@sentroy-co/client-sdk 2.13.7 → 2.13.9

package/dist/auth/http.js

@@ -0,0 +1,74 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthHttp = void 0;
+const types_1 = require("./types");
+/**
+ * Auth-as-a-Service shared HTTP layer. Project's signup/login/refresh
+ * endpoints'iyle aynı format (JSON request + JSON response, 401/403/4xx
+ * tek-tip `{error, error_description}` shape).
+ *
+ * `apiKey` opsiyonel — browser SDK end-user akışında apiKey-less
+ * (server-only güvenlik), admin SDK her zaman set'li.
+ */
+const DEFAULT_AUTH_BASE_URL = "https://auth.sentroy.com";
+class AuthHttp {
+    baseUrl;
+    projectSlug;
+    apiKey;
+    constructor(opts) {
+        this.baseUrl = (opts.authBaseUrl || DEFAULT_AUTH_BASE_URL).replace(/\/+$/, "");
+        this.projectSlug = opts.projectSlug;
+        this.apiKey = opts.apiKey;
+    }
+    url(path) {
+        const p = path.startsWith("/") ? path : `/${path}`;
+        return `${this.baseUrl}/api/v1/auth/${this.projectSlug}${p}`;
+    }
+    async request(path, init = {}) {
+        const headers = new Headers(init.headers);
+        headers.set("Accept", "application/json");
+        if (init.json !== undefined) {
+            headers.set("Content-Type", "application/json");
+        }
+        // Auth precedence: explicit `bearer` (user access token) > project `apiKey`.
+        // Caller chooses the one that fits the endpoint.
+        if (init.bearer) {
+            headers.set("Authorization", `Bearer ${init.bearer}`);
+        }
+        else if (this.apiKey) {
+            headers.set("Authorization", `Bearer ${this.apiKey}`);
+        }
+        const res = await fetch(this.url(path), {
+            ...init,
+            headers,
+            body: init.json !== undefined ? JSON.stringify(init.json) : init.body,
+        });
+        let payload = null;
+        const ct = res.headers.get("content-type") ?? "";
+        if (ct.includes("application/json")) {
+            try {
+                payload = await res.json();
+            }
+            catch {
+                payload = null;
+            }
+        }
+        if (!res.ok) {
+            const err = payload && typeof payload === "object"
+                ? payload
+                : {};
+            throw new types_1.SentroyAuthError(err.error ?? "http_error", err.error_description ?? `HTTP ${res.status}`, res.status);
+        }
+        // Sentroy admin endpoints wrap in `{data}`; public endpoints sometimes
+        // too. SDK auto-unwraps when present so callers don't keep .data on
+        // every call.
+        if (payload &&
+            typeof payload === "object" &&
+            "data" in payload) {
+            return payload.data;
+        }
+        return payload;
+    }
+}
+exports.AuthHttp = AuthHttp;
+//# sourceMappingURL=http.js.map

package/dist/auth/http.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.js","sourceRoot":"","sources":["../../src/auth/http.ts"],"names":[],"mappings":";;;AAAA,mCAA0C;AAE1C;;;;;;;GAOG;AAEH,MAAM,qBAAqB,GAAG,0BAA0B,CAAA;AAUxD,MAAa,QAAQ;IACV,OAAO,CAAQ;IACf,WAAW,CAAQ;IACnB,MAAM,CAAS;IAExB,YAAY,IAAqB;QAC/B,IAAI,CAAC,OAAO,GAAG,CAAC,IAAI,CAAC,WAAW,IAAI,qBAAqB,CAAC,CAAC,OAAO,CAChE,MAAM,EACN,EAAE,CACH,CAAA;QACD,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,WAAW,CAAA;QACnC,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAA;IAC3B,CAAC;IAED,GAAG,CAAC,IAAY;QACd,MAAM,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAA;QAClD,OAAO,GAAG,IAAI,CAAC,OAAO,gBAAgB,IAAI,CAAC,WAAW,GAAG,CAAC,EAAE,CAAA;IAC9D,CAAC;IAED,KAAK,CAAC,OAAO,CACX,IAAY,EACZ,OAGI,EAAE;QAEN,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QACzC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,kBAAkB,CAAC,CAAA;QACzC,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAA;QACjD,CAAC;QACD,6EAA6E;QAC7E,iDAAiD;QACjD,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE,CAAC,CAAA;QACvD,CAAC;aAAM,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACvB,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE,CAAC,CAAA;QACvD,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE;YACtC,GAAG,IAAI;YACP,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI;SACtE,CAAC,CAAA;QAEF,IAAI,OAAO,GAAY,IAAI,CAAA;QAC3B,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAA;QAChD,IAAI,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACpC,IAAI,CAAC;gBACH,OAAO,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAA;YAC5B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,GAAG,IAAI,CAAA;YAChB,CAAC;QACH,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,GAAG,GACP,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ;gBACpC,CAAC,CAAE,OAA0D;gBAC7D,CAAC,CAAC,EAAE,CAAA;YACR,MAAM,IAAI,wBAAgB,CACxB,GAAG,CAAC,KAAK,IAAI,YAAY,EACzB,GAAG,CAAC,iBAAiB,IAAI,QAAQ,GAAG,CAAC,MAAM,EAAE,EAC7C,GAAG,CAAC,MAAM,CACX,CAAA;QACH,CAAC;QAED,uEAAuE;QACvE,oEAAoE;QACpE,cAAc;QACd,IACE,OAAO;YACP,OAAO,OAAO,KAAK,QAAQ;YAC3B,MAAM,IAAK,OAAmC,EAC9C,CAAC;YACD,OAAQ,OAAuB,CAAC,IAAI,CAAA;QACtC,CAAC;QACD,OAAO,OAAY,CAAA;IACrB,CAAC;CACF;AA/ED,4BA+EC"}

