@feelflow/ffid-sdk 2.12.1 → 2.15.0

package/dist/server/index.d.ts

@@ -8,21 +8,63 @@ export { D as DEFAULT_API_BASE_URL } from '../constants-DvTGHPZn.js';
  * `<FFIDInquiryForm />` and submit through either endpoint.
  */
 /**
- * Categories surfaced by the default form. Consumers are free to
- * pass their own list via `<FFIDInquiryForm categories={...} />`.
+ * Legacy 6-value canonical categories. Retained for historical DB rows
+ * (the pre-2026 values `general`, `sales`, `support`, `press` still appear
+ * in older inquiries) and for 2.x backwards compatibility with SDK
+ * consumers that pinned to this exact set.
+ *
+ * Note: `partnership` and `other` intentionally also appear in
+ * {@link FFID_INQUIRY_CATEGORIES_SITE_2026}; the legacy-only subset is
+ * `general`, `sales`, `support`, `press`.
+ *
+ * @deprecated New integrations should use
+ * {@link FFID_INQUIRY_CATEGORIES_SITE_2026} (13 values, aligned with
+ * feelflow-website-2026 `/contact`). This legacy constant remains
+ * exported for 2.x compatibility and may be removed in 3.x.
  */
 declare const FFID_INQUIRY_CATEGORIES: readonly ["general", "sales", "support", "partnership", "press", "other"];
+/**
+ * Type alias derived from the legacy 6-value list. Still referenced by
+ * {@link FFIDInquiryCreateParams.category} so existing callers compile
+ * without changes; no `@deprecated` on the type itself because the
+ * actionable migration target is the runtime constant above, and
+ * propagating `@deprecated` to the type would surface false-positive
+ * warnings on public API that deliberately accepts both shapes.
+ */
 type FFIDInquiryCategory = (typeof FFID_INQUIRY_CATEGORIES)[number];
+/**
+ * 13-value category list that mirrors feelflow-website-2026
+ * `/contact` (`feelflow-site/src/lib/contact-schema.ts` `CATEGORY_OPTIONS`).
+ *
+ * Source-of-truth ownership: **the site repo is authoritative**; this
+ * constant is a delayed-sync snapshot shipped through the SDK so
+ * consumers can get autocomplete without depending on the site repo.
+ * Drift between site and the FFID admin UI is detected automatically by
+ * `scripts/sync-inquiry-categories.ts` (SDK-side drift is a separate
+ * follow-up and today is caught only if the SDK snapshot is updated
+ * alongside the admin UI constants).
+ */
+declare const FFID_INQUIRY_CATEGORIES_SITE_2026: readonly ["consulting", "saas", "development", "agent-hub", "ai-feel-chatbot", "knowledge-db", "biz-simulator", "discussion-board", "realtime-ai", "partnership", "media", "recruiting", "other"];
+type FFIDInquiryCategorySite2026 = (typeof FFID_INQUIRY_CATEGORIES_SITE_2026)[number];
 /**
  * Parameters for `client.inquiry.create()`. When submitting from a
  * server-side SDK (Service API Key), set `source` to a stable
  * origin string so admins can trace the submission back.
+ *
+ * `category` accepts any string at the SDK boundary to keep the SDK
+ * forward-compatible with new site-side categories added before the SDK
+ * re-publishes. FFID ext-endpoint validation (`/api/v1/ext/inquiry`) is
+ * lenient — `z.string().max(100).optional()` — so unknown strings flow
+ * through to the DB unchanged. Note: the `(string & {})` arm of the
+ * union intentionally keeps autocomplete active while allowing arbitrary
+ * strings; callers using exhaustive `switch` statements should include
+ * a `default` branch.
