@actuate-media/cms-core 0.1.0

package/dist/api/openapi.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"openapi.js","sourceRoot":"","sources":["../../src/api/openapi.ts"],"names":[],"mappings":"AAIA,SAAS,aAAa,CAAC,KAAsB;IAC3C,QAAQ,KAAK,CAAC,IAAI,EAAE,CAAC;QACnB,KAAK,MAAM;YACT,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC5B,KAAK,UAAU;YACb,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;QAC5C,KAAK,QAAQ;YACX,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC5B,KAAK,SAAS;YACZ,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QAC7B,KAAK,MAAM;YACT,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;QACjD,KAAK,QAAQ,CAAC,CAAC,CAAC;YACd,MAAM,GAAG,GAAG,KAAoB,CAAC;YACjC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;YAC/C,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC1C,CAAC;QACD,KAAK,cAAc;YACjB,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC;QAChE,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC;QACtD,KAAK,MAAM;YACT,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC5B,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAC3B,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC7C,KAAK,KAAK;YACR,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAC3C,KAAK,OAAO;YACV,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC5B,KAAK,MAAM;YACT,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC5B,KAAK,QAAQ;YACX,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;QAC3B;YACE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC9B,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAC5B,MAAuC;IAEvC,MAAM,UAAU,GAA+B,EAAE,CAAC;IAClD,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QACnD,UAAU,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC;QACxC,IAAI,KAAK,CAAC,QAAQ;YAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1C,CAAC;IAED,MAAM,MAAM,GAAe,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;IAC1D,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,CAAC,QAAQ,GAAG,QAAQ,CAAC;IACpD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,UAAU,CAAC,IAAY;IAC9B,OAAO,IAAI;SACR,KAAK,CAAC,MAAM,CAAC;SACb,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SAClD,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CACtB,IAAY,EACZ,MAA4C,EAC5C,SAAiB;IAEjB,MAAM,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC;IAE1B,MAAM,aAAa,GAA4B;QAC7C,GAAG,EAAE;YACH,WAAW,EAAE,OAAO,UAAU,CAAC,IAAI,CAAC,EAAE;YACtC,IAAI,EAAE,CAAC,GAAG,CAAC;YACX,OAAO,EAAE,QAAQ,MAAM,CAAC,MAAM,EAAE;YAChC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;YAClD,UAAU,EAAE;gBACV,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,EAAE;gBACtE,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,EAAE;gBACzF,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;gBAC3D,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW,CAAC,EAAE,EAAE;gBAClH,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;gBAC3D,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;gBACzD,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,EAAE;aAClF;YACD,SAAS,EAAE;gBACT,KAAK,EAAE;oBACL,WAAW,EAAE,qBAAqB,MAAM,CAAC,MAAM,EAAE;oBACjD,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;iBACrQ;gBACD,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;aACvC;SACF;QACD,IAAI,EAAE;YACJ,WAAW,EAAE,SAAS,UAAU,CAAC,IAAI,CAAC,EAAE;YACxC,IAAI,EAAE,CAAC,GAAG,CAAC;YACX,OAAO,EAAE,YAAY,MAAM,CAAC,QAAQ,EAAE;YACtC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;YAClD,WAAW,EAAE;gBACX,QAAQ,EAAE,IAAI;gBACd,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE;aACjE;YACD,SAAS,EAAE;gBACT,KAAK,EAAE;oBACL,WAAW,EAAE,GAAG,MAAM,CAAC,QAAQ,UAAU;oBACzC,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,EAAE;iBAC3G;gBACD,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;gBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,0BAA0B,EAAE;aACnD;SACF;KACF,CAAC;IAEF,MAAM,UAAU,GAA4B;QAC1C,GAAG,EAAE;YACH,WAAW,EAAE,MAAM,UAAU,CAAC,IAAI,CAAC,EAAE;YACrC,IAAI,EAAE,CAAC,GAAG,CAAC;YACX,OAAO,EAAE,SAAS,MAAM,CAAC,QAAQ,QAAQ;YACzC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;YAClD,UAAU,EAAE;gBACV,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;aACvE;YACD,SAAS,EAAE;gBACT,KAAK,EAAE;oBACL,WAAW,EAAE,GAAG,MAAM,CAAC,QAAQ,UAAU;oBACzC,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,EAAE;iBAC3G;gBACD,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;gBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE;aACpC;SACF;QACD,GAAG,EAAE;YACH,WAAW,EAAE,SAAS,UAAU,CAAC,IAAI,CAAC,EAAE;YACxC,IAAI,EAAE,CAAC,GAAG,CAAC;YACX,OAAO,EAAE,YAAY,MAAM,CAAC,QAAQ,EAAE;YACtC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;YAClD,UAAU,EAAE;gBACV,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;aACvE;YACD,WAAW,EAAE;gBACX,QAAQ,EAAE,IAAI;gBACd,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE;aACjE;YACD,SAAS,EAAE;gBACT,KAAK,EAAE;oBACL,WAAW,EAAE,GAAG,MAAM,CAAC,QAAQ,UAAU;oBACzC,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,EAAE;iBAC3G;gBACD,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;gBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,0BAA0B,EAAE;gBAClD,KAAK,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE;aACpC;SACF;QACD,MAAM,EAAE;YACN,WAAW,EAAE,SAAS,UAAU,CAAC,IAAI,CAAC,EAAE;YACxC,IAAI,EAAE,CAAC,GAAG,CAAC;YACX,OAAO,EAAE,YAAY,MAAM,CAAC,QAAQ,EAAE;YACtC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;YAClD,UAAU,EAAE;gBACV,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;aACvE;YACD,SAAS,EAAE;gBACT,KAAK,EAAE;oBACL,WAAW,EAAE,GAAG,MAAM,CAAC,QAAQ,UAAU;oBACzC,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;iBACxJ;gBACD,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;gBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,0BAA0B,EAAE;gBAClD,KAAK,EAAE,EAAE,WAAW,EAAE,WAAW,EAAE;aACpC;SACF