gdc-sdk-node-ts 0.12.0 → 2.0.2

package/dist/node-runtime-client.js

@@ -2,8 +2,9 @@
 // Always create JSDoc, do not use strings inline in keys nor values, use types instead, and reuse the data test examples.
 import fs from 'node:fs';
 import path from 'node:path';
-import { buildAppHeaders, createBootstrapFacade, resolveAppInfo, } from 'gdc-sdk-core-ts';
+import { buildLegalOrganizationVerificationGatewayRequestBundle, buildOrganizationDidBindingBundle, buildAppHeaders, createBootstrapFacade, resolveAppInfo, } from 'gdc-sdk-core-ts';
 import { buildConsentClaimsSimpleWithCid } from 'gdc-common-utils-ts/utils/consent';
+import { buildDidcommPlaintextTransportMetadata } from 'gdc-common-utils-ts/utils/activation-request';
 import { pollUntilCompleteWithMethod } from './async-polling.js';
 import { confirmLegalOrganizationOrderWithDeps, HostLifecycleRequestType, HostedTenantLifecycleRequestType, submitHostedTenantLifecycleWithDeps, } from './host-onboarding.js';
 import { confirmIndividualOrganizationOrderWithDeps, } from './individual-onboarding.js';
@@ -11,7 +12,7 @@ import { requestSmartTokenWithDeps } from './smart-token.js';
 import { extractOfferIdFromResponseBody, extractOfferPreviewFromResponseBody, } from './order-offer-summary.js';
 import { confirmOrganizationLicenseOrderWithDeps } from './organization-license-order.js';
 import { startIndividualOrganizationWithDeps } from './individual-start.js';
-import { createOrganizationEmployeeWithDeps, disableIndividualMemberWithDeps, disableIndividualOrganizationWithDeps, disableOrganizationEmployeeWithDeps, listIndividualLicenseOffersWithDeps, listIndividualLicenseOrdersWithDeps, listIndividualLicensesWithDeps, listOrganizationLicenseOffersWithDeps, listOrganizationLicenseOrdersWithDeps, listOrganizationLicensesWithDeps, grantProfessionalAccessWithDeps, ingestCommunicationAndUpdateIndexWithDeps, purgeIndividualMemberWithDeps, purgeIndividualOrganizationWithDeps, purgeOrganizationEmployeeWithDeps, searchIndividualLicensesWithDeps, searchIndividualLicenseOffersWithDeps, searchIndividualLicenseOrdersWithDeps, searchOrganizationLicensesWithDeps, searchOrganizationLicenseOffersWithDeps, searchOrganizationLicenseOrdersWithDeps, searchOrganizationEmployeesWithDeps, searchClinicalBundleWithDeps, searchLatestIpsWithDeps, upsertRelatedPersonAndPollWithDeps, } from './resource-operations.js';
+import { createOrganizationEmployeeWithDeps, disableIndividualMemberWithDeps, disableIndividualOrganizationWithDeps, disableOrganizationEmployeeWithDeps, listIndividualLicenseOffersWithDeps, listIndividualLicenseOrdersWithDeps, listIndividualLicensesWithDeps, listOrganizationLicenseOffersWithDeps, listOrganizationLicenseOrdersWithDeps, listOrganizationLicensesWithDeps, grantProfessionalAccessWithDeps, ingestCommunicationAndUpdateIndexWithDeps, searchCommunicationParticipantsWithDeps, purgeIndividualMemberWithDeps, purgeIndividualOrganizationWithDeps, purgeOrganizationEmployeeWithDeps, searchIndividualLicensesWithDeps, searchIndividualLicenseOffersWithDeps, searchIndividualLicenseOrdersWithDeps, searchOrganizationLicensesWithDeps, searchOrganizationLicenseOffersWithDeps, searchOrganizationLicenseOrdersWithDeps, searchOrganizationEmployeesWithDeps, searchClinicalBundleWithDeps, searchLatestIpsWithDeps, upsertRelatedPersonAndPollWithDeps, } from './resource-operations.js';
 import { submitAndPollWithMethods } from './orchestration/client-port.js';
 import { GwCoreLifecycleAction } from './constants/lifecycle.js';
 const bootstrapFacade = createBootstrapFacade();
@@ -96,9 +97,66 @@ export class HttpRuntimeClient {
     async submitAndPoll(submitPath, pollPath, payload, pollOptions) {
         return submitAndPollWithMethods(this, submitPath, pollPath, payload, pollOptions);
     }
+    /**
+     * Starts the host-side legal-organization verification transaction that GW
+     * CORE forwards to ICA `_verify`.
+     *
+     * Runtime ownership:
+     * - builds the canonical shared business bundle from `sdk-core/common-utils`
+     * - keeps communication/runtime transport concerns at the outer message layer
+     * - keeps the controller business key inside the submitted bundle payload
+     *
+     * Flow separation:
+     * - `_transaction` is the first host onboarding step
+     * - `_activate` remains a later step that consumes the ICA proof
+     */
