npm - vessels-sdk - Versions diffs - 0.3.0 → 0.4.1 - Mend

vessels-sdk 0.3.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # vessels-sdk
-Node.js SDK for [Vessels](https://vessels-two.vercel.app) — let your agent reach you.
+Node.js SDK for [Vessels](https://vessels.app) — let your agent reach you.
 Vessels is the communication layer between AI agents and their human operators. Your agent pushes structured messages to a vessel; the human responds via the web or mobile app; your agent receives the answer via polling or webhooks.
@@ -38,7 +38,7 @@ const { messageId, vesselId } = await vessels.push({
 });
 ```
-Get your API key from Settings → API Keys in the [Vessels app](https://vessels-two.vercel.app), or via the CLI:
+Get your API key from Settings → API Keys in the [Vessels app](https://vessels.app), or via the CLI:
 ```bash
 npm install -g vessels
@@ -55,7 +55,7 @@ vessels keys create
 | Option | Type | Default | Description |
 |--------|------|---------|-------------|
 | `apiKey` | `string` | required | Your `vsl_` prefixed API key |
-| `baseUrl` | `string` | `https://vessels-two.vercel.app` | Override for local dev or self-hosted |
+| `baseUrl` | `string` | `https://vessels.app` | Override for local dev or self-hosted |
 ---
@@ -469,7 +469,7 @@ import type {
 ## Links
-- Dashboard: [https://vessels-two.vercel.app](https://vessels-two.vercel.app)
-- Full integration reference: [https://vessels-two.vercel.app/docs](https://vessels-two.vercel.app/docs)
+- Dashboard: [https://vessels.app](https://vessels.app)
+- Full integration reference: [https://vessels.app/docs](https://vessels.app/docs)
 - CLI: `npm install -g vessels`
 - npm: [https://www.npmjs.com/package/vessels-sdk](https://www.npmjs.com/package/vessels-sdk)

package/dist/index.cjs CHANGED Viewed

@@ -1,7 +1,5 @@
 'use strict';
-var crypto = require('crypto');
 // src/index.ts
 var AgentActivityTypes = {
   thinking: "thinking",
@@ -38,7 +36,7 @@ var Vessels = class {
   _debug;
   constructor(config) {
     this.apiKey = config.apiKey;
-    this.baseUrl = config.baseUrl?.replace(/\/$/, "") ?? "https://vessels-two.vercel.app";
+    this.baseUrl = config.baseUrl?.replace(/\/$/, "") ?? "https://vessels.app";
     this._debug = config.debug ?? false;
   }
   async _fetch(url, init) {
@@ -189,16 +187,27 @@ var Vessels = class {
   // body: raw request body string (before JSON.parse)
   // signature: X-Vessels-Signature header value
   // webhookSecret: the secret shown when you created the webhook endpoint in Settings
-  verifyWebhook(body, signature, webhookSecret) {
+  async verifyWebhook(body, signature, webhookSecret) {
     if (!signature.startsWith("sha256=")) return false;
-    const expected = crypto.createHmac("sha256", webhookSecret).update(body).digest("hex");
-    const received = signature.slice(7);
-    if (expected.length !== received.length) return false;
-    let diff = 0;
-    for (let i = 0; i < expected.length; i++) {
-      diff |= expected.charCodeAt(i) ^ received.charCodeAt(i);
+    try {
+      const enc = new TextEncoder();
+      const hexSig = signature.slice(7);
+      if (hexSig.length % 2 !== 0) return false;
+      const sigBytes = new Uint8Array(hexSig.length / 2);
+      for (let i = 0; i < sigBytes.length; i++) {
+        sigBytes[i] = parseInt(hexSig.slice(i * 2, i * 2 + 2), 16);
+      }
+      const key = await globalThis.crypto.subtle.importKey(
+        "raw",
+        enc.encode(webhookSecret),
+        { name: "HMAC", hash: "SHA-256" },
+        false,
+        ["verify"]
+      );
+      return await globalThis.crypto.subtle.verify("HMAC", key, sigBytes, enc.encode(body));
+    } catch {
+      return false;
     }
-    return diff === 0;
   }
 };

