redis-otp-manager 0.4.0 → 0.5.0

package/README.md

@@ -10,6 +10,8 @@ This package currently includes:
 - Keyed HMAC support with app secret configuration
 - Secret rotation support for verification
 - Legacy SHA-256 verification compatibility for migrations
+- Hook-based observability events
+- Structured metadata support for audit and logging context
 - Redis-compatible storage adapter
 - In-memory adapter for tests
 - Intent-aware key strategy
@@ -33,12 +35,6 @@ For NestJS apps, also install the Nest peer dependencies used by your app:
 npm install @nestjs/common @nestjs/core reflect-metadata rxjs
 ```
 
-## Module Support
-
-This package supports both:
-- ESM imports
-- CommonJS/Nest `ts-node/register` style resolution
-
 ## Quality Checks
 
 ```bash
@@ -68,6 +64,59 @@ const otp = new OTPManager({
 });
 ```
 
+## Observability Hooks
+
+`v0.5.0` adds hook-based observability without changing the core OTP flow.
+
+```ts
+const otp = new OTPManager({
+  store: new RedisAdapter(redisClient),
+  ttl: 300,
+  maxAttempts: 3,
+  hooks: {
+    onGenerated: async (event) => logger.info("otp_generated", event),
+    onVerified: async (event) => logger.info("otp_verified", event),
+    onFailed: async (event) => logger.warn("otp_failed", event),
+    onLocked: async (event) => logger.warn("otp_locked", event),
+    onRateLimited: async (event) => logger.warn("otp_rate_limited", event),
+    onCooldownBlocked: async (event) => logger.warn("otp_cooldown_blocked", event),
+    onHookError: async (error, context) => logger.error("otp_hook_error", { error, context }),
+  },
+});
+```
+
+Supported lifecycle hooks:
+- `onGenerated`
+- `onVerified`
+- `onFailed`
+- `onLocked`
+- `onRateLimited`
+- `onCooldownBlocked`
+- `onHookError`
+
+Default behavior:
+- hooks are optional
+- hook execution is non-blocking by default
+- hook failures do not break OTP generation or verification unless `throwOnError: true`
+
+## Structured Metadata
+
+You can pass request-scoped metadata into both `generate()` and `verify()`.
+This metadata is forwarded to hooks but is not stored in Redis.
+
+```ts
+await otp.generate({
+  type: "email",
+  identifier: "user@example.com",
+  intent: "login",
+  metadata: {
+    requestId: "req_123",
+    userId: "user_42",
+    ip: "203.0.113.10",
+  },
+});
+```
+
 ## Cryptographic Hardening
 
 When `hashing.secret` is configured, new OTPs are stored using keyed HMAC instead of plain SHA-256.
@@ -91,12 +140,6 @@ Recommended migration strategy:
 - optionally add `previousSecrets` during secret rotation
 - after old in-flight OTPs naturally expire, you can disable legacy verification if desired
 
-Secure secret management guidance:
-- store secrets in environment variables or your secret manager
-- never hardcode secrets in source control
-- rotate secrets deliberately and keep the previous secret only as long as needed
-- use different secrets across environments
-
 ## Production Security Notes
 
 When you use `RedisAdapter`, the package takes the Redis-specific atomic path for:
@@ -107,37 +150,6 @@ That prevents the most important race condition from earlier versions where two
 
 Simpler adapters like `MemoryAdapter` intentionally stay on the non-atomic fallback path to keep tests and local development lightweight.
 
-## NestJS
-
-```ts
-import { Module } from "@nestjs/common";
-import { createClient } from "redis";
-import { OTPManager, RedisAdapter } from "redis-otp-manager";
-import { OTPModule, InjectOTPManager } from "redis-otp-manager/nest";
-
-const redisClient = createClient({ url: process.env.REDIS_URL });
-
-@Module({
-  imports: [
-    OTPModule.forRoot({
-      store: new RedisAdapter(redisClient),
-      ttl: 300,
-      maxAttempts: 5,
-      resendCooldown: 45,
-      rateLimit: {
-        window: 60,
-        max: 3,
-      },
-      hashing: {
-        secret: process.env.OTP_HMAC_SECRET,
-      },
-      isGlobal: true,
-    }),
-  ],
-})
-export class AppModule {}
-```
-
 ## API
 
 ### `new OTPManager(options)`
@@ -164,6 +176,16 @@ type OTPManagerOptions = {
     previousSecrets?: string[];
     allowLegacyVerify?: boolean;
   };
+  hooks?: {
+    onGenerated?: (event) => void | Promise<void>;
+    onVerified?: (event) => void | Promise<void>;
+    onFailed?: (event) => void | Promise<void>;
+    onLocked?: (event) => void | Promise<void>;
+    onRateLimited?: (event) => void | Promise<void>;
+    onCooldownBlocked?: (event) => void | Promise<void>;
+    onHookError?: (error, context) => void | Promise<void>;
+    throwOnError?: boolean;
+  };
 };
 ```
 
