@corbado/observe 0.0.1-next.8 → 0.1.0

package/dist/index.d.ts

@@ -1,74 +1,29 @@
-interface User {
-    id?: string;
-    email?: string;
-    username?: string;
-    name?: string;
-    [key: string]: unknown;
-}
 interface SdkInfo {
     name: string;
     version: string;
 }
 type EventType = "predefined" | "custom" | "error" | "identify";
-type LoginMethodType = "identifier-email" | "passkey" | "passkey-conditional-ui" | "password" | "email-otp" | "email-link" | "phone-otp" | "switch-method" | "reset-flow" | "social-google" | "social-apple" | "social-facebook" | "social-other";
+type AuthMethodType = "identifier-email" | "passkey-login-known-identifier" | "passkey-login-no-identifier" | "passkey-login-cui" | "passkey-enrollment" | "password-login-known-identifier" | "password-login-with-identifier" | "password-enrollment" | "email-otp-login" | "email-otp-enrollment" | "email-link-login" | "email-link-enrollment" | "social-google" | "social-apple" | "social-facebook" | "social-other" | "reset-flow";
+type SubflowType = "passkey-enrollment" | "passkey-login" | "email-otp" | "email-link" | "social-login" | "sms-otp" | "provide-identifier" | "provide-data" | "password-login" | "password-enrollment" | "totp";
+type FlowType = "login" | "signup" | "recovery" | "enrollment";
 type SocialLoginProviderType = "google" | "apple" | "facebook" | "github" | "microsoft" | "other";
 declare enum AuthEventName {
-    LoginVisible = "login_visible",
-    LoginReset = "login_reset",
-    LoginMethodsDecision = "login_method_decision_offered",
-    AuthDecisionVisible = "auth_decision_visible",
+    FlowStarted = "flow_started",
+    FlowDecided = "flow_decided",
+    FlowFinished = "flow_finished",
+    FlowReset = "flow_reset",
+    AuthMethodDecisionStarted = "auth_method_decision_started",
+    AuthMethodDecisionFinished = "auth_method_decision_finished",
+    FlowAutoFinished = "flow_auto_finished",
+    AuthDecisionStarted = "auth_decision_started",
     AuthDecisionFinished = "auth_decision_finished",
-    ProvideIdentifierStarted = "provide_identifier_started",
-    ProvideIdentifierSubmitted = "provide_identifier_submitted",
-    ProvideIdentifierFinished = "provide_identifier_finished",
-    ProvideIdentifierError = "provide_identifier_error",
-    PasswordLoginStartable = "password_login_startable",
-    PasswordLoginStarted = "password_login_started",
-    PasswordLoginSubmitted = "password_login_submitted",
-    PasswordLoginFinished = "password_login_finished",
-    PasswordLoginError = "password_login_error",
-    PasswordLoginForgotPasswordClicked = "password_login_forgot_password_clicked",
-    PasskeyLoginStartable = "passkey_login_startable",
-    PasskeyLoginStarted = "passkey_login_started",
-    PasskeyLoginSubmitted = "passkey_login_submitted",
-    PasskeyLoginFinished = "passkey_login_finished",
-    PasskeyLoginError = "passkey_login_error",
-    CUILoginStartable = "cui_login_startable",
-    CUILoginStarted = "cui_login_started",
-    CUILoginSubmitted = "cui_login_submitted",
-    CUILoginFinished = "cui_login_finished",
-    CUILoginError = "cui_login_error",
-    SocialLoginStarted = "social_login_started",
-    SocialLoginFinished = "social_login_finished",
-    SocialLoginError = "social_login_error",
-    LoginFinish = "login_finish",
-    SignupVisible = "signup_visible",
-    SignupFinish = "signup_finish",
-    SecurityEnrollmentStarted = "security_enrollment_started",
-    SecurityEnrollmentFinished = "security_enrollment_finished",
-    PasskeyEnrollmentStartable = "passkey_enrollment_startable",
-    PasskeyEnrollmentStarted = "passkey_enrollment_started",
-    PasskeyEnrollmentSubmitted = "passkey_enrollment_submitted",
-    PasskeyEnrollmentFinished = "passkey_enrollment_finished",
-    PasskeyEnrollmentSkipped = "passkey_enrollment_skipped",
-    PasskeyEnrollmentError = "passkey_enrollment_error",
-    AccountRecoveryStarted = "account_recovery_started",
-    AccountRecoveryFinished = "account_recovery_finished",
-    EmailLinkStartable = "email_link_startable",
-    EmailLinkSubmitted = "email_link_submitted",
-    EmailLinkFinished = "email_link_finished",
-    EmailLinkError = "email_link_error",
-    EmailOTPStartable = "email_otp_startable",
-    EmailOTPStarted = "email_otp_started",
-    EmailOTPSubmitted = "email_otp_submitted",
-    EmailOTPFinished = "email_otp_finished",
-    EmailOTPError = "email_otp_error",
-    EmailOTPResent = "email_otp_resent",
-    SetPasswordStartable = "set_password_startable",
-    SetPasswordStarted = "set_password_started",
-    SetPasswordSubmitted = "set_password_submitted",
-    SetPasswordFinished = "set_password_finished",
-    SetPasswordError = "set_password_error"
+    SubflowStepStarted = "subflow_step_started",
+    SubflowStepFinished = "subflow_step_finished",
+    SubflowStepError = "subflow_step_error",
+    SubflowTrigger = "subflow_trigger",
+    SubflowError = "subflow_error",
+    SubflowStarted = "subflow_started",
+    SubflowFinished = "subflow_finished"
 }
 interface BaseEvent {
     timestamp: number;
@@ -79,9 +34,6 @@ interface BaseEvent {
     tags?: Record<string, string>;
     deviceInfo?: DeviceInfo;
 }
-type WithSubFlowId<T> = T & {
-    subFlowId?: string;
-};
 type UserReference = {
     userId?: string;
     identifier?: string;
@@ -95,16 +47,38 @@ type NormalizedError = {
     name?: string;
     message: string;
 };
-interface LoginVisible {
-    /**
-     * Where the login form is shown (e.g. `"account"`, `"checkout"`).
