npm - @tern-secure/types - Versions diffs - 1.0.4 → 1.0.5 - Mend

@tern-secure/types 1.0.4 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/dist/esm/index.js +0 -106
package/dist/esm/index.js.map +1 -1
package/dist/index.d.mts +336 -40
package/dist/index.d.ts +1054 -11
package/dist/index.js +0 -110
package/dist/index.js.map +1 -1
package/package.json +4 -2
package/dist/all.d.ts +0 -105
package/dist/all.d.ts.map +0 -1
package/dist/auth.d.ts +0 -37
package/dist/auth.d.ts.map +0 -1
package/dist/errors.d.ts +0 -66
package/dist/errors.d.ts.map +0 -1
package/dist/index.d.ts.map +0 -1
package/dist/instanceTree.d.ts +0 -140
package/dist/instanceTree.d.ts.map +0 -1
package/dist/redirect.d.ts +0 -8
package/dist/redirect.d.ts.map +0 -1
package/dist/session.d.ts +0 -87
package/dist/session.d.ts.map +0 -1
package/dist/signIn.d.ts +0 -56
package/dist/signIn.d.ts.map +0 -1
package/dist/signUp.d.ts +0 -20
package/dist/signUp.d.ts.map +0 -1
package/dist/ternsecure.d.ts +0 -123
package/dist/ternsecure.d.ts.map +0 -1
package/dist/theme.d.ts +0 -133
package/dist/theme.d.ts.map +0 -1

package/dist/index.d.ts CHANGED Viewed

@@ -1,11 +1,1054 @@
-export * from './all';
-export * from './errors';
-export * from './ternsecure';
-export * from './theme';
-export * from './instanceTree';
-export * from './auth';
-export * from './signIn';
-export * from './signUp';
-export * from './session';
-export * from './redirect';
-//# sourceMappingURL=index.d.ts.map
+/**
+ * TernSecure User
+ */
+interface IdTokenResult {
+    authTime: string;
+    expirationTime: string;
+    issuedAtTime: string;
+    signInProvider: string | null;
+    signInSecondFactor: string | null;
+    token: string;
+    claims: Record<string, any>;
+}
+interface UserInfo {
+    displayName: string | null;
+    email: string | null;
+    phoneNumber: string | null;
+    photoURL: string | null;
+    providerId: string;
+    uid: string;
+}
+interface TernSecureUser extends UserInfo {
+    emailVerified: boolean;
+    isAnonymous: boolean;
+    metadata: {
+        creationTime?: string;
+        lastSignInTime?: string;
+    };
+    providerData: UserInfo[];
+    refreshToken: string;
+    tenantId: string | null;
+    delete(): Promise<void>;
+    getIdToken(forceRefresh?: boolean): Promise<string>;
+    getIdTokenResult(forceRefresh?: boolean): Promise<IdTokenResult>;
+    reload(): Promise<void>;
+    toJSON(): object;
+}
+type TernSecureUserData = {
+    uid: string;
+    email: string | null;
+    emailVerified?: boolean;
+    displayName?: string | null;
+};
+/**
+ * TernSecure Firebase configuration interface
+ * Extends Firebase's base configuration options
+ */
+interface TernSecureConfig {
+    apiKey: string;
+    authDomain: string;
+    projectId: string;
+    storageBucket: string;
+    messagingSenderId: string;
+    appId: string;
+    measurementId?: string;
+    appName?: string;
+    tenantId?: string;
+}
+/**
+ * Configuration validation result
+ */
+interface ConfigValidationResult {
+    isValid: boolean;
+    errors: string[];
+    config: TernSecureConfig;
+}
+/**
+ * TernSecure initialization options
+ */
+interface TernSecureOptions {
+    /** Environment setting for different configurations */
+    environment?: 'development' | 'production';
+    /** Geographic region for data storage */
+    region?: string;
+    /** Custom error handler */
+    onError?: (error: Error) => void;
+    /** Debug mode flag */
+    debug?: boolean;
+}
+/**
+ * Firebase initialization state
+ */
+interface FirebaseState {
+    /** Whether Firebase has been initialized */
+    initialized: boolean;
+    /** Any initialization errors */
+    error: Error | null;
+    /** Timestamp of last initialization attempt */
+    lastInitAttempt?: number;
+}
+/**
+ * Firebase Admin configuration interface
+ */
+interface TernSecureAdminConfig {
+    projectId: string;
+    clientEmail: string;
+    privateKey: string;
+}
+/**
+ * Firebase Server configuration interface
+ */
+interface TernSecureServerConfig {
+    apiKey: string;
+}
+/**
