gdc-common-utils-ts 2.0.2 → 2.0.5

package/README.md

@@ -10,6 +10,26 @@ Short rule:
 - do not add ad hoc literals in `101` tests when `gdc-common-utils-ts` can own
   the reusable value instead
 
+## Shared Workspace
+
+Recommended local layout for the shared ICA/GDC repos and fixture PDFs:
+
+```text
+~/GITS/gdc-workspace/
+  dataspace-ica-ts/
+  ica-client-sdk-ts/
+  gdc-common-utils-ts/
+  examples/
+    <example-pdf-1>.pdf
+    <example-pdf-2>.pdf
+```
+
+This is recommended because:
+
+- cross-repo docs and fixture-based tests often refer to sibling repos
+- real PDF examples are expected under `~/GITS/gdc-workspace/examples/`
+- keeping a single shared workspace reduces path drift between repos
+
 Employee shared examples live in `src/examples/employee.ts`.
 Employee pure helper functions live in `src/utils/employee.ts`.
 
@@ -61,6 +81,31 @@ They are not interchangeable:
 Production-grade flows should prefer ICA-issued representative VCs that carry
 both dimensions.
 
+## Legal Organization Verification Transaction
+
+The first host-side legal-organization onboarding step now has one canonical
+shared payload builder in this package:
+
+- `buildLegalOrganizationVerificationTransactionBundle(...)`
+- `EXAMPLE_LEGAL_ORGANIZATION_VERIFICATION_TRANSACTION_BUNDLE`
+
+This builder owns the business payload only:
+
+- signed PDF evidence attachment references
+- `controller.publicKeyJwk` as the controller business binding key
+- optional `organization.publicKeyJwk`
+- legal representative payload
+- `meta.claims` business claims
+
+It intentionally does not own:
+
+- `fetch`
+- polling
+- JOSE transport execution
+- BFF/frontend runtime crypto
+
+Those runtime concerns belong in `gdc-sdk-node-ts`, `gdc-sdk-front-ts`, or GW.
+
 Step by step:
 
 1. ICA verifies the signed PDF and emits the representative VC.

package/dist/constants/verifiable-credentials.d.ts

@@ -30,5 +30,11 @@ export declare const ActivationCredentialTypes: Readonly<{
     LegalRepresentativeCredential: "LegalRepresentativeCredential";
     PersonCredential: "PersonCredential";
 }>;
+/**
+ * Canonical credential subtype names used by professional/member access flows.
+ */
+export declare const ProfessionalCredentialTypes: Readonly<{
+    EmployeeCredential: "EmployeeCredential";
+}>;
 export declare const ORGANIZATION_ACTIVATION_VC_TYPES: readonly ("OrganizationCredential" | "LegalOrganizationCredential")[];
 export declare const REPRESENTATIVE_ACTIVATION_VC_TYPES: readonly ("LegalRepresentativeCredential" | "PersonCredential")[];

package/dist/constants/verifiable-credentials.js

@@ -32,6 +32,12 @@ export const ActivationCredentialTypes = Object.freeze({
     LegalRepresentativeCredential: 'LegalRepresentativeCredential',
     PersonCredential: 'PersonCredential',
 });
+/**
+ * Canonical credential subtype names used by professional/member access flows.
+ */
+export const ProfessionalCredentialTypes = Object.freeze({
+    EmployeeCredential: 'EmployeeCredential',
+});
 export const ORGANIZATION_ACTIVATION_VC_TYPES = Object.freeze([
     ActivationCredentialTypes.OrganizationCredential,
     ActivationCredentialTypes.LegalOrganizationCredential,

package/dist/examples/employee.d.ts

@@ -39,3 +39,18 @@ export declare const EXAMPLE_EMPLOYEE_DIRECTORY_RECORDS: readonly [Readonly<{
     status: "active" | "inactive" | "purged";
 }>];
 export declare function buildExampleEmployeeClaims(record: ExampleEmployeeRecord): Readonly<Record<string, string>>;
+/**
+ * Canonical employee search/list response body reused by runtime and doc tests.
+ *
+ * This keeps one stable GW-style envelope for high-level tutorials that want
+ * to show employee directory flows without reauthoring `meta.claims` by hand.
+ */
+export declare const EXAMPLE_EMPLOYEE_SEARCH_RESPONSE_BODY: Readonly<{
+    readonly data: {
+        id: string;
+        meta: {
+            status: "active" | "inactive" | "purged";
+            claims: Readonly<Record<string, string>>;
+        };
+    }[];
+}>;

