@zerocore1/sdk 0.1.0

package/dist/index.cjs

@@ -0,0 +1,229 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  Client: () => Client,
+  ZerocoreAuthError: () => ZerocoreAuthError,
+  ZerocoreError: () => ZerocoreError,
+  ZerocoreNetworkError: () => ZerocoreNetworkError,
+  ZerocorePaymentError: () => ZerocorePaymentError,
+  ZerocoreRateLimitError: () => ZerocoreRateLimitError
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/errors.ts
+var ZerocoreError = class extends Error {
+  /** HTTP status code from the API, if applicable. */
+  statusCode;
+  constructor(message, statusCode) {
+    super(message);
+    this.name = "ZerocoreError";
+    this.statusCode = statusCode;
+  }
+};
+var ZerocoreAuthError = class extends ZerocoreError {
+  constructor(message = "Invalid API key") {
+    super(message, 401);
+    this.name = "ZerocoreAuthError";
+  }
+};
+var ZerocorePaymentError = class extends ZerocoreError {
+  /** Machine-readable denial reason from the control plane. */
+  reason;
+  constructor(message, reason, statusCode = 403) {
+    super(message, statusCode);
+    this.name = "ZerocorePaymentError";
+    this.reason = reason;
+  }
+};
+var ZerocoreRateLimitError = class extends ZerocoreError {
+  /** Seconds to wait before retrying, if provided by the API. */
+  retryAfter;
+  constructor(retryAfter) {
+    const msg = retryAfter ? `Rate limited. Retry after ${retryAfter}s.` : "Rate limited.";
+    super(msg, 429);
+    this.name = "ZerocoreRateLimitError";
+    this.retryAfter = retryAfter;
+  }
+};
+var ZerocoreNetworkError = class extends ZerocoreError {
+  constructor(message = "Cannot connect to ZERO.CORE API.") {
+    super(message);
+    this.name = "ZerocoreNetworkError";
+  }
+};
+
+// src/client.ts
+var DEFAULT_BASE_URL = "https://augvmbhpuchkqqowxmrk.supabase.co/functions/v1";
+var DEFAULT_TIMEOUT = 3e4;
+var USER_AGENT = "zerocore-sdk-ts/0.1.0";
+var Client = class {
+  apiKey;
+  baseUrl;
+  timeout;
+  constructor(options) {
+    const { apiKey, baseUrl, timeout } = options;
+    if (!apiKey || !apiKey.startsWith("zc_")) {
+      throw new ZerocoreAuthError(
+        "API key must start with 'zc_live_' or 'zc_test_'. Generate one at your ZERO.CORE dashboard \u2192 API Keys."
+      );
+    }
+    this.apiKey = apiKey;
+    this.baseUrl = (baseUrl ?? DEFAULT_BASE_URL).replace(/\/+$/, "");
+    this.timeout = timeout ?? DEFAULT_TIMEOUT;
+  }
+  // ── Public API ──────────────────────────────────────────────────────────
+  /**
+   * Request authorization for an agent payment.
+   *
+   * Call this **before** your agent executes any paid API call.
+   * The control plane checks:
+   * - Is the agent active? (kill switch)
+   * - Does this exceed the per-transaction limit?
+   * - Does this exceed the daily spending limit?
+   *
+   * If approved and `executeOnChain` is `true`, the Edge Function executes
+   * a real on-chain transfer (SOL or USDC SPL token).
+   *
+   * @throws {ZerocorePaymentError} Transaction was denied.
+   * @throws {ZerocoreAuthError} API key is invalid.
+   * @throws {ZerocoreRateLimitError} Too many requests.
+   * @throws {ZerocoreNetworkError} API is unreachable.
+   */
+  async authorizeSpend(params) {
+    const { amountUsd, merchant, currency = "SOL", memo, executeOnChain = false } = params;
+    if (amountUsd <= 0) {
+      throw new Error("amountUsd must be positive");
+    }
+    if (!merchant) {
+      throw new Error("merchant is required");
+    }
+    if (currency !== "SOL" && currency !== "USDC") {
+      throw new Error("currency must be 'SOL' or 'USDC'");
+    }
+    const payload = {
+      amount_usd: amountUsd,
+      merchant,
+      execute_on_chain: executeOnChain,
+      currency
+    };
+    if (memo) {
+      payload.memo = memo;
+    }
+    const raw = await this.post("/authorize", payload);
+    return toApprovalResult(raw);
+  }
+  // ── Internal ────────────────────────────────────────────────────────────
+  async post(path, body) {
+    const url = `${this.baseUrl}${path}`;
+    let response;
+    try {
+      response = await fetch(url, {
+        method: "POST",
+        headers: {
+          Authorization: `Bearer ${this.apiKey}`,
+          "Content-Type": "application/json",
+          "User-Agent": USER_AGENT
+        },
+        body: JSON.stringify(body),
+        signal: AbortSignal.timeout(this.timeout)
+      });
+    } catch (err) {
+      if (err instanceof DOMException && err.name === "TimeoutError") {
+        throw new ZerocoreNetworkError("Request timed out.");
+      }
+      throw new ZerocoreNetworkError(
+        `Cannot connect to ${this.baseUrl}. Check your network or baseUrl setting.`
+      );
+    }
+    return this.handleResponse(response);
+  }
+  async handleResponse(response) {
+    if (response.ok) {
+      return await response.json();
+    }
+    if (response.status === 401) {
+      const data2 = await safeJson(response);
+      const msg = data2?.detail ?? "Invalid API key";
+      throw new ZerocoreAuthError(typeof msg === "string" ? msg : "Invalid API key");
+    }
+    if (response.status === 429) {
+      const retryAfter = response.headers.get("Retry-After");
+      throw new ZerocoreRateLimitError(
+        retryAfter ? parseFloat(retryAfter) : void 0
+      );
+    }
+    if (response.status === 402 || response.status === 403) {
+      const data2 = await safeJson(response);
+      const detail = data2?.detail ?? data2;
+      if (detail && typeof detail === "object") {
+        throw new ZerocorePaymentError(
+          detail.message ?? "Payment denied",
+          detail.denial_reason ?? "UNKNOWN",
+          response.status
+        );
+      }
+      throw new ZerocorePaymentError(
+        typeof detail === "string" ? detail : "Payment denied",
+        "UNKNOWN",
+        response.status
+      );
+    }
+    const data = await safeJson(response);
+    const message = data?.detail ?? data?.message ?? `API error ${response.status}`;
+    throw new ZerocoreError(
+      typeof message === "string" ? message : `API error ${response.status}`,
+      response.status
+    );
+  }
+};
+async function safeJson(response) {
+  try {
+    return await response.json();
+  } catch {
+    return null;
+  }
+}
+function toApprovalResult(raw) {
+  return {
+    approved: raw.approval_status === "approved",
+    transactionId: raw.transaction_id,
+    amountUsd: raw.amount_usd,
+    amountSol: raw.amount_sol,
+    amountUsdc: raw.amount_usdc,
+    currency: raw.currency,
+    merchant: raw.merchant,
+    remainingDailyLimit: raw.remaining_daily_limit,
+    solanaSignature: raw.solana_signature,
+    denialReason: raw.denial_reason,
+    message: raw.message
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  Client,
+  ZerocoreAuthError,
+  ZerocoreError,
+  ZerocoreNetworkError,
+  ZerocorePaymentError,
+  ZerocoreRateLimitError
+});
