npm - @striae-org/striae - Versions diffs - 3.0.4 - Mend

@striae-org/striae 3.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (223) hide show

package/.env.example +100 -0
package/LICENSE +190 -0
package/NOTICE +18 -0
package/README.md +133 -0
package/app/components/actions/case-export/core-export.ts +328 -0
package/app/components/actions/case-export/data-processing.ts +167 -0
package/app/components/actions/case-export/download-handlers.ts +900 -0
package/app/components/actions/case-export/index.ts +41 -0
package/app/components/actions/case-export/metadata-helpers.ts +107 -0
package/app/components/actions/case-export/types-constants.ts +56 -0
package/app/components/actions/case-export/validation-utils.ts +25 -0
package/app/components/actions/case-export.ts +4 -0
package/app/components/actions/case-import/annotation-import.ts +35 -0
package/app/components/actions/case-import/confirmation-import.ts +363 -0
package/app/components/actions/case-import/image-operations.ts +61 -0
package/app/components/actions/case-import/index.ts +39 -0
package/app/components/actions/case-import/orchestrator.ts +420 -0
package/app/components/actions/case-import/storage-operations.ts +270 -0
package/app/components/actions/case-import/validation.ts +189 -0
package/app/components/actions/case-import/zip-processing.ts +413 -0
package/app/components/actions/case-manage.ts +524 -0
package/app/components/actions/case-review.ts +4 -0
package/app/components/actions/confirm-export.ts +351 -0
package/app/components/actions/generate-pdf.ts +210 -0
package/app/components/actions/image-manage.ts +385 -0
package/app/components/actions/notes-manage.ts +33 -0
package/app/components/actions/signout.module.css +15 -0
package/app/components/actions/signout.tsx +50 -0
package/app/components/audit/user-audit-viewer.tsx +975 -0
package/app/components/audit/user-audit.module.css +568 -0
package/app/components/auth/auth-provider.tsx +78 -0
package/app/components/auth/mfa-enrollment.module.css +268 -0
package/app/components/auth/mfa-enrollment.tsx +398 -0
package/app/components/auth/mfa-verification.module.css +251 -0
package/app/components/auth/mfa-verification.tsx +295 -0
package/app/components/button/button.module.css +63 -0
package/app/components/button/button.tsx +46 -0
package/app/components/canvas/box-annotations/box-annotations.module.css +170 -0
package/app/components/canvas/box-annotations/box-annotations.tsx +634 -0
package/app/components/canvas/canvas.module.css +314 -0
package/app/components/canvas/canvas.tsx +449 -0
package/app/components/canvas/confirmation/confirmation.module.css +187 -0
package/app/components/canvas/confirmation/confirmation.tsx +214 -0
package/app/components/colors/colors.module.css +59 -0
package/app/components/colors/colors.tsx +68 -0
package/app/components/form/base-form.tsx +21 -0
package/app/components/form/form-button.tsx +28 -0
package/app/components/form/form-field.tsx +53 -0
package/app/components/form/form-message.tsx +17 -0
package/app/components/form/form-toggle.tsx +23 -0
package/app/components/form/form.module.css +427 -0
package/app/components/form/index.ts +6 -0
package/app/components/icon/icon.module.css +3 -0
package/app/components/icon/icon.tsx +27 -0
package/app/components/icon/icons.svg +102 -0
package/app/components/icon/manifest.json +110 -0
package/app/components/sidebar/case-export/case-export.module.css +386 -0
package/app/components/sidebar/case-export/case-export.tsx +317 -0
package/app/components/sidebar/case-import/case-import.module.css +626 -0
package/app/components/sidebar/case-import/case-import.tsx +404 -0
package/app/components/sidebar/case-import/components/CasePreviewSection.tsx +72 -0
package/app/components/sidebar/case-import/components/ConfirmationDialog.tsx +72 -0
package/app/components/sidebar/case-import/components/ConfirmationPreviewSection.tsx +71 -0
