gdc-sdk-node-ts 2.0.2 → 2.0.4

package/dist/legal-organization-onboarding-facade.d.ts

@@ -0,0 +1,70 @@
+import type { LegalOrganizationVerificationRouting, LegalOrganizationVerificationTransactionController, LegalOrganizationVerificationTransactionInput, LegalOrganizationVerificationTransactionOrganization, LegalOrganizationVerificationRepresentativePayload } from 'gdc-common-utils-ts/utils/legal-organization-verification-transaction';
+import type { NodeOrganizationActivationInput } from './orchestration/client-port.js';
+export type LegalOrganizationFormFields = Readonly<{
+    legalName?: string;
+    legalIdentifierType?: string;
+    legalIdentifierValue?: string;
+    taxId?: string;
+    addressCountry?: string;
+    controllerEmail?: string;
+    controllerRole?: string;
+    serviceCategory?: string;
+    serviceIdentifier?: string;
+    serviceUrl?: string;
+}>;
+export type LegalOrganizationOnboardingValidationIssue = Readonly<{
+    severity: 'error' | 'warning';
+    code: string;
+    message: string;
+    field?: keyof LegalOrganizationFormFields | 'claims' | string;
+}>;
+export type LegalOrganizationOnboardingValidationResult = Readonly<{
+    ok: boolean;
+    errors: LegalOrganizationOnboardingValidationIssue[];
+    warnings: LegalOrganizationOnboardingValidationIssue[];
+    normalizedClaims: Record<string, unknown>;
+}>;
+export interface LegalOrganizationOnboardingEditor {
+    setLegalName(value: string): LegalOrganizationOnboardingEditor;
+    setLegalIdentifierType(value: string): LegalOrganizationOnboardingEditor;
+    setLegalIdentifierValue(value: string): LegalOrganizationOnboardingEditor;
+    setTaxId(value: string): LegalOrganizationOnboardingEditor;
+    setAddressCountry(value: string): LegalOrganizationOnboardingEditor;
+    setControllerEmail(value: string): LegalOrganizationOnboardingEditor;
+    setControllerRole(value: string): LegalOrganizationOnboardingEditor;
+    setServiceCategory(value: string): LegalOrganizationOnboardingEditor;
+    setServiceIdentifier(value: string): LegalOrganizationOnboardingEditor;
+    setServiceUrl(value: string): LegalOrganizationOnboardingEditor;
+    getFormFields(): LegalOrganizationFormFields;
+    buildClaims(): Record<string, unknown>;
+    validate(): LegalOrganizationOnboardingValidationResult;
+    buildVerificationTransactionInput(input: Readonly<{
+        controller: LegalOrganizationVerificationTransactionController;
+        organization?: LegalOrganizationVerificationTransactionOrganization;
+        legalRepresentativePayload?: LegalOrganizationVerificationRepresentativePayload;
+        verification?: LegalOrganizationVerificationRouting;
+        attachments?: unknown[];
+    }>): LegalOrganizationVerificationTransactionInput;
+    buildActivationInput(input: Readonly<{
+        vpToken: string;
+        controller: LegalOrganizationVerificationTransactionController;
+        capabilities?: readonly string[];
+    }>): NodeOrganizationActivationInput;
+}
+export interface LegalOrganizationOnboardingFacade {
+    createDraft(initial?: LegalOrganizationFormFields): LegalOrganizationFormFields;
+    createEditor(initial?: LegalOrganizationFormFields): LegalOrganizationOnboardingEditor;
+    setLegalName(fields: LegalOrganizationFormFields, value: string): LegalOrganizationFormFields;
+    setLegalIdentifierType(fields: LegalOrganizationFormFields, value: string): LegalOrganizationFormFields;
+    setLegalIdentifierValue(fields: LegalOrganizationFormFields, value: string): LegalOrganizationFormFields;
+    setTaxId(fields: LegalOrganizationFormFields, value: string): LegalOrganizationFormFields;
+    setAddressCountry(fields: LegalOrganizationFormFields, value: string): LegalOrganizationFormFields;
+    setControllerEmail(fields: LegalOrganizationFormFields, value: string): LegalOrganizationFormFields;
+    setControllerRole(fields: LegalOrganizationFormFields, value: string): LegalOrganizationFormFields;
+    setServiceCategory(fields: LegalOrganizationFormFields, value: string): LegalOrganizationFormFields;
+    setServiceIdentifier(fields: LegalOrganizationFormFields, value: string): LegalOrganizationFormFields;
+    setServiceUrl(fields: LegalOrganizationFormFields, value: string): LegalOrganizationFormFields;
+    buildClaims(fields: LegalOrganizationFormFields): Record<string, unknown>;
+    validate(fields: LegalOrganizationFormFields): LegalOrganizationOnboardingValidationResult;
+}
+export declare function createLegalOrganizationOnboardingFacade(): LegalOrganizationOnboardingFacade;

