gdc-common-utils-ts 1.6.0 → 1.7.0

package/dist/constants/index.d.ts

@@ -12,3 +12,5 @@ export * from './vital-signs';
 export * from './network';
 export * from './sectors';
 export * from './smart';
+export * from './service-capabilities';
+export * from './verifiable-credentials';

package/dist/constants/index.js

@@ -12,3 +12,5 @@ export * from './vital-signs.js';
 export * from './network.js';
 export * from './sectors.js';
 export * from './smart.js';
+export * from './service-capabilities.js';
+export * from './verifiable-credentials.js';

package/dist/constants/service-capabilities.d.ts

@@ -0,0 +1,53 @@
+/**
+ * Canonical capability families persisted through
+ * `org.schema.Service.serviceType`.
+ */
+export declare const ServiceCapabilityFamily: {
+    readonly Indexing: "indexing";
+    readonly DigitalTwin: "digitaltwin";
+};
+export type ServiceCapabilityFamilyValue = typeof ServiceCapabilityFamily[keyof typeof ServiceCapabilityFamily];
+/**
+ * Canonical capability tokens currently documented for tenant activation.
+ *
+ * The family prefix is the stable part of the contract. Suffixes such as
+ * `.rs` and `.cruds` can evolve independently across runtimes.
+ */
+export declare const ServiceCapabilityToken: {
+    readonly IndexingReadSearch: "indexing.rs";
+    readonly IndexingCruds: "indexing.cruds";
+    readonly DigitalTwinReadSearch: "digitaltwin.rs";
+    readonly DigitalTwinCruds: "digitaltwin.cruds";
+};
+export type ServiceCapabilityTokenValue = typeof ServiceCapabilityToken[keyof typeof ServiceCapabilityToken];
+/**
+ * SDK-facing capability names.
+ *
+ * These names are intentionally more explicit than the persisted claim tokens:
+ * - `Provider` maps to write/manage capability (`*.cruds`)
+ * - `Reader` maps to read/search capability (`*.rs`)
+ */
+export declare const ServiceCapability: {
+    readonly IndexingProvider: "indexing.cruds";
+    readonly IndexingReader: "indexing.rs";
+    readonly DigitalTwinProvider: "digitaltwin.cruds";
+    readonly DigitalTwinReader: "digitaltwin.rs";
+};
+export type ServiceCapabilityValue = typeof ServiceCapability[keyof typeof ServiceCapability];
+/**
+ * Parses the CSV stored in `org.schema.Service.serviceType`.
+ */
+export declare function parseServiceCapabilityTokens(value: unknown): string[];
+/**
+ * Serializes capability tokens into the canonical CSV claim format.
+ */
+export declare function serializeServiceCapabilityTokens(values: ReadonlyArray<string | undefined | null>): string | undefined;
+/**
+ * Returns the capability family prefix from a token.
+ */
+export declare function getServiceCapabilityFamily(value: string | undefined): string | undefined;
+/**
+ * Checks whether the claim contains at least one capability from the requested
+ * family.
+ */
+export declare function hasServiceCapabilityFamily(value: unknown, family: ServiceCapabilityFamilyValue | string): boolean;

