gdc-sdk-node-ts 0.1.1

package/README.md

@@ -0,0 +1,166 @@
+# gdc-sdk-node-ts
+
+Target Node runtime package for the converged GDC SDK family.
+
+Key docs:
+
+- [CHANGELOG.md](CHANGELOG.md)
+- [SECURITY.md](SECURITY.md)
+- [TEST_CORE.md](TEST_CORE.md)
+- [SDK_INTEGRATION_101.md](SDK_INTEGRATION_101.md)
+
+Current status:
+
+- package created
+- build/test baseline created
+- migration target from `dataspace-client-sdk-node` completed for live runtime path
+- runtime contract skeleton declared
+- actor-scoped node session bridge implemented
+- first actor-scoped orchestration facades implemented on top of `GdcNodeRuntimeClient`
+- shared async submit/poll helpers implemented for converged Node orchestration
+- live GW E2E migrated here with `gdc-sdk-node-ts` runtime client only, with JSONL debug/HTTP trace artifacts under `test-results/`
+
+Not migrated yet:
+
+- full wallet/runtime adapter parity from legacy package
+- secure E2E script parity in this package
+- full live use-case parity matrix vs legacy suite
+
+Live validation:
+
+- `npm run test:e2e:live-gw`
+- core coverage summary for memory/thesis justification: `TEST_CORE.md`
+- optional:
+  - `BASE_URL=http://127.0.0.1:8000`
+  - `RUN_LIVE_GW_E2E_IPS_INGESTION=1`
+  - `LIVE_GW_NODE_E2E_DEBUG=1`
+- artifacts:
+  - `test-results/live-gw-node-runtime-debug-*.jsonl`
+  - `test-results/live-gw-http-trace-*.jsonl`
+
+Runtime migration note:
+
+- the live E2E in this package no longer imports `dataspace-client-sdk-node`
+- actor-scoped facades now run on the in-package `GdcNodeHttpClient`
+- remaining migration scope is parity hardening, not runtime ownership
+- this package now consumes the published `gdc-common-utils-ts` `^1.4.22` line; the sibling checkout is only needed for source browsing and optional local cross-repo work
+
+Role in the transition:
+
+- `gdc-sdk-core-ts` will own shared actor/capability contracts
+- `gdc-sdk-node-ts` will own Node runtime adapters and backend-facing orchestration
+- `dataspace-client-sdk-node` is now the legacy source repo for migration, not the final name
+
+Reusable payload source of truth:
+
+- [../gdc-common-utils-ts/src/examples/organization-controller.ts](../gdc-common-utils-ts/src/examples/organization-controller.ts)
+  - `_activate`, legal order, employee creation, employee device activation
+- [../gdc-common-utils-ts/src/examples/individual-controller.ts](../gdc-common-utils-ts/src/examples/individual-controller.ts)
+  - individual bootstrap, consent, search, communication ingestion, digital twin
+- [../gdc-common-utils-ts/src/examples/professional.ts](../gdc-common-utils-ts/src/examples/professional.ts)
+  - SMART token and clinical access request examples
+  - reusable professional role/permission scenarios by section and expected FHIR types
+  - reusable consent-vs-smart matrices for actor targeting by email, organization, or jurisdiction
+- [../gdc-common-utils-ts/src/examples/shared.ts](../gdc-common-utils-ts/src/examples/shared.ts)
+  - shared route contexts and helper builders
+- [../gdc-common-utils-ts/src/examples/api-flow-examples.ts](../gdc-common-utils-ts/src/examples/api-flow-examples.ts)
+  - preferred compatibility aggregator when one import surface is needed without using the overloaded term `contract`
+- [tests/fixtures/ica-vp-minimal.json](tests/fixtures/ica-vp-minimal.json)
+  - minimal VP fixture used by live GW onboarding/smart flows
+
+CORE vs extension note:
+
+- shared CORE examples are email-first for individual/controller bootstrap
+- `subjectPhone`, `subjectGivenName`, and phone-first controller onboarding are compatibility or extension concerns, not required CORE GW contract fields
+- route `tenantId` examples use identifier-style values such as `acme-id`, not friendly alternate names
+- individual/family bootstrap uses `org.schema.Organization.owner.*` claims for the human owner/controller
+- legal organization activation uses `Person` representative semantics plus VC `memberOf` / `hasOccupation`
+
+## API Index
+
+The canonical API contract should live in JSDoc on exported code. The README is the linked index.
+
+### Core document helpers re-exported from `gdc-sdk-core-ts`
+
+- [`createCommunicationResource(...)`](../gdc-sdk-core-ts/src/communication-resource-helpers.ts)
+  - Creates a minimal FHIR `Communication` resource.
+  - Main params: `subject`, `sender?`, `recipient?`, `sent?`, `status?`, `category?`, `noteText?`, `claims?`.
+- [`addFhirResourceToCommunication(...)`](../gdc-sdk-core-ts/src/communication-resource-helpers.ts)
+  - Attaches a FHIR resource to `Communication.payload`, optionally wrapped as `DocumentReference`.
+  - Main params: `communication`, `resource`, `noteText?`, `asDocumentReference?`, `attachmentTitle?`, `attachmentContentType?`, `documentDescription?`, `documentDate?`, `documentSubject?`.
+- [`addClaimsResourceToCommunication(...)`](../gdc-sdk-core-ts/src/communication-resource-helpers.ts)
+  - Attaches a claims-only pseudo-resource using `meta.claims`.
+  - Main params: `communication`, `resourceType`, `claims`, `options?`.
+- [`buildCommunicationBatchMessage(...)`](../gdc-sdk-core-ts/src/communication-resource-helpers.ts)
+  - Wraps a FHIR `Communication` into a GW-ready batch envelope.
+  - Main params: `communication`, `thid?`, `jti?`, `iss?`, `aud?`, `requestUrl?`, `entryType?`, `messageType?`, `fhirVersion?`.
