ppussh 0.1.0

package/dist/accounts/namespace.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"namespace.js","sourceRoot":"","sources":["../../src/accounts/namespace.ts"],"names":[],"mappings":";AAAA,mCAAmC;AACnC;;;;;;;;;;;;;;;;;;;;GAoBG;;;AAGH,mCAQiB;AAEjB,MAAa,iBAAiB;IAU5B,YACE,SAAwB,EACxB,OAAwE;QANlE,iBAAY,GAAkB,IAAI,CAAC;QACnC,kBAAa,GAAkB,IAAI,CAAC;QACpC,oBAAe,GAAgB,IAAI,CAAC;QAM1C,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC;QACvB,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC;QAClC,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,YAAY,CAAC;QAC1C,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC;IAC1C,CAAC;IAED,8EAA8E;IAE9E;;;;;;;;;;;;;;OAcG;IACH,aAAa,CACX,WAAmB,EACnB,KAAa,EACb,IAA2B;QAE3B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YACjC,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,YAAY,EAAE,WAAW;YACzB,KAAK;SACN,CAAC,CAAC;QACH,IAAI,IAAI,EAAE,OAAO,EAAE,CAAC;YAClB,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;QACnC,CAAC;QACD,OAAO,GAAG,IAAI,CAAC,YAAY,UAAU,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;IAC3D,CAAC;IAED,8EAA8E;IAE9E;;;;;;;;;;;;;;OAcG;IACH,KAAK,CAAC,YAAY,CAAC,IAAY,EAAE,WAAmB;QAClD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,cAAc,EAAE;YAChE,IAAI,EAAE;gBACJ,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,aAAa,EAAE,IAAI,CAAC,aAAa;gBACjC,YAAY,EAAE,WAAW;aAC1B;SACF,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAqB,CAAC;QAC7C,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,OAAO,CAAC,YAAqB;QACjC,MAAM,UAAU,GAAG,YAAY,IAAI,IAAI,CAAC,aAAa,CAAC;QACtD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CACb,4CAA4C;gBAC1C,4DAA4D,CAC/D,CAAC;QACJ,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,cAAc,EAAE;YAChE,IAAI,EAAE;gBACJ,UAAU,EAAE,eAAe;gBAC3B,aAAa,EAAE,UAAU;gBACzB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,aAAa,EAAE,IAAI,CAAC,aAAa;aAClC;SACF,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAqB,CAAC;QAC7C,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,8EAA8E;IAE9E;;;;;;;;;OASG;IACH,KAAK,CAAC,WAAW,CAAC,WAAmB;QACnC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,oBAAoB,EAAE;YACrE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;SACpD,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,IAAyB,CAAC;IAC5C,CAAC;IAED,8EAA8E;IAE9E;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,MAAM,CAAC,YAAqB;QAChC,MAAM,UAAU,GAAG,YAAY,IAAI,IAAI,CAAC,aAAa,CAAC;QACtD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CACb,4CAA4C;gBAC1C,4DAA4D,CAC/D,CAAC;QACJ,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,eAAe,EAAE;YACjE,IAAI,EAAE;gBACJ,aAAa,EAAE,UAAU;gBACzB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,aAAa,EAAE,IAAI,CAAC,aAAa;aAClC;SACF,