gdc-sdk-front-ts 0.1.1

package/README.md

@@ -0,0 +1,94 @@
+# gdc-sdk-front-ts
+
+Target frontend runtime package for the converged GDC SDK family.
+
+Key docs:
+
+- [CHANGELOG.md](CHANGELOG.md)
+- [SECURITY.md](SECURITY.md)
+- [SDK_INTEGRATION_101.md](SDK_INTEGRATION_101.md)
+
+Current status:
+
+- package created
+- build/test baseline created
+- migration target from `gdc-sdk-client-ts` declared
+- frontend runtime contract skeleton declared
+- shared core identity/discovery/bootstrap contracts are now available for frontend wiring
+
+Why `front` and not `expo`:
+
+- the SDK architecture is frontend-agnostic
+- Expo is one runtime, not the product boundary
+- the same package family should later support web portal and Expo/mobile adapters
+
+Not migrated yet:
+
+- `ClientSDK`
+- `ProfileManager`
+- `roleRegistry`
+- `capabilityMapper`
+- app-facing session bootstrap
+- Expo/web adapter implementations
+- provider/operator/ICA discovery facade wiring
+- explicit device/actor/provider identity store wiring
+- controller bootstrap helper for `_activate` with `vp_token + controller.*`
+
+Role in the transition:
+
+- `gdc-sdk-core-ts` will own shared actor/capability contracts
+- `gdc-sdk-front-ts` will own frontend-facing runtime adapters and session/profile orchestration
+- `gdc-sdk-client-ts` is now the legacy source repo for migration, not the final name
+
+Reusable payload source of truth:
+
+- `gdc-common-utils-ts/examples/frontend-session`
+  - session/profile bootstrap examples
+- `gdc-common-utils-ts/examples/professional`
+  - lightweight communication/search request examples reused by frontend services
+  - reusable professional role/permission scenarios by section and expected FHIR types
+  - reusable consent-vs-smart matrices for actor targeting by email, organization, or jurisdiction
+- `gdc-common-utils-ts/examples/api-flow-examples`
+  - preferred compatibility aggregator when one import surface is needed without using the overloaded term `contract`
+
+CORE vs extension note:
+
+- CORE shared examples model provider and actor identities with DID/email-first semantics
+- phone-only subject/controller fields are compatibility or product-extension concerns, not required CORE GW inputs
+- individual/family bootstrap uses `org.schema.Organization.owner.*` claims for the owner/controller of the subject index
+- legal organization activation uses `Person` representative semantics plus VC `memberOf` / `hasOccupation`
+
+## API Index
+
+The canonical API contract should live in JSDoc on exported code. The README is the linked index.
+
+### Core draft/document helpers re-exported from `gdc-sdk-core-ts`
+
+- [`createCommunicationDraft(...)`](../gdc-sdk-core-ts/src/communication-draft.ts)
+  - Starts an in-memory communication draft.
+- [`addFhirResourceToDraft(...)`](../gdc-sdk-core-ts/src/communication-draft.ts)
+  - Appends a concrete FHIR resource or document.
+- [`addClaimsResourceToDraft(...)`](../gdc-sdk-core-ts/src/communication-draft.ts)
+  - Appends a claims-only pseudo-resource.
+- [`createOutboxJobFromDraft(...)`](../gdc-sdk-core-ts/src/communication-draft.ts)
+  - Freezes the draft into a transport-oriented outbox job.
+- [`updateOutboxJobStatus(...)`](../gdc-sdk-core-ts/src/communication-draft.ts)
+  - Updates the outbox job status in memory.
+- [`IOutboxRepository`](../gdc-sdk-core-ts/src/communication-outbox.ts)
+- [`OutboxRepositoryMemory`](../gdc-sdk-core-ts/src/communication-outbox.ts)
+- [`createCommunicationFacade()`](../gdc-sdk-core-ts/src/communication-document-facade.ts)
+  - Resolves documents from FHIR `Communication`.
+- [`createHeartRateObservation(...)`](../gdc-sdk-core-ts/src/vital-signs.ts)
+- [`createBodyTemperatureObservation(...)`](../gdc-sdk-core-ts/src/vital-signs.ts)
+- [`createBloodPressureObservation(...)`](../gdc-sdk-core-ts/src/vital-signs.ts)
+
+### Runtime configuration
+
+- [`FrontRuntimeConfig`](src/runtime-contracts.ts)
+  - Includes `persistencePolicy?` and `outboxRepositoryFactory?` so frontend runtimes can disable local persistence on shared devices or use secure local storage on confidential devices.
+
+### Documentation rule
+
+- JSDoc on exported code is canonical.
+- README entries should link to source and summarize the main parameters.
+- If a payload shape is shown in docs or validated by tests, keep its reusable source in the relevant module under `gdc-common-utils-ts/examples`.

