cspr402 0.4.7

package/dist/config.js

@@ -0,0 +1,329 @@
+"use strict";
+// Agent-local config file. Persisted at ~/.cards402/config.json after
+// a successful `cards402 onboard --claim` so the SDK can load the api
+// key on subsequent runs without the agent having to re-paste secrets.
+//
+// The file lives on the agent's machine and is readable only by the
+// agent's user (chmod 0600). It holds the raw api key — same secret
+// the older env-var workflow stored in process.env, just written to
+// disk in a well-known place so the SDK can find it automatically.
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadCards402Config = loadCards402Config;
+exports.assertSafeBaseUrl = assertSafeBaseUrl;
+exports.saveCards402Config = saveCards402Config;
+exports.resolveCredentials = resolveCredentials;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const crypto = __importStar(require("crypto"));
+// Adversarial audit F5-config: config files should be tiny. A 16 KB
+// cap leaves plenty of room for a fat api_key + url + wallet_name
+// while refusing a maliciously-enlarged file that would otherwise be
+// parsed in full and flowed into request headers downstream.
+const MAX_CONFIG_BYTES = 16 * 1024;
+function defaultConfigDir() {
+    return (process.env.CSPR402_CONFIG_DIR ||
+        process.env.CARDS402_CONFIG_DIR ||
+        path.join(os.homedir(), '.cspr402'));
+}
+function defaultConfigPath() {
+    return path.join(defaultConfigDir(), 'config.json');
+}
+/**
+ * Load the agent's on-disk config, or return null if it doesn't exist.
+ * Never throws on missing file — only on corrupt JSON.
+ *
+ * On load we also tighten the file mode to 0600 if it's been loosened
+ * since the write (e.g. a bug in an older SDK version that wrote with
+ * default permissions, or an attacker pre-creating the file
+ * world-readable to farm credentials off the next onboarding). We
+ * warn rather than refuse the load, so operators with an existing
+ * loose config aren't hard-broken, but the mode is normalised
+ * immediately.
+ */
+// F3-config (2026-04-16): validate the api_key shape before accepting
+// it. A corrupt or tampered key containing CRLF, NUL, or other control
+// chars would flow into the X-Api-Key HTTP header and trigger Node's
+// ERR_INVALID_CHAR on every fetch call — same bug class as the backend's
+// X-Request-ID audit (F1-app). Accept printable ASCII only (the backend
+// mints keys as `cards402_<48 hex>`, which is pure ASCII alnum + underscore).
+const API_KEY_SHAPE = /^[\x20-\x7e]+$/;
+function loadCards402Config(configPath) {
+    const p = configPath || defaultConfigPath();
+    try {
+        // F1-config (2026-04-16): platform-independent checks (symlink,
+        // regular-file, size cap) are now run on ALL platforms including
+        // Windows. Pre-fix the entire block was gated on
+        // `process.platform !== 'win32'`, which meant Windows agents
+        // skipped the size cap — a planted 1 GB config.json (or an NTFS
+        // junction to a large file) would be fully loaded via readFileSync
+        // and OOM the agent. NTFS supports symlinks and junctions, and
+        // fs.lstatSync correctly reports them, so the symlink defense
+        // is also meaningful on Windows. Only the Unix permission-bit
+        // checks (chmod) are platform-gated now.
+        let stat;
+        try {
+            stat = fs.lstatSync(p);
+        }
+        catch (statErr) {
+            if (statErr.code === 'ENOENT')
+                return null;
+            throw statErr;
+        }
+        if (stat.isSymbolicLink()) {
+            throw new Error(`cards402 config at ${p} is a symbolic link. Refusing to load. ` +
+                `Remove the link and re-run 'cards402 onboard --claim <code>' to create a real file.`);
+        }
+        if (!stat.isFile()) {
+            throw new Error(`cards402 config at ${p} is not a regular file. ` +
+                `Remove it and re-run 'cards402 onboard --claim <code>'.`);
+        }
+        // F5-config: enforce a size cap BEFORE reading the file into
+        // memory or doing any further work on it. Config files are
+        // tiny; anything bigger than MAX_CONFIG_BYTES is either
+        // corruption or an attempt to flood request headers.
+        if (stat.size > MAX_CONFIG_BYTES) {
+            throw new Error(`cards402 config at ${p} is ${stat.size} bytes (max ${MAX_CONFIG_BYTES}). ` +
+                `Refusing to load — the file is either corrupted or has been tampered with. ` +
+                `Rotate your api key via the dashboard and re-run 'cards402 onboard'.`);
+        }
+        // Unix-only: tighten loose permission bits. chmod on a regular
+        // file (we verified above that it's not a symlink) is safe and
+        // only affects this file. Skipped on Windows where mode bits are
+        // simulated and chmod can fail or no-op unpredictably.
+        if (process.platform !== 'win32' && (stat.mode & 0o077) !== 0) {
+            try {
+                fs.chmodSync(p, 0o600);
+                process.stderr.write(`⚠ cards402 config at ${p} had loose permissions (${(stat.mode & 0o777).toString(8)}) — tightened to 600.\n` +
+                    '   If this is unexpected, rotate your api key via the dashboard.\n');
+            }
+            catch {
+                /* non-fatal — we at least tried */
+            }
+        }
+        const raw = fs.readFileSync(p, 'utf8');
+        const config = JSON.parse(raw);
+        // F3-config (2026-04-16): validate api_key shape before accepting.
+        // A corrupt or tampered key with CRLF / NUL / non-printable bytes
+        // would crash every HTTP request downstream via Node's
+        // ERR_INVALID_CHAR header validation.