package/dist/legal-organization-onboarding-facade.js

@@ -0,0 +1,169 @@
+// Copyright 2026 Antifraud Services Inc. under the Apache License, Version 2.0.
+import { ClaimsOrganizationSchemaorg, ClaimsPersonSchemaorg, ClaimsServiceSchemaorg, } from 'gdc-common-utils-ts/constants/schemaorg';
+import { ServiceCapability } from 'gdc-common-utils-ts/constants/service-capabilities';
+import { validateLegalOrganizationOnboardingClaims, } from 'gdc-common-utils-ts/utils/legal-organization-onboarding';
+function normalizeText(value) {
+    return typeof value === 'string' ? value.trim() : '';
+}
+function normalizeOptionalText(value) {
+    const normalized = normalizeText(value);
+    return normalized || undefined;
+}
+function cloneFields(fields) {
+    return { ...(fields || {}) };
+}
+function patchFields(fields, patch) {
+    return {
+        ...cloneFields(fields),
+        ...patch,
+    };
+}
+function createIssues(fields) {
+    const issues = [];
+    if (!normalizeOptionalText(fields.legalName)) {
+        issues.push({ severity: 'error', code: 'missing-legal-name', message: 'Legal organization name is required.', field: 'legalName' });
+    }
+    if (!normalizeOptionalText(fields.legalIdentifierType)) {
+        issues.push({ severity: 'error', code: 'missing-legal-identifier-type', message: 'Legal identifier type is required.', field: 'legalIdentifierType' });
+    }
+    if (!normalizeOptionalText(fields.addressCountry)) {
+        issues.push({ severity: 'error', code: 'missing-address-country', message: 'Address country is required.', field: 'addressCountry' });
+    }
+    if (!normalizeOptionalText(fields.controllerEmail)) {
+        issues.push({ severity: 'error', code: 'missing-controller-email', message: 'Controller email is required.', field: 'controllerEmail' });
+    }
+    if (!normalizeOptionalText(fields.serviceCategory)) {
+        issues.push({ severity: 'error', code: 'missing-service-category', message: 'Service category is required.', field: 'serviceCategory' });
+    }
+    return issues;
+}
+function createEditorFromFacade(facade, initial) {
+    let formFields = facade.createDraft(initial);
+    const editor = {
+        setLegalName(value) { formFields = facade.setLegalName(formFields, value); return editor; },
+        setLegalIdentifierType(value) { formFields = facade.setLegalIdentifierType(formFields, value); return editor; },
+        setLegalIdentifierValue(value) { formFields = facade.setLegalIdentifierValue(formFields, value); return editor; },
+        setTaxId(value) { formFields = facade.setTaxId(formFields, value); return editor; },
+        setAddressCountry(value) { formFields = facade.setAddressCountry(formFields, value); return editor; },
+        setControllerEmail(value) { formFields = facade.setControllerEmail(formFields, value); return editor; },
+        setControllerRole(value) { formFields = facade.setControllerRole(formFields, value); return editor; },
+        setServiceCategory(value) { formFields = facade.setServiceCategory(formFields, value); return editor; },
+        setServiceIdentifier(value) { formFields = facade.setServiceIdentifier(formFields, value); return editor; },
+        setServiceUrl(value) { formFields = facade.setServiceUrl(formFields, value); return editor; },
+        getFormFields() { return cloneFields(formFields); },
+        buildClaims() { return facade.buildClaims(formFields); },
+        validate() { return facade.validate(formFields); },
+        buildVerificationTransactionInput(input) {
+            return {
+                claims: facade.buildClaims(formFields),
+                controller: input.controller,
+                ...(input.organization ? { organization: input.organization } : {}),
+                ...(input.legalRepresentativePayload ? { legalRepresentativePayload: input.legalRepresentativePayload } : {}),
+                ...(input.verification ? { verification: input.verification } : {}),
+                ...(input.attachments ? { attachments: input.attachments } : {}),
+            };
+        },
+        buildActivationInput(input) {
+            const claims = facade.buildClaims(formFields);
+            const service = {
+                url: String(claims[ClaimsServiceSchemaorg.url] || '').trim() || undefined,
+                capabilities: [...new Set((input.capabilities || [ServiceCapability.IndexProvider, ServiceCapability.DigitalTwinReader])
+                        .map((item) => String(item || '').trim())
+                        .filter(Boolean))],
+            };
+            return {
+                vpToken: input.vpToken,
+                controller: input.controller,
+                service,
