@authn-sh/sdk-node 0.4.0-alpha.2 → 0.5.0-alpha.9

package/dist/index.d.cts

@@ -1,17 +1,5 @@
 export { AuthnApiError, AuthnConfigError, AuthnHttpError, AuthnTokenInvalidError, AuthnWebhookSignatureInvalidError } from './errors.cjs';
 
-/**
- * Pagination + ordering parameters shared by every `list*` BAPI call.
- * Resource-specific filter params extend this with their own fields.
- */
-declare class ListParams {
-    limit?: number | undefined;
-    offset?: number | undefined;
-    orderBy?: string | undefined;
-    constructor(limit?: number | undefined, offset?: number | undefined, orderBy?: string | undefined);
-    toQuery(): Record<string, unknown>;
-}
-
 interface TransportOptions {
     /** API base URL — typically `https://api.authn.sh/v1`. Trailing `/v1` is required. */
     apiUrl: string;
@@ -69,6 +57,71 @@ declare abstract class Manager {
     constructor(transport: Transport);
 }
 
+interface AppearanceVariables {
+    colorPrimary?: string;
+    colorBackground?: string;
+    colorText?: string;
+    colorTextOnPrimary?: string;
+    colorInputBackground?: string;
+    colorInputText?: string;
+    colorDanger?: string;
+    colorSuccess?: string;
+    colorWarning?: string;
+    colorNeutral?: string;
+    fontFamily?: string;
+    fontFamilyButtons?: string;
+    fontSize?: string;
+    borderRadius?: string;
+    spacingUnit?: string;
+    [key: string]: string | undefined;
+}
+interface AppearanceLayout {
+    logoImageUrl?: string | null;
+    logoLinkUrl?: string | null;
+    socialButtonsPlacement?: 'top' | 'bottom';
+    socialButtonsVariant?: 'blockButton' | 'iconButton';
+    showOptionalFields?: boolean;
+    privacyPageUrl?: string | null;
+    termsPageUrl?: string | null;
+    helpPageUrl?: string | null;
+    animations?: boolean;
+}
+interface Appearance {
+    variables?: AppearanceVariables;
+    elements?: Record<string, string>;
+    layout?: AppearanceLayout;
+}
+/**
+ * BAPI surface for the env-scoped `appearance` blob.
+ * Mirrors sdk-php's `AppearanceManager`:
+ *
+ *   - `GET /v1/instance/appearance` — fetch the current blob.
+ *   - `PUT /v1/instance/appearance` — replace wholesale.
+ *   - `PATCH /v1/instance/appearance` — sparse merge.
+ *
+ * The SDK transmits camelCase keys; the server's snake/camel boundary
+ * is handled by the BAPI itself (the appearance schema is intentionally
+ * camelCase per OA-4).
+ */
+declare class AppearanceManager extends Manager {
+    get(): Promise<Appearance>;
+    put(blob: Appearance, idempotencyKey?: string): Promise<Appearance>;
+    patch(partial: Partial<Appearance>, idempotencyKey?: string): Promise<Appearance>;
+}
+declare function hydrateAppearance(raw: unknown): Appearance;
+
+/**
+ * Pagination + ordering parameters shared by every `list*` BAPI call.
+ * Resource-specific filter params extend this with their own fields.
+ */
+declare class ListParams {
+    limit?: number | undefined;
+    offset?: number | undefined;
+    orderBy?: string | undefined;
+    constructor(limit?: number | undefined, offset?: number | undefined, orderBy?: string | undefined);
+    toQuery(): Record<string, unknown>;
+}
+
 /**
  * Generic paginated-list envelope returned by every `list*` BAPI endpoint.
  */
@@ -180,6 +233,39 @@ declare class BlocklistIdentifiersManager extends Manager {
 declare function hydrateAllowlistIdentifier(raw: unknown): AllowlistIdentifier;
 declare function hydrateBlocklistIdentifier(raw: unknown): BlocklistIdentifier;
 
