@zkp2p/sdk 0.4.0-rc.4 → 0.4.1

package/dist/index.cjs

@@ -42284,15 +42284,19 @@ init_errors();
 init_errors();
 function parseAPIError(response, responseText) {
   let message = `Request failed: ${response.statusText}`;
+  let parsedBody;
   try {
-    const parsed = responseText ? JSON.parse(responseText) : void 0;
-    if (parsed && (parsed.error || parsed.message)) {
-      message = parsed.error || parsed.message;
+    parsedBody = responseText ? JSON.parse(responseText) : void 0;
+    if (parsedBody && typeof parsedBody === "object") {
+      const body = parsedBody;
+      if (body.error || body.message) {
+        message = body.error || body.message;
+      }
     }
   } catch {
     if (responseText && responseText.length < 200) message = responseText;
   }
-  return new exports.APIError(message, response.status, { url: response.url });
+  return new exports.APIError(message, response.status, { url: response.url, responseBody: parsedBody });
 }
 async function withRetry(fn, maxRetries = 3, delayMs = 1e3, timeoutMs) {
   let lastErr;
@@ -42370,6 +42374,61 @@ init_errors();
 function headers() {
   return { "Content-Type": "application/json" };
 }
+function normalizeOptionalString(value) {
+  if (typeof value !== "string") {
+    return null;
+  }
+  const normalized = value.trim();
+  return normalized.length > 0 ? normalized : null;
+}
+function normalizeBaseUrl(value, label) {
+  const normalized = normalizeOptionalString(value)?.replace(/\/+$/u, "");
+  if (!normalized) {
+    throw new Error(`${label} is required for buyer TEE session encryption.`);
+  }
+  return normalized;
+}
+function isPayeeBoundSellerCredentialUploadInput(payload) {
+  return typeof payload.payeeId === "string";
+}
+function isWiseCredentialUploadInput(payload) {
+  return typeof payload.sessionMaterial?.apiToken === "string";
+}
+async function createEncryptedSellerCredentialUploadForPlatform({
+  attestationServiceUrl,
+  attestationRuntime,
+  payload,
+  platform,
+  timeoutMs
+}) {
+  if (platform === "wise") {
+    if (!isWiseCredentialUploadInput(payload)) {
+      throw new Error("apiToken is required for wise seller credential uploads");
+    }
+    return zkp2pAttestation.createEncryptedSellerCredentialUpload({
+      attestationServiceUrl,
+      platform: "wise",
+      sessionMaterial: payload.sessionMaterial,
+      ...typeof timeoutMs === "number" ? { timeoutMs } : {},
+      ...attestationRuntime?.fetch ? { fetch: attestationRuntime.fetch } : {},
+      ...attestationRuntime?.subtle ? { subtle: attestationRuntime.subtle } : {},
+      ...attestationRuntime?.getRandomValues ? { getRandomValues: attestationRuntime.getRandomValues } : {}
+    });
+  }
+  if (!isPayeeBoundSellerCredentialUploadInput(payload)) {
+    throw new Error(`payeeId is required for ${platform} seller credential uploads`);
+  }
+  return zkp2pAttestation.createEncryptedSellerCredentialUpload({
+    attestationServiceUrl,
+    platform,
+    payeeId: payload.payeeId,
+    sessionMaterial: payload.sessionMaterial,
+    ...typeof timeoutMs === "number" ? { timeoutMs } : {},
+    ...attestationRuntime?.fetch ? { fetch: attestationRuntime.fetch } : {},
+    ...attestationRuntime?.subtle ? { subtle: attestationRuntime.subtle } : {},
+    ...attestationRuntime?.getRandomValues ? { getRandomValues: attestationRuntime.getRandomValues } : {}
+  });
+}
 async function apiCreatePaymentAttestation(payload, attestationServiceUrl, platform, actionType) {
   return withRetry(async () => {
