@hybridb/sdk 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +220 -0
- package/dist/client-DzNX2jDR.d.cts +157 -0
- package/dist/client-DzNX2jDR.d.ts +157 -0
- package/dist/index.cjs +346 -0
- package/dist/index.cjs.map +1 -0
- package/dist/index.d.cts +35 -0
- package/dist/index.d.ts +35 -0
- package/dist/index.js +342 -0
- package/dist/index.js.map +1 -0
- package/dist/react.cjs +28 -0
- package/dist/react.cjs.map +1 -0
- package/dist/react.d.cts +17 -0
- package/dist/react.d.ts +17 -0
- package/dist/react.js +25 -0
- package/dist/react.js.map +1 -0
- package/package.json +77 -0
package/dist/index.cjs
ADDED
|
@@ -0,0 +1,346 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
/* @hybridb/sdk — Stellrai governed execution runtime */
|
|
4
|
+
|
|
5
|
+
// src/client.ts
|
|
6
|
+
var jwksCache = null;
|
|
7
|
+
var jwksCachedAt = 0;
|
|
8
|
+
var JWKS_CACHE_MS = 36e5;
|
|
9
|
+
var HybriDBClient = class {
|
|
10
|
+
baseUrl;
|
|
11
|
+
apiKey;
|
|
12
|
+
timeout;
|
|
13
|
+
retries;
|
|
14
|
+
retryDelay;
|
|
15
|
+
constructor(config) {
|
|
16
|
+
if (!config.baseUrl) throw new HybriDBError("CONFIG_ERROR", "hybriDB SDK: baseUrl is required");
|
|
17
|
+
if (!config.apiKey) throw new HybriDBError("CONFIG_ERROR", "hybriDB SDK: apiKey is required");
|
|
18
|
+
this.baseUrl = config.baseUrl.replace(/\/$/, "");
|
|
19
|
+
this.apiKey = config.apiKey;
|
|
20
|
+
this.timeout = config.timeout ?? 1e4;
|
|
21
|
+
this.retries = config.retries ?? 3;
|
|
22
|
+
this.retryDelay = config.retryDelay ?? 500;
|
|
23
|
+
}
|
|
24
|
+
// ─── auth — token issuance ──────────────────────────────────────────────────
|
|
25
|
+
/** Exchange email + password for an access + refresh token pair. */
|
|
26
|
+
async authenticate(input) {
|
|
27
|
+
const res = await this.postPublic("/api/v1/auth/token", input);
|
|
28
|
+
return this.unwrap(res);
|
|
29
|
+
}
|
|
30
|
+
/** Refresh an access token using a refresh token. */
|
|
31
|
+
async refreshToken(refreshToken) {
|
|
32
|
+
const res = await this.postPublic("/api/v1/auth/refresh", { refreshToken });
|
|
33
|
+
return this.unwrap(res);
|
|
34
|
+
}
|
|
35
|
+
/** Revoke the current session (requires authenticated API key/JWT). */
|
|
36
|
+
async revokeSession() {
|
|
37
|
+
await this.delete("/api/v1/auth/token");
|
|
38
|
+
}
|
|
39
|
+
/**
|
|
40
|
+
* Verify a JWT token locally using JWKS from the hybriDB server.
|
|
41
|
+
* Returns the decoded actor context without making a decision API call.
|
|
42
|
+
* JWKS is cached for 1 hour (spec: Cache-Control: max-age=3600).
|
|
43
|
+
*/
|
|
44
|
+
async verifyToken(token) {
|
|
45
|
+
const jwks = await this.getJwks();
|
|
46
|
+
const { createRemoteJWKSet, jwtVerify } = await import('jose').catch(() => {
|
|
47
|
+
throw new HybriDBError("DEPENDENCY_MISSING", "jose is required for verifyToken() \u2014 install it: npm i jose");
|
|
48
|
+
});
|
|
49
|
+
const { createLocalJWKSet } = await import('jose');
|
|
50
|
+
const keySet = createLocalJWKSet({ keys: jwks.keys });
|
|
51
|
+
const { payload } = await jwtVerify(token, keySet, { issuer: "hybridb" });
|
|
52
|
+
const p = payload;
|
|
53
|
+
return {
|
|
54
|
+
actorId: p["actor_id"],
|
|
55
|
+
actorType: p["actor_type"],
|
|
56
|
+
orgId: p["org_id"],
|
|
57
|
+
scopes: p["scopes"] ?? [],
|
|
58
|
+
policyVersion: p["policy_version"]
|
|
59
|
+
};
|
|
60
|
+
}
|
|
61
|
+
/** Fetch JWKS from the hybriDB server (cached for 1 hour). */
|
|
62
|
+
async getJwks() {
|
|
63
|
+
if (jwksCache && Date.now() - jwksCachedAt < JWKS_CACHE_MS) {
|
|
64
|
+
return jwksCache;
|
|
65
|
+
}
|
|
66
|
+
const res = await this.getPublic("/.well-known/jwks.json");
|
|
67
|
+
const data = this.unwrap(res);
|
|
68
|
+
jwksCache = data;
|
|
69
|
+
jwksCachedAt = Date.now();
|
|
70
|
+
return data;
|
|
71
|
+
}
|
|
72
|
+
// ─── db.actors — actor management ──────────────────────────────────────────
|
|
73
|
+
/** Namespace for actor management operations. */
|
|
74
|
+
actors = {
|
|
75
|
+
/** Issue an API key for an actor. Requires actor:admin scope. */
|
|
76
|
+
createApiKey: async (actorId, input) => {
|
|
77
|
+
const res = await this.post(
|
|
78
|
+
`/api/v1/actors/${actorId}/api-keys`,
|
|
79
|
+
input
|
|
80
|
+
);
|
|
81
|
+
return this.unwrap(res);
|
|
82
|
+
},
|
|
83
|
+
/** Revoke an API key. Requires actor:admin scope. */
|
|
84
|
+
revokeApiKey: async (actorId, keyId) => {
|
|
85
|
+
await this.delete(`/api/v1/actors/${actorId}/api-keys/${keyId}`);
|
|
86
|
+
},
|
|
87
|
+
/** Create an identity mapping (external provider → actor). Requires actor:write scope. */
|
|
88
|
+
createMapping: async (actorId, input) => {
|
|
89
|
+
const res = await this.post(
|
|
90
|
+
`/api/v1/actors/${actorId}/identity-mappings`,
|
|
91
|
+
input
|
|
92
|
+
);
|
|
93
|
+
return this.unwrap(res);
|
|
94
|
+
}
|
|
95
|
+
};
|
|
96
|
+
// ─── orgs — organisation membership ────────────────────────────────────────
|
|
97
|
+
/** Namespace for organisation membership operations. */
|
|
98
|
+
orgs = {
|
|
99
|
+
/** Add a member to an organisation. Requires org:admin scope. */
|
|
100
|
+
addMember: async (orgId, input) => {
|
|
101
|
+
const res = await this.post(`/api/v1/orgs/${orgId}/memberships`, input);
|
|
102
|
+
return this.unwrap(res);
|
|
103
|
+
},
|
|
104
|
+
/** Update a member's role. Requires org:admin scope. */
|
|
105
|
+
updateMemberRole: async (orgId, actorId, role) => {
|
|
106
|
+
const res = await this.patch(
|
|
107
|
+
`/api/v1/orgs/${orgId}/memberships/${actorId}`,
|
|
108
|
+
{ role }
|
|
109
|
+
);
|
|
110
|
+
return this.unwrap(res);
|
|
111
|
+
},
|
|
112
|
+
/** Revoke an actor's membership. Requires org:admin scope. */
|
|
113
|
+
revokeMember: async (orgId, actorId) => {
|
|
114
|
+
await this.delete(`/api/v1/orgs/${orgId}/memberships/${actorId}`);
|
|
115
|
+
},
|
|
116
|
+
/** List organisation members. Requires org:read scope. */
|
|
117
|
+
listMembers: async (orgId) => {
|
|
118
|
+
const res = await this.get(`/api/v1/orgs/${orgId}/memberships`);
|
|
119
|
+
return this.unwrap(res);
|
|
120
|
+
}
|
|
121
|
+
};
|
|
122
|
+
// ─── Reversibility (v2.4) ──────────────────────────────────────────────────
|
|
123
|
+
/** Namespace for Reversible Autonomy operations (v2.4). */
|
|
124
|
+
reversibility = {
|
|
125
|
+
/**
|
|
126
|
+
* Initiate a rollback for an execution.
|
|
127
|
+
* Types: 'full' (all steps), 'selective' (targetSteps list), 'to_checkpoint'.
|
|
128
|
+
* Requires pipeline:rollback scope.
