gdc-common-utils-ts 1.2.0 → 1.4.1

package/README.md

@@ -0,0 +1,121 @@
+# gdc-common-utils-ts
+
+Shared TypeScript utilities for GDC client and connector code. This package provides low-level primitives for cryptography, DID/DIDComm-related helpers, and the shared models and interfaces used across SDKs.
+
+It is intentionally not a full backend orchestration layer.
+
+## Install
+
+```bash
+npm install gdc-common-utils-ts
+```
+
+## What It Exports
+
+The published package exposes these entry points through `package.json`:
+
+- Root: `gdc-common-utils-ts`
+- `gdc-common-utils-ts/AesManager`
+- `gdc-common-utils-ts/CryptographyService`
+- `gdc-common-utils-ts/hmac`
+- `gdc-common-utils-ts/constants`
+- `gdc-common-utils-ts/models`
+- `gdc-common-utils-ts/utils`
+- `gdc-common-utils-ts/interfaces`
+- File-level subpaths under `constants/*`, `models/*`, `utils/*`, and `interfaces/*`
+
+### Root crypto exports
+
+The package root re-exports the main crypto helpers:
+
+- `AesManager`
+- `CryptographyService`
+- `computeHmacSha256`
+- `computeHmacSha256Base64Url`
+
+Example:
+
+```ts
+import { AesManager, CryptographyService, computeHmacSha256Base64Url } from 'gdc-common-utils-ts';
+```
+
+### Utilities
+
+The `utils` export exposes reusable helpers for DID and message handling, such as:
+
+- `utils/did` helpers like `generateServiceId`, `normalizeDidWeb`, `createHostedDidWeb`, `buildHostedDidDetails`, and `getBaseUrlFromDidWeb`
+- `utils/jwt`
+- `utils/content`
+- `utils/normalize`
+- `utils/fhir-cid` for recursive FHIR canonicalization + CID generation + `meta.versionId` assignment
+- conversion, formatting, and multibase helpers
+
+These helpers support DIDComm-style message construction and related transport/data-shaping workflows.
+
+Example:
+
+```ts
+import { normalizeDidWeb, generateServiceId } from 'gdc-common-utils-ts/utils/did';
+import { fhirResourceToCid, assignCidToFhirResourceVersionId } from 'gdc-common-utils-ts/utils/fhir-cid';
+```
+
+### Models
+
+The `models` export contains the shared data shapes used by the SDKs, including:
+
+- cryptographic and JOSE shapes such as `aes`, `jwe`, `jws`, `jwt`, and `jwk`
+- DID and DIDComm-related models such as `did`, `comm`, and `verifiable-credential`
+- confidential transport and storage models
+- auth, device, response, issue, and FHIR-oriented models
+
+Example:
+
+```ts
+import { JweObject, JwtCompactParts } from 'gdc-common-utils-ts/models';
+```
+
+### Interfaces
+
+The `interfaces` export contains the shared type contracts and cryptography types, including:
+
+- `ICryptography`
+- `ICryptoHelper`
+- `IWallet`
+- `Cryptography.types`
+- `MlDsa`
+- `MlKem`
+
+Example:
+
+```ts
+import { ICryptography, MlkemPublicJwk } from 'gdc-common-utils-ts/interfaces/Cryptography.types';
+```
+
+## Auth-Flow Boundaries
+
+This package provides primitives, not orchestration.
+
+It supports the cryptographic and data-model building blocks needed by higher-level clients, but it does not coordinate the backend auth exchange sequence for:
+
+- `/_dcr`
+- `/_code`
+- `/_token`
+- `/_exchange`
+
+Those request/response flows belong in connector SDKs and backend orchestration layers.
+
+## Relationship To Other SDKs
+
+`gdc-sdk-client-ts` and `dataconv-client-sdk-ts` are consumers of this package, not replacements for it.
+
+- Use `gdc-common-utils-ts` when you need shared crypto primitives, DID/DIDComm helpers, and common types
+- Use `gdc-sdk-client-ts` or `dataconv-client-sdk-ts` when you need higher-level client orchestration, transport, or API workflows
+
+## Notes
+
+- The package is published as ESM.
+- The `files` field only publishes `dist/`, so source imports should use the documented package entry points rather than local file paths.
+
+## Roadmap and Briefing
+- `BRIEFING_DATASPACE_EN.md`
+- `TODO_ROADMAP.md`

package/dist/constants/hl7-roles.d.ts

@@ -0,0 +1,44 @@
+/**
+ * HL7 role constants shared across GDC projects.
+ *
+ * Two distinct value sets are provided:
+ *
+ * 1. v3-PersonalRelationshipRoleType
+ *    "Who are you in relation to the subject?" (family / social relationship)
+ *    Source: http://terminology.hl7.org/ValueSet/v3-PersonalRelationshipRoleType
+ *
+ * 2. v3-RoleCode — legal / functional representative subset
+ *    "What legal role do you exercise over the subject?" (guardian, attorney…)
+ *    Source: http://terminology.hl7.org/ValueSet/v3-RoleCode
+ *    Used as default for non-human subjects (e.g. animal-care sector).
+ *    Default for animal-care: RESPRSN (Responsible party).
+ */
+export type Hl7RoleEntry = {
+    code: string;
+    display: string;
+    definition: string;
+};
+export declare const HL7_CODING_SYSTEM_PERSONAL_RELATIONSHIP = "http://terminology.hl7.org/CodeSystem/v3-PersonalRelationshipRoleType";
+/** Canonical OID alias used in GDC claims (org.hl7.v3.RoleCode covers both sets). */
+export declare const HL7_CLAIMS_CODING_SYSTEM = "org.hl7.v3.RoleCode";
+/**
+ * Full ordered list of HL7 v3-PersonalRelationshipRoleType entries.
+ * Suitable for relationship pickers in health-sector family registration.
+ * Default role: `ONESELF` (patient represents themselves).
+ */
+export declare const HL7_PERSONAL_RELATIONSHIP_ROLES: Hl7RoleEntry[];
+export declare const HL7_CODING_SYSTEM_V3_ROLE_CODE = "http://terminology.hl7.org/CodeSystem/v3-RoleCode";
+/**
+ * Legal representative / guardian roles from HL7 v3-RoleCode.
+ *
+ * Used when the owner of an individual record exercises a legal function
+ * rather than a personal relationship (e.g. animal-care sector, minors
+ * with court-appointed guardian, power of attorney).
+ *
+ * Default for animal-care sector: `RESPRSN` (Responsible party).
+ */
+export declare const HL7_V3_ROLE_CODE_LEGAL_REPRESENTATIVE: Hl7RoleEntry[];
+/** Default role code for animal-care and non-human subjects. */
+export declare const HL7_DEFAULT_ROLE_ANIMAL_CARE = "RESPRSN";
+/** Default role code for health sector (patient self-represents). */
+export declare const HL7_DEFAULT_ROLE_HEALTH = "ONESELF";

