@portaidentity/sdk 0.1.0

package/dist/node.js

@@ -0,0 +1,12 @@
+/**
+ * @portaidentity/sdk/node — Node.js entrypoint.
+ *
+ * Exports Node.js-specific transport and all auth providers.
+ *
+ * @module @portaidentity/sdk/node
+ */
+// Node transport
+export { createNodeTransport } from './transport/node-transport.js';
+// Auth providers
+export { createTokenAuth, createClientCredentialsAuth, createCliAuth } from './auth/index.js';
+//# sourceMappingURL=node.js.map

package/dist/node.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"node.js","sourceRoot":"","sources":["../src/node.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,iBAAiB;AACjB,OAAO,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AAGpE,iBAAiB;AACjB,OAAO,EAAE,eAAe,EAAE,2BAA2B,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC"}

package/dist/pagination/index.d.ts

@@ -0,0 +1,87 @@
+/**
+ * Pagination types and helpers for the Porta SDK.
+ *
+ * The server uses two pagination strategies:
+ * - **Offset-based**: `page`, `pageSize`, `totalPages` (legacy endpoints)
+ * - **Cursor-based**: `cursor`, `hasMore`, `limit` (newer endpoints)
+ *
+ * The `listAll` helper auto-detects the strategy from the first
+ * response and fetches all remaining pages sequentially.
+ */
+/**
+ * Paginated response from the server.
+ *
+ * The response shape varies by pagination strategy — offset-based
+ * endpoints include `page`/`totalPages`, cursor-based include
+ * `cursor`/`hasMore`. Both always include `data` and `total`.
+ */
+export interface PaginatedResult<T> {
+    /** Array of entities for the current page */
+    data: T[];
+    /** Total number of entities across all pages */
+    total: number;
+    /** Current page number (1-based). Present for offset-based pagination. */
+    page?: number;
+    /** Number of items per page. Present for offset-based pagination. */
+    pageSize?: number;
+    /** Total number of pages. Present for offset-based pagination. */
+    totalPages?: number;
+    /** Cursor for the next page. Null when on the last page. */
+    cursor?: string | null;
+    /** Whether more pages exist after this one. */
+    hasMore?: boolean;
+}
+/**
+ * Parameters for paginated list endpoints.
+ *
+ * Domain methods accept these to control pagination, filtering,
+ * and sorting. Not all fields apply to all endpoints — the domain
+ * method passes only what the server supports.
+ */
+export interface PaginatedListParams {
+    /** Page number (1-based) for offset pagination */
+    page?: number;
+    /** Items per page for offset pagination */
+    pageSize?: number;
+    /** Cursor for cursor-based pagination */
+    cursor?: string;
+    /** Items per page for cursor-based pagination */
+    limit?: number;
+    /** Free-text search query */
+    search?: string;
+    /** Field to sort by */
+    sortBy?: string;
+    /** Sort direction */
+    sortOrder?: 'asc' | 'desc';
+    /** Additional domain-specific filter parameters */
+    [key: string]: string | number | boolean | undefined | null;
+}
+/**
+ * Fetches all pages of a paginated endpoint and returns the
+ * combined results as a flat array.
+ *
+ * Auto-detects the pagination strategy from the first response:
+ * - If `cursor`/`hasMore` fields are present → cursor-based iteration
+ * - If `totalPages` is present → offset-based iteration
+ * - Otherwise → returns just the first page's data
+ *
+ * @param fetchPage - Function that fetches a single page
+ * @param params - Base parameters (page/cursor excluded — managed internally)
+ * @param options - Optional AbortSignal for cancellation
+ * @returns Combined array of all entities across all pages
+ *
+ * @throws Immediately on any page fetch error (no partial results)
+ * @throws {DOMException} If the AbortSignal is triggered
+ *
+ * @example
+ * ```typescript
+ * const allOrgs = await listAll(
+ *   (p) => client.organizations.list(p),
+ *   { search: 'acme', sortBy: 'name' },
+ * );
+ * ```
+ */
+export declare function listAll<T>(fetchPage: (params: PaginatedListParams) => Promise<PaginatedResult<T>>, params?: Omit<PaginatedListParams, 'page' | 'cursor'>, options?: {
+    signal?: AbortSignal;
+}): Promise<T[]>;
+//# sourceMappingURL=index.d.ts.map

