ksef-client-ts 0.8.0 → 0.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli.js CHANGED
@@ -238,10 +238,21 @@ var init_ksef_bad_request_error = __esm({
238
238
  });
239
239
 
240
240
  // src/errors/ksef-auth-status-error.ts
241
+ var KSeFAuthStatusError;
241
242
  var init_ksef_auth_status_error = __esm({
242
243
  "src/errors/ksef-auth-status-error.ts"() {
243
244
  "use strict";
244
245
  init_ksef_error();
246
+ KSeFAuthStatusError = class extends KSeFError {
247
+ referenceNumber;
248
+ statusDescription;
249
+ constructor(message, referenceNumber, statusDescription) {
250
+ super(message);
251
+ this.name = "KSeFAuthStatusError";
252
+ this.referenceNumber = referenceNumber;
253
+ this.statusDescription = statusDescription;
254
+ }
255
+ };
245
256
  }
246
257
  });
247
258
 
@@ -281,6 +292,14 @@ var init_ksef_validation_error = __esm({
281
292
  }
282
293
  });
283
294
 
295
+ // src/errors/ksef-metadata-pagination-error.ts
296
+ var init_ksef_metadata_pagination_error = __esm({
297
+ "src/errors/ksef-metadata-pagination-error.ts"() {
298
+ "use strict";
299
+ init_ksef_error();
300
+ }
301
+ });
302
+
284
303
  // src/errors/error-codes.ts
285
304
  function hasErrorCode(body, code) {
286
305
  return !!body?.exception?.exceptionDetailList?.some((d) => d.exceptionCode === code);
@@ -291,7 +310,9 @@ var init_error_codes = __esm({
291
310
  "use strict";
292
311
  KSeFErrorCode = {
293
312
  BatchTimeout: 21208,
294
- DuplicateInvoice: 440
313
+ DuplicateInvoice: 440,
314
+ /** The supplied public key identifier is unknown or points to a revoked key (KSeF API v2.5.0). */
315
+ UnknownPublicKeyId: 21470
295
316
  };
296
317
  }
297
318
  });
@@ -320,6 +341,37 @@ var init_ksef_batch_timeout_error = __esm({
320
341
  }
321
342
  });
322
343
 
344
+ // src/errors/ksef-unknown-public-key-error.ts
345
+ function messageOf(description) {
346
+ return description?.trim() || "The supplied public key identifier is unknown or revoked (KSeF 21470).";
347
+ }
348
+ var KSeFUnknownPublicKeyError;
349
+ var init_ksef_unknown_public_key_error = __esm({
350
+ "src/errors/ksef-unknown-public-key-error.ts"() {
351
+ "use strict";
352
+ init_ksef_api_error();
353
+ init_error_codes();
354
+ KSeFUnknownPublicKeyError = class _KSeFUnknownPublicKeyError extends KSeFApiError {
355
+ statusCode = 400;
356
+ errorCode = KSeFErrorCode.UnknownPublicKeyId;
357
+ constructor(message, errorResponse) {
358
+ super(message, 400, errorResponse);
359
+ this.name = "KSeFUnknownPublicKeyError";
360
+ }
361
+ static fromLegacy(body) {
362
+ const detail = body?.exception?.exceptionDetailList?.find(
363
+ (d) => d.exceptionCode === KSeFErrorCode.UnknownPublicKeyId
364
+ );
365
+ return new _KSeFUnknownPublicKeyError(messageOf(detail?.exceptionDescription), body);
366
+ }
367
+ static fromProblem(problem) {
368
+ const detail = problem.errors?.find((e) => e.code === KSeFErrorCode.UnknownPublicKeyId);
369
+ return new _KSeFUnknownPublicKeyError(messageOf(detail?.description || problem.detail));
370
+ }
371
+ };
372
+ }
373
+ });
374
+
323
375
  // src/errors/ksef-circuit-open-error.ts
324
376
  var KSeFCircuitOpenError;
325
377
  var init_ksef_circuit_open_error = __esm({
@@ -385,7 +437,9 @@ var init_errors = __esm({
385
437
  init_ksef_auth_status_error();
386
438
  init_ksef_session_expired_error();
387
439
  init_ksef_validation_error();
440
+ init_ksef_metadata_pagination_error();
388
441
  init_ksef_batch_timeout_error();
442
+ init_ksef_unknown_public_key_error();
389
443
  init_ksef_circuit_open_error();
390
444
  init_ksef_xsd_validation_error();
391
445
  init_error_codes();
@@ -652,6 +706,7 @@ var init_rest_client = __esm({
652
706
  init_ksef_gone_error();
653
707
  init_ksef_bad_request_error();
654
708
  init_ksef_batch_timeout_error();
709
+ init_ksef_unknown_public_key_error();
655
710
  init_error_codes();
656
711
  init_route_builder();
657
712
  init_transport();
@@ -666,6 +721,7 @@ var init_rest_client = __esm({
666
721
  circuitBreakerPolicy;
667
722
  authManager;
668
723
  presignedUrlPolicy;
724
+ onSystemWarning;
669
725
  constructor(options, config) {
670
726
  this.options = options;
671
727
  this.routeBuilder = new RouteBuilder(options.apiVersion);
@@ -675,23 +731,41 @@ var init_rest_client = __esm({
675
731
  this.circuitBreakerPolicy = config?.circuitBreakerPolicy ?? null;
676
732
  this.authManager = config?.authManager;
677
733
  this.presignedUrlPolicy = config?.presignedUrlPolicy;
734
+ this.onSystemWarning = config?.onSystemWarning;
678
735
  }
679
736
  async execute(request) {
680
737
  const response = await this.sendRequest(request);
681
738
  await this.ensureSuccess(response);
739
+ this.handleSystemWarning(response);
682
740
  const body = await response.json();
683
741
  return { body, headers: response.headers, statusCode: response.status };
684
742
  }
685
743
  async executeVoid(request) {
686
744
  const response = await this.sendRequest(request);
687
745
  await this.ensureSuccess(response);
746
+ this.handleSystemWarning(response);
688
747
  }
689
748
  async executeRaw(request) {
690
749
  const response = await this.sendRequest(request);
691
750
  await this.ensureSuccess(response);
751
+ this.handleSystemWarning(response);
692
752
  const body = await response.arrayBuffer();
693
753
  return { body, headers: response.headers, statusCode: response.status };
694
754
  }
755
+ /** Surface the optional `X-System-Warning` response header (KSeF API v2.6.0). */
756
+ handleSystemWarning(response) {
757
+ const warning = response.headers.get("x-system-warning");
758
+ if (!warning) return;
759
+ if (this.onSystemWarning) {
760
+ try {
761
+ this.onSystemWarning(warning);
762
+ } catch (error) {
763
+ consola3.warn("onSystemWarning callback threw an exception (ignored):", error);
764
+ }
765
+ } else {
766
+ consola3.warn(`KSeF system warning: ${warning}`);
767
+ }
768
+ }
695
769
  async sendRequest(request) {
696
770
  const url2 = this.buildUrl(request);
697
771
  if (request.isPresigned() && this.presignedUrlPolicy) {
@@ -833,9 +907,15 @@ var init_rest_client = __esm({
833
907
  if (response.status === 400) {
834
908
  const problem = tryParseProblem(isBadRequestProblem);
835
909
  if (problem) {
910
+ if (problem.errors?.some((e) => e.code === KSeFErrorCode.UnknownPublicKeyId)) {
911
+ throw KSeFUnknownPublicKeyError.fromProblem(problem);
912
+ }
836
913
  throw new KSeFBadRequestError(problem);
837
914
  }
838
915
  const legacy = parseJson();
916
+ if (hasErrorCode(legacy, KSeFErrorCode.UnknownPublicKeyId)) {
917
+ throw KSeFUnknownPublicKeyError.fromLegacy(legacy);
918
+ }
839
919
  if (hasErrorCode(legacy, KSeFErrorCode.BatchTimeout)) {
840
920
  throw KSeFBatchTimeoutError.fromResponse(400, legacy);
841
921
  }
@@ -2035,6 +2115,44 @@ var init_tokens = __esm({
2035
2115
  }
2036
2116
  });
2037
2117
 
