npm - @aifabrix/miso-client - Versions diffs - 4.9.0 → 4.12.0 - Mend

@aifabrix/miso-client 4.9.0 → 4.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (268) hide show

package/CHANGELOG.md +33 -0
package/README.md +164 -139
package/dist/api/applications.api.d.ts +3 -3
package/dist/api/applications.api.d.ts.map +1 -1
package/dist/api/applications.api.js +21 -16
package/dist/api/applications.api.js.map +1 -1
package/dist/api/auth-cache.api.d.ts +3 -3
package/dist/api/auth-cache.api.d.ts.map +1 -1
package/dist/api/auth-cache.api.js +30 -30
package/dist/api/auth-cache.api.js.map +1 -1
package/dist/api/auth-login.api.d.ts +3 -3
package/dist/api/auth-login.api.d.ts.map +1 -1
package/dist/api/auth-login.api.js +25 -23
package/dist/api/auth-login.api.js.map +1 -1
package/dist/api/auth-token.api.d.ts +3 -3
package/dist/api/auth-token.api.d.ts.map +1 -1
package/dist/api/auth-token.api.js +53 -41
package/dist/api/auth-token.api.js.map +1 -1
package/dist/api/auth-user.api.d.ts +3 -3
package/dist/api/auth-user.api.d.ts.map +1 -1
package/dist/api/auth-user.api.js +18 -18
package/dist/api/auth-user.api.js.map +1 -1
package/dist/api/auth.api.d.ts +3 -3
package/dist/api/auth.api.d.ts.map +1 -1
package/dist/api/auth.api.js.map +1 -1
package/dist/api/encryption.api.d.ts +2 -2
package/dist/api/encryption.api.js +8 -8
package/dist/api/index.d.ts +7 -7
package/dist/api/logs-create.api.d.ts +3 -3
package/dist/api/logs-create.api.d.ts.map +1 -1
package/dist/api/logs-create.api.js +41 -19
package/dist/api/logs-create.api.js.map +1 -1
package/dist/api/logs-export.api.d.ts +3 -3
package/dist/api/logs-export.api.d.ts.map +1 -1
package/dist/api/logs-export.api.js +8 -6
package/dist/api/logs-export.api.js.map +1 -1
package/dist/api/logs-list.api.d.ts +3 -3
package/dist/api/logs-list.api.d.ts.map +1 -1
package/dist/api/logs-list.api.js +39 -33
package/dist/api/logs-list.api.js.map +1 -1
package/dist/api/logs-stats.api.d.ts +3 -3
package/dist/api/logs-stats.api.d.ts.map +1 -1
package/dist/api/logs-stats.api.js +24 -24
package/dist/api/logs-stats.api.js.map +1 -1
package/dist/api/logs.api.d.ts +3 -3
package/dist/api/permissions.api.d.ts +3 -3
package/dist/api/permissions.api.d.ts.map +1 -1
package/dist/api/permissions.api.js +12 -12
package/dist/api/permissions.api.js.map +1 -1
package/dist/api/roles.api.d.ts +3 -3
package/dist/api/roles.api.d.ts.map +1 -1
package/dist/api/roles.api.js +12 -12
package/dist/api/roles.api.js.map +1 -1
package/dist/api/types/auth.types.d.ts +1 -1
package/dist/api/types/encryption.types.d.ts +1 -1
package/dist/api/types/logs.types.d.ts +10 -8
package/dist/api/types/logs.types.d.ts.map +1 -1
package/dist/express/client-token-endpoint.d.ts.map +1 -1
package/dist/express/client-token-endpoint.js +29 -11
package/dist/express/client-token-endpoint.js.map +1 -1
package/dist/express/error-handler.d.ts.map +1 -1
package/dist/express/error-handler.js +30 -8
package/dist/express/error-handler.js.map +1 -1
package/dist/express/error-types.d.ts.map +1 -1
package/dist/express/error-types.js +26 -9
package/dist/express/error-types.js.map +1 -1
package/dist/express/index.d.ts +4 -4
package/dist/express/index.d.ts.map +1 -1
package/dist/express/index.js.map +1 -1
package/dist/express/logger-context.middleware.d.ts.map +1 -1
package/dist/express/logger-context.middleware.js +12 -5
package/dist/express/logger-context.middleware.js.map +1 -1
package/dist/express/response-helper.d.ts.map +1 -1
package/dist/express/response-helper.js.map +1 -1
package/dist/express/validation-helper.d.ts.map +1 -1
package/dist/express/validation-helper.js +6 -2
package/dist/express/validation-helper.js.map +1 -1
package/dist/miso-client.d.ts.map +1 -1
package/dist/miso-client.js +11 -4
package/dist/miso-client.js.map +1 -1
package/dist/sdk-exports.d.ts +6 -5
package/dist/sdk-exports.d.ts.map +1 -1
package/dist/sdk-exports.js +20 -1
package/dist/sdk-exports.js.map +1 -1
package/dist/services/application-context.service.d.ts.map +1 -1
package/dist/services/application-context.service.js +3 -1
package/dist/services/application-context.service.js.map +1 -1
package/dist/services/auth-cache-helpers.d.ts.map +1 -1
package/dist/services/auth-cache-helpers.js +9 -6
package/dist/services/auth-cache-helpers.js.map +1 -1
package/dist/services/auth-environment-token.d.ts.map +1 -1
package/dist/services/auth-environment-token.js.map +1 -1
package/dist/services/auth-error-handler.d.ts.map +1 -1
package/dist/services/auth-error-handler.js.map +1 -1
package/dist/services/auth.service.d.ts +0 -10
package/dist/services/auth.service.d.ts.map +1 -1
package/dist/services/auth.service.helpers.d.ts +22 -0
