@zkp2p/sdk 0.4.0 → 0.4.2

package/dist/index.cjs

@@ -42374,6 +42374,20 @@ init_errors();
 function headers() {
   return { "Content-Type": "application/json" };
 }
+function normalizeOptionalString(value) {
+  if (typeof value !== "string") {
+    return null;
+  }
+  const normalized = value.trim();
+  return normalized.length > 0 ? normalized : null;
+}
+function normalizeBaseUrl(value, label) {
+  const normalized = normalizeOptionalString(value)?.replace(/\/+$/u, "");
+  if (!normalized) {
+    throw new Error(`${label} is required for buyer TEE session encryption.`);
+  }
+  return normalized;
+}
 function isPayeeBoundSellerCredentialUploadInput(payload) {
   return typeof payload.payeeId === "string";
 }
@@ -42438,6 +42452,51 @@ async function apiCreatePaymentAttestation(payload, attestationServiceUrl, platf
     return res.json();
   });
 }
+async function apiVerifyBuyerTeePayment(payload, attestationServiceUrl, platform, actionType) {
+  return withRetry(async () => {
+    let res;
+    try {
+      const endpoint = `/buyer/verify/${encodeURIComponent(platform)}/${encodeURIComponent(
+        actionType
+      )}`;
+      res = await fetch(`${attestationServiceUrl}${endpoint}`, {
+        method: "POST",
+        headers: headers(),
+        body: JSON.stringify(payload)
+      });
+    } catch (error) {
+      throw new exports.NetworkError("Failed to connect to Attestation Service", {
+        endpoint: `/buyer/verify/${platform}/${actionType}`,
+        error
+      });
+    }
+    if (!res.ok) {
+      const errorText = await res.text();
+      throw parseAPIError(res, errorText);
+    }
+    return res.json();
+  });
+}
+async function createEncryptedBuyerTeeSessionMaterial({
+  actionType,
+  attestationRuntime,
+  attestationServiceUrl,
+  platform,
+  sessionMaterial,
+  timeoutMs
+}) {
+  const params = {
+    actionType,
+    attestationServiceUrl: normalizeBaseUrl(attestationServiceUrl, "Attestation Service URL"),
+    platform,
+    sessionMaterial,
+    ...timeoutMs == null ? {} : { timeoutMs },
+    ...attestationRuntime?.fetch ? { fetch: attestationRuntime.fetch } : {},
+    ...attestationRuntime?.subtle ? { subtle: attestationRuntime.subtle } : {},
+    ...attestationRuntime?.getRandomValues ? { getRandomValues: attestationRuntime.getRandomValues } : {}
+  };
+  return zkp2pAttestation.createEncryptedBuyerTeeSessionMaterial(params);
+}
 async function apiCreateSellerCredentialBundle(payload, attestationServiceUrl, platform, timeoutMs, attestationRuntime) {
   return withRetry(
     async () => {
@@ -42492,12 +42551,13 @@ function encodePaymentAttestation(attestation) {
   const dataHash = td.dataHash;
   const signatures = [resp.signature];
   const encodedPaymentDetails = resp.encodedPaymentDetails;
+  const metadata = typeof resp.metadata === "string" && resp.metadata.length > 0 ? resp.metadata : "0x";
   if (!intentHash || !releaseAmount || !dataHash || !encodedPaymentDetails) {
     throw new Error("Attestation response missing required fields");
   }
   return abiCoder.encode(
     ["tuple(bytes32,uint256,bytes32,bytes[],bytes,bytes)"],
-    [[intentHash, releaseAmount, dataHash, signatures, encodedPaymentDetails, "0x"]]
+    [[intentHash, releaseAmount, dataHash, signatures, encodedPaymentDetails, metadata]]
   );
 }
 
@@ -42906,6 +42966,7 @@ var PLATFORM_ATTESTATION_CONFIG = {
   chime: { actionType: "transfer_chime", actionPlatform: "chime" },
   luxon: { actionType: "transfer_luxon", actionPlatform: "luxon" },
   n26: { actionType: "transfer_n26", actionPlatform: "n26" },
+  alipay: { actionType: "transfer_alipay", actionPlatform: "alipay" },
   "zelle-chase": { actionType: "transfer_zelle", actionPlatform: "chase" },
   "zelle-bofa": { actionType: "transfer_zelle", actionPlatform: "bankofamerica" },
