@mandaitor/sdk 0.1.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025-2026 Mandaitor
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,101 @@
+# @mandaitor/sdk
+
+TypeScript SDK for the Mandaitor Delegation Mandate Registry API.
+
+---
+
+## Installation
+
+```bash
+npm install @mandaitor/sdk
+# or
+pnpm add @mandaitor/sdk
+```
+
+## Quick Start
+
+```typescript
+import { MandaitorClient } from "@mandaitor/sdk";
+
+const client = new MandaitorClient({
+  apiKey: "mk_live_...",
+  tenantId: "tnt_acme_prod",
+});
+
+// Create a mandate
+const mandate = await client.createMandate({
+  principal: { id: "user-123", type: "NATURAL_PERSON" },
+  delegate: { id: "agent-456", type: "AGENT" },
+  scope: {
+    actions: ["construction.validation.approve"],
+    resources: ["project:proj-1/zone:EG/installation:stk_01"],
+    effect: "ALLOW",
+  },
+  constraints: {
+    validFrom: new Date().toISOString(),
+    validUntil: new Date(Date.now() + 86400000).toISOString(),
+  },
+});
+
+// Verify a delegation claim
+const result = await client.verify({
+  delegateId: "agent-456",
+  action: "construction.validation.approve",
+  resource: "project:proj-1/zone:EG/installation:stk_01",
+});
+
+console.log(result.decision); // "ALLOW" or "DENY"
+```
+
+## API Reference
+
+### `MandaitorClient`
+
+| Method | Description |
+|--------|-------------|
+| `createMandate(request)` | Create a new delegation mandate |
+| `getMandate(id)` | Retrieve a mandate by ID |
+| `listMandates(options?)` | List mandates with optional pagination |
+| `revokeMandate(id, reason?)` | Permanently revoke a mandate |
+| `suspendMandate(id, reason?)` | Temporarily suspend a mandate |
+| `reactivateMandate(id)` | Reactivate a suspended mandate |
+| `verify(request, options?)` | Verify a delegation claim |
+| `getEvents(mandateId?)` | Query audit events |
+
+### Configuration
+
+```typescript
+interface MandaitorClientConfig {
+  apiKey: string;       // API key issued during tenant onboarding
+  tenantId: string;     // Tenant identifier, e.g. "tnt_acme_prod"
+  baseUrl?: string;     // API base URL (defaults to production)
+  timeout?: number;     // Request timeout in ms (default: 5000)
+}
+```
+
+### Error Handling
+
+The SDK provides typed error classes for all API error scenarios:
+
+| Error Class | HTTP Status | Description |
+|-------------|-------------|-------------|
+| `MandaitorAuthError` | 401 | Invalid or missing API key |
+| `MandaitorForbiddenError` | 403 | Insufficient permissions |
+| `MandaitorNotFoundError` | 404 | Resource not found |
+| `MandaitorConflictError` | 409 | State conflict (e.g., revoking an already revoked mandate) |
+| `MandaitorRateLimitError` | 429 | Rate limit exceeded |
+| `MandaitorValidationError` | 400 | Invalid request payload |
+| `MandaitorTimeoutError` | - | Request timed out |
+
+## Development
+
+```bash
+# Build
+pnpm build
+
+# Run unit tests
+pnpm test:unit
+
+# Run integration tests (requires testing stage credentials)
+pnpm test:integration
+```

package/dist/client.d.ts

@@ -0,0 +1,60 @@
+import type { Mandate, CreateMandateRequest, VerifyRequest, VerifyResponse, VerifyResponseWithPoM, VerifyOptions, AuditEvent, PaginatedResponse } from "./types";
+export interface MandaitorClientConfig {
+    /** API key issued during tenant onboarding */
+    apiKey: string;
+    /** Tenant identifier, e.g. "tnt_monco_prod" */
+    tenantId: string;
+    /** API base URL (defaults to production) */
+    baseUrl?: string;
+    /** Request timeout in milliseconds (default: 5000) */
+    timeout?: number;
+    /** Number of retries for 5xx/429 errors (default: 2) */
+    retries?: number;
+}
+export declare class MandaitorClient {
+    private config;
+    constructor(config: MandaitorClientConfig);
+    private request;
+    createMandate(req: CreateMandateRequest): Promise<Mandate>;
+    getMandate(mandateId: string): Promise<Mandate>;
+    listMandates(params?: {
+        status?: string;
+        limit?: number;
+        cursor?: string;
+    }): Promise<PaginatedResponse<Mandate>>;
+    revokeMandate(mandateId: string, reason?: string): Promise<Mandate>;
+    suspendMandate(mandateId: string, reason?: string): Promise<Mandate>;
+    reactivateMandate(mandateId: string): Promise<Mandate>;
+    verify(req: VerifyRequest): Promise<VerifyResponse>;
+    /**
+     * Verify an action and optionally request a Proof-of-Mandate VC.
+     *
+     * @example
+     * ```ts
+     * const result = await client.verifyWithPoM(
+     *   { delegate_subject_id: "agent:v2", action: "approve", resource: "proj/*" },
+     *   { pom: "sd-jwt-vc" },
+     * );
+     * if (result.proof_of_mandate) {
+     *   console.log(result.proof_of_mandate.compact); // SD-JWT string
+     * }
+     * ```
+     */
+    verifyWithPoM(req: VerifyRequest, options: VerifyOptions): Promise<VerifyResponseWithPoM>;
+    getMandateEvents(mandateId: string, params?: {
+        limit?: number;
+        cursor?: string;
+    }): Promise<PaginatedResponse<AuditEvent>>;
+    getAuditEvents(mandateId: string, options?: {
+        limit?: number;
+        cursor?: string;
+    }): Promise<PaginatedResponse<AuditEvent>>;
+    listEvents(params?: {
+        mandate_id?: string;
+        limit?: number;
+        cursor?: string;
+        event_type?: string;
+    }): Promise<PaginatedResponse<AuditEvent>>;
+    getEvent(eventId: string, mandateId: string): Promise<AuditEvent>;
+}
+//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,OAAO,EACP,oBAAoB,EACpB,aAAa,EACb,cAAc,EACd,qBAAqB,EACrB,aAAa,EACb,UAAU,EACV,iBAAiB,EAClB,MAAM,SAAS,CAAC;AAYjB,MAAM,WAAW,qBAAqB;IACpC,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;IACf,+CAA+C;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,sDAAsD;IACtD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wDAAwD;IACxD,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,eAAe;IAC1B,OAAO,CAAC,MAAM,CAAkC;gBAEpC,MAAM,EAAE,qBAAqB;YAS3B,OAAO;IAgFf,aAAa,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,OAAO,CAAC;IAI1D,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAI/C,YAAY,CAAC,MAAM,CAAC,EAAE;QAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,GAAG,OAAO,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IASjC,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAInE,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAIpE,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKtD,MAAM,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;IAIzD;;;;;;;;;;;;;OAaG;IACG,aAAa,CAAC,GAAG,EAAE,aAAa,EAAE,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAQzF,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAC3C,OAAO,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAQnC,cAAc,CAClB,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAC5C,OAAO,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAYnC,UAAU,CAAC,MAAM,CAAC,EAAE;QACxB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,GAAG,OAAO,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAUpC,QAAQ,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;CAIxE"}

