npm - @feelflow/ffid-sdk - Versions diffs - 1.9.0 → 1.10.0 - Mend

@feelflow/ffid-sdk 1.9.0 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/README.md +1 -1
package/dist/agency/index.cjs +3 -3
package/dist/agency/index.d.cts +1 -1
package/dist/agency/index.d.ts +1 -1
package/dist/agency/index.js +2 -2
package/dist/announcements/index.cjs +2 -2
package/dist/announcements/index.d.cts +2 -2
package/dist/announcements/index.d.ts +2 -2
package/dist/announcements/index.js +1 -1
package/dist/{chunk-CBYBTBKA.cjs → chunk-OAPA5VKR.cjs} +3 -3
package/dist/{chunk-H5JRKOD7.js → chunk-PSSNMEJB.js} +3 -3
package/dist/chunk-QBRM2RRC.js +4 -0
package/dist/{chunk-P5PPUZGX.cjs → chunk-YUIITYBE.cjs} +1 -1
package/dist/components/index.cjs +7 -7
package/dist/components/index.d.cts +1 -1
package/dist/components/index.d.ts +1 -1
package/dist/components/index.js +1 -1
package/dist/{constants-BeWMWOOd.d.cts → constants-DvTGHPZn.d.cts} +1 -1
package/dist/{constants-BeWMWOOd.d.ts → constants-DvTGHPZn.d.ts} +1 -1
package/dist/{index-CTvhqdrH.d.cts → index-DsXjcF0i.d.cts} +1 -1
package/dist/{index-CTvhqdrH.d.ts → index-DsXjcF0i.d.ts} +1 -1
package/dist/index.cjs +22 -22
package/dist/index.d.cts +4 -4
package/dist/index.d.ts +4 -4
package/dist/index.js +2 -2
package/dist/legal/index.cjs +3 -3
package/dist/legal/index.d.cts +3 -3
package/dist/legal/index.d.ts +3 -3
package/dist/legal/index.js +2 -2
package/dist/server/index.cjs +1138 -0
package/dist/server/index.d.cts +416 -0
package/dist/server/index.d.ts +416 -0
package/dist/server/index.js +1129 -0
package/package.json +9 -3
package/dist/chunk-P4MLCG4T.js +0 -4

package/dist/server/index.js ADDED Viewed

@@ -0,0 +1,1129 @@
+import { DEFAULT_API_BASE_URL } from '../chunk-QBRM2RRC.js';
+export { DEFAULT_API_BASE_URL } from '../chunk-QBRM2RRC.js';
+import { createRemoteJWKSet, jwtVerify } from 'jose';
+// src/auth/token-store.ts
+var STORAGE_KEY = "ffid_tokens";
+var EXPIRY_BUFFER_SECONDS = 30;
+var EXPIRY_BUFFER_MS = EXPIRY_BUFFER_SECONDS * 1e3;
+function isLocalStorageAvailable() {
+  try {
+    if (typeof window === "undefined") return false;
+    const storage = window.localStorage;
+    if (!storage || typeof storage.setItem !== "function") return false;
+    const testKey = "__ffid_storage_test__";
+    storage.setItem(testKey, "1");
+    storage.removeItem(testKey);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function createLocalStorageStore() {
+  const storage = window.localStorage;
+  return {
+    getTokens() {
+      try {
+        const raw = storage.getItem(STORAGE_KEY);
+        if (!raw) return null;
+        const parsed = JSON.parse(raw);
+        if (!isTokenData(parsed)) return null;
+        return parsed;
+      } catch {
+        return null;
+      }
+    },
+    setTokens(tokens) {
+      try {
+        storage.setItem(STORAGE_KEY, JSON.stringify(tokens));
+      } catch {
+      }
+    },
+    clearTokens() {
+      try {
+        storage.removeItem(STORAGE_KEY);
+      } catch {
+      }
+    },
+    isAccessTokenExpired() {
+      const tokens = this.getTokens();
+      if (!tokens) return true;
+      return Date.now() >= tokens.expiresAt - EXPIRY_BUFFER_MS;
+    }
+  };
+}
+function createMemoryStore() {
+  let stored = null;
+  return {
+    getTokens() {
+      return stored;
+    },
+    setTokens(tokens) {
+      stored = { ...tokens };
+    },
+    clearTokens() {
+      stored = null;
+    },
+    isAccessTokenExpired() {
+      if (!stored) return true;
+      return Date.now() >= stored.expiresAt - EXPIRY_BUFFER_MS;
+    }
+  };
+}
+function isTokenData(value) {
+  if (typeof value !== "object" || value === null) return false;
+  const obj = value;
+  return typeof obj.accessToken === "string" && typeof obj.refreshToken === "string" && typeof obj.expiresAt === "number";
+}
+function createTokenStore(storageType) {
+  if (storageType === "memory") {
+    return createMemoryStore();
+  }
+  if (typeof window !== "undefined" && isLocalStorageAvailable()) {
+    return createLocalStorageStore();
+  }
+  return createMemoryStore();
+}
+// src/auth/pkce.ts
+var VERIFIER_STORAGE_KEY = "ffid_code_verifier";
+var CODE_VERIFIER_MIN_LENGTH = 43;
+var UNRESERVED_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
+function generateCodeVerifier() {
+  const length = CODE_VERIFIER_MIN_LENGTH;
+  const randomValues = new Uint8Array(length);
+  crypto.getRandomValues(randomValues);
+  let verifier = "";
+  for (let i = 0; i < length; i++) {
+    verifier += UNRESERVED_CHARS[randomValues[i] % UNRESERVED_CHARS.length];
+  }
+  return verifier;
+}
+async function generateCodeChallenge(verifier) {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(verifier);
+  const digest = await crypto.subtle.digest("SHA-256", data);
+  return base64UrlEncode(digest);
+}
+function storeCodeVerifier(verifier) {
+  try {
+    if (typeof window === "undefined") return;
+    window.sessionStorage.setItem(VERIFIER_STORAGE_KEY, verifier);
+  } catch {
+  }
+}
+function base64UrlEncode(buffer) {
+  const bytes = new Uint8Array(buffer);
+  let binary = "";