package/dist/ClientSDK.d.ts

@@ -0,0 +1,70 @@
+import { ProfileManager } from './ProfileManager.js';
+import { ProfileRegistry } from './ProfileRegistry.js';
+import type { AppInfo, InitializeSessionParams, IVerifier, IVaultRepository, ProfileRegistryEntry, SdkConfig } from './types.js';
+/**
+ * Frontend-facing SDK entry point for profile/session bootstrapping, lightweight
+ * provider discovery, and role-scoped session creation.
+ *
+ * This class is intentionally small while the convergence work is still in
+ * progress. It should be treated as the bootstrap façade, not yet the full
+ * replacement for every legacy runtime helper.
+ *
+ * Canonical frontend payload examples used by tests and docs live in:
+ * `gdc-common-utils-ts/examples`
+ */
+export declare class ClientSDK {
+    private readonly sdkConfig;
+    private readonly appInfo;
+    private readonly _wallet;
+    private readonly _verifier;
+    private readonly _icaDid?;
+    private readonly mockDidDocuments;
+    currentSession: ProfileManager | null;
+    profileRegistry: ProfileRegistry | null;
+    /**
+     * @param sdkConfig Frontend runtime adapters such as fetch/network/api.
+     * @param appInfo Information about the host app.
+     * @param _wallet Reserved wallet/provider dependency.
+     * @param _verifier DID/VC verifier dependency.
+     * @param _icaDid Optional bootstrap ICA DID used by the host app.
+     */
+    constructor(sdkConfig: SdkConfig, appInfo: AppInfo, _wallet: unknown, _verifier: IVerifier, _icaDid?: string | undefined);
+    /**
+     * Registers a mock DID document for local/demo discovery flows.
+     */
+    addMockDidDocument(did: string, didDoc: unknown): void;
+    /**
+     * Loads `/.well-known/api-config.json` from a provider URL or `did:web`.
+     */
+    fetchWellKnownApiConfig(source: string): Promise<Record<string, unknown>>;
+    /**
+     * Loads `/.well-known/supported-fields.json` from a provider URL or `did:web`.
+     */
+    fetchSupportedFields(source: string): Promise<Array<{
+        code: string;
+        display: string;
+    }>>;
+    /**
+     * Initializes a profile-scoped session and returns a `ProfileManager` with the
+     * role-specific services available for the current profile.
+     *
+     * Implemented today:
+     * - canonical profile normalization and persistence bootstrap
+     * - provider DID carried into the created session
+     *
+     * Still pending:
+     * - explicit `deviceIdentity` / `actorIdentity` / `providerIdentity` stores
+     * - provider DID resolution through the shared discovery contracts
+     */
+    initializeSession(params: InitializeSessionParams, createVaultForProfile: () => IVaultRepository): Promise<ProfileManager>;
+    /**
+     * Initializes the local profile registry abstraction.
+     */
+    initializeProfileRegistry(createVaultForProfile: () => IVaultRepository): Promise<ProfileRegistry>;
+    /**
+     * Clears the current in-memory session reference.
+     */
+    shutdownSession(): void;
+    private resolveBaseUrl;
+}
+export type { InitializeSessionParams, ProfileRegistryEntry, };

