@meshtrade/api-node 1.30.2 → 1.32.0

package/dist/meshtrade/compliance/client/v1/client_pb.d.ts

@@ -39,13 +39,21 @@ export type Client = Message<"meshtrade.compliance.client.v1.Client"> & {
      * @generated from field: string owner = 2;
      */
     owner: string;
+    /**
+     *
+     * Ownership hiearchy of groups that have access to this resource in the format groups/{group_id}.
+     * System set on creation.
+     *
+     * @generated from field: repeated string owners = 3;
+     */
+    owners: string[];
     /**
      *
      * A non-unique, user-provided name for the client, used for display purposes
      * in user interfaces and reports.
      * Required on creation.
      *
-     * @generated from field: string display_name = 3;
+     * @generated from field: string display_name = 4;
      */
     displayName: string;
     /**
@@ -60,7 +68,7 @@ export type Client = Message<"meshtrade.compliance.client.v1.Client"> & {
          *
          * Set when the legal entity is an individual human being.
          *
-         * @generated from field: meshtrade.compliance.client.v1.NaturalPerson natural_person = 4;
+         * @generated from field: meshtrade.compliance.client.v1.NaturalPerson natural_person = 5;
          */
         value: NaturalPerson;
         case: "naturalPerson";
@@ -69,7 +77,7 @@ export type Client = Message<"meshtrade.compliance.client.v1.Client"> & {
          *
          * Set when the legal entity is a company or corporation.
          *
-         * @generated from field: meshtrade.compliance.client.v1.Company company = 5;
+         * @generated from field: meshtrade.compliance.client.v1.Company company = 6;
          */
         value: Company;
         case: "company";
@@ -78,7 +86,7 @@ export type Client = Message<"meshtrade.compliance.client.v1.Client"> & {
          *
          * Set when the legal entity is an investment fund.
          *
-         * @generated from field: meshtrade.compliance.client.v1.Fund fund = 6;
+         * @generated from field: meshtrade.compliance.client.v1.Fund fund = 7;
          */
         value: Fund;
         case: "fund";
@@ -87,7 +95,7 @@ export type Client = Message<"meshtrade.compliance.client.v1.Client"> & {
          *
          * Set when the legal entity is a trust.
          *
-         * @generated from field: meshtrade.compliance.client.v1.Trust trust = 7;
+         * @generated from field: meshtrade.compliance.client.v1.Trust trust = 8;
          */
         value: Trust;
         case: "trust";
@@ -100,7 +108,7 @@ export type Client = Message<"meshtrade.compliance.client.v1.Client"> & {
      * The definitive, most recent compliance status of the client (e.g., VERIFICATION_STATUS_VERIFIED, VERIFICATION_STATUS_FAILED).
      * Must always be a valid field
      *
-     * @generated from field: meshtrade.compliance.client.v1.VerificationStatus verification_status = 8;
+     * @generated from field: meshtrade.compliance.client.v1.VerificationStatus verification_status = 9;
      */
     verificationStatus: VerificationStatus;
     /**
@@ -109,7 +117,7 @@ export type Client = Message<"meshtrade.compliance.client.v1.Client"> & {
      * `verification_status`. This provides an audit trail for status changes.
      * System set when verification_status changes.
      *
-     * @generated from field: string verification_authority = 9;
+     * @generated from field: string verification_authority = 10;
      */
     verificationAuthority: string;
     /**
@@ -118,7 +126,7 @@ export type Client = Message<"meshtrade.compliance.client.v1.Client"> & {
      * state, specifically `VERIFICATION_STATUS_VERIFIED`.
      * System set when verification_status changes to VERIFICATION_STATUS_VERIFIED.
      *
-     * @generated from field: google.protobuf.Timestamp verification_date = 10;
+     * @generated from field: google.protobuf.Timestamp verification_date = 11;
      */
     verificationDate?: Timestamp;
     /**
@@ -127,7 +135,7 @@ export type Client = Message<"meshtrade.compliance.client.v1.Client"> & {
      * is due. This field drives re-verification workflows.
      * Optional for Verification.
