@feelflow/ffid-sdk 2.21.0 → 3.0.0

package/dist/agency/index.cjs

@@ -1,6 +1,6 @@
 'use strict';
 
-var chunkYUIITYBE_cjs = require('../chunk-YUIITYBE.cjs');
+var chunkMDHKSVLP_cjs = require('../chunk-MDHKSVLP.cjs');
 
 // src/agency/ffid-agency-client.ts
 var API_PREFIX = "/api/v1/agencies";
@@ -26,7 +26,7 @@ var consoleLogger = {
   error: (...args) => console.error(SDK_LOG_PREFIX, ...args)
 };
 function createFFIDAgencyClient(config = {}) {
-  const baseUrl = config.apiBaseUrl ?? chunkYUIITYBE_cjs.DEFAULT_API_BASE_URL;
+  const baseUrl = config.apiBaseUrl ?? chunkMDHKSVLP_cjs.DEFAULT_API_BASE_URL;
   const logger = config.logger ?? (config.debug ? consoleLogger : noopLogger);
   function validateIds(...pairs) {
     for (const [value, name] of pairs) {
@@ -316,7 +316,7 @@ function createFFIDAgencyClient(config = {}) {
 
 Object.defineProperty(exports, "DEFAULT_API_BASE_URL", {
   enumerable: true,
-  get: function () { return chunkYUIITYBE_cjs.DEFAULT_API_BASE_URL; }
+  get: function () { return chunkMDHKSVLP_cjs.DEFAULT_API_BASE_URL; }
 });
 exports.FFID_AGENCY_ERROR_CODES = FFID_AGENCY_ERROR_CODES;
 exports.createFFIDAgencyClient = createFFIDAgencyClient;

package/dist/agency/index.d.cts

@@ -1,4 +1,4 @@
-export { D as DEFAULT_API_BASE_URL } from '../constants-DvTGHPZn.cjs';
+export { D as DEFAULT_API_BASE_URL } from '../constants-D61jqRIO.cjs';
 
 /**
  * FFID Agency SDK Type Definitions

package/dist/agency/index.d.ts

@@ -1,4 +1,4 @@
-export { D as DEFAULT_API_BASE_URL } from '../constants-DvTGHPZn.js';
+export { D as DEFAULT_API_BASE_URL } from '../constants-D61jqRIO.js';
 
 /**
  * FFID Agency SDK Type Definitions

package/dist/agency/index.js

@@ -1,5 +1,5 @@
-import { DEFAULT_API_BASE_URL } from '../chunk-QBRM2RRC.js';
-export { DEFAULT_API_BASE_URL } from '../chunk-QBRM2RRC.js';
+import { DEFAULT_API_BASE_URL } from '../chunk-JEVK2XUM.js';
+export { DEFAULT_API_BASE_URL } from '../chunk-JEVK2XUM.js';
 
 // src/agency/ffid-agency-client.ts
 var API_PREFIX = "/api/v1/agencies";

package/dist/announcements/index.cjs

@@ -1,6 +1,6 @@
 'use strict';
 
-var chunkYUIITYBE_cjs = require('../chunk-YUIITYBE.cjs');
+var chunkMDHKSVLP_cjs = require('../chunk-MDHKSVLP.cjs');
 
 // src/announcements/ffid-announcements-client.ts
 var API_PATH = "/api/v1/announcements";
@@ -29,7 +29,7 @@ var consoleLogger = {
   error: (...args) => console.error(SDK_LOG_PREFIX, ...args)
 };
 function createFFIDAnnouncementsClient(config = {}) {
-  const baseUrl = config.apiBaseUrl ?? chunkYUIITYBE_cjs.DEFAULT_API_BASE_URL;
+  const baseUrl = config.apiBaseUrl ?? chunkMDHKSVLP_cjs.DEFAULT_API_BASE_URL;
   const logger = config.logger ?? (config.debug ? consoleLogger : quietLogger);
   async function fetchApi(endpoint) {
     const url = `${baseUrl}${endpoint}`;

package/dist/announcements/index.js

@@ -1,4 +1,4 @@
-import { DEFAULT_API_BASE_URL } from '../chunk-QBRM2RRC.js';
+import { DEFAULT_API_BASE_URL } from '../chunk-JEVK2XUM.js';
 
 // src/announcements/ffid-announcements-client.ts
 var API_PATH = "/api/v1/announcements";

package/dist/chunk-JEVK2XUM.js

@@ -0,0 +1,5 @@
+// src/constants.ts
+var DEFAULT_API_BASE_URL = "https://id.feelflow.net";
+var DEFAULT_OAUTH_SCOPES = "openid email profile subscription:read legal:read";
+
+export { DEFAULT_API_BASE_URL, DEFAULT_OAUTH_SCOPES };

package/dist/{chunk-HUU4Q5VH.cjs → chunk-JNR4AKL5.cjs}

@@ -6,6 +6,7 @@ var jsxRuntime = require('react/jsx-runtime');
 
