@insureco/bio 0.6.0 → 0.8.0

package/dist/{chunk-PLN6QPED.mjs → chunk-CKHMGUDP.mjs}

@@ -64,7 +64,48 @@ var GraphClient = class _GraphClient {
   async matchAppetite(input) {
     return this.post("/api/graph/appetite/match", input, { requiresAuth: true });
   }
+  // ─── Verification Routes (auth required, gas-metered) ─────────────────────
+  /**
+   * Verify an agent's license for a given state and line of business.
+   * Returns validity, license number, expiry, and a Septor proof hash.
+   */
+  async verifyLicense(input) {
+    return this.post("/api/graph/verify/license", input, { requiresAuth: true });
+  }
+  /**
+   * Verify an agent's appointment with a carrier.
+   * Returns validity, appointed date, states, and a Septor proof hash.
+   */
+  async verifyAppointment(input) {
+    return this.post("/api/graph/verify/appointment", input, { requiresAuth: true });
+  }
+  /**
+   * Get the distribution chain for an entity (agent → agency → MGA → carrier).
+   * Requires an accessToken (auth: required).
+   */
+  async getChain(entityId) {
+    return this.getAuth(`/api/graph/chain/${encodeURIComponent(entityId)}`);
+  }
+  /**
+   * Search across Agent, Agency, MGA, and Carrier nodes.
+   * Public route — no auth required.
+   */
+  async search(query, options) {
+    const params = new URLSearchParams({ q: query });
+    if (options?.limit) params.set("limit", String(options.limit));
+    if (options?.types?.length) params.set("types", options.types.join(","));
+    return this.get(`/api/graph/search?${params.toString()}`);
+  }
   // ─── Internal ─────────────────────────────────────────────────────────────
+  async getAuth(path) {
+    if (!this.accessToken) {
+      throw new BioError(
+        `bio-graph ${path} requires an accessToken \u2014 pass it in the GraphClient constructor`,
+        "config_error"
+      );
+    }
+    return this.get(path);
+  }
   async get(path, attempt = 0) {
     const url = `${this.graphUrl}${path}`;
     const controller = new AbortController();

