gdc-sdk-node-ts 0.3.0 → 0.4.0

package/README.md

@@ -41,6 +41,7 @@ If you need the shortest path:
   `appId` mandatory, `appVersion` optional with default `v1.0`
 - backend technical identity:
   [`initializeCommunicationIdentity(...)`](./docs/SDK_INTEGRATION_101.md)
+  for the technical channel/runtime identity, not the legal organization id
 - runtime client:
   [`NodeHttpClient`](src/node-runtime-client.ts)
 - step-by-step runtime usage:

package/dist/constants/lifecycle.d.ts

@@ -0,0 +1,42 @@
+/**
+ * GW CORE lifecycle route/action tokens used by the Node runtime SDK.
+ *
+ * These constants intentionally model the currently deployed GW CORE contract.
+ * Do not rewrite them to the target normalized `PATCH` contract until the
+ * backend migration described in `gwtemplate-node-ts/docs/90.L-LIFECYCLE_CURRENT_VS_TARGET.md`
+ * is actually deployed.
+ */
+export declare const GwCoreLifecycleAction: Readonly<{
+    readonly Batch: "_batch";
+    readonly BatchResponse: "_batch-response";
+    readonly Transaction: "_transaction";
+    readonly TransactionResponse: "_transaction-response";
+    readonly Disable: "_disable";
+    readonly Purge: "_purge";
+}>;
+/**
+ * Entry request methods currently used by GW CORE lifecycle handlers.
+ */
+export declare const GwCoreLifecycleRequestMethod: Readonly<{
+    readonly Post: "POST";
+    readonly Delete: "DELETE";
+}>;
+/**
+ * Stable request type ids for the currently deployed GW CORE lifecycle flows.
+ */
+export declare const GwCoreLifecycleRequestType: Readonly<{
+    readonly EmployeeCreate: "Employee-create-request-v1.0";
+    readonly EmployeeDisable: "Employee-disable-request-v1.0";
+    readonly EmployeePurge: "Employee-purge-request-v1.0";
+    readonly IndividualOrganizationRegistration: "SubjectOrg-registration-form-v1.0";
+    readonly IndividualOrganizationDisable: "Family-disable-request-v1.0";
+    readonly IndividualOrganizationPurge: "Family-purge-request-v1.0";
+}>;
+/**
+ * Named TODO ids kept close to the current lifecycle implementation so the
+ * target-contract migration is easy to track later.
+ */
+export declare const GwCoreLifecycleTodo: Readonly<{
+    readonly EmployeeDisablePatchMigration: "TODO(gw-core-lifecycle-target-patch-employee-disable)";
+    readonly IndividualDisablePatchMigration: "TODO(gw-core-lifecycle-target-patch-individual-disable)";
+}>;

package/dist/constants/lifecycle.js

@@ -0,0 +1,43 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+/**
+ * GW CORE lifecycle route/action tokens used by the Node runtime SDK.
+ *
+ * These constants intentionally model the currently deployed GW CORE contract.
+ * Do not rewrite them to the target normalized `PATCH` contract until the
+ * backend migration described in `gwtemplate-node-ts/docs/90.L-LIFECYCLE_CURRENT_VS_TARGET.md`
+ * is actually deployed.
+ */
+export const GwCoreLifecycleAction = Object.freeze({
+    Batch: '_batch',
+    BatchResponse: '_batch-response',
+    Transaction: '_transaction',
+    TransactionResponse: '_transaction-response',
+    Disable: '_disable',
+    Purge: '_purge',
+});
+/**
+ * Entry request methods currently used by GW CORE lifecycle handlers.
+ */
+export const GwCoreLifecycleRequestMethod = Object.freeze({
+    Post: 'POST',
+    Delete: 'DELETE',
+});
+/**
+ * Stable request type ids for the currently deployed GW CORE lifecycle flows.
+ */
+export const GwCoreLifecycleRequestType = Object.freeze({
+    EmployeeCreate: 'Employee-create-request-v1.0',
+    EmployeeDisable: 'Employee-disable-request-v1.0',
+    EmployeePurge: 'Employee-purge-request-v1.0',
+    IndividualOrganizationRegistration: 'SubjectOrg-registration-form-v1.0',
+    IndividualOrganizationDisable: 'Family-disable-request-v1.0',
+    IndividualOrganizationPurge: 'Family-purge-request-v1.0',
+});
+/**
+ * Named TODO ids kept close to the current lifecycle implementation so the
+ * target-contract migration is easy to track later.
+ */
+export const GwCoreLifecycleTodo = Object.freeze({
+    EmployeeDisablePatchMigration: 'TODO(gw-core-lifecycle-target-patch-employee-disable)',
+    IndividualDisablePatchMigration: 'TODO(gw-core-lifecycle-target-patch-individual-disable)',
+});

package/dist/gdc-session-bridge.js

@@ -1,17 +1,30 @@
 // Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+import { ActorCapabilities } from 'gdc-common-utils-ts/constants/actor-session';
 import { expandActorSessionDescriptorToFacades, filterCapabilitiesForActor, } from 'gdc-sdk-core-ts';
 import { ActorSession, NodeActorSession } from './session.js';
 const capabilityMap = {
-    'organization.create_employee': 'organization.create_employee',
-    'organization.issue_activation_code': 'organization.issue_activation_code',
-    'organization.request_smart_token': 'organization.request_smart_token',
-    'individual.bootstrap': 'individual.bootstrap',
-    'individual.import_ips': 'individual.import_ips',
-    'individual.generate_digital_twin': 'individual.generate_digital_twin',
-    'consent.grant_professional_access': 'consent.grant_professional_access',
-    'professional.medication': 'professional.medication',
-    'professional.appointment': 'professional.appointment',
-    'professional.request_smart_token': 'professional.request_smart_token',
+    [ActorCapabilities.HostActivateOrganization]: ActorCapabilities.HostActivateOrganization,
+    [ActorCapabilities.HostConfirmOrder]: ActorCapabilities.HostConfirmOrder,
+    [ActorCapabilities.OrganizationCreateEmployee]: ActorCapabilities.OrganizationCreateEmployee,
+    [ActorCapabilities.OrganizationActivateDevice]: ActorCapabilities.OrganizationActivateDevice,
+    [ActorCapabilities.OrganizationIssueActivationCode]: ActorCapabilities.OrganizationIssueActivationCode,
+    [ActorCapabilities.OrganizationRequestSmartToken]: ActorCapabilities.OrganizationRequestSmartToken,
+    [ActorCapabilities.OrganizationDisableEmployee]: ActorCapabilities.OrganizationDisableEmployee,
+    [ActorCapabilities.OrganizationPurgeEmployee]: ActorCapabilities.OrganizationPurgeEmployee,
+    [ActorCapabilities.IndividualBootstrap]: ActorCapabilities.IndividualBootstrap,
+    [ActorCapabilities.IndividualDisable]: ActorCapabilities.IndividualDisable,
+    [ActorCapabilities.IndividualPurge]: ActorCapabilities.IndividualPurge,
+    [ActorCapabilities.IndividualImportIps]: ActorCapabilities.IndividualImportIps,
+    [ActorCapabilities.IndividualGenerateDigitalTwin]: ActorCapabilities.IndividualGenerateDigitalTwin,
+    [ActorCapabilities.IndividualIngestCommunication]: ActorCapabilities.IndividualIngestCommunication,
+    [ActorCapabilities.IndividualUpsertRelatedPerson]: ActorCapabilities.IndividualUpsertRelatedPerson,
+    [ActorCapabilities.IndividualMemberDisable]: ActorCapabilities.IndividualMemberDisable,
+    [ActorCapabilities.IndividualMemberPurge]: ActorCapabilities.IndividualMemberPurge,
+    [ActorCapabilities.ConsentGrantProfessionalAccess]: ActorCapabilities.ConsentGrantProfessionalAccess,
+    [ActorCapabilities.ProfessionalMedication]: ActorCapabilities.ProfessionalMedication,
+    [ActorCapabilities.ProfessionalAppointment]: ActorCapabilities.ProfessionalAppointment,
+    [ActorCapabilities.ProfessionalRequestSmartToken]: ActorCapabilities.ProfessionalRequestSmartToken,
+    [ActorCapabilities.TokenRequestSmart]: ActorCapabilities.TokenRequestSmart,
 };
 function mapCapabilities(capabilities) {
     return [...new Set(capabilities.map(capability => capabilityMap[capability]))];

