n8n-nodes-takeoff-pro 0.1.0

package/README.md

@@ -0,0 +1,55 @@
+# n8n-nodes-exayard
+
+n8n community node for [Exayard](https://exayard.com) — AI-powered construction takeoffs, estimates, and bids.
+
+## Install
+
+In your n8n instance:
+
+```
+npm install n8n-nodes-exayard
+```
+
+Restart n8n. The package ships two nodes (`Exayard` and `Exayard Trigger`) and one credential type (`Exayard API`).
+
+## Authentication
+
+1. Sign in to Exayard at https://exayard.com.
+2. Open **Settings → Developer** and create an API key. Scope it to read or write per resource — least-privilege keys keep workflows safe.
+3. In n8n, **Credentials → New → Exayard API** and paste the key. The default base URL (`https://api.exayard.com/v1`) is correct for production.
+
+## Nodes
+
+### Exayard (action)
+
+| Resource | Operations |
+|---|---|
+| Project  | List, Get, Create, Archive, Export |
+| Webhook  | List Endpoints, Create Endpoint, Delete Endpoint, List Deliveries |
+| Help     | Search |
+| Me       | Get |
+
+### Exayard Trigger
+
+Subscribes to Exayard lifecycle events and emits a workflow run per delivery. Supported events:
+
+- `project.{created,updated,archived}`
+- `assessment.{started,completed,approved,cancelled}`
+- `estimate.generated`
+- `bid.generated`
+- `file.processed`
+- `*` (all events)
+
+Activating the trigger registers a webhook endpoint at Exayard pointing at the n8n production URL. Deactivating it deletes the endpoint so you do not leak orphan subscriptions. Signatures are verified per-delivery (HMAC-SHA256, 5-minute timestamp window).
+
+## Links
+
+- Marketing landing page: https://exayard.com/integrations/n8n
+- API docs: https://developers.exayard.com
+- OpenAPI: https://api.exayard.com/v1/openapi.json
+- Status: https://status.exayard.com
+- Source: https://github.com/exayard/exayard-mcp-examples
+
+## License
+
+MIT.

package/dist/credentials/ExayardApi.credentials.d.ts

@@ -0,0 +1,14 @@
+import type { ICredentialType, INodeProperties } from 'n8n-workflow';
+/**
+ * Credential type for the Exayard n8n nodes.
+ *
+ * Stores an Exayard API key generated at
+ * https://exayard.com/settings/developer. The key is sent on every
+ * request as `Authorization: Bearer <key>`.
+ */
+export declare class ExayardApi implements ICredentialType {
+    name: string;
+    displayName: string;
+    documentationUrl: string;
+    properties: INodeProperties[];
+}

package/dist/credentials/ExayardApi.credentials.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ExayardApi = void 0;
+/**
+ * Credential type for the Exayard n8n nodes.
+ *
+ * Stores an Exayard API key generated at
+ * https://exayard.com/settings/developer. The key is sent on every
+ * request as `Authorization: Bearer <key>`.
+ */
+class ExayardApi {
+    name = 'exayardApi';
+    displayName = 'Exayard API';
+    documentationUrl = 'https://developers.exayard.com/authentication';
+    properties = [
+        {
+            displayName: 'API Key',
+            name: 'apiKey',
+            type: 'string',
+            typeOptions: { password: true },
+            default: '',
+            required: true,
+            description: 'Generate one at Exayard → Settings → Developer. Scope to read:* or read:*/write:* depending on what this workflow needs.'
+        },
+        {
+            displayName: 'Base URL',
+            name: 'baseUrl',
+            type: 'string',
+            default: 'https://api.exayard.com/v1',
+            description: 'Override only if you are pointing at a non-production deployment.'
+        }
+    ];
+}
+exports.ExayardApi = ExayardApi;

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+export { ExayardApi } from './credentials/ExayardApi.credentials';
+export { Exayard } from './nodes/Exayard/Exayard.node';
+export { ExayardTrigger } from './nodes/ExayardTrigger/ExayardTrigger.node';

package/dist/index.js

@@ -0,0 +1,13 @@
+"use strict";
+// Re-exports so consumers (and the n8n loader) can import the node and
+// credential classes without reaching into the dist tree directly. The
+// actual `n8n` package.json field still points at compiled dist/*.js so
+// runtime discovery does not depend on this file.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ExayardTrigger = exports.Exayard = exports.ExayardApi = void 0;
+var ExayardApi_credentials_1 = require("./credentials/ExayardApi.credentials");
+Object.defineProperty(exports, "ExayardApi", { enumerable: true, get: function () { return ExayardApi_credentials_1.ExayardApi; } });
+var Exayard_node_1 = require("./nodes/Exayard/Exayard.node");
+Object.defineProperty(exports, "Exayard", { enumerable: true, get: function () { return Exayard_node_1.Exayard; } });
+var ExayardTrigger_node_1 = require("./nodes/ExayardTrigger/ExayardTrigger.node");
+Object.defineProperty(exports, "ExayardTrigger", { enumerable: true, get: function () { return ExayardTrigger_node_1.ExayardTrigger; } });

package/dist/nodes/Exayard/Exayard.node.d.ts

@@ -0,0 +1,12 @@
+import type { IExecuteFunctions, INodeExecutionData, INodeType, INodeTypeDescription } from 'n8n-workflow';
+/**
+ * Action node for the Exayard API.
+ *
+ * Mirrors the @exayard/sdk surface: Projects, Webhooks, Help, Me.
+ * Each operation maps directly to a method on the SDK client so the
+ * shape stays in sync when new endpoints land.
+ */
+export declare class Exayard implements INodeType {
+    description: INodeTypeDescription;
+    execute(this: IExecuteFunctions): Promise<INodeExecutionData[][]>;
+}

