@tahanabavi/typefetch 1.4.1 → 1.5.6

package/dist/index.d.mts

@@ -1,5 +1,36 @@
-import { z } from 'zod';
+import z$1, { z } from 'zod';
 
+type EncryptionMethod = "AES" | "DES" | "RSA" | "Base64" | "Custom";
+type Method = "GET" | "POST" | "PUT" | "PATCH" | "DELETE";
+/**
+ * DeepEncryptionMap<T>
+ * --------------------
+ * Recursively describes which fields should be encrypted/decrypted.
+ * Supports:
+ *   - Primitive fields → boolean | method
+ *   - Objects → recursively typed maps
+ *   - Arrays → mapping applies to element type (U)
+ *   - Array-map override (optional but supported)
+ */
+type DeepEncryptionMap = boolean | EncryptionMethod | {
+    [key: string]: DeepEncryptionMap;
+} | DeepEncryptionMap[];
+/**
+ * EncryptionConfig
+ * ================
+ * Defines the encryption/decryption strategy for an endpoint.
+ * Both request and response maps are strictly typed based on their respective Zod schemas.
+ */
+type EncryptionConfig<TReq, TRes> = {
+    method: EncryptionMethod | {
+        request?: EncryptionMethod;
+        response?: EncryptionMethod;
+    };
+    /** Map of request fields to encrypt before sending to the server */
+    request?: DeepEncryptionMap;
+    /** Map of response fields to decrypt after receiving from the server */
+    response?: DeepEncryptionMap;
+};
 /**
  * Base types for Zod schemas representing request and response structures.
  * These are abstract—each concrete endpoint will define its own Zod object for these.
@@ -18,7 +49,7 @@ type ResponseSchema = z.ZodTypeAny;
  */
 type EndpointDef<TReq extends RequestSchema, TRes extends ResponseSchema> = {
     /** HTTP method used by this endpoint */
-    method: "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
+    method: Method;
     /** URL path for this endpoint, e.g. "/users/:id" */
     path: string;
     /** Whether this endpoint requires an Authorization token */
@@ -33,6 +64,11 @@ type EndpointDef<TReq extends RequestSchema, TRes extends ResponseSchema> = {
      * - Or a static mock response object
      */
     mockData?: (() => z.infer<TRes>) | z.infer<TRes>;
+    /**
+     * Field-level encryption configuration.
+     * Allows selecting specific fields in request/response to be encrypted/decrypted.
+     */
+    encryption?: EncryptionConfig<z.infer<TReq>, z.infer<TRes>>;
     /**
      * Optional custom headers. Can be:
      * - A fixed record of header key/values
@@ -69,14 +105,29 @@ type Contracts = {
         [EndpointName: string]: EndpointDef<RequestSchema, ResponseSchema>;
     };
 };
+/**
+ * Convenience alias that pins both generic types
+ * to `z.ZodTypeAny`, simplifying the contract declarations.
+ */
+type EndpointDefZ = EndpointDef<RequestSchema, ResponseSchema>;
 /**
  * Context passed to all middleware functions.
- * Contains the current request URL and initialization object
- * (headers, method, body, etc.).
+ * Contains the current request URL, initialization object,
+ * and the specific endpoint definition for metadata access.
  */
-interface MiddlewareContext {
+type RequestParts = {
+    path?: Record<string, unknown>;
+    query?: Record<string, unknown>;
+    body?: unknown;
+    headers: Record<string, string>;
+    isStructured: boolean;
+    rawInput?: unknown;
+};
+interface MiddlewareContext<TReq extends RequestSchema = RequestSchema, TRes extends ResponseSchema = ResponseSchema> {
     url: string;
     init: RequestInit;
+    endpoint: EndpointDef<TReq, TRes>;
+    request?: RequestParts;
 }
 /**
  * The `next()` function type signature used inside middleware.
@@ -98,7 +149,7 @@ type MiddlewareNext = () => Promise<Response>;
  *   return res;
  * };
  */
-type Middleware<Options = any> = (ctx: MiddlewareContext, next: MiddlewareNext, options?: Options) => Promise<Response>;
+type Middleware<TReq extends RequestSchema = RequestSchema, TRes extends ResponseSchema = ResponseSchema, Options = any> = (ctx: MiddlewareContext<TReq, TRes>, next: MiddlewareNext, options?: Options) => Promise<Response>;
 /**
  * ErrorLike
  * =========
@@ -111,11 +162,6 @@ type ErrorLike = {
     code?: string;
     [key: string]: any;
 };
-/**
- * Convenience alias that pins both generic types
- * to `z.ZodTypeAny`, simplifying the contract declarations.
- */
-type EndpointDefZ = EndpointDef<RequestSchema, ResponseSchema>;
 /**
  * RequestOptions
  * ==============
@@ -149,10 +195,6 @@ type EndpointMethods<M extends Record<string, EndpointDefZ>> = {
  */
 type TokenProvider = () => string | Promise<string>;
 
