@passlock/client 2.0.6 → 2.2.1

package/dist/passkey/signals/signals.d.ts

@@ -3,42 +3,105 @@ import { Logger } from "../../logger.js";
 import type { PasslockOptions } from "../../options.js";
 import { DeleteError, type OrphanedPasskeyError, PruningError, UpdateError } from "../errors.js";
 /**
- * Does the current device support local passkey removal
+ * Detect support for browser-driven local passkey removal via
+ * `PublicKeyCredential.signalUnknownCredential`.
  */
 export declare const isPasskeyDeleteSupport: Micro.Micro<boolean, never, never>;
 /**
- * Does the current device support local passkey pruning
+ * Detect support for browser-driven passkey pruning via
+ * `PublicKeyCredential.signalAllAcceptedCredentials`.
  */
 export declare const isPasskeyPruningSupport: Micro.Micro<boolean, never, never>;
 /**
- * Does the current device support local passkey updates
+ * Detect support for browser-driven passkey user-detail updates via
+ * `PublicKeyCredential.signalCurrentUserDetails`.
  */
 export declare const isPasskeyUpdateSupport: Micro.Micro<boolean, never, never>;
+/**
+ * Delete a local passkey by Passlock passkey ID.
+ *
+ * The library uses the tenancy information to look up the credential metadata
+ * before signalling the browser.
+ *
+ * @see {@link deletePasskey}
+ * @category Passkeys (core)
+ */
 export interface DeletePasskeyOptions extends PasslockOptions {
+    /**
+     * Passlock passkey ID (authenticator ID).
+     */
     passkeyId: string;
 }
+/**
+ * Delete a local passkey using credential metadata you already have.
+ *
+ * This shape is typically produced by `@passlock/server`'s
+ * `deleteUserPasskeys` helper, so the browser can be signalled without an
+ * extra Passlock lookup.
+ *
+ * @see {@link deletePasskey}
+ * @see {@link deleteUserPasskeys}
+ * @category Passkeys (core)
+ */
 export interface DeleteCredentialOptions extends PasslockOptions {
+    /**
+     * WebAuthn credential ID.
+     */
     credentialId: string;
+    /**
+     * Credential user ID.
+     */
     userId: string;
+    /**
+     * Relying party ID.
+     */
     rpId: string;
 }
 /**
- * Instruct the device to remove a passkey. E.g. attempt to remove it from
- * Apple Password Manager / iCloud.
+ * Instruct the browser to remove a local passkey, for example from a password
+ * manager.
+ *
+ * If you pass a Passlock `passkeyId`, the library first fetches the associated
+ * credential metadata from Passlock. If you pass a credential payload or
+ * {@link OrphanedPasskeyError}, it can signal the browser directly.
  *
  * @param options Passkey identifier/credential details and Passlock tenancy options.
- * @returns A Micro effect that resolves with a {@link DeleteSuccess} or fails with {@link DeleteError}.
+ * @returns A Micro effect that resolves with a {@link DeleteSuccess} once the
+ * removal signal has been queued, or fails with {@link DeleteError}.
  */
 export declare const deletePasskey: (options: DeletePasskeyOptions | DeleteCredentialOptions | OrphanedPasskeyError) => Micro.Micro<DeleteSuccess, DeleteError, Logger>;
+/**
+ * Keep only the listed Passlock passkeys for a user on the current device.
+ *
+ * The library resolves those passkey IDs to the accepted WebAuthn credential
+ * list before signalling the browser.
+ *
+ * @see {@link prunePasskeys}
+ * @category Passkeys (core)
+ */
 export interface PrunePasskeyOptions extends PasslockOptions {
+    /**
+     * Passlock passkey IDs that should remain available on this device.
+     */
     allowablePasskeyIds: Array<string>;
 }
+/**
+ * Indicates the library finished the accepted-credentials signalling flow.
+ *
+ * @category Passkeys (core)
+ */
 export type PruningSuccess = {
     _tag: "PruningSuccess";
 };
+/**
+ * Type guard for {@link PruningSuccess}.
+ *
+ * @category Passkeys (other)
+ */
 export declare const isPruningSuccess: (payload: unknown) => payload is PruningSuccess;
 /**
- * Given a list of passkey IDs, instruct the device to remove any redundant passkeys.
+ * Given a list of passkey IDs to keep, instruct the device to remove any
+ * redundant passkeys for the same account on the same relying party.
