rozod 6.8.0 → 6.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/lib/endpoints/accountinformationv1.d.ts +92 -95
  2. package/lib/endpoints/accountsettingsv1.d.ts +88 -110
  3. package/lib/endpoints/adconfigurationv2.d.ts +108 -215
  4. package/lib/endpoints/assetdeliveryv1.d.ts +236 -237
  5. package/lib/endpoints/assetdeliveryv2.d.ts +180 -181
  6. package/lib/endpoints/authv1.d.ts +479 -521
  7. package/lib/endpoints/authv2.d.ts +209 -221
  8. package/lib/endpoints/authv3.d.ts +32 -35
  9. package/lib/endpoints/avatarv1.d.ts +112 -117
  10. package/lib/endpoints/avatarv2.d.ts +71 -76
  11. package/lib/endpoints/avatarv3.d.ts +27 -33
  12. package/lib/endpoints/badgesv1.d.ts +92 -99
  13. package/lib/endpoints/catalogv1.d.ts +207 -233
  14. package/lib/endpoints/catalogv2.d.ts +81 -119
  15. package/lib/endpoints/clientsettingsv1.d.ts +33 -35
  16. package/lib/endpoints/clientsettingsv2.d.ts +62 -68
  17. package/lib/endpoints/contactsv1.d.ts +18 -20
  18. package/lib/endpoints/developv1.d.ts +230 -293
  19. package/lib/endpoints/developv2.d.ts +84 -137
  20. package/lib/endpoints/economycreatorstatsv1.d.ts +12 -12
  21. package/lib/endpoints/economyv1.d.ts +6 -6
  22. package/lib/endpoints/engagementpayoutsv1.d.ts +9 -9
  23. package/lib/endpoints/followingsv1.d.ts +33 -34
  24. package/lib/endpoints/followingsv2.d.ts +9 -9
  25. package/lib/endpoints/friendsv1.d.ts +200 -237
  26. package/lib/endpoints/gameinternationalizationv1.d.ts +1509 -1642
  27. package/lib/endpoints/gameinternationalizationv2.d.ts +62 -64
  28. package/lib/endpoints/gamesv1.d.ts +181 -143
  29. package/lib/endpoints/gamesv2.d.ts +161 -169
  30. package/lib/endpoints/groupsv1.d.ts +938 -988
  31. package/lib/endpoints/groupsv2.d.ts +259 -278
  32. package/lib/endpoints/inventoryv1.d.ts +91 -122
  33. package/lib/endpoints/inventoryv2.d.ts +163 -180
  34. package/lib/endpoints/itemconfigurationv1.d.ts +33 -40
  35. package/lib/endpoints/localev1.d.ts +47 -48
  36. package/lib/endpoints/localizationtablesv1.d.ts +315 -353
  37. package/lib/endpoints/matchmakingv1.d.ts +184 -190
  38. package/lib/endpoints/notificationsv2.d.ts +144 -158
  39. package/lib/endpoints/premiumfeaturesv1.d.ts +14 -14
  40. package/lib/endpoints/presencev1.d.ts +7 -12
  41. package/lib/endpoints/privatemessagesv1.d.ts +56 -64
  42. package/lib/endpoints/publishv1.d.ts +32 -32
  43. package/lib/endpoints/thumbnailsresizerv1.d.ts +52 -53
  44. package/lib/endpoints/thumbnailsv1.d.ts +325 -326
  45. package/lib/endpoints/thumbnailsv1.js +24 -24
  46. package/lib/endpoints/tradesv1.d.ts +92 -104
  47. package/lib/endpoints/tradesv2.d.ts +81 -84
  48. package/lib/endpoints/translationrolesv1.d.ts +46 -51
  49. package/lib/endpoints/twostepverificationv1.d.ts +233 -237
  50. package/lib/endpoints/usersv1.d.ts +110 -114
  51. package/lib/index.d.ts +56 -1
  52. package/lib/index.js +159 -3
  53. package/package.json +2 -2
@@ -1,5 +1,5 @@
1
- import { z } from "zod";
2
- import { endpoint } from "..";
1
+ import { z } from 'zod';
2
+ import { endpoint } from '..';
3
3
 
4
4
  const Roblox_Users_Api_BirthdateResponse = z.object({
5
5
  birthMonth: z.number().int(),
@@ -21,7 +21,7 @@ const Roblox_Users_Api_DescriptionRequest = z.object({
21
21
  });
22
22
  const Roblox_Users_Api_GenderResponse = z.object({ gender: z.number().int() });
23
23
  const Roblox_Users_Api_GenderRequest = z.object({
24
- gender: z.enum(["Unknown", "Male", "Female"]),
24
