@oxyhq/core 3.1.0 → 3.4.0

package/dist/types/HttpService.d.ts

@@ -104,14 +104,60 @@ export declare class HttpService {
      * into a `Headers`-compatible object.
      */
     private static parseXHRHeaders;
+    /**
+     * Delimiter that separates the logical `method:url[:data]` portion of a
+     * cache key from its identity suffix. Always APPENDED, never used to parse
+     * a key apart, so the `method:url` prefix stays intact for
+     * `clearCacheByPrefix` sweeps and `clearCacheEntry` base-key matching.
+     * The `clearCacheEntry` callsites all pass fixed, dataless logical keys
+     * (`GET:/users/<id>`, `GET:/session/user/<sessionId>`,
+     * `GET:/fedcm/me/authorized-apps`), so this readable suffix can never be
+     * ambiguous with a serialized request body.
+     */
+    private static readonly CACHE_IDENTITY_DELIM;
+    /**
+     * Derive a stable, non-sensitive identity discriminator for cache scoping.
+     *
+     * The GET-response cache MUST be partitioned by caller identity: endpoints
+     * with optional auth (e.g. `GET /profiles/recommendations`) return different
+     * content for an anonymous vs an authenticated caller, and per-user content
+     * for different authenticated users. Keying solely on `method:url:data`
+     * (the previous behavior) let an anonymous response be served to an
+     * authenticated caller — surfacing as "Who to follow" recommending accounts
+     * the user already follows after a cold-boot session restore.
+     *
+     * We use the access token's decoded user id (`userId || id`) rather than the
+     * raw JWT so the token never lands in a cache key (no token leakage through
+     * any cache-key logging, no key bloat). The acting-as id is folded in because
+     * managed-account responses differ per acting identity — and `X-Acting-As`
+     * already changes the server response for the same bearer token. Falls back
+     * to `'anon'` when there is no token, and to a short FNV-1a hash of the token
+     * only if it is present but cannot be decoded (degraded but still partitioned,
+     * never colliding anon with authed).
+     */
+    private computeIdentityTag;
     /**
      * Generate cache key efficiently
      * Uses a content-addressed hash for large payloads so two requests with
      * the same shape but different values never collide on the same key
      * (which would silently serve stale data — e.g. paginated search results,
      * large object updates).
+     *
+     * The key is identity-scoped: the logical `method:url[:data]` portion is
+     * suffixed with ` id=<identityTag>` so two callers with different
+     * identities (anon vs authed, or two different users) never share an entry.
+     * The identity tag is placed at the END so the key still STARTS with
+     * `method:url`, preserving the prefix-based invalidation in
+     * `clearCacheByPrefix` (e.g. `GET:/session/user/`) and the base-key matching
+     * in `clearCacheEntry`.
      */
     private generateCacheKey;
+    /**
+     * Build the identity-agnostic portion of a cache key (`method:url[:data]`).
+     * Kept separate so identity scoping is applied in exactly one place
+     * (`generateCacheKey`) and cannot drift between the cache and dedupe paths.
+     */
+    private generateBaseCacheKey;
     /**
      * Build full URL with query params
      */
@@ -169,6 +215,17 @@ export declare class HttpService {
     hasAccessToken(): boolean;
     getBaseURL(): string;
     clearCache(): void;
+    /**
+     * Delete a cache entry by its LOGICAL key (`method:url[:data]`).
+     *
+     * Because the response cache is identity-scoped — stored keys carry an
+     * ` id=<identityTag>` suffix — a caller passing the logical key
+     * `GET:/users/<id>` must invalidate that resource for EVERY identity that
+     * cached it (e.g. `updateProfile` busting a user representation that may be
+     * cached under both the owner's id and a viewer's id). We therefore delete
+     * the exact key (for any pre-existing un-suffixed entries) AND every
+     * identity-scoped variant `<key> id=*`.
+     */
     clearCacheEntry(key: string): void;
     /**
      * Delete every cache entry whose key starts with `prefix`.

