spaps-sdk 1.1.51 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -189,14 +189,21 @@ const user = await spaps.getUser();
189
189
 
190
190
  ### 💳 Stripe Integration
191
191
  ```javascript
192
- // Create checkout session
193
- const session = await spaps.createCheckoutSession(priceId, successUrl);
194
- window.location.href = session.data.url;
192
+ // Create checkout session with consent control
193
+ const session = await spaps.payments.createPaymentCheckout({
194
+ price_id: 'price_123',
195
+ success_url: 'https://app.example.com/success',
196
+ cancel_url: 'https://app.example.com/cancel',
197
+ require_legal_consent: true,
198
+ legal_consent_text: 'I agree I am 18+ and accept the HTMA Terms & Privacy.'
199
+ });
200
+ window.location.href = session.url;
195
201
 
196
202
  // Manage subscription
197
203
  const subscription = await spaps.getSubscription();
198
204
  await spaps.cancelSubscription();
199
205
  ```
206
+ > `require_legal_consent` forces Stripe’s Terms/Privacy checkbox, and `legal_consent_text` (≤120 chars) customizes the copy. Text is sanitized and defaults to “I agree to the Terms of Service and Privacy Policy.” when omitted.
200
207
 
201
208
  ### 📊 Usage Tracking
202
209
  ```javascript
package/dist/index.d.mts CHANGED
@@ -85,12 +85,53 @@ declare class PermissionChecker {
85
85
  declare function createPermissionChecker(customAdmins?: (string | AdminConfig)[]): PermissionChecker;
86
86
  declare const defaultPermissionChecker: PermissionChecker;
87
87
 
88
+ type ApiKeyType = 'publishable' | 'secret';
88
89
  interface SPAPSConfig {
89
90
  apiUrl?: string;
91
+ /** @deprecated Use publishableKey or secretKey instead */
90
92
  apiKey?: string;
93
+ /** Browser-safe key for client-side usage (spaps_pub_xxx) */
94
+ publishableKey?: string;
95
+ /** Server-only key for full access (spaps_sec_xxx) */
96
+ secretKey?: string;
91
97
  autoDetect?: boolean;
92
98
  timeout?: number;
93
99
  }
100
+ interface CheckoutLineItemPriceData {
101
+ currency: string;
102
+ unit_amount: number;
103
+ product_data: {
104
+ name: string;
105
+ description?: string;
106
+ metadata?: Record<string, string>;
107
+ };
108
+ }
109
+ interface CheckoutLineItem {
110
+ price_id?: string;
111
+ product_id?: string;
112
+ quantity: number;
113
+ price_data?: CheckoutLineItemPriceData;
114
+ }
115
+ interface CreateCheckoutSessionPayload {
116
+ mode: 'payment' | 'subscription';
117
+ line_items: CheckoutLineItem[];
118
+ success_url: string;
119
+ cancel_url: string;
120
+ metadata?: Record<string, string>;
121
+ customer_email?: string;
122
+ client_reference_id?: string;
123
+ payment_intent_data?: {
124
+ metadata?: Record<string, string>;
125
+ };
126
+ subscription_data?: {
127
+ metadata?: Record<string, string>;
128
+ trial_period_days?: number;
129
+ };
130
+ allow_promotion_codes?: boolean;
131
+ locale?: string;
132
+ require_legal_consent?: boolean;
133
+ legal_consent_text?: string;
134
+ }
94
135
 
95
136
  declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Record<string, any>> {
96
137
  private client;
@@ -269,18 +310,22 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
269
310
  cursor?: Record<string, unknown>;
270
311
  }>;
271
312
  };
272
- createCheckoutSession: (payload: any) => Promise<CheckoutSession>;
313
+ createCheckoutSession: (payload: CreateCheckoutSessionPayload) => Promise<CheckoutSession>;
273
314
  createPaymentCheckout: (params: {
274
315
  price_id: string;
275
316
  quantity?: number;
276
317
  success_url: string;
277
318
  cancel_url: string;
