spaps-sdk 1.8.0 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -6,6 +6,10 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and
6
6
 
7
7
  ## [Unreleased]
8
8
 
9
+ ## [1.8.0] - 2026-05-11
10
+
11
+ - Maintenance: align the SDK package version after release automation.
12
+
9
13
  ## [1.7.0] - 2026-05-09
10
14
 
11
15
  - Added `dayrate.getCheckoutStatus(sessionId)` and checkout-status response types for Bookme/dayrate confirmation polling.
package/README.md CHANGED
@@ -23,7 +23,7 @@ This package targets `Node.js >=14`.
23
23
 
24
24
  | Need | Package gives you |
25
25
  | --- | --- |
26
- | One client for many SPAPS surfaces | `auth`, `payments`, `sessions`, `secureMessages`, `issueReporting`, `appLinks`, `email`, `entitlements`, `skillEvals`, `dayrate`, `admin`, and `cfo` namespaces |
26
+ | One client for many SPAPS surfaces | `auth`, `payments`, `sessions`, `secureMessages`, `issueReporting`, `appLinks`, `email`, `entitlements`, `usage`, `skillEvals`, `dayrate`, `admin`, and `cfo` namespaces |
27
27
  | Local development without extra config | Localhost URLs automatically enable local mode |
28
28
  | Browser and server usage | `publishableKey`, `secretKey`, or legacy `apiKey` support |
29
29
  | Shared contracts | Re-exports a large slice of `spaps-types` |
@@ -88,6 +88,7 @@ Relevant environment variables:
88
88
  | `appLinks` | Authenticated create and public resolve helpers for application-scoped short links |
89
89
  | `email` | Template lookup, preview, and send helpers |
90
90
  | `entitlements` | User and resource entitlement queries |
91
+ | `usage` | Secret-key usage authorization and immutable usage recording |
91
92
  | `skillEvals` | Paid blind skill-eval cases, review rooms, reviewer marks, insight inboxes, and controlled reveal |
92
93
  | `dayrate` | Availability, Stripe booking, x402 booking-hold, and checkout-status helpers |
93
94
  | `admin` | Product and pricing admin helpers |
@@ -144,6 +145,56 @@ const link = await spaps.appLinks.create({
144
145
  console.log(`/${link.app_slug}/${link.username}/${link.slug}`);
145
146
  ```
146
147
 
148
+ ### Server-Side Usage Control
149
+
150
+ Use `usage` from a trusted backend with a secret key. Browser apps should call
151
+ their own backend first; that backend asks SPAPS to authorize the work, performs
152
+ the work only on an allow or warning decision, then records the actual usage
153
+ with a stable idempotency key.
154
+
155
+ ```ts
156
+ const spaps = new SPAPSClient({
157
+ apiUrl: "https://api.example.test",
158
+ secretKey: process.env.SPAPS_SECRET_KEY,
159
+ });
160
+
161
+ const authorization = await spaps.usage.authorize({
162
+ feature_key: "assistant_tokens",
163
+ resource_type: "company",
164
+ resource_id: "company_123",
165
+ subject_user_id: "user_123",
166
+ dimensions: {
167
+ requests: 1,
168
+ input_tokens: 1200,
169
+ },
170
+ });
171
+
172
+ if (authorization.decision === "blocked") {
173
+ throw new Error(authorization.reasons[0]?.message || "Usage not authorized");
174
+ }
175
+
176
+ const result = await runAssistantJob();
177
+
178
+ await spaps.usage.record({
179
+ authorization_ref: authorization.authorization_ref,
180
+ idempotency_key: result.jobId,
181
+ feature_key: "assistant_tokens",
182
+ resource_type: "company",
183
+ resource_id: "company_123",
184
+ subject_user_id: "user_123",
185
+ dimensions: {
186
+ input_tokens: result.inputTokens,
187
+ output_tokens: result.outputTokens,
188
+ },
189
+ metadata: {
190
+ job_id: result.jobId,
191
+ },
192
+ });
193
+ ```
194
+
195
+ The legacy `/api/usage/features` and `/api/usage/history` routes remain
196
+ not-implemented stubs and are not exposed through this SDK namespace.
197
+
147
198
  ### Skill Evals
148
199
 
149
200
  Use `skillEvals` for SPAPS-owned blind review of agent-skill logs. Paid creation uses the same `PAYMENT-SIGNATURE` header shape as the x402 namespace. Reviewers submit `valuable` and `not_valuable` marks, and submitters read those marks through an insight inbox before applying skill changes.