package/dist/client.js

@@ -0,0 +1,178 @@
+import { MandataApiError, MandaitorTimeoutError, MandaitorValidationError, MandaitorAuthError, MandaitorForbiddenError, MandaitorNotFoundError, MandaitorConflictError, MandaitorRateLimitError, } from "./errors";
+export class MandaitorClient {
+    config;
+    constructor(config) {
+        this.config = {
+            baseUrl: "https://api.mandaitor.io/v1",
+            timeout: 5000,
+            retries: 2,
+            ...config,
+        };
+    }
+    async request(method, path, body) {
+        let lastError = null;
+        const url = `${this.config.baseUrl}${path}`;
+        for (let attempt = 0; attempt <= this.config.retries; attempt++) {
+            try {
+                const controller = new AbortController();
+                const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
+                const response = await fetch(url, {
+                    method,
+                    headers: {
+                        "Content-Type": "application/json",
+                        Authorization: `Bearer ${this.config.tenantId}:${this.config.apiKey}`,
+                    },
+                    body: body ? JSON.stringify(body) : undefined,
+                    signal: controller.signal,
+                });
+                clearTimeout(timeoutId);
+                if (!response.ok) {
+                    const error = (await response.json().catch(() => ({})));
+                    const code = error.error || "UNKNOWN";
+                    const message = error.message || response.statusText;
+                    const requestId = response.headers.get("x-request-id") || undefined;
+                    switch (response.status) {
+                        case 400:
+                            throw new MandaitorValidationError(code, message, requestId);
+                        case 401:
+                            throw new MandaitorAuthError(code, message, requestId);
+                        case 403:
+                            throw new MandaitorForbiddenError(code, message, requestId);
+                        case 404:
+                            throw new MandaitorNotFoundError(code, message, requestId);
+                        case 409:
+                            throw new MandaitorConflictError(code, message, requestId);
+                        case 429: {
+                            const retryAfterHeader = response.headers.get("retry-after");
+                            let retryAfterMs;
+                            if (retryAfterHeader) {
+                                const seconds = parseInt(retryAfterHeader, 10);
+                                if (!isNaN(seconds)) {
+                                    retryAfterMs = seconds * 1000;
+                                }
+                                else {
+                                    // Retry-After may be an HTTP-date string
+                                    const date = new Date(retryAfterHeader);
+                                    const delta = date.getTime() - Date.now();
+                                    retryAfterMs = delta > 0 ? delta : Math.pow(2, attempt) * 100;
+                                }
+                            }
+                            else {
+                                retryAfterMs = Math.pow(2, attempt) * 100;
+                            }
+                            throw new MandaitorRateLimitError(code, message, retryAfterMs, requestId);
+                        }
+                        default:
+                            throw new MandataApiError(response.status, code, message, requestId);
+                    }
+                }
+                return response.json();
+            }
+            catch (err) {
+                if (err instanceof Error && err.name === "AbortError") {
+                    lastError = new MandaitorTimeoutError(this.config.timeout, url);
+                }
+                else {
+                    lastError = err instanceof Error ? err : new Error(String(err));
+                }
+                // Only retry on server errors or rate limiting
+                if (err instanceof MandataApiError && !err.isRetryable)
+                    throw err;
+                if (attempt < this.config.retries) {
+                    const delayMs = err instanceof MandaitorRateLimitError ? err.retryAfterMs : Math.pow(2, attempt) * 100;
+                    await new Promise((r) => setTimeout(r, delayMs));
+                }
+            }
+        }
+        throw lastError;
+    }
+    // ── Mandate Operations ──────────────────────────────────
+    async createMandate(req) {
+        return this.request("POST", "/mandates", req);
+    }
+    async getMandate(mandateId) {
+        return this.request("GET", `/mandates/${mandateId}`);
+    }
+    async listMandates(params) {
+        const query = new URLSearchParams();
+        if (params?.status)
+            query.set("status", params.status);
+        if (params?.limit)
+            query.set("limit", String(params.limit));
+        if (params?.cursor)
+            query.set("cursor", params.cursor);
+        const qs = query.toString();
+        return this.request("GET", `/mandates${qs ? "?" + qs : ""}`);
+    }
+    async revokeMandate(mandateId, reason) {
+        return this.request("POST", `/mandates/${mandateId}/revoke`, { reason });
+    }
+    async suspendMandate(mandateId, reason) {
+        return this.request("POST", `/mandates/${mandateId}/suspend`, { reason });
+    }
+    async reactivateMandate(mandateId) {
+        return this.request("POST", `/mandates/${mandateId}/reactivate`);
+    }
+    // ── Verification ────────────────────────────────────────
+    async verify(req) {
+        return this.request("POST", "/verify", req);
+    }
+    /**
+     * Verify an action and optionally request a Proof-of-Mandate VC.
+     *
+     * @example
+     * ```ts
+     * const result = await client.verifyWithPoM(
+     *   { delegate_subject_id: "agent:v2", action: "approve", resource: "proj/*" },
+     *   { pom: "sd-jwt-vc" },
+     * );
+     * if (result.proof_of_mandate) {
+     *   console.log(result.proof_of_mandate.compact); // SD-JWT string
+     * }
+     * ```
+     */
+    async verifyWithPoM(req, options) {
+        const query = new URLSearchParams();
+        if (options.pom)
+            query.set("pom", options.pom);
+        const qs = query.toString();
+        return this.request("POST", `/verify${qs ? "?" + qs : ""}`, req);
+    }
+    // ── Audit Events ────────────────────────────────────────
+    async getMandateEvents(mandateId, params) {
+        const query = new URLSearchParams();
+        if (params?.limit)
+            query.set("limit", String(params.limit));
+        if (params?.cursor)
+            query.set("cursor", params.cursor);
+        const qs = query.toString();
+        return this.request("GET", `/mandates/${mandateId}/events${qs ? "?" + qs : ""}`);
+    }
+    async getAuditEvents(mandateId, options) {
+        const queryParams = new URLSearchParams();
+        if (options?.limit)
+            queryParams.append("limit", options.limit.toString());
+        if (options?.cursor)
+            queryParams.append("cursor", options.cursor);
+        const qs = queryParams.toString();
+        return this.request("GET", `/mandates/${mandateId}/audit-events${qs ? "?" + qs : ""}`);
+    }
+    async listEvents(params) {
+        const query = new URLSearchParams();
+        if (params?.mandate_id)
+            query.set("mandate_id", params.mandate_id);
+        if (params?.limit)
+            query.set("limit", String(params.limit));
+        if (params?.cursor)
+            query.set("cursor", params.cursor);
+        if (params?.event_type)
+            query.set("event_type", params.event_type);
+        const qs = query.toString();
+        return this.request("GET", `/events${qs ? "?" + qs : ""}`);
+    }
+    async getEvent(eventId, mandateId) {
+        const query = new URLSearchParams({ mandate_id: mandateId });
+        return this.request("GET", `/events/${eventId}?${query.toString()}`);
+    }
+}
+//# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAUA,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,wBAAwB,EACxB,kBAAkB,EAClB,uBAAuB,EACvB,sBAAsB,EACtB,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,UAAU,CAAC;AAelB,MAAM,OAAO,eAAe;IAClB,MAAM,CAAkC;IAEhD,YAAY,MAA6B;QACvC,IAAI,CAAC,MAAM,GAAG;YACZ,OAAO,EAAE,6BAA6B;YACtC,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,CAAC;YACV,GAAG,MAAM;SACV,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,OAAO,CAAI,MAAc,EAAE,IAAY,EAAE,IAAc;QACnE,IAAI,SAAS,GAAiB,IAAI,CAAC;QACnC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,GAAG,IAAI,EAAE,CAAC;QAE5C,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC;YAChE,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;gBACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAE5E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;oBAChC,MAAM;oBACN,OAAO,EAAE;wBACP,cAAc,EAAE,kBAAkB;wBAClC,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE;qBACtE;oBACD,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;oBAC7C,MAAM,EAAE,UAAU,CAAC,MAAM;iBAC1B,CAAC,CAAC;gBAEH,YAAY,CAAC,SAAS,CAAC,CAAC;gBAExB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;oBACjB,MAAM,KAAK,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAA4B,CAAC;oBACnF,MAAM,IAAI,GAAI,KAAK,CAAC,KAAgB,IAAI,SAAS,CAAC;oBAClD,MAAM,OAAO,GAAI,KAAK,CAAC,OAAkB,IAAI,QAAQ,CAAC,UAAU,CAAC;oBACjE,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,SAAS,CAAC;oBACpE,QAAQ,QAAQ,CAAC,MAAM,EAAE,CAAC;wBACxB,KAAK,GAAG;4BACN,MAAM,IAAI,wBAAwB,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;wBAC/D,KAAK,GAAG;4BACN,MAAM,IAAI,kBAAkB,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;wBACzD,KAAK,GAAG;4BACN,MAAM,IAAI,uBAAuB,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;wBAC9D,KAAK,GAAG;4BACN,MAAM,IAAI,sBAAsB,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;wBAC7D,KAAK,GAAG;4BACN,MAAM,IAAI,sBAAsB,CAAC,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;wBAC7D,KAAK,GAAG,CAAC,CAAC,CAAC;4BACT,MAAM,gBAAgB,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;4BAC7D,IAAI,YAAoB,CAAC;4BACzB,IAAI,gBAAgB,EAAE,CAAC;gCACrB,MAAM,OAAO,GAAG,QAAQ,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC;gCAC/C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;oCACpB,YAAY,GAAG,OAAO,GAAG,IAAI,CAAC;gCAChC,CAAC;qCAAM,CAAC;oCACN,yCAAyC;oCACzC,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,gBAAgB,CAAC,CAAC;oCACxC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;oCAC1C,YAAY,GAAG,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,GAAG,GAAG,CAAC;gCAChE,CAAC;4BACH,CAAC;iCAAM,CAAC;gCACN,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,GAAG,GAAG,CAAC;4BAC5C,CAAC;4BACD,MAAM,IAAI,uBAAuB,CAAC,IAAI,EAAE,OAAO,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;wBAC5E,CAAC;wBACD;4BACE,MAAM,IAAI,eAAe,CAAC,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;oBACzE,CAAC;gBACH,CAAC;gBAED,OAAO,QAAQ,CAAC,IAAI,EAAgB,CAAC;YACvC,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACtD,SAAS,GAAG,IAAI,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;gBAClE,CAAC;qBAAM,CAAC;oBACN,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;gBAClE,CAAC;gBACD,+CAA+C;gBAC/C,IAAI,GAAG,YAAY,eAAe,IAAI,CAAC,GAAG,CAAC,WAAW;oBAAE,MAAM,GAAG,CAAC;gBAClE,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;oBAClC,MAAM,OAAO,GACX,GAAG,YAAY,uBAAuB,CAAC,CAAC,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,GAAG,GAAG,CAAC;oBACzF,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;gBACnD,CAAC;YACH,CAAC;QACH,CAAC;QACD,MAAM,SAAS,CAAC;IAClB,CAAC;IAED,2DAA2D;IAC3D,KAAK,CAAC,aAAa,CAAC,GAAyB;QAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,EAAE,GAAG,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,SAAiB;QAChC,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,aAAa,SAAS,EAAE,CAAC,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,MAIlB;QACC,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,MAAM,EAAE,MAAM;YAAE,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACvD,IAAI,MAAM,EAAE,KAAK;YAAE,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5D,IAAI,MAAM,EAAE,MAAM;YAAE,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACvD,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,SAAiB,EAAE,MAAe;QACpD,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,aAAa,SAAS,SAAS,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,SAAiB,EAAE,MAAe;QACrD,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,aAAa,SAAS,UAAU,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,SAAiB;QACvC,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,aAAa,SAAS,aAAa,CAAC,CAAC;IACnE,CAAC;IAED,2DAA2D;IAC3D,KAAK,CAAC,MAAM,CAAC,GAAkB;QAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;IAC9C,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,aAAa,CAAC,GAAkB,EAAE,OAAsB;QAC5D,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,OAAO,CAAC,GAAG;YAAE,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QAC/C,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;IACnE,CAAC;IAED,2DAA2D;IAC3D,KAAK,CAAC,gBAAgB,CACpB,SAAiB,EACjB,MAA4C;QAE5C,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,MAAM,EAAE,KAAK;YAAE,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5D,IAAI,MAAM,EAAE,MAAM;YAAE,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACvD,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,aAAa,SAAS,UAAU,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACnF,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,SAAiB,EACjB,OAA6C;QAE7C,MAAM,WAAW,GAAG,IAAI,eAAe,EAAE,CAAC;QAC1C,IAAI,OAAO,EAAE,KAAK;YAAE,WAAW,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC1E,IAAI,OAAO,EAAE,MAAM;YAAE,WAAW,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAElE,MAAM,EAAE,GAAG,WAAW,CAAC,QAAQ,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC,OAAO,CACjB,KAAK,EACL,aAAa,SAAS,gBAAgB,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAC3D,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,MAKhB;QACC,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,MAAM,EAAE,UAAU;YAAE,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;QACnE,IAAI,MAAM,EAAE,KAAK;YAAE,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5D,IAAI,MAAM,EAAE,MAAM;YAAE,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACvD,IAAI,MAAM,EAAE,UAAU;YAAE,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;QACnE,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAe,EAAE,SAAiB;QAC/C,MAAM,KAAK,GAAG,IAAI,eAAe,CAAC,EAAE,UAAU,EAAE,SAAS,EAAE,CAAC,CAAC;QAC7D,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,OAAO,IAAI,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IACvE,CAAC;CACF"}

