@private.me/xbind 1.2.0

package/dist-standalone/_deps/shared/types.d.ts

@@ -0,0 +1,1097 @@
+/**
+ * Discriminated union for fallible operations.
+ * Library code returns Result instead of throwing exceptions.
+ */
+export type Result<T, E> = {
+    readonly ok: true;
+    readonly value: T;
+} | {
+    readonly ok: false;
+    readonly error: E;
+};
+/** Create a successful Result. */
+export declare function ok<T>(value: T): Result<T, never>;
+/** Create a failed Result. */
+export declare function err<E>(error: E): Result<never, E>;
+/** Supported email providers for channel transport. */
+export type Provider = 'gmail' | 'outlook' | 'yahoo';
+/** Extended provider type including generic IMAP. */
+export type ProviderExtended = Provider | 'imap';
+/** A single email channel address used for transport. */
+export interface ChannelAddress {
+    readonly provider: ProviderExtended;
+    readonly email: string;
+}
+/**
+ * Visual security border level based on channel count.
+ * - blue: 2 addresses, 2-of-2 secured
+ * - green: 3+ addresses, 2-of-3 secured + fault tolerant
+ * Use null for regular email (no security tier).
+ */
+export type SecurityTier = 'blue' | 'green';
+/** Origin of a contact: native Xail user, imported from provider, or auto-extracted from email headers. */
+export type ContactSource = 'xail' | 'imported' | 'suggested';
+/** Contact information for a Xail user. */
+export interface ContactInfo {
+    readonly name: string;
+    readonly channels: readonly ChannelAddress[];
+    readonly securityTier: SecurityTier | null;
+    readonly isEnterprise: boolean;
+    readonly enterpriseNotice?: string;
+    /** Profile photo URL from provider (HTTPS only). */
+    readonly photoUrl?: string;
+    /** Origin of the contact. Defaults to 'xail' for backward compat. */
+    readonly source?: ContactSource;
+}
+/** File attachment included with a message. */
+export interface Attachment {
+    readonly filename: string;
+    readonly mimeType: string;
+    readonly data: Uint8Array;
+}
+/** Content type for message bodies. */
+export type ContentType = 'text/plain' | 'text/html';
+/** Type of message: regular email or secure Xail split-channel message. */
+export type MessageType = 'regular' | 'secure';
+/** A Xail message (either regular or secure). */
+export interface XailMessage {
+    readonly uuid: string;
+    readonly sender: ContactInfo;
+    readonly recipients: readonly ContactInfo[];
+    readonly subject?: string;
+    readonly body: string;
+    readonly contentType: ContentType;
+    readonly attachments: readonly Attachment[];
+    readonly timestamp: number;
+    readonly messageType: MessageType;
+}
+/** A regular email fetched from a provider. */
+export interface RegularEmail {
+    readonly id: string;
+    readonly provider: Provider;
+    readonly from: string;
+    readonly to: readonly string[];
+    readonly cc?: readonly string[];
+    readonly subject: string;
+    readonly body: string;
+    readonly contentType: ContentType;
+    readonly attachments: readonly Attachment[];
+    readonly timestamp: number;
+    readonly labels: readonly string[];
+    readonly isRead: boolean;
+    readonly threadId?: string;
+    readonly unsubscribeUrl?: string;
+}
+/** A single share produced by threshold splitting. */
+export interface XailShare {
+    readonly uuid: string;
+    readonly index: number;
+    readonly totalShares: number;
+    readonly threshold: number;
+    readonly data: Uint8Array;
+    readonly hmacKey: Uint8Array;
+    readonly hmacSignature: Uint8Array;
+    /** Provider-specific message ID for the email carrying this share. */
+    readonly providerMessageId?: string;
+    /** Provider that delivered this share ('gmail' | 'outlook' | 'yahoo'). */
+    readonly sourceProvider?: string;
+}
+/** TLV type codes for message serialization. */
+export declare const TLV_TYPE: {
+    readonly MESSAGE_BODY: 1;
+    readonly ATTACHMENT: 2;
+    readonly SENDER_ID: 3;
+    readonly TIMESTAMP: 4;
+    readonly MESSAGE_UUID: 5;
+    readonly SHARE_INDEX: 6;
+    readonly TOTAL_SHARES: 7;
+    readonly THRESHOLD: 8;
+    readonly HMAC_KEY: 9;
+    readonly HMAC_SIGNATURE: 10;
+    readonly CONTENT_TYPE: 11;
+    readonly MESSAGE_SUBJECT: 12;
+    readonly SENDER_EMAIL: 13;
+};
+export type TlvType = (typeof TLV_TYPE)[keyof typeof TLV_TYPE];
+/** Enterprise server configuration. */
+export interface EnterpriseConfig {
+    readonly serverUrl: string;
+    readonly compliancePublicKey: CryptoKey;
+    readonly dlpEnabled: boolean;
+    readonly retentionDays: number;
+}
+/** Error during PKCS#7 padding/unpadding. */
+export interface PaddingError {
+    readonly code: 'INVALID_PADDING';
+    readonly message: string;
+}
+/** Error during share reconstruction. */
+export interface ReconstructionError {
+    readonly code: 'HMAC_FAILURE' | 'INVALID_SHARES' | 'INSUFFICIENT_SHARES' | 'INVALID_INDEX' | 'UUID_MISMATCH';
+    readonly message: string;
+}
+/** Error during TLV serialization/deserialization. */
+export interface SerializationError {
+    readonly code: 'INVALID_TLV' | 'BUFFER_OVERFLOW' | 'MISSING_FIELD' | 'INVALID_TYPE';
+    readonly message: string;
+}
+/** Error during HMAC integrity verification. */
+export interface IntegrityError {
+    readonly code: 'HMAC_MISMATCH' | 'KEY_ERROR';
+    readonly message: string;
+}
+/** Error during transport operations (send, receive, polling). */
+export interface TransportError {
+    readonly code: 'NETWORK_ERROR' | 'AUTH_ERROR' | 'TOKEN_REVOKED' | 'RATE_LIMITED' | 'PROVIDER_ERROR' | 'INVALID_RESPONSE' | 'TIMEOUT';
+    readonly message: string;
+    readonly provider?: Provider;
+    readonly retryable: boolean;
+}
+/** Extracted metadata from a message (never contains plaintext body). */
+export interface MessageMetadata {
+    readonly id: string;
+    readonly messageType: MessageType;
+    readonly senderName: string;
+    readonly senderEmail: string;
+    readonly recipientEmails: readonly string[];
+    readonly subject: string;
+    readonly keywords: readonly string[];
+    readonly entities: readonly ExtractedEntity[];
+    readonly timestamp: number;