  *
  * Note: this will only remove redundant passkeys (based on the userId).
  *
@@ -53,7 +116,9 @@ export declare const isPruningSuccess: (payload: unknown) => payload is PruningS
  * different account, the device will retain it.
  *
  * @param options Passlock tenancy/endpoint options and the passkey IDs to keep.
- * @returns A Micro effect that resolves with a {@link PruningSuccess} or fails with {@link PruningError}.
+ * @returns A Micro effect that resolves with a {@link PruningSuccess} once the
+ * accepted-credentials signal has been sent, or fails with
+ * {@link PruningError}.
  */
 export declare const prunePasskeys: (options: PrunePasskeyOptions) => Micro.Micro<PruningSuccess, PruningError, Logger>;
 /**
@@ -65,43 +130,99 @@ export declare const prunePasskeys: (options: PrunePasskeyOptions) => Micro.Micr
  */
 export interface UpdatePasskeyOptions extends PasslockOptions {
     /**
-     * The Passlock passkey id
+     * The Passlock passkey ID (authenticator ID).
      */
     passkeyId: string;
     /**
-     * New username
+     * New username shown alongside the passkey.
      */
     username: string;
     /**
-     * New display name
+     * New display name shown alongside the passkey.
      */
     displayName?: string | undefined;
 }
 /**
- * Used when you want to update one or more passkeys by the Credential User ID i.e. the
- * immutable Base64Url encoded binary ID.
+ * Used when you want to update one or more passkeys by the credential user ID,
+ * that is the immutable Base64Url-encoded binary ID.
+ *
+ * This shape is usually returned by `@passlock/server`'s
+ * `updatePasskeyUsernames` helper and does not include tenancy or endpoint
+ * configuration.
  *
  * @see {@link updatePasskey}
  * @see {@link https://passlock.dev/rest-api/credential/ The Credential property (main docs site)}
  *
  * @category Passkeys (core)
  */
-export interface UpdateCredentialOptions extends PasslockOptions {
+export interface UpdateCredentialOptions {
+    /**
+     * Credential user ID.
+     */
     userId: string;
+    /**
+     * Relying party identifier for the passkey.
+     */
     rpId: string;
     /**
-     * New username
+     * New username shown alongside the passkey.
      */
     username: string;
     /**
-     * New display name
+     * New display name shown alongside the passkey.
      */
     displayName?: string | undefined;
 }
+/**
+ * Indicates the library finished the local passkey update signalling flow.
+ *
+ * @category Passkeys (core)
+ */
 export type UpdateSuccess = {
     _tag: "UpdateSuccess";
 };
+/**
+ * Type guard for {@link UpdateSuccess}.
+ *
+ * @category Passkeys (other)
+ */
 export declare const isUpdateSuccess: (payload: unknown) => payload is UpdateSuccess;
+/**
+ * Update the username and/or display name for multiple local passkeys.
+ *
+ * Note: this is purely informational. It does not change any passkey
+ * identifiers.
+ *
+ * The typical use case is when a user changes their account email. You would
+ * update the username in your backend system, then pass the returned
+ * credential list into this function so the same account label is shown in the
+ * user's password manager.
+ *
+ * @param options Credential identifiers plus the updated username/display name,
+ * typically taken from `@passlock/server`'s `updatePasskeyUsernames`
+ * response.
+ * @returns A Micro effect that resolves with a {@link UpdateSuccess} once the
+ * browser has been asked to refresh those details, or fails with
+ * {@link UpdateError}.
+ */
+export declare const updatePasskeyUsernames: (options: ReadonlyArray<UpdateCredentialOptions>) => Micro.Micro<{
+    readonly _tag: "UpdateSuccess";
+}, UpdateError, Logger>;
+/**
+ * Delete multiple local passkeys using credentials previously returned from
+ * your backend.
+ *
+ * The typical flow is to delete the server-side passkeys first, then pass the
+ * returned `deleted` array into this function so the user’s password manager is
+ * updated too.
+ *
+ * @param options Credentials derived from deleted server-side passkeys.
+ * @returns A Micro effect that resolves with a {@link DeleteSuccess} once the
+ * removal signals have been queued, or fails with {@link DeleteError}.
