npm - @astralibx/staff-engine - Versions diffs - 0.2.0 → 0.2.2 - Mend

@astralibx/staff-engine 0.2.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -4,6 +4,7 @@ import { IStaff, IPermissionGroup, LogAdapter, IPermissionGroupCreateInput, IPer
 export { DEFAULT_OPTIONS, ResolvedOptions, StaffEngineConfig } from '@astralibx/staff-types';
 import { AlxError } from '@astralibx/core';
 export { sendSuccess } from '@astralibx/core';
+import { z } from 'zod';
 interface IStaffDocument extends Omit<IStaff, '_id'>, Document {
     _id: Types.ObjectId;
@@ -46,6 +47,35 @@ declare class PermissionService {
     getAllPermissionKeys(): Promise<string[]>;
 }
+interface StaffServiceDeps {
+    Staff: Model<IStaffDocument>;
+    PermissionGroup: Model<IPermissionGroupDocument>;
+    adapters: StaffAdapters;
+    hooks: StaffHooks;
+    permissionCache: PermissionCacheService;
+    logger: LogAdapter;
+    tenantId?: string;
+    requireEmailUniqueness: boolean;
+}
+declare class StaffService {
+    private Staff;
+    private PermissionGroup;
+    private adapters;
+    private hooks;
+    private permissionCache;
+    private logger;
+    private tenantId?;
+    private requireEmailUniqueness;
+    constructor(deps: StaffServiceDeps);
+    private get tenantFilter();
+    create(data: IStaffCreateInput): Promise<IStaffDocument>;
+    list(filters?: IStaffListFilters): Promise<IPaginatedResult<IStaffDocument>>;
+    getById(staffId: string): Promise<IStaffDocument>;
+    update(staffId: string, data: IStaffUpdateInput): Promise<IStaffDocument>;
+    updatePermissions(staffId: string, permissions: string[]): Promise<IStaffDocument>;
+    updateStatus(staffId: string, status: string): Promise<IStaffDocument>;
+}
 declare class RateLimiterService {
     private windowMs;
     private maxAttempts;
@@ -67,38 +97,32 @@ declare class RateLimiterService {
     private recordAttemptRedis;
 }
-interface StaffServiceDeps {
+interface AuthServiceDeps {
     Staff: Model<IStaffDocument>;
-    PermissionGroup: Model<IPermissionGroupDocument>;
     adapters: StaffAdapters;
     hooks: StaffHooks;
-    permissionCache: PermissionCacheService;
     rateLimiter: RateLimiterService;
     logger: LogAdapter;
     tenantId?: string;
     jwtSecret: string;
     staffTokenExpiry: string;
     ownerTokenExpiry: string;
-    requireEmailUniqueness: boolean;
     allowSelfPasswordChange: boolean;
 }
-declare class StaffService {
+declare class AuthService {
     private Staff;
-    private PermissionGroup;
     private adapters;
     private hooks;
-    private permissionCache;
     private rateLimiter;
     private logger;
     private tenantId?;
     private jwtSecret;
     private staffTokenExpiry;
     private ownerTokenExpiry;
-    private requireEmailUniqueness;
     private allowSelfPasswordChange;
-    constructor(deps: StaffServiceDeps);
+    constructor(deps: AuthServiceDeps);
     private get tenantFilter();
-    private generateToken;
+    generateToken(staffId: string, role: string): string;
     setupOwner(data: {
         name: string;
         email: string;
@@ -111,18 +135,14 @@ declare class StaffService {
         staff: IStaffDocument;
         token: string;
     }>;
-    create(data: IStaffCreateInput): Promise<IStaffDocument>;
-    list(filters?: IStaffListFilters): Promise<IPaginatedResult<IStaffDocument>>;
-    getById(staffId: string): Promise<IStaffDocument>;
-    update(staffId: string, data: IStaffUpdateInput): Promise<IStaffDocument>;
-    updatePermissions(staffId: string, permissions: string[]): Promise<IStaffDocument>;
-    updateStatus(staffId: string, status: string): Promise<IStaffDocument>;
     resetPassword(staffId: string, newPassword: string): Promise<void>;
     changeOwnPassword(staffId: string, oldPassword: string, newPassword: string): Promise<void>;
 }
 interface StaffUser {
     staffId: string;
+    name: string;
+    email: string;
     role: string;
     permissions: string[];
 }
@@ -238,10 +258,206 @@ declare class InvalidConfigError extends AlxStaffError {
  */