+    readonly threadId: string;
+    readonly isRead: boolean;
+    readonly securityTier: SecurityTier | null;
+    readonly snippet: string;
+    readonly hasAttachments: boolean;
+    readonly attachmentNames: readonly string[];
+    /** Provider label IDs (e.g. Gmail labels). */
+    readonly labels: readonly string[];
+    /** Whether this message was sent by the user. */
+    readonly isSent: boolean;
+    /** Whether this message is a draft. */
+    readonly isDraft: boolean;
+    /** Whether this message is starred. */
+    readonly isStarred: boolean;
+}
+/** Type of entity extracted from message content. */
+export type EntityType = 'person' | 'organization' | 'amount' | 'date' | 'email' | 'url';
+/** An entity extracted from message text. */
+export interface ExtractedEntity {
+    readonly type: EntityType;
+    readonly value: string;
+    readonly position: number;
+}
+/** Search query options for filtering messages. */
+export interface SearchQuery {
+    readonly text?: string;
+    readonly from?: string;
+    readonly to?: string;
+    readonly dateFrom?: number;
+    readonly dateTo?: number;
+    readonly messageType?: MessageType;
+    readonly subject?: string;
+    readonly hasAttachments?: boolean;
+    /** Filter by attachment filename (partial, case-insensitive). */
+    readonly attachmentName?: string;
+    readonly isUnread?: boolean;
+    readonly isRead?: boolean;
+    readonly isStarred?: boolean;
+    readonly isSent?: boolean;
+    readonly isDraft?: boolean;
+    /** Filter to secure messages only (securityTier is blue or green). */
+    readonly isSecure?: boolean;
+    readonly label?: string;
+    readonly excludeText?: string;
+    readonly entityType?: EntityType;
+    readonly entityValue?: string;
+    readonly threadId?: string;
+    readonly limit?: number;
+    readonly offset?: number;
+}
+/** A result page from a search query. */
+export interface SearchResult {
+    readonly items: readonly MessageMetadata[];
+    readonly total: number;
+    readonly hasMore: boolean;
+}
+/** A thread of related messages. */
+export interface MessageThread {
+    readonly threadId: string;
+    readonly subject: string;
+    readonly participants: readonly string[];
+    readonly messageCount: number;
+    readonly latestTimestamp: number;
+    readonly securityTier: SecurityTier | null;
+    readonly messageIds: readonly string[];
+}
+/** Error during search/index operations. */
+export interface SearchError {
+    readonly code: 'STORAGE_ERROR' | 'ENCRYPTION_ERROR' | 'DECRYPTION_ERROR' | 'INVALID_QUERY' | 'INDEX_CORRUPTED' | 'KEY_DERIVATION_ERROR';
+    readonly message: string;
+}
+/** OAuth token pair for a connected provider account. */
+export interface OAuthTokens {
+    readonly accessToken: string;
+    readonly refreshToken: string;
+    readonly expiresAt: number;
+    readonly provider: Provider;
+    readonly email: string;
+    readonly displayName?: string;
+}
+/** PKCE challenge pair for OAuth flow. */
+export interface PkceChallenge {
+    readonly codeVerifier: string;
+    readonly codeChallenge: string;
+}
+/** Types of security events logged client-side. */
+export type SecurityEventType = 'hmac_failure' | 'oauth_failure' | 'reconstruction_anomaly' | 'auth_error' | 'share_rejected';
+/** A logged security event. */
+export interface SecurityEvent {
+    readonly type: SecurityEventType;
+    readonly timestamp: number;
+    readonly uuid?: string;
+    readonly details: string;
+}
+/** Supported inference runtimes for on-device AI. */
+export type InferenceRuntime = 'ollama' | 'apple-foundation' | 'gemini-nano' | 'webllm';
+/** Configuration for an embedding model. */
+export interface EmbeddingModelConfig {
+    readonly runtime: InferenceRuntime;
+    readonly modelName: string;
+    readonly dimensions: number;
+    readonly maxInputLength: number;
+}
+/** A stored embedding vector for a message. */
+export interface MessageEmbedding {
+    readonly messageId: string;
+    readonly vector: readonly number[];
+    readonly dimensions: number;
+    readonly modelUsed: string;
+    readonly createdAt: number;
+}
+/** A search result scored by relevance with source attribution. */
+export interface ScoredSearchResult {
+    readonly metadata: MessageMetadata;
+    readonly score: number;
+    readonly source: 'keyword' | 'semantic' | 'hybrid';
+}
+/** Combined search results from hybrid keyword + semantic search. */
+export interface HybridSearchResult {
+    readonly items: readonly ScoredSearchResult[];
+    readonly total: number;
+    readonly hasMore: boolean;
+    readonly semanticAvailable: boolean;
+}
+/** Error during embedding operations. */
+export interface EmbeddingError {
+    readonly code: 'EMBEDDING_FAILED' | 'MODEL_NOT_LOADED' | 'DIMENSIONS_MISMATCH' | 'INPUT_TOO_LONG' | 'RUNTIME_UNAVAILABLE' | 'STORAGE_ERROR';
+    readonly message: string;
+}
+/** Runtime status snapshot for an inference adapter. */
+export interface RuntimeStatus {
+    readonly runtime: InferenceRuntime;
+    readonly available: boolean;
+    readonly modelLoaded: boolean;
+    readonly modelName: string | null;
+    readonly dimensions: number | null;
+}
+/** Capabilities reported by an inference runtime. */
+export interface InferenceCapabilities {
+    readonly canEmbed: boolean;
+    readonly canSummarize: boolean;
+    readonly canExtractEntities: boolean;
+    readonly maxInputTokens: number;
+    readonly embeddingDimensions: number | null;
+}
+/** Connection status for a local AI model server. */
+export type OllamaConnectionStatus = 'connected' | 'disconnected' | 'checking';
+/** Model info returned by Ollama /api/tags endpoint. */
+export interface OllamaModel {
+    readonly name: string;
+    readonly size: number;
+    readonly digest: string;
+    readonly modifiedAt: string;
+}
+/** Status snapshot of the local AI server. */
+export interface OllamaStatus {
+    readonly status: OllamaConnectionStatus;
+    readonly models: readonly OllamaModel[];
+    readonly selectedModel: string | null;
+    readonly endpoint: string;
+}
+/**
+ * User-facing AI search settings. Opt-in only, disabled by default.