+  for (let i = 0; i < bytes.length; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+// src/client/oauth-userinfo.ts
+var VALID_SUBSCRIPTION_STATUSES = ["trialing", "active", "past_due", "canceled", "paused"];
+function isValidSubscriptionStatus(value) {
+  return VALID_SUBSCRIPTION_STATUSES.includes(value);
+}
+function normalizeUserinfo(raw) {
+  return {
+    sub: raw.sub,
+    email: raw.email,
+    name: raw.name,
+    picture: raw.picture,
+    organizationId: raw.organization_id ?? null,
+    subscription: raw.subscription ? {
+      subscriptionId: raw.subscription.subscription_id ?? null,
+      status: raw.subscription.status ?? null,
+      planCode: raw.subscription.plan_code ?? null,
+      seatModel: raw.subscription.seat_model ?? null,
+      memberRole: raw.subscription.member_role ?? null,
+      organizationId: raw.subscription.organization_id ?? null
+    } : void 0
+  };
+}
+function mapUserinfoSubscriptionToSession(userinfo, serviceCode) {
+  const subscription = userinfo.subscription;
+  if (!subscription || !subscription.planCode || !isValidSubscriptionStatus(subscription.status)) {
+    return [];
+  }
+  return [
+    {
+      id: subscription.subscriptionId ?? `userinfo:${serviceCode}`,
+      serviceCode,
+      serviceName: serviceCode,
+      planCode: subscription.planCode,
+      planName: subscription.planCode,
+      status: subscription.status,
+      currentPeriodEnd: null,
+      seatModel: subscription.seatModel ?? void 0,
+      memberRole: subscription.memberRole ?? void 0,
+      organizationId: subscription.organizationId
+    }
+  ];
+}
+var JWKS_ENDPOINT = "/.well-known/jwks.json";
+var JWT_ISSUER = "https://id.feelflow.net";
+var JWT_ALGORITHM = "ES256";
+var JWT_CLOCK_TOLERANCE_SECONDS = 30;
+function createJwtVerifier(deps) {
+  const { baseUrl, serviceCode, logger, createError, errorCodes } = deps;
+  const jwksUrl = new URL(JWKS_ENDPOINT, baseUrl);
+  const jwks = createRemoteJWKSet(jwksUrl);
+  async function verifyJwt(accessToken) {
+    if (!accessToken || !accessToken.trim()) {
+      return {
+        error: createError(
+          errorCodes.TOKEN_VERIFICATION_ERROR,
+          "\u30A2\u30AF\u30BB\u30B9\u30C8\u30FC\u30AF\u30F3\u304C\u6307\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093"
+        )
+      };
+    }
+    try {
+      const { payload } = await jwtVerify(accessToken, jwks, {
+        algorithms: [JWT_ALGORITHM],
+        issuer: JWT_ISSUER,
+        audience: serviceCode,
+        clockTolerance: JWT_CLOCK_TOLERANCE_SECONDS
+      });
+      if (!payload.sub) {
+        logger.error("JWT payload missing sub claim");
+        return {
+          error: createError(
+            errorCodes.TOKEN_VERIFICATION_ERROR,
+            "JWT\u30DA\u30A4\u30ED\u30FC\u30C9\u306B\u30E6\u30FC\u30B6\u30FCID\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u305B\u3093"
+          )
+        };
+      }
+      const userInfo = {
+        sub: payload.sub,
+        email: null,
+        name: null,
+        picture: null,
+        organizationId: payload.org_id ?? null
+        // subscription is not available from JWT
+      };
+      return { data: userInfo };
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "JWT\u691C\u8A3C\u306B\u5931\u6557\u3057\u307E\u3057\u305F";
+      logger.error("JWT verification failed:", message);
+      return {
+        error: createError(
+          errorCodes.TOKEN_VERIFICATION_ERROR,
+          `JWT\u691C\u8A3C\u306B\u5931\u6557\u3057\u307E\u3057\u305F: ${message}`
+        )
+      };
+    }
+  }
+  return verifyJwt;
+}
+// src/client/verify-access-token.ts
+var OAUTH_INTROSPECT_ENDPOINT = "/api/v1/oauth/introspect";
+var CACHE_KEY_PREFIX = "ffid:introspect:";
+var HEX_BASE = 16;
+var HEX_BYTE_WIDTH = 2;
+function createVerifyAccessToken(deps) {
+  const { authMode, baseUrl, serviceCode, serviceApiKey, verifyStrategy, logger, createError, errorCodes, cache, timeout } = deps;
+  let jwtVerify2 = null;
+  function getJwtVerifier() {
+    if (!jwtVerify2) {
+      jwtVerify2 = createJwtVerifier({
+        baseUrl,
+        serviceCode,
+        logger,
+        createError,
+        errorCodes: { TOKEN_VERIFICATION_ERROR: errorCodes.TOKEN_VERIFICATION_ERROR }
+      });
+    }
+    return jwtVerify2;
+  }
+  async function verifyAccessToken(accessToken) {
+    if (authMode !== "service-key") {
+      return {
+        error: createError(
+          errorCodes.TOKEN_VERIFICATION_ERROR,
+          "verifyAccessToken \u306F service-key \u30E2\u30FC\u30C9\u3067\u306E\u307F\u5229\u7528\u53EF\u80FD\u3067\u3059"
+        )
+      };
+    }
+    if (!accessToken || !accessToken.trim()) {
+      return {
+        error: createError(
+          errorCodes.TOKEN_VERIFICATION_ERROR,
+          "\u30A2\u30AF\u30BB\u30B9\u30C8\u30FC\u30AF\u30F3\u304C\u6307\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093"
+        )
+      };
+    }
+    if (verifyStrategy === "jwt") {
+      return getJwtVerifier()(accessToken);
+    }
+    return verifyViaIntrospect(accessToken);
+  }
+  async function verifyViaIntrospect(accessToken) {
