@qlever-llc/trellis-svelte 0.8.0 → 0.8.2

package/dist/components/TrellisContextProvider.svelte

@@ -0,0 +1,24 @@
+<script lang="ts">
+  import type { Snippet } from "svelte";
+  import {
+    provideConnectedTrellisContext,
+    type TrellisAppOwner,
+    type TrellisContextClient,
+  } from "../context.js";
+
+  type Props = {
+    trellisApp: TrellisAppOwner;
+    trellis: TrellisContextClient;
+    children: Snippet;
+  };
+
+  const { trellisApp, trellis, children }: Props = $props();
+
+  function installContext(): void {
+    provideConnectedTrellisContext(trellisApp, trellis);
+  }
+
+  installContext();
+</script>
+
+{@render children()}

package/dist/components/TrellisProvider.svelte

@@ -0,0 +1,144 @@
+<script lang="ts" generics="TContract extends TrellisContractLike">
+  import {
+    ClientAuthHandledError,
+    TrellisClient,
+    type ClientAuthOptions,
+    type ConnectedTrellisClient,
+  } from "@qlever-llc/trellis";
+  import { onMount } from "svelte";
+  import type { TrellisContractLike } from "../context.js";
+  import { resolveTrellisAppUrl } from "../context.js";
+  import TrellisContextProvider from "./TrellisContextProvider.svelte";
+  import type { TrellisProviderProps } from "./TrellisProvider.types.js";
+
+  const {
+    trellisApp,
+    auth,
+    client,
+    children,
+    loading,
+    error: errorSnippet,
+    onAuthRequired,
+  }: TrellisProviderProps<TContract> = $props();
+
+  let trellis = $state<ConnectedTrellisClient<TContract> | null>(null);
+  let connectError = $state<unknown>(null);
+
+  type SerializableTrellisError = {
+    message?: unknown;
+    code?: unknown;
+    hint?: unknown;
+    context?: unknown;
+  };
+
+  function maybeSerializableError(
+    value: unknown,
+  ): SerializableTrellisError | undefined {
+    if (!value || typeof value !== "object" || !("toSerializable" in value)) {
+      return undefined;
+    }
+    const serialize = value.toSerializable;
+    if (typeof serialize !== "function") return undefined;
+    const serialized = serialize.call(value);
+    return serialized && typeof serialized === "object"
+      ? (serialized as SerializableTrellisError)
+      : undefined;
+  }
+
+  function contextRecord(value: unknown): Record<string, unknown> | undefined {
+    return value && typeof value === "object" && !Array.isArray(value)
+      ? (value as Record<string, unknown>)
+      : undefined;
+  }
+
+  function logConnectionError(error: unknown): void {
+    const serialized = maybeSerializableError(error);
+    const context = contextRecord(serialized?.context);
+    const causeMessage =
+      typeof context?.causeMessage === "string"
+        ? context.causeMessage
+        : undefined;
+    const message =
+      typeof serialized?.message === "string"
+        ? serialized.message
+        : error instanceof Error
+          ? error.message
+          : String(error);
+
+    console.error("Error:", error);
+  }
+
+  onMount(() => {
+    let active = true;
+
+    function withBrowserAuthDefaults(
+      authOptions: ClientAuthOptions | undefined,
+    ): ClientAuthOptions {
+      if (authOptions?.mode === "session_key") {
+        return authOptions;
+      }
+
+      return {
+        ...authOptions,
+        currentUrl:
+          authOptions?.currentUrl ?? (() => new URL(window.location.href)),
+      };
+    }
+
+    const connectAuth = withBrowserAuthDefaults(auth);
+    const trellisUrl = resolveTrellisAppUrl(trellisApp.trellisUrl);
+    if (!trellisUrl) {
+      connectError = new TypeError(
+        "Expected trellisApp to resolve a Trellis URL",
+      );
+      return;
+    }
+
+    void (async () => {
+      try {
+        const connected = await TrellisClient.connect({
+          ...client,
+          trellisUrl,
+          contract: trellisApp.contract,
+          auth: connectAuth,
+          onAuthRequired: onAuthRequired
+            ? async (ctx) => {
+                await onAuthRequired(ctx.loginUrl, ctx);
+                return { status: "handled" };
+              }
+            : undefined,
+        }).orThrow();
+
+        if (active) {
+          trellis = connected;
+        } else {
+          await connected.connection.close();
+        }
+      } catch (error) {
+        if (!active) return;
+        if (error instanceof ClientAuthHandledError) return;
+        logConnectionError(error);
+        connectError = error;
+      }
+    })();
+
+    return () => {
+      active = false;
+      const connected = trellis;
+      trellis = null;
+      if (connected) {
+        void connected.connection.close();
+      }
+    };
+  });
+</script>
+
+{#if trellis}
+  <TrellisContextProvider {trellisApp} {trellis} {children} />
+{:else if connectError}
+  {#if errorSnippet}
+    {@render errorSnippet(connectError)}
+  {/if}
+{:else if loading}
+  {@render loading()}
+{/if}

