ppussh 0.1.0

package/dist/payments/namespace.js

@@ -0,0 +1,229 @@
+"use strict";
+// ppussh/src/payments/namespace.ts
+/**
+ * PaymentsNamespace — customer, subscription, and plan operations.
+ *
+ * Auth model:
+ * - Customer + subscription endpoints (POST /customers, POST /subscriptions, etc.)
+ *   are unauthenticated at the HTTP level — the Payments service validates the
+ *   owner_user_id against Accounts internally.
+ * - Admin endpoints (listPlans, getMrr) require the payments ADMIN_API_KEY
+ *   sent as the `X-Admin-Key` header. Set once at PpusshClient construction
+ *   time via `paymentsAdminKey`.
+ *
+ * Idempotency:
+ * - createSubscription() requires a caller-supplied idempotencyKey.
+ *   Retry with the *same* key after a 502 — the server guarantees exactly-once creation.
+ * - createCustomer() is idempotent on (owner_user_id, workspace_id) — no key needed.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PaymentsNamespace = void 0;
+const errors_1 = require("../errors");
+class PaymentsNamespace {
+    constructor(transport, options = {}) {
+        this._http = transport;
+        this._adminKey = options.adminKey ?? null;
+    }
+    // ── Customers ──────────────────────────────────────────────────────────────
+    /**
+     * Create (or retrieve) a Payments customer for a PPUSSH user.
+     *
+     * Idempotent on (owner_user_id, workspace_id) — if a customer already exists
+     * for that pair, the existing record is returned without creating a duplicate.
+     *
+     * @param ownerUserId   UUID string of the Accounts user (from TokenResponse.user.id).
+     * @param workspaceId   UUID string of the workspace, or null for a personal account.
+     * @param billingEmail  Optional billing email — falls back to the user's account email.
+     * @param metadata      Arbitrary key/value pairs stored alongside the customer record.
+     * @throws PpusshPaymentError  code="accounts_user_not_found" if ownerUserId doesn't exist.
+     */
+    async createCustomer(ownerUserId, options = {}) {
+        const body = {
+            owner_user_id: ownerUserId,
+            workspace_id: options.workspaceId ?? undefined,
+            billing_email: options.billingEmail ?? undefined,
+            metadata: options.metadata ?? undefined,
+        };
+        const response = await this._http.request("POST", "/customers", {
+            json: body,
+            isPayments: true,
+        });
+        return response.data;
+    }
+    /**
+     * Retrieve a Payments customer by their Payments UUID.
+     *
+     * @throws PpusshPaymentError  code="customer_not_found" on 404.
+     */
+    async getCustomer(customerId) {
+        const response = await this._http.request("GET", `/customers/${customerId}`, {
+            isPayments: true,
+        });
+        return response.data;
+    }
+    // ── Subscriptions ──────────────────────────────────────────────────────────
+    /**
+     * Create a subscription for a customer on a billing plan.
+     *
+     * The idempotencyKey guarantees exactly-once creation. On a provider error (502),
+     * retry with the **same key** — this is safe.
+     *
+     * @param customerId          UUID from createCustomer().
+     * @param paymentProductId    UUID of the PaymentProduct (from the admin console).
+     * @param planKey             Plan identifier, e.g. "pro" or "enterprise".
+     * @param idempotencyKey      Unique string per subscription attempt (use UUID v4).
+     * @param provider            "paddle" | "dodo" | null (uses plan default).
+     * @param metadata            Arbitrary key/value pairs.
+     * @throws PpusshPaymentError  Various codes; see error.code for specifics.
+     */
+    async createSubscription(options) {
+        const response = await this._http.request("POST", "/subscriptions", {
+            json: {
+                customer_id: options.customerId,
+                payment_product_id: options.paymentProductId,
+                plan_key: options.planKey,
+                idempotency_key: options.idempotencyKey,
+                ...(options.provider != null && { provider: options.provider }),
+                ...(options.metadata != null && { metadata: options.metadata }),
+            },
+            isPayments: true,
+        });
+        return response.data;
+    }
+    /**
+     * List subscriptions for a customer, with optional status filter.
+     *
+     * @param customerId  UUID string.
+     * @param status      Filter by status: "active", "cancelled", "trialing", etc.
+     * @param page        1-indexed page number (default 1).
+     * @param pageSize    Number of results per page, max 100 (default 20).
+     */
+    async listSubscriptions(customerId, options = {}) {
+        const params = {
+            customer_id: customerId,
+            page: options.page ?? 1,
+            page_size: options.pageSize ?? 20,
+        };
+        if (options.status)
+            params["status"] = options.status;
