@passlock/server 2.1.0 → 2.2.1

package/dist/safe.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"safe.d.ts","sourceRoot":"","sources":["../src/safe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,KAAK,EACV,cAAc,EACd,gBAAgB,EAChB,aAAa,EACb,iBAAiB,EAClB,MAAM,aAAa,CAAA;AACpB,OAAO,KAAK,EACV,iBAAiB,EACjB,oBAAoB,EACpB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,OAAO,EACP,uBAAuB,EACvB,oBAAoB,EACpB,6BAA6B,EAC9B,MAAM,sBAAsB,CAAA;AAS7B,OAAO,KAAK,EACV,mBAAmB,EACnB,oBAAoB,EACrB,MAAM,0BAA0B,CAAA;AAKjC,OAAO,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAE1E;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,UAAU,GACrB,SAAS,iBAAiB,KACzB,OAAO,CAAC,OAAO,GAAG,aAAa,GAAG,cAAc,CAKhD,CAAA;AAEH;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,OAAO,GAAG,aAAa,GAAG,cAAc,CAKhD,CAAA;AAEH;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,sBAAsB,GACjC,SAAS,6BAA6B,KACrC,OAAO,CAAC,uBAAuB,GAAG,aAAa,GAAG,cAAc,CAKhE,CAAA;AAEH;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,OAAO,GAAG,cAAc,GAAG,aAAa,CAKhD,CAAA;AAEH;;;;;;;;;;GAUG;AACH,eAAO,MAAM,UAAU,GACrB,SAAS,iBAAiB,KACzB,OAAO,CAAC,OAAO,GAAG,cAAc,GAAG,aAAa,CAKhD,CAAA;AAEH;;;;;;;;GAQG;AACH,eAAO,MAAM,YAAY,GACvB,SAAS,kBAAkB,KAC1B,OAAO,CAAC,eAAe,GAAG,cAAc,CAKxC,CAAA;AAEH;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,YAAY,GACvB,SAAS,mBAAmB,KAC3B,OAAO,CAAC,iBAAiB,GAAG,cAAc,GAAG,gBAAgB,CAK7D,CAAA;AAEH;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,SAAS,GAAG,iBAAiB,CAKrC,CAAA;AAIH,YAAY,EACV,eAAe,EACf,mBAAmB,EACnB,cAAc,EACd,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,oBAAoB,EACpB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,aAAa,CAAA;AACpB,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,sBAAsB,EACtB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,aAAa,CAAA;AACpB,YAAY,EACV,iBAAiB,EACjB,UAAU,EACV,oBAAoB,EACpB,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,OAAO,EACP,cAAc,EACd,QAAQ,EACR,eAAe,EACf,uBAAuB,EACvB,oBAAoB,EACpB,6BAA6B,GAC9B,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,iBAAiB,EACjB,yBAAyB,GAC1B,MAAM,sBAAsB,CAAA;AAC7B,YAAY,EACV,mBAAmB,EACnB,oBAAoB,GACrB,MAAM,0BAA0B,CAAA;AACjC,YAAY,EACV,oBAAoB,EACpB,UAAU,GACX,MAAM,sBAAsB,CAAA;AAC7B,YAAY,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAC1E,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA;AACzE,YAAY,EACV,oBAAoB,EACpB,eAAe,GAChB,MAAM,aAAa,CAAA"}
+{"version":3,"file":"safe.d.ts","sourceRoot":"","sources":["../src/safe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AAGH,OAAO,KAAK,EACV,cAAc,EACd,gBAAgB,EAChB,aAAa,EACb,iBAAiB,EAClB,MAAM,aAAa,CAAA;AACpB,OAAO,KAAK,EACV,iBAAiB,EACjB,oBAAoB,EACpB,yBAAyB,EACzB,eAAe,EACf,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,OAAO,EACP,kBAAkB,EAClB,oBAAoB,EACpB,sBAAsB,EACvB,MAAM,sBAAsB,CAAA;AAU7B,OAAO,KAAK,EACV,mBAAmB,EACnB,oBAAoB,EACrB,MAAM,0BAA0B,CAAA;AAKjC,OAAO,EAAE,KAAK,MAAM,EAA2B,MAAM,kBAAkB,CAAA;AACvE,OAAO,KAAK,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAc1E;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,UAAU,GACrB,SAAS,iBAAiB,KACzB,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,cAAc,CAAC,CAC3B,CAAA;AAE/B;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,cAAc,CAAC,CACxB,CAAA;AAElC;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,eAAO,MAAM,sBAAsB,GACjC,SAAS,sBAAsB,KAC9B,OAAO,CAAC,MAAM,CAAC,kBAAkB,EAAE,aAAa,GAAG,cAAc,CAAC,CAC1B,CAAA;AAE3C;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,cAAc,GAAG,aAAa,CAAC,CACxB,CAAA;AAElC;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,kBAAkB,GAC7B,SAAS,yBAAyB,KACjC,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE,cAAc,GAAG,aAAa,CAAC,CAC3B,CAAA;AAEvC;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,UAAU,GACrB,SAAS,iBAAiB,KACzB,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,cAAc,GAAG,aAAa,CAAC,CAC3B,CAAA;AAE/B;;;;;;;;;GASG;AACH,eAAO,MAAM,YAAY,GACvB,SAAS,kBAAkB,KAC1B,OAAO,CAAC,MAAM,CAAC,eAAe,EAAE,cAAc,CAAC,CACjB,CAAA;AAEjC;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,YAAY,GACvB,SAAS,mBAAmB,KAC3B,OAAO,CAAC,MAAM,CAAC,iBAAiB,EAAE,cAAc,GAAG,gBAAgB,CAAC,CACtC,CAAA;AAEjC;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,KAC5B,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,iBAAiB,CAAC,CACb,CAAA;AAIlC,YAAY,EAAE,GAAG,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAA;AACvD,YAAY,EACV,eAAe,EACf,mBAAmB,EACnB,cAAc,EACd,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,aAAa,EACb,oBAAoB,EACpB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,aAAa,CAAA;AACpB,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,sBAAsB,EACtB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,aAAa,CAAA;AACpB,YAAY,EACV,iBAAiB,EACjB,UAAU,EACV,oBAAoB,EACpB,yBAAyB,EACzB,eAAe,EACf,eAAe,EACf,iBAAiB,EACjB,kBAAkB,EAClB,OAAO,EACP,iBAAiB,EACjB,cAAc,EACd,QAAQ,EACR,eAAe,EACf,kBAAkB,IAAI,kBAAkB,EACxC,oBAAoB,EACpB,sBAAsB,IAAI,wBAAwB,GACnD,MAAM,sBAAsB,CAAA;AAC7B,OAAO,EACL,iBAAiB,EACjB,SAAS,EACT,gBAAgB,EAChB,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,sBAAsB,CAAA;AAC7B,YAAY,EACV,mBAAmB,EACnB,oBAAoB,GACrB,MAAM,0BAA0B,CAAA;AACjC,YAAY,EACV,oBAAoB,EACpB,UAAU,GACX,MAAM,sBAAsB,CAAA;AAC7B,YAAY,EAAE,iBAAiB,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAA;AAC1E,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA;AACzE,YAAY,EACV,oBAAoB,EACpB,eAAe,GAChB,MAAM,aAAa,CAAA"}

package/dist/safe.js

@@ -1,9 +1,31 @@
 /**
- * Safe functions that return discriminated unions representing
- * the successful outcome or expected failures.
+ * Safe functions that return result envelopes over the original
+ * tagged success and error payloads. The returned value keeps
+ * its original `_tag` shape, and is also augmented with a
+ * result envelope for `success`- or `failure`-style branching.
  *
  * Note: unexpected runtime failures may still throw.
  *
+ * ```ts
+ * const result = await exchangeCode({
+ *   apiKey,
+ *   code,
+ *   tenancyId,
+ * })
+ *
+ * if (result.success) {
+ *   console.log(result.value.id)
+ * }
+ *
+ * if (result.failure) {
+ *   console.log(result.error.message)
+ * }
+ *
+ * if (isExtendedPrincipal(result)) {
+ *   console.log(result.id)
+ * }
+ * ```
+ *
  * @categoryDescription Passkeys
  * Functions and related types for managing passkeys
  *
@@ -11,9 +33,14 @@
  *
  * @module safe
  */
-import { Effect, identity, pipe } from "effect";
-import { assignUser as assignUserE, deletePasskey as deletePasskeyE, getPasskey as getPasskeyE, listPasskeys as listPasskeysE, updatePasskey as updatePasskeyE, updatePasskeyUsernames as updatePasskeyUsernamesE, } from "./passkey/passkey.js";
+import { Effect, pipe } from "effect";
+import { assignUser as assignUserE, deletePasskey as deletePasskeyE, deleteUserPasskeys as deleteUserPasskeysE, getPasskey as getPasskeyE, listPasskeys as listPasskeysE, updatePasskey as updatePasskeyE, updatePasskeyUsernames as updatePasskeyUsernamesE, } from "./passkey/passkey.js";
 import { exchangeCode as exchangeCodeE, verifyIdToken as verifyIdTokenE, } from "./principal/principal.js";
+import { toErrResult, toOkResult } from "./safe-result.js";
+const runSafe = (effect) => pipe(effect, Effect.match({
+    onFailure: (error) => toErrResult(error),
+    onSuccess: (value) => toOkResult(value),
+}), Effect.runPromise);
 /**
  * Assign a custom User ID to a passkey. Will be reflected in the next
  * {@link Principal} or {@link ExtendedPrincipal} generated.
