@dynamic-labs-sdk/client 0.17.2 → 0.17.4

package/dist/{isMfaRequiredForAction-CXRaUbFE.esm.js → isMfaRequiredForAction-BtO6Xkeu.esm.js}

@@ -1,4 +1,4 @@
-import { A as getDefaultClient, P as getCore, u as createApiClient, w as assertDefined } from "./InvalidParamError-Dc2HgrDm.esm.js";
+import { F as getCore, T as assertDefined, j as getDefaultClient, u as createApiClient } from "./InvalidParamError-BgvcmQ36.esm.js";
 
 //#region src/modules/mfa/consumeMfaToken/consumeMfaToken.ts
 /**
@@ -59,4 +59,4 @@ const isMfaRequiredForAction = async ({ mfaAction }, client = getDefaultClient()
 
 //#endregion
 export { getMfaMethods as n, consumeMfaToken as r, isMfaRequiredForAction as t };
-//# sourceMappingURL=isMfaRequiredForAction-CXRaUbFE.esm.js.map
+//# sourceMappingURL=isMfaRequiredForAction-BtO6Xkeu.esm.js.map

package/dist/{isMfaRequiredForAction-CXRaUbFE.esm.js.map → isMfaRequiredForAction-BtO6Xkeu.esm.js.map}

@@ -1 +1 @@
-{"version":3,"file":"isMfaRequiredForAction-CXRaUbFE.esm.js","names":[],"sources":["../src/modules/mfa/consumeMfaToken/consumeMfaToken.ts","../src/modules/mfa/getMfaMethods/getMfaMethods.ts","../src/modules/mfa/isMfaRequiredForAction/isMfaRequiredForAction.ts"],"sourcesContent":["import { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { assertDefined } from '../../../utils/assertDefined';\n\n/**\n * Consumes and clears the current MFA token from the client state.\n *\n * This function retrieves the MFA token obtained from a successful MFA authentication,\n * and removes it from the client, to prevent it from being used again.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns The MFA token that was consumed.\n * @throws Error if no MFA token is found.\n */\nexport const consumeMfaToken = (client = getDefaultClient()) => {\n  const core = getCore(client);\n\n  const mfaToken = core.state.get().mfaToken;\n\n  assertDefined(mfaToken, 'No MFA token found');\n\n  core.state.set({\n    mfaToken: null,\n  });\n\n  return mfaToken;\n};\n","import { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { createApiClient } from '../../apiClient';\n\n/**\n * Retrieves the available MFA methods for the current user.\n *\n * This function fetches information about which multi-factor authentication\n * methods are available and configured for the user's account.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns A promise that resolves to the user's MFA methods configuration.\n */\nexport const getMfaMethods = async (client = getDefaultClient()) => {\n  const core = getCore(client);\n  const apiClient = createApiClient({}, client);\n\n  const userMfaMethods = await apiClient.getUserMfaMethods({\n    environmentId: core.environmentId,\n    verifiedOnly: true,\n  });\n\n  return userMfaMethods;\n};\n","import type { MFAAction } from '@dynamic-labs/sdk-api-core';\n\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { getMfaMethods } from '../getMfaMethods';\n\ntype IsMfaRequiredForActionParams = {\n  mfaAction: MFAAction;\n};\n\n/**\n * Checks if MFA is required for a specific action.\n *\n * This function determines whether multi-factor authentication is required\n * for the specified action based on project settings and user configuration.\n *\n * @param params.mfaAction - The action to check MFA requirements for.\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns A promise that resolves to true if MFA is required for the action, false otherwise.\n */\nexport const isMfaRequiredForAction = async (\n  { mfaAction }: IsMfaRequiredForActionParams,\n  client = getDefaultClient()\n) => {\n  const projectSettings = client.projectSettings;\n\n  const isRequiredForAction = projectSettings?.security?.mfa?.actions?.some(\n    (action) => action.action === mfaAction && action.required\n  );\n\n  // if mfa is not required for the action, return false\n  // no matter if general mfa is set to required or not\n  if (!isRequiredForAction) {\n    return false;\n  }\n\n  const isMfaMethodRequired = projectSettings?.security?.mfa?.required;\n\n  // if mfa is required for the action and also set as required in general, return true\n  if (isMfaMethodRequired) {\n    return true;\n  }\n\n  const mfaMethods = await getMfaMethods(client);\n  // if general mfa is optional, but user has registered methods,\n  // then it should be required for the action\n  return mfaMethods.userHasVerifiedMfaMethods;\n};\n"],"mappings":";;;;;;;;;;;;;AAcA,MAAa,mBAAmB,SAAS,kBAAkB,KAAK;CAC9D,MAAM,OAAO,QAAQ,OAAO;CAE5B,MAAM,WAAW,KAAK,MAAM,KAAK,CAAC;AAElC,eAAc,UAAU,qBAAqB;AAE7C,MAAK,MAAM,IAAI,EACb,UAAU,MACX,CAAC;AAEF,QAAO;;;;;;;;;;;;;;ACZT,MAAa,gBAAgB,OAAO,SAAS,kBAAkB,KAAK;CAClE,MAAM,OAAO,QAAQ,OAAO;AAQ5B,QALuB,MAFL,gBAAgB,EAAE,EAAE,OAAO,CAEN,kBAAkB;EACvD,eAAe,KAAK;EACpB,cAAc;EACf,CAAC;;;;;;;;;;;;;;;ACDJ,MAAa,yBAAyB,OACpC,EAAE,aACF,SAAS,kBAAkB,KACxB;CACH,MAAM,kBAAkB,OAAO;AAQ/B,KAAI,CANwB,iBAAiB,UAAU,KAAK,SAAS,MAClE,WAAW,OAAO,WAAW,aAAa,OAAO,SACnD,CAKC,QAAO;AAMT,KAH4B,iBAAiB,UAAU,KAAK,SAI1D,QAAO;AAMT,SAHmB,MAAM,cAAc,OAAO,EAG5B"}
+{"version":3,"file":"isMfaRequiredForAction-BtO6Xkeu.esm.js","names":[],"sources":["../src/modules/mfa/consumeMfaToken/consumeMfaToken.ts","../src/modules/mfa/getMfaMethods/getMfaMethods.ts","../src/modules/mfa/isMfaRequiredForAction/isMfaRequiredForAction.ts"],"sourcesContent":["import { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { assertDefined } from '../../../utils/assertDefined';\n\n/**\n * Consumes and clears the current MFA token from the client state.\n *\n * This function retrieves the MFA token obtained from a successful MFA authentication,\n * and removes it from the client, to prevent it from being used again.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns The MFA token that was consumed.\n * @throws Error if no MFA token is found.\n */\nexport const consumeMfaToken = (client = getDefaultClient()) => {\n  const core = getCore(client);\n\n  const mfaToken = core.state.get().mfaToken;\n\n  assertDefined(mfaToken, 'No MFA token found');\n\n  core.state.set({\n    mfaToken: null,\n  });\n\n  return mfaToken;\n};\n","import { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { createApiClient } from '../../apiClient';\n\n/**\n * Retrieves the available MFA methods for the current user.\n *\n * This function fetches information about which multi-factor authentication\n * methods are available and configured for the user's account.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns A promise that resolves to the user's MFA methods configuration.\n */\nexport const getMfaMethods = async (client = getDefaultClient()) => {\n  const core = getCore(client);\n  const apiClient = createApiClient({}, client);\n\n  const userMfaMethods = await apiClient.getUserMfaMethods({\n    environmentId: core.environmentId,\n    verifiedOnly: true,\n  });\n\n  return userMfaMethods;\n};\n","import type { MFAAction } from '@dynamic-labs/sdk-api-core';\n\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { getMfaMethods } from '../getMfaMethods';\n\ntype IsMfaRequiredForActionParams = {\n  mfaAction: MFAAction;\n};\n\n/**\n * Checks if MFA is required for a specific action.\n *\n * This function determines whether multi-factor authentication is required\n * for the specified action based on project settings and user configuration.\n *\n * @param params.mfaAction - The action to check MFA requirements for.\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns A promise that resolves to true if MFA is required for the action, false otherwise.\n */\nexport const isMfaRequiredForAction = async (\n  { mfaAction }: IsMfaRequiredForActionParams,\n  client = getDefaultClient()\n) => {\n  const projectSettings = client.projectSettings;\n\n  const isRequiredForAction = projectSettings?.security?.mfa?.actions?.some(\n    (action) => action.action === mfaAction && action.required\n  );\n\n  // if mfa is not required for the action, return false\n  // no matter if general mfa is set to required or not\n  if (!isRequiredForAction) {\n    return false;\n  }\n\n  const isMfaMethodRequired = projectSettings?.security?.mfa?.required;\n\n  // if mfa is required for the action and also set as required in general, return true\n  if (isMfaMethodRequired) {\n    return true;\n  }\n\n  const mfaMethods = await getMfaMethods(client);\n  // if general mfa is optional, but user has registered methods,\n  // then it should be required for the action\n  return mfaMethods.userHasVerifiedMfaMethods;\n};\n"],"mappings":";;;;;;;;;;;;;AAcA,MAAa,mBAAmB,SAAS,kBAAkB,KAAK;CAC9D,MAAM,OAAO,QAAQ,OAAO;CAE5B,MAAM,WAAW,KAAK,MAAM,KAAK,CAAC;AAElC,eAAc,UAAU,qBAAqB;AAE7C,MAAK,MAAM,IAAI,EACb,UAAU,MACX,CAAC;AAEF,QAAO;;;;;;;;;;;;;;ACZT,MAAa,gBAAgB,OAAO,SAAS,kBAAkB,KAAK;CAClE,MAAM,OAAO,QAAQ,OAAO;AAQ5B,QALuB,MAFL,gBAAgB,EAAE,EAAE,OAAO,CAEN,kBAAkB;EACvD,eAAe,KAAK;EACpB,cAAc;EACf,CAAC;;;;;;;;;;;;;;;ACDJ,MAAa,yBAAyB,OACpC,EAAE,aACF,SAAS,kBAAkB,KACxB;CACH,MAAM,kBAAkB,OAAO;AAQ/B,KAAI,CANwB,iBAAiB,UAAU,KAAK,SAAS,MAClE,WAAW,OAAO,WAAW,aAAa,OAAO,SACnD,CAKC,QAAO;AAMT,KAH4B,iBAAiB,UAAU,KAAK,SAI1D,QAAO;AAMT,SAHmB,MAAM,cAAc,OAAO,EAG5B"}

