@scalekit-sdk/node 2.2.0 → 2.2.2

package/src/passwordless.ts

@@ -1,139 +0,0 @@
-import { create } from '@bufbuild/protobuf';
-import type { Client } from '@connectrpc/connect';
-import GrpcConnect from './connect';
-import CoreClient from './core';
-import { PasswordlessService } from './pkg/grpc/scalekit/v1/auth/passwordless_pb';
-import {
-  SendPasswordlessRequestSchema,
-  VerifyPasswordLessRequestSchema,
-  SendPasswordlessResponse,
-  VerifyPasswordLessResponse,
-  TemplateType,
-} from './pkg/grpc/scalekit/v1/auth/passwordless_pb';
-
-export default class PasswordlessClient {
-  private client: Client<typeof PasswordlessService>;
-  constructor(
-    private readonly grpcConnect: GrpcConnect,
-    private readonly coreClient: CoreClient
-  ) {
-    this.client = this.grpcConnect.createClient(PasswordlessService);
-  }
-
-  /**
-   * Send a passwordless authentication email
-   * @param {string} email The email address to send the passwordless link to
-   * @param {object} options The options for sending the passwordless email
-   * @param {TemplateType} options.template The template type (SIGNIN/SIGNUP)
-   * @param {string} options.state Optional state parameter to maintain state between request and callback
-   * @param {string} options.magiclinkAuthUri Optional auth URI for magic link authentication
-   * @param {number} options.expiresIn Optional expiration time in seconds (default: 3600)
-   * @param {object} options.templateVariables Optional template variables
-   * @returns {Promise<SendPasswordlessResponse>} The response containing:
-   * - authRequestId: Unique identifier for the passwordless authentication request
-   * - expiresAt: Expiration time in seconds since epoch
-   * - expiresIn: Expiration time in seconds
-   * - passwordlessType: Type of passwordless authentication (OTP/LINK/LINK_OTP)
-   */
-  async sendPasswordlessEmail(
-    email: string,
-    options?: {
-      template?: TemplateType;
-      state?: string;
-      magiclinkAuthUri?: string;
-      expiresIn?: number;
-      templateVariables?: Record<string, string>;
-    }
-  ): Promise<SendPasswordlessResponse> {
-    if (!email || typeof email !== 'string') {
-      throw new Error('Email must be a valid string');
-    }
-
-    let templateValue: TemplateType | undefined;
-    if (options?.template) {
-      if (typeof options.template === 'string') {
-        templateValue = TemplateType[options.template as keyof typeof TemplateType];
-        if (templateValue === undefined) {
-          throw new Error('Invalid template type');
-        }
-      } else {
-        templateValue = options.template;
-      }
-    }
-
-    if (options?.state && typeof options.state !== 'string') {
-      throw new Error('State must be a string');
-    }
-
-    if (options?.magiclinkAuthUri && typeof options.magiclinkAuthUri !== 'string') {
-      throw new Error('Magic link auth URI must be a string');
-    }
-
-    const request = create(SendPasswordlessRequestSchema, {
-      email,
-      template: templateValue,
-      state: options?.state,
-      magiclinkAuthUri: options?.magiclinkAuthUri,
-      expiresIn: options?.expiresIn,
-      templateVariables: options?.templateVariables || {}
-    });
-
-    return this.coreClient.connectExec(
-      this.client.sendPasswordlessEmail,
-      request
-    );
-  }
-
-  /**
-   * Verify a passwordless authentication code or link token
-   * @param {object} credential The credential to verify
-   * @param {string} credential.code The one-time code received via email
-   * @param {string} credential.linkToken The link token received via email
-   * @param {string} [authRequestId] Optional auth request ID from the send response
-   * @returns {Promise<VerifyPasswordLessResponse>} The response containing:
-   * - email: The email address that was verified
-   * - state: Optional state parameter that was passed in the send request
-   * - template: The template type used for the authentication
-   * - passwordlessType: Type of passwordless authentication used
-   */
-  async verifyPasswordlessEmail(
-    credential: { code?: string; linkToken?: string },
-    authRequestId?: string
-  ): Promise<VerifyPasswordLessResponse> {
-    if (!credential.code && !credential.linkToken) {
-      throw new Error('Either code or linkToken must be provided');
-    }
-
-    const request = create(VerifyPasswordLessRequestSchema, {
-      authRequestId,
-      authCredential: credential.code 
-        ? { case: "code", value: credential.code }
-        : { case: "linkToken", value: credential.linkToken! }
-    });
-
-    return this.coreClient.connectExec(
-      this.client.verifyPasswordlessEmail,
-      request
-    );
-  }
-
-  /**
-   * Resend a passwordless authentication email
-   * @param {string} authRequestId The auth request ID from the original send response
-   * @returns {Promise<SendPasswordlessResponse>} The response containing:
-   * - authRequestId: New unique identifier for the passwordless authentication request
-   * - expiresAt: New expiration time in seconds since epoch
-   * - expiresIn: New expiration time in seconds
-   * - passwordlessType: Type of passwordless authentication (OTP/LINK/LINK_OTP)
-   */
-  async resendPasswordlessEmail(
-    authRequestId: string
-  ): Promise<SendPasswordlessResponse> {
-    return this.coreClient.connectExec(
-      this.client.resendPasswordlessEmail,
-      {
-        authRequestId
-      }
-    );
-  }
-} 

