@bcis/sdk 0.1.3 → 0.2.0

package/LICENSE

@@ -0,0 +1,185 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship made available under
+      the License, as indicated by a copyright notice that is included in
+      or attached to the work (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and derivative works thereof.
+
+      "Contribution" shall mean, as submitted to the Licensor for inclusion
+      in the Work by the copyright owner or by an individual or Legal Entity
+      authorized to submit on behalf of the copyright owner. For the purposes
+      of this definition, "submitted" means any form of electronic, verbal,
+      or written communication sent to the Licensor or its representatives,
+      including but not limited to communication on electronic mailing lists,
+      source code control systems, and issue tracking systems that are managed
+      by, or on behalf of, the Licensor for the purpose of discussing and
+      improving the Work, but excluding communication that is conspicuously
+      marked or designated in writing by the copyright owner as "Not a
+      Contribution."
+
+      "Contributor" shall mean Licensor and any Legal Entity on behalf of
+      whom a Contribution has been received by the Licensor and subsequently
+      incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by the combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a cross-claim
+      or counterclaim in a lawsuit) alleging that the Work or any
+      Contribution embodied within the Work constitutes direct or contributory
+      patent infringement, then any patent licenses granted to You under
+      this License for that Work shall terminate as of the date such
+      litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or Derivative Works
+          a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, You must include a readable copy of the attribution
+          notices contained within such NOTICE file, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own license statement for Your modifications and
+      may provide additional grant of rights to use, copy, modify, merge,
+      publish, distribute, sublicense, and/or sell copies of the
+      Contribution, either on Your own behalf and on Your sole
+      responsibility, or together with other Contributors, on the terms
+      and conditions of this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or exemplary damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or all other
+      commercial damages or losses), even if such Contributor has been
+      advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2025 BCIS (Building Cost Information Service)
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -24,7 +24,7 @@ Use this flow for back-end or machine-to-machine integrations.
 Tokens are fetched and renewed automatically — no user interaction required.
 
 ```typescript
-import { AuthManager, CoreApiClient, ResidentialRebuildClient, ScheduleOfRatesClient } from '@bcis/sdk';
+import { AuthManager, CoreApiClient, DurationCalculatorClient, ResidentialRebuildClient, ScheduleOfRatesClient } from '@bcis/sdk';
 
 const auth = new AuthManager({
   flow: 'client-credentials',
@@ -149,6 +149,63 @@ Returns codes lists or other supporting data
 
 ---
 
+### `DurationCalculatorClient`
+
+**Base URL:** `https://api.bcis.co.uk/rebuild-core`
+
+Duration calculator API Documentation
+
+**Instantiation:**
+
+```typescript
+import { AuthManager, DurationCalculatorClient } from '@bcis/sdk';
+
+const client = new DurationCalculatorClient(auth);
+
+// Override the base URL (e.g. for a staging environment):
+// const client = new DurationCalculatorClient(auth, { baseUrl: 'https://api.bcis.co.uk/rebuild-core' });
+```
+
+**Methods:**
+
+#### `getModels(params: GetModelsParams): Promise<DurationModelsDto>`
+
+This endpoint provides a list of models, quarters, and locations. Parameters from these lists will be used to perform duration calculations.
+
+| Parameter | Type | Required | Description |
+|-----------|------|:--------:|-------------|
+| `publication-date` | string |  | The date of the publication in YYYY-MM-DD format. Can be used to reproduce a calculation as it would have been performed |
+
+#### `getOptions(params: GetOptionsParams): Promise<DurationModelOptionsDto>`
+
+This endpoint provides a list of: building functions, procurements, selection of contractor, and client organisations. Parameters from these lists will be used to perform duration calculations.
+
+| Parameter | Type | Required | Description |
+|-----------|------|:--------:|-------------|
+| `model-id` | number | ✓ | There are two separate models that underlie the calculator: one for new build projects and one for refurbishment schemes |
+
+#### `calculateDuration(params: CalculateDurationParams): Promise<CalculationResultDto>`
+
+This endpoint provides the calculated construction duration based on the minimal details that might be available at the feasibility stage of a construction project.
+For each estimate we provide two interval measures:
+- Confidence interval: quantifies the uncertainty around the estimated mean duration. It gives a range that is likely to contain the true mean duration for projects with the same predictor values.
+- Prediction interval: quantifies the likely range of outcomes for an individual project. It is wider than the confidence interval because it accounts both for uncertainty in the mean estimate and for the natural variability between individual projects.
+Example: a CI of 5–13 weeks means the expected mean is likely in that range; a PI of 3–20 weeks means an individual project's duration is likely to fall somewhere in that wider range.
+
+| Parameter | Type | Required | Description |
+|-----------|------|:--------:|-------------|
+| `publication-date` | string |  | The date on which the project details are published. Can be used to reproduce a calculation as it would have been perfor |
+| `organisation-id` | number | ✓ | The appropriate sector for the client organisation |
+| `contractor-selection-id` | number | ✓ | The selection of contractor that best describes the way in which the contractor will be selected. |
+| `procurement-id` | number | ✓ | The procurement process that best describes the way in which the project will be procured. |
+| `function-group-id` | number | ✓ | The building function of the project. It is based on groups of building functions rather than the full list of building  |
+| `location-id` | number | ✓ | The location of the project. Is used to adjust the contract value to UK mean location. |
+| `date-applicable` | string | ✓ | The quarter at which the contract value has been priced. Is used to adjust the contract value to the base price level us |
+| `contract-value` | number | ✓ | The anticipated cost of construction expressed as at the anticipated start on site. |
+| `model-id` | number | ✓ | There are two separate models that underlie the calculator: one for new build projects and one for refurbishment schemes |
+
+---
+
 ### `ResidentialRebuildClient`
 
 **Base URL:** `https://api.bcis.co.uk/residential-rebuild-calculator`
@@ -288,6 +345,9 @@ import type {
   IndicesResponseDto,
   TpsResponseDto,
   CodesResponseDto,
+  DurationModelsDto,
+  DurationModelOptionsDto,
+  CalculationResultDto,
   CalculationResponse,
   UsageResponse,
   EditionsDto,

package/dist/index.d.mts

@@ -330,6 +330,100 @@ declare class CoreApiClient {
     codesUpdate(params: CodesUpdateParams): Promise<CodesResponseDto>;
 }
 
+interface DurationModelsDto {
+    models: Array<{
+        modelId: number;
+        title: string;
+        countryName: string;
+        currency: string;
+        currencyCode: string;
+        editionId: number;
+        defaultModel: boolean;
+    }>;
+    quarters: Array<{
+        dateApplicable: string;
+        quarter: string;
+        defaultQuarter: boolean;
+    }>;
+    locations: Array<{
+        locationId: number;
+        location: string;
+        defaultLocation: boolean;
+    }>;
+}
+interface DurationModelOptionsDto {
+    buildingFunctions: Array<{
+        id: number;
+        description: string;
+        defaultOption: boolean;
+    }>;
+    procurements: Array<{
+        id: number;
+        description: string;
+        defaultOption: boolean;
+    }>;
+    selectionOfContractors: Array<{
+        id: number;
+        description: string;
+        defaultOption: boolean;
+    }>;
+    clientOrganisations: Array<{
+        id: number;
+        description: string;
+        defaultOption: boolean;
+    }>;
+}
+interface CalculationResultDto {
+    estimatedDuration: number;
+    confidenceIntervalLower: number;
+    confidenceIntervalUpper: number;
+    predictionIntervalLower: number;
+    predictionIntervalUpper: number;
+    message?: string;
+}
+
+interface GetModelsParams {
+    /** The date of the publication in YYYY-MM-DD format. Can be used to reproduce a calculation as it would have been performed at the given date. */
+    'publication-date'?: string;
+}
+interface GetOptionsParams {
+    /** There are two separate models that underlie the calculator: one for new build projects and one for refurbishment schemes. */
+    'model-id': number;
+}
+interface CalculateDurationParams {
+    /** The date on which the project details are published. Can be used to reproduce a calculation as it would have been performed at the given date. */
+    'publication-date'?: string;
+    /** The appropriate sector for the client organisation */
+    'organisation-id': number;
+    /** The selection of contractor that best describes the way in which the contractor will be selected. */
+    'contractor-selection-id': number;
+    /** The procurement process that best describes the way in which the project will be procured. */
+    'procurement-id': number;
+    /** The building function of the project. It is based on groups of building functions rather than the full list of building function codes used elsewhere in BCIS. */
+    'function-group-id': number;
+    /** The location of the project. Is used to adjust the contract value to UK mean location. */
+    'location-id': number;
+    /** The quarter at which the contract value has been priced. Is used to adjust the contract value to the base price level used by the models */
+    'date-applicable': string;
+    /** The anticipated cost of construction expressed as at the anticipated start on site. */
+    'contract-value': number;
+    /** There are two separate models that underlie the calculator: one for new build projects and one for refurbishment schemes. */
+    'model-id': number;
+}
+declare class DurationCalculatorClient {
+    private readonly client;
+    private readonly baseUrl;
+    constructor(auth: AuthManager, options?: {
+        baseUrl?: string;
+    });
+    /** Retrieve the list of models, quarters, and locations available for duration calculations */
+    getModels(params: GetModelsParams): Promise<DurationModelsDto>;
+    /** Retrieve a list of options for the duration-calculation parameters */
+    getOptions(params: GetOptionsParams): Promise<DurationModelOptionsDto>;
+    /** Retrieve the calculated construction duration */
+    calculateDuration(params: CalculateDurationParams): Promise<CalculationResultDto>;
+}
+
 type UsageResponse = Array<{
     /** Month of calculations report */
     calculationMonth?: string;
@@ -638,4 +732,4 @@ declare class ScheduleOfRatesClient {
     getBuildUp(params: GetBuildUpParams): Promise<GetBuildUpResponseDto>;
 }
 
-export { type AbpResponseDto, type AuthConfig, AuthManager, type AuthorizationCodeConfig, BcisApiError, type CalculationResponse, type ClientCredentialsConfig, type CodesResponseDto, CoreApiClient, type EditionsDto, type Error$1 as Error, type GetBuildUpResponseDto, type GetRateResponseDto, type GetResourceResponseDto, type IndicesResponseDto, ResidentialRebuildClient, ScheduleOfRatesClient, type TokenResponse, type TpsResponseDto, type UsageResponse };
+export { type AbpResponseDto, type AuthConfig, AuthManager, type AuthorizationCodeConfig, BcisApiError, type CalculationResponse, type CalculationResultDto, type ClientCredentialsConfig, type CodesResponseDto, CoreApiClient, DurationCalculatorClient, type DurationModelOptionsDto, type DurationModelsDto, type EditionsDto, type Error$1 as Error, type GetBuildUpResponseDto, type GetRateResponseDto, type GetResourceResponseDto, type IndicesResponseDto, ResidentialRebuildClient, ScheduleOfRatesClient, type TokenResponse, type TpsResponseDto, type UsageResponse };

package/dist/index.d.ts

@@ -330,6 +330,100 @@ declare class CoreApiClient {
     codesUpdate(params: CodesUpdateParams): Promise<CodesResponseDto>;
 }
 
+interface DurationModelsDto {
+    models: Array<{
+        modelId: number;
+        title: string;
+        countryName: string;
+        currency: string;
+        currencyCode: string;
+        editionId: number;
+        defaultModel: boolean;
+    }>;
+    quarters: Array<{
+        dateApplicable: string;
+        quarter: string;
+        defaultQuarter: boolean;
+    }>;
+    locations: Array<{
+        locationId: number;
+        location: string;
+        defaultLocation: boolean;
+    }>;
+}
+interface DurationModelOptionsDto {
+    buildingFunctions: Array<{
+        id: number;
+        description: string;
+        defaultOption: boolean;
+    }>;
+    procurements: Array<{
+        id: number;
+        description: string;
+        defaultOption: boolean;
+    }>;
+    selectionOfContractors: Array<{
+        id: number;
+        description: string;
+        defaultOption: boolean;
+    }>;
+    clientOrganisations: Array<{
+        id: number;
+        description: string;
+        defaultOption: boolean;
+    }>;
+}
+interface CalculationResultDto {
+    estimatedDuration: number;
+    confidenceIntervalLower: number;
+    confidenceIntervalUpper: number;
+    predictionIntervalLower: number;
+    predictionIntervalUpper: number;
+    message?: string;
+}
+
+interface GetModelsParams {
+    /** The date of the publication in YYYY-MM-DD format. Can be used to reproduce a calculation as it would have been performed at the given date. */
+    'publication-date'?: string;
+}
+interface GetOptionsParams {
+    /** There are two separate models that underlie the calculator: one for new build projects and one for refurbishment schemes. */
+    'model-id': number;
+}
+interface CalculateDurationParams {
+    /** The date on which the project details are published. Can be used to reproduce a calculation as it would have been performed at the given date. */
+    'publication-date'?: string;
+    /** The appropriate sector for the client organisation */
+    'organisation-id': number;
+    /** The selection of contractor that best describes the way in which the contractor will be selected. */
+    'contractor-selection-id': number;
+    /** The procurement process that best describes the way in which the project will be procured. */
+    'procurement-id': number;
+    /** The building function of the project. It is based on groups of building functions rather than the full list of building function codes used elsewhere in BCIS. */
+    'function-group-id': number;
+    /** The location of the project. Is used to adjust the contract value to UK mean location. */
+    'location-id': number;
+    /** The quarter at which the contract value has been priced. Is used to adjust the contract value to the base price level used by the models */
+    'date-applicable': string;
+    /** The anticipated cost of construction expressed as at the anticipated start on site. */
+    'contract-value': number;
+    /** There are two separate models that underlie the calculator: one for new build projects and one for refurbishment schemes. */
+    'model-id': number;
+}
+declare class DurationCalculatorClient {
+    private readonly client;
+    private readonly baseUrl;
+    constructor(auth: AuthManager, options?: {
+        baseUrl?: string;
+    });
+    /** Retrieve the list of models, quarters, and locations available for duration calculations */
+    getModels(params: GetModelsParams): Promise<DurationModelsDto>;
+    /** Retrieve a list of options for the duration-calculation parameters */
+    getOptions(params: GetOptionsParams): Promise<DurationModelOptionsDto>;
+    /** Retrieve the calculated construction duration */
+    calculateDuration(params: CalculateDurationParams): Promise<CalculationResultDto>;
+}
+
 type UsageResponse = Array<{
     /** Month of calculations report */
     calculationMonth?: string;
@@ -638,4 +732,4 @@ declare class ScheduleOfRatesClient {
     getBuildUp(params: GetBuildUpParams): Promise<GetBuildUpResponseDto>;
 }
 
-export { type AbpResponseDto, type AuthConfig, AuthManager, type AuthorizationCodeConfig, BcisApiError, type CalculationResponse, type ClientCredentialsConfig, type CodesResponseDto, CoreApiClient, type EditionsDto, type Error$1 as Error, type GetBuildUpResponseDto, type GetRateResponseDto, type GetResourceResponseDto, type IndicesResponseDto, ResidentialRebuildClient, ScheduleOfRatesClient, type TokenResponse, type TpsResponseDto, type UsageResponse };
+export { type AbpResponseDto, type AuthConfig, AuthManager, type AuthorizationCodeConfig, BcisApiError, type CalculationResponse, type CalculationResultDto, type ClientCredentialsConfig, type CodesResponseDto, CoreApiClient, DurationCalculatorClient, type DurationModelOptionsDto, type DurationModelsDto, type EditionsDto, type Error$1 as Error, type GetBuildUpResponseDto, type GetRateResponseDto, type GetResourceResponseDto, type IndicesResponseDto, ResidentialRebuildClient, ScheduleOfRatesClient, type TokenResponse, type TpsResponseDto, type UsageResponse };

package/dist/index.js

@@ -1,3 +1,3 @@
-'use strict';var u=class{constructor(){this.token=null;}store(e){let n=e.expires_in!=null?Date.now()+e.expires_in*1e3:null;this.token={accessToken:e.access_token,expiresAt:n,refreshToken:e.refresh_token??null};}getAccessToken(){return this.token?.accessToken??null}getRefreshToken(){return this.token?.refreshToken??null}isExpired(e=30){return this.token?this.token.expiresAt===null?false:Date.now()>=this.token.expiresAt-e*1e3:true}clear(){this.token=null;}};async function m(t){let e=new URLSearchParams({grant_type:"client_credentials",client_id:t.clientId,client_secret:t.clientSecret});t.scopes&&t.scopes.length>0&&e.set("scope",t.scopes.join(" "));let n=t.tokenUrl;if(!n)throw new Error("tokenUrl is required for client credentials flow");let r=await fetch(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:e.toString()});if(!r.ok){let o=await r.text().catch(()=>"");throw new Error(`Token request failed: ${r.status} ${r.statusText}${o?` \u2014 ${o}`:""}`)}return r.json()}function A(){let t=new Uint8Array(32);return crypto.getRandomValues(t),k(t)}async function x(t){let n=new TextEncoder().encode(t),r=await crypto.subtle.digest("SHA-256",n);return k(new Uint8Array(r))}function k(t){let e=String.fromCharCode(...t);return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}async function y(t,e){let n=A(),r=await x(n),o=new URLSearchParams({response_type:"code",client_id:t.clientId,redirect_uri:t.redirectUri,code_challenge:r,code_challenge_method:"S256"});t.scopes&&t.scopes.length>0&&o.set("scope",t.scopes.join(" ")),e&&o.set("state",e);let i=t.authorizationUrl;if(!i)throw new Error("authorizationUrl is required for authorization-code flow");return {url:`${i}?${o.toString()}`,codeVerifier:n}}async function w(t,e,n){let r=new URLSearchParams({grant_type:"authorization_code",client_id:t.clientId,redirect_uri:t.redirectUri,code:e,code_verifier:n}),o=t.tokenUrl;if(!o)throw new Error("tokenUrl is required for authorization-code flow");return U(o,r)}async function R(t,e){let n=new URLSearchParams({grant_type:"refresh_token",client_id:t.clientId,refresh_token:e}),r=t.tokenUrl;if(!r)throw new Error("tokenUrl is required for authorization-code flow");return U(r,n)}async function U(t,e){let n=await fetch(t,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:e.toString()});if(!n.ok){let r=await n.text().catch(()=>"");throw new Error(`Token request failed: ${n.status} ${n.statusText}${r?` \u2014 ${r}`:""}`)}return n.json()}var T="https://id.bcis.co.uk/.well-known/openid-configuration",C=new Map;async function b(t=T){let e=C.get(t);if(e)return e;let n=await fetch(t);if(!n.ok)throw new Error(`OIDC discovery failed: ${n.status} ${n.statusText} (${t})`);let r=await n.json();if(!r.token_endpoint||!r.authorization_endpoint)throw new Error(`OIDC discovery document at ${t} is missing required endpoints`);return C.set(t,r),r}var d=class{constructor(e){this.config=e;this.store=new u;this.inflight=null;this.endpoints=null;}async getAccessToken(){if(!this.store.isExpired())return this.store.getAccessToken();if(this.inflight)return await this.inflight,this.store.getAccessToken();this.inflight=this.refresh();try{await this.inflight;}finally{this.inflight=null;}let e=this.store.getAccessToken();if(!e)throw new Error("Failed to obtain access token");return e}async getAuthorizationUrl(e){if(this.config.flow!=="authorization-code")throw new Error("getAuthorizationUrl is only available for authorization-code flow");let n=await this.resolveEndpoints();return y({...this.config,...n},e)}async handleCallback(e,n){if(this.config.flow!=="authorization-code")throw new Error("handleCallback is only available for authorization-code flow");let r=await this.resolveEndpoints(),o=await w({...this.config,...r},e,n);this.store.store(o);}clearTokens(){this.store.clear();}async resolveEndpoints(){if(this.endpoints)return this.endpoints;let e=this.config;if(!e.tokenUrl||this.config.flow==="authorization-code"&&!e.authorizationUrl){let r=await b(e.discoveryUrl);this.endpoints={tokenUrl:e.tokenUrl??r.token_endpoint,authorizationUrl:e.authorizationUrl??r.authorization_endpoint};}else this.endpoints={tokenUrl:e.tokenUrl,authorizationUrl:e.authorizationUrl??""};return this.endpoints}async refresh(){let e=await this.resolveEndpoints();if(this.config.flow==="client-credentials"){let r=await m({...this.config,tokenUrl:e.tokenUrl});this.store.store(r);return}let n=this.store.getRefreshToken();if(n){let r=await R({...this.config,...e},n);this.store.store(r);return}throw new Error("No valid token available. Call getAuthorizationUrl() and handleCallback() first.")}};var p=class extends Error{constructor(n,r,o){super(`BCIS API error ${n} ${r}`);this.status=n;this.statusText=r;this.body=o;this.name="BcisApiError";}},s=class{constructor(e){this.auth=e;}async get(e,n,r={}){let o=await this.auth.getAccessToken(),i=new URL(e+n);for(let[c,l]of Object.entries(r))if(l!=null)if(Array.isArray(l))for(let P of l)i.searchParams.append(c,String(P));else i.searchParams.set(c,String(l));let a=await fetch(i.toString(),{method:"GET",headers:{Authorization:`Bearer ${o}`,Accept:"application/json"}});if(!a.ok){let c;try{c=await a.json();}catch{c=await a.text();}throw new p(a.status,a.statusText,c)}return a.json()}};var h=class{constructor(e,n){this.client=new s(e),this.baseUrl=n?.baseUrl??"https://api.bcis.co.uk/core-apis";}async abpRetrieve(e){return this.client.get(this.baseUrl,"/abp-retrieve",e)}async indicesRetrieve(e){return this.client.get(this.baseUrl,"/indices-retrieve",e)}async tpsRetrieve(e){return this.client.get(this.baseUrl,"/tps-retrieve",e)}async codesUpdate(e){return this.client.get(this.baseUrl,"/codes-update",e)}};var g=class{constructor(e,n){this.client=new s(e),this.baseUrl=n?.baseUrl??"https://api.bcis.co.uk/residential-rebuild-calculator";}async calculate(e){return this.client.get(this.baseUrl,"/rbls-calculate",e)}async reportUsage(e){return this.client.get(this.baseUrl,"/rbls-report-use",e)}};var f=class{constructor(e,n){this.client=new s(e),this.baseUrl=n?.baseUrl??"https://api.bcis.co.uk/schedule-of-rates";}async getBooksEdition(){return this.client.get(this.baseUrl,"/get-books-edition",{})}async getRates(e){return this.client.get(this.baseUrl,"/get-rates",e)}async getResources(e){return this.client.get(this.baseUrl,"/get-resources",e)}async getBuildUp(e){return this.client.get(this.baseUrl,"/get-build-up",e)}};
-exports.AuthManager=d;exports.BcisApiError=p;exports.CoreApiClient=h;exports.ResidentialRebuildClient=g;exports.ScheduleOfRatesClient=f;//# sourceMappingURL=index.js.map
