@mandaitor/sdk 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/dist/client.d.ts +59 -0
  2. package/dist/client.d.ts.map +1 -0
  3. package/dist/client.js +139 -0
  4. package/dist/client.js.map +1 -0
  5. package/dist/errors.d.ts +82 -0
  6. package/dist/errors.d.ts.map +1 -0
  7. package/dist/errors.js +104 -0
  8. package/dist/errors.js.map +1 -0
  9. package/dist/index.d.ts +8 -0
  10. package/dist/index.d.ts.map +1 -0
  11. package/dist/index.js +10 -0
  12. package/dist/index.js.map +1 -0
  13. package/dist/types.d.ts +231 -0
  14. package/dist/types.d.ts.map +1 -0
  15. package/dist/types.js +4 -0
  16. package/dist/types.js.map +1 -0
  17. package/dist/widget-config.d.ts +130 -0
  18. package/dist/widget-config.d.ts.map +1 -0
  19. package/dist/widget-config.js +72 -0
  20. package/dist/widget-config.js.map +1 -0
  21. package/package.json +41 -0
package/dist/client.d.ts ADDED
@@ -0,0 +1,59 @@
1
+ import type { Mandate, CreateMandateRequest, VerifyRequest, VerifyResponse, VerifyResponseWithPoM, VerifyOptions, AuditEvent, PaginatedResponse } from "./types";
2
+ export interface MandaitorClientConfig {
3
+ /** API key issued during tenant onboarding */
4
+ apiKey: string;
5
+ /** Tenant identifier, e.g. "tnt_monco_prod" */
6
+ tenantId: string;
7
+ /** API base URL (defaults to production) */
8
+ baseUrl?: string;
9
+ /** Request timeout in milliseconds (default: 5000) */
10
+ timeout?: number;
11
+ /** Number of retries for 5xx/429 errors (default: 2) */
12
+ retries?: number;
13
+ }
14
+ export declare class MandaitorClient {
15
+ private config;
16
+ constructor(config: MandaitorClientConfig);
17
+ private request;
18
+ createMandate(req: CreateMandateRequest): Promise<Mandate>;
19
+ getMandate(mandateId: string): Promise<Mandate>;
20
+ listMandates(params?: {
21
+ status?: string;
22
+ limit?: number;
23
+ cursor?: string;
24
+ }): Promise<PaginatedResponse<Mandate>>;
25
+ revokeMandate(mandateId: string, reason?: string): Promise<Mandate>;
26
+ suspendMandate(mandateId: string, reason?: string): Promise<Mandate>;
27
+ reactivateMandate(mandateId: string): Promise<Mandate>;
28
+ verify(req: VerifyRequest): Promise<VerifyResponse>;
29
+ /**
30
+ * Verify an action and optionally request a Proof-of-Mandate VC.
31
+ *
32
+ * @example
33
+ * ```ts
34
+ * const result = await client.verifyWithPoM(
35
+ * { delegate_subject_id: "agent:v2", action: "approve", resource: "proj/*" },
36
+ * { pom: "sd-jwt-vc" },
37
+ * );
38
+ * if (result.proof_of_mandate) {
39
+ * console.log(result.proof_of_mandate.compact); // SD-JWT string
40
+ * }
41
+ * ```
42
+ */
43
+ verifyWithPoM(req: VerifyRequest, options: VerifyOptions): Promise<VerifyResponseWithPoM>;
44
+ getMandateEvents(mandateId: string, params?: {
45
+ limit?: number;
46
+ cursor?: string;
47
+ }): Promise<PaginatedResponse<AuditEvent>>;
48
+ getAuditEvents(mandateId: string, options?: {
49
+ limit?: number;
50
+ cursor?: string;
51
+ }): Promise<PaginatedResponse<AuditEvent>>;
52
+ listEvents(params?: {
53
+ limit?: number;
54
+ cursor?: string;
55
+ event_type?: string;
56
+ }): Promise<PaginatedResponse<AuditEvent>>;
57
+ getEvent(eventId: string): Promise<AuditEvent>;
58
+ }
59
+ //# sourceMappingURL=client.d.ts.map
package/dist/client.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,OAAO,EACP,oBAAoB,EACpB,aAAa,EACb,cAAc,EACd,qBAAqB,EACrB,aAAa,EACb,UAAU,EACV,iBAAiB,EAClB,MAAM,SAAS,CAAC;AAGjB,MAAM,WAAW,qBAAqB;IACpC,8CAA8C;IAC9C,MAAM,EAAE,MAAM,CAAC;IACf,+CAA+C;IAC/C,QAAQ,EAAE,MAAM,CAAC;IACjB,4CAA4C;IAC5C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,sDAAsD;IACtD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wDAAwD;IACxD,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,eAAe;IAC1B,OAAO,CAAC,MAAM,CAAkC;gBAEpC,MAAM,EAAE,qBAAqB;YAS3B,OAAO;IAkDf,aAAa,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,OAAO,CAAC;IAI1D,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAI/C,YAAY,CAAC,MAAM,CAAC,EAAE;QAC1B,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;KACjB,GAAG,OAAO,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;IASjC,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAInE,cAAc,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAIpE,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKtD,MAAM,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,cAAc,CAAC;IAIzD;;;;;;;;;;;;;OAaG;IACG,aAAa,CAAC,GAAG,EAAE,aAAa,EAAE,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAQzF,gBAAgB,CACpB,SAAS,EAAE,MAAM,EACjB,MAAM,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAC3C,OAAO,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAQnC,cAAc,CAClB,SAAS,EAAE,MAAM,EACjB,OAAO,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GAC5C,OAAO,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAYnC,UAAU,CAAC,MAAM,CAAC,EAAE;QACxB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,UAAU,CAAC,EAAE,MAAM,CAAC;KACrB,GAAG,OAAO,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;IASpC,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;CAGrD"}
package/dist/client.js ADDED
@@ -0,0 +1,139 @@
1
+ import { MandataApiError, MandaitorTimeoutError } from "./errors";
2
+ export class MandaitorClient {
3
+ config;
4
+ constructor(config) {
5
+ this.config = {
6
+ baseUrl: "https://api.mandaitor.io/v1",
7
+ timeout: 5000,
8
+ retries: 2,
9
+ ...config,
10
+ };
11
+ }
12
+ async request(method, path, body) {
13
+ let lastError = null;
14
+ const url = `${this.config.baseUrl}${path}`;
15
+ for (let attempt = 0; attempt <= this.config.retries; attempt++) {
16
+ try {
17
+ const controller = new AbortController();
18
+ const timeoutId = setTimeout(() => controller.abort(), this.config.timeout);
19
+ const response = await fetch(url, {
20
+ method,
21
+ headers: {
22
+ "Content-Type": "application/json",
23
+ "X-Api-Key": this.config.apiKey,
24
+ "X-Tenant-Id": this.config.tenantId,
25
+ },
26
+ body: body ? JSON.stringify(body) : undefined,
27
+ signal: controller.signal,
28
+ });
29
+ clearTimeout(timeoutId);
30
+ if (!response.ok) {
31
+ const error = (await response.json().catch(() => ({})));
32
+ throw new MandataApiError(response.status, error.error || "UNKNOWN", error.message || response.statusText, response.headers.get("x-request-id") || undefined);
33
+ }
34
+ return response.json();
35
+ }
36
+ catch (err) {
37
+ if (err instanceof Error && err.name === "AbortError") {
38
+ lastError = new MandaitorTimeoutError(this.config.timeout, url);
39
+ }
40
+ else {
41
+ lastError = err instanceof Error ? err : new Error(String(err));
42
+ }
43
+ // Only retry on server errors or rate limiting
44
+ if (err instanceof MandataApiError && !err.isRetryable)
45
+ throw err;
46
+ if (attempt < this.config.retries) {
47
+ await new Promise((r) => setTimeout(r, Math.pow(2, attempt) * 100));
48
+ }
49
+ }
50
+ }
51
+ throw lastError;
52
+ }
53
+ // ── Mandate Operations ──────────────────────────────────
54
+ async createMandate(req) {
55
+ return this.request("POST", "/mandates", req);
56
+ }
57
+ async getMandate(mandateId) {
58
+ return this.request("GET", `/mandates/${mandateId}`);
59
+ }
60
+ async listMandates(params) {
61
+ const query = new URLSearchParams();
62
+ if (params?.status)
63
+ query.set("status", params.status);
64
+ if (params?.limit)
65
+ query.set("limit", String(params.limit));
66
+ if (params?.cursor)
67
+ query.set("cursor", params.cursor);
68
+ const qs = query.toString();
69
+ return this.request("GET", `/mandates${qs ? "?" + qs : ""}`);
70
+ }
71
+ async revokeMandate(mandateId, reason) {
72
+ return this.request("POST", `/mandates/${mandateId}/revoke`, { reason });
73
+ }
74
+ async suspendMandate(mandateId, reason) {
75
+ return this.request("POST", `/mandates/${mandateId}/suspend`, { reason });
76
+ }
77
+ async reactivateMandate(mandateId) {
78
+ return this.request("POST", `/mandates/${mandateId}/reactivate`);
79
+ }
80
+ // ── Verification ────────────────────────────────────────
81
+ async verify(req) {
82
+ return this.request("POST", "/verify", req);
83
+ }
84
+ /**
85
+ * Verify an action and optionally request a Proof-of-Mandate VC.
