@edgible-team/cli 1.0.1

package/dist/client/api-client.js

@@ -0,0 +1,1057 @@
+"use strict";
+// AUTO-GENERATED FILE - DO NOT EDIT
+// This file is copied from backend during build. Changes will be overwritten.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApiClient = exports.ApiClientError = void 0;
+exports.createApiClient = createApiClient;
+// ============================================================================
+// DEBUG UTILITY
+// ============================================================================
+// Note: debugLog function removed - now using structured logging through log() method
+// ============================================================================
+// BASE API CLIENT
+// ============================================================================
+class BaseApiClient {
+    constructor(config) {
+        this.refreshPromise = null;
+        this.baseUrl = config.baseUrl.replace(/\/$/, ''); // Remove trailing slash
+        this.timeout = config.timeout || 30000;
+        this.disableCaching = false;
+        this.logFunction = config.logFunction;
+        this.apiClientLogger = config.apiClientLogger;
+    }
+    setAccessToken(token) {
+        this.accessToken = token;
+    }
+    setIdToken(token) {
+        this.idToken = token;
+    }
+    setRefreshToken(token) {
+        this.refreshTokenValue = token;
+    }
+    clearAccessToken() {
+        delete this.accessToken;
+    }
+    clearIdToken() {
+        delete this.idToken;
+    }
+    clearRefreshToken() {
+        delete this.refreshTokenValue;
+    }
+    clearTokens() {
+        delete this.accessToken;
+        delete this.idToken;
+        delete this.refreshTokenValue;
+    }
+    /**
+     * Check if tokens are expired or about to expire
+     */
+    isTokenExpired() {
+        if (!this.idToken)
+            return true;
+        try {
+            // Basic JWT parsing to check expiration
+            const parts = this.idToken.split('.');
+            if (parts.length !== 3)
+                return true;
+            const payload = JSON.parse(atob(parts[1] || ''));
+            const now = Math.floor(Date.now() / 1000);
+            const buffer = 300; // 5 minute buffer
+            return payload.exp && (payload.exp - buffer) <= now;
+        }
+        catch (error) {
+            // If we can't parse the token, consider it expired
+            return true;
+        }
+    }
+    /**
+     * Ensure tokens are valid before making a request
+     * Override in subclasses to implement token refresh logic
+     * @returns Promise<boolean> - true if tokens are valid, false otherwise
+     */
+    async ensureValidTokens() {
+        // Default implementation: just check if token exists and is not expired
+        return !this.isTokenExpired() && !!this.idToken;
+    }
+    /**
+     * Log message (uses passed logger, log function, or falls back to console)
+     */
+    log(level, message, data) {
+        if (this.apiClientLogger) {
+            // Use the passed logger instance (preferred for module-based logging)
+            this.apiClientLogger.log('api-client', level, message, data);
+        }
+        else if (this.logFunction) {
+            // Use the passed logging function (e.g., from agent)
+            this.logFunction(level, message, data);
+        }
+        else {
+            return; // don't log anything
+        }
+    }
+    async makeRequest(method, path, data, requiresAuth = true) {
+        const url = `${this.baseUrl}${path}`;
+        const requestId = Math.random().toString(36).substring(2, 15);
+        // Log request initiation
+        this.log('debug', `[${requestId}] Starting API request`, {
+            method,
+            path,
+            url,
+            requiresAuth,
+            hasData: !!data,
+            dataSize: data ? JSON.stringify(data).length : 0,
+            timestamp: new Date().toISOString()
+        });
+        const headers = {
+            'Content-Type': 'application/json',
+        };
+        // Add cache prevention headers if caching is disabled
+        if (this.disableCaching) {
+            headers['Cache-Control'] = 'no-cache, no-store, must-revalidate';
+            headers['Pragma'] = 'no-cache';
+            headers['Expires'] = '0';
+        }
+        if (requiresAuth) {
+            // Ensure tokens are valid before making the request
+            if (this.idToken || this.refreshTokenValue) {
+                const tokensValid = await this.ensureValidTokens();
+                if (!tokensValid) {
+                    this.log('error', `[${requestId}] Tokens are not valid and could not be refreshed`, {
+                        url,
+                        method,
+                        hasIdToken: !!this.idToken,
+                        hasRefreshToken: !!this.refreshTokenValue,
+                        tokenExpired: this.isTokenExpired(),
+                        timestamp: new Date().toISOString()
+                    });
+                    throw new ApiClientError('Authentication failed - no valid tokens available', 401);
+                }
+            }
+            if (!this.idToken) {
+                this.log('error', `[${requestId}] Authentication required but no ID token available`, {
+                    url,
+                    method,
+                    hasRefreshToken: !!this.refreshTokenValue,
+                    timestamp: new Date().toISOString()
+                });
+                throw new ApiClientError('Authentication required but no token available', 401);
+            }
+            // Validate token format
+            if (!this.idToken.includes('.')) {
+                this.log('error', `[${requestId}] Invalid token format - token must be a valid JWT`, {
+                    tokenPreview: this.idToken.substring(0, 20) + '...'