+        const response = await this._http.request("GET", "/subscriptions", {
+            params,
+            isPayments: true,
+        });
+        return response.data;
+    }
+    /**
+     * Retrieve a single subscription by its Payments UUID.
+     *
+     * @throws PpusshPaymentError  code="subscription_not_found" on 404.
+     */
+    async getSubscription(subscriptionId) {
+        const response = await this._http.request("GET", `/subscriptions/${subscriptionId}`, { isPayments: true });
+        return response.data;
+    }
+    /**
+     * Cancel a subscription.
+     *
+     * Idempotent — cancelling an already-cancelled subscription returns the
+     * existing record without error.
+     *
+     * @param subscriptionId      UUID string.
+     * @param cancelImmediately   If true, cancel at once.
+     *                            If false (default), cancel at end of current billing period.
+     */
+    async cancelSubscription(subscriptionId, options = {}) {
+        const response = await this._http.request("DELETE", `/subscriptions/${subscriptionId}`, {
+            json: { cancel_immediately: options.cancelImmediately ?? false },
+            isPayments: true,
+        });
+        return response.data;
+    }
+    // ── Plans (admin) ──────────────────────────────────────────────────────────
+    /**
+     * List all billing plans for a Payments product.
+     *
+     * Requires the `paymentsAdminKey` set on PpusshClient construction.
+     * Plans with status "archived" are included — filter client-side if needed.
+     *
+     * @param paymentProductId  UUID string of the PaymentProduct.
+     * @throws PpusshPaymentError  code="product_not_found" on 404.
+     * @throws Error               If no paymentsAdminKey was provided at construction.
+     */
+    async listPlans(paymentProductId) {
+        this._requireAdminKey("listPlans");
+        const response = await this._http.request("GET", `/admin/products/${paymentProductId}/plans`, {
+            headers: { "X-Admin-Key": this._adminKey },
+            isPayments: true,
+        });
+        return response.data;
+    }
+    /**
+     * Look up a Payments product by its Accounts product ID.
+     *
+     * Returns null if the product has not yet been registered in Payments
+     * (HTTP 404 is treated as a non-exceptional "not registered yet" state).
+     *
+     * @throws Error  If no paymentsAdminKey was provided at construction.
+     */
+    async getProductByAccountsId(accountsProductId) {
+        this._requireAdminKey("getProductByAccountsId");
+        try {
+            const response = await this._http.request("GET", `/admin/products/by-accounts-id/${accountsProductId}`, {
+                headers: { "X-Admin-Key": this._adminKey },
+                isPayments: true,
+            });
+            return response.data;
+        }
+        catch (err) {
+            if (err instanceof errors_1.PpusshPaymentError && err.statusCode === 404) {
+                return null;
+            }
+            throw err;
+        }
+    }
+    // ── Analytics (admin) ──────────────────────────────────────────────────────
+    /**
+     * Fetch Monthly Recurring Revenue breakdown.
+     *
+     * Requires `paymentsAdminKey`.
+     *
+     * @param productId   Filter to a specific product UUID (optional).
+     * @param startDate   ISO date string e.g. "2025-01-01" (optional).
+     * @param endDate     ISO date string e.g. "2025-12-31" (optional).
+     */
+    async getMrr(options = {}) {
+        this._requireAdminKey("getMrr");
+        const params = {};
+        if (options.productId)
+            params["product_id"] = options.productId;
+        if (options.startDate)
+            params["start_date"] = options.startDate;
+        if (options.endDate)
+            params["end_date"] = options.endDate;
+        const response = await this._http.request("GET", "/admin/analytics/mrr", {
+            headers: { "X-Admin-Key": this._adminKey },
+            params,
+            isPayments: true,
+        });
+        return response.data;
+    }
+    // ── Billing portal (stub) ──────────────────────────────────────────────────
+    /**
+     * Generate a hosted billing portal URL for a customer.
+     *
+     * @throws Error  This feature is not yet implemented in the Payments backend.
+     */
+    async getBillingPortal(_customerId, _options = {}) {
+        throw new Error("getBillingPortal() is not yet available. " +
+            "The Payments backend endpoint has not been implemented.");
+    }
+    // ── Internal helpers ───────────────────────────────────────────────────────
+    _requireAdminKey(method) {
+        if (!this._adminKey) {
+            throw new Error(`payments.${method}() requires a paymentsAdminKey. ` +
+                "Pass paymentsAdminKey: '...' to PpusshClient().");
+        }
+    }
+}
+exports.PaymentsNamespace = PaymentsNamespace;
+//# sourceMappingURL=namespace.js.map