@@ -185,33 +207,17 @@ type OTPManagerOptions = {
 - prefer `RedisAdapter` in production to get the atomic security path
 - keep Redis private and behind authenticated network access
 
-## Key Design
-
-```txt
-otp:{intent}:{type}:{identifier}
-attempts:{intent}:{type}:{identifier}
-rate:{type}:{identifier}
-cooldown:{intent}:{type}:{identifier}
-```
-
 ## Release Automation
 
 Publishing on every `main` merge is not recommended for npm packages because npm versions are immutable. The safer setup is:
 - merge to `main` runs CI only
-- publish happens when you push a version tag like `v0.4.0`
+- publish happens when you push a version tag like `v0.5.0`
 
 Required GitHub secrets:
 - `NPM_TOKEN`
 
-Tag-based publish:
-
-```bash
-git tag v0.4.0
-git push origin v0.4.0
-```
-
 ## Next Roadmap
 
-- hooks/events
-- analytics and observability
+- analytics and observability integrations
 - delivery helper integrations
+- more advanced audit persistence adapters

package/dist/cjs/core/otp.service.js

@@ -21,6 +21,7 @@ class OTPManager {
     async generate(input) {
         validatePayload(input);
         const normalizedInput = (0, identifier_normalizer_js_1.normalizePayloadIdentifier)(input, this.options.identifierNormalization);
+        const eventContext = this.buildEventContext(input, normalizedInput.identifier);
         const otpKey = (0, key_builder_js_1.buildOtpKey)(normalizedInput);
         const attemptsKey = (0, key_builder_js_1.buildAttemptsKey)(normalizedInput);
         const rateLimitKey = (0, key_builder_js_1.buildRateLimitKey)(normalizedInput);
@@ -40,38 +41,54 @@ class OTPManager {
                 resendCooldown: this.options.resendCooldown,
             });
             if (atomicResult === "cooldown") {
+                await this.emitCooldownBlocked(eventContext);
                 throw new otp_errors_js_1.OTPResendCooldownError();
             }
             if (atomicResult === "rate_limit") {
+                await this.emitRateLimited(eventContext);
                 throw new otp_errors_js_1.OTPRateLimitExceededError();
             }
             if (atomicResult === "ok") {
-                return {
+                const result = {
                     expiresIn: this.options.ttl,
                     otp: this.options.devMode ? otp : undefined,
                 };
+                await this.emitGenerated(eventContext);
+                return result;
             }
         }
         if (this.options.resendCooldown) {
             const cooldownActive = await this.options.store.get(cooldownKey);
             if (cooldownActive) {
+                await this.emitCooldownBlocked(eventContext);
                 throw new otp_errors_js_1.OTPResendCooldownError();
             }
         }
-        await (0, rate_limiter_js_1.assertWithinRateLimit)(this.options.store, rateLimitKey, this.options.rateLimit);
+        try {
+            await (0, rate_limiter_js_1.assertWithinRateLimit)(this.options.store, rateLimitKey, this.options.rateLimit);
+        }
+        catch (error) {
+            if (error instanceof otp_errors_js_1.OTPRateLimitExceededError) {
+                await this.emitRateLimited(eventContext);
+            }
+            throw error;
+        }
         await this.options.store.set(otpKey, storedHash, this.options.ttl);
         await this.options.store.del(attemptsKey);
         if (this.options.resendCooldown) {