package/dist/pagination/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/pagination/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;;;;;GAMG;AACH,MAAM,WAAW,eAAe,CAAC,CAAC;IAChC,6CAA6C;IAC7C,IAAI,EAAE,CAAC,EAAE,CAAC;IAEV,gDAAgD;IAChD,KAAK,EAAE,MAAM,CAAC;IAId,0EAA0E;IAC1E,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,qEAAqE;IACrE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,kEAAkE;IAClE,UAAU,CAAC,EAAE,MAAM,CAAC;IAIpB,4DAA4D;IAC5D,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAEvB,+CAA+C;IAC/C,OAAO,CAAC,EAAE,OAAO,CAAC;CACnB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,mBAAmB;IAGlC,kDAAkD;IAClD,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd,2CAA2C;IAC3C,QAAQ,CAAC,EAAE,MAAM,CAAC;IAIlB,yCAAyC;IACzC,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,iDAAiD;IACjD,KAAK,CAAC,EAAE,MAAM,CAAC;IAIf,6BAA6B;IAC7B,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,uBAAuB;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB,qBAAqB;IACrB,SAAS,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;IAE3B,mDAAmD;IACnD,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,GAAG,IAAI,CAAC;CAC7D;AAED;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAsB,OAAO,CAAC,CAAC,EAC7B,SAAS,EAAE,CAAC,MAAM,EAAE,mBAAmB,KAAK,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,EACvE,MAAM,CAAC,EAAE,IAAI,CAAC,mBAAmB,EAAE,MAAM,GAAG,QAAQ,CAAC,EACrD,OAAO,CAAC,EAAE;IAAE,MAAM,CAAC,EAAE,WAAW,CAAA;CAAE,GACjC,OAAO,CAAC,CAAC,EAAE,CAAC,CAqCd"}

package/dist/pagination/index.js

@@ -0,0 +1,67 @@
+/**
+ * Pagination types and helpers for the Porta SDK.
+ *
+ * The server uses two pagination strategies:
+ * - **Offset-based**: `page`, `pageSize`, `totalPages` (legacy endpoints)
+ * - **Cursor-based**: `cursor`, `hasMore`, `limit` (newer endpoints)
+ *
+ * The `listAll` helper auto-detects the strategy from the first
+ * response and fetches all remaining pages sequentially.
+ */
+/**
+ * Fetches all pages of a paginated endpoint and returns the
+ * combined results as a flat array.
+ *
+ * Auto-detects the pagination strategy from the first response:
+ * - If `cursor`/`hasMore` fields are present → cursor-based iteration
+ * - If `totalPages` is present → offset-based iteration
+ * - Otherwise → returns just the first page's data
+ *
+ * @param fetchPage - Function that fetches a single page
+ * @param params - Base parameters (page/cursor excluded — managed internally)
+ * @param options - Optional AbortSignal for cancellation
+ * @returns Combined array of all entities across all pages
+ *
+ * @throws Immediately on any page fetch error (no partial results)
+ * @throws {DOMException} If the AbortSignal is triggered
+ *
+ * @example
+ * ```typescript
+ * const allOrgs = await listAll(
+ *   (p) => client.organizations.list(p),
+ *   { search: 'acme', sortBy: 'name' },
+ * );
+ * ```
+ */
+export async function listAll(fetchPage, params, options) {
+    const baseParams = { ...params };
+    const signal = options?.signal;
+    // Fetch the first page to detect pagination strategy
+    const firstPage = await fetchPage({ ...baseParams, page: 1 });
+    const allData = [...firstPage.data];
+    // Detect cursor-based pagination (hasMore field present)
+    if (typeof firstPage.hasMore === 'boolean') {
+        let nextCursor = firstPage.cursor;
+        let hasMore = firstPage.hasMore;
+        while (hasMore && nextCursor) {
+            signal?.throwIfAborted();
+            const nextPage = await fetchPage({ ...baseParams, cursor: nextCursor });
+            allData.push(...nextPage.data);
+            nextCursor = nextPage.cursor;
+            hasMore = nextPage.hasMore ?? false;
+        }
+        return allData;
+    }
+    // Detect offset-based pagination (totalPages field present)
+    if (typeof firstPage.totalPages === 'number' && firstPage.totalPages > 1) {
+        for (let page = 2; page <= firstPage.totalPages; page++) {
+            signal?.throwIfAborted();
+            const nextPage = await fetchPage({ ...baseParams, page });
+            allData.push(...nextPage.data);
+        }
+        return allData;
+    }
+    // Single page or unknown strategy — return what we have
+    return allData;
+}
+//# sourceMappingURL=index.js.map