package/dist/auth/index.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Sentroy Auth-as-a-Service — browser/server SDK entry.
+ *
+ *   import { SentroyAuth } from "@sentroy-co/client-sdk/auth"
+ *   const auth = new SentroyAuth({ projectSlug: "my-app" })
+ *
+ * For server admin operations (verifyIdToken, etc):
+ *   import { SentroyAuthAdmin } from "@sentroy-co/client-sdk/auth/admin"
+ *
+ * For React integration:
+ *   import { SentroyAuthProvider, useAuth } from "@sentroy-co/client-sdk/auth/react"
+ */
+export { SentroyAuth } from "./client";
+export type { SentroyAuthOptions, AuthStateChangeListener, AuthStorageAdapter, } from "./client";
+export { SentroyAuthError, type SentroyAuthUser, type SignupResponse, type LoginResponse, type AuthTokensResponse, type LoginOutcome, type MfaChallengeResponse, type SessionSummary, type ActivityEntry, type MfaStatus, type MfaEnrollResponse, type MfaVerifyEnrollmentResponse, type PasskeySummary, type SocialProvider, } from "./types";
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAA;AACtC,YAAY,EACV,kBAAkB,EAClB,uBAAuB,EACvB,kBAAkB,GACnB,MAAM,UAAU,CAAA;AACjB,OAAO,EACL,gBAAgB,EAChB,KAAK,eAAe,EACpB,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,kBAAkB,EACvB,KAAK,YAAY,EACjB,KAAK,oBAAoB,EACzB,KAAK,cAAc,EACnB,KAAK,aAAa,EAClB,KAAK,SAAS,EACd,KAAK,iBAAiB,EACtB,KAAK,2BAA2B,EAChC,KAAK,cAAc,EACnB,KAAK,cAAc,GACpB,MAAM,SAAS,CAAA"}

package/dist/auth/index.js

@@ -0,0 +1,20 @@
+"use strict";
+/**
+ * Sentroy Auth-as-a-Service — browser/server SDK entry.
+ *
+ *   import { SentroyAuth } from "@sentroy-co/client-sdk/auth"
+ *   const auth = new SentroyAuth({ projectSlug: "my-app" })
+ *
+ * For server admin operations (verifyIdToken, etc):
+ *   import { SentroyAuthAdmin } from "@sentroy-co/client-sdk/auth/admin"
+ *
+ * For React integration:
+ *   import { SentroyAuthProvider, useAuth } from "@sentroy-co/client-sdk/auth/react"
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SentroyAuthError = exports.SentroyAuth = void 0;
+var client_1 = require("./client");
+Object.defineProperty(exports, "SentroyAuth", { enumerable: true, get: function () { return client_1.SentroyAuth; } });
+var types_1 = require("./types");
+Object.defineProperty(exports, "SentroyAuthError", { enumerable: true, get: function () { return types_1.SentroyAuthError; } });
+//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;AAEH,mCAAsC;AAA7B,qGAAA,WAAW,OAAA;AAMpB,iCAegB;AAdd,yGAAA,gBAAgB,OAAA"}

