@uniformdev/mesh-sdk 20.50.2-alpha.2 → 20.50.2-alpha.77

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/dist/index.d.mts +412 -20
  2. package/dist/index.d.ts +412 -20
  3. package/dist/index.esm.js +191 -51
  4. package/dist/index.js +193 -51
  5. package/dist/index.mjs +191 -51
  6. package/package.json +8 -8
package/dist/index.mjs CHANGED
@@ -4,10 +4,112 @@ var __typeError = (msg) => {
4
4
  var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
5
5
  var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
6
6
  var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
7
+ var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
8
+ var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
9
+
10
+ // src/clients/DelegationTokenClient.ts
11
+ var DelegationTokenError = class extends Error {
12
+ constructor(status, kind, publicMessage) {
13
+ super(publicMessage);
14
+ this.name = "DelegationTokenError";
15
+ this.status = status;
16
+ this.kind = kind;
17
+ }
18
+ };
19
+ var PUBLIC_MESSAGES = {
20
+ bad_request: "Token exchange request was rejected as invalid",
21
+ unauthenticated: "Token exchange authentication failed",
22
+ forbidden: "Token exchange forbidden by server",
23
+ not_found: "Token exchange target was not found",
24
+ rate_limited: "Token exchange rate limit exceeded",
25
+ server_error: "Token exchange server error",
26
+ unknown: "Token exchange failed"
27
+ };
28
+ function classifyDelegationTokenStatus(status) {
29
+ if (status === 400) {
30
+ return "bad_request";
31
+ }
32
+ if (status === 401) {
33
+ return "unauthenticated";
34
+ }
35
+ if (status === 403) {
36
+ return "forbidden";
37
+ }
38
+ if (status === 404) {
39
+ return "not_found";
40
+ }
41
+ if (status === 429) {
42
+ return "rate_limited";
43
+ }
44
+ if (status >= 500) {
45
+ return "server_error";
46
+ }
47
+ return "unknown";
48
+ }
49
+ function buildDelegationTokenError(status) {
50
+ const kind = classifyDelegationTokenStatus(status);
51
+ return new DelegationTokenError(status, kind, PUBLIC_MESSAGES[kind]);
52
+ }
53
+ var _options, _DelegationTokenClient_instances, post_fn;
54
+ var DelegationTokenClient = class {
55
+ constructor(options) {
56
+ __privateAdd(this, _DelegationTokenClient_instances);
57
+ __privateAdd(this, _options);
58
+ __privateSet(this, _options, options);
59
+ }
60
+ /**
61
+ * Exchanges a short-lived session token for a delegation token and refresh token.
62
+ * The session token is obtained by the integration's frontend via `sdk.getSessionToken()`.
63
+ *
64
+ * @deprecated This beta identity delegation API may change with breaking changes.
65
+ */
66
+ async exchangeSessionToken(sessionToken) {
67
+ return __privateMethod(this, _DelegationTokenClient_instances, post_fn).call(this, {
68
+ grant_type: "delegation_token",
69
+ sessionToken,
70
+ integrationId: __privateGet(this, _options).integrationId,
71
+ integrationSecret: __privateGet(this, _options).integrationSecret
72
+ });
73
+ }
74
+ /**
75
+ * Exchanges a refresh token for a new delegation token and a new refresh token.
76
+ *
77
+ * Replay posture: refresh tokens are bearer credentials that are valid until
78
+ * their server-side expiry. They are NOT single-use — a captured refresh token can be
79
+ * replayed by an attacker that also has the integration secret until it expires.
80
+ * Single-use enforcement (refresh-token storage, family/jti tracking, replay revocation)
81
+ * is tracked in `UNI-9279`.
82
+ *
83
+ * @deprecated This beta identity delegation API may change with breaking changes.
84
+ */
85
+ async refreshDelegationToken(refreshToken) {
86
+ return __privateMethod(this, _DelegationTokenClient_instances, post_fn).call(this, {
87
+ grant_type: "refresh_token",
88
+ refreshToken,
89
+ integrationId: __privateGet(this, _options).integrationId,
90
+ integrationSecret: __privateGet(this, _options).integrationSecret
91
+ });
92
+ }
93
+ };
94
+ _options = new WeakMap();
95
+ _DelegationTokenClient_instances = new WeakSet();
96
+ post_fn = async function(body) {
97
+ const url = `${__privateGet(this, _options).apiHost}/api/v1/token`;
98
+ const response = await fetch(url, {
99
+ method: "POST",
100
+ headers: { "Content-Type": "application/json" },
101
+ body: JSON.stringify(body)
102
+ });
103
+ if (!response.ok) {
104
+ await response.text().catch(() => "");
105
+ throw buildDelegationTokenError(response.status);
106
+ }
107
+ return await response.json();
108
+ };
7
109
 
