@tenxyte/core 0.9.0 → 0.9.3

package/src/types/index.ts

@@ -1,152 +0,0 @@
-import type { components, paths } from './api-schema';
-
-export type GeneratedSchema = components['schemas'];
-
-/**
- * Core User Interface exposed by the SDK.
- * Represents the authenticated entity bound to the active session.
- */
-export interface TenxyteUser {
-    id: string; // UUID
-    email: string | null;
-    phone_country_code: string | null;
-    phone_number: string | null;
-    first_name: string;
-    last_name: string;
-    is_email_verified: boolean;
-    is_phone_verified: boolean;
-    is_2fa_enabled: boolean;
-    roles: string[]; // Role codes e.g., ['admin', 'viewer']
-    permissions: string[]; // Permission codes (direct + inherited)
-    created_at: string; // ISO 8601
-    last_login: string | null;
-}
-
-/**
- * Standard SDK Token Pair (internal structure normalized by interceptors).
- * These are managed automatically if auto-refresh is enabled.
- */
-export interface TokenPair {
-    access_token: string; // JWT Bearer
-    refresh_token: string;
-    token_type: 'Bearer';
-    expires_in: number; // Current access_token lifetime in seconds
-    device_summary: string | null; // e.g., "desktop — windows 11 — chrome 122" (null if device_info absent)
-}
-
-/**
- * Standardized API Error Response wrapper thrown by network interceptors.
- */
-export interface TenxyteError {
-    error: string; // Human message
-    code: TenxyteErrorCode; // Machine identifier
-    details?: Record<string, string[]> | string; // Per-field errors or free message
-    retry_after?: number; // Present on HTTP 429 and 423
-}
-
-export type TenxyteErrorCode =
-    // Auth
-    | 'LOGIN_FAILED'
-    | 'INVALID_CREDENTIALS'
-    | 'ACCOUNT_LOCKED'
-    | 'ACCOUNT_BANNED'
-    | '2FA_REQUIRED'
-    | 'ADMIN_2FA_SETUP_REQUIRED'
-    | 'TOKEN_EXPIRED'
-    | 'TOKEN_BLACKLISTED'
-    | 'REFRESH_FAILED'
-    | 'PERMISSION_DENIED'
-    | 'SESSION_LIMIT_EXCEEDED'
-    | 'DEVICE_LIMIT_EXCEEDED'
-    | 'RATE_LIMITED'
-    | 'INVALID_OTP'
-    | 'OTP_EXPIRED'
-    | 'INVALID_PROVIDER'
-    | 'SOCIAL_AUTH_FAILED'
-    | 'VALIDATION_URL_REQUIRED'
-    | 'INVALID_TOKEN'
-    // User / Account
-    | 'CONFIRMATION_REQUIRED'
-    | 'PASSWORD_REQUIRED'
-    | 'INVALID_PASSWORD'
-    | 'INVALID_DEVICE_INFO'
-    // B2B / Organizations
-    | 'ORG_NOT_FOUND'
-    | 'NOT_ORG_MEMBER'
-    | 'NOT_OWNER'
-    | 'ALREADY_MEMBER'
-    | 'MEMBER_LIMIT_EXCEEDED'
-    | 'HAS_CHILDREN'
-    | 'CIRCULAR_HIERARCHY'
-    | 'LAST_OWNER_REQUIRED'
-    | 'INVITATION_EXISTS'
-    | 'INVALID_ROLE'
-    // AIRS — Agent errors
-    | 'AGENT_NOT_FOUND'
-    | 'AGENT_SUSPENDED'
-    | 'AGENT_REVOKED'
-    | 'AGENT_EXPIRED'
-    | 'BUDGET_EXCEEDED'
-    | 'RATE_LIMIT_EXCEEDED'
-    | 'HEARTBEAT_MISSING'
-    | 'AIRS_DISABLED';
-
-/**
- * Organization Structure defining a B2B tenant or hierarchical unit.
- */
-export interface Organization {
-    id: number;
-    name: string;
-    slug: string;
-    description: string | null;
-    metadata: Record<string, unknown> | null;
-    is_active: boolean;
-    max_members: number; // 0 = unlimited
-    member_count: number;
-    created_at: string;
-    updated_at: string;
-    parent: { id: number; name: string; slug: string } | null;
-    children: Array<{ id: number; name: string; slug: string }>;
-    user_role: string | null; // Current user's contextual role inside this exact org
-    user_permissions: string[]; // Effective permissions resolving downward in this org
-}
-
-/**
- * Base Pagination Response wrapper
- */
-export interface PaginatedResponse<T> {
-    count: number;
-    page: number;
-    page_size: number;
-    total_pages: number;
-    next: string | null;
-    previous: string | null;
-    results: T[];
-}
-
-/**
- * AIRS Agent Token metadata
- */
-export interface AgentTokenSummary {
-    id: number;
-    agent_id: string;
-    status: 'ACTIVE' | 'SUSPENDED' | 'REVOKED' | 'EXPIRED';
-    expires_at: string;
-    created_at: string;
-    organization: string | null; // Org slug, or null
-    current_request_count: number;
-}
-
-/**
- * Request awaiting Human-In-The-Loop approval
- */
-export interface AgentPendingAction {
-    id: number;
-    agent_id: string;
-    permission: string; // e.g., "users.delete"
-    endpoint: string;
-    payload: unknown;
-    confirmation_token: string;
-    expires_at: string;
-    created_at: string;
-}

