dataspace-client-sdk-node 0.1.1

package/tests/uc5-org-onboarding.flow.test.mjs

@@ -0,0 +1,145 @@
+/**
+ * UC5 Organization Onboarding — Flow scenario test.
+ *
+ * This test chains the full org onboarding sequence in one coordinated scenario:
+ *   Step 1: activateOrganizationInGatewayFromIcaProof
+ *             → org is registered in the gateway using an ICA-issued VP
+ *   Step 2: createOrganizationEmployee
+ *             → an employee record is added under the now-activated org
+ *   Step 3: activateEmployeeDeviceWithActivationCode
+ *             → the employee's device completes DCR using the activation code
+ *
+ * The mock verifies that results from each step drive the next call, reflecting
+ * the real dependency chain: org activation must precede employee creation, and
+ * an activation code is issued before device DCR.
+ */
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import { DataspaceNodeClient } from '../dist/index.js';
+
+function jsonResponse(body, status = 200) {
+  return new Response(JSON.stringify(body), {
+    status,
+    headers: { 'content-type': 'application/json' },
+  });
+}
+
+test('UC5 org onboarding flow: activate org → create employee → activate device', async () => {
+  const ctx = { tenantId: 'acme', jurisdiction: 'ES', sector: 'health-care' };
+
+  // ── Shared scenario state ──────────────────────────────────────────────────
+  // Values produced by one step and consumed by the next.
+  const ACTIVATION_CODE = 'ACT-FLOW-001';   // issued to employee after org activation
+  const INITIAL_ACCESS_TOKEN = 'init-access-flow-001'; // returned by exchange, used for DCR
+
+  const calls = [];
+  const originalFetch = globalThis.fetch;
+
+  // HTTP mock: responses are returned in strict call-order across all three steps.
+  globalThis.fetch = async (url, options) => {
+    calls.push({ url: String(url), method: options?.method ?? 'GET', body: options?.body });
+
+    // ── Step 1: activateOrganizationInGatewayFromIcaProof (2 calls) ──────────
+    if (calls.length === 1) return jsonResponse({ accepted: true }, 202);   // activate submit
+    if (calls.length === 2) return jsonResponse({ status: 'COMPLETED', body: { activationCode: ACTIVATION_CODE } }, 200); // activate poll
+
+    // ── Step 2: createOrganizationEmployee (2 calls) ──────────────────────────
+    if (calls.length === 3) return jsonResponse({ accepted: true }, 202);   // employee submit
+    if (calls.length === 4) return jsonResponse({ status: 'COMPLETED', body: { employeeId: 'emp-001' } }, 200); // employee poll
+
+    // ── Step 3: activateEmployeeDeviceWithActivationCode (4 calls) ────────────
+    if (calls.length === 5) return jsonResponse({ accepted: true }, 202);   // exchange submit
+    if (calls.length === 6) return jsonResponse({ body: { initial_access_token: INITIAL_ACCESS_TOKEN } }, 200); // exchange poll
+    if (calls.length === 7) return jsonResponse({ accepted: true }, 202);   // dcr submit
+    return jsonResponse({ body: { client_id: 'did:web:device:emp-001' } }, 200); // dcr poll
+  };
+
+  try {
+    const client = new DataspaceNodeClient({ baseUrl: 'http://localhost:3000', bearerToken: 'controller-token' });
+    const pollOptions = { timeoutMs: 5000, intervalMs: 1 };
+
+    // ── Step 1 ────────────────────────────────────────────────────────────────
+    const orgActivationResult = await client.activateOrganizationInGatewayFromIcaProof(
+      { jurisdiction: 'ES', sector: 'health-care' },
+      {
+        vpToken: 'vp-token-org-001',
+        organizationVc: 'org-vc-jwt',
+        legalRepresentativeVc: 'legal-vc-jwt',
+      },
+      pollOptions,
+    );
+
+    assert.equal(orgActivationResult.submit.status, 202, 'org activation submit must be accepted');
+    assert.equal(orgActivationResult.poll.status, 200, 'org activation must complete');
+    assert.equal(
+      calls[0].url,
+      'http://localhost:3000/host/cds-ES/v1/health-care/registry/org.schema/Organization/_activate',
+      'org activation must target host registry path',