86
+ *
87
+ * @example
88
+ * ```ts
89
+ * const result = await client.verifyWithPoM(
90
+ * { delegate_subject_id: "agent:v2", action: "approve", resource: "proj/*" },
91
+ * { pom: "sd-jwt-vc" },
92
+ * );
93
+ * if (result.proof_of_mandate) {
94
+ * console.log(result.proof_of_mandate.compact); // SD-JWT string
95
+ * }
96
+ * ```
97
+ */
98
+ async verifyWithPoM(req, options) {
99
+ const query = new URLSearchParams();
100
+ if (options.pom)
101
+ query.set("pom", options.pom);
102
+ const qs = query.toString();
103
+ return this.request("POST", `/verify${qs ? "?" + qs : ""}`, req);
104
+ }
105
+ // ── Audit Events ────────────────────────────────────────
106
+ async getMandateEvents(mandateId, params) {
107
+ const query = new URLSearchParams();
108
+ if (params?.limit)
109
+ query.set("limit", String(params.limit));
110
+ if (params?.cursor)
111
+ query.set("cursor", params.cursor);
112
+ const qs = query.toString();
113
+ return this.request("GET", `/mandates/${mandateId}/events${qs ? "?" + qs : ""}`);
114
+ }
115
+ async getAuditEvents(mandateId, options) {
116
+ const queryParams = new URLSearchParams();
117
+ if (options?.limit)
118
+ queryParams.append("limit", options.limit.toString());
119
+ if (options?.cursor)
120
+ queryParams.append("cursor", options.cursor);
121
+ const qs = queryParams.toString();
122
+ return this.request("GET", `/mandates/${mandateId}/audit-events${qs ? "?" + qs : ""}`);
123
+ }
124
+ async listEvents(params) {
125
+ const query = new URLSearchParams();
126
+ if (params?.limit)
127
+ query.set("limit", String(params.limit));
128
+ if (params?.cursor)
129
+ query.set("cursor", params.cursor);
130
+ if (params?.event_type)
131
+ query.set("event_type", params.event_type);
132
+ const qs = query.toString();
133
+ return this.request("GET", `/events${qs ? "?" + qs : ""}`);
134
+ }
135
+ async getEvent(eventId) {
136
+ return this.request("GET", `/events/${eventId}`);
137
+ }
138
+ }
139
+ //# sourceMappingURL=client.js.map
package/dist/client.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AAelE,MAAM,OAAO,eAAe;IAClB,MAAM,CAAkC;IAEhD,YAAY,MAA6B;QACvC,IAAI,CAAC,MAAM,GAAG;YACZ,OAAO,EAAE,6BAA6B;YACtC,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,CAAC;YACV,GAAG,MAAM;SACV,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,OAAO,CAAI,MAAc,EAAE,IAAY,EAAE,IAAc;QACnE,IAAI,SAAS,GAAiB,IAAI,CAAC;QACnC,MAAM,GAAG,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,GAAG,IAAI,EAAE,CAAC;QAE5C,KAAK,IAAI,OAAO,GAAG,CAAC,EAAE,OAAO,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,CAAC;YAChE,IAAI,CAAC;gBACH,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;gBACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAE5E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;oBAChC,MAAM;oBACN,OAAO,EAAE;wBACP,cAAc,EAAE,kBAAkB;wBAClC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;wBAC/B,aAAa,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;qBACpC;oBACD,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;oBAC7C,MAAM,EAAE,UAAU,CAAC,MAAM;iBAC1B,CAAC,CAAC;gBAEH,YAAY,CAAC,SAAS,CAAC,CAAC;gBAExB,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;oBACjB,MAAM,KAAK,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAA4B,CAAC;oBACnF,MAAM,IAAI,eAAe,CACvB,QAAQ,CAAC,MAAM,EACd,KAAK,CAAC,KAAgB,IAAI,SAAS,EACnC,KAAK,CAAC,OAAkB,IAAI,QAAQ,CAAC,UAAU,EAChD,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,SAAS,CAClD,CAAC;gBACJ,CAAC;gBAED,OAAO,QAAQ,CAAC,IAAI,EAAgB,CAAC;YACvC,CAAC;YAAC,OAAO,GAAY,EAAE,CAAC;gBACtB,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBACtD,SAAS,GAAG,IAAI,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;gBAClE,CAAC;qBAAM,CAAC;oBACN,SAAS,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;gBAClE,CAAC;gBACD,+CAA+C;gBAC/C,IAAI,GAAG,YAAY,eAAe,IAAI,CAAC,GAAG,CAAC,WAAW;oBAAE,MAAM,GAAG,CAAC;gBAClE,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;oBAClC,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;gBACtE,CAAC;YACH,CAAC;QACH,CAAC;QACD,MAAM,SAAS,CAAC;IAClB,CAAC;IAED,2DAA2D;IAC3D,KAAK,CAAC,aAAa,CAAC,GAAyB;QAC3C,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,WAAW,EAAE,GAAG,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,SAAiB;QAChC,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,aAAa,SAAS,EAAE,CAAC,CAAC;IACvD,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,MAIlB;QACC,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,MAAM,EAAE,MAAM;YAAE,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACvD,IAAI,MAAM,EAAE,KAAK;YAAE,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5D,IAAI,MAAM,EAAE,MAAM;YAAE,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACvD,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,SAAiB,EAAE,MAAe;QACpD,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,aAAa,SAAS,SAAS,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IAC3E,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,SAAiB,EAAE,MAAe;QACrD,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,aAAa,SAAS,UAAU,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,SAAiB;QACvC,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,aAAa,SAAS,aAAa,CAAC,CAAC;IACnE,CAAC;IAED,2DAA2D;IAC3D,KAAK,CAAC,MAAM,CAAC,GAAkB;QAC7B,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,CAAC,CAAC;IAC9C,CAAC;IAED;;;;;;;;;;;;;OAaG;IACH,KAAK,CAAC,aAAa,CAAC,GAAkB,EAAE,OAAsB;QAC5D,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,OAAO,CAAC,GAAG;YAAE,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QAC/C,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;IACnE,CAAC;IAED,2DAA2D;IAC3D,KAAK,CAAC,gBAAgB,CACpB,SAAiB,EACjB,MAA4C;QAE5C,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,MAAM,EAAE,KAAK;YAAE,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5D,IAAI,MAAM,EAAE,MAAM;YAAE,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACvD,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,aAAa,SAAS,UAAU,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACnF,CAAC;IAED,KAAK,CAAC,cAAc,CAClB,SAAiB,EACjB,OAA6C;QAE7C,MAAM,WAAW,GAAG,IAAI,eAAe,EAAE,CAAC;QAC1C,IAAI,OAAO,EAAE,KAAK;YAAE,WAAW,CAAC,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC1E,IAAI,OAAO,EAAE,MAAM;YAAE,WAAW,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;QAElE,MAAM,EAAE,GAAG,WAAW,CAAC,QAAQ,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC,OAAO,CACjB,KAAK,EACL,aAAa,SAAS,gBAAgB,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAC3D,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,MAIhB;QACC,MAAM,KAAK,GAAG,IAAI,eAAe,EAAE,CAAC;QACpC,IAAI,MAAM,EAAE,KAAK;YAAE,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5D,IAAI,MAAM,EAAE,MAAM;YAAE,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACvD,IAAI,MAAM,EAAE,UAAU;YAAE,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;QACnE,MAAM,EAAE,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAe;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,WAAW,OAAO,EAAE,CAAC,CAAC;IACnD,CAAC;CACF"}
package/dist/errors.d.ts ADDED
@@ -0,0 +1,82 @@
1
+ /**
2
+ * Error codes returned by the Mandaitor API.
