npm - @palbase/web - Versions diffs - 1.0.0 → 1.0.1 - Mend

@palbase/web 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/dist/{analytics-facade-DkOwkEpi.d.ts → analytics-facade-CE_vGf1F.d.ts} +511 -9
package/dist/{analytics-facade-t6UrFdn7.d.cts → analytics-facade-DV2uAiSg.d.cts} +511 -9
package/dist/{chunk-JVT65V4E.js → chunk-AVEXGXRQ.js} +2 -2
package/dist/{chunk-JVT65V4E.js.map → chunk-AVEXGXRQ.js.map} +1 -1
package/dist/index.cjs +1 -1
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +4 -6
package/dist/index.d.ts +4 -6
package/dist/index.js +1 -1
package/dist/internal.cjs +1 -1
package/dist/internal.cjs.map +1 -1
package/dist/internal.d.cts +4 -6
package/dist/internal.d.ts +4 -6
package/dist/internal.js +1 -1
package/dist/next/client.cjs +1 -1
package/dist/next/client.cjs.map +1 -1
package/dist/next/client.js +1 -1
package/dist/next/index.cjs +1 -1
package/dist/next/index.cjs.map +1 -1
package/dist/next/index.d.cts +3 -5
package/dist/next/index.d.ts +3 -5
package/dist/next/index.js +1 -1
package/dist/{pb-Cudze7Kb.d.cts → pb-DcknUtCh.d.cts} +1 -1
package/dist/{pb-BmgkAe97.d.ts → pb-EMn_MF9g.d.ts} +1 -1
package/dist/react/index.cjs +1 -1
package/dist/react/index.cjs.map +1 -1
package/dist/react/index.d.cts +3 -5
package/dist/react/index.d.ts +3 -5
package/dist/react/index.js +1 -1
package/package.json +5 -7

package/dist/{analytics-facade-DkOwkEpi.d.ts → analytics-facade-CE_vGf1F.d.ts} RENAMED Viewed

@@ -1,7 +1,509 @@
-import { HttpClient, TokenManager, Session } from '@palbase/core';
-import { AuthClient } from '@palbase/auth';
 import { S as SessionStorageAdapter } from './storage-BPaeSG8K.js';
-import { FlagValue } from '@palbase/flags';
+import { F } from './pooled-flags-Bwq4usn0.js';
+declare class PalbaseError$1 extends Error {
+    readonly code: string;
+    readonly status: number;
+    readonly details?: unknown;
+    constructor(code: string, message: string, status: number, details?: unknown);
+}
+interface PalbaseResponse$1<T> {
+    data: T | null;
+    error: PalbaseError$1 | null;
+    count?: number;
+    status: number;
+}
+interface HttpClientOptions$1 {
+    url?: string;
+    headers?: Record<string, string>;
+}
+interface RequestOptions$1 {
+    headers?: Record<string, string>;
+    body?: unknown;
+    signal?: AbortSignal;
+}
+interface Session$1 {
+    accessToken: string;
+    refreshToken: string;
+    expiresAt: number;
+}
+type AuthStateEvent$1 = 'SESSION_SET' | 'SESSION_CLEARED';
+type AuthStateCallback$1 = (event: AuthStateEvent$1, session: Session$1 | null) => void;
+type Unsubscribe$2 = () => void;
+declare class TokenManager$1 {
+    private session;
+    private listeners;
+    private refreshPromise;
+    private refreshing;
+    refreshFunction: ((refreshToken: string) => Promise<Session$1>) | null;
+    setSession(session: Session$1): void;
+    getAccessToken(): string | null;
+    getRefreshToken(): string | null;
+    clearSession(): void;
+    isExpired(): boolean;
+    refreshSession(): Promise<void>;
+    onAuthStateChange(callback: AuthStateCallback$1): Unsubscribe$2;
+    private executeRefresh;
+    private notify;
+}
+/**
+ * Request interceptor. Runs before every HTTP request.
+ * Can modify headers, body, or reject the request.
+ */
+type RequestInterceptor$1 = (request: {
+    headers: Record<string, string>;
+    method: string;
+    path: string;
+}) => void | Promise<void>;
+declare class HttpClient$1 {
+    protected readonly apiKey: string;
+    protected readonly options?: HttpClientOptions$1;
+    tokenManager: TokenManager$1 | null;
+    /**
+     * Admin JWT used for platform admin endpoints (/admin/*).