|
|
129
|
+
*/
|
|
130
|
+
rollback: async (executionId, input) => {
|
|
131
|
+
const res = await this.post(`/api/v1/executions/${executionId}/rollback`, input);
|
|
132
|
+
return this.unwrap(res);
|
|
133
|
+
},
|
|
134
|
+
/**
|
|
135
|
+
* Initiate a replay from a checkpoint.
|
|
136
|
+
* Creates a new child execution starting from the checkpoint's step.
|
|
137
|
+
* Requires pipeline:replay scope.
|
|
138
|
+
*/
|
|
139
|
+
replay: async (executionId, input) => {
|
|
140
|
+
const res = await this.post(`/api/v1/executions/${executionId}/replay`, input);
|
|
141
|
+
return this.unwrap(res);
|
|
142
|
+
},
|
|
143
|
+
/**
|
|
144
|
+
* List all checkpoints for an execution (ordered by step_index asc).
|
|
145
|
+
* Requires pipeline:read scope.
|
|
146
|
+
*/
|
|
147
|
+
getCheckpoints: async (executionId) => {
|
|
148
|
+
const res = await this.get(`/api/v1/executions/${executionId}/checkpoints`);
|
|
149
|
+
return this.unwrap(res);
|
|
150
|
+
},
|
|
151
|
+
/**
|
|
152
|
+
* Get a specific checkpoint (with checksum verification).
|
|
153
|
+
* Throws REPLAY_CONTEXT_INVALID if checksum mismatches.
|
|
154
|
+
* Requires pipeline:read scope.
|
|
155
|
+
*/
|
|
156
|
+
getCheckpoint: async (executionId, checkpointId) => {
|
|
157
|
+
const res = await this.get(`/api/v1/executions/${executionId}/checkpoints/${checkpointId}`);
|
|
158
|
+
return this.unwrap(res);
|
|
159
|
+
},
|
|
160
|
+
/**
|
|
161
|
+
* List all rollback log entries for an execution.
|
|
162
|
+
* Requires pipeline:read scope.
|
|
163
|
+
*/
|
|
164
|
+
getRollbackLog: async (executionId) => {
|
|
165
|
+
const res = await this.get(`/api/v1/executions/${executionId}/rollback-log`);
|
|
166
|
+
return this.unwrap(res);
|
|
167
|
+
},
|
|
168
|
+
/**
|
|
169
|
+
* Get circuit breaker status for a pipeline.
|
|
170
|
+
* Requires pipeline:read scope.
|
|
171
|
+
*/
|
|
172
|
+
getCircuitBreaker: async (pipelineId) => {
|
|
173
|
+
const res = await this.get(`/api/v1/pipelines/${pipelineId}/circuit-breaker`);
|
|
174
|
+
return this.unwrap(res);
|
|
175
|
+
},
|
|
176
|
+
/**
|
|
177
|
+
* Open or close the circuit breaker for a pipeline.
|
|
178
|
+
* Opening halts all future executions immediately.
|
|
179
|
+
* Requires pipeline:circuit_breaker scope.
|
|
180
|
+
*/
|
|
181
|
+
setCircuitBreaker: async (pipelineId, input) => {
|
|
182
|
+
const res = await this.post(
|
|
183
|
+
`/api/v1/pipelines/${pipelineId}/circuit-breaker`,
|
|
184
|
+
input
|
|
185
|
+
);
|
|
186
|
+
return this.unwrap(res);
|
|
187
|
+
}
|
|
188
|
+
};
|
|
189
|
+
// ─── Decisions ─────────────────────────────────────────────────────────────
|
|
190
|
+
async requestDecision(request) {
|
|
191
|
+
const res = await this.post("/api/v1/decisions", request);
|
|
192
|
+
return this.unwrap(res);
|
|
193
|
+
}
|
|
194
|
+
async getDecision(decisionId) {
|
|
195
|
+
const res = await this.get(`/api/v1/decisions/${decisionId}`);
|
|
196
|
+
return this.unwrap(res);
|
|
197
|
+
}
|
|
198
|
+
// ─── Pipelines ─────────────────────────────────────────────────────────────
|
|
199
|
+
async triggerPipeline(input) {
|
|
200
|
+
const res = await this.post("/api/v1/pipelines/trigger", input);
|
|
201
|
+
return this.unwrap(res);
|
|
202
|
+
}
|
|
203
|
+
async getPipelineExecution(executionId) {
|
|
204
|
+
const res = await this.get(`/api/v1/pipelines/executions/${executionId}`);
|
|
205
|
+
return this.unwrap(res);
|
|
206
|
+
}
|
|
207
|
+
// ─── Events ────────────────────────────────────────────────────────────────
|
|
208
|
+
/** Publish a business event. Note: use actorId (v1.2), not identityId. */
|
|
209
|
+
async publishEvent(input) {
|
|
210
|
+
const res = await this.post("/api/v1/events", input);
|
|
211
|
+
return this.unwrap(res);
|
|
212
|
+
}
|
|
213
|
+
// ─── Audit ─────────────────────────────────────────────────────────────────
|
|
214
|
+
async queryAuditLog(params) {
|
|
215
|
+
const query = new URLSearchParams();
|
|
216
|
+
for (const [k, v] of Object.entries(params)) {
|
|
217
|
+
if (v !== void 0) query.set(k, String(v));
|
|
218
|
+
}
|
|
219
|
+
const res = await this.get(`/api/v1/audit?${query.toString()}`);
|
|
220
|
+
return this.unwrap(res);
|
|
221
|
+
}
|
|
222
|
+
// ─── Health ────────────────────────────────────────────────────────────────
|
|
223
|
+
async health() {
|
|
224
|
+
const res = await this.getPublic("/health");
|
|
225
|
+
return this.unwrap(res);
|
|
226
|
+
}
|
|
227
|
+
// ─── HTTP primitives ───────────────────────────────────────────────────────
|
|
228
|
+
async get(path) {
|
|
229
|
+
return this.request("GET", path, void 0, true);
|
|
230
|
+
}
|
|
231
|
+
async getPublic(path) {
|
|
232
|
+
return this.request("GET", path, void 0, false);
|
|
233
|
+
}
|
|
234
|
+
async post(path, body) {
|
|
235
|
+
return this.request("POST", path, body, true);
|
|
236
|
+
}
|
|
237
|
+
async postPublic(path, body) {
|
|
238
|
+
return this.request("POST", path, body, false);
|
|
239
|
+
}
|
|
240
|
+
async patch(path, body) {
|
|
241
|
+
return this.request("PATCH", path, body, true);
|
|
242
|
+
}
|
|
243
|
+
async delete(path) {
|
|
244
|
+
await this.request("DELETE", path, void 0, true);
|
|
245
|
+
}
|
|
246
|
+
async request(method, path, body, authenticated, attempt = 1) {
|
|
247
|
+
const controller = new AbortController();
|
|
248
|
+
const timerId = setTimeout(() => controller.abort(), this.timeout);
|
|
249
|
+
try {
|
|
250
|
+
const headers = {
|
|
251
|
+
"Content-Type": "application/json",
|
|
252
|
+
"X-SDK-Version": "1.3.0"
|
|
253
|
+
};
|
|
254
|
+
if (authenticated) {
|
|
255
|
+
headers["Authorization"] = `Bearer ${this.apiKey}`;
|
|
256
|
+
}
|
|
257
|
+
const response = await fetch(`${this.baseUrl}${path}`, {
|
|
258
|
+
method,
|
|
259
|
+
headers,
|
|
260
|
+
...body !== void 0 ? { body: JSON.stringify(body) } : {},
|
|
261
|
+
signal: controller.signal
|
|
262
|
+
});
|
|
263
|
+
if (response.status === 204) {
|
|
264
|
+
return { success: true, data: void 0 };
|
|
265
|
+
}
|
|
266
|
+
const json = await response.json();
|
|
267
|
+
if (!response.ok && attempt < this.retries && this.isRetryable(response.status)) {
|
|
268
|
+
await this.sleep(this.retryDelay * attempt);
