@passlock/client 2.0.1 → 2.0.3

package/dist/safe.d.ts

@@ -0,0 +1,267 @@
+/**
+ * _safe_ functions i.e. functions that return discriminated unions composed of either a
+ * success result or an error result for expected outcomes. Use one of the type guards to
+ * narrow the result to a given success or error type.
+ *
+ * Note: unexpected runtime failures may still throw.
+ *
+ * @categoryDescription Passkeys (core)
+ * Creating, authenticating, updating and deleting passkeys. {@link registerPasskey}
+ * and {@link authenticatePasskey} are the key functions.
+ *
+ * @categoryDescription Passkeys (other)
+ * Testing for browser capabilities related to passkeys, type guards and other utilities.
+ *
+ * @categoryDescription Passkeys (errors)
+ * Errors that could be returned by a function.
+ *
+ * @showCategories
+ * @module safe
+ */
+import { Logger } from "./logger";
+import type { AuthenticationError, AuthenticationOptions, AuthenticationSuccess } from "./passkey/authentication/authentication";
+import type { DeleteError, OrphanedPasskeyError, PruningError, UpdateError } from "./passkey/errors";
+import type { RegistrationError, RegistrationOptions, RegistrationSuccess } from "./passkey/registration/registration";
+import type { DeleteCredentialOptions, DeletePasskeyOptions, DeleteSuccess, PrunePasskeyOptions, PruningSuccess, UpdateCredentialOptions, UpdatePasskeyOptions, UpdateSuccess } from "./passkey/signals/signals";
+/**
+ * Registers a passkey on the user's device, then saves the server-side component in your vault.
+ * If successful, this function returns both a `code` and an `id_token` (JWT).
+ * Send either value to your backend for verification. See
+ * [register a passkey](https://passlock.dev/passkeys/registration/) in the documentation.
+ *
+ * @param options
+ *
+ * @returns Use {@link isRegistrationSuccess} to test for a successful result, {@link RegistrationError} is
+ * an alias to a union of potential errors. Use one of the appropriate isXXX type guards to narrow
+ * the error.
+ *
+ * Alternatively test the result's `_tag` property, which acts as a union discriminator.
+ *
+ * @see {@link isRegistrationSuccess}
+ * @see {@link isPasskeyUnsupportedError}
+ * @see {@link isDuplicatePasskeyError}
+ * @see {@link isOtherPasskeyError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ * const username = "jdoe@gmail.com";
+ *
+ * const result = await registerPasskey({ tenancyId, username });
+ *
+ * if (isRegistrationSuccess(result)) {
+ *   // send this to your backend for verification
+ *   console.log(result.code);
+ * } else if (isPasskeyUnsupportedError(result)) {
+ *   // ^^ using an error type guard
+ *   console.log("Device does not support passkeys");
+ * } else if (result._tag === "@error/OtherPasskey") {
+ *   // ^^ narrowing the result using the _tag
+ *   console.log(result.message);
+ * } else {
+ *  ...
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export declare const registerPasskey: (options: RegistrationOptions, 
+/** @hidden */
+logger?: typeof Logger.Service) => Promise<RegistrationSuccess | RegistrationError>;
+/**
+ * Asks the client to present a passkey, which is then verified against the server-side component in your vault.
+ * If successful, this function returns both a `code` and an `id_token` (JWT).
+ * Send either value to your backend for verification. See
+ * [authenticate a passkey](https://passlock.dev/passkeys/authentication/) in the documentation.
+ *
+ * @param options
+ *
+ * @returns Use {@link isAuthenticationSuccess} to test for a successful result, {@link AuthenticationError} is
+ * an alias to a union of potential errors. Use one of the appropriate isXXX type guards to narrow
+ * the error.
+ *
+ * Alternatively test the result's `_tag` property, which acts as a union discriminator.
+ *
+ * @see {@link isAuthenticationSuccess}
+ * @see {@link isPasskeyUnsupportedError}
+ * @see {@link isOrphanedPasskeyError}
+ * @see {@link isOtherPasskeyError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ *
+ * const result = await authenticatePasskey({ tenancyId });
+ *
+ * if (isAuthenticationSuccess(result)) {
+ *   // send this to your backend for verification
+ *   console.log(result.code);
+ * } else if (isPasskeyUnsupportedError(result)) {
+ *   // ^^ using an error type guard
+ *   console.log("Device does not support passkeys");
+ * } else if (result._tag === "@error/OtherPasskey") {
+ *   // ^^ narrowing the result using the _tag
+ *   console.log(result.message);
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export declare const authenticatePasskey: (options: AuthenticationOptions, 
+/** @hidden */
+logger?: typeof Logger.Service) => Promise<AuthenticationSuccess | AuthenticationError>;
+/**
+ * Attempt to update the username or display name for a passkey (client-side only).
+ *
+ * Useful if the user has changed their account identifier. For example, they register
+ * using jdoe@gmail.com but later change their account username to jdoe@yahoo.com.