+     * When set, takes precedence over tokenManager access token in the
+     * Authorization header.
+     */
+    adminToken: string | null;
+    private readonly interceptors;
+    constructor(apiKey: string, options?: HttpClientOptions$1);
+    /** Set (or clear) the admin JWT used on admin endpoints. */
+    setAdminToken(token: string | null): void;
+    /**
+     * Create a scoped HttpClient that adds the given extra headers to every
+     * request. The returned client shares the admin token and token manager
+     * with the parent at runtime — later changes on the parent propagate to
+     * the scope and vice versa.
+     *
+     * Typical use: tagging admin calls with `x-palbase-project: <ref>` so the
+     * gateway can route them to the correct project's data plane.
+     */
+    withHeaders(extra: Record<string, string>): HttpClient$1;
+    /** Add a request interceptor. Runs before every request. */
+    addInterceptor(interceptor: RequestInterceptor$1): void;
+    request<T>(method: string, path: string, options?: RequestOptions$1): Promise<PalbaseResponse$1<T>>;
+    private getBaseUrl;
+    private buildHeaders;
+    private executeWithRetry;
+    private delay;
+}
+declare class PalbaseError extends Error {
+    readonly code: string;
+    readonly status: number;
+    readonly details?: unknown;
+    constructor(code: string, message: string, status: number, details?: unknown);
+}
+interface PalbaseResponse<T> {
+    data: T | null;
+    error: PalbaseError | null;
+    count?: number;
+    status: number;
+}
+interface HttpClientOptions {
+    url?: string;
+    headers?: Record<string, string>;
+}
+interface RequestOptions {
+    headers?: Record<string, string>;
+    body?: unknown;
+    signal?: AbortSignal;
+}
+interface Session {
+    accessToken: string;
+    refreshToken: string;
+    expiresAt: number;
+}
+type AuthStateEvent = 'SESSION_SET' | 'SESSION_CLEARED';
+type AuthStateCallback = (event: AuthStateEvent, session: Session | null) => void;
+type Unsubscribe$1 = () => void;
+declare class TokenManager {
+    private session;
+    private listeners;
+    private refreshPromise;
+    private refreshing;
+    refreshFunction: ((refreshToken: string) => Promise<Session>) | null;
+    setSession(session: Session): void;
+    getAccessToken(): string | null;
+    getRefreshToken(): string | null;
+    clearSession(): void;
+    isExpired(): boolean;
+    refreshSession(): Promise<void>;
+    onAuthStateChange(callback: AuthStateCallback): Unsubscribe$1;
+    private executeRefresh;
+    private notify;
+}
+/**
+ * Request interceptor. Runs before every HTTP request.
+ * Can modify headers, body, or reject the request.
+ */
+type RequestInterceptor = (request: {
+    headers: Record<string, string>;
+    method: string;
+    path: string;
+}) => void | Promise<void>;
+declare class HttpClient {
+    protected readonly apiKey: string;
+    protected readonly options?: HttpClientOptions;
+    tokenManager: TokenManager | null;
+    /**
+     * Admin JWT used for platform admin endpoints (/admin/*).
+     * When set, takes precedence over tokenManager access token in the
+     * Authorization header.
+     */
+    adminToken: string | null;
+    private readonly interceptors;
+    constructor(apiKey: string, options?: HttpClientOptions);
+    /** Set (or clear) the admin JWT used on admin endpoints. */
+    setAdminToken(token: string | null): void;
+    /**
+     * Create a scoped HttpClient that adds the given extra headers to every
+     * request. The returned client shares the admin token and token manager
+     * with the parent at runtime — later changes on the parent propagate to
+     * the scope and vice versa.
+     *
+     * Typical use: tagging admin calls with `x-palbase-project: <ref>` so the
+     * gateway can route them to the correct project's data plane.