package/dist/auth/react/index.d.ts

@@ -0,0 +1,100 @@
+import { type ReactNode } from "react";
+import { SentroyAuth, type SentroyAuthOptions } from "../client";
+import type { SentroyAuthUser, SessionSummary, ActivityEntry, MfaStatus, PasskeySummary } from "../types";
+/**
+ * Sentroy Auth React integration.
+ *
+ *   <SentroyAuthProvider projectSlug="my-app">
+ *     <App />
+ *   </SentroyAuthProvider>
+ *
+ *   const { user, loading, signIn, signOut } = useAuth()
+ *
+ * Provider içeride tek bir `SentroyAuth` instance tutar (mount/unmount
+ * arasında stable), `onAuthStateChanged` ile React state'i senkron tutar.
+ * `loading` ilk render → restore tamam mı henüz değil ayrımı için.
+ *
+ * Yeni method'lar (MFA, magic link, passkey, social, /me/*) tüm
+ * `auth` instance üzerinden erişilebilir — context'te kısayol olarak
+ * en sık kullanılanlar mevcut.
+ */
+interface AuthContextValue {
+    /** Underlying SDK instance — gelişmiş senaryolarda doğrudan kullan. */
+    auth: SentroyAuth;
+    user: SentroyAuthUser | null;
+    /** True iken provider ilk state'i restore etmiş değil — UI'da
+     *  "spinner" göster, "redirect to /login" tetikleme. */
+    loading: boolean;
+    signIn: SentroyAuth["signIn"];
+    signUp: SentroyAuth["signUp"];
+    signOut: SentroyAuth["signOut"];
+    sendPasswordReset: SentroyAuth["sendPasswordReset"];
+    verifyEmail: SentroyAuth["verifyEmail"];
+    verifyMfa: SentroyAuth["verifyMfa"];
+    sendMagicLink: SentroyAuth["sendMagicLink"];
+    consumeMagicLink: SentroyAuth["consumeMagicLink"];
+    acceptInvitation: SentroyAuth["acceptInvitation"];
+    socialAuthorizeUrl: SentroyAuth["socialAuthorizeUrl"];
+    consumeRedirectFragment: SentroyAuth["consumeRedirectFragment"];
+}
+export declare function SentroyAuthProvider({ children, autoConsumeFragment, ...opts }: SentroyAuthOptions & {
+    children: ReactNode;
+    /** Mount'ta `window.location.hash`'ten social-login fragment'ı
+     *  consume et — default true. RP'nin redirectUri'sinde session
+     *  otomatik kurulur. */
+    autoConsumeFragment?: boolean;
+}): import("react/jsx-runtime").JSX.Element;
+export declare function useAuth(): AuthContextValue;
+/**
+ * Convenience: yalnızca current user istenirse. `loading` durumunda null
+ * dönerken bekleyebilirsin.
+ */
+export declare function useUser(): SentroyAuthUser | null;
+/**
+ * Reactive sessions hook — `/me/sessions` çağırır, refresh trigger eden
+ * `refresh()` döner. Manual revoke sonrası caller `refresh()` çağırır.
+ */
+export declare function useSessions(): {
+    sessions: SessionSummary[] | null;
+    loading: boolean;
+    error: Error | null;
+    refresh: () => Promise<void>;
+    revoke: (id: string) => Promise<void>;
+};
+/**
+ * Reactive activity log hook — `/me/activity`. RP'nin "recent activity"
+ * tab'ı için.
+ */
+export declare function useActivity(): {
+    activity: ActivityEntry[] | null;
+    loading: boolean;
+    error: Error | null;
+    refresh: () => Promise<void>;
+};
+/**
+ * Reactive MFA status. enroll / verify / disable wrapper'ları, status
+ * otomatik yeniden çekilir.
+ */
+export declare function useMfa(): {
+    status: MfaStatus | null;
+    loading: boolean;
+    error: Error | null;
+    refresh: () => Promise<void>;
+    enrollTotp: SentroyAuth["mfa"]["enrollTotp"];
+    verifyTotpEnrollment: (code: string) => Promise<void>;
+    disableTotp: (currentPassword: string) => Promise<void>;
+};
+/**
+ * Reactive passkey list — list/delete/register, mutation sonrası
+ * otomatik refresh.
+ */
+export declare function usePasskeys(): {
+    passkeys: PasskeySummary[] | null;
+    loading: boolean;
+    error: Error | null;
+    refresh: () => Promise<void>;
+    register: (deviceName?: string) => Promise<void>;
+    remove: (id: string) => Promise<void>;
+};
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/react/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/react/index.tsx"],"names":[],"mappings":"AAEA,OAAO,EAOL,KAAK,SAAS,EACf,MAAM,OAAO,CAAA;AACd,OAAO,EAAE,WAAW,EAAE,KAAK,kBAAkB,EAAE,MAAM,WAAW,CAAA;AAChE,OAAO,KAAK,EACV,eAAe,EACf,cAAc,EACd,aAAa,EACb,SAAS,EACT,cAAc,EACf,MAAM,UAAU,CAAA;AAEjB;;;;;;;;;;;;;;;;GAgBG;AAEH,UAAU,gBAAgB;IACxB,uEAAuE;IACvE,IAAI,EAAE,WAAW,CAAA;IACjB,IAAI,EAAE,eAAe,GAAG,IAAI,CAAA;IAC5B;4DACwD;IACxD,OAAO,EAAE,OAAO,CAAA;IAEhB,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAA;IAC7B,MAAM,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAA;IAC7B,OAAO,EAAE,WAAW,CAAC,SAAS,CAAC,CAAA;IAC/B,iBAAiB,EAAE,WAAW,CAAC,mBAAmB,CAAC,CAAA;IACnD,WAAW,EAAE,WAAW,CAAC,aAAa,CAAC,CAAA;IACvC,SAAS,EAAE,WAAW,CAAC,WAAW,CAAC,CAAA;IACnC,aAAa,EAAE,WAAW,CAAC,eAAe,CAAC,CAAA;IAC3C,gBAAgB,EAAE,WAAW,CAAC,kBAAkB,CAAC,CAAA;IACjD,gBAAgB,EAAE,WAAW,CAAC,kBAAkB,CAAC,CAAA;IACjD,kBAAkB,EAAE,WAAW,CAAC,oBAAoB,CAAC,CAAA;IACrD,uBAAuB,EAAE,WAAW,CAAC,yBAAyB,CAAC,CAAA;CAChE;AAID,wBAAgB,mBAAmB,CAAC,EAClC,QAAQ,EACR,mBAA0B,EAC1B,GAAG,IAAI,EACR,EAAE,kBAAkB,GAAG;IACtB,QAAQ,EAAE,SAAS,CAAA;IACnB;;4BAEwB;IACxB,mBAAmB,CAAC,EAAE,OAAO,CAAA;CAC9B,2CAmDA;AAED,wBAAgB,OAAO,IAAI,gBAAgB,CAQ1C;AAED;;;GAGG;AACH,wBAAgB,OAAO,IAAI,eAAe,GAAG,IAAI,CAEhD;AAED;;;GAGG;AACH,wBAAgB,WAAW,IAAI;IAC7B,QAAQ,EAAE,cAAc,EAAE,GAAG,IAAI,CAAA;IACjC,OAAO,EAAE,OAAO,CAAA;IAChB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;IACnB,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;IAC5B,MAAM,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CACtC,CAoCA;AAED;;;GAGG;AACH,wBAAgB,WAAW,IAAI;IAC7B,QAAQ,EAAE,aAAa,EAAE,GAAG,IAAI,CAAA;IAChC,OAAO,EAAE,OAAO,CAAA;IAChB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;IACnB,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;CAC7B,CA4BA;AAED;;;GAGG;AACH,wBAAgB,MAAM,IAAI;IACxB,MAAM,EAAE,SAAS,GAAG,IAAI,CAAA;IACxB,OAAO,EAAE,OAAO,CAAA;IAChB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;IACnB,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;IAC5B,UAAU,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAA;IAC5C,oBAAoB,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IACrD,WAAW,EAAE,CAAC,eAAe,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CACxD,CAoDA;AAED;;;GAGG;AACH,wBAAgB,WAAW,IAAI;IAC7B,QAAQ,EAAE,cAAc,EAAE,GAAG,IAAI,CAAA;IACjC,OAAO,EAAE,OAAO,CAAA;IAChB,KAAK,EAAE,KAAK,GAAG,IAAI,CAAA;IACnB,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;IAC5B,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAChD,MAAM,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CACtC,CA4CA"}