;KACF,CAAC;IAEF,OAAO;QACL,CAAC,gBAAgB,IAAI,EAAE,CAAC,EAAE,aAAa;QACvC,CAAC,gBAAgB,IAAI,OAAO,CAAC,EAAE,UAAU;KAC1C,CAAC;AACJ,CAAC;AAED,SAAS,WAAW;IAClB,OAAO;QACL,aAAa,EAAE;YACb,IAAI,EAAE;gBACJ,WAAW,EAAE,OAAO;gBACpB,IAAI,EAAE,CAAC,MAAM,CAAC;gBACd,OAAO,EAAE,sCAAsC;gBAC/C,WAAW,EAAE;oBACX,QAAQ,EAAE,IAAI;oBACd,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,OAAO,EAAE,UAAU,CAAC,EAAE,UAAU,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,EAAE,EAAE;iBAC3L;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,kBAAkB,EAAE;oBAC1C,KAAK,EAAE,EAAE,WAAW,EAAE,qBAAqB,EAAE;oBAC7C,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;iBACvC;aACF;SACF;QACD,cAAc,EAAE;YACd,IAAI,EAAE;gBACJ,WAAW,EAAE,QAAQ;gBACrB,IAAI,EAAE,CAAC,MAAM,CAAC;gBACd,OAAO,EAAE,yBAAyB;gBAClC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;gBAClD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,YAAY,EAAE;oBACpC,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;iBACvC;aACF;SACF;QACD,YAAY,EAAE;YACZ,GAAG,EAAE;gBACH,WAAW,EAAE,cAAc;gBAC3B,IAAI,EAAE,CAAC,MAAM,CAAC;gBACd,OAAO,EAAE,kBAAkB;gBAC3B,SAAS,EAAE;oBACT,KAAK,EAAE;wBACL,WAAW,EAAE,YAAY;wBACzB,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;qBACrJ;iBACF;aACF;SACF;QACD,QAAQ,EAAE;YACR,GAAG,EAAE;gBACH,WAAW,EAAE,WAAW;gBACxB,IAAI,EAAE,CAAC,OAAO,CAAC;gBACf,OAAO,EAAE,2BAA2B;gBACpC,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;gBAClD,UAAU,EAAE;oBACV,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,EAAE;oBACtE,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE;oBAC3E,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;iBAC9D;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,sBAAsB,EAAE;oBAC9C,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;iBACvC;aACF;SACF;QACD,eAAe,EAAE;YACf,IAAI,EAAE;gBACJ,WAAW,EAAE,aAAa;gBAC1B,IAAI,EAAE,CAAC,OAAO,CAAC;gBACf,OAAO,EAAE,qBAAqB;gBAC9B,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;gBAClD,WAAW,EAAE;oBACX,QAAQ,EAAE,IAAI;oBACd,OAAO,EAAE,EAAE,qBAAqB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,UAAU,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE,YAAY,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE;iBAC9M;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;oBACxC,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;oBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;iBACzC;aACF;SACF;QACD,SAAS,EAAE;YACT,GAAG,EAAE;gBACH,WAAW,EAAE,QAAQ;gBACrB,IAAI,EAAE,CAAC,QAAQ,CAAC;gBAChB,OAAO,EAAE,mCAAmC;gBAC5C,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;gBAClD,UAAU,EAAE;oBACV,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;oBACtE,EAAE,IAAI,EAAE,YAAY,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;oBAC/D,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,EAAE,EAAE;oBACtE,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,EAAE,EAAE,EAAE;iBAC5E;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;oBACxC,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;iBACvC;aACF;SACF;QACD,WAAW,EAAE;YACX,GAAG,EAAE;gBACH,WAAW,EAAE,cAAc;gBAC3B,IAAI,EAAE,CAAC,UAAU,CAAC;gBAClB,OAAO,EAAE,mCAAmC;gBAC5C,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;gBAClD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,2BAA2B,EAAE;oBACnD,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;oBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,uBAAuB,EAAE;iBAChD;aACF;YACD,IAAI,EAAE;gBACJ,WAAW,EAAE,eAAe;gBAC5B,IAAI,EAAE,CAAC,UAAU,CAAC;gBAClB,OAAO,EAAE,iCAAiC;gBAC1C,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;gBAClD,WAAW,EAAE;oBACX,QAAQ,EAAE,IAAI;oBACd,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,KAAK,EAAE,QAAQ,CAAC,EAAE,UAAU,EAAE,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE;iBAC7S;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,iBAAiB,EAAE;oBACzC,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;oBACtC,KAAK,EAAE,EAAE,WAAW,EAAE,uBAAuB,EAAE;iBAChD;aACF;SACF;QACD,oBAAoB,EAAE;YACpB,IAAI,EAAE;gBACJ,WAAW,EAAE,YAAY;gBACzB,IAAI,EAAE,CAAC,OAAO,CAAC;gBACf,OAAO,EAAE,sBAAsB;gBAC/B,UAAU,EAAE;oBACV,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE;iBACvE;gBACD,WAAW,EAAE;oBACX,QAAQ,EAAE,IAAI;oBACd,OAAO,EAAE,EAAE,kBAAkB,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,QAAQ,CAAC,EAAE,UAAU,EAAE,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,IAAI,EAAE,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,oBAAoB,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE;iBAC3N;gBACD,SAAS,EAAE;oBACT,KAAK,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;oBACxC,KAAK,EAAE,EAAE,WAAW,EAAE,gBAAgB,EAAE;oBACxC,KAAK,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE;iBACvC;aACF;SACF;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,MAAwB;IAC1D,MAAM,OAAO,GAA+B,EAAE,CAAC;IAC/C,MAAM,KAAK,GAA4B,EAAE,CAAC;IAE1C,KAAK,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC;QACpE,MAAM,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;QACpC,OAAO,CAAC,UAAU,CAAC,GAAG,qBAAqB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAE/D,MAAM,SAAS,GAAG,eAAe,CAC/B,IAAI,EACJ,UAAU,CAAC,MAAM,EACjB,wBAAwB,UAAU,EAAE,CACrC,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;IAClC,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;IAEpC,OAAO;QACL,OAAO,EAAE,OAAO;QAChB,IAAI,EAAE;YACJ,KAAK,EAAE,iBAAiB;YACxB,OAAO,EAAE,OAAO;YAChB,WAAW,EAAE,iEAAiE;SAC/E;QACD,OAAO,EAAE,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,CAAC;QAC9B,QAAQ,EAAE,CAAC,EAAE,UAAU,EAAE,EAAE,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QAClD,KAAK;QACL,UAAU,EAAE;YACV,eAAe,EAAE;gBACf,UAAU,EAAE;oBACV,IAAI,EAAE,QAAQ;oBACd,EAAE,EAAE,QAAQ;oBACZ,IAAI,EAAE,iBAAiB;iBACxB;gBACD,UAAU,EAAE;oBACV,IAAI,EAAE,MAAM;oBACZ,MAAM,EAAE,QAAQ;oBAChB,YAAY,EAAE,KAAK;iBACpB;aACF;YACD,OAAO;SACR;KACF,CAAC;AACJ,CAAC"}

