@payez/next-mvp 4.0.1 → 4.0.2

package/dist/client/better-auth-client.js

@@ -0,0 +1,68 @@
+"use strict";
+/**
+ * Better Auth Client (Phase 3)
+ *
+ * Drop-in replacement for next-auth/react hooks and functions.
+ * Import from '@payez/next-mvp/client/better-auth-client'.
+ *
+ * Includes useSessionCompat() — returns NextAuth-shaped { data, status }
+ * so existing components don't need destructure pattern changes.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.signOut = exports.signIn = exports.useSession = exports.authClient = void 0;
+exports.useSessionCompat = useSessionCompat;
+exports.signOutCompat = signOutCompat;
+const react_1 = require("better-auth/react");
+const react_2 = require("react");
+exports.authClient = (0, react_1.createAuthClient)({
+// baseURL derived from BETTER_AUTH_URL or window.location.origin
+});
+// Convenience exports
+exports.useSession = exports.authClient.useSession, exports.signIn = exports.authClient.signIn, exports.signOut = exports.authClient.signOut;
+/**
+ * NextAuth-compatible useSession wrapper.
+ *
+ * Maps Better Auth's { data, error, isPending } to NextAuth's { data, status, update }.
+ * Drop-in replacement — no destructure changes needed in consuming components.
+ */
+function useSessionCompat() {
+    const baSession = exports.authClient.useSession();
+    const status = (0, react_2.useMemo)(() => {
+        if (baSession.isPending)
+            return 'loading';
+        if (baSession.data)
+            return 'authenticated';
+        return 'unauthenticated';
+    }, [baSession.isPending, baSession.data]);
+    // Map Better Auth session shape to NextAuth session shape
+    const data = (0, react_2.useMemo)(() => {
+        if (!baSession.data)
+            return null;
+        return {
+            ...baSession.data,
+            user: baSession.data.user,
+            expires: '', // Better Auth handles expiry differently
+        };
+    }, [baSession.data]);
+    return {
+        data,
+        status,
+        update: async () => {
+            // Better Auth doesn't have a direct "refresh session" call.
+            // Force refetch by invalidating the query.
+            // TODO: Wire to proper session refresh when available.
+            return data;
+        },
+    };
+}
+/**
+ * NextAuth-compatible signOut wrapper.
+ *
+ * Maps NextAuth signOut({ redirect, callbackUrl }) to Better Auth.
+ */
+async function signOutCompat(options) {
+    await exports.authClient.signOut();
+    if (options?.redirect !== false && options?.callbackUrl) {
+        window.location.href = options.callbackUrl;
+    }
+}

package/dist/client/fetch-with-auth.d.ts

@@ -0,0 +1,11 @@
+/**
+ * A wrapper for the `fetch` API that automatically injects the session's
+ * accessToken into the Authorization header and handles 401 Unauthorized
+ * responses by redirecting the user to the login page.
+ *
+ * @param url The URL to fetch.
+ * @param options The standard `fetch` options.
+ * @returns A `Promise` that resolves to the `Response` object.
+ * @throws An 'UNAUTHORIZED_REDIRECT' error after initiating the redirect to halt further execution.
+ */
+export declare function fetchWithAuth(url: string, options?: RequestInit): Promise<Response>;