+                additionalClaims: claims,
+            };
+        },
+    };
+    return editor;
+}
+export function createLegalOrganizationOnboardingFacade() {
+    return {
+        createDraft(initial = {}) {
+            return cloneFields(initial);
+        },
+        createEditor(initial = {}) {
+            return createEditorFromFacade(this, initial);
+        },
+        setLegalName(fields, value) {
+            return patchFields(fields, { legalName: normalizeOptionalText(value) });
+        },
+        setLegalIdentifierType(fields, value) {
+            return patchFields(fields, { legalIdentifierType: normalizeOptionalText(value) });
+        },
+        setLegalIdentifierValue(fields, value) {
+            return patchFields(fields, { legalIdentifierValue: normalizeOptionalText(value) });
+        },
+        setTaxId(fields, value) {
+            return patchFields(fields, { taxId: normalizeOptionalText(value) });
+        },
+        setAddressCountry(fields, value) {
+            return patchFields(fields, { addressCountry: normalizeOptionalText(value) });
+        },
+        setControllerEmail(fields, value) {
+            const normalized = normalizeOptionalText(value);
+            return patchFields(fields, { controllerEmail: normalized?.toLowerCase() });
+        },
+        setControllerRole(fields, value) {
+            return patchFields(fields, { controllerRole: normalizeOptionalText(value) });
+        },
+        setServiceCategory(fields, value) {
+            return patchFields(fields, { serviceCategory: normalizeOptionalText(value) });
+        },
+        setServiceIdentifier(fields, value) {
+            return patchFields(fields, { serviceIdentifier: normalizeOptionalText(value) });
+        },
+        setServiceUrl(fields, value) {
+            return patchFields(fields, { serviceUrl: normalizeOptionalText(value) });
+        },
+        buildClaims(fields) {
+            const claims = {
+                '@context': 'org.schema',
+            };
+            if (normalizeOptionalText(fields.legalName))
+                claims[ClaimsOrganizationSchemaorg.legalName] = normalizeText(fields.legalName);
+            if (normalizeOptionalText(fields.legalIdentifierType))
+                claims[ClaimsOrganizationSchemaorg.identifierType] = normalizeText(fields.legalIdentifierType);
+            if (normalizeOptionalText(fields.legalIdentifierValue))
+                claims[ClaimsOrganizationSchemaorg.identifierValue] = normalizeText(fields.legalIdentifierValue);
+            if (normalizeOptionalText(fields.taxId))
+                claims[ClaimsOrganizationSchemaorg.taxId] = normalizeText(fields.taxId);
+            if (normalizeOptionalText(fields.addressCountry))
+                claims[ClaimsOrganizationSchemaorg.addressCountry] = normalizeText(fields.addressCountry);
+            if (normalizeOptionalText(fields.controllerEmail))
+                claims[ClaimsPersonSchemaorg.email] = normalizeText(fields.controllerEmail).toLowerCase();
+            if (normalizeOptionalText(fields.controllerRole))
+                claims[ClaimsPersonSchemaorg.hasOccupationalRoleValue] = normalizeText(fields.controllerRole);
+            if (normalizeOptionalText(fields.serviceCategory))
+                claims[ClaimsServiceSchemaorg.category] = normalizeText(fields.serviceCategory);
+            if (normalizeOptionalText(fields.serviceIdentifier))
+                claims[ClaimsServiceSchemaorg.identifier] = normalizeText(fields.serviceIdentifier);
+            if (normalizeOptionalText(fields.serviceUrl))
+                claims[ClaimsServiceSchemaorg.url] = normalizeText(fields.serviceUrl);
+            return validateLegalOrganizationOnboardingClaims(claims).normalizedClaims;
+        },
+        validate(fields) {
+            const normalizedClaims = this.buildClaims(fields);
+            const issues = createIssues(fields);
+            const sharedValidation = validateLegalOrganizationOnboardingClaims(normalizedClaims);
+            for (const error of sharedValidation.errors) {
+                issues.push({
+                    severity: 'error',
+                    code: error.code.toLowerCase(),
+                    message: error.message,
+                    field: error.claimPaths[0] || 'claims',
+                });
+            }
+            return {
+                ok: !issues.some((issue) => issue.severity === 'error'),
+                errors: issues.filter((issue) => issue.severity === 'error'),
+                warnings: issues.filter((issue) => issue.severity === 'warning'),
+                normalizedClaims,
+            };
+        },
+    };
+}

