@passlock/client 2.0.0 → 2.0.2

package/dist/safe.d.ts

@@ -0,0 +1,247 @@
+/**
+ * _safe_ functions i.e. functions that do not throw but instead return discriminated union
+ * types composed of a successful result or an error. Use one of the type guards to narrow
+ * the result to a given success or error type.
+ *
+ * @categoryDescription Passkeys (core)
+ * Creating, updating, authenticating and deleting passkeys. {@link registerPasskey}
+ * and {@link authenticatePasskey} are the primary functions.
+ *
+ * @categoryDescription Passkeys (other)
+ * Testing for browser capabilities related to passkeys, type guards and other utilities.
+ *
+ * @categoryDescription Passkeys (errors)
+ * Errors that could be returned by a function.
+ *
+ * @showCategories
+ * @module safe
+ */
+import { Logger } from "./logger";
+import type { PasslockOptions } from "./options";
+import type { AuthenticationError, AuthenticationOptions, AuthenticationSuccess } from "./passkey/authentication/authentication";
+import type { DeleteError, PasskeyNotFoundError, PruningError, UpdateError } from "./passkey/errors";
+import type { RegistrationError, RegistrationOptions, RegistrationSuccess } from "./passkey/registration/registration";
+import type { CredentialMapping, UpdatePasskeyOptions } from "./passkey/signals/signals";
+/**
+ * Registers a passkey on the user's device, then saves the server-side component in your vault.
+ * If successful, this function returns a `code` or `id_token` (JWT). The code and/or jwt should
+ * be sent to your backend for verification. See
+ * [register a passkey](https://passlock.dev/passkeys/registration/) in the documentation.
+ *
+ * @param options
+ *
+ * @returns Use {@link isRegistrationSuccess} to test for a successful result, `RegistrationError` is
+ * an alias to a union of potential errors. Use one of the appropriate isXXX type guards to narrow
+ * the error.
+ *
+ * @see {@link isRegistrationSuccess}
+ * @see {@link isPasskeyUnsupportedError}
+ * @see {@link isDuplicatePasskeyError}
+ * @see {@link isOtherPasskeyError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ * const username = "jdoe@gmail.com";
+ *
+ * const result = await registerPasskey({ tenancyId, username });
+ *
+ * if (isRegistrationSuccess(result)) {
+ *   // send this to your backend for verification
+ *   console.log(result.code);
+ * } else if (isPasskeyUnsupportedError(result)) {
+ *   console.error("Device does not support passkeys");
+ * } else {
+ *   console.error(result.message);
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export declare const registerPasskey: (options: RegistrationOptions, 
+/** @hidden */
+logger?: typeof Logger.Service) => Promise<RegistrationSuccess | RegistrationError>;
+/**
+ * Asks the client to present a passkey, which is then verified against the server-side component in your vault.
+ * If successful, this function returns a `code` or `id_token` (JWT). The code and/or jwt should
+ * be sent to your backend for verification. See
+ * [authenticate a passkey](https://passlock.dev/passkeys/authentication/) in the documentation.
+ *
+ * @param options
+ *
+ * @returns Use {@link isAuthenticationSuccess} to test for a successful result, `AuthenticationError` is
+ * an alias to a union of potential errors. Use one of the appropriate isXXX type guards to narrow
+ * the error.
+ *
+ * @see {@link isAuthenticationSuccess}
+ * @see {@link isPasskeyUnsupportedError}
+ * @see {@link isPasskeyNotFoundError}
+ * @see {@link isOtherPasskeyError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ *
+ * const result = await authenticatePasskey({ tenancyId });
+ *
+ * if (isAuthenticationSuccess(result)) {
+ *   // send this to your backend for verification
+ *   console.log(result.code);
+ * } else if (isPasskeyUnsupportedError(result)) {
+ *   console.error("Device does not support passkeys");
+ * } else {
+ *   console.error(result.message);
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export declare const authenticatePasskey: (options: AuthenticationOptions, 
+/** @hidden */
+logger?: typeof Logger.Service) => Promise<AuthenticationSuccess | AuthenticationError>;
+/**
+ * Attempt to update the username or display name for a passkey (client-side only).
+ *
+ * Useful if the user has changed their account identifier. For example, they register
+ * using jdoe@gmail.com but later change their account username to jdoe@yahoo.com.
+ * Even after you update their account details in your backend, their local password
+ * manager will continue to display jdoe@gmail.com.
+ *
+ * By calling this function and supplying a new username/display name, their local
+ * password manager will align with their updated account identifier.