      *
-     * @generated from field: google.protobuf.Timestamp next_verification_date = 11;
+     * @generated from field: google.protobuf.Timestamp next_verification_date = 12;
      */
     nextVerificationDate?: Timestamp;
 };

package/dist/meshtrade/compliance/client/v1/client_pb.js

@@ -15,7 +15,7 @@ const verification_status_pb_1 = require("./verification_status_pb");
 /**
  * Describes the file meshtrade/compliance/client/v1/client.proto.
  */
-exports.file_meshtrade_compliance_client_v1_client = (0, codegenv2_1.fileDesc)("CittZXNodHJhZGUvY29tcGxpYW5jZS9jbGllbnQvdjEvY2xpZW50LnByb3RvEh5tZXNodHJhZGUuY29tcGxpYW5jZS5jbGllbnQudjEi+gcKBkNsaWVudBK4AQoEbmFtZRgBIAEoCUKpAbpIpQG6AaEBChRuYW1lLmZvcm1hdC5vcHRpb25hbBI0bmFtZSBtdXN0IGJlIGVtcHR5IG9yIGluIHRoZSBmb3JtYXQgY2xpZW50cy97VUxJRHYyfRpTc2l6ZSh0aGlzKSA9PSAwIHx8IHRoaXMubWF0Y2hlcygnXmNsaWVudHMvWzAxMjM0NTY3ODlBQkNERUZHSEpLTU5QUVJTVFZXWFlaXXsyNn0kJykSSwoFb3duZXIYAiABKAlCPLpIOcgBAXI0Mi9eZ3JvdXBzL1swMTIzNDU2Nzg5QUJDREVGR0hKS01OUFFSU1RWV1hZWl17MjZ9JJgBIRIjCgxkaXNwbGF5X25hbWUYAyABKAlCDbpICsgBAXIFEAEY/wESRwoObmF0dXJhbF9wZXJzb24YBCABKAsyLS5tZXNodHJhZGUuY29tcGxpYW5jZS5jbGllbnQudjEuTmF0dXJhbFBlcnNvbkgAEjoKB2NvbXBhbnkYBSABKAsyJy5tZXNodHJhZGUuY29tcGxpYW5jZS5jbGllbnQudjEuQ29tcGFueUgAEjQKBGZ1bmQYBiABKAsyJC5tZXNodHJhZGUuY29tcGxpYW5jZS5jbGllbnQudjEuRnVuZEgAEjYKBXRydXN0GAcgASgLMiUubWVzaHRyYWRlLmNvbXBsaWFuY2UuY2xpZW50LnYxLlRydXN0SAASXAoTdmVyaWZpY2F0aW9uX3N0YXR1cxgIIAEoDjIyLm1lc2h0cmFkZS5jb21wbGlhbmNlLmNsaWVudC52MS5WZXJpZmljYXRpb25TdGF0dXNCC7pICMgBAYIBAhABEu4BChZ2ZXJpZmljYXRpb25fYXV0aG9yaXR5GAkgASgJQs0BukjJAboBxQEKJnZlcmlmaWNhdGlvbl9hdXRob3JpdHkuZm9ybWF0Lm9wdGlvbmFsEkZ2ZXJpZmljYXRpb25fYXV0aG9yaXR5IG11c3QgYmUgZW1wdHkgb3IgaW4gdGhlIGZvcm1hdCBjbGllbnRzL3tVTElEdjJ9GlNzaXplKHRoaXMpID09IDAgfHwgdGhpcy5tYXRjaGVzKCdeY2xpZW50cy9bMDEyMzQ1Njc4OUFCQ0RFRkdISktNTlBRUlNUVldYWVpdezI2fSQnKRI1ChF2ZXJpZmljYXRpb25fZGF0ZRgKIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXASOgoWbmV4dF92ZXJpZmljYXRpb25fZGF0ZRgLIAEoCzIaLmdvb2dsZS5wcm90b2J1Zi5UaW1lc3RhbXBCDgoMbGVnYWxfcGVyc29uQmMKJWNvLm1lc2h0cmFkZS5hcGkuY29tcGxpYW5jZS5jbGllbnQudjFaOmdpdGh1Yi5jb20vbWVzaHRyYWRlL2FwaS9nby9jb21wbGlhbmNlL2NsaWVudC92MTtjbGllbnRfdjFiBnByb3RvMw", [validate_pb_1.file_buf_validate_validate, wkt_1.file_google_protobuf_timestamp, company_pb_1.file_meshtrade_compliance_client_v1_company, fund_pb_1.file_meshtrade_compliance_client_v1_fund, natural_person_pb_1.file_meshtrade_compliance_client_v1_natural_person, trust_pb_1.file_meshtrade_compliance_client_v1_trust, verification_status_pb_1.file_meshtrade_compliance_client_v1_verification_status]);