             await this.options.store.set(cooldownKey, "1", this.options.resendCooldown);
         }
-        return {
+        const result = {
             expiresIn: this.options.ttl,
             otp: this.options.devMode ? otp : undefined,
         };
+        await this.emitGenerated(eventContext);
+        return result;
     }
     async verify(input) {
         validatePayload(input);
         const normalizedInput = (0, identifier_normalizer_js_1.normalizePayloadIdentifier)(input, this.options.identifierNormalization);
+        const eventContext = this.buildEventContext(input, normalizedInput.identifier);
         if (!input.otp || !input.otp.trim()) {
             throw new TypeError("OTP must be a non-empty string.");
         }
@@ -87,20 +104,25 @@ class OTPManager {
                 maxAttempts: this.options.maxAttempts,
             });
             if (atomicResult === "verified") {
+                await this.emitVerified(eventContext);
                 return true;
             }
             if (atomicResult === "expired") {
+                await this.emitFailed(eventContext, "expired");
                 throw new otp_errors_js_1.OTPExpiredError();
             }
             if (atomicResult === "max_attempts") {
+                await this.emitLocked(eventContext);
                 throw new otp_errors_js_1.OTPMaxAttemptsExceededError();
             }
             if (atomicResult === "invalid") {
+                await this.emitFailed(eventContext, "invalid");
                 throw new otp_errors_js_1.OTPInvalidError();
             }
         }
         const storedHash = await this.options.store.get(otpKey);
         if (!storedHash) {
+            await this.emitFailed(eventContext, "expired");
             throw new otp_errors_js_1.OTPExpiredError();
         }
         const isValid = (0, otp_hash_js_1.verifyOtpHash)(input.otp, normalizedInput, storedHash, this.options.hashing);
@@ -109,14 +131,117 @@ class OTPManager {
             if (attempts >= this.options.maxAttempts) {
                 await this.options.store.del(otpKey);
                 await this.options.store.del(attemptsKey);
+                await this.emitLocked(eventContext);
                 throw new otp_errors_js_1.OTPMaxAttemptsExceededError();
             }
+            await this.emitFailed(eventContext, "invalid", attempts);
             throw new otp_errors_js_1.OTPInvalidError();
         }
         await this.options.store.del(otpKey);
         await this.options.store.del(attemptsKey);
+        await this.emitVerified(eventContext);
         return true;
     }
+    buildEventContext(input, normalizedIdentifier) {
+        return {
+            type: input.type,
+            identifier: input.identifier,
+            normalizedIdentifier,
+            intent: input.intent ?? "default",
+            timestamp: new Date().toISOString(),
+            metadata: input.metadata,
+        };
+    }
+    async emitGenerated(context) {
+        await this.dispatchHook("generated", {
+            ...context,
+            expiresIn: this.options.ttl,
+            devMode: this.options.devMode,
+        });
+    }
+    async emitVerified(context) {
+        await this.dispatchHook("verified", context);
+    }
+    async emitFailed(context, reason, attemptsUsed) {
+        await this.dispatchHook("failed", {
+            ...context,
+            reason,
+            attemptsUsed,