+ gender: z.enum(['Unknown', 'Male', 'Female']),
25
25
  });
26
26
  const Roblox_Users_Api_GetUserResponse = z.object({
27
27
  description: z.string(),
@@ -34,12 +34,11 @@ const Roblox_Users_Api_GetUserResponse = z.object({
34
34
  displayName: z.string(),
35
35
  });
36
36
  const Roblox_Users_Api_UsernameHistoryResponse = z.object({ name: z.string() });
37
- const Roblox_Web_WebAPI_Models_ApiPageResponse_Roblox_Users_Api_UsernameHistoryResponse_ =
38
- z.object({
39
- previousPageCursor: z.string(),
40
- nextPageCursor: z.string(),
41
- data: z.array(Roblox_Users_Api_UsernameHistoryResponse),
42
- });
37
+ const Roblox_Web_WebAPI_Models_ApiPageResponse_Roblox_Users_Api_UsernameHistoryResponse_ = z.object({
38
+ previousPageCursor: z.string(),
39
+ nextPageCursor: z.string(),
40
+ data: z.array(Roblox_Users_Api_UsernameHistoryResponse),
41
+ });
43
42
  const Roblox_Users_Api_AuthenticatedGetUserResponse = z.object({
44
43
  id: z.number().int(),
45
44
  name: z.string(),
@@ -61,12 +60,11 @@ const Roblox_Users_Api_SearchGetUserResponse = z.object({
61
60
  name: z.string(),
62
61
  displayName: z.string(),
63
62
  });
64
- const Roblox_Web_WebAPI_Models_ApiPageResponse_Roblox_Users_Api_SearchGetUserResponse_ =
65
- z.object({
66
- previousPageCursor: z.string(),
67
- nextPageCursor: z.string(),
68
- data: z.array(Roblox_Users_Api_SearchGetUserResponse),
69
- });
63
+ const Roblox_Web_WebAPI_Models_ApiPageResponse_Roblox_Users_Api_SearchGetUserResponse_ = z.object({
64
+ previousPageCursor: z.string(),
65
+ nextPageCursor: z.string(),
66
+ data: z.array(Roblox_Users_Api_SearchGetUserResponse),
67
+ });
70
68
  const Roblox_Users_Api_MultiGetByUsernameRequest = z.object({
71
69
  usernames: z.array(z.string()),
72
70
  excludeBannedUsers: z.boolean(),
@@ -78,8 +76,9 @@ const Roblox_Users_Api_MultiGetUserByNameResponse = z.object({
78
76
  name: z.string(),
79
77
  displayName: z.string(),
80
78
  });
81
- const Roblox_Web_WebAPI_Models_ApiArrayResponse_Roblox_Users_Api_MultiGetUserByNameResponse_ =
82
- z.object({ data: z.array(Roblox_Users_Api_MultiGetUserByNameResponse) });
79
+ const Roblox_Web_WebAPI_Models_ApiArrayResponse_Roblox_Users_Api_MultiGetUserByNameResponse_ = z.object({
80
+ data: z.array(Roblox_Users_Api_MultiGetUserByNameResponse),
81
+ });
83
82
  const Roblox_Users_Api_MultiGetByUserIdRequest = z.object({
84
83
  userIds: z.array(z.number()),
85
84
  excludeBannedUsers: z.boolean(),
@@ -90,8 +89,9 @@ const Roblox_Users_Api_MultiGetUserResponse = z.object({
90
89
  name: z.string(),
91
90
  displayName: z.string(),
92
91
  });
93
- const Roblox_Web_WebAPI_Models_ApiArrayResponse_Roblox_Users_Api_MultiGetUserResponse_ =
94
- z.object({ data: z.array(Roblox_Users_Api_MultiGetUserResponse) });
92
+ const Roblox_Web_WebAPI_Models_ApiArrayResponse_Roblox_Users_Api_MultiGetUserResponse_ = z.object({
93
+ data: z.array(Roblox_Users_Api_MultiGetUserResponse),
94
+ });
95
95
  const Roblox_Users_Api_SetDisplayNameRequest = z.object({
96
96
  newDisplayName: z.string(),
97
97
  });
@@ -101,10 +101,10 @@ const Roblox_Users_Api_SetDisplayNameRequest = z.object({
101
101
  * @summary Get the user's birthdate
102
102
  */
103
103
  export const getBirthdate = endpoint({
104
- method: "GET",
105
- path: "/v1/birthdate",
106
- baseUrl: "https://users.roblox.com",
107
- requestFormat: "json",
104
+ method: 'GET',
105
+ path: '/v1/birthdate',
106
+ baseUrl: 'https://users.roblox.com',
107
+ requestFormat: 'json',
108
108
