@passlock/server 2.1.0 → 2.3.0

package/dist/network.d.ts

@@ -66,7 +66,7 @@ export interface MatchStatusCases<Resp extends NetworkResponse = NetworkResponse
     readonly "5xx"?: MatchStatusHandler<Resp>;
     readonly orElse: MatchStatusHandler<Resp>;
 }
-declare const NetworkRequestError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").Equals<A, {}> extends true ? void : { readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }) => import("effect/Cause").YieldableError & {
+declare const NetworkRequestError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").VoidIfEmpty<{ readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }>) => import("effect/Cause").YieldableError & {
     readonly _tag: "@error/NetworkRequest";
 } & Readonly<A>;
 /**
@@ -78,7 +78,7 @@ export declare class NetworkRequestError extends NetworkRequestError_base<{
     readonly message: string;
 }> {
 }
-declare const NetworkPayloadError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").Equals<A, {}> extends true ? void : { readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }) => import("effect/Cause").YieldableError & {
+declare const NetworkPayloadError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").VoidIfEmpty<{ readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }>) => import("effect/Cause").YieldableError & {
     readonly _tag: "@error/NetworkPayload";
 } & Readonly<A>;
 /**
@@ -89,7 +89,7 @@ export declare class NetworkPayloadError extends NetworkPayloadError_base<{
     readonly message: string;
 }> {
 }
-declare const NetworkResponseError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").Equals<A, {}> extends true ? void : { readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }) => import("effect/Cause").YieldableError & {
+declare const NetworkResponseError_base: new <A extends Record<string, any> = {}>(args: import("effect/Types").VoidIfEmpty<{ readonly [P in keyof A as P extends "_tag" ? never : P]: A[P]; }>) => import("effect/Cause").YieldableError & {
     readonly _tag: "@error/NetworkResponse";
 } & Readonly<A>;
 /**

package/dist/passkey/passkey.d.ts

@@ -4,9 +4,14 @@ import { ForbiddenError, NotFoundError } from "../schemas/index.js";
 import * as PasskeySchemas from "../schemas/passkey.js";
 import type { AuthenticatedOptions } from "../shared.js";
 /**
- * WebAuthn specific passkey data
+ * WebAuthn-specific credential data stored for a passkey in the Passlock vault.
+ *
+ * The `id` and `userId` fields are the underlying WebAuthn values, encoded as
+ * Base64URL strings.
+ *
+ * @category Passkeys
  */
-export type Credential = {
+export type PasskeyCredential = {
     id: string;
     userId: string;
     username: string;
@@ -31,13 +36,15 @@ export type Credential = {
  *
  * We've also included links to icons (SVG) so you can give your users
  * a quick visual indication.
+ *
+ * @category Passkeys
  */
 export type Platform = {
     name?: string | undefined;
     icon?: string | undefined;
 };
 /**
- * The server-side component of a passkey
+ * The server-side representation of a passkey stored in the Passlock vault.
  *
  * @category Passkeys
  */
@@ -52,13 +59,23 @@ export type Passkey = {
      */
     userId?: string | undefined;
     enabled: boolean;
-    credential: Credential;
+    credential: PasskeyCredential;
     platform?: Platform | undefined;
     lastUsed?: number | undefined;
     createdAt: number;
     updatedAt: number;
 };
+/**
+ * Type guard for {@link Passkey}.
+ *
+ * @category Passkeys
+ */
 export declare const isPasskey: (payload: unknown) => payload is Passkey;
+/**
+ * Compact passkey payload returned by list operations.
+ *
+ * @category Passkeys
+ */
 export type PasskeySummary = {
     readonly _tag: "PasskeySummary";
     readonly id: string;
@@ -71,20 +88,96 @@ export type PasskeySummary = {
     readonly lastUsed?: number | undefined;
     readonly createdAt: number;
 };
+/**
+ * Type guard for {@link PasskeySummary}.
+ *
+ * @category Passkeys
+ */
 export declare const isPasskeySummary: (payload: unknown) => payload is PasskeySummary;
+/**
+ * Result payload returned when passkeys are updated in bulk for a user.
+ *
+ * @category Passkeys
+ */
 export type UpdatedPasskeys = {
     _tag: "UpdatedPasskeys";
     updated: ReadonlyArray<Passkey>;
 };
+/**
+ * Type guard for {@link UpdatedPasskeys}.
+ *
+ * @category Passkeys
+ */
 export declare const isUpdatedPasskeys: (payload: unknown) => payload is UpdatedPasskeys;
+/**
+ * Credential identifiers returned by passkey deletion operations.
+ *
+ * @category Passkeys
+ */
+export type Credential = {
+    credentialId: string;
+    userId: string;
+    rpId: string;
+};
+/**
+ * Result payload returned when a single passkey has been deleted.
+ *
+ * @category Passkeys
+ */
+export type DeletedPasskey = {
+    _tag: "DeletedPasskey";
+    deleted: Credential;
+};
+/**
+ * Type guard for {@link DeletedPasskey}.
+ *
+ * @category Passkeys
+ */
+export declare const isDeletedPasskey: (payload: unknown) => payload is DeletedPasskey;
+/**
+ * Result payload returned when all passkeys for a user have been deleted.