package/app/components/sidebar/case-import/components/ExistingCaseSection.tsx +40 -0
package/app/components/sidebar/case-import/components/FileSelector.tsx +161 -0
package/app/components/sidebar/case-import/components/ProgressSection.tsx +46 -0
package/app/components/sidebar/case-import/hooks/useFilePreview.ts +101 -0
package/app/components/sidebar/case-import/hooks/useImportExecution.ts +152 -0
package/app/components/sidebar/case-import/hooks/useImportState.ts +88 -0
package/app/components/sidebar/case-import/index.ts +18 -0
package/app/components/sidebar/case-import/utils/file-validation.ts +43 -0
package/app/components/sidebar/cases/case-sidebar.tsx +827 -0
package/app/components/sidebar/cases/cases-modal.module.css +166 -0
package/app/components/sidebar/cases/cases-modal.tsx +201 -0
package/app/components/sidebar/cases/cases.module.css +713 -0
package/app/components/sidebar/files/files-modal.module.css +209 -0
package/app/components/sidebar/files/files-modal.tsx +239 -0
package/app/components/sidebar/hash/hash-utility.module.css +366 -0
package/app/components/sidebar/hash/hash-utility.tsx +982 -0
package/app/components/sidebar/notes/notes-modal.tsx +51 -0
package/app/components/sidebar/notes/notes-sidebar.tsx +491 -0
package/app/components/sidebar/notes/notes.module.css +360 -0
package/app/components/sidebar/sidebar-container.tsx +149 -0
package/app/components/sidebar/sidebar.module.css +321 -0
package/app/components/sidebar/sidebar.tsx +215 -0
package/app/components/sidebar/upload/image-upload-zone.module.css +123 -0
package/app/components/sidebar/upload/image-upload-zone.tsx +330 -0
package/app/components/theme-provider/theme-provider.tsx +131 -0
package/app/components/theme-provider/theme.ts +155 -0
package/app/components/toast/toast.module.css +137 -0
package/app/components/toast/toast.tsx +56 -0
package/app/components/toolbar/toolbar-color-selector.module.css +171 -0
package/app/components/toolbar/toolbar-color-selector.tsx +129 -0
package/app/components/toolbar/toolbar.module.css +42 -0
package/app/components/toolbar/toolbar.tsx +167 -0
package/app/components/user/delete-account.module.css +274 -0
package/app/components/user/delete-account.tsx +471 -0
package/app/components/user/inactivity-warning.module.css +145 -0
package/app/components/user/inactivity-warning.tsx +84 -0
package/app/components/user/manage-profile.module.css +190 -0
package/app/components/user/manage-profile.tsx +253 -0
package/app/components/user/mfa-phone-update.tsx +739 -0
package/app/config-example/admin-service.json +13 -0
package/app/config-example/config.json +17 -0
package/app/config-example/firebase.ts +21 -0
package/app/config-example/inactivity.ts +13 -0
package/app/config-example/meta-config.json +6 -0
package/app/contexts/auth.context.ts +12 -0
package/app/entry.client.tsx +12 -0
package/app/entry.server.tsx +44 -0
package/app/hooks/useInactivityTimeout.ts +110 -0
package/app/root.tsx +170 -0
package/app/routes/_index.tsx +16 -0
package/app/routes/auth/emailActionHandler.module.css +232 -0
package/app/routes/auth/emailActionHandler.tsx +405 -0
package/app/routes/auth/emailVerification.tsx +120 -0
package/app/routes/auth/login.module.css +523 -0
package/app/routes/auth/login.tsx +654 -0
package/app/routes/auth/passwordReset.module.css +274 -0
package/app/routes/auth/passwordReset.tsx +154 -0
package/app/routes/auth/route.ts +16 -0
package/app/routes/mobile-prevented/mobilePrevented.module.css +47 -0
package/app/routes/mobile-prevented/mobilePrevented.tsx +26 -0
package/app/routes/mobile-prevented/route.ts +14 -0
package/app/routes/striae/striae.module.css +30 -0
package/app/routes/striae/striae.tsx +417 -0
package/app/services/audit-export.service.ts +755 -0
package/app/services/audit.service.ts +1454 -0
package/app/services/firebase-errors.ts +106 -0