package/dist/components/TrellisProvider.types.js

@@ -0,0 +1 @@
+export {};

package/dist/context.js

@@ -0,0 +1,117 @@
+/* context.js generated by Svelte v5.55.5 */
+import * as $ from 'svelte/internal/client';
+import { createContext } from "svelte";
+import { createSubscriber } from "svelte/reactivity";
+
+export function resolveTrellisAppUrl(trellisUrl) {
+	const resolved = typeof trellisUrl === "function" ? trellisUrl() : trellisUrl;
+
+	return resolved?.toString();
+}
+
+/** Svelte-reactive adapter around a framework-neutral Trellis connection. */
+export class SvelteTrellisConnection {
+	#connection;
+	#subscribe;
+
+	/** Creates a reactive connection adapter for a connected Trellis runtime. */
+	constructor(connection) {
+		this.#connection = connection;
+
+		this.#subscribe = createSubscriber((update) => {
+			return this.#connection.subscribe(() => update());
+		});
+	}
+
+	/** Latest connection status, reactive when read by Svelte effects or markup. */
+	get status() {
+		this.#subscribe();
+
+		return this.#connection.status;
+	}
+
+	/** Closes the underlying Trellis runtime connection. */
+	close() {
+		return this.#connection.close();
+	}
+}
+
+const provideTrellisContext = Symbol("provideTrellisContext");
+const trellisAppOwnerBrand = Symbol("trellisAppOwner");
+
+/** Internal app-scoped typed Svelte context implementation. */
+class TrellisAppImpl {
+	[trellisAppOwnerBrand] = true;
+	#contract;
+	#trellisUrl;
+	#getContext;
+	#setContext;
+
+	/** Creates an app-scoped context owner for a specific Trellis contract. */
+	constructor(options) {
+		const { contract, trellisUrl } = options;
+
+		this.#contract = contract;
+		this.#trellisUrl = trellisUrl;
+
+		const [getContext, setContext] = createContext();
+
+		this.#getContext = getContext;
+		this.#setContext = setContext;
+	}
+
+	/** Contract used by this app context and by `TrellisProvider` connections. */
+	get contract() {
+		return this.#contract;
+	}
+
+	/** Trellis URL configuration used by `TrellisProvider` connections. */
+	get trellisUrl() {
+		return this.#trellisUrl;
+	}
+
+	/** Returns the contract-typed connected Trellis client from Svelte context synchronously. */
+	getTrellis() {
+		return this.#getContext().trellis;
+	}
+
+	/** Returns a Svelte-reactive adapter for the real Trellis connection. */
+	getConnection() {
+		return this.#getContext().connection;
+	}
+
+	/** Installs the connected Trellis runtime into Svelte context synchronously. */
+	[provideTrellisContext](trellis) {
+		this.#setContext({
+			trellis,
+			connection: new SvelteTrellisConnection(trellis.connection)
+		});
+	}
+}
+
+/**
+ * Creates an app-scoped typed Svelte context owner for a Trellis contract and URL.
+ *
+ * The optional `TClient` type parameter is a type-only facade over the connected
+ * runtime client. It should be a generated client facade for `options.contract`.
+ */
+export function createTrellisApp(options) {
+	return new TrellisAppImpl(options);
+}
+
+function isTrellisAppImpl(app) {
+	return app instanceof TrellisAppImpl;
+}
+
+/**
+ * Internal provider helper that synchronously installs connected Trellis context.
+ *
+ * This is intentionally not exported from `src/index.ts`.
+ */
+export function provideConnectedTrellisContext(app, trellis) {
+	if (!isTrellisAppImpl(app)) {
+		throw new TypeError("Expected an app created by createTrellisApp");
+	}
+
+	app[provideTrellisContext](trellis);
+}

