npm - paygate-mcp - Versions diffs - 9.2.0 → 9.3.0 - Mend

paygate-mcp 9.2.0 → 9.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/README.md CHANGED Viewed

@@ -11,7 +11,7 @@ Monetize any MCP server with one command. Add API key auth, per-tool pricing, ra
 - [Quick Start](#quick-start)
 - [What It Does](#what-it-does)
 - [Usage](#usage) — Local stdio, remote HTTP, multi-server, client SDK
-- [API Reference](#api-reference) — All 140+ endpoints
+- [API Reference](#api-reference) — All 143+ endpoints
 - [CLI Options](#cli-options)
 - [Deployment](#deployment) — Docker, docker-compose, systemd, PM2
 - [Load Testing](#load-testing) — k6 benchmarking for production
@@ -66,7 +66,7 @@ Agent → PayGate (auth + billing) → Your MCP Server (stdio or HTTP)
 - **SSE Streaming** — Full MCP Streamable HTTP transport (POST SSE, GET notifications, DELETE sessions)
 - **Audit Log** — Structured audit trail with retention policies, query API, CSV/JSON export
 - **Registry/Discovery** — Agent-discoverable pricing via `/.well-known/mcp-payment`, `/pricing`, and `/.well-known/mcp.json` identity card
-- **OpenAPI 3.1 + Interactive Docs** — Auto-generated spec at `/openapi.json`, Swagger UI at `/docs` — all 140+ endpoints documented
+- **OpenAPI 3.1 + Interactive Docs** — Auto-generated spec at `/openapi.json`, Swagger UI at `/docs` — all 143+ endpoints documented
 - **Public Endpoint Rate Limiting** — Configurable per-IP rate limit (default 300/min) on `/health`, `/info`, `/pricing`, `/docs`, `/openapi.json`, `/.well-known/*`, `/robots.txt`, `/` — 429 with Retry-After header
 - **Robots.txt + HEAD Support** — Standard `/robots.txt` (allow public, disallow admin/keys), HEAD method on all public endpoints for uptime monitoring
 - **Prometheus Metrics** — `/metrics` endpoint with counters, gauges, and uptime in standard text format
@@ -150,6 +150,9 @@ Agent → PayGate (auth + billing) → Your MCP Server (stdio or HTTP)
 - **Response Caching** — SHA-256 keyed response cache for identical tool calls — skips backend invocation and credit deduction on cache hit, LRU eviction, per-tool or global TTL, `X-Cache: HIT/MISS` header, admin management (`GET/DELETE /admin/cache`), Prometheus gauge
 - **Circuit Breaker** — Three-state circuit breaker (closed → open → half_open) for backend failure detection — opens after N consecutive failures, auto-recovers after cooldown, error code `-32003`, admin management (`GET/POST /admin/circuit`)
 - **Configurable Timeouts** — Per-tool and global timeout for tool calls — returns error code `-32004` on timeout, per-tool override via `toolPricing[tool].timeoutMs`, triggers circuit breaker failure recording
+- **Outcome-Based Pricing** — Charge extra credits based on response output size — `creditsPerKbOutput` per-tool config, post-response billing, `X-Output-Surcharge` header, complements `creditsPerKbInput` for complete size-based pricing
+- **Compliance Audit Export** — Framework-specific compliance reports for SOC 2, GDPR, HIPAA — `GET /admin/compliance/export`, event classification into access control/data processing/config changes/security, JSON or CSV export, configurable time periods
+- **Per-Key Webhook URLs** — Key-level webhook routing — events for a specific key sent to key's webhook URL alongside global webhook, SSRF-protected, HMAC-SHA256 signed, lazy emitter management via `POST/GET/DELETE /keys/webhook`
 - **Security Audit** — `GET /admin/security` security posture analysis identifying keys without IP allowlists, quotas, ACL restrictions, spending limits, or expiry dates, flagging high-credit keys, and computing a composite security score
 - **Revenue Analysis** — `GET /admin/revenue` revenue metrics with per-tool revenue breakdown, per-key spending, hourly revenue trends, credit flow summary (allocated/spent/remaining), and average revenue per call
 - **Key Portfolio Health** — `GET /admin/key-portfolio` portfolio-wide key health with active/inactive/suspended counts, stale keys, expiring-soon keys, age distribution, credit utilization, and namespace breakdown
@@ -453,6 +456,10 @@ A real-time admin UI for managing keys, viewing usage, and monitoring tool calls
 | `/admin/cache` | DELETE | `X-Admin-Key` | Clear cache (all or `?tool=` filter) |
 | `/admin/circuit` | GET | `X-Admin-Key` | Circuit breaker status (state, failures, rejections) |
 | `/admin/circuit` | POST | `X-Admin-Key` | Reset circuit breaker to closed state |
+| `/admin/compliance/export` | GET | `X-Admin-Key` | Compliance audit export (SOC 2/GDPR/HIPAA, JSON/CSV) |
+| `/keys/webhook` | POST | `X-Admin-Key` | Set per-key webhook URL |
