@agentuity/auth 0.0.109 → 0.0.110

package/dist/clerk/client.js

@@ -1,65 +0,0 @@
-import { Fragment as _Fragment, jsx as _jsx } from "react/jsx-runtime";
-/**
- * Clerk client-side authentication provider for React.
- *
- * @module clerk/client
- */
-import { useEffect } from 'react';
-import { useAuth } from '@agentuity/react';
-/**
- * Agentuity authentication provider for Clerk.
- *
- * This component integrates Clerk authentication with Agentuity's context,
- * automatically injecting auth tokens into API calls via useAPI and useWebsocket.
- *
- * Must be a child of both ClerkProvider and AgentuityProvider.
- *
- * @example
- * ```tsx
- * import { ClerkProvider, useAuth } from '@clerk/clerk-react';
- * import { AgentuityProvider } from '@agentuity/react';
- * import { AgentuityClerk } from '@agentuity/auth/clerk';
- *
- * <ClerkProvider publishableKey={key}>
- *   <AgentuityProvider>
- *     <AgentuityClerk useAuth={useAuth}>
- *       <App />
- *     </AgentuityClerk>
- *   </AgentuityProvider>
- * </ClerkProvider>
- * ```
- */
-export function AgentuityClerk({ children, useAuth: clerkUseAuth, refreshInterval = 60000, }) {
-    const { getToken, isLoaded } = clerkUseAuth();
-    const { setAuthHeader, setAuthLoading } = useAuth();
-    // Fetch and update token in AgentuityContext
-    useEffect(() => {
-        if (!isLoaded || !setAuthHeader || !setAuthLoading) {
-            if (setAuthLoading) {
-                setAuthLoading(true);
-            }
-            return;
-        }
-        const fetchToken = async () => {
-            try {
-                setAuthLoading(true);
-                const token = await getToken();
-                setAuthHeader(token ? `Bearer ${token}` : null);
-            }
-            catch (error) {
-                console.error('Failed to get Clerk token:', error);
-                setAuthHeader(null);
-            }
-            finally {
-                setAuthLoading(false);
-            }
-        };
-        fetchToken();
-        // Clerk handles token expiry internally, we refresh periodically
-        const interval = setInterval(fetchToken, refreshInterval);
-        return () => clearInterval(interval);
-    }, [getToken, isLoaded, setAuthHeader, setAuthLoading, refreshInterval]);
-    // Render children directly - auth header is now in AgentuityContext
-    return _jsx(_Fragment, { children: children });
-}
-//# sourceMappingURL=client.js.map

package/dist/clerk/client.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/clerk/client.tsx"],"names":[],"mappings":";AAAA;;;;GAIG;AAEH,OAAc,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAEzC,OAAO,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAe3C;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,MAAM,UAAU,cAAc,CAAC,EAC9B,QAAQ,EACR,OAAO,EAAE,YAAY,EACrB,eAAe,GAAG,KAAK,GACF;IACrB,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,YAAY,EAAE,CAAC;IAC9C,MAAM,EAAE,aAAa,EAAE,cAAc,EAAE,GAAG,OAAO,EAAE,CAAC;IAEpD,6CAA6C;IAC7C,SAAS,CAAC,GAAG,EAAE;QACd,IAAI,CAAC,QAAQ,IAAI,CAAC,aAAa,IAAI,CAAC,cAAc,EAAE,CAAC;YACpD,IAAI,cAAc,EAAE,CAAC;gBACpB,cAAc,CAAC,IAAI,CAAC,CAAC;YACtB,CAAC;YACD,OAAO;QACR,CAAC;QAED,MAAM,UAAU,GAAG,KAAK,IAAI,EAAE;YAC7B,IAAI,CAAC;gBACJ,cAAc,CAAC,IAAI,CAAC,CAAC;gBACrB,MAAM,KAAK,GAAG,MAAM,QAAQ,EAAE,CAAC;gBAC/B,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACjD,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBAChB,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;gBACnD,aAAa,CAAC,IAAI,CAAC,CAAC;YACrB,CAAC;oBAAS,CAAC;gBACV,cAAc,CAAC,KAAK,CAAC,CAAC;YACvB,CAAC;QACF,CAAC,CAAC;QAEF,UAAU,EAAE,CAAC;QAEb,iEAAiE;QACjE,MAAM,QAAQ,GAAG,WAAW,CAAC,UAAU,EAAE,eAAe,CAAC,CAAC;QAC1D,OAAO,GAAG,EAAE,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;IACtC,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,cAAc,EAAE,eAAe,CAAC,CAAC,CAAC;IAEzE,oEAAoE;IACpE,OAAO,4BAAG,QAAQ,GAAI,CAAC;AACxB,CAAC"}

