@corsa-labs/sdk 3.9.1 → 3.11.0

package/README.md

@@ -48,7 +48,7 @@ import { ComplianceClient, OpenAPI } from '@corsa-labs/sdk';
 // OpenAPI.TOKEN = 'YOUR_API_KEY'; // Deprecated: Use HEADERS instead
 
 // Configure the base URL
-OpenAPI.BASE = 'https://api-compliance.prod.paytweed.com'; 
+OpenAPI.BASE = 'https://api.corsa.finance'; 
 
 // Configure Headers for Authentication (Recommended)
 OpenAPI.HEADERS = {
@@ -59,7 +59,7 @@ const client = new ComplianceClient();
 
 // Or configure directly in the constructor
 const clientWithConfig = new ComplianceClient({
-    BASE: "https://api-compliance.prod.paytweed.com",
+    BASE: "https://api.corsa.finance",
     HEADERS: {
         "Authorization": `Bearer ${process.env.API_TOKEN}`
     }
@@ -85,7 +85,7 @@ import { v4 as uuidv4 } from 'uuid';
 
 async function main() {
     const client = new ComplianceClient({
-        BASE: "https://api-compliance.prod.paytweed.com",
+        BASE: "https://api.corsa.finance",
         HEADERS: {
             "Authorization": `Bearer ${process.env.API_TOKEN}` // Use Authorization header
         }
@@ -194,9 +194,9 @@ The SDK provides utilities for handling webhooks sent from the Compliance API.
 When receiving webhooks, inspect the following HTTP headers:
 
 *   `x-hub-signature-256`: The HMAC SHA256 signature of the request payload. Used for verifying the webhook's authenticity. (See Verifying Signatures below).
-*   `x-tweed-event`: The type of event that triggered the webhook (e.g., `individual_client.created`).
-*   `x-tweed-hook-id`: The unique identifier of the webhook configuration that sent this request.
-*   `x-tweed-delivery`: A unique identifier for this specific delivery attempt.
+*   `x-hook-event`: The type of event that triggered the webhook (e.g., `individual_client.created`).
+*   `x-hook-id`: The unique identifier of the webhook configuration that sent this request.
+*   `x-hook-delivery`: A unique identifier for this specific delivery attempt.
 
 ### Verifying Signatures
 
@@ -279,4 +279,4 @@ Contributions are welcome! Please follow standard practices for pull requests.
 
 ## License
 
-[MIT](LICENSE)
+[MIT](LICENSE)

package/dist/core/EncryptedFetchHttpRequest.d.ts

@@ -0,0 +1,19 @@
+import type { ApiRequestOptions } from "./ApiRequestOptions";
+import { CancelablePromise } from "./CancelablePromise";
+import type { EncryptionMiddleware } from "./EncryptionMiddleware";
+import { FetchHttpRequest } from "./FetchHttpRequest";
+import type { OpenAPIConfig } from "./OpenAPI";
+/**
+ * HTTP Request class with field-level encryption support
+ */
+export declare class EncryptedFetchHttpRequest extends FetchHttpRequest {
+    private encryptionMiddleware?;
+    constructor(config: OpenAPIConfig, encryptionMiddleware?: EncryptionMiddleware);
+    /**
+     * Request method with encryption middleware
+     * @param options The request options from the service
+     * @returns CancelablePromise<T>
+     * @throws ApiError
+     */
+    request<T>(options: ApiRequestOptions): CancelablePromise<T>;
+}

package/dist/core/EncryptedFetchHttpRequest.js

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EncryptedFetchHttpRequest = void 0;
+const CancelablePromise_1 = require("./CancelablePromise");
+const FetchHttpRequest_1 = require("./FetchHttpRequest");
+const request_1 = require("./request");
+/**
+ * HTTP Request class with field-level encryption support
+ */
+class EncryptedFetchHttpRequest extends FetchHttpRequest_1.FetchHttpRequest {
+    encryptionMiddleware;
+    constructor(config, encryptionMiddleware) {
+        super(config);
+        this.encryptionMiddleware = encryptionMiddleware;
+    }
+    /**
+     * Request method with encryption middleware
+     * @param options The request options from the service
+     * @returns CancelablePromise<T>
+     * @throws ApiError
+     */
+    request(options) {
+        // If no middleware is configured, use the default request implementation
+        if (!this.encryptionMiddleware) {
+            return super.request(options);
+        }
+        // With middleware, process the request through it first
+        const middleware = this.encryptionMiddleware;
+        return new CancelablePromise_1.CancelablePromise(async (resolve, reject, onCancel) => {
+            try {
+                // Apply encryption middleware
+                const processedOptions = await middleware.processRequest(options);
+                // Call the parent request implementation with processed options
+                const promise = (0, request_1.request)(this.config, processedOptions);
+                // Handle cancellation
+                onCancel(() => promise.cancel());
+                // Resolve or reject the promise
+                const result = await promise;
+                resolve(result);
+            }
+            catch (error) {
+                reject(error);
+            }
+        });
+    }
+}
+exports.EncryptedFetchHttpRequest = EncryptedFetchHttpRequest;
+//# sourceMappingURL=EncryptedFetchHttpRequest.js.map