+ * AI features require explicit user acknowledgement of the disclosure.
+ */
+export interface AiSettings {
+    readonly enabled: boolean;
+    readonly disclosureAcknowledged: boolean;
+    readonly selectedModel: string | null;
+    readonly autoSummarize: boolean;
+    readonly enhancedEntityExtraction: boolean;
+    readonly semanticSearchEnabled: boolean;
+    readonly selectedEmbeddingModel: string | null;
+    readonly selectedRuntime: InferenceRuntime | null;
+}
+/** AI-generated metadata for a message, stored encrypted. */
+export interface AiMetadata {
+    readonly messageId: string;
+    readonly summary: string | null;
+    readonly enhancedEntities: readonly ExtractedEntity[];
+    readonly tags: readonly string[];
+    readonly processedAt: number;
+    readonly modelUsed: string;
+}
+/** Error during AI operations. */
+export interface AiSearchError {
+    readonly code: 'AI_DISABLED' | 'NO_MODEL_AVAILABLE' | 'LOCALHOST_ONLY' | 'CONNECTION_FAILED' | 'GENERATION_FAILED' | 'INVALID_RESPONSE' | 'STORAGE_ERROR' | 'EMBEDDING_FAILED';
+    readonly message: string;
+}
+/** Encrypted compliance copy stored on Corporate Xail Server. */
+export interface ComplianceCopy {
+    readonly messageUuid: string;
+    readonly senderEmail: string;
+    readonly recipientEmails: readonly string[];
+    readonly encryptedContent: Uint8Array;
+    readonly encryptedAesKey: Uint8Array;
+    readonly iv: Uint8Array;
+    readonly timestamp: number;
+    readonly contentType: ContentType;
+    readonly orgId: string;
+}
+/** DLP scan actions: allow, block, or quarantine the message. */
+export type DlpAction = 'allow' | 'block' | 'quarantine';
+/** Result of a DLP pre-split scan. */
+export interface DlpScanResult {
+    readonly action: DlpAction;
+    readonly reason?: string;
+    readonly ruleId?: string;
+    readonly scannedAt: number;
+}
+/** Types of enterprise audit actions logged server-side. */
+export type AuditAction = 'compliance_copy_created' | 'compliance_copy_stored' | 'compliance_copy_decrypted' | 'dlp_scan_requested' | 'dlp_scan_completed' | 'delegation_created' | 'delegation_revoked' | 'ediscovery_search' | 'ediscovery_export' | 'retention_enforced' | 'retention_deleted' | 'tenant_provisioned' | 'tenant_activated' | 'tenant_suspended' | 'tenant_deactivated';
+/** A server-side audit log entry. */
+export interface AuditEntry {
+    readonly id: string;
+    readonly action: AuditAction;
+    readonly actor: string;
+    readonly target: string;
+    readonly timestamp: number;
+    readonly metadata: Readonly<Record<string, string>>;
+}
+/** Permission levels for delegated access. */
+export type DelegatePermission = 'read' | 'reconstruct' | 'export';
+/** A delegation granting one user access to another's messages. */
+export interface Delegation {
+    readonly id: string;
+    readonly delegatorEmail: string;
+    readonly delegateEmail: string;
+    readonly permissions: readonly DelegatePermission[];
+    readonly createdAt: number;
+    readonly expiresAt: number;
+    readonly isActive: boolean;
+}
+/** Retention policy for compliance copies. */
+export interface RetentionPolicy {
+    readonly minDays: number;
+    readonly maxDays: number;
+    readonly autoDelete: boolean;
+    readonly legalHoldOverride: boolean;
+}
+/** Error during enterprise operations. */
+export interface EnterpriseError {
+    readonly code: 'ENCRYPTION_FAILED' | 'DECRYPTION_FAILED' | 'SERVER_UNREACHABLE' | 'DLP_BLOCKED' | 'UNAUTHORIZED' | 'INVALID_CONFIG' | 'DELEGATION_EXPIRED' | 'DELEGATION_NOT_FOUND' | 'RETENTION_VIOLATION' | 'EDISCOVERY_ERROR' | 'COPY_NOT_FOUND' | 'ALREADY_EXISTS';
+    readonly message: string;
+}
+/** Query parameters for eDiscovery search. */
+export interface EDiscoveryQuery {
+    readonly senderEmail?: string;
+    readonly recipientEmail?: string;
+    readonly dateFrom?: number;
+    readonly dateTo?: number;
+    readonly orgId: string;
+    readonly limit?: number;
+    readonly offset?: number;
+}
+/** A single eDiscovery search result (metadata only, not decrypted). */
+export interface EDiscoveryResult {
+    readonly messageUuid: string;
+    readonly senderEmail: string;
+    readonly recipientEmails: readonly string[];
+    readonly timestamp: number;
+    readonly hasComplianceCopy: boolean;
+}
+/** Trust level for a contact's public key. */
+export type TrustLevel = 'unknown' | 'tofu' | 'verified';
+/** Action recorded in the key transparency log. */
+export type KeyTransparencyAction = 'key_registered' | 'key_rotated' | 'key_verified' | 'key_revoked';
+/** An entry in the append-only key transparency log. */
