woodsportal-client-sdk 4.0.7 → 4.0.8-dev.1

package/dist/chunk-BXKFJ5NQ.js

@@ -0,0 +1,1272 @@
+import { getAuthRefreshToken, createMutation, Client } from './chunk-PVX6FWCW.js';
+import { getParam, actions6 } from './chunk-ETYE73AH.js';
+import { hasRefreshSession, isAccessTokenExpired, hydrateSessionRefreshState, clearSessionRefreshExhaustedState, resetSessionAuthState, isRefreshInFlight, isSessionRefreshExhausted, didLastRefreshFail, hasValidAccessToken, isExpiresAccessToken, isAuthenticateApp, isAuthenticated, clearAccessToken, setAccessToken, getAccessToken, refreshSession, getRefreshToken, classifyHttpError, clearRefreshToken, storeMfaPendingAccessToken, logger, setPortal, setSubscriptionType, setRefreshToken, setLoggedInDetails, setConfig, clearMfaPendingAccessToken } from './chunk-NDDE6ZZ3.js';
+import { isCookieExpired, clearClientAuthCookies } from './chunk-KPHAQNS2.js';
+import { parseApiErrorPayload } from './chunk-COHBSTHF.js';
+import axios from 'axios';
+
+// src/main/core/auth/session-contract.ts
+function hasValidAccess(input) {
+  return input.hasAccessToken() && !input.isAccessTokenExpired();
+}
+function isFullyAuthenticated(input) {
+  if (input.isMfaPending?.()) {
+    return false;
+  }
+  if (hasValidAccess(input)) {
+    return true;
+  }
+  return input.hasRefreshSession();
+}
+function isMfaPendingSession(input) {
+  return Boolean(input.isMfaPending?.());
+}
+function hasAuthenticatedAccess(input) {
+  if (input.isMfaPending?.()) {
+    return Boolean(input.hasAccessToken());
+  }
+  return hasValidAccess(input);
+}
+
+// src/main/core/http/session-persistence-error.ts
+var SessionPersistenceError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "SessionPersistenceError";
+  }
+};
+
+// src/main/core/http/login-session.ts
+function unwrapLoginBody(response) {
+  return response?.data ?? response ?? {};
+}
+async function completeLoginSession(response) {
+  const body = unwrapLoginBody(response);
+  const tokenData = body?.tokenData || {};
+  const loggedInDetails = body?.loggedInDetails || {};
+  const currentPortal = loggedInDetails?.currentPortal || {};
+  const currentPortalId = currentPortal?.portalId || null;
+  const subscriptionType = loggedInDetails?.subscriptionType || "BASIC";
+  const token = tokenData?.token;
+  const refreshToken = tokenData?.refreshToken;
+  const expiresIn = tokenData?.expiresIn;
+  const refreshExpiresAt = tokenData?.refreshExpiresAt;
+  const rExpiresIn = tokenData?.refreshExpiresIn;
+  if (!token || typeof token !== "string") {
+    logger.error("auth", "login session missing access token", { operation: "completeLoginSession" });
+    throw new SessionPersistenceError("Session persistence failed: missing access token in login response");
+  }
+  if (!refreshToken || typeof refreshToken !== "string") {
+    logger.error("auth", "login session missing refresh token", { operation: "completeLoginSession" });
+    throw new SessionPersistenceError("Session persistence failed: missing refresh token in login response");
+  }
+  await setPortal(currentPortal);
+  await setSubscriptionType(subscriptionType);
+  await setAccessToken(token, expiresIn);
+  await setRefreshToken(refreshToken, refreshExpiresAt ?? rExpiresIn);
+  await setLoggedInDetails(body);
+  actions6.setProfile(response?.data != null ? response : { data: body });
+  setConfig.setDevPortalId(currentPortalId);
+  clearMfaPendingAccessToken("c");
+  return response;
+}
+async function applyLoginResponse(response) {
+  const data = unwrapLoginBody(response);
+  if (data?.twoFactorRequired === true) {
+    const tokenData = data?.tokenData || {};
+    const token = tokenData?.token;
+    const expiresIn = tokenData?.expiresIn;
+    if (token) {
+      clearRefreshToken();
+      await setAccessToken(token, expiresIn);
+      storeMfaPendingAccessToken(token, expiresIn, "c");
+    }
+    return response;
+  }
+  return completeLoginSession(response);
+}
+
+// src/main/features/auth/api/authentication.ts
+function preLogin(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const response = await Client.authentication.preLogin(payload);
+    return response;
+  }, options);
+  return {
+    mutate,
+    preLogin: mutate,
+    isLoading
+  };
+}
+function login(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const response = await Client.authentication.login(payload);
+    await applyLoginResponse(response);
+    return response;
+  }, options);
+  return {
+    mutate,
+    login: mutate,
+    isLoading
+  };
+}
+function handoff(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const response = await Client.authentication.handoff(payload);
+    await applyLoginResponse(response);
+    return response;
+  }, options);
+  return {
+    mutate,
+    handoff: mutate,
+    isLoading
+  };
+}
+function clientSession(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const response = await Client.authentication.clientSession(payload);
+    await applyLoginResponse(response);
+    return response;
+  }, options);
+  return {
+    mutate,
+    clientSession: mutate,
+    isLoading
+  };
+}
+function register(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const response = await Client.authentication.register(payload);
+    return response;
+  }, options);
+  return {
+    mutate,
+    register: mutate,
+    isLoading
+  };
+}
+function verifyEmail(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const verifyEmailPayload = payload || {};
+    const token = getParam("token");
+    if (!verifyEmailPayload?.token) verifyEmailPayload.token = token;
+    const response = await Client.authentication.verifyEmail(verifyEmailPayload);
+    return response;
+  }, options);
+  return {
+    mutate,
+    verifyEmail: mutate,
+    isLoading
+  };
+}
+function resetPasswordVerifyToken(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const resetPasswordVerifyTokenPayload = payload || {};
+    const token = getParam("token");
+    if (!resetPasswordVerifyTokenPayload?.token) resetPasswordVerifyTokenPayload.token = token;
+    const response = await Client.authentication.resetPasswordVerifyToken(resetPasswordVerifyTokenPayload);
+    return response;
+  }, options);
+  return {
+    mutate,
+    resetPasswordVerifyToken: mutate,
+    isLoading
+  };
+}
+function resetPassword(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const response = await Client.authentication.resetPassword(payload);
+    return response;