+ *
+ * @category Passkeys
+ */
+export type DeletedPasskeys = {
+    _tag: "DeletedPasskeys";
+    deleted: ReadonlyArray<Credential>;
+};
+/**
+ * Type guard for {@link DeletedPasskeys}.
+ *
+ * @category Passkeys
+ */
+export declare const isDeletedPasskeys: (payload: unknown) => payload is DeletedPasskeys;
+/**
+ * A single page of passkey summaries returned by {@link listPasskeys}.
+ *
+ * @category Passkeys
+ */
 export type FindAllPasskeys = {
     readonly _tag: "FindAllPasskeys";
     readonly cursor: string | null;
     readonly records: ReadonlyArray<PasskeySummary>;
 };
+/**
+ * Type guard for {@link FindAllPasskeys}.
+ *
+ * @category Passkeys
+ */
 export declare const isFindAllPasskeys: (payload: unknown) => payload is FindAllPasskeys;
-export type UpdatedPasskeyUsernames = {
-    _tag: "UpdatedPasskeyUsernames";
+/**
+ * Client-facing credential update payload returned by
+ * {@link updatePasskeyUsernames}.
+ *
+ * Each entry describes one credential to update on the user's device. The
+ * returned `displayName` is derived from
+ * {@link UpdateUsernamesOptions#displayName} when provided, otherwise it falls
+ * back to the stored username.
+ *
+ * @category Passkeys
+ */
+export type UpdatedCredentials = {
+    _tag: "UpdatedCredentials";
     credentials: ReadonlyArray<{
         rpId: string;
         userId: string;
@@ -92,41 +185,205 @@ export type UpdatedPasskeyUsernames = {
         displayName: string;
     }>;
 };
-export declare const isUpdatedPasskeyUsernames: (payload: unknown) => payload is UpdatedPasskeyUsernames;
+/**
+ * Narrow an unknown value to an `UpdatedCredentials`-tagged payload.
+ *
+ * @category Passkeys
+ */
+export declare const isUpdatedUserDetails: (payload: unknown) => payload is UpdatedCredentials;
+/**
+ * Options for fetching a single passkey.
+ *
+ * @category Passkeys
+ */
 export interface GetPasskeyOptions extends AuthenticatedOptions {
+    /**
+     * Identifier of the passkey to fetch.
+     */
     passkeyId: string;
 }
+/**
+ * Fetch a single passkey from the Passlock vault.
+ *
+ * @param options Request options including the passkey identifier.
+ * @param fetchLayer Optional fetch service override for testing or custom runtimes.
+ * @returns An Effect that succeeds with the requested passkey.
+ *
+ * @category Passkeys
+ */
 export declare const getPasskey: (options: GetPasskeyOptions, fetchLayer?: Layer.Layer<NetworkFetch>) => Effect.Effect<Passkey, NotFoundError | ForbiddenError>;
+/**
+ * Options for deleting a single passkey.
+ *
+ * @category Passkeys
+ */
 export interface DeletePasskeyOptions extends AuthenticatedOptions {
+    /**
+     * Identifier of the passkey to delete.
+     */
     passkeyId: string;
 }
-export declare const deletePasskey: (options: DeletePasskeyOptions, fetchLayer?: Layer.Layer<NetworkFetch>) => Effect.Effect<Passkey, NotFoundError | ForbiddenError>;
 /**
+ * Delete a single passkey from the Passlock vault.
+ *
+ * This only removes the server-side record. It does not remove the passkey
+ * from the user's device.
+ *
+ * @param options Request options including the passkey identifier.
+ * @param fetchLayer Optional fetch service override for testing or custom runtimes.
+ * @returns An Effect that succeeds with the deleted credential.
+ *
+ * @category Passkeys
+ */
+export declare const deletePasskey: (options: DeletePasskeyOptions, fetchLayer?: Layer.Layer<NetworkFetch>) => Effect.Effect<DeletedPasskey, NotFoundError | ForbiddenError>;
+/**
+ * Options for assigning a custom user ID to a single passkey.
+ *
  * @category Passkeys
  */
 export interface AssignUserOptions extends AuthenticatedOptions {
+    /**
+     * Identifier of the passkey to update.
+     */
     passkeyId: string;
     /**
      * Custom User ID to align with your own systems
      */
     userId: string;
 }
+/**
+ * Assign a custom user ID to a single passkey.
+ *
+ * This updates Passlock's mapping for the passkey. It does not change the
+ * underlying WebAuthn credential's `userId`.
+ *
+ * @param options Request options including the passkey identifier and custom user ID.
+ * @param fetchLayer Optional fetch service override for testing or custom runtimes.
+ * @returns An Effect that succeeds with the updated passkey.
+ *
+ * @category Passkeys
+ */
 export declare const assignUser: (options: AssignUserOptions, fetchLayer?: Layer.Layer<NetworkFetch>) => Effect.Effect<Passkey, NotFoundError | ForbiddenError>;
+/**
+ * Options for updating a single passkey's metadata.
+ *
+ * @category Passkeys
+ */
 export interface UpdatePasskeyOptions extends AuthenticatedOptions {
+    /**
+     * Identifier of the passkey to update.