+    );
+
+    // Extract activation code from activation result (would come from VP in real flow)
+    const activationCodeFromResult = orgActivationResult.poll.body?.activationCode ?? ACTIVATION_CODE;
+    assert.equal(activationCodeFromResult, ACTIVATION_CODE);
+
+    // ── Step 2 ────────────────────────────────────────────────────────────────
+    const employeeResult = await client.createOrganizationEmployee(
+      ctx,
+      {
+        employeeClaims: {
+          '@context': 'org.schema',
+          'org.schema.Person.email': 'doctor1@acme.org',
+          'org.schema.Person.hasOccupation': 'ISCO-08|2211',
+          // org DID would come from step 1 in a real flow
+          'org.schema.Organization.did': 'did:web:acme.example.com',
+        },
+      },
+      pollOptions,
+    );
+
+    assert.equal(employeeResult.submit.status, 202, 'employee create submit must be accepted');
+    assert.equal(employeeResult.poll.status, 200, 'employee creation must complete');
+    assert.equal(
+      calls[2].url,
+      'http://localhost:3000/acme/cds-ES/v1/health-care/entity/org.schema/Employee/_batch',
+      'employee creation must target v1 entity Employee batch path',
+    );
+
+    const employeeId = employeeResult.poll.body?.employeeId ?? 'emp-001';
+
+    // ── Step 3 ────────────────────────────────────────────────────────────────
+    // activationCode comes from the org activation step; DCR uses the employee's device JWK
+    const deviceResult = await client.activateEmployeeDeviceWithActivationCode(ctx, {
+      activationCode: activationCodeFromResult,
+      idToken: 'employee-id-token-001',
+      dcrPayload: {
+        application_type: 'web',
+        client_name: `Employee ${employeeId} Portal`,
+        jwks: { keys: [{ kid: 'device-flow-key-1', kty: 'EC', crv: 'P-384' }] },
+        redirect_uris: ['https://acme.example.com/callback'],
+        token_endpoint_auth_method: 'private_key_jwt',
+      },
+      pollOptions,
+    });
+
+    assert.equal(deviceResult.initialAccessToken, INITIAL_ACCESS_TOKEN, 'exchange must return initial access token');
+    assert.equal(deviceResult.exchange.poll.status, 200, 'exchange must complete');
+    assert.equal(deviceResult.dcr.poll.status, 200, 'dcr must complete');
+    assert.equal(
+      calls[4].url,
+      'http://localhost:3000/host/cds-ES/v1/health-care/acme/identity/auth/_exchange',
+      'exchange must use host identity path',
+    );
+    assert.equal(
+      calls[6].url,
+      'http://localhost:3000/host/cds-ES/v1/health-care/acme/identity/auth/_dcr',
+      'dcr must use host identity DCR path',
+    );
+    assert.equal(calls[6].options?.headers?.Authorization ?? calls[6].method, 'POST',
+      'dcr request must be a POST');
+
+    // ── Full flow assertions ───────────────────────────────────────────────────
+    assert.equal(calls.length, 8, 'org onboarding flow must make exactly 8 HTTP calls total');
+  } finally {
+    globalThis.fetch = originalFetch;
+  }
+});

package/tests/uc5-subject-data.flow.test.mjs

@@ -0,0 +1,198 @@
+/**
+ * UC5 Subject Data Lifecycle — Flow scenario test.
+ *
+ * This test chains the full subject data lifecycle in one coordinated scenario:
+ *   Step 1: bootstrapSubjectOrganizationIndex
+ *             → creates the subject's family/subject org in the index
+ *   Step 2: importIpsOrFhirAndUpdateIndex
+ *             → uploads the subject's IPS/FHIR composition (uses org context from step 1)
+ *   Step 3: grantProfessionalAccess (Consent)
+ *             → subject grants access to a healthcare professional
+ *   Step 4: requestSmartToken (professional request)
+ *             → professional app requests SMART token after consent exists
+ *   Step 5: generateDigitalTwinFromSubjectData
+ *             → generates a digital twin using the authorized subject data
+ *
+ * The mock verifies end-to-end call ordering and that tokens/IDs from each step
+ * feed into the next, as they would in a real dataspace subject flow.