2118
+ // src/validation/patterns.ts
2119
+ function isValidNip(value) {
2120
+ if (!Nip.test(value)) return false;
2121
+ let sum = 0;
2122
+ for (let i = 0; i < 9; i++) {
2123
+ sum += Number(value[i]) * NIP_WEIGHTS[i];
2124
+ }
2125
+ const checksum = sum % 11;
2126
+ return checksum !== 10 && checksum === Number(value[9]);
2127
+ }
2128
+ function isValidPesel(value) {
2129
+ if (!Pesel.test(value)) return false;
2130
+ let sum = 0;
2131
+ for (let i = 0; i < 10; i++) {
2132
+ sum += Number(value[i]) * PESEL_WEIGHTS[i];
2133
+ }
2134
+ const checksum = (10 - sum % 10) % 10;
2135
+ return checksum === Number(value[10]);
2136
+ }
2137
+ function isValidCertificateSerialNumber(value) {
2138
+ return CertificateSerialNumber.test(value);
2139
+ }
2140
+ var NIP_PATTERN_CORE, VAT_UE_PATTERN_CORE, Nip, VatUe, NipVatUe, Pesel, CertificateSerialNumber, NIP_WEIGHTS, PESEL_WEIGHTS;
2141
+ var init_patterns = __esm({
2142
+ "src/validation/patterns.ts"() {
2143
+ "use strict";
2144
+ NIP_PATTERN_CORE = "[1-9]((\\d[1-9])|([1-9]\\d))\\d{7}";
2145
+ VAT_UE_PATTERN_CORE = "(ATU\\d{8}|BE[01]{1}\\d{9}|BG\\d{9,10}|CY\\d{8}[A-Z]|CZ\\d{8,10}|DE\\d{9}|DK\\d{8}|EE\\d{9}|EL\\d{9}|ES([A-Z]\\d{8}|\\d{8}[A-Z]|[A-Z]\\d{7}[A-Z])|FI\\d{8}|FR[A-Z0-9]{2}\\d{9}|HR\\d{11}|HU\\d{8}|IE(\\d{7}[A-Z]{2}|\\d[A-Z0-9+*]\\d{5}[A-Z])|IT\\d{11}|LT(\\d{9}|\\d{12})|LU\\d{8}|LV\\d{11}|MT\\d{8}|NL[A-Z0-9+*]{12}|PT\\d{9}|RO\\d{2,10}|SE\\d{12}|SI\\d{8}|SK\\d{10}|XI((\\d{9}|\\d{12})|(GD|HA)\\d{3}))";
2146
+ Nip = new RegExp(`^${NIP_PATTERN_CORE}$`);
2147
+ VatUe = new RegExp(`^${VAT_UE_PATTERN_CORE}$`);
2148
+ NipVatUe = new RegExp(`^${NIP_PATTERN_CORE}-${VAT_UE_PATTERN_CORE}$`);
2149
+ Pesel = /^\d{2}(?:0[1-9]|1[0-2]|2[1-9]|3[0-2]|4[1-9]|5[0-2]|6[1-9]|7[0-2]|8[1-9]|9[0-2])\d{7}$/;
2150
+ CertificateSerialNumber = /^[0-9A-F]{16}$/;
2151
+ NIP_WEIGHTS = [6, 5, 7, 2, 3, 4, 5, 6, 7];
2152
+ PESEL_WEIGHTS = [1, 3, 7, 9, 1, 3, 7, 9, 1, 3];
2153
+ }
2154
+ });
2155
+
2038
2156
  // src/services/certificates.ts
2039
2157
  var CertificateApiService;
2040
2158
  var init_certificates = __esm({
@@ -2042,6 +2160,8 @@ var init_certificates = __esm({
2042
2160
  "use strict";
2043
2161
  init_rest_request();
2044
2162
  init_routes();
2163
+ init_ksef_validation_error();
2164
+ init_patterns();
2045
2165
  CertificateApiService = class {
2046
2166
  restClient;
2047
2167
  constructor(restClient) {
@@ -2068,6 +2188,14 @@ var init_certificates = __esm({
2068
2188
  return response.body;
2069
2189
  }
2070
2190
  async retrieve(request) {
2191
+ for (const serial of request.certificateSerialNumbers ?? []) {
2192
+ if (!isValidCertificateSerialNumber(serial)) {
2193
+ throw KSeFValidationError.fromField(
2194
+ "certificateSerialNumbers",
2195
+ `Invalid certificate serial number "${serial}": must be exactly 16 uppercase hex characters (^[0-9A-F]{16}$)`
2196
+ );
2197
+ }
2198
+ }
2071
2199
  const req = RestRequest.post(Routes.Certificates.retrieve).body(request);
2072
2200
  const response = await this.restClient.execute(req);
2073
2201
  return response.body;
@@ -2311,8 +2439,8 @@ var init_certificate_fetcher = __esm({
2311
2439
  init_routes();
2312
2440
  CertificateFetcher = class {
2313
2441
  restClient;
2314
- symmetricKeyPem;
2315
- ksefTokenPem;
2442
+ symmetricKey;
2443
+ ksefToken;
2316
2444
  initialized = false;
2317
2445
  constructor(restClient) {
2318
2446
  this.restClient = restClient;
@@ -2325,17 +2453,38 @@ var init_certificate_fetcher = __esm({
2325
2453
  this.initialized = false;
2326
2454
  await this.fetchCertificates();
2327
2455
  }
2456
+ /**
2457
+ * Immutable snapshot ({@link SelectedCertificate}) of the selected
2458
+ * SymmetricKeyEncryption certificate. The stored object is replaced wholesale
2459
+ * by {@link refresh}, never mutated, so holding the returned reference yields a
2460
+ * consistent pem + publicKeyId pair even if a concurrent refresh swaps the cache.
2461
+ */
2462
+ getSymmetricKeyEncryption() {
2463
+ return { ...this.requireSelected(this.symmetricKey) };
2464
+ }
2465
+ /** Immutable snapshot of the selected KsefTokenEncryption certificate. See {@link getSymmetricKeyEncryption}. */
2466
+ getKsefTokenEncryption() {
2467
+ return { ...this.requireSelected(this.ksefToken) };
2468
+ }
2328
2469
  getSymmetricKeyEncryptionPem() {
2329
- if (!this.symmetricKeyPem) {
2330
- throw new Error("CertificateFetcher not initialized. Call init() first.");
2331
- }
2332
- return this.symmetricKeyPem;
2470
+ return this.requireSelected(this.symmetricKey).pem;
2333
2471
  }
2334
2472
  getKsefTokenEncryptionPem() {
2335
- if (!this.ksefTokenPem) {
2473
+ return this.requireSelected(this.ksefToken).pem;
2474
+ }
2475
+ /** Public key identifier of the selected SymmetricKeyEncryption certificate (KSeF API v2.5.0). */
2476
+ getSymmetricKeyPublicKeyId() {
2477
+ return this.requireSelected(this.symmetricKey).publicKeyId;
2478
+ }
2479
+ /** Public key identifier of the selected KsefTokenEncryption certificate (KSeF API v2.5.0). */
2480
+ getKsefTokenPublicKeyId() {
2481
+ return this.requireSelected(this.ksefToken).publicKeyId;
2482
+ }
2483
+ requireSelected(selected) {
2484
+ if (!selected) {
2336
2485
  throw new Error("CertificateFetcher not initialized. Call init() first.");
2337
2486
  }
2338
- return this.ksefTokenPem;
2487
+ return selected;
2339
2488
  }
2340
2489
  async fetchCertificates() {
2341
2490
  const request = RestRequest.get(Routes.Security.publicKeyCertificates);
@@ -2344,19 +2493,27 @@ var init_certificate_fetcher = __esm({
2344
2493
  if (!certs || certs.length === 0) {
2345
2494
  throw new Error("No public key certificates returned from KSeF API.");
2346
2495
  }
2347
- const symmetricCert = certs.find((c) => c.usage.includes("SymmetricKeyEncryption"));
2348
- if (!symmetricCert) {
2349
- throw new Error("No SymmetricKeyEncryption certificate found.");
2350
- }
2351
- this.symmetricKeyPem = this.derBase64ToPem(symmetricCert.certificate);
2352
- const tokenCerts = certs.filter((c) => c.usage.includes("KsefTokenEncryption")).sort((a, b) => a.validFrom.localeCompare(b.validFrom));
2353
- const tokenCert = tokenCerts[0];
2354
- if (!tokenCert) {
2355
- throw new Error("No KsefTokenEncryption certificate found.");
2356
- }
2357
- this.ksefTokenPem = this.derBase64ToPem(tokenCert.certificate);
2496
+ this.symmetricKey = this.select(certs, "SymmetricKeyEncryption");
2497
+ this.ksefToken = this.select(certs, "KsefTokenEncryption");
2358
2498
  this.initialized = true;
2359
2499
  }
2500
+ /**
2501
+ * Select the certificate to use for a given usage under key rotation:
2502
+ * filter to currently-valid certificates (validFrom ≤ now < validTo) and pick
2503
+ * the newest by validFrom. If none are currently valid, fall back to the newest
2504
+ * overall so the server can reject it with a clear error rather than sending nothing.
2505
+ */
2506
+ select(certs, usage) {
2507
+ const candidates = certs.filter((c) => c.usage.includes(usage));
2508
+ if (candidates.length === 0) {
2509
+ throw new Error(`No ${usage} certificate found.`);
2510
+ }
2511
+ const now = Date.now();
2512
+ const byNewestValidFrom = (a, b) => Date.parse(b.validFrom) - Date.parse(a.validFrom);
2513
+ const valid = candidates.filter((c) => Date.parse(c.validFrom) <= now && now < Date.parse(c.validTo)).sort(byNewestValidFrom);
2514
+ const chosen = valid[0] ?? [...candidates].sort(byNewestValidFrom)[0];
2515
+ return { pem: this.derBase64ToPem(chosen.certificate), publicKeyId: chosen.publicKeyId };
2516
+ }
2360
2517
  derBase64ToPem(base64Der) {
2361
2518
  const lines = [];
2362
2519
  for (let i = 0; i < base64Der.length; i += 64) {
@@ -2411,6 +2568,14 @@ var init_cryptography_service = __esm({
2411
2568
  async init() {
2412
2569
  await this.fetcher.init();
2413
2570
  }
2571
+ /** Re-fetch KSeF public certificates, discarding the cached selection (used for key-rotation recovery). */
2572
+ async refresh() {
2573
+ await this.fetcher.refresh();
2574
+ }
2575
+ /** Identifier of the KsefTokenEncryption public key used by {@link encryptKsefToken} (KSeF API v2.5.0). */
2576
+ getKsefTokenPublicKeyId() {
2577
+ return this.fetcher.getKsefTokenPublicKeyId();
2578
+ }
2414
2579
  // ---------------------------------------------------------------------------
2415
2580
  // AES-256-CBC
2416
2581
  // ---------------------------------------------------------------------------
@@ -2456,11 +2621,12 @@ var init_cryptography_service = __esm({
2456
2621
  async getEncryptionData() {
2457
2622
  const key = crypto.randomBytes(32);
2458
2623
  const iv = crypto.randomBytes(16);
2459
- const certPem = this.fetcher.getSymmetricKeyEncryptionPem();
2460
- const encryptedKey = await this.rsaOaepEncrypt(certPem, new Uint8Array(key));
2624
+ const cert = this.fetcher.getSymmetricKeyEncryption();
2625
+ const encryptedKey = await this.rsaOaepEncrypt(cert.pem, new Uint8Array(key));
2461
2626
  const encryptionInfo = {
2462
2627
  encryptedSymmetricKey: Buffer.from(encryptedKey).toString("base64"),
2463
- initializationVector: iv.toString("base64")
2628
+ initializationVector: iv.toString("base64"),
2629
+ publicKeyId: cert.publicKeyId
2464
2630
  };
2465
2631
  return {
2466
2632
  cipherKey: new Uint8Array(key),
@@ -2485,9 +2651,29 @@ var init_cryptography_service = __esm({
2485
2651
  * `[ephemeralSPKI | nonce(12) | ciphertext+tag]`.
2486
2652
  */
2487
2653
  async encryptKsefToken(token, challengeTimestamp) {
2654
+ return this.encryptKsefTokenWithCertPem(
2655
+ this.fetcher.getKsefTokenEncryptionPem(),
2656
+ token,
2657
+ challengeTimestamp
2658
+ );
2659
+ }
2660
+ /**
2661
+ * Encrypt a KSeF token and return it together with the public key id of the
2662
+ * exact certificate used.
2663
+ *
2664
+ * Both values come from a single certificate snapshot taken before any
2665
+ * `await`, so a concurrent {@link refresh} cannot tag the ciphertext with a
2666
+ * different key than it was encrypted under (KSeF API v2.5.0). Prefer this over
2667
+ * pairing {@link encryptKsefToken} with a separate {@link getKsefTokenPublicKeyId}.
2668
+ */
2669
+ async encryptKsefTokenWithKeyId(token, challengeTimestamp) {
2670
+ const cert = this.fetcher.getKsefTokenEncryption();
2671
+ const encryptedToken = await this.encryptKsefTokenWithCertPem(cert.pem, token, challengeTimestamp);
2672
+ return { encryptedToken, publicKeyId: cert.publicKeyId };
2673
+ }
2674
+ async encryptKsefTokenWithCertPem(certPem, token, challengeTimestamp) {
2488
2675
  const timestampMs = new Date(challengeTimestamp).getTime();
2489
2676
  const plaintext = Buffer.from(`${token}|${timestampMs}`, "utf-8");
2490
- const certPem = this.fetcher.getKsefTokenEncryptionPem();
2491
2677
  const cert = new crypto.X509Certificate(certPem);
2492
2678
  const publicKey = cert.publicKey;
2493
2679
  if (publicKey.asymmetricKeyType === "rsa") {
@@ -2646,6 +2832,25 @@ var init_cryptography_service = __esm({
2646
2832
  }
2647
2833
  });
2648
2834
 
2835
+ // src/crypto/with-key-rotation-retry.ts
2836
+ async function withKeyRotationRetry(crypto8, op) {
2837
+ try {
2838
+ return await op();
2839
+ } catch (err) {
2840
+ if (err instanceof KSeFUnknownPublicKeyError) {
2841
+ await crypto8.refresh();
2842
+ return await op();
2843
+ }
2844
+ throw err;
2845
+ }
2846
+ }
2847
+ var init_with_key_rotation_retry = __esm({
2848
+ "src/crypto/with-key-rotation-retry.ts"() {
2849
+ "use strict";
2850
+ init_ksef_unknown_public_key_error();
2851
+ }
2852
+ });
2853
+
2649
2854
  // src/qr/verification-link-service.ts
2650
2855
  import crypto2 from "node:crypto";
2651
2856
  var VerificationLinkService;
@@ -2729,7 +2934,7 @@ var AUTH_TOKEN_REQUEST_NS;
2729
2934
  var init_auth_xml_builder = __esm({
2730
2935
  "src/crypto/auth-xml-builder.ts"() {
2731
2936
  "use strict";
2732
- AUTH_TOKEN_REQUEST_NS = "http://ksef.mf.gov.pl/auth/token/2.0";
2937
+ AUTH_TOKEN_REQUEST_NS = "http://ksef.mf.gov.pl/auth/token/2.1";
2733
2938
  }
2734
2939
  });
2735
2940
 