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts","../src/errors.ts","../src/client.ts"],"sourcesContent":["/**\n * @zerocore1/sdk — Fiduciary Control Plane for AI Agents\n *\n * @example\n * ```ts\n * import { Client, ZerocorePaymentError } from \"@zerocore1/sdk\";\n *\n * const zc = new Client({ apiKey: \"zc_live_abc123...\" });\n *\n * try {\n *   const result = await zc.authorizeSpend({\n *     amountUsd: 0.03,\n *     merchant: \"OpenAI\",\n *     currency: \"USDC\",\n *   });\n *   console.log(`Approved! tx=${result.transactionId}`);\n * } catch (err) {\n *   if (err instanceof ZerocorePaymentError) {\n *     console.log(`Denied: ${err.reason}`);\n *   }\n * }\n * ```\n *\n * @packageDocumentation\n */\n\n// Client\nexport { Client } from \"./client.js\";\n\n// Errors\nexport {\n  ZerocoreError,\n  ZerocoreAuthError,\n  ZerocorePaymentError,\n  ZerocoreRateLimitError,\n  ZerocoreNetworkError,\n} from \"./errors.js\";\n\n// Types\nexport type {\n  Currency,\n  AuthorizeSpendParams,\n  ApprovalResult,\n  ClientOptions,\n  DenialReason,\n} from \"./types.js\";\n","/**\n * ZERO.CORE SDK — Error Classes\n *\n * Typed exceptions for every failure mode the control plane can produce.\n */\n\nimport type { DenialReason } from \"./types.js\";\n\n// ---------------------------------------------------------------------------\n// Base\n// ---------------------------------------------------------------------------\n\n/** Base error for all ZERO.CORE SDK errors. */\nexport class ZerocoreError extends Error {\n  /** HTTP status code from the API, if applicable. */\n  readonly statusCode?: number;\n\n  constructor(message: string, statusCode?: number) {\n    super(message);\n    this.name = \"ZerocoreError\";\n    this.statusCode = statusCode;\n  }\n}\n\n// ---------------------------------------------------------------------------\n// Auth\n// ---------------------------------------------------------------------------\n\n/** Thrown when the API key is invalid or revoked (HTTP 401). */\nexport class ZerocoreAuthError extends ZerocoreError {\n  constructor(message = \"Invalid API key\") {\n    super(message, 401);\n    this.name = \"ZerocoreAuthError\";\n  }\n}\n\n// ---------------------------------------------------------------------------\n// Payment denied\n// ---------------------------------------------------------------------------\n\n/**\n * Thrown when the fiduciary control plane denies a transaction (HTTP 402/403).\n *\n * Inspect {@link reason} for the specific denial cause:\n * - `AGENT_INACTIVE` — Kill switch is off\n * - `EXCEEDS_PER_TX_LIMIT` — Single transaction too large\n * - `EXCEEDS_DAILY_LIMIT` — Daily budget exhausted\n * - `SETTLEMENT_FAILED: ...` — On-chain transfer failed\n */\nexport class ZerocorePaymentError extends ZerocoreError {\n  /** Machine-readable denial reason from the control plane. */\n  readonly reason: DenialReason;\n\n  constructor(message: string, reason: DenialReason, statusCode = 403) {\n    super(message, statusCode);\n    this.name = \"ZerocorePaymentError\";\n    this.reason = reason;\n  }\n}\n\n// ---------------------------------------------------------------------------\n// Rate limit\n// ---------------------------------------------------------------------------\n\n/** Thrown when the API rate limit is exceeded (HTTP 429). */\nexport class ZerocoreRateLimitError extends ZerocoreError {\n  /** Seconds to wait before retrying, if provided by the API. */\n  readonly retryAfter?: number;\n\n  constructor(retryAfter?: number) {\n    const msg = retryAfter\n      ? `Rate limited. Retry after ${retryAfter}s.`\n      : \"Rate limited.\";\n    super(msg, 429);\n    this.name = \"ZerocoreRateLimitError\";\n    this.retryAfter = retryAfter;\n  }\n}\n\n// ---------------------------------------------------------------------------\n// Network\n// ---------------------------------------------------------------------------\n\n/** Thrown when the Edge Function is unreachable. */\nexport class ZerocoreNetworkError extends ZerocoreError {\n  constructor(message = \"Cannot connect to ZERO.CORE API.\") {\n    super(message);\n    this.name = \"ZerocoreNetworkError\";\n  }\n}\n","/**\n * ZERO.CORE SDK — Client\n *\n * The fiduciary gatekeeper for AI agents. Every paid API call your agent\n * makes should pass through {@link Client.authorizeSpend} first. If the\n * control plane says no, the call never happens.\n *\n * @example\n * ```ts\n * import { Client } from \"@zerocore1/sdk\";\n *\n * const zc = new Client({ apiKey: \"zc_live_abc123...\" });\n *\n * const result = await zc.authorizeSpend({\n *   amountUsd: 0.03,\n *   merchant: \"OpenAI\",\n *   currency: \"USDC\",\n * });\n *\n * if (result.approved) {\n *   // safe to call OpenAI\n * }\n * ```\n */\n\nimport type {\n  ApprovalResult,\n  AuthorizeSpendParams,\n  ClientOptions,\n  RawApiResponse,\n} from \"./types.js\";\n\nimport {\n  ZerocoreAuthError,\n  ZerocoreError,\n  ZerocoreNetworkError,\n  ZerocorePaymentError,\n  ZerocoreRateLimitError,\n} from \"./errors.js\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\nconst DEFAULT_BASE_URL =\n  \"https://augvmbhpuchkqqowxmrk.supabase.co/functions/v1\";\n\nconst DEFAULT_TIMEOUT = 30_000;\n\nconst USER_AGENT = \"zerocore-sdk-ts/0.1.0\";\n\n// ---------------------------------------------------------------------------\n// Client\n// ---------------------------------------------------------------------------\n\nexport class Client {\n  private readonly apiKey: string;\n  private readonly baseUrl: string;\n  private readonly timeout: number;\n\n  constructor(options: ClientOptions) {\n    const { apiKey, baseUrl, timeout } = options;\n\n    if (!apiKey || !apiKey.startsWith(\"zc_\")) {\n      throw new ZerocoreAuthError(\n        \"API key must start with 'zc_live_' or 'zc_test_'. \" +\n          \"Generate one at your ZERO.CORE dashboard → API Keys.\",\n      );\n    }\n\n    this.apiKey = apiKey;\n    this.baseUrl = (baseUrl ?? DEFAULT_BASE_URL).replace(/\\/+$/, \"\");\n    this.timeout = timeout ?? DEFAULT_TIMEOUT;\n  }\n\n  // ── Public API ──────────────────────────────────────────────────────────\n\n  /**\n   * Request authorization for an agent payment.\n   *\n   * Call this **before** your agent executes any paid API call.\n   * The control plane checks:\n   * - Is the agent active? (kill switch)\n   * - Does this exceed the per-transaction limit?\n   * - Does this exceed the daily spending limit?\n   *\n   * If approved and `executeOnChain` is `true`, the Edge Function executes\n   * a real on-chain transfer (SOL or USDC SPL token).\n   *\n   * @throws {ZerocorePaymentError} Transaction was denied.\n   * @throws {ZerocoreAuthError} API key is invalid.\n   * @throws {ZerocoreRateLimitError} Too many requests.\n   * @throws {ZerocoreNetworkError} API is unreachable.\n   */\n  async authorizeSpend(\n    params: AuthorizeSpendParams,\n  ): Promise<ApprovalResult> {\n    const { amountUsd, merchant, currency = \"SOL\", memo, executeOnChain = false } = params;\n\n    if (amountUsd <= 0) {\n      throw new Error(\"amountUsd must be positive\");\n    }\n    if (!merchant) {\n      throw new Error(\"merchant is required\");\n    }\n    if (currency !== \"SOL\" && currency !