+ * Even after you update their account details in your backend, their local password
+ * manager will continue to display jdoe@gmail.com.
+ *
+ * By calling this function and supplying a new username/display name, their local
+ * password manager will align with their updated account identifier.
+ *
+ * @param options You will typically supply a target `passkeyId` via {@link UpdatePasskeyOptions}. {@link UpdateCredentialOptions} is for advanced use cases.
+ * @returns Use {@link isUpdateSuccess} and {@link isUpdateError} to test the update status.
+ *
+ * Alternatively, examine the result's `_tag` property, which acts as a discriminator.
+ *
+ * @see {@link isUpdateSuccess}
+ * @see {@link isUpdateError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ * const passkeyId = "myPasskeyId";
+ * const username = "newUsername@gmail.com";
+ * const displayName = "New Account Name";
+ *
+ * const result = await updatePasskey({ tenancyId, passkeyId, username, displayName });
+ *
+ * if (result._tag === "UpdateSuccess") {
+ *   // ^^ narrowing the result using the _tag
+ *   console.log("passkey updated locally");
+ * } else if (isUpdateError(result)) {
+ *   // narrowed to an UpdateError type
+ *   console.log(result.code);
+ * } else {
+ *   console.log("unable to update passkey");
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export declare const updatePasskey: (options: UpdatePasskeyOptions | UpdateCredentialOptions, 
+/** @hidden */
+logger?: typeof Logger.Service) => Promise<UpdateSuccess | UpdateError>;
+/**
+ * Attempts to delete a passkey from a local device. There are two scenarios in which this function is useful:
+ *
+ * 1. **Deleting a passkey** - Use the `@passlock/node` package or make vanilla REST calls from your
+ * backend to delete the server-side component, then use this function to delete the client-side component.
+ *
+ * 2. **Missing passkey** - When a user presented a passkey but the server-side component could not be found.
+ * Remove the passkey from the local device to prevent it happening again.
+ *
+ * See [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/) and
+ * [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/) in the documentation.
+ *
+ * @param options You will typically pass {@link DeletePasskeyOptions}, the other types are for advanced use cases/optimizations.
+ * @returns Use {@link isDeleteSuccess} to test for a successful deletion, or {@link isDeleteError} to test for an error.
+ * Alternatively, test the result's `_tag` property, which acts as a discriminator.
+ * @see {@link isDeleteSuccess}
+ * @see {@link isDeleteError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ * const passkeyId = "myPasskeyId";
+ *
+ * const result = await deletePasskey({ tenancyId, passkeyId });
+ *
+ * if (result._tag === "DeleteSuccess") {
+ *   // ^^ narrowing the result using the _tag
+ *   console.log("passkey deleted locally");
+ * } else if (isDeleteError(result)) {
+ *   // narrowed to a DeleteError type
+ *   console.log(result.code);
+ * } else {
+ *   console.log("unable to delete passkey");
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export declare const deletePasskey: (options: DeletePasskeyOptions | DeleteCredentialOptions | OrphanedPasskeyError, 
+/** @hidden */
+logger?: typeof Logger.Service) => Promise<DeleteSuccess | DeleteError>;
+/**
+ * Attempt to prune local passkeys by keeping only the passkey IDs you trust.
+ *
+ * This is useful when your backend is the source of truth for which passkeys
+ * should still exist for a given account on this device.
+ *
+ * @param options Pass the passkeys you **want to retain**.
+ * @returns Use {@link isPruningSuccess} and {@link isPruningError} to narrow the result.
+ * Alternatively test the result's `_tag` property, which acts as a discriminator.
+ *
+ * @see {@link isPruningSuccess}
+ * @see {@link isPruningError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ * const allowablePasskeyIds = ["passkey-1", "passkey-2"];
+ *
+ * const result = await prunePasskeys({ tenancyId, allowablePasskeyIds });
+ *
+ * if (result._tag === "PruningSuccess") {
+ *   // ^^ narrowing the result using the _tag
+ *   console.log("local passkeys pruned");
+ * } else if (isPruningError(result)) {
+ *   // narrowed to a PruningError type
+ *   console.log(result.code);
+ * } else {
+ *   console.log("unable to prune passkeys");
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export declare const prunePasskeys: (options: PrunePasskeyOptions, 
+/** @hidden */
+logger?: typeof Logger.Service) => Promise<PruningSuccess | PruningError>;
+/**
+ * Does the local device support programmatic passkey deletion
+ *
+ * @returns `true` if local passkey deletion is supported.
+ *
+ * @category Passkeys (other)
+ */
+export declare const isPasskeyDeleteSupport: () => boolean;
+/**
+ * Does the local device support programmatic passkey pruning
+ *
+ * @returns `true` if local passkey pruning is supported.
+ *
+ * @category Passkeys (other)
+ */
+export declare const isPasskeyPruningSupport: () => boolean;
+/**
+ * Does the local device support programmatic passkey updates
+ *
+ * @returns `true` if local passkey updates are supported.