   "zelle-citi": { actionType: "transfer_zelle", actionPlatform: "citi" }
@@ -43206,6 +43267,8 @@ var IntentOperations = class {
       paymentProof = precomputed.paymentProof;
       verificationData = precomputed.verificationData;
     } else {
+      const { proof } = params;
+      const buyerTeeProof = parseBuyerTeePaymentProofInput(proof);
       const attestationServiceUrl = params.attestationServiceUrl ?? this.defaultAttestationService();
       const inputs = await this.config.host.getFulfillIntentInputs(intentHash, {
         orchestratorAddress: orchestratorContext.address
@@ -43220,24 +43283,33 @@ var IntentOperations = class {
         throw new Error("Unknown paymentMethodHash for this network/env; update SDK catalogs.");
       }
       const platformConfig = resolvePlatformAttestationConfig(platformName);
-      const zkTlsProof = typeof params.proof === "string" ? params.proof : serializeProofInput(params.proof);
-      const payload = {
-        proofType: "reclaim",
-        proof: zkTlsProof,
-        chainId: this.config.getChainId(),
-        intent: {
-          intentHash,
-          amount: inputs.amount,
-          timestampMs: inputs.intentTimestampMs,
-          paymentMethod: paymentMethodHash,
-          fiatCurrency: inputs.fiatCurrency,
-          conversionRate: inputs.conversionRate,
-          payeeDetails: inputs.payeeDetails,
-          timestampBufferMs: params.timestampBufferMs ?? "300000"
-        }
+      const intent = {
+        intentHash,
+        amount: inputs.amount,
+        timestampMs: inputs.intentTimestampMs,
+        paymentMethod: paymentMethodHash,
+        fiatCurrency: inputs.fiatCurrency,
+        conversionRate: inputs.conversionRate,
+        payeeDetails: inputs.payeeDetails,
+        timestampBufferMs: params.timestampBufferMs ?? "300000"
       };
-      const attestation = await apiCreatePaymentAttestation(
-        payload,
+      const attestation = buyerTeeProof ? await apiVerifyBuyerTeePayment(
+        {
+          encryptedSessionMaterial: buyerTeeProof.encryptedSessionMaterial,
+          params: buyerTeeProof.params,
+          chainId: this.config.getChainId(),
+          intent
+        },
+        attestationServiceUrl,
+        buyerTeeProof.actionPlatform ?? platformConfig.actionPlatform,
+        buyerTeeProof.actionType ?? platformConfig.actionType
+      ) : await apiCreatePaymentAttestation(
+        {
+          proofType: "reclaim",
+          proof: typeof proof === "string" ? proof : serializeProofInput(proof),
+          chainId: this.config.getChainId(),
+          intent
+        },
         attestationServiceUrl,
         platformConfig.actionPlatform,
         platformConfig.actionType
@@ -43355,6 +43427,34 @@ function serializeProofInput(proof) {
     (_key, value) => typeof value === "bigint" ? value.toString() : value
   );
 }
+function isRecord(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function isBuyerTeeParams(value) {
+  return isRecord(value) && Object.values(value).every(
+    (entry) => typeof entry === "string" || typeof entry === "number" || typeof entry === "boolean"
+  );
+}
+function parseBuyerTeePaymentProofInput(proof) {
+  if (!isRecord(proof) || proof.proofType !== "buyerTee") {
+    return null;
+  }
+  if (typeof proof.encryptedSessionMaterial !== "string" || !isBuyerTeeParams(proof.params)) {
+    throw new Error("Buyer TEE proof requires encryptedSessionMaterial and params.");
+  }
+  const parsed = {
+    proofType: "buyerTee",
+    encryptedSessionMaterial: proof.encryptedSessionMaterial,
+    params: proof.params
+  };
+  if (typeof proof.actionType === "string") {
+    parsed.actionType = proof.actionType;
+  }
+  if (typeof proof.actionPlatform === "string") {
+    parsed.actionPlatform = proof.actionPlatform;
+  }
+  return parsed;
