gdc-sdk-front-ts 0.6.5 → 0.6.7

package/README.md

@@ -14,22 +14,35 @@ Use this package when your frontend needs to:
 This package is frontend-facing. It should explain app flows, not gateway route
 details.
 
+Architectural rule:
+
+- `gdc-sdk-front-ts` should converge on the same actor-scoped facade boundaries
+  as `gdc-sdk-node-ts`
+- transport and adapter details may differ
+- business ownership must not differ by runtime
+
 ## Start Here
 
 If you are integrating this package for the first time, open these in order:
 
-1. [docs/SDK_INTEGRATION_101.md](./docs/SDK_INTEGRATION_101.md)
-   Real frontend/native setup, imports, `new ClientSDK(...)`,
-   `initializeCommunicationIdentity(...)`, provider discovery, and
+1. [gdc-sdk-core-ts/docs/101-SDK_PACKAGE_BOUNDARIES.md](https://github.com/Global-DataCare/gdc-sdk-core-ts/blob/main/docs/101-SDK_PACKAGE_BOUNDARIES.md)
+   Why `core`, `node`, and `front` are separate packages, what each one owns,
+   and why frontend facades should mirror backend actor boundaries.
+1. [docs/101-SDK_INTEGRATION.md](./docs/101-SDK_INTEGRATION.md)
+  Real frontend/native setup, imports, `new ClientSDK(...)`,
+  `initializeCommunicationIdentity(...)`, provider discovery, and
    `initializeSession(...)`.
 2. [docs/DATASPACE_DISCOVERY_FRONTEND_TODO.md](./docs/DATASPACE_DISCOVERY_FRONTEND_TODO.md)
    Frontend discovery guide for BFF-first provider/operator discovery, UI card
    mapping, and copy/paste backend DTO consumption.
-3. [gdc-sdk-core-ts/docs/SDK_FLOWS_101.md](https://github.com/Global-DataCare/gdc-sdk-core-ts/blob/main/docs/SDK_FLOWS_101.md)
+3. [gdc-sdk-core-ts/docs/101-SDK_FLOWS.md](https://github.com/Global-DataCare/gdc-sdk-core-ts/blob/main/docs/101-SDK_FLOWS.md)
    Shared business-flow map by actor family.
-4. [gdc-common-utils-ts/src/examples/frontend-session.ts](https://github.com/Global-DataCare/gdc-common-utils-ts/blob/main/src/examples/frontend-session.ts)
+4. [gdc-sdk-node-ts/docs/101-LIVE_GW_LOCAL.md](https://github.com/Global-DataCare/gdc-sdk-node-ts/blob/main/docs/101-LIVE_GW_LOCAL.md)
+   Canonical local/TTY/Docker GW reference when the frontend team also needs a
+   real local GW running for end-to-end checks.
+5. [gdc-common-utils-ts/src/examples/frontend-session.ts](https://github.com/Global-DataCare/gdc-common-utils-ts/blob/main/src/examples/frontend-session.ts)
    Shared profile/session payload source of truth.
-5. [gdc-common-utils-ts/docs/LIFECYCLE_101.md](https://github.com/Global-DataCare/gdc-common-utils-ts/blob/main/docs/LIFECYCLE_101.md)
+6. [gdc-common-utils-ts/docs/101-LIFECYCLE.md](https://github.com/Global-DataCare/gdc-common-utils-ts/blob/main/docs/101-LIFECYCLE.md)
    Canonical lifecycle semantics and reusable placeholders for UI and portal flows.
 
