@lti-tool/core 0.9.0

package/dist/ltiTool.d.ts

@@ -0,0 +1,184 @@
+import type { JWKS } from './interfaces/jwks.js';
+import type { LTIClient } from './interfaces/ltiClient.js';
+import type { LTIConfig } from './interfaces/ltiConfig.js';
+import type { LTIDeployment } from './interfaces/ltiDeployment.js';
+import type { LTISession } from './interfaces/ltiSession.js';
+import { type LTI13JwtPayload } from './schemas/index.js';
+import type { ScoreSubmission } from './schemas/lti13/ags/scoreSubmission.schema.js';
+/**
+ * Main LTI 1.3 Tool implementation providing secure authentication, launch verification,
+ * and LTI Advantage services integration.
+ *
+ * @example
+ * ```typescript
+ * const ltiTool = new LTITool({
+ *   stateSecret: new TextEncoder().encode('your-secret'),
+ *   keyPair: await generateKeyPair('RS256'),
+ *   storage: new MemoryStorage()
+ * });
+ *
+ * // Handle login initiation
+ * const authUrl = await ltiTool.handleLogin({
+ *   client_id: 'your-client-id',
+ *   iss: 'https://platform.example.com',
+ *   launchUrl: 'https://yourtool.com/lti/launch',
+ *   login_hint: 'user123',
+ *   target_link_uri: 'https://yourtool.com/content',
+ *   lti_deployment_id: 'deployment123'
+ * });
+ * ```
+ */
+export declare class LTITool {
+    private config;
+    /** Cache for JWKS remote key sets to improve performance */
+    private jwksCache;
+    private logger;
+    private tokenService;
+    private agsService;
+    /**
+     * Creates a new LTI Tool instance.
+     *
+     * @param config - Configuration object containing secrets, keys, and storage adapter
+     */
+    constructor(config: LTIConfig);
+    /**
+     * Handles LTI 1.3 login initiation by generating state/nonce and redirecting to platform auth.
+     *
+     * @param params - Login parameters from the platform
+     * @param params.client_id - OAuth2 client identifier for this tool
+     * @param params.iss - Platform issuer URL (identifies the LMS)
+     * @param params.launchUrl - URL where platform will POST the id_token after auth
+     * @param params.login_hint - Platform-specific user identifier hint
+     * @param params.target_link_uri - Final destination URL after successful launch
+     * @param params.lti_deployment_id - Deployment identifier within the platform
+     * @param params.lti_message_hint - Optional platform-specific message context
+     * @returns Authorization URL to redirect user to for authentication
+     * @throws {Error} When platform configuration is not found
+     */
+    handleLogin(params: {
+        client_id: string;
+        iss: string;
+        launchUrl: URL | string;
+        login_hint: string;
+        target_link_uri: string;
+        lti_deployment_id: string;
+        lti_message_hint?: string;
+    }): Promise<string>;
+    /**
+     * Verifies and validates an LTI 1.3 launch by checking JWT signatures, nonces, and claims.
+     *
+     * Performs comprehensive security validation including:
+     * - JWT signature verification using platform's JWKS
+     * - State JWT verification to prevent CSRF
+     * - Nonce validation to prevent replay attacks
+     * - Client ID and deployment ID verification
+     * - LTI 1.3 claim structure validation
+     *
+     * @param idToken - JWT id_token received from platform after authentication
+     * @param state - State JWT that was generated during login initiation
+     * @returns Validated and parsed LTI 1.3 JWT payload
+     * @throws {Error} When verification fails for security reasons
+     */
+    verifyLaunch(idToken: string, state: string): Promise<LTI13JwtPayload>;
+    /**
+     * Generates JSON Web Key Set (JWKS) containing the tool's public key for platform verification.
+     *
+     * @returns JWKS object with the tool's public key for JWT signature verification
+     */
+    getJWKS(): Promise<JWKS>;
+    /**
+     * Creates and stores a new LTI session from validated JWT payload.
+     *
+     * @param lti13JwtPayload - Validated LTI 1.3 JWT payload from successful launch
+     * @returns Created session object with user, context, and service information
+     */
+    createSession(lti13JwtPayload: LTI13JwtPayload): Promise<LTISession>;
+    /**
+     * Retrieves an existing LTI session by session ID.
+     *
+     * @param sessionId - Unique session identifier
+     * @returns Session object if found, undefined otherwise
+     */
+    getSession(sessionId: string): Promise<LTISession | undefined>;
+    /**
+     * Submits a grade score to the platform using Assignment and Grade Services (AGS).
+     *
+     * @param session - Active LTI session containing AGS service endpoints
+     * @param score - Score submission data including grade value and user ID
+     * @returns Result of the score submission
+     * @throws {Error} When AGS is not available or submission fails
+     */
+    submitScore(session: LTISession, score: ScoreSubmission): Promise<Response>;
+    /**
+     * Retrieves all configured LTI client platforms.
+     *
+     * @returns Array of client configurations (without deployment details)
+     */
+    listClients(): Promise<Omit<LTIClient, 'deployments'>[]>;
+    /**
+     * Updates an existing client configuration.
+     *
+     * @param clientId - Unique client identifier
+     * @param client - Partial client object with fields to update
+     */
+    updateClient(clientId: string, client: Partial<Omit<LTIClient, 'id' | 'deployments'>>): Promise<void>;
+    /**
+     * Retrieves a specific client configuration by ID.
+     *
+     * @param clientId - Unique client identifier
+     * @returns Client configuration if found, undefined otherwise
+     */
+    getClientById(clientId: string): Promise<LTIClient | undefined>;
+    /**
+     * Adds a new LTI client platform configuration.
+     *
+     * @param client - Client configuration (ID will be auto-generated)
+     * @returns The generated client ID
+     */
+    addClient(client: Omit<LTIClient, 'id' | 'deployments'>): Promise<string>;
+    /**
+     * Removes a client configuration and all its deployments.
+     *
+     * @param clientId - Unique client identifier
+     */
+    deleteClient(clientId: string): Promise<void>;
+    /**
+     * Lists all deployments for a specific client platform.
+     *
+     * @param clientId - Client identifier
+     * @returns Array of deployment configurations for the client
+     */
+    listDeployments(clientId: string): Promise<LTIDeployment[]>;
+    /**
+     * Retrieves a specific deployment configuration.
+     *
+     * @param clientId - Client identifier
+     * @param deploymentId - Deployment identifier
+     * @returns Deployment configuration if found, undefined otherwise
+     */
+    getDeployment(clientId: string, deploymentId: string): Promise<LTIDeployment | undefined>;
+    /**
+     * Adds a new deployment to an existing client.
+     *
+     * @param clientId - Client identifier
+     * @param deployment - Deployment configuration to add
+     * @returns The generated deployment ID
+     */
+    addDeployment(clientId: string, deployment: Omit<LTIDeployment, 'id'>): Promise<string>;
+    /**
+     * Updates an existing deployment configuration.
+     *
+     * @param clientId - Client identifier
+     * @param deploymentId - Deployment identifier
+     * @param deployment - Partial deployment object with fields to update
+     */
+    updateDeployment(clientId: string, deploymentId: string, deployment: Partial<LTIDeployment>): Promise<void>;
+    /**
+     * Removes a deployment from a client.
+     *
+     * @param clientId - Client identifier
+     * @param deploymentId - Deployment identifier to remove
+     */
+    deleteDeployment(clientId: string, deploymentId: string): Promise<void>;
+}
+//# sourceMappingURL=ltiTool.d.ts.map