== \"USDC\") {\n      throw new Error(\"currency must be 'SOL' or 'USDC'\");\n    }\n\n    const payload: Record<string, unknown> = {\n      amount_usd: amountUsd,\n      merchant,\n      execute_on_chain: executeOnChain,\n      currency,\n    };\n\n    if (memo) {\n      payload.memo = memo;\n    }\n\n    const raw = await this.post<RawApiResponse>(\"/authorize\", payload);\n\n    return toApprovalResult(raw);\n  }\n\n  // ── Internal ────────────────────────────────────────────────────────────\n\n  private async post<T>(path: string, body: Record<string, unknown>): Promise<T> {\n    const url = `${this.baseUrl}${path}`;\n\n    let response: Response;\n    try {\n      response = await fetch(url, {\n        method: \"POST\",\n        headers: {\n          Authorization: `Bearer ${this.apiKey}`,\n          \"Content-Type\": \"application/json\",\n          \"User-Agent\": USER_AGENT,\n        },\n        body: JSON.stringify(body),\n        signal: AbortSignal.timeout(this.timeout),\n      });\n    } catch (err) {\n      if (err instanceof DOMException && err.name === \"TimeoutError\") {\n        throw new ZerocoreNetworkError(\"Request timed out.\");\n      }\n      throw new ZerocoreNetworkError(\n        `Cannot connect to ${this.baseUrl}. Check your network or baseUrl setting.`,\n      );\n    }\n\n    return this.handleResponse<T>(response);\n  }\n\n  private async handleResponse<T>(response: Response): Promise<T> {\n    // 200 — success\n    if (response.ok) {\n      return (await response.json()) as T;\n    }\n\n    // 401 — auth error\n    if (response.status === 401) {\n      const data = await safeJson(response);\n      const msg = data?.detail ?? \"Invalid API key\";\n      throw new ZerocoreAuthError(typeof msg === \"string\" ? msg : \"Invalid API key\");\n    }\n\n    // 429 — rate limit\n    if (response.status === 429) {\n      const retryAfter = response.headers.get(\"Retry-After\");\n      throw new ZerocoreRateLimitError(\n        retryAfter ? parseFloat(retryAfter) : undefined,\n      );\n    }\n\n    // 402 / 403 — payment denied\n    if (response.status === 402 || response.status === 403) {\n      const data = await safeJson(response);\n      const detail = data?.detail ?? data;\n\n      if (detail && typeof detail === \"object\") {\n        throw new ZerocorePaymentError(\n          detail.message ?? \"Payment denied\",\n          detail.denial_reason ?? \"UNKNOWN\",\n          response.status,\n        );\n      }\n\n      throw new ZerocorePaymentError(\n        typeof detail === \"string\" ? detail : \"Payment denied\",\n        \"UNKNOWN\",\n        response.status,\n      );\n    }\n\n    // Anything else\n    const data = await safeJson(response);\n    const message = data?.detail ?? data?.message ?? `API error ${response.status}`;\n    throw new ZerocoreError(\n      typeof message === \"string\" ? message : `API error ${response.status}`,\n      response.status,\n    );\n  }\n}\n\n// ---------------------------------------------------------------------------\n// Helpers\n// ---------------------------------------------------------------------------\n\n/** Parse JSON from a response without throwing on invalid JSON. */\n// deno-lint-ignore no-explicit-any\nasync function safeJson(response: Response): Promise<any> {\n  try {\n    return await response.json();\n  } catch {\n    return null;\n  }\n}\n\n/** Map a raw snake_case API response to a camelCase {@link ApprovalResult}. */\nfunction toApprovalResult(raw: RawApiResponse): ApprovalResult {\n  return {\n    approved: raw.approval_status === \"approved\",\n    transactionId: raw.transaction_id,\n    amountUsd: raw.amount_usd,\n    amountSol: raw.amount_sol,\n    amountUsdc: raw.amount_usdc,\n    currency: raw.currency,\n    merchant: raw.merchant,\n    remainingDailyLimit: raw.remaining_daily_limit,\n    solanaSignature: raw.solana_signature,\n    denialReason: raw.denial_reason,\n    message: raw.message,\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACaO,IAAM,gBAAN,cAA4B,MAAM;AAAA;AAAA,EAE9B;AAAA,EAET,YAAY,SAAiB,YAAqB;AAChD,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,aAAa;AAAA,EACpB;AACF;AAOO,IAAM,oBAAN,cAAgC,cAAc;AAAA,EACnD,YAAY,UAAU,mBAAmB;AACvC,UAAM,SAAS,GAAG;AAClB,SAAK,OAAO;AAAA,EACd;AACF;AAeO,IAAM,uBAAN,cAAmC,cAAc;AAAA;AAAA,EAE7C;AAAA,EAET,YAAY,SAAiB,QAAsB,aAAa,KAAK;AACnE,UAAM,SAAS,UAAU;AACzB,SAAK,OAAO;AACZ,SAAK,SAAS;AAAA,EAChB;AACF;AAOO,IAAM,yBAAN,cAAqC,cAAc;AAAA;AAAA,EAE/C;AAAA,EAET,YAAY,YAAqB;AAC/B,UAAM,MAAM,aACR,6BAA6B,UAAU,OACvC;AACJ,UAAM,KAAK,GAAG;AACd,SAAK,OAAO;AACZ,SAAK,aAAa;AAAA,EACpB;AACF;AAOO,IAAM,uBAAN,cAAmC,cAAc;AAAA,EACtD,YAAY,UAAU,oCAAoC;AACxD,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;;;AC7CA,IAAM,mBACJ;AAEF,IAAM,kBAAkB;AAExB,IAAM,aAAa;AAMZ,IAAM,SAAN,MAAa;AAAA,EACD;AAAA,EACA;AAAA,EACA;AAAA,EAEjB,YAAY,SAAwB;AAClC,UAAM,EAAE,QAAQ,SAAS,QAAQ,IAAI;AAErC,QAAI,CAAC,UAAU,CAAC,OAAO,WAAW,KAAK,GAAG;AACxC,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AAEA,SAAK,SAAS;AACd,SAAK,WAAW,WAAW,kBAAkB,QAAQ,QAAQ,EAAE;AAC/D,SAAK,UAAU,WAAW;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAqBA,MAAM,eACJ,QACyB;AACzB,UAAM,EAAE,WAAW,UAAU,WAAW,OAAO,MAAM,iBAAiB,MAAM,IAAI;AAEhF,QAAI,aAAa,GAAG;AAClB,YAAM,IAAI,MAAM,4BAA4B;AAAA,IAC9C;AACA,QAAI,CAAC,UAAU;AACb,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AACA,QAAI,aAAa,SAAS,aAAa,QAAQ;AAC7C,YAAM,IAAI,MAAM,kCAAkC;AAAA,IACpD;AAEA,UAAM,UAAmC;AAAA,MACvC,YAAY;AAAA,MACZ;AAAA,MACA,kBAAkB;AAAA,MAClB;AAAA,IACF;AAEA,QAAI,MAAM;AACR,cAAQ,OAAO;AAAA,IACjB;AAEA,UAAM,MAAM,MAAM,KAAK,KAAqB,cAAc,OAAO;AAEjE,WAAO,iBAAiB,GAAG;AAAA,EAC7B;AAAA;AAAA,EAIA,MAAc,KAAQ,MAAc,MAA2C;AAC7E,UAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI;AAElC,QAAI;AACJ,QAAI;AACF,iBAAW,MAAM,MAAM,KAAK;AAAA,QAC1B,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,eAAe,UAAU,KAAK,MAAM;AAAA,UACpC,gBAAgB;AAAA,UAChB,cAAc;AAAA,QAChB;AAAA,QACA,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,QAAQ,YAAY,QAAQ,KAAK,OAAO;AAAA,MAC1C,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,UAAI,eAAe,gBAAgB,IAAI,SAAS,gBAAgB;AAC9D,cAAM,IAAI,qBAAqB,oBAAoB;AAAA,MACrD;AACA,YAAM,IAAI;AAAA,QACR,qBAAqB,KAAK,OAAO;AAAA,MACnC;AAAA,IACF;AAEA,WAAO,KAAK,eAAkB,QAAQ;AAAA,EACxC;AAAA,EAEA,MAAc,eAAkB,UAAgC;AAE9D,QAAI,SAAS,IAAI;AACf,aAAQ,MAAM,SAAS,KAAK;AAAA,IAC9B;AAGA,QAAI,SAAS,WAAW,KAAK;AAC3B,YAAMA,QAAO,MAAM,SAAS,QAAQ;AACpC,YAAM,MAAMA,OAAM,UAAU;AAC5B,YAAM,IAAI,kBAAkB,OAAO,QAAQ,WAAW,MAAM,iBAAiB;AAAA,IAC/E;AAGA,QAAI,SAAS,WAAW,KAAK;AAC3B,YAAM,aAAa,SAAS,QAAQ,IAAI,aAAa;AACrD,YAAM,IAAI;AAAA,QACR,aAAa,WAAW,UAAU,IAAI;AAAA,MACxC;AAAA,IACF;AAGA,QAAI,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AACtD,YAAMA,QAAO,MAAM,SAAS,QAAQ;AACpC,YAAM,SAASA,OAAM,UAAUA;AAE/B,UAAI,UAAU,OAAO,WAAW,UAAU;AACxC,cAAM,IAAI;AAAA,UACR,OAAO,WAAW;AAAA,UAClB,OAAO,iBAAiB;AAAA,UACxB,SAAS;AAAA,QACX;AAAA,MACF;AAEA,YAAM,IAAI;AAAA,QACR,OAAO,WAAW,WAAW,SAAS;AAAA,QACtC;AAAA,QACA,SAAS;AAAA,MACX;AAAA,IACF;AAGA,UAAM,OAAO,MAAM,SAAS,QAAQ;AACpC,UAAM,UAAU,MAAM,UAAU,MAAM,WAAW,aAAa,SAAS,MAAM;AAC7E,UAAM,IAAI;AAAA,MACR,OAAO,YAAY,WAAW,UAAU,aAAa,SAAS,MAAM;AAAA,MACpE,SAAS;AAAA,IACX;AAAA,EACF;AACF;AAQA,eAAe,SAAS,UAAkC;AACxD,MAAI;AACF,WAAO,MAAM,SAAS,KAAK;AAAA,EAC7B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGA,SAAS,iBAAiB,KAAqC;AAC7D,SAAO;AAAA,IACL,UAAU,IAAI,oBAAoB;AAAA,IAClC,eAAe,IAAI;AAAA,IACnB,WAAW,IAAI;AAAA,IACf,WAAW,IAAI;AAAA,IACf,YAAY,IAAI;AAAA,IAChB,UAAU,IAAI;AAAA,IACd,UAAU,IAAI;AAAA,IACd,qBAAqB,IAAI;AAAA,IACzB,iBAAiB,IAAI;AAAA,IACrB,cAAc,IAAI;AAAA,IAClB,SAAS,IAAI;AAAA,EACf;AACF;","names":["data"]}

package/dist/index.d.cts

@@ -0,0 +1,158 @@
+/**
+ * ZERO.CORE SDK — Type Definitions
+ *
+ * Mirrors the Python SDK types and the Edge Function API contract.