package/dist/auth/index.d.ts

@@ -0,0 +1,11 @@
+export { createSession, verifySession, revokeSession, refreshSession } from "./session";
+export type { SessionPayload, SessionOptions } from "./session";
+export { hashPassword, verifyPassword, validatePasswordPolicy, checkPasswordBreach } from "./password";
+export { generateTOTPSecret, verifyTOTP, generateBackupCodes, generateTOTPUri } from "./totp";
+export { initiateOAuth, handleCallback, linkAccount } from "./oauth";
+export { generateCodeVerifier, generateCodeChallenge, getAuthorizationUrl, exchangeCodeForTokens, getUserProfile, handleOAuthCallback, } from "./oauth";
+export type { OAuthProviderConfig, OAuthProviders, OAuthState, OAuthCallbackResult, OAuthUserProfile } from "./oauth";
+export { googleProvider } from "./providers/google";
+export { githubProvider } from "./providers/github";
+export { microsoftProvider } from "./providers/microsoft";
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AACxF,YAAY,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAEhE,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAEvG,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AAE9F,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AACrE,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,mBAAmB,EACnB,qBAAqB,EACrB,cAAc,EACd,mBAAmB,GACpB,MAAM,SAAS,CAAC;AACjB,YAAY,EAAE,mBAAmB,EAAE,cAAc,EAAE,UAAU,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAEtH,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/auth/index.js

@@ -0,0 +1,9 @@
+export { createSession, verifySession, revokeSession, refreshSession } from "./session";
+export { hashPassword, verifyPassword, validatePasswordPolicy, checkPasswordBreach } from "./password";
+export { generateTOTPSecret, verifyTOTP, generateBackupCodes, generateTOTPUri } from "./totp";
+export { initiateOAuth, handleCallback, linkAccount } from "./oauth";
+export { generateCodeVerifier, generateCodeChallenge, getAuthorizationUrl, exchangeCodeForTokens, getUserProfile, handleOAuthCallback, } from "./oauth";
+export { googleProvider } from "./providers/google";
+export { githubProvider } from "./providers/github";
+export { microsoftProvider } from "./providers/microsoft";
+//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAGxF,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,sBAAsB,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAEvG,OAAO,EAAE,kBAAkB,EAAE,UAAU,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAC;AAE9F,OAAO,EAAE,aAAa,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AACrE,OAAO,EACL,oBAAoB,EACpB,qBAAqB,EACrB,mBAAmB,EACnB,qBAAqB,EACrB,cAAc,EACd,mBAAmB,GACpB,MAAM,SAAS,CAAC;AAGjB,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/auth/oauth.d.ts

@@ -0,0 +1,84 @@
+import type { AuthProviderConfig } from '../config/types';
+export interface OAuthProviderConfig {
+    clientId: string;
+    clientSecret: string;
+    redirectUri: string;
+}
+export interface OAuthProviders {
+    google?: OAuthProviderConfig;
+    github?: OAuthProviderConfig;
+    microsoft?: OAuthProviderConfig;
+}
+export interface OAuthState {
+    provider: string;
+    codeVerifier: string;
+    returnTo: string;
+}
+export interface OAuthCallbackResult {
+    provider: string;
+    providerAccountId: string;
+    email: string;
+    name?: string;
+    avatarUrl?: string;
+    accessToken: string;
+    refreshToken?: string;
+    expiresAt?: Date;
+}
+export interface OAuthUserProfile {
+    id: string;
+    email: string;
+    name: string;
+    avatar?: string;
+}
+declare const PROVIDER_URLS: {
+    readonly google: {
+        readonly authorize: "https://accounts.google.com/o/oauth2/v2/auth";
+        readonly token: "https://oauth2.googleapis.com/token";
+        readonly userinfo: "https://www.googleapis.com/oauth2/v3/userinfo";
+        readonly scopes: "openid email profile";
+    };
+    readonly github: {
+        readonly authorize: "https://github.com/login/oauth/authorize";
+        readonly token: "https://github.com/login/oauth/access_token";
+        readonly userinfo: "https://api.github.com/user";
+        readonly scopes: "read:user user:email";
+    };
+    readonly microsoft: {
+        readonly authorize: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize";
+        readonly token: "https://login.microsoftonline.com/common/oauth2/v2.0/token";
+        readonly userinfo: "https://graph.microsoft.com/v1.0/me";
+        readonly scopes: "openid email profile";
+    };
+};
+export type OAuthProviderType = keyof typeof PROVIDER_URLS;
+export declare function generateCodeVerifier(): string;
+export declare function generateCodeChallenge(codeVerifier: string): Promise<string>;
+export declare function generateState(provider: string, codeVerifier: string, returnTo: string, secret: string): Promise<string>;
+export declare function verifyState(stateToken: string, secret: string): Promise<OAuthState>;
+export declare function getAuthorizationUrl(provider: OAuthProviderType, config: OAuthProviderConfig, state: string, codeChallenge: string): string;
+export declare function exchangeCodeForTokens(provider: OAuthProviderType, code: string, codeVerifier: string, config: OAuthProviderConfig): Promise<{
+    access_token: string;
+    id_token?: string;
+    refresh_token?: string;
+}>;
+export declare function getUserProfile(provider: OAuthProviderType, accessToken: string): Promise<OAuthUserProfile>;
+export declare function handleOAuthCallback(provider: string, code: string, stateToken: string, providers: OAuthProviders, secret: string, db: any): Promise<{
+    token: string;
+    user: {
+        id: string;
+        email: string;
+        name: string;
+        role: string;
+    };
+}>;
+/** @deprecated Use `initiateOAuth` pattern — kept for backward compat with auth/index.ts re-exports */
+export declare function initiateOAuth(_providerConfig: AuthProviderConfig, _callbackUrl: string): Promise<{
+    redirectUrl: string;
+    state: OAuthState;
+}>;
+/** @deprecated Use `handleOAuthCallback` — kept for backward compat with auth/index.ts re-exports */
+export declare function handleCallback(_providerConfig: AuthProviderConfig, _code: string, _state: OAuthState): Promise<OAuthCallbackResult>;
+/** Link an OAuth account to an existing user. */
+export declare function linkAccount(userId: string, result: OAuthCallbackResult, db: unknown): Promise<void>;
+export {};
+//# sourceMappingURL=oauth.d.ts.map