package/dist/{isMfaRequiredForAction-BS239c-s.cjs.js → isMfaRequiredForAction-C84laGI8.cjs.js}

@@ -1,4 +1,4 @@
-const require_InvalidParamError = require('./InvalidParamError-z_h8HyKL.cjs.js');
+const require_InvalidParamError = require('./InvalidParamError-CApg0dxd.cjs.js');
 
 //#region src/modules/mfa/consumeMfaToken/consumeMfaToken.ts
 /**
@@ -76,4 +76,4 @@ Object.defineProperty(exports, 'isMfaRequiredForAction', {
     return isMfaRequiredForAction;
   }
 });
-//# sourceMappingURL=isMfaRequiredForAction-BS239c-s.cjs.js.map
+//# sourceMappingURL=isMfaRequiredForAction-C84laGI8.cjs.js.map

package/dist/{isMfaRequiredForAction-BS239c-s.cjs.js.map → isMfaRequiredForAction-C84laGI8.cjs.js.map}

@@ -1 +1 @@
-{"version":3,"file":"isMfaRequiredForAction-BS239c-s.cjs.js","names":["getDefaultClient","getCore","getDefaultClient","getCore","createApiClient","getDefaultClient"],"sources":["../src/modules/mfa/consumeMfaToken/consumeMfaToken.ts","../src/modules/mfa/getMfaMethods/getMfaMethods.ts","../src/modules/mfa/isMfaRequiredForAction/isMfaRequiredForAction.ts"],"sourcesContent":["import { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { assertDefined } from '../../../utils/assertDefined';\n\n/**\n * Consumes and clears the current MFA token from the client state.\n *\n * This function retrieves the MFA token obtained from a successful MFA authentication,\n * and removes it from the client, to prevent it from being used again.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns The MFA token that was consumed.\n * @throws Error if no MFA token is found.\n */\nexport const consumeMfaToken = (client = getDefaultClient()) => {\n  const core = getCore(client);\n\n  const mfaToken = core.state.get().mfaToken;\n\n  assertDefined(mfaToken, 'No MFA token found');\n\n  core.state.set({\n    mfaToken: null,\n  });\n\n  return mfaToken;\n};\n","import { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { createApiClient } from '../../apiClient';\n\n/**\n * Retrieves the available MFA methods for the current user.\n *\n * This function fetches information about which multi-factor authentication\n * methods are available and configured for the user's account.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns A promise that resolves to the user's MFA methods configuration.\n */\nexport const getMfaMethods = async (client = getDefaultClient()) => {\n  const core = getCore(client);\n  const apiClient = createApiClient({}, client);\n\n  const userMfaMethods = await apiClient.getUserMfaMethods({\n    environmentId: core.environmentId,\n    verifiedOnly: true,\n  });\n\n  return userMfaMethods;\n};\n","import type { MFAAction } from '@dynamic-labs/sdk-api-core';\n\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { getMfaMethods } from '../getMfaMethods';\n\ntype IsMfaRequiredForActionParams = {\n  mfaAction: MFAAction;\n};\n\n/**\n * Checks if MFA is required for a specific action.\n *\n * This function determines whether multi-factor authentication is required\n * for the specified action based on project settings and user configuration.\n *\n * @param params.mfaAction - The action to check MFA requirements for.\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns A promise that resolves to true if MFA is required for the action, false otherwise.\n */\nexport const isMfaRequiredForAction = async (\n  { mfaAction }: IsMfaRequiredForActionParams,\n  client = getDefaultClient()\n) => {\n  const projectSettings = client.projectSettings;\n\n  const isRequiredForAction = projectSettings?.security?.mfa?.actions?.some(\n    (action) => action.action === mfaAction && action.required\n  );\n\n  // if mfa is not required for the action, return false\n  // no matter if general mfa is set to required or not\n  if (!isRequiredForAction) {\n    return false;\n  }\n\n  const isMfaMethodRequired = projectSettings?.security?.mfa?.required;\n\n  // if mfa is required for the action and also set as required in general, return true\n  if (isMfaMethodRequired) {\n    return true;\n  }\n\n  const mfaMethods = await getMfaMethods(client);\n  // if general mfa is optional, but user has registered methods,\n  // then it should be required for the action\n  return mfaMethods.userHasVerifiedMfaMethods;\n};\n"],"mappings":";;;;;;;;;;;;;AAcA,MAAa,mBAAmB,SAASA,4CAAkB,KAAK;CAC9D,MAAM,OAAOC,kCAAQ,OAAO;CAE5B,MAAM,WAAW,KAAK,MAAM,KAAK,CAAC;AAElC,yCAAc,UAAU,qBAAqB;AAE7C,MAAK,MAAM,IAAI,EACb,UAAU,MACX,CAAC;AAEF,QAAO;;;;;;;;;;;;;;ACZT,MAAa,gBAAgB,OAAO,SAASC,4CAAkB,KAAK;CAClE,MAAM,OAAOC,kCAAQ,OAAO;AAQ5B,QALuB,MAFLC,0CAAgB,EAAE,EAAE,OAAO,CAEN,kBAAkB;EACvD,eAAe,KAAK;EACpB,cAAc;EACf,CAAC;;;;;;;;;;;;;;;ACDJ,MAAa,yBAAyB,OACpC,EAAE,aACF,SAASC,4CAAkB,KACxB;CACH,MAAM,kBAAkB,OAAO;AAQ/B,KAAI,CANwB,iBAAiB,UAAU,KAAK,SAAS,MAClE,WAAW,OAAO,WAAW,aAAa,OAAO,SACnD,CAKC,QAAO;AAMT,KAH4B,iBAAiB,UAAU,KAAK,SAI1D,QAAO;AAMT,SAHmB,MAAM,cAAc,OAAO,EAG5B"}