package/dist/constants/service-capabilities.js

@@ -0,0 +1,72 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+// Always create JSDoc, do not use strings inline in keys nor values, use types instead, and reuse the data test examples.
+/**
+ * Canonical capability families persisted through
+ * `org.schema.Service.serviceType`.
+ */
+export const ServiceCapabilityFamily = {
+    Indexing: 'indexing',
+    DigitalTwin: 'digitaltwin',
+};
+/**
+ * Canonical capability tokens currently documented for tenant activation.
+ *
+ * The family prefix is the stable part of the contract. Suffixes such as
+ * `.rs` and `.cruds` can evolve independently across runtimes.
+ */
+export const ServiceCapabilityToken = {
+    IndexingReadSearch: 'indexing.rs',
+    IndexingCruds: 'indexing.cruds',
+    DigitalTwinReadSearch: 'digitaltwin.rs',
+    DigitalTwinCruds: 'digitaltwin.cruds',
+};
+/**
+ * SDK-facing capability names.
+ *
+ * These names are intentionally more explicit than the persisted claim tokens:
+ * - `Provider` maps to write/manage capability (`*.cruds`)
+ * - `Reader` maps to read/search capability (`*.rs`)
+ */
+export const ServiceCapability = {
+    IndexingProvider: ServiceCapabilityToken.IndexingCruds,
+    IndexingReader: ServiceCapabilityToken.IndexingReadSearch,
+    DigitalTwinProvider: ServiceCapabilityToken.DigitalTwinCruds,
+    DigitalTwinReader: ServiceCapabilityToken.DigitalTwinReadSearch,
+};
+/**
+ * Parses the CSV stored in `org.schema.Service.serviceType`.
+ */
+export function parseServiceCapabilityTokens(value) {
+    return Array.from(new Set(String(value || '')
+        .split(',')
+        .map((item) => item.trim())
+        .filter(Boolean)));
+}
+/**
+ * Serializes capability tokens into the canonical CSV claim format.
+ */
+export function serializeServiceCapabilityTokens(values) {
+    const normalized = Array.from(new Set(values
+        .map((item) => String(item || '').trim())
+        .filter(Boolean)));
+    return normalized.length ? normalized.join(',') : undefined;
+}
+/**
+ * Returns the capability family prefix from a token.
+ */
+export function getServiceCapabilityFamily(value) {
+    const normalized = String(value || '').trim().toLowerCase();
+    if (!normalized)
+        return undefined;
+    return normalized.split('.')[0] || undefined;
+}
+/**
+ * Checks whether the claim contains at least one capability from the requested
+ * family.
+ */
+export function hasServiceCapabilityFamily(value, family) {
+    const normalizedFamily = String(family || '').trim().toLowerCase();
+    if (!normalizedFamily)
+        return false;
+    return parseServiceCapabilityTokens(value).some((item) => getServiceCapabilityFamily(item) === normalizedFamily);
+}

package/dist/constants/verifiable-credentials.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Canonical W3C credential contexts reused by activation/VP helpers and tests.
+ *
+ * Keep these values centralized so examples and unit suites do not re-hardcode
+ * W3C context URLs inline.
+ */
+export declare const W3cCredentialContexts: Readonly<{
+    V1: "https://www.w3.org/2018/credentials/v1";
+    V2: "https://www.w3.org/ns/credentials/v2";
+}>;
+/**
+ * Canonical W3C credential and presentation base types.
+ */
+export declare const W3cCredentialTypes: Readonly<{
+    VerifiableCredential: "VerifiableCredential";
+    VerifiablePresentation: "VerifiablePresentation";
+}>;
+/**
+ * Canonical activation VC subtype names currently accepted by CORE helpers.
+ *
+ * Notes:
+ * - `LegalOrganizationCredential` and `PersonCredential` remain accepted as
+ *   compatibility aliases while ICA/GW contracts converge.
+ * - Example/test code must import these constants instead of re-hardcoding the
+ *   subtype strings inline.
+ */
+export declare const ActivationCredentialTypes: Readonly<{
+    OrganizationCredential: "OrganizationCredential";
+    LegalOrganizationCredential: "LegalOrganizationCredential";
+    LegalRepresentativeCredential: "LegalRepresentativeCredential";
+    PersonCredential: "PersonCredential";
+}>;
+export declare const ORGANIZATION_ACTIVATION_VC_TYPES: readonly ("OrganizationCredential" | "LegalOrganizationCredential")[];
+export declare const REPRESENTATIVE_ACTIVATION_VC_TYPES: readonly ("LegalRepresentativeCredential" | "PersonCredential")[];

package/dist/constants/verifiable-credentials.js

@@ -0,0 +1,42 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+// Always create JSDoc, do not use strings inline in keys nor values, use types instead, and reuse the data test examples.
+/**
+ * Canonical W3C credential contexts reused by activation/VP helpers and tests.
+ *
+ * Keep these values centralized so examples and unit suites do not re-hardcode
+ * W3C context URLs inline.
+ */
+export const W3cCredentialContexts = Object.freeze({
+    V1: 'https://www.w3.org/2018/credentials/v1',
+    V2: 'https://www.w3.org/ns/credentials/v2',
+});
+/**
+ * Canonical W3C credential and presentation base types.
+ */
+export const W3cCredentialTypes = Object.freeze({
+    VerifiableCredential: 'VerifiableCredential',
+    VerifiablePresentation: 'VerifiablePresentation',
+});
+/**
+ * Canonical activation VC subtype names currently accepted by CORE helpers.
+ *
+ * Notes:
+ * - `LegalOrganizationCredential` and `PersonCredential` remain accepted as
+ *   compatibility aliases while ICA/GW contracts converge.
+ * - Example/test code must import these constants instead of re-hardcoding the
+ *   subtype strings inline.
+ */
+export const ActivationCredentialTypes = Object.freeze({
+    OrganizationCredential: 'OrganizationCredential',
+    LegalOrganizationCredential: 'LegalOrganizationCredential',
+    LegalRepresentativeCredential: 'LegalRepresentativeCredential',
+    PersonCredential: 'PersonCredential',
+});
+export const ORGANIZATION_ACTIVATION_VC_TYPES = Object.freeze([
+    ActivationCredentialTypes.OrganizationCredential,
+    ActivationCredentialTypes.LegalOrganizationCredential,
+]);
+export const REPRESENTATIVE_ACTIVATION_VC_TYPES = Object.freeze([
+    ActivationCredentialTypes.LegalRepresentativeCredential,
+    ActivationCredentialTypes.PersonCredential,
+]);