package/dist/auth/oauth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/auth/oauth.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAE1D,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,CAAC,EAAE,mBAAmB,CAAC;IAC7B,MAAM,CAAC,EAAE,mBAAmB,CAAC;IAC7B,SAAS,CAAC,EAAE,mBAAmB,CAAC;CACjC;AAED,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,IAAI,CAAC;CAClB;AAED,MAAM,WAAW,gBAAgB;IAC/B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,QAAA,MAAM,aAAa;;;;;;;;;;;;;;;;;;;CAmBT,CAAC;AAEX,MAAM,MAAM,iBAAiB,GAAG,MAAM,OAAO,aAAa,CAAC;AAW3D,wBAAgB,oBAAoB,IAAI,MAAM,CAG7C;AAED,wBAAsB,qBAAqB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAIjF;AAED,wBAAsB,aAAa,CACjC,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CAQjB;AAED,wBAAsB,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAIzF;AAED,wBAAgB,mBAAmB,CACjC,QAAQ,EAAE,iBAAiB,EAC3B,MAAM,EAAE,mBAAmB,EAC3B,KAAK,EAAE,MAAM,EACb,aAAa,EAAE,MAAM,GACpB,MAAM,CAaR;AAED,wBAAsB,qBAAqB,CACzC,QAAQ,EAAE,iBAAiB,EAC3B,IAAI,EAAE,MAAM,EACZ,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,mBAAmB,GAC1B,OAAO,CAAC;IAAE,YAAY,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,aAAa,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA2B9E;AAED,wBAAsB,cAAc,CAClC,QAAQ,EAAE,iBAAiB,EAC3B,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,gBAAgB,CAAC,CAmD3B;AAED,wBAAsB,mBAAmB,CACvC,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,MAAM,EAClB,SAAS,EAAE,cAAc,EACzB,MAAM,EAAE,MAAM,EACd,EAAE,EAAE,GAAG,GACN,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAA;CAAE,CAAC,CA2D7F;AAED,uGAAuG;AACvG,wBAAsB,aAAa,CACjC,eAAe,EAAE,kBAAkB,EACnC,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,UAAU,CAAA;CAAE,CAAC,CAErD;AAED,qGAAqG;AACrG,wBAAsB,cAAc,CAClC,eAAe,EAAE,kBAAkB,EACnC,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,UAAU,GACjB,OAAO,CAAC,mBAAmB,CAAC,CAE9B;AAED,iDAAiD;AACjD,wBAAsB,WAAW,CAC/B,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,mBAAmB,EAC3B,EAAE,EAAE,OAAO,GACV,OAAO,CAAC,IAAI,CAAC,CAKf"}

package/dist/auth/oauth.js

@@ -0,0 +1,201 @@
+import { SignJWT, jwtVerify } from 'jose';
+import { createSession } from './session';
+const PROVIDER_URLS = {
+    google: {
+        authorize: 'https://accounts.google.com/o/oauth2/v2/auth',
+        token: 'https://oauth2.googleapis.com/token',
+        userinfo: 'https://www.googleapis.com/oauth2/v3/userinfo',
+        scopes: 'openid email profile',
+    },
+    github: {
+        authorize: 'https://github.com/login/oauth/authorize',
+        token: 'https://github.com/login/oauth/access_token',
+        userinfo: 'https://api.github.com/user',
+        scopes: 'read:user user:email',
+    },
+    microsoft: {
+        authorize: 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
+        token: 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
+        userinfo: 'https://graph.microsoft.com/v1.0/me',
+        scopes: 'openid email profile',
+    },
+};
+function base64url(buffer) {
+    const bytes = new Uint8Array(buffer);
+    let binary = '';
+    for (let i = 0; i < bytes.length; i++) {
+        binary += String.fromCharCode(bytes[i]);
+    }
+    return btoa(binary).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+}
+export function generateCodeVerifier() {
+    const bytes = crypto.getRandomValues(new Uint8Array(32));
+    return base64url(bytes.buffer);
+}
+export async function generateCodeChallenge(codeVerifier) {
+    const encoded = new TextEncoder().encode(codeVerifier);
+    const digest = await crypto.subtle.digest('SHA-256', encoded);
+    return base64url(digest);
+}
+export async function generateState(provider, codeVerifier, returnTo, secret) {
+    const secretKey = new TextEncoder().encode(secret);
+    return new SignJWT({ provider, codeVerifier, returnTo })
+        .setProtectedHeader({ alg: 'HS256' })
+        .setIssuedAt()
+        .setExpirationTime('10m')
+        .setIssuer('actuate-cms')
+        .sign(secretKey);
+}
+export async function verifyState(stateToken, secret) {
+    const secretKey = new TextEncoder().encode(secret);
+    const { payload } = await jwtVerify(stateToken, secretKey, { issuer: 'actuate-cms' });
+    return payload;
+}
+export function getAuthorizationUrl(provider, config, state, codeChallenge) {
+    const urls = PROVIDER_URLS[provider];
+    const params = new URLSearchParams({
+        response_type: 'code',
+        client_id: config.clientId,
+        redirect_uri: config.redirectUri,
+        scope: urls.scopes,
+        state,
+        code_challenge: codeChallenge,
+        code_challenge_method: 'S256',
+    });
+    return `${urls.authorize}?${params.toString()}`;
+}
+export async function exchangeCodeForTokens(provider, code, codeVerifier, config) {
+    const urls = PROVIDER_URLS[provider];
+    const body = new URLSearchParams({
+        grant_type: 'authorization_code',
+        code,
+        redirect_uri: config.redirectUri,
+        client_id: config.clientId,
+        client_secret: config.clientSecret,
+        code_verifier: codeVerifier,
+    });
+    const headers = {
+        'Content-Type': 'application/x-www-form-urlencoded',
+    };
+    if (provider === 'github') {
+        headers['Accept'] = 'application/json';
+    }
+    const response = await fetch(urls.token, { method: 'POST', headers, body: body.toString() });
+    if (!response.ok) {
+        const text = await response.text();
+        throw new Error(`Token exchange failed (${response.status}): ${text}`);
+    }
+    return response.json();
+}
+export async function getUserProfile(provider, accessToken) {
+    const urls = PROVIDER_URLS[provider];
+    const response = await fetch(urls.userinfo, {
+        headers: { Authorization: `Bearer ${accessToken}` },
+    });
+    if (!response.ok) {
+        throw new Error(`Failed to fetch user profile (${response.status})`);
+    }
+    const data = await response.json();
+    if (provider === 'github') {
+        let email = data.email ?? '';
+        if (!email) {
+            const emailRes = await fetch('https://api.github.com/user/emails', {
+                headers: {
+                    Authorization: `Bearer ${accessToken}`,
+                    Accept: 'application/vnd.github+json',
+                },
+            });
+            if (emailRes.ok) {
+                const emails = await emailRes.json();
+                const primary = emails.find((e) => e.primary && e.verified) ?? emails.find((e) => e.verified);
+                if (primary)
+                    email = primary.email;
+            }
+        }
+        return {
+            id: String(data.id),
+            email,
+            name: data.name ?? data.login ?? '',
+            avatar: data.avatar_url,
+        };
+    }
+    if (provider === 'microsoft') {
+        return {
+            id: data.id,
+            email: data.mail ?? data.userPrincipalName ?? '',
+            name: data.displayName ?? '',
+        };
+    }
+    // Google
+    return {
+        id: data.sub,
+        email: data.email ?? '',
+        name: data.name ?? '',
+        avatar: data.picture,
+    };
+}
+export async function handleOAuthCallback(provider, code, stateToken, providers, secret, db) {
+    const state = await verifyState(stateToken, secret);
+    if (state.provider !== provider) {
+        throw new Error('Provider mismatch in OAuth state');
+    }
+    const providerType = provider;
+    const providerConfig = providers[providerType];
+    if (!providerConfig) {
+        throw new Error(`OAuth provider "${provider}" is not configured`);
+    }
+    const tokens = await exchangeCodeForTokens(providerType, code, state.codeVerifier, providerConfig);
+    const profile = await getUserProfile(providerType, tokens.access_token);
+    if (!profile.email) {
+        throw new Error('OAuth provider did not return an email address');
+    }
+    let user = await db.user.findFirst({
+        where: { email: { equals: profile.email.toLowerCase(), mode: 'insensitive' } },
+    });
+    if (user) {
+        await db.user.update({
+            where: { id: user.id },
+            data: { oauthProvider: provider, oauthId: profile.id },
+        });
+    }
+    else {
+        user = await db.user.create({
+            data: {
+                email: profile.email.toLowerCase(),
+                name: profile.name,
+                role: 'CLIENT',
+                isActive: true,
+                oauthProvider: provider,
+                oauthId: profile.id,
+                passwordHash: '',
+            },
+        });
+    }
+    const oauthSession = await db.session.create({
+        data: {
+            userId: user.id,
+            expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000),
+        },
+    });
+    const token = await createSession({ userId: user.id, role: user.role, sessionId: oauthSession.id }, { secret });
+    return {
+        token,
+        user: { id: user.id, email: user.email, name: user.name, role: user.role },
+    };
+}
+/** @deprecated Use `initiateOAuth` pattern — kept for backward compat with auth/index.ts re-exports */
+export async function initiateOAuth(_providerConfig, _callbackUrl) {
+    throw new Error('Use generateState + getAuthorizationUrl instead');
+}
+/** @deprecated Use `handleOAuthCallback` — kept for backward compat with auth/index.ts re-exports */
+export async function handleCallback(_providerConfig, _code, _state) {
+    throw new Error('Use handleOAuthCallback instead');
+}
+/** Link an OAuth account to an existing user. */
+export async function linkAccount(userId, result, db) {
+    await db.user.update({
+        where: { id: userId },
+        data: { oauthProvider: result.provider, oauthId: result.providerAccountId },
+    });
+}
+//# sourceMappingURL=oauth.js.map