+{"version":3,"file":"isMfaRequiredForAction-C84laGI8.cjs.js","names":["getDefaultClient","getCore","getDefaultClient","getCore","createApiClient","getDefaultClient"],"sources":["../src/modules/mfa/consumeMfaToken/consumeMfaToken.ts","../src/modules/mfa/getMfaMethods/getMfaMethods.ts","../src/modules/mfa/isMfaRequiredForAction/isMfaRequiredForAction.ts"],"sourcesContent":["import { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { assertDefined } from '../../../utils/assertDefined';\n\n/**\n * Consumes and clears the current MFA token from the client state.\n *\n * This function retrieves the MFA token obtained from a successful MFA authentication,\n * and removes it from the client, to prevent it from being used again.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns The MFA token that was consumed.\n * @throws Error if no MFA token is found.\n */\nexport const consumeMfaToken = (client = getDefaultClient()) => {\n  const core = getCore(client);\n\n  const mfaToken = core.state.get().mfaToken;\n\n  assertDefined(mfaToken, 'No MFA token found');\n\n  core.state.set({\n    mfaToken: null,\n  });\n\n  return mfaToken;\n};\n","import { getCore } from '../../../client/core/getCore';\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { createApiClient } from '../../apiClient';\n\n/**\n * Retrieves the available MFA methods for the current user.\n *\n * This function fetches information about which multi-factor authentication\n * methods are available and configured for the user's account.\n *\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns A promise that resolves to the user's MFA methods configuration.\n */\nexport const getMfaMethods = async (client = getDefaultClient()) => {\n  const core = getCore(client);\n  const apiClient = createApiClient({}, client);\n\n  const userMfaMethods = await apiClient.getUserMfaMethods({\n    environmentId: core.environmentId,\n    verifiedOnly: true,\n  });\n\n  return userMfaMethods;\n};\n","import type { MFAAction } from '@dynamic-labs/sdk-api-core';\n\nimport { getDefaultClient } from '../../../client/defaultClient';\nimport { getMfaMethods } from '../getMfaMethods';\n\ntype IsMfaRequiredForActionParams = {\n  mfaAction: MFAAction;\n};\n\n/**\n * Checks if MFA is required for a specific action.\n *\n * This function determines whether multi-factor authentication is required\n * for the specified action based on project settings and user configuration.\n *\n * @param params.mfaAction - The action to check MFA requirements for.\n * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.\n * @returns A promise that resolves to true if MFA is required for the action, false otherwise.\n */\nexport const isMfaRequiredForAction = async (\n  { mfaAction }: IsMfaRequiredForActionParams,\n  client = getDefaultClient()\n) => {\n  const projectSettings = client.projectSettings;\n\n  const isRequiredForAction = projectSettings?.security?.mfa?.actions?.some(\n    (action) => action.action === mfaAction && action.required\n  );\n\n  // if mfa is not required for the action, return false\n  // no matter if general mfa is set to required or not\n  if (!isRequiredForAction) {\n    return false;\n  }\n\n  const isMfaMethodRequired = projectSettings?.security?.mfa?.required;\n\n  // if mfa is required for the action and also set as required in general, return true\n  if (isMfaMethodRequired) {\n    return true;\n  }\n\n  const mfaMethods = await getMfaMethods(client);\n  // if general mfa is optional, but user has registered methods,\n  // then it should be required for the action\n  return mfaMethods.userHasVerifiedMfaMethods;\n};\n"],"mappings":";;;;;;;;;;;;;AAcA,MAAa,mBAAmB,SAASA,4CAAkB,KAAK;CAC9D,MAAM,OAAOC,kCAAQ,OAAO;CAE5B,MAAM,WAAW,KAAK,MAAM,KAAK,CAAC;AAElC,yCAAc,UAAU,qBAAqB;AAE7C,MAAK,MAAM,IAAI,EACb,UAAU,MACX,CAAC;AAEF,QAAO;;;;;;;;;;;;;;ACZT,MAAa,gBAAgB,OAAO,SAASC,4CAAkB,KAAK;CAClE,MAAM,OAAOC,kCAAQ,OAAO;AAQ5B,QALuB,MAFLC,0CAAgB,EAAE,EAAE,OAAO,CAEN,kBAAkB;EACvD,eAAe,KAAK;EACpB,cAAc;EACf,CAAC;;;;;;;;;;;;;;;ACDJ,MAAa,yBAAyB,OACpC,EAAE,aACF,SAASC,4CAAkB,KACxB;CACH,MAAM,kBAAkB,OAAO;AAQ/B,KAAI,CANwB,iBAAiB,UAAU,KAAK,SAAS,MAClE,WAAW,OAAO,WAAW,aAAa,OAAO,SACnD,CAKC,QAAO;AAMT,KAH4B,iBAAiB,UAAU,KAAK,SAI1D,QAAO;AAMT,SAHmB,MAAM,cAAc,OAAO,EAG5B"}