package/dist/chunk-UBURAGWI.mjs

@@ -0,0 +1,154 @@
+// src/passport-client.ts
+var PassportClient = class {
+  config;
+  ws = null;
+  _passport = null;
+  _status = "disconnected";
+  reconnectAttempt = 0;
+  reconnectTimer = null;
+  listeners = /* @__PURE__ */ new Map();
+  closed = false;
+  constructor(config) {
+    this.config = {
+      autoReconnect: true,
+      maxReconnectDelay: 3e4,
+      ...config
+    };
+  }
+  /** Current passport object (null until first identity message) */
+  get passport() {
+    return this._passport;
+  }
+  /** Current connection status */
+  get status() {
+    return this._status;
+  }
+  /** Connect to the passport WebSocket */
+  connect() {
+    if (this.closed) return;
+    this.setStatus("connecting");
+    const url = new URL("/passport", this.config.bioIdUrl.replace(/^http/, "ws"));
+    url.searchParams.set("token", this.config.accessToken);
+    url.searchParams.set("version", "1");
+    if (this.config.service) {
+      url.searchParams.set("service", this.config.service);
+    }
+    this.ws = new WebSocket(url.toString());
+    this.ws.onopen = () => {
+      this.reconnectAttempt = 0;
+      this.setStatus("connected");
+      this.emit("connected", this._status);
+    };
+    this.ws.onmessage = (event) => {
+      try {
+        const data = JSON.parse(
+          typeof event.data === "string" ? event.data : ""
+        );
+        if (data.type === "identity" || data.type === "passport_updated") {
+          this._passport = data.passport ?? null;
+          this.emit(data.type, this._passport);
+        } else if (data.type === "revoked") {
+          this._passport = null;
+          this.emit("revoked");
+        }
+      } catch {
+      }
+    };
+    this.ws.onclose = (event) => {
+      this.setStatus("disconnected");
+      this.emit("disconnected", this._status);
+      if (event?.code === 4003 && this.config.refreshToken && this.config.bioAuth) {
+        this.handleTokenRefresh();
+        return;
+      }
+      this.scheduleReconnect();
+    };
+    this.ws.onerror = () => {
+      const error = new Error("Passport WebSocket error");
+      this.emit("error", error);
+    };
+  }
+  /** Subscribe to an event */
+  on(event, handler) {
+    if (!this.listeners.has(event)) {
+      this.listeners.set(event, /* @__PURE__ */ new Set());
+    }
+    this.listeners.get(event).add(handler);
+  }
+  /** Unsubscribe from an event */
+  off(event, handler) {
+    this.listeners.get(event)?.delete(handler);
+  }
+  /** Disconnect and stop reconnecting */
+  close() {
+    this.closed = true;
+    if (this.reconnectTimer) {
+      clearTimeout(this.reconnectTimer);
+      this.reconnectTimer = null;
+    }
+    if (this.ws) {
+      this.ws.onclose = null;
+      this.ws.close();
+      this.ws = null;
+    }
+    this.setStatus("disconnected");
+  }
+  /** Update access token (e.g. after refresh) and reconnect */
+  updateToken(accessToken) {
+    this.config.accessToken = accessToken;
+    if (this.ws) {
+      this.ws.onclose = null;
+      this.ws.close();
+      this.ws = null;
+    }
+    this.reconnectAttempt = 0;
+    this.connect();
+  }
+  async handleTokenRefresh() {
+    if (!this.config.refreshToken || !this.config.bioAuth) return;
+    try {
+      const tokens = await this.config.bioAuth.refreshToken(this.config.refreshToken);
+      this.config.accessToken = tokens.access_token;
+      if (tokens.refresh_token) {
+        this.config.refreshToken = tokens.refresh_token;
+      }
+      if (this.config.onTokenRefresh) {
+        this.config.onTokenRefresh(tokens);
+      }
+      this.reconnectAttempt = 0;
+      this.connect();
+    } catch {
+      this.emit("error", new Error("Token refresh failed"));
+    }
+  }
+  setStatus(status) {
+    this._status = status;
+  }
+  emit(event, ...args) {
+    const handlers = this.listeners.get(event);
+    if (handlers) {
+      for (const handler of handlers) {
+        try {
+          handler(...args);
+        } catch {
+        }
+      }
+    }
+  }
+  scheduleReconnect() {
+    if (this.closed || !this.config.autoReconnect) return;
+    const delay = Math.min(
+      1e3 * Math.pow(2, this.reconnectAttempt),
+      this.config.maxReconnectDelay ?? 3e4
+    );
+    this.reconnectAttempt++;
+    this.reconnectTimer = setTimeout(() => {
+      this.reconnectTimer = null;
+      this.connect();
+    }, delay);
+  }
+};
+
+export {
+  PassportClient
+};