+    async submitLegalOrganizationVerificationTransaction(hostCtx, input, pollOptions) {
+        const thid = `organization-verification-transaction-${runtimeUuid()}`;
+        const jti = `organization-verification-transaction-jti-${runtimeUuid()}`;
+        const verificationBundle = buildLegalOrganizationVerificationGatewayRequestBundle(input);
+        const payload = this.wrapBundleAsGatewayTransactionMessage({
+            thid,
+            jti,
+            hostCtx,
+            bundle: verificationBundle,
+        });
+        return this.submitAndPoll(this.hostRegistryOrganizationTransactionPath(hostCtx), this.hostRegistryOrganizationTransactionPollPath(hostCtx), payload, pollOptions);
+    }
+    /**
+     * Submits one tenant-scoped DID document binding request.
+     *
+     * Binding semantics:
+     * - the tenant path identifies the existing organization
+     * - `organization.url` carries the public alias/domain list
+     * - `controller.sameAs` is optional corroborating identity material
+     * - the flow does not rotate or replace organization public keys
+     */
+    async submitOrganizationDidBinding(ctx, input, pollOptions) {
+        const thid = `organization-did-binding-${runtimeUuid()}`;
+        const jti = `organization-did-binding-jti-${runtimeUuid()}`;
+        const payload = {
+            jti,
+            thid,
+            type: 'application/api+json',
+            body: buildOrganizationDidBindingBundle(input),
+        };
+        return this.submitAndPoll(this.organizationDidBindingPath(ctx), this.organizationDidBindingPollPath(ctx), payload, pollOptions);
+    }
     /**
      * Activates a legal organization in the gateway host registry using an ICA
      * proof token already obtained by the caller.
+     *
+     * Plaintext transport note:
+     * - this Node runtime currently submits `_activate` as
+     *   `application/didcomm-plaintext+json`
+     * - because there is no real outer JWS/JWE envelope in that mode, the
+     *   runtime mirrors the technical communication metadata derived from
+     *   `controller.publicKeyJwk` / `controller.jwks` into `meta.jws.protected`
+     *   and `meta.jwe.header`
+     * - secure JOSE transports should carry those values in the real protected
+     *   headers instead of plaintext `meta`
+     * - this mirrored metadata is transport fallback only; the canonical
+     *   activation contract remains `body.vp_token` plus `body.controller.*`
      */
     async activateOrganizationInGatewayFromIcaProof(hostCtx, input, pollOptions) {
         const thid = `activate-org-${runtimeUuid()}`;
@@ -109,11 +167,16 @@ export class HttpRuntimeClient {
             additionalClaims: input.additionalClaims,
         });
         const serviceClaims = activationDraft.buildServiceClaims();
+        const transportMeta = buildDidcommPlaintextTransportMetadata({
+            controller: input.controller,
+            contentType: 'application/didcomm-plaintext+json',
+        });
         const payload = {
             thid,
             iss: String(hostCtx.controllerDid || '').trim() || undefined,
             aud: String(hostCtx.hostDid || '').trim() || undefined,
             type: 'application/api+json',
+            ...(transportMeta ? { meta: transportMeta } : {}),
             body: {
                 vp_token: input.vpToken,
                 ...(input.controller ? { controller: input.controller } : {}),
@@ -550,6 +613,17 @@ export class HttpRuntimeClient {
             submitAndPoll: this.submitAndPoll.bind(this),
         });
     }
+    /**
+     * Searches communication channel records by subject and participant
+     * identifiers through `Communication/_search`.
+     */
+    async searchCommunicationParticipants(ctx, input) {
+        return searchCommunicationParticipantsWithDeps(ctx, input, {
+            communicationSearchPath: this.individualCommunicationSearchPath.bind(this),
+            communicationSearchPollPath: this.individualCommunicationSearchPollPath.bind(this),
+            submitAndPoll: this.submitAndPoll.bind(this),
+        });
+    }
     /**
      * Alias for `ingestCommunicationAndUpdateIndex(...)`.
      *
@@ -723,6 +797,24 @@ export class HttpRuntimeClient {
             ? { tenantId, jurisdiction: input.jurisdiction, sector: input.sector }
             : undefined);
     }
+    /**
