npm - @hypercerts-org/sdk-core - Versions diffs - 0.9.0-beta.0 → 0.10.0-beta.1 - Mend

@hypercerts-org/sdk-core 0.9.0-beta.0 → 0.10.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -1,231 +1,11 @@
-import { Agent } from '@atproto/api';
-import { LexiconDoc } from '@atproto/lexicon';
 import { NodeSavedSession, NodeSavedState, OAuthSession } from '@atproto/oauth-client-node';
 import { z } from 'zod';
 import { EventEmitter } from 'eventemitter3';
-import { OrgHypercertsClaim, OrgHypercertsCollection, ComAtprotoRepoStrongRef, OrgHypercertsClaimRights, OrgHypercertsClaimContribution, OrgHypercertsClaimMeasurement, OrgHypercertsClaimEvaluation, AppCertifiedLocation } from '@hypercerts-org/lexicon';
-export { AppCertifiedDefs, AppCertifiedLocation, ComAtprotoRepoStrongRef, HYPERCERT_COLLECTIONS, HYPERCERT_LEXICONS, OrgHypercertsClaim, OrgHypercertsClaimContribution, OrgHypercertsClaimEvaluation, OrgHypercertsClaimEvidence, OrgHypercertsClaimMeasurement, OrgHypercertsClaimRights, OrgHypercertsCollection, ids, lexicons, schemaDict, schemas, validate } from '@hypercerts-org/lexicon';
-/**
- * Result of validating a record against a lexicon schema.
- */
-interface ValidationResult {
-    /**
-     * Whether the record is valid according to the lexicon schema.
-     */
-    valid: boolean;
-    /**
-     * Error message if validation failed.
-     *
-     * Only present when `valid` is `false`.
-     */
-    error?: string;
-}
-/**
- * Registry for managing and validating AT Protocol lexicon schemas.
- *
- * Lexicons are schema definitions that describe the structure of records
- * in the AT Protocol. This registry allows you to:
- *
- * - Register custom lexicons for your application's record types
- * - Validate records against their lexicon schemas
- * - Extend the AT Protocol Agent with custom lexicon support
- *
- * @remarks
- * The SDK automatically registers hypercert lexicons when creating a Repository.
- * You only need to use this class directly if you're working with custom
- * record types.
- *
- * **Lexicon IDs** follow the NSID (Namespaced Identifier) format:
- * `{authority}.{name}` (e.g., `org.hypercerts.hypercert`)
- *
- * @example Registering custom lexicons
- * ```typescript
- * const registry = sdk.getLexiconRegistry();
- *
- * // Register a single lexicon
- * registry.register({
- *   lexicon: 1,
- *   id: "org.example.myRecord",
- *   defs: {
- *     main: {
- *       type: "record",
- *       key: "tid",
- *       record: {
- *         type: "object",
- *         required: ["title", "createdAt"],
- *         properties: {
- *           title: { type: "string" },
- *           description: { type: "string" },
- *           createdAt: { type: "string", format: "datetime" },
- *         },
- *       },
- *     },
- *   },
- * });
- *
- * // Register multiple lexicons at once
- * registry.registerMany([lexicon1, lexicon2, lexicon3]);
- * ```
- *
- * @example Validating records
- * ```typescript
- * const result = registry.validate("org.example.myRecord", {
- *   title: "Test",
- *   createdAt: new Date().toISOString(),
- * });
- *
- * if (!result.valid) {
- *   console.error(`Validation failed: ${result.error}`);
- * }
- * ```
- *
- * @see https://atproto.com/specs/lexicon for the Lexicon specification
- */
-declare class LexiconRegistry {
-    /** Map of lexicon ID to lexicon document */
-    private lexicons;
-    /** Lexicons collection for validation */
-    private lexiconsCollection;
-    /**
-     * Creates a new LexiconRegistry.
-     *
-     * The registry starts empty. Use {@link register} or {@link registerMany}
-     * to add lexicons.
-     */
-    constructor();
-    /**
-     * Registers a single lexicon schema.
-     *
-     * @param lexicon - The lexicon document to register
-     * @throws {@link ValidationError} if the lexicon doesn't have an `id` field
-     *
-     * @remarks
-     * If a lexicon with the same ID is already registered, it will be
-     * replaced with the new definition. This is useful for testing but
-     * should generally be avoided in production.
-     *
-     * @example
-     * ```typescript
-     * registry.register({
-     *   lexicon: 1,
-     *   id: "org.example.post",
-     *   defs: {
-     *     main: {
-     *       type: "record",
-     *       key: "tid",
-     *       record: {
-     *         type: "object",
-     *         required: ["text", "createdAt"],
-     *         properties: {
-     *           text: { type: "string", maxLength: 300 },
-     *           createdAt: { type: "string", format: "datetime" },
-     *         },
-     *       },
-     *     },
-     *   },
-     * });
-     * ```
-     */
-    register(lexicon: LexiconDoc): void;
-    /**
-     * Registers multiple lexicons at once.
-     *
-     * @param lexicons - Array of lexicon documents to register
-     *
-     * @example
-     * ```typescript
-     * import { HYPERCERT_LEXICONS } from "@hypercerts-org/sdk/lexicons";
-     *
-     * registry.registerMany(HYPERCERT_LEXICONS);
-     * ```
-     */
-    registerMany(lexicons: LexiconDoc[]): void;
-    /**
-     * Gets a lexicon document by ID.
-     *
-     * @param id - The lexicon NSID (e.g., "org.hypercerts.hypercert")
-     * @returns The lexicon document, or `undefined` if not registered
-     *
-     * @example
-     * ```typescript
-     * const lexicon = registry.get("org.hypercerts.hypercert");
-     * if (lexicon) {
-     *   console.log(`Found lexicon: ${lexicon.id}`);
-     * }
-     * ```
-     */
-    get(id: string): LexiconDoc | undefined;
-    /**
-     * Validates a record against a collection's lexicon schema.
-     *
-     * @param collection - The collection NSID (same as lexicon ID)
-     * @param record - The record data to validate
-     * @returns Validation result with `valid` boolean and optional `error` message
-     *
-     * @remarks
-     * - If no lexicon is registered for the collection, validation passes
-     *   (we can't validate against unknown schemas)
-     * - Validation checks required fields and type constraints defined
-     *   in the lexicon schema
-     *
-     * @example
-     * ```typescript
-     * const result = registry.validate("org.hypercerts.hypercert", {
-     *   title: "My Hypercert",
-     *   description: "Description...",
-     *   // ... other fields
-     * });
-     *
-     * if (!result.valid) {
-     *   throw new Error(`Invalid record: ${result.error}`);
-     * }
-     * ```
-     */
-    validate(collection: string, record: unknown): ValidationResult;
-    /**
-     * Adds all registered lexicons to an AT Protocol Agent instance.
-     *
-     * This allows the Agent to understand custom lexicon types when making
-     * API requests.
-     *
-     * @param agent - The Agent instance to extend
-     *
-     * @remarks
-     * This is called automatically when creating a Repository. You typically
-     * don't need to call this directly unless you're using the Agent
-     * independently.
-     *
-     * @internal
-     */
-    addToAgent(agent: Agent): void;
-    /**
-     * Gets all registered lexicon IDs.
-     *
-     * @returns Array of lexicon NSIDs
-     *
-     * @example
-     * ```typescript
-     * const ids = registry.getRegisteredIds();
-     * console.log(`Registered lexicons: ${ids.join(", ")}`);
-     * ```
-     */
-    getRegisteredIds(): string[];
-    /**
-     * Checks if a lexicon is registered.