+ * Firebase Admin configuration validation result
+ */
+interface AdminConfigValidationResult {
+    isValid: boolean;
+    errors: string[];
+    config: TernSecureAdminConfig;
+}
+/**
+ * Firebase Server configuration validation result
+ */
+interface ServerConfigValidationResult {
+    isValid: boolean;
+    errors: string[];
+    config: TernSecureServerConfig;
+}
+type InstanceType = 'production' | 'development';
+interface TernSecureAPIError {
+    code: string;
+    message: string;
+}
+interface CookieStore {
+    get(name: string): Promise<{
+        value: string | undefined;
+    }>;
+    set(name: string, value: string, options: CookieOptions): Promise<void>;
+    delete(name: string): Promise<void>;
+}
+interface CookieOptions {
+    maxAge?: number;
+    httpOnly?: boolean;
+    secure?: boolean;
+    sameSite?: 'strict' | 'lax' | 'none';
+    path?: string;
+}
+type AuthErrorCode = keyof typeof ERRORS;
+type ErrorCode = keyof typeof ERRORS;
+declare const ERRORS: {
+    readonly SERVER_SIDE_INITIALIZATION: "TernSecure must be initialized on the client side";
+    readonly REQUIRES_VERIFICATION: "AUTH_REQUIRES_VERIFICATION";
+    readonly AUTHENTICATED: "AUTHENTICATED";
+    readonly UNAUTHENTICATED: "UNAUTHENTICATED";
+    readonly UNVERIFIED: "UNVERIFIED";
+    readonly NOT_INITIALIZED: "TernSecure services are not initialized. Call initializeTernSecure() first";
+    readonly HOOK_CONTEXT: "Hook must be used within TernSecureProvider";
+    readonly EMAIL_NOT_VERIFIED: "EMAIL_NOT_VERIFIED";
+    readonly INVALID_CREDENTIALS: "INVALID_CREDENTIALS";
+    readonly USER_DISABLED: "USER_DISABLED";
+    readonly TOO_MANY_ATTEMPTS: "TOO_MANY_ATTEMPTS";
+    readonly NETWORK_ERROR: "NETWORK_ERROR";
+    readonly INVALID_EMAIL: "INVALID_EMAIL";
+    readonly WEAK_PASSWORD: "WEAK_PASSWORD";
+    readonly EMAIL_EXISTS: "EMAIL_EXISTS";
+    readonly POPUP_BLOCKED: "POPUP_BLOCKED";
+    readonly OPERATION_NOT_ALLOWED: "OPERATION_NOT_ALLOWED";
+    readonly EXPIRED_TOKEN: "EXPIRED_TOKEN";
+    readonly INVALID_TOKEN: "INVALID_TOKEN";
+    readonly SESSION_EXPIRED: "SESSION_EXPIRED";
+    readonly INTERNAL_ERROR: "INTERNAL_ERROR";
+    readonly UNKNOWN_ERROR: "An unknown error occurred.";
+    readonly INVALID_ARGUMENT: "Invalid argument provided.";
+    readonly USER_NOT_FOUND: "auth/user-not-found";
+    readonly WRONG_PASSWORD: "auth/wrong-password";
+    readonly EMAIL_ALREADY_IN_USE: "auth/email-already-in-use";
+    readonly REQUIRES_RECENT_LOGIN: "auth/requires-recent-login";
+    readonly NO_SESSION_COOKIE: "No session cookie found.";
+    readonly INVALID_SESSION_COOKIE: "Invalid session cookie.";
+    readonly NO_ID_TOKEN: "No ID token found.";
+    readonly INVALID_ID_TOKEN: "Invalid ID token.";
+    readonly REDIRECT_LOOP: "Redirect loop detected.";
+};
+/**
+ * Defines the basic structure for color theming.
+ */
+interface ThemeColors {
+    primary?: string;
+    secondary?: string;
+    accent?: string;
+    background?: string;
+    text?: string;
+    error?: string;
+    success?: string;
+}
+/**
+ * Defines the basic structure for font theming.
+ */
+interface ThemeFonts {
+    primary?: string;
+    secondary?: string;
+}
+/**
+ * Defines the basic structure for spacing and layout theming.
+ */
+interface ThemeSpacing {
+    small?: string | number;
+    medium?: string | number;
+    large?: string | number;
+}
+/**
+ * Defines the basic structure for border radius theming.
+ */
+interface ThemeBorderRadius {
+    small?: string | number;
+    medium?: string | number;
+    large?: string | number;
+}
+/**
+ * Allows for overriding styles of specific UI components.
+ * Properties can be CSS-in-JS objects or class names, depending on implementation.
+ */
+interface ThemeComponentStyles {
+    button?: Record<string, any> | string;
+    input?: Record<string, any> | string;
+    card?: Record<string, any> | string;
+    label?: Record<string, any> | string;
+}
+/**
+ * Defines the overall appearance/theme configuration.
+ * This allows for broad customization of the UI components.