+exports.file_meshtrade_compliance_client_v1_client = (0, codegenv2_1.fileDesc)("CittZXNodHJhZGUvY29tcGxpYW5jZS9jbGllbnQvdjEvY2xpZW50LnByb3RvEh5tZXNodHJhZGUuY29tcGxpYW5jZS5jbGllbnQudjEiyggKBkNsaWVudBK4AQoEbmFtZRgBIAEoCUKpAbpIpQG6AaEBChRuYW1lLmZvcm1hdC5vcHRpb25hbBI0bmFtZSBtdXN0IGJlIGVtcHR5IG9yIGluIHRoZSBmb3JtYXQgY2xpZW50cy97VUxJRHYyfRpTc2l6ZSh0aGlzKSA9PSAwIHx8IHRoaXMubWF0Y2hlcygnXmNsaWVudHMvWzAxMjM0NTY3ODlBQkNERUZHSEpLTU5QUVJTVFZXWFlaXXsyNn0kJykSSwoFb3duZXIYAiABKAlCPLpIOcgBAXI0Mi9eZ3JvdXBzL1swMTIzNDU2Nzg5QUJDREVGR0hKS01OUFFSU1RWV1hZWl17MjZ9JJgBIRJOCgZvd25lcnMYAyADKAlCPrpIO5IBOCI2cjQyL15ncm91cHMvWzAxMjM0NTY3ODlBQkNERUZHSEpLTU5QUVJTVFZXWFlaXXsyNn0kmAEhEiMKDGRpc3BsYXlfbmFtZRgEIAEoCUINukgKyAEBcgUQARj/ARJHCg5uYXR1cmFsX3BlcnNvbhgFIAEoCzItLm1lc2h0cmFkZS5jb21wbGlhbmNlLmNsaWVudC52MS5OYXR1cmFsUGVyc29uSAASOgoHY29tcGFueRgGIAEoCzInLm1lc2h0cmFkZS5jb21wbGlhbmNlLmNsaWVudC52MS5Db21wYW55SAASNAoEZnVuZBgHIAEoCzIkLm1lc2h0cmFkZS5jb21wbGlhbmNlLmNsaWVudC52MS5GdW5kSAASNgoFdHJ1c3QYCCABKAsyJS5tZXNodHJhZGUuY29tcGxpYW5jZS5jbGllbnQudjEuVHJ1c3RIABJcChN2ZXJpZmljYXRpb25fc3RhdHVzGAkgASgOMjIubWVzaHRyYWRlLmNvbXBsaWFuY2UuY2xpZW50LnYxLlZlcmlmaWNhdGlvblN0YXR1c0ILukgIyAEBggECEAES7gEKFnZlcmlmaWNhdGlvbl9hdXRob3JpdHkYCiABKAlCzQG6SMkBugHFAQomdmVyaWZpY2F0aW9uX2F1dGhvcml0eS5mb3JtYXQub3B0aW9uYWwSRnZlcmlmaWNhdGlvbl9hdXRob3JpdHkgbXVzdCBiZSBlbXB0eSBvciBpbiB0aGUgZm9ybWF0IGNsaWVudHMve1VMSUR2Mn0aU3NpemUodGhpcykgPT0gMCB8fCB0aGlzLm1hdGNoZXMoJ15jbGllbnRzL1swMTIzNDU2Nzg5QUJDREVGR0hKS01OUFFSU1RWV1hZWl17MjZ9JCcpEjUKEXZlcmlmaWNhdGlvbl9kYXRlGAsgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcBI6ChZuZXh0X3ZlcmlmaWNhdGlvbl9kYXRlGAwgASgLMhouZ29vZ2xlLnByb3RvYnVmLlRpbWVzdGFtcEIOCgxsZWdhbF9wZXJzb25CYwolY28ubWVzaHRyYWRlLmFwaS5jb21wbGlhbmNlLmNsaWVudC52MVo6Z2l0aHViLmNvbS9tZXNodHJhZGUvYXBpL2dvL2NvbXBsaWFuY2UvY2xpZW50L3YxO2NsaWVudF92MWIGcHJvdG8z", [validate_pb_1.file_buf_validate_validate, wkt_1.file_google_protobuf_timestamp, company_pb_1.file_meshtrade_compliance_client_v1_company, fund_pb_1.file_meshtrade_compliance_client_v1_fund, natural_person_pb_1.file_meshtrade_compliance_client_v1_natural_person, trust_pb_1.file_meshtrade_compliance_client_v1_trust, verification_status_pb_1.file_meshtrade_compliance_client_v1_verification_status]);
 /**
  * Describes the message meshtrade.compliance.client.v1.Client.