+ */
+/** Settlement currency for the transaction. */
+type Currency = "SOL" | "USDC";
+/** Parameters for {@link Client.authorizeSpend}. */
+interface AuthorizeSpendParams {
+    /** Amount in USD to authorize. */
+    amountUsd: number;
+    /** Vendor/merchant name (e.g. "OpenAI", "X.com", "Helius"). */
+    merchant: string;
+    /** Settlement currency. Defaults to `"SOL"`. */
+    currency?: Currency;
+    /** Optional memo attached to the transaction for the audit trail. */
+    memo?: string;
+    /**
+     * Whether to execute a real on-chain transfer.
+     * When `false`, the Edge Function generates a mock signature (dev/test mode).
+     * Defaults to `false`.
+     */
+    executeOnChain?: boolean;
+}
+/** Why the fiduciary control plane denied a transaction. */
+type DenialReason = "AGENT_INACTIVE" | "AGENT_PAUSED" | "AGENT_SUSPENDED" | "AGENT_REVOKED" | "EXCEEDS_PER_TX_LIMIT" | "EXCEEDS_DAILY_LIMIT" | "INSUFFICIENT_TREASURY" | "MERCHANT_NOT_AUTHORIZED" | `SETTLEMENT_FAILED: ${string}` | string;
+/** Result of an {@link Client.authorizeSpend} call. */
+interface ApprovalResult {
+    /** Whether the transaction was approved. */
+    approved: boolean;
+    /** Unique ID for the transaction record. */
+    transactionId: string;
+    /** The amount in USD that was authorized. */
+    amountUsd: number;
+    /** The equivalent amount in SOL (when currency is SOL). */
+    amountSol: number;
+    /** The equivalent amount in USDC (when currency is USDC). */
+    amountUsdc?: number;
+    /** Settlement currency — `"SOL"` or `"USDC"`. */
+    currency: Currency;
+    /** The merchant/vendor name. */
+    merchant: string;
+    /** How much daily budget remains after this transaction. */
+    remainingDailyLimit: number;
+    /** On-chain Solana transaction signature, if settled. */
+    solanaSignature: string | null;
+    /** Why the transaction was denied, if denied. */
+    denialReason: DenialReason | null;
+    /** Human-readable status message. */
+    message: string;
+}
+/** Options for initializing the {@link Client}. */
+interface ClientOptions {
+    /** Your `zc_live_...` API key from the dashboard. */
+    apiKey: string;
+    /**
+     * Override the API base URL.
+     * Defaults to the ZERO.CORE Supabase Edge Function endpoint.
+     */
+    baseUrl?: string;
+    /** Request timeout in milliseconds. Defaults to `30_000` (30s). */
+    timeout?: number;
+}
+
+/**
+ * ZERO.CORE SDK — Client
+ *
+ * The fiduciary gatekeeper for AI agents. Every paid API call your agent
+ * makes should pass through {@link Client.authorizeSpend} first. If the
+ * control plane says no, the call never happens.
+ *
+ * @example
+ * ```ts
+ * import { Client } from "@zerocore1/sdk";
+ *
+ * const zc = new Client({ apiKey: "zc_live_abc123..." });
+ *
+ * const result = await zc.authorizeSpend({
+ *   amountUsd: 0.03,
+ *   merchant: "OpenAI",
+ *   currency: "USDC",
+ * });
+ *
+ * if (result.approved) {
+ *   // safe to call OpenAI
+ * }
+ * ```
+ */
+
+declare class Client {
+    private readonly apiKey;
+    private readonly baseUrl;
+    private readonly timeout;
+    constructor(options: ClientOptions);
+    /**
+     * Request authorization for an agent payment.
+     *
+     * Call this **before** your agent executes any paid API call.
+     * The control plane checks:
+     * - Is the agent active? (kill switch)
+     * - Does this exceed the per-transaction limit?
+     * - Does this exceed the daily spending limit?
+     *
+     * If approved and `executeOnChain` is `true`, the Edge Function executes
+     * a real on-chain transfer (SOL or USDC SPL token).
+     *
+     * @throws {ZerocorePaymentError} Transaction was denied.
+     * @throws {ZerocoreAuthError} API key is invalid.
+     * @throws {ZerocoreRateLimitError} Too many requests.
+     * @throws {ZerocoreNetworkError} API is unreachable.
+     */
+    authorizeSpend(params: AuthorizeSpendParams): Promise<ApprovalResult>;
+    private post;
+    private handleResponse;
+}
+
+/**
+ * ZERO.CORE SDK — Error Classes
+ *
+ * Typed exceptions for every failure mode the control plane can produce.
+ */
+
+/** Base error for all ZERO.CORE SDK errors. */
+declare class ZerocoreError extends Error {
+    /** HTTP status code from the API, if applicable. */
+    readonly statusCode?: number;
+    constructor(message: string, statusCode?: number);
+}
+/** Thrown when the API key is invalid or revoked (HTTP 401). */
+declare class ZerocoreAuthError extends ZerocoreError {
+    constructor(message?: string);
+}
+/**
+ * Thrown when the fiduciary control plane denies a transaction (HTTP 402/403).
+ *
+ * Inspect {@link reason} for the specific denial cause:
+ * - `AGENT_INACTIVE` — Kill switch is off
+ * - `EXCEEDS_PER_TX_LIMIT` — Single transaction too large
+ * - `EXCEEDS_DAILY_LIMIT` — Daily budget exhausted
+ * - `SETTLEMENT_FAILED: ...` — On-chain transfer failed
+ */
+declare class ZerocorePaymentError extends ZerocoreError {
+    /** Machine-readable denial reason from the control plane. */
+    readonly reason: DenialReason;
+    constructor(message: string, reason: DenialReason, statusCode?: number);
+}
+/** Thrown when the API rate limit is exceeded (HTTP 429). */
+declare class ZerocoreRateLimitError extends ZerocoreError {
+    /** Seconds to wait before retrying, if provided by the API. */
+    readonly retryAfter?: number;
+    constructor(retryAfter?: number);
+}
+/** Thrown when the Edge Function is unreachable. */
+declare class ZerocoreNetworkError extends ZerocoreError {
+    constructor(message?: string);
+}
+
+export { type ApprovalResult, type AuthorizeSpendParams, Client, type ClientOptions, type Currency, type DenialReason, ZerocoreAuthError, ZerocoreError, ZerocoreNetworkError, ZerocorePaymentError, ZerocoreRateLimitError };

package/dist/index.d.ts

@@ -0,0 +1,158 @@
+/**
+ * ZERO.CORE SDK — Type Definitions
+ *
+ * Mirrors the Python SDK types and the Edge Function API contract.