-     */
+type FlowStarted = {
+    flowName: FlowType;
     touchpoint?: string;
-    identifierPrefillingExisted?: boolean;
-}
-type IdentifierProvided = UserReference & {
-    availableMethods?: string[];
-    preferredMethod?: string | null;
+};
+type MultiFlowStarted = {
+    flowNames: FlowType[];
+    defaultFlowName?: FlowType;
+    touchpoint?: string;
+};
+type FlowDecided = {
+    flowName: FlowType;
+};
+type FlowFinished = {
+    flowName: FlowType;
+    explicitOutcome?: "skipped" | "invisible";
+} & UserReference;
+type FlowReset = {
+    flowName: FlowType;
+};
+type FlowAutoFinished = {
+    flowName: FlowType;
+    finishedByFlowName: FlowType;
+} & UserReference;
+type AuthMethodDecisionStarted = {
+    decisionName: string;
+    options: (AuthMethodType | (string & {}))[];
+    explicitDecisionValue?: string;
+};
+type AuthMethodDecisionFinished = {
+    decisionName: string;
+    options: (AuthMethodType | (string & {}))[];
+    explicitDecisionValue?: string;
 };
 type ProvideIdentifierStart = {};
 type ProvideIdentifierError = UserReference & {
@@ -114,25 +88,9 @@ type ProvideIdentifierError = UserReference & {
 type ProvideIdentifierFinish = UserReference & {
     identifierPrefillingCreated?: boolean;
 };
-interface PasswordLoginStartable {
-    explicitSpecType?: "pre-identifier" | "post-identifier";
-}
-interface PasswordLoginStarted {
-    explicitSpecType?: "pre-identifier" | "post-identifier";
-}
-type PasswordLoginFinish = {};
-type LoginStepPasswordErrorCode = 'invalid_password' | 'unknown';
-type PasswordLoginError = {
-    errorCode?: LoginStepPasswordErrorCode;
-    error?: any;
-};
 type PasskeyLoginClientError = {
     error: any;
 };
-type PasskeyLoginStart = {
-    explicitSpecType: "passkey-cui" | "passkey-identifier" | "passkey-button";
-    conditional: boolean;
-} & PasskeyLoginStartable;
 type PasskeyLoginStartable = {
     assertionOptions: string;
 };
@@ -140,24 +98,7 @@ type PasskeyLoginSubmitted = {
     assertionResponse: string;
 };
 type PasskeyLoginFinish = UserReference & {};
-type SocialLoginStart = {
-    explicitSpecType: "pre-identifier" | "post-identifier";
-    provider: SocialLoginProviderType;
-};
-type SocialLoginFinish = UserReference & {
-    provider: SocialLoginProviderType;
-};
-type SocialLoginError = UserReference & {
-    errorCode: string;
-};
-type LoginReset = {};
-type LoginFinish = UserReference & {};
-type LoginMethodDecision = {
-    decisionName: string;
-    availableMethods: LoginMethodType[];
-    explicitDecisionValue?: string;
-};
-type AuthDecisionVisible = {
+type AuthDecisionStarted = {
     decisionName: string;
     options: string[];
 };
@@ -166,25 +107,13 @@ type AuthDecisionFinished = {
     options: string[];
     explicitDecisionValue?: string;
 };
-type SignupVisible = {
-    touchpoint?: string;
+type StepOptions = {
+    userReference?: UserReference;
+    explicitTimestamp?: number;
 };
-type SignupFinish = UserReference & {};
-type PasskeyEnrollmentStartable = {};
-type PasskeyEnrollmentStarted = {
-    conditional: boolean;
-    auto: boolean;
-    attestationOptions: string;
-};
-type PasskeyEnrollmentSubmitted = {
-    conditional: boolean;
-    auto: boolean;
-    attestationResponse: string;
-};
-type PasskeyEnrollmentFinished = {};
-type PasskeyEnrollmentError = {
-    errorCode?: string;
-    error?: unknown;
+type SubflowTrigger = {
+    actor: "system" | "user";
+    explicitSpecType?: string;
 };
 interface PredefinedEvent extends BaseEvent {
     type: "predefined";
@@ -229,158 +158,222 @@ type ClientEnvHandleMeta = {
     source: ClientEnvHandleMetaSource;
 };
 type ClientEnvHandleMetaSource = "localstorage" | "cookie" | "native";
-type SecurityEnrollmentStarted = {
-    touchpoint: string;
-} & UserReference;
-type AccountRecoveryStarted = {
-    touchpoint: string;
-};
-type EmailOTPStartable = {};
-type EmailOTPStarted = {};
-type EmailOTPSubmitted = {};
-type EmailOTPFinished = {};
-type EmailOTPError = {
-    errorCode: string;
+
+type StepHelper<TStart = {}, TFinished = {}, TTypedError = never> = {
+    start: (data: TStart, options?: StepOptions) => void;
+    finished: (data: TFinished, options?: StepOptions) => void;
+    error: (error: unknown, options?: StepOptions) => void;
+} & ([TTypedError] extends [never] ? {} : {
+    errorTyped: (error: TTypedError, options?: StepOptions) => void;
+});
+declare abstract class OperationFull {
+    private tracker;
+    private operationName;
+    constructor(tracker: CorbadoTracker, operationName: SubflowType);
+    subflowStart(data: any, options?: StepOptions): void;
+    trigger(data: SubflowTrigger, options?: StepOptions): void;
+    customStep<TStart = {}, TFinished = {}>(stepName: string): StepHelper<TStart, TFinished>;
+    protected subflowStepStarted(stepName: string, data: any, options?: StepOptions): void;
+    protected subflowStepFinished(stepName: string, data: any, options?: StepOptions): void;
+    protected subflowStepError(stepName: string, data: any, options?: StepOptions): void;
+    protected defineStep<TStart = {}, TFinished = {}, TTypedError = never>(stepName: string): StepHelper<TStart, TFinished, TTypedError>;
+}
+
+type PasskeyOperationLoginExplicitSpecType = "passkey-cui" | "passkey-known-identifier" | "passkey-no-identifier";
+type PasskeyLoginGetOptionsStart = {
+    explicitSpecType?: PasskeyOperationLoginExplicitSpecType;
 };
-type EmailOTPResent = {};
-type EmailLinkStartable = {
-    crossEnvironmentTransactionID?: string;
-} & UserReference;
-type EmailLinkSubmitted = {
-    crossEnvironmentTransactionID?: string;
+type PasskeyLoginGetOptionsFinished = {
+    explicitSpecType?: PasskeyOperationLoginExplicitSpecType;
+    assertionOptions: string;
 };
-type EmailLinkFinished = {} & UserReference;
-type EmailLinkError = {
-    errorCode: string;
+type PasskeyLoginCeremonyStart = {
+    explicitSpecType?: PasskeyOperationLoginExplicitSpecType;
+    assertionOptions?: string;
 };
-type SetPasswordStartable = {};
-type SetPasswordStarted = {};
-type SetPasswordSubmitted = {};
-type SetPasswordFinished = {};
-type SetPasswordError = {
-    errorCode: string;
-    origin: "client" | "server";
+type PasskeyLoginCeremonyFinished = {
+    assertionResponse: string;
 };
-
-declare class PasskeyOperationLogin {
-    private tracker;
-    constructor(tracker: CorbadoTracker, data: PasskeyLoginStart, tags?: Record<string, string>, contexts?: Record<string, any>);
-    started(data: PasskeyLoginStart, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    submitted(data: PasskeyLoginSubmitted, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    finished(data: PasskeyLoginFinish, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    clientError(data: PasskeyLoginClientError, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    serverErrorUnknown(error?: any, tags?: Record<string, string>, contexts?: Record<string, any>): void;
+declare class PasskeyLoginOperationFull extends OperationFull {
+    readonly getOptions: StepHelper<PasskeyLoginGetOptionsStart, PasskeyLoginGetOptionsFinished>;
+    readonly ceremony: StepHelper<PasskeyLoginCeremonyStart, PasskeyLoginCeremonyFinished>;
+    readonly postResponse: StepHelper;
+    constructor(tracker: CorbadoTracker);
 }
 
-declare class PasskeyOperationEnrollment {
-    private tracker;
-    constructor(tracker: CorbadoTracker, data: PasskeyEnrollmentStartable, tags?: Record<string, string>, contexts?: Record<string, any>);
-    startable(data: PasskeyEnrollmentStartable, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    started(data: PasskeyEnrollmentStarted, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    submitted(data: PasskeyEnrollmentSubmitted, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    finished(data: PasskeyEnrollmentFinished, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    skipped(data: {}, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    clientError(data: PasskeyEnrollmentError, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    serverErrorUnknown(error?: any, tags?: Record<string, string>, contexts?: Record<string, any>): void;
+type EmailOTPOperationSpecType = "email-otp-login" | "email-otp-enrollment";
+type EmailOTPOperationSendOTPStart = {
+    explicitSpecType?: EmailOTPOperationSpecType;
+};
+type EmailOTPOperationPostResponseStart = {
+    explicitSpecType?: EmailOTPOperationSpecType;
+};
+declare class EmailOtpOperationFull extends OperationFull {
+    readonly send: StepHelper<EmailOTPOperationSendOTPStart>;
+    readonly postResponse: StepHelper<EmailOTPOperationPostResponseStart>;
+    readonly resend: StepHelper;
+    constructor(tracker: CorbadoTracker);
 }
 
-declare class ProvideIdentifierOperation {
-    private tracker;
-    private patternDetector?;
-    constructor(tracker: CorbadoTracker, inputHtmlField?: HTMLInputElement);
-    destroy(): void;
-    identifierStarted(data: ProvideIdentifierStart, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    identifierSubmitted(data: {}, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    identifierFinished(data: ProvideIdentifierFinish, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    identifierError(data: ProvideIdentifierError, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    conditionalUIStartable(data: PasskeyLoginStartable, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    conditionalUISubmitted(data: PasskeyLoginSubmitted, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    conditionalUIFinished(data: PasskeyLoginFinish, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    conditionalUIClientError(data: PasskeyLoginClientError, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    conditionalUIServerErrorConditionalUICredentialDeleted(tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    conditionalUIServerErrorUnknown(error?: any, tags?: Record<string, string>, contexts?: Record<string, any>): void;
+type EmailLinkOperationSpecType = "email-link-login" | "email-link-enrollment";
+type EmailLinkOperationSendStart = {
+    explicitSpecType?: EmailLinkOperationSpecType;
+};
+type EmailLinkOperationPostResponseStart = {
+    explicitSpecType?: EmailLinkOperationSpecType;
+};
+declare class EmailLinkOperationFull extends OperationFull {
+    readonly send: StepHelper<EmailLinkOperationSendStart>;
+    readonly postResponse: StepHelper<EmailLinkOperationPostResponseStart>;
+    readonly resend: StepHelper;
+    constructor(tracker: CorbadoTracker);
 }
 
-declare class PasswordOperationLogin {
-    private tracker;
-    private patternDetector?;
-    constructor(tracker: CorbadoTracker, inputHtmlField?: HTMLInputElement);
-    startable(data: PasswordLoginStartable, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    started(data: PasswordLoginStarted, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    submitted(data: {}, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    finished(data: PasswordLoginFinish, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    error(data: PasswordLoginError, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    /**
-     * Fire when the user clicks on the "Forgot password" link during the password login flow.