+export interface KeyTransparencyEntry {
+    readonly id: string;
+    readonly contactEmail: string;
+    readonly publicKeyFingerprint: string;
+    readonly previousEntryHash: string | null;
+    readonly action: KeyTransparencyAction;
+    readonly timestamp: number;
+    readonly metadata: Readonly<Record<string, string>>;
+}
+/** A verification challenge for mutual key verification ceremony. */
+export interface VerificationChallenge {
+    readonly id: string;
+    readonly shortAuthString: string;
+    readonly qrData: string;
+    readonly initiatorEmail: string;
+    readonly responderEmail: string;
+    readonly initiatorFingerprint: string;
+    readonly responderFingerprint: string;
+    readonly createdAt: number;
+    readonly expiresAt: number;
+}
+/** Record of a key rotation event. */
+export interface KeyRotationRecord {
+    readonly contactEmail: string;
+    readonly oldFingerprint: string;
+    readonly newFingerprint: string;
+    readonly continuitySignature: Uint8Array;
+    readonly rotatedAt: number;
+    readonly gracePeriodEndsAt: number;
+}
+/** Error during trust establishment operations. */
+export interface TrustError {
+    readonly code: 'VERIFICATION_FAILED' | 'VERIFICATION_EXPIRED' | 'KEY_MISMATCH' | 'FINGERPRINT_CONFLICT' | 'ROTATION_INVALID' | 'CONTINUITY_BROKEN' | 'LOG_CORRUPTED' | 'CONTACT_NOT_FOUND';
+    readonly message: string;
+}
+/** Permission scopes for API keys. */
+export type ApiKeyPermission = 'share:create' | 'share:retrieve' | 'share:list' | 'key:manage';
+/** An API key for third-party integration. */
+export interface ApiKey {
+    readonly id: string;
+    readonly keyHash: string;
+    readonly orgId: string;
+    readonly name: string;
+    readonly permissions: readonly ApiKeyPermission[];
+    readonly rateLimit: ApiRateLimit;
+    readonly createdAt: number;
+    readonly expiresAt: number;
+    readonly isActive: boolean;
+}
+/** Rate limit configuration for an API key. */
+export interface ApiRateLimit {
+    readonly requestsPerMinute: number;
+    readonly requestsPerHour: number;
+    readonly requestsPerDay: number;
+}
+/** Request to split content into shares via the API. */
+export interface SplitRequest {
+    readonly content: Uint8Array;
+    readonly contentType: ContentType;
+    readonly threshold: number;
+    readonly totalShares: number;
+}
+/** Response from a split operation. */
+export interface SplitResponse {
+    readonly uuid: string;
+    readonly shareIds: readonly string[];
+    readonly threshold: number;
+    readonly totalShares: number;
+    readonly createdAt: number;
+}
+/** Request to retrieve and reconstruct from shares via the API. */
+export interface RetrieveRequest {
+    readonly uuid: string;
+    readonly shareIndices: readonly number[];
+}
+/** Response from a retrieve/reconstruct operation. */
+export interface RetrieveResponse {
+    readonly uuid: string;
+    readonly content: Uint8Array;
+    readonly contentType: ContentType;
+    readonly reconstructedAt: number;
+}
+/** Error during API operations. */
+export interface ApiError {
+    readonly code: 'INVALID_API_KEY' | 'RATE_LIMITED' | 'INSUFFICIENT_PERMISSIONS' | 'INVALID_REQUEST' | 'SPLIT_FAILED' | 'RETRIEVE_FAILED' | 'KEY_EXPIRED' | 'INTERNAL_ERROR';
+    readonly message: string;
+}
+/** SSO provider type. */
+export type SsoProvider = 'saml' | 'oidc';
+/** SSO configuration for an organization. */
+export interface SsoConfig {
+    readonly provider: SsoProvider;
+    readonly entityId: string;
+    readonly ssoUrl: string;
+    readonly certificate: string;
+    readonly issuer: string;
+    readonly callbackUrl: string;
+    readonly isEnabled: boolean;
+}
+/** Validated SSO assertion/claims. */
+export interface SsoAssertion {
+    readonly email: string;
+    readonly name: string;
+    readonly groups: readonly string[];
+    readonly provider: SsoProvider;
+    readonly issuedAt: number;
+    readonly expiresAt: number;
+    readonly sessionId: string;
+}
+/** Role of an organization user. */
+export type UserRole = 'admin' | 'compliance_officer' | 'user';
+/** Status of an organization user account. */
+export type UserStatus = 'active' | 'suspended' | 'invited';
+/** An organization user record. */
+export interface OrgUser {
+    readonly id: string;
+    readonly email: string;
+    readonly name: string;
+    readonly role: UserRole;
+    readonly status: UserStatus;
+    readonly orgId: string;
+    readonly createdAt: number;
+    readonly lastLoginAt: number | null;
+    readonly ssoLinked: boolean;
+}
+/** Organization-level policy bundle. */
+export interface OrgPolicy {
