@agentforge-io/nest 0.2.0

package/dist/modules/auth/auth.controller.js

@@ -0,0 +1,255 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthController = void 0;
+const common_1 = require("@nestjs/common");
+const swagger_1 = require("@nestjs/swagger");
+const rate_limit_decorator_1 = require("../../decorators/rate-limit.decorator");
+const auth_service_1 = require("./auth.service");
+const register_dto_1 = require("./dto/register.dto");
+const login_dto_1 = require("./dto/login.dto");
+const public_decorator_1 = require("./decorators/public.decorator");
+const current_user_decorator_1 = require("./decorators/current-user.decorator");
+const constants_1 = require("../../constants");
+const ACCESS_COOKIE_DEFAULT_MS = 15 * 60 * 1000;
+const ONE_DAY_MS = 24 * 60 * 60 * 1000;
+let AuthController = class AuthController {
+    constructor(config, auth) {
+        this.config = config;
+        this.auth = auth;
+    }
+    async register(dto, req, res) {
+        const result = await this.auth.register(dto, this.metaFrom(req));
+        this.setSessionCookies(res, result);
+        return this.publicResult(result);
+    }
+    async login(dto, req, res) {
+        const result = await this.auth.login(dto.email, dto.password, this.metaFrom(req));
+        this.setSessionCookies(res, result);
+        return this.publicResult(result);
+    }
+    async refresh(req, res) {
+        const refreshCookie = req.cookies?.[this.refreshCookieName()];
+        if (!refreshCookie)
+            throw new common_1.UnauthorizedException('Missing refresh token');
+        try {
+            const result = await this.auth.refresh(refreshCookie, this.metaFrom(req));
+            this.setSessionCookies(res, result);
+            return this.publicResult(result);
+        }
+        catch (err) {
+            this.clearSessionCookies(res);
+            throw err;
+        }
+    }
+    async logout(req, res) {
+        const refreshCookie = req.cookies?.[this.refreshCookieName()];
+        await this.auth.logout(refreshCookie);
+        this.clearSessionCookies(res);
+    }
+    async logoutAll(userId, res) {
+        await this.auth.logoutEverywhere(userId);
+        this.clearSessionCookies(res);
+    }
+    me(user) {
+        return user;
+    }
+    async verifyEmail(body) {
+        if (!body?.token)
+            throw new (await Promise.resolve().then(() => require('@nestjs/common'))).BadRequestException('token is required');
+        return this.auth.verifyEmail(body.token);
+    }
+    async resendVerification(userId) {
+        await this.auth.resendVerificationEmail(userId);
+    }
+    async requestPasswordReset(body) {
+        if (!body?.email)
+            throw new (await Promise.resolve().then(() => require('@nestjs/common'))).BadRequestException('email is required');
+        await this.auth.requestPasswordReset(body.email);
+        return { ok: true };
+    }
+    async resetPassword(body) {
+        if (!body?.token || !body?.password) {
+            throw new (await Promise.resolve().then(() => require('@nestjs/common'))).BadRequestException('token and password are required');
+        }
+        await this.auth.resetPassword(body.token, body.password);
+        return { ok: true };
+    }
+    accessCookieName() {
+        return this.config.auth?.cookieName ?? 'af_session';
+    }
+    refreshCookieName() {
+        return this.config.auth?.refreshCookieName ?? 'af_refresh';
+    }
+    cookieSecure() {
+        return this.config.auth?.cookieSecure ?? process.env.NODE_ENV === 'production';
+    }
+    metaFrom(req) {
+        return {
+            userAgent: req.headers['user-agent'],
+            ip: req.headers['x-forwarded-for']?.split(',')[0]?.trim() || req.ip,
+        };
+    }
+    setSessionCookies(res, r) {
+        const secure = this.cookieSecure();
+        const accessTtlMs = this.parseAccessTtlMs();
+        const refreshTtlMs = (this.config.auth?.refreshTokenTtlDays ?? 30) * ONE_DAY_MS;
+        res.cookie(this.accessCookieName(), r.accessToken, {
+            httpOnly: true, secure, sameSite: 'lax', maxAge: accessTtlMs, path: '/',
+        });
+        res.cookie(this.refreshCookieName(), r.refreshToken, {
+            httpOnly: true, secure, sameSite: 'lax', maxAge: refreshTtlMs,
+            path: '/auth',
+        });
+    }
+    clearSessionCookies(res) {
+        const opts = { httpOnly: true, sameSite: 'lax' };
+        res.clearCookie(this.accessCookieName(), { ...opts, path: '/' });
+        res.clearCookie(this.refreshCookieName(), { ...opts, path: '/auth' });
+    }
+    publicResult(r) {
+        return { accessToken: r.accessToken, user: r.user };
+    }
+    parseAccessTtlMs() {
+        const ttl = this.config.auth?.accessTokenTtl ?? '15m';
+        const m = /^(\d+)\s*(s|m|h|d)$/.exec(ttl.trim());
+        if (!m)
+            return ACCESS_COOKIE_DEFAULT_MS;
+        const n = Number(m[1]);
+        switch (m[2]) {
+            case 's': return n * 1000;
+            case 'm': return n * 60_000;
+            case 'h': return n * 3_600_000;
+            case 'd': return n * 86_400_000;
+            default: return ACCESS_COOKIE_DEFAULT_MS;