package/dist/pagination/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/pagination/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AA2EH;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAC3B,SAAuE,EACvE,MAAqD,EACrD,OAAkC;IAElC,MAAM,UAAU,GAAG,EAAE,GAAG,MAAM,EAAyB,CAAC;IACxD,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,CAAC;IAE/B,qDAAqD;IACrD,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,EAAE,GAAG,UAAU,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;IAC9D,MAAM,OAAO,GAAG,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAEpC,yDAAyD;IACzD,IAAI,OAAO,SAAS,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAC3C,IAAI,UAAU,GAAG,SAAS,CAAC,MAAM,CAAC;QAClC,IAAI,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC;QAEhC,OAAO,OAAO,IAAI,UAAU,EAAE,CAAC;YAC7B,MAAM,EAAE,cAAc,EAAE,CAAC;YACzB,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC;YACxE,OAAO,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC/B,UAAU,GAAG,QAAQ,CAAC,MAAM,CAAC;YAC7B,OAAO,GAAG,QAAQ,CAAC,OAAO,IAAI,KAAK,CAAC;QACtC,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,4DAA4D;IAC5D,IAAI,OAAO,SAAS,CAAC,UAAU,KAAK,QAAQ,IAAI,SAAS,CAAC,UAAU,GAAG,CAAC,EAAE,CAAC;QACzE,KAAK,IAAI,IAAI,GAAG,CAAC,EAAE,IAAI,IAAI,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE,EAAE,CAAC;YACxD,MAAM,EAAE,cAAc,EAAE,CAAC;YACzB,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,EAAE,GAAG,UAAU,EAAE,IAAI,EAAE,CAAC,CAAC;YAC1D,OAAO,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC;QACjC,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,wDAAwD;IACxD,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/transport/browser-transport.d.ts

@@ -0,0 +1,64 @@
+/**
+ * Browser-oriented HTTP transport for the Porta SDK.
+ *
+ * Designed for SPAs communicating with a BFF (Backend-for-Frontend).
+ * Features:
+ * - Cookie-based sessions (`credentials: 'include'`)
+ * - CSRF token injection on state-changing requests (POST/PUT/PATCH/DELETE)
+ * - CSRF token update from response headers
+ * - 401 → configurable unauthorized handler (default: redirect to /auth/login)
+ * - Binary response support (`responseType: 'raw'`)
+ * - FormData upload support (`contentType: null`)
+ * - AbortSignal for request cancellation
+ */
+import type { HttpTransport } from './types.js';
+/**
+ * Configuration options for the browser transport.
+ */
+export interface BrowserTransportOptions {
+    /**
+     * Base URL for API requests.
+     * Use `''` (empty string) for same-origin BFF requests.
+     * For cross-origin setups, provide the full origin (e.g., 'https://api.example.com').
+     */
+    baseUrl: string;
+    /**
+     * Returns the current CSRF token for state-changing requests.
+     * Called on every POST, PUT, PATCH, and DELETE request.
+     * Typically reads from a cookie (e.g., `document.cookie`).
+     */
+    getCsrfToken?: () => string | null;
+    /**
+     * Called when the server sends a new CSRF token in a response header.
+     * Allows the application to update its stored token for future requests.
+     * Triggered when the `X-CSRF-Token` response header is present.
+     */
+    setCsrfToken?: (token: string | null) => void;
+    /**
+     * Called when a 401 Unauthorized response is received.
+     * Default behavior: redirects to `/auth/login` via `window.location.href`.
+     * Provide a custom handler to override (e.g., show a login modal).
+     */
+    onUnauthorized?: () => void;
+}
+/**
+ * Creates a browser-oriented HTTP transport.
+ *
+ * Uses the browser's native `fetch` with cookie-based sessions,
+ * CSRF token management, and configurable 401 handling. All requests
+ * include `credentials: 'include'` for cookie transmission.
+ *
+ * @param options - Transport configuration
+ * @returns An HttpTransport instance for browser environments
+ *
+ * @example
+ * ```typescript
+ * const transport = createBrowserTransport({
+ *   baseUrl: '',  // same-origin BFF
+ *   getCsrfToken: () => getCookie('_csrf'),
+ *   onUnauthorized: () => router.push('/login'),
+ * });
+ * ```
+ */
+export declare function createBrowserTransport(options: BrowserTransportOptions): HttpTransport;
+//# sourceMappingURL=browser-transport.d.ts.map