package/dist/nodes/Exayard/Exayard.node.js

@@ -0,0 +1,321 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Exayard = void 0;
+const vendor_1 = require("../../src/vendor");
+const n8n_workflow_1 = require("n8n-workflow");
+/**
+ * Action node for the Exayard API.
+ *
+ * Mirrors the @exayard/sdk surface: Projects, Webhooks, Help, Me.
+ * Each operation maps directly to a method on the SDK client so the
+ * shape stays in sync when new endpoints land.
+ */
+class Exayard {
+    description = {
+        displayName: 'Exayard',
+        name: 'exayard',
+        icon: 'file:Exayard.svg',
+        group: ['transform'],
+        version: 1,
+        subtitle: '={{$parameter["resource"] + ": " + $parameter["operation"]}}',
+        description: 'AI-powered construction takeoffs, estimates, and bids',
+        defaults: { name: 'Exayard' },
+        inputs: ['main'],
+        outputs: ['main'],
+        credentials: [{ name: 'exayardApi', required: true }],
+        properties: [
+            {
+                displayName: 'Resource',
+                name: 'resource',
+                type: 'options',
+                noDataExpression: true,
+                default: 'project',
+                options: [
+                    { name: 'Project', value: 'project' },
+                    { name: 'Webhook', value: 'webhook' },
+                    { name: 'Help', value: 'help' },
+                    { name: 'Me', value: 'me' }
+                ]
+            },
+            // Project operations
+            {
+                displayName: 'Operation',
+                name: 'operation',
+                type: 'options',
+                noDataExpression: true,
+                default: 'list',
+                displayOptions: { show: { resource: ['project'] } },
+                options: [
+                    { name: 'List', value: 'list', action: 'List projects', description: 'List projects in an organization' },
+                    { name: 'Get', value: 'get', action: 'Get a project', description: 'Get a single project by ID' },
+                    { name: 'Create', value: 'create', action: 'Create a project', description: 'Create a new project' },
+                    { name: 'Archive', value: 'archive', action: 'Archive a project', description: 'Archive an existing project' },
+                    { name: 'Export', value: 'export', action: 'Export a project', description: 'Export project data' }
+                ]
+            },
+            // Webhook operations
+            {
+                displayName: 'Operation',
+                name: 'operation',
+                type: 'options',
+                noDataExpression: true,
+                default: 'list',
+                displayOptions: { show: { resource: ['webhook'] } },
+                options: [
+                    { name: 'List Endpoints', value: 'list', action: 'List webhook endpoints' },
+                    { name: 'Create Endpoint', value: 'create', action: 'Create a webhook endpoint' },
+                    { name: 'Delete Endpoint', value: 'delete', action: 'Delete a webhook endpoint' },
+                    { name: 'List Deliveries', value: 'deliveries', action: 'List deliveries for an endpoint' }
+                ]
+            },
+            // Help operations
+            {
+                displayName: 'Operation',
+                name: 'operation',
+                type: 'options',
+                noDataExpression: true,
+                default: 'search',
+                displayOptions: { show: { resource: ['help'] } },
+                options: [{ name: 'Search', value: 'search', action: 'Search help articles' }]
+            },
+            // Me operations
+            {
+                displayName: 'Operation',
+                name: 'operation',
+                type: 'options',
+                noDataExpression: true,
+                default: 'get',
+                displayOptions: { show: { resource: ['me'] } },
+                options: [{ name: 'Get', value: 'get', action: 'Get the authenticated identity' }]
+            },
+            // Shared org ID
+            {
+                displayName: 'Organization ID',
+                name: 'organizationId',
+                type: 'string',
+                default: '',
+                required: true,
+                description: 'Exayard organization ID (org_...)',
+                displayOptions: { show: { resource: ['project', 'webhook'] } }
+            },
+            // Project: Get / Archive / Export — ID
+            {
+                displayName: 'Project ID',
+                name: 'projectId',
+                type: 'string',
+                default: '',
+                required: true,
+                displayOptions: { show: { resource: ['project'], operation: ['get', 'archive', 'export'] } }
+            },
+            // Project: List — optional filters
+            {
+                displayName: 'Status',
+                name: 'status',
+                type: 'string',
+                default: '',
+                description: 'Optional status filter (active, draft, archived, etc.)',
+                displayOptions: { show: { resource: ['project'], operation: ['list'] } }
+            },
+            {
+                displayName: 'Search',
+                name: 'search',
+                type: 'string',
+                default: '',
+                description: 'Free-text search across project names',
+                displayOptions: { show: { resource: ['project'], operation: ['list'] } }
+            },
+            {
+                displayName: 'Limit',
+                name: 'limit',
+                type: 'number',
+                default: 50,
+                typeOptions: { minValue: 1, maxValue: 200 },
+                description: 'Max number of projects per page',
+                displayOptions: { show: { resource: ['project'], operation: ['list'] } }
+            },
+            // Project: Create — name
+            {
+                displayName: 'Name',
+                name: 'name',
+                type: 'string',
+                default: '',
+                required: true,
+                displayOptions: { show: { resource: ['project'], operation: ['create'] } }
+            },
+            // Webhook: Create — url + events
+            {
+                displayName: 'Endpoint URL',
+                name: 'url',
+                type: 'string',
+                default: '',
+                required: true,
+                placeholder: 'https://example.com/webhooks/exayard',
+                displayOptions: { show: { resource: ['webhook'], operation: ['create'] } }
+            },
+            {
+                displayName: 'Events',
+                name: 'events',
+                type: 'multiOptions',
+                default: ['project.created', 'assessment.completed', 'estimate.generated', 'bid.generated'],
+                options: [
+                    { name: 'project.created', value: 'project.created' },
+                    { name: 'project.updated', value: 'project.updated' },
+                    { name: 'project.archived', value: 'project.archived' },
+                    { name: 'assessment.started', value: 'assessment.started' },
+                    { name: 'assessment.completed', value: 'assessment.completed' },
+                    { name: 'assessment.approved', value: 'assessment.approved' },
+                    { name: 'assessment.cancelled', value: 'assessment.cancelled' },
+                    { name: 'estimate.generated', value: 'estimate.generated' },