+'use strict';var u=class{constructor(){this.token=null;}store(e){let t=e.expires_in!=null?Date.now()+e.expires_in*1e3:null;this.token={accessToken:e.access_token,expiresAt:t,refreshToken:e.refresh_token??null};}getAccessToken(){return this.token?.accessToken??null}getRefreshToken(){return this.token?.refreshToken??null}isExpired(e=30){return this.token?this.token.expiresAt===null?false:Date.now()>=this.token.expiresAt-e*1e3:true}clear(){this.token=null;}};async function k(n){let e=new URLSearchParams({grant_type:"client_credentials",client_id:n.clientId,client_secret:n.clientSecret});n.scopes&&n.scopes.length>0&&e.set("scope",n.scopes.join(" "));let t=n.tokenUrl;if(!t)throw new Error("tokenUrl is required for client credentials flow");let r=await fetch(t,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:e.toString()});if(!r.ok){let o=await r.text().catch(()=>"");throw new Error(`Token request failed: ${r.status} ${r.statusText}${o?` \u2014 ${o}`:""}`)}return r.json()}function A(){let n=new Uint8Array(32);return crypto.getRandomValues(n),y(n)}async function T(n){let t=new TextEncoder().encode(n),r=await crypto.subtle.digest("SHA-256",t);return y(new Uint8Array(r))}function y(n){let e=String.fromCharCode(...n);return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}async function w(n,e){let t=A(),r=await T(t),o=new URLSearchParams({response_type:"code",client_id:n.clientId,redirect_uri:n.redirectUri,code_challenge:r,code_challenge_method:"S256"});n.scopes&&n.scopes.length>0&&o.set("scope",n.scopes.join(" ")),e&&o.set("state",e);let i=n.authorizationUrl;if(!i)throw new Error("authorizationUrl is required for authorization-code flow");return {url:`${i}?${o.toString()}`,codeVerifier:t}}async function b(n,e,t){let r=new URLSearchParams({grant_type:"authorization_code",client_id:n.clientId,redirect_uri:n.redirectUri,code:e,code_verifier:t}),o=n.tokenUrl;if(!o)throw new Error("tokenUrl is required for authorization-code flow");return U(o,r)}async function R(n,e){let t=new URLSearchParams({grant_type:"refresh_token",client_id:n.clientId,refresh_token:e}),r=n.tokenUrl;if(!r)throw new Error("tokenUrl is required for authorization-code flow");return U(r,t)}async function U(n,e){let t=await fetch(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:e.toString()});if(!t.ok){let r=await t.text().catch(()=>"");throw new Error(`Token request failed: ${t.status} ${t.statusText}${r?` \u2014 ${r}`:""}`)}return t.json()}var D="https://id.bcis.co.uk/.well-known/openid-configuration",C=new Map;async function P(n=D){let e=C.get(n);if(e)return e;let t=await fetch(n);if(!t.ok)throw new Error(`OIDC discovery failed: ${t.status} ${t.statusText} (${n})`);let r=await t.json();if(!r.token_endpoint||!r.authorization_endpoint)throw new Error(`OIDC discovery document at ${n} is missing required endpoints`);return C.set(n,r),r}var d=class{constructor(e){this.config=e;this.store=new u;this.inflight=null;this.endpoints=null;}async getAccessToken(){if(!this.store.isExpired())return this.store.getAccessToken();if(this.inflight)return await this.inflight,this.store.getAccessToken();this.inflight=this.refresh();try{await this.inflight;}finally{this.inflight=null;}let e=this.store.getAccessToken();if(!e)throw new Error("Failed to obtain access token");return e}async getAuthorizationUrl(e){if(this.config.flow!=="authorization-code")throw new Error("getAuthorizationUrl is only available for authorization-code flow");let t=await this.resolveEndpoints();return w({...this.config,...t},e)}async handleCallback(e,t){if(this.config.flow!=="authorization-code")throw new Error("handleCallback is only available for authorization-code flow");let r=await this.resolveEndpoints(),o=await b({...this.config,...r},e,t);this.store.store(o);}clearTokens(){this.store.clear();}async resolveEndpoints(){if(this.endpoints)return this.endpoints;let e=this.config;if(!e.tokenUrl||this.config.flow==="authorization-code"&&!e.authorizationUrl){let r=await P(e.discoveryUrl);this.endpoints={tokenUrl:e.tokenUrl??r.token_endpoint,authorizationUrl:e.authorizationUrl??r.authorization_endpoint};}else this.endpoints={tokenUrl:e.tokenUrl,authorizationUrl:e.authorizationUrl??""};return this.endpoints}async refresh(){let e=await this.resolveEndpoints();if(this.config.flow==="client-credentials"){let r=await k({...this.config,tokenUrl:e.tokenUrl});this.store.store(r);return}let t=this.store.getRefreshToken();if(t){let r=await R({...this.config,...e},t);this.store.store(r);return}throw new Error("No valid token available. Call getAuthorizationUrl() and handleCallback() first.")}};var p=class extends Error{constructor(t,r,o){super(`BCIS API error ${t} ${r}`);this.status=t;this.statusText=r;this.body=o;this.name="BcisApiError";}},s=class{constructor(e){this.auth=e;}async get(e,t,r={}){let o=await this.auth.getAccessToken(),i=new URL(e+t);for(let[c,l]of Object.entries(r))if(l!=null)if(Array.isArray(l))for(let x of l)i.searchParams.append(c,String(x));else i.searchParams.set(c,String(l));let a=await fetch(i.toString(),{method:"GET",headers:{Authorization:`Bearer ${o}`,Accept:"application/json"}});if(!a.ok){let c;try{c=await a.json();}catch{c=await a.text();}throw new p(a.status,a.statusText,c)}return a.json()}};var h=class{constructor(e,t){this.client=new s(e),this.baseUrl=t?.baseUrl??"https://api.bcis.co.uk/core-apis";}async abpRetrieve(e){return this.client.get(this.baseUrl,"/abp-retrieve",e)}async indicesRetrieve(e){return this.client.get(this.baseUrl,"/indices-retrieve",e)}async tpsRetrieve(e){return this.client.get(this.baseUrl,"/tps-retrieve",e)}async codesUpdate(e){return this.client.get(this.baseUrl,"/codes-update",e)}};var g=class{constructor(e,t){this.client=new s(e),this.baseUrl=t?.baseUrl??"https://api.bcis.co.uk/rebuild-core";}async getModels(e){return this.client.get(this.baseUrl,"/get-models",e)}async getOptions(e){return this.client.get(this.baseUrl,"/get-options",e)}async calculateDuration(e){return this.client.get(this.baseUrl,"/calculate-duration",e)}};var f=class{constructor(e,t){this.client=new s(e),this.baseUrl=t?.baseUrl??"https://api.bcis.co.uk/residential-rebuild-calculator";}async calculate(e){return this.client.get(this.baseUrl,"/rbls-calculate",e)}async reportUsage(e){return this.client.get(this.baseUrl,"/rbls-report-use",e)}};var m=class{constructor(e,t){this.client=new s(e),this.baseUrl=t?.baseUrl??"https://api.bcis.co.uk/schedule-of-rates";}async getBooksEdition(){return this.client.get(this.baseUrl,"/get-books-edition",{})}async getRates(e){return this.client.get(this.baseUrl,"/get-rates",e)}async getResources(e){return this.client.get(this.baseUrl,"/get-resources",e)}async getBuildUp(e){return this.client.get(this.baseUrl,"/get-build-up",e)}};
+exports.AuthManager=d;exports.BcisApiError=p;exports.CoreApiClient=h;exports.DurationCalculatorClient=g;exports.ResidentialRebuildClient=f;exports.ScheduleOfRatesClient=m;//# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/auth/token-store.ts","../src/auth/client-credentials.ts","../src/auth/authorization-code.ts","../src/auth/oidc-discovery.ts","../src/auth/auth-manager.ts","../src/http/fetch-client.ts","../src/clients/core-api.ts","../src/clients/residential-rebuild.ts","../src/clients/schedule-of-rates.ts"],"names":["TokenStore","response","expiresAt","bufferSeconds","fetchClientCredentialsToken","config","body","tokenUrl","text","generateCodeVerifier","array","base64UrlEncode","generateCodeChallenge","verifier","data","digest","bytes","str","getAuthorizationUrl","state","codeVerifier","codeChallenge","params","authUrl","exchangeCode","code","tokenRequest","refreshAccessToken","refreshToken","BCIS_DISCOVERY_URL","cache","fetchOidcConfig","discoveryUrl","cached","AuthManager","token","endpoints","tokenResponse","cfg","oidc","BcisApiError","status","statusText","FetchClient","auth","baseUrl","path","url","key","value","item","CoreApiClient","options","ResidentialRebuildClient","ScheduleOfRatesClient"],"mappings":"aAGO,IAAMA,CAAAA,CAAN,KAAiB,CAAjB,WAAA,EAAA,CACL,KAAQ,KAAA,CAA4B,KAAA,CAEpC,KAAA,CAAMC,CAAAA,CAA+B,CACnC,IAAMC,CAAAA,CACJD,CAAAA,CAAS,YAAc,IAAA,CACnB,IAAA,CAAK,GAAA,EAAI,CAAIA,CAAAA,CAAS,UAAA,CAAa,GAAA,CACnC,IAAA,CAEN,KAAK,KAAA,CAAQ,CACX,WAAA,CAAaA,CAAAA,CAAS,aACtB,SAAA,CAAAC,CAAAA,CACA,YAAA,CAAcD,CAAAA,CAAS,eAAiB,IAC1C,EACF,CAEA,cAAA,EAAgC,CAC9B,OAAO,IAAA,CAAK,KAAA,EAAO,aAAe,IACpC,CAEA,eAAA,EAAiC,CAC/B,OAAO,IAAA,CAAK,KAAA,EAAO,YAAA,EAAgB,IACrC,CAMA,SAAA,CAAUE,CAAAA,CAAgB,EAAA,CAAa,CACrC,OAAK,IAAA,CAAK,KAAA,CACN,KAAK,KAAA,CAAM,SAAA,GAAc,IAAA,CAAa,KAAA,CACnC,KAAK,GAAA,EAAI,EAAK,IAAA,CAAK,KAAA,CAAM,UAAYA,CAAAA,CAAgB,GAAA,CAFpC,IAG1B,CAEA,KAAA,EAAc,CACZ,IAAA,CAAK,KAAA,CAAQ,KACf,CACF,CAAA,CCnCA,eAAsBC,CAAAA,CACpBC,CAAAA,CACwB,CACxB,IAAMC,CAAAA,CAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,oBAAA,CACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,aAAA,CAAeA,EAAO,YACxB,CAAC,CAAA,CAEGA,CAAAA,CAAO,QAAUA,CAAAA,CAAO,MAAA,CAAO,MAAA,CAAS,CAAA,EAC1CC,EAAK,GAAA,CAAI,OAAA,CAASD,CAAAA,CAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAC,CAAA,CAG3C,IAAME,CAAAA,CAAWF,CAAAA,CAAO,QAAA,CACxB,GAAI,CAACE,CAAAA,CAAU,MAAM,IAAI,KAAA,CAAM,kDAAkD,CAAA,CAEjF,IAAMN,CAAAA,CAAW,MAAM,KAAA,CAAMM,CAAAA,CAAU,CACrC,MAAA,CAAQ,OACR,OAAA,CAAS,CAAE,cAAA,CAAgB,mCAAoC,EAC/D,IAAA,CAAMD,CAAAA,CAAK,QAAA,EACb,CAAC,CAAA,CAED,GAAI,CAACL,CAAAA,CAAS,EAAA,CAAI,CAChB,IAAMO,CAAAA,CAAO,MAAMP,CAAAA,CAAS,IAAA,EAAK,CAAE,KAAA,CAAM,IAAM,EAAE,CAAA,CACjD,MAAM,IAAI,KAAA,CACR,CAAA,sBAAA,EAAyBA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,CAAAA,CAAS,UAAU,CAAA,EAAGO,EAAO,CAAA,QAAA,EAAMA,CAAI,CAAA,CAAA,CAAK,EAAE,EAC5F,CACF,CAEA,OAAOP,CAAAA,CAAS,MAClB,CC5BO,SAASQ,CAAAA,EAA+B,CAC7C,IAAMC,CAAAA,CAAQ,IAAI,WAAW,EAAE,CAAA,CAC/B,OAAA,MAAA,CAAO,eAAA,CAAgBA,CAAK,CAAA,CACrBC,CAAAA,CAAgBD,CAAK,CAC9B,CAGA,eAAsBE,CAAAA,CAAsBC,CAAAA,CAAmC,CAE7E,IAAMC,CAAAA,CADU,IAAI,aAAY,CACX,MAAA,CAAOD,CAAQ,CAAA,CAC9BE,EAAS,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,UAAWD,CAAI,CAAA,CACzD,OAAOH,CAAAA,CAAgB,IAAI,UAAA,CAAWI,CAAM,CAAC,CAC/C,CAEA,SAASJ,CAAAA,CAAgBK,CAAAA,CAA2B,CAClD,IAAMC,CAAAA,CAAM,MAAA,CAAO,aAAa,GAAGD,CAAK,CAAA,CACxC,OAAO,IAAA,CAAKC,CAAG,CAAA,CAAE,OAAA,CAAQ,MAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,CAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,CAAO,EAAE,CAC5E,CAUA,eAAsBC,CAAAA,CACpBb,CAAAA,CACAc,CAAAA,CACgD,CAChD,IAAMC,CAAAA,CAAeX,GAAqB,CACpCY,CAAAA,CAAgB,MAAMT,CAAAA,CAAsBQ,CAAY,CAAA,CAExDE,CAAAA,CAAS,IAAI,eAAA,CAAgB,CACjC,aAAA,CAAe,MAAA,CACf,SAAA,CAAWjB,CAAAA,CAAO,QAAA,CAClB,YAAA,CAAcA,CAAAA,CAAO,WAAA,CACrB,eAAgBgB,CAAAA,CAChB,qBAAA,CAAuB,MACzB,CAAC,EAEGhB,CAAAA,CAAO,MAAA,EAAUA,CAAAA,CAAO,MAAA,CAAO,OAAS,CAAA,EAC1CiB,CAAAA,CAAO,GAAA,CAAI,OAAA,CAASjB,CAAAA,CAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAC,CAAA,CAGzCc,CAAAA,EACFG,CAAAA,CAAO,GAAA,CAAI,OAAA,CAASH,CAAK,CAAA,CAG3B,IAAMI,EAAUlB,CAAAA,CAAO,gBAAA,CACvB,GAAI,CAACkB,CAAAA,CAAS,MAAM,IAAI,KAAA,CAAM,0DAA0D,CAAA,CAExF,OAAO,CACL,GAAA,CAAK,GAAGA,CAAO,CAAA,CAAA,EAAID,CAAAA,CAAO,QAAA,EAAU,CAAA,CAAA,CACpC,YAAA,CAAAF,CACF,CACF,CAKA,eAAsBI,CAAAA,CACpBnB,CAAAA,CACAoB,EACAL,CAAAA,CACwB,CACxB,IAAMd,CAAAA,CAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,qBACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,YAAA,CAAcA,CAAAA,CAAO,WAAA,CACrB,IAAA,CAAAoB,CAAAA,CACA,cAAeL,CACjB,CAAC,CAAA,CAEKb,CAAAA,CAAWF,EAAO,QAAA,CACxB,GAAI,CAACE,CAAAA,CAAU,MAAM,IAAI,KAAA,CAAM,kDAAkD,CAAA,CACjF,OAAOmB,CAAAA,CAAanB,CAAAA,CAAUD,CAAI,CACpC,CAKA,eAAsBqB,CAAAA,CACpBtB,CAAAA,CACAuB,CAAAA,CACwB,CACxB,IAAMtB,CAAAA,CAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,eAAA,CACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,aAAA,CAAeuB,CACjB,CAAC,CAAA,CAEKrB,CAAAA,CAAWF,CAAAA,CAAO,SACxB,GAAI,CAACE,CAAAA,CAAU,MAAM,IAAI,KAAA,CAAM,kDAAkD,CAAA,CACjF,OAAOmB,CAAAA,CAAanB,CAAAA,CAAUD,CAAI,CACpC,CAEA,eAAeoB,CAAAA,CACbnB,CAAAA,CACAD,CAAAA,CACwB,CACxB,IAAML,CAAAA,CAAW,MAAM,KAAA,CAAMM,EAAU,CACrC,MAAA,CAAQ,MAAA,CACR,OAAA,CAAS,CAAE,cAAA,CAAgB,mCAAoC,CAAA,CAC/D,KAAMD,CAAAA,CAAK,QAAA,EACb,CAAC,EAED,GAAI,CAACL,CAAAA,CAAS,EAAA,CAAI,CAChB,IAAMO,CAAAA,CAAO,MAAMP,CAAAA,CAAS,IAAA,EAAK,CAAE,KAAA,CAAM,IAAM,EAAE,CAAA,CACjD,MAAM,IAAI,KAAA,CACR,CAAA,sBAAA,EAAyBA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,EAAS,UAAU,CAAA,EAAGO,CAAAA,CAAO,CAAA,QAAA,EAAMA,CAAI,CAAA,CAAA,CAAK,EAAE,CAAA,CAC5F,CACF,CAEA,OAAOP,CAAAA,CAAS,IAAA,EAClB,CC3HA,IAAM4B,CAAAA,CAAqB,wDAAA,CASrBC,EAAQ,IAAI,GAAA,CAMlB,eAAsBC,CAAAA,CAAgBC,CAAAA,CAAeH,CAAAA,CAAyC,CAC5F,IAAMI,EAASH,CAAAA,CAAM,GAAA,CAAIE,CAAY,CAAA,CACrC,GAAIC,CAAAA,CAAQ,OAAOA,CAAAA,CAEnB,IAAMhC,EAAW,MAAM,KAAA,CAAM+B,CAAY,CAAA,CACzC,GAAI,CAAC/B,CAAAA,CAAS,EAAA,CACZ,MAAM,IAAI,KAAA,CACR,CAAA,uBAAA,EAA0BA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,CAAAA,CAAS,UAAU,CAAA,EAAA,EAAK+B,CAAY,CAAA,CAAA,CACnF,CAAA,CAGF,IAAM3B,CAAAA,CAAU,MAAMJ,CAAAA,CAAS,IAAA,EAAK,CAEpC,GAAI,CAACI,CAAAA,CAAO,cAAA,EAAkB,CAACA,CAAAA,CAAO,sBAAA,CACpC,MAAM,IAAI,MAAM,CAAA,2BAAA,EAA8B2B,CAAY,CAAA,8BAAA,CAAgC,CAAA,CAG5F,OAAAF,CAAAA,CAAM,GAAA,CAAIE,CAAAA,CAAc3B,CAAM,CAAA,CACvBA,CACT,CCiBO,IAAM6B,EAAN,KAAkB,CAOvB,WAAA,CAA6B7B,CAAAA,CAAoB,CAApB,IAAA,CAAA,MAAA,CAAAA,CAAAA,CAN7B,IAAA,CAAiB,KAAA,CAAQ,IAAIL,CAAAA,CAE7B,IAAA,CAAQ,QAAA,CAAiC,KAEzC,IAAA,CAAQ,SAAA,CAAmE,KAEzB,CAOlD,MAAM,cAAA,EAAkC,CACtC,GAAI,CAAC,KAAK,KAAA,CAAM,SAAA,EAAU,CACxB,OAAO,IAAA,CAAK,KAAA,CAAM,cAAA,EAAe,CAGnC,GAAI,IAAA,CAAK,QAAA,CACP,OAAA,MAAM,IAAA,CAAK,SACJ,IAAA,CAAK,KAAA,CAAM,cAAA,EAAe,CAGnC,KAAK,QAAA,CAAW,IAAA,CAAK,OAAA,EAAQ,CAC7B,GAAI,CACF,MAAM,IAAA,CAAK,SACb,CAAA,OAAE,CACA,IAAA,CAAK,QAAA,CAAW,KAClB,CAEA,IAAMmC,CAAAA,CAAQ,KAAK,KAAA,CAAM,cAAA,EAAe,CACxC,GAAI,CAACA,CAAAA,CAAO,MAAM,IAAI,MAAM,+BAA+B,CAAA,CAC3D,OAAOA,CACT,CAQA,MAAM,mBAAA,CAAoBhB,CAAAA,CAAgE,CACxF,GAAI,IAAA,CAAK,MAAA,CAAO,IAAA,GAAS,oBAAA,CACvB,MAAM,IAAI,KAAA,CAAM,mEAAmE,EAErF,IAAMiB,CAAAA,CAAY,MAAM,IAAA,CAAK,gBAAA,EAAiB,CAC9C,OAAOlB,CAAAA,CACL,CAAE,GAAI,IAAA,CAAK,MAAA,CAAoC,GAAGkB,CAAU,CAAA,CAC5DjB,CACF,CACF,CAOA,MAAM,cAAA,CAAeM,CAAAA,CAAcL,CAAAA,CAAqC,CACtE,GAAI,IAAA,CAAK,MAAA,CAAO,IAAA,GAAS,qBACvB,MAAM,IAAI,KAAA,CAAM,8DAA8D,CAAA,CAEhF,IAAMgB,CAAAA,CAAY,MAAM,KAAK,gBAAA,EAAiB,CACxCC,CAAAA,CAAgB,MAAMb,CAAAA,CAC1B,CAAE,GAAI,IAAA,CAAK,OAAoC,GAAGY,CAAU,CAAA,CAC5DX,CAAAA,CACAL,CACF,CAAA,CACA,IAAA,CAAK,KAAA,CAAM,MAAMiB,CAAa,EAChC,CAGA,WAAA,EAAoB,CAClB,IAAA,CAAK,KAAA,CAAM,KAAA,GACb,CAMA,MAAc,gBAAA,EAA4E,CACxF,GAAI,IAAA,CAAK,SAAA,CAAW,OAAO,IAAA,CAAK,UAEhC,IAAMC,CAAAA,CAAM,IAAA,CAAK,MAAA,CAUjB,GAHE,CAACA,CAAAA,CAAI,QAAA,EACJ,IAAA,CAAK,OAAO,IAAA,GAAS,oBAAA,EAAwB,CAACA,CAAAA,CAAI,gBAAA,CAEjC,CAClB,IAAMC,CAAAA,CAAO,MAAMR,CAAAA,CAAgBO,CAAAA,CAAI,YAAY,CAAA,CACnD,KAAK,SAAA,CAAY,CACf,QAAA,CAAUA,CAAAA,CAAI,UAAYC,CAAAA,CAAK,cAAA,CAC/B,gBAAA,CAAkBD,CAAAA,CAAI,gBAAA,EAAoBC,CAAAA,CAAK,sBACjD,EACF,MACE,IAAA,CAAK,SAAA,CAAY,CACf,QAAA,CAAUD,CAAAA,CAAI,QAAA,CACd,gBAAA,CAAkBA,CAAAA,CAAI,kBAAoB,EAC5C,CAAA,CAGF,OAAO,IAAA,CAAK,SACd,CAEA,MAAc,OAAA,EAAyB,CACrC,IAAMF,CAAAA,CAAY,MAAM,IAAA,CAAK,kBAAiB,CAE9C,GAAI,IAAA,CAAK,MAAA,CAAO,OAAS,oBAAA,CAAsB,CAC7C,IAAMC,CAAAA,CAAgB,MAAMjC,CAAAA,CAA4B,CACtD,GAAI,KAAK,MAAA,CACT,QAAA,CAAUgC,CAAAA,CAAU,QACtB,CAAC,CAAA,CACD,IAAA,CAAK,KAAA,CAAM,KAAA,CAAMC,CAAa,CAAA,CAC9B,MACF,CAGA,IAAMT,CAAAA,CAAe,IAAA,CAAK,KAAA,CAAM,eAAA,GAChC,GAAIA,CAAAA,CAAc,CAChB,IAAMS,EAAgB,MAAMV,CAAAA,CAC1B,CAAE,GAAI,KAAK,MAAA,CAAoC,GAAGS,CAAU,CAAA,CAC5DR,CACF,CAAA,CACA,IAAA,CAAK,KAAA,CAAM,MAAMS,CAAa,CAAA,CAC9B,MACF,CAEA,MAAM,IAAI,KAAA,CACR,kFACF,CACF,CACF,ECxLO,IAAMG,CAAAA,CAAN,cAA2B,KAAM,CACtC,WAAA,CACkBC,EACAC,CAAAA,CACApC,CAAAA,CAChB,CACA,KAAA,CAAM,kBAAkBmC,CAAM,CAAA,CAAA,EAAIC,CAAU,CAAA,CAAE,EAJ9B,IAAA,CAAA,MAAA,CAAAD,CAAAA,CACA,IAAA,CAAA,UAAA,CAAAC,CAAAA,CACA,IAAA,CAAA,IAAA,CAAApC,CAAAA,CAGhB,IAAA,CAAK,IAAA,CAAO,eACd,CACF,CAAA,CAQaqC,CAAAA,CAAN,KAAkB,CACvB,WAAA,CAA6BC,CAAAA,CAAmB,CAAnB,IAAA,CAAA,IAAA,CAAAA,EAAoB,CAEjD,MAAM,GAAA,CACJC,CAAAA,CACAC,CAAAA,CACAxB,CAAAA,CAAkC,EAAC,CACvB,CACZ,IAAMa,CAAAA,CAAQ,MAAM,IAAA,CAAK,KAAK,cAAA,EAAe,CACvCY,CAAAA,CAAM,IAAI,IAAIF,CAAAA,CAAUC,CAAI,CAAA,CAElC,IAAA,GAAW,CAACE,CAAAA,CAAKC,CAAK,CAAA,GAAK,OAAO,OAAA,CAAQ3B,CAAM,CAAA,CAC9C,GAA2B2B,CAAAA,EAAU,IAAA,CAErC,GAAI,KAAA,CAAM,QAAQA,CAAK,CAAA,CACrB,IAAA,IAAWC,CAAAA,IAAQD,CAAAA,CACjBF,CAAAA,CAAI,YAAA,CAAa,MAAA,CAAOC,EAAK,MAAA,CAAOE,CAAI,CAAC,CAAA,CAAA,KAG3CH,EAAI,YAAA,CAAa,GAAA,CAAIC,CAAAA,CAAK,MAAA,CAAOC,CAAK,CAAC,CAAA,CAI3C,IAAMhD,CAAAA,CAAW,MAAM,KAAA,CAAM8C,CAAAA,CAAI,QAAA,GAAY,CAC3C,MAAA,CAAQ,KAAA,CACR,OAAA,CAAS,CACP,aAAA,CAAe,CAAA,OAAA,EAAUZ,CAAK,GAC9B,MAAA,CAAQ,kBACV,CACF,CAAC,CAAA,CAED,GAAI,CAAClC,CAAAA,CAAS,GAAI,CAChB,IAAIK,CAAAA,CACJ,GAAI,CACFA,CAAAA,CAAO,MAAML,CAAAA,CAAS,IAAA,GACxB,CAAA,KAAQ,CACNK,CAAAA,CAAO,MAAML,CAAAA,CAAS,IAAA,GACxB,CACA,MAAM,IAAIuC,CAAAA,CAAavC,CAAAA,CAAS,MAAA,CAAQA,CAAAA,CAAS,UAAA,CAAYK,CAAI,CACnE,CAEA,OAAOL,CAAAA,CAAS,IAAA,EAClB,CACF,ECZO,IAAMkD,CAAAA,CAAN,KAAoB,CAIzB,WAAA,CAAYP,CAAAA,CAAmBQ,CAAAA,CAAgC,CAC7D,IAAA,CAAK,MAAA,CAAS,IAAIT,CAAAA,CAAYC,CAAI,CAAA,CAClC,IAAA,CAAK,OAAA,CAAUQ,CAAAA,EAAS,OAAA,EAAW,mCACrC,CAGA,MAAM,YAAY9B,CAAAA,CAAoD,CACpE,OAAO,IAAA,CAAK,OAAO,GAAA,CAAoB,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CACpH,CAGA,MAAM,eAAA,CAAgBA,CAAAA,CAA4D,CAChF,OAAO,IAAA,CAAK,OAAO,GAAA,CAAwB,IAAA,CAAK,OAAA,CAAS,mBAAA,CAAqBA,CAA4C,CAC5H,CAGA,MAAM,WAAA,CAAYA,EAAoD,CACpE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAoB,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CACpH,CAGA,MAAM,WAAA,CAAYA,CAAAA,CAAsD,CACtE,OAAO,IAAA,CAAK,OAAO,GAAA,CAAsB,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CACtH,CACF,MC9Ba+B,CAAAA,CAAN,KAA+B,CAIpC,WAAA,CAAYT,EAAmBQ,CAAAA,CAAgC,CAC7D,IAAA,CAAK,MAAA,CAAS,IAAIT,CAAAA,CAAYC,CAAI,CAAA,CAClC,IAAA,CAAK,OAAA,CAAUQ,CAAAA,EAAS,OAAA,EAAW,wDACrC,CAGA,MAAM,SAAA,CAAU9B,CAAAA,CAAuD,CACrE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAyB,IAAA,CAAK,QAAS,iBAAA,CAAmBA,CAA4C,CAC3H,CAGA,MAAM,WAAA,CAAYA,CAAAA,CAAmD,CACnE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAmB,IAAA,CAAK,QAAS,kBAAA,CAAoBA,CAA4C,CACtH,CACF,ECjCO,IAAMgC,CAAAA,CAAN,KAA4B,CAIjC,WAAA,CAAYV,CAAAA,CAAmBQ,CAAAA,CAAgC,CAC7D,KAAK,MAAA,CAAS,IAAIT,CAAAA,CAAYC,CAAI,CAAA,CAClC,IAAA,CAAK,OAAA,CAAUQ,CAAAA,EAAS,SAAW,2CACrC,CAGA,MAAM,eAAA,EAAwC,CAC5C,OAAO,IAAA,CAAK,MAAA,CAAO,IAAiB,IAAA,CAAK,OAAA,CAAS,oBAAA,CAAsB,EAAE,CAC5E,CAGA,MAAM,QAAA,CAAS9B,EAAqD,CAClE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAwB,IAAA,CAAK,OAAA,CAAS,YAAA,CAAcA,CAA4C,CACrH,CAGA,MAAM,YAAA,CAAaA,EAA6D,CAC9E,OAAO,IAAA,CAAK,MAAA,CAAO,IAA4B,IAAA,CAAK,OAAA,CAAS,gBAAA,CAAkBA,CAA4C,CAC7H,CAGA,MAAM,UAAA,CAAWA,EAA0D,CACzE,OAAO,IAAA,CAAK,MAAA,CAAO,IAA2B,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CAC3H,CACF","file":"index.js","sourcesContent":["import type { StoredToken, TokenResponse } from './types';\n\n/** In-memory token storage with expiry awareness. */\nexport class TokenStore {\n  private token: StoredToken | null = null;\n\n  store(response: TokenResponse): void {\n    const expiresAt =\n      response.expires_in != null\n        ? Date.now() + response.expires_in * 1000\n        : null;\n\n    this.token = {\n      accessToken: response.access_token,\n      expiresAt,\n      refreshToken: response.refresh_token ?? null,\n    };\n  }\n\n  getAccessToken(): string | null {\n    return this.token?.accessToken ?? null;\n  }\n\n  getRefreshToken(): string | null {\n    return this.token?.refreshToken ?? null;\n  }\n\n  /**\n   * Returns true if there is no token or the token is within `bufferSeconds`\n   * of expiry. Defaults to a 30-second buffer to allow for clock skew.\n   */\n  isExpired(bufferSeconds = 30): boolean {\n    if (!this.token) return true;\n    if (this.token.expiresAt === null) return false;\n    return Date.now() >= this.token.expiresAt - bufferSeconds * 1000;\n  }\n\n  clear(): void {\n    this.token = null;\n  }\n}\n","import type { ClientCredentialsConfig, TokenResponse } from './types';\n\n/**\n * Fetches a new access token using the OAuth2 Client Credentials flow.\n */\nexport async function fetchClientCredentialsToken(\n  config: ClientCredentialsConfig\n): Promise<TokenResponse> {\n  const body = new URLSearchParams({\n    grant_type: 'client_credentials',\n    client_id: config.clientId,\n    client_secret: config.clientSecret,\n  });\n\n  if (config.scopes && config.scopes.length > 0) {\n    body.set('scope', config.scopes.join(' '));\n  }\n\n  const tokenUrl = config.tokenUrl;\n  if (!tokenUrl) throw new Error('tokenUrl is required for client credentials flow');\n\n  const response = await fetch(tokenUrl, {\n    method: 'POST',\n    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n    body: body.toString(),\n  });\n\n  if (!response.ok) {\n    const text = await response.text().catch(() => '');\n    throw new Error(\n      `Token request failed: ${response.status} ${response.statusText}${text ? ` — ${text}` : ''}`\n    );\n  }\n\n  return response.json() as Promise<TokenResponse>;\n}\n","import type { AuthorizationCodeConfig, TokenResponse } from './types';\n\n// ---------------------------------------------------------------------------\n// PKCE helpers\n// ---------------------------------------------------------------------------\n\n/** Generates a cryptographically random PKCE code verifier (43-128 chars). */\nexport function generateCodeVerifier(): string {\n  const array = new Uint8Array(32);\n  crypto.getRandomValues(array);\n  return base64UrlEncode(array);\n}\n\n/** Derives a PKCE code challenge (S256) from a code verifier. */\nexport async function generateCodeChallenge(verifier: string): Promise<string> {\n  const encoder = new TextEncoder();\n  const data = encoder.encode(verifier);\n  const digest = await crypto.subtle.digest('SHA-256', data);\n  return base64UrlEncode(new Uint8Array(digest));\n}\n\nfunction base64UrlEncode(bytes: Uint8Array): string {\n  const str = String.fromCharCode(...bytes);\n  return btoa(str).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n\n// ---------------------------------------------------------------------------\n// Authorization Code flows\n// ---------------------------------------------------------------------------\n\n/**\n * Builds the authorization URL to redirect the user to.\n * Returns the URL and the code verifier (must be stored and passed to exchangeCode).\n */\nexport async function getAuthorizationUrl(\n  config: AuthorizationCodeConfig,\n  state?: string\n): Promise<{ url: string; codeVerifier: string }> {\n  const codeVerifier = generateCodeVerifier();\n  const codeChallenge = await generateCodeChallenge(codeVerifier);\n\n  const params = new URLSearchParams({\n    response_type: 'code',\n    client_id: config.clientId,\n    redirect_uri: config.redirectUri,\n    code_challenge: codeChallenge,\n    code_challenge_method: 'S256',\n  });\n\n  if (config.scopes && config.scopes.length > 0) {\n    params.set('scope', config.scopes.join(' '));\n  }\n\n  if (state) {\n    params.set('state', state);\n  }\n\n  const authUrl = config.authorizationUrl;\n  if (!authUrl) throw new Error('authorizationUrl is required for authorization-code flow');\n\n  return {\n    url: `${authUrl}?${params.toString()}`,\n    codeVerifier,\n  };\n}\n\n/**\n * Exchanges an authorization code for tokens.\n */\nexport async function exchangeCode(\n  config: AuthorizationCodeConfig,\n  code: string,\n  codeVerifier: string\n): Promise<TokenResponse> {\n  const body = new URLSearchParams({\n    grant_type: 'authorization_code',\n    client_id: config.clientId,\n    redirect_uri: config.redirectUri,\n    code,\n    code_verifier: codeVerifier,\n  });\n\n  const tokenUrl = config.tokenUrl;\n  if (!tokenUrl) throw new Error('tokenUrl is required for authorization-code flow');\n  return tokenRequest(tokenUrl, body);\n}\n\n/**\n * Refreshes an access token using a refresh token.\n */\nexport async function refreshAccessToken(\n  config: AuthorizationCodeConfig,\n  refreshToken: string\n): Promise<TokenResponse> {\n  const body = new URLSearchParams({\n    grant_type: 'refresh_token',\n    client_id: config.clientId,\n    refresh_token: refreshToken,\n  });\n\n  const tokenUrl = config.tokenUrl;\n  if (!tokenUrl) throw new Error('tokenUrl is required for authorization-code flow');\n  return tokenRequest(tokenUrl, body);\n}\n\nasync function tokenRequest(\n  tokenUrl: string,\n  body: URLSearchParams\n): Promise<TokenResponse> {\n  const response = await fetch(tokenUrl, {\n    method: 'POST',\n    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n    body: body.toString(),\n  });\n\n  if (!response.ok) {\n    const text = await response.text().catch(() => '');\n    throw new Error(\n      `Token request failed: ${response.status} ${response.statusText}${text ? ` — ${text}` : ''}`\n    );\n  }\n\n  return response.json() as Promise<TokenResponse>;\n}\n","const BCIS_DISCOVERY_URL = 'https://id.bcis.co.uk/.well-known/openid-configuration';\n\nexport interface OidcConfig {\n  token_endpoint: string;\n  authorization_endpoint: string;\n  [key: string]: unknown;\n}\n\n/** Module-level cache keyed by discovery URL */\nconst cache = new Map<string, OidcConfig>();\n\n/**\n * Fetches and caches the OpenID Connect discovery document.\n * Defaults to the BCIS identity provider.\n */\nexport async function fetchOidcConfig(discoveryUrl = BCIS_DISCOVERY_URL): Promise<OidcConfig> {\n  const cached = cache.get(discoveryUrl);\n  if (cached) return cached;\n\n  const response = await fetch(discoveryUrl);\n  if (!response.ok) {\n    throw new Error(\n      `OIDC discovery failed: ${response.status} ${response.statusText} (${discoveryUrl})`\n    );\n  }\n\n  const config = (await response.json()) as OidcConfig;\n\n  if (!config.token_endpoint || !config.authorization_endpoint) {\n    throw new Error(`OIDC discovery document at ${discoveryUrl} is missing required endpoints`);\n  }\n\n  cache.set(discoveryUrl, config);\n  return config;\n}\n","import type { AuthConfig, AuthorizationCodeConfig, ClientCredentialsConfig } from './types';\nimport { TokenStore } from './token-store';\nimport { fetchClientCredentialsToken } from './client-credentials';\nimport {\n  getAuthorizationUrl as buildAuthorizationUrl,\n  exchangeCode,\n  refreshAccessToken,\n} from './authorization-code';\nimport { fetchOidcConfig } from './oidc-discovery';\n\n/**\n * Centralized OAuth2 authentication manager.