@explorins/pers-sdk 1.2.4 → 1.2.6

package/dist/index.js

@@ -1,4 +1,5 @@
-import { TransactionRole, AccountOwnerType } from '@explorins/pers-shared';
+import { AccountOwnerType, TransactionRole } from '@explorins/pers-shared';
+export { AccountOwnerType } from '@explorins/pers-shared';
 import { jwtDecode } from 'jwt-decode';
 import Web3 from 'web3';
 import { FetchRequest, JsonRpcProvider } from 'ethers';
@@ -42,6 +43,241 @@ function mergeWithDefaults(config) {
     };
 }
 
+/**
+ * Platform-Agnostic Auth Admin API Client
+ *
+ * Handles authentication and authorization admin operations using the PERS backend.
+ * Uses @explorins/pers-shared DTOs for consistency with backend.
+ *
+ * Note: Special header handling (bypass-auth-interceptor) may need to be implemented
+ * at the PersApiClient level or through a specialized auth client.
+ */
+class AuthApi {
+    constructor(apiClient) {
+        this.apiClient = apiClient;
+        this.basePath = '/auth';
+    }
+    // ==========================================
+    // ADMIN AUTHENTICATION OPERATIONS
+    // ==========================================
+    /**
+     * ADMIN: Login tenant admin with JWT
+     * Note: JWT handling and auth bypass headers may need special implementation
+     */
+    async loginTenantAdmin(jwt) {
+        const body = {
+            authToken: jwt,
+            authType: AccountOwnerType.TENANT
+        };
+        return this.apiClient.post(`${this.basePath}/token`, body);
+    }
+    async loginUser(jwt) {
+        const body = {
+            authToken: jwt,
+            authType: AccountOwnerType.USER
+        };
+        return this.apiClient.post(`${this.basePath}/token`, body);
+    }
+    /**
+     * ADMIN: Refresh access token
+     * Note: Bypass header handling may need special implementation
+     */
+    async refreshAccessToken(refreshToken) {
+        return this.apiClient.post(`${this.basePath}/refresh`, { refreshToken });
+    }
+}
+
+/**
+ * Platform-Agnostic Auth Admin Service
+ *
+ * Contains auth admin business logic and operations that work across platforms.
+ * No framework dependencies - pure TypeScript business logic.
+ *
+ * Focuses only on actual backend capabilities.
+ */
+class AuthService {
+    constructor(authApi, authProvider) {
+        this.authApi = authApi;
+        this.authProvider = authProvider;
+    }
+    // ==========================================
+    // ADMIN AUTHENTICATION OPERATIONS
+    // ==========================================
+    /**
+     * ADMIN: Login tenant admin with JWT
+     * Automatically stores tokens if auth provider supports token storage
+     */
+    async loginTenantAdmin(jwt) {
+        const response = await this.authApi.loginTenantAdmin(jwt);
+        // Store tokens if auth provider supports it
+        if (this.authProvider && response.accessToken) {
+            await this.storeTokens(response.accessToken, response.refreshToken);
+        }
+        return response;
+    }
+    /**
+     * ADMIN: Login user with JWT
+     * Automatically stores tokens if auth provider supports token storage
+     */
+    async loginUser(jwt) {
+        const response = await this.authApi.loginUser(jwt);
+        // Store tokens if auth provider supports it
+        if (this.authProvider && response.accessToken) {
+            await this.storeTokens(response.accessToken, response.refreshToken);
+        }
+        return response;
+    }
+    /**
+     * ADMIN: Refresh access token
+     * Automatically stores new tokens if auth provider supports token storage
+     */
+    async refreshAccessToken(refreshToken) {
+        // Use provided refresh token or get from auth provider
+        const tokenToUse = refreshToken || (this.authProvider?.getRefreshToken ? await this.authProvider.getRefreshToken() : null);
+        if (!tokenToUse) {
+            throw new Error('No refresh token available for token refresh');
+        }
+        const response = await this.authApi.refreshAccessToken(tokenToUse);
+        // Store new tokens if auth provider supports it
+        if (this.authProvider && response.accessToken) {
+            await this.storeTokens(response.accessToken, response.refreshToken);
+        }
+        return response;
+    }
+    /**
+     * Automatic token refresh using stored refresh token
+     * Convenience method for 401 error handling
+     */
+    async autoRefreshToken() {
+        return this.refreshAccessToken(); // Uses stored refresh token
+    }
+    /**
+     * Clear stored tokens if auth provider supports it
+     */
+    async clearTokens() {
+        if (this.authProvider?.clearTokens) {
+            await this.authProvider.clearTokens();
+        }
+    }
+    /**
+     * Check if we have valid tokens for authentication
+     */
+    hasValidAuth() {
+        return this.authProvider?.hasValidToken?.() ?? false;
+    }
+    // ==========================================
+    // PRIVATE HELPERS
+    // ==========================================
+    /**
+     * Store tokens using auth provider if it supports token storage
+     */
+    async storeTokens(accessToken, refreshToken) {
+        if (!this.authProvider)
+            return;
+        try {
+            // Store access token
+            if (this.authProvider.setAccessToken) {
+                await this.authProvider.setAccessToken(accessToken);
+            }
+            // Store refresh token if provided and supported
+            if (refreshToken && this.authProvider.setRefreshToken) {
+                await this.authProvider.setRefreshToken(refreshToken);
+            }
+        }
+        catch (error) {
+            console.error('Failed to store tokens in auth provider:', error);
+            // Don't throw - token storage failure shouldn't break authentication
+        }
+    }
+}
+
+/**
+ * Simple, self-contained authentication provider for SDK
+ *
+ * Manages tokens internally without external dependencies.
