@dominusnode/sdk 1.0.0

package/dist/esm/proxy.js

@@ -0,0 +1,67 @@
+import { DEFAULT_PROXY_HOST, DEFAULT_HTTP_PROXY_PORT, DEFAULT_SOCKS5_PROXY_PORT, } from "./constants.js";
+export class ProxyResource {
+    http;
+    proxyHost;
+    httpPort;
+    socks5Port;
+    constructor(http, config) {
+        this.http = http;
+        this.proxyHost = config.proxyHost ?? DEFAULT_PROXY_HOST;
+        // Validate proxyHost to prevent URL injection via crafted hostnames
+        if (/[\s\/\\@?#]/.test(this.proxyHost)) {
+            throw new Error("proxyHost contains invalid characters");
+        }
+        this.httpPort = config.httpProxyPort ?? DEFAULT_HTTP_PROXY_PORT;
+        this.socks5Port = config.socks5ProxyPort ?? DEFAULT_SOCKS5_PROXY_PORT;
+    }
+    /**
+     * Build a proxy URL string for use with HTTP clients.
+     *
+     * The returned URL includes authentication via the username field.
+     * Geo-targeting and sticky sessions are encoded in the username portion
+     * following Dominus Node proxy conventions.
+     *
+     * @param apiKey - The API key to authenticate proxy requests.
+     * @param opts   - Optional targeting parameters (protocol, country, etc.).
+     * @returns A fully-formed proxy URL string.
+     *
+     * @example
+     * ```ts
+     * const url = client.proxy.buildUrl("dn_live_abc123");
+     * // => "http://user:dn_live_abc123@proxy.dominusnode.com:8080"
+     *
+     * const socksUrl = client.proxy.buildUrl("dn_live_abc123", { protocol: "socks5", country: "US" });
+     * // => "socks5://user-country-US:dn_live_abc123@proxy.dominusnode.com:1080"
+     * ```
+     */
+    buildUrl(apiKey, opts) {
+        const protocol = opts?.protocol ?? "http";
+        const port = protocol === "socks5" ? this.socks5Port : this.httpPort;
+        // Build username with geo-targeting parameters (URL-encoded to prevent injection)
+        const userParts = ["user"];
+        if (opts?.country)
+            userParts.push(`country-${encodeURIComponent(opts.country)}`);
+        if (opts?.state)
+            userParts.push(`state-${encodeURIComponent(opts.state)}`);
+        if (opts?.city)
+            userParts.push(`city-${encodeURIComponent(opts.city)}`);
+        if (opts?.asn)
+            userParts.push(`asn-${encodeURIComponent(String(opts.asn))}`);
+        if (opts?.sessionId)
+            userParts.push(`session-${encodeURIComponent(opts.sessionId)}`);
+        const username = userParts.join("-");
+        return `${protocol}://${username}:${encodeURIComponent(apiKey)}@${this.proxyHost}:${port}`;
+    }
+    /** Get public proxy health status (does not require authentication). */
+    async getHealth() {
+        return this.http.get("/api/proxy/health", false);
+    }
+    /** Get detailed proxy status including provider info (requires authentication). */
+    async getStatus() {
+        return this.http.get("/api/proxy/status");
+    }
+    /** Get proxy server configuration (requires authentication). */
+    async getConfig() {
+        return this.http.get("/api/proxy/config");
+    }
+}