package/dist/errors.d.ts

@@ -0,0 +1,127 @@
+/**
+ * Error codes returned by the Mandaitor API.
+ * Use these constants for programmatic error handling.
+ */
+export declare const ErrorCodes: {
+    readonly INVALID_REQUEST: "INVALID_REQUEST";
+    readonly INVALID_SCOPE: "INVALID_SCOPE";
+    readonly INVALID_CONSTRAINTS: "INVALID_CONSTRAINTS";
+    readonly TAXONOMY_VALIDATION_FAILED: "TAXONOMY_VALIDATION_FAILED";
+    readonly MISSING_API_KEY: "MISSING_API_KEY";
+    readonly INVALID_API_KEY: "INVALID_API_KEY";
+    readonly API_KEY_EXPIRED: "API_KEY_EXPIRED";
+    readonly TENANT_SUSPENDED: "TENANT_SUSPENDED";
+    readonly INSUFFICIENT_PERMISSIONS: "INSUFFICIENT_PERMISSIONS";
+    readonly MANDATE_NOT_FOUND: "MANDATE_NOT_FOUND";
+    readonly EVENT_NOT_FOUND: "EVENT_NOT_FOUND";
+    readonly TENANT_NOT_FOUND: "TENANT_NOT_FOUND";
+    readonly MANDATE_ALREADY_REVOKED: "MANDATE_ALREADY_REVOKED";
+    readonly MANDATE_ALREADY_SUSPENDED: "MANDATE_ALREADY_SUSPENDED";
+    readonly DUPLICATE_REQUEST: "DUPLICATE_REQUEST";
+    readonly RATE_LIMIT_EXCEEDED: "RATE_LIMIT_EXCEEDED";
+    readonly INTERNAL_ERROR: "INTERNAL_ERROR";
+    readonly KMS_SIGNING_FAILED: "KMS_SIGNING_FAILED";
+    readonly DATABASE_ERROR: "DATABASE_ERROR";
+};
+export type ErrorCode = (typeof ErrorCodes)[keyof typeof ErrorCodes];
+/**
+ * Typed error class for Mandaitor API errors.
+ * Thrown by MandaitorClient when the API returns a non-2xx response.
+ *
+ * @example
+ * try {
+ *   await client.getMandate("mnd_nonexistent");
+ * } catch (err) {
+ *   if (err instanceof MandataApiError) {
+ *     if (err.code === ErrorCodes.MANDATE_NOT_FOUND) {
+ *       // Handle 404
+ *     }
+ *     console.error(`[${err.status}] ${err.code}: ${err.message}`);
+ *   }
+ * }
+ */
+export declare class MandataApiError extends Error {
+    /** HTTP status code (e.g. 400, 404, 500) */
+    readonly status: number;
+    /** Machine-readable error code from ErrorCodes */
+    readonly code: string;
+    /** Optional request ID for support debugging */
+    readonly requestId?: string | undefined;
+    readonly name: string;
+    constructor(
+    /** HTTP status code (e.g. 400, 404, 500) */
+    status: number, 
+    /** Machine-readable error code from ErrorCodes */
+    code: string, 
+    /** Human-readable error message */
+    message: string, 
+    /** Optional request ID for support debugging */
+    requestId?: string | undefined);
+    /** Returns true if this is a client error (4xx) */
+    get isClientError(): boolean;
+    /** Returns true if this is a server error (5xx) — safe to retry */
+    get isRetryable(): boolean;
+    /** Structured JSON representation for logging */
+    toJSON(): {
+        name: string;
+        status: number;
+        code: string;
+        message: string;
+        requestId: string | undefined;
+    };
+}
+/**
+ * Thrown when the API returns a 400 Bad Request response.
+ */
+export declare class MandaitorValidationError extends MandataApiError {
+    readonly name = "MandaitorValidationError";
+    constructor(code: string, message: string, requestId?: string);
+}
+/**
+ * Thrown when the API returns a 401 Unauthorized response.
+ */
+export declare class MandaitorAuthError extends MandataApiError {
+    readonly name = "MandaitorAuthError";
+    constructor(code: string, message: string, requestId?: string);
+}
+/**
+ * Thrown when the API returns a 403 Forbidden response.
+ */
+export declare class MandaitorForbiddenError extends MandataApiError {
+    readonly name = "MandaitorForbiddenError";
+    constructor(code: string, message: string, requestId?: string);
+}
+/**
+ * Thrown when the API returns a 404 Not Found response.
+ */
+export declare class MandaitorNotFoundError extends MandataApiError {
+    readonly name = "MandaitorNotFoundError";
+    constructor(code: string, message: string, requestId?: string);
+}
+/**
+ * Thrown when the API returns a 409 Conflict response.
+ */
+export declare class MandaitorConflictError extends MandataApiError {
+    readonly name = "MandaitorConflictError";
+    constructor(code: string, message: string, requestId?: string);
+}
+/**
+ * Thrown when the API returns a 429 Too Many Requests response.
+ * Contains the number of milliseconds to wait before retrying.
+ */
+export declare class MandaitorRateLimitError extends MandataApiError {
+    readonly name = "MandaitorRateLimitError";
+    /** Milliseconds to wait before retrying (from Retry-After header, or exponential backoff) */
+    readonly retryAfterMs: number;
+    constructor(code: string, message: string, retryAfterMs: number, requestId?: string);
+}
+/**
+ * Thrown when the request times out (AbortController signal).
+ */
+export declare class MandaitorTimeoutError extends Error {
+    readonly timeoutMs: number;
+    readonly url: string;
+    readonly name = "MandaitorTimeoutError";
+    constructor(timeoutMs: number, url: string);
+}
+//# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;CAiCb,CAAC;AAEX,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,OAAO,UAAU,CAAC,CAAC;AAErE;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,eAAgB,SAAQ,KAAK;IAItC,4CAA4C;aAC5B,MAAM,EAAE,MAAM;IAC9B,kDAAkD;aAClC,IAAI,EAAE,MAAM;IAG5B,gDAAgD;aAChC,SAAS,CAAC,EAAE,MAAM;IAVpC,SAAgB,IAAI,EAAE,MAAM,CAAqB;;IAG/C,4CAA4C;IAC5B,MAAM,EAAE,MAAM;IAC9B,kDAAkD;IAClC,IAAI,EAAE,MAAM;IAC5B,mCAAmC;IACnC,OAAO,EAAE,MAAM;IACf,gDAAgD;IAChC,SAAS,CAAC,EAAE,MAAM,YAAA;IAOpC,mDAAmD;IACnD,IAAI,aAAa,IAAI,OAAO,CAE3B;IAED,mEAAmE;IACnE,IAAI,WAAW,IAAI,OAAO,CAEzB;IAED,iDAAiD;IACjD,MAAM;;;;;;;CASP;AAED;;GAEG;AACH,qBAAa,wBAAyB,SAAQ,eAAe;IAC3D,SAAyB,IAAI,8BAA8B;gBAE/C,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM;CAI9D;AAED;;GAEG;AACH,qBAAa,kBAAmB,SAAQ,eAAe;IACrD,SAAyB,IAAI,wBAAwB;gBAEzC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM;CAI9D;AAED;;GAEG;AACH,qBAAa,uBAAwB,SAAQ,eAAe;IAC1D,SAAyB,IAAI,6BAA6B;gBAE9C,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM;CAI9D;AAED;;GAEG;AACH,qBAAa,sBAAuB,SAAQ,eAAe;IACzD,SAAyB,IAAI,4BAA4B;gBAE7C,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM;CAI9D;AAED;;GAEG;AACH,qBAAa,sBAAuB,SAAQ,eAAe;IACzD,SAAyB,IAAI,4BAA4B;gBAE7C,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM;CAI9D;AAED;;;GAGG;AACH,qBAAa,uBAAwB,SAAQ,eAAe;IAC1D,SAAyB,IAAI,6BAA6B;IAE1D,6FAA6F;IAC7F,SAAgB,YAAY,EAAE,MAAM,CAAC;gBAEzB,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM;CAKpF;AAED;;GAEG;AACH,qBAAa,qBAAsB,SAAQ,KAAK;aAI5B,SAAS,EAAE,MAAM;aACjB,GAAG,EAAE,MAAM;IAJ7B,SAAgB,IAAI,2BAA2B;gBAG7B,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,MAAM;CAK9B"}