package/dist/core/EncryptedFetchHttpRequest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"EncryptedFetchHttpRequest.js","sourceRoot":"","sources":["../../core/EncryptedFetchHttpRequest.ts"],"names":[],"mappings":";;;AACA,2DAAwD;AAExD,yDAAsD;AAEtD,uCAAiD;AAEjD;;GAEG;AACH,MAAa,yBAA0B,SAAQ,mCAAgB;IACrD,oBAAoB,CAAwB;IAEpD,YACE,MAAqB,EACrB,oBAA2C;QAE3C,KAAK,CAAC,MAAM,CAAC,CAAC;QACd,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,CAAC;IACnD,CAAC;IAED;;;;;OAKG;IACa,OAAO,CAAI,OAA0B;QACnD,yEAAyE;QACzE,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC/B,OAAO,KAAK,CAAC,OAAO,CAAI,OAAO,CAAC,CAAC;QACnC,CAAC;QAED,wDAAwD;QACxD,MAAM,UAAU,GAAG,IAAI,CAAC,oBAAoB,CAAC;QAE7C,OAAO,IAAI,qCAAiB,CAAI,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE;YAClE,IAAI,CAAC;gBACH,8BAA8B;gBAC9B,MAAM,gBAAgB,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;gBAElE,gEAAgE;gBAChE,MAAM,OAAO,GAAG,IAAA,iBAAS,EAAI,IAAI,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;gBAE5D,sBAAsB;gBACtB,QAAQ,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;gBAEjC,gCAAgC;gBAChC,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC;gBAC7B,OAAO,CAAC,MAAM,CAAC,CAAC;YAClB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,CAAC;YAChB,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AA7CD,8DA6CC"}

package/dist/core/EncryptionMiddleware.d.ts

@@ -0,0 +1,46 @@
+import { EncryptedFieldSchema } from "@corsa-labs/encryption-node";
+import type { ApiRequestOptions } from "./ApiRequestOptions";
+/**
+ * Interface for the encryption service that will handle actual encryption
+ */
+export interface EncryptionService {
+    /**
+     * Encrypts a string value
+     * @param value Value to encrypt
+     * @returns Encrypted value
+     */
+    encrypt(value: string): Promise<string>;
+    /**
+     * Decrypts a string value
+     * @param value Value to decrypt
+     * @returns Decrypted value
+     */
+    decrypt(value: string): Promise<string>;
+}
+/**
+ * Class that handles field-level encryption based on a unified schema
+ */
+export declare class EncryptionMiddleware {
+    private schema;
+    private encryptionService;
+    private salt?;
+    /**
+     * Create a new encryption middleware
+     * @param schema Unified field encryption schema
+     * @param encryptionService Service that handles actual encryption
+     * @param salt Optional salt for hash generation
+     */
+    constructor(schema: EncryptedFieldSchema, encryptionService: EncryptionService, salt?: string);
+    /**
+     * Process an API request, encrypting fields as specified in the schema
+     * @param options API request options
+     * @returns Modified API request options with encrypted fields
+     */
+    processRequest(options: ApiRequestOptions): Promise<ApiRequestOptions>;
+    /**
+     * Extract an operation identifier from the request options
+     * @param options API request options
+     * @returns Operation identifier (usually the URL path)
+     */
+    private getOperationIdentifier;
+}