+            attemptsRemaining: attemptsUsed !== undefined ? Math.max(this.options.maxAttempts - attemptsUsed, 0) : undefined,
+        });
+    }
+    async emitLocked(context) {
+        await this.dispatchHook("locked", {
+            ...context,
+            maxAttempts: this.options.maxAttempts,
+        });
+    }
+    async emitRateLimited(context) {
+        if (!this.options.rateLimit) {
+            return;
+        }
+        await this.dispatchHook("rate_limited", {
+            ...context,
+            window: this.options.rateLimit.window,
+            max: this.options.rateLimit.max,
+        });
+    }
+    async emitCooldownBlocked(context) {
+        if (!this.options.resendCooldown) {
+            return;
+        }
+        await this.dispatchHook("cooldown_blocked", {
+            ...context,
+            resendCooldown: this.options.resendCooldown,
+        });
+    }
+    async dispatchHook(eventName, payload) {
+        const hook = this.getHook(eventName);
+        if (!hook) {
+            return;
+        }
+        const execute = async () => {
+            try {
+                await hook(payload);
+            }
+            catch (error) {
+                if (this.options.hooks?.onHookError) {
+                    await this.options.hooks.onHookError(error, {
+                        event: eventName,
+                        payload,
+                    });
+                }
+                if (this.options.hooks?.throwOnError) {
+                    throw error;
+                }
+            }
+        };
+        if (this.options.hooks?.throwOnError) {
+            await execute();
+            return;
+        }
+        queueMicrotask(() => {
+            void execute();
+        });
+    }
+    getHook(eventName) {
+        switch (eventName) {
+            case "generated":
+                return this.options.hooks?.onGenerated;
+            case "verified":
+                return this.options.hooks?.onVerified;
+            case "failed":
+                return this.options.hooks?.onFailed;
+            case "locked":
+                return this.options.hooks?.onLocked;
+            case "rate_limited":
+                return this.options.hooks?.onRateLimited;
+            case "cooldown_blocked":
+                return this.options.hooks?.onCooldownBlocked;
+            default:
+                return undefined;
+        }
+    }
 }
 exports.OTPManager = OTPManager;
 function validateManagerOptions(options) {
@@ -170,6 +295,24 @@ function validateManagerOptions(options) {
             throw new TypeError("hashing.allowLegacyVerify must be a boolean.");
         }
     }
+    if (options.hooks) {
+        const hookEntries = [
+            options.hooks.onGenerated,
+            options.hooks.onVerified,
+            options.hooks.onFailed,
+            options.hooks.onLocked,
+            options.hooks.onRateLimited,
+            options.hooks.onCooldownBlocked,
+            options.hooks.onHookError,
+        ];
+        if (hookEntries.some((hook) => hook !== undefined && typeof hook !== "function")) {
+            throw new TypeError("All hooks must be functions when provided.");
+        }
+        if (options.hooks.throwOnError !== undefined &&
+            typeof options.hooks.throwOnError !== "boolean") {
+            throw new TypeError("hooks.throwOnError must be a boolean.");
+        }
+    }
 }
 function validatePayload(input) {
     if (!input.type || !input.type.trim()) {