319
+ require_legal_consent?: boolean;
320
+ legal_consent_text?: string;
278
321
  }) => Promise<CheckoutSession>;
279
322
  createSubscriptionCheckout: (params: {
280
323
  price_id: string;
281
324
  success_url: string;
282
325
  cancel_url: string;
283
326
  trial_period_days?: number;
327
+ require_legal_consent?: boolean;
328
+ legal_consent_text?: string;
284
329
  }) => Promise<CheckoutSession>;
285
330
  getCheckoutSession: (sessionId: string) => Promise<CheckoutSession>;
286
331
  listCheckoutSessions: (query?: {
@@ -446,5 +491,39 @@ declare class WalletUtils {
446
491
  static detectChainType(address: string): 'solana' | 'ethereum' | 'bitcoin' | null;
447
492
  static isValidAddress(address: string, chainType?: 'solana' | 'ethereum' | 'bitcoin' | 'base'): boolean;
448
493
  }
494
+ /**
495
+ * Create a SPAPS client for browser/client-side usage
496
+ * Uses publishable key which is safe to expose in client bundles
497
+ *
498
+ * @example
499
+ * ```typescript
500
+ * // In your frontend code
501
+ * const spaps = createBrowserClient('spaps_pub_xxx');
502
+ *
503
+ * // Use for authentication and checkout
504
+ * const { user } = await spaps.auth.signInWithPassword({ email, password });
505
+ * const checkout = await spaps.payments.createCheckoutSession({...});
506
+ * ```
507
+ */
508
+ declare function createBrowserClient(publishableKey: string, options?: Omit<SPAPSConfig, 'publishableKey' | 'secretKey' | 'apiKey'>): SPAPSClient;
509
+ /**
510
+ * Create a SPAPS client for server-side usage
511
+ * Uses secret key which provides full access to all endpoints
512
+ *
513
+ * @example
514
+ * ```typescript
515
+ * // In your API routes (Next.js, Express, etc.)
516
+ * const spaps = createServerClient('spaps_sec_xxx');
517
+ *
518
+ * // Full access to admin operations
519
+ * await spaps.admin.createProduct({...});
520
+ * await spaps.payments.crypto.reconcile();
521
+ * ```
522
+ */
523
+ declare function createServerClient(secretKey: string, options?: Omit<SPAPSConfig, 'publishableKey' | 'secretKey' | 'apiKey'>): SPAPSClient;
524
+ /**
525
+ * Detect key type from key prefix
526
+ */
527
+ declare function detectKeyType(key: string): ApiKeyType | null;
449
528
 
450
- export { type AdminConfig, DEFAULT_ADMIN_ACCOUNTS, type PermissionCheckResult, PermissionChecker, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, TokenManager, WalletUtils, canAccessAdmin, createPermissionChecker, SPAPSClient as default, defaultPermissionChecker, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, verifyCryptoWebhookSignature };
529
+ export { type AdminConfig, type ApiKeyType, type CheckoutLineItem, type CheckoutLineItemPriceData, type CreateCheckoutSessionPayload, DEFAULT_ADMIN_ACCOUNTS, type PermissionCheckResult, PermissionChecker, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, TokenManager, WalletUtils, canAccessAdmin, createBrowserClient, createPermissionChecker, createServerClient, SPAPSClient as default, defaultPermissionChecker, detectKeyType, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, verifyCryptoWebhookSignature };
package/dist/index.d.ts CHANGED
@@ -85,12 +85,53 @@ declare class PermissionChecker {
85
85
  declare function createPermissionChecker(customAdmins?: (string | AdminConfig)[]): PermissionChecker;
86
86
  declare const defaultPermissionChecker: PermissionChecker;
87
87
 
88
+ type ApiKeyType = 'publishable' | 'secret';
88
89
  interface SPAPSConfig {
89
90
  apiUrl?: string;
91
+ /** @deprecated Use publishableKey or secretKey instead */
90
92
  apiKey?: string;