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,QAAQ,CAAC,IAAoB,CAAC;QAC7C,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,SAAS,CAAC,WAAoB;QAClC,MAAM,UAAU,GAAG,WAAW,IAAI,IAAI,CAAC,YAAY,CAAC;QACpD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CACb,2CAA2C;gBACzC,2DAA2D,CAC9D,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,cAAc,EAAE;YAC/C,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,UAAU,EAAE,EAAE;SACnD,CAAC,CAAC;QACH,IAAI,CAAC,YAAY,EAAE,CAAC;IACtB,CAAC;IAED,8EAA8E;IAE9E;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,aAAa,CAAC,SAAiB,EAAE,WAAoB;QACzD,MAAM,UAAU,GAAG,WAAW,IAAI,IAAI,CAAC,YAAY,CAAC;QACpD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CACb,2CAA2C;gBACzC,2DAA2D,CAC9D,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,kBAAkB,SAAS,EAAE,EAAE;YAChE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,UAAU,EAAE,EAAE;SACnD,CAAC,CAAC;IACL,CAAC;IAED,8EAA8E;IAE9E;;;;;;;OAOG;IACH,KAAK,CAAC,OAAO,CAAC,WAAoB;QAChC,MAAM,UAAU,GAAG,WAAW,IAAI,IAAI,CAAC,YAAY,CAAC;QACpD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CACb,2CAA2C;gBACzC,2DAA2D,CAC9D,CAAC;QACJ,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,EAAE;YAC5D,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,UAAU,EAAE,EAAE;SACnD,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,IAAmB,CAAC;IACtC,CAAC;IAED,8EAA8E;IAE9E;;;;OAIG;IACH,KAAK,CAAC,eAAe,CAAC,WAAoB;QACxC,MAAM,UAAU,GAAG,WAAW,IAAI,IAAI,CAAC,YAAY,CAAC;QACpD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,wBAAwB,EAAE;YACzE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,UAAU,EAAE,EAAE;SACnD,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,IAA6B,CAAC;IAChD,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,WAAW,CAAC,WAAoB;QACpC,MAAM,UAAU,GAAG,WAAW,IAAI,IAAI,CAAC,YAAY,CAAC;QACpD,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;QAC9D,CAAC;QACD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,oBAAoB,EAAE;YACrE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,UAAU,EAAE,EAAE;SACnD,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,IAAyB,CAAC;IAC5C,CAAC;IAED,8EAA8E;IAEtE,YAAY,CAAC,KAAoB;QACvC,IAAI,CAAC,YAAY,GAAG,IAAA,4BAAoB,EAAC,KAAK,CAAC,CAAC;QAChD,IAAI,CAAC,aAAa,GAAG,KAAK,CAAC,aAAa,CAAC;QACzC,IAAI,CAAC,eAAe,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACxE,CAAC;IAEO,YAAY;QAClB,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;QACzB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;QAC1B,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;IAC9B,CAAC;IAED,iDAAiD;IACjD,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,kDAAkD;IAClD,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAED,mEAAmE;IACnE,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;CACF;AAtTD,8CAsTC"}