@@ -2960,6 +3165,7 @@ var init_offline_invoice_workflow = __esm({
2960
3165
  "use strict";
2961
3166
  init_ksef_api_error();
2962
3167
  init_deadline();
3168
+ init_with_key_rotation_retry();
2963
3169
  init_document_structures();
2964
3170
  OfflineInvoiceWorkflow = class {
2965
3171
  constructor(qrService) {
@@ -3066,11 +3272,14 @@ var init_offline_invoice_workflow = __esm({
3066
3272
  }
3067
3273
  if (pending.length === 0) return result;
3068
3274
  await client.crypto.init();
3069
- const encData = await client.crypto.getEncryptionData();
3070
3275
  const formCode = options.formCode ?? DEFAULT_FORM_CODE;
3071
- const openResp = await client.onlineSession.openSession(
3072
- { formCode, encryption: encData.encryptionInfo }
3073
- );
3276
+ const { encData, openResp } = await withKeyRotationRetry(client.crypto, async () => {
3277
+ const encData2 = await client.crypto.getEncryptionData();
3278
+ const openResp2 = await client.onlineSession.openSession(
3279
+ { formCode, encryption: encData2.encryptionInfo }
3280
+ );
3281
+ return { encData: encData2, openResp: openResp2 };
3282
+ });
3074
3283
  const sessionRef = openResp.referenceNumber;
3075
3284
  try {
3076
3285
  for (const inv of pending) {
@@ -3155,11 +3364,14 @@ var init_offline_invoice_workflow = __esm({
3155
3364
  }
3156
3365
  const originalHash = crypto3.createHash("sha256").update(original.invoiceXml).digest("base64");
3157
3366
  await client.crypto.init();
3158
- const encData = await client.crypto.getEncryptionData();
3159
3367
  const formCode = options.formCode ?? DEFAULT_FORM_CODE;
3160
- const openResp = await client.onlineSession.openSession(
3161
- { formCode, encryption: encData.encryptionInfo }
3162
- );
3368
+ const { encData, openResp } = await withKeyRotationRetry(client.crypto, async () => {
3369
+ const encData2 = await client.crypto.getEncryptionData();
3370
+ const openResp2 = await client.onlineSession.openSession(
3371
+ { formCode, encryption: encData2.encryptionInfo }
3372
+ );
3373
+ return { encData: encData2, openResp: openResp2 };
3374
+ });
3163
3375
  const sessionRef = openResp.referenceNumber;
3164
3376
  try {
3165
3377
  const data = new TextEncoder().encode(correctedInvoiceXml);
@@ -3611,6 +3823,9 @@ function buildRestClientConfig(options, authManager) {
3611
3823
  allowedHosts: [...base.allowedHosts, ...options.presignedUrlHosts]
3612
3824
  };
3613
3825
  }
3826
+ if (options?.onSystemWarning) {
3827
+ config.onSystemWarning = options.onSystemWarning;
3828
+ }
3614
3829
  return config;
3615
3830
  }
3616
3831
  var KSeFClient;
@@ -3639,6 +3854,7 @@ var init_client = __esm({
3639
3854
  init_test_data();
3640
3855
  init_certificate_fetcher();
3641
3856
  init_cryptography_service();
3857
+ init_with_key_rotation_retry();
3642
3858
  init_verification_link_service();
3643
3859
  init_auth_xml_builder();
3644
3860
  init_offline_invoice_workflow();
@@ -3705,11 +3921,14 @@ var init_client = __esm({
3705
3921
  async loginWithToken(token, nip) {
3706
3922
  const challenge2 = await this.auth.getChallenge();
3707
3923
  await this.crypto.init();
3708
- const encryptedToken = await this.crypto.encryptKsefToken(token, challenge2.timestamp);
3709
- const submitResult = await this.auth.submitKsefTokenAuthRequest({
3710
- challenge: challenge2.challenge,
3711
- contextIdentifier: { type: "Nip", value: nip },
3712
- encryptedToken: Buffer.from(encryptedToken).toString("base64")
3924
+ const submitResult = await withKeyRotationRetry(this.crypto, async () => {
3925
+ const { encryptedToken, publicKeyId } = await this.crypto.encryptKsefTokenWithKeyId(token, challenge2.timestamp);
3926
+ return this.auth.submitKsefTokenAuthRequest({
3927
+ challenge: challenge2.challenge,
3928
+ contextIdentifier: { type: "Nip", value: nip },
3929
+ encryptedToken: Buffer.from(encryptedToken).toString("base64"),
3930
+ publicKeyId
3931
+ });
3713
3932
  });
3714
3933
  const authToken = submitResult.authenticationToken.token;
3715
3934
  await this.awaitAuthReady(submitResult.referenceNumber, authToken);
@@ -4607,6 +4826,135 @@ var init_zip = __esm({
4607
4826
  }
4608
4827
  });
4609
4828
 
4829
+ // src/utils/targz.ts
4830
+ var targz_exports = {};
4831
+ __export(targz_exports, {
4832
+ createTarGz: () => createTarGz,
4833
+ extractTarGz: () => extractTarGz
4834
+ });
4835
+ import { createGzip, createGunzip } from "node:zlib";
4836
+ import { Readable } from "node:stream";
4837
+ import { extract, pack } from "tar-stream";
4838
+ async function createTarGz(entries) {
4839
+ const packer = pack();
4840
+ const gzip = packer.pipe(createGzip());
4841
+ const chunks = [];
4842
+ return new Promise((resolve2, reject) => {
4843
+ let settled = false;
4844
+ const fail = (err) => {
4845
+ if (settled) return;
4846
+ settled = true;
4847
+ reject(err);
4848
+ };
4849
+ packer.on("error", fail);
4850
+ gzip.on("error", fail);
4851
+ gzip.on("data", (chunk) => chunks.push(chunk));
4852
+ gzip.on("end", () => {
4853
+ if (settled) return;
4854
+ settled = true;
4855
+ resolve2(Buffer.concat(chunks));
4856
+ });
4857
+ try {
4858
+ for (const entry of entries) {
4859
+ const content = Buffer.from(entry.content);
4860
+ packer.entry({ name: entry.fileName, size: content.length }, content);
4861
+ }
4862
+ packer.finalize();
4863
+ } catch (err) {
4864
+ fail(err instanceof Error ? err : new Error(String(err)));
4865
+ }
4866
+ });
4867
+ }
4868
+ async function extractTarGz(buffer, options = {}) {
4869
+ const limits2 = { ...DEFAULT_LIMITS, ...options };
4870
+ const ratioCeiling = limits2.maxCompressionRatio !== null && limits2.maxCompressionRatio !== void 0 && buffer.length > 0 ? buffer.length * limits2.maxCompressionRatio : null;
4871
+ return new Promise((resolve2, reject) => {
4872
+ const source = Readable.from(buffer);
4873
+ const gunzip = createGunzip();
4874
+ const extractor = extract();
4875
+ const files = /* @__PURE__ */ new Map();
4876
+ let extractedFileCount = 0;
4877
+ let totalUncompressed = 0;
4878
+ let settled = false;
4879
+ const cleanup = () => {
4880
+ source.destroy();
4881
+ gunzip.destroy();
4882
+ extractor.destroy();
4883
+ };
4884
+ const fail = (err) => {
4885
+ if (settled) return;
4886
+ settled = true;
4887
+ cleanup();
4888
+ reject(err);
4889
+ };
4890
+ const succeed = () => {
4891
+ if (settled) return;
4892
+ settled = true;
4893
+ resolve2(files);
4894
+ };
4895
+ gunzip.on("data", (chunk) => {
4896
+ totalUncompressed += chunk.length;
4897
+ if (limits2.maxTotalUncompressedSize > 0 && totalUncompressed > limits2.maxTotalUncompressedSize) {
4898
+ fail(new Error("tar.gz exceeds max_total_uncompressed_size"));
4899
+ return;
4900
+ }
4901
+ if (ratioCeiling !== null && totalUncompressed > ratioCeiling) {
4902
+ fail(new Error("tar.gz exceeds max_compression_ratio"));
4903
+ }
4904
+ });
4905
+ extractor.on("entry", (header, stream, next) => {
4906
+ if (settled) {
4907
+ stream.resume();
4908
+ return;
4909
+ }
4910
+ if (header.type !== "file") {
4911
+ stream.resume();
4912
+ stream.on("end", next);
4913
+ return;
4914
+ }
4915
+ if (limits2.maxFiles > 0 && extractedFileCount >= limits2.maxFiles) {
4916
+ fail(new Error("tar.gz contains too many files"));
4917
+ return;
4918
+ }
4919
+ const chunks = [];
4920
+ let entrySize = 0;
4921
+ stream.on("data", (chunk) => {
4922
+ if (settled) return;
4923
+ entrySize += chunk.length;
4924
+ if (limits2.maxFileUncompressedSize > 0 && entrySize > limits2.maxFileUncompressedSize) {
4925
+ fail(new Error("tar.gz entry exceeds max_file_uncompressed_size"));
4926
+ return;
4927
+ }
4928
+ chunks.push(chunk);
4929
+ });
4930
+ stream.on("error", fail);
4931
+ stream.on("end", () => {
4932
+ if (settled) return;
4933
+ extractedFileCount += 1;
4934
+ files.set(header.name, Buffer.concat(chunks));
4935
+ next();
4936
+ });
4937
+ });
4938
+ extractor.on("finish", succeed);
4939
+ extractor.on("error", fail);
4940
+ gunzip.on("error", fail);
4941
+ source.on("error", fail);
4942
+ source.pipe(gunzip).pipe(extractor);
4943
+ });
4944
+ }
4945
+ var DEFAULT_LIMITS;
4946
+ var init_targz = __esm({
4947
+ "src/utils/targz.ts"() {
4948
+ "use strict";
4949
+ DEFAULT_LIMITS = {
4950
+ maxFiles: 1e4,
4951
+ maxTotalUncompressedSize: 2e9,
4952
+ maxFileUncompressedSize: 5e8,
4953
+ maxCompressionRatio: 200
4954
+ };
4955
+ }
4956
+ });
4957
+
4610
4958
  // src/validation/xml-to-object.ts
4611
4959
  import { DOMParser as DOMParser2 } from "@xmldom/xmldom";
4612
4960
  function xmlToObject(xml) {
@@ -5505,15 +5853,15 @@ var init_fa2 = __esm({
5505
5853
  }
5506
5854
  });
5507
5855
 