package/dist/device_activation.js

@@ -0,0 +1,19 @@
+/* device_activation.js generated by Svelte v5.55.5 */
+import * as $ from 'svelte/internal/client';
+
+import {
+	createInitialDeviceActivationState,
+	DeviceActivationControllerCore
+} from "./device_activation_controller.js";
+
+export class DeviceActivationController extends DeviceActivationControllerCore {
+	constructor(config) {
+		const state = $.proxy(createInitialDeviceActivationState());
+
+		super(config, state);
+	}
+}
+
+export function createDeviceActivationController(config) {
+	return new DeviceActivationController(config);
+}

package/dist/device_activation_controller.js

@@ -0,0 +1,245 @@
+import { clearPreservedDeviceActivationCallbackState, getPreservedDeviceActivationCallbackState, preserveDeviceActivationCallbackState, } from "./internal/callback_state.js";
+import { buildDeviceActivationCallbackPath, buildDeviceActivationConnectAuthUrlState, cleanupDeviceActivationCallbackUrl, resolveDeviceActivationUrlState, } from "./internal/portal_url.js";
+import { createDeviceActivationReadyView, createDeviceActivationSignInRequiredView, createInvalidDeviceActivationView, mapDeviceActivationFailure, mapDeviceActivationProgress, mapDeviceActivationTerminal, } from "./internal/activation_view.js";
+function errorMessage(error) {
+    return error instanceof Error ? error.message : String(error);
+}
+function redirectErrorMessage(error) {
+    const message = errorMessage(error);
+    return message.startsWith("Redirecting to auth for provider selection")
+        ? null
+        : message;
+}
+function bindErrorMessage(result) {
+    if (result.status === "bound")
+        return null;
+    if (result.status === "approval_denied")
+        return "Portal access was denied.";
+    if (result.status === "approval_required") {
+        return "Approval is still pending.";
+    }
+    if (result.status === "insufficient_capabilities") {
+        return `Missing capabilities: ${result.missingCapabilities.join(", ")}`;
+    }
+    return result.message;
+}
+function defaultGetUrl() {
+    return new URL(globalThis.location.href);
+}
+function defaultReplaceUrl(url) {
+    globalThis.history.replaceState(globalThis.history.state, "", url);
+}
+function defaultCreateCallbackToken() {
+    return crypto.randomUUID();
+}
+export function createInitialDeviceActivationState() {
+    return {
+        loading: true,
+        requestPending: false,
+        authError: null,
+        view: null,
+        flowId: null,
+    };
+}
+export class DeviceActivationControllerCore {
+    state;
+    #authState;
+    #createClient;
+    #getUrl;
+    #replaceUrl;
+    #sessionStorage;
+    #createCallbackToken;
+    #client = null;
+    #observationRunId = 0;
+    constructor(config, state = createInitialDeviceActivationState()) {
+        this.state = state;
+        this.#authState = config.authState;
+        this.#createClient = config.createClient;
+        this.#getUrl = config.getUrl ?? defaultGetUrl;
+        this.#replaceUrl = config.replaceUrl ?? defaultReplaceUrl;
+        this.#sessionStorage = config.sessionStorage ?? null;
+        this.#createCallbackToken = config.createCallbackToken ??
+            defaultCreateCallbackToken;
+    }
+    get loading() {
+        return this.state.loading;
+    }
+    get requestPending() {
+        return this.state.requestPending;
+    }
+    get authError() {
+        return this.state.authError;
+    }
+    get view() {
+        return this.state.view;
+    }
+    get flowId() {
+        return this.state.flowId;
+    }
+    async load() {
+        this.stop();
+        this.state.loading = true;
+        this.state.authError = null;
+        this.state.view = null;
+        this.#client = null;
+        const currentUrl = this.#getUrl();
+        let clientUrl = currentUrl;
+        const preservedState = this.#sessionStorage
+            ? getPreservedDeviceActivationCallbackState(this.#sessionStorage)
+            : null;
+        const { flowId, isAuthCallback } = resolveDeviceActivationUrlState(currentUrl, preservedState);
+        this.state.flowId = flowId;
+        if (!flowId) {
+            this.state.view = createInvalidDeviceActivationView("Missing flow id.");
+            this.state.loading = false;
+            return;
+        }
+        try {
+            await this.#authState.init();
+            if (isAuthCallback) {
+                const bindResult = await this.#authState.handleCallback(currentUrl.toString());
+                const cleanedUrl = cleanupDeviceActivationCallbackUrl(currentUrl, flowId);
+                if (cleanedUrl) {
+                    this.#replaceUrl(cleanedUrl);
+                    clientUrl = new URL(cleanedUrl, currentUrl.origin);
+                }
+                if (this.#sessionStorage) {
+                    clearPreservedDeviceActivationCallbackState(this.#sessionStorage);
+                }
+                const callbackAuthError = currentUrl.searchParams.get("authError");
