@passlock/server 2.1.0 → 2.2.1

package/dist/effect.d.ts

@@ -1,3 +1,11 @@
+/**
+ * Effect-first exports for `@passlock/server`.
+ *
+ * This entrypoint exposes the original `Effect`-returning functions together
+ * with the public schemas used by the package.
+ *
+ * @module effect
+ */
 export type { AssignUserOptions, ListPasskeyOptions, } from "./passkey/passkey.js";
 export { assignUser, deletePasskey, getPasskey, listPasskeys, } from "./passkey/passkey.js";
 export type {} from "./principal/principal.js";

package/dist/effect.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"effect.d.ts","sourceRoot":"","sources":["../src/effect.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,UAAU,EACV,aAAa,EACb,UAAU,EACV,YAAY,GACb,MAAM,sBAAsB,CAAA;AAC7B,YAAY,EAAE,MAAM,0BAA0B,CAAA;AAC9C,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,aAAa,GACd,MAAM,0BAA0B,CAAA;AACjC,cAAc,oBAAoB,CAAA;AAClC,YAAY,EACV,oBAAoB,EACpB,eAAe,GAChB,MAAM,aAAa,CAAA"}
+{"version":3,"file":"effect.d.ts","sourceRoot":"","sources":["../src/effect.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,YAAY,EACV,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,UAAU,EACV,aAAa,EACb,UAAU,EACV,YAAY,GACb,MAAM,sBAAsB,CAAA;AAC7B,YAAY,EAAE,MAAM,0BAA0B,CAAA;AAC9C,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,aAAa,GACd,MAAM,0BAA0B,CAAA;AACjC,cAAc,oBAAoB,CAAA;AAClC,YAAY,EACV,oBAAoB,EACpB,eAAe,GAChB,MAAM,aAAa,CAAA"}

package/dist/effect.js

@@ -1,3 +1,11 @@
+/**
+ * Effect-first exports for `@passlock/server`.
+ *
+ * This entrypoint exposes the original `Effect`-returning functions together
+ * with the public schemas used by the package.
+ *
+ * @module effect
+ */
 export { assignUser, deletePasskey, getPasskey, listPasskeys, } from "./passkey/passkey.js";
 export { exchangeCode, VerificationError, verifyIdToken, } from "./principal/principal.js";
 export * from "./schemas/index.js";

package/dist/effect.js.map

@@ -1 +1 @@
-{"version":3,"file":"effect.js","sourceRoot":"","sources":["../src/effect.ts"],"names":[],"mappings":"AAIA,OAAO,EACL,UAAU,EACV,aAAa,EACb,UAAU,EACV,YAAY,GACb,MAAM,sBAAsB,CAAA;AAE7B,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,aAAa,GACd,MAAM,0BAA0B,CAAA;AACjC,cAAc,oBAAoB,CAAA","sourcesContent":["export type {\n  AssignUserOptions,\n  ListPasskeyOptions,\n} from \"./passkey/passkey.js\"\nexport {\n  assignUser,\n  deletePasskey,\n  getPasskey,\n  listPasskeys,\n} from \"./passkey/passkey.js\"\nexport type {} from \"./principal/principal.js\"\nexport {\n  exchangeCode,\n  VerificationError,\n  verifyIdToken,\n} from \"./principal/principal.js\"\nexport * from \"./schemas/index.js\"\nexport type {\n  AuthenticatedOptions,\n  PasslockOptions,\n} from \"./shared.js\"\n"]}
+{"version":3,"file":"effect.js","sourceRoot":"","sources":["../src/effect.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,OAAO,EACL,UAAU,EACV,aAAa,EACb,UAAU,EACV,YAAY,GACb,MAAM,sBAAsB,CAAA;AAE7B,OAAO,EACL,YAAY,EACZ,iBAAiB,EACjB,aAAa,GACd,MAAM,0BAA0B,CAAA;AACjC,cAAc,oBAAoB,CAAA","sourcesContent":["/**\n * Effect-first exports for `@passlock/server`.\n *\n * This entrypoint exposes the original `Effect`-returning functions together\n * with the public schemas used by the package.\n *\n * @module effect\n */\n\nexport type {\n  AssignUserOptions,\n  ListPasskeyOptions,\n} from \"./passkey/passkey.js\"\nexport {\n  assignUser,\n  deletePasskey,\n  getPasskey,\n  listPasskeys,\n} from \"./passkey/passkey.js\"\nexport type {} from \"./principal/principal.js\"\nexport {\n  exchangeCode,\n  VerificationError,\n  verifyIdToken,\n} from \"./principal/principal.js\"\nexport * from \"./schemas/index.js\"\nexport type {\n  AuthenticatedOptions,\n  PasslockOptions,\n} from \"./shared.js\"\n"]}