\n *\n * Supports:\n * - Client Credentials flow (server-to-server, fully automatic)\n * - Authorization Code + PKCE flow (user-facing applications)\n *\n * Endpoint URLs (`tokenUrl`, `authorizationUrl`) are optional — when omitted they are\n * resolved automatically from the BCIS OpenID Connect discovery document at\n * `https://id.bcis.co.uk/.well-known/openid-configuration`.\n *\n * @example Client Credentials (auto-discovered endpoints)\n * ```ts\n * const auth = new AuthManager({\n *   flow: 'client-credentials',\n *   clientId: 'my-id',\n *   clientSecret: 'my-secret',\n * });\n * const token = await auth.getAccessToken();\n * ```\n *\n * @example Authorization Code (auto-discovered endpoints)\n * ```ts\n * const auth = new AuthManager({\n *   flow: 'authorization-code',\n *   clientId: 'my-id',\n *   redirectUri: 'https://myapp.com/callback',\n *   scopes: ['openid', 'profile'],\n * });\n *\n * // Step 1: redirect user\n * const { url, codeVerifier } = await auth.getAuthorizationUrl();\n * // store codeVerifier in session, redirect user to url\n *\n * // Step 2: on callback\n * await auth.handleCallback(code, codeVerifier);\n *\n * // Step 3: use the SDK\n * const token = await auth.getAccessToken();\n * ```\n */\nexport class AuthManager {\n  private readonly store = new TokenStore();\n  /** Pending token fetch promise to prevent concurrent requests */\n  private inflight: Promise<void> | null = null;\n  /** Cached resolved endpoints (populated lazily from OIDC discovery) */\n  private endpoints: { tokenUrl: string; authorizationUrl: string } | null = null;\n\n  constructor(private readonly config: AuthConfig) {}\n\n  /**\n   * Returns a valid access token, fetching or refreshing as needed.\n   * For Client Credentials flow this is fully automatic.\n   * For Authorization Code flow, `handleCallback` must have been called first.\n   */\n  async getAccessToken(): Promise<string> {\n    if (!this.store.isExpired()) {\n      return this.store.getAccessToken()!;\n    }\n\n    if (this.inflight) {\n      await this.inflight;\n      return this.store.getAccessToken()!;\n    }\n\n    this.inflight = this.refresh();\n    try {\n      await this.inflight;\n    } finally {\n      this.inflight = null;\n    }\n\n    const token = this.store.getAccessToken();\n    if (!token) throw new Error('Failed to obtain access token');\n    return token;\n  }\n\n  /**\n   * Authorization Code flow only.\n   * Builds and returns the authorization URL to redirect the user to.\n   * The returned `codeVerifier` must be persisted (e.g. in session storage)\n   * and passed to `handleCallback`.\n   */\n  async getAuthorizationUrl(state?: string): Promise<{ url: string; codeVerifier: string }> {\n    if (this.config.flow !== 'authorization-code') {\n      throw new Error('getAuthorizationUrl is only available for authorization-code flow');\n    }\n    const endpoints = await this.resolveEndpoints();\n    return buildAuthorizationUrl(\n      { ...(this.config as AuthorizationCodeConfig), ...endpoints },\n      state\n    );\n  }\n\n  /**\n   * Authorization Code flow only.\n   * Exchanges the authorization code (from the redirect callback) for tokens\n   * and stores them internally.\n   */\n  async handleCallback(code: string, codeVerifier: string): Promise<void> {\n    if (this.config.flow !== 'authorization-code') {\n      throw new Error('handleCallback is only available for authorization-code flow');\n    }\n    const endpoints = await this.resolveEndpoints();\n    const tokenResponse = await exchangeCode(\n      { ...(this.config as AuthorizationCodeConfig), ...endpoints },\n      code,\n      codeVerifier\n    );\n    this.store.store(tokenResponse);\n  }\n\n  /** Clears all stored tokens. */\n  clearTokens(): void {\n    this.store.clear();\n  }\n\n  /**\n   * Resolves `tokenUrl` and `authorizationUrl`, fetching the OIDC discovery document\n   * if either URL is absent from the config. Result is cached after the first call.\n   */\n  private async resolveEndpoints(): Promise<{ tokenUrl: string; authorizationUrl: string }> {\n    if (this.endpoints) return this.endpoints;\n\n    const cfg = this.config as {\n      tokenUrl?: string;\n      authorizationUrl?: string;\n      discoveryUrl?: string;\n    };\n\n    const needsDiscovery =\n      !cfg.tokenUrl ||\n      (this.config.flow === 'authorization-code' && !cfg.authorizationUrl);\n\n    if (needsDiscovery) {\n      const oidc = await fetchOidcConfig(cfg.discoveryUrl);\n      this.endpoints = {\n        tokenUrl: cfg.tokenUrl ?? oidc.token_endpoint,\n        authorizationUrl: cfg.authorizationUrl ?? oidc.authorization_endpoint,\n      };\n    } else {\n      this.endpoints = {\n        tokenUrl: cfg.tokenUrl!,\n        authorizationUrl: cfg.authorizationUrl ?? '',\n      };\n    }\n\n    return this.endpoints;\n  }\n\n  private async refresh(): Promise<void> {\n    const endpoints = await this.resolveEndpoints();\n\n    if (this.config.flow === 'client-credentials') {\n      const tokenResponse = await fetchClientCredentialsToken({\n        ...(this.config as ClientCredentialsConfig),\n        tokenUrl: endpoints.tokenUrl,\n      });\n      this.store.store(tokenResponse);\n      return;\n    }\n\n    // Authorization Code flow: try refresh token first, else throw\n    const refreshToken = this.store.getRefreshToken();\n    if (refreshToken) {\n      const tokenResponse = await refreshAccessToken(\n        { ...(this.config as AuthorizationCodeConfig), ...endpoints },\n        refreshToken\n      );\n      this.store.store(tokenResponse);\n      return;\n    }\n\n    throw new Error(\n      'No valid token available. Call getAuthorizationUrl() and handleCallback() first.'\n    );\n  }\n}\n","import type { AuthManager } from '../auth/auth-manager';\n\n/** Thrown when an API response is not 2xx. */\nexport class BcisApiError extends Error {\n  constructor(\n    public readonly status: number,\n    public readonly statusText: string,\n    public readonly body: unknown\n  ) {\n    super(`BCIS API error ${status} ${statusText}`);\n    this.name = 'BcisApiError';\n  }\n}\n\n/**\n * Thin fetch wrapper that:\n * - Injects the Authorization: Bearer header from AuthManager\n * - Serialises query parameters (including arrays as repeated params)\n * - Throws BcisApiError on non-2xx responses\n */\nexport class FetchClient {\n  constructor(private readonly auth: AuthManager) {}\n\n  async get<T>(\n    baseUrl: string,\n    path: string,\n    params: Record<string, unknown> = {}\n  ): Promise<T> {\n    const token = await this.auth.getAccessToken();\n    const url = new URL(baseUrl + path);\n\n    for (const [key, value] of Object.entries(params)) {\n      if (value === undefined || value === null) continue;\n\n      if (Array.isArray(value)) {\n        for (const item of value) {\n          url.searchParams.append(key, String(item));\n        }\n      } else {\n        url.searchParams.set(key, String(value));\n      }\n    }\n\n    const response = await fetch(url.toString(), {\n      method: 'GET',\n      headers: {\n        Authorization: `Bearer ${token}`,\n        Accept: 'application/json',\n      },\n    });\n\n    if (!response.ok) {\n      let body: unknown;\n      try {\n        body = await response.json();\n      } catch {\n        body = await response.text();\n      }\n      throw new BcisApiError(response.status, response.statusText, body);\n    }\n\n    return response.json() as Promise<T>;\n  }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { AbpResponseDto, IndicesResponseDto, TpsResponseDto, CodesResponseDto } from '../types/core-api.types';\n\n// --- Parameter interfaces ---\n\nexport interface AbpRetrieveParams {\n  /** When true, returns additional data for graph plotting. Default false. */\n  'include-data-for-graph'?: boolean;\n  /** When true, includes sub-divided categories (e.g., size bands) in results. Default false. */\n  'include-subclasses'?: boolean;\n  /** A comma-separated list of building function codes used to filter study results. [See the Codes Update API](/docs/bcis-grace-svc-core-apis/1a5fdc770c00d-codes-update). */\n  'building-function': string[];\n  /** A list of type of work codes to filter the results by, the example contains all valid codes. */\n  'type-of-work': string[];\n  /** A six-character code identifying the BCIS study */\n  'abp-study': 'ABPBUI' | 'ABPFUN' | 'ABPGRP' | 'ABPEM2' | 'ABPEUR' | 'ABPEXT';\n}\n\nexport interface IndicesRetrieveParams {\n  /** Restricts the index series by year e.g. `1985` or description `1985 mean = 100`. Ignored if a series number is provided. Descriptions must match text exactly, case-insensitive but including spaces. */\n  'base-of-series'?: string;\n  /** Restricts index series by `regularity` (`monthly`, `quarterly`, `annual`). Ignored if a series number is used. Defaults to `quarterly`, then `monthly`, then `annual`. */\n  regularity?: string[];\n  /** Restricts index figures up to a specific month `yyyy-mm`, or leave blank for latest available. */\n  'end-date'?: string;\n  /** Restricts index figures to a specific month `yyyy-mm`, or leave blank for earliest available. */\n  'start-date'?: string;\n  /** Comma-delimited list of short names (e.g. `BCISTPI:AllIn`) or series numbers. [See the Codes Update API](/docs/bcis-grace-svc-core-apis/1a5fdc770c00d-codes-update). */\n  'series-identification': string[];\n}\n\nexport interface TpsRetrieveParams {\n  /** Supports suffixes to filter or refine the study data:    - Level Filters:       - `:region`, `:county`, `:district`       - Example: `location2000:region` (regional indices), `location2000:county,district` (county and district indices)    - Postcode Filter:       - `:postcode:<POSTCODE>` (no spaces)       - Example: `location2000:postcode:SW1P3AD`       - Cannot be combined with level filters.    - Effective Date Filter:       - `:EffectiveDate:<YYYYQn>`       - Example: `location2000:EffectiveDate:2015Q2`       - Can be combined with postcode or level filters.    - Outcode List:       - `:outcode`       - Example: `location2000:outcode`       - Not supported for 1980 boundaries or with EffectiveDate.   `short-tps-name` is not case sensitive.    For available studies, use the `codesUpdate` web service with `codeType=shortTPSName`. */\n  'short-tps-name': string;\n}\n\nexport interface CodesUpdateParams {\n  /** A date in `yyyy-mm-dd` format. Returns only codes added or modified since this date. Not supported for all code types. Leave blank to return all codes. */\n  'if-changed-since'?: string;\n  /** A version string to select relevant code tables. */\n  version?: string;\n  /**    A string to select the code list required. The supported values are:    - `seriesIdentification`: All regularity names (for `/indices-retrieve`)   - `shortTPSName`: Tender Price Studies - short names (for `/tps-retrieve`)   - `ABPStudy`: Average building prices study codes (for `/abp-retrieve`)   - `BuildingFunction`: List of building function codes (for `/abp-retrieve`, and `/analyses-search`)  - `BuildingFunction:Categories`: List of building function categories   - `BuildingFunction:[1-9]`: List of building function codes for the category specified after the colon   - `BuildingFunction:Duration`: List of building function codes for duration calculator (for `Duration Model Calculate Api`)   - `BuildingFunction:Duration:Categories`: List of building function categories for duration calculator (for `Duration Model Calculate Api`)   - `BuildingFunction:Duration:[1-9]`: List of building function codes for duration calculator for category specified after the colon (for `Duration Model Calculate Api`)   - `BuildingFunction:ABP`: List of building function codes for average building prices study where results are available to the user (for `/abp-retrieve`)   - `SimplifiedTypeOfWork`: List of shorter type of work codes (for `/abp-retrieve`)    The list of supported code types may be extended in the future. */\n  'code-type': 'shortTPSName' | 'ABPStudy' | 'BuildingFunction' | 'BuildingFunction:Categories' | 'BuildingFunction:[1-9]' | 'BuildingFunction:Duration' | 'BuildingFunction:Duration:Categories' | 'BuildingFunction:Duration:[1-9]' | 'BuildingFunction:ABP' | 'SimplifiedTypeOfWork';\n}\n\n// --- Client ---\n\nexport class CoreApiClient {\n  private readonly client: FetchClient;\n  private readonly baseUrl: string;\n\n  constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n    this.client = new FetchClient(auth);\n    this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/core-apis';\n  }\n\n  /** abp-retrieve */\n  async abpRetrieve(params: AbpRetrieveParams): Promise<AbpResponseDto> {\n    return this.client.get<AbpResponseDto>(this.baseUrl, '/abp-retrieve', params as unknown as Record<string, unknown>);\n  }\n\n  /** indices-retrieve */\n  async indicesRetrieve(params: IndicesRetrieveParams): Promise<IndicesResponseDto> {\n    return this.client.get<IndicesResponseDto>(this.baseUrl, '/indices-retrieve', params as unknown as Record<string, unknown>);\n  }\n\n  /** tps-retrieve */\n  async tpsRetrieve(params: TpsRetrieveParams): Promise<TpsResponseDto> {\n    return this.client.get<TpsResponseDto>(this.baseUrl, '/tps-retrieve', params as unknown as Record<string, unknown>);\n  }\n\n  /** codes-update */\n  async codesUpdate(params: CodesUpdateParams): Promise<CodesResponseDto> {\n    return this.client.get<CodesResponseDto>(this.baseUrl, '/codes-update', params as unknown as Record<string, unknown>);\n  }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { CalculationResponse, UsageResponse } from '../types/residential-rebuild.types';\n\n// --- Parameter interfaces ---\n\nexport interface CalculateParams {\n  /** Postcode of the property */\n  postCode: string;\n  /** Type of the property */\n  type: string;\n  /** Number of storeys in the property */\n  storeys: string;\n  /** Style of the property: detached, terraced, etc */\n  style: string;\n  /** Type of the walls of the property */\n  wallType: string;\n  /** Type of the roof of the property */\n  roofType?: string;\n  /** Year the property was built */\n  yearBuilt: number;\n  /** Number of flats */\n  noOfFlats?: number;\n  /** Area of the property in sq.m. */\n  area?: number;\n  /** Number of rooms in the property */\n  noOfRooms?: number;\n  /** Number of bedrooms in the property */\n  noOfBedrooms?: number;\n  /** Number of garage spaces in the property */\n  noOfGarageSpaces?: number;\n  /** Number of bathrooms in the property */\n  noOfBathrooms?: number;\n  /** Special features of the property, Must be blank, or a comma delimited list containing one or more of 'cellar' or 'noexternals' */\n  specialFeatures?: string;\n}\n\nexport interface ReportUsageParams {\n  /** First month of the usage report */\n  startMonth?: string;\n  /** Last month of the usage report */\n  endMonth?: string;\n}\n\n// --- Client ---\n\nexport class ResidentialRebuildClient {\n  private readonly client: FetchClient;\n  private readonly baseUrl: string;\n\n  constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n    this.client = new FetchClient(auth);\n    this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/residential-rebuild-calculator';\n  }\n\n  /** rbls-calculate */\n  async calculate(params: CalculateParams): Promise<CalculationResponse> {\n    return this.client.get<CalculationResponse>(this.baseUrl, '/rbls-calculate', params as unknown as Record<string, unknown>);\n  }\n\n  /** rbls-report-use */\n  async reportUsage(params: ReportUsageParams): Promise<UsageResponse> {\n    return this.client.get<UsageResponse>(this.baseUrl, '/rbls-report-use', params as unknown as Record<string, unknown>);\n  }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { EditionsDto, GetRateResponseDto, GetResourceResponseDto, GetBuildUpResponseDto } from '../types/schedule-of-rates.types';\n\n// --- Parameter interfaces ---\n\nexport interface GetRatesParams {\n  /** node id, returned data are for the selected node */\n  'selected-node-id'?: string;\n  /** filter term, returned nodes contain the text somewhere in that branch */\n  'filter-text'?: string;\n  /** id obtained from get-books-edition */\n  'edition-id': string;\n}\n\nexport interface GetResourcesParams {\n  /** node id, returned data are for the selected node */\n  'selected-node-id'?: string;\n  /** filter term, returned nodes contain the text somewhere in that branch */\n  'filter-text'?: string;\n  /** id obtained from get-books-edition */\n  'edition-id': string;\n}\n\nexport interface GetBuildUpParams {\n  /** Id as returned from GetRates or GetResources */\n  'entity-id': string;\n}\n\n// --- Client ---\n\nexport class ScheduleOfRatesClient {\n  private readonly client: FetchClient;\n  private readonly baseUrl: string;\n\n  constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n    this.client = new FetchClient(auth);\n    this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/schedule-of-rates';\n  }\n\n  /** Lists books and editions available to user */\n  async getBooksEdition(): Promise<EditionsDto> {\n    return this.client.get<EditionsDto>(this.baseUrl, '/get-books-edition', {});\n  }\n\n  /** Lists matching rates */\n  async getRates(params: GetRatesParams): Promise<GetRateResponseDto> {\n    return this.client.get<GetRateResponseDto>(this.baseUrl, '/get-rates', params as unknown as Record<string, unknown>);\n  }\n\n  /** Lists matching resources */\n  async getResources(params: GetResourcesParams): Promise<GetResourceResponseDto> {\n    return this.client.get<GetResourceResponseDto>(this.baseUrl, '/get-resources', params as unknown as Record<string, unknown>);\n  }\n\n  /** Lists components of a rate or buildUp */\n  async getBuildUp(params: GetBuildUpParams): Promise<GetBuildUpResponseDto> {\n    return this.client.get<GetBuildUpResponseDto>(this.baseUrl, '/get-build-up', params as unknown as Record<string, unknown>);\n  }\n}\n"]}
+{"version":3,"sources":["../src/auth/token-store.ts","../src/auth/client-credentials.ts","../src/auth/authorization-code.ts","../src/auth/oidc-discovery.ts","../src/auth/auth-manager.ts","../src/http/fetch-client.ts","../src/clients/core-api.ts","../src/clients/duration-calculator.ts","../src/clients/residential-rebuild.ts","../src/clients/schedule-of-rates.ts"],"names":["TokenStore","response","expiresAt","bufferSeconds","fetchClientCredentialsToken","config","body","tokenUrl","text","generateCodeVerifier","array","base64UrlEncode","generateCodeChallenge","verifier","data","digest","bytes","str","getAuthorizationUrl","state","codeVerifier","codeChallenge","params","authUrl","exchangeCode","code","tokenRequest","refreshAccessToken","refreshToken","BCIS_DISCOVERY_URL","cache","fetchOidcConfig","discoveryUrl","cached","AuthManager","token","endpoints","tokenResponse","cfg","oidc","BcisApiError","status","statusText","FetchClient","auth","baseUrl","path","url","key","value","item","CoreApiClient","options","DurationCalculatorClient","ResidentialRebuildClient","ScheduleOfRatesClient"],"mappings":"aAGO,IAAMA,CAAAA,CAAN,KAAiB,CAAjB,WAAA,EAAA,CACL,KAAQ,KAAA,CAA4B,KAAA,CAEpC,KAAA,CAAMC,CAAAA,CAA+B,CACnC,IAAMC,CAAAA,CACJD,CAAAA,CAAS,UAAA,EAAc,KACnB,IAAA,CAAK,GAAA,EAAI,CAAIA,CAAAA,CAAS,WAAa,GAAA,CACnC,IAAA,CAEN,IAAA,CAAK,KAAA,CAAQ,CACX,WAAA,CAAaA,CAAAA,CAAS,YAAA,CACtB,SAAA,CAAAC,EACA,YAAA,CAAcD,CAAAA,CAAS,aAAA,EAAiB,IAC1C,EACF,CAEA,cAAA,EAAgC,CAC9B,OAAO,IAAA,CAAK,KAAA,EAAO,WAAA,EAAe,IACpC,CAEA,eAAA,EAAiC,CAC/B,OAAO,IAAA,CAAK,OAAO,YAAA,EAAgB,IACrC,CAMA,SAAA,CAAUE,EAAgB,EAAA,CAAa,CACrC,OAAK,IAAA,CAAK,MACN,IAAA,CAAK,KAAA,CAAM,SAAA,GAAc,IAAA,CAAa,MACnC,IAAA,CAAK,GAAA,EAAI,EAAK,IAAA,CAAK,MAAM,SAAA,CAAYA,CAAAA,CAAgB,GAAA,CAFpC,IAG1B,CAEA,KAAA,EAAc,CACZ,IAAA,CAAK,KAAA,CAAQ,KACf,CACF,CAAA,CCnCA,eAAsBC,EACpBC,CAAAA,CACwB,CACxB,IAAMC,CAAAA,CAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,oBAAA,CACZ,UAAWD,CAAAA,CAAO,QAAA,CAClB,aAAA,CAAeA,CAAAA,CAAO,YACxB,CAAC,CAAA,CAEGA,CAAAA,CAAO,MAAA,EAAUA,EAAO,MAAA,CAAO,MAAA,CAAS,CAAA,EAC1CC,CAAAA,CAAK,IAAI,OAAA,CAASD,CAAAA,CAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAC,CAAA,CAG3C,IAAME,CAAAA,CAAWF,EAAO,QAAA,CACxB,GAAI,CAACE,CAAAA,CAAU,MAAM,IAAI,KAAA,CAAM,kDAAkD,CAAA,CAEjF,IAAMN,CAAAA,CAAW,MAAM,KAAA,CAAMM,CAAAA,CAAU,CACrC,MAAA,CAAQ,MAAA,CACR,OAAA,CAAS,CAAE,eAAgB,mCAAoC,CAAA,CAC/D,IAAA,CAAMD,CAAAA,CAAK,UACb,CAAC,CAAA,CAED,GAAI,CAACL,CAAAA,CAAS,EAAA,CAAI,CAChB,IAAMO,EAAO,MAAMP,CAAAA,CAAS,IAAA,EAAK,CAAE,KAAA,CAAM,IAAM,EAAE,CAAA,CACjD,MAAM,IAAI,KAAA,CACR,CAAA,sBAAA,EAAyBA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,CAAAA,CAAS,UAAU,CAAA,EAAGO,EAAO,CAAA,QAAA,EAAMA,CAAI,CAAA,CAAA,CAAK,EAAE,EAC5F,CACF,CAEA,OAAOP,CAAAA,CAAS,MAClB,CC5BO,SAASQ,CAAAA,EAA+B,CAC7C,IAAMC,CAAAA,CAAQ,IAAI,UAAA,CAAW,EAAE,CAAA,CAC/B,OAAA,MAAA,CAAO,eAAA,CAAgBA,CAAK,CAAA,CACrBC,CAAAA,CAAgBD,CAAK,CAC9B,CAGA,eAAsBE,CAAAA,CAAsBC,CAAAA,CAAmC,CAE7E,IAAMC,CAAAA,CADU,IAAI,WAAA,EAAY,CACX,OAAOD,CAAQ,CAAA,CAC9BE,CAAAA,CAAS,MAAM,OAAO,MAAA,CAAO,MAAA,CAAO,SAAA,CAAWD,CAAI,EACzD,OAAOH,CAAAA,CAAgB,IAAI,UAAA,CAAWI,CAAM,CAAC,CAC/C,CAEA,SAASJ,EAAgBK,CAAAA,CAA2B,CAClD,IAAMC,CAAAA,CAAM,MAAA,CAAO,YAAA,CAAa,GAAGD,CAAK,EACxC,OAAO,IAAA,CAAKC,CAAG,CAAA,CAAE,QAAQ,KAAA,CAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,CAAO,EAAE,CAC5E,CAUA,eAAsBC,CAAAA,CACpBb,EACAc,CAAAA,CACgD,CAChD,IAAMC,CAAAA,CAAeX,GAAqB,CACpCY,CAAAA,CAAgB,MAAMT,CAAAA,CAAsBQ,CAAY,CAAA,CAExDE,CAAAA,CAAS,IAAI,eAAA,CAAgB,CACjC,aAAA,CAAe,MAAA,CACf,SAAA,CAAWjB,CAAAA,CAAO,SAClB,YAAA,CAAcA,CAAAA,CAAO,WAAA,CACrB,cAAA,CAAgBgB,EAChB,qBAAA,CAAuB,MACzB,CAAC,CAAA,CAEGhB,EAAO,MAAA,EAAUA,CAAAA,CAAO,MAAA,CAAO,MAAA,CAAS,GAC1CiB,CAAAA,CAAO,GAAA,CAAI,OAAA,CAASjB,CAAAA,CAAO,OAAO,IAAA,CAAK,GAAG,CAAC,CAAA,CAGzCc,GACFG,CAAAA,CAAO,GAAA,CAAI,OAAA,CAASH,CAAK,EAG3B,IAAMI,CAAAA,CAAUlB,CAAAA,CAAO,gBAAA,CACvB,GAAI,CAACkB,CAAAA,CAAS,MAAM,IAAI,KAAA,CAAM,0DAA0D,CAAA,CAExF,OAAO,CACL,GAAA,CAAK,CAAA,EAAGA,CAAO,CAAA,CAAA,EAAID,EAAO,QAAA,EAAU,CAAA,CAAA,CACpC,YAAA,CAAAF,CACF,CACF,CAKA,eAAsBI,CAAAA,CACpBnB,EACAoB,CAAAA,CACAL,CAAAA,CACwB,CACxB,IAAMd,EAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,qBACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,YAAA,CAAcA,CAAAA,CAAO,WAAA,CACrB,IAAA,CAAAoB,CAAAA,CACA,cAAeL,CACjB,CAAC,CAAA,CAEKb,CAAAA,CAAWF,EAAO,QAAA,CACxB,GAAI,CAACE,CAAAA,CAAU,MAAM,IAAI,KAAA,CAAM,kDAAkD,CAAA,CACjF,OAAOmB,CAAAA,CAAanB,CAAAA,CAAUD,CAAI,CACpC,CAKA,eAAsBqB,CAAAA,CACpBtB,CAAAA,CACAuB,CAAAA,CACwB,CACxB,IAAMtB,CAAAA,CAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,eAAA,CACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,aAAA,CAAeuB,CACjB,CAAC,EAEKrB,CAAAA,CAAWF,CAAAA,CAAO,QAAA,CACxB,GAAI,CAACE,CAAAA,CAAU,MAAM,IAAI,KAAA,CAAM,kDAAkD,CAAA,CACjF,OAAOmB,CAAAA,CAAanB,CAAAA,CAAUD,CAAI,CACpC,CAEA,eAAeoB,CAAAA,CACbnB,EACAD,CAAAA,CACwB,CACxB,IAAML,CAAAA,CAAW,MAAM,KAAA,CAAMM,CAAAA,CAAU,CACrC,MAAA,CAAQ,OACR,OAAA,CAAS,CAAE,cAAA,CAAgB,mCAAoC,EAC/D,IAAA,CAAMD,CAAAA,CAAK,QAAA,EACb,CAAC,CAAA,CAED,GAAI,CAACL,CAAAA,CAAS,GAAI,CAChB,IAAMO,CAAAA,CAAO,MAAMP,EAAS,IAAA,EAAK,CAAE,KAAA,CAAM,IAAM,EAAE,CAAA,CACjD,MAAM,IAAI,KAAA,CACR,yBAAyBA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,CAAAA,CAAS,UAAU,CAAA,EAAGO,CAAAA,CAAO,CAAA,QAAA,EAAMA,CAAI,GAAK,EAAE,CAAA,CAC5F,CACF,CAEA,OAAOP,CAAAA,CAAS,IAAA,EAClB,CC3HA,IAAM4B,CAAAA,CAAqB,wDAAA,CASrBC,CAAAA,CAAQ,IAAI,GAAA,CAMlB,eAAsBC,CAAAA,CAAgBC,CAAAA,CAAeH,EAAyC,CAC5F,IAAMI,CAAAA,CAASH,CAAAA,CAAM,IAAIE,CAAY,CAAA,CACrC,GAAIC,CAAAA,CAAQ,OAAOA,CAAAA,CAEnB,IAAMhC,CAAAA,CAAW,MAAM,MAAM+B,CAAY,CAAA,CACzC,GAAI,CAAC/B,EAAS,EAAA,CACZ,MAAM,IAAI,KAAA,CACR,0BAA0BA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,CAAAA,CAAS,UAAU,CAAA,EAAA,EAAK+B,CAAY,CAAA,CAAA,CACnF,CAAA,CAGF,IAAM3B,CAAAA,CAAU,MAAMJ,CAAAA,CAAS,IAAA,GAE/B,GAAI,CAACI,CAAAA,CAAO,cAAA,EAAkB,CAACA,CAAAA,CAAO,sBAAA,CACpC,MAAM,IAAI,MAAM,CAAA,2BAAA,EAA8B2B,CAAY,CAAA,8BAAA,CAAgC,CAAA,CAG5F,OAAAF,CAAAA,CAAM,GAAA,CAAIE,CAAAA,CAAc3B,CAAM,EACvBA,CACT,CCiBO,IAAM6B,CAAAA,CAAN,KAAkB,CAOvB,WAAA,CAA6B7B,CAAAA,CAAoB,CAApB,IAAA,CAAA,MAAA,CAAAA,CAAAA,CAN7B,IAAA,CAAiB,KAAA,CAAQ,IAAIL,CAAAA,CAE7B,IAAA,CAAQ,QAAA,CAAiC,IAAA,CAEzC,KAAQ,SAAA,CAAmE,KAEzB,CAOlD,MAAM,gBAAkC,CACtC,GAAI,CAAC,IAAA,CAAK,MAAM,SAAA,EAAU,CACxB,OAAO,IAAA,CAAK,MAAM,cAAA,EAAe,CAGnC,GAAI,IAAA,CAAK,SACP,OAAA,MAAM,IAAA,CAAK,QAAA,CACJ,IAAA,CAAK,MAAM,cAAA,EAAe,CAGnC,IAAA,CAAK,QAAA,CAAW,KAAK,OAAA,EAAQ,CAC7B,GAAI,CACF,MAAM,IAAA,CAAK,SACb,CAAA,OAAE,CACA,KAAK,QAAA,CAAW,KAClB,CAEA,IAAMmC,EAAQ,IAAA,CAAK,KAAA,CAAM,cAAA,EAAe,CACxC,GAAI,CAACA,CAAAA,CAAO,MAAM,IAAI,MAAM,+BAA+B,CAAA,CAC3D,OAAOA,CACT,CAQA,MAAM,mBAAA,CAAoBhB,CAAAA,CAAgE,CACxF,GAAI,IAAA,CAAK,MAAA,CAAO,IAAA,GAAS,qBACvB,MAAM,IAAI,KAAA,CAAM,mEAAmE,EAErF,IAAMiB,CAAAA,CAAY,MAAM,IAAA,CAAK,kBAAiB,CAC9C,OAAOlB,CAAAA,CACL,CAAE,GAAI,IAAA,CAAK,MAAA,CAAoC,GAAGkB,CAAU,EAC5DjB,CACF,CACF,CAOA,MAAM,eAAeM,CAAAA,CAAcL,CAAAA,CAAqC,CACtE,GAAI,KAAK,MAAA,CAAO,IAAA,GAAS,oBAAA,CACvB,MAAM,IAAI,KAAA,CAAM,8DAA8D,CAAA,CAEhF,IAAMgB,CAAAA,CAAY,MAAM,IAAA,CAAK,gBAAA,GACvBC,CAAAA,CAAgB,MAAMb,CAAAA,CAC1B,CAAE,GAAI,IAAA,CAAK,MAAA,CAAoC,GAAGY,CAAU,EAC5DX,CAAAA,CACAL,CACF,CAAA,CACA,IAAA,CAAK,MAAM,KAAA,CAAMiB,CAAa,EAChC,CAGA,aAAoB,CAClB,IAAA,CAAK,KAAA,CAAM,KAAA,GACb,CAMA,MAAc,gBAAA,EAA4E,CACxF,GAAI,IAAA,CAAK,SAAA,CAAW,OAAO,KAAK,SAAA,CAEhC,IAAMC,CAAAA,CAAM,IAAA,CAAK,OAUjB,GAHE,CAACA,CAAAA,CAAI,QAAA,EACJ,KAAK,MAAA,CAAO,IAAA,GAAS,oBAAA,EAAwB,CAACA,EAAI,gBAAA,CAEjC,CAClB,IAAMC,CAAAA,CAAO,MAAMR,CAAAA,CAAgBO,CAAAA,CAAI,YAAY,CAAA,CACnD,KAAK,SAAA,CAAY,CACf,QAAA,CAAUA,CAAAA,CAAI,UAAYC,CAAAA,CAAK,cAAA,CAC/B,gBAAA,CAAkBD,CAAAA,CAAI,kBAAoBC,CAAAA,CAAK,sBACjD,EACF,CAAA,KACE,KAAK,SAAA,CAAY,CACf,QAAA,CAAUD,CAAAA,CAAI,SACd,gBAAA,CAAkBA,CAAAA,CAAI,gBAAA,EAAoB,EAC5C,EAGF,OAAO,IAAA,CAAK,SACd,CAEA,MAAc,OAAA,EAAyB,CACrC,IAAMF,CAAAA,CAAY,MAAM,IAAA,CAAK,gBAAA,EAAiB,CAE9C,GAAI,KAAK,MAAA,CAAO,IAAA,GAAS,oBAAA,CAAsB,CAC7C,IAAMC,CAAAA,CAAgB,MAAMjC,CAAAA,CAA4B,CACtD,GAAI,IAAA,CAAK,MAAA,CACT,QAAA,CAAUgC,EAAU,QACtB,CAAC,CAAA,CACD,IAAA,CAAK,MAAM,KAAA,CAAMC,CAAa,CAAA,CAC9B,MACF,CAGA,IAAMT,CAAAA,CAAe,IAAA,CAAK,KAAA,CAAM,iBAAgB,CAChD,GAAIA,CAAAA,CAAc,CAChB,IAAMS,CAAAA,CAAgB,MAAMV,CAAAA,CAC1B,CAAE,GAAI,IAAA,CAAK,MAAA,CAAoC,GAAGS,CAAU,EAC5DR,CACF,CAAA,CACA,IAAA,CAAK,KAAA,CAAM,KAAA,CAAMS,CAAa,CAAA,CAC9B,MACF,CAEA,MAAM,IAAI,KAAA,CACR,kFACF,CACF,CACF,ECxLO,IAAMG,CAAAA,CAAN,cAA2B,KAAM,CACtC,WAAA,CACkBC,CAAAA,CACAC,EACApC,CAAAA,CAChB,CACA,KAAA,CAAM,CAAA,eAAA,EAAkBmC,CAAM,CAAA,CAAA,EAAIC,CAAU,CAAA,CAAE,CAAA,CAJ9B,YAAAD,CAAAA,CACA,IAAA,CAAA,UAAA,CAAAC,CAAAA,CACA,IAAA,CAAA,IAAA,CAAApC,EAGhB,IAAA,CAAK,IAAA,CAAO,eACd,CACF,CAAA,CAQaqC,CAAAA,CAAN,KAAkB,CACvB,YAA6BC,CAAAA,CAAmB,CAAnB,IAAA,CAAA,IAAA,CAAAA,EAAoB,CAEjD,MAAM,GAAA,CACJC,CAAAA,CACAC,CAAAA,CACAxB,EAAkC,EAAC,CACvB,CACZ,IAAMa,EAAQ,MAAM,IAAA,CAAK,IAAA,CAAK,cAAA,GACxBY,CAAAA,CAAM,IAAI,GAAA,CAAIF,CAAAA,CAAUC,CAAI,CAAA,CAElC,IAAA,GAAW,CAACE,CAAAA,CAAKC,CAAK,CAAA,GAAK,MAAA,CAAO,OAAA,CAAQ3B,CAAM,EAC9C,GAA2B2B,CAAAA,EAAU,IAAA,CAErC,GAAI,MAAM,OAAA,CAAQA,CAAK,CAAA,CACrB,IAAA,IAAWC,KAAQD,CAAAA,CACjBF,CAAAA,CAAI,YAAA,CAAa,MAAA,CAAOC,EAAK,MAAA,CAAOE,CAAI,CAAC,CAAA,CAAA,KAG3CH,EAAI,YAAA,CAAa,GAAA,CAAIC,CAAAA,CAAK,MAAA,CAAOC,CAAK,CAAC,CAAA,CAI3C,IAAMhD,CAAAA,CAAW,MAAM,KAAA,CAAM8C,CAAAA,CAAI,QAAA,EAAS,CAAG,CAC3C,MAAA,CAAQ,KAAA,CACR,OAAA,CAAS,CACP,aAAA,CAAe,CAAA,OAAA,EAAUZ,CAAK,CAAA,CAAA,CAC9B,OAAQ,kBACV,CACF,CAAC,CAAA,CAED,GAAI,CAAClC,CAAAA,CAAS,EAAA,CAAI,CAChB,IAAIK,CAAAA,CACJ,GAAI,CACFA,CAAAA,CAAO,MAAML,CAAAA,CAAS,IAAA,GACxB,CAAA,KAAQ,CACNK,CAAAA,CAAO,MAAML,CAAAA,CAAS,IAAA,GACxB,CACA,MAAM,IAAIuC,CAAAA,CAAavC,EAAS,MAAA,CAAQA,CAAAA,CAAS,UAAA,CAAYK,CAAI,CACnE,CAEA,OAAOL,CAAAA,CAAS,MAClB,CACF,ECZO,IAAMkD,EAAN,KAAoB,CAIzB,WAAA,CAAYP,CAAAA,CAAmBQ,EAAgC,CAC7D,IAAA,CAAK,MAAA,CAAS,IAAIT,EAAYC,CAAI,CAAA,CAClC,IAAA,CAAK,OAAA,CAAUQ,GAAS,OAAA,EAAW,mCACrC,CAGA,MAAM,YAAY9B,CAAAA,CAAoD,CACpE,OAAO,IAAA,CAAK,OAAO,GAAA,CAAoB,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CACpH,CAGA,MAAM,gBAAgBA,CAAAA,CAA4D,CAChF,OAAO,IAAA,CAAK,OAAO,GAAA,CAAwB,IAAA,CAAK,OAAA,CAAS,mBAAA,CAAqBA,CAA4C,CAC5H,CAGA,MAAM,WAAA,CAAYA,EAAoD,CACpE,OAAO,IAAA,CAAK,MAAA,CAAO,IAAoB,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CACpH,CAGA,MAAM,WAAA,CAAYA,CAAAA,CAAsD,CACtE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAsB,KAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CACtH,CACF,ECrCO,IAAM+B,CAAAA,CAAN,KAA+B,CAIpC,WAAA,CAAYT,CAAAA,CAAmBQ,CAAAA,CAAgC,CAC7D,KAAK,MAAA,CAAS,IAAIT,CAAAA,CAAYC,CAAI,EAClC,IAAA,CAAK,OAAA,CAAUQ,CAAAA,EAAS,OAAA,EAAW,sCACrC,CAGA,MAAM,SAAA,CAAU9B,CAAAA,CAAqD,CACnE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAuB,KAAK,OAAA,CAAS,aAAA,CAAeA,CAA4C,CACrH,CAGA,MAAM,UAAA,CAAWA,CAAAA,CAA4D,CAC3E,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAA6B,KAAK,OAAA,CAAS,cAAA,CAAgBA,CAA4C,CAC5H,CAGA,MAAM,iBAAA,CAAkBA,CAAAA,CAAgE,CACtF,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAA0B,IAAA,CAAK,QAAS,qBAAA,CAAuBA,CAA4C,CAChI,CACF,EChBO,IAAMgC,CAAAA,CAAN,KAA+B,CAIpC,YAAYV,CAAAA,CAAmBQ,CAAAA,CAAgC,CAC7D,IAAA,CAAK,OAAS,IAAIT,CAAAA,CAAYC,CAAI,CAAA,CAClC,KAAK,OAAA,CAAUQ,CAAAA,EAAS,OAAA,EAAW,wDACrC,CAGA,MAAM,SAAA,CAAU9B,CAAAA,CAAuD,CACrE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAyB,IAAA,CAAK,QAAS,iBAAA,CAAmBA,CAA4C,CAC3H,CAGA,MAAM,WAAA,CAAYA,CAAAA,CAAmD,CACnE,OAAO,KAAK,MAAA,CAAO,GAAA,CAAmB,IAAA,CAAK,OAAA,CAAS,mBAAoBA,CAA4C,CACtH,CACF,ECjCO,IAAMiC,CAAAA,CAAN,KAA4B,CAIjC,YAAYX,CAAAA,CAAmBQ,CAAAA,CAAgC,CAC7D,IAAA,CAAK,OAAS,IAAIT,CAAAA,CAAYC,CAAI,CAAA,CAClC,KAAK,OAAA,CAAUQ,CAAAA,EAAS,OAAA,EAAW,2CACrC,CAGA,MAAM,eAAA,EAAwC,CAC5C,OAAO,KAAK,MAAA,CAAO,GAAA,CAAiB,IAAA,CAAK,OAAA,CAAS,qBAAsB,EAAE,CAC5E,CAGA,MAAM,QAAA,CAAS9B,CAAAA,CAAqD,CAClE,OAAO,KAAK,MAAA,CAAO,GAAA,CAAwB,IAAA,CAAK,OAAA,CAAS,aAAcA,CAA4C,CACrH,CAGA,MAAM,aAAaA,CAAAA,CAA6D,CAC9E,OAAO,IAAA,CAAK,OAAO,GAAA,CAA4B,IAAA,CAAK,OAAA,CAAS,gBAAA,CAAkBA,CAA4C,CAC7H,CAGA,MAAM,UAAA,CAAWA,EAA0D,CACzE,OAAO,IAAA,CAAK,MAAA,CAAO,IAA2B,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CAC3H,CACF","file":"index.js","sourcesContent":["import type { StoredToken, TokenResponse } from './types';\n\n/** In-memory token storage with expiry awareness. */\nexport class TokenStore {\n  private token: StoredToken | null = null;\n\n  store(response: TokenResponse): void {\n    const expiresAt =\n      response.expires_in != null\n        ? Date.now() + response.expires_in * 1000\n        : null;\n\n    this.token = {\n      accessToken: response.access_token,\n      expiresAt,\n      refreshToken: response.refresh_token ?? null,\n    };\n  }\n\n  getAccessToken(): string | null {\n    return this.token?.accessToken ?? null;\n  }\n\n  getRefreshToken(): string | null {\n    return this.token?.refreshToken ?? null;\n  }\n\n  /**\n   * Returns true if there is no token or the token is within `bufferSeconds`\n   * of expiry. Defaults to a 30-second buffer to allow for clock skew.\n   */\n  isExpired(bufferSeconds = 30): boolean {\n    if (!this.token) return true;\n    if (this.token.expiresAt === null) return false;\n    return Date.now() >= this.token.expiresAt - bufferSeconds * 1000;\n  }\n\n  clear(): void {\n    this.token = null;\n  }\n}\n","import type { ClientCredentialsConfig, TokenResponse } from './types';\n\n/**\n * Fetches a new access token using the OAuth2 Client Credentials flow.\n */\nexport async function fetchClientCredentialsToken(\n  config: ClientCredentialsConfig\n): Promise<TokenResponse> {\n  const body = new URLSearchParams({\n    grant_type: 'client_credentials',\n    client_id: config.clientId,\n    client_secret: config.clientSecret,\n  });\n\n  if (config.scopes && config.scopes.length > 0) {\n    body.set('scope', config.scopes.join(' '));\n  }\n\n  const tokenUrl = config.tokenUrl;\n  if (!tokenUrl) throw new Error('tokenUrl is required for client credentials flow');\n\n  const response = await fetch(tokenUrl, {\n    method: 'POST',\n    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n    body: body.toString(),\n  });\n\n  if (!response.ok) {\n    const text = await response.text().catch(() => '');\n    throw new Error(\n      `Token request failed: ${response.status} ${response.statusText}${text ? ` — ${text}` : ''}`\n    );\n  }\n\n  return response.json() as Promise<TokenResponse>;\n}\n","import type { AuthorizationCodeConfig, TokenResponse } from './types';\n\n// ---------------------------------------------------------------------------\n// PKCE helpers\n// ---------------------------------------------------------------------------\n\n/** Generates a cryptographically random PKCE code verifier (43-128 chars). */\nexport function generateCodeVerifier(): string {\n  const array = new Uint8Array(32);\n  crypto.getRandomValues(array);\n  return base64UrlEncode(array);\n}\n\n/** Derives a PKCE code challenge (S256) from a code verifier. */\nexport async function generateCodeChallenge(verifier: string): Promise<string> {\n  const encoder = new TextEncoder();\n  const data = encoder.encode(verifier);\n  const digest = await crypto.subtle.digest('SHA-256', data);\n  return base64UrlEncode(new Uint8Array(digest));\n}\n\nfunction base64UrlEncode(bytes: Uint8Array): string {\n  const str = String.fromCharCode(...bytes);\n  return btoa(str).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n\n// ---------------------------------------------------------------------------\n// Authorization Code flows\n// ---------------------------------------------------------------------------\n\n/**\n * Builds the authorization URL to redirect the user to.\n * Returns the URL and the code verifier (must be stored and passed to exchangeCode).\n */\nexport async function getAuthorizationUrl(\n  config: AuthorizationCodeConfig,\n  state?: string\n): Promise<{ url: string; codeVerifier: string }> {\n  const codeVerifier = generateCodeVerifier();\n  const codeChallenge = await generateCodeChallenge(codeVerifier);\n\n  const params = new URLSearchParams({\n    response_type: 'code',\n    client_id: config.clientId,\n    redirect_uri: config.redirectUri,\n    code_challenge: codeChallenge,\n    code_challenge_method: 'S256',\n  });\n\n  if (config.scopes && config.scopes.length > 0) {\n    params.set('scope', config.scopes.join(' '));\n  }\n\n  if (state) {\n    params.set('state', state);\n  }\n\n  const authUrl = config.authorizationUrl;\n  if (!authUrl) throw new Error('authorizationUrl is required for authorization-code flow');\n\n  return {\n    url: `${authUrl}?${params.toString()}`,\n    codeVerifier,\n  };\n}\n\n/**\n * Exchanges an authorization code for tokens.\n */\nexport async function exchangeCode(\n  config: AuthorizationCodeConfig,\n  code: string,\n  codeVerifier: string\n): Promise<TokenResponse> {\n  const body = new URLSearchParams({\n    grant_type: 'authorization_code',\n    client_id: config.clientId,\n    redirect_uri: config.redirectUri,\n    code,\n    code_verifier: codeVerifier,\n  });\n\n  const tokenUrl = config.tokenUrl;\n  if (!tokenUrl) throw new Error('tokenUrl is required for authorization-code flow');\n  return tokenRequest(tokenUrl, body);\n}\n\n/**\n * Refreshes an access token using a refresh token.\n */\nexport async function refreshAccessToken(\n  config: AuthorizationCodeConfig,\n  refreshToken: string\n): Promise<TokenResponse> {\n  const body = new URLSearchParams({\n    grant_type: 'refresh_token',\n    client_id: config.clientId,\n    refresh_token: refreshToken,\n  });\n\n  const tokenUrl = config.tokenUrl;\n  if (!tokenUrl) throw new Error('tokenUrl is required for authorization-code flow');\n  return tokenRequest(tokenUrl, body);\n}\n\nasync function tokenRequest(\n  tokenUrl: string,\n  body: URLSearchParams\n): Promise<TokenResponse> {\n  const response = await fetch(tokenUrl, {\n    method: 'POST',\n    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n    body: body.toString(),\n  });\n\n  if (!response.ok) {\n    const text = await response.text().catch(() => '');\n    throw new Error(\n      `Token request failed: ${response.status} ${response.statusText}${text ? ` — ${text}` : ''}`\n    );\n  }\n\n  return response.json() as Promise<TokenResponse>;\n}\n","const BCIS_DISCOVERY_URL = 'https://id.bcis.co.uk/.well-known/openid-configuration';\n\nexport interface OidcConfig {\n  token_endpoint: string;\n  authorization_endpoint: string;\n  [key: string]: unknown;\n}\n\n/** Module-level cache keyed by discovery URL */\nconst cache = new Map<string, OidcConfig>();\n\n/**\n * Fetches and caches the OpenID Connect discovery document.\n * Defaults to the BCIS identity provider.\n */\nexport async function fetchOidcConfig(discoveryUrl = BCIS_DISCOVERY_URL): Promise<OidcConfig> {\n  const cached = cache.get(discoveryUrl);\n  if (cached) return cached;\n\n  const response = await fetch(discoveryUrl);\n  if (!response.ok) {\n    throw new Error(\n      `OIDC discovery failed: ${response.status} ${response.statusText} (${discoveryUrl})`\n    );\n  }\n\n  const config = (await response.json()) as OidcConfig;\n\n  if (!config.token_endpoint || !config.authorization_endpoint) {\n    throw new Error(`OIDC discovery document at ${discoveryUrl} is missing required endpoints`);\n  }\n\n  cache.set(discoveryUrl, config);\n  return config;\n}\n","import type { AuthConfig, AuthorizationCodeConfig, ClientCredentialsConfig } from './types';\nimport { TokenStore } from './token-store';\nimport { fetchClientCredentialsToken } from './client-credentials';\nimport {\n  getAuthorizationUrl as buildAuthorizationUrl,\n  exchangeCode,\n  refreshAccessToken,\n} from './authorization-code';\nimport { fetchOidcConfig } from './oidc-discovery';\n\n/**\n * Centralized OAuth2 authentication manager.\n *\n * Supports:\n * - Client Credentials flow (server-to-server, fully automatic)\n * - Authorization Code + PKCE flow (user-facing applications)\n *\n * Endpoint URLs (`tokenUrl`, `authorizationUrl`) are optional — when omitted they are\n * resolved automatically from the BCIS OpenID Connect discovery document at\n * `https://id.bcis.co.uk/.well-known/openid-configuration`.\n *\n * @example Client Credentials (auto-discovered endpoints)\n * ```ts\n * const auth = new AuthManager({\n *   flow: 'client-credentials',\n *   clientId: 'my-id',\n *   clientSecret: 'my-secret',\n * });\n * const token = await auth.getAccessToken();\n * ```\n *\n * @example Authorization Code (auto-discovered endpoints)\n * ```ts\n * const auth = new AuthManager({\n *   flow: 'authorization-code',\n *   clientId: 'my-id',\n *   redirectUri: 'https://myapp.com/callback',\n *   scopes: ['openid', 'profile'],\n * });\n *\n * // Step 1: redirect user\n * const { url, codeVerifier } = await auth.getAuthorizationUrl();\n * // store codeVerifier in session, redirect user to url\n *\n * // Step 2: on callback\n * await auth.handleCallback(code, codeVerifier);\n *\n * // Step 3: use the SDK\n * const token = await auth.getAccessToken();\n * ```\n */\nexport class AuthManager {\n  private readonly store = new TokenStore();\n  /** Pending token fetch promise to prevent concurrent requests */\n  private inflight: Promise<void> | null = null;\n  /** Cached resolved endpoints (populated lazily from OIDC discovery) */\n  private endpoints: { tokenUrl: string; authorizationUrl: string } | null = null;\n\n  constructor(private readonly config: AuthConfig) {}\n\n  /**\n   * Returns a valid access token, fetching or refreshing as needed.\n   * For Client Credentials flow this is fully automatic.\n   * For Authorization Code flow, `handleCallback` must have been called first.\n   */\n  async getAccessToken(): Promise<string> {\n    if (!this.store.isExpired()) {\n      return this.store.getAccessToken()!;\n    }\n\n    if (this.inflight) {\n      await this.inflight;\n      return this.store.getAccessToken()!;\n    }\n\n    this.inflight = this.refresh();\n    try {\n      await this.inflight;\n    } finally {\n      this.inflight = null;\n    }\n\n    const token = this.store.getAccessToken();\n    if (!token) throw new Error('Failed to obtain access token');\n    return token;\n  }\n\n  /**\n   * Authorization Code flow only.\n   * Builds and returns the authorization URL to redirect the user to.\n   * The returned `codeVerifier` must be persisted (e.g. in session storage)\n   * and passed to `handleCallback`.\n   */\n  async getAuthorizationUrl(state?: string): Promise<{ url: string; codeVerifier: string }> {\n    if (this.config.flow !== 'authorization-code') {\n      throw new Error('getAuthorizationUrl is only available for authorization-code flow');\n    }\n    const endpoints = await this.resolveEndpoints();\n    return buildAuthorizationUrl(\n      { ...(this.config as AuthorizationCodeConfig), ...endpoints },\n      state\n    );\n  }\n\n  /**\n   * Authorization Code flow only.\n   * Exchanges the authorization code (from the redirect callback) for tokens\n   * and stores them internally.\n   */\n  async handleCallback(code: string, codeVerifier: string): Promise<void> {\n    if (this.config.flow !== 'authorization-code') {\n      throw new Error('handleCallback is only available for authorization-code flow');\n    }\n    const endpoints = await this.resolveEndpoints();\n    const tokenResponse = await exchangeCode(\n      { ...(this.config as AuthorizationCodeConfig), ...endpoints },\n      code,\n      codeVerifier\n    );\n    this.store.store(tokenResponse);\n  }\n\n  /** Clears all stored tokens. */\n  clearTokens(): void {\n    this.store.clear();\n  }\n\n  /**\n   * Resolves `tokenUrl` and `authorizationUrl`, fetching the OIDC discovery document\n   * if either URL is absent from the config. Result is cached after the first call.\n   */\n  private async resolveEndpoints(): Promise<{ tokenUrl: string; authorizationUrl: string }> {\n    if (this.endpoints) return this.endpoints;\n\n    const cfg = this.config as {\n      tokenUrl?: string;\n      authorizationUrl?: string;\n      discoveryUrl?: string;\n    };\n\n    const needsDiscovery =\n      !cfg.tokenUrl ||\n      (this.config.flow === 'authorization-code' && !cfg.authorizationUrl);\n\n    if (needsDiscovery) {\n      const oidc = await fetchOidcConfig(cfg.discoveryUrl);\n      this.endpoints = {\n        tokenUrl: cfg.tokenUrl ?? oidc.token_endpoint,\n        authorizationUrl: cfg.authorizationUrl ?? oidc.authorization_endpoint,\n      };\n    } else {\n      this.endpoints = {\n        tokenUrl: cfg.tokenUrl!,\n        authorizationUrl: cfg.authorizationUrl ?? '',\n      };\n    }\n\n    return this.endpoints;\n  }\n\n  private async refresh(): Promise<void> {\n    const endpoints = await this.resolveEndpoints();\n\n    if (this.config.flow === 'client-credentials') {\n      const tokenResponse = await fetchClientCredentialsToken({\n        ...(this.config as ClientCredentialsConfig),\n        tokenUrl: endpoints.tokenUrl,\n      });\n      this.store.store(tokenResponse);\n      return;\n    }\n\n    // Authorization Code flow: try refresh token first, else throw\n    const refreshToken = this.store.getRefreshToken();\n    if (refreshToken) {\n      const tokenResponse = await refreshAccessToken(\n        { ...(this.config as AuthorizationCodeConfig), ...endpoints },\n        refreshToken\n      );\n      this.store.store(tokenResponse);\n      return;\n    }\n\n    throw new Error(\n      'No valid token available. Call getAuthorizationUrl() and handleCallback() first.'\n    );\n  }\n}\n","import type { AuthManager } from '../auth/auth-manager';\n\n/** Thrown when an API response is not 2xx. */\nexport class BcisApiError extends Error {\n  constructor(\n    public readonly status: number,\n    public readonly statusText: string,\n    public readonly body: unknown\n  ) {\n    super(`BCIS API error ${status} ${statusText}`);\n    this.name = 'BcisApiError';\n  }\n}\n\n/**\n * Thin fetch wrapper that:\n * - Injects the Authorization: Bearer header from AuthManager\n * - Serialises query parameters (including arrays as repeated params)\n * - Throws BcisApiError on non-2xx responses\n */\nexport class FetchClient {\n  constructor(private readonly auth: AuthManager) {}\n\n  async get<T>(\n    baseUrl: string,\n    path: string,\n    params: Record<string, unknown> = {}\n  ): Promise<T> {\n    const token = await this.auth.getAccessToken();\n    const url = new URL(baseUrl + path);\n\n    for (const [key, value] of Object.entries(params)) {\n      if (value === undefined || value === null) continue;\n\n      if (Array.isArray(value)) {\n        for (const item of value) {\n          url.searchParams.append(key, String(item));\n        }\n      } else {\n        url.searchParams.set(key, String(value));\n      }\n    }\n\n    const response = await fetch(url.toString(), {\n      method: 'GET',\n      headers: {\n        Authorization: `Bearer ${token}`,\n        Accept: 'application/json',\n      },\n    });\n\n    if (!response.ok) {\n      let body: unknown;\n      try {\n        body = await response.json();\n      } catch {\n        body = await response.text();\n      }\n      throw new BcisApiError(response.status, response.statusText, body);\n    }\n\n    return response.json() as Promise<T>;\n  }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { AbpResponseDto, IndicesResponseDto, TpsResponseDto, CodesResponseDto } from '../types/core-api.types';\n\n// --- Parameter interfaces ---\n\nexport interface AbpRetrieveParams {\n  /** When true, returns additional data for graph plotting. Default false. */\n  'include-data-for-graph'?: boolean;\n  /** When true, includes sub-divided categories (e.g., size bands) in results. Default false. */\n  'include-subclasses'?: boolean;\n  /** A comma-separated list of building function codes used to filter study results. [See the Codes Update API](/docs/bcis-grace-svc-core-apis/1a5fdc770c00d-codes-update). */\n  'building-function': string[];\n  /** A list of type of work codes to filter the results by, the example contains all valid codes. */\n  'type-of-work': string[];\n  /** A six-character code identifying the BCIS study */\n  'abp-study': 'ABPBUI' | 'ABPFUN' | 'ABPGRP' | 'ABPEM2' | 'ABPEUR' | 'ABPEXT';\n}\n\nexport interface IndicesRetrieveParams {\n  /** Restricts the index series by year e.g. `1985` or description `1985 mean = 100`. Ignored if a series number is provided. Descriptions must match text exactly, case-insensitive but including spaces. */\n  'base-of-series'?: string;\n  /** Restricts index series by `regularity` (`monthly`, `quarterly`, `annual`). Ignored if a series number is used. Defaults to `quarterly`, then `monthly`, then `annual`. */\n  regularity?: string[];\n  /** Restricts index figures up to a specific month `yyyy-mm`, or leave blank for latest available. */\n  'end-date'?: string;\n  /** Restricts index figures to a specific month `yyyy-mm`, or leave blank for earliest available. */\n  'start-date'?: string;\n  /** Comma-delimited list of short names (e.g. `BCISTPI:AllIn`) or series numbers. [See the Codes Update API](/docs/bcis-grace-svc-core-apis/1a5fdc770c00d-codes-update). */\n  'series-identification': string[];\n}\n\nexport interface TpsRetrieveParams {\n  /** Supports suffixes to filter or refine the study data:    - Level Filters:       - `:region`, `:county`, `:district`       - Example: `location2000:region` (regional indices), `location2000:county,district` (county and district indices)    - Postcode Filter:       - `:postcode:<POSTCODE>` (no spaces)       - Example: `location2000:postcode:SW1P3AD`       - Cannot be combined with level filters.    - Effective Date Filter:       - `:EffectiveDate:<YYYYQn>`       - Example: `location2000:EffectiveDate:2015Q2`       - Can be combined with postcode or level filters.    - Outcode List:       - `:outcode`       - Example: `location2000:outcode`       - Not supported for 1980 boundaries or with EffectiveDate.   `short-tps-name` is not case sensitive.    