-     *
-     * @param id - The lexicon NSID to check
-     * @returns `true` if the lexicon is registered
-     *
-     * @example
-     * ```typescript
-     * if (registry.has("org.hypercerts.hypercert")) {
-     *   // Hypercert lexicon is available
-     * }
-     * ```
-     */
-    has(id: string): boolean;
-}
+import { OrgHypercertsClaimEvidence, OrgHypercertsClaimActivity, OrgHypercertsClaimCollection, ComAtprotoRepoStrongRef, OrgHypercertsClaimRights, OrgHypercertsClaimContribution, OrgHypercertsClaimMeasurement, OrgHypercertsClaimEvaluation, OrgHypercertsClaimProject, AppCertifiedLocation, AppCertifiedBadgeAward, AppCertifiedBadgeDefinition, AppCertifiedBadgeResponse, OrgHypercertsFundingReceipt, OrgHypercertsDefs } from '@hypercerts-org/lexicon';
+export { AppCertifiedBadgeAward, AppCertifiedBadgeDefinition, AppCertifiedBadgeResponse, AppCertifiedDefs, AppCertifiedLocation, ComAtprotoRepoStrongRef, HYPERCERTS_LEXICON_DOC, HYPERCERTS_LEXICON_JSON, HYPERCERTS_NSIDS, HYPERCERTS_NSIDS_BY_TYPE, HYPERCERTS_SCHEMAS, HYPERCERTS_SCHEMA_DICT, OrgHypercertsClaimActivity, OrgHypercertsClaimCollection, OrgHypercertsClaimContribution, OrgHypercertsClaimEvaluation, OrgHypercertsClaimEvidence, OrgHypercertsClaimMeasurement, OrgHypercertsClaimProject, OrgHypercertsClaimRights, OrgHypercertsDefs, OrgHypercertsFundingReceipt, lexicons, validate } from '@hypercerts-org/lexicon';
+import { Agent } from '@atproto/api';
+import { LexiconDoc } from '@atproto/lexicon';
+export { BlobRef, JsonBlobRef } from '@atproto/lexicon';
 /**
  * Storage interface for persisting OAuth sessions.
@@ -1043,6 +823,132 @@ interface ProgressStep {
     error?: Error;
 }
+/**
+ * Lexicons entrypoint - Lexicon definitions and registry.
+ *
+ * This sub-entrypoint exports the lexicon registry and hypercert
+ * lexicon constants for working with AT Protocol record schemas.
+ *
+ * @remarks
+ * Import from `@hypercerts-org/sdk/lexicons`:
+ *
+ * ```typescript
+ * import {
+ *   LexiconRegistry,
+ *   HYPERCERT_LEXICONS,
+ *   HYPERCERT_COLLECTIONS,
+ * } from "@hypercerts-org/sdk/lexicons";
+ * ```
+ *
+ * **Exports**:
+ * - {@link LexiconRegistry} - Registry for managing and validating lexicons
+ * - {@link HYPERCERT_LEXICONS} - Array of all hypercert lexicon documents
+ * - {@link HYPERCERT_COLLECTIONS} - Constants for collection NSIDs
+ *
+ * @example Using collection constants
+ * ```typescript
+ * import { HYPERCERT_COLLECTIONS } from "@hypercerts-org/sdk/lexicons";
+ *
+ * // List hypercerts using the correct collection name
+ * const records = await repo.records.list({
+ *   collection: HYPERCERT_COLLECTIONS.RECORD,
+ * });
+ *
+ * // List contributions
+ * const contributions = await repo.records.list({
+ *   collection: HYPERCERT_COLLECTIONS.CONTRIBUTION,
+ * });
+ * ```
+ *
+ * @example Custom lexicon registration
+ * ```typescript
+ * import { LexiconRegistry } from "@hypercerts-org/sdk/lexicons";
+ *
+ * const registry = sdk.getLexiconRegistry();
+ *
+ * // Register custom lexicon
+ * registry.register({
+ *   lexicon: 1,
+ *   id: "org.myapp.customRecord",
+ *   defs: { ... },
+ * });
+ *
+ * // Validate a record
+ * const result = registry.validate("org.myapp.customRecord", record);
+ * if (!result.valid) {
+ *   console.error(result.error);
+ * }
+ * ```
+ *
+ * @packageDocumentation
+ */
+/**
+ * All hypercert-related lexicons for registration with AT Protocol Agent.
+ * This array contains all lexicon documents from the published package.
+ */
+declare const HYPERCERT_LEXICONS: LexiconDoc[];
+/**
+ * Collection NSIDs (Namespaced Identifiers) for hypercert records.
+ *
+ * Use these constants when performing record operations to ensure
+ * correct collection names.
+ */
+declare const HYPERCERT_COLLECTIONS: {
+    /**
+     * Main hypercert claim record collection.
+     */
+    readonly CLAIM: "org.hypercerts.claim.activity";
+    /**
+     * Rights record collection.
+     */
+    readonly RIGHTS: "org.hypercerts.claim.rights";
+    /**
+     * Location record collection (shared certified lexicon).
+     */
+    readonly LOCATION: "app.certified.location";
+    /**
+     * Contribution record collection.
+     */
+    readonly CONTRIBUTION: "org.hypercerts.claim.contribution";
+    /**
+     * Measurement record collection.
+     */
+    readonly MEASUREMENT: "org.hypercerts.claim.measurement";
+    /**
+     * Evaluation record collection.
+     */
+    readonly EVALUATION: "org.hypercerts.claim.evaluation";
+    /**
+     * Evidence record collection.
+     */
+    readonly EVIDENCE: "org.hypercerts.claim.evidence";
+    /**
+     * Collection record collection (groups of hypercerts).
+     */
+    readonly COLLECTION: "org.hypercerts.claim.collection";
+    /**
+     * Project record collection.
+     */
+    readonly PROJECT: "org.hypercerts.claim.project";
+    /**
+     * Badge award record collection.
+     */
+    readonly BADGE_AWARD: "app.certified.badge.award";
+    /**
+     * Badge definition record collection.
+     */
+    readonly BADGE_DEFINITION: "app.certified.badge.definition";
+    /**
+     * Badge response record collection.
+     */
+    readonly BADGE_RESPONSE: "app.certified.badge.response";
+    /**
+     * Funding receipt record collection.
+     */
+    readonly FUNDING_RECEIPT: "org.hypercerts.funding.receipt";
+};
 /**
  * TypeScript types for hypercert lexicon schemas.
  *
@@ -1052,30 +958,32 @@ interface ProgressStep {
  */
 type StrongRef = ComAtprotoRepoStrongRef.Main;
-type HypercertClaim = OrgHypercertsClaim.Main;
+type HypercertClaim = OrgHypercertsClaimActivity.Main;
 type HypercertRights = OrgHypercertsClaimRights.Main;
 type HypercertContribution = OrgHypercertsClaimContribution.Main;
 type HypercertMeasurement = OrgHypercertsClaimMeasurement.Main;
 type HypercertEvaluation = OrgHypercertsClaimEvaluation.Main;
-type HypercertCollection = OrgHypercertsCollection.Main;
-type HypercertCollectionClaimItem = OrgHypercertsCollection.ClaimItem;
+type HypercertEvidence = OrgHypercertsClaimEvidence.Main;
+type HypercertCollection = OrgHypercertsClaimCollection.Main;
+type HypercertCollectionClaimItem = OrgHypercertsClaimActivity.ActivityWeight;
+type HypercertProject = OrgHypercertsClaimProject.Main;
 type HypercertLocation = AppCertifiedLocation.Main;
-/** Blob reference for uploaded files (images, GeoJSON, etc.) */
-interface BlobRef {
-    $type: "blob";
-    ref: {
-        $link: string;
-    };
-    mimeType: string;
-    size: number;
-}
-/** Evidence item for operations */
-interface HypercertEvidence {
-    uri: string;
-    title?: string;
-    description?: string;
-}
-/** Image input for operations */
+type BadgeAward = AppCertifiedBadgeAward.Main;
+type BadgeDefinition = AppCertifiedBadgeDefinition.Main;
+type BadgeResponse = AppCertifiedBadgeResponse.Main;
+type FundingReceipt = OrgHypercertsFundingReceipt.Main;
+/**
+ * Image input for SDK operations.