+ * Perfect for platform-agnostic usage.
+ */
+class SimpleSdkAuthProvider {
+    constructor(projectKey) {
+        this.accessToken = null;
+        this.refreshToken = null;
+        this.projectKey = null;
+        this.authType = 'admin';
+        this.projectKey = projectKey || null;
+        // Try to load tokens from localStorage if available
+        this.loadTokensFromStorage();
+    }
+    async getToken() {
+        // Return stored access token
+        return this.accessToken;
+    }
+    async getProjectKey() {
+        return this.projectKey;
+    }
+    async onTokenExpired() {
+        console.log('SimpleSdkAuthProvider: Token expired, attempting refresh...');
+        if (!this.refreshToken) {
+            console.warn('SimpleSdkAuthProvider: No refresh token available');
+            throw new Error('No refresh token available for refresh');
+        }
+        // Note: Actual refresh logic would be handled by the SDK's AuthService
+        // This provider just manages token storage
+        console.warn('SimpleSdkAuthProvider: Token refresh should be handled by SDK AuthService');
+    }
+    // Token storage methods
+    async setAccessToken(token) {
+        this.accessToken = token;
+        this.saveTokenToStorage('pers_access_token', token);
+    }
+    async setRefreshToken(token) {
+        this.refreshToken = token;
+        this.saveTokenToStorage('pers_refresh_token', token);
+    }
+    async getRefreshToken() {
+        return this.refreshToken;
+    }
+    async clearTokens() {
+        this.accessToken = null;
+        this.refreshToken = null;
+        // Clear from storage
+        this.removeTokenFromStorage('pers_access_token');
+        this.removeTokenFromStorage('pers_refresh_token');
+    }
+    // Internal methods for token persistence
+    loadTokensFromStorage() {
+        if (typeof localStorage !== 'undefined') {
+            try {
+                this.accessToken = localStorage.getItem('pers_access_token');
+                this.refreshToken = localStorage.getItem('pers_refresh_token');
+            }
+            catch (error) {
+                console.error('Failed to load tokens from localStorage:', error);
+            }
+        }
+        else {
+            console.warn('localStorage is not available for token persistence');
+        }
+    }
+    saveTokenToStorage(key, value) {
+        if (typeof localStorage !== 'undefined') {
+            localStorage.setItem(key, value);
+        }
+    }
+    removeTokenFromStorage(key) {
+        if (typeof localStorage !== 'undefined') {
+            localStorage.removeItem(key);
+        }
+    }
+    // Utility methods for external integration
+    hasValidToken() {
+        const hasToken = !!this.accessToken;
+        return hasToken;
+    }
+    hasRefreshToken() {
+        return !!this.refreshToken;
+    }
+}
+
 // packages/pers-sdk/src/core/pers-api-client.ts
 /**
  * PERS API Client - Core platform-agnostic client for PERS backend
@@ -52,8 +288,15 @@ class PersApiClient {
         this.config = config;
         // Merge user config with defaults (production + v2)
         this.mergedConfig = mergeWithDefaults(config);
+        // Auto-create auth provider if none provided
+        if (!this.mergedConfig.authProvider) {
+            this.mergedConfig.authProvider = new SimpleSdkAuthProvider(this.mergedConfig.apiProjectKey);
+        }
         // Build API root from merged environment and version
         this.apiRoot = buildApiRoot(this.mergedConfig.environment, this.mergedConfig.apiVersion);
+        // Initialize auth services for direct authentication
+        this.authApi = new AuthApi(this);
+        this.authService = new AuthService(this.authApi, this.mergedConfig.authProvider);
     }
     /**
      * Get request headers including auth token and project key
@@ -158,6 +401,45 @@ class PersApiClient {
     async delete(endpoint) {
         return this.request('DELETE', endpoint);
     }
+    // ==========================================
+    // AUTHENTICATION METHODS
+    // ==========================================
+    /**
+     * Login admin user with external JWT (e.g., Firebase)
+     * Automatically stores tokens in auth provider if available
+     */
+    async loginAdmin(externalJwt) {
+        return this.authService.loginTenantAdmin(externalJwt);
+    }
+    /**
+     * Login regular user with external JWT
+     * Automatically stores tokens in auth provider if available
+     */
+    async loginUser(externalJwt) {
+        return this.authService.loginUser(externalJwt);
+    }
+    /**
+     * Refresh access token using stored refresh token
+     */
+    async refreshToken() {
+        const refreshToken = await this.mergedConfig.authProvider?.getRefreshToken?.();
+        if (!refreshToken) {
+            throw new Error('No refresh token available');
+        }
+        return this.authService.refreshAccessToken(refreshToken);
+    }
+    /**
+     * Clear all stored authentication tokens
+     */
+    async clearAuth() {
+        return this.authService.clearTokens();
