@agentuity/auth 0.0.109 → 0.0.111

package/dist/agentuity/types.d.ts

@@ -0,0 +1,172 @@
+/**
+ * Auth types for @agentuity/auth.
+ *
+ * @module agentuity/types
+ */
+import type { Session as BetterAuthSession, User as BetterAuthUser } from 'better-auth';
+import type { AgentuityAuth } from '../types';
+/**
+ * Canonical authenticated user type for Agentuity Auth.
+ *
+ * This is an alias for BetterAuth's `User` type and represents the shape of
+ * the `user` object you receive from:
+ *
+ * - `AuthInterface#getUser()` / `c.var.auth.getUser()` on the server
+ * - `c.var.user` in Hono route handlers
+ * - React hooks and context (`useAuth().user`) in `@agentuity/auth/react`
+ *
+ * Common fields include:
+ * - `id` – Stable user identifier
+ * - `email` – Primary email address
+ * - `name` – Display name
+ * - `image` – Avatar URL (if configured)
+ * - `createdAt` / `updatedAt` – Timestamps
+ *
+ * The exact fields are defined by BetterAuth and may be extended by plugins.
+ *
+ * @remarks
+ * Prefer using this `AuthUser` alias instead of referring to BetterAuth's
+ * `User` type directly so your code stays aligned with Agentuity's auth
+ * abstractions.
+ */
+export type AuthUser = BetterAuthUser;
+/**
+ * Auth session type.
+ * Extends BetterAuth's Session with organization plugin fields.
+ */
+export type AuthSession = BetterAuthSession & {
+    /** Active organization ID from the organization plugin */
+    activeOrganizationId?: string;
+};
+/**
+ * Auth context containing user, session, and org data.
+ * This is the full auth context available on AgentContext.auth and c.var.auth.
+ * Session may be null for API key authentication.
+ */
+export interface AuthContext<TUser = AuthUser, TSession = AuthSession | null> {
+    user: TUser;
+    session: TSession;
+    org: AuthOrgContext | null;
+}
+/**
+ * Organization context from the organization plugin.
+ */
+export interface AuthOrgContext {
+    /** Organization ID */
+    id: string;
+    /** Organization slug (URL-friendly identifier) */
+    slug?: string | null;
+    /** Organization display name */
+    name?: string | null;
+    /** Member's role in this organization (e.g., 'owner', 'admin', 'member') */
+    role?: string | null;
+    /** Member ID for this user in this organization */
+    memberId?: string | null;
+    /** Organization metadata (if enabled) */
+    metadata?: unknown;
+}
+/**
+ * API key permissions format.
+ * Maps resource names to arrays of allowed actions.
+ *
+ * @example
+ * ```typescript
+ * const permissions: AuthApiKeyPermissions = {
+ *   project: ['read', 'write'],
+ *   user: ['read'],
+ *   admin: ['*'], // wildcard - all actions
+ * };
+ * ```
+ */
+export type AuthApiKeyPermissions = Record<string, string[]>;
+/**
+ * API key context when request is authenticated via API key.
+ */
+export interface AuthApiKeyContext {
+    /** API key ID */
+    id: string;
+    /** Display name of the API key */
+    name?: string | null;
+    /** Permissions associated with this API key */
+    permissions: AuthApiKeyPermissions;
+    /** User ID the API key belongs to */
+    userId?: string | null;
+}
+/**
+ * Authentication method used for the current request.
+ */
+export type AuthMethod = 'session' | 'api-key' | 'bearer';
+/**
+ * Organization helpers available on the auth context.
+ */
+export interface AuthOrgHelpers {
+    /** Active organization context if available, null otherwise */
+    org: AuthOrgContext | null;
+    /** Returns active org or null (never throws) */
+    getOrg(): Promise<AuthOrgContext | null>;
+    /** Convenience accessor for the member's role on the active org */
+    getOrgRole(): Promise<string | null>;
+    /** True if the current member's role is one of the provided roles */
+    hasOrgRole(...roles: string[]): Promise<boolean>;
+}
+/**
+ * API key helpers available on the auth context.
+ */
+export interface AuthApiKeyHelpers {
+    /** How this request was authenticated */
+    authMethod: AuthMethod;
+    /** API key context when request is authenticated via API key, null otherwise */
+    apiKey: AuthApiKeyContext | null;
+    /**
+     * Check if the API key has the required permissions.
+     * All specified actions must be present for the resource.
+     * Supports '*' wildcard which matches any action.
+     *
+     * @param resource - The resource to check (e.g., 'project', 'user')
+     * @param actions - Actions required (e.g., 'read', 'write')
+     * @returns true if all actions are permitted, false otherwise
+     *
+     * @example
+     * ```typescript
+     * // Check for specific permission
+     * if (c.var.auth.hasPermission('project', 'write')) { ... }
+     *
+     * // Check for multiple permissions (all required)
+     * if (c.var.auth.hasPermission('project', 'read', 'write')) { ... }
+     * ```
+     */
+    hasPermission(resource: string, ...actions: string[]): boolean;
+}
+/**
+ * Full authentication interface available on `c.var.auth` and `ctx.auth`.
+ *
+ * This is the primary interface you'll use to access authentication data
+ * in your route handlers and agents. It provides:
+ *
+ * - User data via `getUser()`
+ * - Organization helpers via `getOrg()`, `getOrgRole()`, `hasOrgRole()`
+ * - API key helpers via `apiKey`, `hasPermission()`
+ * - Token access via `getToken()`
+ *
+ * @example Route handler
+ * ```typescript
+ * app.get('/api/profile', async (c) => {
+ *   const user = await c.var.auth.getUser();
+ *   const org = await c.var.auth.getOrg();
+ *   return c.json({ user, org });
+ * });
+ * ```
+ *
+ * @example Agent handler
+ * ```typescript
+ * handler: async (ctx, input) => {
+ *   if (!ctx.auth) return { error: 'Unauthorized' };
+ *   const user = await ctx.auth.getUser();
+ *   return { message: `Hello, ${user.email}!` };
+ * }
+ * ```
+ *
+ * @typeParam TUser - User type (defaults to AuthUser)
+ */
+export type AuthInterface<TUser = AuthUser> = AgentuityAuth<TUser, AuthContext> & AuthOrgHelpers & AuthApiKeyHelpers;
+//# sourceMappingURL=types.d.ts.map