+     * Reuses the shared bundle business contract while keeping attachment
+     * transport fields at the DIDComm/plaintext message layer expected by GW.
+     */
+    wrapBundleAsGatewayTransactionMessage(input) {
+        const rawBundle = (input.bundle || {});
+        const attachments = Array.isArray(rawBundle.attachments) ? rawBundle.attachments : undefined;
+        const { attachments: _ignoredAttachments, ...body } = rawBundle;
+        return {
+            jti: input.jti,
+            thid: input.thid,
+            iss: String(input.hostCtx.controllerDid || '').trim() || undefined,
+            aud: String(input.hostCtx.hostDid || '').trim() || undefined,
+            type: 'application/api+json',
+            body,
+            ...(attachments && attachments.length > 0 ? { attachments } : {}),
+        };
+    }
     hostRegistryPath(ctx, resourceType, action) {
         const hostCtx = this.requireHostRouteContext(ctx);
         return `/host/cds-${encodeURIComponent(hostCtx.jurisdiction)}/v1/${encodeURIComponent(hostCtx.hostNetwork || '')}/registry/org.schema/${encodeURIComponent(resourceType)}/${encodeURIComponent(action)}`;
@@ -735,6 +827,8 @@ export class HttpRuntimeClient {
             throw new Error('Host route context is required.');
         return { jurisdiction, hostNetwork };
     }
+    hostRegistryOrganizationTransactionPath(ctx) { return this.hostRegistryPath(ctx, 'Organization', GwCoreLifecycleAction.Transaction); }
+    hostRegistryOrganizationTransactionPollPath(ctx) { return this.hostRegistryPath(ctx, 'Organization', GwCoreLifecycleAction.TransactionResponse); }
     hostRegistryOrganizationActivatePath(ctx) { return this.hostRegistryPath(ctx, 'Organization', '_activate'); }
     hostRegistryOrganizationActivatePollPath(ctx) { return this.hostRegistryPath(ctx, 'Organization', '_activate-response'); }
     hostRegistryOrganizationDisablePath(ctx) { return this.hostRegistryPath(ctx, 'Organization', GwCoreLifecycleAction.Disable); }
@@ -749,6 +843,14 @@ export class HttpRuntimeClient {
     employeeSearchPollPath(ctx) { return this.v1Path(ctx, 'entity', 'org.schema', 'Employee', '_search-response'); }
     organizationLicenseSearchPath(ctx) { return this.v1Path(ctx, 'entity', 'org.schema', 'License', '_search'); }
     organizationLicenseSearchPollPath(ctx) { return this.v1Path(ctx, 'entity', 'org.schema', 'License', '_search-response'); }
+    organizationDidBindingPath(ctx) {
+        const resolved = this.requireRouteContext(ctx);
+        return `/${encodeURIComponent(resolved.tenantId)}/cds-${encodeURIComponent(resolved.jurisdiction)}/v1/${encodeURIComponent(resolved.sector)}/did/document/_binding`;
+    }
+    organizationDidBindingPollPath(ctx) {
+        const resolved = this.requireRouteContext(ctx);
+        return `/${encodeURIComponent(resolved.tenantId)}/cds-${encodeURIComponent(resolved.jurisdiction)}/v1/${encodeURIComponent(resolved.sector)}/did/document/_binding-response`;
+    }
     organizationLicenseOfferSearchPath(ctx) { return this.v1Path(ctx, 'entity', 'org.schema', 'Offer', '_search'); }
     organizationLicenseOfferSearchPollPath(ctx) { return this.v1Path(ctx, 'entity', 'org.schema', 'Offer', '_search-response'); }
     organizationLicenseOrderSearchPath(ctx) { return this.v1Path(ctx, 'entity', 'org.schema', 'Order', '_search'); }
@@ -779,6 +881,8 @@ export class HttpRuntimeClient {
     individualConsentR4PollPath(ctx) { return this.v1Path(ctx, 'individual', 'org.hl7.fhir.r4', 'Consent', '_batch-response'); }
     individualCommunicationBatchPath(ctx, format) { return this.v1Path(ctx, 'individual', format, 'Communication', '_batch'); }
     individualCommunicationPollPath(ctx, format) { return this.v1Path(ctx, 'individual', format, 'Communication', '_batch-response'); }
+    individualCommunicationSearchPath(ctx) { return this.v1Path(ctx, 'individual', 'org.hl7.fhir.r4', 'Communication', '_search'); }
+    individualCommunicationSearchPollPath(ctx) { return this.v1Path(ctx, 'individual', 'org.hl7.fhir.r4', 'Communication', '_search-response'); }
     individualBundleSearchPath(ctx) { return this.v1Path(ctx, 'individual', 'org.hl7.fhir.r4', 'Bundle', '_search'); }
     individualBundleSearchPollPath(ctx) { return this.v1Path(ctx, 'individual', 'org.hl7.fhir.r4', 'Bundle', '_search-response'); }
     identityTokenExchangePath(ctx) {