+        }
+    }
+};
+exports.AuthController = AuthController;
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, rate_limit_decorator_1.AgentForgeRateLimit)({ bucket: 'auth', limit: 6, windowMs: 60_000 }),
+    (0, common_1.Post)('register'),
+    (0, swagger_1.ApiOperation)({ summary: 'Create a new account (local strategy)' }),
+    (0, common_1.HttpCode)(common_1.HttpStatus.CREATED),
+    __param(0, (0, common_1.Body)()),
+    __param(1, (0, common_1.Req)()),
+    __param(2, (0, common_1.Res)({ passthrough: true })),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [register_dto_1.RegisterDto, Object, Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "register", null);
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, rate_limit_decorator_1.AgentForgeRateLimit)({ bucket: 'auth', limit: 6, windowMs: 60_000 }),
+    (0, common_1.Post)('login'),
+    (0, swagger_1.ApiOperation)({ summary: 'Sign in with email and password (local strategy)' }),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, common_1.Body)()),
+    __param(1, (0, common_1.Req)()),
+    __param(2, (0, common_1.Res)({ passthrough: true })),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [login_dto_1.LoginDto, Object, Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "login", null);
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, rate_limit_decorator_1.AgentForgeRateLimit)({ bucket: 'auth', limit: 30, windowMs: 60_000 }),
+    (0, common_1.Post)('refresh'),
+    (0, swagger_1.ApiOperation)({ summary: 'Exchange a refresh token for a new access+refresh pair' }),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, common_1.Req)()),
+    __param(1, (0, common_1.Res)({ passthrough: true })),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "refresh", null);
+__decorate([
+    (0, common_1.Post)('logout'),
+    (0, swagger_1.ApiOperation)({ summary: 'Revoke the current refresh token and clear cookies' }),
+    (0, common_1.HttpCode)(common_1.HttpStatus.NO_CONTENT),
+    __param(0, (0, common_1.Req)()),
+    __param(1, (0, common_1.Res)({ passthrough: true })),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object, Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "logout", null);
+__decorate([
+    (0, common_1.Post)('logout-all'),
+    (0, swagger_1.ApiOperation)({ summary: 'Revoke ALL refresh tokens for the current user (sign out everywhere)' }),
+    (0, common_1.HttpCode)(common_1.HttpStatus.NO_CONTENT),
+    __param(0, (0, current_user_decorator_1.CurrentUser)('userId')),
+    __param(1, (0, common_1.Res)({ passthrough: true })),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "logoutAll", null);
+__decorate([
+    (0, common_1.Get)('me'),
+    (0, swagger_1.ApiOperation)({ summary: 'Return the currently authenticated user' }),
+    __param(0, (0, current_user_decorator_1.CurrentUser)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", void 0)
+], AuthController.prototype, "me", null);
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, rate_limit_decorator_1.AgentForgeRateLimit)({ bucket: 'auth', limit: 10, windowMs: 60_000 }),
+    (0, common_1.Post)('verify-email'),
+    (0, swagger_1.ApiOperation)({ summary: 'Confirm an email using a token issued by /auth/register' }),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "verifyEmail", null);
+__decorate([
+    (0, rate_limit_decorator_1.AgentForgeRateLimit)({ bucket: 'auth', limit: 3, windowMs: 60_000 }),
+    (0, common_1.Post)('resend-verification'),
+    (0, swagger_1.ApiOperation)({ summary: 'Re-send the verification email to the authenticated user' }),
+    (0, common_1.HttpCode)(common_1.HttpStatus.NO_CONTENT),
+    __param(0, (0, current_user_decorator_1.CurrentUser)('userId')),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "resendVerification", null);
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, rate_limit_decorator_1.AgentForgeRateLimit)({ bucket: 'auth', limit: 3, windowMs: 60_000 }),
+    (0, common_1.Post)('request-password-reset'),
+    (0, swagger_1.ApiOperation)({ summary: 'Request a password-reset email (always returns 200, never reveals existence)' }),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "requestPasswordReset", null);
+__decorate([
+    (0, public_decorator_1.Public)(),
+    (0, rate_limit_decorator_1.AgentForgeRateLimit)({ bucket: 'auth', limit: 6, windowMs: 60_000 }),
+    (0, common_1.Post)('reset-password'),
+    (0, swagger_1.ApiOperation)({ summary: 'Use a reset token to set a new password (revokes all sessions)' }),
+    (0, common_1.HttpCode)(common_1.HttpStatus.OK),
+    __param(0, (0, common_1.Body)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [Object]),
+    __metadata("design:returntype", Promise)
+], AuthController.prototype, "resetPassword", null);
+exports.AuthController = AuthController = __decorate([
+    (0, swagger_1.ApiTags)('Auth'),
+    (0, common_1.Controller)('auth'),
+    __param(0, (0, common_1.Inject)(constants_1.AGENT_FORGE_CONFIG)),
+    __metadata("design:paramtypes", [Object, auth_service_1.AuthService])
+], AuthController);
+//# sourceMappingURL=auth.controller.js.map