+- [`createCommunicationFacade()`](../gdc-sdk-core-ts/src/communication-document-facade.ts)
+  - Creates the high-level document access facade.
+- [`getDocumentFromCommunication(...)`](../gdc-sdk-core-ts/src/communication-document-facade.ts)
+  - Resolves the first attached document and hides direct attachment vs `DocumentReference`.
+- [`createFhirDocumentFacade(...)`](../gdc-sdk-core-ts/src/communication-document-facade.ts)
+  - Exposes `getBundle()`, `getSections()`, `getResources(resourceType?)`, `getByDates(resourceType, start, end?)`, `getContainingTextOrDisplay(resourceType, text)`.
+- [`createCommunicationDraft(...)`](../gdc-sdk-core-ts/src/communication-draft.ts)
+  - Starts an in-memory communication draft.
+- [`addFhirResourceToDraft(...)`](../gdc-sdk-core-ts/src/communication-draft.ts)
+  - Appends a concrete FHIR resource to the draft.
+- [`addClaimsResourceToDraft(...)`](../gdc-sdk-core-ts/src/communication-draft.ts)
+  - Appends a claims-only pseudo-resource to the draft.
+- [`createOutboxJobFromDraft(...)`](../gdc-sdk-core-ts/src/communication-draft.ts)
+  - Freezes the draft into a transport-oriented outbox job.
+- [`updateOutboxJobStatus(...)`](../gdc-sdk-core-ts/src/communication-draft.ts)
+  - Updates the outbox job status and transport result metadata.
+- [`IOutboxRepository`](../gdc-sdk-core-ts/src/communication-outbox.ts)
+- [`OutboxRepositoryMemory`](../gdc-sdk-core-ts/src/communication-outbox.ts)
+- [`createHeartRateObservation(...)`](../gdc-sdk-core-ts/src/vital-signs.ts)
+- [`createBodyTemperatureObservation(...)`](../gdc-sdk-core-ts/src/vital-signs.ts)
+- [`createBloodPressureObservation(...)`](../gdc-sdk-core-ts/src/vital-signs.ts)
+
+### Node runtime client
+
+- [`NodeHttpClient`](src/node-runtime-client.ts)
+  - Main runtime class for submit/poll orchestration against the GW.
+- [`NodeHttpClient.ingestCommunicationAndUpdateIndex(...)`](src/node-runtime-client.ts)
+  - Sends a `Communication` ingestion request and polls until indexed.
+  - Main params: `ctx`, `input.communicationPayload`, `input.pathFormatSegment?`, `input.autoConvertClaimsToFhirR4?`, `input.pollOptions?`.
+- [`NodeHttpClient.submitCommunicationAndPoll(...)`](src/node-runtime-client.ts)
+  - Alias of `ingestCommunicationAndUpdateIndex(...)`.
+- [`NodeHttpClient.searchClinicalBundle(...)`](src/node-runtime-client.ts)
+  - Executes clinical `Bundle/_search`.
+  - Main params: `ctx`, `input.subject`, `input.section?`, `input.date?`, `input.includedTypes?`, `input.code?`, `input.category?`, `input.author?`, `input.pollOptions?`.
+- [`NodeHttpClient.searchLatestIps(...)`](src/node-runtime-client.ts)
+  - Shortcut for latest IPS-oriented document search.
+- [`NodeHttpClient.grantProfessionalAccess(...)`](src/node-runtime-client.ts)
+  - Sends a consent-grant flow for a professional actor.
+- [`NodeHttpClient.requestSmartToken(...)`](src/node-runtime-client.ts)
+  - Requests SMART/OpenID token material through the GW.
+  - Main params: `input.actorDid`, `input.subjectDid`, `input.scopes`, `input.idToken`, optional `input.vpToken`, and optional route compatibility fields when the client was not initialized with a default `ctx`.
+
+### Runtime configuration
+
+- [`NodeRuntimeConfig`](src/runtime-contracts.ts)
+  - Includes `interopMode?`, `persistencePolicy?`, and `outboxRepositoryFactory?` so node runtimes can declare `demo`/`compat`/`strict` mode and choose `memory` vs `server-remote` persistence explicitly.
+- [`initializeCommunicationIdentityFromSeed(...)`](src/identity-bootstrap.ts)
+  - Node SDK wrapper for the shared technical communication identity bootstrap helper from `gdc-common-utils-ts`.
+
+### Low-level orchestration helpers
+
+- [`createOrganizationEmployeeWithDeps(...)`](src/resource-operations.ts)
+  - Creates an employee/person batch payload for CORE GW using canonical `org.schema.Person.*` claims.
+- [`importIpsOrFhirAndUpdateIndexWithDeps(...)`](src/resource-operations.ts)
+- [`upsertRelatedPersonAndPollWithDeps(...)`](src/resource-operations.ts)
+  - Creates or updates a `RelatedPerson` for family/caregiver roles outside employee/controller flows.
+- [`ingestCommunicationAndUpdateIndexWithDeps(...)`](src/resource-operations.ts)
+- [`searchClinicalBundleWithDeps(...)`](src/resource-operations.ts)
+- [`searchLatestIpsWithDeps(...)`](src/resource-operations.ts)
+- [`grantProfessionalAccessWithDeps(...)`](src/resource-operations.ts)
+  - Builds a consent grant where actor targeting should normally be passed as canonical `Consent.actor-identifier` input: a `did:web`, email, `tel:+...`, country code, or comma-separated list of those values.
+
+These functions are runtime-oriented building blocks. For application-level document handling, prefer the re-exported communication/document helpers from `gdc-sdk-core-ts`.
+
+### Documentation rule
+
+- JSDoc on exported code is canonical.
+- README entries should link to source and summarize the most important parameters.
+- If you add a public method/function, document it in JSDoc first and then add it here.
+- If a public payload shape is used in tests or docs, keep its reusable example in the relevant module under [`../gdc-common-utils-ts/src/examples/`](../gdc-common-utils-ts/src/examples/) and link that specific flow file from the relevant markdown section.

