@agentuity/auth 0.0.109 → 0.0.111

package/dist/agentuity/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/agentuity/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAc,KAAK,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAOjE,YAAY,EACX,YAAY,EACZ,kBAAkB,EAClB,sBAAsB,EACtB,sBAAsB,EACtB,MAAM,EACN,mBAAmB,EACnB,gBAAgB,EAChB,aAAa,EACb,uBAAuB,GACvB,MAAM,WAAW,CAAC;AAEnB,OAAO,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAC;AAEpD,OAAO,KAAK,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAC;AAG9E;;;GAGG;AACH,KAAK,cAAc,GAAG,MAAM,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,EAAE,OAAO,KAAK,MAAM,EAAE,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;AAMvF;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,QAAQ;IACxB;;;;;;;;OAQG;IACH,OAAO,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IAEjD;;;;;OAKG;IACH,GAAG,EAAE;QACJ;;;;;WAKG;QACH,UAAU,EAAE,CAAC,MAAM,EAAE;YAAE,OAAO,EAAE,OAAO,CAAA;SAAE,KAAK,OAAO,CAAC;YACrD,IAAI,EAAE;gBAAE,EAAE,EAAE,MAAM,CAAC;gBAAC,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;gBAAC,KAAK,EAAE,MAAM,CAAA;aAAE,CAAC;YAC1D,OAAO,EAAE;gBAAE,EAAE,EAAE,MAAM,CAAC;gBAAC,MAAM,EAAE,MAAM,CAAC;gBAAC,oBAAoB,CAAC,EAAE,MAAM,CAAA;aAAE,CAAC;SACvE,GAAG,IAAI,CAAC,CAAC;QAEV;;;;;WAKG;QACH,mBAAmB,EAAE,CAAC,MAAM,EAAE;YAC7B,KAAK,CAAC,EAAE;gBACP,cAAc,CAAC,EAAE,MAAM,CAAC;gBACxB,gBAAgB,CAAC,EAAE,MAAM,CAAC;gBAC1B,YAAY,CAAC,EAAE,MAAM,CAAC;aACtB,CAAC;YACF,OAAO,CAAC,EAAE,OAAO,CAAC;SAClB,KAAK,OAAO,CAAC;YACb,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,CAAC,EAAE,MAAM,CAAC;YACd,IAAI,CAAC,EAAE,MAAM,CAAC;YACd,OAAO,CAAC,EAAE,KAAK,CAAC;gBAAE,MAAM,EAAE,MAAM,CAAC;gBAAC,IAAI,EAAE,MAAM,CAAC;gBAAC,EAAE,CAAC,EAAE,MAAM,CAAA;aAAE,CAAC,CAAC;SAC/D,GAAG,IAAI,CAAC,CAAC;QAEV;;;;;WAKG;QACH,YAAY,EAAE,CAAC,MAAM,EAAE;YAAE,IAAI,EAAE;gBAAE,GAAG,EAAE,MAAM,CAAA;aAAE,CAAA;SAAE,KAAK,OAAO,CAAC;YAC5D,KAAK,EAAE,OAAO,CAAC;YACf,KAAK,CAAC,EAAE;gBAAE,OAAO,EAAE,MAAM,CAAC;gBAAC,IAAI,EAAE,MAAM,CAAA;aAAE,GAAG,IAAI,CAAC;YACjD,GAAG,CAAC,EAAE;gBACL,EAAE,EAAE,MAAM,CAAC;gBACX,IAAI,CAAC,EAAE,MAAM,CAAC;gBACd,MAAM,CAAC,EAAE,MAAM,CAAC;gBAChB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC;aAC9C,GAAG,IAAI,CAAC;SACT,CAAC,CAAC;KACH,GAAG,uBAAuB,CAAC;CAC5B;AA6GD;;;GAGG;AACH,MAAM,WAAW,WAAY,SAAQ,iBAAiB;IACrD;;;;;;;;;;;OAWG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;;OAGG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAE7B;;;OAGG;IACH,MAAM,CAAC,EAAE,mBAAmB,GAAG,KAAK,CAAC;CACrC;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,CAAC,aAAa,CAAC,EAAE,mBAAmB,GAAG,KAAK,SAsB5E;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AACH,wBAAgB,UAAU,CAAC,CAAC,SAAS,WAAW,EAAE,OAAO,EAAE,CAAC,GAoDpC,QAAQ;;;;;;;;;;;;;KACR;IACrB,GAAG,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mCASqinE,CAAC;kCAA4C,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAAu4O,CAAC;iCAAkD,CAAC;;;;;;;;;6BAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAA6nE,CAAC;iCAAkD,CAAC;;;;;;;;;6BAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAAmgG,CAAC;iCAAkD,CAAC;;;;;;;;;6BAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;iCAAioB,CAAC;iCAAkD,CAAC;;;;;;;;;6BAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAAq3D,CAAC;iCAAkD,CAAC;;;;;;;;;6BAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAA0iJ,CAAC;iCAAkD,CAAC;;;;;;;;;6BAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAAijD,CAAC;iCAAkD,CAAC;;;;;;;;;6BAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAAumD,CAAC;iCAAkD,CAAC;;;;;;;;;6BAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAAguC,CAAC;iCAAkD,CAAC;;;;;;;;;6BAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAA0yF,CAAC;iCAAkD,CAAC;;;;;;;;;6BAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAA07C,CAAC;iCAAkD,CAAC;;;;;;;;;6BAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAAygH,CAAC;iCAAkD,CAAC;;;;;;;;;6BAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iCAAu8I,CAAC;iCAAkD,CAAC;;;;;;;;;6BAA8Q,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;6BATnv3G,uBAAuB,CAAC;CACvD,CACF;AAED;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG,UAAU,CAAC,OAAO,UAAU,CAAC,CAAC"}