package/dist/services/auth.service.helpers.d.ts.map +1 -0
package/dist/services/auth.service.helpers.js +45 -0
package/dist/services/auth.service.helpers.js.map +1 -0
package/dist/services/auth.service.js +21 -57
package/dist/services/auth.service.js.map +1 -1
package/dist/services/browser-permission.service.d.ts.map +1 -1
package/dist/services/browser-permission.service.js +10 -4
package/dist/services/browser-permission.service.js.map +1 -1
package/dist/services/browser-role.service.d.ts.map +1 -1
package/dist/services/browser-role.service.js +6 -2
package/dist/services/browser-role.service.js.map +1 -1
package/dist/services/cache.service.d.ts.map +1 -1
package/dist/services/cache.service.js +2 -1
package/dist/services/cache.service.js.map +1 -1
package/dist/services/encryption.service.d.ts +3 -3
package/dist/services/encryption.service.d.ts.map +1 -1
package/dist/services/encryption.service.js +12 -6
package/dist/services/encryption.service.js.map +1 -1
package/dist/services/logger/index.d.ts +1 -1
package/dist/services/logger/index.d.ts.map +1 -1
package/dist/services/logger/index.js.map +1 -1
package/dist/services/logger/log-entry-builder.d.ts.map +1 -1
package/dist/services/logger/log-entry-builder.js.map +1 -1
package/dist/services/logger/logger-chain.d.ts.map +1 -1
package/dist/services/logger/logger-chain.js.map +1 -1
package/dist/services/logger/logger-context.d.ts.map +1 -1
package/dist/services/logger/logger-context.js +5 -3
package/dist/services/logger/logger-context.js.map +1 -1
package/dist/services/logger/logger-http-utils.d.ts.map +1 -1
package/dist/services/logger/logger-http-utils.js.map +1 -1
package/dist/services/logger/logger.service.d.ts.map +1 -1
package/dist/services/logger/logger.service.js +2 -1
package/dist/services/logger/logger.service.js.map +1 -1
package/dist/services/logger/trace-field-utils.d.ts.map +1 -1
package/dist/services/logger/trace-field-utils.js.map +1 -1
package/dist/services/logger/unified-logger.service.d.ts.map +1 -1
package/dist/services/logger/unified-logger.service.js.map +1 -1
package/dist/services/permission.service.d.ts.map +1 -1
package/dist/services/permission.service.js +6 -2
package/dist/services/permission.service.js.map +1 -1
package/dist/services/role.service.d.ts.map +1 -1
package/dist/services/role.service.js +6 -2
package/dist/services/role.service.js.map +1 -1
package/dist/services/token-validation.service.d.ts.map +1 -1
package/dist/services/token-validation.service.js +4 -2
package/dist/services/token-validation.service.js.map +1 -1
package/dist/types/data-client.types.d.ts +25 -5
package/dist/types/data-client.types.d.ts.map +1 -1
package/dist/types/data-client.types.js.map +1 -1
package/dist/types/errors.types.d.ts.map +1 -1
package/dist/types/filter-schema.types.d.ts.map +1 -1
package/dist/types/filter-schema.types.js.map +1 -1
package/dist/utils/audit-log-queue.d.ts.map +1 -1
package/dist/utils/audit-log-queue.js +3 -1
package/dist/utils/audit-log-queue.js.map +1 -1
package/dist/utils/browser-jwt-decoder.d.ts.map +1 -1
package/dist/utils/browser-jwt-decoder.js +1 -4
package/dist/utils/browser-jwt-decoder.js.map +1 -1
package/dist/utils/client-token-manager.d.ts.map +1 -1
package/dist/utils/client-token-manager.js +9 -3
package/dist/utils/client-token-manager.js.map +1 -1
package/dist/utils/config-loader.d.ts.map +1 -1
package/dist/utils/config-loader.js +16 -9
package/dist/utils/config-loader.js.map +1 -1
package/dist/utils/controller-url-resolver.js +4 -4
package/dist/utils/controller-url-resolver.js.map +1 -1
package/dist/utils/data-client-audit.d.ts.map +1 -1
package/dist/utils/data-client-audit.js +26 -6
package/dist/utils/data-client-audit.js.map +1 -1
package/dist/utils/data-client-auth.d.ts +7 -0
package/dist/utils/data-client-auth.d.ts.map +1 -1
package/dist/utils/data-client-auth.js +62 -3
package/dist/utils/data-client-auth.js.map +1 -1
package/dist/utils/data-client-auto-init.d.ts.map +1 -1
package/dist/utils/data-client-auto-init.js +12 -5
package/dist/utils/data-client-auto-init.js.map +1 -1
package/dist/utils/data-client-cache.js +2 -2
package/dist/utils/data-client-cache.js.map +1 -1
package/dist/utils/data-client-core.d.ts +82 -0
package/dist/utils/data-client-core.d.ts.map +1 -0
package/dist/utils/data-client-core.js +303 -0
package/dist/utils/data-client-core.js.map +1 -0
package/dist/utils/data-client-init.d.ts.map +1 -1
package/dist/utils/data-client-init.js +2 -1
package/dist/utils/data-client-init.js.map +1 -1
package/dist/utils/data-client-oauth.d.ts.map +1 -1
package/dist/utils/data-client-oauth.js +5 -2
package/dist/utils/data-client-oauth.js.map +1 -1