+  }, options);
+  return {
+    mutate,
+    resetPassword: mutate,
+    isLoading
+  };
+}
+function forgetPassword(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const response = await Client.authentication.forgetPassword(payload);
+    return response;
+  }, options);
+  return {
+    mutate,
+    forgetPassword: mutate,
+    isLoading
+  };
+}
+function verifyForgotPasswordOtp(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const response = await Client.authentication.verifyForgotPasswordOtp(payload);
+    const data = response?.data ?? response;
+    return {
+      token: data?.token ?? ""
+    };
+  }, options);
+  return {
+    mutate,
+    verifyForgotPasswordOtp: mutate,
+    isLoading
+  };
+}
+function logout(options) {
+  const { mutate, isLoading } = createMutation(async () => {
+    try {
+      const response = await Client.authentication.logout();
+      return response;
+    } finally {
+      clearAccessToken();
+      clearClientAuthCookies();
+    }
+  }, options);
+  return {
+    mutate,
+    logout: mutate,
+    isLoading
+  };
+}
+function registerExistingUser(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const response = await Client.authentication.registerExistingUser(payload);
+    return response;
+  }, options);
+  return {
+    mutate,
+    registerExistingUser: mutate,
+    isLoading
+  };
+}
+function verifyEmailResend(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const response = await Client.authentication.verifyEmailResend(payload);
+    return response;
+  }, options);
+  return {
+    mutate,
+    verifyEmailResend: mutate,
+    isLoading
+  };
+}
+function resendEmail(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const response = await Client.authentication.resendEmail(payload);
+    return response;
+  }, options);
+  return {
+    mutate,
+    resendEmail: mutate,
+    isLoading
+  };
+}
+
+// src/main/features/auth/api/mfa.ts
+function verifyOtp(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const response = await Client.authentication.verifyOtp(payload);
+    await applyLoginResponse(response);
+    return response;
+  }, options);
+  return { mutate, verifyOtp: mutate, isLoading };
+}
+function sendMfaOtp(options) {
+  const { mutate, isLoading } = createMutation(
+    async (payload) => Client.mfa.sendPendingOtp(payload),
+    options
+  );
+  return { mutate, sendOtp: mutate, sendMfaOtp: mutate, isLoading };
+}
+function pendingPasskeyOptions(options) {
+  const { mutate, isLoading } = createMutation(
+    async (payload) => Client.mfa.pendingPasskeyOptions(payload),
+    options
+  );
+  return { mutate, pendingPasskeyOptions: mutate, isLoading };
+}
+function pendingPasskeyVerify(options) {
+  const { mutate, isLoading } = createMutation(
+    async (payload) => {
+      const response = await Client.mfa.pendingPasskeyVerify(payload);
+      await applyLoginResponse(response);
+      return response;
+    },
+    options
+  );
+  return { mutate, pendingPasskeyVerify: mutate, isLoading };
+}
+function getMfaStatus(options) {
+  const { mutate, isLoading } = createMutation(
+    async (payload) => await Client.mfa.getStatus(payload),
+    options
+  );
+  return { mutate, getStatus: mutate, getMfaStatus: mutate, isLoading };
+}
+function setMfaPreferences(options) {
+  const { mutate, isLoading } = createMutation(
+    async (payload) => {
+      const { portalId, ...data } = payload;
+      return Client.mfa.setPreferences(data, { portalId });
+    },
+    options
+  );
+  return { mutate, setPreferences: mutate, setMfaPreferences: mutate, isLoading };
+}
+function startPhoneVerify(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const { portalId, ...data } = payload ?? { phone: "" };
+    return Client.mfa.startPhoneVerify(data, portalId != null ? { portalId } : void 0);
+  }, options);
+  return { mutate, startPhoneVerify: mutate, isLoading };
+}
+function confirmPhoneVerify(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const { portalId, ...data } = payload ?? { phone: "", code: "" };
+    return Client.mfa.confirmPhoneVerify(data, portalId != null ? { portalId } : void 0);
+  }, options);
+  return { mutate, confirmPhoneVerify: mutate, isLoading };
+}
+function totpEnrollStart(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => Client.mfa.totpEnrollStart(payload), options);
+  return { mutate, totpEnrollStart: mutate, isLoading };
+}
+function totpEnrollVerify(options) {
+  const { mutate, isLoading } = createMutation(
+    async (payload) => Client.mfa.totpEnrollVerify(payload),
+    options
+  );
+  return { mutate, totpEnrollVerify: mutate, isLoading };
+}
+function totpDisable(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const { portalId, ...data } = payload;
+    return Client.mfa.totpDisable(data, { portalId });
+  }, options);
+  return { mutate, totpDisable: mutate, isLoading };
+}
+function phoneUnverify(options) {
+  const { mutate, isLoading } = createMutation(
+    async (payload) => {
+      const { portalId, ...data } = payload;
+      return Client.mfa.phoneUnverify(data, { portalId });
+    },
+    options
+  );
+  return { mutate, phoneUnverify: mutate, isLoading };
+}
+function backupCodesRegenerate(options) {
+  const { mutate, isLoading } = createMutation(
+    async (payload) => {
+      const { portalId, ...data } = payload;
+      return Client.mfa.backupCodesRegenerate(data, { portalId });
+    },
+    options
+  );
+  return { mutate, backupCodesRegenerate: mutate, isLoading };
+}
+function mfaOptOut(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const { portalId, ...data } = payload;
+    return Client.mfa.optOut(data, { portalId });
+  }, options);
+  return { mutate, optOut: mutate, mfaOptOut: mutate, isLoading };
+}
+function webauthnRegisterOptions(options) {
+  const { mutate, isLoading } = createMutation(
+    async (payload) => Client.mfa.webauthnRegisterOptions(payload),
+    options
+  );
+  return { mutate, webauthnRegisterOptions: mutate, isLoading };
+}
+function webauthnRegisterVerify(options) {
+  const { mutate, isLoading } = createMutation(
+    async (payload) => Client.mfa.webauthnRegisterVerify(payload),
+    options
+  );
+  return { mutate, webauthnRegisterVerify: mutate, isLoading };
+}
+function webauthnAuthOptions(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => Client.mfa.webauthnAuthOptions(payload), options);
+  return { mutate, webauthnAuthOptions: mutate, isLoading };