package/dist/errors.js

@@ -0,0 +1,168 @@
+// @mandaitor/sdk — Error classes and error code constants
+/**
+ * Error codes returned by the Mandaitor API.
+ * Use these constants for programmatic error handling.
+ */
+export const ErrorCodes = {
+    // 400 Bad Request
+    INVALID_REQUEST: "INVALID_REQUEST",
+    INVALID_SCOPE: "INVALID_SCOPE",
+    INVALID_CONSTRAINTS: "INVALID_CONSTRAINTS",
+    TAXONOMY_VALIDATION_FAILED: "TAXONOMY_VALIDATION_FAILED",
+    // 401 Unauthorized
+    MISSING_API_KEY: "MISSING_API_KEY",
+    INVALID_API_KEY: "INVALID_API_KEY",
+    API_KEY_EXPIRED: "API_KEY_EXPIRED",
+    // 403 Forbidden
+    TENANT_SUSPENDED: "TENANT_SUSPENDED",
+    INSUFFICIENT_PERMISSIONS: "INSUFFICIENT_PERMISSIONS",
+    // 404 Not Found
+    MANDATE_NOT_FOUND: "MANDATE_NOT_FOUND",
+    EVENT_NOT_FOUND: "EVENT_NOT_FOUND",
+    TENANT_NOT_FOUND: "TENANT_NOT_FOUND",
+    // 409 Conflict
+    MANDATE_ALREADY_REVOKED: "MANDATE_ALREADY_REVOKED",
+    MANDATE_ALREADY_SUSPENDED: "MANDATE_ALREADY_SUSPENDED",
+    DUPLICATE_REQUEST: "DUPLICATE_REQUEST",
+    // 429 Too Many Requests
+    RATE_LIMIT_EXCEEDED: "RATE_LIMIT_EXCEEDED",
+    // 500 Internal Server Error
+    INTERNAL_ERROR: "INTERNAL_ERROR",
+    KMS_SIGNING_FAILED: "KMS_SIGNING_FAILED",
+    DATABASE_ERROR: "DATABASE_ERROR",
+};
+/**
+ * Typed error class for Mandaitor API errors.
+ * Thrown by MandaitorClient when the API returns a non-2xx response.
+ *
+ * @example
+ * try {
+ *   await client.getMandate("mnd_nonexistent");
+ * } catch (err) {
+ *   if (err instanceof MandataApiError) {
+ *     if (err.code === ErrorCodes.MANDATE_NOT_FOUND) {
+ *       // Handle 404
+ *     }
+ *     console.error(`[${err.status}] ${err.code}: ${err.message}`);
+ *   }
+ * }
+ */
+export class MandataApiError extends Error {
+    status;
+    code;
+    requestId;
+    name = "MandataApiError";
+    constructor(
+    /** HTTP status code (e.g. 400, 404, 500) */
+    status, 
+    /** Machine-readable error code from ErrorCodes */
+    code, 
+    /** Human-readable error message */
+    message, 
+    /** Optional request ID for support debugging */
+    requestId) {
+        super(message);
+        this.status = status;
+        this.code = code;
+        this.requestId = requestId;
+        // Ensure instanceof works correctly in transpiled code
+        Object.setPrototypeOf(this, MandataApiError.prototype);
+    }
+    /** Returns true if this is a client error (4xx) */
+    get isClientError() {
+        return this.status >= 400 && this.status < 500;
+    }
+    /** Returns true if this is a server error (5xx) — safe to retry */
+    get isRetryable() {
+        return this.status >= 500 || this.status === 429;
+    }
+    /** Structured JSON representation for logging */
+    toJSON() {
+        return {
+            name: this.name,
+            status: this.status,
+            code: this.code,
+            message: this.message,
+            requestId: this.requestId,
+        };
+    }
+}
+/**
+ * Thrown when the API returns a 400 Bad Request response.
+ */
+export class MandaitorValidationError extends MandataApiError {
+    name = "MandaitorValidationError";
+    constructor(code, message, requestId) {
+        super(400, code, message, requestId);
+        Object.setPrototypeOf(this, MandaitorValidationError.prototype);
+    }
+}
+/**
+ * Thrown when the API returns a 401 Unauthorized response.
+ */
+export class MandaitorAuthError extends MandataApiError {
+    name = "MandaitorAuthError";
+    constructor(code, message, requestId) {
+        super(401, code, message, requestId);
+        Object.setPrototypeOf(this, MandaitorAuthError.prototype);
+    }
+}
+/**
+ * Thrown when the API returns a 403 Forbidden response.
+ */
+export class MandaitorForbiddenError extends MandataApiError {
+    name = "MandaitorForbiddenError";
+    constructor(code, message, requestId) {
+        super(403, code, message, requestId);
+        Object.setPrototypeOf(this, MandaitorForbiddenError.prototype);
+    }
+}
+/**
+ * Thrown when the API returns a 404 Not Found response.
+ */
+export class MandaitorNotFoundError extends MandataApiError {
+    name = "MandaitorNotFoundError";
+    constructor(code, message, requestId) {
+        super(404, code, message, requestId);
+        Object.setPrototypeOf(this, MandaitorNotFoundError.prototype);
+    }
+}
+/**
+ * Thrown when the API returns a 409 Conflict response.
+ */
+export class MandaitorConflictError extends MandataApiError {
+    name = "MandaitorConflictError";
+    constructor(code, message, requestId) {
+        super(409, code, message, requestId);
+        Object.setPrototypeOf(this, MandaitorConflictError.prototype);
+    }
+}
+/**
+ * Thrown when the API returns a 429 Too Many Requests response.
+ * Contains the number of milliseconds to wait before retrying.
+ */
+export class MandaitorRateLimitError extends MandataApiError {
+    name = "MandaitorRateLimitError";
+    /** Milliseconds to wait before retrying (from Retry-After header, or exponential backoff) */
+    retryAfterMs;
+    constructor(code, message, retryAfterMs, requestId) {
+        super(429, code, message, requestId);
+        this.retryAfterMs = retryAfterMs;
+        Object.setPrototypeOf(this, MandaitorRateLimitError.prototype);
+    }
+}
+/**
+ * Thrown when the request times out (AbortController signal).
+ */
+export class MandaitorTimeoutError extends Error {
+    timeoutMs;
+    url;
+    name = "MandaitorTimeoutError";
+    constructor(timeoutMs, url) {
+        super(`Request to ${url} timed out after ${timeoutMs}ms`);
+        this.timeoutMs = timeoutMs;
+        this.url = url;
+        Object.setPrototypeOf(this, MandaitorTimeoutError.prototype);
+    }
+}
+//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,0DAA0D;AAE1D;;;GAGG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,kBAAkB;IAClB,eAAe,EAAE,iBAAiB;IAClC,aAAa,EAAE,eAAe;IAC9B,mBAAmB,EAAE,qBAAqB;IAC1C,0BAA0B,EAAE,4BAA4B;IAExD,mBAAmB;IACnB,eAAe,EAAE,iBAAiB;IAClC,eAAe,EAAE,iBAAiB;IAClC,eAAe,EAAE,iBAAiB;IAElC,gBAAgB;IAChB,gBAAgB,EAAE,kBAAkB;IACpC,wBAAwB,EAAE,0BAA0B;IAEpD,gBAAgB;IAChB,iBAAiB,EAAE,mBAAmB;IACtC,eAAe,EAAE,iBAAiB;IAClC,gBAAgB,EAAE,kBAAkB;IAEpC,eAAe;IACf,uBAAuB,EAAE,yBAAyB;IAClD,yBAAyB,EAAE,2BAA2B;IACtD,iBAAiB,EAAE,mBAAmB;IAEtC,wBAAwB;IACxB,mBAAmB,EAAE,qBAAqB;IAE1C,4BAA4B;IAC5B,cAAc,EAAE,gBAAgB;IAChC,kBAAkB,EAAE,oBAAoB;IACxC,cAAc,EAAE,gBAAgB;CACxB,CAAC;AAIX;;;;;;;;;;;;;;;GAeG;AACH,MAAM,OAAO,eAAgB,SAAQ,KAAK;IAKtB;IAEA;IAIA;IAVF,IAAI,GAAW,iBAAiB,CAAC;IAEjD;IACE,4CAA4C;IAC5B,MAAc;IAC9B,kDAAkD;IAClC,IAAY;IAC5B,mCAAmC;IACnC,OAAe;IACf,gDAAgD;IAChC,SAAkB;QAElC,KAAK,CAAC,OAAO,CAAC,CAAC;QARC,WAAM,GAAN,MAAM,CAAQ;QAEd,SAAI,GAAJ,IAAI,CAAQ;QAIZ,cAAS,GAAT,SAAS,CAAS;QAGlC,uDAAuD;QACvD,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,eAAe,CAAC,SAAS,CAAC,CAAC;IACzD,CAAC;IAED,mDAAmD;IACnD,IAAI,aAAa;QACf,OAAO,IAAI,CAAC,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC;IACjD,CAAC;IAED,mEAAmE;IACnE,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,KAAK,GAAG,CAAC;IACnD,CAAC;IAED,iDAAiD;IACjD,MAAM;QACJ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,wBAAyB,SAAQ,eAAe;IAClC,IAAI,GAAG,0BAA0B,CAAC;IAE3D,YAAY,IAAY,EAAE,OAAe,EAAE,SAAkB;QAC3D,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QACrC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,wBAAwB,CAAC,SAAS,CAAC,CAAC;IAClE,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,kBAAmB,SAAQ,eAAe;IAC5B,IAAI,GAAG,oBAAoB,CAAC;IAErD,YAAY,IAAY,EAAE,OAAe,EAAE,SAAkB;QAC3D,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QACrC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,kBAAkB,CAAC,SAAS,CAAC,CAAC;IAC5D,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,uBAAwB,SAAQ,eAAe;IACjC,IAAI,GAAG,yBAAyB,CAAC;IAE1D,YAAY,IAAY,EAAE,OAAe,EAAE,SAAkB;QAC3D,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QACrC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,uBAAuB,CAAC,SAAS,CAAC,CAAC;IACjE,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,sBAAuB,SAAQ,eAAe;IAChC,IAAI,GAAG,wBAAwB,CAAC;IAEzD,YAAY,IAAY,EAAE,OAAe,EAAE,SAAkB;QAC3D,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QACrC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,sBAAsB,CAAC,SAAS,CAAC,CAAC;IAChE,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,sBAAuB,SAAQ,eAAe;IAChC,IAAI,GAAG,wBAAwB,CAAC;IAEzD,YAAY,IAAY,EAAE,OAAe,EAAE,SAAkB;QAC3D,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QACrC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,sBAAsB,CAAC,SAAS,CAAC,CAAC;IAChE,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,uBAAwB,SAAQ,eAAe;IACjC,IAAI,GAAG,yBAAyB,CAAC;IAE1D,6FAA6F;IAC7E,YAAY,CAAS;IAErC,YAAY,IAAY,EAAE,OAAe,EAAE,YAAoB,EAAE,SAAkB;QACjF,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QACrC,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;QACjC,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,uBAAuB,CAAC,SAAS,CAAC,CAAC;IACjE,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAI5B;IACA;IAJF,IAAI,GAAG,uBAAuB,CAAC;IAE/C,YACkB,SAAiB,EACjB,GAAW;QAE3B,KAAK,CAAC,cAAc,GAAG,oBAAoB,SAAS,IAAI,CAAC,CAAC;QAH1C,cAAS,GAAT,SAAS,CAAQ;QACjB,QAAG,GAAH,GAAG,CAAQ;QAG3B,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,qBAAqB,CAAC,SAAS,CAAC,CAAC;IAC/D,CAAC;CACF"}