package/dist/agentuity/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/agentuity/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,OAAO,IAAI,iBAAiB,EAAE,IAAI,IAAI,cAAc,EAAE,MAAM,aAAa,CAAC;AACxF,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAM9C;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAM,MAAM,QAAQ,GAAG,cAAc,CAAC;AAEtC;;;GAGG;AACH,MAAM,MAAM,WAAW,GAAG,iBAAiB,GAAG;IAC7C,0DAA0D;IAC1D,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC9B,CAAC;AAEF;;;;GAIG;AACH,MAAM,WAAW,WAAW,CAAC,KAAK,GAAG,QAAQ,EAAE,QAAQ,GAAG,WAAW,GAAG,IAAI;IAC3E,IAAI,EAAE,KAAK,CAAC;IACZ,OAAO,EAAE,QAAQ,CAAC;IAClB,GAAG,EAAE,cAAc,GAAG,IAAI,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC9B,sBAAsB;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,kDAAkD;IAClD,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,gCAAgC;IAChC,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,4EAA4E;IAC5E,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,mDAAmD;IACnD,QAAQ,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,yCAAyC;IACzC,QAAQ,CAAC,EAAE,OAAO,CAAC;CACnB;AAMD;;;;;;;;;;;;GAYG;AACH,MAAM,MAAM,qBAAqB,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAAC;AAE7D;;GAEG;AACH,MAAM,WAAW,iBAAiB;IACjC,iBAAiB;IACjB,EAAE,EAAE,MAAM,CAAC;IACX,kCAAkC;IAClC,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,+CAA+C;IAC/C,WAAW,EAAE,qBAAqB,CAAC;IACnC,qCAAqC;IACrC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,MAAM,UAAU,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,CAAC;AAM1D;;GAEG;AACH,MAAM,WAAW,cAAc;IAC9B,+DAA+D;IAC/D,GAAG,EAAE,cAAc,GAAG,IAAI,CAAC;IAE3B,gDAAgD;IAChD,MAAM,IAAI,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAAC;IAEzC,mEAAmE;IACnE,UAAU,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAErC,qEAAqE;IACrE,UAAU,CAAC,GAAG,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CACjD;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IACjC,yCAAyC;IACzC,UAAU,EAAE,UAAU,CAAC;IAEvB,gFAAgF;IAChF,MAAM,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAEjC;;;;;;;;;;;;;;;;;OAiBG;IACH,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,OAAO,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;CAC/D;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,MAAM,MAAM,aAAa,CAAC,KAAK,GAAG,QAAQ,IAAI,aAAa,CAAC,KAAK,EAAE,WAAW,CAAC,GAC9E,cAAc,GACd,iBAAiB,CAAC"}

package/dist/agentuity/types.js

@@ -0,0 +1,7 @@
+/**
+ * Auth types for @agentuity/auth.
+ *
+ * @module agentuity/types
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/agentuity/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/agentuity/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}