  * Use `create(ClientSchema)` to create a new message.

package/dist/meshtrade/compliance/client/v1/service_node_meshts.d.ts

@@ -1,59 +1,84 @@
-import { Interceptor } from "@connectrpc/connect";
 import { CreateClientRequest, GetClientRequest, ListClientsRequest, ListClientsResponse } from "./service_pb";
 import { Client } from "./client_pb";
-import { ConfigOpts } from "../../../common/config";
+import { ClientOption } from "../../../config";
 /**
  * Node.js client for interacting with the meshtrade.compliance.client.v1 client v1 API resource service.
  * Uses Connect-ES with gRPC transport for Node.js gRPC communication.
  *
- * Supports three authentication modes:
+ * Supports flexible authentication modes using functional options pattern:
  *
  * 1. **No Authentication** (public APIs):
  *    ```typescript
- *    const client = new ClientServiceNode({ apiServerURL: "http://localhost:10000" });
+ *    const client = new ClientServiceNode(
+ *      WithServerUrl("http://localhost:10000")
+ *    );
  *    ```
  *
  * 2. **API Key Authentication** (backend services):
  *    ```typescript
- *    const client = new ClientServiceNode({
- *      apiServerURL: "https://api.example.com",
- *      apiKey: "your-api-key",
- *      group: "groups/01ARZ3NDEKTSV4YWVF8F5BH32"
- *    });
+ *    const client = new ClientServiceNode(
+ *      WithAPIKey("your-api-key"),
+ *      WithGroup("groups/01ARZ3NDEKTSV4YWVF8F5BH32"),
+ *      WithServerUrl("https://api.example.com")
+ *    );
  *    ```
  *
  * 3. **JWT Token Authentication** (Next.js backend with user session):
  *    ```typescript
- *    const client = new ClientServiceNode({
- *      apiServerURL: "https://api.example.com",
- *      jwtToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
- *    });
+ *    const client = new ClientServiceNode(
+ *      WithJWTAccessToken("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."),
+ *      WithServerUrl("https://api.example.com")
+ *    );
  *    ```
+ *
+ * 4. **JWT with Group Context** (user session with specific group):
+ *    ```typescript
+ *    const client = new ClientServiceNode(
+ *      WithJWTAccessToken("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."),
+ *      WithGroup("groups/01ARZ3NDEKTSV4YWVF8F5BH32"),
+ *      WithServerUrl("https://api.example.com")
+ *    );
+ *    ```
+ *
+ * Available options:
+ * - `WithAPIKey(key)` - API key authentication (mutually exclusive with JWT)
+ * - `WithJWTAccessToken(token)` - JWT authentication (mutually exclusive with API key)
+ * - `WithGroup(group)` - Group context (optional, works with both auth modes)
+ * - `WithServerUrl(url)` - Custom server URL (optional, defaults to production)
  */
 export declare class ClientServiceNode {
     private _client;
     private readonly _config;
     private readonly _interceptors;
+    private readonly _validator;
     /**
      * Constructs an instance of ClientServiceNode.
-     * @param {ConfigOpts} [config] - Optional configuration for the client.
-     * @param {Interceptor[]} [interceptors] - For internal use by `withGroup`.