5508
- // src/validation/schemas/rr1-v11e.ts
5509
- var rr1_v11e_exports = {};
5510
- __export(rr1_v11e_exports, {
5511
- RR1_V11ESchema: () => RR1_V11ESchema
5856
+ // src/validation/schemas/fa-rr1.ts
5857
+ var fa_rr1_exports = {};
5858
+ __export(fa_rr1_exports, {
5859
+ FA_RR1Schema: () => FA_RR1Schema
5512
5860
  });
5513
5861
  import { z as z3 } from "zod";
5514
- var TKodFormularza3, TDataCzas3, TZnakowy4, TNaglowek3, TNrNIP3, TZnakowy5123, TPodmiot13, TKodKraju3, TGLN3, TAdres3, TAdresEmail3, TNumerTelefonu3, TStatusInfoPodatnika3, TZnakowy203, TNIPIdWew3, TWybor13, TPodmiot33, TRolaPodmiotu33, TKodWaluty3, TData3, TDataT3, TKwotowy4, TRodzajFaktury3, TTypKorekty3, TNumerKSeF3, TNaturalny3, TKluczWartosc3, TZnakowy503, TIlosci3, TKwotowy23, TProcentowy3, TStawkaPodatku3, TFormaPlatnosci3, TNrRB3, SWIFT_Type3, TRachunekBankowy3, TTekstowy3, TNrKRS3, TNrREGON3, RR1_V11ESchema;
5515
- var init_rr1_v11e = __esm({
5516
- "src/validation/schemas/rr1-v11e.ts"() {
5862
+ var TKodFormularza3, TDataCzas3, TZnakowy4, TNaglowek3, TNrNIP3, TZnakowy5123, TPodmiot13, TKodKraju3, TGLN3, TAdres3, TAdresEmail3, TNumerTelefonu3, TStatusInfoPodatnika3, TZnakowy203, TNIPIdWew3, TWybor13, TPodmiot33, TRolaPodmiotu33, TKodWaluty3, TData3, TDataT3, TKwotowy4, TRodzajFaktury3, TTypKorekty3, TNumerKSeF3, TNaturalny3, TKluczWartosc3, TZnakowy503, TIlosci3, TKwotowy23, TProcentowy3, TStawkaPodatku3, TFormaPlatnosci3, TNrRB3, SWIFT_Type3, TRachunekBankowy3, TTekstowy3, TNrKRS3, TNrREGON3, FA_RR1Schema;
5863
+ var init_fa_rr1 = __esm({
5864
+ "src/validation/schemas/fa-rr1.ts"() {
5517
5865
  "use strict";
5518
5866
  TKodFormularza3 = z3.literal("FA_RR");
5519
5867
  TDataCzas3 = z3.string();
@@ -5581,7 +5929,7 @@ var init_rr1_v11e = __esm({
5581
5929
  TTekstowy3 = z3.string().min(1).max(3500);
5582
5930
  TNrKRS3 = z3.string().regex(/^\d{10}$/);
5583
5931
  TNrREGON3 = z3.union([z3.string().regex(/^\d{9}$/), z3.string().regex(/^\d{14}$/)]);
5584
- RR1_V11ESchema = z3.object({
5932
+ FA_RR1Schema = z3.object({
5585
5933
  "Naglowek": TNaglowek3,
5586
5934
  "Podmiot1": z3.object({
5587
5935
  "DaneIdentyfikacyjne": TPodmiot13,
@@ -5710,222 +6058,87 @@ var init_rr1_v11e = __esm({
5710
6058
  }
5711
6059
  });
5712
6060
 