package/dist/agentuity/config.js

@@ -0,0 +1,220 @@
+/**
+ * Auth configuration for @agentuity/auth.
+ *
+ * Provides sensible defaults and wraps BetterAuth with Agentuity-specific helpers.
+ *
+ * @module agentuity/config
+ */
+import { betterAuth } from 'better-auth';
+import { drizzleAdapter } from 'better-auth/adapters/drizzle';
+import { organization, jwt, bearer, apiKey } from 'better-auth/plugins';
+import { drizzle } from 'drizzle-orm/bun-sql';
+import * as authSchema from '../schema';
+export { DEFAULT_API_KEY_OPTIONS } from './plugins';
+import { DEFAULT_API_KEY_OPTIONS } from './plugins';
+/**
+ * Safely parse a URL and return its origin, or undefined if invalid.
+ */
+function safeOrigin(url) {
+    if (!url)
+        return undefined;
+    try {
+        return new URL(url).origin;
+    }
+    catch {
+        return undefined;
+    }
+}
+/**
+ * Parse a domain or URL into an origin.
+ * Handles both full URLs (https://example.com) and bare domains (example.com).
+ * Bare domains default to https:// scheme.
+ */
+function parseOriginLike(value) {
+    const trimmed = value.trim();
+    if (!trimmed)
+        return undefined;
+    // If it looks like a URL with scheme, parse as-is
+    if (/^[a-zA-Z][a-zA-Z0-9+.-]*:\/\//.test(trimmed)) {
+        return safeOrigin(trimmed);
+    }
+    // Otherwise, treat as host[:port] and assume https
+    return safeOrigin(`https://${trimmed}`);
+}
+/**
+ * Resolve the base URL for the auth instance.
+ *
+ * Priority:
+ * 1. Explicit `baseURL` option
+ * 2. `AGENTUITY_BASE_URL` env var (Agentuity platform-injected)
+ * 3. `BETTER_AUTH_URL` env var (BetterAuth standard, for 3rd party SDK compatibility)
+ */
+function resolveBaseURL(explicitBaseURL) {
+    return explicitBaseURL ?? process.env.AGENTUITY_BASE_URL ?? process.env.BETTER_AUTH_URL;
+}
+/**
+ * Resolve the auth secret.
+ *
+ * Priority:
+ * 1. Explicit `secret` option
+ * 2. `AGENTUITY_AUTH_SECRET` env var (Agentuity convention)
+ * 3. `BETTER_AUTH_SECRET` env var (BetterAuth standard, for backward compatibility)
+ */
+function resolveSecret(explicitSecret) {
+    return explicitSecret ?? process.env.AGENTUITY_AUTH_SECRET ?? process.env.BETTER_AUTH_SECRET;
+}
+/**
+ * Create the default trustedOrigins function for Agentuity deployments.
+ *
+ * This provides zero-config CORS/origin handling:
+ * - Trusts the resolved baseURL origin
+ * - Trusts the AGENTUITY_BASE_URL origin
+ * - Trusts all domains from AGENTUITY_CLOUD_DOMAINS (platform-set, comma-separated)
+ * - Trusts additional domains from AUTH_TRUSTED_DOMAINS (developer-set, comma-separated)
+ * - Trusts the same-origin of incoming requests (request.url.origin)
+ *
+ * @param baseURL - The resolved base URL for the auth instance
+ */
+function createDefaultTrustedOrigins(baseURL) {
+    const agentuityURL = process.env.AGENTUITY_BASE_URL;
+    const cloudDomains = process.env.AGENTUITY_CLOUD_DOMAINS;
+    const devTrustedDomains = process.env.AUTH_TRUSTED_DOMAINS;
+    const staticOrigins = new Set();
+    const baseOrigin = safeOrigin(baseURL);
+    if (baseOrigin)
+        staticOrigins.add(baseOrigin);
+    const agentuityOrigin = safeOrigin(agentuityURL);
+    if (agentuityOrigin)
+        staticOrigins.add(agentuityOrigin);
+    // Platform-set cloud domains (deployment, project, PR, custom domains, tunnels)
+    if (cloudDomains) {
+        for (const raw of cloudDomains.split(',')) {
+            const origin = parseOriginLike(raw);
+            if (origin)
+                staticOrigins.add(origin);
+        }
+    }
+    // Developer-set additional trusted domains
+    if (devTrustedDomains) {
+        for (const raw of devTrustedDomains.split(',')) {
+            const origin = parseOriginLike(raw);
+            if (origin)
+                staticOrigins.add(origin);
+        }
+    }
+    return async (request) => {
+        const origins = new Set(staticOrigins);
+        if (request) {
+            const requestOrigin = safeOrigin(request.url);
+            if (requestOrigin)
+                origins.add(requestOrigin);