+ *
+ * Can be either:
+ * - A URI reference (for external images)
+ * - A Blob to be uploaded
+ *
+ * The SDK will convert these to the appropriate lexicon types:
+ * - OrgHypercertsDefs.Uri
+ * - OrgHypercertsDefs.SmallImage
+ * - OrgHypercertsDefs.LargeImage
+ */
 type HypercertImage = {
     type: "uri";
     uri: string;
@@ -1083,6 +991,11 @@ type HypercertImage = {
     type: "blob";
     blob: Blob;
 };
+/**
+ * Lexicon-defined image types (union of Uri and image blob types).
+ * Use this when working with stored records.
+ */
+type HypercertImageRecord = OrgHypercertsDefs.Uri | OrgHypercertsDefs.SmallImage | OrgHypercertsDefs.LargeImage;
 /** Hypercert with AT Protocol metadata */
 interface HypercertWithMetadata {
     uri: string;
@@ -2071,7 +1984,6 @@ declare class Repository {
     private session;
     private serverUrl;
     private repoDid;
-    private lexiconRegistry;
     private logger?;
     private agent;
     private _isSDS;
@@ -2087,7 +1999,6 @@ declare class Repository {
      * @param session - Authenticated OAuth session
      * @param serverUrl - Base URL of the AT Protocol server
      * @param repoDid - DID of the repository to operate on
-     * @param lexiconRegistry - Registry for lexicon validation
      * @param isSDS - Whether this is a Shared Data Server
      * @param logger - Optional logger for debugging
      *
@@ -2097,7 +2008,7 @@ declare class Repository {
      *
      * @internal
      */
-    constructor(session: Session, serverUrl: string, repoDid: string, lexiconRegistry: LexiconRegistry, isSDS: boolean, logger?: LoggerInterface);
+    constructor(session: Session, serverUrl: string, repoDid: string, isSDS: boolean, logger?: LoggerInterface);
     /**
      * The DID (Decentralized Identifier) of this repository.
      *
@@ -2355,7 +2266,32 @@ declare const OAuthConfigSchema: z.ZodObject<{
     redirectUri: z.ZodString;
     /**
      * OAuth scopes to request, space-separated.
-     * Common scopes: "atproto", "transition:generic"
+     *
+     * Can be a string of space-separated permissions or use the permission system:
+     *
+     * @example Using presets
+     * ```typescript
+     * import { ScopePresets } from '@hypercerts-org/sdk-core';
+     * scope: ScopePresets.EMAIL_AND_PROFILE
+     * ```
+     *
+     * @example Building custom scopes
+     * ```typescript
+     * import { PermissionBuilder, buildScope } from '@hypercerts-org/sdk-core';
+     * scope: buildScope(
+     *   new PermissionBuilder()
+     *     .accountEmail('read')
+     *     .repoWrite('app.bsky.feed.post')
+     *     .build()
+     * )
+     * ```
+     *
+     * @example Legacy scopes
+     * ```typescript
+     * scope: "atproto transition:generic"
+     * ```
+     *
+     * @see https://atproto.com/specs/permission for permission details
      */
     scope: z.ZodString;
     /**
@@ -2461,7 +2397,32 @@ declare const ATProtoSDKConfigSchema: z.ZodObject<{
         redirectUri: z.ZodString;
         /**
          * OAuth scopes to request, space-separated.
-         * Common scopes: "atproto", "transition:generic"
+         *
+         * Can be a string of space-separated permissions or use the permission system:
+         *
+         * @example Using presets
+         * ```typescript
+         * import { ScopePresets } from '@hypercerts-org/sdk-core';
+         * scope: ScopePresets.EMAIL_AND_PROFILE
+         * ```
+         *
+         * @example Building custom scopes
+         * ```typescript
+         * import { PermissionBuilder, buildScope } from '@hypercerts-org/sdk-core';
+         * scope: buildScope(
+         *   new PermissionBuilder()
+         *     .accountEmail('read')
+         *     .repoWrite('app.bsky.feed.post')
+         *     .build()
+         * )
+         * ```
+         *
+         * @example Legacy scopes
+         * ```typescript
+         * scope: "atproto transition:generic"
+         * ```
+         *
+         * @see https://atproto.com/specs/permission for permission details
          */
         scope: z.ZodString;
         /**
@@ -2703,13 +2664,47 @@ interface AuthorizeOptions {
      * OAuth scope string to request specific permissions.
      * Overrides the default scope configured in {@link ATProtoSDKConfig.oauth.scope}.
      *
-     * @example
+     * Can use the permission system for type-safe scope building.
+     *
+     * @example Using presets
+     * ```typescript
+     * import { ScopePresets } from '@hypercerts-org/sdk-core';
+     *
+     * // Request email and profile access
+     * await sdk.authorize("user.bsky.social", {
+     *   scope: ScopePresets.EMAIL_AND_PROFILE
+     * });
+     *
+     * // Request full posting capabilities
+     * await sdk.authorize("user.bsky.social", {
+     *   scope: ScopePresets.POSTING_APP
+     * });
+     * ```
+     *
+     * @example Building custom scopes
+     * ```typescript
+     * import { PermissionBuilder, buildScope } from '@hypercerts-org/sdk-core';
+     *
+     * const scope = buildScope(
+     *   new PermissionBuilder()
+     *     .accountEmail('read')
+     *     .repoWrite('app.bsky.feed.post')
+     *     .blob(['image/*'])
+     *     .build()
+     * );
+     *
+     * await sdk.authorize("user.bsky.social", { scope });
+     * ```
+     *
+     * @example Legacy scopes
      * ```typescript
      * // Request read-only access
      * await sdk.authorize("user.bsky.social", { scope: "atproto" });
      *
-     * // Request full access (default typically includes transition:generic)
-     * await sdk.authorize("user.bsky.social", { scope: "atproto transition:generic" });
+     * // Request full access (legacy)
+     * await sdk.authorize("user.bsky.social", {
+     *   scope: "atproto transition:generic"
+     * });
      * ```
      */
     scope?: string;
@@ -2768,7 +2763,6 @@ declare class ATProtoSDK {
     private oauthClient;
     private config;
     private logger?;
-    private lexiconRegistry;
     /**
      * Creates a new ATProto SDK instance.
      *
@@ -2902,6 +2896,56 @@ declare class ATProtoSDK {
      * ```
      */
     revokeSession(did: string): Promise<void>;
+    /**
+     * Gets the account email address from the authenticated session.
+     *
+     * This method retrieves the email address associated with the user's account
+     * by calling the `com.atproto.server.getSession` endpoint. The email will only
+     * be returned if the appropriate OAuth scope was granted during authorization.
+     *
+     * Required OAuth scopes:
+     * - **Granular permissions**: `account:email?action=read` or `account:email`
+     * - **Transitional permissions**: `transition:email`
+     *
+     * @param session - An authenticated OAuth session
+     * @returns A Promise resolving to email info, or `null` if permission not granted
+     * @throws {@link ValidationError} if the session is invalid
+     * @throws {@link NetworkError} if the API request fails
+     *
+     * @example Using granular permissions
+     * ```typescript
+     * import { ScopePresets } from '@hypercerts-org/sdk-core';
+     *
+     * // Authorize with email scope
+     * const authUrl = await sdk.authorize("user.bsky.social", {
+     *   scope: ScopePresets.EMAIL_READ
+     * });
+     *
+     * // After callback...
+     * const emailInfo = await sdk.getAccountEmail(session);
+     * if (emailInfo) {
+     *   console.log(`Email: ${emailInfo.email}`);
+     *   console.log(`Confirmed: ${emailInfo.emailConfirmed}`);
+     * } else {
+     *   console.log("Email permission not granted");
+     * }
+     * ```
+     *
+     * @example Using transitional permissions (legacy)
+     * ```typescript
+     * // Authorize with transition:email scope
+     * const authUrl = await sdk.authorize("user.bsky.social", {
+     *   scope: "atproto transition:email"
+     * });
+     *
+     * // After callback...