package/dist/auth/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/auth/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAuC1C,MAAM,aAAa,GAAG;IACpB,MAAM,EAAE;QACN,SAAS,EAAE,8CAA8C;QACzD,KAAK,EAAE,qCAAqC;QAC5C,QAAQ,EAAE,+CAA+C;QACzD,MAAM,EAAE,sBAAsB;KAC/B;IACD,MAAM,EAAE;QACN,SAAS,EAAE,0CAA0C;QACrD,KAAK,EAAE,6CAA6C;QACpD,QAAQ,EAAE,6BAA6B;QACvC,MAAM,EAAE,sBAAsB;KAC/B;IACD,SAAS,EAAE;QACT,SAAS,EAAE,gEAAgE;QAC3E,KAAK,EAAE,4DAA4D;QACnE,QAAQ,EAAE,qCAAqC;QAC/C,MAAM,EAAE,sBAAsB;KAC/B;CACO,CAAC;AAIX,SAAS,SAAS,CAAC,MAAmB;IACpC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;IACrC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACjF,CAAC;AAED,MAAM,UAAU,oBAAoB;IAClC,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,OAAO,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;AACjC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,YAAoB;IAC9D,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACvD,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC9D,OAAO,SAAS,CAAC,MAAM,CAAC,CAAC;AAC3B,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,QAAgB,EAChB,YAAoB,EACpB,QAAgB,EAChB,MAAc;IAEd,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACnD,OAAO,IAAI,OAAO,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAuB,CAAC;SAC1E,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;SACpC,WAAW,EAAE;SACb,iBAAiB,CAAC,KAAK,CAAC;SACxB,SAAS,CAAC,aAAa,CAAC;SACxB,IAAI,CAAC,SAAS,CAAC,CAAC;AACrB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,UAAkB,EAAE,MAAc;IAClE,MAAM,SAAS,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACnD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAAC,UAAU,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC;IACtF,OAAO,OAAgC,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,mBAAmB,CACjC,QAA2B,EAC3B,MAA2B,EAC3B,KAAa,EACb,aAAqB;IAErB,MAAM,IAAI,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,aAAa,EAAE,MAAM;QACrB,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,YAAY,EAAE,MAAM,CAAC,WAAW;QAChC,KAAK,EAAE,IAAI,CAAC,MAAM;QAClB,KAAK;QACL,cAAc,EAAE,aAAa;QAC7B,qBAAqB,EAAE,MAAM;KAC9B,CAAC,CAAC;IAEH,OAAO,GAAG,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE,CAAC;AAClD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,QAA2B,EAC3B,IAAY,EACZ,YAAoB,EACpB,MAA2B;IAE3B,MAAM,IAAI,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAErC,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,oBAAoB;QAChC,IAAI;QACJ,YAAY,EAAE,MAAM,CAAC,WAAW;QAChC,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,aAAa,EAAE,MAAM,CAAC,YAAY;QAClC,aAAa,EAAE,YAAY;KAC5B,CAAC,CAAC;IAEH,MAAM,OAAO,GAA2B;QACtC,cAAc,EAAE,mCAAmC;KACpD,CAAC;IACF,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,CAAC,QAAQ,CAAC,GAAG,kBAAkB,CAAC;IACzC,CAAC;IAED,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAE7F,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,0BAA0B,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,EAAE,CAAC;AACzB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAA2B,EAC3B,WAAmB;IAEnB,MAAM,IAAI,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAErC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE;QAC1C,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;KACpD,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,iCAAiC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAEnC,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,IAAI,KAAK,GAAW,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;QACrC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,oCAAoC,EAAE;gBACjE,OAAO,EAAE;oBACP,aAAa,EAAE,UAAU,WAAW,EAAE;oBACtC,MAAM,EAAE,6BAA6B;iBACtC;aACF,CAAC,CAAC;YACH,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAmE,CAAC;gBACtG,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;gBAC9F,IAAI,OAAO;oBAAE,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;YACrC,CAAC;QACH,CAAC;QACD,OAAO;YACL,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACnB,KAAK;YACL,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,IAAI,EAAE;YACnC,MAAM,EAAE,IAAI,CAAC,UAAU;SACxB,CAAC;IACJ,CAAC;IAED,IAAI,QAAQ,KAAK,WAAW,EAAE,CAAC;QAC7B,OAAO;YACL,EAAE,EAAE,IAAI,CAAC,EAAE;YACX,KAAK,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,iBAAiB,IAAI,EAAE;YAChD,IAAI,EAAE,IAAI,CAAC,WAAW,IAAI,EAAE;SAC7B,CAAC;IACJ,CAAC;IAED,SAAS;IACT,OAAO;QACL,EAAE,EAAE,IAAI,CAAC,GAAG;QACZ,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,EAAE;QACvB,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,EAAE;QACrB,MAAM,EAAE,IAAI,CAAC,OAAO;KACrB,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,QAAgB,EAChB,IAAY,EACZ,UAAkB,EAClB,SAAyB,EACzB,MAAc,EACd,EAAO;IAEP,MAAM,KAAK,GAAG,MAAM,WAAW,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAEpD,IAAI,KAAK,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACtD,CAAC;IAED,MAAM,YAAY,GAAG,QAA6B,CAAC;IACnD,MAAM,cAAc,GAAG,SAAS,CAAC,YAAY,CAAC,CAAC;IAC/C,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,mBAAmB,QAAQ,qBAAqB,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,YAAY,EAAE,IAAI,EAAE,KAAK,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;IACnG,MAAM,OAAO,GAAG,MAAM,cAAc,CAAC,YAAY,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;IAExE,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IAED,IAAI,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC;QACjC,KAAK,EAAE,EAAE,KAAK,EAAE,EAAE,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,aAAa,EAAE,EAAE;KAC/E,CAAC,CAAC;IAEH,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACnB,KAAK,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE;YACtB,IAAI,EAAE,EAAE,aAAa,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,EAAE;SACvD,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YAC1B,IAAI,EAAE;gBACJ,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,WAAW,EAAE;gBAClC,IAAI,EAAE,OAAO,CAAC,IAAI;gBAClB,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,IAAI;gBACd,aAAa,EAAE,QAAQ;gBACvB,OAAO,EAAE,OAAO,CAAC,EAAE;gBACnB,YAAY,EAAE,EAAE;aACjB;SACF,CAAC,CAAC;IACL,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;QAC3C,IAAI,EAAE;YACJ,MAAM,EAAE,IAAI,CAAC,EAAE;YACf,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;SAC1D;KACF,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,MAAM,aAAa,CAC/B,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,YAAY,CAAC,EAAE,EAAE,EAChE,EAAE,MAAM,EAAE,CACX,CAAC;IAEF,OAAO;QACL,KAAK;QACL,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;KAC3E,CAAC;AACJ,CAAC;AAED,uGAAuG;AACvG,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,eAAmC,EACnC,YAAoB;IAEpB,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;AACrE,CAAC;AAED,qGAAqG;AACrG,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,eAAmC,EACnC,KAAa,EACb,MAAkB;IAElB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;AACrD,CAAC;AAED,iDAAiD;AACjD,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,MAAc,EACd,MAA2B,EAC3B,EAAW;IAEX,MAAO,EAAU,CAAC,IAAI,CAAC,MAAM,CAAC;QAC5B,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;QACrB,IAAI,EAAE,EAAE,aAAa,EAAE,MAAM,CAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,iBAAiB,EAAE;KAC5E,CAAC,CAAC;AACL,CAAC"}