@@ -26,14 +53,14 @@ import { exchangeCode as exchangeCodeE, verifyIdToken as verifyIdTokenE, } from
  * @see [credential](https://passlock.dev/rest-api/credential/)
  *
  * @param request
- * @returns A promise resolving to either a passkey or an API error.
+ * @returns A promise resolving to a {@link Result} whose success branch contains
+ * a passkey and whose error branch contains an API error.
  *
  * @category Passkeys
  */
-export const assignUser = (request) => pipe(assignUserE(request), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+export const assignUser = (request) => runSafe(assignUserE(request));
 /**
- * Can also be used to assign a custom User ID, but also allows you to update
- * the username.
+ * Update a passkey's custom user ID and/or username metadata.
  *
  * **Important:** changing the username has no bearing on authentication, as
  * it's typically only used in the client-side component of the passkey
@@ -43,27 +70,35 @@ export const assignUser = (request) => pipe(assignUserE(request), Effect.match({
  * client-side component to simplify end user support.
  *
  * @param request
- * @returns A promise resolving to either a passkey or an API error.
+ * @returns A promise resolving to a {@link Result} whose success branch contains
+ * a passkey and whose error branch contains an API error.
  *
  * @category Passkeys
  */
-export const updatePasskey = (request) => pipe(updatePasskeyE(request), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+export const updatePasskey = (request) => runSafe(updatePasskeyE(request));
 /**
- * Update the username for all passkeys belonging to a given user.
+ * Update the username and/or display name for all passkeys belonging to a given user.
  *
- * **Important:** changing the username has no bearing on authentication, as
+ * **Important:** changing these values has no bearing on authentication, as
  * it's typically only used in the client-side component of the passkey
  * (so the user knows which account the passkey relates to).
  *
- * However you might choose to align the username in your vault with the
+ * However you might choose to align the username and display name in your vault with the
  * client-side component to simplify end user support.
  *
+ * **Note:** This can be used alongside `@passlock/client`'s
+ * `updatePasskeyUsernames` helper to update those details on the user's device.
+ *
  * @param request
- * @returns A promise resolving to either updated passkey usernames or an API error.
+ * @returns A promise resolving to a {@link Result}.
+ * The success branch contains an {@link UpdatedCredentials} payload, whose
+ * `credentials` array can be passed into the client's `updatePasskeyUsernames` function.
+ * The error branch contains
+ * an API error.
  *
  * @category Passkeys
  */
-export const updatePasskeyUsernames = (request) => pipe(updatePasskeyUsernamesE(request), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+export const updatePasskeyUsernames = (request) => runSafe(updatePasskeyUsernamesE(request));
 /**
  * Delete a passkey from your vault.
  *
@@ -84,11 +119,25 @@ export const updatePasskeyUsernames = (request) => pipe(updatePasskeyUsernamesE(
  * @see [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/)
  *
  * @param options
- * @returns A promise resolving to either the deleted passkey or an API error.
+ * @returns A promise resolving to a {@link Result} whose success branch contains
+ * the deleted passkey and whose error branch contains an API error.
  *
  * @category Passkeys
  */
-export const deletePasskey = (options) => pipe(deletePasskeyE(options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+export const deletePasskey = (options) => runSafe(deletePasskeyE(options));
+/**
+ * Delete all passkeys associated with a user.
+ *
+ * @param request
+ * @returns A promise resolving to a {@link Result}.
+ * The success branch contains a {@link DeletedPasskeys} payload whose
+ * `deleted` array can be passed directly into `@passlock/client`'s
+ * `deleteUserPasskeys` helper for follow-up client-side passkey removal.
+ * The error branch contains an API error.
+ *
+ * @category Passkeys
+ */
+export const deleteUserPasskeys = (request) => runSafe(deleteUserPasskeysE(request));
 /**
  * Fetch details about a passkey. **Important**: Not to be confused with
  * the {@link exchangeCode} or {@link verifyIdToken} functions, which
@@ -96,21 +145,23 @@ export const deletePasskey = (options) => pipe(deletePasskeyE(options), Effect.m
  * Use this function for passkey management, not authentication.
  *
  * @param options
- * @returns A promise resolving to either passkey details or an API error.
+ * @returns A promise resolving to a {@link Result} whose success branch contains
+ * passkey details and whose error branch contains an API error.
  *
  * @category Passkeys
  */
-export const getPasskey = (options) => pipe(getPasskeyE(options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+export const getPasskey = (options) => runSafe(getPasskeyE(options));
 /**
  * List passkeys for the given tenancy. Note: This could return a cursor.
  * If so, call again, passing the cursor back in.
  *
  * @param options
- * @returns A promise resolving to a page of passkey summaries or an API error.
+ * @returns A promise resolving to a {@link Result} whose success branch contains
+ * a page of passkey summaries and whose error branch contains an API error.
  *
  * @category Passkeys
  */
-export const listPasskeys = (options) => pipe(listPasskeysE(options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+export const listPasskeys = (options) => runSafe(listPasskeysE(options));
 /**
  * The @passlock/client library generates codes, which you should send to
  * your backend. Use this function to exchange the code for details about
@@ -120,28 +171,31 @@ export const listPasskeys = (options) => pipe(listPasskeysE(options), Effect.mat
  * @see {@link ExtendedPrincipal}
  *
  * @param options
- * @returns A promise resolving to an extended principal or an API error.
+ * @returns A promise resolving to a {@link Result} whose success branch contains
+ * an extended principal and whose error branch contains an API error.
  *
  * @category Principal
  */
-export const exchangeCode = (options) => pipe(exchangeCodeE(options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+export const exchangeCode = (options) => runSafe(exchangeCodeE(options));
 /**
  * Decode and verify an id_token (JWT) locally.
+ *
  * **Note:** This will make a network call to
  * `https://api.passlock.dev/.well-known/jwks.json` (or your configured `endpoint`)
  * to fetch the relevant public key. The response will be cached, however
- * bear in mind that for something like AWS Lambda it will make the call on every
- * cold start so might actually be slower than {@link exchangeCode}
+ * bear in mind that for environments such as AWS Lambda it will make the call
+ * on each cold start, so it might be slower than {@link exchangeCode}.
  *
  * @see {@link Principal}
  *
  * @param options
- * @returns A promise resolving to a verified principal or verification failure.
+ * @returns A promise resolving to a {@link Result} whose success branch contains
+ * a verified principal and whose error branch contains a verification error.