+     * const emailInfo = await sdk.getAccountEmail(session);
+     * ```
+     */
+    getAccountEmail(session: Session): Promise<{
+        email: string;
+        emailConfirmed: boolean;
+    } | null>;
     /**
      * Creates a repository instance for data operations.
      *
@@ -2938,27 +2982,6 @@ declare class ATProtoSDK {
      * ```
      */
     repository(session: Session, options?: RepositoryOptions): Repository;
-    /**
-     * Gets the lexicon registry for schema validation.
-     *
-     * The lexicon registry manages AT Protocol lexicon schemas used for
-     * validating record data. You can register custom lexicons to extend
-     * the SDK's capabilities.
-     *
-     * @returns The {@link LexiconRegistry} instance
-     *
-     * @example
-     * ```typescript
-     * const registry = sdk.getLexiconRegistry();
-     *
-     * // Register custom lexicons
-     * registry.register(myCustomLexicons);
-     *
-     * // Check if a lexicon is registered
-     * const hasLexicon = registry.has("org.example.myRecord");
-     * ```
-     */
-    getLexiconRegistry(): LexiconRegistry;
     /**
      * The configured PDS (Personal Data Server) URL.
      *
@@ -3532,5 +3555,1047 @@ declare class InMemoryStateStore implements StateStore {
     clear(): void;
 }
-export { ATProtoSDK, ATProtoSDKConfigSchema, ATProtoSDKError, AuthenticationError, CollaboratorPermissionsSchema, CollaboratorSchema, ConfigurableAgent, InMemorySessionStore, InMemoryStateStore, LexiconRegistry, NetworkError, OAuthConfigSchema, OrganizationSchema, Repository, SDSRequiredError, ServerConfigSchema, SessionExpiredError, TimeoutConfigSchema, ValidationError, createATProtoSDK };
-export type { ATProtoSDKConfig, AuthorizeOptions, BlobOperations, BlobRef, CacheInterface, Collaborator, CollaboratorOperations, CollaboratorPermissions, CreateHypercertParams, CreateHypercertResult, CreateResult, DID, HypercertClaim, HypercertCollection, HypercertCollectionClaimItem, HypercertContribution, HypercertEvaluation, HypercertEvents, HypercertEvidence, HypercertImage, HypercertLocation, HypercertMeasurement, HypercertOperations, HypercertRights, HypercertWithMetadata, ListParams, LoggerInterface, Organization, OrganizationInfo, OrganizationOperations, PaginatedList, ProfileOperations, ProgressStep, RecordOperations, RepositoryAccessGrant, RepositoryOptions, RepositoryRole, Session, SessionStore, StateStore, StrongRef, UpdateResult, ValidationResult };
+/**
+ * OAuth Scopes and Granular Permissions
+ *
+ * This module provides type-safe, Zod-validated OAuth scope and permission management
+ * for the ATProto SDK. It supports both legacy transitional scopes and the new
+ * granular permissions model.
+ *
+ * @see https://atproto.com/specs/oauth
+ * @see https://atproto.com/specs/permission
+ *
+ * @module auth/permissions
+ */
+/**
+ * Base OAuth scope - required for all sessions
+ *
+ * @constant
+ */
+declare const ATPROTO_SCOPE: "atproto";
+/**
+ * Transitional OAuth scopes for legacy compatibility.
+ *
+ * These scopes provide broad access and are maintained for backwards compatibility.
+ * New applications should use granular permissions instead.
+ *
+ * @deprecated Use granular permissions (account:*, repo:*, etc.) for better control
+ * @constant
+ */
+declare const TRANSITION_SCOPES: {
+    /** Broad PDS permissions including record creation, blob uploads, and preferences */
+    readonly GENERIC: "transition:generic";
+    /** Direct messages access (requires transition:generic) */
+    readonly CHAT: "transition:chat.bsky";
+    /** Email address and confirmation status */
+    readonly EMAIL: "transition:email";
+};
+/**
+ * Zod schema for transitional scopes.
+ *
+ * Validates that a scope string is one of the known transitional scopes.
+ *
+ * @example
+ * ```typescript
+ * TransitionScopeSchema.parse('transition:email'); // Valid
+ * TransitionScopeSchema.parse('invalid'); // Throws ZodError
+ * ```
+ */
+declare const TransitionScopeSchema: z.ZodEnum<["transition:generic", "transition:chat.bsky", "transition:email"]>;
+/**
+ * Type for transitional scopes inferred from schema.
+ */
+type TransitionScope = z.infer<typeof TransitionScopeSchema>;
+/**
+ * Zod schema for account permission attributes.
+ *
+ * Account attributes specify what aspect of the account is being accessed.
+ */
+declare const AccountAttrSchema: z.ZodEnum<["email", "repo"]>;
+/**
+ * Type for account attributes inferred from schema.
+ */
+type AccountAttr = z.infer<typeof AccountAttrSchema>;
+/**
+ * Zod schema for account actions.
+ *
+ * Account actions specify the level of access (read-only or management).
+ */
+declare const AccountActionSchema: z.ZodEnum<["read", "manage"]>;
+/**
+ * Type for account actions inferred from schema.
+ */
+type AccountAction = z.infer<typeof AccountActionSchema>;
+/**
+ * Zod schema for repository actions.
+ *
+ * Repository actions specify what operations can be performed on records.
+ */
+declare const RepoActionSchema: z.ZodEnum<["create", "update", "delete"]>;
+/**
+ * Type for repository actions inferred from schema.
+ */
+type RepoAction = z.infer<typeof RepoActionSchema>;
+/**
+ * Zod schema for identity permission attributes.
+ *
+ * Identity attributes specify what identity information can be managed.
+ */
+declare const IdentityAttrSchema: z.ZodEnum<["handle", "*"]>;
+/**
+ * Type for identity attributes inferred from schema.
+ */
+type IdentityAttr = z.infer<typeof IdentityAttrSchema>;
+/**
+ * Zod schema for MIME type patterns.
+ *
+ * Validates MIME type strings like "image/*" or "video/mp4".
+ *
+ * @example
+ * ```typescript
+ * MimeTypeSchema.parse('image/*'); // Valid
+ * MimeTypeSchema.parse('video/mp4'); // Valid
+ * MimeTypeSchema.parse('invalid'); // Throws ZodError
+ * ```
+ */
+declare const MimeTypeSchema: z.ZodString;
+/**
+ * Zod schema for NSID (Namespaced Identifier).
+ *
+ * NSIDs are reverse-DNS style identifiers used throughout ATProto
+ * (e.g., "app.bsky.feed.post" or "com.example.myrecord").
+ *
+ * @see https://atproto.com/specs/nsid
+ *
+ * @example
+ * ```typescript
+ * NsidSchema.parse('app.bsky.feed.post'); // Valid
+ * NsidSchema.parse('com.example.myrecord'); // Valid
+ * NsidSchema.parse('InvalidNSID'); // Throws ZodError
+ * ```
+ */
+declare const NsidSchema: z.ZodString;
+/**
+ * Zod schema for account permission.
+ *
+ * Account permissions control access to account-level information like email
+ * and repository management.
+ *
+ * @example Without action (read-only)
+ * ```typescript
+ * const input = { type: 'account', attr: 'email' };
+ * AccountPermissionSchema.parse(input); // Returns: "account:email"
+ * ```
+ *
+ * @example With action
+ * ```typescript
+ * const input = { type: 'account', attr: 'email', action: 'manage' };
+ * AccountPermissionSchema.parse(input); // Returns: "account:email?action=manage"
+ * ```
+ */
+declare const AccountPermissionSchema: z.ZodEffects<z.ZodObject<{
+    type: z.ZodLiteral<"account">;
+    attr: z.ZodEnum<["email", "repo"]>;
+    action: z.ZodOptional<z.ZodEnum<["read", "manage"]>>;
+}, "strip", z.ZodTypeAny, {
+    type: "account";
+    attr: "email" | "repo";
+    action?: "read" | "manage" | undefined;
+}, {
+    type: "account";
+    attr: "email" | "repo";
+    action?: "read" | "manage" | undefined;
+}>, string, {
+    type: "account";
+    attr: "email" | "repo";
+    action?: "read" | "manage" | undefined;
+}>;
+/**
+ * Input type for account permission (before transform).
