npm - @juspay/neurolink - Versions diffs - 9.31.2 → 9.32.0 - Mend

@juspay/neurolink 9.31.2 → 9.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (161) hide show

package/CHANGELOG.md +6 -0
package/dist/auth/AuthProviderFactory.d.ts +71 -0
package/dist/auth/AuthProviderFactory.js +111 -0
package/dist/auth/AuthProviderRegistry.d.ts +33 -0
package/dist/auth/AuthProviderRegistry.js +190 -0
package/dist/auth/RequestContext.d.ts +23 -0
package/dist/auth/RequestContext.js +78 -0
package/dist/auth/authContext.d.ts +198 -0
package/dist/auth/authContext.js +314 -0
package/dist/auth/errors.d.ts +63 -0
package/dist/auth/errors.js +39 -0
package/dist/auth/index.d.ts +20 -8
package/dist/auth/index.js +35 -7
package/dist/auth/middleware/AuthMiddleware.d.ts +181 -0
package/dist/auth/middleware/AuthMiddleware.js +519 -0
package/dist/auth/middleware/rateLimitByUser.d.ts +282 -0
package/dist/auth/middleware/rateLimitByUser.js +554 -0
package/dist/auth/providers/BaseAuthProvider.d.ts +259 -0
package/dist/auth/providers/BaseAuthProvider.js +723 -0
package/dist/auth/providers/CognitoProvider.d.ts +61 -0
package/dist/auth/providers/CognitoProvider.js +304 -0
package/dist/auth/providers/KeycloakProvider.d.ts +61 -0
package/dist/auth/providers/KeycloakProvider.js +393 -0
package/dist/auth/providers/auth0.d.ts +59 -0
package/dist/auth/providers/auth0.js +274 -0
package/dist/auth/providers/betterAuth.d.ts +51 -0
package/dist/auth/providers/betterAuth.js +182 -0
package/dist/auth/providers/clerk.d.ts +65 -0
package/dist/auth/providers/clerk.js +317 -0
package/dist/auth/providers/custom.d.ts +64 -0
package/dist/auth/providers/custom.js +112 -0
package/dist/auth/providers/firebase.d.ts +63 -0
package/dist/auth/providers/firebase.js +226 -0
package/dist/auth/providers/jwt.d.ts +68 -0
package/dist/auth/providers/jwt.js +212 -0
package/dist/auth/providers/oauth2.d.ts +73 -0
package/dist/auth/providers/oauth2.js +303 -0
package/dist/auth/providers/supabase.d.ts +63 -0
package/dist/auth/providers/supabase.js +259 -0
package/dist/auth/providers/workos.d.ts +61 -0
package/dist/auth/providers/workos.js +284 -0
package/dist/auth/serverBridge.d.ts +14 -0
package/dist/auth/serverBridge.js +25 -0
package/dist/auth/sessionManager.d.ts +142 -0
package/dist/auth/sessionManager.js +437 -0
package/dist/cli/commands/authProviders.d.ts +43 -0
package/dist/cli/commands/authProviders.js +399 -0
package/dist/cli/factories/authCommandFactory.d.ts +23 -5
package/dist/cli/factories/authCommandFactory.js +108 -5
package/dist/cli/parser.js +1 -1
package/dist/client/auth/AuthProviderFactory.js +111 -0
package/dist/client/auth/AuthProviderRegistry.js +190 -0
package/dist/client/auth/RequestContext.js +78 -0
package/dist/client/auth/accountPool.js +178 -0
package/dist/client/auth/authContext.js +314 -0
package/dist/client/auth/errors.js +39 -0
package/dist/client/auth/index.js +61 -0
package/dist/client/auth/middleware/AuthMiddleware.js +519 -0
package/dist/client/auth/middleware/rateLimitByUser.js +554 -0
package/dist/client/auth/providers/BaseAuthProvider.js +723 -0
package/dist/client/auth/providers/CognitoProvider.js +304 -0
package/dist/client/auth/providers/KeycloakProvider.js +393 -0
package/dist/client/auth/providers/auth0.js +274 -0
package/dist/client/auth/providers/betterAuth.js +182 -0
package/dist/client/auth/providers/clerk.js +317 -0
package/dist/client/auth/providers/custom.js +112 -0
package/dist/client/auth/providers/firebase.js +226 -0
package/dist/client/auth/providers/jwt.js +212 -0
package/dist/client/auth/providers/oauth2.js +303 -0
package/dist/client/auth/providers/supabase.js +259 -0
package/dist/client/auth/providers/workos.js +284 -0
package/dist/client/auth/serverBridge.js +25 -0
package/dist/client/auth/sessionManager.js +437 -0
package/dist/client/core/infrastructure/baseRegistry.js +5 -1
package/dist/client/index.js +25 -0
package/dist/client/mcp/toolRegistry.js +11 -1
package/dist/client/neurolink.js +218 -0
package/dist/client/rag/ChunkerRegistry.js +2 -2
package/dist/client/rag/metadata/MetadataExtractorRegistry.js +2 -2
package/dist/client/rag/reranker/RerankerRegistry.js +2 -2
package/dist/client/server/routes/agentRoutes.js +20 -2
package/dist/client/types/authTypes.js +2 -1