  *
  * @category Principal
  */
-export const verifyIdToken = (options) => pipe(verifyIdTokenE(options), Effect.match({ onFailure: identity, onSuccess: identity }), Effect.runPromise);
+export const verifyIdToken = (options) => runSafe(verifyIdTokenE(options));
 export { isBadRequestError, isDuplicateEmailError, isForbiddenError, isInvalidCodeError, isInvalidEmailError, isInvalidTenancyError, isNotFoundError, isPasskeyNotFoundError, isUnauthorizedError, isVerificationError, } from "./errors.js";
-export { isPasskey, isPasskeySummary, isUpdatedPasskeys, isUpdatedPasskeyUsernames, } from "./passkey/passkey.js";
+export { isDeletedPasskeys, isPasskey, isPasskeySummary, isUpdatedPasskeys, isUpdatedUserDetails, } from "./passkey/passkey.js";
 export { isExtendedPrincipal, isPrincipal } from "./schemas/principal.js";
 //# sourceMappingURL=safe.js.map

package/dist/safe.js.map

@@ -1 +1 @@
-{"version":3,"file":"safe.js","sourceRoot":"","sources":["../src/safe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAA;AAkB/C,OAAO,EACL,UAAU,IAAI,WAAW,EACzB,aAAa,IAAI,cAAc,EAC/B,UAAU,IAAI,WAAW,EACzB,YAAY,IAAI,aAAa,EAC7B,aAAa,IAAI,cAAc,EAC/B,sBAAsB,IAAI,uBAAuB,GAClD,MAAM,sBAAsB,CAAA;AAK7B,OAAO,EACL,YAAY,IAAI,aAAa,EAC7B,aAAa,IAAI,cAAc,GAChC,MAAM,0BAA0B,CAAA;AAGjC;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CACxB,OAA0B,EACyB,EAAE,CACrD,IAAI,CACF,WAAW,CAAC,OAAO,CAAC,EACpB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACsB,EAAE,CACrD,IAAI,CACF,cAAc,CAAC,OAAO,CAAC,EACvB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CACpC,OAAsC,EAC6B,EAAE,CACrE,IAAI,CACF,uBAAuB,CAAC,OAAO,CAAC,EAChC,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACsB,EAAE,CACrD,IAAI,CACF,cAAc,CAAC,OAAO,CAAC,EACvB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CACxB,OAA0B,EACyB,EAAE,CACrD,IAAI,CACF,WAAW,CAAC,OAAO,CAAC,EACpB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAA2B,EACgB,EAAE,CAC7C,IAAI,CACF,aAAa,CAAC,OAAO,CAAC,EACtB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAA4B,EACoC,EAAE,CAClE,IAAI,CACF,aAAa,CAAC,OAAO,CAAC,EACtB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACW,EAAE,CAC1C,IAAI,CACF,cAAc,CAAC,OAAO,CAAC,EACvB,MAAM,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,EAC1D,MAAM,CAAC,UAAU,CAClB,CAAA;AAgBH,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,sBAAsB,EACtB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,aAAa,CAAA;AAgBpB,OAAO,EACL,SAAS,EACT,gBAAgB,EAChB,iBAAiB,EACjB,yBAAyB,GAC1B,MAAM,sBAAsB,CAAA;AAU7B,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA","sourcesContent":["/**\n * Safe functions that return discriminated unions representing\n * the successful outcome or expected failures.\n *\n * Note: unexpected runtime failures may still throw.\n *\n * @categoryDescription Passkeys\n * Functions and related types for managing passkeys\n *\n * @showCategories\n *\n * @module safe\n */\n\nimport { Effect, identity, pipe } from \"effect\"\nimport type {\n  ForbiddenError,\n  InvalidCodeError,\n  NotFoundError,\n  VerificationError,\n} from \"./errors.js\"\nimport type {\n  AssignUserOptions,\n  DeletePasskeyOptions,\n  FindAllPasskeys,\n  GetPasskeyOptions,\n  ListPasskeyOptions,\n  Passkey,\n  UpdatedPasskeyUsernames,\n  UpdatePasskeyOptions,\n  UpdatePasskeyUsernamesOptions,\n} from \"./passkey/passkey.js\"\nimport {\n  assignUser as assignUserE,\n  deletePasskey as deletePasskeyE,\n  getPasskey as getPasskeyE,\n  listPasskeys as listPasskeysE,\n  updatePasskey as updatePasskeyE,\n  updatePasskeyUsernames as updatePasskeyUsernamesE,\n} from \"./passkey/passkey.js\"\nimport type {\n  ExchangeCodeOptions,\n  VerifyIdTokenOptions,\n} from \"./principal/principal.js\"\nimport {\n  exchangeCode as exchangeCodeE,\n  verifyIdToken as verifyIdTokenE,\n} from \"./principal/principal.js\"\nimport type { ExtendedPrincipal, Principal } from \"./schemas/principal.js\"\n\n/**\n * Assign a custom User ID to a passkey. Will be reflected in the next\n * {@link Principal} or {@link ExtendedPrincipal} generated.\n *\n * **Note:** This does not change the underlying WebAuthn credential's `userId`.\n * Instead we apply a layer of indirection.\n *\n * @see {@link Principal}\n * @see {@link ExtendedPrincipal}\n * @see [credential](https://passlock.dev/rest-api/credential/)\n *\n * @param request\n * @returns A promise resolving to either a passkey or an API error.\n *\n * @category Passkeys\n */\nexport const assignUser = (\n  request: AssignUserOptions\n): Promise<Passkey | NotFoundError | ForbiddenError> =>\n  pipe(\n    assignUserE(request),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * Can also be used to assign a custom User ID, but also allows you to update\n * the username.\n *\n * **Important:** changing the username has no bearing on authentication, as\n * it's typically only used in the client-side component of the passkey\n * (so the user knows which account the passkey relates to).\n *\n * However you might choose to align the username in your vault with the\n * client-side component to simplify end user support.\n *\n * @param request\n * @returns A promise resolving to either a passkey or an API error.\n *\n * @category Passkeys\n */\nexport const updatePasskey = (\n  request: UpdatePasskeyOptions\n): Promise<Passkey | NotFoundError | ForbiddenError> =>\n  pipe(\n    updatePasskeyE(request),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * Update the username for all passkeys belonging to a given user.\n *\n * **Important:** changing the username has no bearing on authentication, as\n * it's typically only used in the client-side component of the passkey\n * (so the user knows which account the passkey relates to).\n *\n * However you might choose to align the username in your vault with the\n * client-side component to simplify end user support.\n *\n * @param request\n * @returns A promise resolving to either updated passkey usernames or an API error.\n *\n * @category Passkeys\n */\nexport const updatePasskeyUsernames = (\n  request: UpdatePasskeyUsernamesOptions\n): Promise<UpdatedPasskeyUsernames | NotFoundError | ForbiddenError> =>\n  pipe(\n    updatePasskeyUsernamesE(request),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * Delete a passkey from your vault.\n *\n * **Note:** The user will still retain the passkey on their device so\n * you will need to either:\n *\n * a) Use the @passlock/client functions to delete the passkey from the user's device.\n * b) Remind the user to delete the passkey\n *\n * See [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/) in the documentation.\n *\n * In addition, during authentication you should handle a missing passkey scenario.\n * This happens when a user tries to authenticate with a passkey that is missing from\n * your vault. The @passlock/client library can help with this. See\n * [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/)\n *\n * @see [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/)\n * @see [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/)\n *\n * @param options\n * @returns A promise resolving to either the deleted passkey or an API error.\n *\n * @category Passkeys\n */\nexport const deletePasskey = (\n  options: DeletePasskeyOptions\n): Promise<Passkey | ForbiddenError | NotFoundError> =>\n  pipe(\n    deletePasskeyE(options),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * Fetch details about a passkey. **Important**: Not to be confused with\n * the {@link exchangeCode} or {@link verifyIdToken} functions, which\n * return details about specific authentication or registration operations.\n * Use this function for passkey management, not authentication.\n *\n * @param options\n * @returns A promise resolving to either passkey details or an API error.\n *\n * @category Passkeys\n */\nexport const getPasskey = (\n  options: GetPasskeyOptions\n): Promise<Passkey | ForbiddenError | NotFoundError> =>\n  pipe(\n    getPasskeyE(options),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * List passkeys for the given tenancy. Note: This could return a cursor.\n * If so, call again, passing the cursor back in.\n *\n * @param options\n * @returns A promise resolving to a page of passkey summaries or an API error.\n *\n * @category Passkeys\n */\nexport const listPasskeys = (\n  options: ListPasskeyOptions\n): Promise<FindAllPasskeys | ForbiddenError> =>\n  pipe(\n    listPasskeysE(options),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * The @passlock/client library generates codes, which you should send to\n * your backend. Use this function to exchange the code for details about\n * the registration or authentication operation. **Note:** a code is valid\n * for 5 minutes.\n *\n * @see {@link ExtendedPrincipal}\n *\n * @param options\n * @returns A promise resolving to an extended principal or an API error.\n *\n * @category Principal\n */\nexport const exchangeCode = (\n  options: ExchangeCodeOptions\n): Promise<ExtendedPrincipal | ForbiddenError | InvalidCodeError> =>\n  pipe(\n    exchangeCodeE(options),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/**\n * Decode and verify an id_token (JWT) locally.