package/dist/utils/data-client-redirect.d.ts.map +1 -1
package/dist/utils/data-client-redirect.js +8 -8
package/dist/utils/data-client-redirect.js.map +1 -1
package/dist/utils/data-client-request.d.ts +4 -33
package/dist/utils/data-client-request.d.ts.map +1 -1
package/dist/utils/data-client-request.js +80 -43
package/dist/utils/data-client-request.js.map +1 -1
package/dist/utils/data-client-request.types.d.ts +68 -0
package/dist/utils/data-client-request.types.d.ts.map +1 -0
package/dist/utils/data-client-request.types.js +3 -0
package/dist/utils/data-client-request.types.js.map +1 -0
package/dist/utils/data-client-response.d.ts.map +1 -1
package/dist/utils/data-client-response.js +23 -9
package/dist/utils/data-client-response.js.map +1 -1
package/dist/utils/data-client-utils.d.ts.map +1 -1
package/dist/utils/data-client-utils.js +2 -1
package/dist/utils/data-client-utils.js.map +1 -1
package/dist/utils/data-client.d.ts +3 -40
package/dist/utils/data-client.d.ts.map +1 -1
package/dist/utils/data-client.js +21 -242
package/dist/utils/data-client.js.map +1 -1
package/dist/utils/data-masker.d.ts +28 -35
package/dist/utils/data-masker.d.ts.map +1 -1
package/dist/utils/data-masker.js +116 -80
package/dist/utils/data-masker.js.map +1 -1
package/dist/utils/encryption-error.d.ts +2 -2
package/dist/utils/encryption-error.js +1 -1
package/dist/utils/environment-token.d.ts.map +1 -1
package/dist/utils/environment-token.js +6 -2
package/dist/utils/environment-token.js.map +1 -1
package/dist/utils/error-extractor.d.ts.map +1 -1
package/dist/utils/error-extractor.js +4 -2
package/dist/utils/error-extractor.js.map +1 -1
package/dist/utils/errors.d.ts.map +1 -1
package/dist/utils/errors.js +29 -7
package/dist/utils/errors.js.map +1 -1
package/dist/utils/filter-colon.utils.d.ts.map +1 -1
package/dist/utils/filter-colon.utils.js.map +1 -1
package/dist/utils/filter-schema-loader.d.ts.map +1 -1
package/dist/utils/filter-schema-loader.js +3 -1
package/dist/utils/filter-schema-loader.js.map +1 -1
package/dist/utils/filter-schema.utils.d.ts.map +1 -1
package/dist/utils/filter-schema.utils.js.map +1 -1
package/dist/utils/filter.utils.d.ts.map +1 -1
package/dist/utils/filter.utils.js +11 -4
package/dist/utils/filter.utils.js.map +1 -1
package/dist/utils/http-client-audit.d.ts.map +1 -1
package/dist/utils/http-client-audit.js +51 -14
package/dist/utils/http-client-audit.js.map +1 -1
package/dist/utils/http-client-masking.d.ts.map +1 -1
package/dist/utils/http-client-masking.js +6 -2
package/dist/utils/http-client-masking.js.map +1 -1
package/dist/utils/http-client-metadata.d.ts.map +1 -1
package/dist/utils/http-client-metadata.js.map +1 -1
package/dist/utils/http-client.d.ts +4 -0
package/dist/utils/http-client.d.ts.map +1 -1
package/dist/utils/http-client.js +135 -2
package/dist/utils/http-client.js.map +1 -1
package/dist/utils/http-error-handler.d.ts.map +1 -1
package/dist/utils/http-error-handler.js +6 -3
package/dist/utils/http-error-handler.js.map +1 -1
package/dist/utils/http-response-validator.d.ts.map +1 -1
package/dist/utils/http-response-validator.js +5 -2
package/dist/utils/http-response-validator.js.map +1 -1
package/dist/utils/internal-http-client.d.ts.map +1 -1
package/dist/utils/internal-http-client.js +19 -6
package/dist/utils/internal-http-client.js.map +1 -1
package/dist/utils/logging-helpers.d.ts.map +1 -1
package/dist/utils/logging-helpers.js +2 -1
package/dist/utils/logging-helpers.js.map +1 -1
package/dist/utils/sensitive-fields.config.json +27 -55
package/dist/utils/sensitive-fields.loader.d.ts +27 -16
package/dist/utils/sensitive-fields.loader.d.ts.map +1 -1
package/dist/utils/sensitive-fields.loader.js +186 -139
package/dist/utils/sensitive-fields.loader.js.map +1 -1
package/dist/utils/token-utils.d.ts.map +1 -1
package/dist/utils/token-utils.js +3 -3
package/dist/utils/token-utils.js.map +1 -1
package/dist/utils/user-token-refresh.d.ts +40 -0
package/dist/utils/user-token-refresh.d.ts.map +1 -0
package/dist/utils/user-token-refresh.js +258 -0
package/dist/utils/user-token-refresh.js.map +1 -0
package/package.json +18 -1

package/README.md CHANGED Viewed

@@ -138,7 +138,7 @@ REDIS_HOST=localhost
 ### Step 3: Use It
 ```typescript
-import { MisoClient, loadConfig } from '@aifabrix/miso-client';
+import { MisoClient, loadConfig } from "@aifabrix/miso-client";
 const client = new MisoClient(loadConfig());
 await client.initialize();
@@ -157,7 +157,7 @@ For React, Vue, Angular, or other front-end applications, use **DataClient** - a
 **⚠️ Security Warning:** Never expose `clientSecret` in browser/client-side code. Use the Server-Provided Client Token Pattern instead.