package/src/permission.ts

@@ -1,310 +0,0 @@
-import type { MessageShape } from "@bufbuild/protobuf";
-import { create } from "@bufbuild/protobuf";
-import { EmptySchema } from "@bufbuild/protobuf/wkt";
-import type { Client } from "@connectrpc/connect";
-import GrpcConnect from "./connect";
-import CoreClient from "./core";
-import { RolesService } from "./pkg/grpc/scalekit/v1/roles/roles_pb";
-import {
-  CreatePermissionRequest,
-  CreatePermissionResponse,
-  GetPermissionRequest,
-  GetPermissionResponse,
-  UpdatePermissionRequest,
-  UpdatePermissionResponse,
-  ListPermissionsRequest,
-  ListPermissionsResponse,
-  DeletePermissionRequest,
-  ListRolePermissionsRequest,
-  ListRolePermissionsResponse,
-  AddPermissionsToRoleRequest,
-  AddPermissionsToRoleResponse,
-  RemovePermissionFromRoleRequest,
-  ListEffectiveRolePermissionsRequest,
-  ListEffectiveRolePermissionsResponse,
-  CreatePermission,
-  ListPermissionsRequestSchema,
-} from "./pkg/grpc/scalekit/v1/roles/roles_pb";
-
-/**
- * Client for managing permissions and role-permission assignments.
- *
- * Permissions represent granular access controls defining specific actions users can perform
- * on resources (e.g., 'read:documents', 'write:settings', 'delete:users'). This client provides
- * comprehensive permission management including CRUD operations and role assignment.
- *
- * **Key Concepts:**
- * - **Direct Permissions**: Explicitly assigned to a role
- * - **Effective Permissions**: Direct + inherited from parent roles through hierarchy
- * - **Permission Format**: 'action:resource' (e.g., 'read:invoices', 'admin:users')
- *
- * @example
- * const scalekitClient = new ScalekitClient(envUrl, clientId, clientSecret);
- * const permissionClient = scalekitClient.permission;
- *
- * @see {@link https://docs.scalekit.com/apis/#tag/permissions | Permission API Documentation}
- */
-export default class PermissionClient {
-  private client: Client<typeof RolesService>;
-
-  constructor(
-    private readonly grpcConnect: GrpcConnect,
-    private readonly coreClient: CoreClient
-  ) {
-    this.client = this.grpcConnect.createClient(RolesService);
-  }
-
-  /**
-   * Creates a new permission defining a specific action users can perform.
-   *
-   * Permissions represent granular access controls following the 'action:resource' format.
-   * Use this to define the building blocks of your access control system.
-   *
-   * @param {CreatePermission} permission - Permission object containing:
-   *   - name: Permission identifier in 'action:resource' format (e.g., 'read:documents', 'write:settings')
-   *   - description: Optional explanation of what this permission grants
-   *
-   * @returns {Promise<CreatePermissionResponse>} Created permission with ID and timestamps
-   *
-   * @example
-   * // Create basic permissions
-   * await scalekitClient.permission.createPermission({
-   *   name: 'read:invoices',
-   *   description: 'View invoice details'
-   * });
-  
-   *
-   * @see {@link https://docs.scalekit.com/apis/#tag/permissions | Create Permission API}
-   */
-  async createPermission(
-    permission: CreatePermission
-  ): Promise<CreatePermissionResponse> {
-    return this.coreClient.connectExec(this.client.createPermission, {
-      permission,
-    });
-  }
-
-  /**
-   * Retrieves complete information for a specific permission.
-   *
-   * @param {string} permissionName - Permission identifier (e.g., 'read:documents')
-   *
-   * @returns {Promise<GetPermissionResponse>} Permission details including description and timestamps
-   *
-   * @example
-   * const response = await scalekitClient.permission.getPermission('read:invoices');
-   * console.log('Description:', response.permission.description);
-   *
-   * @see {@link https://docs.scalekit.com/apis/#tag/permissions | Get Permission API}
-   */
-  async getPermission(permissionName: string): Promise<GetPermissionResponse> {
