spaps-sdk 1.10.2 → 1.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/PERMISSIONS.md +22 -1
- package/README.md +29 -2
- package/dist/index.d.mts +34 -3
- package/dist/index.d.ts +34 -3
- package/dist/index.js +51 -0
- package/dist/index.mjs +51 -0
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -8,6 +8,12 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and
|
|
|
8
8
|
|
|
9
9
|
### Added
|
|
10
10
|
|
|
11
|
+
- Added browser-safe `entitlements.listCurrentUserProjects()` and `entitlements.checkCurrentUserProjectAccess(...)` helpers for project grant reads.
|
|
12
|
+
|
|
13
|
+
## [1.10.2] - 2026-06-04
|
|
14
|
+
|
|
15
|
+
### Added
|
|
16
|
+
|
|
11
17
|
- Added `issueReporting.getAttachmentAccess(attachmentId)` as the canonical screenshot access helper while keeping `getAttachmentAccessUrl` as a backward-compatible alias.
|
|
12
18
|
|
|
13
19
|
## [1.10.1] - 2026-05-16
|
package/PERMISSIONS.md
CHANGED
|
@@ -2,6 +2,27 @@
|
|
|
2
2
|
|
|
3
3
|
Client-side permission checking and role management utilities for SPAPS applications.
|
|
4
4
|
|
|
5
|
+
## Browser-Safe Project Access
|
|
6
|
+
|
|
7
|
+
The SDK exposes read-only helpers for current-user project access:
|
|
8
|
+
|
|
9
|
+
```typescript
|
|
10
|
+
await spaps.entitlements.listCurrentUserProjects({
|
|
11
|
+
entitlementKey: 'pds.project.viewer'
|
|
12
|
+
});
|
|
13
|
+
|
|
14
|
+
await spaps.entitlements.checkCurrentUserProjectAccess({
|
|
15
|
+
projectId: 'project_123',
|
|
16
|
+
entitlementKey: 'pds.project.viewer'
|
|
17
|
+
});
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
These helpers are safe for publishable-key browser contexts because SPAPS
|
|
21
|
+
validates the JWT subject server-side. The SDK does not expose browser methods
|
|
22
|
+
for account membership invitation, project grant, project revoke, or account
|
|
23
|
+
capability mutation. Keep those operations in a trusted backend using a secret
|
|
24
|
+
key and admin access token.
|
|
25
|
+
|
|
5
26
|
## 🚀 Quick Start
|
|
6
27
|
|
|
7
28
|
```typescript
|
|
@@ -387,4 +408,4 @@ interface PermissionCheckResult {
|
|
|
387
408
|
4. **Role-based UI**: Show/hide features based on user permissions
|
|
388
409
|
5. **Custom admin management**: Use custom admin lists for multi-tenant apps
|
|
389
410
|
6. **Testing**: Test permission logic with various user states
|
|
390
|
-
7. **Type safety**: Use TypeScript interfaces for better development experience
|
|
411
|
+
7. **Type safety**: Use TypeScript interfaces for better development experience
|
package/README.md
CHANGED
|
@@ -88,7 +88,7 @@ Relevant environment variables:
|
|
|
88
88
|
| `appLinks` | Authenticated create and public resolve helpers for application-scoped short links |
|
|
89
89
|
| `marketing` | Browser-safe attribution/experiment event emission and server-side experiment results |
|
|
90
90
|
| `email` | Template lookup, preview, and send helpers |
|
|
91
|
-
| `entitlements` | User
|
|
91
|
+
| `entitlements` | User/resource entitlement queries and browser-safe current-user project access reads |
|
|
92
92
|
| `usage` | Secret-key usage authorization and immutable usage recording |
|
|
93
93
|
| `skillEvals` | Paid blind skill-eval cases, review rooms, reviewer marks, insight inboxes, and controlled reveal |
|
|
94
94
|
| `dayrate` | Availability, Stripe booking, x402 booking-hold, and checkout-status helpers |
|
|
@@ -97,6 +97,33 @@ Relevant environment variables:
|
|
|
97
97
|
|
|
98
98
|
## Common Patterns
|
|
99
99
|
|
|
100
|
+
### Browser-Safe Project Access Reads
|
|
101
|
+
|
|
102
|
+
Use a publishable key and an authenticated user JWT in browser code. These
|
|
103
|
+
helpers only read project access for the current user; membership invitation,
|
|
104
|
+
project grant, project revoke, and account capability mutation remain
|
|
105
|
+
server-only operations.