package/dist/async-polling.d.ts

@@ -0,0 +1,7 @@
+import type { AsyncPollRequest, PollOptions, PollResult } from './orchestration/client-port.js';
+export type AcceptedPollResponse = {
+    status: number;
+    body: unknown;
+    retryAfterMs?: number;
+};
+export declare function pollUntilCompleteWithMethod(pollOnce: (path: string, request: AsyncPollRequest) => Promise<AcceptedPollResponse>, path: string, request: AsyncPollRequest, options?: PollOptions): Promise<PollResult>;

package/dist/async-polling.js

@@ -0,0 +1,26 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+export async function pollUntilCompleteWithMethod(pollOnce, path, request, options) {
+    const timeoutMs = options?.timeoutMs ?? 60000;
+    const intervalMs = options?.intervalMs ?? 2000;
+    const startedAt = Date.now();
+    let attempts = 0;
+    while (true) {
+        attempts += 1;
+        const result = await pollOnce(path, request);
+        if (result.status !== 202) {
+            return {
+                status: result.status,
+                body: result.body,
+                attempts,
+            };
+        }
+        if (Date.now() - startedAt > timeoutMs) {
+            throw new Error(`Polling timeout after ${attempts} attempts (${timeoutMs}ms).`);
+        }
+        const waitMs = options?.intervalMs ?? result.retryAfterMs ?? intervalMs;
+        await sleep(waitMs);
+    }
+}
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, Math.max(0, Math.floor(ms))));
+}