+     */
     passkeyId: string;
+    /**
+     * Custom user ID to associate with the passkey.
+     */
     userId?: string;
+    /**
+     * Username metadata stored alongside the passkey.
+     */
     username?: string;
 }
+/**
+ * Update a single passkey's custom user ID and/or username metadata.
+ *
+ * @param options Request options including the passkey identifier and fields to update.
+ * @param fetchLayer Optional fetch service override for testing or custom runtimes.
+ * @returns An Effect that succeeds with the updated passkey.
+ *
+ * @category Passkeys
+ */
 export declare const updatePasskey: (options: UpdatePasskeyOptions, fetchLayer?: Layer.Layer<NetworkFetch>) => Effect.Effect<Passkey, NotFoundError | ForbiddenError>;
-export interface UpdatePasskeyUsernamesOptions extends AuthenticatedOptions {
+/**
+ * Options for deleting all passkeys belonging to a user.
+ *
+ * @category Passkeys
+ */
+export interface DeleteUserPasskeysOptions extends AuthenticatedOptions {
+    /**
+     * Custom user ID whose passkeys should be deleted.
+     */
     userId: string;
+}
+/**
+ * Delete all passkeys associated with a custom user ID.
+ *
+ * The resulting `deleted` credentials can be passed to
+ * `@passlock/client` to remove the corresponding passkeys from the user's
+ * device.
+ *
+ * @param options Request options including the custom user ID.
+ * @param fetchLayer Optional fetch service override for testing or custom runtimes.
+ * @returns An Effect that succeeds with the deleted credential identifiers.
+ *
+ * @category Passkeys
+ */
+export declare const deleteUserPasskeys: (options: DeleteUserPasskeysOptions, fetchLayer?: Layer.Layer<NetworkFetch>) => Effect.Effect<DeletedPasskeys, NotFoundError | ForbiddenError>;
+/**
+ * Options for updating username metadata for all passkeys that share a custom
+ * user ID, plus optional display-name data to return for client-side updates.
+ *
+ * @category Passkeys
+ */
+export interface UpdateUsernamesOptions extends AuthenticatedOptions {
+    /**
+     * Custom user ID whose passkeys should be updated.
+     */
+    userId: string;
+    /**
+     * Username to write back to each stored passkey.
+     */
     username: string;
+    /**
+     * Optional display name to return for client-side credential updates.
+     *
+     * When omitted, the returned credentials use `username` as the display name.
+     */
     displayName?: string;
 }
-export declare const updatePasskeyUsernames: (options: UpdatePasskeyUsernamesOptions, fetchLayer?: Layer.Layer<NetworkFetch>) => Effect.Effect<UpdatedPasskeyUsernames, NotFoundError | ForbiddenError>;
+/**
+ * Update the username metadata for all passkeys belonging to a custom user ID.
+ *
+ * The resulting payload is designed to be passed to
+ * `@passlock/client` so matching device credentials can be updated.
+ * The optional `displayName` is not stored in Passlock; it is only copied into
+ * the returned client payload.
+ *
+ * @param options Request options including the custom user ID and username metadata.
+ * @param fetchLayer Optional fetch service override for testing or custom runtimes.
+ * @returns An Effect that succeeds with one credential update per updated passkey.
+ *
+ * @category Passkeys
+ */
+export declare const updatePasskeyUsernames: (options: UpdateUsernamesOptions, fetchLayer?: Layer.Layer<NetworkFetch>) => Effect.Effect<UpdatedCredentials, NotFoundError | ForbiddenError>;
+/**
+ * Stream every passkey summary for a tenancy across all result pages.
+ *
+ * @param options Request options used for each paginated request.
+ * @param fetchLayer Optional fetch service override for testing or custom runtimes.
+ * @returns A stream of passkey summaries.
+ *
+ * @category Passkeys
+ */
 export declare const listPasskeysStream: (options: AuthenticatedOptions, fetchLayer?: Layer.Layer<NetworkFetch>) => Stream.Stream<PasskeySummary, ForbiddenError>;
+/**
+ * Options for listing passkeys.
+ *
+ * @category Passkeys
+ */
 export interface ListPasskeyOptions extends AuthenticatedOptions {
+    /**
+     * Pagination cursor returned from a previous {@link listPasskeys} call.
+     */
     cursor?: string;
 }
+/**
+ * Fetch a single page of passkey summaries for a tenancy.
+ *
+ * @param options Request options including an optional pagination cursor.
+ * @param fetchLayer Optional fetch service override for testing or custom runtimes.
+ * @returns An Effect that succeeds with one page of passkey summaries.
