@palbase/web 1.0.0 → 1.1.0

package/dist/analytics-facade-DLH-KivI.d.ts

@@ -0,0 +1,1302 @@
+import { Room, ExternalE2EEKeyProvider } from 'livekit-client';
+import { S as SessionStorageAdapter } from './storage-BPaeSG8K.js';
+import { F } from './pooled-flags-Bwq4usn0.js';
+
+declare class PalbaseError$1 extends Error {
+    readonly code: string;
+    readonly status: number;
+    readonly details?: unknown;
+    constructor(code: string, message: string, status: number, details?: unknown);
+}
+
+interface PalbaseResponse$1<T> {
+    data: T | null;
+    error: PalbaseError$1 | null;
+    count?: number;
+    status: number;
+}
+interface HttpClientOptions$1 {
+    url?: string;
+    headers?: Record<string, string>;
+}
+interface RequestOptions$1 {
+    headers?: Record<string, string>;
+    body?: unknown;
+    signal?: AbortSignal;
+}
+interface Session$1 {
+    accessToken: string;
+    refreshToken: string;
+    expiresAt: number;
+}
+type AuthStateEvent$1 = 'SESSION_SET' | 'SESSION_CLEARED';
+type AuthStateCallback$1 = (event: AuthStateEvent$1, session: Session$1 | null) => void;
+type Unsubscribe$3 = () => void;
+
+declare class TokenManager$1 {
+    private session;
+    private listeners;
+    private refreshPromise;
+    private refreshing;
+    refreshFunction: ((refreshToken: string) => Promise<Session$1>) | null;
+    setSession(session: Session$1): void;
+    getAccessToken(): string | null;
+    getRefreshToken(): string | null;
+    clearSession(): void;
+    isExpired(): boolean;
+    refreshSession(): Promise<void>;
+    onAuthStateChange(callback: AuthStateCallback$1): Unsubscribe$3;
+    private executeRefresh;
+    private notify;
+}
+
+/**
+ * Request interceptor. Runs before every HTTP request.
+ * Can modify headers, body, or reject the request.
+ */
+type RequestInterceptor$1 = (request: {
+    headers: Record<string, string>;
+    method: string;
+    path: string;
+}) => void | Promise<void>;
+declare class HttpClient$1 {
+    protected readonly apiKey: string;
+    protected readonly options?: HttpClientOptions$1;
+    tokenManager: TokenManager$1 | null;
+    /**
+     * Admin JWT used for platform admin endpoints (/admin/*).
+     * When set, takes precedence over tokenManager access token in the
+     * Authorization header.
+     */
+    adminToken: string | null;
+    private readonly interceptors;
+    constructor(apiKey: string, options?: HttpClientOptions$1);
+    /** Set (or clear) the admin JWT used on admin endpoints. */
+    setAdminToken(token: string | null): void;
+    /**
+     * Create a scoped HttpClient that adds the given extra headers to every
+     * request. The returned client shares the admin token and token manager
+     * with the parent at runtime — later changes on the parent propagate to
+     * the scope and vice versa.
+     *
+     * Typical use: tagging admin calls with `x-palbase-project: <ref>` so the
+     * gateway can route them to the correct project's data plane.
+     */
+    withHeaders(extra: Record<string, string>): HttpClient$1;
+    /** Add a request interceptor. Runs before every request. */
+    addInterceptor(interceptor: RequestInterceptor$1): void;
+    request<T>(method: string, path: string, options?: RequestOptions$1): Promise<PalbaseResponse$1<T>>;
+    private getBaseUrl;
+    private buildHeaders;
+    private executeWithRetry;
+    private delay;
+}
+
+declare class PalbaseError extends Error {
+    readonly code: string;
+    readonly status: number;
+    readonly details?: unknown;
+    constructor(code: string, message: string, status: number, details?: unknown);
+}
+
+interface PalbaseResponse<T> {
+    data: T | null;
+    error: PalbaseError | null;
+    count?: number;
+    status: number;
+}
+interface HttpClientOptions {
+    url?: string;
+    headers?: Record<string, string>;
+}
+interface RequestOptions {
+    headers?: Record<string, string>;
+    body?: unknown;
+    signal?: AbortSignal;
+}
+interface Session {
+    accessToken: string;
+    refreshToken: string;
+    expiresAt: number;
+}
+type AuthStateEvent = 'SESSION_SET' | 'SESSION_CLEARED';
+type AuthStateCallback = (event: AuthStateEvent, session: Session | null) => void;
+type Unsubscribe$2 = () => void;
+
+declare class TokenManager {
+    private session;
+    private listeners;
+    private refreshPromise;
+    private refreshing;
+    refreshFunction: ((refreshToken: string) => Promise<Session>) | null;
+    setSession(session: Session): void;
+    getAccessToken(): string | null;
+    getRefreshToken(): string | null;
+    clearSession(): void;
+    isExpired(): boolean;
+    refreshSession(): Promise<void>;
+    onAuthStateChange(callback: AuthStateCallback): Unsubscribe$2;
+    private executeRefresh;
+    private notify;
+}
+
+/**
+ * Request interceptor. Runs before every HTTP request.
+ * Can modify headers, body, or reject the request.
+ */
+type RequestInterceptor = (request: {
+    headers: Record<string, string>;
+    method: string;
+    path: string;
+}) => void | Promise<void>;
+declare class HttpClient {
+    protected readonly apiKey: string;
+    protected readonly options?: HttpClientOptions;
+    tokenManager: TokenManager | null;
+    /**
+     * Admin JWT used for platform admin endpoints (/admin/*).
+     * When set, takes precedence over tokenManager access token in the
+     * Authorization header.
+     */
+    adminToken: string | null;
+    private readonly interceptors;
+    constructor(apiKey: string, options?: HttpClientOptions);
+    /** Set (or clear) the admin JWT used on admin endpoints. */
+    setAdminToken(token: string | null): void;
+    /**
+     * Create a scoped HttpClient that adds the given extra headers to every
+     * request. The returned client shares the admin token and token manager
+     * with the parent at runtime — later changes on the parent propagate to
+     * the scope and vice versa.
+     *
+     * Typical use: tagging admin calls with `x-palbase-project: <ref>` so the
+     * gateway can route them to the correct project's data plane.
