@oxyhq/auth 2.0.3 → 2.0.5

package/dist/types/WebOxyProvider.d.ts

@@ -59,7 +59,7 @@ export interface WebOxyProviderProps {
  * }
  * ```
  */
-export declare function WebOxyProvider({ children, baseURL, authWebUrl, onAuthStateChange, onError, preferredAuthMethod, skipAutoCheck, }: WebOxyProviderProps): import("react/jsx-runtime").JSX.Element;
+export declare function WebOxyProvider({ children, baseURL, authWebUrl, onAuthStateChange, onError, preferredAuthMethod, skipAutoCheck, }: WebOxyProviderProps): import("react/jsx-runtime").JSX.Element | null;
 /**
  * Hook to access the full Web Oxy context.
  */

package/dist/types/hooks/mutations/useAccountMutations.d.ts

@@ -1,4 +1,4 @@
-import type { User } from '@oxyhq/core';
+import type { PrivacySettings, User } from '@oxyhq/core';
 /**
  * Update user profile with optimistic updates and offline queue support
  */
@@ -12,19 +12,163 @@ export declare const useUploadAvatar: () => import("@tanstack/react-query").UseM
     previousUser: User | undefined;
 }>;
 /**
- * Update account settings
+ * Variables accepted by the `useUpdateAccountSettings` mutation.
+ *
+ * `currentUser` is captured at dispatch time so the rebuilt user object the
+ * mutation returns is computed against a stable snapshot — NOT the cache
+ * value at the moment the API call settles. Reading from the cache inside
+ * `mutationFn` would race with sibling optimistic updates: a concurrent
+ * write could already have overwritten the cache by the time the privacy
+ * update returns, causing the rebuilt user to clobber the sibling's
+ * optimistic value.
  */
-export declare const useUpdateAccountSettings: () => import("@tanstack/react-query").UseMutationResult<any, Error, Record<string, any>, {
-    previousUser: User | undefined;
-}>;
+interface UpdateAccountSettingsVariables {
+    updates: Partial<PrivacySettings>;
+    currentUser: User;
+}
+/**
+ * Update account settings (privacy preferences).
+ *
+ * Privacy settings are not part of the `PUT /users/me` allow-list; the API
+ * would silently drop them. Route through `updatePrivacySettings` so the
+ * dedicated `PATCH /privacy/:id/privacy` endpoint performs a dot-path merge
+ * and returns the updated `privacySettings` object.
+ *
+ * The returned object exposes the standard mutation surface PLUS a
+ * convenience `mutate(updates)` / `mutateAsync(updates)` that snapshots
+ * the current user from `useWebOxy()` at dispatch time.
+ */
+export declare const useUpdateAccountSettings: () => {
+    mutate: (updates: Partial<PrivacySettings>) => void;
+    mutateAsync: (updates: Partial<PrivacySettings>) => Promise<User>;
+    data: undefined;
+    variables: undefined;
+    error: null;
+    isError: false;
+    isIdle: true;
+    isPending: false;
+    isSuccess: false;
+    status: "idle";
+    reset: () => void;
+    context: {
+        previousUser: User | undefined;
+    } | undefined;
+    failureCount: number;
+    failureReason: Error | null;
+    isPaused: boolean;
+    submittedAt: number;
+} | {
+    mutate: (updates: Partial<PrivacySettings>) => void;
+    mutateAsync: (updates: Partial<PrivacySettings>) => Promise<User>;
+    data: undefined;
+    variables: UpdateAccountSettingsVariables;
+    error: null;
+    isError: false;
+    isIdle: false;
+    isPending: true;
+    isSuccess: false;
+    status: "pending";
+    reset: () => void;
+    context: {
+        previousUser: User | undefined;
+    } | undefined;
+    failureCount: number;
+    failureReason: Error | null;
+    isPaused: boolean;
+    submittedAt: number;
+} | {
+    mutate: (updates: Partial<PrivacySettings>) => void;
+    mutateAsync: (updates: Partial<PrivacySettings>) => Promise<User>;
+    data: undefined;
+    error: Error;
+    variables: UpdateAccountSettingsVariables;
+    isError: true;
+    isIdle: false;
+    isPending: false;
+    isSuccess: false;
+    status: "error";
+    reset: () => void;
+    context: {
