@hanzo/iam 0.9.0 → 0.9.2

package/dist/types.d.ts

@@ -2,7 +2,7 @@
  * Core types for the Hanzo IAM SDK.
  * Hanzo IAM data models.
  */
-export type IamConfig = {
+type IamConfig = {
     /** IAM server base URL (e.g. "https://iam.hanzo.ai"). */
     serverUrl: string;
     /** OAuth2 client ID. */
@@ -14,7 +14,7 @@ export type IamConfig = {
     /** Application name. */
     appName?: string;
 };
-export type OidcDiscovery = {
+type OidcDiscovery = {
     issuer: string;
     authorization_endpoint: string;
     token_endpoint: string;
@@ -24,7 +24,7 @@ export type OidcDiscovery = {
     response_types_supported?: string[];
     grant_types_supported?: string[];
 };
-export type TokenResponse = {
+type TokenResponse = {
     access_token: string;
     token_type: string;
     expires_in?: number;
@@ -32,7 +32,7 @@ export type TokenResponse = {
     id_token?: string;
     scope?: string;
 };
-export type IamJwtClaims = {
+type IamJwtClaims = {
     /** Subject (user ID in format "org/username"). */
     sub: string;
     /** Issuer URL. */
@@ -58,7 +58,7 @@ export type IamJwtClaims = {
     /** Arbitrary extra claims. */
     [key: string]: unknown;
 };
-export type IamUser = {
+type IamUser = {
     owner: string;
     name: string;
     id?: string;
@@ -72,7 +72,7 @@ export type IamUser = {
     createdTime?: string;
     signupApplication?: string;
 };
-export type IamOrganization = {
+type IamOrganization = {
     owner: string;
     name: string;
     displayName?: string;
@@ -87,7 +87,7 @@ export type IamOrganization = {
     balanceCredit?: number;
     balanceCurrency?: string;
 };
-export type Subscription = {
+type Subscription = {
     owner: string;
     name: string;
     displayName?: string;
@@ -101,7 +101,7 @@ export type Subscription = {
     state?: "Active" | "Inactive" | "Expired" | "Cancelled" | string;
     description?: string;
 };
-export type Plan = {
+type Plan = {
     owner: string;
     name: string;
     displayName?: string;
@@ -114,7 +114,7 @@ export type Plan = {
     isEnabled?: boolean;
     role?: string;
 };
-export type Pricing = {
+type Pricing = {
     owner: string;
     name: string;
     displayName?: string;
@@ -125,7 +125,7 @@ export type Pricing = {
     application?: string;
     trialDuration?: number;
 };
-export type Payment = {
+type Payment = {
     owner: string;
     name: string;
     displayName?: string;
@@ -138,7 +138,7 @@ export type Payment = {
     state?: string;
     message?: string;
 };
-export type Order = {
+type Order = {
     owner: string;
     name: string;
     displayName?: string;
@@ -150,7 +150,7 @@ export type Order = {
     state?: string;
     message?: string;
 };
-export type UsageRecord = {
+type UsageRecord = {
     owner: string;
     name: string;
     user?: string;
@@ -172,21 +172,21 @@ export type UsageRecord = {
     requestId?: string;
     createdTime?: string;
 };
-export type UsageSummary = {
+type UsageSummary = {
     totalRequests: number;
     totalTokens: number;
     totalCost: number;
     promptTokens: number;
     completionTokens: number;
 };
-export type IamSubscription = Subscription;
-export type IamPlan = Plan;
-export type IamPricing = Pricing;
-export type IamPayment = Payment;
-export type IamOrder = Order;
-export type IamUsageRecord = UsageRecord;
-export type IamUsageSummary = UsageSummary;
-export type IamProject = {
+type IamSubscription = Subscription;
+type IamPlan = Plan;
+type IamPricing = Pricing;
+type IamPayment = Payment;
+type IamOrder = Order;
+type IamUsageRecord = UsageRecord;
+type IamUsageSummary = UsageSummary;
+type IamProject = {
     owner: string;
     name: string;
     displayName?: string;
@@ -197,7 +197,7 @@ export type IamProject = {
     isDefault?: boolean;
     createdTime?: string;
 };
-export type IamAuthResult = {
+type IamAuthResult = {
     ok: true;
     userId: string;
     email?: string;
@@ -209,10 +209,11 @@ export type IamAuthResult = {
     ok: false;
     reason: string;
 };
-export type IamApiResponse<T> = {
+type IamApiResponse<T> = {
     status: "ok" | "error";
     msg?: string;
     data?: T;
     data2?: unknown;
 };
-//# sourceMappingURL=types.d.ts.map
+
+export type { IamApiResponse, IamAuthResult, IamConfig, IamJwtClaims, IamOrder, IamOrganization, IamPayment, IamPlan, IamPricing, IamProject, IamSubscription, IamUsageRecord, IamUsageSummary, IamUser, OidcDiscovery, Order, Payment, Plan, Pricing, Subscription, TokenResponse, UsageRecord, UsageSummary };