+}
+function webauthnAuthVerify(options) {
+  const { mutate, isLoading } = createMutation(
+    async (payload) => Client.mfa.webauthnAuthVerify(payload),
+    options
+  );
+  return { mutate, webauthnAuthVerify: mutate, isLoading };
+}
+function listWebauthnCredentials(options) {
+  const { mutate, isLoading } = createMutation(
+    async (payload) => Client.mfa.listWebauthnCredentials(payload),
+    options
+  );
+  return { mutate, listWebauthnCredentials: mutate, isLoading };
+}
+function deleteWebauthnCredential(options) {
+  const { mutate, isLoading } = createMutation(
+    async (payload) => {
+      const { credentialRecordId, portalId } = payload;
+      return Client.mfa.deleteWebauthnCredential(credentialRecordId, { portalId });
+    },
+    options
+  );
+  return { mutate, deleteWebauthnCredential: mutate, isLoading };
+}
+function passkeyLoginOptions(options) {
+  const { mutate, isLoading } = createMutation(
+    async (payload) => Client.mfa.passkeyLoginOptions(payload),
+    options
+  );
+  return { mutate, passkeyLoginOptions: mutate, isLoading };
+}
+function passkeyLoginVerify(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const response = await Client.mfa.passkeyLoginVerify(payload);
+    await applyLoginResponse(response);
+    return response;
+  }, options);
+  return { mutate, passkeyLoginVerify: mutate, isLoading };
+}
+
+// src/main/features/auth/api/security.ts
+function getSecurityOverview(options) {
+  const { mutate, isLoading } = createMutation(
+    async (payload) => Client.security.getOverview(payload),
+    options
+  );
+  return { mutate, getOverview: mutate, getSecurityOverview: mutate, isLoading };
+}
+function getSecurityLoginActivity(options) {
+  const { mutate, isLoading } = createMutation(
+    async (payload) => Client.security.getLoginActivity(payload),
+    options
+  );
+  return { mutate, getLoginActivity: mutate, getSecurityLoginActivity: mutate, isLoading };
+}
+function getSecuritySessions(options) {
+  const { mutate, isLoading } = createMutation(
+    async (payload) => Client.security.getSessions(payload),
+    options
+  );
+  return { mutate, getSessions: mutate, getSecuritySessions: mutate, isLoading };
+}
+function revokeSecuritySession(options) {
+  const { mutate, isLoading } = createMutation(
+    async (payload) => Client.security.revokeSession(payload),
+    options
+  );
+  return { mutate, revokeSession: mutate, revokeSecuritySession: mutate, isLoading };
+}
+function revokeOtherSecuritySessions(options) {
+  const { mutate, isLoading } = createMutation(
+    async (payload) => Client.security.revokeOtherSessions(payload?.refreshToken),
+    options
+  );
+  return { mutate, revokeOtherSessions: mutate, revokeOtherSecuritySessions: mutate, isLoading };
+}
+
+// src/main/features/auth/api/login-bootstrap.ts
+function getLoginBootstrap(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const response = await Client.authentication.getLoginBootstrap(payload);
+    return response;
+  }, options);
+  return {
+    mutate,
+    getLoginBootstrap: mutate,
+    isLoading
+  };
+}
+
+// src/main/features/auth/api/sso.ts
+function getSsoDetails(options) {
+  const { mutate, isLoading } = createMutation(async () => {
+    const response = await Client.sso.getSsoDetails();
+    return response;
+  }, options);
+  return {
+    mutate,
+    getDetails: mutate,
+    getSsoDetails: mutate,
+    isLoading
+  };
+}
+function generateSsoUrl(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const response = await Client.sso.generateSsoUrl(payload);
+    return response;
+  }, options);
+  return {
+    mutate,
+    generateUrl: mutate,
+    generateSsoUrl: mutate,
+    isLoading
+  };
+}
+function ssoCallback(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const response = await Client.sso.ssoCallback(payload);
+    await applyLoginResponse(response);
+    return response;
+  }, options);
+  return {
+    mutate,
+    callback: mutate,
+    ssoCallback: mutate,
+    isLoading
+  };
+}
+
+// src/main/features/auth/api/users.ts
+var meRequestInFlight = null;
+async function fetchMeOnce() {
+  if (!meRequestInFlight) {
+    meRequestInFlight = Client.user.me().finally(() => {
+      meRequestInFlight = null;
+    });
+  }
+  return meRequestInFlight;
+}
+function me(options) {
+  const { mutate, isLoading } = createMutation(async () => {
+    const response = await fetchMeOnce();
+    actions6.setProfile(response);
+    return response?.data;
+  }, options);
+  return {
+    mutate,
+    me: mutate,
+    isLoading
+  };
+}
+function profile(options) {
+  const { mutate, isLoading } = createMutation(async (paylaod) => {
+    const response = await Client.user.profile(paylaod);
+    return response;
+  }, options);
+  return {
+    mutate,
+    profile: mutate,
+    isLoading
+  };
+}
+function profileUpdate(options) {
+  const { mutate, isLoading } = createMutation(async (paylaod) => {
+    const response = await Client.user.profileUpdate(paylaod);
+    return response;
+  }, options);
+  return {
+    mutate,
+    updateProfile: mutate,
+    profileUpdate: mutate,
+    isLoading
+  };
+}
+function changePassword(options) {
+  const { mutate, isLoading } = createMutation(async (payload) => {
+    const response = await Client.user.changePassword(payload);
+    return response;
+  }, options);
+  return {
+    mutate,
+    changePassword: mutate,
+    isLoading
+  };
+}
+
+// src/main/api/nested-auth-api.ts
+var authApi = {
+  preLogin,
+  login,
+  clientSession,
+  handoff,
+  logout,
+  register,
+  verifyEmail,
+  registerExistingUser,
+  forgetPassword,
+  verifyForgotPasswordOtp,
+  resetPassword,
+  resetPasswordVerifyToken,
+  verifyEmailResend,
+  resendEmail,
+  changePassword,
+  me,
+  profile,
+  updateProfile: profileUpdate,
+  mfa: {
+    verifyOtp,
+    sendOtp: sendMfaOtp,
+    pendingPasskeyOptions,
+    pendingPasskeyVerify,
+    getStatus: getMfaStatus,
+    setPreferences: setMfaPreferences,
+    startPhoneVerify,
+    confirmPhoneVerify,
+    totpEnrollStart,
+    totpEnrollVerify,
+    totpDisable,
+    phoneUnverify,
+    backupCodesRegenerate,
+    optOut: mfaOptOut,
+    mfaOptOut,
+    webauthnRegisterOptions,
+    webauthnRegisterVerify,
+    webauthnAuthOptions,
+    webauthnAuthVerify,
+    listWebauthnCredentials,
+    deleteWebauthnCredential,
+    passkeyLoginOptions,
+    passkeyLoginVerify
+  },
+  security: {