3
+ * Use these constants for programmatic error handling.
4
+ */
5
+ export declare const ErrorCodes: {
6
+ readonly INVALID_REQUEST: "INVALID_REQUEST";
7
+ readonly INVALID_SCOPE: "INVALID_SCOPE";
8
+ readonly INVALID_CONSTRAINTS: "INVALID_CONSTRAINTS";
9
+ readonly TAXONOMY_VALIDATION_FAILED: "TAXONOMY_VALIDATION_FAILED";
10
+ readonly MISSING_API_KEY: "MISSING_API_KEY";
11
+ readonly INVALID_API_KEY: "INVALID_API_KEY";
12
+ readonly API_KEY_EXPIRED: "API_KEY_EXPIRED";
13
+ readonly TENANT_SUSPENDED: "TENANT_SUSPENDED";
14
+ readonly INSUFFICIENT_PERMISSIONS: "INSUFFICIENT_PERMISSIONS";
15
+ readonly MANDATE_NOT_FOUND: "MANDATE_NOT_FOUND";
16
+ readonly EVENT_NOT_FOUND: "EVENT_NOT_FOUND";
17
+ readonly TENANT_NOT_FOUND: "TENANT_NOT_FOUND";
18
+ readonly MANDATE_ALREADY_REVOKED: "MANDATE_ALREADY_REVOKED";
19
+ readonly MANDATE_ALREADY_SUSPENDED: "MANDATE_ALREADY_SUSPENDED";
20
+ readonly DUPLICATE_REQUEST: "DUPLICATE_REQUEST";
21
+ readonly RATE_LIMIT_EXCEEDED: "RATE_LIMIT_EXCEEDED";
22
+ readonly INTERNAL_ERROR: "INTERNAL_ERROR";
23
+ readonly KMS_SIGNING_FAILED: "KMS_SIGNING_FAILED";
24
+ readonly DATABASE_ERROR: "DATABASE_ERROR";
25
+ };
26
+ export type ErrorCode = (typeof ErrorCodes)[keyof typeof ErrorCodes];
27
+ /**
28
+ * Typed error class for Mandaitor API errors.
29
+ * Thrown by MandaitorClient when the API returns a non-2xx response.
30
+ *
31
+ * @example
32
+ * try {
33
+ * await client.getMandate("mnd_nonexistent");
34
+ * } catch (err) {
35
+ * if (err instanceof MandataApiError) {
36
+ * if (err.code === ErrorCodes.MANDATE_NOT_FOUND) {
37
+ * // Handle 404
38
+ * }
39
+ * console.error(`[${err.status}] ${err.code}: ${err.message}`);
40
+ * }
41
+ * }
42
+ */
43
+ export declare class MandataApiError extends Error {
44
+ /** HTTP status code (e.g. 400, 404, 500) */
45
+ readonly status: number;
46
+ /** Machine-readable error code from ErrorCodes */
47
+ readonly code: string;
48
+ /** Optional request ID for support debugging */
49
+ readonly requestId?: string | undefined;
50
+ readonly name = "MandataApiError";
51
+ constructor(
52
+ /** HTTP status code (e.g. 400, 404, 500) */
53
+ status: number,
54
+ /** Machine-readable error code from ErrorCodes */
55
+ code: string,
56
+ /** Human-readable error message */
57
+ message: string,
58
+ /** Optional request ID for support debugging */
59
+ requestId?: string | undefined);
60
+ /** Returns true if this is a client error (4xx) */
61
+ get isClientError(): boolean;
62
+ /** Returns true if this is a server error (5xx) — safe to retry */
63
+ get isRetryable(): boolean;
64
+ /** Structured JSON representation for logging */
65
+ toJSON(): {
66
+ name: string;
67
+ status: number;
68
+ code: string;
69
+ message: string;
70
+ requestId: string | undefined;
71
+ };
72
+ }
73
+ /**
74
+ * Thrown when the request times out (AbortController signal).
75
+ */
76
+ export declare class MandaitorTimeoutError extends Error {
77
+ readonly timeoutMs: number;
78
+ readonly url: string;
79
+ readonly name = "MandaitorTimeoutError";
80
+ constructor(timeoutMs: number, url: string);
81
+ }
82
+ //# sourceMappingURL=errors.d.ts.map
package/dist/errors.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;CAiCb,CAAC;AAEX,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,OAAO,UAAU,CAAC,CAAC;AAErE;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,eAAgB,SAAQ,KAAK;IAItC,4CAA4C;aAC5B,MAAM,EAAE,MAAM;IAC9B,kDAAkD;aAClC,IAAI,EAAE,MAAM;IAG5B,gDAAgD;aAChC,SAAS,CAAC,EAAE,MAAM;IAVpC,SAAgB,IAAI,qBAAqB;;IAGvC,4CAA4C;IAC5B,MAAM,EAAE,MAAM;IAC9B,kDAAkD;IAClC,IAAI,EAAE,MAAM;IAC5B,mCAAmC;IACnC,OAAO,EAAE,MAAM;IACf,gDAAgD;IAChC,SAAS,CAAC,EAAE,MAAM,YAAA;IAOpC,mDAAmD;IACnD,IAAI,aAAa,IAAI,OAAO,CAE3B;IAED,mEAAmE;IACnE,IAAI,WAAW,IAAI,OAAO,CAEzB;IAED,iDAAiD;IACjD,MAAM;;;;;;;CASP;AAED;;GAEG;AACH,qBAAa,qBAAsB,SAAQ,KAAK;aAI5B,SAAS,EAAE,MAAM;aACjB,GAAG,EAAE,MAAM;IAJ7B,SAAgB,IAAI,2BAA2B;gBAG7B,SAAS,EAAE,MAAM,EACjB,GAAG,EAAE,MAAM;CAK9B"}
package/dist/errors.js ADDED
@@ -0,0 +1,104 @@
1
+ // @mandaitor/sdk — Error classes and error code constants
2
+ /**
3
+ * Error codes returned by the Mandaitor API.
4
+ * Use these constants for programmatic error handling.
5
+ */
6
+ export const ErrorCodes = {
7
+ // 400 Bad Request
8
+ INVALID_REQUEST: "INVALID_REQUEST",
9
+ INVALID_SCOPE: "INVALID_SCOPE",
10
+ INVALID_CONSTRAINTS: "INVALID_CONSTRAINTS",
11
+ TAXONOMY_VALIDATION_FAILED: "TAXONOMY_VALIDATION_FAILED",
12
+ // 401 Unauthorized
13
+ MISSING_API_KEY: "MISSING_API_KEY",
14
+ INVALID_API_KEY: "INVALID_API_KEY",
15
+ API_KEY_EXPIRED: "API_KEY_EXPIRED",
16
+ // 403 Forbidden
17
+ TENANT_SUSPENDED: "TENANT_SUSPENDED",
18
+ INSUFFICIENT_PERMISSIONS: "INSUFFICIENT_PERMISSIONS",
19
+ // 404 Not Found
20
+ MANDATE_NOT_FOUND: "MANDATE_NOT_FOUND",
21
+ EVENT_NOT_FOUND: "EVENT_NOT_FOUND",
22
+ TENANT_NOT_FOUND: "TENANT_NOT_FOUND",
23
+ // 409 Conflict
24
+ MANDATE_ALREADY_REVOKED: "MANDATE_ALREADY_REVOKED",
25
+ MANDATE_ALREADY_SUSPENDED: "MANDATE_ALREADY_SUSPENDED",
26
+ DUPLICATE_REQUEST: "DUPLICATE_REQUEST",
27
+ // 429 Too Many Requests
28
+ RATE_LIMIT_EXCEEDED: "RATE_LIMIT_EXCEEDED",
29
+ // 500 Internal Server Error
30
+ INTERNAL_ERROR: "INTERNAL_ERROR",
31
+ KMS_SIGNING_FAILED: "KMS_SIGNING_FAILED",
32
+ DATABASE_ERROR: "DATABASE_ERROR",
33
+ };
34
+ /**
35
+ * Typed error class for Mandaitor API errors.