package/dist/auth/password.d.ts

@@ -0,0 +1,13 @@
+import type { PasswordPolicy } from "../config/types";
+/** Hash a password using Web Crypto API (PBKDF2). */
+export declare function hashPassword(password: string): Promise<string>;
+/** Verify a password against its stored hash. */
+export declare function verifyPassword(password: string, storedHash: string): Promise<boolean>;
+/** Validate a password against the configured policy rules. */
+export declare function validatePasswordPolicy(password: string, policy: PasswordPolicy): {
+    valid: boolean;
+    errors: string[];
+};
+/** Check if a password has appeared in a known data breach (k-anonymity). */
+export { checkBreached as checkPasswordBreach } from '../security/breach-check';
+//# sourceMappingURL=password.d.ts.map

package/dist/auth/password.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../src/auth/password.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAGtD,qDAAqD;AACrD,wBAAsB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAiBpE;AAED,iDAAiD;AACjD,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,OAAO,CAAC,CAqBlB;AAED,+DAA+D;AAC/D,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,cAAc,GACrB;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAoBtC;AAED,6EAA6E;AAC7E,OAAO,EAAE,aAAa,IAAI,mBAAmB,EAAE,MAAM,0BAA0B,CAAC"}

package/dist/auth/password.js

@@ -0,0 +1,47 @@
+import { timingSafeEqual } from "node:crypto";
+/** Hash a password using Web Crypto API (PBKDF2). */
+export async function hashPassword(password) {
+    const salt = crypto.getRandomValues(new Uint8Array(16));
+    const key = await crypto.subtle.importKey("raw", new TextEncoder().encode(password), "PBKDF2", false, ["deriveBits"]);
+    const derived = await crypto.subtle.deriveBits({ name: "PBKDF2", salt, iterations: 100_000, hash: "SHA-256" }, key, 256);
+    const saltHex = Buffer.from(salt).toString("hex");
+    const hashHex = Buffer.from(derived).toString("hex");
+    return `pbkdf2:100000:${saltHex}:${hashHex}`;
+}
+/** Verify a password against its stored hash. */
+export async function verifyPassword(password, storedHash) {
+    const [, , saltHex, hashHex] = storedHash.split(":");
+    if (!saltHex || !hashHex)
+        return false;
+    const salt = Buffer.from(saltHex, "hex");
+    const key = await crypto.subtle.importKey("raw", new TextEncoder().encode(password), "PBKDF2", false, ["deriveBits"]);
+    const derived = await crypto.subtle.deriveBits({ name: "PBKDF2", salt, iterations: 100_000, hash: "SHA-256" }, key, 256);
+    const derivedBuf = Buffer.from(derived);
+    const storedBuf = Buffer.from(hashHex, "hex");
+    if (derivedBuf.length !== storedBuf.length)
+        return false;
+    return timingSafeEqual(derivedBuf, storedBuf);
+}
+/** Validate a password against the configured policy rules. */
+export function validatePasswordPolicy(password, policy) {
+    const errors = [];
+    if (policy.minLength && password.length < policy.minLength) {
+        errors.push(`Password must be at least ${policy.minLength} characters`);
+    }
+    if (policy.requireUppercase && !/[A-Z]/.test(password)) {
+        errors.push("Password must contain an uppercase letter");
+    }
+    if (policy.requireLowercase && !/[a-z]/.test(password)) {
+        errors.push("Password must contain a lowercase letter");
+    }
+    if (policy.requireNumbers && !/\d/.test(password)) {
+        errors.push("Password must contain a digit");
+    }
+    if (policy.requireSpecialChars && !/[^a-zA-Z0-9]/.test(password)) {
+        errors.push("Password must contain a special character");
+    }
+    return { valid: errors.length === 0, errors };
+}
+/** Check if a password has appeared in a known data breach (k-anonymity). */
+export { checkBreached as checkPasswordBreach } from '../security/breach-check';
+//# sourceMappingURL=password.js.map