93
+ /** Browser-safe key for client-side usage (spaps_pub_xxx) */
94
+ publishableKey?: string;
95
+ /** Server-only key for full access (spaps_sec_xxx) */
96
+ secretKey?: string;
91
97
  autoDetect?: boolean;
92
98
  timeout?: number;
93
99
  }
100
+ interface CheckoutLineItemPriceData {
101
+ currency: string;
102
+ unit_amount: number;
103
+ product_data: {
104
+ name: string;
105
+ description?: string;
106
+ metadata?: Record<string, string>;
107
+ };
108
+ }
109
+ interface CheckoutLineItem {
110
+ price_id?: string;
111
+ product_id?: string;
112
+ quantity: number;
113
+ price_data?: CheckoutLineItemPriceData;
114
+ }
115
+ interface CreateCheckoutSessionPayload {
116
+ mode: 'payment' | 'subscription';
117
+ line_items: CheckoutLineItem[];
118
+ success_url: string;
119
+ cancel_url: string;
120
+ metadata?: Record<string, string>;
121
+ customer_email?: string;
122
+ client_reference_id?: string;
123
+ payment_intent_data?: {
124
+ metadata?: Record<string, string>;
125
+ };
126
+ subscription_data?: {
127
+ metadata?: Record<string, string>;
128
+ trial_period_days?: number;
129
+ };
130
+ allow_promotion_codes?: boolean;
131
+ locale?: string;
132
+ require_legal_consent?: boolean;
133
+ legal_consent_text?: string;
134
+ }
94
135
 
95
136
  declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Record<string, any>> {
96
137
  private client;
@@ -269,18 +310,22 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
269
310
  cursor?: Record<string, unknown>;
270
311
  }>;
271
312
  };
272
- createCheckoutSession: (payload: any) => Promise<CheckoutSession>;
313
+ createCheckoutSession: (payload: CreateCheckoutSessionPayload) => Promise<CheckoutSession>;
273
314
  createPaymentCheckout: (params: {
274
315
  price_id: string;
275
316
  quantity?: number;
276
317
  success_url: string;
277
318
  cancel_url: string;
319
+ require_legal_consent?: boolean;
320
+ legal_consent_text?: string;
278
321
  }) => Promise<CheckoutSession>;
279
322
  createSubscriptionCheckout: (params: {
280
323
  price_id: string;
281
324
  success_url: string;
282
325
  cancel_url: string;
283
326
  trial_period_days?: number;
327
+ require_legal_consent?: boolean;
328
+ legal_consent_text?: string;
284
329
  }) => Promise<CheckoutSession>;
285
330
  getCheckoutSession: (sessionId: string) => Promise<CheckoutSession>;
286
331
  listCheckoutSessions: (query?: {
@@ -446,5 +491,39 @@ declare class WalletUtils {
446
491
  static detectChainType(address: string): 'solana' | 'ethereum' | 'bitcoin' | null;
447
492
  static isValidAddress(address: string, chainType?: 'solana' | 'ethereum' | 'bitcoin' | 'base'): boolean;
448
493
  }
494
+ /**
495
+ * Create a SPAPS client for browser/client-side usage
496
+ * Uses publishable key which is safe to expose in client bundles
497
+ *
498
+ * @example
499
+ * ```typescript
500
+ * // In your frontend code
501
+ * const spaps = createBrowserClient('spaps_pub_xxx');
502
+ *
503
+ * // Use for authentication and checkout
504
+ * const { user } = await spaps.auth.signInWithPassword({ email, password });
505
+ * const checkout = await spaps.payments.createCheckoutSession({...});
506
+ * ```
507
+ */
508
+ declare function createBrowserClient(publishableKey: string, options?: Omit<SPAPSConfig, 'publishableKey' | 'secretKey' | 'apiKey'>): SPAPSClient;
509
+ /**
510
+ * Create a SPAPS client for server-side usage
511
+ * Uses secret key which provides full access to all endpoints
512
+ *
513
+ * @example
514
+ * ```typescript
515
+ * // In your API routes (Next.js, Express, etc.)
