@oxyhq/core 1.11.9 → 1.11.11

package/dist/types/AuthManager.d.ts

@@ -34,6 +34,8 @@ export interface AuthManagerConfig {
     autoRefresh?: boolean;
     /** Token refresh interval in milliseconds (default: 5 minutes before expiry) */
     refreshBuffer?: number;
+    /** Enable cross-tab coordination via BroadcastChannel (default: true in browsers) */
+    crossTabSync?: boolean;
 }
 /**
  * AuthManager - Centralized authentication management.
@@ -68,7 +70,26 @@ export declare class AuthManager {
     private refreshTimer;
     private refreshPromise;
     private config;
+    /** Tracks the access token this instance last knew about, for cross-tab adoption. */
+    private _lastKnownAccessToken;
+    /** BroadcastChannel for coordinating token refreshes across browser tabs. */
+    private _broadcastChannel;
+    /** Set to true when another tab broadcasts a successful refresh, so this tab can skip its own. */
+    private _otherTabRefreshed;
     constructor(oxyServices: OxyServices, config?: AuthManagerConfig);
+    /**
+     * Initialize BroadcastChannel for cross-tab token refresh coordination.
+     * Only called in browser environments where BroadcastChannel is available.
+     */
+    private _initBroadcastChannel;
+    /**
+     * Handle messages from other tabs about token refresh activity.
+     */
+    private _handleCrossTabMessage;
+    /**
+     * Broadcast a message to other tabs.
+     */
+    private _broadcast;
     /**
      * Get default storage based on environment.
      */

package/dist/types/HttpService.d.ts

@@ -50,6 +50,7 @@ export declare class HttpService {
     private tokenRefreshPromise;
     private tokenRefreshCooldownUntil;
     private _onTokenRefreshed;
+    private _actingAsUserId;
     private requestMetrics;
     constructor(config: OxyConfig);
     /**
@@ -93,6 +94,8 @@ export declare class HttpService {
     put<T = unknown>(url: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'url' | 'data'>): Promise<T>;
     patch<T = unknown>(url: string, data?: unknown, config?: Omit<RequestConfig, 'method' | 'url' | 'data'>): Promise<T>;
     delete<T = unknown>(url: string, config?: Omit<RequestConfig, 'method' | 'url'>): Promise<T>;
+    setActingAs(userId: string | null): void;
+    getActingAs(): string | null;
     setTokens(accessToken: string, refreshToken?: string): void;
     set onTokenRefreshed(callback: ((accessToken: string) => void) | null);
     clearTokens(): void;

package/dist/types/OxyServices.base.d.ts

@@ -81,6 +81,23 @@ export declare class OxyServicesBase {
      * Get the raw access token (for constructing anchor URLs when needed)
      */
     getAccessToken(): string | null;
+    /**
+     * Set the acting-as identity for managed accounts.
+     *
+     * When set, all subsequent API requests will include the `X-Acting-As` header,
+     * causing the server to attribute actions to the managed account. The
+     * authenticated user must be an authorized manager of the target account.
+     *
+     * Pass `null` to clear and revert to the authenticated user's own identity.
+     *
+     * @param userId - The managed account user ID, or null to clear
+     */
+    setActingAs(userId: string | null): void;
+    /**
+     * Get the current acting-as identity (managed account user ID), or null
+     * if operating as the authenticated user's own identity.
+     */
+    getActingAs(): string | null;
     /**
      * Wait for authentication to be ready
      *

package/dist/types/index.d.ts

@@ -25,6 +25,7 @@ export type { PopupAuthOptions } from './mixins/OxyServices.popup';
 export type { RedirectAuthOptions } from './mixins/OxyServices.redirect';
 export type { ServiceTokenResponse } from './mixins/OxyServices.auth';
 export type { ServiceApp } from './mixins/OxyServices.utility';
+export type { CreateManagedAccountInput, ManagedAccountManager, ManagedAccount } from './mixins/OxyServices.managedAccounts';
 export { KeyManager, SignatureService, RecoveryPhraseService } from './crypto';
 export type { KeyPair, SignedMessage, AuthChallenge, RecoveryPhraseResult } from './crypto';
 export * from './models/interfaces';

package/dist/types/mixins/OxyServices.analytics.d.ts

@@ -50,6 +50,8 @@ export declare function OxyServicesAnalyticsMixin<T extends typeof OxyServicesBa
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.assets.d.ts

@@ -128,6 +128,8 @@ export declare function OxyServicesAssetsMixin<T extends typeof OxyServicesBase>
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.auth.d.ts

@@ -206,6 +206,8 @@ export declare function OxyServicesAuthMixin<T extends typeof OxyServicesBase>(B
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.developer.d.ts

@@ -83,6 +83,8 @@ export declare function OxyServicesDeveloperMixin<T extends typeof OxyServicesBa
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.devices.d.ts