package/dist/modules/auth/auth.controller.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.controller.js","sourceRoot":"","sources":["../../../src/modules/auth/auth.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAWwB;AACxB,6CAAwD;AACxD,gFAA4E;AAE5E,iDAA0D;AAC1D,qDAAiD;AACjD,+CAA2C;AAC3C,oEAAuD;AACvD,gFAA4E;AAC5E,+CAAqD;AAGrD,MAAM,wBAAwB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAChD,MAAM,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAIhC,IAAM,cAAc,GAApB,MAAM,cAAc;IACzB,YAC+C,MAAwB,EACpD,IAAiB;QADW,WAAM,GAAN,MAAM,CAAkB;QACpD,SAAI,GAAJ,IAAI,CAAa;IACjC,CAAC;IASE,AAAN,KAAK,CAAC,QAAQ,CACJ,GAAgB,EACjB,GAAY,EACS,GAAa;QAEzC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QACjE,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACpC,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAOK,AAAN,KAAK,CAAC,KAAK,CACD,GAAa,EACd,GAAY,EACS,GAAa;QAEzC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QAClF,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;QACpC,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IACnC,CAAC;IAOK,AAAN,KAAK,CAAC,OAAO,CACJ,GAAY,EACS,GAAa;QAEzC,MAAM,aAAa,GAAI,GAAG,CAAC,OAA8C,EAAE,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC,CAAC;QACtG,IAAI,CAAC,aAAa;YAAE,MAAM,IAAI,8BAAqB,CAAC,uBAAuB,CAAC,CAAC;QAE7E,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;YAC1E,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YACpC,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QACnC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YAGb,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAC9B,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAOK,AAAN,KAAK,CAAC,MAAM,CAAQ,GAAY,EAA8B,GAAa;QACzE,MAAM,aAAa,GAAI,GAAG,CAAC,OAA8C,EAAE,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC,CAAC;QACtG,MAAM,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;QACtC,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IAKK,AAAN,KAAK,CAAC,SAAS,CACU,MAAc,EACT,GAAa;QAEzC,MAAM,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;QACzC,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IAID,EAAE,CAAgB,IAAc;QAC9B,OAAO,IAAI,CAAC;IACd,CAAC;IASK,AAAN,KAAK,CAAC,WAAW,CAAS,IAAuB;QAC/C,IAAI,CAAC,IAAI,EAAE,KAAK;YAAE,MAAM,IAAI,CAAC,2CAAa,gBAAgB,EAAC,CAAC,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,CAAC;QACtG,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC;IAMK,AAAN,KAAK,CAAC,kBAAkB,CAAwB,MAAc;QAC5D,MAAM,IAAI,CAAC,IAAI,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;IAClD,CAAC;IASK,AAAN,KAAK,CAAC,oBAAoB,CAAS,IAAuB;QACxD,IAAI,CAAC,IAAI,EAAE,KAAK;YAAE,MAAM,IAAI,CAAC,2CAAa,gBAAgB,EAAC,CAAC,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,CAAC;QACtG,MAAM,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;IAOK,AAAN,KAAK,CAAC,aAAa,CAAS,IAAyC;QACnE,IAAI,CAAC,IAAI,EAAE,KAAK,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC;YACpC,MAAM,IAAI,CAAC,2CAAa,gBAAgB,EAAC,CAAC,CAAC,mBAAmB,CAAC,iCAAiC,CAAC,CAAC;QACpG,CAAC;QACD,MAAM,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QACzD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;IAIO,gBAAgB;QACtB,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,UAAU,IAAI,YAAY,CAAC;IACtD,CAAC;IAEO,iBAAiB;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,iBAAiB,IAAI,YAAY,CAAC;IAC7D,CAAC;IAEO,YAAY;QAClB,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAC;IACjF,CAAC;IAEO,QAAQ,CAAC,GAAY;QAC3B,OAAO;YACL,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC;YACpC,EAAE,EAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAY,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,GAAG,CAAC,EAAE;SAChF,CAAC;IACJ,CAAC;IAEO,iBAAiB,CAAC,GAAa,EAAE,CAAgD;QACvF,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QACnC,MAAM,WAAW,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC5C,MAAM,YAAY,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,mBAAmB,IAAI,EAAE,CAAC,GAAG,UAAU,CAAC;QAEhF,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE;YACjD,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG;SACxE,CAAC,CAAC;QACH,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC,YAAY,EAAE;YACnD,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY;YAG7D,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;IACL,CAAC;IAEO,mBAAmB,CAAC,GAAa;QACvC,MAAM,IAAI,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAc,EAAE,CAAC;QAC1D,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,gBAAgB,EAAE,EAAE,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC;QACjE,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,EAAE,GAAG,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IACxE,CAAC;IAEO,YAAY,CAAC,CAA+E;QAIlG,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACtD,CAAC;IAEO,gBAAgB;QACtB,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,IAAI,KAAK,CAAC;QAEtD,MAAM,CAAC,GAAG,qBAAqB,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;QACjD,IAAI,CAAC,CAAC;YAAE,OAAO,wBAAwB,CAAC;QACxC,MAAM,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACvB,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACb,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC;YAC1B,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,MAAM,CAAC;YAC5B,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,SAAS,CAAC;YAC/B,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,UAAU,CAAC;YAChC,OAAO,CAAC,CAAC,OAAO,wBAAwB,CAAC;QAC3C,CAAC;IACH,CAAC;CACF,CAAA;AAxMY,wCAAc;AAanB;IALL,IAAA,yBAAM,GAAE;IACR,IAAA,0CAAmB,EAAC,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnE,IAAA,aAAI,EAAC,UAAU,CAAC;IAChB,IAAA,sBAAY,EAAC,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;IAClE,IAAA,iBAAQ,EAAC,mBAAU,CAAC,OAAO,CAAC;IAE1B,WAAA,IAAA,aAAI,GAAE,CAAA;IACN,WAAA,IAAA,YAAG,GAAE,CAAA;IACL,WAAA,IAAA,YAAG,EAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAA;;qCAFd,0BAAW;;8CAOzB;AAOK;IALL,IAAA,yBAAM,GAAE;IACR,IAAA,0CAAmB,EAAC,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnE,IAAA,aAAI,EAAC,OAAO,CAAC;IACb,IAAA,sBAAY,EAAC,EAAE,OAAO,EAAE,kDAAkD,EAAE,CAAC;IAC7E,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IAErB,WAAA,IAAA,aAAI,GAAE,CAAA;IACN,WAAA,IAAA,YAAG,GAAE,CAAA;IACL,WAAA,IAAA,YAAG,EAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAA;;qCAFd,oBAAQ;;2CAOtB;AAOK;IALL,IAAA,yBAAM,GAAE;IACR,IAAA,0CAAmB,EAAC,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IACpE,IAAA,aAAI,EAAC,SAAS,CAAC;IACf,IAAA,sBAAY,EAAC,EAAE,OAAO,EAAE,wDAAwD,EAAE,CAAC;IACnF,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IAErB,WAAA,IAAA,YAAG,GAAE,CAAA;IACL,WAAA,IAAA,YAAG,EAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAA;;;;6CAe5B;AAOK;IAHL,IAAA,aAAI,EAAC,QAAQ,CAAC;IACd,IAAA,sBAAY,EAAC,EAAE,OAAO,EAAE,oDAAoD,EAAE,CAAC;IAC/E,IAAA,iBAAQ,EAAC,mBAAU,CAAC,UAAU,CAAC;IAClB,WAAA,IAAA,YAAG,GAAE,CAAA;IAAgB,WAAA,IAAA,YAAG,EAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAA;;;;4CAI5D;AAKK;IAHL,IAAA,aAAI,EAAC,YAAY,CAAC;IAClB,IAAA,sBAAY,EAAC,EAAE,OAAO,EAAE,sEAAsE,EAAE,CAAC;IACjG,IAAA,iBAAQ,EAAC,mBAAU,CAAC,UAAU,CAAC;IAE7B,WAAA,IAAA,oCAAW,EAAC,QAAQ,CAAC,CAAA;IACrB,WAAA,IAAA,YAAG,EAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAA;;;;+CAI5B;AAID;IAFC,IAAA,YAAG,EAAC,IAAI,CAAC;IACT,IAAA,sBAAY,EAAC,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACjE,WAAA,IAAA,oCAAW,GAAE,CAAA;;;;wCAEhB;AASK;IALL,IAAA,yBAAM,GAAE;IACR,IAAA,0CAAmB,EAAC,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IACpE,IAAA,aAAI,EAAC,cAAc,CAAC;IACpB,IAAA,sBAAY,EAAC,EAAE,OAAO,EAAE,yDAAyD,EAAE,CAAC;IACpF,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACL,WAAA,IAAA,aAAI,GAAE,CAAA;;;;iDAGxB;AAMK;IAJL,IAAA,0CAAmB,EAAC,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnE,IAAA,aAAI,EAAC,qBAAqB,CAAC;IAC3B,IAAA,sBAAY,EAAC,EAAE,OAAO,EAAE,0DAA0D,EAAE,CAAC;IACrF,IAAA,iBAAQ,EAAC,mBAAU,CAAC,UAAU,CAAC;IACN,WAAA,IAAA,oCAAW,EAAC,QAAQ,CAAC,CAAA;;;;wDAE9C;AASK;IALL,IAAA,yBAAM,GAAE;IACR,IAAA,0CAAmB,EAAC,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnE,IAAA,aAAI,EAAC,wBAAwB,CAAC;IAC9B,IAAA,sBAAY,EAAC,EAAE,OAAO,EAAE,8EAA8E,EAAE,CAAC;IACzG,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACI,WAAA,IAAA,aAAI,GAAE,CAAA;;;;0DAIjC;AAOK;IALL,IAAA,yBAAM,GAAE;IACR,IAAA,0CAAmB,EAAC,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnE,IAAA,aAAI,EAAC,gBAAgB,CAAC;IACtB,IAAA,sBAAY,EAAC,EAAE,OAAO,EAAE,gEAAgE,EAAE,CAAC;IAC3F,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACH,WAAA,IAAA,aAAI,GAAE,CAAA;;;;mDAM1B;yBAtIU,cAAc;IAF1B,IAAA,iBAAO,EAAC,MAAM,CAAC;IACf,IAAA,mBAAU,EAAC,MAAM,CAAC;IAGd,WAAA,IAAA,eAAM,EAAC,8BAAkB,CAAC,CAAA;6CACJ,0BAAW;GAHzB,cAAc,CAwM1B"}