package/dist/ltiTool.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ltiTool.d.ts","sourceRoot":"","sources":["../src/ltiTool.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAC;AACnE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAE7D,OAAO,EAEL,KAAK,eAAe,EAIrB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,+CAA+C,CAAC;AAMrF;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,qBAAa,OAAO;IAYN,OAAO,CAAC,MAAM;IAX1B,4DAA4D;IAC5D,OAAO,CAAC,SAAS,CAA4D;IAC7E,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,UAAU,CAAa;IAE/B;;;;OAIG;gBACiB,MAAM,EAAE,SAAS;IAiBrC;;;;;;;;;;;;;OAaG;IACG,WAAW,CAAC,MAAM,EAAE;QACxB,SAAS,EAAE,MAAM,CAAC;QAClB,GAAG,EAAE,MAAM,CAAC;QACZ,SAAS,EAAE,GAAG,GAAG,MAAM,CAAC;QACxB,UAAU,EAAE,MAAM,CAAC;QACnB,eAAe,EAAE,MAAM,CAAC;QACxB,iBAAiB,EAAE,MAAM,CAAC;QAC1B,gBAAgB,CAAC,EAAE,MAAM,CAAC;KAC3B,GAAG,OAAO,CAAC,MAAM,CAAC;IAgDnB;;;;;;;;;;;;;;OAcG;IACG,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAuD5E;;;;OAIG;IACG,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAc9B;;;;;OAKG;IACG,aAAa,CAAC,eAAe,EAAE,eAAe,GAAG,OAAO,CAAC,UAAU,CAAC;IAM1E;;;;;OAKG;IACG,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,SAAS,CAAC;IAKpE;;;;;;;OAOG;IACG,WAAW,CAAC,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,eAAe,GAAG,OAAO,CAAC,QAAQ,CAAC;IAYjF;;;;OAIG;IACG,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,EAAE,CAAC;IAI9D;;;;;OAKG;IACG,YAAY,CAChB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,GAAG,aAAa,CAAC,CAAC,GACrD,OAAO,CAAC,IAAI,CAAC;IAKhB;;;;;OAKG;IACG,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC;IAIrE;;;;;OAKG;IACG,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,GAAG,aAAa,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC;IAK/E;;;;OAIG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMnD;;;;;OAKG;IACG,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAIjE;;;;;;OAMG;IACG,aAAa,CACjB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC;IAIrC;;;;;;OAMG;IACG,aAAa,CACjB,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,GACpC,OAAO,CAAC,MAAM,CAAC;IAIlB;;;;;;OAMG;IACG,gBAAgB,CACpB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,OAAO,CAAC,aAAa,CAAC,GACjC,OAAO,CAAC,IAAI,CAAC;IAIhB;;;;;OAKG;IACG,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAG9E"}