 If you need the shortest path:
@@ -37,12 +50,267 @@ If you need the shortest path:
 - app identity required by GW CORE:
   `appId` mandatory, `appVersion` optional with default `v1.0`
 - frontend technical identity:
-  [`initializeCommunicationIdentity(...)`](./docs/SDK_INTEGRATION_101.md)
+  [`initializeCommunicationIdentity(...)`](./docs/101-SDK_INTEGRATION.md)
   for the technical device/channel profile identity, not the legal organization id
 - main runtime class:
   [`ClientSDK`](src/ClientSDK.ts)
 - profile/session bootstrap:
-  [`initializeSession(...)`](./docs/SDK_INTEGRATION_101.md)
+  [`initializeSession(...)`](./docs/101-SDK_INTEGRATION.md)
+
+## Frontend Runtime Modes
+
+There are two frontend integration modes. New developers should choose the
+mode first, before choosing classes or helpers.
+
+### 1. Portal web / non confidential app
+
+Use this mode when:
+
+- the frontend is a Vite/web portal
+- the portal backend holds controller/professional keys in AWS KMS
+- the frontend does not send DIDComm directly to GW CORE
+
+Recommended entry point:
+
+- start from the shared editors/builders in `gdc-sdk-core-ts`
+- send the resulting payload or bundle to the portal backend
+- let the backend handle KMS, DIDComm, submit, and poll
+
+Main references:
+
+- [gdc-sdk-core-ts/docs/101-EMPLOYEES.md](https://github.com/Global-DataCare/gdc-sdk-core-ts/blob/main/docs/101-EMPLOYEES.md)
+- [gdc-sdk-core-ts/docs/101-CONSENT_COMMUNICATION.md](https://github.com/Global-DataCare/gdc-sdk-core-ts/blob/main/docs/101-CONSENT_COMMUNICATION.md)
+- [gdc-common-utils-ts/docs/101-CONSENT_ACCESS.md](https://github.com/Global-DataCare/gdc-common-utils-ts/blob/main/docs/101-CONSENT_ACCESS.md)
+- [gdc-sdk-core-ts/tests/101-employees.test.mjs](https://github.com/Global-DataCare/gdc-sdk-core-ts/blob/main/tests/101-employees.test.mjs)
+- [gdc-common-utils-ts/__tests__/101-consent-bundle-editor.test.ts](https://github.com/Global-DataCare/gdc-common-utils-ts/blob/main/__tests__/101-consent-bundle-editor.test.ts)
+
+Use:
+
+- `EmployeeBundleSession` for employee create/search payloads
+- `CommunicationAttachedBundleSession` for `Communication`-carried bundles
+- `createConsentAccessEditor(...)` for consent editing inside a communication bundle
+
+Controller-only employee flow in a portal web app:
+
+Use this example only when the current frontend screen belongs to the
+organization-controller/admin side.
+
+Do not reuse this employee example for:
+
+- professional screens
+- individual/family screens
+- generic end-user screens
+
+Those actor families should start from their own business flow:
+
+- professionals
+  - consent-aware access
+  - SMART token
+  - communication/index flows
+- individuals / family
+  - consent editing
+  - related-person flows
+  - IPS/FHIR import or read flows
+
+### Create
+
+Use `EmployeeBundleSession` to prepare one employee create bundle. The browser
+does not send it directly to GW CORE.
+The portal backend wraps it into its own request/envelope, then applies KMS,
+DIDComm, submit, and poll.
+
+```ts
+import { EmployeeBundleSession } from 'gdc-sdk-core-ts';
+import {
+  EXAMPLE_EMPLOYEE_DOCTOR_ACTIVE,
+  EXAMPLE_PROVIDER_ORGANIZATION_DID,
+} from 'gdc-common-utils-ts/examples';
+import { ClaimsPersonSchemaorg } from 'gdc-common-utils-ts/constants/schemaorg';
+
+// This editor lives only in frontend memory.