|
|
106
|
+
|
|
107
|
+
```ts
|
|
108
|
+
const spaps = new SPAPSClient({
|
|
109
|
+
apiUrl: "https://api.example.test",
|
|
110
|
+
publishableKey: "spaps_pub_example",
|
|
111
|
+
});
|
|
112
|
+
|
|
113
|
+
spaps.setAccessToken(userAccessToken);
|
|
114
|
+
|
|
115
|
+
const projects = await spaps.entitlements.listCurrentUserProjects({
|
|
116
|
+
entitlementKey: "pds.project.viewer",
|
|
117
|
+
});
|
|
118
|
+
|
|
119
|
+
const access = await spaps.entitlements.checkCurrentUserProjectAccess({
|
|
120
|
+
projectId: "project_123",
|
|
121
|
+
entitlementKey: "pds.project.viewer",
|
|
122
|
+
});
|
|
123
|
+
|
|
124
|
+
console.log(projects.count, access.has_access);
|
|
125
|
+
```
|
|
126
|
+
|
|
100
127
|
### Typed Secure Messages
|
|
101
128
|
|
|
102
129
|
```ts
|
|
@@ -484,7 +511,7 @@ npm run test:readme
|
|
|
484
511
|
## Metadata
|
|
485
512
|
|
|
486
513
|
- `package_name`: `spaps-sdk`
|
|
487
|
-
- `latest_version`: `1.10.
|
|
514
|
+
- `latest_version`: `1.10.2`
|
|
488
515
|
- `minimum_runtime`: `Node.js >=14.0.0`
|
|
489
516
|
- `api_base_url`: `https://api.sweetpotato.dev`
|
|
490
517
|
|
package/dist/index.d.mts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import * as spaps_types from 'spaps-types';
|
|
2
|
-
import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportAttachmentOut, ListIssueReportAttachmentsResponse, IssueReportAttachmentAccessResponse, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, ListIssueReportMessagesResponse, CreateReporterMessageRequest, IssueReportMessage, CreateOperatorMessageRequest, RetractOperatorMessageRequest, CreateAppLinkRequest, AppLink, UpdateAppLinkRequest, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlFeaturesResponse, UsageControlStatusRequest, UsageControlStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
|
|
3
|
-
export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreateOperatorMessageRequest, CreatePriceRequest, CreateProductRequest, CreateReporterMessageRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportAttachmentAccessResponse, IssueReportAttachmentOut, IssueReportListResult, IssueReportMessage, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, ListIssueReportAttachmentsResponse, ListIssueReportMessagesResponse, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, RetractOperatorMessageRequest, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateAppLinkRequest, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlFeaturesResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, UsageControlStatusRequest, UsageControlStatusResponse, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
|
|
2
|
+
import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, ListProjectGrantsResponse, ProjectAccessCheckResponse, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportAttachmentOut, ListIssueReportAttachmentsResponse, IssueReportAttachmentAccessResponse, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, ListIssueReportMessagesResponse, CreateReporterMessageRequest, IssueReportMessage, CreateOperatorMessageRequest, RetractOperatorMessageRequest, CreateAppLinkRequest, AppLink, UpdateAppLinkRequest, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlFeaturesResponse, UsageControlStatusRequest, UsageControlStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
|
|
3
|
+
export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreateOperatorMessageRequest, CreatePriceRequest, CreateProductRequest, CreateReporterMessageRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportAttachmentAccessResponse, IssueReportAttachmentOut, IssueReportListResult, IssueReportMessage, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, ListIssueReportAttachmentsResponse, ListIssueReportMessagesResponse, ListProjectGrantsResponse, Price, Product, ProductSyncResult, ProjectAccessCheckResponse, ProjectGrant, ProjectGrantStatus, ReplyIssueReportRequest, ResourceType, RetractOperatorMessageRequest, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateAppLinkRequest, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlFeaturesResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, UsageControlStatusRequest, UsageControlStatusResponse, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* Permission checking utilities for SPAPS SDK
|
|
@@ -417,6 +417,22 @@ interface EntitlementCheckResult {
|
|
|
417
417
|
/** The matching entitlement, if any */
|
|
418
418
|
entitlement?: Entitlement;
|
|
419
419
|
}
|
|
420
|
+
interface CurrentUserProjectGrantListParams {
|
|
421
|
+
/** Filter to one project entitlement key, such as "pds.project.viewer" */
|
|
422
|
+
entitlementKey?: string;
|
|
423
|
+
/** Maximum number of project grants to return */
|
|
424
|
+
limit?: number;
|
|
425
|
+
/** Zero-based item offset */
|
|
426
|
+
offset?: number;
|
|
427
|
+
/** Opaque pagination cursor */
|
|
428
|
+
cursor?: string;
|
|
429
|
+
}
|
|
430
|
+
interface CurrentUserProjectAccessParams {
|
|
431
|
+
/** Project to check */
|
|
432
|
+
projectId: string;
|
|
433
|
+
/** Project entitlement key to check, such as "pds.project.viewer" */
|
|
434
|
+
entitlementKey: string;
|
|
435
|
+
}
|
|
420
436
|
type SupportedIssueReportScope = Extract<IssueReportScope, 'mine'>;
|
|
421
437
|
interface IssueReportListParams {
|
|
422
438
|
status?: IssueReportStatus;
|
|
@@ -698,6 +714,7 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
|
|
|
698
714
|
private headerProvider?;
|
|
699
715
|
private unwrapApiResponse;
|
|
700
716
|
private skillEvalMutationConfig;
|
|
717
|
+
private requireCurrentUserIdFromAccessToken;
|
|
701
718
|
private isAxiosResponse;
|
|
702
719
|
private isResponseLikeWithData;
|
|
703
720
|
private isApiResponse;
|
|
@@ -779,6 +796,20 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
|
|
|
779
796
|
* @param resourceId - Optional specific resource ID.