package/dist/individual-start.js

@@ -1,5 +1,6 @@
 // Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
 import { ClaimsOrganizationSchemaorg, ClaimsPersonSchemaorg, ClaimsServiceSchemaorg, } from 'gdc-common-utils-ts/constants';
+import { GwCoreLifecycleRequestType } from './constants/lifecycle.js';
 import { resolvePollOptionsFromSeconds } from './poll-options.js';
 export async function startIndividualOrganizationWithDeps(deps) {
     /**
@@ -51,7 +52,7 @@ export async function startIndividualOrganizationWithDeps(deps) {
         thid: `family-org-${createRuntimeUuid()}`,
         body: {
             data: [{
-                    type: 'SubjectOrg-registration-form-v1.0',
+                    type: GwCoreLifecycleRequestType.IndividualOrganizationRegistration,
                     meta: { claims },
                     resource: { meta: { claims } },
                 }],

package/dist/node-runtime-client.d.ts

@@ -1,11 +1,11 @@
-import type { ControllerBindingInput } from 'gdc-common-utils-ts/models';
 import type { AppInfo } from 'gdc-sdk-core-ts';
 import { type ResolvedAppInfo } from 'gdc-sdk-core-ts';
 import { type HostRouteContext } from './host-onboarding.js';
+import type { NodeOrganizationActivationInput } from './orchestration/client-port.js';
 import { type IndividualOrganizationConfirmOrderInput, type RouteContext } from './individual-onboarding.js';
 import { type SmartTokenRequestInput } from './smart-token.js';
 import { type IndividualOrganizationBootstrapInput, type IndividualOrganizationStartResult } from './individual-start.js';
-import { type CommunicationIngestionInput, type ClinicalBundleSearchInput, type GrantProfessionalAccessInput, type GrantProfessionalAccessResult, type OrganizationEmployeeCreationInput, type RelatedPersonUpsertInput } from './resource-operations.js';
+import { type CommunicationIngestionInput, type ClinicalBundleSearchInput, type GrantProfessionalAccessInput, type GrantProfessionalAccessResult, type IndividualMemberLifecycleInput, type IndividualOrganizationLifecycleInput, type OrganizationEmployeeCreationInput, type OrganizationEmployeeLifecycleInput, type RelatedPersonUpsertInput } from './resource-operations.js';
 import type { LegalOrganizationOrderInput } from './host-onboarding.js';
 import type { SmartTokenExchangeResult } from './smart-token.js';
 import type { NodeRuntimeClient, PollOptions, PollResult, SubmitAndPollResult, SubmitPayload, SubmitResponse } from './orchestration/client-port.js';
@@ -91,11 +91,7 @@ export declare class HttpRuntimeClient implements NodeRuntimeClient {
      * Activates a legal organization in the gateway host registry using an ICA
      * proof token already obtained by the caller.
      */
-    activateOrganizationInGatewayFromIcaProof(hostCtx: HostRouteContext, input: {
-        vpToken: string;
-        controller?: ControllerBindingInput;
-        additionalClaims?: Record<string, unknown>;
-    }, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    activateOrganizationInGatewayFromIcaProof(hostCtx: HostRouteContext, input: NodeOrganizationActivationInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
     /**
      * Confirms a host-side legal organization order after the initial activation.
      */
@@ -104,6 +100,28 @@ export declare class HttpRuntimeClient implements NodeRuntimeClient {
      * Creates an employee or professional entry under an existing organization tenant.
      */
     createOrganizationEmployee(ctx: RouteContext, input: OrganizationEmployeeCreationInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Disables an employee using the current GW CORE contract.
+     *
+     * Current live behavior still uses `Employee/_batch` with entry
+     * `request.method = DELETE`. This intentionally does not release licenses.
+     */
+    disableOrganizationEmployee(ctx: RouteContext, input: OrganizationEmployeeLifecycleInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Preferred public alias for employee disable in the current SDK surface.
+     */
+    disableEmployee(ctx: RouteContext, input: OrganizationEmployeeLifecycleInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Purges an inactive employee using the current GW CORE explicit purge route.
+     *
+     * Purge preserves traceability and releases/disassociates licenses only after
+     * the employee is already inactive.
+     */
+    purgeOrganizationEmployee(ctx: RouteContext, input: OrganizationEmployeeLifecycleInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Preferred public alias for employee purge in the current SDK surface.
+     */
+    purgeEmployee(ctx: RouteContext, input: OrganizationEmployeeLifecycleInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
     /**
      * Starts the onboarding flow for an individual-oriented tenant or index.
      */
@@ -112,6 +130,42 @@ export declare class HttpRuntimeClient implements NodeRuntimeClient {
      * Confirms the order returned by `startIndividualOrganization(...)`.
      */
     confirmIndividualOrganizationOrder(input: IndividualOrganizationConfirmOrderInput): Promise<SubmitAndPollResult>;
+    /**
+     * Disables a hosted individual/family organization without releasing licenses.
+     *
+     * This follows the current explicit GW CORE `_disable` route rather than the
+     * future normalized `_batch + PATCH` target contract.
+     */
+    disableIndividualOrganization(ctx: RouteContext, input: IndividualOrganizationLifecycleInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Preferred public alias for hosted individual/family disable.
+     */
+    disableIndividual(ctx: RouteContext, input: IndividualOrganizationLifecycleInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Purges an inactive hosted individual/family organization.
+     *
+     * Purge preserves the record for traceability and releases/disassociates
+     * licenses only after the registration is already inactive.
+     */
+    purgeIndividualOrganization(ctx: RouteContext, input: IndividualOrganizationLifecycleInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Preferred public alias for hosted individual/family purge.
+     */
+    purgeIndividual(ctx: RouteContext, input: IndividualOrganizationLifecycleInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Placeholder for a future GW CORE member/caregiver lifecycle contract.
+     *
+     * Current GW CORE does not yet expose a stable lifecycle route for
+     * `RelatedPerson` / individual-member disable.
+     */
+    disableIndividualMember(_ctx: RouteContext, _input: IndividualMemberLifecycleInput, _pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Placeholder for a future GW CORE member/caregiver lifecycle contract.
+     *
+     * Current GW CORE does not yet expose a stable lifecycle route for
+     * `RelatedPerson` / individual-member purge.
+     */
+    purgeIndividualMember(_ctx: RouteContext, _input: IndividualMemberLifecycleInput, _pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
     /**
      * Creates and submits a consent-oriented access grant for a professional actor.
      */
@@ -187,8 +241,16 @@ export declare class HttpRuntimeClient implements NodeRuntimeClient {
     hostRegistryOrderPollPath(ctx?: HostRouteContext): string;
     employeeBatchPath(ctx?: RouteContext): string;
     employeePollPath(ctx?: RouteContext): string;
+    employeePurgePath(ctx?: RouteContext): string;
+    employeePurgePollPath(ctx?: RouteContext): string;
     individualFamilyOrganizationBatchPath(ctx?: RouteContext): string;
     individualFamilyOrganizationPollPath(ctx?: RouteContext): string;
+    individualFamilyOrganizationTransactionPath(ctx?: RouteContext): string;
+    individualFamilyOrganizationTransactionPollPath(ctx?: RouteContext): string;
+    individualFamilyOrganizationDisablePath(ctx?: RouteContext): string;
+    individualFamilyOrganizationDisablePollPath(ctx?: RouteContext): string;
+    individualFamilyOrganizationPurgePath(ctx?: RouteContext): string;
+    individualFamilyOrganizationPurgePollPath(ctx?: RouteContext): string;
     individualFamilyOrderBatchPath(ctx?: RouteContext): string;
     individualFamilyOrderPollPath(ctx?: RouteContext): string;
     individualRelatedPersonBatchPath(ctx?: RouteContext): string;