+                    { name: 'bid.generated', value: 'bid.generated' },
+                    { name: 'file.processed', value: 'file.processed' },
+                    { name: '* (all events)', value: '*' }
+                ],
+                required: true,
+                displayOptions: { show: { resource: ['webhook'], operation: ['create'] } }
+            },
+            {
+                displayName: 'Description',
+                name: 'description',
+                type: 'string',
+                default: '',
+                displayOptions: { show: { resource: ['webhook'], operation: ['create'] } }
+            },
+            // Webhook: Delete / Deliveries — endpoint ID
+            {
+                displayName: 'Endpoint ID',
+                name: 'endpointId',
+                type: 'string',
+                default: '',
+                required: true,
+                displayOptions: { show: { resource: ['webhook'], operation: ['delete', 'deliveries'] } }
+            },
+            // Help: Search — query
+            {
+                displayName: 'Query',
+                name: 'query',
+                type: 'string',
+                default: '',
+                required: true,
+                displayOptions: { show: { resource: ['help'], operation: ['search'] } }
+            }
+        ]
+    };
+    async execute() {
+        const credentials = await this.getCredentials('exayardApi');
+        const client = new vendor_1.Exayard({
+            apiKey: credentials.apiKey,
+            baseUrl: credentials.baseUrl || undefined
+        });
+        const items = this.getInputData();
+        const out = [];
+        for (let i = 0; i < items.length; i++) {
+            const resource = this.getNodeParameter('resource', i);
+            const operation = this.getNodeParameter('operation', i);
+            try {
+                let result;
+                if (resource === 'me') {
+                    result = await client.me.get();
+                }
+                else if (resource === 'project') {
+                    const organizationId = this.getNodeParameter('organizationId', i);
+                    if (operation === 'list') {
+                        const status = this.getNodeParameter('status', i, '');
+                        const search = this.getNodeParameter('search', i, '');
+                        const limit = this.getNodeParameter('limit', i, 50);
+                        result = await client.projects.list({
+                            organizationId,
+                            status: status || undefined,
+                            search: search || undefined,
+                            limit
+                        });
+                    }
+                    else if (operation === 'get') {
+                        const projectId = this.getNodeParameter('projectId', i);
+                        result = await client.projects.get(projectId, { organizationId });
+                    }
+                    else if (operation === 'create') {
+                        const name = this.getNodeParameter('name', i);
+                        result = await client.projects.create({ organizationId, name });
+                    }
+                    else if (operation === 'archive') {
+                        const projectId = this.getNodeParameter('projectId', i);
+                        await client.projects.archive(projectId, { organizationId });
+                        result = { ok: true, archived: projectId };
+                    }
+                    else if (operation === 'export') {
+                        const projectId = this.getNodeParameter('projectId', i);
+                        result = await client.projects.export(projectId, { organizationId });
+                    }
+                }
+                else if (resource === 'webhook') {
+                    const organizationId = this.getNodeParameter('organizationId', i);
+                    if (operation === 'list') {
+                        result = await client.webhooks.listEndpoints({ organizationId });
+                    }
+                    else if (operation === 'create') {
+                        const url = this.getNodeParameter('url', i);
+                        const events = this.getNodeParameter('events', i);
+                        const description = this.getNodeParameter('description', i, '');
+                        result = await client.webhooks.createEndpoint({
+                            organizationId,
+                            url,
+                            events,
+                            description: description || undefined
+                        });
+                    }
+                    else if (operation === 'delete') {
+                        const endpointId = this.getNodeParameter('endpointId', i);
+                        await client.webhooks.deleteEndpoint(endpointId, { organizationId });
+                        result = { ok: true, deleted: endpointId };
+                    }
+                    else if (operation === 'deliveries') {
+                        const endpointId = this.getNodeParameter('endpointId', i);
+                        result = await client.webhooks.listDeliveries(endpointId, { organizationId });
+                    }
+                }
+                else if (resource === 'help') {
+                    const query = this.getNodeParameter('query', i);
+                    result = await client.help.search({ query });
+                }
+                if (result === undefined) {
+                    throw new n8n_workflow_1.NodeOperationError(this.getNode(), `Unsupported resource/operation combination: ${resource}.${operation}`, { itemIndex: i });
+                }
+                // n8n expects each output item to be wrapped in { json: ... }.
+                // Array-returning operations are split into one item per row so
+                // downstream nodes can iterate naturally. Cast through unknown
+                // because n8n's IDataObject is stricter than Record<string,
+                // unknown> — values must be IDataObject | GenericValue, but
+                // upstream SDK return types are intentionally loose.
+                const push = (row) => {
+                    out.push({ json: row, pairedItem: { item: i } });
+                };
+                if (Array.isArray(result)) {
+                    for (const row of result)
+                        push(row);
+                }
+                else if (result && typeof result === 'object' && 'items' in result && Array.isArray(result.items)) {
+                    for (const row of result.items)
+                        push(row);
+                }
+                else {
+                    push(result);
+                }
+            }
+            catch (err) {
+                if (err instanceof vendor_1.ExayardError) {
+                    // Surface RFC 9457 problem+json fields verbatim so workflow
+                    // branches can read code / detail / doc_url. Re-throw as a
+                    // NodeOperationError so n8n's standard error handling kicks in
+                    // (Continue On Fail, etc.).
+                    throw new n8n_workflow_1.NodeOperationError(this.getNode(), `${err.title} (${err.code}): ${err.detail}`, {
+                        itemIndex: i,
+                        description: err.docUrl ? `See ${err.docUrl}` : undefined
+                    });
+                }
+                throw err;
+            }
+        }
+        return [out];
+    }
+}
+exports.Exayard = Exayard;