+ *
+ * @param options
+ * @returns Update status
+ * @see {@link isUpdateError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ * const passkeyId = "myPasskeyId";
+ * const username = "newUsername@gmail.com";
+ * const displayName = "New Account Name";
+ *
+ * const result = await updatePasskey({ tenancyId, passkeyId, username, displayName });
+ *
+ * if (result === true) {
+ *   console.log("passkey updated locally");
+ * } else if (isUpdateError(result)) {
+ *   // narrowed to an UpdateError type
+ *   console.error(result.code);
+ * } else {
+ *   console.error("unable to update passkey");
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export declare const updatePasskey: (options: UpdatePasskeyOptions, 
+/** @hidden */
+logger?: typeof Logger.Service) => Promise<boolean | UpdateError>;
+/**
+ * Attempts to delete a passkey from a local device. There are two scenarios in which this function proves useful:
+ *
+ * 1. **Deleting a passkey**. Use the `@passlock/node` package or make  vanilla REST calls from your
+ * backend to delete the server-side component, then use this function to delete the client-side component.
+ *
+ * 2. **Missing passkey**. The user tried to present a passkey, but the server-side component could not be found.
+ * Remove the passkey from the local device to prevent it happening again.
+ *
+ * See [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/) and
+ * [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/) in the documentation.
+ *
+ * @param identifiers Passkey identifier, credential mapping, or a {@link PasskeyNotFoundError}
+ * payload from failed authentication.
+ * @param options Passlock tenancy and endpoint options.
+ * @returns Delete status
+ * @see {@link isDeleteError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ * const passkeyId = "myPasskeyId";
+ *
+ * const result = await deletePasskey(passkeyId, { tenancyId });
+ *
+ * if (result === true) {
+ *   console.log("passkey deleted locally");
+ * } else if (isDeleteError(result)) {
+ *   // narrowed to a DeleteError type
+ *   console.error(result.code);
+ * } else {
+ *   console.error("unable to delete passkey");
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export declare const deletePasskey: (identifiers: string | CredentialMapping | PasskeyNotFoundError, options: PasslockOptions, 
+/** @hidden */
+logger?: typeof Logger.Service) => Promise<boolean | DeleteError>;
+/**
+ * Attempt to prune local passkeys by keeping only the passkey IDs you trust.
+ *
+ * This is useful when your backend is the source of truth for which passkeys
+ * should still exist for a given account on this device.
+ *
+ * @param passkeyIds IDs to keep on-device.
+ * @param options Passlock tenancy and endpoint options.
+ * @returns Pruning status
+ * @see {@link isPruningError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ * const activePasskeyIds = ["passkey-1", "passkey-2"];
+ *
+ * const result = await prunePasskeys(activePasskeyIds, { tenancyId });
+ *
+ * if (result === true) {
+ *   console.log("local passkeys pruned");
+ * } else if (isPruningError(result)) {
+ *   // narrowed to a PruningError type
+ *   console.error(result.code);
+ * } else {
+ *   console.error("unable to prune passkeys");
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export declare const prunePasskeys: (passkeyIds: Array<string>, options: PasslockOptions, 
+/** @hidden */
+logger?: typeof Logger.Service) => Promise<boolean | PruningError>;
+/**
+ * Does the local device support programmatic passkey deletion
+ *
+ * @returns `true` if local passkey deletion is supported.
+ *
+ * @category Passkeys (other)
+ */
+export declare const isPasskeyDeleteSupport: () => boolean;
+/**
+ * Does the local device support programmatic passkey pruning
+ *
+ * @returns `true` if local passkey pruning is supported.
+ *
+ * @category Passkeys (other)
+ */
+export declare const isPasskeyPruningSupport: () => boolean;
+/**
+ * Does the local device support programmatic passkey updates
+ *
+ * @returns `true` if local passkey updates are supported.