package/dist/ClientSDK.js

@@ -0,0 +1,140 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+import { ProfileManager } from './ProfileManager.js';
+import { ProfileRegistry } from './ProfileRegistry.js';
+/**
+ * Frontend-facing SDK entry point for profile/session bootstrapping, lightweight
+ * provider discovery, and role-scoped session creation.
+ *
+ * This class is intentionally small while the convergence work is still in
+ * progress. It should be treated as the bootstrap façade, not yet the full
+ * replacement for every legacy runtime helper.
+ *
+ * Canonical frontend payload examples used by tests and docs live in:
+ * `gdc-common-utils-ts/examples`
+ */
+export class ClientSDK {
+    /**
+     * @param sdkConfig Frontend runtime adapters such as fetch/network/api.
+     * @param appInfo Information about the host app.
+     * @param _wallet Reserved wallet/provider dependency.
+     * @param _verifier DID/VC verifier dependency.
+     * @param _icaDid Optional bootstrap ICA DID used by the host app.
+     */
+    constructor(sdkConfig, appInfo, _wallet, _verifier, _icaDid) {
+        this.sdkConfig = sdkConfig;
+        this.appInfo = appInfo;
+        this._wallet = _wallet;
+        this._verifier = _verifier;
+        this._icaDid = _icaDid;
+        this.mockDidDocuments = new Map();
+        this.currentSession = null;
+        this.profileRegistry = null;
+    }
+    /**
+     * Registers a mock DID document for local/demo discovery flows.
+     */
+    addMockDidDocument(did, didDoc) {
+        this.mockDidDocuments.set(String(did || '').trim(), didDoc);
+    }
+    /**
+     * Loads `/.well-known/api-config.json` from a provider URL or `did:web`.
+     */
+    async fetchWellKnownApiConfig(source) {
+        const baseUrl = await this.resolveBaseUrl(source);
+        const response = await this.sdkConfig.fetcher(new URL('.well-known/api-config.json', baseUrl).href);
+        if (!response.ok) {
+            throw new Error(`Failed to load API config (${response.status}).`);
+        }
+        return response.json();
+    }
+    /**
+     * Loads `/.well-known/supported-fields.json` from a provider URL or `did:web`.
+     */
+    async fetchSupportedFields(source) {
+        const baseUrl = await this.resolveBaseUrl(source);
+        const response = await this.sdkConfig.fetcher(new URL('.well-known/supported-fields.json', baseUrl).href);
+        if (!response.ok)
+            return [];
+        const body = await response.json();
+        const candidates = body.fields || body.supportedFields || [];
+        if (!Array.isArray(candidates))
+            return [];
+        return candidates
+            .map((entry) => {
+            if (!entry || typeof entry !== 'object')
+                return null;
+            const code = String(entry.code || '').trim();
+            const display = String(entry.display || code).trim();
+            return code ? { code, display } : null;
+        })
+            .filter((entry) => Boolean(entry));
+    }
+    /**
+     * Initializes a profile-scoped session and returns a `ProfileManager` with the
+     * role-specific services available for the current profile.
+     *
+     * Implemented today:
+     * - canonical profile normalization and persistence bootstrap
+     * - provider DID carried into the created session
+     *
+     * Still pending:
+     * - explicit `deviceIdentity` / `actorIdentity` / `providerIdentity` stores
+     * - provider DID resolution through the shared discovery contracts
+     */
+    async initializeSession(params, createVaultForProfile) {
+        this.shutdownSession();
+        const vault = createVaultForProfile();
+        await vault.initialize();
+        const profile = {
+            id: String(params.profileId || '').trim(),
+            email: String(params.email || '').trim(),
+            role: String(params.role || '').trim(),
+            providerDid: String(params.providerDid || '').trim(),
+            appType: params.appType,
+            createdAt: new Date().toISOString(),
+        };
+        if (!profile.id) {
+            throw new Error('initializeSession requires profileId.');
+        }
+        await vault.put('profile', profile);
+        const session = new ProfileManager(profile, profile.providerDid);
+        this.currentSession = session;
+        return session;
+    }
+    /**
+     * Initializes the local profile registry abstraction.
+     */
+    async initializeProfileRegistry(createVaultForProfile) {
+        const vault = createVaultForProfile();
+        const registry = new ProfileRegistry(vault);
+        await registry.initialize();
+        this.profileRegistry = registry;
+        return registry;
+    }
+    /**
+     * Clears the current in-memory session reference.
+     */
+    shutdownSession() {
+        this.currentSession = null;
+    }
+    async resolveBaseUrl(source) {
+        const raw = String(source || '').trim();
+        if (!raw)
+            throw new Error('Provider source is required.');
+        if (raw.startsWith('did:web:')) {
+            const didDoc = this.mockDidDocuments.get(raw);
+            const didServices = (didDoc?.service && Array.isArray(didDoc.service) ? didDoc.service : []);
+            const endpoint = didServices
+                .map((service) => service.serviceEndpoint)
+                .find((candidate) => typeof candidate === 'string' && candidate.startsWith('http'));
+            if (endpoint)
+                return new URL(String(endpoint));
+            const host = raw.replace(/^did:web:/, '').replace(/:/g, '/');
+            return new URL(`https://${host}/`);
+        }
+        if (/^https?:\/\//i.test(raw)) {
+            return new URL(raw.endsWith('/') ? raw : `${raw}/`);
+        }
+        return new URL(`https://${raw}/`);
+    }
+}