package/dist/core/EncryptionMiddleware.js

@@ -0,0 +1,68 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EncryptionMiddleware = void 0;
+/* istanbul ignore file */
+/* tslint:disable */
+/* eslint-disable */
+const encryption_node_1 = require("@corsa-labs/encryption-node");
+/**
+ * Class that handles field-level encryption based on a unified schema
+ */
+class EncryptionMiddleware {
+    schema;
+    encryptionService;
+    salt;
+    /**
+     * Create a new encryption middleware
+     * @param schema Unified field encryption schema
+     * @param encryptionService Service that handles actual encryption
+     * @param salt Optional salt for hash generation
+     */
+    constructor(schema, encryptionService, salt) {
+        this.schema = schema;
+        this.encryptionService = encryptionService;
+        this.salt = salt;
+    }
+    /**
+     * Process an API request, encrypting fields as specified in the schema
+     * @param options API request options
+     * @returns Modified API request options with encrypted fields
+     */
+    async processRequest(options) {
+        // Only process POST and PUT requests that may contain a body
+        if (options.body &&
+            (options.method === "POST" || options.method === "PUT")) {
+            const operationPath = this.getOperationIdentifier(options);
+            const cryptoOps = new encryption_node_1.NodeCryptoOps();
+            const processor = new encryption_node_1.EncryptedFieldProcessor(cryptoOps);
+            const result = await processor.processFields(options.body, this.schema, {
+                operation: encryption_node_1.FieldOperation.ENCRYPT,
+                encryptionService: this.encryptionService,
+                operationPath,
+                salt: this.salt,
+            });
+            if (!result.success) {
+                throw new Error(`Field encryption failed: ${result.errors
+                    ?.map((e) => `${e.path}: ${e.message}`)
+                    .join(", ")}`);
+            }
+            return {
+                ...options,
+                body: result.data,
+            };
+        }
+        return options;
+    }
+    /**
+     * Extract an operation identifier from the request options
+     * @param options API request options
+     * @returns Operation identifier (usually the URL path)
+     */
+    getOperationIdentifier(options) {
+        // We'll use the URL as the operation identifier
+        // This could be expanded to include the HTTP method if needed
+        return options.url || null;
+    }
+}
+exports.EncryptionMiddleware = EncryptionMiddleware;
+//# sourceMappingURL=EncryptionMiddleware.js.map

package/dist/core/EncryptionMiddleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"EncryptionMiddleware.js","sourceRoot":"","sources":["../../core/EncryptionMiddleware.ts"],"names":[],"mappings":";;;AAAA,0BAA0B;AAC1B,oBAAoB;AACpB,oBAAoB;AACpB,iEAKqC;AAsBrC;;GAEG;AACH,MAAa,oBAAoB;IACvB,MAAM,CAAuB;IAC7B,iBAAiB,CAAoB;IACrC,IAAI,CAAU;IAEtB;;;;;OAKG;IACH,YACE,MAA4B,EAC5B,iBAAoC,EACpC,IAAa;QAEb,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;QAC3C,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED;;;;OAIG;IACI,KAAK,CAAC,cAAc,CACzB,OAA0B;QAE1B,6DAA6D;QAC7D,IACE,OAAO,CAAC,IAAI;YACZ,CAAC,OAAO,CAAC,MAAM,KAAK,MAAM,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,CAAC,EACvD,CAAC;YACD,MAAM,aAAa,GAAG,IAAI,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;YAC3D,MAAM,SAAS,GAAG,IAAI,+BAAa,EAAE,CAAC;YACtC,MAAM,SAAS,GAAG,IAAI,yCAAuB,CAAC,SAAS,CAAC,CAAC;YACzD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,EAAE;gBACtE,SAAS,EAAE,gCAAc,CAAC,OAAO;gBACjC,iBAAiB,EAAE,IAAI,CAAC,iBAAiB;gBACzC,aAAa;gBACb,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,MAAM,IAAI,KAAK,CACb,4BAA4B,MAAM,CAAC,MAAM;oBACvC,EAAE,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;qBACtC,IAAI,CAAC,IAAI,CAAC,EAAE,CAChB,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,GAAG,OAAO;gBACV,IAAI,EAAE,MAAM,CAAC,IAAI;aAClB,CAAC;QACJ,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACK,sBAAsB,CAAC,OAA0B;QACvD,gDAAgD;QAChD,8DAA8D;QAC9D,OAAO,OAAO,CAAC,GAAG,IAAI,IAAI,CAAC;IAC7B,CAAC;CACF;AAvED,oDAuEC"}