+        if (typeof config.api_key === 'string' && !API_KEY_SHAPE.test(config.api_key)) {
+            throw new Error(`cards402 config at ${p} contains an api_key with non-printable characters. ` +
+                `The file may be corrupted or tampered with. Rotate your key and re-run 'cards402 onboard'.`);
+        }
+        return config;
+    }
+    catch (err) {
+        if (err.code === 'ENOENT')
+            return null;
+        throw err;
+    }
+}
+/**
+ * Validate a base URL for safety before storing it in the config or
+ * using it for API calls. Rejects everything that isn't HTTPS unless
+ * the explicit CARDS402_ALLOW_INSECURE_BASE_URL escape hatch is set,
+ * which only exists so local dev against http://localhost:4000 still
+ * works. Returns the parsed URL.string() on success, throws on reject.
+ *
+ * Called from:
+ *   - onboard, when persisting the api_url returned by the claim
+ *     endpoint (defends against a MITM or compromised backend that
+ *     injects http:// or a foreign origin into the response)
+ *   - resolveCredentials, when an env-var override is used for
+ *     baseUrl (defends against a user being tricked into setting
+ *     CARDS402_BASE_URL to an attacker target)
+ */
+function assertSafeBaseUrl(url, opts = {}) {
+    let parsed;
+    try {
+        parsed = new URL(url);
+    }
+    catch {
+        throw new Error(`Invalid base URL: ${url}`);
+    }
+    // F4-config: reject embedded userinfo. `https://api.cards402.com/v1@evil.com/`
+    // parses as username='api.cards402.com/v1', password='', hostname='evil.com'
+    // — the whole string looks plausibly cards402-ish in log output, but every
+    // request would go to evil.com carrying the user's api_key in the
+    // Authorization header. There's no legitimate reason for a cards402 base
+    // URL to include credentials, so refuse any URL with a non-empty username
+    // or password.
+    if (parsed.username !== '' || parsed.password !== '') {
+        throw new Error(`Refusing base URL ${JSON.stringify(url)} with embedded credentials. ` +
+            `Use a bare https://host/path form — the api key is sent via the ` +
+            `Authorization header, never in the URL.`);
+    }
+    if (parsed.protocol !== 'https:') {
+        if (process.env.CSPR402_ALLOW_INSECURE_BASE_URL === '1' ||
+            process.env.CARDS402_ALLOW_INSECURE_BASE_URL === '1') {
+            return parsed.toString();
+        }
+        throw new Error(`Refusing to use non-HTTPS base URL (${url})${opts.context ? ` for ${opts.context}` : ''}. ` +
+            `Set CARDS402_ALLOW_INSECURE_BASE_URL=1 to override for local development.`);
+    }
+    return parsed.toString();
+}
+/**
+ * Write the config file atomically with 0600 permissions so only the
+ * owner can read it. Creates the parent directory on demand.
+ *
+ * Atomicity: write to `<path>.tmp-<pid>-<rand>` first, fsync, then
+ * rename over the target. A mid-write crash (power loss, OOM, Ctrl-C
+ * between write and flush) leaves the old file intact instead of a
+ * truncated new one that loadCards402Config would explode on.
+ *
+ * Permission hardening: the `mode` option on writeFileSync only
+ * applies when the file is being CREATED, so a stale 0644 file from
+ * an earlier buggy version would retain its wide permissions forever.
+ * We fsync+rename so the temp path is always freshly created with
+ * 0600, then the rename replaces the target atomically.
+ */
+function saveCards402Config(config, configPath) {
+    const p = configPath || defaultConfigPath();
+    const dir = path.dirname(p);
+    fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+    // F2-config: mkdirSync's mode option only applies to directories
+    // it actually CREATES. An existing ~/.cards402 directory at 0755
+    // (from an older buggy SDK version, a package install, or a
+    // manual mkdir) silently stays loose, and the config file sits
+    // inside a world-traversable parent. Explicit chmod after mkdir
+    // guarantees the directory ends up at 0700 regardless of its
+    // pre-existing state. Skip on Windows — mode bits are simulated
+    // and the chmod can fail or no-op unpredictably.
+    if (process.platform !== 'win32') {
+        try {
+            fs.chmodSync(dir, 0o700);
+        }
+        catch {
+            /* non-fatal — best effort */
+        }
+    }
+    // F3-config: crypto.randomBytes is strictly safer than Math.random
+    // for a temp-file suffix. Collision is already near-zero in
+    // practice but Math.random is seeded from the clock — two
+    // containers starting in the same millisecond could in principle
+    // produce the same sequence. Crypto random adds no meaningful
+    // cost and eliminates the class of concern.
+    const tmp = `${p}.tmp-${process.pid}-${crypto.randomBytes(4).toString('hex')}`;
+    const body = JSON.stringify(config, null, 2);
+    let committed = false;
+    try {
+        const fd = fs.openSync(tmp, 'w', 0o600);
+        try {
+            fs.writeFileSync(fd, body);
+            fs.fsyncSync(fd);
+        }
+        finally {
+            fs.closeSync(fd);
+        }
+        // Atomic rename. POSIX guarantees this replaces an existing file
+        // with the same semantics; on Windows rename-over-existing also
+        // works from Node 10+.
+        fs.renameSync(tmp, p);
+        committed = true;
+    }
+    finally {
+        // F3-config: clean up the temp file on any failure before the
+        // rename commits. A leaked ~/.cards402/config.json.tmp-* file
+        // holding a fresh api_key would otherwise linger on disk with
+        // the same 0600 permissions as the target but under a path no
+        // one checks — easy to miss during credential rotation.
+        if (!committed) {
+            try {
+                fs.unlinkSync(tmp);
+            }
+            catch {
+                /* temp already gone or never created — fine */
+            }
+        }
+    }
+    // Belt-and-braces: some filesystems (FAT on USB sticks) drop the
+    // mode on rename. Force-tighten after.
