v1.12.0

feat(interfaces): Add JWT public-key and blocklist request interfaces, publish ordering files, and update dependencies
v1.11.0
2025-12-15 18:58:10 +00:00 · 2025-12-15 18:58:10 +00:00 · 2025-12-14 10:58:46 +00:00 · 2025-12-14 10:58:46 +00:00
16 changed files with 1788 additions and 204 deletions
@@ -1,5 +1,24 @@
 # Changelog
 ## 2025-12-15 - 1.12.0 - feat(interfaces)
 Add JWT public-key and blocklist request interfaces, publish ordering files, and update dependencies
 - Introduce IReq_GetPublicKeyForValidation and IReq_PushPublicKeyForValidation with documentation in ts_interfaces/request/loint-reception.jwt.ts to support fetching and pushing JWT public keys for validation.
 - Clarify IReq_PushOrGetJwtIdBlocklist to describe both GET (client requests blocklist) and PUSH (server pushes revoked JWT IDs) directions and required client handlers.
 - Add tspublish.json ordering files for packaging: ts_interfaces (order: 1), ts (order: 2), ts_idpclient (order: 3), ts_web (order: 4).
 - Update package.json dependencies to include @git.zone/tspublish and additional @push.rocks packages (@push.rocks/smartcli, @push.rocks/smartfile, @push.rocks/smartinteract).
 ## 2025-12-14 - 1.11.0 - feat(idpcli)
 Add idp CLI (IdpCli) with commands, file-based credential storage, typed request APIs; bump deps and update config
 - Introduce a new CLI implementation under ts_idpcli: IdpCli class, runCli entrypoint and multiple commands (login, login-token, logout, whoami, orgs, orgs-create, members, invite, sessions, revoke, admin-check, admin-apps, admin-suspend, etc.).
 - Add plugins module that exports node built-ins and common libraries (smartcli, smartinteract, smartpromise, smartrx, typedrequest, typedsocket) for the CLI.
 - Expose many typed request accessors in classes.idprequests (authentication, registration, user/org/member management, billing, JWT/key management, admin operations).
 - Implement file-based credential storage (~/.idp-global/credentials.json) with load/store/delete helpers to persist refresh tokens and JWTs for the CLI.
 - Update ts/index.ts to start the website server on port 2999 (was previously started without explicit port).
 - Bump and add dependencies/devDependencies: @api.global/typedserver -> ^7.11.1, @design.estate/dees-catalog -> ^3.3.1, @push.rocks/smartjson -> ^6.0.0; add @push.rocks/smartcli, smartfile, smartinteract; upgrade @git.zone/tsbuild to ^4.0.2 and update tsrun/tswatch versions.
 - Rework npmextra.json: reorganized npmci and tsdoc sections, added release configuration (registries and accessLevel) and other npmci/docker mapping entries.
 ## 2025-12-07 - 1.10.0 - feat(billingplan)
 Add Paddle v2 checkout support and backend config endpoint; add CSP headers and bump typedserver
@@ -1,5 +1,18 @@
 {
-  "gitzone": {
+  "npmci": {
    "npmGlobalTools": [],
    "dockerRegistryRepoMap": {
      "registry.gitlab.com": "code.foss.global/idp.global/idp.global"
    },
    "dockerBuildargEnvMap": {
      "NPMCI_TOKEN_NPM2": "NPMCI_TOKEN_NPM2"
    },
    "npmRegistryUrl": "registry.npmjs.org"
  },
  "tsdoc": {
    "legal": "\n## License and Legal Information\n\nThis repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository. \n\n**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.\n\n### Trademarks\n\nThis project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH and are not included within the scope of the MIT license granted herein. Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines, and any usage must be approved in writing by Task Venture Capital GmbH.\n\n### Company Information\n\nTask Venture Capital GmbH  \nRegistered at District court Bremen HRB 35230 HB, Germany\n\nFor any legal inquiries or if you require further information, please contact us via email at hello@task.vc.\n\nBy using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.\n"
  },
  "@git.zone/cli": {
    "projectType": "website",
    "module": {
      "githost": "code.foss.global",
@@ -32,22 +45,10 @@
        "user sessions"
      ]
    },
-    "services": [
+    "services": ["mongodb", "minio"],
-      "mongodb",
+    "release": {
-      "minio"
+      "registries": ["https://verdaccio.lossless.digital"],
-    ]
+      "accessLevel": "public"
-  },
+    }
  "npmci": {
    "npmGlobalTools": [],
    "dockerRegistryRepoMap": {
      "registry.gitlab.com": "code.foss.global/idp.global/idp.global"
    },
    "dockerBuildargEnvMap": {
      "NPMCI_TOKEN_NPM2": "NPMCI_TOKEN_NPM2"
    },
    "npmRegistryUrl": "registry.npmjs.org"
  },
  "tsdoc": {
    "legal": "\n## License and Legal Information\n\nThis repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository. \n\n**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.\n\n### Trademarks\n\nThis project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH and are not included within the scope of the MIT license granted herein. Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines, and any usage must be approved in writing by Task Venture Capital GmbH.\n\n### Company Information\n\nTask Venture Capital GmbH  \nRegistered at District court Bremen HRB 35230 HB, Germany\n\nFor any legal inquiries or if you require further information, please contact us via email at hello@task.vc.\n\nBy using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.\n"
  }
 }
@@ -1,6 +1,6 @@
 {
  "name": "@idp.global/idp.global",
-  "version": "1.10.0",
+  "version": "1.12.0",