package/dist/auth/react/index.js

@@ -0,0 +1,231 @@
+"use strict";
+"use client";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SentroyAuthProvider = SentroyAuthProvider;
+exports.useAuth = useAuth;
+exports.useUser = useUser;
+exports.useSessions = useSessions;
+exports.useActivity = useActivity;
+exports.useMfa = useMfa;
+exports.usePasskeys = usePasskeys;
+const jsx_runtime_1 = require("react/jsx-runtime");
+const react_1 = require("react");
+const client_1 = require("../client");
+const AuthContext = (0, react_1.createContext)(null);
+function SentroyAuthProvider({ children, autoConsumeFragment = true, ...opts }) {
+    // Single instance — opts deep-compare'a girersek dependency drift'i
+    // restart'a yol açar. Caller `projectSlug` değiştirmemeli runtime'da.
+    const auth = (0, react_1.useMemo)(() => new client_1.SentroyAuth(opts), 
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+    [opts.projectSlug, opts.authBaseUrl, opts.apiKey]);
+    const [user, setUser] = (0, react_1.useState)(auth.user);
+    const [loading, setLoading] = (0, react_1.useState)(true);
+    (0, react_1.useEffect)(() => {
+        const unsubscribe = auth.onAuthStateChanged((u) => {
+            setUser(u);
+            setLoading(false);
+        });
+        return unsubscribe;
+    }, [auth]);
+    // Social login redirect handler — fragment varsa otomatik consume
+    (0, react_1.useEffect)(() => {
+        if (!autoConsumeFragment)
+            return;
+        if (typeof window === "undefined")
+            return;
+        if (!window.location.hash.includes("access_token="))
+            return;
+        auth.consumeRedirectFragment().catch(() => {
+            // Fragment varsa ama consume fail ise sessizce yut — caller
+            // gerekirse manuel tekrar dener.
+        });
+    }, [auth, autoConsumeFragment]);
+    const value = (0, react_1.useMemo)(() => ({
+        auth,
+        user,
+        loading,
+        signIn: (i) => auth.signIn(i),
+        signUp: (i) => auth.signUp(i),
+        signOut: () => auth.signOut(),
+        sendPasswordReset: (e) => auth.sendPasswordReset(e),
+        verifyEmail: (t) => auth.verifyEmail(t),
+        verifyMfa: (i) => auth.verifyMfa(i),
+        sendMagicLink: (i) => auth.sendMagicLink(i),
+        consumeMagicLink: (t) => auth.consumeMagicLink(t),
+        acceptInvitation: (i) => auth.acceptInvitation(i),
+        socialAuthorizeUrl: (p, o) => auth.socialAuthorizeUrl(p, o),
+        consumeRedirectFragment: () => auth.consumeRedirectFragment(),
+    }), [auth, user, loading]);
+    return (0, jsx_runtime_1.jsx)(AuthContext.Provider, { value: value, children: children });
+}
+function useAuth() {
+    const ctx = (0, react_1.useContext)(AuthContext);
+    if (!ctx) {
+        throw new Error("useAuth must be used inside <SentroyAuthProvider> — wrap your app root.");
+    }
+    return ctx;
+}
+/**
+ * Convenience: yalnızca current user istenirse. `loading` durumunda null
+ * dönerken bekleyebilirsin.
+ */
+function useUser() {
+    return useAuth().user;
+}
+/**
+ * Reactive sessions hook — `/me/sessions` çağırır, refresh trigger eden
+ * `refresh()` döner. Manual revoke sonrası caller `refresh()` çağırır.
+ */
+function useSessions() {
+    const { auth, user } = useAuth();
+    const [sessions, setSessions] = (0, react_1.useState)(null);
+    const [loading, setLoading] = (0, react_1.useState)(false);
+    const [error, setError] = (0, react_1.useState)(null);
+    const refresh = (0, react_1.useCallback)(async () => {
+        if (!user) {
+            setSessions(null);
+            return;
+        }
+        setLoading(true);
+        setError(null);
+        try {
+            const data = await auth.listSessions();
+            setSessions(data);
+        }
+        catch (e) {
+            setError(e instanceof Error ? e : new Error(String(e)));
+        }
+        finally {
+            setLoading(false);
+        }
+    }, [auth, user]);
+    (0, react_1.useEffect)(() => {
+        refresh();
+    }, [refresh]);
+    const revoke = (0, react_1.useCallback)(async (id) => {
+        await auth.revokeSession(id);
+        await refresh();
+    }, [auth, refresh]);
+    return { sessions, loading, error, refresh, revoke };
+}
+/**
+ * Reactive activity log hook — `/me/activity`. RP'nin "recent activity"
+ * tab'ı için.
+ */
+function useActivity() {
+    const { auth, user } = useAuth();
+    const [activity, setActivity] = (0, react_1.useState)(null);
+    const [loading, setLoading] = (0, react_1.useState)(false);
+    const [error, setError] = (0, react_1.useState)(null);
+    const refresh = (0, react_1.useCallback)(async () => {
+        if (!user) {
+            setActivity(null);
+            return;
+        }
+        setLoading(true);
+        setError(null);
+        try {
+            const data = await auth.getActivity();
+            setActivity(data);
+        }
+        catch (e) {
+            setError(e instanceof Error ? e : new Error(String(e)));
+        }
+        finally {
+            setLoading(false);
+        }
+    }, [auth, user]);
+    (0, react_1.useEffect)(() => {
+        refresh();
+    }, [refresh]);
+    return { activity, loading, error, refresh };
+}
+/**
+ * Reactive MFA status. enroll / verify / disable wrapper'ları, status
+ * otomatik yeniden çekilir.
+ */
+function useMfa() {
+    const { auth, user } = useAuth();
+    const [status, setStatus] = (0, react_1.useState)(null);
+    const [loading, setLoading] = (0, react_1.useState)(false);
+    const [error, setError] = (0, react_1.useState)(null);
+    const refresh = (0, react_1.useCallback)(async () => {
+        if (!user) {
+            setStatus(null);
+            return;
+        }
+        setLoading(true);
+        setError(null);
+        try {
+            const data = await auth.mfa.getStatus();
+            setStatus(data);
+        }
+        catch (e) {
+            setError(e instanceof Error ? e : new Error(String(e)));
+        }
+        finally {
+            setLoading(false);
+        }
+    }, [auth, user]);
+    (0, react_1.useEffect)(() => {
+        refresh();
+    }, [refresh]);
+    const verifyTotpEnrollment = (0, react_1.useCallback)(async (code) => {
+        await auth.mfa.verifyTotpEnrollment(code);
+        await refresh();
+    }, [auth, refresh]);
+    const disableTotp = (0, react_1.useCallback)(async (currentPassword) => {
+        await auth.mfa.disableTotp(currentPassword);
+        await refresh();
+    }, [auth, refresh]);
+    return {
+        status,
+        loading,
+        error,
+        refresh,
+        enrollTotp: () => auth.mfa.enrollTotp(),
+        verifyTotpEnrollment,
+        disableTotp,
+    };
+}
+/**
+ * Reactive passkey list — list/delete/register, mutation sonrası
+ * otomatik refresh.
+ */
+function usePasskeys() {
+    const { auth, user } = useAuth();
+    const [passkeys, setPasskeys] = (0, react_1.useState)(null);
+    const [loading, setLoading] = (0, react_1.useState)(false);
+    const [error, setError] = (0, react_1.useState)(null);
+    const refresh = (0, react_1.useCallback)(async () => {
+        if (!user) {
+            setPasskeys(null);
+            return;
+        }
+        setLoading(true);
+        setError(null);
+        try {
+            const data = await auth.passkey.list();
+            setPasskeys(data);
+        }
+        catch (e) {
+            setError(e instanceof Error ? e : new Error(String(e)));
+        }
+        finally {
+            setLoading(false);
+        }
+    }, [auth, user]);
+    (0, react_1.useEffect)(() => {
+        refresh();
+    }, [refresh]);
+    const register = (0, react_1.useCallback)(async (deviceName) => {
+        await auth.passkey.register(deviceName);
+        await refresh();
+    }, [auth, refresh]);
+    const remove = (0, react_1.useCallback)(async (id) => {
+        await auth.passkey.delete(id);
+        await refresh();
+    }, [auth, refresh]);
+    return { passkeys, loading, error, refresh, register, remove };
+}
+//# sourceMappingURL=index.js.map