package/dist/errors.d.ts

@@ -1,39 +1,75 @@
 /**
+ * Public error payload shapes exposed by the promise-based and safe entrypoints.
+ *
+ * These mirror the tagged errors used internally by the Effect-based
+ * implementation, but are represented as plain object types for easier
+ * consumption outside Effect.
+ */
+/**
+ * Error payload returned when a request is not authenticated.
+ *
  * @category Authentication
  */
 export type UnauthorizedError = {
     _tag: "@error/Unauthorized";
     message: string;
 };
+/**
+ * Type guard for {@link UnauthorizedError}.
+ */
 export declare const isUnauthorizedError: (payload: unknown) => payload is UnauthorizedError;
 /**
+ * Error payload returned when the API key or tenancy is not permitted to
+ * perform the requested action.
+ *
  * @category Authentication
  */
 export type ForbiddenError = {
     _tag: "@error/Forbidden";
     message: string;
 };
+/**
+ * Type guard for {@link ForbiddenError}.
+ */
 export declare const isForbiddenError: (payload: unknown) => payload is ForbiddenError;
 /**
+ * Error payload returned when an exchanged code is invalid or expired.
+ *
  * @category Principal
  */
 export type InvalidCodeError = {
     _tag: "@error/InvalidCode";
     message: string;
 };
+/**
+ * Type guard for {@link InvalidCodeError}.
+ */
 export declare const isInvalidCodeError: (payload: unknown) => payload is InvalidCodeError;
 /**
+ * Error payload returned when `verifyIdToken` cannot validate a token.
+ *
  * @category Principal
  */
 export type VerificationError = {
     _tag: "@error/Verification";
     message: string;
 };
+/**
+ * Type guard for {@link VerificationError}.
+ */
 export declare const isVerificationError: (payload: unknown) => payload is VerificationError;
+/**
+ * Error payload returned when the supplied tenancy identifier is invalid.
+ *
+ * @category Authentication
+ */
 export type InvalidTenancyError = {
     _tag: "@error/InvalidTenancy";
     message: string;
 };
+/**
+ * Type guard for {@link InvalidTenancyError}.
+ */
 export declare const isInvalidTenancyError: (payload: unknown) => payload is InvalidTenancyError;
 /**
  * Error payload returned when a passkey cannot be found for a given
@@ -47,25 +83,54 @@ export type PasskeyNotFoundError = {
     credentialId: string;
     rpId: string;
 };
+/**
+ * Type guard for {@link PasskeyNotFoundError}.
+ */
 export declare const isPasskeyNotFoundError: (payload: unknown) => payload is PasskeyNotFoundError;
+/**
+ * Error payload returned when a requested resource cannot be found.
+ *
+ * @category Passkeys
+ */
 export type NotFoundError = {
     _tag: "@error/NotFound";
     message: string;
 };
+/**
+ * Type guard for {@link NotFoundError}.
+ */
 export declare const isNotFoundError: (payload: unknown) => payload is NotFoundError;
+/**
+ * Error payload returned when an email address is invalid.
+ */
 export type InvalidEmailError = {
     _tag: "@error/InvalidEmail";
     message: string;
 };
+/**
+ * Type guard for {@link InvalidEmailError}.
+ */
 export declare const isInvalidEmailError: (payload: unknown) => payload is InvalidEmailError;
+/**
+ * Error payload returned when an email address already exists.
+ */
 export type DuplicateEmailError = {
     _tag: "@error/DuplicateEmail";
     message: string;
 };
+/**
+ * Type guard for {@link DuplicateEmailError}.
+ */
 export declare const isDuplicateEmailError: (payload: unknown) => payload is DuplicateEmailError;
+/**
+ * Error payload returned when the request body is invalid.
+ */
 export type BadRequestError = {
     _tag: "@error/BadRequest";
     message: string;
 };
+/**
+ * Type guard for {@link BadRequestError}.
+ */
 export declare const isBadRequestError: (payload: unknown) => payload is BadRequestError;
 //# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAsBA;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,IAAI,EAAE,qBAAqB,CAAA;IAC3B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,eAAO,MAAM,mBAAmB,YArBpB,OAAO,KAAG,OAAO,qBAuB5B,CAAA;AAID;;GAEG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,kBAAkB,CAAA;IACxB,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,eAAO,MAAM,gBAAgB,YAnCjB,OAAO,KAAG,OAAO,kBAmC+C,CAAA;AAI5E;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B,IAAI,EAAE,oBAAoB,CAAA;IAC1B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,eAAO,MAAM,kBAAkB,YA/CnB,OAAO,KAAG,OAAO,oBAgDqB,CAAA;AAIlD;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,IAAI,EAAE,qBAAqB,CAAA;IAC3B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,eAAO,MAAM,mBAAmB,YA5DpB,OAAO,KAAG,OAAO,qBA8D5B,CAAA;AAID,MAAM,MAAM,mBAAmB,GAAG;IAChC,IAAI,EAAE,uBAAuB,CAAA;IAC7B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,eAAO,MAAM,qBAAqB,YAvEtB,OAAO,KAAG,OAAO,uBAyE5B,CAAA;AAID;;;;;GAKG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,IAAI,EAAE,wBAAwB,CAAA;IAC9B,OAAO,EAAE,MAAM,CAAA;IACf,YAAY,EAAE,MAAM,CAAA;IACpB,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAED,eAAO,MAAM,sBAAsB,YA1FvB,OAAO,KAAG,OAAO,wBA4F5B,CAAA;AAID,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,EAAE,iBAAiB,CAAA;IACvB,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,eAAO,MAAM,eAAe,YArGhB,OAAO,KAAG,OAAO,iBAqG4C,CAAA;AAIzE,MAAM,MAAM,iBAAiB,GAAG;IAC9B,IAAI,EAAE,qBAAqB,CAAA;IAC3B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,eAAO,MAAM,mBAAmB,YA9GpB,OAAO,KAAG,OAAO,qBAgH5B,CAAA;AAID,MAAM,MAAM,mBAAmB,GAAG;IAChC,IAAI,EAAE,uBAAuB,CAAA;IAC7B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,eAAO,MAAM,qBAAqB,YAzHtB,OAAO,KAAG,OAAO,uBA2H5B,CAAA;AAID,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,mBAAmB,CAAA;IACzB,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED,eAAO,MAAM,iBAAiB,YApIlB,OAAO,KAAG,OAAO,mBAoIkD,CAAA"}
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAiBH;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,IAAI,EAAE,qBAAqB,CAAA;IAC3B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB,YA1BpB,OAAO,KAAG,OAAO,qBA4B5B,CAAA;AAID;;;;;GAKG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,kBAAkB,CAAA;IACxB,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,gBAAgB,YA9CjB,OAAO,KAAG,OAAO,kBA8C+C,CAAA;AAI5E;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B,IAAI,EAAE,oBAAoB,CAAA;IAC1B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,kBAAkB,YA/DnB,OAAO,KAAG,OAAO,oBAgEqB,CAAA;AAIlD;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,IAAI,EAAE,qBAAqB,CAAA;IAC3B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB,YAjFpB,OAAO,KAAG,OAAO,qBAmF5B,CAAA;AAID;;;;GAIG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,IAAI,EAAE,uBAAuB,CAAA;IAC7B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,qBAAqB,YApGtB,OAAO,KAAG,OAAO,uBAsG5B,CAAA;AAID;;;;;GAKG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,IAAI,EAAE,wBAAwB,CAAA;IAC9B,OAAO,EAAE,MAAM,CAAA;IACf,YAAY,EAAE,MAAM,CAAA;IACpB,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,sBAAsB,YA1HvB,OAAO,KAAG,OAAO,wBA4H5B,CAAA;AAID;;;;GAIG;AACH,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,EAAE,iBAAiB,CAAA;IACvB,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,eAAe,YA7IhB,OAAO,KAAG,OAAO,iBA6I4C,CAAA;AAIzE;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,IAAI,EAAE,qBAAqB,CAAA;IAC3B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB,YA5JpB,OAAO,KAAG,OAAO,qBA8J5B,CAAA;AAID;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG;IAChC,IAAI,EAAE,uBAAuB,CAAA;IAC7B,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,qBAAqB,YA7KtB,OAAO,KAAG,OAAO,uBA+K5B,CAAA;AAID;;GAEG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,mBAAmB,CAAA;IACzB,OAAO,EAAE,MAAM,CAAA;CAChB,CAAA;AAED;;GAEG;AACH,eAAO,MAAM,iBAAiB,YA9LlB,OAAO,KAAG,OAAO,mBA8LkD,CAAA"}