     let res;
@@ -42393,18 +42452,61 @@ async function apiCreatePaymentAttestation(payload, attestationServiceUrl, platf
     return res.json();
   });
 }
+async function apiVerifyBuyerTeePayment(payload, attestationServiceUrl, platform, actionType) {
+  return withRetry(async () => {
+    let res;
+    try {
+      const endpoint = `/buyer/verify/${encodeURIComponent(platform)}/${encodeURIComponent(
+        actionType
+      )}`;
+      res = await fetch(`${attestationServiceUrl}${endpoint}`, {
+        method: "POST",
+        headers: headers(),
+        body: JSON.stringify(payload)
+      });
+    } catch (error) {
+      throw new exports.NetworkError("Failed to connect to Attestation Service", {
+        endpoint: `/buyer/verify/${platform}/${actionType}`,
+        error
+      });
+    }
+    if (!res.ok) {
+      const errorText = await res.text();
+      throw parseAPIError(res, errorText);
+    }
+    return res.json();
+  });
+}
+async function createEncryptedBuyerTeeSessionMaterial({
+  actionType,
+  attestationRuntime,
+  attestationServiceUrl,
+  platform,
+  sessionMaterial,
+  timeoutMs
+}) {
+  const params = {
+    actionType,
+    attestationServiceUrl: normalizeBaseUrl(attestationServiceUrl, "Attestation Service URL"),
+    platform,
+    sessionMaterial,
+    ...timeoutMs == null ? {} : { timeoutMs },
+    ...attestationRuntime?.fetch ? { fetch: attestationRuntime.fetch } : {},
+    ...attestationRuntime?.subtle ? { subtle: attestationRuntime.subtle } : {},
+    ...attestationRuntime?.getRandomValues ? { getRandomValues: attestationRuntime.getRandomValues } : {}
+  };
+  return zkp2pAttestation.createEncryptedBuyerTeeSessionMaterial(params);
+}
 async function apiCreateSellerCredentialBundle(payload, attestationServiceUrl, platform, timeoutMs, attestationRuntime) {
   return withRetry(
     async () => {
       const requestFetch = attestationRuntime?.fetch ?? fetch;
-      const encryptedUpload = await zkp2pAttestation.createEncryptedSellerCredentialUpload({
+      const encryptedUpload = await createEncryptedSellerCredentialUploadForPlatform({
         attestationServiceUrl,
-        payeeId: payload.payeeId,
-        sessionMaterial: payload.sessionMaterial,
-        ...typeof timeoutMs === "number" ? { timeoutMs } : {},
-        ...attestationRuntime?.fetch ? { fetch: attestationRuntime.fetch } : {},
-        ...attestationRuntime?.subtle ? { subtle: attestationRuntime.subtle } : {},
-        ...attestationRuntime?.getRandomValues ? { getRandomValues: attestationRuntime.getRandomValues } : {}
+        attestationRuntime,
+        payload,
+        platform,
+        timeoutMs
       });
       let res;
       try {
@@ -42449,12 +42551,13 @@ function encodePaymentAttestation(attestation) {
   const dataHash = td.dataHash;
   const signatures = [resp.signature];
   const encodedPaymentDetails = resp.encodedPaymentDetails;
+  const metadata = typeof resp.metadata === "string" && resp.metadata.length > 0 ? resp.metadata : "0x";
   if (!intentHash || !releaseAmount || !dataHash || !encodedPaymentDetails) {
     throw new Error("Attestation response missing required fields");
   }
   return abiCoder.encode(
     ["tuple(bytes32,uint256,bytes32,bytes[],bytes,bytes)"],
-    [[intentHash, releaseAmount, dataHash, signatures, encodedPaymentDetails, "0x"]]
+    [[intentHash, releaseAmount, dataHash, signatures, encodedPaymentDetails, metadata]]
   );
 }
 
@@ -42863,6 +42966,7 @@ var PLATFORM_ATTESTATION_CONFIG = {