+ *
+ * @category Passkeys
+ */
 export declare const listPasskeys: (options: ListPasskeyOptions, fetchLayer?: Layer.Layer<NetworkFetch>) => Effect.Effect<FindAllPasskeys, ForbiddenError>;
 //# sourceMappingURL=passkey.d.ts.map

package/dist/passkey/passkey.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"passkey.d.ts","sourceRoot":"","sources":["../../src/passkey/passkey.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,MAAM,EACN,KAAK,KAAK,EAKV,MAAM,EACP,MAAM,QAAQ,CAAA;AAEf,OAAO,EAGL,KAAK,YAAY,EAMlB,MAAM,eAAe,CAAA;AACtB,OAAO,EAEL,cAAc,EACd,aAAa,EACd,MAAM,qBAAqB,CAAA;AAC5B,OAAO,KAAK,cAAc,MAAM,uBAAuB,CAAA;AACvD,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAA;AAIxD;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG;IACvB,EAAE,EAAE,MAAM,CAAA;IACV,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,OAAO,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,UAAU,EAAE,cAAc,CAAC,oBAAoB,CAAA;IAC/C,UAAU,EAAE,aAAa,CAAC,cAAc,CAAC,UAAU,CAAC,CAAA;IACpD,SAAS,EAAE,UAAU,CAAC,eAAe,CAAC,CAAA;IACtC,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,MAAM,QAAQ,GAAG;IACrB,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACzB,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CAC1B,CAAA;AAED;;;;GAIG;AACH,MAAM,MAAM,OAAO,GAAG;IACpB,IAAI,EAAE,SAAS,CAAA;IACf;;OAEG;IACH,EAAE,EAAE,MAAM,CAAA;IACV;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,EAAE,UAAU,CAAA;IACtB,QAAQ,CAAC,EAAE,QAAQ,GAAG,SAAS,CAAA;IAC/B,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;CAClB,CAAA;AAED,eAAO,MAAM,SAAS,GAAI,SAAS,OAAO,KAAG,OAAO,IAAI,OACZ,CAAA;AAU5C,MAAM,MAAM,cAAc,GAAG;IAC3B,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAA;IAC/B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,UAAU,EAAE;QACnB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAA;QACnB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;KACxB,CAAA;IACD,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACtC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED,eAAO,MAAM,gBAAgB,GAAI,SAAS,OAAO,KAAG,OAAO,IAAI,cACZ,CAAA;AAanD,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,iBAAiB,CAAA;IACvB,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,CAAA;CAChC,CAAA;AAED,eAAO,MAAM,iBAAiB,GAC5B,SAAS,OAAO,KACf,OAAO,IAAI,eACsC,CAAA;AAapD,MAAM,MAAM,eAAe,GAAG;IAC5B,QAAQ,CAAC,IAAI,EAAE,iBAAiB,CAAA;IAChC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IAC9B,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,cAAc,CAAC,CAAA;CAChD,CAAA;AAED,eAAO,MAAM,iBAAiB,GAC5B,SAAS,OAAO,KACf,OAAO,IAAI,eACsC,CAAA;AAapD,MAAM,MAAM,uBAAuB,GAAG;IACpC,IAAI,EAAE,yBAAyB,CAAA;IAC/B,WAAW,EAAE,aAAa,CAAC;QACzB,IAAI,EAAE,MAAM,CAAA;QACZ,MAAM,EAAE,MAAM,CAAA;QACd,QAAQ,EAAE,MAAM,CAAA;QAChB,WAAW,EAAE,MAAM,CAAA;KACpB,CAAC,CAAA;CACH,CAAA;AAED,eAAO,MAAM,yBAAyB,GACpC,SAAS,OAAO,KACf,OAAO,IAAI,uBAQb,CAAA;AAeD,MAAM,WAAW,iBAAkB,SAAQ,oBAAoB;IAC7D,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,eAAO,MAAM,UAAU,GACrB,SAAS,iBAAiB,EAC1B,aAAY,KAAK,CAAC,KAAK,CAAC,YAAY,CAAoB,KACvD,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,cAAc,CAqCrD,CAAA;AAIH,MAAM,WAAW,oBAAqB,SAAQ,oBAAoB;IAChE,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,EAC7B,aAAY,KAAK,CAAC,KAAK,CAAC,YAAY,CAAoB,KACvD,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,cAAc,CAuCrD,CAAA;AAIH;;GAEG;AACH,MAAM,WAAW,iBAAkB,SAAQ,oBAAoB;IAC7D,SAAS,EAAE,MAAM,CAAA;IAEjB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAA;CACf;AAGD,eAAO,MAAM,UAAU,GACrB,SAAS,iBAAiB,EAC1B,aAAY,KAAK,CAAC,KAAK,CAAC,YAAY,CAAoB,KACvD,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,cAAc,CA2CrD,CAAA;AAIH,MAAM,WAAW,oBAAqB,SAAQ,oBAAoB;IAChE,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAED,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,EAC7B,aAAY,KAAK,CAAC,KAAK,CAAC,YAAY,CAAoB,KACvD,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,cAAc,CA4CrD,CAAA;AA6DH,MAAM,WAAW,6BAA8B,SAAQ,oBAAoB;IACzE,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED,eAAO,MAAM,sBAAsB,GACjC,SAAS,6BAA6B,EACtC,aAAY,KAAK,CAAC,KAAK,CAAC,YAAY,CAAoB,KACvD,MAAM,CAAC,MAAM,CAAC,uBAAuB,EAAE,aAAa,GAAG,cAAc,CAkBrE,CAAA;AAIH,eAAO,MAAM,kBAAkB,GAC7B,SAAS,oBAAoB,EAC7B,aAAY,KAAK,CAAC,KAAK,CAAC,YAAY,CAAoB,KACvD,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,cAAc,CAW5C,CAAA;AAEH,MAAM,WAAW,kBAAmB,SAAQ,oBAAoB;IAC9D,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED,eAAO,MAAM,YAAY,GACvB,SAAS,kBAAkB,EAC3B,aAAY,KAAK,CAAC,KAAK,CAAC,YAAY,CAAoB,KACvD,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,cAAc,CAqC7C,CAAA"}
+{"version":3,"file":"passkey.d.ts","sourceRoot":"","sources":["../../src/passkey/passkey.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,MAAM,EACN,KAAK,KAAK,EAKV,MAAM,EACP,MAAM,QAAQ,CAAA;AAEf,OAAO,EAGL,KAAK,YAAY,EAMlB,MAAM,eAAe,CAAA;AACtB,OAAO,EAEL,cAAc,EACd,aAAa,EACd,MAAM,qBAAqB,CAAA;AAC5B,OAAO,KAAK,cAAc,MAAM,uBAAuB,CAAA;AACvD,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAA;AAIxD;;;;;;;GAOG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,EAAE,EAAE,MAAM,CAAA;IACV,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,CAAA;IAChB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,OAAO,CAAA;IACjB,OAAO,EAAE,MAAM,CAAA;IACf,UAAU,EAAE,cAAc,CAAC,oBAAoB,CAAA;IAC/C,UAAU,EAAE,aAAa,CAAC,cAAc,CAAC,UAAU,CAAC,CAAA;IACpD,SAAS,EAAE,UAAU,CAAC,eAAe,CAAC,CAAA;IACtC,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,MAAM,QAAQ,GAAG;IACrB,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACzB,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CAC1B,CAAA;AAED;;;;GAIG;AACH,MAAM,MAAM,OAAO,GAAG;IACpB,IAAI,EAAE,SAAS,CAAA;IACf;;OAEG;IACH,EAAE,EAAE,MAAM,CAAA;IACV;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC3B,OAAO,EAAE,OAAO,CAAA;IAChB,UAAU,EAAE,iBAAiB,CAAA;IAC7B,QAAQ,CAAC,EAAE,QAAQ,GAAG,SAAS,CAAA;IAC/B,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;CAClB,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,SAAS,GAAI,SAAS,OAAO,KAAG,OAAO,IAAI,OACZ,CAAA;AAmB5C;;;;GAIG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAA;IAC/B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAA;IACnB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;IACvB,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAA;IACzB,QAAQ,CAAC,UAAU,EAAE;QACnB,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAA;QACnB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;KACxB,CAAA;IACD,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IACtC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,GAAI,SAAS,OAAO,KAAG,OAAO,IAAI,cACZ,CAAA;AAanD;;;;GAIG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,iBAAiB,CAAA;IACvB,OAAO,EAAE,aAAa,CAAC,OAAO,CAAC,CAAA;CAChC,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,iBAAiB,GAC5B,SAAS,OAAO,KACf,OAAO,IAAI,eACsC,CAAA;AAapD;;;;GAIG;AACH,MAAM,MAAM,UAAU,GAAG;IACvB,YAAY,EAAE,MAAM,CAAA;IACpB,MAAM,EAAE,MAAM,CAAA;IACd,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAaD;;;;GAIG;AACH,MAAM,MAAM,cAAc,GAAG;IAC3B,IAAI,EAAE,gBAAgB,CAAA;IACtB,OAAO,EAAE,UAAU,CAAA;CACpB,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,gBAAgB,GAAI,SAAS,OAAO,KAAG,OAAO,IAAI,cACZ,CAAA;AAanD;;;;GAIG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B,IAAI,EAAE,iBAAiB,CAAA;IACvB,OAAO,EAAE,aAAa,CAAC,UAAU,CAAC,CAAA;CACnC,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,iBAAiB,GAC5B,SAAS,OAAO,KACf,OAAO,IAAI,eACsC,CAAA;AAapD;;;;GAIG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B,QAAQ,CAAC,IAAI,EAAE,iBAAiB,CAAA;IAChC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IAC9B,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,cAAc,CAAC,CAAA;CAChD,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,iBAAiB,GAC5B,SAAS,OAAO,KACf,OAAO,IAAI,eACsC,CAAA;AAapD;;;;;;;;;;GAUG;AACH,MAAM,MAAM,kBAAkB,GAAG;IAC/