package/src/utils/base64url.ts

@@ -1,25 +0,0 @@
-export function bufferToBase64url(buffer: ArrayBuffer | Uint8Array): string {
-    const bytes = new Uint8Array(buffer);
-    let binary = '';
-    for (let i = 0; i < bytes.byteLength; i++) {
-        binary += String.fromCharCode(bytes[i]);
-    }
-    return btoa(binary)
-        .replace(/\+/g, '-')
-        .replace(/\//g, '_')
-        .replace(/=/g, '');
-}
-
-export function base64urlToBuffer(base64url: string): Uint8Array {
-    const base64 = base64url
-        .replace(/-/g, '+')
-        .replace(/_/g, '/');
-    const padLen = (4 - (base64.length % 4)) % 4;
-    const padded = base64 + '='.repeat(padLen);
-    const binary = atob(padded);
-    const bytes = new Uint8Array(binary.length);
-    for (let i = 0; i < binary.length; i++) {
-        bytes[i] = binary.charCodeAt(i);
-    }
-    return bytes;
-}

package/src/utils/device_info.ts

@@ -1,94 +0,0 @@
-/**
- * Helper utility to build the device fingerprint required by Tenxyte security features.
- * Format: `v=1|os=windows;osv=11|device=desktop|arch=x64|app=tenxyte;appv=1.0.0|runtime=chrome;rtv=122|tz=Europe/Paris`
- */
-export interface CustomDeviceInfo {
-    os?: string;
-    osVersion?: string;
-    device?: string;
-    arch?: string;
-    app?: string;
-    appVersion?: string;
-    runtime?: string;
-    runtimeVersion?: string;
-    timezone?: string;
-}
-
-export function buildDeviceInfo(customInfo: CustomDeviceInfo = {}): string {
-    // Try to determine automatically from navigator
-    const autoInfo = getAutoInfo();
-
-    const v = '1';
-    const os = customInfo.os || autoInfo.os;
-    const osv = customInfo.osVersion || autoInfo.osVersion;
-    const device = customInfo.device || autoInfo.device;
-    const arch = customInfo.arch || autoInfo.arch;
-    const app = customInfo.app || autoInfo.app;
-    const appv = customInfo.appVersion || autoInfo.appVersion;
-    const runtime = customInfo.runtime || autoInfo.runtime;
-    const rtv = customInfo.runtimeVersion || autoInfo.runtimeVersion;
-    const tz = customInfo.timezone || autoInfo.timezone;
-
-    const parts = [
-        `v=${v}`,
-        `os=${os}` + (osv ? `;osv=${osv}` : ''),
-        `device=${device}`,
-        arch ? `arch=${arch}` : '',
-        app ? `app=${app}${appv ? `;appv=${appv}` : ''}` : '',
-        `runtime=${runtime}` + (rtv ? `;rtv=${rtv}` : ''),
-        tz ? `tz=${tz}` : ''
-    ];
-
-    return parts.filter(Boolean).join('|');
-}
-
-function getAutoInfo() {
-    const info = {
-        os: 'unknown',
-        osVersion: '',
-        device: 'desktop', // default
-        arch: '',
-        app: 'sdk',
-        appVersion: '0.1.0',
-        runtime: 'unknown',
-        runtimeVersion: '',
-        timezone: ''
-    };
-
-    try {
-        if (typeof Intl !== 'undefined') {
-            info.timezone = Intl.DateTimeFormat().resolvedOptions().timeZone;
-        }
-
-        if (typeof process !== 'undefined' && process.version) {
-            info.runtime = 'node';
-            info.runtimeVersion = process.version;
-            info.os = process.platform;
-            info.arch = process.arch;
-            info.device = 'server';
-        } else if (typeof window !== 'undefined' && window.navigator) {
-            const ua = window.navigator.userAgent.toLowerCase();
