/** * Env: the Worker's configuration surface. * * EXAMPLE CODE. Not deployed. Placeholders only, no real keys, bundle IDs, * team IDs, account IDs, or Worker URLs. See README.md. * * Two independent gates can be turned on by configuration: * * StoreKit (entitlement): set ALLOWED_BUNDLE_IDS + APPLE_ROOT_CA_SHA256. * App Attest (authenticity): set APP_ATTEST_TEAM_ID + APP_ATTEST_BUNDLE_ID. * * If neither is configured the Worker refuses to run (500). If both are * configured a request must clear both. */ export interface Env { /** Anthropic API key. Set as a secret: `wrangler secret put ANTHROPIC_API_KEY`. */ ANTHROPIC_API_KEY: string; // --- StoreKit entitlement gate (active when both are set) --- /** Comma-separated allowlist of app bundle IDs, e.g. "com.example.app". */ ALLOWED_BUNDLE_IDS?: string; /** Comma-separated allowlist of product IDs. Empty/unset = accept any product. */ ALLOWED_PRODUCT_IDS?: string; /** Hex SHA-256 of the DER-encoded "Apple Root CA - G3" certificate. * Obtain and verify from https://www.apple.com/certificateauthority/ */ APPLE_ROOT_CA_SHA256?: string; // --- App Attest authenticity gate (active when both are set) --- /** Apple Developer Team ID the app ships under, e.g. "ABCDE12345". */ APP_ATTEST_TEAM_ID?: string; /** Bundle ID the attestation must be bound to, e.g. "com.example.app". */ APP_ATTEST_BUNDLE_ID?: string; // --- Proxy configuration --- /** Comma-separated allowlist of upstream paths. Defaults to "/v1/messages". */ ALLOWED_UPSTREAM_PATHS?: string; /** Anthropic API version header. Defaults to "2023-06-01". */ ANTHROPIC_VERSION?: string; } export const ANTHROPIC_BASE = "https://api.anthropic.com"; export const DEFAULT_ANTHROPIC_VERSION = "2023-06-01"; export const DEFAULT_UPSTREAM_PATHS = "/v1/messages"; /** Header carrying the StoreKit 2 signed transaction (JWS). */ export const TRANSACTION_HEADER = "X-IAP-Transaction"; /** Header carrying the App Attest assertion (base64). */ export const ASSERTION_HEADER = "X-App-Attest-Assertion"; /** Header carrying the App Attest key identifier the assertion was signed with. */ export const KEY_ID_HEADER = "X-App-Attest-Key-Id";