package/dist/payments/namespace.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"namespace.js","sourceRoot":"","sources":["../../src/payments/namespace.ts"],"names":[],"mappings":";AAAA,mCAAmC;AACnC;;;;;;;;;;;;;;;GAeG;;;AAEH,sCAA+C;AAY/C,MAAa,iBAAiB;IAI5B,YAAY,SAAwB,EAAE,UAAwC,EAAE;QAC9E,IAAI,CAAC,KAAK,GAAG,SAAS,CAAC;QACvB,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,QAAQ,IAAI,IAAI,CAAC;IAC5C,CAAC;IAED,8EAA8E;IAE9E;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,cAAc,CAClB,WAAmB,EACnB,UAII,EAAE;QAEN,MAAM,IAAI,GAA0B;YAClC,aAAa,EAAE,WAAW;YAC1B,YAAY,EAAE,OAAO,CAAC,WAAW,IAAI,SAAS;YAC9C,aAAa,EAAE,OAAO,CAAC,YAAY,IAAI,SAAS;YAChD,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,SAAS;SACxC,CAAC;QACF,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,YAAY,EAAE;YAC9D,IAAI,EAAE,IAAI;YACV,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,IAAwB,CAAC;IAC3C,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,WAAW,CAAC,UAAkB;QAClC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,cAAc,UAAU,EAAE,EAAE;YAC3E,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,IAAwB,CAAC;IAC3C,CAAC;IAED,8EAA8E;IAE9E;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,kBAAkB,CAAC,OAOxB;QACC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,gBAAgB,EAAE;YAClE,IAAI,EAAE;gBACJ,WAAW,EAAE,OAAO,CAAC,UAAU;gBAC/B,kBAAkB,EAAE,OAAO,CAAC,gBAAgB;gBAC5C,QAAQ,EAAE,OAAO,CAAC,OAAO;gBACzB,eAAe,EAAE,OAAO,CAAC,cAAc;gBACvC,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,IAAI,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC;gBAC/D,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,IAAI,IAAI,EAAE,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC;aAChE;YACD,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,IAA4B,CAAC;IAC/C,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,iBAAiB,CACrB,UAAkB,EAClB,UAII,EAAE;QAEN,MAAM,MAAM,GAA0D;YACpE,WAAW,EAAE,UAAU;YACvB,IAAI,EAAE,OAAO,CAAC,IAAI,IAAI,CAAC;YACvB,SAAS,EAAE,OAAO,CAAC,QAAQ,IAAI,EAAE;SAClC,CAAC;QACF,IAAI,OAAO,CAAC,MAAM;YAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;QAEtD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,gBAAgB,EAAE;YACjE,MAAM;YACN,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,IAAgC,CAAC;IACnD,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,eAAe,CAAC,cAAsB;QAC1C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