+    if (!serviceApiKey) {
+      return {
+        error: createError(
+          errorCodes.TOKEN_VERIFICATION_ERROR,
+          "serviceApiKey \u304C\u8A2D\u5B9A\u3055\u308C\u3066\u3044\u307E\u305B\u3093"
+        )
+      };
+    }
+    const url = `${baseUrl}${OAUTH_INTROSPECT_ENDPOINT}`;
+    logger.debug("Verifying access token:", url);
+    const cacheKey = await buildCacheKey(accessToken);
+    if (cache) {
+      try {
+        const cached = await cache.adapter.get(cacheKey);
+        if (cached && typeof cached === "object" && "sub" in cached) {
+          logger.debug("Cache hit for introspect result");
+          return { data: cached };
+        }
+      } catch (cacheError) {
+        logger.warn("Cache read failed, falling back to API call:", cacheError);
+      }
+    }
+    const fetchOptions = {
+      method: "POST",
+      credentials: "omit",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        "X-Service-Api-Key": serviceApiKey
+      },
+      body: new URLSearchParams({ token: accessToken }).toString()
+    };
+    if (timeout !== void 0) {
+      fetchOptions.signal = AbortSignal.timeout(timeout);
+    }
+    let response;
+    try {
+      response = await fetch(url, fetchOptions);
+    } catch (error) {
+      logger.error("Network error during token verification:", error);
+      return {
+        error: {
+          code: errorCodes.NETWORK_ERROR,
+          message: error instanceof Error ? error.message : "\u30CD\u30C3\u30C8\u30EF\u30FC\u30AF\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F"
+        }
+      };
+    }
+    let introspectResponse;
+    try {
+      introspectResponse = await response.json();
+    } catch (parseError) {
+      logger.error("Parse error during token verification:", parseError);
+      return {
+        error: {
+          code: errorCodes.PARSE_ERROR,
+          message: `\u30B5\u30FC\u30D0\u30FC\u304B\u3089\u4E0D\u6B63\u306A\u30EC\u30B9\u30DD\u30F3\u30B9\u3092\u53D7\u4FE1\u3057\u307E\u3057\u305F (status: ${response.status})`
+        }
+      };
+    }
+    if (!response.ok) {
+      const errorBody = introspectResponse;
+      return {
+        error: {
+          code: errorBody.error?.code ?? errorCodes.TOKEN_VERIFICATION_ERROR,
+          message: errorBody.error?.message ?? "\u30C8\u30FC\u30AF\u30F3\u691C\u8A3C\u306B\u5931\u6557\u3057\u307E\u3057\u305F"
+        }
+      };
+    }
+    if (!introspectResponse.active) {
+      return {
+        error: {
+          code: errorCodes.TOKEN_VERIFICATION_ERROR,
+          message: "\u30C8\u30FC\u30AF\u30F3\u304C\u7121\u52B9\u307E\u305F\u306F\u671F\u9650\u5207\u308C\u3067\u3059"
+        }
+      };
+    }
+    if (!introspectResponse.sub) {
+      logger.error("Active token introspection returned no sub claim");
+      return {
+        error: {
+          code: errorCodes.TOKEN_VERIFICATION_ERROR,
+          message: "\u30C8\u30FC\u30AF\u30F3\u691C\u8A3C\u30EC\u30B9\u30DD\u30F3\u30B9\u306B\u30E6\u30FC\u30B6\u30FCID\u304C\u542B\u307E\u308C\u3066\u3044\u307E\u305B\u3093"
+        }
+      };
+    }
+    const base = {
+      sub: introspectResponse.sub,
+      email: introspectResponse.email ?? null,
+      name: introspectResponse.name ?? null,
+      picture: introspectResponse.picture ?? null,
+      organization_id: introspectResponse.organization_id ?? null
+    };
+    const raw = introspectResponse.subscription ? {
+      ...base,
+      subscription: {
+        subscription_id: introspectResponse.subscription.subscription_id ?? null,
+        status: introspectResponse.subscription.status,
+        plan_code: introspectResponse.subscription.plan_code,
+        seat_model: introspectResponse.subscription.seat_model,
+        member_role: introspectResponse.subscription.member_role,
+        organization_id: introspectResponse.subscription.organization_id
+      }
+    } : base;
+    const userinfo = normalizeUserinfo(raw);
+    if (cache) {
+      try {
+        await cache.adapter.set(cacheKey, userinfo, cache.ttl);
+      } catch (cacheError) {
+        logger.warn("Cache write failed (result still returned):", cacheError);
+      }
+    }
+    return { data: userinfo };
+  }
+  async function buildCacheKey(token) {
+    if (typeof globalThis.crypto?.subtle?.digest === "function") {
+      const encoder = new TextEncoder();
+      const data = encoder.encode(token);
+      const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+      const hashArray = Array.from(new Uint8Array(hashBuffer));
+      const hashHex = hashArray.map((b) => b.toString(HEX_BASE).padStart(HEX_BYTE_WIDTH, "0")).join("");
+      return CACHE_KEY_PREFIX + hashHex;
+    }
+    return CACHE_KEY_PREFIX + token;
+  }
+  return verifyAccessToken;
+}
+// src/client/billing-methods.ts
+var BILLING_CHECKOUT_ENDPOINT = "/api/v1/billing/checkout";
+var BILLING_PORTAL_ENDPOINT = "/api/v1/billing/portal";
+function createBillingMethods(deps) {
+  const { fetchWithAuth, createError } = deps;
+  async function createCheckoutSession(params) {
+    if (!params.organizationId || !params.subscriptionId) {
+      return {