package/dist/accounts/types.d.ts

@@ -0,0 +1,81 @@
+/**
+ * TypeScript interfaces for every response shape returned by the Accounts service.
+ *
+ * Mirror of the Python SDK's accounts/models.py — kept in sync manually.
+ */
+/** Minimal user profile embedded inside a TokenResponse. */
+export interface UserInToken {
+    id: string;
+    email: string;
+    name: string | null;
+    email_verified: boolean;
+    picture_url: string | null;
+    is_superuser: boolean;
+}
+/**
+ * Response from POST /oauth/token (both grant types).
+ *
+ * Exactly one of access_token / admin_access_token is populated:
+ * - Regular users  → access_token is set, admin_access_token is null.
+ * - Superusers     → admin_access_token is set, access_token is null.
+ */
+export interface TokenResponse {
+    access_token: string | null;
+    admin_access_token: string | null;
+    refresh_token: string;
+    token_type: string;
+    expires_in: number;
+    user: UserInToken;
+}
+/** Returns whichever access token is present (regular or admin). */
+export declare function effectiveAccessToken(token: TokenResponse): string | null;
+/** Response from GET /auth/verify-token. */
+export interface VerifyTokenResult {
+    valid: boolean;
+    type: "access" | "admin_access";
+    user_id: string;
+    email: string;
+}
+/** Full user profile returned by GET /users/me. */
+export interface UserProfile {
+    id: string;
+    email: string;
+    name: string | null;
+    picture_url: string | null;
+    is_superuser: boolean;
+    is_active: boolean;
+    is_verified: boolean;
+    created_at: string;
+    updated_at: string | null;
+}
+/** Response from POST /oauth/logout. */
+export interface LogoutResult {
+    ok: boolean;
+    sessions_revoked: number;
+    products_notified: number;
+}
+/** Single entitlement entry from GET /users/me/entitlements. */
+export interface EntitlementResponse {
+    product_id: string;
+    client_id: string;
+    name: string;
+    slug: string;
+    granted_at: string;
+}
+/** Single session entry from GET /users/me/sessions. */
+export interface SessionResponse {
+    session_id: string;
+    ip_address: string | null;
+    user_agent: string | null;
+    country: string | null;
+    city: string | null;
+    region: string | null;
+    browser: string | null;
+    os: string | null;
+    device_type: string | null;
+    device_name: string | null;
+    created_at: string;
+    last_used_at: string;
+    is_current: boolean;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/accounts/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/accounts/types.ts"],"names":[],"mappings":"AACA;;;;GAIG;AAIH,4DAA4D;AAC5D,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,YAAY,EAAE,OAAO,CAAC;CACvB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,WAAW,CAAC;CACnB;AAED,oEAAoE;AACpE,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,aAAa,GAAG,MAAM,GAAG,IAAI,CAExE;AAID,4CAA4C;AAC5C,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,IAAI,EAAE,QAAQ,GAAG,cAAc,CAAC;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;CACf;AAID,mDAAmD;AACnD,MAAM,WAAW,WAAW;IAC1B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,YAAY,EAAE,OAAO,CAAC;IACtB,SAAS,EAAE,OAAO,CAAC;IACnB,WAAW,EAAE,OAAO,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAID,wCAAwC;AACxC,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,OAAO,CAAC;IACZ,gBAAgB,EAAE,MAAM,CAAC;IACzB,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAID,gEAAgE;AAChE,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,wDAAwD;AACxD,MAAM,WAAW,eAAe;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,EAAE,EAAE,MAAM,GAAG,IAAI,CAAC;IAClB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,OAAO,CAAC;CACrB"}

package/dist/accounts/types.js

@@ -0,0 +1,14 @@
+"use strict";
+// ppussh/src/accounts/types.ts
+/**
+ * TypeScript interfaces for every response shape returned by the Accounts service.
+ *
+ * Mirror of the Python SDK's accounts/models.py — kept in sync manually.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.effectiveAccessToken = effectiveAccessToken;
+/** Returns whichever access token is present (regular or admin). */
+function effectiveAccessToken(token) {
+    return token.access_token ?? token.admin_access_token;
+}
+//# sourceMappingURL=types.js.map

package/dist/accounts/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/accounts/types.ts"],"names":[],"mappings":";AAAA,+BAA+B;AAC/B;;;;GAIG;;AA+BH,oDAEC;AAHD,oEAAoE;AACpE,SAAgB,oBAAoB,CAAC,KAAoB;IACvD,OAAO,KAAK,CAAC,YAAY,IAAI,KAAK,CAAC,kBAAkB,CAAC;AACxD,CAAC"}