\n * **Note:** This will make a network call to\n * `https://api.passlock.dev/.well-known/jwks.json` (or your configured `endpoint`)\n * to fetch the relevant public key. The response will be cached, however\n * bear in mind that for something like AWS Lambda it will make the call on every\n * cold start so might actually be slower than {@link exchangeCode}\n *\n * @see {@link Principal}\n *\n * @param options\n * @returns A promise resolving to a verified principal or verification failure.\n *\n * @category Principal\n */\nexport const verifyIdToken = (\n  options: VerifyIdTokenOptions\n): Promise<Principal | VerificationError> =>\n  pipe(\n    verifyIdTokenE(options),\n    Effect.match({ onFailure: identity, onSuccess: identity }),\n    Effect.runPromise\n  )\n\n/* Re-exports */\n\nexport type {\n  BadRequestError,\n  DuplicateEmailError,\n  ForbiddenError,\n  InvalidCodeError,\n  InvalidEmailError,\n  InvalidTenancyError,\n  NotFoundError,\n  PasskeyNotFoundError,\n  UnauthorizedError,\n  VerificationError,\n} from \"./errors.js\"\nexport {\n  isBadRequestError,\n  isDuplicateEmailError,\n  isForbiddenError,\n  isInvalidCodeError,\n  isInvalidEmailError,\n  isInvalidTenancyError,\n  isNotFoundError,\n  isPasskeyNotFoundError,\n  isUnauthorizedError,\n  isVerificationError,\n} from \"./errors.js\"\nexport type {\n  AssignUserOptions,\n  Credential,\n  DeletePasskeyOptions,\n  FindAllPasskeys,\n  GetPasskeyOptions,\n  ListPasskeyOptions,\n  Passkey,\n  PasskeySummary,\n  Platform,\n  UpdatedPasskeys,\n  UpdatedPasskeyUsernames,\n  UpdatePasskeyOptions,\n  UpdatePasskeyUsernamesOptions,\n} from \"./passkey/passkey.js\"\nexport {\n  isPasskey,\n  isPasskeySummary,\n  isUpdatedPasskeys,\n  isUpdatedPasskeyUsernames,\n} from \"./passkey/passkey.js\"\nexport type {\n  ExchangeCodeOptions,\n  VerifyIdTokenOptions,\n} from \"./principal/principal.js\"\nexport type {\n  CredentialDeviceType,\n  Transports,\n} from \"./schemas/passkey.js\"\nexport type { ExtendedPrincipal, Principal } from \"./schemas/principal.js\"\nexport { isExtendedPrincipal, isPrincipal } from \"./schemas/principal.js\"\nexport type {\n  AuthenticatedOptions,\n  PasslockOptions,\n} from \"./shared.js\"\n"]}
+{"version":3,"file":"safe.js","sourceRoot":"","sources":["../src/safe.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AAEH,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAA;AAoBrC,OAAO,EACL,UAAU,IAAI,WAAW,EACzB,aAAa,IAAI,cAAc,EAC/B,kBAAkB,IAAI,mBAAmB,EACzC,UAAU,IAAI,WAAW,EACzB,YAAY,IAAI,aAAa,EAC7B,aAAa,IAAI,cAAc,EAC/B,sBAAsB,IAAI,uBAAuB,GAClD,MAAM,sBAAsB,CAAA;AAK7B,OAAO,EACL,YAAY,IAAI,aAAa,EAC7B,aAAa,IAAI,cAAc,GAChC,MAAM,0BAA0B,CAAA;AACjC,OAAO,EAAe,WAAW,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAGvE,MAAM,OAAO,GAAG,CACd,MAA2B,EACJ,EAAE,CACzB,IAAI,CACF,MAAM,EACN,MAAM,CAAC,KAAK,CAAC;IACX,SAAS,EAAE,CAAC,KAAK,EAAgB,EAAE,CAAC,WAAW,CAAC,KAAK,CAAiB;IACtE,SAAS,EAAE,CAAC,KAAK,EAAgB,EAAE,CAAC,UAAU,CAAC,KAAK,CAAiB;CACtE,CAAC,EACF,MAAM,CAAC,UAAU,CAClB,CAAA;AAEH;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CACxB,OAA0B,EACgC,EAAE,CAC5D,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAA;AAE/B;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EAC6B,EAAE,CAC5D,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAA;AAElC;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CACpC,OAA+B,EACsC,EAAE,CACvE,OAAO,CAAC,uBAAuB,CAAC,OAAO,CAAC,CAAC,CAAA;AAE3C;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EAC6B,EAAE,CAC5D,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAA;AAElC;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,CAChC,OAAkC,EACgC,EAAE,CACpE,OAAO,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAA;AAEvC;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,CACxB,OAA0B,EACgC,EAAE,CAC5D,OAAO,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAA;AAE/B;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAA2B,EACuB,EAAE,CACpD,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAA;AAEjC;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,CAC1B,OAA4B,EAC2C,EAAE,CACzE,OAAO,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAA;AAEjC;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,CAC3B,OAA6B,EACkB,EAAE,CACjD,OAAO,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC,CAAA;AAiBlC,OAAO,EACL,iBAAiB,EACjB,qBAAqB,EACrB,gBAAgB,EAChB,kBAAkB,EAClB,mBAAmB,EACnB,qBAAqB,EACrB,eAAe,EACf,sBAAsB,EACtB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,aAAa,CAAA;AAmBpB,OAAO,EACL,iBAAiB,EACjB,SAAS,EACT,gBAAgB,EAChB,iBAAiB,EACjB,oBAAoB,GACrB,MAAM,sBAAsB,CAAA;AAU7B,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA","sourcesContent":["/**\n * Safe functions that return result envelopes over the original\n * tagged success and error payloads. The returned value keeps\n * its original `_tag` shape, and is also augmented with a\n * result envelope for `success`- or `failure`-style branching.\n *\n * Note: unexpected runtime failures may still throw.\n *\n * ```ts\n * const result = await exchangeCode({\n *   apiKey,\n *   code,\n *   tenancyId,\n * })\n *\n * if (result.success) {\n *   console.log(result.value.id)\n * }\n *\n * if (result.failure) {\n *   console.log(result.error.message)\n * }\n *\n * if (isExtendedPrincipal(result)) {\n *   console.log(result.id)\n * }\n * ```\n *\n * @categoryDescription Passkeys\n * Functions and related types for managing passkeys\n *\n * @showCategories\n *\n * @module safe\n */\n\nimport { Effect, pipe } from \"effect\"\nimport type {\n  ForbiddenError,\n  InvalidCodeError,\n  NotFoundError,\n  VerificationError,\n} from \"./errors.js\"\nimport type {\n  AssignUserOptions,\n  DeletePasskeyOptions,\n  DeleteUserPasskeysOptions,\n  DeletedPasskeys,\n  FindAllPasskeys,\n  GetPasskeyOptions,\n  ListPasskeyOptions,\n  Passkey,\n  UpdatedCredentials,\n  UpdatePasskeyOptions,\n  UpdateUsernamesOptions,\n} from \"./passkey/passkey.js\"\nimport {\n  assignUser as assignUserE,\n  deletePasskey as deletePasskeyE,\n  deleteUserPasskeys as deleteUserPasskeysE,\n  getPasskey as getPasskeyE,\n  listPasskeys as listPasskeysE,\n  updatePasskey as updatePasskeyE,\n  updatePasskeyUsernames as updatePasskeyUsernamesE,\n} from \"./passkey/passkey.js\"\nimport type {\n  ExchangeCodeOptions,\n  VerifyIdTokenOptions,\n} from \"./principal/principal.js\"\nimport {\n  exchangeCode as exchangeCodeE,\n  verifyIdToken as verifyIdTokenE,\n} from \"./principal/principal.js\"\nimport { type Result, toErrResult, toOkResult } from \"./safe-result.js\"\nimport type { ExtendedPrincipal, Principal } from \"./schemas/principal.js\"\n\nconst runSafe = <A extends object, E extends object>(\n  effect: Effect.Effect<A, E>\n): Promise<Result<A, E>> =>\n  pipe(\n    effect,\n    Effect.match({\n      onFailure: (error): Result<A, E> => toErrResult(error) as Result<A, E>,\n      onSuccess: (value): Result<A, E> => toOkResult(value) as Result<A, E>,\n    }),\n    Effect.runPromise\n  )\n\n/**\n * Assign a custom User ID to a passkey. Will be reflected in the next\n * {@link Principal} or {@link ExtendedPrincipal} generated.\n *\n * **Note:** This does not change the underlying WebAuthn credential's `userId`.\n * Instead we apply a layer of indirection.\n *\n * @see {@link Principal}\n * @see {@link ExtendedPrincipal}\n * @see [credential](https://passlock.dev/rest-api/credential/)\n *\n * @param request\n * @returns A promise resolving to a {@link Result} whose success branch contains\n * a passkey and whose error branch contains an API error.\n *\n * @category Passkeys\n */\nexport const assignUser = (\n  request: AssignUserOptions\n): Promise<Result<Passkey, NotFoundError | ForbiddenError>> =>\n  runSafe(assignUserE(request))\n\n/**\n * Update a passkey's custom user ID and/or username metadata.\n *\n * **Important:** changing the username has no bearing on authentication, as\n * it's typically only used in the client-side component of the passkey\n * (so the user knows which account the passkey relates to).\n *\n * However you might choose to align the username in your vault with the\n * client-side component to simplify end user support.\n *\n * @param request\n * @returns A promise resolving to a {@link Result} whose success branch contains\n * a passkey and whose error branch contains an API error.\n *\n * @category Passkeys\n */\nexport const updatePasskey = (\n  request: UpdatePasskeyOptions\n): Promise<Result<Passkey, NotFoundError | ForbiddenError>> =>\n  runSafe(updatePasskeyE(request))\n\n/**\n * Update the username and/or display name for all passkeys belonging to a given user.\n *\n * **Important:** changing these values has no bearing on authentication, as\n * it's typically only used in the client-side component of the passkey\n * (so the user knows which account the passkey relates to).\n *\n * However you might choose to align the username and display name in your vault with the\n * client-side component to simplify end user support.\n *\n * **Note:** This can be used alongside `@passlock/client`'s\n * `updatePasskeyUsernames` helper to update those details on the user's device.\n *\n * @param request\n * @returns A promise resolving to a {@link Result}.\n * The success branch contains an {@link UpdatedCredentials} payload, whose\n * `credentials` array can be passed into the client's `updatePasskeyUsernames` function.\n * The error branch contains\n * an API error.