+ */
+export declare const deleteUserPasskeys: (options: ReadonlyArray<Credential>) => Micro.Micro<{
+    readonly _tag: "DeleteSuccess";
+}, DeleteError, Logger>;
 /**
  * Update a passkey e.g. change the username and/or display name.
  * Note: this is purely informational, it does not change any identifiers.
@@ -111,17 +232,36 @@ export declare const isUpdateSuccess: (payload: unknown) => payload is UpdateSuc
  * account would still show up in their password manager as old-name@gmail.com.
  *
  * @param options Passkey update options.
- * @returns A Micro effect that resolves with a {@link UpdateSuccess} or fails with {@link UpdateError}.
+ * @returns A Micro effect that resolves with a {@link UpdateSuccess} once the
+ * browser has been asked to refresh the local details, or fails with
+ * {@link UpdateError}.
  */
 export declare const updatePasskey: (options: UpdatePasskeyOptions | UpdateCredentialOptions) => Micro.Micro<{
     readonly _tag: "UpdateSuccess";
 }, UpdateError, Logger>;
-export type CredentialMapping = {
+/**
+ * Credential metadata required to target a local passkey on the device.
+ *
+ * @category Passkeys (core)
+ */
+export type Credential = {
+    /**
+     * WebAuthn credential ID.
+     */
     credentialId: string;
+    /**
+     * Credential user ID.
+     */
     userId: string;
+    /**
+     * Relying party ID.
+     */
     rpId: string;
 };
-export type CredentialMappings = {
+/**
+ * Accepted credential list for a single user on a relying party.
+ */
+export type UserCredentials = {
     rpId: string;
     userId: string;
     allAcceptedCredentialIds: string[];
@@ -134,25 +274,46 @@ type IPasskeyNotFound = {
 export type DeleteSuccess = {
     _tag: "DeleteSuccess";
 };
+/**
+ * Type guard for {@link DeleteSuccess}.
+ *
+ * @category Passkeys (other)
+ */
 export declare const isDeleteSuccess: (payload: unknown) => payload is DeleteSuccess;
 /**
- * Tell the client device to remove a given credential
+ * Queue a browser removal signal for a credential.
  *
- * @param credential Credential mapping or missing-passkey payload.
- * @returns A Micro effect that resolves with a {@link DeleteSuccess} or fails with {@link DeleteError}.
+ * @param credential Credential or missing-passkey payload.
+ * @returns A Micro effect that resolves with a {@link DeleteSuccess} once the
+ * removal signal has been queued, or fails with {@link DeleteError}.
  */
-export declare const signalCredentialRemoval: (credential: CredentialMapping | IPasskeyNotFound) => Micro.Micro<DeleteSuccess, DeleteError, Logger>;
+export declare const signalCredentialRemoval: (credential: Credential | IPasskeyNotFound) => Micro.Micro<DeleteSuccess, DeleteError, Logger>;
 /**
- * Tell the client device which credentials are still accepted for a user.
+ * Tell the browser which credentials are still accepted for a user.
  *
- * @param credentials Accepted credential mapping for the user.
- * @returns A Micro effect that resolves with a {@link PruningSuccess} or fails with {@link PruningError}.
+ * @param credentials Accepted credentials for the user.
+ * @returns A Micro effect that resolves with a {@link PruningSuccess} once the
+ * accepted-credentials signal has been sent, or fails with
+ * {@link PruningError}.
+ */
+export declare const signalAcceptedCredentials: (credentials: UserCredentials) => Micro.Micro<PruningSuccess, PruningError, Logger>;
+/**
+ * Credential identity needed to update the user-visible details for a local
+ * passkey.
  */
-export declare const signalAcceptedCredentials: (credentials: CredentialMappings) => Micro.Micro<PruningSuccess, PruningError, Logger>;
 export type CredentialUserId = {
     userId: string;
     rpId: string;
 };
+/**
+ * Tell the browser to refresh the username and display name shown for a local
+ * passkey.
+ *
+ * @param credential Credential identity used to find the passkey.
+ * @param updates Updated username/display-name values.
+ * @returns A Micro effect that resolves with an {@link UpdateSuccess} once the
+ * signal has been sent, or fails with {@link UpdateError}.