+// It helps the UI build the canonical employee payload before sending it to
+// the portal backend.
+const bundleEditor = new EmployeeBundleSession()
+  .setIdentifier(EXAMPLE_EMPLOYEE_DOCTOR_ACTIVE.identifier)
+  .setEmail(EXAMPLE_EMPLOYEE_DOCTOR_ACTIVE.email)
+  .setRole(EXAMPLE_EMPLOYEE_DOCTOR_ACTIVE.role)
+  .addClaim(ClaimsPersonSchemaorg.memberOf, EXAMPLE_PROVIDER_ORGANIZATION_DID);
+
+// `employeeCreateBatchBundle` is the canonical one-entry employee `_batch` bundle.
+// Your Vite frontend normally sends this bundle to its own backend, not
+// directly to GW CORE.
+const employeeCreateBatchBundle = bundleEditor.toBundleBatch({
+  method: 'POST',
+  resourceId: EXAMPLE_EMPLOYEE_DOCTOR_ACTIVE.identifier,
+});
+console.log(employeeCreateBatchBundle);
+```
+
+### Search
+
+Search is a different operation and should be built separately.
+
+`email + role` is the recommended exact operational lookup.
+
+```ts
+import { EmployeeBundleSession } from 'gdc-sdk-core-ts';
+import { EXAMPLE_EMPLOYEE_DOCTOR_ACTIVE } from 'gdc-common-utils-ts/examples';
+
+const employeeSearchBundle = new EmployeeBundleSession()
+  .setEmail(EXAMPLE_EMPLOYEE_DOCTOR_ACTIVE.email)
+  .setRole(EXAMPLE_EMPLOYEE_DOCTOR_ACTIVE.role)
+  .toBundleSearch();
+
+console.log(employeeSearchBundle);
+```
+
+Other valid search shapes:
+
+- by `email` only: all active profiles for that mailbox
+- by `role` only: all active employees for that role
+- with no filters: all employees
+- by `identifier`: one exact technical or historical profile
+
+### Disable
+
+Disable is a lifecycle operation. Today the shared employee editor still
+produces the canonical `_batch` bundle with inner `request.method = DELETE`.
+
+```ts
+import { EmployeeBundleSession } from 'gdc-sdk-core-ts';
+import { EXAMPLE_EMPLOYEE_DOCTOR_ACTIVE } from 'gdc-common-utils-ts/examples';
+
+const employeeDisableBatchBundle = new EmployeeBundleSession()
+  .setIdentifier(EXAMPLE_EMPLOYEE_DOCTOR_ACTIVE.identifier)
+  .toBundleBatch({
+    method: 'DELETE',
+    resourceId: EXAMPLE_EMPLOYEE_DOCTOR_ACTIVE.identifier,
+  });
+
+console.log(employeeDisableBatchBundle);
+```
+
+Current GW CORE contract vs preferred target:
+
+- current live contract
+  - disable = `_batch` + inner `request.method = DELETE`
+  - purge = `POST .../Employee/_purge`
+- preferred target contract
+  - disable/enable = semantic state change via `PATCH`
+  - purge = final removal operation kept separate from state changes
+
+Conceptual `PATCH` example for state change:
+
+```ts
+const employeeDisablePatchBatchBundle = new EmployeeBundleSession()
+  .setIdentifier(EXAMPLE_EMPLOYEE_DOCTOR_ACTIVE.identifier)
+  .toBundleBatch({
+    method: 'PATCH',
+    resourceId: EXAMPLE_EMPLOYEE_DOCTOR_ACTIVE.identifier,
+  });
+```
+
+Business meaning:
+
+- `PATCH` should mean state transition such as enable/disable
+- `DELETE` should be reserved for final removal semantics such as purge
+- future operations like merge/split/destroy should be modeled first as named
+  business operations, then mapped to transport
+
+### Purge
+
+Purge is not the same contract as create/disable. The portal backend or runtime
+calls the explicit `Employee/_purge` flow and normally identifies the employee
+with `identifier`.
+
+```ts
+import { EmployeeBundleSession } from 'gdc-sdk-core-ts';
+import { EXAMPLE_EMPLOYEE_DOCTOR_ACTIVE } from 'gdc-common-utils-ts/examples';
+
+const employeePurgeSelector = new EmployeeBundleSession()