 declare function validatePermissionPairs(permissions: string[], allGroups: IPermissionGroupDocument[]): void;
+declare const StaffEngineConfigSchema: z.ZodObject<{
+    db: z.ZodObject<{
+        connection: z.ZodEffects<z.ZodUnknown, {}, unknown>;
+        collectionPrefix: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        connection: {};
+        collectionPrefix?: string | undefined;
+    }, {
+        connection?: unknown;
+        collectionPrefix?: string | undefined;
+    }>;
+    redis: z.ZodOptional<z.ZodObject<{
+        connection: z.ZodUnknown;
+        keyPrefix: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        connection?: unknown;
+        keyPrefix?: string | undefined;
+    }, {
+        connection?: unknown;
+        keyPrefix?: string | undefined;
+    }>>;
+    logger: z.ZodOptional<z.ZodObject<{
+        info: z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>;
+        warn: z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>;
+        error: z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>;
+    }, "strip", z.ZodTypeAny, {
+        info: (...args: unknown[]) => unknown;
+        warn: (...args: unknown[]) => unknown;
+        error: (...args: unknown[]) => unknown;
+    }, {
+        info: (...args: unknown[]) => unknown;
+        warn: (...args: unknown[]) => unknown;
+        error: (...args: unknown[]) => unknown;
+    }>>;
+    tenantId: z.ZodOptional<z.ZodString>;
+    auth: z.ZodObject<{
+        jwtSecret: z.ZodString;
+        staffTokenExpiry: z.ZodOptional<z.ZodString>;
+        ownerTokenExpiry: z.ZodOptional<z.ZodString>;
+        permissionCacheTtlMs: z.ZodOptional<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        jwtSecret: string;
+        staffTokenExpiry?: string | undefined;
+        ownerTokenExpiry?: string | undefined;
+        permissionCacheTtlMs?: number | undefined;
+    }, {
+        jwtSecret: string;
+        staffTokenExpiry?: string | undefined;
+        ownerTokenExpiry?: string | undefined;
+        permissionCacheTtlMs?: number | undefined;
+    }>;
+    adapters: z.ZodObject<{
+        hashPassword: z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>;
+        comparePassword: z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>;
+    }, "strip", z.ZodTypeAny, {
+        hashPassword: (...args: unknown[]) => unknown;
+        comparePassword: (...args: unknown[]) => unknown;
+    }, {
+        hashPassword: (...args: unknown[]) => unknown;
+        comparePassword: (...args: unknown[]) => unknown;
+    }>;
+    hooks: z.ZodOptional<z.ZodObject<{
+        onStaffCreated: z.ZodOptional<z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>>;
+        onLogin: z.ZodOptional<z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>>;
+        onLoginFailed: z.ZodOptional<z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>>;
+        onPermissionsChanged: z.ZodOptional<z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>>;
+        onStatusChanged: z.ZodOptional<z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>>;
+        onMetric: z.ZodOptional<z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>>;
+    }, "strip", z.ZodTypeAny, {
+        onStaffCreated?: ((...args: unknown[]) => unknown) | undefined;
+        onLogin?: ((...args: unknown[]) => unknown) | undefined;
+        onLoginFailed?: ((...args: unknown[]) => unknown) | undefined;
+        onPermissionsChanged?: ((...args: unknown[]) => unknown) | undefined;
+        onStatusChanged?: ((...args: unknown[]) => unknown) | undefined;
+        onMetric?: ((...args: unknown[]) => unknown) | undefined;
+    }, {
+        onStaffCreated?: ((...args: unknown[]) => unknown) | undefined;
+        onLogin?: ((...args: unknown[]) => unknown) | undefined;
+        onLoginFailed?: ((...args: unknown[]) => unknown) | undefined;
+        onPermissionsChanged?: ((...args: unknown[]) => unknown) | undefined;
+        onStatusChanged?: ((...args: unknown[]) => unknown) | undefined;
+        onMetric?: ((...args: unknown[]) => unknown) | undefined;
+    }>>;
+    options: z.ZodOptional<z.ZodObject<{