+ */
 export declare const signalCurrentUserDetails: (credential: CredentialUserId, updates: Pick<UpdatePasskeyOptions, "username" | "displayName">) => Micro.Micro<{
     readonly _tag: "UpdateSuccess";
 }, UpdateError, Logger>;

package/dist/passkey/signals/signals.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"signals.d.ts","sourceRoot":"","sources":["../../../src/passkey/signals/signals.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAQ,MAAM,QAAQ,CAAA;AAGpC,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AACxC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AACvD,OAAO,EACL,WAAW,EACX,KAAK,oBAAoB,EACzB,YAAY,EACZ,WAAW,EACZ,MAAM,cAAc,CAAA;AAErB;;GAEG;AACH,eAAO,MAAM,sBAAsB,oCAKjC,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,uBAAuB,oCAKlC,CAAA;AAEF;;GAEG;AACH,eAAO,MAAM,sBAAsB,oCAKjC,CAAA;AAEF,MAAM,WAAW,oBAAqB,SAAQ,eAAe;IAC3D,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,uBAAwB,SAAQ,eAAe;IAC9D,YAAY,EAAE,MAAM,CAAA;IACpB,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,MAAM,CAAA;CACb;AAED;;;;;;GAMG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,GAAG,uBAAuB,GAAG,oBAAoB,oDAmB5E,CAAA;AAkCJ,MAAM,WAAW,mBAAoB,SAAQ,eAAe;IAC1D,mBAAmB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;CACnC;AAED,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,gBAAgB,CAAA;CACvB,CAAA;AAED,eAAO,MAAM,gBAAgB,GAC3B,SAAS,OAAO,KACf,OAAO,IAAI,cAMb,CAAA;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,aAAa,GAAI,SAAS,mBAAmB,sDA2CtD,CAAA;AAEJ;;;;;;GAMG;AACH,MAAM,WAAW,oBAAqB,SAAQ,eAAe;IAC3D;;OAEG;IACH,SAAS,EAAE,MAAM,CAAA;IAEjB;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAEhB;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC;AAED;;;;;;;;GAQG;AACH,MAAM,WAAW,uBAAwB,SAAQ,eAAe;IAC9D,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,MAAM,CAAA;IAEZ;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAEhB;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,EAAE,eAAe,CAAA;CACtB,CAAA;AAED,eAAO,MAAM,eAAe,GAAI,SAAS,OAAO,KAAG,OAAO,IAAI,aAM7D,CAAA;AAED;;;;;;;;;;GAUG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,GAAG,uBAAuB;;uBAmBrD,CAAA;AAoCJ,MAAM,MAAM,iBAAiB,GAAG;IAC9B,YAAY,EAAE,MAAM,CAAA;IACpB,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAoBD,MAAM,MAAM,kBAAkB,GAAG;IAC/B,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,MAAM,CAAA;IACd,wBAAwB,EAAE,MAAM,EAAE,CAAA;CACnC,CAAA;AAoBD,KAAK,gBAAgB,GAAG;IACtB,OAAO,EAAE,MAAM,CAAA;IACf,YAAY,EAAE,MAAM,CAAA;IACpB,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,EAAE,eAAe,CAAA;CACtB,CAAA;AAED,eAAO,MAAM,eAAe,GAAI,SAAS,OAAO,KAAG,OAAO,IAAI,aAM7D,CAAA;AAED;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB,GAClC,YAAY,iBAAiB,GAAG,gBAAgB,KAC/C,KAAK,CAAC,KAAK,CAAC,aAAa,EAAE,WAAW,EAAE,MAAM,CAqC7C,CAAA;AAEJ;;;;;GAKG;AACH,eAAO,MAAM,yBAAyB,GACpC,aAAa,kBAAkB,KAC9B,KAAK,CAAC,KAAK,CAAC,cAAc,EAAE,YAAY,EAAE,MAAM,CAqC/C,CAAA;AAEJ,MAAM,MAAM,gBAAgB,GAAG;IAC7B,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAED,eAAO,MAAM,wBAAwB,GACnC,YAAY,gBAAgB,EAC5B,SAAS,IAAI,CAAC,oBAAoB,EAAE,UAAU,GAAG,aAAa,CAAC;;uBAyC7D,CAAA"}
