'use client';
import { ConvexReactClient } from "convex/react";
import { ReactNode } from "react";
import * as react_jsx_runtime0 from "react/jsx-runtime";
import { AuthConfig } from "convex/server";
import * as better_auth0 from "better-auth";
import { BetterAuthClientPlugin, Session, User } from "better-auth";
import * as better_auth_api0 from "better-auth/api";
import * as better_auth_plugins_oidc_provider0 from "better-auth/plugins/oidc-provider";
import * as jose from "jose";
import { BetterAuthOptions } from "better-auth/minimal";
import { createAuthClient } from "better-auth/react";

//#region src/auth/internal/convex-plugin.d.ts
declare const convex: (opts: {
  authConfig: AuthConfig;
  jwks?: string;
  jwksRotateOnTokenGenerationError?: boolean;
  jwt?: {
    definePayload?: (session: {
      session: Session & Record<string, any>;
      user: User & Record<string, any>;
    }) => Promise<Record<string, any>> | Record<string, any> | undefined;
    expirationSeconds?: number;
  };
  /**
   * @deprecated Use jwt.expirationSeconds instead.
   */
  jwtExpirationSeconds?: number;
  options?: BetterAuthOptions;
}) => {
  id: "convex";
  init: (ctx: better_auth0.AuthContext) => void;
  hooks: {
    before: ({
      matcher(context: better_auth0.HookEndpointContext): boolean;
      handler: (inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<{
        context: {
          headers: Headers;
        };
      } | undefined>;
    } | {
      matcher: (ctx: better_auth0.HookEndpointContext) => boolean;
      handler: (inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<{
        context: better_auth0.MiddlewareContext<better_auth0.MiddlewareOptions, {
          returned?: unknown | undefined;
          responseHeaders?: Headers | undefined;
        } & better_auth0.PluginContext<BetterAuthOptions> & better_auth0.InfoContext & {
          options: BetterAuthOptions;
          trustedOrigins: string[];
          trustedProviders: string[];
          isTrustedOrigin: (url: string, settings?: {
            allowRelativePaths: boolean;
          }) => boolean;
          oauthConfig: {
            skipStateCookieCheck?: boolean | undefined;
            storeStateStrategy: "database" | "cookie";
          };
          newSession: {
            session: {
              id: string;
              createdAt: Date;
              updatedAt: Date;
              userId: string;
              expiresAt: Date;
              token: string;
              ipAddress?: string | null | undefined;
              userAgent?: string | null | undefined;
            } & Record<string, any>;
            user: {
              id: string;
              createdAt: Date;
              updatedAt: Date;
              email: string;
              emailVerified: boolean;
              name: string;
              image?: string | null | undefined;
            } & Record<string, any>;
          } | null;
          session: {
            session: {
              id: string;
              createdAt: Date;
              updatedAt: Date;
              userId: string;
              expiresAt: Date;
              token: string;
              ipAddress?: string | null | undefined;
              userAgent?: string | null | undefined;
            } & Record<string, any>;
            user: {
              id: string;
              createdAt: Date;
              updatedAt: Date;
              email: string;
              emailVerified: boolean;
              name: string;
              image?: string | null | undefined;
            } & Record<string, any>;
          } | null;
          setNewSession: (session: {
            session: {
              id: string;
              createdAt: Date;
              updatedAt: Date;
              userId: string;
              expiresAt: Date;
              token: string;
              ipAddress?: string | null | undefined;
              userAgent?: string | null | undefined;
            } & Record<string, any>;
            user: {
              id: string;
              createdAt: Date;
              updatedAt: Date;
              email: string;
              emailVerified: boolean;
              name: string;
              image?: string | null | undefined;
            } & Record<string, any>;
          } | null) => void;
          socialProviders: better_auth0.OAuthProvider[];
          authCookies: better_auth0.BetterAuthCookies;
          logger: ReturnType<(options?: better_auth0.Logger | undefined) => better_auth0.InternalLogger>;
          rateLimit: {
            enabled: boolean;
            window: number;
            max: number;
            storage: "memory" | "database" | "secondary-storage";
          } & Omit<better_auth0.BetterAuthRateLimitOptions, "enabled" | "window" | "max" | "storage">;
          adapter: better_auth0.DBAdapter<BetterAuthOptions>;
          internalAdapter: better_auth0.InternalAdapter<BetterAuthOptions>;
          createAuthCookie: (cookieName: string, overrideAttributes?: Partial<better_auth0.CookieOptions> | undefined) => better_auth0.BetterAuthCookie;
          secret: string;
          secretConfig: string | better_auth0.SecretConfig;
          sessionConfig: {
            updateAge: number;
            expiresIn: number;
            freshAge: number;
            cookieRefreshCache: false | {
              enabled: true;
              updateAge: number;
            };
          };
          generateId: (options: {
            model: better_auth0.ModelNames;
            size?: number | undefined;
          }) => string | false;
          secondaryStorage: better_auth0.SecondaryStorage | undefined;
          password: {
            hash: (password: string) => Promise<string>;
            verify: (data: {
              password: string;
              hash: string;
            }) => Promise<boolean>;
            config: {
              minPasswordLength: number;