|
|
269
|
+
return this.request(method, path, body, authenticated, attempt + 1);
|
|
270
|
+
}
|
|
271
|
+
return json;
|
|
272
|
+
} finally {
|
|
273
|
+
clearTimeout(timerId);
|
|
274
|
+
}
|
|
275
|
+
}
|
|
276
|
+
unwrap(response) {
|
|
277
|
+
if (!response.success || response.data === void 0) {
|
|
278
|
+
throw new HybriDBError(
|
|
279
|
+
response.error?.code ?? "UNKNOWN_ERROR",
|
|
280
|
+
response.error?.message ?? "hybriDB request failed",
|
|
281
|
+
response.error?.details
|
|
282
|
+
);
|
|
283
|
+
}
|
|
284
|
+
return response.data;
|
|
285
|
+
}
|
|
286
|
+
isRetryable(status) {
|
|
287
|
+
return status === 429 || status >= 500;
|
|
288
|
+
}
|
|
289
|
+
sleep(ms) {
|
|
290
|
+
return new Promise((resolve) => setTimeout(resolve, ms));
|
|
291
|
+
}
|
|
292
|
+
};
|
|
293
|
+
var HybriDBError = class extends Error {
|
|
294
|
+
constructor(code, message, details) {
|
|
295
|
+
super(message);
|
|
296
|
+
this.code = code;
|
|
297
|
+
this.details = details;
|
|
298
|
+
this.name = "HybriDBError";
|
|
299
|
+
}
|
|
300
|
+
};
|
|
301
|
+
|
|
302
|
+
// src/index.ts
|
|
303
|
+
var HYBRIDB_EVENT_TYPES = {
|
|
304
|
+
// Decisions
|
|
305
|
+
DECISION_REQUESTED: "decision.requested",
|
|
306
|
+
DECISION_ALLOWED: "decision.allowed",
|
|
307
|
+
DECISION_BLOCKED: "decision.blocked",
|
|
308
|
+
DECISION_ESCALATED: "decision.escalated",
|
|
309
|
+
// Pipelines
|
|
310
|
+
PIPELINE_STARTED: "pipeline.started",
|
|
311
|
+
PIPELINE_COMPLETED: "pipeline.completed",
|
|
312
|
+
PIPELINE_FAILED: "pipeline.failed",
|
|
313
|
+
PIPELINE_COMPENSATED: "pipeline.compensated",
|
|
314
|
+
// Payments
|
|
315
|
+
PAYMENT_INITIATED: "payment.initiated",
|
|
316
|
+
PAYMENT_COMPLETED: "payment.completed",
|
|
317
|
+
PAYMENT_FAILED: "payment.failed",
|
|
318
|
+
PAYMENT_REVERSED: "payment.reversed",
|
|
319
|
+
// Identity (v1.2 — actor-centric)
|
|
320
|
+
ACTOR_CREATED: "actor.created",
|
|
321
|
+
ACTOR_SUSPENDED: "actor.suspended",
|
|
322
|
+
ACTOR_REVOKED: "actor.revoked",
|
|
323
|
+
IDENTITY_RESOLVED: "identity.resolved",
|
|
324
|
+
IDENTITY_RESOLUTION_FAILED: "identity.resolution_failed",
|
|
325
|
+
// Policy
|
|
326
|
+
POLICY_ACTIVATED: "policy.activated",
|
|
327
|
+
POLICY_DEACTIVATED: "policy.deactivated",
|
|
328
|
+
POLICY_VERSION_BUMPED: "policy.version_bumped",
|
|
329
|
+
// KYC
|
|
330
|
+
KYC_SUBMITTED: "kyc.submitted",
|
|
331
|
+
KYC_APPROVED: "kyc.approved",
|
|
332
|
+
KYC_REJECTED: "kyc.rejected",
|
|
333
|
+
// AI
|
|
334
|
+
AI_INFERENCE_COMPLETED: "ai.inference_completed",
|
|
335
|
+
AI_INFERENCE_FAILED: "ai.inference_failed",
|
|
336
|
+
// Fraud
|
|
337
|
+
FRAUD_SIGNAL_DETECTED: "fraud.signal_detected",
|
|
338
|
+
// sync-back
|
|
339
|
+
SYNC_BACK_EXHAUSTED: "sync_back.exhausted"
|
|
340
|
+
};
|
|
341
|
+
|
|
342
|
+
exports.HYBRIDB_EVENT_TYPES = HYBRIDB_EVENT_TYPES;
|
|
343
|
+
exports.HybriDBClient = HybriDBClient;
|
|
344
|
+
exports.HybriDBError = HybriDBError;
|
|
345
|
+
//# sourceMappingURL=index.cjs.map
|
|
346
|
+
//# sourceMappingURL=index.cjs.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"sources":["../src/client.ts","../src/index.ts"],"names":[],"mappings":";;;;;AAgGA,IAAI,SAAA,GAAwD,IAAA;AAC5D,IAAI,YAAA,GAAe,CAAA;AACnB,IAAM,aAAA,GAAgB,IAAA;AAIf,IAAM,gBAAN,MAAoB;AAAA,EACR,OAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA,UAAA;AAAA,EAEjB,YAAY,MAAA,EAA6B;AACvC,IAAA,IAAI,CAAC,MAAA,CAAO,OAAA,QAAe,IAAI,YAAA,CAAa,gBAAgB,kCAAkC,CAAA;AAC9F,IAAA,IAAI,CAAC,MAAA,CAAO,MAAA,QAAe,IAAI,YAAA,CAAa,gBAAgB,iCAAiC,CAAA;AAE7F,IAAA,IAAA,CAAK,OAAA,GAAa,MAAA,CAAO,OAAA,CAAQ,OAAA,CAAQ,OAAO,EAAE,CAAA;AAClD,IAAA,IAAA,CAAK,SAAa,MAAA,CAAO,MAAA;AACzB,IAAA,IAAA,CAAK,OAAA,GAAa,OAAO,OAAA,IAAa,GAAA;AACtC,IAAA,IAAA,CAAK,OAAA,GAAa,OAAO,OAAA,IAAa,CAAA;AACtC,IAAA,IAAA,CAAK,UAAA,GAAa,OAAO,UAAA,IAAc,GAAA;AAAA,EACzC;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,KAAA,EAA8C;AAC/D,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,UAAA,CAAsB,sBAAsB,KAAK,CAAA;AACxE,IAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,EACxB;AAAA;AAAA,EAGA,MAAM,aAAa,YAAA,EAA0C;AAC3D,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,WAAsB,sBAAA,EAAwB,EAAE,cAAc,CAAA;AACrF,IAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,EACxB;AAAA;AAAA,EAGA,MAAM,aAAA,GAA+B;AACnC,IAAA,MAAM,IAAA,CAAK,OAAO,oBAAoB,CAAA;AAAA,EACxC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,YAAY,KAAA,EAAsC;AACtD,IAAA,MAAM,IAAA,GAAO,MAAM,IAAA,CAAK,OAAA,EAAQ;AAGhC,IAAA,MAAM,EAAE,oBAAoB,SAAA,EAAU,GAAI,MAAM,OAAO,MAAM,CAAA,CAAE,KAAA,CAAM,MAAM;AACzE,MAAA,MAAM,IAAI,YAAA,CAAa,oBAAA,EAAsB,kEAA6D,CAAA;AAAA,IAC5G,CAAC,CAAA;AAGD,IAAA,MAAM,EAAE,iBAAA,EAAkB,GAAI,MAAM,OAAO,MAAM,CAAA;AACjD,IAAA,MAAM,SAAS,iBAAA,CAAkB,EAAE,IAAA,EAAM,IAAA,CAAK,MAAoE,CAAA;AAElH,IAAA,MAAM,EAAE,OAAA,EAAQ,GAAI,MAAM,SAAA,CAAU,OAAO,MAAA,EAAQ,EAAE,MAAA,EAAQ,SAAA,EAAW,CAAA;AAExE,IAAA,MAAM,CAAA,GAAI,OAAA;AACV,IAAA,OAAO;AAAA,MACL,OAAA,EAAe,EAAE,UAAU,CAAA;AAAA,MAC3B,SAAA,EAAe,EAAE,YAAY,CAAA;AAAA,MAC7B,KAAA,EAAe,EAAE,QAAQ,CAAA;AAAA,MACzB,MAAA,EAAgB,CAAA,CAAE,QAAQ,CAAA,IAAkB,EAAC;AAAA,MAC7C,aAAA,EAAe,EAAE,gBAAgB;AAAA,KACnC;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,OAAA,GAAwD;AAC5D,IAAA,IAAI,SAAA,IAAa,IAAA,CAAK,GAAA,EAAI,GAAI,eAAe,aAAA,EAAe;AAC1D,MAAA,OAAO,SAAA;AAAA,IACT;AAEA,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CAA+C,wBAAwB,CAAA;AAC9F,IAAA,MAAM,IAAA,GAAO,IAAA,CAAK,MAAA,CAAO,GAAG,CAAA;AAC5B,IAAA,SAAA,GAAe,IAAA;AACf,IAAA,YAAA,GAAe,KAAK,GAAA,EAAI;AACxB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA,EAKS,MAAA,GAAS;AAAA;AAAA,IAEhB,YAAA,EAAc,OAAO,OAAA,EAAe,KAAA,KAA6D;AAC/F,MAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,IAAA;AAAA,QACrB,kBAAkB,OAAO,CAAA,SAAA,CAAA;AAAA,QAAa;AAAA,OACxC;AACA,MAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,IACxB,CAAA;AAAA;AAAA,IAGA,YAAA,EAAc,OAAO,OAAA,EAAe,KAAA,KAA+B;AACjE,MAAA,MAAM,KAAK,MAAA,CAAO,CAAA,eAAA,EAAkB,OAAO,CAAA,UAAA,EAAa,KAAK,CAAA,CAAE,CAAA;AAAA,IACjE,CAAA;AAAA;AAAA,IAGA,aAAA,EAAe,OAAO,OAAA,EAAe,KAAA,KAAwD;AAC3F,MAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,IAAA;AAAA,QACrB,kBAAkB,OAAO,CAAA,kBAAA,CAAA;AAAA,QAAsB;AAAA,OACjD;AACA,MAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,IACxB;AAAA,GACF;AAAA;AAAA;AAAA,EAKS,IAAA,GAAO;AAAA;AAAA,IAEd,SAAA,EAAW,OAAO,KAAA,EAAa,KAAA,KAAkD;AAC/E,MAAA,MAAM,MAAM,MAAM,IAAA,CAAK,KAAoB,CAAA,aAAA,EAAgB,KAAK,gBAAgB,KAAK,CAAA;AACrF,MAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,IACxB,CAAA;AAAA;AAAA,IAGA,gBAAA,EAAkB,OAAO,KAAA,EAAa,OAAA,EAAe,IAAA,KAAyC;AAC5F,MAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,KAAA;AAAA,QACrB,CAAA,aAAA,EAAgB,KAAK,CAAA,aAAA,EAAgB,OAAO,CAAA,CAAA;AAAA,QAAI,EAAE,IAAA;AAAK,OACzD;AACA,MAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,IACxB,CAAA;AAAA;AAAA,IAGA,YAAA,EAAc,OAAO,KAAA,EAAa,OAAA,KAAiC;AACjE,MAAA,MAAM,KAAK,MAAA,CAAO,CAAA,aAAA,EAAgB,KAAK,CAAA,aAAA,EAAgB,OAAO,CAAA,CAAE,CAAA;AAAA,IAClE,CAAA;AAAA;AAAA,IAGA,WAAA,EAAa,OAAO,KAAA,KAA0C;AAC5D,MAAA,MAAM,MAAM,MAAM,IAAA,CAAK,GAAA,CAAqB,CAAA,aAAA,EAAgB,KAAK,CAAA,YAAA,CAAc,CAAA;AAC/E,MAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,IACxB;AAAA,GACF;AAAA;AAAA;AAAA,EAKS,aAAA,GAAgB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMvB,QAAA,EAAU,OAAO,WAAA,EAAmB,KAAA,KAA+E;AACjH,MAAA,MAAM,MAAM,MAAM,IAAA,CAAK,KAAqB,CAAA,mBAAA,EAAsB,WAAW,aAAa,KAAK,CAAA;AAC/F,MAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,IACxB,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,MAAA,EAAQ,OAAO,WAAA,EAAmB,KAAA,KAA2E;AAC3G,MAAA,MAAM,MAAM,MAAM,IAAA,CAAK,KAAmB,CAAA,mBAAA,EAAsB,WAAW,WAAW,KAAK,CAAA;AAC3F,MAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,IACxB,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,cAAA,EAAgB,OAAO,WAAA,KAAoD;AACzE,MAAA,MAAM,MAAM,MAAM,IAAA,CAAK,GAAA,CAAyB,CAAA,mBAAA,EAAsB,WAAW,CAAA,YAAA,CAAc,CAAA;AAC/F,MAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,IACxB,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,aAAA,EAAe,OAAO,WAAA,EAAmB,YAAA,KAA4C;AACnF,MAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,GAAA,CAAgB,sBAAsB,WAAW,CAAA,aAAA,EAAgB,YAAY,CAAA,CAAE,CAAA;AACtG,MAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,IACxB,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,cAAA,EAAgB,OAAO,WAAA,KAA8C;AACnE,MAAA,MAAM,MAAM,MAAM,IAAA,CAAK,GAAA,CAAmB,CAAA,mBAAA,EAAsB,WAAW,CAAA,aAAA,CAAe,CAAA;AAC1F,MAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,IACxB,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAMA,iBAAA,EAAmB,OAAO,UAAA,KAAoD;AAC5E,MAAA,MAAM,MAAM,MAAM,IAAA,CAAK,GAAA,CAA0B,CAAA,kBAAA,EAAqB,UAAU,CAAA,gBAAA,CAAkB,CAAA;AAClG,MAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,IACxB,CAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,IAOA,iBAAA,EAAmB,OAAO,UAAA,EAAkB,KAAA,KAAqF;AAC/H,MAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,IAAA;AAAA,QACrB,qBAAqB,UAAU,CAAA,gBAAA,CAAA;AAAA,QAC/B;AAAA,OACF;AACA,MAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,IACxB;AAAA,GACF;AAAA;AAAA,EAIA,MAAM,gBAAgB,OAAA,EAAmD;AACvE,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,IAAA,CAAuB,qBAAqB,OAAO,CAAA;AAC1E,IAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,EACxB;AAAA,EAEA,MAAM,YAAY,UAAA,EAA6C;AAC7D,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,GAAA,CAAsB,CAAA,kBAAA,EAAqB,UAAU,CAAA,CAAE,CAAA;AAC9E,IAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,EACxB;AAAA;AAAA,EAIA,MAAM,gBAAgB,KAAA,EAAyD;AAC7E,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,IAAA,CAAwB,6BAA6B,KAAK,CAAA;AACjF,IAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,EACxB;AAAA,EAEA,MAAM,qBAAqB,WAAA,EAA+C;AACxE,IAAA,MAAM,MAAM,MAAM,IAAA,CAAK,GAAA,CAAuB,CAAA,6BAAA,EAAgC,WAAW,CAAA,CAAE,CAAA;AAC3F,IAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,EACxB;AAAA;AAAA;AAAA,EAKA,MAAM,aAAa,KAAA,EAAiD;AAClE,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,IAAA,CAAmB,kBAAkB,KAAK,CAAA;AACjE,IAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,EACxB;AAAA;AAAA,EAIA,MAAM,cAAc,MAAA,EAAkE;AACpF,IAAA,MAAM,KAAA,GAAQ,IAAI,eAAA,EAAgB;AAClC,IAAA,KAAA,MAAW,CAAC,CAAA,EAAG,CAAC,KAAK,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA,EAAG;AAC3C,MAAA,IAAI,MAAM,MAAA,EAAW,KAAA,CAAM,IAAI,CAAA,EAAG,MAAA,CAAO,CAAC,CAAC,CAAA;AAAA,IAC7C;AACA,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,GAAA,CAAmC,iBAAiB,KAAA,CAAM,QAAA,EAAU,CAAA,CAAE,CAAA;AAC7F,IAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,EACxB;AAAA;AAAA,EAIA,MAAM,MAAA,GAAuD;AAC3D,IAAA,MAAM,GAAA,GAAM,MAAM,IAAA,CAAK,SAAA,CAA+C,SAAS,CAAA;AAC/E,IAAA,OAAO,IAAA,CAAK,OAAO,GAAG,CAAA;AAAA,EACxB;AAAA;AAAA,EAIA,MAAc,IAAO,IAAA,EAAuC;AAC1D,IAAA,OAAO,IAAA,CAAK,OAAA,CAAW,KAAA,EAAO,IAAA,EAAM,QAAW,IAAI,CAAA;AAAA,EACrD;AAAA,EAEA,MAAc,UAAa,IAAA,EAAuC;AAChE,IAAA,OAAO,IAAA,CAAK,OAAA,CAAW,KAAA,EAAO,IAAA,EAAM,QAAW,KAAK,CAAA;AAAA,EACtD;AAAA,EAEA,MAAc,IAAA,CAAQ,IAAA,EAAc,IAAA,EAAwC;AAC1E,IAAA,OAAO,IAAA,CAAK,OAAA,CAAW,MAAA,EAAQ,IAAA,EAAM,MAAM,IAAI,CAAA;AAAA,EACjD;AAAA,EAEA,MAAc,UAAA,CAAc,IAAA,EAAc,IAAA,EAAwC;AAChF,IAAA,OAAO,IAAA,CAAK,OAAA,CAAW,MAAA,EAAQ,IAAA,EAAM,MAAM,KAAK,CAAA;AAAA,EAClD;AAAA,EAEA,MAAc,KAAA,CAAS,IAAA,EAAc,IAAA,EAAwC;AAC3E,IAAA,OAAO,IAAA,CAAK,OAAA,CAAW,OAAA,EAAS,IAAA,EAAM,MAAM,IAAI,CAAA;AAAA,EAClD;AAAA,EAEA,MAAc,OAAO,IAAA,EAA6B;AAChD,IAAA,MAAM,IAAA,CAAK,OAAA,CAAc,QAAA,EAAU,IAAA,EAAM,QAAW,IAAI,CAAA;AAAA,EAC1D;AAAA,EAEA,MAAc,OAAA,CACZ,MAAA,EACA,MACA,IAAA,EACA,aAAA,EACA,UAAU,CAAA,EACe;AACzB,IAAA,MAAM,UAAA,GAAa,IAAI,eAAA,EAAgB;AACvC,IAAA,MAAM,UAAa,UAAA,CAAW,MAAM,WAAW,KAAA,EAAM,EAAG,KAAK,OAAO,CAAA;AAEpE,IAAA,IAAI;AACF,MAAA,MAAM,OAAA,GAAkC;AAAA,QACtC,cAAA,EAAiB,kBAAA;AAAA,QACjB,eAAA,EAAiB;AAAA,OACnB;AACA,MAAA,IAAI,aAAA,EAAe;AACjB,QAAA,OAAA,CAAQ,eAAe,CAAA,GAAI,CAAA,OAAA,EAAU,IAAA,CAAK,MAAM,CAAA,CAAA;AAAA,MAClD;AAEA,MAAA,MAAM,QAAA,GAAW,MAAM,KAAA,CAAM,CAAA,EAAG,KAAK,OAAO,CAAA,EAAG,IAAI,CAAA,CAAA,EAAI;AAAA,QACrD,MAAA;AAAA,QACA,OAAA;AAAA,QACA,GAAI,IAAA,KAAS,KAAA,CAAA,GAAY,EAAE,IAAA,EAAM,KAAK,SAAA,CAAU,IAAI,CAAA,EAAE,GAAI,EAAC;AAAA,QAC3D,QAAQ,UAAA,CAAW;AAAA,OACpB,CAAA;AAGD,MAAA,IAAI,QAAA,CAAS,WAAW,GAAA,EAAK;AAC3B,QAAA,OAAO,EAAE,OAAA,EAAS,IAAA,EAAM,IAAA,EAAM,KAAA,CAAA,EAAe;AAAA,MAC/C;AAEA,MAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AAEjC,MAAA,IAAI,CAAC,QAAA,CAAS,EAAA,IAAM,OAAA,GAAU,IAAA,CAAK,WAAW,IAAA,CAAK,WAAA,CAAY,QAAA,CAAS,MAAM,CAAA,EAAG;AAC/E,QAAA,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,UAAA,GAAa,OAAO,CAAA;AAC1C,QAAA,OAAO,KAAK,OAAA,CAAW,MAAA,EAAQ,MAAM,IAAA,EAAM,aAAA,EAAe,UAAU,CAAC,CAAA;AAAA,MACvE;AAEA,MAAA,OAAO,IAAA;AAAA,IACT,CAAA,SAAE;AACA,MAAA,YAAA,CAAa,OAAO,CAAA;