+ *
+ * @category Passkeys (other)
+ */
+export declare const isPasskeyUpdateSupport: () => boolean;
+export { isNetworkError, NetworkError } from "./internal/network";
+export { LogEvent, Logger, LogLevel, } from "./logger";
+export type { PasslockOptions } from "./options";
+export type { AuthenticationError, AuthenticationEvent, AuthenticationEvents, AuthenticationOptions, AuthenticationSuccess, OnAuthenticationEvent, } from "./passkey/authentication/authentication";
+export { AuthenticationHelper, isAuthenticationSuccess, } from "./passkey/authentication/authentication";
+export type { ErrorCode } from "./passkey/errors";
+export { DeleteError, DuplicatePasskeyError, isDeleteError, isDuplicatePasskeyError, isOrphanedPasskeyError, isOtherPasskeyError, isPasskeyUnsupportedError, isPruningError, isUpdateError, OrphanedPasskeyError, OtherPasskeyError, PasskeyUnsupportedError, PruningError, UpdateError, } from "./passkey/errors";
+export type { OnRegistrationEvent, RegistrationError, RegistrationEvent, RegistrationOptions, RegistrationSuccess, } from "./passkey/registration/registration";
+export { isRegistrationSuccess, RegistrationHelper, } from "./passkey/registration/registration";
+export type { UserVerification } from "./passkey/shared";
+export type { CredentialMapping, DeleteCredentialOptions, DeletePasskeyOptions, DeleteSuccess, PrunePasskeyOptions, PruningSuccess, UpdateCredentialOptions, UpdatePasskeyOptions, UpdateSuccess, } from "./passkey/signals/signals";
+export { isDeleteSuccess, isPruningSuccess, isUpdateSuccess, } from "./passkey/signals/signals";
+export { isAutofillSupport, isPasskeySupport, } from "./passkey/support";
+export type { Principal } from "./principal";
+//# sourceMappingURL=safe.d.ts.map

package/dist/safe.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"safe.d.ts","sourceRoot":"","sources":["../src/safe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAIH,OAAO,EAAe,MAAM,EAAE,MAAM,UAAU,CAAA;AAC9C,OAAO,KAAK,EACV,mBAAmB,EACnB,qBAAqB,EACrB,qBAAqB,EACtB,MAAM,yCAAyC,CAAA;AAKhD,OAAO,KAAK,EACV,WAAW,EACX,oBAAoB,EACpB,YAAY,EACZ,WAAW,EACZ,MAAM,kBAAkB,CAAA;AAEzB,OAAO,KAAK,EACV,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,EACpB,MAAM,qCAAqC,CAAA;AAM5C,OAAO,KAAK,EACV,uBAAuB,EACvB,oBAAoB,EACpB,aAAa,EACb,mBAAmB,EACnB,cAAc,EACd,uBAAuB,EACvB,oBAAoB,EACpB,aAAa,EACd,MAAM,2BAA2B,CAAA;AAelC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AACH,eAAO,MAAM,eAAe,GAC1B,SAAS,mBAAmB;AAC5B,cAAc;AACd,SAAQ,OAAO,MAAM,CAAC,OAAqB,KAC1C,OAAO,CAAC,mBAAmB,GAAG,iBAAiB,CAM/C,CAAA;AAIH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,eAAO,MAAM,mBAAmB,GAC9B,SAAS,qBAAqB;AAC9B,cAAc;AACd,SAAQ,OAAO,MAAM,CAAC,OAAqB,KAC1C,OAAO,CAAC,qBAAqB,GAAG,mBAAmB,CAMnD,CAAA;AAIH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,GAAG,uBAAuB;AACvD,cAAc;AACd,SAAQ,OAAO,MAAM,CAAC,OAAqB,KAC1C,OAAO,CAAC,aAAa,GAAG,WAAW,CAGrC,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACH,eAAO,MAAM,aAAa,GACxB,SACI,oBAAoB,GACpB,uBAAuB,GACvB,oBAAoB;AACxB,cAAc;AACd,SAAQ,OAAO,MAAM,CAAC,OAAqB,KAC1C,OAAO,CAAC,aAAa,GAAG,WAAW,CAGrC,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,mBAAmB;AAC5B,cAAc;AACd,SAAQ,OAAO,MAAM,CAAC,OAAqB,KAC1C,OAAO,CAAC,cAAc,GAAG,YAAY,CAGvC,CAAA;AAID;;;;;;GAMG;AACH,eAAO,MAAM,sBAAsB,eACW,CAAA;AAE9C;;;;;;GAMG;AACH,eAAO,MAAM,uBAAuB,eACW,CAAA;AAE/C;;;;;;GAMG;AACH,eAAO,MAAM,sBAAsB,eACW,CAAA;AAI9C,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjE,OAAO,EACL,QAAQ,EACR,MAAM,EACN,QAAQ,GACT,MAAM,UAAU,CAAA;AACjB,YAAY,EAAE,eAAe,EAAE,MAAM,WAAW,CAAA;AAChD,YAAY,EACV,mBAAmB,EACnB,mBAAmB,EACnB,oBAAoB,EACpB,qBAAqB,EACrB,qBAAqB,EACrB,qBAAqB,GACtB,MAAM,yCAAyC,CAAA;AAChD,OAAO,EACL,oBAAoB,EACpB,uBAAuB,GACxB,MAAM,yCAAyC,CAAA;AAChD,YAAY,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAA;AACjD,OAAO,EACL,WAAW,EACX,qBAAqB,EACrB,aAAa,EACb,uBAAuB,EACvB,sBAAsB,EACtB,mBAAmB,EACnB,yBAAyB,EACzB,cAAc,EACd,aAAa,EACb,oBAAoB,EACpB,iBAAiB,EACjB,uBAAuB,EACvB,YAAY,EACZ,WAAW,GACZ,MAAM,kBAAkB,CAAA;AACzB,YAAY,EACV,mBAAmB,EACnB,iBAAiB,EACjB,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,qCAAqC,CAAA;AAC5C,OAAO,EACL,qBAAqB,EACrB,kBAAkB,GACnB,MAAM,qCAAqC,CAAA;AAC5C,YAAY,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAA;AACxD,YAAY,EACV,iBAAiB,EACjB,uBAAuB,EACvB,oBAAoB,EACpB,aAAa,EACb,mBAAmB,EACnB,cAAc,EACd,uBAAuB,EACvB,oBAAoB,EACpB,aAAa,GACd,MAAM,2BAA2B,CAAA;AAClC,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,eAAe,GAChB,MAAM,2BAA2B,CAAA;AAClC,OAAO,EACL,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,mBAAmB,CAAA;AAC1B,YAAY,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA"}