+    }
+    /**
+     * Check if user has valid authentication token
+     */
+    hasValidAuth() {
+        return this.mergedConfig.authProvider?.hasValidToken?.() || false;
+    }
     /**
      * Get current configuration (returns merged config)
      */
@@ -180,168 +462,48 @@ class PersApiError extends Error {
         this.name = 'PersApiError';
     }
 }
-/**
- * PERS API Client - Core platform-agnostic client for PERS backend
- */
-/*import { HttpClient, RequestOptions } from './abstractions/http-client';
-import { PersConfig, buildApiRoot, mergeWithDefaults } from './pers-config';
-
-export class PersApiClient {
-  private readonly apiRoot: string;
-  private readonly mergedConfig: ReturnType<typeof mergeWithDefaults>;
-
-  constructor(
-    private httpClient: HttpClient,
-    private config: PersConfig
-  ) {
-    // Merge user config with defaults (production + v2)
-    this.mergedConfig = mergeWithDefaults(config);
-    
-    // Build API root from merged environment and version
-    this.apiRoot = buildApiRoot(this.mergedConfig.environment, this.mergedConfig.apiVersion);
-  }
-
-  /**
-   * Get request headers including auth token and project key
-   */
-/*private async getHeaders(): Promise<Record<string, string>> {
-  const headers: Record<string, string> = {
-    'Content-Type': 'application/json',
-  };
-
-  // Add authentication token
-  if (this.mergedConfig.authProvider) {
-    const token = await this.mergedConfig.authProvider.getToken();
-    if (token) {
-      headers['Authorization'] = `Bearer ${token}`;
-    }
-  }
-
-  // Add project key
-  if (this.mergedConfig.authProvider) {
-    const projectKey = await this.mergedConfig.authProvider.getProjectKey();
-    if (projectKey) {
-      headers['x-project-key'] = projectKey;
-    }
-  } else if(this.mergedConfig.apiProjectKey) {
-    // Fallback to config project key if no auth provider
-    headers['x-project-key'] = this.mergedConfig.apiProjectKey;
-  }
-
-  return headers;
-}
 
 /**
- * Make a request with proper headers, auth, and error handling
+ * Memory-based token storage (default)
  */
-/*private async request<T>(
-  method: 'GET' | 'POST' | 'PUT' | 'DELETE',
-  endpoint: string,
-  body?: any,
-  options?: { retryCount?: number }
-): Promise<T> {
-  const { retryCount = 0 } = options || {};
-  const url = `${this.apiRoot}${endpoint}`;
-  
-  const requestOptions: RequestOptions = {
-    headers: await this.getHeaders(),
-    timeout: this.mergedConfig.timeout,
-  };
-
-  try {
-    switch (method) {
-      case 'GET':
-        return await this.httpClient.get<T>(url, requestOptions);
-      case 'POST':
-        return await this.httpClient.post<T>(url, body, requestOptions);
-      case 'PUT':
-        return await this.httpClient.put<T>(url, body, requestOptions);
-      case 'DELETE':
-        return await this.httpClient.delete<T>(url, requestOptions);
-      default:
-        throw new Error(`Unsupported HTTP method: ${method}`);
-    }
-  } catch (error: any) {
-    // Handle 401 errors with automatic token refresh
-    if (error.status === 401 && retryCount === 0 && this.mergedConfig.authProvider?.onTokenExpired) {
-      try {
-        await this.mergedConfig.authProvider.onTokenExpired();
-        // Retry once with refreshed token
-        return this.request<T>(method, endpoint, body, { ...options, retryCount: 1 });
-      } catch (refreshError) {
-        throw new PersApiError(
-          `Authentication refresh failed: ${refreshError}`,
-          endpoint,
-          method,
-          401
-        );
-      }
+class MemoryTokenStorage {
+    constructor() {
+        this.storage = new Map();
+    }
+    async setItem(key, value) {
+        this.storage.set(key, value);
+    }
+    async getItem(key) {
+        return this.storage.get(key) || null;
+    }
+    async removeItem(key) {
+        this.storage.delete(key);
     }
-
-    throw new PersApiError(
-      `PERS API request failed: ${error.message || error}`,
-      endpoint,
-      method,
-      error.status
-    );
-  }
-}
-
-/**
- * Generic GET request
- */
-/*async get<T>(endpoint: string): Promise<T> {
-  return this.request<T>('GET', endpoint);
-}
-
-/**
- * Generic POST request
- */
-/*async post<T>(endpoint: string, body?: any): Promise<T> {
-  return this.request<T>('POST', endpoint, body);
-}
-
-/**
- * Generic PUT request
- */
-/*async put<T>(endpoint: string, body?: any): Promise<T> {
-  return this.request<T>('PUT', endpoint, body);
-}
-
-/**
- * Generic DELETE request
- */
-/*async delete<T>(endpoint: string): Promise<T> {
-  return this.request<T>('DELETE', endpoint);
-}
-
-/**
- * Get current configuration (returns merged config)
- */
-/*getConfig(): ReturnType<typeof mergeWithDefaults> {
-  return this.mergedConfig;
 }
-
 /**
- * Get original user configuration
+ * localStorage-based token storage (browser only)
  */
-/*getOriginalConfig(): PersConfig {
-  return this.config;
-}
-}
-
-export class PersApiError extends Error {
-constructor(
-  message: string,
-  public endpoint: string,
-  public method: string,