  */
 interface FFIDInquiryCreateParams {
     email: string;
     name: string;
     message: string;
-    category?: FFIDInquiryCategory | (string & {});
+    category?: FFIDInquiryCategorySite2026 | FFIDInquiryCategory | (string & {});
     company?: string;
     phone?: string;
     locale?: 'ja' | 'en';
@@ -738,6 +780,96 @@ interface FFIDUpdateMemberRoleResponse {
 interface FFIDRemoveMemberResponse {
     message: string;
 }
+/**
+ * User profile for the authenticated user (returned by `getProfile` / `updateProfile`).
+ *
+ * Mirrors the FFID backend `UserProfile` shape exposed via
+ * `GET /api/v1/users/ext/me` and `PUT /api/v1/users/ext/me`.
+ */
+interface FFIDUserProfile {
+    /** User ID (UUID) */
+    id: string;
+    /** Email address */
+    email: string;
+    /** Display name (nullable when not set) */
+    displayName: string | null;
+    /** Avatar URL (nullable when not set) */
+    avatarUrl: string | null;
+    /** Phone number (nullable when not set) */
+    phone: string | null;
+    /** Company name (nullable when not set) */
+    companyName: string | null;
+    /** Department (nullable when not set) */
+    department: string | null;
+    /** Job title (nullable when not set) */
+    jobTitle: string | null;
+    /** IANA timezone (e.g. 'Asia/Tokyo') */
+    timezone: string;
+    /** Locale (e.g. 'ja', 'en') */
+    locale: string;
+    /** Arbitrary user preferences bag */
+    preferences: Record<string, unknown>;
+    /** Account creation timestamp (ISO 8601) */
+    createdAt: string;
+    /** Profile last-updated timestamp (ISO 8601) */
+    updatedAt: string;
+}
+/**
+ * Per-call options for profile methods (`getProfile` / `updateProfile`).
+ *
+ * Supply `accessToken` to forward an end-user Bearer token for the single call
+ * without mutating client-level auth state. Designed for server runtimes (Cloudflare
+ * Workers, Edge, Node) that receive a user-scoped Bearer per request and want to
+ * act as that user against `/api/v1/users/ext/me`.
+ *
+ * When `accessToken` is supplied with a non-empty value, it overrides the client's
+ * configured auth mode: authentication for that request uses only
+ * `Authorization: Bearer <accessToken>` (no service key, no cookie, no token-store
+ * lookup, no auto-refresh on 401). Non-auth headers such as `Content-Type` and
+ * SDK metadata headers (User-Agent / X-FFID-SDK-Version) are still attached.
+ *
+ * Runtime semantics:
+ * - `accessToken` omitted (or `undefined`) → no override, configured `authMode` is used
+ * - `accessToken` is empty string / whitespace-only → rejected as `VALIDATION_ERROR`
+ *   before any network call (prevents silent impersonation fallback when a caller
+ *   extracts a missing/blank `Authorization` header into this field)
+ * - `accessToken` is a non-empty string → override activated
+ */
+interface FFIDProfileCallOptions {
+    /**
+     * End-user Bearer token forwarded for this single request.
+     *
+     * Must be a non-empty string when supplied. Passing `''` or a whitespace-only
+     * string is treated as a caller error and surfaces as `VALIDATION_ERROR` —
+     * this guards against the common footgun where a server runtime extracts the
+     * Bearer from an incoming request without checking the header is present.
+     */
+    accessToken?: string;
+}
+/**
+ * Request payload for `updateProfile`.
+ *
+ * Mirrors the FFID backend `UpdateUserProfileRequest` shape. All fields are
+ * optional — only the supplied keys will be updated (partial update semantics).