-/**
- * A richer extension of the native Error class that captures
- * additional API error details such as HTTP status, code, and field errors.
- */
 declare class RichError extends Error implements ErrorLike {
     status?: number;
     code?: string;
@@ -163,17 +205,6 @@ declare class RichError extends Error implements ErrorLike {
         message: string;
     });
 }
-/**
- * ApiClient
- * =========
- * A robust, strongly-typed HTTP client that automatically builds API endpoint
- * methods from Zod-based contracts, providing:
- * - Input and response validation via Zod
- * - Middleware support
- * - Token-based authentication
- * - Error normalization (RichError)
- * - Optional caching, retries, and mock data
- */
 declare class ApiClient<C extends Contracts, E extends ErrorLike = RichError> {
     private config;
     private contracts;
@@ -196,64 +227,34 @@ declare class ApiClient<C extends Contracts, E extends ErrorLike = RichError> {
             max: number;
         };
     }, contracts: C);
-    /**
-     * Builds all API methods (`modules`) dynamically from the Zod contract definition.
-     * After `init()` is called, each endpoint can be invoked through `client.modules.moduleName.endpointName()`.
-     */
     init(): void;
-    /** Provides access to initialized modules after calling `init()`. */
     get modules(): { [M in keyof C]: EndpointMethods<C[M]>; };
-    /** Registers a new middleware in the client’s pipeline. */
-    use<T>(middleware: Middleware<T>, options?: T): void;
-    /** Sets a global error handler function to unify error behavior. */
+    use<T>(middleware: Middleware<any, any, T>, options?: T): void;
     onError(handler: (error: E) => void): void;
-    /** Defines a global transform function applied to all validated responses. */
     useResponseTransform(fn: (data: any) => any): void;
-    /** Configures the retry logic (max attempts, backoff mode, etc.). */
     setRetryConfig(config: ApiClient<C>["retryConfig"]): void;
-    /** Provides a custom token provider that returns tokens dynamically. */
     setTokenProvider(provider: TokenProvider): void;
-    /** Enables mock responses instead of network requests. */
     setMockMode(enabled: boolean, delay?: {
         min: number;
         max: number;
     }): void;
-    /** Registers a wrapper schema for APIs that nest response data (e.g. `{ data, success, message }`). */
     setResponseWrapper(wrapper: (successResponse: z.ZodTypeAny) => z.ZodTypeAny): void;
-    /** Retrieves the current auth token, using a provider if available. */
     getCurrentToken(): Promise<string | undefined>;
-    /**
-     * Core request entry point used by auto-generated endpoint methods.
-     * Handles caching, deduplication, and mock mode routing.
-     */
     private request;
-    /**
-     * Full HTTP request workflow:
-     * - Token injection
-     * - Timeout support
-     * - Middleware pipeline
-     * - Fetch + response handling
-     * - Zod parsing + transformation
-     * - Caching
-     */
     private performRequestLogic;
-    /** Executes a function with retry logic and configurable backoff strategy. */
     private executeWithRetry;
-    /** Calculates retry delay intervals for various backoff strategies. */
     private getBackoffDelay;
-    /** Builds the final URL and request body from the endpoint definition and input payload. */
     private buildUrlAndBody;
-    /** Creates and returns a RichError from details. */
+    private extractRequestParts;
+    private isStructuredRequestInput;
+    private isObjectRecord;
+    private applyPathParams;
+    private appendQueryParams;
+    private appendQueryValue;
+    private appendFormValue;
+    private normalizeHeaders;
     private createError;
-    /**
-     * Converts any thrown error to a standardized RichError instance.
-     * Also flattens Zod validation errors into readable messages.
-     */
     private normalizeError;
-    /**
-     * Handles mock-mode requests by simulating a delayed network call
-     * and returning validated mock data.
-     */
     private handleMockRequest;
 }
 