+        requireEmailUniqueness: z.ZodOptional<z.ZodBoolean>;
+        allowSelfPasswordChange: z.ZodOptional<z.ZodBoolean>;
+        rateLimiter: z.ZodOptional<z.ZodObject<{
+            windowMs: z.ZodOptional<z.ZodNumber>;
+            maxAttempts: z.ZodOptional<z.ZodNumber>;
+        }, "strip", z.ZodTypeAny, {
+            windowMs?: number | undefined;
+            maxAttempts?: number | undefined;
+        }, {
+            windowMs?: number | undefined;
+            maxAttempts?: number | undefined;
+        }>>;
+    }, "strip", z.ZodTypeAny, {
+        requireEmailUniqueness?: boolean | undefined;
+        allowSelfPasswordChange?: boolean | undefined;
+        rateLimiter?: {
+            windowMs?: number | undefined;
+            maxAttempts?: number | undefined;
+        } | undefined;
+    }, {
+        requireEmailUniqueness?: boolean | undefined;
+        allowSelfPasswordChange?: boolean | undefined;
+        rateLimiter?: {
+            windowMs?: number | undefined;
+            maxAttempts?: number | undefined;
+        } | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    db: {
+        connection: {};
+        collectionPrefix?: string | undefined;
+    };
+    auth: {
+        jwtSecret: string;
+        staffTokenExpiry?: string | undefined;
+        ownerTokenExpiry?: string | undefined;
+        permissionCacheTtlMs?: number | undefined;
+    };
+    adapters: {
+        hashPassword: (...args: unknown[]) => unknown;
+        comparePassword: (...args: unknown[]) => unknown;
+    };
+    tenantId?: string | undefined;
+    options?: {
+        requireEmailUniqueness?: boolean | undefined;
+        allowSelfPasswordChange?: boolean | undefined;
+        rateLimiter?: {
+            windowMs?: number | undefined;
+            maxAttempts?: number | undefined;
+        } | undefined;
+    } | undefined;
+    redis?: {
+        connection?: unknown;
+        keyPrefix?: string | undefined;
+    } | undefined;
+    logger?: {
+        info: (...args: unknown[]) => unknown;
+        warn: (...args: unknown[]) => unknown;
+        error: (...args: unknown[]) => unknown;
+    } | undefined;
+    hooks?: {
+        onStaffCreated?: ((...args: unknown[]) => unknown) | undefined;
+        onLogin?: ((...args: unknown[]) => unknown) | undefined;
+        onLoginFailed?: ((...args: unknown[]) => unknown) | undefined;
+        onPermissionsChanged?: ((...args: unknown[]) => unknown) | undefined;
+        onStatusChanged?: ((...args: unknown[]) => unknown) | undefined;
+        onMetric?: ((...args: unknown[]) => unknown) | undefined;
+    } | undefined;
+}, {
+    db: {
+        connection?: unknown;
+        collectionPrefix?: string | undefined;
+    };
+    auth: {
+        jwtSecret: string;
+        staffTokenExpiry?: string | undefined;
+        ownerTokenExpiry?: string | undefined;
+        permissionCacheTtlMs?: number | undefined;
+    };
+    adapters: {
+        hashPassword: (...args: unknown[]) => unknown;
+        comparePassword: (...args: unknown[]) => unknown;
+    };
+    tenantId?: string | undefined;
+    options?: {
+        requireEmailUniqueness?: boolean | undefined;
+        allowSelfPasswordChange?: boolean | undefined;
+        rateLimiter?: {
+            windowMs?: number | undefined;
+            maxAttempts?: number | undefined;
+        } | undefined;
+    } | undefined;
+    redis?: {
+        connection?: unknown;
+        keyPrefix?: string | undefined;
+    } | undefined;
+    logger?: {
+        info: (...args: unknown[]) => unknown;
+        warn: (...args: unknown[]) => unknown;
+        error: (...args: unknown[]) => unknown;
+    } | undefined;
+    hooks?: {
+        onStaffCreated?: ((...args: unknown[]) => unknown) | undefined;
+        onLogin?: ((...args: unknown[]) => unknown) | undefined;
+        onLoginFailed?: ((...args: unknown[]) => unknown) | undefined;
+        onPermissionsChanged?: ((...args: unknown[]) => unknown) | undefined;
+        onStatusChanged?: ((...args: unknown[]) => unknown) | undefined;
+        onMetric?: ((...args: unknown[]) => unknown) | undefined;
