@devdash/bofrid-api-types 0.1.5

package/README.md

@@ -0,0 +1,24 @@
+# @devdash/bofrid-api-types
+
+TypeScript type definitions for the [Bofrid API](https://github.com/devdashco/bofrid-api). Consumed by [bofrid-web](https://github.com/devdashco/bofrid-web) to get full Hono RPC client typing.
+
+Contains **only `.d.ts` files** — no runtime code. Mechanically generated from the API source by CI (`tsc --emitDeclarationOnly --noCheck` + `tsc-alias` to rewrite path aliases).
+
+## Install
+
+```sh
+bun add -d @devdash/bofrid-api-types
+```
+
+Public package — no `.npmrc`, no tokens.
+
+## Use
+
+```ts
+import type { AppType } from "@devdash/bofrid-api-types";
+import { hc } from "hono/client";
+
+const client = hc<AppType>("https://vapi.bofrid.se");
+```
+
+That's it — fully typed Hono RPC.

package/dist/app.d.ts

@@ -0,0 +1,23 @@
+import "./lib/env";
+import "./lib/sentry";
+import "./lib/posthog";
+import { OpenAPIHono } from "@hono/zod-openapi";
+import { type AppType } from "./routes/index";
+/**
+ * Context variable types available in all route handlers.
+ */
+export type AppBindings = {
+    Variables: {
+        /** Unique ID for this request (propagated from X-Request-Id or generated) */
+        requestId: string;
+        /** Better Auth user.id (text PK from the user table) */
+        authUserId: string;
+        /** Bofrid profile UUID (PK from bofrid_profiles) */
+        profileId: string;
+        /** True when authenticated via BOFRID_API_KEY (master service key) */
+        isMasterKey?: boolean;
+    };
+};
+declare const app: OpenAPIHono<AppBindings, {}, "/">;
+export default app;
+export type { AppType };

package/dist/dev.d.ts

@@ -0,0 +1,6 @@
+declare const _default: {
+    port: number;
+    idleTimeout: number;
+    fetch: (request: Request, Env?: unknown, executionCtx?: import("hono").ExecutionContext) => Response | Promise<Response>;
+};
+export default _default;

package/dist/export-openapi.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Export the OpenAPI spec to a static JSON file.
+ *
+ * Usage: bun apps/api/src/export-openapi.ts
+ *
+ * Writes openapi.json to the repo root so AI agents and build tools
+ * can read the spec without the server running (Zero-Drift step 2).
+ */
+export {};

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+declare const _default: (incoming: import("http").IncomingMessage | import("http2").Http2ServerRequest, outgoing: import("http").ServerResponse | import("http2").Http2ServerResponse) => Promise<void>;
+export default _default;
+export type { AppType } from "./routes/index";

package/dist/lib/auth.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Better Auth instance for the Hono API server.
+ *
+ * Uses the shared config from @bofrid/auth/config. No platform-specific
+ * plugins needed — the API server only reads sessions, never sets cookies
+ * via Next.js helpers.
+ */
+export declare const auth: import("better-auth").Auth<import("better-auth").BetterAuthOptions>;
+export type Auth = typeof auth;
+/**
+ * Generate a magic link verification URL that logs the user in when clicked.
+ * Creates a verification token in the DB and returns the full URL pointing
+ * to the web app's Better Auth verify endpoint.
+ *
+ * @param email     — The user's email address
+ * @param callbackURL — Where to redirect after successful verification (e.g. /dashboard/...)
+ * @param expirySeconds — Custom expiry (default: 15 min). Use longer values for digest emails.
+ * @returns The full magic link URL
+ */
+export declare function generateMagicLinkUrl(email: string, callbackURL: string, expirySeconds?: number): Promise<string>;

