@aifabrix/miso-client 3.8.2 → 3.9.0

package/CHANGELOG.md

@@ -5,6 +5,51 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.9.0] - 2026-01-14
+
+### Added
+
+- **Enhanced Filter System** - Comprehensive filter parsing, validation, and SQL compilation
+  - **Dual format parsing**: Support for both colon format (`status:eq:active`) and JSON format (`{"status":{"eq":"active"}}`)
+  - **Schema-based validation**: Define filterable fields, allowed operators, and value types per resource
+  - **Type coercion**: Automatic value validation and conversion for string, number, boolean, uuid, timestamp, and enum types
+  - **SQL compilation**: Generate PostgreSQL-safe parameterized WHERE clauses with `compileFilter()`
+  - **Human-readable errors**: RFC 7807 compliant structured error responses with error codes (UNKNOWN_FIELD, INVALID_OPERATOR, INVALID_TYPE, etc.)
+  - New `ilike` operator for case-insensitive pattern matching
+  - New types: `FilterSchema`, `FilterFieldDefinition`, `FilterError`, `CompiledFilter`
+  - New utilities: `validateFilter()`, `coerceValue()`, `compileFilter()`, `createFilterSchema()`
+  - Filter meta-schema for validating custom filter schemas (`src/schemas/filter.schema.json`)
+
+### Changed
+
+- **Code Size Compliance** - Refactored large files to comply with 500-line guideline
+  - `data-client.ts`: 995 → 416 lines (extracted to helper modules)
+  - `data-client-request.ts`: 683 → 280 lines
+  - `data-client-auth.ts`: 654 → 290 lines
+  - `internal-http-client.ts`: 741 → 496 lines
+  - `auth.service.ts`: 825 → 462 lines
+  - `index.ts`: 681 → 472 lines
+  - `logger.service.ts`: 597 → 480 lines
+
+- **Console Logging Audit** - Cleaned up debug logging
+  - Removed 10 debug `console.log` statements from `token-utils.ts` that could expose sensitive token data
+  - All remaining console calls are appropriate error/warning logs or guarded by debug checks
+
+### Technical
+
+- **New filter utilities**: `src/utils/filter-schema.utils.ts` (497 lines), `src/utils/filter-colon.utils.ts` (119 lines)
+- **New filter types**: `src/types/filter-schema.types.ts` (148 lines)
+- **New helper modules** for DataClient refactoring:
+  - `data-client-init.ts` - Initialization logic
+  - `data-client-permissions.ts` - Permission helpers
+  - `data-client-roles.ts` - Role helpers
+  - `data-client-response.ts` - Response processing
+  - `data-client-oauth.ts` - OAuth callback handling
+- **New HTTP helpers**: `http-error-handler.ts`, `http-response-validator.ts`
+- **New auth helper**: `auth-error-handler.ts` - Centralized auth error formatting
+- **New tests**: `filter-colon-format.test.ts` (178 lines), `filter-schema.utils.test.ts` (545 lines)
+- **Documentation**: Updated `docs/reference-utilities.md` with filter system examples
+
 ## [3.8.2] - 2026-01-12
 
 ### Added

package/dist/index.d.ts

@@ -50,165 +50,58 @@ export declare class MisoClient {
      * @returns Validation result with valid flag and optional error message
      */
     validateOrigin(req: Request, allowedOrigins?: string[]): OriginValidationResult;
-    /**
-     * Get environment token using client credentials
-     * This is called automatically by HttpClient but can be called manually
-     */
+    /** Get environment token using client credentials */
     getEnvironmentToken(): Promise<string>;
-    /**
-     * Initiate login flow by calling controller
-     * Returns the login URL and state for browser redirect or manual navigation
-     *
-     * Important: Your application only needs to know about your own app URLs and the miso-controller.
-     * The miso-controller manages all authentication flows internally, including OAuth callbacks with Keycloak.
-     * You don't need to handle OAuth callbacks in your application.
-     *
-     * @param params - Login parameters
-     * @param params.redirect - Required final destination URL in your application where the user should be redirected after successful authentication. This is a URL in your app (e.g., 'https://myapp.com/dashboard'). The miso-controller handles the OAuth callback internally and then redirects the user to this URL.