36
+ * Thrown by MandaitorClient when the API returns a non-2xx response.
37
+ *
38
+ * @example
39
+ * try {
40
+ * await client.getMandate("mnd_nonexistent");
41
+ * } catch (err) {
42
+ * if (err instanceof MandataApiError) {
43
+ * if (err.code === ErrorCodes.MANDATE_NOT_FOUND) {
44
+ * // Handle 404
45
+ * }
46
+ * console.error(`[${err.status}] ${err.code}: ${err.message}`);
47
+ * }
48
+ * }
49
+ */
50
+ export class MandataApiError extends Error {
51
+ status;
52
+ code;
53
+ requestId;
54
+ name = "MandataApiError";
55
+ constructor(
56
+ /** HTTP status code (e.g. 400, 404, 500) */
57
+ status,
58
+ /** Machine-readable error code from ErrorCodes */
59
+ code,
60
+ /** Human-readable error message */
61
+ message,
62
+ /** Optional request ID for support debugging */
63
+ requestId) {
64
+ super(message);
65
+ this.status = status;
66
+ this.code = code;
67
+ this.requestId = requestId;
68
+ // Ensure instanceof works correctly in transpiled code
69
+ Object.setPrototypeOf(this, MandataApiError.prototype);
70
+ }
71
+ /** Returns true if this is a client error (4xx) */
72
+ get isClientError() {
73
+ return this.status >= 400 && this.status < 500;
74
+ }
75
+ /** Returns true if this is a server error (5xx) — safe to retry */
76
+ get isRetryable() {
77
+ return this.status >= 500 || this.status === 429;
78
+ }
79
+ /** Structured JSON representation for logging */
80
+ toJSON() {
81
+ return {
82
+ name: this.name,
83
+ status: this.status,
84
+ code: this.code,
85
+ message: this.message,
86
+ requestId: this.requestId,
87
+ };
88
+ }
89
+ }
90
+ /**
91
+ * Thrown when the request times out (AbortController signal).
92
+ */
93
+ export class MandaitorTimeoutError extends Error {
94
+ timeoutMs;
95
+ url;
96
+ name = "MandaitorTimeoutError";
97
+ constructor(timeoutMs, url) {
98
+ super(`Request to ${url} timed out after ${timeoutMs}ms`);
99
+ this.timeoutMs = timeoutMs;
100
+ this.url = url;
101
+ Object.setPrototypeOf(this, MandaitorTimeoutError.prototype);
102
+ }
103
+ }
104
+ //# sourceMappingURL=errors.js.map
package/dist/errors.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,0DAA0D;AAE1D;;;GAGG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,kBAAkB;IAClB,eAAe,EAAE,iBAAiB;IAClC,aAAa,EAAE,eAAe;IAC9B,mBAAmB,EAAE,qBAAqB;IAC1C,0BAA0B,EAAE,4BAA4B;IAExD,mBAAmB;IACnB,eAAe,EAAE,iBAAiB;IAClC,eAAe,EAAE,iBAAiB;IAClC,eAAe,EAAE,iBAAiB;IAElC,gBAAgB;IAChB,gBAAgB,EAAE,kBAAkB;IACpC,wBAAwB,EAAE,0BAA0B;IAEpD,gBAAgB;IAChB,iBAAiB,EAAE,mBAAmB;IACtC,eAAe,EAAE,iBAAiB;IAClC,gBAAgB,EAAE,kBAAkB;IAEpC,eAAe;IACf,uBAAuB,EAAE,yBAAyB;IAClD,yBAAyB,EAAE,2BAA2B;IACtD,iBAAiB,EAAE,mBAAmB;IAEtC,wBAAwB;IACxB,mBAAmB,EAAE,qBAAqB;IAE1C,4BAA4B;IAC5B,cAAc,EAAE,gBAAgB;IAChC,kBAAkB,EAAE,oBAAoB;IACxC,cAAc,EAAE,gBAAgB;CACxB,CAAC;AAIX;;;;;;;;;;;;;;;GAeG;AACH,MAAM,OAAO,eAAgB,SAAQ,KAAK;IAKtB;IAEA;IAIA;IAVF,IAAI,GAAG,iBAAiB,CAAC;IAEzC;IACE,4CAA4C;IAC5B,MAAc;IAC9B,kDAAkD;IAClC,IAAY;IAC5B,mCAAmC;IACnC,OAAe;IACf,gDAAgD;IAChC,SAAkB;QAElC,KAAK,CAAC,OAAO,CAAC,CAAC;QARC,WAAM,GAAN,MAAM,CAAQ;QAEd,SAAI,GAAJ,IAAI,CAAQ;QAIZ,cAAS,GAAT,SAAS,CAAS;QAGlC,uDAAuD;QACvD,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,eAAe,CAAC,SAAS,CAAC,CAAC;IACzD,CAAC;IAED,mDAAmD;IACnD,IAAI,aAAa;QACf,OAAO,IAAI,CAAC,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC;IACjD,CAAC;IAED,mEAAmE;IACnE,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,MAAM,IAAI,GAAG,IAAI,IAAI,CAAC,MAAM,KAAK,GAAG,CAAC;IACnD,CAAC;IAED,iDAAiD;IACjD,MAAM;QACJ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,SAAS,EAAE,IAAI,CAAC,SAAS;SAC1B,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAI5B;IACA;IAJF,IAAI,GAAG,uBAAuB,CAAC;IAE/C,YACkB,SAAiB,EACjB,GAAW;QAE3B,KAAK,CAAC,cAAc,GAAG,oBAAoB,SAAS,IAAI,CAAC,CAAC;QAH1C,cAAS,GAAT,SAAS,CAAQ;QACjB,QAAG,GAAH,GAAG,CAAQ;QAG3B,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,qBAAqB,CAAC,SAAS,CAAC,CAAC;IAC/D,CAAC;CACF"}
package/dist/index.d.ts ADDED
@@ -0,0 +1,8 @@
1
+ export { MandaitorClient } from "./client";
2
+ export type { MandaitorClientConfig } from "./client";
3
+ export type { Mandate, MandateStatus, MandateProof, Subject, SubjectType, Scope, Constraints, TimeConstraint, TransactionLimit, EscalationRule, RateLimit, AuditEvent, AuditEventType, CreateMandateRequest, VerifyRequest, VerifyResponse, VerifyResponseWithPoM, VerifyOptions, PaginatedResponse, PomFormat, ProofOfMandateClaims, ProofOfMandateVC, Tenant, TenantStatus, AccessRequest, } from "./types";
4
+ export { MandataApiError, MandaitorTimeoutError, ErrorCodes } from "./errors";
5
+ export type { ErrorCode } from "./errors";
6
+ export { MandaitorConfigClient } from "./widget-config";
7
+ export type { WidgetConfiguration, IdPConfig, IdPType, PublicWidgetConfig } from "./widget-config";
8
+ //# sourceMappingURL=index.d.ts.map
package/dist/index.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3C,YAAY,EAAE,qBAAqB,EAAE,MAAM,UAAU,CAAC;AAGtD,YAAY,EAEV,OAAO,EACP,aAAa,EACb,YAAY,EACZ,OAAO,EACP,WAAW,EACX,KAAK,EACL,WAAW,EACX,cAAc,EACd,gBAAgB,EAChB,cAAc,EACd,SAAS,EAGT,UAAU,EACV,cAAc,EAGd,oBAAoB,EACpB,aAAa,EACb,cAAc,EACd,qBAAqB,EACrB,aAAa,EACb,iBAAiB,EAGjB,SAAS,EACT,oBAAoB,EACpB,gBAAgB,EAGhB,MAAM,EACN,YAAY,EACZ,aAAa,GACd,MAAM,SAAS,CAAC;AAGjB,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAC9E,YAAY,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAG1C,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AACxD,YAAY,EAAE,mBAAmB,EAAE,SAAS,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC"}
package/dist/index.js ADDED
@@ -0,0 +1,10 @@
1
+ // @mandaitor/sdk — Public API
2
+ // This is the single entry point for all SDK consumers.
3
+ // Do NOT import from internal files directly.