   chime: { actionType: "transfer_chime", actionPlatform: "chime" },
   luxon: { actionType: "transfer_luxon", actionPlatform: "luxon" },
   n26: { actionType: "transfer_n26", actionPlatform: "n26" },
+  alipay: { actionType: "transfer_alipay", actionPlatform: "alipay" },
   "zelle-chase": { actionType: "transfer_zelle", actionPlatform: "chase" },
   "zelle-bofa": { actionType: "transfer_zelle", actionPlatform: "bankofamerica" },
   "zelle-citi": { actionType: "transfer_zelle", actionPlatform: "citi" }
@@ -43163,6 +43267,8 @@ var IntentOperations = class {
       paymentProof = precomputed.paymentProof;
       verificationData = precomputed.verificationData;
     } else {
+      const { proof } = params;
+      const buyerTeeProof = parseBuyerTeePaymentProofInput(proof);
       const attestationServiceUrl = params.attestationServiceUrl ?? this.defaultAttestationService();
       const inputs = await this.config.host.getFulfillIntentInputs(intentHash, {
         orchestratorAddress: orchestratorContext.address
@@ -43177,24 +43283,33 @@ var IntentOperations = class {
         throw new Error("Unknown paymentMethodHash for this network/env; update SDK catalogs.");
       }
       const platformConfig = resolvePlatformAttestationConfig(platformName);
-      const zkTlsProof = typeof params.proof === "string" ? params.proof : serializeProofInput(params.proof);
-      const payload = {
-        proofType: "reclaim",
-        proof: zkTlsProof,
-        chainId: this.config.getChainId(),
-        intent: {
-          intentHash,
-          amount: inputs.amount,
-          timestampMs: inputs.intentTimestampMs,
-          paymentMethod: paymentMethodHash,
-          fiatCurrency: inputs.fiatCurrency,
-          conversionRate: inputs.conversionRate,
-          payeeDetails: inputs.payeeDetails,
-          timestampBufferMs: params.timestampBufferMs ?? "300000"
-        }
+      const intent = {
+        intentHash,
+        amount: inputs.amount,
+        timestampMs: inputs.intentTimestampMs,
+        paymentMethod: paymentMethodHash,
+        fiatCurrency: inputs.fiatCurrency,
+        conversionRate: inputs.conversionRate,
+        payeeDetails: inputs.payeeDetails,
+        timestampBufferMs: params.timestampBufferMs ?? "300000"
       };
-      const attestation = await apiCreatePaymentAttestation(
-        payload,
+      const attestation = buyerTeeProof ? await apiVerifyBuyerTeePayment(
+        {
+          encryptedSessionMaterial: buyerTeeProof.encryptedSessionMaterial,
+          params: buyerTeeProof.params,
+          chainId: this.config.getChainId(),
+          intent
+        },
+        attestationServiceUrl,
+        platformConfig.actionPlatform,
+        platformConfig.actionType
+      ) : await apiCreatePaymentAttestation(
+        {
+          proofType: "reclaim",
+          proof: typeof proof === "string" ? proof : serializeProofInput(proof),
+          chainId: this.config.getChainId(),
+          intent
+        },
         attestationServiceUrl,
         platformConfig.actionPlatform,
         platformConfig.actionType
@@ -43312,6 +43427,27 @@ function serializeProofInput(proof) {
     (_key, value) => typeof value === "bigint" ? value.toString() : value
   );
 }
+function isRecord(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function isBuyerTeeParams(value) {
+  return isRecord(value) && Object.values(value).every(
+    (entry) => typeof entry === "string" || typeof entry === "number" || typeof entry === "boolean"
+  );
+}