package/dist/extensions/EncryptedComplianceClient.d.ts

@@ -0,0 +1,90 @@
+import { ComplianceClient } from "../ComplianceClient";
+import { EncryptionMiddleware } from "../core/EncryptionMiddleware";
+import { FetchHttpRequest } from "../core/FetchHttpRequest";
+import type { OpenAPIConfig } from "../core/OpenAPI";
+import { EncryptedFieldSchema } from "@corsa-labs/encryption-node";
+/**
+ * Configuration for encrypted data encryption setup
+ */
+export interface EncryptedClientConfig {
+    /** Base URL for the compliance API */
+    baseUrl: string;
+    /** API key for authentication */
+    apiKey: string;
+    /** Optional: Custom encryption service URL (defaults to production) */
+    encryptionServiceUrl?: string;
+    /** Optional: Platform ID for encryption (defaults to 'corsa') */
+    platformId?: string;
+    /** Optional: API secret for encryption service auth */
+    apiSecret?: string;
+    /** Optional: Pass the compliance API authorization header to encryption service requests */
+    passAuthToEncryption?: boolean;
+}
+/**
+ * Compliance client with field-level encryption capabilities
+ *
+ * This client automatically encrypts fields (like emails, phone numbers,
+ * personal IDs, etc.) before sending data to the API, based on a configurable mapping.
+ *
+ * The encryption is handled transparently - the client interface remains the same,
+ * but specified fields are encrypted using the built-in encryption system.
+ */
+export declare class EncryptedComplianceClient extends ComplianceClient {
+    /**
+     * Create a compliance client with field-level encryption
+     *
+     * @param config Client configuration including API credentials and encryption settings
+     * @param schema Unified field encryption schema
+     * @returns ComplianceClient instance with field encryption enabled
+     *
+     * @example
+     * ```typescript
+     * import { EncryptedComplianceClient } from '@corsa-labs/compliance-sdk';
+     *
+     * // Configure which fields to encrypt using unified schema
+     * const encryptionSchema = {
+     *   fields: {
+     *     emailAddress: { type: 'string', encrypt: true, validate: true },
+     *     phoneNumber: { type: 'string', encrypt: true },
+     *     personalId: { type: 'string', encrypt: true, generateHash: true }
+     *   },
+     *   operations: {
+     *     '/v1/clients/individuals': {
+     *       'contact': ['emailAddress', 'phoneNumber'],
+     *       'general': ['personalId']
+     *     }
+     *   }
+     * };
+     *
+     * // Create client with field encryption - encryption manager is created automatically
+     * const client = EncryptedComplianceClient.withEncryptedFields({
+     *   baseUrl: 'https://api-compliance.corsa.finance',
+     *   apiKey: 'your-api-key',
+     *   apiSecret: 'your-encryption-api-secret', // Required for encryption service
+     *   passAuthToEncryption: true // Optional: pass the API key as Authorization header to encryption service
+     * }, encryptionSchema);
+     *
+     * // Use normally - specified fields will be automatically encrypted
+     * const individual = await client.clients.createIndividualClient({
+     *   referenceId: 'ref-123',
+     *   contact: {
+     *     emailAddress: 'user@example.com', // Automatically encrypted
+     *     phoneNumber: '+1234567890',       // Automatically encrypted
+     *   },
+     *   general: {
+     *     firstName: 'John',
+     *     lastName: 'Doe',
+     *     personalId: '123-45-6789',        // Automatically encrypted
+     *   }
+     * });
+     * ```
+     */
+    static withEncryptedFields(config: EncryptedClientConfig, schema: EncryptedFieldSchema): EncryptedComplianceClient;
+    /**
+     * Constructor for EncryptedComplianceClient
+     *
+     * Note: In most cases, you should use the static `withEncryptedFields()` method instead
+     * of calling this constructor directly.
+     */
+    constructor(config?: Partial<OpenAPIConfig>, HttpRequestConstructor?: typeof FetchHttpRequest, encryptionMiddleware?: EncryptionMiddleware);
+}