4
+ // ── Client ──
5
+ export { MandaitorClient } from "./client";
6
+ // ── Errors ──
7
+ export { MandataApiError, MandaitorTimeoutError, ErrorCodes } from "./errors";
8
+ // ── Widget Configuration ──
9
+ export { MandaitorConfigClient } from "./widget-config";
10
+ //# sourceMappingURL=index.js.map
package/dist/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,8BAA8B;AAC9B,wDAAwD;AACxD,8CAA8C;AAE9C,eAAe;AACf,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAyC3C,eAAe;AACf,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,UAAU,EAAE,MAAM,UAAU,CAAC;AAG9E,6BAA6B;AAC7B,OAAO,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC"}
package/dist/types.d.ts ADDED
@@ -0,0 +1,231 @@
1
+ export type SubjectType = "NATURAL_PERSON" | "LEGAL_ENTITY" | "AGENT";
2
+ export interface Subject {
3
+ /** Subject type discriminator */
4
+ type: SubjectType;
5
+ /** Unique subject identifier (e.g. "oidc|auth0|user123" or "agent:monco:validate-v2") */
6
+ subject_id: string;
7
+ /** Optional display name */
8
+ display_name?: string;
9
+ /** EUDI Wallet PID (planned for eIDAS 2.0 integration) */
10
+ eudi_pid?: string;
11
+ }
12
+ export interface Scope {
13
+ /** List of action identifiers from the taxonomy, e.g. ["construction.validation.approve"] */
14
+ actions: string[];
15
+ /** Resource URI patterns, e.g. ["monco:project:proj_123/*"] */
16
+ resources: string[];
17
+ /** Whether this scope allows or denies the actions */
18
+ effect: "ALLOW" | "DENY";
19
+ /** Optional conditions for fine-grained control */
20
+ conditions?: Record<string, unknown>;
21
+ }
22
+ export interface TimeConstraint {
23
+ /** ISO 8601 timestamp — mandate becomes active */
24
+ not_before?: string;
25
+ /** ISO 8601 timestamp — mandate expires */
26
+ expires_at?: string;
27
+ /** ISO 8601 duration — alternative to expires_at, e.g. "P30D" */
28
+ duration?: string;
29
+ }
30
+ export interface TransactionLimit {
31
+ currency: string;
32
+ value: number;
33
+ }
34
+ export interface EscalationRule {
35
+ /** Condition that triggers escalation */
36
+ condition: string;
37
+ /** Who to escalate to */
38
+ escalate_to: string;
39
+ /** Escalation method */
40
+ method: "NOTIFY" | "APPROVAL_REQUIRED" | "BLOCK";
41
+ }
42
+ export interface RateLimit {
43
+ /** Maximum number of operations */
44
+ max_operations: number;
45
+ /** Time window in seconds */
46
+ window_seconds: number;
47
+ }
48
+ export interface Constraints {
49
+ time?: TimeConstraint;
50
+ transaction_limits?: Record<string, TransactionLimit>;
51
+ escalation_rules?: EscalationRule[];
52
+ rate_limits?: Record<string, RateLimit>;
53
+ /** Require human confirmation for each invocation */
54
+ require_human_confirmation?: boolean;
55
+ /** Custom constraint extensions */
56
+ custom?: Record<string, unknown>;
57
+ }
58
+ export type MandateStatus = "ACTIVE" | "SUSPENDED" | "REVOKED" | "EXPIRED";
59
+ export interface Mandate {
60
+ /** Unique mandate identifier, e.g. "mnd_abc123def456" */
61
+ mandate_id: string;
62
+ /** Tenant that owns this mandate */
63
+ tenant_id: string;
64
+ /** Who is delegating authority */
65
+ principal: Subject;
66
+ /** Who is receiving authority */
67
+ delegate: Subject;
68
+ /** What is being delegated */
69
+ scope: Scope;
70
+ /** Boundaries on the delegation */
71
+ constraints: Constraints;
72
+ /** Current status */
73
+ status: MandateStatus;
74
+ /** Cryptographic proof of creation */
75
+ proof: MandateProof;
76
+ /** Taxonomy version used for validation */
77
+ taxonomy_version?: string;
78
+ /** ISO 8601 creation timestamp */
79
+ created_at: string;
80
+ /** ISO 8601 last update timestamp */
81
+ updated_at: string;
82
+ /** Optional metadata */
83
+ metadata?: Record<string, unknown>;
84
+ }
85
+ export interface MandateProof {
86
+ /** Signature algorithm */
87
+ algorithm: string;
88
+ /** KMS key ARN used for signing */
89
+ key_id: string;
90
+ /** Base64-encoded signature */
91
+ signature: string;
92
+ /** ISO 8601 timestamp of signing */
93
+ signed_at: string;
94
+ }
95
+ export type AuditEventType = "MANDATE_CREATED" | "MANDATE_VERIFIED" | "MANDATE_REVOKED" | "MANDATE_SUSPENDED" | "MANDATE_REACTIVATED" | "MANDATE_EXPIRED" | "VERIFICATION_DENIED";
96
+ export interface AuditEvent {
97
+ /** Unique event identifier */
98
+ event_id: string;
99
+ /** Mandate this event belongs to */
100
+ mandate_id: string;
101
+ /** Tenant ID */
102
+ tenant_id: string;
103
+ /** Event type */
104
+ event_type: AuditEventType;
105
+ /** Who triggered this event */
106
+ actor: Subject;
107
+ /** Event-specific payload */
108
+ payload: Record<string, unknown>;
109
+ /** SHA-256 hash of the previous event (chain integrity) */
110
+ previous_hash: string;
111
+ /** SHA-256 hash of this event */
112
+ event_hash: string;
113
+ /** ISO 8601 timestamp */
114
+ timestamp: string;
115
+ }
116
+ export interface CreateMandateRequest {
117
+ principal: Subject;
118
+ delegate: Subject;
119
+ scope: Scope;
120
+ constraints: Constraints;
121
+ taxonomy_version?: string;
122
+ metadata?: Record<string, unknown>;
123
+ }
124
+ export interface VerifyRequest {
125
+ /** Mandate ID to verify against */
126
+ mandate_id: string;
127
+ /** Action being attempted */
128
+ action: string;
129
+ /** Resource being accessed */
130
+ resource: string;
131
+ /** Additional context for condition evaluation */
132
+ context?: Record<string, unknown>;
133
+ }
134
+ export interface VerifyResponse {
135
+ /** Whether the action is authorized */
136
+ allowed: boolean;
137
+ /** Mandate that grants or denies access */
138
+ mandate_id: string;
139
+ /** Reason for denial (if not allowed) */
140
+ denial_reason?: string;
141
+ /** Constraints that apply to this verification */
142
+ active_constraints?: Constraints;
143
+ /** Verification timestamp */
144
+ verified_at: string;
145
+ }
146
+ /** Supported output formats for the Proof-of-Mandate artifact */
147
+ export type PomFormat = "sd-jwt-vc";
148
+ /** W3C VC claim set embedded in the Proof-of-Mandate SD-JWT */
149
+ export interface ProofOfMandateClaims {
150
+ /** VC type discriminator */
151
+ vct: "ProofOfMandate";
152
+ /** Verification decision */
153
+ decision: "ALLOW" | "DENY";
154
+ /** Mandate ID that was evaluated (absent for DENY/NO_MATCHING_MANDATE) */
155
+ mandate_id?: string;
156
+ /** Unique verification event ID */
157
+ verification_event_id: string;
158
+ /** ISO 8601 timestamp of the verification */
159
+ verification_timestamp: string;
160
+ /** Action that was requested */
161
+ requested_action: string;
162
+ /** Resource that was requested */
163
+ requested_resource: string;
164
+ /** Subject ID of the delegate that was verified */
165
+ delegate_subject_id: string;
166
+ /** Subject ID of the principal who granted the mandate (if found) */
167
+ principal_subject_id?: string;
168
+ /** Tenant context (selectively disclosable) */
169
+ tenant_id?: string;
170
+ /** Reason codes for denial (selectively disclosable) */
171
+ reason_codes?: string[];
172
+ /** Remaining constraints snapshot (selectively disclosable) */
173
+ constraints_snapshot?: Record<string, unknown>;
174
+ /** Verification latency in ms (selectively disclosable) */
175
+ latency_ms?: number;
176
+ /** Issuer DID */
177
+ iss: string;
178
+ /** Subject (delegate_subject_id) */
179
+ sub: string;
180
+ /** Issued-at (Unix timestamp) */
181
+ iat: number;