package/dist/nodes/Exayard/Exayard.svg

@@ -0,0 +1,4 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 60 60" width="60" height="60">
+  <rect width="60" height="60" rx="12" fill="#0F1115"/>
+  <text x="30" y="38" font-family="-apple-system, system-ui, sans-serif" font-weight="700" font-size="24" text-anchor="middle" fill="#F5F2EA">E</text>
+</svg>

package/dist/nodes/ExayardTrigger/ExayardTrigger.node.d.ts

@@ -0,0 +1,23 @@
+import type { IHookFunctions, INodeType, INodeTypeDescription, IWebhookFunctions, IWebhookResponseData } from 'n8n-workflow';
+/**
+ * Webhook trigger node for Exayard lifecycle events.
+ *
+ * On activate, registers a webhook endpoint at api.exayard.com pointing
+ * at the n8n production webhook URL. The endpoint secret returned by
+ * Exayard is stored in node static data so signature verification works
+ * across restarts.
+ *
+ * On deactivate, deletes the registered endpoint so we don't leak
+ * orphan webhook subscriptions on the Exayard side.
+ */
+export declare class ExayardTrigger implements INodeType {
+    description: INodeTypeDescription;
+    webhookMethods: {
+        default: {
+            checkExists(this: IHookFunctions): Promise<boolean>;
+            create(this: IHookFunctions): Promise<boolean>;
+            delete(this: IHookFunctions): Promise<boolean>;
+        };
+    };
+    webhook(this: IWebhookFunctions): Promise<IWebhookResponseData>;
+}

package/dist/nodes/ExayardTrigger/ExayardTrigger.node.js

@@ -0,0 +1,148 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ExayardTrigger = void 0;
+const vendor_1 = require("../../src/vendor");
+const n8n_workflow_1 = require("n8n-workflow");
+/**
+ * Webhook trigger node for Exayard lifecycle events.
+ *
+ * On activate, registers a webhook endpoint at api.exayard.com pointing
+ * at the n8n production webhook URL. The endpoint secret returned by
+ * Exayard is stored in node static data so signature verification works
+ * across restarts.
+ *
+ * On deactivate, deletes the registered endpoint so we don't leak
+ * orphan webhook subscriptions on the Exayard side.
+ */
+class ExayardTrigger {
+    description = {
+        displayName: 'Exayard Trigger',
+        name: 'exayardTrigger',
+        icon: 'file:ExayardTrigger.svg',
+        group: ['trigger'],
+        version: 1,
+        description: 'Triggers when an Exayard lifecycle event fires',
+        defaults: { name: 'Exayard Trigger' },
+        inputs: [],
+        outputs: ['main'],
+        credentials: [{ name: 'exayardApi', required: true }],
+        webhooks: [
+            {
+                name: 'default',
+                httpMethod: 'POST',
+                responseMode: 'onReceived',
+                path: 'webhook'
+            }
+        ],
+        properties: [
+            {
+                displayName: 'Organization ID',
+                name: 'organizationId',
+                type: 'string',
+                default: '',
+                required: true,
+                description: 'Exayard organization ID (org_...)'
+            },
+            {
+                displayName: 'Events',
+                name: 'events',
+                type: 'multiOptions',
+                default: ['project.created', 'assessment.completed', 'estimate.generated', 'bid.generated'],
+                options: [
+                    { name: 'project.created', value: 'project.created' },
+                    { name: 'project.updated', value: 'project.updated' },
+                    { name: 'project.archived', value: 'project.archived' },
+                    { name: 'assessment.started', value: 'assessment.started' },
+                    { name: 'assessment.completed', value: 'assessment.completed' },
+                    { name: 'assessment.approved', value: 'assessment.approved' },
+                    { name: 'assessment.cancelled', value: 'assessment.cancelled' },
+                    { name: 'estimate.generated', value: 'estimate.generated' },
+                    { name: 'bid.generated', value: 'bid.generated' },
+                    { name: 'file.processed', value: 'file.processed' },
+                    { name: '* (all events)', value: '*' }
+                ],
+                required: true
+            }
+        ]
+    };
+    webhookMethods = {
+        default: {
+            async checkExists() {
+                const data = this.getWorkflowStaticData('node');
+                return typeof data.endpointId === 'string';
+            },
+            async create() {
+                const credentials = await this.getCredentials('exayardApi');
+                const organizationId = this.getNodeParameter('organizationId');
+                const events = this.getNodeParameter('events');
+                const url = this.getNodeWebhookUrl('default');
+                if (!url) {
+                    throw new n8n_workflow_1.NodeOperationError(this.getNode(), 'n8n did not provide a webhook URL.');
+                }
+                const client = new vendor_1.Exayard({
+                    apiKey: credentials.apiKey,
+                    baseUrl: credentials.baseUrl || undefined
+                });
+                const res = await client.webhooks.createEndpoint({
+                    organizationId,
+                    url,
+                    events,
+                    description: 'n8n trigger'
+                });
+                const data = this.getWorkflowStaticData('node');
+                data.endpointId = res.id;
+                data.endpointSecret = res.secret;
+                data.organizationId = organizationId;
+                return true;
+            },
+            async delete() {
+                const data = this.getWorkflowStaticData('node');
+                if (typeof data.endpointId !== 'string' || typeof data.organizationId !== 'string') {
+                    return true;
+                }
+                const credentials = await this.getCredentials('exayardApi');
+                const client = new vendor_1.Exayard({
+                    apiKey: credentials.apiKey,
+                    baseUrl: credentials.baseUrl || undefined
+                });
+                try {
+                    await client.webhooks.deleteEndpoint(data.endpointId, { organizationId: data.organizationId });
+                }
+                catch {
+                    // Best-effort cleanup; Exayard might have already removed the endpoint.
+                }
+                delete data.endpointId;
+                delete data.endpointSecret;
+                delete data.organizationId;
+                return true;
+            }
+        }
+    };
+    async webhook() {
+        const req = this.getRequestObject();
+        const signature = (req.headers['exayard-signature'] || req.headers['Exayard-Signature']);
+        const data = this.getWorkflowStaticData('node');
+        const secret = data.endpointSecret;
+        if (!signature || !secret) {
+            // Missing secret usually means the workflow was activated without
+            // the create() hook completing — return 400 so Exayard retries
+            // until the secret is in place.
+            return { webhookResponse: { status: 400, body: { error: 'missing_signature_or_secret' } } };
+        }
+        const rawBody = JSON.stringify(this.getBodyData());
+        try {
+            const event = await (0, vendor_1.constructWebhookEvent)(rawBody, signature, secret);
+            return { workflowData: [[{ json: event }]] };
+        }
+        catch (err) {
+            if (err instanceof vendor_1.WebhookSignatureError) {
+                // 401 tells Exayard the signature failed; it will retry with
+                // exponential backoff up to 3 days, but in practice signature
+                // failures mean a config issue and should be loud.
+                return { webhookResponse: { status: 401, body: { error: err.code, detail: err.message } } };
+            }
+            throw err;
+        }
+    }
+}
+exports.ExayardTrigger = ExayardTrigger;

