@discovercloudai/shared 1.0.0

package/dist/errors/http-errors.d.ts

@@ -0,0 +1,22 @@
+import { AppError } from "./app-error";
+export declare class BadRequestError extends AppError {
+    constructor(message?: string, details?: unknown);
+}
+export declare class UnauthorizedError extends AppError {
+    constructor(message?: string, details?: unknown);
+}
+export declare class ForbiddenError extends AppError {
+    constructor(message?: string, details?: unknown);
+}
+export declare class NotFoundError extends AppError {
+    constructor(message?: string, details?: unknown);
+}
+export declare class ConflictError extends AppError {
+    constructor(message?: string, details?: unknown);
+}
+export declare class UnprocessableEntityError extends AppError {
+    constructor(message?: string, details?: unknown);
+}
+export declare class InternalServerError extends AppError {
+    constructor(message?: string, details?: unknown);
+}

package/dist/errors/http-errors.js

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InternalServerError = exports.UnprocessableEntityError = exports.ConflictError = exports.NotFoundError = exports.ForbiddenError = exports.UnauthorizedError = exports.BadRequestError = void 0;
+const app_error_1 = require("./app-error");
+class BadRequestError extends app_error_1.AppError {
+    constructor(message = "Bad Request", details) {
+        super("BAD_REQUEST", 400, message, details);
+    }
+}
+exports.BadRequestError = BadRequestError;
+class UnauthorizedError extends app_error_1.AppError {
+    constructor(message = "Unauthorized", details) {
+        super("UNAUTHORIZED", 401, message, details);
+    }
+}
+exports.UnauthorizedError = UnauthorizedError;
+class ForbiddenError extends app_error_1.AppError {
+    constructor(message = "Forbidden", details) {
+        super("FORBIDDEN", 403, message, details);
+    }
+}
+exports.ForbiddenError = ForbiddenError;
+class NotFoundError extends app_error_1.AppError {
+    constructor(message = "Not Found", details) {
+        super("NOT_FOUND", 404, message, details);
+    }
+}
+exports.NotFoundError = NotFoundError;
+class ConflictError extends app_error_1.AppError {
+    constructor(message = "Conflict", details) {
+        super("CONFLICT", 409, message, details);
+    }
+}
+exports.ConflictError = ConflictError;
+class UnprocessableEntityError extends app_error_1.AppError {
+    constructor(message = "Unprocessable Entity", details) {
+        super("UNPROCESSABLE_ENTITY", 422, message, details);
+    }
+}
+exports.UnprocessableEntityError = UnprocessableEntityError;
+class InternalServerError extends app_error_1.AppError {
+    constructor(message = "Internal Server Error", details) {
+        super("INTERNAL_SERVER_ERROR", 500, message, details);
+    }
+}
+exports.InternalServerError = InternalServerError;

package/dist/errors/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./app-error";
+export * from "./http-errors";

package/dist/errors/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./app-error"), exports);
+__exportStar(require("./http-errors"), exports);

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+export * from "./permissions";
+export * from "./context";
+export * from "./dto";
+export * from "./enums";
+export * from "./errors";

package/dist/index.js

@@ -0,0 +1,21 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./permissions"), exports);
+__exportStar(require("./context"), exports);
+__exportStar(require("./dto"), exports);
+__exportStar(require("./enums"), exports);
+__exportStar(require("./errors"), exports);

package/dist/internal/internal-jwt.service.d.ts

@@ -0,0 +1,13 @@
+import { InternalKeyManager } from "./internal-key-manager";
+import { InternalJwtPayload } from "./internal-jwt.types";
+export declare class InternalJwtService {
+    private readonly keyManager;
+    private readonly serviceName;
+    private jwksCache;
+    constructor(keyManager: InternalKeyManager);
+    sign(payload: {
+        requestId: string;
+    }, targetService: string): Promise<string>;
+    verify(token: string): Promise<InternalJwtPayload>;
+    private getRemoteJWKS;
+}