  response: Roblox_Users_Api_BirthdateResponse,
109
109
  errors: [
110
110
  {
@@ -123,10 +123,10 @@ export const getBirthdate = endpoint({
123
123
  * @param body The Roblox.Users.Api.BirthdateRequest
124
124
  */
125
125
  export const postBirthdate = endpoint({
126
- method: "POST",
127
- path: "/v1/birthdate",
128
- baseUrl: "https://users.roblox.com",
129
- requestFormat: "json",
126
+ method: 'POST',
127
+ path: '/v1/birthdate',
128
+ baseUrl: 'https://users.roblox.com',
129
+ requestFormat: 'json',
130
130
  serializationMethod: {
131
131
  body: {},
132
132
  },
@@ -162,10 +162,10 @@ export const postBirthdate = endpoint({
162
162
  * @summary Get the user's description
163
163
  */
164
164
  export const getDescription = endpoint({
165
- method: "GET",
166
- path: "/v1/description",
167
- baseUrl: "https://users.roblox.com",
168
- requestFormat: "json",
165
+ method: 'GET',
166
+ path: '/v1/description',
167
+ baseUrl: 'https://users.roblox.com',
168
+ requestFormat: 'json',
169
169
  response: z.object({ description: z.string() }),
170
170
  errors: [
171
171
  {
@@ -184,10 +184,10 @@ export const getDescription = endpoint({
184
184
  * @param body The Roblox.Users.Api.DescriptionRequest
185
185
  */
186
186
  export const postDescription = endpoint({
187
- method: "POST",
188
- path: "/v1/description",
189
- baseUrl: "https://users.roblox.com",
190
- requestFormat: "json",
187
+ method: 'POST',
188
+ path: '/v1/description',
189
+ baseUrl: 'https://users.roblox.com',
190
+ requestFormat: 'json',
191
191
  serializationMethod: {
192
192
  body: {},
193
193
  },
@@ -225,17 +225,17 @@ export const postDescription = endpoint({
225
225
  * @param birthdate The new user's birthdate
226
226
  */
227
227
  export const getDisplayNamesValidate = endpoint({
228
- method: "GET",
229
- path: "/v1/display-names/validate",
230
- baseUrl: "https://users.roblox.com",
231
- requestFormat: "json",
228
+ method: 'GET',
229
+ path: '/v1/display-names/validate',
230
+ baseUrl: 'https://users.roblox.com',
231
+ requestFormat: 'json',
232
232
  serializationMethod: {
233
233
  displayName: {
234
- style: "form",
234
+ style: 'form',
235
235
  explode: true,
236
236
  },
237
237
  birthdate: {
238
- style: "form",
238
+ style: 'form',
239
239
  explode: true,
240
240
  },
241
241
  },
@@ -265,10 +265,10 @@ export const getDisplayNamesValidate = endpoint({
265
265
  * @summary Get the user's gender
266
266
  */
267
267
  export const getGender = endpoint({
268
- method: "GET",
269
- path: "/v1/gender",
270
- baseUrl: "https://users.roblox.com",
271
- requestFormat: "json",
268
+ method: 'GET',
269
+ path: '/v1/gender',
270
+ baseUrl: 'https://users.roblox.com',
271
+ requestFormat: 'json',
272
272
  response: z.object({ gender: z.number().int() }),
273
273
  errors: [
274
274
  {
@@ -287,10 +287,10 @@ export const getGender = endpoint({
287
287
  * @param body The Roblox.Users.Api.GenderRequest
288
288
  */
289
289
  export const postGender = endpoint({
290
- method: "POST",
291
- path: "/v1/gender",
292
- baseUrl: "https://users.roblox.com",
293
- requestFormat: "json",
290
+ method: 'POST',
291
+ path: '/v1/gender',
292
+ baseUrl: 'https://users.roblox.com',
293
+ requestFormat: 'json',
294
294
  serializationMethod: {
295
295
  body: {},
296
296
  },
@@ -326,17 +326,16 @@ export const postGender = endpoint({
326
326
  Does not require X-CSRF-Token protection because this is essentially a get request but as a POST to avoid URI limits.