+    getOverview: getSecurityOverview,
+    getLoginActivity: getSecurityLoginActivity,
+    getSessions: getSecuritySessions,
+    revokeSession: revokeSecuritySession,
+    revokeOtherSessions: revokeOtherSecuritySessions
+  },
+  loginBootstrap: getLoginBootstrap,
+  sso: {
+    getDetails: getSsoDetails,
+    generateUrl: generateSsoUrl,
+    callback: ssoCallback
+  },
+  session: {
+    getRefreshToken,
+    refreshSession,
+    refreshAccessToken: getAuthRefreshToken,
+    getAccessToken,
+    setAccessToken,
+    clearAccessToken,
+    isAuthenticated,
+    isAuthenticateApp,
+    isAccessTokenExpired,
+    isExpiresAccessToken,
+    isCookieExpired,
+    hasRefreshSession,
+    hasValidAccessToken,
+    didLastRefreshFail,
+    isSessionRefreshExhausted,
+    isRefreshInFlight,
+    resetSessionAuthState,
+    clearSessionRefreshExhaustedState,
+    hydrateSessionRefreshState,
+    contract: () => ({
+      hasAccessToken: () => Boolean(getAccessToken()),
+      isAccessTokenExpired,
+      hasRefreshSession
+    }),
+    isFullyAuthenticated: () => isFullyAuthenticated({
+      hasAccessToken: () => Boolean(getAccessToken()),
+      isAccessTokenExpired,
+      hasRefreshSession
+    }),
+    hasAuthenticatedAccess: () => hasAuthenticatedAccess({
+      hasAccessToken: () => Boolean(getAccessToken()),
+      isAccessTokenExpired,
+      hasRefreshSession
+    }),
+    hasValidAccess: () => hasValidAccess({
+      hasAccessToken: () => Boolean(getAccessToken()),
+      isAccessTokenExpired,
+      hasRefreshSession
+    })
+  }
+};
+
+// src/main/core/auth/bootstrap-contract.ts
+async function recoverMfaGateOnBoot(input) {
+  const hasContext = input.hasMfaContext();
+  let hasToken = input.hasAccessToken();
+  const hasRefresh = input.hasRefreshToken();
+  if (hasContext && hasToken) {
+    return "pending";
+  }
+  if (hasContext && !hasToken) {
+    const hydrated = await input.tryHydrateMfaAccessToken?.();
+    hasToken = input.hasAccessToken();
+    if (hydrated && hasToken) {
+      return "pending";
+    }
+    input.clearMfaOrphan();
+    return "orphan_cleared";
+  }
+  if (hasToken && !hasContext && !hasRefresh) {
+    input.clearStaleAccessToken();
+    return "stale_token_cleared";
+  }
+  return "none";
+}
+
+// src/main/core/auth/route-guard-contract.ts
+function resolveAuthRouteAction(input) {
+  const {
+    pathname,
+    isPublicAuthRoute,
+    session,
+    funnel,
+    mfaRoute,
+    previewMode = false,
+    sessionRestoring = false,
+    sessionRefreshExhausted = false
+  } = input;
+  if (previewMode) {
+    return { kind: "allow" };
+  }
+  if (isMfaPendingSession(session)) {
+    if (pathname === mfaRoute) {
+      return { kind: "allow" };
+    }
+    return { kind: "redirect_mfa" };
+  }
+  if (sessionRestoring && !sessionRefreshExhausted) {
+    return { kind: "show_loader" };
+  }
+  if (sessionRefreshExhausted && !hasValidAccess(session)) {
+    if (isPublicAuthRoute(pathname)) {
+      return { kind: "allow" };
+    }
+    return { kind: "redirect_login" };
+  }
+  const authenticated = isFullyAuthenticated(session);
+  if (!authenticated) {
+    if (isPublicAuthRoute(pathname)) {
+      return { kind: "allow" };
+    }
+    return { kind: "redirect_login" };
+  }
+  if (funnel) {
+    if (funnel.emailVerified === false) {
+      return { kind: "redirect_funnel", step: "email_verify" };
+    }
+    if (!funnel.hubId) {
+      return { kind: "redirect_funnel", step: "hub_select" };
+    }
+    if (!funnel.portalId) {
+      return { kind: "redirect_funnel", step: "portal_select" };
+    }
+  }
+  return { kind: "allow" };
+}
+
+// src/main/core/errors/api-error-active-codes.ts
+var WOODSPORTAL_API_ACTIVE_ERROR_CODES = [
+  "ACCESS_DENIED",
+  "ACCESS_FORBIDDEN",
+  "ACTION_NOT_ACCESSIBLE",
+  "AMBIGUOUS_HUB_ID",
+  "API_EXCEPTION",
+  "ASSOCIATION_LABEL_NOT_FOUND",
+  "AUTHENTICATION_FAILED",
+  "AUTH_ACCOUNT_LOCKED",
+  "AUTH_TOKEN_EXPIRED",
+  "AUTH_TOKEN_INVALID",
+  "BAD_REQUEST",
+  "COMMERCIAL_ACCESS_EXPIRED",
+  "DATA_CONFLICT",
+  "DATA_FETCH_FAILED",
+  "DATA_PROCESSING_FAILED",
+  "DECRYPTION_FAILED",
+  "EMAIL_SENDING_FAILED",
+  "ENCRYPTION_FAILED",
+  "ENTITLEMENT_USAGE_EXCEEDED",
+  "EXTERNAL_API_CLIENT_ERROR",
+  "FILE_UNSUPPORTED_TYPE",
+  "FILE_UPLOAD_FAILED",
+  "GRAPHQL_API_EXCEPTION",
+  "HUBSPOT_OBJECT_NOT_FOUND",
+  "HUBSPOT_REAUTH_REQUIRED",
+  "HUBSPOT_SYNC_FAILED",
+  "ILLEGAL_STATE",
+  "INTERNAL_ERROR",
+  "INVALID_ARGUMENT",
+  "JSON_PARSE_FAILED",
+  "JWT_SECRET_INVALID",
+  "LAST_ACTIVE_PIPELINE_REQUIRED",
+  "LOGIN_FAILED",
+  "MALFORMED_JSON",
+  "METHOD_NOT_ALLOWED",
+  "MISSING_HEADERS",
+  "MISSING_REFRESH_TOKEN",
+  "MISSING_REQUIRED_DATA",
+  "OAUTH_PROCESSING_ERROR",
+  "OBJECT_ASSOCIATION_NOT_FOUND",
+  "OBJECT_INACTIVE",
+  "PORTAL_INACTIVE",
+  "PRIMARY_COMPANY_NOT_FOUND",
+  "PRODUCT_INSTALL_FAILED",
+  "RATE_LIMIT_EXCEEDED",
+  "RESOURCE_ALREADY_EXISTS",
+  "RESOURCE_CREATION_FAILED",
+  "RESOURCE_DELETION_FAILED",
+  "RESOURCE_MISSING_ASSOCIATION",
+  "RESOURCE_NOT_FOUND",
+  "RESOURCE_UPDATE_FAILED",
+  "RESOURCE_USER_NOT_FOUND",
+  "SQS_PROCESSING_FAILED",
+  "SUBSCRIPTION_ERROR",
+  "SYSTEM_INTERNAL_ERROR",
+  "TOO_MANY_REQUESTS",
+  "USERNAME_NOT_FOUND",
+  "VALIDATION_FAILED",
+  "WARM_FAILED"
+];
+
+// src/main/core/errors/api-error-display-config.ts
+function cfg(variant, title, fallbackDescription, options) {
+  return {
+    variant,
+    title,
+    fallbackDescription,
+    retry: options?.retry,
+    support: options?.support,
+    contentVariant: options?.contentVariant,
+    severity: options?.severity
+  };
+}
+var resource = (title, desc, options) => cfg("error", title, desc, { severity: "recoverable", ...options });
+var association = (title, desc, options) => cfg("association", title, desc, {
+  severity: "informational",
+  contentVariant: "association-not-found",
+  retry: false,
+  ...options
+});
+var access = (title, desc, options) => cfg("access", title, desc, {
+  severity: "informational",
+  contentVariant: "no-permission",
+  retry: false,
+  ...options
+});
+var auth = (title, desc, options) => cfg("auth", title, desc, { severity: "auth", retry: false, ...options });
+var validation = (title, desc, retry = false, options) => cfg("validation", title, desc, { severity: retry ? "recoverable" : "informational", retry, ...options });
+var commercial = (title, desc, options) => cfg("commercial", title, desc, { severity: "informational", support: true, retry: false, ...options });
