@tenxyte/core 0.1.5 → 0.9.0

package/src/storage/cookie.ts

@@ -1,39 +1,39 @@
-import type { TenxyteStorage } from './index';
-
-/**
- * CookieStorage implementation
- * Note: To be secure, tokens should be HttpOnly where possible.
- * This class handles client-side cookies if necessary.
- */
-export class CookieStorage implements TenxyteStorage {
-    private defaultOptions: string;
-
-    constructor(options: { secure?: boolean; sameSite?: 'Strict' | 'Lax' | 'None' } = {}) {
-        const secure = options.secure ?? true;
-        const sameSite = options.sameSite ?? 'Lax';
-        this.defaultOptions = `path=/; SameSite=${sameSite}${secure ? '; Secure' : ''}`;
-    }
-
-    getItem(key: string): string | null {
-        if (typeof document === 'undefined') return null;
-        const match = document.cookie.match(new RegExp(`(^| )${key}=([^;]+)`));
-        return match ? decodeURIComponent(match[2]) : null;
-    }
-
-    setItem(key: string, value: string): void {
-        if (typeof document === 'undefined') return;
-        document.cookie = `${key}=${encodeURIComponent(value)}; ${this.defaultOptions}`;
-    }
-
-    removeItem(key: string): void {
-        if (typeof document === 'undefined') return;
-        document.cookie = `${key}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/`;
-    }
-
-    clear(): void {
-        // Cannot easily clear all cookies securely because we don't know them all
-        // Usually auth keys are known, e.g., tx_access, tx_refresh
-        this.removeItem('tx_access');
-        this.removeItem('tx_refresh');
-    }
-}
+import type { TenxyteStorage } from './index';
+
+/**
+ * CookieStorage implementation
+ * Note: To be secure, tokens should be HttpOnly where possible.
+ * This class handles client-side cookies if necessary.
+ */
+export class CookieStorage implements TenxyteStorage {
+    private defaultOptions: string;
+
+    constructor(options: { secure?: boolean; sameSite?: 'Strict' | 'Lax' | 'None' } = {}) {
+        const secure = options.secure ?? true;
+        const sameSite = options.sameSite ?? 'Lax';
+        this.defaultOptions = `path=/; SameSite=${sameSite}${secure ? '; Secure' : ''}`;
+    }
+
+    getItem(key: string): string | null {
+        if (typeof document === 'undefined') return null;
+        const match = document.cookie.match(new RegExp(`(^| )${key}=([^;]+)`));
+        return match ? decodeURIComponent(match[2]) : null;
+    }
+
+    setItem(key: string, value: string): void {
+        if (typeof document === 'undefined') return;
+        document.cookie = `${key}=${encodeURIComponent(value)}; ${this.defaultOptions}`;
+    }
+
+    removeItem(key: string): void {
+        if (typeof document === 'undefined') return;
+        document.cookie = `${key}=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/`;
+    }
+
+    clear(): void {
+        // Cannot easily clear all cookies securely because we don't know them all
+        // Usually auth keys are known, e.g., tx_access, tx_refresh
+        this.removeItem('tx_access');
+        this.removeItem('tx_refresh');
+    }
+}

package/src/storage/index.ts

@@ -1,29 +1,29 @@
-export interface TenxyteStorage {
-    /**
-     * Retrieves a value from storage.
-     * @param key The key to retrieve
-     */
-    getItem(key: string): string | null | Promise<string | null>;
-
-    /**
-     * Saves a value to storage.
-     * @param key The key to store
-     * @param value The string value
-     */
-    setItem(key: string, value: string): void | Promise<void>;
-
-    /**
-     * Removes a specific key from storage.
-     * @param key The key to remove
-     */
-    removeItem(key: string): void | Promise<void>;
-
-    /**
-     * Clears all storage keys managed by the SDK.
-     */
-    clear(): void | Promise<void>;
-}
-
-export * from './memory';
-export * from './localStorage';
-export * from './cookie';
+export interface TenxyteStorage {
+    /**
+     * Retrieves a value from storage.
+     * @param key The key to retrieve
+     */
+    getItem(key: string): string | null | Promise<string | null>;
+
+    /**
+     * Saves a value to storage.
+     * @param key The key to store
+     * @param value The string value
+     */
+    setItem(key: string, value: string): void | Promise<void>;
+
+    /**
+     * Removes a specific key from storage.
+     * @param key The key to remove
+     */
+    removeItem(key: string): void | Promise<void>;
+
+    /**
+     * Clears all storage keys managed by the SDK.
+     */
+    clear(): void | Promise<void>;
+}
+
+export * from './memory';
+export * from './localStorage';
+export * from './cookie';