-     */
-    forgotPasswordClicked(data: {}, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    destroy(): void;
+type PasskeyOperationEnrollmentExplicitSpecType = "conditional-auto-manual" | "auto-manual" | "manual";
+type PasskeyEnrollmentGetOptionsStart = {
+    explicitSpecType?: PasskeyOperationEnrollmentExplicitSpecType;
+};
+type PasskeyEnrollmentGetOptionsFinished = {
+    explicitSpecType?: PasskeyOperationEnrollmentExplicitSpecType;
+    attestationOptions: string;
+};
+type PasskeyEnrollmentCeremonyStart = {
+    explicitSpecType?: PasskeyOperationEnrollmentExplicitSpecType;
+    attestationOptions?: string;
+    mediation: "conditional" | "optional" | "required";
+};
+type PasskeyEnrollmentCeremonyFinished = {
+    attestationResponse: string;
+};
+declare class PasskeyEnrollmentOperationFull extends OperationFull {
+    readonly getOptions: StepHelper<PasskeyEnrollmentGetOptionsStart, PasskeyEnrollmentGetOptionsFinished>;
+    readonly ceremony: StepHelper<PasskeyEnrollmentCeremonyStart, PasskeyEnrollmentCeremonyFinished>;
+    readonly postResponse: StepHelper;
+    constructor(tracker: CorbadoTracker);
 }
 
-declare class SocialOperationLogin {
-    private tracker;
-    constructor(tracker: CorbadoTracker);
-    started(data: SocialLoginStart, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    finished(data: SocialLoginFinish, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    error(data: SocialLoginError, tags?: Record<string, string>, contexts?: Record<string, any>): void;
+interface Logger {
+    debug(message: string, ...args: unknown[]): void;
+    info(message: string, ...args: unknown[]): void;
+    warn(message: string, ...args: unknown[]): void;
+    error(message: string, ...args: unknown[]): void;
+    critical(message: string, ...args: unknown[]): void;
+}
+interface CreateLoggerOptions {
+    debug: boolean;
 }
+declare function createLogger(options: CreateLoggerOptions): Logger;
 
-declare class EmailOTPOperation {
-    private tracker;
-    constructor(tracker: CorbadoTracker);
-    startable(data?: EmailOTPStartable, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    started(data?: EmailOTPStarted, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    submitted(data?: EmailOTPSubmitted, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    finished(data?: EmailOTPFinished, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    error(data: EmailOTPError, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    resent(data?: EmailOTPResent, tags?: Record<string, string>, contexts?: Record<string, any>): void;
+type PasswordLoginTypedError = {
+    code: PasswordLoginTypedErrorCode;
+};
+type PasswordLoginTypedErrorCode = "invalid_password" | "user_not_found" | "account_locked";
+type PasswordLoginExplicitSpecType = "password-known-identifier" | "password-with-identifier";
+type PasswordLoginAutoTrackConfig = {
+    explicitSpecType: PasswordLoginExplicitSpecType;
+    inputHtmlField: HTMLInputElement;
+};
+declare class PasswordLoginOperationFull extends OperationFull {
+    readonly postResponse: StepHelper<{}, {}, PasswordLoginTypedError>;
+    private patternDetector?;
+    constructor(tracker: CorbadoTracker, autoTrackConfig?: PasswordLoginAutoTrackConfig);
+    destroy(): void;
 }
 
-declare class EmailLinkOperation {
-    private tracker;
-    constructor(tracker: CorbadoTracker);
-    /**
-     * Fire when the email containing the link has been sent to the user.
-     */
-    startable(data?: EmailLinkStartable, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    /**
-     * Fire when the link has been opened and right before the verification process starts.
-     */
-    submitted(data?: EmailLinkSubmitted, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    /**
-     * Fire when the verification process has been completed successfully.
-     */
-    finished(data?: EmailLinkFinished, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    /**
-     * Fire when an error occurs during the verification process.
-     */
-    error(data: EmailLinkError, tags?: Record<string, string>, contexts?: Record<string, any>): void;
+type PasswordEnrollmentTypedError = {
+    code: PasswordEnrollmentTypedErrorCode;
+};
+type PasswordEnrollmentTypedErrorCode = "requirements_not_fulfilled";
+type PasswordEnrollmentExplicitSpecType = "password-set" | "password-reset";
+type PasswordEnrollmentAutoTrackConfig = {
+    explicitSpecType: PasswordEnrollmentExplicitSpecType;
+    inputHtmlField: HTMLInputElement;
+};
+declare class PasswordEnrollmentOperationFull extends OperationFull {
+    readonly postResponse: StepHelper<{}, {}, PasswordEnrollmentTypedError>;
+    private patternDetector?;
+    constructor(tracker: CorbadoTracker, autoTrackConfig?: PasswordEnrollmentAutoTrackConfig);
+    destroy(): void;
 }
 
-declare class SetPasswordOperation {
+type PasskeyLoginCUITypedError = {
+    code: PasskeyLoginCUITypedErrorCode;
+};
+type PasskeyLoginCUITypedErrorCode = "cancel_detected";
+type ProvideIdentifierSpecType = "email";
+type ProvideIdentifierPostResponseStart = {
+    explicitSpecType?: ProvideIdentifierSpecType;
+};
+type PasskeyLoginCUISpecType = "passkey-cui";
+type CUICeremonyStart = {
+    explicitSpecType?: PasskeyLoginCUISpecType;
+};
+type PasskeyLoginCUIGetOptionsStart = {
+    explicitSpecType?: PasskeyLoginCUISpecType;
+};
+type PasskeyLoginCUIGetOptionsFinished = {
+    explicitSpecType?: ProvideIdentifierSpecType;
+    assertionOptions: string;
+};
+declare class OperationFullProvideIdentifierWithCUI {
     private tracker;
     private patternDetector?;
+    readonly cui: {
+        trigger: (data: SubflowTrigger, options?: StepOptions) => void;
+        getOptions: StepHelper<PasskeyLoginCUIGetOptionsStart, PasskeyLoginCUIGetOptionsFinished>;
+        ceremony: StepHelper<CUICeremonyStart, PasskeyLoginCeremonyFinished, PasskeyLoginCUITypedError>;
+        postResponse: StepHelper;
+    };
+    readonly provideIdentifier: {
+        trigger: (data: SubflowTrigger, options?: StepOptions) => void;
+        postResponse: StepHelper<ProvideIdentifierPostResponseStart>;
+    };
     constructor(tracker: CorbadoTracker, inputHtmlField?: HTMLInputElement);
-    startable(data?: SetPasswordStartable, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    started(data?: SetPasswordStarted, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    submitted(data?: SetPasswordSubmitted, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    finished(data?: SetPasswordFinished, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    error(data: SetPasswordError, tags?: Record<string, string>, contexts?: Record<string, any>): void;
+    private createStep;
     destroy(): void;
 }
 
+type SocialLoginSpecType = "pre-identifier" | "post-identifier";
+type SocialLoginGetRedirectUrlStart = {
+    provider?: SocialLoginProviderType;
+    explicitSpecType: SocialLoginSpecType;
+};
+type SocialLoginGetRedirectUrlFinished = {};
+type SocialLoginExchangeCodeStart = {
+    provider?: SocialLoginProviderType;
+};
+type SocialLoginExchangeCodeFinished = {};
+declare class SocialLoginOperationFull extends OperationFull {
+    readonly getRedirectUrl: StepHelper<SocialLoginGetRedirectUrlStart, SocialLoginGetRedirectUrlFinished>;
+    readonly exchangeCode: StepHelper<SocialLoginExchangeCodeStart, SocialLoginExchangeCodeFinished>;
+    constructor(tracker: CorbadoTracker);
+}
+
 interface TrackerOptions {
     projectId: string;
     apiBaseUrl: string;
     apiEventPath?: string;
     storage?: "cookie" | "local";
+    cookieDomain?: string;
     debug?: boolean;
+    logger?: Logger;
     deviceInfoDebounceTime?: number;
     defaultTags?: Record<string, string>;
     applicationId?: string;
 }
+/**
+ * @remarks
+ * **Constructor**
+ * - If `apiBaseUrl` is non-empty and missing `http://` or `https://`: logs via `logger.critical` (does not throw).