+    readonly id: string;
+    readonly orgId: string;
+    readonly retention: RetentionPolicy;
+    readonly dlpEnabled: boolean;
+    readonly ssoRequired: boolean;
+    readonly maxDelegationDays: number;
+    readonly allowedDelegatePermissions: readonly DelegatePermission[];
+    readonly createdAt: number;
+    readonly updatedAt: number;
+}
+/** Error during admin operations. */
+export interface AdminError {
+    readonly code: 'USER_NOT_FOUND' | 'USER_ALREADY_EXISTS' | 'INVALID_ROLE' | 'SSO_CONFIG_INVALID' | 'SSO_ASSERTION_EXPIRED' | 'SSO_ASSERTION_INVALID' | 'POLICY_NOT_FOUND' | 'POLICY_INVALID' | 'ORG_NOT_FOUND';
+    readonly message: string;
+}
+/** Visual branding configuration for a white-label deployment. */
+export interface BrandConfig {
+    readonly appName: string;
+    readonly logoUrl: string;
+    readonly faviconUrl: string;
+    readonly primaryColor: string;
+    readonly secondaryColor: string;
+    readonly fontFamily: string;
+    readonly customCss: string;
+}
+/** Custom domain configuration for a white-label deployment. */
+export interface DomainConfig {
+    readonly customDomain: string;
+    readonly verified: boolean;
+    readonly txtRecord: string;
+    readonly cnameTarget: string;
+    readonly sslStatus: 'pending' | 'active' | 'failed';
+    readonly verifiedAt: number | null;
+}
+/** Email template configuration for branded emails. */
+export interface EmailTemplateConfig {
+    readonly fromName: string;
+    readonly fromEmail: string;
+    readonly replyTo: string;
+    readonly headerHtml: string;
+    readonly footerHtml: string;
+    readonly invitationSubject: string;
+    readonly invitationBody: string;
+}
+/** Combined white-label configuration. */
+export interface WhiteLabelConfig {
+    readonly orgId: string;
+    readonly brand: BrandConfig;
+    readonly domain: DomainConfig;
+    readonly emailTemplate: EmailTemplateConfig;
+    readonly termsUrl: string;
+    readonly privacyUrl: string;
+    readonly isActive: boolean;
+}
+/** Error during white-label operations. */
+export interface WhiteLabelError {
+    readonly code: 'INVALID_BRAND_CONFIG' | 'INVALID_DOMAIN' | 'DOMAIN_NOT_VERIFIED' | 'DNS_CHECK_FAILED' | 'TEMPLATE_INVALID' | 'CONFIG_NOT_FOUND';
+    readonly message: string;
+}
+/** User identity from SSO login. */
+export interface SsoUserIdentity {
+    readonly email: string;
+    readonly name: string;
+    readonly picture: string;
+    readonly isAdmin: boolean;
+}
+/** Response from SSO callback after successful login. */
+export interface SsoCallbackResponse {
+    readonly user: SsoUserIdentity;
+    readonly expiresAt: number;
+}
+/** Response from SSO session check. */
+export interface SsoSessionResponse {
+    readonly authenticated: boolean;
+    readonly user: SsoUserIdentity | null;
+    readonly expiresAt: number | null;
+}
+/** Error during SSO operations. */
+export interface SsoError {
+    readonly code: 'SSO_TOKEN_INVALID' | 'SSO_TOKEN_EXPIRED' | 'SSO_SESSION_INVALID' | 'SSO_SESSION_EXPIRED' | 'SSO_NOT_CONFIGURED' | 'SSO_EXCHANGE_FAILED' | 'SSO_COOKIE_INVALID';
+    readonly message: string;
+}
+/** SSO server configuration. */
+export interface SsoServerConfig {
+    readonly googleClientId: string;
+    readonly googleClientSecret: string;
+    readonly sessionSecret: string;
+    readonly adminEmailHash: string | null;
+    readonly sessionTtlMs: number;
+    readonly entitlementJwtSecret?: string;
+}
+/** Request body for POST /oauth/:provider/token. */
+export interface TokenExchangeRequest {
+    readonly code: string;
+    readonly code_verifier: string;
+    readonly redirect_uri: string;
+    readonly scope?: string;
+}
+/** Request body for POST /oauth/:provider/refresh. */
+export interface TokenRefreshRequest {
+    readonly refresh_token: string;
+}
+/** Successful response from token exchange. */
+export interface TokenExchangeResponse {
+    readonly access_token: string;
+    readonly refresh_token: string;
+    readonly expires_in: number;
+    readonly email: string;
+    readonly display_name?: string;
+    /** Space-separated list of scopes actually granted by the provider. */
+    readonly scope?: string;
+}
+/** Successful response from token refresh. */
+export interface TokenRefreshResponse {
+    readonly access_token: string;
+    readonly refresh_token?: string;
+    readonly expires_in: number;
+}
+/** Invitation information for landing page. */
+export interface InvitationInfo {
+    readonly token: string;
+    readonly senderName: string;
+    readonly senderEmail: string;
+    readonly createdAt: number;
+    readonly expiresAt: number;