package/dist/ltiTool.js

@@ -0,0 +1,305 @@
+import { SignJWT, createRemoteJWKSet, decodeJwt, exportJWK, jwtVerify } from 'jose';
+import { AddClientSchema, UpdateClientSchema } from './schemas/client.schema.js';
+import { HandleLoginParamsSchema, LTI13JwtPayloadSchema, SessionIdSchema, VerifyLaunchParamsSchema, } from './schemas/index.js';
+import { AGSService } from './services/ags.service.js';
+import { createSession } from './services/session.service.js';
+import { TokenService } from './services/token.service.js';
+import { getValidLaunchConfig } from './utils/launchConfigValidation.js';
+/**
+ * Main LTI 1.3 Tool implementation providing secure authentication, launch verification,
+ * and LTI Advantage services integration.
+ *
+ * @example
+ * ```typescript
+ * const ltiTool = new LTITool({
+ *   stateSecret: new TextEncoder().encode('your-secret'),
+ *   keyPair: await generateKeyPair('RS256'),
+ *   storage: new MemoryStorage()
+ * });
+ *
+ * // Handle login initiation
+ * const authUrl = await ltiTool.handleLogin({
+ *   client_id: 'your-client-id',
+ *   iss: 'https://platform.example.com',
+ *   launchUrl: 'https://yourtool.com/lti/launch',
+ *   login_hint: 'user123',
+ *   target_link_uri: 'https://yourtool.com/content',
+ *   lti_deployment_id: 'deployment123'
+ * });
+ * ```
+ */
+export class LTITool {
+    config;
+    /** Cache for JWKS remote key sets to improve performance */
+    jwksCache = new Map();
+    logger;
+    tokenService;
+    agsService;
+    /**
+     * Creates a new LTI Tool instance.
+     *
+     * @param config - Configuration object containing secrets, keys, and storage adapter
+     */
+    constructor(config) {
+        this.config = config;
+        this.logger =
+            config.logger ??
+                {
+                    debug: () => { },
+                    info: () => { },
+                    warn: () => { },
+                    error: () => { },
+                };
+        this.tokenService = new TokenService(this.config.keyPair, this.config.security?.keyId ?? 'main');
+        this.agsService = new AGSService(this.tokenService, this.config.storage, this.logger);
+    }
+    /**
+     * Handles LTI 1.3 login initiation by generating state/nonce and redirecting to platform auth.
+     *
+     * @param params - Login parameters from the platform
+     * @param params.client_id - OAuth2 client identifier for this tool
+     * @param params.iss - Platform issuer URL (identifies the LMS)
+     * @param params.launchUrl - URL where platform will POST the id_token after auth
+     * @param params.login_hint - Platform-specific user identifier hint
+     * @param params.target_link_uri - Final destination URL after successful launch
+     * @param params.lti_deployment_id - Deployment identifier within the platform
+     * @param params.lti_message_hint - Optional platform-specific message context
+     * @returns Authorization URL to redirect user to for authentication
+     * @throws {Error} When platform configuration is not found
+     */
+    async handleLogin(params) {
+        const validatedParams = HandleLoginParamsSchema.parse(params);
+        const nonce = crypto.randomUUID();
+        // Store nonce with expiration for replay attack prevention
+        const nonceExpirationSeconds = this.config.security?.nonceExpirationSeconds ?? 600;
+        const nonceExpiresAt = new Date(Date.now() + nonceExpirationSeconds * 1000);
+        await this.config.storage.storeNonce(nonce, nonceExpiresAt);
+        const state = await new SignJWT({
+            nonce,
+            iss: validatedParams.iss,
+            client_id: validatedParams.client_id,
+            target_link_uri: validatedParams.target_link_uri,
+            exp: Math.floor(Date.now() / 1000) +
+                (this.config.security?.stateExpirationSeconds ?? 600),
+        })
+            .setProtectedHeader({ alg: 'HS256' })
+            .sign(this.config.stateSecret);
+        const launchConfig = await getValidLaunchConfig(this.config.storage, validatedParams.iss, validatedParams.client_id, validatedParams.lti_deployment_id);
+        const authUrl = new URL(launchConfig.authUrl);
+        authUrl.searchParams.set('scope', 'openid');
+        authUrl.searchParams.set('response_type', 'id_token');
+        authUrl.searchParams.set('response_mode', 'form_post');
+        authUrl.searchParams.set('prompt', 'none');