package/dist/core/infrastructure/baseRegistry.d.ts +3 -1
package/dist/core/infrastructure/baseRegistry.js +5 -1
package/dist/index.d.ts +1 -0
package/dist/index.js +25 -0
package/dist/lib/auth/AuthProviderFactory.d.ts +71 -0
package/dist/lib/auth/AuthProviderFactory.js +112 -0
package/dist/lib/auth/AuthProviderRegistry.d.ts +33 -0
package/dist/lib/auth/AuthProviderRegistry.js +191 -0
package/dist/lib/auth/RequestContext.d.ts +23 -0
package/dist/lib/auth/RequestContext.js +79 -0
package/dist/lib/auth/authContext.d.ts +198 -0
package/dist/lib/auth/authContext.js +315 -0
package/dist/lib/auth/errors.d.ts +63 -0
package/dist/lib/auth/errors.js +40 -0
package/dist/lib/auth/index.d.ts +20 -8
package/dist/lib/auth/index.js +35 -7
package/dist/lib/auth/middleware/AuthMiddleware.d.ts +181 -0
package/dist/lib/auth/middleware/AuthMiddleware.js +520 -0
package/dist/lib/auth/middleware/rateLimitByUser.d.ts +282 -0
package/dist/lib/auth/middleware/rateLimitByUser.js +555 -0
package/dist/lib/auth/providers/BaseAuthProvider.d.ts +259 -0
package/dist/lib/auth/providers/BaseAuthProvider.js +724 -0
package/dist/lib/auth/providers/CognitoProvider.d.ts +61 -0
package/dist/lib/auth/providers/CognitoProvider.js +305 -0
package/dist/lib/auth/providers/KeycloakProvider.d.ts +61 -0
package/dist/lib/auth/providers/KeycloakProvider.js +394 -0
package/dist/lib/auth/providers/auth0.d.ts +59 -0
package/dist/lib/auth/providers/auth0.js +275 -0
package/dist/lib/auth/providers/betterAuth.d.ts +51 -0
package/dist/lib/auth/providers/betterAuth.js +183 -0
package/dist/lib/auth/providers/clerk.d.ts +65 -0
package/dist/lib/auth/providers/clerk.js +318 -0
package/dist/lib/auth/providers/custom.d.ts +64 -0
package/dist/lib/auth/providers/custom.js +113 -0
package/dist/lib/auth/providers/firebase.d.ts +63 -0
package/dist/lib/auth/providers/firebase.js +227 -0
package/dist/lib/auth/providers/jwt.d.ts +68 -0
package/dist/lib/auth/providers/jwt.js +213 -0
package/dist/lib/auth/providers/oauth2.d.ts +73 -0
package/dist/lib/auth/providers/oauth2.js +304 -0
package/dist/lib/auth/providers/supabase.d.ts +63 -0
package/dist/lib/auth/providers/supabase.js +260 -0
package/dist/lib/auth/providers/workos.d.ts +61 -0
package/dist/lib/auth/providers/workos.js +285 -0
package/dist/lib/auth/serverBridge.d.ts +14 -0
package/dist/lib/auth/serverBridge.js +26 -0
package/dist/lib/auth/sessionManager.d.ts +142 -0
package/dist/lib/auth/sessionManager.js +438 -0
package/dist/lib/core/infrastructure/baseRegistry.d.ts +3 -1
package/dist/lib/core/infrastructure/baseRegistry.js +5 -1
package/dist/lib/index.d.ts +1 -0
package/dist/lib/index.js +25 -0
package/dist/lib/mcp/toolRegistry.js +11 -1
package/dist/lib/neurolink.d.ts +42 -1
package/dist/lib/neurolink.js +218 -0
package/dist/lib/rag/ChunkerRegistry.js +2 -2
package/dist/lib/rag/metadata/MetadataExtractorRegistry.js +2 -2
package/dist/lib/rag/reranker/RerankerRegistry.js +2 -2
package/dist/lib/server/routes/agentRoutes.js +20 -2
package/dist/lib/types/authTypes.d.ts +937 -1
package/dist/lib/types/authTypes.js +2 -1
package/dist/lib/types/configTypes.d.ts +46 -0
package/dist/lib/types/generateTypes.d.ts +6 -0
package/dist/lib/types/index.d.ts +1 -0
package/dist/lib/types/streamTypes.d.ts +6 -0
package/dist/mcp/toolRegistry.js +11 -1
package/dist/neurolink.d.ts +42 -1
package/dist/neurolink.js +218 -0
package/dist/rag/ChunkerRegistry.js +2 -2
package/dist/rag/metadata/MetadataExtractorRegistry.js +2 -2
package/dist/rag/reranker/RerankerRegistry.js +2 -2
package/dist/server/routes/agentRoutes.js +20 -2
package/dist/types/authTypes.d.ts +937 -1
package/dist/types/authTypes.js +2 -1
package/dist/types/configTypes.d.ts +46 -0
package/dist/types/generateTypes.d.ts +6 -0
package/dist/types/index.d.ts +1 -0
package/dist/types/streamTypes.d.ts +6 -0
package/package.json +2 -1

package/dist/lib/auth/providers/workos.js ADDED Viewed

@@ -0,0 +1,285 @@
+// src/lib/auth/providers/workos.ts
+import { logger } from "../../utils/logger.js";
+import { createProxyFetch } from "../../proxy/proxyFetch.js";
+import { AuthError } from "../errors.js";
+import * as jose from "jose";
+import { BaseAuthProvider } from "./BaseAuthProvider.js";
+/**