package/dist/esm/resources/agent-wallet.d.ts

@@ -0,0 +1,52 @@
+import type { HttpClient } from "../http.js";
+export interface AgenticWallet {
+    id: string;
+    label: string;
+    balanceCents: number;
+    spendingLimitCents: number;
+    dailyLimitCents: number | null;
+    allowedDomains: string[] | null;
+    status: string;
+    createdAt: string;
+}
+export interface AgenticWalletTransaction {
+    id: string;
+    walletId: string;
+    type: string;
+    amountCents: number;
+    description: string;
+    sessionId: string | null;
+    createdAt: string;
+}
+export interface AgenticWalletListResponse {
+    wallets: AgenticWallet[];
+}
+export interface AgenticWalletFundResponse {
+    transaction: AgenticWalletTransaction;
+}
+export interface AgenticWalletTransactionsResponse {
+    transactions: AgenticWalletTransaction[];
+}
+export interface AgenticWalletDeleteResponse {
+    deleted: boolean;
+    refundedCents: number;
+}
+export declare class AgenticWalletResource {
+    private http;
+    constructor(http: HttpClient);
+    create(label: string, spendingLimitCents?: number, options?: {
+        dailyLimitCents?: number | null;
+        allowedDomains?: string[] | null;
+    }): Promise<AgenticWallet>;
+    list(): Promise<AgenticWalletListResponse>;
+    get(walletId: string): Promise<AgenticWallet>;
+    fund(walletId: string, amountCents: number): Promise<AgenticWalletFundResponse>;
+    updateWalletPolicy(walletId: string, policy: {
+        dailyLimitCents?: number | null;
+        allowedDomains?: string[] | null;
+    }): Promise<AgenticWallet>;
+    transactions(walletId: string, limit?: number, offset?: number): Promise<AgenticWalletTransactionsResponse>;
+    freeze(walletId: string): Promise<AgenticWallet>;
+    unfreeze(walletId: string): Promise<AgenticWallet>;
+    delete(walletId: string): Promise<AgenticWalletDeleteResponse>;
+}

package/dist/esm/resources/agent-wallet.js

@@ -0,0 +1,60 @@
+export class AgenticWalletResource {
+    http;
+    constructor(http) {
+        this.http = http;
+    }
+    async create(label, spendingLimitCents = 10000, options) {
+        if (!Number.isInteger(spendingLimitCents) || spendingLimitCents < 0 || spendingLimitCents > 2_147_483_647) {
+            throw new Error("spendingLimitCents must be a non-negative integer <= 2,147,483,647");
+        }
+        if (options?.dailyLimitCents !== undefined && options.dailyLimitCents !== null) {
+            if (!Number.isInteger(options.dailyLimitCents) || options.dailyLimitCents < 0 || options.dailyLimitCents > 2_147_483_647) {
+                throw new Error("dailyLimitCents must be a non-negative integer <= 2,147,483,647");
+            }
+        }
+        const body = { label, spendingLimitCents };
+        if (options?.dailyLimitCents !== undefined)
+            body.dailyLimitCents = options.dailyLimitCents;
+        if (options?.allowedDomains !== undefined)
+            body.allowedDomains = options.allowedDomains;
+        return this.http.post("/api/agent-wallet", body);
+    }
+    async list() {
+        return this.http.get("/api/agent-wallet");
+    }
+    async get(walletId) {
+        return this.http.get(`/api/agent-wallet/${encodeURIComponent(walletId)}`);
+    }
+    async fund(walletId, amountCents) {
+        if (!Number.isInteger(amountCents) || amountCents <= 0 || amountCents > 2_147_483_647) {
+            throw new Error("amountCents must be a positive integer <= 2,147,483,647");
+        }
+        return this.http.post(`/api/agent-wallet/${encodeURIComponent(walletId)}/fund`, { amountCents });
+    }
+    async updateWalletPolicy(walletId, policy) {
+        if (policy.dailyLimitCents !== undefined && policy.dailyLimitCents !== null) {
+            if (!Number.isInteger(policy.dailyLimitCents) || policy.dailyLimitCents < 0 || policy.dailyLimitCents > 2_147_483_647) {
+                throw new Error("dailyLimitCents must be a non-negative integer <= 2,147,483,647");
+            }
+        }
+        return this.http.patch(`/api/agent-wallet/${encodeURIComponent(walletId)}/policy`, policy);
+    }
+    async transactions(walletId, limit, offset) {
+        const params = new URLSearchParams();
+        if (limit !== undefined)
+            params.set("limit", String(limit));
+        if (offset !== undefined)
+            params.set("offset", String(offset));
+        const qs = params.toString();
+        return this.http.get(`/api/agent-wallet/${encodeURIComponent(walletId)}/transactions${qs ? `?${qs}` : ""}`);
+    }
+    async freeze(walletId) {
+        return this.http.post(`/api/agent-wallet/${encodeURIComponent(walletId)}/freeze`, {});
+    }
+    async unfreeze(walletId) {
+        return this.http.post(`/api/agent-wallet/${encodeURIComponent(walletId)}/unfreeze`, {});
+    }
+    async delete(walletId) {
+        return this.http.delete(`/api/agent-wallet/${encodeURIComponent(walletId)}`);
+    }
+}