+function parseBuyerTeePaymentProofInput(proof) {
+  if (!isRecord(proof) || proof.proofType !== "buyerTee") {
+    return null;
+  }
+  if (typeof proof.encryptedSessionMaterial !== "string" || !isBuyerTeeParams(proof.params)) {
+    throw new Error("Buyer TEE proof requires encryptedSessionMaterial and params.");
+  }
+  return {
+    proofType: "buyerTee",
+    encryptedSessionMaterial: proof.encryptedSessionMaterial,
+    params: proof.params
+  };
+}
 function normalizeSignalIntentReferralFees(params) {
   if (params.referralFees) {
     return params.referralFees.map((referralFee) => ({
@@ -47089,6 +47225,19 @@ async function apiUploadSellerCredential(processorName, payeeDetails, bundle, ba
     timeoutMs
   });
 }
+async function apiConfirmPayPalForwarding(payeeDetails, body, baseApiUrl, opts) {
+  const endpoint = `/v2/makers/paypal/${encodeURIComponent(
+    payeeDetails
+  )}/seller-credential/forwarding-confirmation`;
+  return apiFetch({
+    url: `${withApiBase(baseApiUrl)}${endpoint}`,
+    method: "POST",
+    body,
+    apiKey: opts?.apiKey,
+    authToken: opts?.authToken,
+    timeoutMs: opts?.timeoutMs
+  });
+}
 async function apiGetSellerCredentialStatus(processorName, payeeDetails, baseApiUrl, timeoutMs) {
   const endpoint = `/v2/makers/${encodeURIComponent(processorName)}/${encodeURIComponent(
     payeeDetails
@@ -47100,10 +47249,16 @@ async function apiGetSellerCredentialStatus(processorName, payeeDetails, baseApi
   });
 }
 async function apiVerifySellerPayment(platform, req, baseApiUrl, timeoutMs, apiKey, authToken) {
+  const body = {
+    txId: req.txId,
+    chainId: req.chainId,
+    intent: req.intent,
+    ...req.metadata !== void 0 ? { metadata: req.metadata } : {}
+  };
   return apiFetch({
     url: `${withApiBase(baseApiUrl)}/v2/verify/seller/${encodeURIComponent(platform)}`,
     method: "POST",
-    body: req,
+    body,
     apiKey,
     authToken,
     timeoutMs
@@ -47185,6 +47340,11 @@ var applyReferrerFeeDisplayFieldsToTokenAmount = (tokenAmount, referrerFeeConfig
   }
 };
 var applyReferrerFeeDisplayFieldsToQuote = (quote, referrerFeeConfig, decimals) => {
+  const enrichedQuote = quote;
+  const hasCuratorReferrerFeeFields = enrichedQuote.referrerFeeAmount != null || enrichedQuote.referrerFeeBps != null;
+  if (hasCuratorReferrerFeeFields) {
+    return enrichedQuote;
+  }
   const signalIntentAmount = quote.signalIntentAmount ?? quote.intent?.amount ?? quote.tokenAmount;
   const adjusted = applyReferrerFeeDisplayFieldsToTokenAmount(
     quote.tokenAmount,
@@ -48154,7 +48314,7 @@ var Zkp2pClient = class {
      * ```
      *
      * @param params.intentHash - The intent hash to fulfill (0x-prefixed, 32 bytes)
-     * @param params.proof - Payment proof from Reclaim (object or JSON string)
+     * @param params.proof - Payment proof from Reclaim (object or JSON string) or buyer TEE proof input
      * @param params.timestampBufferMs - Allowed timestamp variance (default: 300000ms)
      * @param params.attestationServiceUrl - Override attestation service URL
      * @param params.postIntentHookData - Data to pass to post-intent hook
@@ -49712,8 +49872,10 @@ var Zkp2pClient = class {
    * seller-automated-release availability is governed by curator's probe/revalidation state
    * rather than these timestamps.
    *
-   * Register or recover the payee maker row, create a signed seller credential bundle with
-   * attestation-service, and store it via curator's platform plus hashed payee-details route.
