spaps-sdk 1.9.0 → 1.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +52 -1
- package/dist/index.d.mts +21 -6
- package/dist/index.d.ts +21 -6
- package/dist/index.js +27 -7
- package/dist/index.mjs +27 -7
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -23,7 +23,7 @@ This package targets `Node.js >=14`.
|
|
|
23
23
|
|
|
24
24
|
| Need | Package gives you |
|
|
25
25
|
| --- | --- |
|
|
26
|
-
| One client for many SPAPS surfaces | `auth`, `payments`, `sessions`, `secureMessages`, `issueReporting`, `appLinks`, `email`, `entitlements`, `skillEvals`, `dayrate`, `admin`, and `cfo` namespaces |
|
|
26
|
+
| One client for many SPAPS surfaces | `auth`, `payments`, `sessions`, `secureMessages`, `issueReporting`, `appLinks`, `email`, `entitlements`, `usage`, `skillEvals`, `dayrate`, `admin`, and `cfo` namespaces |
|
|
27
27
|
| Local development without extra config | Localhost URLs automatically enable local mode |
|
|
28
28
|
| Browser and server usage | `publishableKey`, `secretKey`, or legacy `apiKey` support |
|
|
29
29
|
| Shared contracts | Re-exports a large slice of `spaps-types` |
|
|
@@ -88,6 +88,7 @@ Relevant environment variables:
|
|
|
88
88
|
| `appLinks` | Authenticated create and public resolve helpers for application-scoped short links |
|
|
89
89
|
| `email` | Template lookup, preview, and send helpers |
|
|
90
90
|
| `entitlements` | User and resource entitlement queries |
|
|
91
|
+
| `usage` | Secret-key usage authorization and immutable usage recording |
|
|
91
92
|
| `skillEvals` | Paid blind skill-eval cases, review rooms, reviewer marks, insight inboxes, and controlled reveal |
|
|
92
93
|
| `dayrate` | Availability, Stripe booking, x402 booking-hold, and checkout-status helpers |
|
|
93
94
|
| `admin` | Product and pricing admin helpers |
|
|
@@ -144,6 +145,56 @@ const link = await spaps.appLinks.create({
|
|
|
144
145
|
console.log(`/${link.app_slug}/${link.username}/${link.slug}`);
|
|
145
146
|
```
|
|
146
147
|
|
|
148
|
+
### Server-Side Usage Control
|
|
149
|
+
|
|
150
|
+
Use `usage` from a trusted backend with a secret key. Browser apps should call
|
|
151
|
+
their own backend first; that backend asks SPAPS to authorize the work, performs
|
|
152
|
+
the work only on an allow or warning decision, then records the actual usage
|
|
153
|
+
with a stable idempotency key.
|
|
154
|
+
|
|
155
|
+
```ts
|
|
156
|
+
const spaps = new SPAPSClient({
|
|
157
|
+
apiUrl: "https://api.example.test",
|
|
158
|
+
secretKey: process.env.SPAPS_SECRET_KEY,
|
|
159
|
+
});
|
|
160
|
+
|
|
161
|
+
const authorization = await spaps.usage.authorize({
|
|
162
|
+
feature_key: "assistant_tokens",
|
|
163
|
+
resource_type: "company",
|
|
164
|
+
resource_id: "company_123",
|
|
165
|
+
subject_user_id: "user_123",
|
|
166
|
+
dimensions: {
|
|
167
|
+
requests: 1,
|
|
168
|
+
input_tokens: 1200,
|
|
169
|
+
},
|
|
170
|
+
});
|
|
171
|
+
|
|
172
|
+
if (authorization.decision === "blocked") {
|
|
173
|
+
throw new Error(authorization.reasons[0]?.message || "Usage not authorized");
|
|
174
|
+
}
|
|
175
|
+
|
|
176
|
+
const result = await runAssistantJob();
|
|
177
|
+
|
|
178
|
+
await spaps.usage.record({
|
|
179
|
+
authorization_ref: authorization.authorization_ref,
|
|
180
|
+
idempotency_key: result.jobId,
|
|
181
|
+
feature_key: "assistant_tokens",
|
|
182
|
+
resource_type: "company",
|
|
183
|
+
resource_id: "company_123",
|
|
184
|
+
subject_user_id: "user_123",
|
|
185
|
+
dimensions: {
|
|
186
|
+
input_tokens: result.inputTokens,
|
|
187
|
+
output_tokens: result.outputTokens,
|
|
188
|
+
},
|
|
189
|
+
metadata: {
|
|
190
|
+
job_id: result.jobId,
|
|
191
|
+
},
|
|
192
|
+
});
|
|
193
|
+
```
|
|
194
|
+
|
|
195
|
+
The legacy `/api/usage/features` and `/api/usage/history` routes remain
|
|
196
|
+
not-implemented stubs and are not exposed through this SDK namespace.