package/dist/index.d.ts

@@ -0,0 +1,8 @@
+export { MandaitorClient } from "./client";
+export type { MandaitorClientConfig } from "./client";
+export type { Mandate, MandateStatus, MandateProof, Subject, SubjectType, Scope, Constraints, TimeConstraint, TransactionLimit, EscalationRule, RateLimit, AuditEvent, AuditEventType, CreateMandateRequest, VerifyRequest, VerifyResponse, VerifyResponseWithPoM, VerifyOptions, PaginatedResponse, PomFormat, ProofOfMandateClaims, ProofOfMandateVC, Tenant, TenantStatus, AccessRequest, } from "./types";
+export { MandataApiError, MandaitorTimeoutError, MandaitorValidationError, MandaitorAuthError, MandaitorForbiddenError, MandaitorNotFoundError, MandaitorConflictError, MandaitorRateLimitError, ErrorCodes, } from "./errors";
+export type { ErrorCode } from "./errors";
+export { MandaitorConfigClient } from "./widget-config";
+export type { WidgetConfiguration, IdPConfig, IdPType, PublicWidgetConfig } from "./widget-config";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3C,YAAY,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AAGtD,YAAY,EAEV,OAAO,EACP,aAAa,EACb,YAAY,EACZ,OAAO,EACP,WAAW,EACX,KAAK,EACL,WAAW,EACX,cAAc,EACd,gBAAgB,EAChB,cAAc,EACd,SAAS,EAGT,UAAU,EACV,cAAc,EAGd,oBAAoB,EACpB,aAAa,EACb,cAAc,EACd,qBAAqB,EACrB,aAAa,EACb,iBAAiB,EAGjB,SAAS,EACT,oBAAoB,EACpB,gBAAgB,EAGhB,MAAM,EACN,YAAY,EACZ,aAAa,GACd,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,wBAAwB,EACxB,kBAAkB,EAClB,uBAAuB,EACvB,sBAAsB,EACtB,sBAAsB,EACtB,uBAAuB,EACvB,UAAU,GACX,MAAM,UAAU,CAAC;AAClB,YAAY,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAG1C,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,YAAY,EAAE,mBAAmB,EAAE,SAAS,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/index.js