-     * @param params.state - Optional CSRF protection token (auto-generated by controller if omitted)
-     * @returns Login response with loginUrl (the Keycloak authentication URL) and state
-     */
+    /** Initiate login flow - returns login URL for browser redirect */
     login(params: {
         redirect: string;
         state?: string;
     }): Promise<import("./types/config.types").LoginResponse>;
-    /**
-     * Validate token with controller
-     * @param token - User authentication token
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Validate token with controller */
     validateToken(token: string, authStrategy?: AuthStrategy): Promise<boolean>;
-    /**
-     * Get user information from token
-     * @param token - User authentication token
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Get user information from token */
     getUser(token: string, authStrategy?: AuthStrategy): Promise<UserInfo | null>;
-    /**
-     * Get user information from GET /api/v1/auth/user endpoint
-     * @param token - User authentication token
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Get user information from GET /api/v1/auth/user endpoint */
     getUserInfo(token: string, authStrategy?: AuthStrategy): Promise<UserInfo | null>;
-    /**
-     * Check if user is authenticated
-     * @param token - User authentication token
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Check if user is authenticated */
     isAuthenticated(token: string, authStrategy?: AuthStrategy): Promise<boolean>;
-    /**
-     * Logout user
-     * @param params - Logout parameters
-     * @param params.token - Access token to invalidate
-     * @returns Logout response with success message
-     */
+    /** Logout user */
     logout(params: {
         token: string;
     }): Promise<import("./types/config.types").LogoutResponse>;
-    /**
-     * Refresh user access token using refresh token
-     * @param refreshToken - Refresh token to exchange for new access token
-     * @param authStrategy - Optional authentication strategy override
-     * @returns New access token, refresh token, and expiration info, or null on error
-     */
+    /** Refresh user access token using refresh token */
     refreshToken(refreshToken: string, authStrategy?: AuthStrategy): Promise<import("./types/config.types").RefreshTokenResponse | null>;
-    /**
-     * Validate token locally using JWKS (no API call to controller)
-     * Results are cached for 1 minute, JWKS keys cached for 1 hour
-     * @param token - JWT token to validate
-     * @param options - Validation options (skipResultCache for high-security)
-     * @returns Validation result with payload or error
-     */
+    /** Validate token locally using JWKS (no API call) */
     validateTokenLocal(token: string, options?: TokenValidationOptions): Promise<TokenValidationResult>;
-    /**
-     * Set or update Keycloak configuration for local validation
-     * @param config - Keycloak configuration
-     */
+    /** Set or update Keycloak configuration for local validation */
     setKeycloakConfig(config: KeycloakConfig): void;
-    /**
-     * Clear JWKS cache (useful for key rotation scenarios)
-     * @param jwksUri - Specific URI to clear, or all if not provided
-     */
+    /** Clear JWKS cache */
     clearJwksCache(jwksUri?: string): void;
-    /**
-     * Clear validation result cache
-     */
+    /** Clear validation result cache */
     clearValidationCache(): void;
-    /**
-     * Clear all token validation caches (JWKS + results)
-     */
+    /** Clear all token validation caches (JWKS + results) */
     clearAllTokenCaches(): void;
-    /**
-     * Get user roles (cached in Redis if available)
-     * @param token - User authentication token
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Get user roles (cached if Redis available) */
     getRoles(token: string, authStrategy?: AuthStrategy): Promise<string[]>;
-    /**
-     * Check if user has specific role
-     * @param token - User authentication token
-     * @param role - Role to check
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Check if user has specific role */
     hasRole(token: string, role: string, authStrategy?: AuthStrategy): Promise<boolean>;
-    /**
-     * Check if user has any of the specified roles
-     * @param token - User authentication token
-     * @param roles - Roles to check
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Check if user has any of the specified roles */
     hasAnyRole(token: string, roles: string[], authStrategy?: AuthStrategy): Promise<boolean>;
-    /**
-     * Check if user has all of the specified roles