package/src/storage/localStorage.ts

@@ -1,75 +1,75 @@
-import type { TenxyteStorage } from './index';
-import { MemoryStorage } from './memory';
-
-/**
- * LocalStorage wrapper for the browser.
- * Degrades gracefully to MemoryStorage if localStorage is unavailable
- * (e.g., SSR, Private Browsing mode strictness).
- */
-export class LocalStorage implements TenxyteStorage {
-    private fallbackMemoryStore: MemoryStorage | null = null;
-    private isAvailable: boolean;
-
-    constructor() {
-        this.isAvailable = this.checkAvailability();
-        if (!this.isAvailable) {
-            this.fallbackMemoryStore = new MemoryStorage();
-        }
-    }
-
-    private checkAvailability(): boolean {
-        try {
-            if (typeof window === 'undefined' || !window.localStorage) {
-                return false;
-            }
-            const testKey = '__tenxyte_test__';
-            window.localStorage.setItem(testKey, '1');
-            window.localStorage.removeItem(testKey);
-            return true;
-        } catch (e) {
-            return false;
-        }
-    }
-
-    getItem(key: string): string | null {
-        if (!this.isAvailable && this.fallbackMemoryStore) {
-            return this.fallbackMemoryStore.getItem(key);
-        }
-        return window.localStorage.getItem(key);
-    }
-
-    setItem(key: string, value: string): void {
-        if (!this.isAvailable && this.fallbackMemoryStore) {
-            this.fallbackMemoryStore.setItem(key, value);
-            return;
-        }
-        try {
-            window.localStorage.setItem(key, value);
-        } catch (e) {
-            // Storage quota exceeded or similar error
-            console.warn(`[Tenxyte SDK] Warning: failed to write to localStorage for key ${key}`);
-        }
-    }
-
-    removeItem(key: string): void {
-        if (!this.isAvailable && this.fallbackMemoryStore) {
-            this.fallbackMemoryStore.removeItem(key);
-            return;
-        }
-        window.localStorage.removeItem(key);
-    }
-
-    clear(): void {
-        if (!this.isAvailable && this.fallbackMemoryStore) {
-            this.fallbackMemoryStore.clear();
-            return;
-        }
-        // We ideally only clear tenxyte specific keys if needed,
-        // but standard clear() removes everything.
-        // If the library only ever writes specific keys,
-        // we could keep track of them and iterate, but for now clear() is standard.
-        // For safer implementation we could just let the caller do removeItems() individually
-        // but let's conform to the clear API.
-        window.localStorage.clear();
-    }
-}
+import type { TenxyteStorage } from './index';
+import { MemoryStorage } from './memory';
+
+/**
+ * LocalStorage wrapper for the browser.
+ * Degrades gracefully to MemoryStorage if localStorage is unavailable
+ * (e.g., SSR, Private Browsing mode strictness).
+ */
+export class LocalStorage implements TenxyteStorage {
+    private fallbackMemoryStore: MemoryStorage | null = null;
+    private isAvailable: boolean;
+
+    constructor() {
+        this.isAvailable = this.checkAvailability();
+        if (!this.isAvailable) {
+            this.fallbackMemoryStore = new MemoryStorage();
+        }
+    }
+
+    private checkAvailability(): boolean {
+        try {
+            if (typeof window === 'undefined' || !window.localStorage) {
+                return false;
+            }
+            const testKey = '__tenxyte_test__';
+            window.localStorage.setItem(testKey, '1');
+            window.localStorage.removeItem(testKey);
+            return true;
+        } catch (e) {
+            return false;
+        }
+    }
+
+    getItem(key: string): string | null {
+        if (!this.isAvailable && this.fallbackMemoryStore) {
+            return this.fallbackMemoryStore.getItem(key);
+        }
+        return window.localStorage.getItem(key);
+    }
+
+    setItem(key: string, value: string): void {
+        if (!this.isAvailable && this.fallbackMemoryStore) {
+            this.fallbackMemoryStore.setItem(key, value);
+            return;
+        }
+        try {
+            window.localStorage.setItem(key, value);
+        } catch (e) {
+            // Storage quota exceeded or similar error
+            console.warn(`[Tenxyte SDK] Warning: failed to write to localStorage for key ${key}`);
+        }
+    }
+
+    removeItem(key: string): void {
+        if (!this.isAvailable && this.fallbackMemoryStore) {
+            this.fallbackMemoryStore.removeItem(key);
+            return;
+        }
+        window.localStorage.removeItem(key);
+    }
+
+    clear(): void {
+        if (!this.isAvailable && this.fallbackMemoryStore) {
+            this.fallbackMemoryStore.clear();
+            return;
+        }
+        // We ideally only clear tenxyte specific keys if needed,
+        // but standard clear() removes everything.
+        // If the library only ever writes specific keys,
+        // we could keep track of them and iterate, but for now clear() is standard.
+        // For safer implementation we could just let the caller do removeItems() individually
+        // but let's conform to the clear API.
+        window.localStorage.clear();
+    }
+}

