spaps-sdk 1.8.0 → 1.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/README.md +53 -2
- package/dist/index.d.mts +21 -6
- package/dist/index.d.ts +21 -6
- package/dist/index.js +35 -7
- package/dist/index.mjs +36 -8
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,10 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and
|
|
|
6
6
|
|
|
7
7
|
## [Unreleased]
|
|
8
8
|
|
|
9
|
+
## [1.8.0] - 2026-05-11
|
|
10
|
+
|
|
11
|
+
- Maintenance: align the SDK package version after release automation.
|
|
12
|
+
|
|
9
13
|
## [1.7.0] - 2026-05-09
|
|
10
14
|
|
|
11
15
|
- Added `dayrate.getCheckoutStatus(sessionId)` and checkout-status response types for Bookme/dayrate confirmation polling.
|
package/README.md
CHANGED
|
@@ -23,7 +23,7 @@ This package targets `Node.js >=14`.
|
|
|
23
23
|
|
|
24
24
|
| Need | Package gives you |
|
|
25
25
|
| --- | --- |
|
|
26
|
-
| One client for many SPAPS surfaces | `auth`, `payments`, `sessions`, `secureMessages`, `issueReporting`, `appLinks`, `email`, `entitlements`, `skillEvals`, `dayrate`, `admin`, and `cfo` namespaces |
|
|
26
|
+
| One client for many SPAPS surfaces | `auth`, `payments`, `sessions`, `secureMessages`, `issueReporting`, `appLinks`, `email`, `entitlements`, `usage`, `skillEvals`, `dayrate`, `admin`, and `cfo` namespaces |
|
|
27
27
|
| Local development without extra config | Localhost URLs automatically enable local mode |
|
|
28
28
|
| Browser and server usage | `publishableKey`, `secretKey`, or legacy `apiKey` support |
|
|
29
29
|
| Shared contracts | Re-exports a large slice of `spaps-types` |
|
|
@@ -88,6 +88,7 @@ Relevant environment variables:
|
|
|
88
88
|
| `appLinks` | Authenticated create and public resolve helpers for application-scoped short links |
|
|
89
89
|
| `email` | Template lookup, preview, and send helpers |
|
|
90
90
|
| `entitlements` | User and resource entitlement queries |
|
|
91
|
+
| `usage` | Secret-key usage authorization and immutable usage recording |
|
|
91
92
|
| `skillEvals` | Paid blind skill-eval cases, review rooms, reviewer marks, insight inboxes, and controlled reveal |
|
|
92
93
|
| `dayrate` | Availability, Stripe booking, x402 booking-hold, and checkout-status helpers |
|
|
93
94
|
| `admin` | Product and pricing admin helpers |
|
|
@@ -144,6 +145,56 @@ const link = await spaps.appLinks.create({
|
|
|
144
145
|
console.log(`/${link.app_slug}/${link.username}/${link.slug}`);
|
|
145
146
|
```
|
|
146
147
|
|
|
148
|
+
### Server-Side Usage Control
|
|
149
|
+
|
|
150
|
+
Use `usage` from a trusted backend with a secret key. Browser apps should call
|
|
151
|
+
their own backend first; that backend asks SPAPS to authorize the work, performs
|
|
152
|
+
the work only on an allow or warning decision, then records the actual usage
|
|
153
|
+
with a stable idempotency key.
|
|
154
|
+
|
|
155
|
+
```ts
|
|
156
|
+
const spaps = new SPAPSClient({
|
|
157
|
+
apiUrl: "https://api.example.test",
|
|
158
|
+
secretKey: process.env.SPAPS_SECRET_KEY,
|
|
159
|
+
});
|
|
160
|
+
|
|
161
|
+
const authorization = await spaps.usage.authorize({
|
|
162
|
+
feature_key: "assistant_tokens",
|
|
163
|
+
resource_type: "company",
|
|
164
|
+
resource_id: "company_123",
|
|
165
|
+
subject_user_id: "user_123",
|
|
166
|
+
dimensions: {
|
|
167
|
+
requests: 1,
|
|
168
|
+
input_tokens: 1200,
|
|
169
|
+
},
|
|
170
|
+
});
|
|
171
|
+
|
|
172
|
+
if (authorization.decision === "blocked") {
|
|
173
|
+
throw new Error(authorization.reasons[0]?.message || "Usage not authorized");
|
|
174
|
+
}
|
|
175
|
+
|
|
176
|
+
const result = await runAssistantJob();
|
|
177
|
+
|
|
178
|
+
await spaps.usage.record({
|
|
179
|
+
authorization_ref: authorization.authorization_ref,
|
|
180
|
+
idempotency_key: result.jobId,
|
|
181
|
+
feature_key: "assistant_tokens",
|
|
182
|
+
resource_type: "company",
|
|
183
|
+
resource_id: "company_123",
|
|
184
|
+
subject_user_id: "user_123",
|
|
185
|
+
dimensions: {
|
|
186
|
+
input_tokens: result.inputTokens,
|
|
187
|
+
output_tokens: result.outputTokens,
|
|
188
|
+
},
|
|
189
|
+
metadata: {
|
|
190
|
+
job_id: result.jobId,
|
|
191
|
+
},
|
|
192
|
+
});
|
|
193
|
+
```
|
|
194
|
+
|
|
195
|
+
The legacy `/api/usage/features` and `/api/usage/history` routes remain
|
|
196
|
+
not-implemented stubs and are not exposed through this SDK namespace.