327
327
  */
328
328
  export const postUsernamesUsers = endpoint({
329
- method: "POST",
330
- path: "/v1/usernames/users",
331
- baseUrl: "https://users.roblox.com",
332
- requestFormat: "json",
329
+ method: 'POST',
330
+ path: '/v1/usernames/users',
331
+ baseUrl: 'https://users.roblox.com',
332
+ requestFormat: 'json',
333
333
  serializationMethod: {
334
334
  body: {},
335
335
  },
336
336
  parameters: {},
337
337
  body: Roblox_Users_Api_MultiGetByUsernameRequest,
338
- response:
339
- Roblox_Web_WebAPI_Models_ApiArrayResponse_Roblox_Users_Api_MultiGetUserByNameResponse_,
338
+ response: Roblox_Web_WebAPI_Models_ApiArrayResponse_Roblox_Users_Api_MultiGetUserByNameResponse_,
340
339
  errors: [
341
340
  {
342
341
  status: 400,
@@ -351,17 +350,16 @@ export const postUsernamesUsers = endpoint({
351
350
  * @description Does not require X-CSRF-Token protection because this is essentially a get request but as a POST to avoid URI limits.
352
351
  */
353
352
  export const postUsers = endpoint({
354
- method: "POST",
355
- path: "/v1/users",
356
- baseUrl: "https://users.roblox.com",
357
- requestFormat: "json",
353
+ method: 'POST',
354
+ path: '/v1/users',
355
+ baseUrl: 'https://users.roblox.com',
356
+ requestFormat: 'json',
358
357
  serializationMethod: {
359
358
  body: {},
360
359
  },
361
360
  parameters: {},
362
361
  body: Roblox_Users_Api_MultiGetByUserIdRequest,
363
- response:
364
- Roblox_Web_WebAPI_Models_ApiArrayResponse_Roblox_Users_Api_MultiGetUserResponse_,
362
+ response: Roblox_Web_WebAPI_Models_ApiArrayResponse_Roblox_Users_Api_MultiGetUserResponse_,
365
363
  errors: [
366
364
  {
367
365
  status: 400,
@@ -375,13 +373,13 @@ export const postUsers = endpoint({
375
373
  * @param userId The user id.
376
374
  */
377
375
  export const getUsersUserid = endpoint({
378
- method: "GET",
379
- path: "/v1/users/:userId",
380
- baseUrl: "https://users.roblox.com",
381
- requestFormat: "json",
376
+ method: 'GET',
377
+ path: '/v1/users/:userId',
378
+ baseUrl: 'https://users.roblox.com',
379
+ requestFormat: 'json',
382
380
  serializationMethod: {
383
381
  userId: {
384
- style: "simple",
382
+ style: 'simple',
385
383
  },
386
384
  },
387
385
  parameters: {
@@ -402,14 +400,14 @@ export const getUsersUserid = endpoint({
402
400
  * @param userId the user id
403
401
  */
404
402
  export const patchUsersUseridDisplayNames = endpoint({
405
- method: "PATCH",
406
- path: "/v1/users/:userId/display-names",
407
- baseUrl: "https://users.roblox.com",
408
- requestFormat: "json",
403
+ method: 'PATCH',
404
+ path: '/v1/users/:userId/display-names',
405
+ baseUrl: 'https://users.roblox.com',
406
+ requestFormat: 'json',
409
407
  serializationMethod: {
410
408
  body: {},
411
409
  userId: {
412
- style: "simple",
410
+ style: 'simple',
413
411
  },
414
412
  },
415
413
  parameters: {
@@ -448,16 +446,16 @@ export const patchUsersUseridDisplayNames = endpoint({
448
446
  * @param displayName The display name.