+     */
+    withHeaders(extra: Record<string, string>): HttpClient;
+    /** Add a request interceptor. Runs before every request. */
+    addInterceptor(interceptor: RequestInterceptor): void;
+    request<T>(method: string, path: string, options?: RequestOptions): Promise<PalbaseResponse<T>>;
+    private getBaseUrl;
+    private buildHeaders;
+    private executeWithRetry;
+    private delay;
+}
+interface User {
+    id: string;
+    email: string;
+    emailVerified: boolean;
+    createdAt: string;
+    updatedAt: string;
+    metadata?: Record<string, unknown>;
+}
+interface TokenResponse {
+    access_token: string;
+    refresh_token: string;
+    token_type: string;
+    expires_in: number;
+}
+interface AuthSession {
+    id: string;
+    ip?: string;
+    user_agent?: string;
+    acr: string;
+    amr: string[];
+    last_activity: string;
+    created_at: string;
+    current: boolean;
+}
+interface SignUpCredentials {
+    email: string;
+    password: string;
+}
+interface SignInCredentials {
+    email: string;
+    password: string;
+}
+interface VerifyEmailParams {
+    token?: string;
+    code?: string;
+    email?: string;
+}
+interface PasswordResetParams {
+    email: string;
+}
+interface PasswordResetConfirmParams {
+    token: string;
+    new_password: string;
+}
+interface PasswordChangeParams {
+    current_password: string;
+    new_password: string;
+}
+interface MFAEnrollParams {
+    type: 'totp' | 'email';
+}
+interface MFAEnrollResult {
+    enrollment_id?: string;
+    secret?: string;
+    otp_url?: string;
+    qr_code?: string;
+    recovery_codes?: string[];
+    status?: string;
+}
+interface MFAChallengeParams {
+    mfa_token: string;
+    type: 'totp' | 'email';
+    code: string;
+}
+interface MFARecoveryParams {
+    mfa_token: string;
+    code: string;
+}
+interface MFAFactor {
+    id: string;
+    type: string;
+    verified: boolean;
+    created_at: string;
+}
+interface MFAEmailChallengeParams {
+    mfa_token: string;
+}
+interface MFAEmailVerifyParams {
+    mfa_token: string;
+    code: string;
+}
+interface OAuthOptions {
+    provider: string;
+    redirectTo?: string;
+}
+interface Identity {
+    id: string;
+    provider: string;
+    provider_user_id: string;
+    created_at: string;
+}
+interface CredentialExchangeParams {
+    provider: string;
+    credential: string;
+}
+interface LinkIdentityParams {
+    provider: string;
+    credential: string;
+}
+interface MagicLinkParams {
+    email: string;
+}
+interface MagicLinkVerifyParams {
+    token: string;
+    fingerprint_hash?: string;
+}
+interface RegisterTrustedDeviceParams {
+    fingerprint_hash: string;
+    device_name?: string;
+}
+interface TrustedDevice {
+    id: string;
+    device_name?: string;
+    created_at: string;
+    last_used_at: string;
+    expires_at: string;
+}
+interface DeviceInfo {
+    id: string;
+    platform: string;
+    attestation_status: string;
+    bound: boolean;
+    created_at: string;
+}
+interface AttestAndroidParams {
+    verdict_token: string;
+}
+interface AttestAndroidResult {
+    device_id: string;
+    attestation_status: string;
+    device_integrity?: string;
+}
+interface AttestiOSParams {
+    attestation_object: string;
+    key_id: string;
+    challenge: string;
+}
+interface AttestiOSResult {
+    device_id: string;
+    attestation_status: string;
+}
+interface BindDeviceParams {
+    device_id: string;
+    public_key: string;
+    platform_attestation?: string;
+}
+interface VerifyRequestSignatureParams {
+    payload: string;
+    signature: string;
+}
+type AuthEvent = 'SIGNED_IN' | 'SIGNED_OUT' | 'TOKEN_REFRESHED';
+type AuthStateChangeCallback = (event: AuthEvent, session: Session | null) => void;
+/**
+ * Device attestation client.
+ * Handles device challenge/attestation/bind and App Check JWT cache.
+ */
+declare class DeviceClient {
+    private readonly httpClient;
+    private cachedToken;
+    private refreshTimer;
+    constructor(httpClient: HttpClient);
+    /** Generate a device attestation challenge. */
+    generateChallenge(): Promise<PalbaseResponse<{
+        challenge: string;
+    }>>;
+    /** Attest an Android device with a Play Integrity verdict token. */
+    attestAndroid(params: AttestAndroidParams): Promise<PalbaseResponse<AttestAndroidResult>>;
+    /** Attest an iOS device with App Attest attestation data. */
+    attestiOS(params: AttestiOSParams): Promise<PalbaseResponse<AttestiOSResult>>;
+    /** Bind a verified device with a public key for request signing. */
+    bind(params: BindDeviceParams): Promise<PalbaseResponse<{
+        success: boolean;
+    }>>;
+    /** List all devices for the current user. */
+    list(): Promise<PalbaseResponse<{
+        devices: DeviceInfo[];
+    }>>;
+    /** Delete a device by ID. */
+    delete(deviceId: string): Promise<PalbaseResponse<{
+        success: boolean;
+    }>>;
+    /**
+     * Verify a request signature from a device (server-only).