package/dist/clerk/index.d.ts

@@ -1,37 +0,0 @@
-/**
- * Clerk authentication provider for Agentuity.
- *
- * Provides both client-side (React) and server-side (Hono) authentication.
- *
- * @example Client-side
- * ```tsx
- * import { ClerkProvider, useAuth } from '@clerk/clerk-react';
- * import { AgentuityProvider } from '@agentuity/react';
- * import { AgentuityClerk } from '@agentuity/auth/clerk';
- *
- * <ClerkProvider publishableKey={key}>
- *   <AgentuityProvider>
- *     <AgentuityClerk useAuth={useAuth}>
- *       <App />
- *     </AgentuityClerk>
- *   </AgentuityProvider>
- * </ClerkProvider>
- * ```
- *
- * @example Server-side
- * ```typescript
- * import { createMiddleware } from '@agentuity/auth/clerk';
- *
- * router.get('/api/profile', createMiddleware(), async (c) => {
- *   const user = await c.var.auth.getUser();
- *   return c.json({ email: user.email });
- * });
- * ```
- *
- * @module clerk
- */
-export { AgentuityClerk } from './client';
-export type { AgentuityClerkProps } from './client';
-export { createMiddleware } from './server';
-export type { ClerkMiddlewareOptions, ClerkJWTPayload, ClerkEnv } from './server';
-//# sourceMappingURL=index.d.ts.map

package/dist/clerk/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/clerk/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAC1C,YAAY,EAAE,mBAAmB,EAAE,MAAM,UAAU,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAC5C,YAAY,EAAE,sBAAsB,EAAE,eAAe,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC"}

package/dist/clerk/index.js

@@ -1,35 +0,0 @@
-/**
- * Clerk authentication provider for Agentuity.
- *
- * Provides both client-side (React) and server-side (Hono) authentication.
- *
- * @example Client-side
- * ```tsx
- * import { ClerkProvider, useAuth } from '@clerk/clerk-react';
- * import { AgentuityProvider } from '@agentuity/react';
- * import { AgentuityClerk } from '@agentuity/auth/clerk';
- *
- * <ClerkProvider publishableKey={key}>
- *   <AgentuityProvider>
- *     <AgentuityClerk useAuth={useAuth}>
- *       <App />
- *     </AgentuityClerk>
- *   </AgentuityProvider>
- * </ClerkProvider>
- * ```
- *
- * @example Server-side
- * ```typescript
- * import { createMiddleware } from '@agentuity/auth/clerk';
- *
- * router.get('/api/profile', createMiddleware(), async (c) => {
- *   const user = await c.var.auth.getUser();
- *   return c.json({ email: user.email });
- * });
- * ```
- *
- * @module clerk
- */
-export { AgentuityClerk } from './client';
-export { createMiddleware } from './server';
-//# sourceMappingURL=index.js.map

package/dist/clerk/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/clerk/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAE1C,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC"}

package/dist/clerk/server.d.ts

@@ -1,55 +0,0 @@
-/**
- * Clerk server-side authentication middleware for Hono.
- *
- * @module clerk/server
- */
-import type { User } from '@clerk/backend';
-import type { AgentuityAuth } from '../types';
-/**
- * Clerk JWT payload structure.
- */
-export interface ClerkJWTPayload {
-    /** Subject (user ID) */
-    sub: string;
-    /** Additional claims */
-    [key: string]: unknown;
-}
-/**
- * Environment type for Clerk middleware - provides typed context variables.
- */
-export type ClerkEnv = {
-    Variables: {
-        auth: AgentuityAuth<User, ClerkJWTPayload>;
-    };
-};
-/**
- * Options for Clerk middleware.
- */
-export interface ClerkMiddlewareOptions {
-    /** Clerk secret key (defaults to process.env.CLERK_SECRET_KEY) */
-    secretKey?: string;
-    /** Custom token extractor function */
-    getToken?: (authHeader: string) => string;
-    /** Clerk publishable key for token verification */
-    publishableKey?: string;
-}
-/**
- * Create Hono middleware for Clerk authentication.
- *
- * This middleware:
- * - Extracts and validates JWT tokens from Authorization header
- * - Returns 401 if token is missing or invalid
- * - Exposes authenticated user via c.var.auth
- *
- * @example
- * ```typescript
- * import { createMiddleware } from '@agentuity/auth/clerk';
- *
- * router.get('/api/profile', createMiddleware(), async (c) => {
- *   const user = await c.var.auth.getUser();
- *   return c.json({ email: user.email });
- * });
- * ```
- */
-export declare function createMiddleware(options?: ClerkMiddlewareOptions): import("hono/types").MiddlewareHandler<ClerkEnv, string, {}, Response>;
-//# sourceMappingURL=server.d.ts.map