+    try {
+        fs.chmodSync(p, 0o600);
+    }
+    catch {
+        /* non-fatal — best effort */
+    }
+    return { path: p };
+}
+/**
+ * Resolve an api key + base URL at SDK call time, in priority order:
+ *   1. Explicit `apiKey` / `baseUrl` passed to the call
+ *   2. CSPR402_API_KEY / CSPR402_BASE_URL env vars
+ *   3. ~/.cspr402/config.json
+ *
+ * The two fields resolve independently — passing `apiKey` to a call
+ * that needs its `baseUrl` to come from config.json used to silently
+ * drop the config lookup because the early-return on `opts.apiKey`
+ * was only consulting env vars for baseUrl. Now both fields walk the
+ * full priority chain and only stop once each is filled.
+ */
+function resolveCredentials(opts = {}) {
+    let apiKey = opts.apiKey;
+    let baseUrl = opts.baseUrl;
+    if (!apiKey && process.env.CSPR402_API_KEY)
+        apiKey = process.env.CSPR402_API_KEY;
+    if (!apiKey && process.env.CARDS402_API_KEY)
+        apiKey = process.env.CARDS402_API_KEY;
+    if (!baseUrl && process.env.CSPR402_BASE_URL)
+        baseUrl = process.env.CSPR402_BASE_URL;
+    if (!baseUrl && process.env.CARDS402_BASE_URL)
+        baseUrl = process.env.CARDS402_BASE_URL;
+    if (!apiKey || !baseUrl) {
+        // Only load config if at least one field is still missing — saves
+        // a filesystem read on the common case where env + opts fully cover it.
+        const cfg = loadCards402Config();
+        if (cfg) {
+            if (!apiKey)
+                apiKey = cfg.api_key;
+            if (!baseUrl)
+                baseUrl = cfg.api_url;
+        }
+    }
+    // Refuse any non-HTTPS baseUrl (env, opts, or config) unless the
+    // explicit local-dev escape hatch is set. Without this, an attacker
+    // who tricks the user into setting CARDS402_BASE_URL=http://evil/
+    // sees the api key in every request's Authorization header. The
+    // assertSafeBaseUrl helper throws on reject — we let it propagate
+    // rather than silently continue with an insecure URL.
+    if (baseUrl) {
+        baseUrl = assertSafeBaseUrl(baseUrl, { context: 'resolveCredentials' });
+    }
+    return { apiKey, baseUrl };
+}
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,sEAAsE;AACtE,uEAAuE;AACvE,EAAE;AACF,oEAAoE;AACpE,oEAAoE;AACpE,oEAAoE;AACpE,mEAAmE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkEnE,gDA8EC;AAiBD,8CAkCC;AAiBD,gDAgEC;AAcD,gDAmCC;AAnUD,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AACzB,+CAAiC;AAEjC,oEAAoE;AACpE,kEAAkE;AAClE,qEAAqE;AACrE,6DAA6D;AAC7D,MAAM,gBAAgB,GAAG,EAAE,GAAG,IAAI,CAAC;AAuBnC,SAAS,gBAAgB;IACvB,OAAO,CACL,OAAO,CAAC,GAAG,CAAC,kBAAkB;QAC9B,OAAO,CAAC,GAAG,CAAC,mBAAmB;QAC/B,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CACpC,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB;IACxB,OAAO,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,aAAa,CAAC,CAAC;AACtD,CAAC;AAED;;;;;;;;;;;GAWG;AACH,sEAAsE;AACtE,uEAAuE;AACvE,qEAAqE;AACrE,yEAAyE;AACzE,wEAAwE;AACxE,8EAA8E;AAC9E,MAAM,aAAa,GAAG,gBAAgB,CAAC;AAEvC,SAAgB,kBAAkB,CAAC,UAAmB;IACpD,MAAM,CAAC,GAAG,UAAU,IAAI,iBAAiB,EAAE,CAAC;IAC5C,IAAI,CAAC;QACH,gEAAgE;QAChE,iEAAiE;QACjE,iDAAiD;QACjD,6DAA6D;QAC7D,gEAAgE;QAChE,mEAAmE;QACnE,+DAA+D;QAC/D,8DAA8D;QAC9D,8DAA8D;QAC9D,yCAAyC;QACzC,IAAI,IAAc,CAAC;QACnB,IAAI,CAAC;YACH,IAAI,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;QACzB,CAAC;QAAC,OAAO,OAAgB,EAAE,CAAC;YAC1B,IAAK,OAAiC,CAAC,IAAI,KAAK,QAAQ;gBAAE,OAAO,IAAI,CAAC;YACtE,MAAM,OAAO,CAAC;QAChB,CAAC;QACD,IAAI,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CACb,sBAAsB,CAAC,yCAAyC;gBAC9D,qFAAqF,CACxF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CACb,sBAAsB,CAAC,0BAA0B;gBAC/C,yDAAyD,CAC5D,CAAC;QACJ,CAAC;QACD,6DAA6D;QAC7D,2DAA2D;QAC3D,wDAAwD;QACxD,qDAAqD;QACrD,IAAI,IAAI,CAAC,IAAI,GAAG,gBAAgB,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,sBAAsB,CAAC,OAAO,IAAI,CAAC,IAAI,eAAe,gBAAgB,KAAK;gBACzE,6EAA6E;gBAC7E,sEAAsE,CACzE,CAAC;QACJ,CAAC;QACD,+DAA+D;QAC/D,+DAA+D;QAC/D,iEAAiE;QACjE,uDAAuD;QACvD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YAC9D,IAAI,CAAC;gBACH,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;gBACvB,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,wBAAwB,CAAC,2BAA2B,CAAC,IAAI,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,yBAAyB;oBAC1G,oEAAoE,CACvE,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,mCAAmC;YACrC,CAAC;QACH