+ */
+/** Settlement currency for the transaction. */
+type Currency = "SOL" | "USDC";
+/** Parameters for {@link Client.authorizeSpend}. */
+interface AuthorizeSpendParams {
+    /** Amount in USD to authorize. */
+    amountUsd: number;
+    /** Vendor/merchant name (e.g. "OpenAI", "X.com", "Helius"). */
+    merchant: string;
+    /** Settlement currency. Defaults to `"SOL"`. */
+    currency?: Currency;
+    /** Optional memo attached to the transaction for the audit trail. */
+    memo?: string;
+    /**
+     * Whether to execute a real on-chain transfer.
+     * When `false`, the Edge Function generates a mock signature (dev/test mode).
+     * Defaults to `false`.
+     */
+    executeOnChain?: boolean;
+}
+/** Why the fiduciary control plane denied a transaction. */
+type DenialReason = "AGENT_INACTIVE" | "AGENT_PAUSED" | "AGENT_SUSPENDED" | "AGENT_REVOKED" | "EXCEEDS_PER_TX_LIMIT" | "EXCEEDS_DAILY_LIMIT" | "INSUFFICIENT_TREASURY" | "MERCHANT_NOT_AUTHORIZED" | `SETTLEMENT_FAILED: ${string}` | string;
+/** Result of an {@link Client.authorizeSpend} call. */
+interface ApprovalResult {
+    /** Whether the transaction was approved. */
+    approved: boolean;
+    /** Unique ID for the transaction record. */
+    transactionId: string;
+    /** The amount in USD that was authorized. */
+    amountUsd: number;
+    /** The equivalent amount in SOL (when currency is SOL). */
+    amountSol: number;
+    /** The equivalent amount in USDC (when currency is USDC). */
+    amountUsdc?: number;
+    /** Settlement currency — `"SOL"` or `"USDC"`. */
+    currency: Currency;
+    /** The merchant/vendor name. */
+    merchant: string;
+    /** How much daily budget remains after this transaction. */
+    remainingDailyLimit: number;
+    /** On-chain Solana transaction signature, if settled. */
+    solanaSignature: string | null;
+    /** Why the transaction was denied, if denied. */
+    denialReason: DenialReason | null;
+    /** Human-readable status message. */
+    message: string;
+}
+/** Options for initializing the {@link Client}. */
+interface ClientOptions {
+    /** Your `zc_live_...` API key from the dashboard. */
+    apiKey: string;
+    /**
+     * Override the API base URL.
+     * Defaults to the ZERO.CORE Supabase Edge Function endpoint.
+     */
+    baseUrl?: string;
+    /** Request timeout in milliseconds. Defaults to `30_000` (30s). */
+    timeout?: number;
+}
+
+/**
+ * ZERO.CORE SDK — Client
+ *
+ * The fiduciary gatekeeper for AI agents. Every paid API call your agent
+ * makes should pass through {@link Client.authorizeSpend} first. If the
+ * control plane says no, the call never happens.
+ *
+ * @example
+ * ```ts
+ * import { Client } from "@zerocore1/sdk";
+ *
+ * const zc = new Client({ apiKey: "zc_live_abc123..." });
+ *
+ * const result = await zc.authorizeSpend({
+ *   amountUsd: 0.03,
+ *   merchant: "OpenAI",
+ *   currency: "USDC",
+ * });
+ *
+ * if (result.approved) {
+ *   // safe to call OpenAI
+ * }
+ * ```
+ */
+
+declare class Client {
+    private readonly apiKey;
+    private readonly baseUrl;
+    private readonly timeout;
+    constructor(options: ClientOptions);
+    /**
+     * Request authorization for an agent payment.
+     *
+     * Call this **before** your agent executes any paid API call.
+     * The control plane checks:
+     * - Is the agent active? (kill switch)
+     * - Does this exceed the per-transaction limit?
+     * - Does this exceed the daily spending limit?
+     *
+     * If approved and `executeOnChain` is `true`, the Edge Function executes
+     * a real on-chain transfer (SOL or USDC SPL token).
+     *
+     * @throws {ZerocorePaymentError} Transaction was denied.
+     * @throws {ZerocoreAuthError} API key is invalid.
+     * @throws {ZerocoreRateLimitError} Too many requests.
+     * @throws {ZerocoreNetworkError} API is unreachable.
+     */
+    authorizeSpend(params: AuthorizeSpendParams): Promise<ApprovalResult>;
+    private post;
+    private handleResponse;
+}
+
+/**
+ * ZERO.CORE SDK — Error Classes
+ *
+ * Typed exceptions for every failure mode the control plane can produce.
+ */
+
+/** Base error for all ZERO.CORE SDK errors. */
+declare class ZerocoreError extends Error {
+    /** HTTP status code from the API, if applicable. */
+    readonly statusCode?: number;
+    constructor(message: string, statusCode?: number);
+}
+/** Thrown when the API key is invalid or revoked (HTTP 401). */
+declare class ZerocoreAuthError extends ZerocoreError {
+    constructor(message?: string);
+}
+/**
+ * Thrown when the fiduciary control plane denies a transaction (HTTP 402/403).
+ *
+ * Inspect {@link reason} for the specific denial cause:
+ * - `AGENT_INACTIVE` — Kill switch is off
+ * - `EXCEEDS_PER_TX_LIMIT` — Single transaction too large
+ * - `EXCEEDS_DAILY_LIMIT` — Daily budget exhausted
+ * - `SETTLEMENT_FAILED: ...` — On-chain transfer failed
+ */
+declare class ZerocorePaymentError extends ZerocoreError {
+    /** Machine-readable denial reason from the control plane. */
+    readonly reason: DenialReason;
+    constructor(message: string, reason: DenialReason, statusCode?: number);
+}
+/** Thrown when the API rate limit is exceeded (HTTP 429). */
+declare class ZerocoreRateLimitError extends ZerocoreError {
+    /** Seconds to wait before retrying, if provided by the API. */
+    readonly retryAfter?: number;
+    constructor(retryAfter?: number);
+}
+/** Thrown when the Edge Function is unreachable. */
+declare class ZerocoreNetworkError extends ZerocoreError {
+    constructor(message?: string);
+}
+
+export { type ApprovalResult, type AuthorizeSpendParams, Client, type ClientOptions, type Currency, type DenialReason, ZerocoreAuthError, ZerocoreError, ZerocoreNetworkError, ZerocorePaymentError, ZerocoreRateLimitError };

package/dist/index.js

@@ -0,0 +1,197 @@
+// src/errors.ts
+var ZerocoreError = class extends Error {
+  /** HTTP status code from the API, if applicable. */
+  statusCode;
+  constructor(message, statusCode) {
+    super(message);
+    this.name = "ZerocoreError";
+    this.statusCode = statusCode;
+  }
+};
+var ZerocoreAuthError = class extends ZerocoreError {
+  constructor(message = "Invalid API key") {
+    super(message, 401);
+    this.name = "ZerocoreAuthError";
+  }
+};
+var ZerocorePaymentError = class extends ZerocoreError {
+  /** Machine-readable denial reason from the control plane. */
+  reason;
+  constructor(message, reason, statusCode = 403) {
+    super(message, statusCode);
+    this.name = "ZerocorePaymentError";
+    this.reason = reason;
+  }
+};
+var ZerocoreRateLimitError = class extends ZerocoreError {
+  /** Seconds to wait before retrying, if provided by the API. */
+  retryAfter;
+  constructor(retryAfter) {
+    const msg = retryAfter ? `Rate limited. Retry after ${retryAfter}s.` : "Rate limited.";
+    super(msg, 429);
+    this.name = "ZerocoreRateLimitError";
+    this.retryAfter = retryAfter;
+  }
+};
+var ZerocoreNetworkError = class extends ZerocoreError {
+  constructor(message = "Cannot connect to ZERO.CORE API.") {
+    super(message);
+    this.name = "ZerocoreNetworkError";
+  }
+};
+
+// src/client.ts
+var DEFAULT_BASE_URL = "https://augvmbhpuchkqqowxmrk.supabase.co/functions/v1";
+var DEFAULT_TIMEOUT = 3e4;
+var USER_AGENT = "zerocore-sdk-ts/0.1.0";
+var Client = class {
+  apiKey;
+  baseUrl;
+  timeout;
+  constructor(options) {
+    const { apiKey, baseUrl, timeout } = options;
+    if (!apiKey || !apiKey.startsWith("zc_")) {
+      throw new ZerocoreAuthError(
+        "API key must start with 'zc_live_' or 'zc_test_'. Generate one at your ZERO.CORE dashboard \u2192 API Keys."