@@ -262,7 +263,7 @@ type LoggingOptions = {
     logResponse?: boolean;
     debug?: boolean;
 };
-declare const loggingMiddleware: Middleware<LoggingOptions>;
+declare const loggingMiddleware: Middleware<z$1.ZodTypeAny, z$1.ZodTypeAny, LoggingOptions>;
 
 type RetryOptions = {
     maxRetries?: number;
@@ -317,7 +318,7 @@ type AuthOptions = {
  *   authMiddleware({ refreshToken: tokenSupplier })
  * );
  */
-declare const authMiddleware: Middleware<AuthOptions>;
+declare const authMiddleware: Middleware<z$1.ZodTypeAny, z$1.ZodTypeAny, AuthOptions>;
 
 /**
  * CacheOptions
@@ -365,26 +366,44 @@ type CacheOptions = {
  */
 declare const cacheMiddleware: (options?: CacheOptions) => (ctx: MiddlewareContext, next: MiddlewareNext) => Promise<Response>;
 
-declare const makeRequestSchema: <TPath extends z.ZodRawShape = {}, TQuery extends z.ZodRawShape = {}, TBody extends z.ZodTypeAny = z.ZodUndefined>() => (defs: {
+type SymmetricKeyMaterial = {
+    type: "symmetric";
+    key: string;
+};
+type RSAKeyMaterial = {
+    type: "rsa";
+    publicKey: string;
+    privateKey: string;
+};
+type KeyMaterial = SymmetricKeyMaterial | RSAKeyMaterial;
+type CustomHandlers = {
+    encrypt: (value: string, key: KeyMaterial) => string | Promise<string>;
+    decrypt: (value: string, key: KeyMaterial) => string | Promise<string>;
+};
+interface EncryptionOptions {
+    keyProvider: () => KeyMaterial | Promise<KeyMaterial>;
+    customHandlers?: CustomHandlers;
+    /**
+     * true  = throw when encryption/decryption fails, which avoids leaking plaintext.
+     * false = log and continue/fallback to the original response.
+     * Default: true
+     */
+    failClosed?: boolean;
+}
+declare function processDeep<T = unknown>(data: unknown, map: DeepEncryptionMap | null | undefined, defaultMethod: EncryptionMethod, transform: (value: unknown, method: EncryptionMethod) => Promise<unknown>): Promise<T>;
+declare const encryptionMiddleware: Middleware<z.ZodTypeAny, z.ZodTypeAny, EncryptionOptions>;
+
+type OptionalUndefinedBody<T extends z.ZodTypeAny> = T extends z.ZodUndefined ? z.ZodOptional<T> : T;
+declare const makeRequestSchema: <TPath extends z.ZodRawShape = {}, TQuery extends z.ZodRawShape = {}, TBody extends z.ZodTypeAny = z.ZodUndefined, THeaders extends z.ZodTypeAny = z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>>() => (defs?: {
     path?: z.ZodObject<TPath>;
     query?: z.ZodObject<TQuery>;
     body?: TBody;
-    headers?: z.ZodTypeAny;
+    headers?: THeaders;
 }) => z.ZodObject<{
-    path: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>> | z.ZodOptional<z.ZodObject<TPath, z.UnknownKeysParam, z.ZodTypeAny, z.objectUtil.addQuestionMarks<z.baseObjectOutputType<TPath>, any> extends infer T ? { [k in keyof T]: T[k]; } : never, z.baseObjectInputType<TPath> extends infer T_1 ? { [k_1 in keyof T_1]: T_1[k_1]; } : never>>;
-    query: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>> | z.ZodOptional<z.ZodObject<TQuery, z.UnknownKeysParam, z.ZodTypeAny, z.objectUtil.addQuestionMarks<z.baseObjectOutputType<TQuery>, any> extends infer T_2 ? { [k_2 in keyof T_2]: T_2[k_2]; } : never, z.baseObjectInputType<TQuery> extends infer T_3 ? { [k_3 in keyof T_3]: T_3[k_3]; } : never>>;