+ */
+type AccountPermissionInput = z.input<typeof AccountPermissionSchema>;
+/**
+ * Zod schema for repository permission.
+ *
+ * Repository permissions control write access to records by collection type.
+ * The collection must be a valid NSID or wildcard (*).
+ *
+ * @example Without actions (all actions allowed)
+ * ```typescript
+ * const input = { type: 'repo', collection: 'app.bsky.feed.post' };
+ * RepoPermissionSchema.parse(input); // Returns: "repo:app.bsky.feed.post"
+ * ```
+ *
+ * @example With specific actions
+ * ```typescript
+ * const input = {
+ *   type: 'repo',
+ *   collection: 'app.bsky.feed.post',
+ *   actions: ['create', 'update']
+ * };
+ * RepoPermissionSchema.parse(input); // Returns: "repo:app.bsky.feed.post?action=create&action=update"
+ * ```
+ *
+ * @example With wildcard collection
+ * ```typescript
+ * const input = { type: 'repo', collection: '*', actions: ['delete'] };
+ * RepoPermissionSchema.parse(input); // Returns: "repo:*?action=delete"
+ * ```
+ */
+declare const RepoPermissionSchema: z.ZodEffects<z.ZodObject<{
+    type: z.ZodLiteral<"repo">;
+    collection: z.ZodUnion<[z.ZodString, z.ZodLiteral<"*">]>;
+    actions: z.ZodOptional<z.ZodArray<z.ZodEnum<["create", "update", "delete"]>, "many">>;
+}, "strip", z.ZodTypeAny, {
+    type: "repo";
+    collection: string;
+    actions?: ("create" | "update" | "delete")[] | undefined;
+}, {
+    type: "repo";
+    collection: string;
+    actions?: ("create" | "update" | "delete")[] | undefined;
+}>, string, {
+    type: "repo";
+    collection: string;
+    actions?: ("create" | "update" | "delete")[] | undefined;
+}>;
+/**
+ * Input type for repository permission (before transform).
+ */
+type RepoPermissionInput = z.input<typeof RepoPermissionSchema>;
+/**
+ * Zod schema for blob permission.
+ *
+ * Blob permissions control media file uploads constrained by MIME type patterns.
+ *
+ * @example Single MIME type
+ * ```typescript
+ * const input = { type: 'blob', mimeTypes: ['image/*'] };
+ * BlobPermissionSchema.parse(input); // Returns: "blob:image/*"
+ * ```
+ *
+ * @example Multiple MIME types
+ * ```typescript
+ * const input = { type: 'blob', mimeTypes: ['image/*', 'video/*'] };
+ * BlobPermissionSchema.parse(input); // Returns: "blob?accept=image/*&accept=video/*"
+ * ```
+ */
+declare const BlobPermissionSchema: z.ZodEffects<z.ZodObject<{
+    type: z.ZodLiteral<"blob">;
+    mimeTypes: z.ZodArray<z.ZodString, "many">;
+}, "strip", z.ZodTypeAny, {
+    type: "blob";
+    mimeTypes: string[];
+}, {
+    type: "blob";
+    mimeTypes: string[];
+}>, string, {
+    type: "blob";
+    mimeTypes: string[];
+}>;
+/**
+ * Input type for blob permission (before transform).
+ */
+type BlobPermissionInput = z.input<typeof BlobPermissionSchema>;
+/**
+ * Zod schema for RPC permission.
+ *
+ * RPC permissions control authenticated API calls to remote services.
+ * At least one of lexicon or aud must be restricted (both cannot be wildcards).
+ *
+ * @example Specific lexicon with wildcard audience
+ * ```typescript
+ * const input = {
+ *   type: 'rpc',
+ *   lexicon: 'com.atproto.repo.createRecord',
+ *   aud: '*'
+ * };
+ * RpcPermissionSchema.parse(input);
+ * // Returns: "rpc:com.atproto.repo.createRecord?aud=*"
+ * ```
+ *
+ * @example With specific audience
+ * ```typescript
+ * const input = {
+ *   type: 'rpc',
+ *   lexicon: 'com.atproto.repo.createRecord',
+ *   aud: 'did:web:api.example.com',
+ *   inheritAud: true
+ * };
+ * RpcPermissionSchema.parse(input);
+ * // Returns: "rpc:com.atproto.repo.createRecord?aud=did%3Aweb%3Aapi.example.com&inheritAud=true"
+ * ```
+ */
+declare const RpcPermissionSchema: z.ZodEffects<z.ZodEffects<z.ZodObject<{
+    type: z.ZodLiteral<"rpc">;
+    lexicon: z.ZodUnion<[z.ZodString, z.ZodLiteral<"*">]>;
+    aud: z.ZodString;
+    inheritAud: z.ZodOptional<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    type: "rpc";
+    lexicon: string;
+    aud: string;
+    inheritAud?: boolean | undefined;
+}, {
+    type: "rpc";
+    lexicon: string;
+    aud: string;
+    inheritAud?: boolean | undefined;
+}>, {
+    type: "rpc";
+    lexicon: string;
+    aud: string;
+    inheritAud?: boolean | undefined;
+}, {
+    type: "rpc";
+    lexicon: string;
+    aud: string;
+    inheritAud?: boolean | undefined;
+}>, string, {
+    type: "rpc";
+    lexicon: string;
+    aud: string;
+    inheritAud?: boolean | undefined;
+}>;
+/**
+ * Input type for RPC permission (before transform).
+ */
+type RpcPermissionInput = z.input<typeof RpcPermissionSchema>;
+/**
+ * Zod schema for identity permission.
+ *
+ * Identity permissions control access to DID documents and handles.
+ *
+ * @example Handle management
+ * ```typescript
+ * const input = { type: 'identity', attr: 'handle' };
+ * IdentityPermissionSchema.parse(input); // Returns: "identity:handle"
+ * ```
+ *
+ * @example All identity attributes
+ * ```typescript
+ * const input = { type: 'identity', attr: '*' };
+ * IdentityPermissionSchema.parse(input); // Returns: "identity:*"
+ * ```
+ */
+declare const IdentityPermissionSchema: z.ZodEffects<z.ZodObject<{
+    type: z.ZodLiteral<"identity">;
+    attr: z.ZodEnum<["handle", "*"]>;
+}, "strip", z.ZodTypeAny, {
+    type: "identity";
+    attr: "handle" | "*";
+}, {
+    type: "identity";
+    attr: "handle" | "*";
+}>, string, {
+    type: "identity";
+    attr: "handle" | "*";
+}>;
+/**
+ * Input type for identity permission (before transform).
+ */
+type IdentityPermissionInput = z.input<typeof IdentityPermissionSchema>;
+/**
+ * Zod schema for permission set inclusion.
+ *
+ * Include permissions reference permission sets bundled under a single NSID.