+        previousUser: User | undefined;
+    } | undefined;
+    failureCount: number;
+    failureReason: Error | null;
+    isPaused: boolean;
+    submittedAt: number;
+} | {
+    mutate: (updates: Partial<PrivacySettings>) => void;
+    mutateAsync: (updates: Partial<PrivacySettings>) => Promise<User>;
+    data: {
+        privacySettings: PrivacySettings;
+        id: string;
+        publicKey: string;
+        username: string;
+        email?: string;
+        avatar?: string;
+        color?: string;
+        name?: {
+            first?: string;
+            last?: string;
+            full?: string;
+            [key: string]: unknown;
+        };
+        bio?: string;
+        karma?: number;
+        location?: string;
+        website?: string;
+        createdAt?: string;
+        updatedAt?: string;
+        links?: Array<{
+            title?: string;
+            description?: string;
+            image?: string;
+            link: string;
+        }>;
+        _count?: {
+            followers?: number;
+            following?: number;
+        };
+        accountExpiresAfterInactivityDays?: number | null;
+        type?: "local" | "federated" | "agent" | "automated";
+        isFederated?: boolean;
+        isAgent?: boolean;
+        isAutomated?: boolean;
+        instance?: string;
+        federation?: {
+            actorUri?: string;
+            domain?: string;
+            actorId?: string;
+        };
+        automation?: {
+            ownerId?: string;
+        };
+        isManagedAccount?: boolean;
+        managedBy?: string;
+    };
+    error: null;
+    variables: UpdateAccountSettingsVariables;
+    isError: false;
+    isIdle: false;
+    isPending: false;
+    isSuccess: true;
+    status: "success";
+    reset: () => void;
+    context: {
+        previousUser: User | undefined;
+    } | undefined;
+    failureCount: number;
+    failureReason: Error | null;
+    isPaused: boolean;
+    submittedAt: number;
+};
 /**
  * Update privacy settings with optimistic updates and authentication handling
  */
-export declare const useUpdatePrivacySettings: () => import("@tanstack/react-query").UseMutationResult<Record<string, unknown>, Error, {
-    settings: Record<string, any>;
+export declare const useUpdatePrivacySettings: () => import("@tanstack/react-query").UseMutationResult<PrivacySettings, Error, {
+    settings: Partial<PrivacySettings>;
     userId?: string;
 }, {
-    previousPrivacySettings: unknown;
+    previousPrivacySettings: PrivacySettings | undefined;
     previousUser: User | undefined;
 } | undefined>;
 /** Uploaded file data structure from API */
@@ -57,7 +201,7 @@ interface UploadResult {
 export declare const useUploadFile: () => import("@tanstack/react-query").UseMutationResult<UploadResult, Error, {
     file: File;
     visibility?: "private" | "public" | "unlisted";
-    metadata?: Record<string, any>;
+    metadata?: Record<string, unknown>;
     onProgress?: (progress: number) => void;
 }, unknown>;
 export {};

package/dist/types/hooks/queries/useAccountQueries.d.ts

@@ -1,42 +1,46 @@
+import type { User } from '@oxyhq/core';
 /**
  * Get user profile by session ID
  */
 export declare const useUserProfile: (sessionId: string | null, options?: {
     enabled?: boolean;
-}) => import("@tanstack/react-query").UseQueryResult<any, Error>;
+}) => import("@tanstack/react-query").UseQueryResult<NoInfer<User>, Error>;
 /**
  * Get multiple user profiles by session IDs (batch query)
  */
 export declare const useUserProfiles: (sessionIds: string[], options?: {
     enabled?: boolean;
-}) => import("@tanstack/react-query").UseQueryResult<any, Error>[];
+}) => import("@tanstack/react-query").UseQueryResult<User | null, Error>[];
 /**
  * Get current authenticated user
  */
 export declare const useCurrentUser: (options?: {
     enabled?: boolean;
-}) => import("@tanstack/react-query").UseQueryResult<any, Error>;