5713
- // src/validation/schemas/rr1-v10e.ts
5714
- var rr1_v10e_exports = {};
5715
- __export(rr1_v10e_exports, {
5716
- RR1_V10ESchema: () => RR1_V10ESchema
6061
+ // src/validation/schemas/pef3.ts
6062
+ var pef3_exports = {};
6063
+ __export(pef3_exports, {
6064
+ PEF3Schema: () => PEF3Schema
5717
6065
  });
5718
6066
  import { z as z4 } from "zod";
5719
- var TKodFormularza4, TDataCzas4, TZnakowy5, TNaglowek4, TNrNIP4, TZnakowy5124, TPodmiot14, TKodKraju4, TGLN4, TAdres4, TAdresEmail4, TNumerTelefonu4, TStatusInfoPodatnika4, TZnakowy204, TNIPIdWew4, TWybor14, TPodmiot34, TRolaPodmiotu34, TKodWaluty4, TData4, TDataT4, TKwotowy5, TRodzajFaktury4, TTypKorekty4, TNumerKSeF4, TNaturalny4, TKluczWartosc4, TZnakowy504, TIlosci4, TKwotowy24, TProcentowy4, TStawkaPodatku4, TFormaPlatnosci4, TNrRB4, SWIFT_Type4, TRachunekBankowy4, TTekstowy4, TNrKRS4, TNrREGON4, RR1_V10ESchema;
5720
- var init_rr1_v10e = __esm({
5721
- "src/validation/schemas/rr1-v10e.ts"() {
6067
+ var InvoiceType, PEF3Schema;
6068
+ var init_pef3 = __esm({
6069
+ "src/validation/schemas/pef3.ts"() {
5722
6070
  "use strict";
5723
- TKodFormularza4 = z4.literal("FA_RR");
5724
- TDataCzas4 = z4.string();
5725
- TZnakowy5 = z4.string().min(1).max(256);
5726
- TNaglowek4 = z4.object({
5727
- "KodFormularza": z4.object({ "#text": TKodFormularza4, "@kodSystemowy": z4.literal("FA_RR(1)"), "@wersjaSchemy": z4.literal("1-0E") }).strict(),
5728
- "WariantFormularza": z4.literal("1"),
5729
- "DataWytworzeniaFa": z4.string(),
5730
- "SystemInfo": TZnakowy5.optional()
5731
- }).strict();
5732
- TNrNIP4 = z4.string().regex(/^[1-9]((\d[1-9])|([1-9]\d))\d{7}$/);
5733
- TZnakowy5124 = z4.string().min(1).max(512);
5734
- TPodmiot14 = z4.object({
5735
- "NIP": TNrNIP4,
5736
- "Nazwa": TZnakowy5124
5737
- }).strict();
5738
- TKodKraju4 = z4.enum(["AF", "AX", "AL", "DZ", "AD", "AO", "AI", "AQ", "AG", "AN", "SA", "AR", "AM", "AW", "AU", "AT", "AZ", "BS", "BH", "BD", "BB", "BE", "BZ", "BJ", "BM", "BT", "BY", "BO", "BQ", "BA", "BW", "BR", "BN", "IO", "BG", "BF", "BI", "XC", "CL", "CN", "HR", "CW", "CY", "TD", "ME", "DK", "DM", "DO", "DJ", "EG", "EC", "ER", "EE", "ET", "FK", "FJ", "PH", "FI", "FR", "TF", "GA", "GM", "GH", "GI", "GR", "GD", "GL", "GE", "GU", "GG", "GY", "GF", "GP", "GT", "GN", "GQ", "GW", "HT", "ES", "HN", "HK", "IN", "ID", "IQ", "IR", "IE", "IS", "IL", "JM", "JP", "YE", "JE", "JO", "KY", "KH", "CM", "CA", "QA", "KZ", "KE", "KG", "KI", "CO", "KM", "CG", "CD", "KP", "XK", "CR", "CU", "KW", "LA", "LS", "LB", "LR", "LY", "LI", "LT", "LV", "LU", "MK", "MG", "YT", "MO", "MW", "MV", "MY", "ML", "MT", "MP", "MA", "MQ", "MR", "MU", "MX", "XL", "FM", "UM", "MD", "MC", "MN", "MS", "MZ", "MM", "NA", "NR", "NP", "NL", "DE", "NE", "NG", "NI", "NU", "NF", "NO", "NC", "NZ", "PS", "OM", "PK", "PW", "PA", "PG", "PY", "PE", "PN", "PF", "PL", "GS", "PT", "PR", "CF", "CZ", "KR", "ZA", "RE", "RU", "RO", "RW", "EH", "BL", "KN", "LC", "MF", "VC", "SV", "WS", "AS", "SM", "SN", "RS", "SC", "SL", "SG", "SK", "SI", "SO", "LK", "PM", "US", "SZ", "SD", "SS", "SR", "SJ", "SH", "SY", "CH", "SE", "TJ", "TH", "TW", "TZ", "TG", "TK", "TO", "TT", "TN", "TR", "TM", "TV", "UG", "UA", "UY", "UZ", "VU", "WF", "VA", "HU", "VE", "GB", "VN", "IT", "TL", "CI", "BV", "CX", "IM", "SX", "CK", "VI", "VG", "HM", "CC", "MH", "FO", "SB", "ST", "TC", "ZM", "CV", "ZW", "AE", "XI"]);
5739
- TGLN4 = z4.string().min(1).max(13);
5740
- TAdres4 = z4.object({
5741
- "KodKraju": TKodKraju4,
5742
- "AdresL1": TZnakowy5124,
5743
- "AdresL2": TZnakowy5124.optional(),
5744
- "GLN": TGLN4.optional()
5745
- }).strict();
5746
- TAdresEmail4 = z4.string().min(3).max(255).regex(/^(.)+@(.)+$/);
5747
- TNumerTelefonu4 = z4.string().min(1).max(16);
5748
- TStatusInfoPodatnika4 = z4.enum(["1", "2", "3", "4"]);
5749
- TZnakowy204 = z4.string().min(1).max(20);
5750
- TNIPIdWew4 = z4.string().min(1).max(20).regex(/^[1-9]((\d[1-9])|([1-9]\d))\d{7}-\d{5}$/);
5751
- TWybor14 = z4.literal("1");
5752
- TPodmiot34 = z4.object({
5753
- "NIP": TNrNIP4.optional(),
5754
- "IDWew": TNIPIdWew4.optional(),
5755
- "BrakID": TWybor14.optional(),
5756
- "Nazwa": TZnakowy5124
5757
- }).strict();
5758
- TRolaPodmiotu34 = z4.enum(["1", "2", "3", "5", "6", "7", "8", "9", "10", "11"]);
5759
- TKodWaluty4 = z4.enum(["AED", "AFN", "ALL", "AMD", "ANG", "AOA", "ARS", "AUD", "AWG", "AZN", "BAM", "BBD", "BDT", "BGN", "BHD", "BIF", "BMD", "BND", "BOB", "BOV", "BRL", "BSD", "BTN", "BWP", "BYN", "BZD", "CAD", "CDF", "CHE", "CHF", "CHW", "CLF", "CLP", "CNY", "COP", "COU", "CRC", "CUC", "CUP", "CVE", "CZK", "DJF", "DKK", "DOP", "DZD", "EGP", "ERN", "ETB", "EUR", "FJD", "FKP", "GBP", "GEL", "GGP", "GHS", "GIP", "GMD", "GNF", "GTQ", "GYD", "HKD", "HNL", "HRK", "HTG", "HUF", "IDR", "ILS", "IMP", "INR", "IQD", "IRR", "ISK", "JEP", "JMD", "JOD", "JPY", "KES", "KGS", "KHR", "KMF", "KPW", "KRW", "KWD", "KYD", "KZT", "LAK", "LBP", "LKR", "LRD", "LSL", "LYD", "MAD", "MDL", "MGA", "MKD", "MMK", "MNT", "MOP", "MRU", "MUR", "MVR", "MWK", "MXN", "MXV", "MYR", "MZN", "NAD", "NGN", "NIO", "NOK", "NPR", "NZD", "OMR", "PAB", "PEN", "PGK", "PHP", "PKR", "PLN", "PYG", "QAR", "RON", "RSD", "RUB", "RWF", "SAR", "SBD", "SCR", "SDG", "SEK", "SGD", "SHP", "SLL", "SOS", "SRD", "SSP", "STN", "SVC", "SYP", "SZL", "THB", "TJS", "TMT", "TND", "TOP", "TRY", "TTD", "TWD", "TZS", "UAH", "UGX", "USD", "USN", "UYI", "UYU", "UYW", "UZS", "VES", "VND", "VUV", "WST", "XAF", "XAG", "XAU", "XBA", "XBB", "XBC", "XBD", "XCD", "XCG", "XDR", "XOF", "XPD", "XPF", "XPT", "XSU", "XUA", "XXX", "YER", "ZAR", "ZMW", "ZWL"]);
5760
- TData4 = z4.string();
5761
- TDataT4 = z4.string();
5762
- TKwotowy5 = z4.string().regex(/^-?([1-9]\d{0,15}|0)(\.\d{1,2})?$/);
5763
- TRodzajFaktury4 = z4.enum(["VAT_RR", "KOR_VAT_RR"]);
5764
- TTypKorekty4 = z4.enum(["1", "2", "3", "4"]);
5765
- TNumerKSeF4 = z4.string().regex(/^([1-9]((\d[1-9])|([1-9]\d))\d{7}|M\d{9}|[A-Z]{3}\d{7})-(20[2-9][0-9]|2[1-9][0-9]{2}|[3-9][0-9]{3})(0[1-9]|1[0-2])(0[1-9]|[1-2][0-9]|3[0-1])-([0-9A-F]{6})-?([0-9A-F]{6})-([0-9A-F]{2})$/);
5766
- TNaturalny4 = z4.string();
5767
- TKluczWartosc4 = z4.object({
5768
- "NrWiersza": TNaturalny4.optional(),
5769
- "Klucz": TZnakowy5,
5770
- "Wartosc": TZnakowy5
5771
- }).strict();
5772
- TZnakowy504 = z4.string().min(1).max(50);
5773
- TIlosci4 = z4.string().regex(/^-?([1-9]\d{0,15}|0)(\.\d{1,6})?$/);
5774
- TKwotowy24 = z4.string().regex(/^-?([1-9]\d{0,13}|0)(\.\d{1,8})?$/);
5775
- TProcentowy4 = z4.coerce.number().min(0).max(100);
5776
- TStawkaPodatku4 = z4.enum(["6.5", "7"]);
5777
- TFormaPlatnosci4 = z4.literal("1");
5778
- TNrRB4 = z4.string().min(10).max(34);
5779
- SWIFT_Type4 = z4.string().regex(/^[A-Z]{6}[A-Z0-9]{2}([A-Z0-9]{3}){0,1}$/);
5780
- TRachunekBankowy4 = z4.object({
5781
- "NrRB": TNrRB4,
5782
- "SWIFT": SWIFT_Type4.optional(),
5783
- "NazwaBanku": TZnakowy5.optional(),
5784
- "OpisRachunku": TZnakowy5.optional()
5785
- }).strict();
5786
- TTekstowy4 = z4.string().min(1).max(3500);
5787
- TNrKRS4 = z4.string().regex(/^\d{10}$/);
5788
- TNrREGON4 = z4.union([z4.string().regex(/^\d{9}$/), z4.string().regex(/^\d{14}$/)]);
5789
- RR1_V10ESchema = z4.object({
5790
- "Naglowek": TNaglowek4,
5791
- "Podmiot1": z4.object({
5792
- "DaneIdentyfikacyjne": TPodmiot14,
5793
- "Adres": TAdres4,
5794
- "AdresKoresp": TAdres4.optional(),
5795
- "DaneKontaktowe": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.object({
5796
- "Email": TAdresEmail4.optional(),
5797
- "Telefon": TNumerTelefonu4.optional()
5798
- }).strict()).min(0).max(3)).optional(),
5799
- "NrKontrahenta": TZnakowy5.optional()
5800
- }).strict(),
5801
- "Podmiot2": z4.object({
5802
- "DaneIdentyfikacyjne": TPodmiot14,
5803
- "Adres": TAdres4,
5804
- "AdresKoresp": TAdres4.optional(),
5805
- "DaneKontaktowe": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.object({
5806
- "Email": TAdresEmail4.optional(),
5807
- "Telefon": TNumerTelefonu4.optional()
5808
- }).strict()).min(0).max(3)).optional(),
5809
- "StatusInfoPodatnika": TStatusInfoPodatnika4.optional()
5810
- }).strict(),
5811
- "Podmiot3": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.object({
5812
- "DaneIdentyfikacyjne": TPodmiot34,
5813
- "Adres": TAdres4.optional(),
5814
- "AdresKoresp": TAdres4.optional(),
5815
- "DaneKontaktowe": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.object({
5816
- "Email": TAdresEmail4.optional(),
5817
- "Telefon": TNumerTelefonu4.optional()
5818
- }).strict()).min(0).max(3)).optional(),
5819
- "Rola": TRolaPodmiotu34.optional(),
5820
- "RolaInna": TWybor14.optional(),
5821
- "OpisRoli": TZnakowy5.optional()
5822
- }).strict()).min(0).max(100)).optional(),
5823
- "FakturaRR": z4.object({
5824
- "KodWaluty": TKodWaluty4,
5825
- "P_1M": TZnakowy5.optional(),
5826
- "P_4A": TDataT4.optional(),
5827
- "P_4B": TDataT4,
5828
- "P_4C": TZnakowy5,
5829
- "P_11_1": TKwotowy5,
5830
- "P_11_1W": TKwotowy5.optional(),
5831
- "P_11_2": TKwotowy5,
5832
- "P_11_2W": TKwotowy5.optional(),
5833
- "P_12_1": TKwotowy5,
5834
- "P_12_1W": TKwotowy5.optional(),
5835
- "P_12_2": TZnakowy5,
5836
- "RodzajFaktury": TRodzajFaktury4,
5837
- "PrzyczynaKorekty": TZnakowy5.optional(),
5838
- "TypKorekty": TTypKorekty4.optional(),
5839
- "DaneFaKorygowanej": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.object({
5840
- "DataWystFaKorygowanej": TDataT4,
5841
- "NrFaKorygowanej": TZnakowy5,
5842
- "NrKSeF": TWybor14.optional(),
5843
- "NrKSeFFaKorygowanej": TNumerKSeF4.optional(),
5844
- "NrKSeFN": TWybor14.optional()
5845
- }).strict()).min(1).max(5e4)).optional(),
5846
- "NrFaKorygowany": TZnakowy5.optional(),
5847
- "Podmiot1K": z4.object({
5848
- "DaneIdentyfikacyjne": TPodmiot14,
5849
- "Adres": TAdres4
5850
- }).strict().optional(),
5851
- "Podmiot2K": z4.object({
5852
- "DaneIdentyfikacyjne": TPodmiot14,
5853
- "Adres": TAdres4
5854
- }).strict().optional(),
5855
- "DokumentZaplaty": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.object({
5856
- "NrDokumentu": TZnakowy5,
5857
- "DataDokumentu": TData4.optional()
5858
- }).strict()).min(0).max(50)).optional(),
5859
- "DodatkowyOpis": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(TKluczWartosc4).min(0).max(1e4)).optional(),
5860
- "FakturaRRWiersz": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.object({
5861
- "NrWierszaFa": TNaturalny4,
5862
- "UU_ID": TZnakowy504.optional(),
5863
- "P_4AA": TDataT4.optional(),
5864
- "P_5": TZnakowy5,
5865
- "GTIN": TZnakowy204.optional(),
5866
- "PKWiU": TZnakowy504.optional(),
5867
- "CN": TZnakowy504.optional(),
5868
- "P_6A": TZnakowy5,
5869
- "P_6B": TIlosci4,
5870
- "P_6C": TZnakowy5,
5871
- "P_7": TKwotowy24,
5872
- "P_8": TKwotowy5,
5873
- "P_9": TStawkaPodatku4,
5874
- "P_10": TKwotowy5,
5875
- "P_11": TKwotowy5,
5876
- "StanPrzed": TWybor14.optional(),
5877
- "KursWaluty": TIlosci4.optional()
5878
- }).strict()).min(0).max(1e4)).optional(),
5879
- "Rozliczenie": z4.object({
5880
- "Obciazenia": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.object({
5881
- "Kwota": TKwotowy5,
5882
- "Powod": TZnakowy5
5883
- }).strict()).min(0).max(100)).optional(),
5884
- "SumaObciazen": TKwotowy5.optional(),
5885
- "Odliczenia": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.object({
5886
- "Kwota": TKwotowy5,
5887
- "Powod": TZnakowy5
5888
- }).strict()).min(0).max(100)).optional(),
5889
- "SumaOdliczen": TKwotowy5.optional(),
5890
- "DoZaplaty": TKwotowy5.optional(),
5891
- "DoRozliczenia": TKwotowy5.optional()
5892
- }).strict().optional(),
5893
- "Platnosc": z4.object({
5894
- "FormaPlatnosci": TFormaPlatnosci4.optional(),
5895
- "PlatnoscInna": TWybor14.optional(),
5896
- "OpisPlatnosci": TZnakowy5.optional(),
5897
- "RachunekBankowy1": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(TRachunekBankowy4).min(0).max(3)).optional(),
5898
- "RachunekBankowy2": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(TRachunekBankowy4).min(0).max(3)).optional(),
5899
- "IPKSeF": z4.string().min(1).max(13).regex(/^[0-9]{3}[a-zA-Z0-9]{10}$/).optional(),
5900
- "LinkDoPlatnosci": z4.string().min(1).max(512).regex(/^(https?):\/\/([a-zA-Z0-9][a-zA-Z0-9-]*\.)+[a-zA-Z]{2,}(:[0-9]{1,5})?(\/[^\s?#]*)?\?([^#\s]*&)?IPKSeF=[0-9]{3}[a-zA-Z0-9]{10}(&[^#\s]*)?(#.*)?$/).optional()
5901
- }).strict().optional()
5902
- }).strict(),
5903
- "Stopka": z4.object({
5904
- "Informacje": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.object({
5905
- "StopkaFaktury": TTekstowy4.optional()
5906
- }).strict()).min(0).max(3)).optional(),
5907
- "Rejestry": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.object({
5908
- "PelnaNazwa": TZnakowy5.optional(),
5909
- "KRS": TNrKRS4.optional(),
5910
- "REGON": TNrREGON4.optional(),
5911
- "BDO": z4.string().min(1).max(9).optional()
5912
- }).strict()).min(0).max(100)).optional()
5913
- }).strict().optional()
6071
+ InvoiceType = z4.object({
6072
+ "UBLExtensions": z4.any().optional(),
6073
+ "UBLVersionID": z4.any().optional(),
6074
+ "CustomizationID": z4.any().optional(),
6075
+ "ProfileID": z4.any().optional(),
6076
+ "ProfileExecutionID": z4.any().optional(),
6077
+ "ID": z4.any(),
6078
+ "CopyIndicator": z4.any().optional(),
6079
+ "UUID": z4.any().optional(),
6080
+ "IssueDate": z4.any(),
6081
+ "IssueTime": z4.any().optional(),
6082
+ "DueDate": z4.any().optional(),
6083
+ "InvoiceTypeCode": z4.any().optional(),
6084
+ "Note": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.any()).min(0)).optional(),
6085
+ "TaxPointDate": z4.any().optional(),
6086
+ "DocumentCurrencyCode": z4.any().optional(),
6087
+ "TaxCurrencyCode": z4.any().optional(),
6088
+ "PricingCurrencyCode": z4.any().optional(),
6089
+ "PaymentCurrencyCode": z4.any().optional(),
6090
+ "PaymentAlternativeCurrencyCode": z4.any().optional(),
6091
+ "AccountingCostCode": z4.any().optional(),
6092
+ "AccountingCost": z4.any().optional(),
6093
+ "LineCountNumeric": z4.any().optional(),
6094
+ "BuyerReference": z4.any().optional(),
6095
+ "InvoicePeriod": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.any()).min(0)).optional(),
6096
+ "OrderReference": z4.any().optional(),
6097
+ "BillingReference": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.any()).min(0)).optional(),
6098
+ "DespatchDocumentReference": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.any()).min(0)).optional(),
6099
+ "ReceiptDocumentReference": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.any()).min(0)).optional(),
6100
+ "StatementDocumentReference": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.any()).min(0)).optional(),
6101
+ "OriginatorDocumentReference": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.any()).min(0)).optional(),
6102
+ "ContractDocumentReference": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.any()).min(0)).optional(),
6103
+ "AdditionalDocumentReference": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.any()).min(0)).optional(),
6104
+ "ProjectReference": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.any()).min(0)).optional(),
6105
+ "Signature": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.any()).min(0)).optional(),
6106
+ "AccountingSupplierParty": z4.any(),
6107
+ "AccountingCustomerParty": z4.any(),
6108
+ "PayeeParty": z4.any().optional(),
6109
+ "BuyerCustomerParty": z4.any().optional(),
6110
+ "SellerSupplierParty": z4.any().optional(),
6111
+ "TaxRepresentativeParty": z4.any().optional(),
6112
+ "Delivery": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.any()).min(0)).optional(),
6113
+ "DeliveryTerms": z4.any().optional(),
6114
+ "PaymentMeans": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.any()).min(0)).optional(),
6115
+ "PaymentTerms": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.any()).min(0)).optional(),
6116
+ "PrepaidPayment": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.any()).min(0)).optional(),
6117
+ "AllowanceCharge": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.any()).min(0)).optional(),
6118
+ "TaxExchangeRate": z4.any().optional(),
6119
+ "PricingExchangeRate": z4.any().optional(),
6120
+ "PaymentExchangeRate": z4.any().optional(),
6121
+ "PaymentAlternativeExchangeRate": z4.any().optional(),
6122
+ "TaxTotal": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.any()).min(0)).optional(),
6123
+ "WithholdingTaxTotal": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.any()).min(0)).optional(),
6124
+ "LegalMonetaryTotal": z4.any(),
6125
+ "InvoiceLine": z4.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z4.array(z4.any()).min(1))
5914
6126
  }).strict();
6127
+ PEF3Schema = InvoiceType;
5915
6128
  }
5916
6129
  });
5917
6130
 