|
|
197
|
+
|
|
147
198
|
### Skill Evals
|
|
148
199
|
|
|
149
200
|
Use `skillEvals` for SPAPS-owned blind review of agent-skill logs. Paid creation uses the same `PAYMENT-SIGNATURE` header shape as the x402 namespace. Reviewers submit `valuable` and `not_valuable` marks, and submitters read those marks through an insight inbox before applying skill changes.
|
|
@@ -365,7 +416,7 @@ npm run test:readme
|
|
|
365
416
|
## Metadata
|
|
366
417
|
|
|
367
418
|
- `package_name`: `spaps-sdk`
|
|
368
|
-
- `latest_version`: `1.
|
|
419
|
+
- `latest_version`: `1.8.0`
|
|
369
420
|
- `minimum_runtime`: `Node.js >=14.0.0`
|
|
370
421
|
- `api_base_url`: `https://api.sweetpotato.dev`
|
|
371
422
|
|
package/dist/index.d.mts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import * as spaps_types from 'spaps-types';
|
|
2
|
-
import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse,
|
|
3
|
-
export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest,
|
|
2
|
+
import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
|
|
3
|
+
export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* Permission checking utilities for SPAPS SDK
|
|
@@ -1091,6 +1091,23 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
|
|
|
1091
1091
|
*/
|
|
1092
1092
|
getCheckoutStatus: (sessionId: string) => Promise<DayrateCheckoutStatusResponse>;
|
|
1093
1093
|
};
|
|
1094
|
+
/**
|
|
1095
|
+
* Server-side usage control.
|
|
1096
|
+
*
|
|
1097
|
+
* These endpoints require a secret SPAPS key. Browser clients should call
|
|
1098
|
+
* their own backend, then the backend should authorize before work and record
|
|
1099
|
+
* after work completes.
|
|
1100
|
+
*/
|
|
1101
|
+
usage: {
|
|
1102
|
+
/**
|
|
1103
|
+
* Authorize proposed usage before a downstream job, inference, or action runs.
|
|
1104
|
+
*/
|
|
1105
|
+
authorize: (payload: UsageControlAuthorizeRequest) => Promise<UsageControlAuthorizeResponse>;
|
|
1106
|
+
/**
|
|
1107
|
+
* Record immutable usage after work completes.
|
|
1108
|
+
*/
|
|
1109
|
+
record: (payload: UsageControlRecordRequest) => Promise<UsageControlRecordResponse>;
|
|
1110
|
+
};
|
|
1094
1111
|
createCheckoutSession(priceId: string, successUrl: string, cancelUrl?: string): Promise<{
|
|
1095
1112
|
data: CheckoutSession;
|
|
1096
1113
|
}>;
|
|
@@ -1098,10 +1115,8 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
|
|
|
1098
1115
|
data: Subscription;
|
|
1099
1116
|
}>;
|
|
1100
1117
|
cancelSubscription(): Promise<void>;
|
|
1101
|
-
|
|
1102
|
-
|
|
1103
|
-
}>;
|
|
1104
|
-
recordUsage(feature: string, amount: number): Promise<void>;
|
|
1118
|
+
authorizeUsage(payload: UsageControlAuthorizeRequest): Promise<UsageControlAuthorizeResponse>;
|
|
1119
|
+
recordUsage(payload: UsageControlRecordRequest): Promise<UsageControlRecordResponse>;
|
|
1105
1120
|
private createSecureMessage;
|
|
1106
1121
|
private listSecureMessages;
|
|
1107
1122
|
/**
|
package/dist/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import * as spaps_types from 'spaps-types';
|
|
2
|
-
import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse,
|
|
3
|
-
export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest,
|
|
2
|
+
import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
|
|
3
|
+
export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* Permission checking utilities for SPAPS SDK
|
|
@@ -1091,6 +1091,23 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
|
|
|
1091
1091
|
*/
|
|
1092
1092
|
getCheckoutStatus: (sessionId: string) => Promise<DayrateCheckoutStatusResponse>;
|
|
1093
1093
|
};
|
|
1094
|
+
/**
|
|
1095
|
+
* Server-side usage control.