449
447
  */
450
448
  export const getUsersUseridDisplayNamesValidate = endpoint({
451
- method: "GET",
452
- path: "/v1/users/:userId/display-names/validate",
453
- baseUrl: "https://users.roblox.com",
454
- requestFormat: "json",
449
+ method: 'GET',
450
+ path: '/v1/users/:userId/display-names/validate',
451
+ baseUrl: 'https://users.roblox.com',
452
+ requestFormat: 'json',
455
453
  serializationMethod: {
456
454
  userId: {
457
- style: "simple",
455
+ style: 'simple',
458
456
  },
459
457
  displayName: {
460
- style: "form",
458
+ style: 'form',
461
459
  explode: true,
462
460
  },
463
461
  },
@@ -498,24 +496,24 @@ export const getUsersUseridDisplayNamesValidate = endpoint({
498
496
  * @param sortOrder The order the results are sorted in.
499
497
  */
500
498
  export const getUsersUseridUsernameHistory = endpoint({
501
- method: "GET",
502
- path: "/v1/users/:userId/username-history",
503
- baseUrl: "https://users.roblox.com",
504
- requestFormat: "json",
499
+ method: 'GET',
500
+ path: '/v1/users/:userId/username-history',
501
+ baseUrl: 'https://users.roblox.com',
502
+ requestFormat: 'json',
505
503
  serializationMethod: {
506
504
  userId: {
507
- style: "simple",
505
+ style: 'simple',
508
506
  },
509
507
  limit: {
510
- style: "form",
508
+ style: 'form',
511
509
  explode: true,
512
510
  },
513
511
  cursor: {
514
- style: "form",
512
+ style: 'form',
515
513
  explode: true,
516
514
  },
517
515
  sortOrder: {
518
- style: "form",
516
+ style: 'form',
519
517
  explode: true,
520
518
  },
521
519
  },
@@ -526,10 +524,9 @@ export const getUsersUseridUsernameHistory = endpoint({
526
524
  .optional()
527
525
  .default(10),
528
526
  cursor: z.string().optional(),
529
- sortOrder: z.enum(["Asc", "Desc"]).optional().default("Asc"),
527
+ sortOrder: z.enum(['Asc', 'Desc']).optional().default('Asc'),
530
528
  },
531
- response:
532
- Roblox_Web_WebAPI_Models_ApiPageResponse_Roblox_Users_Api_UsernameHistoryResponse_,
529
+ response: Roblox_Web_WebAPI_Models_ApiPageResponse_Roblox_Users_Api_UsernameHistoryResponse_,
533
530
  errors: [
534
531
  {
535
532
  status: 400,
@@ -542,10 +539,10 @@ export const getUsersUseridUsernameHistory = endpoint({
542
539
  * @summary Gets the minimal authenticated user.
543
540
  */
544
541
  export const getUsersAuthenticated = endpoint({
545
- method: "GET",
546
- path: "/v1/users/authenticated",
547
- baseUrl: "https://users.roblox.com",
548
- requestFormat: "json",
542
+ method: 'GET',
543
+ path: '/v1/users/authenticated',
544
+ baseUrl: 'https://users.roblox.com',
545
+ requestFormat: 'json',
549
546
  response: Roblox_Users_Api_AuthenticatedGetUserResponse,
550
547
  errors: [
551
548
  {
@@ -559,10 +556,10 @@ export const getUsersAuthenticated = endpoint({
559
556
  * @summary Gets the age bracket of the authenticated user.