package/dist/transport/browser-transport.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser-transport.d.ts","sourceRoot":"","sources":["../../src/transport/browser-transport.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAuC,MAAM,YAAY,CAAC;AAUrF;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC;;;;OAIG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;;;OAIG;IACH,YAAY,CAAC,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC;IAEnC;;;;OAIG;IACH,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,KAAK,IAAI,CAAC;IAE9C;;;;OAIG;IACH,cAAc,CAAC,EAAE,MAAM,IAAI,CAAC;CAC7B;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,uBAAuB,GAAG,aAAa,CAsEtF"}

package/dist/transport/browser-transport.js

@@ -0,0 +1,96 @@
+/**
+ * Browser-oriented HTTP transport for the Porta SDK.
+ *
+ * Designed for SPAs communicating with a BFF (Backend-for-Frontend).
+ * Features:
+ * - Cookie-based sessions (`credentials: 'include'`)
+ * - CSRF token injection on state-changing requests (POST/PUT/PATCH/DELETE)
+ * - CSRF token update from response headers
+ * - 401 → configurable unauthorized handler (default: redirect to /auth/login)
+ * - Binary response support (`responseType: 'raw'`)
+ * - FormData upload support (`contentType: null`)
+ * - AbortSignal for request cancellation
+ */
+import { mapResponseToError } from '../errors/index.js';
+import { buildRequestUrl, extractResponseHeaders, buildCommonHeaders, serializeBody, safeParseJson, } from './utils.js';
+/**
+ * Creates a browser-oriented HTTP transport.
+ *
+ * Uses the browser's native `fetch` with cookie-based sessions,
+ * CSRF token management, and configurable 401 handling. All requests
+ * include `credentials: 'include'` for cookie transmission.
+ *
+ * @param options - Transport configuration
+ * @returns An HttpTransport instance for browser environments
+ *
+ * @example
+ * ```typescript
+ * const transport = createBrowserTransport({
+ *   baseUrl: '',  // same-origin BFF
+ *   getCsrfToken: () => getCookie('_csrf'),
+ *   onUnauthorized: () => router.push('/login'),
+ * });
+ * ```
+ */
+export function createBrowserTransport(options) {
+    const { baseUrl, getCsrfToken, setCsrfToken, onUnauthorized } = options;
+    return {
+        async request(req) {
+            // Build full URL with /api/admin prefix and query params
+            const url = buildRequestUrl(baseUrl, req.path, req.params);
+            // Build common headers (Accept, Content-Type, SDK version)
+            const headers = buildCommonHeaders(req);
+            // Add CSRF token for state-changing methods
+            if (req.method !== 'GET' && getCsrfToken) {
+                const csrfToken = getCsrfToken();
+                if (csrfToken) {
+                    headers['X-CSRF-Token'] = csrfToken;
+                }
+            }
+            // Execute fetch with cookie credentials
+            const response = await fetch(url, {
+                method: req.method,
+                headers,
+                body: serializeBody(req.body, req.contentType),
+                credentials: 'include',
+                signal: req.signal,
+            });
+            // Extract response headers (lowercased keys)
+            const responseHeaders = extractResponseHeaders(response);
+            // Update CSRF token if server sent a new one
+            const newCsrfToken = responseHeaders['x-csrf-token'];
+            if (setCsrfToken && newCsrfToken) {
+                setCsrfToken(newCsrfToken);
+            }
+            // 401 — notify caller and throw authentication error
+            if (response.status === 401) {
+                const body = await safeParseJson(response);
+                if (onUnauthorized) {
+                    onUnauthorized();
+                }
+                else if (typeof window !== 'undefined') {
+                    // Default: redirect to login page
+                    window.location.href = '/auth/login';
+                }
+                throw mapResponseToError({ status: 401, headers: responseHeaders, body });
+            }
+            // 204 — no content
+            if (response.status === 204) {
+                return { status: 204, headers: responseHeaders, body: undefined };
+            }
+            // Non-2xx — parse error body and throw typed error
+            if (response.status < 200 || response.status >= 300) {
+                const body = await safeParseJson(response);
+                throw mapResponseToError({ status: response.status, headers: responseHeaders, body });
+            }
+            // 2xx + raw — return with native Response for binary streaming
+            if (req.responseType === 'raw') {
+                return { status: response.status, headers: responseHeaders, body: undefined, raw: response };
+            }
+            // 2xx + json — parse body and return
+            const body = await response.json();
+            return { status: response.status, headers: responseHeaders, body };
+        },
+    };
+}
+//# sourceMappingURL=browser-transport.js.map