+      );
+    }
+    this.apiKey = apiKey;
+    this.baseUrl = (baseUrl ?? DEFAULT_BASE_URL).replace(/\/+$/, "");
+    this.timeout = timeout ?? DEFAULT_TIMEOUT;
+  }
+  // ── Public API ──────────────────────────────────────────────────────────
+  /**
+   * Request authorization for an agent payment.
+   *
+   * Call this **before** your agent executes any paid API call.
+   * The control plane checks:
+   * - Is the agent active? (kill switch)
+   * - Does this exceed the per-transaction limit?
+   * - Does this exceed the daily spending limit?
+   *
+   * If approved and `executeOnChain` is `true`, the Edge Function executes
+   * a real on-chain transfer (SOL or USDC SPL token).
+   *
+   * @throws {ZerocorePaymentError} Transaction was denied.
+   * @throws {ZerocoreAuthError} API key is invalid.
+   * @throws {ZerocoreRateLimitError} Too many requests.
+   * @throws {ZerocoreNetworkError} API is unreachable.
+   */
+  async authorizeSpend(params) {
+    const { amountUsd, merchant, currency = "SOL", memo, executeOnChain = false } = params;
+    if (amountUsd <= 0) {
+      throw new Error("amountUsd must be positive");
+    }
+    if (!merchant) {
+      throw new Error("merchant is required");
+    }
+    if (currency !== "SOL" && currency !== "USDC") {
+      throw new Error("currency must be 'SOL' or 'USDC'");
+    }
+    const payload = {
+      amount_usd: amountUsd,
+      merchant,
+      execute_on_chain: executeOnChain,
+      currency
+    };
+    if (memo) {
+      payload.memo = memo;
+    }
+    const raw = await this.post("/authorize", payload);
+    return toApprovalResult(raw);
+  }
+  // ── Internal ────────────────────────────────────────────────────────────
+  async post(path, body) {
+    const url = `${this.baseUrl}${path}`;
+    let response;
+    try {
+      response = await fetch(url, {
+        method: "POST",
+        headers: {
+          Authorization: `Bearer ${this.apiKey}`,
+          "Content-Type": "application/json",
+          "User-Agent": USER_AGENT
+        },
+        body: JSON.stringify(body),
+        signal: AbortSignal.timeout(this.timeout)
+      });
+    } catch (err) {
+      if (err instanceof DOMException && err.name === "TimeoutError") {
+        throw new ZerocoreNetworkError("Request timed out.");
+      }
+      throw new ZerocoreNetworkError(
+        `Cannot connect to ${this.baseUrl}. Check your network or baseUrl setting.`
+      );
+    }
+    return this.handleResponse(response);
+  }
+  async handleResponse(response) {
+    if (response.ok) {
+      return await response.json();
+    }
+    if (response.status === 401) {
+      const data2 = await safeJson(response);
+      const msg = data2?.detail ?? "Invalid API key";
+      throw new ZerocoreAuthError(typeof msg === "string" ? msg : "Invalid API key");
+    }
+    if (response.status === 429) {
+      const retryAfter = response.headers.get("Retry-After");
+      throw new ZerocoreRateLimitError(
+        retryAfter ? parseFloat(retryAfter) : void 0
+      );
+    }
+    if (response.status === 402 || response.status === 403) {
+      const data2 = await safeJson(response);
+      const detail = data2?.detail ?? data2;
+      if (detail && typeof detail === "object") {
+        throw new ZerocorePaymentError(
+          detail.message ?? "Payment denied",
+          detail.denial_reason ?? "UNKNOWN",
+          response.status
+        );
+      }
+      throw new ZerocorePaymentError(
+        typeof detail === "string" ? detail : "Payment denied",
+        "UNKNOWN",
+        response.status
+      );
+    }
+    const data = await safeJson(response);
+    const message = data?.detail ?? data?.message ?? `API error ${response.status}`;
+    throw new ZerocoreError(
+      typeof message === "string" ? message : `API error ${response.status}`,
+      response.status
+    );
+  }
+};
+async function safeJson(response) {
+  try {
+    return await response.json();
+  } catch {
+    return null;
+  }
+}
+function toApprovalResult(raw) {
+  return {
+    approved: raw.approval_status === "approved",
+    transactionId: raw.transaction_id,
+    amountUsd: raw.amount_usd,
+    amountSol: raw.amount_sol,
+    amountUsdc: raw.amount_usdc,
+    currency: raw.currency,
+    merchant: raw.merchant,
+    remainingDailyLimit: raw.remaining_daily_limit,
+    solanaSignature: raw.solana_signature,
+    denialReason: raw.denial_reason,
+    message: raw.message
+  };
+}
+export {
+  Client,
+  ZerocoreAuthError,
+  ZerocoreError,
+  ZerocoreNetworkError,
+  ZerocorePaymentError,
+  ZerocoreRateLimitError
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/errors.ts","../src/client.ts"],"sourcesContent":["/**\n * ZERO.CORE SDK — Error Classes\n *\n * Typed exceptions for every failure mode the control plane can produce.\n */\n\nimport type { DenialReason } from \"./types.js\";\n\n// ---------------------------------------------------------------------------\n// Base\n// ---------------------------------------------------------------------------\n\n/** Base error for all ZERO.CORE SDK errors. */\nexport class ZerocoreError extends Error {\n  /** HTTP status code from the API, if applicable. */\n  readonly statusCode?: number;\n\n  constructor(message: string, statusCode?: number) {\n    super(message);\n    this.name = \"ZerocoreError\";\n    this.statusCode = statusCode;\n  }\n}\n\n// ---------------------------------------------------------------------------\n// Auth\n// ---------------------------------------------------------------------------\n\n/** Thrown when the API key is invalid or revoked (HTTP 401). */\nexport class ZerocoreAuthError extends ZerocoreError {\n  constructor(message = \"Invalid API key\") {\n    super(message, 401);\n    this.name = \"ZerocoreAuthError\";\n  }\n}\n\n// ---------------------------------------------------------------------------\n// Payment denied\n// ---------------------------------------------------------------------------\n\n/**\n * Thrown when the fiduciary control plane denies a transaction (HTTP 402/403).\n *\n * Inspect {@link reason} for the specific denial cause:\n * - `AGENT_INACTIVE` — Kill switch is off\n * - `EXCEEDS_PER_TX_LIMIT` — Single transaction too large\n * - `EXCEEDS_DAILY_LIMIT` — Daily budget exhausted\n * - `SETTLEMENT_FAILED: ...