package/dist/client/fetch-with-auth.js

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fetchWithAuth = fetchWithAuth;
+// src/client/fetch-with-auth.ts
+const better_auth_client_1 = require("./better-auth-client");
+/**
+ * A wrapper for the `fetch` API that automatically injects the session's
+ * accessToken into the Authorization header and handles 401 Unauthorized
+ * responses by redirecting the user to the login page.
+ *
+ * @param url The URL to fetch.
+ * @param options The standard `fetch` options.
+ * @returns A `Promise` that resolves to the `Response` object.
+ * @throws An 'UNAUTHORIZED_REDIRECT' error after initiating the redirect to halt further execution.
+ */
+async function fetchWithAuth(url, options = {}) {
+    // 1. Retrieve the client-side session to get the accessToken.
+    const { data: session } = await better_auth_client_1.authClient.getSession();
+    // 2. Inject the accessToken into the Authorization header.
+    const headers = new Headers(options.headers);
+    if (session?.accessToken) {
+        headers.set('Authorization', `Bearer ${session.accessToken}`);
+    }
+    options.headers = headers;
+    const response = await fetch(url, options);
+    // 3. Handle the 401 response intelligently.
+    if (response.status === 401) {
+        // If we have a valid session, this is likely a claim/permission error, not an auth error
+        if (session?.accessToken) {
+            console.warn('API returned 401 despite valid session. Likely insufficient claims or permissions.');
+            // Don't redirect - let the calling code handle the error gracefully
+            return response;
+        }
+        // No valid session - this is a real authentication failure
+        console.error('Unauthorized API call (no valid session). Redirecting to login.');
+        // SAFEGUARD: Never use auth pages as callback URLs to prevent redirect loops
+        const pathname = window.location.pathname;
+        const safeCallbackUrl = pathname.startsWith('/account-auth/') ? '/' : pathname;
+        window.location.href = `/account-auth/login?callbackUrl=${encodeURIComponent(safeCallbackUrl)}`;
+        // Throw a specific error to signal that a redirect has been initiated.
+        throw new Error('UNAUTHORIZED_REDIRECT');
+    }
+    return response;
+}

package/dist/client/fetchWithSession.d.ts

@@ -0,0 +1,3 @@
+export declare function fetchWithSession(input: RequestInfo | URL, init?: RequestInit, opts?: {
+    retry?: number;
+}): Promise<Response>;

package/dist/client/fetchWithSession.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fetchWithSession = fetchWithSession;
+async function fetchWithSession(input, init = {}, opts = {}) {
+    const retry = opts.retry ?? 1;
+    const doFetch = async () => {
+        const res = await fetch(input, { ...init, credentials: 'include' });
+        if (res.ok)
+            return res;
+        if (res.status === 401 && retry > 0) {
+            const rf = await fetch('/api/auth/refresh', { method: 'POST', headers: { 'Accept': 'application/json' }, credentials: 'include' });
+            if (rf.ok)
+                return fetchWithSession(input, init, { retry: retry - 1 });
+        }
+        if ((res.status === 409 || res.status === 503) && retry > 0) {
+            const retryAfter = res.headers.get('Retry-After');
+            const waitMs = retryAfter ? parseInt(retryAfter) * 1000 : 1000;
+            await new Promise(r => setTimeout(r, Math.min(waitMs, 3000)));
+            return fetchWithSession(input, init, { retry: retry - 1 });
+        }
+        return res;
+    };
+    return doFetch();
+}

package/dist/client/index.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Client-Side Exports
+ *
+ * This module exports only client-safe code for use in browser environments.
+ * Server-only utilities and Node.js dependencies are excluded.
+ */
+export { fetchWithAuth } from './fetch-with-auth';
+export { AuthProvider, useAuthConfig, useAuthMode, useFederatedProviders, useFederatedAuthEnabled, useTraditionalAuthEnabled } from './AuthContext';
+export type { AuthConfig } from '../types/auth';

package/dist/client/index.js

@@ -0,0 +1,20 @@
+"use strict";
+/**
+ * Client-Side Exports
+ *
+ * This module exports only client-safe code for use in browser environments.
+ * Server-only utilities and Node.js dependencies are excluded.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.useTraditionalAuthEnabled = exports.useFederatedAuthEnabled = exports.useFederatedProviders = exports.useAuthMode = exports.useAuthConfig = exports.AuthProvider = exports.fetchWithAuth = void 0;
+// Client-side fetch utility
+var fetch_with_auth_1 = require("./fetch-with-auth");
+Object.defineProperty(exports, "fetchWithAuth", { enumerable: true, get: function () { return fetch_with_auth_1.fetchWithAuth; } });
+// Authentication context and hooks
+var AuthContext_1 = require("./AuthContext");
+Object.defineProperty(exports, "AuthProvider", { enumerable: true, get: function () { return AuthContext_1.AuthProvider; } });
+Object.defineProperty(exports, "useAuthConfig", { enumerable: true, get: function () { return AuthContext_1.useAuthConfig; } });
+Object.defineProperty(exports, "useAuthMode", { enumerable: true, get: function () { return AuthContext_1.useAuthMode; } });
+Object.defineProperty(exports, "useFederatedProviders", { enumerable: true, get: function () { return AuthContext_1.useFederatedProviders; } });
+Object.defineProperty(exports, "useFederatedAuthEnabled", { enumerable: true, get: function () { return AuthContext_1.useFederatedAuthEnabled; } });
+Object.defineProperty(exports, "useTraditionalAuthEnabled", { enumerable: true, get: function () { return AuthContext_1.useTraditionalAuthEnabled; } });