package/dist/examples/employee.js

@@ -37,3 +37,18 @@ export function buildExampleEmployeeClaims(record) {
         [ClaimsPersonSchemaorg.hasOccupationalRoleValue]: record.role,
     });
 }
+/**
+ * Canonical employee search/list response body reused by runtime and doc tests.
+ *
+ * This keeps one stable GW-style envelope for high-level tutorials that want
+ * to show employee directory flows without reauthoring `meta.claims` by hand.
+ */
+export const EXAMPLE_EMPLOYEE_SEARCH_RESPONSE_BODY = Object.freeze({
+    data: EXAMPLE_EMPLOYEE_DIRECTORY_RECORDS.map((record) => ({
+        id: record.identifier,
+        meta: {
+            status: record.status,
+            claims: buildExampleEmployeeClaims(record),
+        },
+    })),
+});

package/dist/examples/ica-verify-response.d.ts

@@ -136,6 +136,7 @@ export declare const EXAMPLE_VERIFY_RESPONSE_PERSON_PUBLIC_KEY_JWK: Readonly<{
     alg: "ES384";
     kid: "controller-es384-001";
 }>;
+export declare const EXAMPLE_VERIFY_RESPONSE_ORG_AUTHORIZED_CATEGORY: "health-care";
 export declare const EXAMPLE_VERIFY_RESPONSE_ORG_CREDENTIAL: Readonly<{
     id: "urn:uuid:org-vc-001";
     '@context': ("https://www.w3.org/ns/credentials/v2" | "https://schema.org")[];
@@ -154,6 +155,10 @@ export declare const EXAMPLE_VERIFY_RESPONSE_ORG_CREDENTIAL: Readonly<{
         url: "health-care.provider.example.org";
         alternateName: string;
         additionalType: "sector=onehealth;section=dataprovider;kind=clinic;action=_index-provider,_research-provider";
+        makesOffer: {
+            '@type': string;
+            category: "health-care";
+        };
         address: {
             '@type': "PostalAddress";
             addressCountry: "ES";

package/dist/examples/ica-verify-response.js

@@ -2,6 +2,7 @@
 // Always create JSDoc, do not use strings inline in keys nor values, use types instead, and reuse the data test examples.
 import { ActivationCredentialTypes, W3cCredentialContexts, W3cCredentialTypes, } from '../constants/verifiable-credentials.js';
 import { ResourceTypesFhirR4 } from '../constants/fhir-resource-types.js';
+import { DataspaceSectors } from '../constants/sectors.js';
 import { IssueSeverity, IssueType } from '../models/issue.js';
 import { EXAMPLE_DEFAULT_ICA_DID, EXAMPLE_BUNDLE_RESOURCE_TYPE, EXAMPLE_PROVIDER_DOMAIN, EXAMPLE_PROVIDER_LEGAL_NAME, EXAMPLE_PROVIDER_TAX_ID, EXAMPLE_TENANT_SERVICE_DID, } from './shared.js';
 import { EXAMPLE_ORG_CONTROLLER_SIGNING_KEY_ID, EXAMPLE_REPRESENTATIVE_IDENTIFIER, EXAMPLE_REPRESENTATIVE_SAME_AS, EXAMPLE_REPRESENTATIVE_SUBJECT_URN, } from './ica-activation-proof.js';
@@ -102,6 +103,7 @@ export const EXAMPLE_VERIFY_RESPONSE_PERSON_PUBLIC_KEY_JWK = Object.freeze({
     alg: 'ES384',
     kid: EXAMPLE_VERIFY_RESPONSE_PERSON_KID,
 });
+export const EXAMPLE_VERIFY_RESPONSE_ORG_AUTHORIZED_CATEGORY = DataspaceSectors.HealthCare;
 export const EXAMPLE_VERIFY_RESPONSE_ORG_CREDENTIAL = Object.freeze({
     id: EXAMPLE_VERIFY_RESPONSE_ORG_VC_ID,
     '@context': [W3cCredentialContexts.V2, EXAMPLE_VERIFY_RESPONSE_SCHEMA_ORG_CONTEXT],
@@ -120,6 +122,10 @@ export const EXAMPLE_VERIFY_RESPONSE_ORG_CREDENTIAL = Object.freeze({
         url: EXAMPLE_PROVIDER_DOMAIN,
         alternateName: 'example-provider',
         additionalType: EXAMPLE_VERIFY_RESPONSE_ORG_ADDITIONAL_TYPE,
+        makesOffer: {
+            '@type': 'Offer',
+            category: EXAMPLE_VERIFY_RESPONSE_ORG_AUTHORIZED_CATEGORY,
+        },
         address: {
             '@type': EXAMPLE_VERIFY_RESPONSE_ADDRESS_TYPE,
             addressCountry: EXAMPLE_VERIFY_RESPONSE_ADDRESS_COUNTRY,