+                if (callbackAuthError && !bindResult) {
+                    this.state.authError = callbackAuthError;
+                    this.state.view = createDeviceActivationSignInRequiredView(flowId);
+                    return;
+                }
+                if (bindResult) {
+                    const bindError = bindErrorMessage(bindResult);
+                    if (bindError) {
+                        this.state.authError = bindError;
+                        this.state.view = createDeviceActivationSignInRequiredView(flowId);
+                        return;
+                    }
+                }
+            }
+            try {
+                this.#client = await this.#createClient(buildDeviceActivationConnectAuthUrlState(clientUrl));
+                this.state.view = createDeviceActivationReadyView(flowId);
+            }
+            catch (error) {
+                this.#client = null;
+                if (isAuthCallback) {
+                    this.state.authError = errorMessage(error);
+                }
+                this.state.view = createDeviceActivationSignInRequiredView(flowId);
+            }
+        }
+        catch (error) {
+            this.state.authError = errorMessage(error);
+            this.state.view = createDeviceActivationSignInRequiredView(flowId);
+        }
+        finally {
+            this.state.loading = false;
+        }
+    }
+    stop() {
+        this.#observationRunId += 1;
+    }
+    async signIn() {
+        this.state.authError = null;
+        if (!this.state.flowId || !this.#sessionStorage)
+            return;
+        const callbackToken = this.#createCallbackToken();
+        preserveDeviceActivationCallbackState(this.#sessionStorage, {
+            flowId: this.state.flowId,
+            callbackToken,
+        });
+        try {
+            await this.#authState.signIn({
+                redirectTo: buildDeviceActivationCallbackPath(this.#getUrl(), callbackToken),
+            });
+        }
+        catch (error) {
+            const message = redirectErrorMessage(error);
+            if (message) {
+                this.state.authError = message;
+            }
+        }
+    }
+    async requestActivation() {
+        const flowId = this.state.flowId;
+        if (!flowId || !this.#client)
+            return;
+        this.stop();
+        const runId = this.#observationRunId;
+        this.state.requestPending = true;
+        this.state.authError = null;
+        try {
+            const operation = await this.#client.activateDevice({ flowId });
+            const watch = await operation.watch().match({
+                ok: (value) => value,
+                err: () => null,
+            });
+            const watchPromise = watch
+                ? this.#observeWatch(flowId, watch, runId)
+                : Promise.resolve(false);
+            const terminal = await operation.wait().orThrow();
+            const handledByWatch = await watchPromise;
+            if (!handledByWatch && this.#isRunActive(runId)) {
+                this.#applyTerminal(flowId, terminal);
+            }
+        }
+        catch (error) {
+            if (!this.#isRunActive(runId))
+                return;
+            const nextView = mapDeviceActivationFailure(flowId, error);
+            if (nextView) {
+                this.state.view = nextView;
+            }
+            else {
+                this.state.view = createDeviceActivationReadyView(flowId);
+                this.state.authError = errorMessage(error);
+            }
+        }
+        finally {
+            if (this.#isRunActive(runId)) {
+                this.state.requestPending = false;
+            }
+        }
+    }
+    #isRunActive(runId) {
+        return this.#observationRunId === runId;
+    }
+    #applyTerminal(flowId, terminal) {
+        const view = mapDeviceActivationTerminal(flowId, terminal);
+        if (view) {
+            this.state.view = view;
+            return;
+        }
+        this.state.view = createDeviceActivationReadyView(flowId);
+        if (terminal.error?.message) {
+            this.state.authError = terminal.error.message;
+        }
+    }
+    async #observeWatch(flowId, watch, runId) {
+        const iterator = watch[Symbol.asyncIterator]();
+        while (true) {
+            const next = await iterator.next();
+            if (next.done) {
+                return false;
+            }
+            const event = next.value;
+            if (!this.#isRunActive(runId)) {
+                await iterator.return?.();
+                return false;
+            }
+            if (event.type === "completed" || event.type === "failed" ||
+                event.type === "cancelled") {
+                this.#applyTerminal(flowId, event.snapshot);
+                return true;
+            }
+            if (event.type === "progress") {
+                this.state.view = mapDeviceActivationProgress(flowId, event.progress);
+            }
+        }
+    }
+}