+ *
+ * @category Passkeys (other)
+ */
+export declare const isPasskeyUpdateSupport: () => boolean;
+export type { NetworkError } from "./internal/network";
+export { isNetworkError } from "./internal/network";
+export { LogEvent, Logger, LogLevel, } from "./logger";
+export type { PasslockOptions } from "./options";
+export type { AuthenticationError, AuthenticationEvent, AuthenticationOptions, AuthenticationSuccess, OnAuthenticationEvent, } from "./passkey/authentication/authentication";
+export { AuthenticationHelper, isAuthenticationSuccess, } from "./passkey/authentication/authentication";
+export type { ErrorCode } from "./passkey/errors";
+export { DeleteError, DuplicatePasskeyError, isDeleteError, isDuplicatePasskeyError, isOtherPasskeyError, isPasskeyNotFoundError, isPasskeyUnsupportedError, isPruningError, isUpdateError, OtherPasskeyError, PasskeyNotFoundError, PasskeyUnsupportedError, PruningError, UpdateError, } from "./passkey/errors";
+export type { OnRegistrationEvent, RegistrationError, RegistrationEvent, RegistrationOptions, RegistrationSuccess, } from "./passkey/registration/registration";
+export { isRegistrationSuccess, RegistrationHelper, } from "./passkey/registration/registration";
+export type { UserVerification } from "./passkey/shared";
+export type { CredentialMapping, UpdatePasskeyOptions, } from "./passkey/signals/signals";
+export { isAutofillSupport, isPasskeySupport, } from "./passkey/support";
+export type { Principal } from "./principal";
+//# sourceMappingURL=safe.d.ts.map

package/dist/safe.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"safe.d.ts","sourceRoot":"","sources":["../src/safe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAIH,OAAO,EAAe,MAAM,EAAE,MAAM,UAAU,CAAA;AAC9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAChD,OAAO,KAAK,EACV,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,EACtB,MAAM,yCAAyC,CAAA;AAKhD,OAAO,KAAK,EACV,WAAW,EACX,oBAAoB,EACpB,YAAY,EACZ,WAAW,EACZ,MAAM,kBAAkB,CAAA;AAEzB,OAAO,KAAK,EACV,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,EACpB,MAAM,qCAAqC,CAAA;AAM5C,OAAO,KAAK,EACV,iBAAiB,EACjB,oBAAoB,EACrB,MAAM,2BAA2B,CAAA;AAalC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AACH,eAAO,MAAM,eAAe,GAC1B,SAAS,mBAAmB;AAC5B,cAAc;AACd,SAAQ,OAAO,MAAM,CAAC,OAAqB,KAC1C,OAAO,CAAC,mBAAmB,GAAG,iBAAiB,CAM/C,CAAA;AAIH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,eAAO,MAAM,mBAAmB,GAC9B,SAAS,qBAAqB;AAC9B,cAAc;AACd,SAAQ,OAAO,MAAM,CAAC,OAAqB,KAC1C,OAAO,CAAC,qBAAqB,GAAG,mBAAmB,CAMnD,CAAA;AAIH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB;AAC7B,cAAc;AACd,SAAQ,OAAO,MAAM,CAAC,OAAqB,KAC1C,OAAO,CAAC,OAAO,GAAG,WAAW,CAG/B,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,eAAO,MAAM,aAAa,GACxB,aAAa,MAAM,GAAG,iBAAiB,GAAG,oBAAoB,EAC9D,SAAS,eAAe;AACxB,cAAc;AACd,SAAQ,OAAO,MAAM,CAAC,OAAqB,KAC1C,OAAO,CAAC,OAAO,GAAG,WAAW,CAO/B,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,eAAO,MAAM,aAAa,GACxB,YAAY,KAAK,CAAC,MAAM,CAAC,EACzB,SAAS,eAAe;AACxB,cAAc;AACd,SAAQ,OAAO,MAAM,CAAC,OAAqB,KAC1C,OAAO,CAAC,OAAO,GAAG,YAAY,CAGhC,CAAA;AAID;;;;;;GAMG;AACH,eAAO,MAAM,sBAAsB,eACW,CAAA;AAE9C;;;;;;GAMG;AACH,eAAO,MAAM,uBAAuB,eACW,CAAA;AAE/C;;;;;;GAMG;AACH,eAAO,MAAM,sBAAsB,eACW,CAAA;AAI9C,YAAY,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACtD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACnD,OAAO,EACL,QAAQ,EACR,MAAM,EACN,QAAQ,GACT,MAAM,UAAU,CAAA;AACjB,YAAY,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAChD,YAAY,EACV,mBAAmB,EACnB,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,yCAAyC,CAAA;AAChD,OAAO,EACL,oBAAoB,EACpB,uBAAuB,GACxB,MAAM,yCAAyC,CAAA;AAChD,YAAY,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAA;AACjD,OAAO,EACL,WAAW,EACX,qBAAqB,EACrB,aAAa,EACb,uBAAuB,EACvB,mBAAmB,EACnB,sBAAsB,EACtB,yBAAyB,EACzB,cAAc,EACd,aAAa,EACb,iBAAiB,EACjB,oBAAoB,EACpB,uBAAuB,EACvB,YAAY,EACZ,WAAW,GACZ,MAAM,kBAAkB,CAAA;AACzB,YAAY,EACV,mBAAmB,EACnB,iBAAiB,EACjB,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,qCAAqC,CAAA;AAC5C,OAAO,EACL,qBAAqB,EACrB,kBAAkB,GACnB,MAAM,qCAAqC,CAAA;AAC5C,YAAY,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AACxD,YAAY,EACV,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,2BAA2B,CAAA;AAClC,OAAO,EACL,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,mBAAmB,CAAA;AAC1B,YAAY,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA"}

package/dist/safe.js

@@ -0,0 +1,254 @@
+/**
+ * _safe_ functions i.e. functions that do not throw but instead return discriminated union
+ * types composed of a successful result or an error. Use one of the type guards to narrow
+ * the result to a given success or error type.
