@uniformdev/mesh-sdk 20.50.2-alpha.9 → 20.50.2-alpha.96

package/dist/index.mjs

@@ -4,10 +4,112 @@ var __typeError = (msg) => {
 var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
 var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
 var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
+var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
+var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
+
+// src/clients/DelegationTokenClient.ts
+var DelegationTokenError = class extends Error {
+  constructor(status, kind, publicMessage) {
+    super(publicMessage);
+    this.name = "DelegationTokenError";
+    this.status = status;
+    this.kind = kind;
+  }
+};
+var PUBLIC_MESSAGES = {
+  bad_request: "Token exchange request was rejected as invalid",
+  unauthenticated: "Token exchange authentication failed",
+  forbidden: "Token exchange forbidden by server",
+  not_found: "Token exchange target was not found",
+  rate_limited: "Token exchange rate limit exceeded",
+  server_error: "Token exchange server error",
+  unknown: "Token exchange failed"
+};
+function classifyDelegationTokenStatus(status) {
+  if (status === 400) {
+    return "bad_request";
+  }
+  if (status === 401) {
+    return "unauthenticated";
+  }
+  if (status === 403) {
+    return "forbidden";
+  }
+  if (status === 404) {
+    return "not_found";
+  }
+  if (status === 429) {
+    return "rate_limited";
+  }
+  if (status >= 500) {
+    return "server_error";
+  }
+  return "unknown";
+}
+function buildDelegationTokenError(status) {
+  const kind = classifyDelegationTokenStatus(status);
+  return new DelegationTokenError(status, kind, PUBLIC_MESSAGES[kind]);
+}
+var _options, _DelegationTokenClient_instances, post_fn;
+var DelegationTokenClient = class {
+  constructor(options) {
+    __privateAdd(this, _DelegationTokenClient_instances);
+    __privateAdd(this, _options);
+    __privateSet(this, _options, options);
+  }
+  /**
+   * Exchanges a short-lived session token for a delegation token and refresh token.
+   * The session token is obtained by the integration's frontend via `sdk.getSessionToken()`.
+   *
+   * @deprecated This beta identity delegation API may change with breaking changes.
+   */
+  async exchangeSessionToken(sessionToken) {
+    return __privateMethod(this, _DelegationTokenClient_instances, post_fn).call(this, {
+      grant_type: "delegation_token",
+      sessionToken,
+      integrationId: __privateGet(this, _options).integrationId,
+      integrationSecret: __privateGet(this, _options).integrationSecret
+    });
+  }
+  /**
+   * Exchanges a refresh token for a new delegation token and a new refresh token.
+   *
+   * Replay posture: refresh tokens are bearer credentials that are valid until
+   * their server-side expiry. They are NOT single-use — a captured refresh token can be
+   * replayed by an attacker that also has the integration secret until it expires.
+   * Single-use enforcement (refresh-token storage, family/jti tracking, replay revocation)
+   * is tracked in `UNI-9279`.
+   *
+   * @deprecated This beta identity delegation API may change with breaking changes.
+   */
+  async refreshDelegationToken(refreshToken) {
+    return __privateMethod(this, _DelegationTokenClient_instances, post_fn).call(this, {
+      grant_type: "refresh_token",
+      refreshToken,
+      integrationId: __privateGet(this, _options).integrationId,
+      integrationSecret: __privateGet(this, _options).integrationSecret
+    });
+  }
+};
+_options = new WeakMap();
+_DelegationTokenClient_instances = new WeakSet();
+post_fn = async function(body) {
+  const url = `${__privateGet(this, _options).apiHost}/api/v1/token`;
+  const response = await fetch(url, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body)
+  });
+  if (!response.ok) {
+    await response.text().catch(() => "");
+    throw buildDelegationTokenError(response.status);
+  }
+  return await response.json();
+};
 