package/dist/core/otp.service.d.ts

@@ -4,4 +4,13 @@ export declare class OTPManager {
     constructor(options: OTPManagerOptions);
     generate(input: GenerateOTPInput): Promise<GenerateOTPResult>;
     verify(input: VerifyOTPInput): Promise<true>;
+    private buildEventContext;
+    private emitGenerated;
+    private emitVerified;
+    private emitFailed;
+    private emitLocked;
+    private emitRateLimited;
+    private emitCooldownBlocked;
+    private dispatchHook;
+    private getHook;
 }

package/dist/core/otp.service.js

@@ -18,6 +18,7 @@ export class OTPManager {
     async generate(input) {
         validatePayload(input);
         const normalizedInput = normalizePayloadIdentifier(input, this.options.identifierNormalization);
+        const eventContext = this.buildEventContext(input, normalizedInput.identifier);
         const otpKey = buildOtpKey(normalizedInput);
         const attemptsKey = buildAttemptsKey(normalizedInput);
         const rateLimitKey = buildRateLimitKey(normalizedInput);
@@ -37,38 +38,54 @@ export class OTPManager {
                 resendCooldown: this.options.resendCooldown,
             });
             if (atomicResult === "cooldown") {
+                await this.emitCooldownBlocked(eventContext);
                 throw new OTPResendCooldownError();
             }
             if (atomicResult === "rate_limit") {
+                await this.emitRateLimited(eventContext);
                 throw new OTPRateLimitExceededError();
             }
             if (atomicResult === "ok") {
-                return {
+                const result = {
                     expiresIn: this.options.ttl,
                     otp: this.options.devMode ? otp : undefined,
                 };
+                await this.emitGenerated(eventContext);
+                return result;
             }
         }
         if (this.options.resendCooldown) {
             const cooldownActive = await this.options.store.get(cooldownKey);
             if (cooldownActive) {
+                await this.emitCooldownBlocked(eventContext);
                 throw new OTPResendCooldownError();
             }
         }
-        await assertWithinRateLimit(this.options.store, rateLimitKey, this.options.rateLimit);
+        try {
+            await assertWithinRateLimit(this.options.store, rateLimitKey, this.options.rateLimit);
+        }
+        catch (error) {
+            if (error instanceof OTPRateLimitExceededError) {
+                await this.emitRateLimited(eventContext);
+            }
+            throw error;
+        }
         await this.options.store.set(otpKey, storedHash, this.options.ttl);
         await this.options.store.del(attemptsKey);
         if (this.options.resendCooldown) {
             await this.options.store.set(cooldownKey, "1", this.options.resendCooldown);
         }
-        return {
+        const result = {
             expiresIn: this.options.ttl,
             otp: this.options.devMode ? otp : undefined,
         };
+        await this.emitGenerated(eventContext);
+        return result;
     }
     async verify(input) {
         validatePayload(input);
         const normalizedInput = normalizePayloadIdentifier(input, this.options.identifierNormalization);
+        const eventContext = this.buildEventContext(input, normalizedInput.identifier);
         if (!input.otp || !input.otp.trim()) {
             throw new TypeError("OTP must be a non-empty string.");
         }
@@ -84,20 +101,25 @@ export class OTPManager {
                 maxAttempts: this.options.maxAttempts,
             });
             if (atomicResult === "verified") {
+                await this.emitVerified(eventContext);
                 return true;
             }
             if (atomicResult === "expired") {
+                await this.emitFailed(eventContext, "expired");
                 throw new OTPExpiredError();
             }
             if (atomicResult === "max_attempts") {
+                await this.emitLocked(eventContext);
                 throw new OTPMaxAttemptsExceededError();
             }
             if (atomicResult === "invalid") {
+                await this.emitFailed(eventContext, "invalid");
                 throw new OTPInvalidError();
             }
         }
         const storedHash = await this.options.store.get(otpKey);
         if (!storedHash) {
+            await this.emitFailed(eventContext, "expired");
             throw new OTPExpiredError();
         }
         const isValid = verifyOtpHash(input.otp, normalizedInput, storedHash, this.options.hashing);
@@ -106,14 +128,117 @@ export class OTPManager {
             if (attempts >= this.options.maxAttempts) {
                 await this.options.store.del(otpKey);
                 await this.options.store.del(attemptsKey);