+     *
+     * Uses functional options pattern for flexible configuration:
+     * - `WithAPIKey(key)` - API key authentication
+     * - `WithJWTAccessToken(token)` - JWT authentication
+     * - `WithGroup(group)` - Group context (optional)
+     * - `WithServerUrl(url)` - Custom server URL (optional)
+     *
+     * @param {...ClientOption} opts - Variable number of configuration options
      */
-    constructor(config?: ConfigOpts, interceptors?: Interceptor[]);
+    constructor(...opts: ClientOption[]);
     /**
      * Returns a new client instance configured to send the specified group
      * resource name in the request headers for subsequent API calls.
      *
-     * **Important**: This method only works with API key authentication.
-     * - For **API key auth**: Creates a new client with updated group context
-     * - For **JWT auth**: Throws error (group comes from JWT token claims)
-     * - For **no auth**: Throws error (group requires authentication)
+     * This method creates a new client with the same authentication configuration
+     * but with the group context updated to the specified value.
+     *
+     * **Compatibility**: Works with all authentication modes:
+     * - **API key auth**: Creates new client with API key + new group
+     * - **JWT auth**: Creates new client with JWT + new group
+     * - **No auth**: Creates new client with standalone group interceptor
      *
      * @param {string} group - The operating group context to inject into the request
      *                         in the format `groups/{ulid}` where {ulid} is a 26-character ULID.
      *                         Example: 'groups/01ARZ3NDEKTSV4YWVF8F5BH32'
      * @returns {ClientServiceNode} A new, configured instance of the client.
-     * @throws {Error} If used with JWT authentication or no authentication
      * @throws {Error} If the group format is invalid
      */
     withGroup(group: string): ClientServiceNode;

package/dist/meshtrade/compliance/client/v1/service_node_meshts.js

@@ -7,62 +7,82 @@ exports.ClientServiceNode = void 0;
 const connect_1 = require("@connectrpc/connect");
 const connect_node_1 = require("@connectrpc/connect-node");
 const service_pb_1 = require("./service_pb");
-const config_1 = require("../../../common/config");
-const validation_1 = require("../../../common/validation");
-const connectInterceptors_1 = require("../../../common/connectInterceptors");
+const service_pb_2 = require("./service_pb");
+const config_1 = require("../../../config");
+const protovalidate_1 = require("@bufbuild/protovalidate");
+const interceptors_1 = require("../../../interceptors");
 /**
  * Node.js client for interacting with the meshtrade.compliance.client.v1 client v1 API resource service.
  * Uses Connect-ES with gRPC transport for Node.js gRPC communication.
  *
- * Supports three authentication modes:
+ * Supports flexible authentication modes using functional options pattern:
  *
  * 1. **No Authentication** (public APIs):
  *    ```typescript
- *    const client = new ClientServiceNode({ apiServerURL: "http://localhost:10000" });
+ *    const client = new ClientServiceNode(
+ *      WithServerUrl("http://localhost:10000")
+ *    );
  *    ```
  *
  * 2. **API Key Authentication** (backend services):
  *    ```typescript
- *    const client = new ClientServiceNode({
- *      apiServerURL: "https://api.example.com",
- *      apiKey: "your-api-key",
- *      group: "groups/01ARZ3NDEKTSV4YWVF8F5BH32"
- *    });
+ *    const client = new ClientServiceNode(
+ *      WithAPIKey("your-api-key"),
+ *      WithGroup("groups/01ARZ3NDEKTSV4YWVF8F5BH32"),
+ *      WithServerUrl("https://api.example.com")
+ *    );
  *    ```
  *
  * 3. **JWT Token Authentication** (Next.js backend with user session):
  *    ```typescript
- *    const client = new ClientServiceNode({
- *      apiServerURL: "https://api.example.com",
- *      jwtToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
- *    });
+ *    const client = new ClientServiceNode(
+ *      WithJWTAccessToken("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."),
+ *      WithServerUrl("https://api.example.com")
+ *    );
  *    ```
+ *
+ * 4. **JWT with Group Context** (user session with specific group):
+ *    ```typescript
+ *    const client = new ClientServiceNode(
+ *      WithJWTAccessToken("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."),
+ *      WithGroup("groups/01ARZ3NDEKTSV4YWVF8F5BH32"),
+ *      WithServerUrl("https://api.example.com")
+ *    );
+ *    ```
+ *
+ * Available options:
+ * - `WithAPIKey(key)` - API key authentication (mutually exclusive with JWT)
+ * - `WithJWTAccessToken(token)` - JWT authentication (mutually exclusive with API key)
+ * - `WithGroup(group)` - Group context (optional, works with both auth modes)
+ * - `WithServerUrl(url)` - Custom server URL (optional, defaults to production)
  */
 class ClientServiceNode {
     /**
      * Constructs an instance of ClientServiceNode.
