gdc-common-utils-ts 2.0.17 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +0 -1
- package/dist/constants/verifiable-credentials.d.ts +7 -0
- package/dist/constants/verifiable-credentials.js +7 -0
- package/dist/examples/bundle-didcomm-payload.d.ts +11 -0
- package/dist/examples/bundle-didcomm-payload.js +13 -0
- package/dist/examples/communication-attached-bundle-session.js +2 -1
- package/dist/examples/communication-didcomm-payload.d.ts +35 -0
- package/dist/examples/communication-didcomm-payload.js +38 -0
- package/dist/examples/contract-examples.d.ts +1 -0
- package/dist/examples/contract-examples.js +1 -0
- package/dist/examples/index.d.ts +5 -0
- package/dist/examples/index.js +5 -0
- package/dist/examples/inter-tenant-access-contract.d.ts +124 -0
- package/dist/examples/inter-tenant-access-contract.js +134 -0
- package/dist/examples/profile-manager-mem.d.ts +45 -0
- package/dist/examples/profile-manager-mem.js +29 -0
- package/dist/examples/shared.d.ts +6 -0
- package/dist/examples/shared.js +6 -0
- package/dist/examples/wallet-mem.d.ts +38 -0
- package/dist/examples/wallet-mem.js +40 -0
- package/dist/index.d.ts +1 -0
- package/dist/index.js +1 -0
- package/dist/interfaces/IProfileOutboxRepository.d.ts +36 -0
- package/dist/interfaces/IProfileOutboxRepository.js +2 -0
- package/dist/interfaces/IWallet.d.ts +74 -0
- package/dist/interfaces/IWallet.js +2 -0
- package/dist/interfaces/IWalletQueue.d.ts +30 -0
- package/dist/interfaces/IWalletQueue.js +2 -0
- package/dist/interfaces/index.d.ts +8 -0
- package/dist/interfaces/index.js +8 -0
- package/dist/models/communication-attached-bundle-session.d.ts +193 -0
- package/dist/models/communication-attached-bundle-session.js +34 -0
- package/dist/models/index.d.ts +4 -0
- package/dist/models/index.js +4 -0
- package/dist/models/inter-tenant-access-contract.d.ts +105 -0
- package/dist/models/inter-tenant-access-contract.js +78 -0
- package/dist/models/interoperable-claims/diagnostic-report-claims.d.ts +1 -2
- package/dist/models/interoperable-claims/diagnostic-report-claims.js +1 -2
- package/dist/models/profile-manager.d.ts +85 -0
- package/dist/models/profile-manager.js +2 -0
- package/dist/models/wallet.d.ts +59 -0
- package/dist/models/wallet.js +22 -0
- package/dist/utils/backend-message-manager-mem.d.ts +67 -0
- package/dist/utils/backend-message-manager-mem.js +227 -0
- package/dist/utils/bundle-didcomm-payload.d.ts +29 -0
- package/dist/utils/bundle-didcomm-payload.js +48 -0
- package/dist/utils/communication-attached-bundle-session-helpers.d.ts +54 -0
- package/dist/utils/communication-attached-bundle-session-helpers.js +517 -0
- package/dist/utils/communication-attached-bundle-session.d.ts +59 -302
- package/dist/utils/communication-attached-bundle-session.js +114 -839
- package/dist/utils/communication-consent-access-editor.d.ts +85 -0
- package/dist/utils/communication-consent-access-editor.js +244 -0
- package/dist/utils/communication-didcomm-payload.d.ts +33 -0
- package/dist/utils/communication-didcomm-payload.js +75 -0
- package/dist/utils/evidence-blockchain-references.d.ts +2 -0
- package/dist/utils/evidence-blockchain-references.js +4 -0
- package/dist/utils/index.d.ts +10 -0
- package/dist/utils/index.js +10 -0
- package/dist/utils/inter-tenant-access-contract.d.ts +44 -0
- package/dist/utils/inter-tenant-access-contract.js +358 -0
- package/dist/utils/organization-authorization-urn.d.ts +43 -0
- package/dist/utils/organization-authorization-urn.js +87 -0
- package/dist/utils/profile-manager-mem.d.ts +69 -0
- package/dist/utils/profile-manager-mem.js +79 -0
- package/dist/utils/profile-outbox-memory-repository.d.ts +34 -0
- package/dist/utils/profile-outbox-memory-repository.js +57 -0
- package/dist/utils/wallet-mem.d.ts +93 -0
- package/dist/utils/wallet-mem.js +277 -0
- package/dist/utils/wallet-memory-queue.d.ts +32 -0
- package/dist/utils/wallet-memory-queue.js +82 -0
- package/package.json +1 -1
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Reusable synthetic wallet fixtures for docs and tests.