package/dist/node-runtime-client.js

@@ -1,15 +1,18 @@
 // Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+// Always create JSDoc, do not use strings inline in keys nor values, use types instead, and reuse the data test examples.
 import fs from 'node:fs';
 import path from 'node:path';
-import { buildAppHeaders, resolveAppInfo, } from 'gdc-sdk-core-ts';
+import { buildAppHeaders, createBootstrapFacade, resolveAppInfo, } from 'gdc-sdk-core-ts';
 import { buildConsentClaimsSimpleWithCid } from 'gdc-common-utils-ts/utils/consent';
 import { pollUntilCompleteWithMethod } from './async-polling.js';
 import { confirmLegalOrganizationOrderWithDeps } from './host-onboarding.js';
 import { confirmIndividualOrganizationOrderWithDeps, } from './individual-onboarding.js';
 import { requestSmartTokenWithDeps } from './smart-token.js';
 import { startIndividualOrganizationWithDeps } from './individual-start.js';
-import { createOrganizationEmployeeWithDeps, grantProfessionalAccessWithDeps, ingestCommunicationAndUpdateIndexWithDeps, searchClinicalBundleWithDeps, searchLatestIpsWithDeps, upsertRelatedPersonAndPollWithDeps, } from './resource-operations.js';
+import { createOrganizationEmployeeWithDeps, disableIndividualOrganizationWithDeps, disableOrganizationEmployeeWithDeps, grantProfessionalAccessWithDeps, ingestCommunicationAndUpdateIndexWithDeps, purgeIndividualOrganizationWithDeps, purgeOrganizationEmployeeWithDeps, searchClinicalBundleWithDeps, searchLatestIpsWithDeps, upsertRelatedPersonAndPollWithDeps, } from './resource-operations.js';
 import { submitAndPollWithMethods } from './orchestration/client-port.js';
+import { GwCoreLifecycleAction } from './constants/lifecycle.js';
+const bootstrapFacade = createBootstrapFacade();
 /**
  * Runtime-oriented HTTP client for Node backends, BFFs, and workers that need
  * to submit GDC gateway requests and poll asynchronous responses.
@@ -87,6 +90,13 @@ export class HttpRuntimeClient {
      */
     async activateOrganizationInGatewayFromIcaProof(hostCtx, input, pollOptions) {
         const thid = `activate-org-${runtimeUuid()}`;
+        const activationDraft = bootstrapFacade.createOrganizationActivationDraft({
+            vpToken: input.vpToken,
+            controller: input.controller,
+            service: input.service,
+            additionalClaims: input.additionalClaims,
+        });
+        const serviceClaims = activationDraft.buildServiceClaims();
         const payload = {
             thid,
             iss: String(hostCtx.controllerDid || '').trim() || undefined,
@@ -100,6 +110,7 @@ export class HttpRuntimeClient {
                         meta: {
                             claims: {
                                 '@context': 'org.schema',
+                                ...serviceClaims,
                                 ...(input.additionalClaims || {}),
                             },
                         },
@@ -107,6 +118,7 @@ export class HttpRuntimeClient {
                             meta: {
                                 claims: {
                                     '@context': 'org.schema',
+                                    ...serviceClaims,
                                     ...(input.additionalClaims || {}),
                                 },
                             },
@@ -140,6 +152,44 @@ export class HttpRuntimeClient {
             submitAndPoll: this.submitAndPoll.bind(this),
         });
     }
+    /**
+     * Disables an employee using the current GW CORE contract.
+     *
+     * Current live behavior still uses `Employee/_batch` with entry
+     * `request.method = DELETE`. This intentionally does not release licenses.
+     */
+    async disableOrganizationEmployee(ctx, input, pollOptions) {
+        return disableOrganizationEmployeeWithDeps(ctx, input, pollOptions, {
+            employeeBatchPath: this.employeeBatchPath.bind(this),
+            employeePollPath: this.employeePollPath.bind(this),
+            submitAndPoll: this.submitAndPoll.bind(this),
+        });
+    }
+    /**
+     * Preferred public alias for employee disable in the current SDK surface.
+     */
+    async disableEmployee(ctx, input, pollOptions) {
+        return this.disableOrganizationEmployee(ctx, input, pollOptions);
+    }
+    /**
+     * Purges an inactive employee using the current GW CORE explicit purge route.
+     *
+     * Purge preserves traceability and releases/disassociates licenses only after
+     * the employee is already inactive.
+     */
+    async purgeOrganizationEmployee(ctx, input, pollOptions) {
+        return purgeOrganizationEmployeeWithDeps(ctx, input, pollOptions, {
+            employeePurgePath: this.employeePurgePath.bind(this),
+            employeePurgePollPath: this.employeePurgePollPath.bind(this),
+            submitAndPoll: this.submitAndPoll.bind(this),
+        });
+    }
+    /**
+     * Preferred public alias for employee purge in the current SDK surface.
+     */
+    async purgeEmployee(ctx, input, pollOptions) {
+        return this.purgeOrganizationEmployee(ctx, input, pollOptions);
+    }
     /**
      * Starts the onboarding flow for an individual-oriented tenant or index.
      */
@@ -148,8 +198,8 @@ export class HttpRuntimeClient {
         return startIndividualOrganizationWithDeps({
             input,
             routeCtx,
-            individualFamilyOrganizationBatchPath: this.individualFamilyOrganizationBatchPath.bind(this),
-            individualFamilyOrganizationPollPath: this.individualFamilyOrganizationPollPath.bind(this),
+            individualFamilyOrganizationBatchPath: this.individualFamilyOrganizationTransactionPath.bind(this),
+            individualFamilyOrganizationPollPath: this.individualFamilyOrganizationTransactionPollPath.bind(this),
             submitAndPoll: this.submitAndPoll.bind(this),
             getOfferIdFromResponse: (result) => this.extractOfferId(result.poll.body),
             getOfferPreviewFromResponse: () => ({}),
@@ -168,6 +218,62 @@ export class HttpRuntimeClient {
             submitAndPoll: this.submitAndPoll.bind(this),
         });
     }
+    /**
+     * Disables a hosted individual/family organization without releasing licenses.
+     *
+     * This follows the current explicit GW CORE `_disable` route rather than the
+     * future normalized `_batch + PATCH` target contract.
+     */
+    async disableIndividualOrganization(ctx, input, pollOptions) {
+        return disableIndividualOrganizationWithDeps(ctx, input, pollOptions, {
+            individualOrganizationDisablePath: this.individualFamilyOrganizationDisablePath.bind(this),
+            individualOrganizationDisablePollPath: this.individualFamilyOrganizationDisablePollPath.bind(this),
+            submitAndPoll: this.submitAndPoll.bind(this),
+        });
+    }
+    /**
+     * Preferred public alias for hosted individual/family disable.
+     */
+    async disableIndividual(ctx, input, pollOptions) {
+        return this.disableIndividualOrganization(ctx, input, pollOptions);
+    }
+    /**
+     * Purges an inactive hosted individual/family organization.
+     *
+     * Purge preserves the record for traceability and releases/disassociates
+     * licenses only after the registration is already inactive.
+     */
+    async purgeIndividualOrganization(ctx, input, pollOptions) {
+        return purgeIndividualOrganizationWithDeps(ctx, input, pollOptions, {
+            individualOrganizationPurgePath: this.individualFamilyOrganizationPurgePath.bind(this),
+            individualOrganizationPurgePollPath: this.individualFamilyOrganizationPurgePollPath.bind(this),
+            submitAndPoll: this.submitAndPoll.bind(this),
+        });
+    }
+    /**
+     * Preferred public alias for hosted individual/family purge.
+     */
+    async purgeIndividual(ctx, input, pollOptions) {
+        return this.purgeIndividualOrganization(ctx, input, pollOptions);
+    }
+    /**
+     * Placeholder for a future GW CORE member/caregiver lifecycle contract.
+     *
+     * Current GW CORE does not yet expose a stable lifecycle route for
+     * `RelatedPerson` / individual-member disable.
+     */
+    async disableIndividualMember(_ctx, _input, _pollOptions) {
+        throw new Error('disableIndividualMember is not supported by the current GW CORE contract. TODO(gw-core-lifecycle-target-member-disable).');
+    }
+    /**
+     * Placeholder for a future GW CORE member/caregiver lifecycle contract.
+     *
+     * Current GW CORE does not yet expose a stable lifecycle route for
+     * `RelatedPerson` / individual-member purge.
+     */
+    async purgeIndividualMember(_ctx, _input, _pollOptions) {
+        throw new Error('purgeIndividualMember is not supported by the current GW CORE contract. TODO(gw-core-lifecycle-target-member-purge).');
+    }
     /**
      * Creates and submits a consent-oriented access grant for a professional actor.
      */
@@ -410,10 +516,18 @@ export class HttpRuntimeClient {
     hostRegistryOrganizationActivatePollPath(ctx) { return this.hostRegistryPath(ctx, 'Organization', '_activate-response'); }
     hostRegistryOrderBatchPath(ctx) { return this.hostRegistryPath(ctx, 'Order', '_batch'); }
     hostRegistryOrderPollPath(ctx) { return this.hostRegistryPath(ctx, 'Order', '_batch-response'); }
-    employeeBatchPath(ctx) { return this.v1Path(ctx, 'entity', 'org.schema', 'Employee', '_batch'); }
-    employeePollPath(ctx) { return this.v1Path(ctx, 'entity', 'org.schema', 'Employee', '_batch-response'); }
-    individualFamilyOrganizationBatchPath(ctx) { return this.v1Path(ctx, 'individual', 'org.schema', 'Organization', '_batch'); }
-    individualFamilyOrganizationPollPath(ctx) { return this.v1Path(ctx, 'individual', 'org.schema', 'Organization', '_batch-response'); }
+    employeeBatchPath(ctx) { return this.v1Path(ctx, 'entity', 'org.schema', 'Employee', GwCoreLifecycleAction.Batch); }
+    employeePollPath(ctx) { return this.v1Path(ctx, 'entity', 'org.schema', 'Employee', GwCoreLifecycleAction.BatchResponse); }
+    employeePurgePath(ctx) { return this.v1Path(ctx, 'entity', 'org.schema', 'Employee', GwCoreLifecycleAction.Purge); }
+    employeePurgePollPath(ctx) { return this.v1Path(ctx, 'entity', 'org.schema', 'Employee', `${GwCoreLifecycleAction.Purge}-response`); }
+    individualFamilyOrganizationBatchPath(ctx) { return this.v1Path(ctx, 'individual', 'org.schema', 'Organization', GwCoreLifecycleAction.Batch); }
+    individualFamilyOrganizationPollPath(ctx) { return this.v1Path(ctx, 'individual', 'org.schema', 'Organization', GwCoreLifecycleAction.BatchResponse); }
+    individualFamilyOrganizationTransactionPath(ctx) { return this.v1Path(ctx, 'individual', 'org.schema', 'Organization', GwCoreLifecycleAction.Transaction); }
+    individualFamilyOrganizationTransactionPollPath(ctx) { return this.v1Path(ctx, 'individual', 'org.schema', 'Organization', GwCoreLifecycleAction.TransactionResponse); }
+    individualFamilyOrganizationDisablePath(ctx) { return this.v1Path(ctx, 'individual', 'org.schema', 'Organization', GwCoreLifecycleAction.Disable); }
+    individualFamilyOrganizationDisablePollPath(ctx) { return this.v1Path(ctx, 'individual', 'org.schema', 'Organization', `${GwCoreLifecycleAction.Disable}-response`); }
+    individualFamilyOrganizationPurgePath(ctx) { return this.v1Path(ctx, 'individual', 'org.schema', 'Organization', GwCoreLifecycleAction.Purge); }
+    individualFamilyOrganizationPurgePollPath(ctx) { return this.v1Path(ctx, 'individual', 'org.schema', 'Organization', `${GwCoreLifecycleAction.Purge}-response`); }
     individualFamilyOrderBatchPath(ctx) { return this.v1Path(ctx, 'individual', 'org.schema', 'Order', '_batch'); }
     individualFamilyOrderPollPath(ctx) { return this.v1Path(ctx, 'individual', 'org.schema', 'Order', '_batch-response'); }
     individualRelatedPersonBatchPath(ctx) { return this.v1Path(ctx, 'individual', 'org.hl7.fhir.r4', 'RelatedPerson', '_batch'); }