-    return this.coreClient.connectExec(this.client.getPermission, {
-      permissionName,
-    });
-  }
-
-  /**
-   * Lists all permissions with pagination support.
-   *
-   * View all permission definitions for auditing, role management, or understanding available access controls.
-   *
-   * @param {string} [pageToken] - Token for retrieving the next page
-   * @param {number} [pageSize] - Number of permissions per page (max: 100)
-   *
-   * @returns {Promise<ListPermissionsResponse>} Paginated list of permissions
-   *
-   * @example
-   * // List all permissions
-   * const response = await scalekitClient.permission.listPermissions();
-   * response.permissions.forEach(perm => {
-   *   console.log(`${perm.name}: ${perm.description}`);
-   * });
-   *
-   * @example
-   * // Paginate through permissions
-   * let pageToken = undefined;
-   * do {
-   *   const response = await scalekitClient.permission.listPermissions(pageToken, 50);
-   *   // Process permissions
-   *   pageToken = response.nextPageToken;
-   * } while (pageToken);
-   *
-   * @see {@link https://docs.scalekit.com/apis/#tag/permissions | List Permissions API}
-   */
-  async listPermissions(
-    pageToken?: string,
-    pageSize?: number
-  ): Promise<ListPermissionsResponse> {
-    const request = create(ListPermissionsRequestSchema, {
-      pageToken,
-      pageSize,
-    });
-
-    return this.coreClient.connectExec(this.client.listPermissions, request);
-  }
-
-  /**
-   * Updates an existing permission's attributes.
-   *
-   * Note: The permission name itself cannot be changed as it serves as the immutable identifier.
-   *
-   * @param {string} permissionName - Permission to update
-   * @param {CreatePermission} permission - Updated permission properties
-   *
-   * @returns {Promise<UpdatePermissionResponse>} Updated permission details
-   *
-   * @example
-   * await scalekitClient.permission.updatePermission('read:invoices', {
-   *   name: 'read:invoices',
-   *   description: 'View invoice details and history (updated)'
-   * });
-   *
-   * @see {@link https://docs.scalekit.com/apis/#tag/permissions | Update Permission API}
-   */
-  async updatePermission(
-    permissionName: string,
-    permission: CreatePermission
-  ): Promise<UpdatePermissionResponse> {
-    return this.coreClient.connectExec(this.client.updatePermission, {
-      permissionName,
-      permission,
-    });
-  }
-
-  /**
-   * Permanently removes a permission.
-   *
-   * Ensure no active roles depend on the permission before deletion.
-   *
-   * @param {string} permissionName - Permission identifier to delete
-   *
-   * @returns {Promise<MessageShape<typeof EmptySchema>>} Empty response on success
-   *
-   * @example
-   * await scalekitClient.permission.deletePermission('deprecated:feature');
-   *
-   * @see {@link https://docs.scalekit.com/apis/#tag/permissions | Delete Permission API}
-   */
-  async deletePermission(permissionName: string): Promise<MessageShape<typeof EmptySchema>> {
-    return this.coreClient.connectExec(this.client.deletePermission, {
-      permissionName,
-    });
-  }
-
-  /**
-   * Lists direct permissions assigned to a role (excluding inherited permissions).
-   *
-   * Use this to view explicit permission assignments without inheritance from base roles.
-   *
-   * @param {string} roleName - Role to examine
-   *
-   * @returns {Promise<ListRolePermissionsResponse>} List of directly assigned permissions only
-   *
-   * @example
-   * const response = await scalekitClient.permission.listRolePermissions('editor');
-   * console.log('Direct permissions:', response.permissions);
-   *
-   * @see {@link https://docs.scalekit.com/apis/#tag/permissions | List Role Permissions API}
-   * @see {@link listEffectiveRolePermissions} - Get all permissions including inherited
-   */