package/dist/orchestration/client-port.d.ts

@@ -1,4 +1,6 @@
 import type { ControllerBindingInput } from 'gdc-common-utils-ts/models';
+import type { LegalOrganizationVerificationTransactionInput } from 'gdc-common-utils-ts/utils/legal-organization-verification-transaction';
+import type { OrganizationDidBindingInput } from 'gdc-sdk-core-ts';
 import type { LicenseListRuntimeSearchInput, LicenseOfferRuntimeSearchInput, LicenseOrderRuntimeSearchInput } from '../resource-operations.js';
 import type { AsyncPollRequest, OrganizationActivationServiceOptions, PollOptions, PollResult, SubmitAndPollResult, SubmitPayload, SubmitResponse } from 'gdc-sdk-core-ts';
 export type { AsyncPollRequest, PollOptions, PollResult, SubmitAndPollResult, SubmitPayload, SubmitResponse, } from 'gdc-sdk-core-ts';
@@ -8,7 +10,7 @@ import type { IndividualOrganizationConfirmOrderInput, RouteContext } from '../i
 import type { IndividualOrganizationBootstrapInput, IndividualOrganizationStartResult } from '../individual-start.js';
 import type { OrganizationLicenseOrderConfirmInput } from '../organization-license-order.js';
 import type { SmartTokenExchangeResult, SmartTokenRequestInput } from '../smart-token.js';
-import type { CommunicationIngestionInput, ClinicalBundleSearchInput, DigitalTwinGenerationInput, GrantProfessionalAccessInput, GrantProfessionalAccessResult, IndividualMemberLifecycleInput, IndividualOrganizationLifecycleInput, IpsOrFhirImportInput, OrganizationEmployeeCreationInput, OrganizationEmployeeLifecycleInput, OrganizationEmployeeSearchInput, RelatedPersonUpsertInput } from '../resource-operations.js';
+import type { CommunicationIngestionInput, CommunicationParticipantRuntimeSearchInput, ClinicalBundleSearchInput, DigitalTwinGenerationInput, GrantProfessionalAccessInput, GrantProfessionalAccessResult, IndividualMemberLifecycleInput, IndividualOrganizationLifecycleInput, IpsOrFhirImportInput, OrganizationEmployeeCreationInput, OrganizationEmployeeLifecycleInput, OrganizationEmployeeSearchInput, RelatedPersonUpsertInput } from '../resource-operations.js';
 /**
  * Shared node-runtime activation input.
  *
@@ -21,6 +23,25 @@ export type NodeOrganizationActivationInput = {
     service?: OrganizationActivationServiceOptions;
     additionalClaims?: Record<string, unknown>;
 };
+/**
+ * Shared node-runtime input for the first host-side legal-organization
+ * verification step.
+ *
+ * The business payload is owned by shared SDK/common packages:
+ * - transport/runtime communication keys stay outside this contract
+ * - controller business key binding remains in `controller.*`
+ * - GW CORE host routing/polling stays in the runtime adapter
+ */
+export type NodeLegalOrganizationVerificationTransactionInput = LegalOrganizationVerificationTransactionInput;
+/**
+ * Shared node-runtime input for the organization DID binding operation.
+ *
+ * Binding contract:
+ * - tenant identity is resolved from the route path
+ * - `organization.url` carries one or more public aliases/domains
+ * - `controller.sameAs` is optional corroborating identity evidence
+ */
+export type NodeOrganizationDidBindingInput = OrganizationDidBindingInput;
 /**
  * Runtime-neutral actor/application client contract as exposed by the Node SDK.
  *
@@ -29,6 +50,8 @@ export type NodeOrganizationActivationInput = {
  * converge across runtimes.
  */
 export type RuntimeClient = {
+    submitLegalOrganizationVerificationTransaction?: (hostCtx: HostRouteContext, input: NodeLegalOrganizationVerificationTransactionInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
+    submitOrganizationDidBinding?: (ctx: RouteContext, input: NodeOrganizationDidBindingInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
     activateOrganizationInGatewayFromIcaProof?: (hostCtx: HostRouteContext, input: NodeOrganizationActivationInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
     confirmLegalOrganizationOrder?: (hostCtx: HostRouteContext, input: LegalOrganizationOrderInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
     disableHost?: (hostCtx: HostRouteContext, input: HostedTenantLifecycleInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
@@ -59,6 +82,7 @@ export type RuntimeClient = {
     disableIndividualOrganization?: (ctx: RouteContext, input: IndividualOrganizationLifecycleInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
     purgeIndividualOrganization?: (ctx: RouteContext, input: IndividualOrganizationLifecycleInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
     ingestCommunicationAndUpdateIndex?: (ctx: RouteContext, input: CommunicationIngestionInput) => Promise<SubmitAndPollResult>;
+    searchCommunicationParticipants?: (ctx: RouteContext, input: CommunicationParticipantRuntimeSearchInput) => Promise<SubmitAndPollResult>;
     grantProfessionalAccess?: (ctx: RouteContext, input: GrantProfessionalAccessInput) => Promise<GrantProfessionalAccessResult>;
     searchIndividualLicenses?: (ctx: RouteContext, input: LicenseListRuntimeSearchInput) => Promise<SubmitAndPollResult>;
     listIndividualLicenses?: (ctx: RouteContext, input?: LicenseListRuntimeSearchInput) => Promise<SubmitAndPollResult>;

package/dist/orchestration/individual-controller-sdk.d.ts

@@ -2,7 +2,7 @@ import { type NodeRuntimeClient, type PollOptions, type SubmitAndPollResult, typ
 import type { IndividualOrganizationConfirmOrderInput, RouteContext } from '../individual-onboarding.js';
 import type { IndividualOrganizationBootstrapInput, IndividualOrganizationStartResult } from '../individual-start.js';
 import type { NodeCapability } from '../session.js';
-import type { ClinicalBundleSearchInput, CommunicationIngestionInput, DigitalTwinGenerationInput, GrantProfessionalAccessInput, GrantProfessionalAccessResult, IndividualMemberLifecycleInput, IndividualOrganizationLifecycleInput, IpsOrFhirImportInput, LicenseListRuntimeSearchInput, LicenseOfferRuntimeSearchInput, LicenseOrderRuntimeSearchInput, RelatedPersonUpsertInput } from '../resource-operations.js';
+import type { ClinicalBundleSearchInput, CommunicationIngestionInput, CommunicationParticipantRuntimeSearchInput, DigitalTwinGenerationInput, GrantProfessionalAccessInput, GrantProfessionalAccessResult, IndividualMemberLifecycleInput, IndividualOrganizationLifecycleInput, IpsOrFhirImportInput, LicenseListRuntimeSearchInput, LicenseOfferRuntimeSearchInput, LicenseOrderRuntimeSearchInput, RelatedPersonUpsertInput } from '../resource-operations.js';
 import type { SmartTokenExchangeResult, SmartTokenRequestInput } from '../smart-token.js';
 /**
  * Individual-controller oriented facade over a `NodeRuntimeClient`.
@@ -71,6 +71,11 @@ export declare class IndividualControllerSdk {
      * Ingests a FHIR `Communication` and waits for indexing.
      */
     ingestCommunicationAndUpdateIndex(ctx: RouteContext, input: CommunicationIngestionInput): Promise<SubmitAndPollResult>;
+    /**
+     * Searches indexed communication channel records by subject and participant
+     * identifiers.
+     */
+    searchCommunicationParticipants(ctx: RouteContext, input: CommunicationParticipantRuntimeSearchInput): Promise<SubmitAndPollResult>;
     /**
      * Generates a digital twin projection from subject data.
      */