package/dist/constants/hl7-roles.js

@@ -0,0 +1,208 @@
+/**
+ * HL7 role constants shared across GDC projects.
+ *
+ * Two distinct value sets are provided:
+ *
+ * 1. v3-PersonalRelationshipRoleType
+ *    "Who are you in relation to the subject?" (family / social relationship)
+ *    Source: http://terminology.hl7.org/ValueSet/v3-PersonalRelationshipRoleType
+ *
+ * 2. v3-RoleCode — legal / functional representative subset
+ *    "What legal role do you exercise over the subject?" (guardian, attorney…)
+ *    Source: http://terminology.hl7.org/ValueSet/v3-RoleCode
+ *    Used as default for non-human subjects (e.g. animal-care sector).
+ *    Default for animal-care: RESPRSN (Responsible party).
+ */
+// ---------------------------------------------------------------------------
+// 1. v3-PersonalRelationshipRoleType
+// ---------------------------------------------------------------------------
+export const HL7_CODING_SYSTEM_PERSONAL_RELATIONSHIP = 'http://terminology.hl7.org/CodeSystem/v3-PersonalRelationshipRoleType';
+/** Canonical OID alias used in GDC claims (org.hl7.v3.RoleCode covers both sets). */
+export const HL7_CLAIMS_CODING_SYSTEM = 'org.hl7.v3.RoleCode';
+const PERSONAL_RELATIONSHIP_LIST = [
+    { code: 'ONESELF', display: 'self', definition: 'The relationship that a person has with himself or herself.' },
+    { code: 'CHILD', display: 'child', definition: 'The player of the role is a child of the scoping entity.' },
+    { code: 'CHLDADOPT', display: 'adopted child', definition: 'The player of the role is a child taken into a family through legal means and raised by the scoping person as his or her own child.' },
+    { code: 'DAUADOPT', display: 'adopted daughter', definition: 'The player of the role is a female child taken into a family through legal means and raised by the scoping person as his or her own child.' },
+    { code: 'SONADOPT', display: 'adopted son', definition: 'The player of the role is a male child taken into a family through legal means and raised by the scoping person as his or her own child.' },
+    { code: 'CHLDFOST', display: 'foster child', definition: 'The player of the role is a child receiving parental care and nurture from the scoping person but not related through legal or blood ties.' },
+    { code: 'DAUFOST', display: 'foster daughter', definition: 'The player of the role is a female child receiving parental care and nurture from the scoping person but not related through legal or blood ties.' },
+    { code: 'SONFOST', display: 'foster son', definition: 'The player of the role is a male child receiving parental care and nurture from the scoping person but not related through legal or blood ties.' },
+    { code: 'DAUC', display: 'daughter', definition: 'The player of the role is a female child (of any type) of the scoping entity.' },
+    { code: 'DAU', display: 'natural daughter', definition: 'The player of the role is a female offspring of the scoping entity.' },
+    { code: 'STPDAU', display: 'stepdaughter', definition: "The player of the role is a daughter of the scoping person's spouse by a previous union." },
+    { code: 'NCHILD', display: 'natural child', definition: 'The player of the role is an offspring of the scoping entity as determined by birth.' },
+    { code: 'SON', display: 'natural son', definition: 'The player of the role is a male offspring of the scoping entity.' },
+    { code: 'SONC', display: 'son', definition: 'The player of the role is a male child (of any type) of the scoping entity.' },
+    { code: 'STPSON', display: 'stepson', definition: "The player of the role is a son of the scoping person's spouse by a previous union." },
+    { code: 'STPCHLD', display: 'step child', definition: "The player of the role is a child of the scoping person's spouse by a previous union." },
+    { code: 'AUNT', display: 'aunt', definition: "The player of the role is a sister of the scoping person's mother or father." },
+    { code: 'MAUNT', display: 'maternal aunt', definition: "The player of the role is a biological sister of the scoping person's biological mother." },
+    { code: 'PAUNT', display: 'paternal aunt', definition: "The player of the role is a biological sister of the scoping person's biological father." },
+    { code: 'COUSN', display: 'cousin', definition: 'The player of the role is a relative of the scoping person descended from a common ancestor, such as a grandparent, by two or more steps in a diverging line.' },
+    { code: 'MCOUSN', display: 'maternal cousin', definition: "The player of the role is a biological relative of the scoping person descended from a common ancestor on the player's mother's side." },
+    { code: 'PCOUSN', display: 'paternal cousin', definition: "The player of the role is a biological relative of the scoping person descended from a common ancestor on the player's father's side." },
+    { code: 'GGRPRN', display: 'great grandparent', definition: "The player of the role is a parent of the scoping person's grandparent." },
+    { code: 'GGRFTH', display: 'great grandfather', definition: "The player of the role is the father of the scoping person's grandparent." },
+    { code: 'MGGRFTH', display: 'maternal great-grandfather', definition: "The player of the role is the biological father of the scoping person's biological mother's parent." },
+    { code: 'PGGRFTH', display: 'paternal great-grandfather', definition: "The player of the role is the biological father of the scoping person's biological father's parent." },
+    { code: 'GGRMTH', display: 'great grandmother', definition: "The player of the role is the mother of the scoping person's grandparent." },
+    { code: 'MGGRMTH', display: 'maternal great-grandmother', definition: "The player of the role is the biological mother of the scoping person's biological mother's parent." },
+    { code: 'PGGRMTH', display: 'paternal great-grandmother', definition: "The player of the role is the biological mother of the scoping person's biological father's parent." },
+    { code: 'MGGRPRN', display: 'maternal great-grandparent', definition: "The player of the role is a biological parent of the scoping person's biological mother's parent." },
+    { code: 'PGGRPRN', display: 'paternal great-grandparent', definition: "The player of the role is a biological parent of the scoping person's biological father's parent." },
+    { code: 'GRNDCHILD', display: 'grandchild', definition: "The player of the role is a child of the scoping person's son or daughter." },
+    { code: 'GRNDDAU', display: 'granddaughter', definition: "The player of the role is a daughter of the scoping person's son or daughter." },
+    { code: 'GRNDSON', display: 'grandson', definition: "The player of the role is a son of the scoping person's son or daughter." },
+    { code: 'GRPRN', display: 'grandparent', definition: "The player of the role is a parent of the scoping person's mother or father." },
+    { code: 'GRFTH', display: 'grandfather', definition: "The player of the role is the father of the scoping person's mother or father." },
+    { code: 'MGRFTH', display: 'maternal grandfather', definition: "The player of the role is the biological father of the scoping person's biological mother." },
+    { code: 'PGRFTH', display: 'paternal grandfather', definition: "The player of the role is the biological father of the scoping person's biological father." },