package/dist/clerk/server.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/clerk/server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,KAAK,EAAE,aAAa,EAAqB,MAAM,UAAU,CAAC;AAEjE;;GAEG;AACH,MAAM,WAAW,eAAe;IAC/B,wBAAwB;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,wBAAwB;IACxB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,MAAM,QAAQ,GAAG;IACtB,SAAS,EAAE;QACV,IAAI,EAAE,aAAa,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;KAC3C,CAAC;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACtC,kEAAkE;IAClE,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,sCAAsC;IACtC,QAAQ,CAAC,EAAE,CAAC,UAAU,EAAE,MAAM,KAAK,MAAM,CAAC;IAE1C,mDAAmD;IACnD,cAAc,CAAC,EAAE,MAAM,CAAC;CACxB;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,GAAE,sBAA2B,0EA6FpE"}

package/dist/clerk/server.js

@@ -1,111 +0,0 @@
-/**
- * Clerk server-side authentication middleware for Hono.
- *
- * @module clerk/server
- */
-import { createMiddleware as createHonoMiddleware } from 'hono/factory';
-import { createClerkClient, verifyToken } from '@clerk/backend';
-/**
- * Create Hono middleware for Clerk authentication.
- *
- * This middleware:
- * - Extracts and validates JWT tokens from Authorization header
- * - Returns 401 if token is missing or invalid
- * - Exposes authenticated user via c.var.auth
- *
- * @example
- * ```typescript
- * import { createMiddleware } from '@agentuity/auth/clerk';
- *
- * router.get('/api/profile', createMiddleware(), async (c) => {
- *   const user = await c.var.auth.getUser();
- *   return c.json({ email: user.email });
- * });
- * ```
- */
-export function createMiddleware(options = {}) {
-    const secretKey = options.secretKey || process.env.CLERK_SECRET_KEY;
-    const publishableKey = options.publishableKey ||
-        process.env.AGENTUITY_PUBLIC_CLERK_PUBLISHABLE_KEY ||
-        process.env.CLERK_PUBLISHABLE_KEY;
-    if (!secretKey) {
-        console.error('[Clerk Auth] CLERK_SECRET_KEY is not set. Add it to your .env file or pass secretKey option to createMiddleware()');
-        throw new Error('Clerk secret key is required (set CLERK_SECRET_KEY or pass secretKey option)');
-    }
-    if (!publishableKey) {
-        console.warn('[Clerk Auth] AGENTUITY_PUBLIC_CLERK_PUBLISHABLE_KEY is not set. Token validation may fail. Add it to your .env file.');
-    }
-    // Create Clerk client instance
-    const clerkClient = createClerkClient({ secretKey });
-    return createHonoMiddleware(async (c, next) => {
-        const authHeader = c.req.header('Authorization');
-        if (!authHeader) {
-            return c.json({ error: 'Unauthorized' }, 401);
-        }
-        try {
-            // Extract token from Bearer header
-            let token;
-            if (options.getToken) {
-                token = options.getToken(authHeader);
-            }
-            else {
-                // Validate Authorization scheme is Bearer
-                if (!authHeader.match(/^Bearer\s+/i)) {
-                    return c.json({ error: 'Unauthorized' }, 401);
-                }
-                token = authHeader.replace(/^Bearer\s+/i, '');
-            }
-            // Ensure token is not empty
-            if (!token || token.trim().length === 0) {
-                return c.json({ error: 'Unauthorized' }, 401);
-            }
-            // Verify token with Clerk (delegates validation to provider)
-            const payload = (await verifyToken(token, {
-                secretKey,
-            }));
-            // Validate payload has required subject claim
-            if (!payload.sub || typeof payload.sub !== 'string') {
-                throw new Error('Invalid token: missing or invalid subject claim');
-            }
-            // Memoize user fetch to avoid multiple API calls
-            let cachedUser = null;
-            // Create auth object with Clerk user and payload types
-            const auth = {
-                async getUser() {
-                    if (cachedUser) {
-                        return cachedUser;
-                    }
-                    const user = await clerkClient.users.getUser(payload.sub);
-                    cachedUser = mapClerkUserToAgentuityUser(user);
-                    return cachedUser;
-                },
-                async getToken() {
-                    return token;
-                },
-                raw: payload,
-            };
-            c.set('auth', auth);
-            await next();
-        }
-        catch (error) {
-            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
-            const errorCode = error && typeof error === 'object' && 'code' in error && typeof error.code === 'string'
-                ? error.code
-                : 'CLERK_AUTH_ERROR';
-            console.error(`[Clerk Auth] Authentication failed: ${errorCode} - ${errorMessage}`);
-            return c.json({ error: 'Unauthorized' }, 401);
-        }
-    });
-}
-/**
- * Map Clerk User to AgentuityAuthUser.
- */
-function mapClerkUserToAgentuityUser(clerkUser) {
-    return {
-        id: clerkUser.id,
-        name: `${clerkUser.firstName || ''} ${clerkUser.lastName || ''}`.trim() || undefined,
-        email: clerkUser.emailAddresses[0]?.emailAddress,
-        raw: clerkUser,
-    };
-}
-//# sourceMappingURL=server.js.map