package/dist/ProfileManager.d.ts

@@ -0,0 +1,140 @@
+import type { DeviceAppType, DeviceUserClass } from 'gdc-common-utils-ts/constants';
+import type { Profile } from './types.js';
+import type { CommonServices, FamilyAdminServices, IndividualServices, OrgAdminServices, ProfessionalServices } from './roleRegistry.js';
+/**
+ * Role-scoped session object returned by `ClientSDK.initializeSession(...)`.
+ *
+ * It exposes the common/auth surface plus the services allowed by the current
+ * profile capabilities.
+ */
+export declare class ProfileManager {
+    readonly profile: Profile;
+    readonly orgDidDoc: {
+        id: string;
+    };
+    readonly common: CommonServices;
+    readonly orgAdmin?: OrgAdminServices;
+    readonly familyAdmin?: FamilyAdminServices;
+    readonly individual?: IndividualServices;
+    readonly professional?: ProfessionalServices;
+    /**
+     * @param profile Current logical profile.
+     * @param orgDid DID of the provider/organization used as the session anchor.
+     */
+    constructor(profile: Profile, orgDid: string);
+    /**
+     * Organization-admin helper for employee/professional creation.
+     */
+    createOrganizationEmployee(providerDid: string, idToken: string, params: {
+        email: string;
+        role: string;
+        userClass?: DeviceUserClass;
+        type?: DeviceAppType;
+    }): Promise<{
+        thid: string;
+    }>;
+    /**
+     * Family/individual-admin helper for subject organization/index bootstrap.
+     */
+    bootstrapSubjectOrganizationIndex(params: {
+        registrationClaims: object;
+        providerDid: string;
+        idToken: string;
+        acceptedOfferId?: string;
+    }): Promise<{
+        registrationThid: string;
+        confirmationThid?: string;
+    }>;
+    /**
+     * Individual-service helper to import a FHIR payload or IPS bundle.
+     */
+    importIpsOrFhirAndUpdateIndex(params: {
+        compositionPayload: object;
+        providerDid: string;
+        requiredScope: string;
+        idToken: string;
+        format?: 'org.hl7.fhir.r4' | 'org.hl7.fhir.api';
+    }): Promise<{
+        thid: string;
+    }>;
+    /**
+     * Individual-service helper to create a consent-based access grant for a professional.
+     */
+    grantProfessionalAccess(params: {
+        subjectDid?: string;
+        /**
+         * Compatibility/extension field.
+         *
+         * CORE canonical consent examples identify the subject with `subjectDid`.
+         */
+        subjectPhone?: string;
+        /**
+         * Compatibility/extension display hint for phone-oriented UX flows.
+         */
+        subjectGivenName?: string;
+        /**
+         * Canonical flat consent actor identifier input.
+         *
+         * Preferred forms:
+         * - `did:web:...`
+         * - `user@example.org`
+         * - `tel:+34600111222`
+         * - `ES`
+         * - comma-separated list or string array of those values
+         *
+         * A legacy structured object is still accepted for compatibility.
+         */
+        actorId?: string | string[] | {
+            didWeb?: string;
+            organizationUrl?: string;
+            organizationTaxId?: string;
+            email?: string;
+            phone?: string;
+        };
+        /**
+         * @deprecated Use `actorId`.
+         */
+        actor?: string | string[] | {
+            didWeb?: string;
+            organizationUrl?: string;
+            organizationTaxId?: string;
+            email?: string;
+            phone?: string;
+        };
+        actorRole: string;
+        purpose: string;
+        actions: string[];
+        providerDid: string;
+        requiredScope: string;
+        idToken: string;
+        consentIdentifier?: string;
+        consentDate?: string;
+        decision?: 'permit' | 'deny';
+        attachmentContentType?: string;
+        attachmentBase64?: string;
+    }): Promise<{
+        thid: string;
+        subjectIdentifier: string;
+        actorIdentifier: string;
+        consentClaims: Record<string, unknown>;
+        claimsCid?: string;
+    }>;
+    /**
+     * Individual-service helper to generate a digital twin projection from subject data.
+     */
+    generateDigitalTwinFromSubjectData(params: {
+        compositionPayload: object;
+        providerDid: string;
+        requiredScope: string;
+        idToken: string;
+        format?: 'org.hl7.fhir.r4' | 'org.hl7.fhir.api';
+    }): Promise<{
+        thid: string;
+    }>;
+}
+/**
+ * Preferred neutral frontend actor-session surface.
+ *
+ * Keep `ProfileManager` for compatibility with earlier app-facing terminology.
+ */
+export { ProfileManager as ActorSession };

package/dist/ProfileManager.js

@@ -0,0 +1,76 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+import { CommonAuthService } from './services.js';
+import { mapCapabilitiesToServices } from './capabilityMapper.js';
+/**
+ * Role-scoped session object returned by `ClientSDK.initializeSession(...)`.
+ *
+ * It exposes the common/auth surface plus the services allowed by the current
+ * profile capabilities.
+ */
+export class ProfileManager {
+    /**
+     * @param profile Current logical profile.
+     * @param orgDid DID of the provider/organization used as the session anchor.
+     */
+    constructor(profile, orgDid) {
+        this.profile = profile;
+        this.orgDidDoc = { id: orgDid };
+        this.common = { auth: new CommonAuthService() };
+        const mapped = mapCapabilitiesToServices(profile, profile.appType);
+        this.orgAdmin = mapped.orgAdmin;
+        this.familyAdmin = mapped.familyAdmin;
+        this.individual = mapped.individual;
+        this.professional = mapped.professional;
+    }
+    /**
+     * Organization-admin helper for employee/professional creation.
+     */
+    async createOrganizationEmployee(providerDid, idToken, params) {
+        if (!this.orgAdmin?.admin) {
+            throw new Error('orgAdmin.admin service is not available for this profile.');
+        }
+        return this.orgAdmin.admin.createOrganizationEmployee(providerDid, idToken, params);
+    }
+    /**
+     * Family/individual-admin helper for subject organization/index bootstrap.
+     */
+    async bootstrapSubjectOrganizationIndex(params) {
+        if (!this.familyAdmin?.admin) {
+            throw new Error('familyAdmin.admin service is not available for this profile.');
+        }
+        return this.familyAdmin.admin.bootstrapSubjectOrganizationIndex(params);
+    }
+    /**
+     * Individual-service helper to import a FHIR payload or IPS bundle.
+     */
+    async importIpsOrFhirAndUpdateIndex(params) {
+        if (!this.individual?.service) {
+            throw new Error('individual.service is not available for this profile.');
+        }
+        return this.individual.service.importIpsOrFhirAndUpdateIndex(params.compositionPayload, params.providerDid, params.requiredScope, params.idToken, params.format);
+    }
+    /**
+     * Individual-service helper to create a consent-based access grant for a professional.
+     */
+    async grantProfessionalAccess(params) {
+        if (!this.individual?.service) {
+            throw new Error('individual.service is not available for this profile.');
+        }
+        return this.individual.service.grantProfessionalAccess(params);
+    }
+    /**
+     * Individual-service helper to generate a digital twin projection from subject data.
+     */
+    async generateDigitalTwinFromSubjectData(params) {
+        if (!this.individual?.service) {
+            throw new Error('individual.service is not available for this profile.');
+        }
+        return this.individual.service.generateDigitalTwinFromSubjectData(params.compositionPayload, params.providerDid, params.requiredScope, params.idToken, params.format);
+    }
+}
+/**
+ * Preferred neutral frontend actor-session surface.
+ *
+ * Keep `ProfileManager` for compatibility with earlier app-facing terminology.
+ */
+export { ProfileManager as ActorSession };