package/dist/lib/criipto-bankid.d.ts

@@ -0,0 +1,45 @@
+export interface CriiptoBankIDUser {
+    personalNumber: string;
+    name: string;
+    givenName: string;
+    surname: string;
+    ipAddress?: string;
+}
+export declare class CriiptoBankIDError extends Error {
+    errorCode?: string | undefined;
+    details?: string | undefined;
+    constructor(message: string, errorCode?: string | undefined, details?: string | undefined);
+}
+export interface CriiptoTokenResponse {
+    id_token: string;
+    access_token?: string;
+    token_type?: string;
+    expires_in?: number;
+}
+export declare class CriiptoBankIDService {
+    private domain;
+    private clientId;
+    private clientSecret;
+    constructor();
+    /**
+     * Extract user information from Criipto ID token (JWT decode, no verification).
+     */
+    extractUserFromIdToken(idToken: string): CriiptoBankIDUser;
+    /**
+     * Build the OIDC authorize URL for the redirect flow.
+     * The user's browser is redirected here; Criipto handles the full BankID UX.
+     *
+     * On mobile, pass `platform` ("ios" | "android") to add `login_hint=appswitch:<platform>`
+     * so Criipto launches the BankID app directly instead of showing a QR code.
+     */
+    buildAuthorizeUrl(redirectUri: string, state: string, platform?: string): string;
+    /**
+     * Exchange an authorization code for an id_token (server-to-server).
+     */
+    exchangeCodeForToken(code: string, redirectUri: string): Promise<CriiptoTokenResponse>;
+    /**
+     * Get client IP from request headers.
+     */
+    static getClientIP(headers: Headers): string;
+}
+export declare function getCriiptoBankIDService(): CriiptoBankIDService;

package/dist/lib/datalake.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Datalake client — queries self-hosted Supabase (supabase.bofrid.dev) via REST API.
+ *
+ * Used by lookup routes and folkbokföring import.
+ */
+export declare function isDatalakeConfigured(): boolean;
+export declare function datalakeQuery<T>(table: string, params: Record<string, string>): Promise<T[]>;

package/dist/lib/docs-filter.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Spec filtering for the public docs surface (docs.bofrid.com).
+ *
+ * The API exposes one OpenAPI document, but external callers should only see
+ * the read-only public endpoints. An `?key=BOFRID_API_KEY` query unlocks the
+ * full spec. Paths under `/dev/`, `/cron/`, `/internal/` are never exposed —
+ * they aren't meaningful outside the deployment.
+ */
+type Spec = Record<string, unknown> & {
+    info?: Record<string, unknown>;
+    paths?: Record<string, unknown>;
+};
+export declare function stripExcludedPaths(spec: Spec): Spec;
+export declare function filterPublicSpec(spec: Spec): Spec;
+export {};

package/dist/lib/email-action-token.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Signed, stateless tokens for one-click email actions (no login required).
+ *
+ * Format: `base64url(json_payload).base64url(hmac-sha256)`
+ * Payloads (discriminated by `action`):
+ *   - `{ action: "submit", listingId, exp }`           — landlord one-click publish
+ *   - `{ action: "cancel_bevakning", bevakningId, userId, exp }` — tenant unsubscribe
+ */
+export interface SubmitListingTokenPayload {
+    action: "submit";
+    listingId: string;
+    exp: number;
+}
+export interface CancelBevakningTokenPayload {
+    action: "cancel_bevakning";
+    bevakningId: string;
+    userId: string;
+    exp: number;
+}
+export type EmailActionPayload = SubmitListingTokenPayload | CancelBevakningTokenPayload;
+/** Create a signed token for a one-click "submit listing" email action. */
+export declare function createEmailActionToken(listingId: string, action: "submit"): string;
+/** Create a signed token for a one-click "cancel bevakning" email action. */
+export declare function createCancelBevakningToken(bevakningId: string, userId: string): string;
+/** Verify and decode a signed email action token. Returns null if invalid/expired/tampered. */
+export declare function verifyEmailActionToken(token: string): EmailActionPayload | null;