  "description": "An identity provider software managing user authentications, registrations, and sessions.",
  "main": "dist_ts/index.js",
  "typings": "dist_ts/index.d.ts",
@@ -18,18 +18,22 @@
  "dependencies": {
    "@api.global/typedrequest": "^3.2.5",
    "@api.global/typedrequest-interfaces": "^3.0.19",
-    "@api.global/typedserver": "^7.10.2",
+    "@api.global/typedserver": "^7.11.1",
    "@api.global/typedsocket": "^4.1.0",
    "@consent.software/catalog": "^2.0.1",
-    "@design.estate/dees-catalog": "^2.0.3",
+    "@design.estate/dees-catalog": "^3.3.1",
    "@design.estate/dees-domtools": "^2.3.6",
    "@design.estate/dees-element": "^2.1.3",
    "@git.zone/tspublish": "^1.10.3",
    "@push.rocks/lik": "^6.2.2",
    "@push.rocks/qenv": "^6.1.3",
    "@push.rocks/smartcli": "^4.0.19",
    "@push.rocks/smartdata": "^7.0.15",
    "@push.rocks/smartdelay": "^3.0.5",
    "@push.rocks/smartfile": "^13.1.0",
    "@push.rocks/smarthash": "^3.2.6",
-    "@push.rocks/smartjson": "^5.2.0",
+    "@push.rocks/smartinteract": "^2.0.6",
    "@push.rocks/smartjson": "^6.0.0",
    "@push.rocks/smartjwt": "^2.2.1",
    "@push.rocks/smartlog": "^3.1.10",
    "@push.rocks/smartmail": "^2.2.0",
@@ -49,10 +53,10 @@
    "@uptime.link/webwidget": "^1.2.5"
  },
  "devDependencies": {
-    "@git.zone/tsbuild": "^3.1.2",
+    "@git.zone/tsbuild": "^4.0.2",
    "@git.zone/tsbundle": "^2.6.3",
-    "@git.zone/tsrun": "^2.0.0",
+    "@git.zone/tsrun": "^2.0.1",
-    "@git.zone/tswatch": "^2.2.3",
+    "@git.zone/tswatch": "^2.3.13",
    "@push.rocks/projectinfo": "^5.0.1",
    "@types/node": "^24.10.1"
  },
@@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@idp.global/idp.global',
-  version: '1.10.0',
+  version: '1.12.0',
  description: 'An identity provider software managing user authentications, registrations, and sessions.'
 }
@@ -36,5 +36,5 @@ export const runCli = async () => {
  });
  await reception.start();
-  await websiteServer.start();
+  await websiteServer.start(2999);
 };
@@ -0,0 +1,3 @@
 {
  "order": 2
 }
@@ -0,0 +1,477 @@
 import * as plugins from './plugins.js';
 export interface IIdpCliConfig {
  idpBaseUrl: string;
  configDir?: string;
 }
 export interface IStoredCredentials {
  refreshToken?: string;
  jwt?: string;
  userId?: string;
 }
 /**
 * IdpCli - A Node.js CLI client for idp.global
 * Uses file-based storage instead of browser webstore
 */
 export class IdpCli {
  public config: IIdpCliConfig;
  public configDir: string;
  public credentialsPath: string;
  public typedsocket: plugins.typedsocket.TypedSocket;
  public typedrouter = new plugins.typedrequest.TypedRouter();
  private typedsocketDeferred = plugins.smartpromise.defer<plugins.typedsocket.TypedSocket>();
  constructor(configArg: IIdpCliConfig) {
    this.config = configArg;
    this.configDir = configArg.configDir || plugins.path.join(plugins.os.homedir(), '.idp-global');
    this.credentialsPath = plugins.path.join(this.configDir, 'credentials.json');
  }
  /**
   * Ensure config directory exists
   */
  private ensureConfigDir(): void {
    if (!plugins.fs.existsSync(this.configDir)) {
      plugins.fs.mkdirSync(this.configDir, { recursive: true });
    }
  }
  /**
   * Store credentials to file
   */
  public storeCredentials(credentials: IStoredCredentials): void {
    this.ensureConfigDir();
    plugins.fs.writeFileSync(this.credentialsPath, JSON.stringify(credentials, null, 2), 'utf8');
  }
  /**
   * Load stored credentials
   */
  public loadCredentials(): IStoredCredentials | null {
    try {
      if (!plugins.fs.existsSync(this.credentialsPath)) {
        return null;
      }
      const content = plugins.fs.readFileSync(this.credentialsPath, 'utf8');
      return JSON.parse(content);
    } catch {
      return null;
    }
  }
  /**
   * Delete stored credentials (logout)
   */
  public deleteCredentials(): void {
    try {
      if (plugins.fs.existsSync(this.credentialsPath)) {
        plugins.fs.unlinkSync(this.credentialsPath);
      }
    } catch {
      // ignore if file doesn't exist
    }
  }
  /**
   * Connect to IDP server via WebSocket
   */
  public async connect(): Promise<void> {
    if (this.typedsocketDeferred.status === 'fulfilled') {
      return;
    }
    let baseUrl = this.config.idpBaseUrl;
    if (baseUrl.endsWith('/')) {
      baseUrl = baseUrl.slice(0, -1);
    }
    if (!baseUrl.endsWith('/typedrequest')) {
      baseUrl = `${baseUrl}/typedrequest`;
    }
    console.log(`Connecting to ${baseUrl}...`);
    this.typedsocket = await plugins.typedsocket.TypedSocket.createClient(
      this.typedrouter,
      baseUrl
    );
    this.typedsocketDeferred.resolve(this.typedsocket);
    console.log('Connected!');
  }
  /**
   * Disconnect from IDP server
   */
  public async disconnect(): Promise<void> {
    if (this.typedsocket) {
      await this.typedsocket.stop();
    }
  }
  // ============================================
  // Authentication Commands
  // ============================================
  /**
   * Login with email and password
   */
  public async loginWithPassword(email: string, password: string): Promise<boolean> {
    await this.connect();
    const loginRequest = this.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_LoginWithEmailOrUsernameAndPassword>(
      'loginWithEmailOrUsernameAndPassword'
    );
    const response = await loginRequest.fire({
      username: email,
      password: password,
    });
    if (response.refreshToken) {