package/dist/device-activation.d.ts

@@ -0,0 +1,44 @@
+import type { PollOptions, SubmitAndPollResult } from './orchestration/client-port.js';
+import type { RouteContext } from './individual-onboarding.js';
+export type EmployeeDeviceActivationInput = {
+    activationCode: string;
+    idToken: string;
+    dcrPayload: Record<string, unknown>;
+    pollOptions?: PollOptions;
+};
+export type EmployeeDeviceActivationRequestInput = {
+    tenantId?: string;
+    jurisdiction?: string;
+    sector?: string;
+    activationCode: string;
+    idToken: string;
+    dcrPayload: Record<string, unknown>;
+    timeoutSeconds?: number;
+    intervalSeconds?: number;
+};
+export type EmployeeDeviceActivationResult = {
+    initialAccessToken: string;
+    exchange: SubmitAndPollResult;
+    dcr: SubmitAndPollResult;
+};
+type ActivateEmployeeDeviceDeps = {
+    routeCtx: RouteContext;
+    input: EmployeeDeviceActivationInput;
+    identityTokenExchangePath: (ctx: RouteContext) => string;
+    identityTokenExchangePollPath: (ctx: RouteContext) => string;
+    identityDeviceDcrPath: (ctx: RouteContext) => string;
+    identityDeviceDcrPollPath: (ctx: RouteContext) => string;
+    submitAndPollWithBearerToken: (bearerToken: string | undefined, submitPath: string, pollPath: string, payload: {
+        thid?: string;
+    } & Record<string, unknown>, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
+};
+type ActivateEmployeeDeviceRequestDeps = {
+    routeCtx: RouteContext;
+    input: EmployeeDeviceActivationRequestInput;
+    defaultTimeoutMs?: number;
+    defaultIntervalMs?: number;
+    activateEmployeeDeviceWithActivationCode: (routeCtx: RouteContext, input: EmployeeDeviceActivationInput) => Promise<EmployeeDeviceActivationResult>;
+};
+export declare function activateEmployeeDeviceWithActivationCodeWithDeps(deps: ActivateEmployeeDeviceDeps): Promise<EmployeeDeviceActivationResult>;
+export declare function activateEmployeeDeviceWithActivationRequestWithDeps(deps: ActivateEmployeeDeviceRequestDeps): Promise<EmployeeDeviceActivationResult>;
+export {};

package/dist/device-activation.js

@@ -0,0 +1,44 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+import { resolvePollOptionsFromSeconds } from './poll-options.js';
+export async function activateEmployeeDeviceWithActivationCodeWithDeps(deps) {
+    const exchangePayload = {
+        thid: `exchange-${createRuntimeUuid()}`,
+        subject_token: deps.input.activationCode,
+    };
+    const exchange = await deps.submitAndPollWithBearerToken(deps.input.idToken, deps.identityTokenExchangePath(deps.routeCtx), deps.identityTokenExchangePollPath(deps.routeCtx), exchangePayload, deps.input.pollOptions);
+    const pollBody = exchange.poll.body || {};
+    const exchangeBody = (pollBody.body || pollBody);
+    const initialAccessToken = String(exchangeBody.initial_access_token || exchangeBody.access_token || '').trim();
+    if (!initialAccessToken) {
+        throw new Error('activateEmployeeDeviceWithActivationCode: missing initial_access_token in exchange response.');
+    }
+    const dcrPayload = {
+        thid: `dcr-${createRuntimeUuid()}`,
+        ...deps.input.dcrPayload,
+    };
+    const dcr = await deps.submitAndPollWithBearerToken(initialAccessToken, deps.identityDeviceDcrPath(deps.routeCtx), deps.identityDeviceDcrPollPath(deps.routeCtx), dcrPayload, deps.input.pollOptions);
+    return {
+        initialAccessToken,
+        exchange,
+        dcr,
+    };
+}
+export async function activateEmployeeDeviceWithActivationRequestWithDeps(deps) {
+    const pollOptions = resolvePollOptionsFromSeconds(deps.input.timeoutSeconds, deps.input.intervalSeconds, {
+        timeoutMs: deps.defaultTimeoutMs,
+        intervalMs: deps.defaultIntervalMs,
+    });
+    return deps.activateEmployeeDeviceWithActivationCode(deps.routeCtx, {
+        activationCode: deps.input.activationCode,
+        idToken: deps.input.idToken,
+        dcrPayload: deps.input.dcrPayload,
+        pollOptions,
+    });
+}
+function createRuntimeUuid() {
+    const fromCrypto = globalThis.crypto?.randomUUID?.();
+    if (fromCrypto) {
+        return fromCrypto;
+    }
+    return `fallback-${Date.now()}-${Math.random().toString(16).slice(2)}`;
+}

