import { $a as SessionStatusClaim, Gs as SessionVerificationLevel, Hs as ReverificationConfig, Mo as GetToken, Po as PendingSessionOptions, Pt as SignOut, Qa as JwtPayload, Us as SessionVerificationAfterMinutes, g as UseAuthReturn, jo as CheckAuthorizationWithCustomPermissions, no as OrganizationCustomRoleKey, qa as ActClaim, to as OrganizationCustomPermissionKey } from "./index-BCMY4XCy.js";
import "./moduleManager-WB15hU3T.js";

//#region src/authorization.d.ts
type AuthorizationOptions = {
  userId: string | null | undefined;
  orgId: string | null | undefined;
  orgRole: string | null | undefined;
  orgPermissions: string[] | null | undefined;
  factorVerificationAge: [number, number] | null;
  features: string | null | undefined;
  plans: string | null | undefined;
};
declare const splitByScope: (fea: string | null | undefined) => {
  org: string[];
  user: string[];
};
declare const validateReverificationConfig: (config: ReverificationConfig | undefined | null) => false | (() => {
  level: SessionVerificationLevel;
  afterMinutes: SessionVerificationAfterMinutes;
});
/**
 * Creates a function for comprehensive user authorization checks.
 * Combines organization-level and reverification authentication checks.
 * The returned function authorizes if both checks pass, or if at least one passes
 * when the other is indeterminate. Fails if userId is missing.
 */
declare const createCheckAuthorization: (options: AuthorizationOptions) => CheckAuthorizationWithCustomPermissions;
type AuthStateOptions = {
  authObject: {
    userId?: string | null;
    sessionId?: string | null;
    sessionStatus?: SessionStatusClaim | null;
    sessionClaims?: JwtPayload | null;
    actor?: ActClaim | null;
    orgId?: string | null;
    orgRole?: OrganizationCustomRoleKey | null;
    orgSlug?: string | null;
    orgPermissions?: OrganizationCustomPermissionKey[] | null;
    getToken: GetToken;
    signOut: SignOut;
    has: (params: Parameters<CheckAuthorizationWithCustomPermissions>[0]) => boolean;
  };
  options: PendingSessionOptions;
};
/**
 * Shared utility function that centralizes auth state resolution logic,
 * preventing duplication across different packages.
 *
 * @internal
 */
declare const resolveAuthState: ({
  authObject: {
    sessionId,
    sessionStatus,
    userId,
    actor,
    orgId,
    orgRole,
    orgSlug,
    signOut,
    getToken,
    has,
    sessionClaims
  },
  options: {
    treatPendingAsSignedOut
  }
}: AuthStateOptions) => UseAuthReturn | undefined;
//#endregion
export { createCheckAuthorization, resolveAuthState, splitByScope, validateReverificationConfig };
//# sourceMappingURL=authorization.d.ts.map