AAAA,IACtB;AAAA,EACF;AAAA,EAEQ,OAAU,QAAA,EAA6B;AAC7C,IAAA,IAAI,CAAC,QAAA,CAAS,OAAA,IAAW,QAAA,CAAS,SAAS,MAAA,EAAW;AACpD,MAAA,MAAM,IAAI,YAAA;AAAA,QACR,QAAA,CAAS,OAAO,IAAA,IAAQ,eAAA;AAAA,QACxB,QAAA,CAAS,OAAO,OAAA,IAAW,wBAAA;AAAA,QAC3B,SAAS,KAAA,EAAO;AAAA,OAClB;AAAA,IACF;AACA,IAAA,OAAO,QAAA,CAAS,IAAA;AAAA,EAClB;AAAA,EAEQ,YAAY,MAAA,EAAyB;AAC3C,IAAA,OAAO,MAAA,KAAW,OAAO,MAAA,IAAU,GAAA;AAAA,EACrC;AAAA,EAEQ,MAAM,EAAA,EAA2B;AACvC,IAAA,OAAO,IAAI,OAAA,CAAQ,CAAA,OAAA,KAAW,UAAA,CAAW,OAAA,EAAS,EAAE,CAAC,CAAA;AAAA,EACvD;AACF;AAIO,IAAM,YAAA,GAAN,cAA2B,KAAA,CAAM;AAAA,EACtC,WAAA,CACkB,IAAA,EAChB,OAAA,EACgB,OAAA,EAChB;AACA,IAAA,KAAA,CAAM,OAAO,CAAA;AAJG,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AAEA,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAGhB,IAAA,IAAA,CAAK,IAAA,GAAO,cAAA;AAAA,EACd;AACF;;;AC1ZO,IAAM,mBAAA,GAAsB;AAAA;AAAA,EAEjC,kBAAA,EAAyB,oBAAA;AAAA,EACzB,gBAAA,EAAyB,kBAAA;AAAA,EACzB,gBAAA,EAAyB,kBAAA;AAAA,EACzB,kBAAA,EAAyB,oBAAA;AAAA;AAAA,EAEzB,gBAAA,EAAyB,kBAAA;AAAA,EACzB,kBAAA,EAAyB,oBAAA;AAAA,EACzB,eAAA,EAAyB,iBAAA;AAAA,EACzB,oBAAA,EAAyB,sBAAA;AAAA;AAAA,EAEzB,iBAAA,EAAyB,mBAAA;AAAA,EACzB,iBAAA,EAAyB,mBAAA;AAAA,EACzB,cAAA,EAAyB,gBAAA;AAAA,EACzB,gBAAA,EAAyB,kBAAA;AAAA;AAAA,EAEzB,aAAA,EAAyB,eAAA;AAAA,EACzB,eAAA,EAAyB,iBAAA;AAAA,EACzB,aAAA,EAAyB,eAAA;AAAA,EACzB,iBAAA,EAAyB,mBAAA;AAAA,EACzB,0BAAA,EAA4B,4BAAA;AAAA;AAAA,EAE5B,gBAAA,EAAyB,kBAAA;AAAA,EACzB,kBAAA,EAAyB,oBAAA;AAAA,EACzB,qBAAA,EAAyB,uBAAA;AAAA;AAAA,EAEzB,aAAA,EAAyB,eAAA;AAAA,EACzB,YAAA,EAAyB,cAAA;AAAA,EACzB,YAAA,EAAyB,cAAA;AAAA;AAAA,EAEzB,sBAAA,EAAyB,wBAAA;AAAA,EACzB,mBAAA,EAAyB,qBAAA;AAAA;AAAA,EAEzB,qBAAA,EAAyB,uBAAA;AAAA;AAAA,EAEzB,mBAAA,EAAyB;AAC3B","file":"index.cjs","sourcesContent":["// hybriDB SDK Client — v1.3\n//\n// v1.3 changes (v2.4 Reversible Autonomy):\n// - reversibility namespace: rollback(), replay(), getCheckpoints(), getCheckpoint(),\n// getRollbackLog(), getCircuitBreaker(), setCircuitBreaker()\n// - SDK-Version header bumped to 1.3.0\n//\n// v1.2 changes:\n// - db.actors.* namespace (replaces db.identities.*)\n// - createMapping() — create identity mapping for an actor\n// - assignRole() — assign a role to an actor\n// - orgs.addMember(), orgs.revokeMember(), orgs.listMembers(), orgs.updateMemberRole()\n// - verifyToken() — JWKS-based local token verification\n// - 7 new HybriDBErrorCode values (see @stellrai/types)\n// - actorId field in PublishEventInput (replaces identityId)\n// - SDK-Version header bumped to 1.2.0\n\nimport type {\n UUID,\n ApiResponse,\n DecisionInput,\n DecisionRequest,\n DecisionResponse,\n TriggerPipelineInput,\n PipelineExecution,\n PublishEventInput,\n HybriDBEvent,\n AuditEntry,\n PaginatedResponse,\n Actor,\n ActorContext,\n TokenPair,\n OrgMembership,\n IdentityMapping,\n // v2.4 Reversible Autonomy\n InitiateRollbackInput,\n RollbackResult,\n InitiateReplayInput,\n ReplayResult,\n Checkpoint,\n CheckpointSummary,\n RollbackLog,\n CircuitBreakerStatus,\n SetCircuitBreakerInput,\n} from '@stellrai/types';\n\n// ─── Client config ────────────────────────────────────────────────────────────\n\nexport interface HybriDBClientConfig {\n baseUrl: string;\n apiKey: string;\n timeout?: number; // ms, default 10000\n retries?: number; // default 3\n retryDelay?: number; // ms, default 500\n}\n\n// ─── Auth inputs ─────────────────────────────────────────────────────────────\n\nexport interface AuthenticateInput {\n email: string;\n password: string;\n orgId?: string;\n}\n\nexport interface CreateMappingInput {\n providerId: string;\n externalId: string;\n userId: string;\n actorId: string;\n}\n\nexport interface OrgMemberInput {\n actorId: string;\n role: string;\n}\n\nexport interface ApiKeyInput {\n name?: string;\n scopes: string[];\n expiresAt?: string;\n}\n\nexport interface AuditQueryParams {\n actorId?: string;\n action?: string;\n outcome?: string;\n decisionId?: string;\n sessionId?: string;\n from?: string;\n to?: string;\n page?: number;\n limit?: number;\n}\n\n// ─── JWKS cache (module-level — shared across instances) ─────────────────────\n\nlet jwksCache: { keys: Record<string, unknown>[] } | null = null;\nlet jwksCachedAt = 0;\nconst JWKS_CACHE_MS = 3_600_000; // 1 hour\n\n// ─── HybriDBClient ────────────────────────────────────────────────────────────\n\nexport class HybriDBClient {\n private readonly baseUrl: string;\n private readonly apiKey: string;\n private readonly timeout: number;\n private readonly retries: number;\n private readonly retryDelay: number;\n\n constructor(config: HybriDBClientConfig) {\n if (!config.baseUrl) throw new HybriDBError('CONFIG_ERROR', 'hybriDB SDK: baseUrl is required');\n if (!config.apiKey) throw new HybriDBError('CONFIG_ERROR', 'hybriDB SDK: apiKey is required');\n\n this.baseUrl = config.baseUrl.replace(/\\/$/, '');\n this.apiKey = config.apiKey;\n this.timeout = config.timeout ?? 10_000;\n this.retries = config.retries ?? 3;\n this.retryDelay = config.retryDelay ?? 500;\n }\n\n // ─── auth — token issuance ──────────────────────────────────────────────────\n\n /** Exchange email + password for an access + refresh token pair. */\n async authenticate(input: AuthenticateInput): Promise<TokenPair> {\n const res = await this.postPublic<TokenPair>('/api/v1/auth/token', input);\n return this.unwrap(res);\n }\n\n /** Refresh an access token using a refresh token. */\n async refreshToken(refreshToken: string): Promise<TokenPair> {\n const res = await this.postPublic<TokenPair>('/api/v1/auth/refresh', { refreshToken });\n return this.unwrap(res);\n }\n\n /** Revoke the current session (requires authenticated API key/JWT). */\n async revokeSession(): Promise<void> {\n await this.delete('/api/v1/auth/token');\n }\n\n /**\n * Verify a JWT token locally using JWKS from the hybriDB server.\n * Returns the decoded actor context without making a decision API call.\n * JWKS is cached for 1 hour (spec: Cache-Control: max-age=3600).