 ```typescript
-import { DataClient } from '@aifabrix/miso-client';
+import { DataClient } from "@aifabrix/miso-client";
 // Server provides client token (from initial page load or API endpoint)
 const initialClientToken = window.INITIAL_CLIENT_TOKEN; // From server
@@ -165,20 +165,20 @@ const tokenExpiresAt = window.INITIAL_CLIENT_TOKEN_EXPIRES_AT;
 // Browser-safe configuration WITHOUT clientSecret
 const dataClient = new DataClient({
-  baseUrl: 'https://api.example.com',
+  baseUrl: "https://api.example.com",
   misoConfig: {
-    controllerUrl: 'https://controller.aifabrix.ai',
-    clientId: 'ctrl-dev-my-app',
+    controllerUrl: "https://controller.aifabrix.ai",
+    clientId: "ctrl-dev-my-app",
     // ❌ DO NOT include clientSecret in browser code
     // ✅ Use server-provided token
     clientToken: initialClientToken,
     clientTokenExpiresAt: tokenExpiresAt,
     // ✅ Refresh callback calls your server endpoint
     onClientTokenRefresh: async () => {
-      const response = await fetch('/api/client-token', {
-        credentials: 'include', // Include cookies for auth
+      const response = await fetch("/api/client-token", {
+        credentials: "include", // Include cookies for auth
       });
       return await response.json(); // { token: string, expiresIn: number }
     },
@@ -186,8 +186,8 @@ const dataClient = new DataClient({
 });
 // Make authenticated requests with automatic audit logging
-const users = await dataClient.get('/api/users');
-const newUser = await dataClient.post('/api/users', { name: 'John' });
+const users = await dataClient.get("/api/users");
+const newUser = await dataClient.post("/api/users", { name: "John" });
 // OAuth callback is automatically handled on initialization
 // Token is extracted from URL hash fragment (#token=...) and stored securely
@@ -195,15 +195,26 @@ const newUser = await dataClient.post('/api/users', { name: 'John' });
 // Token refresh callback (automatic refresh on 401 errors)
 const dataClientWithRefresh = new DataClient({
-  baseUrl: 'https://api.example.com',
-  misoConfig: { /* ... */ },
+  baseUrl: "https://api.example.com",
+  misoConfig: {
+    /* ... */
+  },
   onTokenRefresh: async () => {
     // Call your backend endpoint that handles refresh token securely
-    const response = await fetch('/api/refresh-token', {
-      credentials: 'include', // Include cookies for auth
+    const response = await fetch("/api/refresh-token", {
+      credentials: "include", // Include cookies for auth
     });
     return await response.json(); // { token: string, expiresIn: number }
   },
+  // Optional cookie-first restore callback (preferred for enterprise SSO)
+  onSessionRestore: async () => {
+    const response = await fetch("/api/session/restore", {
+      credentials: "include",
+    });
+    if (!response.ok) return null;
+    return await response.json(); // { token: string, expiresAt?: string }
+  },
 });
 ```
@@ -243,7 +254,7 @@ aifabrix run miso-controller
 **What happens:** Your app validates user tokens from Keycloak.
 ```typescript
-import { MisoClient, loadConfig } from '@aifabrix/miso-client';
+import { MisoClient, loadConfig } from "@aifabrix/miso-client";
 // Create client (loads from .env automatically)
 const client = new MisoClient(loadConfig());
@@ -256,7 +267,7 @@ if (token) {
   const isValid = await client.validateToken(token);
   if (isValid) {
     const user = await client.getUser(token);
-    console.log('User:', user);
+    console.log("User:", user);
   }
 }
 ```
@@ -284,7 +295,7 @@ const result = await client.exchangeUserToken(entraOrExternalToken);
 **What happens:** Check user roles to control access. Roles are cached in Redis for performance. Token validation is also cached (15-minute TTL) to reduce API calls.