package/dist/node-runtime-client.d.ts

@@ -4,10 +4,12 @@ import { type ResolvedAppInfo } from 'gdc-sdk-core-ts';
 import { type HostRouteContext, type HostedTenantLifecycleInput } from './host-onboarding.js';
 import type { NodeLegalOrganizationVerificationTransactionInput, NodeOrganizationDidBindingInput, NodeOrganizationActivationInput } from './orchestration/client-port.js';
 import { type IndividualOrganizationConfirmOrderInput, type RouteContext } from './individual-onboarding.js';
+import { type EnsureFamilyOrganizationRegistrationInput } from './family-organization-registration.js';
+import { type FamilyOrganizationSearchInput } from './family-organization-search.js';
 import { type SmartTokenRequestInput } from './smart-token.js';
 import { type OrganizationLicenseOrderConfirmInput } from './organization-license-order.js';
 import { type IndividualOrganizationBootstrapInput, type IndividualOrganizationStartResult } from './individual-start.js';
-import { type CommunicationIngestionInput, type CommunicationParticipantRuntimeSearchInput, type ClinicalBundleSearchInput, type GrantProfessionalAccessInput, type GrantProfessionalAccessResult, type IndividualMemberLifecycleInput, type IndividualOrganizationLifecycleInput, type LicenseListRuntimeSearchInput, type LicenseOfferRuntimeSearchInput, type LicenseOrderRuntimeSearchInput, type OrganizationEmployeeCreationInput, type OrganizationEmployeeLifecycleInput, type OrganizationEmployeeSearchInput, type RelatedPersonUpsertInput } from './resource-operations.js';
+import { type CommunicationIngestionInput, type CommunicationParticipantRuntimeSearchInput, type ClinicalBundleSearchInput, type GrantProfessionalAccessInput, type GrantProfessionalAccessResult, type IndividualMemberLifecycleInput, type IndividualOrganizationLifecycleInput, type LicenseListRuntimeSearchInput, type LicenseOfferRuntimeSearchInput, type LicenseOrderRuntimeSearchInput, type OrganizationEmployeeCreationInput, type OrganizationEmployeeLifecycleInput, type OrganizationEmployeeSearchInput, type RevokeProfessionalAccessInput, type RevokeProfessionalAccessResult, type RelatedPersonUpsertInput } from './resource-operations.js';
 import type { LegalOrganizationOrderInput } from './host-onboarding.js';
 import type { SmartTokenExchangeResult } from './smart-token.js';
 import type { NodeRuntimeClient, PollOptions, PollResult, SubmitAndPollResult, SubmitPayload, SubmitResponse } from './orchestration/client-port.js';
@@ -120,8 +122,9 @@ export declare class HttpRuntimeClient implements NodeRuntimeClient {
      * - keeps the controller business key inside the submitted bundle payload
      *
      * Flow separation:
-     * - `_transaction` is the first host onboarding step
-     * - `_activate` remains a later step that consumes the ICA proof
+     * - `_transaction` is the new host onboarding step
+     * - this runtime does not chain `_activate` after `_transaction`
+     * - `_activate` remains available only for the older ICA `_verify` based flow
      */
     submitLegalOrganizationVerificationTransaction(hostCtx: HostRouteContext, input: NodeLegalOrganizationVerificationTransactionInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
     /**
@@ -140,7 +143,7 @@ export declare class HttpRuntimeClient implements NodeRuntimeClient {
      *
      * Plaintext transport note:
      * - this Node runtime currently submits `_activate` as
-     *   `application/didcomm-plaintext+json`
+     *   `application/didcomm-plain+json`
      * - because there is no real outer JWS/JWE envelope in that mode, the
      *   runtime mirrors the technical communication metadata derived from
      *   `controller.publicKeyJwk` / `controller.jwks` into `meta.jws.protected`
@@ -233,6 +236,27 @@ export declare class HttpRuntimeClient implements NodeRuntimeClient {
      * Starts the onboarding flow for an individual-oriented tenant or index.
      */
     startIndividualOrganization(input: IndividualOrganizationBootstrapInput): Promise<IndividualOrganizationStartResult>;
+    /**
+     * Searches one existing family/individual registration by controller phone +
+     * usualname, with optional birth-date disambiguation.
+     */
+    searchFamilyOrganization(ctx: RouteContext, input: FamilyOrganizationSearchInput): Promise<Readonly<{
+        status: import("gdc-common-utils-ts").FamilyRegistrationStatus;
+        offerId?: string;
+        organizationId?: string;
+        subjectInfo?: import("gdc-common-utils-ts").FamilyOrganizationSubjectInfo;
+        missingFields?: string[];
+        updatedAt?: string;
+    }> | null>;
+    /**
+     * Searches one existing family/individual registration and starts the
+     * bootstrap flow only when the registration does not already exist.
+     */
+    ensureFamilyOrganizationRegistration(ctx: RouteContext, input: EnsureFamilyOrganizationRegistrationInput): Promise<Readonly<{
+        status: "already_exists" | "resume_required" | "new_created";
+        summary?: import("gdc-common-utils-ts").FamilyOrganizationSummary;
+        started?: IndividualOrganizationStartResult;
+    }>>;
     /**
      * Confirms the order returned by `startIndividualOrganization(...)`.
      */
@@ -289,6 +313,11 @@ export declare class HttpRuntimeClient implements NodeRuntimeClient {
      * Creates and submits a consent-oriented access grant for a professional actor.
      */
     grantProfessionalAccess(ctx: RouteContext, input: GrantProfessionalAccessInput): Promise<GrantProfessionalAccessResult>;
+    /**
+     * Closes an existing professional consent by setting its period end and
+     * resubmitting the updated consent resource.
+     */
+    revokeProfessionalAccess(ctx: RouteContext, input: RevokeProfessionalAccessInput): Promise<RevokeProfessionalAccessResult>;
     /**
      * Requests SMART/OpenID token material through the gateway.
      *
@@ -367,6 +396,18 @@ export declare class HttpRuntimeClient implements NodeRuntimeClient {
      */
     private wrapBundleAsGatewayTransactionMessage;
     private hostRegistryPath;
+    /**
+     * Resolves the host route segment without forcing callers to remember whether
+     * the same raw string is named `hostNetwork` or `sector` in a given layer.
+     *
+     * Step by step:
+     * - host routes use `/host/cds-{jurisdiction}/v1/{host-network}`
+     * - tenant routes use `/{tenantId}/cds-{jurisdiction}/v1/{tenant-sector}`
+     * - older live tests and adapters sometimes passed the host segment under
+     *   `sector`, which is semantically wrong for host routes
+     * - new code should prefer `hostNetwork`
+     * - compatibility code may pass `hostNetworkOrTenantSector`
+     */
     private requireHostRouteContext;
     hostRegistryOrganizationTransactionPath(ctx?: HostRouteContext): string;
     hostRegistryOrganizationTransactionPollPath(ctx?: HostRouteContext): string;
@@ -394,6 +435,8 @@ export declare class HttpRuntimeClient implements NodeRuntimeClient {
     employeePurgePollPath(ctx?: RouteContext): string;
     individualFamilyOrganizationBatchPath(ctx?: RouteContext): string;
     individualFamilyOrganizationPollPath(ctx?: RouteContext): string;
+    individualFamilyOrganizationSearchPath(ctx?: RouteContext): string;
+    individualFamilyOrganizationSearchPollPath(ctx?: RouteContext): string;
     individualFamilyOrganizationTransactionPath(ctx?: RouteContext): string;
     individualFamilyOrganizationTransactionPollPath(ctx?: RouteContext): string;
     individualFamilyOrganizationDisablePath(ctx?: RouteContext): string;