,CAAC;QAED,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAmB,CAAC;QAEjD,mEAAmE;QACnE,kEAAkE;QAClE,uDAAuD;QACvD,sCAAsC;QACtC,IAAI,OAAO,MAAM,CAAC,OAAO,KAAK,QAAQ,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9E,MAAM,IAAI,KAAK,CACb,sBAAsB,CAAC,sDAAsD;gBAC3E,4FAA4F,CAC/F,CAAC;QACJ,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,IAAK,GAA6B,CAAC,IAAI,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QAClE,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,SAAgB,iBAAiB,CAAC,GAAW,EAAE,OAA6B,EAAE;IAC5E,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,qBAAqB,GAAG,EAAE,CAAC,CAAC;IAC9C,CAAC;IACD,+EAA+E;IAC/E,6EAA6E;IAC7E,2EAA2E;IAC3E,kEAAkE;IAClE,yEAAyE;IACzE,0EAA0E;IAC1E,eAAe;IACf,IAAI,MAAM,CAAC,QAAQ,KAAK,EAAE,IAAI,MAAM,CAAC,QAAQ,KAAK,EAAE,EAAE,CAAC;QACrD,MAAM,IAAI,KAAK,CACb,qBAAqB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,8BAA8B;YACpE,kEAAkE;YAClE,yCAAyC,CAC5C,CAAC;IACJ,CAAC;IACD,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,IACE,OAAO,CAAC,GAAG,CAAC,+BAA+B,KAAK,GAAG;YACnD,OAAO,CAAC,GAAG,CAAC,gCAAgC,KAAK,GAAG,EACpD,CAAC;YACD,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;QAC3B,CAAC;QACD,MAAM,IAAI,KAAK,CACb,uCAAuC,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,IAAI;YAC1F,2EAA2E,CAC9E,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAC;AAC3B,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,SAAgB,kBAAkB,CAAC,MAAsB,EAAE,UAAmB;IAC5E,MAAM,CAAC,GAAG,UAAU,IAAI,iBAAiB,EAAE,CAAC;IAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;IAC5B,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACpD,iEAAiE;IACjE,iEAAiE;IACjE,4DAA4D;IAC5D,+DAA+D;IAC/D,gEAAgE;IAChE,6DAA6D;IAC7D,gEAAgE;IAChE,iDAAiD;IACjD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,IAAI,CAAC;YACH,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,6BAA6B;QAC/B,CAAC;IACH,CAAC;IAED,mEAAmE;IACnE,4DAA4D;IAC5D,0DAA0D;IAC1D,iEAAiE;IACjE,8DAA8D;IAC9D,4CAA4C;IAC5C,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,OAAO,CAAC,GAAG,IAAI,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;IAC/E,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC7C,IAAI,SAAS,GAAG,KAAK,CAAC;IACtB,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QACxC,IAAI,CAAC;YACH,EAAE,CAAC,aAAa,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;YAC3B,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QACnB,CAAC;gBAAS,CAAC;YACT,EAAE,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QACnB,CAAC;QACD,iEAAiE;QACjE,gEAAgE;QAChE,uBAAuB;QACvB,EAAE,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACtB,SAAS,GAAG,IAAI,CAAC;IACnB,CAAC;YAAS,CAAC;QACT,8DAA8D;QAC9D,8DAA8D;QAC9D,8DAA8D;QAC9D,8DAA8D;QAC9D,wDAAwD;QACxD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,IAAI,CAAC;gBACH,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACrB,CAAC;YAAC,MAAM,CAAC;gBACP,+CAA+C;YACjD,CAAC;QACH,CAAC;IACH,CAAC;IACD,iEAAiE;IACjE,uCAAuC;IACvC,IAAI,CAAC;QACH,EAAE,CAAC,SAAS,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,6BAA6B;IAC/B,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;AACrB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAgB,kBAAkB,CAChC,OAGI,EAAE;IAEN,IAAI,MAAM,GAAuB,IAAI,CAAC,MAAM,CAAC;IAC7C,IAAI,OAAO,GAAuB,IAAI,CAAC,OAAO,CAAC;IAE/C,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe;QAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IACjF,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB;QAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IACnF,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB;QAAE,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IACrF,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB;QAAE,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC;IAEvF,IAAI,CAAC,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;QACxB,kEAAkE;QAClE,wEAAwE;QACxE,MAAM,GAAG,GAAG,kBAAkB,EAAE,CAAC;QACjC,IAAI,GAAG,EAAE,CAAC;YACR,IAAI,CAAC,MAAM;gBAAE,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC;YAClC,IAAI,CAAC,OAAO;gBAAE,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;QACtC,CAAC;IACH,CAAC;IAED,iEAAiE;IACjE,oEAAoE;IACpE,kEAAkE;IAClE,gEAAgE;IAChE,kEAAkE;IAClE,sDAAsD;IACtD,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO,GAAG,iBAAiB,CAAC,OAAO,EAAE,EAAE,OAAO,EAAE,oBAAoB,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;AAC7B,CAAC"}

package/dist/errors.d.ts

@@ -0,0 +1,101 @@
+/**
+ * Structured error types for the cards402 SDK.