package/dist/auth/password.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.js","sourceRoot":"","sources":["../../src/auth/password.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C,qDAAqD;AACrD,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,QAAgB;IACjD,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;IACxD,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,EAClC,QAAQ,EACR,KAAK,EACL,CAAC,YAAY,CAAC,CACf,CAAC;IACF,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,UAAU,CAC5C,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAC9D,GAAG,EACH,GAAG,CACJ,CAAC;IACF,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAClD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACrD,OAAO,iBAAiB,OAAO,IAAI,OAAO,EAAE,CAAC;AAC/C,CAAC;AAED,iDAAiD;AACjD,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,UAAkB;IAElB,MAAM,CAAC,EAAE,AAAD,EAAG,OAAO,EAAE,OAAO,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrD,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IAEvC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACzC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACvC,KAAK,EACL,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,EAClC,QAAQ,EACR,KAAK,EACL,CAAC,YAAY,CAAC,CACf,CAAC;IACF,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,UAAU,CAC5C,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,EAC9D,GAAG,EACH,GAAG,CACJ,CAAC;IACF,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxC,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC9C,IAAI,UAAU,CAAC,MAAM,KAAK,SAAS,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACzD,OAAO,eAAe,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC;AAChD,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,sBAAsB,CACpC,QAAgB,EAChB,MAAsB;IAEtB,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,IAAI,MAAM,CAAC,SAAS,IAAI,QAAQ,CAAC,MAAM,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;QAC3D,MAAM,CAAC,IAAI,CAAC,6BAA6B,MAAM,CAAC,SAAS,aAAa,CAAC,CAAC;IAC1E,CAAC;IACD,IAAI,MAAM,CAAC,gBAAgB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvD,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;IAC3D,CAAC;IACD,IAAI,MAAM,CAAC,gBAAgB,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvD,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;IAC1D,CAAC;IACD,IAAI,MAAM,CAAC,cAAc,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QAClD,MAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;IAC/C,CAAC;IACD,IAAI,MAAM,CAAC,mBAAmB,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACjE,MAAM,CAAC,IAAI,CAAC,2CAA2C,CAAC,CAAC;IAC3D,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;AAChD,CAAC;AAED,6EAA6E;AAC7E,OAAO,EAAE,aAAa,IAAI,mBAAmB,EAAE,MAAM,0BAA0B,CAAC"}

package/dist/auth/providers/github.d.ts

@@ -0,0 +1,9 @@
+import type { AuthProviderConfig } from "../../config/types";
+export interface GitHubProviderOptions {
+    clientId: string;
+    clientSecret: string;
+    allowedOrgs?: string[];
+}
+/** Create a GitHub OAuth provider configuration. */
+export declare function githubProvider(options: GitHubProviderOptions): AuthProviderConfig;
+//# sourceMappingURL=github.d.ts.map

package/dist/auth/providers/github.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"github.d.ts","sourceRoot":"","sources":["../../../src/auth/providers/github.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE7D,MAAM,WAAW,qBAAqB;IACpC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;CACxB;AAED,oDAAoD;AACpD,wBAAgB,cAAc,CAAC,OAAO,EAAE,qBAAqB,GAAG,kBAAkB,CAOjF"}

package/dist/auth/providers/github.js

@@ -0,0 +1,10 @@
+/** Create a GitHub OAuth provider configuration. */
+export function githubProvider(options) {
+    return {
+        id: "github",
+        type: "github",
+        clientId: options.clientId,
+        clientSecret: options.clientSecret,
+    };
+}
+//# sourceMappingURL=github.js.map

package/dist/auth/providers/github.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"github.js","sourceRoot":"","sources":["../../../src/auth/providers/github.ts"],"names":[],"mappings":"AAQA,oDAAoD;AACpD,MAAM,UAAU,cAAc,CAAC,OAA8B;IAC3D,OAAO;QACL,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,QAAQ;QACd,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;KACnC,CAAC;AACJ,CAAC"}

package/dist/auth/providers/google.d.ts

@@ -0,0 +1,9 @@
+import type { AuthProviderConfig } from "../../config/types";
+export interface GoogleProviderOptions {
+    clientId: string;
+    clientSecret: string;
+    allowedDomains?: string[];
+}
+/** Create a Google OAuth provider configuration. */
+export declare function googleProvider(options: GoogleProviderOptions): AuthProviderConfig;
+//# sourceMappingURL=google.d.ts.map

package/dist/auth/providers/google.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"google.d.ts","sourceRoot":"","sources":["../../../src/auth/providers/google.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE7D,MAAM,WAAW,qBAAqB;IACpC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED,oDAAoD;AACpD,wBAAgB,cAAc,CAAC,OAAO,EAAE,qBAAqB,GAAG,kBAAkB,CAOjF"}

package/dist/auth/providers/google.js

@@ -0,0 +1,10 @@
+/** Create a Google OAuth provider configuration. */
+export function googleProvider(options) {
+    return {
+        id: "google",
+        type: "google",
+        clientId: options.clientId,
+        clientSecret: options.clientSecret,
+    };
+}
+//# sourceMappingURL=google.js.map

package/dist/auth/providers/google.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"google.js","sourceRoot":"","sources":["../../../src/auth/providers/google.ts"],"names":[],"mappings":"AAQA,oDAAoD;AACpD,MAAM,UAAU,cAAc,CAAC,OAA8B;IAC3D,OAAO;QACL,EAAE,EAAE,QAAQ;QACZ,IAAI,EAAE,QAAQ;QACd,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;KACnC,CAAC;AACJ,CAAC"}

package/dist/auth/providers/microsoft.d.ts

@@ -0,0 +1,9 @@
+import type { AuthProviderConfig } from "../../config/types";
+export interface MicrosoftProviderOptions {
+    clientId: string;
+    clientSecret: string;
+    tenantId?: string;
+}
+/** Create a Microsoft Entra ID (Azure AD) OAuth provider configuration. */
+export declare function microsoftProvider(options: MicrosoftProviderOptions): AuthProviderConfig;
+//# sourceMappingURL=microsoft.d.ts.map

package/dist/auth/providers/microsoft.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"microsoft.d.ts","sourceRoot":"","sources":["../../../src/auth/providers/microsoft.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE7D,MAAM,WAAW,wBAAwB;IACvC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,2EAA2E;AAC3E,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,wBAAwB,GAAG,kBAAkB,CAQvF"}