package/dist/types.js

@@ -1,6 +1,3 @@
-/**
- * Core types for the Hanzo IAM SDK.
- * Hanzo IAM data models.
- */
-export {};
+
+//# sourceMappingURL=types.js.map
 //# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG"}
+{"version":3,"sources":[],"names":[],"mappings":"","file":"types.js"}

package/package.json

@@ -1,48 +1,58 @@
 {
   "name": "@hanzo/iam",
-  "version": "0.9.0",
-  "description": "TypeScript SDK for Hanzo IAM \u2014 OIDC auth, JWT validation, OAuth2 PKCE, user/org/project APIs",
+  "version": "0.9.2",
+  "description": "TypeScript SDK for Hanzo IAM — OIDC auth, JWT validation, OAuth2 PKCE, user/org/project APIs",
   "type": "module",
-  "main": "dist/index.js",
+  "main": "dist/index.cjs",
+  "module": "dist/index.js",
   "types": "dist/index.d.ts",
   "exports": {
     ".": {
       "types": "./dist/index.d.ts",
       "import": "./dist/index.js",
+      "require": "./dist/index.cjs",
       "default": "./dist/index.js"
     },
     "./auth": {
       "types": "./dist/auth.d.ts",
       "import": "./dist/auth.js",
+      "require": "./dist/auth.cjs",
       "default": "./dist/auth.js"
     },
     "./browser": {
       "types": "./dist/browser.d.ts",
-      "import": "./dist/browser.js"
+      "import": "./dist/browser.js",
+      "require": "./dist/browser.cjs"
     },
     "./billing": {
       "types": "./dist/billing.d.ts",
-      "import": "./dist/billing.js"
+      "import": "./dist/billing.js",
+      "require": "./dist/billing.cjs"
     },
     "./types": {
       "types": "./dist/types.d.ts",
-      "import": "./dist/types.js"
+      "import": "./dist/types.js",
+      "require": "./dist/types.cjs"
     },
     "./react": {
       "types": "./dist/react.d.ts",
-      "import": "./dist/react.js"
+      "import": "./dist/react.js",
+      "require": "./dist/react.cjs"
     },
     "./nextauth": {
       "types": "./dist/nextauth.d.ts",
-      "import": "./dist/nextauth.js"
+      "import": "./dist/nextauth.js",
+      "require": "./dist/nextauth.cjs"
     },
     "./passport": {
       "types": "./dist/passport.d.ts",
-      "import": "./dist/passport.js"
+      "import": "./dist/passport.js",
+      "require": "./dist/passport.cjs"
     },
     "./betterauth": {
       "types": "./dist/betterauth.d.ts",
-      "import": "./dist/betterauth.js"
+      "import": "./dist/betterauth.js",
+      "require": "./dist/betterauth.cjs"
     }
   },
   "files": [
@@ -52,15 +62,16 @@
     "LICENSE"
   ],
   "scripts": {
-    "build": "tsc",
-    "dev": "tsc --watch",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "clean": "rm -rf dist",
-    "prepare": "pnpm clean && pnpm build",
-    "prepublishOnly": "pnpm clean && pnpm build",
+    "prepare": "node -e \"if (!require('fs').existsSync('dist')) { require('child_process').execSync('tsup', { stdio: 'inherit' }) }\"",
+    "prepublishOnly": "rm -rf dist && tsup",
     "test": "node --test --import tsx src/**/*.test.ts"
   },
   "dependencies": {
-    "jose": "^6.1.0"
+    "jose": "^6.1.0",
+    "passport-oauth2": "^1.8.0"
   },
   "peerDependencies": {
     "react": ">=17"
@@ -72,7 +83,9 @@
   },
   "devDependencies": {
     "@types/node": "^22.19.11",
+    "@types/passport-oauth2": "^1.8.0",
     "@types/react": "^19.0.0",
+    "tsup": "^8.5.0",
     "typescript": "^5.5.0"
   },
   "keywords": [