|
|
1096
|
+
*
|
|
1097
|
+
* These endpoints require a secret SPAPS key. Browser clients should call
|
|
1098
|
+
* their own backend, then the backend should authorize before work and record
|
|
1099
|
+
* after work completes.
|
|
1100
|
+
*/
|
|
1101
|
+
usage: {
|
|
1102
|
+
/**
|
|
1103
|
+
* Authorize proposed usage before a downstream job, inference, or action runs.
|
|
1104
|
+
*/
|
|
1105
|
+
authorize: (payload: UsageControlAuthorizeRequest) => Promise<UsageControlAuthorizeResponse>;
|
|
1106
|
+
/**
|
|
1107
|
+
* Record immutable usage after work completes.
|
|
1108
|
+
*/
|
|
1109
|
+
record: (payload: UsageControlRecordRequest) => Promise<UsageControlRecordResponse>;
|
|
1110
|
+
};
|
|
1094
1111
|
createCheckoutSession(priceId: string, successUrl: string, cancelUrl?: string): Promise<{
|
|
1095
1112
|
data: CheckoutSession;
|
|
1096
1113
|
}>;
|
|
@@ -1098,10 +1115,8 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
|
|
|
1098
1115
|
data: Subscription;
|
|
1099
1116
|
}>;
|
|
1100
1117
|
cancelSubscription(): Promise<void>;
|
|
1101
|
-
|
|
1102
|
-
|
|
1103
|
-
}>;
|
|
1104
|
-
recordUsage(feature: string, amount: number): Promise<void>;
|
|
1118
|
+
authorizeUsage(payload: UsageControlAuthorizeRequest): Promise<UsageControlAuthorizeResponse>;
|
|
1119
|
+
recordUsage(payload: UsageControlRecordRequest): Promise<UsageControlRecordResponse>;
|
|
1105
1120
|
private createSecureMessage;
|
|
1106
1121
|
private listSecureMessages;
|
|
1107
1122
|
/**
|
package/dist/index.js
CHANGED
|
@@ -204,6 +204,7 @@ __export(index_exports, {
|
|
|
204
204
|
WalletUtils: () => WalletUtils,
|
|
205
205
|
WebSocketAuthHelper: () => WebSocketAuthHelper,
|
|
206
206
|
X402PaymentRequiredSDKError: () => X402PaymentRequiredSDKError,
|
|
207
|
+
atomicToMoneyUnits: () => import_spaps_types.atomicToMoneyUnits,
|
|
207
208
|
canAccessAdmin: () => canAccessAdmin,
|
|
208
209
|
createBrowserClient: () => createBrowserClient,
|
|
209
210
|
createPermissionChecker: () => createPermissionChecker,
|
|
@@ -222,10 +223,13 @@ __export(index_exports, {
|
|
|
222
223
|
isSuccessEnvelope: () => isSuccessEnvelope,
|
|
223
224
|
isX402PaymentRequired: () => import_spaps_types.isX402PaymentRequired,
|
|
224
225
|
isX402ResourceStatus: () => import_spaps_types.isX402ResourceStatus,
|
|
226
|
+
moneyUnitsToAtomic: () => import_spaps_types.moneyUnitsToAtomic,
|
|
227
|
+
roundHalfToPositiveInfinity: () => import_spaps_types.roundHalfToPositiveInfinity,
|
|
225
228
|
secureMessageMetadataSchema: () => import_spaps_types2.secureMessageMetadataSchema,
|
|
226
229
|
secureMessageSchema: () => import_spaps_types2.secureMessageSchema,
|
|
227
230
|
unwrapEnvelope: () => unwrapEnvelope,
|
|
228
231
|
unwrapNestedData: () => unwrapNestedData,
|
|
232
|
+
validatePositiveAmountAtomic: () => import_spaps_types.validatePositiveAmountAtomic,
|
|
229
233
|
verifyCryptoWebhookSignature: () => verifyCryptoWebhookSignature
|
|
230
234
|
});
|
|
231
235
|
module.exports = __toCommonJS(index_exports);
|
|
@@ -1613,6 +1617,29 @@ var SPAPSClient = class _SPAPSClient {
|
|
|
1613
1617
|
return this.unwrapApiResponse(res, "Failed to get checkout status");
|
|
1614
1618
|
}
|
|
1615
1619
|
};
|
|
1620
|
+
/**
|
|
1621
|
+
* Server-side usage control.