package/dist/lib/email-utm.d.ts

@@ -0,0 +1,42 @@
+/**
+ * Email UTM rewriter
+ *
+ * Centralized URL instrumentation for outgoing transactional emails. Every
+ * email link to a Bofrid destination gets `utm_source=email&utm_medium=transactional&utm_campaign=<template>`
+ * appended automatically so PostHog autocapture / pageview events can attribute
+ * sessions back to a specific email template.
+ *
+ * Two URL shapes need to be handled:
+ *
+ *   1. Direct destination URLs — `https://bofrid.se/dashboard/foo` — UTM is
+ *      appended to the URL itself.
+ *
+ *   2. Magic-link verify URLs — `https://bofrid.se/api/auth/magic-link/verify?token=…&callbackURL=/dashboard/foo`
+ *      The user hits the verify endpoint, Better Auth strips the token and
+ *      redirects to `callbackURL`. UTM appended to the verify URL itself would
+ *      be lost on redirect, so we drill into the `callbackURL` query param and
+ *      append UTM there — the user lands on the destination with UTM intact.
+ *
+ * URLs that don't render a trackable page (`/email-actions/*` one-click action
+ * endpoints, other `/api/*` paths) and non-Bofrid hosts (mailto:, tel:, support
+ * links, etc.) are left untouched. URLs that already carry `utm_source` are
+ * also untouched so per-call manual UTM stays authoritative.
+ */
+/**
+ * Append UTM to a fully-qualified URL string, handling magic-link verify URLs
+ * by drilling into their `callbackURL`/`errorCallbackURL` params.
+ *
+ * Returns the original string unchanged if the URL can't be parsed, points at
+ * a non-Bofrid host, or already carries UTM.
+ */
+export declare function addEmailUtmToUrl(urlStr: string, template: string): string;
+export declare function rewriteEmailHtmlLinks(html: string, template: string): string;
+export declare function rewriteEmailTextLinks(text: string, template: string): string;
+export declare function rewriteEmailLinks(opts: {
+    html: string;
+    text: string;
+    template: string;
+}): {
+    html: string;
+    text: string;
+};