      this.storeCredentials({
        refreshToken: response.refreshToken,
      });
      console.log('Login successful!');
      return true;
    } else if (response.twoFaNeeded) {
      console.log('Two-factor authentication required.');
      return false;
    } else {
      console.log('Login failed.');
      return false;
    }
  }
  /**
   * Login with API token
   */
  public async loginWithApiToken(apiToken: string): Promise<boolean> {
    await this.connect();
    const loginRequest = this.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_LoginWithApiToken>(
      'loginWithApiToken'
    );
    const response = await loginRequest.fire({
      apiToken,
    });
    if (response.jwt) {
      this.storeCredentials({
        jwt: response.jwt,
      });
      console.log('Login successful!');
      return true;
    } else {
      console.log('Login failed.');
      return false;
    }
  }
  /**
   * Refresh JWT from stored refresh token
   */
  public async refreshJwt(): Promise<string | null> {
    const credentials = this.loadCredentials();
    if (!credentials?.refreshToken) {
      console.error('No refresh token stored. Please login first.');
      return null;
    }
    await this.connect();
    const refreshRequest = this.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_RefreshJwt>(
      'refreshJwt'
    );
    const response = await refreshRequest.fire({
      refreshToken: credentials.refreshToken,
    });
    if (response.jwt) {
      this.storeCredentials({
        ...credentials,
        jwt: response.jwt,
      });
      return response.jwt;
    }
    return null;
  }
  /**
   * Logout - clear stored credentials
   */
  public async logout(): Promise<void> {
    const credentials = this.loadCredentials();
    if (credentials?.refreshToken) {
      try {
        await this.connect();
        const logoutRequest = this.typedsocket.createTypedRequest<plugins.idpInterfaces.request.ILogoutRequest>(
          'logout'
        );
        await logoutRequest.fire({
          refreshToken: credentials.refreshToken,
        });
      } catch (e) {
        // Ignore errors during server-side logout
      }
    }
    this.deleteCredentials();
    console.log('Logged out successfully.');
  }
  // ============================================
  // User Commands
  // ============================================
  /**
   * Get current user info
   */
  public async whoami(): Promise<plugins.idpInterfaces.data.IUser | null> {
    const jwt = await this.ensureAuthenticated();
    if (!jwt) return null;
    await this.connect();
    const whoIsRequest = this.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_WhoIs>(
      'whoIs'
    );
    const response = await whoIsRequest.fire({ jwt });
    return response.user;
  }
  /**
   * Get user sessions
   */
  public async getSessions(): Promise<plugins.idpInterfaces.request.IReq_GetUserSessions['response']['sessions'] | null> {
    const jwt = await this.ensureAuthenticated();
    if (!jwt) return null;
    await this.connect();
    const sessionsRequest = this.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_GetUserSessions>(
      'getUserSessions'
    );
    const response = await sessionsRequest.fire({ jwt });
    return response.sessions;
  }
  /**
   * Revoke a session
   */
  public async revokeSession(sessionId: string): Promise<boolean> {
    const jwt = await this.ensureAuthenticated();
    if (!jwt) return false;
    await this.connect();
    const revokeRequest = this.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_RevokeSession>(
      'revokeSession'
    );
    const response = await revokeRequest.fire({ jwt, sessionId });
    return response.success;
  }
  // ============================================
  // Organization Commands
  // ============================================
  /**
   * Get organizations for current user
   */
  public async getOrganizations(): Promise<{
    roles: plugins.idpInterfaces.data.IRole[];
    organizations: plugins.idpInterfaces.data.IOrganization[];
  } | null> {
    const jwt = await this.ensureAuthenticated();
    if (!jwt) return null;
    const user = await this.whoami();
    if (!user) return null;
    await this.connect();
    const orgsRequest = this.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_GetRolesAndOrganizationsForUserId>(
      'getRolesAndOrganizationsForUserId'
    );
    const response = await orgsRequest.fire({
      jwt,
      userId: user.id,
    });
    return response;
  }
  /**
   * Create a new organization
   */
  public async createOrganization(
    name: string,
    slug: string,
    mode: 'checkAvailability' | 'manifest' = 'manifest'
  ): Promise<plugins.idpInterfaces.request.IReq_CreateOrganization['response'] | null> {
    const jwt = await this.ensureAuthenticated();
    if (!jwt) return null;
    const user = await this.whoami();
    if (!user) return null;
    await this.connect();
    const createRequest = this.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_CreateOrganization>(
      'createOrganization'
    );
    const response = await createRequest.fire({
      jwt,
      userId: user.id,
      organizationName: name,
      organizationSlug: slug,
      action: mode,
    });
    return response;
  }
  /**
   * Get organization members
   */
  public async getOrgMembers(
    organizationId: string
  ): Promise<plugins.idpInterfaces.request.IReq_GetOrgMembers['response']['members'] | null> {