package/dist/client.d.ts

@@ -0,0 +1,67 @@
+/**
+ * PpusshClient — the unified entry point for the PPUSSH Ecosystem TypeScript SDK.
+ *
+ * URL resolution order (highest → lowest priority):
+ *   1. Explicit constructor option (accountsUrl, paymentsUrl)
+ *   2. Environment variable (PPUSSH_ACCOUNTS_URL, PPUSSH_PAYMENTS_URL)
+ *
+ * Both URLs are **required** — an Error is thrown at construction time if
+ * neither a constructor option nor an env var is present for a given service.
+ *
+ * Usage — minimal:
+ *
+ *   import { PpusshClient } from "ppussh";
+ *
+ *   const client = new PpusshClient({
+ *     clientId: "your-product-client-id",
+ *     clientSecret: "your-product-client-secret",
+ *     paymentsAdminKey: "your-payments-admin-key", // optional
+ *   });
+ *
+ *   // OIDC callback handler (e.g. Express / Fastify route)
+ *   const token = await client.accounts.exchangeCode(code, redirectUri);
+ *
+ *   // Token verification middleware
+ *   const result = await client.accounts.verifyToken(bearerToken);
+ *
+ *   // Billing
+ *   const customer = await client.payments.createCustomer(token.user.id);
+ */
+import { AccountsNamespace } from "./accounts/namespace";
+import { PaymentsNamespace } from "./payments/namespace";
+export interface PpusshClientOptions {
+    /** Your product's client_id UUID (from the Accounts admin console). */
+    clientId: string;
+    /** Your product's client_secret. Server-side only — never expose in browser code. */
+    clientSecret: string;
+    /**
+     * Static admin API key for the Payments service.
+     * Required for payments.listPlans(), getMrr(), getProductByAccountsId().
+     */
+    paymentsAdminKey?: string;
+    /**
+     * Accounts service base URL. Falls back to the PPUSSH_ACCOUNTS_URL env var.
+     * Required — one of the two must be set.
+     */
+    accountsUrl?: string;
+    /**
+     * Payments service base URL. Falls back to the PPUSSH_PAYMENTS_URL env var.
+     * Required — one of the two must be set.
+     */
+    paymentsUrl?: string;
+}
+export declare class PpusshClient {
+    readonly accounts: AccountsNamespace;
+    readonly payments: PaymentsNamespace;
+    private readonly _accountsUrl;
+    private readonly _paymentsUrl;
+    private readonly _accountsTransport;
+    private readonly _paymentsTransport;
+    constructor(options: PpusshClientOptions);
+    /** Resolved Accounts service base URL. */
+    get accountsUrl(): string;
+    /** Resolved Payments service base URL. */
+    get paymentsUrl(): string;
+    toString(): string;
+}
+//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAEzD,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAiBzD,MAAM,WAAW,mBAAmB;IAClC,uEAAuE;IACvE,QAAQ,EAAE,MAAM,CAAC;IACjB,qFAAqF;IACrF,YAAY,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,qBAAa,YAAY;IACvB,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC;IACrC,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC;IAErC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAgB;IACnD,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAgB;gBAEvC,OAAO,EAAE,mBAAmB;IAqBxC,0CAA0C;IAC1C,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,0CAA0C;IAC1C,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,QAAQ,IAAI,MAAM;CAGnB"}