-     * @param token - User authentication token
-     * @param roles - Roles to check
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Check if user has all of the specified roles */
     hasAllRoles(token: string, roles: string[], authStrategy?: AuthStrategy): Promise<boolean>;
-    /**
-     * Force refresh roles from controller (bypass cache)
-     * @param token - User authentication token
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Force refresh roles from controller (bypass cache) */
     refreshRoles(token: string, authStrategy?: AuthStrategy): Promise<string[]>;
-    /**
-     * Get user permissions (cached in Redis if available)
-     * @param token - User authentication token
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Get user permissions (cached if Redis available) */
     getPermissions(token: string, authStrategy?: AuthStrategy): Promise<string[]>;
-    /**
-     * Check if user has specific permission
-     * @param token - User authentication token
-     * @param permission - Permission to check
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Check if user has specific permission */
     hasPermission(token: string, permission: string, authStrategy?: AuthStrategy): Promise<boolean>;
-    /**
-     * Check if user has any of the specified permissions
-     * @param token - User authentication token
-     * @param permissions - Permissions to check
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Check if user has any of the specified permissions */
     hasAnyPermission(token: string, permissions: string[], authStrategy?: AuthStrategy): Promise<boolean>;
-    /**
-     * Check if user has all of the specified permissions
-     * @param token - User authentication token
-     * @param permissions - Permissions to check
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Check if user has all of the specified permissions */
     hasAllPermissions(token: string, permissions: string[], authStrategy?: AuthStrategy): Promise<boolean>;
-    /**
-     * Force refresh permissions from controller (bypass cache)
-     * @param token - User authentication token
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Force refresh permissions from controller (bypass cache) */
     refreshPermissions(token: string, authStrategy?: AuthStrategy): Promise<string[]>;
-    /**
-     * Clear cached permissions for a user
-     * @param token - User authentication token
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Clear cached permissions for a user */
     clearPermissionsCache(token: string, authStrategy?: AuthStrategy): Promise<void>;
     /**
      * Get logger service for application logging
@@ -222,40 +115,19 @@ export declare class MisoClient {
      * Get current configuration
      */
     getConfig(): MisoClientConfig;
-    /**
-     * Check if Redis is connected
-     */
+    /** Check if Redis is connected */
     isRedisConnected(): boolean;
-    /**
-     * Make request with authentication strategy
-     * Tries authentication methods in priority order based on strategy
-     * @param method - HTTP method
-     * @param url - Request URL
-     * @param authStrategy - Authentication strategy configuration
-     * @param data - Optional request data
-     * @param config - Optional Axios request config
-     * @returns Response data
-     */
+    /** Make request with authentication strategy */
     requestWithAuthStrategy<T>(method: "GET" | "POST" | "PUT" | "DELETE", url: string, authStrategy: AuthStrategy, data?: unknown, config?: import("axios").AxiosRequestConfig): Promise<T>;
-    /**
-     * Create authentication strategy helper
-     * @param methods - Array of authentication methods in priority order
-     * @param bearerToken - Optional bearer token
-     * @param apiKey - Optional API key
-     * @returns Authentication strategy
-     */
+    /** Create authentication strategy helper */
     createAuthStrategy(methods: ("bearer" | "client-token" | "client-credentials" | "api-key")[], bearerToken?: string, apiKey?: string): AuthStrategy;
-    /**
-     * Get default authentication strategy
-     * Uses bearer token and client token in that order
-     * @param bearerToken - Optional bearer token
-     * @returns Default authentication strategy
-     */
+    /** Get default authentication strategy */
     getDefaultAuthStrategy(bearerToken?: string): AuthStrategy;
 }
 export * from "./types/config.types";
 export * from "./types/pagination.types";
 export * from "./types/filter.types";
+export * from "./types/filter-schema.types";
 export * from "./types/sort.types";
 export type { ErrorResponse as ErrorResponseFromErrors, ErrorEnvelope, } from "./types/errors.types";