package/dist/errors.js

@@ -1,8 +1,9 @@
-/*
- * Publicly exposed errors.
- * The errors we receive from the API live in the schemas/errors.ts module.
- * The errors here have the same shape but they are simple types
- * so are easier for non Effect consumers to handle.
+/**
+ * Public error payload shapes exposed by the promise-based and safe entrypoints.
+ *
+ * These mirror the tagged errors used internally by the Effect-based
+ * implementation, but are represented as plain object types for easier
+ * consumption outside Effect.
  */
 const isTagged = (tag) => (payload) => {
     if (typeof payload !== "object")
@@ -17,14 +18,44 @@ const isTagged = (tag) => (payload) => {
         return false;
     return true;
 };
+/**
+ * Type guard for {@link UnauthorizedError}.
+ */
 export const isUnauthorizedError = isTagged("@error/Unauthorized");
+/**
+ * Type guard for {@link ForbiddenError}.
+ */
 export const isForbiddenError = isTagged("@error/Forbidden");
+/**
+ * Type guard for {@link InvalidCodeError}.
+ */
 export const isInvalidCodeError = isTagged("@error/InvalidCode");
+/**
+ * Type guard for {@link VerificationError}.
+ */
 export const isVerificationError = isTagged("@error/Verification");
+/**
+ * Type guard for {@link InvalidTenancyError}.
+ */
 export const isInvalidTenancyError = isTagged("@error/InvalidTenancy");
+/**
+ * Type guard for {@link PasskeyNotFoundError}.
+ */
 export const isPasskeyNotFoundError = isTagged("@error/PasskeyNotFound");
+/**
+ * Type guard for {@link NotFoundError}.
+ */
 export const isNotFoundError = isTagged("@error/NotFound");
+/**
+ * Type guard for {@link InvalidEmailError}.
+ */
 export const isInvalidEmailError = isTagged("@error/InvalidEmail");
+/**
+ * Type guard for {@link DuplicateEmailError}.
+ */
 export const isDuplicateEmailError = isTagged("@error/DuplicateEmail");
+/**
+ * Type guard for {@link BadRequestError}.
+ */
 export const isBadRequestError = isTagged("@error/BadRequest");
 //# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -1 +1 @@
-{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,QAAQ,GACZ,CAA6B,GAAc,EAAE,EAAE,CAC/C,CAAC,OAAgB,EAAgB,EAAE;IACjC,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAA;IAC7C,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,KAAK,CAAA;IAElC,IAAI,CAAC,CAAC,MAAM,IAAI,OAAO,CAAC;QAAE,OAAO,KAAK,CAAA;IACtC,IAAI,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAA;IAClD,IAAI,OAAO,CAAC,IAAI,KAAK,GAAG;QAAE,OAAO,KAAK,CAAA;IAEtC,OAAO,IAAI,CAAA;AACb,CAAC,CAAA;AAYH,MAAM,CAAC,MAAM,mBAAmB,GAAG,QAAQ,CACzC,qBAAqB,CACtB,CAAA;AAYD,MAAM,CAAC,MAAM,gBAAgB,GAAG,QAAQ,CAAiB,kBAAkB,CAAC,CAAA;AAY5E,MAAM,CAAC,MAAM,kBAAkB,GAC7B,QAAQ,CAAmB,oBAAoB,CAAC,CAAA;AAYlD,MAAM,CAAC,MAAM,mBAAmB,GAAG,QAAQ,CACzC,qBAAqB,CACtB,CAAA;AASD,MAAM,CAAC,MAAM,qBAAqB,GAAG,QAAQ,CAC3C,uBAAuB,CACxB,CAAA;AAiBD,MAAM,CAAC,MAAM,sBAAsB,GAAG,QAAQ,CAC5C,wBAAwB,CACzB,CAAA;AASD,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAgB,iBAAiB,CAAC,CAAA;AASzE,MAAM,CAAC,MAAM,mBAAmB,GAAG,QAAQ,CACzC,qBAAqB,CACtB,CAAA;AASD,MAAM,CAAC,MAAM,qBAAqB,GAAG,QAAQ,CAC3C,uBAAuB,CACxB,CAAA;AASD,MAAM,CAAC,MAAM,iBAAiB,GAAG,QAAQ,CAAkB,mBAAmB,CAAC,CAAA","sourcesContent":["/*\n * Publicly exposed errors.\n * The errors we receive from the API live in the schemas/errors.ts module.\n * The errors here have the same shape but they are simple types\n * so are easier for non Effect consumers to handle.\n */\n\nconst isTagged =\n  <A extends { _tag: string }>(tag: A[\"_tag\"]) =>\n  (payload: unknown): payload is A => {\n    if (typeof payload !== \"object\") return false\n    if (payload === null) return false\n\n    if (!(\"_tag\" in payload)) return false\n    if (typeof payload._tag !== \"string\") return false\n    if (payload._tag !== tag) return false\n\n    return true\n  }\n\n/* Unauthorized */\n\n/**\n * @category Authentication\n */\nexport type UnauthorizedError = {\n  _tag: \"@error/Unauthorized\"\n  message: string\n}\n\nexport const isUnauthorizedError = isTagged<UnauthorizedError>(\n  \"@error/Unauthorized\"\n)\n\n/* Forbidden */\n\n/**\n * @category Authentication\n */\nexport type ForbiddenError = {\n  _tag: \"@error/Forbidden\"\n  message: string\n}\n\nexport const isForbiddenError = isTagged<ForbiddenError>(\"@error/Forbidden\")\n\n/* InvalidCode */\n\n/**\n * @category Principal\n */\nexport type InvalidCodeError = {\n  _tag: \"@error/InvalidCode\"\n  message: string\n}\n\nexport const isInvalidCodeError =\n  isTagged<InvalidCodeError>(\"@error/InvalidCode\")\n\n/* VerificationFailure */\n\n/**\n * @category Principal\n */\nexport type VerificationError = {\n  _tag: \"@error/Verification\"\n  message: string\n}\n\nexport const isVerificationError = isTagged<VerificationError>(\n  \"@error/Verification\"\n)\n\n/* InvalidTenancy */\n\nexport type InvalidTenancyError = {\n  _tag: \"@error/InvalidTenancy\"\n  message: string\n}\n\nexport const isInvalidTenancyError = isTagged<InvalidTenancyError>(\n  \"@error/InvalidTenancy\"\n)\n\n/* PasskeyNotFound */\n\n/**\n * Error payload returned when a passkey cannot be found for a given\n * authentication attempt.\n *\n * @category Passkeys\n */\nexport type PasskeyNotFoundError = {\n  _tag: \"@error/PasskeyNotFound\"\n  message: string\n  credentialId: string\n  rpId: string\n}\n\nexport const isPasskeyNotFoundError = isTagged<PasskeyNotFoundError>(\n  \"@error/PasskeyNotFound\"\n)\n\n/* NotFound */\n\nexport type NotFoundError = {\n  _tag: \"@error/NotFound\"\n  message: string\n}\n\nexport const isNotFoundError = isTagged<NotFoundError>(\"@error/NotFound\")\n\n/* InvalidEmail */\n\nexport type InvalidEmailError = {\n  _tag: \"@error/InvalidEmail\"\n  message: string\n}\n\nexport const isInvalidEmailError = isTagged<InvalidEmailError>(\n  \"@error/InvalidEmail\"\n)\n\n/* DuplicateEmail */\n\nexport type DuplicateEmailError = {\n  _tag: \"@error/DuplicateEmail\"\n  message: string\n}\n\nexport const isDuplicateEmailError = isTagged<DuplicateEmailError>(\n  \"@error/DuplicateEmail\"\n)\n\n/* BadRequest */\n\nexport type BadRequestError = {\n  _tag: \"@error/BadRequest\"\n  message: string\n}\n\nexport const isBadRequestError = isTagged<BadRequestError>(\"@error/BadRequest\")\n"]}
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,QAAQ,GACZ,CAA6B,GAAc,EAAE,EAAE,CAC/C,CAAC,OAAgB,EAAgB,EAAE;IACjC,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAA;IAC7C,IAAI,OAAO,KAAK,IAAI;QAAE,OAAO,KAAK,CAAA;IAElC,IAAI,CAAC,CAAC,MAAM,IAAI,OAAO,CAAC;QAAE,OAAO,KAAK,CAAA;IACtC,IAAI,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAA;IAClD,IAAI,OAAO,CAAC,IAAI,KAAK,GAAG;QAAE,OAAO,KAAK,CAAA;IAEtC,OAAO,IAAI,CAAA;AACb,CAAC,CAAA;AAcH;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,QAAQ,CACzC,qBAAqB,CACtB,CAAA;AAeD;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,QAAQ,CAAiB,kBAAkB,CAAC,CAAA;AAc5E;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAC7B,QAAQ,CAAmB,oBAAoB,CAAC,CAAA;AAclD;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,QAAQ,CACzC,qBAAqB,CACtB,CAAA;AAcD;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,QAAQ,CAC3C,uBAAuB,CACxB,CAAA;AAiBD;;GAEG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,QAAQ,CAC5C,wBAAwB,CACzB,CAAA;AAcD;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,QAAQ,CAAgB,iBAAiB,CAAC,CAAA;AAYzE;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,QAAQ,CACzC,qBAAqB,CACtB,CAAA;AAYD;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,QAAQ,CAC3C,uBAAuB,CACxB,CAAA;AAYD;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,QAAQ,CAAkB,mBAAmB,CAAC,CAAA","sourcesContent":["/**\n * Public error payload shapes exposed by the promise-based and safe entrypoints.\n *\n * These mirror the tagged errors used internally by the Effect-based\n * implementation, but are represented as plain object types for easier\n * consumption outside Effect.\n */\n\nconst isTagged =\n  <A extends { _tag: string }>(tag: A[\"_tag\"]) =>\n  (payload: unknown): payload is A => {\n    if (typeof payload !== \"object\") return false\n    if (payload === null) return false\n\n    if (!(\"_tag\" in payload)) return false\n    if (typeof payload._tag !== \"string\") return false\n    if (payload._tag !== tag) return false\n\n    return true\n  }\n\n/* Unauthorized */\n\n/**\n * Error payload returned when a request is not authenticated.\n *\n * @category Authentication\n */\nexport type UnauthorizedError = {\n  _tag: \"@error/Unauthorized\"\n  message: string\n}\n\n/**\n * Type guard for {@link UnauthorizedError}.\n */\nexport const isUnauthorizedError = isTagged<UnauthorizedError>(\n  \"@error/Unauthorized\"\n)\n\n/* Forbidden */\n\n/**\n * Error payload returned when the API key or tenancy is not permitted to\n * perform the requested action.\n *\n * @category Authentication\n */\nexport type ForbiddenError = {\n  _tag: \"@error/Forbidden\"\n  message: string\n}\n\n/**\n * Type guard for {@link ForbiddenError}.\n */\nexport const isForbiddenError = isTagged<ForbiddenError>(\"@error/Forbidden\")\n\n/* InvalidCode */\n\n/**\n * Error payload returned when an exchanged code is invalid or expired.\n *\n * @category Principal\n */\nexport type InvalidCodeError = {\n  _tag: \"@error/InvalidCode\"\n  message: string\n}\n\n/**\n * Type guard for {@link InvalidCodeError}.\n */\nexport const isInvalidCodeError =\n  isTagged<InvalidCodeError>(\"@error/InvalidCode\")\n\n/* VerificationFailure */\n\n/**\n * Error payload returned when `verifyIdToken` cannot validate a token.\n *\n * @category Principal\n */\nexport type VerificationError = {\n  _tag: \"@error/Verification\"\n  message: string\n}\n\n/**\n * Type guard for {@link VerificationError}.\n */\nexport const isVerificationError = isTagged<VerificationError>(\n  \"@error/Verification\"\n)\n\n/* InvalidTenancy */\n\n/**\n * Error payload returned when the supplied tenancy identifier is invalid.\n *\n * @category Authentication\n */\nexport type InvalidTenancyError = {\n  _tag: \"@error/InvalidTenancy\"\n  message: string\n}\n\n/**\n * Type guard for {@link InvalidTenancyError}.\n */\nexport const isInvalidTenancyError = isTagged<InvalidTenancyError>(\n  \"@error/InvalidTenancy\"\n)\n\n/* PasskeyNotFound */\n\n/**\n * Error payload returned when a passkey cannot be found for a given\n * authentication attempt.\n *\n * @category Passkeys\n */\nexport type PasskeyNotFoundError = {\n  _tag: \"@error/PasskeyNotFound\"\n  message: string\n  credentialId: string\n  rpId: string\n}\n\n/**\n * Type guard for {@link PasskeyNotFoundError}.\n */\nexport const isPasskeyNotFoundError = isTagged<PasskeyNotFoundError>(\n  \"@error/PasskeyNotFound\"\n)\n\n/* NotFound */\n\n/**\n * Error payload returned when a requested resource cannot be found.\n *\n * @category Passkeys\n */\nexport type NotFoundError = {\n  _tag: \"@error/NotFound\"\n  message: string\n}\n\n/**\n * Type guard for {@link NotFoundError}.\n */\nexport const isNotFoundError = isTagged<NotFoundError>(\"@error/NotFound\")\n\n/* InvalidEmail */\n\n/**\n * Error payload returned when an email address is invalid.\n */\nexport type InvalidEmailError = {\n  _tag: \"@error/InvalidEmail\"\n  message: string\n}\n\n/**\n * Type guard for {@link InvalidEmailError}.\n */\nexport const isInvalidEmailError = isTagged<InvalidEmailError>(\n  \"@error/InvalidEmail\"\n)\n\n/* DuplicateEmail */\n\n/**\n * Error payload returned when an email address already exists.\n */\nexport type DuplicateEmailError = {\n  _tag: \"@error/DuplicateEmail\"\n  message: string\n}\n\n/**\n * Type guard for {@link DuplicateEmailError}.\n */\nexport const isDuplicateEmailError = isTagged<DuplicateEmailError>(\n  \"@error/DuplicateEmail\"\n)\n\n/* BadRequest */\n\n/**\n * Error payload returned when the request body is invalid.\n */\nexport type BadRequestError = {\n  _tag: \"@error/BadRequest\"\n  message: string\n}\n\n/**\n * Type guard for {@link BadRequestError}.\n */\nexport const isBadRequestError = isTagged<BadRequestError>(\"@error/BadRequest\")\n"]}