+| `/keys/webhook` | GET | `X-Admin-Key` | Get per-key webhook status |
+| `/keys/webhook` | DELETE | `X-Admin-Key` | Remove per-key webhook URL |
 | `/.well-known/oauth-authorization-server` | GET | None | OAuth 2.1 server metadata |
 | `/oauth/register` | POST | None | Dynamic Client Registration (RFC 7591) |
 | `/oauth/authorize` | GET | None | Authorization endpoint (PKCE required) |
@@ -462,7 +469,7 @@ A real-time admin UI for managing keys, viewing usage, and monitoring tool calls
 | `/.well-known/mcp-payment` | GET | None | Server payment metadata (SEP-2007) |
 | `/.well-known/mcp.json` | GET | None | MCP Server Identity card (discovery) |
 | `/pricing` | GET | None | Full per-tool pricing breakdown |
-| `/openapi.json` | GET | None | OpenAPI 3.1 spec (all 140+ endpoints) |
+| `/openapi.json` | GET | None | OpenAPI 3.1 spec (all 143+ endpoints) |
 | `/docs` | GET | None | Interactive API docs (Swagger UI) |
 | `/robots.txt` | GET | None | Crawler directives (allow public, disallow admin/keys) |
 | `/portal` | GET | None | Self-service API key portal (browser UI, auth via X-API-Key prompt) |

package/dist/compliance.d.ts ADDED Viewed

@@ -0,0 +1,64 @@
+/**
+ * Compliance Export — Generate audit reports for SOC 2, GDPR, and HIPAA compliance.
+ *
+ * Formats audit events into structured compliance reports with:
+ *   - Report metadata (period, generation time, framework, version)
+ *   - Access control events (key management, auth failures)
+ *   - Data processing events (tool calls, credit operations)
+ *   - Configuration changes (config reload, webhook updates)
+ *   - Summary statistics
+ */
+import { AuditLogger } from './audit';
+export type ComplianceFramework = 'soc2' | 'gdpr' | 'hipaa';
+export interface ComplianceReportMeta {
+    framework: ComplianceFramework;
+    generatedAt: string;
+    periodStart: string;
+    periodEnd: string;
+    serverVersion: string;
+    totalEvents: number;
+}
+export interface ComplianceSection {
+    title: string;
+    description: string;
+    events: ComplianceEvent[];
+    count: number;
+}
+export interface ComplianceEvent {
+    timestamp: string;
+    category: string;
+    action: string;
+    actor: string;
+    detail: string;
+    severity: 'info' | 'warning' | 'critical';
+    metadata?: Record<string, unknown>;
+}
+export interface ComplianceReport {
+    meta: ComplianceReportMeta;
+    sections: ComplianceSection[];
+    summary: ComplianceSummary;
+}
+export interface ComplianceSummary {
+    totalAccessControlEvents: number;
+    totalDataProcessingEvents: number;
+    totalConfigChangeEvents: number;
+    totalSecurityEvents: number;
+    authFailures: number;
+    keysCreated: number;
+    keysRevoked: number;
+    keysSuspended: number;
+    uniqueActors: number;
+}
+/**
+ * Generate a compliance report from audit log events.
+ */
+export declare function generateComplianceReport(auditLogger: AuditLogger, framework: ComplianceFramework, options: {
+    since?: string;
+    until?: string;
+    serverVersion: string;
+}): ComplianceReport;
+/**
+ * Convert a compliance report to CSV format.
+ */
+export declare function complianceReportToCsv(report: ComplianceReport): string;
+//# sourceMappingURL=compliance.d.ts.map

package/dist/compliance.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"compliance.d.ts","sourceRoot":"","sources":["../src/compliance.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAc,WAAW,EAAc,MAAM,SAAS,CAAC;AAI9D,MAAM,MAAM,mBAAmB,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,CAAC;AAE5D,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,mBAAmB,CAAC;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,eAAe,EAAE,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,GAAG,SAAS,GAAG,UAAU,CAAC;IAC1C,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,oBAAoB,CAAC;IAC3B,QAAQ,EAAE,iBAAiB,EAAE,CAAC;IAC9B,OAAO,EAAE,iBAAiB,CAAC;CAC5B;AAED,MAAM,WAAW,iBAAiB;IAChC,wBAAwB,EAAE,MAAM,CAAC;IACjC,yBAAyB,EAAE,MAAM,CAAC;IAClC,uBAAuB,EAAE,MAAM,CAAC;IAChC,mBAAmB,EAAE,MAAM,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;CACtB;AAiID;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,WAAW,EAAE,WAAW,EACxB,SAAS,EAAE,mBAAmB,EAC9B,OAAO,EAAE;IACP,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;CACvB,GACA,gBAAgB,CA8FlB;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,gBAAgB,GAAG,MAAM,CAatE"}

package/dist/compliance.js ADDED Viewed

@@ -0,0 +1,239 @@
+"use strict";
+/**
+ * Compliance Export — Generate audit reports for SOC 2, GDPR, and HIPAA compliance.