+{"version":3,"file":"signals.d.ts","sourceRoot":"","sources":["../../../src/passkey/signals/signals.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAQ,MAAM,QAAQ,CAAA;AAGpC,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAA;AACxC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AACvD,OAAO,EACL,WAAW,EACX,KAAK,oBAAoB,EACzB,YAAY,EACZ,WAAW,EACZ,MAAM,cAAc,CAAA;AAErB;;;GAGG;AACH,eAAO,MAAM,sBAAsB,oCAKjC,CAAA;AAEF;;;GAGG;AACH,eAAO,MAAM,uBAAuB,oCAKlC,CAAA;AAEF;;;GAGG;AACH,eAAO,MAAM,sBAAsB,oCAKjC,CAAA;AAEF;;;;;;;;GAQG;AACH,MAAM,WAAW,oBAAqB,SAAQ,eAAe;IAC3D;;OAEG;IACH,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;;;;;;;;;GAUG;AACH,MAAM,WAAW,uBAAwB,SAAQ,eAAe;IAC9D;;OAEG;IACH,YAAY,EAAE,MAAM,CAAA;IAEpB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAA;IAEd;;OAEG;IACH,IAAI,EAAE,MAAM,CAAA;CACb;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,GAAG,uBAAuB,GAAG,oBAAoB,oDAmB5E,CAAA;AAkCJ;;;;;;;;GAQG;AACH,MAAM,WAAW,mBAAoB,SAAQ,eAAe;IAC1D;;OAEG;IACH,mBAAmB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAA;CACnC;AAED;;;;GAIG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,gBAAgB,CAAA;CACvB,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,GAC3B,SAAS,OAAO,KACf,OAAO,IAAI,cAMb,CAAA;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,eAAO,MAAM,aAAa,GAAI,SAAS,mBAAmB,sDA2CtD,CAAA;AAEJ;;;;;;GAMG;AACH,MAAM,WAAW,oBAAqB,SAAQ,eAAe;IAC3D;;OAEG;IACH,SAAS,EAAE,MAAM,CAAA;IAEjB;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAEhB;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,uBAAuB;IACtC;;OAEG;IACH,MAAM,EAAE,MAAM,CAAA;IAEd;;OAEG;IACH,IAAI,EAAE,MAAM,CAAA;IAEZ;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAEhB;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC;AAED;;;;GAIG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,EAAE,eAAe,CAAA;CACtB,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,eAAe,GAAI,SAAS,OAAO,KAAG,OAAO,IAAI,aAM7D,CAAA;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,sBAAsB,GACjC,SAAS,aAAa,CAAC,uBAAuB,CAAC;;uBAsB7C,CAAA;AAEJ;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,kBAAkB,GAC7B,SAAS,aAAa,CAAC,UAAU,CAAC;;uBAoBhC,CAAA;AAEJ;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,GAAG,uBAAuB;;uBAmBrD,CAAA;AAkCJ;;;;GAIG;AACH,MAAM,MAAM,UAAU,GAAG;IACvB;;OAEG;IACH,YAAY,EAAE,MAAM,CAAA;IAEpB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAA;IAEd;;OAEG;IACH,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAoBD;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,MAAM,CAAA;IACZ,MAAM,EAAE,MAAM,CAAA;IACd,wBAAwB,EAAE,MAAM,EAAE,CAAA;CACnC,CAAA;AAoBD,KAAK,gBAAgB,GAAG;IACtB,OAAO,EAAE,MAAM,CAAA;IACf,YAAY,EAAE,MAAM,CAAA;IACpB,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAED,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,EAAE,eAAe,CAAA;CACtB,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,eAAe,GAAI,SAAS,OAAO,KAAG,OAAO,IAAI,aAM7D,CAAA;AAED;;;;;;GAMG;AACH,eAAO,MAAM,uBAAuB,GAClC,YAAY,UAAU,GAAG,gBAAgB,KACxC,KAAK,CAAC,KAAK,CAAC,aAAa,EAAE,WAAW,EAAE,MAAM,CAqC7C,CAAA;AAEJ;;;;;;;GAOG;AACH,eAAO,MAAM,yBAAyB,GACpC,aAAa,eAAe,KAC3B,KAAK,CAAC,KAAK,CAAC,cAAc,EAAE,YAAY,EAAE,MAAM,CAqC/C,CAAA;AAEJ;;;GAGG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,wBAAwB,GACnC,YAAY,gBAAgB,EAC5B,SAAS,IAAI,CAAC,oBAAoB,EAAE,UAAU,GAAG,aAAa,CAAC;;uBAyC7D,CAAA"}

package/dist/passkey/signals/signals.js

@@ -4,32 +4,40 @@ import { makeEndpoint } from "../../internal/index.js";
 import { Logger } from "../../logger.js";
 import { DeleteError, PruningError, UpdateError, } from "../errors.js";
 /**
- * Does the current device support local passkey removal
+ * Detect support for browser-driven local passkey removal via
+ * `PublicKeyCredential.signalUnknownCredential`.