 // src/constants.ts
 var DEFAULT_API_BASE_URL = "https://id.feelflow.net";
+var DEFAULT_OAUTH_SCOPES = "openid email profile subscription:read legal:read";
 
 // src/auth/token-store.ts
 var STORAGE_KEY = "ffid_tokens";
@@ -807,7 +808,7 @@ function createProfileMethods(deps) {
 }
 
 // src/client/version-check.ts
-var SDK_VERSION = "2.21.0";
+var SDK_VERSION = "3.0.0";
 var SDK_USER_AGENT = `FFID-SDK/${SDK_VERSION} (TypeScript)`;
 var SDK_VERSION_HEADER = "X-FFID-SDK-Version";
 function sdkHeaders() {
@@ -1462,6 +1463,7 @@ function createRedirectMethods(deps) {
     baseUrl,
     clientId,
     serviceCode,
+    scope,
     resolvedRedirectUri,
     logger
   } = deps;
@@ -1470,6 +1472,24 @@ function createRedirectMethods(deps) {
       logger.warn("SSR \u74B0\u5883\u3067\u306F\u30EA\u30C0\u30A4\u30EC\u30AF\u30C8\u3067\u304D\u307E\u305B\u3093");
       return { success: false, error: "SSR \u74B0\u5883\u3067\u306F\u30EA\u30C0\u30A4\u30EC\u30AF\u30C8\u3067\u304D\u307E\u305B\u3093" };
     }
+    if (authMode === "service-key") {
+      logger.error(
+        "[FFID SDK] service-key \u30E2\u30FC\u30C9\u3067\u306F redirectToAuthorize \u306F\u547C\u3073\u51FA\u305B\u307E\u305B\u3093 \u2014 server-to-server \u7528\u9014\u306E\u305F\u3081 OAuth \u30D6\u30E9\u30A6\u30B6 flow \u3092\u6301\u3061\u307E\u305B\u3093"
+      );
+      return {
+        success: false,
+        error: "service-key \u30E2\u30FC\u30C9\u3067\u306F OAuth \u8A8D\u53EF\u30EA\u30C0\u30A4\u30EC\u30AF\u30C8\u306F\u5229\u7528\u3067\u304D\u307E\u305B\u3093"
+      };
+    }
+    if (!scope || !scope.trim()) {
+      logger.error(
+        "[FFID SDK] scope \u304C\u672A\u8A2D\u5B9A\u306E\u305F\u3081 /oauth/authorize \u3092\u547C\u3073\u51FA\u305B\u307E\u305B\u3093 (#2674) \u2014 FFIDConfig.scope \u306B DEFAULT_OAUTH_SCOPES \u307E\u305F\u306F\u660E\u793A\u7684\u306A scope \u3092\u6E21\u3057\u3066\u304F\u3060\u3055\u3044"
+      );
+      return {
+        success: false,
+        error: "OAuth scope \u304C\u672A\u8A2D\u5B9A\u306E\u305F\u3081\u8A8D\u53EF\u30EA\u30C0\u30A4\u30EC\u30AF\u30C8\u3092\u5B9F\u884C\u3067\u304D\u307E\u305B\u3093"
+      };
+    }
     const authorizeKey = buildAuthorizeKey(baseUrl, clientId, options?.organizationId);
     const now = Date.now();
     const recentCount = getRecentRedirectCount(authorizeKey, now, logger);
@@ -1502,6 +1522,7 @@ function createRedirectMethods(deps) {
     const params = new URLSearchParams({
       response_type: "code",
       client_id: clientId,
+      scope,
       redirect_uri: redirectUri,
       state,
       code_challenge: challenge,
@@ -1984,6 +2005,7 @@ function createContractWizardMethods(deps) {
 var EXT_SUBSCRIBE_ENDPOINT2 = "/api/v1/ext/newsletter/subscribe";
 var CONFIRM_ENDPOINT = "/api/newsletter/confirm";
 var UNSUBSCRIBE_ENDPOINT = "/api/newsletter/unsubscribe";
+var DISPATCH_ENDPOINT = "/api/v1/newsletter/dispatch";
 function trimOrEmpty(s) {
   return typeof s === "string" ? s.trim() : "";
 }
@@ -2089,7 +2111,36 @@ function createNewsletterMethods(deps) {
       }
     );
   }
-  return { subscribe, confirm, unsubscribe };
+  async function dispatch(params) {
+    const subject = trimOrEmpty(params.subject);
+    if (!subject) {
+      return { error: createError("VALIDATION_ERROR", "subject \u306F\u5FC5\u9808\u3067\u3059") };
+    }
+    if (!params.body || typeof params.body !== "object") {
+      return { error: createError("VALIDATION_ERROR", "body \u306F\u5FC5\u9808\u3067\u3059") };
+    }
+    const bodySource = params.body;
+    const hasHtmlBody = typeof bodySource.htmlBody === "string" && bodySource.htmlBody.length > 0;
+    const hasTemplateId = typeof bodySource.templateId === "string" && bodySource.templateId.length > 0;
+    if (hasHtmlBody === hasTemplateId) {
+      return {
+        error: createError(
+          "BODY_SOURCE_REQUIRED",
+          "body \u306F htmlBody \u307E\u305F\u306F templateId \u306E\u3044\u305A\u308C\u304B\u4E00\u65B9\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044"
+        )
+      };
+    }
+    return fetchWithAuth(DISPATCH_ENDPOINT, {
+      method: "POST",
+      body: JSON.stringify({
+        subject,
+        articleUrl: params.articleUrl,
+        body: params.body,
+        segment: params.segment
+      })
+    });
+  }
+  return { subscribe, confirm, unsubscribe, dispatch };
 }
 