package/dist/lib/email.d.ts

@@ -0,0 +1,94 @@
+/**
+ * Email Service — mejl.to (production) with Resend fallback, or Mailpit (staging/CI)
+ *
+ * Centralized email sending for the Hono API.
+ *
+ * Transport priority:
+ *   1. Mailpit HTTP API — set MAILPIT_URL (e.g. https://mailpit.bofrid.dev)
+ *   2. SMTP — set SMTP_HOST + SMTP_PORT (local dev with Mailpit on localhost)
+ *   3. mejl.to (Amazon SES via mail.bofrid.se) — production primary
+ *   4. Resend — production fallback when mejl.to fails
+ *   5. Gmail SMTP relay — last-resort fallback
+ *
+ * Bulk emails (bevakningar) use Google Workspace SMTP relay via service account
+ * OAuth2. Set GOOGLE_SERVICE_ACCOUNT_EMAIL + GOOGLE_SERVICE_ACCOUNT_PRIVATE_KEY.
+ */
+declare const EMAIL_FROM: string;
+declare const EMAIL_REPLY_TO = "hej@bofrid.se";
+declare const SUPPORT_EMAIL = "support@bofrid.se";
+declare const ADMIN_EMAILS: string[];
+export { EMAIL_FROM, EMAIL_REPLY_TO, SUPPORT_EMAIL, ADMIN_EMAILS };
+import type { EmailLocale } from "@bofrid/email";
+export declare function translatePropertyType(type: string | null | undefined, locale?: EmailLocale): string;
+type NotificationCategory = "listings" | "applications" | "leads" | "documents" | "messages";
+/**
+ * Resolve a user's preferred email locale from their profile preferences.
+ * Falls back to "sv" if not set or profile not found.
+ */
+export declare function getUserLocale(profileId: string): Promise<EmailLocale>;
+/** Which transport delivered the email. */
+export type EmailTransport = "mejl" | "resend" | "gmail-smtp" | "gmail-api" | "smtp" | "mailpit-http";
+interface SendEmailOptions {
+    to: string;
+    subject: string;
+    html: string;
+    text: string;
+    replyTo?: string;
+    /** Optional — when provided, the send is logged to bofrid_email_logs automatically. */
+    log?: {
+        recipientId?: string | null;
+        templateName: string;
+        metadata?: Record<string, unknown>;
+    };
+}
+/**
+ * Send an email using SMTP/Mailpit (if SMTP_HOST is set) or mejl.to (production)
+ * with Resend as a secondary fallback. SMTP is preferred when available — useful
+ * for staging/CI email capture.
+ *
+ * When `opts.log` is provided, the send result (sent/failed) is persisted
+ * to `bofrid_email_logs` for audit and future automation (e.g. reminder dedup).
+ */
+export declare function sendEmail(opts: SendEmailOptions): Promise<void>;
+/**
+ * Get company notification preferences. All categories default to `true`.
+ */
+export declare function getCompanyNotificationPrefs(companyId: string): Promise<Record<NotificationCategory, boolean>>;
+/**
+ * Get company preferred locale, falling back to "sv".
+ */
+export declare function getCompanyLocale(companyId: string): Promise<EmailLocale>;
+interface SendBulkEmailOptions {
+    to: string;
+    subject: string;
+    html: string;
+    text: string;
+    replyTo?: string;
+    /** Optional — when provided, the send is logged to bofrid_email_logs automatically. */
+    log?: {
+        recipientId?: string | null;
+        templateName: string;
+        metadata?: Record<string, unknown>;
+    };
+}
+/**
+ * Send a single email via Gmail API (for bulk campaigns).
+ * Uses SMTP/Mailpit when SMTP_HOST is set (staging/CI),
+ * Gmail API when Google service account is configured,
+ * or falls back to sendEmail() (Resend).
+ */
+export declare function sendBulkEmail(opts: SendBulkEmailOptions): Promise<void>;
+/**
+ * Send emails in throttled batches via Gmail API.
+ * Reuses a single access token for the entire batch run.
+ *
+ * @param emails - Array of email options to send
+ * @param batchSize - Emails per batch (default 10)
+ * @param delayMs - Delay between batches in ms (default 2000)
+ * @returns { sent, failed, errors }
+ */
+export declare function sendBulkEmailBatch(emails: SendBulkEmailOptions[], batchSize?: number, delayMs?: number): Promise<{
+    sent: number;
+    failed: number;
+    errors: string[];
+}>;