+interface Localization {
+    default_locale: string;
+    fallback_locale: string;
+    supported_locales: string[];
+    /**
+     * Sparse per-locale overrides: `{ [locale]: { [dot.keyed.key]: 'translation' } }`.
+     * The SDK never stores the canonical defaults — those ship with
+     * `@authn-sh/sdk-react`. The server stores overrides only and rejects
+     * unknown canonical keys at save time.
+     */
+    overrides: Record<string, Record<string, string>>;
+}
+/**
+ * BAPI surface for the env-scoped `localization` blob.
+ * Mirrors sdk-php's `LocalizationManager`:
+ *
+ *   - `GET /v1/instance/localization` — fetch the current blob.
+ *   - `PUT /v1/instance/localization` — replace wholesale.
+ *   - `PATCH /v1/instance/localization` — sparse merge per locale; setting a
+ *     leaf key to `null` removes that single override.
+ */
+declare class LocalizationManager extends Manager {
+    get(): Promise<Localization>;
+    put(blob: Localization, idempotencyKey?: string): Promise<Localization>;
+    patch(partial: {
+        default_locale?: string;
+        fallback_locale?: string;
+        supported_locales?: string[];
+        overrides?: Record<string, Record<string, string | null>>;
+    }, idempotencyKey?: string): Promise<Localization>;
+}
+declare function hydrateLocalization(raw: unknown): Localization;
+
 interface OauthProvider {
     id: string;
     object: 'oauth_provider';
@@ -330,6 +416,46 @@ declare function hydrateOrganizationMembership(raw: unknown): OrganizationMember
 declare function hydrateOrganizationInvitation(raw: unknown): OrganizationInvitation;
 declare function hydrateOrganizationDomain(raw: unknown): OrganizationDomain;
 
+type PasskeyTransport = 'usb' | 'nfc' | 'ble' | 'internal' | 'hybrid';
+interface Passkey {
+    id: string;
+    object: 'passkey';
+    userId: string;
+    nickname: string;
+    transports: PasskeyTransport[];
+    aaguid: string | null;
+    verified: boolean;
+    lastUsedAt: number | null;
+    createdAt: number;
+    updatedAt: number;
+    raw: Record<string, unknown>;
+}
+declare class PasskeysListParams extends ListParams {
+    userId?: string | undefined;
+    constructor(userId?: string | undefined, limit?: number, offset?: number, orderBy?: string);
+    toQuery(): Record<string, unknown>;
+}
+/**
+ * BAPI admin surface for passkeys. Mirrors sdk-php's `PasskeysManager`:
+ *
+ *   - `GET /v1/passkeys` — list across the workspace (optionally filtered by `userId`).
+ *   - `GET /v1/passkeys/{id}` — single passkey row.
+ *   - `PATCH /v1/passkeys/{id}` — rename (`nickname` is the only mutable field).
+ *   - `DELETE /v1/passkeys/{id}` — soft-remove.
+ *
+ * FAPI-side enrollment / authentication lives in `@authn-sh/sdk-js`.
+ * `@authn-sh/sdk-node` is admin-only.
+ */
+declare class PasskeysManager extends Manager {
+    list(params?: PasskeysListParams): Promise<PaginatedList<Passkey>>;
+    get(passkeyId: string): Promise<Passkey>;
+    update(passkeyId: string, data: {
+        nickname: string;
+    }, idempotencyKey?: string): Promise<Passkey>;
+    delete(passkeyId: string): Promise<void>;
+}
+declare function hydratePasskey(raw: unknown): Passkey;
+
 interface PhoneNumber {
     id: string;
     object: 'phone_number';
@@ -560,6 +686,9 @@ declare class Authn {
     readonly roles: RolesManager;
     readonly permissions: PermissionsManager;
     readonly instance: InstanceManager;
+    readonly passkeys: PasskeysManager;
+    readonly appearance: AppearanceManager;
+    readonly localization: LocalizationManager;
     constructor(opts: AuthnOptions);
 }
 