package/dist/orchestration/individual-controller-sdk.js

@@ -106,6 +106,13 @@ export class IndividualControllerSdk {
         assertFacadeCapability(this.capabilities, ActorCapabilities.IndividualIngestCommunication, ActorKinds.IndividualController, 'ingestCommunicationAndUpdateIndex');
         return requireClientMethod(this.client, 'ingestCommunicationAndUpdateIndex')(ctx, input);
     }
+    /**
+     * Searches indexed communication channel records by subject and participant
+     * identifiers.
+     */
+    searchCommunicationParticipants(ctx, input) {
+        return requireClientMethod(this.client, 'searchCommunicationParticipants')(ctx, input);
+    }
     /**
      * Generates a digital twin projection from subject data.
      */

package/dist/orchestration/organization-controller-sdk.d.ts

@@ -1,4 +1,4 @@
-import { type NodeRuntimeClient, type PollOptions, type SubmitAndPollResult, type SubmitPayload } from './client-port.js';
+import { type NodeOrganizationDidBindingInput, type NodeLegalOrganizationVerificationTransactionInput, type NodeRuntimeClient, type PollOptions, type SubmitAndPollResult, type SubmitPayload } from './client-port.js';
 import type { RouteContext } from '../individual-onboarding.js';
 import type { HostRouteContext, HostedTenantLifecycleInput } from '../host-onboarding.js';
 import type { EmployeeDeviceActivationResult, EmployeeDeviceActivationRequestInput } from '../device-activation.js';
@@ -19,6 +19,26 @@ export declare class OrganizationControllerSdk {
      * @param client Runtime client implementation used to submit and poll GW flows.
      */
     constructor(client: NodeRuntimeClient, capabilities?: readonly NodeCapability[] | undefined);
+    /**
+     * Starts the host-side legal-organization verification transaction that GW
+     * CORE forwards to ICA `_verify`.
+     *
+     * This is intentionally distinct from the later host `_activate` step:
+     * - `_transaction` carries signed evidence and controller business binding
+     * - `_activate` later consumes the ICA proof returned after verification
+     */
+    submitLegalOrganizationVerificationTransaction(hostCtx: HostRouteContext, input: NodeLegalOrganizationVerificationTransactionInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Binds the current tenant organization DID document to one public alias
+     * view.
+     *
+     * Contract:
+     * - the tenant path identifies the organization
+     * - `organization.url`, when present, provides the public aliases/domains to
+     *   bind
+     * - `controller.sameAs` is optional corroborating identity evidence
+     */
+    submitOrganizationDidBinding(ctx: RouteContext, input: NodeOrganizationDidBindingInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
     /**
      * Creates an employee/professional under the current organization tenant.
      */

package/dist/orchestration/organization-controller-sdk.js

@@ -16,6 +16,30 @@ export class OrganizationControllerSdk {
         this.client = client;
         this.capabilities = capabilities;
     }
+    /**
+     * Starts the host-side legal-organization verification transaction that GW
+     * CORE forwards to ICA `_verify`.
+     *
+     * This is intentionally distinct from the later host `_activate` step:
+     * - `_transaction` carries signed evidence and controller business binding
+     * - `_activate` later consumes the ICA proof returned after verification
+     */
+    submitLegalOrganizationVerificationTransaction(hostCtx, input, pollOptions) {
+        return requireClientMethod(this.client, 'submitLegalOrganizationVerificationTransaction')(hostCtx, input, pollOptions);
+    }
+    /**
+     * Binds the current tenant organization DID document to one public alias
+     * view.
+     *
+     * Contract:
+     * - the tenant path identifies the organization
+     * - `organization.url`, when present, provides the public aliases/domains to
+     *   bind
+     * - `controller.sameAs` is optional corroborating identity evidence
+     */
+    submitOrganizationDidBinding(ctx, input, pollOptions) {
+        return requireClientMethod(this.client, 'submitOrganizationDidBinding')(ctx, input, pollOptions);
+    }
     /**
      * Creates an employee/professional under the current organization tenant.
      */