+        error: createError("VALIDATION_ERROR", "organizationId \u3068 subscriptionId \u306F\u5FC5\u9808\u3067\u3059")
+      };
+    }
+    if (!params.successUrl || !params.cancelUrl) {
+      return {
+        error: createError("VALIDATION_ERROR", "successUrl \u3068 cancelUrl \u306F\u5FC5\u9808\u3067\u3059")
+      };
+    }
+    return fetchWithAuth(
+      BILLING_CHECKOUT_ENDPOINT,
+      {
+        method: "POST",
+        body: JSON.stringify({
+          organizationId: params.organizationId,
+          subscriptionId: params.subscriptionId,
+          successUrl: params.successUrl,
+          cancelUrl: params.cancelUrl,
+          ...params.planId ? { planId: params.planId } : {}
+        })
+      }
+    );
+  }
+  async function createPortalSession(params) {
+    if (!params.organizationId || !params.returnUrl) {
+      return {
+        error: createError("VALIDATION_ERROR", "organizationId \u3068 returnUrl \u306F\u5FC5\u9808\u3067\u3059")
+      };
+    }
+    const query = new URLSearchParams({
+      organizationId: params.organizationId,
+      returnUrl: params.returnUrl
+    });
+    return fetchWithAuth(
+      `${BILLING_PORTAL_ENDPOINT}?${query.toString()}`
+    );
+  }
+  return { createCheckoutSession, createPortalSession };
+}
+// src/client/version-check.ts
+var SDK_VERSION = "1.10.0";
+var SDK_USER_AGENT = `FFID-SDK/${SDK_VERSION} (TypeScript)`;
+var SDK_VERSION_HEADER = "X-FFID-SDK-Version";
+var LATEST_VERSION_HEADER = "X-FFID-SDK-Latest-Version";
+var SEMVER_PATTERN = /^\d+(\.\d+)*$/;
+var _versionWarningShown = false;
+function compareSemver(a, b) {
+  const cleanA = a.replace(/^v/, "");
+  const cleanB = b.replace(/^v/, "");
+  if (!SEMVER_PATTERN.test(cleanA) || !SEMVER_PATTERN.test(cleanB)) return 0;
+  const partsA = cleanA.split(".").map(Number);
+  const partsB = cleanB.split(".").map(Number);
+  const maxLen = Math.max(partsA.length, partsB.length);
+  for (let i = 0; i < maxLen; i++) {
+    const numA = partsA[i] ?? 0;
+    const numB = partsB[i] ?? 0;
+    if (numA < numB) return -1;
+    if (numA > numB) return 1;
+  }
+  return 0;
+}
+function checkVersionHeader(response, logger) {
+  if (_versionWarningShown) return;
+  if (typeof process !== "undefined" && process.env?.NODE_ENV === "production") return;
+  if (!response.headers?.get) return;
+  const latestVersion = response.headers.get(LATEST_VERSION_HEADER);
+  if (!latestVersion) return;
+  if (compareSemver(SDK_VERSION, latestVersion) < 0) {
+    _versionWarningShown = true;
+    logger.warn(
+      `\u65B0\u3057\u3044\u30D0\u30FC\u30B8\u30E7\u30F3\u304C\u5229\u7528\u53EF\u80FD\u3067\u3059: v${latestVersion} (\u73FE\u5728: v${SDK_VERSION})
+npm install @feelflow/ffid-sdk@latest \u3067\u30A2\u30C3\u30D7\u30C7\u30FC\u30C8\u3067\u304D\u307E\u3059`
+    );
+  }
+}
+// src/client/ffid-client.ts
+var NO_CONTENT_STATUS = 204;
+var SESSION_ENDPOINT = "/api/v1/auth/session";
+var LOGOUT_ENDPOINT = "/api/v1/auth/signout";
+var OAUTH_TOKEN_ENDPOINT = "/api/v1/oauth/token";
+var OAUTH_USERINFO_ENDPOINT = "/api/v1/oauth/userinfo";
+var OAUTH_AUTHORIZE_ENDPOINT = "/api/v1/oauth/authorize";
+var OAUTH_REVOKE_ENDPOINT = "/api/v1/oauth/revoke";
+var EXT_CHECK_ENDPOINT = "/api/v1/subscriptions/ext/check";
+var SDK_LOG_PREFIX = "[FFID SDK]";
+var MS_PER_SECOND = 1e3;
+var UNAUTHORIZED_STATUS = 401;
+var STATE_RANDOM_BYTES = 16;
+var HEX_BASE2 = 16;
+var noopLogger = {
+  debug: () => {
+  },
+  info: () => {
+  },
+  warn: () => {
+  },
+  error: (...args) => console.error(SDK_LOG_PREFIX, ...args)
+};
+var consoleLogger = {
+  debug: (...args) => console.debug(SDK_LOG_PREFIX, ...args),
+  info: (...args) => console.info(SDK_LOG_PREFIX, ...args),
+  warn: (...args) => console.warn(SDK_LOG_PREFIX, ...args),
+  error: (...args) => console.error(SDK_LOG_PREFIX, ...args)
+};
+var FFID_ERROR_CODES = {
+  NETWORK_ERROR: "NETWORK_ERROR",
+  PARSE_ERROR: "PARSE_ERROR",
+  UNKNOWN_ERROR: "UNKNOWN_ERROR",
+  TOKEN_EXCHANGE_ERROR: "TOKEN_EXCHANGE_ERROR",
+  TOKEN_REFRESH_ERROR: "TOKEN_REFRESH_ERROR",
+  NO_TOKENS: "NO_TOKENS",
+  TOKEN_VERIFICATION_ERROR: "TOKEN_VERIFICATION_ERROR"
+};
+function createFFIDClient(config) {
+  if (!config.serviceCode || !config.serviceCode.trim()) {
+    throw new Error("FFID Client: serviceCode \u304C\u672A\u8A2D\u5B9A\u3067\u3059");
+  }
+  const baseUrl = config.apiBaseUrl ?? DEFAULT_API_BASE_URL;
+  const authMode = config.authMode ?? "cookie";
+  const clientId = config.clientId ?? config.serviceCode;
+  const resolvedRedirectUri = config.redirectUri ?? null;
+  const serviceApiKey = config.serviceApiKey?.trim();
+  const verifyStrategy = config.verifyStrategy ?? "jwt";
+  const cache = config.cache;
+  const timeout = config.timeout;
+  if (authMode === "service-key" && !serviceApiKey) {
+    throw new Error("FFID Client: service-key \u30E2\u30FC\u30C9\u3067\u306F serviceApiKey \u304C\u5FC5\u9808\u3067\u3059");
+  }
+  if (cache && cache.ttl <= 0) {
+    throw new Error("FFID Client: cache.ttl \u306F\u6B63\u306E\u6570\u5024\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044");
+  }