-    body: TBody | z.ZodUndefined;
-    headers: any;
-}, "strip", z.ZodTypeAny, z.objectUtil.addQuestionMarks<z.baseObjectOutputType<{
-    path: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>> | z.ZodOptional<z.ZodObject<TPath, z.UnknownKeysParam, z.ZodTypeAny, z.objectUtil.addQuestionMarks<z.baseObjectOutputType<TPath>, any> extends infer T_5 ? { [k in keyof T_5]: T_5[k]; } : never, z.baseObjectInputType<TPath> extends infer T_6 ? { [k_1 in keyof T_6]: T_6[k_1]; } : never>>;
-    query: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>> | z.ZodOptional<z.ZodObject<TQuery, z.UnknownKeysParam, z.ZodTypeAny, z.objectUtil.addQuestionMarks<z.baseObjectOutputType<TQuery>, any> extends infer T_7 ? { [k_2 in keyof T_7]: T_7[k_2]; } : never, z.baseObjectInputType<TQuery> extends infer T_8 ? { [k_3 in keyof T_8]: T_8[k_3]; } : never>>;
-    body: TBody | z.ZodUndefined;
-    headers: any;
-}>, any> extends infer T_4 ? { [k_4 in keyof T_4]: T_4[k_4]; } : never, z.baseObjectInputType<{
-    path: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>> | z.ZodOptional<z.ZodObject<TPath, z.UnknownKeysParam, z.ZodTypeAny, z.objectUtil.addQuestionMarks<z.baseObjectOutputType<TPath>, any> extends infer T_10 ? { [k in keyof T_10]: T_10[k]; } : never, z.baseObjectInputType<TPath> extends infer T_11 ? { [k_1 in keyof T_11]: T_11[k_1]; } : never>>;
-    query: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>> | z.ZodOptional<z.ZodObject<TQuery, z.UnknownKeysParam, z.ZodTypeAny, z.objectUtil.addQuestionMarks<z.baseObjectOutputType<TQuery>, any> extends infer T_12 ? { [k_2 in keyof T_12]: T_12[k_2]; } : never, z.baseObjectInputType<TQuery> extends infer T_13 ? { [k_3 in keyof T_13]: T_13[k_3]; } : never>>;
-    body: TBody | z.ZodUndefined;
-    headers: any;
-}> extends infer T_9 ? { [k_5 in keyof T_9]: T_9[k_5]; } : never>;
+    path: z.ZodOptional<z.ZodObject<TPath, z.core.$strip>>;
+    query: z.ZodOptional<z.ZodObject<TQuery, z.core.$strip>>;
+    body: OptionalUndefinedBody<TBody>;
+    headers: THeaders;
+}, z.core.$strip>;
 
-export { ApiClient, type AuthOptions, type CacheOptions, type Contracts, type EndpointDef, type EndpointDefZ, type EndpointMethods, type ErrorLike, type LoggingOptions, type Middleware, type MiddlewareContext, type MiddlewareNext, type RequestOptions, type RequestSchema, type ResponseSchema, type RetryOptions, RichError, type TokenProvider, authMiddleware, cacheMiddleware, loggingMiddleware, makeRequestSchema, retryMiddleware };
+export { ApiClient, type AuthOptions, type CacheOptions, type Contracts, type DeepEncryptionMap, type EncryptionConfig, type EncryptionMethod, type EncryptionOptions, type EndpointDef, type EndpointDefZ, type EndpointMethods, type ErrorLike, type LoggingOptions, type Method, type Middleware, type MiddlewareContext, type MiddlewareNext, type RequestOptions, type RequestParts, type RequestSchema, type ResponseSchema, type RetryOptions, RichError, type TokenProvider, authMiddleware, cacheMiddleware, encryptionMiddleware, loggingMiddleware, makeRequestSchema, processDeep, retryMiddleware };

package/dist/index.d.ts

@@ -1,5 +1,36 @@
-import { z } from 'zod';
+import z$1, { z } from 'zod';
 