              maxPasswordLength: number;
            };
            checkPassword: (userId: string, ctx: better_auth0.GenericEndpointContext<BetterAuthOptions>) => Promise<boolean>;
          };
          tables: better_auth0.BetterAuthDBSchema;
          runMigrations: () => Promise<void>;
          publishTelemetry: (event: {
            type: string;
            anonymousId?: string | undefined;
            payload: Record<string, any>;
          }) => Promise<void>;
          skipOriginCheck: boolean | string[];
          skipCSRFCheck: boolean;
          runInBackground: (promise: Promise<unknown>) => void;
          runInBackgroundOrAwait: (promise: Promise<unknown> | void) => better_auth0.Awaitable<unknown>;
        }>;
      }>;
    })[];
    after: {
      matcher: (context: better_auth0.HookEndpointContext) => boolean;
      handler: better_auth_api0.AuthMiddleware;
    }[];
  };
  endpoints: {
    getOpenIdConfig: better_auth0.StrictEndpoint<"/convex/.well-known/openid-configuration", {
      method: "GET";
      metadata: {
        isAction: false;
      };
    }, better_auth_plugins_oidc_provider0.OIDCMetadata>;
    getJwks: better_auth0.StrictEndpoint<"/convex/jwks", {
      method: "GET";
      metadata: {
        openapi: {
          description: string;
          responses: {
            '200': {
              description: string;
            };
          };
        };
      };
    }, jose.JSONWebKeySet>;
    getLatestJwks: better_auth0.StrictEndpoint<"/convex/latest-jwks", {
      isAction: boolean;
      method: "POST";
      metadata: {
        SERVER_ONLY: true;
        openapi: {
          description: string;
        };
      };
    }, any[]>;
    rotateKeys: better_auth0.StrictEndpoint<"/convex/rotate-keys", {
      isAction: boolean;
      method: "POST";
      metadata: {
        SERVER_ONLY: true;
        openapi: {
          description: string;
        };
      };
    }, any[]>;
    getToken: better_auth0.StrictEndpoint<"/convex/token", {
      method: "GET";
      requireHeaders: true;
      use: ((inputContext: better_auth0.MiddlewareInputContext<better_auth0.MiddlewareOptions>) => Promise<{
        session: {
          session: Record<string, any> & {
            id: string;
            createdAt: Date;
            updatedAt: Date;
            userId: string;
            expiresAt: Date;
            token: string;
            ipAddress?: string | null | undefined;
            userAgent?: string | null | undefined;
          };
          user: Record<string, any> & {
            id: string;
            createdAt: Date;
            updatedAt: Date;
            email: string;
            emailVerified: boolean;
            name: string;
            image?: string | null | undefined;
          };
        };
      }>)[];
      metadata: {
        openapi: {
          description: string;
        };
      };
    }, {
      token: string;
    }>;
  };
  schema: {
    jwks: {
      fields: {
        publicKey: {
          type: "string";
          required: true;
        };
        privateKey: {
          type: "string";
          required: true;
        };
        createdAt: {
          type: "date";
          required: true;
        };
        expiresAt: {
          type: "date";
          required: false;
        };
      };
    };
    user: {
      readonly fields: {
        readonly userId: {
          readonly type: "string";
          readonly required: false;
          readonly input: false;
        };
      };
    };
  };
};
//#endregion
//#region src/auth/internal/convex-client.d.ts
declare const convexClient: () => {
  id: "convex";
  $InferServerPlugin: ReturnType<typeof convex>;
};
//#endregion
//#region src/auth-client/types.d.ts
type ConvexClient = ReturnType<typeof convexClient>;
type CrossDomainClient = BetterAuthClientPlugin & {
  id: 'cross-domain';
  getActions: (...args: never[]) => {
    crossDomain: {
      oneTimeToken: {
        verify: (args: unknown) => Promise<unknown>;
      };
    };
    getCookie: () => string;
    notifySessionSignal: () => void;
  };
};
type PluginsWithCrossDomain = (CrossDomainClient | ConvexClient | BetterAuthClientPlugin)[];
type PluginsWithoutCrossDomain = (ConvexClient | BetterAuthClientPlugin)[];
type AuthClientWithPlugins<Plugins extends PluginsWithCrossDomain | PluginsWithoutCrossDomain> = ReturnType<typeof createAuthClient<BetterAuthClientPlugin & {
  plugins: Plugins;
}>>;
type AuthClient = AuthClientWithPlugins<PluginsWithCrossDomain> | AuthClientWithPlugins<PluginsWithoutCrossDomain>;
//#endregion
//#region src/auth-client/convex-auth-provider.d.ts
type ConvexAuthProviderProps = {
  children: ReactNode; /** Convex client instance */
  client: ConvexReactClient; /** Better Auth client instance */
  authClient: AuthClient; /** Initial session token (from SSR) */
  initialToken?: string; /** Callback when mutation called while unauthorized */
  onMutationUnauthorized?: () => void; /** Callback when query called while unauthorized */
  onQueryUnauthorized?: (info: {
    queryName: string;
  }) => void; /** Custom function to detect UNAUTHORIZED errors. Default checks code property. */
  isUnauthorized?: (error: unknown) => boolean;
};
/**
 * Unified auth provider for Convex + Better Auth.
 * Handles token sync, HMR persistence, and auth callbacks.
 *
 * Structure: AuthProvider wraps ConvexAuthProviderInner so that
 * useAuthStore() is available when creating fetchAccessToken.
 */
declare function ConvexAuthProvider({
  children,
  client,
  authClient,
  initialToken,
  onMutationUnauthorized,
  onQueryUnauthorized,
  isUnauthorized
}: ConvexAuthProviderProps): react_jsx_runtime0.JSX.Element;
//#endregion
export { type AuthClient, type AuthClientWithPlugins, ConvexAuthProvider, ConvexAuthProviderProps, type PluginsWithCrossDomain, type PluginsWithoutCrossDomain, convexClient };