@insureco/bio 0.6.0 → 0.8.0

package/dist/index.js

@@ -35,6 +35,7 @@ __export(index_exports, {
   BioError: () => BioError,
   EmbedClient: () => EmbedClient,
   GraphClient: () => GraphClient,
+  PassportClient: () => PassportClient,
   decodeToken: () => decodeToken,
   generatePKCE: () => generatePKCE,
   isTokenExpired: () => isTokenExpired,
@@ -172,6 +173,23 @@ var BioAuth = class _BioAuth {
       codeChallenge
     };
   }
+  /**
+   * Build an authorization URL with prompt=none for silent authentication.
+   *
+   * Useful for checking if the user has an existing session without showing
+   * a login screen. If the user is not authenticated, Bio-ID redirects back
+   * with an `error=login_required` query parameter instead of showing UI.
+   */
+  silentAuth(opts) {
+    const result = this.getAuthorizationUrl({
+      redirectUri: opts.redirectUri,
+      scopes: opts.scopes,
+      state: opts.state
+    });
+    const url = new URL(result.url);
+    url.searchParams.set("prompt", "none");
+    return { ...result, url: url.toString() };
+  }
   /**
    * Exchange an authorization code for tokens.
    *
@@ -1050,7 +1068,48 @@ var GraphClient = class _GraphClient {
   async matchAppetite(input) {
     return this.post("/api/graph/appetite/match", input, { requiresAuth: true });
   }
+  // ─── Verification Routes (auth required, gas-metered) ─────────────────────
+  /**
+   * Verify an agent's license for a given state and line of business.
+   * Returns validity, license number, expiry, and a Septor proof hash.
+   */
+  async verifyLicense(input) {
+    return this.post("/api/graph/verify/license", input, { requiresAuth: true });
+  }
+  /**
+   * Verify an agent's appointment with a carrier.
+   * Returns validity, appointed date, states, and a Septor proof hash.
+   */
+  async verifyAppointment(input) {
+    return this.post("/api/graph/verify/appointment", input, { requiresAuth: true });
+  }
+  /**
+   * Get the distribution chain for an entity (agent → agency → MGA → carrier).
+   * Requires an accessToken (auth: required).
+   */
+  async getChain(entityId) {
+    return this.getAuth(`/api/graph/chain/${encodeURIComponent(entityId)}`);
+  }
+  /**
+   * Search across Agent, Agency, MGA, and Carrier nodes.
+   * Public route — no auth required.
+   */
+  async search(query, options) {
+    const params = new URLSearchParams({ q: query });
+    if (options?.limit) params.set("limit", String(options.limit));
+    if (options?.types?.length) params.set("types", options.types.join(","));
+    return this.get(`/api/graph/search?${params.toString()}`);
+  }
   // ─── Internal ─────────────────────────────────────────────────────────────
+  async getAuth(path) {
+    if (!this.accessToken) {
+      throw new BioError(
+        `bio-graph ${path} requires an accessToken \u2014 pass it in the GraphClient constructor`,
+        "config_error"
+      );
+    }
+    return this.get(path);
+  }
   async get(path, attempt = 0) {
     const url = `${this.graphUrl}${path}`;
     const controller = new AbortController();
@@ -1149,6 +1208,157 @@ var GraphClient = class _GraphClient {
     return body;
   }
 };
+
+// src/passport-client.ts
+var PassportClient = class {
+  config;
+  ws = null;
+  _passport = null;
+  _status = "disconnected";
+  reconnectAttempt = 0;
+  reconnectTimer = null;
+  listeners = /* @__PURE__ */ new Map();
+  closed = false;
+  constructor(config) {
+    this.config = {
+      autoReconnect: true,
+      maxReconnectDelay: 3e4,
+      ...config
+    };
+  }
+  /** Current passport object (null until first identity message) */
+  get passport() {
+    return this._passport;
+  }
+  /** Current connection status */
+  get status() {
+    return this._status;
+  }
+  /** Connect to the passport WebSocket */
+  connect() {
+    if (this.closed) return;
+    this.setStatus("connecting");