 export { AuthService } from "./services/auth.service";
@@ -283,6 +155,7 @@ export { extractRequestContext } from "./utils/request-context";
 export type { RequestContext } from "./utils/request-context";
 export * from "./utils/pagination.utils";
 export * from "./utils/filter.utils";
+export * from "./utils/filter-schema.utils";
 export * from "./utils/sort.utils";
 export { MisoClientError, ApiErrorException, transformError, handleApiError, } from "./utils/errors";
 export { ResponseHelper, PaginationMeta, injectResponseHelpers, asyncHandler, asyncHandlerNamed, ValidationHelper, AppError, ApiError, ValidationError, ApiResponse, createSuccessResponse, createErrorResponse, ErrorLogger, setErrorLogger, handleRouteError, RBACErrorExtensions, getErrorTypeUri, getErrorTitle, sendErrorResponse, EncryptionUtil, createClientTokenEndpoint, hasConfig, loggerContextMiddleware, } from "./express";

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAElD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAMxD,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAChF,OAAO,EAAwC,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AACxG,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,cAAc,EACf,MAAM,gCAAgC,CAAC;AAExC,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAmB;IACjC,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,SAAS,CAAY;IAC7B,OAAO,CAAC,KAAK,CAAe;IAC5B,OAAO,CAAC,IAAI,CAAc;IAC1B,OAAO,CAAC,KAAK,CAAc;IAC3B,OAAO,CAAC,WAAW,CAAoB;IACvC,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,eAAe,CAAyB;IAChD,OAAO,CAAC,WAAW,CAAS;gBAEhB,MAAM,EAAE,gBAAgB;IA2DpC;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAcjC;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAKjC;;OAEG;IACH,aAAa,IAAI,OAAO;IAMxB;;;OAGG;IACH,QAAQ,CAAC,GAAG,EAAE;QAAE,OAAO,EAAE;YAAE,aAAa,CAAC,EAAE,MAAM,CAAA;SAAE,CAAA;KAAE,GAAG,MAAM,GAAG,IAAI;IAerE;;;;;;;OAOG;IACH,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,cAAc,CAAC,EAAE,MAAM,EAAE,GAAG,sBAAsB;IAK/E;;;OAGG;IACG,mBAAmB,IAAI,OAAO,CAAC,MAAM,CAAC;IAI5C;;;;;;;;;;;;OAYG;IACG,KAAK,CAAC,MAAM,EAAE;QAClB,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,OAAO,CAAC,OAAO,sBAAsB,EAAE,aAAa,CAAC;IAIzD;;;;OAIG;IACG,aAAa,CACjB,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,OAAO,CAAC;IAInB;;;;OAIG;IACG,OAAO,CACX,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAI3B;;;;OAIG;IACG,WAAW,CACf,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAI3B;;;;OAIG;IACG,eAAe,CACnB,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,OAAO,CAAC;IAInB;;;;;OAKG;IACG,MAAM,CAAC,MAAM,EAAE;QACnB,KAAK,EAAE,MAAM,CAAC;KACf,GAAG,OAAO,CAAC,OAAO,sBAAsB,EAAE,cAAc,CAAC;IAI1D;;;;;OAKG;IACG,YAAY,CAChB,YAAY,EAAE,MAAM,EACpB,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,OAAO,sBAAsB,EAAE,oBAAoB,GAAG,IAAI,CAAC;IAItE;;;;;;OAMG;IACG,kBAAkB,CACtB,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,sBAAsB,GAC/B,OAAO,CAAC,qBAAqB,CAAC;IAIjC;;;OAGG;IACH,iBAAiB,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI;IAI/C;;;OAGG;IACH,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI;IAItC;;OAEG;IACH,oBAAoB,IAAI,IAAI;IAI5B;;OAEG;IACH,mBAAmB,IAAI,IAAI;IAM3B;;;;OAIG;IACG,QAAQ,CACZ,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,MAAM,EAAE,CAAC;IAIpB;;;;;OAKG;IACG,OAAO,CACX,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,MAAM,EACZ,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,OAAO,CAAC;IAInB;;;;;OAKG;IACG,UAAU,CACd,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,EAAE,EACf,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,OAAO,CAAC;IAInB;;;;;OAKG;IACG,WAAW,CACf,KAAK,EAAE,MAAM,EACb,KAAK,EAAE,MAAM,EAAE,EACf,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,OAAO,CAAC;IAInB;;;;OAIG;IACG,YAAY,CAChB,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,MAAM,EAAE,CAAC;IAIpB;;;;OAIG;IACG,cAAc,CAClB,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,MAAM,EAAE,CAAC;IAIpB;;;;;OAKG;IACG,aAAa,CACjB,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,EAClB,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,OAAO,CAAC;IAInB;;;;;OAKG;IACG,gBAAgB,CACpB,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,EAAE,EACrB,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,OAAO,CAAC;IAInB;;;;;OAKG;IACG,iBAAiB,CACrB,KAAK,EAAE,MAAM,EACb,WAAW,EAAE,MAAM,EAAE,EACrB,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,OAAO,CAAC;IAInB;;;;OAIG;IACG,kBAAkB,CACtB,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,MAAM,EAAE,CAAC;IAIpB;;;;OAIG;IACG,qBAAqB,CACzB,KAAK,EAAE,MAAM,EACb,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,IAAI,CAAC;IAMhB;;OAEG;IACH,IAAI,GAAG,IAAI,aAAa,CAEvB;IAQD;;OAEG;IACH,IAAI,KAAK,IAAI,YAAY,CAExB;IAID;;OAEG;IACH,SAAS,IAAI,gBAAgB;IAI7B;;OAEG;IACH,gBAAgB,IAAI,OAAO;IAI3B;;;;;;;;;OASG;IACG,uBAAuB,CAAC,CAAC,EAC7B,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,EACzC,GAAG,EAAE,MAAM,EACX,YAAY,EAAE,YAAY,EAC1B,IAAI,CAAC,EAAE,OAAO,EACd,MAAM,CAAC,EAAE,OAAO,OAAO,EAAE,kBAAkB,GAC1C,OAAO,CAAC,CAAC,CAAC;IAUb;;;;;;OAMG;IACH,kBAAkB,CAChB,OAAO,EAAE,CAAC,QAAQ,GAAG,cAAc,GAAG,oBAAoB,GAAG,SAAS,CAAC,EAAE,EACzE,WAAW,CAAC,EAAE,MAAM,EACpB,MAAM,CAAC,EAAE,MAAM,GACd,YAAY;IAQf;;;;;OAKG;IACH,sBAAsB,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,YAAY;CAG3D;AAGD,cAAc,sBAAsB,CAAC;AAGrC,cAAc,0BAA0B,CAAC;AACzC,cAAc,sBAAsB,CAAC;AACrC,cAAc,oBAAoB,CAAC;AAGnC,YAAY,EACV,aAAa,IAAI,uBAAuB,EACxC,aAAa,GACd,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,wBAAwB,EAAE,MAAM,uCAAuC,CAAC;AACjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAGjD,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,0CAA0C,CAAC;AAClD,YAAY,EACV,aAAa,GACd,MAAM,0CAA0C,CAAC;AAClD,YAAY,EAAE,aAAa,EAAE,MAAM,0CAA0C,CAAC;AAG9E,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,YAAY,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAC3D,YAAY,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AACvE,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AACnH,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,YAAY,EAAE,qBAAqB,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAChG,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,YAAY,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAG9D,cAAc,0BAA0B,CAAC;AACzC,cAAc,sBAAsB,CAAC;AACrC,cAAc,oBAAoB,CAAC;AAGnC,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,cAAc,EACd,cAAc,GACf,MAAM,gBAAgB,CAAC;AAIxB,OAAO,EACL,cAAc,EACd,cAAc,EACd,qBAAqB,EACrB,YAAY,EACZ,iBAAiB,EACjB,gBAAgB,EAChB,QAAQ,EACR,QAAQ,EACR,eAAe,EACf,WAAW,EACX,qBAAqB,EACrB,mBAAmB,EACnB,WAAW,EACX,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,cAAc,EACd,yBAAyB,EACzB,SAAS,EACT,uBAAuB,GACxB,MAAM,WAAW,CAAC;AACnB,YAAY,EACV,0BAA0B,EAC1B,mBAAmB,EACnB,wBAAwB,GACzB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,aAAa,IAAI,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAGjF,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAC7D,YAAY,EACV,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,WAAW,IAAI,qBAAqB,EACpC,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,mBAAmB,EACnB,QAAQ,IAAI,kBAAkB,GAC/B,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EAAE,wBAAwB,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AACpG,YAAY,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAGrE,YAAY,EACV,SAAS,EACT,sBAAsB,EACtB,qBAAqB,EACrB,YAAY,EACZ,cAAc,EACd,uBAAuB,EACvB,uBAAuB,GACxB,MAAM,gCAAgC,CAAC;AAGxC,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAKH,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAElD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AAMxD,OAAO,EAAE,gBAAgB,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAChF,OAAO,EAAwC,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AACxG,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,cAAc,EACf,MAAM,gCAAgC,CAAC;AAExC,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAmB;IACjC,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,SAAS,CAAY;IAC7B,OAAO,CAAC,KAAK,CAAe;IAC5B,OAAO,CAAC,IAAI,CAAc;IAC1B,OAAO,CAAC,KAAK,CAAc;IAC3B,OAAO,CAAC,WAAW,CAAoB;IACvC,OAAO,CAAC,MAAM,CAAgB;IAC9B,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,eAAe,CAAyB;IAChD,OAAO,CAAC,WAAW,CAAS;gBAEhB,MAAM,EAAE,gBAAgB;IA2DpC;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAcjC;;OAEG;IACG,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAKjC;;OAEG;IACH,aAAa,IAAI,OAAO;IAMxB;;;OAGG;IACH,QAAQ,CAAC,GAAG,EAAE;QAAE,OAAO,EAAE;YAAE,aAAa,CAAC,EAAE,MAAM,CAAA;SAAE,CAAA;KAAE,GAAG,MAAM,GAAG,IAAI;IAerE;;;;;;;OAOG;IACH,cAAc,CAAC,GAAG,EAAE,OAAO,EAAE,cAAc,CAAC,EAAE,MAAM,EAAE,GAAG,sBAAsB;IAK/E,qDAAqD;IAC/C,mBAAmB,IAAI,OAAO,CAAC,MAAM,CAAC;IAI5C,mEAAmE;IAC7D,KAAK,CAAC,MAAM,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,sBAAsB,EAAE,aAAa,CAAC;IAIhH,qCAAqC;IAC/B,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC;IAIjF,sCAAsC;IAChC,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAInF,+DAA+D;IACzD,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IAIvF,qCAAqC;IAC/B,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC;IAInF,kBAAkB;IACZ,MAAM,CAAC,MAAM,EAAE;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,sBAAsB,EAAE,cAAc,CAAC;IAI/F,oDAAoD;IAC9C,YAAY,CAAC,YAAY,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,sBAAsB,EAAE,oBAAoB,GAAG,IAAI,CAAC;IAI1I,sDAAsD;IAChD,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,sBAAsB,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAIzG,gEAAgE;IAChE,iBAAiB,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI;IAI/C,uBAAuB;IACvB,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI;IAItC,oCAAoC;IACpC,oBAAoB,IAAI,IAAI;IAI5B,yDAAyD;IACzD,mBAAmB,IAAI,IAAI;IAM3B,iDAAiD;IAC3C,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAI7E,sCAAsC;IAChC,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC;IAIzF,mDAAmD;IAC7C,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC;IAI/F,mDAAmD;IAC7C,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC;IAIhG,yDAAyD;IACnD,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAMjF,uDAAuD;IACjD,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAInF,4CAA4C;IACtC,aAAa,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC;IAIrG,yDAAyD;IACnD,gBAAgB,CAAC,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC;IAI3G,yDAAyD;IACnD,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC;IAI5G,+DAA+D;IACzD,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;IAIvF,0CAA0C;IACpC,qBAAqB,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC;IAMtF;;OAEG;IACH,IAAI,GAAG,IAAI,aAAa,CAEvB;IAQD;;OAEG;IACH,IAAI,KAAK,IAAI,YAAY,CAExB;IAID;;OAEG;IACH,SAAS,IAAI,gBAAgB;IAI7B,kCAAkC;IAClC,gBAAgB,IAAI,OAAO;IAI3B,gDAAgD;IAC1C,uBAAuB,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,EAAE,GAAG,EAAE,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,IAAI,CAAC,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,OAAO,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,CAAC,CAAC;IAI7L,4CAA4C;IAC5C,kBAAkB,CAAC,OAAO,EAAE,CAAC,QAAQ,GAAG,cAAc,GAAG,oBAAoB,GAAG,SAAS,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,YAAY;IAIlJ,0CAA0C;IAC1C,sBAAsB,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,YAAY;CAG3D;AAGD,cAAc,sBAAsB,CAAC;AAGrC,cAAc,0BAA0B,CAAC;AACzC,cAAc,sBAAsB,CAAC;AACrC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,oBAAoB,CAAC;AAGnC,YAAY,EACV,aAAa,IAAI,uBAAuB,EACxC,aAAa,GACd,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,+BAA+B,CAAC;AAClE,OAAO,EAAE,wBAAwB,EAAE,MAAM,uCAAuC,CAAC;AACjF,OAAO,EAAE,kBAAkB,EAAE,MAAM,iCAAiC,CAAC;AACrE,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAGjD,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,kBAAkB,EAClB,kBAAkB,GACnB,MAAM,0CAA0C,CAAC;AAClD,YAAY,EACV,aAAa,GACd,MAAM,0CAA0C,CAAC;AAClD,YAAY,EAAE,aAAa,EAAE,MAAM,0CAA0C,CAAC;AAG9E,OAAO,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,EAAE,sBAAsB,EAAE,MAAM,qBAAqB,CAAC;AAC7D,YAAY,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAC3D,YAAY,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AACvE,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,SAAS,EAAE,WAAW,EAAE,MAAM,iCAAiC,CAAC;AACnH,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,YAAY,EAAE,qBAAqB,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAChG,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAChE,YAAY,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAG9D,cAAc,0BAA0B,CAAC;AACzC,cAAc,sBAAsB,CAAC;AACrC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,oBAAoB,CAAC;AAGnC,OAAO,EACL,eAAe,EACf,iBAAiB,EACjB,cAAc,EACd,cAAc,GACf,MAAM,gBAAgB,CAAC;AAIxB,OAAO,EACL,cAAc,EACd,cAAc,EACd,qBAAqB,EACrB,YAAY,EACZ,iBAAiB,EACjB,gBAAgB,EAChB,QAAQ,EACR,QAAQ,EACR,eAAe,EACf,WAAW,EACX,qBAAqB,EACrB,mBAAmB,EACnB,WAAW,EACX,cAAc,EACd,gBAAgB,EAChB,mBAAmB,EACnB,eAAe,EACf,aAAa,EACb,iBAAiB,EACjB,cAAc,EACd,yBAAyB,EACzB,SAAS,EACT,uBAAuB,GACxB,MAAM,WAAW,CAAC;AACnB,YAAY,EACV,0BAA0B,EAC1B,mBAAmB,EACnB,wBAAwB,GACzB,MAAM,WAAW,CAAC;AAGnB,OAAO,EAAE,aAAa,IAAI,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAGjF,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAC7D,YAAY,EACV,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,cAAc,EACd,WAAW,IAAI,qBAAqB,EACpC,UAAU,EACV,YAAY,EACZ,YAAY,EACZ,mBAAmB,EACnB,QAAQ,IAAI,kBAAkB,GAC/B,MAAM,2BAA2B,CAAC;AAGnC,OAAO,EAAE,wBAAwB,EAAE,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AACpG,YAAY,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAGrE,YAAY,EACV,SAAS,EACT,sBAAsB,EACtB,qBAAqB,EACrB,YAAY,EACZ,cAAc,EACd,uBAAuB,EACvB,uBAAuB,GACxB,MAAM,gCAAgC,CAAC;AAGxC,OAAO,EAAE,sBAAsB,EAAE,MAAM,qCAAqC,CAAC"}

package/dist/index.js

@@ -129,207 +129,101 @@ class MisoClient {
         const origins = allowedOrigins ?? this.config.allowedOrigins;
         return (0, origin_validator_1.validateOrigin)(req, origins);
     }
-    /**
-     * Get environment token using client credentials
-     * This is called automatically by HttpClient but can be called manually
-     */
+    /** Get environment token using client credentials */
     async getEnvironmentToken() {
         return this.auth.getEnvironmentToken();
     }
-    /**
-     * Initiate login flow by calling controller
-     * Returns the login URL and state for browser redirect or manual navigation
-     *
-     * Important: Your application only needs to know about your own app URLs and the miso-controller.