package/dist/orchestration/capability-guard.d.ts

@@ -0,0 +1,9 @@
+import type { NodeCapability } from '../session.js';
+/**
+ * Enforces actor-session capabilities on facade methods when the facade was
+ * materialized from an `ActorSession`.
+ *
+ * Direct facade construction without explicit capabilities stays permissive for
+ * backward compatibility with existing integrations.
+ */
+export declare function assertFacadeCapability(capabilities: readonly NodeCapability[] | undefined, requiredCapability: NodeCapability, actorLabel: string, methodName: string): void;

package/dist/orchestration/capability-guard.js

@@ -0,0 +1,15 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+/**
+ * Enforces actor-session capabilities on facade methods when the facade was
+ * materialized from an `ActorSession`.
+ *
+ * Direct facade construction without explicit capabilities stays permissive for
+ * backward compatibility with existing integrations.
+ */
+export function assertFacadeCapability(capabilities, requiredCapability, actorLabel, methodName) {
+    if (!capabilities)
+        return;
+    if (capabilities.includes(requiredCapability))
+        return;
+    throw new Error(`${actorLabel}.${methodName} requires capability '${requiredCapability}'.`);
+}

package/dist/orchestration/client-port.d.ts

@@ -1,12 +1,24 @@
 import type { ControllerBindingInput } from 'gdc-common-utils-ts/models';
-import type { AsyncPollRequest, PollOptions, PollResult, SubmitAndPollResult, SubmitPayload, SubmitResponse } from 'gdc-sdk-core-ts';
+import type { AsyncPollRequest, OrganizationActivationServiceOptions, PollOptions, PollResult, SubmitAndPollResult, SubmitPayload, SubmitResponse } from 'gdc-sdk-core-ts';
 export type { AsyncPollRequest, PollOptions, PollResult, SubmitAndPollResult, SubmitPayload, SubmitResponse, } from 'gdc-sdk-core-ts';
 import type { EmployeeDeviceActivationResult, EmployeeDeviceActivationRequestInput } from '../device-activation.js';
 import type { HostRouteContext, LegalOrganizationOrderInput } from '../host-onboarding.js';
 import type { IndividualOrganizationConfirmOrderInput, RouteContext } from '../individual-onboarding.js';
 import type { IndividualOrganizationBootstrapInput, IndividualOrganizationStartResult } from '../individual-start.js';
 import type { SmartTokenExchangeResult, SmartTokenRequestInput } from '../smart-token.js';
-import type { CommunicationIngestionInput, ClinicalBundleSearchInput, DigitalTwinGenerationInput, GrantProfessionalAccessInput, GrantProfessionalAccessResult, IpsOrFhirImportInput, OrganizationEmployeeCreationInput, RelatedPersonUpsertInput } from '../resource-operations.js';
+import type { CommunicationIngestionInput, ClinicalBundleSearchInput, DigitalTwinGenerationInput, GrantProfessionalAccessInput, GrantProfessionalAccessResult, IndividualMemberLifecycleInput, IndividualOrganizationLifecycleInput, IpsOrFhirImportInput, OrganizationEmployeeCreationInput, OrganizationEmployeeLifecycleInput, RelatedPersonUpsertInput } from '../resource-operations.js';
+/**
+ * Shared node-runtime activation input.
+ *
+ * Keep this centralized in the node runtime until every consumer compiles
+ * against a published `gdc-sdk-core-ts` version that exports the same alias.
+ */
+export type NodeOrganizationActivationInput = {
+    vpToken: string;
+    controller?: ControllerBindingInput;
+    service?: OrganizationActivationServiceOptions;
+    additionalClaims?: Record<string, unknown>;
+};
 /**
  * Runtime-neutral actor/application client contract as exposed by the Node SDK.
  *
@@ -15,17 +27,23 @@ import type { CommunicationIngestionInput, ClinicalBundleSearchInput, DigitalTwi
  * converge across runtimes.
  */
 export type RuntimeClient = {
-    activateOrganizationInGatewayFromIcaProof?: (hostCtx: HostRouteContext, input: {
-        vpToken: string;
-        controller?: ControllerBindingInput;
-        additionalClaims?: Record<string, unknown>;
-    }, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
+    activateOrganizationInGatewayFromIcaProof?: (hostCtx: HostRouteContext, input: NodeOrganizationActivationInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
     confirmLegalOrganizationOrder?: (hostCtx: HostRouteContext, input: LegalOrganizationOrderInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
     createOrganizationEmployee?: (ctx: RouteContext, input: OrganizationEmployeeCreationInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
+    disableEmployee?: (ctx: RouteContext, input: OrganizationEmployeeLifecycleInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
+    purgeEmployee?: (ctx: RouteContext, input: OrganizationEmployeeLifecycleInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
+    disableOrganizationEmployee?: (ctx: RouteContext, input: OrganizationEmployeeLifecycleInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
+    purgeOrganizationEmployee?: (ctx: RouteContext, input: OrganizationEmployeeLifecycleInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
     activateEmployeeDeviceWithActivationRequest?: (input: EmployeeDeviceActivationRequestInput) => Promise<EmployeeDeviceActivationResult>;
     requestSmartToken?: (input: SmartTokenRequestInput) => Promise<SmartTokenExchangeResult>;
     startIndividualOrganization?: (input: IndividualOrganizationBootstrapInput) => Promise<IndividualOrganizationStartResult>;
     confirmIndividualOrganizationOrder?: (input: IndividualOrganizationConfirmOrderInput) => Promise<SubmitAndPollResult>;
+    disableIndividual?: (ctx: RouteContext, input: IndividualOrganizationLifecycleInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
+    purgeIndividual?: (ctx: RouteContext, input: IndividualOrganizationLifecycleInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
+    disableIndividualMember?: (ctx: RouteContext, input: IndividualMemberLifecycleInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
+    purgeIndividualMember?: (ctx: RouteContext, input: IndividualMemberLifecycleInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
+    disableIndividualOrganization?: (ctx: RouteContext, input: IndividualOrganizationLifecycleInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
+    purgeIndividualOrganization?: (ctx: RouteContext, input: IndividualOrganizationLifecycleInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
     ingestCommunicationAndUpdateIndex?: (ctx: RouteContext, input: CommunicationIngestionInput) => Promise<SubmitAndPollResult>;
     grantProfessionalAccess?: (ctx: RouteContext, input: GrantProfessionalAccessInput) => Promise<GrantProfessionalAccessResult>;
     bootstrapIndividualOrganization?: (input: IndividualOrganizationBootstrapInput) => Promise<IndividualOrganizationStartResult>;