-  public statusCode?: number
-) {
-  super(message);
-  this.name = 'PersApiError';
+class LocalStorageTokenStorage {
+    async setItem(key, value) {
+        if (typeof localStorage !== 'undefined') {
+            localStorage.setItem(key, value);
+        }
+        else {
+            throw new Error('localStorage is not available in this environment');
+        }
+    }
+    async getItem(key) {
+        if (typeof localStorage !== 'undefined') {
+            return localStorage.getItem(key);
+        }
+        return null;
+    }
+    async removeItem(key) {
+        if (typeof localStorage !== 'undefined') {
+            localStorage.removeItem(key);
+        }
+    }
 }
-}*/
-
 /**
  * Creates a platform-agnostic AuthProvider from simple configuration
  *
@@ -352,12 +514,33 @@ constructor(
  * - Token caching with refresh support
  * - Automatic token refresh on expiration
  * - Configurable token providers
- * - Platform-independent (no localStorage assumptions)
+ * - Token storage (memory, localStorage, custom)
+ * - Platform-independent
  *
  * @param config - Simple auth configuration
  * @returns AuthProvider implementation
  */
 function createAuthProvider(config) {
+    // Initialize token storage
+    let tokenStorage;
+    switch (config.tokenStorage) {
+        case 'localStorage':
+            tokenStorage = new LocalStorageTokenStorage();
+            break;
+        case 'custom':
+            if (!config.customTokenStorage) {
+                throw new Error('Custom token storage configuration is required when tokenStorage is "custom"');
+            }
+            tokenStorage = config.customTokenStorage;
+            break;
+        case 'memory':
+        default:
+            tokenStorage = new MemoryTokenStorage();
+            break;
+    }
+    // Token storage keys
+    const ACCESS_TOKEN_KEY = `pers_access_token_${config.authType || 'user'}`;
+    const REFRESH_TOKEN_KEY = `pers_refresh_token_${config.authType || 'user'}`;
     // Store current token for refresh scenarios and caching
     let currentToken = config.token || null;
     let isRefreshing = false; // Prevent concurrent refresh attempts
@@ -374,6 +557,17 @@ function createAuthProvider(config) {
             if (currentToken) {
                 return currentToken;
             }
+            // Try to get token from storage
+            try {
+                const storedToken = await tokenStorage.getItem(ACCESS_TOKEN_KEY);
+                if (storedToken) {
+                    currentToken = storedToken;
+                    return storedToken;
+                }
+            }
+            catch (error) {
+                console.warn('Failed to retrieve token from storage:', error);
+            }
             // Custom token provider function (always fresh)
             if (config.tokenProvider) {
                 const token = await config.tokenProvider();
@@ -386,6 +580,48 @@ function createAuthProvider(config) {
         async getProjectKey() {
             return config.projectKey || null;
         },
+        // Token storage methods
+        async setAccessToken(token) {
+            currentToken = token;
+            try {
+                await tokenStorage.setItem(ACCESS_TOKEN_KEY, token);
+            }
+            catch (error) {
+                console.error('Failed to store access token:', error);
+                throw error;
+            }
+        },
+        async setRefreshToken(token) {
+            try {
+                await tokenStorage.setItem(REFRESH_TOKEN_KEY, token);
+            }
+            catch (error) {
+                console.error('Failed to store refresh token:', error);
+                throw error;
+            }
+        },
+        async getRefreshToken() {
+            try {
+                return await tokenStorage.getItem(REFRESH_TOKEN_KEY);
+            }
+            catch (error) {
+                console.warn('Failed to retrieve refresh token from storage:', error);
+                return null;
+            }
+        },
+        async clearTokens() {
+            currentToken = null;
+            try {
+                await Promise.all([
+                    tokenStorage.removeItem(ACCESS_TOKEN_KEY),
+                    tokenStorage.removeItem(REFRESH_TOKEN_KEY)
+                ]);
+            }
+            catch (error) {
+                console.error('Failed to clear tokens from storage:', error);
+                throw error;
+            }
+        },
         async onTokenExpired() {
             // Prevent concurrent refresh attempts
             if (isRefreshing) {
@@ -397,7 +633,13 @@ function createAuthProvider(config) {
             // No refresh logic provided
             if (!config.onTokenExpired) {
                 console.warn('Token expired but no refresh logic provided');
-                currentToken = null; // Clear expired token
+                currentToken = null;
+                try {
+                    await tokenStorage.removeItem(ACCESS_TOKEN_KEY);
+                }
+                catch (error) {