package/dist/client.js

@@ -0,0 +1,81 @@
+"use strict";
+// ppussh/src/client.ts
+/**
+ * PpusshClient — the unified entry point for the PPUSSH Ecosystem TypeScript SDK.
+ *
+ * URL resolution order (highest → lowest priority):
+ *   1. Explicit constructor option (accountsUrl, paymentsUrl)
+ *   2. Environment variable (PPUSSH_ACCOUNTS_URL, PPUSSH_PAYMENTS_URL)
+ *
+ * Both URLs are **required** — an Error is thrown at construction time if
+ * neither a constructor option nor an env var is present for a given service.
+ *
+ * Usage — minimal:
+ *
+ *   import { PpusshClient } from "ppussh";
+ *
+ *   const client = new PpusshClient({
+ *     clientId: "your-product-client-id",
+ *     clientSecret: "your-product-client-secret",
+ *     paymentsAdminKey: "your-payments-admin-key", // optional
+ *   });
+ *
+ *   // OIDC callback handler (e.g. Express / Fastify route)
+ *   const token = await client.accounts.exchangeCode(code, redirectUri);
+ *
+ *   // Token verification middleware
+ *   const result = await client.accounts.verifyToken(bearerToken);
+ *
+ *   // Billing
+ *   const customer = await client.payments.createCustomer(token.user.id);
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PpusshClient = void 0;
+const namespace_1 = require("./accounts/namespace");
+const http_1 = require("./http");
+const namespace_2 = require("./payments/namespace");
+// ── Environment variable names ───────────────────────────────────────────────
+const ENV_ACCOUNTS_URL = "PPUSSH_ACCOUNTS_URL";
+const ENV_PAYMENTS_URL = "PPUSSH_PAYMENTS_URL";
+function resolveUrl(kwarg, envVar, label) {
+    if (kwarg)
+        return kwarg.replace(/\/$/, "");
+    const envVal = typeof process !== "undefined" ? process.env[envVar] : undefined;
+    if (envVal)
+        return envVal.replace(/\/$/, "");
+    throw new Error(`${label} URL is required. ` +
+        `Pass it as a constructor option or set the ${envVar} environment variable.`);
+}
+class PpusshClient {
+    constructor(options) {
+        if (!options.clientId)
+            throw new Error("clientId must not be empty.");
+        if (!options.clientSecret)
+            throw new Error("clientSecret must not be empty.");
+        this._accountsUrl = resolveUrl(options.accountsUrl, ENV_ACCOUNTS_URL, "Accounts");
+        this._paymentsUrl = resolveUrl(options.paymentsUrl, ENV_PAYMENTS_URL, "Payments");
+        this._accountsTransport = new http_1.HttpTransport(this._accountsUrl);
+        this._paymentsTransport = new http_1.HttpTransport(this._paymentsUrl);
+        this.accounts = new namespace_1.AccountsNamespace(this._accountsTransport, {
+            clientId: options.clientId,
+            clientSecret: options.clientSecret,
+            accountsUrl: this._accountsUrl,
+        });
+        this.payments = new namespace_2.PaymentsNamespace(this._paymentsTransport, {
+            adminKey: options.paymentsAdminKey,
+        });
+    }
+    /** Resolved Accounts service base URL. */
+    get accountsUrl() {
+        return this._accountsUrl;
+    }
+    /** Resolved Payments service base URL. */
+    get paymentsUrl() {
+        return this._paymentsUrl;
+    }
+    toString() {
+        return `PpusshClient(accountsUrl=${this._accountsUrl}, paymentsUrl=${this._paymentsUrl})`;
+    }
+}
+exports.PpusshClient = PpusshClient;
+//# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":";AAAA,uBAAuB;AACvB;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;;;AAEH,oDAAyD;AACzD,iCAAuC;AACvC,oDAAyD;AAEzD,gFAAgF;AAChF,MAAM,gBAAgB,GAAG,qBAAqB,CAAC;AAC/C,MAAM,gBAAgB,GAAG,qBAAqB,CAAC;AAE/C,SAAS,UAAU,CAAC,KAAyB,EAAE,MAAc,EAAE,KAAa;IAC1E,IAAI,KAAK;QAAE,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC3C,MAAM,MAAM,GACV,OAAO,OAAO,KAAK,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACnE,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC7C,MAAM,IAAI,KAAK,CACb,GAAG,KAAK,oBAAoB;QAC1B,8CAA8C,MAAM,wBAAwB,CAC/E,CAAC;AACJ,CAAC;AAwBD,MAAa,YAAY;IASvB,YAAY,OAA4B;QACtC,IAAI,CAAC,OAAO,CAAC,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACtE,IAAI,CAAC,OAAO,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QAE9E,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,WAAW,EAAE,gBAAgB,EAAE,UAAU,CAAC,CAAC;QAClF,IAAI,CAAC,YAAY,GAAG,UAAU,CAAC,OAAO,CAAC,WAAW,EAAE,gBAAgB,EAAE,UAAU,CAAC,CAAC;QAElF,IAAI,CAAC,kBAAkB,GAAG,IAAI,oBAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC/D,IAAI,CAAC,kBAAkB,GAAG,IAAI,oBAAa,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAE/D,IAAI,CAAC,QAAQ,GAAG,IAAI,6BAAiB,CAAC,IAAI,CAAC,kBAAkB,EAAE;YAC7D,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;YAClC,WAAW,EAAE,IAAI,CAAC,YAAY;SAC/B,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,GAAG,IAAI,6BAAiB,CAAC,IAAI,CAAC,kBAAkB,EAAE;YAC7D,QAAQ,EAAE,OAAO,CAAC,gBAAgB;SACnC,CAAC,CAAC;IACL,CAAC;IAED,0CAA0C;IAC1C,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,0CAA0C;IAC1C,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,QAAQ;QACN,OAAO,4BAA4B,IAAI,CAAC,YAAY,iBAAiB,IAAI,CAAC,YAAY,GAAG,CAAC;IAC5F,CAAC;CACF;AA3CD,oCA2CC"}