+  .setIdentifier(EXAMPLE_EMPLOYEE_DOCTOR_ACTIVE.identifier)
+  .toClaims();
+
+console.log(employeePurgeSelector);
+```
+
+Primary references for those employee flows:
+
+- [gdc-sdk-core-ts/docs/101-EMPLOYEES.md](https://github.com/Global-DataCare/gdc-sdk-core-ts/blob/main/docs/101-EMPLOYEES.md)
+- [gdc-sdk-core-ts/tests/101-employees.test.mjs](https://github.com/Global-DataCare/gdc-sdk-core-ts/blob/main/tests/101-employees.test.mjs)
+
+Non-controller frontend references:
+
+- professional / individual flow map:
+  - [gdc-sdk-core-ts/docs/101-SDK_FLOWS.md](https://github.com/Global-DataCare/gdc-sdk-core-ts/blob/main/docs/101-SDK_FLOWS.md)
+- consent editing:
+  - [gdc-common-utils-ts/docs/101-CONSENT_ACCESS.md](https://github.com/Global-DataCare/gdc-common-utils-ts/blob/main/docs/101-CONSENT_ACCESS.md)
+- consent + communication handoff:
+  - [gdc-sdk-core-ts/docs/101-CONSENT_COMMUNICATION.md](https://github.com/Global-DataCare/gdc-sdk-core-ts/blob/main/docs/101-CONSENT_COMMUNICATION.md)
+
+### 2. Confidential app / direct client runtime
+
+Use this mode when:
+
+- the app stores transport keys locally
+- the app can talk directly to GW CORE
+- there is no portal backend doing KMS and DIDComm on behalf of the app
+
+Recommended entry point:
+
+- start from `ClientSDK`
+- initialize runtime/session state
+- use the same shared editors/builders from `sdk-core` when a flow needs them
+
+Main references:
+
+- [docs/101-SDK_INTEGRATION.md](./docs/101-SDK_INTEGRATION.md)
+- [gdc-sdk-node-ts/docs/101-LIVE_GW_LOCAL.md](https://github.com/Global-DataCare/gdc-sdk-node-ts/blob/main/docs/101-LIVE_GW_LOCAL.md)
+
+Decision rule:
+
+- no local key custody: start from `sdk-core` editors and send to your backend
+- local key custody: start from `ClientSDK` runtime/session and use `sdk-core` editors as shared modeling helpers
+
+Minimal confidential-app example:
+
+```ts
+import { ClientSDK } from 'gdc-sdk-front-ts';
+import { EmployeeBundleSession } from 'gdc-sdk-core-ts';
+import {
+  EXAMPLE_EMPLOYEE_DOCTOR_ACTIVE,
+  EXAMPLE_PROFILE_SESSION_INPUT,
+} from 'gdc-common-utils-ts/examples';
+
+const appId = frontendAppConfig.appId;
+const client = new ClientSDK({ appId });
+
+// `initializeSession(...)` creates the authenticated frontend runtime session.
+// In a confidential app this session owns the actor-facing runtime surface and
+// can later expose organization-controller/professional capabilities.
+const session = await client.initializeSession(EXAMPLE_PROFILE_SESSION_INPUT);
+
+// The shared editor from sdk-core is still used to model the employee bundle.
+const employeeSearchBundle = new EmployeeBundleSession()
+  .setEmail(EXAMPLE_EMPLOYEE_DOCTOR_ACTIVE.email)
+  .setRole(EXAMPLE_EMPLOYEE_DOCTOR_ACTIVE.role)
+  .toBundleSearch();
+
+console.log(session, employeeSearchBundle);
+```
+
+Runtime note:
+
+- a confidential app still must choose the correct actor surface before using
+  an employee flow
+- employee management belongs only to the organization-controller/admin side
+- professional or individual apps should start from their own actor flow, not
+  from the employee examples above
+
+Primary references for that flow:
+
+- [docs/101-SDK_INTEGRATION.md](./docs/101-SDK_INTEGRATION.md)
+- [gdc-sdk-node-ts/docs/101-LIVE_GW_LOCAL.md](https://github.com/Global-DataCare/gdc-sdk-node-ts/blob/main/docs/101-LIVE_GW_LOCAL.md)
 
