Switch smart_sig to Smart URLs

Author: kvz

CHANGELOG.md

@@ -9,6 +9,7 @@ Released: 2025-10-16.
 [Diff](https://github.com/transloadit/node-sdk/compare/v4.0.2...v4.0.3).
 
 - [x] Fix `smart_sig` CLI to always override embedded credentials with the env-provided auth key while preserving other auth fields.
+- [x] Switch `smart_sig` CLI to return Smart CDN URLs via `getSignedSmartCDNUrl`, making it suitable as the cross-SDK reference implementation.
 - [x] Ensure the CLI entrypoint executes when invoked through npm/yarn bin shims by resolving symlinks before bootstrapping.
 - [x] Harden validation and tests around CLI invocation paths.
 - [x] Add `smart_sig` CLI command (usable via `npx transloadit smart_sig`) for signing params fed through stdin.

README.md

@@ -387,11 +387,11 @@ This function returns an object with the key `signature` (containing the calcula
 
 #### CLI smart_sig
 
-Generate a signature from the command line without writing any JavaScript. The CLI reads a JSON object from stdin, injects credentials from `TRANSLOADIT_KEY`/`TRANSLOADIT_SECRET`, and prints the payload returned by `calcSignature()`.
+Generate a signed Smart CDN URL from the command line. The CLI reads a JSON object from stdin, injects credentials from `TRANSLOADIT_KEY`/`TRANSLOADIT_SECRET`, and prints the URL returned by `getSignedSmartCDNUrl()`.
 
 ```sh
 TRANSLOADIT_KEY=... TRANSLOADIT_SECRET=... \
-  printf '{"assembly_id":"12345"}' | npx transloadit smart_sig
+  printf '{"workspace":"demo","template":"resize","input":"image.jpg","url_params":{"width":320}}' | npx transloadit smart_sig
 ```
 
 You can also use `TRANSLOADIT_AUTH_KEY`/`TRANSLOADIT_AUTH_SECRET` as aliases for the environment variables.

src/cli.ts

@@ -4,14 +4,23 @@ import { realpathSync } from 'node:fs'
 import path from 'node:path'
 import process from 'node:process'
 import { fileURLToPath } from 'node:url'
-import type { ZodIssue } from 'zod'
-import {
-  assemblyAuthInstructionsSchema,
-  assemblyInstructionsSchema,
-} from './alphalib/types/template.ts'
-import type { OptionalAuthParams } from './apiTypes.ts'
+import { type ZodIssue, z } from 'zod'
 import { Transloadit } from './Transloadit.ts'
 
+type UrlParamPrimitive = string | number | boolean
+type UrlParamArray = UrlParamPrimitive[]
+type NormalizedUrlParams = Record<string, UrlParamPrimitive | UrlParamArray>
+
+const smartCdnParamsSchema = z
+  .object({
+    workspace: z.string().min(1, 'workspace is required'),
+    template: z.string().min(1, 'template is required'),
+    input: z.union([z.string(), z.number(), z.boolean()]),
+    url_params: z.record(z.unknown()).optional(),
+    expire_at_ms: z.union([z.number(), z.string()]).optional(),
+  })
+  .passthrough()
+
 export async function readStdin(): Promise<string> {
   if (process.stdin.isTTY) return ''
 
@@ -30,11 +39,6 @@ function fail(message: string): void {
   process.exitCode = 1
 }
 
-const cliParamsSchema = assemblyInstructionsSchema
-  .extend({ auth: assemblyAuthInstructionsSchema.partial().optional() })
-  .partial()
-  .passthrough()
-
 function formatIssues(issues: ZodIssue[]): string {
   return issues
     .map((issue) => {
@@ -44,6 +48,33 @@ function formatIssues(issues: ZodIssue[]): string {
     .join('; ')
 }
 
+function normalizeUrlParam(value: unknown): UrlParamPrimitive | UrlParamArray | undefined {
+  if (value == null) return undefined
+  if (Array.isArray(value)) {
+    const normalized = value.filter(
+      (item): item is UrlParamPrimitive =>
+        typeof item === 'string' || typeof item === 'number' || typeof item === 'boolean',
+    )
+    return normalized.length > 0 ? normalized : undefined
+  }
+  if (typeof value === 'string' || typeof value === 'number' || typeof value === 'boolean') {
+    return value
+  }
+  return undefined
+}
+
+function normalizeUrlParams(params?: Record<string, unknown>): NormalizedUrlParams | undefined {
+  if (params == null) return undefined
+  let normalized: NormalizedUrlParams | undefined
+  for (const [key, value] of Object.entries(params)) {
+    const normalizedValue = normalizeUrlParam(value)
+    if (normalizedValue === undefined) continue
+    if (normalized == null) normalized = {}
+    normalized[key] = normalizedValue
+  }
+  return normalized
+}
+
 export async function runSmartSig(providedInput?: string): Promise<void> {
   const authKey = process.env.TRANSLOADIT_KEY || process.env.TRANSLOADIT_AUTH_KEY
   const authSecret = process.env.TRANSLOADIT_SECRET || process.env.TRANSLOADIT_AUTH_SECRET
@@ -57,46 +88,59 @@ export async function runSmartSig(providedInput?: string): Promise<void> {
 