package/dist/esm/resources/teams.d.ts

@@ -0,0 +1,93 @@
+import type { HttpClient } from "../http.js";
+export interface Team {
+    id: string;
+    name: string;
+    ownerId: string;
+    maxMembers: number;
+    status: string;
+    balanceCents: number;
+    createdAt: string;
+}
+export interface TeamMember {
+    id: string;
+    teamId: string;
+    userId: string;
+    email: string;
+    role: string;
+    joinedAt: string;
+}
+export interface TeamInvite {
+    id: string;
+    teamId: string;
+    email: string;
+    role: string;
+    token: string;
+    expiresAt: string;
+    createdAt: string;
+}
+export interface TeamKey {
+    id: string;
+    keyPrefix: string;
+    label: string;
+    createdAt: string;
+}
+export interface TeamKeyCreateResponse {
+    id: string;
+    key: string;
+    keyPrefix: string;
+    label: string;
+}
+export interface TeamListResponse {
+    teams: Team[];
+}
+export interface TeamDeleteResponse {
+    refundedCents: number;
+}
+export interface TeamFundResponse {
+    transaction: TeamTransaction;
+}
+export interface TeamTransaction {
+    id: string;
+    teamId: string;
+    type: string;
+    amountCents: number;
+    description: string;
+    createdAt: string;
+}
+export interface TeamTransactionsResponse {
+    transactions: TeamTransaction[];
+}
+export interface TeamMembersResponse {
+    members: TeamMember[];
+}
+export interface TeamInvitesResponse {
+    invites: TeamInvite[];
+}
+export interface TeamKeysResponse {
+    keys: TeamKey[];
+}
+export declare class TeamsResource {
+    private http;
+    constructor(http: HttpClient);
+    create(name: string, maxMembers?: number): Promise<Team>;
+    list(): Promise<Team[]>;
+    get(teamId: string): Promise<Team>;
+    update(teamId: string, updates: {
+        name?: string;
+        maxMembers?: number;
+    }): Promise<Team>;
+    delete(teamId: string): Promise<TeamDeleteResponse>;
+    fundWallet(teamId: string, amountCents: number): Promise<TeamFundResponse>;
+    getTransactions(teamId: string, limit?: number, offset?: number): Promise<TeamTransactionsResponse>;
+    listMembers(teamId: string): Promise<TeamMembersResponse>;
+    addMember(teamId: string, email: string, role?: string): Promise<TeamMember>;
+    updateMemberRole(teamId: string, userId: string, role: string): Promise<TeamMember>;
+    removeMember(teamId: string, userId: string): Promise<void>;
+    createInvite(teamId: string, email: string, role?: string): Promise<TeamInvite>;
+    listInvites(teamId: string): Promise<TeamInvitesResponse>;
+    cancelInvite(teamId: string, inviteId: string): Promise<void>;
+    acceptInvite(token: string): Promise<TeamMember>;
+    createKey(teamId: string, label: string): Promise<TeamKeyCreateResponse>;
+    listKeys(teamId: string): Promise<TeamKeysResponse>;
+    revokeKey(teamId: string, keyId: string): Promise<void>;
+}