package/dist/node-runtime-client.js

@@ -2,17 +2,20 @@
 // Always create JSDoc, do not use strings inline in keys nor values, use types instead, and reuse the data test examples.
 import fs from 'node:fs';
 import path from 'node:path';
+import { DIDCOMM_DEFAULT_ACCEPT_HEADER, DIDCOMM_PLAINTEXT_JSON_MEDIA_TYPE, } from 'gdc-common-utils-ts/utils/didcomm-submit';
 import { buildLegalOrganizationVerificationGatewayRequestBundle, buildOrganizationDidBindingBundle, buildAppHeaders, createBootstrapFacade, resolveAppInfo, } from 'gdc-sdk-core-ts';
 import { buildConsentClaimsSimpleWithCid } from 'gdc-common-utils-ts/utils/consent';
 import { buildDidcommPlaintextTransportMetadata } from 'gdc-common-utils-ts/utils/activation-request';
 import { pollUntilCompleteWithMethod } from './async-polling.js';
 import { confirmLegalOrganizationOrderWithDeps, HostLifecycleRequestType, HostedTenantLifecycleRequestType, submitHostedTenantLifecycleWithDeps, } from './host-onboarding.js';
 import { confirmIndividualOrganizationOrderWithDeps, } from './individual-onboarding.js';
+import { ensureFamilyOrganizationRegistrationWithDeps, } from './family-organization-registration.js';
+import { searchFamilyOrganizationWithDeps } from './family-organization-search.js';
 import { requestSmartTokenWithDeps } from './smart-token.js';
 import { extractOfferIdFromResponseBody, extractOfferPreviewFromResponseBody, } from './order-offer-summary.js';
 import { confirmOrganizationLicenseOrderWithDeps } from './organization-license-order.js';
 import { startIndividualOrganizationWithDeps } from './individual-start.js';
-import { createOrganizationEmployeeWithDeps, disableIndividualMemberWithDeps, disableIndividualOrganizationWithDeps, disableOrganizationEmployeeWithDeps, listIndividualLicenseOffersWithDeps, listIndividualLicenseOrdersWithDeps, listIndividualLicensesWithDeps, listOrganizationLicenseOffersWithDeps, listOrganizationLicenseOrdersWithDeps, listOrganizationLicensesWithDeps, grantProfessionalAccessWithDeps, ingestCommunicationAndUpdateIndexWithDeps, searchCommunicationParticipantsWithDeps, purgeIndividualMemberWithDeps, purgeIndividualOrganizationWithDeps, purgeOrganizationEmployeeWithDeps, searchIndividualLicensesWithDeps, searchIndividualLicenseOffersWithDeps, searchIndividualLicenseOrdersWithDeps, searchOrganizationLicensesWithDeps, searchOrganizationLicenseOffersWithDeps, searchOrganizationLicenseOrdersWithDeps, searchOrganizationEmployeesWithDeps, searchClinicalBundleWithDeps, searchLatestIpsWithDeps, upsertRelatedPersonAndPollWithDeps, } from './resource-operations.js';
+import { createOrganizationEmployeeWithDeps, disableIndividualMemberWithDeps, disableIndividualOrganizationWithDeps, disableOrganizationEmployeeWithDeps, listIndividualLicenseOffersWithDeps, listIndividualLicenseOrdersWithDeps, listIndividualLicensesWithDeps, listOrganizationLicenseOffersWithDeps, listOrganizationLicenseOrdersWithDeps, listOrganizationLicensesWithDeps, grantProfessionalAccessWithDeps, ingestCommunicationAndUpdateIndexWithDeps, revokeProfessionalAccessWithDeps, searchCommunicationParticipantsWithDeps, purgeIndividualMemberWithDeps, purgeIndividualOrganizationWithDeps, purgeOrganizationEmployeeWithDeps, searchIndividualLicensesWithDeps, searchIndividualLicenseOffersWithDeps, searchIndividualLicenseOrdersWithDeps, searchOrganizationLicensesWithDeps, searchOrganizationLicenseOffersWithDeps, searchOrganizationLicenseOrdersWithDeps, searchOrganizationEmployeesWithDeps, searchClinicalBundleWithDeps, searchLatestIpsWithDeps, upsertRelatedPersonAndPollWithDeps, } from './resource-operations.js';
 import { submitAndPollWithMethods } from './orchestration/client-port.js';
 import { GwCoreLifecycleAction } from './constants/lifecycle.js';
 const bootstrapFacade = createBootstrapFacade();
@@ -83,7 +86,7 @@ export class HttpRuntimeClient {
      * Submits a batch payload to a gateway batch endpoint.
      */
     async submitBatch(path, payload) {
-        return this.postJson(path, payload, 'application/didcomm-plaintext+json');
+        return this.postJson(path, payload, DIDCOMM_PLAINTEXT_JSON_MEDIA_TYPE);
     }
     /**
      * Polls a batch-response endpoint until the GW reports a terminal state.
@@ -107,8 +110,9 @@ export class HttpRuntimeClient {
      * - keeps the controller business key inside the submitted bundle payload
      *
      * Flow separation:
-     * - `_transaction` is the first host onboarding step
-     * - `_activate` remains a later step that consumes the ICA proof
+     * - `_transaction` is the new host onboarding step
+     * - this runtime does not chain `_activate` after `_transaction`
+     * - `_activate` remains available only for the older ICA `_verify` based flow
      */
     async submitLegalOrganizationVerificationTransaction(hostCtx, input, pollOptions) {
         const thid = `organization-verification-transaction-${runtimeUuid()}`;
@@ -428,6 +432,38 @@ export class HttpRuntimeClient {
             getOfferPreviewFromResponse: (result) => extractOfferPreviewFromResponseBody(result.poll.body),
         });
     }
+    /**
+     * Searches one existing family/individual registration by controller phone +
+     * usualname, with optional birth-date disambiguation.
+     */
+    async searchFamilyOrganization(ctx, input) {
+        return searchFamilyOrganizationWithDeps({
+            routeCtx: ctx,
+            input,
+            defaultTimeoutMs: 20000,
+            defaultIntervalMs: 1000,
+            individualFamilyOrganizationSearchPath: this.individualFamilyOrganizationSearchPath.bind(this),