For available studies, use the `codesUpdate` web service with `codeType=shortTPSName`. */\n  'short-tps-name': string;\n}\n\nexport interface CodesUpdateParams {\n  /** A date in `yyyy-mm-dd` format. Returns only codes added or modified since this date. Not supported for all code types. Leave blank to return all codes. */\n  'if-changed-since'?: string;\n  /** A version string to select relevant code tables. */\n  version?: string;\n  /**    A string to select the code list required. The supported values are:    - `seriesIdentification`: All regularity names (for `/indices-retrieve`)   - `shortTPSName`: Tender Price Studies - short names (for `/tps-retrieve`)   - `ABPStudy`: Average building prices study codes (for `/abp-retrieve`)   - `BuildingFunction`: List of building function codes (for `/abp-retrieve`, and `/analyses-search`)  - `BuildingFunction:Categories`: List of building function categories   - `BuildingFunction:[1-9]`: List of building function codes for the category specified after the colon   - `BuildingFunction:Duration`: List of building function codes for duration calculator (for `Duration Model Calculate Api`)   - `BuildingFunction:Duration:Categories`: List of building function categories for duration calculator (for `Duration Model Calculate Api`)   - `BuildingFunction:Duration:[1-9]`: List of building function codes for duration calculator for category specified after the colon (for `Duration Model Calculate Api`)   - `BuildingFunction:ABP`: List of building function codes for average building prices study where results are available to the user (for `/abp-retrieve`)   - `SimplifiedTypeOfWork`: List of shorter type of work codes (for `/abp-retrieve`)    The list of supported code types may be extended in the future. */\n  'code-type': 'shortTPSName' | 'ABPStudy' | 'BuildingFunction' | 'BuildingFunction:Categories' | 'BuildingFunction:[1-9]' | 'BuildingFunction:Duration' | 'BuildingFunction:Duration:Categories' | 'BuildingFunction:Duration:[1-9]' | 'BuildingFunction:ABP' | 'SimplifiedTypeOfWork';\n}\n\n// --- Client ---\n\nexport class CoreApiClient {\n  private readonly client: FetchClient;\n  private readonly baseUrl: string;\n\n  constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n    this.client = new FetchClient(auth);\n    this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/core-apis';\n  }\n\n  /** abp-retrieve */\n  async abpRetrieve(params: AbpRetrieveParams): Promise<AbpResponseDto> {\n    return this.client.get<AbpResponseDto>(this.baseUrl, '/abp-retrieve', params as unknown as Record<string, unknown>);\n  }\n\n  /** indices-retrieve */\n  async indicesRetrieve(params: IndicesRetrieveParams): Promise<IndicesResponseDto> {\n    return this.client.get<IndicesResponseDto>(this.baseUrl, '/indices-retrieve', params as unknown as Record<string, unknown>);\n  }\n\n  /** tps-retrieve */\n  async tpsRetrieve(params: TpsRetrieveParams): Promise<TpsResponseDto> {\n    return this.client.get<TpsResponseDto>(this.baseUrl, '/tps-retrieve', params as unknown as Record<string, unknown>);\n  }\n\n  /** codes-update */\n  async codesUpdate(params: CodesUpdateParams): Promise<CodesResponseDto> {\n    return this.client.get<CodesResponseDto>(this.baseUrl, '/codes-update', params as unknown as Record<string, unknown>);\n  }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { DurationModelsDto, DurationModelOptionsDto, CalculationResultDto } from '../types/duration-calculator.types';\n\n// --- Parameter interfaces ---\n\nexport interface GetModelsParams {\n  /** The date of the publication in YYYY-MM-DD format. Can be used to reproduce a calculation as it would have been performed at the given date. */\n  'publication-date'?: string;\n}\n\nexport interface GetOptionsParams {\n  /** There are two separate models that underlie the calculator: one for new build projects and one for refurbishment schemes. */\n  'model-id': number;\n}\n\nexport interface CalculateDurationParams {\n  /** The date on which the project details are published. Can be used to reproduce a calculation as it would have been performed at the given date. */\n  'publication-date'?: string;\n  /** The appropriate sector for the client organisation */\n  'organisation-id': number;\n  /** The selection of contractor that best describes the way in which the contractor will be selected. */\n  'contractor-selection-id': number;\n  /** The procurement process that best describes the way in which the project will be procured. */\n  'procurement-id': number;\n  /** The building function of the project. It is based on groups of building functions rather than the full list of building function codes used elsewhere in BCIS. */\n  'function-group-id': number;\n  /** The location of the project. Is used to adjust the contract value to UK mean location. */\n  'location-id': number;\n  /** The quarter at which the contract value has been priced. Is used to adjust the contract value to the base price level used by the models */\n  'date-applicable': string;\n  /** The anticipated cost of construction expressed as at the anticipated start on site. */\n  'contract-value': number;\n  /** There are two separate models that underlie the calculator: one for new build projects and one for refurbishment schemes. */\n  'model-id': number;\n}\n\n// --- Client ---\n\nexport class DurationCalculatorClient {\n  private readonly client: FetchClient;\n  private readonly baseUrl: string;\n\n  constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n    this.client = new FetchClient(auth);\n    this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/rebuild-core';\n  }\n\n  /** Retrieve the list of models, quarters, and locations available for duration calculations */\n  async getModels(params: GetModelsParams): Promise<DurationModelsDto> {\n    return this.client.get<DurationModelsDto>(this.baseUrl, '/get-models', params as unknown as Record<string, unknown>);\n  }\n\n  /** Retrieve a list of options for the duration-calculation parameters */\n  async getOptions(params: GetOptionsParams): Promise<DurationModelOptionsDto> {\n    return this.client.get<DurationModelOptionsDto>(this.baseUrl, '/get-options', params as unknown as Record<string, unknown>);\n  }\n\n  /** Retrieve the calculated construction duration */\n  async calculateDuration(params: CalculateDurationParams): Promise<CalculationResultDto> {\n    return this.client.get<CalculationResultDto>(this.baseUrl, '/calculate-duration', params as unknown as Record<string, unknown>);\n  }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { CalculationResponse, UsageResponse } from '../types/residential-rebuild.types';\n\n// --- Parameter interfaces ---\n\nexport interface CalculateParams {\n  /** Postcode of the property */\n  postCode: string;\n  /** Type of the property */\n  type: string;\n  /** Number of storeys in the property */\n  storeys: string;\n  /** Style of the property: detached, terraced, etc */\n  style: string;\n  /** Type of the walls of the property */\n  wallType: string;\n  /** Type of the roof of the property */\n  roofType?: string;\n  /** Year the property was built */\n  yearBuilt: number;\n  /** Number of flats */\n  noOfFlats?: number;\n  /** Area of the property in sq.m. */\n  area?: number;\n  /** Number of rooms in the property */\n  noOfRooms?: number;\n  /** Number of bedrooms in the property */\n  noOfBedrooms?: number;\n  /** Number of garage spaces in the property */\n  noOfGarageSpaces?: number;\n  /** Number of bathrooms in the property */\n  noOfBathrooms?: number;\n  /** Special features of the property, Must be blank, or a comma delimited list containing one or more of 'cellar' or 'noexternals' */\n  specialFeatures?: string;\n}\n\nexport interface ReportUsageParams {\n  /** First month of the usage report */\n  startMonth?: string;\n  /** Last month of the usage report */\n  endMonth?: string;\n}\n\n// --- Client ---\n\nexport class ResidentialRebuildClient {\n  private readonly client: FetchClient;\n  private readonly baseUrl: string;\n\n  constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n    this.client = new FetchClient(auth);\n    this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/residential-rebuild-calculator';\n  }\n\n  /** rbls-calculate */\n  async calculate(params: CalculateParams): Promise<CalculationResponse> {\n    return this.client.get<CalculationResponse>(this.baseUrl, '/rbls-calculate', params as unknown as Record<string, unknown>);\n  }\n\n  /** rbls-report-use */\n  async reportUsage(params: ReportUsageParams): Promise<UsageResponse> {\n    return this.client.get<UsageResponse>(this.baseUrl, '/rbls-report-use', params as unknown as Record<string, unknown>);\n  }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { EditionsDto, GetRateResponseDto, GetResourceResponseDto, GetBuildUpResponseDto } from '../types/schedule-of-rates.types';\n\n// --- Parameter interfaces ---\n\nexport interface GetRatesParams {\n  /** node id, returned data are for the selected node */\n  'selected-node-id'?: string;\n  /** filter term, returned nodes contain the text somewhere in that branch */\n  'filter-text'?: string;\n  /** id obtained from get-books-edition */\n  'edition-id': string;\n}\n\nexport interface GetResourcesParams {\n  /** node id, returned data are for the selected node */\n  'selected-node-id'?: string;\n  /** filter term, returned nodes contain the text somewhere in that branch */\n  'filter-text'?: string;\n  /** id obtained from get-books-edition */\n  'edition-id': string;\n}\n\nexport interface GetBuildUpParams {\n  /** Id as returned from GetRates or GetResources */\n  'entity-id': string;\n}\n\n// --- Client ---\n\nexport class ScheduleOfRatesClient {\n  private readonly client: FetchClient;\n  private readonly baseUrl: string;\n\n  constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n    this.client = new FetchClient(auth);\n    this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/schedule-of-rates';\n  }\n\n  /** Lists books and editions available to user */\n  async getBooksEdition(): Promise<EditionsDto> {\n    return this.client.get<EditionsDto>(this.baseUrl, '/get-books-edition', {});\n  }\n\n  /** Lists matching rates */\n  async getRates(params: GetRatesParams): Promise<GetRateResponseDto> {\n    return this.client.get<GetRateResponseDto>(this.baseUrl, '/get-rates', params as unknown as Record<string, unknown>);\n  }\n\n  /** Lists matching resources */\n  async getResources(params: GetResourcesParams): Promise<GetResourceResponseDto> {\n    return this.client.get<GetResourceResponseDto>(this.baseUrl, '/get-resources', params as unknown as Record<string, unknown>);\n  }\n\n  /** Lists components of a rate or buildUp */\n  async getBuildUp(params: GetBuildUpParams): Promise<GetBuildUpResponseDto> {\n    return this.client.get<GetBuildUpResponseDto>(this.baseUrl, '/get-build-up', params as unknown as Record<string, unknown>);\n  }\n}\n"]}

package/dist/index.mjs

@@ -1,3 +1,3 @@
-var u=class{constructor(){this.token=null;}store(e){let n=e.expires_in!=null?Date.now()+e.expires_in*1e3:null;this.token={accessToken:e.access_token,expiresAt:n,refreshToken:e.refresh_token??null};}getAccessToken(){return this.token?.accessToken??null}getRefreshToken(){return this.token?.refreshToken??null}isExpired(e=30){return this.token?this.token.expiresAt===null?false:Date.now()>=this.token.expiresAt-e*1e3:true}clear(){this.token=null;}};async function m(t){let e=new URLSearchParams({grant_type:"client_credentials",client_id:t.clientId,client_secret:t.clientSecret});t.scopes&&t.scopes.length>0&&e.set("scope",t.scopes.join(" "));let n=t.tokenUrl;if(!n)throw new Error("tokenUrl is required for client credentials flow");let r=await fetch(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:e.toString()});if(!r.ok){let o=await r.text().catch(()=>"");throw new Error(`Token request failed: ${r.status} ${r.statusText}${o?` \u2014 ${o}`:""}`)}return r.json()}function A(){let t=new Uint8Array(32);return crypto.getRandomValues(t),k(t)}async function x(t){let n=new TextEncoder().encode(t),r=await crypto.subtle.digest("SHA-256",n);return k(new Uint8Array(r))}function k(t){let e=String.fromCharCode(...t);return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}async function y(t,e){let n=A(),r=await x(n),o=new URLSearchParams({response_type:"code",client_id:t.clientId,redirect_uri:t.redirectUri,code_challenge:r,code_challenge_method:"S256"});t.scopes&&t.scopes.length>0&&o.set("scope",t.scopes.join(" ")),e&&o.set("state",e);let i=t.authorizationUrl;if(!i)throw new Error("authorizationUrl is required for authorization-code flow");return {url:`${i}?${o.toString()}`,codeVerifier:n}}async function w(t,e,n){let r=new URLSearchParams({grant_type:"authorization_code",client_id:t.clientId,redirect_uri:t.redirectUri,code:e,code_verifier:n}),o=t.tokenUrl;if(!o)throw new Error("tokenUrl is required for authorization-code flow");return U(o,r)}async function R(t,e){let n=new URLSearchParams({grant_type:"refresh_token",client_id:t.clientId,refresh_token:e}),r=t.tokenUrl;if(!r)throw new Error("tokenUrl is required for authorization-code flow");return U(r,n)}async function U(t,e){let n=await fetch(t,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:e.toString()});if(!n.ok){let r=await n.text().catch(()=>"");throw new Error(`Token request failed: ${n.status} ${n.statusText}${r?` \u2014 ${r}`:""}`)}return n.json()}var T="https://id.bcis.co.uk/.well-known/openid-configuration",C=new Map;async function b(t=T){let e=C.get(t);if(e)return e;let n=await fetch(t);if(!n.ok)throw new Error(`OIDC discovery failed: ${n.status} ${n.statusText} (${t})`);let r=await n.json();if(!r.token_endpoint||!r.authorization_endpoint)throw new Error(`OIDC discovery document at ${t} is missing required endpoints`);return C.set(t,r),r}var d=class{constructor(e){this.config=e;this.store=new u;this.inflight=null;this.endpoints=null;}async getAccessToken(){if(!this.store.isExpired())return this.store.getAccessToken();if(this.inflight)return await this.inflight,this.store.getAccessToken();this.inflight=this.refresh();try{await this.inflight;}finally{this.inflight=null;}let e=this.store.getAccessToken();if(!e)throw new Error("Failed to obtain access token");return e}async getAuthorizationUrl(e){if(this.config.flow!=="authorization-code")throw new Error("getAuthorizationUrl is only available for authorization-code flow");let n=await this.resolveEndpoints();return y({...this.config,...n},e)}async handleCallback(e,n){if(this.config.flow!=="authorization-code")throw new Error("handleCallback is only available for authorization-code flow");let r=await this.resolveEndpoints(),o=await w({...this.config,...r},e,n);this.store.store(o);}clearTokens(){this.store.clear();}async resolveEndpoints(){if(this.endpoints)return this.endpoints;let e=this.config;if(!e.tokenUrl||this.config.flow==="authorization-code"&&!e.authorizationUrl){let r=await b(e.discoveryUrl);this.endpoints={tokenUrl:e.tokenUrl??r.token_endpoint,authorizationUrl:e.authorizationUrl??r.authorization_endpoint};}else this.endpoints={tokenUrl:e.tokenUrl,authorizationUrl:e.authorizationUrl??""};return this.endpoints}async refresh(){let e=await this.resolveEndpoints();if(this.config.flow==="client-credentials"){let r=await m({...this.config,tokenUrl:e.tokenUrl});this.store.store(r);return}let n=this.store.getRefreshToken();if(n){let r=await R({...this.config,...e},n);this.store.store(r);return}throw new Error("No valid token available. Call getAuthorizationUrl() and handleCallback() first.")}};var p=class extends Error{constructor(n,r,o){super(`BCIS API error ${n} ${r}`);this.status=n;this.statusText=r;this.body=o;this.name="BcisApiError";}},s=class{constructor(e){this.auth=e;}async get(e,n,r={}){let o=await this.auth.getAccessToken(),i=new URL(e+n);for(let[c,l]of Object.entries(r))if(l!=null)if(Array.isArray(l))for(let P of l)i.searchParams.append(c,String(P));else i.searchParams.set(c,String(l));let a=await fetch(i.toString(),{method:"GET",headers:{Authorization:`Bearer ${o}`,Accept:"application/json"}});if(!a.ok){let c;try{c=await a.json();}catch{c=await a.text();}throw new p(a.status,a.statusText,c)}return a.json()}};var h=class{constructor(e,n){this.client=new s(e),this.baseUrl=n?.baseUrl??"https://api.bcis.co.uk/core-apis";}async abpRetrieve(e){return this.client.get(this.baseUrl,"/abp-retrieve",e)}async indicesRetrieve(e){return this.client.get(this.baseUrl,"/indices-retrieve",e)}async tpsRetrieve(e){return this.client.get(this.baseUrl,"/tps-retrieve",e)}async codesUpdate(e){return this.client.get(this.baseUrl,"/codes-update",e)}};var g=class{constructor(e,n){this.client=new s(e),this.baseUrl=n?.baseUrl??"https://api.bcis.co.uk/residential-rebuild-calculator";}async calculate(e){return this.client.get(this.baseUrl,"/rbls-calculate",e)}async reportUsage(e){return this.client.get(this.baseUrl,"/rbls-report-use",e)}};var f=class{constructor(e,n){this.client=new s(e),this.baseUrl=n?.baseUrl??"https://api.bcis.co.uk/schedule-of-rates";}async getBooksEdition(){return this.client.get(this.baseUrl,"/get-books-edition",{})}async getRates(e){return this.client.get(this.baseUrl,"/get-rates",e)}async getResources(e){return this.client.get(this.baseUrl,"/get-resources",e)}async getBuildUp(e){return this.client.get(this.baseUrl,"/get-build-up",e)}};
-export{d as AuthManager,p as BcisApiError,h as CoreApiClient,g as ResidentialRebuildClient,f as ScheduleOfRatesClient};//# sourceMappingURL=index.mjs.map
+var u=class{constructor(){this.token=null;}store(e){let t=e.expires_in!=null?Date.now()+e.expires_in*1e3:null;this.token={accessToken:e.access_token,expiresAt:t,refreshToken:e.refresh_token??null};}getAccessToken(){return this.token?.accessToken??null}getRefreshToken(){return this.token?.refreshToken??null}isExpired(e=30){return this.token?this.token.expiresAt===null?false:Date.now()>=this.token.expiresAt-e*1e3:true}clear(){this.token=null;}};async function k(n){let e=new URLSearchParams({grant_type:"client_credentials",client_id:n.clientId,client_secret:n.clientSecret});n.scopes&&n.scopes.length>0&&e.set("scope",n.scopes.join(" "));let t=n.tokenUrl;if(!t)throw new Error("tokenUrl is required for client credentials flow");let r=await fetch(t,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:e.toString()});if(!r.ok){let o=await r.text().catch(()=>"");throw new Error(`Token request failed: ${r.status} ${r.statusText}${o?` \u2014 ${o}`:""}`)}return r.json()}function A(){let n=new Uint8Array(32);return crypto.getRandomValues(n),y(n)}async function T(n){let t=new TextEncoder().encode(n),r=await crypto.subtle.digest("SHA-256",t);return y(new Uint8Array(r))}function y(n){let e=String.fromCharCode(...n);return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}async function w(n,e){let t=A(),r=await T(t),o=new URLSearchParams({response_type:"code",client_id:n.clientId,redirect_uri:n.redirectUri,code_challenge:r,code_challenge_method:"S256"});n.scopes&&n.scopes.length>0&&o.set("scope",n.scopes.join(" ")),e&&o.set("state",e);let i=n.authorizationUrl;if(!i)throw new Error("authorizationUrl is required for authorization-code flow");return {url:`${i}?${o.toString()}`,codeVerifier:t}}async function b(n,e,t){let r=new URLSearchParams({grant_type:"authorization_code",client_id:n.clientId,redirect_uri:n.redirectUri,code:e,code_verifier:t}),o=n.tokenUrl;if(!o)throw new Error("tokenUrl is required for authorization-code flow");return U(o,r)}async function R(n,e){let t=new URLSearchParams({grant_type:"refresh_token",client_id:n.clientId,refresh_token:e}),r=n.tokenUrl;if(!r)throw new Error("tokenUrl is required for authorization-code flow");return U(r,t)}async function U(n,e){let t=await fetch(n,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:e.toString()});if(!t.ok){let r=await t.text().catch(()=>"");throw new Error(`Token request failed: ${t.status} ${t.statusText}${r?` \u2014 ${r}`:""}`)}return t.json()}var D="https://id.bcis.co.uk/.well-known/openid-configuration",C=new Map;async function P(n=D){let e=C.get(n);if(e)return e;let t=await fetch(n);if(!t.ok)throw new Error(`OIDC discovery failed: ${t.status} ${t.statusText} (${n})`);let r=await t.json();if(!r.token_endpoint||!r.authorization_endpoint)throw new Error(`OIDC discovery document at ${n} is missing required endpoints`);return C.set(n,r),r}var d=class{constructor(e){this.config=e;this.store=new u;this.inflight=null;this.endpoints=null;}async getAccessToken(){if(!this.store.isExpired())return this.store.getAccessToken();if(this.inflight)return await this.inflight,this.store.getAccessToken();this.inflight=this.refresh();try{await this.inflight;}finally{this.inflight=null;}let e=this.store.getAccessToken();if(!e)throw new Error("Failed to obtain access token");return e}async getAuthorizationUrl(e){if(this.config.flow!=="authorization-code")throw new Error("getAuthorizationUrl is only available for authorization-code flow");let t=await this.resolveEndpoints();return w({...this.config,...t},e)}async handleCallback(e,t){if(this.config.flow!=="authorization-code")throw new Error("handleCallback is only available for authorization-code flow");let r=await this.resolveEndpoints(),o=await b({...this.config,...r},e,t);this.store.store(o);}clearTokens(){this.store.clear();}async resolveEndpoints(){if(this.endpoints)return this.endpoints;let e=this.config;if(!e.tokenUrl||this.config.flow==="authorization-code"&&!e.authorizationUrl){let r=await P(e.discoveryUrl);this.endpoints={tokenUrl:e.tokenUrl??r.token_endpoint,authorizationUrl:e.authorizationUrl??r.authorization_endpoint};}else this.endpoints={tokenUrl:e.tokenUrl,authorizationUrl:e.authorizationUrl??""};return this.endpoints}async refresh(){let e=await this.resolveEndpoints();if(this.config.flow==="client-credentials"){let r=await k({...this.config,tokenUrl:e.tokenUrl});this.store.store(r);return}let t=this.store.getRefreshToken();if(t){let r=await R({...this.config,...e},t);this.store.store(r);return}throw new Error("No valid token available. Call getAuthorizationUrl() and handleCallback() first.")}};var p=class extends Error{constructor(t,r,o){super(`BCIS API error ${t} ${r}`);this.status=t;this.statusText=r;this.body=o;this.name="BcisApiError";}},s=class{constructor(e){this.auth=e;}async get(e,t,r={}){let o=await this.auth.getAccessToken(),i=new URL(e+t);for(let[c,l]of Object.entries(r))if(l!=null)if(Array.isArray(l))for(let x of l)i.searchParams.append(c,String(x));else i.searchParams.set(c,String(l));let a=await fetch(i.toString(),{method:"GET",headers:{Authorization:`Bearer ${o}`,Accept:"application/json"}});if(!a.ok){let c;try{c=await a.json();}catch{c=await a.text();}throw new p(a.status,a.statusText,c)}return a.json()}};var h=class{constructor(e,t){this.client=new s(e),this.baseUrl=t?.baseUrl??"https://api.bcis.co.uk/core-apis";}async abpRetrieve(e){return this.client.get(this.baseUrl,"/abp-retrieve",e)}async indicesRetrieve(e){return this.client.get(this.baseUrl,"/indices-retrieve",e)}async tpsRetrieve(e){return this.client.get(this.baseUrl,"/tps-retrieve",e)}async codesUpdate(e){return this.client.get(this.baseUrl,"/codes-update",e)}};var g=class{constructor(e,t){this.client=new s(e),this.baseUrl=t?.baseUrl??"https://api.bcis.co.uk/rebuild-core";}async getModels(e){return this.client.get(this.baseUrl,"/get-models",e)}async getOptions(e){return this.client.get(this.baseUrl,"/get-options",e)}async calculateDuration(e){return this.client.get(this.baseUrl,"/calculate-duration",e)}};var f=class{constructor(e,t){this.client=new s(e),this.baseUrl=t?.baseUrl??"https://api.bcis.co.uk/residential-rebuild-calculator";}async calculate(e){return this.client.get(this.baseUrl,"/rbls-calculate",e)}async reportUsage(e){return this.client.get(this.baseUrl,"/rbls-report-use",e)}};var m=class{constructor(e,t){this.client=new s(e),this.baseUrl=t?.baseUrl??"https://api.bcis.co.uk/schedule-of-rates";}async getBooksEdition(){return this.client.get(this.baseUrl,"/get-books-edition",{})}async getRates(e){return this.client.get(this.baseUrl,"/get-rates",e)}async getResources(e){return this.client.get(this.baseUrl,"/get-resources",e)}async getBuildUp(e){return this.client.get(this.baseUrl,"/get-build-up",e)}};