package/dist/gdc-session-bridge.d.ts

@@ -0,0 +1,11 @@
+import { type ActorKind, type ActorFacadeDescriptor, type ActorSessionDescriptor } from '../../gdc-sdk-core-ts/dist/index.js';
+import { ActorSession, NodeActorSession } from './session.js';
+import type { RuntimeClient } from './orchestration/client-port.js';
+export declare function createNodeActorSessionsFromFacades(facades: ActorFacadeDescriptor[], client?: RuntimeClient): NodeActorSession[];
+export declare function createNodeActorSessionFromFacade(facade: ActorFacadeDescriptor, client?: RuntimeClient): NodeActorSession;
+export declare function createNodeActorSessionsFromDescriptor(descriptor: ActorSessionDescriptor, client?: RuntimeClient): NodeActorSession[];
+export declare function createNodeActorSessionFromDescriptor(descriptor: ActorSessionDescriptor, actorKind: ActorKind, client?: RuntimeClient): NodeActorSession;
+export declare function createActorSessionsFromFacades(facades: ActorFacadeDescriptor[], client?: RuntimeClient): ActorSession[];
+export declare function createActorSessionFromFacade(facade: ActorFacadeDescriptor, client?: RuntimeClient): ActorSession;
+export declare function createActorSessionsFromDescriptor(descriptor: ActorSessionDescriptor, client?: RuntimeClient): ActorSession[];
+export declare function createActorSessionFromDescriptor(descriptor: ActorSessionDescriptor, actorKind: ActorKind, client?: RuntimeClient): ActorSession;

package/dist/gdc-session-bridge.js

@@ -0,0 +1,74 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+import { expandActorSessionDescriptorToFacades, filterCapabilitiesForActor, } from '../../gdc-sdk-core-ts/dist/index.js';
+import { ActorSession, NodeActorSession } from './session.js';
+const capabilityMap = {
+    'organization.create_employee': 'organization.create_employee',
+    'organization.issue_activation_code': 'organization.issue_activation_code',
+    'organization.request_smart_token': 'organization.request_smart_token',
+    'individual.bootstrap': 'individual.bootstrap',
+    'individual.import_ips': 'individual.import_ips',
+    'individual.generate_digital_twin': 'individual.generate_digital_twin',
+    'consent.grant_professional_access': 'consent.grant_professional_access',
+    'professional.medication': 'professional.medication',
+    'professional.appointment': 'professional.appointment',
+    'professional.request_smart_token': 'professional.request_smart_token',
+};
+function mapCapabilities(capabilities) {
+    return [...new Set(capabilities.map(capability => capabilityMap[capability]))];
+}
+export function createNodeActorSessionsFromFacades(facades, client) {
+    return facades.map(facade => new NodeActorSession({
+        actorKind: facade.actorKind,
+        actorDid: facade.profileDid,
+        capabilities: mapCapabilities(filterCapabilitiesForActor(facade.actorKind, facade.capabilities)),
+    }, client));
+}
+export function createNodeActorSessionFromFacade(facade, client) {
+    return new NodeActorSession({
+        actorKind: facade.actorKind,
+        actorDid: facade.profileDid,
+        capabilities: mapCapabilities(filterCapabilitiesForActor(facade.actorKind, facade.capabilities)),
+    }, client);
+}
+export function createNodeActorSessionsFromDescriptor(descriptor, client) {
+    return createNodeActorSessionsFromFacades(expandActorSessionDescriptorToFacades(descriptor), client);
+}
+export function createNodeActorSessionFromDescriptor(descriptor, actorKind, client) {
+    if (!descriptor.actorKinds.includes(actorKind)) {
+        throw new Error(`Descriptor does not expose actor kind '${actorKind}'.`);
+    }
+    const facade = expandActorSessionDescriptorToFacades(descriptor)
+        .find(candidate => candidate.actorKind === actorKind);
+    if (!facade) {
+        throw new Error(`Descriptor does not expose actor kind '${actorKind}'.`);
+    }
+    return createNodeActorSessionFromFacade(facade, client);
+}
+export function createActorSessionsFromFacades(facades, client) {
+    return facades.map(facade => new ActorSession({
+        actorKind: facade.actorKind,
+        actorDid: facade.profileDid,
+        capabilities: mapCapabilities(filterCapabilitiesForActor(facade.actorKind, facade.capabilities)),
+    }, client));
+}
+export function createActorSessionFromFacade(facade, client) {
+    return new ActorSession({
+        actorKind: facade.actorKind,
+        actorDid: facade.profileDid,
+        capabilities: mapCapabilities(filterCapabilitiesForActor(facade.actorKind, facade.capabilities)),
+    }, client);
+}
+export function createActorSessionsFromDescriptor(descriptor, client) {
+    return createActorSessionsFromFacades(expandActorSessionDescriptorToFacades(descriptor), client);
+}
+export function createActorSessionFromDescriptor(descriptor, actorKind, client) {
+    if (!descriptor.actorKinds.includes(actorKind)) {
+        throw new Error(`Descriptor does not expose actor kind '${actorKind}'.`);
+    }
+    const facade = expandActorSessionDescriptorToFacades(descriptor)
+        .find(candidate => candidate.actorKind === actorKind);
+    if (!facade) {
+        throw new Error(`Descriptor does not expose actor kind '${actorKind}'.`);
+    }
+    return createActorSessionFromFacade(facade, client);
+}