+                    console.warn('Failed to clear expired token from storage:', error);
+                }
                 return;
             }
             // Start refresh process
@@ -411,6 +653,13 @@ function createAuthProvider(config) {
                         const newToken = await config.tokenProvider();
                         if (newToken && newToken !== currentToken) {
                             currentToken = newToken;
+                            // Store the new token
+                            try {
+                                await tokenStorage.setItem(ACCESS_TOKEN_KEY, newToken);
+                            }
+                            catch (error) {
+                                console.warn('Failed to store refreshed token:', error);
+                            }
                             // Notify about successful token refresh
                             if (config.onTokenRefreshed) {
                                 config.onTokenRefreshed(newToken);
@@ -419,17 +668,35 @@ function createAuthProvider(config) {
                         else {
                             console.warn('Token refresh completed but no new token received');
                             currentToken = null;
+                            try {
+                                await tokenStorage.removeItem(ACCESS_TOKEN_KEY);
+                            }
+                            catch (error) {
+                                console.warn('Failed to clear token after failed refresh:', error);
+                            }
                         }
                     }
                     else {
                         // For static token configs, clear the token since we can't refresh
                         console.warn('Token expired for static token config - clearing token');
                         currentToken = null;
+                        try {
+                            await tokenStorage.removeItem(ACCESS_TOKEN_KEY);
+                        }
+                        catch (error) {
+                            console.warn('Failed to clear expired static token:', error);
+                        }
                     }
                 }
                 catch (error) {
                     console.error('Token refresh failed:', error);
                     currentToken = null; // Clear token on refresh failure
+                    try {
+                        await tokenStorage.removeItem(ACCESS_TOKEN_KEY);
+                    }
+                    catch (storageError) {
+                        console.warn('Failed to clear token after refresh failure:', storageError);
+                    }
                     throw error; // Re-throw to let SDK handle the error
                 }
                 finally {
@@ -466,6 +733,44 @@ function createAuthProvider(config) {
   };
 } */
 
+/**
+ * @explorins/pers-sdk/core/auth - Consolidated Auth Module
+ *
+ * All authentication functionality in one place:
+ * - Auth provider interfaces and implementations
+ * - Auth API and service logic
+ * - Token management
+ */
+// Auth provider interfaces and implementations
+/**
+ * Create a complete Auth SDK instance (for backward compatibility)
+ * Note: This is now handled directly by PersApiClient
+ *
+ * @param apiClient - Configured PERS API client
+ * @param authProvider - Optional auth provider. If not provided, uses SimpleSdkAuthProvider
+ * @returns Auth SDK with flattened structure for better DX
+ */
+function createAuthSDK(apiClient, authProvider) {
+    // Use simple internal auth provider if none provided
+    const provider = authProvider || new SimpleSdkAuthProvider();
+    const authApi = new AuthApi(apiClient);
+    const authService = new AuthService(authApi, provider);
+    return {
+        // Direct access to service methods (primary interface)
+        // Admin authentication methods
+        loginTenantAdmin: (jwt) => authService.loginTenantAdmin(jwt),
+        loginUser: (jwt) => authService.loginUser(jwt),
+        refreshAccessToken: (refreshToken) => authService.refreshAccessToken(refreshToken),
+        clearTokens: () => authService.clearTokens(),
+        // Auth provider access for external integration
+        getAuthProvider: () => provider,
+        hasValidToken: () => provider.hasValidToken?.() || false,
+        // Advanced access for edge cases
+        api: authApi,
+        service: authService
+    };
+}
+
 /**
  * PERS SDK - Minimal platform-agnostic client with built-in authentication
  * Authentication is now handled at the SDK core level for better scalability
@@ -1263,99 +1568,6 @@ function createAnalyticsSDK(apiClient) {
     };
 }
 
-/**
- * Platform-Agnostic Auth Admin API Client
- *
- * Handles authentication and authorization admin operations using the PERS backend.
- * Uses @explorins/pers-shared DTOs for consistency with backend.
- *
- * Note: Special header handling (bypass-auth-interceptor) may need to be implemented
- * at the PersApiClient level or through a specialized auth client.