+     */
+    withHeaders(extra: Record<string, string>): HttpClient;
+    /** Add a request interceptor. Runs before every request. */
+    addInterceptor(interceptor: RequestInterceptor): void;
+    request<T>(method: string, path: string, options?: RequestOptions): Promise<PalbaseResponse<T>>;
+    private getBaseUrl;
+    private buildHeaders;
+    private executeWithRetry;
+    private delay;
+}
+
+interface User {
+    id: string;
+    email: string;
+    emailVerified: boolean;
+    createdAt: string;
+    updatedAt: string;
+    metadata?: Record<string, unknown>;
+}
+interface TokenResponse {
+    access_token: string;
+    refresh_token: string;
+    token_type: string;
+    expires_in: number;
+}
+interface AuthSession {
+    id: string;
+    ip?: string;
+    user_agent?: string;
+    acr: string;
+    amr: string[];
+    last_activity: string;
+    created_at: string;
+    current: boolean;
+}
+interface SignUpCredentials {
+    email: string;
+    password: string;
+}
+interface SignInCredentials {
+    email: string;
+    password: string;
+}
+interface VerifyEmailParams {
+    token?: string;
+    code?: string;
+    email?: string;
+}
+interface PasswordResetParams {
+    email: string;
+}
+interface PasswordResetConfirmParams {
+    token: string;
+    new_password: string;
+}
+interface PasswordChangeParams {
+    current_password: string;
+    new_password: string;
+}
+interface MFAEnrollParams {
+    type: 'totp' | 'email';
+}
+interface MFAEnrollResult {
+    enrollment_id?: string;
+    secret?: string;
+    otp_url?: string;
+    qr_code?: string;
+    recovery_codes?: string[];
+    status?: string;
+}
+interface MFAChallengeParams {
+    mfa_token: string;
+    type: 'totp' | 'email';
+    code: string;
+}
+interface MFARecoveryParams {
+    mfa_token: string;
+    code: string;
+}
+interface MFAFactor {
+    id: string;
+    type: string;
+    verified: boolean;
+    created_at: string;
+}
+interface MFAEmailChallengeParams {
+    mfa_token: string;
+}
+interface MFAEmailVerifyParams {
+    mfa_token: string;
+    code: string;
+}
+interface OAuthOptions {
+    provider: string;
+    redirectTo?: string;
+}
+interface Identity {
+    id: string;
+    provider: string;
+    provider_user_id: string;
+    created_at: string;
+}
+interface CredentialExchangeParams {
+    provider: string;
+    credential: string;
+}
+interface LinkIdentityParams {
+    provider: string;
+    credential: string;
+}
+interface MagicLinkParams {
+    email: string;
+}
+interface MagicLinkVerifyParams {
+    token: string;
+    fingerprint_hash?: string;
+}
+interface RegisterTrustedDeviceParams {
+    fingerprint_hash: string;
+    device_name?: string;
+}
+interface TrustedDevice {
+    id: string;
+    device_name?: string;
+    created_at: string;
+    last_used_at: string;
+    expires_at: string;
+}
+interface DeviceInfo {
+    id: string;
+    platform: string;
+    attestation_status: string;
+    bound: boolean;
+    created_at: string;
+}
+interface AttestAndroidParams {
+    verdict_token: string;
+}
+interface AttestAndroidResult {
+    device_id: string;
+    attestation_status: string;
+    device_integrity?: string;
+}
+interface AttestiOSParams {
+    attestation_object: string;
+    key_id: string;
+    challenge: string;
+}
+interface AttestiOSResult {
+    device_id: string;
+    attestation_status: string;
+}
+interface BindDeviceParams {
+    device_id: string;
+    public_key: string;
+    platform_attestation?: string;
+}
+interface VerifyRequestSignatureParams {
+    payload: string;
+    signature: string;
+}
+type AuthEvent = 'SIGNED_IN' | 'SIGNED_OUT' | 'TOKEN_REFRESHED';
+type AuthStateChangeCallback = (event: AuthEvent, session: Session | null) => void;
+
+/**
+ * Device attestation client.
+ * Handles device challenge/attestation/bind and App Check JWT cache.
+ */
+declare class DeviceClient {
+    private readonly httpClient;
+    private cachedToken;
+    private refreshTimer;
+    constructor(httpClient: HttpClient);
+    /** Generate a device attestation challenge. */
+    generateChallenge(): Promise<PalbaseResponse<{
+        challenge: string;
+    }>>;
+    /** Attest an Android device with a Play Integrity verdict token. */
+    attestAndroid(params: AttestAndroidParams): Promise<PalbaseResponse<AttestAndroidResult>>;
+    /** Attest an iOS device with App Attest attestation data. */
+    attestiOS(params: AttestiOSParams): Promise<PalbaseResponse<AttestiOSResult>>;
+    /** Bind a verified device with a public key for request signing. */
+    bind(params: BindDeviceParams): Promise<PalbaseResponse<{
+        success: boolean;
+    }>>;
+    /** List all devices for the current user. */
+    list(): Promise<PalbaseResponse<{
+        devices: DeviceInfo[];
+    }>>;
+    /** Delete a device by ID. */
+    delete(deviceId: string): Promise<PalbaseResponse<{
+        success: boolean;
+    }>>;
+    /**
+     * Verify a request signature from a device (server-only).
+     * Should NOT be exposed in client SDK.