package/dist/modules/auth/auth.module.d.ts

@@ -0,0 +1,4 @@
+import { DynamicModule } from '@nestjs/common';
+export declare class AuthModule {
+    static forFeature(): DynamicModule;
+}

package/dist/modules/auth/auth.module.js

@@ -0,0 +1,71 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var AuthModule_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthModule = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const jwt_1 = require("@nestjs/jwt");
+const passport_1 = require("@nestjs/passport");
+const typeorm_1 = require("@nestjs/typeorm");
+const user_entity_1 = require("../../database/entities/user.entity");
+const refresh_token_entity_1 = require("../../database/entities/refresh-token.entity");
+const auth_identity_entity_1 = require("../../database/entities/auth-identity.entity");
+const email_token_entity_1 = require("../../database/entities/email-token.entity");
+const email_module_1 = require("../email/email.module");
+const constants_1 = require("../../constants");
+const auth_controller_1 = require("./auth.controller");
+const oauth_controller_1 = require("./oauth.controller");
+const jwt_strategy_1 = require("./strategies/jwt.strategy");
+const local_strategy_1 = require("./strategies/local.strategy");
+const jwt_auth_guard_1 = require("./guards/jwt-auth.guard");
+let AuthModule = AuthModule_1 = class AuthModule {
+    static forFeature() {
+        return {
+            module: AuthModule_1,
+            imports: [
+                typeorm_1.TypeOrmModule.forFeature([user_entity_1.UserEntity, refresh_token_entity_1.RefreshTokenEntity, auth_identity_entity_1.AuthIdentityEntity, email_token_entity_1.EmailTokenEntity]),
+                email_module_1.EmailModule,
+                passport_1.PassportModule.register({ defaultStrategy: 'agentforge-jwt' }),
+                jwt_1.JwtModule.registerAsync({
+                    inject: [constants_1.AGENT_FORGE_CONFIG],
+                    useFactory: (cfg) => {
+                        const enabled = cfg.auth?.enabled === true;
+                        if (enabled && !cfg.auth?.jwtSecret) {
+                            throw new Error('AgentForge auth: jwtSecret is required when auth.enabled is true');
+                        }
+                        return {
+                            secret: cfg.auth?.jwtSecret ?? 'agentforge-auth-disabled',
+                            signOptions: { expiresIn: cfg.auth?.accessTokenTtl ?? '7d' },
+                        };
+                    },
+                }),
+            ],
+            controllers: [auth_controller_1.AuthController, oauth_controller_1.OAuthController],
+            providers: [
+                local_strategy_1.LocalStrategy,
+                jwt_strategy_1.JwtStrategy,
+                {
+                    provide: core_1.APP_GUARD,
+                    inject: [core_1.Reflector, constants_1.AGENT_FORGE_CONFIG],
+                    useFactory: (reflector, cfg) => {
+                        if (!cfg.auth?.enabled) {
+                            return { canActivate: () => true };
+                        }
+                        return new jwt_auth_guard_1.JwtAuthGuard(reflector);
+                    },
+                },
+            ],
+        };
+    }
+};
+exports.AuthModule = AuthModule;
+exports.AuthModule = AuthModule = AuthModule_1 = __decorate([
+    (0, common_1.Module)({})
+], AuthModule);
+//# sourceMappingURL=auth.module.js.map

