317,6 +2453,12 @@ var WebhooksCC = class {
         if (options.mockResponse !== void 0) {
           body.mockResponse = options.mockResponse;
         }
+        if (options.notificationUrl !== void 0) {
+          body.notificationUrl = options.notificationUrl;
+        }
+        if (options.responseRules !== void 0) {
+          body.responseRules = options.responseRules;
+        }
         const isEphemeral = options.ephemeral === true || options.expiresIn !== void 0;
         if (isEphemeral) {
           body.isEphemeral = true;
@@ -2343,9 +2485,12 @@ var WebhooksCC = class {
       },
       update: async (slug, options) => {
         validatePathSegment(slug, "slug");
-        if (options.mockResponse && options.mockResponse !== null) {
+        if (options.mockResponse != null) {
           validateMockResponse(options.mockResponse, "mock response");
         }
+        if (options.responseRules != null) {
+          validateResponseRules(options.responseRules);
+        }
         return this.request("PATCH", `/endpoints/${slug}`, options);
       },
       delete: async (slug) => {
@@ -2655,7 +2800,18 @@ var WebhooksCC = class {
           }
         }
         const upperMethod = captured.method.toUpperCase();
-        const body = upperMethod === "GET" || upperMethod === "HEAD" ? void 0 : captured.body ?? void 0;
+        let body;
+        if (upperMethod === "GET" || upperMethod === "HEAD") {
+          body = void 0;
+        } else if (captured.bodyRaw) {
+          try {
+            body = Uint8Array.from(atob(captured.bodyRaw), (c) => c.charCodeAt(0));
+          } catch {
+            body = captured.body ?? void 0;
+          }
+        } else {
+          body = captured.body ?? void 0;
+        }
         return fetch(targetUrl, {
           method: captured.method,
           headers,
@@ -2941,7 +3097,9 @@ var WebhooksCC = class {
             name: "string?",
             ephemeral: "boolean?",
             expiresIn: "number|string?",
-            mockResponse: "object?"
+            mockResponse: "object?",
+            responseRules: "ResponseRule[]? \u2014 ordered conditional rules (first match wins, max 50). Each rule has conditions (field/op/value) and a response.",
+            notificationUrl: "string?"
           }
         },
         list: {
@@ -2954,7 +3112,13 @@ var WebhooksCC = class {
         },
         update: {
           description: "Update endpoint settings",
-          params: { slug: "string", name: "string?", mockResponse: "object?" }
+          params: {
+            slug: "string",
+            name: "string?",
+            mockResponse: "object? \u2014 default response when no rule matches",
+            responseRules: "ResponseRule[]|null? \u2014 conditional rules (first match wins), or null to clear",
+            notificationUrl: "string?"
+          }
         },
         delete: {
           description: "Delete endpoint and its requests",
@@ -3389,14 +3553,28 @@ function matchAny(first, ...rest) {
 }
 export {
   ApiError,
+  MAX_CONDITIONS_PER_RULE,
+  MAX_CONDITION_NAME_LEN,
+  MAX_CONDITION_PATH_LEN,
+  MAX_CONDITION_VALUE_LEN,
+  MAX_GLOB_PATTERN_LEN,
+  MAX_RESPONSE_RULES,
+  MAX_RULE_NAME_LEN,
+  MOCK_RESPONSE_DELAY_MAX,
+  MOCK_RESPONSE_DELAY_MIN,
+  MOCK_RESPONSE_STATUS_MAX,
+  MOCK_RESPONSE_STATUS_MIN,
   NotFoundError,
   RateLimitError,
   TEMPLATE_METADATA,
+  TEMPLATE_PROVIDERS,
   TimeoutError,
   UnauthorizedError,
+  VERIFY_PROVIDERS,
   WebhookFlowBuilder,
   WebhooksCC,
   WebhooksCCError,
+  buildTemplateSendOptions,
   diffRequests,
   extractJsonField,
   isClerkWebhook,
@@ -3427,6 +3605,8 @@ export {
   parseFormBody,
   parseJsonBody,
   parseSSE,
+  validateMockResponse,
+  validateResponseRules,
   verifyClerkSignature,
   verifyDiscordSignature,
   verifyGitHubSignature,

package/dist/testing.d.mts

@@ -1,4 +1,4 @@
-import { g as DiffResult, e as CreateEndpointOptions, R as Request, a1 as WebhooksCC, E as Endpoint } from './diff-DbTsOT_n.mjs';
+import { j as DiffResult, h as CreateEndpointOptions, R as Request, a4 as WebhooksCC, E as Endpoint } from './diff-CRMlHQPX.mjs';
 
 type TestingClient = Pick<WebhooksCC, "endpoints" | "requests">;
 interface AssertRequestExpectation {

package/dist/testing.d.ts

@@ -1,4 +1,4 @@
-import { g as DiffResult, e as CreateEndpointOptions, R as Request, a1 as WebhooksCC, E as Endpoint } from './diff-DbTsOT_n.js';
+import { j as DiffResult, h as CreateEndpointOptions, R as Request, a4 as WebhooksCC, E as Endpoint } from './diff-CRMlHQPX.js';
 
 type TestingClient = Pick<WebhooksCC, "endpoints" | "requests">;
 interface AssertRequestExpectation {

package/dist/testing.mjs

@@ -3,7 +3,7 @@ import {
   TimeoutError,
   diffRequests,
   parseDuration
-} from "./chunk-7IMPSHQY.mjs";
+} from "./chunk-NSGVJJSF.mjs";
 
 // src/testing.ts
 var MIN_CAPTURE_POLL_INTERVAL = 10;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@webhooks-cc/sdk",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "description": "TypeScript SDK for webhooks.cc — create endpoints, capture requests, assert in tests",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -37,9 +37,10 @@
   },
   "homepage": "https://webhooks.cc",
   "devDependencies": {
+    "@types/node": "^24.0.0",
     "tsup": "^8.5.1",
-    "typescript": "^5.9.3",
-    "vitest": "^4.1.1"
+    "typescript": "^6.0.2",
+    "vitest": "^4.1.2"
   },
   "scripts": {
     "build": "tsup --config tsup.config.ts",