package/dist/lib/env.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Startup environment variable validation for apps/api.
+ *
+ * Imported as a side-effect in app.ts before any routes load.
+ * Fails fast with a clear, grouped error instead of cryptic crashes
+ * deep in auth/db/storage modules.
+ *
+ * Auth-related vars (DATABASE_URL, BETTER_AUTH_SECRET, MEJL_API_KEY)
+ * are also validated by @bofrid/auth/config.ts, but surfacing them here
+ * gives a single, readable error on startup.
+ */
+export declare const REQUIRED_CORE: readonly [readonly ["DATABASE_URL", "Postgres connection string (Supabase)"], readonly ["BETTER_AUTH_URL", "Better Auth server URL (e.g. https://api.bofrid.se)"], readonly ["BETTER_AUTH_SECRET", "Signing secret for Better Auth sessions"], readonly ["APP_URL", "Frontend URL for emails/revalidation (e.g. https://bofrid.se)"]];
+export declare const REQUIRED_AUTH: readonly [];
+export declare const REQUIRED_STORAGE: readonly [readonly ["R2_ENDPOINT", "Cloudflare R2 S3 endpoint URL"], readonly ["R2_ACCESS_KEY_ID", "Cloudflare R2 access key"], readonly ["R2_SECRET_ACCESS_KEY", "Cloudflare R2 secret key"], readonly ["R2_BUCKET_NAME", "R2 bucket name (e.g. bofrid-media)"], readonly ["R2_PUBLIC_URL", "R2 public CDN URL (e.g. https://bofrid.media)"]];
+export declare const REQUIRED_GEOCODING: readonly [readonly ["GOOGLE_PLACES_API_KEY", "Google Places API key for address geocoding"]];
+export declare const REQUIRED_BANKID: readonly [readonly ["CRIIPTO_DOMAIN", "Criipto tenant domain (e.g. your-tenant.criipto.id)"], readonly ["CRIIPTO_CLIENT_ID", "Criipto OAuth client ID"], readonly ["CRIIPTO_CLIENT_SECRET", "Criipto OAuth client secret"]];
+export declare const REQUIRED_SERVICES: readonly [readonly ["BOFRID_MASTER_KEY", "AES-256 encryption key for document/PII encryption (openssl rand -hex 32)"], readonly ["BOFRID_API_KEY", "Master API key for headless/service auth (X-API-Key header)"], readonly ["STRIPE_SECRET_KEY", "Stripe secret key for billing features"], readonly ["STRIPE_WEBHOOK_SECRET", "Stripe webhook signing secret"], readonly ["GEMINI_API_KEY", "Google Gemini API key for AI translation"], readonly ["NUSVAR_API_KEY", "Nusvar API key for folkbokföring lookups"]];
+export declare const ALL_REQUIRED_VARS: readonly [readonly ["DATABASE_URL", "Postgres connection string (Supabase)"], readonly ["BETTER_AUTH_URL", "Better Auth server URL (e.g. https://api.bofrid.se)"], readonly ["BETTER_AUTH_SECRET", "Signing secret for Better Auth sessions"], readonly ["APP_URL", "Frontend URL for emails/revalidation (e.g. https://bofrid.se)"], readonly ["CRIIPTO_DOMAIN", "Criipto tenant domain (e.g. your-tenant.criipto.id)"], readonly ["CRIIPTO_CLIENT_ID", "Criipto OAuth client ID"], readonly ["CRIIPTO_CLIENT_SECRET", "Criipto OAuth client secret"], readonly ["R2_ENDPOINT", "Cloudflare R2 S3 endpoint URL"], readonly ["R2_ACCESS_KEY_ID", "Cloudflare R2 access key"], readonly ["R2_SECRET_ACCESS_KEY", "Cloudflare R2 secret key"], readonly ["R2_BUCKET_NAME", "R2 bucket name (e.g. bofrid-media)"], readonly ["R2_PUBLIC_URL", "R2 public CDN URL (e.g. https://bofrid.media)"], readonly ["GOOGLE_PLACES_API_KEY", "Google Places API key for address geocoding"], readonly ["BOFRID_MASTER_KEY", "AES-256 encryption key for document/PII encryption (openssl rand -hex 32)"], readonly ["BOFRID_API_KEY", "Master API key for headless/service auth (X-API-Key header)"], readonly ["STRIPE_SECRET_KEY", "Stripe secret key for billing features"], readonly ["STRIPE_WEBHOOK_SECRET", "Stripe webhook signing secret"], readonly ["GEMINI_API_KEY", "Google Gemini API key for AI translation"], readonly ["NUSVAR_API_KEY", "Nusvar API key for folkbokföring lookups"]];

package/dist/lib/errors.d.ts

@@ -0,0 +1,6 @@
+import { HTTPException } from "hono/http-exception";
+export declare function unauthorized(message?: string): HTTPException;
+export declare function forbidden(message?: string): HTTPException;
+export declare function notFound(message?: string): HTTPException;
+export declare function badRequest(message?: string): HTTPException;
+export declare function serverError(message?: string): HTTPException;

