astro-tokenkit 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Alex Mora
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/auth/detector.d.ts

@@ -0,0 +1,9 @@
+import type { TokenBundle, FieldMapping } from '../types';
+/**
+ * Auto-detect token fields from response body
+ */
+export declare function autoDetectFields(body: any, fieldMapping?: FieldMapping): TokenBundle;
+/**
+ * Parse JWT payload without verification (for reading only)
+ */
+export declare function parseJWTPayload(token: string): Record<string, any> | null;

package/dist/auth/detector.js

@@ -0,0 +1,123 @@
+// packages/astro-tokenkit/src/auth/detector.ts
+/**
+ * Common field names for access tokens
+ */
+const ACCESS_TOKEN_FIELDS = [
+    'access_token',
+    'accessToken',
+    'token',
+    'jwt',
+    'id_token',
+    'idToken',
+];
+/**
+ * Common field names for refresh tokens
+ */
+const REFRESH_TOKEN_FIELDS = [
+    'refresh_token',
+    'refreshToken',
+    'refresh',
+];
+/**
+ * Common field names for expiration timestamp
+ */
+const EXPIRES_AT_FIELDS = [
+    'expires_at',
+    'expiresAt',
+    'exp',
+    'expiry',
+];
+/**
+ * Common field names for expires_in (seconds)
+ */
+const EXPIRES_IN_FIELDS = [
+    'expires_in',
+    'expiresIn',
+    'ttl',
+];
+/**
+ * Common field names for session payload
+ */
+const SESSION_PAYLOAD_FIELDS = [
+    'user',
+    'profile',
+    'account',
+    'data',
+];
+/**
+ * Auto-detect token fields from response body
+ */
+export function autoDetectFields(body, fieldMapping) {
+    // Helper to find field
+    const findField = (candidates, mapping) => {
+        if (mapping && body[mapping] !== undefined) {
+            return body[mapping];
+        }
+        for (const candidate of candidates) {
+            if (body[candidate] !== undefined) {
+                return body[candidate];
+            }
+        }
+        return undefined;
+    };
+    // Detect access token
+    const accessToken = findField(ACCESS_TOKEN_FIELDS, fieldMapping === null || fieldMapping === void 0 ? void 0 : fieldMapping.accessToken);
+    if (!accessToken) {
+        throw new Error(`Could not detect access token field. Tried: ${ACCESS_TOKEN_FIELDS.join(', ')}. ` +
+            `Provide custom parseLogin/parseRefresh or field mapping.`);
+    }
+    // Detect refresh token
+    const refreshToken = findField(REFRESH_TOKEN_FIELDS, fieldMapping === null || fieldMapping === void 0 ? void 0 : fieldMapping.refreshToken);
+    if (!refreshToken) {
+        throw new Error(`Could not detect refresh token field. Tried: ${REFRESH_TOKEN_FIELDS.join(', ')}. ` +
+            `Provide custom parseLogin/parseRefresh or field mapping.`);
+    }
+    // Detect expiration
+    let accessExpiresAt;
+    // Try expires_at first (timestamp)
+    const expiresAtValue = findField(EXPIRES_AT_FIELDS, fieldMapping === null || fieldMapping === void 0 ? void 0 : fieldMapping.expiresAt);
+    if (expiresAtValue !== undefined) {
+        accessExpiresAt = typeof expiresAtValue === 'number'
+            ? expiresAtValue
+            : parseInt(expiresAtValue, 10);
+    }
+    // Try expires_in (seconds from now)
+    if (accessExpiresAt === undefined) {
+        const expiresInValue = findField(EXPIRES_IN_FIELDS, fieldMapping === null || fieldMapping === void 0 ? void 0 : fieldMapping.expiresIn);
+        if (expiresInValue !== undefined) {
+            const expiresIn = typeof expiresInValue === 'number'
+                ? expiresInValue
+                : parseInt(expiresInValue, 10);
+            accessExpiresAt = Math.floor(Date.now() / 1000) + expiresIn;
+        }
+    }
+    if (accessExpiresAt === undefined) {
+        throw new Error(`Could not detect expiration field. Tried: ${[...EXPIRES_AT_FIELDS, ...EXPIRES_IN_FIELDS].join(', ')}. ` +
+            `Provide custom parseLogin/parseRefresh or field mapping.`);
+    }
+    // Detect session payload (optional)
+    const sessionPayload = findField(SESSION_PAYLOAD_FIELDS, fieldMapping === null || fieldMapping === void 0 ? void 0 : fieldMapping.sessionPayload);
+    return {
+        accessToken,
+        refreshToken,
+        accessExpiresAt,
+        sessionPayload: sessionPayload || undefined,
+    };
+}
+/**
+ * Parse JWT payload without verification (for reading only)
+ */
+export function parseJWTPayload(token) {
+    try {
+        const parts = token.split('.');
+        if (parts.length !== 3) {
+            return null;
+        }
+        const payload = parts[1];
+        const decoded = atob(payload.replace(/-/g, '+').replace(/_/g, '/'));
+        return JSON.parse(decoded);
+    }
+    catch (_a) {
+        return null;
+    }
+}

