@archlast/client 0.0.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Archlast Team
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,60 @@
+# @archlast/client
+
+Archlast client SDK for React hooks, auth helpers, storage utilities, and tRPC client access.
+
+## Install
+
+```bash
+npm install @archlast/client
+```
+
+Peer dependencies (install in your app):
+
+```bash
+npm install react react-dom @tanstack/react-query
+```
+
+## Usage
+
+```ts
+import { ArchlastClient, ArchlastProvider, useQuery } from "@archlast/client";
+import { api } from "./_generated/api";
+
+const client = new ArchlastClient({ baseUrl: "http://localhost:4000" });
+
+function App() {
+  return (
+    <ArchlastProvider client={client}>
+      <TodoList />
+    </ArchlastProvider>
+  );
+}
+
+function TodoList() {
+  const tasks = useQuery(api.tasks.list, {});
+  return <pre>{JSON.stringify(tasks, null, 2)}</pre>;
+}
+```
+
+## Subpath exports
+
+- `@archlast/client/react`
+- `@archlast/client/trpc`
+- `@archlast/client/auth`
+- `@archlast/client/storage`
+- `@archlast/client/admin`
+
+## tRPC client
+
+```ts
+import { createArchlastTRPCClient } from "@archlast/client/trpc";
+import type { AppRouter } from "./_generated/rpc";
+
+const trpc = createArchlastTRPCClient<AppRouter>({
+  baseUrl: "http://localhost:4000",
+});
+```
+
+## Publishing (maintainers)
+
+See `docs/npm-publishing.md` for release and publish steps.

package/dist/admin/index.cjs

@@ -0,0 +1,93 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+
+// src/admin/index.ts
+var admin_exports = {};
+__export(admin_exports, {
+  AdminAuthClient: () => AdminAuthClient,
+  AdminClient: () => AdminClient
+});
+module.exports = __toCommonJS(admin_exports);
+var import_axios = __toESM(require("axios"), 1);
+var AdminAuthClient = class {
+  constructor(baseUrl, options) {
+    __publicField(this, "axios");
+    this.axios = import_axios.default.create({
+      baseURL: baseUrl,
+      withCredentials: !options?.apiKey,
+      headers: {
+        ...options?.apiKey ? { "x-api-key": options.apiKey } : {}
+      }
+    });
+  }
+  async signIn(email, password) {
+    const response = await this.axios.post("/_archlast/admin/auth/sign-in", {
+      email,
+      password
+    });
+    return response.data;
+  }
+  async signOut() {
+    const response = await this.axios.post("/_archlast/admin/auth/sign-out");
+    return response.data;
+  }
+  async getProfile() {
+    const response = await this.axios.get("/_archlast/admin/auth/me");
+    return response.data;
+  }
+  async getSessions() {
+    const response = await this.axios.get("/_archlast/admin/auth/sessions");
+    return response.data;
+  }
+  async revokeSession(sessionId) {
+    const response = await this.axios.post("/_archlast/admin/auth/revoke-session", {
+      sessionId
+    });
+    return response.data;
+  }
+  async signOutAll() {
+    const response = await this.axios.post("/_archlast/admin/auth/sign-out-all");
+    return response.data;
+  }
+};
+var AdminClient = class {
+  // Add other admin clients here (users, tenants, etc.)
+  constructor(baseUrl, options) {
+    __publicField(this, "auth");
+    this.auth = new AdminAuthClient(baseUrl, options);
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AdminAuthClient,
+  AdminClient
+});
+//# sourceMappingURL=index.cjs.map