|
|
780
797
|
*/
|
|
781
798
|
listByResource: (resourceType: ResourceType, resourceId?: string) => Promise<Entitlement[]>;
|
|
799
|
+
/**
|
|
800
|
+
* List project grants for the authenticated user.
|
|
801
|
+
*
|
|
802
|
+
* Browser/publishable-key contexts are safe here because the server requires
|
|
803
|
+
* the JWT subject to match the path user id.
|
|
804
|
+
*/
|
|
805
|
+
listCurrentUserProjects: (params?: CurrentUserProjectGrantListParams) => Promise<ListProjectGrantsResponse>;
|
|
806
|
+
/**
|
|
807
|
+
* Check whether the authenticated user has one project entitlement.
|
|
808
|
+
*
|
|
809
|
+
* The helper does not accept user/email overrides; publishable-key callers
|
|
810
|
+
* are scoped by the server to the JWT identity.
|
|
811
|
+
*/
|
|
812
|
+
checkCurrentUserProjectAccess: (params: CurrentUserProjectAccessParams) => Promise<ProjectAccessCheckResponse>;
|
|
782
813
|
};
|
|
783
814
|
/**
|
|
784
815
|
* Issue reporting namespace for authenticated end-user issue flows.
|
|
@@ -1478,4 +1509,4 @@ declare function createServerClient(secretKey: string, options?: Omit<SPAPSConfi
|
|
|
1478
1509
|
*/
|
|
1479
1510
|
declare function detectKeyType(key: string): ApiKeyType | null;
|
|
1480
1511
|
|
|
1481
|
-
export { type AdminConfig, type ApiKeyType, type CheckoutLineItem, type CheckoutLineItemPriceData, type CreateCheckoutSessionPayload, type CreateSkillEvalCaseRequest, type CreateSkillEvalGovernanceSnapshotRequest, DEFAULT_ADMIN_ACCOUNTS, type EmailSendOptions, type EmailSendResult, type EmailTemplate, type EmailTemplatePreview, type EntitlementCheckResult, type EntitlementListParams, type FeatureContext, type FeatureDefinition, FeatureEvaluator, type HeaderProvider, type ImportSkillEvalGovernanceOutcomeRequest, type IssueReportAttachmentUploadOptions, type IssueReportListParams, type IssueReportStatusParams, type MarketingEventIngestRequest, type MarketingEventIngestResponse, type MarketingEventType, type MarketingExperimentDecision, type MarketingExperimentEffectDecision, type MarketingExperimentMinSampleDecision, type MarketingExperimentRecommendation, type MarketingExperimentResultsResponse, type MarketingExperimentSrmDecision, type MarketingExperimentSrmStatus, type MarketingExperimentVariantResult, type PermissionCheckResult, PermissionChecker, type RespondToSkillEvalReviewRequest, type RevealSkillEvalEvidenceRequest, RoleHierarchy, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, type SPAPSEnvelope, type SkillEvalAccessMode, type SkillEvalActorAccess, type SkillEvalCandidateInput, type SkillEvalCandidateResponse, type SkillEvalCasePolicy, type SkillEvalCaseResponse, type SkillEvalConfidence, type SkillEvalCreateOptions, type SkillEvalDisclosurePolicy, type SkillEvalEligibilitySource, type SkillEvalGovernanceOutcomeResult, type SkillEvalGovernancePurpose, type SkillEvalGovernanceSnapshotResult, type SkillEvalInsight, type SkillEvalInsightsResponse, type SkillEvalModelEffort, type SkillEvalMutationOptions, type SkillEvalPosterResponse, type SkillEvalPosterResponseResult, type SkillEvalRevealField, type SkillEvalRevealResult, type SkillEvalReviewMarkInput, type SkillEvalReviewMarkKind, type SkillEvalReviewResponse, type SkillEvalReviewRoom, type SkillEvalReviewerEligibilityInput, type SkillEvalRewardEvent, type SubmitSkillEvalReviewRequest, type TemplateVariable, TokenManager, WalletUtils, WebSocketAuthHelper, type WebSocketAuthHelperConfig, type X402ExecuteActionOptions, X402PaymentRequiredSDKError, type X402ReceiptListParams, type X402VerifyHandoffOptions, canAccessAdmin, createBrowserClient, createPermissionChecker, createServerClient, SPAPSClient as default, defaultPermissionChecker, detectKeyType, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, isEnvelope, isErrorEnvelope, isSuccessEnvelope, unwrapEnvelope, unwrapNestedData, verifyCryptoWebhookSignature };
|
|
1512
|
+