+var file = (title, desc, retry = true, options) => cfg("file", title, desc, { severity: retry ? "recoverable" : "informational", retry, ...options });
+var integration = (title, desc, retry = true, options) => cfg("integration", title, desc, { severity: retry ? "recoverable" : "informational", retry, ...options });
+var system = (title, desc, retry = true, options) => cfg("error", title, desc, { severity: "recoverable", retry, support: true, ...options });
+var rateLimit = (title, desc, options) => cfg("rateLimit", title, desc, { severity: "recoverable", retry: true, ...options });
+var API_ERROR_DISPLAY_CONFIG = {
+  // Resource & data
+  RESOURCE_NOT_FOUND: resource(
+    "Resource not found",
+    "The requested resource could not be found. It may have been removed or you may not have access to it.",
+    { support: true }
+  ),
+  HUBSPOT_OBJECT_NOT_FOUND: resource(
+    "Configuration not found",
+    "HubSpot object configuration is missing for this portal or object type. Contact your administrator.",
+    { support: true, severity: "informational", retry: false, contentVariant: "association-not-found" }
+  ),
+  OBJECT_ASSOCIATION_NOT_FOUND: association("Association not found", "Association not found. Please contact your administrator or support team.", {
+    support: true
+  }),
+  ASSOCIATION_LABEL_NOT_FOUND: association(
+    "Association label not found",
+    "The association label could not be found. Contact your administrator to review the association setup.",
+    { support: true }
+  ),
+  PRIMARY_COMPANY_NOT_FOUND: association(
+    "Primary company not found",
+    "Primary company not found. Please contact your administrator or support team.",
+    { support: true }
+  ),
+  RESOURCE_USER_NOT_FOUND: resource("User not found", "The requested user could not be found.", { support: true }),
+  USERNAME_NOT_FOUND: resource("User not found", "Username lookup failed. Verify the username and try again."),
+  RESOURCE_ALREADY_EXISTS: resource("Resource already exists", "A resource with these details already exists."),
+  RESOURCE_MISSING_ASSOCIATION: association(
+    "Association required",
+    "A required association is missing. Create the association or contact your administrator.",
+    { support: true }
+  ),
+  RESOURCE_CREATION_FAILED: resource("Couldn't create resource", "We couldn't create this resource. Please try again.", { retry: true }),
+  RESOURCE_UPDATE_FAILED: resource("Couldn't update resource", "We couldn't update this resource. Please try again.", { retry: true }),
+  RESOURCE_DELETION_FAILED: resource("Couldn't delete resource", "We couldn't delete this resource. Please try again.", { retry: true }),
+  DATA_FETCH_FAILED: resource(
+    "Couldn't load this page",
+    "We couldn't load this page. Please try again in a few minutes. If the problem persists, contact your administrator.",
+    { retry: true, support: true }
+  ),
+  DATA_PROCESSING_FAILED: resource("Processing failed", "We couldn't process the data. Please try again in a few minutes.", { retry: true }),
+  DATA_CONFLICT: resource("Data conflict", "This action could not be completed because of a data conflict. Refresh and try again.", {
+    retry: true
+  }),
+  JSON_PARSE_FAILED: resource("Invalid data", "The response could not be read. Please try again.", { retry: true }),
+  OBJECT_INACTIVE: resource("Object inactive", "This HubSpot object is inactive. Contact your administrator to enable it.", { support: true }),
+  LAST_ACTIVE_PIPELINE_REQUIRED: resource("Pipeline required", "The last active pipeline cannot be disabled for deals or tickets.", {
+    support: true
+  }),
+  MISSING_REQUIRED_DATA: resource("Missing required data", "Required information is missing. Check the form and try again."),
+  // Auth & access
+  AUTHENTICATION_FAILED: auth("Authentication failed", "Sign-in failed. Check your credentials and try again."),
+  AUTH_TOKEN_INVALID: auth("Session invalid", "Your session is invalid. Please sign in again."),
+  AUTH_TOKEN_EXPIRED: auth("Session expired", "Your session has expired. Please sign in again."),
+  AUTH_ACCOUNT_LOCKED: auth("Account locked", "Your account is locked. Contact support if you need access."),
+  LOGIN_FAILED: auth("Login failed", "We could not sign you in. Check your credentials and try again."),
+  ACCESS_DENIED: access("Access denied", "You don't have access to this section yet. Contact your administrator to request permission."),
+  ACCESS_FORBIDDEN: access("Access forbidden", "You don't have permission to access this resource."),
+  MISSING_REFRESH_TOKEN: auth("Session ended", "Your session has ended. Please sign in again."),
+  MISSING_HEADERS: validation("Invalid request", "Required request headers are missing."),
+  JWT_SECRET_INVALID: system("Configuration error", "Authentication is misconfigured. Contact your administrator."),
+  OAUTH_PROCESSING_ERROR: auth("OAuth error", "We could not complete the OAuth sign-in. Please try again."),
+  HUBSPOT_REAUTH_REQUIRED: auth("HubSpot re-authorization required", "Reconnect your HubSpot account to continue using WoodsPortal."),
+  PORTAL_INACTIVE: auth("Portal inactive", "This portal is inactive. Contact your administrator."),
+  AMBIGUOUS_HUB_ID: auth("Account context unclear", "We could not determine which hub to use. Contact your administrator."),
+  // Validation & request
+  VALIDATION_FAILED: validation("Validation failed", "Please check the form and correct any errors."),
+  BAD_REQUEST: validation("Invalid request", "The request could not be processed. Check your input and try again."),
+  INVALID_ARGUMENT: validation("Invalid argument", "One or more values are invalid. Check your input and try again."),
+  MALFORMED_JSON: validation("Invalid request body", "The request body could not be read. Please try again."),
+  METHOD_NOT_ALLOWED: validation("Method not allowed", "This action is not supported for this endpoint."),
+  ACTION_NOT_ACCESSIBLE: cfg(
+    "actionDenied",
+    "Action not accessible",
+    "You don't have permission to perform this action. Contact your administrator to request access.",
+    {
+      severity: "informational",
+      contentVariant: "action-denied",
+      retry: false
+    }
+  ),
+  // Commercial & billing
+  COMMERCIAL_ACCESS_EXPIRED: commercial(
+    "Subscription required",
+    "Your trial or subscription has ended. Add a payment method or upgrade to continue."
