npm - @insureco/bio - Versions diffs - 0.3.0 → 0.4.0 - Mend

@insureco/bio 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/chunk-NK5VXXWF.mjs +43 -0
package/dist/index.d.mts +3 -265
package/dist/index.d.ts +3 -265
package/dist/index.mjs +7 -37
package/dist/types-Dkb-drHZ.d.mts +302 -0
package/dist/types-Dkb-drHZ.d.ts +302 -0
package/dist/users.d.mts +45 -0
package/dist/users.d.ts +45 -0
package/dist/users.js +185 -0
package/dist/users.mjs +128 -0
package/package.json +13 -9

package/dist/types-Dkb-drHZ.d.mts ADDED Viewed

@@ -0,0 +1,302 @@
+/** Configuration for BioAuth (OAuth flow client) */
+interface BioAuthConfig {
+    /** OAuth client ID (env: BIO_CLIENT_ID) */
+    clientId: string;
+    /** OAuth client secret (env: BIO_CLIENT_SECRET) */
+    clientSecret: string;
+    /** Bio-ID issuer URL (env: BIO_ID_URL, default: https://bio.tawa.pro) */
+    issuer?: string;
+    /** Number of retry attempts on transient failures (default: 2) */
+    retries?: number;
+    /** Request timeout in milliseconds (default: 10000) */
+    timeoutMs?: number;
+}
+/** Configuration for BioAdmin (admin API client) */
+interface BioAdminConfig {
+    /** Bio-ID base URL (env: BIO_ID_URL, default: https://bio.tawa.pro) */
+    baseUrl?: string;
+    /** Internal API key for service-to-service auth (env: INTERNAL_API_KEY) */
+    internalKey?: string;
+    /** Async function returning a Bearer token (alternative to internalKey) */
+    accessTokenFn?: () => Promise<string>;
+    /** Number of retry attempts on transient failures (default: 2) */
+    retries?: number;
+    /** Request timeout in milliseconds (default: 10000) */
+    timeoutMs?: number;
+}
+/** Options for building an authorization URL */
+interface AuthorizeOptions {
+    /** Callback URL where Bio-ID redirects after authorization */
+    redirectUri: string;
+    /** OAuth scopes to request (default: ['openid', 'profile', 'email']) */
+    scopes?: string[];
+    /** CSRF state parameter (auto-generated if not provided) */
+    state?: string;
+    /** Optional org slug to pre-select during authorization (for multi-org users) */
+    organization?: string;
+}
+/** Result from getAuthorizationUrl() */
+interface AuthorizeResult {
+    /** Full authorization URL to redirect the user to */
+    url: string;
+    /** State parameter (for CSRF validation on callback) */
+    state: string;
+    /** PKCE code verifier (store securely, send during token exchange) */
+    codeVerifier: string;
+    /** PKCE code challenge (included in the URL) */
+    codeChallenge: string;
+}
+/** Response from the /api/oauth/token endpoint */
+interface TokenResponse {
+    access_token: string;
+    token_type: 'Bearer';
+    expires_in: number;
+    refresh_token?: string;
+    scope: string;
+    id_token?: string;
+}
+/** Response from the /api/auth/introspect endpoint */
+interface IntrospectResult {
+    active: boolean;
+    user?: {
+        id: string;
+        email: string;
+        name: string;
+        org: string;
+        roles: string[];
+    };
+    tokenType?: 'client_credentials';
+    clientId?: string;
+    scopes?: string[];
+    orgId?: string;
+    orgSlug?: string;
+    organizationName?: string;
+}
+/** Decoded access token payload (user auth) */
+interface BioTokenPayload {
+    iss: string;
+    sub: string;
+    aud: string;
+    exp: number;
+    iat: number;
+    bioId: string;
+    email: string;
+    name: string;
+    userType: string;
+    roles: string[];
+    permissions: string[];
+    orgId?: string;
+    orgSlug?: string;
+    /** Org-specific role slugs within the user's active org (from OrgMembership) */
+    orgRoles?: string[];
+    /** Job title at the active org (from OrgMembership.jobTitle) */
+    orgTitle?: string;
+    /** Additional modules granted by the org specifically (from OrgMembership.enabled_modules) */
+    orgModules?: string[];