package/dist/modules/apiClient/apiClient.types.d.ts

@@ -1,3 +1,4 @@
+import type { TokenScope } from '@dynamic-labs/sdk-api-core';
 /**
  * A function that maps one error type to another.
  *
@@ -16,6 +17,12 @@
  */
 export type ErrorMapper = (error: Error) => Error | null;
 export type CreateApiClientOptions = {
+    /**
+     * When set, reads the elevated access token for the given scope from
+     * client state and includes it in the `x-dyn-elevated-access-token`
+     * header. If no valid token exists for the scope, the header is omitted.
+     */
+    elevatedAccessTokenScope?: TokenScope;
     /**
      * Array of error mappers that will be applied to API errors in order.
      * Each mapper can transform an error into a different error type or return null to skip transformation.

package/dist/modules/apiClient/apiClient.types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"apiClient.types.d.ts","sourceRoot":"","sources":["../../../src/modules/apiClient/apiClient.types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AACH,MAAM,MAAM,WAAW,GAAG,CAAC,KAAK,EAAE,KAAK,KAAK,KAAK,GAAG,IAAI,CAAC;AAEzD,MAAM,MAAM,sBAAsB,GAAG;IACnC;;;;;;;;;;;;;OAaG;IACH,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IAE7B;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC;;;;OAIG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,CAAC"}
+{"version":3,"file":"apiClient.types.d.ts","sourceRoot":"","sources":["../../../src/modules/apiClient/apiClient.types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAE7D;;;;;;;;;;;;;;;GAeG;AACH,MAAM,MAAM,WAAW,GAAG,CAAC,KAAK,EAAE,KAAK,KAAK,KAAK,GAAG,IAAI,CAAC;AAEzD,MAAM,MAAM,sBAAsB,GAAG;IACnC;;;;OAIG;IACH,wBAAwB,CAAC,EAAE,UAAU,CAAC;IAEtC;;;;;;;;;;;;;OAaG;IACH,YAAY,CAAC,EAAE,WAAW,EAAE,CAAC;IAE7B;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC;;;;OAIG;IACH,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,CAAC"}

package/dist/modules/apiClient/constants.d.ts

@@ -1,8 +1,10 @@
 export declare const DYNAMIC_API_VERSION_HEADER = "x-dyn-api-version";
 export declare const DYNAMIC_REQUEST_ID_HEADER = "x-dyn-request-id";
 export declare const DYNAMIC_SDK_VERSION_HEADER = "x-dyn-version";
+export declare const ELEVATED_ACCESS_TOKEN_HEADER = "x-dyn-elevated-access-token";
 export declare const MFA_TOKEN_HEADER = "x-mfa-auth-token";
 export declare const SESSION_PUBLIC_KEY_HEADER = "x-dyn-session-public-key";
 export declare const DYNAMIC_SDK_API_VERSION: string;
+export declare const DYNAMIC_SDK_SESSION_ID_HEADER = "x-dyn-session-id";
 export declare const CLIENT_SDK_NAME = "ClientSDK";
 //# sourceMappingURL=constants.d.ts.map

package/dist/modules/apiClient/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../src/modules/apiClient/constants.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,0BAA0B,sBAAsB,CAAC;AAE9D,eAAO,MAAM,yBAAyB,qBAAqB,CAAC;AAE5D,eAAO,MAAM,0BAA0B,kBAAkB,CAAC;AAE1D,eAAO,MAAM,gBAAgB,qBAAqB,CAAC;AAEnD,eAAO,MAAM,yBAAyB,6BAA6B,CAAC;AAEpE,eAAO,MAAM,uBAAuB,QACQ,CAAC;AAE7C,eAAO,MAAM,eAAe,cAAc,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../src/modules/apiClient/constants.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,0BAA0B,sBAAsB,CAAC;AAE9D,eAAO,MAAM,yBAAyB,qBAAqB,CAAC;AAE5D,eAAO,MAAM,0BAA0B,kBAAkB,CAAC;AAE1D,eAAO,MAAM,4BAA4B,gCAAgC,CAAC;AAE1E,eAAO,MAAM,gBAAgB,qBAAqB,CAAC;AAEnD,eAAO,MAAM,yBAAyB,6BAA6B,CAAC;AAEpE,eAAO,MAAM,uBAAuB,QACQ,CAAC;AAE7C,eAAO,MAAM,6BAA6B,qBAAqB,CAAC;AAEhE,eAAO,MAAM,eAAe,cAAc,CAAC"}

package/dist/modules/apiClient/createApiClient.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"createApiClient.d.ts","sourceRoot":"","sources":["../../../src/modules/apiClient/createApiClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,MAAM,EAAE,MAAM,4BAA4B,CAAC;AAInE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAIxD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AA6BhE;;;;GAIG;AACH,eAAO,MAAM,eAAe,YACjB,sBAAsB,sBACvB,aAAa,WAqDtB,CAAC"}
+{"version":3,"file":"createApiClient.d.ts","sourceRoot":"","sources":["../../../src/modules/apiClient/createApiClient.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,MAAM,EAAE,MAAM,4BAA4B,CAAC;AAInE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,oBAAoB,CAAC;AAIxD,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAkChE;;;;GAIG;AACH,eAAO,MAAM,eAAe,YACjB,sBAAsB,sBACvB,aAAa,WAgEtB,CAAC"}