package/dist/auth/manager.d.ts

@@ -0,0 +1,38 @@
+import type { TokenBundle, Session, AuthConfig, TokenKitContext } from '../types';
+/**
+ * Token Manager handles all token operations
+ */
+export declare class TokenManager {
+    private config;
+    private singleFlight;
+    private baseURL;
+    constructor(config: AuthConfig, baseURL: string);
+    /**
+     * Perform login
+     */
+    login(ctx: TokenKitContext, credentials: any): Promise<TokenBundle>;
+    /**
+     * Perform token refresh
+     */
+    refresh(ctx: TokenKitContext, refreshToken: string): Promise<TokenBundle | null>;
+    /**
+     * Ensure valid tokens (with automatic refresh)
+     */
+    ensure(ctx: TokenKitContext): Promise<Session | null>;
+    /**
+     * Logout (clear tokens)
+     */
+    logout(ctx: TokenKitContext): Promise<void>;
+    /**
+     * Get current session (no refresh)
+     */
+    getSession(ctx: TokenKitContext): Session | null;
+    /**
+     * Check if authenticated
+     */
+    isAuthenticated(ctx: TokenKitContext): boolean;
+    /**
+     * Create flight key for single-flight deduplication
+     */
+    private createFlightKey;
+}

package/dist/auth/manager.js

@@ -0,0 +1,216 @@
+// packages/astro-tokenkit/src/auth/manager.ts
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import { autoDetectFields, parseJWTPayload } from './detector';
+import { storeTokens, retrieveTokens, clearTokens } from './storage';
+import { shouldRefresh, isExpired } from './policy';
+/**
+ * Single-flight refresh manager
+ */
+class SingleFlight {
+    constructor() {
+        this.inFlight = new Map();
+    }
+    execute(key, fn) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const existing = this.inFlight.get(key);
+            if (existing)
+                return existing;
+            const promise = this.doExecute(key, fn);
+            this.inFlight.set(key, promise);
+            return promise;
+        });
+    }
+    doExecute(key, fn) {
+        return __awaiter(this, void 0, void 0, function* () {
+            try {
+                return yield fn();
+            }
+            finally {
+                this.inFlight.delete(key);
+            }
+        });
+    }
+}
+/**
+ * Token Manager handles all token operations
+ */
+export class TokenManager {
+    constructor(config, baseURL) {
+        this.config = config;
+        this.singleFlight = new SingleFlight();
+        this.baseURL = baseURL;
+    }
+    /**
+     * Perform login
+     */
+    login(ctx, credentials) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const url = this.baseURL + this.config.login;
+            const response = yield fetch(url, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify(credentials),
+            });
+            if (!response.ok) {
+                throw new Error(`Login failed: ${response.status} ${response.statusText}`);
+            }
+            const body = yield response.json();
+            // Parse response
+            const bundle = this.config.parseLogin
+                ? this.config.parseLogin(body)
+                : autoDetectFields(body, this.config.fields);
+            // Store in cookies
+            storeTokens(ctx, bundle, this.config.cookies);
+            return bundle;
+        });
+    }
+    /**
+     * Perform token refresh
+     */
+    refresh(ctx, refreshToken) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const url = this.baseURL + this.config.refresh;
+            try {
+                const response = yield fetch(url, {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/json' },
+                    body: JSON.stringify({ refreshToken }),
+                });
+                if (!response.ok) {
+                    // 401/403 = invalid refresh token
+                    if (response.status === 401 || response.status === 403) {
+                        clearTokens(ctx, this.config.cookies);
+                        return null;
+                    }
+                    throw new Error(`Refresh failed: ${response.status} ${response.statusText}`);
+                }
+                const body = yield response.json();
+                // Parse response
+                const bundle = this.config.parseRefresh
+                    ? this.config.parseRefresh(body)
+                    : autoDetectFields(body, this.config.fields);
+                // Validate bundle
+                if (!bundle.accessToken || !bundle.refreshToken || !bundle.accessExpiresAt) {
+                    throw new Error('Invalid token bundle returned from refresh endpoint');