+                await this.emitLocked(eventContext);
                 throw new OTPMaxAttemptsExceededError();
             }
+            await this.emitFailed(eventContext, "invalid", attempts);
             throw new OTPInvalidError();
         }
         await this.options.store.del(otpKey);
         await this.options.store.del(attemptsKey);
+        await this.emitVerified(eventContext);
         return true;
     }
+    buildEventContext(input, normalizedIdentifier) {
+        return {
+            type: input.type,
+            identifier: input.identifier,
+            normalizedIdentifier,
+            intent: input.intent ?? "default",
+            timestamp: new Date().toISOString(),
+            metadata: input.metadata,
+        };
+    }
+    async emitGenerated(context) {
+        await this.dispatchHook("generated", {
+            ...context,
+            expiresIn: this.options.ttl,
+            devMode: this.options.devMode,
+        });
+    }
+    async emitVerified(context) {
+        await this.dispatchHook("verified", context);
+    }
+    async emitFailed(context, reason, attemptsUsed) {
+        await this.dispatchHook("failed", {
+            ...context,
+            reason,
+            attemptsUsed,
+            attemptsRemaining: attemptsUsed !== undefined ? Math.max(this.options.maxAttempts - attemptsUsed, 0) : undefined,
+        });
+    }
+    async emitLocked(context) {
+        await this.dispatchHook("locked", {
+            ...context,
+            maxAttempts: this.options.maxAttempts,
+        });
+    }
+    async emitRateLimited(context) {
+        if (!this.options.rateLimit) {
+            return;
+        }
+        await this.dispatchHook("rate_limited", {
+            ...context,
+            window: this.options.rateLimit.window,
+            max: this.options.rateLimit.max,
+        });
+    }
+    async emitCooldownBlocked(context) {
+        if (!this.options.resendCooldown) {
+            return;
+        }
+        await this.dispatchHook("cooldown_blocked", {
+            ...context,
+            resendCooldown: this.options.resendCooldown,
+        });
+    }
+    async dispatchHook(eventName, payload) {
+        const hook = this.getHook(eventName);
+        if (!hook) {
+            return;
+        }
+        const execute = async () => {
+            try {
+                await hook(payload);
+            }
+            catch (error) {
+                if (this.options.hooks?.onHookError) {
+                    await this.options.hooks.onHookError(error, {
+                        event: eventName,
+                        payload,
+                    });
+                }
+                if (this.options.hooks?.throwOnError) {
+                    throw error;
+                }
+            }
+        };
+        if (this.options.hooks?.throwOnError) {
+            await execute();
+            return;
+        }
+        queueMicrotask(() => {
+            void execute();
+        });
+    }
+    getHook(eventName) {
+        switch (eventName) {
+            case "generated":
+                return this.options.hooks?.onGenerated;
+            case "verified":
+                return this.options.hooks?.onVerified;
+            case "failed":
+                return this.options.hooks?.onFailed;
+            case "locked":
+                return this.options.hooks?.onLocked;
+            case "rate_limited":
+                return this.options.hooks?.onRateLimited;
+            case "cooldown_blocked":
+                return this.options.hooks?.onCooldownBlocked;
+            default:
+                return undefined;
+        }
+    }
 }
 function validateManagerOptions(options) {
     if (!Number.isInteger(options.ttl) || options.ttl <= 0) {
@@ -166,6 +291,24 @@ function validateManagerOptions(options) {
             throw new TypeError("hashing.allowLegacyVerify must be a boolean.");
         }
     }
+    if (options.hooks) {
+        const hookEntries = [
+            options.hooks.onGenerated,
+            options.hooks.onVerified,
+            options.hooks.onFailed,
+            options.hooks.onLocked,
+            options.hooks.onRateLimited,
+            options.hooks.onCooldownBlocked,
+            options.hooks.onHookError,
+        ];
+        if (hookEntries.some((hook) => hook !== undefined && typeof hook !== "function")) {
+            throw new TypeError("All hooks must be functions when provided.");
+        }
+        if (options.hooks.throwOnError !== undefined &&
+            typeof options.hooks.throwOnError !== "boolean") {
+            throw new TypeError("hooks.throwOnError must be a boolean.");
+        }
+    }
 }
 function validatePayload(input) {
     if (!input.type || !input.type.trim()) {