export { type AdminConfig, type ApiKeyType, type CheckoutLineItem, type CheckoutLineItemPriceData, type CreateCheckoutSessionPayload, type CreateSkillEvalCaseRequest, type CreateSkillEvalGovernanceSnapshotRequest, type CurrentUserProjectAccessParams, type CurrentUserProjectGrantListParams, DEFAULT_ADMIN_ACCOUNTS, type EmailSendOptions, type EmailSendResult, type EmailTemplate, type EmailTemplatePreview, type EntitlementCheckResult, type EntitlementListParams, type FeatureContext, type FeatureDefinition, FeatureEvaluator, type HeaderProvider, type ImportSkillEvalGovernanceOutcomeRequest, type IssueReportAttachmentUploadOptions, type IssueReportListParams, type IssueReportStatusParams, type MarketingEventIngestRequest, type MarketingEventIngestResponse, type MarketingEventType, type MarketingExperimentDecision, type MarketingExperimentEffectDecision, type MarketingExperimentMinSampleDecision, type MarketingExperimentRecommendation, type MarketingExperimentResultsResponse, type MarketingExperimentSrmDecision, type MarketingExperimentSrmStatus, type MarketingExperimentVariantResult, type PermissionCheckResult, PermissionChecker, type RespondToSkillEvalReviewRequest, type RevealSkillEvalEvidenceRequest, RoleHierarchy, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, type SPAPSEnvelope, type SkillEvalAccessMode, type SkillEvalActorAccess, type SkillEvalCandidateInput, type SkillEvalCandidateResponse, type SkillEvalCasePolicy, type SkillEvalCaseResponse, type SkillEvalConfidence, type SkillEvalCreateOptions, type SkillEvalDisclosurePolicy, type SkillEvalEligibilitySource, type SkillEvalGovernanceOutcomeResult, type SkillEvalGovernancePurpose, type SkillEvalGovernanceSnapshotResult, type SkillEvalInsight, type SkillEvalInsightsResponse, type SkillEvalModelEffort, type SkillEvalMutationOptions, type SkillEvalPosterResponse, type SkillEvalPosterResponseResult, type SkillEvalRevealField, type SkillEvalRevealResult, type SkillEvalReviewMarkInput, type SkillEvalReviewMarkKind, type SkillEvalReviewResponse, type SkillEvalReviewRoom, type SkillEvalReviewerEligibilityInput, type SkillEvalRewardEvent, type SubmitSkillEvalReviewRequest, type TemplateVariable, TokenManager, WalletUtils, WebSocketAuthHelper, type WebSocketAuthHelperConfig, type X402ExecuteActionOptions, X402PaymentRequiredSDKError, type X402ReceiptListParams, type X402VerifyHandoffOptions, canAccessAdmin, createBrowserClient, createPermissionChecker, createServerClient, SPAPSClient as default, defaultPermissionChecker, detectKeyType, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, isEnvelope, isErrorEnvelope, isSuccessEnvelope, unwrapEnvelope, unwrapNestedData, verifyCryptoWebhookSignature };
|
package/dist/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import * as spaps_types from 'spaps-types';
|
|
2
|
-
import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportAttachmentOut, ListIssueReportAttachmentsResponse, IssueReportAttachmentAccessResponse, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, ListIssueReportMessagesResponse, CreateReporterMessageRequest, IssueReportMessage, CreateOperatorMessageRequest, RetractOperatorMessageRequest, CreateAppLinkRequest, AppLink, UpdateAppLinkRequest, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlFeaturesResponse, UsageControlStatusRequest, UsageControlStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
|
|
3
|
-
export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreateOperatorMessageRequest, CreatePriceRequest, CreateProductRequest, CreateReporterMessageRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportAttachmentAccessResponse, IssueReportAttachmentOut, IssueReportListResult, IssueReportMessage, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, ListIssueReportAttachmentsResponse, ListIssueReportMessagesResponse, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, RetractOperatorMessageRequest, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateAppLinkRequest, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlFeaturesResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, UsageControlStatusRequest, UsageControlStatusResponse, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
|
|
2
|
+