package/dist/index.d.ts

@@ -1,18 +1,24 @@
 /**
- * Unsafe functions that could potentially throw errors.
+ * Promise-based functions that reject with tagged error payloads for expected
+ * API failures.
+ *
+ * Unexpected runtime defects may still throw.
  *
  * @categoryDescription Passkeys
  * Functions and related types for managing passkeys
  *
  * @showCategories
  *
- * @module unsafe
+ * @module unsafe (default)
  */
-import type { AssignUserOptions, DeletePasskeyOptions, FindAllPasskeys, GetPasskeyOptions, ListPasskeyOptions, Passkey, UpdatedPasskeyUsernames, UpdatePasskeyOptions, UpdatePasskeyUsernamesOptions } from "./passkey/passkey.js";
+import type { AssignUserOptions, DeletePasskeyOptions, DeleteUserPasskeysOptions, DeletedPasskeys, FindAllPasskeys, GetPasskeyOptions, ListPasskeyOptions, Passkey, UpdatedCredentials, UpdatePasskeyOptions, UpdateUsernamesOptions } from "./passkey/passkey.js";
 import type { ExchangeCodeOptions, VerifyIdTokenOptions } from "./principal/principal.js";
 import type { ExtendedPrincipal, Principal } from "./schemas/principal.js";
 /**
- * Call the Passlock backend API to assign a userId to an authenticator
+ * Assign a custom user ID to a passkey in the Passlock vault.
+ *
+ * This updates Passlock's server-side mapping for the passkey. It does not
+ * change the underlying WebAuthn credential's `userId`.
  *
  * @param request
  * @returns A promise resolving to the updated passkey.
@@ -23,7 +29,10 @@ import type { ExtendedPrincipal, Principal } from "./schemas/principal.js";
  */
 export declare const assignUser: (request: AssignUserOptions) => Promise<Passkey>;
 /**
- * Call the Passlock backend API to update passkey properties
+ * Update a passkey's custom user ID and/or username metadata.
+ *
+ * Updating the username only affects the metadata stored in the vault. It does
+ * not affect whether the passkey can be used for authentication.
  *
  * @param request
  * @returns A promise resolving to the updated passkey.
@@ -34,18 +43,30 @@ export declare const assignUser: (request: AssignUserOptions) => Promise<Passkey
  */
 export declare const updatePasskey: (request: UpdatePasskeyOptions) => Promise<Passkey>;
 /**
- * Call the Passlock backend API to update all passkeys for a given user
+ * Update the username and/or display name for all passkeys belonging to a given user.
+ *
+ * **Important:** changing these values has no bearing on authentication, as
+ * it's typically only used in the client-side component of the passkey
+ * (so the user knows which account the passkey relates to).
+ *
+ * However you might choose to align the names in your vault with the
+ * client-side component to simplify end user support.
+ *
+ * **Note:** This can be used alongside `@passlock/client`'s
+ * `updatePasskeyUsernames` helper to update those details on the user's device.
  *
  * @param request
- * @returns A promise resolving to updated usernames for matching passkeys.
- * @throws {@link NotFoundError} if no passkeys are found for the given user
- * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid
+ * @returns A promise resolving to an {@link UpdatedCredentials} payload.
+ * Its `credentials` array can be passed to the client's `updatePasskeyUsernames` function.
  *
  * @category Passkeys
  */
-export declare const updatePasskeyUsernames: (request: UpdatePasskeyUsernamesOptions) => Promise<UpdatedPasskeyUsernames>;
+export declare const updatePasskeyUsernames: (request: UpdateUsernamesOptions) => Promise<UpdatedCredentials>;
 /**
- * Call the Passlock backend API to delete an authenticator
+ * Delete a passkey from the Passlock vault.
+ *
+ * This does not remove the passkey from the user's device. Use
+ * `@passlock/client` to coordinate client-side removal when needed.
  *
  * @param options
  * @returns A promise resolving to the deleted passkey.
@@ -56,7 +77,20 @@ export declare const updatePasskeyUsernames: (request: UpdatePasskeyUsernamesOpt
  */
 export declare const deletePasskey: (options: DeletePasskeyOptions) => Promise<Passkey>;
 /**
- * Call the Passlock backend API to fetch an authenticator
+ * Call the Passlock backend API to delete all passkeys associated with a user.
+ *
+ * @param request
+ * @returns A promise resolving to a {@link DeletedPasskeys} payload.
+ * Its `deleted` array can be passed directly into `@passlock/client`'s
+ * `deleteUserPasskeys` helper for follow-up client-side passkey removal.
+ * @throws {@link NotFoundError} if the user does not exist
+ * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid
+ *
+ * @category Passkeys
+ */
+export declare const deleteUserPasskeys: (request: DeleteUserPasskeysOptions) => Promise<DeletedPasskeys>;
+/**
+ * Fetch a single passkey from the Passlock vault.
  *
  * @param options
  * @returns A promise resolving to the passkey.
@@ -78,7 +112,8 @@ export declare const getPasskey: (options: GetPasskeyOptions) => Promise<Passkey
  */
 export declare const listPasskeys: (options: ListPasskeyOptions) => Promise<FindAllPasskeys>;
 /**
- * Call the Passlock backend API to exchange a code for an ExtendedPrincipal
+ * Exchange a short-lived code from `@passlock/client` for an
+ * {@link ExtendedPrincipal}.
  *
  * @param options
  * @returns A promise resolving to an extended principal.
@@ -90,11 +125,12 @@ export declare const listPasskeys: (options: ListPasskeyOptions) => Promise<Find
 export declare const exchangeCode: (options: ExchangeCodeOptions) => Promise<ExtendedPrincipal>;
 /**
  * Decode and verify a Passlock `id_token` (JWT).
- * Note: This will make a network call to
+ *
+ * Note: this will make a network call to
  * `https://api.passlock.dev/.well-known/jwks.json` (or your configured `endpoint`)
  * to fetch the relevant public key. The response will be cached, however
- * bear in mind that for something like AWS Lambda it will make the call on every
- * cold start so might actually be slower than {@link exchangeCode}
+ * bear in mind that for environments such as AWS Lambda it will make the call
+ * on each cold start, so it might be slower than {@link exchangeCode}.
  *
  * @param options
  * @returns A promise resolving to the verified principal.
@@ -105,8 +141,8 @@ export declare const exchangeCode: (options: ExchangeCodeOptions) => Promise<Ext
 export declare const verifyIdToken: (options: VerifyIdTokenOptions) => Promise<Principal>;
 export type { BadRequestError, DuplicateEmailError, ForbiddenError, InvalidCodeError, InvalidEmailError, InvalidTenancyError, NotFoundError, PasskeyNotFoundError, UnauthorizedError, VerificationError, } from "./errors.js";
 export { isBadRequestError, isDuplicateEmailError, isForbiddenError, isInvalidCodeError, isInvalidEmailError, isInvalidTenancyError, isNotFoundError, isPasskeyNotFoundError, isUnauthorizedError, isVerificationError, } from "./errors.js";
-export type { AssignUserOptions, Credential, DeletePasskeyOptions, FindAllPasskeys, GetPasskeyOptions, ListPasskeyOptions, Passkey, PasskeySummary, Platform, UpdatedPasskeys, UpdatedPasskeyUsernames, UpdatePasskeyOptions, UpdatePasskeyUsernamesOptions, } from "./passkey/passkey.js";
-export { isPasskey, isPasskeySummary, isUpdatedPasskeys, isUpdatedPasskeyUsernames, } from "./passkey/passkey.js";
+export type { AssignUserOptions, Credential, DeletePasskeyOptions, DeleteUserPasskeysOptions, DeletedPasskeys, FindAllPasskeys, GetPasskeyOptions, ListPasskeyOptions, Passkey, PasskeyCredential, PasskeySummary, Platform, UpdatedPasskeys, UpdatedCredentials as UpdatedUserDetails, UpdatePasskeyOptions, UpdateUsernamesOptions as UpdateUserDetailsOptions, } from "./passkey/passkey.js";
+export { isDeletedPasskeys, isPasskey, isPasskeySummary, isUpdatedPasskeys, isUpdatedUserDetails, } from "./passkey/passkey.js";
 export type { ExchangeCodeOptions, VerifyIdTokenOptions, } from "./principal/principal.js";
 export type { CredentialDeviceType, Transports, } from "./schemas/passkey.js";
 export type { ExtendedPrincipal, Principal } from "./schemas/principal.js";