+    { code: 'GRMTH', display: 'grandmother', definition: "The player of the role is the mother of the scoping person's mother or father." },
+    { code: 'MGRMTH', display: 'maternal grandmother', definition: "The player of the role is the biological mother of the scoping person's biological mother." },
+    { code: 'PGRMTH', display: 'paternal grandmother', definition: "The player of the role is the biological mother of the scoping person's biological father." },
+    { code: 'MGRPRN', display: 'maternal grandparent', definition: "The player of the role is the biological parent of the scoping person's biological mother." },
+    { code: 'PGRPRN', display: 'paternal grandparent', definition: "The player of the role is the biological parent of the scoping person's biological father." },
+    { code: 'CHLDINLAW', display: 'child-in-law', definition: "The player of the role is the spouse of the scoping person's child." },
+    { code: 'DAUINLAW', display: 'daughter in-law', definition: "The player of the role is the wife of the scoping person's son." },
+    { code: 'SONINLAW', display: 'son in-law', definition: "The player of the role is the husband of the scoping person's daughter." },
+    { code: 'PRNINLAW', display: 'parent in-law', definition: "The player of the role is the parent of the scoping person's husband or wife." },
+    { code: 'FTHINLAW', display: 'father-in-law', definition: "The player of the role is the father of the scoping person's husband or wife." },
+    { code: 'MTHINLAW', display: 'mother-in-law', definition: "The player of the role is the mother of the scoping person's husband or wife." },
+    { code: 'SIBINLAW', display: 'sibling in-law', definition: "The player of the role is a sibling of the scoping person's spouse, or the spouse of the scoping person's sibling, or the spouse of a sibling of the scoping person's spouse." },
+    { code: 'BROINLAW', display: 'brother-in-law', definition: "The player of the role is a brother of the scoping person's spouse, or the husband of the scoping person's sister, or the husband of a sister of the scoping person's spouse." },
+    { code: 'SISINLAW', display: 'sister-in-law', definition: "The player of the role is a sister of the scoping person's spouse, or the wife of the scoping person's brother, or the wife of a brother of the scoping person's spouse." },
+    { code: 'NIENEPH', display: 'niece/nephew', definition: "The player of the role is a child of the scoping person's brother or sister or of the brother or sister of the scoping person's spouse." },
+    { code: 'NEPHEW', display: 'nephew', definition: "The player of the role is a son of the scoping person's brother or sister or of the brother or sister of the scoping person's spouse." },
+    { code: 'NIECE', display: 'niece', definition: "The player of the role is a daughter of the scoping person's brother or sister or of the brother or sister of the scoping person's spouse." },
+    { code: 'UNCLE', display: 'uncle', definition: "The player of the role is a brother of the scoping person's mother or father." },
+    { code: 'MUNCLE', display: 'maternal uncle', definition: "The player of the role is a biological brother of the scoping person's biological mother." },
+    { code: 'PUNCLE', display: 'paternal uncle', definition: "The player of the role is a biological brother of the scoping person's biological father." },
+    { code: 'PRN', display: 'parent', definition: 'The player of the role is one who begets, gives birth to, or nurtures and raises the scoping entity.' },
+    { code: 'ADOPTP', display: 'adoptive parent', definition: 'The player of the role has taken the scoper into their family through legal means and raises them as their own child.' },
+    { code: 'ADOPTF', display: 'adoptive father', definition: 'The player of the role is a male who has taken the scoper into their family through legal means and raises them as his own child.' },
+    { code: 'ADOPTM', display: 'adoptive mother', definition: 'The player of the role is a female who has taken the scoper into their family through legal means and raises them as her own child.' },
+    { code: 'FTH', display: 'father', definition: 'The player of the role is a male who begets or raises or nurtures the scoping entity.' },
+    { code: 'FTHFOST', display: 'foster father', definition: 'The player of the role is a male state-certified caregiver responsible for the child placed in their care.' },
+    { code: 'NFTH', display: 'natural father', definition: 'The player of the role is a male who begets the scoping entity.' },
+    { code: 'NFTHF', display: 'natural father of fetus', definition: 'Indicates the biologic male parent of a fetus.' },
+    { code: 'STPFTH', display: 'stepfather', definition: "The player of the role is the husband of the scoping person's mother and not the scoping person's natural father." },
+    { code: 'MTH', display: 'mother', definition: 'The player of the role is a female who conceives, gives birth to, or raises and nurtures the scoping entity.' },
+    { code: 'GESTM', display: 'gestational mother', definition: 'The player is a female whose womb carries the fetus of the scoper.' },
+    { code: 'MTHFOST', display: 'foster mother', definition: 'The player of the role is a female state-certified caregiver responsible for the child placed in their care.' },
+    { code: 'NMTH', display: 'natural mother', definition: 'The player of the role is a female who conceives or gives birth to the scoping entity.' },
+    { code: 'NMTHF', display: 'natural mother of fetus', definition: 'The player is the biologic female parent of the scoping fetus.' },
+    { code: 'STPMTH', display: 'stepmother', definition: "The player of the role is the wife of the scoping person's father and not the scoping person's natural mother." },
+    { code: 'NPRN', display: 'natural parent', definition: 'The player of the role is a natural parent.' },
+    { code: 'PRNFOST', display: 'foster parent', definition: 'The player of the role is a state-certified caregiver responsible for the child placed in their care.' },
+    { code: 'STPPRN', display: 'step parent', definition: "The player of the role is the spouse of the scoping person's parent and not the scoping person's natural parent." },
+    { code: 'SIB', display: 'sibling', definition: 'The player of the role shares one or both parents in common with the scoping entity.' },
+    { code: 'BRO', display: 'brother', definition: 'The player of the role is a male sharing one or both parents in common with the scoping entity.' },
+    { code: 'HBRO', display: 'half-brother', definition: 'The player of the role is a male related to the scoping entity by sharing only one biological parent.' },
+    { code: 'NBRO', display: 'natural brother', definition: 'The player of the role is a male having the same biological parents as the scoping entity.' },
+    { code: 'TWINBRO', display: 'twin brother', definition: 'The scoper was carried in the same womb as the male player and shares common biological parents.' },
+    { code: 'FTWINBRO', display: 'fraternal twin brother', definition: 'The scoper was carried in the same womb as the male player and shares common biological parents but is the product of distinct egg/sperm pairs.' },