\n */\n async verifyToken(token: string): Promise<ActorContext> {\n const jwks = await this.getJwks();\n\n // Dynamic import — jose is optional peer dependency for token verification\n const { createRemoteJWKSet, jwtVerify } = await import('jose').catch(() => {\n throw new HybriDBError('DEPENDENCY_MISSING', 'jose is required for verifyToken() — install it: npm i jose');\n });\n\n // Build an in-memory JWKS from our cached keys\n const { createLocalJWKSet } = await import('jose');\n const keySet = createLocalJWKSet({ keys: jwks.keys as unknown as Parameters<typeof createLocalJWKSet>[0]['keys'] });\n\n const { payload } = await jwtVerify(token, keySet, { issuer: 'hybridb' });\n\n const p = payload as Record<string, unknown>;\n return {\n actorId: p['actor_id'] as string,\n actorType: p['actor_type'] as ActorContext['actorType'],\n orgId: p['org_id'] as string | null,\n scopes: (p['scopes'] as string[]) ?? [],\n policyVersion: p['policy_version'] as number,\n };\n }\n\n /** Fetch JWKS from the hybriDB server (cached for 1 hour). */\n async getJwks(): Promise<{ keys: Record<string, unknown>[] }> {\n if (jwksCache && Date.now() - jwksCachedAt < JWKS_CACHE_MS) {\n return jwksCache;\n }\n\n const res = await this.getPublic<{ keys: Record<string, unknown>[] }>('/.well-known/jwks.json');\n const data = this.unwrap(res);\n jwksCache = data;\n jwksCachedAt = Date.now();\n return data;\n }\n\n // ─── db.actors — actor management ──────────────────────────────────────────\n\n /** Namespace for actor management operations. */\n readonly actors = {\n /** Issue an API key for an actor. Requires actor:admin scope. */\n createApiKey: async (actorId: UUID, input: ApiKeyInput): Promise<{ id: string; key: string }> => {\n const res = await this.post<{ id: string; key: string }>(\n `/api/v1/actors/${actorId}/api-keys`, input,\n );\n return this.unwrap(res);\n },\n\n /** Revoke an API key. Requires actor:admin scope. */\n revokeApiKey: async (actorId: UUID, keyId: UUID): Promise<void> => {\n await this.delete(`/api/v1/actors/${actorId}/api-keys/${keyId}`);\n },\n\n /** Create an identity mapping (external provider → actor). Requires actor:write scope. */\n createMapping: async (actorId: UUID, input: CreateMappingInput): Promise<IdentityMapping> => {\n const res = await this.post<IdentityMapping>(\n `/api/v1/actors/${actorId}/identity-mappings`, input,\n );\n return this.unwrap(res);\n },\n } as const;\n\n // ─── orgs — organisation membership ────────────────────────────────────────\n\n /** Namespace for organisation membership operations. */\n readonly orgs = {\n /** Add a member to an organisation. Requires org:admin scope. */\n addMember: async (orgId: UUID, input: OrgMemberInput): Promise<OrgMembership> => {\n const res = await this.post<OrgMembership>(`/api/v1/orgs/${orgId}/memberships`, input);\n return this.unwrap(res);\n },\n\n /** Update a member's role. Requires org:admin scope. */\n updateMemberRole: async (orgId: UUID, actorId: UUID, role: string): Promise<OrgMembership> => {\n const res = await this.patch<OrgMembership>(\n `/api/v1/orgs/${orgId}/memberships/${actorId}`, { role },\n );\n return this.unwrap(res);\n },\n\n /** Revoke an actor's membership. Requires org:admin scope. */\n revokeMember: async (orgId: UUID, actorId: UUID): Promise<void> => {\n await this.delete(`/api/v1/orgs/${orgId}/memberships/${actorId}`);\n },\n\n /** List organisation members. Requires org:read scope. */\n listMembers: async (orgId: UUID): Promise<OrgMembership[]> => {\n const res = await this.get<OrgMembership[]>(`/api/v1/orgs/${orgId}/memberships`);\n return this.unwrap(res);\n },\n } as const;\n\n // ─── Reversibility (v2.4) ──────────────────────────────────────────────────\n\n /** Namespace for Reversible Autonomy operations (v2.4). */\n readonly reversibility = {\n /**\n * Initiate a rollback for an execution.\n * Types: 'full' (all steps), 'selective' (targetSteps list), 'to_checkpoint'.\n * Requires pipeline:rollback scope.\n */\n rollback: async (executionId: UUID, input: Omit<InitiateRollbackInput, 'executionId'>): Promise<RollbackResult> => {\n const res = await this.post<RollbackResult>(`/api/v1/executions/${executionId}/rollback`, input);\n return this.unwrap(res);\n },\n\n /**\n * Initiate a replay from a checkpoint.\n * Creates a new child execution starting from the checkpoint's step.\n * Requires pipeline:replay scope.\n */\n replay: async (executionId: UUID, input: Omit<InitiateReplayInput, 'executionId'>): Promise<ReplayResult> => {\n const res = await this.post<ReplayResult>(`/api/v1/executions/${executionId}/replay`, input);\n return this.unwrap(res);\n },\n\n /**\n * List all checkpoints for an execution (ordered by step_index asc).\n * Requires pipeline:read scope.\n */\n getCheckpoints: async (executionId: UUID): Promise<CheckpointSummary[]> => {\n const res = await this.get<CheckpointSummary[]>(`/api/v1/executions/${executionId}/checkpoints`);\n return this.unwrap(res);\n },\n\n /**\n * Get a specific checkpoint (with checksum verification).\n * Throws REPLAY_CONTEXT_INVALID if checksum mismatches.\n * Requires pipeline:read scope.\n */\n getCheckpoint: async (executionId: UUID, checkpointId: UUID): Promise<Checkpoint> => {\n const res = await this.get<Checkpoint>(`/api/v1/executions/${executionId}/checkpoints/${checkpointId}`);\n return this.unwrap(res);\n },\n\n /**\n * List all rollback log entries for an execution.\n * Requires pipeline:read scope.\n */\n getRollbackLog: async (executionId: UUID): Promise<RollbackLog[]> => {\n const res = await this.get<RollbackLog[]>(`/api/v1/executions/${executionId}/rollback-log`);\n return this.unwrap(res);\n },\n\n /**\n * Get circuit breaker status for a pipeline.\n * Requires pipeline:read scope.\n */\n getCircuitBreaker: async (pipelineId: UUID): Promise<CircuitBreakerStatus> => {\n const res = await this.get<CircuitBreakerStatus>(`/api/v1/pipelines/${pipelineId}/circuit-breaker`);\n return this.unwrap(res);\n },\n\n /**\n * Open or close the circuit breaker for a pipeline.\n * Opening halts all future executions immediately.\n * Requires pipeline:circuit_breaker scope.