-     * @param {ConfigOpts} [config] - Optional configuration for the client.
-     * @param {Interceptor[]} [interceptors] - For internal use by `withGroup`.
+     *
+     * Uses functional options pattern for flexible configuration:
+     * - `WithAPIKey(key)` - API key authentication
+     * - `WithJWTAccessToken(token)` - JWT authentication
+     * - `WithGroup(group)` - Group context (optional)
+     * - `WithServerUrl(url)` - Custom server URL (optional)
+     *
+     * @param {...ClientOption} opts - Variable number of configuration options
      */
-    constructor(config, interceptors) {
-        this._config = (0, config_1.getConfigFromOpts)(config);
-        // If interceptors are provided (from withGroup), use them
-        // Otherwise, create auth interceptors based on config
-        if (interceptors) {
-            this._interceptors = interceptors;
+    constructor(...opts) {
+        // Build configuration from options
+        this._config = (0, config_1.buildConfigFromOptions)(...opts);
+        // Initialize validator for request validation
+        this._validator = (0, protovalidate_1.createValidator)();
+        this._interceptors = [];
+        this._interceptors.push((0, interceptors_1.createLoggingInterceptor)());
+        if (this._config.apiKey) {
+            this._interceptors.push((0, interceptors_1.createApiKeyInterceptor)(this._config.apiKey));
+        }
+        if (this._config.jwtToken) {
+            this._interceptors.push((0, interceptors_1.createJwtInterceptor)(this._config.jwtToken));
         }
-        else {
-            this._interceptors = [];
-            // Add authentication interceptor based on configuration
-            if (this._config.apiKey && this._config.group) {
-                // API Key authentication mode
-                this._interceptors.push((0, connectInterceptors_1.createApiKeyInterceptor)(this._config.apiKey, this._config.group));
-            }
-            else if (this._config.jwtToken) {
-                // JWT authentication mode
-                this._interceptors.push((0, connectInterceptors_1.createJwtInterceptor)(this._config.jwtToken));
-            }
-            // If neither is configured, no authentication (public API mode)
+        if (this._config.group) {
+            this._interceptors.push((0, interceptors_1.createGroupInterceptor)(this._config.group));
         }
         // Create the gRPC transport for Node.js with interceptors
         // Note: gRPC transport uses HTTP/2 by default
@@ -77,35 +97,36 @@ class ClientServiceNode {
      * Returns a new client instance configured to send the specified group
      * resource name in the request headers for subsequent API calls.
      *
-     * **Important**: This method only works with API key authentication.
-     * - For **API key auth**: Creates a new client with updated group context
-     * - For **JWT auth**: Throws error (group comes from JWT token claims)
-     * - For **no auth**: Throws error (group requires authentication)
+     * This method creates a new client with the same authentication configuration
+     * but with the group context updated to the specified value.
+     *
+     * **Compatibility**: Works with all authentication modes:
+     * - **API key auth**: Creates new client with API key + new group
+     * - **JWT auth**: Creates new client with JWT + new group
+     * - **No auth**: Creates new client with standalone group interceptor
      *
      * @param {string} group - The operating group context to inject into the request
      *                         in the format `groups/{ulid}` where {ulid} is a 26-character ULID.
      *                         Example: 'groups/01ARZ3NDEKTSV4YWVF8F5BH32'
      * @returns {ClientServiceNode} A new, configured instance of the client.