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,KAAK,EACV,iBAAiB,EACjB,oBAAoB,EACpB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,OAAO,EACP,uBAAuB,EACvB,oBAAoB,EACpB,6BAA6B,EAC9B,MAAM,sBAAsB,CAAA;AAS7B,OAAO,KAAK,EACV,mBAAmB,EACnB,oBAAoB,EACrB,MAAM,0BAA0B,CAAA;AAKjC,OAAO,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAE1E;;;;;;;;;GASG;AACH,eAAO,MAAM,UAAU,GAAI,SAAS,iBAAiB,KAAG,OAAO,CAAC,OAAO,CACxB,CAAA;AAE/C;;;;;;;;;GASG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,OAAO,CAAqD,CAAA;AAEvE;;;;;;;;;GASG;AACH,eAAO,MAAM,sBAAsB,GACjC,SAAS,6BAA6B,KACrC,OAAO,CAAC,uBAAuB,CACyB,CAAA;AAE3D;;;;;;;;;GASG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,OAAO,CAAqD,CAAA;AAEvE;;;;;;;;;GASG;AACH,eAAO,MAAM,UAAU,GAAI,SAAS,iBAAiB,KAAG,OAAO,CAAC,OAAO,CACxB,CAAA;AAE/C;;;;;;;;;GASG;AACH,eAAO,MAAM,YAAY,GACvB,SAAS,kBAAkB,KAC1B,OAAO,CAAC,eAAe,CAAoD,CAAA;AAE9E;;;;;;;;;GASG;AACH,eAAO,MAAM,YAAY,GACvB,SAAS,mBAAmB,KAC3B,OAAO,CAAC,iBAAiB,CAAoD,CAAA;AAEhF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,SAAS,CAAqD,CAAA;AAIzE,YAAY,EACV,eAAe,EACf,mBAAmB,EACnB,cAAc,EACd,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,oBAAoB,EACpB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,aAAa,CAAA;AACpB,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,sBAAsB,EACtB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,aAAa,CAAA;AACpB,YAAY,EACV,iBAAiB,EACjB,UAAU,EACV,oBAAoB,EACpB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,OAAO,EACP,cAAc,EACd,QAAQ,EACR,eAAe,EACf,uBAAuB,EACvB,oBAAoB,EACpB,6BAA6B,GAC9B,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,iBAAiB,EACjB,yBAAyB,GAC1B,MAAM,sBAAsB,CAAA;AAC7B,YAAY,EACV,mBAAmB,EACnB,oBAAoB,GACrB,MAAM,0BAA0B,CAAA;AACjC,YAAY,EACV,oBAAoB,EACpB,UAAU,GACX,MAAM,sBAAsB,CAAA;AAC7B,YAAY,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAC1E,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA;AACzE,YAAY,EACV,oBAAoB,EACpB,eAAe,GAChB,MAAM,aAAa,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,KAAK,EACV,iBAAiB,EACjB,oBAAoB,EACpB,yBAAyB,EACzB,eAAe,EACf,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,OAAO,EACP,kBAAkB,EAClB,oBAAoB,EACpB,sBAAsB,EACvB,MAAM,sBAAsB,CAAA;AAU7B,OAAO,KAAK,EACV,mBAAmB,EACnB,oBAAoB,EACrB,MAAM,0BAA0B,CAAA;AAKjC,OAAO,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAE1E;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,UAAU,GAAI,SAAS,iBAAiB,KAAG,OAAO,CAAC,OAAO,CACxB,CAAA;AAE/C;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,OAAO,CAAqD,CAAA;AAEvE;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,sBAAsB,GACjC,SAAS,sBAAsB,KAC9B,OAAO,CAAC,kBAAkB,CAC8B,CAAA;AAE3D;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,OAAO,CAAqD,CAAA;AAEvE;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,kBAAkB,GAC7B,SAAS,yBAAyB,KACjC,OAAO,CAAC,eAAe,CAC6B,CAAA;AAEvD;;;;;;;;;GASG;AACH,eAAO,MAAM,UAAU,GAAI,SAAS,iBAAiB,KAAG,OAAO,CAAC,OAAO,CACxB,CAAA;AAE/C;;;;;;;;;GASG;AACH,eAAO,MAAM,YAAY,GACvB,SAAS,kBAAkB,KAC1B,OAAO,CAAC,eAAe,CAAoD,CAAA;AAE9E;;;;;;;;;;GAUG;AACH,eAAO,MAAM,YAAY,GACvB,SAAS,mBAAmB,KAC3B,OAAO,CAAC,iBAAiB,CAAoD,CAAA;AAEhF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,SAAS,CAAqD,CAAA;AAIzE,YAAY,EACV,eAAe,EACf,mBAAmB,EACnB,cAAc,EACd,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,oBAAoB,EACpB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,aAAa,CAAA;AACpB,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,sBAAsB,EACtB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,aAAa,CAAA;AACpB,YAAY,EACV,iBAAiB,EACjB,UAAU,EACV,oBAAoB,EACpB,yBAAyB,EACzB,eAAe,EACf,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,OAAO,EACP,iBAAiB,EACjB,cAAc,EACd,QAAQ,EACR,eAAe,EACf,kBAAkB,IAAI,kBAAkB,EACxC,oBAAoB,EACpB,sBAAsB,IAAI,wBAAwB,GACnD,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,iBAAiB,EACjB,SAAS,EACT,gBAAgB,EAChB,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,sBAAsB,CAAA;AAC7B,YAAY,EACV,mBAAmB,EACnB,oBAAoB,GACrB,MAAM,0BAA0B,CAAA;AACjC,YAAY,EACV,oBAAoB,EACpB,UAAU,GACX,MAAM,sBAAsB,CAAA;AAC7B,YAAY,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAC1E,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA;AACzE,YAAY,EACV,oBAAoB,EACpB,eAAe,GAChB,MAAM,aAAa,CAAA"}