package/dist/esm/resources/teams.js

@@ -0,0 +1,78 @@
+export class TeamsResource {
+    http;
+    constructor(http) {
+        this.http = http;
+    }
+    async create(name, maxMembers) {
+        const body = { name };
+        if (maxMembers !== undefined)
+            body.maxMembers = maxMembers;
+        return this.http.post("/api/teams", body);
+    }
+    async list() {
+        return this.http.get("/api/teams");
+    }
+    async get(teamId) {
+        return this.http.get(`/api/teams/${encodeURIComponent(teamId)}`);
+    }
+    async update(teamId, updates) {
+        return this.http.patch(`/api/teams/${encodeURIComponent(teamId)}`, updates);
+    }
+    async delete(teamId) {
+        return this.http.delete(`/api/teams/${encodeURIComponent(teamId)}`);
+    }
+    async fundWallet(teamId, amountCents) {
+        if (!Number.isInteger(amountCents) || amountCents <= 0 || amountCents > 2_147_483_647) {
+            throw new Error("amountCents must be a positive integer <= 2,147,483,647");
+        }
+        return this.http.post(`/api/teams/${encodeURIComponent(teamId)}/wallet/fund`, { amountCents });
+    }
+    async getTransactions(teamId, limit, offset) {
+        const params = new URLSearchParams();
+        if (limit !== undefined)
+            params.set("limit", String(limit));
+        if (offset !== undefined)
+            params.set("offset", String(offset));
+        const qs = params.toString();
+        return this.http.get(`/api/teams/${encodeURIComponent(teamId)}/wallet/transactions${qs ? `?${qs}` : ""}`);
+    }
+    async listMembers(teamId) {
+        return this.http.get(`/api/teams/${encodeURIComponent(teamId)}/members`);
+    }
+    async addMember(teamId, email, role) {
+        const body = { email };
+        if (role !== undefined)
+            body.role = role;
+        return this.http.post(`/api/teams/${encodeURIComponent(teamId)}/members`, body);
+    }
+    async updateMemberRole(teamId, userId, role) {
+        return this.http.patch(`/api/teams/${encodeURIComponent(teamId)}/members/${encodeURIComponent(userId)}`, { role });
+    }
+    async removeMember(teamId, userId) {
+        await this.http.delete(`/api/teams/${encodeURIComponent(teamId)}/members/${encodeURIComponent(userId)}`);
+    }
+    async createInvite(teamId, email, role) {
+        const body = { email };
+        if (role !== undefined)
+            body.role = role;
+        return this.http.post(`/api/teams/${encodeURIComponent(teamId)}/invites`, body);
+    }
+    async listInvites(teamId) {
+        return this.http.get(`/api/teams/${encodeURIComponent(teamId)}/invites`);
+    }
+    async cancelInvite(teamId, inviteId) {
+        await this.http.delete(`/api/teams/${encodeURIComponent(teamId)}/invites/${encodeURIComponent(inviteId)}`);
+    }
+    async acceptInvite(token) {
+        return this.http.post(`/api/teams/invites/${encodeURIComponent(token)}/accept`, {});
+    }
+    async createKey(teamId, label) {
+        return this.http.post(`/api/teams/${encodeURIComponent(teamId)}/keys`, { label });
+    }
+    async listKeys(teamId) {
+        return this.http.get(`/api/teams/${encodeURIComponent(teamId)}/keys`);
+    }
+    async revokeKey(teamId, keyId) {
+        await this.http.delete(`/api/teams/${encodeURIComponent(teamId)}/keys/${encodeURIComponent(keyId)}`);
+    }
+}

package/dist/esm/resources/wallet-auth.d.ts

@@ -0,0 +1,66 @@
+import type { HttpClient } from "../http.js";
+import type { TokenManager } from "../token-manager.js";
+import type { User } from "../types.js";
+export interface WalletChallenge {
+    challenge: string;
+    expiresAt: string;
+}
+export interface WalletVerifyResult {
+    token: string;
+    refreshToken: string;
+    user: User;
+    /** When true, the user must complete MFA before authentication is granted. */
+    mfaRequired?: boolean;
+    /** Challenge token to pass to auth.verifyMfa() when mfaRequired is true. */
+    mfaChallengeToken?: string;
+}
+export interface WalletLinkResult {
+    success: boolean;
+    walletAddress: string;
+}
+/**
+ * Wallet-based authentication using EIP-191 signed messages.
+ *
+ * Allows Ethereum wallet holders to authenticate by signing a server-issued
+ * challenge message. Supports account creation, login, and linking a wallet
+ * to an existing account.
+ */
+export declare class WalletAuthResource {
+    private http;
+    private tokenManager;
+    constructor(http: HttpClient, tokenManager: TokenManager);
+    /**
+     * Request a signature challenge for the given Ethereum address.
+     *
+     * The returned challenge must be signed with the wallet's private key
+     * and submitted via `verify()` to complete authentication.
+     *
+     * This endpoint does not require authentication.
+     */
+    challenge(address: string): Promise<WalletChallenge>;
+    /**
+     * Submit a signed challenge to create an account or log in.
+     *
+     * If the address is not yet associated with an account, a new one is created.
+     * Returns JWT tokens and user information on success.
+     * Tokens are automatically stored for subsequent authenticated requests.
+     *
+     * This endpoint does not require authentication.
+     *
+     * @param address - Ethereum address (0x-prefixed, 40 hex chars)
+     * @param signature - EIP-191 signature of the challenge message
+     * @param challenge - Optional: the challenge string (server looks up internally)
+     */
+    verify(address: string, signature: string, challenge?: string): Promise<WalletVerifyResult>;
+    /**
+     * Link an Ethereum wallet to the currently authenticated account.
+     *
+     * Requires JWT authentication. The challenge must have been previously
+     * obtained via `challenge()` and signed with the wallet.
+     *
+     * @param address - Ethereum address
+     * @param signature - EIP-191 signature
+     * @param challenge - Optional: the challenge string
+     */
+    link(address: string, signature: string, challenge?: string): Promise<WalletLinkResult>;
+}