+export{d as AuthManager,p as BcisApiError,h as CoreApiClient,g as DurationCalculatorClient,f as ResidentialRebuildClient,m as ScheduleOfRatesClient};//# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/auth/token-store.ts","../src/auth/client-credentials.ts","../src/auth/authorization-code.ts","../src/auth/oidc-discovery.ts","../src/auth/auth-manager.ts","../src/http/fetch-client.ts","../src/clients/core-api.ts","../src/clients/residential-rebuild.ts","../src/clients/schedule-of-rates.ts"],"names":["TokenStore","response","expiresAt","bufferSeconds","fetchClientCredentialsToken","config","body","tokenUrl","text","generateCodeVerifier","array","base64UrlEncode","generateCodeChallenge","verifier","data","digest","bytes","str","getAuthorizationUrl","state","codeVerifier","codeChallenge","params","authUrl","exchangeCode","code","tokenRequest","refreshAccessToken","refreshToken","BCIS_DISCOVERY_URL","cache","fetchOidcConfig","discoveryUrl","cached","AuthManager","token","endpoints","tokenResponse","cfg","oidc","BcisApiError","status","statusText","FetchClient","auth","baseUrl","path","url","key","value","item","CoreApiClient","options","ResidentialRebuildClient","ScheduleOfRatesClient"],"mappings":"AAGO,IAAMA,CAAAA,CAAN,KAAiB,CAAjB,WAAA,EAAA,CACL,KAAQ,KAAA,CAA4B,KAAA,CAEpC,KAAA,CAAMC,CAAAA,CAA+B,CACnC,IAAMC,CAAAA,CACJD,CAAAA,CAAS,YAAc,IAAA,CACnB,IAAA,CAAK,GAAA,EAAI,CAAIA,CAAAA,CAAS,UAAA,CAAa,GAAA,CACnC,IAAA,CAEN,KAAK,KAAA,CAAQ,CACX,WAAA,CAAaA,CAAAA,CAAS,aACtB,SAAA,CAAAC,CAAAA,CACA,YAAA,CAAcD,CAAAA,CAAS,eAAiB,IAC1C,EACF,CAEA,cAAA,EAAgC,CAC9B,OAAO,IAAA,CAAK,KAAA,EAAO,aAAe,IACpC,CAEA,eAAA,EAAiC,CAC/B,OAAO,IAAA,CAAK,KAAA,EAAO,YAAA,EAAgB,IACrC,CAMA,SAAA,CAAUE,CAAAA,CAAgB,EAAA,CAAa,CACrC,OAAK,IAAA,CAAK,KAAA,CACN,KAAK,KAAA,CAAM,SAAA,GAAc,IAAA,CAAa,KAAA,CACnC,KAAK,GAAA,EAAI,EAAK,IAAA,CAAK,KAAA,CAAM,UAAYA,CAAAA,CAAgB,GAAA,CAFpC,IAG1B,CAEA,KAAA,EAAc,CACZ,IAAA,CAAK,KAAA,CAAQ,KACf,CACF,CAAA,CCnCA,eAAsBC,CAAAA,CACpBC,CAAAA,CACwB,CACxB,IAAMC,CAAAA,CAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,oBAAA,CACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,aAAA,CAAeA,EAAO,YACxB,CAAC,CAAA,CAEGA,CAAAA,CAAO,QAAUA,CAAAA,CAAO,MAAA,CAAO,MAAA,CAAS,CAAA,EAC1CC,EAAK,GAAA,CAAI,OAAA,CAASD,CAAAA,CAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAC,CAAA,CAG3C,IAAME,CAAAA,CAAWF,CAAAA,CAAO,QAAA,CACxB,GAAI,CAACE,CAAAA,CAAU,MAAM,IAAI,KAAA,CAAM,kDAAkD,CAAA,CAEjF,IAAMN,CAAAA,CAAW,MAAM,KAAA,CAAMM,CAAAA,CAAU,CACrC,MAAA,CAAQ,OACR,OAAA,CAAS,CAAE,cAAA,CAAgB,mCAAoC,EAC/D,IAAA,CAAMD,CAAAA,CAAK,QAAA,EACb,CAAC,CAAA,CAED,GAAI,CAACL,CAAAA,CAAS,EAAA,CAAI,CAChB,IAAMO,CAAAA,CAAO,MAAMP,CAAAA,CAAS,IAAA,EAAK,CAAE,KAAA,CAAM,IAAM,EAAE,CAAA,CACjD,MAAM,IAAI,KAAA,CACR,CAAA,sBAAA,EAAyBA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,CAAAA,CAAS,UAAU,CAAA,EAAGO,EAAO,CAAA,QAAA,EAAMA,CAAI,CAAA,CAAA,CAAK,EAAE,EAC5F,CACF,CAEA,OAAOP,CAAAA,CAAS,MAClB,CC5BO,SAASQ,CAAAA,EAA+B,CAC7C,IAAMC,CAAAA,CAAQ,IAAI,WAAW,EAAE,CAAA,CAC/B,OAAA,MAAA,CAAO,eAAA,CAAgBA,CAAK,CAAA,CACrBC,CAAAA,CAAgBD,CAAK,CAC9B,CAGA,eAAsBE,CAAAA,CAAsBC,CAAAA,CAAmC,CAE7E,IAAMC,CAAAA,CADU,IAAI,aAAY,CACX,MAAA,CAAOD,CAAQ,CAAA,CAC9BE,EAAS,MAAM,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,UAAWD,CAAI,CAAA,CACzD,OAAOH,CAAAA,CAAgB,IAAI,UAAA,CAAWI,CAAM,CAAC,CAC/C,CAEA,SAASJ,CAAAA,CAAgBK,CAAAA,CAA2B,CAClD,IAAMC,CAAAA,CAAM,MAAA,CAAO,aAAa,GAAGD,CAAK,CAAA,CACxC,OAAO,IAAA,CAAKC,CAAG,CAAA,CAAE,OAAA,CAAQ,MAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,CAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,CAAO,EAAE,CAC5E,CAUA,eAAsBC,CAAAA,CACpBb,CAAAA,CACAc,CAAAA,CACgD,CAChD,IAAMC,CAAAA,CAAeX,GAAqB,CACpCY,CAAAA,CAAgB,MAAMT,CAAAA,CAAsBQ,CAAY,CAAA,CAExDE,CAAAA,CAAS,IAAI,eAAA,CAAgB,CACjC,aAAA,CAAe,MAAA,CACf,SAAA,CAAWjB,CAAAA,CAAO,QAAA,CAClB,YAAA,CAAcA,CAAAA,CAAO,WAAA,CACrB,eAAgBgB,CAAAA,CAChB,qBAAA,CAAuB,MACzB,CAAC,EAEGhB,CAAAA,CAAO,MAAA,EAAUA,CAAAA,CAAO,MAAA,CAAO,OAAS,CAAA,EAC1CiB,CAAAA,CAAO,GAAA,CAAI,OAAA,CAASjB,CAAAA,CAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAC,CAAA,CAGzCc,CAAAA,EACFG,CAAAA,CAAO,GAAA,CAAI,OAAA,CAASH,CAAK,CAAA,CAG3B,IAAMI,EAAUlB,CAAAA,CAAO,gBAAA,CACvB,GAAI,CAACkB,CAAAA,CAAS,MAAM,IAAI,KAAA,CAAM,0DAA0D,CAAA,CAExF,OAAO,CACL,GAAA,CAAK,GAAGA,CAAO,CAAA,CAAA,EAAID,CAAAA,CAAO,QAAA,EAAU,CAAA,CAAA,CACpC,YAAA,CAAAF,CACF,CACF,CAKA,eAAsBI,CAAAA,CACpBnB,CAAAA,CACAoB,EACAL,CAAAA,CACwB,CACxB,IAAMd,CAAAA,CAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,qBACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,YAAA,CAAcA,CAAAA,CAAO,WAAA,CACrB,IAAA,CAAAoB,CAAAA,CACA,cAAeL,CACjB,CAAC,CAAA,CAEKb,CAAAA,CAAWF,EAAO,QAAA,CACxB,GAAI,CAACE,CAAAA,CAAU,MAAM,IAAI,KAAA,CAAM,kDAAkD,CAAA,CACjF,OAAOmB,CAAAA,CAAanB,CAAAA,CAAUD,CAAI,CACpC,CAKA,eAAsBqB,CAAAA,CACpBtB,CAAAA,CACAuB,CAAAA,CACwB,CACxB,IAAMtB,CAAAA,CAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,eAAA,CACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,aAAA,CAAeuB,CACjB,CAAC,CAAA,CAEKrB,CAAAA,CAAWF,CAAAA,CAAO,SACxB,GAAI,CAACE,CAAAA,CAAU,MAAM,IAAI,KAAA,CAAM,kDAAkD,CAAA,CACjF,OAAOmB,CAAAA,CAAanB,CAAAA,CAAUD,CAAI,CACpC,CAEA,eAAeoB,CAAAA,CACbnB,CAAAA,CACAD,CAAAA,CACwB,CACxB,IAAML,CAAAA,CAAW,MAAM,KAAA,CAAMM,EAAU,CACrC,MAAA,CAAQ,MAAA,CACR,OAAA,CAAS,CAAE,cAAA,CAAgB,mCAAoC,CAAA,CAC/D,KAAMD,CAAAA,CAAK,QAAA,EACb,CAAC,EAED,GAAI,CAACL,CAAAA,CAAS,EAAA,CAAI,CAChB,IAAMO,CAAAA,CAAO,MAAMP,CAAAA,CAAS,IAAA,EAAK,CAAE,KAAA,CAAM,IAAM,EAAE,CAAA,CACjD,MAAM,IAAI,KAAA,CACR,CAAA,sBAAA,EAAyBA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,EAAS,UAAU,CAAA,EAAGO,CAAAA,CAAO,CAAA,QAAA,EAAMA,CAAI,CAAA,CAAA,CAAK,EAAE,CAAA,CAC5F,CACF,CAEA,OAAOP,CAAAA,CAAS,IAAA,EAClB,CC3HA,IAAM4B,CAAAA,CAAqB,wDAAA,CASrBC,EAAQ,IAAI,GAAA,CAMlB,eAAsBC,CAAAA,CAAgBC,CAAAA,CAAeH,CAAAA,CAAyC,CAC5F,IAAMI,EAASH,CAAAA,CAAM,GAAA,CAAIE,CAAY,CAAA,CACrC,GAAIC,CAAAA,CAAQ,OAAOA,CAAAA,CAEnB,IAAMhC,EAAW,MAAM,KAAA,CAAM+B,CAAY,CAAA,CACzC,GAAI,CAAC/B,CAAAA,CAAS,EAAA,CACZ,MAAM,IAAI,KAAA,CACR,CAAA,uBAAA,EAA0BA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,CAAAA,CAAS,UAAU,CAAA,EAAA,EAAK+B,CAAY,CAAA,CAAA,CACnF,CAAA,CAGF,IAAM3B,CAAAA,CAAU,MAAMJ,CAAAA,CAAS,IAAA,EAAK,CAEpC,GAAI,CAACI,CAAAA,CAAO,cAAA,EAAkB,CAACA,CAAAA,CAAO,sBAAA,CACpC,MAAM,IAAI,MAAM,CAAA,2BAAA,EAA8B2B,CAAY,CAAA,8BAAA,CAAgC,CAAA,CAG5F,OAAAF,CAAAA,CAAM,GAAA,CAAIE,CAAAA,CAAc3B,CAAM,CAAA,CACvBA,CACT,CCiBO,IAAM6B,EAAN,KAAkB,CAOvB,WAAA,CAA6B7B,CAAAA,CAAoB,CAApB,IAAA,CAAA,MAAA,CAAAA,CAAAA,CAN7B,IAAA,CAAiB,KAAA,CAAQ,IAAIL,CAAAA,CAE7B,IAAA,CAAQ,QAAA,CAAiC,KAEzC,IAAA,CAAQ,SAAA,CAAmE,KAEzB,CAOlD,MAAM,cAAA,EAAkC,CACtC,GAAI,CAAC,KAAK,KAAA,CAAM,SAAA,EAAU,CACxB,OAAO,IAAA,CAAK,KAAA,CAAM,cAAA,EAAe,CAGnC,GAAI,IAAA,CAAK,QAAA,CACP,OAAA,MAAM,IAAA,CAAK,SACJ,IAAA,CAAK,KAAA,CAAM,cAAA,EAAe,CAGnC,KAAK,QAAA,CAAW,IAAA,CAAK,OAAA,EAAQ,CAC7B,GAAI,CACF,MAAM,IAAA,CAAK,SACb,CAAA,OAAE,CACA,IAAA,CAAK,QAAA,CAAW,KAClB,CAEA,IAAMmC,CAAAA,CAAQ,KAAK,KAAA,CAAM,cAAA,EAAe,CACxC,GAAI,CAACA,CAAAA,CAAO,MAAM,IAAI,MAAM,+BAA+B,CAAA,CAC3D,OAAOA,CACT,CAQA,MAAM,mBAAA,CAAoBhB,CAAAA,CAAgE,CACxF,GAAI,IAAA,CAAK,MAAA,CAAO,IAAA,GAAS,oBAAA,CACvB,MAAM,IAAI,KAAA,CAAM,mEAAmE,EAErF,IAAMiB,CAAAA,CAAY,MAAM,IAAA,CAAK,gBAAA,EAAiB,CAC9C,OAAOlB,CAAAA,CACL,CAAE,GAAI,IAAA,CAAK,MAAA,CAAoC,GAAGkB,CAAU,CAAA,CAC5DjB,CACF,CACF,CAOA,MAAM,cAAA,CAAeM,CAAAA,CAAcL,CAAAA,CAAqC,CACtE,GAAI,IAAA,CAAK,MAAA,CAAO,IAAA,GAAS,qBACvB,MAAM,IAAI,KAAA,CAAM,8DAA8D,CAAA,CAEhF,IAAMgB,CAAAA,CAAY,MAAM,KAAK,gBAAA,EAAiB,CACxCC,CAAAA,CAAgB,MAAMb,CAAAA,CAC1B,CAAE,GAAI,IAAA,CAAK,OAAoC,GAAGY,CAAU,CAAA,CAC5DX,CAAAA,CACAL,CACF,CAAA,CACA,IAAA,CAAK,KAAA,CAAM,MAAMiB,CAAa,EAChC,CAGA,WAAA,EAAoB,CAClB,IAAA,CAAK,KAAA,CAAM,KAAA,GACb,CAMA,MAAc,gBAAA,EAA4E,CACxF,GAAI,IAAA,CAAK,SAAA,CAAW,OAAO,IAAA,CAAK,UAEhC,IAAMC,CAAAA,CAAM,IAAA,CAAK,MAAA,CAUjB,GAHE,CAACA,CAAAA,CAAI,QAAA,EACJ,IAAA,CAAK,OAAO,IAAA,GAAS,oBAAA,EAAwB,CAACA,CAAAA,CAAI,gBAAA,CAEjC,CAClB,IAAMC,CAAAA,CAAO,MAAMR,CAAAA,CAAgBO,CAAAA,CAAI,YAAY,CAAA,CACnD,KAAK,SAAA,CAAY,CACf,QAAA,CAAUA,CAAAA,CAAI,UAAYC,CAAAA,CAAK,cAAA,CAC/B,gBAAA,CAAkBD,CAAAA,CAAI,gBAAA,EAAoBC,CAAAA,CAAK,sBACjD,EACF,MACE,IAAA,CAAK,SAAA,CAAY,CACf,QAAA,CAAUD,CAAAA,CAAI,QAAA,CACd,gBAAA,CAAkBA,CAAAA,CAAI,kBAAoB,EAC5C,CAAA,CAGF,OAAO,IAAA,CAAK,SACd,CAEA,MAAc,OAAA,EAAyB,CACrC,IAAMF,CAAAA,CAAY,MAAM,IAAA,CAAK,kBAAiB,CAE9C,GAAI,IAAA,CAAK,MAAA,CAAO,OAAS,oBAAA,CAAsB,CAC7C,IAAMC,CAAAA,CAAgB,MAAMjC,CAAAA,CAA4B,CACtD,GAAI,KAAK,MAAA,CACT,QAAA,CAAUgC,CAAAA,CAAU,QACtB,CAAC,CAAA,CACD,IAAA,CAAK,KAAA,CAAM,KAAA,CAAMC,CAAa,CAAA,CAC9B,MACF,CAGA,IAAMT,CAAAA,CAAe,IAAA,CAAK,KAAA,CAAM,eAAA,GAChC,GAAIA,CAAAA,CAAc,CAChB,IAAMS,EAAgB,MAAMV,CAAAA,CAC1B,CAAE,GAAI,KAAK,MAAA,CAAoC,GAAGS,CAAU,CAAA,CAC5DR,CACF,CAAA,CACA,IAAA,CAAK,KAAA,CAAM,MAAMS,CAAa,CAAA,CAC9B,MACF,CAEA,MAAM,IAAI,KAAA,CACR,kFACF,CACF,CACF,ECxLO,IAAMG,CAAAA,CAAN,cAA2B,KAAM,CACtC,WAAA,CACkBC,EACAC,CAAAA,CACApC,CAAAA,CAChB,CACA,KAAA,CAAM,kBAAkBmC,CAAM,CAAA,CAAA,EAAIC,CAAU,CAAA,CAAE,EAJ9B,IAAA,CAAA,MAAA,CAAAD,CAAAA,CACA,IAAA,CAAA,UAAA,CAAAC,CAAAA,CACA,IAAA,CAAA,IAAA,CAAApC,CAAAA,CAGhB,IAAA,CAAK,IAAA,CAAO,eACd,CACF,CAAA,CAQaqC,CAAAA,CAAN,KAAkB,CACvB,WAAA,CAA6BC,CAAAA,CAAmB,CAAnB,IAAA,CAAA,IAAA,CAAAA,EAAoB,CAEjD,MAAM,GAAA,CACJC,CAAAA,CACAC,CAAAA,CACAxB,CAAAA,CAAkC,EAAC,CACvB,CACZ,IAAMa,CAAAA,CAAQ,MAAM,IAAA,CAAK,KAAK,cAAA,EAAe,CACvCY,CAAAA,CAAM,IAAI,IAAIF,CAAAA,CAAUC,CAAI,CAAA,CAElC,IAAA,GAAW,CAACE,CAAAA,CAAKC,CAAK,CAAA,GAAK,OAAO,OAAA,CAAQ3B,CAAM,CAAA,CAC9C,GAA2B2B,CAAAA,EAAU,IAAA,CAErC,GAAI,KAAA,CAAM,QAAQA,CAAK,CAAA,CACrB,IAAA,IAAWC,CAAAA,IAAQD,CAAAA,CACjBF,CAAAA,CAAI,YAAA,CAAa,MAAA,CAAOC,EAAK,MAAA,CAAOE,CAAI,CAAC,CAAA,CAAA,KAG3CH,EAAI,YAAA,CAAa,GAAA,CAAIC,CAAAA,CAAK,MAAA,CAAOC,CAAK,CAAC,CAAA,CAI3C,IAAMhD,CAAAA,CAAW,MAAM,KAAA,CAAM8C,CAAAA,CAAI,QAAA,GAAY,CAC3C,MAAA,CAAQ,KAAA,CACR,OAAA,CAAS,CACP,aAAA,CAAe,CAAA,OAAA,EAAUZ,CAAK,GAC9B,MAAA,CAAQ,kBACV,CACF,CAAC,CAAA,CAED,GAAI,CAAClC,CAAAA,CAAS,GAAI,CAChB,IAAIK,CAAAA,CACJ,GAAI,CACFA,CAAAA,CAAO,MAAML,CAAAA,CAAS,IAAA,GACxB,CAAA,KAAQ,CACNK,CAAAA,CAAO,MAAML,CAAAA,CAAS,IAAA,GACxB,CACA,MAAM,IAAIuC,CAAAA,CAAavC,CAAAA,CAAS,MAAA,CAAQA,CAAAA,CAAS,UAAA,CAAYK,CAAI,CACnE,CAEA,OAAOL,CAAAA,CAAS,IAAA,EAClB,CACF,ECZO,IAAMkD,CAAAA,CAAN,KAAoB,CAIzB,WAAA,CAAYP,CAAAA,CAAmBQ,CAAAA,CAAgC,CAC7D,IAAA,CAAK,MAAA,CAAS,IAAIT,CAAAA,CAAYC,CAAI,CAAA,CAClC,IAAA,CAAK,OAAA,CAAUQ,CAAAA,EAAS,OAAA,EAAW,mCACrC,CAGA,MAAM,YAAY9B,CAAAA,CAAoD,CACpE,OAAO,IAAA,CAAK,OAAO,GAAA,CAAoB,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CACpH,CAGA,MAAM,eAAA,CAAgBA,CAAAA,CAA4D,CAChF,OAAO,IAAA,CAAK,OAAO,GAAA,CAAwB,IAAA,CAAK,OAAA,CAAS,mBAAA,CAAqBA,CAA4C,CAC5H,CAGA,MAAM,WAAA,CAAYA,EAAoD,CACpE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAoB,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CACpH,CAGA,MAAM,WAAA,CAAYA,CAAAA,CAAsD,CACtE,OAAO,IAAA,CAAK,OAAO,GAAA,CAAsB,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CACtH,CACF,MC9Ba+B,CAAAA,CAAN,KAA+B,CAIpC,WAAA,CAAYT,EAAmBQ,CAAAA,CAAgC,CAC7D,IAAA,CAAK,MAAA,CAAS,IAAIT,CAAAA,CAAYC,CAAI,CAAA,CAClC,IAAA,CAAK,OAAA,CAAUQ,CAAAA,EAAS,OAAA,EAAW,wDACrC,CAGA,MAAM,SAAA,CAAU9B,CAAAA,CAAuD,CACrE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAyB,IAAA,CAAK,QAAS,iBAAA,CAAmBA,CAA4C,CAC3H,CAGA,MAAM,WAAA,CAAYA,CAAAA,CAAmD,CACnE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAmB,IAAA,CAAK,QAAS,kBAAA,CAAoBA,CAA4C,CACtH,CACF,ECjCO,IAAMgC,CAAAA,CAAN,KAA4B,CAIjC,WAAA,CAAYV,CAAAA,CAAmBQ,CAAAA,CAAgC,CAC7D,KAAK,MAAA,CAAS,IAAIT,CAAAA,CAAYC,CAAI,CAAA,CAClC,IAAA,CAAK,OAAA,CAAUQ,CAAAA,EAAS,SAAW,2CACrC,CAGA,MAAM,eAAA,EAAwC,CAC5C,OAAO,IAAA,CAAK,MAAA,CAAO,IAAiB,IAAA,CAAK,OAAA,CAAS,oBAAA,CAAsB,EAAE,CAC5E,CAGA,MAAM,QAAA,CAAS9B,EAAqD,CAClE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAwB,IAAA,CAAK,OAAA,CAAS,YAAA,CAAcA,CAA4C,CACrH,CAGA,MAAM,YAAA,CAAaA,EAA6D,CAC9E,OAAO,IAAA,CAAK,MAAA,CAAO,IAA4B,IAAA,CAAK,OAAA,CAAS,gBAAA,CAAkBA,CAA4C,CAC7H,CAGA,MAAM,UAAA,CAAWA,EAA0D,CACzE,OAAO,IAAA,CAAK,MAAA,CAAO,IAA2B,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CAC3H,CACF","file":"index.mjs","sourcesContent":["import type { StoredToken, TokenResponse } from './types';\n\n/** In-memory token storage with expiry awareness. */\nexport class TokenStore {\n  private token: StoredToken | null = null;\n\n  store(response: TokenResponse): void {\n    const expiresAt =\n      response.expires_in != null\n        ? Date.now() + response.expires_in * 1000\n        : null;\n\n    this.token = {\n      accessToken: response.access_token,\n      expiresAt,\n      refreshToken: response.refresh_token ?? null,\n    };\n  }\n\n  getAccessToken(): string | null {\n    return this.token?.accessToken ?? null;\n  }\n\n  getRefreshToken(): string | null {\n    return this.token?.refreshToken ?? null;\n  }\n\n  /**\n   * Returns true if there is no token or the token is within `bufferSeconds`\n   * of expiry. Defaults to a 30-second buffer to allow for clock skew.\n   */\n  isExpired(bufferSeconds = 30): boolean {\n    if (!this.token) return true;\n    if (this.token.expiresAt === null) return false;\n    return Date.now() >= this.token.expiresAt - bufferSeconds * 1000;\n  }\n\n  clear(): void {\n    this.token = null;\n  }\n}\n","import type { ClientCredentialsConfig, TokenResponse } from './types';\n\n/**\n * Fetches a new access token using the OAuth2 Client Credentials flow.\n */\nexport async function fetchClientCredentialsToken(\n  config: ClientCredentialsConfig\n): Promise<TokenResponse> {\n  const body = new URLSearchParams({\n    grant_type: 'client_credentials',\n    client_id: config.clientId,\n    client_secret: config.clientSecret,\n  });\n\n  if (config.scopes && config.scopes.length > 0) {\n    body.set('scope', config.scopes.join(' '));\n  }\n\n  const tokenUrl = config.tokenUrl;\n  if (!tokenUrl) throw new Error('tokenUrl is required for client credentials flow');\n\n  const response = await fetch(tokenUrl, {\n    method: 'POST',\n    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n    body: body.toString(),\n  });\n\n  if (!response.ok) {\n    const text = await response.text().catch(() => '');\n    throw new Error(\n      `Token request failed: ${response.status} ${response.statusText}${text ? ` — ${text}` : ''}`\n    );\n  }\n\n  return response.json() as Promise<TokenResponse>;\n}\n","import type { AuthorizationCodeConfig, TokenResponse } from './types';\n\n// ---------------------------------------------------------------------------\n// PKCE helpers\n// ---------------------------------------------------------------------------\n\n/** Generates a cryptographically random PKCE code verifier (43-128 chars). */\nexport function generateCodeVerifier(): string {\n  const array = new Uint8Array(32);\n  crypto.getRandomValues(array);\n  return base64UrlEncode(array);\n}\n\n/** Derives a PKCE code challenge (S256) from a code verifier. */\nexport async function generateCodeChallenge(verifier: string): Promise<string> {\n  const encoder = new TextEncoder();\n  const data = encoder.encode(verifier);\n  const digest = await crypto.subtle.digest('SHA-256', data);\n  return base64UrlEncode(new Uint8Array(digest));\n}\n\nfunction base64UrlEncode(bytes: Uint8Array): string {\n  const str = String.fromCharCode(...bytes);\n  return btoa(str).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n\n// ---------------------------------------------------------------------------\n// Authorization Code flows\n// ---------------------------------------------------------------------------\n\n/**\n * Builds the authorization URL to redirect the user to.\n * Returns the URL and the code verifier (must be stored and passed to exchangeCode).\n */\nexport async function getAuthorizationUrl(\n  config: AuthorizationCodeConfig,\n  state?: string\n): Promise<{ url: string; codeVerifier: string }> {\n  const codeVerifier = generateCodeVerifier();\n  const codeChallenge = await generateCodeChallenge(codeVerifier);\n\n  const params = new URLSearchParams({\n    response_type: 'code',\n    client_id: config.clientId,\n    redirect_uri: config.redirectUri,\n    code_challenge: codeChallenge,\n    code_challenge_method: 'S256',\n  });\n\n  if (config.scopes && config.scopes.length > 0) {\n    params.set('scope', config.scopes.join(' '));\n  }\n\n  if (state) {\n    params.set('state', state);\n  }\n\n  const authUrl = config.authorizationUrl;\n  if (!authUrl) throw new Error('authorizationUrl is required for authorization-code flow');\n\n  return {\n    url: `${authUrl}?${params.toString()}`,\n    codeVerifier,\n  };\n}\n\n/**\n * Exchanges an authorization code for tokens.\n */\nexport async function exchangeCode(\n  config: AuthorizationCodeConfig,\n  code: string,\n  codeVerifier: string\n): Promise<TokenResponse> {\n  const body = new URLSearchParams({\n    grant_type: 'authorization_code',\n    client_id: config.clientId,\n    redirect_uri: config.redirectUri,\n    code,\n    code_verifier: codeVerifier,\n  });\n\n  const tokenUrl = config.tokenUrl;\n  if (!tokenUrl) throw new Error('tokenUrl is required for authorization-code flow');\n  return tokenRequest(tokenUrl, body);\n}\n\n/**\n * Refreshes an access token using a refresh token.\n */\nexport async function refreshAccessToken(\n  config: AuthorizationCodeConfig,\n  refreshToken: string\n): Promise<TokenResponse> {\n  const body = new URLSearchParams({\n    grant_type: 'refresh_token',\n    client_id: config.clientId,\n    refresh_token: refreshToken,\n  });\n\n  const tokenUrl = config.tokenUrl;\n  if (!tokenUrl) throw new Error('tokenUrl is required for authorization-code flow');\n  return tokenRequest(tokenUrl, body);\n}\n\nasync function tokenRequest(\n  tokenUrl: string,\n  body: URLSearchParams\n): Promise<TokenResponse> {\n  const response = await fetch(tokenUrl, {\n    method: 'POST',\n    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n    body: body.toString(),\n  });\n\n  if (!response.ok) {\n    const text = await response.text().catch(() => '');\n    throw new Error(\n      `Token request failed: ${response.status} ${response.statusText}${text ? ` — ${text}` : ''}`\n    );\n  }\n\n  return response.json() as Promise<TokenResponse>;\n}\n","const BCIS_DISCOVERY_URL = 'https://id.bcis.co.uk/.well-known/openid-configuration';\n\nexport interface OidcConfig {\n  token_endpoint: string;\n  authorization_endpoint: string;\n  [key: string]: unknown;\n}\n\n/** Module-level cache keyed by discovery URL */\nconst cache = new Map<string, OidcConfig>();\n\n/**\n * Fetches and caches the OpenID Connect discovery document.\n * Defaults to the BCIS identity provider.\n */\nexport async function fetchOidcConfig(discoveryUrl = BCIS_DISCOVERY_URL): Promise<OidcConfig> {\n  const cached = cache.get(discoveryUrl);\n  if (cached) return cached;\n\n  const response = await fetch(discoveryUrl);\n  if (!response.ok) {\n    throw new Error(\n      `OIDC discovery failed: ${response.status} ${response.statusText} (${discoveryUrl})`\n    );\n  }\n\n  const config = (await response.json()) as OidcConfig;\n\n  if (!config.token_endpoint || !config.authorization_endpoint) {\n    throw new Error(`OIDC discovery document at ${discoveryUrl} is missing required endpoints`);\n  }\n\n  cache.set(discoveryUrl, config);\n  return config;\n}\n","import type { AuthConfig, AuthorizationCodeConfig, ClientCredentialsConfig } from './types';\nimport { TokenStore } from './token-store';\nimport { fetchClientCredentialsToken } from './client-credentials';\nimport {\n  getAuthorizationUrl as buildAuthorizationUrl,\n  exchangeCode,\n  refreshAccessToken,\n} from './authorization-code';\nimport { fetchOidcConfig } from './oidc-discovery';\n\n/**\n * Centralized OAuth2 authentication manager.\n *\n * Supports:\n * - Client Credentials flow (server-to-server, fully automatic)\n * - Authorization Code + PKCE flow (user-facing applications)\n *\n * Endpoint URLs (`tokenUrl`, `authorizationUrl`) are optional — when omitted they are\n * resolved automatically from the BCIS OpenID Connect discovery document at\n * `https://id.bcis.co.uk/.well-known/openid-configuration`.\n *\n * @example Client Credentials (auto-discovered endpoints)\n * ```ts\n * const auth = new AuthManager({\n *   flow: 'client-credentials',\n *   clientId: 'my-id',\n *   clientSecret: 'my-secret',\n * });\n * const token = await auth.getAccessToken();\n * ```\n *\n * @example Authorization Code (auto-discovered endpoints)\n * ```ts\n * const auth = new AuthManager({\n *   flow: 'authorization-code',\n *   clientId: 'my-id',\n *   redirectUri: 'https://myapp.com/callback',\n *   scopes: ['openid', 'profile'],\n * });\n *\n * // Step 1: redirect user\n * const { url, codeVerifier } = await auth.getAuthorizationUrl();\n * // store codeVerifier in session, redirect user to url\n *\n * // Step 2: on callback\n * await auth.handleCallback(code, codeVerifier);\n *\n * // Step 3: use the SDK\n * const token = await auth.getAccessToken();\n * ```\n */\nexport class AuthManager {\n  private readonly store = new TokenStore();\n  /** Pending token fetch promise to prevent concurrent requests */\n  private inflight: Promise<void> | null = null;\n  /** Cached resolved endpoints (populated lazily from OIDC discovery) */\n  private endpoints: { tokenUrl: string; authorizationUrl: string } | null = null;\n\n  constructor(private readonly config: AuthConfig) {}\n\n  /**\n   * Returns a valid access token, fetching or refreshing as needed.\n   * For Client Credentials flow this is fully automatic.\n   * For Authorization Code flow, `handleCallback` must have been called first.\n   */\n  async getAccessToken(): Promise<string> {\n    if (!this.store.isExpired()) {\n      return this.store.getAccessToken()!;\n    }\n\n    if (this.inflight) {\n      await this.inflight;\n      return this.store.getAccessToken()!;\n    }\n\n    this.inflight = this.refresh();\n    try {\n      await this.inflight;\n    } finally {\n      this.inflight = null;\n    }\n\n    const token = this.store.getAccessToken();\n    if (!token) throw new Error('Failed to obtain access token');\n    return token;\n  }\n\n  /**\n   * Authorization Code flow only.\n   * Builds and returns the authorization URL to redirect the user to.\n   * The returned `codeVerifier` must be persisted (e.g. in session storage)\n   * and passed to `handleCallback`.\n   */\n  async getAuthorizationUrl(state?: string): Promise<{ url: string; codeVerifier: string }> {\n    if (this.config.flow !== 'authorization-code') {\n      throw new Error('getAuthorizationUrl is only available for authorization-code flow');\n    }\n    const endpoints = await this.resolveEndpoints();\n    return buildAuthorizationUrl(\n      { ...(this.config as AuthorizationCodeConfig), ...endpoints },\n      state\n    );\n  }\n\n  /**\n   * Authorization Code flow only.\n   * Exchanges the authorization code (from the redirect callback) for tokens\n   * and stores them internally.\n   */\n  async handleCallback(code: string, codeVerifier: string): Promise<void> {\n    if (this.config.flow !== 'authorization-code') {\n      throw new Error('handleCallback is only available for authorization-code flow');\n    }\n    const endpoints = await this.resolveEndpoints();\n    const tokenResponse = await exchangeCode(\n      { ...(this.config as AuthorizationCodeConfig), ...endpoints },\n      code,\n      codeVerifier\n    );\n    this.store.store(tokenResponse);\n  }\n\n  /** Clears all stored tokens. */\n  clearTokens(): void {\n    this.store.clear();\n  }\n\n  /**\n   * Resolves `tokenUrl` and `authorizationUrl`, fetching the OIDC discovery document\n   * if either URL is absent from the config. Result is cached after the first call.\n   */\n  private async resolveEndpoints(): Promise<{ tokenUrl: string; authorizationUrl: string }> {\n    if (this.endpoints) return this.endpoints;\n\n    const cfg = this.config as {\n      tokenUrl?: string;\n      authorizationUrl?: string;\n      discoveryUrl?: string;\n    };\n\n    const needsDiscovery =\n      !cfg.tokenUrl ||\n      (this.config.flow === 'authorization-code' && !cfg.authorizationUrl);\n\n    if (needsDiscovery) {\n      const oidc = await fetchOidcConfig(cfg.discoveryUrl);\n      this.endpoints = {\n        tokenUrl: cfg.tokenUrl ?? oidc.token_endpoint,\n        authorizationUrl: cfg.authorizationUrl ?? oidc.authorization_endpoint,\n      };\n    } else {\n      this.endpoints = {\n        tokenUrl: cfg.tokenUrl!,\n        authorizationUrl: cfg.authorizationUrl ?? '',\n      };\n    }\n\n    return this.endpoints;\n  }\n\n  private async refresh(): Promise<void> {\n    const endpoints = await this.resolveEndpoints();\n\n    if (this.config.flow === 'client-credentials') {\n      const tokenResponse = await fetchClientCredentialsToken({\n        ...(this.config as ClientCredentialsConfig),\n        tokenUrl: endpoints.tokenUrl,\n      });\n      this.store.store(tokenResponse);\n      return;\n    }\n\n    // Authorization Code flow: try refresh token first, else throw\n    const refreshToken = this.store.getRefreshToken();\n    if (refreshToken) {\n      const tokenResponse = await refreshAccessToken(\n        { ...(this.config as AuthorizationCodeConfig), ...endpoints },\n        refreshToken\n      );\n      this.store.store(tokenResponse);\n      return;\n    }\n\n    throw new Error(\n      'No valid token available. Call getAuthorizationUrl() and handleCallback() first.'\n    );\n  }\n}\n","import type { AuthManager } from '../auth/auth-manager';\n\n/** Thrown when an API response is not 2xx. */\nexport class BcisApiError extends Error {\n  constructor(\n    public readonly status: number,\n    public readonly statusText: string,\n    public readonly body: unknown\n  ) {\n    super(`BCIS API error ${status} ${statusText}`);\n    this.name = 'BcisApiError';\n  }\n}\n\n/**\n * Thin fetch wrapper that:\n * - Injects the Authorization: Bearer header from AuthManager\n * - Serialises query parameters (including arrays as repeated params)\n * - Throws BcisApiError on non-2xx responses\n */\nexport class FetchClient {\n  constructor(private readonly auth: AuthManager) {}\n\n  async get<T>(\n    baseUrl: string,\n    path: string,\n    params: Record<string, unknown> = {}\n  ): Promise<T> {\n    const token = await this.auth.getAccessToken();\n    const url = new URL(baseUrl + path);\n\n    for (const [key, value] of Object.entries(params)) {\n      if (value === undefined || value === null) continue;\n\n      if (Array.isArray(value)) {\n        for (const item of value) {\n          url.searchParams.append(key, String(item));\n        }\n      } else {\n        url.searchParams.set(key, String(value));\n      }\n    }\n\n    const response = await fetch(url.toString(), {\n      method: 'GET',\n      headers: {\n        Authorization: `Bearer ${token}`,\n        Accept: 'application/json',\n      },\n    });\n\n    if (!response.ok) {\n      let body: unknown;\n      try {\n        body = await response.json();\n      } catch {\n        body = await response.text();\n      }\n      throw new BcisApiError(response.status, response.statusText, body);\n    }\n\n    return response.json() as Promise<T>;\n  }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { AbpResponseDto, IndicesResponseDto, TpsResponseDto, CodesResponseDto } from '../types/core-api.types';\n\n// --- Parameter interfaces ---\n\nexport interface AbpRetrieveParams {\n  /** When true, returns additional data for graph plotting. Default false. */\n  'include-data-for-graph'?: boolean;\n  /** When true, includes sub-divided categories (e.g., size bands) in results. Default false. */\n  'include-subclasses'?: boolean;\n  /** A comma-separated list of building function codes used to filter study results. [See the Codes Update API](/docs/bcis-grace-svc-core-apis/1a5fdc770c00d-codes-update). */\n  'building-function': string[];\n  /** A list of type of work codes to filter the results by, the example contains all valid codes. */\n  'type-of-work': string[];\n  /** A six-character code identifying the BCIS study */\n  'abp-study': 'ABPBUI' | 'ABPFUN' | 'ABPGRP' | 'ABPEM2' | 'ABPEUR' | 'ABPEXT';\n}\n\nexport interface IndicesRetrieveParams {\n  /** Restricts the index series by year e.g. `1985` or description `1985 mean = 100`. Ignored if a series number is provided. Descriptions must match text exactly, case-insensitive but including spaces. */\n  'base-of-series'?: string;\n  /** Restricts index series by `regularity` (`monthly`, `quarterly`, `annual`). Ignored if a series number is used. Defaults to `quarterly`, then `monthly`, then `annual`. */\n  regularity?: string[];\n  /** Restricts index figures up to a specific month `yyyy-mm`, or leave blank for latest available. */\n  'end-date'?: string;\n  /** Restricts index figures to a specific month `yyyy-mm`, or leave blank for earliest available. */\n  'start-date'?: string;\n  /** Comma-delimited list of short names (e.g. `BCISTPI:AllIn`) or series numbers. [See the Codes Update API](/docs/bcis-grace-svc-core-apis/1a5fdc770c00d-codes-update). */\n  'series-identification': string[];\n}\n\nexport interface TpsRetrieveParams {\n  /** Supports suffixes to filter or refine the study data:    - Level Filters:       - `:region`, `:county`, `:district`       - Example: `location2000:region` (regional indices), `location2000:county,district` (county and district indices)    - Postcode Filter:       - `:postcode:<POSTCODE>` (no spaces)       - Example: `location2000:postcode:SW1P3AD`       - Cannot be combined with level filters.    - Effective Date Filter:       - `:EffectiveDate:<YYYYQn>`       - Example: `location2000:EffectiveDate:2015Q2`       - Can be combined with postcode or level filters.    - Outcode List:       - `:outcode`       - Example: `location2000:outcode`       - Not supported for 1980 boundaries or with EffectiveDate.   `short-tps-name` is not case sensitive.    For available studies, use the `codesUpdate` web service with `codeType=shortTPSName`. */\n  'short-tps-name': string;\n}\n\nexport interface CodesUpdateParams {\n  /** A date in `yyyy-mm-dd` format. Returns only codes added or modified since this date. Not supported for all code types. Leave blank to return all codes. */\n  'if-changed-since'?: string;\n  /** A version string to select relevant code tables. */\n  version?: string;\n  /**    A string to select the code list required. The supported values are:    - `seriesIdentification`: All regularity names (for `/indices-retrieve`)   - `shortTPSName`: Tender Price Studies - short names (for `/tps-retrieve`)   - `ABPStudy`: Average building prices study codes (for `/abp-retrieve`)   - `BuildingFunction`: List of building function codes (for `/abp-retrieve`, and `/analyses-search`)  - `BuildingFunction:Categories`: List of building function categories   - `BuildingFunction:[1-9]`: List of building function codes for the category specified after the colon   - `BuildingFunction:Duration`: List of building function codes for duration calculator (for `Duration Model Calculate Api`)   - `BuildingFunction:Duration:Categories`: List of building function categories for duration calculator (for `Duration Model Calculate Api`)   - `BuildingFunction:Duration:[1-9]`: List of building function codes for duration calculator for category specified after the colon (for `Duration Model Calculate Api`)   - `BuildingFunction:ABP`: List of building function codes for average building prices study where results are available to the user (for `/abp-retrieve`)   - `SimplifiedTypeOfWork`: List of shorter type of work codes (for `/abp-retrieve`)    The list of supported code types may be extended in the future. */\n  'code-type': 'shortTPSName' | 'ABPStudy' | 'BuildingFunction' | 'BuildingFunction:Categories' | 'BuildingFunction:[1-9]' | 'BuildingFunction:Duration' | 'BuildingFunction:Duration:Categories' | 'BuildingFunction:Duration:[1-9]' | 'BuildingFunction:ABP' | 'SimplifiedTypeOfWork';\n}\n\n// --- Client ---\n\nexport class CoreApiClient {\n  private readonly client: FetchClient;\n  private readonly baseUrl: string;\n\n  constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n    this.client = new FetchClient(auth);\n    this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/core-apis';\n  }\n\n  /** abp-retrieve */\n  async abpRetrieve(params: AbpRetrieveParams): Promise<AbpResponseDto> {\n    return this.client.get<AbpResponseDto>(this.baseUrl, '/abp-retrieve', params as unknown as Record<string, unknown>);\n  }\n\n  /** indices-retrieve */\n  async indicesRetrieve(params: IndicesRetrieveParams): Promise<IndicesResponseDto> {\n    return this.client.get<IndicesResponseDto>(this.baseUrl, '/indices-retrieve', params as unknown as Record<string, unknown>);\n  }\n\n  /** tps-retrieve */\n  async tpsRetrieve(params: TpsRetrieveParams): Promise<TpsResponseDto> {\n    return this.client.get<TpsResponseDto>(this.baseUrl, '/tps-retrieve', params as unknown as Record<string, unknown>);\n  }\n\n  /** codes-update */\n  async codesUpdate(params: CodesUpdateParams): Promise<CodesResponseDto> {\n    return this.client.get<CodesResponseDto>(this.baseUrl, '/codes-update', params as unknown as Record<string, unknown>);\n  }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { CalculationResponse, UsageResponse } from '../types/residential-rebuild.types';\n\n// --- Parameter interfaces ---\n\nexport interface CalculateParams {\n  /** Postcode of the property */\n  postCode: string;\n  /** Type of the property */\n  type: string;\n  /** Number of storeys in the property */\n  storeys: string;\n  /** Style of the property: detached, terraced, etc */\n  style: string;\n  /** Type of the walls of the property */\n  wallType: string;\n  /** Type of the roof of the property */\n  roofType?: string;\n  /** Year the property was built */\n  yearBuilt: number;\n  /** Number of flats */\n  noOfFlats?: number;\n  /** Area of the property in sq.m. */\n  area?: number;\n  /** Number of rooms in the property */\n  noOfRooms?: number;\n  /** Number of bedrooms in the property */\n  noOfBedrooms?: number;\n  /** Number of garage spaces in the property */\n  noOfGarageSpaces?: number;\n  /** Number of bathrooms in the property */\n  noOfBathrooms?: number;\n  /** Special features of the property, Must be blank, or a comma delimited list containing one or more of 'cellar' or 'noexternals' */\n  specialFeatures?: string;\n}\n\nexport interface ReportUsageParams {\n  /** First month of the usage report */\n  startMonth?: string;\n  /** Last month of the usage report */\n  endMonth?: string;\n}\n\n// --- Client ---\n\nexport class ResidentialRebuildClient {\n  private readonly client: FetchClient;\n  private readonly baseUrl: string;\n\n  constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n    this.client = new FetchClient(auth);\n    this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/residential-rebuild-calculator';\n  }\n\n  /** rbls-calculate */\n  async calculate(params: CalculateParams): Promise<CalculationResponse> {\n    return this.client.get<CalculationResponse>(this.baseUrl, '/rbls-calculate', params as unknown as Record<string, unknown>);\n  }\n\n  /** rbls-report-use */\n  async reportUsage(params: ReportUsageParams): Promise<UsageResponse> {\n    return this.client.get<UsageResponse>(this.baseUrl, '/rbls-report-use', params as unknown as Record<string, unknown>);\n  }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { EditionsDto, GetRateResponseDto, GetResourceResponseDto, GetBuildUpResponseDto } from '../types/schedule-of-rates.types';\n\n// --- Parameter interfaces ---\n\nexport interface GetRatesParams {\n  /** node id, returned data are for the selected node */\n  'selected-node-id'?: string;\n  /** filter term, returned nodes contain the text somewhere in that branch */\n  'filter-text'?: string;\n  /** id obtained from get-books-edition */\n  'edition-id': string;\n}\n\nexport interface GetResourcesParams {\n  /** node id, returned data are for the selected node */\n  'selected-node-id'?: string;\n  /** filter term, returned nodes contain the text somewhere in that branch */\n  'filter-text'?: string;\n  /** id obtained from get-books-edition */\n  'edition-id': string;\n}\n\nexport interface GetBuildUpParams {\n  /** Id as returned from GetRates or GetResources */\n  'entity-id': string;\n}\n\n// --- Client ---\n\nexport class ScheduleOfRatesClient {\n  private readonly client: FetchClient;\n  private readonly baseUrl: string;\n\n  constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n    this.client = new FetchClient(auth);\n    this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/schedule-of-rates';\n  }\n\n  /** Lists books and editions available to user */\n  async getBooksEdition(): Promise<EditionsDto> {\n    return this.client.get<EditionsDto>(this.baseUrl, '/get-books-edition', {});\n  }\n\n  /** Lists matching rates */\n  async getRates(params: GetRatesParams): Promise<GetRateResponseDto> {\n    return this.client.get<GetRateResponseDto>(this.baseUrl, '/get-rates', params as unknown as Record<string, unknown>);\n  }\n\n  /** Lists matching resources */\n  async getResources(params: GetResourcesParams): Promise<GetResourceResponseDto> {\n    return this.client.get<GetResourceResponseDto>(this.baseUrl, '/get-resources', params as unknown as Record<string, unknown>);\n  }\n\n  /** Lists components of a rate or buildUp */\n  async getBuildUp(params: GetBuildUpParams): Promise<GetBuildUpResponseDto> {\n    return this.client.get<GetBuildUpResponseDto>(this.baseUrl, '/get-build-up', params as unknown as Record<string, unknown>);\n  }\n}\n"]}
+{"version":3,"sources":["../src/auth/token-store.ts","../src/auth/client-credentials.ts","../src/auth/authorization-code.ts","../src/auth/oidc-discovery.ts","../src/auth/auth-manager.ts","../src/http/fetch-client.ts","../src/clients/core-api.ts","../src/clients/duration-calculator.ts","../src/clients/residential-rebuild.ts","../src/clients/schedule-of-rates.ts"],"names":["TokenStore","response","expiresAt","bufferSeconds","fetchClientCredentialsToken","config","body","tokenUrl","text","generateCodeVerifier","array","base64UrlEncode","generateCodeChallenge","verifier","data","digest","bytes","str","getAuthorizationUrl","state","codeVerifier","codeChallenge","params","authUrl","exchangeCode","code","tokenRequest","refreshAccessToken","refreshToken","BCIS_DISCOVERY_URL","cache","fetchOidcConfig","discoveryUrl","cached","AuthManager","token","endpoints","tokenResponse","cfg","oidc","BcisApiError","status","statusText","FetchClient","auth","baseUrl","path","url","key","value","item","CoreApiClient","options","DurationCalculatorClient","ResidentialRebuildClient","ScheduleOfRatesClient"],"mappings":"AAGO,IAAMA,CAAAA,CAAN,KAAiB,CAAjB,WAAA,EAAA,CACL,KAAQ,KAAA,CAA4B,KAAA,CAEpC,KAAA,CAAMC,CAAAA,CAA+B,CACnC,IAAMC,CAAAA,CACJD,CAAAA,CAAS,UAAA,EAAc,KACnB,IAAA,CAAK,GAAA,EAAI,CAAIA,CAAAA,CAAS,WAAa,GAAA,CACnC,IAAA,CAEN,IAAA,CAAK,KAAA,CAAQ,CACX,WAAA,CAAaA,CAAAA,CAAS,YAAA,CACtB,SAAA,CAAAC,EACA,YAAA,CAAcD,CAAAA,CAAS,aAAA,EAAiB,IAC1C,EACF,CAEA,cAAA,EAAgC,CAC9B,OAAO,IAAA,CAAK,KAAA,EAAO,WAAA,EAAe,IACpC,CAEA,eAAA,EAAiC,CAC/B,OAAO,IAAA,CAAK,OAAO,YAAA,EAAgB,IACrC,CAMA,SAAA,CAAUE,EAAgB,EAAA,CAAa,CACrC,OAAK,IAAA,CAAK,MACN,IAAA,CAAK,KAAA,CAAM,SAAA,GAAc,IAAA,CAAa,MACnC,IAAA,CAAK,GAAA,EAAI,EAAK,IAAA,CAAK,MAAM,SAAA,CAAYA,CAAAA,CAAgB,GAAA,CAFpC,IAG1B,CAEA,KAAA,EAAc,CACZ,IAAA,CAAK,KAAA,CAAQ,KACf,CACF,CAAA,CCnCA,eAAsBC,EACpBC,CAAAA,CACwB,CACxB,IAAMC,CAAAA,CAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,oBAAA,CACZ,UAAWD,CAAAA,CAAO,QAAA,CAClB,aAAA,CAAeA,CAAAA,CAAO,YACxB,CAAC,CAAA,CAEGA,CAAAA,CAAO,MAAA,EAAUA,EAAO,MAAA,CAAO,MAAA,CAAS,CAAA,EAC1CC,CAAAA,CAAK,IAAI,OAAA,CAASD,CAAAA,CAAO,MAAA,CAAO,IAAA,CAAK,GAAG,CAAC,CAAA,CAG3C,IAAME,CAAAA,CAAWF,EAAO,QAAA,CACxB,GAAI,CAACE,CAAAA,CAAU,MAAM,IAAI,KAAA,CAAM,kDAAkD,CAAA,CAEjF,IAAMN,CAAAA,CAAW,MAAM,KAAA,CAAMM,CAAAA,CAAU,CACrC,MAAA,CAAQ,MAAA,CACR,OAAA,CAAS,CAAE,eAAgB,mCAAoC,CAAA,CAC/D,IAAA,CAAMD,CAAAA,CAAK,UACb,CAAC,CAAA,CAED,GAAI,CAACL,CAAAA,CAAS,EAAA,CAAI,CAChB,IAAMO,EAAO,MAAMP,CAAAA,CAAS,IAAA,EAAK,CAAE,KAAA,CAAM,IAAM,EAAE,CAAA,CACjD,MAAM,IAAI,KAAA,CACR,CAAA,sBAAA,EAAyBA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,CAAAA,CAAS,UAAU,CAAA,EAAGO,EAAO,CAAA,QAAA,EAAMA,CAAI,CAAA,CAAA,CAAK,EAAE,EAC5F,CACF,CAEA,OAAOP,CAAAA,CAAS,MAClB,CC5BO,SAASQ,CAAAA,EAA+B,CAC7C,IAAMC,CAAAA,CAAQ,IAAI,UAAA,CAAW,EAAE,CAAA,CAC/B,OAAA,MAAA,CAAO,eAAA,CAAgBA,CAAK,CAAA,CACrBC,CAAAA,CAAgBD,CAAK,CAC9B,CAGA,eAAsBE,CAAAA,CAAsBC,CAAAA,CAAmC,CAE7E,IAAMC,CAAAA,CADU,IAAI,WAAA,EAAY,CACX,OAAOD,CAAQ,CAAA,CAC9BE,CAAAA,CAAS,MAAM,OAAO,MAAA,CAAO,MAAA,CAAO,SAAA,CAAWD,CAAI,EACzD,OAAOH,CAAAA,CAAgB,IAAI,UAAA,CAAWI,CAAM,CAAC,CAC/C,CAEA,SAASJ,EAAgBK,CAAAA,CAA2B,CAClD,IAAMC,CAAAA,CAAM,MAAA,CAAO,YAAA,CAAa,GAAGD,CAAK,EACxC,OAAO,IAAA,CAAKC,CAAG,CAAA,CAAE,QAAQ,KAAA,CAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,MAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,CAAO,EAAE,CAC5E,CAUA,eAAsBC,CAAAA,CACpBb,EACAc,CAAAA,CACgD,CAChD,IAAMC,CAAAA,CAAeX,GAAqB,CACpCY,CAAAA,CAAgB,MAAMT,CAAAA,CAAsBQ,CAAY,CAAA,CAExDE,CAAAA,CAAS,IAAI,eAAA,CAAgB,CACjC,aAAA,CAAe,MAAA,CACf,SAAA,CAAWjB,CAAAA,CAAO,SAClB,YAAA,CAAcA,CAAAA,CAAO,WAAA,CACrB,cAAA,CAAgBgB,EAChB,qBAAA,CAAuB,MACzB,CAAC,CAAA,CAEGhB,EAAO,MAAA,EAAUA,CAAAA,CAAO,MAAA,CAAO,MAAA,CAAS,GAC1CiB,CAAAA,CAAO,GAAA,CAAI,OAAA,CAASjB,CAAAA,CAAO,OAAO,IAAA,CAAK,GAAG,CAAC,CAAA,CAGzCc,GACFG,CAAAA,CAAO,GAAA,CAAI,OAAA,CAASH,CAAK,EAG3B,IAAMI,CAAAA,CAAUlB,CAAAA,CAAO,gBAAA,CACvB,GAAI,CAACkB,CAAAA,CAAS,MAAM,IAAI,KAAA,CAAM,0DAA0D,CAAA,CAExF,OAAO,CACL,GAAA,CAAK,CAAA,EAAGA,CAAO,CAAA,CAAA,EAAID,EAAO,QAAA,EAAU,CAAA,CAAA,CACpC,YAAA,CAAAF,CACF,CACF,CAKA,eAAsBI,CAAAA,CACpBnB,EACAoB,CAAAA,CACAL,CAAAA,CACwB,CACxB,IAAMd,EAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,qBACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,YAAA,CAAcA,CAAAA,CAAO,WAAA,CACrB,IAAA,CAAAoB,CAAAA,CACA,cAAeL,CACjB,CAAC,CAAA,CAEKb,CAAAA,CAAWF,EAAO,QAAA,CACxB,GAAI,CAACE,CAAAA,CAAU,MAAM,IAAI,KAAA,CAAM,kDAAkD,CAAA,CACjF,OAAOmB,CAAAA,CAAanB,CAAAA,CAAUD,CAAI,CACpC,CAKA,eAAsBqB,CAAAA,CACpBtB,CAAAA,CACAuB,CAAAA,CACwB,CACxB,IAAMtB,CAAAA,CAAO,IAAI,eAAA,CAAgB,CAC/B,UAAA,CAAY,eAAA,CACZ,SAAA,CAAWD,CAAAA,CAAO,QAAA,CAClB,aAAA,CAAeuB,CACjB,CAAC,EAEKrB,CAAAA,CAAWF,CAAAA,CAAO,QAAA,CACxB,GAAI,CAACE,CAAAA,CAAU,MAAM,IAAI,KAAA,CAAM,kDAAkD,CAAA,CACjF,OAAOmB,CAAAA,CAAanB,CAAAA,CAAUD,CAAI,CACpC,CAEA,eAAeoB,CAAAA,CACbnB,EACAD,CAAAA,CACwB,CACxB,IAAML,CAAAA,CAAW,MAAM,KAAA,CAAMM,CAAAA,CAAU,CACrC,MAAA,CAAQ,OACR,OAAA,CAAS,CAAE,cAAA,CAAgB,mCAAoC,EAC/D,IAAA,CAAMD,CAAAA,CAAK,QAAA,EACb,CAAC,CAAA,CAED,GAAI,CAACL,CAAAA,CAAS,GAAI,CAChB,IAAMO,CAAAA,CAAO,MAAMP,EAAS,IAAA,EAAK,CAAE,KAAA,CAAM,IAAM,EAAE,CAAA,CACjD,MAAM,IAAI,KAAA,CACR,yBAAyBA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,CAAAA,CAAS,UAAU,CAAA,EAAGO,CAAAA,CAAO,CAAA,QAAA,EAAMA,CAAI,GAAK,EAAE,CAAA,CAC5F,CACF,CAEA,OAAOP,CAAAA,CAAS,IAAA,EAClB,CC3HA,IAAM4B,CAAAA,CAAqB,wDAAA,CASrBC,CAAAA,CAAQ,IAAI,GAAA,CAMlB,eAAsBC,CAAAA,CAAgBC,CAAAA,CAAeH,EAAyC,CAC5F,IAAMI,CAAAA,CAASH,CAAAA,CAAM,IAAIE,CAAY,CAAA,CACrC,GAAIC,CAAAA,CAAQ,OAAOA,CAAAA,CAEnB,IAAMhC,CAAAA,CAAW,MAAM,MAAM+B,CAAY,CAAA,CACzC,GAAI,CAAC/B,EAAS,EAAA,CACZ,MAAM,IAAI,KAAA,CACR,0BAA0BA,CAAAA,CAAS,MAAM,CAAA,CAAA,EAAIA,CAAAA,CAAS,UAAU,CAAA,EAAA,EAAK+B,CAAY,CAAA,CAAA,CACnF,CAAA,CAGF,IAAM3B,CAAAA,CAAU,MAAMJ,CAAAA,CAAS,IAAA,GAE/B,GAAI,CAACI,CAAAA,CAAO,cAAA,EAAkB,CAACA,CAAAA,CAAO,sBAAA,CACpC,MAAM,IAAI,MAAM,CAAA,2BAAA,EAA8B2B,CAAY,CAAA,8BAAA,CAAgC,CAAA,CAG5F,OAAAF,CAAAA,CAAM,GAAA,CAAIE,CAAAA,CAAc3B,CAAM,EACvBA,CACT,CCiBO,IAAM6B,CAAAA,CAAN,KAAkB,CAOvB,WAAA,CAA6B7B,CAAAA,CAAoB,CAApB,IAAA,CAAA,MAAA,CAAAA,CAAAA,CAN7B,IAAA,CAAiB,KAAA,CAAQ,IAAIL,CAAAA,CAE7B,IAAA,CAAQ,QAAA,CAAiC,IAAA,CAEzC,KAAQ,SAAA,CAAmE,KAEzB,CAOlD,MAAM,gBAAkC,CACtC,GAAI,CAAC,IAAA,CAAK,MAAM,SAAA,EAAU,CACxB,OAAO,IAAA,CAAK,MAAM,cAAA,EAAe,CAGnC,GAAI,IAAA,CAAK,SACP,OAAA,MAAM,IAAA,CAAK,QAAA,CACJ,IAAA,CAAK,MAAM,cAAA,EAAe,CAGnC,IAAA,CAAK,QAAA,CAAW,KAAK,OAAA,EAAQ,CAC7B,GAAI,CACF,MAAM,IAAA,CAAK,SACb,CAAA,OAAE,CACA,KAAK,QAAA,CAAW,KAClB,CAEA,IAAMmC,EAAQ,IAAA,CAAK,KAAA,CAAM,cAAA,EAAe,CACxC,GAAI,CAACA,CAAAA,CAAO,MAAM,IAAI,MAAM,+BAA+B,CAAA,CAC3D,OAAOA,CACT,CAQA,MAAM,mBAAA,CAAoBhB,CAAAA,CAAgE,CACxF,GAAI,IAAA,CAAK,MAAA,CAAO,IAAA,GAAS,qBACvB,MAAM,IAAI,KAAA,CAAM,mEAAmE,EAErF,IAAMiB,CAAAA,CAAY,MAAM,IAAA,CAAK,kBAAiB,CAC9C,OAAOlB,CAAAA,CACL,CAAE,GAAI,IAAA,CAAK,MAAA,CAAoC,GAAGkB,CAAU,EAC5DjB,CACF,CACF,CAOA,MAAM,eAAeM,CAAAA,CAAcL,CAAAA,CAAqC,CACtE,GAAI,KAAK,MAAA,CAAO,IAAA,GAAS,oBAAA,CACvB,MAAM,IAAI,KAAA,CAAM,8DAA8D,CAAA,CAEhF,IAAMgB,CAAAA,CAAY,MAAM,IAAA,CAAK,gBAAA,GACvBC,CAAAA,CAAgB,MAAMb,CAAAA,CAC1B,CAAE,GAAI,IAAA,CAAK,MAAA,CAAoC,GAAGY,CAAU,EAC5DX,CAAAA,CACAL,CACF,CAAA,CACA,IAAA,CAAK,MAAM,KAAA,CAAMiB,CAAa,EAChC,CAGA,aAAoB,CAClB,IAAA,CAAK,KAAA,CAAM,KAAA,GACb,CAMA,MAAc,gBAAA,EAA4E,CACxF,GAAI,IAAA,CAAK,SAAA,CAAW,OAAO,KAAK,SAAA,CAEhC,IAAMC,CAAAA,CAAM,IAAA,CAAK,OAUjB,GAHE,CAACA,CAAAA,CAAI,QAAA,EACJ,KAAK,MAAA,CAAO,IAAA,GAAS,oBAAA,EAAwB,CAACA,EAAI,gBAAA,CAEjC,CAClB,IAAMC,CAAAA,CAAO,MAAMR,CAAAA,CAAgBO,CAAAA,CAAI,YAAY,CAAA,CACnD,KAAK,SAAA,CAAY,CACf,QAAA,CAAUA,CAAAA,CAAI,UAAYC,CAAAA,CAAK,cAAA,CAC/B,gBAAA,CAAkBD,CAAAA,CAAI,kBAAoBC,CAAAA,CAAK,sBACjD,EACF,CAAA,KACE,KAAK,SAAA,CAAY,CACf,QAAA,CAAUD,CAAAA,CAAI,SACd,gBAAA,CAAkBA,CAAAA,CAAI,gBAAA,EAAoB,EAC5C,EAGF,OAAO,IAAA,CAAK,SACd,CAEA,MAAc,OAAA,EAAyB,CACrC,IAAMF,CAAAA,CAAY,MAAM,IAAA,CAAK,gBAAA,EAAiB,CAE9C,GAAI,KAAK,MAAA,CAAO,IAAA,GAAS,oBAAA,CAAsB,CAC7C,IAAMC,CAAAA,CAAgB,MAAMjC,CAAAA,CAA4B,CACtD,GAAI,IAAA,CAAK,MAAA,CACT,QAAA,CAAUgC,EAAU,QACtB,CAAC,CAAA,CACD,IAAA,CAAK,MAAM,KAAA,CAAMC,CAAa,CAAA,CAC9B,MACF,CAGA,IAAMT,CAAAA,CAAe,IAAA,CAAK,KAAA,CAAM,iBAAgB,CAChD,GAAIA,CAAAA,CAAc,CAChB,IAAMS,CAAAA,CAAgB,MAAMV,CAAAA,CAC1B,CAAE,GAAI,IAAA,CAAK,MAAA,CAAoC,GAAGS,CAAU,EAC5DR,CACF,CAAA,CACA,IAAA,CAAK,KAAA,CAAM,KAAA,CAAMS,CAAa,CAAA,CAC9B,MACF,CAEA,MAAM,IAAI,KAAA,CACR,kFACF,CACF,CACF,ECxLO,IAAMG,CAAAA,CAAN,cAA2B,KAAM,CACtC,WAAA,CACkBC,CAAAA,CACAC,EACApC,CAAAA,CAChB,CACA,KAAA,CAAM,CAAA,eAAA,EAAkBmC,CAAM,CAAA,CAAA,EAAIC,CAAU,CAAA,CAAE,CAAA,CAJ9B,YAAAD,CAAAA,CACA,IAAA,CAAA,UAAA,CAAAC,CAAAA,CACA,IAAA,CAAA,IAAA,CAAApC,EAGhB,IAAA,CAAK,IAAA,CAAO,eACd,CACF,CAAA,CAQaqC,CAAAA,CAAN,KAAkB,CACvB,YAA6BC,CAAAA,CAAmB,CAAnB,IAAA,CAAA,IAAA,CAAAA,EAAoB,CAEjD,MAAM,GAAA,CACJC,CAAAA,CACAC,CAAAA,CACAxB,EAAkC,EAAC,CACvB,CACZ,IAAMa,EAAQ,MAAM,IAAA,CAAK,IAAA,CAAK,cAAA,GACxBY,CAAAA,CAAM,IAAI,GAAA,CAAIF,CAAAA,CAAUC,CAAI,CAAA,CAElC,IAAA,GAAW,CAACE,CAAAA,CAAKC,CAAK,CAAA,GAAK,MAAA,CAAO,OAAA,CAAQ3B,CAAM,EAC9C,GAA2B2B,CAAAA,EAAU,IAAA,CAErC,GAAI,MAAM,OAAA,CAAQA,CAAK,CAAA,CACrB,IAAA,IAAWC,KAAQD,CAAAA,CACjBF,CAAAA,CAAI,YAAA,CAAa,MAAA,CAAOC,EAAK,MAAA,CAAOE,CAAI,CAAC,CAAA,CAAA,KAG3CH,EAAI,YAAA,CAAa,GAAA,CAAIC,CAAAA,CAAK,MAAA,CAAOC,CAAK,CAAC,CAAA,CAI3C,IAAMhD,CAAAA,CAAW,MAAM,KAAA,CAAM8C,CAAAA,CAAI,QAAA,EAAS,CAAG,CAC3C,MAAA,CAAQ,KAAA,CACR,OAAA,CAAS,CACP,aAAA,CAAe,CAAA,OAAA,EAAUZ,CAAK,CAAA,CAAA,CAC9B,OAAQ,kBACV,CACF,CAAC,CAAA,CAED,GAAI,CAAClC,CAAAA,CAAS,EAAA,CAAI,CAChB,IAAIK,CAAAA,CACJ,GAAI,CACFA,CAAAA,CAAO,MAAML,CAAAA,CAAS,IAAA,GACxB,CAAA,KAAQ,CACNK,CAAAA,CAAO,MAAML,CAAAA,CAAS,IAAA,GACxB,CACA,MAAM,IAAIuC,CAAAA,CAAavC,EAAS,MAAA,CAAQA,CAAAA,CAAS,UAAA,CAAYK,CAAI,CACnE,CAEA,OAAOL,CAAAA,CAAS,MAClB,CACF,ECZO,IAAMkD,EAAN,KAAoB,CAIzB,WAAA,CAAYP,CAAAA,CAAmBQ,EAAgC,CAC7D,IAAA,CAAK,MAAA,CAAS,IAAIT,EAAYC,CAAI,CAAA,CAClC,IAAA,CAAK,OAAA,CAAUQ,GAAS,OAAA,EAAW,mCACrC,CAGA,MAAM,YAAY9B,CAAAA,CAAoD,CACpE,OAAO,IAAA,CAAK,OAAO,GAAA,CAAoB,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CACpH,CAGA,MAAM,gBAAgBA,CAAAA,CAA4D,CAChF,OAAO,IAAA,CAAK,OAAO,GAAA,CAAwB,IAAA,CAAK,OAAA,CAAS,mBAAA,CAAqBA,CAA4C,CAC5H,CAGA,MAAM,WAAA,CAAYA,EAAoD,CACpE,OAAO,IAAA,CAAK,MAAA,CAAO,IAAoB,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CACpH,CAGA,MAAM,WAAA,CAAYA,CAAAA,CAAsD,CACtE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAsB,KAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CACtH,CACF,ECrCO,IAAM+B,CAAAA,CAAN,KAA+B,CAIpC,WAAA,CAAYT,CAAAA,CAAmBQ,CAAAA,CAAgC,CAC7D,KAAK,MAAA,CAAS,IAAIT,CAAAA,CAAYC,CAAI,EAClC,IAAA,CAAK,OAAA,CAAUQ,CAAAA,EAAS,OAAA,EAAW,sCACrC,CAGA,MAAM,SAAA,CAAU9B,CAAAA,CAAqD,CACnE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAuB,KAAK,OAAA,CAAS,aAAA,CAAeA,CAA4C,CACrH,CAGA,MAAM,UAAA,CAAWA,CAAAA,CAA4D,CAC3E,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAA6B,KAAK,OAAA,CAAS,cAAA,CAAgBA,CAA4C,CAC5H,CAGA,MAAM,iBAAA,CAAkBA,CAAAA,CAAgE,CACtF,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAA0B,IAAA,CAAK,QAAS,qBAAA,CAAuBA,CAA4C,CAChI,CACF,EChBO,IAAMgC,CAAAA,CAAN,KAA+B,CAIpC,YAAYV,CAAAA,CAAmBQ,CAAAA,CAAgC,CAC7D,IAAA,CAAK,OAAS,IAAIT,CAAAA,CAAYC,CAAI,CAAA,CAClC,KAAK,OAAA,CAAUQ,CAAAA,EAAS,OAAA,EAAW,wDACrC,CAGA,MAAM,SAAA,CAAU9B,CAAAA,CAAuD,CACrE,OAAO,IAAA,CAAK,MAAA,CAAO,GAAA,CAAyB,IAAA,CAAK,QAAS,iBAAA,CAAmBA,CAA4C,CAC3H,CAGA,MAAM,WAAA,CAAYA,CAAAA,CAAmD,CACnE,OAAO,KAAK,MAAA,CAAO,GAAA,CAAmB,IAAA,CAAK,OAAA,CAAS,mBAAoBA,CAA4C,CACtH,CACF,ECjCO,IAAMiC,CAAAA,CAAN,KAA4B,CAIjC,YAAYX,CAAAA,CAAmBQ,CAAAA,CAAgC,CAC7D,IAAA,CAAK,OAAS,IAAIT,CAAAA,CAAYC,CAAI,CAAA,CAClC,KAAK,OAAA,CAAUQ,CAAAA,EAAS,OAAA,EAAW,2CACrC,CAGA,MAAM,eAAA,EAAwC,CAC5C,OAAO,KAAK,MAAA,CAAO,GAAA,CAAiB,IAAA,CAAK,OAAA,CAAS,qBAAsB,EAAE,CAC5E,CAGA,MAAM,QAAA,CAAS9B,CAAAA,CAAqD,CAClE,OAAO,KAAK,MAAA,CAAO,GAAA,CAAwB,IAAA,CAAK,OAAA,CAAS,aAAcA,CAA4C,CACrH,CAGA,MAAM,aAAaA,CAAAA,CAA6D,CAC9E,OAAO,IAAA,CAAK,OAAO,GAAA,CAA4B,IAAA,CAAK,OAAA,CAAS,gBAAA,CAAkBA,CAA4C,CAC7H,CAGA,MAAM,UAAA,CAAWA,EAA0D,CACzE,OAAO,IAAA,CAAK,MAAA,CAAO,IAA2B,IAAA,CAAK,OAAA,CAAS,eAAA,CAAiBA,CAA4C,CAC3H,CACF","file":"index.mjs","sourcesContent":["import type { StoredToken, TokenResponse } from './types';\n\n/** In-memory token storage with expiry awareness. */\nexport class TokenStore {\n  private token: StoredToken | null = null;\n\n  store(response: TokenResponse): void {\n    const expiresAt =\n      response.expires_in != null\n        ? Date.now() + response.expires_in * 1000\n        : null;\n\n    this.token = {\n      accessToken: response.access_token,\n      expiresAt,\n      refreshToken: response.refresh_token ?? null,\n    };\n  }\n\n  getAccessToken(): string | null {\n    return this.token?.accessToken ?? null;\n  }\n\n  getRefreshToken(): string | null {\n    return this.token?.refreshToken ?? null;\n  }\n\n  /**\n   * Returns true if there is no token or the token is within `bufferSeconds`\n   * of expiry. Defaults to a 30-second buffer to allow for clock skew.\n   */\n  isExpired(bufferSeconds = 30): boolean {\n    if (!this.token) return true;\n    if (this.token.expiresAt === null) return false;\n    return Date.now() >= this.token.expiresAt - bufferSeconds * 1000;\n  }\n\n  clear(): void {\n    this.token = null;\n  }\n}\n","import type { ClientCredentialsConfig, TokenResponse } from './types';\n\n/**\n * Fetches a new access token using the OAuth2 Client Credentials flow.\n */\nexport async function fetchClientCredentialsToken(\n  config: ClientCredentialsConfig\n): Promise<TokenResponse> {\n  const body = new URLSearchParams({\n    grant_type: 'client_credentials',\n    client_id: config.clientId,\n    client_secret: config.clientSecret,\n  });\n\n  if (config.scopes && config.scopes.length > 0) {\n    body.set('scope', config.scopes.join(' '));\n  }\n\n  const tokenUrl = config.tokenUrl;\n  if (!tokenUrl) throw new Error('tokenUrl is required for client credentials flow');\n\n  const response = await fetch(tokenUrl, {\n    method: 'POST',\n    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n    body: body.toString(),\n  });\n\n  if (!response.ok) {\n    const text = await response.text().catch(() => '');\n    throw new Error(\n      `Token request failed: ${response.status} ${response.statusText}${text ? ` — ${text}` : ''}`\n    );\n  }\n\n  return response.json() as Promise<TokenResponse>;\n}\n","import type { AuthorizationCodeConfig, TokenResponse } from './types';\n\n// ---------------------------------------------------------------------------\n// PKCE helpers\n// ---------------------------------------------------------------------------\n\n/** Generates a cryptographically random PKCE code verifier (43-128 chars). */\nexport function generateCodeVerifier(): string {\n  const array = new Uint8Array(32);\n  crypto.getRandomValues(array);\n  return base64UrlEncode(array);\n}\n\n/** Derives a PKCE code challenge (S256) from a code verifier. */\nexport async function generateCodeChallenge(verifier: string): Promise<string> {\n  const encoder = new TextEncoder();\n  const data = encoder.encode(verifier);\n  const digest = await crypto.subtle.digest('SHA-256', data);\n  return base64UrlEncode(new Uint8Array(digest));\n}\n\nfunction base64UrlEncode(bytes: Uint8Array): string {\n  const str = String.fromCharCode(...bytes);\n  return btoa(str).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=+$/, '');\n}\n\n// ---------------------------------------------------------------------------\n// Authorization Code flows\n// ---------------------------------------------------------------------------\n\n/**\n * Builds the authorization URL to redirect the user to.\n * Returns the URL and the code verifier (must be stored and passed to exchangeCode).\n */\nexport async function getAuthorizationUrl(\n  config: AuthorizationCodeConfig,\n  state?: string\n): Promise<{ url: string; codeVerifier: string }> {\n  const codeVerifier = generateCodeVerifier();\n  const codeChallenge = await generateCodeChallenge(codeVerifier);\n\n  const params = new URLSearchParams({\n    response_type: 'code',\n    client_id: config.clientId,\n    redirect_uri: config.redirectUri,\n    code_challenge: codeChallenge,\n    code_challenge_method: 'S256',\n  });\n\n  if (config.scopes && config.scopes.length > 0) {\n    params.set('scope', config.scopes.join(' '));\n  }\n\n  if (state) {\n    params.set('state', state);\n  }\n\n  const authUrl = config.authorizationUrl;\n  if (!authUrl) throw new Error('authorizationUrl is required for authorization-code flow');\n\n  return {\n    url: `${authUrl}?${params.toString()}`,\n    codeVerifier,\n  };\n}\n\n/**\n * Exchanges an authorization code for tokens.