package/dist/index.js

@@ -0,0 +1,4 @@
+export { default as TrellisProvider } from "./components/TrellisProvider.svelte";
+export { createTrellisApp, resolveTrellisAppUrl } from "./context.js";
+export { createDeviceActivationController, DeviceActivationController, } from "./device_activation.js";
+export { createPortalFlow, PortalFlowController, } from "./portal_flow.js";

package/dist/internal/activation_view.js

@@ -0,0 +1,160 @@
+function isDeviceActivationProgressInput(value) {
+    const record = value;
+    return record.status === "pending_review" &&
+        typeof record.instanceId === "string" &&
+        typeof record.deploymentId === "string" &&
+        typeof record.reviewId === "string" &&
+        (typeof record.requestedAt === "string" ||
+            record.requestedAt instanceof Date);
+}
+function isoString(value) {
+    return value instanceof Date ? value.toISOString() : value;
+}
+function errorMessage(error) {
+    if (error instanceof Error)
+        return error.message;
+    if (typeof error === "object" && error !== null && "message" in error) {
+        const message = Reflect.get(error, "message");
+        if (typeof message === "string")
+            return message;
+    }
+    return String(error);
+}
+function errorContext(error) {
+    if (typeof error !== "object" || error === null) {
+        return null;
+    }
+    if ("getContext" in error) {
+        const getContext = Reflect.get(error, "getContext");
+        if (typeof getContext === "function") {
+            const context = Reflect.apply(getContext, error, []);
+            return typeof context === "object" && context !== null
+                ? context
+                : null;
+        }
+    }
+    if (!("context" in error))
+        return null;
+    const context = Reflect.get(error, "context");
+    return typeof context === "object" && context !== null
+        ? context
+        : null;
+}
+function errorReason(error) {
+    if (typeof error !== "object" || error === null || !("reason" in error)) {
+        return undefined;
+    }
+    const reason = Reflect.get(error, "reason");
+    return typeof reason === "string" ? reason : undefined;
+}
+export function createDeviceActivationReadyView(flowId) {
+    return { mode: "ready", flowId };
+}
+export function createDeviceActivationSignInRequiredView(flowId) {
+    return { mode: "sign_in_required", flowId };
+}
+export function createInvalidDeviceActivationView(reason, flowId) {
+    return flowId
+        ? { mode: "invalid_flow", reason, flowId }
+        : { mode: "invalid_flow", reason };
+}
+export function mapDeviceActivationOutput(flowId, result) {
+    if (result.status === "activated") {
+        return {
+            mode: "activated",
+            flowId,
+            instanceId: result.instanceId,
+            deploymentId: result.deploymentId,
+            activatedAt: isoString(result.activatedAt),
+            ...(result.confirmationCode
+                ? { confirmationCode: result.confirmationCode }
+                : {}),
+        };
+    }
+    if (isDeviceActivationProgressInput(result)) {
+        return mapDeviceActivationProgress(flowId, result);
+    }
+    if (result.reason === "device_flow_expired") {
+        return {
+            mode: "expired",
+            flowId,
+            reason: "The activation request expired. Start again from the auth service.",
+        };
+    }
+    if (result.reason === "device_activation_revoked") {
+        return {
+            mode: "rejected",
+            flowId,
+            reason: "The activation request was revoked.",
+        };
+    }
+    if (result.reason === "activation_not_started") {
+        return createDeviceActivationReadyView(flowId);
+    }
+    return {
+        mode: "rejected",
+        flowId,
+        ...(result.reason ? { reason: result.reason } : {}),
+    };
+}
+export function mapDeviceActivationProgress(flowId, progress) {