package/dist/types/OxyServices.d.ts

@@ -80,9 +80,10 @@ import { composeOxyServices } from './mixins';
  * - **Privacy**: Blocked and restricted users
  * - **Language**: Language detection and metadata
  * - **Payment**: Payment processing
- * - **Karma**: Karma system
+ * - **Reputation**: Reputation system (Oxy Trust)
  * - **Assets**: File upload and asset management
  * - **Applications**: Application, membership, and credential management
+ * - **Workspaces**: Workspace and membership management
  * - **Location**: Location-based features
  * - **Analytics**: Analytics tracking
  * - **Devices**: Device management

package/dist/types/constants/version.d.ts

@@ -5,9 +5,9 @@
 export declare const packageInfo: {
     readonly name: "@oxyhq/services";
     readonly version: "5.2.1";
-    readonly description: "Reusable OxyHQ module to handle authentication, user management, karma system and more 🚀";
+    readonly description: "Reusable OxyHQ module to handle authentication, user management, reputation system (Oxy Trust) and more 🚀";
     readonly main: "lib/commonjs/node/index.js";
     readonly module: "lib/module/node/index.js";
     readonly types: "lib/typescript/node/index.d.ts";
 };
-export declare const name: "@oxyhq/services", version: "5.2.1", description: "Reusable OxyHQ module to handle authentication, user management, karma system and more 🚀";
+export declare const name: "@oxyhq/services", version: "5.2.1", description: "Reusable OxyHQ module to handle authentication, user management, reputation system (Oxy Trust) and more 🚀";