+ * - If `apiBaseUrl` is non-empty and ends with `/`: logs via `logger.critical` (does not throw).
+ * - Session bootstrap (`getSessionId`): on failure logs `Failed to get session id` and continues with an empty session id (does not throw).
+ *
+ * **Typed tracking helpers** (`flowStarted`, `flowDecided`, and the other public methods that call `track`)
+ * - Error handling for queued events is defined on {@link CorbadoTracker.track}.
+ */
 declare class CorbadoTracker {
     private options;
+    private logger;
     private queue;
     private sessionId;
     private storage;
@@ -390,609 +383,165 @@ declare class CorbadoTracker {
     private deviceInfoTransmittedLastTime;
     private seq;
     constructor(options: TrackerOptions);
+    /**
+     * Returns the logger used by this tracker.
+     */
+    getLogger(): Logger;
     private applicationTag;
-    private debugMessage;
     private isTrackingBlocked;
     private getSessionId;
     private updateDeviceDebounced;
-    /** @internal */
-    track(name: AuthEventName, data: Record<string, any>, userReference?: UserReference, tags?: Record<string, string>, contexts?: Record<string, any>, explicitTimestamp?: number): Promise<void>;
-    /**
-     * Track when the login UI becomes visible to the user.
-     *
-     * @remarks
-     * Trigger this event when your login form or login page is rendered and visible.
-     * Use the `touchpoint` field to distinguish where the login appears
-     * (e.g. a dedicated login page vs. an inline checkout login).
-     *
-     * @param data - Event payload.
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     *
-     * @example
-     * ```typescript
-     * tracker.loginVisible({ touchpoint: "account" });
-     * ```
-     */
-    loginVisible(data: LoginVisible, tags?: Record<string, string>): void;
-    /**
-     * Create a trackable identifier-provision operation without immediately firing an event.
-     *
-     * @remarks
-     * Returns a {@link ProvideIdentifierOperation} that you can drive through
-     * `identifierStarted` → `identifierSubmitted` → `identifierFinished` / `identifierError`.
-     * Pass an `inputHtmlField` to auto-instrument keystroke and paste detection on the identifier input.
-     *
-     * @param inputHtmlField - Optional HTML input element to instrument for interaction detection.
-     * @returns A {@link ProvideIdentifierOperation} instance.
-     *
-     * @example
-     * ```typescript
-     * const op = tracker.provideIdentifierStartable(document.getElementById("email") as HTMLInputElement);
-     * op.identifierStarted();
-     * ```
-     */
-    provideIdentifierStartable(inputHtmlField?: HTMLInputElement): ProvideIdentifierOperation;
-    /**
-     * Track the start of the identifier-provision step and return the operation handle.
-     *
-     * @remarks
-     * Call this when the user begins entering their identifier (email, phone, username).
-     * The returned {@link ProvideIdentifierOperation} lets you continue tracking through
-     * submission, completion, or error.
-     *
-     * @param data - Event payload (currently empty, reserved for future fields).
-     * @param inputHtmlField - Optional HTML input element to instrument for interaction detection.
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     * @returns A {@link ProvideIdentifierOperation} instance.
-     *
-     * @example
-     * ```typescript
-     * const op = tracker.provideIdentifierStarted({}, emailInput);
-     * ```
-     */
-    provideIdentifierStarted(data?: ProvideIdentifierStart, inputHtmlField?: HTMLInputElement, tags?: Record<string, string>, contexts?: Record<string, any>): ProvideIdentifierOperation;
-    /**
-     * Track when the user submits their identifier.
-     *
-     * @remarks
-     * Fire this event after the user confirms their identifier (e.g. clicks "Continue"
-     * or presses Enter). This sits between the started and finished/error events.
-     *
-     * @param data - Event payload (currently empty, reserved for future fields).
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     *
-     * @example
-     * ```typescript
-     * tracker.provideIdentifierSubmitted({});
-     * ```
-     */
-    provideIdentifierSubmitted(data: {}, tags?: Record<string, string>, contexts?: Record<string, any>): void;
+    trackSubflowStarted(subflowType: SubflowType, data: Record<string, any>, options?: StepOptions): void;
+    trackSubflowTrigger(subflowType: SubflowType, data: Record<string, any>, options?: StepOptions): void;
+    trackSubflowStepStarted(subflowType: SubflowType, stepName: string, data: Record<string, any>, options?: StepOptions): void;
+    trackSubflowStepFinished(subflowType: SubflowType, stepName: string, data: Record<string, any>, options?: StepOptions): void;
+    trackSubflowStepError(subflowType: SubflowType, stepName: string, data: Record<string, any>, options?: StepOptions): void;
+    trackSubflowFinished(subflowType: SubflowType, data: Record<string, any>, options?: StepOptions): void;
+    trackSubflowError(subflowType: SubflowType, data: Record<string, any>, options?: StepOptions): void;
     /**
-     * Track when identifier provision completes successfully.
-     *
-     * @remarks
-     * Fire this after the backend has validated the identifier and returned
-     * the available authentication methods. Include `availableMethods` and
-     * `preferredMethod` so downstream analytics can evaluate method selection.
-     *
-     * @param data - Event payload containing the user reference and available methods.
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
+     * Error situations:
+     *  - Blocked user agent (see `isBlockedUserAgent`): skip with a debug log and return
+     *  - Any error before the event is enqueued (e.g. device info update, `JSON.stringify` in debug logging, `queue.enqueue`): log `Failed to process event "<name>" before enqueue`
      *
-     * @example
-     * ```typescript
-     * tracker.provideIdentifierFinished({
-     *   identifier: "user@example.com",
-     *   availableMethods: ["passkey", "password"],
-     *   preferredMethod: "passkey",
-     * });
-     * ```
+     * @internal
      */
-    provideIdentifierFinished(data: ProvideIdentifierFinish, tags?: Record<string, string>, contexts?: Record<string, any>): void;
+    track(name: AuthEventName, data: Record<string, any>, userReference?: UserReference, tags?: Record<string, string>, contexts?: Record<string, any>, explicitTimestamp?: number): Promise<void>;
     /**
-     * Track when identifier provision fails.