-     * @throws {Error} If used with JWT authentication or no authentication
      * @throws {Error} If the group format is invalid
      */
     withGroup(group) {
-        // Check authentication mode
-        if (this._config.jwtToken) {
-            throw new Error("Cannot use withGroup() with JWT authentication. " +
-                "The group context is determined by the JWT token claims.");
+        // Build new options array with existing auth and updated group
+        const newOpts = [];
+        // Add server URL
+        newOpts.push((0, config_1.WithServerUrl)(this._config.apiServerURL));
+        // Add authentication (preserve existing mode)
+        if (this._config.apiKey) {
+            newOpts.push((0, config_1.WithAPIKey)(this._config.apiKey));
         }
-        if (!this._config.apiKey) {
-            throw new Error("Cannot use withGroup() without authentication. " +
-                "Please configure API key authentication to use group context.");
+        else if (this._config.jwtToken) {
+            newOpts.push((0, config_1.WithJWTAccessToken)(this._config.jwtToken));
         }
-        // For API key authentication, create new client with updated group
-        // Replace the existing API key interceptor with one that has the new group
-        const newInterceptors = [
-            (0, connectInterceptors_1.createApiKeyInterceptor)(this._config.apiKey, group)
-        ];
-        // Return a new client instance with updated group context
-        return new ClientServiceNode(this._config, newInterceptors);
+        // Add the new group
+        newOpts.push((0, config_1.WithGroup)(group));
+        // Return a new client instance with updated configuration
+        return new ClientServiceNode(...newOpts);
     }
     /**
      * Creates a new client.
@@ -114,7 +135,14 @@ class ClientServiceNode {
      */
     createClient(request) {
         // Validate request
-        (0, validation_1.validateRequest)(request);
+        const result = this._validator.validate(service_pb_2.CreateClientRequestSchema, request);
+        if (result.kind === "invalid") {
+            const violations = result.violations.map(v => `${v.field.toString()}: ${v.message}`).join("; ");
+            throw new Error(`Validation failed: ${violations}`);
+        }
+        else if (result.kind === "error") {
+            throw result.error;
+        }
         return this._client.createClient(request);
     }
     /**
@@ -124,7 +152,14 @@ class ClientServiceNode {
      */
     getClient(request) {
         // Validate request
-        (0, validation_1.validateRequest)(request);
+        const result = this._validator.validate(service_pb_2.GetClientRequestSchema, request);
+        if (result.kind === "invalid") {
+            const violations = result.violations.map(v => `${v.field.toString()}: ${v.message}`).join("; ");
+            throw new Error(`Validation failed: ${violations}`);
+        }
+        else if (result.kind === "error") {
+            throw result.error;
+        }
         return this._client.getClient(request);
     }
     /**
@@ -134,7 +169,14 @@ class ClientServiceNode {
      */
     listClients(request) {
         // Validate request
-        (0, validation_1.validateRequest)(request);
+        const result = this._validator.validate(service_pb_2.ListClientsRequestSchema, request);
+        if (result.kind === "invalid") {
+            const violations = result.violations.map(v => `${v.field.toString()}: ${v.message}`).join("; ");
+            throw new Error(`Validation failed: ${violations}`);
+        }
+        else if (result.kind === "error") {
+            throw result.error;
+        }
         return this._client.listClients(request);
     }
 }

package/dist/meshtrade/config/index.d.ts

@@ -0,0 +1,160 @@
+/**
+ * Configuration options for Meshtrade API clients using functional options pattern.
+ *
+ * Supports flexible authentication modes with optional group context:
+ *
+ * 1. **No Authentication** (public APIs):
+ *    ```typescript
+ *    const client = new ServiceNode(
+ *      WithServerUrl("http://localhost:10000")
+ *    );
+ *    ```
+ *
+ * 2. **API Key Authentication** (backend services):
+ *    ```typescript
+ *    const client = new ServiceNode(
+ *      WithAPIKey("your-api-key"),
+ *      WithGroup("groups/01ARZ3NDEKTSV4YWVF8F5BH32"),
+ *      WithServerUrl("https://api.example.com")
+ *    );
+ *    ```
+ *
+ * 3. **JWT Token Authentication** (Next.js backend with user session):
+ *    ```typescript
+ *    const client = new ServiceNode(
+ *      WithJWTAccessToken("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."),
+ *      WithServerUrl("https://api.example.com")
+ *    );
+ *    ```
+ *
+ * 4. **JWT with Group Context** (user session with specific group):
+ *    ```typescript
+ *    const client = new ServiceNode(
+ *      WithJWTAccessToken("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."),
+ *      WithGroup("groups/01ARZ3NDEKTSV4YWVF8F5BH32"),
+ *      WithServerUrl("https://api.example.com")
+ *    );
+ *    ```
+ */
+/**
+ * Internal configuration class used to build client configuration.