+        }
+        return [...origins];
+    };
+}
+/**
+ * Default plugins included with Agentuity auth.
+ *
+ * @param apiKeyOptions - API key plugin options, or false to disable
+ */
+export function getDefaultPlugins(apiKeyOptions) {
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    const plugins = [organization(), jwt(), bearer()];
+    // Add API key plugin unless explicitly disabled
+    if (apiKeyOptions !== false) {
+        const opts = { ...DEFAULT_API_KEY_OPTIONS, ...apiKeyOptions };
+        if (opts.enabled) {
+            plugins.push(apiKey({
+                apiKeyHeaders: opts.apiKeyHeaders,
+                enableSessionForAPIKeys: opts.enableSessionForAPIKeys,
+                defaultPrefix: opts.defaultPrefix,
+                defaultKeyLength: opts.defaultKeyLength,
+                enableMetadata: opts.enableMetadata,
+            }));
+        }
+    }
+    return plugins;
+}
+/**
+ * Create an Auth instance.
+ *
+ * This wraps BetterAuth with sensible defaults for Agentuity projects:
+ * - Default basePath: '/api/auth'
+ * - Email/password authentication enabled by default
+ * - Organization plugin for multi-tenancy
+ * - JWT plugin for token-based auth
+ * - Bearer plugin for API auth
+ * - API Key plugin for programmatic access
+ * - Experimental joins enabled by default for better performance
+ *
+ * @example Option A: Connection string (simplest)
+ * ```typescript
+ * import { createAuth } from '@agentuity/auth';
+ *
+ * export const auth = createAuth({
+ *   connectionString: process.env.DATABASE_URL,
+ * });
+ * ```
+ *
+ * @example Option B: Bring your own Drizzle
+ * ```typescript
+ * import { drizzle } from 'drizzle-orm/bun-sql';
+ * import { drizzleAdapter } from 'better-auth/adapters/drizzle';
+ * import * as authSchema from '@agentuity/auth/schema';
+ *
+ * const schema = { ...authSchema, ...myAppSchema };
+ * const db = drizzle(connectionString, { schema });
+ *
+ * export const auth = createAuth({
+ *   database: drizzleAdapter(db, { provider: 'pg', schema: authSchema }),
+ * });
+ * ```
+ *
+ * @example Option C: Other adapters (Prisma, MongoDB, etc.)
+ * ```typescript
+ * import { prismaAdapter } from 'better-auth/adapters/prisma';
+ *
+ * export const auth = createAuth({
+ *   database: prismaAdapter(new PrismaClient()),
+ * });
+ * ```
+ */
+export function createAuth(options) {
+    const { skipDefaultPlugins, plugins = [], apiKey: apiKeyOptions, connectionString, ...restOptions } = options;
+    const resolvedBaseURL = resolveBaseURL(restOptions.baseURL);
+    const resolvedSecret = resolveSecret(restOptions.secret);
+    // Apply Agentuity defaults
+    const basePath = restOptions.basePath ?? '/api/auth';
+    const emailAndPassword = restOptions.emailAndPassword ?? { enabled: true };
+    // Explicitly type to avoid union type inference issues with downstream consumers
+    const trustedOrigins = restOptions.trustedOrigins ?? createDefaultTrustedOrigins(resolvedBaseURL);
+    const defaultPlugins = skipDefaultPlugins ? [] : getDefaultPlugins(apiKeyOptions);
+    // Handle database configuration
+    let database = restOptions.database;
+    // ConnectionString provided - create Bun SQL connection + drizzle internally
+    if (connectionString && !database) {
+        const db = drizzle(connectionString, { schema: authSchema });
+        database = drizzleAdapter(db, {
+            provider: 'pg',
+            schema: authSchema,
+        });
+    }
+    // Default experimental.joins to true for better performance
+    const experimental = {
+        joins: true,
+        ...restOptions.experimental,
+    };
+    const authInstance = betterAuth({
+        ...restOptions,
+        database,
+        basePath,
+        emailAndPassword,
+        experimental,
+        ...(resolvedBaseURL ? { baseURL: resolvedBaseURL } : {}),
+        ...(resolvedSecret ? { secret: resolvedSecret } : {}),
+        trustedOrigins,
+        plugins: [...defaultPlugins, ...plugins],
+    });
+    return authInstance;
+}
+//# sourceMappingURL=config.js.map