+     * Track when an authentication flow (or flow selection screen) becomes visible.
      *
      * @remarks
-     * Fire this when the identifier lookup or validation returns an error
-     * (e.g. unknown user, rate limit, network failure).
+     * Call this once when the user first enters an auth touchpoint (for example account login,
+     * checkout login, or account recovery). If users can choose between multiple flows
+     * (such as login vs signup), pass `flowNames` and optionally `defaultFlowName`.
      *
-     * @param data - Event payload containing the user reference and error details.
+     * @param data - Flow metadata, including one flow (`flowName`) or multiple candidates (`flowNames`).
      * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
      *
      * @example
      * ```typescript
-     * tracker.provideIdentifierError({
-     *   identifier: "user@example.com",
-     *   error: "user_not_found",
+     * tracker.flowStarted({
+     *   flowNames: ["login", "signup"],
+     *   defaultFlowName: "login",
+     *   touchpoint: "account",
      * });
      * ```
      */
-    provideIdentifierError(data: ProvideIdentifierError, tags?: Record<string, string>, contexts?: Record<string, any>): void;
+    flowStarted(data: FlowStarted | MultiFlowStarted, tags?: Record<string, string>): void;
     /**
-     * Track when the login flow is reset.
+     * Track when the user commits to a specific flow.
      *
      * @remarks
-     * Fire this event when the user navigates back to the beginning of the login flow,
-     * for example by clicking a "Back" button or choosing "Try another method".
-     * This signals that the current authentication attempt was abandoned.
+     * Use this after presenting alternatives and once you know which path the user takes
+     * (for example when identifier checks route to login vs signup).
      *
-     * @param data - Event payload (currently empty, reserved for future fields).
+     * @param data - Selected flow name.
      * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
      *
      * @example
      * ```typescript
-     * tracker.loginReset();
+     * tracker.flowDecided({flowName: "signup"});
      * ```
      */
-    loginReset(data?: LoginReset, tags?: Record<string, string>, contexts?: Record<string, any>): void;
+    flowDecided(data: FlowDecided, tags?: Record<string, string>): void;
     /**
-     * Create a trackable password-login operation and mark it as startable.
+     * Track when a flow successfully completes.
      *
      * @remarks
-     * Returns a {@link PasswordOperationLogin} that you can drive through the
-     * `started` → `submitted` → `finished` / `error` lifecycle.
-     * Pass an `inputHtmlField` to auto-instrument the password input for
-     * interaction detection (e.g. paste, password-manager usage).
+     * Fire this when the user has finished the target flow end-to-end, such as completed login,
+     * signup, or recovery. If available, include `userId` and/or `identifier` so the event is
+     * linked to a user reference.
      *
-     * @param inputHtmlField - Optional HTML input element to instrument.
-     * @param data
+     * @param data - Finished flow name plus optional user reference fields.
      * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     * @returns A {@link PasswordOperationLogin} instance.
      *
      * @example
      * ```typescript
-     * const op = tracker.passwordLoginStartable(document.getElementById("password") as HTMLInputElement);
-     * ```
-     */
-    passwordLoginStartable(inputHtmlField?: HTMLInputElement, data?: PasswordLoginStartable, tags?: Record<string, string>, contexts?: Record<string, any>): PasswordOperationLogin;
-    /**
-     * Track the start of a password login attempt.
-     *
-     * @remarks
-     * Fire this when the user begins entering their password.
-     * Use the payload fields to record whether a password manager
-     * was detected or the keyboard was used for input.
-     *
-     * @param data - Event payload with optional interaction metadata.
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     * @returns A {@link PasswordOperationLogin} instance.
-     *
-     * @example
-     * ```typescript
-     * const op = tracker.passwordLoginStarted({ passwordManagerUsed: true });
-     * ```
-     */
-    passwordLoginStarted(data?: PasswordLoginStarted, tags?: Record<string, string>, contexts?: Record<string, any>): PasswordOperationLogin;
-    /**
-     * Track when the user submits their password.
-     *
-     * @remarks
-     * Fire this after the user confirms their password entry (e.g. clicks
-     * "Sign in" or presses Enter). This sits between the started and
-     * finished/error events.
-     *
-     * @param data - Event payload (currently empty, reserved for future fields).
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     *
-     * @example
-     * ```typescript
-     * tracker.passwordLoginSubmitted({});
-     * ```
-     */
-    passwordLoginSubmitted(data: {}, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    /**
-     * Track when a password login completes successfully.
-     *
-     * @remarks
-     * Fire this after the backend has verified the password and the user
-     * is authenticated.
-     *
-     * @param data - Event payload (currently empty, reserved for future fields).
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     *
-     * @example
-     * ```typescript
-     * tracker.passwordLoginFinished({});
-     * ```
-     */
-    passwordLoginFinished(data: PasswordLoginFinish, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    /**
-     * Track when a password login attempt fails.
-     *
-     * @remarks
-     * Fire this when password verification fails (e.g. invalid password,
-     * account locked, server error).
-     *
-     * @param data - Event payload (currently empty, reserved for future fields).
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     *
-     * @example
-     * ```typescript
-     * tracker.passwordLoginError({});
-     * ```
-     */
-    passwordLoginError(data: PasswordLoginError, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    /**
-     * Track the start of a passkey (WebAuthn) login and return the operation handle.
-     *
-     * @remarks
-     * Fire this when a passkey authentication ceremony begins.
-     * Set `conditional` to `true` for Conditional UI (autofill) flows, or `false`
-     * for an explicit "Sign in with passkey" button click.
-     * The returned {@link PasskeyOperationLogin} manages the remaining lifecycle events
-     * (submitted, finished, error) automatically.
-     *
-     * @param data - Event payload including the `conditional` flag.
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     * @returns A {@link PasskeyOperationLogin} instance.
-     *
-     * @example
-     * ```typescript
-     * const op = tracker.passkeyLoginStart({ conditional: false });
-     * ```
-     */
-    passkeyLoginStart(data: PasskeyLoginStart, tags?: Record<string, string>, contexts?: Record<string, any>): PasskeyOperationLogin;
-    /**
-     * Track the start of a social login (OAuth / OpenID Connect) flow.
-     *
-     * @remarks
-     * Fire this when the user initiates a social login (e.g. clicks "Sign in with Google").
-     * Specify the `provider` (e.g. `"google"`, `"apple"`) so analytics can break down
-     * conversion by provider.
-     *
-     * @param data - Event payload containing the social `provider` name.
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     * @returns A {@link SocialOperationLogin} instance.
-     *
-     * @example
-     * ```typescript
-     * const op = tracker.socialLoginStart({ provider: "google" });
-     * ```
-     */
-    socialLoginStart(data: SocialLoginStart, tags?: Record<string, string>, contexts?: Record<string, any>): SocialOperationLogin;
-    /**
-     * Track when a social login attempt fails.
-     *
-     * @remarks
-     * Fire this when the OAuth callback returns an error or when token
-     * exchange with the social provider fails.
-     *
-     * @param data - Event payload containing the user reference and `errorCode`.
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     *
-     * @example
-     * ```typescript
-     * tracker.socialLoginError({ errorCode: "OAuthAccountNotLinked" });
-     * ```
-     */
-    socialLoginError(data: SocialLoginError, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    /**
-     * Track when a social login completes successfully.
-     *
-     * @remarks
-     * Fire this after the social provider callback succeeds and the user
-     * is authenticated. Include the `provider` and user reference.
-     *
-     * @param data - Event payload containing the `provider` and user reference.