+}
 function normalizeSignalIntentReferralFees(params) {
   if (params.referralFees) {
     return params.referralFees.map((referralFee) => ({
@@ -47132,6 +47232,32 @@ async function apiUploadSellerCredential(processorName, payeeDetails, bundle, ba
     timeoutMs
   });
 }
+async function apiConfirmPayPalForwarding(payeeDetails, body, baseApiUrl, opts) {
+  const endpoint = `/v2/makers/paypal/${encodeURIComponent(
+    payeeDetails
+  )}/seller-credential/forwarding-confirmation`;
+  return apiFetch({
+    url: `${withApiBase(baseApiUrl)}${endpoint}`,
+    method: "POST",
+    body,
+    apiKey: opts?.apiKey,
+    authToken: opts?.authToken,
+    timeoutMs: opts?.timeoutMs
+  });
+}
+async function apiUploadGoogleOAuthSellerCredential(processorName, payeeDetails, body, baseApiUrl, opts) {
+  const endpoint = `/v2/makers/${encodeURIComponent(processorName)}/${encodeURIComponent(
+    payeeDetails
+  )}/seller-credential/google-oauth`;
+  return apiFetch({
+    url: `${withApiBase(baseApiUrl)}${endpoint}`,
+    method: "POST",
+    body,
+    apiKey: opts?.apiKey,
+    authToken: opts?.authToken,
+    timeoutMs: opts?.timeoutMs
+  });
+}
 async function apiGetSellerCredentialStatus(processorName, payeeDetails, baseApiUrl, timeoutMs) {
   const endpoint = `/v2/makers/${encodeURIComponent(processorName)}/${encodeURIComponent(
     payeeDetails
@@ -47234,6 +47360,11 @@ var applyReferrerFeeDisplayFieldsToTokenAmount = (tokenAmount, referrerFeeConfig
   }
 };
 var applyReferrerFeeDisplayFieldsToQuote = (quote, referrerFeeConfig, decimals) => {
+  const enrichedQuote = quote;
+  const hasCuratorReferrerFeeFields = enrichedQuote.referrerFeeAmount != null || enrichedQuote.referrerFeeBps != null;
+  if (hasCuratorReferrerFeeFields) {
+    return enrichedQuote;
+  }
   const signalIntentAmount = quote.signalIntentAmount ?? quote.intent?.amount ?? quote.tokenAmount;
   const adjusted = applyReferrerFeeDisplayFieldsToTokenAmount(
     quote.tokenAmount,
@@ -48203,7 +48334,7 @@ var Zkp2pClient = class {
      * ```
      *
      * @param params.intentHash - The intent hash to fulfill (0x-prefixed, 32 bytes)
-     * @param params.proof - Payment proof from Reclaim (object or JSON string)
+     * @param params.proof - Payment proof from Reclaim (object or JSON string) or buyer TEE proof input
      * @param params.timestampBufferMs - Allowed timestamp variance (default: 300000ms)
      * @param params.attestationServiceUrl - Override attestation service URL
      * @param params.postIntentHookData - Data to pass to post-intent hook
@@ -49839,6 +49970,76 @@ var Zkp2pClient = class {
       timeoutMs
     );
   }
+  /**
+   * Confirms the PayPal Gmail-forwarding setup for an existing maker payee hash.
+   *
+   * Uses curator's `/forwarding-confirmation` route and forwards both API key and
+   * bearer token so either auth strategy can satisfy the hybrid gate. The endpoint
+   * is rate-limited server-side; callers should surface retry guidance from APIError.
+   */
+  async confirmPayPalForwarding(params, opts) {
+    const baseApiUrl = this.stripTrailingSlash(
+      opts?.baseApiUrl ?? this.baseApiUrl ?? DEFAULT_BASE_API_URL
+    );
+    const timeoutMs = opts?.timeoutMs ?? this.apiTimeoutMs;
+    return apiConfirmPayPalForwarding(
+      params.payeeDetails,
+      {
+        payeeEmail: params.payeeEmail,
+        forwardingInitiatorEmail: params.forwardingInitiatorEmail
+      },
+      baseApiUrl,
+      {
+        apiKey: this.apiKey,
+        authToken: this.authorizationToken,
+        timeoutMs
+      }
+    );
+  }
+  /**
+   * Upload a seller Gmail OAuth authorization code through curator.
+   *
+   * Curator owns the encryption hop to attestation-service for this flow, so
+   * callers send the one-time Google code plus the stable seller identity.