+ *
+ * Formats audit events into structured compliance reports with:
+ *   - Report metadata (period, generation time, framework, version)
+ *   - Access control events (key management, auth failures)
+ *   - Data processing events (tool calls, credit operations)
+ *   - Configuration changes (config reload, webhook updates)
+ *   - Summary statistics
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateComplianceReport = generateComplianceReport;
+exports.complianceReportToCsv = complianceReportToCsv;
+// ─── Event Classification ─────────────────────────────────────────────────────
+const ACCESS_CONTROL_EVENTS = new Set([
+    'key.created', 'key.revoked', 'key.suspended', 'key.resumed', 'key.cloned',
+    'key.rotated', 'key.acl_updated', 'key.expiry_updated', 'key.ip_updated',
+    'admin.auth_failed', 'admin_key.created', 'admin_key.revoked',
+    'admin_key.bootstrap_rotated', 'oauth.client_registered',
+    'oauth.token_issued', 'oauth.token_revoked', 'token.created', 'token.revoked',
+    'team.key_assigned', 'team.key_removed', 'group.key_assigned', 'group.key_removed',
+]);
+const DATA_PROCESSING_EVENTS = new Set([
+    'gate.allow', 'gate.deny', 'key.topup', 'key.auto_topped_up',
+    'key.credits_transferred', 'credits.reserved', 'credits.committed',
+    'credits.released', 'billing.refund', 'keys.exported', 'keys.imported',
+    'admin.backup_created', 'admin.backup_restored', 'stripe.checkout_created',
+]);
+const CONFIG_CHANGE_EVENTS = new Set([
+    'config.reloaded', 'config.export', 'maintenance.enabled', 'maintenance.disabled',
+    'key.quota_updated', 'key.tags_updated', 'key.limit_updated',
+    'key.alias_set', 'key.note_added', 'key.note_deleted',
+    'admin.alerts_configured', 'admin.cache_cleared', 'admin.circuit_reset',
+    'template.created', 'template.updated', 'template.deleted',
+    'team.created', 'team.updated', 'team.deleted',
+    'group.created', 'group.updated', 'group.deleted',
+    'webhook_filter.created', 'webhook_filter.updated', 'webhook_filter.deleted',
+    'schedule.created', 'schedule.executed', 'schedule.cancelled',
+]);
+const SECURITY_EVENTS = new Set([
+    'admin.auth_failed', 'key.revoked', 'key.suspended',
+    'admin_key.revoked', 'admin_key.bootstrap_rotated',
+    'oauth.token_revoked', 'token.revoked',
+]);
+// ─── Framework-specific descriptions ──────────────────────────────────────────
+const FRAMEWORK_SECTIONS = {
+    soc2: {
+        accessControl: {
+            title: 'CC6.1 – Logical Access Controls',
+            description: 'Access provisioning, de-provisioning, key rotation, and authentication events.',
+        },
+        dataProcessing: {
+            title: 'CC7.2 – System Operations Monitoring',
+            description: 'Tool call processing, credit operations, billing, and data import/export events.',
+        },
+        configChanges: {
+            title: 'CC8.1 – Change Management',
+            description: 'Configuration changes, maintenance windows, template updates, and system modifications.',
+        },
+        security: {
+            title: 'CC6.8 – Security Incident Detection',
+            description: 'Authentication failures, key revocations, suspicious activity, and security events.',
+        },
+    },
+    gdpr: {
+        accessControl: {
+            title: 'Article 25 – Data Protection by Design',
+            description: 'Access control events demonstrating data protection measures and access management.',
+        },
+        dataProcessing: {
+            title: 'Article 30 – Records of Processing Activities',
+            description: 'Data processing events including tool calls, data transfers, and billing operations.',
+        },
+        configChanges: {
+            title: 'Article 32 – Security of Processing',
+            description: 'System configuration changes and security measure updates.',
+        },
+        security: {
+            title: 'Article 33 – Notification of Data Breaches',
+            description: 'Security events, authentication failures, and potential breach indicators.',
+        },
+    },
+    hipaa: {
+        accessControl: {
+            title: '§164.312(a) – Access Control',
+            description: 'Electronic access control events, user authentication, and authorization management.',
+        },
+        dataProcessing: {
+            title: '§164.312(b) – Audit Controls',
+            description: 'Information system activity records, data processing, and transaction logs.',
+        },
+        configChanges: {
+            title: '§164.312(e) – Transmission Security',
+            description: 'System configuration modifications and security parameter changes.',
+        },
+        security: {
+            title: '§164.308(a)(6) – Security Incident Procedures',
+            description: 'Security incidents, unauthorized access attempts, and incident response events.',
+        },
+    },
+};
+// ─── Severity Mapping ─────────────────────────────────────────────────────────
+function getSeverity(eventType) {
+    if (eventType === 'admin.auth_failed')
+        return 'critical';
+    if (eventType === 'key.revoked' || eventType === 'admin_key.revoked')
+        return 'warning';
+    if (eventType === 'key.suspended')
+        return 'warning';
+    if (eventType === 'gate.deny')
+        return 'warning';
+    if (eventType === 'maintenance.enabled')
+        return 'warning';
+    if (eventType === 'admin_key.bootstrap_rotated')
+        return 'warning';
+    return 'info';
+}
+// ─── Report Generator ─────────────────────────────────────────────────────────
+function classifyEvent(event) {
+    const parts = event.type.split('.');
+    return {
+        timestamp: event.timestamp,
+        category: parts[0] || 'unknown',
+        action: parts.slice(1).join('.') || event.type,
+        actor: event.actor,
+        detail: event.message,
+        severity: getSeverity(event.type),
+        metadata: Object.keys(event.metadata).length > 0 ? event.metadata : undefined,
+    };
+}
+/**
+ * Generate a compliance report from audit log events.