|
|
197
|
+
|
|
147
198
|
### Skill Evals
|
|
148
199
|
|
|
149
200
|
Use `skillEvals` for SPAPS-owned blind review of agent-skill logs. Paid creation uses the same `PAYMENT-SIGNATURE` header shape as the x402 namespace. Reviewers submit `valuable` and `not_valuable` marks, and submitters read those marks through an insight inbox before applying skill changes.
|
package/dist/index.d.mts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import * as spaps_types from 'spaps-types';
|
|
2
|
-
import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse,
|
|
3
|
-
export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest,
|
|
2
|
+
import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
|
|
3
|
+
export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* Permission checking utilities for SPAPS SDK
|
|
@@ -1091,6 +1091,23 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
|
|
|
1091
1091
|
*/
|
|
1092
1092
|
getCheckoutStatus: (sessionId: string) => Promise<DayrateCheckoutStatusResponse>;
|
|
1093
1093
|
};
|
|
1094
|
+
/**
|
|
1095
|
+
* Server-side usage control.
|
|
1096
|
+
*
|
|
1097
|
+
* These endpoints require a secret SPAPS key. Browser clients should call
|
|
1098
|
+
* their own backend, then the backend should authorize before work and record
|
|
1099
|
+
* after work completes.
|
|
1100
|
+
*/
|
|
1101
|
+
usage: {
|
|
1102
|
+
/**
|
|
1103
|
+
* Authorize proposed usage before a downstream job, inference, or action runs.
|
|
1104
|
+
*/
|
|
1105
|
+
authorize: (payload: UsageControlAuthorizeRequest) => Promise<UsageControlAuthorizeResponse>;
|
|
1106
|
+
/**
|
|
1107
|
+
* Record immutable usage after work completes.
|
|
1108
|
+
*/
|
|
1109
|
+
record: (payload: UsageControlRecordRequest) => Promise<UsageControlRecordResponse>;
|
|
1110
|
+
};
|
|
1094
1111
|
createCheckoutSession(priceId: string, successUrl: string, cancelUrl?: string): Promise<{
|
|
1095
1112
|
data: CheckoutSession;
|
|
1096
1113
|
}>;
|
|
@@ -1098,10 +1115,8 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
|
|
|
1098
1115
|
data: Subscription;
|
|
1099
1116
|
}>;
|
|
1100
1117
|
cancelSubscription(): Promise<void>;
|
|
1101
|
-
|
|
1102
|
-
|
|
1103
|
-
}>;
|
|
1104
|
-
recordUsage(feature: string, amount: number): Promise<void>;
|
|
1118
|
+
authorizeUsage(payload: UsageControlAuthorizeRequest): Promise<UsageControlAuthorizeResponse>;
|
|
1119
|
+
recordUsage(payload: UsageControlRecordRequest): Promise<UsageControlRecordResponse>;
|
|
1105
1120
|
private createSecureMessage;
|
|
1106
1121
|
private listSecureMessages;
|
|
1107
1122
|
/**
|
package/dist/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import * as spaps_types from 'spaps-types';
|
|
2
|
-
import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse,
|
|
3
|
-
export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest,
|
|
2
|
+
import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
|
|
3
|
+
export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* Permission checking utilities for SPAPS SDK
|
|
@@ -1091,6 +1091,23 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
|
|
|
1091
1091
|
*/
|
|
1092
1092
|
getCheckoutStatus: (sessionId: string) => Promise<DayrateCheckoutStatusResponse>;
|
|
1093
1093
|
};
|
|
1094
|
+
/**
|
|
1095
|
+
* Server-side usage control.