package/dist/graph.d.mts

@@ -136,6 +136,57 @@ interface AppetiteMatchResult {
     programs: AppetiteMatchProgram[];
     total: number;
 }
+interface VerifyLicenseInput {
+    npn: string;
+    state: string;
+    lob: string;
+}
+interface LicenseVerifyResult {
+    valid: boolean;
+    licenseNumber: string | null;
+    expiry: string | null;
+    septorProof: string;
+}
+interface VerifyAppointmentInput {
+    npn: string;
+    carrierNaic: string;
+}
+interface AppointmentVerifyResult {
+    valid: boolean;
+    appointedDate: string | null;
+    states: string[];
+    septorProof: string;
+}
+interface GraphChainNode {
+    id: string;
+    type: string;
+    label: string;
+}
+interface GraphChainEdge {
+    source: string;
+    target: string;
+    type: string;
+}
+interface GraphChainResult {
+    nodes: GraphChainNode[];
+    edges: GraphChainEdge[];
+}
+interface GraphSearchOptions {
+    limit?: number;
+    types?: string[];
+}
+interface GraphSearchResultItem {
+    type: string;
+    iecHash: string;
+    name: string;
+    npn?: string;
+    naic?: string;
+    orgSlug?: string;
+}
+interface GraphSearchResult {
+    results: GraphSearchResultItem[];
+    total: number;
+}
 /**
  * Client for bio-graph InsureBio distribution graph endpoints.
  *
@@ -195,10 +246,31 @@ declare class GraphClient {
      * @param input - Risk criteria: NAICS code, state, line of business, optional limits
      */
     matchAppetite(input: AppetiteMatchInput): Promise<AppetiteMatchResult>;
+    /**
+     * Verify an agent's license for a given state and line of business.
+     * Returns validity, license number, expiry, and a Septor proof hash.
+     */
+    verifyLicense(input: VerifyLicenseInput): Promise<LicenseVerifyResult>;
+    /**
+     * Verify an agent's appointment with a carrier.
+     * Returns validity, appointed date, states, and a Septor proof hash.
+     */
+    verifyAppointment(input: VerifyAppointmentInput): Promise<AppointmentVerifyResult>;
+    /**
+     * Get the distribution chain for an entity (agent → agency → MGA → carrier).
+     * Requires an accessToken (auth: required).
+     */
+    getChain(entityId: string): Promise<GraphChainResult>;
+    /**
+     * Search across Agent, Agency, MGA, and Carrier nodes.
+     * Public route — no auth required.
+     */
+    search(query: string, options?: GraphSearchOptions): Promise<GraphSearchResult>;
+    private getAuth;
     private get;
     private post;
     private buildHeaders;
     private handleResponse;
 }
 
-export { type AgencyProfile, type AgencyProgram, type AgencyStaffMember, type AgentEmployer, type AgentProfile, type AppetiteMatchInput, type AppetiteMatchProgram, type AppetiteMatchResult, type CarrierProfile, type CarrierProgram, GraphClient, type GraphClientConfig, type ProgramProfile };
+export { type AgencyProfile, type AgencyProgram, type AgencyStaffMember, type AgentEmployer, type AgentProfile, type AppetiteMatchInput, type AppetiteMatchProgram, type AppetiteMatchResult, type AppointmentVerifyResult, type CarrierProfile, type CarrierProgram, type GraphChainEdge, type GraphChainNode, type GraphChainResult, GraphClient, type GraphClientConfig, type GraphSearchOptions, type GraphSearchResult, type GraphSearchResultItem, type LicenseVerifyResult, type ProgramProfile, type VerifyAppointmentInput, type VerifyLicenseInput };

package/dist/graph.d.ts

@@ -136,6 +136,57 @@ interface AppetiteMatchResult {
     programs: AppetiteMatchProgram[];
     total: number;
 }
+interface VerifyLicenseInput {
+    npn: string;
+    state: string;
+    lob: string;
+}
+interface LicenseVerifyResult {
+    valid: boolean;
+    licenseNumber: string | null;
+    expiry: string | null;
+    septorProof: string;
+}
+interface VerifyAppointmentInput {
+    npn: string;
+    carrierNaic: string;
+}
+interface AppointmentVerifyResult {
+    valid: boolean;
+    appointedDate: string | null;
+    states: string[];
+    septorProof: string;
+}
+interface GraphChainNode {
+    id: string;
+    type: string;
+    label: string;
+}
+interface GraphChainEdge {
+    source: string;
+    target: string;
+    type: string;
+}
+interface GraphChainResult {
+    nodes: GraphChainNode[];
+    edges: GraphChainEdge[];
+}
+interface GraphSearchOptions {
+    limit?: number;
+    types?: string[];
+}
+interface GraphSearchResultItem {
+    type: string;
+    iecHash: string;
+    name: string;
+    npn?: string;
+    naic?: string;
+    orgSlug?: string;
+}
+interface GraphSearchResult {
+    results: GraphSearchResultItem[];
+    total: number;
+}
 /**
  * Client for bio-graph InsureBio distribution graph endpoints.
  *
@@ -195,10 +246,31 @@ declare class GraphClient {
      * @param input - Risk criteria: NAICS code, state, line of business, optional limits
      */
     matchAppetite(input: AppetiteMatchInput): Promise<AppetiteMatchResult>;
+    /**
+     * Verify an agent's license for a given state and line of business.
+     * Returns validity, license number, expiry, and a Septor proof hash.
+     */
+    verifyLicense(input: VerifyLicenseInput): Promise<LicenseVerifyResult>;
+    /**
+     * Verify an agent's appointment with a carrier.
+     * Returns validity, appointed date, states, and a Septor proof hash.
+     */
+    verifyAppointment(input: VerifyAppointmentInput): Promise<AppointmentVerifyResult>;
+    /**
+     * Get the distribution chain for an entity (agent → agency → MGA → carrier).
+     * Requires an accessToken (auth: required).
+     */
+    getChain(entityId: string): Promise<GraphChainResult>;
+    /**
+     * Search across Agent, Agency, MGA, and Carrier nodes.
+     * Public route — no auth required.
+     */
+    search(query: string, options?: GraphSearchOptions): Promise<GraphSearchResult>;
+    private getAuth;
     private get;
     private post;
     private buildHeaders;
     private handleResponse;
 }
 