+    { code: 'ITWINBRO', display: 'identical twin brother', definition: 'The male scoper is an offspring of the same egg-sperm pair as the male player.' },
+    { code: 'STPBRO', display: 'stepbrother', definition: "The player of the role is a son of the scoping person's stepparent." },
+    { code: 'HSIB', display: 'half-sibling', definition: 'The player of the role is related to the scoping entity by sharing only one biological parent.' },
+    { code: 'HSIS', display: 'half-sister', definition: 'The player of the role is a female related to the scoping entity by sharing only one biological parent.' },
+    { code: 'NSIB', display: 'natural sibling', definition: 'The player of the role has both biological parents in common with the scoping entity.' },
+    { code: 'NSIS', display: 'natural sister', definition: 'The player of the role is a female having the same biological parents as the scoping entity.' },
+    { code: 'TWINSIS', display: 'twin sister', definition: 'The scoper was carried in the same womb as the female player and shares common biological parents.' },
+    { code: 'FTWINSIS', display: 'fraternal twin sister', definition: 'The scoper was carried in the same womb as the female player and shares common biological parents but is the product of distinct egg/sperm pairs.' },
+    { code: 'ITWINSIS', display: 'identical twin sister', definition: 'The female scoper is an offspring of the same egg-sperm pair as the female player.' },
+    { code: 'TWIN', display: 'twin', definition: 'The scoper and player were carried in the same womb and shared common biological parents.' },
+    { code: 'FTWIN', display: 'fraternal twin', definition: 'The scoper and player were carried in the same womb and share common biological parents but are the product of distinct egg/sperm pairs.' },
+    { code: 'ITWIN', display: 'identical twin', definition: 'The scoper and player are offspring of the same egg-sperm pair.' },
+    { code: 'SIS', display: 'sister', definition: 'The player of the role is a female sharing one or both parents in common with the scoping entity.' },
+    { code: 'STPSIS', display: 'stepsister', definition: "The player of the role is a daughter of the scoping person's stepparent." },
+    { code: 'STPSIB', display: 'step sibling', definition: "The player of the role is a child of the scoping person's stepparent." },
+    { code: 'SIGOTHR', display: 'significant other', definition: "A person who is important to one's well being; especially a spouse or one in a similar relationship." },
+    { code: 'DOMPART', display: 'domestic partner', definition: "The player of the role cohabits with the scoping person but is not the scoping person's spouse." },
+    { code: 'FMRSPS', display: 'former spouse', definition: 'Player of the role was previously joined to the scoping person in marriage and this marriage is now dissolved and inactive.' },
+    { code: 'SPS', display: 'spouse', definition: 'The player of the role is a marriage partner of the scoping person.' },
+    { code: 'HUSB', display: 'husband', definition: 'The player of the role is a man joined to a woman in marriage.' },
+    { code: 'WIFE', display: 'wife', definition: 'The player of the role is a woman joined to a man in marriage.' },
+    { code: 'FRND', display: 'unrelated friend', definition: 'The player of the role is a person who is known, liked, and trusted by the scoping person.' },
+    { code: 'NBOR', display: 'neighbor', definition: 'The player of the role lives near or next to the scoping person.' },
+    { code: 'ROOM', display: 'roommate', definition: 'One who shares living quarters with the subject.' },
+];
+const PERSONAL_PREFERRED_ORDER = [
+    'ONESELF', 'SPS', 'HUSB', 'WIFE', 'SIGOTHR', 'DOMPART', 'FMRSPS', 'ROOM',
+    'CHILD', 'SON', 'DAU', 'SONC', 'DAUC', 'NCHILD',
+    'CHLDADOPT', 'SONADOPT', 'DAUADOPT', 'CHLDFOST', 'SONFOST', 'DAUFOST',
+    'STPCHLD', 'STPSON', 'STPDAU',
+    'PRN', 'FTH', 'MTH', 'NFTH', 'NMTH',
+    'ADOPTP', 'ADOPTF', 'ADOPTM', 'FTHFOST', 'MTHFOST', 'PRNFOST',
+    'STPFTH', 'STPMTH', 'STPPRN', 'NPRN',
+    'SIB', 'BRO', 'SIS', 'NBRO', 'NSIS', 'NSIB', 'HBRO', 'HSIS', 'HSIB',
+    'TWIN', 'TWINBRO', 'TWINSIS', 'FTWIN', 'FTWINBRO', 'FTWINSIS',
+    'ITWIN', 'ITWINBRO', 'ITWINSIS',
+    'GRPRN', 'GRFTH', 'GRMTH', 'MGRPRN', 'PGRPRN', 'MGRFTH', 'PGRFTH', 'MGRMTH', 'PGRMTH',
+    'GGRPRN', 'GGRFTH', 'GGRMTH', 'MGGRPRN', 'PGGRPRN', 'MGGRFTH', 'PGGRFTH', 'MGGRMTH', 'PGGRMTH',
+    'GRNDCHILD', 'GRNDSON', 'GRNDDAU',
+    'CHLDINLAW', 'SONINLAW', 'DAUINLAW', 'PRNINLAW', 'FTHINLAW', 'MTHINLAW',
+    'SIBINLAW', 'BROINLAW', 'SISINLAW',
+    'UNCLE', 'AUNT', 'MUNCLE', 'PAUNT',
+    'NIENEPH', 'NEPHEW', 'NIECE',
+    'COUSN', 'MCOUSN', 'PCOUSN',
+    'FRND', 'NBOR',
+];
+const _personalByCode = new Map(PERSONAL_RELATIONSHIP_LIST.map((r) => [r.code, r]));
+const _personalPreferred = PERSONAL_PREFERRED_ORDER
+    .map((code) => _personalByCode.get(code))
+    .filter(Boolean);
+const _personalRemaining = PERSONAL_RELATIONSHIP_LIST.filter((r) => !PERSONAL_PREFERRED_ORDER.includes(r.code));
+/**
+ * Full ordered list of HL7 v3-PersonalRelationshipRoleType entries.
+ * Suitable for relationship pickers in health-sector family registration.
+ * Default role: `ONESELF` (patient represents themselves).
+ */
+export const HL7_PERSONAL_RELATIONSHIP_ROLES = [
+    ..._personalPreferred,
+    ..._personalRemaining,
+];
+// ---------------------------------------------------------------------------
+// 2. v3-RoleCode — legal / functional representative subset
+// ---------------------------------------------------------------------------
+export const HL7_CODING_SYSTEM_V3_ROLE_CODE = 'http://terminology.hl7.org/CodeSystem/v3-RoleCode';
+/**
+ * Legal representative / guardian roles from HL7 v3-RoleCode.
+ *
+ * Used when the owner of an individual record exercises a legal function
+ * rather than a personal relationship (e.g. animal-care sector, minors
+ * with court-appointed guardian, power of attorney).
+ *
+ * Default for animal-care sector: `RESPRSN` (Responsible party).
+ */
+export const HL7_V3_ROLE_CODE_LEGAL_REPRESENTATIVE = [
+    {
+        code: 'RESPRSN',
+        display: 'Responsible party',
+        definition: 'The role played by a party who has legal responsibility for another party.',
+    },
+    {
+        code: 'GUARD',
+        display: 'Guardian',
+        definition: 'The role played by a person or institution legally empowered with responsibility for the care of a ward.',
+    },
+    {
+        code: 'GUADLTM',
+        display: 'Guardian ad lidem',
+        definition: 'The role played by a person appointed by the court to represent the best interests of a child or incompetent in a legal proceeding.',
+    },
+    {
+        code: 'POWATT',
+        display: 'Power of attorney',
+        definition: 'A relationship between two people in which one person acts on behalf of another in legal or financial matters.',
+    },
+    {
+        code: 'DPOWATT',
+        display: 'Durable power of attorney',
+        definition: 'A relationship between two people in which one person acts on behalf of another even if the grantor becomes incapacitated.',
+    },
+];
+/** Default role code for animal-care and non-human subjects. */
+export const HL7_DEFAULT_ROLE_ANIMAL_CARE = 'RESPRSN';
+/** Default role code for health sector (patient self-represents). */
+export const HL7_DEFAULT_ROLE_HEALTH = 'ONESELF';