package/dist/esm/resources/wallet-auth.js

@@ -0,0 +1,101 @@
+// Ethereum address validation: 0x followed by 40 hex characters
+const ETH_ADDRESS_RE = /^0x[0-9a-fA-F]{40}$/;
+// EIP-191 signature format: 0x prefix + 130 hex chars (65 bytes)
+const EIP191_SIGNATURE_RE = /^0x[0-9a-fA-F]{130}$/;
+const MAX_SIGNATURE_LENGTH = 200;
+function validateAddress(address) {
+    if (!address || typeof address !== "string") {
+        throw new Error("address is required and must be a string");
+    }
+    if (!ETH_ADDRESS_RE.test(address)) {
+        throw new Error("address must be a valid Ethereum address (0x followed by 40 hex characters)");
+    }
+}
+function validateSignature(signature) {
+    if (!signature || typeof signature !== "string") {
+        throw new Error("signature is required and must be a string");
+    }
+    // Max length check before regex
+    if (signature.length > MAX_SIGNATURE_LENGTH) {
+        throw new Error(`signature must not exceed ${MAX_SIGNATURE_LENGTH} characters`);
+    }
+    // EIP-191 format validation
+    if (!EIP191_SIGNATURE_RE.test(signature)) {
+        throw new Error("signature must be a valid EIP-191 signature (0x followed by 130 hex characters)");
+    }
+}
+/**
+ * Wallet-based authentication using EIP-191 signed messages.
+ *
+ * Allows Ethereum wallet holders to authenticate by signing a server-issued
+ * challenge message. Supports account creation, login, and linking a wallet
+ * to an existing account.
+ */
+export class WalletAuthResource {
+    http;
+    tokenManager;
+    constructor(http, tokenManager) {
+        this.http = http;
+        this.tokenManager = tokenManager;
+    }
+    /**
+     * Request a signature challenge for the given Ethereum address.
+     *
+     * The returned challenge must be signed with the wallet's private key
+     * and submitted via `verify()` to complete authentication.
+     *
+     * This endpoint does not require authentication.
+     */
+    async challenge(address) {
+        validateAddress(address);
+        return this.http.post("/api/auth/wallet/challenge", { address }, false);
+    }
+    /**
+     * Submit a signed challenge to create an account or log in.
+     *
+     * If the address is not yet associated with an account, a new one is created.
+     * Returns JWT tokens and user information on success.
+     * Tokens are automatically stored for subsequent authenticated requests.
+     *
+     * This endpoint does not require authentication.
+     *
+     * @param address - Ethereum address (0x-prefixed, 40 hex chars)
+     * @param signature - EIP-191 signature of the challenge message
+     * @param challenge - Optional: the challenge string (server looks up internally)
+     */
+    async verify(address, signature, challenge) {
+        validateAddress(address);
+        validateSignature(signature);
+        const body = { address, signature };
+        if (challenge)
+            body.challenge = challenge;
+        const result = await this.http.post("/api/auth/wallet/verify", body, false);
+        // Detect MFA-required response — don't store tokens, surface to caller
+        if (result.mfaRequired) {
+            return result;
+        }
+        // Store tokens after verify (matching Python/Go/Java SDKs)
+        if (result.token && result.refreshToken) {
+            this.tokenManager.setTokens(result.token, result.refreshToken);
+        }
+        return result;
+    }
+    /**
+     * Link an Ethereum wallet to the currently authenticated account.
+     *
+     * Requires JWT authentication. The challenge must have been previously
+     * obtained via `challenge()` and signed with the wallet.
+     *
+     * @param address - Ethereum address
+     * @param signature - EIP-191 signature
+     * @param challenge - Optional: the challenge string
+     */
+    async link(address, signature, challenge) {
+        validateAddress(address);
+        validateSignature(signature);
+        const body = { address, signature };
+        if (challenge)
+            body.challenge = challenge;
+        return this.http.post("/api/auth/wallet/link", body);
+    }
+}