package/dist/modules/auth/getElevatedAccessToken/getElevatedAccessToken.d.ts

@@ -1,4 +1,10 @@
 type GetElevatedAccessTokenParams = {
+    /**
+     * Whether to consume single-use tokens after retrieval.
+     * Set to `false` to check for token existence without side-effects.
+     * @default true
+     */
+    consume?: boolean;
     scope: string;
 };
 /**
@@ -7,24 +13,25 @@ type GetElevatedAccessTokenParams = {
  * This function retrieves an elevated access token that contains the specified scope.
  * Expired tokens are automatically filtered out.
  *
- * If the token has `singleUse: true`, it will be automatically
- * consumed (removed from state) after retrieval. Otherwise, it remains in state
- * for future use.
+ * By default, if the token has `singleUse: true`, it will be automatically
+ * consumed (removed from state) after retrieval. Pass `consume: false` to
+ * check for token existence without consuming it.
  *
  * @param params - The parameters object.
  * @param params.scope - The scope to match (e.g., 'wallet:export').
+ * @param params.consume - Whether to consume single-use tokens (default: true).
  * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
  * @returns The elevated access token if found and not expired, or undefined if not found or expired.
  *
  * @example
  * ```typescript
+ * // Retrieve and consume (default)
  * const token = getElevatedAccessToken({ scope: 'wallet:export' });
- * if (token) {
- *   // Use the token
- *   // Token is automatically consumed if singleUse: true
- * }
+ *
+ * // Check existence without consuming
+ * const token = getElevatedAccessToken({ scope: 'credential:unlink', consume: false });
  * ```
  */
-export declare const getElevatedAccessToken: ({ scope }: GetElevatedAccessTokenParams, client?: import("../../../exports").DynamicClient) => string | undefined;
+export declare const getElevatedAccessToken: ({ consume, scope }: GetElevatedAccessTokenParams, client?: import("../../../exports").DynamicClient) => string | undefined;
 export {};
 //# sourceMappingURL=getElevatedAccessToken.d.ts.map

package/dist/modules/auth/getElevatedAccessToken/getElevatedAccessToken.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"getElevatedAccessToken.d.ts","sourceRoot":"","sources":["../../../../src/modules/auth/getElevatedAccessToken/getElevatedAccessToken.ts"],"names":[],"mappings":"AAGA,KAAK,4BAA4B,GAAG;IAClC,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAO,MAAM,sBAAsB,cACtB,4BAA4B,wDAEtC,MAAM,GAAG,SAiCX,CAAC"}
+{"version":3,"file":"getElevatedAccessToken.d.ts","sourceRoot":"","sources":["../../../../src/modules/auth/getElevatedAccessToken/getElevatedAccessToken.ts"],"names":[],"mappings":"AAGA,KAAK,4BAA4B,GAAG;IAClC;;;;OAIG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,eAAO,MAAM,sBAAsB,uBACN,4BAA4B,wDAEtD,MAAM,GAAG,SAiCX,CAAC"}

package/dist/modules/auth/passkeys/deletePasskey/deletePasskey.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"deletePasskey.d.ts","sourceRoot":"","sources":["../../../../../src/modules/auth/passkeys/deletePasskey/deletePasskey.ts"],"names":[],"mappings":"AAIA;;;;;;GAMG;AACH,eAAO,MAAM,aAAa,kBACT;IAAE,SAAS,EAAE,MAAM,CAAA;CAAE,2DAEnC,OAAO,CAAC,IAAI,CAUd,CAAC"}
+{"version":3,"file":"deletePasskey.d.ts","sourceRoot":"","sources":["../../../../../src/modules/auth/passkeys/deletePasskey/deletePasskey.ts"],"names":[],"mappings":"AAMA;;;;;;GAMG;AACH,eAAO,MAAM,aAAa,kBACT;IAAE,SAAS,EAAE,MAAM,CAAA;CAAE,2DAEnC,OAAO,CAAC,IAAI,CAgBd,CAAC"}

package/dist/modules/auth/passkeys/serverRegisterPasskey/serverRegisterPasskey.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"serverRegisterPasskey.d.ts","sourceRoot":"","sources":["../../../../../src/modules/auth/passkeys/serverRegisterPasskey/serverRegisterPasskey.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AACjE,OAAO,EAAE,KAAK,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AAGxE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAG9D,KAAK,2BAA2B,GAAG;IACjC,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,YAAY,EAAE,wBAAwB,CAAC;CACxC,CAAC;AAEF,eAAO,MAAM,qBAAqB,qCACE,2BAA2B,UACrD,aAAa,iEAoBtB,CAAC"}
+{"version":3,"file":"serverRegisterPasskey.d.ts","sourceRoot":"","sources":["../../../../../src/modules/auth/passkeys/serverRegisterPasskey/serverRegisterPasskey.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,4BAA4B,CAAC;AAEjE,OAAO,EAAE,KAAK,wBAAwB,EAAE,MAAM,yBAAyB,CAAC;AAGxE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAG9D,KAAK,2BAA2B,GAAG;IACjC,cAAc,CAAC,EAAE,cAAc,CAAC;IAChC,YAAY,EAAE,wBAAwB,CAAC;CACxC,CAAC;AAEF,eAAO,MAAM,qBAAqB,qCACE,2BAA2B,UACrD,aAAa,iEAuBtB,CAAC"}

package/dist/modules/mfa/deleteMfaDevice/deleteMfaDevice.d.ts

@@ -1,15 +1,17 @@
 type DeleteMfaDeviceParams = {
     deviceId: string;
-    mfaAuthToken: string;
+    mfaAuthToken?: string;
 };
 /**
  * Deletes a specific MFA device from the user's account.
  *
- * This function removes a multi-factor authentication device such as
- * a TOTP authenticator from the user's registered devices.
+ * When an elevated access token for `credential:unlink` is available,
+ * it is sent via the `x-dyn-elevated-access-token` header and the
+ * MFA auth token is not required. Otherwise, `mfaAuthToken` must be
+ * provided for backward compatibility with the legacy MFA flow.
  *
  * @param params.deviceId - The unique identifier of the MFA device to delete.
- * @param params.mfaAuthToken - The MFA authentication token required for device deletion.
+ * @param params.mfaAuthToken - The MFA authentication token. Optional when using elevated access tokens.
  * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
  * @returns A promise that resolves when the MFA device is successfully deleted.
  */