-export { type AgencyProfile, type AgencyProgram, type AgencyStaffMember, type AgentEmployer, type AgentProfile, type AppetiteMatchInput, type AppetiteMatchProgram, type AppetiteMatchResult, type CarrierProfile, type CarrierProgram, GraphClient, type GraphClientConfig, type ProgramProfile };
+export { type AgencyProfile, type AgencyProgram, type AgencyStaffMember, type AgentEmployer, type AgentProfile, type AppetiteMatchInput, type AppetiteMatchProgram, type AppetiteMatchResult, type AppointmentVerifyResult, type CarrierProfile, type CarrierProgram, type GraphChainEdge, type GraphChainNode, type GraphChainResult, GraphClient, type GraphClientConfig, type GraphSearchOptions, type GraphSearchResult, type GraphSearchResultItem, type LicenseVerifyResult, type ProgramProfile, type VerifyAppointmentInput, type VerifyLicenseInput };

package/dist/graph.js

@@ -120,7 +120,48 @@ var GraphClient = class _GraphClient {
   async matchAppetite(input) {
     return this.post("/api/graph/appetite/match", input, { requiresAuth: true });
   }
+  // ─── Verification Routes (auth required, gas-metered) ─────────────────────
+  /**
+   * Verify an agent's license for a given state and line of business.
+   * Returns validity, license number, expiry, and a Septor proof hash.
+   */
+  async verifyLicense(input) {
+    return this.post("/api/graph/verify/license", input, { requiresAuth: true });
+  }
+  /**
+   * Verify an agent's appointment with a carrier.
+   * Returns validity, appointed date, states, and a Septor proof hash.
+   */
+  async verifyAppointment(input) {
+    return this.post("/api/graph/verify/appointment", input, { requiresAuth: true });
+  }
+  /**
+   * Get the distribution chain for an entity (agent → agency → MGA → carrier).
+   * Requires an accessToken (auth: required).
+   */
+  async getChain(entityId) {
+    return this.getAuth(`/api/graph/chain/${encodeURIComponent(entityId)}`);
+  }
+  /**
+   * Search across Agent, Agency, MGA, and Carrier nodes.
+   * Public route — no auth required.
+   */
+  async search(query, options) {
+    const params = new URLSearchParams({ q: query });
+    if (options?.limit) params.set("limit", String(options.limit));
+    if (options?.types?.length) params.set("types", options.types.join(","));
+    return this.get(`/api/graph/search?${params.toString()}`);
+  }
   // ─── Internal ─────────────────────────────────────────────────────────────
+  async getAuth(path) {
+    if (!this.accessToken) {
+      throw new BioError(
+        `bio-graph ${path} requires an accessToken \u2014 pass it in the GraphClient constructor`,
+        "config_error"
+      );
+    }
+    return this.get(path);
+  }
   async get(path, attempt = 0) {
     const url = `${this.graphUrl}${path}`;
     const controller = new AbortController();