package/dist/internal/internal-jwt.service.js

@@ -0,0 +1,88 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InternalJwtService = void 0;
+const jose = __importStar(require("jose"));
+class InternalJwtService {
+    constructor(keyManager) {
+        this.keyManager = keyManager;
+        this.jwksCache = new Map();
+        this.serviceName = process.env.SERVICE_NAME || "unknown-service";
+    }
+    async sign(payload, targetService) {
+        const signer = this.keyManager.getPrivateKey();
+        const kid = this.keyManager.getKid();
+        return new jose.SignJWT({
+            ...payload,
+            typ: "internal"
+        })
+            .setProtectedHeader({ alg: "RS256", kid })
+            .setIssuer(this.serviceName)
+            .setAudience(targetService)
+            .setIssuedAt()
+            .setExpirationTime("1m")
+            .sign(signer);
+    }
+    async verify(token) {
+        const unverified = jose.decodeJwt(token);
+        if (!unverified.iss)
+            throw new Error("Missing issuer");
+        if (unverified.typ !== "internal")
+            throw new Error("Invalid token type");
+        const jwks = this.getRemoteJWKS(unverified.iss);
+        const { payload } = await jose.jwtVerify(token, jwks, {
+            algorithms: ["RS256"],
+            audience: this.serviceName,
+            issuer: unverified.iss
+        });
+        return payload;
+    }
+    getRemoteJWKS(issuer) {
+        const envKey = `${issuer.replace(/-/g, "_").toUpperCase()}_URL`;
+        const baseUrl = process.env[envKey];
+        const url = baseUrl
+            ? `${baseUrl}/internal/jwks`
+            : `http://${issuer}/internal/jwks`;
+        if (!this.jwksCache.has(url)) {
+            console.log(`[InternalJwt] Caching JWKS for ${issuer} at ${url}`);
+            this.jwksCache.set(url, jose.createRemoteJWKSet(new URL(url), {
+                cacheMaxAge: 600000,
+                cooldownDuration: 30000
+            }));
+        }
+        return this.jwksCache.get(url);
+    }
+}
+exports.InternalJwtService = InternalJwtService;

package/dist/internal/internal-jwt.types.d.ts

@@ -0,0 +1,7 @@
+import { JWTPayload } from "jose";
+export interface InternalJwtPayload extends JWTPayload {
+    iss: string;
+    aud: string;
+    typ: "internal";
+    requestId: string;
+}

package/dist/internal/internal-jwt.types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/internal/internal-key-manager.d.ts

@@ -0,0 +1,16 @@
+import { JWK } from "jose";
+import { KeyObject } from "crypto";
+export declare class InternalKeyManager {
+    private privateKey;
+    private publicKey;
+    private jwks;
+    private readonly serviceName;
+    private readonly keyPath;
+    constructor();
+    private init;
+    getPrivateKey(): KeyObject | CryptoKey;
+    getPublicJwks(): {
+        keys: JWK[];
+    };
+    getKid(): string;
+}

package/dist/internal/internal-key-manager.js

@@ -0,0 +1,67 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.InternalKeyManager = void 0;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const jose_1 = require("jose");
+class InternalKeyManager {
+    constructor() {
+        this.jwks = [];
+        this.serviceName = process.env.SERVICE_NAME || "unknown-service";
+        this.keyPath = (() => {
+            const envPath = process.env.INTERNAL_KEYS_PATH;
+            if (!envPath) {
+                console.warn("[InternalKeyManager] INTERNAL_KEYS_PATH not set. Using default: src/keys/internal");
+                return path_1.default.join(process.cwd(), "src/keys/internal");
+            }
+            return path_1.default.isAbsolute(envPath) ? envPath : path_1.default.join(process.cwd(), envPath);
+        })();
+        this.init();
+    }
+    async init() {
+        try {
+            if (!fs_1.default.existsSync(this.keyPath)) {
+                console.error(`[InternalKeyManager] Missing keys directory: ${this.keyPath}`);
+                return;
+            }
+            const privPath = path_1.default.join(this.keyPath, "/private/private.pem");
+            if (fs_1.default.existsSync(privPath)) {
+                const privPem = fs_1.default.readFileSync(privPath, "utf8");
+                this.privateKey = await (0, jose_1.importPKCS8)(privPem, "RS256");
+            }
+            const pubPath = path_1.default.join(this.keyPath, "/public/public.pem");
+            if (fs_1.default.existsSync(pubPath)) {
+                const pubPem = fs_1.default.readFileSync(pubPath, "utf8");
+                this.publicKey = await (0, jose_1.importSPKI)(pubPem, "RS256");
+                const jwk = await (0, jose_1.exportJWK)(this.publicKey);
+                this.jwks = [{
+                        ...jwk,
+                        kid: `${this.serviceName}-internal`,
+                        use: "sig",
+                        alg: "RS256"
+                    }];
+            }
+            console.log(`[InternalKeyManager] Loaded keys for: ${this.serviceName}`);
+        }
+        catch (error) {
+            console.error("[InternalKeyManager] Failed to load keys.", error);
+            if (process.env.NODE_ENV === "production")
+                process.exit(1);
+        }
+    }
+    getPrivateKey() {
+        if (!this.privateKey)
+            throw new Error("Private key not loaded");
+        return this.privateKey;
+    }
+    getPublicJwks() {
+        return { keys: this.jwks };
+    }
+    getKid() {
+        return `${this.serviceName}-internal`;
+    }
+}
+exports.InternalKeyManager = InternalKeyManager;