+ *
+ * @example Without audience
+ * ```typescript
+ * const input = { type: 'include', nsid: 'com.example.authBasicFeatures' };
+ * IncludePermissionSchema.parse(input);
+ * // Returns: "include:com.example.authBasicFeatures"
+ * ```
+ *
+ * @example With audience
+ * ```typescript
+ * const input = {
+ *   type: 'include',
+ *   nsid: 'com.example.authBasicFeatures',
+ *   aud: 'did:web:api.example.com'
+ * };
+ * IncludePermissionSchema.parse(input);
+ * // Returns: "include:com.example.authBasicFeatures?aud=did%3Aweb%3Aapi.example.com"
+ * ```
+ */
+declare const IncludePermissionSchema: z.ZodEffects<z.ZodObject<{
+    type: z.ZodLiteral<"include">;
+    nsid: z.ZodString;
+    aud: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    type: "include";
+    nsid: string;
+    aud?: string | undefined;
+}, {
+    type: "include";
+    nsid: string;
+    aud?: string | undefined;
+}>, string, {
+    type: "include";
+    nsid: string;
+    aud?: string | undefined;
+}>;
+/**
+ * Input type for include permission (before transform).
+ */
+type IncludePermissionInput = z.input<typeof IncludePermissionSchema>;
+/**
+ * Union schema for all permission types.
+ *
+ * This schema accepts any of the supported permission types and validates
+ * them according to their specific rules.
+ */
+declare const PermissionSchema: z.ZodUnion<[z.ZodEffects<z.ZodObject<{
+    type: z.ZodLiteral<"account">;
+    attr: z.ZodEnum<["email", "repo"]>;
+    action: z.ZodOptional<z.ZodEnum<["read", "manage"]>>;
+}, "strip", z.ZodTypeAny, {
+    type: "account";
+    attr: "email" | "repo";
+    action?: "read" | "manage" | undefined;
+}, {
+    type: "account";
+    attr: "email" | "repo";
+    action?: "read" | "manage" | undefined;
+}>, string, {
+    type: "account";
+    attr: "email" | "repo";
+    action?: "read" | "manage" | undefined;
+}>, z.ZodEffects<z.ZodObject<{
+    type: z.ZodLiteral<"repo">;
+    collection: z.ZodUnion<[z.ZodString, z.ZodLiteral<"*">]>;
+    actions: z.ZodOptional<z.ZodArray<z.ZodEnum<["create", "update", "delete"]>, "many">>;
+}, "strip", z.ZodTypeAny, {
+    type: "repo";
+    collection: string;
+    actions?: ("create" | "update" | "delete")[] | undefined;
+}, {
+    type: "repo";
+    collection: string;
+    actions?: ("create" | "update" | "delete")[] | undefined;
+}>, string, {
+    type: "repo";
+    collection: string;
+    actions?: ("create" | "update" | "delete")[] | undefined;
+}>, z.ZodEffects<z.ZodObject<{
+    type: z.ZodLiteral<"blob">;
+    mimeTypes: z.ZodArray<z.ZodString, "many">;
+}, "strip", z.ZodTypeAny, {
+    type: "blob";
+    mimeTypes: string[];
+}, {
+    type: "blob";
+    mimeTypes: string[];
+}>, string, {
+    type: "blob";
+    mimeTypes: string[];
+}>, z.ZodEffects<z.ZodEffects<z.ZodObject<{
+    type: z.ZodLiteral<"rpc">;
+    lexicon: z.ZodUnion<[z.ZodString, z.ZodLiteral<"*">]>;
+    aud: z.ZodString;
+    inheritAud: z.ZodOptional<z.ZodBoolean>;
+}, "strip", z.ZodTypeAny, {
+    type: "rpc";
+    lexicon: string;
+    aud: string;
+    inheritAud?: boolean | undefined;
+}, {
+    type: "rpc";
+    lexicon: string;
+    aud: string;
+    inheritAud?: boolean | undefined;
+}>, {
+    type: "rpc";
+    lexicon: string;
+    aud: string;
+    inheritAud?: boolean | undefined;
+}, {
+    type: "rpc";
+    lexicon: string;
+    aud: string;
+    inheritAud?: boolean | undefined;
+}>, string, {
+    type: "rpc";
+    lexicon: string;
+    aud: string;
+    inheritAud?: boolean | undefined;
+}>, z.ZodEffects<z.ZodObject<{
+    type: z.ZodLiteral<"identity">;
+    attr: z.ZodEnum<["handle", "*"]>;
+}, "strip", z.ZodTypeAny, {
+    type: "identity";
+    attr: "handle" | "*";
+}, {
+    type: "identity";
+    attr: "handle" | "*";
+}>, string, {
+    type: "identity";
+    attr: "handle" | "*";
+}>, z.ZodEffects<z.ZodObject<{
+    type: z.ZodLiteral<"include">;
+    nsid: z.ZodString;
+    aud: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    type: "include";
+    nsid: string;
+    aud?: string | undefined;
+}, {
+    type: "include";
+    nsid: string;
+    aud?: string | undefined;
+}>, string, {
+    type: "include";
+    nsid: string;
+    aud?: string | undefined;
+}>]>;
+/**
+ * Input type for any permission (before transform).
+ */
+type PermissionInput = z.input<typeof PermissionSchema>;
+/**
+ * Output type for any permission (after transform).
+ */
+type Permission = z.output<typeof PermissionSchema>;
+/**
+ * Fluent builder for constructing OAuth permission arrays.
+ *
+ * This class provides a convenient, type-safe way to build arrays of permissions
+ * using method chaining.
+ *
+ * @example Basic usage
+ * ```typescript
+ * const builder = new PermissionBuilder()
+ *   .accountEmail('read')
+ *   .repoWrite('app.bsky.feed.post')
+ *   .blob(['image/*', 'video/*']);
+ *
+ * const permissions = builder.build();
+ * // Returns: ['account:email?action=read', 'repo:app.bsky.feed.post?action=create&action=update', 'blob:image/*,video/*']
+ * ```
+ *
+ * @example With transitional scopes
+ * ```typescript
+ * const builder = new PermissionBuilder()
+ *   .transition('email')
+ *   .transition('generic');
+ *
+ * const scopes = builder.build();
+ * // Returns: ['transition:email', 'transition:generic']
+ * ```
+ */
+declare class PermissionBuilder {
+    private permissions;
+    /**
+     * Add a transitional scope.
+     *
+     * @param scope - The transitional scope name ('email', 'generic', or 'chat.bsky')
+     * @returns This builder for chaining
+     *
+     * @example
+     * ```typescript
+     * builder.transition('email').transition('generic');
+     * ```
+     */
+    transition(scope: "email" | "generic" | "chat.bsky"): this;
+    /**
+     * Add an account permission.
+     *
+     * @param attr - The account attribute ('email' or 'repo')
+     * @param action - Optional action ('read' or 'manage')
+     * @returns This builder for chaining
+     *
+     * @example
+     * ```typescript
+     * builder.accountEmail('read').accountRepo('manage');
+     * ```
+     */
+    account(attr: z.infer<typeof AccountAttrSchema>, action?: z.infer<typeof AccountActionSchema>): this;
+    /**
+     * Convenience method for account:email permission.
+     *
+     * @param action - Optional action ('read' or 'manage')
+     * @returns This builder for chaining
+     *
+     * @example
+     * ```typescript
+     * builder.accountEmail('read');
+     * ```
+     */
+    accountEmail(action?: z.infer<typeof AccountActionSchema>): this;
+    /**
+     * Convenience method for account:repo permission.
+     *
+     * @param action - Optional action ('read' or 'manage')
+     * @returns This builder for chaining
+     *
+     * @example
+     * ```typescript
+     * builder.accountRepo('manage');
+     * ```
+     */
+    accountRepo(action?: z.infer<typeof AccountActionSchema>): this;
+    /**
+     * Add a repository permission.
+     *
+     * @param collection - The NSID of the collection or '*' for all
+     * @param actions - Optional array of actions ('create', 'update', 'delete')
+     * @returns This builder for chaining
+     *
+     * @example
+     * ```typescript
+     * builder.repo('app.bsky.feed.post', ['create', 'update']);
+     * ```
+     */
+    repo(collection: string, actions?: z.infer<typeof RepoActionSchema>[]): this;
+    /**
+     * Convenience method for repository write permissions (create + update).