package/dist/orchestration/host-onboarding-sdk.d.ts

@@ -1,14 +1,13 @@
-import type { ControllerBindingInput } from 'gdc-common-utils-ts/models';
-import { type NodeRuntimeClient, type PollOptions, type SubmitAndPollResult, type SubmitPayload } from './client-port.js';
+import { type NodeOrganizationActivationInput, type NodeRuntimeClient, type PollOptions, type SubmitAndPollResult, type SubmitPayload } from './client-port.js';
 import type { HostRouteContext, LegalOrganizationOrderInput } from '../host-onboarding.js';
 export declare class HostOnboardingSdk {
     private readonly client;
     constructor(client: NodeRuntimeClient);
-    activateOrganizationInGatewayFromIcaProof(hostCtx: HostRouteContext, input: {
-        vpToken: string;
-        controller?: ControllerBindingInput;
-        additionalClaims?: Record<string, unknown>;
-    }, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Submits the legal organization activation proof and required declared
+     * service capabilities to GW CORE.
+     */
+    activateOrganizationInGatewayFromIcaProof(hostCtx: HostRouteContext, input: NodeOrganizationActivationInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
     confirmLegalOrganizationOrder(hostCtx: HostRouteContext, input: LegalOrganizationOrderInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
     submitAndPoll(submitPath: string, pollPath: string, payload: SubmitPayload, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
 }

package/dist/orchestration/host-onboarding-sdk.js

@@ -1,8 +1,14 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+// Always create JSDoc, do not use strings inline in keys nor values, use types instead, and reuse the data test examples.
 import { requireClientMethod, submitAndPollWithClient, } from './client-port.js';
 export class HostOnboardingSdk {
     constructor(client) {
         this.client = client;
     }
+    /**
+     * Submits the legal organization activation proof and required declared
+     * service capabilities to GW CORE.
+     */
     activateOrganizationInGatewayFromIcaProof(hostCtx, input, pollOptions) {
         return requireClientMethod(this.client, 'activateOrganizationInGatewayFromIcaProof')(hostCtx, input, pollOptions);
     }

package/dist/orchestration/individual-controller-sdk.d.ts

@@ -1,7 +1,8 @@
 import { type NodeRuntimeClient, type PollOptions, type SubmitAndPollResult, type SubmitPayload } from './client-port.js';
 import type { IndividualOrganizationConfirmOrderInput, RouteContext } from '../individual-onboarding.js';
 import type { IndividualOrganizationBootstrapInput, IndividualOrganizationStartResult } from '../individual-start.js';
-import type { CommunicationIngestionInput, DigitalTwinGenerationInput, GrantProfessionalAccessInput, GrantProfessionalAccessResult, IpsOrFhirImportInput, RelatedPersonUpsertInput } from '../resource-operations.js';
+import type { NodeCapability } from '../session.js';
+import type { CommunicationIngestionInput, DigitalTwinGenerationInput, GrantProfessionalAccessInput, GrantProfessionalAccessResult, IndividualMemberLifecycleInput, IndividualOrganizationLifecycleInput, IpsOrFhirImportInput, RelatedPersonUpsertInput } from '../resource-operations.js';
 import type { SmartTokenExchangeResult, SmartTokenRequestInput } from '../smart-token.js';
 /**
  * Individual-controller oriented facade over a `NodeRuntimeClient`.
@@ -11,10 +12,11 @@ import type { SmartTokenExchangeResult, SmartTokenRequestInput } from '../smart-
  */
 export declare class IndividualControllerSdk {
     private readonly client;
+    private readonly capabilities?;
     /**
      * @param client Runtime client implementation used to submit and poll GW flows.
      */
-    constructor(client: NodeRuntimeClient);
+    constructor(client: NodeRuntimeClient, capabilities?: readonly NodeCapability[] | undefined);
     /**
      * Starts the individual onboarding/bootstrap flow.
      */
@@ -23,6 +25,36 @@ export declare class IndividualControllerSdk {
      * Confirms the order returned by `startIndividualOrganization(...)`.
      */
     confirmIndividualOrganizationOrder(input: IndividualOrganizationConfirmOrderInput): Promise<SubmitAndPollResult>;
+    /**
+     * Disables the hosted individual/family organization without freeing licenses.
+     */
+    disableIndividualOrganization(ctx: RouteContext, input: IndividualOrganizationLifecycleInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Preferred public alias for hosted individual/family disable.
+     */
+    disableIndividual(ctx: RouteContext, input: IndividualOrganizationLifecycleInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Purges an already inactive hosted individual/family organization.
+     */
+    purgeIndividualOrganization(ctx: RouteContext, input: IndividualOrganizationLifecycleInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Preferred public alias for hosted individual/family purge.
+     */
+    purgeIndividual(ctx: RouteContext, input: IndividualOrganizationLifecycleInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Controller-only placeholder for a future individual-member lifecycle flow.
+     *
+     * Current GW CORE still lacks the stable member disable route. The runtime
+     * client currently throws a not-supported error by design.
+     */
+    disableIndividualMember(ctx: RouteContext, input: IndividualMemberLifecycleInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Controller-only placeholder for a future individual-member lifecycle flow.
+     *
+     * Current GW CORE still lacks the stable member purge route. The runtime
+     * client currently throws a not-supported error by design.
+     */
+    purgeIndividualMember(ctx: RouteContext, input: IndividualMemberLifecycleInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
     /**
      * Grants access to a professional through a consent flow.
      */

package/dist/orchestration/individual-controller-sdk.js

@@ -1,5 +1,7 @@
 // Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+import { ActorCapabilities, ActorKinds } from 'gdc-common-utils-ts/constants/actor-session';
 import { requireClientMethod, submitAndPollWithClient, } from './client-port.js';
+import { assertFacadeCapability } from './capability-guard.js';
 /**
  * Individual-controller oriented facade over a `NodeRuntimeClient`.
  *
@@ -10,13 +12,15 @@ export class IndividualControllerSdk {
     /**
      * @param client Runtime client implementation used to submit and poll GW flows.
      */
-    constructor(client) {
+    constructor(client, capabilities) {
         this.client = client;
+        this.capabilities = capabilities;
     }
     /**
      * Starts the individual onboarding/bootstrap flow.
      */
     startIndividualOrganization(input) {
+        assertFacadeCapability(this.capabilities, ActorCapabilities.IndividualBootstrap, ActorKinds.IndividualController, 'startIndividualOrganization');
         return requireClientMethod(this.client, 'startIndividualOrganization')(input);
     }
     /**
@@ -25,6 +29,54 @@ export class IndividualControllerSdk {
     confirmIndividualOrganizationOrder(input) {
         return requireClientMethod(this.client, 'confirmIndividualOrganizationOrder')(input);
     }
+    /**
+     * Disables the hosted individual/family organization without freeing licenses.
+     */
+    disableIndividualOrganization(ctx, input, pollOptions) {
+        assertFacadeCapability(this.capabilities, ActorCapabilities.IndividualDisable, ActorKinds.IndividualController, 'disableIndividualOrganization');
+        return requireClientMethod(this.client, 'disableIndividualOrganization')(ctx, input, pollOptions);
+    }
+    /**
+     * Preferred public alias for hosted individual/family disable.
+     */
+    disableIndividual(ctx, input, pollOptions) {
+        assertFacadeCapability(this.capabilities, ActorCapabilities.IndividualDisable, ActorKinds.IndividualController, 'disableIndividual');
+        return requireClientMethod(this.client, 'disableIndividual')(ctx, input, pollOptions);
+    }
+    /**
+     * Purges an already inactive hosted individual/family organization.
+     */
+    purgeIndividualOrganization(ctx, input, pollOptions) {
+        assertFacadeCapability(this.capabilities, ActorCapabilities.IndividualPurge, ActorKinds.IndividualController, 'purgeIndividualOrganization');
+        return requireClientMethod(this.client, 'purgeIndividualOrganization')(ctx, input, pollOptions);
+    }
+    /**
+     * Preferred public alias for hosted individual/family purge.
+     */
+    purgeIndividual(ctx, input, pollOptions) {
+        assertFacadeCapability(this.capabilities, ActorCapabilities.IndividualPurge, ActorKinds.IndividualController, 'purgeIndividual');
+        return requireClientMethod(this.client, 'purgeIndividual')(ctx, input, pollOptions);
+    }
+    /**
+     * Controller-only placeholder for a future individual-member lifecycle flow.
+     *
+     * Current GW CORE still lacks the stable member disable route. The runtime
+     * client currently throws a not-supported error by design.
+     */
+    disableIndividualMember(ctx, input, pollOptions) {
+        assertFacadeCapability(this.capabilities, ActorCapabilities.IndividualMemberDisable, ActorKinds.IndividualController, 'disableIndividualMember');
+        return requireClientMethod(this.client, 'disableIndividualMember')(ctx, input, pollOptions);
+    }
+    /**
+     * Controller-only placeholder for a future individual-member lifecycle flow.
+     *
+     * Current GW CORE still lacks the stable member purge route. The runtime
+     * client currently throws a not-supported error by design.
+     */
+    purgeIndividualMember(ctx, input, pollOptions) {
+        assertFacadeCapability(this.capabilities, ActorCapabilities.IndividualMemberPurge, ActorKinds.IndividualController, 'purgeIndividualMember');
+        return requireClientMethod(this.client, 'purgeIndividualMember')(ctx, input, pollOptions);
+    }
     /**
      * Grants access to a professional through a consent flow.
      */