560
557
  */
561
558
  export const getUsersAuthenticatedAgeBracket = endpoint({
562
- method: "GET",
563
- path: "/v1/users/authenticated/age-bracket",
564
- baseUrl: "https://users.roblox.com",
565
- requestFormat: "json",
559
+ method: 'GET',
560
+ path: '/v1/users/authenticated/age-bracket',
561
+ baseUrl: 'https://users.roblox.com',
562
+ requestFormat: 'json',
566
563
  response: z.object({ ageBracket: z.number().int() }),
567
564
  errors: [
568
565
  {
@@ -576,10 +573,10 @@ export const getUsersAuthenticatedAgeBracket = endpoint({
576
573
  * @summary Gets the country code of the authenticated user.
577
574
  */
578
575
  export const getUsersAuthenticatedCountryCode = endpoint({
579
- method: "GET",
580
- path: "/v1/users/authenticated/country-code",
581
- baseUrl: "https://users.roblox.com",
582
- requestFormat: "json",
576
+ method: 'GET',
577
+ path: '/v1/users/authenticated/country-code',
578
+ baseUrl: 'https://users.roblox.com',
579
+ requestFormat: 'json',
583
580
  response: z.object({ countryCode: z.string() }),
584
581
  errors: [
585
582
  {
@@ -593,10 +590,10 @@ export const getUsersAuthenticatedCountryCode = endpoint({
593
590
  * @summary Gets the (public) roles of the authenticated user, such as `"Soothsayer"` and `"BetaTester"`.
594
591
  */
595
592
  export const getUsersAuthenticatedRoles = endpoint({
596
- method: "GET",
597
- path: "/v1/users/authenticated/roles",
598
- baseUrl: "https://users.roblox.com",
599
- requestFormat: "json",
593
+ method: 'GET',
594
+ path: '/v1/users/authenticated/roles',
595
+ baseUrl: 'https://users.roblox.com',
596
+ requestFormat: 'json',
600
597
  response: Roblox_Users_Api_UserRolesResponse,
601
598
  errors: [
602
599
  {
@@ -614,25 +611,25 @@ export const getUsersAuthenticatedRoles = endpoint({
614
611
  * @param cursor The paging cursor for the previous or next page.
615
612
  */
616
613
  export const getUsersSearch = endpoint({
617
- method: "GET",
618
- path: "/v1/users/search",
619
- baseUrl: "https://users.roblox.com",
620
- requestFormat: "json",
614
+ method: 'GET',
615
+ path: '/v1/users/search',
616
+ baseUrl: 'https://users.roblox.com',
617
+ requestFormat: 'json',
621
618
  serializationMethod: {
622
619
  keyword: {
623
- style: "form",
620
+ style: 'form',
624
621
  explode: true,
625
622
  },
626
623
  sessionId: {
627
- style: "form",
624
+ style: 'form',
628
625
  explode: true,
629
626
  },
630
627
  limit: {
631
- style: "form",
628
+ style: 'form',
632
629
  explode: true,
633
630
  },
634
631
  cursor: {
635
- style: "form",
632
+ style: 'form',
636
633
  explode: true,
637
634
  },
638
635
  },
@@ -645,8 +642,7 @@ export const getUsersSearch = endpoint({
645
642
  .default(10),
646
643
  cursor: z.string().optional(),
647
644
  },
648
- response:
649
- Roblox_Web_WebAPI_Models_ApiPageResponse_Roblox_Users_Api_SearchGetUserResponse_,
645
+ response: Roblox_Web_WebAPI_Models_ApiPageResponse_Roblox_Users_Api_SearchGetUserResponse_,
650
646
  errors: [
651
647
  {
652
648
  status: 400,
package/lib/index.d.ts CHANGED
@@ -79,7 +79,38 @@ type CacheOptions = {
79
79
  type RequestOptions<R = boolean> = RequestInit & RetryOptions & ErrorOptions & CacheOptions & {
80
80
  returnRaw?: R;
81
81
  };
82
- export declare const hbaClient: HBAClient;
82
+ type TokenMetadata = Awaited<ReturnType<HBAClient['getTokenMetadata']>>;
83
+ /**
84
+ * HBAClient hardened for server (Node/Bun) usage:
85
+ *
86
+ * - `generateBaseHeaders` short-circuits when no crypto key source exists
87
+ * (no supplied key pair and no IndexedDB): a BAT can never be signed, so
88
+ * the token metadata page must not be fetched at all.