package/dist/examples/api-flow-examples.d.ts

@@ -6,6 +6,7 @@
  * while preserving a stable migration target for older imports.
  */
 export * from './shared';
+export * from './ica-activation-proof';
 export * from './organization-controller';
 export * from './individual-controller';
 export * from './professional';

package/dist/examples/api-flow-examples.js

@@ -7,6 +7,7 @@
  * while preserving a stable migration target for older imports.
  */
 export * from './shared.js';
+export * from './ica-activation-proof.js';
 export * from './organization-controller.js';
 export * from './individual-controller.js';
 export * from './professional.js';

package/dist/examples/consent-access.d.ts

@@ -1,7 +1,8 @@
+import { ClaimConsent, type ConsentRule } from '../models/consent-rule';
+import { EXAMPLE_EMAIL_PROFESSIONAL, EXAMPLE_EMAIL_RELATED_PERSON } from './shared';
 export declare const EXAMPLE_INDIVIDUAL_DID_WEB: "did:web:api.acme.org:individual:123";
 export declare const EXAMPLE_PROVIDER_ORGANIZATION_DID_WEB: "did:web:hospital.acme.org";
-export declare const EXAMPLE_EMAIL_PROFESSIONAL: "doctor.oncall@example.org";
-export declare const EXAMPLE_EMAIL_RELATED_PERSON: "parent.guardian@example.org";
+export { EXAMPLE_EMAIL_PROFESSIONAL, EXAMPLE_EMAIL_RELATED_PERSON };
 export declare const EXAMPLE_CONSENT_ACCESS_JURISDICTION: "ES";
 /**
  * Legacy compatibility aliases kept so older docs/tests/imports continue to work
@@ -12,132 +13,15 @@ export declare const EXAMPLE_CONSENT_ACCESS_PROVIDER_DID: "did:web:hospital.acme
 export declare const EXAMPLE_CONSENT_ACCESS_PROVIDER_EMAIL: "doctor.oncall@example.org";
 export declare const EXAMPLE_CONSENT_ACCESS_RELATED_PERSON_EMAIL: "parent.guardian@example.org";
 export declare const EXAMPLE_CONSENT_ACCESS_RULES: Readonly<{
-    physicianByEmailContinuousCare: {
-        readonly 'Consent.date': "2026-05-20";
-        readonly 'Consent.period-end'?: string | undefined;
-        readonly 'Consent.period-start'?: string | undefined;
-        readonly 'Consent.resourceType'?: string | undefined;
-        readonly '@context': "org.hl7.fhir.api";
-        readonly 'Consent.identifier': string;
-        readonly 'Consent.subject': "did:web:api.acme.org:individual:123";
-        readonly 'Consent.actor-identifier': string;
-        readonly 'Consent.actor-role': string;
-        readonly 'Consent.decision': "permit" | "deny";
-        readonly 'Consent.purpose': string;
-        readonly 'Consent.action': string;
-    };
-    physicianByEmailEmergency: {
-        readonly 'Consent.date': "2026-05-20";
-        readonly 'Consent.period-end'?: string | undefined;
-        readonly 'Consent.period-start'?: string | undefined;
-        readonly 'Consent.resourceType'?: string | undefined;
-        readonly '@context': "org.hl7.fhir.api";
-        readonly 'Consent.identifier': string;
-        readonly 'Consent.subject': "did:web:api.acme.org:individual:123";
-        readonly 'Consent.actor-identifier': string;
-        readonly 'Consent.actor-role': string;
-        readonly 'Consent.decision': "permit" | "deny";
-        readonly 'Consent.purpose': string;
-        readonly 'Consent.action': string;
-    };
-    physicianByOrganizationContinuousCare: {
-        readonly 'Consent.date': "2026-05-20";
-        readonly 'Consent.period-end'?: string | undefined;
-        readonly 'Consent.period-start'?: string | undefined;
-        readonly 'Consent.resourceType'?: string | undefined;
-        readonly '@context': "org.hl7.fhir.api";
-        readonly 'Consent.identifier': string;
-        readonly 'Consent.subject': "did:web:api.acme.org:individual:123";
-        readonly 'Consent.actor-identifier': string;
-        readonly 'Consent.actor-role': string;
-        readonly 'Consent.decision': "permit" | "deny";
-        readonly 'Consent.purpose': string;
-        readonly 'Consent.action': string;
-    };
-    physicianByJurisdictionEmergency: {
-        readonly 'Consent.date': "2026-05-20";
-        readonly 'Consent.period-end'?: string | undefined;
-        readonly 'Consent.period-start'?: string | undefined;
-        readonly 'Consent.resourceType'?: string | undefined;
-        readonly '@context': "org.hl7.fhir.api";
-        readonly 'Consent.identifier': string;
-        readonly 'Consent.subject': "did:web:api.acme.org:individual:123";
-        readonly 'Consent.actor-identifier': string;
-        readonly 'Consent.actor-role': string;
-        readonly 'Consent.decision': "permit" | "deny";
-        readonly 'Consent.purpose': string;