package/dist/transport/browser-transport.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser-transport.js","sourceRoot":"","sources":["../../src/transport/browser-transport.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAGH,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EACL,eAAe,EACf,sBAAsB,EACtB,kBAAkB,EAClB,aAAa,EACb,aAAa,GACd,MAAM,YAAY,CAAC;AAmCpB;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,sBAAsB,CAAC,OAAgC;IACrE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC;IAExE,OAAO;QACL,KAAK,CAAC,OAAO,CAAC,GAAqB;YACjC,yDAAyD;YACzD,MAAM,GAAG,GAAG,eAAe,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;YAE3D,2DAA2D;YAC3D,MAAM,OAAO,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;YAExC,4CAA4C;YAC5C,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,YAAY,EAAE,CAAC;gBACzC,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;gBACjC,IAAI,SAAS,EAAE,CAAC;oBACd,OAAO,CAAC,cAAc,CAAC,GAAG,SAAS,CAAC;gBACtC,CAAC;YACH,CAAC;YAED,wCAAwC;YACxC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;gBAChC,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,OAAO;gBACP,IAAI,EAAE,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,WAAW,CAAC;gBAC9C,WAAW,EAAE,SAAS;gBACtB,MAAM,EAAE,GAAG,CAAC,MAAM;aACnB,CAAC,CAAC;YAEH,6CAA6C;YAC7C,MAAM,eAAe,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAC;YAEzD,6CAA6C;YAC7C,MAAM,YAAY,GAAG,eAAe,CAAC,cAAc,CAAC,CAAC;YACrD,IAAI,YAAY,IAAI,YAAY,EAAE,CAAC;gBACjC,YAAY,CAAC,YAAY,CAAC,CAAC;YAC7B,CAAC;YAED,qDAAqD;YACrD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;gBAC3C,IAAI,cAAc,EAAE,CAAC;oBACnB,cAAc,EAAE,CAAC;gBACnB,CAAC;qBAAM,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE,CAAC;oBACzC,kCAAkC;oBAClC,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,aAAa,CAAC;gBACvC,CAAC;gBACD,MAAM,kBAAkB,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC;YAC5E,CAAC;YAED,mBAAmB;YACnB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC5B,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;YACpE,CAAC;YAED,mDAAmD;YACnD,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;gBACpD,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;gBAC3C,MAAM,kBAAkB,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC;YACxF,CAAC;YAED,+DAA+D;YAC/D,IAAI,GAAG,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;gBAC/B,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC;YAC/F,CAAC;YAED,qCAAqC;YACrC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;QACrE,CAAC;KACF,CAAC;AACJ,CAAC"}

package/dist/transport/node-transport.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Node.js / server-side HTTP transport for the Porta SDK.
+ *
+ * Designed for CLI tools, automation scripts, and server-to-server
+ * communication. Features:
+ * - Bearer token authentication via AuthProvider
+ * - Automatic 401 retry with token refresh (when provider supports it)
+ * - Binary response support (`responseType: 'raw'`)
+ * - FormData upload support (`contentType: null`)
+ * - AbortSignal for request cancellation
+ */
+import type { HttpTransport } from './types.js';
+import type { AuthProvider } from '../auth/types.js';
+/**
+ * Configuration options for the Node.js transport.
+ */
+export interface NodeTransportOptions {
+    /**
+     * Base URL of the Porta instance.
+     * Must include the protocol and host (e.g., 'https://porta.example.com').
+     */
+    baseUrl: string;
+    /**
+     * Authentication provider for Bearer token injection.
+     * Tokens are fetched via `auth.getToken()` for each request.
+     * If `auth.refreshToken()` is available, 401 responses trigger
+     * a token refresh and one automatic retry.
+     */
+    auth: AuthProvider;
+}
+/**
+ * Creates a Node.js / server-side HTTP transport.
+ *
+ * Uses Bearer token authentication with optional automatic retry
+ * on 401 responses when the auth provider supports token refresh.
+ * Does NOT use `credentials: 'include'` — authentication is purely
+ * token-based (no cookies).
+ *
+ * @param options - Transport configuration
+ * @returns An HttpTransport instance for Node.js environments
+ *
+ * @example
+ * ```typescript
+ * const transport = createNodeTransport({
+ *   baseUrl: 'https://porta.example.com',
+ *   auth: createTokenAuth('my-access-token'),
+ * });
+ * ```
+ */
+export declare function createNodeTransport(options: NodeTransportOptions): HttpTransport;
+//# sourceMappingURL=node-transport.d.ts.map