+    return {
+        mode: "pending_review",
+        flowId,
+        instanceId: progress.instanceId,
+        deploymentId: progress.deploymentId,
+        reviewId: progress.reviewId,
+        requestedAt: isoString(progress.requestedAt),
+    };
+}
+export function mapDeviceActivationFailure(flowId, error) {
+    const message = errorMessage(error);
+    const context = errorContext(error);
+    const authReason = errorReason(error);
+    const reason = typeof context?.reason === "string"
+        ? context.reason
+        : authReason;
+    if (reason === "device_flow_not_found" ||
+        authReason === "device_activation_flow_not_found" ||
+        message.includes("device_flow_not_found") ||
+        message.includes("device_activation_flow_not_found")) {
+        return createInvalidDeviceActivationView("This activation link is no longer valid.", flowId);
+    }
+    if (reason === "device_flow_expired" ||
+        authReason === "device_activation_flow_expired" ||
+        message.includes("device_flow_expired") ||
+        message.includes("device_activation_flow_expired")) {
+        return {
+            mode: "expired",
+            flowId,
+            reason: "The activation request expired. Start again from the auth service.",
+        };
+    }
+    if (reason === "unknown_device" || authReason === "unknown_device" ||
+        message.includes("unknown_device")) {
+        return createInvalidDeviceActivationView("This activation link no longer matches a known device.", flowId);
+    }
+    if (reason === "device_deployment_not_found" ||
+        authReason === "device_deployment_not_found" ||
+        message.includes("device_deployment_not_found")) {
+        return createInvalidDeviceActivationView("This device deployment is no longer available.", flowId);
+    }
+    if (authReason === "invalid_request" || message.includes("invalid_request")) {
+        return createInvalidDeviceActivationView("Trellis rejected this activation request. Start again from the device.", flowId);
+    }
+    if (reason === "device_activation_revoked" ||
+        message.includes("device_activation_revoked")) {
+        return { mode: "rejected", flowId, reason };
+    }
+    return null;
+}
+export function mapDeviceActivationTerminal(flowId, terminal) {
+    if (terminal.state === "completed") {
+        return terminal.output
+            ? mapDeviceActivationOutput(flowId, terminal.output)
+            : null;
+    }
+    return terminal.error
+        ? mapDeviceActivationFailure(flowId, terminal.error)
+        : null;
+}

package/dist/internal/callback_state.js

@@ -0,0 +1,24 @@
+const PRESERVED_ACTIVATION_FLOW_ID_STORAGE_KEY = "portal.activate.flowId";
+const ACTIVATION_CALLBACK_TOKEN_STORAGE_KEY = "portal.activate.callbackToken";
+const ACTIVATION_CALLBACK_QUERY_PARAM = "portalCallback";
+export function getPreservedDeviceActivationCallbackState(storage) {
+    const flowId = storage.getItem(PRESERVED_ACTIVATION_FLOW_ID_STORAGE_KEY);
+    const callbackToken = storage.getItem(ACTIVATION_CALLBACK_TOKEN_STORAGE_KEY);
+    if (!flowId || !callbackToken)
+        return null;
+    return { flowId, callbackToken };
+}
+export function preserveDeviceActivationCallbackState(storage, nextState) {
+    storage.setItem(PRESERVED_ACTIVATION_FLOW_ID_STORAGE_KEY, nextState.flowId);
+    storage.setItem(ACTIVATION_CALLBACK_TOKEN_STORAGE_KEY, nextState.callbackToken);
+}
+export function clearPreservedDeviceActivationCallbackState(storage) {
+    storage.removeItem(PRESERVED_ACTIVATION_FLOW_ID_STORAGE_KEY);
+    storage.removeItem(ACTIVATION_CALLBACK_TOKEN_STORAGE_KEY);
+}
+export function isDeviceActivationAuthCallback(currentUrl, preservedState) {
+    if (!preservedState)
+        return false;
+    return currentUrl.searchParams.get(ACTIVATION_CALLBACK_QUERY_PARAM) ===
+        preservedState.callbackToken;
+}