package/dist/auth/providers/microsoft.js

@@ -0,0 +1,11 @@
+/** Create a Microsoft Entra ID (Azure AD) OAuth provider configuration. */
+export function microsoftProvider(options) {
+    return {
+        id: "microsoft",
+        type: "microsoft",
+        clientId: options.clientId,
+        clientSecret: options.clientSecret,
+        tenantId: options.tenantId,
+    };
+}
+//# sourceMappingURL=microsoft.js.map

package/dist/auth/providers/microsoft.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"microsoft.js","sourceRoot":"","sources":["../../../src/auth/providers/microsoft.ts"],"names":[],"mappings":"AAQA,2EAA2E;AAC3E,MAAM,UAAU,iBAAiB,CAAC,OAAiC;IACjE,OAAO;QACL,EAAE,EAAE,WAAW;QACf,IAAI,EAAE,WAAW;QACjB,QAAQ,EAAE,OAAO,CAAC,QAAQ;QAC1B,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC3B,CAAC;AACJ,CAAC"}

package/dist/auth/session.d.ts

@@ -0,0 +1,21 @@
+export interface SessionPayload {
+    userId: string;
+    role: string;
+    sessionId: string;
+    fingerprint?: string;
+}
+export interface SessionOptions {
+    secret: string;
+    maxAge?: number;
+    issuer?: string;
+    audience?: string;
+}
+/** Create a signed JWT session token. */
+export declare function createSession(payload: SessionPayload, options: SessionOptions): Promise<string>;
+/** Verify and decode a JWT session token. */
+export declare function verifySession(token: string, options: SessionOptions): Promise<SessionPayload>;
+/** Revoke a session by marking it in the database. */
+export declare function revokeSession(sessionId: string, db: any): Promise<void>;
+/** Refresh a session token, issuing a new JWT with an extended expiry. */
+export declare function refreshSession(token: string, options: SessionOptions): Promise<string>;
+//# sourceMappingURL=session.d.ts.map

package/dist/auth/session.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../../src/auth/session.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAID,yCAAyC;AACzC,wBAAsB,aAAa,CACjC,OAAO,EAAE,cAAc,EACvB,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,MAAM,CAAC,CASjB;AAED,6CAA6C;AAC7C,wBAAsB,aAAa,CACjC,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,cAAc,CAAC,CAOzB;AAED,sDAAsD;AACtD,wBAAsB,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAK7E;AAED,0EAA0E;AAC1E,wBAAsB,cAAc,CAClC,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,cAAc,GACtB,OAAO,CAAC,MAAM,CAAC,CAGjB"}

package/dist/auth/session.js

@@ -0,0 +1,35 @@
+import * as jose from "jose";
+const DEFAULT_MAX_AGE = 60 * 60 * 24 * 7; // 7 days
+/** Create a signed JWT session token. */
+export async function createSession(payload, options) {
+    const secret = new TextEncoder().encode(options.secret);
+    return new jose.SignJWT({ ...payload })
+        .setProtectedHeader({ alg: "HS256" })
+        .setIssuedAt()
+        .setExpirationTime(`${options.maxAge ?? DEFAULT_MAX_AGE}s`)
+        .setIssuer(options.issuer ?? "actuate-cms")
+        .setAudience(options.audience ?? "actuate-cms")
+        .sign(secret);
+}
+/** Verify and decode a JWT session token. */
+export async function verifySession(token, options) {
+    const secret = new TextEncoder().encode(options.secret);
+    const { payload } = await jose.jwtVerify(token, secret, {
+        issuer: options.issuer ?? "actuate-cms",
+        audience: options.audience ?? "actuate-cms",
+    });
+    return payload;
+}
+/** Revoke a session by marking it in the database. */
+export async function revokeSession(sessionId, db) {
+    await db.session.update({
+        where: { id: sessionId },
+        data: { revokedAt: new Date() },
+    });
+}
+/** Refresh a session token, issuing a new JWT with an extended expiry. */
+export async function refreshSession(token, options) {
+    const payload = await verifySession(token, options);
+    return createSession(payload, options);
+}
+//# sourceMappingURL=session.js.map

package/dist/auth/session.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session.js","sourceRoot":"","sources":["../../src/auth/session.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAgB7B,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,SAAS;AAEnD,yCAAyC;AACzC,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,OAAuB,EACvB,OAAuB;IAEvB,MAAM,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACxD,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,EAAE,GAAG,OAAO,EAAE,CAAC;SACpC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;SACpC,WAAW,EAAE;SACb,iBAAiB,CAAC,GAAG,OAAO,CAAC,MAAM,IAAI,eAAe,GAAG,CAAC;SAC1D,SAAS,CAAC,OAAO,CAAC,MAAM,IAAI,aAAa,CAAC;SAC1C,WAAW,CAAC,OAAO,CAAC,QAAQ,IAAI,aAAa,CAAC;SAC9C,IAAI,CAAC,MAAM,CAAC,CAAC;AAClB,CAAC;AAED,6CAA6C;AAC7C,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAa,EACb,OAAuB;IAEvB,MAAM,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACxD,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE;QACtD,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,aAAa;QACvC,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,aAAa;KAC5C,CAAC,CAAC;IACH,OAAO,OAAoC,CAAC;AAC9C,CAAC;AAED,sDAAsD;AACtD,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,SAAiB,EAAE,EAAO;IAC5D,MAAM,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;QACtB,KAAK,EAAE,EAAE,EAAE,EAAE,SAAS,EAAE;QACxB,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,EAAE;KAChC,CAAC,CAAC;AACL,CAAC;AAED,0EAA0E;AAC1E,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,KAAa,EACb,OAAuB;IAEvB,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IACpD,OAAO,aAAa,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AACzC,CAAC"}

package/dist/auth/totp.d.ts

@@ -0,0 +1,5 @@
+export declare function generateTOTPSecret(): string;
+export declare function generateTOTPUri(secret: string, email: string, issuer?: string): string;
+export declare function verifyTOTP(token: string, secret: string, window?: number): boolean;
+export declare function generateBackupCodes(count?: number): string[];
+//# sourceMappingURL=totp.d.ts.map

package/dist/auth/totp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"totp.d.ts","sourceRoot":"","sources":["../../src/auth/totp.ts"],"names":[],"mappings":"AAKA,wBAAgB,kBAAkB,IAAI,MAAM,CAI3C;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,SAAgB,GAAG,MAAM,CAE7F;AAED,wBAAgB,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,SAAI,GAAG,OAAO,CAQ7E;AA2DD,wBAAgB,mBAAmB,CAAC,KAAK,SAAI,GAAG,MAAM,EAAE,CAQvD"}