+}
+/** Request body for POST /invite — create an invitation for a non-Xail recipient. */
+export interface CreateInvitationRequest {
+    readonly senderName: string;
+    readonly senderEmail: string;
+    readonly recipientEmail: string;
+}
+/** Response from POST /invite. */
+export interface CreateInvitationResponse {
+    readonly token: string;
+    readonly inviteUrl: string;
+    readonly expiresAt: number;
+}
+/** OAuth provider credentials (server-side only). */
+export interface OAuthProviderCredentials {
+    readonly clientId: string;
+    readonly clientSecret: string;
+    readonly tokenUrl: string;
+}
+/** Stripe billing configuration (optional — billing disabled without it). */
+export interface StripeConfig {
+    /** Stripe secret key (sk_live_... or sk_test_...). */
+    readonly secretKey: string;
+    /** Stripe webhook signing secret (whsec_...). */
+    readonly webhookSecret: string;
+    /** Stripe publishable key (pk_live_... or pk_test_...). */
+    readonly publishableKey: string;
+}
+/** Server configuration. */
+export interface ServerConfig {
+    readonly port: number;
+    readonly allowedOrigins: readonly string[];
+    readonly providers: Readonly<Record<Provider, OAuthProviderCredentials>>;
+    readonly invitationBaseUrl: string;
+    readonly analyticsDir: string;
+    readonly sso: SsoServerConfig | null;
+    readonly aiTextApiKey: string | null;
+    readonly openaiApiKey: string | null;
+    readonly elevenlabsApiKey: string | null;
+    /** 64-char hex seed for VPS xBind agent identity (optional). */
+    readonly xbindVpsSeed: string | null;
+    /** DIDs granted admin access via xBind envelope auth (optional). */
+    readonly adminDids: readonly string[];
+    /** Stripe billing configuration (null if not configured). */
+    readonly stripe: StripeConfig | null;
+}
+/** Error during server operations. */
+export interface ServerError {
+    readonly code: 'INVALID_PROVIDER' | 'INVALID_REQUEST' | 'TOKEN_EXCHANGE_FAILED' | 'TOKEN_REFRESH_FAILED' | 'INVITATION_NOT_FOUND' | 'INVITATION_EXPIRED' | 'INVITATION_CREATE_FAILED' | 'TOKEN_REVOCATION_FAILED' | 'RATE_LIMITED' | 'ANALYTICS_WRITE_FAILED' | 'SSO_NOT_CONFIGURED' | 'INTERNAL_ERROR';
+    readonly message: string;
+}
+/** Event types for anonymous usage analytics. */
+export type AnalyticsEventType = 'account_created' | 'account_deleted' | 'channel_added' | 'channel_removed' | 'spam_blocked';
+/** A recorded analytics event (no PII). */
+export interface AnalyticsEvent {
+    readonly id: string;
+    readonly type: AnalyticsEventType;
+    readonly timestamp: number;
+    readonly provider: Provider | null;
+    readonly country: string;
+    readonly securityLevel: number;
+}
+/** Request body for POST /analytics/event. */
+export interface AnalyticsEventRequest {
+    readonly type: AnalyticsEventType;
+    readonly provider?: string;
+    readonly securityLevel: number;
+}
+/** Filter criteria for querying analytics events. */
+export interface AnalyticsEventFilter {
+    readonly type?: AnalyticsEventType;
+    readonly provider?: string;
+    readonly country?: string;
+    readonly securityLevel?: number;
+    readonly dateFrom?: number;
+    readonly dateTo?: number;
+    readonly limit?: number;
+    readonly offset?: number;
+}
+/** Paginated response from GET /analytics/events. */
+export interface AnalyticsQueryResponse {
+    readonly events: readonly AnalyticsEvent[];
+    readonly total: number;
+}
+/** Request body for POST /oauth/:provider/revoke. */
+export interface TokenRevocationRequest {
+    readonly token: string;
+}
+/** Thin account record stored on the server (hashed email, no PII). */
+export interface AccountRecord {
+    readonly emailHash: string;
+    readonly channelCount: number;
+    readonly createdAt: number;
+    readonly lastLoginAt: number;
+    readonly preferencesHash: string;
+    readonly updatedAt: number;
+    /**
+     * Self-certification that the user's use of private.me is for internal
+     * operations only (not providing customer-facing functionality).
+     * Required for Commercial Use Boundary enforcement (ToS § 7).
+     */
+    readonly commercialUseCertified: boolean;
+}
+/** Request body for POST /accounts. */
+export interface CreateAccountRequest {
+    readonly emailHash: string;
+    readonly channelCount: number;
+    readonly preferencesHash: string;
+    /**
+     * Self-certification that the user's use of private.me is for internal
+     * operations only (not providing customer-facing functionality).
+     * Required for Commercial Use Boundary enforcement (ToS § 7).