5918
- // src/validation/schemas/pef3.ts
5919
- var pef3_exports = {};
5920
- __export(pef3_exports, {
5921
- PEF3Schema: () => PEF3Schema
6131
+ // src/validation/schemas/pef-kor3.ts
6132
+ var pef_kor3_exports = {};
6133
+ __export(pef_kor3_exports, {
6134
+ PEF_KOR3Schema: () => PEF_KOR3Schema
5922
6135
  });
5923
6136
  import { z as z5 } from "zod";
5924
- var InvoiceType, PEF3Schema;
5925
- var init_pef3 = __esm({
5926
- "src/validation/schemas/pef3.ts"() {
6137
+ var CreditNoteType, PEF_KOR3Schema;
6138
+ var init_pef_kor3 = __esm({
6139
+ "src/validation/schemas/pef-kor3.ts"() {
5927
6140
  "use strict";
5928
- InvoiceType = z5.object({
6141
+ CreditNoteType = z5.object({
5929
6142
  "UBLExtensions": z5.any().optional(),
5930
6143
  "UBLVersionID": z5.any().optional(),
5931
6144
  "CustomizationID": z5.any().optional(),
@@ -5936,10 +6149,9 @@ var init_pef3 = __esm({
5936
6149
  "UUID": z5.any().optional(),
5937
6150
  "IssueDate": z5.any(),
5938
6151
  "IssueTime": z5.any().optional(),
5939
- "DueDate": z5.any().optional(),
5940
- "InvoiceTypeCode": z5.any().optional(),
5941
- "Note": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5942
6152
  "TaxPointDate": z5.any().optional(),
6153
+ "CreditNoteTypeCode": z5.any().optional(),
6154
+ "Note": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5943
6155
  "DocumentCurrencyCode": z5.any().optional(),
5944
6156
  "TaxCurrencyCode": z5.any().optional(),
5945
6157
  "PricingCurrencyCode": z5.any().optional(),
@@ -5950,15 +6162,15 @@ var init_pef3 = __esm({
5950
6162
  "LineCountNumeric": z5.any().optional(),
5951
6163
  "BuyerReference": z5.any().optional(),
5952
6164
  "InvoicePeriod": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
6165
+ "DiscrepancyResponse": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5953
6166
  "OrderReference": z5.any().optional(),
5954
6167
  "BillingReference": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5955
6168
  "DespatchDocumentReference": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5956
6169
  "ReceiptDocumentReference": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5957
- "StatementDocumentReference": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5958
- "OriginatorDocumentReference": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5959
6170
  "ContractDocumentReference": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5960
6171
  "AdditionalDocumentReference": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5961
- "ProjectReference": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
6172
+ "StatementDocumentReference": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
6173
+ "OriginatorDocumentReference": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5962
6174
  "Signature": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5963
6175
  "AccountingSupplierParty": z5.any(),
5964
6176
  "AccountingCustomerParty": z5.any(),
@@ -5967,86 +6179,17 @@ var init_pef3 = __esm({
5967
6179
  "SellerSupplierParty": z5.any().optional(),
5968
6180
  "TaxRepresentativeParty": z5.any().optional(),
5969
6181
  "Delivery": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5970
- "DeliveryTerms": z5.any().optional(),
6182
+ "DeliveryTerms": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5971
6183
  "PaymentMeans": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5972
6184
  "PaymentTerms": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5973
- "PrepaidPayment": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5974
- "AllowanceCharge": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5975
6185
  "TaxExchangeRate": z5.any().optional(),
5976
6186
  "PricingExchangeRate": z5.any().optional(),
5977
6187
  "PaymentExchangeRate": z5.any().optional(),
5978
6188
  "PaymentAlternativeExchangeRate": z5.any().optional(),
6189
+ "AllowanceCharge": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5979
6190
  "TaxTotal": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5980
- "WithholdingTaxTotal": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(0)).optional(),
5981
6191
  "LegalMonetaryTotal": z5.any(),
5982
- "InvoiceLine": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(1))
5983
- }).strict();
5984
- PEF3Schema = InvoiceType;
5985
- }
5986
- });
5987
-
5988
- // src/validation/schemas/pef-kor3.ts
5989
- var pef_kor3_exports = {};
5990
- __export(pef_kor3_exports, {
5991
- PEF_KOR3Schema: () => PEF_KOR3Schema
5992
- });
5993
- import { z as z6 } from "zod";
5994
- var CreditNoteType, PEF_KOR3Schema;
5995
- var init_pef_kor3 = __esm({
5996
- "src/validation/schemas/pef-kor3.ts"() {
5997
- "use strict";
5998
- CreditNoteType = z6.object({
5999
- "UBLExtensions": z6.any().optional(),
6000
- "UBLVersionID": z6.any().optional(),
6001
- "CustomizationID": z6.any().optional(),
6002
- "ProfileID": z6.any().optional(),
6003
- "ProfileExecutionID": z6.any().optional(),
6004
- "ID": z6.any(),
6005
- "CopyIndicator": z6.any().optional(),
6006
- "UUID": z6.any().optional(),
6007
- "IssueDate": z6.any(),
6008
- "IssueTime": z6.any().optional(),
6009
- "TaxPointDate": z6.any().optional(),
6010
- "CreditNoteTypeCode": z6.any().optional(),
6011
- "Note": z6.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z6.array(z6.any()).min(0)).optional(),
6012
- "DocumentCurrencyCode": z6.any().optional(),
6013
- "TaxCurrencyCode": z6.any().optional(),
6014
- "PricingCurrencyCode": z6.any().optional(),
6015
- "PaymentCurrencyCode": z6.any().optional(),
6016
- "PaymentAlternativeCurrencyCode": z6.any().optional(),
6017
- "AccountingCostCode": z6.any().optional(),
6018
- "AccountingCost": z6.any().optional(),
6019
- "LineCountNumeric": z6.any().optional(),
6020
- "BuyerReference": z6.any().optional(),
6021
- "InvoicePeriod": z6.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z6.array(z6.any()).min(0)).optional(),
6022
- "DiscrepancyResponse": z6.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z6.array(z6.any()).min(0)).optional(),
6023
- "OrderReference": z6.any().optional(),
6024
- "BillingReference": z6.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z6.array(z6.any()).min(0)).optional(),
6025
- "DespatchDocumentReference": z6.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z6.array(z6.any()).min(0)).optional(),
6026
- "ReceiptDocumentReference": z6.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z6.array(z6.any()).min(0)).optional(),
6027
- "ContractDocumentReference": z6.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z6.array(z6.any()).min(0)).optional(),
6028
- "AdditionalDocumentReference": z6.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z6.array(z6.any()).min(0)).optional(),
6029
- "StatementDocumentReference": z6.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z6.array(z6.any()).min(0)).optional(),
6030
- "OriginatorDocumentReference": z6.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z6.array(z6.any()).min(0)).optional(),
6031
- "Signature": z6.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z6.array(z6.any()).min(0)).optional(),
6032
- "AccountingSupplierParty": z6.any(),
6033
- "AccountingCustomerParty": z6.any(),
6034
- "PayeeParty": z6.any().optional(),
6035
- "BuyerCustomerParty": z6.any().optional(),
6036
- "SellerSupplierParty": z6.any().optional(),
6037
- "TaxRepresentativeParty": z6.any().optional(),
6038
- "Delivery": z6.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z6.array(z6.any()).min(0)).optional(),
6039
- "DeliveryTerms": z6.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z6.array(z6.any()).min(0)).optional(),
6040
- "PaymentMeans": z6.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z6.array(z6.any()).min(0)).optional(),
6041
- "PaymentTerms": z6.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z6.array(z6.any()).min(0)).optional(),
6042
- "TaxExchangeRate": z6.any().optional(),
6043
- "PricingExchangeRate": z6.any().optional(),
6044
- "PaymentExchangeRate": z6.any().optional(),
6045
- "PaymentAlternativeExchangeRate": z6.any().optional(),
6046
- "AllowanceCharge": z6.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z6.array(z6.any()).min(0)).optional(),
6047
- "TaxTotal": z6.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z6.array(z6.any()).min(0)).optional(),
6048
- "LegalMonetaryTotal": z6.any(),
6049
- "CreditNoteLine": z6.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z6.array(z6.any()).min(1))
6192
+ "CreditNoteLine": z5.preprocess((v) => Array.isArray(v) ? v : v == null ? [] : [v], z5.array(z5.any()).min(1))
6050
6193
  }).strict();
6051
6194
  PEF_KOR3Schema = CreditNoteType;
6052
6195
  }
@@ -6059,16 +6202,14 @@ var init_schemas = __esm({
6059
6202
  "use strict";
6060
6203
  init_fa3();
6061
6204
  init_fa2();
6062
- init_rr1_v11e();
6063
- init_rr1_v10e();
6205
+ init_fa_rr1();
6064
6206
  init_pef3();
6065
6207
  init_pef_kor3();
6066
- SCHEMA_TYPES = ["FA3", "FA2", "RR1_V11E", "RR1_V10E", "PEF3", "PEF_KOR3"];
6208
+ SCHEMA_TYPES = ["FA3", "FA2", "FA_RR1", "PEF3", "PEF_KOR3"];
6067
6209
  NAMESPACE_MAP = {
6068
6210
  "http://crd.gov.pl/wzor/2025/06/25/13775/": "FA3",
6069
6211
  "http://crd.gov.pl/wzor/2023/06/29/12648/": "FA2",
6070
- "http://crd.gov.pl/wzor/2026/03/06/14189/": "RR1_V11E",
6071
- "http://crd.gov.pl/wzor/2026/02/17/14164/": "RR1_V10E",
6212
+ "http://crd.gov.pl/wzor/2026/03/06/14189/": "FA_RR1",
6072
6213
  "urn:oasis:names:specification:ubl:schema:xsd:Invoice-2": "PEF3",
6073
6214
  "urn:oasis:names:specification:ubl:schema:xsd:CreditNote-2": "PEF_KOR3"
6074
6215
  };
@@ -6087,11 +6228,8 @@ async function loadSchema(type) {
6087
6228
  case "FA2":
6088
6229
  mod = await Promise.resolve().then(() => (init_fa2(), fa2_exports));
6089
6230
  break;
6090
- case "RR1_V11E":
6091
- mod = await Promise.resolve().then(() => (init_rr1_v11e(), rr1_v11e_exports));
6092
- break;
6093
- case "RR1_V10E":
6094
- mod = await Promise.resolve().then(() => (init_rr1_v10e(), rr1_v10e_exports));
6231
+ case "FA_RR1":
6232
+ mod = await Promise.resolve().then(() => (init_fa_rr1(), fa_rr1_exports));
6095
6233
  break;
6096
6234
  case "PEF3":
6097
6235
  mod = await Promise.resolve().then(() => (init_pef3(), pef3_exports));
@@ -6131,7 +6269,7 @@ var init_schema_registry = __esm({
6131
6269
  * List all available schema types.
6132
6270
  */
6133
6271
  availableSchemas() {
6134
- return ["FA3", "FA2", "RR1_V11E", "RR1_V10E", "PEF3", "PEF_KOR3"];
6272
+ return ["FA3", "FA2", "FA_RR1", "PEF3", "PEF_KOR3"];
6135
6273
  },
6136
6274
  /**
6137
6275
  * Detect schema type from XML namespace URI and/or root element name.
@@ -6264,40 +6402,6 @@ var init_char_validity = __esm({
6264
6402
  }
6265
6403
  });
6266
6404
 