package/dist/internal/registry.d.ts

@@ -0,0 +1,8 @@
+export declare const SERVICE_REGISTRY: {
+    readonly auth: "auth-service";
+    readonly user: "user-service";
+    readonly billing: "billing-service";
+    readonly notifications: "notification-service";
+};
+export type ServiceName = typeof SERVICE_REGISTRY[keyof typeof SERVICE_REGISTRY];
+export declare const extractServiceName: (url?: string) => ServiceName | null;

package/dist/internal/registry.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.extractServiceName = exports.SERVICE_REGISTRY = void 0;
+exports.SERVICE_REGISTRY = {
+    auth: "auth-service",
+    user: "user-service",
+    billing: "billing-service",
+    notifications: "notification-service"
+};
+const extractServiceName = (url) => {
+    if (!url)
+        return null;
+    try {
+        const u = new URL(url);
+        // If localhost, infer by port
+        switch (u.port) {
+            case "3001": return "auth-service";
+            case "3002": return "user-service";
+            case "3003": return "billing-service";
+            case "3004": return "notification-service";
+            default: break;
+        }
+        // Docker/K8s case: hostname is service name
+        const host = u.hostname.split(".")[0];
+        if (Object.values(exports.SERVICE_REGISTRY).includes(host)) {
+            return host;
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+};
+exports.extractServiceName = extractServiceName;

package/dist/internal/service-client.d.ts

@@ -0,0 +1,9 @@
+import { AxiosInstance } from "axios";
+import { InternalJwtService } from "./internal-jwt.service";
+export declare class ServiceClient {
+    private readonly internalJwt;
+    readonly http: AxiosInstance;
+    constructor(internalJwt: InternalJwtService);
+    private setupRetry;
+    private setupInterceptors;
+}

package/dist/internal/service-client.js

@@ -0,0 +1,94 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ServiceClient = void 0;
+const axios_1 = __importStar(require("axios"));
+const axios_retry_1 = __importDefault(require("axios-retry"));
+const registry_1 = require("./registry");
+class ServiceClient {
+    constructor(internalJwt) {
+        this.internalJwt = internalJwt;
+        this.http = axios_1.default.create({
+            timeout: 8000,
+            validateStatus: () => true
+        });
+        this.setupRetry();
+        this.setupInterceptors();
+    }
+    setupRetry() {
+        (0, axios_retry_1.default)(this.http, {
+            retries: 3,
+            retryDelay: axios_retry_1.default.exponentialDelay,
+            retryCondition: (err) => {
+                if (axios_retry_1.default.isNetworkError(err))
+                    return true;
+                return (err.response?.status ?? 0) >= 500;
+            }
+        });
+    }
+    setupInterceptors() {
+        this.http.interceptors.request.use(async (config) => {
+            if (!config.headers)
+                config.headers = new axios_1.AxiosHeaders();
+            const reqId = config.headers["x-request-id"] ||
+                `req_${Math.random().toString(36).slice(2)}`;
+            config.headers["x-request-id"] = reqId;
+            const fullUrl = config.url?.startsWith("http")
+                ? config.url
+                : config.baseURL;
+            if (!fullUrl)
+                throw new Error("Missing baseURL or absolute URL for internal service request");
+            const target = (0, registry_1.extractServiceName)(fullUrl);
+            if (!target)
+                throw new Error(`Cannot extract serviceName from ${fullUrl}`);
+            const token = await this.internalJwt.sign({ requestId: reqId }, target);
+            config.headers["x-internal-jwt"] = token;
+            return config;
+        });
+        this.http.interceptors.response.use((res) => {
+            if (res.status >= 200 && res.status < 300)
+                return res;
+            throw {
+                status: res.status,
+                message: res.data?.error?.message ?? "Service Error",
+                details: res.data
+            };
+        });
+    }
+}
+exports.ServiceClient = ServiceClient;

package/dist/permissions/global-permissions.d.ts

@@ -0,0 +1,3 @@
+import { AccountRole, GlobalPermission } from "../enums";
+export declare const globalRolePermissions: Record<AccountRole, readonly GlobalPermission[]>;
+export declare const canPerformGlobalPermission: (role: AccountRole, permission: GlobalPermission) => boolean;