package/dist/agentuity/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/agentuity/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,UAAU,EAA0B,MAAM,aAAa,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AACxE,OAAO,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC9C,OAAO,KAAK,UAAU,MAAM,WAAW,CAAC;AAexC,OAAO,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAC;AAGpD,OAAO,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAC;AAgGpD;;GAEG;AACH,SAAS,UAAU,CAAC,GAAuB;IAC1C,IAAI,CAAC,GAAG;QAAE,OAAO,SAAS,CAAC;IAC3B,IAAI,CAAC;QACJ,OAAO,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,SAAS,CAAC;IAClB,CAAC;AACF,CAAC;AAED;;;;GAIG;AACH,SAAS,eAAe,CAAC,KAAa;IACrC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC,OAAO;QAAE,OAAO,SAAS,CAAC;IAE/B,kDAAkD;IAClD,IAAI,+BAA+B,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,OAAO,UAAU,CAAC,OAAO,CAAC,CAAC;IAC5B,CAAC;IAED,mDAAmD;IACnD,OAAO,UAAU,CAAC,WAAW,OAAO,EAAE,CAAC,CAAC;AACzC,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,cAAc,CAAC,eAAwB;IAC/C,OAAO,eAAe,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;AACzF,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,aAAa,CAAC,cAAuB;IAC7C,OAAO,cAAc,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;AAC9F,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAS,2BAA2B,CAAC,OAAgB;IACpD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;IACpD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IACzD,MAAM,iBAAiB,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IAE3D,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;IAExC,MAAM,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;IACvC,IAAI,UAAU;QAAE,aAAa,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAE9C,MAAM,eAAe,GAAG,UAAU,CAAC,YAAY,CAAC,CAAC;IACjD,IAAI,eAAe;QAAE,aAAa,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IAExD,gFAAgF;IAChF,IAAI,YAAY,EAAE,CAAC;QAClB,KAAK,MAAM,GAAG,IAAI,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;YACpC,IAAI,MAAM;gBAAE,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC;IACF,CAAC;IAED,2CAA2C;IAC3C,IAAI,iBAAiB,EAAE,CAAC;QACvB,KAAK,MAAM,GAAG,IAAI,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YAChD,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;YACpC,IAAI,MAAM;gBAAE,aAAa,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC;IACF,CAAC;IAED,OAAO,KAAK,EAAE,OAAiB,EAAqB,EAAE;QACrD