 // src/clients/IntegrationDefinitionClient.ts
 import { ApiClient } from "@uniformdev/context/api";
-var _url;
+var _url, _credentialsUrl;
 var _IntegrationDefinitionClient = class _IntegrationDefinitionClient extends ApiClient {
   constructor(options) {
     super(options);
@@ -18,7 +120,7 @@ var _IntegrationDefinitionClient = class _IntegrationDefinitionClient extends Ap
     const fetchUri = this.createUrl(__privateGet(_IntegrationDefinitionClient, _url), { ...options, teamId });
     return await this.apiClient(fetchUri);
   }
-  /** Creates or updates a mesh app definition on a team */
+  /** Creates or updates a mesh app definition on a team. Identity-delegation credentials must be minted separately via {@link rotateCredential}. */
   async upsert(body) {
     const fetchUri = this.createUrl(__privateGet(_IntegrationDefinitionClient, _url));
     return await this.apiClient(fetchUri, {
@@ -35,9 +137,37 @@ var _IntegrationDefinitionClient = class _IntegrationDefinitionClient extends Ap
       expectNoContent: true
     });
   }
+  /**
+   * Mints or rotates an identity-delegation credential for an integration definition. The plaintext
+   * `appSecret` is returned exactly once and is not retrievable afterwards — Uniform stores only
+   * the hash. A successful response invalidates any previously-issued secret of the same kind.
+   * Caller must be a team admin.
+   */
+  async rotateCredential(body) {
+    const fetchUri = this.createUrl(__privateGet(_IntegrationDefinitionClient, _credentialsUrl));
+    return await this.apiClient(fetchUri, {
+      method: "POST",
+      body: JSON.stringify({ ...body, teamId: this.options.teamId })
+    });
+  }
+  /**
+   * Revokes an identity-delegation credential. Future delegation grants and refreshes will fail
+   * until a new credential is minted; in-flight delegation tokens remain valid until natural
+   * expiry (up to ~15 minutes). Caller must be a team admin.
+   */
+  async revokeCredential(body) {
+    const fetchUri = this.createUrl(__privateGet(_IntegrationDefinitionClient, _credentialsUrl));
+    await this.apiClient(fetchUri, {
+      method: "DELETE",
+      body: JSON.stringify({ ...body, teamId: this.options.teamId }),
+      expectNoContent: true
+    });
+  }
 };
 _url = new WeakMap();
+_credentialsUrl = new WeakMap();
 __privateAdd(_IntegrationDefinitionClient, _url, "/api/v1/integration-definitions");
+__privateAdd(_IntegrationDefinitionClient, _credentialsUrl, "/api/v1/integration-credentials");
 var IntegrationDefinitionClient = _IntegrationDefinitionClient;
 
 // src/clients/IntegrationInstallationClient.ts
@@ -131,7 +261,7 @@ var getLogger = (prefix, debug) => {
 };
 
 // src/temp/version.ts
-var UNIFORM_MESH_SDK_VERSION = "20.50.1";
+var UNIFORM_MESH_SDK_VERSION = "20.63.0";
 