+        authUrl.searchParams.set('client_id', validatedParams.client_id);
+        authUrl.searchParams.set('redirect_uri', validatedParams.launchUrl.toString());
+        authUrl.searchParams.set('login_hint', validatedParams.login_hint);
+        authUrl.searchParams.set('state', state);
+        authUrl.searchParams.set('nonce', nonce);
+        authUrl.searchParams.set('lti_deployment_id', validatedParams.lti_deployment_id);
+        if (validatedParams.lti_message_hint) {
+            authUrl.searchParams.set('lti_message_hint', validatedParams.lti_message_hint);
+        }
+        return authUrl.toString();
+    }
+    /**
+     * Verifies and validates an LTI 1.3 launch by checking JWT signatures, nonces, and claims.
+     *
+     * Performs comprehensive security validation including:
+     * - JWT signature verification using platform's JWKS
+     * - State JWT verification to prevent CSRF
+     * - Nonce validation to prevent replay attacks
+     * - Client ID and deployment ID verification
+     * - LTI 1.3 claim structure validation
+     *
+     * @param idToken - JWT id_token received from platform after authentication
+     * @param state - State JWT that was generated during login initiation
+     * @returns Validated and parsed LTI 1.3 JWT payload
+     * @throws {Error} When verification fails for security reasons
+     */
+    async verifyLaunch(idToken, state) {
+        const validatedParams = VerifyLaunchParamsSchema.parse({ idToken, state });
+        // 1. UNVERIFIED - get issuer
+        const unverified = decodeJwt(validatedParams.idToken);
+        if (!unverified.iss) {
+            throw new Error('No issuer in token');
+        }
+        // 2. get the launchConfig so we can get the remote JWKS from our data store
+        const launchConfig = await getValidLaunchConfig(this.config.storage, unverified.iss, unverified.aud, unverified['https://purl.imsglobal.org/spec/lti/claim/deployment_id']);
+        // 3. Verify LMS JWT
+        let jwks = this.jwksCache.get(launchConfig.jwksUrl);
+        if (!jwks) {
+            jwks = createRemoteJWKSet(new URL(launchConfig.jwksUrl));
+            this.jwksCache.set(launchConfig.jwksUrl, jwks);
+        }
+        const { payload } = await jwtVerify(validatedParams.idToken, jwks);
+        // 4. Verify our state JWT
+        const { payload: stateData } = await jwtVerify(validatedParams.state, this.config.stateSecret);
+        // 5. Parse and validate LMS JWT
+        const validated = LTI13JwtPayloadSchema.parse(payload);
+        // 6. Verify client id matches (audience claim)
+        if (validated.aud !== launchConfig.clientId) {
+            throw new Error(`Invalid client_id: expected ${launchConfig.clientId}, got ${validated.aud}`);
+        }
+        // 7. Verify nonce matches
+        if (stateData.nonce !== validated.nonce) {
+            throw new Error('Nonce mismatch');
+        }
+        // 8. Check nonce hasn't been used before (prevent replay attacks)
+        const isValidNonce = await this.config.storage.validateNonce(validated.nonce);
+        if (!isValidNonce) {
+            throw new Error('Nonce has already been used or expired');
+        }
+        return validated;
+    }
+    /**
+     * Generates JSON Web Key Set (JWKS) containing the tool's public key for platform verification.
+     *
+     * @returns JWKS object with the tool's public key for JWT signature verification
+     */
+    async getJWKS() {
+        const publicJwk = await exportJWK(this.config.keyPair.publicKey);
+        return {
+            keys: [
+                {
+                    ...publicJwk,
+                    use: 'sig',
+                    alg: 'RS256',
+                    kid: this.config.security?.keyId ?? 'main',
+                },
+            ],
+        };
+    }
+    /**
+     * Creates and stores a new LTI session from validated JWT payload.
+     *
+     * @param lti13JwtPayload - Validated LTI 1.3 JWT payload from successful launch
+     * @returns Created session object with user, context, and service information
+     */
+    async createSession(lti13JwtPayload) {
+        const session = createSession(lti13JwtPayload);
+        await this.config.storage.addSession(session);
+        return session;
+    }
+    /**
+     * Retrieves an existing LTI session by session ID.
+     *