package/dist/modules/auth/auth.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.module.js","sourceRoot":"","sources":["../../../src/modules/auth/auth.module.ts"],"names":[],"mappings":";;;;;;;;;;AAAA,2CAAuD;AACvD,uCAAoD;AACpD,qCAAwC;AACxC,+CAAkD;AAClD,6CAAgD;AAChD,qEAAiE;AACjE,uFAAkF;AAClF,uFAAkF;AAClF,mFAA8E;AAC9E,wDAAoD;AACpD,+CAAqD;AAErD,uDAAmD;AACnD,yDAAqD;AAErD,4DAAwD;AACxD,gEAA4D;AAC5D,4DAAuD;AAkBhD,IAAM,UAAU,kBAAhB,MAAM,UAAU;IACrB,MAAM,CAAC,UAAU;QACf,OAAO;YACL,MAAM,EAAE,YAAU;YAClB,OAAO,EAAE;gBACP,uBAAa,CAAC,UAAU,CAAC,CAAC,wBAAU,EAAE,yCAAkB,EAAE,yCAAkB,EAAE,qCAAgB,CAAC,CAAC;gBAChG,0BAAW;gBACX,yBAAc,CAAC,QAAQ,CAAC,EAAE,eAAe,EAAE,gBAAgB,EAAE,CAAC;gBAC9D,eAAS,CAAC,aAAa,CAAC;oBACtB,MAAM,EAAE,CAAC,8BAAkB,CAAC;oBAC5B,UAAU,EAAE,CAAC,GAAqB,EAAE,EAAE;wBACpC,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,OAAO,KAAK,IAAI,CAAC;wBAC3C,IAAI,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC;4BACpC,MAAM,IAAI,KAAK,CACb,kEAAkE,CACnE,CAAC;wBACJ,CAAC;wBACD,OAAO;4BACL,MAAM,EAAE,GAAG,CAAC,IAAI,EAAE,SAAS,IAAI,0BAA0B;4BACzD,WAAW,EAAE,EAAE,SAAS,EAAE,GAAG,CAAC,IAAI,EAAE,cAAc,IAAI,IAAI,EAAE;yBAC7D,CAAC;oBACJ,CAAC;iBACF,CAAC;aACH;YACD,WAAW,EAAE,CAAC,gCAAc,EAAE,kCAAe,CAAC;YAC9C,SAAS,EAAE;gBAMT,8BAAa;gBACb,0BAAW;gBAKX;oBACE,OAAO,EAAE,gBAAS;oBAClB,MAAM,EAAE,CAAC,gBAAS,EAAE,8BAAkB,CAAC;oBACvC,UAAU,EAAE,CAAC,SAAoB,EAAE,GAAqB,EAAE,EAAE;wBAC1D,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;4BACvB,OAAO,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC;wBACrC,CAAC;wBACD,OAAO,IAAI,6BAAY,CAAC,SAAS,CAAC,CAAC;oBACrC,CAAC;iBACF;aACF;SACF,CAAC;IACJ,CAAC;CACF,CAAA;AAlDY,gCAAU;qBAAV,UAAU;IADtB,IAAA,eAAM,EAAC,EAAE,CAAC;GACE,UAAU,CAkDtB"}

package/dist/modules/auth/auth.service.d.ts

@@ -0,0 +1,2 @@
+export { AuthService, AuthError } from '@agentforge/core';
+export type { AuthErrorCode, AuthResult, SessionMeta, AuthServiceOptions, } from '@agentforge/core';

package/dist/modules/auth/auth.service.js

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthError = exports.AuthService = void 0;
+var core_1 = require("@agentforge/core");
+Object.defineProperty(exports, "AuthService", { enumerable: true, get: function () { return core_1.AuthService; } });
+Object.defineProperty(exports, "AuthError", { enumerable: true, get: function () { return core_1.AuthError; } });
+//# sourceMappingURL=auth.service.js.map

package/dist/modules/auth/auth.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.service.js","sourceRoot":"","sources":["../../../src/modules/auth/auth.service.ts"],"names":[],"mappings":";;;AAAA,yCAA0D;AAAjD,mGAAA,WAAW,OAAA;AAAE,iGAAA,SAAS,OAAA"}

package/dist/modules/auth/decorators/current-user.decorator.d.ts

@@ -0,0 +1,8 @@
+export interface AuthUser {
+    userId: string;
+    email?: string;
+    name?: string;
+    role?: 'user' | 'platform_admin';
+    isPlatformAdmin?: boolean;
+}
+export declare const CurrentUser: (...dataOrPipes: (import("@nestjs/common").PipeTransform<any, any> | import("@nestjs/common").Type<import("@nestjs/common").PipeTransform<any, any>> | keyof AuthUser | undefined)[]) => ParameterDecorator;

package/dist/modules/auth/decorators/current-user.decorator.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CurrentUser = void 0;
+const common_1 = require("@nestjs/common");
+exports.CurrentUser = (0, common_1.createParamDecorator)((data, ctx) => {
+    const request = ctx.switchToHttp().getRequest();
+    const user = request.user;
+    if (!user)
+        return undefined;
+    return data ? user[data] : user;
+});
+//# sourceMappingURL=current-user.decorator.js.map

package/dist/modules/auth/decorators/current-user.decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"current-user.decorator.js","sourceRoot":"","sources":["../../../../src/modules/auth/decorators/current-user.decorator.ts"],"names":[],"mappings":";;;AAAA,2CAAwE;AAqB3D,QAAA,WAAW,GAAG,IAAA,6BAAoB,EAC7C,CACE,IAAgC,EAChC,GAAqB,EAC4B,EAAE;IACnD,MAAM,OAAO,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC,UAAU,EAAuB,CAAC;IACrE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAC1B,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAC;IAC5B,OAAO,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAClC,CAAC,CACF,CAAC"}