import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, ListProjectGrantsResponse, ProjectAccessCheckResponse, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportAttachmentOut, ListIssueReportAttachmentsResponse, IssueReportAttachmentAccessResponse, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, ListIssueReportMessagesResponse, CreateReporterMessageRequest, IssueReportMessage, CreateOperatorMessageRequest, RetractOperatorMessageRequest, CreateAppLinkRequest, AppLink, UpdateAppLinkRequest, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlFeaturesResponse, UsageControlStatusRequest, UsageControlStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
|
|
3
|
+
export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreateOperatorMessageRequest, CreatePriceRequest, CreateProductRequest, CreateReporterMessageRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportAttachmentAccessResponse, IssueReportAttachmentOut, IssueReportListResult, IssueReportMessage, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, ListIssueReportAttachmentsResponse, ListIssueReportMessagesResponse, ListProjectGrantsResponse, Price, Product, ProductSyncResult, ProjectAccessCheckResponse, ProjectGrant, ProjectGrantStatus, ReplyIssueReportRequest, ResourceType, RetractOperatorMessageRequest, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateAppLinkRequest, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlFeaturesResponse, UsageControlHistoryRequest, UsageControlHistoryResponse, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, UsageControlStatusRequest, UsageControlStatusResponse, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* Permission checking utilities for SPAPS SDK
|
|
@@ -417,6 +417,22 @@ interface EntitlementCheckResult {
|
|
|
417
417
|
/** The matching entitlement, if any */
|
|
418
418
|
entitlement?: Entitlement;
|
|
419
419
|
}
|
|
420
|
+
interface CurrentUserProjectGrantListParams {
|
|
421
|
+
/** Filter to one project entitlement key, such as "pds.project.viewer" */
|
|
422
|
+
entitlementKey?: string;
|
|
423
|
+
/** Maximum number of project grants to return */
|
|
424
|
+
limit?: number;
|
|
425
|
+
/** Zero-based item offset */
|
|
426
|
+
offset?: number;
|
|
427
|
+
/** Opaque pagination cursor */
|
|
428
|
+
cursor?: string;
|
|
429
|
+
}
|
|
430
|
+
interface CurrentUserProjectAccessParams {
|
|
431
|
+
/** Project to check */
|
|
432
|
+
projectId: string;
|
|
433
|
+
/** Project entitlement key to check, such as "pds.project.viewer" */
|
|
434
|
+
entitlementKey: string;
|
|
435
|
+
}
|
|
420
436
|
type SupportedIssueReportScope = Extract<IssueReportScope, 'mine'>;
|
|
421
437
|
interface IssueReportListParams {
|
|
422
438
|
status?: IssueReportStatus;
|
|
@@ -698,6 +714,7 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
|
|
|
698
714
|
private headerProvider?;
|
|
699
715
|
private unwrapApiResponse;
|
|
700
716
|
private skillEvalMutationConfig;
|
|
717
|
+
private requireCurrentUserIdFromAccessToken;
|
|
701
718
|
private isAxiosResponse;
|
|
702
719
|
private isResponseLikeWithData;
|
|
703
720
|
private isApiResponse;
|
|
@@ -779,6 +796,20 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
|
|
|
779
796
|
* @param resourceId - Optional specific resource ID.
|
|
780
797
|
*/
|
|
781
798
|
listByResource: (resourceType: ResourceType, resourceId?: string) => Promise<Entitlement[]>;
|
|
799
|
+
/**
|
|
800
|
+
* List project grants for the authenticated user.
|
|
801
|
+
*
|
|
802
|
+
* Browser/publishable-key contexts are safe here because the server requires
|
|
803
|
+
* the JWT subject to match the path user id.
|
|
804
|
+
*/
|
|
805
|
+
listCurrentUserProjects: (params?: CurrentUserProjectGrantListParams) => Promise<ListProjectGrantsResponse>;
|
|
806
|
+
/**
|
|
807
|
+
* Check whether the authenticated user has one project entitlement.
|
|
808
|
+
*
|
|
809
|
+
* The helper does not accept user/email overrides; publishable-key callers
|
|
810
|
+
* are scoped by the server to the JWT identity.
|
|
811
|
+
*/
|
|
812
|
+
checkCurrentUserProjectAccess: (params: CurrentUserProjectAccessParams) => Promise<ProjectAccessCheckResponse>;
|
|
782
813
|
};
|
|
783
814
|
/**
|
|
784
815
|
* Issue reporting namespace for authenticated end-user issue flows.