package/dist/modules/mfa/deleteMfaDevice/deleteMfaDevice.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"deleteMfaDevice.d.ts","sourceRoot":"","sources":["../../../../src/modules/mfa/deleteMfaDevice/deleteMfaDevice.ts"],"names":[],"mappings":"AAKA,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,eAAe,+BACE,qBAAqB,qEAclD,CAAC"}
+{"version":3,"file":"deleteMfaDevice.d.ts","sourceRoot":"","sources":["../../../../src/modules/mfa/deleteMfaDevice/deleteMfaDevice.ts"],"names":[],"mappings":"AAQA,KAAK,qBAAqB,GAAG;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,eAAe,+BACE,qBAAqB,qEA+BlD,CAAC"}

package/dist/modules/mfa/registerTotpMfaDevice/registerTotpMfaDevice.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"registerTotpMfaDevice.d.ts","sourceRoot":"","sources":["../../../../src/modules/mfa/registerTotpMfaDevice/registerTotpMfaDevice.ts"],"names":[],"mappings":"AAIA;;;;;;;;;GASG;AACH,eAAO,MAAM,qBAAqB,uIAOjC,CAAC"}
+{"version":3,"file":"registerTotpMfaDevice.d.ts","sourceRoot":"","sources":["../../../../src/modules/mfa/registerTotpMfaDevice/registerTotpMfaDevice.ts"],"names":[],"mappings":"AAMA;;;;;;;;;GASG;AACH,eAAO,MAAM,qBAAqB,uIAUjC,CAAC"}

package/dist/services/instrumentation/constants.d.ts

@@ -0,0 +1,17 @@
+export declare const DEFAULT_PII_FIELDS: string[];
+export declare const REDACTED_VALUE = "[REDACTED]";
+export declare const MAX_STRING_LENGTH = 500;
+export declare const TRUNCATED_SUFFIX = "...[truncated]";
+/**
+ * Label prefix for binary data placeholders. The full placeholder includes the
+ * byte length, e.g. `[Binary:16 bytes]`, so consumers can gauge data size
+ * without the actual bytes appearing in logs.
+ */
+export declare const BINARY_LABEL = "Binary";
+/**
+ * Placeholder emitted when a circular reference is detected in the value tree.
+ * Using a named constant makes it easy to search for or filter in downstream
+ * log tooling.
+ */
+export declare const CIRCULAR_VALUE = "[Circular]";
+//# sourceMappingURL=constants.d.ts.map

package/dist/services/instrumentation/constants.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../src/services/instrumentation/constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,kBAAkB,UAY9B,CAAC;AAEF,eAAO,MAAM,cAAc,eAAe,CAAC;AAE3C,eAAO,MAAM,iBAAiB,MAAM,CAAC;AAErC,eAAO,MAAM,gBAAgB,mBAAmB,CAAC;AAEjD;;;;GAIG;AACH,eAAO,MAAM,YAAY,WAAW,CAAC;AAErC;;;;GAIG;AACH,eAAO,MAAM,cAAc,eAAe,CAAC"}

package/dist/services/instrumentation/createInstrumentation/createInstrumentation.d.ts

@@ -0,0 +1,18 @@
+import type { Instrumentation, InstrumentationConfig } from '../instrumentation.types';
+type CreateInstrumentationParams = {
+    config?: Partial<InstrumentationConfig>;
+};
+/**
+ * Creates the instrumentation service that gates event emission behind an
+ * enabled flag and delegates to a pluggable transport.
+ *
+ * The transport is intentionally optional at creation time — it is wired in
+ * later via setTransport so the SDK can initialise without one. Events logged
+ * before a transport is set are simply dropped.
+ *
+ * Custom piiFields are merged with and deduplicated against the defaults so
+ * callers only need to list additional fields, not replicate the baseline.
+ */
+export declare const createInstrumentation: ({ config: inputConfig, }?: CreateInstrumentationParams) => Instrumentation;
+export {};
+//# sourceMappingURL=createInstrumentation.d.ts.map

package/dist/services/instrumentation/createInstrumentation/createInstrumentation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"createInstrumentation.d.ts","sourceRoot":"","sources":["../../../../src/services/instrumentation/createInstrumentation/createInstrumentation.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,eAAe,EACf,qBAAqB,EAGtB,MAAM,0BAA0B,CAAC;AAElC,KAAK,2BAA2B,GAAG;IACjC,MAAM,CAAC,EAAE,OAAO,CAAC,qBAAqB,CAAC,CAAC;CACzC,CAAC;AAQF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,qBAAqB,8BAE/B,2BAA2B,KAAQ,eAyBrC,CAAC"}

package/dist/services/instrumentation/createInstrumentation/index.d.ts

@@ -0,0 +1,2 @@
+export { createInstrumentation } from './createInstrumentation';
+//# sourceMappingURL=index.d.ts.map

package/dist/services/instrumentation/createInstrumentation/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/services/instrumentation/createInstrumentation/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC"}

package/dist/services/instrumentation/extractSessionId/extractSessionId.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Extracts the session ID (`sid` claim) from a JWT token string.
+ *
+ * Decodes the base64url-encoded payload segment of the token and reads the
+ * `sid` field. This is used to correlate instrumentation events with the
+ * authenticated session, without ever forwarding the full token.
+ *
+ * Returns `null` when no token is present, when the token is malformed, or
+ * when the payload does not contain a `sid` claim.
+ */
+export declare const extractSessionId: (token: string) => string | null;
+//# sourceMappingURL=extractSessionId.d.ts.map

package/dist/services/instrumentation/extractSessionId/extractSessionId.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"extractSessionId.d.ts","sourceRoot":"","sources":["../../../../src/services/instrumentation/extractSessionId/extractSessionId.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,eAAO,MAAM,gBAAgB,UAAW,MAAM,KAAG,MAAM,GAAG,IASzD,CAAC"}

package/dist/services/instrumentation/instrumentFunction/extractParams/extractParams.d.ts