package/dist/client/useAnonSession.d.ts

@@ -0,0 +1,36 @@
+/**
+ * useAnonSession - React hook for anonymous session management
+ *
+ * Provides access to anonymous session preferences stored in Redis.
+ * Works before user logs in, preferences persist across visits.
+ */
+export interface AnonPreferences {
+    theme?: string;
+    locale?: string;
+    [key: string]: any;
+}
+export interface AnonMetrics {
+    resumeGenerationCount?: number;
+    firstVisit?: number;
+    lastVisit?: number;
+    visitCount?: number;
+    [key: string]: any;
+}
+export interface AnonSession {
+    id: string;
+    preferences: AnonPreferences;
+    metrics: AnonMetrics;
+}
+export interface UseAnonSessionReturn {
+    session: AnonSession | null;
+    isLoading: boolean;
+    error: string | null;
+    updatePreferences: (preferences: Partial<AnonPreferences>) => Promise<void>;
+    setTheme: (theme: string) => Promise<void>;
+    refresh: () => Promise<void>;
+}
+/**
+ * Hook to manage anonymous session state
+ */
+export declare function useAnonSession(): UseAnonSessionReturn;
+export default useAnonSession;

package/dist/client/useAnonSession.js

@@ -0,0 +1,99 @@
+"use strict";
+/**
+ * useAnonSession - React hook for anonymous session management
+ *
+ * Provides access to anonymous session preferences stored in Redis.
+ * Works before user logs in, preferences persist across visits.
+ */
+'use client';
+/**
+ * useAnonSession - React hook for anonymous session management
+ *
+ * Provides access to anonymous session preferences stored in Redis.
+ * Works before user logs in, preferences persist across visits.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.useAnonSession = useAnonSession;
+const react_1 = require("react");
+/**
+ * Hook to manage anonymous session state
+ */
+function useAnonSession() {
+    const [session, setSession] = (0, react_1.useState)(null);
+    const [isLoading, setIsLoading] = (0, react_1.useState)(true);
+    const [error, setError] = (0, react_1.useState)(null);
+    // Fetch session on mount
+    const fetchSession = (0, react_1.useCallback)(async () => {
+        try {
+            setIsLoading(true);
+            setError(null);
+            const response = await fetch('/api/anon/preferences', {
+                method: 'GET',
+                credentials: 'include', // Important for cookies
+            });
+            if (!response.ok) {
+                throw new Error('Failed to fetch preferences');
+            }
+            const data = await response.json();
+            if (data.success && data.data) {
+                setSession({
+                    id: data.data.id,
+                    preferences: data.data.preferences || {},
+                    metrics: data.data.metrics || {},
+                });
+            }
+        }
+        catch (err) {
+            console.error('[useAnonSession] Error fetching session:', err);
+            setError(err instanceof Error ? err.message : 'Unknown error');
+        }
+        finally {
+            setIsLoading(false);
+        }
+    }, []);
+    (0, react_1.useEffect)(() => {
+        fetchSession();
+    }, [fetchSession]);
+    // Update preferences
+    const updatePreferences = (0, react_1.useCallback)(async (preferences) => {
+        try {
+            setError(null);
+            const response = await fetch('/api/anon/preferences', {
+                method: 'POST',
+                credentials: 'include',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({ preferences }),
+            });
+            if (!response.ok) {
+                throw new Error('Failed to update preferences');
+            }
+            const data = await response.json();
+            if (data.success && data.data) {
+                setSession(prev => prev ? {
+                    ...prev,
+                    preferences: data.data.preferences,
+                } : null);
+            }
+        }
+        catch (err) {
+            console.error('[useAnonSession] Error updating preferences:', err);
+            setError(err instanceof Error ? err.message : 'Unknown error');
+            throw err;
+        }
+    }, []);
+    // Convenience method to set theme
+    const setTheme = (0, react_1.useCallback)(async (theme) => {
+        await updatePreferences({ theme });
+    }, [updatePreferences]);
+    return {
+        session,
+        isLoading,
+        error,
+        updatePreferences,
+        setTheme,
+        refresh: fetchSession,
+    };
+}
+exports.default = useAnonSession;