\n *\n * @category Passkeys\n */\nexport const updatePasskeyUsernames = (\n  request: UpdateUsernamesOptions\n): Promise<Result<UpdatedCredentials, NotFoundError | ForbiddenError>> =>\n  runSafe(updatePasskeyUsernamesE(request))\n\n/**\n * Delete a passkey from your vault.\n *\n * **Note:** The user will still retain the passkey on their device so\n * you will need to either:\n *\n * a) Use the @passlock/client functions to delete the passkey from the user's device.\n * b) Remind the user to delete the passkey\n *\n * See [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/) in the documentation.\n *\n * In addition, during authentication you should handle a missing passkey scenario.\n * This happens when a user tries to authenticate with a passkey that is missing from\n * your vault. The @passlock/client library can help with this. See\n * [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/)\n *\n * @see [deleting passkeys](https://passlock.dev/passkeys/passkey-removal/)\n * @see [handling missing passkeys](https://passlock.dev/handling-missing-passkeys/)\n *\n * @param options\n * @returns A promise resolving to a {@link Result} whose success branch contains\n * the deleted passkey and whose error branch contains an API error.\n *\n * @category Passkeys\n */\nexport const deletePasskey = (\n  options: DeletePasskeyOptions\n): Promise<Result<Passkey, ForbiddenError | NotFoundError>> =>\n  runSafe(deletePasskeyE(options))\n\n/**\n * Delete all passkeys associated with a user.\n *\n * @param request\n * @returns A promise resolving to a {@link Result}.\n * The success branch contains a {@link DeletedPasskeys} payload whose\n * `deleted` array can be passed directly into `@passlock/client`'s\n * `deleteUserPasskeys` helper for follow-up client-side passkey removal.\n * The error branch contains an API error.\n *\n * @category Passkeys\n */\nexport const deleteUserPasskeys = (\n  request: DeleteUserPasskeysOptions\n): Promise<Result<DeletedPasskeys, ForbiddenError | NotFoundError>> =>\n  runSafe(deleteUserPasskeysE(request))\n\n/**\n * Fetch details about a passkey. **Important**: Not to be confused with\n * the {@link exchangeCode} or {@link verifyIdToken} functions, which\n * return details about specific authentication or registration operations.\n * Use this function for passkey management, not authentication.\n *\n * @param options\n * @returns A promise resolving to a {@link Result} whose success branch contains\n * passkey details and whose error branch contains an API error.\n *\n * @category Passkeys\n */\nexport const getPasskey = (\n  options: GetPasskeyOptions\n): Promise<Result<Passkey, ForbiddenError | NotFoundError>> =>\n  runSafe(getPasskeyE(options))\n\n/**\n * List passkeys for the given tenancy. Note: This could return a cursor.\n * If so, call again, passing the cursor back in.\n *\n * @param options\n * @returns A promise resolving to a {@link Result} whose success branch contains\n * a page of passkey summaries and whose error branch contains an API error.\n *\n * @category Passkeys\n */\nexport const listPasskeys = (\n  options: ListPasskeyOptions\n): Promise<Result<FindAllPasskeys, ForbiddenError>> =>\n  runSafe(listPasskeysE(options))\n\n/**\n * The @passlock/client library generates codes, which you should send to\n * your backend. Use this function to exchange the code for details about\n * the registration or authentication operation. **Note:** a code is valid\n * for 5 minutes.\n *\n * @see {@link ExtendedPrincipal}\n *\n * @param options\n * @returns A promise resolving to a {@link Result} whose success branch contains\n * an extended principal and whose error branch contains an API error.\n *\n * @category Principal\n */\nexport const exchangeCode = (\n  options: ExchangeCodeOptions\n): Promise<Result<ExtendedPrincipal, ForbiddenError | InvalidCodeError>> =>\n  runSafe(exchangeCodeE(options))\n\n/**\n * Decode and verify an id_token (JWT) locally.\n *\n * **Note:** This will make a network call to\n * `https://api.passlock.dev/.well-known/jwks.json` (or your configured `endpoint`)\n * to fetch the relevant public key. The response will be cached, however\n * bear in mind that for environments such as AWS Lambda it will make the call\n * on each cold start, so it might be slower than {@link exchangeCode}.\n *\n * @see {@link Principal}\n *\n * @param options\n * @returns A promise resolving to a {@link Result} whose success branch contains\n * a verified principal and whose error branch contains a verification error.\n *\n * @category Principal\n */\nexport const verifyIdToken = (\n  options: VerifyIdTokenOptions\n): Promise<Result<Principal, VerificationError>> =>\n  runSafe(verifyIdTokenE(options))\n\n/* Re-exports */\n\nexport type { Err, Ok, Result } from \"./safe-result.js\"\nexport type {\n  BadRequestError,\n  DuplicateEmailError,\n  ForbiddenError,\n  InvalidCodeError,\n  InvalidEmailError,\n  InvalidTenancyError,\n  NotFoundError,\n  PasskeyNotFoundError,\n  UnauthorizedError,\n  VerificationError,\n} from \"./errors.js\"\nexport {\n  isBadRequestError,\n  isDuplicateEmailError,\n  isForbiddenError,\n  isInvalidCodeError,\n  isInvalidEmailError,\n  isInvalidTenancyError,\n  isNotFoundError,\n  isPasskeyNotFoundError,\n  isUnauthorizedError,\n  isVerificationError,\n} from \"./errors.js\"\nexport type {\n  AssignUserOptions,\n  Credential,\n  DeletePasskeyOptions,\n  DeleteUserPasskeysOptions,\n  DeletedPasskeys,\n  FindAllPasskeys,\n  GetPasskeyOptions,\n  ListPasskeyOptions,\n  Passkey,\n  PasskeyCredential,\n  PasskeySummary,\n  Platform,\n  UpdatedPasskeys,\n  UpdatedCredentials as UpdatedUserDetails,\n  UpdatePasskeyOptions,\n  UpdateUsernamesOptions as UpdateUserDetailsOptions,\n} from \"./passkey/passkey.js\"\nexport {\n  isDeletedPasskeys,\n  isPasskey,\n  isPasskeySummary,\n  isUpdatedPasskeys,\n  isUpdatedUserDetails,\n} from \"./passkey/passkey.js\"\nexport type {\n  ExchangeCodeOptions,\n  VerifyIdTokenOptions,\n} from \"./principal/principal.js\"\nexport type {\n  CredentialDeviceType,\n  Transports,\n} from \"./schemas/passkey.js\"\nexport type { ExtendedPrincipal, Principal } from \"./schemas/principal.js\"\nexport { isExtendedPrincipal, isPrincipal } from \"./schemas/principal.js\"\nexport type {\n  AuthenticatedOptions,\n  PasslockOptions,\n} from \"./shared.js\"\n"]}

package/dist/schemas/passkey.d.ts

@@ -1,9 +1,62 @@
 import { Schema } from "effect";
+/**
+ * Valid user verification requirements for WebAuthn operations.
+ *
+ * @category Passkeys
+ */
 export declare const UserVerification: Schema.Literal<["required", "preferred", "discouraged"]>;
+/**
+ * Possible device types reported for a passkey credential.
+ *
+ * @category Passkeys
+ */
 export declare const CredentialDeviceType: readonly ["singleDevice", "multiDevice"];
+/**
+ * Union of device types reported for a passkey credential.
+ *
+ * @category Passkeys
+ */
 export type CredentialDeviceType = (typeof CredentialDeviceType)[number];
+/**
+ * Possible authenticator transport hints exposed by Passlock.
+ *
+ * @category Passkeys
+ */
 export declare const Transports: readonly ["ble", "hybrid", "internal", "nfc", "usb", "cable", "smart-card"];
+/**
+ * Union of authenticator transport hints exposed by Passlock.
+ *
+ * @category Passkeys
+ */
 export type Transports = (typeof Transports)[number];
+/**
+ * Schema for the WebAuthn credential portion of a passkey.
+ *
+ * @category Passkeys
+ */
+export declare const PasskeyCredential: Schema.Struct<{
+    id: typeof Schema.String;
+    userId: typeof Schema.String;
+    username: typeof Schema.String;
+    aaguid: typeof Schema.String;
+    backedUp: typeof Schema.Boolean;
+    counter: typeof Schema.Number;
+    deviceType: Schema.Literal<["singleDevice", "multiDevice"]>;
+    transports: Schema.Array$<Schema.Literal<["ble", "hybrid", "internal", "nfc", "usb", "cable", "smart-card"]>>;
+    publicKey: Schema.Schema<Uint8Array<ArrayBufferLike>, string, never>;
+    rpId: typeof Schema.String;
+}>;
+/**
+ * Type produced by {@link PasskeyCredential}.
+ *
+ * @category Passkeys
+ */
+export type PasskeyCredential = typeof PasskeyCredential.Type;
+/**
+ * Schema for a passkey stored in the Passlock vault.
+ *
+ * @category Passkeys
+ */
 export declare const Passkey: Schema.TaggedStruct<"Passkey", {
     id: typeof Schema.String;
     userId: Schema.optional<typeof Schema.String>;
@@ -28,8 +81,26 @@ export declare const Passkey: Schema.TaggedStruct<"Passkey", {
     createdAt: typeof Schema.Number;
     updatedAt: typeof Schema.Number;
 }>;
+/**
+ * Type produced by {@link Passkey}.
+ *
+ * @category Passkeys
+ */
 export type Passkey = typeof Passkey.Type;
+/**
+ * Encoded transport shape for {@link Passkey}.
+ *
+ * Binary fields such as `publicKey` are represented using schema-friendly
+ * encoded values.
+ *
+ * @category Passkeys
+ */
 export type PasskeyEncoded = typeof Passkey.Encoded;
+/**
+ * Schema for the compact passkey payload returned by listing operations.
+ *
+ * @category Passkeys
+ */
 export declare const PasskeySummary: Schema.TaggedStruct<"PasskeySummary", {
     id: typeof Schema.String;
     userId: typeof Schema.String;
@@ -41,7 +112,17 @@ export declare const PasskeySummary: Schema.TaggedStruct<"PasskeySummary", {
     createdAt: typeof Schema.Number;
     lastUsed: Schema.optional<typeof Schema.Number>;
 }>;
+/**
+ * Type produced by {@link PasskeySummary}.