\n */\n setCircuitBreaker: async (pipelineId: UUID, input: Omit<SetCircuitBreakerInput, 'pipelineId'>): Promise<CircuitBreakerStatus> => {\n const res = await this.post<CircuitBreakerStatus>(\n `/api/v1/pipelines/${pipelineId}/circuit-breaker`,\n input,\n );\n return this.unwrap(res);\n },\n } as const;\n\n // ─── Decisions ─────────────────────────────────────────────────────────────\n\n async requestDecision(request: DecisionInput): Promise<DecisionResponse> {\n const res = await this.post<DecisionResponse>('/api/v1/decisions', request);\n return this.unwrap(res);\n }\n\n async getDecision(decisionId: UUID): Promise<DecisionResponse> {\n const res = await this.get<DecisionResponse>(`/api/v1/decisions/${decisionId}`);\n return this.unwrap(res);\n }\n\n // ─── Pipelines ─────────────────────────────────────────────────────────────\n\n async triggerPipeline(input: TriggerPipelineInput): Promise<PipelineExecution> {\n const res = await this.post<PipelineExecution>('/api/v1/pipelines/trigger', input);\n return this.unwrap(res);\n }\n\n async getPipelineExecution(executionId: UUID): Promise<PipelineExecution> {\n const res = await this.get<PipelineExecution>(`/api/v1/pipelines/executions/${executionId}`);\n return this.unwrap(res);\n }\n\n // ─── Events ────────────────────────────────────────────────────────────────\n\n /** Publish a business event. Note: use actorId (v1.2), not identityId. */\n async publishEvent(input: PublishEventInput): Promise<HybriDBEvent> {\n const res = await this.post<HybriDBEvent>('/api/v1/events', input);\n return this.unwrap(res);\n }\n\n // ─── Audit ─────────────────────────────────────────────────────────────────\n\n async queryAuditLog(params: AuditQueryParams): Promise<PaginatedResponse<AuditEntry>> {\n const query = new URLSearchParams();\n for (const [k, v] of Object.entries(params)) {\n if (v !== undefined) query.set(k, String(v));\n }\n const res = await this.get<PaginatedResponse<AuditEntry>>(`/api/v1/audit?${query.toString()}`);\n return this.unwrap(res);\n }\n\n // ─── Health ────────────────────────────────────────────────────────────────\n\n async health(): Promise<{ status: string; version: string }> {\n const res = await this.getPublic<{ status: string; version: string }>('/health');\n return this.unwrap(res);\n }\n\n // ─── HTTP primitives ───────────────────────────────────────────────────────\n\n private async get<T>(path: string): Promise<ApiResponse<T>> {\n return this.request<T>('GET', path, undefined, true);\n }\n\n private async getPublic<T>(path: string): Promise<ApiResponse<T>> {\n return this.request<T>('GET', path, undefined, false);\n }\n\n private async post<T>(path: string, body: unknown): Promise<ApiResponse<T>> {\n return this.request<T>('POST', path, body, true);\n }\n\n private async postPublic<T>(path: string, body: unknown): Promise<ApiResponse<T>> {\n return this.request<T>('POST', path, body, false);\n }\n\n private async patch<T>(path: string, body: unknown): Promise<ApiResponse<T>> {\n return this.request<T>('PATCH', path, body, true);\n }\n\n private async delete(path: string): Promise<void> {\n await this.request<void>('DELETE', path, undefined, true);\n }\n\n private async request<T>(\n method: string,\n path: string,\n body: unknown,\n authenticated: boolean,\n attempt = 1,\n ): Promise<ApiResponse<T>> {\n const controller = new AbortController();\n const timerId = setTimeout(() => controller.abort(), this.timeout);\n\n try {\n const headers: Record<string, string> = {\n 'Content-Type': 'application/json',\n 'X-SDK-Version': '1.3.0',\n };\n if (authenticated) {\n headers['Authorization'] = `Bearer ${this.apiKey}`;\n }\n\n const response = await fetch(`${this.baseUrl}${path}`, {\n method,\n headers,\n ...(body !== undefined ? { body: JSON.stringify(body) } : {}),\n signal: controller.signal,\n });\n\n // 204 No Content — return success with no data\n if (response.status === 204) {\n return { success: true, data: undefined as T };\n }\n\n const json = await response.json() as ApiResponse<T>;\n\n if (!response.ok && attempt < this.retries && this.isRetryable(response.status)) {\n await this.sleep(this.retryDelay * attempt);\n return this.request<T>(method, path, body, authenticated, attempt + 1);\n }\n\n return json;\n } finally {\n clearTimeout(timerId);\n }\n }\n\n private unwrap<T>(response: ApiResponse<T>): T {\n if (!response.success || response.data === undefined) {\n throw new HybriDBError(\n response.error?.code ?? 'UNKNOWN_ERROR',\n response.error?.message ?? 'hybriDB request failed',\n response.error?.details,\n );\n }\n return response.data;\n }\n\n private isRetryable(status: number): boolean {\n return status === 429 || status >= 500;\n }\n\n private sleep(ms: number): Promise<void> {\n return new Promise(resolve => setTimeout(resolve, ms));\n }\n}\n\n// ─── HybriDBError ─────────────────────────────────────────────────────────────\n\nexport class HybriDBError extends Error {\n constructor(\n public readonly code: string,\n message: string,\n public readonly details?: Record<string, unknown>,\n ) {\n super(message);\n this.name = 'HybriDBError';\n }\n}\n","// hybriDB SDK — v1.2\nexport { HybriDBClient, HybriDBError } from './client.js';\nexport type {\n HybriDBClientConfig,\n AuthenticateInput,\n CreateMappingInput,\n OrgMemberInput,\n ApiKeyInput,\n AuditQueryParams,\n} from './client.js';\n\n// React context — exported from '@hybridb/sdk/react' (separate entry point, browser only)\n\n// Re-export commonly used types for SDK consumers\nexport type {\n // Actor-centric (v1.2)\n Actor,\n ActorContext,\n ActorType,\n ActorStatus,\n User,\n OrgMembership,\n IdentityMapping,\n Session,\n TokenPair,\n // Decisions\n DecisionRequest,\n DecisionResponse,\n DecisionResult,\n // Pipelines\n TriggerPipelineInput,\n PipelineExecution,\n // Events — actorId (v1.2), not identityId\n PublishEventInput,\n HybriDBEvent,\n // Audit\n AuditEntry,\n AuditOutcome,\n // Policy\n Policy,\n PolicyEvaluationResult,\n // Shared\n ApiResponse,\n ApiError,\n PaginatedResponse,\n UUID,\n ISO8601,\n // Errors\n HybriDBErrorCode,\n} from '@stellrai/types';\n\n// ─── Event type constants (v1.2) ──────────────────────────────────────────────\n\nexport const HYBRIDB_EVENT_TYPES = {\n // Decisions\n DECISION_REQUESTED: 'decision.requested',\n DECISION_ALLOWED: 'decision.allowed',\n DECISION_BLOCKED: 'decision.blocked',\n DECISION_ESCALATED: 'decision.escalated',\n // Pipelines\n PIPELINE_STARTED: 'pipeline.started',\n PIPELINE_COMPLETED: 'pipeline.completed',\n PIPELINE_FAILED: 