 // src/inquiry/ffid-inquiry-client.ts
@@ -2191,8 +2242,21 @@ function createFFIDClient(config) {
   if (!config.serviceCode || !config.serviceCode.trim()) {
     throw new Error("FFID Client: serviceCode \u304C\u672A\u8A2D\u5B9A\u3067\u3059");
   }
+  const scope = config.scope?.trim() ?? "";
   const baseUrl = config.apiBaseUrl ?? DEFAULT_API_BASE_URL;
   const authMode = config.authMode ?? "cookie";
+  const VALID_AUTH_MODES = ["cookie", "token", "service-key"];
+  if (!VALID_AUTH_MODES.includes(authMode)) {
+    throw new Error(
+      `FFID Client: authMode \u304C\u4E0D\u6B63\u3067\u3059 (\u53D7\u4FE1: ${JSON.stringify(authMode)}, \u6709\u52B9\u5024: ${VALID_AUTH_MODES.join(" | ")})`
+    );
+  }
+  if (authMode !== "service-key" && !scope) {
+    const received = config.scope === void 0 ? "undefined" : JSON.stringify(config.scope);
+    throw new Error(
+      `FFID Client: scope \u304C\u672A\u8A2D\u5B9A\u3067\u3059 (\u53D7\u4FE1: ${received})\u3002\`DEFAULT_OAUTH_SCOPES\` \u3092 import \u3059\u308B\u304B\u3001\u660E\u793A\u7684\u306B scope \u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044 (#2674)`
+    );
+  }
   const clientId = config.clientId ?? config.serviceCode;
   const rawRedirectUri = config.redirectUri ?? null;
   const serviceApiKey = config.serviceApiKey?.trim();
@@ -2363,6 +2427,7 @@ function createFFIDClient(config) {
     baseUrl,
     clientId,
     serviceCode: config.serviceCode,
+    scope,
     resolvedRedirectUri,
     logger
   });
@@ -2547,6 +2612,7 @@ var FFIDClientContext = react.createContext(null);
 function FFIDProvider({
   children,
   serviceCode,
+  scope,
   apiBaseUrl,
   debug = false,
   logger,
@@ -2573,13 +2639,14 @@ function FFIDProvider({
   const client = react.useMemo(
     () => createFFIDClient({
       serviceCode,
+      scope,
       apiBaseUrl,
       debug,
       logger,
       authMode,
       clientId
     }),
-    [serviceCode, apiBaseUrl, debug, logger, authMode, clientId]
+    [serviceCode, scope, apiBaseUrl, debug, logger, authMode, clientId]
   );
   const refresh = react.useCallback(async () => {
     client.logger.debug("Refreshing session...");
@@ -4571,6 +4638,7 @@ function FFIDInquiryForm({
 }
 
 exports.DEFAULT_API_BASE_URL = DEFAULT_API_BASE_URL;
+exports.DEFAULT_OAUTH_SCOPES = DEFAULT_OAUTH_SCOPES;
 exports.FFIDAnnouncementBadge = FFIDAnnouncementBadge;
 exports.FFIDAnnouncementList = FFIDAnnouncementList;
 exports.FFIDInquiryForm = FFIDInquiryForm;

package/dist/{chunk-YUIITYBE.cjs → chunk-MDHKSVLP.cjs}

@@ -2,5 +2,7 @@
 
 // src/constants.ts
 var DEFAULT_API_BASE_URL = "https://id.feelflow.net";
+var DEFAULT_OAUTH_SCOPES = "openid email profile subscription:read legal:read";
 
 exports.DEFAULT_API_BASE_URL = DEFAULT_API_BASE_URL;
+exports.DEFAULT_OAUTH_SCOPES = DEFAULT_OAUTH_SCOPES;

package/dist/{chunk-I7NEMG52.js → chunk-XWI4BFKW.js}

@@ -4,6 +4,7 @@ import { jsx, jsxs, Fragment } from 'react/jsx-runtime';
 
 // src/constants.ts
 var DEFAULT_API_BASE_URL = "https://id.feelflow.net";
+var DEFAULT_OAUTH_SCOPES = "openid email profile subscription:read legal:read";
 
 // src/auth/token-store.ts
 var STORAGE_KEY = "ffid_tokens";
@@ -805,7 +806,7 @@ function createProfileMethods(deps) {
 }
 