+ *
+ * @categoryDescription Passkeys (core)
+ * Creating, updating, authenticating and deleting passkeys. {@link registerPasskey}
+ * and {@link authenticatePasskey} are the primary functions.
+ *
+ * @categoryDescription Passkeys (other)
+ * Testing for browser capabilities related to passkeys, type guards and other utilities.
+ *
+ * @categoryDescription Passkeys (errors)
+ * Errors that could be returned by a function.
+ *
+ * @showCategories
+ * @module safe
+ */
+import { Micro, pipe } from "effect";
+import { runToPromise } from "./internal";
+import { eventLogger, Logger } from "./logger";
+import { AuthenticationHelper, authenticatePasskey as authenticatePasskeyM, } from "./passkey/authentication/authentication";
+import { RegistrationHelper, registerPasskey as registerPasskeyM, } from "./passkey/registration/registration";
+import { deletePasskey as deletePasskeyM, isPasskeyDeleteSupport as isPasskeyDeleteSupportM, isPasskeyPruningSupport as isPasskeyPruningSupportM, isPasskeyUpdateSupport as isPasskeyUpdateSupportM, prunePasskeys as prunePasskeysM, signalCredentialRemoval, updatePasskey as updatePasskeyM, } from "./passkey/signals/signals";
+/* Registration */
+/**
+ * Registers a passkey on the user's device, then saves the server-side component in your vault.
+ * If successful, this function returns a `code` or `id_token` (JWT). The code and/or jwt should
+ * be sent to your backend for verification. See
+ * [register a passkey](https://passlock.dev/passkeys/registration/) in the documentation.
+ *
+ * @param options
+ *
+ * @returns Use {@link isRegistrationSuccess} to test for a successful result, `RegistrationError` is
+ * an alias to a union of potential errors. Use one of the appropriate isXXX type guards to narrow
+ * the error.
+ *
+ * @see {@link isRegistrationSuccess}
+ * @see {@link isPasskeyUnsupportedError}
+ * @see {@link isDuplicatePasskeyError}
+ * @see {@link isOtherPasskeyError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ * const username = "jdoe@gmail.com";
+ *
+ * const result = await registerPasskey({ tenancyId, username });
+ *
+ * if (isRegistrationSuccess(result)) {
+ *   // send this to your backend for verification
+ *   console.log(result.code);
+ * } else if (isPasskeyUnsupportedError(result)) {
+ *   console.error("Device does not support passkeys");
+ * } else {
+ *   console.error(result.message);
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export const registerPasskey = async (options, 
+/** @hidden */
+logger = eventLogger) => pipe(registerPasskeyM(options), Micro.provideService(RegistrationHelper, RegistrationHelper.Default), Micro.provideService(Logger, logger), runToPromise);
+/* Authentication */
+/**
+ * Asks the client to present a passkey, which is then verified against the server-side component in your vault.
+ * If successful, this function returns a `code` or `id_token` (JWT). The code and/or jwt should
+ * be sent to your backend for verification. See
+ * [authenticate a passkey](https://passlock.dev/passkeys/authentication/) in the documentation.
+ *
+ * @param options
+ *
+ * @returns Use {@link isAuthenticationSuccess} to test for a successful result, `AuthenticationError` is
+ * an alias to a union of potential errors. Use one of the appropriate isXXX type guards to narrow
+ * the error.