+ */
+interface Appearance {
+    colors?: ThemeColors;
+    fonts?: ThemeFonts;
+    spacing?: ThemeSpacing;
+    borderRadius?: ThemeBorderRadius;
+    componentStyles?: ThemeComponentStyles;
+    variables?: Record<string, string | number>;
+}
+/**
+ * Base UI configuration shared between SignIn and SignUp
+ */
+interface BaseAuthUIConfig {
+    /** Visual appearance configuration */
+    appearance?: Appearance;
+    /** Application logo URL or SVG string */
+    logo?: string;
+    /** Application name for display */
+    appName?: string;
+    /** Render mode for cross-platform support */
+    renderMode?: 'modal' | 'page' | 'embedded';
+    /** Layout direction */
+    layout?: 'vertical' | 'horizontal';
+    /** Custom loading message */
+    loadingMessage?: string;
+    /** Loading spinner variant */
+    loadingSpinnerVariant?: 'circular' | 'linear' | 'dots';
+    /** Accessibility configuration */
+    a11y?: {
+        /** ARIA labels and descriptions */
+        labels?: Record<string, string>;
+        /** Element to receive initial focus */
+        initialFocus?: string;
+        /** Whether to trap focus within the auth UI */
+        trapFocus?: boolean;
+    };
+}
+/**
+ * Sign-in specific UI configuration
+ */
+interface SignInUIConfig extends BaseAuthUIConfig {
+    /** Social sign-in buttons configuration */
+    socialButtons?: {
+        google?: boolean;
+        microsoft?: boolean;
+        github?: boolean;
+        facebook?: boolean;
+        twitter?: boolean;
+        apple?: boolean;
+        linkedin?: boolean;
+        layout?: 'vertical' | 'horizontal';
+        size?: 'small' | 'medium' | 'large';
+    };
+    /** "Remember me" checkbox configuration */
+    rememberMe?: {
+        enabled?: boolean;
+        defaultChecked?: boolean;
+    };
+    /** Sign-up link configuration */
+    signUpLink?: {
+        enabled?: boolean;
+        text?: string;
+        href?: string;
+    };
+}
+/**
+ * Sign-up specific UI configuration
+ */
+interface SignUpUIConfig extends BaseAuthUIConfig {
+    /** Password requirements display configuration */
+    passwordRequirements?: {
+        show?: boolean;
+        rules?: Array<{
+            rule: string;
+            description: string;
+        }>;
+    };
+    /** Terms and conditions configuration */
+    terms?: {
+        enabled?: boolean;
+        text?: string;
+        link?: string;
+    };
+}
+interface TernSecureSession {
+    token: string | null;
+    expiresAt?: number;
+}
+type SignInFormValues = {
+    email: string;
+    password: string;
+    phoneNumber?: string;
+};
+type SignInInitialValue = Partial<SignInFormValues>;
+type SignUpFormValues = {
+    email: string;
+    password: string;
+    confirmPassword?: string;
+    displayName?: string;
+};
+type SignUpInitialValue = Partial<SignUpFormValues>;
+interface SignInResponse {
+    success: boolean;
+    message?: string;
+    error?: any | undefined;
+    user?: any;
+}
+interface AuthError extends Error {
+    code?: any | string;
+    message: string;
+    response?: SignInResponse;
+}
+declare function isSignInResponse(value: any): value is SignInResponse;
+interface AuthActions {
+    signInWithEmail: (email: string, password: string) => Promise<SignInResponse>;
+    signInWithGoogle: () => Promise<void>;
+    signInWithMicrosoft: () => Promise<void>;
+    signOut: () => Promise<void>;
+    getRedirectResult: () => Promise<any>;
+    getIdToken: () => Promise<string | null>;
+    createUserWithEmailAndPassword?: (email: string, password: string) => Promise<SignInResponse>;
+    sendEmailVerification?: (user: TernSecureUser) => Promise<void>;
+}
+interface RedirectConfig {
+    redirectUrl?: string;
+    isReturn?: boolean;
+    priority?: number;
+}
+interface SignInProps extends RedirectConfig {
+    initialValue?: SignInInitialValue;
+    logo?: string;
+    appName?: string;
+    appearance?: Appearance;
+    onError?: (error: AuthError) => void;
+    onSuccess?: (user: TernSecureUser | null) => void;
+}
+/**
+ * SignUpProps interface defines the properties for the sign-up component.
+ * It extends RedirectConfig to include redirect-related properties.
+ */
+interface SignUpProps extends RedirectConfig {
+    initialValue?: SignUpInitialValue;
+    logo?: string;
+    appName?: string;
+    appearance?: Appearance;
+    onError?: (error: AuthError) => void;
+    onSuccess?: (user: TernSecureUser | null) => void;
+}
+/**
+ * Defines the contract for a TernSecure instance.
+ * This instance provides authentication state, user information, and methods
+ * for managing the authentication lifecycle. It is designed to be used by
+ * UI packages like tern-ui, which act as "dumb" renderers.
+ */
+interface TernSecureInstanceOld {
+    /** Indicates if the user is currently signed in. */
+    isSignedIn: () => boolean;
+    /** The current authenticated user object, or null if not signed in. */
+    user: TernSecureUser | null;
+    /** The current user session information, or null if not signed in. */
+    session: TernSecureSession | null;
+    /** Initiates the sign-out process for the current user. */
+    signOut: () => Promise<void>;
+    /**
+     * Prepares or signals to mount the sign-in interface.
+     * @param options Optional configuration or initial state for the sign-in UI, conforming to SignInProps.
+     */
+    mountSignIn: (options?: SignInProps) => void;
+    /** Cleans up or signals to unmount the sign-in interface. */
+    unmountSignIn: () => void;
+    /**
+     * Prepares or signals to mount the sign-up interface.
+     * @param options Optional configuration or initial state for the sign-up UI, conforming to SignUpProps.
+     */
+    mountSignUp: (options?: SignUpProps) => void;
+    /** Cleans up or signals to unmount the sign-up interface. */
+    unmountSignUp: () => void;
+    /**
+     * Determines if a redirect is necessary based on the current authentication
+     * state and the given path.
+     * @param currentPath The current URL path.