package/dist/orchestration/individual-member-sdk.d.ts

@@ -8,7 +8,7 @@ export declare class IndividualMemberSdk {
     /**
      * Creates or updates the member/caregiver `RelatedPerson` relationship to the subject.
      */
-    upsertRelatedPersonAndPoll(ctx: RouteContext, input: RelatedPersonUpsertInput): Promise<import("gdc-sdk-core-ts/dist/polling-model.js").SubmitAndPollResult>;
+    upsertRelatedPersonAndPoll(ctx: RouteContext, input: RelatedPersonUpsertInput): Promise<import("gdc-sdk-core-ts/polling-model.js").SubmitAndPollResult>;
     /**
      * Requests a SMART token for a non-employee actor such as a `RelatedPerson`
      * caregiver, guardian, or family member.

package/dist/orchestration/organization-controller-sdk.d.ts

@@ -2,7 +2,8 @@ import { type NodeRuntimeClient, type PollOptions, type SubmitAndPollResult, typ
 import type { RouteContext } from '../individual-onboarding.js';
 import type { EmployeeDeviceActivationResult, EmployeeDeviceActivationRequestInput } from '../device-activation.js';
 import type { SmartTokenExchangeResult, SmartTokenRequestInput } from '../smart-token.js';
-import type { CommunicationIngestionInput, GrantProfessionalAccessInput, GrantProfessionalAccessResult, OrganizationEmployeeCreationInput } from '../resource-operations.js';
+import type { NodeCapability } from '../session.js';
+import type { CommunicationIngestionInput, GrantProfessionalAccessInput, GrantProfessionalAccessResult, OrganizationEmployeeCreationInput, OrganizationEmployeeLifecycleInput } from '../resource-operations.js';
 /**
  * Organization-controller oriented facade over a `NodeRuntimeClient`.
  *
@@ -11,14 +12,31 @@ import type { CommunicationIngestionInput, GrantProfessionalAccessInput, GrantPr
  */
 export declare class OrganizationControllerSdk {
     private readonly client;
+    private readonly capabilities?;
     /**
      * @param client Runtime client implementation used to submit and poll GW flows.
      */
-    constructor(client: NodeRuntimeClient);
+    constructor(client: NodeRuntimeClient, capabilities?: readonly NodeCapability[] | undefined);
     /**
      * Creates an employee/professional under the current organization tenant.
      */
     createOrganizationEmployee(ctx: RouteContext, input: OrganizationEmployeeCreationInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Disables an employee using the current GW CORE lifecycle contract.
+     */
+    disableOrganizationEmployee(ctx: RouteContext, input: OrganizationEmployeeLifecycleInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Preferred public alias for employee disable.
+     */
+    disableEmployee(ctx: RouteContext, input: OrganizationEmployeeLifecycleInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Purges an already inactive employee and frees the associated license seat.
+     */
+    purgeOrganizationEmployee(ctx: RouteContext, input: OrganizationEmployeeLifecycleInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    /**
+     * Preferred public alias for employee purge.
+     */
+    purgeEmployee(ctx: RouteContext, input: OrganizationEmployeeLifecycleInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
     /**
      * Activates the employee device from a previously issued activation request.
      */

package/dist/orchestration/organization-controller-sdk.js

@@ -1,5 +1,7 @@
 // Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+import { ActorCapabilities, ActorKinds } from 'gdc-common-utils-ts/constants/actor-session';
 import { requireClientMethod, submitAndPollWithClient, } from './client-port.js';
+import { assertFacadeCapability } from './capability-guard.js';
 /**
  * Organization-controller oriented facade over a `NodeRuntimeClient`.
  *
@@ -10,15 +12,45 @@ export class OrganizationControllerSdk {
     /**
      * @param client Runtime client implementation used to submit and poll GW flows.
      */
-    constructor(client) {
+    constructor(client, capabilities) {
         this.client = client;
+        this.capabilities = capabilities;
     }
     /**
      * Creates an employee/professional under the current organization tenant.
      */
     createOrganizationEmployee(ctx, input, pollOptions) {
+        assertFacadeCapability(this.capabilities, ActorCapabilities.OrganizationCreateEmployee, ActorKinds.OrganizationController, 'createOrganizationEmployee');
         return requireClientMethod(this.client, 'createOrganizationEmployee')(ctx, input, pollOptions);
     }
+    /**
+     * Disables an employee using the current GW CORE lifecycle contract.
+     */
+    disableOrganizationEmployee(ctx, input, pollOptions) {
+        assertFacadeCapability(this.capabilities, ActorCapabilities.OrganizationDisableEmployee, ActorKinds.OrganizationController, 'disableOrganizationEmployee');
+        return requireClientMethod(this.client, 'disableOrganizationEmployee')(ctx, input, pollOptions);
+    }
+    /**
+     * Preferred public alias for employee disable.
+     */
+    disableEmployee(ctx, input, pollOptions) {
+        assertFacadeCapability(this.capabilities, ActorCapabilities.OrganizationDisableEmployee, ActorKinds.OrganizationController, 'disableEmployee');
+        return requireClientMethod(this.client, 'disableEmployee')(ctx, input, pollOptions);
+    }
+    /**
+     * Purges an already inactive employee and frees the associated license seat.
+     */
+    purgeOrganizationEmployee(ctx, input, pollOptions) {
+        assertFacadeCapability(this.capabilities, ActorCapabilities.OrganizationPurgeEmployee, ActorKinds.OrganizationController, 'purgeOrganizationEmployee');
+        return requireClientMethod(this.client, 'purgeOrganizationEmployee')(ctx, input, pollOptions);
+    }
+    /**
+     * Preferred public alias for employee purge.
+     */
+    purgeEmployee(ctx, input, pollOptions) {
+        assertFacadeCapability(this.capabilities, ActorCapabilities.OrganizationPurgeEmployee, ActorKinds.OrganizationController, 'purgeEmployee');
+        return requireClientMethod(this.client, 'purgeEmployee')(ctx, input, pollOptions);
+    }
     /**
      * Activates the employee device from a previously issued activation request.
      */

package/dist/orchestration/professional-sdk.d.ts

@@ -1,5 +1,4 @@
-import type { ControllerBindingInput } from 'gdc-common-utils-ts/models';
-import { type NodeRuntimeClient, type PollOptions, type SubmitAndPollResult, type SubmitPayload } from './client-port.js';
+import { type NodeOrganizationActivationInput, type NodeRuntimeClient, type PollOptions, type SubmitAndPollResult, type SubmitPayload } from './client-port.js';
 import type { HostRouteContext } from '../host-onboarding.js';
 import type { RouteContext } from '../individual-onboarding.js';
 import type { EmployeeDeviceActivationResult, EmployeeDeviceActivationRequestInput } from '../device-activation.js';
@@ -16,13 +15,11 @@ export declare class ProfessionalSdk {
      */
     constructor(client: NodeRuntimeClient);
     /**
-     * Activates the legal organization in the gateway from an ICA-issued proof token.
+     * Activates the legal organization in the gateway from an ICA-issued proof
+     * token and the declared service capabilities that will be published through
+     * DID/DCAT discovery.
      */
-    activateOrganizationInGatewayFromIcaProof(hostCtx: HostRouteContext, input: {
-        vpToken: string;
-        controller?: ControllerBindingInput;
-        additionalClaims?: Record<string, unknown>;
-    }, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
+    activateOrganizationInGatewayFromIcaProof(hostCtx: HostRouteContext, input: NodeOrganizationActivationInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
     /**
      * Creates an employee/professional under the current organization tenant.
      */