+ * WorkOS Authentication Provider
+ *
+ * Supports WorkOS for enterprise SSO and user management.
+ * Validates JWTs issued by WorkOS and fetches user information.
+ *
+ * Features:
+ * - JWT validation using WorkOS JWKS
+ * - SSO token validation
+ * - Enterprise directory integration
+ * - Organization support for multi-tenant apps
+ * - Session management (inherited from BaseAuthProvider)
+ *
+ * @example
+ * ```typescript
+ * const workos = new WorkOSProvider({
+ *   type: "workos",
+ *   apiKey: "sk_...",
+ *   clientId: "client_..."
+ * });
+ *
+ * const result = await workos.authenticateToken(accessToken);
+ * if (result.valid) {
+ *   console.log("Authenticated user:", result.user);
+ * }
+ * ```
+ */
+export class WorkOSProvider extends BaseAuthProvider {
+    type = "workos";
+    apiKey;
+    clientId;
+    organizationId;
+    jwks = null;
+    constructor(config) {
+        super(config);
+        if (!config.apiKey) {
+            throw AuthError.create("CONFIGURATION_ERROR", "WorkOS API key is required", { details: { provider: "workos", missingFields: ["apiKey"] } });
+        }
+        if (!config.clientId) {
+            throw AuthError.create("CONFIGURATION_ERROR", "WorkOS client ID is required", { details: { provider: "workos", missingFields: ["clientId"] } });
+        }
+        this.apiKey = config.apiKey;
+        this.clientId = config.clientId;
+        this.organizationId = config.organizationId;
+    }
+    /**
+     * Initialize JWKS for WorkOS token verification
+     */
+    async initialize() {
+        const jwksUrl = new URL("https://api.workos.com/sso/jwks");
+        this.jwks = jose.createRemoteJWKSet(jwksUrl);
+        logger.debug("WorkOS provider initialized");
+    }
+    /**
+     * Validate WorkOS access token
+     */
+    async authenticateToken(token, _context) {
+        if (!this.jwks) {
+            await this.initialize();
+        }
+        try {
+            // Verify the JWT
+            const { payload } = await jose.jwtVerify(token, this.jwks, {
+                audience: this.clientId,
+            });
+            // Enforce organizationId if configured
+            if (this.organizationId &&
+                payload.org_id !== this.organizationId) {
+                return {
+                    valid: false,
+                    error: `Organization mismatch: expected ${this.organizationId}, got ${payload.org_id}`,
+                };
+            }
+            const user = {
+                id: payload.sub,
+                email: payload.email,
+                name: payload.first_name && payload.last_name
+                    ? `${payload.first_name} ${payload.last_name}`.trim()
+                    : undefined,
+                emailVerified: true, // WorkOS verifies emails via SSO
+                roles: payload.roles || [],
+                permissions: payload.permissions || [],
+                organizationId: payload.org_id,
+                metadata: {
+                    connection_id: payload.connection_id,
+                    connection_type: payload.connection_type,
+                    idp_id: payload.idp_id,
+                },
+            };
+            return {
+                valid: true,
+                payload: payload,
+                user,
+                expiresAt: payload.exp ? new Date(payload.exp * 1000) : undefined,
+                tokenType: "jwt",
+            };
+        }
+        catch {
+            // If JWT validation fails, try session validation via API
+            return this.validateSessionViaAPI(token);
+        }
+    }
+    /**
+     * Validate session via WorkOS API
+     */
+    async validateSessionViaAPI(token) {
+        try {
+            const proxyFetch = createProxyFetch();
+            const response = await proxyFetch("https://api.workos.com/user_management/authenticate", {
+                method: "POST",
+                headers: {
+                    Authorization: `Bearer ${this.apiKey}`,
+                    "Content-Type": "application/json",
+                },
+                body: JSON.stringify({
+                    session_token: token,
+                    client_id: this.clientId,
+                }),