package/dist/components/SessionSync.d.ts

@@ -0,0 +1,13 @@
+/**
+ * SessionSync - Bridges NextAuth session with Zustand auth store
+ *
+ * CRITICAL: This component enforces strict session validation. If NextAuth
+ * reports an authenticated status but the session data is invalid (empty user ID,
+ * empty email, or missing access token), it forces a sign-out to prevent
+ * contradictory state like "hasSession: true, userId: ''"
+ *
+ * This ensures the app NEVER shows authenticated UI with empty/invalid session data.
+ */
+export declare function SessionSync({ children }: {
+    children: React.ReactNode;
+}): import("react/jsx-runtime").JSX.Element;

package/dist/components/SessionSync.js

@@ -0,0 +1,121 @@
+"use strict";
+'use client';
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionSync = SessionSync;
+const jsx_runtime_1 = require("react/jsx-runtime");
+const react_1 = require("react");
+const better_auth_client_1 = require("../client/better-auth-client");
+const authStore_1 = require("../stores/authStore");
+const session_1 = require("../lib/session");
+const app_slug_1 = require("../lib/app-slug");
+/**
+ * Sanitize sensitive data for logging
+ * Never log full user IDs or emails in any environment
+ */
+function sanitizeForLog(value, type) {
+    if (!value)
+        return '(empty)';
+    if (type === 'email') {
+        return '***@***'; // Never log emails
+    }
+    if (type === 'userId') {
+        // Only show first 8 chars in development
+        if (process.env.NODE_ENV === 'development') {
+            return value.substring(0, 8) + '...';
+        }
+        return '***'; // Fully redact in production
+    }
+    return '***';
+}
+/**
+ * SessionSync - Bridges NextAuth session with Zustand auth store
+ *
+ * CRITICAL: This component enforces strict session validation. If NextAuth
+ * reports an authenticated status but the session data is invalid (empty user ID,
+ * empty email, or missing access token), it forces a sign-out to prevent
+ * contradictory state like "hasSession: true, userId: ''"
+ *
+ * This ensures the app NEVER shows authenticated UI with empty/invalid session data.
+ */
+function SessionSync({ children }) {
+    const { data: sessionData, isPending } = better_auth_client_1.authClient.useSession();
+    const session = sessionData;
+    const status = isPending ? 'loading' : session ? 'authenticated' : 'unauthenticated';
+    const { setSession, clearSession } = (0, authStore_1.useAuthStore)();
+    // Guard against duplicate sign-out calls
+    const isSigningOutRef = (0, react_1.useRef)(false);
+    (0, react_1.useEffect)(() => {
+        let isMounted = true;
+        // Only process when NextAuth has finished loading
+        if (status === 'loading') {
+            return;
+        }
+        // Strict validation: Check if session is actually valid
+        const isValid = (0, session_1.isValidSession)(session);
+        // CRITICAL FIX: If NextAuth says "authenticated" but session is invalid,
+        // this is a broken state that must be fixed immediately
+        if (status === 'authenticated' && !isValid) {
+            // GUARD: Prevent duplicate sign-out
+            if (isSigningOutRef.current) {
+                console.warn('[SessionSync] Sign-out already in progress, skipping');
+                return;
+            }
+            isSigningOutRef.current = true;
+            console.error('[SessionSync] CRITICAL: Invalid session detected despite authenticated status!');
+            console.error('[SessionSync] This indicates a session with empty user data - forcing sign-out');
+            // Log diagnostic info with PII redaction
+            // Note: session is typed as Session | null from NextAuth, but may have invalid/partial data
+            const sessionData = session; // Explicit cast needed for error logging
+            console.error('[SessionSync] Session data:', {
+                hasSessionObject: !!sessionData,
+                hasUser: !!sessionData?.user,
+                userId: sanitizeForLog(sessionData?.user?.id, 'userId'),
+                userEmail: sanitizeForLog(sessionData?.user?.email, 'email'),
+                hasAccessToken: !!sessionData?.accessToken,
+            });
+            // Clear the auth store immediately
+            clearSession();
+            // FIX: Force clear all auth cookies including stale provisional tokens (app-slug prefixed)
+            // This prevents infinite loop when provisional token exists but session is invalid
+            // Root cause: OAuth creates provisional token before Redis session exists
+            try {
+                const secureSession = (0, app_slug_1.getSecureSessionCookieName)();
+                const secureCsrf = (0, app_slug_1.getSecureCsrfCookieName)();
+                const callbackUrl = (0, app_slug_1.getCallbackUrlCookieName)();
+                document.cookie = `${secureSession}=; path=/; expires=Thu, 01 Jan 1970 00:00:00 UTC; Secure; SameSite=Lax`;
+                document.cookie = `${secureCsrf}=; path=/; expires=Thu, 01 Jan 1970 00:00:00 UTC; SameSite=Lax`;
+                document.cookie = `__Secure-${callbackUrl}=; path=/; expires=Thu, 01 Jan 1970 00:00:00 UTC; Secure; SameSite=Lax`;
+            }
+            catch (e) {
+                // Cookie clearing failed - non-critical, continue with signout
+            }
+            // Force Better Auth to sign out (this will clear cookies and trigger redirect)
+            better_auth_client_1.authClient.signOut()
+                .then(() => {
+                if (isMounted) {
+                    // Use generic error code instead of implementation details
+                    window.location.href = '/account-auth/login?error=SessionExpired&code=1001';
+                }
+            })
+                .catch((err) => {
+                console.error('[SessionSync] Error during forced signout:', err);
+                if (isMounted) {
+                    window.location.href = '/account-auth/login?error=SessionExpired&code=1001';
+                }
+            });
+            return;
+        }
+        // Normal flow: Update store based on valid session status
+        if (status === 'authenticated' && isValid) {
+            setSession(session);
+        }
+        else if (status === 'unauthenticated') {
+            clearSession();
+        }
+        // Cleanup function to prevent post-unmount updates
+        return () => {
+            isMounted = false;
+        };
+    }, [session, status, setSession, clearSession]);
+    return (0, jsx_runtime_1.jsx)(jsx_runtime_1.Fragment, { children: children });
+}