package/dist/ProfileRegistry.d.ts

@@ -0,0 +1,11 @@
+import type { IVaultRepository, ProfileRegistryEntry } from './types.js';
+export declare class ProfileRegistry {
+    private readonly vault;
+    constructor(vault: IVaultRepository);
+    initialize(): Promise<void>;
+    register(entry: ProfileRegistryEntry): Promise<void>;
+    upsert(entry: ProfileRegistryEntry): Promise<ProfileRegistryEntry>;
+    list(): Promise<ProfileRegistryEntry[]>;
+    get(id: string): Promise<ProfileRegistryEntry | undefined>;
+    remove(id: string): Promise<boolean>;
+}

package/dist/ProfileRegistry.js

@@ -0,0 +1,26 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+const COLLECTION = 'profiles';
+export class ProfileRegistry {
+    constructor(vault) {
+        this.vault = vault;
+    }
+    async initialize() {
+        await this.vault.initialize();
+    }
+    async register(entry) {
+        await this.vault.put(COLLECTION, entry);
+    }
+    async upsert(entry) {
+        await this.vault.put(COLLECTION, entry);
+        return entry;
+    }
+    async list() {
+        return this.vault.query(COLLECTION, {});
+    }
+    async get(id) {
+        return this.vault.get(COLLECTION, id);
+    }
+    async remove(id) {
+        return this.vault.delete(COLLECTION, id);
+    }
+}

package/dist/VerifierService.d.ts

@@ -0,0 +1,6 @@
+import type { IVerifier } from './types.js';
+export declare class VerifierService implements IVerifier {
+    constructor(_cryptographyService?: unknown, _rootGoverningKeyPub?: unknown, _fetcher?: typeof fetch);
+    verifyCredential(): Promise<boolean>;
+    verifyPresentation(): Promise<boolean>;
+}

package/dist/VerifierService.js

@@ -0,0 +1,10 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+export class VerifierService {
+    constructor(_cryptographyService, _rootGoverningKeyPub, _fetcher) { }
+    async verifyCredential() {
+        return true;
+    }
+    async verifyPresentation() {
+        return true;
+    }
+}

package/dist/actor-session.d.ts

@@ -0,0 +1,2 @@
+export type { ActorFacadeDescriptor, ActorKind, ActorSessionDescriptor, Capability, } from '../../gdc-sdk-core-ts/dist/index.js';
+export { expandActorSessionDescriptorToFacades, filterCapabilitiesForActor, } from '../../gdc-sdk-core-ts/dist/index.js';

package/dist/actor-session.js

@@ -0,0 +1,2 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+export { expandActorSessionDescriptorToFacades, filterCapabilitiesForActor, } from '../../gdc-sdk-core-ts/dist/index.js';

package/dist/capabilityMapper.d.ts

@@ -0,0 +1,8 @@
+import type { Profile } from './types.js';
+import type { FamilyAdminServices, IndividualServices, OrgAdminServices, ProfessionalServices } from './roleRegistry.js';
+export declare function mapCapabilitiesToServices(profile: Profile, appType: 'Organization' | 'Family'): {
+    professional?: ProfessionalServices;
+    orgAdmin?: OrgAdminServices;
+    familyAdmin?: FamilyAdminServices;
+    individual?: IndividualServices;
+};

package/dist/capabilityMapper.js

@@ -0,0 +1,28 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+import { HealthcareActorRoleCodes } from 'gdc-common-utils-ts/constants';
+import { FamilyAdminService, IndividualService, OrgAdminService, ParamedicService, PhysicianService } from './services.js';
+export function mapCapabilitiesToServices(profile, appType) {
+    const role = String(profile.role || '').toLowerCase();
+    const code = role.includes('|') ? role.split('|')[1] : role;
+    const isController = code === 'controller' || code === 'resprsn' || code === HealthcareActorRoleCodes.Controller;
+    const isPhysician = code === HealthcareActorRoleCodes.PhysicianBroad || code === HealthcareActorRoleCodes.Physician || code === 'physician';
+    const isParamedic = code === HealthcareActorRoleCodes.Paramedic || code === 'paramedic';
+    const professional = {};
+    const orgAdmin = {};
+    const familyAdmin = {};
+    const individual = {};
+    if (appType === 'Organization' && isController) {
+        orgAdmin.admin = new OrgAdminService();
+    }
+    if (appType === 'Family' && isController) {
+        familyAdmin.admin = new FamilyAdminService();
+        individual.service = new IndividualService();
+    }
+    if (isPhysician) {
+        professional.physician = new PhysicianService();
+    }
+    if (isParamedic) {
+        professional.paramedic = new ParamedicService();
+    }
+    return { professional, orgAdmin, familyAdmin, individual };
+}