+    } | undefined;
+}>;
 declare function handleStaffError(res: Response, error: unknown, logger: LogAdapter): void;
 interface RouteServices {
     staff: StaffService;
+    auth: AuthService;
     permissions: PermissionService;
 }
 declare function createRoutes(services: RouteServices, auth: AuthMiddleware, logger: LogAdapter, allowSelfPasswordChange: boolean): Router;
@@ -250,6 +466,7 @@ interface StaffEngine {
     routes: Router;
     auth: AuthMiddleware;
     staff: StaffService;
+    authService: AuthService;
     permissions: PermissionService;
     models: {
         Staff: Model<IStaffDocument>;
@@ -259,4 +476,4 @@ interface StaffEngine {
 }
 declare function createStaffEngine(config: StaffEngineConfig): StaffEngine;
-export { AlxStaffError, type AuthMiddleware, type AuthenticatedRequest, AuthenticationError, AuthorizationError, DEFAULTS, DEFAULT_AUTH, DuplicateError, ERROR_CODE, ERROR_MESSAGE, type ErrorCode, GroupNotFoundError, type IPermissionGroupDocument, type IStaffDocument, InvalidConfigError, InvalidPermissionError, LastOwnerError, PermissionCacheService, PermissionService, RateLimitError, RateLimiterService, SetupError, type StaffEngine, StaffNotFoundError, StaffService, type StaffUser, TokenError, createAuthMiddleware, createPermissionGroupModel, createRoutes, createStaffEngine, createStaffModel, handleStaffError, validatePermissionPairs };
+export { AlxStaffError, type AuthMiddleware, AuthService, type AuthenticatedRequest, AuthenticationError, AuthorizationError, DEFAULTS, DEFAULT_AUTH, DuplicateError, ERROR_CODE, ERROR_MESSAGE, type ErrorCode, GroupNotFoundError, type IPermissionGroupDocument, type IStaffDocument, InvalidConfigError, InvalidPermissionError, LastOwnerError, PermissionCacheService, PermissionService, RateLimitError, RateLimiterService, SetupError, type StaffEngine, StaffEngineConfigSchema, StaffNotFoundError, StaffService, type StaffUser, TokenError, createAuthMiddleware, createPermissionGroupModel, createRoutes, createStaffEngine, createStaffModel, handleStaffError, validatePermissionPairs };

package/dist/index.d.ts CHANGED Viewed

@@ -4,6 +4,7 @@ import { IStaff, IPermissionGroup, LogAdapter, IPermissionGroupCreateInput, IPer
 export { DEFAULT_OPTIONS, ResolvedOptions, StaffEngineConfig } from '@astralibx/staff-types';
 import { AlxError } from '@astralibx/core';
 export { sendSuccess } from '@astralibx/core';
+import { z } from 'zod';
 interface IStaffDocument extends Omit<IStaff, '_id'>, Document {
     _id: Types.ObjectId;
@@ -46,6 +47,35 @@ declare class PermissionService {
     getAllPermissionKeys(): Promise<string[]>;
 }
+interface StaffServiceDeps {
+    Staff: Model<IStaffDocument>;
+    PermissionGroup: Model<IPermissionGroupDocument>;
+    adapters: StaffAdapters;
+    hooks: StaffHooks;
+    permissionCache: PermissionCacheService;
+    logger: LogAdapter;
+    tenantId?: string;
+    requireEmailUniqueness: boolean;
+}
+declare class StaffService {
+    private Staff;
+    private PermissionGroup;
+    private adapters;
+    private hooks;
+    private permissionCache;
+    private logger;
+    private tenantId?;
+    private requireEmailUniqueness;
+    constructor(deps: StaffServiceDeps);
+    private get tenantFilter();
+    create(data: IStaffCreateInput): Promise<IStaffDocument>;
+    list(filters?: IStaffListFilters): Promise<IPaginatedResult<IStaffDocument>>;
+    getById(staffId: string): Promise<IStaffDocument>;
+    update(staffId: string, data: IStaffUpdateInput): Promise<IStaffDocument>;
+    updatePermissions(staffId: string, permissions: string[]): Promise<IStaffDocument>;
+    updateStatus(staffId: string, status: string): Promise<IStaffDocument>;
+}
 declare class RateLimiterService {
     private windowMs;
     private maxAttempts;
@@ -67,38 +97,32 @@ declare class RateLimiterService {
     private recordAttemptRedis;
 }
-interface StaffServiceDeps {
+interface AuthServiceDeps {
     Staff: Model<IStaffDocument>;
-    PermissionGroup: Model<IPermissionGroupDocument>;
     adapters: StaffAdapters;
     hooks: StaffHooks;