package/dist/extensions/EncryptedComplianceClient.js

@@ -0,0 +1,146 @@
+"use strict";
+/* istanbul ignore file */
+/* tslint:disable */
+/* eslint-disable */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EncryptedComplianceClient = void 0;
+const ComplianceClient_1 = require("../ComplianceClient");
+const EncryptedFetchHttpRequest_1 = require("../core/EncryptedFetchHttpRequest");
+const EncryptionMiddleware_1 = require("../core/EncryptionMiddleware");
+const FetchHttpRequest_1 = require("../core/FetchHttpRequest");
+const EncryptedFieldAdapter_1 = require("./EncryptedFieldAdapter");
+const encryption_node_1 = require("@corsa-labs/encryption-node");
+/**
+ * Compliance client with field-level encryption capabilities
+ *
+ * This client automatically encrypts fields (like emails, phone numbers,
+ * personal IDs, etc.) before sending data to the API, based on a configurable mapping.
+ *
+ * The encryption is handled transparently - the client interface remains the same,
+ * but specified fields are encrypted using the built-in encryption system.
+ */
+class EncryptedComplianceClient extends ComplianceClient_1.ComplianceClient {
+    /**
+     * Create a compliance client with field-level encryption
+     *
+     * @param config Client configuration including API credentials and encryption settings
+     * @param schema Unified field encryption schema
+     * @returns ComplianceClient instance with field encryption enabled
+     *
+     * @example
+     * ```typescript
+     * import { EncryptedComplianceClient } from '@corsa-labs/compliance-sdk';
+     *
+     * // Configure which fields to encrypt using unified schema
+     * const encryptionSchema = {
+     *   fields: {
+     *     emailAddress: { type: 'string', encrypt: true, validate: true },
+     *     phoneNumber: { type: 'string', encrypt: true },
+     *     personalId: { type: 'string', encrypt: true, generateHash: true }
+     *   },
+     *   operations: {
+     *     '/v1/clients/individuals': {
+     *       'contact': ['emailAddress', 'phoneNumber'],
+     *       'general': ['personalId']
+     *     }
+     *   }
+     * };
+     *
+     * // Create client with field encryption - encryption manager is created automatically
+     * const client = EncryptedComplianceClient.withEncryptedFields({
+     *   baseUrl: 'https://api-compliance.corsa.finance',
+     *   apiKey: 'your-api-key',
+     *   apiSecret: 'your-encryption-api-secret', // Required for encryption service
+     *   passAuthToEncryption: true // Optional: pass the API key as Authorization header to encryption service
+     * }, encryptionSchema);
+     *
+     * // Use normally - specified fields will be automatically encrypted
+     * const individual = await client.clients.createIndividualClient({
+     *   referenceId: 'ref-123',
+     *   contact: {
+     *     emailAddress: 'user@example.com', // Automatically encrypted
+     *     phoneNumber: '+1234567890',       // Automatically encrypted
+     *   },
+     *   general: {
+     *     firstName: 'John',
+     *     lastName: 'Doe',
+     *     personalId: '123-45-6789',        // Automatically encrypted
+     *   }
+     * });
+     * ```
+     */
+    static withEncryptedFields(config, schema) {
+        // Validate required parameters
+        if (!config) {
+            throw new Error("EncryptedClientConfig is required for field encryption.");
+        }
+        if (!schema) {
+            throw new Error("EncryptedFieldSchema is required for field encryption. Provide a unified schema mapping fields to encryption settings.");
+        }
+        // Create the encryption manager internally using wire-format
+        // Note: Always use WIRE_FORMAT for compliance API to ensure encrypted fields
+        // are sent as "__enc__<base64>" format. This is not configurable by users to
+        // prevent format inconsistencies.
+        const encryptionManager = (0, encryption_node_1.createNodeEncryptionClient)({
+            serviceUrl: config.encryptionServiceUrl || "https://encryption.corsa.finance",
+            apiSecret: config.apiSecret,
+            platformId: config.platformId || "corsa",
+            wireFormat: encryption_node_1.WireFormat.PREFIXED, // Always use prefixed format for compliance API
+            ...(config.passAuthToEncryption && {
+                authorizationHeader: `Bearer ${config.apiKey}`,
+            }),
+        });
+        // Create the field encryption adapter
+        const encryptedFieldAdapter = new EncryptedFieldAdapter_1.EncryptedFieldAdapter(encryptionManager);
+        // Create the encryption middleware with the unified schema
+        const middleware = new EncryptionMiddleware_1.EncryptionMiddleware(schema, encryptedFieldAdapter);
+        // Create OpenAPI config from the provided config
+        const openApiConfig = {
+            BASE: config.baseUrl,
+            HEADERS: {
+                Authorization: `Bearer ${config.apiKey}`,
+            },
+        };
+        // Create the client with the encrypted HTTP request handler
+        const client = new EncryptedComplianceClient(openApiConfig, FetchHttpRequest_1.FetchHttpRequest, middleware);
+        return client;
+    }
+    /**
+     * Constructor for EncryptedComplianceClient
+     *
+     * Note: In most cases, you should use the static `withEncryptedFields()` method instead
+     * of calling this constructor directly.
+     */
+    constructor(config, HttpRequestConstructor = FetchHttpRequest_1.FetchHttpRequest, encryptionMiddleware) {
+        // If encryption middleware is provided, use EncryptedFetchHttpRequest
+        if (encryptionMiddleware) {
+            const openApiConfig = {
+                BASE: config?.BASE ?? "",
+                VERSION: config?.VERSION ?? "1.0",
+                WITH_CREDENTIALS: config?.WITH_CREDENTIALS ?? false,
+                CREDENTIALS: config?.CREDENTIALS ?? "include",
+                TOKEN: config?.TOKEN,
+                USERNAME: config?.USERNAME,
+                PASSWORD: config?.PASSWORD,
+                HEADERS: config?.HEADERS,
+                ENCODE_PATH: config?.ENCODE_PATH,
+            };
+            // Create the encrypted HTTP request with middleware
+            const encryptedRequest = new EncryptedFetchHttpRequest_1.EncryptedFetchHttpRequest(openApiConfig, encryptionMiddleware);
+            // Call parent constructor with our custom request handler
+            // We need to pass it as if it were a constructor, so we create a wrapper
+            super(config, class extends FetchHttpRequest_1.FetchHttpRequest {
+                request = encryptedRequest.request.bind(encryptedRequest);
+                constructor(cfg) {
+                    super(cfg);
+                }
+            });
+        }
+        else {
+            // No encryption middleware, use standard client
+            super(config, HttpRequestConstructor);
+        }
+    }
+}
+exports.EncryptedComplianceClient = EncryptedComplianceClient;
+//# sourceMappingURL=EncryptedComplianceClient.js.map