package/app/services/firebase.ts +15 -0
package/app/styles/legal-pages.module.css +113 -0
package/app/styles/root.module.css +146 -0
package/app/tailwind.css +225 -0
package/app/types/annotations.ts +45 -0
package/app/types/audit.ts +301 -0
package/app/types/case.ts +90 -0
package/app/types/export.ts +8 -0
package/app/types/file.ts +30 -0
package/app/types/import.ts +107 -0
package/app/types/index.ts +24 -0
package/app/types/user.ts +38 -0
package/app/utils/SHA256.ts +461 -0
package/app/utils/annotation-timestamp.ts +25 -0
package/app/utils/audit-export-signature.ts +117 -0
package/app/utils/auth-action-settings.ts +48 -0
package/app/utils/auth.ts +34 -0
package/app/utils/batch-operations.ts +135 -0
package/app/utils/confirmation-signature.ts +193 -0
package/app/utils/data-operations.ts +871 -0
package/app/utils/device-detection.ts +5 -0
package/app/utils/html-sanitizer.ts +80 -0
package/app/utils/id-generator.ts +36 -0
package/app/utils/meta.ts +48 -0
package/app/utils/mfa-phone.ts +97 -0
package/app/utils/mfa.ts +79 -0
package/app/utils/password-policy.ts +28 -0
package/app/utils/permissions.ts +562 -0
package/app/utils/signature-utils.ts +160 -0
package/app/utils/style.ts +83 -0
package/app/utils/version.ts +5 -0
package/firebase.json +11 -0
package/functions/[[path]].ts +10 -0
package/package.json +138 -0
package/postcss.config.js +6 -0
package/public/.well-known/publickey.info@striae.org.asc +17 -0
package/public/.well-known/security.txt +7 -0
package/public/_headers +28 -0
package/public/_routes.json +13 -0
package/public/assets/striae.jpg +0 -0
package/public/clear.jpg +0 -0
package/public/favicon.ico +0 -0
package/public/favicon.svg +9 -0
package/public/icon-256.png +0 -0
package/public/icon-512.png +0 -0
package/public/logo-dark.png +0 -0
package/public/manifest.json +25 -0
package/public/oin-badge.png +0 -0
package/public/shortcut.png +0 -0
package/public/social-image.png +0 -0
package/public/striae-ascii.txt +10 -0
package/scripts/deploy-all.sh +100 -0
package/scripts/deploy-config.sh +940 -0
package/scripts/deploy-pages.sh +34 -0
package/scripts/deploy-worker-secrets.sh +215 -0
package/scripts/dev.cjs +23 -0
package/scripts/install-workers.sh +88 -0
package/scripts/run-eslint.cjs +35 -0
package/scripts/update-compatibility-dates.cjs +124 -0
package/scripts/update-markdown-versions.cjs +43 -0
package/tailwind.config.ts +22 -0
package/tsconfig.json +33 -0
package/vite.config.ts +35 -0
package/worker-configuration.d.ts +7490 -0
package/workers/audit-worker/package.json +17 -0
package/workers/audit-worker/src/audit-worker.example.ts +195 -0
package/workers/audit-worker/worker-configuration.d.ts +7448 -0
package/workers/audit-worker/wrangler.jsonc.example +29 -0
package/workers/data-worker/package.json +17 -0
package/workers/data-worker/src/data-worker.example.ts +267 -0
package/workers/data-worker/src/signature-utils.ts +79 -0
package/workers/data-worker/src/signing-payload-utils.ts +290 -0
package/workers/data-worker/worker-configuration.d.ts +7448 -0
package/workers/data-worker/wrangler.jsonc.example +30 -0
package/workers/image-worker/package.json +17 -0
package/workers/image-worker/src/image-worker.example.ts +180 -0
package/workers/image-worker/worker-configuration.d.ts +7447 -0
package/workers/image-worker/wrangler.jsonc.example +22 -0
package/workers/keys-worker/package.json +17 -0
package/workers/keys-worker/src/keys.example.ts +66 -0
package/workers/keys-worker/src/keys.ts +66 -0
package/workers/keys-worker/worker-configuration.d.ts +7447 -0
package/workers/keys-worker/wrangler.jsonc.example +22 -0
package/workers/pdf-worker/package.json +17 -0
package/workers/pdf-worker/src/format-striae.ts +534 -0
package/workers/pdf-worker/src/pdf-worker.example.ts +119 -0
package/workers/pdf-worker/src/report-types.ts +69 -0