package/dist/orchestration/professional-sdk.js

@@ -1,3 +1,5 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+// Always create JSDoc, do not use strings inline in keys nor values, use types instead, and reuse the data test examples.
 import { requireClientMethod, submitAndPollWithClient, } from './client-port.js';
 /**
  * Professional-oriented facade combining host onboarding, employee bootstrap,
@@ -11,7 +13,9 @@ export class ProfessionalSdk {
         this.client = client;
     }
     /**
-     * Activates the legal organization in the gateway from an ICA-issued proof token.
+     * Activates the legal organization in the gateway from an ICA-issued proof
+     * token and the declared service capabilities that will be published through
+     * DID/DCAT discovery.
      */
     activateOrganizationInGatewayFromIcaProof(hostCtx, input, pollOptions) {
         return requireClientMethod(this.client, 'activateOrganizationInGatewayFromIcaProof')(hostCtx, input, pollOptions);

package/dist/resource-operations.d.ts

@@ -22,6 +22,62 @@ export type OrganizationEmployeeCreationInput = {
     employeeClaims: Record<string, unknown>;
     dataType?: string;
 };
+/**
+ * Current GW CORE employee lifecycle locator payload.
+ *
+ * Current backend behavior:
+ * - disable is still `Employee/_batch` with entry `request.method = DELETE`
+ * - purge is `Employee/_purge` with entry `request.method = POST`
+ *
+ * This SDK intentionally models the deployed GW CORE contract. It does not
+ * synthesize the future normalized `_batch + PATCH` contract ahead of the backend.
+ */
+export type OrganizationEmployeeLifecycleInput = {
+    /**
+     * Canonical employee/person claims used by GW CORE to locate the employee.
+     */
+    employeeClaims: Record<string, unknown>;
+    /**
+     * Optional canonical resource id when already known by the caller.
+     */
+    resourceId?: string;
+    dataType?: string;
+};
+/**
+ * Current GW CORE individual/family lifecycle locator payload.
+ *
+ * Current backend behavior:
+ * - disable is `individual/org.schema/Organization/_disable`
+ * - purge is `individual/org.schema/Organization/_purge`
+ */
+export type IndividualOrganizationLifecycleInput = {
+    /**
+     * Canonical claims used by GW CORE to locate the hosted individual/family
+     * registration.
+     */
+    organizationClaims: Record<string, unknown>;
+    /**
+     * Optional canonical resource id when already known by the caller.
+     */
+    resourceId?: string;
+    dataType?: string;
+};
+/**
+ * Forward-looking locator payload for a future individual-member lifecycle contract.
+ *
+ * Current GW CORE does not yet expose a stable lifecycle contract for
+ * `RelatedPerson` / individual-member records. The Node SDK keeps this type so
+ * controller-only methods and TDD can be prepared without fabricating backend behavior.
+ */
+export type IndividualMemberLifecycleInput = {
+    /**
+     * Canonical claims expected to locate the member/caregiver relationship once
+     * GW CORE exposes the lifecycle contract.
+     */
+    memberClaims: Record<string, unknown>;
+    resourceId?: string;
+    dataType?: string;
+};
 export type IpsOrFhirImportInput = {
     compositionPayload: {
         thid?: string;
@@ -147,6 +203,58 @@ export declare function createOrganizationEmployeeWithDeps(routeCtx: RouteContex
         intervalMs?: number;
     }) => Promise<SubmitAndPollResult>;
 }): Promise<SubmitAndPollResult>;
+export declare function disableOrganizationEmployeeWithDeps(routeCtx: RouteContext, input: OrganizationEmployeeLifecycleInput, options: {
+    timeoutMs?: number;
+    intervalMs?: number;
+} | undefined, deps: {
+    employeeBatchPath: (ctx: RouteContext) => string;
+    employeePollPath: (ctx: RouteContext) => string;
+    submitAndPoll: (submitPath: string, pollPath: string, payload: {
+        thid?: string;
+    } & Record<string, unknown>, pollOptions?: {
+        timeoutMs?: number;
+        intervalMs?: number;
+    }) => Promise<SubmitAndPollResult>;
+}): Promise<SubmitAndPollResult>;
+export declare function purgeOrganizationEmployeeWithDeps(routeCtx: RouteContext, input: OrganizationEmployeeLifecycleInput, options: {
+    timeoutMs?: number;
+    intervalMs?: number;
+} | undefined, deps: {
+    employeePurgePath: (ctx: RouteContext) => string;
+    employeePurgePollPath: (ctx: RouteContext) => string;
+    submitAndPoll: (submitPath: string, pollPath: string, payload: {
+        thid?: string;
+    } & Record<string, unknown>, pollOptions?: {
+        timeoutMs?: number;
+        intervalMs?: number;
+    }) => Promise<SubmitAndPollResult>;
+}): Promise<SubmitAndPollResult>;
+export declare function disableIndividualOrganizationWithDeps(routeCtx: RouteContext, input: IndividualOrganizationLifecycleInput, options: {
+    timeoutMs?: number;
+    intervalMs?: number;
+} | undefined, deps: {
+    individualOrganizationDisablePath: (ctx: RouteContext) => string;
+    individualOrganizationDisablePollPath: (ctx: RouteContext) => string;
+    submitAndPoll: (submitPath: string, pollPath: string, payload: {
+        thid?: string;
+    } & Record<string, unknown>, pollOptions?: {
+        timeoutMs?: number;
+        intervalMs?: number;
+    }) => Promise<SubmitAndPollResult>;
+}): Promise<SubmitAndPollResult>;
+export declare function purgeIndividualOrganizationWithDeps(routeCtx: RouteContext, input: IndividualOrganizationLifecycleInput, options: {
+    timeoutMs?: number;
+    intervalMs?: number;
+} | undefined, deps: {
+    individualOrganizationPurgePath: (ctx: RouteContext) => string;
+    individualOrganizationPurgePollPath: (ctx: RouteContext) => string;
+    submitAndPoll: (submitPath: string, pollPath: string, payload: {
+        thid?: string;
+    } & Record<string, unknown>, pollOptions?: {
+        timeoutMs?: number;
+        intervalMs?: number;
+    }) => Promise<SubmitAndPollResult>;
+}): Promise<SubmitAndPollResult>;
 export declare function importIpsOrFhirAndUpdateIndexWithDeps(routeCtx: RouteContext, input: IpsOrFhirImportInput, deps: {
     individualCompositionR4BatchPath: (ctx: RouteContext) => string;
     individualCompositionR4PollPath: (ctx: RouteContext) => string;