+   * Create a signed seller credential bundle with attestation-service and store it via
+   * curator's platform plus hashed payee-details route. Session-cookie platforms register
+   * or recover the payee maker row before upload; Wise derives the payee hash inside the enclave
+   * from the submitted Personal API Token.
    */
   async uploadSellerCredential(params, opts) {
     const baseApiUrl = this.stripTrailingSlash(
@@ -49723,6 +49885,33 @@ var Zkp2pClient = class {
     const attestationServiceUrl = this.stripTrailingSlash(
       opts?.attestationServiceUrl ?? this.defaultAttestationServiceForBaseApiUrl(baseApiUrl)
     );
+    const createBundle = (uploadPayload2) => opts?.attestationRuntime ? apiCreateSellerCredentialBundle(
+      uploadPayload2,
+      attestationServiceUrl,
+      params.platform,
+      timeoutMs,
+      opts.attestationRuntime
+    ) : apiCreateSellerCredentialBundle(
+      uploadPayload2,
+      attestationServiceUrl,
+      params.platform,
+      timeoutMs
+    );
+    if (params.platform === "wise") {
+      const bundleResponse2 = await createBundle({
+        sessionMaterial: params.sessionMaterial
+      });
+      if (!bundleResponse2.success || !bundleResponse2.responseObject) {
+        throw new Error(bundleResponse2.message || "Failed to create seller credential bundle");
+      }
+      return apiUploadSellerCredential(
+        params.platform,
+        bundleResponse2.responseObject.payeeIdHash,
+        bundleResponse2.responseObject,
+        baseApiUrl,
+        timeoutMs
+      );
+    }
     const registeredPayeePayload = {
       offchainId: params.offchainId,
       processorName: params.platform
@@ -49745,18 +49934,7 @@ var Zkp2pClient = class {
       payeeId: params.payeeId,
       sessionMaterial: params.sessionMaterial
     };
-    const bundleResponse = opts?.attestationRuntime ? await apiCreateSellerCredentialBundle(
-      uploadPayload,
-      attestationServiceUrl,
-      params.platform,
-      timeoutMs,
-      opts.attestationRuntime
-    ) : await apiCreateSellerCredentialBundle(
-      uploadPayload,
-      attestationServiceUrl,
-      params.platform,
-      timeoutMs
-    );
+    const bundleResponse = await createBundle(uploadPayload);
     if (!bundleResponse.success || !bundleResponse.responseObject) {
       throw new Error(bundleResponse.message || "Failed to create seller credential bundle");
     }
@@ -49772,6 +49950,32 @@ var Zkp2pClient = class {
       timeoutMs
     );
   }
+  /**
+   * Confirms the PayPal Gmail-forwarding setup for an existing maker payee hash.
+   *
+   * Uses curator's `/forwarding-confirmation` route and forwards both API key and
+   * bearer token so either auth strategy can satisfy the hybrid gate. The endpoint
+   * is rate-limited server-side; callers should surface retry guidance from APIError.