` — On-chain transfer failed\n */\nexport class ZerocorePaymentError extends ZerocoreError {\n  /** Machine-readable denial reason from the control plane. */\n  readonly reason: DenialReason;\n\n  constructor(message: string, reason: DenialReason, statusCode = 403) {\n    super(message, statusCode);\n    this.name = \"ZerocorePaymentError\";\n    this.reason = reason;\n  }\n}\n\n// ---------------------------------------------------------------------------\n// Rate limit\n// ---------------------------------------------------------------------------\n\n/** Thrown when the API rate limit is exceeded (HTTP 429). */\nexport class ZerocoreRateLimitError extends ZerocoreError {\n  /** Seconds to wait before retrying, if provided by the API. */\n  readonly retryAfter?: number;\n\n  constructor(retryAfter?: number) {\n    const msg = retryAfter\n      ? `Rate limited. Retry after ${retryAfter}s.`\n      : \"Rate limited.\";\n    super(msg, 429);\n    this.name = \"ZerocoreRateLimitError\";\n    this.retryAfter = retryAfter;\n  }\n}\n\n// ---------------------------------------------------------------------------\n// Network\n// ---------------------------------------------------------------------------\n\n/** Thrown when the Edge Function is unreachable. */\nexport class ZerocoreNetworkError extends ZerocoreError {\n  constructor(message = \"Cannot connect to ZERO.CORE API.\") {\n    super(message);\n    this.name = \"ZerocoreNetworkError\";\n  }\n}\n","/**\n * ZERO.CORE SDK — Client\n *\n * The fiduciary gatekeeper for AI agents. Every paid API call your agent\n * makes should pass through {@link Client.authorizeSpend} first. If the\n * control plane says no, the call never happens.\n *\n * @example\n * ```ts\n * import { Client } from \"@zerocore1/sdk\";\n *\n * const zc = new Client({ apiKey: \"zc_live_abc123...\" });\n *\n * const result = await zc.authorizeSpend({\n *   amountUsd: 0.03,\n *   merchant: \"OpenAI\",\n *   currency: \"USDC\",\n * });\n *\n * if (result.approved) {\n *   // safe to call OpenAI\n * }\n * ```\n */\n\nimport type {\n  ApprovalResult,\n  AuthorizeSpendParams,\n  ClientOptions,\n  RawApiResponse,\n} from \"./types.js\";\n\nimport {\n  ZerocoreAuthError,\n  ZerocoreError,\n  ZerocoreNetworkError,\n  ZerocorePaymentError,\n  ZerocoreRateLimitError,\n} from \"./errors.js\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\nconst DEFAULT_BASE_URL =\n  \"https://augvmbhpuchkqqowxmrk.supabase.co/functions/v1\";\n\nconst DEFAULT_TIMEOUT = 30_000;\n\nconst USER_AGENT = \"zerocore-sdk-ts/0.1.0\";\n\n// ---------------------------------------------------------------------------\n// Client\n// ---------------------------------------------------------------------------\n\nexport class Client {\n  private readonly apiKey: string;\n  private readonly baseUrl: string;\n  private readonly timeout: number;\n\n  constructor(options: ClientOptions) {\n    const { apiKey, baseUrl, timeout } = options;\n\n    if (!apiKey || !apiKey.startsWith(\"zc_\")) {\n      throw new ZerocoreAuthError(\n        \"API key must start with 'zc_live_' or 'zc_test_'. \" +\n          \"Generate one at your ZERO.CORE dashboard → API Keys.\",\n      );\n    }\n\n    this.apiKey = apiKey;\n    this.baseUrl = (baseUrl ?? DEFAULT_BASE_URL).replace(/\\/+$/, \"\");\n    this.timeout = timeout ?? DEFAULT_TIMEOUT;\n  }\n\n  // ── Public API ──────────────────────────────────────────────────────────\n\n  /**\n   * Request authorization for an agent payment.\n   *\n   * Call this **before** your agent executes any paid API call.\n   * The control plane checks:\n   * - Is the agent active? (kill switch)\n   * - Does this exceed the per-transaction limit?\n   * - Does this exceed the daily spending limit?\n   *\n   * If approved and `executeOnChain` is `true`, the Edge Function executes\n   * a real on-chain transfer (SOL or USDC SPL token).\n   *\n   * @throws {ZerocorePaymentError} Transaction was denied.\n   * @throws {ZerocoreAuthError} API key is invalid.\n   * @throws {ZerocoreRateLimitError} Too many requests.\n   * @throws {ZerocoreNetworkError} API is unreachable.\n   */\n  async authorizeSpend(\n    params: AuthorizeSpendParams,\n  ): Promise<ApprovalResult> {\n    const { amountUsd, merchant, currency = \"SOL\", memo, executeOnChain = false } = params;\n\n    if (amountUsd <= 0) {\n      throw new Error(\"amountUsd must be positive\");\n    }\n    if (!merchant) {\n      throw new Error(\"merchant is required\");\n    }\n    if (currency !== \"SOL\" && currency !== \"USDC\") {\n      throw new Error(\"currency must be 'SOL' or 'USDC'\");\n    }\n\n    const payload: Record<string, unknown> = {\n      amount_usd: amountUsd,\n      merchant,\n      execute_on_chain: executeOnChain,\n      currency,\n    };\n\n    if (memo) {\n      payload.memo = memo;\n    }\n\n    const raw = await this.post<RawApiResponse>(\"/authorize\", payload);\n\n    return toApprovalResult(raw);\n  }\n\n  // ── Internal ────────────────────────────────────────────────────────────\n\n  private async post<T>(path: string, body: Record<string, unknown>): Promise<T> {\n    const url = `${this.baseUrl}${path}`;\n\n    let response: Response;\n    try {\n      response = await fetch(url, {\n        method: \"POST\",\n        headers: {\n          Authorization: `Bearer ${this.apiKey}`,\n          \"Content-Type\": \"application/json\",\n          \"User-Agent\": USER_AGENT,\n        },\n        body: JSON.stringify(body),\n        signal: AbortSignal.timeout(this.timeout),\n      });\n    } catch (err) {\n      if (err instanceof DOMException && err.name === \"TimeoutError\") {\n        throw new ZerocoreNetworkError(\"Request timed out.\");\n      }\n      throw new ZerocoreNetworkError(\n        `Cannot connect to ${this.baseUrl}. Check your network or baseUrl setting.