+     * @returns True if a redirect is needed, false otherwise, or a string path to redirect to.
+     */
+    shouldRedirect: (currentPath: string) => boolean | string;
+    /**
+     * Constructs a URL, appending necessary redirect parameters.
+     * Useful for redirecting back to the original page after authentication.
+     * @param baseUrl The base URL to which redirect parameters should be added.
+     * @returns The new URL string with redirect parameters.
+     */
+    constructUrlWithRedirect: (baseUrl: string) => string;
+    /**
+     * Redirects the user to the configured login page.
+     * @param redirectUrl Optional URL to redirect to after successful login.
+     */
+    redirectToLogin: (redirectUrl?: string) => void;
+    /** Indicates if an authentication operation is currently in progress. */
+    isLoading: boolean;
+    /** Holds any error that occurred during an authentication operation, or null otherwise. */
+    error: Error | null;
+    /** Indicates if the user has verified their email address. */
+    sendVerificationEmail: () => Promise<void>;
+}
+type SessionStatus = 'active' | 'expired' | 'revoked' | 'pending';
+/**
+ * parsed can be replaced with
+ */
+interface ParsedToken {
+    /** Expiration time of the token. */
+    'exp'?: string;
+    /** UID of the user. */
+    'sub'?: string;
+    /** Time at which authentication was performed. */
+    'auth_time'?: string;
+    /** Issuance time of the token. */
+    'iat'?: string;
+    /** Firebase specific claims, containing the provider(s) used to authenticate the user. */
+    'firebase'?: {
+        'sign_in_provider'?: string;
+        'sign_in_second_factor'?: string;
+        'identities'?: Record<string, string>;
+    };
+    /** Map of any additional custom claims. */
+    [key: string]: unknown;
+}
+/**
+ * Core properties for any session that is or was authenticated.
+ * These properties are guaranteed to exist for active, expired, or revoked sessions.
+ */
+interface AuthenticatedSessionBase {
+    /** The Firebase Auth ID token JWT string. */
+    token: string;
+    /** The ID token expiration time (e.g., UTC string or Unix timestamp). */
+    expirationTime: string;
+    /** The ID token issuance time. */
+    issuedAtTime: string;
+    /** Time at which authentication was performed (from token claims). */
+    authTime: string;
+    /**
+    * The entire payload claims of the ID token including the standard reserved claims
+    * as well as custom claims.
+    */
+    claims: ParsedToken;
+    /**
+    * Time the user last signed in.
+    * This could be from Firebase User metadata or persisted by TernSecure.
+    */
+    lastSignedAt?: number;
+    /** signInProvider */
+    signInProvider: string;
+}
+/**
+ * Represents a session when the user is authenticated and the token is considered active.
+ */
+interface ActiveSession extends AuthenticatedSessionBase {
+    status: 'active';
+    user?: TernSecureUser;
+}
+/**
+ * Represents a session when the user was authenticated, but the token has expired.
+ */
+interface ExpiredSession extends AuthenticatedSessionBase {
+    status: 'expired';
+    user?: TernSecureUser;
+}
+/**
+ * Represents a session that is awaiting some action.
+ */
+interface PendingSession extends AuthenticatedSessionBase {
+    status: 'pending';
+    user?: TernSecureUser;
+}
+/**
+ * Defines the possible states of a user's session within TernSecure.
+ * This is a discriminated union based on the `status` property.
+ * The actual `TernSecureUser` (Firebase User object) is typically stored separately,
+ * for example, in `TernSecureInstanceTree.auth.user`.
+ */
+type TernSecureSessionTree = ActiveSession | ExpiredSession;
+type SignedInSession = ActiveSession | PendingSession | ExpiredSession;
+interface SessionParams {
+    idToken: string;
+    csrfToken?: string;
+}
+interface SessionResult {
+    success: boolean;
+    message: string;
+    expiresIn?: number;
+    error?: string;
+    cookieSet?: boolean;
+}
+type SignInStatus = 'idle' | 'pending_email_password' | 'pending_social' | 'pending_mfa' | 'redirecting' | 'success' | 'error';
+type SignInFormValuesTree = {
+    email: string;
+    password: string;
+    phoneNumber?: string;
+};
+interface AuthErrorResponse {
+    success: false;
+    message: string;
+    code: ErrorCode;
+}
+interface AuthErrorTree extends Error {
+    code?: any | string;
+    message: string;
+    response?: any | string;
+}
+interface SignInResponseTree {
+    success: boolean;
+    message?: string;
+    error?: any | undefined;
+    user?: any;
+}
+type SignInInitialValueTree = Partial<SignInFormValuesTree>;
+interface ResendEmailVerification extends SignInResponseTree {
+    isVerified?: boolean;
+}
+declare function isSignInResponseTree(value: any): value is SignInResponseTree;
+interface SignInResource {
+    /**
+     * The current status of the sign-in process.
+     */
+    status?: SignInStatus;
+    /**
+     * Signs in a user with their email and password.
+     * @param params - The sign-in form values.
+     * @returns A promise that resolves with the sign-in response.
+     */
+    withEmailAndPassword: (params: SignInFormValuesTree) => Promise<SignInResponseTree>;
+    /**
+     * @param provider - The identifier of the social provider (e.g., 'google', 'microsoft', 'github').