+    client_id: string;
+    scope: string;
+    enabled_modules?: string[];
+    onboarding?: {
+        platform: boolean;
+        modules: Record<string, {
+            completed: string[];
+            due: string[];
+        }>;
+    };
+}
+/** Decoded client credentials token payload (service-to-service) */
+interface BioClientTokenPayload {
+    iss: string;
+    exp: number;
+    iat: number;
+    client_id: string;
+    scope: string;
+    token_type: 'client_credentials';
+    orgId?: string;
+    orgSlug?: string;
+}
+/** Options for local JWT verification (HS256) */
+interface VerifyOptions {
+    /** Expected issuer (default: config issuer) */
+    issuer?: string;
+    /** Expected audience (client_id) */
+    audience?: string;
+}
+/** Options for JWKS-based JWT verification (RS256) */
+interface JWKSVerifyOptions {
+    /** JWKS endpoint URL (default: https://bio.tawa.pro/.well-known/jwks.json) */
+    jwksUri?: string;
+    /** Expected issuer — defaults to accepting bio.insureco.io, bio.tawa.insureco.io, and bio.tawa.pro */
+    issuer?: string;
+    /** Expected audience (client_id) */
+    audience?: string;
+}
+/** User profile from /api/oauth/userinfo or admin API */
+interface BioUser {
+    sub: string;
+    bioId: string;
+    email: string;
+    emailVerified: boolean;
+    name: string;
+    firstName?: string;
+    lastName?: string;
+    userType: string;
+    roles: string[];
+    permissions: string[];
+    status: string;
+    orgId?: string;
+    orgSlug?: string;
+    organizationId?: string;
+    organizationName?: string;
+    departmentId?: string;
+    departmentName?: string;
+    managerId?: string;
+    enabledModules?: string[];
+    jobTitle?: string;
+    phoneHome?: string;
+    phoneWork?: string;
+    phoneCell?: string;
+    phone?: string;
+    addressHome?: BioAddress;
+    addressWork?: BioAddress;
+    messaging?: BioMessaging;
+    preferences?: Record<string, unknown>;
+    lastLoginAt?: number;
+}
+interface BioAddress {
+    street?: string;
+    city?: string;
+    state?: string;
+    zip?: string;
+    country?: string;
+}
+interface BioMessaging {
+    slack?: string;
+    teams?: string;
+    skype?: string;
+    whatsapp?: string;
+}
+/** Filters for listing users */
+interface UserFilters {
+    search?: string;
+    status?: string;
+    userType?: string;
+    organizationId?: string;
+    page?: number;
+    limit?: number;
+}
+/** Data for updating a user */
+interface UpdateUserData {
+    firstName?: string;
+    lastName?: string;
+    displayName?: string;
+    roles?: string[];
+    status?: string;
+    userType?: string;
+    departmentId?: string;
+    jobTitle?: string;
+    permissions?: string[];
+    enabled_modules?: string[];
+}
+/** Department from admin API */
+interface BioDepartment {
+    id: string;
+    name: string;
+    description?: string;
+    organizationId: string;
+    headId?: string;
+    parentId?: string;
+    memberCount?: number;
+}
+/** Data for creating a department */
+interface CreateDepartmentData {
+    name: string;
+    description?: string;
+    headId?: string;
+    parentId?: string;
+}
+/** Role from admin API */
+interface BioRole {
+    id: string;
+    name: string;
+    description?: string;
+    permissions: string[];
+    isSystem?: boolean;
+}
+/** Data for creating a role */
+interface CreateRoleData {
+    name: string;
+    description?: string;
+    permissions: string[];
+}
+/** OAuth client from admin API */
+interface BioOAuthClient {
+    clientId: string;
+    name: string;
+    description?: string;
+    redirectUris: string[];
+    allowedScopes: string[];
+    allowedGrantTypes: string[];
+    isActive: boolean;
+    orgId?: string;
+    orgSlug?: string;
+    accessTokenTtl?: number;
+    refreshTokenTtl?: number;
+}
+/** Data for creating an OAuth client */