package/src/storage/memory.ts

@@ -1,30 +1,30 @@
-import type { TenxyteStorage } from './index';
-
-/**
- * MemoryStorage implementation primarily used in Node.js (SSR)
- * environments or as a fallback when browser storage is unavailable.
- */
-export class MemoryStorage implements TenxyteStorage {
-    private store: Map<string, string>;
-
-    constructor() {
-        this.store = new Map<string, string>();
-    }
-
-    getItem(key: string): string | null {
-        const value = this.store.get(key);
-        return value !== undefined ? value : null;
-    }
-
-    setItem(key: string, value: string): void {
-        this.store.set(key, value);
-    }
-
-    removeItem(key: string): void {
-        this.store.delete(key);
-    }
-
-    clear(): void {
-        this.store.clear();
-    }
-}
+import type { TenxyteStorage } from './index';
+
+/**
+ * MemoryStorage implementation primarily used in Node.js (SSR)
+ * environments or as a fallback when browser storage is unavailable.
+ */
+export class MemoryStorage implements TenxyteStorage {
+    private store: Map<string, string>;
+
+    constructor() {
+        this.store = new Map<string, string>();
+    }
+
+    getItem(key: string): string | null {
+        const value = this.store.get(key);
+        return value !== undefined ? value : null;
+    }
+
+    setItem(key: string, value: string): void {
+        this.store.set(key, value);
+    }
+
+    removeItem(key: string): void {
+        this.store.delete(key);
+    }
+
+    clear(): void {
+        this.store.clear();
+    }
+}