package/dist/errors.d.ts

@@ -0,0 +1,81 @@
+/**
+ * Typed exception hierarchy for the PPUSSH TypeScript SDK.
+ *
+ * All errors carry the raw HTTP status and response body so callers
+ * can inspect them without parsing generic message strings.
+ *
+ * Hierarchy:
+ *   PpusshError                 ← base; always catch this for a catch-all
+ *   ├── PpusshAuthError         ← 401 from any endpoint
+ *   ├── PpusshConsentRequired   ← 403 with status="CONSENT_REQUIRED"
+ *   ├── PpusshPaymentError      ← non-2xx from the Payments service
+ *   └── PpusshNetworkError      ← all retries exhausted / connection error
+ */
+export declare class PpusshError extends Error {
+    readonly statusCode: number | null;
+    readonly responseBody: unknown;
+    constructor(message: string, options?: {
+        statusCode?: number | null;
+        responseBody?: unknown;
+    });
+}
+/**
+ * Raised on 401 responses from any PPUSSH endpoint.
+ *
+ * Common causes:
+ * - Invalid or expired access token passed to verifyToken()
+ * - Bad client_secret during exchangeCode() / refresh() / logout()
+ * - Authorization code already used or expired
+ * - Refresh token replayed (all sessions are revoked server-side)
+ */
+export declare class PpusshAuthError extends PpusshError {
+    constructor(message: string, options?: {
+        statusCode?: number | null;
+        responseBody?: unknown;
+    });
+}
+/**
+ * Raised when the Accounts service returns HTTP 403 with
+ * `status = "CONSENT_REQUIRED"`.
+ *
+ * The user has not granted consent for your product. Redirect the user
+ * to the Accounts consent screen.
+ */
+export declare class PpusshConsentRequired extends PpusshError {
+    readonly clientId: string;
+    readonly productName: string;
+    readonly productDescription: string;
+    constructor(message: string, options?: {
+        clientId?: string;
+        productName?: string;
+        productDescription?: string;
+        statusCode?: number | null;
+        responseBody?: unknown;
+    });
+}
+/**
+ * Raised on non-2xx responses from the Payments service.
+ *
+ * `code` is the machine-readable error code from the Payments API
+ * (e.g. "customer_not_found", "provider_unavailable").
+ */
+export declare class PpusshPaymentError extends PpusshError {
+    readonly code: string | null;
+    constructor(message: string, options?: {
+        code?: string | null;
+        statusCode?: number | null;
+        responseBody?: unknown;
+    });
+}
+/**
+ * Raised when all retry attempts are exhausted or a connection-level
+ * error occurs (refused connection, DNS failure, timeout).
+ */
+export declare class PpusshNetworkError extends PpusshError {
+    constructor(message: string, options?: {
+        statusCode?: number | null;
+        responseBody?: unknown;
+        cause?: unknown;
+    });
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;GAYG;AAEH,qBAAa,WAAY,SAAQ,KAAK;IACpC,QAAQ,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC;gBAG7B,OAAO,EAAE,MAAM,EACf,OAAO,GAAE;QAAE,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,YAAY,CAAC,EAAE,OAAO,CAAA;KAAO;CASvE;AAED;;;;;;;;GAQG;AACH,qBAAa,eAAgB,SAAQ,WAAW;gBAE5C,OAAO,EAAE,MAAM,EACf,OAAO,GAAE;QAAE,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,YAAY,CAAC,EAAE,OAAO,CAAA;KAAO;CAMvE;AAED;;;;;;GAMG;AACH,qBAAa,qBAAsB,SAAQ,WAAW;IACpD,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;gBAGlC,OAAO,EAAE,MAAM,EACf,OAAO,GAAE;QACP,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC3B,YAAY,CAAC,EAAE,OAAO,CAAC;KACnB;CAST;AAED;;;;;GAKG;AACH,qBAAa,kBAAmB,SAAQ,WAAW;IACjD,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;gBAG3B,OAAO,EAAE,MAAM,EACf,OAAO,GAAE;QACP,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QACrB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAC3B,YAAY,CAAC,EAAE,OAAO,CAAC;KACnB;CAOT;AAED;;;GAGG;AACH,qBAAa,kBAAmB,SAAQ,WAAW;gBAE/C,OAAO,EAAE,MAAM,EACf,OAAO,GAAE;QAAE,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;QAAC,YAAY,CAAC,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,OAAO,CAAA;KAAO;CASxF"}