|
|
3
|
+
*
|
|
4
|
+
* Rule:
|
|
5
|
+
* - wallet-related tests must import these values instead of re-hardcoding
|
|
6
|
+
* queue ids, entity ids, thread ids, or payload strings inline
|
|
7
|
+
*/
|
|
8
|
+
export declare const EXAMPLE_WALLET_ENTITY_ID_SENDER: "wallet-entity-sender-001";
|
|
9
|
+
export declare const EXAMPLE_WALLET_ENTITY_ID_RECIPIENT: "wallet-entity-recipient-001";
|
|
10
|
+
export declare const EXAMPLE_WALLET_MESSAGE_ID_EMERGENCY: "wallet-message-emergency-001";
|
|
11
|
+
export declare const EXAMPLE_WALLET_MESSAGE_ID_NORMAL: "wallet-message-normal-001";
|
|
12
|
+
export declare const EXAMPLE_WALLET_THREAD_ID: "wallet-thread-001";
|
|
13
|
+
export declare const EXAMPLE_WALLET_PAYLOAD_TYPE: "Communication-bundle-submit-v1.0";
|
|
14
|
+
export declare const EXAMPLE_WALLET_CREATED_AT: "2026-06-30T10:00:00.000Z";
|
|
15
|
+
export declare const EXAMPLE_WALLET_CONTENT_NOTE: "Medication bundle ready for DIDComm transport.";
|
|
16
|
+
export declare const EXAMPLE_WALLET_FAILURE_MESSAGE: "Gateway temporary failure.";
|
|
17
|
+
export declare const EXAMPLE_WALLET_PROTECTED_DOC_ID: "wallet-doc-001";
|
|
18
|
+
export declare const EXAMPLE_WALLET_PRIORITY_EMERGENCY: "emergency";
|
|
19
|
+
export declare const EXAMPLE_WALLET_PRIORITY_NORMAL: "normal";
|
|
20
|
+
export declare const EXAMPLE_WALLET_MESSAGE_PAYLOAD: {
|
|
21
|
+
readonly iss: "did:web:sender.example.org";
|
|
22
|
+
readonly aud: "https://gw.example.org/submit";
|
|
23
|
+
readonly jti: "wallet-jti-001";
|
|
24
|
+
readonly thid: "wallet-thread-001";
|
|
25
|
+
readonly type: "Communication-bundle-submit-v1.0";
|
|
26
|
+
readonly body: {
|
|
27
|
+
readonly data: readonly [{
|
|
28
|
+
readonly id: "wallet-entry-001";
|
|
29
|
+
readonly type: "Communication-bundle-submit-v1.0";
|
|
30
|
+
readonly resource: {
|
|
31
|
+
readonly resourceType: "Communication";
|
|
32
|
+
readonly note: readonly [{
|
|
33
|
+
readonly text: "Medication bundle ready for DIDComm transport.";
|
|
34
|
+
}];
|
|
35
|
+
};
|
|
36
|
+
}];
|
|
37
|
+
};
|
|
38
|
+
};
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
// Copyright 2026 Conectate Soluciones y Aplicaciones SL under the Apache License, Version 2.0.
|
|
2
|
+
import { WalletMessagePriorities } from '../models/wallet.js';
|
|
3
|
+
/**
|
|
4
|
+
* Reusable synthetic wallet fixtures for docs and tests.
|
|
5
|
+
*
|
|
6
|
+
* Rule:
|
|
7
|
+
* - wallet-related tests must import these values instead of re-hardcoding
|
|
8
|
+
* queue ids, entity ids, thread ids, or payload strings inline
|
|
9
|
+
*/
|
|
10
|
+
export const EXAMPLE_WALLET_ENTITY_ID_SENDER = 'wallet-entity-sender-001';
|
|
11
|
+
export const EXAMPLE_WALLET_ENTITY_ID_RECIPIENT = 'wallet-entity-recipient-001';
|
|
12
|
+
export const EXAMPLE_WALLET_MESSAGE_ID_EMERGENCY = 'wallet-message-emergency-001';
|
|
13
|
+
export const EXAMPLE_WALLET_MESSAGE_ID_NORMAL = 'wallet-message-normal-001';
|
|
14
|
+
export const EXAMPLE_WALLET_THREAD_ID = 'wallet-thread-001';
|
|
15
|
+
export const EXAMPLE_WALLET_PAYLOAD_TYPE = 'Communication-bundle-submit-v1.0';
|
|
16
|
+
export const EXAMPLE_WALLET_CREATED_AT = '2026-06-30T10:00:00.000Z';
|
|
17
|
+
export const EXAMPLE_WALLET_CONTENT_NOTE = 'Medication bundle ready for DIDComm transport.';
|
|
18
|
+
export const EXAMPLE_WALLET_FAILURE_MESSAGE = 'Gateway temporary failure.';
|
|
19
|
+
export const EXAMPLE_WALLET_PROTECTED_DOC_ID = 'wallet-doc-001';
|
|
20
|
+
export const EXAMPLE_WALLET_PRIORITY_EMERGENCY = WalletMessagePriorities.Emergency;
|
|
21
|
+
export const EXAMPLE_WALLET_PRIORITY_NORMAL = WalletMessagePriorities.Normal;
|
|
22
|
+
export const EXAMPLE_WALLET_MESSAGE_PAYLOAD = {
|
|
23
|
+
iss: 'did:web:sender.example.org',
|
|
24
|
+
aud: 'https://gw.example.org/submit',
|
|
25
|
+
jti: 'wallet-jti-001',
|
|
26
|
+
thid: EXAMPLE_WALLET_THREAD_ID,
|
|
27
|
+
type: EXAMPLE_WALLET_PAYLOAD_TYPE,
|
|
28
|
+
body: {
|
|
29
|
+
data: [
|
|
30
|
+
{
|
|
31
|
+
id: 'wallet-entry-001',
|
|
32
|
+
type: EXAMPLE_WALLET_PAYLOAD_TYPE,
|
|
33
|
+
resource: {
|
|
34
|
+
resourceType: 'Communication',
|
|
35
|
+
note: [{ text: EXAMPLE_WALLET_CONTENT_NOTE }],
|
|
36
|
+
},
|
|
37
|
+
},
|
|
38
|
+
],
|
|
39
|
+
},
|
|
40
|
+
};
|
package/dist/index.d.ts
CHANGED
package/dist/index.js
CHANGED
|
@@ -7,6 +7,7 @@ export * from './examples/index.js';
|
|
|
7
7
|
export * from './hmac.js';
|
|
8
8
|
export * from './i18n/clinical-sections.i18n.js';
|
|
9
9
|
export * from './i18n/role-codes.i18n.js';
|
|
10
|
+
export * from './interfaces/index.js';
|
|
10
11
|
export * from './models/index.js';
|
|
11
12
|
export * from './storage/index.js';
|
|
12
13
|
export * from './utils/index.js';
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
import type { BackendMessageResponseRecord, ProfileOutboxMessageRecord } from '../models/profile-manager';
|
|
2
|
+
/**
|
|
3
|
+
* Runtime-neutral repository for profile-scoped outbox history and decoded
|
|
4
|
+
* responses.