|
|
1096
|
+
*
|
|
1097
|
+
* These endpoints require a secret SPAPS key. Browser clients should call
|
|
1098
|
+
* their own backend, then the backend should authorize before work and record
|
|
1099
|
+
* after work completes.
|
|
1100
|
+
*/
|
|
1101
|
+
usage: {
|
|
1102
|
+
/**
|
|
1103
|
+
* Authorize proposed usage before a downstream job, inference, or action runs.
|
|
1104
|
+
*/
|
|
1105
|
+
authorize: (payload: UsageControlAuthorizeRequest) => Promise<UsageControlAuthorizeResponse>;
|
|
1106
|
+
/**
|
|
1107
|
+
* Record immutable usage after work completes.
|
|
1108
|
+
*/
|
|
1109
|
+
record: (payload: UsageControlRecordRequest) => Promise<UsageControlRecordResponse>;
|
|
1110
|
+
};
|
|
1094
1111
|
createCheckoutSession(priceId: string, successUrl: string, cancelUrl?: string): Promise<{
|
|
1095
1112
|
data: CheckoutSession;
|
|
1096
1113
|
}>;
|
|
@@ -1098,10 +1115,8 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
|
|
|
1098
1115
|
data: Subscription;
|
|
1099
1116
|
}>;
|
|
1100
1117
|
cancelSubscription(): Promise<void>;
|
|
1101
|
-
|
|
1102
|
-
|
|
1103
|
-
}>;
|
|
1104
|
-
recordUsage(feature: string, amount: number): Promise<void>;
|
|
1118
|
+
authorizeUsage(payload: UsageControlAuthorizeRequest): Promise<UsageControlAuthorizeResponse>;
|
|
1119
|
+
recordUsage(payload: UsageControlRecordRequest): Promise<UsageControlRecordResponse>;
|
|
1105
1120
|
private createSecureMessage;
|
|
1106
1121
|
private listSecureMessages;
|
|
1107
1122
|
/**
|
package/dist/index.js
CHANGED
|
@@ -1617,6 +1617,29 @@ var SPAPSClient = class _SPAPSClient {
|
|
|
1617
1617
|
return this.unwrapApiResponse(res, "Failed to get checkout status");
|
|
1618
1618
|
}
|
|
1619
1619
|
};
|
|
1620
|
+
/**
|
|
1621
|
+
* Server-side usage control.
|
|
1622
|
+
*
|
|
1623
|
+
* These endpoints require a secret SPAPS key. Browser clients should call
|
|
1624
|
+
* their own backend, then the backend should authorize before work and record
|
|
1625
|
+
* after work completes.
|
|
1626
|
+
*/
|
|
1627
|
+
usage = {
|
|
1628
|
+
/**
|
|
1629
|
+
* Authorize proposed usage before a downstream job, inference, or action runs.
|
|
1630
|
+
*/
|
|
1631
|
+
authorize: async (payload) => {
|
|
1632
|
+
const res = await this.client.post("/api/usage/authorize", payload);
|
|
1633
|
+
return this.unwrapApiResponse(res, "Failed to authorize usage");
|
|
1634
|
+
},
|
|
1635
|
+
/**
|
|
1636
|
+
* Record immutable usage after work completes.
|
|
1637
|
+
*/
|
|
1638
|
+
record: async (payload) => {
|
|
1639
|
+
const res = await this.client.post("/api/usage/record", payload);
|
|
1640
|
+
return this.unwrapApiResponse(res, "Failed to record usage");
|
|
1641
|
+
}
|
|
1642
|
+
};
|
|
1620
1643
|
// Stripe Methods
|
|
1621
1644
|
async createCheckoutSession(priceId, successUrl, cancelUrl) {
|
|
1622
1645
|
return this.client.post("/api/stripe/create-checkout-session", {
|
|
@@ -1632,14 +1655,11 @@ var SPAPSClient = class _SPAPSClient {
|
|
|
1632
1655
|
await this.client.delete("/api/stripe/subscription");
|
|
1633
1656
|
}
|
|
1634
1657
|
// Usage Methods
|
|
1635
|
-
async
|
|
1636
|
-
return this.