 // src/framepost/constants.ts
 var DEFAULT_REQUEST_TIMEOUT = 5e3;
@@ -488,159 +618,63 @@ async function connectToParent({
   });
   client.onRequest("metadata-value", onMetadataUpdated);
   client.onRequest("external-value-update", onValueExternallyUpdated);
-  return {
-    initData,
-    parent: {
-      resize: async ({ height }) => {
-        await client.request("resize", { height });
-      },
-      setValue: async (value) => {
-        await client.request("setValue", value);
-      },
-      openDialog: async (message) => {
-        const res = await client.request(
-          "openDialog",
-          message
-        );
-        const dialogId = res == null ? void 0 : res.dialogId;
-        if (!dialogId) {
-          return;
-        }
-        return new Promise((resolve, reject) => {
-          dialogResponseHandlers[dialogId] = { resolve, reject };
-        });
-      },
-      closeDialog: async (message) => {
-        await client.request("closeDialog", message);
-      },
-      getDataResource: async (message) => {
-        return await client.request("getDataResource", message, {
-          timeout: 3e4
-        });
-      },
-      navigate: async (message) => {
-        await client.request("navigate", message);
-      },
-      reloadLocation: async () => {
-        await client.request("reload");
-      },
-      editConnectedData: async (message) => {
-        return await client.request(
-          "editConnectedData",
-          message,
-          {
-            timeout: (
-              // 24 hours in ms
-              864e5
-            )
-          }
-        );
-      },
-      editorState: createEditorStateApi(client)
-    }
-  };
-}
-function createEditorStateApi(client) {
-  let cachedRootNodeId;
-  return {
-    async getRootNodeId() {
-      if (cachedRootNodeId) {
-        return cachedRootNodeId;
-      }
-      const result = await client.request("editorState.getRootNodeId");
-      cachedRootNodeId = result;
-      return result;
-    },
-    // Read operations
-    async exportTree(params) {
-      const result = await client.request("editorState.exportTree", params);
-      cachedRootNodeId != null ? cachedRootNodeId : cachedRootNodeId = result == null ? void 0 : result._id;
-      return result;
-    },
-    async exportSubtree(params) {
-      return await client.request("editorState.exportSubtree", params);
-    },
-    async exportMetadata() {
-      return await client.request("editorState.exportMetadata");
-    },
-    async exportRootNodeMetadata() {
-      return await client.request("editorState.exportRootNodeMetadata");
-    },
-    async getNodeById(params) {
-      return await client.request("editorState.getNodeById", params);
-    },
-    async getNodeChildren(params) {
-      return await client.request("editorState.getNodeChildren", params);
-    },
-    async getNodeProperty(params) {
-      return await client.request("editorState.getNodeProperty", params);
-    },
-    async getNodeProperties(params) {
-      return await client.request("editorState.getNodeProperties", params);
-    },
-    async getParentInfo(params) {
-      return await client.request("editorState.getParentInfo", params);
+  const parent = {
+    resize: async ({ height }) => {
+      await client.request("resize", { height });
     },
-    // Selection
-    async getSelectedNodeId() {
-      return await client.request("editorState.getSelectedNodeId");
+    setValue: async (value) => {
+      await client.request("setValue", value);
     },
-    async setSelectedNodeId(params) {
-      await client.request("editorState.setSelectedNodeId", params);
-    },
-    async getSelectedParameterId() {
-      return await client.request("editorState.getSelectedParameterId");
-    },
-    async setSelectedParameterId(params) {
-      await client.request("editorState.setSelectedParameterId", params);
-    },
-    async getPristine() {
-      return await client.request("editorState.getPristine");
-    },
-    // Write operations
-    async insertNode(params) {
-      return await client.request("editorState.insertNode", params);
-    },
-    async deleteNode(params) {
-      await client.request("editorState.deleteNode", params);
-    },
-    async moveNode(params) {
-      await client.request("editorState.moveNode", params);
-    },
-    async updateNodeProperty(params) {
-      await client.request("editorState.updateNodeProperty", params);
-    },
-    async updateRootMetadata(params) {
-      await client.request("editorState.updateRootMetadata", params);
-    },
-    async updateRootNode(params) {
-      await client.request("editorState.updateRootNode", params);
-    },
-    // Pattern operations
-    async insertPattern(params) {
-      return await client.request("editorState.insertPattern", params);
+    openDialog: async (message) => {
+      const res = await client.request(
+        "openDialog",
+        message
+      );
+      const dialogId = res == null ? void 0 : res.dialogId;
+      if (!dialogId) {
+        return;
+      }
+      return new Promise((resolve, reject) => {
+        dialogResponseHandlers[dialogId] = { resolve, reject };
+      });
     },
-    async isPatternPropertyOverridden(params) {
-      return await client.request("editorState.isPatternPropertyOverridden", params);
+    closeDialog: async (message) => {
+      await client.request("closeDialog", message);
     },
-    async resetPatternPropertyOverride(params) {
-      await client.request("editorState.resetPatternPropertyOverride", params);
+    getDataResource: async (message) => {
+      return await client.request("getDataResource", message, {
+        timeout: 3e4
+      });
     },
-    // Locale operations
-    async enableLocale(params) {
-      await client.request("editorState.enableLocale", params);
+    navigate: async (message) => {
+      await client.request("navigate", message);
     },
-    async disableLocale(params) {
-      await client.request("editorState.disableLocale", params);
+    reloadLocation: async () => {
+      await client.request("reload");
     },
-    async setCurrentLocale(params) {
-      await client.request("editorState.setCurrentLocale", params);
+    editConnectedData: async (message) => {
+      return await client.request(
+        "editConnectedData",
+        message,
+        {
+          timeout: (
+            // 24 hours in ms
+            864e5
+          )
+        }
+      );
     },
-    // Dynamic input operations
-    async setDynamicInputPreviewValue(params) {
-      await client.request("editorState.setDynamicInputPreviewValue", params);
+    getSessionToken: async () => {
+      return await client.request("getSessionToken", void 0, {
+        // Delegation may wait on consent UI + token API; default framepost timeout (5s) is too short.
+        timeout: 12e4
+      });
     }
   };
+  return {
+    initData,
+    parent
+  };
 }
 