|
|
5
|
+
*
|
|
6
|
+
* Separation rule:
|
|
7
|
+
* - `IWalletQueue` controls ordering and mutable pending state
|
|
8
|
+
* - `IProfileOutboxRepository` preserves historical records and decoded
|
|
9
|
+
* responses that the profile/runtime may want to inspect later
|
|
10
|
+
*/
|
|
11
|
+
export interface IProfileOutboxRepository {
|
|
12
|
+
/**
|
|
13
|
+
* Stores one immutable message history record.
|
|
14
|
+
*/
|
|
15
|
+
putMessage(record: ProfileOutboxMessageRecord): Promise<ProfileOutboxMessageRecord>;
|
|
16
|
+
/**
|
|
17
|
+
* Returns one historical message record by id.
|
|
18
|
+
*/
|
|
19
|
+
getMessage(messageId: string): Promise<ProfileOutboxMessageRecord | undefined>;
|
|
20
|
+
/**
|
|
21
|
+
* Lists all historical message records.
|
|
22
|
+
*/
|
|
23
|
+
listMessages(): Promise<ProfileOutboxMessageRecord[]>;
|
|
24
|
+
/**
|
|
25
|
+
* Stores one decoded response record.
|
|
26
|
+
*/
|
|
27
|
+
putResponse(record: BackendMessageResponseRecord): Promise<BackendMessageResponseRecord>;
|
|
28
|
+
/**
|
|
29
|
+
* Returns the latest decoded response for one thread id.
|
|
30
|
+
*/
|
|
31
|
+
getLatestResponseByThreadId(thid: string): Promise<BackendMessageResponseRecord | undefined>;
|
|
32
|
+
/**
|
|
33
|
+
* Lists all decoded responses.
|
|
34
|
+
*/
|
|
35
|
+
listResponses(): Promise<BackendMessageResponseRecord[]>;
|
|
36
|
+
}
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
import type { WalletEnqueueMessageInput, WalletManagedEntityDescriptor, WalletQueuedMessage } from '../models/wallet';
|
|
2
|
+
import type { JWK, JwkSet } from '../models/jwk';
|
|
3
|
+
/**
|
|
4
|
+
* Shared wallet contract reused by tests, apps, frontend adapters, and simple
|
|
5
|
+
* backend or BFF flows.
|
|
6
|
+
*
|
|
7
|
+
* Backward-compatibility rule:
|
|
8
|
+
* - the legacy methods (`provisionKeys`, `digest`,
|
|
9
|
+
* `protectConfidentialData`, `unprotectConfidentialData`, `unpack`) remain
|
|
10
|
+
* the stable minimum contract expected by older consumers
|
|
11
|
+
* - richer transport and queue helpers are optional so older platform-specific
|
|
12
|
+
* adapters do not need to implement them immediately
|
|
13
|
+
*/
|
|
14
|
+
export interface IWallet {
|
|
15
|
+
/**
|
|
16
|
+
* Provisions or retrieves the wallet key set for one logical entity.
|
|
17
|
+
*/
|
|
18
|
+
provisionKeys(entityId: string): Promise<JwkSet>;
|
|
19
|
+
/**
|
|
20
|
+
* Computes one digest string using the provided algorithm name.
|
|
21
|
+
*/
|
|
22
|
+
digest(data: string, algorithm: string): Promise<string>;
|
|
23
|
+
/**
|
|
24
|
+
* Protects one local document for confidential at-rest storage.
|
|
25
|
+
*/
|
|
26
|
+
protectConfidentialData(doc: unknown, entityId?: string): Promise<unknown>;
|
|
27
|
+
/**
|
|
28
|
+
* Unprotects one local confidential document.
|
|
29
|
+
*/
|
|
30
|
+
unprotectConfidentialData(doc: unknown, entityId?: string): Promise<unknown>;
|
|
31
|
+
/**
|
|
32
|
+
* Unpacks one transport message into business content plus JOSE metadata.
|
|
33
|
+
*/
|
|
34
|
+
unpack?(packedMessage: string, entityId?: string): Promise<{
|
|
35
|
+
content: unknown;
|
|
36
|
+
meta: Record<string, unknown>;
|
|
37
|
+
}>;
|
|
38
|
+
/**
|
|
39
|
+
* Packs one business payload for one recipient public key.
|
|
40
|
+
*/
|
|
41
|
+
pack?(content: Record<string, unknown>, recipientJwk: JWK, entityId: string): Promise<string>;
|
|
42
|
+
/**
|
|
43
|
+
* Returns the public keys currently provisioned for one entity.