package/dist/esm/resources/x402.d.ts

@@ -0,0 +1,39 @@
+import type { HttpClient } from "../http.js";
+export interface X402Facilitator {
+    address: string;
+    chain: string;
+    network: string;
+}
+export interface X402Pricing {
+    perRequestCents: number;
+    perGbCents: number;
+    currency: string;
+}
+export interface X402Info {
+    supported: boolean;
+    enabled: boolean;
+    protocol: string;
+    version: string;
+    facilitators: X402Facilitator[];
+    pricing: X402Pricing;
+    currencies: string[];
+    walletType: string;
+    agenticWallets: boolean;
+}
+/**
+ * x402 (HTTP 402 Payment Required) protocol information.
+ *
+ * Provides details about x402 micropayment support, facilitator addresses,
+ * pricing, and supported chains/currencies for AI agent payments.
+ */
+export declare class X402Resource {
+    private http;
+    constructor(http: HttpClient);
+    /**
+     * Get x402 protocol information including facilitator details,
+     * pricing, supported chains, and currencies.
+     *
+     * This endpoint does not require authentication.
+     */
+    getInfo(): Promise<X402Info>;
+}

package/dist/esm/resources/x402.js

@@ -0,0 +1,21 @@
+/**
+ * x402 (HTTP 402 Payment Required) protocol information.
+ *
+ * Provides details about x402 micropayment support, facilitator addresses,
+ * pricing, and supported chains/currencies for AI agent payments.
+ */
+export class X402Resource {
+    http;
+    constructor(http) {
+        this.http = http;
+    }
+    /**
+     * Get x402 protocol information including facilitator details,
+     * pricing, supported chains, and currencies.
+     *
+     * This endpoint does not require authentication.
+     */
+    async getInfo() {
+        return this.http.get("/api/x402/info", false);
+    }
+}

package/dist/esm/sessions.d.ts

@@ -0,0 +1,15 @@
+import type { HttpClient } from "./http.js";
+export interface ActiveSessionEntry {
+    id: string;
+    startedAt: string;
+    status: string;
+}
+export interface ActiveSessionsResponse {
+    sessions: ActiveSessionEntry[];
+}
+export declare class SessionsResource {
+    private http;
+    constructor(http: HttpClient);
+    /** Get all active proxy sessions for the authenticated user. */
+    getActive(): Promise<ActiveSessionsResponse>;
+}

package/dist/esm/sessions.js

@@ -0,0 +1,10 @@
+export class SessionsResource {
+    http;
+    constructor(http) {
+        this.http = http;
+    }
+    /** Get all active proxy sessions for the authenticated user. */
+    async getActive() {
+        return this.http.get("/api/sessions/active");
+    }
+}

package/dist/esm/slots.d.ts

@@ -0,0 +1,9 @@
+import type { HttpClient } from "./http.js";
+import type { SlotsInfo, WaitlistJoinResult, WaitlistCount } from "./types.js";
+export declare class SlotsResource {
+    private http;
+    constructor(http: HttpClient);
+    getSlots(): Promise<SlotsInfo>;
+    joinWaitlist(email: string): Promise<WaitlistJoinResult>;
+    getWaitlistCount(): Promise<WaitlistCount>;
+}

package/dist/esm/slots.js

@@ -0,0 +1,15 @@
+export class SlotsResource {
+    http;
+    constructor(http) {
+        this.http = http;
+    }
+    async getSlots() {
+        return this.http.get("/api/slots", false);
+    }
+    async joinWaitlist(email) {
+        return this.http.post("/api/waitlist/join", { email }, false);
+    }
+    async getWaitlistCount() {
+        return this.http.get("/api/waitlist/count", false);
+    }
+}

package/dist/esm/token-manager.d.ts

@@ -0,0 +1,21 @@
+export declare class TokenManager {
+    private accessToken;
+    private refreshTokenValue;
+    private refreshPromise;
+    private refreshFn;
+    setTokens(access: string, refresh?: string): void;
+    setRefreshFunction(fn: (refreshToken: string) => Promise<{
+        accessToken: string;
+        refreshToken?: string;
+    }>): void;
+    getAccessToken(): string | null;
+    getRefreshToken(): string | null;
+    isExpired(token: string): boolean;
+    getValidToken(): Promise<string>;
+    /**
+     * Force a token refresh regardless of expiry state.
+     * Used after a 401 response to avoid re-using a rejected token.
+     */
+    forceRefresh(): Promise<string>;
+    clear(): void;
+}