package/dist/core/otp.types.d.ts

@@ -1,8 +1,10 @@
 export type OTPChannel = "email" | "sms" | "token" | (string & {});
+export type OTPMetadata = Record<string, unknown>;
 export interface OTPPayload {
     type: OTPChannel;
     identifier: string;
     intent?: string;
+    metadata?: OTPMetadata;
 }
 export interface GenerateOTPInput extends OTPPayload {
 }
@@ -23,6 +25,49 @@ export interface OTPHashingOptions {
     previousSecrets?: string[];
     allowLegacyVerify?: boolean;
 }
+export interface OTPEventContext {
+    type: OTPChannel;
+    identifier: string;
+    normalizedIdentifier: string;
+    intent: string;
+    timestamp: string;
+    metadata?: OTPMetadata;
+}
+export interface OTPGeneratedEvent extends OTPEventContext {
+    expiresIn: number;
+    devMode: boolean;
+}
+export interface OTPVerifiedEvent extends OTPEventContext {
+}
+export interface OTPFailedEvent extends OTPEventContext {
+    reason: "invalid" | "expired";
+    attemptsUsed?: number;
+    attemptsRemaining?: number;
+}
+export interface OTPLockedEvent extends OTPEventContext {
+    maxAttempts: number;
+}
+export interface OTPRateLimitedEvent extends OTPEventContext {
+    window: number;
+    max: number;
+}
+export interface OTPCooldownBlockedEvent extends OTPEventContext {
+    resendCooldown: number;
+}
+export interface OTPHookErrorContext {
+    event: "generated" | "verified" | "failed" | "locked" | "rate_limited" | "cooldown_blocked";
+    payload: OTPGeneratedEvent | OTPVerifiedEvent | OTPFailedEvent | OTPLockedEvent | OTPRateLimitedEvent | OTPCooldownBlockedEvent;
+}
+export interface OTPHooks {
+    onGenerated?: (event: OTPGeneratedEvent) => void | Promise<void>;
+    onVerified?: (event: OTPVerifiedEvent) => void | Promise<void>;
+    onFailed?: (event: OTPFailedEvent) => void | Promise<void>;
+    onLocked?: (event: OTPLockedEvent) => void | Promise<void>;
+    onRateLimited?: (event: OTPRateLimitedEvent) => void | Promise<void>;
+    onCooldownBlocked?: (event: OTPCooldownBlockedEvent) => void | Promise<void>;
+    onHookError?: (error: unknown, context: OTPHookErrorContext) => void | Promise<void>;
+    throwOnError?: boolean;
+}
 export interface OTPManagerOptions {
     store: StoreAdapter;
     ttl: number;
@@ -33,6 +78,7 @@ export interface OTPManagerOptions {
     resendCooldown?: number;
     identifierNormalization?: IdentifierNormalizationConfig;
     hashing?: OTPHashingOptions;
+    hooks?: OTPHooks;
 }
 export interface GenerateOTPResult {
     expiresIn: number;

package/dist/index.d.ts

@@ -1,5 +1,5 @@
 export { OTPManager } from "./core/otp.service.js";
 export { RedisAdapter } from "./adapters/redis.adapter.js";
 export { MemoryAdapter } from "./adapters/memory.adapter.js";
-export type { GenerateOTPInput, GenerateOTPResult, IdentifierNormalizationConfig, OTPHashingOptions, OTPManagerOptions, OTPPayload, RateLimitConfig, StoreAdapter, VerifyOTPInput, } from "./core/otp.types.js";
+export type { GenerateOTPInput, GenerateOTPResult, IdentifierNormalizationConfig, OTPChannel, OTPCooldownBlockedEvent, OTPEventContext, OTPFailedEvent, OTPGeneratedEvent, OTPHashingOptions, OTPHookErrorContext, OTPHooks, OTPLockedEvent, OTPManagerOptions, OTPMetadata, OTPPayload, OTPRateLimitedEvent, OTPVerifiedEvent, RateLimitConfig, StoreAdapter, VerifyOTPInput, } from "./core/otp.types.js";
 export { OTPError, OTPExpiredError, OTPInvalidError, OTPMaxAttemptsExceededError, OTPRateLimitExceededError, OTPResendCooldownError, } from "./errors/otp.errors.js";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "redis-otp-manager",
-  "version": "0.4.0",
+  "version": "0.5.0",
   "description": "Lightweight, Redis-backed OTP manager for Node.js apps",
   "repository": {
     "type": "git",
@@ -91,4 +91,3 @@
     "typescript": "^5.8.0"
   }
 }
-