package/dist/examples/index.d.ts

@@ -3,6 +3,8 @@ export * from './ica-activation-proof';
 export * from './ica-verify-response';
 export * from './dataspace-discovery';
 export * from './organization-controller';
+export * from './organization-did-binding';
+export * from './legal-organization-verification-transaction';
 export * from './individual-controller';
 export * from './professional';
 export * from './employee';

package/dist/examples/index.js

@@ -3,6 +3,8 @@ export * from './ica-activation-proof.js';
 export * from './ica-verify-response.js';
 export * from './dataspace-discovery.js';
 export * from './organization-controller.js';
+export * from './organization-did-binding.js';
+export * from './legal-organization-verification-transaction.js';
 export * from './individual-controller.js';
 export * from './professional.js';
 export * from './employee.js';

package/dist/examples/individual-controller.d.ts

@@ -98,3 +98,28 @@ export declare const EXAMPLE_DIGITAL_TWIN_COMPOSITION_INPUT: {
 };
 export declare const EXAMPLE_CLINICAL_BUNDLE_SEARCH_INPUT: ExampleClinicalBundleSearchInput;
 export declare const EXAMPLE_LATEST_IPS_SEARCH_INPUT: ExampleLatestIpsSearchInput;
+export declare const EXAMPLE_FAMILY_ORGANIZATION_SEARCH_INPUT: {
+    readonly controllerPhone: "+34600000001";
+    readonly usualname: "Ana";
+    readonly birthDate: "2010-05-20";
+};
+export declare const EXAMPLE_FAMILY_ORGANIZATION_SEARCH_RESPONSE_BODY: {
+    readonly body: {
+        readonly data: readonly [{
+            readonly type: "Family-search-result-v1.0";
+            readonly meta: {
+                readonly claims: {
+                    readonly 'org.schema.FamilyRegistration.status': "already_exists";
+                    readonly 'org.schema.Offer.identifier': "offer-uuid-001";
+                    readonly 'org.schema.Organization.identifier.value': "org-uuid-001";
+                    readonly 'org.schema.Organization.alternateName': "Ana";
+                    readonly 'org.schema.Organization.owner.telephone': "+34600000001";
+                    readonly 'org.schema.Organization.foundingDate': "2010-05-20";
+                };
+            };
+            readonly resource: {
+                readonly id: "org-uuid-001";
+            };
+        }];
+    };
+};

package/dist/examples/individual-controller.js

@@ -69,3 +69,26 @@ export const EXAMPLE_CLINICAL_BUNDLE_SEARCH_INPUT = {
 export const EXAMPLE_LATEST_IPS_SEARCH_INPUT = {
     subject: EXAMPLE_SUBJECT_DID,
 };
+export const EXAMPLE_FAMILY_ORGANIZATION_SEARCH_INPUT = {
+    controllerPhone: '+34600000001',
+    usualname: 'Ana',
+    birthDate: '2010-05-20',
+};
+export const EXAMPLE_FAMILY_ORGANIZATION_SEARCH_RESPONSE_BODY = {
+    body: {
+        data: [{
+                type: 'Family-search-result-v1.0',
+                meta: {
+                    claims: {
+                        'org.schema.FamilyRegistration.status': 'already_exists',
+                        'org.schema.Offer.identifier': 'offer-uuid-001',
+                        'org.schema.Organization.identifier.value': 'org-uuid-001',
+                        'org.schema.Organization.alternateName': EXAMPLE_FAMILY_ORGANIZATION_SEARCH_INPUT.usualname,
+                        'org.schema.Organization.owner.telephone': EXAMPLE_FAMILY_ORGANIZATION_SEARCH_INPUT.controllerPhone,
+                        'org.schema.Organization.foundingDate': EXAMPLE_FAMILY_ORGANIZATION_SEARCH_INPUT.birthDate,
+                    },
+                },
+                resource: { id: 'org-uuid-001' },
+            }],
+    },
+};

package/dist/examples/legal-organization-verification-transaction.d.ts

@@ -0,0 +1 @@
+export declare const EXAMPLE_LEGAL_ORGANIZATION_VERIFICATION_TRANSACTION_BUNDLE: import("..").BundleJsonApi<import("..").ErrorEntry | import("..").BundleEntry>;