package/dist/host-onboarding.d.ts

@@ -0,0 +1,38 @@
+import type { PollOptions, SubmitAndPollResult } from './orchestration/client-port.js';
+/**
+ * Current host-registry route context for existing host endpoints.
+ *
+ * This is a routing object for host registry calls. It is not the same thing as
+ * a node-operator discovery descriptor.
+ */
+export type HostRouteContext = {
+    jurisdiction: string;
+    sector: string;
+    controllerDid?: string;
+    hostDid?: string;
+};
+/**
+ * Input for legal-organization order confirmation in the host registry.
+ */
+export type LegalOrganizationOrderInput = {
+    offerId: string;
+    jurisdiction?: string;
+    sector?: string;
+    dataType?: string;
+    additionalClaims?: Record<string, unknown>;
+    timeoutSeconds?: number;
+    intervalSeconds?: number;
+};
+type ConfirmLegalOrganizationOrderDeps = {
+    input: LegalOrganizationOrderInput;
+    hostCtx: HostRouteContext;
+    defaultTimeoutMs?: number;
+    defaultIntervalMs?: number;
+    hostRegistryOrderBatchPath: (ctx: HostRouteContext) => string;
+    hostRegistryOrderPollPath: (ctx: HostRouteContext) => string;
+    submitAndPoll: (submitPath: string, pollPath: string, payload: {
+        thid?: string;
+    } & Record<string, unknown>, options?: PollOptions) => Promise<SubmitAndPollResult>;
+};
+export declare function confirmLegalOrganizationOrderWithDeps(deps: ConfirmLegalOrganizationOrderDeps): Promise<SubmitAndPollResult>;
+export {};

package/dist/host-onboarding.js

@@ -0,0 +1,39 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+import { resolvePollOptionsFromSeconds } from './poll-options.js';
+export async function confirmLegalOrganizationOrderWithDeps(deps) {
+    const offerId = String(deps.input.offerId || '').trim();
+    if (!offerId) {
+        throw new Error('confirmLegalOrganizationOrder requires offerId.');
+    }
+    const claims = {
+        '@context': 'org.schema',
+        'Order.acceptedOffer.identifier': offerId,
+        ...(deps.input.additionalClaims || {}),
+    };
+    const payload = {
+        jti: `jti-${createRuntimeUuid()}`,
+        iss: String(deps.hostCtx.controllerDid || '').trim() || undefined,
+        aud: String(deps.hostCtx.hostDid || '').trim() || undefined,
+        type: 'application/didcomm-plain+json',
+        thid: `order-${createRuntimeUuid()}`,
+        body: {
+            data: [{
+                    type: deps.input.dataType || 'Organization-order-request-v1.0',
+                    meta: { claims },
+                    resource: { meta: { claims } },
+                }],
+        },
+    };
+    const pollOptions = resolvePollOptionsFromSeconds(deps.input.timeoutSeconds, deps.input.intervalSeconds, {
+        timeoutMs: deps.defaultTimeoutMs,
+        intervalMs: deps.defaultIntervalMs,
+    });
+    return deps.submitAndPoll(deps.hostRegistryOrderBatchPath(deps.hostCtx), deps.hostRegistryOrderPollPath(deps.hostCtx), payload, pollOptions);
+}
+function createRuntimeUuid() {
+    const fromCrypto = globalThis.crypto?.randomUUID?.();
+    if (fromCrypto) {
+        return fromCrypto;
+    }
+    return `fallback-${Date.now()}-${Math.random().toString(16).slice(2)}`;
+}