package/dist/constants/index.d.ts

@@ -1 +1,2 @@
 export * from './schemaorg';
+export * from './hl7-roles';

package/dist/constants/index.js

@@ -1 +1,2 @@
 export * from './schemaorg.js';
+export * from './hl7-roles.js';

package/dist/index.d.ts

@@ -1,3 +1,4 @@
 export * from './AesManager';
 export * from './CryptographyService';
 export * from './hmac';
+export * from './storage';

package/dist/index.js

@@ -1,3 +1,4 @@
 export * from './AesManager.js';
 export * from './CryptographyService.js';
 export * from './hmac.js';
+export * from './storage/index.js';

package/dist/storage/IVaultRepository.d.ts

@@ -0,0 +1,53 @@
+import { RecordBase, VaultConfig } from '../models/resource-document';
+export interface VaultQueryCondition {
+    attribute: string;
+    equals?: unknown;
+    in?: unknown[];
+}
+export interface VaultQuery {
+    where?: VaultQueryCondition[];
+    orderBy?: {
+        attribute: string;
+        direction: 'asc' | 'desc';
+    };
+    limit?: number;
+    offset?: number;
+}
+export declare abstract class IVaultRepository {
+    /** Writes one or more records into a collection. */
+    abstract put<T extends RecordBase>(collectionName: string, containers: T | T[]): Promise<boolean>;
+    /** Reads a single record by id. */
+    abstract get<T extends RecordBase>(collectionName: string, containerId: string): Promise<T | undefined>;
+    /** Queries records by structured conditions. */
+    abstract query<T extends RecordBase>(collectionName: string, query: VaultQuery): Promise<T[]>;
+    /** Marks a record as deleted. */
+    abstract delete(collectionName: string, containerId: string): Promise<boolean>;
+}
+export declare abstract class IServerVaultRepository extends IVaultRepository {
+    /** Creates a new physical vault/collection. */
+    abstract createNewVault(vaultConfig: VaultConfig): Promise<boolean>;
+    /** Checks if a tenant's logical registration record exists. */
+    abstract vaultExists(vaultId: string): Promise<boolean>;
+    /** Retrieves configuration for a specific vault. */
+    abstract getVaultConfig(vaultId: string): Promise<VaultConfig | undefined>;
+    /** Creates a new section within a vault. */
+    abstract createNewSection(collectionName: string, sectionId: string): Promise<boolean>;
+    /** Updates or creates a section with the provided records. */
+    abstract updateSection(collectionName: string, sectionId: string, containers?: RecordBase[]): Promise<boolean>;
+    /** Retrieves all section IDs from a vault. */
+    abstract getAllSections(collectionName: string): Promise<string[]>;
+    /** Checks if a section exists within a vault. */
+    abstract sectionExists(collectionName: string, sectionId: string): Promise<boolean>;
+    /** Retrieves a list of record identifiers from a section. */
+    abstract getContainersListInSection(collectionName: string, sectionId: string): Promise<string[]>;
+    /** Retrieves full records from a section. */
+    abstract getContainersInSection<T extends RecordBase>(collectionName: string, sectionId: string, excludeRecordTypes?: string[]): Promise<T[]>;
+    /** Section-aware put — sectionId optional for backwards compat. */
+    abstract put<T extends RecordBase>(collectionName: string, containers: T | T[], sectionId?: string): Promise<boolean>;
+    /** Section-aware get — sectionId optional. */
+    abstract get<T extends RecordBase>(collectionName: string, containerId: string, sectionId?: string): Promise<T | undefined>;
+    /** Retrieves all versions of a record by id. */
+    abstract getHistory(collectionName: string, containerId: string): Promise<RecordBase[]>;
+    /** Permanently removes records marked as deleted. */
+    abstract purge(collectionName: string): Promise<boolean>;
+}

package/dist/storage/IVaultRepository.js

@@ -0,0 +1,25 @@
+// Copyright 2025 Antifraud Services Inc. under the Apache License, Version 2.0.
+// File: src/storage/IVaultRepository.ts
+// ---------------------------------------------------------------------------
+// Base contract — used by all channels (voice, chat, mobile)
+//
+// Each vault instance is scoped to a single actor/session context
+// (e.g. callSid for voice, userId for text channels).
+//
+// collectionName → logical bucket within the vault (e.g. 'tokens', 'session')
+// containerId    → unique record id within the bucket
+// ---------------------------------------------------------------------------
+export class IVaultRepository {
+}
+// ---------------------------------------------------------------------------
+// Server/multi-tenant extension — used by GW nodes (gdc-unid-node-ts, gwtemplate-node-ts)
+//
+// Adds multi-vault management, sections, history, and purge operations
+// needed by server-side vault repositories (Firestore, Postgres, Mem-backend).
+//
+// TODO: migrate gdc-unid-node-ts and gwtemplate-node-ts vault.repository.ts
+//       to extend this interface once storage-sdk-firestore-ts and
+//       storage-sdk-postgres-ts are created as separate packages.
+// ---------------------------------------------------------------------------
+export class IServerVaultRepository extends IVaultRepository {
+}

package/dist/storage/VaultMemRepository.d.ts

@@ -0,0 +1,30 @@
+import { RecordBase } from '../models/resource-document';
+import { IVaultRepository, VaultQuery } from './IVaultRepository';
+/**
+ * In-memory implementation of IVaultRepository.
+ *
+ * Intended for:
+ * - Unit/integration tests across all packages
+ * - Short-lived runtime contexts (voice calls, transient sessions)
+ *
+ * Each instance is independent — instantiate one per actor/session context
+ * (e.g. one per CallSid in uhc-unid-chat-node) and discard on cleanup.
+ *
+ * TODO: For text channels with persistent sessions, use:
+ *   - storage-sdk-firestore-ts → FirestoreVaultRepository (Google Cloud)
+ *   - storage-sdk-postgres-ts  → PostgresVaultRepository  (Cloud SQL / self-hosted)
+ *   - storage-sdk-sqlite-ts    → SqliteVaultRepository    (mobile / expo-sqlite)
+ *   - storage-sdk-indexeddb-ts → IndexedDbVaultRepository (browser)
+ *   - storage-sdk-py           → Python equivalents
+ * All of the above will import IVaultRepository from gdc-common-utils-ts/storage.
+ */
+export declare class VaultMemRepository extends IVaultRepository {
+    private readonly collections;
+    private ensureCollection;
+    /** Clears all state. Useful for test teardown or call-end cleanup. */
+    clear(): void;
+    put<T extends RecordBase>(collectionName: string, containers: T | T[]): Promise<boolean>;
+    get<T extends RecordBase>(collectionName: string, containerId: string): Promise<T | undefined>;
+    query<T extends RecordBase>(collectionName: string, query: VaultQuery): Promise<T[]>;
+    delete(collectionName: string, containerId: string): Promise<boolean>;
+}