package/dist/examples/legal-organization-verification-transaction.js

@@ -0,0 +1,76 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+import { ClaimsOrganizationSchemaorg, ClaimsPersonSchemaorg, ClaimsServiceSchemaorg, } from '../constants/schemaorg.js';
+import { serializeServiceCapabilityTokens, ServiceCapability, } from '../constants/service-capabilities.js';
+import { buildLegalOrganizationVerificationTransactionBundle, } from '../utils/legal-organization-verification-transaction.js';
+import { EXAMPLE_CONTROLLER_BINDING, EXAMPLE_EMAIL_CONTROLLER_ORG, EXAMPLE_JURISDICTION, EXAMPLE_ORGANIZATION_LEGAL_NAME, EXAMPLE_LEGAL_ORGANIZATION_TAX_ID, EXAMPLE_SECTOR, EXAMPLE_SIGNED_TERMS_PDF_URL, EXAMPLE_TENANT_SERVICE_DID, } from './shared.js';
+/**
+ * Canonical host-onboarding transaction example for the new ICA verification
+ * first step.
+ *
+ * Why this exists:
+ * - BFF/portal integrations need one stable example of the GW CORE request
+ *   that wraps an ICA `_verify`
+ * - the example keeps the controller business binding separate from any
+ *   technical DIDComm communication key
+ *
+ * Contract note:
+ * - the same request must already declare the requested tenant service
+ *   capabilities because GW uses them to prepare the pending Offer that the
+ *   client will later confirm via `Order/_batch`
+ */
+const exampleControllerBinding = {
+    did: EXAMPLE_CONTROLLER_BINDING.did,
+    sameAs: EXAMPLE_CONTROLLER_BINDING.sameAs,
+    publicKeyJwk: { ...EXAMPLE_CONTROLLER_BINDING.publicKeyJwk },
+    ...(EXAMPLE_CONTROLLER_BINDING.jwks
+        ? {
+            jwks: {
+                keys: EXAMPLE_CONTROLLER_BINDING.jwks.keys.map((item) => ({ ...item })),
+            },
+        }
+        : {}),
+};
+export const EXAMPLE_LEGAL_ORGANIZATION_VERIFICATION_TRANSACTION_BUNDLE = buildLegalOrganizationVerificationTransactionBundle({
+    claims: {
+        '@context': 'org.schema',
+        [ClaimsOrganizationSchemaorg.legalName]: EXAMPLE_ORGANIZATION_LEGAL_NAME,
+        [ClaimsOrganizationSchemaorg.identifierType]: 'taxID',
+        [ClaimsOrganizationSchemaorg.identifierValue]: EXAMPLE_LEGAL_ORGANIZATION_TAX_ID,
+        [ClaimsOrganizationSchemaorg.taxId]: EXAMPLE_LEGAL_ORGANIZATION_TAX_ID,
+        [ClaimsOrganizationSchemaorg.addressCountry]: EXAMPLE_JURISDICTION,
+        [ClaimsPersonSchemaorg.email]: EXAMPLE_EMAIL_CONTROLLER_ORG,
+        [ClaimsServiceSchemaorg.category]: EXAMPLE_SECTOR,
+        [ClaimsServiceSchemaorg.identifier]: EXAMPLE_TENANT_SERVICE_DID,
+        [ClaimsServiceSchemaorg.url]: `https://operator.example.net/acme/cds-${String(EXAMPLE_JURISDICTION).toLowerCase()}/v1/${EXAMPLE_SECTOR}`,
+        [ClaimsServiceSchemaorg.serviceType]: serializeServiceCapabilityTokens([
+            ServiceCapability.IndexProvider,
+            ServiceCapability.DigitalTwinReader,
+        ]),
+    },
+    controller: exampleControllerBinding,
+    organization: {
+        did: EXAMPLE_TENANT_SERVICE_DID,
+        publicKeyJwk: {
+            kid: 'organization-signing-es384-001',
+            kty: 'EC',
+            crv: 'P-384',
+            x: '<organization-sign-x>',
+            y: '<organization-sign-y>',
+            alg: 'ES384',
+            use: 'sig',
+        },
+    },
+    legalRepresentativePayload: {
+        email: EXAMPLE_EMAIL_CONTROLLER_ORG,
+    },
+    verification: {
+        resourceType: 'contract',
+    },
+    attachments: [{
+            id: 'signed-terms-pdf-001',
+            media_type: 'application/pdf',
+            data: {
+                links: [EXAMPLE_SIGNED_TERMS_PDF_URL],
+            },
+        }],
+});

package/dist/examples/organization-did-binding.d.ts

@@ -0,0 +1 @@
+export declare const EXAMPLE_ORGANIZATION_DID_BINDING_BUNDLE: import("..").BundleJsonApi<import("..").ErrorEntry | import("..").BundleEntry>;