|
|
1622
|
+
*
|
|
1623
|
+
* These endpoints require a secret SPAPS key. Browser clients should call
|
|
1624
|
+
* their own backend, then the backend should authorize before work and record
|
|
1625
|
+
* after work completes.
|
|
1626
|
+
*/
|
|
1627
|
+
usage = {
|
|
1628
|
+
/**
|
|
1629
|
+
* Authorize proposed usage before a downstream job, inference, or action runs.
|
|
1630
|
+
*/
|
|
1631
|
+
authorize: async (payload) => {
|
|
1632
|
+
const res = await this.client.post("/api/usage/authorize", payload);
|
|
1633
|
+
return this.unwrapApiResponse(res, "Failed to authorize usage");
|
|
1634
|
+
},
|
|
1635
|
+
/**
|
|
1636
|
+
* Record immutable usage after work completes.
|
|
1637
|
+
*/
|
|
1638
|
+
record: async (payload) => {
|
|
1639
|
+
const res = await this.client.post("/api/usage/record", payload);
|
|
1640
|
+
return this.unwrapApiResponse(res, "Failed to record usage");
|
|
1641
|
+
}
|
|
1642
|
+
};
|
|
1616
1643
|
// Stripe Methods
|
|
1617
1644
|
async createCheckoutSession(priceId, successUrl, cancelUrl) {
|
|
1618
1645
|
return this.client.post("/api/stripe/create-checkout-session", {
|
|
@@ -1628,14 +1655,11 @@ var SPAPSClient = class _SPAPSClient {
|
|
|
1628
1655
|
await this.client.delete("/api/stripe/subscription");
|
|
1629
1656
|
}
|
|
1630
1657
|
// Usage Methods
|
|
1631
|
-
async
|
|
1632
|
-
return this.
|
|
1658
|
+
async authorizeUsage(payload) {
|
|
1659
|
+
return this.usage.authorize(payload);
|
|
1633
1660
|
}
|
|
1634
|
-
async recordUsage(
|
|
1635
|
-
|
|
1636
|
-
feature,
|
|
1637
|
-
amount
|
|
1638
|
-
});
|
|
1661
|
+
async recordUsage(payload) {
|
|
1662
|
+
return this.usage.record(payload);
|
|
1639
1663
|
}
|
|
1640
1664
|
// Secure Messaging Methods
|
|
1641
1665
|
async createSecureMessage(payload) {
|
|
@@ -2099,6 +2123,7 @@ function detectKeyType(key) {
|
|
|
2099
2123
|
WalletUtils,
|
|
2100
2124
|
WebSocketAuthHelper,
|
|
2101
2125
|
X402PaymentRequiredSDKError,
|
|
2126
|
+
atomicToMoneyUnits,
|
|
2102
2127
|
canAccessAdmin,
|
|
2103
2128
|
createBrowserClient,
|
|
2104
2129
|
createPermissionChecker,
|
|
@@ -2116,9 +2141,12 @@ function detectKeyType(key) {
|
|
|
2116
2141
|
isSuccessEnvelope,
|
|
2117
2142
|
isX402PaymentRequired,
|
|
2118
2143
|
isX402ResourceStatus,
|
|
2144
|
+
moneyUnitsToAtomic,
|
|
2145
|
+
roundHalfToPositiveInfinity,
|
|
2119
2146
|
secureMessageMetadataSchema,
|
|
2120
2147
|
secureMessageSchema,
|
|
2121
2148
|
unwrapEnvelope,
|
|
2122
2149
|
unwrapNestedData,
|
|
2150
|
+
validatePositiveAmountAtomic,
|
|
2123
2151
|
verifyCryptoWebhookSignature
|
|
2124
2152
|
});
|
package/dist/index.mjs
CHANGED
|
@@ -192,7 +192,11 @@ import crypto from "crypto";
|
|
|
192
192
|
import axios from "axios";
|
|
193
193
|
import {
|
|
194
194
|
isX402PaymentRequired,
|
|
195
|
-
isX402ResourceStatus
|
|
195
|
+
isX402ResourceStatus,
|
|
196
|
+
atomicToMoneyUnits,
|
|
197
|
+
moneyUnitsToAtomic,
|
|
198
|
+
roundHalfToPositiveInfinity,
|
|
199
|
+
validatePositiveAmountAtomic
|
|
196
200
|
} from "spaps-types";
|
|
197
201
|
import {
|
|
198
202
|
createSecureMessageRequestSchema,
|
|
@@ -1578,6 +1582,29 @@ var SPAPSClient = class _SPAPSClient {
|
|
|
1578
1582
|
return this.unwrapApiResponse(res, "Failed to get checkout status");
|
|
1579
1583
|
}
|
|
1580
1584
|
};
|
|
1585
|
+
/**
|
|
1586
|
+
* Server-side usage control.