+   */
+  async uploadGoogleOAuthSellerCredential(params, opts) {
+    const baseApiUrl = this.stripTrailingSlash(
+      opts?.baseApiUrl ?? this.baseApiUrl ?? DEFAULT_BASE_API_URL
+    );
+    const timeoutMs = opts?.timeoutMs ?? this.apiTimeoutMs;
+    if (params.platform === "paypal") {
+      return apiUploadGoogleOAuthSellerCredential(
+        "paypal",
+        params.payeeDetails,
+        {
+          payeeEmail: params.payeeEmail,
+          authorizationCode: params.authorizationCode,
+          redirectUri: params.redirectUri
+        },
+        baseApiUrl,
+        {
+          apiKey: this.apiKey,
+          authToken: this.authorizationToken,
+          timeoutMs
+        }
+      );
+    }
+    return apiUploadGoogleOAuthSellerCredential(
+      "venmo",
+      params.payeeDetails,
+      {
+        accountId: params.accountId,
+        authorizationCode: params.authorizationCode,
+        redirectUri: params.redirectUri
+      },
+      baseApiUrl,
+      {
+        apiKey: this.apiKey,
+        authToken: this.authorizationToken,
+        timeoutMs
+      }
+    );
+  }
   /**
    * Status is a coarse curator-owned signal (`active` / `inactive` / `missing`) and intentionally
    * omits low-level diagnostics. Curator may still re-probe stale credentials during verify, so callers
@@ -50077,7 +50278,7 @@ var assertObjectInput = (params) => {
   }
   return params;
 };
-var normalizeOptionalString = (value, label) => {
+var normalizeOptionalString2 = (value, label) => {
   if (value === void 0) {
     return void 0;
   }
@@ -50091,7 +50292,7 @@ var normalizeOptionalString = (value, label) => {
   return trimmed;
 };
 var normalizeOptionalUrl = (value, label) => {
-  const trimmed = normalizeOptionalString(value, label);
+  const trimmed = normalizeOptionalString2(value, label);
   if (trimmed === void 0) {
     return void 0;
   }
@@ -50218,20 +50419,20 @@ var buildOnrampQueryString = (params) => {
       searchParams.set(key, value);
     }
   };
-  setParam("referrer", normalizeOptionalString(validated.referrer, "referrer"));
+  setParam("referrer", normalizeOptionalString2(validated.referrer, "referrer"));
   setParam("referrerLogo", normalizeOptionalUrl(validated.referrerLogo, "referrerLogo"));
-  setParam("inputCurrency", normalizeOptionalString(validated.inputCurrency, "inputCurrency"));
+  setParam("inputCurrency", normalizeOptionalString2(validated.inputCurrency, "inputCurrency"));
   setParam("inputAmount", normalizeFiatAmount(validated.inputAmount));
   setParam(
     "paymentPlatform",
-    normalizeOptionalString(validated.paymentPlatform, "paymentPlatform")
+    normalizeOptionalString2(validated.paymentPlatform, "paymentPlatform")
   );
   setParam("depositId", normalizeIntegerParam(validated.depositId, "depositId"));
-  setParam("toToken", normalizeOptionalString(validated.toToken, "toToken"));
+  setParam("toToken", normalizeOptionalString2(validated.toToken, "toToken"));
   setParam("amountUsdc", normalizeUsdcAmount(validated.amountUsdc));
   setParam(
     "recipientAddress",
-    normalizeOptionalString(validated.recipientAddress, "recipientAddress")
+    normalizeOptionalString2(validated.recipientAddress, "recipientAddress")
   );
   setParam("intentHash", normalizeIntentHash(validated.intentHash));
   return searchParams.toString();
@@ -50351,6 +50552,7 @@ exports.ZERO_RATE_MANAGER_ID = ZERO_RATE_MANAGER_ID;
 exports.ZKP2P_ANDROID_REFERRER = ZKP2P_ANDROID_REFERRER;
 exports.ZKP2P_IOS_REFERRER = ZKP2P_IOS_REFERRER;
 exports.Zkp2pClient = Zkp2pClient;
+exports.apiConfirmPayPalForwarding = apiConfirmPayPalForwarding;
 exports.apiCreateSellerCredentialBundle = apiCreateSellerCredentialBundle;
 exports.apiGetDepositBundle = apiGetDepositBundle;
 exports.apiGetOrderbook = apiGetOrderbook;
@@ -50359,6 +50561,7 @@ exports.apiGetPayeeDetails = apiGetPayeeDetails;
 exports.apiGetQuotesBestByPlatform = apiGetQuotesBestByPlatform;
 exports.apiGetTakerTier = apiGetTakerTier;
 exports.apiPostDepositDetails = apiPostDepositDetails;
+exports.apiUploadGoogleOAuthSellerCredential = apiUploadGoogleOAuthSellerCredential;
 exports.apiValidatePayeeDetails = apiValidatePayeeDetails;
 exports.appendAttributionToCalldata = appendAttributionToCalldata;
 exports.asciiToBytes32 = asciiToBytes32;
@@ -50369,6 +50572,7 @@ exports.convertDepositsForLiquidity = convertDepositsForLiquidity;
 exports.convertIndexerDepositToEscrowView = convertIndexerDepositToEscrowView;
 exports.convertIndexerIntentsToEscrowViews = convertIndexerIntentsToEscrowViews;
 exports.createCompositeDepositId = createCompositeDepositId;
+exports.createEncryptedBuyerTeeSessionMaterial = createEncryptedBuyerTeeSessionMaterial;
 exports.createPeerExtensionSdk = createPeerExtensionSdk;
 exports.defaultIndexerEndpoint = defaultIndexerEndpoint;
 exports.encodePythAdapterConfig = encodePythAdapterConfig;