182
+ /** Expiration (Unix timestamp) */
183
+ exp: number;
184
+ /** Selective-disclosure hash algorithm */
185
+ _sd_alg: "sha-256";
186
+ }
187
+ /** The full Proof-of-Mandate VC envelope */
188
+ export interface ProofOfMandateVC {
189
+ /** SD-JWT compact serialization (header.payload.signature~disclosure1~...~) */
190
+ compact: string;
191
+ /** Decoded payload for convenience (not authoritative — the compact form is) */
192
+ payload: ProofOfMandateClaims;
193
+ }
194
+ /** Extended verify response that optionally includes a PoM VC */
195
+ export interface VerifyResponseWithPoM extends VerifyResponse {
196
+ /** Proof-of-Mandate Verifiable Credential (present when ?pom=sd-jwt-vc) */
197
+ proof_of_mandate?: ProofOfMandateVC;
198
+ }
199
+ /** Options for the verify method */
200
+ export interface VerifyOptions {
201
+ /** Request a Proof-of-Mandate VC in the specified format */
202
+ pom?: PomFormat;
203
+ }
204
+ export interface PaginatedResponse<T> {
205
+ items: T[];
206
+ /** Cursor for next page (undefined = last page) */
207
+ next_cursor?: string;
208
+ /** Total count (only if requested) */
209
+ total_count?: number;
210
+ }
211
+ export type TenantStatus = "PENDING" | "ACTIVE" | "SUSPENDED" | "DEACTIVATED";
212
+ export interface Tenant {
213
+ tenant_id: string;
214
+ name: string;
215
+ contact_email: string;
216
+ status: TenantStatus;
217
+ api_key_hash: string;
218
+ created_at: string;
219
+ updated_at: string;
220
+ }
221
+ export interface AccessRequest {
222
+ request_id: string;
223
+ company_name: string;
224
+ contact_email: string;
225
+ use_case: string;
226
+ status: "PENDING" | "APPROVED" | "REJECTED";
227
+ submitted_at: string;
228
+ reviewed_at?: string;
229
+ reviewer_notes?: string;
230
+ }
231
+ //# sourceMappingURL=types.d.ts.map
package/dist/types.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAMA,MAAM,MAAM,WAAW,GAAG,gBAAgB,GAAG,cAAc,GAAG,OAAO,CAAC;AAEtE,MAAM,WAAW,OAAO;IACtB,iCAAiC;IACjC,IAAI,EAAE,WAAW,CAAC;IAClB,yFAAyF;IACzF,UAAU,EAAE,MAAM,CAAC;IACnB,4BAA4B;IAC5B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,0DAA0D;IAC1D,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAKD,MAAM,WAAW,KAAK;IACpB,6FAA6F;IAC7F,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,+DAA+D;IAC/D,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,sDAAsD;IACtD,MAAM,EAAE,OAAO,GAAG,MAAM,CAAC;IACzB,mDAAmD;IACnD,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACtC;AAKD,MAAM,WAAW,cAAc;IAC7B,kDAAkD;IAClD,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,2CAA2C;IAC3C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iEAAiE;IACjE,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,yCAAyC;IACzC,SAAS,EAAE,MAAM,CAAC;IAClB,yBAAyB;IACzB,WAAW,EAAE,MAAM,CAAC;IACpB,wBAAwB;IACxB,MAAM,EAAE,QAAQ,GAAG,mBAAmB,GAAG,OAAO,CAAC;CAClD;AAED,MAAM,WAAW,SAAS;IACxB,mCAAmC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,6BAA6B;IAC7B,cAAc,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,CAAC,EAAE,cAAc,CAAC;IACtB,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IACtD,gBAAgB,CAAC,EAAE,cAAc,EAAE,CAAC;IACpC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACxC,qDAAqD;IACrD,0BAA0B,CAAC,EAAE,OAAO,CAAC;IACrC,mCAAmC;IACnC,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAKD,MAAM,MAAM,aAAa,GAAG,QAAQ,GAAG,WAAW,GAAG,SAAS,GAAG,SAAS,CAAC;AAE3E,MAAM,WAAW,OAAO;IACtB,yDAAyD;IACzD,UAAU,EAAE,MAAM,CAAC;IACnB,oCAAoC;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,kCAAkC;IAClC,SAAS,EAAE,OAAO,CAAC;IACnB,iCAAiC;IACjC,QAAQ,EAAE,OAAO,CAAC;IAClB,8BAA8B;IAC9B,KAAK,EAAE,KAAK,CAAC;IACb,mCAAmC;IACnC,WAAW,EAAE,WAAW,CAAC;IACzB,qBAAqB;IACrB,MAAM,EAAE,aAAa,CAAC;IACtB,sCAAsC;IACtC,KAAK,EAAE,YAAY,CAAC;IACpB,2CAA2C;IAC3C,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,kCAAkC;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,qCAAqC;IACrC,UAAU,EAAE,MAAM,CAAC;IACnB,wBAAwB;IACxB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,YAAY;IAC3B,0BAA0B;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,mCAAmC;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,oCAAoC;IACpC,SAAS,EAAE,MAAM,CAAC;CACnB;AAKD,MAAM,MAAM,cAAc,GACtB,iBAAiB,GACjB,kBAAkB,GAClB,iBAAiB,GACjB,mBAAmB,GACnB,qBAAqB,GACrB,iBAAiB,GACjB,qBAAqB,CAAC;AAE1B,MAAM,WAAW,UAAU;IACzB,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,oCAAoC;IACpC,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,iBAAiB;IACjB,UAAU,EAAE,cAAc,CAAC;IAC3B,+BAA+B;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,6BAA6B;IAC7B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,2DAA2D;IAC3D,aAAa,EAAE,MAAM,CAAC;IACtB,iCAAiC;IACjC,UAAU,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,SAAS,EAAE,MAAM,CAAC;CACnB;AAKD,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,QAAQ,EAAE,OAAO,CAAC;IAClB,KAAK,EAAE,KAAK,CAAC;IACb,WAAW,EAAE,WAAW,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACpC;AAED,MAAM,WAAW,aAAa;IAC5B,mCAAmC;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,8BAA8B;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,kDAAkD;IAClD,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,cAAc;IAC7B,uCAAuC;IACvC,OAAO,EAAE,OAAO,CAAC;IACjB,2CAA2C;IAC3C,UAAU,EAAE,MAAM,CAAC;IACnB,yCAAyC;IACzC,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,kDAAkD;IAClD,kBAAkB,CAAC,EAAE,WAAW,CAAC;IACjC,6BAA6B;IAC7B,WAAW,EAAE,MAAM,CAAC;CACrB;AAMD,iEAAiE;AACjE,MAAM,MAAM,SAAS,GAAG,WAAW,CAAC;AAEpC,+DAA+D;AAC/D,MAAM,WAAW,oBAAoB;IACnC,4BAA4B;IAC5B,GAAG,EAAE,gBAAgB,CAAC;IACtB,4BAA4B;IAC5B,QAAQ,EAAE,OAAO,GAAG,MAAM,CAAC;IAC3B,0EAA0E;IAC1E,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,mCAAmC;IACnC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,6CAA6C;IAC7C,sBAAsB,EAAE,MAAM,CAAC;IAC/B,gCAAgC;IAChC,gBAAgB,EAAE,MAAM,CAAC;IACzB,kCAAkC;IAClC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,mDAAmD;IACnD,mBAAmB,EAAE,MAAM,CAAC;IAC5B,qEAAqE;IACrE,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,+CAA+C;IAC/C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,wDAAwD;IACxD,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,+DAA+D;IAC/D,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/C,2DAA2D;IAC3D,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iBAAiB;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,oCAAoC;IACpC,GAAG,EAAE,MAAM,CAAC;IACZ,iCAAiC;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,kCAAkC;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ,0CAA0C;IAC1C,OAAO,EAAE,SAAS,CAAC;CACpB;AAED,4CAA4C;AAC5C,MAAM,WAAW,gBAAgB;IAC/B,+EAA+E;IAC/E,OAAO,EAAE,MAAM,CAAC;IAChB,gFAAgF;IAChF,OAAO,EAAE,oBAAoB,CAAC;CAC/B;AAED,iEAAiE;AACjE,MAAM,WAAW,qBAAsB,SAAQ,cAAc;IAC3D,2EAA2E;IAC3E,gBAAgB,CAAC,EAAE,gBAAgB,CAAC;CACrC;AAED,oCAAoC;AACpC,MAAM,WAAW,aAAa;IAC5B,4DAA4D;IAC5D,GAAG,CAAC,EAAE,SAAS,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB,CAAC,CAAC;IAClC,KAAK,EAAE,CAAC,EAAE,CAAC;IACX,mDAAmD;IACnD,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,sCAAsC;IACtC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAKD,MAAM,MAAM,YAAY,GAAG,SAAS,GAAG,QAAQ,GAAG,WAAW,GAAG,aAAa,CAAC;AAE9E,MAAM,WAAW,MAAM;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,YAAY,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,SAAS,GAAG,UAAU,GAAG,UAAU,CAAC;IAC5C,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB"}
package/dist/types.js ADDED
@@ -0,0 +1,4 @@
1
+ // @mandaitor/sdk — Shared type definitions
2
+ // These types are the canonical representation used across all Mandaitor packages.