+     */
+    readonly commercialUseCertified: boolean;
+}
+/** Request body for PATCH /accounts/:hash. */
+export interface UpdateAccountRequest {
+    readonly channelCount?: number;
+    readonly lastLoginAt?: number;
+    readonly preferencesHash?: string;
+}
+/** Error during account record operations. */
+export interface AccountError {
+    readonly code: 'ACCOUNT_NOT_FOUND' | 'ACCOUNT_ALREADY_EXISTS' | 'INVALID_HASH' | 'ACCOUNT_WRITE_FAILED' | 'INVALID_REQUEST';
+    readonly message: string;
+}
+/** Encrypted sync profile for multi-device state restoration. */
+export interface SyncProfile {
+    readonly emailHash: string;
+    readonly encryptedBlob: string;
+    readonly version: number;
+    readonly updatedAt: number;
+    readonly blobSizeBytes: number;
+}
+/** Request body for PUT /sync/profile. */
+export interface SyncProfileUploadRequest {
+    readonly encryptedBlob: string;
+    readonly version: number;
+}
+/** Response from GET /sync/profile. */
+export interface SyncProfileResponse {
+    readonly encryptedBlob: string;
+    readonly version: number;
+    readonly updatedAt: number;
+    readonly blobSizeBytes: number;
+}
+/** Request body for PUT /sync/contacts. */
+export interface SyncContactsUploadRequest {
+    readonly encryptedBlob: string;
+    readonly version: number;
+}
+/** Response from GET /sync/contacts. */
+export interface SyncContactsResponse {
+    readonly encryptedBlob: string;
+    readonly version: number;
+    readonly updatedAt: number;
+    readonly blobSizeBytes: number;
+}
+/** Error during sync operations. */
+export interface SyncError {
+    readonly code: 'PROFILE_NOT_FOUND' | 'VERSION_CONFLICT' | 'BLOB_TOO_LARGE' | 'SYNC_WRITE_FAILED' | 'INVALID_REQUEST';
+    readonly message: string;
+}
+/** Response from GET /recovery/check/:emailHash. */
+export interface RecoveryCheckResponse {
+    readonly exists: boolean;
+    readonly lastUpdated: number | null;
+    readonly version: number | null;
+}
+/** Configuration for the Corporate Xail Server (Express). */
+export interface CorporateServerConfig {
+    readonly port: number;
+    readonly allowedOrigins: readonly string[];
+    readonly orgId: string;
+    readonly sessionSecret: string;
+    readonly adminEmails: readonly string[];
+    readonly dataDir: string;
+}
+/** Hosting mode for the corporate server. */
+export type HostingMode = 'single-tenant' | 'multi-tenant';
+/** Status of a tenant organization in managed hosting. */
+export type TenantStatus = 'provisioning' | 'active' | 'suspended' | 'deactivated';
+/** A tenant organization registered in the managed hosting registry. */
+export interface TenantOrg {
+    readonly orgId: string;
+    readonly name: string;
+    readonly domain: string;
+    readonly status: TenantStatus;
+    readonly createdAt: number;
+    readonly updatedAt: number;
+    readonly maxUsers: number;
+    readonly contactEmail: string;
+}
+/** Request to provision a new tenant organization. */
+export interface ProvisionTenantRequest {
+    readonly orgId: string;
+    readonly name: string;
+    readonly domain: string;
+    readonly contactEmail: string;
+    readonly maxUsers?: number;
+    readonly adminEmail: string;
+    readonly adminName: string;
+}
+/** Health metrics for a tenant organization. */
+export interface TenantHealthMetrics {
+    readonly orgId: string;
+    readonly status: TenantStatus;
+    readonly userCount: number;
+    readonly complianceCopyCount: number;
+    readonly auditEntryCount: number;
+    readonly lastActivityAt: number | null;
+}
+/** Error codes for tenant operations. */
+export interface TenantError {
+    readonly code: 'TENANT_NOT_FOUND' | 'TENANT_ALREADY_EXISTS' | 'TENANT_SUSPENDED' | 'TENANT_DEACTIVATED' | 'TENANT_LIMIT_REACHED' | 'UNAUTHORIZED_TENANT';
+    readonly message: string;
+}
+/** Configuration for managed (multi-tenant) corporate server. */
+export interface ManagedServerConfig extends CorporateServerConfig {
+    readonly hostingMode: HostingMode;
+    readonly superAdminEmails: readonly string[];
+    readonly maxTenants?: number;
+}
+/** Status of a deferred share delivery. */
+export type DeferredDeliveryStatus = 'pending' | 'delivered' | 'cancelled';
+/** A share held for deferred delivery to a non-Xail recipient. */
+export interface DeferredShare {
+    readonly uuid: string;
+    readonly recipientEmail: string;
+    readonly senderEmail: string;
+    readonly shareIndex: number;
+    readonly totalShares: number;
+    readonly threshold: number;
+    readonly encryptedShareData: Uint8Array;
+    readonly createdAt: number;
+    readonly expiresAt?: number;
+    readonly status: DeferredDeliveryStatus;
+    readonly deliveredAt?: number;
+}
+/** Content for the wrapper invitation email sent to non-Xail recipients. */
+export interface WrapperEmailContent {
+    readonly to: string;
+    readonly subject: string;
+    readonly body: string;
+    readonly contentType: 'text/plain' | 'text/html';
+    readonly senderName: string;
+    readonly messageUuid: string;
+}
+/** Error during deferred delivery operations. */
+export interface DeferredDeliveryError {
+    readonly code: 'RECIPIENT_NOT_REGISTERED' | 'SHARES_EXPIRED' | 'DELIVERY_FAILED' | 'STORAGE_ERROR' | 'ALREADY_DELIVERED' | 'INVALID_STATE';
+    readonly message: string;
+}
+/** Supported native app platforms. */
+export type DevicePlatform = 'windows' | 'macos' | 'ios' | 'android';
+/** A registered device for a user account. */
+export interface DeviceRecord {
+    readonly id: string;
+    readonly emailHash: string;
+    readonly name: string;
+    readonly platform: DevicePlatform;
+    readonly appVersion: string;
+    readonly registeredAt: number;
+    readonly lastSeenAt: number;
+}
+/** Request body for POST /devices/register. */
+export interface RegisterDeviceRequest {
+    readonly name: string;
+    readonly platform: DevicePlatform;
+    readonly appVersion: string;