+     */
+    verifyRequestSignature(deviceId: string, params: VerifyRequestSignatureParams): Promise<PalbaseResponse<{
+        verified: boolean;
+    }>>;
+    /** Get the cached App Check token, or null if not available / expired. */
+    getToken(): string | null;
+    /** Whether App Check is active (token cached and not expired). */
+    get isActive(): boolean;
+    /** Set a cached App Check token manually (e.g. after attest flow). */
+    setCachedToken(token: string, expiresInMs: number): void;
+    /** Clean up timers and cached state. */
+    dispose(): void;
+    private scheduleRefresh;
+}
+
+/** Reserved for future user-scope options. Admin surface is in @palbase/server. */
+type AuthClientOptions = Record<string, never>;
+declare class AuthClient {
+    private readonly httpClient;
+    private readonly tokenManager;
+    private readonly apiKey;
+    private readonly baseUrl;
+    private currentSession;
+    private hasSession;
+    private _mfa;
+    /** Device attestation */
+    readonly device: DeviceClient;
+    constructor(httpClient: HttpClient, tokenManager: TokenManager, apiKey?: string, baseUrl?: string, _options?: AuthClientOptions);
+    signUp(credentials: SignUpCredentials): Promise<PalbaseResponse<{
+        user: User;
+        session: Session;
+    }>>;
+    signIn(credentials: SignInCredentials): Promise<PalbaseResponse<{
+        user: User;
+        session: Session;
+    }>>;
+    signOut(): Promise<PalbaseResponse<void>>;
+    verifyEmail(params: VerifyEmailParams): Promise<PalbaseResponse<{
+        status: string;
+    }>>;
+    resendVerification(email: string): Promise<PalbaseResponse<{
+        verification_token?: string;
+        verification_code?: string;
+    }>>;
+    requestPasswordReset(params: PasswordResetParams): Promise<PalbaseResponse<{
+        success: boolean;
+    }>>;
+    confirmPasswordReset(params: PasswordResetConfirmParams): Promise<PalbaseResponse<{
+        success: boolean;
+    }>>;
+    changePassword(params: PasswordChangeParams): Promise<PalbaseResponse<{
+        success: boolean;
+    }>>;
+    refresh(): Promise<PalbaseResponse<TokenResponse>>;
+    getAccessToken(): string | null;
+    onTokenChange(callback: (tokens: {
+        accessToken: string | null;
+        refreshToken: string | null;
+    }) => void): () => void;
+    setTokens(accessToken: string, refreshToken: string, expiresIn?: number): void;
+    listSessions(): Promise<PalbaseResponse<AuthSession[]>>;
+    revokeSession(sessionId: string): Promise<PalbaseResponse<void>>;
+    revokeAllSessions(): Promise<PalbaseResponse<void>>;
+    get mfa(): {
+        enroll: (params: MFAEnrollParams) => Promise<PalbaseResponse<MFAEnrollResult>>;
+        verifyEnrollment: (code: string) => Promise<PalbaseResponse<{
+            status: string;
+        }>>;
+        challenge: (params: MFAChallengeParams) => Promise<PalbaseResponse<TokenResponse>>;
+        recovery: (params: MFARecoveryParams) => Promise<PalbaseResponse<TokenResponse>>;
+        listFactors: () => Promise<PalbaseResponse<{
+            factors: MFAFactor[];
+        }>>;
+        removeFactor: (factorId: string, currentPassword: string) => Promise<PalbaseResponse<{
+            status: string;
+        }>>;
+        regenerateRecoveryCodes: () => Promise<PalbaseResponse<{
+            recovery_codes: string[];
+        }>>;
+        emailEnroll: () => Promise<PalbaseResponse<{
+            status: string;
+        }>>;
+        emailChallenge: (params: MFAEmailChallengeParams) => Promise<PalbaseResponse<{
+            status: string;
+        }>>;
+        emailVerify: (params: MFAEmailVerifyParams) => Promise<PalbaseResponse<TokenResponse>>;
+    };
+    private buildMfa;
+    getOAuthURL(options: OAuthOptions): Promise<PalbaseResponse<{
+        url: string;
+    }>>;
+    signInWithCredential(params: CredentialExchangeParams): Promise<PalbaseResponse<{
+        user: User;
+        session: Session;
+    }>>;
+    listIdentities(): Promise<PalbaseResponse<{
+        identities: Identity[];
+    }>>;
+    linkIdentity(params: LinkIdentityParams): Promise<PalbaseResponse<{
+        success: boolean;
+    }>>;
+    unlinkIdentity(identityId: string): Promise<PalbaseResponse<{
+        success: boolean;
+    }>>;
+    requestMagicLink(params: MagicLinkParams): Promise<PalbaseResponse<{
+        success: boolean;
+    }>>;
+    verifyMagicLink(params: MagicLinkVerifyParams): Promise<PalbaseResponse<{
+        user: User;
+        session: Session;
+    }>>;
+    listTrustedDevices(): Promise<PalbaseResponse<{
+        trusted_devices: TrustedDevice[];
+    }>>;
+    registerTrustedDevice(params: RegisterTrustedDeviceParams): Promise<PalbaseResponse<{
+        trusted_device_token: string;
+    }>>;
+    revokeTrustedDevice(deviceId: string): Promise<PalbaseResponse<{
+        success: boolean;
+    }>>;
+    getSession(): {
+        data: Session | null;
+        error: null;
+    };
+    onAuthStateChange(callback: AuthStateChangeCallback): {
+        data: {
+            subscription: {
+                unsubscribe: () => void;
+            };
+        };
+    };
+    /**
+     * Verify a user's JWT token by calling GET /auth/user with their token.
+     * Server-only — should NOT be exposed in client SDK.
+     */
+    verifyUserToken(jwt: string): Promise<PalbaseResponse<User>>;
+    private setSessionAndWireRefresh;
+}
+
+type CallState = 'connecting' | 'active' | 'ended';
+interface CallParticipant {
+    identity: string;
+    isSpeaking: boolean;
+    audioMuted: boolean;
+    videoEnabled: boolean;
+    /** The live <video> element for this participant, or null before track arrives. */
+    videoElement: HTMLVideoElement | null;
+    /** The live <audio> element for this participant, or null before track arrives. */
+    audioElement: HTMLAudioElement | null;
+}
+type CallChangeCallback = (call: Call) => void;
+/**
+ * A live call session. Obtain via `pb.calls.start()` or `pb.calls.accept()`.
+ *
+ * Lifecycle:
+ *   connecting → active (room joined, tracks flowing)
+ *   active → ended   (leave() / remote disconnect)
+ *
+ * Subscribe to changes via `call.subscribe(cb)` which fires on state or
+ * participant changes (mirrors flags `onChange` / realtime `on` pattern).
+ */
+declare class Call {
+    readonly id: string;
+    private _state;
+    private readonly _participants;
+    private readonly _listeners;
+    private readonly _room;
+    private readonly _keyProvider;
+    /** @internal — obtain via PalbeCalls.start() / .accept() */
+    constructor(callId: string, room: Room, keyProvider: ExternalE2EEKeyProvider);
+    get state(): CallState;
+    /** Snapshot of current remote participants (does NOT include the local participant). */
+    get participants(): readonly CallParticipant[];
+    get localParticipant(): Room['localParticipant'];
+    /**
+     * Subscribe to call changes (state + participant updates).
+     * Returns an `Unsubscribe` function — matches the SDK's flags/auth pattern.
+     */
+    subscribe(callback: CallChangeCallback): Unsubscribe;
+    /** Mute / unmute the local microphone. */
+    mute(on: boolean): Promise<void>;
+    /** Enable / disable the local camera. */
+    setCamera(on: boolean): Promise<void>;
+    /**
+     * Set a raw frame encryption key (ArrayBuffer) for this call.