package/dist/components/SignalRHealthCheck.d.ts

@@ -0,0 +1,10 @@
+interface SignalRHealthCheckProps {
+    className?: string;
+    idpBaseUrl: string;
+}
+/**
+ * Simple health check component using SignalR connection state
+ * Following Occam's Razor: Connection alive = Service healthy, Connection dead = Service unhealthy
+ */
+export default function SignalRHealthCheck({ className, idpBaseUrl }: SignalRHealthCheckProps): import("react/jsx-runtime").JSX.Element | null;
+export {};

package/dist/components/SignalRHealthCheck.js

@@ -0,0 +1,97 @@
+"use strict";
+'use client';
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = SignalRHealthCheck;
+const jsx_runtime_1 = require("react/jsx-runtime");
+const react_1 = require("react");
+const signalrActivityService_1 = require("../services/signalrActivityService");
+/**
+ * Simple health check component using SignalR connection state
+ * Following Occam's Razor: Connection alive = Service healthy, Connection dead = Service unhealthy
+ */
+function SignalRHealthCheck({ className = '', idpBaseUrl }) {
+    // Allow disabling via env for noisy environments (e.g., production demos)
+    if (process.env.NEXT_PUBLIC_DISABLE_HEALTH_MONITOR === 'true') {
+        return null;
+    }
+    const [healthStatus, setHealthStatus] = (0, react_1.useState)({
+        isHealthy: false,
+        message: 'Initializing...',
+        lastHeartbeat: null,
+        connectionId: null
+    });
+    const [isInitializing, setIsInitializing] = (0, react_1.useState)(true);
+    (0, react_1.useEffect)(() => {
+        let unsubscribe = null;
+        const initializeHealthService = async () => {
+            try {
+                // Subscribe to health status changes
+                unsubscribe = signalrActivityService_1.signalRActivityService.subscribe((status) => {
+                    setHealthStatus(status);
+                    setIsInitializing(false);
+                });
+                // Start the health monitoring
+                await signalrActivityService_1.signalRActivityService.start(idpBaseUrl);
+            }
+            catch (error) {
+                // Handle service unavailable gracefully without console spam
+                const errorMessage = error instanceof Error ? error.message : String(error);
+                const isServiceDown = errorMessage.includes('ERR_CONNECTION_REFUSED') ||
+                    errorMessage.includes('Failed to fetch');
+                if (isServiceDown) {
+                    console.info('Health monitoring: Backend service unavailable');
+                    setHealthStatus({
+                        isHealthy: false,
+                        message: 'Backend service offline',
+                        lastHeartbeat: null,
+                        connectionId: null
+                    });
+                }
+                else {
+                    console.error('Failed to initialize SignalR health service:', error);
+                    setHealthStatus({
+                        isHealthy: false,
+                        message: 'Failed to initialize health monitoring',
+                        lastHeartbeat: null,
+                        connectionId: null
+                    });