+type EncryptionMethod = "AES" | "DES" | "RSA" | "Base64" | "Custom";
+type Method = "GET" | "POST" | "PUT" | "PATCH" | "DELETE";
+/**
+ * DeepEncryptionMap<T>
+ * --------------------
+ * Recursively describes which fields should be encrypted/decrypted.
+ * Supports:
+ *   - Primitive fields → boolean | method
+ *   - Objects → recursively typed maps
+ *   - Arrays → mapping applies to element type (U)
+ *   - Array-map override (optional but supported)
+ */
+type DeepEncryptionMap = boolean | EncryptionMethod | {
+    [key: string]: DeepEncryptionMap;
+} | DeepEncryptionMap[];
+/**
+ * EncryptionConfig
+ * ================
+ * Defines the encryption/decryption strategy for an endpoint.
+ * Both request and response maps are strictly typed based on their respective Zod schemas.
+ */
+type EncryptionConfig<TReq, TRes> = {
+    method: EncryptionMethod | {
+        request?: EncryptionMethod;
+        response?: EncryptionMethod;
+    };
+    /** Map of request fields to encrypt before sending to the server */
+    request?: DeepEncryptionMap;
+    /** Map of response fields to decrypt after receiving from the server */
+    response?: DeepEncryptionMap;
+};
 /**
  * Base types for Zod schemas representing request and response structures.
  * These are abstract—each concrete endpoint will define its own Zod object for these.
@@ -18,7 +49,7 @@ type ResponseSchema = z.ZodTypeAny;
  */
 type EndpointDef<TReq extends RequestSchema, TRes extends ResponseSchema> = {
     /** HTTP method used by this endpoint */
-    method: "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
+    method: Method;
     /** URL path for this endpoint, e.g. "/users/:id" */
     path: string;
     /** Whether this endpoint requires an Authorization token */
@@ -33,6 +64,11 @@ type EndpointDef<TReq extends RequestSchema, TRes extends ResponseSchema> = {
      * - Or a static mock response object
      */
     mockData?: (() => z.infer<TRes>) | z.infer<TRes>;
+    /**
+     * Field-level encryption configuration.
+     * Allows selecting specific fields in request/response to be encrypted/decrypted.
+     */
+    encryption?: EncryptionConfig<z.infer<TReq>, z.infer<TRes>>;
     /**
      * Optional custom headers. Can be:
      * - A fixed record of header key/values
@@ -69,14 +105,29 @@ type Contracts = {
         [EndpointName: string]: EndpointDef<RequestSchema, ResponseSchema>;
     };
 };
+/**
+ * Convenience alias that pins both generic types
+ * to `z.ZodTypeAny`, simplifying the contract declarations.
+ */
+type EndpointDefZ = EndpointDef<RequestSchema, ResponseSchema>;
 /**
  * Context passed to all middleware functions.
- * Contains the current request URL and initialization object
- * (headers, method, body, etc.).
+ * Contains the current request URL, initialization object,
+ * and the specific endpoint definition for metadata access.
  */
-interface MiddlewareContext {
+type RequestParts = {
+    path?: Record<string, unknown>;
+    query?: Record<string, unknown>;
+    body?: unknown;
+    headers: Record<string, string>;
+    isStructured: boolean;
+    rawInput?: unknown;
+};
+interface MiddlewareContext<TReq extends RequestSchema = RequestSchema, TRes extends ResponseSchema = ResponseSchema> {
     url: string;
     init: RequestInit;
+    endpoint: EndpointDef<TReq, TRes>;
+    request?: RequestParts;
 }
 /**
  * The `next()` function type signature used inside middleware.
@@ -98,7 +149,7 @@ type MiddlewareNext = () => Promise<Response>;
  *   return res;
  * };
  */
-type Middleware<Options = any> = (ctx: MiddlewareContext, next: MiddlewareNext, options?: Options) => Promise<Response>;
+type Middleware<TReq extends RequestSchema = RequestSchema, TRes extends ResponseSchema = ResponseSchema, Options = any> = (ctx: MiddlewareContext<TReq, TRes>, next: MiddlewareNext, options?: Options) => Promise<Response>;
 /**
  * ErrorLike
  * =========
@@ -111,11 +162,6 @@ type ErrorLike = {
     code?: string;
     [key: string]: any;
 };
-/**
- * Convenience alias that pins both generic types
- * to `z.ZodTypeAny`, simplifying the contract declarations.
- */
-type EndpointDefZ = EndpointDef<RequestSchema, ResponseSchema>;
 /**
  * RequestOptions
  * ==============
@@ -149,10 +195,6 @@ type EndpointMethods<M extends Record<string, EndpointDefZ>> = {
  */
 type TokenProvider = () => string | Promise<string>;
 