+    const url = new URL("/passport", this.config.bioIdUrl.replace(/^http/, "ws"));
+    url.searchParams.set("token", this.config.accessToken);
+    url.searchParams.set("version", "1");
+    if (this.config.service) {
+      url.searchParams.set("service", this.config.service);
+    }
+    this.ws = new WebSocket(url.toString());
+    this.ws.onopen = () => {
+      this.reconnectAttempt = 0;
+      this.setStatus("connected");
+      this.emit("connected", this._status);
+    };
+    this.ws.onmessage = (event) => {
+      try {
+        const data = JSON.parse(
+          typeof event.data === "string" ? event.data : ""
+        );
+        if (data.type === "identity" || data.type === "passport_updated") {
+          this._passport = data.passport ?? null;
+          this.emit(data.type, this._passport);
+        } else if (data.type === "revoked") {
+          this._passport = null;
+          this.emit("revoked");
+        }
+      } catch {
+      }
+    };
+    this.ws.onclose = (event) => {
+      this.setStatus("disconnected");
+      this.emit("disconnected", this._status);
+      if (event?.code === 4003 && this.config.refreshToken && this.config.bioAuth) {
+        this.handleTokenRefresh();
+        return;
+      }
+      this.scheduleReconnect();
+    };
+    this.ws.onerror = () => {
+      const error = new Error("Passport WebSocket error");
+      this.emit("error", error);
+    };
+  }
+  /** Subscribe to an event */
+  on(event, handler) {
+    if (!this.listeners.has(event)) {
+      this.listeners.set(event, /* @__PURE__ */ new Set());
+    }
+    this.listeners.get(event).add(handler);
+  }
+  /** Unsubscribe from an event */
+  off(event, handler) {
+    this.listeners.get(event)?.delete(handler);
+  }
+  /** Disconnect and stop reconnecting */
+  close() {
+    this.closed = true;
+    if (this.reconnectTimer) {
+      clearTimeout(this.reconnectTimer);
+      this.reconnectTimer = null;
+    }
+    if (this.ws) {
+      this.ws.onclose = null;
+      this.ws.close();
+      this.ws = null;
+    }
+    this.setStatus("disconnected");
+  }
+  /** Update access token (e.g. after refresh) and reconnect */
+  updateToken(accessToken) {
+    this.config.accessToken = accessToken;
+    if (this.ws) {
+      this.ws.onclose = null;
+      this.ws.close();
+      this.ws = null;
+    }
+    this.reconnectAttempt = 0;
+    this.connect();
+  }
+  async handleTokenRefresh() {
+    if (!this.config.refreshToken || !this.config.bioAuth) return;
+    try {
+      const tokens = await this.config.bioAuth.refreshToken(this.config.refreshToken);
+      this.config.accessToken = tokens.access_token;
+      if (tokens.refresh_token) {
+        this.config.refreshToken = tokens.refresh_token;
+      }
+      if (this.config.onTokenRefresh) {
+        this.config.onTokenRefresh(tokens);
+      }
+      this.reconnectAttempt = 0;
+      this.connect();
+    } catch {
+      this.emit("error", new Error("Token refresh failed"));
+    }
+  }
+  setStatus(status) {
+    this._status = status;
+  }
+  emit(event, ...args) {
+    const handlers = this.listeners.get(event);
+    if (handlers) {
+      for (const handler of handlers) {
+        try {
+          handler(...args);
+        } catch {
+        }
+      }
+    }
+  }
+  scheduleReconnect() {
+    if (this.closed || !this.config.autoReconnect) return;
+    const delay = Math.min(
+      1e3 * Math.pow(2, this.reconnectAttempt),
+      this.config.maxReconnectDelay ?? 3e4
+    );
+    this.reconnectAttempt++;
+    this.reconnectTimer = setTimeout(() => {
+      this.reconnectTimer = null;
+      this.connect();
+    }, delay);
+  }
+};
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   BioAdmin,
@@ -1156,6 +1366,7 @@ var GraphClient = class _GraphClient {
   BioError,
   EmbedClient,
   GraphClient,
+  PassportClient,
   decodeToken,
   generatePKCE,
   isTokenExpired,