+                });
+                throw new Error('Invalid token format - token must be a valid JWT');
+            }
+            headers['Authorization'] = `${this.idToken}`;
+            // Log authentication details
+            this.log('debug', `[${requestId}] Request authenticated`, {
+                url,
+                method,
+                hasIdToken: !!this.idToken,
+                hasAccessToken: !!this.accessToken,
+                hasRefreshToken: !!this.refreshTokenValue,
+                tokenPreview: this.idToken.substring(0, 20) + '...',
+                authHeaderPreview: headers['Authorization'].substring(0, 30) + '...',
+                tokenExpired: this.isTokenExpired(),
+                timestamp: new Date().toISOString()
+            });
+        }
+        else {
+            // Log unauthenticated request
+            this.log('debug', `[${requestId}] Unauthenticated request`, {
+                url,
+                method,
+                timestamp: new Date().toISOString()
+            });
+        }
+        const config = {
+            method,
+            headers,
+            signal: AbortSignal.timeout(this.timeout),
+        };
+        // Add cache prevention to fetch config if caching is disabled
+        if (this.disableCaching) {
+            config.cache = 'no-store';
+        }
+        if (data && (method === 'POST' || method === 'PUT')) {
+            config.body = JSON.stringify(data);
+        }
+        try {
+            // Log request execution
+            this.log('debug', `[${requestId}] Executing HTTP request`, {
+                method,
+                url,
+                headers: Object.keys(headers),
+                hasBody: !!config.body,
+                bodySize: config.body ? (typeof config.body === 'string' ? config.body.length : 'unknown') : 0,
+                timeout: this.timeout,
+                timestamp: new Date().toISOString()
+            });
+            const response = await fetch(url, config);
+            const responseData = await response.json();
+            // Log response details
+            this.log('debug', `[${requestId}] Received HTTP response`, {
+                method,
+                url,
+                status: response.status,
+                statusText: response.statusText,
+                responseSize: JSON.stringify(responseData).length,
+                hasResponseData: !!responseData,
+                timestamp: new Date().toISOString()
+            });
+            if (!response.ok) {
+                // Log failed response details
+                this.log('warn', `[${requestId}] Request failed with error status`, {
+                    url,
+                    method,
+                    status: response.status,
+                    statusText: response.statusText,
+                    responseData,
+                    hasRefreshToken: !!this.refreshTokenValue,
+                    timestamp: new Date().toISOString()
+                });
+                // Handle 401 Unauthorized with automatic token refresh
+                if (response.status === 401 && this.refreshTokenValue && requiresAuth) {
+                    this.log('info', `[${requestId}] ID token expired, attempting refresh`, {
+                        url,
+                        method,
+                        hasRefreshToken: !!this.refreshTokenValue,
+                        refreshTokenPreview: this.refreshTokenValue.substring(0, 20) + '...',
+                        timestamp: new Date().toISOString()
+                    });
+                    try {
+                        const refreshResponse = await this.post('/auth/refresh', {
+                            refreshToken: this.refreshTokenValue
+                        }, false);
+                        this.setAccessToken(refreshResponse.tokens.accessToken);
+                        this.setIdToken(refreshResponse.tokens.idToken);
+                        this.log('info', `[${requestId}] Tokens refreshed successfully, retrying request`, {
+                            url,
+                            method,
+                            newTokenPreview: this.idToken?.substring(0, 20) + '...',
+                            timestamp: new Date().toISOString()
+                        });
+                        // Retry the original request with new ID token
+                        const retryHeaders = { ...headers };
+                        retryHeaders['Authorization'] = `${this.idToken}`;
+                        const retryConfig = {
+                            ...config,
+                            headers: retryHeaders
+                        };
+                        this.log('debug', `[${requestId}] Retrying original request with new token`, {
+                            url,
+                            method,
+                            newAuthHeaderPreview: retryHeaders['Authorization'].substring(0, 30) + '...',
+                            timestamp: new Date().toISOString()
+                        });
+                        const retryResponse = await fetch(url, retryConfig);
+                        const retryData = await retryResponse.json();
+                        if (!retryResponse.ok) {
+                            this.log('error', `[${requestId}] Retry request failed after token refresh`, {