package/dist/clerk/server.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/clerk/server.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,gBAAgB,IAAI,oBAAoB,EAAE,MAAM,cAAc,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAqChE;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,gBAAgB,CAAC,UAAkC,EAAE;IACpE,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IACpE,MAAM,cAAc,GACnB,OAAO,CAAC,cAAc;QACtB,OAAO,CAAC,GAAG,CAAC,sCAAsC;QAClD,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;IAEnC,IAAI,CAAC,SAAS,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CACZ,mHAAmH,CACnH,CAAC;QACF,MAAM,IAAI,KAAK,CACd,8EAA8E,CAC9E,CAAC;IACH,CAAC;IAED,IAAI,CAAC,cAAc,EAAE,CAAC;QACrB,OAAO,CAAC,IAAI,CACX,sHAAsH,CACtH,CAAC;IACH,CAAC;IAED,+BAA+B;IAC/B,MAAM,WAAW,GAAG,iBAAiB,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;IAErD,OAAO,oBAAoB,CAAW,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvD,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QAEjD,IAAI,CAAC,UAAU,EAAE,CAAC;YACjB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;QAC/C,CAAC;QAED,IAAI,CAAC;YACJ,mCAAmC;YACnC,IAAI,KAAa,CAAC;YAClB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACtB,KAAK,GAAG,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACtC,CAAC;iBAAM,CAAC;gBACP,0CAA0C;gBAC1C,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,CAAC;oBACtC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;gBAC/C,CAAC;gBACD,KAAK,GAAG,UAAU,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;YAC/C,CAAC;YAED,4BAA4B;YAC5B,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;YAC/C,CAAC;YAED,6DAA6D;YAC7D,MAAM,OAAO,GAAG,CAAC,MAAM,WAAW,CAAC,KAAK,EAAE;gBACzC,SAAS;aACT,CAAC,CAAoB,CAAC;YAEvB,8CAA8C;YAC9C,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACrD,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACpE,CAAC;YAED,iDAAiD;YACjD,IAAI,UAAU,GAAmC,IAAI,CAAC;YAEtD,uDAAuD;YACvD,MAAM,IAAI,GAAyC;gBAClD,KAAK,CAAC,OAAO;oBACZ,IAAI,UAAU,EAAE,CAAC;wBAChB,OAAO,UAAU,CAAC;oBACnB,CAAC;oBACD,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;oBAC1D,UAAU,GAAG,2BAA2B,CAAC,IAAI,CAAC,CAAC;oBAC/C,OAAO,UAAU,CAAC;gBACnB,CAAC;gBAED,KAAK,CAAC,QAAQ;oBACb,OAAO,KAAK,CAAC;gBACd,CAAC;gBAED,GAAG,EAAE,OAAO;aACZ,CAAC;YAEF,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YACpB,MAAM,IAAI,EAAE,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YAC9E,MAAM,SAAS,GACd,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,MAAM,IAAI,KAAK,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ;gBACtF,CAAC,CAAC,KAAK,CAAC,IAAI;gBACZ,CAAC,CAAC,kBAAkB,CAAC;YACvB,OAAO,CAAC,KAAK,CAAC,uCAAuC,SAAS,MAAM,YAAY,EAAE,CAAC,CAAC;YACpF,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;QAC/C,CAAC;IACF,CAAC,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,2BAA2B,CAAC,SAAe;IACnD,OAAO;QACN,EAAE,EAAE,SAAS,CAAC,EAAE;QAChB,IAAI,EAAE,GAAG,SAAS,CAAC,SAAS,IAAI,EAAE,IAAI,SAAS,CAAC,QAAQ,IAAI,EAAE,EAAE,CAAC,IAAI,EAAE,IAAI,SAAS;QACpF,KAAK,EAAE,SAAS,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,YAAY;QAChD,GAAG,EAAE,SAAS;KACd,CAAC;AACH,CAAC"}