|
|
1587
|
+
*
|
|
1588
|
+
* These endpoints require a secret SPAPS key. Browser clients should call
|
|
1589
|
+
* their own backend, then the backend should authorize before work and record
|
|
1590
|
+
* after work completes.
|
|
1591
|
+
*/
|
|
1592
|
+
usage = {
|
|
1593
|
+
/**
|
|
1594
|
+
* Authorize proposed usage before a downstream job, inference, or action runs.
|
|
1595
|
+
*/
|
|
1596
|
+
authorize: async (payload) => {
|
|
1597
|
+
const res = await this.client.post("/api/usage/authorize", payload);
|
|
1598
|
+
return this.unwrapApiResponse(res, "Failed to authorize usage");
|
|
1599
|
+
},
|
|
1600
|
+
/**
|
|
1601
|
+
* Record immutable usage after work completes.
|
|
1602
|
+
*/
|
|
1603
|
+
record: async (payload) => {
|
|
1604
|
+
const res = await this.client.post("/api/usage/record", payload);
|
|
1605
|
+
return this.unwrapApiResponse(res, "Failed to record usage");
|
|
1606
|
+
}
|
|
1607
|
+
};
|
|
1581
1608
|
// Stripe Methods
|
|
1582
1609
|
async createCheckoutSession(priceId, successUrl, cancelUrl) {
|
|
1583
1610
|
return this.client.post("/api/stripe/create-checkout-session", {
|
|
@@ -1593,14 +1620,11 @@ var SPAPSClient = class _SPAPSClient {
|
|
|
1593
1620
|
await this.client.delete("/api/stripe/subscription");
|
|
1594
1621
|
}
|
|
1595
1622
|
// Usage Methods
|
|
1596
|
-
async
|
|
1597
|
-
return this.
|
|
1623
|
+
async authorizeUsage(payload) {
|
|
1624
|
+
return this.usage.authorize(payload);
|
|
1598
1625
|
}
|
|
1599
|
-
async recordUsage(
|
|
1600
|
-
|
|
1601
|
-
feature,
|
|
1602
|
-
amount
|
|
1603
|
-
});
|
|
1626
|
+
async recordUsage(payload) {
|
|
1627
|
+
return this.usage.record(payload);
|
|
1604
1628
|
}
|
|
1605
1629
|
// Secure Messaging Methods
|
|
1606
1630
|
async createSecureMessage(payload) {
|
|
@@ -2063,6 +2087,7 @@ export {
|
|
|
2063
2087
|
WalletUtils,
|
|
2064
2088
|
WebSocketAuthHelper,
|
|
2065
2089
|
X402PaymentRequiredSDKError,
|
|
2090
|
+
atomicToMoneyUnits,
|
|
2066
2091
|
canAccessAdmin,
|
|
2067
2092
|
createBrowserClient,
|
|
2068
2093
|
createPermissionChecker,
|
|
@@ -2081,9 +2106,12 @@ export {
|
|
|
2081
2106
|
isSuccessEnvelope,
|
|
2082
2107
|
isX402PaymentRequired,
|
|
2083
2108
|
isX402ResourceStatus,
|
|
2109
|
+
moneyUnitsToAtomic,
|
|
2110
|
+
roundHalfToPositiveInfinity,
|
|
2084
2111
|
secureMessageMetadataSchema,
|
|
2085
2112
|
secureMessageSchema,
|
|
2086
2113
|
unwrapEnvelope,
|
|
2087
2114
|
unwrapNestedData,
|
|
2115
|
+
validatePositiveAmountAtomic,
|
|
2088
2116
|
verifyCryptoWebhookSignature
|
|
2089
2117
|
};
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "spaps-sdk",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.10.0",
|
|
4
4
|
"description": "Sweet Potato Authentication & Payment Service SDK - Zero-config client with built-in permission checking, role-based access control, and dayrate scheduling",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -51,7 +51,7 @@
|
|
|
51
51
|
"dependencies": {
|
|
52
52
|
"axios": "^1.15.1",
|
|
53
53
|
"cross-fetch": "^4.0.0",
|
|
54
|
-
"spaps-types": "^1.
|
|
54
|
+
"spaps-types": "^1.3.0"
|
|
55
55
|
},
|
|
56
56
|
"devDependencies": {
|
|
57
57
|
"@types/node": "^20.10.0",
|