 ## Executable Usage Examples
 
@@ -289,7 +557,7 @@ const communication = buildPermissionRequestCommunication({
 ## Shared Contract Sources
 
 - [gdc-sdk-core-ts/README.md](https://github.com/Global-DataCare/gdc-sdk-core-ts/blob/main/README.md)
-- [gdc-common-utils-ts/docs/CONSENT_ACCESS_101.md](https://github.com/Global-DataCare/gdc-common-utils-ts/blob/main/docs/CONSENT_ACCESS_101.md)
+- [gdc-common-utils-ts/docs/101-CONSENT_ACCESS.md](https://github.com/Global-DataCare/gdc-common-utils-ts/blob/main/docs/101-CONSENT_ACCESS.md)
 
 Reusable payload examples:
 

package/dist/ProfileManager.d.ts

@@ -1,11 +1,25 @@
 import type { DeviceAppType, DeviceUserClass } from 'gdc-common-utils-ts/constants';
 import type { Profile } from './types.js';
 import type { CommonServices, FamilyAdminServices, IndividualServices, OrgAdminServices, ProfessionalServices } from './roleRegistry.js';
+import { HostOnboardingSdk } from './orchestration/host-onboarding-sdk.js';
+import { IndividualControllerSdk } from './orchestration/individual-controller-sdk.js';
+import { IndividualMemberSdk } from './orchestration/individual-member-sdk.js';
+import { OrganizationControllerSdk } from './orchestration/organization-controller-sdk.js';
+import { OrganizationEmployeeSdk } from './orchestration/organization-employee-sdk.js';
+import { PersonalSdk } from './orchestration/personal-sdk.js';
+import { ProfessionalSdk } from './orchestration/professional-sdk.js';
 /**
  * Role-scoped session object returned by `ClientSDK.initializeSession(...)`.
  *
  * It exposes the common/auth surface plus the services allowed by the current
  * profile capabilities.
+ *
+ * Architectural note:
+ * `ProfileManager` remains the frontend session/composition entry point, but it
+ * also materializes actor-scoped facades that mirror `gdc-sdk-node-ts`.
+ *
+ * The goal is to preserve the legacy/frontend-friendly session API while
+ * keeping the same actor boundaries as the backend runtime.
  */
 export declare class ProfileManager {
     readonly profile: Profile;
@@ -17,6 +31,7 @@ export declare class ProfileManager {
     readonly familyAdmin?: FamilyAdminServices;
     readonly individual?: IndividualServices;
     readonly professional?: ProfessionalServices;
+    private readonly runtimeClient;
     /**
      * @param profile Current logical profile.
      * @param orgDid DID of the provider/organization used as the session anchor.
@@ -131,6 +146,13 @@ export declare class ProfileManager {
     }): Promise<{
         thid: string;
     }>;
+    asHostOnboarding(): HostOnboardingSdk;
+    asOrganizationController(): OrganizationControllerSdk;
+    asOrganizationEmployee(): OrganizationEmployeeSdk;
+    asIndividualController(): IndividualControllerSdk;
+    asIndividualMember(): IndividualMemberSdk;
+    asPersonal(): PersonalSdk;
+    asProfessional(): ProfessionalSdk;
 }
 /**
  * Preferred neutral frontend actor-session surface.