B,IAAI,EAAE,oBAAoB,CAAA;IAC1B,WAAW,EAAE,aAAa,CAAC;QACzB,IAAI,EAAE,MAAM,CAAA;QACZ,MAAM,EAAE,MAAM,CAAA;QACd,QAAQ,EAAE,MAAM,CAAA;QAChB,WAAW,EAAE,MAAM,CAAA;KACpB,CAAC,CAAA;CACH,CAAA;AAED;;;;GAIG;AACH,eAAO,MAAM,oBAAoB,GAC/B,SAAS,OAAO,KACf,OAAO,IAAI,kBAQb,CAAA;AAeD;;;;GAIG;AACH,MAAM,WAAW,iBAAkB,SAAQ,oBAAoB;IAC7D;;OAEG;IACH,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,UAAU,GACrB,SAAS,iBAAiB,EAC1B,aAAY,KAAK,CAAC,KAAK,CAAC,YAAY,CAAoB,KACvD,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,cAAc,CAqCrD,CAAA;AAIH;;;;GAIG;AACH,MAAM,WAAW,oBAAqB,SAAQ,oBAAoB;IAChE;;OAEG;IACH,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,EAC7B,aAAY,KAAK,CAAC,KAAK,CAAC,YAAY,CAAoB,KACvD,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,aAAa,GAAG,cAAc,CA8C5D,CAAA;AAIH;;;;GAIG;AACH,MAAM,WAAW,iBAAkB,SAAQ,oBAAoB;IAC7D;;OAEG;IACH,SAAS,EAAE,MAAM,CAAA;IAEjB;;OAEG;IACH,MAAM,EAAE,MAAM,CAAA;CACf;AAGD;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,UAAU,GACrB,SAAS,iBAAiB,EAC1B,aAAY,KAAK,CAAC,KAAK,CAAC,YAAY,CAAoB,KACvD,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,cAAc,CA2CrD,CAAA;AAIH;;;;GAIG;AACH,MAAM,WAAW,oBAAqB,SAAQ,oBAAoB;IAChE;;OAEG;IACH,SAAS,EAAE,MAAM,CAAA;IACjB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;IACf;;OAEG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAA;CAClB;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,aAAa,GACxB,SAAS,oBAAoB,EAC7B,aAAY,KAAK,CAAC,KAAK,CAAC,YAAY,CAAoB,KACvD,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,cAAc,CA4CrD,CAAA;AA6DH;;;;GAIG;AACH,MAAM,WAAW,yBAA0B,SAAQ,oBAAoB;IACrE;;OAEG;IACH,MAAM,EAAE,MAAM,CAAA;CACf;AAED;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,kBAAkB,GAC7B,SAAS,yBAAyB,EAClC,aAAY,KAAK,CAAC,KAAK,CAAC,YAAY,CAAoB,KACvD,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,aAAa,GAAG,cAAc,CAoD7D,CAAA;AAIH;;;;;GAKG;AACH,MAAM,WAAW,sBAAuB,SAAQ,oBAAoB;IAClE;;OAEG;IACH,MAAM,EAAE,MAAM,CAAA;IACd;;OAEG;IACH,QAAQ,EAAE,MAAM,CAAA;IAChB;;;;OAIG;IACH,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,sBAAsB,GACjC,SAAS,sBAAsB,EAC/B,aAAY,KAAK,CAAC,KAAK,CAAC,YAAY,CAAoB,KACvD,MAAM,CAAC,MAAM,CAAC,kBAAkB,EAAE,aAAa,GAAG,cAAc,CAkBhE,CAAA;AAIH;;;;;;;;GAQG;AACH,eAAO,MAAM,kBAAkB,GAC7B,SAAS,oBAAoB,EAC7B,aAAY,KAAK,CAAC,KAAK,CAAC,YAAY,CAAoB,KACvD,MAAM,CAAC,MAAM,CAAC,cAAc,EAAE,cAAc,CAW5C,CAAA;AAEH;;;;GAIG;AACH,MAAM,WAAW,kBAAmB,SAAQ,oBAAoB;IAC9D;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,YAAY,GACvB,SAAS,kBAAkB,EAC3B,aAAY,KAAK,CAAC,KAAK,CAAC,YAAY,CAAoB,KACvD,MAAM,CAAC,MAAM,CAAC,eAAe,EAAE,cAAc,CAqC7C,CAAA"}

package/dist/passkey/passkey.js

@@ -2,11 +2,48 @@ import { Array, Chunk, Effect, Match, Option, pipe, Schema, Stream, } from "effe
 import { fetchNetwork, matchStatus, NetworkFetchLive, } from "../network.js";
 import { FindAllPasskeys as FindAllPasskeysSchema, ForbiddenError, NotFoundError, } from "../schemas/index.js";
 import * as PasskeySchemas from "../schemas/passkey.js";
+/**
+ * Type guard for {@link Passkey}.
+ *
+ * @category Passkeys
+ */
 export const isPasskey = (payload) => Schema.is(PasskeySchemas.Passkey)(payload);
+/**
+ * Type guard for {@link PasskeySummary}.
+ *
+ * @category Passkeys
+ */
 export const isPasskeySummary = (payload) => Schema.is(PasskeySchemas.PasskeySummary)(payload);
+/**
+ * Type guard for {@link UpdatedPasskeys}.
+ *
+ * @category Passkeys
+ */
 export const isUpdatedPasskeys = (payload) => Schema.is(PasskeySchemas.UpdatedPasskeys)(payload);
+/**
+ * Type guard for {@link DeletedPasskey}.
+ *
+ * @category Passkeys
+ */
+export const isDeletedPasskey = (payload) => Schema.is(PasskeySchemas.DeletedPasskey)(payload);
+/**
+ * Type guard for {@link DeletedPasskeys}.
+ *
+ * @category Passkeys
+ */
+export const isDeletedPasskeys = (payload) => Schema.is(PasskeySchemas.DeletedPasskeys)(payload);
+/**
+ * Type guard for {@link FindAllPasskeys}.