+  ),
+  ENTITLEMENT_USAGE_EXCEEDED: commercial(
+    "Usage limit reached",
+    "You have exceeded your usage allowance. Upgrade your plan or contact your administrator."
+  ),
+  SUBSCRIPTION_ERROR: commercial("Subscription error", "There was a problem with your subscription. Contact your administrator or support."),
+  // Files
+  FILE_UPLOAD_FAILED: file("Upload failed", "We couldn't upload this file. Please try again."),
+  FILE_UNSUPPORTED_TYPE: file("Unsupported file type", "This file type is not supported. Choose a different file and try again.", false),
+  // External / integrations
+  EXTERNAL_API_CLIENT_ERROR: integration("External service error", "An external service returned an error. Please try again later."),
+  GRAPHQL_API_EXCEPTION: integration("CRM data error", "We could not load CRM data. Please try again in a few minutes."),
+  API_EXCEPTION: integration("Service error", "An external API call failed. Please try again."),
+  HUBSPOT_SYNC_FAILED: integration("HubSpot sync failed", "We could not sync with HubSpot. Please try again later."),
+  PRODUCT_INSTALL_FAILED: integration("Installation failed", "Product installation failed. Contact your administrator.", false),
+  SQS_PROCESSING_FAILED: system("Processing delayed", "Background processing failed. Please try again in a few minutes."),
+  EMAIL_SENDING_FAILED: integration("Email failed", "We could not send the email. Please try again."),
+  // System
+  INTERNAL_ERROR: system("Something went wrong", "An unexpected error occurred. Please try again."),
+  SYSTEM_INTERNAL_ERROR: system("Server error", "A server error occurred. Please try again in a few minutes."),
+  ILLEGAL_STATE: system("Unexpected state", "The application is in an unexpected state. Please try again."),
+  ENCRYPTION_FAILED: system("Security error", "Data could not be secured. Please try again."),
+  DECRYPTION_FAILED: system("Security error", "Data could not be read. Please try again."),
+  // Rate limiting
+  RATE_LIMIT_EXCEEDED: rateLimit("Too many requests", "You have made too many requests. Please wait a moment and try again."),
+  TOO_MANY_REQUESTS: rateLimit("Too many requests", "Too many requests from your network. Please wait and try again."),
+  // Internal job result
+  WARM_FAILED: cfg("error", "Cache warm failed", "A background cache operation failed.", { retry: true }),
+  // Reserved codes
+  ACCESS_UNAUTHORIZED: access("Unauthorized", "You are not authorized to access this resource."),
+  AUTH_2FA_REQUIRED: auth("Two-factor required", "Complete two-factor authentication to continue."),
+  AUTH_ACCOUNT_DISABLED: auth("Account disabled", "Your account is disabled. Contact support if you need access."),
+  AUTH_EMAIL_NOT_VERIFIED: auth("Email not verified", "Verify your email address before signing in."),
+  AUTH_INVALID_CREDENTIALS: auth("Invalid credentials", "The email or password is incorrect."),
+  CONFLICT_EMAIL_EXISTS: resource("Email already exists", "An account with this email already exists."),
+  CONFLICT_FILE_EXISTS: file("File already exists", "A file with this name already exists.", false),
+  CONFLICT_USERNAME_EXISTS: resource("Username taken", "This username is already in use."),
+  EXTERNAL_API_VALIDATION_ERROR: validation(
+    "External validation failed",
+    "An external service rejected the request. Check your input and try again."