package/src/betterauth.ts

@@ -12,7 +12,7 @@
  * export const auth = betterAuth({
  *   socialProviders: [
  *     iamProvider({
- *       serverUrl: process.env.IAM_SERVER_URL!,
+ *       serverUrl: process.env.IAM_ENDPOINT!,
  *       clientId: process.env.IAM_CLIENT_ID!,
  *       clientSecret: process.env.IAM_CLIENT_SECRET!,
  *     }),

package/src/nextauth.ts

@@ -12,7 +12,7 @@
  * export default NextAuth({
  *   providers: [
  *     IamProvider({
- *       serverUrl: process.env.IAM_SERVER_URL!,
+ *       serverUrl: process.env.IAM_ENDPOINT!,
  *       clientId: process.env.IAM_CLIENT_ID!,
  *       clientSecret: process.env.IAM_CLIENT_SECRET!,
  *     }),

package/src/passport.ts

@@ -20,6 +20,8 @@
  * @packageDocumentation
  */
 
+import OAuth2Strategy from "passport-oauth2";
+
 import type { IamConfig } from "./types.js";
 
 export interface IamPassportConfig extends IamConfig {
@@ -38,23 +40,18 @@ export interface IamPassportUser {
 /**
  * Create a Passport OAuth2 strategy for Hanzo IAM.
  *
- * Requires `passport-oauth2` as a peer dependency.
  * Returns an OAuth2Strategy instance ready to pass to `passport.use()`.
- *
  * The verify callback fetches userinfo from the IAM server and passes
  * `{ accessToken, refreshToken, userinfo }` as the user object.
+ *
+ * `passport-oauth2` is a runtime dependency of this entry — using a
+ * static import lets downstream bundlers (esbuild, webpack, etc.)
+ * statically resolve and bundle it. Consumers who don't need passport
+ * can import from `@hanzo/iam` directly to avoid pulling it in.
  */
 export function createIamPassportStrategy(
   config: IamPassportConfig,
 ): unknown {
-  // Dynamic import to keep passport-oauth2 as optional peer dep.
-  // eslint-disable-next-line @typescript-eslint/no-require-imports
-  const { Strategy: OAuth2Strategy } = require("passport-oauth2") as {
-    Strategy: new (
-      options: Record<string, unknown>,
-      verify: (...args: unknown[]) => void,
-    ) => unknown;
-  };
 
   const baseUrl = config.serverUrl.replace(/\/+$/, "");
 

package/dist/auth.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,SAAS,EAAE,aAAa,EAAgB,MAAM,YAAY,CAAC;AAiBzE,uEAAuE;AACvE,wBAAgB,cAAc,IAAI,IAAI,CAErC;AA4CD;;;;;GAKG;AACH,wBAAsB,aAAa,CACjC,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,SAAS,GAChB,OAAO,CAAC,aAAa,CAAC,CA6ExB"}

package/dist/betterauth.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"betterauth.d.ts","sourceRoot":"","sources":["../src/betterauth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE5C,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE;YAAE,KAAK,EAAE,MAAM,CAAA;SAAE,CAAA;KAAE,CAAC;IAC1D,KAAK,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IACvB,QAAQ,EAAE;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;IAC1B,OAAO,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK;QAC7C,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;KACtB,CAAC;CACH;AAED;;;;;GAKG;AACH,wBAAgB,WAAW,CACzB,MAAM,EAAE,SAAS,GAAG;IAAE,WAAW,CAAC,EAAE,MAAM,CAAA;CAAE,GAC3C,iBAAiB,CA6BnB;AAGD,0CAA0C;AAC1C,OAAO,EAAE,WAAW,IAAI,gBAAgB,EAAE,CAAC;AAC3C,0CAA0C;AAC1C,OAAO,EAAE,WAAW,IAAI,sBAAsB,EAAE,CAAC;AACjD,gDAAgD;AAChD,YAAY,EAAE,iBAAiB,IAAI,sBAAsB,EAAE,CAAC"}

package/dist/billing.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"billing.d.ts","sourceRoot":"","sources":["../src/billing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG"}