package/dist/graph.mjs

@@ -1,6 +1,6 @@
 import {
   GraphClient
-} from "./chunk-PLN6QPED.mjs";
+} from "./chunk-CKHMGUDP.mjs";
 import "./chunk-NK5VXXWF.mjs";
 export {
   GraphClient

package/dist/index.d.mts

@@ -1,6 +1,8 @@
-import { B as BioAuthConfig, A as AuthorizeOptions, a as AuthorizeResult, T as TokenResponse, b as BioUser, I as IntrospectResult, c as BioAdminConfig, U as UserFilters, d as UpdateUserData, e as BioDepartment, C as CreateDepartmentData, f as BioRole, g as CreateRoleData, h as BioOAuthClient, i as CreateClientData, E as EmbedClientConfig, j as EmbedLoginParams, k as EmbedAuthResult, l as EmbedSignupParams, m as EmbedMagicLinkParams, n as EmbedVerifyParams, o as EmbedRefreshParams, p as EmbedLogoutParams, q as BioTokenPayload, V as VerifyOptions, J as JWKSVerifyOptions } from './types-CJe1FP61.mjs';
-export { r as AdminResponse, s as BioAddress, t as BioClientTokenPayload, u as BioMessaging, v as BioUsersConfig, w as EmbedBranding, x as EmbedUser, O as OrgMember, y as OrgMemberFilters, z as OrgMembersResult } from './types-CJe1FP61.mjs';
-export { AgencyProfile, AgencyProgram, AgencyStaffMember, AgentEmployer, AgentProfile, AppetiteMatchInput, AppetiteMatchProgram, AppetiteMatchResult, CarrierProfile, CarrierProgram, GraphClient, GraphClientConfig, ProgramProfile } from './graph.mjs';
+import { b as BioAuthConfig, A as AuthorizeOptions, c as AuthorizeResult, S as SilentAuthOptions, T as TokenResponse, d as BioUser, I as IntrospectResult, e as BioAdminConfig, U as UserFilters, f as UpdateUserData, g as BioDepartment, C as CreateDepartmentData, h as BioRole, i as CreateRoleData, j as BioOAuthClient, k as CreateClientData, E as EmbedClientConfig, l as EmbedLoginParams, m as EmbedAuthResult, n as EmbedSignupParams, o as EmbedMagicLinkParams, p as EmbedVerifyParams, q as EmbedRefreshParams, r as EmbedLogoutParams, s as BioTokenPayload, V as VerifyOptions, J as JWKSVerifyOptions } from './types-DOpXwdF2.mjs';
+export { t as AdminResponse, u as BioAddress, v as BioClientTokenPayload, w as BioMessaging, B as BioUsersConfig, x as EmbedBranding, y as EmbedUser, z as OrgMember, O as OrgMemberFilters, a as OrgMembersResult, D as ServiceRole } from './types-DOpXwdF2.mjs';
+export { AgencyProfile, AgencyProgram, AgencyStaffMember, AgentEmployer, AgentProfile, AppetiteMatchInput, AppetiteMatchProgram, AppetiteMatchResult, AppointmentVerifyResult, CarrierProfile, CarrierProgram, GraphChainEdge, GraphChainNode, GraphChainResult, GraphClient, GraphClientConfig, GraphSearchOptions, GraphSearchResult, GraphSearchResultItem, LicenseVerifyResult, ProgramProfile, VerifyAppointmentInput, VerifyLicenseInput } from './graph.mjs';
+export { PassportClient } from './passport.mjs';
+export { P as Passport, b as PassportBranding, c as PassportClientConfig, d as PassportCrossOrgPermission, e as PassportEventType, f as PassportMessage, g as PassportServiceGrant, h as PassportSession, a as PassportStatus, i as PassportTokenRefresher, j as PassportVillage } from './passport-types-bPgjNxv-.mjs';
 