+ */
+function generateComplianceReport(auditLogger, framework, options) {
+    const periodEnd = options.until || new Date().toISOString();
+    const periodStart = options.since || new Date(Date.now() - 30 * 86_400_000).toISOString(); // Default: last 30 days
+    // Query all events in the period
+    const query = {
+        since: periodStart,
+        until: periodEnd,
+        limit: 10_000, // Max export size
+    };
+    const result = auditLogger.query(query);
+    const events = result.events;
+    const frameworkConfig = FRAMEWORK_SECTIONS[framework];
+    // Classify events into sections
+    const accessControlEvents = [];
+    const dataProcessingEvents = [];
+    const configChangeEvents = [];
+    const securityEvents = [];
+    const actors = new Set();
+    let authFailures = 0;
+    let keysCreated = 0;
+    let keysRevoked = 0;
+    let keysSuspended = 0;
+    for (const event of events) {
+        const classified = classifyEvent(event);
+        actors.add(event.actor);
+        if (ACCESS_CONTROL_EVENTS.has(event.type)) {
+            accessControlEvents.push(classified);
+        }
+        if (DATA_PROCESSING_EVENTS.has(event.type)) {
+            dataProcessingEvents.push(classified);
+        }
+        if (CONFIG_CHANGE_EVENTS.has(event.type)) {
+            configChangeEvents.push(classified);
+        }
+        if (SECURITY_EVENTS.has(event.type)) {
+            securityEvents.push(classified);
+        }
+        // Count specific events
+        if (event.type === 'admin.auth_failed')
+            authFailures++;
+        if (event.type === 'key.created')
+            keysCreated++;
+        if (event.type === 'key.revoked')
+            keysRevoked++;
+        if (event.type === 'key.suspended')
+            keysSuspended++;
+    }
+    return {
+        meta: {
+            framework,
+            generatedAt: new Date().toISOString(),
+            periodStart,
+            periodEnd,
+            serverVersion: options.serverVersion,
+            totalEvents: events.length,
+        },
+        sections: [
+            {
+                ...frameworkConfig.accessControl,
+                events: accessControlEvents,
+                count: accessControlEvents.length,
+            },
+            {
+                ...frameworkConfig.dataProcessing,
+                events: dataProcessingEvents,
+                count: dataProcessingEvents.length,
+            },
+            {
+                ...frameworkConfig.configChanges,
+                events: configChangeEvents,
+                count: configChangeEvents.length,
+            },
+            {
+                ...frameworkConfig.security,
+                events: securityEvents,
+                count: securityEvents.length,
+            },
+        ],
+        summary: {
+            totalAccessControlEvents: accessControlEvents.length,
+            totalDataProcessingEvents: dataProcessingEvents.length,
+            totalConfigChangeEvents: configChangeEvents.length,
+            totalSecurityEvents: securityEvents.length,
+            authFailures,
+            keysCreated,
+            keysRevoked,
+            keysSuspended,
+            uniqueActors: actors.size,
+        },
+    };
+}
+/**
+ * Convert a compliance report to CSV format.