@@ -0,0 +1,10 @@
+// @mandaitor/sdk — Public API
+// This is the single entry point for all SDK consumers.
+// Do NOT import from internal files directly.
+// ── Client ──
+export { MandaitorClient } from "./client";
+// ── Errors ──
+export { MandataApiError, MandaitorTimeoutError, MandaitorValidationError, MandaitorAuthError, MandaitorForbiddenError, MandaitorNotFoundError, MandaitorConflictError, MandaitorRateLimitError, ErrorCodes, } from "./errors";
+// ── Widget Configuration ──
+export { MandaitorConfigClient } from "./widget-config";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,wDAAwD;AACxD,8CAA8C;AAE9C,eAAe;AACf,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAyC3C,eAAe;AACf,OAAO,EACL,eAAe,EACf,qBAAqB,EACrB,wBAAwB,EACxB,kBAAkB,EAClB,uBAAuB,EACvB,sBAAsB,EACtB,sBAAsB,EACtB,uBAAuB,EACvB,UAAU,GACX,MAAM,UAAU,CAAC;AAGlB,6BAA6B;AAC7B,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,231 @@
+export type SubjectType = "NATURAL_PERSON" | "LEGAL_ENTITY" | "SERVICE" | "AGENT";
+export interface Subject {
+    /** Subject type discriminator */
+    type: SubjectType;
+    /** Unique subject identifier (e.g. "oidc|auth0|user123" or "agent:monco:validate-v2") */
+    subject_id: string;
+    /** Optional display name */
+    display_name?: string;
+    /** EUDI Wallet PID (planned for eIDAS 2.0 integration) */
+    eudi_pid?: string;
+}
+export interface Scope {
+    /** List of action identifiers from the taxonomy, e.g. ["construction.validation.approve"] */
+    actions: string[];
+    /** Resource URI patterns, e.g. ["monco:project:proj_123/*"] */
+    resources: string[];
+    /** Whether this scope allows or denies the actions */
+    effect: "ALLOW" | "DENY";
+    /** Optional conditions for fine-grained control */
+    conditions?: Record<string, unknown>;
+}
+export interface TimeConstraint {
+    /** ISO 8601 timestamp — mandate becomes active */
+    not_before?: string;
+    /** ISO 8601 timestamp — mandate expires */
+    expires_at?: string;
+    /** ISO 8601 duration — alternative to expires_at, e.g. "P30D" */
+    duration?: string;
+}
+export interface TransactionLimit {
+    currency: string;
+    value: number;
+}
+export interface EscalationRule {
+    /** Condition that triggers escalation */
+    condition: string;
+    /** Who to escalate to */
+    escalate_to: string;
+    /** Escalation method */
+    method: "NOTIFY" | "APPROVAL_REQUIRED" | "BLOCK";
+}
+export interface RateLimit {
+    /** Maximum number of operations */
+    max_operations: number;
+    /** Time window in seconds */
+    window_seconds: number;
+}
+export interface Constraints {
+    time?: TimeConstraint;
+    transaction_limits?: Record<string, TransactionLimit>;
+    escalation_rules?: EscalationRule[];
+    rate_limits?: Record<string, RateLimit>;
+    /** Require human confirmation for each invocation */
+    require_human_confirmation?: boolean;
+    /** Custom constraint extensions */
+    custom?: Record<string, unknown>;
+}
+export type MandateStatus = "ACTIVE" | "SUSPENDED" | "REVOKED" | "EXPIRED";
+export interface Mandate {
+    /** Unique mandate identifier, e.g. "mnd_abc123def456" */
+    mandate_id: string;
+    /** Tenant that owns this mandate */
+    tenant_id: string;
+    /** Who is delegating authority */
+    principal: Subject;
+    /** Who is receiving authority */
+    delegate: Subject;
+    /** What is being delegated */
+    scope: Scope;
+    /** Boundaries on the delegation */
+    constraints: Constraints;
+    /** Current status */
+    status: MandateStatus;
+    /** Cryptographic proof of creation */
+    proof: MandateProof;
+    /** Taxonomy version used for validation */
+    taxonomy_version?: string;
+    /** ISO 8601 creation timestamp */
+    created_at: string;
+    /** ISO 8601 last update timestamp */
+    updated_at: string;
+    /** Optional metadata */
+    metadata?: Record<string, unknown>;
+}
+export interface MandateProof {
+    /** Signature algorithm */
+    algorithm: string;
+    /** KMS key ARN used for signing */
+    key_id: string;
+    /** Base64-encoded signature */
+    signature: string;
+    /** ISO 8601 timestamp of signing */
+    signed_at: string;
+}
+export type AuditEventType = "MANDATE_CREATED" | "MANDATE_VERIFIED" | "MANDATE_REVOKED" | "MANDATE_SUSPENDED" | "MANDATE_REACTIVATED" | "MANDATE_EXPIRED" | "VERIFICATION_DENIED";
+export interface AuditEvent {
+    /** Unique event identifier */
+    event_id: string;
+    /** Mandate this event belongs to */
+    mandate_id: string;
+    /** Tenant ID */
+    tenant_id: string;
+    /** Event type */
+    event_type: AuditEventType;
+    /** Who triggered this event */
+    actor: Subject;
+    /** Event-specific payload */
+    payload: Record<string, unknown>;
+    /** SHA-256 hash of the previous event (chain integrity) */
+    previous_hash: string;
+    /** SHA-256 hash of this event */
+    event_hash: string;
+    /** ISO 8601 timestamp */
+    timestamp: string;
+}
+export interface CreateMandateRequest {
+    principal: Subject;
+    delegate: Subject;
+    scope: Scope;
+    constraints: Constraints;
+    taxonomy_version?: string;
+    metadata?: Record<string, unknown>;
+}
+export interface VerifyRequest {
+    /** Subject ID of the delegate to verify, e.g. "agent:monco:validate-v2" */
+    delegate_subject_id: string;
+    /** Action being attempted */
+    action: string;
+    /** Resource being accessed */
+    resource: string;
+    /** Additional context for condition evaluation */
+    context?: Record<string, unknown>;
+}
+export interface VerifyResponse {
+    /** Verification decision */
+    decision: "ALLOW" | "DENY";
+    /** Mandate ID that matched (present on ALLOW, absent on DENY/NO_MATCHING_MANDATE) */
+    mandate_id?: string;
+    /** Unique verification event ID for audit trail */
+    event_id: string;
+    /** Reason codes for denial (present on DENY) */
+    reason_codes?: string[];
+    /** Remaining constraints snapshot (present on ESCALATION_REQUIRED) */
+    constraints_remaining?: Record<string, unknown>;
+}
+/** Supported output formats for the Proof-of-Mandate artifact */
+export type PomFormat = "sd-jwt-vc";
+/** W3C VC claim set embedded in the Proof-of-Mandate SD-JWT */
+export interface ProofOfMandateClaims {
+    /** VC type discriminator */
+    vct: "ProofOfMandate";
+    /** Verification decision */
+    decision: "ALLOW" | "DENY";
+    /** Mandate ID that was evaluated (absent for DENY/NO_MATCHING_MANDATE) */
+    mandate_id?: string;
+    /** Unique verification event ID */
+    verification_event_id: string;
+    /** ISO 8601 timestamp of the verification */
+    verification_timestamp: string;
+    /** Action that was requested */
+    requested_action: string;
+    /** Resource that was requested */
+    requested_resource: string;
+    /** Subject ID of the delegate that was verified */
+    delegate_subject_id: string;
+    /** Subject ID of the principal who granted the mandate (if found) */
+    principal_subject_id?: string;
+    /** Tenant context (selectively disclosable) */
+    tenant_id?: string;
+    /** Reason codes for denial (selectively disclosable) */
+    reason_codes?: string[];
+    /** Remaining constraints snapshot (selectively disclosable) */
+    constraints_snapshot?: Record<string, unknown>;
+    /** Verification latency in ms (selectively disclosable) */
+    latency_ms?: number;
+    /** Issuer DID */
+    iss: string;
+    /** Subject (delegate_subject_id) */
+    sub: string;
+    /** Issued-at (Unix timestamp) */
+    iat: number;
+    /** Expiration (Unix timestamp) */
+    exp: number;
+    /** Selective-disclosure hash algorithm */
+    _sd_alg: "sha-256";
+}
+/** The full Proof-of-Mandate VC envelope */
+export interface ProofOfMandateVC {
+    /** SD-JWT compact serialization (header.payload.signature~disclosure1~...~) */
+    compact: string;
+    /** Decoded payload for convenience (not authoritative — the compact form is) */
+    payload: ProofOfMandateClaims;
+}
+/** Extended verify response that optionally includes a PoM VC */
+export interface VerifyResponseWithPoM extends VerifyResponse {
+    /** Proof-of-Mandate Verifiable Credential (present when ?pom=sd-jwt-vc) */
+    proof_of_mandate?: ProofOfMandateVC;
+}
+/** Options for the verify method */
+export interface VerifyOptions {
+    /** Request a Proof-of-Mandate VC in the specified format */
+    pom?: PomFormat;
+}
+export interface PaginatedResponse<T> {
+    items: T[];
+    /** Cursor for next page (undefined = last page) */
+    next_cursor?: string;
+    /** Total count (only if requested) */
+    total_count?: number;
+}
+export type TenantStatus = "PENDING" | "ACTIVE" | "SUSPENDED" | "DEACTIVATED";
+export interface Tenant {
+    tenant_id: string;
+    name: string;
+    contact_email: string;
+    status: TenantStatus;
+    api_key_hash: string;
+    created_at: string;
+    updated_at: string;
+}
+export interface AccessRequest {
+    request_id: string;
+    company_name: string;
+    contact_email: string;
+    use_case: string;
+    status: "PENDING" | "APPROVED" | "REJECTED";
+    submitted_at: string;
+    reviewed_at?: string;
+    reviewer_notes?: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAMA,MAAM,MAAM,WAAW,GAAG,gBAAgB,GAAG,cAAc,GAAG,SAAS,GAAG,OAAO,CAAC;AAElF,MAAM,WAAW,OAAO;IACtB,iCAAiC;IACjC,IAAI,EAAE,WAAW,CAAC;IAClB,yFAAyF;IACzF,UAAU,EAAE,MAAM,CAAC;IACnB,4BAA4B;IAC5B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,0DAA0D;IAC1D,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAKD,MAAM,WAAW,KAAK;IACpB,6FAA6F;IAC7F,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,+DAA+D;IAC/D,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,sDAAsD;IACtD,MAAM,EAAE,OAAO,GAAG,MAAM,CAAC;IACzB,mDAAmD;IACnD,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAKD,MAAM,WAAW,cAAc;IAC7B,kDAAkD;IAClD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,2CAA2C;IAC3C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iEAAiE;IACjE,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,yCAAyC;IACzC,SAAS,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,wBAAwB;IACxB,MAAM,EAAE,QAAQ,GAAG,mBAAmB,GAAG,OAAO,CAAC;CAClD;AAED,MAAM,WAAW,SAAS;IACxB,mCAAmC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,6BAA6B;IAC7B,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,CAAC,EAAE,cAAc,CAAC;IACtB,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IACtD,gBAAgB,CAAC,EAAE,cAAc,EAAE,CAAC;IACpC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACxC,qDAAqD;IACrD,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,mCAAmC;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAKD,MAAM,MAAM,aAAa,GAAG,QAAQ,GAAG,WAAW,GAAG,SAAS,GAAG,SAAS,CAAC;AAE3E,MAAM,WAAW,OAAO;IACtB,yDAAyD;IACzD,UAAU,EAAE,MAAM,CAAC;IACnB,oCAAoC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,kCAAkC;IAClC,SAAS,EAAE,OAAO,CAAC;IACnB,iCAAiC;IACjC,QAAQ,EAAE,OAAO,CAAC;IAClB,8BAA8B;IAC9B,KAAK,EAAE,KAAK,CAAC;IACb,mCAAmC;IACnC,WAAW,EAAE,WAAW,CAAC;IACzB,qBAAqB;IACrB,MAAM,EAAE,aAAa,CAAC;IACtB,sCAAsC;IACtC,KAAK,EAAE,YAAY,CAAC;IACpB,2CAA2C;IAC3C,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,kCAAkC;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,qCAAqC;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,wBAAwB;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,0BAA0B;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,mCAAmC;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,oCAAoC;IACpC,SAAS,EAAE,MAAM,CAAC;CACnB;AAKD,MAAM,MAAM,cAAc,GACtB,iBAAiB,GACjB,kBAAkB,GAClB,iBAAiB,GACjB,mBAAmB,GACnB,qBAAqB,GACrB,iBAAiB,GACjB,qBAAqB,CAAC;AAE1B,MAAM,WAAW,UAAU;IACzB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,oCAAoC;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,iBAAiB;IACjB,UAAU,EAAE,cAAc,CAAC;IAC3B,+BAA+B;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,2DAA2D;IAC3D,aAAa,EAAE,MAAM,CAAC;IACtB,iCAAiC;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,SAAS,EAAE,MAAM,CAAC;CACnB;AAKD,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,QAAQ,EAAE,OAAO,CAAC;IAClB,KAAK,EAAE,KAAK,CAAC;IACb,WAAW,EAAE,WAAW,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,aAAa;IAC5B,2EAA2E;IAC3E,mBAAmB,EAAE,MAAM,CAAC;IAC5B,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,kDAAkD;IAClD,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,cAAc;IAC7B,4BAA4B;IAC5B,QAAQ,EAAE,OAAO,GAAG,MAAM,CAAC;IAC3B,qFAAqF;IACrF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mDAAmD;IACnD,QAAQ,EAAE,MAAM,CAAC;IACjB,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,sEAAsE;IACtE,qBAAqB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjD;AAMD,iEAAiE;AACjE,MAAM,MAAM,SAAS,GAAG,WAAW,CAAC;AAEpC,+DAA+D;AAC/D,MAAM,WAAW,oBAAoB;IACnC,4BAA4B;IAC5B,GAAG,EAAE,gBAAgB,CAAC;IACtB,4BAA4B;IAC5B,QAAQ,EAAE,OAAO,GAAG,MAAM,CAAC;IAC3B,0EAA0E;IAC1E,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mCAAmC;IACnC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,6CAA6C;IAC7C,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gCAAgC;IAChC,gBAAgB,EAAE,MAAM,CAAC;IACzB,kCAAkC;IAClC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mDAAmD;IACnD,mBAAmB,EAAE,MAAM,CAAC;IAC5B,qEAAqE;IACrE,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,+CAA+C;IAC/C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,wDAAwD;IACxD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,+DAA+D;IAC/D,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/C,2DAA2D;IAC3D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iBAAiB;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,oCAAoC;IACpC,GAAG,EAAE,MAAM,CAAC;IACZ,iCAAiC;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,kCAAkC;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ,0CAA0C;IAC1C,OAAO,EAAE,SAAS,CAAC;CACpB;AAED,4CAA4C;AAC5C,MAAM,WAAW,gBAAgB;IAC/B,+EAA+E;IAC/E,OAAO,EAAE,MAAM,CAAC;IAChB,gFAAgF;IAChF,OAAO,EAAE,oBAAoB,CAAC;CAC/B;AAED,iEAAiE;AACjE,MAAM,WAAW,qBAAsB,SAAQ,cAAc;IAC3D,2EAA2E;IAC3E,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;CACrC;AAED,oCAAoC;AACpC,MAAM,WAAW,aAAa;IAC5B,4DAA4D;IAC5D,GAAG,CAAC,EAAE,SAAS,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB,CAAC,CAAC;IAClC,KAAK,EAAE,CAAC,EAAE,CAAC;IACX,mDAAmD;IACnD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,sCAAsC;IACtC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAKD,MAAM,MAAM,YAAY,GAAG,SAAS,GAAG,QAAQ,GAAG,WAAW,GAAG,aAAa,CAAC;AAE9E,MAAM,WAAW,MAAM;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,YAAY,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,SAAS,GAAG,UAAU,GAAG,UAAU,CAAC;IAC5C,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB"}