CACvC,KAAK,EACL,kBAAkB,cAAc,EAAE,EAClC,EAAE,UAAU,EAAE,IAAI,EAAE,CACrB,CAAC;QACF,OAAO,QAAQ,CAAC,IAA4B,CAAC;IAC/C,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,kBAAkB,CACtB,cAAsB,EACtB,UAA2C,EAAE;QAE7C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CACvC,QAAQ,EACR,kBAAkB,cAAc,EAAE,EAClC;YACE,IAAI,EAAE,EAAE,kBAAkB,EAAE,OAAO,CAAC,iBAAiB,IAAI,KAAK,EAAE;YAChE,UAAU,EAAE,IAAI;SACjB,CACF,CAAC;QACF,OAAO,QAAQ,CAAC,IAA4B,CAAC;IAC/C,CAAC;IAED,8EAA8E;IAE9E;;;;;;;;;OASG;IACH,KAAK,CAAC,SAAS,CAAC,gBAAwB;QACtC,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;QACnC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CACvC,KAAK,EACL,mBAAmB,gBAAgB,QAAQ,EAC3C;YACE,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,SAAU,EAAE;YAC3C,UAAU,EAAE,IAAI;SACjB,CACF,CAAC;QACF,OAAO,QAAQ,CAAC,IAAsB,CAAC;IACzC,CAAC;IAED;;;;;;;OAOG;IACH,KAAK,CAAC,sBAAsB,CAC1B,iBAAyB;QAEzB,IAAI,CAAC,gBAAgB,CAAC,wBAAwB,CAAC,CAAC;QAChD,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CACvC,KAAK,EACL,kCAAkC,iBAAiB,EAAE,EACrD;gBACE,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,SAAU,EAAE;gBAC3C,UAAU,EAAE,IAAI;aACjB,CACF,CAAC;YACF,OAAO,QAAQ,CAAC,IAA8B,CAAC;QACjD,CAAC;QAAC,OAAO,GAAY,EAAE,CAAC;YACtB,IAAI,GAAG,YAAY,2BAAkB,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;gBAChE,OAAO,IAAI,CAAC;YACd,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,8EAA8E;IAE9E;;;;;;;;OAQG;IACH,KAAK,CAAC,MAAM,CAAC,UAIT,EAAE;QACJ,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QAChC,MAAM,MAAM,GAAuC,EAAE,CAAC;QACtD,IAAI,OAAO,CAAC,SAAS;YAAE,MAAM,CAAC,YAAY,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC;QAChE,IAAI,OAAO,CAAC,SAAS;YAAE,MAAM,CAAC,YAAY,CAAC,GAAG,OAAO,CAAC,SAAS,CAAC;QAChE,IAAI,OAAO,CAAC,OAAO;YAAE,MAAM,CAAC,UAAU,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;QAE1D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,sBAAsB,EAAE;YACvE,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,CAAC,SAAU,EAAE;YAC3C,MAAM;YACN,UAAU,EAAE,IAAI;SACjB,CAAC,CAAC;QACH,OAAO,QAAQ,CAAC,IAAmB,CAAC;IACtC,CAAC;IAED,8EAA8E;IAE9E;;;;OAIG;IACH,KAAK,CAAC,gBAAgB,CACpB,WAAmB,EACnB,WAAmC,EAAE;QAErC,MAAM,IAAI,KAAK,CACb,2CAA2C;YACzC,yDAAyD,CAC5D,CAAC;IACJ,CAAC;IAED,8EAA8E;IAEtE,gBAAgB,CAAC,MAAc;QACrC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CACb,YAAY,MAAM,kCAAkC;gBAClD,iDAAiD,CACpD,CAAC;QACJ,CAAC;IACH,CAAC;CACF;AAnRD,8CAmRC"}

