"""
Authentication and security module.
"""
from .providers.workos_provider import WorkOSAuthProvider
from .providers.ory_provider import ORYAuthProvider
from .middleware.authentication import (
    AuthenticationMiddleware,
    get_current_user,
    require_role
)
from .middleware.rbac_engine import RBACEngine, Resource
from .middleware.security_headers import (
    SecurityHeadersMiddleware,
    RateLimitMiddleware,
    TenantIsolationMiddleware
)
from .utils.rls_context import RLSContext, RLSPolicyGenerator
from .utils.api_key_manager import APIKeyManager
from .utils.audit_logger import (
    AuditLogger,
    AuditEventType,
    AuditSeverity
)
from .models.user_context import (
    UserContext,
    UserRole,
    TokenClaims,
    AuthResult,
    Scope
)

# Session management (ARC-154)
from .session_manager import SessionManager
from .jwt_service import JWTService
from .models.session import (
    SessionData,
    DeviceInfo,
    DeviceType,
    LocationInfo,
    TokenPayload,
    RefreshToken,
    SessionListItem
)

# Service-to-service authentication (ORY-204)
from .client_credentials_flow import (
    ClientCredentialsFlowManager,
    ServiceAccount,
    ServiceAccountStatus,
    TokenResponse
)
from .service_rate_limiter import ServiceRateLimiter

# OAuth 2.0 Client Management (ORY-202)
from .oauth_client_manager import (
    OAuthClientManager,
    OAuthClientError,
    ClientType,
    GrantType,
    ClientStatus
)
from .hydra_client import HydraClient, HydraClientError

__all__ = [
    # Providers
    'WorkOSAuthProvider',
    'ORYAuthProvider',

    # Middleware
    'AuthenticationMiddleware',
    'SecurityHeadersMiddleware',
    'RateLimitMiddleware',
    'TenantIsolationMiddleware',

    # RBAC
    'RBACEngine',
    'Resource',

    # Dependencies
    'get_current_user',
    'require_role',

    # Database security
    'RLSContext',
    'RLSPolicyGenerator',

    # API keys
    'APIKeyManager',

    # Audit logging
    'AuditLogger',
    'AuditEventType',
    'AuditSeverity',

    # Models
    'UserContext',
    'UserRole',
    'TokenClaims',
    'AuthResult',
    'Scope',

    # Session management (ARC-154)
    'SessionManager',
    'JWTService',
    'SessionData',
    'DeviceInfo',
    'DeviceType',
    'LocationInfo',
    'TokenPayload',
    'RefreshToken',
    'SessionListItem',

    # Service-to-service authentication (ORY-204)
    'ClientCredentialsFlowManager',
    'ServiceAccount',
    'ServiceAccountStatus',
    'TokenResponse',
    'ServiceRateLimiter',

    # OAuth 2.0 Client Management (ORY-202)
    'OAuthClientManager',
    'OAuthClientError',
    'ClientType',
    'GrantType',
    'ClientStatus',
    'HydraClient',
    'HydraClientError',
]