+                                url,
+                                method,
+                                status: retryResponse.status,
+                                statusText: retryResponse.statusText,
+                                responseData: retryData,
+                                timestamp: new Date().toISOString()
+                            });
+                            throw new ApiClientError(retryData.message || retryData.error || 'Request failed after token refresh', retryResponse.status, retryData);
+                        }
+                        this.log('info', `[${requestId}] Retry request successful after token refresh`, {
+                            url,
+                            method,
+                            status: retryResponse.status,
+                            responseSize: JSON.stringify(retryData).length,
+                            timestamp: new Date().toISOString()
+                        });
+                        return retryData;
+                    }
+                    catch (refreshError) {
+                        this.log('error', `[${requestId}] Token refresh failed`, {
+                            url,
+                            method,
+                            error: refreshError instanceof Error ? refreshError.message : String(refreshError),
+                            hasRefreshToken: !!this.refreshTokenValue,
+                            refreshTokenPreview: this.refreshTokenValue ? this.refreshTokenValue.substring(0, 20) + '...' : 'none',
+                            timestamp: new Date().toISOString()
+                        });
+                        this.clearTokens();
+                        throw new ApiClientError('Session expired. Please log in again.', 401, {
+                            error: 'Token refresh failed',
+                            originalError: refreshError instanceof Error ? refreshError.message : String(refreshError),
+                            requestId
+                        });
+                    }
+                }
+                // Log other error responses
+                this.log('error', `[${requestId}] Request failed with status ${response.status}`, {
+                    url,
+                    method,
+                    status: response.status,
+                    statusText: response.statusText,
+                    responseData,
+                    timestamp: new Date().toISOString()
+                });
+                throw new ApiClientError(responseData.details ? JSON.stringify(responseData.details) : responseData.message || responseData.error || 'Request failed', response.status, { ...responseData, requestId });
+            }
+            // Log successful response
+            this.log('debug', `[${requestId}] Request completed successfully`, {
+                url,
+                method,
+                status: response.status,
+                statusText: response.statusText,
+                responseSize: JSON.stringify(responseData).length,
+                hasResponseData: !!responseData,
+                timestamp: new Date().toISOString()
+            });
+            return responseData;
+        }
+        catch (error) {
+            if (error instanceof ApiClientError) {
+                throw error;
+            }
+            // Log network/request errors
+            this.log('error', `[${requestId}] Request error occurred`, {
+                url,
+                method,
+                error: error instanceof Error ? error.message : String(error),
+                errorName: error && typeof error === 'object' && 'name' in error ? error.name : 'Unknown',
+                stack: error instanceof Error ? error.stack : undefined,
+                timestamp: new Date().toISOString()
+            });
+            // Handle errors that have name and message properties (including custom fetch errors)
+            if (error && typeof error === 'object' && 'name' in error && 'message' in error) {
+                const errorName = error.name;
+                const errorMessage = error.message;
+                if (errorName === 'AbortError') {
+                    throw new ApiClientError('Request timeout', 408, { requestId, url });
+                }
+                // Handle TypeError: fetch failed (common in Node.js environments)
+                if (errorName === 'TypeError' && errorMessage === 'fetch failed') {
+                    // Check if there's a cause with more specific error information
+                    const cause = error.cause;
+                    if (cause && cause.code === 'ENOTFOUND') {
+                        throw new ApiClientError(`DNS resolution failed: Cannot resolve hostname for ${url}`, 0, { requestId, cause: cause.code });
+                    }
+                    throw new ApiClientError(`Network error: Cannot connect to ${url} - check if the server is running and accessible`, 0, { requestId });
+                }
+                // Handle other TypeError cases (like DNS resolution failures)
+                if (errorName === 'TypeError') {
+                    throw new ApiClientError(`Network error: ${errorMessage} for ${url}`, 0, { requestId });
+                }
+                // Handle network errors more specifically