+                signal: AbortSignal.timeout(5000),
+            });
+            if (!response.ok) {
+                return {
+                    valid: false,
+                    error: `Session validation failed: HTTP ${response.status}`,
+                };
+            }
+            const data = (await response.json());
+            if (!data.user) {
+                return {
+                    valid: false,
+                    error: "User not found in session",
+                };
+            }
+            // Enforce organizationId if configured
+            if (this.organizationId && data.organization_id !== this.organizationId) {
+                return {
+                    valid: false,
+                    error: `Organization mismatch: expected ${this.organizationId}, got ${data.organization_id}`,
+                };
+            }
+            const user = {
+                id: data.user.id,
+                email: data.user.email,
+                name: data.user.first_name && data.user.last_name
+                    ? `${data.user.first_name} ${data.user.last_name}`.trim()
+                    : undefined,
+                picture: data.user.profile_picture_url,
+                emailVerified: data.user.email_verified,
+                roles: [],
+                permissions: [],
+                organizationId: data.organization_id,
+                createdAt: data.user.created_at
+                    ? new Date(data.user.created_at)
+                    : undefined,
+                metadata: data.user,
+            };
+            return {
+                valid: true,
+                payload: data,
+                user,
+                tokenType: "session",
+            };
+        }
+        catch (error) {
+            return {
+                valid: false,
+                error: error instanceof Error ? error.message : String(error),
+            };
+        }
+    }
+    /**
+     * Get user by ID via WorkOS API
+     */
+    async getUser(userId) {
+        try {
+            const proxyFetch = createProxyFetch();
+            const response = await proxyFetch(`https://api.workos.com/user_management/users/${userId}`, {
+                headers: {
+                    Authorization: `Bearer ${this.apiKey}`,
+                },
+            });
+            if (!response.ok) {
+                if (response.status === 404) {
+                    return null;
+                }
+                throw AuthError.create("PROVIDER_ERROR", `WorkOS API returned ${response.status}`, { details: { provider: "workos", statusCode: response.status } });
+            }
+            const data = (await response.json());
+            return {
+                id: data.id,
+                email: data.email,
+                name: data.first_name && data.last_name
+                    ? `${data.first_name} ${data.last_name}`.trim()
+                    : undefined,
+                picture: data.profile_picture_url,
+                emailVerified: data.email_verified,
+                roles: [],
+                permissions: [],
+                createdAt: data.created_at
+                    ? new Date(data.created_at)
+                    : undefined,
+                metadata: data,
+            };
+        }
+        catch (error) {
+            logger.error("Failed to fetch WorkOS user:", error instanceof Error ? error.message : String(error));
+            // Always rethrow -- transport errors should not be silenced as null
+            throw error;
+        }
+    }
+    /**
+     * Get user by email via WorkOS API
+     */
+    async getUserByEmail(email) {
+        try {
+            const proxyFetch = createProxyFetch();
+            const response = await proxyFetch(`https://api.workos.com/user_management/users?email=${encodeURIComponent(email)}`, {
+                headers: {
+                    Authorization: `Bearer ${this.apiKey}`,
+                },
+            });
+            if (!response.ok) {
+                throw AuthError.create("PROVIDER_ERROR", `WorkOS API returned ${response.status}`, { details: { provider: "workos", statusCode: response.status } });
+            }
+            const result = (await response.json());