+ *
+ * @category Passkeys
+ */
 export const isFindAllPasskeys = (payload) => Schema.is(PasskeySchemas.FindAllPasskeys)(payload);
-export const isUpdatedPasskeyUsernames = (payload) => {
+/**
+ * Narrow an unknown value to an `UpdatedCredentials`-tagged payload.
+ *
+ * @category Passkeys
+ */
+export const isUpdatedUserDetails = (payload) => {
     if (typeof payload !== "object")
         return false;
     if (payload === null)
@@ -15,15 +52,24 @@ export const isUpdatedPasskeyUsernames = (payload) => {
         return false;
     if (typeof payload._tag !== "string")
         return false;
-    if (payload._tag !== "UpdatedPasskeyUsernames")
+    if (payload._tag !== "UpdatedCredentials")
         return false;
     return true;
 };
-/* END UpdatedPasskeyUsernames */
+/* END UpdatedUserDetails */
 const authorizationHeaders = (apiKey) => ({
     authorization: `Bearer ${apiKey}`,
 });
 const decodeResponseJson = (response, schema) => pipe(response.json, Effect.flatMap(Schema.decodeUnknown(schema)));
+/**
+ * Fetch a single passkey from the Passlock vault.
+ *
+ * @param options Request options including the passkey identifier.
+ * @param fetchLayer Optional fetch service override for testing or custom runtimes.
+ * @returns An Effect that succeeds with the requested passkey.
+ *
+ * @category Passkeys
+ */
 export const getPasskey = (options, fetchLayer = NetworkFetchLive) => pipe(Effect.gen(function* () {
     const baseUrl = options.endpoint ?? "https://api.passlock.dev";
     const { tenancyId, passkeyId } = options;
@@ -42,6 +88,18 @@ export const getPasskey = (options, fetchLayer = NetworkFetchLive) => pipe(Effec
     "@error/NetworkResponse": (err) => Effect.die(err),
     ParseError: (err) => Effect.die(err),
 }), Effect.provide(fetchLayer));
+/**
+ * Delete a single passkey from the Passlock vault.
+ *
+ * This only removes the server-side record. It does not remove the passkey
+ * from the user's device.
+ *
+ * @param options Request options including the passkey identifier.
+ * @param fetchLayer Optional fetch service override for testing or custom runtimes.
+ * @returns An Effect that succeeds with the deleted credential.
+ *
+ * @category Passkeys
+ */
 export const deletePasskey = (options, fetchLayer = NetworkFetchLive) => pipe(Effect.gen(function* () {
     const baseUrl = options.endpoint ?? "https://api.passlock.dev";
     const { tenancyId, passkeyId } = options;
@@ -53,7 +111,14 @@ export const deletePasskey = (options, fetchLayer = NetworkFetchLive) => pipe(Ef
         "2xx": (res) => decodeResponseJson(res, PasskeySchemas.Passkey),
         orElse: (res) => decodeResponseJson(res, Schema.Union(ForbiddenError, NotFoundError)),
     });
-    return yield* pipe(Match.value(encoded), Match.tag("Passkey", (deletedPasskey) => Effect.succeed(deletedPasskey)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.tag("@error/NotFound", (err) => Effect.fail(err)), Match.exhaustive);
+    return yield* pipe(Match.value(encoded), Match.tag("Passkey", (passkey) => Effect.succeed({
+        _tag: "DeletedPasskey",
+        deleted: {
+            credentialId: passkey.credential.id,
+            userId: passkey.credential.userId,
+            rpId: passkey.credential.rpId,
+        },
+    })), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.tag("@error/NotFound", (err) => Effect.fail(err)), Match.exhaustive);
 }), Effect.catchTags({
     "@error/NetworkPayload": (err) => Effect.die(err),
     "@error/NetworkRequest": (err) => Effect.die(err),
@@ -61,6 +126,18 @@ export const deletePasskey = (options, fetchLayer = NetworkFetchLive) => pipe(Ef
     ParseError: (err) => Effect.die(err),
 }), Effect.provide(fetchLayer));
 // TODO reuse updatePasskey
+/**
+ * Assign a custom user ID to a single passkey.
+ *
+ * This updates Passlock's mapping for the passkey. It does not change the
+ * underlying WebAuthn credential's `userId`.
+ *
+ * @param options Request options including the passkey identifier and custom user ID.
+ * @param fetchLayer Optional fetch service override for testing or custom runtimes.
+ * @returns An Effect that succeeds with the updated passkey.
+ *
+ * @category Passkeys
+ */
 export const assignUser = (options, fetchLayer = NetworkFetchLive) => pipe(Effect.gen(function* () {
     const baseUrl = options.endpoint ?? "https://api.passlock.dev";
     const { userId, passkeyId } = options;
@@ -80,6 +157,15 @@ export const assignUser = (options, fetchLayer = NetworkFetchLive) => pipe(Effec
     "@error/NetworkResponse": (err) => Effect.die(err),
     ParseError: (err) => Effect.die(err),
 }), Effect.provide(fetchLayer));
+/**
+ * Update a single passkey's custom user ID and/or username metadata.
+ *
+ * @param options Request options including the passkey identifier and fields to update.
+ * @param fetchLayer Optional fetch service override for testing or custom runtimes.