+ *
+ * @see {@link isAuthenticationSuccess}
+ * @see {@link isPasskeyUnsupportedError}
+ * @see {@link isPasskeyNotFoundError}
+ * @see {@link isOtherPasskeyError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ *
+ * const result = await authenticatePasskey({ tenancyId });
+ *
+ * if (isAuthenticationSuccess(result)) {
+ *   // send this to your backend for verification
+ *   console.log(result.code);
+ * } else if (isPasskeyUnsupportedError(result)) {
+ *   console.error("Device does not support passkeys");
+ * } else {
+ *   console.error(result.message);
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export const authenticatePasskey = (options, 
+/** @hidden */
+logger = eventLogger) => pipe(authenticatePasskeyM(options), Micro.provideService(AuthenticationHelper, AuthenticationHelper.Default), Micro.provideService(Logger, logger), runToPromise);
+/* Signals */
+/**
+ * Attempt to update the username or display name for a passkey (client-side only).
+ *
+ * Useful if the user has changed their account identifier. For example, they register
+ * using jdoe@gmail.com but later change their account username to jdoe@yahoo.com.
+ * Even after you update their account details in your backend, their local password
+ * manager will continue to display jdoe@gmail.com.
+ *
+ * By calling this function and supplying a new username/display name, their local
+ * password manager will align with their updated account identifier.
+ *
+ * @param options
+ * @returns Update status
+ * @see {@link isUpdateError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ * const passkeyId = "myPasskeyId";
+ * const username = "newUsername@gmail.com";
+ * const displayName = "New Account Name";
+ *
+ * const result = await updatePasskey({ tenancyId, passkeyId, username, displayName });
+ *
+ * if (result === true) {
+ *   console.log("passkey updated locally");
+ * } else if (isUpdateError(result)) {
+ *   // narrowed to an UpdateError type
+ *   console.error(result.code);
+ * } else {
+ *   console.error("unable to update passkey");
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export const updatePasskey = (options, 
+/** @hidden */
+logger = eventLogger) => {
+    const micro = updatePasskeyM(options);
+    return pipe(micro, Micro.provideService(Logger, logger), runToPromise);
+};
+/**
+ * Attempts to delete a passkey from a local device. There are two scenarios in which this function proves useful:
+ *
+ * 1. **Deleting a passkey**. Use the `@passlock/node` package or make  vanilla REST calls from your
+ * backend to delete the server-side component, then use this function to delete the client-side component.
+ *
+ * 2. **Missing passkey**. The user tried to present a passkey, but the server-side component could not be found.
+ * Remove the passkey from the local device to prevent it happening again.
+ *
+ * See [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/) and
+ * [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/) in the documentation.
+ *
+ * @param identifiers Passkey identifier, credential mapping, or a {@link PasskeyNotFoundError}
+ * payload from failed authentication.
+ * @param options Passlock tenancy and endpoint options.
+ * @returns Delete status
+ * @see {@link isDeleteError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ * const passkeyId = "myPasskeyId";
+ *
+ * const result = await deletePasskey(passkeyId, { tenancyId });
+ *
+ * if (result === true) {
+ *   console.log("passkey deleted locally");
+ * } else if (isDeleteError(result)) {
+ *   // narrowed to a DeleteError type
+ *   console.error(result.code);
+ * } else {
+ *   console.error("unable to delete passkey");
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export const deletePasskey = (identifiers, options, 
+/** @hidden */
+logger = eventLogger) => {
+    const micro = typeof identifiers === "string"
+        ? deletePasskeyM(identifiers, options)
+        : signalCredentialRemoval(identifiers);
+    return pipe(micro, Micro.provideService(Logger, logger), runToPromise);
+};
+/**
+ * Attempt to prune local passkeys by keeping only the passkey IDs you trust.
+ *
+ * This is useful when your backend is the source of truth for which passkeys
+ * should still exist for a given account on this device.
+ *
+ * @param passkeyIds IDs to keep on-device.
+ * @param options Passlock tenancy and endpoint options.
+ * @returns Pruning status
+ * @see {@link isPruningError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ * const activePasskeyIds = ["passkey-1", "passkey-2"];
+ *
+ * const result = await prunePasskeys(activePasskeyIds, { tenancyId });
+ *
+ * if (result === true) {
+ *   console.log("local passkeys pruned");
+ * } else if (isPruningError(result)) {
+ *   // narrowed to a PruningError type
+ *   console.error(result.code);
+ * } else {
+ *   console.error("unable to prune passkeys");
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export const prunePasskeys = (passkeyIds, options, 
+/** @hidden */
+logger = eventLogger) => {
+    const micro = prunePasskeysM(passkeyIds, options);
+    return pipe(micro, Micro.provideService(Logger, logger), runToPromise);
+};
+/* Support */
+/**
+ * Does the local device support programmatic passkey deletion
+ *
+ * @returns `true` if local passkey deletion is supported.