-
-            // Basic OS detection
-            if (ua.includes('windows')) info.os = 'windows';
-            else if (ua.includes('mac')) info.os = 'macos';
-            else if (ua.includes('linux')) info.os = 'linux';
-            else if (ua.includes('android')) info.os = 'android';
-            else if (ua.includes('ios') || ua.includes('iphone') || ua.includes('ipad')) info.os = 'ios';
-
-            // Basic Device Type
-            if (/mobi|android|touch|mini/i.test(ua)) info.device = 'mobile';
-            if (/tablet|ipad/i.test(ua)) info.device = 'tablet';
-
-            // Basic Runtime (Browser)
-            if (ua.includes('firefox')) info.runtime = 'firefox';
-            else if (ua.includes('edg/')) info.runtime = 'edge';
-            else if (ua.includes('chrome')) info.runtime = 'chrome';
-            else if (ua.includes('safari')) info.runtime = 'safari';
-        }
-    } catch (e) {
-        // Ignore context extraction errors
-    }
-
-    return info;
-}

package/src/utils/events.ts

@@ -1,71 +0,0 @@
-/**
- * Lightweight EventEmitter for TenxyteClient.
- * Provides `.on`, `.once`, `.off`, and `.emit`.
- */
-export class EventEmitter<Events extends Record<string, any>> {
-    private events: Map<keyof Events, Array<Function>>;
-
-    constructor() {
-        this.events = new Map();
-    }
-
-    /**
-     * Subscribe to an event.
-     * @param event The event name
-     * @param callback The callback function
-     * @returns Unsubscribe function
-     */
-    on<K extends keyof Events>(event: K, callback: (payload: Events[K]) => void): () => void {
-        if (!this.events.has(event)) {
-            this.events.set(event, []);
-        }
-        this.events.get(event)!.push(callback);
-        return () => this.off(event, callback);
-    }
-
-    /**
-     * Unsubscribe from an event.
-     * @param event The event name
-     * @param callback The exact callback function that was passed to .on()
-     */
-    off<K extends keyof Events>(event: K, callback: (payload: Events[K]) => void): void {
-        const callbacks = this.events.get(event);
-        if (!callbacks) return;
-        const index = callbacks.indexOf(callback);
-        if (index !== -1) {
-            callbacks.splice(index, 1);
-        }
-    }
-
-    /**
-     * Subscribe to an event exactly once.
-     */
-    once<K extends keyof Events>(event: K, callback: (payload: Events[K]) => void): () => void {
-        const wrapped = (payload: Events[K]) => {
-            this.off(event, wrapped);
-            callback(payload);
-        };
-        return this.on(event, wrapped);
-    }
-
-    /**
-     * Emit an event internally.
-     */
-    emit<K extends keyof Events>(event: K, payload: Events[K]): void {
-        const callbacks = this.events.get(event);
-        if (!callbacks) return;
-        // Copy array to prevent mutation issues during emission
-        const copy = [...callbacks];
-        for (const callback of copy) {
-            try {
-                callback(payload);
-            } catch (err) {
-                console.error(`[Tenxyte EventEmitter] Error executing callback for event ${String(event)}`, err);
-            }
-        }
-    }
-
-    removeAllListeners(): void {
-        this.events.clear();
-    }
-}