|
|
44
|
+
*/
|
|
45
|
+
getPublicKeys?(entityId: string): Promise<WalletManagedEntityDescriptor>;
|
|
46
|
+
/**
|
|
47
|
+
* Signs one JSON payload into a compact JWS.
|
|
48
|
+
*/
|
|
49
|
+
signCompactJws?(entityId: string, claims: Record<string, unknown>): Promise<string>;
|
|
50
|
+
/**
|
|
51
|
+
* Builds one compact JWE for the provided recipient.
|
|
52
|
+
*/
|
|
53
|
+
buildCompactJwe?(entityId: string, plaintext: string | Uint8Array, recipientJwk: JWK, contentType?: string): Promise<string>;
|
|
54
|
+
/**
|
|
55
|
+
* Enqueues one local outbound message with an optional priority.
|
|
56
|
+
*/
|
|
57
|
+
enqueueMessage?(input: WalletEnqueueMessageInput): Promise<WalletQueuedMessage>;
|
|
58
|
+
/**
|
|
59
|
+
* Returns the next pending message without mutating queue state.
|
|
60
|
+
*/
|
|
61
|
+
peekNextMessage?(): Promise<WalletQueuedMessage | undefined>;
|
|
62
|
+
/**
|
|
63
|
+
* Marks one message as delivered.
|
|
64
|
+
*/
|
|
65
|
+
markMessageDelivered?(messageId: string): Promise<WalletQueuedMessage>;
|
|
66
|
+
/**
|
|
67
|
+
* Marks one message as failed.
|
|
68
|
+
*/
|
|
69
|
+
markMessageFailed?(messageId: string, errorMessage: string): Promise<WalletQueuedMessage>;
|
|
70
|
+
/**
|
|
71
|
+
* Lists all locally tracked queued messages.
|
|
72
|
+
*/
|
|
73
|
+
listMessages?(): Promise<WalletQueuedMessage[]>;
|
|
74
|
+
}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
import type { WalletEnqueueMessageInput, WalletQueuedMessage } from '../models/wallet';
|
|
2
|
+
/**
|
|
3
|
+
* Runtime-neutral queue/outbox contract for low-level wallet-backed message
|
|
4
|
+
* scheduling.
|
|
5
|
+
*
|
|
6
|
+
* Design intent:
|
|
7
|
+
* - `common-utils` provides the contract plus one in-memory implementation
|
|
8
|
+
* - BFF/server runtimes may later plug Redis, Google, filesystem, or database
|
|
9
|
+
* adapters without changing `WalletMem`
|
|
10
|
+
* - mobile/native runtimes may plug SQLite-backed outbox adapters
|
|
11
|
+
*/
|
|
12
|
+
export interface IWalletQueue {
|
|
13
|
+
/**
|
|
14
|
+
* Enqueues one outbound message and returns the stored queued record.
|
|
15
|
+
*/
|
|
16
|
+
enqueue(input: WalletEnqueueMessageInput): Promise<WalletQueuedMessage>;
|
|
17
|
+
/**
|
|
18
|
+
* Returns the next pending message according to queue ordering rules without
|
|
19
|
+
* mutating queue state.
|
|
20
|
+
*/
|
|
21
|
+
peekNextPending(): Promise<WalletQueuedMessage | undefined>;
|
|
22
|
+
/**
|
|
23
|
+
* Updates one queued message by identifier and returns the stored result.
|
|
24
|
+
*/
|
|
25
|
+
update(messageId: string, patch: Partial<WalletQueuedMessage>): Promise<WalletQueuedMessage>;
|
|
26
|
+
/**
|
|
27
|
+
* Lists all queued messages in current processing order.
|
|
28
|
+
*/
|
|
29
|
+
list(): Promise<WalletQueuedMessage[]>;
|
|
30
|
+
}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
export * from './ICryptoHelper';
|
|
2
|
+
export * from './ICryptography';
|
|
3
|
+
export * from './IWallet';
|
|
4
|
+
export * from './IProfileOutboxRepository';
|
|
5
|
+
export * from './IWalletQueue';
|
|
6
|
+
export * from './MlDsa';
|
|
7
|
+
export * from './MlKem';
|
|
8
|
+
export * from './Cryptography.types';
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
export * from './ICryptoHelper.js';
|
|
2
|
+
export * from './ICryptography.js';
|
|
3
|
+
export * from './IWallet.js';
|
|
4
|
+
export * from './IProfileOutboxRepository.js';
|
|
5
|
+
export * from './IWalletQueue.js';
|
|
6
|
+
export * from './MlDsa.js';
|
|
7
|
+
export * from './MlKem.js';
|
|
8
|
+
export * from './Cryptography.types.js';
|
|
@@ -0,0 +1,193 @@
|
|
|
1
|
+
import type { HealthcareCanonicalSectionFamily, HealthcareRoleFamily } from '../constants/healthcare';
|
|
2
|
+
import type { BundleEntry, BundleJsonApi, BundleRequest } from './bundle';
|
|
3
|
+
/**
|
|
4
|
+
* Runtime strictness used by `CommunicationAttachedBundleSession`.
|
|
5
|
+
*/
|
|
6
|
+
export type CommunicationAttachedBundleSessionMode = 'strict' | 'normalize';
|
|
7
|
+
/**
|
|
8
|
+
* Constructor options for `CommunicationAttachedBundleSession`.