package/dist/permissions/global-permissions.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.canPerformGlobalPermission = exports.globalRolePermissions = void 0;
+const enums_1 = require("../enums");
+exports.globalRolePermissions = {
+    [enums_1.AccountRole.SUPERADMIN]: [
+        enums_1.GlobalPermission.MANAGE_SYSTEM,
+        enums_1.GlobalPermission.MANAGE_ALL_ORGS,
+        enums_1.GlobalPermission.MANAGE_USERS,
+        enums_1.GlobalPermission.VIEW_SYSTEM_LOGS,
+        enums_1.GlobalPermission.SUPPORT_ACTIONS,
+        enums_1.GlobalPermission.MODERATE_CONTENT
+    ],
+    [enums_1.AccountRole.ADMIN]: [
+        enums_1.GlobalPermission.MANAGE_USERS,
+        enums_1.GlobalPermission.SUPPORT_ACTIONS,
+        enums_1.GlobalPermission.VIEW_SYSTEM_LOGS
+    ],
+    [enums_1.AccountRole.SUPPORT]: [
+        enums_1.GlobalPermission.SUPPORT_ACTIONS
+    ],
+    [enums_1.AccountRole.MODERATOR]: [
+        enums_1.GlobalPermission.MODERATE_CONTENT
+    ],
+    [enums_1.AccountRole.USER]: []
+};
+const canPerformGlobalPermission = (role, permission) => {
+    return exports.globalRolePermissions[role]?.includes(permission) ?? false;
+};
+exports.canPerformGlobalPermission = canPerformGlobalPermission;

package/dist/permissions/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./global-permissions";
+export * from "./org-permissions";
+export * from "./is-allowed";

package/dist/permissions/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./global-permissions"), exports);
+__exportStar(require("./org-permissions"), exports);
+__exportStar(require("./is-allowed"), exports);

package/dist/permissions/is-allowed.d.ts

@@ -0,0 +1,3 @@
+import { AccessContext } from "../context";
+import { GlobalPermission, OrgPermission } from "../enums";
+export declare const isAllowed: (ctx: AccessContext, permission: GlobalPermission | OrgPermission) => boolean;

package/dist/permissions/is-allowed.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isAllowed = void 0;
+const enums_1 = require("../enums");
+const global_permissions_1 = require("./global-permissions");
+const org_permissions_1 = require("./org-permissions");
+const isAllowed = (ctx, permission) => {
+    if (Object.values(enums_1.GlobalPermission).includes(permission)) {
+        // We now use the role pulled from the token context, not a user database entity
+        return (0, global_permissions_1.canPerformGlobalPermission)(ctx.accountRole, permission);
+    }
+    if (!ctx.membership)
+        return false;
+    return (0, org_permissions_1.canPerformOrgPermission)(ctx.membership.role, ctx.membership.status, permission);
+};
+exports.isAllowed = isAllowed;

package/dist/permissions/org-permissions.d.ts

@@ -0,0 +1,3 @@
+import { OrganizationRole, MembershipStatus, OrgPermission } from "../enums";
+export declare const orgRolePermissions: Record<OrganizationRole, readonly OrgPermission[]>;
+export declare const canPerformOrgPermission: (role: OrganizationRole, status: MembershipStatus, permission: OrgPermission) => boolean;

package/dist/permissions/org-permissions.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.canPerformOrgPermission = exports.orgRolePermissions = void 0;
+const enums_1 = require("../enums");
+exports.orgRolePermissions = {
+    [enums_1.OrganizationRole.OWNER]: [
+        enums_1.OrgPermission.MANAGE_ORG,
+        enums_1.OrgPermission.MANAGE_MEMBERS,
+    ],
+    [enums_1.OrganizationRole.ADMIN]: [enums_1.OrgPermission.MANAGE_MEMBERS],
+    [enums_1.OrganizationRole.EDITOR]: [],
+    [enums_1.OrganizationRole.VIEWER]: [],
+};
+const canPerformOrgPermission = (role, status, permission) => {
+    if (status !== enums_1.MembershipStatus.ACTIVE)
+        return false;
+    return exports.orgRolePermissions[role]?.includes(permission) ?? false;
+};
+exports.canPerformOrgPermission = canPerformOrgPermission;

package/package.json

@@ -0,0 +1,28 @@
+{
+  "name": "@discovercloudai/shared",
+  "version": "1.0.0",
+  "private": false,
+  "type": "commonjs",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "prepublishOnly": "npm run build"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "dependencies": {
+    "axios-retry": "^4.5.0",
+    "crypto": "^1.0.1",
+    "jose": "^6.1.3",
+    "tsc": "^2.0.4",
+    "typescript": "^5.9.3"
+  },
+  "devDependencies": {
+    "@types/node": "^25.3.0"
+  }
+}