+ *
+ * @category Passkeys
+ */
 export type PasskeySummary = typeof PasskeySummary.Type;
+/**
+ * Schema for one page of passkey summaries.
+ *
+ * @category Passkeys
+ */
 export declare const FindAllPasskeys: Schema.TaggedStruct<"FindAllPasskeys", {
     cursor: Schema.NullOr<typeof Schema.String>;
     records: Schema.Array$<Schema.TaggedStruct<"PasskeySummary", {
@@ -56,6 +137,11 @@ export declare const FindAllPasskeys: Schema.TaggedStruct<"FindAllPasskeys", {
         lastUsed: Schema.optional<typeof Schema.Number>;
     }>>;
 }>;
+/**
+ * Schema for a bulk passkey update response.
+ *
+ * @category Passkeys
+ */
 export declare const UpdatedPasskeys: Schema.TaggedStruct<"UpdatedPasskeys", {
     updated: Schema.Array$<Schema.TaggedStruct<"Passkey", {
         id: typeof Schema.String;
@@ -82,4 +168,66 @@ export declare const UpdatedPasskeys: Schema.TaggedStruct<"UpdatedPasskeys", {
         updatedAt: typeof Schema.Number;
     }>>;
 }>;
+/**
+ * Schema for the credential identifiers returned after deleting passkeys.
+ *
+ * @category Passkeys
+ */
+export declare const Credential: Schema.Struct<{
+    credentialId: typeof Schema.String;
+    userId: typeof Schema.String;
+    rpId: typeof Schema.String;
+}>;
+/**
+ * Type produced by {@link Credential}.
+ *
+ * @category Passkeys
+ */
+export type Credential = typeof Credential.Type;
+/**
+ * Raw REST API schema returned when passkeys are deleted.
+ *
+ * The package maps this into {@link DeletedPasskeys} before exposing it from
+ * the higher-level APIs.
+ *
+ * @category Passkeys
+ */
+export declare const DeletedPasskeysResponse: Schema.TaggedStruct<"DeletedPasskeys", {
+    deleted: Schema.Array$<Schema.TaggedStruct<"Passkey", {
+        id: typeof Schema.String;
+        userId: Schema.optional<typeof Schema.String>;
+        enabled: typeof Schema.Boolean;
+        credential: Schema.Struct<{
+            id: typeof Schema.String;
+            userId: typeof Schema.String;
+            username: typeof Schema.String;
+            aaguid: typeof Schema.String;
+            backedUp: typeof Schema.Boolean;
+            counter: typeof Schema.Number;
+            deviceType: Schema.Literal<["singleDevice", "multiDevice"]>;
+            transports: Schema.Array$<Schema.Literal<["ble", "hybrid", "internal", "nfc", "usb", "cable", "smart-card"]>>;
+            publicKey: Schema.Schema<Uint8Array<ArrayBufferLike>, string, never>;
+            rpId: typeof Schema.String;
+        }>;
+        platform: Schema.optional<Schema.Struct<{
+            icon: Schema.optional<typeof Schema.String>;
+            name: Schema.optional<typeof Schema.String>;
+        }>>;
+        lastUsed: Schema.optional<typeof Schema.Number>;
+        createdAt: typeof Schema.Number;
+        updatedAt: typeof Schema.Number;
+    }>>;
+}>;
+/**
+ * Public schema returned when passkeys are deleted by user ID.
+ *
+ * @category Passkeys
+ */
+export declare const DeletedPasskeys: Schema.TaggedStruct<"DeletedPasskeys", {
+    deleted: Schema.Array$<Schema.Struct<{
+        credentialId: typeof Schema.String;
+        userId: typeof Schema.String;
+        rpId: typeof Schema.String;
+    }>>;
+}>;
 //# sourceMappingURL=passkey.d.ts.map

package/dist/schemas/passkey.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"passkey.d.ts","sourceRoot":"","sources":["../../src/schemas/passkey.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAW/B,eAAO,MAAM,gBAAgB,0DAI5B,CAAA;AAID,eAAO,MAAM,oBAAoB,0CAA2C,CAAA;AAC5E,MAAM,MAAM,oBAAoB,GAAG,CAAC,OAAO,oBAAoB,CAAC,CAAC,MAAM,CAAC,CAAA;AAExE,eAAO,MAAM,UAAU,6EAQb,CAAA;AACV,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,CAAC,CAAA;AAIpD,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;EAyBlB,CAAA;AAEF,MAAM,MAAM,OAAO,GAAG,OAAO,OAAO,CAAC,IAAI,CAAA;AAEzC,MAAM,MAAM,cAAc,GAAG,OAAO,OAAO,CAAC,OAAO,CAAA;AAEnD,eAAO,MAAM,cAAc;;;;;;;;;;EAUzB,CAAA;AAEF,MAAM,MAAM,cAAc,GAAG,OAAO,cAAc,CAAC,IAAI,CAAA;AAEvD,eAAO,MAAM,eAAe;;;;;;;;;;;;;EAG1B,CAAA;AAEF,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;EAE1B,CAAA"}
+{"version":3,"file":"passkey.d.ts","sourceRoot":"","sources":["../../src/schemas/passkey.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAW/B;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,0DAI5B,CAAA;AAID;;;;GAIG;AACH,eAAO,MAAM,oBAAoB,0CAA2C,CAAA;AAE5E;;;;GAIG;AACH,MAAM,MAAM,oBAAoB,GAAG,CAAC,OAAO,oBAAoB,CAAC,CAAC,MAAM,CAAC,CAAA;AAExE;;;;GAIG;AACH,eAAO,MAAM,UAAU,6EAQb,CAAA;AAEV;;;;GAIG;AACH,MAAM,MAAM,UAAU,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,CAAC,CAAA;AAIpD;;;;GAIG;AACH,eAAO,MAAM,iBAAiB;;;;;;;;;;;EAW5B,CAAA;AAEF;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,GAAG,OAAO,iBAAiB,CAAC,IAAI,CAAA;AAE7D;;;;GAIG;AACH,eAAO,MAAM,OAAO;;;;;;;;;;;;;;;;;;;;;;;EAclB,CAAA;AAEF;;;;GAIG;AACH,MAAM,MAAM,OAAO,GAAG,OAAO,OAAO,CAAC,IAAI,CAAA;AAEzC;;;;;;;GAOG;AACH,MAAM,MAAM,cAAc,GAAG,OAAO,OAAO,CAAC,OAAO,CAAA;AAEnD;;;;GAIG;AACH,eAAO,MAAM,cAAc;;;;;;;;;;EAUzB,CAAA;AAEF;;;;GAIG;AACH,MAAM,MAAM,cAAc,GAAG,OAAO,cAAc,CAAC,IAAI,CAAA;AAEvD;;;;GAIG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;EAG1B,CAAA;AAEF;;;;GAIG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;EAE1B,CAAA;AAEF;;;;GAIG;AACH,eAAO,MAAM,UAAU;;;;EAIrB,CAAA;AAEF;;;;GAIG;AACH,MAAM,MAAM,UAAU,GAAG,OAAO,UAAU,CAAC,IAAI,CAAA;AAE/C;;;;;;;GAOG;AACH,eAAO,MAAM,uBAAuB;;;;;;;;;;;;;;;;;;;;;;;;;EAElC,CAAA;AAEF;;;;GAIG;AACH,eAAO,MAAM,eAAe;;;;;;EAE1B,CAAA"}

package/dist/schemas/passkey.js

@@ -6,9 +6,24 @@ import { Schema } from "effect";
  * kind of a type level satisfies
  */
 /* Registration Options */
+/**
+ * Valid user verification requirements for WebAuthn operations.
+ *
+ * @category Passkeys
+ */
 export const UserVerification = Schema.Literal("required", "preferred", "discouraged");
 /* Passkey */
+/**
+ * Possible device types reported for a passkey credential.
+ *
+ * @category Passkeys
+ */
 export const CredentialDeviceType = ["singleDevice", "multiDevice"];
+/**
+ * Possible authenticator transport hints exposed by Passlock.
+ *
+ * @category Passkeys
+ */
 export const Transports = [
     "ble",
     "hybrid",
@@ -19,22 +34,33 @@ export const Transports = [
     "smart-card",
 ];
 /* Passkey */
+/**
+ * Schema for the WebAuthn credential portion of a passkey.
+ *
+ * @category Passkeys
+ */
+export const PasskeyCredential = Schema.Struct({
+    id: Schema.String, // webAuthnId (Base64Url)
+    userId: Schema.String, // webAuthnUserId (Base64Url)
+    username: Schema.String,
+    aaguid: Schema.String,
+    backedUp: Schema.Boolean,
+    counter: Schema.Number,
+    deviceType: Schema.Literal(...CredentialDeviceType),
+    transports: Schema.Array(Schema.Literal(...Transports)),
+    publicKey: Schema.Uint8ArrayFromBase64Url,
+    rpId: Schema.String,
+});
+/**
+ * Schema for a passkey stored in the Passlock vault.