 // src/client/version-check.ts
-var SDK_VERSION = "2.21.0";
+var SDK_VERSION = "3.0.0";
 var SDK_USER_AGENT = `FFID-SDK/${SDK_VERSION} (TypeScript)`;
 var SDK_VERSION_HEADER = "X-FFID-SDK-Version";
 function sdkHeaders() {
@@ -1460,6 +1461,7 @@ function createRedirectMethods(deps) {
     baseUrl,
     clientId,
     serviceCode,
+    scope,
     resolvedRedirectUri,
     logger
   } = deps;
@@ -1468,6 +1470,24 @@ function createRedirectMethods(deps) {
       logger.warn("SSR \u74B0\u5883\u3067\u306F\u30EA\u30C0\u30A4\u30EC\u30AF\u30C8\u3067\u304D\u307E\u305B\u3093");
       return { success: false, error: "SSR \u74B0\u5883\u3067\u306F\u30EA\u30C0\u30A4\u30EC\u30AF\u30C8\u3067\u304D\u307E\u305B\u3093" };
     }
+    if (authMode === "service-key") {
+      logger.error(
+        "[FFID SDK] service-key \u30E2\u30FC\u30C9\u3067\u306F redirectToAuthorize \u306F\u547C\u3073\u51FA\u305B\u307E\u305B\u3093 \u2014 server-to-server \u7528\u9014\u306E\u305F\u3081 OAuth \u30D6\u30E9\u30A6\u30B6 flow \u3092\u6301\u3061\u307E\u305B\u3093"
+      );
+      return {
+        success: false,
+        error: "service-key \u30E2\u30FC\u30C9\u3067\u306F OAuth \u8A8D\u53EF\u30EA\u30C0\u30A4\u30EC\u30AF\u30C8\u306F\u5229\u7528\u3067\u304D\u307E\u305B\u3093"
+      };
+    }
+    if (!scope || !scope.trim()) {
+      logger.error(
+        "[FFID SDK] scope \u304C\u672A\u8A2D\u5B9A\u306E\u305F\u3081 /oauth/authorize \u3092\u547C\u3073\u51FA\u305B\u307E\u305B\u3093 (#2674) \u2014 FFIDConfig.scope \u306B DEFAULT_OAUTH_SCOPES \u307E\u305F\u306F\u660E\u793A\u7684\u306A scope \u3092\u6E21\u3057\u3066\u304F\u3060\u3055\u3044"
+      );
+      return {
+        success: false,
+        error: "OAuth scope \u304C\u672A\u8A2D\u5B9A\u306E\u305F\u3081\u8A8D\u53EF\u30EA\u30C0\u30A4\u30EC\u30AF\u30C8\u3092\u5B9F\u884C\u3067\u304D\u307E\u305B\u3093"
+      };
+    }
     const authorizeKey = buildAuthorizeKey(baseUrl, clientId, options?.organizationId);
     const now = Date.now();
     const recentCount = getRecentRedirectCount(authorizeKey, now, logger);
@@ -1500,6 +1520,7 @@ function createRedirectMethods(deps) {
     const params = new URLSearchParams({
       response_type: "code",
       client_id: clientId,
+      scope,
       redirect_uri: redirectUri,
       state,
       code_challenge: challenge,
@@ -1982,6 +2003,7 @@ function createContractWizardMethods(deps) {
 var EXT_SUBSCRIBE_ENDPOINT2 = "/api/v1/ext/newsletter/subscribe";
 var CONFIRM_ENDPOINT = "/api/newsletter/confirm";
 var UNSUBSCRIBE_ENDPOINT = "/api/newsletter/unsubscribe";
+var DISPATCH_ENDPOINT = "/api/v1/newsletter/dispatch";
 function trimOrEmpty(s) {
   return typeof s === "string" ? s.trim() : "";
 }
@@ -2087,7 +2109,36 @@ function createNewsletterMethods(deps) {
       }
     );
   }
-  return { subscribe, confirm, unsubscribe };
+  async function dispatch(params) {
+    const subject = trimOrEmpty(params.subject);
+    if (!subject) {
+      return { error: createError("VALIDATION_ERROR", "subject \u306F\u5FC5\u9808\u3067\u3059") };
+    }
+    if (!params.body || typeof params.body !== "object") {
+      return { error: createError("VALIDATION_ERROR", "body \u306F\u5FC5\u9808\u3067\u3059") };
+    }
+    const bodySource = params.body;
+    const hasHtmlBody = typeof bodySource.htmlBody === "string" && bodySource.htmlBody.length > 0;
+    const hasTemplateId = typeof bodySource.templateId === "string" && bodySource.templateId.length > 0;
+    if (hasHtmlBody === hasTemplateId) {
+      return {
+        error: createError(
+          "BODY_SOURCE_REQUIRED",
+          "body \u306F htmlBody \u307E\u305F\u306F templateId \u306E\u3044\u305A\u308C\u304B\u4E00\u65B9\u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044"
+        )
+      };
+    }
+    return fetchWithAuth(DISPATCH_ENDPOINT, {
+      method: "POST",
+      body: JSON.stringify({
+        subject,
+        articleUrl: params.articleUrl,
+        body: params.body,
+        segment: params.segment
+      })
+    });
+  }
+  return { subscribe, confirm, unsubscribe, dispatch };
 }
 