 /**
  * OAuth flow client for Bio-ID SSO.
@@ -28,6 +30,14 @@ declare class BioAuth {
      * Store the state and codeVerifier securely (e.g. in a cookie) for the callback.
      */
     getAuthorizationUrl(opts: AuthorizeOptions): AuthorizeResult;
+    /**
+     * Build an authorization URL with prompt=none for silent authentication.
+     *
+     * Useful for checking if the user has an existing session without showing
+     * a login screen. If the user is not authenticated, Bio-ID redirects back
+     * with an `error=login_required` query parameter instead of showing UI.
+     */
+    silentAuth(opts: SilentAuthOptions): AuthorizeResult;
     /**
      * Exchange an authorization code for tokens.
      *
@@ -240,4 +250,4 @@ declare function isTokenExpired(token: string, bufferSeconds?: number): boolean;
  */
 declare function verifyTokenJWKS(token: string, options?: JWKSVerifyOptions): Promise<BioTokenPayload>;
 
-export { AuthorizeOptions, AuthorizeResult, BioAdmin, BioAdminConfig, BioAuth, BioAuthConfig, BioDepartment, BioError, BioOAuthClient, BioRole, BioTokenPayload, BioUser, CreateClientData, CreateDepartmentData, CreateRoleData, EmbedAuthResult, EmbedClient, EmbedClientConfig, EmbedLoginParams, EmbedLogoutParams, EmbedMagicLinkParams, EmbedRefreshParams, EmbedSignupParams, EmbedVerifyParams, IntrospectResult, JWKSVerifyOptions, TokenResponse, UpdateUserData, UserFilters, VerifyOptions, decodeToken, generatePKCE, isTokenExpired, verifyToken, verifyTokenJWKS };
+export { AuthorizeOptions, AuthorizeResult, BioAdmin, BioAdminConfig, BioAuth, BioAuthConfig, BioDepartment, BioError, BioOAuthClient, BioRole, BioTokenPayload, BioUser, CreateClientData, CreateDepartmentData, CreateRoleData, EmbedAuthResult, EmbedClient, EmbedClientConfig, EmbedLoginParams, EmbedLogoutParams, EmbedMagicLinkParams, EmbedRefreshParams, EmbedSignupParams, EmbedVerifyParams, IntrospectResult, JWKSVerifyOptions, SilentAuthOptions, TokenResponse, UpdateUserData, UserFilters, VerifyOptions, decodeToken, generatePKCE, isTokenExpired, verifyToken, verifyTokenJWKS };

package/dist/index.d.ts

@@ -1,6 +1,8 @@
-import { B as BioAuthConfig, A as AuthorizeOptions, a as AuthorizeResult, T as TokenResponse, b as BioUser, I as IntrospectResult, c as BioAdminConfig, U as UserFilters, d as UpdateUserData, e as BioDepartment, C as CreateDepartmentData, f as BioRole, g as CreateRoleData, h as BioOAuthClient, i as CreateClientData, E as EmbedClientConfig, j as EmbedLoginParams, k as EmbedAuthResult, l as EmbedSignupParams, m as EmbedMagicLinkParams, n as EmbedVerifyParams, o as EmbedRefreshParams, p as EmbedLogoutParams, q as BioTokenPayload, V as VerifyOptions, J as JWKSVerifyOptions } from './types-CJe1FP61.js';
-export { r as AdminResponse, s as BioAddress, t as BioClientTokenPayload, u as BioMessaging, v as BioUsersConfig, w as EmbedBranding, x as EmbedUser, O as OrgMember, y as OrgMemberFilters, z as OrgMembersResult } from './types-CJe1FP61.js';
-export { AgencyProfile, AgencyProgram, AgencyStaffMember, AgentEmployer, AgentProfile, AppetiteMatchInput, AppetiteMatchProgram, AppetiteMatchResult, CarrierProfile, CarrierProgram, GraphClient, GraphClientConfig, ProgramProfile } from './graph.js';
+import { b as BioAuthConfig, A as AuthorizeOptions, c as AuthorizeResult, S as SilentAuthOptions, T as TokenResponse, d as BioUser, I as IntrospectResult, e as BioAdminConfig, U as UserFilters, f as UpdateUserData, g as BioDepartment, C as CreateDepartmentData, h as BioRole, i as CreateRoleData, j as BioOAuthClient, k as CreateClientData, E as EmbedClientConfig, l as EmbedLoginParams, m as EmbedAuthResult, n as EmbedSignupParams, o as EmbedMagicLinkParams, p as EmbedVerifyParams, q as EmbedRefreshParams, r as EmbedLogoutParams, s as BioTokenPayload, V as VerifyOptions, J as JWKSVerifyOptions } from './types-DOpXwdF2.js';
+export { t as AdminResponse, u as BioAddress, v as BioClientTokenPayload, w as BioMessaging, B as BioUsersConfig, x as EmbedBranding, y as EmbedUser, z as OrgMember, O as OrgMemberFilters, a as OrgMembersResult, D as ServiceRole } from './types-DOpXwdF2.js';
+export { AgencyProfile, AgencyProgram, AgencyStaffMember, AgentEmployer, AgentProfile, AppetiteMatchInput, AppetiteMatchProgram, AppetiteMatchResult, AppointmentVerifyResult, CarrierProfile, CarrierProgram, GraphChainEdge, GraphChainNode, GraphChainResult, GraphClient, GraphClientConfig, GraphSearchOptions, GraphSearchResult, GraphSearchResultItem, LicenseVerifyResult, ProgramProfile, VerifyAppointmentInput, VerifyLicenseInput } from './graph.js';
+export { PassportClient } from './passport.js';
+export { P as Passport, b as PassportBranding, c as PassportClientConfig, d as PassportCrossOrgPermission, e as PassportEventType, f as PassportMessage, g as PassportServiceGrant, h as PassportSession, a as PassportStatus, i as PassportTokenRefresher, j as PassportVillage } from './passport-types-bPgjNxv-.js';
 