package/dist/auth/react/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/react/index.tsx"],"names":[],"mappings":";AAAA,YAAY,CAAA;;AA6DZ,kDA6DC;AAED,0BAQC;AAMD,0BAEC;AAMD,kCA0CC;AAMD,kCAiCC;AAMD,wBA4DC;AAMD,kCAmDC;;AA5VD,iCAQc;AACd,sCAAgE;AAgDhE,MAAM,WAAW,GAAG,IAAA,qBAAa,EAA0B,IAAI,CAAC,CAAA;AAEhE,SAAgB,mBAAmB,CAAC,EAClC,QAAQ,EACR,mBAAmB,GAAG,IAAI,EAC1B,GAAG,IAAI,EAOR;IACC,oEAAoE;IACpE,sEAAsE;IACtE,MAAM,IAAI,GAAG,IAAA,eAAO,EAClB,GAAG,EAAE,CAAC,IAAI,oBAAW,CAAC,IAAI,CAAC;IAC3B,uDAAuD;IACvD,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,CAClD,CAAA;IACD,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,IAAA,gBAAQ,EAAyB,IAAI,CAAC,IAAI,CAAC,CAAA;IACnE,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,IAAA,gBAAQ,EAAC,IAAI,CAAC,CAAA;IAE5C,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,MAAM,WAAW,GAAG,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,EAAE;YAChD,OAAO,CAAC,CAAC,CAAC,CAAA;YACV,UAAU,CAAC,KAAK,CAAC,CAAA;QACnB,CAAC,CAAC,CAAA;QACF,OAAO,WAAW,CAAA;IACpB,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAA;IAEV,kEAAkE;IAClE,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,IAAI,CAAC,mBAAmB;YAAE,OAAM;QAChC,IAAI,OAAO,MAAM,KAAK,WAAW;YAAE,OAAM;QACzC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC;YAAE,OAAM;QAC3D,IAAI,CAAC,uBAAuB,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE;YACxC,4DAA4D;YAC5D,iCAAiC;QACnC,CAAC,CAAC,CAAA;IACJ,CAAC,EAAE,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC,CAAA;IAE/B,MAAM,KAAK,GAAG,IAAA,eAAO,EACnB,GAAG,EAAE,CAAC,CAAC;QACL,IAAI;QACJ,IAAI;QACJ,OAAO;QACP,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QAC7B,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QAC7B,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,OAAO,EAAE;QAC7B,iBAAiB,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC;QACnD,WAAW,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QACvC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;QACnC,aAAa,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;QAC3C,gBAAgB,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;QACjD,gBAAgB,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC;QACjD,kBAAkB,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,EAAE,CAAC,CAAC;QAC3D,uBAAuB,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,uBAAuB,EAAE;KAC9D,CAAC,EACF,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,CACtB,CAAA;IAED,OAAO,uBAAC,WAAW,CAAC,QAAQ,IAAC,KAAK,EAAE,KAAK,YAAG,QAAQ,GAAwB,CAAA;AAC9E,CAAC;AAED,SAAgB,OAAO;IACrB,MAAM,GAAG,GAAG,IAAA,kBAAU,EAAC,WAAW,CAAC,CAAA;IACnC,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,IAAI,KAAK,CACb,yEAAyE,CAC1E,CAAA;IACH,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED;;;GAGG;AACH,SAAgB,OAAO;IACrB,OAAO,OAAO,EAAE,CAAC,IAAI,CAAA;AACvB,CAAC;AAED;;;GAGG;AACH,SAAgB,WAAW;IAOzB,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,OAAO,EAAE,CAAA;IAChC,MAAM,CAAC,QAAQ,EAAE,WAAW,CAAC,GAAG,IAAA,gBAAQ,EAA0B,IAAI,CAAC,CAAA;IACvE,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,CAAC,CAAA;IAC7C,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAA,gBAAQ,EAAe,IAAI,CAAC,CAAA;IAEtD,MAAM,OAAO,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAI,EAAE;QACrC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,WAAW,CAAC,IAAI,CAAC,CAAA;YACjB,OAAM;QACR,CAAC;QACD,UAAU,CAAC,IAAI,CAAC,CAAA;QAChB,QAAQ,CAAC,IAAI,CAAC,CAAA;QACd,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAA;YACtC,WAAW,CAAC,IAAI,CAAC,CAAA;QACnB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,QAAQ,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QACzD,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,CAAC,CAAA;QACnB,CAAC;IACH,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAA;IAEhB,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,OAAO,EAAE,CAAA;IACX,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAA;IAEb,MAAM,MAAM,GAAG,IAAA,mBAAW,EACxB,KAAK,EAAE,EAAU,EAAE,EAAE;QACnB,MAAM,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,CAAA;QAC5B,MAAM,OAAO,EAAE,CAAA;IACjB,CAAC,EACD,CAAC,IAAI,EAAE,OAAO,CAAC,CAChB,CAAA;IAED,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,MAAM,EAAE,CAAA;AACtD,CAAC;AAED;;;GAGG;AACH,SAAgB,WAAW;IAMzB,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,OAAO,EAAE,CAAA;IAChC,MAAM,CAAC,QAAQ,EAAE,WAAW,CAAC,GAAG,IAAA,gBAAQ,EAAyB,IAAI,CAAC,CAAA;IACtE,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,CAAC,CAAA;IAC7C,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAA,gBAAQ,EAAe,IAAI,CAAC,CAAA;IAEtD,MAAM,OAAO,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAI,EAAE;QACrC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,WAAW,CAAC,IAAI,CAAC,CAAA;YACjB,OAAM;QACR,CAAC;QACD,UAAU,CAAC,IAAI,CAAC,CAAA;QAChB,QAAQ,CAAC,IAAI,CAAC,CAAA;QACd,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,EAAE,CAAA;YACrC,WAAW,CAAC,IAAI,CAAC,CAAA;QACnB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,QAAQ,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QACzD,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,CAAC,CAAA;QACnB,CAAC;IACH,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAA;IAEhB,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,OAAO,EAAE,CAAA;IACX,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAA;IAEb,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,CAAA;AAC9C,CAAC;AAED;;;GAGG;AACH,SAAgB,MAAM;IASpB,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,OAAO,EAAE,CAAA;IAChC,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,IAAA,gBAAQ,EAAmB,IAAI,CAAC,CAAA;IAC5D,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,CAAC,CAAA;IAC7C,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAA,gBAAQ,EAAe,IAAI,CAAC,CAAA;IAEtD,MAAM,OAAO,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAI,EAAE;QACrC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,SAAS,CAAC,IAAI,CAAC,CAAA;YACf,OAAM;QACR,CAAC;QACD,UAAU,CAAC,IAAI,CAAC,CAAA;QAChB,QAAQ,CAAC,IAAI,CAAC,CAAA;QACd,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,CAAA;YACvC,SAAS,CAAC,IAAI,CAAC,CAAA;QACjB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,QAAQ,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QACzD,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,CAAC,CAAA;QACnB,CAAC;IACH,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAA;IAEhB,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,OAAO,EAAE,CAAA;IACX,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAA;IAEb,MAAM,oBAAoB,GAAG,IAAA,mBAAW,EACtC,KAAK,EAAE,IAAY,EAAE,EAAE;QACrB,MAAM,IAAI,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,CAAC,CAAA;QACzC,MAAM,OAAO,EAAE,CAAA;IACjB,CAAC,EACD,CAAC,IAAI,EAAE,OAAO,CAAC,CAChB,CAAA;IAED,MAAM,WAAW,GAAG,IAAA,mBAAW,EAC7B,KAAK,EAAE,eAAuB,EAAE,EAAE;QAChC,MAAM,IAAI,CAAC,GAAG,CAAC,WAAW,CAAC,eAAe,CAAC,CAAA;QAC3C,MAAM,OAAO,EAAE,CAAA;IACjB,CAAC,EACD,CAAC,IAAI,EAAE,OAAO,CAAC,CAChB,CAAA;IAED,OAAO;QACL,MAAM;QACN,OAAO;QACP,KAAK;QACL,OAAO;QACP,UAAU,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE;QACvC,oBAAoB;QACpB,WAAW;KACZ,CAAA;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,WAAW;IAQzB,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,OAAO,EAAE,CAAA;IAChC,MAAM,CAAC,QAAQ,EAAE,WAAW,CAAC,GAAG,IAAA,gBAAQ,EAA0B,IAAI,CAAC,CAAA;IACvE,MAAM,CAAC,OAAO,EAAE,UAAU,CAAC,GAAG,IAAA,gBAAQ,EAAC,KAAK,CAAC,CAAA;IAC7C,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,IAAA,gBAAQ,EAAe,IAAI,CAAC,CAAA;IAEtD,MAAM,OAAO,GAAG,IAAA,mBAAW,EAAC,KAAK,IAAI,EAAE;QACrC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,WAAW,CAAC,IAAI,CAAC,CAAA;YACjB,OAAM;QACR,CAAC;QACD,UAAU,CAAC,IAAI,CAAC,CAAA;QAChB,QAAQ,CAAC,IAAI,CAAC,CAAA;QACd,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAA;YACtC,WAAW,CAAC,IAAI,CAAC,CAAA;QACnB,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,QAAQ,CAAC,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;QACzD,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,KAAK,CAAC,CAAA;QACnB,CAAC;IACH,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAA;IAEhB,IAAA,iBAAS,EAAC,GAAG,EAAE;QACb,OAAO,EAAE,CAAA;IACX,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAA;IAEb,MAAM,QAAQ,GAAG,IAAA,mBAAW,EAC1B,KAAK,EAAE,UAAmB,EAAE,EAAE;QAC5B,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAA;QACvC,MAAM,OAAO,EAAE,CAAA;IACjB,CAAC,EACD,CAAC,IAAI,EAAE,OAAO,CAAC,CAChB,CAAA;IAED,MAAM,MAAM,GAAG,IAAA,mBAAW,EACxB,KAAK,EAAE,EAAU,EAAE,EAAE;QACnB,MAAM,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;QAC7B,MAAM,OAAO,EAAE,CAAA;IACjB,CAAC,EACD,CAAC,IAAI,EAAE,OAAO,CAAC,CAChB,CAAA;IAED,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAA;AAChE,CAAC"}