package/src/utils/jwt.ts

@@ -1,51 +0,0 @@
-export interface DecodedTenxyteToken {
-    exp?: number;
-    iat?: number;
-    sub?: string;
-    roles?: string[];
-    permissions?: string[];
-    [key: string]: any;
-}
-
-/**
- * Decodes the payload of a JWT without verifying the signature.
- * Suitable for client-side routing and UI state.
- */
-export function decodeJwt(token: string): DecodedTenxyteToken | null {
-    try {
-        const parts = token.split('.');
-        if (parts.length !== 3) {
-            return null;
-        }
-
-        let base64Url = parts[1];
-        if (!base64Url) return null;
-
-        let base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
-
-        // Pad with standard base64 padding
-        while (base64.length % 4) {
-            base64 += '=';
-        }
-
-        const isBrowser = typeof window !== 'undefined' && typeof window.atob === 'function';
-        let jsonPayload: string;
-
-        if (isBrowser) {
-            // Browser decode
-            jsonPayload = decodeURIComponent(
-                window.atob(base64)
-                    .split('')
-                    .map((c) => '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2))
-                    .join('')
-            );
-        } else {
-            // Node.js decode
-            jsonPayload = Buffer.from(base64, 'base64').toString('utf8');
-        }
-
-        return JSON.parse(jsonPayload);
-    } catch (e) {
-        return null;
-    }
-}