+ * @returns An Effect that succeeds with the updated passkey.
+ *
+ * @category Passkeys
+ */
 export const updatePasskey = (options, fetchLayer = NetworkFetchLive) => pipe(Effect.gen(function* () {
     const baseUrl = options.endpoint ?? "https://api.passlock.dev";
     const { userId, passkeyId, username } = options;
@@ -118,6 +204,58 @@ const updateUserPasskeys = (options, fetchLayer = NetworkFetchLive) => pipe(Effe
     "@error/NetworkResponse": (err) => Effect.die(err),
     ParseError: (err) => Effect.die(err),
 }), Effect.provide(fetchLayer));
+/**
+ * Delete all passkeys associated with a custom user ID.
+ *
+ * The resulting `deleted` credentials can be passed to
+ * `@passlock/client` to remove the corresponding passkeys from the user's
+ * device.
+ *
+ * @param options Request options including the custom user ID.
+ * @param fetchLayer Optional fetch service override for testing or custom runtimes.
+ * @returns An Effect that succeeds with the deleted credential identifiers.
+ *
+ * @category Passkeys
+ */
+export const deleteUserPasskeys = (options, fetchLayer = NetworkFetchLive) => pipe(Effect.gen(function* () {
+    const baseUrl = options.endpoint ?? "https://api.passlock.dev";
+    const { tenancyId, userId } = options;
+    const url = new URL(`/${tenancyId}/users/${userId}/passkeys/`, baseUrl);
+    const response = yield* fetchNetwork(url, "delete", { userId }, {
+        headers: authorizationHeaders(options.apiKey),
+    });
+    const encoded = yield* matchStatus(response, {
+        "2xx": (res) => decodeResponseJson(res, PasskeySchemas.DeletedPasskeysResponse),
+        orElse: (res) => decodeResponseJson(res, Schema.Union(NotFoundError, ForbiddenError)),
+    });
+    return yield* pipe(Match.value(encoded), Match.tag("DeletedPasskeys", (result) => Effect.succeed({
+        _tag: "DeletedPasskeys",
+        deleted: result.deleted.map((passkey) => ({
+            credentialId: passkey.credential.id,
+            userId: passkey.credential.userId,
+            rpId: passkey.credential.rpId,
+        })),
+    })), Match.tag("@error/NotFound", (err) => Effect.fail(err)), Match.tag("@error/Forbidden", (err) => Effect.fail(err)), Match.exhaustive);
+}), Effect.catchTags({
+    "@error/NetworkPayload": (err) => Effect.die(err),
+    "@error/NetworkRequest": (err) => Effect.die(err),
+    "@error/NetworkResponse": (err) => Effect.die(err),
+    ParseError: (err) => Effect.die(err),
+}), Effect.provide(fetchLayer));
+/**
+ * Update the username metadata for all passkeys belonging to a custom user ID.
+ *
+ * The resulting payload is designed to be passed to
+ * `@passlock/client` so matching device credentials can be updated.
+ * The optional `displayName` is not stored in Passlock; it is only copied into
+ * the returned client payload.
+ *
+ * @param options Request options including the custom user ID and username metadata.
+ * @param fetchLayer Optional fetch service override for testing or custom runtimes.
+ * @returns An Effect that succeeds with one credential update per updated passkey.
+ *
+ * @category Passkeys
+ */
 export const updatePasskeyUsernames = (options, fetchLayer = NetworkFetchLive) => pipe(updateUserPasskeys(options, fetchLayer), Effect.map((result) => result.updated), Effect.map(Array.map((passkey) => {
     return {
         rpId: passkey.credential.rpId,
@@ -126,14 +264,32 @@ export const updatePasskeyUsernames = (options, fetchLayer = NetworkFetchLive) =
         displayName: options.displayName ?? passkey.credential.username,
     };
 })), Effect.map((credentials) => ({
-    _tag: "UpdatedPasskeyUsernames",
+    _tag: "UpdatedCredentials",
     credentials,
 })));
 /* List Passkeys */
+/**
+ * Stream every passkey summary for a tenancy across all result pages.
+ *
+ * @param options Request options used for each paginated request.
+ * @param fetchLayer Optional fetch service override for testing or custom runtimes.
+ * @returns A stream of passkey summaries.
+ *
+ * @category Passkeys
+ */
 export const listPasskeysStream = (options, fetchLayer = NetworkFetchLive) => pipe(Stream.paginateChunkEffect(null, (cursor) => pipe(listPasskeys(cursor ? { ...options, cursor } : options, fetchLayer), Effect.map((result) => [
     Chunk.fromIterable(result.records),
     Option.fromNullable(result.cursor),
 ]))));
+/**
+ * Fetch a single page of passkey summaries for a tenancy.
+ *
+ * @param options Request options including an optional pagination cursor.
+ * @param fetchLayer Optional fetch service override for testing or custom runtimes.
+ * @returns An Effect that succeeds with one page of passkey summaries.
+ *
+ * @category Passkeys
+ */
 export const listPasskeys = (options, fetchLayer = NetworkFetchLive) => pipe(Effect.gen(function* () {
     const baseUrl = options.endpoint ?? "https://api.passlock.dev";
     const { tenancyId } = options;