package/dist/transport/node-transport.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"node-transport.d.ts","sourceRoot":"","sources":["../../src/transport/node-transport.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAuC,MAAM,YAAY,CAAC;AACrF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAUrD;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;;OAGG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;;;;OAKG;IACH,IAAI,EAAE,YAAY,CAAC;CACpB;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,oBAAoB,GAAG,aAAa,CAqBhF"}

package/dist/transport/node-transport.js

@@ -0,0 +1,108 @@
+/**
+ * Node.js / server-side HTTP transport for the Porta SDK.
+ *
+ * Designed for CLI tools, automation scripts, and server-to-server
+ * communication. Features:
+ * - Bearer token authentication via AuthProvider
+ * - Automatic 401 retry with token refresh (when provider supports it)
+ * - Binary response support (`responseType: 'raw'`)
+ * - FormData upload support (`contentType: null`)
+ * - AbortSignal for request cancellation
+ */
+import { mapResponseToError } from '../errors/index.js';
+import { buildRequestUrl, extractResponseHeaders, buildCommonHeaders, serializeBody, safeParseJson, } from './utils.js';
+/**
+ * Creates a Node.js / server-side HTTP transport.
+ *
+ * Uses Bearer token authentication with optional automatic retry
+ * on 401 responses when the auth provider supports token refresh.
+ * Does NOT use `credentials: 'include'` — authentication is purely
+ * token-based (no cookies).
+ *
+ * @param options - Transport configuration
+ * @returns An HttpTransport instance for Node.js environments
+ *
+ * @example
+ * ```typescript
+ * const transport = createNodeTransport({
+ *   baseUrl: 'https://porta.example.com',
+ *   auth: createTokenAuth('my-access-token'),
+ * });
+ * ```
+ */
+export function createNodeTransport(options) {
+    const { baseUrl, auth } = options;
+    return {
+        async request(req) {
+            // Get access token from auth provider
+            const token = await auth.getToken();
+            // Execute the initial request
+            const response = await executeRequest(baseUrl, req, token);
+            // 401 + refreshToken available → attempt token refresh and retry once
+            if (response.status === 401 && auth.refreshToken) {
+                const newToken = await auth.refreshToken();
+                const retryResponse = await executeRequest(baseUrl, req, newToken);
+                return processResponse(retryResponse, req);
+            }
+            return processResponse(response, req);
+        },
+    };
+}
+// ── Internal helpers ──────────────────────────────────────────────
+/**
+ * Executes a single HTTP request with Bearer token authentication.
+ *
+ * Builds the full URL, sets common headers plus the Authorization
+ * header, serializes the body, and calls fetch().
+ *
+ * @param baseUrl - Base URL of the Porta instance
+ * @param req - The transport request to execute
+ * @param token - Bearer access token
+ * @returns The raw fetch Response
+ */
+async function executeRequest(baseUrl, req, token) {
+    // Build full URL with /api/admin prefix and query params
+    const url = buildRequestUrl(baseUrl, req.path, req.params);
+    // Build common headers (Accept, Content-Type, SDK version)
+    const headers = buildCommonHeaders(req);
+    // Add Bearer token authentication
+    headers['Authorization'] = `Bearer ${token}`;
+    // Execute fetch (no credentials: 'include' — server-side uses tokens only)
+    return fetch(url, {
+        method: req.method,
+        headers,
+        body: serializeBody(req.body, req.contentType),
+        signal: req.signal,
+    });
+}
+/**
+ * Processes a fetch Response into a TransportResponse.
+ *
+ * Handles 204 (no content), non-2xx errors (throws typed errors),
+ * raw responses (binary streaming), and JSON parsing.
+ *
+ * @param response - The raw fetch Response
+ * @param req - The original transport request (for responseType check)
+ * @returns A TransportResponse for successful requests
+ * @throws PortaHttpError subclass for non-2xx responses
+ */
+async function processResponse(response, req) {
+    const responseHeaders = extractResponseHeaders(response);
+    // 204 — no content
+    if (response.status === 204) {
+        return { status: 204, headers: responseHeaders, body: undefined };
+    }
+    // Non-2xx — parse error body and throw typed error
+    if (response.status < 200 || response.status >= 300) {
+        const body = await safeParseJson(response);
+        throw mapResponseToError({ status: response.status, headers: responseHeaders, body });
+    }
+    // 2xx + raw — return with native Response for binary streaming
+    if (req.responseType === 'raw') {
+        return { status: response.status, headers: responseHeaders, body: undefined, raw: response };
+    }
+    // 2xx + json — parse body and return
+    const body = await response.json();
+    return { status: response.status, headers: responseHeaders, body };
+}
+//# sourceMappingURL=node-transport.js.map