+                if (errorMessage.includes('fetch')) {
+                    throw new ApiClientError(`Network error: ${errorMessage}`, 0, { requestId });
+                }
+                if (errorMessage.includes('ENOTFOUND') || errorMessage.includes('getaddrinfo ENOTFOUND')) {
+                    throw new ApiClientError(`DNS resolution failed: Cannot resolve hostname for ${url}`, 0, { requestId });
+                }
+                if (errorMessage.includes('ECONNREFUSED')) {
+                    throw new ApiClientError(`Connection refused: Server at ${url} is not accepting connections`, 0, { requestId });
+                }
+                if (errorMessage.includes('ETIMEDOUT')) {
+                    throw new ApiClientError(`Connection timeout: Server at ${url} did not respond in time`, 0, { requestId });
+                }
+                throw new ApiClientError(`Network error: ${errorMessage}`, 0, { requestId });
+            }
+            // Fallback for standard Error instances
+            if (error instanceof Error) {
+                if (error.name === 'AbortError') {
+                    throw new ApiClientError('Request timeout', 408);
+                }
+                // Handle TypeError: fetch failed (common in Node.js environments)
+                if (error.name === 'TypeError' && error.message === 'fetch failed') {
+                    // Check if there's a cause with more specific error information
+                    const cause = error.cause;
+                    if (cause && cause.code === 'ENOTFOUND') {
+                        throw new ApiClientError(`DNS resolution failed: Cannot resolve hostname for ${url}`, 0);
+                    }
+                    throw new ApiClientError(`Network error: Cannot connect to ${url} - check if the server is running and accessible`, 0);
+                }
+                // Handle other TypeError cases (like DNS resolution failures)
+                if (error.name === 'TypeError') {
+                    throw new ApiClientError(`Network error: ${error.message} for ${url}`, 0);
+                }
+                // Handle network errors more specifically
+                if (error.message.includes('fetch')) {
+                    throw new ApiClientError(`Network error: ${error.message}`, 0);
+                }
+                if (error.message.includes('ENOTFOUND') || error.message.includes('getaddrinfo ENOTFOUND')) {
+                    throw new ApiClientError(`DNS resolution failed: Cannot resolve hostname for ${url}`, 0);
+                }
+                if (error.message.includes('ECONNREFUSED')) {
+                    throw new ApiClientError(`Connection refused: Server at ${url} is not accepting connections`, 0);
+                }
+                if (error.message.includes('ETIMEDOUT')) {
+                    throw new ApiClientError(`Connection timeout: Server at ${url} did not respond in time`, 0);
+                }
+                throw new ApiClientError(`Network error: ${error.message}`, 0);
+            }
+            throw new ApiClientError(`Unknown error occurred: ${String(error)}`, 0);
+        }
+    }
+    async get(path, requiresAuth = true) {
+        // Add timestamp to prevent caching if caching is disabled
+        if (this.disableCaching) {
+            const separator = path.includes('?') ? '&' : '?';
+            const cacheBuster = `${separator}_t=${Date.now()}`;
+            return this.makeRequest('GET', path + cacheBuster, undefined, requiresAuth);
+        }
+        return this.makeRequest('GET', path, undefined, requiresAuth);
+    }
+    async post(path, data, requiresAuth = true) {
+        return this.makeRequest('POST', path, data, requiresAuth);
+    }
+    async put(path, data, requiresAuth = true) {
+        return this.makeRequest('PUT', path, data, requiresAuth);
+    }
+    async delete(path, data, requiresAuth = true) {
+        return this.makeRequest('DELETE', path, data, requiresAuth);
+    }
+}
+// ============================================================================
+// ERROR CLASS
+// ============================================================================
+class ApiClientError extends Error {
+    constructor(message, statusCode, response) {
+        super(message);
+        this.name = 'ApiClientError';
+        this.statusCode = statusCode;
+        this.response = response;
+    }
+}
+exports.ApiClientError = ApiClientError;
+// ============================================================================
+// MAIN API CLIENT
+// ============================================================================
+class ApiClient extends BaseApiClient {
+    // ============================================================================
+    // AUTHENTICATION METHODS
+    // ============================================================================
+    /**
+     * Authenticate user with email and password
+     */
+    async login(request) {
+        this.log('info', 'Starting user authentication', {
+            email: request.email,
+            hasPassword: !!request.password,
+            passwordLength: request.password?.length || 0,
+            timestamp: new Date().toISOString()
+        });
+        try {
+            const response = await this.post('/auth/authenticate', request, false);