package/dist/nodes/ExayardTrigger/ExayardTrigger.svg

@@ -0,0 +1,5 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 60 60" width="60" height="60">
+  <rect width="60" height="60" rx="12" fill="#0F1115"/>
+  <text x="30" y="38" font-family="-apple-system, system-ui, sans-serif" font-weight="700" font-size="24" text-anchor="middle" fill="#F5F2EA">E</text>
+  <circle cx="48" cy="12" r="6" fill="#FBBF24"/>
+</svg>

package/dist/src/vendor/client.d.ts

@@ -0,0 +1,101 @@
+/**
+ * Configuration for the Exayard SDK client.
+ */
+export interface ExayardOptions {
+    /** API key from /settings/api-keys. Either this or bearerToken must be set. */
+    apiKey?: string;
+    /** OAuth bearer token (for connected-app flows). */
+    bearerToken?: string;
+    /** Override the base URL. Defaults to https://api.exayard.com/v1. */
+    baseUrl?: string;
+    /** Per-request timeout in ms. Defaults to 60000. */
+    timeoutMs?: number;
+    /** Optional fetch override — for tests or custom runtimes. */
+    fetch?: typeof fetch;
+}
+export declare class Exayard {
+    private readonly apiKey?;
+    private readonly bearerToken?;
+    private readonly baseUrl;
+    private readonly timeoutMs;
+    private readonly fetchImpl;
+    constructor(opts?: ExayardOptions);
+    private request;
+    readonly me: {
+        get: () => Promise<unknown>;
+    };
+    readonly projects: {
+        list: (query: {
+            organizationId: string;
+            status?: string;
+            search?: string;
+            limit?: number;
+            cursor?: string;
+        }) => Promise<{
+            items: unknown[];
+            next_cursor?: string;
+        }>;
+        get: (id: string, query: {
+            organizationId: string;
+        }) => Promise<unknown>;
+        create: (body: {
+            organizationId: string;
+            name: string;
+        }, opts?: {
+            idempotencyKey?: string;
+        }) => Promise<{
+            id: string;
+            _id: string;
+        }>;
+        export: (id: string, query: {
+            organizationId: string;
+        }) => Promise<unknown>;
+        archive: (id: string, query: {
+            organizationId: string;
+        }) => Promise<void>;
+    };
+    readonly help: {
+        search: (body: {
+            query: string;
+            limit?: number;
+            section?: string;
+        }) => Promise<{
+            results: Array<{
+                id: string;
+                title: string;
+                description: string;
+                url: string;
+                score: number;
+            }>;
+            total: number;
+        }>;
+    };
+    readonly webhooks: {
+        listEndpoints: (query: {
+            organizationId: string;
+        }) => Promise<unknown[]>;
+        createEndpoint: (body: {
+            organizationId: string;
+            url: string;
+            events: string[];
+            description?: string;
+        }) => Promise<{
+            id: string;
+            secret: string;
+        }>;
+        deleteEndpoint: (id: string, query: {
+            organizationId: string;
+        }) => Promise<void>;
+        listDeliveries: (id: string, query: {
+            organizationId: string;
+            limit?: number;
+        }) => Promise<unknown[]>;
+        /**
+         * Parse + verify an inbound webhook delivery. Throws WebhookSignatureError
+         * on any signature failure — always catch and return 400 to let us retry.
+         */
+        constructEvent: <T = unknown>(rawBody: string, signatureHeader: string, secret: string, options?: {
+            now?: number;
+        }) => Promise<import("./webhooks").WebhookEvent<T>>;
+    };
+}