package/dist/payments/types.d.ts

@@ -0,0 +1,98 @@
+/**
+ * TypeScript interfaces for every response shape returned by the Payments service.
+ *
+ * Mirror of the Python SDK's payments/models.py — kept in sync manually.
+ * Monetary amounts are always integer cents — never float.
+ */
+/** Response from POST /customers or GET /customers/{id}. */
+export interface CustomerResponse {
+    id: string;
+    owner_user_id: string;
+    workspace_id: string | null;
+    provider_customer_ids: Record<string, string>;
+    billing_email: string | null;
+    created_at: string;
+}
+/** Request body for POST /customers. */
+export interface CustomerCreateRequest {
+    owner_user_id: string;
+    workspace_id?: string | null;
+    billing_email?: string | null;
+    metadata?: Record<string, unknown> | null;
+}
+/** Response from GET /admin/products/{id}/plans. */
+export interface PlanResponse {
+    id: string;
+    product_id: string;
+    plan_key: string;
+    provider_plan_ids: Record<string, string>;
+    amount_cents: number;
+    currency: string;
+    billing_cycle: "monthly" | "yearly";
+    status: "active" | "archived";
+    created_at: string;
+}
+export type SubscriptionStatus = "trialing" | "active" | "past_due" | "paused" | "cancelled" | "unpaid";
+/** Response from POST /subscriptions or GET /subscriptions/{id}. */
+export interface SubscriptionResponse {
+    id: string;
+    customer_id: string;
+    plan_id: string;
+    provider: string;
+    provider_subscription_ids: Record<string, string>;
+    status: SubscriptionStatus;
+    current_period_start: string | null;
+    current_period_end: string | null;
+    cancelled_at: string | null;
+    trial_ends_at: string | null;
+    created_at: string;
+    updated_at: string;
+}
+/** Paginated response from GET /subscriptions. */
+export interface SubscriptionListResponse {
+    items: SubscriptionResponse[];
+    total: number;
+    page: number;
+    page_size: number;
+}
+/** Request body for POST /subscriptions. */
+export interface SubscriptionCreateRequest {
+    customer_id: string;
+    payment_product_id: string;
+    plan_key: string;
+    idempotency_key: string;
+    provider?: string | null;
+    metadata?: Record<string, unknown> | null;
+}
+/** Request body for DELETE /subscriptions/{id}. */
+export interface SubscriptionCancelRequest {
+    cancel_immediately?: boolean;
+}
+/** Response from GET /admin/products/by-accounts-id/{id}. */
+export interface PaymentProductResponse {
+    id: string;
+    accounts_product_id: string;
+    name: string;
+    description: string | null;
+    created_at: string;
+}
+export interface MRRByProduct {
+    product_id: string;
+    product_name: string;
+    mrr_cents: number;
+    currency: string;
+}
+export interface MRRByPlan {
+    plan_id: string;
+    plan_key: string;
+    mrr_cents: number;
+    currency: string;
+}
+/** Response from GET /admin/analytics/mrr. */
+export interface MRRResponse {
+    total_mrr_cents: number;
+    currency: string;
+    by_product: MRRByProduct[];
+    by_plan: MRRByPlan[];
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/payments/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/payments/types.ts"],"names":[],"mappings":"AACA;;;;;GAKG;AAIH,4DAA4D;AAC5D,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,qBAAqB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC9C,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,wCAAwC;AACxC,MAAM,WAAW,qBAAqB;IACpC,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CAC3C;AAID,oDAAoD;AACpD,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,SAAS,GAAG,QAAQ,CAAC;IACpC,MAAM,EAAE,QAAQ,GAAG,UAAU,CAAC;IAC9B,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,MAAM,MAAM,kBAAkB,GAC1B,UAAU,GACV,QAAQ,GACR,UAAU,GACV,QAAQ,GACR,WAAW,GACX,QAAQ,CAAC;AAEb,oEAAoE;AACpE,MAAM,WAAW,oBAAoB;IACnC,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,yBAAyB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClD,MAAM,EAAE,kBAAkB,CAAC;IAC3B,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,kBAAkB,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,YAAY,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,kDAAkD;AAClD,MAAM,WAAW,wBAAwB;IACvC,KAAK,EAAE,oBAAoB,EAAE,CAAC;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,4CAA4C;AAC5C,MAAM,WAAW,yBAAyB;IACxC,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CAC3C;AAED,mDAAmD;AACnD,MAAM,WAAW,yBAAyB;IACxC,kBAAkB,CAAC,EAAE,OAAO,CAAC;CAC9B;AAID,6DAA6D;AAC7D,MAAM,WAAW,sBAAsB;IACrC,EAAE,EAAE,MAAM,CAAC;IACX,mBAAmB,EAAE,MAAM,CAAC;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,8CAA8C;AAC9C,MAAM,WAAW,WAAW;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,YAAY,EAAE,CAAC;IAC3B,OAAO,EAAE,SAAS,EAAE,CAAC;CACtB"}

package/dist/payments/types.js

@@ -0,0 +1,10 @@
+"use strict";
+// ppussh/src/payments/types.ts
+/**
+ * TypeScript interfaces for every response shape returned by the Payments service.
+ *
+ * Mirror of the Python SDK's payments/models.py — kept in sync manually.
+ * Monetary amounts are always integer cents — never float.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/payments/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/payments/types.ts"],"names":[],"mappings":";AAAA,+BAA+B;AAC/B;;;;;GAKG"}