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;QAEvC,IAAI,OAAO,EAAE,CAAC;YACb,MAAM,aAAa,GAAG,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAC9C,IAAI,aAAa;gBAAE,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QAC/C,CAAC;QAED,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC;IACrB,CAAC,CAAC;AACH,CAAC;AAkCD;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAAC,aAA2C;IAC5E,8DAA8D;IAC9D,MAAM,OAAO,GAAU,CAAC,YAAY,EAAE,EAAE,GAAG,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;IAEzD,gDAAgD;IAChD,IAAI,aAAa,KAAK,KAAK,EAAE,CAAC;QAC7B,MAAM,IAAI,GAAG,EAAE,GAAG,uBAAuB,EAAE,GAAG,aAAa,EAAE,CAAC;QAE9D,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,OAAO,CAAC,IAAI,CACX,MAAM,CAAC;gBACN,aAAa,EAAE,IAAI,CAAC,aAAa;gBACjC,uBAAuB,EAAE,IAAI,CAAC,uBAAuB;gBACrD,aAAa,EAAE,IAAI,CAAC,aAAa;gBACjC,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;gBACvC,cAAc,EAAE,IAAI,CAAC,cAAc;aACnC,CAAC,CACF,CAAC;QACH,CAAC;IACF,CAAC;IAED,OAAO,OAAO,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AACH,MAAM,UAAU,UAAU,CAAwB,OAAU;IAC3D,MAAM,EACL,kBAAkB,EAClB,OAAO,GAAG,EAAE,EACZ,MAAM,EAAE,aAAa,EACrB,gBAAgB,EAChB,GAAG,WAAW,EACd,GAAG,OAAO,CAAC;IAEZ,MAAM,eAAe,GAAG,cAAc,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IAC5D,MAAM,cAAc,GAAG,aAAa,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IAEzD,2BAA2B;IAC3B,MAAM,QAAQ,GAAG,WAAW,CAAC,QAAQ,IAAI,WAAW,CAAC;IACrD,MAAM,gBAAgB,GAAG,WAAW,CAAC,gBAAgB,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAE3E,iFAAiF;IACjF,MAAM,cAAc,GACnB,WAAW,CAAC,cAAc,IAAI,2BAA2B,CAAC,eAAe,CAAC,CAAC;IAE5E,MAAM,cAAc,GAAG,kBAAkB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAC;IAElF,gCAAgC;IAChC,IAAI,QAAQ,GAAG,WAAW,CAAC,QAAQ,CAAC;IAEpC,6EAA6E;IAC7E,IAAI,gBAAgB,IAAI,CAAC,QAAQ,EAAE,CAAC;QACnC,MAAM,EAAE,GAAG,OAAO,CAAC,gBAAgB,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC;QAC7D,QAAQ,GAAG,cAAc,CAAC,EAAE,EAAE;YAC7B,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,UAAU;SAClB,CAAC,CAAC;IACJ,CAAC;IAED,4DAA4D;IAC5D,MAAM,YAAY,GAAG;QACpB,KAAK,EAAE,IAAI;QACX,GAAG,WAAW,CAAC,YAAY;KAC3B,CAAC;IAEF,MAAM,YAAY,GAAG,UAAU,CAAC;QAC/B,GAAG,WAAW;QACd,QAAQ;QACR,QAAQ;QACR,gBAAgB;QAChB,YAAY;QACZ,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACxD,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrD,cAAc;QACd,OAAO,EAAE,CAAC,GAAG,cAAc,EAAE,GAAG,OAAO,CAAC;KACxC,CAAC,CAAC;IAEH,OAAO,YAGL,CAAC;AACJ,CAAC"}