 ```typescript
-import { MisoClient, loadConfig } from '@aifabrix/miso-client';
+import { MisoClient, loadConfig } from "@aifabrix/miso-client";
 // Build on Step 3 - add Redis in .env file
 const client = new MisoClient(loadConfig());
@@ -293,7 +304,7 @@ await client.initialize();
 const token = client.getToken(req);
 // Check if user has role
-const isAdmin = await client.hasRole(token, 'admin');
+const isAdmin = await client.hasRole(token, "admin");
 const roles = await client.getRoles(token);
 // Gate features by role
@@ -316,7 +327,7 @@ if (isAdmin) {
 **Basic Logging:**
 ```typescript
-import { MisoClient, loadConfig } from '@aifabrix/miso-client';
+import { MisoClient, loadConfig } from "@aifabrix/miso-client";
 // Client token is automatically managed - no API key needed
 const client = new MisoClient(loadConfig());
@@ -326,21 +337,19 @@ const token = client.getToken(req);
 const user = await client.getUser(token);
 // Log messages
-await client.log.info('User accessed dashboard', { userId: user?.id });
-await client.log.error('Operation failed', { error: err.message });
-await client.log.warn('Unusual activity', { details: '...' });
+await client.log.info("User accessed dashboard", { userId: user?.id });
+await client.log.error("Operation failed", { error: err.message });
+await client.log.warn("Unusual activity", { details: "..." });
 ```
 **Fluent API with Request Context (Express):**
 ```typescript
-import { Request } from 'express';
+import { Request } from "express";
 // Auto-extract context from Express Request
-app.get('/api/users', async (req: Request, res) => {
-  await client.log
-    .withRequest(req)
-    .info('Users list accessed');
+app.get("/api/users", async (req: Request, res) => {
+  await client.log.withRequest(req).info("Users list accessed");
   // Automatically includes: IP, method, path, userAgent, correlationId, userId
 });
 ```
@@ -348,21 +357,21 @@ app.get('/api/users', async (req: Request, res) => {
 **Indexed Context for Fast Queries:**
 ```typescript
-import { extractLoggingContext } from '@aifabrix/miso-client';
+import { extractLoggingContext } from "@aifabrix/miso-client";
 const logContext = extractLoggingContext({
   source: {
-    key: 'datasource-1',
-    displayName: 'PostgreSQL DB',
-    externalSystem: { key: 'system-1', displayName: 'External API' }
+    key: "datasource-1",
+    displayName: "PostgreSQL DB",
+    externalSystem: { key: "system-1", displayName: "External API" },
   },
-  record: { key: 'record-123', displayName: 'User Profile' }
+  record: { key: "record-123", displayName: "User Profile" },
 });
 await client.log
   .withIndexedContext(logContext)
   .withContext({ correlationId, userId })
-  .error('Sync failed');
+  .error("Sync failed");
 ```
 **What happens to logs?** They're sent to the Miso Controller for centralized monitoring and analysis. Client token is automatically included. Indexed context fields enable fast database queries for observability and compliance.
@@ -372,11 +381,11 @@ await client.log
 ```typescript
 const client = new MisoClient({
   ...loadConfig(),
-  emitEvents: true // Enable event emission mode
+  emitEvents: true, // Enable event emission mode
 });
 // Listen to log events
-client.log.on('log', (logEntry: LogEntry) => {
+client.log.on("log", (logEntry: LogEntry) => {
   // Save directly to DB without HTTP
   db.saveLog(logEntry);
 });
@@ -393,7 +402,7 @@ client.log.on('log', (logEntry: LogEntry) => {
 **What happens:** Create audit trails for compliance and security monitoring.
 ```typescript
-import { MisoClient, loadConfig } from '@aifabrix/miso-client';
+import { MisoClient, loadConfig } from "@aifabrix/miso-client";
 // Complete configuration (all in .env)
 const client = new MisoClient(loadConfig());
@@ -401,28 +410,28 @@ await client.initialize();
 const token = client.getToken(req);
 const isValid = await client.validateToken(token);
-const canEdit = await client.hasPermission(token, 'edit:content');
+const canEdit = await client.hasPermission(token, "edit:content");
 const user = await client.getUser(token);
 // Audit: User actions
-await client.log.audit('user.login', 'authentication', {
+await client.log.audit("user.login", "authentication", {
   userId: user?.id,
   ip: req.ip,
-  userAgent: req.headers['user-agent'],
+  userAgent: req.headers["user-agent"],
 });
 // Audit: Content changes
-await client.log.audit('post.created', 'content', {
+await client.log.audit("post.created", "content", {
   userId: user?.id,
-  postId: 'post-123',
+  postId: "post-123",
   postTitle: req.body.title,
 });
 // Audit: Permission checks
-await client.log.audit('access.denied', 'authorization', {
+await client.log.audit("access.denied", "authorization", {
   userId: user?.id,
-  requiredPermission: 'edit:content',
-  resource: 'posts',
+  requiredPermission: "edit:content",
+  resource: "posts",
 });