516
+ * const spaps = createServerClient('spaps_sec_xxx');
517
+ *
518
+ * // Full access to admin operations
519
+ * await spaps.admin.createProduct({...});
520
+ * await spaps.payments.crypto.reconcile();
521
+ * ```
522
+ */
523
+ declare function createServerClient(secretKey: string, options?: Omit<SPAPSConfig, 'publishableKey' | 'secretKey' | 'apiKey'>): SPAPSClient;
524
+ /**
525
+ * Detect key type from key prefix
526
+ */
527
+ declare function detectKeyType(key: string): ApiKeyType | null;
449
528
 
450
- export { type AdminConfig, DEFAULT_ADMIN_ACCOUNTS, type PermissionCheckResult, PermissionChecker, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, TokenManager, WalletUtils, canAccessAdmin, createPermissionChecker, SPAPSClient as default, defaultPermissionChecker, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, verifyCryptoWebhookSignature };
529
+ export { type AdminConfig, type ApiKeyType, type CheckoutLineItem, type CheckoutLineItemPriceData, type CreateCheckoutSessionPayload, DEFAULT_ADMIN_ACCOUNTS, type PermissionCheckResult, PermissionChecker, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, TokenManager, WalletUtils, canAccessAdmin, createBrowserClient, createPermissionChecker, createServerClient, SPAPSClient as default, defaultPermissionChecker, detectKeyType, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, verifyCryptoWebhookSignature };
package/dist/index.js CHANGED
@@ -201,10 +201,13 @@ __export(index_exports, {
201
201
  TokenManager: () => TokenManager,
202
202
  WalletUtils: () => WalletUtils,
203
203
  canAccessAdmin: () => canAccessAdmin,
204
+ createBrowserClient: () => createBrowserClient,
204
205
  createPermissionChecker: () => createPermissionChecker,
205
206
  createSecureMessageRequestSchema: () => import_spaps_types.createSecureMessageRequestSchema,
207
+ createServerClient: () => createServerClient,
206
208
  default: () => index_default,
207
209
  defaultPermissionChecker: () => defaultPermissionChecker,
210
+ detectKeyType: () => detectKeyType,
208
211
  getRoleAwareErrorMessage: () => getRoleAwareErrorMessage,
209
212
  getUserDisplay: () => getUserDisplay,
210
213
  getUserRole: () => getUserRole,
@@ -279,6 +282,20 @@ var SPAPSClient = class {
279
282
  };
280
283
  constructor(config = {}) {
281
284
  const apiUrl = config.apiUrl || process.env.SPAPS_API_URL || process.env.NEXT_PUBLIC_SPAPS_API_URL;
285
+ const isBrowser = typeof window !== "undefined";
286
+ let effectiveApiKey;
287
+ if (config.publishableKey) {
288
+ effectiveApiKey = config.publishableKey;
289
+ } else if (config.secretKey) {
290
+ effectiveApiKey = config.secretKey;
291
+ if (isBrowser) {
292
+ console.warn("\u26A0\uFE0F SPAPS: Using secretKey in browser is not recommended. Use publishableKey instead.");
293
+ }
294
+ } else if (config.apiKey) {
295
+ effectiveApiKey = config.apiKey;
296
+ } else {
297
+ effectiveApiKey = process.env.SPAPS_API_KEY || process.env.NEXT_PUBLIC_SPAPS_API_KEY;
298
+ }
282
299
  if (!apiUrl || apiUrl.includes("localhost") || apiUrl.includes("127.0.0.1")) {
283
300
  this._isLocalMode = true;
284
301
  this.client = import_axios.default.create({
@@ -289,10 +306,10 @@ var SPAPSClient = class {
289
306
  }
290
307
  });
291
308
  } else {
292
- if (!config.apiKey && !process.env.SPAPS_API_KEY) {
309
+ if (!effectiveApiKey) {
293
310
  console.warn("\u26A0\uFE0F SPAPS: No API key provided. Some features may not work.");
294
311
  }
295
- this.apiKey = config.apiKey || process.env.SPAPS_API_KEY;
312
+ this.apiKey = effectiveApiKey;
296
313
  this.client = import_axios.default.create({
297
314
  baseURL: apiUrl,
298
315
  timeout: config.timeout || 1e4,
@@ -600,11 +617,25 @@ var SPAPSClient = class {
600
617
  return this.unwrapApiResponse(res, "Failed to create checkout session");
601
618
  },
602
619
  createPaymentCheckout: async (params) => {
603
- const payload = { mode: "payment", line_items: [{ price_id: params.price_id, quantity: params.quantity ?? 1 }], success_url: params.success_url, cancel_url: params.cancel_url };