\n */\nexport async function exchangeCode(\n  config: AuthorizationCodeConfig,\n  code: string,\n  codeVerifier: string\n): Promise<TokenResponse> {\n  const body = new URLSearchParams({\n    grant_type: 'authorization_code',\n    client_id: config.clientId,\n    redirect_uri: config.redirectUri,\n    code,\n    code_verifier: codeVerifier,\n  });\n\n  const tokenUrl = config.tokenUrl;\n  if (!tokenUrl) throw new Error('tokenUrl is required for authorization-code flow');\n  return tokenRequest(tokenUrl, body);\n}\n\n/**\n * Refreshes an access token using a refresh token.\n */\nexport async function refreshAccessToken(\n  config: AuthorizationCodeConfig,\n  refreshToken: string\n): Promise<TokenResponse> {\n  const body = new URLSearchParams({\n    grant_type: 'refresh_token',\n    client_id: config.clientId,\n    refresh_token: refreshToken,\n  });\n\n  const tokenUrl = config.tokenUrl;\n  if (!tokenUrl) throw new Error('tokenUrl is required for authorization-code flow');\n  return tokenRequest(tokenUrl, body);\n}\n\nasync function tokenRequest(\n  tokenUrl: string,\n  body: URLSearchParams\n): Promise<TokenResponse> {\n  const response = await fetch(tokenUrl, {\n    method: 'POST',\n    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n    body: body.toString(),\n  });\n\n  if (!response.ok) {\n    const text = await response.text().catch(() => '');\n    throw new Error(\n      `Token request failed: ${response.status} ${response.statusText}${text ? ` — ${text}` : ''}`\n    );\n  }\n\n  return response.json() as Promise<TokenResponse>;\n}\n","const BCIS_DISCOVERY_URL = 'https://id.bcis.co.uk/.well-known/openid-configuration';\n\nexport interface OidcConfig {\n  token_endpoint: string;\n  authorization_endpoint: string;\n  [key: string]: unknown;\n}\n\n/** Module-level cache keyed by discovery URL */\nconst cache = new Map<string, OidcConfig>();\n\n/**\n * Fetches and caches the OpenID Connect discovery document.\n * Defaults to the BCIS identity provider.\n */\nexport async function fetchOidcConfig(discoveryUrl = BCIS_DISCOVERY_URL): Promise<OidcConfig> {\n  const cached = cache.get(discoveryUrl);\n  if (cached) return cached;\n\n  const response = await fetch(discoveryUrl);\n  if (!response.ok) {\n    throw new Error(\n      `OIDC discovery failed: ${response.status} ${response.statusText} (${discoveryUrl})`\n    );\n  }\n\n  const config = (await response.json()) as OidcConfig;\n\n  if (!config.token_endpoint || !config.authorization_endpoint) {\n    throw new Error(`OIDC discovery document at ${discoveryUrl} is missing required endpoints`);\n  }\n\n  cache.set(discoveryUrl, config);\n  return config;\n}\n","import type { AuthConfig, AuthorizationCodeConfig, ClientCredentialsConfig } from './types';\nimport { TokenStore } from './token-store';\nimport { fetchClientCredentialsToken } from './client-credentials';\nimport {\n  getAuthorizationUrl as buildAuthorizationUrl,\n  exchangeCode,\n  refreshAccessToken,\n} from './authorization-code';\nimport { fetchOidcConfig } from './oidc-discovery';\n\n/**\n * Centralized OAuth2 authentication manager.\n *\n * Supports:\n * - Client Credentials flow (server-to-server, fully automatic)\n * - Authorization Code + PKCE flow (user-facing applications)\n *\n * Endpoint URLs (`tokenUrl`, `authorizationUrl`) are optional — when omitted they are\n * resolved automatically from the BCIS OpenID Connect discovery document at\n * `https://id.bcis.co.uk/.well-known/openid-configuration`.\n *\n * @example Client Credentials (auto-discovered endpoints)\n * ```ts\n * const auth = new AuthManager({\n *   flow: 'client-credentials',\n *   clientId: 'my-id',\n *   clientSecret: 'my-secret',\n * });\n * const token = await auth.getAccessToken();\n * ```\n *\n * @example Authorization Code (auto-discovered endpoints)\n * ```ts\n * const auth = new AuthManager({\n *   flow: 'authorization-code',\n *   clientId: 'my-id',\n *   redirectUri: 'https://myapp.com/callback',\n *   scopes: ['openid', 'profile'],\n * });\n *\n * // Step 1: redirect user\n * const { url, codeVerifier } = await auth.getAuthorizationUrl();\n * // store codeVerifier in session, redirect user to url\n *\n * // Step 2: on callback\n * await auth.handleCallback(code, codeVerifier);\n *\n * // Step 3: use the SDK\n * const token = await auth.getAccessToken();\n * ```\n */\nexport class AuthManager {\n  private readonly store = new TokenStore();\n  /** Pending token fetch promise to prevent concurrent requests */\n  private inflight: Promise<void> | null = null;\n  /** Cached resolved endpoints (populated lazily from OIDC discovery) */\n  private endpoints: { tokenUrl: string; authorizationUrl: string } | null = null;\n\n  constructor(private readonly config: AuthConfig) {}\n\n  /**\n   * Returns a valid access token, fetching or refreshing as needed.\n   * For Client Credentials flow this is fully automatic.\n   * For Authorization Code flow, `handleCallback` must have been called first.\n   */\n  async getAccessToken(): Promise<string> {\n    if (!this.store.isExpired()) {\n      return this.store.getAccessToken()!;\n    }\n\n    if (this.inflight) {\n      await this.inflight;\n      return this.store.getAccessToken()!;\n    }\n\n    this.inflight = this.refresh();\n    try {\n      await this.inflight;\n    } finally {\n      this.inflight = null;\n    }\n\n    const token = this.store.getAccessToken();\n    if (!token) throw new Error('Failed to obtain access token');\n    return token;\n  }\n\n  /**\n   * Authorization Code flow only.\n   * Builds and returns the authorization URL to redirect the user to.\n   * The returned `codeVerifier` must be persisted (e.g. in session storage)\n   * and passed to `handleCallback`.\n   */\n  async getAuthorizationUrl(state?: string): Promise<{ url: string; codeVerifier: string }> {\n    if (this.config.flow !== 'authorization-code') {\n      throw new Error('getAuthorizationUrl is only available for authorization-code flow');\n    }\n    const endpoints = await this.resolveEndpoints();\n    return buildAuthorizationUrl(\n      { ...(this.config as AuthorizationCodeConfig), ...endpoints },\n      state\n    );\n  }\n\n  /**\n   * Authorization Code flow only.\n   * Exchanges the authorization code (from the redirect callback) for tokens\n   * and stores them internally.\n   */\n  async handleCallback(code: string, codeVerifier: string): Promise<void> {\n    if (this.config.flow !== 'authorization-code') {\n      throw new Error('handleCallback is only available for authorization-code flow');\n    }\n    const endpoints = await this.resolveEndpoints();\n    const tokenResponse = await exchangeCode(\n      { ...(this.config as AuthorizationCodeConfig), ...endpoints },\n      code,\n      codeVerifier\n    );\n    this.store.store(tokenResponse);\n  }\n\n  /** Clears all stored tokens. */\n  clearTokens(): void {\n    this.store.clear();\n  }\n\n  /**\n   * Resolves `tokenUrl` and `authorizationUrl`, fetching the OIDC discovery document\n   * if either URL is absent from the config. Result is cached after the first call.\n   */\n  private async resolveEndpoints(): Promise<{ tokenUrl: string; authorizationUrl: string }> {\n    if (this.endpoints) return this.endpoints;\n\n    const cfg = this.config as {\n      tokenUrl?: string;\n      authorizationUrl?: string;\n      discoveryUrl?: string;\n    };\n\n    const needsDiscovery =\n      !cfg.tokenUrl ||\n      (this.config.flow === 'authorization-code' && !cfg.authorizationUrl);\n\n    if (needsDiscovery) {\n      const oidc = await fetchOidcConfig(cfg.discoveryUrl);\n      this.endpoints = {\n        tokenUrl: cfg.tokenUrl ?? oidc.token_endpoint,\n        authorizationUrl: cfg.authorizationUrl ?? oidc.authorization_endpoint,\n      };\n    } else {\n      this.endpoints = {\n        tokenUrl: cfg.tokenUrl!,\n        authorizationUrl: cfg.authorizationUrl ?? '',\n      };\n    }\n\n    return this.endpoints;\n  }\n\n  private async refresh(): Promise<void> {\n    const endpoints = await this.resolveEndpoints();\n\n    if (this.config.flow === 'client-credentials') {\n      const tokenResponse = await fetchClientCredentialsToken({\n        ...(this.config as ClientCredentialsConfig),\n        tokenUrl: endpoints.tokenUrl,\n      });\n      this.store.store(tokenResponse);\n      return;\n    }\n\n    // Authorization Code flow: try refresh token first, else throw\n    const refreshToken = this.store.getRefreshToken();\n    if (refreshToken) {\n      const tokenResponse = await refreshAccessToken(\n        { ...(this.config as AuthorizationCodeConfig), ...endpoints },\n        refreshToken\n      );\n      this.store.store(tokenResponse);\n      return;\n    }\n\n    throw new Error(\n      'No valid token available. Call getAuthorizationUrl() and handleCallback() first.'\n    );\n  }\n}\n","import type { AuthManager } from '../auth/auth-manager';\n\n/** Thrown when an API response is not 2xx. */\nexport class BcisApiError extends Error {\n  constructor(\n    public readonly status: number,\n    public readonly statusText: string,\n    public readonly body: unknown\n  ) {\n    super(`BCIS API error ${status} ${statusText}`);\n    this.name = 'BcisApiError';\n  }\n}\n\n/**\n * Thin fetch wrapper that:\n * - Injects the Authorization: Bearer header from AuthManager\n * - Serialises query parameters (including arrays as repeated params)\n * - Throws BcisApiError on non-2xx responses\n */\nexport class FetchClient {\n  constructor(private readonly auth: AuthManager) {}\n\n  async get<T>(\n    baseUrl: string,\n    path: string,\n    params: Record<string, unknown> = {}\n  ): Promise<T> {\n    const token = await this.auth.getAccessToken();\n    const url = new URL(baseUrl + path);\n\n    for (const [key, value] of Object.entries(params)) {\n      if (value === undefined || value === null) continue;\n\n      if (Array.isArray(value)) {\n        for (const item of value) {\n          url.searchParams.append(key, String(item));\n        }\n      } else {\n        url.searchParams.set(key, String(value));\n      }\n    }\n\n    const response = await fetch(url.toString(), {\n      method: 'GET',\n      headers: {\n        Authorization: `Bearer ${token}`,\n        Accept: 'application/json',\n      },\n    });\n\n    if (!response.ok) {\n      let body: unknown;\n      try {\n        body = await response.json();\n      } catch {\n        body = await response.text();\n      }\n      throw new BcisApiError(response.status, response.statusText, body);\n    }\n\n    return response.json() as Promise<T>;\n  }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { AbpResponseDto, IndicesResponseDto, TpsResponseDto, CodesResponseDto } from '../types/core-api.types';\n\n// --- Parameter interfaces ---\n\nexport interface AbpRetrieveParams {\n  /** When true, returns additional data for graph plotting. Default false. */\n  'include-data-for-graph'?: boolean;\n  /** When true, includes sub-divided categories (e.g., size bands) in results. Default false. */\n  'include-subclasses'?: boolean;\n  /** A comma-separated list of building function codes used to filter study results. [See the Codes Update API](/docs/bcis-grace-svc-core-apis/1a5fdc770c00d-codes-update). */\n  'building-function': string[];\n  /** A list of type of work codes to filter the results by, the example contains all valid codes. */\n  'type-of-work': string[];\n  /** A six-character code identifying the BCIS study */\n  'abp-study': 'ABPBUI' | 'ABPFUN' | 'ABPGRP' | 'ABPEM2' | 'ABPEUR' | 'ABPEXT';\n}\n\nexport interface IndicesRetrieveParams {\n  /** Restricts the index series by year e.g. `1985` or description `1985 mean = 100`. Ignored if a series number is provided. Descriptions must match text exactly, case-insensitive but including spaces. */\n  'base-of-series'?: string;\n  /** Restricts index series by `regularity` (`monthly`, `quarterly`, `annual`). Ignored if a series number is used. Defaults to `quarterly`, then `monthly`, then `annual`. */\n  regularity?: string[];\n  /** Restricts index figures up to a specific month `yyyy-mm`, or leave blank for latest available. */\n  'end-date'?: string;\n  /** Restricts index figures to a specific month `yyyy-mm`, or leave blank for earliest available. */\n  'start-date'?: string;\n  /** Comma-delimited list of short names (e.g. `BCISTPI:AllIn`) or series numbers. [See the Codes Update API](/docs/bcis-grace-svc-core-apis/1a5fdc770c00d-codes-update). */\n  'series-identification': string[];\n}\n\nexport interface TpsRetrieveParams {\n  /** Supports suffixes to filter or refine the study data:    - Level Filters:       - `:region`, `:county`, `:district`       - Example: `location2000:region` (regional indices), `location2000:county,district` (county and district indices)    - Postcode Filter:       - `:postcode:<POSTCODE>` (no spaces)       - Example: `location2000:postcode:SW1P3AD`       - Cannot be combined with level filters.    - Effective Date Filter:       - `:EffectiveDate:<YYYYQn>`       - Example: `location2000:EffectiveDate:2015Q2`       - Can be combined with postcode or level filters.    - Outcode List:       - `:outcode`       - Example: `location2000:outcode`       - Not supported for 1980 boundaries or with EffectiveDate.   `short-tps-name` is not case sensitive.    For available studies, use the `codesUpdate` web service with `codeType=shortTPSName`. */\n  'short-tps-name': string;\n}\n\nexport interface CodesUpdateParams {\n  /** A date in `yyyy-mm-dd` format. Returns only codes added or modified since this date. Not supported for all code types. Leave blank to return all codes. */\n  'if-changed-since'?: string;\n  /** A version string to select relevant code tables. */\n  version?: string;\n  /**    A string to select the code list required. The supported values are:    - `seriesIdentification`: All regularity names (for `/indices-retrieve`)   - `shortTPSName`: Tender Price Studies - short names (for `/tps-retrieve`)   - `ABPStudy`: Average building prices study codes (for `/abp-retrieve`)   - `BuildingFunction`: List of building function codes (for `/abp-retrieve`, and `/analyses-search`)  - `BuildingFunction:Categories`: List of building function categories   - `BuildingFunction:[1-9]`: List of building function codes for the category specified after the colon   - `BuildingFunction:Duration`: List of building function codes for duration calculator (for `Duration Model Calculate Api`)   - `BuildingFunction:Duration:Categories`: List of building function categories for duration calculator (for `Duration Model Calculate Api`)   - `BuildingFunction:Duration:[1-9]`: List of building function codes for duration calculator for category specified after the colon (for `Duration Model Calculate Api`)   - `BuildingFunction:ABP`: List of building function codes for average building prices study where results are available to the user (for `/abp-retrieve`)   - `SimplifiedTypeOfWork`: List of shorter type of work codes (for `/abp-retrieve`)    The list of supported code types may be extended in the future. */\n  'code-type': 'shortTPSName' | 'ABPStudy' | 'BuildingFunction' | 'BuildingFunction:Categories' | 'BuildingFunction:[1-9]' | 'BuildingFunction:Duration' | 'BuildingFunction:Duration:Categories' | 'BuildingFunction:Duration:[1-9]' | 'BuildingFunction:ABP' | 'SimplifiedTypeOfWork';\n}\n\n// --- Client ---\n\nexport class CoreApiClient {\n  private readonly client: FetchClient;\n  private readonly baseUrl: string;\n\n  constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n    this.client = new FetchClient(auth);\n    this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/core-apis';\n  }\n\n  /** abp-retrieve */\n  async abpRetrieve(params: AbpRetrieveParams): Promise<AbpResponseDto> {\n    return this.client.get<AbpResponseDto>(this.baseUrl, '/abp-retrieve', params as unknown as Record<string, unknown>);\n  }\n\n  /** indices-retrieve */\n  async indicesRetrieve(params: IndicesRetrieveParams): Promise<IndicesResponseDto> {\n    return this.client.get<IndicesResponseDto>(this.baseUrl, '/indices-retrieve', params as unknown as Record<string, unknown>);\n  }\n\n  /** tps-retrieve */\n  async tpsRetrieve(params: TpsRetrieveParams): Promise<TpsResponseDto> {\n    return this.client.get<TpsResponseDto>(this.baseUrl, '/tps-retrieve', params as unknown as Record<string, unknown>);\n  }\n\n  /** codes-update */\n  async codesUpdate(params: CodesUpdateParams): Promise<CodesResponseDto> {\n    return this.client.get<CodesResponseDto>(this.baseUrl, '/codes-update', params as unknown as Record<string, unknown>);\n  }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { DurationModelsDto, DurationModelOptionsDto, CalculationResultDto } from '../types/duration-calculator.types';\n\n// --- Parameter interfaces ---\n\nexport interface GetModelsParams {\n  /** The date of the publication in YYYY-MM-DD format. Can be used to reproduce a calculation as it would have been performed at the given date. */\n  'publication-date'?: string;\n}\n\nexport interface GetOptionsParams {\n  /** There are two separate models that underlie the calculator: one for new build projects and one for refurbishment schemes. */\n  'model-id': number;\n}\n\nexport interface CalculateDurationParams {\n  /** The date on which the project details are published. Can be used to reproduce a calculation as it would have been performed at the given date. */\n  'publication-date'?: string;\n  /** The appropriate sector for the client organisation */\n  'organisation-id': number;\n  /** The selection of contractor that best describes the way in which the contractor will be selected. */\n  'contractor-selection-id': number;\n  /** The procurement process that best describes the way in which the project will be procured. */\n  'procurement-id': number;\n  /** The building function of the project. It is based on groups of building functions rather than the full list of building function codes used elsewhere in BCIS. */\n  'function-group-id': number;\n  /** The location of the project. Is used to adjust the contract value to UK mean location. */\n  'location-id': number;\n  /** The quarter at which the contract value has been priced. Is used to adjust the contract value to the base price level used by the models */\n  'date-applicable': string;\n  /** The anticipated cost of construction expressed as at the anticipated start on site. */\n  'contract-value': number;\n  /** There are two separate models that underlie the calculator: one for new build projects and one for refurbishment schemes. */\n  'model-id': number;\n}\n\n// --- Client ---\n\nexport class DurationCalculatorClient {\n  private readonly client: FetchClient;\n  private readonly baseUrl: string;\n\n  constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n    this.client = new FetchClient(auth);\n    this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/rebuild-core';\n  }\n\n  /** Retrieve the list of models, quarters, and locations available for duration calculations */\n  async getModels(params: GetModelsParams): Promise<DurationModelsDto> {\n    return this.client.get<DurationModelsDto>(this.baseUrl, '/get-models', params as unknown as Record<string, unknown>);\n  }\n\n  /** Retrieve a list of options for the duration-calculation parameters */\n  async getOptions(params: GetOptionsParams): Promise<DurationModelOptionsDto> {\n    return this.client.get<DurationModelOptionsDto>(this.baseUrl, '/get-options', params as unknown as Record<string, unknown>);\n  }\n\n  /** Retrieve the calculated construction duration */\n  async calculateDuration(params: CalculateDurationParams): Promise<CalculationResultDto> {\n    return this.client.get<CalculationResultDto>(this.baseUrl, '/calculate-duration', params as unknown as Record<string, unknown>);\n  }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { CalculationResponse, UsageResponse } from '../types/residential-rebuild.types';\n\n// --- Parameter interfaces ---\n\nexport interface CalculateParams {\n  /** Postcode of the property */\n  postCode: string;\n  /** Type of the property */\n  type: string;\n  /** Number of storeys in the property */\n  storeys: string;\n  /** Style of the property: detached, terraced, etc */\n  style: string;\n  /** Type of the walls of the property */\n  wallType: string;\n  /** Type of the roof of the property */\n  roofType?: string;\n  /** Year the property was built */\n  yearBuilt: number;\n  /** Number of flats */\n  noOfFlats?: number;\n  /** Area of the property in sq.m. */\n  area?: number;\n  /** Number of rooms in the property */\n  noOfRooms?: number;\n  /** Number of bedrooms in the property */\n  noOfBedrooms?: number;\n  /** Number of garage spaces in the property */\n  noOfGarageSpaces?: number;\n  /** Number of bathrooms in the property */\n  noOfBathrooms?: number;\n  /** Special features of the property, Must be blank, or a comma delimited list containing one or more of 'cellar' or 'noexternals' */\n  specialFeatures?: string;\n}\n\nexport interface ReportUsageParams {\n  /** First month of the usage report */\n  startMonth?: string;\n  /** Last month of the usage report */\n  endMonth?: string;\n}\n\n// --- Client ---\n\nexport class ResidentialRebuildClient {\n  private readonly client: FetchClient;\n  private readonly baseUrl: string;\n\n  constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n    this.client = new FetchClient(auth);\n    this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/residential-rebuild-calculator';\n  }\n\n  /** rbls-calculate */\n  async calculate(params: CalculateParams): Promise<CalculationResponse> {\n    return this.client.get<CalculationResponse>(this.baseUrl, '/rbls-calculate', params as unknown as Record<string, unknown>);\n  }\n\n  /** rbls-report-use */\n  async reportUsage(params: ReportUsageParams): Promise<UsageResponse> {\n    return this.client.get<UsageResponse>(this.baseUrl, '/rbls-report-use', params as unknown as Record<string, unknown>);\n  }\n}\n","// This file is auto-generated. Do not edit manually.\n// Re-run `npm run generate` to regenerate.\n\nimport { FetchClient } from '../http/fetch-client';\nimport type { AuthManager } from '../auth/auth-manager';\nimport type { EditionsDto, GetRateResponseDto, GetResourceResponseDto, GetBuildUpResponseDto } from '../types/schedule-of-rates.types';\n\n// --- Parameter interfaces ---\n\nexport interface GetRatesParams {\n  /** node id, returned data are for the selected node */\n  'selected-node-id'?: string;\n  /** filter term, returned nodes contain the text somewhere in that branch */\n  'filter-text'?: string;\n  /** id obtained from get-books-edition */\n  'edition-id': string;\n}\n\nexport interface GetResourcesParams {\n  /** node id, returned data are for the selected node */\n  'selected-node-id'?: string;\n  /** filter term, returned nodes contain the text somewhere in that branch */\n  'filter-text'?: string;\n  /** id obtained from get-books-edition */\n  'edition-id': string;\n}\n\nexport interface GetBuildUpParams {\n  /** Id as returned from GetRates or GetResources */\n  'entity-id': string;\n}\n\n// --- Client ---\n\nexport class ScheduleOfRatesClient {\n  private readonly client: FetchClient;\n  private readonly baseUrl: string;\n\n  constructor(auth: AuthManager, options?: { baseUrl?: string }) {\n    this.client = new FetchClient(auth);\n    this.baseUrl = options?.baseUrl ?? 'https://api.bcis.co.uk/schedule-of-rates';\n  }\n\n  /** Lists books and editions available to user */\n  async getBooksEdition(): Promise<EditionsDto> {\n    return this.client.get<EditionsDto>(this.baseUrl, '/get-books-edition', {});\n  }\n\n  /** Lists matching rates */\n  async getRates(params: GetRatesParams): Promise<GetRateResponseDto> {\n    return this.client.get<GetRateResponseDto>(this.baseUrl, '/get-rates', params as unknown as Record<string, unknown>);\n  }\n\n  /** Lists matching resources */\n  async getResources(params: GetResourcesParams): Promise<GetResourceResponseDto> {\n    return this.client.get<GetResourceResponseDto>(this.baseUrl, '/get-resources', params as unknown as Record<string, unknown>);\n  }\n\n  /** Lists components of a rate or buildUp */\n  async getBuildUp(params: GetBuildUpParams): Promise<GetBuildUpResponseDto> {\n    return this.client.get<GetBuildUpResponseDto>(this.baseUrl, '/get-build-up', params as unknown as Record<string, unknown>);\n  }\n}\n"]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bcis/sdk",
-  "version": "0.1.3",
+  "version": "0.2.0",
   "description": "Type-safe TypeScript SDK for BCIS APIs",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -17,7 +17,7 @@
       }
     }
   },
-  "files": ["dist"],
+  "files": ["dist", "LICENSE"],
   "scripts": {
     "build": "tsup",
     "typecheck": "tsc --noEmit",
@@ -25,7 +25,7 @@
     "test:watch": "vitest"
   },
   "keywords": ["bcis", "construction", "cost", "sdk", "typescript"],
-  "license": "Unlicensed",
+  "license": "Apache-2.0",
   "publishConfig": {
     "registry": "https://registry.npmjs.org/",
     "access": "public"