@@ -0,0 +1,27 @@
+/**
+ * Normalises the raw positional arguments of an instrumented function call
+ * into a flat `Record<string, unknown>` suitable for structured logging.
+ *
+ * ## Why this is needed
+ *
+ * Instrumented functions are wrapped with `(...args: unknown[])`, so their
+ * parameters arrive as an array. Logging a raw array loses the semantic names
+ * of each argument. This function recovers a named representation:
+ *
+ * - **No arguments** → `{}`
+ * - **Single plain-object argument** → that object is returned as-is, because
+ *   SDK functions follow the single-object-parameter convention, so the object
+ *   already carries named keys (`{ amount, to }`, etc.).
+ * - **Everything else** (multiple args, a single primitive, a single array) →
+ *   each value is indexed as `arg0`, `arg1`, …
+ *
+ * ## Why arrays are NOT treated as plain objects
+ *
+ * `typeof [] === 'object'` and `[] !== null`, so without the `Array.isArray`
+ * guard a single-array argument would be returned as-is. That would produce
+ * an object with numeric string keys (`{ '0': ..., '1': ... }`), which is
+ * misleading and inconsistent with how multi-arg calls are handled. Instead,
+ * arrays fall through to the indexed `arg0` path.
+ */
+export declare const extractParams: (args: unknown[]) => Record<string, unknown>;
+//# sourceMappingURL=extractParams.d.ts.map

package/dist/services/instrumentation/instrumentFunction/extractParams/extractParams.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"extractParams.d.ts","sourceRoot":"","sources":["../../../../../src/services/instrumentation/instrumentFunction/extractParams/extractParams.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,eAAO,MAAM,aAAa,SAAU,OAAO,EAAE,KAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAuBrE,CAAC"}

package/dist/services/instrumentation/instrumentFunction/index.d.ts

@@ -0,0 +1,2 @@
+export { instrumentFunction } from './instrumentFunction';
+//# sourceMappingURL=index.d.ts.map

package/dist/services/instrumentation/instrumentFunction/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/services/instrumentation/instrumentFunction/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC"}

package/dist/services/instrumentation/instrumentFunction/instrumentFunction.d.ts

@@ -0,0 +1,73 @@
+import type { DynamicCore } from '../../../client/core/types/DynamicCore';
+type InstrumentFunctionParams<T extends (...args: unknown[]) => unknown> = {
+    /** The original function to wrap. */
+    fn: T;
+    /** Human-readable name recorded in every emitted event. */
+    functionName: string;
+    /**
+     * Returns the current `DynamicCore` instance, or `undefined` when the SDK
+     * has not yet been initialised. Instrumentation is skipped when this returns
+     * `undefined` or when `core.instrumentation.config.enabled` is `false`.
+     */
+    getCore: () => DynamicCore | undefined;
+    /**
+     * When `true`, every field in `parameters` and `resolvedValue` is replaced
+     * with `"[redacted]"` regardless of `piiFields`. Use this for functions
+     * whose arguments are inherently sensitive (e.g., signing, authentication).
+     */
+    redactAll?: boolean;
+};
+/**
+ * Wraps a function so that each invocation emits a structured
+ * `FunctionInstrumentationEvent` at three lifecycle points:
+ *
+ * - **started** — immediately before the function body executes, with the
+ *   PII-scrubbed call parameters.
+ * - **resolved** — after the function (or its returned Promise) settles
+ *   successfully, with the PII-scrubbed return value.
+ * - **rejected** — if the function throws synchronously or its returned
+ *   Promise rejects.
+ *
+ * The original return value (or thrown error) is always forwarded to the
+ * caller unchanged — instrumentation is purely observational.
+ *
+ * ## Usage
+ *
+ * ```ts
+ * const transfer = instrumentFunction({
+ *   fn: rawTransfer,
+ *   functionName: 'transfer',
+ *   getCore: () => core,
+ * });
+ *
+ * // When called, three events are emitted automatically:
+ * await transfer({ amount: 1, to: '0xabc' });
+ * ```
+ *
+ * ## How functions are wrapped
+ *
+ * `instrumentFunction` is not called manually in application code. Instead,
+ * the esbuild instrumentation plugin (`tools/instrumentation-plugin`) injects
+ * it at build time: any exported function annotated with `@instrumented` in its
+ * JSDoc is automatically wrapped by the plugin during the build step.
+ * The plugin strips the original `export`, renames the function, and re-exports
+ * it under the original name via `instrumentFunction(...)` — so the public API
+ * is unchanged and no call sites need to be updated.
+ *
+ * ## Opting out
+ *
+ * Instrumentation is skipped entirely when:
+ * - `getCore()` returns `undefined` (SDK not initialised), or
+ * - `core.instrumentation.config.enabled` is `false`.
+ *
+ * In both cases the original function is called directly with no overhead.
+ *
+ * ## PII scrubbing
+ *
+ * All string values whose key appears in `piiFields` are replaced with
+ * `"[redacted]"` before events are emitted. Pass `redactAll: true` to redact
+ * every field, regardless of key name.
+ */
+export declare const instrumentFunction: <T extends (...args: unknown[]) => unknown>({ fn, functionName, getCore, redactAll, }: InstrumentFunctionParams<T>) => T;
+export {};
+//# sourceMappingURL=instrumentFunction.d.ts.map

package/dist/services/instrumentation/instrumentFunction/instrumentFunction.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"instrumentFunction.d.ts","sourceRoot":"","sources":["../../../../src/services/instrumentation/instrumentFunction/instrumentFunction.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wCAAwC,CAAC;AAQ1E,KAAK,wBAAwB,CAAC,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,IAAI;IACzE,qCAAqC;IACrC,EAAE,EAAE,CAAC,CAAC;IACN,2DAA2D;IAC3D,YAAY,EAAE,MAAM,CAAC;IACrB;;;;OAIG;IACH,OAAO,EAAE,MAAM,WAAW,GAAG,SAAS,CAAC;IACvC;;;;OAIG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;CACrB,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDG;AACH,eAAO,MAAM,kBAAkB,GAAI,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,OAAO,6CAKzE,wBAAwB,CAAC,CAAC,CAAC,KAAG,CAuFhC,CAAC"}

package/dist/services/instrumentation/instrumentFunction/scrubResolvedValue/scrubResolvedValue.d.ts

@@ -0,0 +1,14 @@
+type ScrubResolvedValueParams = {
+    piiFields: string[];
+    redactAll?: boolean;
+    value: unknown;
+};
+/**
+ * Scrubs a resolved return value of any type before logging it.
+ * Routes through `scrubParameters` by wrapping the value so that strings,
+ * arrays, Dates, Errors, and all other types are handled identically to
+ * nested object fields.
+ */
+export declare const scrubResolvedValue: ({ piiFields, redactAll, value, }: ScrubResolvedValueParams) => unknown;
+export {};
+//# sourceMappingURL=scrubResolvedValue.d.ts.map

package/dist/services/instrumentation/instrumentFunction/scrubResolvedValue/scrubResolvedValue.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scrubResolvedValue.d.ts","sourceRoot":"","sources":["../../../../../src/services/instrumentation/instrumentFunction/scrubResolvedValue/scrubResolvedValue.ts"],"names":[],"mappings":"AAEA,KAAK,wBAAwB,GAAG;IAC9B,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,KAAK,EAAE,OAAO,CAAC;CAChB,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,qCAI5B,wBAAwB,KAAG,OAKnB,CAAC"}