package/dist/agentuity/plugins/api-key.d.ts

@@ -0,0 +1,152 @@
+/**
+ * API Key plugin types for @agentuity/auth.
+ *
+ * Server-side API methods for API key management provided by BetterAuth's
+ * API Key plugin. Enables programmatic access to your application.
+ *
+ * @see https://better-auth.com/docs/plugins/api-key
+ * @module agentuity/plugins/api-key
+ */
+/**
+ * API Key data returned from API calls.
+ */
+export interface ApiKey {
+    id: string;
+    name: string;
+    key?: string;
+    start?: string;
+    userId?: string;
+    expiresAt?: Date | null;
+    createdAt: Date;
+    permissions?: Record<string, string[]> | null;
+    metadata?: Record<string, unknown> | null;
+}
+/**
+ * API Key plugin configuration options.
+ */
+export interface ApiKeyPluginOptions {
+    /**
+     * Whether to enable API key authentication.
+     * Defaults to true.
+     */
+    enabled?: boolean;
+    /**
+     * Header names to check for API key.
+     * Defaults to ['x-agentuity-auth-api-key', 'X-Agentuity-Auth-Api-Key'].
+     */
+    apiKeyHeaders?: string[];
+    /**
+     * Whether API keys should create mock sessions for the user.
+     * This allows API key auth to work seamlessly with session-based middleware.
+     * Defaults to true.
+     */
+    enableSessionForAPIKeys?: boolean;
+    /**
+     * Default prefix for generated API keys.
+     * Defaults to 'ag_'.
+     */
+    defaultPrefix?: string;
+    /**
+     * Default length for generated API keys (excluding prefix).
+     * Defaults to 64.
+     */
+    defaultKeyLength?: number;
+    /**
+     * Whether to enable metadata storage on API keys.
+     * Defaults to true.
+     */
+    enableMetadata?: boolean;
+}
+/**
+ * Default API key plugin options.
+ */
+export declare const DEFAULT_API_KEY_OPTIONS: Required<ApiKeyPluginOptions>;
+/**
+ * Server-side API methods for API key management.
+ *
+ * These methods are added by the BetterAuth API Key plugin and provide
+ * programmatic access to your application via API keys.
+ *
+ * @see https://better-auth.com/docs/plugins/api-key
+ */
+export interface ApiKeyApiMethods {
+    /**
+     * Create a new API key.
+     *
+     * When using session headers, the key is created for the authenticated user.
+     * For server-side creation (without headers), pass `userId` explicitly.
+     *
+     * **Important:** The full API key is only returned once at creation time.
+     * Store it securely - it cannot be retrieved later.
+     */
+    createApiKey: (params: {
+        body: {
+            name?: string;
+            expiresIn?: number;
+            prefix?: string;
+            userId?: string;
+            permissions?: Record<string, string[]>;
+            remaining?: number;
+            metadata?: Record<string, unknown>;
+            refillAmount?: number;
+            refillInterval?: number;
+            rateLimitTimeWindow?: number;
+            rateLimitMax?: number;
+            rateLimitEnabled?: boolean;
+        };
+        headers?: Headers;
+    }) => Promise<ApiKey>;
+    /**
+     * List all API keys for the authenticated user.
+     *
+     * Note: The full key value is not returned - only the `start` prefix
+     * for identification purposes.
+     */
+    listApiKeys: (params: {
+        headers?: Headers;
+    }) => Promise<Array<{
+        id: string;
+        name: string;
+        start: string;
+        expiresAt?: Date | null;
+        createdAt: Date;
+    }>>;
+    /**
+     * Delete an API key.
+     *
+     * The key is immediately revoked and can no longer be used for authentication.
+     */
+    deleteApiKey: (params: {
+        body: {
+            keyId: string;
+        };
+        headers?: Headers;
+    }) => Promise<{
+        success: boolean;
+    }>;
+    /**
+     * Verify an API key and get its metadata.
+     *
+     * Used internally by middleware, but can also be called directly
+     * for custom API key validation logic.
+     */
+    verifyApiKey: (params: {
+        body: {
+            key: string;
+        };
+        headers?: Headers;
+    }) => Promise<{
+        valid: boolean;
+        error?: {
+            message: string;
+            code: string;
+        } | null;
+        key?: {
+            id: string;
+            name: string;
+            userId: string;
+            permissions?: Record<string, string[]> | null;
+        } | null;
+    }>;
+}
+//# sourceMappingURL=api-key.d.ts.map