+}) => import("@tanstack/react-query").UseQueryResult<NoInfer<User>, Error>;
 /**
  * Get user by ID
  */
 export declare const useUserById: (userId: string | null, options?: {
     enabled?: boolean;
-}) => import("@tanstack/react-query").UseQueryResult<any, Error>;
+}) => import("@tanstack/react-query").UseQueryResult<NoInfer<User>, Error>;
 /**
  * Get user profile by username
  */
 export declare const useUserByUsername: (username: string | null, options?: {
     enabled?: boolean;
-}) => import("@tanstack/react-query").UseQueryResult<any, Error>;
+}) => import("@tanstack/react-query").UseQueryResult<NoInfer<User>, Error>;
 /**
  * Batch get users by session IDs (optimized single API call)
  */
 export declare const useUsersBySessions: (sessionIds: string[], options?: {
     enabled?: boolean;
-}) => import("@tanstack/react-query").UseQueryResult<any, Error>;
+}) => import("@tanstack/react-query").UseQueryResult<NoInfer<{
+    sessionId: string;
+    user: User | null;
+}[]>, Error>;
 /**
  * Get privacy settings for a user
  */
 export declare const usePrivacySettings: (userId?: string, options?: {
     enabled?: boolean;
-}) => import("@tanstack/react-query").UseQueryResult<unknown, Error>;
+}) => import("@tanstack/react-query").UseQueryResult<NoInfer<import("@oxyhq/core").PrivacySettings>, Error>;

package/dist/types/hooks/queries/useSecurityQueries.d.ts

@@ -7,8 +7,8 @@ export declare const useSecurityActivity: (options?: {
     offset?: number;
     eventType?: SecurityEventType;
     enabled?: boolean;
-}) => import("@tanstack/react-query").UseQueryResult<any, Error>;
+}) => import("@tanstack/react-query").UseQueryResult<NoInfer<import("@oxyhq/core").SecurityActivityResponse>, Error>;
 /**
  * Get recent security activity (convenience hook)
  */
-export declare const useRecentSecurityActivity: (limit?: number) => import("@tanstack/react-query").UseQueryResult<SecurityActivity[], Error>;
+export declare const useRecentSecurityActivity: (limit?: number) => import("@tanstack/react-query").UseQueryResult<NoInfer<SecurityActivity[]>, Error>;

package/dist/types/hooks/queries/useServicesQueries.d.ts

@@ -4,28 +4,30 @@ import type { ClientSession } from '@oxyhq/core';
  */
 export declare const useSessions: (userId?: string, options?: {
     enabled?: boolean;
-}) => import("@tanstack/react-query").UseQueryResult<ClientSession[], Error>;
+}) => import("@tanstack/react-query").UseQueryResult<NoInfer<ClientSession[]>, Error>;
 /**
  * Get specific session by ID
  */
 export declare const useSession: (sessionId: string | null, options?: {
     enabled?: boolean;
-}) => import("@tanstack/react-query").UseQueryResult<ClientSession, Error>;
+}) => import("@tanstack/react-query").UseQueryResult<NoInfer<ClientSession>, Error>;
 /**
  * Get device sessions for the current active session
  */
 export declare const useDeviceSessions: (options?: {
     enabled?: boolean;
-}) => import("@tanstack/react-query").UseQueryResult<any, Error>;
+}) => import("@tanstack/react-query").UseQueryResult<NoInfer<any[]>, Error>;
 /**
  * Get user devices
  */
 export declare const useUserDevices: (options?: {
     enabled?: boolean;
-}) => import("@tanstack/react-query").UseQueryResult<unknown, Error>;
+}) => import("@tanstack/react-query").UseQueryResult<NoInfer<any[]>, Error>;
 /**
  * Get security information
  */
 export declare const useSecurityInfo: (options?: {
     enabled?: boolean;
-}) => import("@tanstack/react-query").UseQueryResult<any, Error>;
+}) => import("@tanstack/react-query").UseQueryResult<NoInfer<{
+    recoveryEmail: string | null;
+}>, Error>;

package/dist/types/hooks/queryClient.d.ts

@@ -1,18 +1,32 @@
-import { QueryClient } from '@tanstack/react-query';
-import type { StorageInterface } from '../utils/storageHelpers';
 /**
- * Custom persistence adapter for TanStack Query using our StorageInterface
+ * Web QueryClient with offline-first defaults + localStorage persistence.