- */
-class AuthAdminApi {
-    constructor(apiClient) {
-        this.apiClient = apiClient;
-        this.basePath = '/auth';
-    }
-    // ==========================================
-    // ADMIN AUTHENTICATION OPERATIONS
-    // ==========================================
-    /**
-     * ADMIN: Login tenant admin with JWT
-     * Note: JWT handling and auth bypass headers may need special implementation
-     */
-    async loginTenantAdmin(jwt) {
-        const body = {
-            authToken: jwt,
-            authType: AccountOwnerType.TENANT
-        };
-        return this.apiClient.post(`${this.basePath}/token`, body);
-    }
-    /**
-     * ADMIN: Refresh access token
-     * Note: Bypass header handling may need special implementation
-     */
-    async refreshAccessToken(refreshToken) {
-        return this.apiClient.post(`${this.basePath}/refresh`, { refreshToken });
-    }
-}
-
-/**
- * Platform-Agnostic Auth Admin Service
- *
- * Contains auth admin business logic and operations that work across platforms.
- * No framework dependencies - pure TypeScript business logic.
- *
- * Focuses only on actual backend capabilities.
- */
-class AuthAdminService {
-    constructor(authAdminApi) {
-        this.authAdminApi = authAdminApi;
-    }
-    // ==========================================
-    // ADMIN AUTHENTICATION OPERATIONS
-    // ==========================================
-    /**
-     * ADMIN: Login tenant admin with JWT
-     */
-    async loginTenantAdmin(jwt) {
-        return this.authAdminApi.loginTenantAdmin(jwt);
-    }
-    /**
-     * ADMIN: Refresh access token
-     */
-    async refreshAccessToken(refreshToken) {
-        return this.authAdminApi.refreshAccessToken(refreshToken);
-    }
-}
-
-/**
- * @explorins/pers-sdk-auth-admin
- *
- * Platform-agnostic Auth Admin Domain SDK for PERS ecosystem
- * Handles authentication and authorization admin operations
- */
-// API Layer
-/**
- * Create a complete Auth Admin SDK instance
- *
- * @param apiClient - Configured PERS API client
- * @returns Auth Admin SDK with flattened structure for better DX
- */
-function createAuthAdminSDK(apiClient) {
-    const authAdminApi = new AuthAdminApi(apiClient);
-    const authAdminService = new AuthAdminService(authAdminApi);
-    return {
-        // Direct access to service methods (primary interface)
-        // Admin authentication methods
-        loginTenantAdmin: (jwt) => authAdminService.loginTenantAdmin(jwt),
-        refreshAccessToken: (refreshToken) => authAdminService.refreshAccessToken(refreshToken),
-        // Advanced access for edge cases
-        api: authAdminApi,
-        service: authAdminService
-    };
-}
-
 /**
  * Platform-Agnostic Campaign API Client (NEW - RESTful Design)
  *
@@ -2224,29 +2436,22 @@ class RedemptionApi {
     // PUBLIC OPERATIONS (Project Key)
     // ==========================================
     /**
-     * PUBLIC: Get redemptions (intelligent access)
+     * UNIFIED: Get redemptions with intelligent access control
      *
-     * NEW: Intelligent endpoint that adapts based on authentication
+     * Intelligent endpoint that adapts based on authentication:
      * - Public users: Get active redemptions only
      * - Admin users: Get all redemptions with optional filtering
      *
-     * Replaces: getActiveRedemptions() + getRedemptionsAsAdmin()
+     * @param options.active - Filter by active status (undefined = all for admins/active for public)
+     * @param options.adminAccess - Force admin access (requires admin auth)
      */
-    async getRedemptions(active) {
+    async getRedemptions(options) {
         let url = `${this.basePath}`;
-        if (active !== undefined) {
-            url += `?active=${active}`;
+        if (options?.active !== undefined) {
+            url += `?active=${options.active}`;
         }
         return this.apiClient.get(url);
     }
-    /**
-     * PUBLIC: Get active redemptions
-     *
-     * Updated: Now uses unified endpoint (backward compatibility)
-     */
-    async getActiveRedemptions() {
-        return this.getRedemptions(); // Will return active only for public access
-    }
     /**
      * PUBLIC: Get redemption types
      *
@@ -2292,12 +2497,27 @@ class RedemptionApi {
     // REDEMPTION REDEEMS QUERIES (NEW ENDPOINTS)
     // ==========================================
     /**
-     * Get redemption redeems with filtering (unified endpoint)
+     * UNIFIED: Get redemption redeems with filtering and intelligent access
+     *
+     * Role-based access with unified filtering:
+     * - Users: See only their own redeems (userId/businessId filters ignored)