package/dist/webhooks.d.ts

@@ -0,0 +1,56 @@
+/**
+ * Webhook signature verification for PPUSSH Accounts events.
+ *
+ * The Accounts service dispatches signed HTTP POST requests to a URL you register
+ * on your product.  Each request carries an `X-Webhook-Signature` header in the
+ * format `sha256=<hmac-sha256-hex>`.
+ *
+ * Usage:
+ *
+ *   import { verifyWebhook, WebhookEvent } from "ppussh";
+ *
+ *   app.post("/webhooks/accounts", express.raw({ type: "*\/*" }), (req, res) => {
+ *     const sig = req.headers["x-webhook-signature"] as string;
+ *     if (!verifyWebhook(req.body, sig, process.env.ACCOUNTS_CLIENT_SECRET!)) {
+ *       return res.status(401).send("Invalid signature");
+ *     }
+ *     const event: WebhookEvent = JSON.parse(req.body);
+ *     // handle event.type ...
+ *     res.status(200).send("ok");
+ *   });
+ *
+ * Algorithm:
+ * HMAC-SHA256 over the raw request body, using the product's client_secret as
+ * the key.  The digest is hex-encoded and prefixed with `sha256=`.
+ * Comparison uses crypto.timingSafeEqual to prevent timing attacks.
+ */
+export type WebhookEventType = "user.created" | "user.email_verified" | "user.updated" | "user.deleted" | "user.social_linked" | "user.consent_granted" | "session.revoked";
+/**
+ * Parsed payload of a PPUSSH Accounts webhook request.
+ *
+ * Parse after verifying the signature:
+ *
+ *   const event: WebhookEvent = JSON.parse(rawBody);
+ */
+export interface WebhookEvent {
+    type: WebhookEventType;
+    user_id: string;
+    email: string;
+    product_id: string;
+    timestamp: string;
+}
+/**
+ * Verify the HMAC-SHA256 signature on an Accounts webhook request.
+ *
+ * @param rawBody         The raw (unparsed) request body as a Buffer or string.
+ *                        Do **not** JSON.parse before passing in.
+ * @param signatureHeader The value of the `X-Webhook-Signature` header,
+ *                        e.g. `"sha256=abcdef1234..."`.
+ * @param clientSecret    Your product's `client_secret` string (from the Accounts
+ *                        admin console).  This is the HMAC key.
+ * @returns `true` if the signature is valid, `false` otherwise.
+ *          Returns `false` (not throws) for malformed or missing signatures so
+ *          callers can safely use the return value as a boolean gate.
+ */
+export declare function verifyWebhook(rawBody: Buffer | string, signatureHeader: string, clientSecret: string): boolean;
+//# sourceMappingURL=webhooks.d.ts.map

package/dist/webhooks.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"webhooks.d.ts","sourceRoot":"","sources":["../src/webhooks.ts"],"names":[],"mappings":"AACA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAMH,MAAM,MAAM,gBAAgB,GACxB,cAAc,GACd,qBAAqB,GACrB,cAAc,GACd,cAAc,GACd,oBAAoB,GACpB,sBAAsB,GACtB,iBAAiB,CAAC;AAItB;;;;;;GAMG;AACH,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,gBAAgB,CAAC;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAID;;;;;;;;;;;;GAYG;AACH,wBAAgB,aAAa,CAC3B,OAAO,EAAE,MAAM,GAAG,MAAM,EACxB,eAAe,EAAE,MAAM,EACvB,YAAY,EAAE,MAAM,GACnB,OAAO,CAuBT"}