+ *
+ * Catch by type so your agent can handle each case without string-parsing:
+ *
+ *   try {
+ *     const card = await client.createOrder({ amount_usdc: '10.00' });
+ *   } catch (err) {
+ *     if (err instanceof SpendLimitError) { ... }
+ *     if (err instanceof ServiceUnavailableError) { ... }
+ *   }
+ */
+/** Base class — all cards402 errors extend this. */
+export declare class Cards402Error extends Error {
+    readonly code: string;
+    readonly status: number;
+    readonly raw?: unknown | undefined;
+    constructor(message: string, code: string, status: number, raw?: unknown | undefined);
+}
+/** The API key's spend limit has been reached. */
+export declare class SpendLimitError extends Cards402Error {
+    readonly limit: string;
+    readonly spent: string;
+    constructor(limit: string, spent: string);
+}
+/**
+ * Rate limit hit. The backend returns `rate_limit_exceeded` for two
+ * different limits — 60 orders/hour on POST /v1/orders, and 10
+ * requests/second (600/minute) on GET /v1/orders/:id status polling.
+ * Which one fired is in the server's `message` field, not in the
+ * error code, so we forward the message verbatim instead of hardcoding
+ * the wrong explanation.
+ */
+export declare class RateLimitError extends Cards402Error {
+    constructor(message?: string);
+}
+/** Service is temporarily suspended (fulfillment circuit breaker tripped). */
+export declare class ServiceUnavailableError extends Cards402Error {
+    constructor(message?: string);
+}
+/** XLM price feed is unavailable — retry or use USDC. */
+export declare class PriceUnavailableError extends Cards402Error {
+    constructor(message?: string);
+}
+/**
+ * amount_usdc was missing, zero, non-numeric, or outside the bounds
+ * [0.01, 10000]. The message defaults to the full-range explanation
+ * but is overridden by whatever the backend sent so a call with e.g.
+ * "9.99999999" (too many decimals) gets the specific reason instead
+ * of the generic bounds message.
+ */
+export declare class InvalidAmountError extends Cards402Error {
+    constructor(message?: string);
+}
+/** The API key is missing or invalid. */
+export declare class AuthError extends Cards402Error {
+    constructor();
+}
+/** Order failed during fulfillment. A refund may be in progress. */
+export declare class OrderFailedError extends Cards402Error {
+    readonly orderId: string;
+    readonly refund?: {
+        stellar_txid: string;
+    } | undefined;
+    constructor(orderId: string, reason: string, refund?: {
+        stellar_txid: string;
+    } | undefined);
+}
+/**
+ * Thrown by purchaseCardOWS when the order was created (and possibly paid)
+ * but the flow couldn't finish — e.g. Soroban RPC finalization timed out,
+ * or waitForCard hit its deadline. Always carries the orderId so the caller
+ * can resume via `cards402 purchase --resume <order-id>` without minting a
+ * new order (which would strand the original one until it expires).
+ *
+ * `txHash` is present when the payment was submitted onto the ledger (even
+ * if finalization wasn't confirmed client-side) — the backend watcher can
+ * still credit the order after the fact.
+ *
+ * `phase: 'paid'` means payViaContractOWS returned successfully, so resume
+ * should skip straight to waitForCard. `phase: 'unpaid'` means the payment
+ * never went out and resume may need to retry the Soroban submit.
+ */
+export declare class ResumableError extends Cards402Error {
+    readonly orderId: string;
+    readonly phase: 'unpaid' | 'paid';
+    readonly txHash?: string | undefined;
+    readonly cause?: unknown | undefined;
+    constructor(orderId: string, reason: string, phase: 'unpaid' | 'paid', txHash?: string | undefined, cause?: unknown | undefined);
+}
+/** Waiting for a card timed out — order may still be processing. */
+export declare class WaitTimeoutError extends Cards402Error {
+    readonly orderId: string;
+    constructor(orderId: string, timeoutMs: number);
+}
+/**
+ * Parse a raw API error response into the appropriate typed error.
+ * Falls back to generic Cards402Error for unknown codes.
+ */
+export declare function parseApiError(status: number, body: Record<string, unknown>): Cards402Error;
+//# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,oDAAoD;AACpD,qBAAa,aAAc,SAAQ,KAAK;aAGpB,IAAI,EAAE,MAAM;aACZ,MAAM,EAAE,MAAM;aACd,GAAG,CAAC,EAAE,OAAO;gBAH7B,OAAO,EAAE,MAAM,EACC,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EACd,GAAG,CAAC,EAAE,OAAO,YAAA;CAMhC;AAED,kDAAkD;AAClD,qBAAa,eAAgB,SAAQ,aAAa;aAE9B,KAAK,EAAE,MAAM;aACb,KAAK,EAAE,MAAM;gBADb,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM;CAUhC;AAED;;;;;;;GAOG;AACH,qBAAa,cAAe,SAAQ,aAAa;gBACnC,OAAO,SAA6C;CAKjE;AAED,8EAA8E;AAC9E,qBAAa,uBAAwB,SAAQ,aAAa;gBAC5C,OAAO,SAAuE;CAK3F;AAED,yDAAyD;AACzD,qBAAa,qBAAsB,SAAQ,aAAa;gBAEpD,OAAO,SAAuF;CAMjG;AAED;;;;;;GAMG;AACH,qBAAa,kBAAmB,SAAQ,aAAa;gBAEjD,OAAO,SAAiG;CAM3G;AAED,yCAAyC;AACzC,qBAAa,SAAU,SAAQ,aAAa;;CAU3C;AAED,oEAAoE;AACpE,qBAAa,gBAAiB,SAAQ,aAAa;aAE/B,OAAO,EAAE,MAAM;aAEf,MAAM,CAAC,EAAE;QAAE,YAAY,EAAE,MAAM,CAAA;KAAE;gBAFjC,OAAO,EAAE,MAAM,EAC/B,MAAM,EAAE,MAAM,EACE,MAAM,CAAC,EAAE;QAAE,YAAY,EAAE,MAAM,CAAA;KAAE,YAAA;CAapD;AAED;;;;;;;;;;;;;;GAcG;AACH,qBAAa,cAAe,SAAQ,aAAa;aAE7B,OAAO,EAAE,MAAM;aAEf,KAAK,EAAE,QAAQ,GAAG,MAAM;aACxB,MAAM,CAAC,EAAE,MAAM;aACf,KAAK,CAAC,EAAE,OAAO;gBAJf,OAAO,EAAE,MAAM,EAC/B,MAAM,EAAE,MAAM,EACE,KAAK,EAAE,QAAQ,GAAG,MAAM,EACxB,MAAM,CAAC,EAAE,MAAM,YAAA,EACf,KAAK,CAAC,EAAE,OAAO,YAAA;CAalC;AAED,oEAAoE;AACpE,qBAAa,gBAAiB,SAAQ,aAAa;aAE/B,OAAO,EAAE,MAAM;gBAAf,OAAO,EAAE,MAAM,EAC/B,SAAS,EAAE,MAAM;CAWpB;AAED;;;GAGG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,aAAa,CAyB1F"}

package/dist/errors.js

@@ -0,0 +1,197 @@
+"use strict";
+/**
+ * Structured error types for the cards402 SDK.