package/dist/safe.js

@@ -0,0 +1,275 @@
+/**
+ * _safe_ functions i.e. functions that return discriminated unions composed of either a
+ * success result or an error result for expected outcomes. Use one of the type guards to
+ * narrow the result to a given success or error type.
+ *
+ * Note: unexpected runtime failures may still throw.
+ *
+ * @categoryDescription Passkeys (core)
+ * Creating, authenticating, updating and deleting passkeys. {@link registerPasskey}
+ * and {@link authenticatePasskey} are the key functions.
+ *
+ * @categoryDescription Passkeys (other)
+ * Testing for browser capabilities related to passkeys, type guards and other utilities.
+ *
+ * @categoryDescription Passkeys (errors)
+ * Errors that could be returned by a function.
+ *
+ * @showCategories
+ * @module safe
+ */
+import { Micro, pipe } from "effect";
+import { runToPromise } from "./internal";
+import { eventLogger, Logger } from "./logger";
+import { AuthenticationHelper, authenticatePasskey as authenticatePasskeyM, } from "./passkey/authentication/authentication";
+import { RegistrationHelper, registerPasskey as registerPasskeyM, } from "./passkey/registration/registration";
+import { deletePasskey as deletePasskeyM, isDeleteSuccess, isPasskeyDeleteSupport as isPasskeyDeleteSupportM, isPasskeyPruningSupport as isPasskeyPruningSupportM, isPasskeyUpdateSupport as isPasskeyUpdateSupportM, isPruningSuccess, isUpdateSuccess, prunePasskeys as prunePasskeysM, updatePasskey as updatePasskeyM, } from "./passkey/signals/signals";
+/* Registration */
+/**
+ * Registers a passkey on the user's device, then saves the server-side component in your vault.
+ * If successful, this function returns both a `code` and an `id_token` (JWT).
+ * Send either value to your backend for verification. See
+ * [register a passkey](https://passlock.dev/passkeys/registration/) in the documentation.
+ *
+ * @param options
+ *
+ * @returns Use {@link isRegistrationSuccess} to test for a successful result, {@link RegistrationError} is
+ * an alias to a union of potential errors. Use one of the appropriate isXXX type guards to narrow
+ * the error.
+ *
+ * Alternatively test the result's `_tag` property, which acts as a union discriminator.
+ *
+ * @see {@link isRegistrationSuccess}
+ * @see {@link isPasskeyUnsupportedError}
+ * @see {@link isDuplicatePasskeyError}
+ * @see {@link isOtherPasskeyError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ * const username = "jdoe@gmail.com";
+ *
+ * const result = await registerPasskey({ tenancyId, username });
+ *
+ * if (isRegistrationSuccess(result)) {
+ *   // send this to your backend for verification
+ *   console.log(result.code);
+ * } else if (isPasskeyUnsupportedError(result)) {
+ *   // ^^ using an error type guard
+ *   console.log("Device does not support passkeys");
+ * } else if (result._tag === "@error/OtherPasskey") {
+ *   // ^^ narrowing the result using the _tag
+ *   console.log(result.message);
+ * } else {
+ *  ...
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export const registerPasskey = async (options, 
+/** @hidden */
+logger = eventLogger) => pipe(registerPasskeyM(options), Micro.provideService(RegistrationHelper, RegistrationHelper.Default), Micro.provideService(Logger, logger), runToPromise);
+/* Authentication */
+/**
+ * Asks the client to present a passkey, which is then verified against the server-side component in your vault.