`,\n      );\n    }\n\n    return this.handleResponse<T>(response);\n  }\n\n  private async handleResponse<T>(response: Response): Promise<T> {\n    // 200 — success\n    if (response.ok) {\n      return (await response.json()) as T;\n    }\n\n    // 401 — auth error\n    if (response.status === 401) {\n      const data = await safeJson(response);\n      const msg = data?.detail ?? \"Invalid API key\";\n      throw new ZerocoreAuthError(typeof msg === \"string\" ? msg : \"Invalid API key\");\n    }\n\n    // 429 — rate limit\n    if (response.status === 429) {\n      const retryAfter = response.headers.get(\"Retry-After\");\n      throw new ZerocoreRateLimitError(\n        retryAfter ? parseFloat(retryAfter) : undefined,\n      );\n    }\n\n    // 402 / 403 — payment denied\n    if (response.status === 402 || response.status === 403) {\n      const data = await safeJson(response);\n      const detail = data?.detail ?? data;\n\n      if (detail && typeof detail === \"object\") {\n        throw new ZerocorePaymentError(\n          detail.message ?? \"Payment denied\",\n          detail.denial_reason ?? \"UNKNOWN\",\n          response.status,\n        );\n      }\n\n      throw new ZerocorePaymentError(\n        typeof detail === \"string\" ? detail : \"Payment denied\",\n        \"UNKNOWN\",\n        response.status,\n      );\n    }\n\n    // Anything else\n    const data = await safeJson(response);\n    const message = data?.detail ?? data?.message ?? `API error ${response.status}`;\n    throw new ZerocoreError(\n      typeof message === \"string\" ? message : `API error ${response.status}`,\n      response.status,\n    );\n  }\n}\n\n// ---------------------------------------------------------------------------\n// Helpers\n// ---------------------------------------------------------------------------\n\n/** Parse JSON from a response without throwing on invalid JSON. */\n// deno-lint-ignore no-explicit-any\nasync function safeJson(response: Response): Promise<any> {\n  try {\n    return await response.json();\n  } catch {\n    return null;\n  }\n}\n\n/** Map a raw snake_case API response to a camelCase {@link ApprovalResult}. */\nfunction toApprovalResult(raw: RawApiResponse): ApprovalResult {\n  return {\n    approved: raw.approval_status === \"approved\",\n    transactionId: raw.transaction_id,\n    amountUsd: raw.amount_usd,\n    amountSol: raw.amount_sol,\n    amountUsdc: raw.amount_usdc,\n    currency: raw.currency,\n    merchant: raw.merchant,\n    remainingDailyLimit: raw.remaining_daily_limit,\n    solanaSignature: raw.solana_signature,\n    denialReason: raw.denial_reason,\n    message: raw.message,\n  };\n}\n"],"mappings":";AAaO,IAAM,gBAAN,cAA4B,MAAM;AAAA;AAAA,EAE9B;AAAA,EAET,YAAY,SAAiB,YAAqB;AAChD,UAAM,OAAO;AACb,SAAK,OAAO;AACZ,SAAK,aAAa;AAAA,EACpB;AACF;AAOO,IAAM,oBAAN,cAAgC,cAAc;AAAA,EACnD,YAAY,UAAU,mBAAmB;AACvC,UAAM,SAAS,GAAG;AAClB,SAAK,OAAO;AAAA,EACd;AACF;AAeO,IAAM,uBAAN,cAAmC,cAAc;AAAA;AAAA,EAE7C;AAAA,EAET,YAAY,SAAiB,QAAsB,aAAa,KAAK;AACnE,UAAM,SAAS,UAAU;AACzB,SAAK,OAAO;AACZ,SAAK,SAAS;AAAA,EAChB;AACF;AAOO,IAAM,yBAAN,cAAqC,cAAc;AAAA;AAAA,EAE/C;AAAA,EAET,YAAY,YAAqB;AAC/B,UAAM,MAAM,aACR,6BAA6B,UAAU,OACvC;AACJ,UAAM,KAAK,GAAG;AACd,SAAK,OAAO;AACZ,SAAK,aAAa;AAAA,EACpB;AACF;AAOO,IAAM,uBAAN,cAAmC,cAAc;AAAA,EACtD,YAAY,UAAU,oCAAoC;AACxD,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;;;AC7CA,IAAM,mBACJ;AAEF,IAAM,kBAAkB;AAExB,IAAM,aAAa;AAMZ,IAAM,SAAN,MAAa;AAAA,EACD;AAAA,EACA;AAAA,EACA;AAAA,EAEjB,YAAY,SAAwB;AAClC,UAAM,EAAE,QAAQ,SAAS,QAAQ,IAAI;AAErC,QAAI,CAAC,UAAU,CAAC,OAAO,WAAW,KAAK,GAAG;AACxC,YAAM,IAAI;AAAA,QACR;AAAA,MAEF;AAAA,IACF;AAEA,SAAK,SAAS;AACd,SAAK,WAAW,WAAW,kBAAkB,QAAQ,QAAQ,EAAE;AAC/D,SAAK,UAAU,WAAW;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAqBA,MAAM,eACJ,QACyB;AACzB,UAAM,EAAE,WAAW,UAAU,WAAW,OAAO,MAAM,iBAAiB,MAAM,IAAI;AAEhF,QAAI,aAAa,GAAG;AAClB,YAAM,IAAI,MAAM,4BAA4B;AAAA,IAC9C;AACA,QAAI,CAAC,UAAU;AACb,YAAM,IAAI,MAAM,sBAAsB;AAAA,IACxC;AACA,QAAI,aAAa,SAAS,aAAa,QAAQ;AAC7C,YAAM,IAAI,MAAM,kCAAkC;AAAA,IACpD;AAEA,UAAM,UAAmC;AAAA,MACvC,YAAY;AAAA,MACZ;AAAA,MACA,kBAAkB;AAAA,MAClB;AAAA,IACF;AAEA,QAAI,MAAM;AACR,cAAQ,OAAO;AAAA,IACjB;AAEA,UAAM,MAAM,MAAM,KAAK,KAAqB,cAAc,OAAO;AAEjE,WAAO,iBAAiB,GAAG;AAAA,EAC7B;AAAA;AAAA,EAIA,MAAc,KAAQ,MAAc,MAA2C;AAC7E,UAAM,MAAM,GAAG,KAAK,OAAO,GAAG,IAAI;AAElC,QAAI;AACJ,QAAI;AACF,iBAAW,MAAM,MAAM,KAAK;AAAA,QAC1B,QAAQ;AAAA,QACR,SAAS;AAAA,UACP,eAAe,UAAU,KAAK,MAAM;AAAA,UACpC,gBAAgB;AAAA,UAChB,cAAc;AAAA,QAChB;AAAA,QACA,MAAM,KAAK,UAAU,IAAI;AAAA,QACzB,QAAQ,YAAY,QAAQ,KAAK,OAAO;AAAA,MAC1C,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,UAAI,eAAe,gBAAgB,IAAI,SAAS,gBAAgB;AAC9D,cAAM,IAAI,qBAAqB,oBAAoB;AAAA,MACrD;AACA,YAAM,IAAI;AAAA,QACR,qBAAqB,KAAK,OAAO;AAAA,MACnC;AAAA,IACF;AAEA,WAAO,KAAK,eAAkB,QAAQ;AAAA,EACxC;AAAA,EAEA,MAAc,eAAkB,UAAgC;AAE9D,QAAI,SAAS,IAAI;AACf,aAAQ,MAAM,SAAS,KAAK;AAAA,IAC9B;AAGA,QAAI,SAAS,WAAW,KAAK;AAC3B,YAAMA,QAAO,MAAM,SAAS,QAAQ;AACpC,YAAM,MAAMA,OAAM,UAAU;AAC5B,YAAM,IAAI,kBAAkB,OAAO,QAAQ,WAAW,MAAM,iBAAiB;AAAA,IAC/E;AAGA,QAAI,SAAS,WAAW,KAAK;AAC3B,YAAM,aAAa,SAAS,QAAQ,IAAI,aAAa;AACrD,YAAM,IAAI;AAAA,QACR,aAAa,WAAW,UAAU,IAAI;AAAA,MACxC;AAAA,IACF;AAGA,QAAI,SAAS,WAAW,OAAO,SAAS,WAAW,KAAK;AACtD,YAAMA,QAAO,MAAM,SAAS,QAAQ;AACpC,YAAM,SAASA,OAAM,UAAUA;AAE/B,UAAI,UAAU,OAAO,WAAW,UAAU;AACxC,cAAM,IAAI;AAAA,UACR,OAAO,WAAW;AAAA,UAClB,OAAO,iBAAiB;AAAA,UACxB,SAAS;AAAA,QACX;AAAA,MACF;AAEA,YAAM,IAAI;AAAA,QACR,OAAO,WAAW,WAAW,SAAS;AAAA,QACtC;AAAA,QACA,SAAS;AAAA,MACX;AAAA,IACF;AAGA,UAAM,OAAO,MAAM,SAAS,QAAQ;AACpC,UAAM,UAAU,MAAM,UAAU,MAAM,WAAW,aAAa,SAAS,MAAM;AAC7E,UAAM,IAAI;AAAA,MACR,OAAO,YAAY,WAAW,UAAU,aAAa,SAAS,MAAM;AAAA,MACpE,SAAS;AAAA,IACX;AAAA,EACF;AACF;AAQA,eAAe,SAAS,UAAkC;AACxD,MAAI;AACF,WAAO,MAAM,SAAS,KAAK;AAAA,EAC7B,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGA,SAAS,iBAAiB,KAAqC;AAC7D,SAAO;AAAA,IACL,UAAU,IAAI,oBAAoB;AAAA,IAClC,eAAe,IAAI;AAAA,IACnB,WAAW,IAAI;AAAA,IACf,WAAW,IAAI;AAAA,IACf,YAAY,IAAI;AAAA,IAChB,UAAU,IAAI;AAAA,IACd,UAAU,IAAI;AAAA,IACd,qBAAqB,IAAI;AAAA,IACzB,iBAAiB,IAAI;AAAA,IACrB,cAAc,IAAI;AAAA,IAClB,SAAS,IAAI;AAAA,EACf;AACF;","names":["data"]}

package/package.json

@@ -0,0 +1,55 @@
+{
+  "name": "@zerocore1/sdk",
+  "version": "0.1.0",
+  "description": "TypeScript SDK for ZERO.CORE — the Fiduciary Control Plane for AI Agents",
+  "license": "MIT",
+  "author": "ZERO.CORE <dev@zerocore.io>",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/josephthompson101/zerocore",
+    "directory": "sdk-ts"
+  },
+  "keywords": [
+    "ai",
+    "agents",
+    "payments",
+    "fiduciary",
+    "solana",
+    "fintech",
+    "usdc",
+    "settlement"
+  ],
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      },
+      "require": {
+        "types": "./dist/index.d.cts",
+        "default": "./dist/index.cjs"
+      }
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "typecheck": "tsc --noEmit",
+    "clean": "rm -rf dist"
+  },
+  "devDependencies": {
+    "tsup": "^8.0.0",
+    "typescript": "^5.4.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}