package/workers/pdf-worker/worker-configuration.d.ts +7448 -0
package/workers/pdf-worker/wrangler.jsonc.example +26 -0
package/workers/user-worker/package.json +17 -0
package/workers/user-worker/src/user-worker.example.ts +636 -0
package/workers/user-worker/worker-configuration.d.ts +7448 -0
package/workers/user-worker/wrangler.jsonc.example +29 -0
package/wrangler.toml.example +8 -0

package/app/components/auth/mfa-enrollment.module.css ADDED Viewed

@@ -0,0 +1,268 @@
+.overlay {
+  position: fixed;
+  top: 0;
+  left: 0;
+  right: 0;
+  bottom: 0;
+  background-color: rgba(0, 0, 0, 0.75);
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  z-index: 1000;
+  padding: 1rem;
+}
+.modal {
+  background: white;
+  border-radius: 12px;
+  padding: 2rem;
+  max-width: 500px;
+  width: 100%;
+  max-height: 90vh;
+  overflow-y: auto;
+  box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
+}
+.header {
+  text-align: center;
+  margin-bottom: 2rem;
+}
+.header h2 {
+  color: #333;
+  margin: 0 0 1rem 0;
+  font-size: 1.5rem;
+  font-weight: 600;
+}
+.header p {
+  color: #666;
+  margin: 0;
+  line-height: 1.5;
+}
+.content {
+  margin-bottom: 2rem;
+}
+.phoneStep,
+.codeStep {
+  text-align: center;
+}
+.phoneStep h3,
+.codeStep h3 {
+  color: #333;
+  margin: 0 0 1rem 0;
+  font-size: 1.2rem;
+  font-weight: 500;
+}
+.input {
+  width: 100%;
+  padding: 1rem;
+  border: 2px solid #e1e5e9;
+  border-radius: 8px;
+  font-size: 1rem;
+  margin-bottom: 1rem;
+  transition: border-color 0.2s ease;
+  box-sizing: border-box;
+}
+.input:focus {
+  outline: none;
+  border-color: #4285f4;
+  box-shadow: 0 0 0 3px rgba(66, 133, 244, 0.1);
+}
+.input:disabled {
+  background-color: #f5f5f5;
+  cursor: not-allowed;
+}
+.note {
+  color: #666;
+  font-size: 0.9rem;
+  margin: 0 0 1.5rem 0;
+  line-height: 1.4;
+}
+.buttonGroup {
+  display: flex;
+  flex-direction: column;
+  gap: 0.75rem;
+}
+.primaryButton {
+  background-color: #4285f4;
+  color: white;
+  border: none;
+  padding: 1rem 2rem;
+  border-radius: 8px;
+  font-size: 1rem;
+  font-weight: 500;
+  cursor: pointer;
+  transition: background-color 0.2s ease;
+  width: 100%;
+  box-sizing: border-box;
+}
+.primaryButton:hover:not(:disabled) {
+  background-color: #3367d6;
+}
+.primaryButton:disabled {
+  background-color: #ccc;
+  cursor: not-allowed;
+}
+.secondaryButton {
+  background-color: transparent;
+  color: #4285f4;
+  border: 2px solid #4285f4;
+  padding: 0.75rem 1.5rem;
+  border-radius: 8px;
+  font-size: 0.9rem;
+  font-weight: 500;
+  cursor: pointer;
+  transition: all 0.2s ease;
+  width: 100%;
+  box-sizing: border-box;
+}
+.secondaryButton:hover:not(:disabled) {
+  background-color: #4285f4;
+  color: white;
+}
+.secondaryButton:disabled {
+  border-color: #ccc;
+  color: #ccc;
+  cursor: not-allowed;
+}
+.resendTimer {
+  color: #999;
+  font-size: 0.9rem;
+  margin: 0;
+  text-align: center;
+}
+.errorMessage {
+  background: linear-gradient(135deg,
+    color-mix(in lab, var(--error) 12%, transparent),
+    color-mix(in lab, var(--error) 8%, transparent)
+  );
+  border: 1px solid color-mix(in lab, var(--error) 30%, transparent);
+  border-left: 4px solid var(--error);
+  color: color-mix(in lab, var(--error) 90%, var(--black));
+  padding: var(--spaceL);
+  border-radius: var(--spaceS);
+  font-size: 0.9rem;
+  margin-bottom: 1rem;
+  text-align: left;
+  line-height: 1.4;
+  position: relative;
+  overflow: hidden;
+  box-shadow: 0 4px 16px color-mix(in lab, var(--text) 10%, transparent);
+  animation: slideInError var(--durationM) var(--bezierFastoutSlowin);
+}
+.errorMessage::before {
+  content: '';
+  position: absolute;
+  top: 0;
+  left: 0;
+  right: 0;
+  height: 2px;
+  background: linear-gradient(90deg, var(--error), color-mix(in lab, var(--error) 60%, transparent));
+  animation: shimmer 2s ease-in-out infinite;