package/dist/types/index.d.ts

@@ -33,7 +33,9 @@ export type { ServiceApp, ServiceActingAsVerification } from './mixins/OxyServic
 export type { CreateManagedAccountInput, ManagedAccountManager, ManagedAccount, } from './mixins/OxyServices.managedAccounts';
 export type { ContactDiscoveryMatch, ContactDiscoveryResponse, } from './mixins/OxyServices.contacts';
 export { OxyAppDataIdentifierError } from './mixins/OxyServices.appData';
-export type { Application, ApplicationMember, ApplicationCredential, ApplicationRole, ApplicationType, ApplicationStatus, ApplicationMemberStatus, ApplicationCredentialType, ApplicationCredentialStatus, ApplicationEnvironment, CreateApplicationInput, UpdateApplicationInput, InviteApplicationMemberInput, UpdateApplicationMemberInput, TransferApplicationOwnershipInput, CreateApplicationCredentialInput, ApplicationCredentialWithSecret, RotateApplicationCredentialResult, ApplicationUsagePeriod, ApplicationUsageSummary, ApplicationUsageByDay, ApplicationUsageByEndpoint, ApplicationUsageStats, ApplicationSuccessResult, } from './mixins/OxyServices.applications';
+export type { Application, PublicApplication, ApplicationMember, ApplicationCredential, ApplicationRole, ApplicationType, ApplicationStatus, ApplicationMemberStatus, ApplicationCredentialType, ApplicationCredentialStatus, ApplicationEnvironment, CreateApplicationInput, UpdateApplicationInput, InviteApplicationMemberInput, UpdateApplicationMemberInput, TransferApplicationOwnershipInput, CreateApplicationCredentialInput, ApplicationCredentialWithSecret, RotateApplicationCredentialResult, ApplicationUsagePeriod, ApplicationUsageSummary, ApplicationUsageByDay, ApplicationUsageByEndpoint, ApplicationUsageStats, ApplicationSuccessResult, } from './mixins/OxyServices.applications';
+export type { Workspace, WorkspaceMember, WorkspaceRole, WorkspaceType, WorkspaceStatus, WorkspaceMemberStatus, CreateWorkspaceInput, UpdateWorkspaceInput, InviteWorkspaceMemberInput, UpdateWorkspaceMemberInput, TransferWorkspaceOwnershipInput, WorkspaceSuccessResult, } from './mixins/OxyServices.workspaces';
+export type { ReputationCategory, TrustTier, ReputationTransactionStatus, ReputationTargetEntityType, ReputationDisputeStatus, ReputationInfluenceContext, ReputationTransaction, ReputationBalanceBreakdown, ReputationInfluence, ReputationReliability, ReputationBalance, ReputationDispute, ReputationRule, ReputationLeaderboardEntry, ReputationInfluenceResult, ReverseReputationTransactionResult, AwardReputationInput, CreateReputationDisputeInput, ResolveReputationDisputeInput, UpsertReputationRuleInput, ReverseReputationTransactionInput, } from './mixins/OxyServices.reputation';
 export { SessionSyncRequiredError, AuthenticationFailedError, ensureValidToken, isAuthenticationError, withAuthErrorHandling, authenticatedApiCall, } from './utils/authHelpers';
 export type { HandleApiErrorOptions } from './utils/authHelpers';
 export { mergeSessions, normalizeAndSortSessions, sessionsArraysEqual, } from './utils/sessionUtils';
@@ -47,7 +49,7 @@ export { RecoveryPhraseService } from './crypto/recoveryPhrase';
 export type { RecoveryPhraseResult } from './crypto/recoveryPhrase';
 export { DeviceManager } from './utils/deviceManager';
 export type { DeviceFingerprint, StoredDeviceInfo } from './utils/deviceManager';
-export type { OxyConfig, PrivacySettings, NotificationPreferences, UserPreferences, User, LoginResponse, Notification, Wallet, Transaction, BlockedUser, RestrictedUser, TransferFundsRequest, PurchaseRequest, WithdrawalRequest, TransactionResponse, PaginationInfo, SearchProfilesResponse, KarmaRule, KarmaHistory, KarmaLeaderboardEntry, KarmaAwardRequest, ApiError, PaymentMethod, PaymentRequest, PaymentResponse, AnalyticsData, FollowerDetails, ContentViewer, FileMetadata, FileUploadResponse, FileListResponse, FileUpdateRequest, FileDeleteResponse, RNFileDescriptor, AssetUploadInput, FileVisibility, AssetLink, AssetMetadata, AssetVariant, Asset, AssetInitRequest, AssetInitResponse, AssetCompleteRequest, AssetLinkRequest, AssetUnlinkRequest, AssetUrlResponse, AssetDeleteSummary, AssetUpdateVisibilityRequest, AssetUpdateVisibilityResponse, AccountStorageCategoryUsage, AccountStorageUsageResponse, SecurityEventType, SecurityEventSeverity, SecurityActivity, SecurityActivityResponse, AssetUploadProgress, DeviceSession, DeviceSessionsResponse, DeviceSessionLogoutResponse, UpdateDeviceNameResponse, } from './models/interfaces';
+export type { OxyConfig, PrivacySettings, NotificationPreferences, UserPreferences, User, LoginResponse, Notification, Wallet, Transaction, BlockedUser, RestrictedUser, TransferFundsRequest, PurchaseRequest, WithdrawalRequest, TransactionResponse, PaginationInfo, SearchProfilesResponse, ApiError, PaymentMethod, PaymentRequest, PaymentResponse, AnalyticsData, FollowerDetails, ContentViewer, FileMetadata, FileUploadResponse, FileListResponse, FileUpdateRequest, FileDeleteResponse, RNFileDescriptor, AssetUploadInput, FileVisibility, AssetLink, AssetMetadata, AssetVariant, Asset, AssetInitRequest, AssetInitResponse, AssetCompleteRequest, AssetLinkRequest, AssetUnlinkRequest, AssetUrlResponse, AssetDeleteSummary, AssetUpdateVisibilityRequest, AssetUpdateVisibilityResponse, AccountStorageCategoryUsage, AccountStorageUsageResponse, SecurityEventType, SecurityEventSeverity, SecurityActivity, SecurityActivityResponse, AssetUploadProgress, DeviceSession, DeviceSessionsResponse, DeviceSessionLogoutResponse, UpdateDeviceNameResponse, } from './models/interfaces';
 export { SECURITY_EVENT_SEVERITY_MAP } from './models/interfaces';
 export { TopicType, TopicSource } from './models/Topic';
 export type { TopicData, TopicTranslation } from './models/Topic';