+ */
+function complianceReportToCsv(report) {
+    const header = 'section,timestamp,category,action,actor,severity,detail';
+    const rows = [];
+    for (const section of report.sections) {
+        for (const event of section.events) {
+            rows.push(`"${section.title}",${event.timestamp},${event.category},${event.action},"${event.actor.replace(/"/g, '""')}",${event.severity},"${event.detail.replace(/"/g, '""')}"`);
+        }
+    }
+    return [header, ...rows].join('\n');
+}
+//# sourceMappingURL=compliance.js.map

package/dist/compliance.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"compliance.js","sourceRoot":"","sources":["../src/compliance.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG;;AAsLH,4DAsGC;AAKD,sDAaC;AA1PD,iFAAiF;AAEjF,MAAM,qBAAqB,GAAG,IAAI,GAAG,CAAC;IACpC,aAAa,EAAE,aAAa,EAAE,eAAe,EAAE,aAAa,EAAE,YAAY;IAC1E,aAAa,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,gBAAgB;IACxE,mBAAmB,EAAE,mBAAmB,EAAE,mBAAmB;IAC7D,6BAA6B,EAAE,yBAAyB;IACxD,oBAAoB,EAAE,qBAAqB,EAAE,eAAe,EAAE,eAAe;IAC7E,mBAAmB,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,mBAAmB;CACnF,CAAC,CAAC;AAEH,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC;IACrC,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,oBAAoB;IAC5D,yBAAyB,EAAE,kBAAkB,EAAE,mBAAmB;IAClE,kBAAkB,EAAE,gBAAgB,EAAE,eAAe,EAAE,eAAe;IACtE,sBAAsB,EAAE,uBAAuB,EAAE,yBAAyB;CAC3E,CAAC,CAAC;AAEH,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC;IACnC,iBAAiB,EAAE,eAAe,EAAE,qBAAqB,EAAE,sBAAsB;IACjF,mBAAmB,EAAE,kBAAkB,EAAE,mBAAmB;IAC5D,eAAe,EAAE,gBAAgB,EAAE,kBAAkB;IACrD,yBAAyB,EAAE,qBAAqB,EAAE,qBAAqB;IACvE,kBAAkB,EAAE,kBAAkB,EAAE,kBAAkB;IAC1D,cAAc,EAAE,cAAc,EAAE,cAAc;IAC9C,eAAe,EAAE,eAAe,EAAE,eAAe;IACjD,wBAAwB,EAAE,wBAAwB,EAAE,wBAAwB;IAC5E,kBAAkB,EAAE,mBAAmB,EAAE,oBAAoB;CAC9D,CAAC,CAAC;AAEH,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC;IAC9B,mBAAmB,EAAE,aAAa,EAAE,eAAe;IACnD,mBAAmB,EAAE,6BAA6B;IAClD,qBAAqB,EAAE,eAAe;CACvC,CAAC,CAAC;AAEH,iFAAiF;AAEjF,MAAM,kBAAkB,GAKnB;IACH,IAAI,EAAE;QACJ,aAAa,EAAE;YACb,KAAK,EAAE,iCAAiC;YACxC,WAAW,EAAE,gFAAgF;SAC9F;QACD,cAAc,EAAE;YACd,KAAK,EAAE,sCAAsC;YAC7C,WAAW,EAAE,kFAAkF;SAChG;QACD,aAAa,EAAE;YACb,KAAK,EAAE,2BAA2B;YAClC,WAAW,EAAE,yFAAyF;SACvG;QACD,QAAQ,EAAE;YACR,KAAK,EAAE,qCAAqC;YAC5C,WAAW,EAAE,qFAAqF;SACnG;KACF;IACD,IAAI,EAAE;QACJ,aAAa,EAAE;YACb,KAAK,EAAE,wCAAwC;YAC/C,WAAW,EAAE,qFAAqF;SACnG;QACD,cAAc,EAAE;YACd,KAAK,EAAE,+CAA+C;YACtD,WAAW,EAAE,sFAAsF;SACpG;QACD,aAAa,EAAE;YACb,KAAK,EAAE,qCAAqC;YAC5C,WAAW,EAAE,4DAA4D;SAC1E;QACD,QAAQ,EAAE;YACR,KAAK,EAAE,4CAA4C;YACnD,WAAW,EAAE,4EAA4E;SAC1F;KACF;IACD,KAAK,EAAE;QACL,aAAa,EAAE;YACb,KAAK,EAAE,8BAA8B;YACrC,WAAW,EAAE,sFAAsF;SACpG;QACD,cAAc,EAAE;YACd,KAAK,EAAE,8BAA8B;YACrC,WAAW,EAAE,6EAA6E;SAC3F;QACD,aAAa,EAAE;YACb,KAAK,EAAE,qCAAqC;YAC5C,WAAW,EAAE,oEAAoE;SAClF;QACD,QAAQ,EAAE;YACR,KAAK,EAAE,+CAA+C;YACtD,WAAW,EAAE,iFAAiF;SAC/F;KACF;CACF,CAAC;AAEF,iFAAiF;AAEjF,SAAS,WAAW,CAAC,SAAiB;IACpC,IAAI,SAAS,KAAK,mBAAmB;QAAE,OAAO,UAAU,CAAC;IACzD,IAAI,SAAS,KAAK,aAAa,IAAI,SAAS,KAAK,mBAAmB;QAAE,OAAO,SAAS,CAAC;IACvF,IAAI,SAAS,KAAK,eAAe;QAAE,OAAO,SAAS,CAAC;IACpD,IAAI,SAAS,KAAK,WAAW;QAAE,OAAO,SAAS,CAAC;IAChD,IAAI,SAAS,KAAK,qBAAqB;QAAE,OAAO,SAAS,CAAC;IAC1D,IAAI,SAAS,KAAK,6BAA6B;QAAE,OAAO,SAAS,CAAC;IAClE,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,iFAAiF;AAEjF,SAAS,aAAa,CAAC,KAAiB;IACtC,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACpC,OAAO;QACL,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,SAAS;QAC/B,MAAM,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI;QAC9C,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,MAAM,EAAE,KAAK,CAAC,OAAO;QACrB,QAAQ,EAAE,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC;QACjC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