package/dist/examples/organization-did-binding.js

@@ -0,0 +1,14 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+import { buildOrganizationDidBindingBundle } from '../utils/organization-did-binding.js';
+import { EXAMPLE_CONTROLLER_BINDING, EXAMPLE_TENANT_SERVICE_DID, } from './shared.js';
+export const EXAMPLE_ORGANIZATION_DID_BINDING_BUNDLE = buildOrganizationDidBindingBundle({
+    organization: {
+        url: [
+            'https://provider.example.org',
+            EXAMPLE_TENANT_SERVICE_DID,
+        ],
+    },
+    controller: {
+        sameAs: EXAMPLE_CONTROLLER_BINDING.sameAs,
+    },
+});

package/dist/examples/shared.d.ts

@@ -17,6 +17,8 @@ export declare const EXAMPLE_NETWORK_TYPE: "test";
 export declare const EXAMPLE_ROUTE_VERSION: "v1";
 export declare const EXAMPLE_SECTOR: "health-care";
 export declare const EXAMPLE_EMAIL_CONTROLLER_ORG: "controller@acme.org";
+export declare const EXAMPLE_ORGANIZATION_LEGAL_NAME: "ACME HEALTH SL";
+export declare const EXAMPLE_LEGAL_ORGANIZATION_TAX_ID: "VATES-B00112233";
 export declare const EXAMPLE_EMAIL_CONTROLLER_INDIVIDUAL: "ana.parent@example.org";
 export declare const EXAMPLE_INTEROPERABLE_CONTEXT_FHIR_API: "org.hl7.fhir.api";
 export declare const EXAMPLE_SELF_REGISTERED_INDIVIDUAL_ALTERNATE_NAME: "Jane";
@@ -27,6 +29,7 @@ export declare const EXAMPLE_SELF_REGISTERED_INDIVIDUAL_BIRTH_YEAR: "1980";
 export declare const EXAMPLE_REGISTERED_SUBJECT_ALTERNATE_NAME: "Doraemon";
 export declare const EXAMPLE_REGISTERED_SUBJECT_BIRTH_YEAR: "2020";
 export declare const EXAMPLE_PDF_CONSENT_DATE: "2026-06-08";
+export declare const EXAMPLE_SIGNED_TERMS_PDF_URL: "https://portal.example.org/files/legal-organization-signed-terms.pdf";
 /**
  * Public provider domain selected during autodiscovery.
  *
@@ -88,6 +91,13 @@ export declare const EXAMPLE_TENANT_ROUTE_CONTEXT: {
 export declare const EXAMPLE_HOST_ROUTE_CONTEXT: {
     readonly hostCoverageScope: "EU";
     readonly jurisdiction: "ES";
+    /**
+     * Host route segment used in `/host/cds-{hostCoverageScope}/v1/{hostNetwork}/...`.
+     *
+     * This is intentionally not the tenant business sector.
+     */
+    readonly hostNetwork: "test";
+    /** @deprecated Use `hostNetwork`. */
     readonly sector: "test";
 };
 export declare const EXAMPLE_CONTROLLER_DID: "did:web:people.acme.org:controllers:primary";

package/dist/examples/shared.js

@@ -32,6 +32,8 @@ export const EXAMPLE_NETWORK_TYPE = HostNetworkTypes.Test;
 export const EXAMPLE_ROUTE_VERSION = 'v1';
 export const EXAMPLE_SECTOR = DataspaceSectors.HealthCare;
 export const EXAMPLE_EMAIL_CONTROLLER_ORG = 'controller@acme.org';
+export const EXAMPLE_ORGANIZATION_LEGAL_NAME = 'ACME HEALTH SL';
+export const EXAMPLE_LEGAL_ORGANIZATION_TAX_ID = 'VATES-B00112233';
 export const EXAMPLE_EMAIL_CONTROLLER_INDIVIDUAL = 'ana.parent@example.org';
 export const EXAMPLE_INTEROPERABLE_CONTEXT_FHIR_API = Format.FHIR_API;
 export const EXAMPLE_SELF_REGISTERED_INDIVIDUAL_ALTERNATE_NAME = 'Jane';
@@ -42,6 +44,7 @@ export const EXAMPLE_SELF_REGISTERED_INDIVIDUAL_BIRTH_YEAR = '1980';
 export const EXAMPLE_REGISTERED_SUBJECT_ALTERNATE_NAME = 'Doraemon';
 export const EXAMPLE_REGISTERED_SUBJECT_BIRTH_YEAR = '2020';
 export const EXAMPLE_PDF_CONSENT_DATE = '2026-06-08';
+export const EXAMPLE_SIGNED_TERMS_PDF_URL = 'https://portal.example.org/files/legal-organization-signed-terms.pdf';
 /**
  * Public provider domain selected during autodiscovery.
  *
@@ -103,7 +106,14 @@ export const EXAMPLE_TENANT_ROUTE_CONTEXT = {
 export const EXAMPLE_HOST_ROUTE_CONTEXT = {
     hostCoverageScope: EXAMPLE_HOST_COVERAGE_SCOPE,
     jurisdiction: EXAMPLE_JURISDICTION,
-    sector: HostNetworkTypes.Test,
+    /**
+     * Host route segment used in `/host/cds-{hostCoverageScope}/v1/{hostNetwork}/...`.
+     *
+     * This is intentionally not the tenant business sector.
+     */
+    hostNetwork: EXAMPLE_NETWORK_TYPE,
+    /** @deprecated Use `hostNetwork`. */
+    sector: EXAMPLE_NETWORK_TYPE,
 };
 export const EXAMPLE_CONTROLLER_DID = 'did:web:people.acme.org:controllers:primary';
 export const EXAMPLE_CONTROLLER_EMAIL = EXAMPLE_EMAIL_CONTROLLER_ORG;