+ * If successful, this function returns both a `code` and an `id_token` (JWT).
+ * Send either value to your backend for verification. See
+ * [authenticate a passkey](https://passlock.dev/passkeys/authentication/) in the documentation.
+ *
+ * @param options
+ *
+ * @returns Use {@link isAuthenticationSuccess} to test for a successful result, {@link AuthenticationError} is
+ * an alias to a union of potential errors. Use one of the appropriate isXXX type guards to narrow
+ * the error.
+ *
+ * Alternatively test the result's `_tag` property, which acts as a union discriminator.
+ *
+ * @see {@link isAuthenticationSuccess}
+ * @see {@link isPasskeyUnsupportedError}
+ * @see {@link isOrphanedPasskeyError}
+ * @see {@link isOtherPasskeyError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ *
+ * const result = await authenticatePasskey({ tenancyId });
+ *
+ * if (isAuthenticationSuccess(result)) {
+ *   // send this to your backend for verification
+ *   console.log(result.code);
+ * } else if (isPasskeyUnsupportedError(result)) {
+ *   // ^^ using an error type guard
+ *   console.log("Device does not support passkeys");
+ * } else if (result._tag === "@error/OtherPasskey") {
+ *   // ^^ narrowing the result using the _tag
+ *   console.log(result.message);
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export const authenticatePasskey = (options, 
+/** @hidden */
+logger = eventLogger) => pipe(authenticatePasskeyM(options), Micro.provideService(AuthenticationHelper, AuthenticationHelper.Default), Micro.provideService(Logger, logger), runToPromise);
+/* Signals */
+/**
+ * Attempt to update the username or display name for a passkey (client-side only).
+ *
+ * Useful if the user has changed their account identifier. For example, they register
+ * using jdoe@gmail.com but later change their account username to jdoe@yahoo.com.
+ * Even after you update their account details in your backend, their local password
+ * manager will continue to display jdoe@gmail.com.
+ *
+ * By calling this function and supplying a new username/display name, their local
+ * password manager will align with their updated account identifier.
+ *
+ * @param options You will typically supply a target `passkeyId` via {@link UpdatePasskeyOptions}. {@link UpdateCredentialOptions} is for advanced use cases.
+ * @returns Use {@link isUpdateSuccess} and {@link isUpdateError} to test the update status.
+ *
+ * Alternatively, examine the result's `_tag` property, which acts as a discriminator.
+ *
+ * @see {@link isUpdateSuccess}
+ * @see {@link isUpdateError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ * const passkeyId = "myPasskeyId";
+ * const username = "newUsername@gmail.com";
+ * const displayName = "New Account Name";
+ *
+ * const result = await updatePasskey({ tenancyId, passkeyId, username, displayName });
+ *
+ * if (result._tag === "UpdateSuccess") {
+ *   // ^^ narrowing the result using the _tag
+ *   console.log("passkey updated locally");
+ * } else if (isUpdateError(result)) {
+ *   // narrowed to an UpdateError type
+ *   console.log(result.code);
+ * } else {
+ *   console.log("unable to update passkey");
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export const updatePasskey = (options, 
+/** @hidden */
+logger = eventLogger) => {
+    const micro = updatePasskeyM(options);
+    return pipe(micro, Micro.provideService(Logger, logger), runToPromise);
+};
+/**
+ * Attempts to delete a passkey from a local device. There are two scenarios in which this function is useful:
+ *
+ * 1. **Deleting a passkey** - Use the `@passlock/node` package or make vanilla REST calls from your
+ * backend to delete the server-side component, then use this function to delete the client-side component.
+ *
+ * 2. **Missing passkey** - When a user presented a passkey but the server-side component could not be found.
+ * Remove the passkey from the local device to prevent it happening again.
+ *
+ * See [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/) and
+ * [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/) in the documentation.
+ *
+ * @param options You will typically pass {@link DeletePasskeyOptions}, the other types are for advanced use cases/optimizations.
+ * @returns Use {@link isDeleteSuccess} to test for a successful deletion, or {@link isDeleteError} to test for an error.
+ * Alternatively, test the result's `_tag` property, which acts as a discriminator.
+ * @see {@link isDeleteSuccess}
+ * @see {@link isDeleteError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ * const passkeyId = "myPasskeyId";
+ *
+ * const result = await deletePasskey({ tenancyId, passkeyId });
+ *
+ * if (result._tag === "DeleteSuccess") {
+ *   // ^^ narrowing the result using the _tag
+ *   console.log("passkey deleted locally");
+ * } else if (isDeleteError(result)) {
+ *   // narrowed to a DeleteError type
+ *   console.log(result.code);
+ * } else {
+ *   console.log("unable to delete passkey");
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export const deletePasskey = (options, 
+/** @hidden */
+logger = eventLogger) => {
+    const micro = deletePasskeyM(options);
+    return pipe(micro, Micro.provideService(Logger, logger), runToPromise);
+};
+/**
+ * Attempt to prune local passkeys by keeping only the passkey IDs you trust.