package/dist/orchestration/personal-sdk.d.ts

@@ -1,7 +1,7 @@
 import { type NodeRuntimeClient, type PollOptions, type SubmitAndPollResult, type SubmitPayload } from './client-port.js';
 import type { IndividualOrganizationBootstrapInput, IndividualOrganizationStartResult } from '../individual-start.js';
 import type { RouteContext } from '../individual-onboarding.js';
-import type { ClinicalBundleSearchInput, CommunicationIngestionInput, DigitalTwinGenerationInput, GrantProfessionalAccessInput, GrantProfessionalAccessResult, IpsOrFhirImportInput, LicenseListRuntimeSearchInput, LicenseOfferRuntimeSearchInput, LicenseOrderRuntimeSearchInput } from '../resource-operations.js';
+import type { ClinicalBundleSearchInput, CommunicationIngestionInput, CommunicationParticipantRuntimeSearchInput, DigitalTwinGenerationInput, GrantProfessionalAccessInput, GrantProfessionalAccessResult, IpsOrFhirImportInput, LicenseListRuntimeSearchInput, LicenseOfferRuntimeSearchInput, LicenseOrderRuntimeSearchInput } from '../resource-operations.js';
 import type { SmartTokenExchangeResult, SmartTokenRequestInput } from '../smart-token.js';
 export declare class PersonalSdk {
     private readonly client;
@@ -14,6 +14,8 @@ export declare class PersonalSdk {
     importIpsOrFhirAndUpdateIndex(ctx: RouteContext, input: IpsOrFhirImportInput): Promise<SubmitAndPollResult>;
     /** Ingests canonical Communication and waits for projection completion. */
     ingestCommunicationAndUpdateIndex(ctx: RouteContext, input: CommunicationIngestionInput): Promise<SubmitAndPollResult>;
+    /** Searches indexed communication channel records by subject and participant identifiers. */
+    searchCommunicationParticipants(ctx: RouteContext, input: CommunicationParticipantRuntimeSearchInput): Promise<SubmitAndPollResult>;
     /** Triggers digital twin generation from subject data. */
     generateDigitalTwinFromSubjectData(ctx: RouteContext, input: DigitalTwinGenerationInput): Promise<SubmitAndPollResult>;
     /** Searches indexed clinical bundles for the current subject/controller context. */

package/dist/orchestration/personal-sdk.js

@@ -20,6 +20,10 @@ export class PersonalSdk {
     ingestCommunicationAndUpdateIndex(ctx, input) {
         return requireClientMethod(this.client, 'ingestCommunicationAndUpdateIndex')(ctx, input);
     }
+    /** Searches indexed communication channel records by subject and participant identifiers. */
+    searchCommunicationParticipants(ctx, input) {
+        return requireClientMethod(this.client, 'searchCommunicationParticipants')(ctx, input);
+    }
     /** Triggers digital twin generation from subject data. */
     generateDigitalTwinFromSubjectData(ctx, input) {
         return requireClientMethod(this.client, 'generateDigitalTwinFromSubjectData')(ctx, input);

package/dist/orchestration/professional-sdk.d.ts

@@ -1,7 +1,7 @@
 import { type NodeRuntimeClient, type PollOptions, type SubmitAndPollResult, type SubmitPayload } from './client-port.js';
 import type { RouteContext } from '../individual-onboarding.js';
 import type { SmartTokenExchangeResult, SmartTokenRequestInput } from '../smart-token.js';
-import type { CommunicationIngestionInput, GrantProfessionalAccessInput, GrantProfessionalAccessResult } from '../resource-operations.js';
+import type { CommunicationIngestionInput, CommunicationParticipantRuntimeSearchInput, GrantProfessionalAccessInput, GrantProfessionalAccessResult } from '../resource-operations.js';
 /**
  * Professional-oriented facade for runtime actions that belong to the
  * professional actor itself after tenant and employee provisioning have already
@@ -33,6 +33,11 @@ export declare class ProfessionalSdk {
      * Ingests a FHIR `Communication` and waits for indexing.
      */
     ingestCommunicationAndUpdateIndex(ctx: RouteContext, input: CommunicationIngestionInput): Promise<SubmitAndPollResult>;
+    /**
+     * Searches indexed communication channel records by subject and participant
+     * identifiers.
+     */
+    searchCommunicationParticipants(ctx: RouteContext, input: CommunicationParticipantRuntimeSearchInput): Promise<SubmitAndPollResult>;
     /**
      * Grants access to a professional through a consent flow.
      */

package/dist/orchestration/professional-sdk.js

@@ -37,6 +37,13 @@ export class ProfessionalSdk {
     ingestCommunicationAndUpdateIndex(ctx, input) {
         return requireClientMethod(this.client, 'ingestCommunicationAndUpdateIndex')(ctx, input);
     }
+    /**
+     * Searches indexed communication channel records by subject and participant
+     * identifiers.
+     */
+    searchCommunicationParticipants(ctx, input) {
+        return requireClientMethod(this.client, 'searchCommunicationParticipants')(ctx, input);
+    }
     /**
      * Grants access to a professional through a consent flow.
      */