package/dist/src/vendor/client.js

@@ -0,0 +1,130 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Exayard = void 0;
+/**
+ * Vendored from @exayard/sdk (packages/sdk/src/client.ts).
+ *
+ * Copied in so this n8n community node has ZERO runtime dependencies, which is
+ * required for n8n verified-community-node eligibility. Keep in sync with the
+ * upstream SDK if the client surface changes.
+ */
+const error_1 = require("./error");
+const webhooks_1 = require("./webhooks");
+const UNSAFE_METHODS = new Set(['POST', 'PATCH', 'PUT', 'DELETE']);
+const randomIdempotencyKey = () => {
+    // Good enough for SDK auto-retries; callers needing deterministic keys
+    // pass their own. Uses crypto.randomUUID in runtimes that have it and
+    // falls back to timestamp+random.
+    if (typeof crypto !== 'undefined' && 'randomUUID' in crypto) {
+        return `idem_${crypto.randomUUID().replace(/-/g, '')}`;
+    }
+    return `idem_${Date.now().toString(36)}${Math.random().toString(36).slice(2, 10)}`;
+};
+class Exayard {
+    apiKey;
+    bearerToken;
+    baseUrl;
+    timeoutMs;
+    fetchImpl;
+    constructor(opts = {}) {
+        if (!opts.apiKey && !opts.bearerToken) {
+            throw new Error('Exayard: pass `apiKey` or `bearerToken` — see https://developers.exayard.com/api-reference.');
+        }
+        this.apiKey = opts.apiKey;
+        this.bearerToken = opts.bearerToken;
+        this.baseUrl = (opts.baseUrl ?? 'https://api.exayard.com/v1').replace(/\/$/, '');
+        this.timeoutMs = opts.timeoutMs ?? 60_000;
+        this.fetchImpl = opts.fetch ?? fetch;
+    }
+    // Internal request primitive. Public resource methods compose this.
+    async request(opts) {
+        const url = new URL(`${this.baseUrl}${opts.path}`);
+        if (opts.query) {
+            for (const [k, v] of Object.entries(opts.query)) {
+                if (v !== undefined)
+                    url.searchParams.set(k, String(v));
+            }
+        }
+        const headers = {
+            Accept: 'application/json',
+            Authorization: `Bearer ${this.apiKey ?? this.bearerToken}`
+        };
+        if (opts.body !== undefined)
+            headers['Content-Type'] = 'application/json';
+        // Idempotency-Key for unsafe methods — auto-generated unless caller
+        // pins one for replay-safe retries from their own retry loop.
+        const autoIdem = opts.autoIdempotencyKey ?? UNSAFE_METHODS.has(opts.method);
+        if (opts.idempotencyKey) {
+            headers['Idempotency-Key'] = opts.idempotencyKey;
+        }
+        else if (autoIdem) {
+            headers['Idempotency-Key'] = randomIdempotencyKey();
+        }
+        const ac = new AbortController();
+        const timeout = setTimeout(() => ac.abort(), this.timeoutMs);
+        let res;
+        try {
+            res = await this.fetchImpl(url.toString(), {
+                method: opts.method,
+                headers,
+                body: opts.body !== undefined ? JSON.stringify(opts.body) : undefined,
+                signal: ac.signal
+            });
+        }
+        finally {
+            clearTimeout(timeout);
+        }
+        if (!res.ok) {
+            const ct = res.headers.get('Content-Type') ?? '';
+            if (ct.includes('problem+json') || ct.includes('application/json')) {
+                const body = (await res.json());
+                throw new error_1.ExayardError(body);
+            }
+            // Fallback for non-JSON error pages (shouldn't happen against /v1 but
+            // could hit a CDN error page if the service is down).
+            const text = await res.text().catch(() => '');
+            throw new error_1.ExayardError({
+                type: 'https://developers.exayard.com/concepts/errors#transport_error',
+                title: 'Transport Error',
+                status: res.status,
+                detail: text.slice(0, 500) || `HTTP ${res.status}`,
+                code: 'transport_error',
+                doc_url: 'https://developers.exayard.com/concepts/errors#transport_error',
+                request_id: res.headers.get('X-Request-Id') ?? undefined
+            });
+        }
+        if (res.status === 204)
+            return undefined;
+        return (await res.json());
+    }
+    // ---------------------------------------------------------------------------
+    // Resource surface — a curated subset covering the flows agents and integrations
+    // most often hit. Full OpenAPI coverage can be layered on via generated code
+    // without changing the public shape of this client.
+    // ---------------------------------------------------------------------------
+    me = {
+        get: () => this.request({ method: 'GET', path: '/me' })
+    };
+    projects = {
+        list: (query) => this.request({ method: 'GET', path: '/projects', query }),
+        get: (id, query) => this.request({ method: 'GET', path: `/projects/${id}`, query }),
+        create: (body, opts = {}) => this.request({ method: 'POST', path: '/projects', body, idempotencyKey: opts.idempotencyKey }),
+        export: (id, query) => this.request({ method: 'GET', path: `/projects/${id}/export`, query }),
+        archive: (id, query) => this.request({ method: 'POST', path: `/projects/${id}/archive`, query })
+    };
+    help = {
+        search: (body) => this.request({ method: 'POST', path: '/help/search', body, autoIdempotencyKey: false })
+    };
+    webhooks = {
+        listEndpoints: (query) => this.request({ method: 'GET', path: '/webhook_endpoints', query }),
+        createEndpoint: (body) => this.request({ method: 'POST', path: '/webhook_endpoints', body }),
+        deleteEndpoint: (id, query) => this.request({ method: 'DELETE', path: `/webhook_endpoints/${id}`, query }),
+        listDeliveries: (id, query) => this.request({ method: 'GET', path: `/webhook_endpoints/${id}/deliveries`, query }),
+        /**
+         * Parse + verify an inbound webhook delivery. Throws WebhookSignatureError
+         * on any signature failure — always catch and return 400 to let us retry.
+         */
+        constructEvent: webhooks_1.constructWebhookEvent
+    };
+}
+exports.Exayard = Exayard;

package/dist/src/vendor/error.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Vendored from @exayard/sdk (packages/sdk/src/error.ts).
+ *
+ * Copied in so this n8n community node has ZERO runtime dependencies, which is
+ * required for n8n verified-community-node eligibility. Keep in sync with the
+ * upstream SDK if the error envelope changes.
+ *
+ * Typed error surface for SDK consumers.
+ *
+ * Every non-2xx response from /v1 is parsed into an ExayardError so callers
+ * can branch on `err.code` (stable) rather than `err.message` (human). Shape
+ * matches the RFC 9457 Problem Details envelope — title/detail/instance are
+ * present, extensions (code/param/doc_url/request_id) come through intact.
+ */
+export interface ExayardErrorBody {
+    type: string;
+    title: string;
+    status: number;
+    detail: string;
+    instance?: string;
+    code: string;
+    param?: string;
+    doc_url?: string;
+    request_id?: string;
+}
+export declare class ExayardError extends Error {
+    readonly type: string;
+    readonly title: string;
+    readonly status: number;
+    readonly detail: string;
+    readonly instance?: string;
+    readonly code: string;
+    readonly param?: string;
+    readonly docUrl?: string;
+    readonly requestId?: string;
+    constructor(body: ExayardErrorBody);
+    isRateLimited(): boolean;
+    isUnauthenticated(): boolean;
+    isNotFound(): boolean;
+    isInsufficientScope(): boolean;
+    isIdempotencyConflict(): boolean;
+}