package/dist/resource-operations.js

@@ -1,23 +1,64 @@
 // Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
 import { HealthcareBasicSections } from 'gdc-common-utils-ts/constants';
+import { GwCoreLifecycleRequestMethod, GwCoreLifecycleRequestType, GwCoreLifecycleTodo, } from './constants/lifecycle.js';
 export async function createOrganizationEmployeeWithDeps(routeCtx, input, options, deps) {
-    const payload = {
-        jti: `jti-${createRuntimeUuid()}`,
-        iss: routeCtx.tenantId,
-        aud: routeCtx.tenantId,
-        type: 'application/didcomm-plain+json',
-        thid: `employee-${createRuntimeUuid()}`,
-        body: {
-            data: [{
-                    type: input.dataType || 'Employee-create-request-v1.0',
-                    request: { method: 'POST' },
-                    meta: { claims: input.employeeClaims || {} },
-                    resource: { meta: { claims: input.employeeClaims || {} } },
-                }],
-        },
-    };
+    const payload = buildEmployeeLifecyclePayload({
+        routeCtx,
+        requestType: input.dataType || GwCoreLifecycleRequestType.EmployeeCreate,
+        requestMethod: GwCoreLifecycleRequestMethod.Post,
+        employeeClaims: input.employeeClaims,
+        thidPrefix: 'employee',
+    });
     return deps.submitAndPoll(deps.employeeBatchPath(routeCtx), deps.employeePollPath(routeCtx), payload, options);
 }
+export async function disableOrganizationEmployeeWithDeps(routeCtx, input, options, deps) {
+    // TODO(gw-core-lifecycle-target-patch-employee-disable): switch this
+    // legacy DELETE-in-_batch flow to `_batch + PATCH` when GW CORE deploys it.
+    void GwCoreLifecycleTodo.EmployeeDisablePatchMigration;
+    const payload = buildEmployeeLifecyclePayload({
+        routeCtx,
+        requestType: input.dataType || GwCoreLifecycleRequestType.EmployeeDisable,
+        requestMethod: GwCoreLifecycleRequestMethod.Delete,
+        employeeClaims: input.employeeClaims,
+        resourceId: input.resourceId,
+        thidPrefix: 'employee-disable',
+    });
+    return deps.submitAndPoll(deps.employeeBatchPath(routeCtx), deps.employeePollPath(routeCtx), payload, options);
+}
+export async function purgeOrganizationEmployeeWithDeps(routeCtx, input, options, deps) {
+    const payload = buildEmployeeLifecyclePayload({
+        routeCtx,
+        requestType: input.dataType || GwCoreLifecycleRequestType.EmployeePurge,
+        requestMethod: GwCoreLifecycleRequestMethod.Post,
+        employeeClaims: input.employeeClaims,
+        resourceId: input.resourceId,
+        thidPrefix: 'employee-purge',
+    });
+    return deps.submitAndPoll(deps.employeePurgePath(routeCtx), deps.employeePurgePollPath(routeCtx), payload, options);
+}
+export async function disableIndividualOrganizationWithDeps(routeCtx, input, options, deps) {
+    // TODO(gw-core-lifecycle-target-patch-individual-disable): migrate from
+    // explicit `_disable` to `_batch + PATCH` only after GW CORE supports it.
+    void GwCoreLifecycleTodo.IndividualDisablePatchMigration;
+    const payload = buildIndividualOrganizationLifecyclePayload({
+        routeCtx,
+        requestType: input.dataType || GwCoreLifecycleRequestType.IndividualOrganizationDisable,
+        organizationClaims: input.organizationClaims,
+        resourceId: input.resourceId,
+        thidPrefix: 'individual-organization-disable',
+    });
+    return deps.submitAndPoll(deps.individualOrganizationDisablePath(routeCtx), deps.individualOrganizationDisablePollPath(routeCtx), payload, options);
+}
+export async function purgeIndividualOrganizationWithDeps(routeCtx, input, options, deps) {
+    const payload = buildIndividualOrganizationLifecyclePayload({
+        routeCtx,
+        requestType: input.dataType || GwCoreLifecycleRequestType.IndividualOrganizationPurge,
+        organizationClaims: input.organizationClaims,
+        resourceId: input.resourceId,
+        thidPrefix: 'individual-organization-purge',
+    });
+    return deps.submitAndPoll(deps.individualOrganizationPurgePath(routeCtx), deps.individualOrganizationPurgePollPath(routeCtx), payload, options);
+}
 export async function importIpsOrFhirAndUpdateIndexWithDeps(routeCtx, input, deps) {
     const payload = {
         thid: input.compositionPayload.thid || `composition-${createRuntimeUuid()}`,
@@ -136,6 +177,48 @@ function createRuntimeUuid() {
     }
     return `fallback-${Date.now()}-${Math.random().toString(16).slice(2)}`;
 }
+function buildEmployeeLifecyclePayload(input) {
+    const claims = input.employeeClaims || {};
+    return {
+        jti: `jti-${createRuntimeUuid()}`,
+        iss: input.routeCtx.tenantId,
+        aud: input.routeCtx.tenantId,
+        type: 'application/didcomm-plain+json',
+        thid: `${input.thidPrefix}-${createRuntimeUuid()}`,
+        body: {
+            data: [{
+                    type: input.requestType,
+                    request: { method: input.requestMethod },
+                    meta: { claims },
+                    resource: {
+                        ...(input.resourceId ? { id: input.resourceId } : {}),
+                        meta: { claims },
+                    },
+                }],
+        },
+    };
+}
+function buildIndividualOrganizationLifecyclePayload(input) {
+    const claims = input.organizationClaims || {};
+    return {
+        jti: `jti-${createRuntimeUuid()}`,
+        iss: input.routeCtx.tenantId,
+        aud: input.routeCtx.tenantId,
+        type: 'application/didcomm-plain+json',
+        thid: `${input.thidPrefix}-${createRuntimeUuid()}`,
+        body: {
+            data: [{
+                    type: input.requestType,
+                    request: { method: GwCoreLifecycleRequestMethod.Post },
+                    meta: { claims },
+                    resource: {
+                        ...(input.resourceId ? { id: input.resourceId } : {}),
+                        meta: { claims },
+                    },
+                }],
+        },
+    };
+}
 function buildBundleSearchQuery(input) {
     const params = new URLSearchParams();
     params.set('subject', input.subject);

package/dist/session.d.ts

@@ -1,4 +1,4 @@
-import type { ActorKind, Capability } from 'gdc-sdk-core-ts';
+import type { ActorKind, Capability } from 'gdc-common-utils-ts/models/actor-session';
 import { HostOnboardingSdk } from './orchestration/host-onboarding-sdk.js';
 import { IndividualControllerSdk } from './orchestration/individual-controller-sdk.js';
 import { IndividualMemberSdk } from './orchestration/individual-member-sdk.js';
@@ -6,7 +6,7 @@ import { OrganizationControllerSdk } from './orchestration/organization-controll
 import { OrganizationEmployeeSdk } from './orchestration/organization-employee-sdk.js';
 import { ProfessionalSdk } from './orchestration/professional-sdk.js';
 import type { RuntimeClient } from './orchestration/client-port.js';
-export type NodeCapability = Capability | 'host.activate_organization' | 'host.confirm_order' | 'organization.activate_device' | 'individual.ingest_communication' | 'individual.upsert_related_person' | 'token.request_smart';
+export type NodeCapability = Capability;
 export type NodeActorSessionContext = {
     actorKind: ActorKind;
     actorDid?: string;

package/dist/session.js

@@ -1,4 +1,5 @@
 // Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+import { ActorKinds } from 'gdc-common-utils-ts/constants/actor-session';
 import { HostOnboardingSdk } from './orchestration/host-onboarding-sdk.js';
 import { IndividualControllerSdk } from './orchestration/individual-controller-sdk.js';
 import { IndividualMemberSdk } from './orchestration/individual-member-sdk.js';
@@ -28,27 +29,27 @@ export class ActorSession {
         }
     }
     asHostOnboarding() {
-        this.assertActorKind('host_onboarding');
+        this.assertActorKind(ActorKinds.HostOnboarding);
         return new HostOnboardingSdk(this.requireClient());
     }
     asOrganizationController() {
-        this.assertActorKind('organization_controller');
-        return new OrganizationControllerSdk(this.requireClient());
+        this.assertActorKind(ActorKinds.OrganizationController);
+        return new OrganizationControllerSdk(this.requireClient(), this.capabilities);
     }
     asOrganizationEmployee() {
-        this.assertActorKind('organization_employee');
+        this.assertActorKind(ActorKinds.OrganizationEmployee);
         return new OrganizationEmployeeSdk(this.requireClient());
     }
     asIndividualController() {
-        this.assertActorKind('individual_controller');
-        return new IndividualControllerSdk(this.requireClient());
+        this.assertActorKind(ActorKinds.IndividualController);
+        return new IndividualControllerSdk(this.requireClient(), this.capabilities);
     }
     asIndividualMember() {
-        this.assertActorKind('individual_member');
+        this.assertActorKind(ActorKinds.IndividualMember);
         return new IndividualMemberSdk(this.requireClient());
     }
     asProfessional() {
-        this.assertActorKind('professional');
+        this.assertActorKind(ActorKinds.Professional);
         return new ProfessionalSdk(this.requireClient());
     }
     requireClient() {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gdc-sdk-node-ts",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "description": "Next-generation Node runtime package for the GDC SDK family",
   "license": "Apache-2.0",
   "author": "Antifraud Services Inc.",
@@ -17,8 +17,8 @@
     "test:e2e:live-gw": "npm run build && RUN_LIVE_GW_E2E=1 node --test tests/live-gw-node-runtime.e2e.test.mjs"
   },
   "dependencies": {
-    "gdc-common-utils-ts": "^1.6.0",
-    "gdc-sdk-core-ts": "^0.3.0"
+    "gdc-common-utils-ts": "^1.8.0",
+    "gdc-sdk-core-ts": "^0.4.0"
   },
   "devDependencies": {
     "@types/node": "^20.14.10",