+     * Design seam for SP-1.x web-MLS: call this with the MLS exporter secret
+     * to enable frame-level E2EE via ExternalE2EEKeyProvider.
+     *
+     * NOTE: The room must have been opened with `e2ee` options for this to take
+     * effect. Currently calls connect WITHOUT e2ee — see module docstring.
+     *
+     * TODO(SP-1-web): wire this to MLS-derived key on session join.
+     */
+    setMediaKey(key: ArrayBuffer): Promise<void>;
+    /** Leave the call and disconnect from the LiveKit room. */
+    leave(): Promise<void>;
+    private _setState;
+    private _emit;
+    private _upsertParticipant;
+    private _attachTrack;
+    private _wireRoomEvents;
+}
+declare class PalbeCalls {
+    private readonly rt;
+    constructor(rt: PalbeRuntime);
+    /**
+     * Start a new call in a messaging group.
+     *
+     * @param groupId  - Messaging group display-id (`grp_<uuidv7>`)
+     * @param media    - Which media tracks to publish (default: audio + video)
+     * @returns        A `Call` in `connecting` state; transitions to `active` once LiveKit connects.
+     *
+     * @throws BackendError('network', { code: 'call_service_unavailable' })  if LiveKit SFU is down (503)
+     * @throws BackendError('forbidden', { code: 'not_group_member' })       if the caller is not a member (403)
+     * @throws BackendError('conflict', { code: 'call_room_full' })          if the room is full (409)
+     */
+    start(groupId: string, { media }?: {
+        media?: Array<'audio' | 'video'>;
+    }): Promise<Call>;
+    /**
+     * Accept an incoming call in a messaging group.
+     *
+     * @param groupId  - Messaging group display-id
+     * @param callId   - Call identifier (from the push notification payload)
+     * @param media    - Which media tracks to publish (default: audio + video)
+     */
+    accept(groupId: string, callId: string, { media }?: {
+        media?: Array<'audio' | 'video'>;
+    }): Promise<Call>;
+    /**
+     * Decline an incoming call.
+     *
+     * @param groupId  - Messaging group display-id
+     * @param callId   - Call identifier
+     * @param reason   - Optional decline reason string
+     */
+    decline(groupId: string, callId: string, reason?: string): Promise<void>;
+    private _connect;
+}
+
+interface PalbeOAuthConfig {
+    google?: {
+        enabled?: boolean;
+        clientId?: string;
+    };
+    apple?: {
+        enabled?: boolean;
+    };
+}
+/** Baked into palbe.gen.ts by `palbase web link` — the generated web config. */
+interface PalbeConfig {
+    url: string;
+    apiKey: string;
+    /** Informational — url+apiKey are already branch-specific (endpointRef embeds the branch slug); gen bakes all three consistently. */
+    branch?: string;
+    oauth?: PalbeOAuthConfig;
+    /** Refresh-token persistence. Default: endpoint-scoped localStorage in browsers, memory elsewhere. */
+    storage?: SessionStorageAdapter;
+    /** Extra headers on every request. */
+    headers?: Record<string, string>;
+}
+
+/** Frozen view of all cached flag values (what `all()` returns / `changes()` yields). */
+type FlagsView = Readonly<Record<string, F>>;
+/**
+ * `pb.flags` — iOS-parity facade over `FlagsPool` (cache + delta polling +
+ * auth binding) and `FlagsClient` (stateless transport).
+ *
+ * Start semantics: the facade is constructed lazily (first `pb.flags` touch).
+ * - Browser: the pool starts right here in the constructor — cold snapshot +
+ *   30s delta polling + visibility pause. "First use starts the machinery"
+ *   without per-method start checks.
+ * - Server (no `document`): NEVER auto-starts. `ready()`/`refresh()` are
+ *   one-shot snapshot fetches with zero timers and zero storage access, so a
+ *   pbServer request that reads flags pays exactly one HTTP call.
+ *
+ * localStorage persistence is scoped per endpoint ref (`palbe.flags.<ref>`),
+ * mirroring the session-storage key convention.
+ */
+declare class PalbeFlags {
+    private readonly transport;
+    private readonly pool;
+    constructor(rt: PalbeRuntime);
+    /** Resolves once the first snapshot (or persisted hydrate) is available. Auto-starts the pool. */
+    ready(): Promise<void>;
+    /** Force an immediate re-snapshot. */
+    refresh(): Promise<void>;
+    /** Frozen snapshot of all cached values (identity-stable until a change). */
+    all(): FlagsView;
+    /** Raw cached value for `key`, or `undefined` when not in the cache. */
+    get(key: string): F | undefined;
+    /** `true` only when the cached value is strictly `true`; `fallback` when the key is absent. */
+    isEnabled(key: string, fallback?: boolean): boolean;
+    /** Alias of {@link isEnabled} (iOS parity). */
+    bool(key: string, fallback?: boolean): boolean;
+    /** Cached value when it is a string, else `fallback`. */
+    getString(key: string, fallback: string): string;
+    /** Cached value when it is an integer number, else `fallback`. */
+    getInt(key: string, fallback: number): number;
+    /** Cached value when it is a number (integers included), else `fallback`. */
+    getDouble(key: string, fallback: number): number;
+    /**
+     * Resolve the multivariate variant for `key` — the variant name, or `null`
+     * when the flag has no variant (or the read fails).
+     *
+     * Wire failures (network errors, 404, etc.) resolve to `null`.
+     * Invalid flag names throw `BackendError('validation', { code: 'invalid_flag_name' })`.
+     *
+     * DEVIATION from iOS sync-cache parity: the platform does not propagate
+     * variant metadata into the user-flags snapshot/delta cache, so this is an
+     * ASYNC transport read (`GET /v1/flags/{key}/variant`), not a cache lookup.
+     */
+    getVariant(key: string): Promise<string | null>;
+    /** Subscribe to any change in the cached flag set. */
+    onChange(callback: () => void): Unsubscribe;
+    /**
+     * Observe ONE key: fires only when that key's value actually changes
+     * (per {@link sameFlagValue} — structural compare for objects), with the
+     * new value (`undefined` = deleted). P5 React-hook substrate.
+     */
+    subscribeKey(key: string, callback: (value: F | undefined) => void): Unsubscribe;
+    /**
+     * Async iteration over flag changes: yields the new {@link all} view on
+     * every pool change notification. The listener is detached when the
+     * consumer `break`s/`return`s/`throw`s — including while a `next()` is
+     * still pending (it resolves `{ done: true }` instead of hanging, which a
+     * plain async-generator `finally` would not guarantee).