-    permissionCache: PermissionCacheService;
     rateLimiter: RateLimiterService;
     logger: LogAdapter;
     tenantId?: string;
     jwtSecret: string;
     staffTokenExpiry: string;
     ownerTokenExpiry: string;
-    requireEmailUniqueness: boolean;
     allowSelfPasswordChange: boolean;
 }
-declare class StaffService {
+declare class AuthService {
     private Staff;
-    private PermissionGroup;
     private adapters;
     private hooks;
-    private permissionCache;
     private rateLimiter;
     private logger;
     private tenantId?;
     private jwtSecret;
     private staffTokenExpiry;
     private ownerTokenExpiry;
-    private requireEmailUniqueness;
     private allowSelfPasswordChange;
-    constructor(deps: StaffServiceDeps);
+    constructor(deps: AuthServiceDeps);
     private get tenantFilter();
-    private generateToken;
+    generateToken(staffId: string, role: string): string;
     setupOwner(data: {
         name: string;
         email: string;
@@ -111,18 +135,14 @@ declare class StaffService {
         staff: IStaffDocument;
         token: string;
     }>;
-    create(data: IStaffCreateInput): Promise<IStaffDocument>;
-    list(filters?: IStaffListFilters): Promise<IPaginatedResult<IStaffDocument>>;
-    getById(staffId: string): Promise<IStaffDocument>;
-    update(staffId: string, data: IStaffUpdateInput): Promise<IStaffDocument>;
-    updatePermissions(staffId: string, permissions: string[]): Promise<IStaffDocument>;
-    updateStatus(staffId: string, status: string): Promise<IStaffDocument>;
     resetPassword(staffId: string, newPassword: string): Promise<void>;
     changeOwnPassword(staffId: string, oldPassword: string, newPassword: string): Promise<void>;
 }
 interface StaffUser {
     staffId: string;
+    name: string;
+    email: string;
     role: string;
     permissions: string[];
 }
@@ -238,10 +258,206 @@ declare class InvalidConfigError extends AlxStaffError {
  */
 declare function validatePermissionPairs(permissions: string[], allGroups: IPermissionGroupDocument[]): void;
+declare const StaffEngineConfigSchema: z.ZodObject<{
+    db: z.ZodObject<{
+        connection: z.ZodEffects<z.ZodUnknown, {}, unknown>;
+        collectionPrefix: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        connection: {};
+        collectionPrefix?: string | undefined;
+    }, {
+        connection?: unknown;
+        collectionPrefix?: string | undefined;
+    }>;
+    redis: z.ZodOptional<z.ZodObject<{
+        connection: z.ZodUnknown;
+        keyPrefix: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        connection?: unknown;
+        keyPrefix?: string | undefined;
+    }, {
+        connection?: unknown;
+        keyPrefix?: string | undefined;
+    }>>;
+    logger: z.ZodOptional<z.ZodObject<{
+        info: z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>;
+        warn: z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>;
+        error: z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>;
+    }, "strip", z.ZodTypeAny, {
+        info: (...args: unknown[]) => unknown;
+        warn: (...args: unknown[]) => unknown;
+        error: (...args: unknown[]) => unknown;
+    }, {
+        info: (...args: unknown[]) => unknown;
+        warn: (...args: unknown[]) => unknown;
+        error: (...args: unknown[]) => unknown;
+    }>>;
+    tenantId: z.ZodOptional<z.ZodString>;
+    auth: z.ZodObject<{
+        jwtSecret: z.ZodString;
+        staffTokenExpiry: z.ZodOptional<z.ZodString>;
+        ownerTokenExpiry: z.ZodOptional<z.ZodString>;
+        permissionCacheTtlMs: z.ZodOptional<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        jwtSecret: string;
+        staffTokenExpiry?: string | undefined;
+        ownerTokenExpiry?: string | undefined;
+        permissionCacheTtlMs?: number | undefined;
+    }, {
+        jwtSecret: string;
+        staffTokenExpiry?: string | undefined;
+        ownerTokenExpiry?: string | undefined;
+        permissionCacheTtlMs?: number | undefined;
+    }>;
+    adapters: z.ZodObject<{