package/dist/lib/helpers.d.ts

@@ -0,0 +1,6 @@
+export { formatDisplayName, formatFullName } from "@bofrid/db/name-format";
+/**
+ * Filters out undefined values from an object, returning only the keys
+ * the client explicitly sent. Used for partial (PATCH) updates.
+ */
+export declare function definedFields(body: Record<string, unknown>): Record<string, unknown>;

package/dist/lib/logger.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Structured JSON logger for production (Railway/Docker).
+ *
+ * In production, outputs JSON lines so Railway's log viewer can filter/search.
+ * In development, outputs human-readable prefixed strings.
+ *
+ * Usage:
+ *   import { log } from "../lib/logger";
+ *   log.error("source", "Something broke", { userId, path });
+ *   log.warn("source", "Degraded state", { detail });
+ *   log.info("source", "Startup complete", { port });
+ */
+type LogData = Record<string, unknown>;
+export declare const log: {
+    info: (source: string, message: string, data?: LogData) => void;
+    warn: (source: string, message: string, data?: LogData) => void;
+    error: (source: string, message: string, data?: LogData) => void;
+    fatal: (source: string, message: string, data?: LogData) => void;
+    /** Extract safe error info for logging (message + stack). */
+    errData(err: unknown): {
+        error: string;
+        stack?: string;
+    };
+};
+export {};

package/dist/lib/markets.d.ts

@@ -0,0 +1 @@
+export declare function getCountryByMarket(market: string | null | undefined): string | undefined;

package/dist/lib/org-number.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Swedish Organization Number (Organisationsnummer) validation.
+ * Format: XXXXXX-XXXX (10 digits, Luhn checksum).
+ */
+export declare function validateSwedishOrgNumber(orgNumber: string): boolean;

package/dist/lib/ownership.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Check if a profile is an active member (any role) of a company.
+ */
+export declare function isCompanyMember(companyId: string, profileId: string): Promise<boolean>;
+/**
+ * Check if a profile is an active admin of a company.
+ */
+export declare function isCompanyAdmin(companyId: string, profileId: string): Promise<boolean>;
+/**
+ * Resolve the company a user is currently "acting as".
+ * Returns the companyId if the user's businessType is 'company', they have a
+ * linked companyId, and they are an active member. Returns null otherwise.
+ */
+export declare function resolveActingCompany(profileId: string): Promise<string | null>;
+/**
+ * Check if a profile has platform-admin privileges.
+ * Source of truth: Better Auth's user.role column.
+ */
+export declare function checkIsAdmin(profileId: string): Promise<boolean>;
+/**
+ * Check ownership of a resource that has landlordId and optional companyId.
+ * Returns true if the profile is the direct landlord, an active company member,
+ * or a platform admin (when `allowAdmin` is true).
+ *
+ * When `respectMode` is true, the check enforces context separation:
+ *  - Private users can only access resources where companyId IS NULL
+ *  - Company users can access resources owned by their acting company, OR
+ *    their own private resources (companyId IS NULL + landlordId matches).
+ *    The carve-out exists so users who later joined a company through
+ *    onboarding don't lose access to their pre-company properties.
+ * This prevents a private account from seeing arbitrary company resources
+ * (and vice versa) while keeping users' own resources visible.
+ */
+export declare function isResourceOwner(resource: {
+    landlordId: string | null;
+    companyId: string | null;
+}, profileId: string, opts?: {
+    allowAdmin?: boolean;
+    respectMode?: boolean;
+}): Promise<boolean>;
+/**
+ * Resolve a landlordId for lead creation.
+ * Returns the direct landlordId if set, otherwise falls back to the
+ * company's first active admin (ordered by most recently updated).
+ * Returns null if neither exists.
+ */
+export declare function resolveLeadLandlordId(landlordId: string | null, companyId: string | null): Promise<string | null>;