package/dist/internal/portal_url.js

@@ -0,0 +1,57 @@
+import { isDeviceActivationAuthCallback } from "./callback_state.js";
+const ACTIVATION_CALLBACK_QUERY_PARAM = "portalCallback";
+const AUTH_ERROR_QUERY_PARAM = "authError";
+const DEVICE_FLOW_ID_QUERY_PARAM = "deviceFlowId";
+const FLOW_ID_QUERY_PARAM = "flowId";
+export function buildDeviceActivationCallbackPath(currentUrl, callbackToken) {
+    const callbackUrl = new URL(currentUrl.pathname, currentUrl.origin);
+    callbackUrl.searchParams.set(ACTIVATION_CALLBACK_QUERY_PARAM, callbackToken);
+    const flowId = currentUrl.searchParams.get(FLOW_ID_QUERY_PARAM);
+    if (flowId) {
+        callbackUrl.searchParams.set(DEVICE_FLOW_ID_QUERY_PARAM, flowId);
+    }
+    callbackUrl.hash = currentUrl.hash;
+    return `${callbackUrl.pathname}${callbackUrl.search}${callbackUrl.hash}`;
+}
+export function buildDeviceActivationConnectAuthUrlState(currentUrl) {
+    const redirectUrl = new URL(currentUrl);
+    redirectUrl.searchParams.delete(ACTIVATION_CALLBACK_QUERY_PARAM);
+    redirectUrl.searchParams.delete(AUTH_ERROR_QUERY_PARAM);
+    redirectUrl.searchParams.delete(DEVICE_FLOW_ID_QUERY_PARAM);
+    const authCurrentUrl = new URL(redirectUrl);
+    authCurrentUrl.searchParams.delete(DEVICE_FLOW_ID_QUERY_PARAM);
+    authCurrentUrl.searchParams.delete(FLOW_ID_QUERY_PARAM);
+    return {
+        currentUrl: authCurrentUrl,
+        redirectTo: redirectUrl.toString(),
+    };
+}
+export function cleanupDeviceActivationCallbackUrl(currentUrl, flowId) {
+    if (!currentUrl.searchParams.has(FLOW_ID_QUERY_PARAM) &&
+        !currentUrl.searchParams.has(AUTH_ERROR_QUERY_PARAM) &&
+        !currentUrl.searchParams.has(DEVICE_FLOW_ID_QUERY_PARAM) &&
+        !currentUrl.searchParams.has(ACTIVATION_CALLBACK_QUERY_PARAM)) {
+        return null;
+    }
+    const nextUrl = new URL(currentUrl);
+    nextUrl.searchParams.delete(FLOW_ID_QUERY_PARAM);
+    nextUrl.searchParams.delete(AUTH_ERROR_QUERY_PARAM);
+    nextUrl.searchParams.delete(DEVICE_FLOW_ID_QUERY_PARAM);
+    nextUrl.searchParams.delete(ACTIVATION_CALLBACK_QUERY_PARAM);
+    if (flowId) {
+        nextUrl.searchParams.set(FLOW_ID_QUERY_PARAM, flowId);
+    }
+    return `${nextUrl.pathname}${nextUrl.search}${nextUrl.hash}`;
+}
+export function resolveDeviceActivationUrlState(currentUrl, preservedState) {
+    const callbackFlowId = currentUrl.searchParams.get(DEVICE_FLOW_ID_QUERY_PARAM);
+    const isAuthCallback = isDeviceActivationAuthCallback(currentUrl, preservedState) ||
+        (currentUrl.searchParams.has(ACTIVATION_CALLBACK_QUERY_PARAM) &&
+            !!callbackFlowId);
+    return {
+        flowId: isAuthCallback
+            ? preservedState?.flowId ?? callbackFlowId
+            : currentUrl.searchParams.get(FLOW_ID_QUERY_PARAM),
+        isAuthCallback,
+    };
+}