@@ -598,12 +727,33 @@ declare class VerifiedClaims {
     readonly firstFactorAgeSeconds: number | null;
     readonly phoneNumberVerified: boolean;
     readonly defaultSecondFactor: 'totp' | 'phone_code' | 'backup_code' | null;
+    /**
+     * `true` when the session was completed via a passkey first-factor
+     * ceremony (AU-15 sets the `pkv` claim on the session JWT).
+     */
+    readonly passkeyVerified: boolean;
+    /**
+     * Number of verified passkeys enrolled on the user at session
+     * creation time (AU-15 sets the `pkc` claim).
+     */
+    readonly passkeyCount: number;
     readonly raw: Record<string, unknown>;
-    constructor(sub: string, sid: string, iss: string, azp: string | null, exp: number, iat: number, nbf: number | null, actor: VerifiedActor | null, organization: VerifiedOrganization | null, wasTest: boolean, twoFactorVerified: boolean, secondFactorAgeSeconds: number | null, firstFactorAgeSeconds: number | null, phoneNumberVerified: boolean, defaultSecondFactor: 'totp' | 'phone_code' | 'backup_code' | null, raw: Record<string, unknown>);
+    constructor(sub: string, sid: string, iss: string, azp: string | null, exp: number, iat: number, nbf: number | null, actor: VerifiedActor | null, organization: VerifiedOrganization | null, wasTest: boolean, twoFactorVerified: boolean, secondFactorAgeSeconds: number | null, firstFactorAgeSeconds: number | null, phoneNumberVerified: boolean, defaultSecondFactor: 'totp' | 'phone_code' | 'backup_code' | null, 
+    /**
+     * `true` when the session was completed via a passkey first-factor
+     * ceremony (AU-15 sets the `pkv` claim on the session JWT).
+     */
+    passkeyVerified: boolean, 
+    /**
+     * Number of verified passkeys enrolled on the user at session
+     * creation time (AU-15 sets the `pkc` claim).
+     */
+    passkeyCount: number, raw: Record<string, unknown>);
     hasRole(roleKey: string): boolean;
     hasPermission(permissionKey: string): boolean;
     hasVerifiedPhoneNumber(): boolean;
     preferredSecondFactor(): VerifiedClaims['defaultSecondFactor'];
+    hasVerifiedPasskey(): boolean;
 }
 /**
  * Build a VerifiedClaims from a JWT claims-bag (post-signature-verify).
@@ -725,4 +875,4 @@ declare class WebhookSignatureVerifier {
     private matchesAny;
 }
 