package/dist/index.d.ts

@@ -0,0 +1,12 @@
+export * from '../../gdc-sdk-core-ts/dist/index.js';
+export * from './runtime-contracts.js';
+export * from './actor-session.js';
+export * from './session-descriptor.js';
+export * from './types.js';
+export * from './services.js';
+export * from './roleRegistry.js';
+export * from './capabilityMapper.js';
+export * from './VerifierService.js';
+export * from './ProfileManager.js';
+export * from './ProfileRegistry.js';
+export * from './ClientSDK.js';

package/dist/index.js

@@ -0,0 +1,13 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+export * from '../../gdc-sdk-core-ts/dist/index.js';
+export * from './runtime-contracts.js';
+export * from './actor-session.js';
+export * from './session-descriptor.js';
+export * from './types.js';
+export * from './services.js';
+export * from './roleRegistry.js';
+export * from './capabilityMapper.js';
+export * from './VerifierService.js';
+export * from './ProfileManager.js';
+export * from './ProfileRegistry.js';
+export * from './ClientSDK.js';

package/dist/roleRegistry.d.ts

@@ -0,0 +1,19 @@
+import { CommonAuthService, FamilyAdminService, IndividualService, OrgAdminService, ParamedicService, PhysicianService } from './services.js';
+export interface OrgAdminServices {
+    admin?: OrgAdminService;
+    it?: unknown;
+}
+export interface FamilyAdminServices {
+    admin?: FamilyAdminService;
+    it?: unknown;
+}
+export interface IndividualServices {
+    service?: IndividualService;
+}
+export interface ProfessionalServices {
+    physician?: PhysicianService;
+    paramedic?: ParamedicService;
+}
+export interface CommonServices {
+    auth: CommonAuthService;
+}

package/dist/roleRegistry.js

@@ -0,0 +1,2 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+export {};

package/dist/runtime-contracts.d.ts

@@ -0,0 +1,22 @@
+import type { DataPersistencePolicy } from '../../gdc-sdk-core-ts/dist/index.js';
+export type LegacyFrontSourcePackage = never;
+export type FrontRuntimeKind = 'expo' | 'web' | 'react-native';
+export type FrontFetchLike = typeof fetch;
+export type FrontRuntimeConfig = {
+    runtimeKind: FrontRuntimeKind;
+    fetcher: FrontFetchLike;
+    persistencePolicy?: DataPersistencePolicy;
+    cryptoProvider?: unknown;
+    networkProvider?: unknown;
+    secureStorageProvider?: unknown;
+    vaultFactory?: unknown;
+    outboxRepositoryFactory?: unknown;
+    oidcProvider?: unknown;
+};
+export type FrontPackageStatus = {
+    packageName: 'gdc-sdk-front-ts';
+    dependsOnCorePackage: 'gdc-sdk-core-ts';
+    legacySourcePackages: LegacyFrontSourcePackage[];
+    status: 'bootstrap';
+};
+export declare const GDC_SDK_FRONT_STATUS: FrontPackageStatus;

package/dist/runtime-contracts.js

@@ -0,0 +1,7 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+export const GDC_SDK_FRONT_STATUS = {
+    packageName: 'gdc-sdk-front-ts',
+    dependsOnCorePackage: 'gdc-sdk-core-ts',
+    legacySourcePackages: [],
+    status: 'bootstrap',
+};