package/dist/index.mjs

@@ -1,6 +1,9 @@
 import {
   GraphClient
-} from "./chunk-PLN6QPED.mjs";
+} from "./chunk-CKHMGUDP.mjs";
+import {
+  PassportClient
+} from "./chunk-UBURAGWI.mjs";
 import {
   BioError,
   parseJsonResponse,
@@ -100,6 +103,23 @@ var BioAuth = class _BioAuth {
       codeChallenge
     };
   }
+  /**
+   * Build an authorization URL with prompt=none for silent authentication.
+   *
+   * Useful for checking if the user has an existing session without showing
+   * a login screen. If the user is not authenticated, Bio-ID redirects back
+   * with an `error=login_required` query parameter instead of showing UI.
+   */
+  silentAuth(opts) {
+    const result = this.getAuthorizationUrl({
+      redirectUri: opts.redirectUri,
+      scopes: opts.scopes,
+      state: opts.state
+    });
+    const url = new URL(result.url);
+    url.searchParams.set("prompt", "none");
+    return { ...result, url: url.toString() };
+  }
   /**
    * Exchange an authorization code for tokens.
    *
@@ -924,6 +944,7 @@ export {
   BioError,
   EmbedClient,
   GraphClient,
+  PassportClient,
   decodeToken,
   generatePKCE,
   isTokenExpired,

package/dist/passport-react.d.mts

@@ -0,0 +1,27 @@
+import { P as Passport, a as PassportStatus } from './passport-types-bPgjNxv-.mjs';
+
+interface UsePassportOptions {
+    /** Bio-ID base URL */
+    bioIdUrl: string;
+    /** Access token for authentication */
+    accessToken: string | null;
+    /** Service name for tracking */
+    service?: string;
+    /** Auto-reconnect (default: true) */
+    autoReconnect?: boolean;
+}
+interface UsePassportResult {
+    /** Current passport object (null until identity received) */
+    passport: Passport | null;
+    /** Connection status */
+    status: PassportStatus;
+    /** Last error (null if none) */
+    error: Error | null;
+    /** Manually disconnect */
+    disconnect: () => void;
+    /** Manually reconnect */
+    reconnect: () => void;
+}
+declare function usePassport(options: UsePassportOptions): UsePassportResult;
+
+export { type UsePassportOptions, type UsePassportResult, usePassport };

package/dist/passport-react.d.ts

@@ -0,0 +1,27 @@
+import { P as Passport, a as PassportStatus } from './passport-types-bPgjNxv-.js';
+
+interface UsePassportOptions {
+    /** Bio-ID base URL */
+    bioIdUrl: string;
+    /** Access token for authentication */
+    accessToken: string | null;
+    /** Service name for tracking */
+    service?: string;
+    /** Auto-reconnect (default: true) */
+    autoReconnect?: boolean;
+}
+interface UsePassportResult {
+    /** Current passport object (null until identity received) */
+    passport: Passport | null;
+    /** Connection status */
+    status: PassportStatus;
+    /** Last error (null if none) */
+    error: Error | null;
+    /** Manually disconnect */
+    disconnect: () => void;
+    /** Manually reconnect */
+    reconnect: () => void;
+}
+declare function usePassport(options: UsePassportOptions): UsePassportResult;
+
+export { type UsePassportOptions, type UsePassportResult, usePassport };