+ *
+ * This is useful when your backend is the source of truth for which passkeys
+ * should still exist for a given account on this device.
+ *
+ * @param options Pass the passkeys you **want to retain**.
+ * @returns Use {@link isPruningSuccess} and {@link isPruningError} to narrow the result.
+ * Alternatively test the result's `_tag` property, which acts as a discriminator.
+ *
+ * @see {@link isPruningSuccess}
+ * @see {@link isPruningError}
+ *
+ * @example
+ * // from your Passlock console settings
+ * const tenancyId = "myTenancyId";
+ * const allowablePasskeyIds = ["passkey-1", "passkey-2"];
+ *
+ * const result = await prunePasskeys({ tenancyId, allowablePasskeyIds });
+ *
+ * if (result._tag === "PruningSuccess") {
+ *   // ^^ narrowing the result using the _tag
+ *   console.log("local passkeys pruned");
+ * } else if (isPruningError(result)) {
+ *   // narrowed to a PruningError type
+ *   console.log(result.code);
+ * } else {
+ *   console.log("unable to prune passkeys");
+ * }
+ *
+ * @category Passkeys (core)
+ */
+export const prunePasskeys = (options, 
+/** @hidden */
+logger = eventLogger) => {
+    const micro = prunePasskeysM(options);
+    return pipe(micro, Micro.provideService(Logger, logger), runToPromise);
+};
+/* Support */
+/**
+ * Does the local device support programmatic passkey deletion
+ *
+ * @returns `true` if local passkey deletion is supported.
+ *
+ * @category Passkeys (other)
+ */
+export const isPasskeyDeleteSupport = () => pipe(isPasskeyDeleteSupportM, Micro.runSync);
+/**
+ * Does the local device support programmatic passkey pruning
+ *
+ * @returns `true` if local passkey pruning is supported.
+ *
+ * @category Passkeys (other)
+ */
+export const isPasskeyPruningSupport = () => pipe(isPasskeyPruningSupportM, Micro.runSync);
+/**
+ * Does the local device support programmatic passkey updates
+ *
+ * @returns `true` if local passkey updates are supported.
+ *
+ * @category Passkeys (other)
+ */
+export const isPasskeyUpdateSupport = () => pipe(isPasskeyUpdateSupportM, Micro.runSync);
+/* Re-exports */
+export { isNetworkError, NetworkError } from "./internal/network";
+export { LogEvent, Logger, LogLevel, } from "./logger";
+export { AuthenticationHelper, isAuthenticationSuccess, } from "./passkey/authentication/authentication";
+export { DeleteError, DuplicatePasskeyError, isDeleteError, isDuplicatePasskeyError, isOrphanedPasskeyError, isOtherPasskeyError, isPasskeyUnsupportedError, isPruningError, isUpdateError, OrphanedPasskeyError, OtherPasskeyError, PasskeyUnsupportedError, PruningError, UpdateError, } from "./passkey/errors";
+export { isRegistrationSuccess, RegistrationHelper, } from "./passkey/registration/registration";
+export { isDeleteSuccess, isPruningSuccess, isUpdateSuccess, } from "./passkey/signals/signals";
+export { isAutofillSupport, isPasskeySupport, } from "./passkey/support";
+//# sourceMappingURL=safe.js.map

package/dist/safe.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"safe.js","sourceRoot":"","sources":["../src/safe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAEH,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAA;AACpC,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AACzC,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,UAAU,CAAA;AAM9C,OAAO,EACL,oBAAoB,EACpB,mBAAmB,IAAI,oBAAoB,GAC5C,MAAM,yCAAyC,CAAA;AAahD,OAAO,EACL,kBAAkB,EAClB,eAAe,IAAI,gBAAgB,GACpC,MAAM,qCAAqC,CAAA;AAY5C,OAAO,EACL,aAAa,IAAI,cAAc,EAC/B,eAAe,EACf,sBAAsB,IAAI,uBAAuB,EACjD,uBAAuB,IAAI,wBAAwB,EACnD,sBAAsB,IAAI,uBAAuB,EACjD,gBAAgB,EAChB,eAAe,EACf,aAAa,IAAI,cAAc,EAC/B,aAAa,IAAI,cAAc,GAChC,MAAM,2BAA2B,CAAA;AAElC,kBAAkB;AAElB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,KAAK,EAClC,OAA4B;AAC5B,cAAc;AACd,SAAgC,WAAW,EACO,EAAE,CACpD,IAAI,CACF,gBAAgB,CAAC,OAAO,CAAC,EACzB,KAAK,CAAC,cAAc,CAAC,kBAAkB,EAAE,kBAAkB,CAAC,OAAO,CAAC,EACpE,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,EACpC,YAAY,CACb,CAAA;AAEH,oBAAoB;AAEpB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,CACjC,OAA8B;AAC9