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     *
-     * @example
-     * ```typescript
-     * tracker.socialLoginFinish({ provider: "google" });
+     * tracker.flowFinished({
+     *   flowName: "login",
+     *   userId: "usr_123",
+     *   identifier: "max@example.com",
+     * });
      * ```
      */
-    socialLoginFinish(data: SocialLoginFinish, tags?: Record<string, string>, contexts?: Record<string, any>): void;
+    flowFinished(data: FlowFinished, tags?: Record<string, string>): void;
     /**
-     * Track when the overall login flow finishes successfully.
+     * Track when an in-progress flow is reset and restarted.
      *
      * @remarks
-     * Fire this as the final event of a successful login, regardless of the
-     * authentication method used. This closes the login funnel that started
-     * with {@link loginVisible}.
+     * Use this when users abandon the current path and return to the beginning of the same flow,
+     * for example after switching account/identifier and reopening the first step.
      *
-     * @param data - Event payload (currently empty, reserved for future fields).
+     * @param data - Flow name being reset.
      * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
      *
      * @example
      * ```typescript
-     * tracker.loginFinish();
+     * tracker.flowReset({flowName: "login"});
      * ```
      */
-    loginFinish(data?: LoginFinish, tags?: Record<string, string>, contexts?: Record<string, any>): void;
+    flowReset(data: FlowReset, tags?: Record<string, string>): void;
     /**
-     * Track when the signup UI becomes visible to the user.
+     * Track when a flow is considered finished because another flow finished it implicitly.
      *
      * @remarks
-     * Trigger this event when your signup form or registration page is rendered
-     * and visible. Optionally use the `touchpoint` field to distinguish where the
-     * signup appears (e.g. a dedicated registration page vs. an inline checkout signup).
+     * Use this for automatic completions where no separate explicit finish action happens in the
+     * current flow. Set `flowName` to the auto-finished flow and `finishedByFlowName` to the flow
+     * that caused it.
      *
-     * @param data - Event payload with an optional `touchpoint`.
+     * @param data - Auto-finished flow, finishing flow, and optional user reference fields.
      * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
      *
      * @example
      * ```typescript
-     * tracker.signupVisible({});
+     * tracker.flowAutoFinished({
+     *   flowName: "signup",
+     *   finishedByFlowName: "login",
+     *   userId: "usr_123",
+     * });
      * ```
      */
-    signupVisible(data: SignupVisible, tags?: Record<string, string>, contexts?: Record<string, any>): void;
+    flowAutoFinished(data: FlowAutoFinished, tags?: Record<string, string>): void;
     /**
-     * Track when the signup flow completes and associate the new user.
+     * Track when you present authentication method choices to the user.
      *
      * @remarks
-     * Fire this after a new account has been created. If `userId` and/or
-     * `identifier` are provided they are extracted and attached as a
-     * {@link UserReference} so subsequent events can be correlated to this user.
+     * Use this whenever a decision point is shown with a concrete method set, such as
+     * identifier entry options (`d1`) or post-identifier options (`d3`). Set
+     * `explicitDecisionValue` when the options are re-offered after a user action and you want
+     * to capture what triggered that transition.
      *
-     * @param data - Event payload, optionally containing `userId` and/or `identifier`.
+     * @param data - Decision identifier, offered options, and optional transition reason.
      * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     *
-     * @example
-     * ```typescript
-     * tracker.signupFinish({});
-     * ```
-     */
-    signupFinish(data: SignupFinish, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    /**
-     * Track when the user is offered a choice between login methods.
-     *
-     * @remarks
-     * Fire this when your UI presents multiple authentication methods and the
-     * user must choose one. Record `availableMethods` using {@link LoginMethodType}
-     * values and, if applicable, the `explicitDecisionValue` the user selected.
-     *
-     * @param data - Event payload with `decisionName`, `availableMethods`, and optional `explicitDecisionValue`.
      *
      * @example
      * ```typescript
-     * tracker.loginMethodsDecisionOffered({
-     *   decisionName: "d1",
-     *   availableMethods: ["passkey-conditional-ui", "identifier-email", "social-google"],
+     * tracker.authMethodsDecisionStarted({
+     *   decisionName: "d3",
+     *   options: ["passkey", "social-google", "password", "reset-flow"],
      * });
      * ```
      */
-    loginMethodsDecisionOffered(data: LoginMethodDecision): void;
-    authDecisionVisible(data: AuthDecisionVisible): void;
+    authMethodsDecisionStarted(data: AuthMethodDecisionStarted, tags?: Record<string, string>): void;
+    authMethodsDecisionFinished(data: AuthMethodDecisionFinished, tags?: Record<string, string>): void;
+    authDecisionStarted(data: AuthDecisionStarted): void;
     authDecisionFinished(data: AuthDecisionFinished): void;
+    passkeyLoginFullOperation(): PasskeyLoginOperationFull;
+    passkeyEnrollmentFullOperation(): PasskeyEnrollmentOperationFull;
+    passwordLoginFullOperation(autoTrackConfig?: PasswordLoginAutoTrackConfig): PasswordLoginOperationFull;
+    passwordEnrollmentFullOperation(autoTrackConfig?: PasswordEnrollmentAutoTrackConfig): PasswordEnrollmentOperationFull;
+    emailLinkOperationFull(): EmailLinkOperationFull;
+    emailOtpOperationFull(): EmailOtpOperationFull;
+    provideIdentifierOperationFull(inputHtmlField?: HTMLInputElement): OperationFullProvideIdentifierWithCUI;
+    socialLoginOperationFull(): SocialLoginOperationFull;
     /**
-     * Track when a security enrollment flow starts.
-     *
-     * @remarks
-     * Fire this when the user begins enrolling a new security credential
-     * (e.g. passkey, MFA device). The `touchpoint` indicates where enrollment
-     * was triggered (e.g. `"post-account"`, `"settings"`), and the `userId`
-     * is extracted as a {@link UserReference}.
-     *
-     * @param data - Event payload with `touchpoint` and `userId`.
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     *
-     * @example
-     * ```typescript
-     * tracker.securityEnrollmentStarted({ touchpoint: "post-account", userId: "usr_123" });
-     * ```
-     */
-    securityEnrollmentStarted(data: SecurityEnrollmentStarted, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    /**
-     * Track when a security enrollment completes successfully.
-     *
-     * @remarks
-     * Fire this after the new security credential has been registered
-     * and persisted.
-     *
-     * @param data - Event payload (currently empty, reserved for future fields).
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     *
-     * @example
-     * ```typescript
-     * tracker.securityEnrollmentFinished({});
-     * ```
-     */
-    securityEnrollmentFinished(data: {}, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    /**
-     * Create a trackable passkey enrollment operation and mark it as startable.
-     *
-     * @remarks
-     * Returns a {@link PasskeyOperationEnrollment} that manages the full
-     * enrollment lifecycle: `started` → `submitted` → `finished` / `error` / `skipped`.
-     * Call this when the user reaches a point where passkey enrollment can be offered.
-     *
-     * @param data - Event payload (currently empty, reserved for future fields).
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     * @returns A {@link PasskeyOperationEnrollment} instance.
-     *
-     * @example
-     * ```typescript
-     * const op = tracker.passkeyEnrollmentStartable({});
-     * ```
-     */
-    passkeyEnrollmentStartable(data: PasskeyEnrollmentStartable, tags?: Record<string, string>, contexts?: Record<string, any>): PasskeyOperationEnrollment;
-    /**
-     * Track when an account recovery flow starts.
-     *
-     * @remarks
-     * Fire this when the user initiates account recovery (e.g. "Forgot password",
-     * "Can't sign in"). Use the `touchpoint` field to indicate where recovery was
-     * triggered.
-     *
-     * @param data - Event payload with `touchpoint`.
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     *
-     * @example
-     * ```typescript
-     * tracker.accountRecoveryStarted({ touchpoint: "login" });
-     * ```
-     */
-    accountRecoveryStarted(data: AccountRecoveryStarted, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    /**
-     * Track when an account recovery flow completes successfully.
-     *
-     * @remarks
-     * Fire this after the user has successfully recovered access to their account.