package/dist/admin/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/admin/index.ts"],"sourcesContent":["import axios, { AxiosInstance } from \"axios\";\n\nexport type AdminSession = {\n    id: string;\n    userId: string;\n    createdAt: number;\n    lastAccess: number;\n    userAgent: string | null;\n    ipAddress: string | null;\n    current: boolean;\n};\n\nexport type AdminProfile = {\n    id: string;\n    email: string;\n    is_super_admin: boolean;\n    created_at: number;\n};\n\nexport type AdminClientOptions = {\n    /**\n     * Better-Auth API key for authentication\n     * When provided, uses x-api-key header instead of cookies\n     */\n    apiKey?: string;\n};\n\nexport class AdminAuthClient {\n    private readonly axios: AxiosInstance;\n\n    constructor(baseUrl: string, options?: AdminClientOptions) {\n        this.axios = axios.create({\n            baseURL: baseUrl,\n            withCredentials: !options?.apiKey,\n            headers: {\n                ...(options?.apiKey ? { \"x-api-key\": options.apiKey } : {}),\n            },\n        });\n    }\n\n    async signIn(\n        email: string,\n        password: string\n    ): Promise<{ success: boolean; user: AdminProfile }> {\n        const response = await this.axios.post(\"/_archlast/admin/auth/sign-in\", {\n            email,\n            password,\n        });\n        return response.data;\n    }\n\n    async signOut(): Promise<{ success: boolean }> {\n        const response = await this.axios.post(\"/_archlast/admin/auth/sign-out\");\n        return response.data;\n    }\n\n    async getProfile(): Promise<{ user: AdminProfile }> {\n        const response = await this.axios.get(\"/_archlast/admin/auth/me\");\n        return response.data;\n    }\n\n    async getSessions(): Promise<{ sessions: AdminSession[] }> {\n        const response = await this.axios.get(\"/_archlast/admin/auth/sessions\");\n        return response.data;\n    }\n\n    async revokeSession(sessionId: string): Promise<{ success: boolean }> {\n        const response = await this.axios.post(\"/_archlast/admin/auth/revoke-session\", {\n            sessionId,\n        });\n        return response.data;\n    }\n\n    async signOutAll(): Promise<{ success: boolean }> {\n        const response = await this.axios.post(\"/_archlast/admin/auth/sign-out-all\");\n        return response.data;\n    }\n}\n\nexport class AdminClient {\n    public auth: AdminAuthClient;\n    // Add other admin clients here (users, tenants, etc.)\n\n    constructor(baseUrl: string, options?: AdminClientOptions) {\n        this.auth = new AdminAuthClient(baseUrl, options);\n    }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,mBAAqC;AA2B9B,IAAM,kBAAN,MAAsB;AAAA,EAGzB,YAAY,SAAiB,SAA8B;AAF3D,wBAAiB;AAGb,SAAK,QAAQ,aAAAA,QAAM,OAAO;AAAA,MACtB,SAAS;AAAA,MACT,iBAAiB,CAAC,SAAS;AAAA,MAC3B,SAAS;AAAA,QACL,GAAI,SAAS,SAAS,EAAE,aAAa,QAAQ,OAAO,IAAI,CAAC;AAAA,MAC7D;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,OACF,OACA,UACiD;AACjD,UAAM,WAAW,MAAM,KAAK,MAAM,KAAK,iCAAiC;AAAA,MACpE;AAAA,MACA;AAAA,IACJ,CAAC;AACD,WAAO,SAAS;AAAA,EACpB;AAAA,EAEA,MAAM,UAAyC;AAC3C,UAAM,WAAW,MAAM,KAAK,MAAM,KAAK,gCAAgC;AACvE,WAAO,SAAS;AAAA,EACpB;AAAA,EAEA,MAAM,aAA8C;AAChD,UAAM,WAAW,MAAM,KAAK,MAAM,IAAI,0BAA0B;AAChE,WAAO,SAAS;AAAA,EACpB;AAAA,EAEA,MAAM,cAAqD;AACvD,UAAM,WAAW,MAAM,KAAK,MAAM,IAAI,gCAAgC;AACtE,WAAO,SAAS;AAAA,EACpB;AAAA,EAEA,MAAM,cAAc,WAAkD;AAClE,UAAM,WAAW,MAAM,KAAK,MAAM,KAAK,wCAAwC;AAAA,MAC3E;AAAA,IACJ,CAAC;AACD,WAAO,SAAS;AAAA,EACpB;AAAA,EAEA,MAAM,aAA4C;AAC9C,UAAM,WAAW,MAAM,KAAK,MAAM,KAAK,oCAAoC;AAC3E,WAAO,SAAS;AAAA,EACpB;AACJ;AAEO,IAAM,cAAN,MAAkB;AAAA;AAAA,EAIrB,YAAY,SAAiB,SAA8B;AAH3D,wBAAO;AAIH,SAAK,OAAO,IAAI,gBAAgB,SAAS,OAAO;AAAA,EACpD;AACJ;","names":["axios"]}