B,cAAc;AACd,SAAgC,WAAW,EACW,EAAE,CACxD,IAAI,CACF,oBAAoB,CAAC,OAAO,CAAC,EAC7B,KAAK,CAAC,cAAc,CAAC,oBAAoB,EAAE,oBAAoB,CAAC,OAAO,CAAC,EACxE,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,EACpC,YAAY,CACb,CAAA;AAEH,aAAa;AAEb;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAAuD;AACvD,cAAc;AACd,SAAgC,WAAW,EACL,EAAE;IACxC,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,CAAC,CAAA;IACrC,OAAO,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,YAAY,CAAC,CAAA;AACxE,CAAC,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAGwB;AACxB,cAAc;AACd,SAAgC,WAAW,EACL,EAAE;IACxC,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,CAAC,CAAA;IACrC,OAAO,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,YAAY,CAAC,CAAA;AACxE,CAAC,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA4B;AAC5B,cAAc;AACd,SAAgC,WAAW,EACH,EAAE;IAC1C,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,CAAC,CAAA;IACrC,OAAO,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,YAAY,CAAC,CAAA;AACxE,CAAC,CAAA;AAED,aAAa;AAEb;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,GAAG,EAAE,CACzC,IAAI,CAAC,uBAAuB,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;AAE9C;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,GAAG,EAAE,CAC1C,IAAI,CAAC,wBAAwB,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;AAE/C;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,GAAG,EAAE,CACzC,IAAI,CAAC,uBAAuB,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;AAE9C,gBAAgB;AAEhB,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AACjE,OAAO,EACL,QAAQ,EACR,MAAM,EACN,QAAQ,GACT,MAAM,UAAU,CAAA;AAUjB,OAAO,EACL,oBAAoB,EACpB,uBAAuB,GACxB,MAAM,yCAAyC,CAAA;AAEhD,OAAO,EACL,WAAW,EACX,qBAAqB,EACrB,aAAa,EACb,uBAAuB,EACvB,sBAAsB,EACtB,mBAAmB,EACnB,yBAAyB,EACzB,cAAc,EACd,aAAa,EACb,oBAAoB,EACpB,iBAAiB,EACjB,uBAAuB,EACvB,YAAY,EACZ,WAAW,GACZ,MAAM,kBAAkB,CAAA;AAQzB,OAAO,EACL,qBAAqB,EACrB,kBAAkB,GACnB,MAAM,qCAAqC,CAAA;AAa5C,OAAO,EACL,eAAe,EACf,gBAAgB,EAChB,eAAe,GAChB,MAAM,2BAA2B,CAAA;AAClC,OAAO,EACL,iBAAiB,EACjB,gBAAgB,GACjB,MAAM,mBAAmB,CAAA"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@passlock/client",
-  "version": "2.0.1",
+  "version": "2.0.3",
   "description": "Flexible passkey authentication for Astro, SvelteKit, NextJS and other frameworks",
   "keywords": [
     "passkey",
@@ -35,10 +35,10 @@
       "import": "./dist/index.js",
       "default": "./dist/index.js"
     },
-    "./unsafe": {
-      "types": "./dist/unsafe.d.ts",
-      "import": "./dist/unsafe.js",
-      "default": "./dist/unsafe.js"
+    "./safe": {
+      "types": "./dist/safe.d.ts",
+      "import": "./dist/safe.js",
+      "default": "./dist/safe.js"
     }
   },
   "module": "./dist/index.js",
@@ -48,37 +48,39 @@
   ],
   "dependencies": {
     "@simplewebauthn/browser": "^13.2.2",
-    "effect": "3.19.15"
+    "effect": "3.19.19"
   },
   "devDependencies": {
-    "@biomejs/biome": "^2.3.13",
-    "@effect/language-service": "^0.72.0",
+    "@biomejs/biome": "^2.4.4",
+    "@effect/language-service": "^0.77.0",
     "@fetch-mock/vitest": "^0.2.18",
-    "@typescript/lib-dom": "npm:@types/web@^0.0.323",
-    "globals": "^17.2.0",
-    "npm-check-updates": "^19.3.2",
-    "publint": "0.3.17",
-    "rimraf": "^6.1.2",
+    "@typescript/lib-dom": "npm:@types/web@^0.0.339",
+    "globals": "^17.4.0",
+    "npm-check-updates": "^19.6.3",
+    "publint": "0.3.18",
+    "rimraf": "^6.1.3",
     "tsx": "4.21.0",
+    "typedoc": "^0.28.17",
     "typescript": "^5.9.3",
     "vitest": "^4.0.16"
   },
   "peerDependencies": {
-    "effect": "3.19.15"
+    "effect": "3.19.19"
   },
   "scripts": {
-    "build": "tsc --build",
+    "build": "tsc -p tsconfig.build.json",
     "build:clean": "$npm_execpath run clean:full && $npm_execpath run build",
     "build:production": "$npm_execpath run build:clean && $npm_execpath run build:readme && $npm_execpath run replaceTokens && echo '' && publint",
-    "build:readme": "LATEST=${npm_package_version} tsx ../../scripts/replace-readme-tokens.ts ./packages/client",
-    "clean": "tsc --build --clean",