|
|
1658
|
+
async authorizeUsage(payload) {
|
|
1659
|
+
return this.usage.authorize(payload);
|
|
1637
1660
|
}
|
|
1638
|
-
async recordUsage(
|
|
1639
|
-
|
|
1640
|
-
feature,
|
|
1641
|
-
amount
|
|
1642
|
-
});
|
|
1661
|
+
async recordUsage(payload) {
|
|
1662
|
+
return this.usage.record(payload);
|
|
1643
1663
|
}
|
|
1644
1664
|
// Secure Messaging Methods
|
|
1645
1665
|
async createSecureMessage(payload) {
|
package/dist/index.mjs
CHANGED
|
@@ -1582,6 +1582,29 @@ var SPAPSClient = class _SPAPSClient {
|
|
|
1582
1582
|
return this.unwrapApiResponse(res, "Failed to get checkout status");
|
|
1583
1583
|
}
|
|
1584
1584
|
};
|
|
1585
|
+
/**
|
|
1586
|
+
* Server-side usage control.
|
|
1587
|
+
*
|
|
1588
|
+
* These endpoints require a secret SPAPS key. Browser clients should call
|
|
1589
|
+
* their own backend, then the backend should authorize before work and record
|
|
1590
|
+
* after work completes.
|
|
1591
|
+
*/
|
|
1592
|
+
usage = {
|
|
1593
|
+
/**
|
|
1594
|
+
* Authorize proposed usage before a downstream job, inference, or action runs.
|
|
1595
|
+
*/
|
|
1596
|
+
authorize: async (payload) => {
|
|
1597
|
+
const res = await this.client.post("/api/usage/authorize", payload);
|
|
1598
|
+
return this.unwrapApiResponse(res, "Failed to authorize usage");
|
|
1599
|
+
},
|
|
1600
|
+
/**
|
|
1601
|
+
* Record immutable usage after work completes.
|
|
1602
|
+
*/
|
|
1603
|
+
record: async (payload) => {
|
|
1604
|
+
const res = await this.client.post("/api/usage/record", payload);
|
|
1605
|
+
return this.unwrapApiResponse(res, "Failed to record usage");
|
|
1606
|
+
}
|
|
1607
|
+
};
|
|
1585
1608
|
// Stripe Methods
|
|
1586
1609
|
async createCheckoutSession(priceId, successUrl, cancelUrl) {
|
|
1587
1610
|
return this.client.post("/api/stripe/create-checkout-session", {
|
|
@@ -1597,14 +1620,11 @@ var SPAPSClient = class _SPAPSClient {
|
|
|
1597
1620
|
await this.client.delete("/api/stripe/subscription");
|
|
1598
1621
|
}
|
|
1599
1622
|
// Usage Methods
|
|
1600
|
-
async
|
|
1601
|
-
return this.
|
|
1623
|
+
async authorizeUsage(payload) {
|
|
1624
|
+
return this.usage.authorize(payload);
|
|
1602
1625
|
}
|
|
1603
|
-
async recordUsage(
|
|
1604
|
-
|
|
1605
|
-
feature,
|
|
1606
|
-
amount
|
|
1607
|
-
});
|
|
1626
|
+
async recordUsage(payload) {
|
|
1627
|
+
return this.usage.record(payload);
|
|
1608
1628
|
}
|
|
1609
1629
|
// Secure Messaging Methods
|
|
1610
1630
|
async createSecureMessage(payload) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "spaps-sdk",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.10.0",
|
|
4
4
|
"description": "Sweet Potato Authentication & Payment Service SDK - Zero-config client with built-in permission checking, role-based access control, and dayrate scheduling",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -51,7 +51,7 @@
|
|
|
51
51
|
"dependencies": {
|
|
52
52
|
"axios": "^1.15.1",
|
|
53
53
|
"cross-fetch": "^4.0.0",
|
|
54
|
-
"spaps-types": "^1.
|
|
54
|
+
"spaps-types": "^1.3.0"
|
|
55
55
|
},
|
|
56
56
|
"devDependencies": {
|
|
57
57
|
"@types/node": "^20.10.0",
|