-     * The miso-controller manages all authentication flows internally, including OAuth callbacks with Keycloak.
-     * You don't need to handle OAuth callbacks in your application.
-     *
-     * @param params - Login parameters
-     * @param params.redirect - Required final destination URL in your application where the user should be redirected after successful authentication. This is a URL in your app (e.g., 'https://myapp.com/dashboard'). The miso-controller handles the OAuth callback internally and then redirects the user to this URL.
-     * @param params.state - Optional CSRF protection token (auto-generated by controller if omitted)
-     * @returns Login response with loginUrl (the Keycloak authentication URL) and state
-     */
+    /** Initiate login flow - returns login URL for browser redirect */
     async login(params) {
         return this.auth.login(params);
     }
-    /**
-     * Validate token with controller
-     * @param token - User authentication token
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Validate token with controller */
     async validateToken(token, authStrategy) {
         return this.auth.validateToken(token, authStrategy);
     }
-    /**
-     * Get user information from token
-     * @param token - User authentication token
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Get user information from token */
     async getUser(token, authStrategy) {
         return this.auth.getUser(token, authStrategy);
     }
-    /**
-     * Get user information from GET /api/v1/auth/user endpoint
-     * @param token - User authentication token
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Get user information from GET /api/v1/auth/user endpoint */
     async getUserInfo(token, authStrategy) {
         return this.auth.getUserInfo(token, authStrategy);
     }
-    /**
-     * Check if user is authenticated
-     * @param token - User authentication token
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Check if user is authenticated */
     async isAuthenticated(token, authStrategy) {
         return this.auth.isAuthenticated(token, authStrategy);
     }
-    /**
-     * Logout user
-     * @param params - Logout parameters
-     * @param params.token - Access token to invalidate
-     * @returns Logout response with success message
-     */
+    /** Logout user */
     async logout(params) {
         return this.auth.logout(params);
     }
-    /**
-     * Refresh user access token using refresh token
-     * @param refreshToken - Refresh token to exchange for new access token
-     * @param authStrategy - Optional authentication strategy override
-     * @returns New access token, refresh token, and expiration info, or null on error
-     */
+    /** Refresh user access token using refresh token */
     async refreshToken(refreshToken, authStrategy) {
         return this.auth.refreshToken(refreshToken, authStrategy);
     }
-    /**
-     * Validate token locally using JWKS (no API call to controller)
-     * Results are cached for 1 minute, JWKS keys cached for 1 hour
-     * @param token - JWT token to validate
-     * @param options - Validation options (skipResultCache for high-security)
-     * @returns Validation result with payload or error
-     */
+    /** Validate token locally using JWKS (no API call) */
     async validateTokenLocal(token, options) {
         return this.tokenValidation.validateTokenLocal(token, options);
     }
-    /**
-     * Set or update Keycloak configuration for local validation
-     * @param config - Keycloak configuration
-     */
+    /** Set or update Keycloak configuration for local validation */
     setKeycloakConfig(config) {
         this.tokenValidation.setKeycloakConfig(config);
     }
-    /**
-     * Clear JWKS cache (useful for key rotation scenarios)
-     * @param jwksUri - Specific URI to clear, or all if not provided
-     */
+    /** Clear JWKS cache */
     clearJwksCache(jwksUri) {
         this.tokenValidation.clearCache(jwksUri);
     }
-    /**
-     * Clear validation result cache
-     */
+    /** Clear validation result cache */
     clearValidationCache() {
         this.tokenValidation.clearResultCache();
     }
-    /**
-     * Clear all token validation caches (JWKS + results)
-     */
+    /** Clear all token validation caches (JWKS + results) */
     clearAllTokenCaches() {
         this.tokenValidation.clearAllCaches();
     }
-    // ==================== AUTHORIZATION METHODS ====================
-    /**
-     * Get user roles (cached in Redis if available)
-     * @param token - User authentication token
-     * @param authStrategy - Optional authentication strategy override
-     */
+    // ==================== ROLE METHODS ====================
+    /** Get user roles (cached if Redis available) */
     async getRoles(token, authStrategy) {
         return this.roles.getRoles(token, authStrategy);
     }
-    /**
-     * Check if user has specific role
-     * @param token - User authentication token
-     * @param role - Role to check
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Check if user has specific role */
     async hasRole(token, role, authStrategy) {
         return this.roles.hasRole(token, role, authStrategy);
     }
-    /**
-     * Check if user has any of the specified roles
-     * @param token - User authentication token
-     * @param roles - Roles to check
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Check if user has any of the specified roles */
     async hasAnyRole(token, roles, authStrategy) {
         return this.roles.hasAnyRole(token, roles, authStrategy);
     }
-    /**
-     * Check if user has all of the specified roles
-     * @param token - User authentication token
-     * @param roles - Roles to check