package/dist/utils/bundle-reader.d.ts

@@ -84,3 +84,5 @@ export declare class BundleReader {
     private buildSeverityBucket;
     private resolveEntryIdentifier;
 }
+export declare function unwrapBundleLikeResponseBody(input: unknown): Record<string, unknown>;
+export declare function readFirstBundleResourceFromResponseBody(input: unknown): Record<string, unknown> | undefined;

package/dist/utils/bundle-reader.js

@@ -221,3 +221,17 @@ export class BundleReader {
 function normalizeOptionalString(value) {
     return typeof value === 'string' && value.trim() ? value.trim() : undefined;
 }
+export function unwrapBundleLikeResponseBody(input) {
+    const body = input && typeof input === 'object' ? input : {};
+    const nested = body.body && typeof body.body === 'object' ? body.body : undefined;
+    const candidate = nested && (Array.isArray(nested.data) || Array.isArray(nested.entry))
+        ? nested
+        : body;
+    return candidate && typeof candidate === 'object' ? candidate : {};
+}
+export function readFirstBundleResourceFromResponseBody(input) {
+    const reader = new BundleReader(unwrapBundleLikeResponseBody(input));
+    const first = reader.getEntries()[0];
+    const resource = first?.resource;
+    return resource && typeof resource === 'object' ? resource : undefined;
+}

package/dist/utils/clinical-bundle-summary.d.ts

@@ -0,0 +1,20 @@
+import type { ClinicalResourceBundleLike } from './clinical-resource-view.js';
+export type ClinicalBundleTypeSummary = Readonly<{
+    resourceType: string;
+    count: number;
+}>;
+export type ClinicalBundleSummary = Readonly<{
+    totalEntries: number;
+    resourceTypes: ClinicalBundleTypeSummary[];
+    xhtmlEntries: number;
+    notedEntries: number;
+}>;
+/**
+ * Builds one high-level summary from a FHIR/IPS bundle already normalized to
+ * the common clinical-resource view contract.
+ *
+ * Intended for BFF/frontend/call-center code that needs to announce simple
+ * menu facts such as "how many medications are present" without hand-reading
+ * bundle entries.
+ */
+export declare function summarizeClinicalBundle(bundle: ClinicalResourceBundleLike): ClinicalBundleSummary;

package/dist/utils/clinical-bundle-summary.js

@@ -0,0 +1,34 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+import { toClinicalResourceExpandedViews } from './clinical-resource-view.js';
+/**
+ * Builds one high-level summary from a FHIR/IPS bundle already normalized to
+ * the common clinical-resource view contract.
+ *
+ * Intended for BFF/frontend/call-center code that needs to announce simple
+ * menu facts such as "how many medications are present" without hand-reading
+ * bundle entries.
+ */
+export function summarizeClinicalBundle(bundle) {
+    const views = toClinicalResourceExpandedViews(bundle);
+    const counts = new Map();
+    let xhtmlEntries = 0;
+    let notedEntries = 0;
+    views.forEach((view) => {
+        const resourceType = String(view.common.resourceType || 'Unknown').trim() || 'Unknown';
+        counts.set(resourceType, (counts.get(resourceType) || 0) + 1);
+        if (String(view.xhtml || '').trim()) {
+            xhtmlEntries += 1;
+        }
+        if (Array.isArray(view.notes) && view.notes.length > 0) {
+            notedEntries += 1;
+        }
+    });
+    return {
+        totalEntries: views.length,
+        resourceTypes: [...counts.entries()]
+            .map(([resourceType, count]) => ({ resourceType, count }))
+            .sort((left, right) => left.resourceType.localeCompare(right.resourceType)),
+        xhtmlEntries,
+        notedEntries,
+    };
+}