+  ),
+  FILE_DECRYPTION_FAILED: file("File unreadable", "This file could not be decrypted or opened."),
+  RESOURCE_ACCESS_DENIED: access("Access denied", "You don't have permission to access this resource."),
+  RESOURCE_DEAL_NOT_FOUND: resource("Deal not found", "The requested deal could not be found.", { support: true }),
+  RESOURCE_DEPENDENCY_MISSING: resource("Dependency missing", "A required dependency is missing. Contact your administrator.", { support: true }),
+  RESOURCE_FILE_NOT_FOUND: file("File not found", "The requested file could not be found.", false),
+  RESOURCE_INVALID_STATE: resource("Invalid state", "This resource is in a state that does not allow this action.", { retry: true }),
+  RESOURCE_IN_USE: resource("Resource in use", "This resource is in use and cannot be modified right now. Try again later.", { retry: true }),
+  RESOURCE_MAPPING_NOT_DEFINED: resource("Mapping not defined", "Resource mapping is not configured. Contact your administrator.", {
+    support: true
+  }),
+  RESOURCE_PERMISSION_DENIED: access("Permission denied", "You don't have permission for this resource."),
+  RESOURCE_TYPE_MISMATCH: validation("Type mismatch", "The resource type does not match what was expected."),
+  SIGNATURE_INVALID: auth("Invalid signature", "Request signature validation failed."),
+  SYSTEM_DATABASE_ERROR: system("Database error", "A database error occurred. Please try again later."),
+  SYSTEM_DECRYPTION_ERROR: system("Security error", "Data could not be decrypted. Please try again."),
+  SYSTEM_ENCRYPTION_ERROR: system("Security error", "Data could not be encrypted. Please try again."),
+  SYSTEM_EXTERNAL_API_FAILURE: integration("External service unavailable", "An external service is unavailable. Please try again later."),
+  VALIDATION_INVALID_EMAIL: validation("Invalid email", "Enter a valid email address."),
+  VALIDATION_MISSING_FIELDS: validation("Missing fields", "Fill in all required fields."),
+  VALIDATION_PASSWORD_WEAK: validation("Weak password", "Choose a stronger password that meets the requirements."),
+  // workflow-action-api
+  COMMERCIAL_ACCESS_DENIED: commercial("Access denied", "Commercial access is required for this action. Contact your administrator."),
+  NOT_FOUND: resource("Not found", "The requested resource could not be found.", { support: true }),
+  UNEXPECTED_ERROR: system("Unexpected error", "An unexpected error occurred. Please try again."),
+  UNSUPPORTED_FILE_TYPE: file("Unsupported file type", "This file type is not supported. Choose a different file and try again.", false, {
+    contentVariant: "unsupported-file"
+  }),
+  VALIDATION_ERROR: validation("Validation error", "Please check the form and correct any errors.")
+};
+var API_ERROR_CATEGORY_FALLBACK = {
+  AUTH: auth("Authentication required", "Please sign in to continue."),
+  ACCESS: access("Access denied", "You don't have permission to access this resource."),
+  ACCESS_ERROR: access("Access denied", "You don't have permission to access this resource."),
+  VALIDATION: validation("Validation failed", "Please check your input and try again."),
+  VALIDATION_ERROR: validation("Validation failed", "Please check your input and try again."),
+  RATE_LIMIT: rateLimit("Too many requests", "Please wait a moment and try again."),
+  FILE: file("File error", "There was a problem with the file. Please try again."),
+  COMMERCIAL: commercial("Subscription required", "A subscription or upgrade is required for this action."),
+  INTEGRATION: integration("Integration error", "An external service error occurred. Please try again."),
+  THIRD_PARTY: integration("External service error", "An external service error occurred. Please try again."),
+  EXTERNAL_API: integration("External service error", "An external service error occurred. Please try again."),
+  RESOURCE: resource("Resource error", "There was a problem with this resource. Please try again.", { retry: true }),
+  NOT_FOUND: resource("Not found", "The requested resource could not be found.", { support: true }),
+  CONFLICT: resource("Conflict", "This action conflicts with existing data. Refresh and try again.", { retry: true }),
+  INTERNAL: system("Server error", "A server error occurred. Please try again."),
+  SYSTEM: system("Server error", "A server error occurred. Please try again."),
+  GENERIC: system("Something went wrong", "Something went wrong. Please try again."),
+  GENERAL: system("Something went wrong", "Something went wrong. Please try again."),
+  GENERAL_ERROR: system("Something went wrong", "Something went wrong. Please try again.")
+};
+var DEFAULT_API_ERROR_DISPLAY = cfg("error", "Something went wrong", "Something went wrong. Please try again.", {
+  retry: true
+});
+var NETWORK_ERROR_DISPLAY = cfg(
+  "network",
+  "Connection problem",
+  "Unable to reach the server. Please check your connection and try again.",
+  { retry: true }
+);
+var TIMEOUT_ERROR_DISPLAY = cfg(
+  "network",
+  "Request timed out",
+  "The request timed out. Please check your connection and try again.",
+  { retry: true }
+);
+var SERVICE_UNAVAILABLE_DISPLAY = cfg(
+  "network",
+  "Service unavailable",
+  "Service temporarily unavailable. Please try again in a few minutes.",
+  { retry: true }
+);
+
+// src/main/core/errors/build-error-description.ts
+var DETAILED_MESSAGE_ERROR_CODES = /* @__PURE__ */ new Set([
+  "OBJECT_ASSOCIATION_NOT_FOUND",
+  "ASSOCIATION_LABEL_NOT_FOUND",
+  "PRIMARY_COMPANY_NOT_FOUND",
+  "RESOURCE_MISSING_ASSOCIATION",
+  "HUBSPOT_OBJECT_NOT_FOUND"
+]);
+function buildErrorDescription({
+  errorMessage,
+  detailedMessage,
+  fallbackDescription,
+  preferDetailedMessage = false,
+  errorCode
+}) {
+  const code = (errorCode ?? "").trim().toUpperCase();
+  const useDetail = preferDetailedMessage || code.length > 0 && DETAILED_MESSAGE_ERROR_CODES.has(code);
+  const detail = detailedMessage?.trim() || "";
+  const primary = errorMessage?.trim() || "";
+  const fallback = fallbackDescription?.trim() || "";
+  if (useDetail && detail) {
+    return detail;
+  }
+  if (primary) {
+    return primary;
+  }
+  if (detail) {
+    return detail;
+  }
+  if (fallback) {
+    return fallback;
+  }
+  return "Something went wrong. Please try again.";
+}
+function normalizeErrorCode(code) {
+  return (code ?? "").trim().toUpperCase();
+}
+function normalizeCategory(category) {
+  return (category ?? "").trim().toUpperCase();
+}
+function resolveConfig(errorCode, category) {
+  const code = normalizeErrorCode(errorCode);
+  if (code && API_ERROR_DISPLAY_CONFIG[code]) {