package/dist/transport/node-transport.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"node-transport.js","sourceRoot":"","sources":["../../src/transport/node-transport.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAIH,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EACL,eAAe,EACf,sBAAsB,EACtB,kBAAkB,EAClB,aAAa,EACb,aAAa,GACd,MAAM,YAAY,CAAC;AAqBpB;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAA6B;IAC/D,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IAElC,OAAO;QACL,KAAK,CAAC,OAAO,CAAC,GAAqB;YACjC,sCAAsC;YACtC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;YAEpC,8BAA8B;YAC9B,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;YAE3D,sEAAsE;YACtE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;gBACjD,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;gBAC3C,MAAM,aAAa,GAAG,MAAM,cAAc,CAAC,OAAO,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;gBACnE,OAAO,eAAe,CAAC,aAAa,EAAE,GAAG,CAAC,CAAC;YAC7C,CAAC;YAED,OAAO,eAAe,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QACxC,CAAC;KACF,CAAC;AACJ,CAAC;AAED,qEAAqE;AAErE;;;;;;;;;;GAUG;AACH,KAAK,UAAU,cAAc,CAC3B,OAAe,EACf,GAAqB,EACrB,KAAa;IAEb,yDAAyD;IACzD,MAAM,GAAG,GAAG,eAAe,CAAC,OAAO,EAAE,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IAE3D,2DAA2D;IAC3D,MAAM,OAAO,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC;IAExC,kCAAkC;IAClC,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,KAAK,EAAE,CAAC;IAE7C,2EAA2E;IAC3E,OAAO,KAAK,CAAC,GAAG,EAAE;QAChB,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,OAAO;QACP,IAAI,EAAE,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,WAAW,CAAC;QAC9C,MAAM,EAAE,GAAG,CAAC,MAAM;KACnB,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;;;GAUG;AACH,KAAK,UAAU,eAAe,CAC5B,QAAkB,EAClB,GAAqB;IAErB,MAAM,eAAe,GAAG,sBAAsB,CAAC,QAAQ,CAAC,CAAC;IAEzD,mBAAmB;IACnB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5B,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;IACpE,CAAC;IAED,mDAAmD;IACnD,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;QACpD,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC,QAAQ,CAAC,CAAC;QAC3C,MAAM,kBAAkB,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC;IACxF,CAAC;IAED,+DAA+D;IAC/D,IAAI,GAAG,CAAC,YAAY,KAAK,KAAK,EAAE,CAAC;QAC/B,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC;IAC/F,CAAC;IAED,qCAAqC;IACrC,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnC,OAAO,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC;AACrE,CAAC"}