+ */
+interface FFIDUpdateUserProfileRequest {
+    /** Display name */
+    displayName?: string;
+    /** Phone number */
+    phone?: string;
+    /** Company name */
+    companyName?: string;
+    /** Department */
+    department?: string;
+    /** Job title */
+    jobTitle?: string;
+    /** IANA timezone */
+    timezone?: string;
+    /** Locale */
+    locale?: string;
+    /** Arbitrary user preferences bag */
+    preferences?: Record<string, unknown>;
+}
 /**
  * Result of a redirect operation (redirectToLogin / redirectToAuthorize / redirectToLogout)
  *
@@ -892,6 +1024,8 @@ declare function createFFIDClient(config: FFIDConfig): {
         organizationId: string;
         userId: string;
     }) => Promise<FFIDApiResponse<FFIDRemoveMemberResponse>>;
+    getProfile: (options?: FFIDProfileCallOptions) => Promise<FFIDApiResponse<FFIDUserProfile>>;
+    updateProfile: (data: FFIDUpdateUserProfileRequest, options?: FFIDProfileCallOptions) => Promise<FFIDApiResponse<FFIDUserProfile>>;
     createCheckoutSession: (params: FFIDCreateCheckoutParams) => Promise<FFIDApiResponse<FFIDCheckoutSessionResponse>>;
     createPortalSession: (params: FFIDCreatePortalParams) => Promise<FFIDApiResponse<FFIDPortalSessionResponse>>;
     listPlans: () => Promise<FFIDApiResponse<FFIDListPlansResponse>>;
@@ -1002,4 +1136,4 @@ interface KVNamespaceLike {
  */
 declare function createKVCacheAdapter(kv: KVNamespaceLike): FFIDCacheAdapter;
 
-export { type FFIDCacheAdapter, type FFIDCacheConfig, type FFIDClient, type FFIDConfig, type FFIDOAuthUserInfo, type FFIDOrganization, type FFIDOtpSendResponse, type FFIDOtpVerifyResponse, type FFIDPasswordResetConfirmResponse, type FFIDPasswordResetResponse, type FFIDPasswordResetVerifyResponse, type FFIDResetSessionResponse, type FFIDSubscription, type FFIDUser, type FFIDVerifyAccessTokenOptions, type KVNamespaceLike, type TokenData, type TokenStore, createFFIDClient, createKVCacheAdapter, createMemoryCacheAdapter, createTokenStore, createVerifyAccessToken };
+export { type FFIDCacheAdapter, type FFIDCacheConfig, type FFIDClient, type FFIDConfig, type FFIDOAuthUserInfo, type FFIDOrganization, type FFIDOtpSendResponse, type FFIDOtpVerifyResponse, type FFIDPasswordResetConfirmResponse, type FFIDPasswordResetResponse, type FFIDPasswordResetVerifyResponse, type FFIDProfileCallOptions, type FFIDResetSessionResponse, type FFIDSubscription, type FFIDUpdateUserProfileRequest, type FFIDUser, type FFIDUserProfile, type FFIDVerifyAccessTokenOptions, type KVNamespaceLike, type TokenData, type TokenStore, createFFIDClient, createKVCacheAdapter, createMemoryCacheAdapter, createTokenStore, createVerifyAccessToken };

package/dist/server/index.js

@@ -755,8 +755,57 @@ function createMembersMethods(deps) {
   return { listMembers, updateMemberRole, removeMember };
 }
 
+// src/client/profile-methods.ts
+var EXT_PROFILE_ENDPOINT = "/api/v1/users/ext/me";
+function resolveAuthOverride(options, createError) {
+  if (!options || options.accessToken === void 0) {
+    return {};
+  }
+  const token = options.accessToken;
+  if (typeof token !== "string" || token.trim() === "") {
+    return {
+      error: createError(
+        "VALIDATION_ERROR",
+        "accessToken \u3092\u6307\u5B9A\u3059\u308B\u5834\u5408\u3001\u7A7A\u6587\u5B57\u5217\u3084\u7A7A\u767D\u306E\u307F\u306E\u5024\u306F\u4F7F\u7528\u3067\u304D\u307E\u305B\u3093"
+      )
+    };
+  }
+  return { override: { accessToken: token } };
+}
+function createProfileMethods(deps) {
+  const { fetchWithAuth, createError } = deps;
+  async function getProfile(options) {
