spaps-sdk 1.9.0 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -23,7 +23,7 @@ This package targets `Node.js >=14`.
23
23
 
24
24
  | Need | Package gives you |
25
25
  | --- | --- |
26
- | One client for many SPAPS surfaces | `auth`, `payments`, `sessions`, `secureMessages`, `issueReporting`, `appLinks`, `email`, `entitlements`, `skillEvals`, `dayrate`, `admin`, and `cfo` namespaces |
26
+ | One client for many SPAPS surfaces | `auth`, `payments`, `sessions`, `secureMessages`, `issueReporting`, `appLinks`, `email`, `entitlements`, `usage`, `skillEvals`, `dayrate`, `admin`, and `cfo` namespaces |
27
27
  | Local development without extra config | Localhost URLs automatically enable local mode |
28
28
  | Browser and server usage | `publishableKey`, `secretKey`, or legacy `apiKey` support |
29
29
  | Shared contracts | Re-exports a large slice of `spaps-types` |
@@ -88,6 +88,7 @@ Relevant environment variables:
88
88
  | `appLinks` | Authenticated create and public resolve helpers for application-scoped short links |
89
89
  | `email` | Template lookup, preview, and send helpers |
90
90
  | `entitlements` | User and resource entitlement queries |
91
+ | `usage` | Secret-key usage authorization and immutable usage recording |
91
92
  | `skillEvals` | Paid blind skill-eval cases, review rooms, reviewer marks, insight inboxes, and controlled reveal |
92
93
  | `dayrate` | Availability, Stripe booking, x402 booking-hold, and checkout-status helpers |
93
94
  | `admin` | Product and pricing admin helpers |
@@ -144,6 +145,56 @@ const link = await spaps.appLinks.create({
144
145
  console.log(`/${link.app_slug}/${link.username}/${link.slug}`);
145
146
  ```
146
147
 
148
+ ### Server-Side Usage Control
149
+
150
+ Use `usage` from a trusted backend with a secret key. Browser apps should call
151
+ their own backend first; that backend asks SPAPS to authorize the work, performs
152
+ the work only on an allow or warning decision, then records the actual usage
153
+ with a stable idempotency key.
154
+
155
+ ```ts
156
+ const spaps = new SPAPSClient({
157
+ apiUrl: "https://api.example.test",
158
+ secretKey: process.env.SPAPS_SECRET_KEY,
159
+ });
160
+
161
+ const authorization = await spaps.usage.authorize({
162
+ feature_key: "assistant_tokens",
163
+ resource_type: "company",
164
+ resource_id: "company_123",
165
+ subject_user_id: "user_123",
166
+ dimensions: {
167
+ requests: 1,
168
+ input_tokens: 1200,
169
+ },
170
+ });
171
+
172
+ if (authorization.decision === "blocked") {
173
+ throw new Error(authorization.reasons[0]?.message || "Usage not authorized");
174
+ }
175
+
176
+ const result = await runAssistantJob();
177
+
178
+ await spaps.usage.record({
179
+ authorization_ref: authorization.authorization_ref,
180
+ idempotency_key: result.jobId,
181
+ feature_key: "assistant_tokens",
182
+ resource_type: "company",
183
+ resource_id: "company_123",
184
+ subject_user_id: "user_123",
185
+ dimensions: {
186
+ input_tokens: result.inputTokens,
187
+ output_tokens: result.outputTokens,
188
+ },
189
+ metadata: {
190
+ job_id: result.jobId,
191
+ },
192
+ });
193
+ ```
194
+
195
+ The legacy `/api/usage/features` and `/api/usage/history` routes remain
196
+ not-implemented stubs and are not exposed through this SDK namespace.
197
+
147
198
  ### Skill Evals
148
199
 
149
200
  Use `skillEvals` for SPAPS-owned blind review of agent-skill logs. Paid creation uses the same `PAYMENT-SIGNATURE` header shape as the x402 namespace. Reviewers submit `valuable` and `not_valuable` marks, and submitters read those marks through an insight inbox before applying skill changes.
package/dist/index.d.mts CHANGED
@@ -1,6 +1,6 @@
1
1
  import * as spaps_types from 'spaps-types';
2
- import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, Subscription, UsageBalance, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
- export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest, UsageBalance, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
2
+ import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
+ export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
4
4
 
5
5
  /**
6
6
  * Permission checking utilities for SPAPS SDK
@@ -1091,6 +1091,23 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1091
1091
  */
1092
1092
  getCheckoutStatus: (sessionId: string) => Promise<DayrateCheckoutStatusResponse>;
1093
1093
  };
1094
+ /**
1095
+ * Server-side usage control.