+}
+.errorMessage:empty {
+  display: none;
+}
+.footer {
+  border-top: 1px solid #e1e5e9;
+  padding-top: 1.5rem;
+  text-align: center;
+}
+.skipButton {
+  background-color: transparent;
+  color: #666;
+  border: none;
+  padding: 0.75rem 1.5rem;
+  border-radius: 8px;
+  font-size: 0.9rem;
+  cursor: pointer;
+  transition: color 0.2s ease;
+}
+.skipButton:hover:not(:disabled) {
+  color: #333;
+  text-decoration: underline;
+}
+.skipButton:disabled {
+  color: #ccc;
+  cursor: not-allowed;
+}
+.signOutContainer {
+  margin-top: var(--spaceL);
+  padding-top: var(--spaceL);
+  border-top: 1px solid var(--borderLight);
+  text-align: center;
+}
+.signOutText {
+  color: var(--textLight);
+  font-size: var(--fontSizeSmall);
+  margin-bottom: var(--spaceM);
+}
+/* Animations */
+@keyframes slideInError {
+  from {
+    opacity: 0;
+    transform: translateY(calc(-1 * var(--spaceM))) scaleY(0.8);
+    max-height: 0;
+    padding-top: 0;
+    padding-bottom: 0;
+    margin-top: 0;
+    margin-bottom: 0;
+  }
+  to {
+    opacity: 1;
+    transform: translateY(0) scaleY(1);
+    max-height: 200px;
+    padding-top: var(--spaceL);
+    padding-bottom: var(--spaceL);
+    margin-top: 0;
+    margin-bottom: 1rem;
+  }
+}
+@keyframes shimmer {
+  0%, 100% {
+    opacity: 0.6;
+    transform: translateX(-100%);
+  }
+  50% {
+    opacity: 1;
+    transform: translateX(100%);
+  }
+}
+/* Reduce motion for accessibility */
+@media (prefers-reduced-motion: reduce) {
+  .errorMessage {
+    animation: none;
+  }
+  .errorMessage::before {
+    animation: none;
+  }
+}

package/app/components/auth/mfa-enrollment.tsx ADDED Viewed

@@ -0,0 +1,398 @@
+/* eslint-disable react/prop-types */
+import { useState, useEffect } from 'react';
+import { auth } from '~/services/firebase';
+import {
+  PhoneAuthProvider,
+  PhoneMultiFactorGenerator,
+  RecaptchaVerifier,
+  multiFactor,
+  User
+} from 'firebase/auth';
+import { handleAuthError, getValidationError } from '~/services/firebase-errors';
+import { SignOut } from '~/components/actions/signout';
+import { auditService } from '~/services/audit.service';
+import styles from './mfa-enrollment.module.css';
+interface MFAEnrollmentProps {
+  user: User;
+  onSuccess: () => void;
+  onError: (error: string) => void;
+  onSkip?: () => void; // Optional skip for non-mandatory scenarios
+  mandatory?: boolean; // Whether MFA enrollment is required
+}
+export const MFAEnrollment: React.FC<MFAEnrollmentProps> = ({
+  user,
+  onSuccess,
+  onError,
+  onSkip,
+  mandatory = true
+}) => {
+  const [phoneNumber, setPhoneNumber] = useState('');
+  const [verificationCode, setVerificationCode] = useState('');
+  const [isLoading, setIsLoading] = useState(false);
+  const [codeSent, setCodeSent] = useState(false);
+  const [recaptchaVerifier, setRecaptchaVerifier] = useState<RecaptchaVerifier | null>(null);
+  const [verificationId, setVerificationId] = useState('');
+  const [resendTimer, setResendTimer] = useState(0);
+  const [isClient, setIsClient] = useState(false);
+  const [errorMessage, setErrorMessage] = useState('');
+  useEffect(() => {
+    setIsClient(true);
+  }, []);
+  useEffect(() => {
+    if (!isClient) return;
+    // Initialize reCAPTCHA verifier
+    const verifier = new RecaptchaVerifier(auth, 'recaptcha-container-enrollment', {
+      size: 'invisible',
+      callback: () => {
+        // reCAPTCHA solved, allow SMS sending
+      },
+      'expired-callback': () => {
+        const error = getValidationError('MFA_RECAPTCHA_EXPIRED');
+        setErrorMessage(error);
+        onError(error);
+      }
+    });
+    setRecaptchaVerifier(verifier);
+    return () => {
+      verifier.clear();
+    };
+  }, [onError, isClient]);
+  useEffect(() => {
+    if (resendTimer > 0) {