;KAC9E,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,wBAAwB,CACtC,WAAwB,EACxB,SAA8B,EAC9B,OAIC;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5D,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,wBAAwB;IAEnH,iCAAiC;IACjC,MAAM,KAAK,GAAe;QACxB,KAAK,EAAE,WAAW;QAClB,KAAK,EAAE,SAAS;QAChB,KAAK,EAAE,MAAM,EAAE,kBAAkB;KAClC,CAAC;IACF,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAE7B,MAAM,eAAe,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IAEtD,gCAAgC;IAChC,MAAM,mBAAmB,GAAsB,EAAE,CAAC;IAClD,MAAM,oBAAoB,GAAsB,EAAE,CAAC;IACnD,MAAM,kBAAkB,GAAsB,EAAE,CAAC;IACjD,MAAM,cAAc,GAAsB,EAAE,CAAC;IAE7C,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IACjC,IAAI,YAAY,GAAG,CAAC,CAAC;IACrB,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,IAAI,aAAa,GAAG,CAAC,CAAC;IAEtB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,MAAM,UAAU,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;QACxC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAExB,IAAI,qBAAqB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1C,mBAAmB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACvC,CAAC;QACD,IAAI,sBAAsB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,oBAAoB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACxC,CAAC;QACD,IAAI,oBAAoB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACzC,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QACtC,CAAC;QACD,IAAI,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,cAAc,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAClC,CAAC;QAED,wBAAwB;QACxB,IAAI,KAAK,CAAC,IAAI,KAAK,mBAAmB;YAAE,YAAY,EAAE,CAAC;QACvD,IAAI,KAAK,CAAC,IAAI,KAAK,aAAa;YAAE,WAAW,EAAE,CAAC;QAChD,IAAI,KAAK,CAAC,IAAI,KAAK,aAAa;YAAE,WAAW,EAAE,CAAC;QAChD,IAAI,KAAK,CAAC,IAAI,KAAK,eAAe;YAAE,aAAa,EAAE,CAAC;IACtD,CAAC;IAED,OAAO;QACL,IAAI,EAAE;YACJ,SAAS;YACT,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,WAAW;YACX,SAAS;YACT,aAAa,EAAE,OAAO,CAAC,aAAa;YACpC,WAAW,EAAE,MAAM,CAAC,MAAM;SAC3B;QACD,QAAQ,EAAE;YACR;gBACE,GAAG,eAAe,CAAC,aAAa;gBAChC,MAAM,EAAE,mBAAmB;gBAC3B,KAAK,EAAE,mBAAmB,CAAC,MAAM;aAClC;YACD;gBACE,GAAG,eAAe,CAAC,cAAc;gBACjC,MAAM,EAAE,oBAAoB;gBAC5B,KAAK,EAAE,oBAAoB,CAAC,MAAM;aACnC;YACD;gBACE,GAAG,eAAe,CAAC,aAAa;gBAChC,MAAM,EAAE,kBAAkB;gBAC1B,KAAK,EAAE,kBAAkB,CAAC,MAAM;aACjC;YACD;gBACE,GAAG,eAAe,CAAC,QAAQ;gBAC3B,MAAM,EAAE,cAAc;gBACtB,KAAK,EAAE,cAAc,CAAC,MAAM;aAC7B;SACF;QACD,OAAO,EAAE;YACP,wBAAwB,EAAE,mBAAmB,CAAC,MAAM;YACpD,yBAAyB,EAAE,oBAAoB,CAAC,MAAM;YACtD,uBAAuB,EAAE,kBAAkB,CAAC,MAAM;YAClD,mBAAmB,EAAE,cAAc,CAAC,MAAM;YAC1C,YAAY;YACZ,WAAW;YACX,WAAW;YACX,aAAa;YACb,YAAY,EAAE,MAAM,CAAC,IAAI;SAC1B;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,qBAAqB,CAAC,MAAwB;IAC5D,MAAM,MAAM,GAAG,yDAAyD,CAAC;IACzE,MAAM,IAAI,GAAa,EAAE,CAAC;IAE1B,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtC,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnC,IAAI,CAAC,IAAI,CACP,IAAI,OAAO,CAAC,KAAK,KAAK,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,KAAK,CAAC,QAAQ,KAAK,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CACvK,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,CAAC,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtC,CAAC"}

package/dist/gate.d.ts CHANGED Viewed

@@ -46,6 +46,8 @@ export declare class Gate {
     onCreditsDeducted?: (apiKey: string, amount: number) => void;
     /** Optional hook called when auto-topup is triggered (for audit/webhook). */
     onAutoTopup?: (apiKey: string, amount: number, newBalance: number) => void;
+    /** Per-key webhook emitters (lazily created, keyed by API key prefix). */
+    private keyWebhooks;
     constructor(config: PayGateConfig, statePath?: string);
     /**
      * Evaluate a tool call request.