 // src/inquiry/ffid-inquiry-client.ts
@@ -2189,8 +2240,21 @@ function createFFIDClient(config) {
   if (!config.serviceCode || !config.serviceCode.trim()) {
     throw new Error("FFID Client: serviceCode \u304C\u672A\u8A2D\u5B9A\u3067\u3059");
   }
+  const scope = config.scope?.trim() ?? "";
   const baseUrl = config.apiBaseUrl ?? DEFAULT_API_BASE_URL;
   const authMode = config.authMode ?? "cookie";
+  const VALID_AUTH_MODES = ["cookie", "token", "service-key"];
+  if (!VALID_AUTH_MODES.includes(authMode)) {
+    throw new Error(
+      `FFID Client: authMode \u304C\u4E0D\u6B63\u3067\u3059 (\u53D7\u4FE1: ${JSON.stringify(authMode)}, \u6709\u52B9\u5024: ${VALID_AUTH_MODES.join(" | ")})`
+    );
+  }
+  if (authMode !== "service-key" && !scope) {
+    const received = config.scope === void 0 ? "undefined" : JSON.stringify(config.scope);
+    throw new Error(
+      `FFID Client: scope \u304C\u672A\u8A2D\u5B9A\u3067\u3059 (\u53D7\u4FE1: ${received})\u3002\`DEFAULT_OAUTH_SCOPES\` \u3092 import \u3059\u308B\u304B\u3001\u660E\u793A\u7684\u306B scope \u3092\u6307\u5B9A\u3057\u3066\u304F\u3060\u3055\u3044 (#2674)`
+    );
+  }
   const clientId = config.clientId ?? config.serviceCode;
   const rawRedirectUri = config.redirectUri ?? null;
   const serviceApiKey = config.serviceApiKey?.trim();
@@ -2361,6 +2425,7 @@ function createFFIDClient(config) {
     baseUrl,
     clientId,
     serviceCode: config.serviceCode,
+    scope,
     resolvedRedirectUri,
     logger
   });
@@ -2545,6 +2610,7 @@ var FFIDClientContext = createContext(null);
 function FFIDProvider({
   children,
   serviceCode,
+  scope,
   apiBaseUrl,
   debug = false,
   logger,
@@ -2571,13 +2637,14 @@ function FFIDProvider({
   const client = useMemo(
     () => createFFIDClient({
       serviceCode,
+      scope,
       apiBaseUrl,
       debug,
       logger,
       authMode,
       clientId
     }),
-    [serviceCode, apiBaseUrl, debug, logger, authMode, clientId]
+    [serviceCode, scope, apiBaseUrl, debug, logger, authMode, clientId]
   );
   const refresh = useCallback(async () => {
     client.logger.debug("Refreshing session...");
@@ -4568,4 +4635,4 @@ function FFIDInquiryForm({
   );
 }
 
-export { DEFAULT_API_BASE_URL, FFIDAnnouncementBadge, FFIDAnnouncementList, FFIDInquiryForm, FFIDLoginButton, FFIDOrganizationSwitcher, FFIDProvider, FFIDSDKError, FFIDSubscriptionBadge, FFIDUserMenu, FFID_ANNOUNCEMENTS_ERROR_CODES, FFID_INQUIRY_CATEGORIES, FFID_INQUIRY_CATEGORIES_SITE_2026, computeEffectiveStatusFromSession, createFFIDAnnouncementsClient, createFFIDClient, createTokenStore, generateCodeChallenge, generateCodeVerifier, isFFIDInquiryCategorySite2026, normalizeRedirectUri, retrieveCodeVerifier, storeCodeVerifier, useFFID, useFFIDAnnouncements, useFFIDContext, useSubscription, withSubscription };
+export { DEFAULT_API_BASE_URL, DEFAULT_OAUTH_SCOPES, FFIDAnnouncementBadge, FFIDAnnouncementList, FFIDInquiryForm, FFIDLoginButton, FFIDOrganizationSwitcher, FFIDProvider, FFIDSDKError, FFIDSubscriptionBadge, FFIDUserMenu, FFID_ANNOUNCEMENTS_ERROR_CODES, FFID_INQUIRY_CATEGORIES, FFID_INQUIRY_CATEGORIES_SITE_2026, computeEffectiveStatusFromSession, createFFIDAnnouncementsClient, createFFIDClient, createTokenStore, generateCodeChallenge, generateCodeVerifier, isFFIDInquiryCategorySite2026, normalizeRedirectUri, retrieveCodeVerifier, storeCodeVerifier, useFFID, useFFIDAnnouncements, useFFIDContext, useSubscription, withSubscription };

package/dist/components/index.cjs

@@ -1,34 +1,34 @@
 'use strict';
 
-var chunkHUU4Q5VH_cjs = require('../chunk-HUU4Q5VH.cjs');
+var chunkJNR4AKL5_cjs = require('../chunk-JNR4AKL5.cjs');
 
 
 