package/src/types/index.ts

@@ -1,150 +1,152 @@
-import type { components, paths } from './api-schema';
-
-export type GeneratedSchema = components['schemas'];
-
-/**
- * Core User Interface exposed by the SDK.
- */
-export interface TenxyteUser {
-    id: string; // UUID
-    email: string | null;
-    phone_country_code: string | null;
-    phone_number: string | null;
-    first_name: string;
-    last_name: string;
-    is_email_verified: boolean;
-    is_phone_verified: boolean;
-    is_2fa_enabled: boolean;
-    roles: string[]; // Role codes e.g., ['admin', 'viewer']
-    permissions: string[]; // Permission codes (direct + inherited)
-    created_at: string; // ISO 8601
-    last_login: string | null;
-}
-
-/**
- * Standard SDK Token Pair (internal structure normalized by interceptors)
- */
-export interface TokenPair {
-    access_token: string; // JWT Bearer
-    refresh_token: string;
-    token_type: 'Bearer';
-    expires_in: number; // Current access_token lifetime in seconds
-    device_summary: string | null; // e.g., "desktop — windows 11 — chrome 122" (null if device_info absent)
-}
-
-/**
- * Standardized API Error Response wrapper
- */
-export interface TenxyteError {
-    error: string; // Human message
-    code: TenxyteErrorCode; // Machine identifier
-    details?: Record<string, string[]> | string; // Per-field errors or free message
-    retry_after?: number; // Present on 429 and 423
-}
-
-export type TenxyteErrorCode =
-    // Auth
-    | 'LOGIN_FAILED'
-    | 'INVALID_CREDENTIALS'
-    | 'ACCOUNT_LOCKED'
-    | 'ACCOUNT_BANNED'
-    | '2FA_REQUIRED'
-    | 'ADMIN_2FA_SETUP_REQUIRED'
-    | 'TOKEN_EXPIRED'
-    | 'TOKEN_BLACKLISTED'
-    | 'REFRESH_FAILED'
-    | 'PERMISSION_DENIED'
-    | 'SESSION_LIMIT_EXCEEDED'
-    | 'DEVICE_LIMIT_EXCEEDED'
-    | 'RATE_LIMITED'
-    | 'INVALID_OTP'
-    | 'OTP_EXPIRED'
-    | 'INVALID_PROVIDER'
-    | 'SOCIAL_AUTH_FAILED'
-    | 'VALIDATION_URL_REQUIRED'
-    | 'INVALID_TOKEN'
-    // User / Account
-    | 'CONFIRMATION_REQUIRED'
-    | 'PASSWORD_REQUIRED'
-    | 'INVALID_PASSWORD'
-    | 'INVALID_DEVICE_INFO'
-    // B2B / Organizations
-    | 'ORG_NOT_FOUND'
-    | 'NOT_ORG_MEMBER'
-    | 'NOT_OWNER'
-    | 'ALREADY_MEMBER'
-    | 'MEMBER_LIMIT_EXCEEDED'
-    | 'HAS_CHILDREN'
-    | 'CIRCULAR_HIERARCHY'
-    | 'LAST_OWNER_REQUIRED'
-    | 'INVITATION_EXISTS'
-    | 'INVALID_ROLE'
-    // AIRS — Agent errors
-    | 'AGENT_NOT_FOUND'
-    | 'AGENT_SUSPENDED'
-    | 'AGENT_REVOKED'
-    | 'AGENT_EXPIRED'
-    | 'BUDGET_EXCEEDED'
-    | 'RATE_LIMIT_EXCEEDED'
-    | 'HEARTBEAT_MISSING'
-    | 'AIRS_DISABLED';
-
-/**
- * Organization Structure
- */
-export interface Organization {
-    id: number;
-    name: string;
-    slug: string;
-    description: string | null;
-    metadata: Record<string, unknown> | null;
-    is_active: boolean;
-    max_members: number; // 0 = unlimited
-    member_count: number;
-    created_at: string;
-    updated_at: string;
-    parent: { id: number; name: string; slug: string } | null;
-    children: Array<{ id: number; name: string; slug: string }>;
-    user_role: string | null; // Current user's role in this org
-    user_permissions: string[]; // Effective permissions in this org
-}
-
-/**
- * Base Pagination Response wrapper
- */
-export interface PaginatedResponse<T> {
-    count: number;
-    page: number;
-    page_size: number;
-    total_pages: number;
-    next: string | null;
-    previous: string | null;
-    results: T[];
-}
-
-/**
- * AIRS Agent Token metadata
- */
-export interface AgentTokenSummary {
-    id: number;
-    agent_id: string;
-    status: 'ACTIVE' | 'SUSPENDED' | 'REVOKED' | 'EXPIRED';
-    expires_at: string;
-    created_at: string;
-    organization: string | null; // Org slug, or null
-    current_request_count: number;
-}
-
-/**
- * Request awaiting Human-In-The-Loop approval
- */
-export interface AgentPendingAction {
-    id: number;
-    agent_id: string;
-    permission: string; // e.g., "users.delete"
-    endpoint: string;
-    payload: unknown;
-    confirmation_token: string;
-    expires_at: string;
-    created_at: string;
-}
+import type { components, paths } from './api-schema';
+
+export type GeneratedSchema = components['schemas'];