package/dist/storage/VaultMemRepository.js

@@ -0,0 +1,78 @@
+// Copyright 2025 Antifraud Services Inc. under the Apache License, Version 2.0.
+// File: src/storage/VaultMemRepository.ts
+import { IVaultRepository } from './IVaultRepository.js';
+/**
+ * In-memory implementation of IVaultRepository.
+ *
+ * Intended for:
+ * - Unit/integration tests across all packages
+ * - Short-lived runtime contexts (voice calls, transient sessions)
+ *
+ * Each instance is independent — instantiate one per actor/session context
+ * (e.g. one per CallSid in uhc-unid-chat-node) and discard on cleanup.
+ *
+ * TODO: For text channels with persistent sessions, use:
+ *   - storage-sdk-firestore-ts → FirestoreVaultRepository (Google Cloud)
+ *   - storage-sdk-postgres-ts  → PostgresVaultRepository  (Cloud SQL / self-hosted)
+ *   - storage-sdk-sqlite-ts    → SqliteVaultRepository    (mobile / expo-sqlite)
+ *   - storage-sdk-indexeddb-ts → IndexedDbVaultRepository (browser)
+ *   - storage-sdk-py           → Python equivalents
+ * All of the above will import IVaultRepository from gdc-common-utils-ts/storage.
+ */
+export class VaultMemRepository extends IVaultRepository {
+    collections = new Map();
+    ensureCollection(collectionName) {
+        if (!this.collections.has(collectionName)) {
+            this.collections.set(collectionName, new Map());
+        }
+        return this.collections.get(collectionName);
+    }
+    /** Clears all state. Useful for test teardown or call-end cleanup. */
+    clear() {
+        this.collections.clear();
+    }
+    async put(collectionName, containers) {
+        const col = this.ensureCollection(collectionName);
+        const items = Array.isArray(containers) ? containers : [containers];
+        for (const item of items) {
+            col.set(item.id, item);
+        }
+        return true;
+    }
+    async get(collectionName, containerId) {
+        return this.collections.get(collectionName)?.get(containerId);
+    }
+    async query(collectionName, query) {
+        const col = this.collections.get(collectionName);
+        if (!col)
+            return [];
+        let results = Array.from(col.values());
+        if (query.where?.length) {
+            results = results.filter((doc) => query.where.every((cond) => {
+                const val = doc[cond.attribute];
+                if (cond.equals !== undefined)
+                    return val === cond.equals;
+                if (cond.in !== undefined)
+                    return cond.in.includes(val);
+                return true;
+            }));
+        }
+        if (query.orderBy) {
+            const { attribute, direction } = query.orderBy;
+            results.sort((a, b) => {
+                const av = a[attribute];
+                const bv = b[attribute];
+                const cmp = av < bv ? -1 : av > bv ? 1 : 0;
+                return direction === 'asc' ? cmp : -cmp;
+            });
+        }
+        if (query.offset)
+            results = results.slice(query.offset);
+        if (query.limit)
+            results = results.slice(0, query.limit);
+        return results;
+    }
+    async delete(collectionName, containerId) {
+        return this.collections.get(collectionName)?.delete(containerId) ?? false;
+    }
+}

package/dist/storage/index.d.ts

@@ -0,0 +1,3 @@
+export { IVaultRepository, IServerVaultRepository } from './IVaultRepository';
+export type { VaultQuery, VaultQueryCondition } from './IVaultRepository';
+export { VaultMemRepository } from './VaultMemRepository';

package/dist/storage/index.js

@@ -0,0 +1,4 @@
+// Copyright 2025 Antifraud Services Inc. under the Apache License, Version 2.0.
+// File: src/storage/index.ts
+export { IVaultRepository, IServerVaultRepository } from './IVaultRepository.js';
+export { VaultMemRepository } from './VaultMemRepository.js';

package/dist/utils/consent.d.ts

@@ -0,0 +1,51 @@
+export type ConsentActorTargetInput = {
+    /** Canonical actor identifier (for example did:web:..., urn:taxid:..., urn:tel:..., email). */
+    identifier?: string;
+    /** Preferred URL/domain alias for organization actor resolution (maps to did:web:<host>). */
+    url?: string;
+    /** Legacy alias maintained for backwards compatibility. */
+    didWeb?: string;
+    /** Legacy alias maintained for backwards compatibility. */
+    organizationUrl?: string;
+    organizationTaxId?: string;
+    email?: string;
+    phone?: string;
+};
+export type SubjectIdentifierInput = {
+    subjectDid?: string;
+    subjectPhone?: string;
+    subjectGivenName?: string;
+};
+export type BuildConsentClaimsSimpleInput = SubjectIdentifierInput & {
+    actor: ConsentActorTargetInput;
+    actorRole: string;
+    purpose: string;
+    actions: string[];
+    consentIdentifier?: string;
+    consentDate?: string;
+    decision?: 'permit' | 'deny';
+    attachmentContentType?: string;
+    attachmentBase64?: string;
+};
+export type BuildConsentClaimsSimpleOptions = {
+    errorPrefix?: string;
+    consentIdentifierFactory?: () => string;
+};
+export type ConsentClaimsSimpleResult = {
+    actorIdentifier: string;
+    subjectIdentifier: string;
+    consentClaims: Record<string, unknown>;
+};
+export type ConsentClaimsWithCidResult = ConsentClaimsSimpleResult & {
+    claimsCid: string;
+};
+export declare function normalizePhone(value: string): string;
+export declare function normalizeIdentifierToken(value: string): string;
+export declare function resolveActorIdentifier(target: ConsentActorTargetInput, options?: {
+    errorPrefix?: string;
+}): string;
+export declare function resolveSubjectIdentifier(input: SubjectIdentifierInput, options?: {
+    errorPrefix?: string;
+}): string;
+export declare function buildConsentClaimsSimple(input: BuildConsentClaimsSimpleInput, options?: BuildConsentClaimsSimpleOptions): ConsentClaimsSimpleResult;
+export declare function buildConsentClaimsSimpleWithCid(input: BuildConsentClaimsSimpleInput, options?: BuildConsentClaimsSimpleOptions): ConsentClaimsWithCidResult;