package/dist/identity-bootstrap.d.ts

@@ -0,0 +1,30 @@
+import { type CommunicationIdentityBootstrapOptions, type CommunicationIdentityBootstrapResult } from 'gdc-common-utils-ts/utils/communication-identity';
+/**
+ * Node SDK convenience wrapper for the shared technical communication identity
+ * bootstrap helper defined in `gdc-common-utils-ts`.
+ *
+ * Use this from node backends when you want the bootstrap API to be reachable
+ * directly from `gdc-sdk-node-ts`, while keeping the implementation shared.
+ *
+ * This bootstraps the technical device/portal/app communication identity used
+ * to secure DIDComm/JOSE envelopes. It is distinct from the personal wallet or
+ * controller identity that may later sign user-controlled operations such as
+ * access-token or consent requests.
+ *
+ * Implemented today:
+ * - deterministic/random technical transport identity bootstrap
+ * - direct reuse of shared JOSE header and key-shape helpers
+ *
+ * Still pending in the node SDK:
+ * - first-class controller/person identity bootstrap API
+ * - integrated persistence of deviceIdentity vs actorIdentity vs providerIdentity
+ * - direct coupling with remote DID/discovery resolution
+ *
+ * Canonical copyable payload examples for related bootstrap flows live in:
+ * `gdc-common-utils-ts/examples`
+ *
+ * @param options Stable seed/bootstrap options. See the shared
+ * `CommunicationIdentityBootstrapOptions` JSDoc in `gdc-common-utils-ts`.
+ */
+export declare function initializeCommunicationIdentityFromSeed(options: CommunicationIdentityBootstrapOptions): Promise<CommunicationIdentityBootstrapResult>;
+export type { CommunicationIdentityBootstrapOptions as NodeSdkCommunicationIdentityBootstrapOptions, CommunicationIdentityBootstrapResult as NodeSdkCommunicationIdentityBootstrapResult, } from 'gdc-common-utils-ts/utils/communication-identity';

package/dist/identity-bootstrap.js

@@ -0,0 +1,32 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+import { initializeCommunicationIdentityFromSeed as initializeSharedCommunicationIdentityFromSeed, } from 'gdc-common-utils-ts/utils/communication-identity';
+/**
+ * Node SDK convenience wrapper for the shared technical communication identity
+ * bootstrap helper defined in `gdc-common-utils-ts`.
+ *
+ * Use this from node backends when you want the bootstrap API to be reachable
+ * directly from `gdc-sdk-node-ts`, while keeping the implementation shared.
+ *
+ * This bootstraps the technical device/portal/app communication identity used
+ * to secure DIDComm/JOSE envelopes. It is distinct from the personal wallet or
+ * controller identity that may later sign user-controlled operations such as
+ * access-token or consent requests.
+ *
+ * Implemented today:
+ * - deterministic/random technical transport identity bootstrap
+ * - direct reuse of shared JOSE header and key-shape helpers
+ *
+ * Still pending in the node SDK:
+ * - first-class controller/person identity bootstrap API
+ * - integrated persistence of deviceIdentity vs actorIdentity vs providerIdentity
+ * - direct coupling with remote DID/discovery resolution
+ *
+ * Canonical copyable payload examples for related bootstrap flows live in:
+ * `gdc-common-utils-ts/examples`
+ *
+ * @param options Stable seed/bootstrap options. See the shared
+ * `CommunicationIdentityBootstrapOptions` JSDoc in `gdc-common-utils-ts`.
+ */
+export async function initializeCommunicationIdentityFromSeed(options) {
+    return initializeSharedCommunicationIdentityFromSeed(options);
+}

package/dist/index.d.ts

@@ -0,0 +1,23 @@
+export * from '../../gdc-sdk-core-ts/dist/index.js';
+export * from './runtime-contracts.js';
+export * from './identity-bootstrap.js';
+export * from './async-polling.js';
+export * from './poll-options.js';
+export * from './host-onboarding.js';
+export * from './individual-start.js';
+export * from './individual-onboarding.js';
+export * from './device-activation.js';
+export * from './smart-token.js';
+export * from './resource-operations.js';
+export * from './session.js';
+export * from './node-runtime-client.js';
+export * from './gdc-session-bridge.js';
+export * from './orchestration/client-port.js';
+export * from './orchestration/host-onboarding-sdk.js';
+export * from './orchestration/organization-controller-sdk.js';
+export * from './orchestration/organization-employee-sdk.js';
+export * from './orchestration/individual-controller-sdk.js';
+export * from './orchestration/individual-member-sdk.js';
+export * from './orchestration/personal-sdk.js';
+export * from './orchestration/professional-sdk.js';
+export * from './legacy-compat.js';