+    return API_ERROR_DISPLAY_CONFIG[code];
+  }
+  const cat = normalizeCategory(category);
+  if (cat && API_ERROR_CATEGORY_FALLBACK[cat]) {
+    return API_ERROR_CATEGORY_FALLBACK[cat];
+  }
+  return DEFAULT_API_ERROR_DISPLAY;
+}
+function fromConfig(config, payload, options) {
+  const allowRetry = options?.allowRetry !== false;
+  const severity = config.severity ?? (config.retry ? "recoverable" : "fatal");
+  return {
+    variant: config.variant,
+    title: config.title,
+    description: buildErrorDescription({
+      errorMessage: payload.errorMessage,
+      detailedMessage: payload.detailedMessage,
+      fallbackDescription: config.fallbackDescription,
+      errorCode: payload.errorCode
+    }),
+    errorCode: payload.errorCode,
+    correlationId: payload.correlationId,
+    showRetry: allowRetry && severity === "recoverable" && Boolean(config.retry),
+    showSupport: Boolean(config.support)
+  };
+}
+function resolveTransportDisplay(kind, options) {
+  const allowRetry = options?.allowRetry !== false;
+  switch (kind) {
+    case "service_unavailable":
+      return {
+        ...fromConfig(SERVICE_UNAVAILABLE_DISPLAY, {}, options),
+        showRetry: allowRetry
+      };
+    case "timeout":
+      return {
+        ...fromConfig(TIMEOUT_ERROR_DISPLAY, {}, options),
+        showRetry: allowRetry
+      };
+    case "network":
+      return {
+        ...fromConfig(NETWORK_ERROR_DISPLAY, {}, options),
+        showRetry: allowRetry
+      };
+    case "auth":
+      return fromConfig(API_ERROR_DISPLAY_CONFIG.AUTH_TOKEN_EXPIRED ?? DEFAULT_API_ERROR_DISPLAY, {}, options);
+    default:
+      return fromConfig(DEFAULT_API_ERROR_DISPLAY, {}, options);
+  }
+}
+function getApiErrorFromUnknown(error) {
+  if (axios.isAxiosError(error)) {
+    return parseApiErrorPayload(error.response?.data);
+  }
+  if (error && typeof error === "object") {
+    const record = error;
+    if (record.response && typeof record.response === "object") {
+      const response = record.response;
+      return parseApiErrorPayload(response.data);
+    }
+    return parseApiErrorPayload(error);
+  }
+  return {};
+}
+function resolveApiErrorDisplay(error, options) {
+  if (!axios.isAxiosError(error) || error.response == null) {
+    const kind = classifyHttpError(error);
+    if (kind !== "unknown" && kind !== "client" && kind !== "server") {
+      return resolveTransportDisplay(kind, options);
+    }
+    if (!axios.isAxiosError(error)) {
+      if (error instanceof Error && error.message.trim()) {
+        return {
+          variant: "error",
+          title: DEFAULT_API_ERROR_DISPLAY.title,
+          description: error.message.trim(),
+          showRetry: options?.allowRetry !== false,
+          showSupport: false
+        };
+      }
+      return fromConfig(DEFAULT_API_ERROR_DISPLAY, {}, options);
+    }
+  }
+  const payload = getApiErrorFromUnknown(error);
+  const hasPayload = Boolean(payload.errorCode || payload.errorMessage || payload.category || payload.correlationId);
+  if (!hasPayload && axios.isAxiosError(error)) {
+    const kind = classifyHttpError(error);
+    if (kind === "service_unavailable" || kind === "timeout" || kind === "network") {
+      return resolveTransportDisplay(kind, options);
+    }
+  }
+  const config = resolveConfig(payload.errorCode, payload.category);
+  return fromConfig(config, payload, options);
+}
+
+// src/main/core/errors/resolve-content-variant.ts
+var VARIANT_TO_CONTENT = {
+  error: "error",
+  access: "no-permission",
+  actionDenied: "action-denied",
+  association: "association-not-found",
+  validation: "error",
+  auth: "auth",
+  rateLimit: "rateLimit",
+  commercial: "commercial",
+  file: "file",
+  integration: "integration",
+  network: "network"
+};
+function resolveContentVariantFromErrorVariant(variant) {
+  return VARIANT_TO_CONTENT[variant] ?? "error";
+}
+
+// src/main/core/errors/resolve-api-content-state.ts
+function normalizeErrorCode2(code) {
+  return (code ?? "").trim().toUpperCase();
+}
+function normalizeCategory2(category) {
+  return (category ?? "").trim().toUpperCase();
+}
+function resolveConfig2(errorCode, category) {
+  const code = normalizeErrorCode2(errorCode);
+  if (code && API_ERROR_DISPLAY_CONFIG[code]) {
+    return API_ERROR_DISPLAY_CONFIG[code];
+  }
+  const cat = normalizeCategory2(category);
+  if (cat && API_ERROR_CATEGORY_FALLBACK[cat]) {
+    return API_ERROR_CATEGORY_FALLBACK[cat];
+  }
+  return DEFAULT_API_ERROR_DISPLAY;
+}
+function inferSeverity(config) {
+  if (config.severity) {
+    return config.severity;
+  }
+  if (config.variant === "auth") {
+    return "auth";
+  }
+  if (config.variant === "association" || config.variant === "access" || config.variant === "actionDenied") {
+    return "informational";
+  }
+  if (config.retry) {
+    return "recoverable";
+  }
+  return "fatal";
+}
+function inferContentVariant(config) {
+  if (config.contentVariant) {
+    return config.contentVariant;
+  }
+  return resolveContentVariantFromErrorVariant(config.variant);
+}
+function resolveApiContentState(error, options) {
+  const base = resolveApiErrorDisplay(error, options);
+  const payload = getApiErrorFromUnknown(error);
+  const config = resolveConfig2(payload.errorCode, payload.category);
+  const severity = inferSeverity(config);
+  const contentVariant = inferContentVariant(config);
+  const allowRetry = options?.allowRetry !== false;
+  const description = buildErrorDescription({
+    errorMessage: payload.errorMessage,
+    detailedMessage: payload.detailedMessage,
+    fallbackDescription: config.fallbackDescription,
+    errorCode: payload.errorCode
+  });
+  const showRetry = allowRetry && severity === "recoverable" && Boolean(config.retry);
+  return {
+    ...base,
+    title: config.title,
+    description,
+    contentVariant,
+    severity,
+    isExpected: severity === "informational",
+    showRetry,
+    showSupport: Boolean(config.support)
+  };
+}
+function isExpectedApiError(error) {
+  return resolveApiContentState(error, { allowRetry: false }).isExpected;
+}
+
+export { API_ERROR_CATEGORY_FALLBACK, API_ERROR_DISPLAY_CONFIG, WOODSPORTAL_API_ACTIVE_ERROR_CODES, authApi, buildErrorDescription, getApiErrorFromUnknown, hasAuthenticatedAccess, hasValidAccess, isExpectedApiError, isFullyAuthenticated, isMfaPendingSession, recoverMfaGateOnBoot, resolveApiContentState, resolveApiErrorDisplay, resolveAuthRouteAction };
+//# sourceMappingURL=chunk-BXKFJ5NQ.js.map
+//# sourceMappingURL=chunk-BXKFJ5NQ.js.map