package/dist/utils/consent.js

@@ -0,0 +1,90 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+import { assignCidToClaimsId } from './fhir-cid.js';
+export function normalizePhone(value) {
+    return String(value || '').replace(/[^\d+]/g, '');
+}
+export function normalizeIdentifierToken(value) {
+    return String(value || '')
+        .trim()
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/g, '-')
+        .replace(/(^-|-$)/g, '');
+}
+function withPrefix(prefix, message) {
+    return prefix ? `${prefix} ${message}` : message;
+}
+export function resolveActorIdentifier(target, options = {}) {
+    const identifier = String(target?.identifier || '').trim();
+    if (identifier)
+        return identifier;
+    const didWeb = String(target?.didWeb || '').trim();
+    if (didWeb.startsWith('did:web:'))
+        return didWeb;
+    const orgUrl = String(target?.url || target?.organizationUrl || '').trim();
+    if (orgUrl) {
+        try {
+            const parsed = orgUrl.includes('://') ? new URL(orgUrl) : new URL(`https://${orgUrl}`);
+            if (parsed.hostname)
+                return `did:web:${parsed.hostname.toLowerCase()}`;
+        }
+        catch {
+            // Ignore malformed URL and continue with other fallbacks.
+        }
+    }
+    const email = String(target?.email || '').trim().toLowerCase();
+    if (email && email.includes('@'))
+        return email;
+    const taxId = String(target?.organizationTaxId || '').trim().toUpperCase();
+    if (taxId)
+        return `urn:taxid:${taxId}`;
+    const phone = normalizePhone(String(target?.phone || ''));
+    if (phone)
+        return `urn:tel:${phone}`;
+    throw new Error(withPrefix(options.errorPrefix, 'Could not resolve actor identifier from identifier/didWeb/url/email/taxId/phone.'));
+}
+export function resolveSubjectIdentifier(input, options = {}) {
+    const did = String(input?.subjectDid || '').trim();
+    if (did)
+        return did;
+    const phone = normalizePhone(String(input?.subjectPhone || ''));
+    const given = normalizeIdentifierToken(String(input?.subjectGivenName || ''));
+    if (phone && given)
+        return `urn:person:phone:${phone}:given:${given}`;
+    throw new Error(withPrefix(options.errorPrefix, 'grantProfessionalAccessSimple requires subjectDid or (subjectPhone + subjectGivenName).'));
+}
+export function buildConsentClaimsSimple(input, options = {}) {
+    const actorIdentifier = resolveActorIdentifier(input.actor || {}, { errorPrefix: options.errorPrefix });
+    const subjectIdentifier = resolveSubjectIdentifier(input, { errorPrefix: options.errorPrefix });
+    const consentDate = String(input.consentDate || '').trim() || new Date().toISOString().slice(0, 10);
+    const consentIdentifier = String(input.consentIdentifier || '').trim() || String(options.consentIdentifierFactory?.() || '').trim();
+    if (!consentIdentifier) {
+        throw new Error(withPrefix(options.errorPrefix, 'consentIdentifier is required when no consentIdentifierFactory is provided.'));
+    }
+    return {
+        actorIdentifier,
+        subjectIdentifier,
+        consentClaims: {
+            '@context': 'org.hl7.fhir.api',
+            'Consent.decision': input.decision || 'permit',
+            'Consent.subject': subjectIdentifier,
+            'Consent.identifier': consentIdentifier,
+            'Consent.date': consentDate,
+            'Consent.purpose': input.purpose,
+            'Consent.action': (input.actions || []).join(','),
+            'Consent.actor-identifier': actorIdentifier,
+            'Consent.actor-role': input.actorRole,
+            'Consent.attachment-contentType': input.attachmentContentType || 'application/odrl+json',
+            'Consent.attachment-data': input.attachmentBase64 || 'e30=',
+        },
+    };
+}
+export function buildConsentClaimsSimpleWithCid(input, options = {}) {
+    const built = buildConsentClaimsSimple(input, options);
+    const assigned = assignCidToClaimsId(built.consentClaims);
+    return {
+        actorIdentifier: built.actorIdentifier,
+        subjectIdentifier: built.subjectIdentifier,
+        consentClaims: assigned.claims,
+        claimsCid: assigned.cid,
+    };
+}

package/dist/utils/fhir-cid.d.ts

@@ -0,0 +1,60 @@
+export type FhirCanonicalizationOptions = {
+    /**
+     * Removes `meta.versionId` from canonical input to avoid self-referential hashes.
+     * Default: true.
+     */
+    stripMetaVersionId?: boolean;
+    /**
+     * Removes top-level narrative `text` if present.
+     * Default: false.
+     */
+    stripNarrativeText?: boolean;
+    /**
+     * Removes nested `id` fields in backbone elements (resource root `id` is preserved).
+     * Default: false.
+     */
+    stripNestedElementIds?: boolean;
+};
+export type FhirCidBuildOptions = {
+    canonicalization?: FhirCanonicalizationOptions;
+    /**
+     * CID multicodec for canonical FHIR JSON payloads.
+     * `0x0129` is DAG-JSON.
+     */
+    multicodecCode?: number;
+};
+export type FhirCidResult = {
+    cid: string;
+    versionId: string;
+    canonicalJson: string;
+    digestHex: string;
+};
+export type ClaimsCidResult = {
+    cid: string;
+    canonicalJson: string;
+    digestHex: string;
+};
+export type FhirCidVersionMapping = {
+    resourceType?: string;
+    resourceId?: string;
+    fullUrl?: string;
+    cid: string;
+    versionId: string;
+};
+export declare function canonicalizeFhirResource(resource: Record<string, unknown>, options?: FhirCanonicalizationOptions): string;
+export declare function buildCidV1FromCanonicalJson(canonicalJson: string, multicodecCode?: number): FhirCidResult;
+export declare function canonicalizeClaimsForCid(claims: Record<string, unknown>): string;
+export declare function claimsToCid(claims: Record<string, unknown>): ClaimsCidResult;
+export declare function assignCidToClaimsId(claims: Record<string, unknown>): {
+    claims: Record<string, unknown>;
+    cid: string;
+};
+export declare function fhirResourceToCid(resource: Record<string, unknown>, options?: FhirCidBuildOptions): FhirCidResult;
+export declare function assignCidToFhirResourceVersionId(resource: Record<string, unknown>, options?: FhirCidBuildOptions): {
+    resource: Record<string, unknown>;
+    mapping: FhirCidVersionMapping;
+};
+export declare function assignCidToFhirBundleEntries(bundle: Record<string, unknown>, options?: FhirCidBuildOptions): {
+    bundle: Record<string, unknown>;
+    mappings: FhirCidVersionMapping[];
+};