+ */
+import test from 'node:test';
+import assert from 'node:assert/strict';
+import { DataspaceNodeClient } from '../dist/index.js';
+
+function jsonResponse(body, status = 200) {
+  return new Response(JSON.stringify(body), {
+    status,
+    headers: { 'content-type': 'application/json' },
+  });
+}
+
+test('UC5 subject data lifecycle flow: bootstrap org → import IPS → grant access → request token → digital twin', async () => {
+  const ctx = { tenantId: 'acme', jurisdiction: 'ES', sector: 'health-care' };
+
+  // ── Shared scenario state ──────────────────────────────────────────────────
+  const DELEGATED_TOKEN = 'delegated-smart-token-flow-001'; // issued in step 3, used in step 4
+
+  const calls = [];
+  const originalFetch = globalThis.fetch;
+
+  // HTTP mock: responses in strict call-order across all four steps.
+  globalThis.fetch = async (url, options) => {
+    calls.push({ url: String(url), method: options?.method ?? 'GET', body: options?.body });
+
+    // ── Step 1: bootstrapSubjectOrganizationIndex (4 calls: reg submit/poll + confirm submit/poll) ──
+    if (calls.length === 1) return jsonResponse({ accepted: true }, 202);             // reg submit
+    if (calls.length === 2) return jsonResponse({ status: 'COMPLETED', body: { subjectOrgId: 'subj-org-001' } }, 200); // reg poll
+    if (calls.length === 3) return jsonResponse({ accepted: true }, 202);             // confirm submit
+    if (calls.length === 4) return jsonResponse({ status: 'COMPLETED', body: { orderId: 'order-001' } }, 200);        // confirm poll
+
+    // ── Step 2: importIpsOrFhirAndUpdateIndex (2 calls) ─────────────────────
+    if (calls.length === 5) return jsonResponse({ accepted: true }, 202);             // import submit
+    if (calls.length === 6) return jsonResponse({ status: 'COMPLETED', body: { compositionId: 'comp-001' } }, 200);  // import poll
+
+    // ── Step 3: grantProfessionalAccess (2 calls: consent submit/poll) ──
+    if (calls.length === 7) return jsonResponse({ accepted: true }, 202);             // consent submit
+    if (calls.length === 8) return jsonResponse({ status: 'COMPLETED', body: { consentId: 'consent-001' } }, 200);   // consent poll
+    // ── Step 4: requestSmartToken (1 call) ──
+    if (calls.length === 9) return jsonResponse({                                     // token exchange
+      access_token: DELEGATED_TOKEN,
+      token_type: 'Bearer',
+      scope: 'organization/Composition.rs',
+      expires_in: 3600,
+    }, 200);
+
+    // ── Step 5: generateDigitalTwinFromSubjectData (2 calls) ─────────────────
+    if (calls.length === 10) return jsonResponse({ accepted: true }, 202);            // dt submit
+    return jsonResponse({ status: 'COMPLETED', body: { twinId: 'twin-001' } }, 200); // dt poll
+  };
+
+  try {
+    const client = new DataspaceNodeClient({
+      baseUrl: 'http://localhost:3000',
+      bearerToken: 'controller-smart-token',
+    });
+    const pollOptions = { timeoutMs: 5000, intervalMs: 1 };
+
+    // ── Step 1 ────────────────────────────────────────────────────────────────
+    const bootstrapResult = await client.bootstrapSubjectOrganizationIndex(ctx, {
+      registrationPayload: { body: { data: [{ type: 'Family-registration-form-v1.0', subjectId: 'pat-001' }] } },
+      confirmationPayload: { body: { data: [{ type: 'Family-order-request-v1.0', offerId: 'offer-001' }] } },
+      pollOptions,
+    });
+
+    assert.equal(bootstrapResult.registration.poll.status, 200, 'registration must complete');
+    assert.equal(bootstrapResult.confirmation?.poll.status, 200, 'order confirmation must complete');
+    assert.equal(
+      calls[0].url,
+      'http://localhost:3000/acme/cds-ES/v1/health-care/individual/org.schema/Organization/_batch',
+      'registration must target individual org schema batch',
+    );
+    assert.equal(
+      calls[2].url,
+      'http://localhost:3000/acme/cds-ES/v1/health-care/individual/org.schema/Order/_batch',
+      'confirmation must target individual order schema batch',
+    );
+
+    const subjectOrgId = bootstrapResult.registration.poll.body?.subjectOrgId ?? 'subj-org-001';