package/dist/utils/didcomm-submit-policy.d.ts

@@ -1,10 +1,27 @@
-export type CommunicationMode = 'plain' | 'strict' | 'auto-detect';
+export declare const DIDCOMM_COMMUNICATION_MODES: Readonly<{
+    readonly Plain: "plain";
+    readonly Strict: "strict";
+    readonly AutoDetect: "auto-detect";
+}>;
+export type CommunicationMode = typeof DIDCOMM_COMMUNICATION_MODES[keyof typeof DIDCOMM_COMMUNICATION_MODES];
+export declare const DIDCOMM_SUBMIT_KINDS: Readonly<{
+    readonly Plain: "plain";
+    readonly Encrypted: "encrypted";
+}>;
+export type DidcommSubmitKind = typeof DIDCOMM_SUBMIT_KINDS[keyof typeof DIDCOMM_SUBMIT_KINDS];
 export type DidcommSubmissionCapabilities = {
     hasRecipientEncryptionJwk: boolean;
 };
+export declare const DIDCOMM_SUBMISSION_REASONS: Readonly<{
+    readonly PlainMode: "plain-mode";
+    readonly StrictMode: "strict-mode";
+    readonly AutoDetectEncrypted: "auto-detect-encrypted";
+    readonly AutoDetectPlain: "auto-detect-plain";
+}>;
+export type DidcommSubmissionReason = typeof DIDCOMM_SUBMISSION_REASONS[keyof typeof DIDCOMM_SUBMISSION_REASONS];
 export type DidcommSubmissionPlan = {
     mode: CommunicationMode;
-    submitKind: 'plain' | 'encrypted';
-    reason: 'plain-mode' | 'strict-mode' | 'auto-detect-encrypted' | 'auto-detect-plain';
+    submitKind: DidcommSubmitKind;
+    reason: DidcommSubmissionReason;
 };
 export declare function resolveDidcommSubmissionPlan(mode: CommunicationMode, capabilities: DidcommSubmissionCapabilities): DidcommSubmissionPlan;

package/dist/utils/didcomm-submit-policy.js

@@ -1,15 +1,46 @@
+export const DIDCOMM_COMMUNICATION_MODES = Object.freeze({
+    Plain: 'plain',
+    Strict: 'strict',
+    AutoDetect: 'auto-detect',
+});
+export const DIDCOMM_SUBMIT_KINDS = Object.freeze({
+    Plain: 'plain',
+    Encrypted: 'encrypted',
+});
+export const DIDCOMM_SUBMISSION_REASONS = Object.freeze({
+    PlainMode: 'plain-mode',
+    StrictMode: 'strict-mode',
+    AutoDetectEncrypted: 'auto-detect-encrypted',
+    AutoDetectPlain: 'auto-detect-plain',
+});
 export function resolveDidcommSubmissionPlan(mode, capabilities) {
-    if (mode === 'plain') {
-        return { mode, submitKind: 'plain', reason: 'plain-mode' };
+    if (mode === DIDCOMM_COMMUNICATION_MODES.Plain) {
+        return {
+            mode,
+            submitKind: DIDCOMM_SUBMIT_KINDS.Plain,
+            reason: DIDCOMM_SUBMISSION_REASONS.PlainMode,
+        };
     }
-    if (mode === 'strict') {
+    if (mode === DIDCOMM_COMMUNICATION_MODES.Strict) {
         if (!capabilities.hasRecipientEncryptionJwk) {
             throw new Error('strict mode requires recipient encryption JWK.');
         }
-        return { mode, submitKind: 'encrypted', reason: 'strict-mode' };
+        return {
+            mode,
+            submitKind: DIDCOMM_SUBMIT_KINDS.Encrypted,
+            reason: DIDCOMM_SUBMISSION_REASONS.StrictMode,
+        };
     }
     if (capabilities.hasRecipientEncryptionJwk) {
-        return { mode, submitKind: 'encrypted', reason: 'auto-detect-encrypted' };
+        return {
+            mode,
+            submitKind: DIDCOMM_SUBMIT_KINDS.Encrypted,
+            reason: DIDCOMM_SUBMISSION_REASONS.AutoDetectEncrypted,
+        };
     }
-    return { mode, submitKind: 'plain', reason: 'auto-detect-plain' };
+    return {
+        mode,
+        submitKind: DIDCOMM_SUBMIT_KINDS.Plain,
+        reason: DIDCOMM_SUBMISSION_REASONS.AutoDetectPlain,
+    };
 }