 ```
@@ -438,7 +447,7 @@ await client.log.audit('access.denied', 'authorization', {
 **What happens:** All HTTP requests are automatically audited with sensitive data masking for ISO 27001 compliance.
 ```typescript
-import { MisoClient, loadConfig } from '@aifabrix/miso-client';
+import { MisoClient, loadConfig } from "@aifabrix/miso-client";
 const client = new MisoClient(loadConfig());
 await client.initialize();
@@ -477,10 +486,10 @@ The SDK automatically optimizes audit logging performance:
 const client = new MisoClient({
   ...loadConfig(),
   audit: {
-    level: 'standard', // Light masking, good performance
+    level: "standard", // Light masking, good performance
     batchSize: 20, // Batch 20 logs per request
-    maxResponseSize: 10000 // Truncate large responses
-  }
+    maxResponseSize: 10000, // Truncate large responses
+  },
 });
 ```
@@ -511,23 +520,23 @@ const client = new MisoClient({
 **What happens:** Use encryption for sensitive data and generic caching for improved performance.
 ```typescript
-import { MisoClient, loadConfig } from '@aifabrix/miso-client';
+import { MisoClient, loadConfig } from "@aifabrix/miso-client";
 const client = new MisoClient(loadConfig());
 await client.initialize();
 // Encryption (requires ENCRYPTION_KEY in .env or config.encryptionKey)
 if (client.encryption) {
-  const encrypted = client.encryption.encrypt('sensitive-data');
+  const encrypted = client.encryption.encrypt("sensitive-data");
   const decrypted = client.encryption.decrypt(encrypted);
-  console.log('Decrypted:', decrypted);
+  console.log("Decrypted:", decrypted);
 }
 // Generic caching (automatically uses Redis if available, falls back to memory)
-await client.cache.set('user:123', { name: 'John', age: 30 }, 600); // 10 minutes TTL
-const user = await client.cache.get<{ name: string; age: number }>('user:123');
+await client.cache.set("user:123", { name: "John", age: 30 }, 600); // 10 minutes TTL
+const user = await client.cache.get<{ name: string; age: number }>("user:123");
 if (user) {
-  console.log('Cached user:', user);
+  console.log("Cached user:", user);
 }
 ```
@@ -548,47 +557,50 @@ ENCRYPTION_KEY=your-32-byte-encryption-key
 **What happens:** Use reusable utilities for pagination, filtering, and sorting following enterprise application best practices and industry standards (ISO 27001 compliant).
 ```typescript
-import {
-  FilterBuilder,
-  parsePaginationParams,
+import {
+  FilterBuilder,
+  parsePaginationParams,
   parseSortParams,
   buildQueryString,
-  createPaginatedListResponse
-} from '@aifabrix/miso-client';
+  createPaginatedListResponse,
+} from "@aifabrix/miso-client";
 const client = new MisoClient(loadConfig());
 await client.initialize();
 // Dynamic filter building (FilterBuilder)
 const filterBuilder = new FilterBuilder()
-  .add('status', 'eq', 'active')
-  .add('region', 'in', ['eu', 'us'])
-  .add('created_at', 'gte', '2024-01-01');
+  .add("status", "eq", "active")
+  .add("region", "in", ["eu", "us"])
+  .add("created_at", "gte", "2024-01-01");
 const queryString = filterBuilder.toQueryString();
 // Returns: "filter=status:eq:active&filter=region:in:eu,us&filter=created_at:gte:2024-01-01"
 // Parse pagination from query string
-const { currentPage, pageSize } = parsePaginationParams({ page: '1', page_size: '25' });
+const { currentPage, pageSize } = parsePaginationParams({
+  page: "1",
+  page_size: "25",
+});
 // Parse sort from query string
-const sortOptions = parseSortParams({ sort: '-updated_at' });
+const sortOptions = parseSortParams({ sort: "-updated_at" });
 // Build complete query
 const completeQuery = buildQueryString({
   filters: filterBuilder.build(),
-  sort: ['-updated_at'],
+  sort: ["-updated_at"],
   page: currentPage,
-  pageSize: pageSize
+  pageSize: pageSize,
 });
 // Create paginated response
 const response = createPaginatedListResponse(
   items,
   120, // totalItems
-  1,   // currentPage
-  25,  // pageSize
-  'application' // type
+  1, // currentPage
+  25, // pageSize
+  "application", // type
 );
 ```
@@ -615,14 +627,14 @@ pnpm add @aifabrix/miso-client express
 #### Quick Start
 ```typescript
-import express from 'express';
-import {
+import express from "express";
+import {
   injectResponseHelpers,
   asyncHandler,
   ValidationHelper,
   setErrorLogger,
-  EncryptionUtil
-} from '@aifabrix/miso-client';
+  EncryptionUtil,
+} from "@aifabrix/miso-client";
 const app = express();
@@ -633,18 +645,21 @@ app.use(injectResponseHelpers);
 setErrorLogger({
   async logError(message, options) {
     console.error(message, options);
-  }
+  },
 });
 // Use asyncHandler for automatic error handling
-app.get('/users/:id', asyncHandler(async (req, res) => {
-  const user = await ValidationHelper.findOrFail(
-    () => db.user.findById(req.params.id),
-    'User',
-    req.params.id
-  );
-  res.success(user, 'User retrieved');
-}));
+app.get(
+  "/users/:id",
+  asyncHandler(async (req, res) => {
+    const user = await ValidationHelper.findOrFail(
+      () => db.user.findById(req.params.id),
+      "User",
+      req.params.id,
+    );
+    res.success(user, "User retrieved");
+  }),
+);
 ```
 #### Response Helpers
@@ -652,27 +667,27 @@ app.get('/users/:id', asyncHandler(async (req, res) => {
 Standardized API response formatting:
 ```typescript