+ */
+export declare class ClientConfig {
+    /** API server URL (default: production) */
+    apiServerURL: string;
+    /** API key for service-to-service authentication */
+    apiKey?: string;
+    /** JWT token for user session authentication */
+    jwtToken?: string;
+    /** Group context in format "groups/{ulid}" */
+    group?: string;
+    /**
+     * Validates the configuration.
+     * @throws {Error} If both API key and JWT token are provided (mutually exclusive)
+     */
+    validate(): void;
+}
+/**
+ * Client option function type for functional options pattern.
+ * Each option function modifies the ClientConfig.
+ */
+export type ClientOption = (config: ClientConfig) => void;
+/**
+ * Configures the client with an API key for service-to-service authentication.
+ *
+ * **Mutually Exclusive**: Cannot be used with WithJWTAccessToken().
+ * **Optional**: Can be combined with WithGroup() for group-specific operations.
+ *
+ * @param apiKey - The API key for authentication
+ * @returns A client option function
+ *
+ * @example
+ * ```typescript
+ * const client = new ServiceNode(
+ *   WithAPIKey("your-api-key"),
+ *   WithGroup("groups/01ARZ3NDEKTSV4YWVF8F5BH32")
+ * );
+ * ```
+ */
+export declare function WithAPIKey(apiKey: string): ClientOption;
+/**
+ * Configures the client with a JWT access token for user session authentication.
+ *
+ * **Mutually Exclusive**: Cannot be used with WithAPIKey().
+ * **Optional**: Can be combined with WithGroup() for group-specific operations.
+ *
+ * The JWT is injected as a cookie header (Cookie: AccessToken=<jwt>)
+ * so the server can extract it from the request.
+ *
+ * @param token - The JWT access token from the user's session
+ * @returns A client option function
+ *
+ * @example
+ * ```typescript
+ * const client = new ServiceNode(
+ *   WithJWTAccessToken("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."),
+ *   WithGroup("groups/01ARZ3NDEKTSV4YWVF8F5BH32")
+ * );
+ * ```
+ */
+export declare function WithJWTAccessToken(token: string): ClientOption;
+/**
+ * Configures the client with a group context for operations.
+ *
+ * **Optional**: Can be used with WithAPIKey() or WithJWTAccessToken().
+ * When used alone without authentication, adds group header to requests.
+ *
+ * @param group - The group resource name in format "groups/{ulid}"
+ * @returns A client option function
+ *
+ * @example
+ * ```typescript
+ * // With API Key
+ * const client = new ServiceNode(
+ *   WithAPIKey("your-api-key"),
+ *   WithGroup("groups/01ARZ3NDEKTSV4YWVF8F5BH32")
+ * );
+ *
+ * // With JWT
+ * const client = new ServiceNode(
+ *   WithJWTAccessToken("eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."),
+ *   WithGroup("groups/01ARZ3NDEKTSV4YWVF8F5BH32")
+ * );
+ * ```
+ */
+export declare function WithGroup(group: string): ClientOption;
+/**
+ * Configures the client with a custom server URL.
+ *
+ * **Optional**: If not provided, defaults to localhost:10000.
+ *
+ * @param url - The API server URL
+ * @returns A client option function
+ *
+ * @example
+ * ```typescript
+ * const client = new ServiceNode(
+ *   WithServerUrl("http://localhost:10000"),
+ *   WithAPIKey("your-api-key"),
+ *   WithGroup("groups/01ARZ3NDEKTSV4YWVF8F5BH32")
+ * );
+ * ```
+ */
+export declare function WithServerUrl(url: string): ClientOption;
+/**
+ * Builds client configuration from an array of option functions.
+ *
+ * @param opts - Variable number of option functions
+ * @returns A validated ClientConfig instance
+ * @throws {Error} If configuration is invalid (e.g., both API key and JWT provided)
+ *
+ * @example
+ * ```typescript
+ * const config = buildConfigFromOptions(
+ *   WithAPIKey("your-api-key"),
+ *   WithGroup("groups/01ARZ3NDEKTSV4YWVF8F5BH32"),
+ *   WithServerUrl("https://api.example.com")
+ * );
+ * ```
+ */
+export declare function buildConfigFromOptions(...opts: ClientOption[]): ClientConfig;