+ *
+ * Catch by type so your agent can handle each case without string-parsing:
+ *
+ *   try {
+ *     const card = await client.createOrder({ amount_usdc: '10.00' });
+ *   } catch (err) {
+ *     if (err instanceof SpendLimitError) { ... }
+ *     if (err instanceof ServiceUnavailableError) { ... }
+ *   }
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WaitTimeoutError = exports.ResumableError = exports.OrderFailedError = exports.AuthError = exports.InvalidAmountError = exports.PriceUnavailableError = exports.ServiceUnavailableError = exports.RateLimitError = exports.SpendLimitError = exports.Cards402Error = void 0;
+exports.parseApiError = parseApiError;
+/** Base class — all cards402 errors extend this. */
+class Cards402Error extends Error {
+    code;
+    status;
+    raw;
+    constructor(message, code, status, raw) {
+        super(message);
+        this.code = code;
+        this.status = status;
+        this.raw = raw;
+        this.name = 'Cards402Error';
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+exports.Cards402Error = Cards402Error;
+/** The API key's spend limit has been reached. */
+class SpendLimitError extends Cards402Error {
+    limit;
+    spent;
+    constructor(limit, spent) {
+        super(`Spend limit exceeded: $${spent} spent of $${limit} limit. Ask your operator to raise the limit or wait for the next reset period.`, 'spend_limit_exceeded', 403);
+        this.limit = limit;
+        this.spent = spent;
+        this.name = 'SpendLimitError';
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+exports.SpendLimitError = SpendLimitError;
+/**
+ * Rate limit hit. The backend returns `rate_limit_exceeded` for two
+ * different limits — 60 orders/hour on POST /v1/orders, and 10
+ * requests/second (600/minute) on GET /v1/orders/:id status polling.
+ * Which one fired is in the server's `message` field, not in the
+ * error code, so we forward the message verbatim instead of hardcoding
+ * the wrong explanation.
+ */
+class RateLimitError extends Cards402Error {
+    constructor(message = 'Rate limit exceeded. Back off and retry.') {
+        super(message, 'rate_limit_exceeded', 429);
+        this.name = 'RateLimitError';
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+exports.RateLimitError = RateLimitError;
+/** Service is temporarily suspended (fulfillment circuit breaker tripped). */
+class ServiceUnavailableError extends Cards402Error {
+    constructor(message = 'Card fulfillment is temporarily suspended. Retry in a few minutes.') {
+        super(message, 'service_temporarily_unavailable', 503);
+        this.name = 'ServiceUnavailableError';
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+exports.ServiceUnavailableError = ServiceUnavailableError;
+/** XLM price feed is unavailable — retry or use USDC. */
+class PriceUnavailableError extends Cards402Error {
+    constructor(message = 'XLM price is temporarily unavailable. Retry shortly, or use payment_asset: "usdc".') {
+        super(message, 'price_unavailable', 503);
+        this.name = 'PriceUnavailableError';
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+exports.PriceUnavailableError = PriceUnavailableError;
+/**
+ * amount_usdc was missing, zero, non-numeric, or outside the bounds
+ * [0.01, 10000]. The message defaults to the full-range explanation
+ * but is overridden by whatever the backend sent so a call with e.g.
+ * "9.99999999" (too many decimals) gets the specific reason instead
+ * of the generic bounds message.
+ */
+class InvalidAmountError extends Cards402Error {
+    constructor(message = 'Invalid amount_usdc — must be a decimal string between "0.01" and "10000.00" (e.g. "10.00").') {
+        super(message, 'invalid_amount', 400);
+        this.name = 'InvalidAmountError';
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+exports.InvalidAmountError = InvalidAmountError;
+/** The API key is missing or invalid. */
+class AuthError extends Cards402Error {
+    constructor() {
+        super('Invalid or missing API key. Pass it as the X-Api-Key header, or set CARDS402_API_KEY.', 'invalid_api_key', 401);
+        this.name = 'AuthError';
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+exports.AuthError = AuthError;
+/** Order failed during fulfillment. A refund may be in progress. */
+class OrderFailedError extends Cards402Error {
+    orderId;
+    refund;
+    constructor(orderId, reason, refund) {
+        const refundNote = refund
+            ? ` Your payment is being refunded (txid: ${refund.stellar_txid}).`
+            : ' A refund will be processed if payment was received.';
+        super(`Order ${orderId} failed: ${reason}.${refundNote}`, 'order_failed', 200, {
+            orderId,
+            reason,
+            refund,
+        });
+        this.orderId = orderId;
+        this.refund = refund;
+        this.name = 'OrderFailedError';
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+exports.OrderFailedError = OrderFailedError;
+/**
+ * Thrown by purchaseCardOWS when the order was created (and possibly paid)
+ * but the flow couldn't finish — e.g. Soroban RPC finalization timed out,
+ * or waitForCard hit its deadline. Always carries the orderId so the caller
+ * can resume via `cards402 purchase --resume <order-id>` without minting a
+ * new order (which would strand the original one until it expires).