+     * Should NOT be exposed in client SDK.
+     */
+    verifyRequestSignature(deviceId: string, params: VerifyRequestSignatureParams): Promise<PalbaseResponse<{
+        verified: boolean;
+    }>>;
+    /** Get the cached App Check token, or null if not available / expired. */
+    getToken(): string | null;
+    /** Whether App Check is active (token cached and not expired). */
+    get isActive(): boolean;
+    /** Set a cached App Check token manually (e.g. after attest flow). */
+    setCachedToken(token: string, expiresInMs: number): void;
+    /** Clean up timers and cached state. */
+    dispose(): void;
+    private scheduleRefresh;
+}
+/** Reserved for future user-scope options. Admin surface is in @palbase/server. */
+type AuthClientOptions = Record<string, never>;
+declare class AuthClient {
+    private readonly httpClient;
+    private readonly tokenManager;
+    private readonly apiKey;
+    private readonly baseUrl;
+    private currentSession;
+    private hasSession;
+    private _mfa;
+    /** Device attestation */
+    readonly device: DeviceClient;
+    constructor(httpClient: HttpClient, tokenManager: TokenManager, apiKey?: string, baseUrl?: string, _options?: AuthClientOptions);
+    signUp(credentials: SignUpCredentials): Promise<PalbaseResponse<{
+        user: User;
+        session: Session;
+    }>>;
+    signIn(credentials: SignInCredentials): Promise<PalbaseResponse<{
+        user: User;
+        session: Session;
+    }>>;
+    signOut(): Promise<PalbaseResponse<void>>;
+    verifyEmail(params: VerifyEmailParams): Promise<PalbaseResponse<{
+        status: string;
+    }>>;
+    resendVerification(email: string): Promise<PalbaseResponse<{
+        verification_token?: string;
+        verification_code?: string;
+    }>>;
+    requestPasswordReset(params: PasswordResetParams): Promise<PalbaseResponse<{
+        success: boolean;
+    }>>;
+    confirmPasswordReset(params: PasswordResetConfirmParams): Promise<PalbaseResponse<{
+        success: boolean;
+    }>>;
+    changePassword(params: PasswordChangeParams): Promise<PalbaseResponse<{
+        success: boolean;
+    }>>;
+    refresh(): Promise<PalbaseResponse<TokenResponse>>;
+    getAccessToken(): string | null;
+    onTokenChange(callback: (tokens: {
+        accessToken: string | null;
+        refreshToken: string | null;
+    }) => void): () => void;
+    setTokens(accessToken: string, refreshToken: string, expiresIn?: number): void;
+    listSessions(): Promise<PalbaseResponse<AuthSession[]>>;
+    revokeSession(sessionId: string): Promise<PalbaseResponse<void>>;
+    revokeAllSessions(): Promise<PalbaseResponse<void>>;
+    get mfa(): {
+        enroll: (params: MFAEnrollParams) => Promise<PalbaseResponse<MFAEnrollResult>>;
+        verifyEnrollment: (code: string) => Promise<PalbaseResponse<{
+            status: string;
+        }>>;
+        challenge: (params: MFAChallengeParams) => Promise<PalbaseResponse<TokenResponse>>;
+        recovery: (params: MFARecoveryParams) => Promise<PalbaseResponse<TokenResponse>>;
+        listFactors: () => Promise<PalbaseResponse<{
+            factors: MFAFactor[];
+        }>>;
+        removeFactor: (factorId: string, currentPassword: string) => Promise<PalbaseResponse<{
+            status: string;
+        }>>;
+        regenerateRecoveryCodes: () => Promise<PalbaseResponse<{
+            recovery_codes: string[];
+        }>>;
+        emailEnroll: () => Promise<PalbaseResponse<{
+            status: string;
+        }>>;
+        emailChallenge: (params: MFAEmailChallengeParams) => Promise<PalbaseResponse<{
+            status: string;
+        }>>;
+        emailVerify: (params: MFAEmailVerifyParams) => Promise<PalbaseResponse<TokenResponse>>;