620
+ const payload = {
621
+ mode: "payment",
622
+ line_items: [{ price_id: params.price_id, quantity: params.quantity ?? 1 }],
623
+ success_url: params.success_url,
624
+ cancel_url: params.cancel_url,
625
+ require_legal_consent: params.require_legal_consent,
626
+ legal_consent_text: params.legal_consent_text
627
+ };
604
628
  return this.payments.createCheckoutSession(payload);
605
629
  },
606
630
  createSubscriptionCheckout: async (params) => {
607
- const payload = { mode: "subscription", line_items: [{ price_id: params.price_id, quantity: 1 }], success_url: params.success_url, cancel_url: params.cancel_url };
631
+ const payload = {
632
+ mode: "subscription",
633
+ line_items: [{ price_id: params.price_id, quantity: 1 }],
634
+ success_url: params.success_url,
635
+ cancel_url: params.cancel_url,
636
+ require_legal_consent: params.require_legal_consent,
637
+ legal_consent_text: params.legal_consent_text
638
+ };
608
639
  if (params.trial_period_days) payload.subscription_data = { trial_period_days: params.trial_period_days };
609
640
  return this.payments.createCheckoutSession(payload);
610
641
  },
@@ -1026,6 +1057,29 @@ var WalletUtils = class _WalletUtils {
1026
1057
  }
1027
1058
  }
1028
1059
  };
1060
+ function createBrowserClient(publishableKey, options) {
1061
+ if (!publishableKey.startsWith("spaps_pub_")) {
1062
+ console.warn("\u26A0\uFE0F SPAPS: Expected a publishable key (spaps_pub_xxx). Using a secret key in browser is not recommended.");
1063
+ }
1064
+ return new SPAPSClient({
1065
+ ...options,
1066
+ publishableKey
1067
+ });
1068
+ }
1069
+ function createServerClient(secretKey, options) {
1070
+ if (typeof window !== "undefined") {
1071
+ console.warn("\u26A0\uFE0F SPAPS: createServerClient should only be used in server environments. Use createBrowserClient for browser usage.");
1072
+ }
1073
+ return new SPAPSClient({
1074
+ ...options,
1075
+ secretKey
1076
+ });
1077
+ }
1078
+ function detectKeyType(key) {
1079
+ if (key.startsWith("spaps_pub_")) return "publishable";
1080
+ if (key.startsWith("spaps_sec_") || key.startsWith("spaps_")) return "secret";
1081
+ return null;
1082
+ }
1029
1083
  // Annotate the CommonJS export names for ESM import in node:
1030
1084
  0 && (module.exports = {
1031
1085
  DEFAULT_ADMIN_ACCOUNTS,
@@ -1035,9 +1089,12 @@ var WalletUtils = class _WalletUtils {
1035
1089
  TokenManager,
1036
1090
  WalletUtils,
1037
1091
  canAccessAdmin,
1092
+ createBrowserClient,
1038
1093
  createPermissionChecker,
1039
1094
  createSecureMessageRequestSchema,
1095
+ createServerClient,
1040
1096
  defaultPermissionChecker,
1097
+ detectKeyType,
1041
1098
  getRoleAwareErrorMessage,
1042
1099
  getUserDisplay,
1043
1100
  getUserRole,
package/dist/index.mjs CHANGED
@@ -255,6 +255,20 @@ var SPAPSClient = class {
255
255
  };
256
256
  constructor(config = {}) {
257
257
  const apiUrl = config.apiUrl || process.env.SPAPS_API_URL || process.env.NEXT_PUBLIC_SPAPS_API_URL;
258
+ const isBrowser = typeof window !== "undefined";
259
+ let effectiveApiKey;
260
+ if (config.publishableKey) {
261
+ effectiveApiKey = config.publishableKey;
262
+ } else if (config.secretKey) {
263
+ effectiveApiKey = config.secretKey;
264
+ if (isBrowser) {
265
+ console.warn("\u26A0\uFE0F SPAPS: Using secretKey in browser is not recommended. Use publishableKey instead.");
266
+ }
267
+ } else if (config.apiKey) {
268
+ effectiveApiKey = config.apiKey;
269
+ } else {
270
+ effectiveApiKey = process.env.SPAPS_API_KEY || process.env.NEXT_PUBLIC_SPAPS_API_KEY;
271
+ }
258
272
  if (!apiUrl || apiUrl.includes("localhost") || apiUrl.includes("127.0.0.1")) {
259
273
  this._isLocalMode = true;
260
274
  this.client = axios.create({
@@ -265,10 +279,10 @@ var SPAPSClient = class {
265
279
  }
266
280
  });
267
281
  } else {
268
- if (!config.apiKey && !process.env.SPAPS_API_KEY) {
282
+ if (!effectiveApiKey) {
269
283