6267
- // src/validation/patterns.ts
6268
- function isValidNip(value) {
6269
- if (!Nip.test(value)) return false;
6270
- let sum = 0;
6271
- for (let i = 0; i < 9; i++) {
6272
- sum += Number(value[i]) * NIP_WEIGHTS[i];
6273
- }
6274
- const checksum = sum % 11;
6275
- return checksum !== 10 && checksum === Number(value[9]);
6276
- }
6277
- function isValidPesel(value) {
6278
- if (!Pesel.test(value)) return false;
6279
- let sum = 0;
6280
- for (let i = 0; i < 10; i++) {
6281
- sum += Number(value[i]) * PESEL_WEIGHTS[i];
6282
- }
6283
- const checksum = (10 - sum % 10) % 10;
6284
- return checksum === Number(value[10]);
6285
- }
6286
- var NIP_PATTERN_CORE, VAT_UE_PATTERN_CORE, Nip, VatUe, NipVatUe, Pesel, NIP_WEIGHTS, PESEL_WEIGHTS;
6287
- var init_patterns = __esm({
6288
- "src/validation/patterns.ts"() {
6289
- "use strict";
6290
- NIP_PATTERN_CORE = "[1-9]((\\d[1-9])|([1-9]\\d))\\d{7}";
6291
- VAT_UE_PATTERN_CORE = "(ATU\\d{8}|BE[01]{1}\\d{9}|BG\\d{9,10}|CY\\d{8}[A-Z]|CZ\\d{8,10}|DE\\d{9}|DK\\d{8}|EE\\d{9}|EL\\d{9}|ES([A-Z]\\d{8}|\\d{8}[A-Z]|[A-Z]\\d{7}[A-Z])|FI\\d{8}|FR[A-Z0-9]{2}\\d{9}|HR\\d{11}|HU\\d{8}|IE(\\d{7}[A-Z]{2}|\\d[A-Z0-9+*]\\d{5}[A-Z])|IT\\d{11}|LT(\\d{9}|\\d{12})|LU\\d{8}|LV\\d{11}|MT\\d{8}|NL[A-Z0-9+*]{12}|PT\\d{9}|RO\\d{2,10}|SE\\d{12}|SI\\d{8}|SK\\d{10}|XI((\\d{9}|\\d{12})|(GD|HA)\\d{3}))";
6292
- Nip = new RegExp(`^${NIP_PATTERN_CORE}$`);
6293
- VatUe = new RegExp(`^${VAT_UE_PATTERN_CORE}$`);
6294
- NipVatUe = new RegExp(`^${NIP_PATTERN_CORE}-${VAT_UE_PATTERN_CORE}$`);
6295
- Pesel = /^\d{2}(?:0[1-9]|1[0-2]|2[1-9]|3[0-2]|4[1-9]|5[0-2]|6[1-9]|7[0-2]|8[1-9]|9[0-2])\d{7}$/;
6296
- NIP_WEIGHTS = [6, 5, 7, 2, 3, 4, 5, 6, 7];
6297
- PESEL_WEIGHTS = [1, 3, 7, 9, 1, 3, 7, 9, 1, 3];
6298
- }
6299
- });
6300
-
6301
6405
  // src/validation/invoice-validator.ts
6302
6406
  var invoice_validator_exports = {};
6303
6407
  __export(invoice_validator_exports, {
@@ -6552,6 +6656,7 @@ var init_batch_file = __esm({
6552
6656
  batchFile: {
6553
6657
  fileSize: zipBytes.length,
6554
6658
  fileHash: zipHash,
6659
+ ...options?.compressionType && { compressionType: options.compressionType },
6555
6660
  fileParts
6556
6661
  },
6557
6662
  encryptedParts
@@ -6654,6 +6759,7 @@ var init_batch_file = __esm({
6654
6759
  batchFile: {
6655
6760
  fileSize: zipSize,
6656
6761
  fileHash: zipMeta.hashSHA,
6762
+ ...options?.compressionType && { compressionType: options.compressionType },
6657
6763
  fileParts
6658
6764
  },
6659
6765
  streamParts
@@ -6677,11 +6783,10 @@ async function uploadBatch(client, zipData, options) {
6677
6783
  }
6678
6784
  await client.crypto.init();
6679
6785
  if (options?.validate) {
6680
- const { unzip: unzip2 } = await Promise.resolve().then(() => (init_zip(), zip_exports));
6681
6786
  const { validateBatch: validateBatch2, batchValidationDetails: batchValidationDetails2 } = await Promise.resolve().then(() => (init_invoice_validator(), invoice_validator_exports));
6682
6787
  const { KSeFValidationError: KSeFValidationError2 } = await Promise.resolve().then(() => (init_ksef_validation_error(), ksef_validation_error_exports));
6683
6788
  const zipBuf = Buffer.isBuffer(zipData) ? zipData : Buffer.from(zipData.buffer, zipData.byteOffset, zipData.byteLength);
6684
- const files = await unzip2(zipBuf);
6789
+ const files = options?.compressionType === "TarGz" ? await (await Promise.resolve().then(() => (init_targz(), targz_exports))).extractTarGz(zipBuf) : await (await Promise.resolve().then(() => (init_zip(), zip_exports))).unzip(zipBuf);
6685
6790
  const invoices2 = [...files.entries()].filter(([name]) => name.endsWith(".xml")).map(([name, data]) => ({ fileName: name, xml: data.toString("utf-8") }));
6686
6791
  if (invoices2.length > 0) {
6687
6792
  const result2 = await validateBatch2(invoices2);
@@ -6694,21 +6799,25 @@ async function uploadBatch(client, zipData, options) {
6694
6799
  }
6695
6800
  }
6696
6801
  }
6697
- const encData = await client.crypto.getEncryptionData();
6698
6802
  const formCode = options?.formCode ?? DEFAULT_FORM_CODE;
6699
- const encryptFn = (part) => client.crypto.encryptAES256(part, encData.cipherKey, encData.cipherIv);
6700
- const { batchFile, encryptedParts } = BatchFileBuilder.build(zipData, encryptFn, {
6701
- maxPartSize: options?.maxPartSize
6803
+ const { batchFile, encryptedParts, openResp } = await withKeyRotationRetry(client.crypto, async () => {
6804
+ const encData = await client.crypto.getEncryptionData();
6805
+ const encryptFn = (part) => client.crypto.encryptAES256(part, encData.cipherKey, encData.cipherIv);
6806
+ const { batchFile: batchFile2, encryptedParts: encryptedParts2 } = BatchFileBuilder.build(zipData, encryptFn, {
6807
+ maxPartSize: options?.maxPartSize,
6808
+ compressionType: options?.compressionType
6809
+ });
6810
+ const openResp2 = await client.batchSession.openSession(
6811
+ {
6812
+ formCode,
6813
+ encryption: encData.encryptionInfo,
6814
+ batchFile: batchFile2,
6815
+ offlineMode: options?.offlineMode
6816
+ },
6817
+ options?.upoVersion
6818
+ );
6819
+ return { batchFile: batchFile2, encryptedParts: encryptedParts2, openResp: openResp2 };
6702
6820
  });
6703
- const openResp = await client.batchSession.openSession(
6704
- {
6705
- formCode,
6706
- encryption: encData.encryptionInfo,
6707
- batchFile,
6708
- offlineMode: options?.offlineMode
6709
- },
6710
- options?.upoVersion
6711
- );
6712
6821
  const sendingParts = encryptedParts.map((part, i) => ({
6713
6822
  data: part.buffer.slice(part.byteOffset, part.byteOffset + part.byteLength),
6714
6823
  metadata: {
@@ -6742,26 +6851,29 @@ async function uploadBatchStream(client, zipStreamFactory, zipSize, options) {
6742
6851
  throw new Error("parallelism must be a positive integer");
6743
6852
  }
6744
6853
  await client.crypto.init();
6745
- const encData = await client.crypto.getEncryptionData();
6746
6854
  const formCode = options?.formCode ?? DEFAULT_FORM_CODE;
6747
- const encryptStreamFn = (stream) => client.crypto.encryptAES256Stream(stream, encData.cipherKey, encData.cipherIv);
6748
- const hashStreamFn = (stream) => client.crypto.getFileMetadataFromStream(stream);
6749
- const { batchFile, streamParts } = await BatchFileBuilder.buildFromStream(
6750
- zipStreamFactory,
6751
- zipSize,
6752
- encryptStreamFn,
6753
- hashStreamFn,
6754
- { maxPartSize: options?.maxPartSize }
6755
- );
6756
- const openResp = await client.batchSession.openSession(
6757
- {
6758
- formCode,
6759
- encryption: encData.encryptionInfo,
6760
- batchFile,
6761
- offlineMode: options?.offlineMode
6762
- },
6763
- options?.upoVersion
6764
- );
6855
+ const { streamParts, openResp } = await withKeyRotationRetry(client.crypto, async () => {
6856
+ const encData = await client.crypto.getEncryptionData();
6857
+ const encryptStreamFn = (stream) => client.crypto.encryptAES256Stream(stream, encData.cipherKey, encData.cipherIv);
6858
+ const hashStreamFn = (stream) => client.crypto.getFileMetadataFromStream(stream);
6859
+ const { batchFile, streamParts: streamParts2 } = await BatchFileBuilder.buildFromStream(
6860
+ zipStreamFactory,
6861
+ zipSize,
6862
+ encryptStreamFn,
6863
+ hashStreamFn,
6864
+ { maxPartSize: options?.maxPartSize, compressionType: options?.compressionType }
6865
+ );
6866
+ const openResp2 = await client.batchSession.openSession(
6867
+ {
6868
+ formCode,
6869
+ encryption: encData.encryptionInfo,
6870
+ batchFile,
6871
+ offlineMode: options?.offlineMode
6872
+ },
6873
+ options?.upoVersion
6874
+ );
6875
+ return { streamParts: streamParts2, openResp: openResp2 };
6876
+ });
6765
6877
  await client.batchSession.sendPartsWithStream(openResp, streamParts, options?.parallelism);
6766
6878
  await client.batchSession.closeSession(openResp.referenceNumber);
6767
6879
  const result = await pollUntil(
@@ -6812,6 +6924,7 @@ var init_batch_session_workflow = __esm({
6812
6924
  init_document_structures();
6813
6925
  init_batch_file();
6814
6926
  init_polling();
6927
+ init_with_key_rotation_retry();
6815
6928
  init_xml();
6816
6929
  }
6817
6930
  });
@@ -7208,22 +7321,24 @@ function clearCredentials() {
7208
7321
  // src/workflows/auth-workflow.ts
7209
7322
  init_polling();
7210
7323
  init_auth_xml_builder();
7211
- async function authenticateWithToken(client, options) {
7212
- const challenge2 = await client.auth.getChallenge();
7213
- await client.crypto.init();
7214
- const encryptedToken = await client.crypto.encryptKsefToken(options.token, challenge2.timestamp);
7215
- const submitResult = await client.auth.submitKsefTokenAuthRequest({
7216
- challenge: challenge2.challenge,
7217
- contextIdentifier: { type: "Nip", value: options.nip },
7218
- encryptedToken: Buffer.from(encryptedToken).toString("base64"),
7219
- authorizationPolicy: options.authorizationPolicy
7220
- });
7221
- const authToken = submitResult.authenticationToken.token;
7222
- await pollUntil(
7223
- () => client.auth.getAuthStatus(submitResult.referenceNumber, authToken),
7224
- (s) => s.status.code !== 100,
7225
- { ...options.pollOptions, description: `auth ${submitResult.referenceNumber}` }
7324
+ init_with_key_rotation_retry();
7325
+ init_ksef_auth_status_error();
7326
+ var AUTH_STATUS_SUCCESS = 200;
7327
+ var AUTH_STATUS_IN_PROGRESS = 100;
7328
+ async function awaitAuthentication(client, referenceNumber, authToken, pollOptions) {
7329
+ const final = await pollUntil(
7330
+ () => client.auth.getAuthStatus(referenceNumber, authToken),
7331
+ (s) => s.status.code !== AUTH_STATUS_IN_PROGRESS,
7332
+ { ...pollOptions, description: `auth ${referenceNumber}` }
7226
7333
  );
7334
+ if (final.status.code !== AUTH_STATUS_SUCCESS) {
7335
+ const details = final.status.details?.length ? ` (${final.status.details.join("; ")})` : "";
7336
+ throw new KSeFAuthStatusError(
7337
+ `Authentication failed with status ${final.status.code}: ${final.status.description}${details}`,
7338
+ referenceNumber,
7339
+ final.status.description
7340
+ );
7341
+ }
7227
7342
  const tokens = await client.auth.getAccessToken(authToken);
7228
7343
  client.authManager.setAccessToken(tokens.accessToken.token);
7229
7344
  client.authManager.setRefreshToken(tokens.refreshToken.token);
@@ -7234,6 +7349,22 @@ async function authenticateWithToken(client, options) {
7234
7349
  refreshTokenValidUntil: tokens.refreshToken.validUntil
7235
7350
  };
7236
7351
  }
7352
+ async function authenticateWithToken(client, options) {
7353
+ const challenge2 = await client.auth.getChallenge();
7354
+ await client.crypto.init();
7355
+ const submitResult = await withKeyRotationRetry(client.crypto, async () => {
7356
+ const { encryptedToken, publicKeyId } = await client.crypto.encryptKsefTokenWithKeyId(options.token, challenge2.timestamp);
7357
+ return client.auth.submitKsefTokenAuthRequest({
7358
+ challenge: challenge2.challenge,
7359
+ contextIdentifier: { type: "Nip", value: options.nip },
7360
+ encryptedToken: Buffer.from(encryptedToken).toString("base64"),
7361
+ publicKeyId,
7362
+ authorizationPolicy: options.authorizationPolicy
7363
+ });
7364
+ });
7365
+ const authToken = submitResult.authenticationToken.token;
7366
+ return awaitAuthentication(client, submitResult.referenceNumber, authToken, options.pollOptions);
7367
+ }
7237
7368
 