-/**
- * A richer extension of the native Error class that captures
- * additional API error details such as HTTP status, code, and field errors.
- */
 declare class RichError extends Error implements ErrorLike {
     status?: number;
     code?: string;
@@ -163,17 +205,6 @@ declare class RichError extends Error implements ErrorLike {
         message: string;
     });
 }
-/**
- * ApiClient
- * =========
- * A robust, strongly-typed HTTP client that automatically builds API endpoint
- * methods from Zod-based contracts, providing:
- * - Input and response validation via Zod
- * - Middleware support
- * - Token-based authentication
- * - Error normalization (RichError)
- * - Optional caching, retries, and mock data
- */
 declare class ApiClient<C extends Contracts, E extends ErrorLike = RichError> {
     private config;
     private contracts;
@@ -196,64 +227,34 @@ declare class ApiClient<C extends Contracts, E extends ErrorLike = RichError> {
             max: number;
         };
     }, contracts: C);
-    /**
-     * Builds all API methods (`modules`) dynamically from the Zod contract definition.
-     * After `init()` is called, each endpoint can be invoked through `client.modules.moduleName.endpointName()`.
-     */
     init(): void;
-    /** Provides access to initialized modules after calling `init()`. */
     get modules(): { [M in keyof C]: EndpointMethods<C[M]>; };
-    /** Registers a new middleware in the client’s pipeline. */
-    use<T>(middleware: Middleware<T>, options?: T): void;
-    /** Sets a global error handler function to unify error behavior. */
+    use<T>(middleware: Middleware<any, any, T>, options?: T): void;
     onError(handler: (error: E) => void): void;
-    /** Defines a global transform function applied to all validated responses. */
     useResponseTransform(fn: (data: any) => any): void;
-    /** Configures the retry logic (max attempts, backoff mode, etc.). */
     setRetryConfig(config: ApiClient<C>["retryConfig"]): void;
-    /** Provides a custom token provider that returns tokens dynamically. */
     setTokenProvider(provider: TokenProvider): void;
-    /** Enables mock responses instead of network requests. */
     setMockMode(enabled: boolean, delay?: {
         min: number;
         max: number;
     }): void;
-    /** Registers a wrapper schema for APIs that nest response data (e.g. `{ data, success, message }`). */
     setResponseWrapper(wrapper: (successResponse: z.ZodTypeAny) => z.ZodTypeAny): void;
-    /** Retrieves the current auth token, using a provider if available. */
     getCurrentToken(): Promise<string | undefined>;
-    /**
-     * Core request entry point used by auto-generated endpoint methods.
-     * Handles caching, deduplication, and mock mode routing.
-     */
     private request;
-    /**
-     * Full HTTP request workflow:
-     * - Token injection
-     * - Timeout support
-     * - Middleware pipeline
-     * - Fetch + response handling
-     * - Zod parsing + transformation
-     * - Caching
-     */
     private performRequestLogic;
-    /** Executes a function with retry logic and configurable backoff strategy. */
     private executeWithRetry;
-    /** Calculates retry delay intervals for various backoff strategies. */
     private getBackoffDelay;
-    /** Builds the final URL and request body from the endpoint definition and input payload. */
     private buildUrlAndBody;
-    /** Creates and returns a RichError from details. */
+    private extractRequestParts;
+    private isStructuredRequestInput;
+    private isObjectRecord;
+    private applyPathParams;
+    private appendQueryParams;
+    private appendQueryValue;
+    private appendFormValue;
+    private normalizeHeaders;
     private createError;
-    /**
-     * Converts any thrown error to a standardized RichError instance.
-     * Also flattens Zod validation errors into readable messages.
-     */
     private normalizeError;
-    /**
-     * Handles mock-mode requests by simulating a delayed network call
-     * and returning validated mock data.
-     */
     private handleMockRequest;
 }
 