|
|
9
|
+
*/
|
|
10
|
+
export type CommunicationAttachedBundleSessionOptions = Readonly<{
|
|
11
|
+
communicationClaims?: Record<string, unknown>;
|
|
12
|
+
initialBundle?: BundleJsonApi<BundleEntry>;
|
|
13
|
+
mode?: CommunicationAttachedBundleSessionMode;
|
|
14
|
+
}>;
|
|
15
|
+
/**
|
|
16
|
+
* Canonical `@context` for outer `Communication` claim payloads.
|
|
17
|
+
*
|
|
18
|
+
* Rationale:
|
|
19
|
+
* - the outer container is materialized as one FHIR `Communication` resource
|
|
20
|
+
* - the inner `resource.meta.claims` rows stay version-agnostic and therefore
|
|
21
|
+
* use `FHIR_API`
|
|
22
|
+
*/
|
|
23
|
+
export declare const CommunicationAttachmentClaimsContext: "org.hl7.fhir.r4";
|
|
24
|
+
/**
|
|
25
|
+
* Canonical `@context` for bundle entry `resource.meta.claims`.
|
|
26
|
+
*
|
|
27
|
+
* These claims are intended to stay version-agnostic across FHIR releases.
|
|
28
|
+
*/
|
|
29
|
+
export declare const BundleEntryClaimsContext: "org.hl7.fhir.api";
|
|
30
|
+
/**
|
|
31
|
+
* Selector for reopening one active bundle entry.
|
|
32
|
+
*
|
|
33
|
+
* Prefer `position` for bundle-array addressing. `index` is kept only as a
|
|
34
|
+
* backward-compatible alias during migration.
|
|
35
|
+
*/
|
|
36
|
+
export type ActiveEntrySelection = Readonly<{
|
|
37
|
+
position?: number;
|
|
38
|
+
/** @deprecated Prefer `position`. */
|
|
39
|
+
index?: number;
|
|
40
|
+
fullUrl?: string;
|
|
41
|
+
}>;
|
|
42
|
+
/**
|
|
43
|
+
* Generic upsert contract for one bundle entry stored in memory.
|
|
44
|
+
*/
|
|
45
|
+
export type UpsertEntryInput = Readonly<{
|
|
46
|
+
resourceType: string;
|
|
47
|
+
claims: Record<string, unknown>;
|
|
48
|
+
type?: string;
|
|
49
|
+
fullUrl?: string;
|
|
50
|
+
request?: BundleRequest;
|
|
51
|
+
}>;
|
|
52
|
+
/**
|
|
53
|
+
* Reusable resource-specific upsert contract used by typed session helpers.
|
|
54
|
+
*/
|
|
55
|
+
export type UpsertClaimsResourceEntryInput<TClaims extends object = Record<string, unknown>> = Readonly<{
|
|
56
|
+
claims: TClaims;
|
|
57
|
+
type?: string;
|
|
58
|
+
fullUrl?: string;
|
|
59
|
+
request?: BundleRequest;
|
|
60
|
+
}>;
|
|
61
|
+
/**
|
|
62
|
+
* Input for adding one linked `DocumentReference` to the current active entry.
|
|
63
|
+
*/
|
|
64
|
+
export type AddContainedDocumentToActiveEntryInput = Readonly<{
|
|
65
|
+
identifier?: string;
|
|
66
|
+
fullUrl?: string;
|
|
67
|
+
claims?: Record<string, unknown>;
|
|
68
|
+
attachmentContentType?: string;
|
|
69
|
+
attachmentDataBase64?: string;
|
|
70
|
+
attachmentUrl?: string;
|
|
71
|
+
description?: string;
|
|
72
|
+
date?: string;
|
|
73
|
+
language?: string;
|
|
74
|
+
}>;
|
|
75
|
+
/**
|
|
76
|
+
* Canonical target kinds for consent access editing.
|
|
77
|
+
*/
|
|
78
|
+
export declare const ConsentEditorTargetKinds: Readonly<{
|
|
79
|
+
readonly Section: "section";
|
|
80
|
+
readonly ResourceType: "resource-type";
|
|
81
|
+
}>;
|
|
82
|
+
export type ConsentEditorTargetKind = typeof ConsentEditorTargetKinds[keyof typeof ConsentEditorTargetKinds];
|
|
83
|
+
/**
|
|
84
|
+
* Canonical operation scope codes for consent access editing.
|
|
85
|
+
*/
|
|
86
|
+
export declare const ConsentEditorScopeCodes: Readonly<{
|
|
87
|
+
readonly Search: "s";
|
|
88
|
+
readonly Read: "r";
|
|
89
|
+
readonly Create: "c";
|
|
90
|
+
readonly Update: "u";
|
|
91
|
+
readonly Delete: "d";
|
|
92
|
+
}>;
|
|
93
|
+
export type ConsentEditorScopeCode = typeof ConsentEditorScopeCodes[keyof typeof ConsentEditorScopeCodes];
|
|
94
|
+
/**
|
|
95
|
+
* One classified scope attached to a consent target.
|
|
96
|
+
*/
|
|
97
|
+
export type ConsentEditorClassifiedScope = Readonly<{
|
|
98
|
+
code: ConsentEditorScopeCode;
|
|
99
|
+
display?: string;
|
|
100
|
+
}>;
|
|
101
|
+
/**
|
|
102
|
+
* One classified target entry shown to consent-editing callers.