+            this.log('info', 'Authentication successful, storing tokens', {
+                email: request.email,
+                hasAccessToken: !!response.tokens.accessToken,
+                hasIdToken: !!response.tokens.idToken,
+                hasRefreshToken: !!response.tokens.refreshToken,
+                accessTokenPreview: response.tokens.accessToken.substring(0, 20) + '...',
+                idTokenPreview: response.tokens.idToken.substring(0, 20) + '...',
+                refreshTokenPreview: response.tokens.refreshToken.substring(0, 20) + '...',
+                timestamp: new Date().toISOString()
+            });
+            this.setAccessToken(response.tokens.accessToken);
+            this.setIdToken(response.tokens.idToken);
+            this.setRefreshToken(response.tokens.refreshToken);
+            return response;
+        }
+        catch (error) {
+            this.log('error', 'Authentication failed', {
+                email: request.email,
+                error: error instanceof Error ? error.message : String(error),
+                timestamp: new Date().toISOString()
+            });
+            throw error;
+        }
+    }
+    /**
+     * Refresh authentication token
+     */
+    async refreshToken(request) {
+        this.log('info', 'Starting token refresh', {
+            hasRefreshToken: !!request.refreshToken,
+            refreshTokenPreview: request.refreshToken.substring(0, 20) + '...',
+            currentTokenStatus: {
+                hasIdToken: !!this.idToken,
+                hasAccessToken: !!this.accessToken,
+                tokenExpired: this.isTokenExpired()
+            },
+            timestamp: new Date().toISOString()
+        });
+        try {
+            const response = await this.post('/auth/refresh', request, false);
+            this.log('info', 'Token refresh successful, updating stored tokens', {
+                hasNewAccessToken: !!response.tokens.accessToken,
+                hasNewIdToken: !!response.tokens.idToken,
+                newAccessTokenPreview: response.tokens.accessToken.substring(0, 20) + '...',
+                newIdTokenPreview: response.tokens.idToken.substring(0, 20) + '...',
+                timestamp: new Date().toISOString()
+            });
+            this.setAccessToken(response.tokens.accessToken);
+            this.setIdToken(response.tokens.idToken);
+            // Note: refresh token is not returned on refresh, keep using the original
+            return response;
+        }
+        catch (error) {
+            this.log('error', 'Token refresh failed', {
+                error: error instanceof Error ? error.message : String(error),
+                refreshTokenPreview: request.refreshToken.substring(0, 20) + '...',
+                timestamp: new Date().toISOString()
+            });
+            throw error;
+        }
+    }
+    /**
+     * Logout user and clear tokens
+     */
+    async logout() {
+        this.log('info', 'Starting user logout', {
+            hasTokens: !!(this.idToken || this.accessToken || this.refreshTokenValue),
+            timestamp: new Date().toISOString()
+        });
+        try {
+            const response = await this.post('/auth/logout', {}, false);
+            this.clearTokens();
+            this.log('info', 'Logout successful, tokens cleared', {
+                timestamp: new Date().toISOString()
+            });
+            return response;
+        }
+        catch (error) {
+            this.log('warn', 'Logout request failed, clearing tokens anyway', {
+                error: error instanceof Error ? error.message : String(error),
+                timestamp: new Date().toISOString()
+            });
+            this.clearTokens();
+            throw error;
+        }
+    }
+    /**
+     * Get challenge session for user with temporary password
+     */
+    async getChallengeSession(request) {
+        return this.post('/auth/get-challenge-session', request, false);
+    }
+    /**
+     * Respond to NEW_PASSWORD_REQUIRED challenge
+     */
+    async forceChangePassword(request) {
+        const response = await this.post('/auth/force-change-password', request, false);
+        // If successful, update stored tokens
+        if (response.tokens) {
+            this.setAccessToken(response.tokens.accessToken);
+            this.setIdToken(response.tokens.idToken);
+            this.setRefreshToken(response.tokens.refreshToken);
+        }
+        return response;
+    }
+    // ============================================================================
+    // ORGANIZATION METHODS
+    // ============================================================================
+    /**
+     * Create a new organization
+     */
+    async createOrganization(request) {
+        return this.post('/organizations/createOrganization', request);
+    }
+    /**
+     * Get organization details
+     */
+    async getOrganization(organizationId) {
+        return this.get(`/organizations/${organizationId}`);
+    }
+    /**
+     * Update organization information
+     */
+    async updateOrganization(request) {
+        return this.put(`/organizations/${request.organizationId}`, request);
+    }
+    /**
+     * Delete an organization
+     */
+    async deleteOrganization(organizationId) {