package/dist/modules/auth/decorators/public.decorator.d.ts

@@ -0,0 +1,2 @@
+export declare const IS_PUBLIC_KEY = "agentforge:isPublic";
+export declare const Public: () => import("@nestjs/common").CustomDecorator<string>;

package/dist/modules/auth/decorators/public.decorator.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Public = exports.IS_PUBLIC_KEY = void 0;
+const common_1 = require("@nestjs/common");
+exports.IS_PUBLIC_KEY = 'agentforge:isPublic';
+const Public = () => (0, common_1.SetMetadata)(exports.IS_PUBLIC_KEY, true);
+exports.Public = Public;
+//# sourceMappingURL=public.decorator.js.map

package/dist/modules/auth/decorators/public.decorator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"public.decorator.js","sourceRoot":"","sources":["../../../../src/modules/auth/decorators/public.decorator.ts"],"names":[],"mappings":";;;AAAA,2CAA6C;AAEhC,QAAA,aAAa,GAAG,qBAAqB,CAAC;AAY5C,MAAM,MAAM,GAAG,GAAG,EAAE,CAAC,IAAA,oBAAW,EAAC,qBAAa,EAAE,IAAI,CAAC,CAAC;AAAhD,QAAA,MAAM,UAA0C"}

package/dist/modules/auth/dto/login.dto.d.ts

@@ -0,0 +1,4 @@
+export declare class LoginDto {
+    email: string;
+    password: string;
+}

package/dist/modules/auth/dto/login.dto.js

@@ -0,0 +1,29 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LoginDto = void 0;
+const class_validator_1 = require("class-validator");
+const swagger_1 = require("@nestjs/swagger");
+class LoginDto {
+}
+exports.LoginDto = LoginDto;
+__decorate([
+    (0, swagger_1.ApiProperty)(),
+    (0, class_validator_1.IsEmail)(),
+    __metadata("design:type", String)
+], LoginDto.prototype, "email", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], LoginDto.prototype, "password", void 0);
+//# sourceMappingURL=login.dto.js.map

package/dist/modules/auth/dto/login.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.dto.js","sourceRoot":"","sources":["../../../../src/modules/auth/dto/login.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAgE;AAChE,6CAA8C;AAE9C,MAAa,QAAQ;CASpB;AATD,4BASC;AANC;IAFC,IAAA,qBAAW,GAAE;IACb,IAAA,yBAAO,GAAE;;uCACK;AAKf;IAHC,IAAA,qBAAW,GAAE;IACb,IAAA,0BAAQ,GAAE;IACV,IAAA,4BAAU,GAAE;;0CACK"}

package/dist/modules/auth/dto/register.dto.d.ts

@@ -0,0 +1,5 @@
+export declare class RegisterDto {
+    email: string;
+    password: string;
+    name?: string;
+}

package/dist/modules/auth/dto/register.dto.js

@@ -0,0 +1,36 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RegisterDto = void 0;
+const class_validator_1 = require("class-validator");
+const swagger_1 = require("@nestjs/swagger");
+class RegisterDto {
+}
+exports.RegisterDto = RegisterDto;
+__decorate([
+    (0, swagger_1.ApiProperty)(),
+    (0, class_validator_1.IsEmail)(),
+    __metadata("design:type", String)
+], RegisterDto.prototype, "email", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ minLength: 8 }),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.MinLength)(8, { message: 'Password must be at least 8 characters' }),
+    __metadata("design:type", String)
+], RegisterDto.prototype, "password", void 0);
+__decorate([
+    (0, swagger_1.ApiProperty)({ required: false }),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], RegisterDto.prototype, "name", void 0);
+//# sourceMappingURL=register.dto.js.map

package/dist/modules/auth/dto/register.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"register.dto.js","sourceRoot":"","sources":["../../../../src/modules/auth/dto/register.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAuF;AACvF,6CAA8C;AAE9C,MAAa,WAAW;CAevB;AAfD,kCAeC;AAZC;IAFC,IAAA,qBAAW,GAAE;IACb,IAAA,yBAAO,GAAE;;0CACK;AAKf;IAHC,IAAA,qBAAW,EAAC,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC;IAC7B,IAAA,0BAAQ,GAAE;IACV,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;;6CAClD;AAMlB;IAJC,IAAA,qBAAW,EAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IAChC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,GAAE;IACV,IAAA,4BAAU,GAAE;;yCACC"}

package/dist/modules/auth/guards/jwt-auth.guard.d.ts

@@ -0,0 +1,9 @@
+import { ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+declare const JwtAuthGuard_base: import("@nestjs/passport").Type<import("@nestjs/passport").IAuthGuard>;
+export declare class JwtAuthGuard extends JwtAuthGuard_base {
+    private readonly reflector;
+    constructor(reflector: Reflector);
+    canActivate(context: ExecutionContext): boolean | Promise<boolean> | import("rxjs").Observable<boolean>;
+}
+export {};