 /**
  * OAuth flow client for Bio-ID SSO.
@@ -28,6 +30,14 @@ declare class BioAuth {
      * Store the state and codeVerifier securely (e.g. in a cookie) for the callback.
      */
     getAuthorizationUrl(opts: AuthorizeOptions): AuthorizeResult;
+    /**
+     * Build an authorization URL with prompt=none for silent authentication.
+     *
+     * Useful for checking if the user has an existing session without showing
+     * a login screen. If the user is not authenticated, Bio-ID redirects back
+     * with an `error=login_required` query parameter instead of showing UI.
+     */
+    silentAuth(opts: SilentAuthOptions): AuthorizeResult;
     /**
      * Exchange an authorization code for tokens.
      *
@@ -240,4 +250,4 @@ declare function isTokenExpired(token: string, bufferSeconds?: number): boolean;
  */
 declare function verifyTokenJWKS(token: string, options?: JWKSVerifyOptions): Promise<BioTokenPayload>;
 
-export { AuthorizeOptions, AuthorizeResult, BioAdmin, BioAdminConfig, BioAuth, BioAuthConfig, BioDepartment, BioError, BioOAuthClient, BioRole, BioTokenPayload, BioUser, CreateClientData, CreateDepartmentData, CreateRoleData, EmbedAuthResult, EmbedClient, EmbedClientConfig, EmbedLoginParams, EmbedLogoutParams, EmbedMagicLinkParams, EmbedRefreshParams, EmbedSignupParams, EmbedVerifyParams, IntrospectResult, JWKSVerifyOptions, TokenResponse, UpdateUserData, UserFilters, VerifyOptions, decodeToken, generatePKCE, isTokenExpired, verifyToken, verifyTokenJWKS };
+export { AuthorizeOptions, AuthorizeResult, BioAdmin, BioAdminConfig, BioAuth, BioAuthConfig, BioDepartment, BioError, BioOAuthClient, BioRole, BioTokenPayload, BioUser, CreateClientData, CreateDepartmentData, CreateRoleData, EmbedAuthResult, EmbedClient, EmbedClientConfig, EmbedLoginParams, EmbedLogoutParams, EmbedMagicLinkParams, EmbedRefreshParams, EmbedSignupParams, EmbedVerifyParams, IntrospectResult, JWKSVerifyOptions, SilentAuthOptions, TokenResponse, UpdateUserData, UserFilters, VerifyOptions, decodeToken, generatePKCE, isTokenExpired, verifyToken, verifyTokenJWKS };