package/dist/extensions/EncryptedComplianceClient.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"EncryptedComplianceClient.js","sourceRoot":"","sources":["../../extensions/EncryptedComplianceClient.ts"],"names":[],"mappings":";AAAA,0BAA0B;AAC1B,oBAAoB;AACpB,oBAAoB;;;AAEpB,0DAAuD;AACvD,iFAA8E;AAC9E,uEAAoE;AACpE,+DAA4D;AAE5D,mEAAgE;AAEhE,iEAIqC;AAoBrC;;;;;;;;GAQG;AACH,MAAa,yBAA0B,SAAQ,mCAAgB;IAC7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgDG;IACI,MAAM,CAAC,mBAAmB,CAC/B,MAA6B,EAC7B,MAA4B;QAE5B,+BAA+B;QAC/B,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CACb,yDAAyD,CAC1D,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CACb,wHAAwH,CACzH,CAAC;QACJ,CAAC;QAED,6DAA6D;QAC7D,6EAA6E;QAC7E,6EAA6E;QAC7E,kCAAkC;QAClC,MAAM,iBAAiB,GAAG,IAAA,4CAA0B,EAAC;YACnD,UAAU,EACR,MAAM,CAAC,oBAAoB,IAAI,kCAAkC;YACnE,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,OAAO;YACxC,UAAU,EAAE,4BAAU,CAAC,QAAQ,EAAE,gDAAgD;YACjF,GAAG,CAAC,MAAM,CAAC,oBAAoB,IAAI;gBACjC,mBAAmB,EAAE,UAAU,MAAM,CAAC,MAAM,EAAE;aAC/C,CAAC;SACH,CAAC,CAAC;QAEH,sCAAsC;QACtC,MAAM,qBAAqB,GAAG,IAAI,6CAAqB,CAAC,iBAAiB,CAAC,CAAC;QAE3E,2DAA2D;QAC3D,MAAM,UAAU,GAAG,IAAI,2CAAoB,CAAC,MAAM,EAAE,qBAAqB,CAAC,CAAC;QAE3E,iDAAiD;QACjD,MAAM,aAAa,GAA2B;YAC5C,IAAI,EAAE,MAAM,CAAC,OAAO;YACpB,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,MAAM,CAAC,MAAM,EAAE;aACzC;SACF,CAAC;QAEF,4DAA4D;QAC5D,MAAM,MAAM,GAAG,IAAI,yBAAyB,CAC1C,aAAa,EACb,mCAAgB,EAChB,UAAU,CACX,CAAC;QAEF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;OAKG;IACH,YACE,MAA+B,EAC/B,sBAAsB,GAAG,mCAAgB,EACzC,oBAA2C;QAE3C,sEAAsE;QACtE,IAAI,oBAAoB,EAAE,CAAC;YACzB,MAAM,aAAa,GAAG;gBACpB,IAAI,EAAE,MAAM,EAAE,IAAI,IAAI,EAAE;gBACxB,OAAO,EAAE,MAAM,EAAE,OAAO,IAAI,KAAK;gBACjC,gBAAgB,EAAE,MAAM,EAAE,gBAAgB,IAAI,KAAK;gBACnD,WAAW,EAAE,MAAM,EAAE,WAAW,IAAI,SAAS;gBAC7C,KAAK,EAAE,MAAM,EAAE,KAAK;gBACpB,QAAQ,EAAE,MAAM,EAAE,QAAQ;gBAC1B,QAAQ,EAAE,MAAM,EAAE,QAAQ;gBAC1B,OAAO,EAAE,MAAM,EAAE,OAAO;gBACxB,WAAW,EAAE,MAAM,EAAE,WAAW;aACjC,CAAC;YAEF,oDAAoD;YACpD,MAAM,gBAAgB,GAAG,IAAI,qDAAyB,CACpD,aAAa,EACb,oBAAoB,CACrB,CAAC;YAEF,0DAA0D;YAC1D,yEAAyE;YACzE,KAAK,CACH,MAAM,EACN,KAAM,SAAQ,mCAAgB;gBAC5B,OAAO,GAAG,gBAAgB,CAAC,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;gBAC1D,YAAY,GAAQ;oBAClB,KAAK,CAAC,GAAG,CAAC,CAAC;gBACb,CAAC;aACF,CACF,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,gDAAgD;YAChD,KAAK,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC;QACxC,CAAC;IACH,CAAC;CACF;AAzJD,8DAyJC"}