89
+ * - `getTokenMetadata` remembers failed lookups for a TTL. The base class
90
+ * only caches successes, so an unparseable metadata page (e.g. a bot
91
+ * challenge served to a datacenter IP) would otherwise be refetched on
92
+ * every request — unbounded network and memory churn on hot paths.
93
+ * - The metadata page fetch is bounded by a timeout and sent with the
94
+ * configured server user agent instead of the runtime default, which is
95
+ * far more likely to receive a challenge page.
96
+ */
97
+ declare class ServerSafeHBAClient extends HBAClient {
98
+ private metadataFailureAt;
99
+ private metadataInFlight?;
100
+ private readonly metadataSource?;
101
+ constructor(props?: ConstructorParameters<typeof HBAClient>[0] & {
102
+ metadataSource?: ServerSafeHBAClient;
103
+ });
104
+ /**
105
+ * Forget a remembered metadata failure so the next lookup retries
106
+ * immediately. Called when HBA keys are (re)configured — a lookup that
107
+ * failed under the old configuration says nothing about the new one.
108
+ */
109
+ resetMetadataFailure(): void;
110
+ generateBaseHeaders(requestUrl: string | URL, requestMethod?: string, includeCredentials?: boolean, body?: unknown): Promise<Record<string, string>>;
111
+ getTokenMetadata(uncached?: boolean): Promise<TokenMetadata>;
112
+ }
113
+ export declare const hbaClient: ServerSafeHBAClient;
83
114
  export type PoolRotation = 'none' | 'random' | 'round-robin';
84
115
  /**
85
116
  * Event data passed to the cookie refresh callback when Roblox rotates a cookie.
@@ -165,6 +196,26 @@ export type ServerConfig = {
165
196
  * ```
166
197
  */
167
198
  onCookieRefresh?: CookieRefreshCallback;
199
+ /**
200
+ * ECDSA P-256 key pair(s) used to sign hardware-backed auth (BAT) tokens.
201
+ * Keys are bound to a session: Roblox validates signatures against the
202
+ * public key registered when the cookie's session was authenticated, so a
203
+ * freshly generated pair produces invalid tokens. Without keys, BAT
204
+ * generation is skipped entirely on the server (there is no IndexedDB to
205
+ * load browser-registered keys from).
206
+ *
207
+ * Pass an array to bind keys per cookie: entries align index-for-index
208
+ * with the `cookies` array (lengths must match), and `null` entries mark
209
+ * cookies whose sessions have no registered key — those requests send no
210
+ * BAT. A single (non-array) pair applies to all requests and is only
211
+ * sensible with a single cookie.
212
+ *
213
+ * Per-cookie keys are bound to the `cookies` array passed in the same
214
+ * call: a later `configureServer` call that omits `hbaKeys` drops them
215
+ * (requests then send no BAT). Re-pass the array together with the
216
+ * cookies whenever you reconfigure.
217
+ */
218
+ hbaKeys?: CryptoKeyPair | Array<CryptoKeyPair | null>;
168
219
  };
169
220
  /**
170
221
  * Configures RoZod for server/Node.js environments.
@@ -296,6 +347,10 @@ export declare function setHandleGenericChallenge(fn: typeof handleGenericChalle
296
347
  /**
297
348
  * Allows you to change the Crypto Key pair used by the internal hardware-based authentication signatures. This should only be used in a NodeJS context.
298
349
  *
350
+ * The pair applies to every request: any per-cookie keys configured via
351
+ * `configureServer({ hbaKeys: [...] })` are discarded. To key individual
352
+ * cookies in a pool, use `configureServer` instead.
353
+ *
299
354
  * @param keys The crypto key pair.
300
355
  */
301
356
  export declare function changeHBAKeys(keys?: CryptoKeyPair): void;