+ *
+ * Mirrors the persistence behaviour in `@oxyhq/services/queryClient` so
+ * web auth apps (FedCM, popup, redirect flows) survive a page reload with
+ * cached identity + paused mutations intact.
+ *
+ * Persistence is opt-in via `attachQueryPersistence(...)` so SSR callers
+ * (Next.js getServerSideProps, Vite SSR, tests) can create a stateless
+ * client without touching `window`.
  */
+import { QueryClient } from '@tanstack/react-query';
+import { type PersistedClient } from '@tanstack/react-query-persist-client';
+import type { StorageInterface } from '../utils/storageHelpers';
 export declare const createPersistenceAdapter: (storage: StorageInterface) => {
-    persistClient: (client: any) => Promise<void>;
-    restoreClient: () => Promise<any>;
+    persistClient: (client: unknown) => Promise<void>;
+    restoreClient: () => Promise<unknown>;
     removeClient: () => Promise<void>;
 };
+export declare const createQueryClient: () => QueryClient;
+export interface AttachPersistenceResult {
+    restored: Promise<void>;
+    unsubscribe: () => void;
+}
 /**
- * Create a QueryClient with offline-first configuration
- */
-export declare const createQueryClient: (storage?: StorageInterface | null) => QueryClient;
-/**
- * Clear persisted query cache
+ * Wire `persistQueryClient` to browser `localStorage` (or a no-op when not
+ * in a browser). Returns the restore promise so consumers can `await` it
+ * before exposing the client to <Suspense> boundaries.
  */
+export declare const attachQueryPersistence: (queryClient: QueryClient) => AttachPersistenceResult;
 export declare const clearQueryCache: (storage: StorageInterface) => Promise<void>;
+export type { PersistedClient };

package/dist/types/hooks/useAssets.d.ts

@@ -24,7 +24,7 @@ export declare const useAssets: () => {
     getAsset: (assetId: string) => Promise<Asset>;
     deleteAsset: (assetId: string, force?: boolean) => Promise<void>;
     restore: (assetId: string) => Promise<void>;
-    getVariants: (assetId: string) => Promise<any>;
+    getVariants: (assetId: string) => Promise<import("@oxyhq/core").AssetVariant[]>;
     getAssetsByApp: (app: string) => Asset[];
     getAssetsByEntity: (app: string, entityType: string, entityId: string) => Asset[];
     getAssetUsageCount: (assetId: string) => number;

package/dist/types/hooks/useFileDownloadUrl.d.ts

@@ -1,5 +1,4 @@
-import { OxyServices } from '@oxyhq/core';
-export declare const setOxyFileUrlInstance: (instance: OxyServices) => void;
+import type { OxyServices } from '@oxyhq/core';
 export interface UseFileDownloadUrlOptions {
     variant?: string;
     expiresIn?: number;
@@ -12,10 +11,7 @@ export interface UseFileDownloadUrlResult {
 /**
  * Hook to resolve a file's download URL asynchronously.
  *
- * Prefers the provided `oxyServices` instance, falls back to the module-level
- * singleton set via `setOxyFileUrlInstance`.
- *
  * Uses `getFileDownloadUrlAsync` first, falling back to the synchronous
  * `getFileDownloadUrl` if the async call fails.