+     * - Admins: Can filter by userId, businessId, or redemptionId
      *
-     * NEW: GET /redemption-redeems with query parameters
-     * Role-based access: Users see only their own, admins can filter by userId/businessId
+     * @param filters.redemptionId - Filter by specific redemption
+     * @param filters.userId - Admin only: Filter by user ID
+     * @param filters.businessId - Admin only: Filter by business ID
+     * @param filters.myRedeems - Force user's own redeems (uses /me endpoint)
      */
     async getRedemptionRedeems(filters) {
+        // Use convenience endpoint for user's own redeems
+        if (filters?.myRedeems) {
+            let url = `${this.redeemsPath}/me`;
+            if (filters.redemptionId) {
+                url += `?redemptionId=${filters.redemptionId}`;
+            }
+            return this.apiClient.get(url);
+        }
+        // Use admin endpoint with filtering
         let url = this.redeemsPath;
         const params = new URLSearchParams();
         if (filters?.redemptionId)
@@ -2313,67 +2533,22 @@ class RedemptionApi {
         return this.apiClient.get(url);
     }
     /**
-     * Get specific redemption redeem by ID
-     *
-     * NEW: GET /redemption-redeems/:id
+     * UNIFIED: Get specific redemption redeem by ID
      */
     async getRedemptionRedeemById(id) {
         return this.apiClient.get(`${this.redeemsPath}/${id}`);
     }
-    /**
-     * USER: Get my redemption redeems (convenience endpoint)
-     *
-     * NEW: GET /redemption-redeems/me with optional filtering
-     */
-    async getMyRedemptionRedeems(redemptionId) {
-        let url = `${this.redeemsPath}/me`;
-        if (redemptionId) {
-            url += `?redemptionId=${redemptionId}`;
-        }
-        return this.apiClient.get(url);
-    }
-    /**
-     * ADMIN: Get redemption redeems by user ID
-     *
-     * NEW: GET /redemption-redeems?userId=X
-     */
-    async getRedemptionRedeemsByUserId(userId, redemptionId) {
-        return this.getRedemptionRedeems({ userId, redemptionId });
-    }
-    /**
-     * ADMIN: Get redemption redeems by business ID
-     *
-     * NEW: GET /redemption-redeems?businessId=X
-     */
-    async getRedemptionRedeemsByBusinessId(businessId, redemptionId) {
-        return this.getRedemptionRedeems({ businessId, redemptionId });
-    }
-    /**
-     * ADMIN: Get redemption redeems by redemption ID
-     *
-     * NEW: GET /redemption-redeems?redemptionId=X
-     */
-    async getRedemptionRedeemsByRedemptionId(redemptionId) {
-        return this.getRedemptionRedeems({ redemptionId });
-    }
     // ==========================================
     // USER OPERATIONS (JWT + Project Key)
     // ==========================================
     /**
-     * USER: Get user redemption history
+     * UNIFIED: Get user redemption history
      *
-     * Updated: Uses new convenience endpoint /redemption-redeems/me
+     * Uses convenience endpoint /redemption-redeems/me with optional filtering
+     * @param redemptionId - Optional filter by specific redemption
      */
-    async getUserRedemptionHistory() {
-        return this.getMyRedemptionRedeems();
-    }
-    /**
-     * USER: Get user redemptions (backward compatibility)
-     *
-     * Deprecated: Use getUserRedemptionHistory() instead
-     */
-    async getUserRedeems() {
-        return this.getUserRedemptionHistory();
+    async getUserRedeems(redemptionId) {
+        return this.getRedemptionRedeems({ myRedeems: true, redemptionId });
     }
     // ==========================================
     // ADMIN OPERATIONS (Tenant Admin JWT)
@@ -2385,7 +2560,7 @@ class RedemptionApi {
      * The unified endpoint will detect admin privileges and allow filtering
      */
     async getRedemptionsAsAdmin(active) {
-        return this.getRedemptions(active); // Uses intelligent endpoint
+        return this.getRedemptions({ active, adminAccess: true });
     }
     /**
      * ADMIN: Create redemption
@@ -2404,21 +2579,13 @@ class RedemptionApi {
         return this.apiClient.put(`${this.basePath}/${id}`, redemptionCreateRequest);
     }
     /**
-     * ADMIN: Toggle redemption status
+     * UNIFIED: Toggle redemption active status
      *
      * Updated: /redemption/admin/:id/toggle-active → /redemptions/:id/status
      * Following standard /status pattern used across domains
      */
-    async toggleRedemptionStatus(redemptionId) {
-        return this.apiClient.put(`${this.basePath}/${redemptionId}/status`, {});
-    }
-    /**
-     * ADMIN: Toggle redemption active (backward compatibility)
-     *
-     * Deprecated: Use toggleRedemptionStatus() instead
-     */