package/dist/browser.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"browser.d.ts","sourceRoot":"","sources":["../src/browser.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,aAAa,EAAiB,MAAM,YAAY,CAAC;AAmB1E,MAAM,MAAM,SAAS,GAAG,SAAS,GAAG;IAClC,wEAAwE;IACxE,WAAW,EAAE,MAAM,CAAC;IACpB,uDAAuD;IACvD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,2DAA2D;IAC3D,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB;;;;;;OAMG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB,CAAC;AAEF,qBAAa,GAAG;IACd,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAY;IACnC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAU;IAClC,OAAO,CAAC,cAAc,CAA8B;gBAExC,MAAM,EAAE,SAAS;YASf,YAAY;IAqC1B;;;;;OAKG;IACG,cAAc,CAAC,MAAM,CAAC,EAAE;QAAE,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE,GAAG,OAAO,CAAC,IAAI,CAAC;IA8B3F;;;;;;OAMG;IACG,cAAc,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAgF7D,+DAA+D;IACzD,kBAAkB,IAAI,OAAO,CAAC,QAAQ,CAAC;IAqC7C;;;OAGG;IACG,WAAW,CAAC,MAAM,CAAC,EAAE;QACzB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KAC3C,GAAG,OAAO,CAAC,QAAQ,CAAC;IAiErB;;;;OAIG;IACG,YAAY,CAAC,SAAS,SAAO,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;IA4D9D,OAAO,CAAC,WAAW;IAcnB,oDAAoD;IACpD,cAAc,IAAI,MAAM,GAAG,IAAI;IAI/B,oCAAoC;IACpC,eAAe,IAAI,MAAM,GAAG,IAAI;IAIhC,+BAA+B;IAC/B,UAAU,IAAI,MAAM,GAAG,IAAI;IAI3B,mDAAmD;IACnD,cAAc,IAAI,OAAO;IAMzB;;;OAGG;IACG,mBAAmB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAgBnD,wCAAwC;IACxC,WAAW,IAAI,IAAI;IAanB,qFAAqF;IAC/E,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAsBrD,+CAA+C;IAC/C,YAAY,CAAC,MAAM,CAAC,EAAE;QAAE,cAAc,CAAC,EAAE,OAAO,CAAA;KAAE,GAAG,MAAM;IAW3D,oDAAoD;IACpD,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;IAqB3C;;;;;OAKG;IACG,oBAAoB,CACxB,OAAO,EAAE;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE,GAAG;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,EACnE,MAAM,GAAE,OAAO,GAAG,QAAQ,GAAG,QAAQ,GAAG,OAAO,GAAG,UAAoB,GACrE,OAAO,CAAC;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IA8B3C;;;OAGG;IACG,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,MAAM,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAgBvG;;;;;;OAMG;IACG,MAAM,CAAC,MAAM,EAAE;QACnB,MAAM,EAAE,OAAO,GAAG,OAAO,CAAC;QAC1B,IAAI,EAAE,MAAM,CAAC;QACb,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GAAG,OAAO,CAAC;QAAE,EAAE,CAAC,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IAiCzD;;;;;;OAMG;IACG,oBAAoB,CAAC,MAAM,EAAE;QACjC,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QACxB,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,GAAG,OAAO,CAAC;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IA6B3D;;;OAGG;IACG,oBAAoB,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC;IAiCjF;;;;OAIG;IACG,iBAAiB,CAAC,MAAM,EAAE;QAC9B,KAAK,EAAE,MAAM,CAAC;QACd,WAAW,EAAE,MAAM,CAAC;QACpB,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,CAAC,EAAE,MAAM,CAAC;KACtB,GAAG,OAAO,CAAC,QAAQ,CAAC;IAiBrB;;;OAGG;IACG,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC;IAkB7B;;;;OAIG;IACG,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,SAAyB,GAAG,OAAO,CAAC,MAAM,CAAC;IAmB1F;;;OAGG;IACG,OAAO,IAAI,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;CAgBzC;AAED;;;;GAIG;AACH,MAAM,MAAM,OAAO,GAAG;IACpB,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAEF,2EAA2E;AAC3E,wBAAgB,UAAU,CAAC,CAAC,EAAE,aAAa,GAAG,QAAQ,CASrD"}