package/dist/services/instrumentation/instrumentation.types.d.ts

@@ -0,0 +1,49 @@
+export type InstrumentationEventPhase = 'started' | 'resolved' | 'rejected';
+/**
+ * Common fields shared by all instrumentation events.
+ *
+ * All string values that match piiFields are redacted before this event is
+ * constructed, so it is safe to forward to an external transport.
+ */
+export type InstrumentationEvent = {
+    environmentId: string;
+    parameters: Record<string, unknown>;
+    sdkSessionId: string;
+    sdkVersion: string;
+    timestamp: string;
+    tokenSessionId: string | null;
+    userAgent: string;
+    userId: string | null;
+};
+/**
+ * A telemetry record emitted by instrumentFunction for each phase of a
+ * function call (started, resolved, rejected). Extends InstrumentationEvent
+ * with function-execution-specific fields.
+ */
+export type FunctionInstrumentationEvent = InstrumentationEvent & {
+    functionName: string;
+    phase: InstrumentationEventPhase;
+    rejectedError?: Error;
+    resolvedValue?: unknown;
+};
+export type InstrumentationConfig = {
+    enabled: boolean;
+    piiFields: string[];
+};
+/** Pluggable sink that receives fully-scrubbed events for forwarding. */
+export type InstrumentationTransport = {
+    log: (event: InstrumentationEvent) => void;
+};
+/**
+ * The instrumentation service instance held on DynamicCore.
+ * Acts as a gatekeeper: events are only forwarded to the transport when
+ * enabled, and the transport can be swapped at any time without restarting.
+ */
+export type Instrumentation = {
+    config: InstrumentationConfig;
+    log: (event: InstrumentationEvent) => void;
+    logFunction: (event: FunctionInstrumentationEvent) => void;
+    setEnabled: (enabled: boolean) => void;
+    setTransport: (transport: InstrumentationTransport) => void;
+};
+//# sourceMappingURL=instrumentation.types.d.ts.map

package/dist/services/instrumentation/instrumentation.types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"instrumentation.types.d.ts","sourceRoot":"","sources":["../../../src/services/instrumentation/instrumentation.types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,yBAAyB,GAAG,SAAS,GAAG,UAAU,GAAG,UAAU,CAAC;AAE5E;;;;;GAKG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,4BAA4B,GAAG,oBAAoB,GAAG;IAChE,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,yBAAyB,CAAC;IACjC,aAAa,CAAC,EAAE,KAAK,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,SAAS,EAAE,MAAM,EAAE,CAAC;CACrB,CAAC;AAEF,yEAAyE;AACzE,MAAM,MAAM,wBAAwB,GAAG;IACrC,GAAG,EAAE,CAAC,KAAK,EAAE,oBAAoB,KAAK,IAAI,CAAC;CAC5C,CAAC;AAEF;;;;GAIG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B,MAAM,EAAE,qBAAqB,CAAC;IAC9B,GAAG,EAAE,CAAC,KAAK,EAAE,oBAAoB,KAAK,IAAI,CAAC;IAC3C,WAAW,EAAE,CAAC,KAAK,EAAE,4BAA4B,KAAK,IAAI,CAAC;IAC3D,UAAU,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,IAAI,CAAC;IACvC,YAAY,EAAE,CAAC,SAAS,EAAE,wBAAwB,KAAK,IAAI,CAAC;CAC7D,CAAC"}

package/dist/services/instrumentation/scrubParameters/index.d.ts

@@ -0,0 +1,2 @@
+export { scrubParameters } from './scrubParameters';
+//# sourceMappingURL=index.d.ts.map

package/dist/services/instrumentation/scrubParameters/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/services/instrumentation/scrubParameters/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/services/instrumentation/scrubParameters/scrubParameters.d.ts

@@ -0,0 +1,8 @@
+type ScrubParametersParams = {
+    piiFields: string[];
+    redactAll?: boolean;
+    value: Record<string, unknown>;
+};
+export declare const scrubParameters: ({ piiFields, redactAll, value, }: ScrubParametersParams) => Record<string, unknown>;
+export {};
+//# sourceMappingURL=scrubParameters.d.ts.map

package/dist/services/instrumentation/scrubParameters/scrubParameters.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scrubParameters.d.ts","sourceRoot":"","sources":["../../../../src/services/instrumentation/scrubParameters/scrubParameters.ts"],"names":[],"mappings":"AAcA,KAAK,qBAAqB,GAAG;IAC3B,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAChC,CAAC;AA0KF,eAAO,MAAM,eAAe,qCAIzB,qBAAqB,KAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAQhD,CAAC"}

package/dist/services/instrumentation/transports/createDynamicTransport/createDynamicTransport.d.ts

@@ -0,0 +1,24 @@
+import type { Fetch } from '../../../fetch';
+import type { InstrumentationTransport } from '../../instrumentation.types';
+type CreateDynamicTransportParams = {
+    environmentId: string;
+    fetch: Fetch;
+};
+/**
+ * Creates a batched transport that ships instrumentation events to Dynamic's
+ * log ingestion endpoint.
+ *
+ * Events are queued synchronously and flushed as a single HTTP batch in the
+ * next microtask (via queueMicrotask). Multiple log() calls within the same
+ * synchronous tick are coalesced into one request, avoiding a round-trip per
+ * event.
+ *
+ * Fetch errors are swallowed to prevent an instrumentation failure from
+ * triggering another instrumentation event and causing an infinite loop.
+ *
+ * Works in both browser and SSR environments — fetch is injected and
+ * queueMicrotask is available in Node.js >= 11.
+ */
+export declare const createDynamicTransport: (params: CreateDynamicTransportParams) => InstrumentationTransport;
+export {};
+//# sourceMappingURL=createDynamicTransport.d.ts.map

package/dist/services/instrumentation/transports/createDynamicTransport/createDynamicTransport.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"createDynamicTransport.d.ts","sourceRoot":"","sources":["../../../../../src/services/instrumentation/transports/createDynamicTransport/createDynamicTransport.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,KAAK,EAEV,wBAAwB,EACzB,MAAM,6BAA6B,CAAC;AAIrC,KAAK,4BAA4B,GAAG;IAClC,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,KAAK,CAAC;CACd,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,sBAAsB,WACzB,4BAA4B,KACnC,wBAkCF,CAAC"}

package/dist/services/instrumentation/transports/createDynamicTransport/index.d.ts

@@ -0,0 +1,2 @@
+export { createDynamicTransport } from './createDynamicTransport';
+//# sourceMappingURL=index.d.ts.map

package/dist/services/instrumentation/transports/createDynamicTransport/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../../src/services/instrumentation/transports/createDynamicTransport/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC"}