@@ -80,6 +80,8 @@ export declare function OxyServicesDevicesMixin<T extends typeof OxyServicesBase
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.features.d.ts

@@ -212,6 +212,8 @@ export declare function OxyServicesFeaturesMixin<T extends typeof OxyServicesBas
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;
@@ -223,7 +225,9 @@ export declare function OxyServicesFeaturesMixin<T extends typeof OxyServicesBas
         healthCheck(): Promise<{
             status: string;
             users?: number;
-            timestamp?: string;
+            timestamp? /**
+             * Get FAQs
+             */: string;
             [key: string]: any;
         }>;
     };

package/dist/types/mixins/OxyServices.fedcm.d.ts

@@ -33,6 +33,7 @@ export interface FedCMConfig {
  */
 export declare function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(Base: T): {
     new (...args: any[]): {
+        resolveFedcmConfigUrl(): string;
         /**
          * Instance method to check FedCM support
          */
@@ -187,6 +188,8 @@ export declare function OxyServicesFedCMMixin<T extends typeof OxyServicesBase>(
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.karma.d.ts

@@ -69,6 +69,8 @@ export declare function OxyServicesKarmaMixin<T extends typeof OxyServicesBase>(
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.language.d.ts

@@ -65,6 +65,8 @@ export declare function OxyServicesLanguageMixin<T extends typeof OxyServicesBas
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.location.d.ts

@@ -48,6 +48,8 @@ export declare function OxyServicesLocationMixin<T extends typeof OxyServicesBas
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.managedAccounts.d.ts

@@ -0,0 +1,125 @@
+/**
+ * Managed Accounts Methods Mixin
+ *
+ * Provides SDK methods for creating and managing sub-accounts (managed identities).
+ * Managed accounts are full User documents without passwords, accessible only
+ * by their owners/managers via the X-Acting-As header mechanism.
+ */
+import type { User } from '../models/interfaces';
+import type { OxyServicesBase } from '../OxyServices.base';
+export interface CreateManagedAccountInput {
+    username: string;
+    name?: {
+        first?: string;
+        last?: string;
+    };
+    bio?: string;
+    avatar?: string;
+}
+export interface ManagedAccountManager {
+    userId: string;
+    role: 'owner' | 'admin' | 'editor';
+    addedAt: string;
+    addedBy?: string;
+}
+export interface ManagedAccount {
+    accountId: string;
+    ownerId: string;
+    managers: ManagedAccountManager[];
+    account?: User;
+    createdAt?: string;
+    updatedAt?: string;
+}
+export declare function OxyServicesManagedAccountsMixin<T extends typeof OxyServicesBase>(Base: T): {
+    new (...args: any[]): {
+        /**
+         * Create a new managed account (sub-account).
+         *
+         * The server creates a User document with `isManagedAccount: true` and links
+         * it to the authenticated user as owner.
+         */
+        createManagedAccount(data: CreateManagedAccountInput): Promise<ManagedAccount>;
+        /**
+         * List all accounts the authenticated user manages.
+         */
+        getManagedAccounts(): Promise<ManagedAccount[]>;
+        /**
+         * Get details for a specific managed account.
+         */
+        getManagedAccountDetails(accountId: string): Promise<ManagedAccount>;
+        /**
+         * Update a managed account's profile data.
+         * Requires owner or admin role.
+         */
+        updateManagedAccount(accountId: string, data: Partial<CreateManagedAccountInput>): Promise<ManagedAccount>;
+        /**
+         * Delete a managed account permanently.
+         * Requires owner role.
+         */
+        deleteManagedAccount(accountId: string): Promise<void>;
+        /**
+         * Add a manager to a managed account.
+         * Requires owner or admin role on the account.
+         *
+         * @param accountId - The managed account to add the manager to
+         * @param userId - The user to grant management access
+         * @param role - The role to assign: 'admin' or 'editor'
+         */
+        addManager(accountId: string, userId: string, role: "admin" | "editor"): Promise<void>;
+        /**
+         * Remove a manager from a managed account.
+         * Requires owner role.
+         *
+         * @param accountId - The managed account
+         * @param userId - The manager to remove
+         */
+        removeManager(accountId: string, userId: string): Promise<void>;
+        httpService: import("../HttpService").HttpService;
+        cloudURL: string;
+        config: import("../OxyServices.base").OxyConfig;
+        __resetTokensForTests(): void;
+        makeRequest<T_1>(method: "GET" | "POST" | "PUT" | "PATCH" | "DELETE", url: string, data?: any, options?: import("../HttpService").RequestOptions): Promise<T_1>;
+        getBaseURL(): string;
+        getClient(): import("../HttpService").HttpService;
+        getMetrics(): {
+            totalRequests: number;
+            successfulRequests: number;
+            failedRequests: number;
+            cacheHits: number;
+            cacheMisses: number;
+            averageResponseTime: number;
+        };
+        clearCache(): void;
+        clearCacheEntry(key: string): void;
+        getCacheStats(): {
+            size: number;
+            hits: number;
+            misses: number;
+            hitRate: number;
+        };
+        getCloudURL(): string;
+        setTokens(accessToken: string, refreshToken?: string): void;
+        clearTokens(): void;
+        _cachedUserId: string | null | undefined;
+        _cachedAccessToken: string | null;
+        getCurrentUserId(): string | null;
+        hasValidToken(): boolean;
+        getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
+        waitForAuth(timeoutMs?: number): Promise<boolean>;
+        withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
+            maxRetries?: number;
+            retryDelay?: number;
+            authTimeoutMs?: number;
+        }): Promise<T_1>;
+        validate(): Promise<boolean>;
+        handleError(error: unknown): Error;
+        healthCheck(): Promise<{
+            status: string;
+            users?: number;
+            timestamp?: string;
+            [key: string]: any;
+        }>;
+    };
+} & T;