package/dist/services.d.ts

@@ -0,0 +1,167 @@
+import type { DeviceAppType, DeviceUserClass } from 'gdc-common-utils-ts/constants';
+export declare class CommonAuthService {
+    activateDevice(_licenseCode: string, _providerDid: string, _idToken: string): Promise<{
+        thid: string;
+    }>;
+}
+export declare class OrgAdminService {
+    createOrganizationEmployee(_providerDid: string, _idToken: string, _params: {
+        email: string;
+        role: string;
+        userClass?: DeviceUserClass;
+        type?: DeviceAppType;
+    }): Promise<{
+        thid: string;
+    }>;
+}
+export declare class FamilyAdminService {
+    bootstrapSubjectOrganizationIndex(_params: {
+        registrationClaims: object;
+        providerDid: string;
+        idToken: string;
+        acceptedOfferId?: string;
+    }): Promise<{
+        registrationThid: string;
+        confirmationThid?: string;
+    }>;
+}
+export declare class IndividualService {
+    /**
+     * Imports a document/FHIR payload for subject indexing.
+     *
+     * Canonical example input lives in:
+     * `gdc-common-utils-ts/examples`
+     */
+    importIpsOrFhirAndUpdateIndex(_compositionPayload: object, _providerDid: string, _requiredScope: string, _idToken: string, _format?: 'org.hl7.fhir.r4' | 'org.hl7.fhir.api'): Promise<{
+        thid: string;
+    }>;
+    grantProfessionalAccess(_params: {
+        subjectDid?: string;
+        /**
+         * Compatibility/extension field.
+         *
+         * CORE canonical consent examples identify the subject with `subjectDid`.
+         * Phone-based consent targeting belongs to extension layers, not the base
+         * CORE GW contract.
+         */
+        subjectPhone?: string;
+        /**
+         * Compatibility/extension display hint.
+         *
+         * Keep this only for UX layers that still surface phone/notification flows.
+         * CORE canonical examples do not require it.
+         */
+        subjectGivenName?: string;
+        /**
+         * Canonical flat consent actor identifier input.
+         *
+         * Preferred forms:
+         * - `did:web:...`
+         * - `user@example.org`
+         * - `tel:+34600111222`
+         * - `ES`
+         * - comma-separated list or string array of those values
+         *
+         * A legacy structured object is still accepted for compatibility.
+         */
+        actorId?: string | string[] | {
+            didWeb?: string;
+            organizationUrl?: string;
+            organizationTaxId?: string;
+            email?: string;
+            phone?: string;
+        };
+        /**
+         * @deprecated Use `actorId`.
+         */
+        actor?: string | string[] | {
+            didWeb?: string;
+            organizationUrl?: string;
+            organizationTaxId?: string;
+            email?: string;
+            phone?: string;
+        };
+        actorRole: string;
+        purpose: string;
+        actions: string[];
+        providerDid: string;
+        requiredScope: string;
+        idToken: string;
+        consentIdentifier?: string;
+        consentDate?: string;
+        decision?: 'permit' | 'deny';
+        attachmentContentType?: string;
+        attachmentBase64?: string;
+    }): Promise<{
+        thid: string;
+        subjectIdentifier: string;
+        actorIdentifier: string;
+        consentClaims: Record<string, unknown>;
+        claimsCid?: string;
+    }>;
+    generateDigitalTwinFromSubjectData(_compositionPayload: object, _providerDid: string, _requiredScope: string, _idToken: string, _format?: 'org.hl7.fhir.r4' | 'org.hl7.fhir.api'): Promise<{
+        thid: string;
+    }>;
+    /**
+     * Sends a lightweight communication request description.
+     *
+     * Canonical example input lives in:
+     * `gdc-common-utils-ts/examples`
+     */
+    sendCommunication(_communication: {
+        thid?: string;
+        pthid?: string;
+        channelId?: string;
+        partOf?: string;
+        subject: string;
+        text?: string;
+        sender?: string;
+        recipient?: string | string[];
+        sent?: string;
+        category?: string | string[];
+        attachments?: Array<{
+            contentType?: string;
+            title?: string;
+            dataBase64?: string;
+            url?: string;
+        }>;
+        claims?: Record<string, unknown>;
+    }, _providerDid: string, _requiredScope: string, _idToken: string, _format?: 'org.hl7.fhir.r4' | 'org.hl7.fhir.api'): Promise<{
+        thid: string;
+    }>;
+    /**
+     * Builds a lightweight clinical bundle search request description.
+     *
+     * Canonical example input lives in:
+     * `gdc-common-utils-ts/examples`
+     */
+    searchClinicalBundle(_query: {
+        subject: string;
+        section?: string | string[];
+        includedTypes?: string[];
+        date?: {
+            start?: string;
+            end?: string;
+        };
+        code?: string | string[];
+        category?: string | string[];
+        author?: string | string[];
+        thid?: string;
+        pthid?: string;
+        channelId?: string;
+        partOf?: string;
+        searchParams?: Record<string, string | number | boolean | undefined>;
+    }, _providerDid: string, _requiredScope: string, _idToken: string): Promise<{
+        thid: string;
+    }>;
+    getLatestIps(_subject: string, _providerDid: string, _requiredScope: string, _idToken: string, _date?: {
+        start?: string;
+        end?: string;
+    }): Promise<{
+        thid: string;
+    }>;
+}
+export declare class PhysicianService {
+}
+export declare class ParamedicService {
+}

