diff --git a/README.md b/README.md index 5da8748..8ef2282 100644 --- a/README.md +++ b/README.md @@ -125,8 +125,8 @@ Required values: Important distinction: - `TRUSTSIGNAL_API_BASE_URL` is the outbound verification API this service calls, for example `https://api.trustsignal.dev`. - - Primary route expected by this service: `${TRUSTSIGNAL_API_BASE_URL}/v1/verifications/github` - - Compatibility route (if needed): `${TRUSTSIGNAL_API_BASE_URL}/api/v1/verifications/github` + - Primary route expected by this service: `${TRUSTSIGNAL_API_BASE_URL}/api/v1/verifications/github` + - Compatibility route (if needed): `${TRUSTSIGNAL_API_BASE_URL}/v1/verifications/github` The API base URL is distinct from the webhook host: - App callback/base webhook host: `https://github.trustsignal.dev` diff --git a/apps/action/dist/index.js b/apps/action/dist/index.js index 50d6cc6..0f904f2 100644 --- a/apps/action/dist/index.js +++ b/apps/action/dist/index.js @@ -4152,7 +4152,7 @@ function mapProvenanceEventName(eventName) { // src/trustsignal/client.ts var TrustSignalVerificationClient = class { baseUrl; - candidatePaths = ["/v1/verifications/github", "/api/v1/verifications/github"]; + candidatePaths = ["/api/v1/verifications/github", "/v1/verifications/github"]; timeoutMs; fetchImpl; constructor(config, fetchImpl = globalThis.fetch) { @@ -4220,7 +4220,7 @@ var TrustSignalVerificationClient = class { } } canFallback(path) { - return path === "/v1/verifications/github"; + return path === "/api/v1/verifications/github"; } }; function looksLikeJson(value) { diff --git a/docs/architecture.md b/docs/architecture.md index e9508fe..8d12d16 100644 --- a/docs/architecture.md +++ b/docs/architecture.md @@ -39,8 +39,8 @@ This keeps the website, outbound verification API, and inbound webhook receiver `TRUSTSIGNAL_API_BASE_URL` must target the API origin only and is currently normalized as: -- Primary path: `/v1/verifications/github` -- Compatibility path: `/api/v1/verifications/github` (used when the primary route is unavailable) +- Primary path: `/api/v1/verifications/github` +- Compatibility path: `/v1/verifications/github` (used when the primary route is unavailable) If the API is moved or renamed, update `TRUSTSIGNAL_API_BASE_URL` and keep only one canonical base URL. diff --git a/docs/integrations/github.md b/docs/integrations/github.md index 0107881..452bfe0 100644 --- a/docs/integrations/github.md +++ b/docs/integrations/github.md @@ -107,7 +107,7 @@ jobs: "sha": "'"${GITHUB_SHA}"'", "artifactDigest": "'"${{ steps.digest.outputs.sha256 }}"'" }' \ - "${TRUSTSIGNAL_API_BASE_URL}/v1/verifications/github" + "${TRUSTSIGNAL_API_BASE_URL}/api/v1/verifications/github" ``` ## Compatibility Notes diff --git a/src/trustsignal/client.ts b/src/trustsignal/client.ts index 0490fa4..8efbce9 100644 --- a/src/trustsignal/client.ts +++ b/src/trustsignal/client.ts @@ -29,7 +29,7 @@ export interface FetchLike { export class TrustSignalVerificationClient { private readonly baseUrl: string; - private readonly candidatePaths = ["/v1/verifications/github", "/api/v1/verifications/github"] as const; + private readonly candidatePaths = ["/api/v1/verifications/github", "/v1/verifications/github"] as const; private readonly timeoutMs: number; private readonly fetchImpl: FetchLike; @@ -111,7 +111,7 @@ export class TrustSignalVerificationClient { } private canFallback(path: (typeof this.candidatePaths)[number]) { - return path === "/v1/verifications/github"; + return path === "/api/v1/verifications/github"; } } diff --git a/tests/trustsignalClient.test.ts b/tests/trustsignalClient.test.ts index 7e223ea..32ef252 100644 --- a/tests/trustsignalClient.test.ts +++ b/tests/trustsignalClient.test.ts @@ -51,7 +51,7 @@ describe("TrustSignalVerificationClient", () => { const result = await client.verify(request); expect(fetchImpl).toHaveBeenCalledWith( - "https://trustsignal.example.com/v1/verifications/github", + "https://trustsignal.example.com/api/v1/verifications/github", expect.objectContaining({ method: "POST", headers: expect.objectContaining({ @@ -62,7 +62,7 @@ describe("TrustSignalVerificationClient", () => { expect(result.receiptId).toBe("rcpt_1"); }); - it("falls back to /api/v1/verifications/github when /v1 returns HTML", async () => { + it("falls back to /v1/verifications/github when /api returns HTML", async () => { const fallbackResponse = { ok: true, status: 200, @@ -89,7 +89,7 @@ describe("TrustSignalVerificationClient", () => { }; const fetchImplementation = vi.fn(async (url: string) => { - const response = url === "https://trustsignal.example.com/v1/verifications/github" ? primaryResponse : fallbackResponse; + const response = url === "https://trustsignal.example.com/api/v1/verifications/github" ? primaryResponse : fallbackResponse; return { ok: response.ok, status: response.status, @@ -131,7 +131,7 @@ describe("TrustSignalVerificationClient", () => { expect(fetchImplementation).toHaveBeenCalledTimes(2); expect(fetchImplementation).toHaveBeenNthCalledWith( 1, - "https://trustsignal.example.com/v1/verifications/github", + "https://trustsignal.example.com/api/v1/verifications/github", expect.objectContaining({ method: "POST", headers: expect.objectContaining({ @@ -141,7 +141,7 @@ describe("TrustSignalVerificationClient", () => { ); expect(fetchImplementation).toHaveBeenNthCalledWith( 2, - "https://trustsignal.example.com/api/v1/verifications/github", + "https://trustsignal.example.com/v1/verifications/github", expect.objectContaining({ method: "POST", headers: expect.objectContaining({ @@ -188,7 +188,7 @@ describe("TrustSignalVerificationClient", () => { }, }); - await expect(client.verify(request)).rejects.toThrow("TrustSignal verification response for https://trustsignal.example.com/api/v1/verifications/github was not JSON"); + await expect(client.verify(request)).rejects.toThrow("TrustSignal verification response for https://trustsignal.example.com/v1/verifications/github was not JSON"); expect(fetchImplementation).toHaveBeenCalledTimes(2); }); });