-import { ResponseHelper } from '@aifabrix/miso-client';
+import { ResponseHelper } from "@aifabrix/miso-client";
 // Success response (200)
-return ResponseHelper.success(res, data, 'Success message');
+return ResponseHelper.success(res, data, "Success message");
 // Created response (201)
-return ResponseHelper.created(res, newResource, 'Resource created');
+return ResponseHelper.created(res, newResource, "Resource created");
 // Paginated response
 return ResponseHelper.paginated(res, items, {
   currentPage: 1,
   pageSize: 20,
   totalItems: 100,
-  type: 'user'
+  type: "user",
 });
 // No content (204)
 return ResponseHelper.noContent(res);
 // Accepted (202)
-return ResponseHelper.accepted(res, { jobId: '123' }, 'Job queued');
+return ResponseHelper.accepted(res, { jobId: "123" }, "Job queued");
 // Or use injected methods on res object
 res.success(user);
@@ -687,19 +702,25 @@ res.accepted(data);
 Eliminates try-catch blocks in route handlers:
 ```typescript
-import { asyncHandler } from '@aifabrix/miso-client';
+import { asyncHandler } from "@aifabrix/miso-client";
 // Automatic error handling
-router.post('/users', asyncHandler(async (req, res) => {
-  const user = await userService.create(req.body);
-  res.created(user, 'User created');
-}));
+router.post(
+  "/users",
+  asyncHandler(async (req, res) => {
+    const user = await userService.create(req.body);
+    res.created(user, "User created");
+  }),
+);
 // Named variant for better error messages
-router.get('/users/:id', asyncHandlerNamed('getUser', async (req, res) => {
-  const user = await userService.findById(req.params.id);
-  res.success(user);
-}));
+router.get(
+  "/users/:id",
+  asyncHandlerNamed("getUser", async (req, res) => {
+    const user = await userService.findById(req.params.id);
+    res.success(user);
+  }),
+);
 ```
 #### Validation Helper
@@ -707,30 +728,30 @@ router.get('/users/:id', asyncHandlerNamed('getUser', async (req, res) => {
 Common validation patterns:
 ```typescript
-import { ValidationHelper } from '@aifabrix/miso-client';
+import { ValidationHelper } from "@aifabrix/miso-client";
 // Find or throw 404
 const user = await ValidationHelper.findOrFail(
   () => prisma.user.findUnique({ where: { id } }),
-  'User',
-  id
+  "User",
+  id,
 );
 // Ensure doesn't exist or throw 409
 await ValidationHelper.ensureNotExists(
   () => prisma.user.findUnique({ where: { email } }),
-  'User',
-  email
+  "User",
+  email,
 );
 // Check ownership or admin role
 ValidationHelper.ensureOwnershipOrAdmin(req, resourceUserId);
 // Validate required fields
-ValidationHelper.validateRequiredFields(data, ['name', 'email'], 'User');
+ValidationHelper.validateRequiredFields(data, ["name", "email"], "User");
 // Validate string length
-ValidationHelper.validateStringLength(password, 'password', 8, 128);
+ValidationHelper.validateStringLength(password, "password", 8, 128);
 ```
 #### Error Handling
@@ -738,13 +759,13 @@ ValidationHelper.validateStringLength(password, 'password', 8, 128);
 RFC 7807 compliant error responses with optional custom logger:
 ```typescript
-import { setErrorLogger } from '@aifabrix/miso-client';
+import { setErrorLogger } from "@aifabrix/miso-client";
 // Configure during app initialization
 setErrorLogger({
   async logError(message, options) {
     await yourLogger.error(message, options);
-  }
+  },
 });
 // Errors are automatically handled by asyncHandler
@@ -756,20 +777,20 @@ setErrorLogger({
 AES-256-GCM encryption for sensitive data:
 ```typescript
-import { EncryptionUtil } from '@aifabrix/miso-client';
+import { EncryptionUtil } from "@aifabrix/miso-client";
 // Initialize once at startup (uses ENCRYPTION_KEY env var)
 EncryptionUtil.initialize();
 // Encrypt sensitive data
-const encrypted = EncryptionUtil.encrypt('sensitive-data');
+const encrypted = EncryptionUtil.encrypt("sensitive-data");
 // Decrypt
 const decrypted = EncryptionUtil.decrypt(encrypted);
 // Generate new key (for setup)
 const key = EncryptionUtil.generateKey();
-console.log('ENCRYPTION_KEY=' + key);
+console.log("ENCRYPTION_KEY=" + key);
 ```
 #### Sort Utilities
@@ -777,21 +798,21 @@ console.log('ENCRYPTION_KEY=' + key);
 Parse and apply sorting for API queries:
 ```typescript
-import { parseSortParams, applySorting } from '@aifabrix/miso-client';
+import { parseSortParams, applySorting } from "@aifabrix/miso-client";
 // Parse sort query parameters
-const sortOptions = parseSortParams({ sort: ['-createdAt', 'name'] });
+const sortOptions = parseSortParams({ sort: ["-createdAt", "name"] });
 // Returns: [{ field: 'createdAt', order: 'desc' }, { field: 'name', order: 'asc' }]
 // Apply sorting to in-memory data (client-side)
 const sortedData = applySorting(users, sortOptions);
 // Or parse from Express request query
-app.get('/users', (req, res) => {
+app.get("/users", (req, res) => {
   const sortOptions = parseSortParams(req.query);
   // Use sortOptions to build database query with Prisma/SQL
   const users = await prisma.user.findMany({
-    orderBy: sortOptions.map(s => ({ [s.field]: s.order }))
+    orderBy: sortOptions.map((s) => ({ [s.field]: s.order })),
   });
   res.success(users);
 });
@@ -809,7 +830,7 @@ app.get('/users', (req, res) => {
 **What happens:** Configure flexible authentication methods with priority-based fallback for advanced authentication scenarios.