package/dist/src/vendor/error.js

@@ -0,0 +1,68 @@
+"use strict";
+/**
+ * Vendored from @exayard/sdk (packages/sdk/src/error.ts).
+ *
+ * Copied in so this n8n community node has ZERO runtime dependencies, which is
+ * required for n8n verified-community-node eligibility. Keep in sync with the
+ * upstream SDK if the error envelope changes.
+ *
+ * Typed error surface for SDK consumers.
+ *
+ * Every non-2xx response from /v1 is parsed into an ExayardError so callers
+ * can branch on `err.code` (stable) rather than `err.message` (human). Shape
+ * matches the RFC 9457 Problem Details envelope — title/detail/instance are
+ * present, extensions (code/param/doc_url/request_id) come through intact.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ExayardError = void 0;
+class ExayardError extends Error {
+    type;
+    title;
+    status;
+    detail;
+    instance;
+    code;
+    param;
+    docUrl;
+    requestId;
+    constructor(body) {
+        // Guard against upstream error pages that don't conform to Problem Details —
+        // a missing code/title/detail should still produce a useful message rather
+        // than the string "undefined (undefined): undefined".
+        const title = body.title ?? 'error';
+        const status = typeof body.status === 'number' ? body.status : 0;
+        const code = body.code ?? `http_${status || 'unknown'}`;
+        const detail = body.detail ?? '';
+        const message = detail
+            ? `${title} (${code}): ${detail}`
+            : `HTTP ${status || 'unknown'}: ${title}`;
+        super(message);
+        this.name = 'ExayardError';
+        this.type = body.type ?? 'about:blank';
+        this.title = title;
+        this.status = status;
+        this.detail = detail;
+        this.instance = body.instance;
+        this.code = code;
+        this.param = body.param;
+        this.docUrl = body.doc_url;
+        this.requestId = body.request_id;
+    }
+    // Convenience guards for the most common branching points.
+    isRateLimited() {
+        return this.code === 'rate_limited' || this.status === 429;
+    }
+    isUnauthenticated() {
+        return this.code === 'unauthenticated' || this.status === 401;
+    }
+    isNotFound() {
+        return this.code === 'not_found' || this.status === 404;
+    }
+    isInsufficientScope() {
+        return this.code === 'insufficient_scope' || this.status === 403;
+    }
+    isIdempotencyConflict() {
+        return this.code === 'idempotency_key_reused';
+    }
+}
+exports.ExayardError = ExayardError;

package/dist/src/vendor/index.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Vendored copy of @exayard/sdk.
+ *
+ * The Exayard SDK is internal/unpublished, so its source is vendored here to
+ * keep this n8n community node free of runtime dependencies (a requirement for
+ * n8n verified-community-node eligibility). The four files under this directory
+ * mirror packages/sdk/src/{client,error,webhooks,index}.ts and have ZERO npm
+ * dependencies — they rely only on built-ins (fetch, URL, crypto, TextEncoder,
+ * btoa). Keep in sync with the upstream SDK.
+ *
+ * Usage:
+ *
+ *   import { Exayard } from '../../vendor'
+ *   const exa = new Exayard({ apiKey: '...' })
+ */
+export { Exayard } from './client';
+export type { ExayardOptions } from './client';
+export { ExayardError } from './error';
+export type { ExayardErrorBody } from './error';
+export { constructWebhookEvent, WebhookSignatureError } from './webhooks';
+export type { WebhookEvent, WebhookEventType } from './webhooks';

package/dist/src/vendor/index.js

@@ -0,0 +1,25 @@
+"use strict";
+/**
+ * Vendored copy of @exayard/sdk.
+ *
+ * The Exayard SDK is internal/unpublished, so its source is vendored here to
+ * keep this n8n community node free of runtime dependencies (a requirement for
+ * n8n verified-community-node eligibility). The four files under this directory
+ * mirror packages/sdk/src/{client,error,webhooks,index}.ts and have ZERO npm
+ * dependencies — they rely only on built-ins (fetch, URL, crypto, TextEncoder,
+ * btoa). Keep in sync with the upstream SDK.
+ *
+ * Usage:
+ *
+ *   import { Exayard } from '../../vendor'
+ *   const exa = new Exayard({ apiKey: '...' })
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WebhookSignatureError = exports.constructWebhookEvent = exports.ExayardError = exports.Exayard = void 0;
+var client_1 = require("./client");
+Object.defineProperty(exports, "Exayard", { enumerable: true, get: function () { return client_1.Exayard; } });
+var error_1 = require("./error");
+Object.defineProperty(exports, "ExayardError", { enumerable: true, get: function () { return error_1.ExayardError; } });
+var webhooks_1 = require("./webhooks");
+Object.defineProperty(exports, "constructWebhookEvent", { enumerable: true, get: function () { return webhooks_1.constructWebhookEvent; } });
+Object.defineProperty(exports, "WebhookSignatureError", { enumerable: true, get: function () { return webhooks_1.WebhookSignatureError; } });

package/dist/src/vendor/webhooks.d.ts

@@ -0,0 +1,37 @@
+/**
+ * Vendored from @exayard/sdk (packages/sdk/src/webhooks.ts).
+ *
+ * Copied in so this n8n community node has ZERO runtime dependencies, which is
+ * required for n8n verified-community-node eligibility. Keep in sync with the
+ * upstream SDK if the signing scheme changes.
+ *
+ * Webhook signature verification — Stripe-compatible pattern.
+ *
+ * Exayard signs every delivery with:
+ *   Exayard-Signature: t=<unix>,v1=<base64-hmac-sha256>
+ *
+ * where the signed payload is `${t}.${rawBody}` and the HMAC secret is the
+ * endpoint's whsec_... value returned once at creation time.
+ */
+export type WebhookEventType = 'project.created' | 'project.updated' | 'project.archived' | 'assessment.started' | 'assessment.completed' | 'assessment.approved' | 'assessment.cancelled' | 'estimate.generated' | 'bid.generated' | 'file.processed';
+export interface WebhookEvent<T = unknown> {
+    id: string;
+    type: WebhookEventType;
+    created: number;
+    data: T;
+}
+export declare class WebhookSignatureError extends Error {
+    readonly code: 'invalid_signature' | 'replay_window_exceeded' | 'malformed_header';
+    constructor(code: WebhookSignatureError['code'], message: string);
+}
+/**
+ * Verify a webhook delivery and parse its payload as a typed WebhookEvent.
+ *
+ * Throws WebhookSignatureError with a stable `code` on failure:
+ *   - malformed_header: Exayard-Signature isn't in t=…,v1=… form
+ *   - replay_window_exceeded: timestamp is >5 minutes from now
+ *   - invalid_signature: digest doesn't match
+ */
+export declare const constructWebhookEvent: <T = unknown>(rawBody: string, signatureHeader: string, secret: string, options?: {
+    now?: number;
+}) => Promise<WebhookEvent<T>>;