package/dist/lib/pdf-watermark.d.ts

@@ -0,0 +1,25 @@
+/**
+ * PDF watermark utility for landlord document views.
+ *
+ * Adds a diagonal, semi-transparent watermark with:
+ *   - Landlord name / company
+ *   - Timestamp (ISO)
+ *   - Short trace ID (first 8 chars of a hash)
+ *
+ * This makes it traceable if a landlord leaks a tenant's document.
+ * Only applied to PDF files; images/other formats are returned as-is.
+ */
+export interface WatermarkInfo {
+    /** Landlord profile ID */
+    profileId: string;
+    /** Landlord display name (or company name) */
+    displayName: string;
+    /** Document ID being viewed */
+    documentId: string;
+}
+/**
+ * Apply a traceable watermark to a PDF buffer.
+ * Returns the watermarked PDF as a Buffer.
+ * If anything fails, returns the original buffer unchanged — never breaks the download.
+ */
+export declare function watermarkPdf(pdfBytes: Buffer, info: WatermarkInfo): Promise<Buffer>;

package/dist/lib/personnummer.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Personnummer utilities
+ *
+ * Shared helpers for Swedish personal identity number (personnummer) validation,
+ * normalization, and HMAC hashing for identity lookup.
+ */
+export declare function isValidPersonnummer(pnr: string): boolean;
+export declare function normalizePersonnummer(input: string): string;
+export declare function calculateAgeFromPersonnummer(pnr: string): number | null;
+export declare function generateIdentityHash(personnummer: string): string;
+/**
+ * Mask an email for display: "philip@bofrid.se" → "ph***@bofrid.se"
+ */
+export declare function maskEmail(email: string): string;

package/dist/lib/posthog.d.ts

@@ -0,0 +1,51 @@
+/**
+ * PostHog server-side client for the Hono API.
+ *
+ * Use for business events that can't fire from the browser — Stripe webhooks,
+ * cron outcomes, reveals, Boost purchases, email deliveries, etc.
+ *
+ * Errors should still go to Sentry. PostHog here is for product/business events.
+ *
+ * Env vars (all optional — PostHog is silently disabled when KEY is missing):
+ *   POSTHOG_API_KEY — Project API key (phc_*)
+ *   POSTHOG_HOST    — Defaults to https://eu.i.posthog.com
+ */
+declare const IS_ENABLED: boolean;
+type CaptureProps = {
+    distinctId: string;
+    event: string;
+    properties?: Record<string, unknown>;
+    groups?: Record<string, string>;
+};
+/**
+ * Capture a product event and flush immediately.
+ * Must await in serverless — the process exits before the default 10s flush interval fires.
+ */
+export declare function capture({ distinctId, event, properties, groups }: CaptureProps): Promise<void>;
+/**
+ * Capture an exception. Sentry is the primary error destination — this is
+ * only for cases where you also want the exception in PostHog alongside
+ * user/session context. Prefer `captureException` from `@/lib/sentry`.
+ */
+export declare function captureServerException(err: unknown, opts: {
+    distinctId: string;
+    properties?: Record<string, unknown>;
+}): void;
+/**
+ * Flush pending events (call before process.exit / at end of serverless
+ * function invocations to avoid dropped events on Vercel).
+ */
+export declare function flush(): Promise<void>;
+/**
+ * Identify a user. Call on login/signup to associate distinct ID with user properties.
+ * No-op when PostHog is disabled.
+ */
+export declare function identify({ distinctId, properties, }: {
+    distinctId: string;
+    properties?: Record<string, unknown>;
+}): void;
+/**
+ * Graceful shutdown — flush + close the underlying HTTP pool.
+ */
+export declare function shutdown(): Promise<void>;
+export { IS_ENABLED as isPostHogEnabled };