|
|
103
|
+
*/
|
|
104
|
+
export type ConsentEditorClassifiedTarget = Readonly<{
|
|
105
|
+
target: Readonly<{
|
|
106
|
+
kind: ConsentEditorTargetKind;
|
|
107
|
+
code: string;
|
|
108
|
+
display?: string;
|
|
109
|
+
sectionFamily?: HealthcareCanonicalSectionFamily;
|
|
110
|
+
}>;
|
|
111
|
+
scopes: readonly ConsentEditorClassifiedScope[];
|
|
112
|
+
}>;
|
|
113
|
+
/**
|
|
114
|
+
* Classified actor role resolved from canonical healthcare role catalogs.
|
|
115
|
+
*/
|
|
116
|
+
export type ConsentEditorClassifiedActorRole = Readonly<{
|
|
117
|
+
codingSystem: string;
|
|
118
|
+
code: string;
|
|
119
|
+
display?: string;
|
|
120
|
+
}>;
|
|
121
|
+
/**
|
|
122
|
+
* Role kind used in consent role classification.
|
|
123
|
+
*
|
|
124
|
+
* The underlying catalog still comes from `HealthcareRoleFamily`, but this
|
|
125
|
+
* editor-level view intentionally names the field `kind` instead of `family`
|
|
126
|
+
* to avoid leaking `individual-organization` terminology into generic consent
|
|
127
|
+
* editing flows.
|
|
128
|
+
*/
|
|
129
|
+
export type ConsentEditorClassifiedRoleKind = HealthcareRoleFamily;
|
|
130
|
+
/**
|
|
131
|
+
* Classified role entry exposed by the consent editor.
|
|
132
|
+
*/
|
|
133
|
+
export type ConsentEditorClassifiedRole = Readonly<{
|
|
134
|
+
kind?: ConsentEditorClassifiedRoleKind;
|
|
135
|
+
codingSystem: string;
|
|
136
|
+
code: string;
|
|
137
|
+
display?: string;
|
|
138
|
+
definition?: string;
|
|
139
|
+
}>;
|
|
140
|
+
/**
|
|
141
|
+
* Role buckets exposed by the consent editor.
|
|
142
|
+
*/
|
|
143
|
+
export type ConsentEditorClassifiedRoles = Readonly<{
|
|
144
|
+
professional: readonly ConsentEditorClassifiedRole[];
|
|
145
|
+
relationship: readonly ConsentEditorClassifiedRole[];
|
|
146
|
+
legalRepresentative: readonly ConsentEditorClassifiedRole[];
|
|
147
|
+
other: readonly ConsentEditorClassifiedRole[];
|
|
148
|
+
}>;
|
|
149
|
+
export type ConsentEditorClassifiedDepartment = Readonly<{
|
|
150
|
+
code: string;
|
|
151
|
+
display?: string;
|
|
152
|
+
}>;
|
|
153
|
+
export type ConsentEditorClassifiedLocation = Readonly<{
|
|
154
|
+
code: string;
|
|
155
|
+
display?: string;
|
|
156
|
+
}>;
|
|
157
|
+
export type ConsentEditorClassifiedOrganization = Readonly<{
|
|
158
|
+
domain: string;
|
|
159
|
+
display?: string;
|
|
160
|
+
departments: readonly ConsentEditorClassifiedDepartment[];
|
|
161
|
+
locations: readonly ConsentEditorClassifiedLocation[];
|
|
162
|
+
}>;
|
|
163
|
+
export type ConsentEditorClassifiedJurisdiction = Readonly<{
|
|
164
|
+
code: string;
|
|
165
|
+
display?: string;
|
|
166
|
+
}>;
|
|
167
|
+
export type ConsentEditorClassifiedUser = Readonly<{
|
|
168
|
+
email?: string;
|
|
169
|
+
phone?: string;
|
|
170
|
+
role?: ConsentEditorClassifiedActorRole;
|
|
171
|
+
}>;
|
|
172
|
+
export type ConsentEditorClassifiedActors = Readonly<{
|
|
173
|
+
jurisdictions: readonly ConsentEditorClassifiedJurisdiction[];
|
|
174
|
+
organizations: readonly ConsentEditorClassifiedOrganization[];
|
|
175
|
+
users: readonly ConsentEditorClassifiedUser[];
|
|
176
|
+
}>;
|
|
177
|
+
export type ConsentEditorClassifiedPurpose = Readonly<{
|
|
178
|
+
code: string;
|
|
179
|
+
display?: string;
|
|
180
|
+
}>;
|
|
181
|
+
/**
|
|
182
|
+
* Normalized consent view model exposed by the editor.
|
|
183
|
+
*/
|
|
184
|
+
export type ConsentViewModel = Readonly<{
|
|
185
|
+
fullUrl?: string;
|
|
186
|
+
identifier: string;
|
|
187
|
+
subject: string;
|
|
188
|
+
decision: string;
|
|
189
|
+
classifiedActors: ConsentEditorClassifiedActors;
|
|
190
|
+
classifiedRoles: ConsentEditorClassifiedRoles;
|
|
191
|
+
classifiedPurposes: readonly ConsentEditorClassifiedPurpose[];
|
|
192
|
+
classifiedTargets: readonly ConsentEditorClassifiedTarget[];
|
|
193
|
+
}>;
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
// Copyright 2026 Conectate Soluciones y Aplicaciones SL under the Apache License, Version 2.0.
|
|
2
|
+
import { Format } from '../constants/Schemas.js';
|
|
3
|
+
/**
|
|
4
|
+
* Canonical `@context` for outer `Communication` claim payloads.