package/dist/index.d.ts

@@ -1,18 +1,41 @@
 /**
- * @agentuity/auth - Authentication helpers for identity providers
+ * @agentuity/auth - Authentication for Agentuity projects
  *
- * Currently supports Clerk, with more providers coming soon.
+ * Provides first-class authentication powered by BetterAuth.
  *
- * @example Clerk Integration
+ * This is the server-only entry point. For React components, import from '@agentuity/auth/react'.
+ *
+ * @example Server-side setup
  * ```typescript
- * // Client-side (React)
- * import { AgentuityClerk } from '@agentuity/auth/clerk';
+ * import { createAuth, createSessionMiddleware, mountAuthRoutes } from '@agentuity/auth';
+ *
+ * const auth = createAuth({
+ *   connectionString: process.env.DATABASE_URL,
+ * });
+ *
+ * api.on(['GET', 'POST'], '/api/auth/*', mountAuthRoutes(auth));
+ * api.use('/api/*', createSessionMiddleware(auth));
+ * ```
+ *
+ * @example Client-side setup
+ * ```tsx
+ * import { createAuthClient, AuthProvider } from '@agentuity/auth/react';
+ *
+ * const authClient = createAuthClient();
  *
- * // Server-side (Hono)
- * import { createMiddleware } from '@agentuity/auth/clerk';
+ * <AgentuityProvider>
+ *   <AuthProvider authClient={authClient}>
+ *     <App />
+ *   </AuthProvider>
+ * </AgentuityProvider>
  * ```
  *
  * @module @agentuity/auth
  */
-export type { AgentuityAuthUser, AgentuityAuth } from './types';
+export { createAuth, getDefaultPlugins, DEFAULT_API_KEY_OPTIONS } from './agentuity/config';
+export type { AuthOptions, AuthInstance, AuthBase, ApiKeyPluginOptions, OrganizationApiMethods, ApiKeyApiMethods, JwtApiMethods, DefaultPluginApiMethods, } from './agentuity/config';
+export { createSessionMiddleware, createApiKeyMiddleware, mountAuthRoutes, } from './agentuity/server';
+export type { AuthMiddlewareOptions, ApiKeyMiddlewareOptions, AuthEnv, OtelSpansConfig, MountAuthRoutesOptions, } from './agentuity/server';
+export type { AuthContext, AuthOrgContext, AuthApiKeyContext, AuthApiKeyPermissions, AuthMethod, AuthOrgHelpers, AuthApiKeyHelpers, AuthInterface, AuthUser, AuthSession, } from './agentuity/types';
+export type { AgentuityAuth } from './types';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,YAAY,EAAE,iBAAiB,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAMH,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAC5F,YAAY,EACX,WAAW,EACX,YAAY,EACZ,QAAQ,EACR,mBAAmB,EACnB,sBAAsB,EACtB,gBAAgB,EAChB,aAAa,EACb,uBAAuB,GACvB,MAAM,oBAAoB,CAAC;AAM5B,OAAO,EACN,uBAAuB,EACvB,sBAAsB,EACtB,eAAe,GACf,MAAM,oBAAoB,CAAC;AAC5B,YAAY,EACX,qBAAqB,EACrB,uBAAuB,EACvB,OAAO,EACP,eAAe,EACf,sBAAsB,GACtB,MAAM,oBAAoB,CAAC;AAM5B,YAAY,EACX,WAAW,EACX,cAAc,EACd,iBAAiB,EACjB,qBAAqB,EACrB,UAAU,EACV,cAAc,EACd,iBAAiB,EACjB,aAAa,EACb,QAAQ,EACR,WAAW,GACX,MAAM,mBAAmB,CAAC;AAE3B,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC"}

package/dist/index.js

@@ -1,18 +1,43 @@
 /**
- * @agentuity/auth - Authentication helpers for identity providers
+ * @agentuity/auth - Authentication for Agentuity projects
  *
- * Currently supports Clerk, with more providers coming soon.
+ * Provides first-class authentication powered by BetterAuth.
  *
- * @example Clerk Integration
+ * This is the server-only entry point. For React components, import from '@agentuity/auth/react'.
+ *
+ * @example Server-side setup
  * ```typescript
- * // Client-side (React)
- * import { AgentuityClerk } from '@agentuity/auth/clerk';
+ * import { createAuth, createSessionMiddleware, mountAuthRoutes } from '@agentuity/auth';
+ *
+ * const auth = createAuth({
+ *   connectionString: process.env.DATABASE_URL,
+ * });
+ *
+ * api.on(['GET', 'POST'], '/api/auth/*', mountAuthRoutes(auth));
+ * api.use('/api/*', createSessionMiddleware(auth));
+ * ```
+ *
+ * @example Client-side setup
+ * ```tsx
+ * import { createAuthClient, AuthProvider } from '@agentuity/auth/react';
+ *
+ * const authClient = createAuthClient();
  *
- * // Server-side (Hono)
- * import { createMiddleware } from '@agentuity/auth/clerk';
+ * <AgentuityProvider>
+ *   <AuthProvider authClient={authClient}>
+ *     <App />
+ *   </AuthProvider>
+ * </AgentuityProvider>
  * ```
  *
  * @module @agentuity/auth
  */
-export {};
+// =============================================================================
+// Config
+// =============================================================================
+export { createAuth, getDefaultPlugins, DEFAULT_API_KEY_OPTIONS } from './agentuity/config';
+// =============================================================================
+// Server (Hono middleware and handlers)
+// =============================================================================
+export { createSessionMiddleware, createApiKeyMiddleware, mountAuthRoutes, } from './agentuity/server';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAEH,gFAAgF;AAChF,SAAS;AACT,gFAAgF;AAEhF,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAY5F,gFAAgF;AAChF,wCAAwC;AACxC,gFAAgF;AAEhF,OAAO,EACN,uBAAuB,EACvB,sBAAsB,EACtB,eAAe,GACf,MAAM,oBAAoB,CAAC"}