package/dist/auth/types.d.ts

@@ -0,0 +1,105 @@
+/**
+ * Sentroy Auth-as-a-Service — SDK types.
+ *
+ * Public types are kept narrow on purpose: SDK shapes evolve with backend;
+ * caller code should depend on these names, not on hand-coded interfaces.
+ */
+export interface SentroyAuthUser {
+    id: string;
+    authProjectId: string;
+    email: string;
+    emailVerified: boolean;
+    displayName: string | null;
+    image: string | null;
+    metadata: Record<string, unknown>;
+    lastLoginAt: string | null;
+    createdAt: string;
+    updatedAt: string;
+}
+export interface AuthTokensResponse {
+    accessToken: string;
+    refreshToken: string;
+    expiresIn: number;
+    tokenType: "Bearer";
+}
+export interface SignupResponse {
+    user: SentroyAuthUser;
+    /** Email verification gerekiyorsa undefined; aksi halde set. */
+    accessToken?: string;
+    refreshToken?: string;
+    expiresIn?: number;
+    tokenType?: "Bearer";
+    emailVerificationRequired?: boolean;
+}
+export interface LoginResponse {
+    user: SentroyAuthUser;
+    accessToken: string;
+    refreshToken: string;
+    expiresIn: number;
+    tokenType: "Bearer";
+}
+export interface AuthApiError {
+    error: string;
+    error_description: string;
+}
+export declare class SentroyAuthError extends Error {
+    readonly code: string;
+    readonly status: number;
+    constructor(code: string, message: string, status: number);
+}
+/**
+ * Login response when MFA is enrolled — first step returns mfaRequired+
+ * mfaToken; second step `verifyMfa(mfaToken, code)` issues final tokens.
+ */
+export interface MfaChallengeResponse {
+    mfaRequired: true;
+    mfaToken: string;
+    factorType: "totp";
+}
+/** Discriminated union — Login may resolve to tokens OR MFA challenge. */
+export type LoginOutcome = {
+    kind: "tokens";
+    data: LoginResponse;
+} | {
+    kind: "mfa";
+    data: MfaChallengeResponse;
+};
+export interface SessionSummary {
+    id: string;
+    refreshTokenPrefix: string;
+    userAgent: string | null;
+    ip: string | null;
+    expiresAt: string;
+    createdAt: string;
+}
+export interface ActivityEntry {
+    id: string;
+    action: string;
+    ipAddress: string | null;
+    createdAt: string;
+    details: Record<string, unknown> | null;
+}
+export interface MfaStatus {
+    enrolled: boolean;
+    factorType?: "totp";
+    verifiedAt?: string | null;
+    recoveryCodesRemaining?: number;
+}
+export interface MfaEnrollResponse {
+    secret: string;
+    otpauthUri: string;
+}
+export interface MfaVerifyEnrollmentResponse {
+    enrolled: true;
+    recoveryCodes: string[];
+}
+export interface PasskeySummary {
+    id: string;
+    credentialIdPrefix: string;
+    deviceName: string | null;
+    transports: string[];
+    lastUsedAt: string | null;
+    createdAt: string;
+}
+export type SocialProvider = "google" | "github" | "facebook" | "microsoft" | "twitter" | "apple";
+//# sourceMappingURL=types.d.ts.map