package/dist/src/vendor/webhooks.js

@@ -0,0 +1,90 @@
+"use strict";
+/**
+ * Vendored from @exayard/sdk (packages/sdk/src/webhooks.ts).
+ *
+ * Copied in so this n8n community node has ZERO runtime dependencies, which is
+ * required for n8n verified-community-node eligibility. Keep in sync with the
+ * upstream SDK if the signing scheme changes.
+ *
+ * Webhook signature verification — Stripe-compatible pattern.
+ *
+ * Exayard signs every delivery with:
+ *   Exayard-Signature: t=<unix>,v1=<base64-hmac-sha256>
+ *
+ * where the signed payload is `${t}.${rawBody}` and the HMAC secret is the
+ * endpoint's whsec_... value returned once at creation time.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.constructWebhookEvent = exports.WebhookSignatureError = void 0;
+class WebhookSignatureError extends Error {
+    code;
+    constructor(code, message) {
+        super(message);
+        this.name = 'WebhookSignatureError';
+        this.code = code;
+    }
+}
+exports.WebhookSignatureError = WebhookSignatureError;
+// 5-minute replay window matches the server-side signing convention in
+// packages/backend/convex/webhooks.ts.
+const REPLAY_WINDOW_SECONDS = 5 * 60;
+const parseSignatureHeader = (header) => {
+    const parts = header.split(',').map(s => s.trim());
+    let t;
+    let v1;
+    for (const part of parts) {
+        const eq = part.indexOf('=');
+        if (eq === -1)
+            continue;
+        const k = part.slice(0, eq);
+        const v = part.slice(eq + 1);
+        if (k === 't')
+            t = parseInt(v, 10);
+        if (k === 'v1')
+            v1 = v;
+    }
+    if (t === undefined || Number.isNaN(t) || !v1) {
+        throw new WebhookSignatureError('malformed_header', `Exayard-Signature must be "t=<unix>,v1=<digest>" — got "${header}".`);
+    }
+    return { t, v1 };
+};
+const hmacSha256Base64 = async (secret, payload) => {
+    const key = await crypto.subtle.importKey('raw', new TextEncoder().encode(secret), { name: 'HMAC', hash: 'SHA-256' }, false, ['sign']);
+    const digest = await crypto.subtle.sign('HMAC', key, new TextEncoder().encode(payload));
+    const bytes = new Uint8Array(digest);
+    let str = '';
+    for (let i = 0; i < bytes.length; i++)
+        str += String.fromCharCode(bytes[i]);
+    return btoa(str);
+};
+// Constant-time base64 compare. Short-circuit on length mismatch is fine —
+// attacker already knows the digest length (SHA-256 = 44 base64 chars).
+const safeCompare = (a, b) => {
+    if (a.length !== b.length)
+        return false;
+    let result = 0;
+    for (let i = 0; i < a.length; i++)
+        result |= a.charCodeAt(i) ^ b.charCodeAt(i);
+    return result === 0;
+};
+/**
+ * Verify a webhook delivery and parse its payload as a typed WebhookEvent.
+ *
+ * Throws WebhookSignatureError with a stable `code` on failure:
+ *   - malformed_header: Exayard-Signature isn't in t=…,v1=… form
+ *   - replay_window_exceeded: timestamp is >5 minutes from now
+ *   - invalid_signature: digest doesn't match
+ */
+const constructWebhookEvent = async (rawBody, signatureHeader, secret, options = {}) => {
+    const { t, v1 } = parseSignatureHeader(signatureHeader);
+    const nowSec = Math.floor((options.now ?? Date.now()) / 1000);
+    if (Math.abs(nowSec - t) > REPLAY_WINDOW_SECONDS) {
+        throw new WebhookSignatureError('replay_window_exceeded', `Signature timestamp ${t} is outside the ${REPLAY_WINDOW_SECONDS}-second window (now=${nowSec}).`);
+    }
+    const expected = await hmacSha256Base64(secret, `${t}.${rawBody}`);
+    if (!safeCompare(expected, v1)) {
+        throw new WebhookSignatureError('invalid_signature', 'HMAC digest mismatch. Check the endpoint secret.');
+    }
+    return JSON.parse(rawBody);
+};
+exports.constructWebhookEvent = constructWebhookEvent;

package/package.json

@@ -0,0 +1,55 @@
+{
+  "name": "n8n-nodes-takeoff-pro",
+  "version": "0.1.0",
+  "description": "n8n community node for Exayard — AI-powered construction takeoffs, estimates, and bids.",
+  "keywords": [
+    "n8n-community-node-package",
+    "exayard",
+    "construction",
+    "estimating",
+    "takeoff"
+  ],
+  "license": "MIT",
+  "homepage": "https://exayard.com/integrations/n8n",
+  "author": {
+    "name": "Exayard",
+    "email": "support@exayard.com",
+    "url": "https://exayard.com"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/ShortGenius/exayard.git",
+    "directory": "packages/n8n-node"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "main": "index.js",
+  "scripts": {
+    "build": "tsc -p tsconfig.json && yarn copy-icons",
+    "copy-icons": "node -e \"const fs=require('fs');const path=require('path');for (const dir of ['nodes/Exayard','nodes/ExayardTrigger']) { fs.mkdirSync(path.join('dist',dir),{recursive:true}); for (const f of fs.readdirSync(dir).filter(n => n.endsWith('.svg'))) { fs.copyFileSync(path.join(dir,f), path.join('dist',dir,f)); } }\"",
+    "typecheck": "tsc --noEmit"
+  },
+  "files": [
+    "dist"
+  ],
+  "n8n": {
+    "n8nNodesApiVersion": 1,
+    "credentials": [
+      "dist/credentials/ExayardApi.credentials.js"
+    ],
+    "nodes": [
+      "dist/nodes/Exayard/Exayard.node.js",
+      "dist/nodes/ExayardTrigger/ExayardTrigger.node.js"
+    ]
+  },
+  "peerDependencies": {
+    "n8n-workflow": "*"
+  },
+  "devDependencies": {
+    "@exayard/config-typescript": "*",
+    "@types/node": "22.19.0",
+    "n8n-workflow": "1.91.0",
+    "typescript": "5.9.3"
+  }
+}