@@ -365,7 +416,7 @@ npm run test:readme
365
416
  ## Metadata
366
417
 
367
418
  - `package_name`: `spaps-sdk`
368
- - `latest_version`: `1.7.0`
419
+ - `latest_version`: `1.8.0`
369
420
  - `minimum_runtime`: `Node.js >=14.0.0`
370
421
  - `api_base_url`: `https://api.sweetpotato.dev`
371
422
 
package/dist/index.d.mts CHANGED
@@ -1,6 +1,6 @@
1
1
  import * as spaps_types from 'spaps-types';
2
- import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, Subscription, UsageBalance, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
- export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest, UsageBalance, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, secureMessageMetadataSchema, secureMessageSchema } from 'spaps-types';
2
+ import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
+ export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
4
4
 
5
5
  /**
6
6
  * Permission checking utilities for SPAPS SDK
@@ -1091,6 +1091,23 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1091
1091
  */
1092
1092
  getCheckoutStatus: (sessionId: string) => Promise<DayrateCheckoutStatusResponse>;
1093
1093
  };
1094
+ /**
1095
+ * Server-side usage control.
1096
+ *
1097
+ * These endpoints require a secret SPAPS key. Browser clients should call
1098
+ * their own backend, then the backend should authorize before work and record
1099
+ * after work completes.
1100
+ */
1101
+ usage: {
1102
+ /**
1103
+ * Authorize proposed usage before a downstream job, inference, or action runs.
1104
+ */
1105
+ authorize: (payload: UsageControlAuthorizeRequest) => Promise<UsageControlAuthorizeResponse>;
1106
+ /**
1107
+ * Record immutable usage after work completes.
1108
+ */
1109
+ record: (payload: UsageControlRecordRequest) => Promise<UsageControlRecordResponse>;
1110
+ };
1094
1111
  createCheckoutSession(priceId: string, successUrl: string, cancelUrl?: string): Promise<{
1095
1112
  data: CheckoutSession;
1096
1113
  }>;
@@ -1098,10 +1115,8 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1098
1115
  data: Subscription;
1099
1116
  }>;
1100
1117
  cancelSubscription(): Promise<void>;
1101
- getUsageBalance(): Promise<{
1102
- data: UsageBalance;
1103
- }>;
1104
- recordUsage(feature: string, amount: number): Promise<void>;
1118
+ authorizeUsage(payload: UsageControlAuthorizeRequest): Promise<UsageControlAuthorizeResponse>;
1119
+ recordUsage(payload: UsageControlRecordRequest): Promise<UsageControlRecordResponse>;
1105
1120
  private createSecureMessage;
1106
1121
  private listSecureMessages;
1107
1122
  /**
package/dist/index.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import * as spaps_types from 'spaps-types';
2
- import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, Subscription, UsageBalance, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
- export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest, UsageBalance, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, secureMessageMetadataSchema, secureMessageSchema } from 'spaps-types';
2
+ import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
+ export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
4
4
 
5
5
  /**
6
6
  * Permission checking utilities for SPAPS SDK
@@ -1091,6 +1091,23 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1091
1091
  */
1092
1092
  getCheckoutStatus: (sessionId: string) => Promise<DayrateCheckoutStatusResponse>;
1093
1093
  };
1094
+ /**
1095
+ * Server-side usage control.
1096
+ *
1097
+ * These endpoints require a secret SPAPS key. Browser clients should call
1098
+ * their own backend, then the backend should authorize before work and record
1099
+ * after work completes.
1100
+ */
1101
+ usage: {
1102
+ /**
1103
+ * Authorize proposed usage before a downstream job, inference, or action runs.
1104
+ */
1105
+ authorize: (payload: UsageControlAuthorizeRequest) => Promise<UsageControlAuthorizeResponse>;
1106
+ /**
1107
+ * Record immutable usage after work completes.