package/docs/adding-providers.md

@@ -1,261 +0,0 @@
-# Adding New Auth Providers
-
-Guide for implementing new authentication providers in `@agentuity/auth`.
-
-## Provider Structure
-
-Each provider follows a consistent structure:
-
-```
-src/<provider>/
-├── index.ts       # Re-exports client and server
-├── client.tsx     # React component for client-side auth
-└── server.ts      # Hono middleware for server-side validation
-```
-
-## Step 1: Create Provider Directory
-
-```bash
-mkdir -p src/workos
-```
-
-## Step 2: Implement Client Component
-
-```typescript
-// src/workos/client.tsx
-import React, { useEffect } from 'react';
-import { useAuth } from '@agentuity/react';
-import type { useAuth as WorkOSUseAuth } from '@workos/react';
-
-export interface AgentuityWorkOSProps {
-	children: React.ReactNode;
-	useAuth: typeof WorkOSUseAuth;
-}
-
-export function AgentuityWorkOS({ children, useAuth: workosUseAuth }: AgentuityWorkOSProps) {
-	const { getToken, isLoaded } = workosUseAuth();
-	const { setAuthHeader, setAuthLoading } = useAuth();
-
-	useEffect(() => {
-		if (!isLoaded || !setAuthHeader || !setAuthLoading) {
-			setAuthLoading?.(true);
-			return;
-		}
-
-		const fetchToken = async () => {
-			try {
-				setAuthLoading(true);
-				const token = await getToken();
-				setAuthHeader(token ? `Bearer ${token}` : null);
-			} catch (error) {
-				console.error('Failed to get WorkOS token:', error);
-				setAuthHeader(null);
-			} finally {
-				setAuthLoading(false);
-			}
-		};
-
-		fetchToken();
-	}, [getToken, isLoaded, setAuthHeader, setAuthLoading]);
-
-	return <>{children}</>;
-}
-```
-
-## Step 3: Implement Server Middleware
-
-```typescript
-// src/workos/server.ts
-import type { MiddlewareHandler } from 'hono';
-import { WorkOS } from '@workos-inc/node';
-import type { AgentuityAuth, AgentuityAuthUser } from '../types';
-
-export interface WorkOSMiddlewareOptions {
-	apiKey?: string;
-	clientId?: string;
-}
-
-export function createMiddleware(options: WorkOSMiddlewareOptions = {}): MiddlewareHandler {
-	const apiKey = options.apiKey || process.env.WORKOS_API_KEY;
-	const clientId = options.clientId || process.env.WORKOS_CLIENT_ID;
-
-	if (!apiKey) {
-		console.error('[WorkOS Auth] WORKOS_API_KEY is not set');
-		throw new Error('WorkOS API key is required');
-	}
-
-	const workos = new WorkOS(apiKey);
-
-	return async (c, next) => {
-		const authHeader = c.req.header('Authorization');
-
-		if (!authHeader) {
-			return c.json({ error: 'Unauthorized' }, 401);
-		}
-
-		try {
-			const token = authHeader.replace(/^Bearer\s+/i, '');
-			const { user } = await workos.userManagement.authenticateWithSessionCookie(token);
-
-			const auth: AgentuityAuth<typeof user, unknown> = {
-				async requireUser() {
-					return {
-						id: user.id,
-						email: user.email,
-						name: `${user.firstName} ${user.lastName}`.trim(),
-						raw: user,
-					};
-				},
-				async getToken() {
-					return token;
-				},
-				raw: {},
-			};
-
-			c.set('auth', auth);
-			await next();
-		} catch (error) {
-			console.error('WorkOS auth error:', error);
-			return c.json({ error: 'Unauthorized' }, 401);
-		}
-	};
-}
-
-declare module 'hono' {
-	interface ContextVariableMap {