8
110
  // src/clients/IntegrationDefinitionClient.ts
9
111
  import { ApiClient } from "@uniformdev/context/api";
10
- var _url;
112
+ var _url, _credentialsUrl;
11
113
  var _IntegrationDefinitionClient = class _IntegrationDefinitionClient extends ApiClient {
12
114
  constructor(options) {
13
115
  super(options);
@@ -18,7 +120,7 @@ var _IntegrationDefinitionClient = class _IntegrationDefinitionClient extends Ap
18
120
  const fetchUri = this.createUrl(__privateGet(_IntegrationDefinitionClient, _url), { ...options, teamId });
19
121
  return await this.apiClient(fetchUri);
20
122
  }
21
- /** Creates or updates a mesh app definition on a team */
123
+ /** Creates or updates a mesh app definition on a team. Identity-delegation credentials must be minted separately via {@link rotateCredential}. */
22
124
  async upsert(body) {
23
125
  const fetchUri = this.createUrl(__privateGet(_IntegrationDefinitionClient, _url));
24
126
  return await this.apiClient(fetchUri, {
@@ -35,9 +137,37 @@ var _IntegrationDefinitionClient = class _IntegrationDefinitionClient extends Ap
35
137
  expectNoContent: true
36
138
  });
37
139
  }
140
+ /**
141
+ * Mints or rotates an identity-delegation credential for an integration definition. The plaintext
142
+ * `appSecret` is returned exactly once and is not retrievable afterwards — Uniform stores only
143
+ * the hash. A successful response invalidates any previously-issued secret of the same kind.
144
+ * Caller must be a team admin.
145
+ */
146
+ async rotateCredential(body) {
147
+ const fetchUri = this.createUrl(__privateGet(_IntegrationDefinitionClient, _credentialsUrl));
148
+ return await this.apiClient(fetchUri, {
149
+ method: "POST",
150
+ body: JSON.stringify({ ...body, teamId: this.options.teamId })
151
+ });
152
+ }
153
+ /**
154
+ * Revokes an identity-delegation credential. Future delegation grants and refreshes will fail
155
+ * until a new credential is minted; in-flight delegation tokens remain valid until natural
156
+ * expiry (up to ~15 minutes). Caller must be a team admin.
157
+ */
158
+ async revokeCredential(body) {
159
+ const fetchUri = this.createUrl(__privateGet(_IntegrationDefinitionClient, _credentialsUrl));
160
+ await this.apiClient(fetchUri, {
161
+ method: "DELETE",
162
+ body: JSON.stringify({ ...body, teamId: this.options.teamId }),
163
+ expectNoContent: true
164
+ });
165
+ }
38
166
  };
39
167
  _url = new WeakMap();
168
+ _credentialsUrl = new WeakMap();
40
169
  __privateAdd(_IntegrationDefinitionClient, _url, "/api/v1/integration-definitions");
170
+ __privateAdd(_IntegrationDefinitionClient, _credentialsUrl, "/api/v1/integration-credentials");
41
171
  var IntegrationDefinitionClient = _IntegrationDefinitionClient;
42
172
 
43
173
  // src/clients/IntegrationInstallationClient.ts
@@ -131,7 +261,7 @@ var getLogger = (prefix, debug) => {
131
261
  };
132
262
 
133
263
  // src/temp/version.ts
134
- var UNIFORM_MESH_SDK_VERSION = "20.50.1";
264
+ var UNIFORM_MESH_SDK_VERSION = "20.61.1";
135
265
 
136
266
  // src/framepost/constants.ts
137
267
  var DEFAULT_REQUEST_TIMEOUT = 5e3;
@@ -488,56 +618,63 @@ async function connectToParent({
488
618
  });
489
619
  client.onRequest("metadata-value", onMetadataUpdated);
490
620
  client.onRequest("external-value-update", onValueExternallyUpdated);
491
- return {
492
- initData,
493
- parent: {
494
- resize: async ({ height }) => {
495
- await client.request("resize", { height });
496
- },
497
- setValue: async (value) => {
498
- await client.request("setValue", value);
499
- },
500
- openDialog: async (message) => {
501
- const res = await client.request(
502
- "openDialog",
503
- message
504
- );
505
- const dialogId = res == null ? void 0 : res.dialogId;
506
- if (!dialogId) {
507
- return;
508
- }
509
- return new Promise((resolve, reject) => {
510
- dialogResponseHandlers[dialogId] = { resolve, reject };
511
- });
512
- },
513
- closeDialog: async (message) => {
514
- await client.request("closeDialog", message);
515
- },
516
- getDataResource: async (message) => {
517
- return await client.request("getDataResource", message, {
518
- timeout: 3e4
519
- });
520
- },
521
- navigate: async (message) => {
522
- await client.request("navigate", message);
523
- },
524
- reloadLocation: async () => {
525
- await client.request("reload");
526
- },
527
- editConnectedData: async (message) => {
528
- return await client.request(
529
- "editConnectedData",
530
- message,
531
- {
532
- timeout: (
533
- // 24 hours in ms
534
- 864e5
535
- )
536
- }
537
- );
621
+ const parent = {
622
+ resize: async ({ height }) => {
623
+ await client.request("resize", { height });
624
+ },
625
+ setValue: async (value) => {
626
+ await client.request("setValue", value);
627
+ },
628
+ openDialog: async (message) => {
629
+ const res = await client.request(
630
+ "openDialog",
631
+ message
632
+ );
633
+ const dialogId = res == null ? void 0 : res.dialogId;
634
+ if (!dialogId) {
635
+ return;
538
636
  }
637
+ return new Promise((resolve, reject) => {
638
+ dialogResponseHandlers[dialogId] = { resolve, reject };
639
+ });
640
+ },
641
+ closeDialog: async (message) => {
642
+ await client.request("closeDialog", message);
643
+ },
644
+ getDataResource: async (message) => {
645
+ return await client.request("getDataResource", message, {
646
+ timeout: 3e4
647
+ });
648
+ },
649
+ navigate: async (message) => {
650
+ await client.request("navigate", message);
651
+ },
652
+ reloadLocation: async () => {
653
+ await client.request("reload");
654
+ },
655
+ editConnectedData: async (message) => {
656
+ return await client.request(
657
+ "editConnectedData",
658
+ message,
659
+ {
660
+ timeout: (
661
+ // 24 hours in ms
662
+ 864e5
663
+ )
664
+ }
665
+ );
666
+ },
667
+ getSessionToken: async () => {
668
+ return await client.request("getSessionToken", void 0, {
669
+ // Delegation may wait on consent UI + token API; default framepost timeout (5s) is too short.
670
+ timeout: 12e4
671
+ });
539
672
  }
540
673
  };
674
+ return {
675
+ initData,
676
+ parent
677
+ };
541
678
  }
542
679
 