package/dist/index.js

@@ -0,0 +1,24 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+export * from '../../gdc-sdk-core-ts/dist/index.js';
+export * from './runtime-contracts.js';
+export * from './identity-bootstrap.js';
+export * from './async-polling.js';
+export * from './poll-options.js';
+export * from './host-onboarding.js';
+export * from './individual-start.js';
+export * from './individual-onboarding.js';
+export * from './device-activation.js';
+export * from './smart-token.js';
+export * from './resource-operations.js';
+export * from './session.js';
+export * from './node-runtime-client.js';
+export * from './gdc-session-bridge.js';
+export * from './orchestration/client-port.js';
+export * from './orchestration/host-onboarding-sdk.js';
+export * from './orchestration/organization-controller-sdk.js';
+export * from './orchestration/organization-employee-sdk.js';
+export * from './orchestration/individual-controller-sdk.js';
+export * from './orchestration/individual-member-sdk.js';
+export * from './orchestration/personal-sdk.js';
+export * from './orchestration/professional-sdk.js';
+export * from './legacy-compat.js';

package/dist/individual-onboarding.d.ts

@@ -0,0 +1,35 @@
+import type { DataspaceSector } from 'gdc-common-utils-ts/constants';
+import type { PollOptions, SubmitAndPollResult } from './orchestration/client-port.js';
+export type RouteContext = {
+    tenantId: string;
+    jurisdiction: string;
+    sector: DataspaceSector | string;
+};
+export type IndividualOrganizationConfirmOrderInput = {
+    /**
+     * Preferred route identifier for the selected personal indexing service provider.
+     */
+    serviceProviderDid?: string;
+    /**
+     * @deprecated Use `serviceProviderDid`.
+     */
+    tenantId?: string;
+    jurisdiction?: string;
+    sector?: string;
+    offerId: string;
+    timeoutSeconds?: number;
+    intervalSeconds?: number;
+};
+type ConfirmIndividualOrganizationOrderDeps = {
+    input: IndividualOrganizationConfirmOrderInput;
+    routeCtx: RouteContext;
+    defaultTimeoutMs?: number;
+    defaultIntervalMs?: number;
+    individualFamilyOrderBatchPath: (ctx: RouteContext) => string;
+    individualFamilyOrderPollPath: (ctx: RouteContext) => string;
+    submitAndPoll: (submitPath: string, pollPath: string, payload: {
+        thid?: string;
+    } & Record<string, unknown>, options?: PollOptions) => Promise<SubmitAndPollResult>;
+};
+export declare function confirmIndividualOrganizationOrderWithDeps(deps: ConfirmIndividualOrganizationOrderDeps): Promise<SubmitAndPollResult>;
+export {};

package/dist/individual-onboarding.js

@@ -0,0 +1,38 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+import { resolvePollOptionsFromSeconds } from './poll-options.js';
+export async function confirmIndividualOrganizationOrderWithDeps(deps) {
+    const offerId = String(deps.input.offerId || '').trim();
+    if (!offerId) {
+        throw new Error('confirmIndividualOrganizationOrder requires offerId.');
+    }
+    const orderClaims = {
+        '@context': 'org.schema',
+        'Order.acceptedOffer.identifier': offerId,
+    };
+    const payload = {
+        jti: `jti-${createRuntimeUuid()}`,
+        iss: deps.routeCtx.tenantId,
+        aud: deps.routeCtx.tenantId,
+        type: 'application/didcomm-plain+json',
+        thid: `family-order-${createRuntimeUuid()}`,
+        body: {
+            data: [{
+                    type: 'Family-order-request-v1.0',
+                    meta: { claims: orderClaims },
+                    resource: { meta: { claims: orderClaims } },
+                }],
+        },
+    };
+    const pollOptions = resolvePollOptionsFromSeconds(deps.input.timeoutSeconds, deps.input.intervalSeconds, {
+        timeoutMs: deps.defaultTimeoutMs,
+        intervalMs: deps.defaultIntervalMs,
+    });
+    return deps.submitAndPoll(deps.individualFamilyOrderBatchPath(deps.routeCtx), deps.individualFamilyOrderPollPath(deps.routeCtx), payload, pollOptions);
+}
+function createRuntimeUuid() {
+    const fromCrypto = globalThis.crypto?.randomUUID?.();
+    if (fromCrypto) {
+        return fromCrypto;
+    }
+    return `fallback-${Date.now()}-${Math.random().toString(16).slice(2)}`;
+}