-        readonly 'Consent.action': string;
-    };
-    nurseByOrganization: {
-        readonly 'Consent.date': "2026-05-20";
-        readonly 'Consent.period-end'?: string | undefined;
-        readonly 'Consent.period-start'?: string | undefined;
-        readonly 'Consent.resourceType'?: string | undefined;
-        readonly '@context': "org.hl7.fhir.api";
-        readonly 'Consent.identifier': string;
-        readonly 'Consent.subject': "did:web:api.acme.org:individual:123";
-        readonly 'Consent.actor-identifier': string;
-        readonly 'Consent.actor-role': string;
-        readonly 'Consent.decision': "permit" | "deny";
-        readonly 'Consent.purpose': string;
-        readonly 'Consent.action': string;
-    };
-    paramedicByJurisdiction: {
-        readonly 'Consent.date': "2026-05-20";
-        readonly 'Consent.period-end'?: string | undefined;
-        readonly 'Consent.period-start'?: string | undefined;
-        readonly 'Consent.resourceType'?: string | undefined;
-        readonly '@context': "org.hl7.fhir.api";
-        readonly 'Consent.identifier': string;
-        readonly 'Consent.subject': "did:web:api.acme.org:individual:123";
-        readonly 'Consent.actor-identifier': string;
-        readonly 'Consent.actor-role': string;
-        readonly 'Consent.decision': "permit" | "deny";
-        readonly 'Consent.purpose': string;
-        readonly 'Consent.action': string;
-    };
-    directPhysicianDenyInsideAllowedOrganization: {
-        readonly 'Consent.date': "2026-05-20";
-        readonly 'Consent.period-end'?: string | undefined;
-        readonly 'Consent.period-start'?: string | undefined;
-        readonly 'Consent.resourceType'?: string | undefined;
-        readonly '@context': "org.hl7.fhir.api";
-        readonly 'Consent.identifier': string;
-        readonly 'Consent.subject': "did:web:api.acme.org:individual:123";
-        readonly 'Consent.actor-identifier': string;
-        readonly 'Consent.actor-role': string;
-        readonly 'Consent.decision': "permit" | "deny";
-        readonly 'Consent.purpose': string;
-        readonly 'Consent.action': string;
-    };
-    relatedPersonByEmail: {
-        readonly 'Consent.date': "2026-05-20";
-        readonly 'Consent.period-end'?: string | undefined;
-        readonly 'Consent.period-start'?: string | undefined;
-        readonly 'Consent.resourceType'?: string | undefined;
-        readonly '@context': "org.hl7.fhir.api";
-        readonly 'Consent.identifier': string;
-        readonly 'Consent.subject': "did:web:api.acme.org:individual:123";
-        readonly 'Consent.actor-identifier': string;
-        readonly 'Consent.actor-role': string;
-        readonly 'Consent.decision': "permit" | "deny";
-        readonly 'Consent.purpose': string;
-        readonly 'Consent.action': string;
-    };
-    revokedPhysicianEmailConsent: {
-        readonly 'Consent.date': "2026-05-20";
-        readonly 'Consent.period-end'?: string | undefined;
-        readonly 'Consent.period-start'?: string | undefined;
-        readonly 'Consent.resourceType'?: string | undefined;
-        readonly '@context': "org.hl7.fhir.api";
-        readonly 'Consent.identifier': string;
-        readonly 'Consent.subject': "did:web:api.acme.org:individual:123";
-        readonly 'Consent.actor-identifier': string;
-        readonly 'Consent.actor-role': string;
-        readonly 'Consent.decision': "permit" | "deny";
-        readonly 'Consent.purpose': string;
-        readonly 'Consent.action': string;
-    };
+    physicianByEmailContinuousCare: ConsentRule & Partial<Record<ClaimConsent.resourceType, string>>;
+    physicianByEmailEmergency: ConsentRule & Partial<Record<ClaimConsent.resourceType, string>>;
+    physicianByOrganizationContinuousCare: ConsentRule & Partial<Record<ClaimConsent.resourceType, string>>;
+    physicianByJurisdictionEmergency: ConsentRule & Partial<Record<ClaimConsent.resourceType, string>>;
+    nurseByOrganization: ConsentRule & Partial<Record<ClaimConsent.resourceType, string>>;
+    paramedicByJurisdiction: ConsentRule & Partial<Record<ClaimConsent.resourceType, string>>;
+    directPhysicianDenyInsideAllowedOrganization: ConsentRule & Partial<Record<ClaimConsent.resourceType, string>>;
+    relatedPersonByEmail: ConsentRule & Partial<Record<ClaimConsent.resourceType, string>>;
+    revokedPhysicianEmailConsent: ConsentRule & Partial<Record<ClaimConsent.resourceType, string>>;
 }>;
 export declare const EXAMPLE_CONSENT_PHONE_EXTENSION_PENDING: Readonly<{
     target: "tel:+34600111222";