+  if (timeout !== void 0 && timeout <= 0) {
+    throw new Error("FFID Client: timeout \u306F\u6B63\u306E\u6570\u5024\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044");
+  }
+  const logger = config.logger ?? (config.debug ? consoleLogger : noopLogger);
+  const tokenStore = authMode === "token" ? createTokenStore() : createTokenStore("memory");
+  async function fetchWithAuth(endpoint, options = {}) {
+    const url = `${baseUrl}${endpoint}`;
+    logger.debug("Fetching:", url);
+    const fetchOptions = buildFetchOptions(options);
+    let response;
+    try {
+      response = await fetch(url, fetchOptions);
+    } catch (error) {
+      logger.error("Network error:", error);
+      return {
+        error: {
+          code: FFID_ERROR_CODES.NETWORK_ERROR,
+          message: error instanceof Error ? error.message : "\u30CD\u30C3\u30C8\u30EF\u30FC\u30AF\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F"
+        }
+      };
+    }
+    if (authMode === "token" && response.status === UNAUTHORIZED_STATUS) {
+      const refreshResult = await refreshAccessToken();
+      if (!refreshResult.error) {
+        logger.debug("Token refreshed, retrying request");
+        const retryOptions = buildFetchOptions(options);
+        try {
+          response = await fetch(url, retryOptions);
+        } catch (retryError) {
+          logger.error("Network error on retry:", retryError);
+          return {
+            error: {
+              code: FFID_ERROR_CODES.NETWORK_ERROR,
+              message: retryError instanceof Error ? retryError.message : "\u30CD\u30C3\u30C8\u30EF\u30FC\u30AF\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F"
+            }
+          };
+        }
+      }
+    }
+    let raw;
+    try {
+      raw = await response.json();
+    } catch (parseError) {
+      logger.error("Parse error:", parseError, "Status:", response.status);
+      return {
+        error: {
+          code: FFID_ERROR_CODES.PARSE_ERROR,
+          message: `\u30B5\u30FC\u30D0\u30FC\u304B\u3089\u4E0D\u6B63\u306A\u30EC\u30B9\u30DD\u30F3\u30B9\u3092\u53D7\u4FE1\u3057\u307E\u3057\u305F (status: ${response.status})`
+        }
+      };
+    }
+    logger.debug("Response:", response.status, raw);
+    checkVersionHeader(response, logger);
+    if (!response.ok) {
+      return {
+        error: raw.error ?? {
+          code: FFID_ERROR_CODES.UNKNOWN_ERROR,
+          message: "\u4E0D\u660E\u306A\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F"
+        }
+      };
+    }
+    if (raw.data === void 0) {
+      return {
+        error: {
+          code: FFID_ERROR_CODES.UNKNOWN_ERROR,
+          message: "\u30B5\u30FC\u30D0\u30FC\u304B\u3089\u30C7\u30FC\u30BF\u304C\u8FD4\u3055\u308C\u307E\u305B\u3093\u3067\u3057\u305F"
+        }
+      };
+    }
+    return { data: raw.data };
+  }
+  function sdkHeaders() {
+    return {
+      "User-Agent": SDK_USER_AGENT,
+      [SDK_VERSION_HEADER]: SDK_VERSION
+    };
+  }
+  function buildFetchOptions(options) {
+    if (authMode === "service-key") {
+      return {
+        ...options,
+        credentials: "omit",
+        headers: {
+          "Content-Type": "application/json",
+          ...sdkHeaders(),
+          "X-Service-Api-Key": serviceApiKey,
+          ...options.headers
+        }
+      };
+    }
+    if (authMode === "token") {
+      const tokens = tokenStore.getTokens();
+      const headers = {
+        "Content-Type": "application/json",
+        ...sdkHeaders(),
+        ...options.headers
+      };
+      if (tokens) {
+        headers["Authorization"] = `Bearer ${tokens.accessToken}`;
+      }
+      return {
+        ...options,
+        credentials: "omit",
+        headers
+      };
+    }
+    return {
+      ...options,
+      credentials: "include",
+      headers: {
+        "Content-Type": "application/json",
+        ...sdkHeaders(),
+        ...options.headers
+      }
+    };
+  }
+  async function getSession() {
+    if (authMode === "token") {
+      return getSessionFromUserinfo();
+    }
+    const result = await fetchWithAuth(SESSION_ENDPOINT);
+    if (result.data?.user) {
+      return {
+        ...result,
+        data: {
+          ...result.data,
+          user: normalizeFFIDUser(result.data.user)
+        }
+      };
+    }
+    return result;
+  }
+  function normalizeFFIDUser(user) {
+    return {
+      ...user,
+      locale: user.locale ?? null,
+      timezone: user.timezone ?? null
+    };
+  }
+  async function getSessionFromUserinfo() {
+    const tokens = tokenStore.getTokens();
+    if (!tokens) {
+      return {
+        error: {
+          code: FFID_ERROR_CODES.NO_TOKENS,
+          message: "\u30C8\u30FC\u30AF\u30F3\u304C\u4FDD\u5B58\u3055\u308C\u3066\u3044\u307E\u305B\u3093"
+        }
+      };
+    }
+    const url = `${baseUrl}${OAUTH_USERINFO_ENDPOINT}`;
+    logger.debug("Fetching userinfo:", url);
+    let response;
+    try {
+      response = await fetch(url, {
+        credentials: "omit",
+        headers: {
+          "Authorization": `Bearer ${tokens.accessToken}`,
+          "Content-Type": "application/json",