    const jwt = await this.ensureAuthenticated();
    if (!jwt) return null;
    await this.connect();
    const membersRequest = this.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_GetOrgMembers>(
      'getOrgMembers'
    );
    const response = await membersRequest.fire({
      jwt,
      organizationId,
    });
    return response.members;
  }
  /**
   * Invite a user to organization
   */
  public async inviteMember(
    organizationId: string,
    email: string,
    roles: string[] = ['member']
  ): Promise<plugins.idpInterfaces.request.IReq_CreateInvitation['response'] | null> {
    const jwt = await this.ensureAuthenticated();
    if (!jwt) return null;
    await this.connect();
    const inviteRequest = this.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_CreateInvitation>(
      'createInvitation'
    );
    const response = await inviteRequest.fire({
      jwt,
      organizationId,
      email,
      roles,
    });
    return response;
  }
  // ============================================
  // Admin Commands
  // ============================================
  /**
   * Check if current user is global admin
   */
  public async checkGlobalAdmin(): Promise<boolean> {
    const jwt = await this.ensureAuthenticated();
    if (!jwt) return false;
    await this.connect();
    const adminRequest = this.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_CheckGlobalAdmin>(
      'checkGlobalAdmin'
    );
    const response = await adminRequest.fire({ jwt });
    return response.isGlobalAdmin;
  }
  /**
   * Get global app statistics (admin only)
   */
  public async getGlobalAppStats(): Promise<plugins.idpInterfaces.request.IReq_GetGlobalAppStats['response']['apps'] | null> {
    const jwt = await this.ensureAuthenticated();
    if (!jwt) return null;
    await this.connect();
    const statsRequest = this.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_GetGlobalAppStats>(
      'getGlobalAppStats'
    );
    const response = await statsRequest.fire({ jwt });
    return response.apps;
  }
  /**
   * Suspend a user (admin only)
   */
  public async suspendUser(userId: string): Promise<boolean> {
    const jwt = await this.ensureAuthenticated();
    if (!jwt) return false;
    await this.connect();
    const suspendRequest = this.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_SuspendUser>(
      'suspendUser'
    );
    await suspendRequest.fire({ jwt, userId });
    return true;
  }
  // ============================================
  // Helpers
  // ============================================
  /**
   * Ensure user is authenticated, refresh JWT if needed
   */
  private async ensureAuthenticated(): Promise<string | null> {
    let credentials = this.loadCredentials();
    if (!credentials) {
      console.error('Not logged in. Please run: idp login');
      return null;
    }
    // If we have a JWT, return it
    if (credentials.jwt) {
      return credentials.jwt;
    }
    // Otherwise, try to get a new JWT from refresh token
    if (credentials.refreshToken) {
      const jwt = await this.refreshJwt();
      return jwt;
    }
    console.error('No valid credentials. Please run: idp login');
    return null;
  }
 }
@@ -0,0 +1,362 @@
 import * as plugins from './plugins.js';
 import { IdpCli } from './classes.idpcli.js';
 export { IdpCli } from './classes.idpcli.js';
 const DEFAULT_IDP_URL = 'https://idp.global';
 /**
 * Run the CLI
 */
 export const runCli = async () => {
  const smartcliInstance = new plugins.smartcli.Smartcli();
  smartcliInstance.addVersion('1.0.0');
  const getIdpClient = () => {
    const idpUrl = process.env.IDP_URL || DEFAULT_IDP_URL;
    return new IdpCli({ idpBaseUrl: idpUrl });
  };
  // ============================================
  // Help
  // ============================================
  smartcliInstance.addHelp({
    helpText: `
 idp - CLI for idp.global identity provider
 USAGE:
  idp <command> [options]
 COMMANDS:
  login             Login with email and password
  login-token       Login with API token
  logout            Logout and clear credentials
  whoami            Show current user information
  orgs              List organizations
  orgs-create       Create a new organization
  members           List organization members
  invite            Invite a user to organization
  sessions          List active sessions
  revoke            Revoke a session
  admin-check       Check if current user is global admin
  admin-apps        List global apps (admin only)
  admin-suspend     Suspend a user (admin only)
  help              Show this help message
 ENVIRONMENT:
  IDP_URL           Override IDP server URL (default: https://idp.global)
 EXAMPLES:
  idp login
  idp whoami
  idp orgs
  idp members --org <org-id>
  idp invite --org <org-id> --email user@example.com
 `,
  });
  // ============================================
  // Login Commands
  // ============================================
  smartcliInstance.addCommand('login').subscribe(async (argv) => {
    const client = getIdpClient();
    const interact = new plugins.smartinteract.SmartInteract();
    const emailAnswer = await interact.askQuestion({
      type: 'input',
      name: 'email',
      message: 'Email:',
      default: '',
    });
    const passwordAnswer = await interact.askQuestion({
      type: 'password',
      name: 'password',
      message: 'Password:',