package/dist/types.js

@@ -0,0 +1,4 @@
+// @mandaitor/sdk — Shared type definitions
+// These types are the canonical representation used across all Mandaitor packages.
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,2CAA2C;AAC3C,mFAAmF"}

package/dist/widget-config.d.ts

@@ -0,0 +1,130 @@
+export type IdPType = "auth0" | "okta" | "azure-ad" | "entra_id" | "google" | "saml" | "oidc" | "eudi-wallet" | "eidas_wallet";
+export interface IdPConfig {
+    enabled?: boolean;
+    type?: string;
+    clientId?: string;
+    clientSecret?: string;
+    domain?: string;
+    tenantId?: string;
+    orgId?: string;
+    orgUrl?: string;
+    metadataUrl?: string;
+    [key: string]: unknown;
+}
+export interface WidgetConfiguration {
+    widgetId?: string;
+    configVersion?: number;
+    idpConfigs: Record<string, IdPConfig>;
+    availableIdPs: string[];
+    taxonomyLibraries: string[];
+    mandateTemplates: {
+        id: string;
+        name: string;
+        description: string;
+        taxonomy: string;
+        actions: string[];
+    }[];
+    scopeRestrictions: string[];
+    constraintDefaults: {
+        maxDuration: number;
+        maxDelegationDepth: number;
+        requireMfa: boolean;
+        requireGeoFence?: boolean;
+    };
+    branding: {
+        logoUrl: string;
+        primaryColor: string;
+        accentColor: string;
+        fontFamily?: string;
+        consentText: {
+            title: string;
+            description: string;
+            locale: string;
+        };
+        darkMode: boolean;
+        borderRadius: string;
+    };
+    approvalRequired: boolean;
+    approvalWorkflow?: {
+        enabled?: boolean;
+        mode?: "auto" | "manual" | "conditional";
+        notificationChannel?: "email" | "webhook" | "both";
+    };
+    webhooks?: {
+        id?: string;
+        url: string;
+        events: string[];
+        secret?: string;
+        active?: boolean;
+        retryPolicy?: {
+            maxRetries?: number;
+            backoffMultiplier?: number;
+        };
+    }[];
+}
+export declare class MandaitorConfigClient {
+    private baseUrl;
+    private authToken;
+    constructor(baseUrl: string, authToken: string);
+    getWidgetConfig(version?: number): Promise<WidgetConfiguration>;
+    updateWidgetConfig(config: Partial<WidgetConfiguration>): Promise<{
+        version: number;
+        widgetId: string;
+    }>;
+    validateIdPConfig(idpType: string, config: IdPConfig): Promise<{
+        valid: boolean;
+        message: string;
+    }>;
+    listConfigVersions(): Promise<{
+        version: number;
+        updatedAt: string;
+    }[]>;
+    rollbackConfig(version: number): Promise<void>;
+    getPublicWidgetConfig(widgetId: string): Promise<PublicWidgetConfig>;
+}
+export interface PublicWidgetConfig {
+    widgetId: string;
+    availableIdPs: {
+        type: IdPType;
+        tenantId?: string;
+        domain?: string;
+        orgId?: string;
+        orgUrl?: string;
+        presentationFlow?: {
+            mode: string;
+        };
+        requestedAttributes?: {
+            pid: string[];
+            eaa: string[];
+        };
+    }[];
+    taxonomyLibraries: string[];
+    mandateTemplates: {
+        id: string;
+        name: string;
+        description: string;
+        taxonomy: string;
+        actions: string[];
+    }[];
+    scopeRestrictions: string[];
+    constraintDefaults: {
+        maxDuration: number;
+        maxDelegationDepth: number;
+        requireMfa: boolean;
+    };
+    branding: {
+        logoUrl: string;
+        primaryColor: string;
+        accentColor: string;
+        fontFamily?: string;
+        consentText: {
+            title: string;
+            description: string;
+            locale: string;
+        };
+        darkMode: boolean;
+        borderRadius: string;
+    };
+    approvalRequired: boolean;
+}
+//# sourceMappingURL=widget-config.d.ts.map