+ *
+ * `txHash` is present when the payment was submitted onto the ledger (even
+ * if finalization wasn't confirmed client-side) — the backend watcher can
+ * still credit the order after the fact.
+ *
+ * `phase: 'paid'` means payViaContractOWS returned successfully, so resume
+ * should skip straight to waitForCard. `phase: 'unpaid'` means the payment
+ * never went out and resume may need to retry the Soroban submit.
+ */
+class ResumableError extends Cards402Error {
+    orderId;
+    phase;
+    txHash;
+    cause;
+    constructor(orderId, reason, phase, txHash, cause) {
+        const hashNote = txHash ? ` (tx: ${txHash})` : '';
+        super(`Purchase could not finish for order ${orderId}: ${reason}${hashNote}. ` +
+            `Resume with: cards402 purchase --resume ${orderId}`, 'resumable', 0, { orderId, reason, phase, txHash });
+        this.orderId = orderId;
+        this.phase = phase;
+        this.txHash = txHash;
+        this.cause = cause;
+        this.name = 'ResumableError';
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+exports.ResumableError = ResumableError;
+/** Waiting for a card timed out — order may still be processing. */
+class WaitTimeoutError extends Cards402Error {
+    orderId;
+    constructor(orderId, timeoutMs) {
+        super(`Timed out waiting for card after ${timeoutMs / 1000}s (order: ${orderId}). ` +
+            'Poll GET /v1/orders/:id to check status — it may still complete.', 'wait_timeout', 408);
+        this.orderId = orderId;
+        this.name = 'WaitTimeoutError';
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+exports.WaitTimeoutError = WaitTimeoutError;
+/**
+ * Parse a raw API error response into the appropriate typed error.
+ * Falls back to generic Cards402Error for unknown codes.
+ */
+function parseApiError(status, body) {
+    const code = String(body.error ?? 'unknown');
+    const message = String(body.message ?? body.error ?? 'Unknown error');
+    switch (code) {
+        case 'spend_limit_exceeded':
+            return new SpendLimitError(String(body.limit ?? '?'), String(body.spent ?? '?'));
+        case 'rate_limit_exceeded':
+            // Forward the backend message verbatim — the code is shared
+            // between order-creation and polling rate limits, and the
+            // message is the only way to tell them apart.
+            return new RateLimitError(message);
+        case 'service_temporarily_unavailable':
+            return new ServiceUnavailableError(message);
+        case 'price_unavailable':
+        case 'xlm_price_unavailable':
+            return new PriceUnavailableError(message);
+        case 'invalid_amount':
+            return new InvalidAmountError(message);
+        case 'missing_api_key':
+        case 'invalid_api_key':
+            return new AuthError();
+        default:
+            return new Cards402Error(message, code, status, body);
+    }
+}
+//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;AA+KH,sCAyBC;AAtMD,oDAAoD;AACpD,MAAa,aAAc,SAAQ,KAAK;IAGpB;IACA;IACA;IAJlB,YACE,OAAe,EACC,IAAY,EACZ,MAAc,EACd,GAAa;QAE7B,KAAK,CAAC,OAAO,CAAC,CAAC;QAJC,SAAI,GAAJ,IAAI,CAAQ;QACZ,WAAM,GAAN,MAAM,CAAQ;QACd,QAAG,GAAH,GAAG,CAAU;QAG7B,IAAI,CAAC,IAAI,GAAG,eAAe,CAAC;QAC5B,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAXD,sCAWC;AAED,kDAAkD;AAClD,MAAa,eAAgB,SAAQ,aAAa;IAE9B;IACA;IAFlB,YACkB,KAAa,EACb,KAAa;QAE7B,KAAK,CACH,0BAA0B,KAAK,cAAc,KAAK,iFAAiF,EACnI,sBAAsB,EACtB,GAAG,CACJ,CAAC;QAPc,UAAK,GAAL,KAAK,CAAQ;QACb,UAAK,GAAL,KAAK,CAAQ;QAO7B,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;QAC9B,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAbD,0CAaC;AAED;;;;;;;GAOG;AACH,MAAa,cAAe,SAAQ,aAAa;IAC/C,YAAY,OAAO,GAAG,0CAA0C;QAC9D,KAAK,CAAC,OAAO,EAAE,qBAAqB,EAAE,GAAG,CAAC,CAAC;QAC3C,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;QAC7B,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAND,wCAMC;AAED,8EAA8E;AAC9E,MAAa,uBAAwB,SAAQ,aAAa;IACxD,YAAY,OAAO,GAAG,oEAAoE;QACxF,KAAK,CAAC,OAAO,EAAE,iCAAiC,EAAE,GAAG,CAAC,CAAC;QACvD,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;QACtC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAND,0DAMC;AAED,yDAAyD;AACzD,MAAa,qBAAsB,SAAQ,aAAa;IACtD,YACE,OAAO,GAAG,oFAAoF;QAE9F,KAAK,CAAC,OAAO,EAAE,mBAAmB,EAAE,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