package/dist/passport-react.js

@@ -0,0 +1,115 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/passport-react.ts
+var passport_react_exports = {};
+__export(passport_react_exports, {
+  usePassport: () => usePassport
+});
+module.exports = __toCommonJS(passport_react_exports);
+var import_react = require("react");
+function usePassport(options) {
+  const { bioIdUrl, accessToken, service, autoReconnect = true } = options;
+  const [passport, setPassport] = (0, import_react.useState)(null);
+  const [status, setStatus] = (0, import_react.useState)("disconnected");
+  const [error, setError] = (0, import_react.useState)(null);
+  const wsRef = (0, import_react.useRef)(null);
+  const reconnectTimerRef = (0, import_react.useRef)(null);
+  const reconnectAttemptRef = (0, import_react.useRef)(0);
+  const closedRef = (0, import_react.useRef)(false);
+  const cleanup = (0, import_react.useCallback)(() => {
+    if (reconnectTimerRef.current) {
+      clearTimeout(reconnectTimerRef.current);
+      reconnectTimerRef.current = null;
+    }
+    if (wsRef.current) {
+      wsRef.current.onclose = null;
+      wsRef.current.onerror = null;
+      wsRef.current.onmessage = null;
+      wsRef.current.close();
+      wsRef.current = null;
+    }
+  }, []);
+  const connect = (0, import_react.useCallback)(() => {
+    if (!accessToken || !bioIdUrl || closedRef.current) return;
+    cleanup();
+    setStatus("connecting");
+    setError(null);
+    const url = new URL("/passport", bioIdUrl.replace(/^http/, "ws"));
+    url.searchParams.set("token", accessToken);
+    url.searchParams.set("version", "1");
+    if (service) url.searchParams.set("service", service);
+    const ws = new WebSocket(url.toString());
+    wsRef.current = ws;
+    ws.onopen = () => {
+      reconnectAttemptRef.current = 0;
+      setStatus("connected");
+    };
+    ws.onmessage = (event) => {
+      try {
+        const data = JSON.parse(event.data);
+        if (data.type === "identity" || data.type === "passport_updated") {
+          setPassport(data.passport ?? null);
+        } else if (data.type === "revoked") {
+          setPassport(null);
+        }
+      } catch {
+      }
+    };
+    ws.onclose = () => {
+      setStatus("disconnected");
+      if (!closedRef.current && autoReconnect) {
+        const delay = Math.min(1e3 * Math.pow(2, reconnectAttemptRef.current), 3e4);
+        reconnectAttemptRef.current++;
+        reconnectTimerRef.current = setTimeout(() => {
+          reconnectTimerRef.current = null;
+          connect();
+        }, delay);
+      }
+    };
+    ws.onerror = () => {
+      setError(new Error("Passport WebSocket error"));
+      setStatus("error");
+    };
+  }, [bioIdUrl, accessToken, service, autoReconnect, cleanup]);
+  (0, import_react.useEffect)(() => {
+    closedRef.current = false;
+    connect();
+    return () => {
+      closedRef.current = true;
+      cleanup();
+      setStatus("disconnected");
+    };
+  }, [connect, cleanup]);
+  const disconnect = (0, import_react.useCallback)(() => {
+    closedRef.current = true;
+    cleanup();
+    setStatus("disconnected");
+  }, [cleanup]);
+  const reconnect = (0, import_react.useCallback)(() => {
+    closedRef.current = false;
+    reconnectAttemptRef.current = 0;
+    connect();
+  }, [connect]);
+  return { passport, status, error, disconnect, reconnect };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  usePassport
+});

package/dist/passport-react.mjs

@@ -0,0 +1,90 @@
+// src/passport-react.ts
+import { useState, useEffect, useRef, useCallback } from "react";
+function usePassport(options) {
+  const { bioIdUrl, accessToken, service, autoReconnect = true } = options;
+  const [passport, setPassport] = useState(null);
+  const [status, setStatus] = useState("disconnected");
+  const [error, setError] = useState(null);
+  const wsRef = useRef(null);
+  const reconnectTimerRef = useRef(null);
+  const reconnectAttemptRef = useRef(0);
+  const closedRef = useRef(false);
+  const cleanup = useCallback(() => {
+    if (reconnectTimerRef.current) {
+      clearTimeout(reconnectTimerRef.current);
+      reconnectTimerRef.current = null;
+    }
+    if (wsRef.current) {
+      wsRef.current.onclose = null;
+      wsRef.current.onerror = null;
+      wsRef.current.onmessage = null;
+      wsRef.current.close();
+      wsRef.current = null;
+    }
+  }, []);
+  const connect = useCallback(() => {
+    if (!accessToken || !bioIdUrl || closedRef.current) return;
+    cleanup();
+    setStatus("connecting");
+    setError(null);
+    const url = new URL("/passport", bioIdUrl.replace(/^http/, "ws"));
+    url.searchParams.set("token", accessToken);
+    url.searchParams.set("version", "1");
+    if (service) url.searchParams.set("service", service);
+    const ws = new WebSocket(url.toString());
+    wsRef.current = ws;
+    ws.onopen = () => {
+      reconnectAttemptRef.current = 0;
+      setStatus("connected");
+    };
+    ws.onmessage = (event) => {
+      try {
+        const data = JSON.parse(event.data);
+        if (data.type === "identity" || data.type === "passport_updated") {
+          setPassport(data.passport ?? null);
+        } else if (data.type === "revoked") {
+          setPassport(null);
+        }
+      } catch {
+      }
+    };
+    ws.onclose = () => {
+      setStatus("disconnected");
+      if (!closedRef.current && autoReconnect) {
+        const delay = Math.min(1e3 * Math.pow(2, reconnectAttemptRef.current), 3e4);
+        reconnectAttemptRef.current++;
+        reconnectTimerRef.current = setTimeout(() => {
+          reconnectTimerRef.current = null;
+          connect();
+        }, delay);
+      }
+    };
+    ws.onerror = () => {
+      setError(new Error("Passport WebSocket error"));
+      setStatus("error");
+    };
+  }, [bioIdUrl, accessToken, service, autoReconnect, cleanup]);
+  useEffect(() => {
+    closedRef.current = false;
+    connect();
+    return () => {
+      closedRef.current = true;
+      cleanup();
+      setStatus("disconnected");
+    };
+  }, [connect, cleanup]);
+  const disconnect = useCallback(() => {
+    closedRef.current = true;
+    cleanup();
+    setStatus("disconnected");
+  }, [cleanup]);
+  const reconnect = useCallback(() => {
+    closedRef.current = false;
+    reconnectAttemptRef.current = 0;
+    connect();
+  }, [connect]);
+  return { passport, status, error, disconnect, reconnect };
+}
+export {
+  usePassport
+};