+          ...sdkHeaders()
+        }
+      });
+    } catch (error) {
+      logger.error("Network error:", error);
+      return {
+        error: {
+          code: FFID_ERROR_CODES.NETWORK_ERROR,
+          message: error instanceof Error ? error.message : "\u30CD\u30C3\u30C8\u30EF\u30FC\u30AF\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F"
+        }
+      };
+    }
+    if (response.status === UNAUTHORIZED_STATUS) {
+      const refreshResult = await refreshAccessToken();
+      if (!refreshResult.error) {
+        const retryTokens = tokenStore.getTokens();
+        if (retryTokens) {
+          try {
+            response = await fetch(url, {
+              credentials: "omit",
+              headers: {
+                "Authorization": `Bearer ${retryTokens.accessToken}`,
+                "Content-Type": "application/json",
+                ...sdkHeaders()
+              }
+            });
+          } catch (retryError) {
+            logger.error("Network error on retry:", retryError);
+            return {
+              error: {
+                code: FFID_ERROR_CODES.NETWORK_ERROR,
+                message: retryError instanceof Error ? retryError.message : "\u30CD\u30C3\u30C8\u30EF\u30FC\u30AF\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F"
+              }
+            };
+          }
+        }
+      } else {
+        return refreshResult;
+      }
+    }
+    let rawUserinfo;
+    try {
+      rawUserinfo = await response.json();
+    } catch (parseError) {
+      logger.error("Parse error:", parseError, "Status:", response.status);
+      return {
+        error: {
+          code: FFID_ERROR_CODES.PARSE_ERROR,
+          message: `\u30B5\u30FC\u30D0\u30FC\u304B\u3089\u4E0D\u6B63\u306A\u30EC\u30B9\u30DD\u30F3\u30B9\u3092\u53D7\u4FE1\u3057\u307E\u3057\u305F (status: ${response.status})`
+        }
+      };
+    }
+    if (!response.ok) {
+      const errorBody = rawUserinfo;
+      return {
+        error: {
+          code: errorBody.code ?? FFID_ERROR_CODES.UNKNOWN_ERROR,
+          message: errorBody.message ?? "\u4E0D\u660E\u306A\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F"
+        }
+      };
+    }
+    const userinfo = normalizeUserinfo(rawUserinfo);
+    const user = {
+      id: userinfo.sub,
+      email: userinfo.email ?? "",
+      displayName: userinfo.name ?? null,
+      avatarUrl: userinfo.picture ?? null,
+      locale: null,
+      timezone: null,
+      createdAt: ""
+    };
+    return {
+      data: {
+        user,
+        organizations: [],
+        subscriptions: mapUserinfoSubscriptionToSession(userinfo, config.serviceCode)
+      }
+    };
+  }
+  async function signOut() {
+    if (authMode === "token") {
+      return signOutToken();
+    }
+    return signOutCookie();
+  }
+  async function signOutCookie() {
+    const url = `${baseUrl}${LOGOUT_ENDPOINT}`;
+    logger.debug("Fetching:", url);
+    let response;
+    try {
+      response = await fetch(url, {
+        method: "POST",
+        credentials: "include",
+        headers: { "Content-Type": "application/json", ...sdkHeaders() }
+      });
+    } catch (error) {
+      logger.error("Network error:", error);
+      return {
+        error: {
+          code: FFID_ERROR_CODES.NETWORK_ERROR,
+          message: error instanceof Error ? error.message : "\u30CD\u30C3\u30C8\u30EF\u30FC\u30AF\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F"
+        }
+      };
+    }
+    if (response.status === NO_CONTENT_STATUS) {
+      logger.debug("Response: 204 No Content");
+      return { data: void 0 };
+    }
+    if (!response.ok) {
+      try {
+        const raw = await response.json();
+        return {
+          error: raw.error ?? {
+            code: FFID_ERROR_CODES.UNKNOWN_ERROR,
+            message: "\u4E0D\u660E\u306A\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F"
+          }
+        };
+      } catch {
+        return {
+          error: {
+            code: FFID_ERROR_CODES.PARSE_ERROR,
+            message: `\u30B5\u30FC\u30D0\u30FC\u304B\u3089\u4E0D\u6B63\u306A\u30EC\u30B9\u30DD\u30F3\u30B9\u3092\u53D7\u4FE1\u3057\u307E\u3057\u305F (status: ${response.status})`
+          }
+        };
+      }
+    }
+    logger.debug("Response:", response.status);
+    return { data: void 0 };
+  }
+  async function signOutToken() {
+    const tokens = tokenStore.getTokens();
+    tokenStore.clearTokens();
+    if (!tokens) {
+      logger.debug("No tokens to revoke");
+      return { data: void 0 };
+    }
+    const url = `${baseUrl}${OAUTH_REVOKE_ENDPOINT}`;
+    logger.debug("Revoking token:", url);
+    try {
+      await fetch(url, {
+        method: "POST",
+        credentials: "omit",
+        headers: { "Content-Type": "application/x-www-form-urlencoded", ...sdkHeaders() },
+        body: new URLSearchParams({
+          token: tokens.accessToken,
+          client_id: clientId
+        }).toString()
+      });
+    } catch (error) {
+      logger.warn("Token revocation failed:", error);
+    }
+    logger.debug("Token sign-out completed");