|
|
@@ -1478,4 +1509,4 @@ declare function createServerClient(secretKey: string, options?: Omit<SPAPSConfi
|
|
|
1478
1509
|
*/
|
|
1479
1510
|
declare function detectKeyType(key: string): ApiKeyType | null;
|
|
1480
1511
|
|
|
1481
|
-
export { type AdminConfig, type ApiKeyType, type CheckoutLineItem, type CheckoutLineItemPriceData, type CreateCheckoutSessionPayload, type CreateSkillEvalCaseRequest, type CreateSkillEvalGovernanceSnapshotRequest, DEFAULT_ADMIN_ACCOUNTS, type EmailSendOptions, type EmailSendResult, type EmailTemplate, type EmailTemplatePreview, type EntitlementCheckResult, type EntitlementListParams, type FeatureContext, type FeatureDefinition, FeatureEvaluator, type HeaderProvider, type ImportSkillEvalGovernanceOutcomeRequest, type IssueReportAttachmentUploadOptions, type IssueReportListParams, type IssueReportStatusParams, type MarketingEventIngestRequest, type MarketingEventIngestResponse, type MarketingEventType, type MarketingExperimentDecision, type MarketingExperimentEffectDecision, type MarketingExperimentMinSampleDecision, type MarketingExperimentRecommendation, type MarketingExperimentResultsResponse, type MarketingExperimentSrmDecision, type MarketingExperimentSrmStatus, type MarketingExperimentVariantResult, type PermissionCheckResult, PermissionChecker, type RespondToSkillEvalReviewRequest, type RevealSkillEvalEvidenceRequest, RoleHierarchy, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, type SPAPSEnvelope, type SkillEvalAccessMode, type SkillEvalActorAccess, type SkillEvalCandidateInput, type SkillEvalCandidateResponse, type SkillEvalCasePolicy, type SkillEvalCaseResponse, type SkillEvalConfidence, type SkillEvalCreateOptions, type SkillEvalDisclosurePolicy, type SkillEvalEligibilitySource, type SkillEvalGovernanceOutcomeResult, type SkillEvalGovernancePurpose, type SkillEvalGovernanceSnapshotResult, type SkillEvalInsight, type SkillEvalInsightsResponse, type SkillEvalModelEffort, type SkillEvalMutationOptions, type SkillEvalPosterResponse, type SkillEvalPosterResponseResult, type SkillEvalRevealField, type SkillEvalRevealResult, type SkillEvalReviewMarkInput, type SkillEvalReviewMarkKind, type SkillEvalReviewResponse, type SkillEvalReviewRoom, type SkillEvalReviewerEligibilityInput, type SkillEvalRewardEvent, type SubmitSkillEvalReviewRequest, type TemplateVariable, TokenManager, WalletUtils, WebSocketAuthHelper, type WebSocketAuthHelperConfig, type X402ExecuteActionOptions, X402PaymentRequiredSDKError, type X402ReceiptListParams, type X402VerifyHandoffOptions, canAccessAdmin, createBrowserClient, createPermissionChecker, createServerClient, SPAPSClient as default, defaultPermissionChecker, detectKeyType, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, isEnvelope, isErrorEnvelope, isSuccessEnvelope, unwrapEnvelope, unwrapNestedData, verifyCryptoWebhookSignature };
|
|
1512
|
+
export { type AdminConfig, type ApiKeyType, type CheckoutLineItem, type CheckoutLineItemPriceData, type CreateCheckoutSessionPayload, type CreateSkillEvalCaseRequest, type CreateSkillEvalGovernanceSnapshotRequest, type CurrentUserProjectAccessParams, type CurrentUserProjectGrantListParams, DEFAULT_ADMIN_ACCOUNTS, type EmailSendOptions, type EmailSendResult, type EmailTemplate, type EmailTemplatePreview, type EntitlementCheckResult, type EntitlementListParams, type FeatureContext, type FeatureDefinition, FeatureEvaluator, type HeaderProvider, type ImportSkillEvalGovernanceOutcomeRequest, type IssueReportAttachmentUploadOptions, type IssueReportListParams, type IssueReportStatusParams, type MarketingEventIngestRequest, type MarketingEventIngestResponse, type MarketingEventType, type MarketingExperimentDecision, type MarketingExperimentEffectDecision, type MarketingExperimentMinSampleDecision, type MarketingExperimentRecommendation, type MarketingExperimentResultsResponse, type MarketingExperimentSrmDecision, type MarketingExperimentSrmStatus, type MarketingExperimentVariantResult, type PermissionCheckResult, PermissionChecker, type