+                }
+                setIsInitializing(false);
+            }
+        };
+        initializeHealthService();
+        // Cleanup on unmount
+        return () => {
+            if (unsubscribe) {
+                unsubscribe();
+            }
+        };
+    }, [idpBaseUrl]);
+    const getStatusColor = () => {
+        if (isInitializing)
+            return 'text-yellow-600';
+        return healthStatus.isHealthy ? 'text-green-600' : 'text-orange-600'; // Orange instead of alarming red
+    };
+    const getStatusIcon = () => {
+        if (isInitializing)
+            return '🔄';
+        return healthStatus.isHealthy ? '✅' : '🔶'; // Orange diamond instead of scary red X
+    };
+    const getStatusMessage = () => {
+        if (isInitializing)
+            return 'Connecting to service...';
+        return healthStatus.message;
+    };
+    const formatLastHeartbeat = () => {
+        if (!healthStatus.lastHeartbeat)
+            return null;
+        const now = new Date();
+        const diff = Math.floor((now.getTime() - healthStatus.lastHeartbeat.getTime()) / 1000);
+        if (diff < 60)
+            return `${diff}s ago`;
+        if (diff < 3600)
+            return `${Math.floor(diff / 60)}m ago`;
+        return `${Math.floor(diff / 3600)}h ago`;
+    };
+    return ((0, jsx_runtime_1.jsxs)("div", { className: `flex items-center space-x-2 ${className}`, children: [(0, jsx_runtime_1.jsx)("span", { className: "text-lg", role: "img", "aria-label": "status", children: getStatusIcon() }), (0, jsx_runtime_1.jsxs)("div", { className: "flex flex-col", children: [(0, jsx_runtime_1.jsx)("span", { className: `text-sm font-medium ${getStatusColor()}`, children: getStatusMessage() }), healthStatus.lastHeartbeat && ((0, jsx_runtime_1.jsxs)("span", { className: "text-xs text-gray-500", children: ["Last heartbeat: ", formatLastHeartbeat()] }))] })] }));
+}

package/dist/components/account/MobileNavDrawer.d.ts

@@ -0,0 +1,32 @@
+export interface NavItem {
+    href: string;
+    label: string;
+    icon?: React.ReactNode;
+}
+export interface NavSection {
+    title?: string;
+    items: Array<{
+        label: string;
+        icon?: React.ReactNode;
+        href?: string;
+        onClick?: () => void;
+    }>;
+}
+export interface MobileNavDrawerProps {
+    isOpen: boolean;
+    onClose: () => void;
+    navItems: NavItem[];
+    /** Extra sections like Admin, rendered after nav items with optional title */
+    customSections?: NavSection[];
+    /** Base path for account link (default: '/account') */
+    basePath?: string;
+    /** Custom sign-in handler (default: next-auth signIn) */
+    onSignIn?: () => void;
+    /** Callback URL after sign in (default: '/dashboard') */
+    signInCallbackUrl?: string;
+    /** Custom unauthenticated actions (replaces default Login + Start Free buttons) */
+    unauthActions?: React.ReactNode;
+    /** Custom authenticated footer (replaces default "Account Settings" link) */
+    authFooter?: React.ReactNode;
+}
+export declare function MobileNavDrawer({ isOpen, onClose, navItems, customSections, basePath, onSignIn, signInCallbackUrl, unauthActions, authFooter, }: MobileNavDrawerProps): import("react/jsx-runtime").JSX.Element;