+     * @param options - Optional configuration for the social sign-in flow.
+     * @returns A promise that resolves with the sign-in response or void if redirecting.
+     */
+    withSocialProvider: (provider: string, options?: {
+        mode?: 'popup' | 'redirect';
+    }) => Promise<SignInResponseTree | void>;
+    /**
+     * Completes an MFA (Multi-Factor Authentication) step after a primary authentication attempt.
+     * @param mfaToken - The MFA token or code submitted by the user.
+     * @param mfaContext - Optional context or session data from the MFA initiation step.
+     * @returns A promise that resolves with the sign-in response upon successful MFA verification.
+     */
+    completeMfaSignIn: (mfaToken: string, mfaContext?: any) => Promise<SignInResponseTree>;
+    /**
+     * Sends a password reset email to the given email address.
+     * @param email - The user's email address.
+     * @returns A promise that resolves when the email is sent.
+     */
+    sendPasswordResetEmail: (email: string) => Promise<void>;
+    /**
+     * Resends the email verification link to the user's email address.
+     * @returns A promise that resolves with the sign-in response.
+     */
+    resendEmailVerification: () => Promise<ResendEmailVerification>;
+    /**
+     * Checks the result of a redirect-based sign-in flow, typically used in OAuth or SSO scenarios.
+     * @returns A promise that resolves with the sign-in response or null if no result is available.
+     */
+    checkRedirectResult: () => Promise<SignInResponseTree | null>;
+}
+interface SignUpResource {
+    status?: SignUpStatus | null;
+    username?: string | null;
+    firstName?: string | null;
+    lastName?: string | null;
+    displayName?: string | null;
+    email: string | null;
+    phoneNumber?: string | null;
+    /**
+     * @param provider - The identifier of the social provider (e.g., 'google', 'microsoft', 'github').
+     * @param options - Optional configuration for the social sign-in flow.
+     * @returns A promise that resolves with the sign-in response or void if redirecting.
+     */
+    withSocialProvider: (provider: string, options?: {
+        mode?: 'popup' | 'redirect';
+    }) => Promise<SignInResponseTree | void>;
+}
+type SignUpStatus = 'missing_requirements' | 'complete' | 'abandoned';
+interface FirebaseClaims {
+    identities: {
+        [key: string]: unknown;
+    };
+    sign_in_provider: string;
+    sign_in_second_factor?: string;
+    second_factor_identifier?: string;
+    tenant?: string;
+    [key: string]: unknown;
+}
+interface DecodedIdToken {
+    aud: string;
+    auth_time: number;
+    email?: string;
+    email_verified?: boolean;
+    exp: number;
+    firebase: FirebaseClaims;
+    iat: number;
+    iss: string;
+    phone_number?: string;
+    picture?: string;
+    sub: string;
+    uid: string;
+    [key: string]: any;
+}
+interface VerifiedTokens {
+    IdToken: string;
+    DecodedIdToken: DecodedIdToken;
+}
+interface JWTProtectedHeader {
+    alg?: string;
+    kid?: string;
+    x5t?: string;
+    x5c?: string[];
+    x5u?: string;
+    jku?: string;
+    typ?: string;
+    cty?: string;
+    crit?: string[];
+    b64?: boolean;
+    enc?: string;
+    [propName: string]: unknown;
+}
+interface JWTPayload {
+    iss?: string;
+    sub?: string;
+    aud?: string | string[];
+    jti?: string;
+    nbf?: number;
+    exp?: number;
+    iat?: number;
+    [propName: string]: unknown;
+}
+type Jwt = {
+    header: JWTProtectedHeader;
+    payload: JWTPayload;
+    signature: Uint8Array;
+    raw: {
+        header: string;
+        payload: string;
+        signature: string;
+        text: string;
+    };
+};
+type SignInRedirectUrl = {
+    signInForceRedirectUrl?: string | null;
+};
+type SignUpRedirectUrl = {
+    signUpForceRedirectUrl?: string | null;
+};
+type AfterSignOutUrl = {
+    afterSignOutUrl?: string | null;
+};
+type RedirectOptions = SignInRedirectUrl | SignUpRedirectUrl;
+interface InitialState {
+    userId: string | null;
+    token: any | null;
+    email: string | null;
+    user?: TernSecureUser | null;
+}
+interface TernSecureState {
+    userId: string | null;
+    isLoaded: boolean;
+    error: Error | null;
+    isValid: boolean;
+    isVerified: boolean;
+    isAuthenticated: boolean;
+    token: any | null;
+    email: string | null;
+    status: "loading" | "authenticated" | "unauthenticated" | "unverified";
+    user?: TernSecureUser | null;
+}
+type AuthProviderStatus = "idle" | "pending" | "error" | "success";
+declare const DEFAULT_TERN_SECURE_STATE: TernSecureState;
+interface TernSecureAuthProvider {
+    /** Current auth state */
+    internalAuthState: TernSecureState;
+    /** Current user*/
+    ternSecureUser(): TernSecureUser | null;
+    /** AuthCookie Manager */
+    authCookieManager(): void;