+        return this.delete(`/organizations/${organizationId}`, { organizationId });
+    }
+    /**
+     * Get all users for an organization
+     */
+    async getOrganizationUsers(organizationId) {
+        return this.get(`/organizations/${organizationId}/users`);
+    }
+    /**
+     * Add a user to an organization
+     */
+    async addOrganizationUser(request) {
+        return this.post(`/organizations/${request.organizationId}/users`, request);
+    }
+    /**
+     * Remove a user from an organization
+     */
+    async removeOrganizationUser(request) {
+        return this.delete(`/organizations/${request.organizationId}/users/${request.userEmail}`, request);
+    }
+    /**
+     * Update a user's role in an organization
+     */
+    async updateOrganizationUserRole(request) {
+        return this.put(`/organizations/${request.organizationId}/users/${request.userEmail}/role`, request);
+    }
+    /**
+     * Adopt an orphaned organization
+     */
+    async adoptOrganization(request) {
+        return this.post(`/organizations/${request.organizationId}/adopt`, request);
+    }
+    /**
+     * Get all orphaned organizations
+     */
+    async getOrphanedOrganizations() {
+        return this.get('/organizations/orphaned');
+    }
+    /**
+     * Get all devices for an organization
+     */
+    async getOrganizationDevices(organizationId) {
+        return this.get(`/organizations/${organizationId}/devices`);
+    }
+    /**
+     * Get all applications for an organization
+     */
+    async getOrganizationApplications(organizationId) {
+        return this.get(`/organizations/${organizationId}/applications`);
+    }
+    // ============================================================================
+    // USER METHODS
+    // ============================================================================
+    /**
+     * Create a new user (public route for registration)
+     */
+    async createUser(request) {
+        return this.post('/users/createUser', request, false);
+    }
+    /**
+     * Get user details
+     */
+    async getUser(email) {
+        return this.get(`/users/${email}`);
+    }
+    /**
+     * Update user information
+     */
+    async updateUser(request) {
+        return this.put(`/users/${request.email}`, request);
+    }
+    /**
+     * Delete a user
+     */
+    async deleteUser(request) {
+        return this.delete(`/users/${request.email}`, request);
+    }
+    /**
+     * Get all organizations for a user
+     */
+    async getUserOrganizations(email) {
+        return this.get(`/users/${email}/organizations`);
+    }
+    // ============================================================================
+    // APPLICATION METHODS
+    // ============================================================================
+    /**
+     * Create a new application
+     */
+    async createApplication(request) {
+        return this.post('/applications/createApplication', request);
+    }
+    /**
+     * Get application details
+     */
+    async getApplication(applicationId) {
+        return this.get(`/applications/${applicationId}`);
+    }
+    /**
+     * Update application information
+     */
+    async updateApplication(request) {
+        return this.put(`/applications/${request.applicationId}`, request);
+    }
+    /**
+     * Delete an application
+     */
+    async deleteApplication(applicationId) {
+        return this.delete(`/applications/${applicationId}`);
+    }
+    // ============================================================================
+    // CERTIFICATE METHODS
+    // ============================================================================
+    /**
+     * Get all certificates for an application
+     */
+    async getCertificates(applicationId) {
+        return this.get(`/applications/${applicationId}/certificates`);
+    }
+    /**
+     * Get certificate for a specific hostname
+     */
+    async getCertificate(applicationId, hostname) {
+        return this.get(`/applications/${applicationId}/certificates/hostname/${encodeURIComponent(hostname)}`);
+    }
+    /**
+     * Refresh/renew a certificate
+     */
+    async refreshCertificate(applicationId, certificateId) {
+        return this.post(`/applications/${applicationId}/certificates/${certificateId}/refresh`);
+    }
+    // ============================================================================
+    // DEVICE METHODS
+    // ============================================================================
+    /**
+     * Create a new device
+     */
+    async createDevice(request) {
+        return this.post('/devices/createDevice', request);
+    }
+    /**
+     * Get device details
+     */
+    async getDevice(deviceId) {
+        return this.get(`/devices/${deviceId}`);
+    }
+    /**
+     * Update device information
+     */
+    async updateDevice(request) {
+        return this.put(`/devices/${request.deviceId}`, request);
+    }
+    /**
+     * Delete a device
+     */
+    async deleteDevice(deviceId) {
+        return this.delete(`/devices/${deviceId}`);
+    }
+    /**
+     * Create a device with an orphaned organization
+     */
+    async createDeviceWithOrphanedOrganization(request) {
+        return this.post('/auth/createDeviceWithOrphanedOrg', request, false);
+    }
+    /**
+     * Get all applications for a device