package/dist/admin/index.d.cts

@@ -0,0 +1,51 @@
+type AdminSession = {
+    id: string;
+    userId: string;
+    createdAt: number;
+    lastAccess: number;
+    userAgent: string | null;
+    ipAddress: string | null;
+    current: boolean;
+};
+type AdminProfile = {
+    id: string;
+    email: string;
+    is_super_admin: boolean;
+    created_at: number;
+};
+type AdminClientOptions = {
+    /**
+     * Better-Auth API key for authentication
+     * When provided, uses x-api-key header instead of cookies
+     */
+    apiKey?: string;
+};
+declare class AdminAuthClient {
+    private readonly axios;
+    constructor(baseUrl: string, options?: AdminClientOptions);
+    signIn(email: string, password: string): Promise<{
+        success: boolean;
+        user: AdminProfile;
+    }>;
+    signOut(): Promise<{
+        success: boolean;
+    }>;
+    getProfile(): Promise<{
+        user: AdminProfile;
+    }>;
+    getSessions(): Promise<{
+        sessions: AdminSession[];
+    }>;
+    revokeSession(sessionId: string): Promise<{
+        success: boolean;
+    }>;
+    signOutAll(): Promise<{
+        success: boolean;
+    }>;
+}
+declare class AdminClient {
+    auth: AdminAuthClient;
+    constructor(baseUrl: string, options?: AdminClientOptions);
+}
+
+export { AdminAuthClient, AdminClient, type AdminClientOptions, type AdminProfile, type AdminSession };

package/dist/admin/index.d.ts

@@ -0,0 +1,51 @@
+type AdminSession = {
+    id: string;
+    userId: string;
+    createdAt: number;
+    lastAccess: number;
+    userAgent: string | null;
+    ipAddress: string | null;
+    current: boolean;
+};
+type AdminProfile = {
+    id: string;
+    email: string;
+    is_super_admin: boolean;
+    created_at: number;
+};
+type AdminClientOptions = {
+    /**
+     * Better-Auth API key for authentication
+     * When provided, uses x-api-key header instead of cookies
+     */
+    apiKey?: string;
+};
+declare class AdminAuthClient {
+    private readonly axios;
+    constructor(baseUrl: string, options?: AdminClientOptions);
+    signIn(email: string, password: string): Promise<{
+        success: boolean;
+        user: AdminProfile;
+    }>;
+    signOut(): Promise<{
+        success: boolean;
+    }>;
+    getProfile(): Promise<{
+        user: AdminProfile;
+    }>;
+    getSessions(): Promise<{
+        sessions: AdminSession[];
+    }>;
+    revokeSession(sessionId: string): Promise<{
+        success: boolean;
+    }>;
+    signOutAll(): Promise<{
+        success: boolean;
+    }>;
+}
+declare class AdminClient {
+    auth: AdminAuthClient;
+    constructor(baseUrl: string, options?: AdminClientOptions);
+}
+
+export { AdminAuthClient, AdminClient, type AdminClientOptions, type AdminProfile, type AdminSession };

package/dist/admin/index.js

@@ -0,0 +1,59 @@
+var __defProp = Object.defineProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+
+// src/admin/index.ts
+import axios from "axios";
+var AdminAuthClient = class {
+  constructor(baseUrl, options) {
+    __publicField(this, "axios");
+    this.axios = axios.create({
+      baseURL: baseUrl,
+      withCredentials: !options?.apiKey,
+      headers: {
+        ...options?.apiKey ? { "x-api-key": options.apiKey } : {}
+      }
+    });
+  }
+  async signIn(email, password) {
+    const response = await this.axios.post("/_archlast/admin/auth/sign-in", {
+      email,
+      password
+    });
+    return response.data;
+  }
+  async signOut() {
+    const response = await this.axios.post("/_archlast/admin/auth/sign-out");
+    return response.data;
+  }
+  async getProfile() {
+    const response = await this.axios.get("/_archlast/admin/auth/me");
+    return response.data;
+  }
+  async getSessions() {
+    const response = await this.axios.get("/_archlast/admin/auth/sessions");
+    return response.data;
+  }
+  async revokeSession(sessionId) {
+    const response = await this.axios.post("/_archlast/admin/auth/revoke-session", {
+      sessionId
+    });
+    return response.data;
+  }
+  async signOutAll() {
+    const response = await this.axios.post("/_archlast/admin/auth/sign-out-all");
+    return response.data;
+  }
+};
+var AdminClient = class {
+  // Add other admin clients here (users, tenants, etc.)
+  constructor(baseUrl, options) {
+    __publicField(this, "auth");
+    this.auth = new AdminAuthClient(baseUrl, options);
+  }
+};
+export {
+  AdminAuthClient,
+  AdminClient
+};
+//# sourceMappingURL=index.js.map