+    /** Current session */
+    currentSession: SignedInSession | null;
+    /** Sign in resource for authentication operations */
+    signIn: SignInResource | undefined;
+    /** SignUp resource for authentication operations */
+    signUp: SignUpResource | undefined;
+    /** The Firebase configuration used by this TernAuth instance. */
+    ternSecureConfig?: TernSecureConfig;
+    /** Sign out the current user */
+    signOut(): Promise<void>;
+}
+type Persistence = "local" | "session" | "browserCookie" | "none";
+type Mode$1 = "browser" | "server";
+type TernAuthSDK = {
+    /** SDK package name (e.g., @tern-secure/auth) */
+    name: string;
+    /** SDK version (e.g., 1.2.3) */
+    version: string;
+    /** Build environment (development, production, test) */
+    environment?: string;
+    /** Build date as ISO string */
+    buildDate?: string;
+    /** Additional build metadata */
+    buildInfo?: {
+        name: string;
+        version: string;
+        buildDate: string;
+        buildEnv: string;
+    };
+};
+interface TernSecureResources {
+    user?: TernSecureUser | null;
+    session?: SignedInSession | null;
+}
+type TernSecureAuthOptions = {
+    apiUrl?: string;
+    sdkMetadata?: TernAuthSDK;
+    signInUrl?: string;
+    signUpUrl?: string;
+    mode?: Mode$1;
+    requiresVerification?: boolean;
+    isTernSecureDev?: boolean;
+    ternSecureConfig?: TernSecureConfig;
+    persistence?: Persistence;
+    enableServiceWorker?: boolean;
+} & SignInRedirectUrl & SignUpRedirectUrl & AfterSignOutUrl;
+type TernAuthListenerEventPayload = {
+    authStateChanged: TernSecureState;
+    userChanged: TernSecureUser;
+    sessionChanged: SignedInSession | null;
+    tokenRefreshed: string | null;
+};
+type TernAuthListenerEvent = keyof TernAuthListenerEventPayload;
+type ListenerCallback = (emission: TernSecureResources) => void;
+type UnsubscribeCallback = () => void;
+type TernSecureEvent = keyof TernAuthEventPayload;
+type EventHandler<Events extends TernSecureEvent> = (payload: TernAuthEventPayload[Events]) => void;
+type TernAuthEventPayload = {
+    status: TernSecureAuthStatus;
+};
+type TernSecureAuthStatus = "error" | "loading" | "ready";
+type onEventListener = <E extends TernSecureEvent>(event: E, handler: EventHandler<E>, opt?: {
+    notify?: boolean;
+}) => void;
+type OffEventListener = <E extends TernSecureEvent>(event: E, handler: EventHandler<E>) => void;
+type SignOutOptions = {
+    /** URL to redirect to after sign out */
+    redirectUrl?: string;
+    /** Callback to perform consumer-specific cleanup (e.g., delete session cookies) */
+    onBeforeSignOut?: () => Promise<void> | void;
+    /** Callback executed after successful sign out */
+    onAfterSignOut?: () => Promise<void> | void;
+};
+interface SignOut {
+    (options?: SignOutOptions): Promise<void>;
+}
+interface TernSecureAuth {
+    /** TernSecureAuth SDK version number */
+    version: string | undefined;
+    /** Metadata about the SDK instance */
+    sdkMetadata: TernAuthSDK | undefined;
+    /** Indicates if the TernSecureAuth instance is currently loading */
+    isLoading: boolean;
+    /** The current status of the TernSecureAuth instance */
+    status: TernSecureAuthStatus;
+    /** TernSecure API URL */
+    apiUrl: string;
+    /** TernSecure domain for API string */
+    domain: string;
+    /** TernSecure Proxy url */
+    proxyUrl?: string;
+    /** TernSecure Instance type */
+    instanceType: InstanceType | undefined;
+    /** Indicates if the TernSecureAuth instance is ready for use */
+    isReady: boolean;
+    /** Requires Verification */
+    requiresVerification: boolean;
+    /** Initialize TernSecureAuth */
+    initialize(options?: TernSecureAuthOptions): Promise<void>;
+    /** Current user*/
+    user: TernSecureUser | null | undefined;
+    /** Current session */
+    currentSession: SignedInSession | null;
+    /** Sign in resource for authentication operations */
+    signIn: SignInResource | undefined | null;
+    /** SignUp resource for authentication operations */
+    signUp: SignUpResource | undefined | null;
+    /** The Firebase configuration used by this TernAuth instance. */
+    ternSecureConfig?: TernSecureConfig;
+    /** Subscribe to auth state changes */
+    onAuthStateChanged(callback: (cb: any) => void): () => void;
+    /** Sign out the current user */
+    signOut: SignOut;
+    /** Subscribe to a single event */
+    on: onEventListener;
+    /** Remove event listener */
+    off: OffEventListener;
+    addListener: (callback: ListenerCallback) => UnsubscribeCallback;
+}
+interface TernSecureAuthFactory {
+    create(options?: TernSecureAuthOptions): TernSecureAuth;
+}
+type SharedSignInAuthObjectProperties = {
+    session: DecodedIdToken;
+    userId: string;
+};
+type CheckCustomClaims = {