package/dist/errors.js

@@ -0,0 +1,94 @@
+"use strict";
+// ppussh/src/errors.ts
+/**
+ * Typed exception hierarchy for the PPUSSH TypeScript SDK.
+ *
+ * All errors carry the raw HTTP status and response body so callers
+ * can inspect them without parsing generic message strings.
+ *
+ * Hierarchy:
+ *   PpusshError                 ← base; always catch this for a catch-all
+ *   ├── PpusshAuthError         ← 401 from any endpoint
+ *   ├── PpusshConsentRequired   ← 403 with status="CONSENT_REQUIRED"
+ *   ├── PpusshPaymentError      ← non-2xx from the Payments service
+ *   └── PpusshNetworkError      ← all retries exhausted / connection error
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PpusshNetworkError = exports.PpusshPaymentError = exports.PpusshConsentRequired = exports.PpusshAuthError = exports.PpusshError = void 0;
+class PpusshError extends Error {
+    constructor(message, options = {}) {
+        super(message);
+        this.name = "PpusshError";
+        this.statusCode = options.statusCode ?? null;
+        this.responseBody = options.responseBody ?? null;
+        // Maintain proper prototype chain in transpiled ES5 output
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+exports.PpusshError = PpusshError;
+/**
+ * Raised on 401 responses from any PPUSSH endpoint.
+ *
+ * Common causes:
+ * - Invalid or expired access token passed to verifyToken()
+ * - Bad client_secret during exchangeCode() / refresh() / logout()
+ * - Authorization code already used or expired
+ * - Refresh token replayed (all sessions are revoked server-side)
+ */
+class PpusshAuthError extends PpusshError {
+    constructor(message, options = {}) {
+        super(message, { statusCode: options.statusCode ?? 401, ...options });
+        this.name = "PpusshAuthError";
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+exports.PpusshAuthError = PpusshAuthError;
+/**
+ * Raised when the Accounts service returns HTTP 403 with
+ * `status = "CONSENT_REQUIRED"`.
+ *
+ * The user has not granted consent for your product. Redirect the user
+ * to the Accounts consent screen.
+ */
+class PpusshConsentRequired extends PpusshError {
+    constructor(message, options = {}) {
+        super(message, { statusCode: options.statusCode ?? 403, responseBody: options.responseBody });
+        this.name = "PpusshConsentRequired";
+        this.clientId = options.clientId ?? "";
+        this.productName = options.productName ?? "";
+        this.productDescription = options.productDescription ?? "";
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+exports.PpusshConsentRequired = PpusshConsentRequired;
+/**
+ * Raised on non-2xx responses from the Payments service.
+ *
+ * `code` is the machine-readable error code from the Payments API
+ * (e.g. "customer_not_found", "provider_unavailable").
+ */
+class PpusshPaymentError extends PpusshError {
+    constructor(message, options = {}) {
+        super(message, { statusCode: options.statusCode, responseBody: options.responseBody });
+        this.name = "PpusshPaymentError";
+        this.code = options.code ?? null;
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+exports.PpusshPaymentError = PpusshPaymentError;
+/**
+ * Raised when all retry attempts are exhausted or a connection-level
+ * error occurs (refused connection, DNS failure, timeout).
+ */
+class PpusshNetworkError extends PpusshError {
+    constructor(message, options = {}) {
+        super(message, { statusCode: options.statusCode, responseBody: options.responseBody });
+        this.name = "PpusshNetworkError";
+        if (options.cause) {
+            this.cause = options.cause;
+        }
+        Object.setPrototypeOf(this, new.target.prototype);
+    }
+}
+exports.PpusshNetworkError = PpusshNetworkError;
+//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":";AAAA,uBAAuB;AACvB;;;;;;;;;;;;GAYG;;;AAEH,MAAa,WAAY,SAAQ,KAAK;IAIpC,YACE,OAAe,EACf,UAAkE,EAAE;QAEpE,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,aAAa,CAAC;QAC1B,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,IAAI,CAAC;QAC7C,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,IAAI,CAAC;QACjD,2DAA2D;QAC3D,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAfD,kCAeC;AAED;;;;;;;;GAQG;AACH,MAAa,eAAgB,SAAQ,WAAW;IAC9C,YACE,OAAe,EACf,UAAkE,EAAE;QAEpE,KAAK,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,GAAG,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;QACtE,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC;QAC9B,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AATD,0CASC;AAED;;;;;;GAMG;AACH,MAAa,qBAAsB,SAAQ,WAAW;IAKpD,YACE,OAAe,EACf,UAMI,EAAE;QAEN,KAAK,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,IAAI,GAAG,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;QAC9F,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;QACpC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,EAAE,CAAC;QACvC,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,EAAE,CAAC;QAC7C,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,IAAI,EAAE,CAAC;QAC3D,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAtBD,sDAsBC;AAED;;;;;GAKG;AACH,MAAa,kBAAmB,SAAQ,WAAW;IAGjD,YACE,OAAe,EACf,UAII,EAAE;QAEN,KAAK,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;QACvF,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;QACjC,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC;QACjC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAhBD,gDAgBC;AAED;;;GAGG;AACH,MAAa,kBAAmB,SAAQ,WAAW;IACjD,YACE,OAAe,EACf,UAAmF,EAAE;QAErF,KAAK,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;QACvF,IAAI,CAAC,IAAI,GAAG,oBAAoB,CAAC;QACjC,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;YACjB,IAA4B,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;QACtD,CAAC;QACD,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACpD,CAAC;CACF;AAZD,gDAYC"}