package/dist/index.js

@@ -1,18 +1,24 @@
 /**
- * Unsafe functions that could potentially throw errors.
+ * Promise-based functions that reject with tagged error payloads for expected
+ * API failures.
+ *
+ * Unexpected runtime defects may still throw.
  *
  * @categoryDescription Passkeys
  * Functions and related types for managing passkeys
  *
  * @showCategories
  *
- * @module unsafe
+ * @module unsafe (default)
  */
 import { Effect, pipe } from "effect";
-import { assignUser as assignUserE, deletePasskey as deletePasskeyE, getPasskey as getPasskeyE, listPasskeys as listPasskeysE, updatePasskey as updatePasskeyE, updatePasskeyUsernames as updatePasskeyUsernamesE, } from "./passkey/passkey.js";
+import { assignUser as assignUserE, deletePasskey as deletePasskeyE, deleteUserPasskeys as deleteUserPasskeysE, getPasskey as getPasskeyE, listPasskeys as listPasskeysE, updatePasskey as updatePasskeyE, updatePasskeyUsernames as updatePasskeyUsernamesE, } from "./passkey/passkey.js";
 import { exchangeCode as exchangeCodeE, verifyIdToken as verifyIdTokenE, } from "./principal/principal.js";
 /**
- * Call the Passlock backend API to assign a userId to an authenticator
+ * Assign a custom user ID to a passkey in the Passlock vault.
+ *
+ * This updates Passlock's server-side mapping for the passkey. It does not
+ * change the underlying WebAuthn credential's `userId`.
  *
  * @param request
  * @returns A promise resolving to the updated passkey.
@@ -23,7 +29,10 @@ import { exchangeCode as exchangeCodeE, verifyIdToken as verifyIdTokenE, } from
  */
 export const assignUser = (request) => pipe(assignUserE(request), Effect.runPromise);
 /**
- * Call the Passlock backend API to update passkey properties
+ * Update a passkey's custom user ID and/or username metadata.
+ *
+ * Updating the username only affects the metadata stored in the vault. It does
+ * not affect whether the passkey can be used for authentication.
  *
  * @param request
  * @returns A promise resolving to the updated passkey.
@@ -34,18 +43,30 @@ export const assignUser = (request) => pipe(assignUserE(request), Effect.runProm
  */
 export const updatePasskey = (request) => pipe(updatePasskeyE(request), Effect.runPromise);
 /**
- * Call the Passlock backend API to update all passkeys for a given user
+ * Update the username and/or display name for all passkeys belonging to a given user.
+ *
+ * **Important:** changing these values has no bearing on authentication, as
+ * it's typically only used in the client-side component of the passkey
+ * (so the user knows which account the passkey relates to).
+ *
+ * However you might choose to align the names in your vault with the
+ * client-side component to simplify end user support.
+ *
+ * **Note:** This can be used alongside `@passlock/client`'s
+ * `updatePasskeyUsernames` helper to update those details on the user's device.
  *
  * @param request
- * @returns A promise resolving to updated usernames for matching passkeys.
- * @throws {@link NotFoundError} if no passkeys are found for the given user
- * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid
+ * @returns A promise resolving to an {@link UpdatedCredentials} payload.
+ * Its `credentials` array can be passed to the client's `updatePasskeyUsernames` function.
  *
  * @category Passkeys
  */
 export const updatePasskeyUsernames = (request) => pipe(updatePasskeyUsernamesE(request), Effect.runPromise);
 /**
- * Call the Passlock backend API to delete an authenticator
+ * Delete a passkey from the Passlock vault.
+ *
+ * This does not remove the passkey from the user's device. Use
+ * `@passlock/client` to coordinate client-side removal when needed.
  *
  * @param options
  * @returns A promise resolving to the deleted passkey.
@@ -56,7 +77,20 @@ export const updatePasskeyUsernames = (request) => pipe(updatePasskeyUsernamesE(
  */
 export const deletePasskey = (options) => pipe(deletePasskeyE(options), Effect.runPromise);
 /**
- * Call the Passlock backend API to fetch an authenticator
+ * Call the Passlock backend API to delete all passkeys associated with a user.
+ *
+ * @param request
+ * @returns A promise resolving to a {@link DeletedPasskeys} payload.
+ * Its `deleted` array can be passed directly into `@passlock/client`'s
+ * `deleteUserPasskeys` helper for follow-up client-side passkey removal.
+ * @throws {@link NotFoundError} if the user does not exist
+ * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid
+ *
+ * @category Passkeys
+ */
+export const deleteUserPasskeys = (request) => pipe(deleteUserPasskeysE(request), Effect.runPromise);
+/**
+ * Fetch a single passkey from the Passlock vault.
  *
  * @param options
  * @returns A promise resolving to the passkey.
@@ -78,7 +112,8 @@ export const getPasskey = (options) => pipe(getPasskeyE(options), Effect.runProm
  */
 export const listPasskeys = (options) => pipe(listPasskeysE(options), Effect.runPromise);
 /**
- * Call the Passlock backend API to exchange a code for an ExtendedPrincipal
+ * Exchange a short-lived code from `@passlock/client` for an
+ * {@link ExtendedPrincipal}.
  *
  * @param options
  * @returns A promise resolving to an extended principal.
@@ -90,11 +125,12 @@ export const listPasskeys = (options) => pipe(listPasskeysE(options), Effect.run
 export const exchangeCode = (options) => pipe(exchangeCodeE(options), Effect.runPromise);
 /**
  * Decode and verify a Passlock `id_token` (JWT).
- * Note: This will make a network call to
+ *
+ * Note: this will make a network call to
  * `https://api.passlock.dev/.well-known/jwks.json` (or your configured `endpoint`)
  * to fetch the relevant public key. The response will be cached, however
- * bear in mind that for something like AWS Lambda it will make the call on every
- * cold start so might actually be slower than {@link exchangeCode}
+ * bear in mind that for environments such as AWS Lambda it will make the call
+ * on each cold start, so it might be slower than {@link exchangeCode}.
  *
  * @param options
  * @returns A promise resolving to the verified principal.
@@ -104,6 +140,6 @@ export const exchangeCode = (options) => pipe(exchangeCodeE(options), Effect.run
  */
 export const verifyIdToken = (options) => pipe(verifyIdTokenE(options), Effect.runPromise);
 export { isBadRequestError, isDuplicateEmailError, isForbiddenError, isInvalidCodeError, isInvalidEmailError, isInvalidTenancyError, isNotFoundError, isPasskeyNotFoundError, isUnauthorizedError, isVerificationError, } from "./errors.js";
-export { isPasskey, isPasskeySummary, isUpdatedPasskeys, isUpdatedPasskeyUsernames, } from "./passkey/passkey.js";
+export { isDeletedPasskeys, isPasskey, isPasskeySummary, isUpdatedPasskeys, isUpdatedUserDetails, } from "./passkey/passkey.js";
 export { isExtendedPrincipal, isPrincipal } from "./schemas/principal.js";
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAA;AAYrC,OAAO,EACL,UAAU,IAAI,WAAW,EACzB,aAAa,IAAI,cAAc,EAC/B,UAAU,IAAI,WAAW,EACzB,YAAY,IAAI,aAAa,EAC7B,aAAa,IAAI,cAAc,EAC/B,sBAAsB,IAAI,uBAAuB,GAClD,MAAM,sBAAsB,CAAA;AAK7B,OAAO,EACL,YAAY,IAAI,aAAa,EAC7B,aAAa,IAAI,cAAc,GAChC,MAAM,0BAA0B,CAAA;AAGjC;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,OAA0B,EAAoB,EAAE,CACzE,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAE/C;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACX,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAEvE;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CACpC,OAAsC,EACJ,EAAE,CACpC,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAE3D;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACX,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAEvE;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,OAA0B,EAAoB,EAAE,CACzE,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAE/C;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAA2B,EACD,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAE9E;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAA4B,EACA,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAEhF;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACT,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAgBzE,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,sBAAsB,EACtB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,aAAa,CAAA;AAgBpB,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,iBAAiB,EACjB,yBAAyB,GAC1B,MAAM,sBAAsB,CAAA;AAU7B,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA","sourcesContent":["/**\n * Unsafe functions that could potentially throw errors.\n *\n * @categoryDescription Passkeys\n * Functions and related types for managing passkeys\n *\n * @showCategories\n *\n * @module unsafe\n */\n\nimport { Effect, pipe } from \"effect\"\nimport type {\n  AssignUserOptions,\n  DeletePasskeyOptions,\n  FindAllPasskeys,\n  GetPasskeyOptions,\n  ListPasskeyOptions,\n  Passkey,\n  UpdatedPasskeyUsernames,\n  UpdatePasskeyOptions,\n  UpdatePasskeyUsernamesOptions,\n} from \"./passkey/passkey.js\"\nimport {\n  assignUser as assignUserE,\n  deletePasskey as deletePasskeyE,\n  getPasskey as getPasskeyE,\n  listPasskeys as listPasskeysE,\n  updatePasskey as updatePasskeyE,\n  updatePasskeyUsernames as updatePasskeyUsernamesE,\n} from \"./passkey/passkey.js\"\nimport type {\n  ExchangeCodeOptions,\n  VerifyIdTokenOptions,\n} from \"./principal/principal.js\"\nimport {\n  exchangeCode as exchangeCodeE,\n  verifyIdToken as verifyIdTokenE,\n} from \"./principal/principal.js\"\nimport type { ExtendedPrincipal, Principal } from \"./schemas/principal.js\"\n\n/**\n * Call the Passlock backend API to assign a userId to an authenticator\n *\n * @param request\n * @returns A promise resolving to the updated passkey.\n * @throws {@link NotFoundError} if passkey does not exist\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Passkeys\n */\nexport const assignUser = (request: AssignUserOptions): Promise<Passkey> =>\n  pipe(assignUserE(request), Effect.runPromise)\n\n/**\n * Call the Passlock backend API to update passkey properties\n *\n * @param request\n * @returns A promise resolving to the updated passkey.\n * @throws {@link NotFoundError} if passkey does not exist\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Passkeys\n */\nexport const updatePasskey = (\n  request: UpdatePasskeyOptions\n): Promise<Passkey> => pipe(updatePasskeyE(request), Effect.runPromise)\n\n/**\n * Call the Passlock backend API to update all passkeys for a given user\n *\n * @param request\n * @returns A promise resolving to updated usernames for matching passkeys.\n * @throws {@link NotFoundError} if no passkeys are found for the given user\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Passkeys\n */\nexport const updatePasskeyUsernames = (\n  request: UpdatePasskeyUsernamesOptions\n): Promise<UpdatedPasskeyUsernames> =>\n  pipe(updatePasskeyUsernamesE(request), Effect.runPromise)\n\n/**\n * Call the Passlock backend API to delete an authenticator\n *\n * @param options\n * @returns A promise resolving to the deleted passkey.\n * @throws {@link NotFoundError} if passkey does not exist\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Passkeys\n */\nexport const deletePasskey = (\n  options: DeletePasskeyOptions\n): Promise<Passkey> => pipe(deletePasskeyE(options), Effect.runPromise)\n\n/**\n * Call the Passlock backend API to fetch an authenticator\n *\n * @param options\n * @returns A promise resolving to the passkey.\n * @throws {@link NotFoundError} if passkey does not exist\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Passkeys\n */\nexport const getPasskey = (options: GetPasskeyOptions): Promise<Passkey> =>\n  pipe(getPasskeyE(options), Effect.runPromise)\n\n/**\n * List passkeys for the given tenancy. Note this could return a cursor,\n * in which case the function should be called again with the given cursor.\n *\n * @param options\n * @returns A promise resolving to a page of passkey summaries.\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Passkeys\n */\nexport const listPasskeys = (\n  options: ListPasskeyOptions\n): Promise<FindAllPasskeys> => pipe(listPasskeysE(options), Effect.runPromise)\n\n/**\n * Call the Passlock backend API to exchange a code for an ExtendedPrincipal\n *\n * @param options\n * @returns A promise resolving to an extended principal.