package/dist/webhooks.js

@@ -0,0 +1,67 @@
+"use strict";
+// ppussh/src/webhooks.ts
+/**
+ * Webhook signature verification for PPUSSH Accounts events.
+ *
+ * The Accounts service dispatches signed HTTP POST requests to a URL you register
+ * on your product.  Each request carries an `X-Webhook-Signature` header in the
+ * format `sha256=<hmac-sha256-hex>`.
+ *
+ * Usage:
+ *
+ *   import { verifyWebhook, WebhookEvent } from "ppussh";
+ *
+ *   app.post("/webhooks/accounts", express.raw({ type: "*\/*" }), (req, res) => {
+ *     const sig = req.headers["x-webhook-signature"] as string;
+ *     if (!verifyWebhook(req.body, sig, process.env.ACCOUNTS_CLIENT_SECRET!)) {
+ *       return res.status(401).send("Invalid signature");
+ *     }
+ *     const event: WebhookEvent = JSON.parse(req.body);
+ *     // handle event.type ...
+ *     res.status(200).send("ok");
+ *   });
+ *
+ * Algorithm:
+ * HMAC-SHA256 over the raw request body, using the product's client_secret as
+ * the key.  The digest is hex-encoded and prefixed with `sha256=`.
+ * Comparison uses crypto.timingSafeEqual to prevent timing attacks.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyWebhook = verifyWebhook;
+const crypto_1 = require("crypto");
+// ── Signature verification ────────────────────────────────────────────────────
+/**
+ * Verify the HMAC-SHA256 signature on an Accounts webhook request.
+ *
+ * @param rawBody         The raw (unparsed) request body as a Buffer or string.
+ *                        Do **not** JSON.parse before passing in.
+ * @param signatureHeader The value of the `X-Webhook-Signature` header,
+ *                        e.g. `"sha256=abcdef1234..."`.
+ * @param clientSecret    Your product's `client_secret` string (from the Accounts
+ *                        admin console).  This is the HMAC key.
+ * @returns `true` if the signature is valid, `false` otherwise.
+ *          Returns `false` (not throws) for malformed or missing signatures so
+ *          callers can safely use the return value as a boolean gate.
+ */
+function verifyWebhook(rawBody, signatureHeader, clientSecret) {
+    if (!signatureHeader.startsWith("sha256=")) {
+        return false;
+    }
+    try {
+        const expectedDigest = (0, crypto_1.createHmac)("sha256", clientSecret)
+            .update(rawBody)
+            .digest("hex");
+        const expected = `sha256=${expectedDigest}`;
+        const expectedBuf = Buffer.from(expected);
+        const receivedBuf = Buffer.from(signatureHeader);
+        // Buffers must be the same length for timingSafeEqual
+        if (expectedBuf.length !== receivedBuf.length) {
+            return false;
+        }
+        return (0, crypto_1.timingSafeEqual)(expectedBuf, receivedBuf);
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=webhooks.js.map

package/dist/webhooks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"webhooks.js","sourceRoot":"","sources":["../src/webhooks.ts"],"names":[],"mappings":";AAAA,yBAAyB;AACzB;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;;AA+CH,sCA2BC;AAxED,mCAAqD;AA8BrD,iFAAiF;AAEjF;;;;;;;;;;;;GAYG;AACH,SAAgB,aAAa,CAC3B,OAAwB,EACxB,eAAuB,EACvB,YAAoB;IAEpB,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3C,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC;QACH,MAAM,cAAc,GAAG,IAAA,mBAAU,EAAC,QAAQ,EAAE,YAAY,CAAC;aACtD,MAAM,CAAC,OAAO,CAAC;aACf,MAAM,CAAC,KAAK,CAAC,CAAC;QACjB,MAAM,QAAQ,GAAG,UAAU,cAAc,EAAE,CAAC;QAE5C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC1C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAEjD,sDAAsD;QACtD,IAAI,WAAW,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM,EAAE,CAAC;YAC9C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,OAAO,IAAA,wBAAe,EAAC,WAAW,EAAE,WAAW,CAAC,CAAC;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/package.json

@@ -0,0 +1,54 @@
+{
+  "name": "ppussh",
+  "version": "0.1.0",
+  "description": "PPUSSH Ecosystem SDK — Accounts (OIDC) + Payments client for TypeScript/JavaScript",
+  "license": "MIT",
+  "author": "PPUSSH <dev@ppussh.com>",
+  "homepage": "https://github.com/ppussh/ppussh-ts#readme",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/ppussh/ppussh-ts.git"
+  },
+  "bugs": {
+    "url": "https://github.com/ppussh/ppussh-ts/issues"
+  },
+  "keywords": [
+    "ppussh",
+    "oidc",
+    "oauth2",
+    "authentication",
+    "payments",
+    "subscriptions",
+    "sdk"
+  ],
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "require": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "typecheck": "tsc --noEmit",
+    "clean": "rm -rf dist",
+    "prepublishOnly": "npm run build"
+  },
+  "dependencies": {
+    "axios": "^1.13.6"
+  },
+  "devDependencies": {
+    "@types/node": "^20.19.37",
+    "typescript": "^5.9.3"
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}