+    const { override, error } = resolveAuthOverride(options, createError);
+    if (error) return { error };
+    return fetchWithAuth(EXT_PROFILE_ENDPOINT, void 0, override);
+  }
+  async function updateProfile(data, options) {
+    if (data === null || typeof data !== "object" || Array.isArray(data)) {
+      return {
+        error: createError("VALIDATION_ERROR", "data \u306F\u30AA\u30D6\u30B8\u30A7\u30AF\u30C8\u3067\u3042\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059")
+      };
+    }
+    if (Object.keys(data).length === 0) {
+      return {
+        error: createError("VALIDATION_ERROR", "\u66F4\u65B0\u3059\u308B\u30D5\u30A3\u30FC\u30EB\u30C9\u30921\u3064\u4EE5\u4E0A\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044")
+      };
+    }
+    const { override, error } = resolveAuthOverride(options, createError);
+    if (error) return { error };
+    return fetchWithAuth(
+      EXT_PROFILE_ENDPOINT,
+      {
+        method: "PUT",
+        body: JSON.stringify(data)
+      },
+      override
+    );
+  }
+  return { getProfile, updateProfile };
+}
+
 // src/client/version-check.ts
-var SDK_VERSION = "2.12.1";
+var SDK_VERSION = "2.15.0";
 var SDK_USER_AGENT = `FFID-SDK/${SDK_VERSION} (TypeScript)`;
 var SDK_VERSION_HEADER = "X-FFID-SDK-Version";
 function sdkHeaders() {
@@ -1938,7 +1987,19 @@ function createFFIDClient(config) {
   function createError(code, message) {
     return { code, message };
   }
-  function buildFetchOptions(options) {
+  function buildFetchOptions(options, authOverride) {
+    if (authOverride) {
+      return {
+        ...options,
+        credentials: "omit",
+        headers: {
+          "Content-Type": "application/json",
+          ...sdkHeaders(),
+          ...options.headers,
+          Authorization: `Bearer ${authOverride.accessToken}`
+        }
+      };
+    }
     if (authMode === "service-key") {
       return {
         ...options,
@@ -1985,10 +2046,10 @@ function createFFIDClient(config) {
     logger,
     errorCodes: FFID_ERROR_CODES
   });
-  async function fetchWithAuth(endpoint, options = {}) {
+  async function fetchWithAuth(endpoint, options = {}, authOverride) {
     const url = `${baseUrl}${endpoint}`;
     logger.debug("Fetching:", url);
-    const fetchOptions = buildFetchOptions(options);
+    const fetchOptions = buildFetchOptions(options, authOverride);
     let response;
     try {
       response = await fetch(url, fetchOptions);
@@ -2001,7 +2062,7 @@ function createFFIDClient(config) {
         }
       };
     }
-    if (authMode === "token" && response.status === UNAUTHORIZED_STATUS2) {
+    if (!authOverride && authMode === "token" && response.status === UNAUTHORIZED_STATUS2) {
       const refreshResult = await refreshAccessToken();
       if (!refreshResult.error) {
         logger.debug("Token refreshed, retrying request");
@@ -2127,6 +2188,10 @@ function createFFIDClient(config) {
     createError,
     serviceCode: config.serviceCode
   });
+  const { getProfile, updateProfile } = createProfileMethods({
+    fetchWithAuth,
+    createError
+  });
   const {
     requestPasswordReset,
     verifyPasswordResetToken,
@@ -2198,6 +2263,8 @@ function createFFIDClient(config) {
     listMembers,
     updateMemberRole,
     removeMember,
+    getProfile,
+    updateProfile,
     createCheckoutSession,
     createPortalSession,
     listPlans,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@feelflow/ffid-sdk",
-  "version": "2.12.1",
+  "version": "2.15.0",
   "description": "FeelFlow ID Platform SDK for React/Next.js applications",
   "keywords": [
     "feelflow",