package/dist/ProfileManager.js

@@ -1,11 +1,26 @@
 // Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
 import { CommonAuthService } from './services.js';
 import { mapCapabilitiesToServices } from './capabilityMapper.js';
+import { HostOnboardingSdk, } from './orchestration/host-onboarding-sdk.js';
+import { IndividualControllerSdk } from './orchestration/individual-controller-sdk.js';
+import { IndividualMemberSdk } from './orchestration/individual-member-sdk.js';
+import { OrganizationControllerSdk } from './orchestration/organization-controller-sdk.js';
+import { OrganizationEmployeeSdk } from './orchestration/organization-employee-sdk.js';
+import { PersonalSdk } from './orchestration/personal-sdk.js';
+import { ProfessionalSdk } from './orchestration/professional-sdk.js';
+import { createSyntheticSubmitAndPollResult } from './orchestration/client-port.js';
 /**
  * Role-scoped session object returned by `ClientSDK.initializeSession(...)`.
  *
  * It exposes the common/auth surface plus the services allowed by the current
  * profile capabilities.
+ *
+ * Architectural note:
+ * `ProfileManager` remains the frontend session/composition entry point, but it
+ * also materializes actor-scoped facades that mirror `gdc-sdk-node-ts`.
+ *
+ * The goal is to preserve the legacy/frontend-friendly session API while
+ * keeping the same actor boundaries as the backend runtime.
  */
 export class ProfileManager {
     /**
@@ -21,6 +36,111 @@ export class ProfileManager {
         this.familyAdmin = mapped.familyAdmin;
         this.individual = mapped.individual;
         this.professional = mapped.professional;
+        this.runtimeClient = {
+            activateOrganizationInGatewayFromIcaProof: (input) => {
+                if (!this.orgAdmin?.admin)
+                    throw new Error('orgAdmin.admin service is not available for this profile.');
+                return this.orgAdmin.admin.activateOrganizationInGatewayFromIcaProof(input);
+            },
+            confirmLegalOrganizationOrder: (input) => {
+                if (!this.orgAdmin?.admin)
+                    throw new Error('orgAdmin.admin service is not available for this profile.');
+                return this.orgAdmin.admin.confirmLegalOrganizationOrder(input);
+            },
+            createOrganizationEmployee: (ctx, input) => {
+                if (!this.orgAdmin?.admin)
+                    throw new Error('orgAdmin.admin service is not available for this profile.');
+                return this.orgAdmin.admin.createOrganizationEmployee(ctx.providerDid, ctx.idToken, input)
+                    .then((result) => createSyntheticSubmitAndPollResult(result.thid));
+            },
+            disableEmployee: (ctx, input) => {
+                if (!this.orgAdmin?.admin)
+                    throw new Error('orgAdmin.admin service is not available for this profile.');
+                return this.orgAdmin.admin.disableEmployee(ctx.providerDid, ctx.idToken, input);
+            },
+            purgeEmployee: (ctx, input) => {
+                if (!this.orgAdmin?.admin)
+                    throw new Error('orgAdmin.admin service is not available for this profile.');
+                return this.orgAdmin.admin.purgeEmployee(ctx.providerDid, ctx.idToken, input);
+            },
+            activateEmployeeDeviceWithActivationRequest: (ctx, input) => this.common.auth.activateEmployeeDeviceWithActivationRequest(input.activationCode, ctx.providerDid, ctx.idToken, input.dcrPayload),
+            requestSmartToken: (input) => this.common.auth.requestSmartToken(input),
+            startIndividualOrganization: (ctx, input) => {
+                if (!this.familyAdmin?.admin)
+                    throw new Error('familyAdmin.admin service is not available for this profile.');
+                return this.familyAdmin.admin.startIndividualOrganization(ctx.providerDid, ctx.idToken, input);
+            },
+            confirmIndividualOrganizationOrder: (ctx, input) => {
+                if (!this.familyAdmin?.admin)
+                    throw new Error('familyAdmin.admin service is not available for this profile.');
+                return this.familyAdmin.admin.confirmIndividualOrganizationOrder(ctx.providerDid, ctx.idToken, input);
+            },
+            disableIndividual: (ctx, input) => {
+                if (!this.familyAdmin?.admin)
+                    throw new Error('familyAdmin.admin service is not available for this profile.');
+                return this.familyAdmin.admin.disableIndividual(ctx.providerDid, ctx.idToken, input);
+            },
+            purgeIndividual: (ctx, input) => {
+                if (!this.familyAdmin?.admin)
+                    throw new Error('familyAdmin.admin service is not available for this profile.');
+                return this.familyAdmin.admin.purgeIndividual(ctx.providerDid, ctx.idToken, input);
+            },
+            disableIndividualMember: (ctx, input) => {
+                if (!this.familyAdmin?.admin)
+                    throw new Error('familyAdmin.admin service is not available for this profile.');
+                return this.familyAdmin.admin.disableIndividualMember(ctx.providerDid, ctx.idToken, input);
+            },
+            purgeIndividualMember: (ctx, input) => {
+                if (!this.familyAdmin?.admin)
+                    throw new Error('familyAdmin.admin service is not available for this profile.');
+                return this.familyAdmin.admin.purgeIndividualMember(ctx.providerDid, ctx.idToken, input);
+            },
+            grantProfessionalAccess: (ctx, input) => {