package/dist/examples/consent-access.js

@@ -1,11 +1,12 @@
 // Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
 import { HealthcareActorRoles, HealthcareBasicSections, HealthcareConsentPurposes, } from '../constants/healthcare.js';
+import { ClaimConsent } from '../models/consent-rule.js';
 import { ResourceTypesFhirR4 } from '../constants/fhir-resource-types.js';
-export const EXAMPLE_INDIVIDUAL_DID_WEB = 'did:web:api.acme.org:individual:123';
-export const EXAMPLE_PROVIDER_ORGANIZATION_DID_WEB = 'did:web:hospital.acme.org';
-export const EXAMPLE_EMAIL_PROFESSIONAL = 'doctor.oncall@example.org';
-export const EXAMPLE_EMAIL_RELATED_PERSON = 'parent.guardian@example.org';
-export const EXAMPLE_CONSENT_ACCESS_JURISDICTION = 'ES';
+import { EXAMPLE_CONSENT_DATE, EXAMPLE_CONSENT_PERIOD_END, EXAMPLE_EMAIL_PROFESSIONAL, EXAMPLE_EMAIL_RELATED_PERSON, EXAMPLE_HEALTHCARE_JURISDICTION, EXAMPLE_PROVIDER_ORGANIZATION_DID, EXAMPLE_RELATED_PERSON_ROLE, EXAMPLE_SUBJECT_DID, } from './shared.js';
+export const EXAMPLE_INDIVIDUAL_DID_WEB = EXAMPLE_SUBJECT_DID;
+export const EXAMPLE_PROVIDER_ORGANIZATION_DID_WEB = EXAMPLE_PROVIDER_ORGANIZATION_DID;
+export { EXAMPLE_EMAIL_PROFESSIONAL, EXAMPLE_EMAIL_RELATED_PERSON };
+export const EXAMPLE_CONSENT_ACCESS_JURISDICTION = EXAMPLE_HEALTHCARE_JURISDICTION;
 /**
  * Legacy compatibility aliases kept so older docs/tests/imports continue to work
  * while the canonical variable names converge.
@@ -14,20 +15,28 @@ export const EXAMPLE_CONSENT_ACCESS_SUBJECT = EXAMPLE_INDIVIDUAL_DID_WEB;
 export const EXAMPLE_CONSENT_ACCESS_PROVIDER_DID = EXAMPLE_PROVIDER_ORGANIZATION_DID_WEB;
 export const EXAMPLE_CONSENT_ACCESS_PROVIDER_EMAIL = EXAMPLE_EMAIL_PROFESSIONAL;
 export const EXAMPLE_CONSENT_ACCESS_RELATED_PERSON_EMAIL = EXAMPLE_EMAIL_RELATED_PERSON;
+/**
+ * Consent example builder used by docs/tests.
+ *
+ * Contract note:
+ * repeated actor identifiers, dates, jurisdictions, role fixtures, and
+ * canonical consent claim keys must be imported, never re-hardcoded inline in
+ * each example rule.
+ */
 function buildRule(input) {
     return {
         '@context': 'org.hl7.fhir.api',
-        'Consent.identifier': input.identifier,
-        'Consent.subject': EXAMPLE_INDIVIDUAL_DID_WEB,
-        'Consent.actor-identifier': input.actorIdentifier,
-        'Consent.actor-role': input.actorRole,
-        'Consent.decision': input.decision || 'permit',
-        'Consent.purpose': input.purpose,
-        'Consent.action': input.actions.join(','),
-        ...(input.resourceTypes?.length ? { 'Consent.resourceType': input.resourceTypes.join(',') } : {}),