+    return { data: void 0 };
+  }
+  async function exchangeCodeForTokens(code, codeVerifier) {
+    const url = `${baseUrl}${OAUTH_TOKEN_ENDPOINT}`;
+    logger.debug("Exchanging code for tokens:", url);
+    const effectiveRedirectUri = resolvedRedirectUri ?? (typeof window !== "undefined" ? window.location.origin + window.location.pathname : null);
+    if (!effectiveRedirectUri) {
+      logger.error("redirectUri is required for token exchange in SSR environments. Set config.redirectUri explicitly.");
+      return {
+        error: {
+          code: FFID_ERROR_CODES.TOKEN_EXCHANGE_ERROR,
+          message: "redirectUri \u304C\u672A\u8A2D\u5B9A\u3067\u3059\u3002SSR\u74B0\u5883\u3067\u306F config.redirectUri \u3092\u660E\u793A\u7684\u306B\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044"
+        }
+      };
+    }
+    const body = {
+      grant_type: "authorization_code",
+      code,
+      client_id: clientId,
+      redirect_uri: effectiveRedirectUri
+    };
+    if (codeVerifier) {
+      body.code_verifier = codeVerifier;
+    }
+    let response;
+    try {
+      response = await fetch(url, {
+        method: "POST",
+        credentials: "omit",
+        headers: { "Content-Type": "application/x-www-form-urlencoded", ...sdkHeaders() },
+        body: new URLSearchParams(body).toString()
+      });
+    } catch (error) {
+      logger.error("Network error during token exchange:", error);
+      return {
+        error: {
+          code: FFID_ERROR_CODES.NETWORK_ERROR,
+          message: error instanceof Error ? error.message : "\u30CD\u30C3\u30C8\u30EF\u30FC\u30AF\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F"
+        }
+      };
+    }
+    let tokenResponse;
+    try {
+      tokenResponse = await response.json();
+    } catch (parseError) {
+      logger.error("Parse error during token exchange:", parseError);
+      return {
+        error: {
+          code: FFID_ERROR_CODES.PARSE_ERROR,
+          message: `\u30C8\u30FC\u30AF\u30F3\u30EC\u30B9\u30DD\u30F3\u30B9\u306E\u89E3\u6790\u306B\u5931\u6557\u3057\u307E\u3057\u305F (status: ${response.status})`
+        }
+      };
+    }
+    if (!response.ok) {
+      const errorBody = tokenResponse;
+      return {
+        error: {
+          code: errorBody.error ?? FFID_ERROR_CODES.TOKEN_EXCHANGE_ERROR,
+          message: errorBody.error_description ?? "\u30C8\u30FC\u30AF\u30F3\u4EA4\u63DB\u306B\u5931\u6557\u3057\u307E\u3057\u305F"
+        }
+      };
+    }
+    tokenStore.setTokens({
+      accessToken: tokenResponse.access_token,
+      refreshToken: tokenResponse.refresh_token,
+      expiresAt: Date.now() + tokenResponse.expires_in * MS_PER_SECOND
+    });
+    logger.debug("Token exchange successful");
+    return { data: void 0 };
+  }
+  async function refreshAccessToken() {
+    const tokens = tokenStore.getTokens();
+    if (!tokens) {
+      return {
+        error: {
+          code: FFID_ERROR_CODES.NO_TOKENS,
+          message: "\u30EA\u30D5\u30EC\u30C3\u30B7\u30E5\u30C8\u30FC\u30AF\u30F3\u304C\u3042\u308A\u307E\u305B\u3093"
+        }
+      };
+    }
+    const url = `${baseUrl}${OAUTH_TOKEN_ENDPOINT}`;
+    logger.debug("Refreshing access token:", url);
+    let response;
+    try {
+      response = await fetch(url, {
+        method: "POST",
+        credentials: "omit",
+        headers: { "Content-Type": "application/x-www-form-urlencoded", ...sdkHeaders() },
+        body: new URLSearchParams({
+          grant_type: "refresh_token",
+          refresh_token: tokens.refreshToken,
+          client_id: clientId
+        }).toString()
+      });
+    } catch (error) {
+      logger.error("Network error during token refresh:", error);
+      return {
+        error: {
+          code: FFID_ERROR_CODES.NETWORK_ERROR,
+          message: error instanceof Error ? error.message : "\u30CD\u30C3\u30C8\u30EF\u30FC\u30AF\u30A8\u30E9\u30FC\u304C\u767A\u751F\u3057\u307E\u3057\u305F"
+        }
+      };
+    }
+    let tokenResponse;
+    try {
+      tokenResponse = await response.json();
+    } catch (parseError) {
+      logger.error("Parse error during token refresh:", parseError);
+      return {
+        error: {
+          code: FFID_ERROR_CODES.PARSE_ERROR,
+          message: `\u30C8\u30FC\u30AF\u30F3\u30EC\u30B9\u30DD\u30F3\u30B9\u306E\u89E3\u6790\u306B\u5931\u6557\u3057\u307E\u3057\u305F (status: ${response.status})`
+        }
+      };
+    }
+    if (!response.ok) {
+      const errorBody = tokenResponse;
+      logger.error("Token refresh failed:", errorBody);
+      const irrecoverableErrors = ["token_revoked", "invalid_grant"];
+      if (errorBody.error && irrecoverableErrors.includes(errorBody.error)) {
+        tokenStore.clearTokens();
+        logger.debug("Cleared tokens due to irrecoverable refresh error:", errorBody.error);
+      }
+      return {
+        error: {
+          code: errorBody.error ?? FFID_ERROR_CODES.TOKEN_REFRESH_ERROR,
+          message: errorBody.error_description ?? "\u30C8\u30FC\u30AF\u30F3\u30EA\u30D5\u30EC\u30C3\u30B7\u30E5\u306B\u5931\u6557\u3057\u307E\u3057\u305F"