-  async listRolePermissions(
-    roleName: string
-  ): Promise<ListRolePermissionsResponse> {
-    return this.coreClient.connectExec(this.client.listRolePermissions, {
-      roleName,
-    });
-  }
-
-  /**
-   * Grants additional permissions to a role without removing existing assignments.
-   *
-   * This is an incremental operation that adds new permissions while preserving existing ones.
-   * System validates permission existence before assignment.
-   *
-   * @param {string} roleName - Target role to enhance
-   * @param {string[]} permissionNames - Array of permission identifiers to add
-   *
-   * @returns {Promise<AddPermissionsToRoleResponse>} Updated list of all role permissions
-   *
-   * @example
-   * // Add multiple permissions to a role
-   * await scalekitClient.permission.addPermissionsToRole('editor', [
-   *   'read:documents',
-   *   'write:documents',
-   *   'edit:documents'
-   * ]);
-   *
-   * @example
-   * // Incrementally add permissions
-   * await scalekitClient.permission.addPermissionsToRole('support', ['read:tickets']);
-   * await scalekitClient.permission.addPermissionsToRole('support', ['update:tickets']);
-   *
-   * @see {@link https://docs.scalekit.com/apis/#tag/permissions | Add Permissions to Role API}
-   */
-  async addPermissionsToRole(
-    roleName: string,
-    permissionNames: string[]
-  ): Promise<AddPermissionsToRoleResponse> {
-    return this.coreClient.connectExec(this.client.addPermissionsToRole, {
-      roleName,
-      permissionNames,
-    });
-  }
-
-  /**
-   * Revokes a specific permission from a role, restricting access for all assigned users.
-   *
-   * Only affects direct assignments; doesn't impact inherited permissions from base roles.
-   *
-   * @param {string} roleName - Role to modify
-   * @param {string} permissionName - Permission to remove
-   *
-   * @returns {Promise<MessageShape<typeof EmptySchema>>} Empty response on success
-   *
-   * @example
-   * // Remove delete permission from editor role
-   * await scalekitClient.permission.removePermissionFromRole('editor', 'delete:documents');
-   *
-   * @see {@link https://docs.scalekit.com/apis/#tag/permissions | Remove Permission from Role API}
-   */
-  async removePermissionFromRole(
-    roleName: string,
-    permissionName: string
-  ): Promise<MessageShape<typeof EmptySchema>> {
-    return this.coreClient.connectExec(this.client.removePermissionFromRole, {
-      roleName,
-      permissionName,
-    });
-  }
-
-  /**
-   * Lists all effective permissions for a role including both direct and inherited permissions.
-   *
-   * This returns the complete set of capabilities available through the role hierarchy.
-   * Essential for understanding the full scope of access granted to users assigned to this role.
-   *
-   * @param {string} roleName - Role to analyze
-   *
-   * @returns {Promise<ListEffectiveRolePermissionsResponse>} Complete list including inherited permissions
-   *
-   * @example
-   * // Compare direct vs effective permissions
-   * const direct = await scalekitClient.permission.listRolePermissions('senior_editor');
-   * const effective = await scalekitClient.permission.listEffectiveRolePermissions('senior_editor');
-   *
-   * console.log('Direct permissions:', direct.permissions.length);
-   * console.log('Total effective permissions:', effective.permissions.length);
-   * console.log('Inherited:', effective.permissions.length - direct.permissions.length);
-   *
-   * @see {@link https://docs.scalekit.com/apis/#tag/permissions | List Effective Role Permissions API}
-   * @see {@link listRolePermissions} - Get only direct permissions
-   */
-  async listEffectiveRolePermissions(
-    roleName: string
-  ): Promise<ListEffectiveRolePermissionsResponse> {
-    return this.coreClient.connectExec(
-      this.client.listEffectiveRolePermissions,
-      { roleName }
-    );
-  }
-}