package/dist/lib/premium.d.ts

@@ -0,0 +1,13 @@
+export declare const PREMIUM_BOOST_DAYS = 30;
+/** SQL fragment: true when a listing's premium boost is still within the 30-day window. */
+export declare const premiumBoostActiveSql: import("drizzle-orm").SQL<unknown>;
+/** JS predicate mirroring `premiumBoostActiveSql` for in-memory checks. */
+export declare function isPremiumBoostActive(upgradedAt: Date | string | null | undefined): boolean;
+/**
+ * Whether the authenticated user has ≥1 listing currently inside the
+ * premium-visibility window — either on a property they own directly
+ * (private landlord) or on a property of a company they belong to.
+ *
+ * Used to gate premium-only landlord surfaces (e.g. Hyresmarknad).
+ */
+export declare function hasActivePremiumListing(authUserId: string): Promise<boolean>;

package/dist/lib/profile-resolver.d.ts

@@ -0,0 +1,14 @@
+import { profiles } from "@bofrid/db";
+export type ProfileRow = typeof profiles.$inferSelect;
+/**
+ * Resolve Better Auth user.id → Bofrid profile row.
+ *
+ * Looks up by authUserId first, then falls back to email match for migrated
+ * Firebase profiles. Does NOT auto-create — profile creation is handled
+ * exclusively by the Better Auth databaseHooks.user.create.after hook.
+ */
+export declare function resolveProfile(authUserId: string): Promise<ProfileRow | null>;
+/**
+ * Resolve or throw — for routes that require a profile to exist.
+ */
+export declare function requireProfile(authUserId: string): Promise<ProfileRow>;

package/dist/lib/redirect-state.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Stateless signed redirect state for BankID OIDC redirect flow.
+ *
+ * Uses HMAC-SHA256 signed tokens — survives Vercel Serverless (no memory/DB).
+ */
+/** State stored during the Criipto OIDC redirect flow. */
+export interface RedirectState {
+    authUserId: string;
+    profileId: string;
+    /** The web app URL to redirect back to after verification. */
+    returnUrl: string;
+    timestamp: number;
+}
+/**
+ * Encode redirect state into a signed, URL-safe token.
+ * Format: `base64url(json_payload).base64url(hmac)`
+ */
+export declare function encodeRedirectState(data: Omit<RedirectState, "timestamp">): string;
+/**
+ * Decode and verify a signed redirect state token.
+ * Returns the state data or `null` if invalid/expired/tampered.
+ */
+/** State stored during the BankID login redirect flow — no user identity yet. */
+export interface LoginRedirectState {
+    flow: 'login';
+    returnUrl: string;
+    timestamp: number;
+}
+/**
+ * Encode login redirect state into a signed, URL-safe token.
+ */
+export declare function encodeLoginRedirectState(data: {
+    returnUrl: string;
+}): string;
+/**
+ * Decode and verify a signed login redirect state token.
+ * Returns the state data or `null` if invalid/expired/tampered.
+ */
+export declare function decodeLoginRedirectState(token: string): LoginRedirectState | null;
+export declare function decodeRedirectState(token: string): RedirectState | null;

package/dist/lib/revalidate.d.ts

@@ -0,0 +1,23 @@
+export declare function revalidateNextPaths(paths: string[]): void;
+interface ListingForRevalidation {
+    id: string;
+    publicUrl?: string | null;
+    publicUrlEn?: string | null;
+}
+/**
+ * Revalidate every cached page that shows a single listing, plus the landlord's
+ * dashboard. Call after any mutation that changes user-visible listing data.
+ *
+ * URLs covered:
+ *   - Legacy `/bostad/{id}` + `/en/listing/{id}` (308-redirect or fallback render)
+ *   - SEO `publicUrl` + `publicUrlEn` (e.g. /hyra-lagenhet/.../{slug})
+ *   - `/dashboard/properties` (landlord's listing list)
+ *
+ * Optionally deletes the R2-cached OG image so the next social/AI scrape
+ * regenerates it. Pass `invalidateOgImage: true` when something visible on
+ * the OG card changes — gallery photos, price, address, room count.
+ */
+export declare function revalidateListingPaths(listing: ListingForRevalidation, options?: {
+    invalidateOgImage?: boolean;
+}): void;
+export {};