+        }
+      };
+    }
+    tokenStore.setTokens({
+      accessToken: tokenResponse.access_token,
+      refreshToken: tokenResponse.refresh_token,
+      expiresAt: Date.now() + tokenResponse.expires_in * MS_PER_SECOND
+    });
+    logger.debug("Token refresh successful");
+    return { data: void 0 };
+  }
+  function redirectToLogin() {
+    if (typeof window === "undefined") {
+      logger.debug("Cannot redirect in SSR context");
+      return false;
+    }
+    if (authMode === "token") {
+      return redirectToAuthorize();
+    }
+    const currentUrl = window.location.href;
+    const loginUrl = `${baseUrl}/login?redirect=${encodeURIComponent(currentUrl)}&service=${encodeURIComponent(config.serviceCode)}`;
+    logger.debug("Redirecting to login:", loginUrl);
+    window.location.href = loginUrl;
+    return true;
+  }
+  function redirectToAuthorize() {
+    const verifier = generateCodeVerifier();
+    storeCodeVerifier(verifier);
+    generateCodeChallenge(verifier).then((challenge) => {
+      const state = generateRandomState();
+      const redirectUri = resolvedRedirectUri ?? window.location.origin + window.location.pathname;
+      const params = new URLSearchParams({
+        response_type: "code",
+        client_id: clientId,
+        redirect_uri: redirectUri,
+        state,
+        code_challenge: challenge,
+        code_challenge_method: "S256"
+      });
+      const authorizeUrl = `${baseUrl}${OAUTH_AUTHORIZE_ENDPOINT}?${params.toString()}`;
+      logger.debug("Redirecting to authorize:", authorizeUrl);
+      window.location.href = authorizeUrl;
+    }).catch((error) => {
+      logger.error("Failed to generate code challenge:", error);
+    });
+    return true;
+  }
+  function getLoginUrl(redirectUrl) {
+    const redirect = redirectUrl ?? (typeof window !== "undefined" ? window.location.href : "");
+    return `${baseUrl}/login?redirect=${encodeURIComponent(redirect)}&service=${encodeURIComponent(config.serviceCode)}`;
+  }
+  function getSignupUrl(redirectUrl) {
+    const redirect = redirectUrl ?? (typeof window !== "undefined" ? window.location.href : "");
+    return `${baseUrl}/signup?redirect=${encodeURIComponent(redirect)}&service=${encodeURIComponent(config.serviceCode)}`;
+  }
+  function createError(code, message) {
+    return { code, message };
+  }
+  async function checkSubscription(params) {
+    if (!params.userId || !params.organizationId) {
+      return {
+        error: createError("VALIDATION_ERROR", "userId \u3068 organizationId \u306F\u5FC5\u9808\u3067\u3059")
+      };
+    }
+    const query = new URLSearchParams({
+      userId: params.userId,
+      organizationId: params.organizationId,
+      serviceCode: config.serviceCode
+    });
+    return fetchWithAuth(
+      `${EXT_CHECK_ENDPOINT}?${query.toString()}`
+    );
+  }
+  const { createCheckoutSession, createPortalSession } = createBillingMethods({
+    fetchWithAuth,
+    createError
+  });
+  const verifyAccessToken = createVerifyAccessToken({
+    authMode,
+    baseUrl,
+    serviceCode: config.serviceCode,
+    serviceApiKey,
+    verifyStrategy,
+    logger,
+    createError,
+    errorCodes: FFID_ERROR_CODES,
+    cache,
+    timeout
+  });
+  return {
+    getSession,
+    signOut,
+    redirectToLogin,
+    getLoginUrl,
+    getSignupUrl,
+    createError,
+    exchangeCodeForTokens,
+    refreshAccessToken,
+    checkSubscription,
+    createCheckoutSession,
+    createPortalSession,
+    verifyAccessToken,
+    /** Token store (token mode only) */
+    tokenStore,
+    /** Resolved auth mode */
+    authMode,
+    /** Resolved logger instance */
+    logger,
+    baseUrl,
+    serviceCode: config.serviceCode,
+    clientId,
+    redirectUri: resolvedRedirectUri
+  };
+}
+function generateRandomState() {
+  const array = new Uint8Array(STATE_RANDOM_BYTES);
+  crypto.getRandomValues(array);
+  return Array.from(array, (byte) => byte.toString(HEX_BASE2).padStart(2, "0")).join("");
+}
+// src/client/cache/memory-cache-adapter.ts
+var MS_PER_SECOND2 = 1e3;
+function createMemoryCacheAdapter() {
+  const store = /* @__PURE__ */ new Map();
+  return {
+    async get(key) {
+      const entry = store.get(key);
+      if (!entry) return null;
+      if (Date.now() >= entry.expiresAt) {
+        store.delete(key);
+        return null;
+      }
+      return entry.value;
+    },
+    async set(key, value, ttlSeconds) {
+      store.set(key, {
+        value,
+        expiresAt: Date.now() + ttlSeconds * MS_PER_SECOND2
+      });
+    },
+    async delete(key) {
+      store.delete(key);
+    }
+  };
+}
+// src/client/cache/kv-cache-adapter.ts
+function createKVCacheAdapter(kv) {
+  return {
+    async get(key) {
+      return kv.get(key, "json");
+    },
+    async set(key, value, ttlSeconds) {
+      await kv.put(key, JSON.stringify(value), { expirationTtl: ttlSeconds });
+    },
+    async delete(key) {
+      await kv.delete(key);
+    }
+  };
+}
+export { createFFIDClient, createKVCacheAdapter, createMemoryCacheAdapter, createTokenStore, createVerifyAccessToken };