+ *
+ * @category Passkeys
+ */
 export const Passkey = Schema.TaggedStruct("Passkey", {
     id: Schema.String,
     userId: Schema.optional(Schema.String),
     enabled: Schema.Boolean,
-    credential: Schema.Struct({
-        id: Schema.String, // webAuthnId (Base64Url)
-        userId: Schema.String, // webAuthnUserId (Base64Url)
-        username: Schema.String,
-        aaguid: Schema.String,
-        backedUp: Schema.Boolean,
-        counter: Schema.Number,
-        deviceType: Schema.Literal(...CredentialDeviceType),
-        transports: Schema.Array(Schema.Literal(...Transports)),
-        publicKey: Schema.Uint8ArrayFromBase64Url,
-        rpId: Schema.String,
-    }),
+    credential: PasskeyCredential,
     platform: Schema.optional(Schema.Struct({
         icon: Schema.optional(Schema.String),
         name: Schema.optional(Schema.String),
@@ -43,6 +69,11 @@ export const Passkey = Schema.TaggedStruct("Passkey", {
     createdAt: Schema.Number,
     updatedAt: Schema.Number,
 });
+/**
+ * Schema for the compact passkey payload returned by listing operations.
+ *
+ * @category Passkeys
+ */
 export const PasskeySummary = Schema.TaggedStruct("PasskeySummary", {
     id: Schema.String,
     userId: Schema.String,
@@ -54,11 +85,50 @@ export const PasskeySummary = Schema.TaggedStruct("PasskeySummary", {
     createdAt: Schema.Number,
     lastUsed: Schema.optional(Schema.Number),
 });
+/**
+ * Schema for one page of passkey summaries.
+ *
+ * @category Passkeys
+ */
 export const FindAllPasskeys = Schema.TaggedStruct("FindAllPasskeys", {
     cursor: Schema.NullOr(Schema.String),
     records: Schema.Array(PasskeySummary),
 });
+/**
+ * Schema for a bulk passkey update response.
+ *
+ * @category Passkeys
+ */
 export const UpdatedPasskeys = Schema.TaggedStruct("UpdatedPasskeys", {
     updated: Schema.Array(Passkey),
 });
+/**
+ * Schema for the credential identifiers returned after deleting passkeys.
+ *
+ * @category Passkeys
+ */
+export const Credential = Schema.Struct({
+    credentialId: Schema.String,
+    userId: Schema.String,
+    rpId: Schema.String,
+});
+/**
+ * Raw REST API schema returned when passkeys are deleted.
+ *
+ * The package maps this into {@link DeletedPasskeys} before exposing it from
+ * the higher-level APIs.
+ *
+ * @category Passkeys
+ */
+export const DeletedPasskeysResponse = Schema.TaggedStruct("DeletedPasskeys", {
+    deleted: Schema.Array(Passkey),
+});
+/**
+ * Public schema returned when passkeys are deleted by user ID.
+ *
+ * @category Passkeys
+ */
+export const DeletedPasskeys = Schema.TaggedStruct("DeletedPasskeys", {
+    deleted: Schema.Array(Credential),
+});
 //# sourceMappingURL=passkey.js.map

package/dist/schemas/passkey.js.map

@@ -1 +1 @@
-{"version":3,"file":"passkey.js","sourceRoot":"","sources":["../../src/schemas/passkey.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAE/B;;;;;GAKG;AAEH,0BAA0B;AAE1B,MAAM,CAAC,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAC5C,UAAU,EACV,WAAW,EACX,aAAa,CACd,CAAA;AAED,aAAa;AAEb,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,cAAc,EAAE,aAAa,CAAU,CAAA;AAG5E,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,KAAK;IACL,QAAQ;IACR,UAAU;IACV,KAAK;IACL,KAAK;IACL,OAAO;IACP,YAAY;CACJ,CAAA;AAGV,aAAa;AAEb,MAAM,CAAC,MAAM,OAAO,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,EAAE;IACpD,EAAE,EAAE,MAAM,CAAC,MAAM;IACjB,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,MAAM,CAAC,OAAO;IACvB,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC;QACxB,EAAE,EAAE,MAAM,CAAC,MAAM,EAAE,yBAAyB;QAC5C,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,6BAA6B;QACpD,QAAQ,EAAE,MAAM,CAAC,MAAM;QACvB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,QAAQ,EAAE,MAAM,CAAC,OAAO;QACxB,OAAO,EAAE,MAAM,CAAC,MAAM;QACtB,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,oBAAoB,CAAC;QACnD,UAAU,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,UAAU,CAAC,CAAC;QACvD,SAAS,EAAE,MAAM,CAAC,uBAAuB;QACzC,IAAI,EAAE,MAAM,CAAC,MAAM;KACpB,CAAC;IACF,QAAQ,EAAE,MAAM,CAAC,QAAQ,CACvB,MAAM,CAAC,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QACpC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;KACrC,CAAC,CACH;IACD,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;IACxC,SAAS,EAAE,MAAM,CAAC,MAAM;IACxB,SAAS,EAAE,MAAM,CAAC,MAAM;CACzB,CAAC,CAAA;AAMF,MAAM,CAAC,MAAM,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,gBAAgB,EAAE;IAClE,EAAE,EAAE,MAAM,CAAC,MAAM;IACjB,MAAM,EAAE,MAAM,CAAC,MAAM;IACrB,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC;QACxB,EAAE,EAAE,MAAM,CAAC,MAAM;QACjB,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,CAAC;IACF,OAAO,EAAE,MAAM,CAAC,OAAO;IACvB,SAAS,EAAE,MAAM,CAAC,MAAM;IACxB,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;CACzC,CAAC,CAAA;AAIF,MAAM,CAAC,MAAM,eAAe,GAAG,MAAM,CAAC,YAAY,CAAC,iBAAiB,EAAE;IACpE,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC;IACpC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC;CACtC,CAAC,CAAA;AAEF,MAAM,CAAC,MAAM,eAAe,GAAG,MAAM,CAAC,YAAY,CAAC,iBAAiB,EAAE;IACpE,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC;CAC/B,CAAC,CAAA","sourcesContent":["import { Schema } from \"effect\"\n\n/*\n * Important. We don't use `type X = typeof X.Type` because it won't generate\n * the Typedoc docs, so instead we mirror the types and use a dummy\n * `type _x = satisfy<typeof X.Type, X>`\n * kind of a type level satisfies\n */\n\n/* Registration Options */\n\nexport const UserVerification = Schema.Literal(\n  \"required\",\n  \"preferred\",\n  \"discouraged\"\n)\n\n/* Passkey */\n\nexport const CredentialDeviceType = [\"singleDevice\", \"multiDevice\"] as const\nexport type CredentialDeviceType = (typeof CredentialDeviceType)[number]\n\nexport const Transports = [\n  \"ble\",\n  \"hybrid\",\n  \"internal\",\n  \"nfc\",\n  \"usb\",\n  \"cable\",\n  \"smart-card\",\n] as const\nexport type Transports = (typeof Transports)[number]\n\n/* Passkey */\n\nexport const Passkey = Schema.TaggedStruct(\"Passkey\", {\n  id: Schema.String,\n  userId: Schema.optional(Schema.String),\n  enabled: Schema.Boolean,\n  credential: Schema.Struct({\n    id: Schema.String, // webAuthnId (Base64Url)\n    userId: Schema.String, // webAuthnUserId (Base64Url)\n    username: Schema.String,\n    aaguid: Schema.String,\n    backedUp: Schema.Boolean,\n    counter: Schema.Number,\n    deviceType: Schema.Literal(...CredentialDeviceType),\n    transports: Schema.Array(Schema.Literal(...Transports)),\n    publicKey: Schema.Uint8ArrayFromBase64Url,\n    rpId: Schema.String,\n  }),\n  platform: Schema.optional(\n    Schema.Struct({\n      icon: Schema.optional(Schema.String),\n      name: Schema.optional(Schema.String),\n    })\n  ),\n  lastUsed: Schema.optional(Schema.Number),\n  createdAt: Schema.Number,\n  updatedAt: Schema.Number,\n})\n\nexport type Passkey = typeof Passkey.Type\n\nexport type PasskeyEncoded = typeof Passkey.Encoded\n\nexport const PasskeySummary = Schema.TaggedStruct(\"PasskeySummary\", {\n  id: Schema.String,\n  userId: Schema.String,\n  credential: Schema.Struct({\n    id: Schema.String,\n    userId: Schema.String,\n  }),\n  enabled: Schema.Boolean,\n  createdAt: Schema.Number,\n  lastUsed: Schema.optional(Schema.Number),\n})\n\nexport type PasskeySummary = typeof PasskeySummary.Type\n\nexport const FindAllPasskeys = Schema.TaggedStruct(\"FindAllPasskeys\", {\n  cursor: Schema.NullOr(Schema.String),\n  records: Schema.Array(PasskeySummary),\n})\n\nexport const UpdatedPasskeys = Schema.TaggedStruct(\"UpdatedPasskeys\", {\n  updated: Schema.Array(Passkey),\n})\n"]}