1096
+ *
1097
+ * These endpoints require a secret SPAPS key. Browser clients should call
1098
+ * their own backend, then the backend should authorize before work and record
1099
+ * after work completes.
1100
+ */
1101
+ usage: {
1102
+ /**
1103
+ * Authorize proposed usage before a downstream job, inference, or action runs.
1104
+ */
1105
+ authorize: (payload: UsageControlAuthorizeRequest) => Promise<UsageControlAuthorizeResponse>;
1106
+ /**
1107
+ * Record immutable usage after work completes.
1108
+ */
1109
+ record: (payload: UsageControlRecordRequest) => Promise<UsageControlRecordResponse>;
1110
+ };
1094
1111
  createCheckoutSession(priceId: string, successUrl: string, cancelUrl?: string): Promise<{
1095
1112
  data: CheckoutSession;
1096
1113
  }>;
@@ -1098,10 +1115,8 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1098
1115
  data: Subscription;
1099
1116
  }>;
1100
1117
  cancelSubscription(): Promise<void>;
1101
- getUsageBalance(): Promise<{
1102
- data: UsageBalance;
1103
- }>;
1104
- recordUsage(feature: string, amount: number): Promise<void>;
1118
+ authorizeUsage(payload: UsageControlAuthorizeRequest): Promise<UsageControlAuthorizeResponse>;
1119
+ recordUsage(payload: UsageControlRecordRequest): Promise<UsageControlRecordResponse>;
1105
1120
  private createSecureMessage;
1106
1121
  private listSecureMessages;
1107
1122
  /**
package/dist/index.d.ts CHANGED
@@ -1,6 +1,6 @@
1
1
  import * as spaps_types from 'spaps-types';
2
- import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, Subscription, UsageBalance, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
- export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest, UsageBalance, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
2
+ import { ResourceType, Entitlement, CreateProductRequest, Product, UpdateProductRequest, CreatePriceRequest, Price, ProductSyncResult, CryptoReconcileRequest, CreateSecureMessageRequest, SecureMessage, IssueReportScope, IssueReportStatusResult, IssueReportStatus, IssueReportListResult, IssueReport, CreateIssueReportRequest, IssueReportingVoiceTokenResult, UpdateIssueReportRequest, ReplyIssueReportRequest, CreateAppLinkRequest, AppLink, AuthResponse, User as User$1, CreateCryptoInvoiceRequest, CryptoInvoiceStatusSnapshot, CheckoutSession, X402ResourceStatusResponse, X402ActionResponse, X402ReceiptResponse, X402ReceiptListResponse, X402HandoffVerification, DayrateAvailabilityResponse, DayrateBookingRequest, DayrateBookingResponse, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayrateX402BookingRequest, DayrateX402BookingResponse, DayrateCheckoutStatusResponse, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlRecordRequest, UsageControlRecordResponse, Subscription, VerifyCryptoWebhookSignatureOptions } from 'spaps-types';
3
+ export { AdminPermission, AdminRole, AdminUser, ApiResponse, AppLink, AuthResponse, CheckoutSession, CreateAppLinkRequest, CreateCryptoInvoiceRequest, CreateIssueReportRequest, CreatePriceRequest, CreateProductRequest, CreateSecureMessageInput, CreateSecureMessageRequest, CryptoInvoice, CryptoInvoiceResponse, CryptoInvoiceStatusSnapshot, CryptoReconcileRequest, DayrateAvailabilityResponse, DayrateAvailableSlot, DayrateBookingRequest, DayrateBookingResponse, DayrateCheckoutStatus, DayrateCheckoutStatusBooking, DayrateCheckoutStatusResponse, DayrateDayOfWeek, DayrateMultiBookingRequest, DayrateMultiBookingResponse, DayratePriceBreakdown, DayrateSlotType, DayrateX402BookingRequest, DayrateX402BookingResponse, Entitlement, IssueReport, IssueReportListResult, IssueReportStatus, IssueReportStatusResult, IssueReportTarget