-		auth: AgentuityAuth<any, unknown>;
-	}
-}
-```
-
-## Step 4: Create Index File
-
-```typescript
-// src/workos/index.ts
-export { AgentuityWorkOS } from './client';
-export type { AgentuityWorkOSProps } from './client';
-export { createMiddleware } from './server';
-export type { WorkOSMiddlewareOptions } from './server';
-```
-
-## Step 5: Update Package Exports
-
-```json
-// package.json
-{
-	"exports": {
-		".": "./src/index.ts",
-		"./clerk": "./src/clerk/index.ts",
-		"./workos": "./src/workos/index.ts"
-	},
-	"peerDependencies": {
-		"@workos-inc/node": "^7.0.0"
-	},
-	"peerDependenciesMeta": {
-		"@workos-inc/node": { "optional": true }
-	}
-}
-```
-
-## Step 6: Write Tests
-
-```typescript
-// test/workos-server.test.ts
-import { describe, test, expect } from 'bun:test';
-import { createMiddleware } from '../src/workos/server';
-
-describe('WorkOS server middleware', () => {
-	test('throws error when WORKOS_API_KEY is missing', () => {
-		delete process.env.WORKOS_API_KEY;
-		expect(() => createMiddleware()).toThrow('WorkOS API key is required');
-	});
-});
-```
-
-## Type Safety Requirements
-
-### Generic Types
-
-Providers must use generic types for full type safety:
-
-```typescript
-export interface AgentuityAuthUser<T = unknown> {
-	id: string;
-	name?: string;
-	email?: string;
-	raw: T; // Provider-specific user object
-}
-
-export interface AgentuityAuth<TUser = unknown, TRaw = unknown> {
-	requireUser(): Promise<AgentuityAuthUser<TUser>>;
-	getToken(): Promise<string | null>;
-	raw: TRaw; // Provider-specific auth object
-}
-```
-
-### Hono Module Augmentation
-
-Each provider must augment Hono's types:
-
-```typescript
-declare module 'hono' {
-	interface ContextVariableMap {
-		auth: AgentuityAuth<User, ClerkJWTPayload>;
-	}
-}
-```
-
-## Environment Variables
-
-Support these patterns:
-
-- **Public keys**: `AGENTUITY_PUBLIC_<PROVIDER>_<KEY>`
-- **Secret keys**: `<PROVIDER>_SECRET_KEY`
-- **Fallback**: Standard provider env var names
-
-## Common Patterns
-
-### Conditional Rendering
-
-```tsx
-function ProtectedComponent() {
-	const { isAuthenticated, authLoading } = useAuth();
-
-	if (authLoading) return <div>Loading...</div>;
-	if (!isAuthenticated) return <SignInButton />;
-	return <div>Protected content</div>;
-}
-```
-
-### Optional Auth Routes
-
-```typescript
-router.get('/public-or-personalized', async (c) => {
-	const authHeader = c.req.header('Authorization');
-	if (authHeader) {
-		try {
-			const user = await c.var.auth?.requireUser();
-			return c.json({ personalized: true, userId: user?.id });
-		} catch {
-			// Auth failed, treat as public
-		}
-	}
-	return c.json({ personalized: false });
-});
-```
-
-## Security Rules
-
-- **Never log secrets**: `console.log('Auth present:', !!authHeader)` not the actual token
-- **Validate on every request**: Don't cache validation results
-- **Use provider SDKs**: Never manually verify JWTs
-
-## Checklist
-
-1. Research provider's auth flow (JWT, session, OAuth)
-2. Implement client component (token fetching)
-3. Implement server middleware (token validation)
-4. Add Hono type augmentation
-5. Write tests
-6. Update package.json exports
-7. Create template if commonly used