@@ -262,7 +263,7 @@ type LoggingOptions = {
     logResponse?: boolean;
     debug?: boolean;
 };
-declare const loggingMiddleware: Middleware<LoggingOptions>;
+declare const loggingMiddleware: Middleware<z$1.ZodTypeAny, z$1.ZodTypeAny, LoggingOptions>;
 
 type RetryOptions = {
     maxRetries?: number;
@@ -317,7 +318,7 @@ type AuthOptions = {
  *   authMiddleware({ refreshToken: tokenSupplier })
  * );
  */
-declare const authMiddleware: Middleware<AuthOptions>;
+declare const authMiddleware: Middleware<z$1.ZodTypeAny, z$1.ZodTypeAny, AuthOptions>;
 
 /**
  * CacheOptions
@@ -365,26 +366,44 @@ type CacheOptions = {
  */
 declare const cacheMiddleware: (options?: CacheOptions) => (ctx: MiddlewareContext, next: MiddlewareNext) => Promise<Response>;
 
-declare const makeRequestSchema: <TPath extends z.ZodRawShape = {}, TQuery extends z.ZodRawShape = {}, TBody extends z.ZodTypeAny = z.ZodUndefined>() => (defs: {
+type SymmetricKeyMaterial = {
+    type: "symmetric";
+    key: string;
+};
+type RSAKeyMaterial = {
+    type: "rsa";
+    publicKey: string;
+    privateKey: string;
+};
+type KeyMaterial = SymmetricKeyMaterial | RSAKeyMaterial;
+type CustomHandlers = {
+    encrypt: (value: string, key: KeyMaterial) => string | Promise<string>;
+    decrypt: (value: string, key: KeyMaterial) => string | Promise<string>;
+};
+interface EncryptionOptions {
+    keyProvider: () => KeyMaterial | Promise<KeyMaterial>;
+    customHandlers?: CustomHandlers;
+    /**
+     * true  = throw when encryption/decryption fails, which avoids leaking plaintext.
+     * false = log and continue/fallback to the original response.
+     * Default: true
+     */
+    failClosed?: boolean;
+}
+declare function processDeep<T = unknown>(data: unknown, map: DeepEncryptionMap | null | undefined, defaultMethod: EncryptionMethod, transform: (value: unknown, method: EncryptionMethod) => Promise<unknown>): Promise<T>;
+declare const encryptionMiddleware: Middleware<z.ZodTypeAny, z.ZodTypeAny, EncryptionOptions>;
+
+type OptionalUndefinedBody<T extends z.ZodTypeAny> = T extends z.ZodUndefined ? z.ZodOptional<T> : T;
+declare const makeRequestSchema: <TPath extends z.ZodRawShape = {}, TQuery extends z.ZodRawShape = {}, TBody extends z.ZodTypeAny = z.ZodUndefined, THeaders extends z.ZodTypeAny = z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>>() => (defs?: {
     path?: z.ZodObject<TPath>;
     query?: z.ZodObject<TQuery>;
     body?: TBody;
-    headers?: z.ZodTypeAny;
+    headers?: THeaders;
 }) => z.ZodObject<{
-    path: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>> | z.ZodOptional<z.ZodObject<TPath, z.UnknownKeysParam, z.ZodTypeAny, z.objectUtil.addQuestionMarks<z.baseObjectOutputType<TPath>, any> extends infer T ? { [k in keyof T]: T[k]; } : never, z.baseObjectInputType<TPath> extends infer T_1 ? { [k_1 in keyof T_1]: T_1[k_1]; } : never>>;
-    query: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>> | z.ZodOptional<z.ZodObject<TQuery, z.UnknownKeysParam, z.ZodTypeAny, z.objectUtil.addQuestionMarks<z.baseObjectOutputType<TQuery>, any> extends infer T_2 ? { [k_2 in keyof T_2]: T_2[k_2]; } : never, z.baseObjectInputType<TQuery> extends infer T_3 ? { [k_3 in keyof T_3]: T_3[k_3]; } : never>>;