+            individualFamilyOrganizationSearchPollPath: this.individualFamilyOrganizationSearchPollPath.bind(this),
+            submitAndPoll: this.submitAndPoll.bind(this),
+        });
+    }
+    /**
+     * Searches one existing family/individual registration and starts the
+     * bootstrap flow only when the registration does not already exist.
+     */
+    async ensureFamilyOrganizationRegistration(ctx, input) {
+        return ensureFamilyOrganizationRegistrationWithDeps({
+            routeCtx: ctx,
+            input,
+            defaultTimeoutMs: 20000,
+            defaultIntervalMs: 1000,
+            individualFamilyOrganizationSearchPath: this.individualFamilyOrganizationSearchPath.bind(this),
+            individualFamilyOrganizationSearchPollPath: this.individualFamilyOrganizationSearchPollPath.bind(this),
+            individualFamilyOrganizationBatchPath: this.individualFamilyOrganizationTransactionPath.bind(this),
+            individualFamilyOrganizationPollPath: this.individualFamilyOrganizationTransactionPollPath.bind(this),
+            submitAndPoll: this.submitAndPoll.bind(this),
+        });
+    }
     /**
      * Confirms the order returned by `startIndividualOrganization(...)`.
      */
@@ -564,6 +600,17 @@ export class HttpRuntimeClient {
             submitAndPoll: this.submitAndPoll.bind(this),
         });
     }
+    /**
+     * Closes an existing professional consent by setting its period end and
+     * resubmitting the updated consent resource.
+     */
+    async revokeProfessionalAccess(ctx, input) {
+        return revokeProfessionalAccessWithDeps(ctx, input, {
+            individualConsentR4BatchPath: this.individualConsentR4BatchPath.bind(this),
+            individualConsentR4PollPath: this.individualConsentR4PollPath.bind(this),
+            submitAndPoll: this.submitAndPoll.bind(this),
+        });
+    }
     /**
      * Requests SMART/OpenID token material through the gateway.
      *
@@ -722,7 +769,7 @@ export class HttpRuntimeClient {
         const headers = {
             ...this.defaultHeaders,
             'Content-Type': contentType,
-            Accept: 'application/json, application/didcomm-plaintext+json, */*',
+            Accept: DIDCOMM_DEFAULT_ACCEPT_HEADER,
         };
         if (this.bearerToken)
             headers.Authorization = `Bearer ${this.bearerToken}`;
@@ -819,10 +866,29 @@ export class HttpRuntimeClient {
         const hostCtx = this.requireHostRouteContext(ctx);
         return `/host/cds-${encodeURIComponent(hostCtx.jurisdiction)}/v1/${encodeURIComponent(hostCtx.hostNetwork || '')}/registry/org.schema/${encodeURIComponent(resourceType)}/${encodeURIComponent(action)}`;
     }
+    /**
+     * Resolves the host route segment without forcing callers to remember whether
+     * the same raw string is named `hostNetwork` or `sector` in a given layer.
+     *
+     * Step by step:
+     * - host routes use `/host/cds-{jurisdiction}/v1/{host-network}`
+     * - tenant routes use `/{tenantId}/cds-{jurisdiction}/v1/{tenant-sector}`
+     * - older live tests and adapters sometimes passed the host segment under
+     *   `sector`, which is semantically wrong for host routes
+     * - new code should prefer `hostNetwork`
+     * - compatibility code may pass `hostNetworkOrTenantSector`
+     */
     requireHostRouteContext(ctx) {
+        const hostCtx = (ctx || {});
         const runtimeCtx = (this.ctx || {});
-        const jurisdiction = String(ctx?.jurisdiction || this.ctx?.jurisdiction || '').trim();
-        const hostNetwork = String(ctx?.hostNetwork || ctx?.sector || runtimeCtx.hostNetwork || runtimeCtx.sector || '').trim();
+        const jurisdiction = String(hostCtx.jurisdiction || this.ctx?.jurisdiction || '').trim();
+        const hostNetwork = String(hostCtx.hostNetwork
+            || hostCtx.hostNetworkOrTenantSector
+            || hostCtx.sector
+            || runtimeCtx.hostNetwork
+            || runtimeCtx.hostNetworkOrTenantSector
+            || runtimeCtx.sector
+            || '').trim();
         if (!jurisdiction || !hostNetwork)
             throw new Error('Host route context is required.');
         return { jurisdiction, hostNetwork };
@@ -859,6 +925,8 @@ export class HttpRuntimeClient {
     employeePurgePollPath(ctx) { return this.v1Path(ctx, 'entity', 'org.schema', 'Employee', `${GwCoreLifecycleAction.Purge}-response`); }
     individualFamilyOrganizationBatchPath(ctx) { return this.v1Path(ctx, 'individual', 'org.schema', 'Organization', GwCoreLifecycleAction.Batch); }
     individualFamilyOrganizationPollPath(ctx) { return this.v1Path(ctx, 'individual', 'org.schema', 'Organization', GwCoreLifecycleAction.BatchResponse); }
+    individualFamilyOrganizationSearchPath(ctx) { return this.v1Path(ctx, 'individual', 'org.schema', 'Organization', '_search'); }
+    individualFamilyOrganizationSearchPollPath(ctx) { return this.v1Path(ctx, 'individual', 'org.schema', 'Organization', '_search-response'); }
     individualFamilyOrganizationTransactionPath(ctx) { return this.v1Path(ctx, 'individual', 'org.schema', 'Organization', GwCoreLifecycleAction.Transaction); }
     individualFamilyOrganizationTransactionPollPath(ctx) { return this.v1Path(ctx, 'individual', 'org.schema', 'Organization', GwCoreLifecycleAction.TransactionResponse); }
     individualFamilyOrganizationDisablePath(ctx) { return this.v1Path(ctx, 'individual', 'org.schema', 'Organization', GwCoreLifecycleAction.Disable); }