+
+/**
+ * Core User Interface exposed by the SDK.
+ * Represents the authenticated entity bound to the active session.
+ */
+export interface TenxyteUser {
+    id: string; // UUID
+    email: string | null;
+    phone_country_code: string | null;
+    phone_number: string | null;
+    first_name: string;
+    last_name: string;
+    is_email_verified: boolean;
+    is_phone_verified: boolean;
+    is_2fa_enabled: boolean;
+    roles: string[]; // Role codes e.g., ['admin', 'viewer']
+    permissions: string[]; // Permission codes (direct + inherited)
+    created_at: string; // ISO 8601
+    last_login: string | null;
+}
+
+/**
+ * Standard SDK Token Pair (internal structure normalized by interceptors).
+ * These are managed automatically if auto-refresh is enabled.
+ */
+export interface TokenPair {
+    access_token: string; // JWT Bearer
+    refresh_token: string;
+    token_type: 'Bearer';
+    expires_in: number; // Current access_token lifetime in seconds
+    device_summary: string | null; // e.g., "desktop — windows 11 — chrome 122" (null if device_info absent)
+}
+
+/**
+ * Standardized API Error Response wrapper thrown by network interceptors.
+ */
+export interface TenxyteError {
+    error: string; // Human message
+    code: TenxyteErrorCode; // Machine identifier
+    details?: Record<string, string[]> | string; // Per-field errors or free message
+    retry_after?: number; // Present on HTTP 429 and 423
+}
+
+export type TenxyteErrorCode =
+    // Auth
+    | 'LOGIN_FAILED'
+    | 'INVALID_CREDENTIALS'
+    | 'ACCOUNT_LOCKED'
+    | 'ACCOUNT_BANNED'
+    | '2FA_REQUIRED'
+    | 'ADMIN_2FA_SETUP_REQUIRED'
+    | 'TOKEN_EXPIRED'
+    | 'TOKEN_BLACKLISTED'
+    | 'REFRESH_FAILED'
+    | 'PERMISSION_DENIED'
+    | 'SESSION_LIMIT_EXCEEDED'
+    | 'DEVICE_LIMIT_EXCEEDED'
+    | 'RATE_LIMITED'
+    | 'INVALID_OTP'
+    | 'OTP_EXPIRED'
+    | 'INVALID_PROVIDER'
+    | 'SOCIAL_AUTH_FAILED'
+    | 'VALIDATION_URL_REQUIRED'
+    | 'INVALID_TOKEN'
+    // User / Account
+    | 'CONFIRMATION_REQUIRED'
+    | 'PASSWORD_REQUIRED'
+    | 'INVALID_PASSWORD'
+    | 'INVALID_DEVICE_INFO'
+    // B2B / Organizations
+    | 'ORG_NOT_FOUND'
+    | 'NOT_ORG_MEMBER'
+    | 'NOT_OWNER'
+    | 'ALREADY_MEMBER'
+    | 'MEMBER_LIMIT_EXCEEDED'
+    | 'HAS_CHILDREN'
+    | 'CIRCULAR_HIERARCHY'
+    | 'LAST_OWNER_REQUIRED'
+    | 'INVITATION_EXISTS'
+    | 'INVALID_ROLE'
+    // AIRS — Agent errors
+    | 'AGENT_NOT_FOUND'
+    | 'AGENT_SUSPENDED'
+    | 'AGENT_REVOKED'
+    | 'AGENT_EXPIRED'
+    | 'BUDGET_EXCEEDED'
+    | 'RATE_LIMIT_EXCEEDED'
+    | 'HEARTBEAT_MISSING'
+    | 'AIRS_DISABLED';
+
+/**
+ * Organization Structure defining a B2B tenant or hierarchical unit.
+ */
+export interface Organization {
+    id: number;
+    name: string;
+    slug: string;
+    description: string | null;
+    metadata: Record<string, unknown> | null;
+    is_active: boolean;
+    max_members: number; // 0 = unlimited
+    member_count: number;
+    created_at: string;
+    updated_at: string;
+    parent: { id: number; name: string; slug: string } | null;
+    children: Array<{ id: number; name: string; slug: string }>;
+    user_role: string | null; // Current user's contextual role inside this exact org
+    user_permissions: string[]; // Effective permissions resolving downward in this org
+}
+
+/**
+ * Base Pagination Response wrapper
+ */
+export interface PaginatedResponse<T> {
+    count: number;
+    page: number;
+    page_size: number;
+    total_pages: number;
+    next: string | null;
+    previous: string | null;
+    results: T[];
+}
+
+/**
+ * AIRS Agent Token metadata
+ */
+export interface AgentTokenSummary {
+    id: number;
+    agent_id: string;
+    status: 'ACTIVE' | 'SUSPENDED' | 'REVOKED' | 'EXPIRED';
+    expires_at: string;
+    created_at: string;
+    organization: string | null; // Org slug, or null
+    current_request_count: number;
+}
+
+/**
+ * Request awaiting Human-In-The-Loop approval
+ */
+export interface AgentPendingAction {
+    id: number;
+    agent_id: string;
+    permission: string; // e.g., "users.delete"
+    endpoint: string;
+    payload: unknown;
+    confirmation_token: string;
+    expires_at: string;
+    created_at: string;
+}