      default: '',
    });
    await client.loginWithPassword(emailAnswer.value as string, passwordAnswer.value as string);
    await client.disconnect();
  });
  smartcliInstance.addCommand('login-token').subscribe(async (argv) => {
    const client = getIdpClient();
    const interact = new plugins.smartinteract.SmartInteract();
    const tokenAnswer = await interact.askQuestion({
      type: 'password',
      name: 'token',
      message: 'API Token:',
      default: '',
    });
    await client.loginWithApiToken(tokenAnswer.value as string);
    await client.disconnect();
  });
  smartcliInstance.addCommand('logout').subscribe(async (argv) => {
    const client = getIdpClient();
    await client.logout();
    await client.disconnect();
  });
  // ============================================
  // User Commands
  // ============================================
  smartcliInstance.addCommand('whoami').subscribe(async (argv) => {
    const client = getIdpClient();
    const user = await client.whoami();
    if (user) {
      console.log('\nUser Information:');
      console.log(`  ID: ${user.id}`);
      console.log(`  Name: ${user.data?.name || 'N/A'}`);
      console.log(`  Username: ${user.data?.username || 'N/A'}`);
      console.log(`  Email: ${user.data?.email || 'N/A'}`);
      console.log(`  Status: ${user.data?.status || 'N/A'}`);
      console.log(`  Global Admin: ${user.data?.isGlobalAdmin ? 'Yes' : 'No'}`);
    }
    await client.disconnect();
  });
  smartcliInstance.addCommand('sessions').subscribe(async (argv) => {
    const client = getIdpClient();
    const sessions = await client.getSessions();
    if (sessions) {
      console.log('\nActive Sessions:');
      for (const session of sessions) {
        console.log(`  - ${session.id}`);
        console.log(`    Device: ${session.deviceName || 'Unknown'}`);
        console.log(`    Browser: ${session.browser || 'Unknown'}`);
        console.log(`    OS: ${session.os || 'Unknown'}`);
        console.log(`    Last Active: ${new Date(session.lastActive).toLocaleString()}`);
        console.log(`    Current: ${session.isCurrent ? 'Yes' : 'No'}`);
        console.log('');
      }
    }
    await client.disconnect();
  });
  smartcliInstance.addCommand('revoke').subscribe(async (argv) => {
    const client = getIdpClient();
    const sessionId = argv.session || argv.s || argv._[1];
    if (!sessionId) {
      console.error('Please provide a session ID: idp revoke --session <session-id>');
      return;
    }
    const success = await client.revokeSession(sessionId);
    if (success) {
      console.log('Session revoked successfully.');
    } else {
      console.error('Failed to revoke session.');
    }
    await client.disconnect();
  });
  // ============================================
  // Organization Commands
  // ============================================
  smartcliInstance.addCommand('orgs').subscribe(async (argv) => {
    const client = getIdpClient();
    const result = await client.getOrganizations();
    if (result) {
      console.log('\nOrganizations:');
      for (const org of result.organizations) {
        const role = result.roles.find((r) => r.data?.organizationId === org.id);
        console.log(`  - ${org.data?.name} (${org.id})`);
        console.log(`    Slug: ${org.data?.slug}`);
        console.log(`    Roles: ${role?.data?.roles?.join(', ') || 'Unknown'}`);
        console.log('');
      }
    }
    await client.disconnect();
  });
  smartcliInstance.addCommand('orgs-create').subscribe(async (argv) => {
    const client = getIdpClient();
    const interact = new plugins.smartinteract.SmartInteract();
    const nameAnswer = await interact.askQuestion({
      type: 'input',
      name: 'name',
      message: 'Organization Name:',
      default: '',
    });
    const slugAnswer = await interact.askQuestion({
      type: 'input',
      name: 'slug',
      message: 'Organization Slug:',
      default: '',
    });
    // First check availability
    const checkResult = await client.createOrganization(
      nameAnswer.value as string,
      slugAnswer.value as string,
      'checkAvailability'
    );
    if (!checkResult?.nameAvailable) {
      console.error('Organization name or slug is not available.');
      await client.disconnect();
      return;
    }
    // Then create
    const result = await client.createOrganization(
      nameAnswer.value as string,
      slugAnswer.value as string,
      'manifest'
    );
    if (result?.resultingOrganization) {
      console.log('\nOrganization created successfully!');
      console.log(`  ID: ${result.resultingOrganization.id}`);
      console.log(`  Name: ${result.resultingOrganization.data?.name}`);
    }
    await client.disconnect();
  });
  // ============================================
  // Member Commands
  // ============================================
  smartcliInstance.addCommand('members').subscribe(async (argv) => {
    const client = getIdpClient();
    const orgId = argv.org || argv.o || argv._[1];
    if (!orgId) {
      console.error('Please provide an organization ID: idp members --org <org-id>');
      return;
    }
    const members = await client.getOrgMembers(orgId);
    if (members) {
      console.log('\nOrganization Members:');
      for (const member of members) {
        console.log(`  - ${member.user.data?.name || 'Unknown'}`);
        console.log(`    Email: ${member.user.data?.email || 'N/A'}`);