-        ...(input.periodStart ? { 'Consent.period-start': input.periodStart } : {}),
-        ...(input.periodEnd ? { 'Consent.period-end': input.periodEnd } : {}),
-        'Consent.date': '2026-05-20',
+        [ClaimConsent.identifier]: input.identifier,
+        [ClaimConsent.subject]: EXAMPLE_INDIVIDUAL_DID_WEB,
+        [ClaimConsent.actorIdentifier]: input.actorIdentifier,
+        [ClaimConsent.actorRole]: input.actorRole,
+        [ClaimConsent.decision]: input.decision || 'permit',
+        [ClaimConsent.purpose]: input.purpose,
+        [ClaimConsent.action]: input.actions.join(','),
+        ...(input.resourceTypes?.length ? { [ClaimConsent.resourceType]: input.resourceTypes.join(',') } : {}),
+        ...(input.periodStart ? { [ClaimConsent.periodStart]: input.periodStart } : {}),
+        ...(input.periodEnd ? { [ClaimConsent.periodEnd]: input.periodEnd } : {}),
+        [ClaimConsent.date]: EXAMPLE_CONSENT_DATE,
     };
 }
 export const EXAMPLE_CONSENT_ACCESS_RULES = Object.freeze({
@@ -91,7 +100,7 @@ export const EXAMPLE_CONSENT_ACCESS_RULES = Object.freeze({
     relatedPersonByEmail: buildRule({
         identifier: 'urn:uuid:consent-related-person-email',
         actorIdentifier: EXAMPLE_EMAIL_RELATED_PERSON,
-        actorRole: 'v3-RoleCode|RESPRSN',
+        actorRole: EXAMPLE_RELATED_PERSON_ROLE,
         purpose: HealthcareConsentPurposes.Treatment,
         actions: [HealthcareBasicSections.PatientSummaryDocument.claim],
         resourceTypes: [ResourceTypesFhirR4.Composition, ResourceTypesFhirR4.DocumentReference],
@@ -102,7 +111,7 @@ export const EXAMPLE_CONSENT_ACCESS_RULES = Object.freeze({
         actorRole: HealthcareActorRoles.Physician,
         purpose: HealthcareConsentPurposes.EmergencyTreatment,
         actions: [HealthcareBasicSections.PatientSummaryDocument.claim],
-        periodEnd: '2026-05-01T00:00:00Z',
+        periodEnd: EXAMPLE_CONSENT_PERIOD_END,
     }),
 });
 export const EXAMPLE_CONSENT_PHONE_EXTENSION_PENDING = Object.freeze({

package/dist/examples/contract-examples.d.ts

@@ -6,6 +6,7 @@
  * breaking while the examples are reorganized by flow/case of use.
  */
 export * from './shared';
+export * from './ica-activation-proof';
 export * from './organization-controller';
 export * from './individual-controller';
 export * from './professional';

package/dist/examples/contract-examples.js

@@ -7,6 +7,7 @@
  * breaking while the examples are reorganized by flow/case of use.
  */
 export * from './shared.js';
+export * from './ica-activation-proof.js';
 export * from './organization-controller.js';
 export * from './individual-controller.js';
 export * from './professional.js';