+    role?: string | string[];
+    permissions?: string | string[];
+    [key: string]: any;
+};
+type CheckAuthorizationFromSessionClaims = (isAuthorizedParams: CheckCustomClaims) => boolean;
+type TernVerificationResult = (DecodedIdToken & {
+    valid: true;
+    token?: string;
+    error?: never;
+}) | {
+    valid: false;
+    error: AuthErrorResponse;
+};
+type Mode = 'browser' | 'server';
+type TernSecureSDK = {
+    /** SDK package name (e.g., @tern-secure/ui) */
+    name: string;
+    /** SDK version (e.g., 1.2.3) */
+    version: string;
+    /** Build environment (development, production, test) */
+    environment?: string;
+    /** Build date as ISO string */
+    buildDate?: string;
+    /** Additional build metadata */
+    buildInfo?: {
+        name: string;
+        version: string;
+        buildDate: string;
+        buildEnv: string;
+    };
+};
+type SignOutOptionsTree = {
+    /** URL to redirect to after sign out */
+    redirectUrl?: string;
+    /** Callback to perform consumer-specific cleanup (e.g., delete session cookies) */
+    onBeforeSignOut?: () => Promise<void> | void;
+    /** Callback executed after successful sign out */
+    onAfterSignOut?: () => Promise<void> | void;
+};
+type TernSecureInstanceTreeOptions = {
+    sdkMetadata?: TernSecureSDK;
+    initialSession?: TernSecureSessionTree | null;
+    defaultAppearance?: Appearance;
+    signInUrl?: string;
+    signUpUrl?: string;
+    mode?: Mode;
+    onAuthStateChanged?: (user: TernSecureUser | null) => void;
+    onError?: (error: AuthErrorTree) => void;
+    requiresVerification?: boolean;
+    isTernSecureDev?: boolean;
+    ternSecureConfig?: TernSecureConfig;
+    enableServiceWorker?: boolean;
+} & SignInRedirectUrl & SignUpRedirectUrl & AfterSignOutUrl;
+type TernSecureInstanceTreeStatus = 'error' | 'loading' | 'ready';
+/**
+ * Instance interface for managing auth UI state
+ */
+interface TernSecureInstanceTree {
+    version: string | undefined;
+    sdkMetadata: TernSecureSDK | undefined;
+    customDomain?: string;
+    proxyUrl?: string;
+    apiKey?: string;
+    projectId?: string;
+    environment?: string | undefined;
+    mode?: Mode;
+    isReady: boolean;
+    status: TernSecureInstanceTreeStatus;
+    isVisible: boolean;
+    currentView: 'signIn' | 'signUp' | 'verify' | null;
+    isLoading: boolean;
+    error: Error | null;
+    requiresVerification: boolean;
+    /** Authentication State */
+    auth: {
+        /** Current authenticated user */
+        user: TernSecureUser | null;
+        /** Current session information */
+        session: SignedInSession | null;
+    };
+    /** Core Authentication Methods */
+    ternAuth: TernSecureAuthProvider | undefined;
+    /** Sign out current user with optional cleanup */
+    signOut: (options?: SignOutOptionsTree) => Promise<void>;
+    showSignIn: (targetNode: HTMLDivElement, config?: SignInPropsTree) => void;
+    hideSignIn: (targetNode: HTMLDivElement) => void;
+    showSignUp: (targetNode: HTMLDivElement, config?: SignUpPropsTree) => void;
+    hideSignUp: (targetNode: HTMLDivElement) => void;
+    showUserButton: (targetNode: HTMLDivElement) => void;
+    hideUserButton: (targetNode: HTMLDivElement) => void;
+    clearError: () => void;
+    setLoading: (isLoading: boolean) => void;
+    /** Get redirect result from OAuth flows */
+    getRedirectResult: () => Promise<any>;
+    /** Check if redirect is needed */
+    shouldRedirect: (currentPath: string) => boolean | string;
+    /** Construct URL with redirect parameters */
+    constructUrlWithAuthRedirect: (to: string) => string;
+    /** Navigate to SignIn page */
+    redirectToSignIn(options?: SignInRedirectOptions): Promise<unknown>;
+    /** Navigate to SignUp page */
+    redirectToSignUp(options?: SignUpRedirectOptions): Promise<unknown>;
+    redirectAfterSignIn: () => void;
+    redirectAfterSignUp: () => void;
+    /** Error and Event Handling */
+    events: {
+        /** Subscribe to auth state changes */
+        onAuthStateChanged: (callback: (authState: TernSecureState) => void) => () => void;
+        /** Subscribe to error events */
+        onError: (callback: (error: AuthErrorTree) => void) => () => void;
+        /** Status */
+        onStatusChanged: (callback: (status: TernSecureInstanceTreeStatus) => void) => () => void;
+    };
+}
+/**
+ * Instance interface for managing auth UI state
+ */
+interface TernSecureInstance {
+    customDomain?: string;
+    proxyUrl?: string;
+    apiKey?: string;
+    projectId?: string;
+    environment?: string | undefined;
+    mode?: Mode;
+    isReady: boolean;
+    isLoading: boolean;
+    error: Error | null;
+    requiresVerification: boolean;
+    /** Sign out current user with optional cleanup */
+    signOut: (options?: SignOutOptionsTree) => Promise<void>;
+}