package/tests/http.test.ts

@@ -1,144 +0,0 @@
-import { describe, it, expect, vi, beforeEach } from 'vitest';
-import { TenxyteHttpClient } from '../src/http/client';
-import { MemoryStorage } from '../src/storage';
-import { createAuthInterceptor, createRefreshInterceptor } from '../src/http/interceptors';
-
-// Mock global fetch
-const mockFetch = vi.fn();
-global.fetch = mockFetch;
-
-describe('TenxyteHttpClient', () => {
-    let client: TenxyteHttpClient;
-    let storage: MemoryStorage;
-
-    beforeEach(() => {
-        mockFetch.mockReset();
-        storage = new MemoryStorage();
-        client = new TenxyteHttpClient({ baseUrl: 'https://api.tenxyte.com/v1' });
-    });
-
-    describe('Core HTTP', () => {
-        it('should format URL correctly and apply default headers', async () => {
-            mockFetch.mockResolvedValueOnce({
-                ok: true,
-                status: 200,
-                headers: new Headers({ 'content-type': 'application/json' }),
-                json: () => Promise.resolve({ data: 'ok' })
-            } as any);
-
-            const res = await client.get<{ data: string }>('/users', { params: { limit: 10 } });
-
-            expect(res.data).toBe('ok');
-            expect(mockFetch).toHaveBeenCalledWith('https://api.tenxyte.com/v1/users?limit=10', expect.objectContaining({
-                method: 'GET',
-                headers: expect.objectContaining({
-                    'Content-Type': 'application/json',
-                    'Accept': 'application/json'
-                })
-            }));
-        });
-
-        it('should throw normalized TenxyteError on failure', async () => {
-            mockFetch.mockResolvedValueOnce({
-                ok: false,
-                status: 400,
-                headers: new Headers({ 'content-type': 'application/json' }),
-                json: () => Promise.resolve({ error: 'Bad data', code: 'INVALID_CREDENTIALS', details: { email: ['invalid'] } })
-            } as any);
-
-            await expect(client.post('/auth/login', { bad: true })).rejects.toMatchObject({
-                error: 'Bad data',
-                code: 'INVALID_CREDENTIALS',
-                details: { email: ['invalid'] }
-            });
-        });
-
-        it('should handle 204 No Content correctly without parsing JSON', async () => {
-            mockFetch.mockResolvedValueOnce({
-                ok: true,
-                status: 204,
-                headers: new Headers()
-            } as any);
-
-            const res = await client.delete('/users/1');
-            expect(res).toEqual({});
-        });
-    });
-
-    describe('Interceptors', () => {
-        it('should inject Authorization and Context headers', async () => {
-            storage.setItem('tx_access', 'jwt.token.123');
-            const authInterceptor = createAuthInterceptor(storage, { activeOrgSlug: 'tenxyte-labs', agentTraceId: 'trc_999' });
-            client.addRequestInterceptor(authInterceptor);
-
-            mockFetch.mockResolvedValueOnce({
-                ok: true,
-                status: 200,
-                headers: new Headers({ 'content-type': 'application/json' }),
-                json: () => Promise.resolve({ ok: true })
-            } as any);
-
-            await client.get('/me');
-            expect(mockFetch).toHaveBeenCalledWith('https://api.tenxyte.com/v1/me', expect.objectContaining({
-                headers: expect.objectContaining({
-                    Authorization: 'Bearer jwt.token.123',
-                    'X-Org-Slug': 'tenxyte-labs',
-                    'X-Prompt-Trace-ID': 'trc_999'
-                })
-            }));
-        });
-
-        it('should seamlessly refresh token on 401', async () => {
-            storage.setItem('tx_access', 'expired.token');
-            storage.setItem('tx_refresh', 'valid.refresh.token');
-
-            const onSessionExpired = vi.fn();
-            const authInterceptor = createAuthInterceptor(storage, { activeOrgSlug: null, agentTraceId: null });
-            const refreshInterceptor = createRefreshInterceptor(client, storage, onSessionExpired);
-
-            client.addRequestInterceptor(authInterceptor);
-            client.addResponseInterceptor(refreshInterceptor);
-
-            // 1. Initial request gets 401
-            // 2. Interceptor triggers refresh (/auth/refresh/) returning 200 with new token
-            // 3. Interceptor retries initial request with new token, returning 200
-
-            mockFetch
-                // First fail call '/me' with 401
-                .mockResolvedValueOnce({
-                    ok: false,
-                    status: 401,
-                    headers: new Headers(),
-                    json: () => Promise.resolve({ error: 'Token expired', code: 'TOKEN_EXPIRED' })
-                } as any)
-                // Refresh call '/auth/refresh/' succeeds
-                .mockResolvedValueOnce({
-                    ok: true,
-                    status: 200,
-                    headers: new Headers({ 'content-type': 'application/json' }),
-                    json: () => Promise.resolve({ access: 'new.access', refresh: 'new.refresh' })
-                } as any)
-                // Retry call '/me' succeeds
-                .mockResolvedValueOnce({
-                    ok: true,
-                    status: 200,
-                    headers: new Headers({ 'content-type': 'application/json' }),
-                    json: () => Promise.resolve({ id: 1, name: 'Bob' })
-                } as any);
-
-            const res = await client.get('/me');
-
-            expect(res).toEqual({ id: 1, name: 'Bob' });
-            expect(storage.getItem('tx_access')).toBe('new.access');
-            expect(storage.getItem('tx_refresh')).toBe('new.refresh');
-            expect(mockFetch).toHaveBeenCalledTimes(3);
-
-            // Verify the retry request had the NEW token!
-            expect(mockFetch).toHaveBeenNthCalledWith(3, 'https://api.tenxyte.com/v1/me', expect.objectContaining({
-                headers: expect.objectContaining({
-                    Authorization: 'Bearer new.access'
-                })
-            }));
-        });
-    });
-});