package/dist/index.d.cts CHANGED Viewed

@@ -137,7 +137,7 @@ declare class Vessels {
         metadata?: Record<string, unknown>;
     }): _vessels_types.ConfirmPreviewInteraction;
     poll(options?: PollOptions): Promise<PollResponse>;
-    verifyWebhook(body: string, signature: string, webhookSecret: string): boolean;
+    verifyWebhook(body: string, signature: string, webhookSecret: string): Promise<boolean>;
 }
 export { AgentActivityTypes, type InteractionResponseEvent, type PollEvent, type PollOptions, type PollResponse, type PushManyResult, type PushResponse, type UserMessageEvent, type VesselContext, Vessels, VesselsAuthError, type VesselsConfig, VesselsRateLimitError, VesselsValidationError };

package/dist/index.d.ts CHANGED Viewed

@@ -137,7 +137,7 @@ declare class Vessels {
         metadata?: Record<string, unknown>;
     }): _vessels_types.ConfirmPreviewInteraction;
     poll(options?: PollOptions): Promise<PollResponse>;
-    verifyWebhook(body: string, signature: string, webhookSecret: string): boolean;
+    verifyWebhook(body: string, signature: string, webhookSecret: string): Promise<boolean>;
 }
 export { AgentActivityTypes, type InteractionResponseEvent, type PollEvent, type PollOptions, type PollResponse, type PushManyResult, type PushResponse, type UserMessageEvent, type VesselContext, Vessels, VesselsAuthError, type VesselsConfig, VesselsRateLimitError, VesselsValidationError };

package/dist/index.js CHANGED Viewed

@@ -1,5 +1,3 @@
-import { createHmac } from 'crypto';
 // src/index.ts
 var AgentActivityTypes = {
   thinking: "thinking",
@@ -36,7 +34,7 @@ var Vessels = class {
   _debug;
   constructor(config) {
     this.apiKey = config.apiKey;
-    this.baseUrl = config.baseUrl?.replace(/\/$/, "") ?? "https://vessels-two.vercel.app";
+    this.baseUrl = config.baseUrl?.replace(/\/$/, "") ?? "https://vessels.app";
     this._debug = config.debug ?? false;
   }
   async _fetch(url, init) {
@@ -187,16 +185,27 @@ var Vessels = class {
   // body: raw request body string (before JSON.parse)
   // signature: X-Vessels-Signature header value
   // webhookSecret: the secret shown when you created the webhook endpoint in Settings
-  verifyWebhook(body, signature, webhookSecret) {
+  async verifyWebhook(body, signature, webhookSecret) {
     if (!signature.startsWith("sha256=")) return false;
-    const expected = createHmac("sha256", webhookSecret).update(body).digest("hex");
-    const received = signature.slice(7);
-    if (expected.length !== received.length) return false;
-    let diff = 0;
-    for (let i = 0; i < expected.length; i++) {
-      diff |= expected.charCodeAt(i) ^ received.charCodeAt(i);
+    try {
+      const enc = new TextEncoder();
+      const hexSig = signature.slice(7);
+      if (hexSig.length % 2 !== 0) return false;
+      const sigBytes = new Uint8Array(hexSig.length / 2);
+      for (let i = 0; i < sigBytes.length; i++) {
+        sigBytes[i] = parseInt(hexSig.slice(i * 2, i * 2 + 2), 16);
+      }
+      const key = await globalThis.crypto.subtle.importKey(
+        "raw",
+        enc.encode(webhookSecret),
+        { name: "HMAC", hash: "SHA-256" },
+        false,
+        ["verify"]
+      );
+      return await globalThis.crypto.subtle.verify("HMAC", key, sigBytes, enc.encode(body));
+    } catch {
+      return false;
     }
-    return diff === 0;
   }
 };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "vessels-sdk",
-	"version": "0.3.0",
+	"version": "0.4.1",
 	"description": "Let your agent reach you. Official Vessels SDK.",
 	"type": "module",
 	"exports": {