  */
 export const isPasskeyDeleteSupport = Micro.sync(() => {
     return (PublicKeyCredential?.signalUnknownCredential &&
         typeof PublicKeyCredential.signalUnknownCredential === "function");
 });
 /**
- * Does the current device support local passkey pruning
+ * Detect support for browser-driven passkey pruning via
+ * `PublicKeyCredential.signalAllAcceptedCredentials`.
  */
 export const isPasskeyPruningSupport = Micro.sync(() => {
     return (PublicKeyCredential?.signalAllAcceptedCredentials &&
         typeof PublicKeyCredential.signalAllAcceptedCredentials === "function");
 });
 /**
- * Does the current device support local passkey updates
+ * Detect support for browser-driven passkey user-detail updates via
+ * `PublicKeyCredential.signalCurrentUserDetails`.
  */
 export const isPasskeyUpdateSupport = Micro.sync(() => {
     return (PublicKeyCredential?.signalCurrentUserDetails &&
         typeof PublicKeyCredential.signalCurrentUserDetails === "function");
 });
 /**
- * Instruct the device to remove a passkey. E.g. attempt to remove it from
- * Apple Password Manager / iCloud.
+ * Instruct the browser to remove a local passkey, for example from a password
+ * manager.
+ *
+ * If you pass a Passlock `passkeyId`, the library first fetches the associated
+ * credential metadata from Passlock. If you pass a credential payload or
+ * {@link OrphanedPasskeyError}, it can signal the browser directly.
  *
  * @param options Passkey identifier/credential details and Passlock tenancy options.
- * @returns A Micro effect that resolves with a {@link DeleteSuccess} or fails with {@link DeleteError}.
+ * @returns A Micro effect that resolves with a {@link DeleteSuccess} once the
+ * removal signal has been queued, or fails with {@link DeleteError}.
  */
 export const deletePasskey = (options) => Micro.gen(function* () {
     const logger = yield* Micro.service(Logger);
@@ -40,10 +48,10 @@ export const deletePasskey = (options) => Micro.gen(function* () {
             code: "PASSKEY_DELETION_UNSUPPORTED",
             message: "Passkey deletion not supported on this device",
         }));
-    const credential = "rpId" in options ? options : yield* getCredentialMapping(options);
+    const credential = "rpId" in options ? options : yield* getCredential(options);
     return yield* signalCredentialRemoval(credential);
 });
-const getCredentialMapping = (options) => Micro.gen(function* () {
+const getCredential = (options) => Micro.gen(function* () {
     const { tenancyId } = options;
     const logger = yield* Micro.service(Logger);
     const { endpoint } = makeEndpoint(options);
@@ -56,13 +64,18 @@ const getCredentialMapping = (options) => Micro.gen(function* () {
             message: "Unable to find the metadata associated with this passkey",
         }));
     const credential = yield* Micro.promise(() => response.json());
-    if (!isCredentialMapping(credential))
+    if (!isCredential(credential))
         return yield* Micro.fail(new DeleteError({
             code: "OTHER_ERROR",
             message: "Invalid metadata associated with this passkey",
         }));
     return credential;
 });
+/**
+ * Type guard for {@link PruningSuccess}.
+ *
+ * @category Passkeys (other)
+ */
 export const isPruningSuccess = (payload) => {
     if (typeof payload !== "object")
         return false;
@@ -75,7 +88,8 @@ export const isPruningSuccess = (payload) => {
     return payload._tag === "PruningSuccess";
 };
 /**
- * Given a list of passkey IDs, instruct the device to remove any redundant passkeys.
+ * Given a list of passkey IDs to keep, instruct the device to remove any
+ * redundant passkeys for the same account on the same relying party.
  *
  * Note: this will only remove redundant passkeys (based on the userId).
  *
@@ -90,7 +104,9 @@ export const isPruningSuccess = (payload) => {
  * different account, the device will retain it.
  *
  * @param options Passlock tenancy/endpoint options and the passkey IDs to keep.
- * @returns A Micro effect that resolves with a {@link PruningSuccess} or fails with {@link PruningError}.