+                if (this.professional?.physician) {
+                    return this.professional.physician.grantProfessionalAccess({ ...input, providerDid: ctx.providerDid, requiredScope: ctx.requiredScope, idToken: ctx.idToken });
+                }
+                if (!this.individual?.service)
+                    throw new Error('individual.service is not available for this profile.');
+                return this.individual.service.grantProfessionalAccess({ ...input, providerDid: ctx.providerDid, requiredScope: ctx.requiredScope || '', idToken: ctx.idToken });
+            },
+            importIpsOrFhirAndUpdateIndex: (ctx, input) => {
+                if (!this.individual?.service)
+                    throw new Error('individual.service is not available for this profile.');
+                return this.individual.service.importIpsOrFhirAndUpdateIndex(input.compositionPayload, ctx.providerDid, ctx.requiredScope || '', ctx.idToken, input.format).then((result) => createSyntheticSubmitAndPollResult(result.thid));
+            },
+            upsertRelatedPersonAndPoll: (ctx, input) => {
+                if (!this.individual?.service)
+                    throw new Error('individual.service is not available for this profile.');
+                return this.individual.service.upsertRelatedPersonAndPoll(input.relatedPersonPayload, ctx.providerDid, ctx.requiredScope || '', ctx.idToken);
+            },
+            ingestCommunicationAndUpdateIndex: (ctx, input) => {
+                if (this.professional?.physician) {
+                    return this.professional.physician.ingestCommunicationAndUpdateIndex(input.communicationPayload, ctx.providerDid, ctx.requiredScope || '', ctx.idToken, input.pathFormatSegment);
+                }
+                if (this.professional?.paramedic) {
+                    return this.professional.paramedic.ingestCommunicationAndUpdateIndex(input.communicationPayload, ctx.providerDid, ctx.requiredScope || '', ctx.idToken, input.pathFormatSegment);
+                }
+                if (!this.individual?.service)
+                    throw new Error('individual.service is not available for this profile.');
+                return this.individual.service.ingestCommunicationAndUpdateIndex(input.communicationPayload, ctx.providerDid, ctx.requiredScope || '', ctx.idToken, input.pathFormatSegment);
+            },
+            generateDigitalTwinFromSubjectData: (ctx, input) => {
+                if (!this.individual?.service)
+                    throw new Error('individual.service is not available for this profile.');
+                return this.individual.service.generateDigitalTwinFromSubjectData(input.compositionPayload, ctx.providerDid, ctx.requiredScope || '', ctx.idToken, input.format).then((result) => createSyntheticSubmitAndPollResult(result.thid));
+            },
+            searchClinicalBundle: (ctx, input) => {
+                if (!this.individual?.service)
+                    throw new Error('individual.service is not available for this profile.');
+                return this.individual.service.searchClinicalBundle(input, ctx.providerDid, ctx.requiredScope || '', ctx.idToken);
+            },
+            getLatestIps: (ctx, subject) => {
+                if (!this.individual?.service)
+                    throw new Error('individual.service is not available for this profile.');
+                return this.individual.service.getLatestIps(subject, ctx.providerDid, ctx.requiredScope || '', ctx.idToken);
+            },
+            submitAndPoll: async (_submitPath, _pollPath, payload) => createSyntheticSubmitAndPollResult(String(payload.thid || `front-${Date.now()}`)),
+        };
     }
     /**
      * Organization-admin helper for employee/professional creation.
@@ -67,6 +187,41 @@ export class ProfileManager {
         }
         return this.individual.service.generateDigitalTwinFromSubjectData(params.compositionPayload, params.providerDid, params.requiredScope, params.idToken, params.format);
     }
+    asHostOnboarding() {
+        if (!this.orgAdmin?.admin)
+            throw new Error('HostOnboardingSdk is not available for this profile.');
+        return new HostOnboardingSdk(this.runtimeClient);
+    }
+    asOrganizationController() {
+        if (!this.orgAdmin?.admin)
+            throw new Error('OrganizationControllerSdk is not available for this profile.');
+        return new OrganizationControllerSdk(this.runtimeClient);
+    }
+    asOrganizationEmployee() {
+        return new OrganizationEmployeeSdk(this.runtimeClient);
+    }
+    asIndividualController() {
+        if (!this.familyAdmin?.admin)
+            throw new Error('IndividualControllerSdk is not available for this profile.');
+        return new IndividualControllerSdk(this.runtimeClient);
+    }
+    asIndividualMember() {
+        if (!this.individual?.service)
+            throw new Error('IndividualMemberSdk is not available for this profile.');
+        return new IndividualMemberSdk(this.runtimeClient);
+    }
+    asPersonal() {
+        if (!this.familyAdmin?.admin && !this.individual?.service) {
+            throw new Error('PersonalSdk is not available for this profile.');
+        }
+        return new PersonalSdk(this.runtimeClient);
+    }
+    asProfessional() {
+        if (!this.professional?.physician && !this.professional?.paramedic && !this.individual?.service) {
+            throw new Error('ProfessionalSdk is not available for this profile.');
+        }
+        return new ProfessionalSdk(this.runtimeClient);
+    }
 }
 /**
  * Preferred neutral frontend actor-session surface.