1108
+ */
1109
+ record: (payload: UsageControlRecordRequest) => Promise<UsageControlRecordResponse>;
1110
+ };
1094
1111
  createCheckoutSession(priceId: string, successUrl: string, cancelUrl?: string): Promise<{
1095
1112
  data: CheckoutSession;
1096
1113
  }>;
@@ -1098,10 +1115,8 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1098
1115
  data: Subscription;
1099
1116
  }>;
1100
1117
  cancelSubscription(): Promise<void>;
1101
- getUsageBalance(): Promise<{
1102
- data: UsageBalance;
1103
- }>;
1104
- recordUsage(feature: string, amount: number): Promise<void>;
1118
+ authorizeUsage(payload: UsageControlAuthorizeRequest): Promise<UsageControlAuthorizeResponse>;
1119
+ recordUsage(payload: UsageControlRecordRequest): Promise<UsageControlRecordResponse>;
1105
1120
  private createSecureMessage;
1106
1121
  private listSecureMessages;
1107
1122
  /**
package/dist/index.js CHANGED
@@ -204,6 +204,7 @@ __export(index_exports, {
204
204
  WalletUtils: () => WalletUtils,
205
205
  WebSocketAuthHelper: () => WebSocketAuthHelper,
206
206
  X402PaymentRequiredSDKError: () => X402PaymentRequiredSDKError,
207
+ atomicToMoneyUnits: () => import_spaps_types.atomicToMoneyUnits,
207
208
  canAccessAdmin: () => canAccessAdmin,
208
209
  createBrowserClient: () => createBrowserClient,
209
210
  createPermissionChecker: () => createPermissionChecker,
@@ -222,10 +223,13 @@ __export(index_exports, {
222
223
  isSuccessEnvelope: () => isSuccessEnvelope,
223
224
  isX402PaymentRequired: () => import_spaps_types.isX402PaymentRequired,
224
225
  isX402ResourceStatus: () => import_spaps_types.isX402ResourceStatus,
226
+ moneyUnitsToAtomic: () => import_spaps_types.moneyUnitsToAtomic,
227
+ roundHalfToPositiveInfinity: () => import_spaps_types.roundHalfToPositiveInfinity,
225
228
  secureMessageMetadataSchema: () => import_spaps_types2.secureMessageMetadataSchema,
226
229
  secureMessageSchema: () => import_spaps_types2.secureMessageSchema,
227
230
  unwrapEnvelope: () => unwrapEnvelope,
228
231
  unwrapNestedData: () => unwrapNestedData,
232
+ validatePositiveAmountAtomic: () => import_spaps_types.validatePositiveAmountAtomic,
229
233
  verifyCryptoWebhookSignature: () => verifyCryptoWebhookSignature
230
234
  });
231
235
  module.exports = __toCommonJS(index_exports);
@@ -1613,6 +1617,29 @@ var SPAPSClient = class _SPAPSClient {
1613
1617
  return this.unwrapApiResponse(res, "Failed to get checkout status");
1614
1618
  }
1615
1619
  };
1620
+ /**
1621
+ * Server-side usage control.
1622
+ *
1623
+ * These endpoints require a secret SPAPS key. Browser clients should call
1624
+ * their own backend, then the backend should authorize before work and record
1625
+ * after work completes.
1626
+ */
1627
+ usage = {
1628
+ /**
1629
+ * Authorize proposed usage before a downstream job, inference, or action runs.
1630
+ */
1631
+ authorize: async (payload) => {
1632
+ const res = await this.client.post("/api/usage/authorize", payload);
1633
+ return this.unwrapApiResponse(res, "Failed to authorize usage");
1634
+ },
1635
+ /**
1636
+ * Record immutable usage after work completes.
1637
+ */
1638
+ record: async (payload) => {
1639
+ const res = await this.client.post("/api/usage/record", payload);
1640
+ return this.unwrapApiResponse(res, "Failed to record usage");
1641
+ }
1642
+ };
1616
1643
  // Stripe Methods
1617
1644
  async createCheckoutSession(priceId, successUrl, cancelUrl) {
1618
1645
  return this.client.post("/api/stripe/create-checkout-session", {
@@ -1628,14 +1655,11 @@ var SPAPSClient = class _SPAPSClient {
1628
1655
  await this.client.delete("/api/stripe/subscription");
1629
1656
  }
1630
1657
  // Usage Methods
1631
- async getUsageBalance() {
1632
- return this.client.get("/api/usage/balance");
1658
+ async authorizeUsage(payload) {
1659
+ return this.usage.authorize(payload);
1633
1660
  }
1634
- async recordUsage(feature, amount) {
1635
- await this.client.post("/api/usage/record", {
1636
- feature,
1637
- amount
1638
- });
1661
+ async recordUsage(payload) {
1662
+ return this.usage.record(payload);
1639
1663
  }
1640
1664
  // Secure Messaging Methods
1641
1665
  async createSecureMessage(payload) {
@@ -2099,6 +2123,7 @@ function detectKeyType(key) {
2099
2123
  WalletUtils,
2100
2124
  WebSocketAuthHelper,
2101
2125
  X402PaymentRequiredSDKError,
2126
+ atomicToMoneyUnits,
2102
2127
  canAccessAdmin,
2103
2128
  createBrowserClient,
2104
2129
  createPermissionChecker,
@@ -2116,9 +2141,12 @@ function detectKeyType(key) {
2116
2141
  isSuccessEnvelope,
2117
2142
  isX402PaymentRequired,
2118
2143
  isX402ResourceStatus,
2144
+ moneyUnitsToAtomic,
2145
+ roundHalfToPositiveInfinity,
2119
2146
  secureMessageMetadataSchema,
2120
2147
  secureMessageSchema,
2121
2148
  unwrapEnvelope,
2122
2149
  unwrapNestedData,
2150
+ validatePositiveAmountAtomic,
2123
2151
  verifyCryptoWebhookSignature
2124
2152
  });
package/dist/index.mjs CHANGED
@@ -192,7 +192,11 @@ import crypto from "crypto";
192
192
  import axios from "axios";
193
193
  import {
194
194
  isX402PaymentRequired,
195
- isX402ResourceStatus
195
+ isX402ResourceStatus,
196
+ atomicToMoneyUnits,
197
+ moneyUnitsToAtomic,
198
+ roundHalfToPositiveInfinity,
199
+ validatePositiveAmountAtomic
196
200
  } from "spaps-types";
197
201
  import {
198
202
  createSecureMessageRequestSchema,
@@ -1578,6 +1582,29 @@ var SPAPSClient = class _SPAPSClient {
1578
1582
  return this.unwrapApiResponse(res, "Failed to get checkout status");
1579
1583
  }
1580
1584
  };
1585
+ /**
1586
+ * Server-side usage control.