+                }
+                // Store new tokens
+                storeTokens(ctx, bundle, this.config.cookies);
+                return bundle;
+            }
+            catch (error) {
+                clearTokens(ctx, this.config.cookies);
+                throw error;
+            }
+        });
+    }
+    /**
+     * Ensure valid tokens (with automatic refresh)
+     */
+    ensure(ctx) {
+        return __awaiter(this, void 0, void 0, function* () {
+            var _a, _b, _c, _d, _e;
+            const now = Math.floor(Date.now() / 1000);
+            const tokens = retrieveTokens(ctx, this.config.cookies);
+            // No tokens
+            if (!tokens.accessToken || !tokens.refreshToken || !tokens.expiresAt) {
+                return null;
+            }
+            // Token expired
+            if (isExpired(tokens.expiresAt, now, this.config.policy)) {
+                const flightKey = this.createFlightKey(tokens.refreshToken);
+                const bundle = yield this.singleFlight.execute(flightKey, () => this.refresh(ctx, tokens.refreshToken));
+                if (!bundle)
+                    return null;
+                return {
+                    accessToken: bundle.accessToken,
+                    expiresAt: bundle.accessExpiresAt,
+                    payload: (_b = (_a = bundle.sessionPayload) !== null && _a !== void 0 ? _a : parseJWTPayload(bundle.accessToken)) !== null && _b !== void 0 ? _b : undefined,
+                };
+            }
+            // Proactive refresh
+            if (shouldRefresh(tokens.expiresAt, now, tokens.lastRefreshAt, this.config.policy)) {
+                const flightKey = this.createFlightKey(tokens.refreshToken);
+                const bundle = yield this.singleFlight.execute(flightKey, () => this.refresh(ctx, tokens.refreshToken));
+                if (bundle) {
+                    return {
+                        accessToken: bundle.accessToken,
+                        expiresAt: bundle.accessExpiresAt,
+                        payload: (_d = (_c = bundle.sessionPayload) !== null && _c !== void 0 ? _c : parseJWTPayload(bundle.accessToken)) !== null && _d !== void 0 ? _d : undefined,
+                    };
+                }
+                // Refresh failed, check if tokens still exist
+                const currentTokens = retrieveTokens(ctx, this.config.cookies);
+                if (!currentTokens.accessToken) {
+                    return null;
+                }
+            }
+            // Return current session
+            return {
+                accessToken: tokens.accessToken,
+                expiresAt: tokens.expiresAt,
+                payload: (_e = parseJWTPayload(tokens.accessToken)) !== null && _e !== void 0 ? _e : undefined,
+            };
+        });
+    }
+    /**
+     * Logout (clear tokens)
+     */
+    logout(ctx) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Optionally call logout endpoint
+            if (this.config.logout) {
+                try {
+                    const url = this.baseURL + this.config.logout;
+                    yield fetch(url, { method: 'POST' });
+                }
+                catch (error) {
+                    // Ignore logout endpoint errors
+                    console.warn('Logout endpoint failed:', error);
+                }
+            }
+            clearTokens(ctx, this.config.cookies);
+        });
+    }
+    /**
+     * Get current session (no refresh)
+     */
+    getSession(ctx) {
+        var _a;
+        const tokens = retrieveTokens(ctx, this.config.cookies);
+        if (!tokens.accessToken || !tokens.expiresAt) {
+            return null;
+        }
+        return {
+            accessToken: tokens.accessToken,
+            expiresAt: tokens.expiresAt,
+            payload: (_a = parseJWTPayload(tokens.accessToken)) !== null && _a !== void 0 ? _a : undefined,
+        };
+    }
+    /**
+     * Check if authenticated
+     */
+    isAuthenticated(ctx) {
+        const tokens = retrieveTokens(ctx, this.config.cookies);
+        return !!(tokens.accessToken && tokens.refreshToken);
+    }
+    /**
+     * Create flight key for single-flight deduplication
+     */
+    createFlightKey(token) {
+        let hash = 0;
+        for (let i = 0; i < token.length; i++) {
+            const char = token.charCodeAt(i);
+            hash = ((hash << 5) - hash) + char;
+            hash = hash & hash;
+        }
+        return `flight_${Math.abs(hash).toString(36)}`;
+    }
+}