+}
+/** Error during device operations. */
+export interface DeviceError {
+    readonly code: 'DEVICE_NOT_FOUND' | 'DEVICE_LIMIT_REACHED' | 'DEVICE_WRITE_FAILED' | 'INVALID_REQUEST';
+    readonly message: string;
+}
+/** Subscription tier levels (server-side config, not hardcoded). */
+export type SubscriptionTier = 'free' | 'base' | 'pro' | 'personal' | 'professional' | 'enterprise';
+/** Stripe subscription lifecycle status. */
+export type SubscriptionStatus = 'active' | 'past_due' | 'canceled' | 'unpaid' | 'trialing';
+/** A persisted subscription record tied to a user's emailHash. */
+export interface SubscriptionRecord {
+    readonly emailHash: string;
+    readonly stripeCustomerId: string;
+    readonly stripeSubscriptionId: string;
+    readonly tier: SubscriptionTier;
+    readonly status: SubscriptionStatus;
+    readonly currentPeriodEnd: number;
+    readonly createdAt: number;
+    readonly updatedAt: number;
+}
+/** Error during subscription operations. */
+export interface SubscriptionError {
+    readonly code: 'SUBSCRIPTION_NOT_FOUND' | 'SUBSCRIPTION_WRITE_FAILED' | 'SUBSCRIPTION_ALREADY_EXISTS' | 'INVALID_HASH' | 'STRIPE_NOT_CONFIGURED' | 'STRIPE_ERROR' | 'STRIPE_WEBHOOK_INVALID';
+    readonly message: string;
+}
+/** Entitlement payload returned as a signed JWT. */
+export interface EntitlementPayload {
+    readonly tier: SubscriptionTier;
+    readonly vipTier: 'vip1' | 'vip2' | 'vip3' | 'custom' | null;
+    readonly operationLimit: number;
+    readonly operationsUsed: number;
+    readonly operationsResetAt: number;
+    readonly expiresAt: number;
+    readonly deviceCount: number;
+    readonly deviceLimit: number;
+    readonly features: EntitlementFeatures;
+}
+/** Feature flags within an entitlement JWT. */
+export interface EntitlementFeatures {
+    readonly secureMessaging: boolean;
+    readonly aiSearch: boolean;
+    readonly prioritySupport: boolean;
+}
+/** Tauri v2 updater platform target (arch-specific). */
+export type TauriPlatformTarget = 'windows-x86_64' | 'darwin-x86_64' | 'darwin-aarch64' | 'linux-x86_64';
+/** Tauri v2 platform-specific download entry. */
+export interface TauriPlatformEntry {
+    readonly url: string;
+    readonly signature: string;
+}
+/**
+ * Tauri v2 updater manifest.
+ *
+ * Matches the format expected by `tauri-plugin-updater`:
+ * https://v2.tauri.app/plugin/updater/
+ */
+export interface TauriUpdateManifest {
+    readonly version: string;
+    readonly notes: string;
+    readonly pub_date: string;
+    readonly platforms: Partial<Record<TauriPlatformTarget, TauriPlatformEntry>>;
+}
+/** Lifecycle status of an authentication challenge. */
+export type AuthChallengeStatus = 'pending' | 'approved' | 'denied' | 'expired' | 'consumed';
+/** A stored authentication challenge record. */
+export interface AuthChallenge {
+    readonly id: string;
+    readonly senderDid: string;
+    readonly recipientDid: string;
+    readonly action: string;
+    readonly metadata: Readonly<Record<string, string>>;
+    readonly createdAt: number;
+    readonly expiresAt: number;
+    readonly status: AuthChallengeStatus;
+    readonly responseEnvelope?: Readonly<Record<string, unknown>>;
+    readonly respondedAt?: number;
+}
+/** An incoming auth challenge pushed to the user's device. */
+export interface IncomingAuthChallenge {
+    readonly challengeId: string;
+    readonly fromDid: string;
+    readonly fromName?: string;
+    readonly action: string;
+    readonly appName?: string;
+    readonly appIcon?: string;
+    readonly ip?: string;
+    readonly location?: string;
+    readonly expiresAt: number;
+}
+/** Metadata attached to an auth request for context display. */
+export interface AuthRequestMetadata {
+    readonly ip?: string;
+    readonly location?: string;
+    readonly userAgent?: string;
+    readonly appName?: string;
+    readonly appIcon?: string;
+}
+/** Request to create an auth challenge via the gateway. */
+export interface AuthRequest {
+    readonly to: string;
+    readonly action: string;
+    readonly metadata?: AuthRequestMetadata;
+    readonly ttlMs?: number;
+    readonly pollIntervalMs?: number;
+}
+/** Result of a completed auth challenge. */
+export interface AuthResult {
+    readonly challengeId: string;
+    readonly approved: boolean;
+    readonly signature?: string;
+    readonly envelope?: Readonly<Record<string, unknown>>;
+    readonly respondedAt?: number;
+}
+/** Error codes for auth challenge operations. */
+export type AuthChallengeErrorCode = 'INVALID_REQUEST' | 'INVALID_SIGNATURE' | 'SCOPE_DENIED' | 'RECIPIENT_NOT_FOUND' | 'RATE_LIMITED' | 'CHALLENGE_NOT_FOUND' | 'CHALLENGE_EXPIRED' | 'CHALLENGE_DENIED' | 'CHALLENGE_TIMEOUT' | 'ALREADY_RESPONDED' | 'WRONG_RECIPIENT' | 'STORE_ERROR';
+/** Error during auth challenge operations. */
+export interface AuthChallengeError {
+    readonly code: AuthChallengeErrorCode;
+    readonly message: string;
+}
+/** JSONL operation types for challenge store replay. */
+export type ChallengeStoreOp = 'create' | 'respond' | 'consume' | 'expire';
+/** A JSONL log entry for the challenge store. */
+export interface ChallengeStoreEntry {
+    readonly op: ChallengeStoreOp;
+    readonly record: AuthChallenge;
+}
+/** Response from POST /gateway/auth/challenge. */
+export interface CreateChallengeResponse {
+    readonly challengeId: string;
+    readonly expiresAt: number;
+    readonly pushed: boolean;
+}
+/** Response from POST /gateway/auth/respond. */
+export interface RespondChallengeResponse {
+    readonly recorded: true;
+}
+/** Response from GET /gateway/auth/status/:challengeId. */
+export interface ChallengeStatusResponse {
+    readonly challengeId: string;
+    readonly status: AuthChallengeStatus;
+    readonly expiresAt: number;
+    readonly respondedAt?: number;
+    readonly envelope?: Readonly<Record<string, unknown>>;
+}
+//# sourceMappingURL=types.d.ts.map