package/tests/modules/auth.test.ts

@@ -1,93 +0,0 @@
-import { describe, it, expect, vi, beforeEach } from 'vitest';
-import { AuthModule } from '../../src/modules/auth';
-import { TenxyteHttpClient } from '../../src/http/client';
-
-describe('AuthModule', () => {
-    let client: TenxyteHttpClient;
-    let auth: AuthModule;
-
-    beforeEach(() => {
-        client = new TenxyteHttpClient({ baseUrl: 'http://localhost:8000' });
-        auth = new AuthModule(client);
-
-        // Mock the underlying request method
-        vi.spyOn(client, 'request').mockImplementation(async () => {
-            return {};
-        });
-    });
-
-    it('loginWithEmail should POST to /api/v1/auth/login/email/', async () => {
-        const mockResponse = { access_token: 'acc', refresh_token: 'ref', token_type: 'Bearer', expires_in: 3600, device_summary: null };
-        vi.mocked(client.request).mockResolvedValueOnce(mockResponse);
-
-        const data = { email: 'test@example.com', password: 'password123' };
-        const result = await auth.loginWithEmail(data);
-
-        expect(client.request).toHaveBeenCalledWith('/api/v1/auth/login/email/', {
-            method: 'POST',
-            body: data,
-        });
-        expect(result).toEqual(mockResponse);
-    });
-
-    it('logout should POST to /api/v1/auth/logout/ with refresh_token', async () => {
-        vi.mocked(client.request).mockResolvedValueOnce(undefined);
-
-        await auth.logout('some_refresh_token');
-
-        expect(client.request).toHaveBeenCalledWith('/api/v1/auth/logout/', {
-            method: 'POST',
-            body: { refresh_token: 'some_refresh_token' },
-        });
-    });
-
-    it('requestMagicLink should POST to /api/v1/auth/magic-link/request/', async () => {
-        vi.mocked(client.request).mockResolvedValueOnce(undefined);
-
-        const data = { email: 'magic@example.com' };
-        await auth.requestMagicLink(data);
-
-        expect(client.request).toHaveBeenCalledWith('/api/v1/auth/magic-link/request/', {
-            method: 'POST',
-            body: data,
-        });
-    });
-
-    it('verifyMagicLink should GET from /api/v1/auth/magic-link/verify/ with token in query', async () => {
-        const mockResponse = { access_token: 'acc' };
-        vi.mocked(client.request).mockResolvedValueOnce(mockResponse);
-
-        const result = await auth.verifyMagicLink('magic_token_123');
-
-        expect(client.request).toHaveBeenCalledWith('/api/v1/auth/magic-link/verify/', {
-            method: 'GET',
-            params: { token: 'magic_token_123' },
-        });
-        expect(result).toEqual(mockResponse);
-    });
-
-    it('loginWithSocial should POST to /api/v1/auth/social/:provider/', async () => {
-        const mockResponse = { access_token: 'acc' };
-        vi.mocked(client.request).mockResolvedValueOnce(mockResponse);
-
-        const data = { access_token: 'google_token' };
-        const result = await auth.loginWithSocial('google', data);
-
-        expect(client.request).toHaveBeenCalledWith('/api/v1/auth/social/google/', {
-            method: 'POST',
-            body: data,
-        });
-        expect(result).toEqual(mockResponse);
-    });
-
-    it('handleSocialCallback should GET from callback endpoint with correct params', async () => {
-        vi.mocked(client.request).mockResolvedValueOnce({ access_token: 'acc' });
-
-        await auth.handleSocialCallback('github', 'auth_code', 'http://localhost/callback');
-
-        expect(client.request).toHaveBeenCalledWith('/api/v1/auth/social/github/callback/', {
-            method: 'GET',
-            params: { code: 'auth_code', redirect_uri: 'http://localhost/callback' },
-        });
-    });
-});