package/src/pkg/grpc/buf/validate/validate_pb.ts

@@ -1,28 +0,0 @@
-/**
- * Stub for buf/validate/validate.proto dependency.
- * The generated code references this for file descriptor linking; we export a minimal
- * placeholder so the SDK builds without the full buf validate proto source.
- */
-import type { GenFile } from "@bufbuild/protobuf/codegenv2";
-
-const NAME = "buf/validate/validate.proto";
-const EMPTY_ARR: never[] = [];
-export const file_buf_validate_validate: GenFile = {
-  get name() { return NAME; },
-  get syntax() { return "proto3"; },
-  get dependency() { return []; },
-  get enumType() { return EMPTY_ARR; },
-  get messageType() { return EMPTY_ARR; },
-  get service() { return EMPTY_ARR; },
-  get extension() { return EMPTY_ARR; },
-  get proto() {
-    return {
-      name: NAME,
-      syntax: "proto3",
-      enumType: EMPTY_ARR,
-      messageType: EMPTY_ARR,
-      service: EMPTY_ARR,
-      extension: EMPTY_ARR,
-    };
-  },
-} as unknown as GenFile;

package/src/pkg/grpc/google/api/annotations_pb.ts

@@ -1,28 +0,0 @@
-/**
- * Stub for google/api/annotations.proto dependency.
- * The generated code references this for file descriptor linking; we export a minimal
- * placeholder so the SDK builds without the full google API proto source.
- */
-import type { GenFile } from "@bufbuild/protobuf/codegenv2";
-
-const NAME = "google/api/annotations.proto";
-const EMPTY_ARR: never[] = [];
-export const file_google_api_annotations: GenFile = {
-  get name() { return NAME; },
-  get syntax() { return "proto3"; },
-  get dependency() { return []; },
-  get enumType() { return EMPTY_ARR; },
-  get messageType() { return EMPTY_ARR; },
-  get service() { return EMPTY_ARR; },
-  get extension() { return EMPTY_ARR; },
-  get proto() {
-    return {
-      name: NAME,
-      syntax: "proto3",
-      enumType: EMPTY_ARR,
-      messageType: EMPTY_ARR,
-      service: EMPTY_ARR,
-      extension: EMPTY_ARR,
-    };
-  },
-} as unknown as GenFile;

package/src/pkg/grpc/google/api/field_behavior_pb.ts

@@ -1,28 +0,0 @@
-/**
- * Stub for google/api/field_behavior.proto dependency.
- * The generated code references this for file descriptor linking; we export a minimal
- * placeholder so the SDK builds without the full google API proto source.
- */
-import type { GenFile } from "@bufbuild/protobuf/codegenv2";
-
-const NAME = "google/api/field_behavior.proto";
-const EMPTY_ARR: never[] = [];
-export const file_google_api_field_behavior: GenFile = {
-  get name() { return NAME; },
-  get syntax() { return "proto3"; },
-  get dependency() { return []; },
-  get enumType() { return EMPTY_ARR; },
-  get messageType() { return EMPTY_ARR; },
-  get service() { return EMPTY_ARR; },
-  get extension() { return EMPTY_ARR; },
-  get proto() {
-    return {
-      name: NAME,
-      syntax: "proto3",
-      enumType: EMPTY_ARR,
-      messageType: EMPTY_ARR,
-      service: EMPTY_ARR,
-      extension: EMPTY_ARR,
-    };
-  },
-} as unknown as GenFile;

package/src/pkg/grpc/google/api/visibility_pb.ts

@@ -1,28 +0,0 @@
-/**
- * Stub for google/api/visibility.proto dependency.
- * The generated code references this for file descriptor linking; we export a minimal
- * placeholder so the SDK builds without the full google API proto source.
- */
-import type { GenFile } from "@bufbuild/protobuf/codegenv2";
-
-const NAME = "google/api/visibility.proto";
-const EMPTY_ARR: never[] = [];
-export const file_google_api_visibility: GenFile = {
-  get name() { return NAME; },
-  get syntax() { return "proto3"; },
-  get dependency() { return []; },
-  get enumType() { return EMPTY_ARR; },
-  get messageType() { return EMPTY_ARR; },
-  get service() { return EMPTY_ARR; },
-  get extension() { return EMPTY_ARR; },
-  get proto() {
-    return {
-      name: NAME,
-      syntax: "proto3",
-      enumType: EMPTY_ARR,
-      messageType: EMPTY_ARR,
-      service: EMPTY_ARR,
-      extension: EMPTY_ARR,
-    };
-  },
-} as unknown as GenFile;

package/src/pkg/grpc/protoc-gen-openapiv2/options/annotations_pb.ts

@@ -1,28 +0,0 @@
-/**
- * Stub for protoc-gen-openapiv2/options/annotations.proto dependency.
- * The generated code references this for file descriptor linking; we export a minimal
- * placeholder so the SDK builds without the full openapiv2 options proto source.
- */
-import type { GenFile } from "@bufbuild/protobuf/codegenv2";
-
-const NAME = "protoc-gen-openapiv2/options/annotations.proto";
-const EMPTY_ARR: never[] = [];
-export const file_protoc_gen_openapiv2_options_annotations: GenFile = {
-  get name() { return NAME; },
-  get syntax() { return "proto3"; },
-  get dependency() { return []; },
-  get enumType() { return EMPTY_ARR; },
-  get messageType() { return EMPTY_ARR; },
-  get service() { return EMPTY_ARR; },
-  get extension() { return EMPTY_ARR; },
-  get proto() {
-    return {
-      name: NAME,
-      syntax: "proto3",
-      enumType: EMPTY_ARR,
-      messageType: EMPTY_ARR,
-      service: EMPTY_ARR,
-      extension: EMPTY_ARR,
-    };
-  },
-} as unknown as GenFile;