;QACpC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AARD,sDAQC;AAED;;;;;;GAMG;AACH,MAAa,kBAAmB,SAAQ,aAAa;IACnD,YACE,OAAO,GAAG,8FAA8F;QAExG,KAAK,CAAC,OAAO,EAAE,gBAAgB,EAAE,GAAG,CAAC,CAAC;QACtC,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;QACjC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AARD,gDAQC;AAED,yCAAyC;AACzC,MAAa,SAAU,SAAQ,aAAa;IAC1C;QACE,KAAK,CACH,uFAAuF,EACvF,iBAAiB,EACjB,GAAG,CACJ,CAAC;QACF,IAAI,CAAC,IAAI,GAAG,WAAW,CAAC;QACxB,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAVD,8BAUC;AAED,oEAAoE;AACpE,MAAa,gBAAiB,SAAQ,aAAa;IAE/B;IAEA;IAHlB,YACkB,OAAe,EAC/B,MAAc,EACE,MAAiC;QAEjD,MAAM,UAAU,GAAG,MAAM;YACvB,CAAC,CAAC,0CAA0C,MAAM,CAAC,YAAY,IAAI;YACnE,CAAC,CAAC,sDAAsD,CAAC;QAC3D,KAAK,CAAC,SAAS,OAAO,YAAY,MAAM,IAAI,UAAU,EAAE,EAAE,cAAc,EAAE,GAAG,EAAE;YAC7E,OAAO;YACP,MAAM;YACN,MAAM;SACP,CAAC,CAAC;QAXa,YAAO,GAAP,OAAO,CAAQ;QAEf,WAAM,GAAN,MAAM,CAA2B;QAUjD,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;QAC/B,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAjBD,4CAiBC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAa,cAAe,SAAQ,aAAa;IAE7B;IAEA;IACA;IACA;IALlB,YACkB,OAAe,EAC/B,MAAc,EACE,KAAwB,EACxB,MAAe,EACf,KAAe;QAE/B,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,CAAC,SAAS,MAAM,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAClD,KAAK,CACH,uCAAuC,OAAO,KAAK,MAAM,GAAG,QAAQ,IAAI;YACtE,2CAA2C,OAAO,EAAE,EACtD,WAAW,EACX,CAAC,EACD,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,CACnC,CAAC;QAbc,YAAO,GAAP,OAAO,CAAQ;QAEf,UAAK,GAAL,KAAK,CAAmB;QACxB,WAAM,GAAN,MAAM,CAAS;QACf,UAAK,GAAL,KAAK,CAAU;QAU/B,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;QAC7B,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAnBD,wCAmBC;AAED,oEAAoE;AACpE,MAAa,gBAAiB,SAAQ,aAAa;IAE/B;IADlB,YACkB,OAAe,EAC/B,SAAiB;QAEjB,KAAK,CACH,oCAAoC,SAAS,GAAG,IAAI,aAAa,OAAO,KAAK;YAC3E,kEAAkE,EACpE,cAAc,EACd,GAAG,CACJ,CAAC;QARc,YAAO,GAAP,OAAO,CAAQ;QAS/B,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;QAC/B,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAdD,4CAcC;AAED;;;GAGG;AACH,SAAgB,aAAa,CAAC,MAAc,EAAE,IAA6B;IACzE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI,SAAS,CAAC,CAAC;IAC7C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,KAAK,IAAI,eAAe,CAAC,CAAC;IAEtE,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,sBAAsB;YACzB,OAAO,IAAI,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI,GAAG,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI,GAAG,CAAC,CAAC,CAAC;QACnF,KAAK,qBAAqB;YACxB,4DAA4D;YAC5D,0DAA0D;YAC1D,8CAA8C;YAC9C,OAAO,IAAI,cAAc,CAAC,OAAO,CAAC,CAAC;QACrC,KAAK,iCAAiC;YACpC,OAAO,IAAI,uBAAuB,CAAC,OAAO,CAAC,CAAC;QAC9C,KAAK,mBAAmB,CAAC;QACzB,KAAK,uBAAuB;YAC1B,OAAO,IAAI,qBAAqB,CAAC,OAAO,CAAC,CAAC;QAC5C,KAAK,gBAAgB;YACnB,OAAO,IAAI,kBAAkB,CAAC,OAAO,CAAC,CAAC;QACzC,KAAK,iBAAiB,CAAC;QACvB,KAAK,iBAAiB;YACpB,OAAO,IAAI,SAAS,EAAE,CAAC;QACzB;YACE,OAAO,IAAI,aAAa,CAAC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,CAAC;IAC1D,CAAC;AACH,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+export { Cards402Client, CSPR402Client } from './client';
+export type { OrderOptions, OrderResponse, OrderStatus, OrderListItem, OrderPhase, CardDetails, PaymentInstructions, SorobanPaymentInstructions, CasperCSPRPaymentInstructions, MockUsdcCep18PaymentInstructions, CasperCSPRPaymentReceipt, CasperPaymentReceipt, MockUsdcReceipt, VerifyCasperPaymentResponse, Budget, UsageSummary, } from './client';
+export { Cards402Error, SpendLimitError, RateLimitError, ServiceUnavailableError, PriceUnavailableError, InvalidAmountError, AuthError, OrderFailedError, WaitTimeoutError, ResumableError, } from './errors';
+export { loadCards402Config, saveCards402Config, resolveCredentials } from './config';
+export type { Cards402Config } from './config';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzD,YAAY,EACV,YAAY,EACZ,aAAa,EACb,WAAW,EACX,aAAa,EACb,UAAU,EACV,WAAW,EACX,mBAAmB,EACnB,0BAA0B,EAC1B,6BAA6B,EAC7B,gCAAgC,EAChC,wBAAwB,EACxB,oBAAoB,EACpB,eAAe,EACf,2BAA2B,EAC3B,MAAM,EACN,YAAY,GACb,MAAM,UAAU,CAAC;AAElB,OAAO,EACL,aAAa,EACb,eAAe,EACf,cAAc,EACd,uBAAuB,EACvB,qBAAqB,EACrB,kBAAkB,EAClB,SAAS,EACT,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,GACf,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AACtF,YAAY,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC"}