@@ -144,6 +146,15 @@ export declare class Gate {
      */
     updateConfig(patch: Partial<PayGateConfig>): string[];
     destroy(): void;
+    /**
+     * Get or create a per-key webhook emitter.
+     * Returns null if the key has no webhookUrl configured.
+     */
+    getKeyWebhook(apiKey: string): WebhookEmitter | null;
+    /**
+     * Remove cached per-key webhook emitter (called when webhook URL is cleared).
+     */
+    removeKeyWebhook(apiKey: string): void;
     private recordEvent;
 }
 //# sourceMappingURL=gate.d.ts.map

package/dist/gate.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"gate.d.ts","sourceRoot":"","sources":["../src/gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,UAAU,EAAE,cAAc,EAAE,YAAY,EAAe,aAAa,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAC7I,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,aAAa,EAAqB,MAAM,UAAU,CAAC;AAC5D,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAE3C,qBAAa,IAAI;IACf,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC;IACzB,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC;IAClC,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;IAC3B,yFAAyF;IACzF,OAAO,EAAE,cAAc,GAAG,IAAI,CAAC;IAC/B,gFAAgF;IAChF,aAAa,EAAE,aAAa,GAAG,IAAI,CAAC;IACpC,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IACpC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgB;IACvC,oDAAoD;IACpD,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,8DAA8D;IAC9D,YAAY,CAAC,EAAE,eAAe,CAAC;IAC/B,mEAAmE;IACnE,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACzF,uDAAuD;IACvD,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACzD,iFAAiF;IACjF,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,IAAI,CAAC;IAC3C,wEAAwE;IACxE,iBAAiB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7D,6EAA6E;IAC7E,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,KAAK,IAAI,CAAC;~~gBAE/D~~,MAAM,EAAE,aAAa,EAAE,SAAS,CAAC,EAAE,MAAM;IAwBrD;;OAEG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,EAAE,QAAQ,EAAE,cAAc,EAAE,QAAQ,CAAC,EAAE,MAAM,EAAE,gBAAgB,CAAC,EAAE,MAAM,EAAE,GAAG,YAAY;IAiNvH;;;;;;;;OAQG;IACH,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,QAAQ,CAAC,EAAE,MAAM,EAAE,gBAAgB,CAAC,EAAE,MAAM,EAAE,GAAG,eAAe;IA2S7H,oEAAoE;IACpE,OAAO,CAAC,iBAAiB;IAUzB;;OAEG;IACH,OAAO,CAAC,YAAY;IAgBpB;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IAcxB;;;OAGG;IACH,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC,EAAE,gBAAgB,CAAC,EAAE,MAAM,EAAE,GAAG,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC,GAAG,IAAI;IA+BjL;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAQrC;;;OAGG;IACH,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM;IA4BvF;;OAEG;IACH,SAAS,CAAC,SAAS,CAAC,EAAE,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;IAoB5B;;;OAGG;IACH,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAa/D,2CAA2C;IAC3C,IAAI,eAAe,IAAI,OAAO,CAE7B;IAED;;;;OAIG;IACH,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IA4BvC;;;;;;;OAOG;IACH,YAAY,CAAC,KAAK,EAAE,OAAO,CAAC,aAAa,CAAC,GAAG,MAAM,EAAE;IAsGrD,OAAO,IAAI,IAAI;~~IAKf~~,OAAO,CAAC,WAAW;~~CAwBpB~~"}
1	+ {"version":3,"file":"gate.d.ts","sourceRoot":"","sources":["../src/gate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,UAAU,EAAE,cAAc,EAAE,YAAY,EAAe,aAAa,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAC7I,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAC7C,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,aAAa,EAAqB,MAAM,UAAU,CAAC;AAC5D,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAE3C,qBAAa,IAAI;IACf,QAAQ,CAAC,KAAK,EAAE,QAAQ,CAAC;IACzB,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC;IAClC,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;IAC3B,yFAAyF;IACzF,OAAO,EAAE,cAAc,GAAG,IAAI,CAAC;IAC/B,gFAAgF;IAChF,aAAa,EAAE,aAAa,GAAG,IAAI,CAAC;IACpC,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC;IACpC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAgB;IACvC,oDAAoD;IACpD,aAAa,CAAC,EAAE,aAAa,CAAC;IAC9B,8DAA8D;IAC9D,YAAY,CAAC,EAAE,eAAe,CAAC;IAC/B,mEAAmE;IACnE,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACzF,uDAAuD;IACvD,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;IACzD,iFAAiF;IACjF,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,IAAI,CAAC;IAC3C,wEAAwE;IACxE,iBAAiB,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;IAC7D,6EAA6E;IAC7E,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,KAAK,IAAI,CAAC;IAC3E,0EAA0E;IAC