+      const timer = setTimeout(() => setResendTimer(resendTimer - 1), 1000);
+      return () => clearTimeout(timer);
+    }
+  }, [resendTimer]);
+  // Phone number validation function
+  const validatePhoneNumber = (phone: string): { isValid: boolean; errorMessage?: string } => {
+    if (!phone.trim()) {
+      return { isValid: false, errorMessage: getValidationError('MFA_INVALID_PHONE') };
+    }
+    // Remove all non-digit characters for validation
+    const cleanPhone = phone.replace(/\D/g, '');
+    // Prevent use of example phone numbers
+    if (cleanPhone === '15551234567' || cleanPhone === '5551234567') {
+      return { isValid: false, errorMessage: 'Please enter your actual phone number, not the demo number.' };
+    }
+    // Check for valid phone number patterns
+    // US/Canada: 10 or 11 digits (with or without country code)
+    // International: 7-15 digits with country code
+    if (cleanPhone.length < 7 || cleanPhone.length > 15) {
+      return { isValid: false, errorMessage: 'Phone number must be between 7-15 digits.' };
+    }
+    // US/Canada specific validation (most common case)
+    if (phone.startsWith('+1') || (!phone.startsWith('+') && cleanPhone.length === 10)) {
+      const usPhone = cleanPhone.startsWith('1') ? cleanPhone.slice(1) : cleanPhone;
+      if (usPhone.length !== 10) {
+        return { isValid: false, errorMessage: 'US/Canada phone numbers must be 10 digits.' };
+      }
+      // Check for invalid area codes (starting with 0 or 1)
+      if (usPhone[0] === '0' || usPhone[0] === '1') {
+        return { isValid: false, errorMessage: 'Invalid area code. Area codes cannot start with 0 or 1.' };
+      }
+      // Check for invalid exchange codes (starting with 0 or 1)
+      if (usPhone[3] === '0' || usPhone[3] === '1') {
+        return { isValid: false, errorMessage: 'Invalid phone number format.' };
+      }
+    }
+    // Basic international validation for numbers with country codes
+    if (phone.startsWith('+') && cleanPhone.length < 8) {
+      return { isValid: false, errorMessage: 'International phone numbers must have at least 8 digits including country code.' };
+    }
+    return { isValid: true };
+  };
+  const sendVerificationCode = async () => {
+    const validation = validatePhoneNumber(phoneNumber);
+    if (!validation.isValid) {
+      setErrorMessage(validation.errorMessage!);
+      onError(validation.errorMessage!);
+      return;
+    }
+    if (!recaptchaVerifier) {
+      const error = getValidationError('MFA_RECAPTCHA_ERROR');
+      setErrorMessage(error);
+      onError(error);
+      return;
+    }
+    setIsLoading(true);
+    setErrorMessage(''); // Clear any previous errors
+    try {
+      // Format phone number if it doesn't start with +
+      const formattedPhone = phoneNumber.startsWith('+') ? phoneNumber : `+1${phoneNumber}`;
+      const multiFactorSession = await multiFactor(user).getSession();
+      const phoneInfoOptions = {
+        phoneNumber: formattedPhone,
+        session: multiFactorSession
+      };
+      const phoneAuthProvider = new PhoneAuthProvider(auth);
+      const verificationId = await phoneAuthProvider.verifyPhoneNumber(
+        phoneInfoOptions,
+        recaptchaVerifier
+      );
+      setVerificationId(verificationId);
+      setCodeSent(true);
+      setResendTimer(60); // 60 second cooldown for resend
+      onError(''); // Clear any previous errors
+    } catch (error: unknown) {
+      const authError = error as { code?: string; message?: string };
+      const errorMsg = handleAuthError(authError).message;
+      setErrorMessage(errorMsg);
+      onError(errorMsg);
+    } finally {
+      setIsLoading(false);
+    }
+  };
+  const enrollMFA = async () => {
+    if (!verificationCode.trim()) {
+      const error = getValidationError('MFA_CODE_REQUIRED');
+      setErrorMessage(error);