+     */
+    changes(): AsyncIterableIterator<FlagsView>;
+    /** Stop polling and detach all listeners (auth + visibility + subscribers). */
+    destroy(): void;
+}
+
+/** A direct (1:1) chat or a multi-party group. */
+type ChatKind = 'direct' | 'group';
+/** A draft (local-only, not yet on the server) or an active (materialized) chat. */
+type ChatState = 'draft' | 'active';
+/** Server-side ACL role (group only; a direct chat has no roles). */
+type ChatRole = 'owner' | 'admin' | 'member';
+/** Whether a message was received (`incoming`) or sent by this device (`outgoing`). */
+type MessageDirection = 'incoming' | 'outgoing';
+/** A renderable message kind. `system` = a membership commit / control frame. */
+type ChatMessageKind = 'text' | 'media' | 'system';
+/** A participating USER (not a device). For a direct chat: `[me, peer]`. */
+interface ChatMember {
+    /** == userId (stable identity). */
+    readonly id: string;
+    readonly userId: string;
+    readonly displayName: string | null;
+    readonly role: ChatRole;
+    readonly isSelf: boolean;
+}
+/**
+ * A resolved reply context — produced by `resolveReply` on the decode path.
+ * `state:'resolved'` means the parent was found in local history and `quoteText`
+ * is the REAL parent text (spoof-proof). `state:'unavailable'` means the parent
+ * was not in local history; `quoteText` is the embedded preview body (may be null).
+ */
+interface ResolvedReply {
+    readonly parentClientMsgId: string;
+    readonly state: 'resolved' | 'unavailable';
+    readonly quoteSenderUserId: string;
+    readonly quoteText: string | null;
+    readonly quoteKind: string;
+}
+/** One message in a chat transcript. */
+interface ChatMessage {
+    /** Routing-key-free id: `<chat.id>#<serverSeq>`. */
+    readonly id: string;
+    readonly kind: ChatMessageKind;
+    readonly direction: MessageDirection;
+    /** The sending USER id, when resolved (nil for system frames or unknown sender). */
+    readonly senderUserId: string | null;
+    readonly text: string | null;
+    /** The server-minted per-group monotonic sequence (sort key + read cursor). */
+    readonly serverSeq: number;
+    /** When this device decoded (incoming) or sent (outgoing) the message. */
+    readonly sentAt: Date;
+    /** The client-minted idempotency id for this message (empty string for legacy/system). */
+    readonly clientMsgId: string;
+    /** Resolved reply context, or null if this is not a reply. */
+    readonly replyTo: ResolvedReply | null;
+}
+/** The receipt from a send — the server's monotonic sequence + accepted epoch. */
+interface SentReceipt {
+    readonly serverSeq: number;
+    readonly epoch: number;
+}
+/** Per-user comms privacy prefs (defaults both-true). */
+interface CommsPrefs {
+    readonly sharePresence: boolean;
+    readonly shareReceipts: boolean;
+}
+/** A presence snapshot for a user in a chat (60s TTL, device-union). */
+interface PresenceState {
+    readonly userId: string;
+    readonly isOnline: boolean;
+    readonly lastSeenAt: Date | null;
+}
+/** An unsubscribe handle (matches the flags/realtime/auth pattern). */
+type Unsubscribe$1 = () => void;
+
+/** A resolved group as the SDK tracks it. `name` is always null on web (no exporter). */
+interface MessagingGroup {
+    displayId: string;
+    rfcGroupId: string;
+    currentEpoch: number;
+    ownerUserId: string | null;
+    directKey: string | null;
+    name: string | null;
+}
+interface QuotePreview {
+    kind: string;
+    author_user_id: string;
+    body?: string;
+    body_truncated: boolean;
+}
+interface ReplyRef {
+    v: number;
+    client_msg_id: string;
+    preview?: QuotePreview;
+}
+
+/** A decoded incoming message handed to chat listeners. */
+interface IncomingMessage {
+    kind: 'application' | 'commit' | 'proposal' | 'welcome';
+    group: MessagingGroup;
+    text: string | null;
+    senderDeviceId: string | null;
+    epoch: number;
+    serverSeq: number;
+    receivedAt: Date;
+    /** The client-minted idempotency id from the decoded envelope (empty string for legacy/system). */
+    clientMsgId: string;
+    /** The decoded reply reference, if present in the envelope. */
+    replyRef: ReplyRef | null;
+}
+
+/** The intended participants of a draft chat (held until the first send). */
+interface ChatDraft {
+    mode: {
+        kind: 'direct';
+        peerUserId: string;
+    } | {
+        kind: 'group';
+        members: string[];
+    };
+    /** The reserved local id a draft shows before it materializes. */
+    reservedId: string;
+}
+/** The seam the Chat talks to for the work needing the resolved machinery. */
+interface ChatBackend {
+    selfUserId: string;
+    /** Materialize a draft → the active group (DM get-or-create / group create+add). */
+    materialize(draft: ChatDraft): Promise<MessagingGroup>;
+    sendText(group: MessagingGroup, text: string, replyTo?: ReplyRef | null): Promise<{
+        receipt: SentReceipt;
+        clientMsgId: string;
+    }>;
+    history(group: MessagingGroup, limit: number, before?: number): Promise<ChatMessage[]>;
+    members(group: MessagingGroup): Promise<ChatMember[]>;
+    addMember(group: MessagingGroup, userId: string): Promise<void>;
+    removeMember(group: MessagingGroup, userId: string): Promise<void>;
+    leave(group: MessagingGroup): Promise<void>;
+    registerActive(group: MessagingGroup): void;
+    setTyping(group: MessagingGroup, isTyping: boolean): void;
+    markRead(group: MessagingGroup, upToServerSeq: number): Promise<void>;
+    /** Subscribe live message + conv (presence/typing/read) for an active group. */
+    subscribeLive(group: MessagingGroup, chat: Chat): Unsubscribe$1;
+    /** Resolve a sender device id → its owning user id (for senderUserId). */
+    userIdForDevice(group: MessagingGroup, deviceId: string): Promise<string | null>;
+}
+declare class Chat {
+    /** Stable, URL/log-safe id (the grp_ display id once active; a reserved local id while draft). */
+    id: string;
+    readonly kind: ChatKind;
+    private _state;
+    private _group;
+    private _draft;
+    private readonly backend;
+    private messageList;