 ```typescript
-import { MisoClient, loadConfig } from '@aifabrix/miso-client';
+import { MisoClient, loadConfig } from "@aifabrix/miso-client";
 const client = new MisoClient(loadConfig());
 await client.initialize();
@@ -818,17 +839,21 @@ await client.initialize();
 const client = new MisoClient({
   ...loadConfig(),
   authStrategy: {
-    methods: ['bearer', 'client-token', 'client-credentials']
-  }
+    methods: ["bearer", "client-token", "client-credentials"],
+  },
 });
 // Per-request strategy override
-const strategy = client.createAuthStrategy(['bearer', 'api-key'], 'token-123', 'api-key-456');
+const strategy = client.createAuthStrategy(
+  ["bearer", "api-key"],
+  "token-123",
+  "api-key-456",
+);
 await client.getRoles(token, strategy);
 // Using requestWithAuthStrategy for custom requests
-await client.requestWithAuthStrategy('GET', '/api/data', {
-  methods: ['client-token']
+await client.requestWithAuthStrategy("GET", "/api/data", {
+  methods: ["client-token"],
 });
 // Get default strategy
@@ -863,27 +888,27 @@ MISO_API_KEY=optional-api-key
 ```typescript
 interface MisoClientConfig {
-  controllerUrl: string;      // Required: Controller URL
-  clientId: string;           // Required: Client ID (e.g., 'ctrl-dev-my-app')
-  clientSecret: string;       // Required: Client secret
-  redis?: RedisConfig;        // Optional: For caching
-  logLevel?: 'debug' | 'info' | 'warn' | 'error';
-  encryptionKey?: string;     // Optional: Encryption key (or use ENCRYPTION_KEY env var)
+  controllerUrl: string; // Required: Controller URL
+  clientId: string; // Required: Client ID (e.g., 'ctrl-dev-my-app')
+  clientSecret: string; // Required: Client secret
+  redis?: RedisConfig; // Optional: For caching
+  logLevel?: "debug" | "info" | "warn" | "error";
+  encryptionKey?: string; // Optional: Encryption key (or use ENCRYPTION_KEY env var)
   sensitiveFieldsConfig?: string; // Optional: Path to ISO 27001 sensitive fields config JSON
-  emitEvents?: boolean;       // Optional: Emit log events instead of HTTP/Redis (for direct SDK embedding)
+  emitEvents?: boolean; // Optional: Emit log events instead of HTTP/Redis (for direct SDK embedding)
   authStrategy?: AuthStrategy; // Optional: Default authentication strategy
   cache?: {
-    roleTTL?: number;         // Role cache TTL (default: 900s)
-    permissionTTL?: number;   // Permission cache TTL (default: 900s)
+    roleTTL?: number; // Role cache TTL (default: 900s)
+    permissionTTL?: number; // Permission cache TTL (default: 900s)
     tokenValidationTTL?: number; // Token validation cache TTL (default: 900s)
   };
-  audit?: AuditConfig;        // Optional: Audit logging configuration
+  audit?: AuditConfig; // Optional: Audit logging configuration
 }
 interface AuthStrategy {
-  methods: ('bearer' | 'client-token' | 'client-credentials' | 'api-key')[];
-  bearerToken?: string;       // Optional: Bearer token for bearer authentication
-  apiKey?: string;            // Optional: API key for api-key authentication
+  methods: ("bearer" | "client-token" | "client-credentials" | "api-key")[];
+  bearerToken?: string; // Optional: Bearer token for bearer authentication
+  apiKey?: string; // Optional: API key for api-key authentication
 }
 ```
@@ -972,15 +997,15 @@ app.use(async (req, res, next) => {
 **Protect routes by role:**
 ```typescript
-app.get('/admin', async (req, res) => {
+app.get("/admin", async (req, res) => {
   const token = client.getToken(req);
-  if (!token) return res.status(401).json({ error: 'Unauthorized' });
-  const isAdmin = await client.hasRole(token, 'admin');
-  if (!isAdmin) return res.status(403).json({ error: 'Forbidden' });
+  if (!token) return res.status(401).json({ error: "Unauthorized" });
+  const isAdmin = await client.hasRole(token, "admin");
+  if (!isAdmin) return res.status(403).json({ error: "Forbidden" });
   // Admin only code
-  res.json({ message: 'Admin panel' });
+  res.json({ message: "Admin panel" });
 });
 ```