package/dist/utils/didcomm-submit.d.ts

@@ -1,4 +1,11 @@
-import { CommunicationMode } from './didcomm-submit-policy';
+import { CommunicationMode, type DidcommSubmitKind } from './didcomm-submit-policy';
+export declare const DIDCOMM_PLAINTEXT_JSON_MEDIA_TYPE: "application/didcomm-plaintext+json";
+export declare const DIDCOMM_ENCRYPTED_JSON_MEDIA_TYPE: "application/didcomm-encrypted+json";
+export declare const DIDCOMM_DEFAULT_ACCEPT_HEADER: "application/json, application/didcomm-plaintext+json, */*";
+export declare const DIDCOMM_CONTENT_TYPE_BY_SUBMIT_KIND: Readonly<{
+    readonly plain: "application/didcomm-plaintext+json";
+    readonly encrypted: "application/didcomm-encrypted+json";
+}>;
 export type DidcommFetchInit = {
     method: 'POST';
     headers: Record<string, string>;
@@ -28,8 +35,8 @@ export type DidcommSubmitResult = {
     status: number;
     location?: string;
     body: unknown;
-    submitKind: 'plain' | 'encrypted';
-    contentType: 'application/didcomm-plaintext+json' | 'application/didcomm-encrypted+json';
+    submitKind: DidcommSubmitKind;
+    contentType: typeof DIDCOMM_PLAINTEXT_JSON_MEDIA_TYPE | typeof DIDCOMM_ENCRYPTED_JSON_MEDIA_TYPE;
 };
 /**
  * Submits a DIDComm payload using either plaintext or encrypted transport,

package/dist/utils/didcomm-submit.js

@@ -1,4 +1,11 @@
-import { resolveDidcommSubmissionPlan } from './didcomm-submit-policy.js';
+import { DIDCOMM_SUBMIT_KINDS, resolveDidcommSubmissionPlan, } from './didcomm-submit-policy.js';
+export const DIDCOMM_PLAINTEXT_JSON_MEDIA_TYPE = 'application/didcomm-plaintext+json';
+export const DIDCOMM_ENCRYPTED_JSON_MEDIA_TYPE = 'application/didcomm-encrypted+json';
+export const DIDCOMM_DEFAULT_ACCEPT_HEADER = `application/json, ${DIDCOMM_PLAINTEXT_JSON_MEDIA_TYPE}, */*`;
+export const DIDCOMM_CONTENT_TYPE_BY_SUBMIT_KIND = Object.freeze({
+    [DIDCOMM_SUBMIT_KINDS.Plain]: DIDCOMM_PLAINTEXT_JSON_MEDIA_TYPE,
+    [DIDCOMM_SUBMIT_KINDS.Encrypted]: DIDCOMM_ENCRYPTED_JSON_MEDIA_TYPE,
+});
 function getHeaderValue(headers, name) {
     if (!headers || typeof headers.get !== 'function') {
         return undefined;
@@ -40,12 +47,12 @@ export async function submitDidcomm(input) {
     });
     const headers = {
         ...(input.defaultHeaders ?? {}),
-        Accept: 'application/json, application/didcomm-plaintext+json, */*',
+        Accept: DIDCOMM_DEFAULT_ACCEPT_HEADER,
     };
     let body;
     let contentType;
-    if (plan.submitKind === 'plain') {
-        contentType = 'application/didcomm-plaintext+json';
+    if (plan.submitKind === DIDCOMM_SUBMIT_KINDS.Plain) {
+        contentType = DIDCOMM_CONTENT_TYPE_BY_SUBMIT_KIND[DIDCOMM_SUBMIT_KINDS.Plain];
         body = JSON.stringify(input.payload);
     }
     else {
@@ -60,7 +67,7 @@ export async function submitDidcomm(input) {
         }
         const compactJws = await input.signCompactJws(input.payload);
         body = await input.encryptCompactJwe(compactJws, input.recipientEncryptionJwk);
-        contentType = 'application/didcomm-encrypted+json';
+        contentType = DIDCOMM_CONTENT_TYPE_BY_SUBMIT_KIND[DIDCOMM_SUBMIT_KINDS.Encrypted];
     }
     headers['Content-Type'] = contentType;
     if (input.bearerToken) {