@type auth_posture() :: :strict_recent | :remembered_ok | :cached_read_only_ok

@type auth_return_declaration() :: %{
  kind: auth_return_kind() | nil,
  transport: auth_return_transport() | nil,
  return_route_id: String.t() | nil,
  validates: [auth_return_validation()]
}

@type auth_return_kind() :: :oauth | :passkey | :native_auth

@type auth_return_transport() ::
  :http_callback | :verified_https_link | :custom_scheme | :bridge_event

@type auth_return_validation() ::
  :state
  | :nonce
  | :pkce
  | :redirect_uri
  | :link_verification
  | :expiry
  | :replay
  | :challenge
  | :origin
  | :rp_id
  | :user_verification
  | :callback_binding

@type commerce_declaration() :: %{
  corridor: String.t() | nil,
  role: commerce_role() | nil
}

@type commerce_role() ::
  :paywall_entry | :purchase_intent | :restore_intent | :account_management

@type entry() :: :internal_only | :external

@type notification_open_declaration() :: true | %{actions: [atom()]}

@type offline() :: :unavailable | :cached_read_only | :local_first

@type pack_integrity() :: %{algorithm: String.t(), digest: String.t()}

@type pack_kind() :: :content | :media

@type pack_requirement() :: Crosswake.Offline.ContentPack.t()

@type runtime() :: :live_view | :offline_island | :native_screen

@type security() :: :standard | :sensitive

@type validated_options() :: [
  id: String.t(),
  runtime: runtime(),
  offline: offline(),
  entry: entry(),
  cache_contract: String.t() | nil,
  island_contract: String.t() | nil,
  capabilities: [String.t()],
  commerce: commerce_declaration() | nil,
  packs: [pack_requirement()],
  sync: [String.t()],
  transfers: [Crosswake.Transfer.Contracts.declaration()],
  security: security(),
  gated_by: atom() | nil,
  on_unavailable: :deny | {:fallback_phoenix, atom()} | nil,
  auth_min_level: atom() | nil,
  requires_recent_auth: pos_integer() | nil,
  auth_posture: auth_posture() | nil,
  auth_return: auth_return_declaration() | nil,
  notification_open: notification_open_declaration() | nil
]