package/dist/agentuity/plugins/api-key.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key.d.ts","sourceRoot":"","sources":["../../../src/agentuity/plugins/api-key.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;GAEG;AACH,MAAM,WAAW,MAAM;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IACxB,SAAS,EAAE,IAAI,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC;IAC9C,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CAC1C;AAED;;GAEG;AACH,MAAM,WAAW,mBAAmB;IACnC;;;OAGG;IACH,OAAO,CAAC,EAAE,OAAO,CAAC;IAElB;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC;IAEzB;;;;OAIG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAElC;;;OAGG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IAEvB;;;OAGG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;;OAGG;IACH,cAAc,CAAC,EAAE,OAAO,CAAC;CACzB;AAED;;GAEG;AACH,eAAO,MAAM,uBAAuB,EAAE,QAAQ,CAAC,mBAAmB,CAOjE,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,WAAW,gBAAgB;IAChC;;;;;;;;OAQG;IACH,YAAY,EAAE,CAAC,MAAM,EAAE;QACtB,IAAI,EAAE;YACL,IAAI,CAAC,EAAE,MAAM,CAAC;YACd,SAAS,CAAC,EAAE,MAAM,CAAC;YACnB,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB,MAAM,CAAC,EAAE,MAAM,CAAC;YAChB,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;YACvC,SAAS,CAAC,EAAE,MAAM,CAAC;YACnB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YACnC,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,cAAc,CAAC,EAAE,MAAM,CAAC;YACxB,mBAAmB,CAAC,EAAE,MAAM,CAAC;YAC7B,YAAY,CAAC,EAAE,MAAM,CAAC;YACtB,gBAAgB,CAAC,EAAE,OAAO,CAAC;SAC3B,CAAC;QACF,OAAO,CAAC,EAAE,OAAO,CAAC;KAClB,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAEtB;;;;;OAKG;IACH,WAAW,EAAE,CAAC,MAAM,EAAE;QAAE,OAAO,CAAC,EAAE,OAAO,CAAA;KAAE,KAAK,OAAO,CACtD,KAAK,CAAC;QACL,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,EAAE,MAAM,CAAC;QACd,SAAS,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;QACxB,SAAS,EAAE,IAAI,CAAC;KAChB,CAAC,CACF,CAAC;IAEF;;;;OAIG;IACH,YAAY,EAAE,CAAC,MAAM,EAAE;QACtB,IAAI,EAAE;YAAE,KAAK,EAAE,MAAM,CAAA;SAAE,CAAC;QACxB,OAAO,CAAC,EAAE,OAAO,CAAC;KAClB,KAAK,OAAO,CAAC;QAAE,OAAO,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IAEpC;;;;;OAKG;IACH,YAAY,EAAE,CAAC,MAAM,EAAE;QAAE,IAAI,EAAE;YAAE,GAAG,EAAE,MAAM,CAAA;SAAE,CAAC;QAAC,OAAO,CAAC,EAAE,OAAO,CAAA;KAAE,KAAK,OAAO,CAAC;QAC/E,KAAK,EAAE,OAAO,CAAC;QACf,KAAK,CAAC,EAAE;YAAE,OAAO,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,GAAG,IAAI,CAAC;QACjD,GAAG,CAAC,EAAE;YACL,EAAE,EAAE,MAAM,CAAC;YACX,IAAI,EAAE,MAAM,CAAC;YACb,MAAM,EAAE,MAAM,CAAC;YACf,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC;SAC9C,GAAG,IAAI,CAAC;KACT,CAAC,CAAC;CACH"}

package/dist/agentuity/plugins/api-key.js

@@ -0,0 +1,21 @@
+/**
+ * API Key plugin types for @agentuity/auth.
+ *
+ * Server-side API methods for API key management provided by BetterAuth's
+ * API Key plugin. Enables programmatic access to your application.
+ *
+ * @see https://better-auth.com/docs/plugins/api-key
+ * @module agentuity/plugins/api-key
+ */
+/**
+ * Default API key plugin options.
+ */
+export const DEFAULT_API_KEY_OPTIONS = {
+    enabled: true,
+    apiKeyHeaders: ['x-agentuity-auth-api-key', 'X-Agentuity-Auth-Api-Key'],
+    enableSessionForAPIKeys: true,
+    defaultPrefix: 'ag_',
+    defaultKeyLength: 64,
+    enableMetadata: true,
+};
+//# sourceMappingURL=api-key.js.map

package/dist/agentuity/plugins/api-key.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key.js","sourceRoot":"","sources":["../../../src/agentuity/plugins/api-key.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AA2DH;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAkC;IACrE,OAAO,EAAE,IAAI;IACb,aAAa,EAAE,CAAC,0BAA0B,EAAE,0BAA0B,CAAC;IACvE,uBAAuB,EAAE,IAAI;IAC7B,aAAa,EAAE,KAAK;IACpB,gBAAgB,EAAE,EAAE;IACpB,cAAc,EAAE,IAAI;CACpB,CAAC"}