+interface CreateClientData {
+    name: string;
+    description?: string;
+    redirectUris: string[];
+    allowedScopes?: string[];
+    allowedGrantTypes?: string[];
+}
+/** Configuration for BioUsers client */
+interface BioUsersConfig {
+    /** Bio users URL (env: BIO_USERS_URL) */
+    usersUrl: string;
+    /** Service API key (env: BIO_SERVICE_KEY) */
+    serviceKey: string;
+    /** Request timeout in milliseconds (default: 10000) */
+    timeoutMs?: number;
+}
+/** Filters for querying org members via /api/v2/users or /api/orgs/[slug]/members */
+interface OrgMemberFilters {
+    /** Only return members with these modules enabled */
+    modules?: string[];
+    /** Only return members with these roles */
+    roles?: string[];
+    /** Max results (default: 50) */
+    limit?: number;
+    /** Page number for pagination (default: 1) */
+    page?: number;
+}
+/** A member as returned by GET /api/v2/users or GET /api/orgs/[slug]/members */
+interface OrgMember {
+    bioId: string;
+    email: string;
+    name: string;
+    jobTitle?: string;
+    enabled_modules: string[];
+    roles?: string[];
+}
+/** Paginated response from the user access endpoints */
+interface OrgMembersResult {
+    members: OrgMember[];
+    total: number;
+    page: number;
+    limit: number;
+}
+/** Admin API response wrapper */
+interface AdminResponse<T> {
+    success: boolean;
+    data?: T;
+    error?: string;
+    meta?: {
+        total: number;
+        page: number;
+        limit: number;
+    };
+}
+export type { AuthorizeOptions as A, BioAuthConfig as B, CreateDepartmentData as C, IntrospectResult as I, JWKSVerifyOptions as J, OrgMember as O, TokenResponse as T, UserFilters as U, VerifyOptions as V, AuthorizeResult as a, BioUser as b, BioAdminConfig as c, UpdateUserData as d, BioDepartment as e, BioRole as f, CreateRoleData as g, BioOAuthClient as h, CreateClientData as i, BioTokenPayload as j, AdminResponse as k, BioAddress as l, BioClientTokenPayload as m, BioMessaging as n, BioUsersConfig as o, OrgMemberFilters as p, OrgMembersResult as q };

package/dist/types-Dkb-drHZ.d.ts ADDED Viewed

@@ -0,0 +1,302 @@
+/** Configuration for BioAuth (OAuth flow client) */
+interface BioAuthConfig {
+    /** OAuth client ID (env: BIO_CLIENT_ID) */
+    clientId: string;
+    /** OAuth client secret (env: BIO_CLIENT_SECRET) */
+    clientSecret: string;
+    /** Bio-ID issuer URL (env: BIO_ID_URL, default: https://bio.tawa.pro) */
+    issuer?: string;
+    /** Number of retry attempts on transient failures (default: 2) */
+    retries?: number;
+    /** Request timeout in milliseconds (default: 10000) */
+    timeoutMs?: number;
+}
+/** Configuration for BioAdmin (admin API client) */
+interface BioAdminConfig {
+    /** Bio-ID base URL (env: BIO_ID_URL, default: https://bio.tawa.pro) */
+    baseUrl?: string;
+    /** Internal API key for service-to-service auth (env: INTERNAL_API_KEY) */
+    internalKey?: string;
+    /** Async function returning a Bearer token (alternative to internalKey) */
+    accessTokenFn?: () => Promise<string>;
+    /** Number of retry attempts on transient failures (default: 2) */
+    retries?: number;
+    /** Request timeout in milliseconds (default: 10000) */
+    timeoutMs?: number;
+}
+/** Options for building an authorization URL */
+interface AuthorizeOptions {
+    /** Callback URL where Bio-ID redirects after authorization */
+    redirectUri: string;
+    /** OAuth scopes to request (default: ['openid', 'profile', 'email']) */
+    scopes?: string[];
+    /** CSRF state parameter (auto-generated if not provided) */
+    state?: string;
+    /** Optional org slug to pre-select during authorization (for multi-org users) */
+    organization?: string;
+}
+/** Result from getAuthorizationUrl() */
+interface AuthorizeResult {
+    /** Full authorization URL to redirect the user to */