+ * @returns A Micro effect that resolves with a {@link PruningSuccess} once the
+ * accepted-credentials signal has been sent, or fails with
+ * {@link PruningError}.
  */
 export const prunePasskeys = (options) => Micro.gen(function* () {
     const { tenancyId } = options;
@@ -113,13 +129,18 @@ export const prunePasskeys = (options) => Micro.gen(function* () {
             message: "Unable to find the metadata associated with these passkeys",
         }));
     const credentials = yield* Micro.promise(() => response.json());
-    if (!isCredentialMappings(credentials))
+    if (!isUserCredentials(credentials))
         return yield* Micro.fail(new PruningError({
             code: "OTHER_ERROR",
             message: "Invalid metadata associated with one or more passkeys",
         }));
     return yield* signalAcceptedCredentials(credentials);
 });
+/**
+ * Type guard for {@link UpdateSuccess}.
+ *
+ * @category Passkeys (other)
+ */
 export const isUpdateSuccess = (payload) => {
     if (typeof payload !== "object")
         return false;
@@ -131,6 +152,64 @@ export const isUpdateSuccess = (payload) => {
         return false;
     return payload._tag === "UpdateSuccess";
 };
+/**
+ * Update the username and/or display name for multiple local passkeys.
+ *
+ * Note: this is purely informational. It does not change any passkey
+ * identifiers.
+ *
+ * The typical use case is when a user changes their account email. You would
+ * update the username in your backend system, then pass the returned
+ * credential list into this function so the same account label is shown in the
+ * user's password manager.
+ *
+ * @param options Credential identifiers plus the updated username/display name,
+ * typically taken from `@passlock/server`'s `updatePasskeyUsernames`
+ * response.
+ * @returns A Micro effect that resolves with a {@link UpdateSuccess} once the
+ * browser has been asked to refresh those details, or fails with
+ * {@link UpdateError}.
+ */
+export const updatePasskeyUsernames = (options) => Micro.gen(function* () {
+    const logger = yield* Micro.service(Logger);
+    yield* logger.logInfo("Testing for local passkey update support");
+    const canUpdate = yield* isPasskeyUpdateSupport;
+    if (!canUpdate)
+        return yield* Micro.fail(new UpdateError({
+            code: "PASSKEY_UPDATE_UNSUPPORTED",
+            message: "Passkey update not supported on this device",
+        }));
+    yield* Micro.forEach(options, (credential) => signalCurrentUserDetails(credential, credential));
+    return {
+        _tag: "UpdateSuccess",
+    };
+});
+/**
+ * Delete multiple local passkeys using credentials previously returned from
+ * your backend.
+ *
+ * The typical flow is to delete the server-side passkeys first, then pass the
+ * returned `deleted` array into this function so the user’s password manager is
+ * updated too.
+ *
+ * @param options Credentials derived from deleted server-side passkeys.
+ * @returns A Micro effect that resolves with a {@link DeleteSuccess} once the
+ * removal signals have been queued, or fails with {@link DeleteError}.
+ */
+export const deleteUserPasskeys = (options) => Micro.gen(function* () {
+    const logger = yield* Micro.service(Logger);
+    yield* logger.logInfo("Testing for local passkey removal support");
+    const canDelete = yield* isPasskeyDeleteSupport;
+    if (!canDelete)
+        return yield* Micro.fail(new DeleteError({
+            code: "PASSKEY_DELETION_UNSUPPORTED",
+            message: "Passkey deletion not supported on this device",
+        }));
+    yield* Micro.forEach(options, signalCredentialRemoval);
+    return {
+        _tag: "DeleteSuccess",
+    };
+});
 /**
  * Update a passkey e.g. change the username and/or display name.
  * Note: this is purely informational, it does not change any identifiers.
@@ -140,7 +219,9 @@ export const isUpdateSuccess = (payload) => {
  * account would still show up in their password manager as old-name@gmail.com.
  *
  * @param options Passkey update options.
- * @returns A Micro effect that resolves with a {@link UpdateSuccess} or fails with {@link UpdateError}.
+ * @returns A Micro effect that resolves with a {@link UpdateSuccess} once the
+ * browser has been asked to refresh the local details, or fails with
+ * {@link UpdateError}.