-export { type AllowlistIdentifier, AllowlistIdentifiersManager, Authn, type AuthnOptions, type BlocklistIdentifier, BlocklistIdentifiersManager, type ExternalAccount, ExternalAccountsListParams, ExternalAccountsManager, InstanceManager, type InstanceSettings, type Invitation, InvitationsListParams, InvitationsManager, ListParams, type OauthProvider, type OauthProviderTestResult, OauthProvidersManager, type Organization, type OrganizationDomain, OrganizationDomainsManager, type OrganizationInvitation, OrganizationInvitationsManager, type OrganizationMembership, OrganizationMembershipsManager, OrganizationsManager, type PaginatedList, type Permission, PermissionsManager, type PhoneNumber, PhoneNumbersListParams, PhoneNumbersManager, type RedirectUrl, RedirectUrlsManager, type RequestOptions, type Role, RolesManager, type Session, SessionsListParams, SessionsManager, type SmsTemplate, type SmsTemplateSlug, SmsTemplatesManager, TokenVerifier, type TokenVerifierOptions, type TotpVerificationResult, Transport, type TransportOptions, type User, UsersListParams, UsersManager, type VerifiedActor, VerifiedClaims, type VerifiedOrganization, type WebhookEvent, WebhookSignatureVerifier, type WebhookSignatureVerifierOptions, buildVerifiedClaims, decodeFrontendApiUrl, hydrateAllowlistIdentifier, hydrateBlocklistIdentifier, hydrateExternalAccount, hydrateInstance, hydrateInvitation, hydrateOauthProvider, hydrateOrganization, hydrateOrganizationDomain, hydrateOrganizationInvitation, hydrateOrganizationMembership, hydratePermission, hydratePhoneNumber, hydrateRedirectUrl, hydrateRole, hydrateSession, hydrateSmsTemplate, hydrateUser };
+export { type AllowlistIdentifier, AllowlistIdentifiersManager, type Appearance, type AppearanceLayout, AppearanceManager, type AppearanceVariables, Authn, type AuthnOptions, type BlocklistIdentifier, BlocklistIdentifiersManager, type ExternalAccount, ExternalAccountsListParams, ExternalAccountsManager, InstanceManager, type InstanceSettings, type Invitation, InvitationsListParams, InvitationsManager, ListParams, type Localization, LocalizationManager, type OauthProvider, type OauthProviderTestResult, OauthProvidersManager, type Organization, type OrganizationDomain, OrganizationDomainsManager, type OrganizationInvitation, OrganizationInvitationsManager, type OrganizationMembership, OrganizationMembershipsManager, OrganizationsManager, type PaginatedList, type Passkey, type PasskeyTransport, PasskeysListParams, PasskeysManager, type Permission, PermissionsManager, type PhoneNumber, PhoneNumbersListParams, PhoneNumbersManager, type RedirectUrl, RedirectUrlsManager, type RequestOptions, type Role, RolesManager, type Session, SessionsListParams, SessionsManager, type SmsTemplate, type SmsTemplateSlug, SmsTemplatesManager, TokenVerifier, type TokenVerifierOptions, type TotpVerificationResult, Transport, type TransportOptions, type User, UsersListParams, UsersManager, type VerifiedActor, VerifiedClaims, type VerifiedOrganization, type WebhookEvent, WebhookSignatureVerifier, type WebhookSignatureVerifierOptions, buildVerifiedClaims, decodeFrontendApiUrl, hydrateAllowlistIdentifier, hydrateAppearance, hydrateBlocklistIdentifier, hydrateExternalAccount, hydrateInstance, hydrateInvitation, hydrateLocalization, hydrateOauthProvider, hydrateOrganization, hydrateOrganizationDomain, hydrateOrganizationInvitation, hydrateOrganizationMembership, hydratePasskey, hydratePermission, hydratePhoneNumber, hydrateRedirectUrl, hydrateRole, hydrateSession, hydrateSmsTemplate, hydrateUser };

package/dist/index.d.ts

@@ -1,17 +1,5 @@
 export { AuthnApiError, AuthnConfigError, AuthnHttpError, AuthnTokenInvalidError, AuthnWebhookSignatureInvalidError } from './errors.js';
 
-/**
- * Pagination + ordering parameters shared by every `list*` BAPI call.
- * Resource-specific filter params extend this with their own fields.
- */
-declare class ListParams {
-    limit?: number | undefined;
-    offset?: number | undefined;
-    orderBy?: string | undefined;
-    constructor(limit?: number | undefined, offset?: number | undefined, orderBy?: string | undefined);
-    toQuery(): Record<string, unknown>;
-}
-
 interface TransportOptions {
     /** API base URL — typically `https://api.authn.sh/v1`. Trailing `/v1` is required. */
     apiUrl: string;
@@ -69,6 +57,71 @@ declare abstract class Manager {
     constructor(transport: Transport);
 }
 