package/dist/examples/frontend-session.d.ts

@@ -1,7 +1,3 @@
-/**
- * Examples for frontend session/profile bootstrap flows.
- */
-export declare const EXAMPLE_PROFILE_PROVIDER_DID = "did:web:provider.example.org";
 export declare const EXAMPLE_PROFILE_SESSION_INPUT: {
     readonly profileId: " profile-1 ";
     readonly email: " user@example.com ";

package/dist/examples/frontend-session.js

@@ -1,18 +1,24 @@
 // Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
 /**
  * Examples for frontend session/profile bootstrap flows.
+ *
+ * Note:
+ *
+ * - profile/provider identifiers in this file are synthetic fixtures imported
+ *   from `./shared`
+ * - do not inline DID/email/profile literals directly in frontend examples
  */
-export const EXAMPLE_PROFILE_PROVIDER_DID = 'did:web:provider.example.org';
+import { EXAMPLE_PROFILE_EMAIL, EXAMPLE_PROFILE_ID, EXAMPLE_PROFILE_ORGANIZATION_DID, } from './shared.js';
 export const EXAMPLE_PROFILE_SESSION_INPUT = {
-    profileId: ' profile-1 ',
-    email: ' user@example.com ',
+    profileId: ` ${EXAMPLE_PROFILE_ID} `,
+    email: ` ${EXAMPLE_PROFILE_EMAIL} `,
     role: ' controller ',
-    providerDid: ' did:web:org.example ',
+    providerDid: ` ${EXAMPLE_PROFILE_ORGANIZATION_DID} `,
     appType: 'Family',
 };
 export const EXAMPLE_PROFILE_REGISTRY_ENTRY = {
-    id: 'profile-1',
-    email: 'user@example.com',
+    id: EXAMPLE_PROFILE_ID,
+    email: EXAMPLE_PROFILE_EMAIL,
     role: 'controller',
-    providerDid: 'did:web:org.example',
+    providerDid: EXAMPLE_PROFILE_ORGANIZATION_DID,
 };

package/dist/examples/ica-activation-proof.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Shared synthetic ICA activation-proof fixtures reused by docs/tests.
+ *
+ * Contract note:
+ * - issuer/holder/audience DIDs, VC subtype names, and representative binding
+ *   fields must be imported from this module instead of re-hardcoded inline
+ * - the representative `hasCredential.material` shape below reflects the
+ *   current `activation-policy` helper contract; if ICA finalizes a different
+ *   VC shape, update this module first and then the dependent helpers/tests
+ */
+export declare const EXAMPLE_ICA_VP_ISSUER_DID: "did:web:controller.example.org";
+export declare const EXAMPLE_ICA_VP_AUDIENCE_DID: "did:web:host.example.com";
+export declare const EXAMPLE_ICA_VP_HOLDER_DID: "did:web:controller.example.org";
+export declare const EXAMPLE_ICA_ORGANIZATION_DID: "did:web:org.example.org";
+export declare const EXAMPLE_ICA_REPRESENTATIVE_DID: "did:web:rep.example.org";
+export declare const EXAMPLE_ICA_ORGANIZATION_TAX_ID: "ESB00112233";
+export declare const EXAMPLE_ICA_REPRESENTATIVE_ROLE_CODE: "RESPRSN";
+export declare const EXAMPLE_ICA_REPRESENTATIVE_BINDING_MATERIAL: "controller-sig-kid";
+export declare const EXAMPLE_ICA_ORGANIZATION_CREDENTIAL: Readonly<{
+    '@context': string[];
+    type: ("VerifiableCredential" | "OrganizationCredential")[];
+    credentialSubject: {
+        id: "did:web:org.example.org";
+        taxID: "ESB00112233";
+    };
+}>;
+export declare const EXAMPLE_ICA_LEGAL_REPRESENTATIVE_CREDENTIAL: Readonly<{
+    '@context': string[];
+    type: ("VerifiableCredential" | "LegalRepresentativeCredential")[];
+    credentialSubject: {
+        id: "did:web:rep.example.org";
+        memberOf: {
+            taxID: "ESB00112233";
+        };
+        hasOccupation: {
+            identifier: {
+                value: "RESPRSN";
+            };
+        };
+        hasCredential: {
+            material: "controller-sig-kid";
+        };
+    };
+}>;
+export declare const EXAMPLE_ICA_ACTIVATION_VP_PAYLOAD: Readonly<{
+    iss: "did:web:controller.example.org";
+    sub: "did:web:controller.example.org";
+    aud: "did:web:host.example.com";
+    vp: {
+        '@context': "https://www.w3.org/2018/credentials/v1"[];
+        type: "VerifiablePresentation"[];
+        holder: "did:web:controller.example.org";
+        verifiableCredential: string[];
+    };
+}>;