package/dist/services.js

@@ -0,0 +1,78 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+function requireNonEmptyText(value, fieldName) {
+    const normalized = String(value ?? '').trim();
+    if (!normalized) {
+        throw new Error(`${fieldName} is required.`);
+    }
+    return normalized;
+}
+export class CommonAuthService {
+    async activateDevice(_licenseCode, _providerDid, _idToken) {
+        return { thid: `thid-${Date.now()}` };
+    }
+}
+export class OrgAdminService {
+    async createOrganizationEmployee(_providerDid, _idToken, _params) {
+        return { thid: `thid-${Date.now()}` };
+    }
+}
+export class FamilyAdminService {
+    async bootstrapSubjectOrganizationIndex(_params) {
+        return { registrationThid: `thid-${Date.now()}` };
+    }
+}
+export class IndividualService {
+    /**
+     * Imports a document/FHIR payload for subject indexing.
+     *
+     * Canonical example input lives in:
+     * `gdc-common-utils-ts/examples`
+     */
+    async importIpsOrFhirAndUpdateIndex(_compositionPayload, _providerDid, _requiredScope, _idToken, _format) {
+        return { thid: `thid-${Date.now()}` };
+    }
+    async grantProfessionalAccess(_params) {
+        return {
+            thid: `thid-${Date.now()}`,
+            subjectIdentifier: '',
+            actorIdentifier: '',
+            consentClaims: {},
+        };
+    }
+    async generateDigitalTwinFromSubjectData(_compositionPayload, _providerDid, _requiredScope, _idToken, _format) {
+        return { thid: `thid-${Date.now()}` };
+    }
+    /**
+     * Sends a lightweight communication request description.
+     *
+     * Canonical example input lives in:
+     * `gdc-common-utils-ts/examples`
+     */
+    async sendCommunication(_communication, _providerDid, _requiredScope, _idToken, _format) {
+        requireNonEmptyText(_communication?.subject, 'sendCommunication subject');
+        requireNonEmptyText(_providerDid, 'sendCommunication providerDid');
+        requireNonEmptyText(_requiredScope, 'sendCommunication requiredScope');
+        requireNonEmptyText(_idToken, 'sendCommunication idToken');
+        return { thid: `thid-${Date.now()}` };
+    }
+    /**
+     * Builds a lightweight clinical bundle search request description.
+     *
+     * Canonical example input lives in:
+     * `gdc-common-utils-ts/examples`
+     */
+    async searchClinicalBundle(_query, _providerDid, _requiredScope, _idToken) {
+        requireNonEmptyText(_query?.subject, 'searchClinicalBundle subject');
+        requireNonEmptyText(_providerDid, 'searchClinicalBundle providerDid');
+        requireNonEmptyText(_requiredScope, 'searchClinicalBundle requiredScope');
+        requireNonEmptyText(_idToken, 'searchClinicalBundle idToken');
+        return { thid: `thid-${Date.now()}` };
+    }
+    async getLatestIps(_subject, _providerDid, _requiredScope, _idToken, _date) {
+        return { thid: `thid-${Date.now()}` };
+    }
+}
+export class PhysicianService {
+}
+export class ParamedicService {
+}

package/dist/session-descriptor.d.ts

@@ -0,0 +1,11 @@
+import type { ActorFlags, ActorFacadeDescriptor, ActorSessionDescriptor } from '../../gdc-sdk-core-ts/dist/index.js';
+export type FrontActorFlags = ActorFlags;
+export type FrontSessionDescriptorInput = {
+    appType: 'Organization' | 'Family';
+    profileId: string;
+    profileDid?: string;
+    role?: string;
+    actorFlags: FrontActorFlags;
+};
+export declare function describeFrontActorSession(input: FrontSessionDescriptorInput): ActorSessionDescriptor;
+export declare function describeFrontActorFacades(input: FrontSessionDescriptorInput): ActorFacadeDescriptor[];

package/dist/session-descriptor.js

@@ -0,0 +1,8 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+import { buildActorSessionDescriptorFromActorFlags, expandActorSessionDescriptorToFacades, } from '../../gdc-sdk-core-ts/dist/index.js';
+export function describeFrontActorSession(input) {
+    return buildActorSessionDescriptorFromActorFlags(input);
+}
+export function describeFrontActorFacades(input) {
+    return expandActorSessionDescriptorToFacades(describeFrontActorSession(input));
+}

package/dist/types.d.ts

@@ -0,0 +1,11 @@
+import type { IApiConfig, INetwork, BundleSearchQuery, CommunicationInput, DateRange } from '../../gdc-sdk-core-ts/dist/index.js';
+export type { AppInfo, InitializeSessionParams, Profile, ProfileRegistryEntry, VaultQueryCondition, VaultQuery, IVaultRepository, IApiConfig, INetwork, IVerifier } from '../../gdc-sdk-core-ts/dist/index.js';
+export type SdkConfig = {
+    crypto?: unknown;
+    network: INetwork;
+    api: IApiConfig;
+    fetcher: typeof fetch;
+};
+export type FrontDateRange = DateRange;
+export type FrontBundleSearchQuery = BundleSearchQuery;
+export type FrontCommunicationInput = CommunicationInput;

package/dist/types.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -0,0 +1,26 @@
+{
+  "name": "gdc-sdk-front-ts",
+  "version": "0.1.1",
+  "description": "Next-generation frontend runtime package for the GDC SDK family",
+  "license": "Apache-2.0",
+  "author": "Antifraud Services Inc.",
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "type-check": "tsc -p tsconfig.json --noEmit",
+    "test": "npm run build && node --test tests/*.test.mjs"
+  },
+  "dependencies": {
+    "@babel/runtime": "^7.28.4",
+    "gdc-common-utils-ts": "^1.4.22"
+  },
+  "devDependencies": {
+    "@types/node": "^20.14.10",
+    "typescript": "^5.5.4"
+  }
+}