RespondToSkillEvalReviewRequest, type RevealSkillEvalEvidenceRequest, RoleHierarchy, SPAPSClient as SPAPS, SPAPSClient, type SPAPSConfig, type SPAPSEnvelope, type SkillEvalAccessMode, type SkillEvalActorAccess, type SkillEvalCandidateInput, type SkillEvalCandidateResponse, type SkillEvalCasePolicy, type SkillEvalCaseResponse, type SkillEvalConfidence, type SkillEvalCreateOptions, type SkillEvalDisclosurePolicy, type SkillEvalEligibilitySource, type SkillEvalGovernanceOutcomeResult, type SkillEvalGovernancePurpose, type SkillEvalGovernanceSnapshotResult, type SkillEvalInsight, type SkillEvalInsightsResponse, type SkillEvalModelEffort, type SkillEvalMutationOptions, type SkillEvalPosterResponse, type SkillEvalPosterResponseResult, type SkillEvalRevealField, type SkillEvalRevealResult, type SkillEvalReviewMarkInput, type SkillEvalReviewMarkKind, type SkillEvalReviewResponse, type SkillEvalReviewRoom, type SkillEvalReviewerEligibilityInput, type SkillEvalRewardEvent, type SubmitSkillEvalReviewRequest, type TemplateVariable, TokenManager, WalletUtils, WebSocketAuthHelper, type WebSocketAuthHelperConfig, type X402ExecuteActionOptions, X402PaymentRequiredSDKError, type X402ReceiptListParams, type X402VerifyHandoffOptions, canAccessAdmin, createBrowserClient, createPermissionChecker, createServerClient, SPAPSClient as default, defaultPermissionChecker, detectKeyType, getRoleAwareErrorMessage, getUserDisplay, getUserRole, hasPermission, isAdminAccount, isEnvelope, isErrorEnvelope, isSuccessEnvelope, unwrapEnvelope, unwrapNestedData, verifyCryptoWebhookSignature };
|
package/dist/index.js
CHANGED
|
@@ -563,6 +563,17 @@ var SPAPSClient = class _SPAPSClient {
|
|
|
563
563
|
}
|
|
564
564
|
return { headers: { "If-Match": String(ifMatch) } };
|
|
565
565
|
}
|
|
566
|
+
requireCurrentUserIdFromAccessToken() {
|
|
567
|
+
if (!this.accessToken) {
|
|
568
|
+
throw new Error("Authentication required. Please authenticate first.");
|
|
569
|
+
}
|
|
570
|
+
const payload = TokenManager.decodePayload(this.accessToken);
|
|
571
|
+
const userId = payload?.user_id ?? payload?.sub;
|
|
572
|
+
if (typeof userId !== "string" || userId.length === 0) {
|
|
573
|
+
throw new Error("Current user id not found in access token.");
|
|
574
|
+
}
|
|
575
|
+
return userId;
|
|
576
|
+
}
|
|
566
577
|
isAxiosResponse(value) {
|
|
567
578
|
if (!value || typeof value !== "object") {
|
|
568
579
|
return false;
|
|
@@ -701,6 +712,46 @@ var SPAPSClient = class _SPAPSClient {
|
|
|
701
712
|
return payload.entitlements;
|
|
702
713
|
}
|
|
703
714
|
return payload;
|
|
715
|
+
},
|
|
716
|
+
/**
|
|
717
|
+
* List project grants for the authenticated user.
|
|
718
|
+
*
|
|
719
|
+
* Browser/publishable-key contexts are safe here because the server requires
|
|
720
|
+
* the JWT subject to match the path user id.
|
|
721
|
+
*/
|
|
722
|
+
listCurrentUserProjects: async (params) => {
|
|
723
|
+
const userId = this.requireCurrentUserIdFromAccessToken();
|
|
724
|
+
const q = new URLSearchParams();
|
|
725
|
+
if (params?.entitlementKey) q.append("entitlement_key", params.entitlementKey);
|
|
726
|
+
if (params?.limit !== void 0) q.append("limit", String(params.limit));
|
|
727
|
+
if (params?.offset !== void 0) q.append("offset", String(params.offset));
|
|
728
|
+
if (params?.cursor) q.append("cursor", params.cursor);
|
|
729
|
+
const qs = q.toString();
|
|
730
|
+
const res = await this.client.get(
|
|
731
|
+
`/api/project-grants/user/${encodeURIComponent(userId)}/projects${qs ? `?${qs}` : ""}`,
|
|
732
|
+
{ headers: { Authorization: `Bearer ${this.accessToken}` } }
|
|
733
|
+
);
|
|
734
|
+
return this.unwrapApiResponse(res, "Failed to list current user project grants");
|
|
735
|
+
},
|
|
736
|
+
/**
|
|
737
|
+
* Check whether the authenticated user has one project entitlement.
|
|
738
|
+
*
|
|
739
|
+
* The helper does not accept user/email overrides; publishable-key callers
|
|
740
|
+
* are scoped by the server to the JWT identity.