543
680
  // src/sdkWindow.ts
@@ -816,7 +953,8 @@ async function initializeUniformMeshSDK({
816
953
  },
817
954
  closeCurrentLocationDialog: async () => {
818
955
  await parent.closeDialog({ dialogId: void 0, dialogType: "currentLocation" });
819
- }
956
+ },
957
+ getSessionToken: () => parent.getSessionToken()
820
958
  };
821
959
  window.UniformMeshSDK = sdk;
822
960
  initializing = false;
@@ -838,6 +976,8 @@ var hasRole = (role, user) => {
838
976
  return user.roles.some((userRole) => userRole.name === role || userRole.id === role);
839
977
  };
840
978
  export {
979
+ DelegationTokenClient,
980
+ DelegationTokenError,
841
981
  IntegrationDefinitionClient,
842
982
  IntegrationInstallationClient,
843
983
  functionCallSystemParameters,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@uniformdev/mesh-sdk",
3
- "version": "20.50.2-alpha.2+5f918e9716",
3
+ "version": "20.50.2-alpha.77+51415ad3dd",
4
4
  "description": "Uniform Mesh Framework SDK",
5
5
  "license": "SEE LICENSE IN LICENSE.txt",
6
6
  "main": "./dist/index.js",
@@ -21,10 +21,10 @@
21
21
  "build:setversion": "tsx ./scripts/set-version.ts",
22
22
  "dev": "pnpm update-openapi && pnpm build:setversion && tsup --watch",
23
23
  "clean": "rimraf dist",
24
- "lint": "eslint \"src/**/*.{js,ts,tsx}\"",
25
24
  "format": "prettier --write \"src/**/*.{js,ts,tsx}\"",
25
+ "test": "vitest run",
26
26
  "update-openapi": "tsx ./scripts/update-openapi.cts",
27
- "document:prebuild": "api-extractor run --local"
27
+ "apidocs-extract": "api-extractor run --local"
28
28
  },
29
29
  "files": [
30
30
  "/dist"
@@ -33,10 +33,10 @@
33
33
  "access": "public"
34
34
  },
35
35
  "dependencies": {
36
- "@uniformdev/assets": "20.50.2-alpha.2+5f918e9716",
37
- "@uniformdev/canvas": "20.50.2-alpha.2+5f918e9716",
38
- "@uniformdev/context": "20.50.2-alpha.2+5f918e9716",
39
- "@uniformdev/project-map": "20.50.2-alpha.2+5f918e9716",
36
+ "@uniformdev/assets": "20.50.2-alpha.77+51415ad3dd",
37
+ "@uniformdev/canvas": "20.50.2-alpha.77+51415ad3dd",
38
+ "@uniformdev/context": "20.50.2-alpha.77+51415ad3dd",
39
+ "@uniformdev/project-map": "20.50.2-alpha.77+51415ad3dd",
40
40
  "imagesloaded": "^5.0.0",
41
41
  "mitt": "^3.0.1"
42
42
  },
@@ -44,5 +44,5 @@
44
44
  "@types/imagesloaded": "^4.1.2",
45
45
  "openai": "4.94.0"
46
46
  },
47
- "gitHead": "5f918e9716a4e8b9af3bfefa881a5a569e54b279"
47
+ "gitHead": "51415ad3ddc2e973a8c52fc4116df82182f9c44b"
48
48
  }