+ *
+ * @category Passkeys (other)
+ */
+export const isPasskeyDeleteSupport = () => pipe(isPasskeyDeleteSupportM, Micro.runSync);
+/**
+ * Does the local device support programmatic passkey pruning
+ *
+ * @returns `true` if local passkey pruning is supported.
+ *
+ * @category Passkeys (other)
+ */
+export const isPasskeyPruningSupport = () => pipe(isPasskeyPruningSupportM, Micro.runSync);
+/**
+ * Does the local device support programmatic passkey updates
+ *
+ * @returns `true` if local passkey updates are supported.
+ *
+ * @category Passkeys (other)
+ */
+export const isPasskeyUpdateSupport = () => pipe(isPasskeyUpdateSupportM, Micro.runSync);
+export { isNetworkError } from "./internal/network";
+export { LogEvent, Logger, LogLevel, } from "./logger";
+export { AuthenticationHelper, isAuthenticationSuccess, } from "./passkey/authentication/authentication";
+export { DeleteError, DuplicatePasskeyError, isDeleteError, isDuplicatePasskeyError, isOtherPasskeyError, isPasskeyNotFoundError, isPasskeyUnsupportedError, isPruningError, isUpdateError, OtherPasskeyError, PasskeyNotFoundError, PasskeyUnsupportedError, PruningError, UpdateError, } from "./passkey/errors";
+export { isRegistrationSuccess, RegistrationHelper, } from "./passkey/registration/registration";
+export { isAutofillSupport, isPasskeySupport, } from "./passkey/support";
+//# sourceMappingURL=safe.js.map

package/dist/safe.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"safe.js","sourceRoot":"","sources":["../src/safe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAEH,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAA;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,UAAU,CAAA;AAO9C,OAAO,EACL,oBAAoB,EACpB,mBAAmB,IAAI,oBAAoB,GAC5C,MAAM,yCAAyC,CAAA;AAahD,OAAO,EACL,kBAAkB,EAClB,eAAe,IAAI,gBAAgB,GACpC,MAAM,qCAAqC,CAAA;AAM5C,OAAO,EACL,aAAa,IAAI,cAAc,EAC/B,sBAAsB,IAAI,uBAAuB,EACjD,uBAAuB,IAAI,wBAAwB,EACnD,sBAAsB,IAAI,uBAAuB,EACjD,aAAa,IAAI,cAAc,EAC/B,uBAAuB,EACvB,aAAa,IAAI,cAAc,GAChC,MAAM,2BAA2B,CAAA;AAElC,kBAAkB;AAElB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAClC,OAA4B;AAC5B,cAAc;AACd,SAAgC,WAAW,EACO,EAAE,CACpD,IAAI,CACF,gBAAgB,CAAC,OAAO,CAAC,EACzB,KAAK,CAAC,cAAc,CAAC,kBAAkB,EAAE,kBAAkB,CAAC,OAAO,CAAC,EACpE,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,EACpC,YAAY,CACb,CAAA;AAEH,oBAAoB;AAEpB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CACjC,OAA8B;AAC9B,cAAc;AACd,SAAgC,WAAW,EACW,EAAE,CACxD,IAAI,CACF,oBAAoB,CAAC,OAAO,CAAC,EAC7B,KAAK,CAAC,cAAc,CAAC,oBAAoB,EAAE,oBAAoB,CAAC,OAAO,CAAC,EACxE,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,EACpC,YAAY,CACb,CAAA;AAEH,aAAa;AAEb;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B;AAC7B,cAAc;AACd,SAAgC,WAAW,EACX,EAAE;IAClC,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,CAAC,CAAA;IACrC,OAAO,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,YAAY,CAAC,CAAA;AACxE,CAAC,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,WAA8D,EAC9D,OAAwB;AACxB,cAAc;AACd,SAAgC,WAAW,EACX,EAAE;IAClC,MAAM,KAAK,GACT,OAAO,WAAW,KAAK,QAAQ;QAC7B,CAAC,CAAC,cAAc,CAAC,WAAW,EAAE,OAAO,CAAC;QACtC,CAAC,CAAC,uBAAuB,CAAC,WAAW,CAAC,CAAA;IAE1C,OAAO,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,YAAY,CAAC,CAAA;AACxE,CAAC,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,UAAyB,EACzB,OAAwB;AACxB,cAAc;AACd,SAAgC,WAAW,EACV,EAAE;IACnC,MAAM,KAAK,GAAG,cAAc,CAAC,UAAU,EAAE,OAAO,CAAC,CAAA;IACjD,OAAO,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,YAAY,CAAC,CAAA;AACxE,CAAC,CAAA;AAED,aAAa;AAEb;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,GAAG,EAAE,CACzC,IAAI,CAAC,uBAAuB,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;AAE9C;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