+    url: string;
+    /** State parameter (for CSRF validation on callback) */
+    state: string;
+    /** PKCE code verifier (store securely, send during token exchange) */
+    codeVerifier: string;
+    /** PKCE code challenge (included in the URL) */
+    codeChallenge: string;
+}
+/** Response from the /api/oauth/token endpoint */
+interface TokenResponse {
+    access_token: string;
+    token_type: 'Bearer';
+    expires_in: number;
+    refresh_token?: string;
+    scope: string;
+    id_token?: string;
+}
+/** Response from the /api/auth/introspect endpoint */
+interface IntrospectResult {
+    active: boolean;
+    user?: {
+        id: string;
+        email: string;
+        name: string;
+        org: string;
+        roles: string[];
+    };
+    tokenType?: 'client_credentials';
+    clientId?: string;
+    scopes?: string[];
+    orgId?: string;
+    orgSlug?: string;
+    organizationName?: string;
+}
+/** Decoded access token payload (user auth) */
+interface BioTokenPayload {
+    iss: string;
+    sub: string;
+    aud: string;
+    exp: number;
+    iat: number;
+    bioId: string;
+    email: string;
+    name: string;
+    userType: string;
+    roles: string[];
+    permissions: string[];
+    orgId?: string;
+    orgSlug?: string;
+    /** Org-specific role slugs within the user's active org (from OrgMembership) */
+    orgRoles?: string[];
+    /** Job title at the active org (from OrgMembership.jobTitle) */
+    orgTitle?: string;
+    /** Additional modules granted by the org specifically (from OrgMembership.enabled_modules) */
+    orgModules?: string[];
+    client_id: string;
+    scope: string;
+    enabled_modules?: string[];
+    onboarding?: {
+        platform: boolean;
+        modules: Record<string, {
+            completed: string[];
+            due: string[];
+        }>;
+    };
+}
+/** Decoded client credentials token payload (service-to-service) */
+interface BioClientTokenPayload {
+    iss: string;
+    exp: number;
+    iat: number;
+    client_id: string;
+    scope: string;
+    token_type: 'client_credentials';
+    orgId?: string;
+    orgSlug?: string;
+}
+/** Options for local JWT verification (HS256) */
+interface VerifyOptions {
+    /** Expected issuer (default: config issuer) */
+    issuer?: string;
+    /** Expected audience (client_id) */
+    audience?: string;
+}
+/** Options for JWKS-based JWT verification (RS256) */
+interface JWKSVerifyOptions {
+    /** JWKS endpoint URL (default: https://bio.tawa.pro/.well-known/jwks.json) */
+    jwksUri?: string;
+    /** Expected issuer — defaults to accepting bio.insureco.io, bio.tawa.insureco.io, and bio.tawa.pro */
+    issuer?: string;
+    /** Expected audience (client_id) */
+    audience?: string;
+}
+/** User profile from /api/oauth/userinfo or admin API */
+interface BioUser {
+    sub: string;
+    bioId: string;
+    email: string;
+    emailVerified: boolean;
+    name: string;
+    firstName?: string;
+    lastName?: string;
+    userType: string;
+    roles: string[];
+    permissions: string[];
+    status: string;
+    orgId?: string;
+    orgSlug?: string;
+    organizationId?: string;
+    organizationName?: string;
+    departmentId?: string;
+    departmentName?: string;
+    managerId?: string;
+    enabledModules?: string[];
+    jobTitle?: string;
+    phoneHome?: string;
+    phoneWork?: string;
+    phoneCell?: string;
+    phone?: string;
+    addressHome?: BioAddress;
+    addressWork?: BioAddress;
+    messaging?: BioMessaging;
+    preferences?: Record<string, unknown>;
+    lastLoginAt?: number;
+}
+interface BioAddress {
+    street?: string;
+    city?: string;
+    state?: string;
+    zip?: string;
+    country?: string;
+}
+interface BioMessaging {
+    slack?: string;
+    teams?: string;
+    skype?: string;
+    whatsapp?: string;
+}
+/** Filters for listing users */