3
+ export {};
4
+ //# sourceMappingURL=types.js.map
package/dist/types.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,2CAA2C;AAC3C,mFAAmF"}
package/dist/widget-config.d.ts ADDED
@@ -0,0 +1,130 @@
1
+ export type IdPType = "auth0" | "okta" | "azure-ad" | "entra_id" | "google" | "saml" | "oidc" | "eudi-wallet" | "eidas_wallet";
2
+ export interface IdPConfig {
3
+ enabled?: boolean;
4
+ type?: string;
5
+ clientId?: string;
6
+ clientSecret?: string;
7
+ domain?: string;
8
+ tenantId?: string;
9
+ orgId?: string;
10
+ orgUrl?: string;
11
+ metadataUrl?: string;
12
+ [key: string]: unknown;
13
+ }
14
+ export interface WidgetConfiguration {
15
+ widgetId?: string;
16
+ configVersion?: number;
17
+ idpConfigs: Record<string, IdPConfig>;
18
+ availableIdPs: string[];
19
+ taxonomyLibraries: string[];
20
+ mandateTemplates: {
21
+ id: string;
22
+ name: string;
23
+ description: string;
24
+ taxonomy: string;
25
+ actions: string[];
26
+ }[];
27
+ scopeRestrictions: string[];
28
+ constraintDefaults: {
29
+ maxDuration: number;
30
+ maxDelegationDepth: number;
31
+ requireMfa: boolean;
32
+ requireGeoFence?: boolean;
33
+ };
34
+ branding: {
35
+ logoUrl: string;
36
+ primaryColor: string;
37
+ accentColor: string;
38
+ fontFamily?: string;
39
+ consentText: {
40
+ title: string;
41
+ description: string;
42
+ locale: string;
43
+ };
44
+ darkMode: boolean;
45
+ borderRadius: string;
46
+ };
47
+ approvalRequired: boolean;
48
+ approvalWorkflow?: {
49
+ enabled?: boolean;
50
+ mode?: "auto" | "manual" | "conditional";
51
+ notificationChannel?: "email" | "webhook" | "both";
52
+ };
53
+ webhooks?: {
54
+ id?: string;
55
+ url: string;
56
+ events: string[];
57
+ secret?: string;
58
+ active?: boolean;
59
+ retryPolicy?: {
60
+ maxRetries?: number;
61
+ backoffMultiplier?: number;
62
+ };
63
+ }[];
64
+ }
65
+ export declare class MandaitorConfigClient {
66
+ private baseUrl;
67
+ private authToken;
68
+ constructor(baseUrl: string, authToken: string);
69
+ getWidgetConfig(version?: number): Promise<WidgetConfiguration>;
70
+ updateWidgetConfig(config: Partial<WidgetConfiguration>): Promise<{
71
+ version: number;
72
+ widgetId: string;
73
+ }>;
74
+ validateIdPConfig(idpType: string, config: IdPConfig): Promise<{
75
+ valid: boolean;
76
+ message: string;
77
+ }>;
78
+ listConfigVersions(): Promise<{
79
+ version: number;
80
+ updatedAt: string;
81
+ }[]>;
82
+ rollbackConfig(version: number): Promise<void>;
83
+ getPublicWidgetConfig(widgetId: string): Promise<PublicWidgetConfig>;
84
+ }
85
+ export interface PublicWidgetConfig {
86
+ widgetId: string;
87
+ availableIdPs: {
88
+ type: IdPType;
89
+ tenantId?: string;
90
+ domain?: string;
91
+ orgId?: string;
92
+ orgUrl?: string;
93
+ presentationFlow?: {
94
+ mode: string;
95
+ };
96
+ requestedAttributes?: {
97
+ pid: string[];
98
+ eaa: string[];
99
+ };
100
+ }[];
101
+ taxonomyLibraries: string[];
102
+ mandateTemplates: {
103
+ id: string;
104
+ name: string;
105
+ description: string;
106
+ taxonomy: string;
107
+ actions: string[];
108
+ }[];
109
+ scopeRestrictions: string[];
110
+ constraintDefaults: {
111
+ maxDuration: number;
112
+ maxDelegationDepth: number;
113
+ requireMfa: boolean;
114
+ };
115
+ branding: {
116
+ logoUrl: string;
117
+ primaryColor: string;
118
+ accentColor: string;
119
+ fontFamily?: string;
120
+ consentText: {
121
+ title: string;
122
+ description: string;
123
+ locale: string;
124
+ };
125
+ darkMode: boolean;
126
+ borderRadius: string;
127
+ };
128
+ approvalRequired: boolean;
129
+ }
130
+ //# sourceMappingURL=widget-config.d.ts.map
package/dist/widget-config.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"widget-config.d.ts","sourceRoot":"","sources":["../src/widget-config.ts"],"names":[],"mappings":"AAEA,MAAM,MAAM,OAAO,GACf,OAAO,GACP,MAAM,GACN,UAAU,GACV,UAAU,GACV,QAAQ,GACR,MAAM,GACN,MAAM,GACN,aAAa,GACb,cAAc,CAAC;AAEnB,MAAM,WAAW,SAAS;IACxB,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACtC,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,gBAAgB,EAAE;QAChB,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,EAAE,CAAC;IACJ,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,kBAAkB,EAAE;QAClB,WAAW,EAAE,MAAM,CAAC;QACpB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,UAAU,EAAE,OAAO,CAAC;QACpB,eAAe,CAAC,EAAE,OAAO,CAAC;KAC3B,CAAC;IACF,QAAQ,EAAE;QACR,OAAO,EAAE,MAAM,CAAC;QAChB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,WAAW,EAAE;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,WAAW,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,CAAC;QACpE,QAAQ,EAAE,OAAO,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,gBAAgB,EAAE,OAAO,CAAC;IAC1B,gBAAgB,CAAC,EAAE;QACjB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,IAAI,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,aAAa,CAAC;QACzC,mBAAmB,CAAC,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,CAAC;KACpD,CAAC;IACF,QAAQ,CAAC,EAAE;QACT,EAAE,CAAC,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,MAAM,EAAE,MAAM,EAAE,CAAC;QACjB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,MAAM,CAAC,EAAE,OAAO,CAAC;QACjB,WAAW,CAAC,EAAE;YAAE,UAAU,CAAC,EAAE,MAAM,CAAC;YAAC,iBAAiB,CAAC,EAAE,MAAM,CAAA;SAAE,CAAC;KACnE,EAAE,CAAC;CACL;AAED,qBAAa,qBAAqB;IAE9B,OAAO,CAAC,OAAO;IACf,OAAO,CAAC,SAAS;gBADT,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM;IAIrB,eAAe,CAAC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAS/D,kBAAkB,CACtB,MAAM,EAAE,OAAO,CAAC,mBAAmB,CAAC,GACnC,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,CAAC;IAa3C,iBAAiB,CACrB,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,SAAS,GAChB,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IAgBzC,kBAAkB,IAAI,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAQvE,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAS9C,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;CAO3E;AAGD,MAAM,WAAW,kBAAkB;IACjC,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE;QACb,IAAI,EAAE,OAAO,CAAC;QACd,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,gBAAgB,CAAC,EAAE;YAAE,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC;QACpC,mBAAmB,CAAC,EAAE;YAAE,GAAG,EAAE,MAAM,EAAE,CAAC;YAAC,GAAG,EAAE,MAAM,EAAE,CAAA;SAAE,CAAC;KACxD,EAAE,CAAC;IACJ,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,gBAAgB,EAAE;QAChB,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,EAAE,MAAM,CAAC;QACjB,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,EAAE,CAAC;IACJ,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,kBAAkB,EAAE;QAClB,WAAW,EAAE,MAAM,CAAC;QACpB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,UAAU,EAAE,OAAO,CAAC;KACrB,CAAC;IACF,QAAQ,EAAE;QACR,OAAO,EAAE,MAAM,CAAC;QAChB,YAAY,EAAE,MAAM,CAAC;QACrB,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,WAAW,EAAE;YAAE,KAAK,EAAE,MAAM,CAAC;YAAC,WAAW,EAAE,MAAM,CAAC;YAAC,MAAM,EAAE,MAAM,CAAA;SAAE,CAAC;QACpE,QAAQ,EAAE,OAAO,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,gBAAgB,EAAE,OAAO,CAAC;CAC3B"}