package/dist/client.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EACV,SAAS,EAET,OAAO,EACP,eAAe,EACf,UAAU,EACV,aAAa,EACb,aAAa,EACd,MAAM,YAAY,CAAC;AAIpB,qBAAa,SAAS;IACpB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAS;IAClC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAqB;IAClD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAqB;IAC7C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAqB;IAC7C,OAAO,CAAC,cAAc,CAA2D;gBAErE,MAAM,EAAE,SAAS;YAYf,OAAO;IAkEf,YAAY,IAAI,OAAO,CAAC,aAAa,CAAC;IAY5C,iDAAiD;IAC3C,UAAU,IAAI,OAAO,CAAC,MAAM,CAAC;IASnC,2DAA2D;IACrD,mBAAmB,CAAC,MAAM,EAAE;QAChC,WAAW,EAAE,MAAM,CAAC;QACpB,KAAK,EAAE,MAAM,CAAC;QACd,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,mBAAmB,CAAC,EAAE,MAAM,CAAC;KAC9B,GAAG,OAAO,CAAC,MAAM,CAAC;IAenB,8CAA8C;IACxC,YAAY,CAAC,MAAM,EAAE;QACzB,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB,GAAG,OAAO,CAAC,aAAa,CAAC;IAkC1B;;;OAGG;IACG,aAAa,CAAC,MAAM,EAAE;QAC1B,QAAQ,EAAE,MAAM,CAAC;QACjB,QAAQ,EAAE,MAAM,CAAC;QACjB,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,OAAO,CAAC,aAAa,CAAC;IAgC1B,+BAA+B;IACzB,YAAY,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAkChE,gEAAgE;IAC1D,WAAW,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAkBxD,gDAAgD;IAC1C,OAAO,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC;IAYtE,qDAAqD;IAC/C,gBAAgB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC;IASlE,mCAAmC;IAC7B,eAAe,CACnB,EAAE,EAAE,MAAM,EACV,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAQlC,2CAA2C;IACrC,oBAAoB,CACxB,MAAM,EAAE,MAAM,EACd,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,eAAe,EAAE,CAAC;IAiB7B,gDAAgD;IAC1C,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IASxD,0DAA0D;IACpD,UAAU,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAQxE,4CAA4C;IACtC,uBAAuB,CAC3B,YAAY,EAAE,MAAM,EACpB,KAAK,CAAC,EAAE,MAAM,GACb,OAAO,CAAC,UAAU,EAAE,CAAC;IAYxB,8DAA8D;IACxD,UAAU,CAAC,CAAC,GAAG,OAAO,EAC1B,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;KAAE,GAC1F,OAAO,CAAC,CAAC,CAAC;CAGd;AAMD,qBAAa,WAAY,SAAQ,KAAK;IACpC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;gBAEZ,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAK5C"}