package/dist/agentuity/plugins/index.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Plugin type exports for @agentuity/auth.
+ *
+ * This module re-exports all plugin-specific types and interfaces for
+ * convenient access. Each plugin has its own file for easier maintenance.
+ *
+ * @module agentuity/plugins
+ */
+export type { Organization, OrganizationMember, OrganizationInvitation, OrganizationApiMethods, } from './organization';
+export type { ApiKey, ApiKeyPluginOptions, ApiKeyApiMethods } from './api-key';
+export { DEFAULT_API_KEY_OPTIONS } from './api-key';
+export type { JwtApiMethods } from './jwt';
+/**
+ * Combined API extensions from all default plugins.
+ *
+ * This type represents all the server-side API methods added by the
+ * default Agentuity auth plugins (organization, jwt, bearer, apiKey).
+ */
+import type { OrganizationApiMethods } from './organization';
+import type { ApiKeyApiMethods } from './api-key';
+import type { JwtApiMethods } from './jwt';
+export type DefaultPluginApiMethods = OrganizationApiMethods & ApiKeyApiMethods & JwtApiMethods;
+//# sourceMappingURL=index.d.ts.map

package/dist/agentuity/plugins/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/agentuity/plugins/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,YAAY,EACX,YAAY,EACZ,kBAAkB,EAClB,sBAAsB,EACtB,sBAAsB,GACtB,MAAM,gBAAgB,CAAC;AAGxB,YAAY,EAAE,MAAM,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC/E,OAAO,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAC;AAGpD,YAAY,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AAE3C;;;;;GAKG;AACH,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,gBAAgB,CAAC;AAC7D,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAClD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AAE3C,MAAM,MAAM,uBAAuB,GAAG,sBAAsB,GAAG,gBAAgB,GAAG,aAAa,CAAC"}

package/dist/agentuity/plugins/index.js

@@ -0,0 +1,10 @@
+/**
+ * Plugin type exports for @agentuity/auth.
+ *
+ * This module re-exports all plugin-specific types and interfaces for
+ * convenient access. Each plugin has its own file for easier maintenance.
+ *
+ * @module agentuity/plugins
+ */
+export { DEFAULT_API_KEY_OPTIONS } from './api-key';
+//# sourceMappingURL=index.js.map

package/dist/agentuity/plugins/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/agentuity/plugins/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAYH,OAAO,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAC"}

package/dist/agentuity/plugins/jwt.d.ts

@@ -0,0 +1,34 @@
+/**
+ * JWT plugin types for @agentuity/auth.
+ *
+ * Server-side API methods for JWT token management provided by BetterAuth's
+ * JWT plugin. Enables token-based authentication.
+ *
+ * @see https://better-auth.com/docs/plugins/jwt
+ * @module agentuity/plugins/jwt
+ */
+/**
+ * Server-side API methods for JWT token management.
+ *
+ * These methods are added by the BetterAuth JWT plugin and provide
+ * JWT token generation for authenticated users.
+ *
+ * @see https://better-auth.com/docs/plugins/jwt
+ */
+export interface JwtApiMethods {
+    /**
+     * Get a JWT token for the authenticated user.
+     *
+     * The token can be used with the Bearer plugin for stateless
+     * authentication in subsequent requests.
+     *
+     * The JWKS endpoint for token verification is available at:
+     * `{baseURL}/api/auth/.well-known/jwks.json`
+     */
+    getToken: (params: {
+        headers?: Headers;
+    }) => Promise<{
+        token: string;
+    }>;
+}
+//# sourceMappingURL=jwt.d.ts.map

package/dist/agentuity/plugins/jwt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../../src/agentuity/plugins/jwt.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;;;;;GAOG;AACH,MAAM,WAAW,aAAa;IAC7B;;;;;;;;OAQG;IACH,QAAQ,EAAE,CAAC,MAAM,EAAE;QAAE,OAAO,CAAC,EAAE,OAAO,CAAA;KAAE,KAAK,OAAO,CAAC;QAAE,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CACxE"}

package/dist/agentuity/plugins/jwt.js

@@ -0,0 +1,11 @@
+/**
+ * JWT plugin types for @agentuity/auth.
+ *
+ * Server-side API methods for JWT token management provided by BetterAuth's
+ * JWT plugin. Enables token-based authentication.
+ *
+ * @see https://better-auth.com/docs/plugins/jwt
+ * @module agentuity/plugins/jwt
+ */
+export {};
+//# sourceMappingURL=jwt.js.map

package/dist/agentuity/plugins/jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../../src/agentuity/plugins/jwt.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG"}