1587
+ *
1588
+ * These endpoints require a secret SPAPS key. Browser clients should call
1589
+ * their own backend, then the backend should authorize before work and record
1590
+ * after work completes.
1591
+ */
1592
+ usage = {
1593
+ /**
1594
+ * Authorize proposed usage before a downstream job, inference, or action runs.
1595
+ */
1596
+ authorize: async (payload) => {
1597
+ const res = await this.client.post("/api/usage/authorize", payload);
1598
+ return this.unwrapApiResponse(res, "Failed to authorize usage");
1599
+ },
1600
+ /**
1601
+ * Record immutable usage after work completes.
1602
+ */
1603
+ record: async (payload) => {
1604
+ const res = await this.client.post("/api/usage/record", payload);
1605
+ return this.unwrapApiResponse(res, "Failed to record usage");
1606
+ }
1607
+ };
1581
1608
  // Stripe Methods
1582
1609
  async createCheckoutSession(priceId, successUrl, cancelUrl) {
1583
1610
  return this.client.post("/api/stripe/create-checkout-session", {
@@ -1593,14 +1620,11 @@ var SPAPSClient = class _SPAPSClient {
1593
1620
  await this.client.delete("/api/stripe/subscription");
1594
1621
  }
1595
1622
  // Usage Methods
1596
- async getUsageBalance() {
1597
- return this.client.get("/api/usage/balance");
1623
+ async authorizeUsage(payload) {
1624
+ return this.usage.authorize(payload);
1598
1625
  }
1599
- async recordUsage(feature, amount) {
1600
- await this.client.post("/api/usage/record", {
1601
- feature,
1602
- amount
1603
- });
1626
+ async recordUsage(payload) {
1627
+ return this.usage.record(payload);
1604
1628
  }
1605
1629
  // Secure Messaging Methods
1606
1630
  async createSecureMessage(payload) {
@@ -2063,6 +2087,7 @@ export {
2063
2087
  WalletUtils,
2064
2088
  WebSocketAuthHelper,
2065
2089
  X402PaymentRequiredSDKError,
2090
+ atomicToMoneyUnits,
2066
2091
  canAccessAdmin,
2067
2092
  createBrowserClient,
2068
2093
  createPermissionChecker,
@@ -2081,9 +2106,12 @@ export {
2081
2106
  isSuccessEnvelope,
2082
2107
  isX402PaymentRequired,
2083
2108
  isX402ResourceStatus,
2109
+ moneyUnitsToAtomic,
2110
+ roundHalfToPositiveInfinity,
2084
2111
  secureMessageMetadataSchema,
2085
2112
  secureMessageSchema,
2086
2113
  unwrapEnvelope,
2087
2114
  unwrapNestedData,
2115
+ validatePositiveAmountAtomic,
2088
2116
  verifyCryptoWebhookSignature
2089
2117
  };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "spaps-sdk",
3
- "version": "1.8.0",
3
+ "version": "1.10.0",
4
4
  "description": "Sweet Potato Authentication & Payment Service SDK - Zero-config client with built-in permission checking, role-based access control, and dayrate scheduling",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -51,7 +51,7 @@
51
51
  "dependencies": {
52
52
  "axios": "^1.15.1",
53
53
  "cross-fetch": "^4.0.0",
54
- "spaps-types": "^1.2.0"
54
+ "spaps-types": "^1.3.0"
55
55
  },
56
56
  "devDependencies": {
57
57
  "@types/node": "^20.10.0",