package/dist/orchestration/client-port.d.ts

@@ -1,4 +1,5 @@
 import type { ControllerBindingInput } from 'gdc-common-utils-ts/models';
+import type { FamilyOrganizationSummary } from 'gdc-common-utils-ts/utils/family-organization-summary';
 import type { LegalOrganizationVerificationTransactionInput } from 'gdc-common-utils-ts/utils/legal-organization-verification-transaction';
 import type { OrganizationDidBindingInput } from 'gdc-sdk-core-ts';
 import type { LicenseListRuntimeSearchInput, LicenseOfferRuntimeSearchInput, LicenseOrderRuntimeSearchInput } from '../resource-operations.js';
@@ -8,9 +9,11 @@ import type { EmployeeDeviceActivationResult, EmployeeDeviceActivationRequestInp
 import type { HostRouteContext, HostedTenantLifecycleInput, LegalOrganizationOrderInput } from '../host-onboarding.js';
 import type { IndividualOrganizationConfirmOrderInput, RouteContext } from '../individual-onboarding.js';
 import type { IndividualOrganizationBootstrapInput, IndividualOrganizationStartResult } from '../individual-start.js';
+import type { FamilyOrganizationSearchInput } from '../family-organization-search.js';
+import type { EnsureFamilyOrganizationRegistrationInput, EnsureFamilyOrganizationRegistrationResult } from '../family-organization-registration.js';
 import type { OrganizationLicenseOrderConfirmInput } from '../organization-license-order.js';
 import type { SmartTokenExchangeResult, SmartTokenRequestInput } from '../smart-token.js';
-import type { CommunicationIngestionInput, CommunicationParticipantRuntimeSearchInput, ClinicalBundleSearchInput, DigitalTwinGenerationInput, GrantProfessionalAccessInput, GrantProfessionalAccessResult, IndividualMemberLifecycleInput, IndividualOrganizationLifecycleInput, IpsOrFhirImportInput, OrganizationEmployeeCreationInput, OrganizationEmployeeLifecycleInput, OrganizationEmployeeSearchInput, RelatedPersonUpsertInput } from '../resource-operations.js';
+import type { CommunicationIngestionInput, CommunicationParticipantRuntimeSearchInput, ClinicalBundleSearchInput, DigitalTwinGenerationInput, GrantProfessionalAccessInput, GrantProfessionalAccessResult, IndividualMemberLifecycleInput, IndividualOrganizationLifecycleInput, IpsOrFhirImportInput, OrganizationEmployeeCreationInput, OrganizationEmployeeLifecycleInput, OrganizationEmployeeSearchInput, RevokeProfessionalAccessInput, RevokeProfessionalAccessResult, RelatedPersonUpsertInput } from '../resource-operations.js';
 /**
  * Shared node-runtime activation input.
  *
@@ -74,6 +77,8 @@ export type RuntimeClient = {
     activateEmployeeDeviceWithActivationRequest?: (input: EmployeeDeviceActivationRequestInput) => Promise<EmployeeDeviceActivationResult>;
     requestSmartToken?: (input: SmartTokenRequestInput) => Promise<SmartTokenExchangeResult>;
     startIndividualOrganization?: (input: IndividualOrganizationBootstrapInput) => Promise<IndividualOrganizationStartResult>;
+    searchFamilyOrganization?: (ctx: RouteContext, input: FamilyOrganizationSearchInput) => Promise<FamilyOrganizationSummary | null>;
+    ensureFamilyOrganizationRegistration?: (ctx: RouteContext, input: EnsureFamilyOrganizationRegistrationInput) => Promise<EnsureFamilyOrganizationRegistrationResult>;
     confirmIndividualOrganizationOrder?: (input: IndividualOrganizationConfirmOrderInput) => Promise<SubmitAndPollResult>;
     disableIndividual?: (ctx: RouteContext, input: IndividualOrganizationLifecycleInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
     purgeIndividual?: (ctx: RouteContext, input: IndividualOrganizationLifecycleInput, pollOptions?: PollOptions) => Promise<SubmitAndPollResult>;
@@ -84,6 +89,7 @@ export type RuntimeClient = {
     ingestCommunicationAndUpdateIndex?: (ctx: RouteContext, input: CommunicationIngestionInput) => Promise<SubmitAndPollResult>;
     searchCommunicationParticipants?: (ctx: RouteContext, input: CommunicationParticipantRuntimeSearchInput) => Promise<SubmitAndPollResult>;
     grantProfessionalAccess?: (ctx: RouteContext, input: GrantProfessionalAccessInput) => Promise<GrantProfessionalAccessResult>;
+    revokeProfessionalAccess?: (ctx: RouteContext, input: RevokeProfessionalAccessInput) => Promise<RevokeProfessionalAccessResult>;
     searchIndividualLicenses?: (ctx: RouteContext, input: LicenseListRuntimeSearchInput) => Promise<SubmitAndPollResult>;
     listIndividualLicenses?: (ctx: RouteContext, input?: LicenseListRuntimeSearchInput) => Promise<SubmitAndPollResult>;
     searchIndividualLicenseOffers?: (ctx: RouteContext, input: LicenseOfferRuntimeSearchInput) => Promise<SubmitAndPollResult>;