+    private memberCache;
+    private typingList;
+    private presenceStates;
+    private readWatermark;
+    private titleOverride;
+    private readonly seenKeys;
+    /** Index: clientMsgId → { text, senderUserId } for resolveReply lookups. */
+    private readonly byClientMsgId;
+    private loadedEarliestSeq;
+    private historyLoaded;
+    private wired;
+    private liveUnsub;
+    private readonly listeners;
+    /** @internal — obtain via pb.messaging.directChat / groupChat / chat(id). */
+    constructor(args: {
+        group: MessagingGroup;
+        kind: ChatKind;
+        backend: ChatBackend;
+    } | {
+        draft: ChatDraft;
+        kind: ChatKind;
+        backend: ChatBackend;
+    });
+    /** Subscribe to any change in this chat (messages/members/typing/state). */
+    onChange(cb: () => void): Unsubscribe$1;
+    private emit;
+    get state(): ChatState;
+    get isDirect(): boolean;
+    get messages(): readonly ChatMessage[];
+    get members(): readonly ChatMember[];
+    get typing(): readonly ChatMember[];
+    get lastMessage(): ChatMessage | null;
+    get unreadCount(): number;
+    get title(): string;
+    presence(userId: string): PresenceState | null;
+    private ensureWired;
+    private hydrateHistory;
+    private mergeHistory;
+    /** @internal — called by the backend's live subscription. */
+    ingestLive(incoming: IncomingMessage): Promise<void>;
+    /** @internal — called by the backend's conv subscription. */
+    applyConv(event: string, payload: Record<string, unknown>): void;
+    private kindOf;
+    private internalKey;
+    private publicId;
+    /** Page older messages in. Returns how many were prepended. */
+    loadEarlier(limit?: number): Promise<number>;
+    private refreshMembers;
+    private seedMembersFromGroup;
+    private seedDraftMembers;
+    send(text: string, opts?: {
+        replyTo?: ChatMessage;
+    }): Promise<SentReceipt>;
+    private appendOwnSend;
+    private materializeIfNeeded;
+    addMemberUser(userId: string): Promise<void>;
+    removeMemberUser(userId: string): Promise<void>;
+    leave(): Promise<void>;
+    setTyping(isTyping: boolean): void;
+    markRead(message: ChatMessage): Promise<void>;
+}
+
+declare class PalbeMessaging {
+    private readonly coordinator;
+    constructor(rt: PalbeRuntime);
+    /**
+     * Warm messaging at sign-in (optional). Enrolls this device + starts the live
+     * delivery source so incoming DMs/Welcomes drain before the chat list opens.
+     * Never REQUIRED — any chat op self-enrolls. Idempotent.
+     */
+    start(): Promise<void>;
+    /**
+     * Open the ONE direct chat with `userId`. INSTANT + LOCAL — no network, nothing
+     * created yet. Returns a draft `Chat` to show immediately; the server group +
+     * MLS material materialize LAZILY on the first `chat.send`. Idempotent + stable:
+     * the same two users always resolve to the SAME Chat.
+     */
+    directChat(userId: string): Chat;
+    /**
+     * Open a multi-party group chat. LOCAL + LAZY like `directChat`: pick the
+     * members, get a draft Chat, the group is created on the FIRST `chat.send`.
+     */
+    groupChat(opts?: {
+        members?: string[];
+    }): Chat;
+    /** Look up a chat by id (e.g. from a push payload / deep link). null if unknown. */
+    chat(id: string): Chat | null;
+    /** The observable chat list (DMs + groups, active only). Read it after an
+     * `onChatsChange` subscription to render the inbox. */
+    get chats(): readonly Chat[];
+    /** Subscribe to chat-list changes (a chat added/removed/hydrated). */
+    onChatsChange(cb: () => void): Unsubscribe$1;
+}
+
+/**
+ * The connection state of the shared realtime WebSocket (iOS enum parity), plus
+ * `'error'` — surfaced when a channel could not be recovered after a
+ * token-expiry close exhausted its rejoin attempts (the socket itself may still
+ * be up; the app should stop expecting events on the dead channel).
+ */
+type RealtimeConnectionState = 'idle' | 'connected' | 'reconnecting' | 'error';
+
+/** An inbound broadcast payload (the inner `payload` of the Phoenix envelope). */
+type RealtimePayload = Record<string, unknown>;
+type RealtimeHandler = (payload: RealtimePayload) => void;
+/** A cancellable realtime subscription. `cancel()` removes the handler and,
+ * when it was the channel's last, leaves the channel on the shared socket.
+ * Cancelling twice is a no-op. */
+interface RealtimeSubscription {
+    cancel(): void;
+}
+interface RealtimeStatusSnapshot {
+    state: RealtimeConnectionState;
+    lastEventAt: Date | null;
+}
+/**
+ * The observable connection status (`pb.realtime.status`) — the plain-JS
+ * analogue of the iOS `@Observable RealtimeStatusStore`. `state` drives a
+ * live "connected" badge; `lastEventAt` proves a push actually arrived.
+ * `onChange` fires on state transitions and on every recorded event.
+ */
+interface RealtimeStatus {
+    readonly state: RealtimeConnectionState;
+    readonly lastEventAt: Date | null;
+    onChange(callback: (status: RealtimeStatusSnapshot) => void): Unsubscribe;
+}
+/**
+ * A subscription handle for one realtime channel (returned by
+ * `pb.realtime.channel(name)` — the SAME instance per name). A channel is
+ * joined on the shared socket when its first handler is added (or on the
+ * first `send`) and left when its last handler cancels.
+ */
+declare class RealtimeChannel {
+    /** The app-defined channel name (bare sub-topic, no "realtime:" prefix). */
+    readonly name: string;
+    private readonly owner;
+    /** @internal — obtain channels via `pb.realtime.channel(name)`. */
+    constructor(name: string, owner: PalbeRealtime);
+    /**
+     * Subscribe `handler` to `event` on this channel. Fire-and-forget: the
+     * join rides the shared socket asynchronously. Hold the returned
+     * subscription and `cancel()` it to stop.
+     */
+    on(event: string, handler: RealtimeHandler): RealtimeSubscription;
+    /**
+     * Broadcast `payload` to the channel's other subscribers (web addition —
+     * iOS is receive-only). Joins the channel if it isn't already; queued
+     * until the join is live on the socket.