|
|
5
|
+
*
|
|
6
|
+
* Rationale:
|
|
7
|
+
* - the outer container is materialized as one FHIR `Communication` resource
|
|
8
|
+
* - the inner `resource.meta.claims` rows stay version-agnostic and therefore
|
|
9
|
+
* use `FHIR_API`
|
|
10
|
+
*/
|
|
11
|
+
export const CommunicationAttachmentClaimsContext = Format.FHIR_R4;
|
|
12
|
+
/**
|
|
13
|
+
* Canonical `@context` for bundle entry `resource.meta.claims`.
|
|
14
|
+
*
|
|
15
|
+
* These claims are intended to stay version-agnostic across FHIR releases.
|
|
16
|
+
*/
|
|
17
|
+
export const BundleEntryClaimsContext = Format.FHIR_API;
|
|
18
|
+
/**
|
|
19
|
+
* Canonical target kinds for consent access editing.
|
|
20
|
+
*/
|
|
21
|
+
export const ConsentEditorTargetKinds = Object.freeze({
|
|
22
|
+
Section: 'section',
|
|
23
|
+
ResourceType: 'resource-type',
|
|
24
|
+
});
|
|
25
|
+
/**
|
|
26
|
+
* Canonical operation scope codes for consent access editing.
|
|
27
|
+
*/
|
|
28
|
+
export const ConsentEditorScopeCodes = Object.freeze({
|
|
29
|
+
Search: 's',
|
|
30
|
+
Read: 'r',
|
|
31
|
+
Create: 'c',
|
|
32
|
+
Update: 'u',
|
|
33
|
+
Delete: 'd',
|
|
34
|
+
});
|
package/dist/models/index.d.ts
CHANGED
|
@@ -6,6 +6,7 @@ export * from './comm';
|
|
|
6
6
|
export * from './clinical-sections';
|
|
7
7
|
export * from './clinical-sections.en';
|
|
8
8
|
export * from './clinical-workbook-summary';
|
|
9
|
+
export * from './communication-attached-bundle-session';
|
|
9
10
|
export * from './confidential-job';
|
|
10
11
|
export * from './confidential-message';
|
|
11
12
|
export * from './confidential-storage';
|
|
@@ -22,6 +23,7 @@ export * from './interoperable-claims';
|
|
|
22
23
|
export * from './indexing';
|
|
23
24
|
export * from './identity-bootstrap';
|
|
24
25
|
export * from './individual-onboarding';
|
|
26
|
+
export * from './inter-tenant-access-contract';
|
|
25
27
|
export * from './issue';
|
|
26
28
|
export * from './jsonapi';
|
|
27
29
|
export * from './jwe';
|
|
@@ -35,6 +37,7 @@ export * from './oidc4ida.electronicRecord.model';
|
|
|
35
37
|
export * from './oidc4ida.evidence.model';
|
|
36
38
|
export * from './openid-device';
|
|
37
39
|
export * from './permission-templates';
|
|
40
|
+
export * from './profile-manager';
|
|
38
41
|
export * from './operation-outcome';
|
|
39
42
|
export * from './params';
|
|
40
43
|
export * from './permission-templates';
|
|
@@ -43,3 +46,4 @@ export * from './relationship-access';
|
|
|
43
46
|
export * from './response';
|
|
44
47
|
export * from './urlPath';
|
|
45
48
|
export * from './verifiable-credential';
|
|
49
|
+
export * from './wallet';
|
package/dist/models/index.js
CHANGED
|
@@ -6,6 +6,7 @@ export * from './comm.js';
|
|
|
6
6
|
export * from './clinical-sections.js';
|
|
7
7
|
export * from './clinical-sections.en.js';
|
|
8
8
|
export * from './clinical-workbook-summary.js';
|
|
9
|
+
export * from './communication-attached-bundle-session.js';
|
|
9
10
|
export * from './confidential-job.js';
|
|
10
11
|
export * from './confidential-message.js';
|
|
11
12
|
export * from './confidential-storage.js';
|
|
@@ -22,6 +23,7 @@ export * from './interoperable-claims.js';
|
|
|
22
23
|
export * from './indexing.js';
|
|
23
24
|
export * from './identity-bootstrap.js';
|
|
24
25
|
export * from './individual-onboarding.js';
|
|
26
|
+
export * from './inter-tenant-access-contract.js';
|
|
25
27
|
export * from './issue.js';
|
|
26
28
|
export * from './jsonapi.js';
|
|
27
29
|
export * from './jwe.js';
|
|
@@ -35,6 +37,7 @@ export * from './oidc4ida.electronicRecord.model.js';
|
|
|
35
37
|
export * from './oidc4ida.evidence.model.js';
|
|
36
38
|
export * from './openid-device.js';
|
|
37
39
|
export * from './permission-templates.js';
|
|
40
|
+
export * from './profile-manager.js';
|
|
38
41
|
export * from './operation-outcome.js';
|
|
39
42
|
export * from './params.js';
|
|
40
43
|
export * from './permission-templates.js';
|
|
@@ -43,3 +46,4 @@ export * from './relationship-access.js';
|
|
|
43
46
|
export * from './response.js';
|
|
44
47
|
export * from './urlPath.js';
|
|
45
48
|
export * from './verifiable-credential.js';
|
|
49
|
+
export * from './wallet.js';
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Canonical flat claim keys used when a frontend captures an inter-tenant
|
|
3
|
+
* access contract form and sends it to a backend before the final FHIR
|
|
4
|
+
* `Contract` resource is assembled.