package/dist/http.d.ts

@@ -0,0 +1,30 @@
+/**
+ * Shared HTTP transport layer for the PPUSSH TypeScript SDK.
+ *
+ * Responsibilities:
+ * - Owns an Axios instance per base URL.
+ * - Implements the retry policy:
+ *     5xx errors  → up to MAX_RETRIES attempts, exponential back-off (500ms, 1s, 2s).
+ *     429         → respects Retry-After header; falls back to 1s default.
+ *     4xx (≠ 429) → never retried; raised immediately.
+ *     Network errors → treated like 5xx for retry purposes.
+ * - Raises typed PpusshError subclasses; callers never see raw Axios errors.
+ */
+import { AxiosResponse } from "axios";
+export interface RequestOptions {
+    headers?: Record<string, string>;
+    /** JSON body */
+    json?: unknown;
+    /** Form-encoded body (application/x-www-form-urlencoded) */
+    form?: Record<string, string>;
+    /** Query string parameters */
+    params?: Record<string, string | number | boolean | undefined>;
+    /** Set to true when calling the Payments service for correct error parsing */
+    isPayments?: boolean;
+}
+export declare class HttpTransport {
+    private readonly _client;
+    constructor(baseUrl: string);
+    request(method: string, path: string, options?: RequestOptions): Promise<AxiosResponse>;
+}
+//# sourceMappingURL=http.d.ts.map

package/dist/http.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;GAWG;AAEH,OAAc,EAGZ,aAAa,EAEd,MAAM,OAAO,CAAC;AAgGf,MAAM,WAAW,cAAc;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,gBAAgB;IAChB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,4DAA4D;IAC5D,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9B,8BAA8B;IAC9B,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC,CAAC;IAC/D,8EAA8E;IAC9E,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAID,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAgB;gBAE5B,OAAO,EAAE,MAAM;IAarB,OAAO,CACX,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,OAAO,GAAE,cAAmB,GAC3B,OAAO,CAAC,aAAa,CAAC;CAsF1B"}