, IssueReportingInputMode, IssueReportingVoiceProvider, IssueReportingVoiceTokenResult, LinkedIssueReportCase, Price, Product, ProductSyncResult, ReplyIssueReportRequest, ResourceType, SecureMessage, SecureMessageOutput, Subscription, TokenPair, UpdateIssueReportRequest, UpdateProductRequest, UsageControlAuthorizeRequest, UsageControlAuthorizeResponse, UsageControlDecision, UsageControlDimensions, UsageControlError, UsageControlErrorCode, UsageControlLedgerEvent, UsageControlRecordRequest, UsageControlRecordResponse, UsageControlRecordStatus, User, UserProfile, UserRole, UserWallet, VerifyCryptoWebhookSignatureOptions, X402ActionFreeResponse, X402ActionOutcome, X402ActionPendingResponse, X402ActionReplayedResponse, X402ActionResponse, X402ActionSettledResponse, X402ExecuteActionRequest, X402HandoffAuthorization, X402HandoffVerification, X402HandoffVerifyRequest, X402PaymentAccept, X402PaymentRequirement, X402ProjectionStatus, X402Receipt, X402ReceiptListResponse, X402ReceiptResponse, X402ReceiptStatus, X402Resource, X402ResourceStatus, X402ResourceStatusResponse, atomicToMoneyUnits, createSecureMessageRequestSchema, isX402PaymentRequired, isX402ResourceStatus, moneyUnitsToAtomic, roundHalfToPositiveInfinity, secureMessageMetadataSchema, secureMessageSchema, validatePositiveAmountAtomic } from 'spaps-types';
4
4
 
5
5
  /**
6
6
  * Permission checking utilities for SPAPS SDK
@@ -1091,6 +1091,23 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1091
1091
  */
1092
1092
  getCheckoutStatus: (sessionId: string) => Promise<DayrateCheckoutStatusResponse>;
1093
1093
  };
1094
+ /**
1095
+ * Server-side usage control.
1096
+ *
1097
+ * These endpoints require a secret SPAPS key. Browser clients should call
1098
+ * their own backend, then the backend should authorize before work and record
1099
+ * after work completes.
1100
+ */
1101
+ usage: {
1102
+ /**
1103
+ * Authorize proposed usage before a downstream job, inference, or action runs.
1104
+ */
1105
+ authorize: (payload: UsageControlAuthorizeRequest) => Promise<UsageControlAuthorizeResponse>;
1106
+ /**
1107
+ * Record immutable usage after work completes.
1108
+ */
1109
+ record: (payload: UsageControlRecordRequest) => Promise<UsageControlRecordResponse>;
1110
+ };
1094
1111
  createCheckoutSession(priceId: string, successUrl: string, cancelUrl?: string): Promise<{
1095
1112
  data: CheckoutSession;
1096
1113
  }>;
@@ -1098,10 +1115,8 @@ declare class SPAPSClient<SecureMessageMetadata extends Record<string, any> = Re
1098
1115
  data: Subscription;
1099
1116
  }>;
1100
1117
  cancelSubscription(): Promise<void>;
1101
- getUsageBalance(): Promise<{
1102
- data: UsageBalance;
1103
- }>;
1104
- recordUsage(feature: string, amount: number): Promise<void>;
1118
+ authorizeUsage(payload: UsageControlAuthorizeRequest): Promise<UsageControlAuthorizeResponse>;
1119
+ recordUsage(payload: UsageControlRecordRequest): Promise<UsageControlRecordResponse>;
1105
1120
  private createSecureMessage;
1106
1121
  private listSecureMessages;
1107
1122
  /**
package/dist/index.js CHANGED
@@ -1617,6 +1617,29 @@ var SPAPSClient = class _SPAPSClient {
1617
1617
  return this.unwrapApiResponse(res, "Failed to get checkout status");
1618
1618
  }
1619
1619
  };
1620
+ /**
1621
+ * Server-side usage control.
1622
+ *
1623
+ * These endpoints require a secret SPAPS key. Browser clients should call
1624
+ * their own backend, then the backend should authorize before work and record
1625
+ * after work completes.
1626
+ */
1627
+ usage = {
1628
+ /**
1629
+ * Authorize proposed usage before a downstream job, inference, or action runs.