+     */
+    async getDeviceApplications(deviceId) {
+        return this.get(`/devices/${deviceId}/applications`);
+    }
+    /**
+     * Get device pool for an organization
+     */
+    async getDevicePool(organizationId) {
+        return this.get(`/organizations/${organizationId}/pools`);
+    }
+    // WireGuard endpoints
+    async postDeviceWireGuard(applicationId, deviceId, body) {
+        return this.post(`/applications/${applicationId}/devices/${deviceId}/wireguard`, body);
+    }
+    async getDevicePeers(applicationId, deviceId) {
+        return this.get(`/applications/${applicationId}/devices/${deviceId}/peers`);
+    }
+    /**
+     * Get device's WireGuard config from pool
+     */
+    async getPoolDeviceWireGuard(poolId, deviceId) {
+        try {
+            return await this.get(`/pools/${poolId}/devices/${deviceId}/wireguard`);
+        }
+        catch (error) {
+            if (error instanceof Error && 'statusCode' in error && error.statusCode === 404) {
+                return null;
+            }
+            throw error;
+        }
+    }
+    // ============================================================================
+    // ORGANIZATION INVITE METHODS
+    // ============================================================================
+    /**
+     * Create an organization invite
+     */
+    async createOrganizationInvite(request) {
+        return this.post(`/organizations/${request.organizationId}/invites`, request);
+    }
+    /**
+     * Get all invites for an organization
+     */
+    async getOrganizationInvites(organizationId, status) {
+        const queryParams = status ? `?status=${status}` : '';
+        return this.get(`/organizations/${organizationId}/invites${queryParams}`);
+    }
+    /**
+     * Accept an organization invite
+     */
+    async acceptInvite(request) {
+        return this.post(`/invites/${request.inviteId}/accept`, request);
+    }
+    /**
+     * Decline an organization invite
+     */
+    async declineInvite(request) {
+        return this.post(`/invites/${request.inviteId}/decline`, request);
+    }
+    /**
+     * Cancel an organization invite
+     */
+    async cancelInvite(request) {
+        return this.delete(`/invites/${request.inviteId}`, request);
+    }
+    /**
+     * Get all invites for a user
+     */
+    async getUserInvites(email, status) {
+        const queryParams = status ? `?status=${status}` : '';
+        return this.get(`/users/${email}/invites${queryParams}`);
+    }
+    // ============================================================================
+    // UTILITY METHODS
+    // ============================================================================
+    /**
+     * Test API connectivity
+     */
+    async testConnection() {
+        return this.get('/test', false);
+    }
+    /**
+     * Check if user is authenticated
+     */
+    isAuthenticated() {
+        return !!this.idToken;
+    }
+    /**
+     * Check if user has refresh token available
+     */
+    hasRefreshToken() {
+        return !!this.refreshTokenValue;
+    }
+    /**
+     * Get current access token
+     */
+    getAccessToken() {
+        return this.accessToken;
+    }
+    /**
+     * Get current ID token
+     */
+    getIdToken() {
+        return this.idToken;
+    }
+    /**
+     * Get current refresh token
+     */
+    getRefreshToken() {
+        return this.refreshTokenValue;
+    }
+    /**
+     * Validate refresh token format
+     */
+    isValidRefreshToken(token) {
+        if (!token || typeof token !== 'string') {
+            return false;
+        }
+        // Basic validation - refresh tokens should be reasonably long
+        // Cognito refresh tokens can be JWT tokens or opaque tokens
+        // Accept tokens that are at least 20 characters (some Cognito tokens can be shorter)
+        if (token.length < 20) {
+            return false;
+        }
+        // Check for basic alphanumeric pattern (allowing for base64-like characters)
+        // Cognito tokens may contain dots (.) if they're JWT tokens with multiple parts
+        // Allow dots, plus, equals, underscores, hyphens, and alphanumeric
+        const validPattern = /^[A-Za-z0-9+/=_.-]+$/;
+        return validPattern.test(token);
+    }
+    /**
+     * Attempt to refresh tokens if they're expired or about to expire
+     */
+    async ensureValidTokens() {
+        this.log('debug', 'Checking token validity', {
+            hasIdToken: !!this.idToken,
+            hasRefreshToken: !!this.refreshTokenValue,
+            tokenExpired: this.isTokenExpired(),
+            timestamp: new Date().toISOString()
+        });
+        if (!this.isTokenExpired() && this.idToken) {
+            this.log('debug', 'Tokens are still valid');
+            return true; // Tokens are still valid
+        }
+        if (!this.refreshTokenValue) {
+            this.log('warn', 'No refresh token available for token refresh');
+            return false; // No refresh token available
+        }
+        // Validate refresh token format before attempting refresh
+        if (!this.isValidRefreshToken(this.refreshTokenValue)) {
+            this.log('warn', 'Invalid refresh token format, clearing tokens', {
+                refreshTokenPreview: this.refreshTokenValue.substring(0, 20) + '...'