package/dist/types/mixins/OxyServices.applications.d.ts

@@ -49,12 +49,22 @@ export interface Application {
     webhookUrl?: string;
     devWebhookUrl?: string;
     createdByUserId: string;
+    /**
+     * The workspace this application belongs to (workspace `_id`), or `null` for
+     * applications not owned by a workspace. Used by the console to scope apps to
+     * a workspace and to branch on workspace-derived access.
+     */
+    workspaceId: string | null;
     createdAt: string;
     updatedAt: string;
     /**
      * The calling user's own membership in this application, embedded by the API
      * on list (`GET /applications`) and detail (`GET /applications/:appId`)
      * responses. Use `callerMembership.permissions` to gate UI affordances.
+     *
+     * When the caller's access is derived from a workspace membership rather than
+     * a direct application membership, the API returns a synthetic membership
+     * with `source: 'workspace'` and `_id: null`.
      */
     callerMembership?: ApplicationMember;
 }
@@ -63,7 +73,11 @@ export interface Application {
  * on the server at write time.
  */
 export interface ApplicationMember {
-    _id: string;
+    /**
+     * The membership's Mongo `_id`. `null` for a synthetic, workspace-derived
+     * membership (see {@link Application.callerMembership} and `source`).
+     */
+    _id: string | null;
     applicationId: string;
     userId: string;
     role: ApplicationRole;
@@ -71,6 +85,13 @@ export interface ApplicationMember {
     invitedByUserId?: string;
     joinedAt?: string;
     status: ApplicationMemberStatus;
+    /**
+     * Origin of this membership. When `'workspace'`, the membership is synthetic
+     * and derived from the caller's workspace membership rather than a direct
+     * application membership (in which case `_id` is `null`). Absent or any other
+     * value indicates a direct application membership.
+     */
+    source?: 'workspace';
     createdAt: string;
     updatedAt: string;
 }
@@ -98,6 +119,38 @@ export interface ApplicationCredential {
     createdAt: string;
     updatedAt: string;
 }
+/**
+ * Sanitized, PUBLIC application identity returned by the API when resolving a
+ * cross-app/OAuth client to a registered {@link Application}.
+ *
+ * Unlike {@link Application}, this shape carries NO sensitive or membership
+ * fields — it is safe to display unauthenticated in consent/authorize screens
+ * and device-flow approval UIs. The API resolves a `client_id` (OAuth
+ * credential public key) to the owning application and projects only the
+ * fields below. `id` is the application's `_id` as a string.
+ */
+export interface PublicApplication {
+    /** The application's Mongo `_id` as a string. */
+    id: string;
+    /** Human-readable application name shown to the user. */
+    name: string;
+    /** Optional short description of what the application does. */
+    description?: string;
+    /** Optional icon URL for the application. */
+    icon?: string;
+    /** Optional public website/homepage URL for the application. */
+    websiteUrl?: string;
+    /** Application classification (set by Oxy platform staff). */
+    type: ApplicationType;
+    /** Whether the application is an officially endorsed Oxy application. */
+    isOfficial: boolean;
+    /** Whether the application is an internal Oxy ecosystem application. */
+    isInternal: boolean;
+    /** OAuth scopes the application is configured to request. */
+    scopes: string[];
+    /** Optional display name of the developer/owner organisation. */
+    developerName?: string;
+}
 /** Input accepted by `createApplication`. Staff-only fields are not settable here. */
 export interface CreateApplicationInput {
     name: string;
@@ -106,6 +159,11 @@ export interface CreateApplicationInput {
     icon?: string;
     redirectUris?: string[];
     scopes?: string[];
+    /**