+     *
+     * @param collection - The NSID of the collection or '*' for all
+     * @returns This builder for chaining
+     *
+     * @example
+     * ```typescript
+     * builder.repoWrite('app.bsky.feed.post');
+     * ```
+     */
+    repoWrite(collection: string): this;
+    /**
+     * Convenience method for repository read permission (no actions).
+     *
+     * @param collection - The NSID of the collection or '*' for all
+     * @returns This builder for chaining
+     *
+     * @example
+     * ```typescript
+     * builder.repoRead('app.bsky.feed.post');
+     * ```
+     */
+    repoRead(collection: string): this;
+    /**
+     * Convenience method for full repository permissions (create + update + delete).
+     *
+     * @param collection - The NSID of the collection or '*' for all
+     * @returns This builder for chaining
+     *
+     * @example
+     * ```typescript
+     * builder.repoFull('app.bsky.feed.post');
+     * ```
+     */
+    repoFull(collection: string): this;
+    /**
+     * Add a blob permission.
+     *
+     * @param mimeTypes - Array of MIME types or a single MIME type
+     * @returns This builder for chaining
+     *
+     * @example
+     * ```typescript
+     * builder.blob(['image/*', 'video/*']);
+     * builder.blob('image/*');
+     * ```
+     */
+    blob(mimeTypes: string | string[]): this;
+    /**
+     * Add an RPC permission.
+     *
+     * @param lexicon - The NSID of the lexicon or '*' for all
+     * @param aud - The audience (DID or URL)
+     * @param inheritAud - Whether to inherit audience
+     * @returns This builder for chaining
+     *
+     * @example
+     * ```typescript
+     * builder.rpc('com.atproto.repo.createRecord', 'did:web:api.example.com');
+     * ```
+     */
+    rpc(lexicon: string, aud: string, inheritAud?: boolean): this;
+    /**
+     * Add an identity permission.
+     *
+     * @param attr - The identity attribute ('handle' or '*')
+     * @returns This builder for chaining
+     *
+     * @example
+     * ```typescript
+     * builder.identity('handle');
+     * ```
+     */
+    identity(attr: z.infer<typeof IdentityAttrSchema>): this;
+    /**
+     * Add an include permission.
+     *
+     * @param nsid - The NSID of the scope set to include
+     * @param aud - Optional audience restriction
+     * @returns This builder for chaining
+     *
+     * @example
+     * ```typescript
+     * builder.include('com.example.authBasicFeatures');
+     * ```
+     */
+    include(nsid: string, aud?: string): this;
+    /**
+     * Add a custom permission string directly (bypasses validation).
+     *
+     * Use this for testing or special cases where you need to add
+     * a permission that doesn't fit the standard types.
+     *
+     * @param permission - The permission string
+     * @returns This builder for chaining
+     *
+     * @example
+     * ```typescript
+     * builder.custom('atproto');
+     * ```
+     */
+    custom(permission: string): this;
+    /**
+     * Add the base atproto scope.
+     *
+     * @returns This builder for chaining
+     *
+     * @example
+     * ```typescript
+     * builder.atproto();
+     * ```
+     */
+    atproto(): this;
+    /**
+     * Build and return the array of permission strings.
+     *
+     * @returns Array of permission strings
+     *
+     * @example
+     * ```typescript
+     * const permissions = builder.build();
+     * ```
+     */
+    build(): string[];
+    /**
+     * Clear all permissions from the builder.
+     *
+     * @returns This builder for chaining
+     *
+     * @example
+     * ```typescript
+     * builder.clear().accountEmail('read');
+     * ```
+     */
+    clear(): this;
+    /**
+     * Get the current number of permissions.
+     *
+     * @returns The number of permissions
+     *
+     * @example
+     * ```typescript
+     * const count = builder.count();
+     * ```
+     */
+    count(): number;
+}
+/**
+ * Build a scope string from an array of permissions.
+ *
+ * This is a convenience function that joins permission strings with spaces,
+ * which is the standard format for OAuth scope parameters.
+ *
+ * @param permissions - Array of permission strings
+ * @returns Space-separated scope string
+ *
+ * @example
+ * ```typescript
+ * const permissions = ['account:email?action=read', 'repo:app.bsky.feed.post'];
+ * const scope = buildScope(permissions);
+ * // Returns: "account:email?action=read repo:app.bsky.feed.post"
+ * ```
+ */
+declare function buildScope(permissions: string[]): string;
+/**
+ * Pre-built scope presets for common use cases.
+ *
+ * These presets provide ready-to-use permission sets for typical application scenarios.
+ */
+declare const ScopePresets: {
+    /**
+     * Email access scope - allows reading user's email address.
+     *
+     * Includes:
+     * - account:email?action=read
+     *
+     * @example
+     * ```typescript
+     * const scope = ScopePresets.EMAIL_READ;
+     * // Use in OAuth flow to request email access
+     * ```
+     */
+    readonly EMAIL_READ: string;
+    /**
+     * Profile read scope - allows reading user's profile.
+     *
+     * Includes:
+     * - repo:app.bsky.actor.profile (read-only)
+     *
+     * @example
+     * ```typescript
+     * const scope = ScopePresets.PROFILE_READ;
+     * ```
+     */
+    readonly PROFILE_READ: string;
+    /**
+     * Profile write scope - allows updating user's profile.
+     *
+     * Includes:
+     * - repo:app.bsky.actor.profile (create + update)
+     *
+     * @example
+     * ```typescript
+     * const scope = ScopePresets.PROFILE_WRITE;
+     * ```
+     */
+    readonly PROFILE_WRITE: string;
+    /**
+     * Post creation scope - allows creating and updating posts.
+     *
+     * Includes:
+     * - repo:app.bsky.feed.post (create + update)
+     *
+     * @example
+     * ```typescript
+     * const scope = ScopePresets.POST_WRITE;
+     * ```
+     */
+    readonly POST_WRITE: string;
+    /**
+     * Social interactions scope - allows liking, reposting, and following.
+     *
+     * Includes:
+     * - repo:app.bsky.feed.like (create + update)
+     * - repo:app.bsky.feed.repost (create + update)
+     * - repo:app.bsky.graph.follow (create + update)
+     *
+     * @example
+     * ```typescript
+     * const scope = ScopePresets.SOCIAL_WRITE;
+     * ```
+     */
+    readonly SOCIAL_WRITE: string;
+    /**
+     * Media upload scope - allows uploading images and videos.
+     *
+     * Includes:
+     * - blob permissions for image/* and video/*
+     *
+     * @example
+     * ```typescript
+     * const scope = ScopePresets.MEDIA_UPLOAD;
+     * ```
+     */
+    readonly MEDIA_UPLOAD: string;
+    /**
+     * Image upload only scope - allows uploading images.
+     *
+     * Includes:
+     * - blob:image/*
+     *
+     * @example
+     * ```typescript
+     * const scope = ScopePresets.IMAGE_UPLOAD;
+     * ```
+     */
+    readonly IMAGE_UPLOAD: string;
+    /**
+     * Posting app scope - full posting capabilities including media.
+     *
+     * Includes:
+     * - repo:app.bsky.feed.post (create + update)
+     * - repo:app.bsky.feed.like (create + update)
+     * - repo:app.bsky.feed.repost (create + update)
+     * - blob permissions for image/* and video/*
+     *
+     * @example
+     * ```typescript
+     * const scope = ScopePresets.POSTING_APP;
+     * ```
+     */
+    readonly POSTING_APP: string;
+    /**
+     * Read-only app scope - allows reading all repository data.
+     *
+     * Includes:
+     * - repo:* (read-only, no actions)
+     *
+     * @example
+     * ```typescript
+     * const scope = ScopePresets.READ_ONLY;
+     * ```
+     */
+    readonly READ_ONLY: string;
+    /**
+     * Full access scope - allows all repository operations.