package/dist/extensions/EncryptedFieldAdapter.d.ts

@@ -0,0 +1,25 @@
+import type { NodeEncryptionClient } from "@corsa-labs/encryption-node";
+import type { EncryptionService } from "../core/EncryptionMiddleware";
+/**
+ * Adapter that integrates the encryption-sdk's NodeEncryptionClient
+ * with the compliance-sdk's EncryptionService interface
+ *
+ * This adapter assumes the NodeEncryptionClient is configured with PREFIXED
+ * wire format, which returns "__enc__<base64>" strings ready for API transmission.
+ */
+export declare class EncryptedFieldAdapter implements EncryptionService {
+    private encryptionManager;
+    constructor(encryptionManager: NodeEncryptionClient);
+    /**
+     * Encrypts a value using the encryption-sdk
+     * @param value The plaintext value to encrypt
+     * @returns Wire-format encrypted string ("__enc__<base64>")
+     */
+    encrypt(value: string): Promise<string>;
+    /**
+     * Decrypts a wire-format encrypted value using the encryption-sdk
+     * @param value Wire-format encrypted string ("__enc__<base64>")
+     * @returns Decrypted plaintext value
+     */
+    decrypt(value: string): Promise<string>;
+}

package/dist/extensions/EncryptedFieldAdapter.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EncryptedFieldAdapter = void 0;
+/**
+ * Adapter that integrates the encryption-sdk's NodeEncryptionClient
+ * with the compliance-sdk's EncryptionService interface
+ *
+ * This adapter assumes the NodeEncryptionClient is configured with PREFIXED
+ * wire format, which returns "__enc__<base64>" strings ready for API transmission.
+ */
+class EncryptedFieldAdapter {
+    encryptionManager;
+    constructor(encryptionManager) {
+        this.encryptionManager = encryptionManager;
+    }
+    /**
+     * Encrypts a value using the encryption-sdk
+     * @param value The plaintext value to encrypt
+     * @returns Wire-format encrypted string ("__enc__<base64>")
+     */
+    async encrypt(value) {
+        try {
+            const result = await this.encryptionManager.encrypt(value);
+            if (typeof result === "string") {
+                return result;
+            }
+            throw new Error("The encryption manager returned an unexpected value. Please check the encryption manager configuration.");
+        }
+        catch (error) {
+            throw new Error(`Failed to encrypt field: ${error instanceof Error ? error.message : "Unknown error"}`);
+        }
+    }
+    /**
+     * Decrypts a wire-format encrypted value using the encryption-sdk
+     * @param value Wire-format encrypted string ("__enc__<base64>")
+     * @returns Decrypted plaintext value
+     */
+    async decrypt(value) {
+        try {
+            // Validate wire format
+            if (typeof value !== "string" || !value.startsWith("__enc__")) {
+                throw new Error('Invalid encrypted value format. Expected "__enc__<base64>" string.');
+            }
+            // NodeEncryptionClient.decrypt accepts string when in PREFIXED wire format mode
+            return await this.encryptionManager.decrypt(value);
+        }
+        catch (error) {
+            throw new Error(`Failed to decrypt field: ${error instanceof Error ? error.message : "Unknown error"}`);
+        }
+    }
+}
+exports.EncryptedFieldAdapter = EncryptedFieldAdapter;
+//# sourceMappingURL=EncryptedFieldAdapter.js.map