+      onError(error);
+      return;
+    }
+    if (!verificationId) {
+      const error = getValidationError('MFA_NO_VERIFICATION_ID');
+      setErrorMessage(error);
+      onError(error);
+      return;
+    }
+    setIsLoading(true);
+    setErrorMessage(''); // Clear any previous errors
+    try {
+      const cred = PhoneAuthProvider.credential(verificationId, verificationCode);
+      const multiFactorAssertion = PhoneMultiFactorGenerator.assertion(cred);
+      await multiFactor(user).enroll(multiFactorAssertion, `Phone: ${phoneNumber}`);
+      // Log successful MFA enrollment audit event
+      try {
+        await auditService.logMfaEnrollment(
+          user,
+          phoneNumber,
+          'sms',
+          'success',
+          1, // Assuming this is their first successful attempt since we got here
+          undefined, // sessionId not available in enrollment context
+          navigator.userAgent
+        );
+      } catch (auditError) {
+        console.error('Failed to log MFA enrollment success audit:', auditError);
+        // Continue with enrollment success flow even if audit logging fails
+      }
+      // Mark email verification as successful (retroactive)
+      // Since MFA enrollment requires email verification to be completed first,
+      // we can safely mark any pending email verification as successful
+      try {
+        await auditService.markEmailVerificationSuccessful(
+          user,
+          'MFA enrollment completed - email verification implied',
+          undefined, // sessionId not available in enrollment context
+          navigator.userAgent
+        );
+      } catch (auditError) {
+        console.error('Failed to log retroactive email verification success:', auditError);
+        // Continue with enrollment success flow even if audit logging fails
+      }
+      onSuccess();
+    } catch (error: unknown) {
+      console.error('Error enrolling MFA:', error);
+      const authError = error as { code?: string; message?: string };
+      let errorMsg = '';
+      if (authError.code === 'auth/invalid-verification-code') {
+        errorMsg = getValidationError('MFA_INVALID_CODE');
+      } else if (authError.code === 'auth/code-expired') {
+        errorMsg = getValidationError('MFA_CODE_EXPIRED');
+        setCodeSent(false);
+      } else {
+        errorMsg = handleAuthError(authError).message;
+      }
+      setErrorMessage(errorMsg);
+      onError(errorMsg);
+      // Log security violation for failed MFA enrollment attempts
+      try {
+        let severity: 'low' | 'medium' | 'high' | 'critical' = 'medium';
+        if (authError.code === 'auth/invalid-verification-code') {
+          severity = 'high'; // Invalid MFA codes during enrollment are serious
+        }
+        await auditService.logSecurityViolation(
+          user, // User object available during enrollment
+          'unauthorized-access',
+          severity,
+          `Failed MFA enrollment: ${authError.code} - ${errorMsg}`,
+          'mfa-enrollment-endpoint',
+          true // Blocked by system
+        );
+      } catch (auditError) {
+        console.error('Failed to log MFA enrollment security violation audit:', auditError);
+        // Continue with error flow even if audit logging fails
+      }
+    } finally {
+      setIsLoading(false);
+    }
+  };
+  const handleSkip = () => {
+    if (onSkip && !mandatory) {
+      onSkip();
+    }
+  };
+  if (!isClient) {
+    return null;
+  }
+  return (
+    <div className={styles.overlay}>
+      <div className={styles.modal}>
+        <div className={styles.header}>
+          <h2>Security Setup Required</h2>
+          <p>
+            {mandatory
+              ? 'Two-factor authentication is required for all accounts. Please set up SMS verification to continue.'