package/dist/client.js

@@ -1,292 +0,0 @@
-/**
- * Core HTTP client for Hanzo IAM API.
- */
-const DEFAULT_TIMEOUT_MS = 10_000;
-export class IamClient {
-    baseUrl;
-    clientId;
-    clientSecret;
-    orgName;
-    appName;
-    discoveryCache = null;
-    constructor(config) {
-        this.baseUrl = config.serverUrl.replace(/\/+$/, "");
-        this.clientId = config.clientId;
-        this.clientSecret = config.clientSecret;
-        this.orgName = config.orgName;
-        this.appName = config.appName;
-    }
-    // -----------------------------------------------------------------------
-    // Internal HTTP helpers
-    // -----------------------------------------------------------------------
-    async request(path, opts) {
-        const url = new URL(path, this.baseUrl);
-        if (opts?.params) {
-            for (const [k, v] of Object.entries(opts.params)) {
-                url.searchParams.set(k, v);
-            }
-        }
-        const controller = new AbortController();
-        const timer = setTimeout(() => controller.abort(), opts?.timeoutMs ?? DEFAULT_TIMEOUT_MS);
-        const headers = {
-            Accept: "application/json",
-        };
-        if (opts?.token) {
-            headers.Authorization = `Bearer ${opts.token}`;
-        }
-        if (opts?.body) {
-            headers["Content-Type"] = "application/json";
-        }
-        // Server-side basic auth for confidential client operations
-        if (this.clientSecret && !opts?.token) {
-            const credentials = `${this.clientId}:${this.clientSecret}`;
-            const basic = typeof Buffer !== "undefined"
-                ? Buffer.from(credentials).toString("base64")
-                : btoa(credentials);
-            headers.Authorization = `Basic ${basic}`;
-        }
-        try {
-            const res = await fetch(url.toString(), {
-                method: opts?.method ?? "GET",
-                headers,
-                body: opts?.body ? JSON.stringify(opts.body) : undefined,
-                signal: controller.signal,
-            });
-            if (!res.ok) {
-                const text = await res.text().catch(() => "");
-                throw new IamApiError(res.status, `${res.statusText}: ${text}`.trim());
-            }
-            return (await res.json());
-        }
-        finally {
-            clearTimeout(timer);
-        }
-    }
-    // -----------------------------------------------------------------------
-    // OIDC Discovery
-    // -----------------------------------------------------------------------
-    async getDiscovery() {
-        const CACHE_TTL_MS = 5 * 60 * 1000;
-        if (this.discoveryCache && Date.now() - this.discoveryCache.fetchedAt < CACHE_TTL_MS) {
-            return this.discoveryCache.data;
-        }
-        const data = await this.request("/.well-known/openid-configuration");
-        this.discoveryCache = { data, fetchedAt: Date.now() };
-        return data;
-    }
-    /** Get JWKS URI from OIDC discovery (cached). */
-    async getJwksUri() {
-        const discovery = await this.getDiscovery();
-        return discovery.jwks_uri;
-    }
-    // -----------------------------------------------------------------------
-    // OAuth2 / Token
-    // -----------------------------------------------------------------------
-    /** Build the authorization URL for user login redirect. */
-    async getAuthorizationUrl(params) {
-        const discovery = await this.getDiscovery();
-        const url = new URL(discovery.authorization_endpoint);
-        url.searchParams.set("client_id", this.clientId);
-        url.searchParams.set("response_type", "code");
-        url.searchParams.set("redirect_uri", params.redirectUri);
-        url.searchParams.set("state", params.state);
-        url.searchParams.set("scope", params.scope ?? "openid profile email");
-        if (params.codeChallenge) {
-            url.searchParams.set("code_challenge", params.codeChallenge);
-            url.searchParams.set("code_challenge_method", params.codeChallengeMethod ?? "S256");
-        }
-        return url.toString();
-    }
-    /** Exchange authorization code for tokens. */
-    async exchangeCode(params) {
-        const discovery = await this.getDiscovery();
-        const body = new URLSearchParams({
-            grant_type: "authorization_code",
-            client_id: this.clientId,
-            code: params.code,
-            redirect_uri: params.redirectUri,
-        });
-        if (this.clientSecret) {
-            body.set("client_secret", this.clientSecret);
-        }
-        if (params.codeVerifier) {
-            body.set("code_verifier", params.codeVerifier);
-        }
-        const controller = new AbortController();
-        const timer = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);
-        try {
-            const res = await fetch(discovery.token_endpoint, {
-                method: "POST",
-                headers: { "Content-Type": "application/x-www-form-urlencoded" },
-                body: body.toString(),
-                signal: controller.signal,
-            });
-            if (!res.ok) {
-                const text = await res.text().catch(() => "");
-                throw new IamApiError(res.status, `Token exchange failed: ${text}`);
-            }
-            return (await res.json());
-        }
-        finally {
-            clearTimeout(timer);
-        }
-    }
-    /**
-     * Resource Owner Password Credentials grant.
-     * Used for service-to-service auth, CLI login, and e2e tests.
-     */
-    async passwordGrant(params) {
-        const discovery = await this.getDiscovery();
-        const body = new URLSearchParams({
-            grant_type: "password",
-            client_id: this.clientId,
-            username: params.username,
-            password: params.password,
-            scope: params.scope ?? "openid profile email phone",
-        });
-        if (this.clientSecret) {
