diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4635677b..01e23a27 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,12 +1,14 @@ name: CI on: push: - branches-ignore: - - 'generated' - - 'codegen/**' - - 'integrated/**' - - 'stl-preview-head/**' - - 'stl-preview-base/**' + branches: + - '**' + - '!integrated/**' + - '!stl-preview-head/**' + - '!stl-preview-base/**' + - '!generated' + - '!codegen/**' + - 'codegen/stl/**' pull_request: branches-ignore: - 'stl-preview-head/**' diff --git a/.github/workflows/publish-npm.yml b/.github/workflows/publish-npm.yml index 0cb165d0..88c82c86 100644 --- a/.github/workflows/publish-npm.yml +++ b/.github/workflows/publish-npm.yml @@ -18,6 +18,7 @@ jobs: runs-on: ubuntu-latest permissions: contents: write + id-token: write steps: - uses: actions/checkout@v6 @@ -39,8 +40,6 @@ jobs: PATHS_RELEASED='[\".\", \"packages/mcp-server\"]' fi yarn tsn scripts/publish-packages.ts "{ \"paths_released\": \"$PATHS_RELEASED\" }" - env: - NPM_TOKEN: ${{ secrets.LITHIC_NPM_TOKEN || secrets.NPM_TOKEN }} - name: Upload MCP Server DXT GitHub release asset run: | diff --git a/.github/workflows/release-doctor.yml b/.github/workflows/release-doctor.yml index 764a1778..3ebabb64 100644 --- a/.github/workflows/release-doctor.yml +++ b/.github/workflows/release-doctor.yml @@ -17,5 +17,3 @@ jobs: - name: Check release environment run: | bash ./bin/check-release-environment - env: - NPM_TOKEN: ${{ secrets.LITHIC_NPM_TOKEN || secrets.NPM_TOKEN }} diff --git a/.release-please-manifest.json b/.release-please-manifest.json index 94e69931..e5452f67 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "0.133.0" + ".": "0.134.0" } diff --git a/.stats.yml b/.stats.yml index 6976609b..b655e630 100644 --- a/.stats.yml +++ b/.stats.yml @@ -1,4 +1,4 @@ configured_endpoints: 190 -openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/lithic%2Flithic-e88a4837037207e9591d48d534bd61acca57ca6e7c59ec0d4fdcf6e05288cc6d.yml -openapi_spec_hash: fd8bbc173d1b6dafd117fb1a3a3d446c -config_hash: 3005e2502301e77754e5e1455584525b +openapi_spec_url: https://storage.googleapis.com/stainless-sdk-openapi-specs/lithic%2Flithic-5bb8d2bedef02f07498de3f252fa6da1393d2fb59f727b05828804cea9aded30.yml +openapi_spec_hash: d1f260252b3bb7ebc77fa7134db6c65d +config_hash: 400b9afe0f7f7b7d96177d05950775f9 diff --git a/CHANGELOG.md b/CHANGELOG.md index 48043068..4f12d030 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,30 @@ # Changelog +## 0.134.0 (2026-03-17) + +Full Changelog: [v0.133.0...v0.134.0](https://github.com/lithic-com/lithic-node/compare/v0.133.0...v0.134.0) + +### Features + +* **api:** add remittance_information field to Payment ([133fe04](https://github.com/lithic-com/lithic-node/commit/133fe04e55a65208567a8056a96f8c5c91a641d1)) + + +### Bug Fixes + +* **types:** make address/dob/email/government_id optional in account-holders ([0966648](https://github.com/lithic-com/lithic-node/commit/0966648a478b19bff02dd8ee63cfa53f8db2454b)) + + +### Chores + +* **internal:** support x-stainless-mcp-client-permissions headers in MCP servers ([f5266e6](https://github.com/lithic-com/lithic-node/commit/f5266e6e139b91a9899b11f700c8ac0ca69b8d70)) +* **internal:** switch npm publishing from token authentication to OIDC ([2831ff1](https://github.com/lithic-com/lithic-node/commit/2831ff1d00c616a9ddac7bf9ea24ebc05cdd367b)) +* **internal:** tweak CI branches ([cb5acc3](https://github.com/lithic-com/lithic-node/commit/cb5acc3a9fe4ac157eb4876aab37345c39600e70)) + + +### Documentation + +* **api:** update supported file types in account holder document uploads ([dd26f0e](https://github.com/lithic-com/lithic-node/commit/dd26f0e7be9459b45b37fb3795c0522a6f1a81fc)) + ## 0.133.0 (2026-03-16) Full Changelog: [v0.132.1...v0.133.0](https://github.com/lithic-com/lithic-node/compare/v0.132.1...v0.133.0) diff --git a/bin/check-release-environment b/bin/check-release-environment index e4b6d58e..6b43775a 100644 --- a/bin/check-release-environment +++ b/bin/check-release-environment @@ -2,10 +2,6 @@ errors=() -if [ -z "${NPM_TOKEN}" ]; then - errors+=("The NPM_TOKEN secret has not been set. Please set it in either this repository's secrets or your organization secrets") -fi - lenErrors=${#errors[@]} if [[ lenErrors -gt 0 ]]; then diff --git a/bin/publish-npm b/bin/publish-npm index 45e8aa80..3d05c0bd 