+type SignUpFormValuesTree = {
+    email: string;
+    password: string;
+    confirmPassword?: string;
+    displayName?: string;
+};
+type SignUpInitialValueTree = Partial<SignUpFormValuesTree>;
+/**
+ * Props for SignIn component focusing on UI concerns
+ */
+type SignInPropsTree = {
+    /** Routing Path */
+    path?: string;
+    /** URL to navigate to after successfully sign-in */
+    forceRedirectUrl?: string | null;
+    /** Initial form values */
+    initialValue?: SignInInitialValueTree;
+    /** UI configuration */
+    ui?: SignInUIConfig;
+    /** Callbacks */
+    onError?: (error: AuthErrorTree) => void;
+    onSuccess?: (user: TernSecureUser | null) => void;
+} & SignUpRedirectUrl;
+/**
+ * Props for SignUp component focusing on UI concerns
+ */
+type SignUpPropsTree = {
+    /** URL to navigate to after successfully sign-up */
+    forceRedirectUrl?: string | null;
+    /** Initial form values */
+    initialValue?: SignUpInitialValueTree;
+    /** UI configuration */
+    ui?: SignUpUIConfig;
+    /** Callbacks */
+    onSubmit?: (values: SignUpFormValuesTree) => Promise<void>;
+    onError?: (error: AuthErrorTree) => void;
+    onSuccess?: (user: TernSecureUser | null) => void;
+} & SignInRedirectUrl;
+type SignInRedirectOptions = RedirectOptions;
+type SignUpRedirectOptions = RedirectOptions;
+interface TernSecureApiErrorJSON {
+    code: string;
+    message: string;
+}
+type UseAuthReturn = {
+    userId: string | null | undefined;
+    isLoaded: boolean;
+    isValid: boolean;
+    isVerified: boolean;
+    isAuthenticated: boolean;
+    token: any | null;
+    email: string | null;
+    status: "loading" | "authenticated" | "unauthenticated" | "unverified";
+    user?: TernSecureUser | null;
+    signOut: SignOut;
+};
+type UseSignInReturn = {
+    isLoaded: false;
+    signIn: undefined;
+} | {
+    isLoaded: true;
+    signIn: SignInResource;
+};
+type DomainOrProxyUrl = {
+    proxyUrl?: never;
+    domain?: string | ((url: URL) => string);
+} | {
+    proxyUrl?: string | ((url: URL) => string);
+    domain?: never;
+};
+/**
+ * Enables autocompletion for a union type, while keeping the ability to use any string
+ * or type of `T`
+ * @internal
+ */
+type Autocomplete<U extends T, T = string> = U | (T & Record<never, never>);
+export { type ActiveSession, type AdminConfigValidationResult, type AfterSignOutUrl, type Appearance, type AuthActions, type AuthError, type AuthErrorCode, type AuthErrorResponse, type AuthErrorTree, type AuthProviderStatus, type Autocomplete, type BaseAuthUIConfig, type CheckAuthorizationFromSessionClaims, type CheckCustomClaims, type ConfigValidationResult, type CookieOptions, type CookieStore, DEFAULT_TERN_SECURE_STATE, type DecodedIdToken, type DomainOrProxyUrl, ERRORS, type ErrorCode, type ExpiredSession, type FirebaseClaims, type FirebaseState, type IdTokenResult, type InitialState, type InstanceType, type JWTPayload, type JWTProtectedHeader, type Jwt, type ListenerCallback, type ParsedToken, type PendingSession, type Persistence, type RedirectConfig, type RedirectOptions, type ResendEmailVerification, type ServerConfigValidationResult, type SessionParams, type SessionResult, type SessionStatus, type SharedSignInAuthObjectProperties, type SignInFormValuesTree, type SignInInitialValue, type SignInInitialValueTree, type SignInProps, type SignInPropsTree, type SignInRedirectOptions, type SignInRedirectUrl, type SignInResource, type SignInResponse, type SignInResponseTree, type SignInStatus, type SignInUIConfig, type SignOut, type SignOutOptions, type SignOutOptionsTree, type SignUpFormValuesTree, type SignUpInitialValue, type SignUpInitialValueTree, type SignUpProps, type SignUpPropsTree, type SignUpRedirectOptions, type SignUpRedirectUrl, type SignUpResource, type SignUpStatus, type SignUpUIConfig, type SignedInSession, type TernAuthEventPayload, type TernAuthListenerEvent, type TernAuthListenerEventPayload, type TernAuthSDK, type TernSecureAPIError, type TernSecureAdminConfig, type TernSecureApiErrorJSON, type TernSecureAuth, type TernSecureAuthFactory, type TernSecureAuthOptions, type TernSecureAuthProvider, type TernSecureAuthStatus, type TernSecureConfig, type TernSecureInstance, type TernSecureInstanceOld, type TernSecureInstanceTree, type TernSecureInstanceTreeOptions, type TernSecureInstanceTreeStatus, type TernSecureOptions, type TernSecureResources, type TernSecureSDK, type TernSecureServerConfig, type TernSecureSession, type TernSecureSessionTree, type TernSecureState, type TernSecureUser, type TernSecureUserData, type TernVerificationResult, type ThemeBorderRadius, type ThemeColors, type ThemeComponentStyles, type ThemeFonts, type ThemeSpacing, type UnsubscribeCallback, type UseAuthReturn, type UseSignInReturn, type UserInfo, type VerifiedTokens, isSignInResponse, isSignInResponseTree };