  */
-export declare const useFileDownloadUrl: (fileIdOrServices?: string | OxyServices | null, fileIdOrOptions?: string | UseFileDownloadUrlOptions | null, maybeOptions?: UseFileDownloadUrlOptions) => UseFileDownloadUrlResult;
+export declare const useFileDownloadUrl: (oxyServices: OxyServices | null | undefined, fileId: string | null | undefined, options?: UseFileDownloadUrlOptions) => UseFileDownloadUrlResult;

package/dist/types/index.d.ts

@@ -26,14 +26,18 @@ export { WebOxyProvider, useWebOxy, useAuth } from './WebOxyProvider';
 export type { WebOxyProviderProps, WebAuthState, WebAuthActions, WebOxyContextValue, } from './WebOxyProvider';
 export { useAuthStore } from './stores/authStore';
 export { useAssetStore, useAssets as useAssetsStore, useAsset, useUploadProgress, useAssetLoading, useAssetErrors, useAssetsByApp, useAssetsByEntity, useAssetUsageCount, useIsAssetLinked, } from './stores/assetStore';
+export { useAccountStore, useAccounts, useAccountLoading, useAccountError, useAccountLoadingSession, } from './stores/accountStore';
+export type { QuickAccount } from './stores/accountStore';
+export { useFollowStore, } from './stores/followStore';
 export { useUserProfile, useUserProfiles, useCurrentUser, useUserById, useUserByUsername, useUsersBySessions, usePrivacySettings, useSessions, useSession, useDeviceSessions, useUserDevices, useSecurityInfo, useSecurityActivity, useRecentSecurityActivity, } from './hooks/queries';
 export { useUpdateProfile, useUploadAvatar, useUpdateAccountSettings, useUpdatePrivacySettings, useUploadFile, useSwitchSession, useLogoutSession, useLogoutAll, useUpdateDeviceName, useRemoveDevice, } from './hooks/mutations';
 export { createProfileMutation, createGenericMutation, } from './hooks/mutations/mutationFactory';
 export type { ProfileMutationConfig, GenericMutationConfig, } from './hooks/mutations/mutationFactory';
+export { useWebSSO, isWebBrowser } from './hooks/useWebSSO';
 export { useSessionSocket } from './hooks/useSessionSocket';
 export type { UseSessionSocketOptions } from './hooks/useSessionSocket';
 export { useAssets, setOxyAssetInstance } from './hooks/useAssets';
-export { useFileDownloadUrl, setOxyFileUrlInstance } from './hooks/useFileDownloadUrl';
+export { useFileDownloadUrl } from './hooks/useFileDownloadUrl';
 export { useFollow, useFollowerCounts } from './hooks/useFollow';
 export { useFileFiltering } from './hooks/useFileFiltering';
 export type { ViewMode, SortBy, SortOrder } from './hooks/useFileFiltering';

package/dist/types/utils/sessionHelpers.d.ts

@@ -45,7 +45,9 @@ export interface SessionValidationResult {
  */
 export declare const mapSessionsToClient: (sessions: DeviceSession[], fallbackDeviceId?: string, fallbackUserId?: string) => ClientSession[];
 /**
- * Fetch device sessions with fallback to the legacy session endpoint when needed.
+ * Fetch device sessions, falling back to the per-user session endpoint
+ * if the device endpoint is unavailable (older API versions or disabled
+ * device-grouping feature flag).