package/dist/auth/policy.d.ts

@@ -0,0 +1,21 @@
+import type { RefreshPolicy } from '../types';
+/**
+ * Default refresh policy
+ */
+export declare const DEFAULT_POLICY: {
+    refreshBefore: number;
+    clockSkew: number;
+    minInterval: number;
+};
+/**
+ * Normalize refresh policy (convert time strings to seconds)
+ */
+export declare function normalizePolicy(policy?: RefreshPolicy): Required<RefreshPolicy>;
+/**
+ * Check if token should be refreshed
+ */
+export declare function shouldRefresh(expiresAt: number, now: number, lastRefreshAt: number | null, policy?: RefreshPolicy): boolean;
+/**
+ * Check if token is expired
+ */
+export declare function isExpired(expiresAt: number, now: number, policy?: RefreshPolicy): boolean;

package/dist/auth/policy.js

@@ -0,0 +1,66 @@
+// packages/astro-tokenkit/src/auth/policy.ts
+import { parseTime } from '../utils/time';
+/**
+ * Default refresh policy
+ */
+export const DEFAULT_POLICY = {
+    refreshBefore: 300, // 5 minutes
+    clockSkew: 60, // 1 minute
+    minInterval: 30, // 30 seconds
+};
+/**
+ * Normalize refresh policy (convert time strings to seconds)
+ */
+export function normalizePolicy(policy = {}) {
+    return {
+        refreshBefore: policy.refreshBefore
+            ? parseTime(policy.refreshBefore)
+            : DEFAULT_POLICY.refreshBefore,
+        clockSkew: policy.clockSkew
+            ? parseTime(policy.clockSkew)
+            : DEFAULT_POLICY.clockSkew,
+        minInterval: policy.minInterval
+            ? parseTime(policy.minInterval)
+            : DEFAULT_POLICY.minInterval,
+    };
+}
+/**
+ * Check if token should be refreshed
+ */
+export function shouldRefresh(expiresAt, now, lastRefreshAt, policy = {}) {
+    const normalized = normalizePolicy(policy);
+    const refreshBefore = typeof normalized.refreshBefore === 'number'
+        ? normalized.refreshBefore
+        : parseTime(normalized.refreshBefore);
+    const clockSkew = typeof normalized.clockSkew === 'number'
+        ? normalized.clockSkew
+        : parseTime(normalized.clockSkew);
+    const minInterval = typeof normalized.minInterval === 'number'
+        ? normalized.minInterval
+        : parseTime(normalized.minInterval);
+    // Adjust for clock skew
+    const adjustedNow = now + clockSkew;
+    // Check if near expiration
+    const timeUntilExpiry = expiresAt - adjustedNow;
+    if (timeUntilExpiry > refreshBefore) {
+        return false;
+    }
+    // Check minimum interval
+    if (lastRefreshAt !== null) {
+        const timeSinceLastRefresh = now - lastRefreshAt;
+        if (timeSinceLastRefresh < minInterval) {
+            return false;
+        }
+    }
+    return true;
+}
+/**
+ * Check if token is expired
+ */
+export function isExpired(expiresAt, now, policy = {}) {
+    const normalized = normalizePolicy(policy);
+    const clockSkew = typeof normalized.clockSkew === 'number'
+        ? normalized.clockSkew
+        : parseTime(normalized.clockSkew);
+    return now > expiresAt + clockSkew;
+}