+
+    // ── Step 2 ────────────────────────────────────────────────────────────────
+    // Uses subjectOrgId from step 1 in composition payload
+    const importResult = await client.importIpsOrFhirAndUpdateIndex(ctx, {
+      compositionPayload: {
+        body: {
+          data: [{
+            type: 'Composition-import-request-v1.0',
+            subjectOrgId,
+            format: 'IPS-R4',
+          }],
+        },
+      },
+      format: 'r4',
+      pollOptions,
+    });
+
+    assert.equal(importResult.poll.status, 200, 'IPS import must complete');
+    assert.equal(
+      calls[4].url,
+      'http://localhost:3000/acme/cds-ES/v1/health-care/individual/org.hl7.fhir.r4/Composition/_batch',
+      'import must target individual FHIR R4 Composition batch',
+    );
+
+    const compositionId = importResult.poll.body?.compositionId ?? 'comp-001';
+
+    // ── Step 3 ────────────────────────────────────────────────────────────────
+    // Grant professional access only (consent/policy persistence)
+    const consentPayload = {
+      thid: 'consent-thread-001',
+      body: {
+        data: [{
+          type: 'Consent-grant-request-v1.0',
+          subjectOrgId,
+          compositionId,
+          professionalId: 'doc-001',
+        }],
+      },
+    };
+    const consentResult = await client.submitAndPoll(
+      client.individualConsentR4BatchPath(ctx),
+      client.individualConsentR4PollPath(ctx),
+      consentPayload,
+      pollOptions,
+    );
+
+    assert.equal(consentResult.poll.status, 200, 'consent grant must complete');
+    assert.equal(
+      calls[6].url,
+      'http://localhost:3000/acme/cds-ES/v1/health-care/individual/org.hl7.fhir.r4/Consent/_batch',
+      'consent must target individual FHIR R4 Consent batch',
+    );
+
+    // ── Step 4 ────────────────────────────────────────────────────────────────
+    // Professional app requests SMART token after consent exists
+    const tokenResult = await client.requestSmartToken({
+      endpointId: 'doc-001',
+      scopes: ['organization/Composition.rs'],
+      exchangePayload: { grant_type: 'urn:ietf:params:oauth:grant-type:token-exchange' },
+      path: '/token',
+    });
+    assert.equal(tokenResult.status, 'fetched', 'SMART token must be fetched');
+    assert.equal(tokenResult.accessToken, DELEGATED_TOKEN, 'delegated token must match');
+    assert.equal(calls[8].url, 'http://localhost:3000/token', 'token exchange must target /token');
+
+    const smartToken = tokenResult.accessToken;
+
+    // ── Step 5 ────────────────────────────────────────────────────────────────
+    // Digital twin generation uses the SMART token issued in step 4
+    const twinClient = new DataspaceNodeClient({
+      baseUrl: 'http://localhost:3000',
+      bearerToken: smartToken,   // <— token from step 3 drives authorization for step 4
+    });
+
+    const twinResult = await twinClient.generateDigitalTwinFromSubjectData(ctx, {
+      compositionPayload: {
+        body: {
+          data: [{
+            type: 'DigitalTwin-composition-request-v1.0',
+            subjectOrgId,
+            compositionId,
+            sourceToken: smartToken,
+          }],
+        },
+      },
+      format: 'r4',
+      pollOptions,
+    });
+
+    assert.equal(twinResult.poll.status, 200, 'digital twin generation must complete');
+    assert.equal(
+      calls[9].url,
+      'http://localhost:3000/acme/cds-ES/v1/health-care/digitaltwin/org.hl7.fhir.r4/Composition/_batch',
+      'digital twin must target digitaltwin FHIR R4 Composition batch',
+    );
+
+    // ── Full flow assertions ───────────────────────────────────────────────────
+    assert.equal(calls.length, 11, 'subject data lifecycle must make exactly 11 HTTP calls total');
+  } finally {
+    globalThis.fetch = originalFetch;
+  }
+});

package/tsconfig.json

@@ -0,0 +1,13 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "declaration": true,
+    "outDir": "dist",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true
+  },
+  "include": ["src/**/*.ts"]
+}