1630
+ */
1631
+ authorize: async (payload) => {
1632
+ const res = await this.client.post("/api/usage/authorize", payload);
1633
+ return this.unwrapApiResponse(res, "Failed to authorize usage");
1634
+ },
1635
+ /**
1636
+ * Record immutable usage after work completes.
1637
+ */
1638
+ record: async (payload) => {
1639
+ const res = await this.client.post("/api/usage/record", payload);
1640
+ return this.unwrapApiResponse(res, "Failed to record usage");
1641
+ }
1642
+ };
1620
1643
  // Stripe Methods
1621
1644
  async createCheckoutSession(priceId, successUrl, cancelUrl) {
1622
1645
  return this.client.post("/api/stripe/create-checkout-session", {
@@ -1632,14 +1655,11 @@ var SPAPSClient = class _SPAPSClient {
1632
1655
  await this.client.delete("/api/stripe/subscription");
1633
1656
  }
1634
1657
  // Usage Methods
1635
- async getUsageBalance() {
1636
- return this.client.get("/api/usage/balance");
1658
+ async authorizeUsage(payload) {
1659
+ return this.usage.authorize(payload);
1637
1660
  }
1638
- async recordUsage(feature, amount) {
1639
- await this.client.post("/api/usage/record", {
1640
- feature,
1641
- amount
1642
- });
1661
+ async recordUsage(payload) {
1662
+ return this.usage.record(payload);
1643
1663
  }
1644
1664
  // Secure Messaging Methods
1645
1665
  async createSecureMessage(payload) {
package/dist/index.mjs CHANGED
@@ -1582,6 +1582,29 @@ var SPAPSClient = class _SPAPSClient {
1582
1582
  return this.unwrapApiResponse(res, "Failed to get checkout status");
1583
1583
  }
1584
1584
  };
1585
+ /**
1586
+ * Server-side usage control.
1587
+ *
1588
+ * These endpoints require a secret SPAPS key. Browser clients should call
1589
+ * their own backend, then the backend should authorize before work and record
1590
+ * after work completes.
1591
+ */
1592
+ usage = {
1593
+ /**
1594
+ * Authorize proposed usage before a downstream job, inference, or action runs.
1595
+ */
1596
+ authorize: async (payload) => {
1597
+ const res = await this.client.post("/api/usage/authorize", payload);
1598
+ return this.unwrapApiResponse(res, "Failed to authorize usage");
1599
+ },
1600
+ /**
1601
+ * Record immutable usage after work completes.
1602
+ */
1603
+ record: async (payload) => {
1604
+ const res = await this.client.post("/api/usage/record", payload);
1605
+ return this.unwrapApiResponse(res, "Failed to record usage");
1606
+ }
1607
+ };
1585
1608
  // Stripe Methods
1586
1609
  async createCheckoutSession(priceId, successUrl, cancelUrl) {
1587
1610
  return this.client.post("/api/stripe/create-checkout-session", {
@@ -1597,14 +1620,11 @@ var SPAPSClient = class _SPAPSClient {
1597
1620
  await this.client.delete("/api/stripe/subscription");
1598
1621
  }
1599
1622
  // Usage Methods
1600
- async getUsageBalance() {
1601
- return this.client.get("/api/usage/balance");
1623
+ async authorizeUsage(payload) {
1624
+ return this.usage.authorize(payload);
1602
1625
  }
1603
- async recordUsage(feature, amount) {
1604
- await this.client.post("/api/usage/record", {
1605
- feature,
1606
- amount
1607
- });
1626
+ async recordUsage(payload) {
1627
+ return this.usage.record(payload);
1608
1628
  }
1609
1629
  // Secure Messaging Methods
1610
1630
  async createSecureMessage(payload) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "spaps-sdk",
3
- "version": "1.9.0",
3
+ "version": "1.10.0",
4
4
  "description": "Sweet Potato Authentication & Payment Service SDK - Zero-config client with built-in permission checking, role-based access control, and dayrate scheduling",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -51,7 +51,7 @@
51
51
  "dependencies": {
52
52
  "axios": "^1.15.1",
53
53
  "cross-fetch": "^4.0.0",
54
- "spaps-types": "^1.2.0"
54
+ "spaps-types": "^1.3.0"
55
55
  },
56
56
  "devDependencies": {
57
57
  "@types/node": "^20.10.0",