package/dist/auth/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAA;IACV,aAAa,EAAE,MAAM,CAAA;IACrB,KAAK,EAAE,MAAM,CAAA;IACb,aAAa,EAAE,OAAO,CAAA;IACtB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,KAAK,EAAE,MAAM,GAAG,IAAI,CAAA;IACpB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACjC,WAAW,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,QAAQ,CAAA;CACpB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,eAAe,CAAA;IACrB,gEAAgE;IAChE,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,SAAS,CAAC,EAAE,QAAQ,CAAA;IACpB,yBAAyB,CAAC,EAAE,OAAO,CAAA;CACpC;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,eAAe,CAAA;IACrB,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;IACpB,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,QAAQ,CAAA;CACpB;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,MAAM,CAAA;IACb,iBAAiB,EAAE,MAAM,CAAA;CAC1B;AAED,qBAAa,gBAAiB,SAAQ,KAAK;IACzC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAA;IACrB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAA;gBACX,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;CAM1D;AAED;;;GAGG;AACH,MAAM,WAAW,oBAAoB;IACnC,WAAW,EAAE,IAAI,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,EAAE,MAAM,CAAA;CACnB;AAED,0EAA0E;AAC1E,MAAM,MAAM,YAAY,GACpB;IAAE,IAAI,EAAE,QAAQ,CAAC;IAAC,IAAI,EAAE,aAAa,CAAA;CAAE,GACvC;IAAE,IAAI,EAAE,KAAK,CAAC;IAAC,IAAI,EAAE,oBAAoB,CAAA;CAAE,CAAA;AAE/C,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAA;IACV,kBAAkB,EAAE,MAAM,CAAA;IAC1B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,EAAE,EAAE,MAAM,GAAG,IAAI,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAA;IACV,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAA;CACxC;AAED,MAAM,WAAW,SAAS;IACxB,QAAQ,EAAE,OAAO,CAAA;IACjB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,sBAAsB,CAAC,EAAE,MAAM,CAAA;CAChC;AAED,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,EAAE,IAAI,CAAA;IACd,aAAa,EAAE,MAAM,EAAE,CAAA;CACxB;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAA;IACV,kBAAkB,EAAE,MAAM,CAAA;IAC1B,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,UAAU,EAAE,MAAM,EAAE,CAAA;IACpB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAA;IACzB,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,MAAM,MAAM,cAAc,GACtB,QAAQ,GACR,QAAQ,GACR,UAAU,GACV,WAAW,GACX,SAAS,GACT,OAAO,CAAA"}

package/dist/auth/types.js

@@ -0,0 +1,21 @@
+"use strict";
+/**
+ * Sentroy Auth-as-a-Service — SDK types.
+ *
+ * Public types are kept narrow on purpose: SDK shapes evolve with backend;
+ * caller code should depend on these names, not on hand-coded interfaces.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SentroyAuthError = void 0;
+class SentroyAuthError extends Error {
+    code;
+    status;
+    constructor(code, message, status) {
+        super(message);
+        this.name = "SentroyAuthError";
+        this.code = code;
+        this.status = status;
+    }
+}
+exports.SentroyAuthError = SentroyAuthError;
+//# sourceMappingURL=types.js.map

package/dist/auth/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/auth/types.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;AA6CH,MAAa,gBAAiB,SAAQ,KAAK;IAChC,IAAI,CAAQ;IACZ,MAAM,CAAQ;IACvB,YAAY,IAAY,EAAE,OAAe,EAAE,MAAc;QACvD,KAAK,CAAC,OAAO,CAAC,CAAA;QACd,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAA;QAC9B,IAAI,CAAC,IAAI,GAAG,IAAI,CAAA;QAChB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IACtB,CAAC;CACF;AATD,4CASC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sentroy-co/client-sdk",
-  "version": "2.13.7",
+  "version": "2.13.9",
   "description": "TypeScript SDK + CLI for the Sentroy platform — mail, storage, env vault + React components.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -38,6 +38,21 @@
       "types": "./dist/vault/react.d.ts",
       "import": "./dist/vault/react.js",
       "require": "./dist/vault/react.js"
+    },
+    "./auth": {
+      "types": "./dist/auth/index.d.ts",
+      "import": "./dist/auth/index.js",
+      "require": "./dist/auth/index.js"
+    },
+    "./auth/admin": {
+      "types": "./dist/auth/admin/index.d.ts",
+      "import": "./dist/auth/admin/index.js",
+      "require": "./dist/auth/admin/index.js"
+    },
+    "./auth/react": {
+      "types": "./dist/auth/react/index.d.ts",
+      "import": "./dist/auth/react/index.js",
+      "require": "./dist/auth/react/index.js"
     }
   },
   "files": [
@@ -80,10 +95,14 @@
     "node": ">=18.0.0"
   },
   "peerDependencies": {
+    "@simplewebauthn/browser": "^13.0.0",
     "react": ">=18.0.0",
     "react-dom": ">=18.0.0"
   },
   "peerDependenciesMeta": {
+    "@simplewebauthn/browser": {
+      "optional": true
+    },
     "react": {
       "optional": true
     },