        console.log(`    Roles: ${member.role.data?.roles?.join(', ') || 'Unknown'}`);
        console.log('');
      }
    }
    await client.disconnect();
  });
  smartcliInstance.addCommand('invite').subscribe(async (argv) => {
    const client = getIdpClient();
    const orgId = argv.org || argv.o;
    const email = argv.email || argv.e || argv._[1];
    if (!orgId || !email) {
      console.error('Please provide organization ID and email:');
      console.error('  idp invite --org <org-id> --email user@example.com');
      return;
    }
    const result = await client.inviteMember(orgId, email);
    if (result?.success) {
      console.log(`Invitation sent to ${email}`);
    } else {
      console.error(`Failed to send invitation: ${result?.message || 'Unknown error'}`);
    }
    await client.disconnect();
  });
  // ============================================
  // Admin Commands
  // ============================================
  smartcliInstance.addCommand('admin-check').subscribe(async (argv) => {
    const client = getIdpClient();
    const isAdmin = await client.checkGlobalAdmin();
    if (isAdmin) {
      console.log('You are a global admin.');
    } else {
      console.log('You are not a global admin.');
    }
    await client.disconnect();
  });
  smartcliInstance.addCommand('admin-apps').subscribe(async (argv) => {
    const client = getIdpClient();
    const apps = await client.getGlobalAppStats();
    if (apps) {
      console.log('\nGlobal Apps:');
      for (const appInfo of apps) {
        console.log(`  - ${appInfo.app.data?.name}`);
        console.log(`    ID: ${appInfo.app.id}`);
        console.log(`    Connections: ${appInfo.connectionCount}`);
        console.log('');
      }
    }
    await client.disconnect();
  });
  smartcliInstance.addCommand('admin-suspend').subscribe(async (argv) => {
    const client = getIdpClient();
    const userId = argv.user || argv.u || argv._[1];
    if (!userId) {
      console.error('Please provide a user ID: idp admin-suspend --user <user-id>');
      return;
    }
    const interact = new plugins.smartinteract.SmartInteract();
    const confirmAnswer = await interact.askQuestion({
      type: 'confirm',
      name: 'confirm',
      message: `Are you sure you want to suspend user ${userId}?`,
      default: false,
    });
    if (confirmAnswer.value) {
      const success = await client.suspendUser(userId);
      if (success) {
        console.log('User suspended successfully.');
      } else {
        console.error('Failed to suspend user.');
      }
    } else {
      console.log('Operation cancelled.');
    }
    await client.disconnect();
  });
  // ============================================
  // Default/Standard command
  // ============================================
  smartcliInstance.standardCommand().subscribe(async (argv) => {
    // If no command specified, show help
    smartcliInstance.triggerCommand('help', argv);
  });
  // Start parsing
  smartcliInstance.startParse();
 };
 // Auto-run if this is the main module
 runCli().catch(console.error);
@@ -0,0 +1,25 @@
 // node built-ins
 import * as fs from 'fs';
 import * as path from 'path';
 import * as os from 'os';
 export { fs, path, os };
 // @push.rocks scope
 import * as smartcli from '@push.rocks/smartcli';
 import * as smartpromise from '@push.rocks/smartpromise';
 import * as smartrx from '@push.rocks/smartrx';
 import * as smartinteract from '@push.rocks/smartinteract';
 export { smartcli, smartpromise, smartrx, smartinteract };
 // @api.global scope
 import * as typedrequest from '@api.global/typedrequest';
 import * as typedsocket from '@api.global/typedsocket';
 export { typedrequest, typedsocket };
 // local
 import * as idpInterfaces from '../dist_ts_interfaces/index.js';
 export { idpInterfaces };
@@ -53,4 +53,274 @@ export class IdpRequests {
      'exchangeRefreshTokenAndTransferToken'
    );
  }
  // ============================================
  // Login & Authentication
  // ============================================
  public get loginWithEmail() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_LoginWithEmail>(
      'loginWithEmail'
    );
  }
  public get loginWithEmailAfterToken() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_LoginWithEmailAfterEmailTokenAquired>(
      'loginWithEmailAfterEmailTokenAquired'
    );
  }
  public get loginWithApiToken() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_LoginWithApiToken>(
      'loginWithApiToken'
    );
  }
  public get resetPassword() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_ResetPassword>(
      'resetPassword'
    );
  }
  public get setNewPassword() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_SetNewPassword>(
      'setNewPassword'
    );
  }
  public get obtainDeviceId() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_ObtainDeviceId>(
      'obtainDeviceId'
    );
  }
  public get attachDeviceId() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_AttachDeviceId>(
      'attachDeviceId'
    );
  }
  // ============================================
  // Registration
  // ============================================
  public get firstRegistration() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_FirstRegistration>(
      'firstRegistrationRequest'
    );
  }
  // ============================================
  // User Management
  // ============================================