|
|
5
|
+
*
|
|
6
|
+
* Notes:
|
|
7
|
+
* - these keys are claims-first transport helpers, not the legal source of
|
|
8
|
+
* truth
|
|
9
|
+
* - the canonical legal payload is the FHIR `Contract` placed in
|
|
10
|
+
* `credentialSubject` of the emitted VC
|
|
11
|
+
* - custom flat keys are used only where base FHIR does not define a simple
|
|
12
|
+
* one-claim scalar path suitable for UI transport
|
|
13
|
+
*/
|
|
14
|
+
export declare enum ClaimInterTenantAccessContract {
|
|
15
|
+
/** Stable business identifier of the agreement/contract. */
|
|
16
|
+
identifier = "Contract.identifier",
|
|
17
|
+
/** FHIR Contract lifecycle status, for example `executed` or `amended`. */
|
|
18
|
+
status = "Contract.status",
|
|
19
|
+
/** When the agreement was formally issued. */
|
|
20
|
+
issued = "Contract.issued",
|
|
21
|
+
/** Agreement validity start date/time. */
|
|
22
|
+
appliesStart = "Contract.applies-start",
|
|
23
|
+
/** Agreement validity end date/time. */
|
|
24
|
+
appliesEnd = "Contract.applies-end",
|
|
25
|
+
/**
|
|
26
|
+
* Provider organization DID.
|
|
27
|
+
*
|
|
28
|
+
* Meaning for programmers:
|
|
29
|
+
* - this is the tenant that owns/exposes the protected data
|
|
30
|
+
* - in the current example this is `did:web:api.acme.org`
|
|
31
|
+
*/
|
|
32
|
+
providerOrganization = "Contract.provider-organization",
|
|
33
|
+
/**
|
|
34
|
+
* Consumer organization DID.
|
|
35
|
+
*
|
|
36
|
+
* Meaning for programmers:
|
|
37
|
+
* - this is the foreign tenant requesting access under the agreement
|
|
38
|
+
* - in the current example this is `did:web:api.lab.org`
|
|
39
|
+
*/
|
|
40
|
+
consumerOrganization = "Contract.consumer-organization",
|
|
41
|
+
/**
|
|
42
|
+
* DID of the controller who signed on behalf of the provider organization.
|
|
43
|
+
*/
|
|
44
|
+
providerController = "Contract.provider-controller",
|
|
45
|
+
/**
|
|
46
|
+
* DID of the controller who signed on behalf of the consumer organization.
|
|
47
|
+
*/
|
|
48
|
+
consumerController = "Contract.consumer-controller",
|
|
49
|
+
/**
|
|
50
|
+
* Allowed operational capability, expressed with the same vocabulary used by
|
|
51
|
+
* GW service capabilities and SMART-like root scopes.
|
|
52
|
+
*
|
|
53
|
+
* Example:
|
|
54
|
+
* - `organization/Composition.rs`
|
|
55
|
+
*/
|
|
56
|
+
capability = "Contract.security-label",
|
|
57
|
+
/**
|
|
58
|
+
* Allowed business/legal purpose for the access.
|
|
59
|
+
*
|
|
60
|
+
* Example:
|
|
61
|
+
* - `RESEARCH`
|
|
62
|
+
*/
|
|
63
|
+
purpose = "Contract.term-type",
|
|
64
|
+
/**
|
|
65
|
+
* External instantiated artifact for the agreement, typically the signed PDF
|
|
66
|
+
* or CID/URL of the contract itself plus direct contractual annexes.
|
|
67
|
+
*
|
|
68
|
+
* Canonical FHIR field:
|
|
69
|
+
* - `Contract.instantiatesUri`
|
|
70
|
+
*
|
|
71
|
+
* Flat claim rule in this stack:
|
|
72
|
+
* - use FHIR-style `instantiates-uri` in claims, then map it to
|
|
73
|
+
* `instantiatesUri` in the actual FHIR resource object
|
|
74
|
+
*/
|
|
75
|
+
instantiatesUri = "Contract.instantiates-uri"
|
|
76
|
+
}
|
|
77
|
+
export type InterTenantAccessContractClaims = Partial<Record<ClaimInterTenantAccessContract, string>>;
|
|
78
|
+
export type InterTenantAccessContractSummary = Readonly<{
|
|
79
|
+
identifier?: string;
|
|
80
|
+
status?: string;
|
|
81
|
+
issued?: string;
|
|
82
|
+
appliesStart?: string;
|
|
83
|
+
appliesEnd?: string;
|
|
84
|
+
providerOrganizationDid?: string;
|
|
85
|
+
consumerOrganizationDid?: string;
|
|
86
|
+
providerControllerDid?: string;
|
|
87
|
+
consumerControllerDid?: string;
|
|
88
|
+
capabilities: readonly string[];
|
|
89
|
+
purposes: readonly string[];
|
|
90
|
+
}>;
|
|
91
|
+
export type InterTenantAccessContractMatchCriteria = Readonly<{
|
|
92
|
+
providerOrganizationDid: string;
|
|
93
|
+
consumerOrganizationDid: string;
|
|
94
|
+
requiredCapabilities?: readonly string[];
|
|
95
|
+
purpose?: string;
|
|
96
|
+
now?: string | Date;
|
|
97
|
+
}>;
|
|
98
|
+
export type InterTenantContractAuthorizationConsentCriteria = Readonly<{
|
|
99
|
+
consumerOrganizationDid: string;
|
|
100
|
+
actorIdentifier: string;
|
|
101
|
+
actorRole?: string;
|
|
102
|
+
requiredCapabilities?: readonly string[];
|
|
103
|
+
purpose?: string;
|
|
104
|
+
now?: string | Date;
|
|
105
|
+
}>;
|