+     *
+     * Includes:
+     * - repo:* (create + update + delete)
+     *
+     * @example
+     * ```typescript
+     * const scope = ScopePresets.FULL_ACCESS;
+     * ```
+     */
+    readonly FULL_ACCESS: string;
+    /**
+     * Email + Profile scope - common combination for user identification.
+     *
+     * Includes:
+     * - account:email?action=read
+     * - repo:app.bsky.actor.profile (read-only)
+     *
+     * @example
+     * ```typescript
+     * const scope = ScopePresets.EMAIL_AND_PROFILE;
+     * ```
+     */
+    readonly EMAIL_AND_PROFILE: string;
+    /**
+     * Transitional email scope (legacy).
+     *
+     * Uses the transitional scope format for backward compatibility.
+     *
+     * @example
+     * ```typescript
+     * const scope = ScopePresets.TRANSITION_EMAIL;
+     * ```
+     */
+    readonly TRANSITION_EMAIL: string;
+    /**
+     * Transitional generic scope (legacy).
+     *
+     * Uses the transitional scope format for backward compatibility.
+     *
+     * @example
+     * ```typescript
+     * const scope = ScopePresets.TRANSITION_GENERIC;
+     * ```
+     */
+    readonly TRANSITION_GENERIC: string;
+};
+/**
+ * Parse a scope string into an array of individual permissions.
+ *
+ * This splits a space-separated scope string into individual permission strings.
+ *
+ * @param scope - Space-separated scope string
+ * @returns Array of permission strings
+ *
+ * @example
+ * ```typescript
+ * const scope = "account:email?action=read repo:app.bsky.feed.post";
+ * const permissions = parseScope(scope);
+ * // Returns: ['account:email?action=read', 'repo:app.bsky.feed.post']
+ * ```
+ */
+declare function parseScope(scope: string): string[];
+/**
+ * Check if a scope string contains a specific permission.
+ *
+ * This function performs exact string matching. For more advanced
+ * permission checking (e.g., wildcard matching), you'll need to
+ * implement custom logic.
+ *
+ * @param scope - Space-separated scope string
+ * @param permission - The permission to check for
+ * @returns True if the scope contains the permission
+ *
+ * @example
+ * ```typescript
+ * const scope = "account:email?action=read repo:app.bsky.feed.post";
+ * hasPermission(scope, "account:email?action=read"); // true
+ * hasPermission(scope, "account:repo"); // false
+ * ```
+ */
+declare function hasPermission(scope: string, permission: string): boolean;
+/**
+ * Check if a scope string contains all of the specified permissions.
+ *
+ * @param scope - Space-separated scope string
+ * @param requiredPermissions - Array of permissions to check for
+ * @returns True if the scope contains all required permissions
+ *
+ * @example
+ * ```typescript
+ * const scope = "account:email?action=read repo:app.bsky.feed.post blob:image/*";
+ * hasAllPermissions(scope, ["account:email?action=read", "blob:image/*"]); // true
+ * hasAllPermissions(scope, ["account:email?action=read", "account:repo"]); // false
+ * ```
+ */
+declare function hasAllPermissions(scope: string, requiredPermissions: string[]): boolean;
+/**
+ * Check if a scope string contains any of the specified permissions.
+ *
+ * @param scope - Space-separated scope string
+ * @param checkPermissions - Array of permissions to check for
+ * @returns True if the scope contains at least one of the permissions
+ *
+ * @example
+ * ```typescript
+ * const scope = "account:email?action=read repo:app.bsky.feed.post";
+ * hasAnyPermission(scope, ["account:email?action=read", "account:repo"]); // true
+ * hasAnyPermission(scope, ["account:repo", "identity:handle"]); // false
+ * ```
+ */
+declare function hasAnyPermission(scope: string, checkPermissions: string[]): boolean;
+/**
+ * Merge multiple scope strings into a single scope string with deduplicated permissions.
+ *
+ * @param scopes - Array of scope strings to merge
+ * @returns Merged scope string with unique permissions
+ *
+ * @example
+ * ```typescript
+ * const scope1 = "account:email?action=read repo:app.bsky.feed.post";
+ * const scope2 = "repo:app.bsky.feed.post blob:image/*";
+ * const merged = mergeScopes([scope1, scope2]);
+ * // Returns: "account:email?action=read repo:app.bsky.feed.post blob:image/*"
+ * ```
+ */
+declare function mergeScopes(scopes: string[]): string;
+/**
+ * Remove specific permissions from a scope string.
+ *
+ * @param scope - Space-separated scope string
+ * @param permissionsToRemove - Array of permissions to remove
+ * @returns New scope string without the specified permissions
+ *
+ * @example
+ * ```typescript
+ * const scope = "account:email?action=read repo:app.bsky.feed.post blob:image/*";
+ * const filtered = removePermissions(scope, ["blob:image/*"]);
+ * // Returns: "account:email?action=read repo:app.bsky.feed.post"
+ * ```
+ */
+declare function removePermissions(scope: string, permissionsToRemove: string[]): string;
+/**
+ * Validate that all permissions in a scope string are well-formed.
+ *
+ * This checks that each permission matches expected patterns for transitional
+ * or granular permissions. It does NOT validate against the full Zod schemas.
+ *
+ * @param scope - Space-separated scope string
+ * @returns Object with isValid flag and array of invalid permissions
+ *
+ * @example
+ * ```typescript
+ * const scope = "account:email?action=read invalid:permission";
+ * const result = validateScope(scope);
+ * // Returns: { isValid: false, invalidPermissions: ['invalid:permission'] }
+ * ```
+ */
+declare function validateScope(scope: string): {
+    isValid: boolean;
+    invalidPermissions: string[];
+};
+export { ATPROTO_SCOPE, ATProtoSDK, ATProtoSDKConfigSchema, ATProtoSDKError, AccountActionSchema, AccountAttrSchema, AccountPermissionSchema, AuthenticationError, BlobPermissionSchema, CollaboratorPermissionsSchema, CollaboratorSchema, ConfigurableAgent, HYPERCERT_COLLECTIONS, HYPERCERT_LEXICONS, IdentityAttrSchema, IdentityPermissionSchema, InMemorySessionStore, InMemoryStateStore, IncludePermissionSchema, MimeTypeSchema, NetworkError, NsidSchema, OAuthConfigSchema, OrganizationSchema, PermissionBuilder, PermissionSchema, RepoActionSchema, RepoPermissionSchema, Repository, RpcPermissionSchema, SDSRequiredError, ScopePresets, ServerConfigSchema, SessionExpiredError, TRANSITION_SCOPES, TimeoutConfigSchema, TransitionScopeSchema, ValidationError, buildScope, createATProtoSDK, hasAllPermissions, hasAnyPermission, hasPermission, mergeScopes, parseScope, removePermissions, validateScope };
+export type { ATProtoSDKConfig, AccountAction, AccountAttr, AccountPermissionInput, AuthorizeOptions, BadgeAward, BadgeDefinition, BadgeResponse, BlobOperations, BlobPermissionInput, CacheInterface, Collaborator, CollaboratorOperations, CollaboratorPermissions, CreateHypercertParams, CreateHypercertResult, CreateResult, DID, FundingReceipt, HypercertClaim, HypercertCollection, HypercertCollectionClaimItem, HypercertContribution, HypercertEvaluation, HypercertEvents, HypercertEvidence, HypercertImage, HypercertImageRecord, HypercertLocation, HypercertMeasurement, HypercertOperations, HypercertProject, HypercertRights, HypercertWithMetadata, IdentityAttr, IdentityPermissionInput, IncludePermissionInput, ListParams, LoggerInterface, Organization, OrganizationInfo, OrganizationOperations, PaginatedList, Permission, PermissionInput, ProfileOperations, ProgressStep, RecordOperations, RepoAction, RepoPermissionInput, RepositoryAccessGrant, RepositoryOptions, RepositoryRole, RpcPermissionInput, Session, SessionStore, StateStore, StrongRef, TransitionScope, UpdateResult };