package/dist/index.d.ts

@@ -12,3 +12,11 @@ export * from './ProfileManager.js';
 export * from './ProfileRegistry.js';
 export * from './ClientSDK.js';
 export * from './discovery/index.js';
+export * from './orchestration/client-port.js';
+export * from './orchestration/host-onboarding-sdk.js';
+export * from './orchestration/organization-controller-sdk.js';
+export * from './orchestration/organization-employee-sdk.js';
+export * from './orchestration/individual-controller-sdk.js';
+export * from './orchestration/individual-member-sdk.js';
+export * from './orchestration/personal-sdk.js';
+export * from './orchestration/professional-sdk.js';

package/dist/index.js

@@ -13,3 +13,11 @@ export * from './ProfileManager.js';
 export * from './ProfileRegistry.js';
 export * from './ClientSDK.js';
 export * from './discovery/index.js';
+export * from './orchestration/client-port.js';
+export * from './orchestration/host-onboarding-sdk.js';
+export * from './orchestration/organization-controller-sdk.js';
+export * from './orchestration/organization-employee-sdk.js';
+export * from './orchestration/individual-controller-sdk.js';
+export * from './orchestration/individual-member-sdk.js';
+export * from './orchestration/personal-sdk.js';
+export * from './orchestration/professional-sdk.js';