package/dist/extensions/EncryptedFieldAdapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"EncryptedFieldAdapter.js","sourceRoot":"","sources":["../../extensions/EncryptedFieldAdapter.ts"],"names":[],"mappings":";;;AAMA;;;;;;GAMG;AACH,MAAa,qBAAqB;IACZ;IAApB,YAAoB,iBAAuC;QAAvC,sBAAiB,GAAjB,iBAAiB,CAAsB;IAAG,CAAC;IAE/D;;;;OAIG;IACH,KAAK,CAAC,OAAO,CAAC,KAAa;QACzB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;YAE3D,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE,CAAC;gBAC/B,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,MAAM,IAAI,KAAK,CACb,yGAAyG,CAC1G,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,4BACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAC3C,EAAE,CACH,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,OAAO,CAAC,KAAa;QACzB,IAAI,CAAC;YACH,uBAAuB;YACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC9D,MAAM,IAAI,KAAK,CACb,oEAAoE,CACrE,CAAC;YACJ,CAAC;YAED,gFAAgF;YAChF,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QACrD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CACb,4BACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAC3C,EAAE,CACH,CAAC;QACJ,CAAC;IACH,CAAC;CACF;AApDD,sDAoDC"}

package/dist/main.d.ts

@@ -1,2 +1,4 @@
+export { type EncryptedFieldSchema } from "@corsa-labs/encryption-core";
+export { EncryptedComplianceClient } from "./extensions/EncryptedComplianceClient";
 export * from "./index";
 export * from "./webhooks";

package/dist/main.js

@@ -14,6 +14,9 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.EncryptedComplianceClient = void 0;
+var EncryptedComplianceClient_1 = require("./extensions/EncryptedComplianceClient");
+Object.defineProperty(exports, "EncryptedComplianceClient", { enumerable: true, get: function () { return EncryptedComplianceClient_1.EncryptedComplianceClient; } });
 __exportStar(require("./index"), exports);
 __exportStar(require("./webhooks"), exports);
 //# sourceMappingURL=main.js.map

package/dist/main.js.map

@@ -1 +1 @@
-{"version":3,"file":"main.js","sourceRoot":"","sources":["../main.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,0CAAwB;AACxB,6CAA2B"}
+{"version":3,"file":"main.js","sourceRoot":"","sources":["../main.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AACA,oFAAmF;AAA1E,sIAAA,yBAAyB,OAAA;AAClC,0CAAwB;AACxB,6CAA2B"}

package/dist/models/CreateAlertDto.d.ts

@@ -24,7 +24,7 @@ export type CreateAlertDto = {
     /**
      * External reference ID for the alert
      */
-    referenceId: string;
+    referenceId?: string;
     /**
      * Source information for the alert
      */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@corsa-labs/sdk",
-  "version": "3.9.1",
+  "version": "3.11.0",
   "description": "SDK for Corsa API",
   "main": "dist/main.js",
   "types": "dist/main.d.ts",
@@ -16,10 +16,10 @@
   },
   "license": "MIT",
   "dependencies": {
+    "@corsa-labs/encryption-node": "1.0.8",
     "axios": "^0.30.0",
     "uuid": "^11.1.0"
   },
-  "peerDependencies": {},
   "devDependencies": {
     "@semantic-release/npm": "^12.0.1",
     "@types/node": "^22.15.2",