-     *
-     * @param data - Event payload (currently empty, reserved for future fields).
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     *
-     * @example
-     * ```typescript
-     * tracker.accountRecoveryFinished({});
-     * ```
-     */
-    accountRecoveryFinished(data: {}, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    /**
-     * Track when an email link flow starts.
-     *
-     * @remarks
-     * Fire this when the email has been sent out to the user and the verification process begins.
-     * If fired from an un-authenticated context, we recommend to include a `crossEnvironmentTransactionID` in `data`.
-     * This can be any idea that you have again available when the email link flow submits (after the user clicks the link in the email).
-     *
-     * @param data - Event payload containing the user reference.
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     *
-     * @example
-     * ```typescript
-     * tracker.emailLinkStarted({ userId: "usr_123" });
-     * ```
-     */
-    emailLinkStartable(data: EmailLinkStartable, tags?: Record<string, string>, contexts?: Record<string, any>): EmailLinkOperation;
-    emailLinkSubmitted(data: EmailLinkSubmitted, tags?: Record<string, string>, contexts?: Record<string, any>): EmailLinkOperation;
-    emailLinkFinished(data: EmailLinkFinished, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    emailLinkError(data: EmailLinkError, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    /**
-     * Create a trackable email OTP operation and mark it as startable.
-     *
-     * @remarks
-     * Returns an {@link EmailOTPOperation} that manages the full email OTP
-     * lifecycle: `started` → `submitted` → `finished` / `error`, plus `resent`.
-     * Call this when the user reaches a point where email OTP authentication
-     * can be offered (e.g. after identifier provision returns email OTP as
-     * an available method).
-     *
-     * @param data - Event payload (currently empty, reserved for future fields).
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     * @returns An {@link EmailOTPOperation} instance.
-     *
-     * @example
-     * ```typescript
-     * const op = tracker.emailOTPStartable({});
-     * ```
-     */
-    emailOTPStartable(data?: EmailOTPStartable, tags?: Record<string, string>, contexts?: Record<string, any>): EmailOTPOperation;
-    /**
-     * Track the start of an email OTP authentication flow.
-     *
-     * @remarks
-     * Fire this when the email OTP flow begins — typically when the OTP email
-     * is sent to the user. The returned {@link EmailOTPOperation} lets you
-     * continue tracking through submission, completion, error, or resend.
-     *
-     * @param data - Event payload (currently empty, reserved for future fields).
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     * @returns An {@link EmailOTPOperation} instance.
-     *
-     * @example
-     * ```typescript
-     * const op = tracker.emailOTPStarted({});
-     * ```
-     */
-    emailOTPStarted(data?: EmailOTPStarted, tags?: Record<string, string>, contexts?: Record<string, any>): EmailOTPOperation;
-    /**
-     * Track when the user submits an email OTP code.
-     *
-     * @remarks
-     * Fire this after the user enters and submits the OTP code for verification.
-     * This sits between the started and finished/error events.
-     *
-     * @param data - Event payload (currently empty, reserved for future fields).
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     *
-     * @example
-     * ```typescript
-     * tracker.emailOTPSubmitted({});
-     * ```
-     */
-    emailOTPSubmitted(data?: EmailOTPSubmitted, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    /**
-     * Track when email OTP verification completes successfully.
-     *
-     * @remarks
-     * Fire this after the backend has verified the OTP code and the user
-     * is authenticated.
-     *
-     * @param data - Event payload (currently empty, reserved for future fields).
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     *
-     * @example
-     * ```typescript
-     * tracker.emailOTPFinished({});
-     * ```
-     */
-    emailOTPFinished(data?: EmailOTPFinished, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    /**
-     * Track when email OTP verification fails.
+     * Flush any pending events and release all resources (timers, event listeners).
      *
      * @remarks
-     * Fire this when OTP code verification fails (e.g. invalid code, expired code,
-     * rate limit exceeded).
-     *
-     * @param data - Event payload containing the `errorCode`.
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     *
-     * @example
-     * ```typescript
-     * tracker.emailOTPError({ errorCode: "invalid_code" });
-     * ```
+     * After calling destroy, the tracker must not be used. Operation objects
+     * returned by factory methods (e.g. `passwordLoginFullOperation`) that hold
+     * DOM references must be destroyed separately by the caller.
      */
-    emailOTPError(data: EmailOTPError, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    /**
-     * Track when an email OTP code is resent.
-     *
-     * @remarks
-     * Fire this when the user requests a new OTP code (e.g. clicks "Resend code").
-     * This helps measure how often users need to request a new code.
-     *
-     * @param data - Event payload (currently empty, reserved for future fields).
-     * @param tags - Optional key-value tags for filtering and segmentation.
-     * @param contexts - Optional contextual metadata attached to the event.
-     *
-     * @example
-     * ```typescript
-     * tracker.emailOTPResent({});
-     * ```
-     */
-    emailOTPResent(data?: EmailOTPResent, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    setPasswordStartable(inputHtmlField?: HTMLInputElement, tags?: Record<string, string>, contexts?: Record<string, any>): SetPasswordOperation;
-    setPasswordStarted(data?: SetPasswordStarted, tags?: Record<string, string>, contexts?: Record<string, any>): SetPasswordOperation;
-    setPasswordSubmitted(data?: SetPasswordSubmitted, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    setPasswordFinished(data?: SetPasswordFinished, tags?: Record<string, string>, contexts?: Record<string, any>): void;
-    setPasswordError(data: SetPasswordError, tags?: Record<string, string>, contexts?: Record<string, any>): void;
+    destroy(): Promise<void>;
     /** @internal */
     resetSession(): string;
 }
@@ -1010,6 +559,7 @@ interface Transport {
     flush(timeout?: number): Promise<boolean>;
 }
 interface TransportOptions {
+    logger: Logger;
     url: string;
     headers?: Record<string, string>;
 }
@@ -1018,9 +568,12 @@ interface QueueOptions {
     batchSize?: number;
     flushInterval?: number;
 }
+/**
+ * @remarks When `window` is defined, `visibilitychange` (when the document becomes hidden) and `pagehide` trigger a synchronous beacon flush (`flushSync`). Any thrown error in that path is logged as "Unexpected error in queue flushSync".