+            const users = result.data || [];
+            if (users.length === 0) {
+                return null;
+            }
+            const data = users[0];
+            return {
+                id: data.id,
+                email: data.email,
+                name: data.first_name && data.last_name
+                    ? `${data.first_name} ${data.last_name}`.trim()
+                    : undefined,
+                picture: data.profile_picture_url,
+                emailVerified: data.email_verified,
+                roles: [],
+                permissions: [],
+                createdAt: data.created_at
+                    ? new Date(data.created_at)
+                    : undefined,
+                metadata: data,
+            };
+        }
+        catch (error) {
+            logger.error("Failed to fetch WorkOS user by email:", error instanceof Error ? error.message : String(error));
+            // Rethrow AuthErrors, silence unknown transport errors
+            if (error instanceof Error && error.name === "AuthError") {
+                throw error;
+            }
+            return null;
+        }
+    }
+    /**
+     * Health check
+     */
+    async healthCheck() {
+        try {
+            const proxyFetch = createProxyFetch();
+            const response = await proxyFetch("https://api.workos.com/sso/jwks");
+            return {
+                healthy: response.ok,
+                providerConnected: response.ok,
+                sessionStorageHealthy: true,
+            };
+        }
+        catch (error) {
+            return {
+                healthy: false,
+                providerConnected: false,
+                sessionStorageHealthy: true,
+                error: error instanceof Error ? error.message : String(error),
+            };
+        }
+    }
+}
+//# sourceMappingURL=workos.js.map

package/dist/lib/auth/serverBridge.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * Bridge between auth providers and NeuroLink's server middleware.
+ * Converts an auth provider's authenticateToken() into the validate
+ * callback expected by the existing createAuthMiddleware.
+ */
+import type { MastraAuthProvider } from "../types/authTypes.js";
+/**
+ * Create a validate function for server auth middleware from an auth provider.
+ */
+export declare function createAuthValidatorFromProvider(provider: MastraAuthProvider): (token: string, ctx: unknown) => Promise<{
+    id: string;
+    email?: string;
+    roles?: string[];
+} | null>;

package/dist/lib/auth/serverBridge.js ADDED Viewed

@@ -0,0 +1,26 @@
+/**
+ * Bridge between auth providers and NeuroLink's server middleware.
+ * Converts an auth provider's authenticateToken() into the validate
+ * callback expected by the existing createAuthMiddleware.
+ */
+/**
+ * Create a validate function for server auth middleware from an auth provider.
+ */
+export function createAuthValidatorFromProvider(provider) {
+    return async (token, ctx) => {
+        const result = await provider.authenticateToken(token, ctx);
+        if (!result.valid) {
+            return null;
+        }
+        if (result.user) {
+            return {
+                id: result.user.id,
+                email: result.user.email,
+                roles: result.user.roles,
+            };
+        }
+        // Fail closed: valid token without a resolved user is treated as failure
+        return null;
+    };
+}
+//# sourceMappingURL=serverBridge.js.map

package/dist/lib/auth/sessionManager.d.ts ADDED Viewed

@@ -0,0 +1,142 @@
+import type { AuthUser, AuthSession, SessionConfig } from "../types/authTypes.js";
+/**
+ * Session storage interface for SessionManager
+ *
+ * Defines the contract for session storage backends (memory, Redis, custom).
+ * Note: This is a SessionManager-specific interface that uses `set()`/`getUserSessions()`/
+ * `deleteUserSessions()`/`isHealthy()` method names, which differ from the canonical
+ * `SessionStorage` type in `../types/authTypes.js` (which uses `save()`/`getForUser()`/
+ * `deleteAllForUser()`/`exists()`/`touch()`). Both interfaces coexist because
+ * SessionManager and BaseAuthProvider have separate storage patterns.