package/dist/portal_flow.js

@@ -0,0 +1,143 @@
+/* portal_flow.js generated by Svelte v5.55.5 */
+import * as $ from 'svelte/internal/client';
+
+import {
+	fetchPortalFlowState,
+	portalFlowIdFromUrl,
+	portalProviderLoginUrl,
+	submitPortalApproval
+} from "@qlever-llc/trellis/auth/browser";
+
+function errorMessage(error) {
+	return error instanceof Error ? error.message : String(error);
+}
+
+function defaultGetUrl() {
+	return new URL(globalThis.location.href);
+}
+
+export class PortalFlowController {
+	#flowId = $.state(null);
+
+	get flowId() {
+		return $.get(this.#flowId);
+	}
+
+	set flowId(value) {
+		$.set(this.#flowId, value, true);
+	}
+
+	#state = $.state(null);
+
+	get state() {
+		return $.get(this.#state);
+	}
+
+	set state(value) {
+		$.set(this.#state, value, true);
+	}
+
+	#loading = $.state(false);
+
+	get loading() {
+		return $.get(this.#loading);
+	}
+
+	set loading(value) {
+		$.set(this.#loading, value, true);
+	}
+
+	#error = $.state(null);
+
+	get error() {
+		return $.get(this.#error);
+	}
+
+	set error(value) {
+		$.set(this.#error, value, true);
+	}
+
+	#config;
+	#getUrl;
+
+	constructor(config) {
+		this.#config = { authUrl: config.authUrl };
+		this.#getUrl = config.getUrl ?? defaultGetUrl;
+	}
+
+	async load() {
+		this.loading = true;
+		this.error = null;
+		this.state = null;
+
+		try {
+			const flowId = portalFlowIdFromUrl(this.#getUrl());
+
+			this.flowId = flowId;
+
+			if (!flowId) {
+				this.error = "Missing flow id.";
+
+				return null;
+			}
+
+			const state = await fetchPortalFlowState(this.#config, flowId);
+
+			this.state = state;
+
+			return state;
+		} catch(error) {
+			this.error = errorMessage(error);
+			this.state = null;
+
+			return null;
+		} finally {
+			this.loading = false;
+		}
+	}
+
+	providerUrl(providerId) {
+		if (!this.flowId) {
+			throw new Error("Missing flow id.");
+		}
+
+		return portalProviderLoginUrl(this.#config, providerId, this.flowId);
+	}
+
+	async approve() {
+		return this.#submit("approved");
+	}
+
+	async deny() {
+		return this.#submit("denied");
+	}
+
+	async #submit(decision) {
+		if (!this.flowId) {
+			this.error = "Missing flow id.";
+
+			return null;
+		}
+
+		this.loading = true;
+		this.error = null;
+
+		try {
+			const state = await submitPortalApproval(this.#config, this.flowId, decision);
+
+			this.state = state;
+
+			return state;
+		} catch(error) {
+			this.error = errorMessage(error);
+
+			return null;
+		} finally {
+			this.loading = false;
+		}
+	}
+}
+
+export function createPortalFlow(config) {
+	return new PortalFlowController(config);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@qlever-llc/trellis-svelte",
-  "version": "0.8.0",
+  "version": "0.8.2",
   "type": "module",
   "description": "Svelte components and state helpers for Trellis browser applications.",
   "license": "Apache-2.0",
@@ -16,24 +16,25 @@
     "access": "public"
   },
   "files": [
+    "dist",
     "src",
     "README.md"
   ],
   "exports": {
     ".": {
       "types": "./src/index.ts",
-      "svelte": "./src/index.ts",
-      "default": "./src/index.ts"
+      "svelte": "./dist/index.js",
+      "default": "./dist/index.js"
     }
   },
   "dependencies": {
     "@nats-io/nats-core": "^3.3.1",
-    "@qlever-llc/result": "^0.8.0",
-    "@qlever-llc/trellis": "^0.8.0",
+    "@qlever-llc/result": "^0.8.2",
+    "@qlever-llc/trellis": "^0.8.2",
     "typebox": "^1.0.15"
   },
   "peerDependencies": {
     "svelte": "^5.0.0"
   },
-  "svelte": "./src/index.ts"
+  "svelte": "./dist/index.js"
 }