package/dist/orchestration/individual-controller-sdk.d.ts

@@ -1,8 +1,11 @@
 import { type NodeRuntimeClient, type PollOptions, type SubmitAndPollResult, type SubmitPayload } from './client-port.js';
+import type { FamilyOrganizationSummary } from 'gdc-common-utils-ts/utils/family-organization-summary';
+import type { EnsureFamilyOrganizationRegistrationInput, EnsureFamilyOrganizationRegistrationResult } from '../family-organization-registration.js';
+import type { FamilyOrganizationSearchInput } from '../family-organization-search.js';
 import type { IndividualOrganizationConfirmOrderInput, RouteContext } from '../individual-onboarding.js';
 import type { IndividualOrganizationBootstrapInput, IndividualOrganizationStartResult } from '../individual-start.js';
 import type { NodeCapability } from '../session.js';
-import type { ClinicalBundleSearchInput, CommunicationIngestionInput, CommunicationParticipantRuntimeSearchInput, DigitalTwinGenerationInput, GrantProfessionalAccessInput, GrantProfessionalAccessResult, IndividualMemberLifecycleInput, IndividualOrganizationLifecycleInput, IpsOrFhirImportInput, LicenseListRuntimeSearchInput, LicenseOfferRuntimeSearchInput, LicenseOrderRuntimeSearchInput, RelatedPersonUpsertInput } from '../resource-operations.js';
+import type { ClinicalBundleSearchInput, CommunicationIngestionInput, CommunicationParticipantRuntimeSearchInput, DigitalTwinGenerationInput, GrantProfessionalAccessInput, GrantProfessionalAccessResult, IndividualMemberLifecycleInput, IndividualOrganizationLifecycleInput, IpsOrFhirImportInput, LicenseListRuntimeSearchInput, LicenseOfferRuntimeSearchInput, LicenseOrderRuntimeSearchInput, RevokeProfessionalAccessInput, RevokeProfessionalAccessResult, RelatedPersonUpsertInput } from '../resource-operations.js';
 import type { SmartTokenExchangeResult, SmartTokenRequestInput } from '../smart-token.js';
 /**
  * Individual-controller oriented facade over a `NodeRuntimeClient`.
@@ -21,6 +24,16 @@ export declare class IndividualControllerSdk {
      * Starts the individual onboarding/bootstrap flow.
      */
     startIndividualOrganization(input: IndividualOrganizationBootstrapInput): Promise<IndividualOrganizationStartResult>;
+    /**
+     * Searches one existing family/individual registration by the phone-first
+     * business key used by channel apps.
+     */
+    searchFamilyOrganization(ctx: RouteContext, input: FamilyOrganizationSearchInput): Promise<FamilyOrganizationSummary | null>;
+    /**
+     * Searches one existing family/individual registration and starts the
+     * bootstrap flow only when the registration is still missing.
+     */
+    ensureFamilyOrganizationRegistration(ctx: RouteContext, input: EnsureFamilyOrganizationRegistrationInput): Promise<EnsureFamilyOrganizationRegistrationResult>;
     /**
      * Confirms the order returned by `startIndividualOrganization(...)`.
      */
@@ -59,6 +72,10 @@ export declare class IndividualControllerSdk {
      * Grants access to a professional through a consent flow.
      */
     grantProfessionalAccess(ctx: RouteContext, input: GrantProfessionalAccessInput): Promise<GrantProfessionalAccessResult>;
+    /**
+     * Closes an existing professional consent by setting its period end.
+     */
+    revokeProfessionalAccess(ctx: RouteContext, input: RevokeProfessionalAccessInput): Promise<RevokeProfessionalAccessResult>;
     /**
      * Imports a FHIR/IPS payload and waits until it is indexed.
      */

package/dist/orchestration/individual-controller-sdk.js

@@ -23,6 +23,20 @@ export class IndividualControllerSdk {
         assertFacadeCapability(this.capabilities, ActorCapabilities.IndividualBootstrap, ActorKinds.IndividualController, 'startIndividualOrganization');
         return requireClientMethod(this.client, 'startIndividualOrganization')(input);
     }
+    /**
+     * Searches one existing family/individual registration by the phone-first
+     * business key used by channel apps.
+     */
+    searchFamilyOrganization(ctx, input) {
+        return requireClientMethod(this.client, 'searchFamilyOrganization')(ctx, input);
+    }
+    /**
+     * Searches one existing family/individual registration and starts the
+     * bootstrap flow only when the registration is still missing.
+     */
+    ensureFamilyOrganizationRegistration(ctx, input) {
+        return requireClientMethod(this.client, 'ensureFamilyOrganizationRegistration')(ctx, input);
+    }
     /**
      * Confirms the order returned by `startIndividualOrganization(...)`.
      */
@@ -85,6 +99,13 @@ export class IndividualControllerSdk {
         assertFacadeCapability(this.capabilities, ActorCapabilities.ConsentGrantProfessionalAccess, ActorKinds.IndividualController, 'grantProfessionalAccess');
         return requireClientMethod(this.client, 'grantProfessionalAccess')(ctx, input);
     }
+    /**
+     * Closes an existing professional consent by setting its period end.
+     */
+    revokeProfessionalAccess(ctx, input) {
+        assertFacadeCapability(this.capabilities, ActorCapabilities.ConsentGrantProfessionalAccess, ActorKinds.IndividualController, 'revokeProfessionalAccess');
+        return requireClientMethod(this.client, 'revokeProfessionalAccess')(ctx, input);
+    }
     /**
      * Imports a FHIR/IPS payload and waits until it is indexed.
      */

package/dist/orchestration/organization-controller-sdk.d.ts

@@ -23,9 +23,10 @@ export declare class OrganizationControllerSdk {
      * Starts the host-side legal-organization verification transaction that GW
      * CORE forwards to ICA `_verify`.
      *
-     * This is intentionally distinct from the later host `_activate` step:
+     * This is intentionally distinct from the older host `_activate` step:
      * - `_transaction` carries signed evidence and controller business binding
-     * - `_activate` later consumes the ICA proof returned after verification
+     * - `_transaction` is complete on its own for the new flow
+     * - `_activate` remains only for the legacy ICA `_verify` compatibility path
      */
     submitLegalOrganizationVerificationTransaction(hostCtx: HostRouteContext, input: NodeLegalOrganizationVerificationTransactionInput, pollOptions?: PollOptions): Promise<SubmitAndPollResult>;
     /**

package/dist/orchestration/organization-controller-sdk.js

@@ -20,9 +20,10 @@ export class OrganizationControllerSdk {
      * Starts the host-side legal-organization verification transaction that GW
      * CORE forwards to ICA `_verify`.
      *
-     * This is intentionally distinct from the later host `_activate` step:
+     * This is intentionally distinct from the older host `_activate` step:
      * - `_transaction` carries signed evidence and controller business binding
-     * - `_activate` later consumes the ICA proof returned after verification
+     * - `_transaction` is complete on its own for the new flow
+     * - `_activate` remains only for the legacy ICA `_verify` compatibility path
      */
     submitLegalOrganizationVerificationTransaction(hostCtx, input, pollOptions) {
         return requireClientMethod(this.client, 'submitLegalOrganizationVerificationTransaction')(hostCtx, input, pollOptions);