  public get getUserData() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_GetUserData>(
      'getUserData'
    );
  }
  public get setUserData() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_SetUserData>(
      'setUserData'
    );
  }
  public get getUserSessions() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_GetUserSessions>(
      'getUserSessions'
    );
  }
  public get revokeSession() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_RevokeSession>(
      'revokeSession'
    );
  }
  public get getUserActivity() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_GetUserActivity>(
      'getUserActivity'
    );
  }
  // ============================================
  // Organization Management
  // ============================================
  public get getOrganizationById() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_GetOrganizationById>(
      'getOrganizationById'
    );
  }
  public get updateOrganization() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_UpdateOrganization>(
      'updateOrganization'
    );
  }
  // ============================================
  // Member & Invitation Management
  // ============================================
  public get createInvitation() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_CreateInvitation>(
      'createInvitation'
    );
  }
  public get getOrgInvitations() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_GetOrgInvitations>(
      'getOrgInvitations'
    );
  }
  public get getOrgMembers() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_GetOrgMembers>(
      'getOrgMembers'
    );
  }
  public get cancelInvitation() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_CancelInvitation>(
      'cancelInvitation'
    );
  }
  public get resendInvitation() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_ResendInvitation>(
      'resendInvitation'
    );
  }
  public get removeMember() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_RemoveMember>(
      'removeMember'
    );
  }
  public get updateMemberRoles() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_UpdateMemberRoles>(
      'updateMemberRoles'
    );
  }
  public get transferOwnership() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_TransferOwnership>(
      'transferOwnership'
    );
  }
  public get getInvitationByToken() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_GetInvitationByToken>(
      'getInvitationByToken'
    );
  }
  public get acceptInvitation() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_AcceptInvitation>(
      'acceptInvitation'
    );
  }
  public get bulkCreateInvitations() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_BulkCreateInvitations>(
      'bulkCreateInvitations'
    );
  }
  // ============================================
  // Billing
  // ============================================
  public get getBillingPlan() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_GetBillingPlan>(
      'getBillingPlan'
    );
  }
  public get getPaddleConfig() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_GetPaddleConfig>(
      'getPaddleConfig'
    );
  }
  // ============================================
  // JWT Verification & Management
  // ============================================
  public get getPublicKeyForValidation() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_GetPublicKeyForValidation>(
      'getPublicKeyForValidation'
    );
  }
  public get pushPublicKeyForValidation() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_PushPublicKeyForValidation>(
      'pushPublicKeyForValidation'
    );
  }
  public get pushOrGetJwtIdBlocklist() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_PushOrGetJwtIdBlocklist>(
      'pushOrGetJwtIdBlocklist'
    );
  }
  // ============================================
  // User Suspension (Admin)
  // ============================================
  public get suspendUser() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_SuspendUser>(
      'suspendUser'
    );
  }
  public get deleteSuspendedUser() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IDeleteSuspendedUser>(
      'deleteSuspendedUser'
    );
  }
  // ============================================
  // Admin (Global Admin Only)
  // ============================================
  public get checkGlobalAdmin() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_CheckGlobalAdmin>(
      'checkGlobalAdmin'
    );
  }
  public get getGlobalAppStats() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_GetGlobalAppStats>(
      'getGlobalAppStats'
    );
  }
  public get createGlobalApp() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_CreateGlobalApp>(
      'createGlobalApp'
    );
  }
  public get updateGlobalApp() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_UpdateGlobalApp>(
      'updateGlobalApp'
    );
  }
  public get deleteGlobalApp() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_DeleteGlobalApp>(
      'deleteGlobalApp'
    );
  }
  public get regenerateAppCredentials() {
    return this.idpClientArg.typedsocket.createTypedRequest<plugins.idpInterfaces.request.IReq_RegenerateAppCredentials>(
      'regenerateAppCredentials'
    );
  }
 }
@@ -0,0 +1,3 @@
 {
  "order": 3
 }
@@ -1,6 +1,16 @@
 import * as data from '../data/index.js';
 import * as plugins from '../loint-reception.plugins.js';
 /**
 * Request to get the public key for JWT validation.