     async toggleRedemptionActive(redemptionId) {
-        return this.toggleRedemptionStatus(redemptionId);
+        return this.apiClient.put(`${this.basePath}/${redemptionId}/status`, {});
     }
     /**
      * ADMIN: Delete redemption
@@ -2464,21 +2631,13 @@ class RedemptionApi {
         return this.apiClient.delete(`${this.basePath}/${redemptionId}/token-units/${redemptionTokenUnitId}`);
     }
     // ==========================================
-    // BACKWARD COMPATIBILITY METHODS
+    // CONVENIENCE METHODS (Legacy Support)
     // ==========================================
     /**
-     * @deprecated Use getRedemptions() instead
-     * Backward compatibility for old admin endpoint
+     * Convenience: Get active redemptions (public access)
      */
-    async getRedemptionsAdmin(active) {
-        return this.getRedemptionsAsAdmin(active);
-    }
-    /**
-     * @deprecated Use redeemRedemption() instead
-     * Backward compatibility for old redeem method
-     */
-    async redeem(redemptionId) {
-        return this.redeemRedemption(redemptionId);
+    async getActiveRedemptions() {
+        return this.getRedemptions({ active: true });
     }
 }
 
@@ -2498,7 +2657,15 @@ class RedemptionService {
     // PUBLIC OPERATIONS
     // ==========================================
     /**
-     * PUBLIC: Get active redemptions
+     * UNIFIED: Get redemptions with intelligent access control
+     * @param options.active - Filter by active status
+     * @param options.adminAccess - Force admin access
+     */
+    async getRedemptions(options) {
+        return this.redemptionApi.getRedemptions(options);
+    }
+    /**
+     * Convenience: Get active redemptions (public)
      */
     async getActiveRedemptions() {
         return this.redemptionApi.getActiveRedemptions();
@@ -2519,7 +2686,13 @@ class RedemptionService {
         return this.redemptionApi.redeemRedemption(redemptionId);
     }
     /**
-     * AUTH: Get user redemptions
+     * UNIFIED: Get redemption redeems with filtering
+     */
+    async getRedemptionRedeems(filters) {
+        return this.redemptionApi.getRedemptionRedeems(filters);
+    }
+    /**
+     * Convenience: Get user redemptions
      */
     async getUserRedeems() {
         return this.redemptionApi.getUserRedeems();
@@ -2528,7 +2701,7 @@ class RedemptionService {
     // ADMIN OPERATIONS
     // ==========================================
     /**
-     * ADMIN: Get redemptions with optional active filter
+     * Convenience: Get redemptions as admin
      */
     async getRedemptionsAsAdmin(active) {
         return this.redemptionApi.getRedemptionsAsAdmin(active);
@@ -4682,5 +4855,5 @@ function createWeb3SDK(apiClient) {
     };
 }
 
-export { AnalyticsApi, AnalyticsService, AuthAdminApi, AuthAdminService, BaseTokenService, BusinessApi, BusinessService, CampaignApi, CampaignService, ChainTypes, DEFAULT_PERS_CONFIG, DonationApi, DonationService, IPFSInfrastructureApi, PurchaseApi as PaymentApi, PaymentService, PersApiClient, PersApiError, PersSDK, RedemptionApi, RedemptionService, TenantApi, TenantService, TokenApi, TokenSDK, TokenService, TransactionAccountType, TransactionApi, TransactionService, UserApi, UserService, UserStatusApi, UserStatusService, Web3ApplicationService, Web3ChainApi, Web3ChainService, Web3InfrastructureApi, Web3ProviderService, buildApiRoot, createAnalyticsSDK, createAuthAdminSDK, createAuthProvider, createBusinessSDK, createCampaignSDK, createDonationSDK, createPaymentSDK, createPersSDK, createRedemptionSDK, createTenantSDK, createTransactionSDK, createUserSDK, createUserStatusSDK, createWeb3ChainSDK, createWeb3SDK, mergeWithDefaults };
+export { AnalyticsApi, AnalyticsService, AuthApi, AuthService, BaseTokenService, BusinessApi, BusinessService, CampaignApi, CampaignService, ChainTypes, DEFAULT_PERS_CONFIG, DonationApi, DonationService, IPFSInfrastructureApi, PurchaseApi as PaymentApi, PaymentService, PersApiClient, PersApiError, PersSDK, RedemptionApi, RedemptionService, SimpleSdkAuthProvider, TenantApi, TenantService, TokenApi, TokenSDK, TokenService, TransactionAccountType, TransactionApi, TransactionService, UserApi, UserService, UserStatusApi, UserStatusService, Web3ApplicationService, Web3ChainApi, Web3ChainService, Web3InfrastructureApi, Web3ProviderService, buildApiRoot, createAnalyticsSDK, createAuthProvider, createAuthSDK, createBusinessSDK, createCampaignSDK, createDonationSDK, createPaymentSDK, createPersSDK, createRedemptionSDK, createTenantSDK, createTransactionSDK, createUserSDK, createUserStatusSDK, createWeb3ChainSDK, createWeb3SDK, mergeWithDefaults };
 //# sourceMappingURL=index.js.map