\n * @throws {@link InvalidCodeError} if the code is invalid or expired\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Principal\n */\nexport const exchangeCode = (\n  options: ExchangeCodeOptions\n): Promise<ExtendedPrincipal> => pipe(exchangeCodeE(options), Effect.runPromise)\n\n/**\n * Decode and verify a Passlock `id_token` (JWT).\n * Note: This will make a network call to\n * `https://api.passlock.dev/.well-known/jwks.json` (or your configured `endpoint`)\n * to fetch the relevant public key. The response will be cached, however\n * bear in mind that for something like AWS Lambda it will make the call on every\n * cold start so might actually be slower than {@link exchangeCode}\n *\n * @param options\n * @returns A promise resolving to the verified principal.\n * @throws {@link VerificationError} if token verification fails\n *\n * @category Principal\n */\nexport const verifyIdToken = (\n  options: VerifyIdTokenOptions\n): Promise<Principal> => pipe(verifyIdTokenE(options), Effect.runPromise)\n\n/* Re-exports */\n\nexport type {\n  BadRequestError,\n  DuplicateEmailError,\n  ForbiddenError,\n  InvalidCodeError,\n  InvalidEmailError,\n  InvalidTenancyError,\n  NotFoundError,\n  PasskeyNotFoundError,\n  UnauthorizedError,\n  VerificationError,\n} from \"./errors.js\"\nexport {\n  isBadRequestError,\n  isDuplicateEmailError,\n  isForbiddenError,\n  isInvalidCodeError,\n  isInvalidEmailError,\n  isInvalidTenancyError,\n  isNotFoundError,\n  isPasskeyNotFoundError,\n  isUnauthorizedError,\n  isVerificationError,\n} from \"./errors.js\"\nexport type {\n  AssignUserOptions,\n  Credential,\n  DeletePasskeyOptions,\n  FindAllPasskeys,\n  GetPasskeyOptions,\n  ListPasskeyOptions,\n  Passkey,\n  PasskeySummary,\n  Platform,\n  UpdatedPasskeys,\n  UpdatedPasskeyUsernames,\n  UpdatePasskeyOptions,\n  UpdatePasskeyUsernamesOptions,\n} from \"./passkey/passkey.js\"\nexport {\n  isPasskey,\n  isPasskeySummary,\n  isUpdatedPasskeys,\n  isUpdatedPasskeyUsernames,\n} from \"./passkey/passkey.js\"\nexport type {\n  ExchangeCodeOptions,\n  VerifyIdTokenOptions,\n} from \"./principal/principal.js\"\nexport type {\n  CredentialDeviceType,\n  Transports,\n} from \"./schemas/passkey.js\"\nexport type { ExtendedPrincipal, Principal } from \"./schemas/principal.js\"\nexport { isExtendedPrincipal, isPrincipal } from \"./schemas/principal.js\"\nexport type {\n  AuthenticatedOptions,\n  PasslockOptions,\n} from \"./shared.js\"\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAA;AAcrC,OAAO,EACL,UAAU,IAAI,WAAW,EACzB,aAAa,IAAI,cAAc,EAC/B,kBAAkB,IAAI,mBAAmB,EACzC,UAAU,IAAI,WAAW,EACzB,YAAY,IAAI,aAAa,EAC7B,aAAa,IAAI,cAAc,EAC/B,sBAAsB,IAAI,uBAAuB,GAClD,MAAM,sBAAsB,CAAA;AAK7B,OAAO,EACL,YAAY,IAAI,aAAa,EAC7B,aAAa,IAAI,cAAc,GAChC,MAAM,0BAA0B,CAAA;AAGjC;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,OAA0B,EAAoB,EAAE,CACzE,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAE/C;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACX,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAEvE;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CACpC,OAA+B,EACF,EAAE,CAC/B,IAAI,CAAC,uBAAuB,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAE3D;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACX,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAEvE;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAChC,OAAkC,EACR,EAAE,CAC5B,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAEvD;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,OAA0B,EAAoB,EAAE,CACzE,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAE/C;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAA2B,EACD,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAE9E;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAA4B,EACA,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAEhF;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACT,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;AAgBzE,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,sBAAsB,EACtB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,aAAa,CAAA;AAmBpB,OAAO,EACL,iBAAiB,EACjB,SAAS,EACT,gBAAgB,EAChB,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,sBAAsB,CAAA;AAU7B,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA","sourcesContent":["/**\n * Promise-based functions that reject with tagged error payloads for expected\n * API failures.\n *\n * Unexpected runtime defects may still throw.\n *\n * @categoryDescription Passkeys\n * Functions and related types for managing passkeys\n *\n * @showCategories\n *\n * @module unsafe (default)\n */\n\nimport { Effect, pipe } from \"effect\"\nimport type {\n  AssignUserOptions,\n  DeletePasskeyOptions,\n  DeleteUserPasskeysOptions,\n  DeletedPasskeys,\n  FindAllPasskeys,\n  GetPasskeyOptions,\n  ListPasskeyOptions,\n  Passkey,\n  UpdatedCredentials,\n  UpdatePasskeyOptions,\n  UpdateUsernamesOptions,\n} from \"./passkey/passkey.js\"\nimport {\n  assignUser as assignUserE,\n  deletePasskey as deletePasskeyE,\n  deleteUserPasskeys as deleteUserPasskeysE,\n  getPasskey as getPasskeyE,\n  listPasskeys as listPasskeysE,\n  updatePasskey as updatePasskeyE,\n  updatePasskeyUsernames as updatePasskeyUsernamesE,\n} from \"./passkey/passkey.js\"\nimport type {\n  ExchangeCodeOptions,\n  VerifyIdTokenOptions,\n} from \"./principal/principal.js\"\nimport {\n  exchangeCode as exchangeCodeE,\n  verifyIdToken as verifyIdTokenE,\n} from \"./principal/principal.js\"\nimport type { ExtendedPrincipal, Principal } from \"./schemas/principal.js\"\n\n/**\n * Assign a custom user ID to a passkey in the Passlock vault.\n *\n * This updates Passlock's server-side mapping for the passkey. It does not\n * change the underlying WebAuthn credential's `userId`.\n *\n * @param request\n * @returns A promise resolving to the updated passkey.\n * @throws {@link NotFoundError} if passkey does not exist\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Passkeys\n */\nexport const assignUser = (request: AssignUserOptions): Promise<Passkey> =>\n  pipe(assignUserE(request), Effect.runPromise)\n\n/**\n * Update a passkey's custom user ID and/or username metadata.\n *\n * Updating the username only affects the metadata stored in the vault. It does\n * not affect whether the passkey can be used for authentication.\n *\n * @param request\n * @returns A promise resolving to the updated passkey.\n * @throws {@link NotFoundError} if passkey does not exist\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Passkeys\n */\nexport const updatePasskey = (\n  request: UpdatePasskeyOptions\n): Promise<Passkey> => pipe(updatePasskeyE(request), Effect.runPromise)\n\n/**\n * Update the username and/or display name for all passkeys belonging to a given user.\n *\n * **Important:** changing these values has no bearing on authentication, as\n * it's typically only used in the client-side component of the passkey\n * (so the user knows which account the passkey relates to).\n *\n * However you might choose to align the names in your vault with the\n * client-side component to simplify end user support.\n *\n * **Note:** This can be used alongside `@passlock/client`'s\n * `updatePasskeyUsernames` helper to update those details on the user's device.\n *\n * @param request\n * @returns A promise resolving to an {@link UpdatedCredentials} payload.\n * Its `credentials` array can be passed to the client's `updatePasskeyUsernames` function.\n *\n * @category Passkeys\n */\nexport const updatePasskeyUsernames = (\n  request: UpdateUsernamesOptions\n): Promise<UpdatedCredentials> =>\n  pipe(updatePasskeyUsernamesE(request), Effect.runPromise)\n\n/**\n * Delete a passkey from the Passlock vault.\n *\n * This does not remove the passkey from the user's device. Use\n * `@passlock/client` to coordinate client-side removal when needed.\n *\n * @param options\n * @returns A promise resolving to the deleted passkey.\n * @throws {@link NotFoundError} if passkey does not exist\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Passkeys\n */\nexport const deletePasskey = (\n  options: DeletePasskeyOptions\n): Promise<Passkey> => pipe(deletePasskeyE(options), Effect.runPromise)\n\n/**\n * Call the Passlock backend API to delete all passkeys associated with a user.\n *\n * @param request\n * @returns A promise resolving to a {@link DeletedPasskeys} payload.\n * Its `deleted` array can be passed directly into `@passlock/client`'s\n * `deleteUserPasskeys` helper for follow-up client-side passkey removal.\n * @throws {@link NotFoundError} if the user does not exist\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Passkeys\n */\nexport const deleteUserPasskeys = (\n  request: DeleteUserPasskeysOptions\n): Promise<DeletedPasskeys> =>\n  pipe(deleteUserPasskeysE(request), Effect.runPromise)\n\n/**\n * Fetch a single passkey from the Passlock vault.\n *\n * @param options\n * @returns A promise resolving to the passkey.\n * @throws {@link NotFoundError} if passkey does not exist\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Passkeys\n */\nexport const getPasskey = (options: GetPasskeyOptions): Promise<Passkey> =>\n  pipe(getPasskeyE(options), Effect.runPromise)\n\n/**\n * List passkeys for the given tenancy. Note this could return a cursor,\n * in which case the function should be called again with the given cursor.\n *\n * @param options\n * @returns A promise resolving to a page of passkey summaries.\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Passkeys\n */\nexport const listPasskeys = (\n  options: ListPasskeyOptions\n): Promise<FindAllPasskeys> => pipe(listPasskeysE(options), Effect.runPromise)\n\n/**\n * Exchange a short-lived code from `@passlock/client` for an\n * {@link ExtendedPrincipal}.\n *\n * @param options\n * @returns A promise resolving to an extended principal.\n * @throws {@link InvalidCodeError} if the code is invalid or expired\n * @throws {@link ForbiddenError} if the Tenancy ID or API key is invalid\n *\n * @category Principal\n */\nexport const exchangeCode = (\n  options: ExchangeCodeOptions\n): Promise<ExtendedPrincipal> => pipe(exchangeCodeE(options), Effect.runPromise)\n\n/**\n * Decode and verify a Passlock `id_token` (JWT).\n *\n * Note: this will make a network call to\n * `https://api.passlock.dev/.well-known/jwks.json` (or your configured `endpoint`)\n * to fetch the relevant public key. The response will be cached, however\n * bear in mind that for environments such as AWS Lambda it will make the call\n * on each cold start, so it might be slower than {@link exchangeCode}.\n *\n * @param options\n * @returns A promise resolving to the verified principal.\n * @throws {@link VerificationError} if token verification fails\n *\n * @category Principal\n */\nexport const verifyIdToken = (\n  options: VerifyIdTokenOptions\n): Promise<Principal> => pipe(verifyIdTokenE(options), Effect.runPromise)\n\n/* Re-exports */\n\nexport type {\n  BadRequestError,\n  DuplicateEmailError,\n  ForbiddenError,\n  InvalidCodeError,\n  InvalidEmailError,\n  InvalidTenancyError,\n  NotFoundError,\n  PasskeyNotFoundError,\n  UnauthorizedError,\n  VerificationError,\n} from \"./errors.js\"\nexport {\n  isBadRequestError,\n  isDuplicateEmailError,\n  isForbiddenError,\n  isInvalidCodeError,\n  isInvalidEmailError,\n  isInvalidTenancyError,\n  isNotFoundError,\n  isPasskeyNotFoundError,\n  isUnauthorizedError,\n  isVerificationError,\n} from \"./errors.js\"\nexport type {\n  AssignUserOptions,\n  Credential,\n  DeletePasskeyOptions,\n  DeleteUserPasskeysOptions,\n  DeletedPasskeys,\n  FindAllPasskeys,\n  GetPasskeyOptions,\n  ListPasskeyOptions,\n  Passkey,\n  PasskeyCredential,\n  PasskeySummary,\n  Platform,\n  UpdatedPasskeys,\n  UpdatedCredentials as UpdatedUserDetails,\n  UpdatePasskeyOptions,\n  UpdateUsernamesOptions as UpdateUserDetailsOptions,\n} from \"./passkey/passkey.js\"\nexport {\n  isDeletedPasskeys,\n  isPasskey,\n  isPasskeySummary,\n  isUpdatedPasskeys,\n  isUpdatedUserDetails,\n} from \"./passkey/passkey.js\"\nexport type {\n  ExchangeCodeOptions,\n  VerifyIdTokenOptions,\n} from \"./principal/principal.js\"\nexport type {\n  CredentialDeviceType,\n  Transports,\n} from \"./schemas/passkey.js\"\nexport type { ExtendedPrincipal, Principal } from \"./schemas/principal.js\"\nexport { isExtendedPrincipal, isPrincipal } from \"./schemas/principal.js\"\nexport type {\n  AuthenticatedOptions,\n  PasslockOptions,\n} from \"./shared.js\"\n"]}