+        hashPassword: z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>;
+        comparePassword: z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>;
+    }, "strip", z.ZodTypeAny, {
+        hashPassword: (...args: unknown[]) => unknown;
+        comparePassword: (...args: unknown[]) => unknown;
+    }, {
+        hashPassword: (...args: unknown[]) => unknown;
+        comparePassword: (...args: unknown[]) => unknown;
+    }>;
+    hooks: z.ZodOptional<z.ZodObject<{
+        onStaffCreated: z.ZodOptional<z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>>;
+        onLogin: z.ZodOptional<z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>>;
+        onLoginFailed: z.ZodOptional<z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>>;
+        onPermissionsChanged: z.ZodOptional<z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>>;
+        onStatusChanged: z.ZodOptional<z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>>;
+        onMetric: z.ZodOptional<z.ZodFunction<z.ZodTuple<[], z.ZodUnknown>, z.ZodUnknown>>;
+    }, "strip", z.ZodTypeAny, {
+        onStaffCreated?: ((...args: unknown[]) => unknown) | undefined;
+        onLogin?: ((...args: unknown[]) => unknown) | undefined;
+        onLoginFailed?: ((...args: unknown[]) => unknown) | undefined;
+        onPermissionsChanged?: ((...args: unknown[]) => unknown) | undefined;
+        onStatusChanged?: ((...args: unknown[]) => unknown) | undefined;
+        onMetric?: ((...args: unknown[]) => unknown) | undefined;
+    }, {
+        onStaffCreated?: ((...args: unknown[]) => unknown) | undefined;
+        onLogin?: ((...args: unknown[]) => unknown) | undefined;
+        onLoginFailed?: ((...args: unknown[]) => unknown) | undefined;
+        onPermissionsChanged?: ((...args: unknown[]) => unknown) | undefined;
+        onStatusChanged?: ((...args: unknown[]) => unknown) | undefined;
+        onMetric?: ((...args: unknown[]) => unknown) | undefined;
+    }>>;
+    options: z.ZodOptional<z.ZodObject<{
+        requireEmailUniqueness: z.ZodOptional<z.ZodBoolean>;
+        allowSelfPasswordChange: z.ZodOptional<z.ZodBoolean>;
+        rateLimiter: z.ZodOptional<z.ZodObject<{
+            windowMs: z.ZodOptional<z.ZodNumber>;
+            maxAttempts: z.ZodOptional<z.ZodNumber>;
+        }, "strip", z.ZodTypeAny, {
+            windowMs?: number | undefined;
+            maxAttempts?: number | undefined;
+        }, {
+            windowMs?: number | undefined;
+            maxAttempts?: number | undefined;
+        }>>;
+    }, "strip", z.ZodTypeAny, {
+        requireEmailUniqueness?: boolean | undefined;
+        allowSelfPasswordChange?: boolean | undefined;
+        rateLimiter?: {
+            windowMs?: number | undefined;
+            maxAttempts?: number | undefined;
+        } | undefined;
+    }, {
+        requireEmailUniqueness?: boolean | undefined;
+        allowSelfPasswordChange?: boolean | undefined;
+        rateLimiter?: {
+            windowMs?: number | undefined;
+            maxAttempts?: number | undefined;
+        } | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    db: {
+        connection: {};
+        collectionPrefix?: string | undefined;
+    };
+    auth: {
+        jwtSecret: string;
+        staffTokenExpiry?: string | undefined;
+        ownerTokenExpiry?: string | undefined;
+        permissionCacheTtlMs?: number | undefined;
+    };
+    adapters: {
+        hashPassword: (...args: unknown[]) => unknown;
+        comparePassword: (...args: unknown[]) => unknown;
+    };
+    tenantId?: string | undefined;
+    options?: {
+        requireEmailUniqueness?: boolean | undefined;
+        allowSelfPasswordChange?: boolean | undefined;
+        rateLimiter?: {
+            windowMs?: number | undefined;
+            maxAttempts?: number | undefined;
+        } | undefined;
+    } | undefined;
+    redis?: {
+        connection?: unknown;
+        keyPrefix?: string | undefined;
+    } | undefined;
+    logger?: {
+        info: (...args: unknown[]) => unknown;
+        warn: (...args: unknown[]) => unknown;