   const rawInput = providedInput ?? (await readStdin())
   const input = rawInput.trim()
-  let params: Record<string, unknown> = {}
-
-  if (input !== '') {
-    try {
-      const parsed = JSON.parse(input)
-      if (parsed == null || typeof parsed !== 'object' || Array.isArray(parsed)) {
-        fail('Invalid params provided via stdin. Expected a JSON object.')
-        return
-      }
-
-      const parsedResult = cliParamsSchema.safeParse(parsed)
-      if (!parsedResult.success) {
-        fail(`Invalid params: ${formatIssues(parsedResult.error.issues)}`)
-        return
-      }
-
-      const parsedParams = parsedResult.data as Record<string, unknown>
-      const existingAuth =
-        typeof parsedParams.auth === 'object' &&
-        parsedParams.auth != null &&
-        !Array.isArray(parsedParams.auth)
-          ? (parsedParams.auth as Record<string, unknown>)
-          : {}
-
-      params = {
-        ...parsedParams,
-        auth: {
-          ...existingAuth,
-          key: authKey,
-        },
-      }
-    } catch (error: unknown) {
-      fail(`Failed to parse JSON from stdin: ${(error as Error).message}`)
+  if (input === '') {
+    fail(
+      'Missing params provided via stdin. Expected a JSON object with workspace, template, input, and optional Smart CDN parameters.',
+    )
+    return
+  }
+
+  let parsed: unknown
+  try {
+    parsed = JSON.parse(input)
+  } catch (error) {
+    fail(`Failed to parse JSON from stdin: ${(error as Error).message}`)
+    return
+  }
+
+  if (parsed == null || typeof parsed !== 'object' || Array.isArray(parsed)) {
+    fail('Invalid params provided via stdin. Expected a JSON object.')
+    return
+  }
+
+  const parsedResult = smartCdnParamsSchema.safeParse(parsed)
+  if (!parsedResult.success) {
+    fail(`Invalid params: ${formatIssues(parsedResult.error.issues)}`)
+    return
+  }
+
+  const { workspace, template, input: inputFieldRaw, url_params, expire_at_ms } = parsedResult.data
+
+  const urlParams = normalizeUrlParams(url_params as Record<string, unknown> | undefined)
+
+  let expiresAt: number | undefined
+  if (typeof expire_at_ms === 'string') {
+    const parsedNumber = Number.parseInt(expire_at_ms, 10)
+    if (Number.isNaN(parsedNumber)) {
+      fail('Invalid params: expire_at_ms must be a number.')
       return
     }
+    expiresAt = parsedNumber
+  } else {
+    expiresAt = expire_at_ms
   }
 
+  const inputField = typeof inputFieldRaw === 'string' ? inputFieldRaw : String(inputFieldRaw)
+
   const client = new Transloadit({ authKey, authSecret })
-  const signature = client.calcSignature(params as OptionalAuthParams)
-  process.stdout.write(`${JSON.stringify(signature)}\n`)
+  const signedUrl = client.getSignedSmartCDNUrl({
+    workspace,
+    template,
+    input: inputField,
+    urlParams,
+    expiresAt,
+  })
+  process.stdout.write(`${signedUrl}\n`)
 }
 
 export async function main(args = process.argv.slice(2)): Promise<void> {
@@ -114,7 +158,12 @@ export async function main(args = process.argv.slice(2)): Promise<void> {
       process.stdout.write(
         [
           'Usage:',
-          '  npx transloadit smart_sig    Read params JSON from stdin and output signed payload.',
+          '  npx transloadit smart_sig    Read Smart CDN params JSON from stdin and output a signed URL.',
+          '',
+          'Required JSON fields:',
+          '  workspace, template, input',
+          'Optional JSON fields:',
+          '  expire_at_ms, url_params',
           '',
           'Environment variables:',
           '  TRANSLOADIT_KEY, TRANSLOADIT_SECRET',