  *
  * @param oxyServices - Oxy service instance
  * @param sessionId - Session identifier to fetch

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oxyhq/auth",
-  "version": "2.0.3",
+  "version": "2.0.5",
   "description": "OxyHQ Web Authentication SDK — headless auth with React hooks for Next.js, Vite, and web apps",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",
@@ -50,22 +50,46 @@
     "build:types": "tsc -p tsconfig.types.json",
     "clean": "rm -rf dist",
     "typescript": "tsc --noEmit",
-    "lint": "biome lint --error-on-warnings ./src"
+    "lint": "biome lint --error-on-warnings ./src",
+    "test": "jest --passWithNoTests",
+    "release": "rm -rf dist && bun run build && release-it"
+  },
+  "release-it": {
+    "git": {
+      "tagName": "@oxyhq/auth@${version}",
+      "tagAnnotation": "Release @oxyhq/auth@${version}",
+      "commitMessage": "chore(auth-sdk): release @oxyhq/auth@${version}"
+    },
+    "github": {
+      "release": true,
+      "releaseName": "@oxyhq/auth@${version}"
+    },
+    "npm": {
+      "publish": true
+    }
   },
   "dependencies": {
-    "@tanstack/react-query": "^5.90.20",
-    "socket.io-client": "^4.8.1",
+    "@tanstack/query-sync-storage-persister": "^5.100",
+    "@tanstack/react-query": "^5.100",
+    "@tanstack/react-query-persist-client": "^5.100",
     "sonner": "^2.0.4",
     "zustand": "^5.0.9"
   },
   "peerDependencies": {
     "@oxyhq/core": "*",
-    "react": ">=18.0.0"
+    "react": ">=18.0.0",
+    "socket.io-client": "^4.8.1"
+  },
+  "peerDependenciesMeta": {
+    "socket.io-client": {
+      "optional": true
+    }
   },
   "devDependencies": {
     "@biomejs/biome": "^1.9.4",
     "@types/react": "^19.2.0",
     "@types/node": "^20.19.9",
+    "release-it": "^19.0.6",
     "typescript": "^5.9.2"
   }
 }

package/src/WebOxyProvider.tsx

@@ -28,7 +28,7 @@ import type {
   ClientSession,
 } from '@oxyhq/core';
 import { QueryClientProvider } from '@tanstack/react-query';
-import { createQueryClient } from './hooks/queryClient';
+import { attachQueryPersistence, createQueryClient } from './hooks/queryClient';
 
 export interface WebAuthState {
   user: User | null;
@@ -101,6 +101,29 @@ export function WebOxyProvider({
   const [authManager] = useState(() => createAuthManager(oxyServices, { autoRefresh: true }));
   const [queryClient] = useState(() => createQueryClient());
 
+  // Block first render until the persisted localStorage cache has been
+  // restored — mirrors the RN OxyProvider pattern. Without this gate the
+  // first paint observes an empty cache and any consumer reading
+  // `getQueryData(...)` synchronously (or using `placeholderData: 'previous'`
+  // gating) misses the persisted blob.
+  //
+  // Persistence is attached inside the same effect so we can hold a
+  // reference to the `restored` promise and only flip `isRestoring` to
+  // false once it settles (success OR failure). Detach on unmount so HMR
+  // doesn't leak subscriptions.
+  const [isRestoring, setIsRestoring] = useState(true);
+  useEffect(() => {
+    let mounted = true;
+    const { restored, unsubscribe } = attachQueryPersistence(queryClient);
+    restored.finally(() => {
+      if (mounted) setIsRestoring(false);
+    });
+    return () => {
+      mounted = false;
+      unsubscribe();
+    };
+  }, [queryClient]);
+
   // Auth state
   const [user, setUser] = useState<User | null>(null);
   const [isLoading, setIsLoading] = useState(!skipAutoCheck);
@@ -334,6 +357,21 @@ export function WebOxyProvider({
     signOut, isFedCMSupported, switchSession, clearSessionState,
   ]);
 
+  // Mirror the RN OxyProvider pattern: don't expose the QueryClient (or
+  // mount children) until the persisted cache has been restored. On the
+  // web this prevents the first paint from observing an empty
+  // localStorage-backed cache, which would otherwise force every
+  // identity/session/auth query to refetch from the network even when a
+  // fresh blob was available on disk.
+  //
+  // The restored promise is wired with `.finally(...)` upstream, so this
+  // unblocks on both success and failure within typically <50ms (sync
+  // localStorage read + JSON.parse). A safety net is unnecessary: the
+  // restore promise always settles synchronously after one microtask.
+  if (isRestoring) {
+    return null;
+  }
+
   return (
     <QueryClientProvider client={queryClient}>
       <WebOxyContext.Provider value={contextValue}>