+     * @param sessionId - Unique session identifier
+     * @returns Session object if found, undefined otherwise
+     */
+    async getSession(sessionId) {
+        const validatedSessionId = SessionIdSchema.parse(sessionId);
+        return await this.config.storage.getSession(validatedSessionId);
+    }
+    /**
+     * Submits a grade score to the platform using Assignment and Grade Services (AGS).
+     *
+     * @param session - Active LTI session containing AGS service endpoints
+     * @param score - Score submission data including grade value and user ID
+     * @returns Result of the score submission
+     * @throws {Error} When AGS is not available or submission fails
+     */
+    async submitScore(session, score) {
+        if (!session) {
+            throw new Error('session is required');
+        }
+        if (!score) {
+            throw new Error('score is required');
+        }
+        return await this.agsService.submitScore(session, score);
+    }
+    // Client management
+    /**
+     * Retrieves all configured LTI client platforms.
+     *
+     * @returns Array of client configurations (without deployment details)
+     */
+    async listClients() {
+        return await this.config.storage.listClients();
+    }
+    /**
+     * Updates an existing client configuration.
+     *
+     * @param clientId - Unique client identifier
+     * @param client - Partial client object with fields to update
+     */
+    async updateClient(clientId, client) {
+        const validated = UpdateClientSchema.parse(client);
+        return await this.config.storage.updateClient(clientId, validated);
+    }
+    /**
+     * Retrieves a specific client configuration by ID.
+     *
+     * @param clientId - Unique client identifier
+     * @returns Client configuration if found, undefined otherwise
+     */
+    async getClientById(clientId) {
+        return await this.config.storage.getClientById(clientId);
+    }
+    /**
+     * Adds a new LTI client platform configuration.
+     *
+     * @param client - Client configuration (ID will be auto-generated)
+     * @returns The generated client ID
+     */
+    async addClient(client) {
+        const validated = AddClientSchema.parse(client);
+        return await this.config.storage.addClient(validated);
+    }
+    /**
+     * Removes a client configuration and all its deployments.
+     *
+     * @param clientId - Unique client identifier
+     */
+    async deleteClient(clientId) {
+        return await this.config.storage.deleteClient(clientId);
+    }
+    // Deployment management
+    /**
+     * Lists all deployments for a specific client platform.
+     *
+     * @param clientId - Client identifier
+     * @returns Array of deployment configurations for the client
+     */
+    async listDeployments(clientId) {
+        return await this.config.storage.listDeployments(clientId);
+    }
+    /**
+     * Retrieves a specific deployment configuration.
+     *
+     * @param clientId - Client identifier
+     * @param deploymentId - Deployment identifier
+     * @returns Deployment configuration if found, undefined otherwise
+     */
+    async getDeployment(clientId, deploymentId) {
+        return await this.config.storage.getDeployment(clientId, deploymentId);
+    }
+    /**
+     * Adds a new deployment to an existing client.
+     *
+     * @param clientId - Client identifier
+     * @param deployment - Deployment configuration to add
+     * @returns The generated deployment ID
+     */
+    async addDeployment(clientId, deployment) {
+        return await this.config.storage.addDeployment(clientId, deployment);
+    }
+    /**
+     * Updates an existing deployment configuration.
+     *
+     * @param clientId - Client identifier
+     * @param deploymentId - Deployment identifier
+     * @param deployment - Partial deployment object with fields to update
+     */
+    async updateDeployment(clientId, deploymentId, deployment) {
+        return await this.config.storage.updateDeployment(clientId, deploymentId, deployment);
+    }
+    /**
+     * Removes a deployment from a client.
+     *
+     * @param clientId - Client identifier
+     * @param deploymentId - Deployment identifier to remove
+     */
+    async deleteDeployment(clientId, deploymentId) {
+        return await this.config.storage.deleteDeployment(clientId, deploymentId);
+    }
+}