package/dist/network.d.ts

@@ -66,7 +66,7 @@ export interface MatchStatusCases<Resp extends NetworkResponse = NetworkResponse
     readonly "5xx"?: MatchStatusHandler<Resp>;
     readonly orElse: MatchStatusHandler<Resp>;
 }
-declare const NetworkRequestError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").Equals<A, {}> extends true ? void : { readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }) => import("effect/Cause").YieldableError & {
+declare const NetworkRequestError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").VoidIfEmpty<{ readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }>) => import("effect/Cause").YieldableError & {
     readonly _tag: "@error/NetworkRequest";
 } & Readonly<A>;
 /**
@@ -78,7 +78,7 @@ export declare class NetworkRequestError extends NetworkRequestError_base<{
     readonly message: string;
 }> {
 }
-declare const NetworkPayloadError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").Equals<A, {}> extends true ? void : { readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }) => import("effect/Cause").YieldableError & {
+declare const NetworkPayloadError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").VoidIfEmpty<{ readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }>) => import("effect/Cause").YieldableError & {
     readonly _tag: "@error/NetworkPayload";
 } & Readonly<A>;
 /**
@@ -89,7 +89,7 @@ export declare class NetworkPayloadError extends NetworkPayloadError_base<{
     readonly message: string;
 }> {
 }
-declare const NetworkResponseError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").Equals<A, {}> extends true ? void : { readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }) => import("effect/Cause").YieldableError & {
+declare const NetworkResponseError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").VoidIfEmpty<{ readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }>) => import("effect/Cause").YieldableError & {
     readonly _tag: "@error/NetworkResponse";
 } & Readonly<A>;
 /**