+interface AppearanceVariables {
+    colorPrimary?: string;
+    colorBackground?: string;
+    colorText?: string;
+    colorTextOnPrimary?: string;
+    colorInputBackground?: string;
+    colorInputText?: string;
+    colorDanger?: string;
+    colorSuccess?: string;
+    colorWarning?: string;
+    colorNeutral?: string;
+    fontFamily?: string;
+    fontFamilyButtons?: string;
+    fontSize?: string;
+    borderRadius?: string;
+    spacingUnit?: string;
+    [key: string]: string | undefined;
+}
+interface AppearanceLayout {
+    logoImageUrl?: string | null;
+    logoLinkUrl?: string | null;
+    socialButtonsPlacement?: 'top' | 'bottom';
+    socialButtonsVariant?: 'blockButton' | 'iconButton';
+    showOptionalFields?: boolean;
+    privacyPageUrl?: string | null;
+    termsPageUrl?: string | null;
+    helpPageUrl?: string | null;
+    animations?: boolean;
+}
+interface Appearance {
+    variables?: AppearanceVariables;
+    elements?: Record<string, string>;
+    layout?: AppearanceLayout;
+}
+/**
+ * BAPI surface for the env-scoped `appearance` blob.
+ * Mirrors sdk-php's `AppearanceManager`:
+ *
+ *   - `GET /v1/instance/appearance` — fetch the current blob.
+ *   - `PUT /v1/instance/appearance` — replace wholesale.
+ *   - `PATCH /v1/instance/appearance` — sparse merge.
+ *
+ * The SDK transmits camelCase keys; the server's snake/camel boundary
+ * is handled by the BAPI itself (the appearance schema is intentionally
+ * camelCase per OA-4).
+ */
+declare class AppearanceManager extends Manager {
+    get(): Promise<Appearance>;
+    put(blob: Appearance, idempotencyKey?: string): Promise<Appearance>;
+    patch(partial: Partial<Appearance>, idempotencyKey?: string): Promise<Appearance>;
+}
+declare function hydrateAppearance(raw: unknown): Appearance;
+
+/**
+ * Pagination + ordering parameters shared by every `list*` BAPI call.
+ * Resource-specific filter params extend this with their own fields.
+ */
+declare class ListParams {
+    limit?: number | undefined;
+    offset?: number | undefined;
+    orderBy?: string | undefined;
+    constructor(limit?: number | undefined, offset?: number | undefined, orderBy?: string | undefined);
+    toQuery(): Record<string, unknown>;
+}
+
 /**
  * Generic paginated-list envelope returned by every `list*` BAPI endpoint.
  */
@@ -180,6 +233,39 @@ declare class BlocklistIdentifiersManager extends Manager {
 declare function hydrateAllowlistIdentifier(raw: unknown): AllowlistIdentifier;
 declare function hydrateBlocklistIdentifier(raw: unknown): BlocklistIdentifier;
 
+interface Localization {
+    default_locale: string;
+    fallback_locale: string;
+    supported_locales: string[];
+    /**
+     * Sparse per-locale overrides: `{ [locale]: { [dot.keyed.key]: 'translation' } }`.
+     * The SDK never stores the canonical defaults — those ship with
+     * `@authn-sh/sdk-react`. The server stores overrides only and rejects
+     * unknown canonical keys at save time.
+     */
+    overrides: Record<string, Record<string, string>>;
+}
+/**
+ * BAPI surface for the env-scoped `localization` blob.
+ * Mirrors sdk-php's `LocalizationManager`:
+ *
+ *   - `GET /v1/instance/localization` — fetch the current blob.
+ *   - `PUT /v1/instance/localization` — replace wholesale.
+ *   - `PATCH /v1/instance/localization` — sparse merge per locale; setting a
+ *     leaf key to `null` removes that single override.
+ */
+declare class LocalizationManager extends Manager {
+    get(): Promise<Localization>;
+    put(blob: Localization, idempotencyKey?: string): Promise<Localization>;
+    patch(partial: {
+        default_locale?: string;
+        fallback_locale?: string;
+        supported_locales?: string[];
+        overrides?: Record<string, Record<string, string | null>>;
+    }, idempotencyKey?: string): Promise<Localization>;
+}
+declare function hydrateLocalization(raw: unknown): Localization;
+
 interface OauthProvider {
     id: string;
     object: 'oauth_provider';
@@ -330,6 +416,46 @@ declare function hydrateOrganizationMembership(raw: unknown): OrganizationMember
 declare function hydrateOrganizationInvitation(raw: unknown): OrganizationInvitation;
 declare function hydrateOrganizationDomain(raw: unknown): OrganizationDomain;
 