 Object.defineProperty(exports, "FFIDAnnouncementBadge", {
   enumerable: true,
-  get: function () { return chunkHUU4Q5VH_cjs.FFIDAnnouncementBadge; }
+  get: function () { return chunkJNR4AKL5_cjs.FFIDAnnouncementBadge; }
 });
 Object.defineProperty(exports, "FFIDAnnouncementList", {
   enumerable: true,
-  get: function () { return chunkHUU4Q5VH_cjs.FFIDAnnouncementList; }
+  get: function () { return chunkJNR4AKL5_cjs.FFIDAnnouncementList; }
 });
 Object.defineProperty(exports, "FFIDInquiryForm", {
   enumerable: true,
-  get: function () { return chunkHUU4Q5VH_cjs.FFIDInquiryForm; }
+  get: function () { return chunkJNR4AKL5_cjs.FFIDInquiryForm; }
 });
 Object.defineProperty(exports, "FFIDLoginButton", {
   enumerable: true,
-  get: function () { return chunkHUU4Q5VH_cjs.FFIDLoginButton; }
+  get: function () { return chunkJNR4AKL5_cjs.FFIDLoginButton; }
 });
 Object.defineProperty(exports, "FFIDOrganizationSwitcher", {
   enumerable: true,
-  get: function () { return chunkHUU4Q5VH_cjs.FFIDOrganizationSwitcher; }
+  get: function () { return chunkJNR4AKL5_cjs.FFIDOrganizationSwitcher; }
 });
 Object.defineProperty(exports, "FFIDSubscriptionBadge", {
   enumerable: true,
-  get: function () { return chunkHUU4Q5VH_cjs.FFIDSubscriptionBadge; }
+  get: function () { return chunkJNR4AKL5_cjs.FFIDSubscriptionBadge; }
 });
 Object.defineProperty(exports, "FFIDUserMenu", {
   enumerable: true,
-  get: function () { return chunkHUU4Q5VH_cjs.FFIDUserMenu; }
+  get: function () { return chunkJNR4AKL5_cjs.FFIDUserMenu; }
 });

package/dist/components/index.d.cts

@@ -1,3 +1,3 @@
-export { N as FFIDAnnouncementBadge, am as FFIDAnnouncementBadgeClassNames, an as FFIDAnnouncementBadgeProps, O as FFIDAnnouncementList, ao as FFIDAnnouncementListClassNames, ap as FFIDAnnouncementListProps, W as FFIDInquiryForm, X as FFIDInquiryFormCategoryItem, Y as FFIDInquiryFormClassNames, Z as FFIDInquiryFormOrganization, _ as FFIDInquiryFormPlaceholderContext, $ as FFIDInquiryFormPrefill, a0 as FFIDInquiryFormProps, a1 as FFIDInquiryFormSubmitData, a2 as FFIDInquiryFormSubmitResult, a4 as FFIDLoginButton, aq as FFIDLoginButtonProps, aa as FFIDOrganizationSwitcher, ar as FFIDOrganizationSwitcherClassNames, as as FFIDOrganizationSwitcherProps, ad as FFIDSubscriptionBadge, at as FFIDSubscriptionBadgeClassNames, au as FFIDSubscriptionBadgeProps, af as FFIDUserMenu, av as FFIDUserMenuClassNames, aw as FFIDUserMenuProps } from '../index-Dr5G9HQ4.cjs';
+export { N as FFIDAnnouncementBadge, am as FFIDAnnouncementBadgeClassNames, an as FFIDAnnouncementBadgeProps, O as FFIDAnnouncementList, ao as FFIDAnnouncementListClassNames, ap as FFIDAnnouncementListProps, W as FFIDInquiryForm, X as FFIDInquiryFormCategoryItem, Y as FFIDInquiryFormClassNames, Z as FFIDInquiryFormOrganization, _ as FFIDInquiryFormPlaceholderContext, $ as FFIDInquiryFormPrefill, a0 as FFIDInquiryFormProps, a1 as FFIDInquiryFormSubmitData, a2 as FFIDInquiryFormSubmitResult, a4 as FFIDLoginButton, aq as FFIDLoginButtonProps, aa as FFIDOrganizationSwitcher, ar as FFIDOrganizationSwitcherClassNames, as as FFIDOrganizationSwitcherProps, ad as FFIDSubscriptionBadge, at as FFIDSubscriptionBadgeClassNames, au as FFIDSubscriptionBadgeProps, af as FFIDUserMenu, av as FFIDUserMenuClassNames, aw as FFIDUserMenuProps } from '../index-C3zyNa4j.cjs';
 import 'react/jsx-runtime';
 import 'react';