100644 --- a/bin/publish-npm +++ b/bin/publish-npm @@ -2,7 +2,12 @@ set -eux -npm config set '//registry.npmjs.org/:_authToken' "$NPM_TOKEN" +if [[ ${NPM_TOKEN:-} ]]; then + npm config set '//registry.npmjs.org/:_authToken' "$NPM_TOKEN" +elif [[ ! ${ACTIONS_ID_TOKEN_REQUEST_TOKEN:-} ]]; then + echo "ERROR: NPM_TOKEN must be set if not running in a Github Action with id-token permission" + exit 1 +fi yarn build cd dist @@ -57,5 +62,9 @@ else TAG="latest" fi +# Install OIDC compatible npm version +npm install --prefix ../oidc/ npm@11.6.2 + # Publish with the appropriate tag -yarn publish --tag "$TAG" +export npm_config_registry='https://registry.npmjs.org' +../oidc/node_modules/.bin/npm publish --tag "$TAG" diff --git a/package.json b/package.json index d98d0baa..56db2b30 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "lithic", - "version": "0.133.0", + "version": "0.134.0", "description": "The official TypeScript library for the Lithic API", "author": "Lithic ", "types": "dist/index.d.ts", diff --git a/packages/mcp-server/manifest.json b/packages/mcp-server/manifest.json index 8e56cb8d..7b75a840 100644 --- a/packages/mcp-server/manifest.json +++ b/packages/mcp-server/manifest.json @@ -1,7 +1,7 @@ { "dxt_version": "0.2", "name": "lithic-mcp", - "version": "0.133.0", + "version": "0.134.0", "description": "The official MCP Server for the Lithic API", "author": { "name": "Lithic", diff --git a/packages/mcp-server/package.json b/packages/mcp-server/package.json index ee2f0bd4..55818a76 100644 --- a/packages/mcp-server/package.json +++ b/packages/mcp-server/package.json @@ -1,6 +1,6 @@ { "name": "lithic-mcp", - "version": "0.133.0", + "version": "0.134.0", "description": "The official MCP Server for the Lithic API", "author": "Lithic ", "types": "dist/index.d.ts", diff --git a/packages/mcp-server/src/http.ts b/packages/mcp-server/src/http.ts index de207820..3f9b4878 100644 --- a/packages/mcp-server/src/http.ts +++ b/packages/mcp-server/src/http.ts @@ -40,9 +40,37 @@ const newServer = async ({ } } + // Parse x-stainless-mcp-client-permissions header to override permission options + // + // Note: Permissions are best-effort and intended to prevent clients from doing unexpected things; + // they're not a hard security boundary, so we allow arbitrary, client-driven overrides. + // + // See the Stainless MCP documentation for more details. + let effectiveMcpOptions = mcpOptions; + const clientPermissionsHeader = req.headers['x-stainless-mcp-client-permissions']; + if (typeof clientPermissionsHeader === 'string') { + try { + const parsed = JSON.parse(clientPermissionsHeader); + if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) { + effectiveMcpOptions = { + ...mcpOptions, + ...(typeof parsed.allow_http_gets === 'boolean' && { codeAllowHttpGets: parsed.allow_http_gets }), + ...(Array.isArray(parsed.allowed_methods) && { codeAllowedMethods: parsed.allowed_methods }), + ...(Array.isArray(parsed.blocked_methods) && { codeBlockedMethods: parsed.blocked_methods }), + }; + getLogger().info( + { clientPermissions: parsed }, + 'Overriding code execution permissions from x-stainless-mcp-client-permissions header', + ); + } + } catch (error) { + getLogger().warn({ error }, 'Failed to parse x-stainless-mcp-client-permissions header'); + } + } + await initMcpServer({ server: server, - mcpOptions: mcpOptions, + mcpOptions: effectiveMcpOptions, clientOptions: { ...clientOptions, ...authOptions, diff --git a/packages/mcp-server/src/server.ts b/packages/mcp-server/src/server.ts index b21b67c4..23735f17 100644 --- a/packages/mcp-server/src/server.ts +++ b/packages/mcp-server/src/server.ts @@ -21,7 +21,7 @@ export const newMcpServer = async (stainlessApiKey: string | undefined) => new McpServer( { name: 'lithic_api', - version: '0.133.0', + version: '0.134.0', }, { instructions: await getInstructions(stainlessApiKey), diff --git a/src/resources/account-holders/account-holders.ts b/src/resources/account-holders/account-holders.ts index 39d12907..0bd2087f 100644 --- a/src/resources/account-holders/account-holders.ts +++ b/src/resources/account-holders/account-holders.ts @@ -272,8 +272,8 @@ export class AccountHolders extends APIResource { * * This endpoint is only valid for evaluations in a `PENDING_DOCUMENT` state. * - * Uploaded images must either be a `jpg` or `png` file, and each must be less than - * 15 MiB. Once both required uploads have been successfully completed, your + * Supported file types include `jpg`, `png`, and `pdf`. Each file must be less + * than 15 MiB. Once both required uploads have been successfully completed, your * document will be run through KYC verification. * * If you have registered a webhook, you will receive evaluation updates for any @@ -2570,30 +2570,36 @@ export declare namespace AccountHolderCreateParams { } /** - * Individuals associated with a KYB application. Phone number is optional. + * Individuals associated with a KYB_DELEGATED application. Only first and last + * name are required. */ export interface BeneficialOwnerIndividual { + /** + * Individual's first name, as it appears on government-issued identity documents. + */ + first_name: string; + + /** + * Individual's last name, as it appears on government-issued identity documents. + */ + last_name: string; + /** * Individual's current address - PO boxes, UPS drops, and FedEx drops are not * acceptable; APO/FPO are acceptable. Only USA addresses are currently supported. */ - address: Shared.Address; + address?: Shared.Address; /** * Individual's date of birth, as an RFC 3339 date. */ - dob: string; + dob?: string; /** * Individual's email address. If utilizing Lithic for chargeback processing, this * customer email address may be used to communicate dispute status and resolution. */ - email: string; - - /** - * Individual's first name, as it appears on government-issued identity documents. - */ - first_name: string; + email?: string; /** * Government-issued identification number (required for identity verification and @@ -2601,12 +2607,7 @@ export declare namespace AccountHolderCreateParams { * Individual Taxpayer Identification Numbers (ITIN) are currently supported, * entered as full nine-digits, with or without hyphens */ - government_id: string; - - /** - * Individual's last name, as it appears on government-issued identity documents. - */ - last_name: string; + government_id?: string; /** * Individual's phone number, entered in E.164 format. @@ -2625,27 +2626,32 @@ export declare namespace AccountHolderCreateParams { * (Section II) for more background. */ export interface ControlPerson { + /** + * Individual's first name, as it appears on government-issued identity documents. + */ + first_name: string; + + /** + * Individual's last name, as it appears on government-issued identity documents. + */ + last_name: string; + /** * Individual's current address - PO boxes, UPS drops, and FedEx drops are not * acceptable; APO/FPO are acceptable. Only USA addresses are currently supported. */ - address: Shared.Address; + address?: Shared.Address; /** * Individual's date of birth, as an RFC 3339 date. */ - dob: string; + dob?: string; /** * Individual's email address. If utilizing Lithic for chargeback processing, this * customer email address may be used to communicate dispute status and resolution. */ - email: string; - - /** - * Individual's first name, as it appears on government-issued identity documents. - */ - first_name: string; + email?: string; /** * Government-issued identification number (required for identity verification and @@ -2653,12 +2659,7 @@ export declare namespace AccountHolderCreateParams { * Individual Taxpayer Identification Numbers (ITIN) are currently supported, * entered as full nine-digits, with or without hyphens */ - government_id: string; - - /** - * Individual's last name, as it appears on government-issued identity documents. - */ - last_name: string; + government_id?: string; /** * Individual's phone number, entered in E.164 format. diff --git a/src/resources/payments.ts b/src/resources/payments.ts index 28242623..850dc621 100644 --- a/src/resources/payments.ts +++ b/src/resources/payments.ts @@ -520,6 +520,11 @@ export namespace Payment { * for tracking the message through the Fedwire system */ message_id?: string | null; + + /** + * Payment details or invoice reference + */ + remittance_information?: string | null; } /** diff --git a/src/version.ts b/src/version.ts index daf15132..9cd2d099 100644 --- a/src/version.ts +++ b/src/version.ts @@ -1 +1 @@ -export const VERSION = '0.133.0'; // x-release-please-version +export const VERSION = '0.134.0'; // x-release-please-version