+   */
+  async confirmPayPalForwarding(params, opts) {
+    const baseApiUrl = this.stripTrailingSlash(
+      opts?.baseApiUrl ?? this.baseApiUrl ?? DEFAULT_BASE_API_URL
+    );
+    const timeoutMs = opts?.timeoutMs ?? this.apiTimeoutMs;
+    return apiConfirmPayPalForwarding(
+      params.payeeDetails,
+      {
+        payeeEmail: params.payeeEmail,
+        forwardingInitiatorEmail: params.forwardingInitiatorEmail
+      },
+      baseApiUrl,
+      {
+        apiKey: this.apiKey,
+        authToken: this.authorizationToken,
+        timeoutMs
+      }
+    );
+  }
   /**
    * Status is a coarse curator-owned signal (`active` / `inactive` / `missing`) and intentionally
    * omits low-level diagnostics. Curator may still re-probe stale credentials during verify, so callers
@@ -49810,7 +50014,8 @@ var Zkp2pClient = class {
       {
         txId: params.txId,
         chainId: params.chainId,
-        intent: params.intent
+        intent: params.intent,
+        ...params.metadata !== void 0 ? { metadata: params.metadata } : {}
       },
       baseApiUrl,
       timeoutMs,
@@ -50009,7 +50214,7 @@ var assertObjectInput = (params) => {
   }
   return params;
 };
-var normalizeOptionalString = (value, label) => {
+var normalizeOptionalString2 = (value, label) => {
   if (value === void 0) {
     return void 0;
   }
@@ -50023,7 +50228,7 @@ var normalizeOptionalString = (value, label) => {
   return trimmed;
 };
 var normalizeOptionalUrl = (value, label) => {
-  const trimmed = normalizeOptionalString(value, label);
+  const trimmed = normalizeOptionalString2(value, label);
   if (trimmed === void 0) {
     return void 0;
   }
@@ -50150,20 +50355,20 @@ var buildOnrampQueryString = (params) => {
       searchParams.set(key, value);
     }
   };
-  setParam("referrer", normalizeOptionalString(validated.referrer, "referrer"));
+  setParam("referrer", normalizeOptionalString2(validated.referrer, "referrer"));
   setParam("referrerLogo", normalizeOptionalUrl(validated.referrerLogo, "referrerLogo"));
-  setParam("inputCurrency", normalizeOptionalString(validated.inputCurrency, "inputCurrency"));
+  setParam("inputCurrency", normalizeOptionalString2(validated.inputCurrency, "inputCurrency"));
   setParam("inputAmount", normalizeFiatAmount(validated.inputAmount));
   setParam(
     "paymentPlatform",
-    normalizeOptionalString(validated.paymentPlatform, "paymentPlatform")
+    normalizeOptionalString2(validated.paymentPlatform, "paymentPlatform")
   );
   setParam("depositId", normalizeIntegerParam(validated.depositId, "depositId"));
-  setParam("toToken", normalizeOptionalString(validated.toToken, "toToken"));
+  setParam("toToken", normalizeOptionalString2(validated.toToken, "toToken"));
   setParam("amountUsdc", normalizeUsdcAmount(validated.amountUsdc));
   setParam(
     "recipientAddress",
-    normalizeOptionalString(validated.recipientAddress, "recipientAddress")
+    normalizeOptionalString2(validated.recipientAddress, "recipientAddress")
   );
   setParam("intentHash", normalizeIntentHash(validated.intentHash));
   return searchParams.toString();
@@ -50283,6 +50488,7 @@ exports.ZERO_RATE_MANAGER_ID = ZERO_RATE_MANAGER_ID;
 exports.ZKP2P_ANDROID_REFERRER = ZKP2P_ANDROID_REFERRER;
 exports.ZKP2P_IOS_REFERRER = ZKP2P_IOS_REFERRER;
 exports.Zkp2pClient = Zkp2pClient;
+exports.apiConfirmPayPalForwarding = apiConfirmPayPalForwarding;
 exports.apiCreateSellerCredentialBundle = apiCreateSellerCredentialBundle;
 exports.apiGetDepositBundle = apiGetDepositBundle;
 exports.apiGetOrderbook = apiGetOrderbook;
@@ -50301,6 +50507,7 @@ exports.convertDepositsForLiquidity = convertDepositsForLiquidity;
 exports.convertIndexerDepositToEscrowView = convertIndexerDepositToEscrowView;
 exports.convertIndexerIntentsToEscrowViews = convertIndexerIntentsToEscrowViews;
 exports.createCompositeDepositId = createCompositeDepositId;
+exports.createEncryptedBuyerTeeSessionMaterial = createEncryptedBuyerTeeSessionMaterial;
 exports.createPeerExtensionSdk = createPeerExtensionSdk;
 exports.defaultIndexerEndpoint = defaultIndexerEndpoint;
 exports.encodePythAdapterConfig = encodePythAdapterConfig;