'pipeline.failed',\n PIPELINE_COMPENSATED: 'pipeline.compensated',\n // Payments\n PAYMENT_INITIATED: 'payment.initiated',\n PAYMENT_COMPLETED: 'payment.completed',\n PAYMENT_FAILED: 'payment.failed',\n PAYMENT_REVERSED: 'payment.reversed',\n // Identity (v1.2 — actor-centric)\n ACTOR_CREATED: 'actor.created',\n ACTOR_SUSPENDED: 'actor.suspended',\n ACTOR_REVOKED: 'actor.revoked',\n IDENTITY_RESOLVED: 'identity.resolved',\n IDENTITY_RESOLUTION_FAILED: 'identity.resolution_failed',\n // Policy\n POLICY_ACTIVATED: 'policy.activated',\n POLICY_DEACTIVATED: 'policy.deactivated',\n POLICY_VERSION_BUMPED: 'policy.version_bumped',\n // KYC\n KYC_SUBMITTED: 'kyc.submitted',\n KYC_APPROVED: 'kyc.approved',\n KYC_REJECTED: 'kyc.rejected',\n // AI\n AI_INFERENCE_COMPLETED: 'ai.inference_completed',\n AI_INFERENCE_FAILED: 'ai.inference_failed',\n // Fraud\n FRAUD_SIGNAL_DETECTED: 'fraud.signal_detected',\n // sync-back\n SYNC_BACK_EXHAUSTED: 'sync_back.exhausted',\n} as const;\n\nexport type HybriDBEventType = typeof HYBRIDB_EVENT_TYPES[keyof typeof HYBRIDB_EVENT_TYPES];\n"]}
|
package/dist/index.d.cts
ADDED
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
export { A as ApiKeyInput, a as AuditQueryParams, b as AuthenticateInput, C as CreateMappingInput, H as HybriDBClient, c as HybriDBClientConfig, d as HybriDBError, O as OrgMemberInput } from './client-DzNX2jDR.cjs';
|
|
2
|
+
export { Actor, ActorContext, ActorStatus, ActorType, ApiError, ApiResponse, AuditEntry, AuditOutcome, DecisionRequest, DecisionResponse, DecisionResult, HybriDBErrorCode, HybriDBEvent, ISO8601, IdentityMapping, OrgMembership, PaginatedResponse, PipelineExecution, Policy, PolicyEvaluationResult, PublishEventInput, Session, TokenPair, TriggerPipelineInput, UUID, User } from './common/index.js';
|
|
3
|
+
|
|
4
|
+
declare const HYBRIDB_EVENT_TYPES: {
|
|
5
|
+
readonly DECISION_REQUESTED: "decision.requested";
|
|
6
|
+
readonly DECISION_ALLOWED: "decision.allowed";
|
|
7
|
+
readonly DECISION_BLOCKED: "decision.blocked";
|
|
8
|
+
readonly DECISION_ESCALATED: "decision.escalated";
|
|
9
|
+
readonly PIPELINE_STARTED: "pipeline.started";
|
|
10
|
+
readonly PIPELINE_COMPLETED: "pipeline.completed";
|
|
11
|
+
readonly PIPELINE_FAILED: "pipeline.failed";
|
|
12
|
+
readonly PIPELINE_COMPENSATED: "pipeline.compensated";
|
|
13
|
+
readonly PAYMENT_INITIATED: "payment.initiated";
|
|
14
|
+
readonly PAYMENT_COMPLETED: "payment.completed";
|
|
15
|
+
readonly PAYMENT_FAILED: "payment.failed";
|
|
16
|
+
readonly PAYMENT_REVERSED: "payment.reversed";
|
|
17
|
+
readonly ACTOR_CREATED: "actor.created";
|
|
18
|
+
readonly ACTOR_SUSPENDED: "actor.suspended";
|
|
19
|
+
readonly ACTOR_REVOKED: "actor.revoked";
|
|
20
|
+
readonly IDENTITY_RESOLVED: "identity.resolved";
|
|
21
|
+
readonly IDENTITY_RESOLUTION_FAILED: "identity.resolution_failed";
|
|
22
|
+
readonly POLICY_ACTIVATED: "policy.activated";
|
|
23
|
+
readonly POLICY_DEACTIVATED: "policy.deactivated";
|
|
24
|
+
readonly POLICY_VERSION_BUMPED: "policy.version_bumped";
|
|
25
|
+
readonly KYC_SUBMITTED: "kyc.submitted";
|
|
26
|
+
readonly KYC_APPROVED: "kyc.approved";
|
|
27
|
+
readonly KYC_REJECTED: "kyc.rejected";
|
|
28
|
+
readonly AI_INFERENCE_COMPLETED: "ai.inference_completed";
|
|
29
|
+
readonly AI_INFERENCE_FAILED: "ai.inference_failed";
|
|
30
|
+
readonly FRAUD_SIGNAL_DETECTED: "fraud.signal_detected";
|
|
31
|
+
readonly SYNC_BACK_EXHAUSTED: "sync_back.exhausted";
|
|
32
|
+
};
|
|
33
|
+
type HybriDBEventType = typeof HYBRIDB_EVENT_TYPES[keyof typeof HYBRIDB_EVENT_TYPES];
|
|
34
|
+
|
|
35
|
+
export { HYBRIDB_EVENT_TYPES, type HybriDBEventType };
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
export { A as ApiKeyInput, a as AuditQueryParams, b as AuthenticateInput, C as CreateMappingInput, H as HybriDBClient, c as HybriDBClientConfig, d as HybriDBError, O as OrgMemberInput } from './client-DzNX2jDR.js';
|
|
2
|
+
export { Actor, ActorContext, ActorStatus, ActorType, ApiError, ApiResponse, AuditEntry, AuditOutcome, DecisionRequest, DecisionResponse, DecisionResult, HybriDBErrorCode, HybriDBEvent, ISO8601, IdentityMapping, OrgMembership, PaginatedResponse, PipelineExecution, Policy, PolicyEvaluationResult, PublishEventInput, Session, TokenPair, TriggerPipelineInput, UUID, User } from './common/index.js';
|
|
3
|
+
|
|
4
|
+
declare const HYBRIDB_EVENT_TYPES: {
|
|
5
|
+
readonly DECISION_REQUESTED: "decision.requested";
|
|
6
|
+
readonly DECISION_ALLOWED: "decision.allowed";
|
|
7
|
+
readonly DECISION_BLOCKED: "decision.blocked";
|
|
8
|
+
readonly DECISION_ESCALATED: "decision.escalated";
|
|
9
|
+
readonly PIPELINE_STARTED: "pipeline.started";
|
|
10
|
+
readonly PIPELINE_COMPLETED: "pipeline.completed";
|
|
11
|
+
readonly PIPELINE_FAILED: "pipeline.failed";
|
|
12
|
+
readonly PIPELINE_COMPENSATED: "pipeline.compensated";
|
|
13
|
+
readonly PAYMENT_INITIATED: "payment.initiated";
|
|
14
|
+
readonly PAYMENT_COMPLETED: "payment.completed";
|
|
15
|
+
readonly PAYMENT_FAILED: "payment.failed";
|
|
16
|
+
readonly PAYMENT_REVERSED: "payment.reversed";
|
|
17
|
+
readonly ACTOR_CREATED: "actor.created";
|
|
18
|
+
readonly ACTOR_SUSPENDED: "actor.suspended";
|
|
19
|
+
readonly ACTOR_REVOKED: "actor.revoked";
|
|
20
|
+
readonly IDENTITY_RESOLVED: "identity.resolved";
|
|
21
|
+
readonly IDENTITY_RESOLUTION_FAILED: "identity.resolution_failed";
|
|
22
|
+
readonly POLICY_ACTIVATED: "policy.activated";
|
|
23
|
+
readonly POLICY_DEACTIVATED: "policy.deactivated";
|
|
24
|
+
readonly POLICY_VERSION_BUMPED: "policy.version_bumped";
|
|
25
|
+
readonly KYC_SUBMITTED: "kyc.submitted";
|
|
26
|
+
readonly KYC_APPROVED: "kyc.approved";
|
|
27
|
+
readonly KYC_REJECTED: "kyc.rejected";
|
|
28
|
+
readonly AI_INFERENCE_COMPLETED: "ai.inference_completed";
|
|
29
|
+
readonly AI_INFERENCE_FAILED: "ai.inference_failed";
|
|
30
|
+
readonly FRAUD_SIGNAL_DETECTED: "fraud.signal_detected";
|
|
31
|
+
readonly SYNC_BACK_EXHAUSTED: "sync_back.exhausted";
|
|
32
|
+
};
|
|
33
|
+
type HybriDBEventType = typeof HYBRIDB_EVENT_TYPES[keyof typeof HYBRIDB_EVENT_TYPES];
|
|
34
|
+
|
|
35
|
+
export { HYBRIDB_EVENT_TYPES, type HybriDBEventType };
|