package/dist/schemas/client.schema.d.ts

@@ -0,0 +1,33 @@
+import { z } from 'zod';
+export declare const ClientSchema: z.ZodObject<{
+    id: z.ZodUUID;
+    name: z.ZodString;
+    iss: z.ZodURL;
+    clientId: z.ZodString;
+    authUrl: z.ZodURL;
+    tokenUrl: z.ZodURL;
+    jwksUrl: z.ZodURL;
+    deployments: z.ZodArray<z.ZodObject<{
+        id: z.ZodUUID;
+        deploymentId: z.ZodString;
+        name: z.ZodOptional<z.ZodString>;
+        description: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>;
+}, z.core.$strip>;
+export declare const AddClientSchema: z.ZodObject<{
+    name: z.ZodString;
+    iss: z.ZodURL;
+    clientId: z.ZodString;
+    authUrl: z.ZodURL;
+    tokenUrl: z.ZodURL;
+    jwksUrl: z.ZodURL;
+}, z.core.$strip>;
+export declare const UpdateClientSchema: z.ZodObject<{
+    name: z.ZodString;
+    iss: z.ZodURL;
+    clientId: z.ZodString;
+    authUrl: z.ZodURL;
+    tokenUrl: z.ZodURL;
+    jwksUrl: z.ZodURL;
+}, z.core.$strip>;
+//# sourceMappingURL=client.schema.d.ts.map

package/dist/schemas/client.schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.schema.d.ts","sourceRoot":"","sources":["../../src/schemas/client.schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAIxB,eAAO,MAAM,YAAY;;;;;;;;;;;;;;iBASvB,CAAC;AAEH,eAAO,MAAM,eAAe;;;;;;;iBAAqD,CAAC;AAClF,eAAO,MAAM,kBAAkB;;;;;;;iBAAqD,CAAC"}

package/dist/schemas/client.schema.js

@@ -0,0 +1,14 @@
+import { z } from 'zod';
+import { DeploymentSchema } from './deployment.schema';
+export const ClientSchema = z.object({
+    id: z.uuid().describe('Internal stable UUID for the client'),
+    name: z.string().min(1).describe('human-readable name for the platform'),
+    iss: z.url().describe('Platform issuer (unique identifier)'),
+    clientId: z.string().min(1).describe("Your app's client ID on this platform"),
+    authUrl: z.url().describe("Platform's auth endpoint"),
+    tokenUrl: z.url().describe("Platform's token endpoint"),
+    jwksUrl: z.url().describe("Platform's JWKS endpoint"),
+    deployments: z.array(DeploymentSchema),
+});
+export const AddClientSchema = ClientSchema.omit({ id: true, deployments: true });
+export const UpdateClientSchema = ClientSchema.omit({ id: true, deployments: true });

package/dist/schemas/common.schema.d.ts

@@ -0,0 +1,6 @@
+import { z } from 'zod';
+/**
+ * Common validation schemas used across the LTI tool
+ */
+export declare const SessionIdSchema: z.ZodString;
+//# sourceMappingURL=common.schema.d.ts.map

package/dist/schemas/common.schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"common.schema.d.ts","sourceRoot":"","sources":["../../src/schemas/common.schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;GAEG;AAEH,eAAO,MAAM,eAAe,aAA6C,CAAC"}

package/dist/schemas/common.schema.js

@@ -0,0 +1,5 @@
+import { z } from 'zod';
+/**
+ * Common validation schemas used across the LTI tool
+ */
+export const SessionIdSchema = z.string().min(1, 'sessionId is required');