package/dist/admin/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/admin/index.ts"],"sourcesContent":["import axios, { AxiosInstance } from \"axios\";\n\nexport type AdminSession = {\n    id: string;\n    userId: string;\n    createdAt: number;\n    lastAccess: number;\n    userAgent: string | null;\n    ipAddress: string | null;\n    current: boolean;\n};\n\nexport type AdminProfile = {\n    id: string;\n    email: string;\n    is_super_admin: boolean;\n    created_at: number;\n};\n\nexport type AdminClientOptions = {\n    /**\n     * Better-Auth API key for authentication\n     * When provided, uses x-api-key header instead of cookies\n     */\n    apiKey?: string;\n};\n\nexport class AdminAuthClient {\n    private readonly axios: AxiosInstance;\n\n    constructor(baseUrl: string, options?: AdminClientOptions) {\n        this.axios = axios.create({\n            baseURL: baseUrl,\n            withCredentials: !options?.apiKey,\n            headers: {\n                ...(options?.apiKey ? { \"x-api-key\": options.apiKey } : {}),\n            },\n        });\n    }\n\n    async signIn(\n        email: string,\n        password: string\n    ): Promise<{ success: boolean; user: AdminProfile }> {\n        const response = await this.axios.post(\"/_archlast/admin/auth/sign-in\", {\n            email,\n            password,\n        });\n        return response.data;\n    }\n\n    async signOut(): Promise<{ success: boolean }> {\n        const response = await this.axios.post(\"/_archlast/admin/auth/sign-out\");\n        return response.data;\n    }\n\n    async getProfile(): Promise<{ user: AdminProfile }> {\n        const response = await this.axios.get(\"/_archlast/admin/auth/me\");\n        return response.data;\n    }\n\n    async getSessions(): Promise<{ sessions: AdminSession[] }> {\n        const response = await this.axios.get(\"/_archlast/admin/auth/sessions\");\n        return response.data;\n    }\n\n    async revokeSession(sessionId: string): Promise<{ success: boolean }> {\n        const response = await this.axios.post(\"/_archlast/admin/auth/revoke-session\", {\n            sessionId,\n        });\n        return response.data;\n    }\n\n    async signOutAll(): Promise<{ success: boolean }> {\n        const response = await this.axios.post(\"/_archlast/admin/auth/sign-out-all\");\n        return response.data;\n    }\n}\n\nexport class AdminClient {\n    public auth: AdminAuthClient;\n    // Add other admin clients here (users, tenants, etc.)\n\n    constructor(baseUrl: string, options?: AdminClientOptions) {\n        this.auth = new AdminAuthClient(baseUrl, options);\n    }\n}\n"],"mappings":";;;;;AAAA,OAAO,WAA8B;AA2B9B,IAAM,kBAAN,MAAsB;AAAA,EAGzB,YAAY,SAAiB,SAA8B;AAF3D,wBAAiB;AAGb,SAAK,QAAQ,MAAM,OAAO;AAAA,MACtB,SAAS;AAAA,MACT,iBAAiB,CAAC,SAAS;AAAA,MAC3B,SAAS;AAAA,QACL,GAAI,SAAS,SAAS,EAAE,aAAa,QAAQ,OAAO,IAAI,CAAC;AAAA,MAC7D;AAAA,IACJ,CAAC;AAAA,EACL;AAAA,EAEA,MAAM,OACF,OACA,UACiD;AACjD,UAAM,WAAW,MAAM,KAAK,MAAM,KAAK,iCAAiC;AAAA,MACpE;AAAA,MACA;AAAA,IACJ,CAAC;AACD,WAAO,SAAS;AAAA,EACpB;AAAA,EAEA,MAAM,UAAyC;AAC3C,UAAM,WAAW,MAAM,KAAK,MAAM,KAAK,gCAAgC;AACvE,WAAO,SAAS;AAAA,EACpB;AAAA,EAEA,MAAM,aAA8C;AAChD,UAAM,WAAW,MAAM,KAAK,MAAM,IAAI,0BAA0B;AAChE,WAAO,SAAS;AAAA,EACpB;AAAA,EAEA,MAAM,cAAqD;AACvD,UAAM,WAAW,MAAM,KAAK,MAAM,IAAI,gCAAgC;AACtE,WAAO,SAAS;AAAA,EACpB;AAAA,EAEA,MAAM,cAAc,WAAkD;AAClE,UAAM,WAAW,MAAM,KAAK,MAAM,KAAK,wCAAwC;AAAA,MAC3E;AAAA,IACJ,CAAC;AACD,WAAO,SAAS;AAAA,EACpB;AAAA,EAEA,MAAM,aAA4C;AAC9C,UAAM,WAAW,MAAM,KAAK,MAAM,KAAK,oCAAoC;AAC3E,WAAO,SAAS;AAAA,EACpB;AACJ;AAEO,IAAM,cAAN,MAAkB;AAAA;AAAA,EAIrB,YAAY,SAAiB,SAA8B;AAH3D,wBAAO;AAIH,SAAK,OAAO,IAAI,gBAAgB,SAAS,OAAO;AAAA,EACpD;AACJ;","names":[]}