7238
7369
  // src/cli/session-recovery.ts
7239
7370
  async function recoverSession(globalOpts) {
@@ -7765,6 +7896,7 @@ import { defineCommand as defineCommand3 } from "citty";
7765
7896
  import { consola as consola8 } from "consola";
7766
7897
  init_document_structures();
7767
7898
  init_xml();
7899
+ init_with_key_rotation_retry();
7768
7900
  function getGlobalOpts2(args) {
7769
7901
  return {
7770
7902
  env: args.env,
@@ -7795,7 +7927,6 @@ var open = defineCommand3({
7795
7927
  throw new Error("NIP is required. Provide --nip or set it via `ksef config set --nip <nip>`.");
7796
7928
  }
7797
7929
  await client.crypto.init();
7798
- const encryptionData = await client.crypto.getEncryptionData();
7799
7930
  const formCodeKey = args.formCode;
7800
7931
  let formCode = DEFAULT_FORM_CODE;
7801
7932
  if (formCodeKey) {
@@ -7809,9 +7940,13 @@ var open = defineCommand3({
7809
7940
  throw new Error("Batch session open is used internally by `ksef invoice send <dir>`. Use `ksef session open` for online sessions.");
7810
7941
  }
7811
7942
  if (!args.json) consola8.start("Opening online session...");
7812
- const result = await client.onlineSession.openSession(
7813
- { formCode, encryption: encryptionData.encryptionInfo }
7814
- );
7943
+ const { encryptionData, result } = await withKeyRotationRetry(client.crypto, async () => {
7944
+ const encryptionData2 = await client.crypto.getEncryptionData();
7945
+ const result2 = await client.onlineSession.openSession(
7946
+ { formCode, encryption: encryptionData2.encryptionInfo }
7947
+ );
7948
+ return { encryptionData: encryptionData2, result: result2 };
7949
+ });
7815
7950
  saveOnlineSessionRef(result.referenceNumber, {
7816
7951
  cipherKey: Buffer.from(encryptionData.cipherKey).toString("base64"),
7817
7952
  cipherIv: Buffer.from(encryptionData.cipherIv).toString("base64")
@@ -8217,7 +8352,7 @@ var sessionCommand = defineCommand3({
8217
8352
  // src/cli/commands/invoice.ts
8218
8353
  import * as fs11 from "node:fs";
8219
8354
  import * as path8 from "node:path";
8220
- import { Readable } from "node:stream";
8355
+ import { Readable as Readable2 } from "node:stream";
8221
8356
  import { defineCommand as defineCommand6 } from "citty";
8222
8357
  import { consola as consola11 } from "consola";
8223
8358
  init_document_structures();
@@ -8252,7 +8387,9 @@ var FileHwmStore = class {
8252
8387
 
8253
8388
  // src/workflows/invoice-export-workflow.ts
8254
8389
  init_zip();
8390
+ init_targz();
8255
8391
  init_polling();
8392
+ init_with_key_rotation_retry();
8256
8393
 
8257
8394
  // src/utils/hash.ts
8258
8395
  import crypto5 from "node:crypto";
@@ -8266,11 +8403,15 @@ function verifyHash(data, expectedHash) {
8266
8403
  // src/workflows/invoice-export-workflow.ts
8267
8404
  async function doExport(client, filters, options) {
8268
8405
  await client.crypto.init();
8269
- const encData = await client.crypto.getEncryptionData();
8270
- const opResp = await client.invoices.exportInvoices({
8271
- encryption: encData.encryptionInfo,
8272
- filters,
8273
- onlyMetadata: options?.onlyMetadata
8406
+ const { encData, opResp } = await withKeyRotationRetry(client.crypto, async () => {
8407
+ const encData2 = await client.crypto.getEncryptionData();
8408
+ const opResp2 = await client.invoices.exportInvoices({
8409
+ encryption: encData2.encryptionInfo,
8410
+ filters,
8411
+ onlyMetadata: options?.onlyMetadata,
8412
+ ...options?.compressionType && { compressionType: options.compressionType }
8413
+ });
8414
+ return { encData: encData2, opResp: opResp2 };
8274
8415
  });
8275
8416
  const result = await pollUntil(
8276
8417
  () => client.invoices.getInvoiceExportStatus(opResp.referenceNumber),
@@ -9110,6 +9251,7 @@ var invoiceBuild = defineCommand5({
9110
9251
  init_invoice_validator();
9111
9252
  init_ksef_validation_error();
9112
9253
  init_schemas();
9254
+ init_with_key_rotation_retry();
9113
9255
  function getGlobalOpts4(args) {
9114
9256
  return {
9115
9257
  env: args.env,
@@ -9217,7 +9359,7 @@ var send = defineCommand6({
9217
9359
  }
9218
9360
  const { uploadBatchStream: uploadBatchStream2 } = await Promise.resolve().then(() => (init_batch_session_workflow(), batch_session_workflow_exports));
9219
9361
  const zipSize = stat.size;
9220
- const zipStreamFactory = () => Readable.toWeb(fs11.createReadStream(filePath));
9362
+ const zipStreamFactory = () => Readable2.toWeb(fs11.createReadStream(filePath));
9221
9363
  if (!args.json) consola11.start(`Sending batch via stream (${(zipSize / 1e6).toFixed(1)} MB)...`);
9222
9364
  const result = await uploadBatchStream2(client, zipStreamFactory, zipSize, {
9223
9365
  formCode,
@@ -9262,7 +9404,6 @@ var send = defineCommand6({
9262
9404
  }
9263
9405
  if (!args.json) consola11.start(`Sending ${xmlFiles.length} invoices via batch session...`);
9264
9406
  await client.crypto.init();
9265
- const encryptionData = await client.crypto.getEncryptionData();
9266
9407
  const parts = fileBuffers.map(({ content }, i) => {
9267
9408
  const metadata = client.crypto.getFileMetadata(new Uint8Array(content));
9268
9409
  return {
@@ -9282,9 +9423,12 @@ var send = defineCommand6({
9282
9423
  fileHash: p.metadata.hashSHA
9283
9424
  }))
9284
9425
  };
9285
- const openResult = await client.batchSession.openSession(
9286
- { formCode, batchFile: batchFileInfo, encryption: encryptionData.encryptionInfo }
9287
- );
9426
+ const openResult = await withKeyRotationRetry(client.crypto, async () => {
9427
+ const encryptionData = await client.crypto.getEncryptionData();
9428
+ return client.batchSession.openSession(
9429
+ { formCode, batchFile: batchFileInfo, encryption: encryptionData.encryptionInfo }
9430
+ );
9431
+ });
9288
9432
  saveOnlineSessionRef(openResult.referenceNumber);
9289
9433
  await client.batchSession.sendParts(openResult, parts, parallelism);
9290
9434
  await client.batchSession.closeSession(openResult.referenceNumber);
@@ -9439,11 +9583,13 @@ var exportCmd = defineCommand6({
9439
9583
  const { client } = await requireSession(globalOpts);
9440
9584
  if (!args.json) consola11.start("Starting invoice export...");
9441
9585
  await client.crypto.init();
9442
- const encryptionData = await client.crypto.getEncryptionData();
9443
9586
  const filters = buildQueryFilters(args);
9444
- const result = await client.invoices.exportInvoices(
9445
- { encryption: encryptionData.encryptionInfo, filters, onlyMetadata: args.onlyMetadata }
9446
- );
9587
+ const result = await withKeyRotationRetry(client.crypto, async () => {
9588
+ const encryptionData = await client.crypto.getEncryptionData();
9589
+ return client.invoices.exportInvoices(
9590
+ { encryption: encryptionData.encryptionInfo, filters, onlyMetadata: args.onlyMetadata }
9591
+ );
9592
+ });
9447
9593
  if (args.json) {
9448
9594
  outputResult(result, { json: true });
9449
9595
  } else {