1E,OAAO,CAAC,WAAW,CAAqC;gBAE5C,MAAM,EAAE,aAAa,EAAE,SAAS,CAAC,EAAE,MAAM;IAwBrD;;OAEG;IACH,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,EAAE,QAAQ,EAAE,cAAc,EAAE,QAAQ,CAAC,EAAE,MAAM,EAAE,gBAAgB,CAAC,EAAE,MAAM,EAAE,GAAG,YAAY;IAiNvH;;;;;;;;OAQG;IACH,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,QAAQ,CAAC,EAAE,MAAM,EAAE,gBAAgB,CAAC,EAAE,MAAM,EAAE,GAAG,eAAe;IA2S7H,oEAAoE;IACpE,OAAO,CAAC,iBAAiB;IAUzB;;OAEG;IACH,OAAO,CAAC,YAAY;IAgBpB;;;OAGG;IACH,OAAO,CAAC,gBAAgB;IAcxB;;;OAGG;IACH,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC,EAAE,gBAAgB,CAAC,EAAE,MAAM,EAAE,GAAG,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,CAAC,CAAC,EAAE,MAAM,GAAG,OAAO,CAAA;KAAE,CAAC,GAAG,IAAI;IA+BjL;;OAEG;IACH,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IAQrC;;;OAGG;IACH,YAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM;IA4BvF;;OAEG;IACH,SAAS,CAAC,SAAS,CAAC,EAAE,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;IAoB5B;;;OAGG;IACH,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAa/D,2CAA2C;IAC3C,IAAI,eAAe,IAAI,OAAO,CAE7B;IAED;;;;OAIG;IACH,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO;IA4BvC;;;;;;;OAOG;IACH,YAAY,CAAC,KAAK,EAAE,OAAO,CAAC,aAAa,CAAC,GAAG,MAAM,EAAE;IAsGrD,OAAO,IAAI,IAAI;IAUf;;;OAGG;IACH,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI;IA6BpD;;OAEG;IACH,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI;IAStC,OAAO,CAAC,WAAW;CA6BpB"}

package/dist/gate.js CHANGED Viewed

@@ -16,6 +16,7 @@ exports.Gate = void 0;
 const store_1 = require("./store");
 const rate_limiter_1 = require("./rate-limiter");
 const meter_1 = require("./meter");
+const webhook_1 = require("./webhook");
 const webhook_router_1 = require("./webhook-router");
 const quota_1 = require("./quota");
 class Gate {
@@ -42,6 +43,8 @@ class Gate {
     onCreditsDeducted;
     /** Optional hook called when auto-topup is triggered (for audit/webhook). */
     onAutoTopup;
+    /** Per-key webhook emitters (lazily created, keyed by API key prefix). */
+    keyWebhooks = new Map();
     constructor(config, statePath) {
         this.config = config;
         this.store = new store_1.KeyStore(statePath);
@@ -836,6 +839,51 @@ class Gate {
     destroy() {
         this.rateLimiter.destroy();
         this.webhook?.destroy();
+        // Destroy per-key webhook emitters
+        for (const emitter of this.keyWebhooks.values()) {
+            emitter.destroy();
+        }
+        this.keyWebhooks.clear();
+    }
+    /**
+     * Get or create a per-key webhook emitter.
+     * Returns null if the key has no webhookUrl configured.
+     */
+    getKeyWebhook(apiKey) {
+        const keyRecord = this.store.getKey(apiKey);
+        if (!keyRecord?.webhookUrl)
+            return null;
+        const prefix = apiKey.slice(0, 10);
+        const existing = this.keyWebhooks.get(prefix);
+        // Return cached if URL hasn't changed
+        if (existing && existing.url === keyRecord.webhookUrl) {
+            return existing;
+        }
+        // Destroy old emitter if URL changed
+        if (existing) {
+            existing.destroy();
+        }
+        // Create new emitter for this key
+        const emitter = new webhook_1.WebhookEmitter(keyRecord.webhookUrl, {
+            secret: keyRecord.webhookSecret || null,
+            batchSize: 10,
+            flushIntervalMs: 5000,
+            maxRetries: 3,
+            ssrfCheckOnDelivery: this.config.webhookSsrfAtDelivery ?? true,
+        });
+        this.keyWebhooks.set(prefix, emitter);
+        return emitter;
+    }
+    /**
+     * Remove cached per-key webhook emitter (called when webhook URL is cleared).
+     */
+    removeKeyWebhook(apiKey) {
+        const prefix = apiKey.slice(0, 10);
+        const existing = this.keyWebhooks.get(prefix);
+        if (existing) {
+            existing.destroy();
+            this.keyWebhooks.delete(prefix);
+        }
     }
     recordEvent(apiKey, keyName, tool, creditsCharged, allowed, denyReason, namespace) {
         const event = {
@@ -856,6 +904,11 @@ class Gate {
         else if (this.webhook) {
             this.webhook.emit(event);
         }
+        // Per-key webhook: also emit to key-specific webhook URL
+        const keyWebhook = this.getKeyWebhook(apiKey);
+        if (keyWebhook) {
+            keyWebhook.emit(event);
+        }
         this.onUsageEvent?.(event);
     }
 }