package/dist/widget-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"widget-config.d.ts","sourceRoot":"","sources":["../src/widget-config.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,OAAO,GACf,OAAO,GACP,MAAM,GACN,UAAU,GACV,UAAU,GACV,QAAQ,GACR,MAAM,GACN,MAAM,GACN,aAAa,GACb,cAAc,CAAC;AAEnB,MAAM,WAAW,SAAS;IACxB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACtC,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,gBAAgB,EAAE;QAChB,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,EAAE,CAAC;IACJ,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,kBAAkB,EAAE;QAClB,WAAW,EAAE,MAAM,CAAC;QACpB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,UAAU,EAAE,OAAO,CAAC;QACpB,eAAe,CAAC,EAAE,OAAO,CAAC;KAC3B,CAAC;IACF,QAAQ,EAAE;QACR,OAAO,EAAE,MAAM,CAAC;QAChB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,WAAW,EAAE;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,WAAW,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,CAAC;QACpE,QAAQ,EAAE,OAAO,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,gBAAgB,EAAE,OAAO,CAAC;IAC1B,gBAAgB,CAAC,EAAE;QACjB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,IAAI,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,aAAa,CAAC;QACzC,mBAAmB,CAAC,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;KACpD,CAAC;IACF,QAAQ,CAAC,EAAE;QACT,EAAE,CAAC,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,WAAW,CAAC,EAAE;YAAE,UAAU,CAAC,EAAE,MAAM,CAAC;YAAC,iBAAiB,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC;KACnE,EAAE,CAAC;CACL;AAED,qBAAa,qBAAqB;IAE9B,OAAO,CAAC,OAAO;IACf,OAAO,CAAC,SAAS;gBADT,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM;IAIrB,eAAe,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAS/D,kBAAkB,CACtB,MAAM,EAAE,OAAO,CAAC,mBAAmB,CAAC,GACnC,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IAa3C,iBAAiB,CACrB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,SAAS,GAChB,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAgBzC,kBAAkB,IAAI,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAQvE,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAS9C,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;CAO3E;AAGD,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE;QACb,IAAI,EAAE,OAAO,CAAC;QACd,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,gBAAgB,CAAC,EAAE;YAAE,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC;QACpC,mBAAmB,CAAC,EAAE;YAAE,GAAG,EAAE,MAAM,EAAE,CAAC;YAAC,GAAG,EAAE,MAAM,EAAE,CAAA;SAAE,CAAC;KACxD,EAAE,CAAC;IACJ,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,gBAAgB,EAAE;QAChB,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,EAAE,CAAC;IACJ,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,kBAAkB,EAAE;QAClB,WAAW,EAAE,MAAM,CAAC;QACpB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,UAAU,EAAE,OAAO,CAAC;KACrB,CAAC;IACF,QAAQ,EAAE;QACR,OAAO,EAAE,MAAM,CAAC;QAChB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,WAAW,EAAE;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,WAAW,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,CAAC;QACpE,QAAQ,EAAE,OAAO,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,gBAAgB,EAAE,OAAO,CAAC;CAC3B"}

package/dist/widget-config.js

@@ -0,0 +1,72 @@
+// Widget configuration types (formerly in @mandaitor/core)
+export class MandaitorConfigClient {
+    baseUrl;
+    authToken;
+    constructor(baseUrl, authToken) {
+        this.baseUrl = baseUrl;
+        this.authToken = authToken;
+    }
+    // ── Tenant Dashboard Methods (require Cognito JWT) ────────────
+    async getWidgetConfig(version) {
+        const url = version ? `${this.baseUrl}/config?version=${version}` : `${this.baseUrl}/config`;
+        const res = await fetch(url, {
+            headers: { Authorization: `Bearer ${this.authToken}` },
+        });
+        if (!res.ok)
+            throw new Error(`Failed to get config: ${res.status}`);
+        return res.json();
+    }
+    async updateWidgetConfig(config) {
+        const res = await fetch(`${this.baseUrl}/config`, {
+            method: "PUT",
+            headers: {
+                Authorization: `Bearer ${this.authToken}`,
+                "Content-Type": "application/json",
+            },
+            body: JSON.stringify(config),
+        });
+        if (!res.ok)
+            throw new Error(`Failed to update config: ${res.status}`);
+        return res.json();
+    }
+    async validateIdPConfig(idpType, config) {
+        const res = await fetch(`${this.baseUrl}/config/validate-idp`, {
+            method: "POST",
+            headers: {
+                Authorization: `Bearer ${this.authToken}`,
+                "Content-Type": "application/json",
+            },
+            body: JSON.stringify({ idpType, config }),
+        });
+        if (!res.ok)
+            throw new Error(`Validation request failed: ${res.status}`);
+        const data = (await res.json());
+        return data.results[idpType];
+    }
+    async listConfigVersions() {
+        const res = await fetch(`${this.baseUrl}/config/versions`, {
+            headers: { Authorization: `Bearer ${this.authToken}` },
+        });
+        if (!res.ok)
+            throw new Error(`Failed to list versions: ${res.status}`);
+        return res.json();
+    }
+    async rollbackConfig(version) {
+        const res = await fetch(`${this.baseUrl}/config/rollback/${version}`, {
+            method: "POST",
+            headers: { Authorization: `Bearer ${this.authToken}` },
+        });
+        if (!res.ok)
+            throw new Error(`Rollback failed: ${res.status}`);
+    }
+    // ── Public Widget Methods (require API Key) ───────────────────
+    async getPublicWidgetConfig(widgetId) {
+        const res = await fetch(`${this.baseUrl}/public/widget/${widgetId}`, {
+            headers: { "X-API-Key": this.authToken },
+        });
+        if (!res.ok)
+            throw new Error(`Widget not found: ${res.status}`);
+        return res.json();
+    }
+}
+//# sourceMappingURL=widget-config.js.map

package/dist/widget-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"widget-config.js","sourceRoot":"","sources":["../src/widget-config.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAuE3D,MAAM,OAAO,qBAAqB;IAEtB;IACA;IAFV,YACU,OAAe,EACf,SAAiB;QADjB,YAAO,GAAP,OAAO,CAAQ;QACf,cAAS,GAAT,SAAS,CAAQ;IACxB,CAAC;IAEJ,iEAAiE;IACjE,KAAK,CAAC,eAAe,CAAC,OAAgB;QACpC,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,OAAO,mBAAmB,OAAO,EAAE,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,OAAO,SAAS,CAAC;QAC7F,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,SAAS,EAAE,EAAE;SACvD,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACpE,OAAO,GAAG,CAAC,IAAI,EAAkC,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,kBAAkB,CACtB,MAAoC;QAEpC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,SAAS,EAAE;YAChD,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,IAAI,CAAC,SAAS,EAAE;gBACzC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;SAC7B,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACvE,OAAO,GAAG,CAAC,IAAI,EAAoD,CAAC;IACtE,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,OAAe,EACf,MAAiB;QAEjB,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,sBAAsB,EAAE;YAC7D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,IAAI,CAAC,SAAS,EAAE;gBACzC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;SAC1C,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACzE,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAE7B,CAAC;QACF,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,kBAAkB;QACtB,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,kBAAkB,EAAE;YACzD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,SAAS,EAAE,EAAE;SACvD,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACvE,OAAO,GAAG,CAAC,IAAI,EAAuD,CAAC;IACzE,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAAe;QAClC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,oBAAoB,OAAO,EAAE,EAAE;YACpE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,SAAS,EAAE,EAAE;SACvD,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,iEAAiE;IACjE,KAAK,CAAC,qBAAqB,CAAC,QAAgB;QAC1C,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,kBAAkB,QAAQ,EAAE,EAAE;YACnE,OAAO,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,SAAS,EAAE;SACzC,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAChE,OAAO,GAAG,CAAC,IAAI,EAAiC,CAAC;IACnD,CAAC;CACF"}

package/package.json

@@ -0,0 +1,63 @@
+{
+  "name": "@mandaitor/sdk",
+  "version": "0.1.1",
+  "description": "Mandaitor Delegation Mandate Registry — TypeScript SDK",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "dependencies": {},
+  "devDependencies": {
+    "typescript": "^5.6.0",
+    "vitest": "^4.0.0"
+  },
+  "publishConfig": {
+    "registry": "https://registry.npmjs.org",
+    "access": "public"
+  },
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/C4RR13P0TT3R/mandaitor.git",
+    "directory": "packages/sdk"
+  },
+  "keywords": [
+    "mandaitor",
+    "delegation",
+    "mandate",
+    "ai-governance",
+    "trust",
+    "verification",
+    "proof-of-mandate",
+    "sd-jwt",
+    "verifiable-credentials",
+    "sdk",
+    "typescript",
+    "api-client"
+  ],
+  "homepage": "https://docs.mandaitor.io/docs/guides/getting-started",
+  "bugs": {
+    "url": "https://github.com/C4RR13P0TT3R/mandaitor/issues"
+  },
+  "author": "Mandaitor <support@mandaitor.io> (https://mandaitor.io)",
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "test:unit": "vitest run --exclude test/integration.test.ts",
+    "test:integration": "vitest run test/integration.test.ts",
+    "typecheck": "tsc --noEmit",
+    "lint": "eslint src/",
+    "lint:fix": "eslint src/ --fix",
+    "clean": "rm -rf dist tsconfig.tsbuildinfo"
+  }
+}