package/dist/resource-operations.d.ts

@@ -1,4 +1,6 @@
-import { type LicenseOfferSearchDraft, type LicenseOrderSearchDraft, type LicenseListSearchDraft } from 'gdc-common-utils-ts';
+import { IndividualOrganizationLifecycleEditor } from 'gdc-common-utils-ts';
+import type { LicenseOfferSearchState, LicenseOrderSearchState } from 'gdc-common-utils-ts/utils/license-commercial-search';
+import type { LicenseListSearchState } from 'gdc-common-utils-ts/utils/license-list-search';
 import type { BundleSearchQuery, CommunicationInput, DateRange, EmployeeSearchValue } from 'gdc-sdk-core-ts';
 import type { SubmitAndPollResult } from './orchestration/client-port.js';
 import type { RouteContext } from './individual-onboarding.js';
@@ -66,7 +68,7 @@ export type OrganizationEmployeeSearchInput = {
  * The semantic filter set comes from the shared license controller facade.
  */
 export type LicenseListRuntimeSearchInput = {
-    licenseQuery?: Partial<LicenseListSearchDraft>;
+    licenseQuery?: Partial<LicenseListSearchState>;
     requestThid?: string;
     pollOptions?: {
         timeoutMs?: number;
@@ -78,7 +80,7 @@ export type LicenseListRuntimeSearchInput = {
  * actor facades.
  */
 export type LicenseOfferRuntimeSearchInput = {
-    offerQuery?: Partial<LicenseOfferSearchDraft>;
+    offerQuery?: Partial<LicenseOfferSearchState>;
     requestThid?: string;
     pollOptions?: {
         timeoutMs?: number;
@@ -90,7 +92,7 @@ export type LicenseOfferRuntimeSearchInput = {
  * through actor facades.
  */
 export type LicenseOrderRuntimeSearchInput = {
-    orderQuery?: Partial<LicenseOrderSearchDraft>;
+    orderQuery?: Partial<LicenseOrderSearchState>;
     requestThid?: string;
     pollOptions?: {
         timeoutMs?: number;
@@ -109,7 +111,12 @@ export type IndividualOrganizationLifecycleInput = {
      * Canonical claims used by GW CORE to locate the hosted individual/family
      * registration.
      */
-    organizationClaims: Record<string, unknown>;
+    organizationClaims?: Record<string, unknown>;
+    /**
+     * Preferred high-level shared editor for lifecycle callers that want to
+     * avoid assembling raw claims inline.
+     */
+    organizationEditor?: IndividualOrganizationLifecycleEditor;
     /**
      * Optional canonical resource id when already known by the caller.
      */
@@ -160,6 +167,39 @@ export type CommunicationIngestionInput = {
         intervalMs?: number;
     };
 };
+/**
+ * Runtime participant query for `Communication/_search`.
+ *
+ * Search semantics:
+ * - `subject` scopes which individual communication sections to inspect
+ * - `userActorId` and `targetActorId` both match sender OR any recipient
+ * - `senderActorId` and `recipientActorId` constrain one side explicitly
+ * - `actorId` is the generic sender-or-recipient filter
+ * - `*` means "all" for the corresponding operand
+ *
+ * Canonical prefixes are normalized by shared `gdc-common-utils-ts` helpers:
+ * - `did:`
+ * - `email:` / `mailto:`
+ * - `tel:` / `phone:`
+ */
+export type CommunicationParticipantRuntimeSearchInput = {
+    searchParams?: Record<string, string | number | boolean | Array<string | number | boolean> | undefined>;
+    subject?: string | string[];
+    actorId?: string | string[];
+    senderActorId?: string | string[];
+    recipientActorId?: string | string[];
+    userActorId?: string | string[];
+    targetActorId?: string | string[];
+    periodStart?: string;
+    periodEnd?: string;
+    requestThid?: string;
+    pollOptions?: {
+        timeoutMs?: number;
+        intervalMs?: number;
+    };
+    page?: number;
+    count?: number;
+};
 export type ClinicalDateRange = DateRange;
 export type ClinicalBundleSearchInput = Omit<BundleSearchQuery, 'section' | 'searchParams'> & {
     section?: string | string[];
@@ -465,6 +505,16 @@ export declare function ingestCommunicationAndUpdateIndexWithDeps(routeCtx: Rout
         intervalMs?: number;
     }) => Promise<SubmitAndPollResult>;
 }): Promise<SubmitAndPollResult>;
+export declare function searchCommunicationParticipantsWithDeps(routeCtx: RouteContext, input: CommunicationParticipantRuntimeSearchInput, deps: {
+    communicationSearchPath: (ctx: RouteContext) => string;
+    communicationSearchPollPath: (ctx: RouteContext) => string;
+    submitAndPoll: (submitPath: string, pollPath: string, payload: {
+        thid?: string;
+    } & Record<string, unknown>, pollOptions?: {
+        timeoutMs?: number;
+        intervalMs?: number;
+    }) => Promise<SubmitAndPollResult>;
+}): Promise<SubmitAndPollResult>;
 export declare function searchClinicalBundleWithDeps(routeCtx: RouteContext, input: ClinicalBundleSearchInput, deps: {
     bundleSearchPath: (ctx: RouteContext) => string;
     bundleSearchPollPath: (ctx: RouteContext) => string;