+type PasskeyTransport = 'usb' | 'nfc' | 'ble' | 'internal' | 'hybrid';
+interface Passkey {
+    id: string;
+    object: 'passkey';
+    userId: string;
+    nickname: string;
+    transports: PasskeyTransport[];
+    aaguid: string | null;
+    verified: boolean;
+    lastUsedAt: number | null;
+    createdAt: number;
+    updatedAt: number;
+    raw: Record<string, unknown>;
+}
+declare class PasskeysListParams extends ListParams {
+    userId?: string | undefined;
+    constructor(userId?: string | undefined, limit?: number, offset?: number, orderBy?: string);
+    toQuery(): Record<string, unknown>;
+}
+/**
+ * BAPI admin surface for passkeys. Mirrors sdk-php's `PasskeysManager`:
+ *
+ *   - `GET /v1/passkeys` — list across the workspace (optionally filtered by `userId`).
+ *   - `GET /v1/passkeys/{id}` — single passkey row.
+ *   - `PATCH /v1/passkeys/{id}` — rename (`nickname` is the only mutable field).
+ *   - `DELETE /v1/passkeys/{id}` — soft-remove.
+ *
+ * FAPI-side enrollment / authentication lives in `@authn-sh/sdk-js`.
+ * `@authn-sh/sdk-node` is admin-only.
+ */
+declare class PasskeysManager extends Manager {
+    list(params?: PasskeysListParams): Promise<PaginatedList<Passkey>>;
+    get(passkeyId: string): Promise<Passkey>;
+    update(passkeyId: string, data: {
+        nickname: string;
+    }, idempotencyKey?: string): Promise<Passkey>;
+    delete(passkeyId: string): Promise<void>;
+}
+declare function hydratePasskey(raw: unknown): Passkey;
+
 interface PhoneNumber {
     id: string;
     object: 'phone_number';
@@ -560,6 +686,9 @@ declare class Authn {
     readonly roles: RolesManager;
     readonly permissions: PermissionsManager;
     readonly instance: InstanceManager;
+    readonly passkeys: PasskeysManager;
+    readonly appearance: AppearanceManager;
+    readonly localization: LocalizationManager;
     constructor(opts: AuthnOptions);
 }
 
@@ -598,12 +727,33 @@ declare class VerifiedClaims {
     readonly firstFactorAgeSeconds: number | null;
     readonly phoneNumberVerified: boolean;
     readonly defaultSecondFactor: 'totp' | 'phone_code' | 'backup_code' | null;
+    /**
+     * `true` when the session was completed via a passkey first-factor
+     * ceremony (AU-15 sets the `pkv` claim on the session JWT).
+     */
+    readonly passkeyVerified: boolean;
+    /**
+     * Number of verified passkeys enrolled on the user at session
+     * creation time (AU-15 sets the `pkc` claim).
+     */
+    readonly passkeyCount: number;
     readonly raw: Record<string, unknown>;
-    constructor(sub: string, sid: string, iss: string, azp: string | null, exp: number, iat: number, nbf: number | null, actor: VerifiedActor | null, organization: VerifiedOrganization | null, wasTest: boolean, twoFactorVerified: boolean, secondFactorAgeSeconds: number | null, firstFactorAgeSeconds: number | null, phoneNumberVerified: boolean, defaultSecondFactor: 'totp' | 'phone_code' | 'backup_code' | null, raw: Record<string, unknown>);
+    constructor(sub: string, sid: string, iss: string, azp: string | null, exp: number, iat: number, nbf: number | null, actor: VerifiedActor | null, organization: VerifiedOrganization | null, wasTest: boolean, twoFactorVerified: boolean, secondFactorAgeSeconds: number | null, firstFactorAgeSeconds: number | null, phoneNumberVerified: boolean, defaultSecondFactor: 'totp' | 'phone_code' | 'backup_code' | null, 
+    /**
+     * `true` when the session was completed via a passkey first-factor
+     * ceremony (AU-15 sets the `pkv` claim on the session JWT).
+     */
+    passkeyVerified: boolean, 
+    /**
+     * Number of verified passkeys enrolled on the user at session
+     * creation time (AU-15 sets the `pkc` claim).
+     */
+    passkeyCount: number, raw: Record<string, unknown>);
     hasRole(roleKey: string): boolean;
     hasPermission(permissionKey: string): boolean;
     hasVerifiedPhoneNumber(): boolean;
     preferredSecondFactor(): VerifiedClaims['defaultSecondFactor'];
+    hasVerifiedPasskey(): boolean;
 }
 /**
  * Build a VerifiedClaims from a JWT claims-bag (post-signature-verify).
@@ -725,4 +875,4 @@ declare class WebhookSignatureVerifier {
     private matchesAny;
 }
 