+            });
+            this.clearTokens();
+            return false;
+        }
+        // Prevent concurrent refresh attempts
+        if (this.refreshPromise) {
+            this.log('debug', 'Token refresh already in progress, waiting...');
+            return await this.refreshPromise;
+        }
+        this.log('info', 'Starting token refresh process');
+        this.refreshPromise = this.performTokenRefresh();
+        const result = await this.refreshPromise;
+        this.refreshPromise = null;
+        this.log('debug', 'Token refresh process completed', {
+            success: result,
+            timestamp: new Date().toISOString()
+        });
+        return result;
+    }
+    /**
+     * Perform the actual token refresh operation
+     */
+    async performTokenRefresh() {
+        try {
+            this.log('debug', 'Starting token refresh...');
+            const refreshResponse = await this.post('/auth/refresh', {
+                refreshToken: this.refreshTokenValue
+            }, false);
+            this.setAccessToken(refreshResponse.tokens.accessToken);
+            this.setIdToken(refreshResponse.tokens.idToken);
+            this.log('debug', 'Token refresh successful');
+            return true;
+        }
+        catch (error) {
+            // Clear tokens if refresh fails
+            this.log('warn', 'Token refresh failed, clearing tokens');
+            this.clearTokens();
+            return false;
+        }
+    }
+    /**
+     * Execute a request with automatic retry and token refresh
+     */
+    async executeWithRetry(operation, maxRetries = 3, baseDelay = 1000) {
+        let lastError = null;
+        for (let attempt = 1; attempt <= maxRetries; attempt++) {
+            try {
+                // Ensure we have valid tokens before making the request
+                if (!await this.ensureValidTokens()) {
+                    throw new ApiClientError('Authentication failed - no valid tokens available', 401);
+                }
+                return await operation();
+            }
+            catch (error) {
+                lastError = error instanceof Error ? error : new Error(String(error));
+                // If it's an authentication error and we have retries left, try to refresh tokens
+                if (error instanceof ApiClientError && error.statusCode === 401 && attempt < maxRetries) {
+                    this.clearTokens();
+                    // Wait before retrying with exponential backoff
+                    const delay = baseDelay * Math.pow(2, attempt - 1);
+                    await new Promise(resolve => setTimeout(resolve, delay));
+                    continue;
+                }
+                // If it's not an auth error or we're out of retries, throw the error
+                if (attempt === maxRetries) {
+                    throw lastError;
+                }
+            }
+        }
+        throw lastError || new Error('Max retries exceeded');
+    }
+    // Gateway Management Methods
+    /**
+     * Create a gateway device and EC2 instance
+     */
+    async createGateway(request) {
+        return this.post('/gateways', request);
+    }
+    /**
+     * Get a specific gateway
+     */
+    async getGateway(gatewayId) {
+        return this.get(`/gateways/${gatewayId}`);
+    }
+    /**
+     * List all gateways for an organization
+     */
+    async listGateways(request) {
+        return this.get(`/organizations/${request.organizationId}/gateways?type=${request.type || 'gateway'}`);
+    }
+    /**
+     * Delete a gateway
+     */
+    async deleteGateway(request) {
+        return this.delete(`/gateways/${request.gatewayId}`, request);
+    }
+    /**
+     * Resync agent on a gateway
+     */
+    async resyncGatewayAgent(request) {
+        return this.post(`/gateways/${request.gatewayId}/resync`, request);
+    }
+    /**
+     * Get applications for a specific gateway
+     */
+    async getGatewayApplications(request) {
+        return this.get(`/gateways/${request.gatewayId}/applications`);
+    }
+    // Managed Gateway Methods (admin only)
+    /**
+     * Create a managed gateway
+     */
+    async createManagedGateway(request) {
+        return this.post('/admin/managed-gateways', request);
+    }
+    /**
+     * List all managed gateways
+     */
+    async listManagedGateways() {
+        return this.get('/admin/managed-gateways');
+    }
+    /**
+     * Get managed gateway details
+     */
+    async getManagedGateway(request) {
+        return this.get(`/admin/managed-gateways/${request.gatewayId}`);
+    }
+    /**
+     * Delete a managed gateway
+     */
+    async deleteManagedGateway(request) {
+        return this.delete(`/admin/managed-gateways/${request.gatewayId}`, request);
+    }
+    /**
+     * Get SSH key for a managed gateway (admin only)
+     */
+    async getManagedGatewaySSHKey(request) {
+        return this.get(`/admin/managed-gateways/${request.gatewayId}/ssh-key`);
+    }
+}
+exports.ApiClient = ApiClient;
+// ============================================================================
+// FACTORY FUNCTION
+// ============================================================================
+/**
+ * Create a new API client instance
+ * @param baseUrl - The base URL of the API (from environment variable)
+ * @param timeout - Request timeout in milliseconds (optional, defaults to 30s)
+ * @param disableCaching - Whether to disable caching (optional, defaults to true)
+ * @param logFunction - Optional logging function for integration with external logging systems
+ * @param apiClientLogger - Optional logger instance for module-based logging
+ */
+function createApiClient(baseUrl, timeout, disableCaching, logFunction, apiClientLogger) {
+    return new ApiClient({
+        baseUrl,
+        timeout: timeout || 30000,
+        disableCaching: disableCaching || false,
+        logFunction,
+        apiClientLogger
+    });
+}
+// ============================================================================
+// DEFAULT EXPORT
+// ============================================================================
+exports.default = ApiClient;
+//# sourceMappingURL=api-client.js.map