+     */
+    send(event: string, payload?: RealtimePayload): void;
+}
+declare class PalbeRealtime {
+    private readonly rt;
+    private socket;
+    private readonly channels;
+    private readonly statusStore;
+    private readonly handlers;
+    private readonly topicRefcount;
+    constructor(rt: PalbeRuntime);
+    /**
+     * Get the handle for an app-defined channel (e.g. "room:42"). The same
+     * name returns the SAME instance. Throws a guided error on server-side
+     * hosts (SSR/RSC/Node) — realtime is client-only.
+     */
+    channel(name: string): RealtimeChannel;
+    /**
+     * Tear down the shared socket and clear all channel state. Called by
+     * `__configure` and `__reset` when the runtime is replaced, so old sockets
+     * are not left open and heartbeat timers do not leak.
+     */
+    destroy(): void;
+    /** The observable connection status. Safe to read anywhere (reports `idle` until a socket exists). */
+    get status(): RealtimeStatus;
+    /** @internal */
+    subscribe(topic: string, event: string, handler: RealtimeHandler): RealtimeSubscription;
+    /** @internal */
+    send(topic: string, event: string, payload: RealtimePayload): void;
+    /** Lazily build + start the shared socket on first subscription/send. */
+    private ensureSocket;
+    private route;
+    /**
+     * A channel died for good (token-expiry rejoin exhausted N attempts). Drop its
+     * handlers + refcount so the app stops expecting events on it, and flip the
+     * status observable to `'error'` (the React `useChannel` hook reports this).
+     * A later `.on()` for the same topic re-joins from scratch (refcount 1).
+     */
+    private handleChannelError;
+}
+
+interface PalbeRuntime {
+    config: PalbeConfig;
+    http: HttpClient$1;
+    tokenManager: TokenManager$1;
+    authClient: AuthClient;
+    auth: PalbeAuth;
+    flags: PalbeFlags;
+    realtime: PalbeRealtime;
+    analytics: PalbeAnalytics;
+    calls: PalbeCalls;
+    messaging: PalbeMessaging;
+    storage: SessionStorageAdapter;
+    /**
+     * Destroy the realtime facade if it was already constructed (no-op otherwise).
+     * Called by `__configure` / `__reset` when the runtime is replaced so the old
+     * socket is closed and heartbeat timers do not leak.
+     */
+    destroyRealtime(): void;
+}
+declare function buildRuntime(config: PalbeConfig): PalbeRuntime;
+
+type MagicLinkResult = ({
+    status: 'signedIn';
+} & AuthSuccess) | {
+    status: 'mfaRequired';
+    mfaToken: string;
+    factors: string[];
+};
+type OAuthExchangeResult = ({
+    status: 'signedIn';
+} & AuthSuccess) | {
+    status: 'mfaRequired';
+    mfaToken: string;
+    factors: string[];
+};
+interface AuthUser {
+    id: string;
+    /** null for phone-only users (the server omits email). */
+    email: string | null;
+    emailVerified: boolean;
+    createdAt: string;
+}
+interface AuthSuccess {
+    user: AuthUser;
+    session: Session$1;
+}
+type AuthState = {
+    status: 'signedIn';
+    user: AuthUser;
+} | {
+    status: 'signedOut';
+};
+type AuthChangeEvent = {
+    type: 'signedIn';
+    user: AuthUser;
+} | {
+    type: 'signedOut';
+    reason: 'userInitiated' | 'sessionExpired';
+} | {
+    type: 'tokenRefreshed';
+};
+type Unsubscribe = () => void;
+declare class PalbeAuth {
+    private readonly rt;
+    private cachedUser;
+    private signingOut;
+    private signingIn;
+    private signedInState;
+    private readonly stateListeners;
+    private readonly eventListeners;
+    private readonly userListeners;
+    constructor(rt: PalbeRuntime);
+    get currentUser(): AuthUser | null;
+    get isSignedIn(): boolean;
+    signUp(params: {
+        email: string;
+        password: string;
+    }): Promise<AuthSuccess>;
+    signIn(params: {
+        email: string;
+        password: string;
+    }): Promise<AuthSuccess>;
+    signOut(): Promise<void>;
+    getUser(): Promise<AuthUser>;
+    refreshUser(): Promise<AuthUser>;
+    /**
+     * Subscribe to signed-in/signed-out state. Fires immediately with the
+     * current snapshot (iOS parity). NOTE: a restored session (page reload) has
+     * no cached user yet, so the immediate snapshot reports signedOut even when
+     * `isSignedIn` is true — call `refreshUser()` on boot to populate the user
+     * and rely on `isSignedIn` for the session truth.
+     */
+    onAuthStateChange(callback: (state: AuthState) => void): Unsubscribe;
+    onAuthEvent(callback: (event: AuthChangeEvent) => void): Unsubscribe;
+    /** Subscribe to user-profile changes. Replays the cached user on subscribe (iOS parity). */
+    onUserChange(callback: (user: AuthUser) => void): Unsubscribe;
+    private snapshotState;
+    /**
+     * Listener exception isolation: a throwing consumer callback must never
+     * break delivery to other listeners nor propagate into the emit caller
+     * (tokenManager.clearSession callers, pb.call paths, signOut, ...).
+     */
+    private safeInvoke;
+    private emitState;
+    private emitEvent;
+    /** Cache the user + announce sign-in. Session was already set by AuthClient. */
+    private adopt;
+    /** Adopt a raw palauth AuthResult wire shape: wire tokens, cache user, announce. */
+    private adoptWire;
+    /** Run a sign-in flow under the signingIn flag to suppress spurious tokenRefreshed. */
+    private withSigningIn;
+    /**
+     * Defensively decode a 200 union body (AuthResult | mfa-required) and
+     * complete the flow. The wire contract promises one of the two shapes, but
+     * a literal-`null` (or otherwise malformed) JSON body must surface as
+     * BackendError('decode') — never a raw TypeError from probing a non-object.
+     * The mfa branch validates its fields: `mfa_token` is required; the factor
+     * list (named `factors` by magic-link verify, `mfa_factors` by the OAuth
+     * callback — extraction-verified against palauth) tolerates a missing or
+     * malformed value as []. The signedIn branch validates the FULL AuthResult
+     * shape (asWireAuthResult) — an incomplete body falls through to decode,
+     * never half-adopts.