package/dist/modules/auth/guards/jwt-auth.guard.js

@@ -0,0 +1,37 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.JwtAuthGuard = void 0;
+const common_1 = require("@nestjs/common");
+const core_1 = require("@nestjs/core");
+const passport_1 = require("@nestjs/passport");
+const public_decorator_1 = require("../decorators/public.decorator");
+let JwtAuthGuard = class JwtAuthGuard extends (0, passport_1.AuthGuard)('agentforge-jwt') {
+    constructor(reflector) {
+        super();
+        this.reflector = reflector;
+    }
+    canActivate(context) {
+        const isPublic = this.reflector.getAllAndOverride(public_decorator_1.IS_PUBLIC_KEY, [
+            context.getHandler(),
+            context.getClass(),
+        ]);
+        if (isPublic)
+            return true;
+        return super.canActivate(context);
+    }
+};
+exports.JwtAuthGuard = JwtAuthGuard;
+exports.JwtAuthGuard = JwtAuthGuard = __decorate([
+    (0, common_1.Injectable)(),
+    __metadata("design:paramtypes", [core_1.Reflector])
+], JwtAuthGuard);
+//# sourceMappingURL=jwt-auth.guard.js.map

package/dist/modules/auth/guards/jwt-auth.guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt-auth.guard.js","sourceRoot":"","sources":["../../../../src/modules/auth/guards/jwt-auth.guard.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,2CAA8D;AAC9D,uCAAyC;AACzC,+CAA6C;AAC7C,qEAA+D;AAOxD,IAAM,YAAY,GAAlB,MAAM,YAAa,SAAQ,IAAA,oBAAS,EAAC,gBAAgB,CAAC;IAC3D,YAA6B,SAAoB;QAC/C,KAAK,EAAE,CAAC;QADmB,cAAS,GAAT,SAAS,CAAW;IAEjD,CAAC;IAED,WAAW,CAAC,OAAyB;QACnC,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAU,gCAAa,EAAE;YACxE,OAAO,CAAC,UAAU,EAAE;YACpB,OAAO,CAAC,QAAQ,EAAE;SACnB,CAAC,CAAC;QACH,IAAI,QAAQ;YAAE,OAAO,IAAI,CAAC;QAC1B,OAAO,KAAK,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IACpC,CAAC;CACF,CAAA;AAbY,oCAAY;uBAAZ,YAAY;IADxB,IAAA,mBAAU,GAAE;qCAE6B,gBAAS;GADtC,YAAY,CAaxB"}

package/dist/modules/auth/guards/local-auth.guard.d.ts

@@ -0,0 +1,4 @@
+declare const LocalAuthGuard_base: import("@nestjs/passport").Type<import("@nestjs/passport").IAuthGuard>;
+export declare class LocalAuthGuard extends LocalAuthGuard_base {
+}
+export {};

package/dist/modules/auth/guards/local-auth.guard.js

@@ -0,0 +1,18 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LocalAuthGuard = void 0;
+const common_1 = require("@nestjs/common");
+const passport_1 = require("@nestjs/passport");
+let LocalAuthGuard = class LocalAuthGuard extends (0, passport_1.AuthGuard)('agentforge-local') {
+};
+exports.LocalAuthGuard = LocalAuthGuard;
+exports.LocalAuthGuard = LocalAuthGuard = __decorate([
+    (0, common_1.Injectable)()
+], LocalAuthGuard);
+//# sourceMappingURL=local-auth.guard.js.map

package/dist/modules/auth/guards/local-auth.guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"local-auth.guard.js","sourceRoot":"","sources":["../../../../src/modules/auth/guards/local-auth.guard.ts"],"names":[],"mappings":";;;;;;;;;AAAA,2CAA4C;AAC5C,+CAA6C;AAGtC,IAAM,cAAc,GAApB,MAAM,cAAe,SAAQ,IAAA,oBAAS,EAAC,kBAAkB,CAAC;CAAG,CAAA;AAAvD,wCAAc;yBAAd,cAAc;IAD1B,IAAA,mBAAU,GAAE;GACA,cAAc,CAAyC"}

package/dist/modules/auth/guards/oauth-configured.guard.d.ts

@@ -0,0 +1,11 @@
+import { CanActivate, ExecutionContext } from '@nestjs/common';
+import { Reflector } from '@nestjs/core';
+import type { AgentForgeConfig, AuthStrategyName } from '../../../types';
+export declare const OAUTH_PROVIDER_KEY = "agentforge:oauthProvider";
+export declare const OAuthProvider: (provider: AuthStrategyName) => import("@nestjs/common").CustomDecorator<string>;
+export declare class OAuthConfiguredGuard implements CanActivate {
+    private readonly reflector;
+    private readonly config;
+    constructor(reflector: Reflector, config: AgentForgeConfig);
+    canActivate(ctx: ExecutionContext): boolean;
+}