-export { type AllowlistIdentifier, AllowlistIdentifiersManager, Authn, type AuthnOptions, type BlocklistIdentifier, BlocklistIdentifiersManager, type ExternalAccount, ExternalAccountsListParams, ExternalAccountsManager, InstanceManager, type InstanceSettings, type Invitation, InvitationsListParams, InvitationsManager, ListParams, type OauthProvider, type OauthProviderTestResult, OauthProvidersManager, type Organization, type OrganizationDomain, OrganizationDomainsManager, type OrganizationInvitation, OrganizationInvitationsManager, type OrganizationMembership, OrganizationMembershipsManager, OrganizationsManager, type PaginatedList, type Permission, PermissionsManager, type PhoneNumber, PhoneNumbersListParams, PhoneNumbersManager, type RedirectUrl, RedirectUrlsManager, type RequestOptions, type Role, RolesManager, type Session, SessionsListParams, SessionsManager, type SmsTemplate, type SmsTemplateSlug, SmsTemplatesManager, TokenVerifier, type TokenVerifierOptions, type TotpVerificationResult, Transport, type TransportOptions, type User, UsersListParams, UsersManager, type VerifiedActor, VerifiedClaims, type VerifiedOrganization, type WebhookEvent, WebhookSignatureVerifier, type WebhookSignatureVerifierOptions, buildVerifiedClaims, decodeFrontendApiUrl, hydrateAllowlistIdentifier, hydrateBlocklistIdentifier, hydrateExternalAccount, hydrateInstance, hydrateInvitation, hydrateOauthProvider, hydrateOrganization, hydrateOrganizationDomain, hydrateOrganizationInvitation, hydrateOrganizationMembership, hydratePermission, hydratePhoneNumber, hydrateRedirectUrl, hydrateRole, hydrateSession, hydrateSmsTemplate, hydrateUser };
+export { type AllowlistIdentifier, AllowlistIdentifiersManager, type Appearance, type AppearanceLayout, AppearanceManager, type AppearanceVariables, Authn, type AuthnOptions, type BlocklistIdentifier, BlocklistIdentifiersManager, type ExternalAccount, ExternalAccountsListParams, ExternalAccountsManager, InstanceManager, type InstanceSettings, type Invitation, InvitationsListParams, InvitationsManager, ListParams, type Localization, LocalizationManager, type OauthProvider, type OauthProviderTestResult, OauthProvidersManager, type Organization, type OrganizationDomain, OrganizationDomainsManager, type OrganizationInvitation, OrganizationInvitationsManager, type OrganizationMembership, OrganizationMembershipsManager, OrganizationsManager, type PaginatedList, type Passkey, type PasskeyTransport, PasskeysListParams, PasskeysManager, type Permission, PermissionsManager, type PhoneNumber, PhoneNumbersListParams, PhoneNumbersManager, type RedirectUrl, RedirectUrlsManager, type RequestOptions, type Role, RolesManager, type Session, SessionsListParams, SessionsManager, type SmsTemplate, type SmsTemplateSlug, SmsTemplatesManager, TokenVerifier, type TokenVerifierOptions, type TotpVerificationResult, Transport, type TransportOptions, type User, UsersListParams, UsersManager, type VerifiedActor, VerifiedClaims, type VerifiedOrganization, type WebhookEvent, WebhookSignatureVerifier, type WebhookSignatureVerifierOptions, buildVerifiedClaims, decodeFrontendApiUrl, hydrateAllowlistIdentifier, hydrateAppearance, hydrateBlocklistIdentifier, hydrateExternalAccount, hydrateInstance, hydrateInvitation, hydrateLocalization, hydrateOauthProvider, hydrateOrganization, hydrateOrganizationDomain, hydrateOrganizationInvitation, hydrateOrganizationMembership, hydratePasskey, hydratePermission, hydratePhoneNumber, hydrateRedirectUrl, hydrateRole, hydrateSession, hydrateSmsTemplate, hydrateUser };