-    body: TBody | z.ZodUndefined;
-    headers: any;
-}, "strip", z.ZodTypeAny, z.objectUtil.addQuestionMarks<z.baseObjectOutputType<{
-    path: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>> | z.ZodOptional<z.ZodObject<TPath, z.UnknownKeysParam, z.ZodTypeAny, z.objectUtil.addQuestionMarks<z.baseObjectOutputType<TPath>, any> extends infer T_5 ? { [k in keyof T_5]: T_5[k]; } : never, z.baseObjectInputType<TPath> extends infer T_6 ? { [k_1 in keyof T_6]: T_6[k_1]; } : never>>;
-    query: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>> | z.ZodOptional<z.ZodObject<TQuery, z.UnknownKeysParam, z.ZodTypeAny, z.objectUtil.addQuestionMarks<z.baseObjectOutputType<TQuery>, any> extends infer T_7 ? { [k_2 in keyof T_7]: T_7[k_2]; } : never, z.baseObjectInputType<TQuery> extends infer T_8 ? { [k_3 in keyof T_8]: T_8[k_3]; } : never>>;
-    body: TBody | z.ZodUndefined;
-    headers: any;
-}>, any> extends infer T_4 ? { [k_4 in keyof T_4]: T_4[k_4]; } : never, z.baseObjectInputType<{
-    path: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>> | z.ZodOptional<z.ZodObject<TPath, z.UnknownKeysParam, z.ZodTypeAny, z.objectUtil.addQuestionMarks<z.baseObjectOutputType<TPath>, any> extends infer T_10 ? { [k in keyof T_10]: T_10[k]; } : never, z.baseObjectInputType<TPath> extends infer T_11 ? { [k_1 in keyof T_11]: T_11[k_1]; } : never>>;
-    query: z.ZodOptional<z.ZodObject<{}, "strip", z.ZodTypeAny, {}, {}>> | z.ZodOptional<z.ZodObject<TQuery, z.UnknownKeysParam, z.ZodTypeAny, z.objectUtil.addQuestionMarks<z.baseObjectOutputType<TQuery>, any> extends infer T_12 ? { [k_2 in keyof T_12]: T_12[k_2]; } : never, z.baseObjectInputType<TQuery> extends infer T_13 ? { [k_3 in keyof T_13]: T_13[k_3]; } : never>>;
-    body: TBody | z.ZodUndefined;
-    headers: any;
-}> extends infer T_9 ? { [k_5 in keyof T_9]: T_9[k_5]; } : never>;
+    path: z.ZodOptional<z.ZodObject<TPath, z.core.$strip>>;
+    query: z.ZodOptional<z.ZodObject<TQuery, z.core.$strip>>;
+    body: OptionalUndefinedBody<TBody>;
+    headers: THeaders;
+}, z.core.$strip>;
 
-export { ApiClient, type AuthOptions, type CacheOptions, type Contracts, type EndpointDef, type EndpointDefZ, type EndpointMethods, type ErrorLike, type LoggingOptions, type Middleware, type MiddlewareContext, type MiddlewareNext, type RequestOptions, type RequestSchema, type ResponseSchema, type RetryOptions, RichError, type TokenProvider, authMiddleware, cacheMiddleware, loggingMiddleware, makeRequestSchema, retryMiddleware };
+export { ApiClient, type AuthOptions, type CacheOptions, type Contracts, type DeepEncryptionMap, type EncryptionConfig, type EncryptionMethod, type EncryptionOptions, type EndpointDef, type EndpointDefZ, type EndpointMethods, type ErrorLike, type LoggingOptions, type Method, type Middleware, type MiddlewareContext, type MiddlewareNext, type RequestOptions, type RequestParts, type RequestSchema, type ResponseSchema, type RetryOptions, RichError, type TokenProvider, authMiddleware, cacheMiddleware, encryptionMiddleware, loggingMiddleware, makeRequestSchema, processDeep, retryMiddleware };