package/dist/utils/fhir-cid.js

@@ -0,0 +1,152 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+import { sha256 } from '@noble/hashes/sha2.js';
+import { utf8ToBytes } from '@noble/hashes/utils.js';
+import { encodeMultibase58btc } from './multibase58.js';
+const DEFAULT_MULTICODEC_DAG_JSON = 0x0129;
+const MULTIHASH_SHA2_256_CODE = 0x12;
+const MULTIHASH_SHA2_256_LEN = 32;
+const CID_V1 = 0x01;
+function toHex(bytes) {
+    return Buffer.from(bytes).toString('hex');
+}
+function encodeVarint(value) {
+    if (!Number.isInteger(value) || value < 0) {
+        throw new Error(`Invalid varint value: ${value}`);
+    }
+    const out = [];
+    let n = value >>> 0;
+    while (n >= 0x80) {
+        out.push((n & 0x7f) | 0x80);
+        n >>>= 7;
+    }
+    out.push(n);
+    return Uint8Array.from(out);
+}
+function concatBytes(...parts) {
+    const total = parts.reduce((acc, part) => acc + part.length, 0);
+    const out = new Uint8Array(total);
+    let offset = 0;
+    for (const part of parts) {
+        out.set(part, offset);
+        offset += part.length;
+    }
+    return out;
+}
+function canonicalizeValue(value, options, depth) {
+    if (Array.isArray(value)) {
+        // FHIR array order can be significant; preserve order, canonicalize each element.
+        return value.map((entry) => canonicalizeValue(entry, options, depth + 1));
+    }
+    if (value && typeof value === 'object') {
+        const asRecord = value;
+        const keys = Object.keys(asRecord).sort();
+        const out = {};
+        for (const key of keys) {
+            if (options.stripNarrativeText && depth === 0 && key === 'text') {
+                continue;
+            }
+            if (options.stripNestedElementIds && depth > 0 && key === 'id') {
+                continue;
+            }
+            let next = asRecord[key];
+            if (next === undefined)
+                continue;
+            if (options.stripMetaVersionId && key === 'meta' && next && typeof next === 'object' && !Array.isArray(next)) {
+                const metaRecord = { ...next };
+                delete metaRecord.versionId;
+                next = metaRecord;
+            }
+            out[key] = canonicalizeValue(next, options, depth + 1);
+        }
+        return out;
+    }
+    return value;
+}
+export function canonicalizeFhirResource(resource, options = {}) {
+    const normalizedOptions = {
+        stripMetaVersionId: options.stripMetaVersionId ?? true,
+        stripNarrativeText: options.stripNarrativeText ?? false,
+        stripNestedElementIds: options.stripNestedElementIds ?? false,
+    };
+    const normalized = canonicalizeValue(resource, normalizedOptions, 0);
+    return JSON.stringify(normalized);
+}
+export function buildCidV1FromCanonicalJson(canonicalJson, multicodecCode = DEFAULT_MULTICODEC_DAG_JSON) {
+    const digest = sha256(utf8ToBytes(canonicalJson));
+    const multihash = concatBytes(Uint8Array.from([MULTIHASH_SHA2_256_CODE, MULTIHASH_SHA2_256_LEN]), digest);
+    const cidBytes = concatBytes(encodeVarint(CID_V1), encodeVarint(multicodecCode), multihash);
+    const cid = encodeMultibase58btc(cidBytes);
+    return {
+        cid,
+        versionId: cid,
+        canonicalJson,
+        digestHex: toHex(digest),
+    };
+}
+export function canonicalizeClaimsForCid(claims) {
+    const stripped = { ...(claims || {}) };
+    delete stripped['@context'];
+    delete stripped['@type'];
+    delete stripped['@id'];
+    const normalized = canonicalizeValue(stripped, {
+        stripMetaVersionId: false,
+        stripNarrativeText: false,
+        stripNestedElementIds: false,
+    }, 0);
+    return JSON.stringify(normalized);
+}
+export function claimsToCid(claims) {
+    const canonicalJson = canonicalizeClaimsForCid(claims);
+    const cidData = buildCidV1FromCanonicalJson(canonicalJson, DEFAULT_MULTICODEC_DAG_JSON);
+    return {
+        cid: cidData.cid,
+        canonicalJson,
+        digestHex: cidData.digestHex,
+    };
+}
+export function assignCidToClaimsId(claims) {
+    const out = JSON.parse(JSON.stringify(claims || {}));
+    const { cid } = claimsToCid(out);
+    out['@id'] = cid;
+    return {
+        claims: out,
+        cid,
+    };
+}
+export function fhirResourceToCid(resource, options = {}) {
+    const canonicalJson = canonicalizeFhirResource(resource, options.canonicalization);
+    return buildCidV1FromCanonicalJson(canonicalJson, options.multicodecCode ?? DEFAULT_MULTICODEC_DAG_JSON);
+}
+export function assignCidToFhirResourceVersionId(resource, options = {}) {
+    const cid = fhirResourceToCid(resource, options);
+    const out = JSON.parse(JSON.stringify(resource));
+    const meta = (out.meta && typeof out.meta === 'object' && !Array.isArray(out.meta))
+        ? { ...out.meta }
+        : {};
+    meta.versionId = cid.versionId;
+    out.meta = meta;
+    return {
+        resource: out,
+        mapping: {
+            resourceType: String(out.resourceType || ''),
+            resourceId: out.id ? String(out.id) : undefined,
+            cid: cid.cid,
+            versionId: cid.versionId,
+        },
+    };
+}
+export function assignCidToFhirBundleEntries(bundle, options = {}) {
+    const out = JSON.parse(JSON.stringify(bundle));
+    const entries = Array.isArray(out.entry) ? out.entry : [];
+    const mappings = [];
+    for (const entry of entries) {
+        const resource = entry?.resource;
+        if (!resource || typeof resource !== 'object' || Array.isArray(resource))
+            continue;
+        const assigned = assignCidToFhirResourceVersionId(resource, options);
+        entry.resource = assigned.resource;
+        assigned.mapping.fullUrl = entry.fullUrl ? String(entry.fullUrl) : undefined;
+        mappings.push(assigned.mapping);
+    }
+    return { bundle: out, mappings };
+}

package/dist/utils/index.d.ts

@@ -3,9 +3,11 @@ export * from './base-convert';
 export * from './baseN';
 export * from './bundle';
 export * from './content';
+export * from './consent';
 export * from './did';
 export * from './didcomm';
 export * from './format-converter';
+export * from './fhir-cid';
 export * from './jwt';
 export * from './manager-error';
 export * from './multibase58';

package/dist/utils/index.js

@@ -3,9 +3,11 @@ export * from './base-convert.js';
 export * from './baseN.js';
 export * from './bundle.js';
 export * from './content.js';
+export * from './consent.js';
 export * from './did.js';
 export * from './didcomm.js';
 export * from './format-converter.js';
+export * from './fhir-cid.js';
 export * from './jwt.js';
 export * from './manager-error.js';
 export * from './multibase58.js';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gdc-common-utils-ts",
-  "version": "1.2.0",
+  "version": "1.4.1",
   "publishConfig": {
     "access": "public"
   },
@@ -69,6 +69,18 @@
     "./interfaces": {
       "types": "./dist/interfaces/index.d.ts",
       "default": "./dist/interfaces/index.js"
+    },
+    "./storage": {
+      "types": "./dist/storage/index.d.ts",
+      "default": "./dist/storage/index.js"
+    },
+    "./storage/*": {
+      "types": "./dist/storage/*.d.ts",
+      "default": "./dist/storage/*.js"
+    },
+    "./adapters/node/crypto": {
+      "types": "./dist/adapters/node/crypto.d.ts",
+      "default": "./dist/adapters/node/crypto.js"
     }
   },
   "files": [