package/dist/schemas/deployment.schema.d.ts

@@ -0,0 +1,8 @@
+import { z } from 'zod';
+export declare const DeploymentSchema: z.ZodObject<{
+    id: z.ZodUUID;
+    deploymentId: z.ZodString;
+    name: z.ZodOptional<z.ZodString>;
+    description: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+//# sourceMappingURL=deployment.schema.d.ts.map

package/dist/schemas/deployment.schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"deployment.schema.d.ts","sourceRoot":"","sources":["../../src/schemas/deployment.schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,eAAO,MAAM,gBAAgB;;;;;iBAS3B,CAAC"}

package/dist/schemas/deployment.schema.js

@@ -0,0 +1,11 @@
+import { z } from 'zod';
+export const DeploymentSchema = z.object({
+    id: z.uuid().describe('Internal stable UUID for this deployment configuration'),
+    deploymentId: z.string().min(1).describe('LMS-provided deployment identifier'),
+    name: z
+        .string()
+        .min(1)
+        .optional()
+        .describe('Optional human-readable name for the deployment'),
+    description: z.string().optional().describe('Optional description of the deployment'),
+});

package/dist/schemas/index.d.ts

@@ -0,0 +1,5 @@
+export { SessionIdSchema } from './common.schema.js';
+export { LTI13JwtPayloadSchema, type LTI13JwtPayload, } from './lti13/lti13JwtPayload.schema.js';
+export { LTI13LaunchSchema, VerifyLaunchParamsSchema, } from './lti13/lti13Launch.schema.js';
+export { HandleLoginParamsSchema, LTI13LoginSchema } from './lti13/lti13Login.schema.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/schemas/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/schemas/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EACL,qBAAqB,EACrB,KAAK,eAAe,GACrB,MAAM,mCAAmC,CAAC;AAC3C,OAAO,EACL,iBAAiB,EACjB,wBAAwB,GACzB,MAAM,+BAA+B,CAAC;AACvC,OAAO,EAAE,uBAAuB,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC"}

package/dist/schemas/index.js

@@ -0,0 +1,4 @@
+export { SessionIdSchema } from './common.schema.js';
+export { LTI13JwtPayloadSchema, } from './lti13/lti13JwtPayload.schema.js';
+export { LTI13LaunchSchema, VerifyLaunchParamsSchema, } from './lti13/lti13Launch.schema.js';
+export { HandleLoginParamsSchema, LTI13LoginSchema } from './lti13/lti13Login.schema.js';

package/dist/schemas/lti13/ags/scoreSubmission.schema.d.ts

@@ -0,0 +1,34 @@
+import { z } from 'zod';
+/**
+ * Schema for submitting grades via LTI Assignment and Grade Services (AGS).
+ * Validates score data according to LTI AGS v2.0 specification.
+ *
+ * @see https://www.imsglobal.org/spec/lti-ags/v2p0/#score-publish-service
+ */
+export declare const ScoreSubmissionSchema: z.ZodObject<{
+    scoreGiven: z.ZodNumber;
+    scoreMaximum: z.ZodNumber;
+    comment: z.ZodOptional<z.ZodString>;
+    userId: z.ZodOptional<z.ZodString>;
+    timestamp: z.ZodOptional<z.ZodISODateTime>;
+    activityProgress: z.ZodDefault<z.ZodEnum<{
+        Initialized: "Initialized";
+        Started: "Started";
+        InProgress: "InProgress";
+        Submitted: "Submitted";
+        Completed: "Completed";
+    }>>;
+    gradingProgress: z.ZodDefault<z.ZodEnum<{
+        NotReady: "NotReady";
+        Failed: "Failed";
+        Pending: "Pending";
+        PendingManual: "PendingManual";
+        FullyGraded: "FullyGraded";
+    }>>;
+}, z.core.$strip>;
+/**
+ * Type representing a validated score submission for LTI AGS.
+ * Contains grade data and metadata to be sent to the platform.
+ */
+export type ScoreSubmission = z.infer<typeof ScoreSubmissionSchema>;
+//# sourceMappingURL=scoreSubmission.schema.d.ts.map

package/dist/schemas/lti13/ags/scoreSubmission.schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scoreSubmission.schema.d.ts","sourceRoot":"","sources":["../../../../src/schemas/lti13/ags/scoreSubmission.schema.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB;;;;;GAKG;AACH,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;iBAuChC,CAAC;AAEH;;;GAGG;AACH,MAAM,MAAM,eAAe,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,qBAAqB,CAAC,CAAC"}