package/dist/examples/ica-activation-proof.js

@@ -0,0 +1,67 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+// Always create JSDoc, do not use strings inline in keys nor values, use types instead, and reuse the data test examples.
+import { ActivationCredentialTypes, W3cCredentialContexts, W3cCredentialTypes, } from '../constants/verifiable-credentials.js';
+/**
+ * Shared synthetic ICA activation-proof fixtures reused by docs/tests.
+ *
+ * Contract note:
+ * - issuer/holder/audience DIDs, VC subtype names, and representative binding
+ *   fields must be imported from this module instead of re-hardcoded inline
+ * - the representative `hasCredential.material` shape below reflects the
+ *   current `activation-policy` helper contract; if ICA finalizes a different
+ *   VC shape, update this module first and then the dependent helpers/tests
+ */
+export const EXAMPLE_ICA_VP_ISSUER_DID = 'did:web:controller.example.org';
+export const EXAMPLE_ICA_VP_AUDIENCE_DID = 'did:web:host.example.com';
+export const EXAMPLE_ICA_VP_HOLDER_DID = EXAMPLE_ICA_VP_ISSUER_DID;
+export const EXAMPLE_ICA_ORGANIZATION_DID = 'did:web:org.example.org';
+export const EXAMPLE_ICA_REPRESENTATIVE_DID = 'did:web:rep.example.org';
+export const EXAMPLE_ICA_ORGANIZATION_TAX_ID = 'ESB00112233';
+export const EXAMPLE_ICA_REPRESENTATIVE_ROLE_CODE = 'RESPRSN';
+export const EXAMPLE_ICA_REPRESENTATIVE_BINDING_MATERIAL = 'controller-sig-kid';
+export const EXAMPLE_ICA_ORGANIZATION_CREDENTIAL = Object.freeze({
+    '@context': [W3cCredentialContexts.V2, 'https://schema.org'],
+    type: [
+        W3cCredentialTypes.VerifiableCredential,
+        ActivationCredentialTypes.OrganizationCredential,
+    ],
+    credentialSubject: {
+        id: EXAMPLE_ICA_ORGANIZATION_DID,
+        taxID: EXAMPLE_ICA_ORGANIZATION_TAX_ID,
+    },
+});
+export const EXAMPLE_ICA_LEGAL_REPRESENTATIVE_CREDENTIAL = Object.freeze({
+    '@context': [W3cCredentialContexts.V2, 'https://schema.org'],
+    type: [
+        W3cCredentialTypes.VerifiableCredential,
+        ActivationCredentialTypes.LegalRepresentativeCredential,
+    ],
+    credentialSubject: {
+        id: EXAMPLE_ICA_REPRESENTATIVE_DID,
+        memberOf: {
+            taxID: EXAMPLE_ICA_ORGANIZATION_TAX_ID,
+        },
+        hasOccupation: {
+            identifier: {
+                value: EXAMPLE_ICA_REPRESENTATIVE_ROLE_CODE,
+            },
+        },
+        hasCredential: {
+            material: EXAMPLE_ICA_REPRESENTATIVE_BINDING_MATERIAL,
+        },
+    },
+});
+export const EXAMPLE_ICA_ACTIVATION_VP_PAYLOAD = Object.freeze({
+    iss: EXAMPLE_ICA_VP_ISSUER_DID,
+    sub: EXAMPLE_ICA_VP_ISSUER_DID,
+    aud: EXAMPLE_ICA_VP_AUDIENCE_DID,
+    vp: {
+        '@context': [W3cCredentialContexts.V1],
+        type: [W3cCredentialTypes.VerifiablePresentation],
+        holder: EXAMPLE_ICA_VP_HOLDER_DID,
+        verifiableCredential: [
+            JSON.stringify(EXAMPLE_ICA_ORGANIZATION_CREDENTIAL),
+            JSON.stringify(EXAMPLE_ICA_LEGAL_REPRESENTATIVE_CREDENTIAL),
+        ],
+    },
+});