  console.warn("\u26A0\uFE0F SPAPS: No API key provided. Some features may not work.");
270
284
  }
271
- this.apiKey = config.apiKey || process.env.SPAPS_API_KEY;
285
+ this.apiKey = effectiveApiKey;
272
286
  this.client = axios.create({
273
287
  baseURL: apiUrl,
274
288
  timeout: config.timeout || 1e4,
@@ -576,11 +590,25 @@ var SPAPSClient = class {
576
590
  return this.unwrapApiResponse(res, "Failed to create checkout session");
577
591
  },
578
592
  createPaymentCheckout: async (params) => {
579
- const payload = { mode: "payment", line_items: [{ price_id: params.price_id, quantity: params.quantity ?? 1 }], success_url: params.success_url, cancel_url: params.cancel_url };
593
+ const payload = {
594
+ mode: "payment",
595
+ line_items: [{ price_id: params.price_id, quantity: params.quantity ?? 1 }],
596
+ success_url: params.success_url,
597
+ cancel_url: params.cancel_url,
598
+ require_legal_consent: params.require_legal_consent,
599
+ legal_consent_text: params.legal_consent_text
600
+ };
580
601
  return this.payments.createCheckoutSession(payload);
581
602
  },
582
603
  createSubscriptionCheckout: async (params) => {
583
- const payload = { mode: "subscription", line_items: [{ price_id: params.price_id, quantity: 1 }], success_url: params.success_url, cancel_url: params.cancel_url };
604
+ const payload = {
605
+ mode: "subscription",
606
+ line_items: [{ price_id: params.price_id, quantity: 1 }],
607
+ success_url: params.success_url,
608
+ cancel_url: params.cancel_url,
609
+ require_legal_consent: params.require_legal_consent,
610
+ legal_consent_text: params.legal_consent_text
611
+ };
584
612
  if (params.trial_period_days) payload.subscription_data = { trial_period_days: params.trial_period_days };
585
613
  return this.payments.createCheckoutSession(payload);
586
614
  },
@@ -1002,6 +1030,29 @@ var WalletUtils = class _WalletUtils {
1002
1030
  }
1003
1031
  }
1004
1032
  };
1033
+ function createBrowserClient(publishableKey, options) {
1034
+ if (!publishableKey.startsWith("spaps_pub_")) {
1035
+ console.warn("\u26A0\uFE0F SPAPS: Expected a publishable key (spaps_pub_xxx). Using a secret key in browser is not recommended.");
1036
+ }
1037
+ return new SPAPSClient({
1038
+ ...options,
1039
+ publishableKey
1040
+ });
1041
+ }
1042
+ function createServerClient(secretKey, options) {
1043
+ if (typeof window !== "undefined") {
1044
+ console.warn("\u26A0\uFE0F SPAPS: createServerClient should only be used in server environments. Use createBrowserClient for browser usage.");
1045
+ }
1046
+ return new SPAPSClient({
1047
+ ...options,
1048
+ secretKey
1049
+ });
1050
+ }
1051
+ function detectKeyType(key) {
1052
+ if (key.startsWith("spaps_pub_")) return "publishable";
1053
+ if (key.startsWith("spaps_sec_") || key.startsWith("spaps_")) return "secret";
1054
+ return null;
1055
+ }
1005
1056
  export {
1006
1057
  DEFAULT_ADMIN_ACCOUNTS,
1007
1058
  PermissionChecker,
@@ -1010,10 +1061,13 @@ export {
1010
1061
  TokenManager,
1011
1062
  WalletUtils,
1012
1063
  canAccessAdmin,
1064
+ createBrowserClient,
1013
1065
  createPermissionChecker,
1014
1066
  createSecureMessageRequestSchema,
1067
+ createServerClient,
1015
1068
  index_default as default,
1016
1069
  defaultPermissionChecker,
1070
+ detectKeyType,
1017
1071
  getRoleAwareErrorMessage,
1018
1072
  getUserDisplay,
1019
1073
  getUserRole,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "spaps-sdk",
3
- "version": "1.1.51",
3
+ "version": "1.2.0",
4
4
  "description": "Sweet Potato Authentication & Payment Service SDK - Zero-config client with built-in permission checking and role-based access control",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -44,7 +44,7 @@
44
44
  "email": "buildooor@gmail.com"
45
45
  },
46
46
  "dependencies": {
47
- "spaps-types": "^1.0.57",
47
+ "spaps-types": "^1.0.58",
48
48
  "axios": "^1.6.0",
49
49
  "cross-fetch": "^4.0.0"
50
50
  },
@@ -72,4 +72,4 @@
72
72
  "engines": {
73
73
  "node": ">=14.0.0"
74
74
  }
75
- }
75
+ }