package/dist/types/mixins/OxyServices.payment.d.ts

@@ -95,6 +95,8 @@ export declare function OxyServicesPaymentMixin<T extends typeof OxyServicesBase
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.popup.d.ts

@@ -33,6 +33,8 @@ export interface SilentAuthOptions {
  */
 export declare function OxyServicesPopupAuthMixin<T extends typeof OxyServicesBase>(Base: T): {
     new (...args: any[]): {
+        /** Resolve auth URL from config or static default (method, not getter — getters break in TS mixins) */
+        resolveAuthUrl(): string;
         /**
          * Sign in using popup window
          *
@@ -183,6 +185,8 @@ export declare function OxyServicesPopupAuthMixin<T extends typeof OxyServicesBa
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.privacy.d.ts

@@ -106,6 +106,8 @@ export declare function OxyServicesPrivacyMixin<T extends typeof OxyServicesBase
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.redirect.d.ts

@@ -222,6 +222,8 @@ export declare function OxyServicesRedirectAuthMixin<T extends typeof OxyService
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.security.d.ts

@@ -62,6 +62,8 @@ export declare function OxyServicesSecurityMixin<T extends typeof OxyServicesBas
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.topics.d.ts

@@ -88,6 +88,8 @@ export declare function OxyServicesTopicsMixin<T extends typeof OxyServicesBase>
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.user.d.ts

@@ -205,6 +205,8 @@ export declare function OxyServicesUserMixin<T extends typeof OxyServicesBase>(B
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/mixins/OxyServices.utility.d.ts

@@ -1,5 +1,13 @@
 import type { ApiError } from '../models/interfaces';
 import type { OxyServicesBase } from '../OxyServices.base';
+/**
+ * Result from the managed-accounts verification endpoint.
+ * Indicates whether a user is authorized to act as a given managed account.
+ */
+interface ActingAsVerification {
+    authorized: boolean;
+    role: 'owner' | 'admin' | 'editor';
+}
 /**
  * Service app metadata attached to requests authenticated with service tokens
  */
@@ -28,6 +36,18 @@ interface AuthMiddlewareOptions {
 }
 export declare function OxyServicesUtilityMixin<T extends typeof OxyServicesBase>(Base: T): {
     new (...args: any[]): {
+        /** @internal In-memory cache for acting-as verification results (TTL: 5 min) */
+        _actingAsCache: Map<string, {
+            result: ActingAsVerification | null;
+            expiresAt: number;
+        }>;
+        /**
+         * Verify that a user is authorized to act as a managed account.
+         * Results are cached in-memory for 5 minutes to avoid repeated API calls.
+         *
+         * @internal Used by the auth() middleware — not part of the public API
+         */
+        verifyActingAs(userId: string, accountId: string): Promise<ActingAsVerification | null>;
         /**
          * Fetch link metadata
          */
@@ -157,6 +177,8 @@ export declare function OxyServicesUtilityMixin<T extends typeof OxyServicesBase
         getCurrentUserId(): string | null;
         hasValidToken(): boolean;
         getAccessToken(): string | null;
+        setActingAs(userId: string | null): void;
+        getActingAs(): string | null;
         waitForAuth(timeoutMs?: number): Promise<boolean>;
         withAuthRetry<T_1>(operation: () => Promise<T_1>, operationName: string, options?: {
             maxRetries?: number;

package/dist/types/models/interfaces.d.ts

@@ -64,6 +64,8 @@ export interface User {
     automation?: {
         ownerId?: string;
     };
+    isManagedAccount?: boolean;
+    managedBy?: string;
     [key: string]: unknown;
 }
 export interface LoginResponse {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oxyhq/core",
-  "version": "1.11.9",
+  "version": "1.11.11",
   "description": "OxyHQ SDK Foundation — API client, authentication, cryptographic identity, and shared utilities",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",