package/dist/components/index.d.ts

@@ -1,3 +1,3 @@
-export { N as FFIDAnnouncementBadge, am as FFIDAnnouncementBadgeClassNames, an as FFIDAnnouncementBadgeProps, O as FFIDAnnouncementList, ao as FFIDAnnouncementListClassNames, ap as FFIDAnnouncementListProps, W as FFIDInquiryForm, X as FFIDInquiryFormCategoryItem, Y as FFIDInquiryFormClassNames, Z as FFIDInquiryFormOrganization, _ as FFIDInquiryFormPlaceholderContext, $ as FFIDInquiryFormPrefill, a0 as FFIDInquiryFormProps, a1 as FFIDInquiryFormSubmitData, a2 as FFIDInquiryFormSubmitResult, a4 as FFIDLoginButton, aq as FFIDLoginButtonProps, aa as FFIDOrganizationSwitcher, ar as FFIDOrganizationSwitcherClassNames, as as FFIDOrganizationSwitcherProps, ad as FFIDSubscriptionBadge, at as FFIDSubscriptionBadgeClassNames, au as FFIDSubscriptionBadgeProps, af as FFIDUserMenu, av as FFIDUserMenuClassNames, aw as FFIDUserMenuProps } from '../index-Dr5G9HQ4.js';
+export { N as FFIDAnnouncementBadge, am as FFIDAnnouncementBadgeClassNames, an as FFIDAnnouncementBadgeProps, O as FFIDAnnouncementList, ao as FFIDAnnouncementListClassNames, ap as FFIDAnnouncementListProps, W as FFIDInquiryForm, X as FFIDInquiryFormCategoryItem, Y as FFIDInquiryFormClassNames, Z as FFIDInquiryFormOrganization, _ as FFIDInquiryFormPlaceholderContext, $ as FFIDInquiryFormPrefill, a0 as FFIDInquiryFormProps, a1 as FFIDInquiryFormSubmitData, a2 as FFIDInquiryFormSubmitResult, a4 as FFIDLoginButton, aq as FFIDLoginButtonProps, aa as FFIDOrganizationSwitcher, ar as FFIDOrganizationSwitcherClassNames, as as FFIDOrganizationSwitcherProps, ad as FFIDSubscriptionBadge, at as FFIDSubscriptionBadgeClassNames, au as FFIDSubscriptionBadgeProps, af as FFIDUserMenu, av as FFIDUserMenuClassNames, aw as FFIDUserMenuProps } from '../index-C3zyNa4j.js';
 import 'react/jsx-runtime';
 import 'react';

package/dist/components/index.js

@@ -1 +1 @@
-export { FFIDAnnouncementBadge, FFIDAnnouncementList, FFIDInquiryForm, FFIDLoginButton, FFIDOrganizationSwitcher, FFIDSubscriptionBadge, FFIDUserMenu } from '../chunk-I7NEMG52.js';
+export { FFIDAnnouncementBadge, FFIDAnnouncementList, FFIDInquiryForm, FFIDLoginButton, FFIDOrganizationSwitcher, FFIDSubscriptionBadge, FFIDUserMenu } from '../chunk-XWI4BFKW.js';

package/dist/constants-D61jqRIO.d.cts

@@ -0,0 +1,35 @@
+/**
+ * FFID SDK Shared Constants
+ *
+ * Constants shared across all SDK entry points.
+ * Centralizing these prevents drift during domain/URL changes.
+ */
+/** Default FFID API base URL (production) */
+declare const DEFAULT_API_BASE_URL = "https://id.feelflow.net";
+/**
+ * Recommended default OAuth scope set for FFID-connected services (v3.0.0+).
+ *
+ * Coverage:
+ * - `openid email profile` — OIDC standard claims (always required)
+ * - `subscription:read` — `/api/v1/subscriptions/ext/*` 系（プラン / 課金 gate）
+ * - `legal:read` — `/api/v1/legal/ext` 系（利用規約・同意状態）
+ *
+ * Add feature-specific scopes on top of this when needed (browser SDK):
+ * - `analytics:read` for `/api/v1/ext/analytics/config`
+ * - `organization:read` / `organization:write` for `/api/v1/organizations/ext/members`
+ * - `subscription:write` for self-serve plan changes
+ * - `legal:write` for recording user consent
+ * - `profile:read` / `profile:write` for profile UI
+ * - `organization:api-key` for org-level API key issuance
+ *
+ * **Note**: kept as a widened `string` (not `as const`) so consumers can
+ * concatenate additional scopes (e.g. `\`${DEFAULT_OAUTH_SCOPES} analytics:read\``)
+ * and so it remains assignable to `FFIDConfig.scope: string`. `widget:verify`
+ * is intentionally excluded — it is a service-key-only scope (`/api/v1/widget/*`),
+ * not used by the browser OAuth flow.
+ *
+ * Survey: feel-flow/feelflow-id-platform#2656 issuecomment-4324082742
+ */
+declare const DEFAULT_OAUTH_SCOPES = "openid email profile subscription:read legal:read";
+
+export { DEFAULT_API_BASE_URL as D, DEFAULT_OAUTH_SCOPES as a };