package/dist/resource-operations.js

@@ -2,7 +2,7 @@
 import { HealthcareBasicSections, ResourceTypesFhirR4 } from 'gdc-common-utils-ts/constants';
 import { Format } from 'gdc-common-utils-ts/constants/Schemas';
 import { RelatedPersonClaim } from 'gdc-common-utils-ts/models/interoperable-claims/related-person-claims';
-import { createInteroperableResourceOperationEditor, IndividualOrganizationLifecycleDraft, LicenseOfferSearchEditor, LicenseOrderSearchEditor, InteroperableLifecycleStatuses, LicenseListSearchEditor, } from 'gdc-common-utils-ts';
+import { buildCommunicationParticipantSearchBundle, createInteroperableResourceOperationEditor, IndividualOrganizationLifecycleEditor, LicenseOfferSearchEditor, LicenseOrderSearchEditor, InteroperableLifecycleStatuses, LicenseListSearchEditor, } from 'gdc-common-utils-ts';
 import { GwCoreLifecycleRequestMethod, GwCoreLifecycleRequestType, GwCoreLifecycleTodo, } from './constants/lifecycle.js';
 import { buildEmployeeBatchEntry, buildEmployeeSearchBundle, } from 'gdc-sdk-core-ts';
 export async function createOrganizationEmployeeWithDeps(routeCtx, input, options, deps) {
@@ -117,6 +117,7 @@ export async function disableIndividualOrganizationWithDeps(routeCtx, input, opt
         routeCtx,
         requestType: input.dataType || GwCoreLifecycleRequestType.IndividualOrganizationDisable,
         organizationClaims: input.organizationClaims,
+        organizationEditor: input.organizationEditor,
         resourceId: input.resourceId,
         thidPrefix: 'individual-organization-disable',
     });
@@ -127,6 +128,7 @@ export async function purgeIndividualOrganizationWithDeps(routeCtx, input, optio
         routeCtx,
         requestType: input.dataType || GwCoreLifecycleRequestType.IndividualOrganizationPurge,
         organizationClaims: input.organizationClaims,
+        organizationEditor: input.organizationEditor,
         resourceId: input.resourceId,
         thidPrefix: 'individual-organization-purge',
     });
@@ -280,6 +282,25 @@ export async function ingestCommunicationAndUpdateIndexWithDeps(routeCtx, input,
         : payload;
     return deps.submitAndPoll(deps.individualCommunicationBatchPath(routeCtx, pathFormatSegment), deps.individualCommunicationPollPath(routeCtx, pathFormatSegment), convertedPayload, input.pollOptions);
 }
+export async function searchCommunicationParticipantsWithDeps(routeCtx, input, deps) {
+    const payload = {
+        thid: input.requestThid || `communication-search-${createRuntimeUuid()}`,
+        body: buildCommunicationParticipantSearchBundle({
+            searchParams: input.searchParams,
+            subject: input.subject,
+            actorId: input.actorId,
+            senderActorId: input.senderActorId,
+            recipientActorId: input.recipientActorId,
+            userActorId: input.userActorId,
+            targetActorId: input.targetActorId,
+            periodStart: input.periodStart,
+            periodEnd: input.periodEnd,
+            page: input.page,
+            count: input.count,
+        }),
+    };
+    return deps.submitAndPoll(deps.communicationSearchPath(routeCtx), deps.communicationSearchPollPath(routeCtx), payload, input.pollOptions);
+}
 export async function searchClinicalBundleWithDeps(routeCtx, input, deps) {
     const query = buildBundleSearchQuery(input);
     const payload = {
@@ -384,9 +405,10 @@ function buildEmployeeLifecyclePayload(input) {
     };
 }
 function buildIndividualOrganizationLifecyclePayload(input) {
-    const claims = input.organizationClaims || {};
-    const payload = new IndividualOrganizationLifecycleDraft()
-        .setClaims(claims)
+    const payload = input.organizationEditor
+        ? new IndividualOrganizationLifecycleEditor(input.organizationEditor.getState())
+        : new IndividualOrganizationLifecycleEditor().setClaims(input.organizationClaims || {});
+    payload
         .setRequestType(input.requestType)
         .setThreadId(`${input.thidPrefix}-${createRuntimeUuid()}`);
     if (input.resourceId) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gdc-sdk-node-ts",
-  "version": "0.12.0",
+  "version": "2.0.2",
   "description": "Next-generation Node runtime package for the GDC SDK family",
   "license": "Apache-2.0",
   "author": "Antifraud Services Inc.",
@@ -23,11 +23,15 @@
     "test:e2e:live-gw:didcomm-plain": "npm run build && RUN_LIVE_GW_E2E=1 LIVE_GW_E2E_TRANSPORT=didcomm-plain node --test tests/live-gw-node-runtime.e2e.test.mjs",
     "test:e2e:live-gw:legacy-fhir": "npm run build && RUN_LIVE_GW_E2E=1 LIVE_GW_E2E_TRANSPORT=legacy-fhir node --test tests/live-gw-node-runtime.e2e.test.mjs",
     "test:e2e:live-gw:all": "npm run build && RUN_LIVE_GW_E2E=1 LIVE_GW_E2E_TRANSPORT=all node --test tests/live-gw-node-runtime.e2e.test.mjs",
+    "test:e2e:live-gw:host-transaction:clean": "bash ./scripts/run-live-gw-host-transaction-clean.sh",
+    "test:e2e:live-profile-runtime:individual": "npm run build && RUN_LIVE_PROFILE_RUNTIME_E2E=1 node --test tests/live-profile-runtime-individual.e2e.test.mjs",
+    "test:e2e:live-profile-runtime:professional": "npm run build && RUN_LIVE_PROFILE_RUNTIME_PROFESSIONAL_E2E=1 node --test tests/live-profile-runtime-professional.e2e.test.mjs",
+    "test:e2e:live-dialogue:consent-professional": "npm run build && RUN_LIVE_DIALOGUE_CONSENT_PROFESSIONAL_E2E=1 node --test tests/live-dialogue-consent-professional-access.e2e.test.mjs",
     "test:e2e:live-gw:clean": "bash ./scripts/run-live-gw-clean.sh"
   },
   "dependencies": {
-    "gdc-common-utils-ts": "^1.24.0",
-    "gdc-sdk-core-ts": "^0.11.0"
+    "gdc-common-utils-ts": "^2.0.4",
+    "gdc-sdk-core-ts": "^2.0.3"
   },
   "devDependencies": {
     "@types/node": "^20.14.10",