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Check if user has all of the specified roles */
     async hasAllRoles(token, roles, authStrategy) {
         return this.roles.hasAllRoles(token, roles, authStrategy);
     }
-    /**
-     * Force refresh roles from controller (bypass cache)
-     * @param token - User authentication token
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Force refresh roles from controller (bypass cache) */
     async refreshRoles(token, authStrategy) {
         return this.roles.refreshRoles(token, authStrategy);
     }
-    /**
-     * Get user permissions (cached in Redis if available)
-     * @param token - User authentication token
-     * @param authStrategy - Optional authentication strategy override
-     */
+    // ==================== PERMISSION METHODS ====================
+    /** Get user permissions (cached if Redis available) */
     async getPermissions(token, authStrategy) {
         return this.permissions.getPermissions(token, authStrategy);
     }
-    /**
-     * Check if user has specific permission
-     * @param token - User authentication token
-     * @param permission - Permission to check
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Check if user has specific permission */
     async hasPermission(token, permission, authStrategy) {
         return this.permissions.hasPermission(token, permission, authStrategy);
     }
-    /**
-     * Check if user has any of the specified permissions
-     * @param token - User authentication token
-     * @param permissions - Permissions to check
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Check if user has any of the specified permissions */
     async hasAnyPermission(token, permissions, authStrategy) {
         return this.permissions.hasAnyPermission(token, permissions, authStrategy);
     }
-    /**
-     * Check if user has all of the specified permissions
-     * @param token - User authentication token
-     * @param permissions - Permissions to check
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Check if user has all of the specified permissions */
     async hasAllPermissions(token, permissions, authStrategy) {
         return this.permissions.hasAllPermissions(token, permissions, authStrategy);
     }
-    /**
-     * Force refresh permissions from controller (bypass cache)
-     * @param token - User authentication token
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Force refresh permissions from controller (bypass cache) */
     async refreshPermissions(token, authStrategy) {
         return this.permissions.refreshPermissions(token, authStrategy);
     }
-    /**
-     * Clear cached permissions for a user
-     * @param token - User authentication token
-     * @param authStrategy - Optional authentication strategy override
-     */
+    /** Clear cached permissions for a user */
     async clearPermissionsCache(token, authStrategy) {
         return this.permissions.clearPermissionsCache(token, authStrategy);
     }
@@ -357,45 +251,19 @@ class MisoClient {
     getConfig() {
         return { ...this.config };
     }
-    /**
-     * Check if Redis is connected
-     */
+    /** Check if Redis is connected */
     isRedisConnected() {
         return this.redis.isConnected();
     }
-    /**
-     * Make request with authentication strategy
-     * Tries authentication methods in priority order based on strategy
-     * @param method - HTTP method
-     * @param url - Request URL
-     * @param authStrategy - Authentication strategy configuration
-     * @param data - Optional request data
-     * @param config - Optional Axios request config
-     * @returns Response data
-     */
+    /** Make request with authentication strategy */
     async requestWithAuthStrategy(method, url, authStrategy, data, config) {
         return this.httpClient.requestWithAuthStrategy(method, url, authStrategy, data, config);
     }
-    /**
-     * Create authentication strategy helper
-     * @param methods - Array of authentication methods in priority order
-     * @param bearerToken - Optional bearer token
-     * @param apiKey - Optional API key
-     * @returns Authentication strategy
-     */
+    /** Create authentication strategy helper */
     createAuthStrategy(methods, bearerToken, apiKey) {
-        return {
-            methods,
-            bearerToken,
-            apiKey,
-        };
+        return { methods, bearerToken, apiKey };
     }
-    /**
-     * Get default authentication strategy
-     * Uses bearer token and client token in that order
-     * @param bearerToken - Optional bearer token
-     * @returns Default authentication strategy
-     */
+    /** Get default authentication strategy */
     getDefaultAuthStrategy(bearerToken) {
         return auth_strategy_1.AuthStrategyHandler.getDefaultStrategy(bearerToken);
     }
@@ -406,6 +274,7 @@ __exportStar(require("./types/config.types"), exports);
 // Export pagination, filter, sort types
 __exportStar(require("./types/pagination.types"), exports);
 __exportStar(require("./types/filter.types"), exports);
+__exportStar(require("./types/filter-schema.types"), exports);
 __exportStar(require("./types/sort.types"), exports);
 // Export services for advanced usage
 var auth_service_2 = require("./services/auth.service");
@@ -453,6 +322,7 @@ Object.defineProperty(exports, "extractRequestContext", { enumerable: true, get:
 // Export pagination, filter, sort utilities
 __exportStar(require("./utils/pagination.utils"), exports);
 __exportStar(require("./utils/filter.utils"), exports);
+__exportStar(require("./utils/filter-schema.utils"), exports);
 __exportStar(require("./utils/sort.utils"), exports);
 // Export error classes and utilities
 var errors_1 = require("./utils/errors");