package/dist/passport-types-bPgjNxv-.d.mts

@@ -0,0 +1,79 @@
+/** The full Passport identity object pushed via WebSocket */
+interface Passport {
+    bioId: string;
+    email: string;
+    firstName: string;
+    lastName: string;
+    orgSlug: string;
+    orgId: string;
+    roles: string[];
+    villages: PassportVillage[];
+    serviceGrants: PassportServiceGrant[];
+    crossOrgPermissions: PassportCrossOrgPermission[];
+    session: PassportSession;
+}
+interface PassportVillage {
+    slug: string;
+    name: string;
+    role: 'member' | 'admin' | 'owner';
+}
+interface PassportServiceGrant {
+    service: string;
+    scopes: string[];
+    grantedAt: string;
+}
+interface PassportCrossOrgPermission {
+    targetOrgSlug: string;
+    modules: string[];
+}
+interface PassportSession {
+    issuedAt: string;
+    lastSeen: string;
+    connectedServices: string[];
+}
+/** Interface for token refresh — accepts any object with a refreshToken method */
+interface PassportTokenRefresher {
+    refreshToken: (refreshToken: string) => Promise<{
+        access_token: string;
+        refresh_token?: string;
+    }>;
+}
+/** Configuration for PassportClient */
+interface PassportClientConfig {
+    /** Bio-ID base URL (e.g. https://bio.insureco.io) */
+    bioIdUrl: string;
+    /** Access token for authentication */
+    accessToken: string;
+    /** Service name sent as ?service= query param */
+    service?: string;
+    /** Auto-reconnect on disconnect (default: true) */
+    autoReconnect?: boolean;
+    /** Max reconnect delay in ms (default: 30000) */
+    maxReconnectDelay?: number;
+    /** Optional refresh token for auto-refresh on 4003 close */
+    refreshToken?: string;
+    /** Callback when tokens are refreshed (so app can persist new tokens) */
+    onTokenRefresh?: (tokens: {
+        access_token: string;
+        refresh_token?: string;
+    }) => void;
+    /** Token refresher (e.g. BioAuth instance) — required if refreshToken is set */
+    bioAuth?: PassportTokenRefresher;
+}
+/** Events emitted by the passport socket */
+type PassportEventType = 'identity' | 'passport_updated' | 'revoked';
+/** Message received from the passport WebSocket */
+interface PassportMessage {
+    type: PassportEventType;
+    passport?: Passport;
+}
+/** Status of the passport connection */
+type PassportStatus = 'connecting' | 'connected' | 'disconnected' | 'error';
+/** Branding config from passport (optional) */
+interface PassportBranding {
+    logoUrl?: string;
+    primaryColor?: string;
+    appName?: string;
+}
+
+export type { Passport as P, PassportStatus as a, PassportBranding as b, PassportClientConfig as c, PassportCrossOrgPermission as d, PassportEventType as e, PassportMessage as f, PassportServiceGrant as g, PassportSession as h, PassportTokenRefresher as i, PassportVillage as j };