+ */
 declare class RequestQueue {
+    private readonly logger;
     private transport;
-    private readonly projectId;
     private sessionId;
     private readonly sdk;
     private options;
@@ -1029,12 +582,26 @@ declare class RequestQueue {
     private isFlushing;
     private onVisibilityChange;
     private onPageHide;
-    constructor(transport: Transport, projectId: string, sessionId: string, sdk: SdkInfo, options?: QueueOptions);
+    constructor(logger: Logger, transport: Transport, sessionId: string, sdk: SdkInfo, options?: QueueOptions);
     setSessionId(sessionId: string): void;
+    /**
+     * Error situations:
+     *  - Any error while enqueueing or scheduling flush (including a synchronous throw from `flush`): log "Failed to enqueue event"
+     */
     enqueue(event: Event): void;
+    /**
+     * Error situations:
+     *  - Queue is empty: return without calling transport.send
+     *  - A flush is already in progress: return without calling transport.send again
+     *  - transport.send rejects or throws, or any other error in the try block: log "Unexpected error in queue flush"
+     */
     flush(): Promise<void>;
     private setupLifecycleHooks;
     private flushSync;
+    /**
+     * Error situations:
+     *  - Timer clearance or event listener removal throws: log "Failed to destroy queue lifecycle hooks"
+     */
     destroy(): void;
 }
 
@@ -1044,25 +611,83 @@ interface StorageEngine {
     removeItem(key: string): void;
 }
 declare class LocalStorage implements StorageEngine {
+    private logger;
+    constructor(logger: Logger);
+    /**
+     * Error situations:
+     *  - localStorage is not available: return null
+     *  - localStorage.getItem throws: catch exception, log error and return null
+     *  - JSON.parse throws: catch exception, log error and return null
+     */
     getItem<T>(key: string): T | null;
+    /**
+     * Error situations:
+     *  - localStorage is not available: return without writing
+     *  - localStorage.setItem throws: catch exception and log error
+     *  - JSON.stringify throws: catch exception and log error
+     */
     setItem<T>(key: string, value: T): void;
+    /**
+     * Error situations:
+     *  - localStorage is not available: return without writing
+     *  - localStorage.removeItem throws: catch exception and log error
+     */
     removeItem(key: string): void;
 }
 declare class CookieStorage implements StorageEngine {
+    private logger;
     private domain?;
-    constructor(domain?: string | undefined);
+    constructor(logger: Logger, domain?: string | undefined);
+    /**
+     * Error situations:
+     *  - document is not available: return null
+     *  - document.cookie read throws: catch exception, log error and return null
+     *  - decodeURIComponent throws: catch exception, log error and return null
+     *  - JSON.parse throws: catch exception, log error and return null
+     */
     getItem<T>(key: string): T | null;
+    /**
+     * Error situations:
+     *  - document is not available: return without writing
+     *  - document.cookie write throws: catch exception and log error
+     *  - JSON.stringify throws: catch exception and log error
+     */
     setItem<T>(key: string, value: T): void;
+    /**
+     * Error situations:
+     *  - document is not available: return without writing
+     *  - document.cookie write throws: catch exception and log error
+     */
     removeItem(key: string): void;
 }
 declare class SessionStorage implements StorageEngine {
+    private logger;
+    constructor(logger: Logger);
+    /**
+     * Error situations:
+     *  - sessionStorage is not available: return null
+     *  - sessionStorage.getItem throws: catch exception, log error and return null
+     *  - JSON.parse throws: catch exception, log error and return null
+     */
     getItem<T>(key: string): T | null;
+    /**
+     * Error situations:
+     *  - sessionStorage is not available: return without writing
+     *  - sessionStorage.setItem throws: catch exception and log error
+     *  - JSON.stringify throws: catch exception and log error
+     */
     setItem<T>(key: string, value: T): void;
+    /**
+     * Error situations:
+     *  - sessionStorage is not available: return without writing
+     *  - sessionStorage.removeItem throws: catch exception and log error
+     */
     removeItem(key: string): void;
 }
 
 declare function init(options: TrackerOptions): CorbadoTracker;
 declare function getTracker(): CorbadoTracker | undefined;
 declare function resetSession(): string | undefined;
+declare function destroy(): Promise<void>;
 
-export { type AccountRecoveryStarted, type AuthDecisionFinished, type AuthDecisionVisible, AuthEventName, type BaseEvent, type ClientCapabilities, type ClientEnvHandleMeta, type ClientEnvHandleMetaSource, CookieStorage, CorbadoTracker, type CustomEvent, type DeviceInfo, type DeviceInfoDataWeb, type DeviceType, type EmailLinkError, type EmailLinkFinished, EmailLinkOperation, type EmailLinkStartable, type EmailLinkSubmitted, type EmailOTPError, type EmailOTPFinished, EmailOTPOperation, type EmailOTPResent, type EmailOTPStartable, type EmailOTPStarted, type EmailOTPSubmitted, type Event, type EventBatch, type EventType, type IdentifierProvided, type JavaScriptHighEntropy, LocalStorage, type LoginFinish, type LoginMethodDecision, type LoginMethodType, type LoginReset, type LoginStepPasswordErrorCode, type LoginVisible, type NormalizedError, type PasskeyEnrollmentError, type PasskeyEnrollmentFinished, type PasskeyEnrollmentStartable, type PasskeyEnrollmentStarted, type PasskeyEnrollmentSubmitted, type PasskeyLoginClientError, type PasskeyLoginFinish, type PasskeyLoginStart, type PasskeyLoginStartable, type PasskeyLoginSubmitted, PasskeyOperationEnrollment, PasskeyOperationLogin, type PasswordLoginError, type PasswordLoginFinish, type PasswordLoginStartable, type PasswordLoginStarted, PasswordOperationLogin, type PredefinedEvent, type ProvideIdentifierError, type ProvideIdentifierFinish, ProvideIdentifierOperation, type ProvideIdentifierStart, type QueueOptions, RequestQueue, SDK_NAME, SDK_VERSION, type SdkInfo, type SecurityEnrollmentStarted, SessionStorage, type SetPasswordError, type SetPasswordFinished, SetPasswordOperation, type SetPasswordStartable, type SetPasswordStarted, type SetPasswordSubmitted, type SignupFinish, type SignupVisible, type SocialLoginError, type SocialLoginFinish, type SocialLoginProviderType, type SocialLoginStart, SocialOperationLogin, type StorageEngine, type TrackerOptions, type Transport, type TransportMakeRequestResponse, type TransportOptions, type User, type UserReference, type WithSubFlowId, getTracker, init, resetSession };
+export { type AuthDecisionFinished, type AuthDecisionStarted, AuthEventName, type AuthMethodDecisionFinished, type AuthMethodDecisionStarted, type AuthMethodType, type BaseEvent, type ClientCapabilities, type ClientEnvHandleMeta, type ClientEnvHandleMetaSource, CookieStorage, CorbadoTracker, type CreateLoggerOptions, type CustomEvent, type DeviceInfo, type DeviceInfoDataWeb, type DeviceType, EmailLinkOperationFull, type EmailLinkOperationPostResponseStart, type EmailLinkOperationSendStart, type EmailLinkOperationSpecType, type EmailOTPOperationPostResponseStart, type EmailOTPOperationSendOTPStart, type EmailOTPOperationSpecType, EmailOtpOperationFull, type Event, type EventBatch, type EventType, type FlowAutoFinished, type FlowDecided, type FlowFinished, type FlowReset, type FlowStarted, type FlowType, type JavaScriptHighEntropy, LocalStorage, type Logger, type MultiFlowStarted, type NormalizedError, OperationFull, OperationFullProvideIdentifierWithCUI, type PasskeyEnrollmentCeremonyFinished, type PasskeyEnrollmentCeremonyStart, type PasskeyEnrollmentGetOptionsFinished, type PasskeyEnrollmentGetOptionsStart, PasskeyEnrollmentOperationFull, type PasskeyLoginCUIGetOptionsFinished, type PasskeyLoginCUIGetOptionsStart, type PasskeyLoginCUISpecType, type PasskeyLoginCeremonyFinished, type PasskeyLoginCeremonyStart, type PasskeyLoginClientError, type PasskeyLoginFinish, type PasskeyLoginGetOptionsFinished, type PasskeyLoginGetOptionsStart, PasskeyLoginOperationFull, type PasskeyLoginStartable, type PasskeyLoginSubmitted, type PasskeyOperationEnrollmentExplicitSpecType, type PasskeyOperationLoginExplicitSpecType, type PasswordEnrollmentAutoTrackConfig, PasswordEnrollmentOperationFull, type PasswordEnrollmentTypedError, type PasswordLoginAutoTrackConfig, PasswordLoginOperationFull, type PasswordLoginTypedError, type PredefinedEvent, type ProvideIdentifierError, type ProvideIdentifierFinish, type ProvideIdentifierPostResponseStart, type ProvideIdentifierSpecType, type ProvideIdentifierStart, type QueueOptions, RequestQueue, SDK_NAME, SDK_VERSION, type SdkInfo, SessionStorage, type SocialLoginExchangeCodeFinished, type SocialLoginExchangeCodeStart, type SocialLoginGetRedirectUrlFinished, type SocialLoginGetRedirectUrlStart, SocialLoginOperationFull, type SocialLoginProviderType, type SocialLoginSpecType, type StepHelper, type StepOptions, type StorageEngine, type SubflowTrigger, type SubflowType, type TrackerOptions, type Transport, type TransportMakeRequestResponse, type TransportOptions, type UserReference, createLogger, destroy, getTracker, init, resetSession };