 // src/sdkWindow.ts
@@ -836,8 +870,7 @@ async function initializeUniformMeshSDK({
               sdk.events.emit("onValueChanged", { newValue: value });
               await parent.setValue({ uniformMeshLocationValue: value, closeDialog: true });
             }
-          } : void 0,
-          editorState: parent.editorState
+          } : void 0
         };
         return location;
       },
@@ -920,7 +953,8 @@ async function initializeUniformMeshSDK({
       },
       closeCurrentLocationDialog: async () => {
         await parent.closeDialog({ dialogId: void 0, dialogType: "currentLocation" });
-      }
+      },
+      getSessionToken: () => parent.getSessionToken()
     };
     window.UniformMeshSDK = sdk;
     initializing = false;
@@ -942,6 +976,8 @@ var hasRole = (role, user) => {
   return user.roles.some((userRole) => userRole.name === role || userRole.id === role);
 };
 export {
+  DelegationTokenClient,
+  DelegationTokenError,
   IntegrationDefinitionClient,
   IntegrationInstallationClient,
   functionCallSystemParameters,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@uniformdev/mesh-sdk",
-  "version": "20.50.2-alpha.9+7e214410ae",
+  "version": "20.50.2-alpha.96+3f982d48ba",
   "description": "Uniform Mesh Framework SDK",
   "license": "SEE LICENSE IN LICENSE.txt",
   "main": "./dist/index.js",
@@ -21,10 +21,10 @@
     "build:setversion": "tsx ./scripts/set-version.ts",
     "dev": "pnpm update-openapi && pnpm build:setversion && tsup --watch",
     "clean": "rimraf dist",
-    "lint": "eslint \"src/**/*.{js,ts,tsx}\"",
     "format": "prettier --write \"src/**/*.{js,ts,tsx}\"",
+    "test": "vitest run",
     "update-openapi": "tsx ./scripts/update-openapi.cts",
-    "document:prebuild": "api-extractor run --local"
+    "apidocs-extract": "api-extractor run --local"
   },
   "files": [
     "/dist"
@@ -33,10 +33,10 @@
     "access": "public"
   },
   "dependencies": {
-    "@uniformdev/assets": "20.50.2-alpha.9+7e214410ae",
-    "@uniformdev/canvas": "20.50.2-alpha.9+7e214410ae",
-    "@uniformdev/context": "20.50.2-alpha.9+7e214410ae",
-    "@uniformdev/project-map": "20.50.2-alpha.9+7e214410ae",
+    "@uniformdev/assets": "20.50.2-alpha.96+3f982d48ba",
+    "@uniformdev/canvas": "20.50.2-alpha.96+3f982d48ba",
+    "@uniformdev/context": "20.50.2-alpha.96+3f982d48ba",
+    "@uniformdev/project-map": "20.50.2-alpha.96+3f982d48ba",
     "imagesloaded": "^5.0.0",
     "mitt": "^3.0.1"
   },
@@ -44,5 +44,5 @@
     "@types/imagesloaded": "^4.1.2",
     "openai": "4.94.0"
   },
-  "gitHead": "7e214410ae879d142d1bda328761a38b62179e08"
+  "gitHead": "3f982d48baf7aad200f687938b7f2e7c8796f759"
 }