  */
 export const updatePasskey = (options) => Micro.gen(function* () {
     const logger = yield* Micro.service(Logger);
@@ -151,10 +232,10 @@ export const updatePasskey = (options) => Micro.gen(function* () {
             code: "PASSKEY_UPDATE_UNSUPPORTED",
             message: "Passkey update not supported on this device",
         }));
-    const credential = "rpId" in options ? options : yield* getUserCredentialMapping(options);
+    const credential = "rpId" in options ? options : yield* getUserCredential(options);
     return yield* signalCurrentUserDetails(credential, options);
 });
-const getUserCredentialMapping = (options) => Micro.gen(function* () {
+const getUserCredential = (options) => Micro.gen(function* () {
     const { tenancyId } = options;
     const logger = yield* Micro.service(Logger);
     const { endpoint } = makeEndpoint(options);
@@ -167,14 +248,14 @@ const getUserCredentialMapping = (options) => Micro.gen(function* () {
             message: "Unable to find the metadata associated with this passkey",
         }));
     const credential = yield* Micro.promise(() => response.json());
-    if (!isCredentialMapping(credential))
+    if (!isCredential(credential))
         return yield* Micro.fail(new UpdateError({
             code: "OTHER_ERROR",
             message: "Invalid metadata associated with this passkey",
         }));
     return credential;
 });
-const isCredentialMapping = (payload) => {
+const isCredential = (payload) => {
     if (typeof payload !== "object")
         return false;
     if (payload === null)
@@ -193,7 +274,7 @@ const isCredentialMapping = (payload) => {
         return false;
     return true;
 };
-const isCredentialMappings = (payload) => {
+const isUserCredentials = (payload) => {
     if (typeof payload !== "object")
         return false;
     if (payload === null)
@@ -212,6 +293,11 @@ const isCredentialMappings = (payload) => {
         return false;
     return true;
 };
+/**
+ * Type guard for {@link DeleteSuccess}.
+ *
+ * @category Passkeys (other)
+ */
 export const isDeleteSuccess = (payload) => {
     if (typeof payload !== "object")
         return false;
@@ -224,10 +310,11 @@ export const isDeleteSuccess = (payload) => {
     return payload._tag === "DeleteSuccess";
 };
 /**
- * Tell the client device to remove a given credential
+ * Queue a browser removal signal for a credential.
  *
- * @param credential Credential mapping or missing-passkey payload.
- * @returns A Micro effect that resolves with a {@link DeleteSuccess} or fails with {@link DeleteError}.
+ * @param credential Credential or missing-passkey payload.
+ * @returns A Micro effect that resolves with a {@link DeleteSuccess} once the
+ * removal signal has been queued, or fails with {@link DeleteError}.
  */
 export const signalCredentialRemoval = (credential) => Micro.gen(function* () {
     const logger = yield* Micro.service(Logger);
@@ -252,10 +339,12 @@ export const signalCredentialRemoval = (credential) => Micro.gen(function* () {
     return { _tag: "DeleteSuccess" };
 });
 /**
- * Tell the client device which credentials are still accepted for a user.
+ * Tell the browser which credentials are still accepted for a user.
  *
- * @param credentials Accepted credential mapping for the user.
- * @returns A Micro effect that resolves with a {@link PruningSuccess} or fails with {@link PruningError}.
+ * @param credentials Accepted credentials for the user.
+ * @returns A Micro effect that resolves with a {@link PruningSuccess} once the
+ * accepted-credentials signal has been sent, or fails with
+ * {@link PruningError}.
  */
 export const signalAcceptedCredentials = (credentials) => Micro.gen(function* () {
     const logger = yield* Micro.service(Logger);
@@ -278,6 +367,15 @@ export const signalAcceptedCredentials = (credentials) => Micro.gen(function* ()
     yield* logger.logInfo("Accepted credentials signalled");
     return { _tag: "PruningSuccess" };
 });
+/**
+ * Tell the browser to refresh the username and display name shown for a local
+ * passkey.
+ *
+ * @param credential Credential identity used to find the passkey.
+ * @param updates Updated username/display-name values.
+ * @returns A Micro effect that resolves with an {@link UpdateSuccess} once the
+ * signal has been sent, or fails with {@link UpdateError}.
+ */
 export const signalCurrentUserDetails = (credential, updates) => Micro.gen(function* () {
     const logger = yield* Micro.service(Logger);
     yield* logger.logInfo("Testing for local passkey update support");