+interface UserFilters {
+    search?: string;
+    status?: string;
+    userType?: string;
+    organizationId?: string;
+    page?: number;
+    limit?: number;
+}
+/** Data for updating a user */
+interface UpdateUserData {
+    firstName?: string;
+    lastName?: string;
+    displayName?: string;
+    roles?: string[];
+    status?: string;
+    userType?: string;
+    departmentId?: string;
+    jobTitle?: string;
+    permissions?: string[];
+    enabled_modules?: string[];
+}
+/** Department from admin API */
+interface BioDepartment {
+    id: string;
+    name: string;
+    description?: string;
+    organizationId: string;
+    headId?: string;
+    parentId?: string;
+    memberCount?: number;
+}
+/** Data for creating a department */
+interface CreateDepartmentData {
+    name: string;
+    description?: string;
+    headId?: string;
+    parentId?: string;
+}
+/** Role from admin API */
+interface BioRole {
+    id: string;
+    name: string;
+    description?: string;
+    permissions: string[];
+    isSystem?: boolean;
+}
+/** Data for creating a role */
+interface CreateRoleData {
+    name: string;
+    description?: string;
+    permissions: string[];
+}
+/** OAuth client from admin API */
+interface BioOAuthClient {
+    clientId: string;
+    name: string;
+    description?: string;
+    redirectUris: string[];
+    allowedScopes: string[];
+    allowedGrantTypes: string[];
+    isActive: boolean;
+    orgId?: string;
+    orgSlug?: string;
+    accessTokenTtl?: number;
+    refreshTokenTtl?: number;
+}
+/** Data for creating an OAuth client */
+interface CreateClientData {
+    name: string;
+    description?: string;
+    redirectUris: string[];
+    allowedScopes?: string[];
+    allowedGrantTypes?: string[];
+}
+/** Configuration for BioUsers client */
+interface BioUsersConfig {
+    /** Bio users URL (env: BIO_USERS_URL) */
+    usersUrl: string;
+    /** Service API key (env: BIO_SERVICE_KEY) */
+    serviceKey: string;
+    /** Request timeout in milliseconds (default: 10000) */
+    timeoutMs?: number;
+}
+/** Filters for querying org members via /api/v2/users or /api/orgs/[slug]/members */
+interface OrgMemberFilters {
+    /** Only return members with these modules enabled */
+    modules?: string[];
+    /** Only return members with these roles */
+    roles?: string[];
+    /** Max results (default: 50) */
+    limit?: number;
+    /** Page number for pagination (default: 1) */
+    page?: number;
+}
+/** A member as returned by GET /api/v2/users or GET /api/orgs/[slug]/members */
+interface OrgMember {
+    bioId: string;
+    email: string;
+    name: string;
+    jobTitle?: string;
+    enabled_modules: string[];
+    roles?: string[];
+}
+/** Paginated response from the user access endpoints */
+interface OrgMembersResult {
+    members: OrgMember[];
+    total: number;
+    page: number;
+    limit: number;
+}
+/** Admin API response wrapper */
+interface AdminResponse<T> {
+    success: boolean;
+    data?: T;
+    error?: string;
+    meta?: {
+        total: number;
+        page: number;
+        limit: number;
+    };
+}
+export type { AuthorizeOptions as A, BioAuthConfig as B, CreateDepartmentData as C, IntrospectResult as I, JWKSVerifyOptions as J, OrgMember as O, TokenResponse as T, UserFilters as U, VerifyOptions as V, AuthorizeResult as a, BioUser as b, BioAdminConfig as c, UpdateUserData as d, BioDepartment as e, BioRole as f, CreateRoleData as g, BioOAuthClient as h, CreateClientData as i, BioTokenPayload as j, AdminResponse as k, BioAddress as l, BioClientTokenPayload as m, BioMessaging as n, BioUsersConfig as o, OrgMemberFilters as p, OrgMembersResult as q };

package/dist/users.d.mts ADDED Viewed

@@ -0,0 +1,45 @@
+import { o as BioUsersConfig, p as OrgMemberFilters, q as OrgMembersResult } from './types-Dkb-drHZ.mjs';
+/**
+ * Client for Bio-ID user access endpoints.