,GAAG,EAAE,CAC1C,IAAI,CAAC,wBAAwB,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;AAE/C;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,GAAG,EAAE,CACzC,IAAI,CAAC,uBAAuB,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;AAK9C,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAA;AACnD,OAAO,EACL,QAAQ,EACR,MAAM,EACN,QAAQ,GACT,MAAM,UAAU,CAAA;AASjB,OAAO,EACL,oBAAoB,EACpB,uBAAuB,GACxB,MAAM,yCAAyC,CAAA;AAEhD,OAAO,EACL,WAAW,EACX,qBAAqB,EACrB,aAAa,EACb,uBAAuB,EACvB,mBAAmB,EACnB,sBAAsB,EACtB,yBAAyB,EACzB,cAAc,EACd,aAAa,EACb,iBAAiB,EACjB,oBAAoB,EACpB,uBAAuB,EACvB,YAAY,EACZ,WAAW,GACZ,MAAM,kBAAkB,CAAA;AAQzB,OAAO,EACL,qBAAqB,EACrB,kBAAkB,GACnB,MAAM,qCAAqC,CAAA;AAM5C,OAAO,EACL,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,mBAAmB,CAAA"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@passlock/client",
-  "version": "2.0.0",
+  "version": "2.0.2",
   "description": "Flexible passkey authentication for Astro, SvelteKit, NextJS and other frameworks",
   "keywords": [
     "passkey",
@@ -34,6 +34,11 @@
       "types": "./dist/index.d.ts",
       "import": "./dist/index.js",
       "default": "./dist/index.js"
+    },
+    "./safe": {
+      "types": "./dist/safe.d.ts",
+      "import": "./dist/safe.js",
+      "default": "./dist/safe.js"
     }
   },
   "module": "./dist/index.js",
@@ -43,39 +48,39 @@
   ],
   "dependencies": {
     "@simplewebauthn/browser": "^13.2.2",
-    "effect": "3.19.14"
+    "effect": "3.19.19"
   },
   "devDependencies": {
-    "@biomejs/biome": "^2.3.11",
-    "@effect/language-service": "^0.72.0",
+    "@biomejs/biome": "^2.4.4",
+    "@effect/language-service": "^0.75.1",
     "@fetch-mock/vitest": "^0.2.18",
-    "@typescript/lib-dom": "npm:@types/web@^0.0.320",
-    "globals": "^17.0.0",
-    "npm-check-updates": "^19.3.1",
+    "@typescript/lib-dom": "npm:@types/web@^0.0.337",
+    "globals": "^17.3.0",
+    "npm-check-updates": "^19.4.1",
     "publint": "0.3.17",
-    "rimraf": "^6.1.2",
+    "rimraf": "^6.1.3",
     "tsx": "4.21.0",
+    "typedoc": "^0.28.17",
     "typescript": "^5.9.3",
     "vitest": "^4.0.16"
   },
   "peerDependencies": {
-    "effect": "3.19.14"
+    "effect": "3.19.19"
   },
   "scripts": {
-    "build": "tsc --build",
+    "build": "tsc -p tsconfig.build.json",
     "build:clean": "$npm_execpath run clean:full && $npm_execpath run build",
     "build:production": "$npm_execpath run build:clean && $npm_execpath run build:readme && $npm_execpath run replaceTokens && echo '' && publint",
-    "build:readme": "LATEST=${npm_package_version} tsx ../../scripts/replace-readme-tokens.ts ./packages/client",
-    "clean": "tsc --build --clean",
-    "clean:full": "rimraf dist tsconfig.tsbuildinfo",
-    "replaceTokens": "LATEST=${npm_package_version} tsx ../../scripts/replace-tokens.ts ./packages/client",
-    "test": "vitest --project unit",
-    "test:it": "vitest --project integration",
-    "test:all": "vitest run --project unit --project integration",
-    "test:coverage": "vitest run --coverage",
-    "test:ui": "vitest --coverage.enabled=true --ui",
-    "test:watch": "vitest dev",
-    "typecheck": "tsc --noEmit",
+    "build:readme": "VERSION=${npm_package_version} tsx ../../scripts/replace-readme-tokens.ts ./packages/client",
+    "typedoc": "typedoc",
+    "clean": "tsc -p tsconfig.build.json --clean",
+    "clean:full": "rimraf dist tsconfig.build.tsbuildinfo",
+    "replaceTokens": "VERSION=${npm_package_version} tsx ../../scripts/replace-tokens.ts ./packages/client",
+    "test:unit": "vitest --project unit run",
+    "test:unit:watch": "vitest --project unit",
+    "test:integration": "vitest --project integration run",