+              : 'Enhance your account security with two-factor authentication.'
+            }
+          </p>
+        </div>
+        <div className={styles.content}>
+          {errorMessage && (
+            <div className={styles.errorMessage}>
+              {errorMessage}
+            </div>
+          )}
+          {!codeSent ? (
+            <div className={styles.phoneStep}>
+              <h3>Step 1: Enter Your Mobile Number</h3>
+              <input
+                type="tel"
+                value={phoneNumber}
+                onChange={(e) => {
+                  setPhoneNumber(e.target.value);
+                  if (errorMessage) setErrorMessage(''); // Clear error on input
+                }}
+                placeholder="ex. +15551234567"
+                className={styles.input}
+                disabled={isLoading}
+              />
+              <p className={styles.note}>
+                We&apos;ll send a verification code to this number.
+              </p>
+              <button
+                onClick={sendVerificationCode}
+                disabled={isLoading || !phoneNumber.trim()}
+                className={styles.primaryButton}
+              >
+                {isLoading ? 'Sending...' : 'Send Verification Code'}
+              </button>
+            </div>
+          ) : (
+            <div className={styles.codeStep}>
+              <h3>Step 2: Enter Verification Code</h3>
+              <p className={styles.note}>
+                Enter the 6-digit code sent to {phoneNumber}
+              </p>
+              <input
+                type="text"
+                value={verificationCode}
+                onChange={(e) => {
+                  setVerificationCode(e.target.value.replace(/\D/g, ''));
+                  if (errorMessage) setErrorMessage(''); // Clear error on input
+                }}
+                placeholder="123456"
+                maxLength={6}
+                className={styles.input}
+                disabled={isLoading}
+              />
+              <div className={styles.buttonGroup}>
+                <button
+                  onClick={enrollMFA}
+                  disabled={isLoading || verificationCode.length !== 6}
+                  className={styles.primaryButton}
+                >
+                  {isLoading ? 'Verifying...' : 'Complete Setup'}
+                </button>
+                <button
+                  onClick={() => {
+                    setCodeSent(false);
+                    setVerificationCode('');
+                    setErrorMessage(''); // Clear errors when changing phone number
+                  }}
+                  disabled={isLoading}
+                  className={styles.secondaryButton}
+                >
+                  Change Phone Number
+                </button>
+                {resendTimer === 0 ? (
+                  <button
+                    onClick={sendVerificationCode}
+                    disabled={isLoading}
+                    className={styles.secondaryButton}
+                  >
+                    Resend Code
+                  </button>
+                ) : (
+                  <p className={styles.resendTimer}>
+                    Resend code in {resendTimer}s
+                  </p>
+                )}
+              </div>
+            </div>
+          )}
+        </div>
+        {!mandatory && (
+          <div className={styles.footer}>
+            <button
+              onClick={handleSkip}
+              disabled={isLoading}
+              className={styles.skipButton}
+            >
+              Skip for now
+            </button>
+          </div>
+        )}
+        <div className={styles.signOutContainer}>
+          <p className={styles.signOutText}>Need to sign in with a different account?</p>
+          <SignOut redirectTo="/" />
+        </div>
+        <div id="recaptcha-container-enrollment" />
+      </div>
+    </div>
+  );
+};