+        error: (...args: unknown[]) => unknown;
+    } | undefined;
+    hooks?: {
+        onStaffCreated?: ((...args: unknown[]) => unknown) | undefined;
+        onLogin?: ((...args: unknown[]) => unknown) | undefined;
+        onLoginFailed?: ((...args: unknown[]) => unknown) | undefined;
+        onPermissionsChanged?: ((...args: unknown[]) => unknown) | undefined;
+        onStatusChanged?: ((...args: unknown[]) => unknown) | undefined;
+        onMetric?: ((...args: unknown[]) => unknown) | undefined;
+    } | undefined;
+}, {
+    db: {
+        connection?: unknown;
+        collectionPrefix?: string | undefined;
+    };
+    auth: {
+        jwtSecret: string;
+        staffTokenExpiry?: string | undefined;
+        ownerTokenExpiry?: string | undefined;
+        permissionCacheTtlMs?: number | undefined;
+    };
+    adapters: {
+        hashPassword: (...args: unknown[]) => unknown;
+        comparePassword: (...args: unknown[]) => unknown;
+    };
+    tenantId?: string | undefined;
+    options?: {
+        requireEmailUniqueness?: boolean | undefined;
+        allowSelfPasswordChange?: boolean | undefined;
+        rateLimiter?: {
+            windowMs?: number | undefined;
+            maxAttempts?: number | undefined;
+        } | undefined;
+    } | undefined;
+    redis?: {
+        connection?: unknown;
+        keyPrefix?: string | undefined;
+    } | undefined;
+    logger?: {
+        info: (...args: unknown[]) => unknown;
+        warn: (...args: unknown[]) => unknown;
+        error: (...args: unknown[]) => unknown;
+    } | undefined;
+    hooks?: {
+        onStaffCreated?: ((...args: unknown[]) => unknown) | undefined;
+        onLogin?: ((...args: unknown[]) => unknown) | undefined;
+        onLoginFailed?: ((...args: unknown[]) => unknown) | undefined;
+        onPermissionsChanged?: ((...args: unknown[]) => unknown) | undefined;
+        onStatusChanged?: ((...args: unknown[]) => unknown) | undefined;
+        onMetric?: ((...args: unknown[]) => unknown) | undefined;
+    } | undefined;
+}>;
 declare function handleStaffError(res: Response, error: unknown, logger: LogAdapter): void;
 interface RouteServices {
     staff: StaffService;
+    auth: AuthService;
     permissions: PermissionService;
 }
 declare function createRoutes(services: RouteServices, auth: AuthMiddleware, logger: LogAdapter, allowSelfPasswordChange: boolean): Router;
@@ -250,6 +466,7 @@ interface StaffEngine {
     routes: Router;
     auth: AuthMiddleware;
     staff: StaffService;
+    authService: AuthService;
     permissions: PermissionService;
     models: {
         Staff: Model<IStaffDocument>;
@@ -259,4 +476,4 @@ interface StaffEngine {
 }
 declare function createStaffEngine(config: StaffEngineConfig): StaffEngine;
-export { AlxStaffError, type AuthMiddleware, type AuthenticatedRequest, AuthenticationError, AuthorizationError, DEFAULTS, DEFAULT_AUTH, DuplicateError, ERROR_CODE, ERROR_MESSAGE, type ErrorCode, GroupNotFoundError, type IPermissionGroupDocument, type IStaffDocument, InvalidConfigError, InvalidPermissionError, LastOwnerError, PermissionCacheService, PermissionService, RateLimitError, RateLimiterService, SetupError, type StaffEngine, StaffNotFoundError, StaffService, type StaffUser, TokenError, createAuthMiddleware, createPermissionGroupModel, createRoutes, createStaffEngine, createStaffModel, handleStaffError, validatePermissionPairs };
+export { AlxStaffError, type AuthMiddleware, AuthService, type AuthenticatedRequest, AuthenticationError, AuthorizationError, DEFAULTS, DEFAULT_AUTH, DuplicateError, ERROR_CODE, ERROR_MESSAGE, type ErrorCode, GroupNotFoundError, type IPermissionGroupDocument, type IStaffDocument, InvalidConfigError, InvalidPermissionError, LastOwnerError, PermissionCacheService, PermissionService, RateLimitError, RateLimiterService, SetupError, type StaffEngine, StaffEngineConfigSchema, StaffNotFoundError, StaffService, type StaffUser, TokenError, createAuthMiddleware, createPermissionGroupModel, createRoutes, createStaffEngine, createStaffModel, handleStaffError, validatePermissionPairs };