package/dist/auth/storage.d.ts

@@ -0,0 +1,40 @@
+import type { TokenBundle, CookieConfig, TokenKitContext } from '../types';
+/**
+ * Cookie names
+ */
+export interface CookieNames {
+    accessToken: string;
+    refreshToken: string;
+    expiresAt: string;
+    lastRefreshAt: string;
+}
+/**
+ * Get cookie names with optional prefix
+ */
+export declare function getCookieNames(prefix?: string): CookieNames;
+/**
+ * Get cookie options with smart defaults
+ */
+export declare function getCookieOptions(config?: CookieConfig): {
+    secure: boolean;
+    sameSite: "strict" | "lax" | "none";
+    httpOnly: boolean;
+    domain: string | undefined;
+};
+/**
+ * Store token bundle in cookies
+ */
+export declare function storeTokens(ctx: TokenKitContext, bundle: TokenBundle, cookieConfig?: CookieConfig): void;
+/**
+ * Retrieve tokens from cookies
+ */
+export declare function retrieveTokens(ctx: TokenKitContext, cookieConfig?: CookieConfig): {
+    accessToken: string | null;
+    refreshToken: string | null;
+    expiresAt: number | null;
+    lastRefreshAt: number | null;
+};
+/**
+ * Clear all auth cookies
+ */
+export declare function clearTokens(ctx: TokenKitContext, cookieConfig?: CookieConfig): void;

package/dist/auth/storage.js

@@ -0,0 +1,72 @@
+// packages/astro-tokenkit/src/auth/storage.ts
+/**
+ * Get cookie names with optional prefix
+ */
+export function getCookieNames(prefix) {
+    const p = prefix ? `${prefix}_` : '';
+    return {
+        accessToken: `${p}access_token`,
+        refreshToken: `${p}refresh_token`,
+        expiresAt: `${p}access_expires_at`,
+        lastRefreshAt: `${p}last_refresh_at`,
+    };
+}
+/**
+ * Get cookie options with smart defaults
+ */
+export function getCookieOptions(config = {}) {
+    var _a, _b;
+    const isProduction = process.env.NODE_ENV === 'production';
+    return {
+        secure: (_a = config.secure) !== null && _a !== void 0 ? _a : isProduction,
+        sameSite: (_b = config.sameSite) !== null && _b !== void 0 ? _b : 'lax',
+        httpOnly: true, // Always HttpOnly for security
+        domain: config.domain,
+    };
+}
+/**
+ * Store token bundle in cookies
+ */
+export function storeTokens(ctx, bundle, cookieConfig = {}) {
+    const names = getCookieNames(cookieConfig.prefix);
+    const options = getCookieOptions(cookieConfig);
+    const now = Math.floor(Date.now() / 1000);
+    // Calculate max age
+    const accessMaxAge = Math.max(0, bundle.accessExpiresAt - now);
+    const refreshMaxAge = bundle.refreshExpiresAt
+        ? Math.max(0, bundle.refreshExpiresAt - now)
+        : 7 * 24 * 60 * 60; // Default 7 days
+    // Set access token
+    ctx.cookies.set(names.accessToken, bundle.accessToken, Object.assign(Object.assign({}, options), { maxAge: accessMaxAge, path: '/' }));
+    // Set refresh token (restricted path for security)
+    ctx.cookies.set(names.refreshToken, bundle.refreshToken, Object.assign(Object.assign({}, options), { maxAge: refreshMaxAge, path: '/' }));
+    // Set expiration timestamp
+    ctx.cookies.set(names.expiresAt, bundle.accessExpiresAt.toString(), Object.assign(Object.assign({}, options), { maxAge: accessMaxAge, path: '/' }));
+    // Set last refresh timestamp
+    ctx.cookies.set(names.lastRefreshAt, now.toString(), Object.assign(Object.assign({}, options), { maxAge: accessMaxAge, path: '/' }));
+}
+/**
+ * Retrieve tokens from cookies
+ */
+export function retrieveTokens(ctx, cookieConfig = {}) {
+    var _a, _b, _c, _d;
+    const names = getCookieNames(cookieConfig.prefix);
+    const accessToken = ((_a = ctx.cookies.get(names.accessToken)) === null || _a === void 0 ? void 0 : _a.value) || null;
+    const refreshToken = ((_b = ctx.cookies.get(names.refreshToken)) === null || _b === void 0 ? void 0 : _b.value) || null;
+    const expiresAtStr = (_c = ctx.cookies.get(names.expiresAt)) === null || _c === void 0 ? void 0 : _c.value;
+    const expiresAt = expiresAtStr ? parseInt(expiresAtStr, 10) : null;
+    const lastRefreshAtStr = (_d = ctx.cookies.get(names.lastRefreshAt)) === null || _d === void 0 ? void 0 : _d.value;
+    const lastRefreshAt = lastRefreshAtStr ? parseInt(lastRefreshAtStr, 10) : null;
+    return { accessToken, refreshToken, expiresAt, lastRefreshAt };
+}
+/**
+ * Clear all auth cookies
+ */
+export function clearTokens(ctx, cookieConfig = {}) {
+    const names = getCookieNames(cookieConfig.prefix);
+    const options = getCookieOptions(cookieConfig);
+    ctx.cookies.delete(names.accessToken, Object.assign(Object.assign({}, options), { path: '/' }));
+    ctx.cookies.delete(names.refreshToken, Object.assign(Object.assign({}, options), { path: '/' }));
+    ctx.cookies.delete(names.expiresAt, Object.assign(Object.assign({}, options), { path: '/' }));
+    ctx.cookies.delete(names.lastRefreshAt, Object.assign(Object.assign({}, options), { path: '/' }));
+}