+{"version":3,"file":"passkey.js","sourceRoot":"","sources":["../../src/schemas/passkey.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAE/B;;;;;GAKG;AAEH,0BAA0B;AAE1B;;;;GAIG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,MAAM,CAAC,OAAO,CAC5C,UAAU,EACV,WAAW,EACX,aAAa,CACd,CAAA;AAED,aAAa;AAEb;;;;GAIG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,cAAc,EAAE,aAAa,CAAU,CAAA;AAS5E;;;;GAIG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,KAAK;IACL,QAAQ;IACR,UAAU;IACV,KAAK;IACL,KAAK;IACL,OAAO;IACP,YAAY;CACJ,CAAA;AASV,aAAa;AAEb;;;;GAIG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,CAAC;IAC7C,EAAE,EAAE,MAAM,CAAC,MAAM,EAAE,yBAAyB;IAC5C,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,6BAA6B;IACpD,QAAQ,EAAE,MAAM,CAAC,MAAM;IACvB,MAAM,EAAE,MAAM,CAAC,MAAM;IACrB,QAAQ,EAAE,MAAM,CAAC,OAAO;IACxB,OAAO,EAAE,MAAM,CAAC,MAAM;IACtB,UAAU,EAAE,MAAM,CAAC,OAAO,CAAC,GAAG,oBAAoB,CAAC;IACnD,UAAU,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,GAAG,UAAU,CAAC,CAAC;IACvD,SAAS,EAAE,MAAM,CAAC,uBAAuB;IACzC,IAAI,EAAE,MAAM,CAAC,MAAM;CACpB,CAAC,CAAA;AASF;;;;GAIG;AACH,MAAM,CAAC,MAAM,OAAO,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,EAAE;IACpD,EAAE,EAAE,MAAM,CAAC,MAAM;IACjB,MAAM,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;IACtC,OAAO,EAAE,MAAM,CAAC,OAAO;IACvB,UAAU,EAAE,iBAAiB;IAC7B,QAAQ,EAAE,MAAM,CAAC,QAAQ,CACvB,MAAM,CAAC,MAAM,CAAC;QACZ,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;QACpC,IAAI,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;KACrC,CAAC,CACH;IACD,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;IACxC,SAAS,EAAE,MAAM,CAAC,MAAM;IACxB,SAAS,EAAE,MAAM,CAAC,MAAM;CACzB,CAAC,CAAA;AAmBF;;;;GAIG;AACH,MAAM,CAAC,MAAM,cAAc,GAAG,MAAM,CAAC,YAAY,CAAC,gBAAgB,EAAE;IAClE,EAAE,EAAE,MAAM,CAAC,MAAM;IACjB,MAAM,EAAE,MAAM,CAAC,MAAM;IACrB,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC;QACxB,EAAE,EAAE,MAAM,CAAC,MAAM;QACjB,MAAM,EAAE,MAAM,CAAC,MAAM;KACtB,CAAC;IACF,OAAO,EAAE,MAAM,CAAC,OAAO;IACvB,SAAS,EAAE,MAAM,CAAC,MAAM;IACxB,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC;CACzC,CAAC,CAAA;AASF;;;;GAIG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,MAAM,CAAC,YAAY,CAAC,iBAAiB,EAAE;IACpE,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC;IACpC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC;CACtC,CAAC,CAAA;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,MAAM,CAAC,YAAY,CAAC,iBAAiB,EAAE;IACpE,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC;CAC/B,CAAC,CAAA;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC;IACtC,YAAY,EAAE,MAAM,CAAC,MAAM;IAC3B,MAAM,EAAE,MAAM,CAAC,MAAM;IACrB,IAAI,EAAE,MAAM,CAAC,MAAM;CACpB,CAAC,CAAA;AASF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,MAAM,CAAC,YAAY,CAAC,iBAAiB,EAAE;IAC5E,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC;CAC/B,CAAC,CAAA;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,MAAM,CAAC,YAAY,CAAC,iBAAiB,EAAE;IACpE,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC;CAClC,CAAC,CAAA","sourcesContent":["import { Schema } from \"effect\"\n\n/*\n * Important. We don't use `type X = typeof X.Type` because it won't generate\n * the Typedoc docs, so instead we mirror the types and use a dummy\n * `type _x = satisfy<typeof X.Type, X>`\n * kind of a type level satisfies\n */\n\n/* Registration Options */\n\n/**\n * Valid user verification requirements for WebAuthn operations.\n *\n * @category Passkeys\n */\nexport const UserVerification = Schema.Literal(\n  \"required\",\n  \"preferred\",\n  \"discouraged\"\n)\n\n/* Passkey */\n\n/**\n * Possible device types reported for a passkey credential.\n *\n * @category Passkeys\n */\nexport const CredentialDeviceType = [\"singleDevice\", \"multiDevice\"] as const\n\n/**\n * Union of device types reported for a passkey credential.\n *\n * @category Passkeys\n */\nexport type CredentialDeviceType = (typeof CredentialDeviceType)[number]\n\n/**\n * Possible authenticator transport hints exposed by Passlock.\n *\n * @category Passkeys\n */\nexport const Transports = [\n  \"ble\",\n  \"hybrid\",\n  \"internal\",\n  \"nfc\",\n  \"usb\",\n  \"cable\",\n  \"smart-card\",\n] as const\n\n/**\n * Union of authenticator transport hints exposed by Passlock.\n *\n * @category Passkeys\n */\nexport type Transports = (typeof Transports)[number]\n\n/* Passkey */\n\n/**\n * Schema for the WebAuthn credential portion of a passkey.\n *\n * @category Passkeys\n */\nexport const PasskeyCredential = Schema.Struct({\n  id: Schema.String, // webAuthnId (Base64Url)\n  userId: Schema.String, // webAuthnUserId (Base64Url)\n  username: Schema.String,\n  aaguid: Schema.String,\n  backedUp: Schema.Boolean,\n  counter: Schema.Number,\n  deviceType: Schema.Literal(...CredentialDeviceType),\n  transports: Schema.Array(Schema.Literal(...Transports)),\n  publicKey: Schema.Uint8ArrayFromBase64Url,\n  rpId: Schema.String,\n})\n\n/**\n * Type produced by {@link PasskeyCredential}.\n *\n * @category Passkeys\n */\nexport type PasskeyCredential = typeof PasskeyCredential.Type\n\n/**\n * Schema for a passkey stored in the Passlock vault.\n *\n * @category Passkeys\n */\nexport const Passkey = Schema.TaggedStruct(\"Passkey\", {\n  id: Schema.String,\n  userId: Schema.optional(Schema.String),\n  enabled: Schema.Boolean,\n  credential: PasskeyCredential,\n  platform: Schema.optional(\n    Schema.Struct({\n      icon: Schema.optional(Schema.String),\n      name: Schema.optional(Schema.String),\n    })\n  ),\n  lastUsed: Schema.optional(Schema.Number),\n  createdAt: Schema.Number,\n  updatedAt: Schema.Number,\n})\n\n/**\n * Type produced by {@link Passkey}.\n *\n * @category Passkeys\n */\nexport type Passkey = typeof Passkey.Type\n\n/**\n * Encoded transport shape for {@link Passkey}.\n *\n * Binary fields such as `publicKey` are represented using schema-friendly\n * encoded values.\n *\n * @category Passkeys\n */\nexport type PasskeyEncoded = typeof Passkey.Encoded\n\n/**\n * Schema for the compact passkey payload returned by listing operations.\n *\n * @category Passkeys\n */\nexport const PasskeySummary = Schema.TaggedStruct(\"PasskeySummary\", {\n  id: Schema.String,\n  userId: Schema.String,\n  credential: Schema.Struct({\n    id: Schema.String,\n    userId: Schema.String,\n  }),\n  enabled: Schema.Boolean,\n  createdAt: Schema.Number,\n  lastUsed: Schema.optional(Schema.Number),\n})\n\n/**\n * Type produced by {@link PasskeySummary}.\n *\n * @category Passkeys\n */\nexport type PasskeySummary = typeof PasskeySummary.Type\n\n/**\n * Schema for one page of passkey summaries.\n *\n * @category Passkeys\n */\nexport const FindAllPasskeys = Schema.TaggedStruct(\"FindAllPasskeys\", {\n  cursor: Schema.NullOr(Schema.String),\n  records: Schema.Array(PasskeySummary),\n})\n\n/**\n * Schema for a bulk passkey update response.\n *\n * @category Passkeys\n */\nexport const UpdatedPasskeys = Schema.TaggedStruct(\"UpdatedPasskeys\", {\n  updated: Schema.Array(Passkey),\n})\n\n/**\n * Schema for the credential identifiers returned after deleting passkeys.\n *\n * @category Passkeys\n */\nexport const Credential = Schema.Struct({\n  credentialId: Schema.String,\n  userId: Schema.String,\n  rpId: Schema.String,\n})\n\n/**\n * Type produced by {@link Credential}.\n *\n * @category Passkeys\n */\nexport type Credential = typeof Credential.Type\n\n/**\n * Raw REST API schema returned when passkeys are deleted.\n *\n * The package maps this into {@link DeletedPasskeys} before exposing it from\n * the higher-level APIs.\n *\n * @category Passkeys\n */\nexport const DeletedPasskeysResponse = Schema.TaggedStruct(\"DeletedPasskeys\", {\n  deleted: Schema.Array(Passkey),\n})\n\n/**\n * Public schema returned when passkeys are deleted by user ID.\n *\n * @category Passkeys\n */\nexport const DeletedPasskeys = Schema.TaggedStruct(\"DeletedPasskeys\", {\n  deleted: Schema.Array(Credential),\n})\n"]}