 *
 * **Direction:** Client → idp.global
 * **Requester:** Backend services that need to verify JWTs
 * **Handler:** idp.global
 *
 * Use this to fetch the current public key for verifying JWT signatures.
 * The backend token authenticates the requesting service.
 */
 export interface IReq_GetPublicKeyForValidation
  extends plugins.typedRequestInterfaces.implementsTR<
    plugins.typedRequestInterfaces.ITypedRequest,
@@ -15,6 +25,16 @@ export interface IReq_GetPublicKeyForValidation
  };
 }
 /**
 * Push public key to connected backend services for JWT validation.
 *
 * **Direction:** idp.global → Client
 * **Requester:** idp.global (pushes when the JWT signing key rotates)
 * **Handler:** Backend services - must register a TypedHandler for this method
 *
 * Backend services should register a handler using `IdpClient.onPublicKeyPush()`
 * to receive key rotation updates and update their local key cache.
 */
 export interface IReq_PushPublicKeyForValidation
  extends plugins.typedRequestInterfaces.implementsTR<
    plugins.typedRequestInterfaces.ITypedRequest,
@@ -28,7 +48,21 @@ export interface IReq_PushPublicKeyForValidation
 }
 /**
- * allows getting or pushing a blocklist of jwt ids
+ * Push or get JWT ID blocklist for revoked tokens.
 *
 * **Bidirectional:**
 * - **GET direction:** Client → idp.global - Client requests current blocklist
 * - **PUSH direction:** idp.global → Client - Server pushes new blocklisted IDs
 *
 * **For GET (client fires):**
 * - Fire with empty/undefined `blockedJwtIds` to request the full blocklist
 * - Response contains the complete list of blocked JWT IDs
 * - Use `IdpClient.requests.getJwtIdBlocklist` for this direction
 *
 * **For PUSH (idp.global fires):**
 * - idp.global sends newly blocklisted JWT IDs to connected clients
 * - Clients must register a handler using `IdpClient.onBlocklistPush()`
 * - Store received IDs locally to reject revoked tokens
 */
 export interface IReq_PushOrGetJwtIdBlocklist
  extends plugins.typedRequestInterfaces.implementsTR<
@@ -0,0 +1,3 @@
 {
  "order": 1
 }
@@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@idp.global/idp.global',
-  version: '1.10.0',
+  version: '1.12.0',
  description: 'An identity provider software managing user authentications, registrations, and sessions.'
 }
@@ -0,0 +1,3 @@
 {
  "order": 4
 }
Author	SHA1	Message	Date
jkunz	6645806a87	v1.12.0 Docker (tags) / security (push) Failing after 0s Details Docker (tags) / test (push) Has been skipped Details Docker (tags) / release (push) Has been skipped Details Docker (tags) / metadata (push) Has been skipped Details	2025-12-15 18:58:10 +00:00
jkunz	dc3f232f43	feat(interfaces): Add JWT public-key and blocklist request interfaces, publish ordering files, and update dependencies	2025-12-15 18:58:10 +00:00
jkunz	cc9d56ff4b	v1.11.0 Docker (tags) / security (push) Failing after 1s Details Docker (tags) / test (push) Has been skipped Details Docker (tags) / release (push) Has been skipped Details Docker (tags) / metadata (push) Has been skipped Details	2025-12-14 10:58:46 +00:00
jkunz	47ca5934a6	feat(idpcli): Add idp CLI (IdpCli) with commands, file-based credential storage, typed request APIs; bump deps and update config	2025-12-14 10:58:46 +00:00