+     * Optional workspace `_id` to create the app in. Omitted → API defaults to
+     * the caller's personal workspace.
+     */
+    workspaceId?: string;
 }
 /** Input accepted by `updateApplication`. Staff-only fields are not settable here. */
 export interface UpdateApplicationInput {
@@ -121,7 +179,11 @@ export interface UpdateApplicationInput {
 }
 /** Input accepted by `inviteApplicationMember`. The owner role cannot be invited. */
 export interface InviteApplicationMemberInput {
-    userId: string;
+    /**
+     * The username or email of the user to invite. Resolved to a user server-side;
+     * an unknown value yields a 404 "User not found".
+     */
+    usernameOrEmail: string;
     role: Exclude<ApplicationRole, 'owner'>;
 }
 /** Input accepted by `updateApplicationMember`. */
@@ -192,10 +254,27 @@ export interface ApplicationSuccessResult {
 }
 export declare function OxyServicesApplicationsMixin<T extends typeof OxyServicesBase>(Base: T): {
     new (...args: any[]): {
+        /**
+         * Resolve an OAuth client identifier to the owning application's PUBLIC
+         * identity. No authentication required — the API returns only sanitized,
+         * display-safe metadata ({@link PublicApplication}). Use this to render the
+         * requesting application's name/icon in consent, authorize, and device-flow
+         * approval UIs before any session exists.
+         *
+         * @param clientId - The OAuth `client_id` (an active credential's public
+         *   key). URL-encoded before being placed in the path.
+         */
+        getPublicApplication(clientId: string): Promise<PublicApplication>;
         /**
          * List applications the current user is an active member of.
+         *
+         * @param workspaceId - Optional workspace `_id` to scope the listing to
+         *   applications belonging to that workspace. When provided it is appended
+         *   as a `workspaceId` query parameter (URL-encoded). The query string is
+         *   part of the request path, so the response cache keys on it
+         *   automatically — scoped and unscoped lists never collide.
          */
-        getApplications(): Promise<Application[]>;
+        getApplications(workspaceId?: string): Promise<Application[]>;
         /**
          * Create a new application. The caller becomes its `owner`.
          * @param data - Application configuration. Staff-only fields are ignored.
@@ -225,7 +304,9 @@ export declare function OxyServicesApplicationsMixin<T extends typeof OxyService
         /**
          * Add a member to an application.
          * @param applicationId - The application's Mongo `_id`.
-         * @param data - Target user id and role (never `owner`).
+         * @param data - Target user's username or email and role (never `owner`).
+         *   The server resolves `usernameOrEmail` to a user; an unknown value yields
+         *   a 404 "User not found".
          */
         inviteApplicationMember(applicationId: string, data: InviteApplicationMemberInput): Promise<ApplicationMember>;
         /**
@@ -329,12 +410,7 @@ export declare function OxyServicesApplicationsMixin<T extends typeof OxyService
         healthCheck(): Promise<{
             status: string;
             users?: number;
-            timestamp? /**
-             * Create a credential. The plaintext `secret` is returned exactly ONCE;
-             * the server stores only a hash and will never return it again.
-             * @param applicationId - The application's Mongo `_id`.
-             * @param data - Credential configuration.
-             */: string;
+            timestamp?: string;
             [key: string]: any;
         }>;
     };

package/dist/types/mixins/OxyServices.features.d.ts

@@ -65,7 +65,6 @@ export interface UserStats {
     commentCount: number;
     followerCount: number;
     followingCount: number;
-    karmaScore?: number;
 }
 export interface HistoryItem {
     id: string;