package/dist/constants-D61jqRIO.d.ts

@@ -0,0 +1,35 @@
+/**
+ * FFID SDK Shared Constants
+ *
+ * Constants shared across all SDK entry points.
+ * Centralizing these prevents drift during domain/URL changes.
+ */
+/** Default FFID API base URL (production) */
+declare const DEFAULT_API_BASE_URL = "https://id.feelflow.net";
+/**
+ * Recommended default OAuth scope set for FFID-connected services (v3.0.0+).
+ *
+ * Coverage:
+ * - `openid email profile` — OIDC standard claims (always required)
+ * - `subscription:read` — `/api/v1/subscriptions/ext/*` 系（プラン / 課金 gate）
+ * - `legal:read` — `/api/v1/legal/ext` 系（利用規約・同意状態）
+ *
+ * Add feature-specific scopes on top of this when needed (browser SDK):
+ * - `analytics:read` for `/api/v1/ext/analytics/config`
+ * - `organization:read` / `organization:write` for `/api/v1/organizations/ext/members`
+ * - `subscription:write` for self-serve plan changes
+ * - `legal:write` for recording user consent
+ * - `profile:read` / `profile:write` for profile UI
+ * - `organization:api-key` for org-level API key issuance
+ *
+ * **Note**: kept as a widened `string` (not `as const`) so consumers can
+ * concatenate additional scopes (e.g. `\`${DEFAULT_OAUTH_SCOPES} analytics:read\``)
+ * and so it remains assignable to `FFIDConfig.scope: string`. `widget:verify`
+ * is intentionally excluded — it is a service-key-only scope (`/api/v1/widget/*`),
+ * not used by the browser OAuth flow.
+ *
+ * Survey: feel-flow/feelflow-id-platform#2656 issuecomment-4324082742
+ */
+declare const DEFAULT_OAUTH_SCOPES = "openid email profile subscription:read legal:read";
+
+export { DEFAULT_API_BASE_URL as D, DEFAULT_OAUTH_SCOPES as a };

package/dist/{ffid-client-DgJRU-YZ.d.cts → ffid-client-B26jbUp5.d.cts}

@@ -127,6 +127,40 @@ interface FFIDNewsletterUnsubscribeParams {
 interface FFIDNewsletterUnsubscribeResponse {
     ok: true;
 }
+type FFIDNewsletterCampaignStatus = 'draft' | 'queued' | 'sending' | 'sent' | 'failed' | 'cancelled';
+type FFIDNewsletterSegment = {
+    type: 'all';
+} | {
+    type: 'filter';
+    conditions: Record<string, unknown>;
+};
+/**
+ * Body source XOR — exactly one of `htmlBody` / `templateId` must be set.
+ * V1 only ships `htmlBody`; `templateId` is reserved for SendGrid dynamic
+ * templates and is rejected server-side until that work lands.
+ */
+type FFIDNewsletterBodySource = {
+    htmlBody: string;
+    templateId?: never;
+} | {
+    templateId: string;
+    htmlBody?: never;
+};
+interface FFIDNewsletterDispatchParams {
+    subject: string;
+    /** Optional landing-page URL persisted on `newsletter_campaigns.article_url`. */
+    articleUrl?: string;
+    body: FFIDNewsletterBodySource;
+    /** Defaults to `{ type: 'all' }` server-side when omitted. */
+    segment?: FFIDNewsletterSegment;
+}
+interface FFIDNewsletterDispatchResponse {
+    campaignId: string;
+    totalRecipients: number;
+    status: FFIDNewsletterCampaignStatus;
+    sentCount: number;
+    failedCount: number;
+}
 
 /** Cache adapter interface for FFID SDK token verification */
 /**
@@ -589,6 +623,19 @@ interface FFIDVerifyAccessTokenOptions {
 interface FFIDConfig {
     /** Service code to identify your application */
     serviceCode: string;
+    /**
+     * OAuth 2.0 scope (space-separated). Required since v3.0.0 (#2674).
+     *
+     * Use `DEFAULT_OAUTH_SCOPES` from `@feelflow/ffid-sdk` for the recommended
+     * baseline, or specify a least-privilege subset for your use case. Phase 3
+     * of `feelflow-id-platform#2656` will reject `/oauth/authorize` requests
+     * without this parameter, so passing an empty string here is also rejected
+     * — **except** in `service-key` mode (server-to-server, never calls
+     * `/oauth/authorize`), where `''` is permitted at runtime.
+     *
+     * @example 'openid email profile subscription:read legal:read'
+     */
+    scope: string;
     /** FFID API base URL (defaults to production) */
     apiBaseUrl?: string | undefined;
     /**
@@ -1125,6 +1172,7 @@ declare function createFFIDClient(config: FFIDConfig): {
         subscribe: (params: FFIDNewsletterSubscribeParams) => Promise<FFIDApiResponse<FFIDNewsletterSubscribeResponse>>;
         confirm: (params: FFIDNewsletterConfirmParams) => Promise<FFIDApiResponse<FFIDNewsletterConfirmResponse>>;
         unsubscribe: (params: FFIDNewsletterUnsubscribeParams) => Promise<FFIDApiResponse<FFIDNewsletterUnsubscribeResponse>>;
+        dispatch: (params: FFIDNewsletterDispatchParams) => Promise<FFIDApiResponse<FFIDNewsletterDispatchResponse>>;
     };
     /** Inquiry methods (create) */
     inquiry: {