+    };
+    private buildMfa;
+    getOAuthURL(options: OAuthOptions): Promise<PalbaseResponse<{
+        url: string;
+    }>>;
+    signInWithCredential(params: CredentialExchangeParams): Promise<PalbaseResponse<{
+        user: User;
+        session: Session;
+    }>>;
+    listIdentities(): Promise<PalbaseResponse<{
+        identities: Identity[];
+    }>>;
+    linkIdentity(params: LinkIdentityParams): Promise<PalbaseResponse<{
+        success: boolean;
+    }>>;
+    unlinkIdentity(identityId: string): Promise<PalbaseResponse<{
+        success: boolean;
+    }>>;
+    requestMagicLink(params: MagicLinkParams): Promise<PalbaseResponse<{
+        success: boolean;
+    }>>;
+    verifyMagicLink(params: MagicLinkVerifyParams): Promise<PalbaseResponse<{
+        user: User;
+        session: Session;
+    }>>;
+    listTrustedDevices(): Promise<PalbaseResponse<{
+        trusted_devices: TrustedDevice[];
+    }>>;
+    registerTrustedDevice(params: RegisterTrustedDeviceParams): Promise<PalbaseResponse<{
+        trusted_device_token: string;
+    }>>;
+    revokeTrustedDevice(deviceId: string): Promise<PalbaseResponse<{
+        success: boolean;
+    }>>;
+    getSession(): {
+        data: Session | null;
+        error: null;
+    };
+    onAuthStateChange(callback: AuthStateChangeCallback): {
+        data: {
+            subscription: {
+                unsubscribe: () => void;
+            };
+        };
+    };
+    /**
+     * Verify a user's JWT token by calling GET /auth/user with their token.
+     * Server-only — should NOT be exposed in client SDK.
+     */
+    verifyUserToken(jwt: string): Promise<PalbaseResponse<User>>;
+    private setSessionAndWireRefresh;
+}
 interface PalbeOAuthConfig {
     google?: {
@@ -26,7 +528,7 @@ interface PalbeConfig {
 }
 /** Frozen view of all cached flag values (what `all()` returns / `changes()` yields). */
-type FlagsView = Readonly<Record<string, FlagValue>>;
+type FlagsView = Readonly<Record<string, F>>;
 /**
  * `pb.flags` — iOS-parity facade over `FlagsPool` (cache + delta polling +
  * auth binding) and `FlagsClient` (stateless transport).
@@ -53,7 +555,7 @@ declare class PalbeFlags {
     /** Frozen snapshot of all cached values (identity-stable until a change). */
     all(): FlagsView;
     /** Raw cached value for `key`, or `undefined` when not in the cache. */
-    get(key: string): FlagValue | undefined;
+    get(key: string): F | undefined;
     /** `true` only when the cached value is strictly `true`; `fallback` when the key is absent. */
     isEnabled(key: string, fallback?: boolean): boolean;
     /** Alias of {@link isEnabled} (iOS parity). */
@@ -83,7 +585,7 @@ declare class PalbeFlags {
      * (per {@link sameFlagValue} — structural compare for objects), with the
      * new value (`undefined` = deleted). P5 React-hook substrate.
      */
-    subscribeKey(key: string, callback: (value: FlagValue | undefined) => void): Unsubscribe;
+    subscribeKey(key: string, callback: (value: F | undefined) => void): Unsubscribe;
     /**
      * Async iteration over flag changes: yields the new {@link all} view on
      * every pool change notification. The listener is detached when the
@@ -193,8 +695,8 @@ declare class PalbeRealtime {
 interface PalbeRuntime {
     config: PalbeConfig;
-    http: HttpClient;
-    tokenManager: TokenManager;
+    http: HttpClient$1;
+    tokenManager: TokenManager$1;
     authClient: AuthClient;
     auth: PalbeAuth;
     flags: PalbeFlags;
@@ -233,7 +735,7 @@ interface AuthUser {
 }
 interface AuthSuccess {
     user: AuthUser;
-    session: Session;
+    session: Session$1;
 }
 type AuthState = {
     status: 'signedIn';