+     */
+    private completeAuthUnion;
+    private decodeError;
+    signInWithOTP(params: {
+        phone: string;
+    }): Promise<void>;
+    verifyOTP(params: {
+        phone: string;
+        token: string;
+    }): Promise<AuthSuccess>;
+    resetPassword(email: string): Promise<void>;
+    confirmPasswordReset(params: {
+        token: string;
+        newPassword: string;
+    }): Promise<void>;
+    updatePassword(params: {
+        currentPassword: string;
+        newPassword: string;
+    }): Promise<void>;
+    verifyEmail(params: {
+        token: string;
+    } | {
+        code: string;
+        email: string;
+    }): Promise<void>;
+    resendVerification(email: string): Promise<void>;
+    signInWithMagicLink(email: string): Promise<void>;
+    verifyMagicLink(token: string): Promise<MagicLinkResult>;
+    signInWithCredential(params: {
+        provider: string;
+        credential: string;
+    }): Promise<AuthSuccess>;
+    signInWithOAuth(params: {
+        provider: string;
+        redirectTo?: string;
+        /** Set false to skip the browser redirect (popup/manual flows). Default true. */
+        redirect?: boolean;
+    }): Promise<{
+        url: string;
+    }>;
+    /**
+     * Complete the OAuth redirect flow: trade the provider's `code` + `state`
+     * (from the app's redirect_uri query) for a session. PKCE verifier + state
+     * live server-side in palauth — the client only relays the two values.
+     */
+    exchangeCodeForSession(params: {
+        provider: string;
+        code: string;
+        state: string;
+    }): Promise<OAuthExchangeResult>;
+    /** Config-as-code gate for the zero-arg provider sugar. */
+    private requireProvider;
+    signInWithGoogle(opts?: {
+        redirectTo?: string;
+        redirect?: boolean;
+    }): Promise<{
+        url: string;
+    }>;
+    signInWithApple(opts?: {
+        redirectTo?: string;
+        redirect?: boolean;
+    }): Promise<{
+        url: string;
+    }>;
+}
+
+/** Free-form event property bag (JSON object on the wire). */
+type AnalyticsProperties = Record<string, unknown>;
+/**
+ * Runtime-scoped analytics identity — constructed EAGERLY in `buildRuntime`
+ * (cheap: listener wiring only, no I/O) because the X-Distinct-Id header
+ * interceptor must stamp every request from the first one, even when
+ * `pb.analytics` is never touched (iOS: the resolver is wired at
+ * PalBackend init). The facade wraps this state lazily.
+ *
+ * Auth events: while no facade exists, the state maintains identity only
+ * (user id for the header, anon rotation on user-initiated sign-out). Once
+ * the facade attaches, it takes over wholesale and adds the ingest
+ * side-effects (flush + identify / flush + reset).
+ */
+declare class AnalyticsState {
+    identifiedUserId: string | null;
+    /** Set by PalbeAnalytics on construction — delegates auth events to it. */
+    facadeAuthHandler: ((event: AuthChangeEvent) => void) | null;
+    private anonId;
+    private readonly store;
+    private readonly idKey;
+    private readonly optOutKey;
+    constructor(rt: PalbeRuntime);
+    /** User id when identified, else the stable anon id. NEVER empty —
+     * this is what `identify()` links, so stamping it on every request lets
+     * the trace pipeline stitch pre-login activity to the user. */
+    distinctId(): string;
+    anonymousId(): string;
+    rotateAnonymousId(): string;
+    isOptedOut(): boolean;
+    setOptOut(on: boolean): void;
+}
+declare class PalbeAnalytics {
+    private readonly rt;
+    private readonly state;
+    private readonly buffer;
+    private flushTimer;
+    /** Browser → buffer + size/timer flush. Server (no document) → immediate
+     * per-call POST, zero timers (nothing leaks into RSC/route handlers). */
+    private readonly browser;
+    constructor(rt: PalbeRuntime, state: AnalyticsState);
+    /** Record an event. Invalid names are dropped (one warn per process). */
+    capture(event: string, properties?: AnalyticsProperties): void;
+    /** Record a screen view — server-canonical `$screen` + `screen_name`.
+     * Validates non-empty only (the live wire at /v1/analytics/screen requires
+     * non-empty screen_name; the event-name regex does NOT apply here). */
+    screen(name: string, properties?: AnalyticsProperties): void;
+    /** Link the current anon id to `userId` and adopt it as the distinct id.
+     * Immediate POST (not buffered). Re-identifying a DIFFERENT user
+     * auto-resets first (iOS K10) so one anon id never links two users. */
+    identify(userId: string, traits?: AnalyticsProperties): void;
+    /** Merge distinct id `from` into `to` (identity stitching). Immediate POST. */
+    alias(from: string, to: string): void;
+    /** Drop the buffer, clear the identified user and rotate the anon id
+     * (sign-out hygiene). Callers wanting pending events delivered flush first
+     * — the auth binding does. */
+    reset(): void;
+    /** Persisted GDPR opt-out. Opting out drops anything pending so nothing
+     * already-buffered leaks after the user said stop. */
+    setOptOut(on: boolean): void;
+    /** Drain the buffer to /v1/analytics/batch (≤100 per request, sequential).
+     * Resolves when delivery finished; NEVER rejects — failed slices are
+     * dropped with one warn per flush. 207 partial-reject is also warned once
+     * (fire-and-forget: no retry for already-delivered batches). */
+    flush(): Promise<void>;
+    private ingest;
+    /** iOS PalBackend auth-binding parity: signedIn → flush + identify;
+     * userInitiated signedOut → flush + reset; sessionExpired → flush only. */
+    private handleAuthEvent;
+    private startTimer;
+    private cancelTimer;
+    private post;
+}
+
+export { type AnalyticsProperties as A, type RealtimeConnectionState as B, Call as C, type RealtimeHandler as D, type RealtimePayload as E, type FlagsView as F, type RealtimeStatus as G, type RealtimeStatusSnapshot as H, type RealtimeSubscription as I, type PalbeRuntime as J, buildRuntime as K, type MagicLinkResult as M, type OAuthExchangeResult as O, PalbeAnalytics as P, RealtimeChannel as R, type SentReceipt as S, type Unsubscribe as U, type AuthChangeEvent as a, type AuthState as b, type AuthSuccess as c, type AuthUser as d, type CallChangeCallback as e, type CallParticipant as f, type CallState as g, Chat as h, type ChatBackend as i, type ChatDraft as j, type ChatKind as k, type ChatMember as l, type ChatMessage as m, type ChatMessageKind as n, type ChatRole as o, type ChatState as p, type CommsPrefs as q, type MessageDirection as r, PalbeAuth as s, PalbeCalls as t, type PalbeConfig as u, PalbeFlags as v, PalbeMessaging as w, type PalbeOAuthConfig as x, PalbeRealtime as y, type PresenceState as z };