package/dist/client/client.d.ts

@@ -0,0 +1,72 @@
+import type { ClientConfig, RequestConfig, RequestOptions, Session, TokenKitContext } from '../types';
+import { TokenManager } from '../auth/manager';
+import { type ContextOptions } from './context';
+/**
+ * API Client
+ */
+export declare class APIClient {
+    tokenManager?: TokenManager;
+    private config;
+    contextOptions: ContextOptions;
+    constructor(config: ClientConfig);
+    /**
+     * GET request
+     */
+    get<T = any>(url: string, options?: RequestOptions): Promise<T>;
+    /**
+     * POST request
+     */
+    post<T = any>(url: string, data?: any, options?: RequestOptions): Promise<T>;
+    /**
+     * PUT request
+     */
+    put<T = any>(url: string, data?: any, options?: RequestOptions): Promise<T>;
+    /**
+     * PATCH request
+     */
+    patch<T = any>(url: string, data?: any, options?: RequestOptions): Promise<T>;
+    /**
+     * DELETE request
+     */
+    delete<T = any>(url: string, options?: RequestOptions): Promise<T>;
+    /**
+     * Generic request method
+     */
+    request<T = any>(config: RequestConfig): Promise<T>;
+    /**
+     * Execute single request
+     */
+    private executeRequest;
+    /**
+     * Parse response
+     */
+    private parseResponse;
+    /**
+     * Build full URL with query params
+     */
+    private buildURL;
+    /**
+     * Build request headers
+     */
+    private buildHeaders;
+    /**
+     * Login
+     */
+    login(credentials: any, ctx?: TokenKitContext): Promise<void>;
+    /**
+     * Logout
+     */
+    logout(ctx?: TokenKitContext): Promise<void>;
+    /**
+     * Check if authenticated
+     */
+    isAuthenticated(ctx?: TokenKitContext): boolean;
+    /**
+     * Get current session
+     */
+    getSession(ctx?: TokenKitContext): Session | null;
+}
+/**
+ * Create API client
+ */
+export declare function createClient(config: ClientConfig): APIClient;