-            body.set("client_secret", this.clientSecret);
-        }
-        const controller = new AbortController();
-        const timer = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);
-        try {
-            const res = await fetch(discovery.token_endpoint, {
-                method: "POST",
-                headers: { "Content-Type": "application/x-www-form-urlencoded" },
-                body: body.toString(),
-                signal: controller.signal,
-            });
-            if (!res.ok) {
-                const text = await res.text().catch(() => "");
-                throw new IamApiError(res.status, `Password grant failed: ${text}`);
-            }
-            return (await res.json());
-        }
-        finally {
-            clearTimeout(timer);
-        }
-    }
-    /** Refresh an access token. */
-    async refreshToken(refreshToken) {
-        const discovery = await this.getDiscovery();
-        const body = new URLSearchParams({
-            grant_type: "refresh_token",
-            client_id: this.clientId,
-            refresh_token: refreshToken,
-        });
-        if (this.clientSecret) {
-            body.set("client_secret", this.clientSecret);
-        }
-        const controller = new AbortController();
-        const timer = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);
-        try {
-            const res = await fetch(discovery.token_endpoint, {
-                method: "POST",
-                headers: { "Content-Type": "application/x-www-form-urlencoded" },
-                body: body.toString(),
-                signal: controller.signal,
-            });
-            if (!res.ok) {
-                const text = await res.text().catch(() => "");
-                throw new IamApiError(res.status, `Token refresh failed: ${text}`);
-            }
-            return (await res.json());
-        }
-        finally {
-            clearTimeout(timer);
-        }
-    }
-    // -----------------------------------------------------------------------
-    // User
-    // -----------------------------------------------------------------------
-    /** Get user info from access token (OIDC userinfo endpoint). */
-    async getUserInfo(accessToken) {
-        const discovery = await this.getDiscovery();
-        const controller = new AbortController();
-        const timer = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);
-        try {
-            const res = await fetch(discovery.userinfo_endpoint, {
-                headers: { Authorization: `Bearer ${accessToken}` },
-                signal: controller.signal,
-            });
-            if (!res.ok) {
-                throw new IamApiError(res.status, "Failed to fetch userinfo");
-            }
-            return (await res.json());
-        }
-        finally {
-            clearTimeout(timer);
-        }
-    }
-    /** Get a user by ID ("org/username" format). */
-    async getUser(userId, token) {
-        const resp = await this.request("/api/get-user", {
-            params: { id: userId },
-            token,
-        });
-        return resp.data ?? null;
-    }
-    // -----------------------------------------------------------------------
-    // Organization
-    // -----------------------------------------------------------------------
-    /** List organizations (for the configured owner). */
-    async getOrganizations(token) {
-        const owner = this.orgName ?? "admin";
-        const resp = await this.request("/api/get-organizations", { params: { owner }, token });
-        return resp.data ?? [];
-    }
-    /** Get a specific organization. */
-    async getOrganization(id, token) {
-        const resp = await this.request("/api/get-organization", { params: { id }, token });
-        return resp.data ?? null;
-    }
-    /** Get organizations a user belongs to. */
-    async getUserOrganizations(userId, token) {
-        // IAM returns orgs the user is a member of via the user's properties.
-        // We can also query via get-user and read their signupApplication/org.
-        const user = await this.getUser(userId, token);
-        if (!user)
-            return [];
-        // The owner field on a user is their org
-        const org = await this.getOrganization(`admin/${user.owner}`, token);
-        return org ? [org] : [];
-    }
-    // -----------------------------------------------------------------------
-    // Project
-    // -----------------------------------------------------------------------
-    /** List projects (for the configured owner). */
-    async getProjects(token) {
-        const owner = this.orgName ?? "admin";
-        const resp = await this.request("/api/get-projects", { params: { owner }, token });
-        return resp.data ?? [];
-    }
-    /** Get a specific project by ID ("owner/name" format). */
-    async getProject(id, token) {
-        const resp = await this.request("/api/get-project", { params: { id }, token });
-        return resp.data ?? null;
-    }
-    /** Get all projects for an organization. */
-    async getOrganizationProjects(organization, token) {
-        const resp = await this.request("/api/get-organization-projects", { params: { organization }, token });
-        return resp.data ?? [];
-    }
-    // -----------------------------------------------------------------------
-    // Raw request (for extending)
-    // -----------------------------------------------------------------------
-    /** Make an arbitrary authenticated request to the IAM API. */
-    async apiRequest(path, opts) {
-        return this.request(path, opts);
-    }
-}
-// ---------------------------------------------------------------------------
-// Error
-// ---------------------------------------------------------------------------
-export class IamApiError extends Error {
-    status;
-    constructor(status, message) {
-        super(message);
-        this.name = "IamApiError";
-        this.status = status;
-    }
-}
-//# sourceMappingURL=client.js.map