|
|
741
|
+
*/
|
|
742
|
+
checkCurrentUserProjectAccess: async (params) => {
|
|
743
|
+
if (!this.accessToken) {
|
|
744
|
+
throw new Error("Authentication required. Please authenticate first.");
|
|
745
|
+
}
|
|
746
|
+
const q = new URLSearchParams({
|
|
747
|
+
project_id: params.projectId,
|
|
748
|
+
entitlement_key: params.entitlementKey
|
|
749
|
+
});
|
|
750
|
+
const res = await this.client.get(
|
|
751
|
+
`/api/project-grants/check?${q.toString()}`,
|
|
752
|
+
{ headers: { Authorization: `Bearer ${this.accessToken}` } }
|
|
753
|
+
);
|
|
754
|
+
return this.unwrapApiResponse(res, "Failed to check current user project access");
|
|
704
755
|
}
|
|
705
756
|
};
|
|
706
757
|
/**
|
package/dist/index.mjs
CHANGED
|
@@ -528,6 +528,17 @@ var SPAPSClient = class _SPAPSClient {
|
|
|
528
528
|
}
|
|
529
529
|
return { headers: { "If-Match": String(ifMatch) } };
|
|
530
530
|
}
|
|
531
|
+
requireCurrentUserIdFromAccessToken() {
|
|
532
|
+
if (!this.accessToken) {
|
|
533
|
+
throw new Error("Authentication required. Please authenticate first.");
|
|
534
|
+
}
|
|
535
|
+
const payload = TokenManager.decodePayload(this.accessToken);
|
|
536
|
+
const userId = payload?.user_id ?? payload?.sub;
|
|
537
|
+
if (typeof userId !== "string" || userId.length === 0) {
|
|
538
|
+
throw new Error("Current user id not found in access token.");
|
|
539
|
+
}
|
|
540
|
+
return userId;
|
|
541
|
+
}
|
|
531
542
|
isAxiosResponse(value) {
|
|
532
543
|
if (!value || typeof value !== "object") {
|
|
533
544
|
return false;
|
|
@@ -666,6 +677,46 @@ var SPAPSClient = class _SPAPSClient {
|
|
|
666
677
|
return payload.entitlements;
|
|
667
678
|
}
|
|
668
679
|
return payload;
|
|
680
|
+
},
|
|
681
|
+
/**
|
|
682
|
+
* List project grants for the authenticated user.
|
|
683
|
+
*
|
|
684
|
+
* Browser/publishable-key contexts are safe here because the server requires
|
|
685
|
+
* the JWT subject to match the path user id.
|
|
686
|
+
*/
|
|
687
|
+
listCurrentUserProjects: async (params) => {
|
|
688
|
+
const userId = this.requireCurrentUserIdFromAccessToken();
|
|
689
|
+
const q = new URLSearchParams();
|
|
690
|
+
if (params?.entitlementKey) q.append("entitlement_key", params.entitlementKey);
|
|
691
|
+
if (params?.limit !== void 0) q.append("limit", String(params.limit));
|
|
692
|
+
if (params?.offset !== void 0) q.append("offset", String(params.offset));
|
|
693
|
+
if (params?.cursor) q.append("cursor", params.cursor);
|
|
694
|
+
const qs = q.toString();
|
|
695
|
+
const res = await this.client.get(
|
|
696
|
+
`/api/project-grants/user/${encodeURIComponent(userId)}/projects${qs ? `?${qs}` : ""}`,
|
|
697
|
+
{ headers: { Authorization: `Bearer ${this.accessToken}` } }
|
|
698
|
+
);
|
|
699
|
+
return this.unwrapApiResponse(res, "Failed to list current user project grants");
|
|
700
|
+
},
|
|
701
|
+
/**
|
|
702
|
+
* Check whether the authenticated user has one project entitlement.
|
|
703
|
+
*
|
|
704
|
+
* The helper does not accept user/email overrides; publishable-key callers
|
|
705
|
+
* are scoped by the server to the JWT identity.
|
|
706
|
+
*/
|
|
707
|
+
checkCurrentUserProjectAccess: async (params) => {
|
|
708
|
+
if (!this.accessToken) {
|
|
709
|
+
throw new Error("Authentication required. Please authenticate first.");
|
|
710
|
+
}
|
|
711
|
+
const q = new URLSearchParams({
|
|
712
|
+
project_id: params.projectId,
|
|
713
|
+
entitlement_key: params.entitlementKey
|
|
714
|
+
});
|
|
715
|
+
const res = await this.client.get(
|
|
716
|
+
`/api/project-grants/check?${q.toString()}`,
|
|
717
|
+
{ headers: { Authorization: `Bearer ${this.accessToken}` } }
|
|
718
|
+
);
|
|
719
|
+
return this.unwrapApiResponse(res, "Failed to check current user project access");
|
|
669
720
|
}
|
|
670
721
|
};
|
|
671
722
|
/**
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "spaps-sdk",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.11.0",
|
|
4
4
|
"description": "Sweet Potato Authentication & Payment Service SDK - Zero-config client with built-in permission checking, role-based access control, and dayrate scheduling",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -81,4 +81,4 @@
|
|
|
81
81
|
"engines": {
|
|
82
82
|
"node": ">=14.0.0"
|
|
83
83
|
}
|
|
84
|
-
}
|
|
84
|
+
}
|