+ *
+ * Reads org members using a service API key (BIO_SERVICE_KEY).
+ * Requires spec.userAccess declared in catalog-info.yaml — the builder
+ * injects BIO_USERS_URL and BIO_SERVICE_KEY automatically on deploy.
+ *
+ * @example
+ * import { BioUsers } from '@insureco/bio/users'
+ * const users = BioUsers.fromEnv()
+ * const members = await users.getOrgMembers('acme-corp', { modules: ['collections'] })
+ */
+declare class BioUsers {
+    private readonly usersUrl;
+    private readonly serviceKey;
+    private readonly timeoutMs;
+    constructor(config: BioUsersConfig);
+    /**
+     * Create a BioUsers client from environment variables.
+     * Reads BIO_USERS_URL and BIO_SERVICE_KEY (injected by builder on deploy).
+     */
+    static fromEnv(overrides?: Partial<BioUsersConfig>): BioUsers;
+    /**
+     * List members of a specific org.
+     *
+     * @param orgSlug - The org slug to query
+     * @param filters - Optional filters (modules, roles, limit, page)
+     */
+    getOrgMembers(orgSlug: string, filters?: OrgMemberFilters): Promise<OrgMembersResult>;
+    /**
+     * List users across orgs with optional filters.
+     * Cross-org queries require scope: cross-org in catalog-info.yaml
+     * and approval from the target org.
+     *
+     * @param filters - Optional filters (orgSlug, modules, roles, limit, page)
+     */
+    listUsers(filters?: OrgMemberFilters & {
+        orgSlug?: string;
+    }): Promise<OrgMembersResult>;
+    private request;
+}
+export { BioUsers };

package/dist/users.d.ts ADDED Viewed

@@ -0,0 +1,45 @@
+import { o as BioUsersConfig, p as OrgMemberFilters, q as OrgMembersResult } from './types-Dkb-drHZ.js';
+/**
+ * Client for Bio-ID user access endpoints.
+ *
+ * Reads org members using a service API key (BIO_SERVICE_KEY).
+ * Requires spec.userAccess declared in catalog-info.yaml — the builder
+ * injects BIO_USERS_URL and BIO_SERVICE_KEY automatically on deploy.
+ *
+ * @example
+ * import { BioUsers } from '@insureco/bio/users'
+ * const users = BioUsers.fromEnv()
+ * const members = await users.getOrgMembers('acme-corp', { modules: ['collections'] })
+ */
+declare class BioUsers {
+    private readonly usersUrl;
+    private readonly serviceKey;
+    private readonly timeoutMs;
+    constructor(config: BioUsersConfig);
+    /**
+     * Create a BioUsers client from environment variables.
+     * Reads BIO_USERS_URL and BIO_SERVICE_KEY (injected by builder on deploy).
+     */
+    static fromEnv(overrides?: Partial<BioUsersConfig>): BioUsers;
+    /**
+     * List members of a specific org.
+     *
+     * @param orgSlug - The org slug to query
+     * @param filters - Optional filters (modules, roles, limit, page)
+     */
+    getOrgMembers(orgSlug: string, filters?: OrgMemberFilters): Promise<OrgMembersResult>;
+    /**
+     * List users across orgs with optional filters.
+     * Cross-org queries require scope: cross-org in catalog-info.yaml
+     * and approval from the target org.
+     *
+     * @param filters - Optional filters (orgSlug, modules, roles, limit, page)
+     */
+    listUsers(filters?: OrgMemberFilters & {
+        orgSlug?: string;
+    }): Promise<OrgMembersResult>;
+    private request;
+}
+export { BioUsers };