+ */
+export interface SessionManagerStorage {
+    /** Get a session by ID */
+    get(sessionId: string): Promise<AuthSession | null>;
+    /** Store a session */
+    set(session: AuthSession): Promise<void>;
+    /** Delete a session */
+    delete(sessionId: string): Promise<void>;
+    /** Get all sessions for a user */
+    getUserSessions(userId: string): Promise<AuthSession[]>;
+    /** Delete all sessions for a user */
+    deleteUserSessions(userId: string): Promise<void>;
+    /** Clear all sessions (for cleanup) */
+    clear(): Promise<void>;
+    /** Health check */
+    isHealthy(): Promise<boolean>;
+}
+/**
+ * In-memory session storage
+ *
+ * Simple session storage using Map. Suitable for single-instance deployments
+ * or development. Sessions are lost on restart.
+ */
+export declare class MemorySessionStorage implements SessionManagerStorage {
+    private sessions;
+    private userSessions;
+    get(sessionId: string): Promise<AuthSession | null>;
+    set(session: AuthSession): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    getUserSessions(userId: string): Promise<AuthSession[]>;
+    deleteUserSessions(userId: string): Promise<void>;
+    clear(): Promise<void>;
+    isHealthy(): Promise<boolean>;
+}
+/**
+ * Redis session storage
+ *
+ * Distributed session storage using Redis. Suitable for multi-instance
+ * deployments. Requires ioredis or similar Redis client.
+ *
+ * Note: Redis client must be provided or configured via environment.
+ */
+export declare class RedisSessionStorage implements SessionManagerStorage {
+    private prefix;
+    private ttl;
+    private redisUrl;
+    private client;
+    private initPromise;
+    constructor(config: {
+        url: string;
+        prefix?: string;
+        ttl?: number;
+    });
+    private getClient;
+    private createClient;
+    private sessionKey;
+    private userSessionsKey;
+    get(sessionId: string): Promise<AuthSession | null>;
+    set(session: AuthSession): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    getUserSessions(userId: string): Promise<AuthSession[]>;
+    deleteUserSessions(userId: string): Promise<void>;
+    clear(): Promise<void>;
+    isHealthy(): Promise<boolean>;
+    disconnect(): Promise<void>;
+}
+/**
+ * Session Manager
+ *
+ * High-level session management that handles session lifecycle,
+ * automatic refresh, and storage abstraction.
+ */
+export declare class SessionManager {
+    private storage;
+    private config;
+    constructor(config?: SessionConfig);
+    private createStorage;
+    /**
+     * Create a new session
+     */
+    createSession(user: AuthUser, metadata?: {
+        ipAddress?: string;
+        userAgent?: string;
+        deviceId?: string;
+    }): Promise<AuthSession>;
+    /**
+     * Get a session by ID
+     *
+     * Optionally auto-refreshes if close to expiration.
+     */
+    getSession(sessionId: string, autoRefresh?: boolean | undefined): Promise<AuthSession | null>;
+    /**
+     * Check if session should be refreshed
+     */
+    private shouldRefresh;
+    /**
+     * Refresh a session
+     */
+    refreshSession(sessionId: string): Promise<AuthSession | null>;
+    /**
+     * Destroy a session
+     */
+    destroySession(sessionId: string): Promise<void>;
+    /**
+     * Get all sessions for a user
+     */
+    getUserSessions(userId: string): Promise<AuthSession[]>;
+    /**
+     * Destroy all sessions for a user (global logout)
+     */
+    destroyAllUserSessions(userId: string): Promise<void>;
+    /**
+     * Validate a session is still active
+     */
+    validateSession(sessionId: string): Promise<boolean>;
+    /**
+     * Update session metadata
+     */
+    updateSessionMetadata(sessionId: string, metadata: Record<string, unknown>): Promise<AuthSession | null>;
+    /**
+     * Health check
+     */
+    isHealthy(): Promise<boolean>;
+    /**
+     * Clear all sessions (for testing/cleanup)
+     */
+    clear(): Promise<void>;
+}
+/**
+ * Create session storage based on configuration
+ */
+export declare function createSessionStorage(config: SessionConfig): SessionManagerStorage;