package/dist/transport/types.d.ts

@@ -0,0 +1,84 @@
+/**
+ * Transport abstraction types for the Porta SDK.
+ *
+ * The transport layer handles environment-specific HTTP execution.
+ * Two implementations exist: BrowserTransport (for SPA/BFF) and
+ * NodeTransport (for server-side / CLI automation).
+ *
+ * Both transports prepend `/api/admin` to all request paths —
+ * domain methods only need to specify the resource path
+ * (e.g., `/organizations`).
+ */
+/** HTTP methods supported by the SDK */
+export type HttpMethod = 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE';
+/**
+ * Request passed to the transport.
+ *
+ * Domain methods construct these objects; the transport handles
+ * URL construction, authentication, headers, and serialization.
+ */
+export interface TransportRequest {
+    /** HTTP method */
+    method: HttpMethod;
+    /**
+     * Resource path (e.g., '/organizations', '/users/123').
+     * The transport prepends `baseUrl + '/api/admin'` to this path.
+     */
+    path: string;
+    /** JSON request body (serialized by the transport) */
+    body?: unknown;
+    /** Additional headers to include in the request */
+    headers?: Record<string, string>;
+    /**
+     * Query parameters appended to the URL.
+     * Null/undefined values are skipped; all others are stringified.
+     */
+    params?: Record<string, string | number | boolean | undefined | null>;
+    /** AbortSignal for request cancellation */
+    signal?: AbortSignal;
+    /**
+     * Response parsing mode:
+     * - 'json' (default): parses response body as JSON
+     * - 'raw': skips parsing, stores native Response in `raw` field
+     *
+     * Use 'raw' for binary downloads (exports, branding assets).
+     */
+    responseType?: 'json' | 'raw';
+    /**
+     * Override the Content-Type header:
+     * - string: use this value as Content-Type
+     * - null: omit Content-Type entirely (lets runtime set it for FormData)
+     * - undefined (default): use 'application/json'
+     */
+    contentType?: string | null;
+}
+/**
+ * Response returned by the transport.
+ *
+ * Contains parsed response data and headers. For raw responses,
+ * the native Response object is available in the `raw` field.
+ */
+export interface TransportResponse {
+    /** HTTP status code */
+    status: number;
+    /** Response headers (lowercased keys) */
+    headers: Record<string, string>;
+    /** Parsed response body (undefined for 204 and raw responses) */
+    body: unknown;
+    /**
+     * Original Response object — available when `responseType` is 'raw'.
+     * Used for streaming binary data (exports, branding assets).
+     */
+    raw?: Response;
+}
+/**
+ * Transport interface — environment-specific HTTP execution.
+ *
+ * Implementations handle URL construction, authentication,
+ * CSRF tokens, error mapping, and retry logic.
+ */
+export interface HttpTransport {
+    /** Execute an HTTP request and return the response */
+    request(req: TransportRequest): Promise<TransportResponse>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/transport/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/transport/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,wCAAwC;AACxC,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,OAAO,GAAG,QAAQ,CAAC;AAErE;;;;;GAKG;AACH,MAAM,WAAW,gBAAgB;IAC/B,kBAAkB;IAClB,MAAM,EAAE,UAAU,CAAC;IAEnB;;;OAGG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb,sDAAsD;IACtD,IAAI,CAAC,EAAE,OAAO,CAAC;IAEf,mDAAmD;IACnD,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEjC;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,GAAG,IAAI,CAAC,CAAC;IAEtE,2CAA2C;IAC3C,MAAM,CAAC,EAAE,WAAW,CAAC;IAErB;;;;;;OAMG;IACH,YAAY,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC;IAE9B;;;;;OAKG;IACH,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED;;;;;GAKG;AACH,MAAM,WAAW,iBAAiB;IAChC,uBAAuB;IACvB,MAAM,EAAE,MAAM,CAAC;IAEf,yCAAyC;IACzC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEhC,iEAAiE;IACjE,IAAI,EAAE,OAAO,CAAC;IAEd;;;OAGG;IACH,GAAG,CAAC,EAAE,QAAQ,CAAC;CAChB;AAED;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B,sDAAsD;IACtD,OAAO,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;CAC5D"}

package/dist/transport/types.js

@@ -0,0 +1,13 @@
+/**
+ * Transport abstraction types for the Porta SDK.
+ *
+ * The transport layer handles environment-specific HTTP execution.
+ * Two implementations exist: BrowserTransport (for SPA/BFF) and
+ * NodeTransport (for server-side / CLI automation).
+ *
+ * Both transports prepend `/api/admin` to all request paths —
+ * domain methods only need to specify the resource path
+ * (e.g., `/organizations`).
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/transport/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/transport/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG"}