+    "test:all": "vitest --project unit --project integration run",
+    "typecheck": "tsc -p tsconfig.test.json --noEmit",
     "lint": "biome check .",
     "lint:fix": "biome check --fix .",
     "lint:ci": "biome ci .",

package/dist/logger/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/logger/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAA;;uBAKhB,CAAC,OAAO,EAAE,MAAM,KAAK,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC;sBACvC,CAAC,OAAO,EAAE,MAAM,KAAK,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC;sBACtC,CAAC,OAAO,EAAE,MAAM,KAAK,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC;uBACrC,CAAC,OAAO,EAAE,MAAM,KAAK,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC;;AAN7D,qBAAa,MAAO,SAAQ,WAQzB;CAAG;AAEN,eAAO,MAAM,aAAa,EAAE,OAAO,MAAM,CAAC,OAoBzC,CAAA;AAED,oBAAY,QAAQ;IAClB,KAAK,UAAU;IACf,IAAI,SAAS;IACb,KAAK,UAAU;IACf,IAAI,SAAS;CACd;AAED,qBAAa,QAAS,SAAQ,KAAK;;IAIjC,MAAM,CAAC,IAAI,SAAqB;gBAEpB,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ;IAM5C,IAAI,OAAO,IAAI,MAAM,CAEpB;IAED,IAAI,KAAK,IAAI,QAAQ,CAEpB;CACF;AASD,eAAO,MAAM,WAAW,EAAE,OAAO,MAAM,CAAC,OAKvC,CAAA"}

package/dist/logger/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/logger/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAA;AAEvC,MAAM,OAAO,MAAO,SAAQ,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAQ9C;CAAG;AAEN,MAAM,CAAC,MAAM,aAAa,GAA0B;IAClD,QAAQ,EAAE,CAAC,OAAwB,EAAE,GAAG,YAA4B,EAAE,EAAE,CACtE,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;QACd,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;IACtC,CAAC,CAAC;IAEJ,QAAQ,EAAE,CAAC,OAAwB,EAAE,GAAG,YAA4B,EAAE,EAAE,CACtE,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;QACd,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;IACtC,CAAC,CAAC;IAEJ,OAAO,EAAE,CAAC,OAAwB,EAAE,GAAG,YAA4B,EAAE,EAAE,CACrE,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;QACd,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;IACrC,CAAC,CAAC;IAEJ,OAAO,EAAE,CAAC,OAAwB,EAAE,GAAG,YAA4B,EAAE,EAAE,CACrE,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;QACd,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;IACrC,CAAC,CAAC;CACL,CAAA;AAED,MAAM,CAAN,IAAY,QAKX;AALD,WAAY,QAAQ;IAClB,2BAAe,CAAA;IACf,yBAAa,CAAA;IACb,2BAAe,CAAA;IACf,yBAAa,CAAA;AACf,CAAC,EALW,QAAQ,KAAR,QAAQ,QAKnB;AAED,MAAM,OAAO,QAAS,SAAQ,KAAK;IACxB,QAAQ,CAAQ;IAChB,MAAM,CAAU;IAEzB,MAAM,CAAC,IAAI,GAAG,kBAAkB,CAAA;IAEhC,YAAY,OAAe,EAAE,KAAe;QAC1C,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;QACpB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAA;QACvB,IAAI,CAAC,MAAM,GAAG,KAAK,CAAA;IACrB,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,QAAQ,CAAA;IACtB,CAAC;IAED,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,MAAM,CAAA;IACpB,CAAC;;AAGH,MAAM,QAAQ,GAAG,CAAC,KAAe,EAAE,EAAE,CAAC,CAAC,OAAe,EAAE,EAAE,CACxD,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;IACd,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,CAAC,aAAa,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAA;IACpD,CAAC;AACH,CAAC,CAAC,CAAA;AAEJ,MAAM,CAAC,MAAM,WAAW,GAA0B;IAChD,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;IAClC,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;IAClC,OAAO,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC;IAChC,OAAO,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC;CACjC,CAAA"}

package/dist/passkey/authentication/authentication.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=authentication.test.d.ts.map

package/dist/passkey/authentication/authentication.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"authentication.test.d.ts","sourceRoot":"","sources":["../../../src/passkey/authentication/authentication.test.ts"],"names":[],"mappings":""}