package/dist/widget-config.js ADDED
@@ -0,0 +1,72 @@
1
+ // Widget configuration types (formerly in @mandaitor/core)
2
+ export class MandaitorConfigClient {
3
+ baseUrl;
4
+ authToken;
5
+ constructor(baseUrl, authToken) {
6
+ this.baseUrl = baseUrl;
7
+ this.authToken = authToken;
8
+ }
9
+ // ── Tenant Dashboard Methods (require Cognito JWT) ────────────
10
+ async getWidgetConfig(version) {
11
+ const url = version ? `${this.baseUrl}/config?version=${version}` : `${this.baseUrl}/config`;
12
+ const res = await fetch(url, {
13
+ headers: { Authorization: `Bearer ${this.authToken}` },
14
+ });
15
+ if (!res.ok)
16
+ throw new Error(`Failed to get config: ${res.status}`);
17
+ return res.json();
18
+ }
19
+ async updateWidgetConfig(config) {
20
+ const res = await fetch(`${this.baseUrl}/config`, {
21
+ method: "PUT",
22
+ headers: {
23
+ Authorization: `Bearer ${this.authToken}`,
24
+ "Content-Type": "application/json",
25
+ },
26
+ body: JSON.stringify(config),
27
+ });
28
+ if (!res.ok)
29
+ throw new Error(`Failed to update config: ${res.status}`);
30
+ return res.json();
31
+ }
32
+ async validateIdPConfig(idpType, config) {
33
+ const res = await fetch(`${this.baseUrl}/config/validate-idp`, {
34
+ method: "POST",
35
+ headers: {
36
+ Authorization: `Bearer ${this.authToken}`,
37
+ "Content-Type": "application/json",
38
+ },
39
+ body: JSON.stringify({ idpType, config }),
40
+ });
41
+ if (!res.ok)
42
+ throw new Error(`Validation request failed: ${res.status}`);
43
+ const data = (await res.json());
44
+ return data.results[idpType];
45
+ }
46
+ async listConfigVersions() {
47
+ const res = await fetch(`${this.baseUrl}/config/versions`, {
48
+ headers: { Authorization: `Bearer ${this.authToken}` },
49
+ });
50
+ if (!res.ok)
51
+ throw new Error(`Failed to list versions: ${res.status}`);
52
+ return res.json();
53
+ }
54
+ async rollbackConfig(version) {
55
+ const res = await fetch(`${this.baseUrl}/config/rollback/${version}`, {
56
+ method: "POST",
57
+ headers: { Authorization: `Bearer ${this.authToken}` },
58
+ });
59
+ if (!res.ok)
60
+ throw new Error(`Rollback failed: ${res.status}`);
61
+ }
62
+ // ── Public Widget Methods (require API Key) ───────────────────
63
+ async getPublicWidgetConfig(widgetId) {
64
+ const res = await fetch(`${this.baseUrl}/public/widget/${widgetId}`, {
65
+ headers: { "X-API-Key": this.authToken },
66
+ });
67
+ if (!res.ok)
68
+ throw new Error(`Widget not found: ${res.status}`);
69
+ return res.json();
70
+ }
71
+ }
72
+ //# sourceMappingURL=widget-config.js.map
package/dist/widget-config.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"widget-config.js","sourceRoot":"","sources":["../src/widget-config.ts"],"names":[],"mappings":"AAAA,2DAA2D;AAuE3D,MAAM,OAAO,qBAAqB;IAEtB;IACA;IAFV,YACU,OAAe,EACf,SAAiB;QADjB,YAAO,GAAP,OAAO,CAAQ;QACf,cAAS,GAAT,SAAS,CAAQ;IACxB,CAAC;IAEJ,iEAAiE;IACjE,KAAK,CAAC,eAAe,CAAC,OAAgB;QACpC,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,OAAO,mBAAmB,OAAO,EAAE,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,OAAO,SAAS,CAAC;QAC7F,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC3B,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,SAAS,EAAE,EAAE;SACvD,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACpE,OAAO,GAAG,CAAC,IAAI,EAAkC,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,kBAAkB,CACtB,MAAoC;QAEpC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,SAAS,EAAE;YAChD,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,IAAI,CAAC,SAAS,EAAE;gBACzC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;SAC7B,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACvE,OAAO,GAAG,CAAC,IAAI,EAAoD,CAAC;IACtE,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,OAAe,EACf,MAAiB;QAEjB,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,sBAAsB,EAAE;YAC7D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,aAAa,EAAE,UAAU,IAAI,CAAC,SAAS,EAAE;gBACzC,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;SAC1C,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACzE,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAE7B,CAAC;QACF,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAED,KAAK,CAAC,kBAAkB;QACtB,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,kBAAkB,EAAE;YACzD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,SAAS,EAAE,EAAE;SACvD,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QACvE,OAAO,GAAG,CAAC,IAAI,EAAuD,CAAC;IACzE,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,OAAe;QAClC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,oBAAoB,OAAO,EAAE,EAAE;YACpE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,SAAS,EAAE,EAAE;SACvD,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IACjE,CAAC;IAED,iEAAiE;IACjE,KAAK,CAAC,qBAAqB,CAAC,QAAgB;QAC1C,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,kBAAkB,QAAQ,EAAE,EAAE;YACnE,OAAO,EAAE,EAAE,WAAW,EAAE,IAAI,CAAC,SAAS,EAAE;SACzC,CAAC,CAAC;QACH,IAAI,CAAC,GAAG,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAChE,OAAO,GAAG,CAAC,IAAI,EAAiC,CAAC;IACnD,CAAC;CACF"}
package/package.json ADDED
@@ -0,0 +1,41 @@
1
+ {
2
+ "name": "@mandaitor/sdk",
3
+ "version": "0.2.0",
4
+ "description": "Mandaitor Delegation Mandate Registry — TypeScript SDK",
5
+ "main": "dist/index.js",
6
+ "types": "dist/index.d.ts",
7
+ "files": [
8
+ "dist"
9
+ ],
10
+ "exports": {
11
+ ".": {
12
+ "types": "./dist/index.d.ts",
13
+ "import": "./dist/index.js",
14
+ "require": "./dist/index.cjs"
15
+ }
16
+ },
17
+ "dependencies": {},
18
+ "devDependencies": {
19
+ "typescript": "^5.6.0",
20
+ "vitest": "^2.0.0"
21
+ },
22
+ "publishConfig": {
23
+ "registry": "https://registry.npmjs.org",
24
+ "access": "public"
25
+ },
26
+ "license": "MIT",
27
+ "repository": {
28
+ "type": "git",
29
+ "url": "https://github.com/C4RR13P0TT3R/mandaitor.git",
30
+ "directory": "packages/sdk"
31
+ },
32
+ "scripts": {
33
+ "build": "tsc",
34
+ "test": "vitest run",
35
+ "test:unit": "vitest run",
36
+ "typecheck": "tsc --noEmit",
37
+ "lint": "eslint src/",
38
+ "lint:fix": "eslint src/ --fix",
39
+ "clean": "rm -rf dist tsconfig.tsbuildinfo"
40
+ }
41
+ }