-    "clean:full": "rimraf dist tsconfig.tsbuildinfo",
-    "replaceTokens": "LATEST=${npm_package_version} tsx ../../scripts/replace-tokens.ts ./packages/client",
+    "build:readme": "VERSION=${npm_package_version} tsx ../../scripts/replace-readme-tokens.ts ./packages/client",
+    "typedoc": "typedoc",
+    "clean": "tsc -p tsconfig.build.json --clean",
+    "clean:full": "rimraf dist tsconfig.build.tsbuildinfo",
+    "replaceTokens": "VERSION=${npm_package_version} tsx ../../scripts/replace-tokens.ts ./packages/client",
     "test:unit": "vitest --project unit run",
     "test:unit:watch": "vitest --project unit",
     "test:integration": "vitest --project integration run",
     "test:all": "vitest --project unit --project integration run",
-    "typecheck": "tsc --noEmit",
+    "typecheck": "tsc -p tsconfig.test.json --noEmit",
     "lint": "biome check .",
     "lint:fix": "biome check --fix .",
     "lint:ci": "biome ci .",

package/dist/logger/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/logger/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAA;;uBAKhB,CAAC,OAAO,EAAE,MAAM,KAAK,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC;sBACvC,CAAC,OAAO,EAAE,MAAM,KAAK,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC;sBACtC,CAAC,OAAO,EAAE,MAAM,KAAK,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC;uBACrC,CAAC,OAAO,EAAE,MAAM,KAAK,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC;;AAN7D,qBAAa,MAAO,SAAQ,WAQzB;CAAG;AAEN,eAAO,MAAM,aAAa,EAAE,OAAO,MAAM,CAAC,OAoBzC,CAAA;AAED,oBAAY,QAAQ;IAClB,KAAK,UAAU;IACf,IAAI,SAAS;IACb,KAAK,UAAU;IACf,IAAI,SAAS;CACd;AAED,qBAAa,QAAS,SAAQ,KAAK;;IAIjC,MAAM,CAAC,IAAI,SAAqB;gBAEpB,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ;IAM5C,IAAI,OAAO,IAAI,MAAM,CAEpB;IAED,IAAI,KAAK,IAAI,QAAQ,CAEpB;CACF;AASD,eAAO,MAAM,WAAW,EAAE,OAAO,MAAM,CAAC,OAKvC,CAAA"}

package/dist/logger/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/logger/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,QAAQ,CAAA;AAEvC,MAAM,OAAO,MAAO,SAAQ,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,EAQ9C;CAAG;AAEN,MAAM,CAAC,MAAM,aAAa,GAA0B;IAClD,QAAQ,EAAE,CAAC,OAAwB,EAAE,GAAG,YAA4B,EAAE,EAAE,CACtE,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;QACd,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;IACtC,CAAC,CAAC;IAEJ,QAAQ,EAAE,CAAC,OAAwB,EAAE,GAAG,YAA4B,EAAE,EAAE,CACtE,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;QACd,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;IACtC,CAAC,CAAC;IAEJ,OAAO,EAAE,CAAC,OAAwB,EAAE,GAAG,YAA4B,EAAE,EAAE,CACrE,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;QACd,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;IACrC,CAAC,CAAC;IAEJ,OAAO,EAAE,CAAC,OAAwB,EAAE,GAAG,YAA4B,EAAE,EAAE,CACrE,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;QACd,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;IACrC,CAAC,CAAC;CACL,CAAA;AAED,MAAM,CAAN,IAAY,QAKX;AALD,WAAY,QAAQ;IAClB,2BAAe,CAAA;IACf,yBAAa,CAAA;IACb,2BAAe,CAAA;IACf,yBAAa,CAAA;AACf,CAAC,EALW,QAAQ,KAAR,QAAQ,QAKnB;AAED,MAAM,OAAO,QAAS,SAAQ,KAAK;IACxB,QAAQ,CAAQ;IAChB,MAAM,CAAU;IAEzB,MAAM,CAAC,IAAI,GAAG,kBAAkB,CAAA;IAEhC,YAAY,OAAe,EAAE,KAAe;QAC1C,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;QACpB,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAA;QACvB,IAAI,CAAC,MAAM,GAAG,KAAK,CAAA;IACrB,CAAC;IAED,IAAI,OAAO;QACT,OAAO,IAAI,CAAC,QAAQ,CAAA;IACtB,CAAC;IAED,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,MAAM,CAAA;IACpB,CAAC;;AAGH,MAAM,QAAQ,GAAG,CAAC,KAAe,EAAE,EAAE,CAAC,CAAC,OAAe,EAAE,EAAE,CACxD,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;IACd,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,CAAC,aAAa,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAA;IACpD,CAAC;AACH,CAAC,CAAC,CAAA;AAEJ,MAAM,CAAC,MAAM,WAAW,GAA0B;IAChD,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;IAClC,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;IAClC,OAAO,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC;IAChC,OAAO,EAAE,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC;CACjC,CAAA"}