package/dist/auth/index.cjs

@@ -0,0 +1,174 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+
+// src/auth/index.ts
+var auth_exports = {};
+__export(auth_exports, {
+  ArchlastAuthClient: () => ArchlastAuthClient,
+  default: () => auth_default
+});
+module.exports = __toCommonJS(auth_exports);
+var import_axios = __toESM(require("axios"), 1);
+function resolveBaseUrl(explicit) {
+  if (explicit && explicit.trim()) return explicit.replace(/\/+$/, "");
+  if (typeof window !== "undefined" && window.location?.origin) return window.location.origin;
+  return "";
+}
+var ArchlastAuthClient = class {
+  constructor(options = {}) {
+    __publicField(this, "baseUrl");
+    __publicField(this, "axios");
+    __publicField(this, "appId");
+    __publicField(this, "apiKey");
+    this.baseUrl = resolveBaseUrl(options.baseUrl);
+    this.appId = options.appId;
+    this.apiKey = options.apiKey;
+    this.axios = import_axios.default.create({
+      baseURL: this.baseUrl,
+      withCredentials: !options.apiKey,
+      // Only use cookies if no API key
+      headers: {
+        "content-type": "application/json",
+        ...this.appId ? { "x-archlast-app-id": this.appId } : {},
+        ...options.apiKey ? { "x-api-key": options.apiKey } : {}
+      }
+    });
+  }
+  /**
+   * Get current authentication state
+   * Uses Better-Auth's getSession endpoint
+   */
+  async getState() {
+    try {
+      const response = await this.axios.get("/api/auth/get-session");
+      const { user, session } = response.data;
+      return {
+        user,
+        session,
+        isAuthenticated: !!user
+      };
+    } catch (error) {
+      return {
+        user: null,
+        session: null,
+        isAuthenticated: false
+      };
+    }
+  }
+  /**
+   * Sign up new user
+   * Uses Better-Auth's email signUp endpoint
+   */
+  async signUp(input) {
+    const response = await this.axios.post("/api/auth/sign-up/email", {
+      email: input.email,
+      password: input.password,
+      name: input.name,
+      username: input.username
+    });
+    return {
+      user: response.data.user,
+      session: null,
+      // Session is managed via cookies
+      isAuthenticated: !!response.data.user
+    };
+  }
+  /**
+   * Sign in with email/username and password
+   * Uses Better-Auth's credential sign-in endpoint
+   */
+  async signIn(input) {
+    if (!input.email && !input.username) {
+      throw new Error("Either email or username is required");
+    }
+    const response = await this.axios.post("/api/auth/sign-in/email", {
+      email: input.email,
+      username: input.username,
+      password: input.password
+    });
+    return {
+      user: response.data.user,
+      session: null,
+      // Session is managed via cookies
+      isAuthenticated: !!response.data.user
+    };
+  }
+  /**
+   * Sign out and revoke session
+   * Uses Better-Auth's sign-out endpoint
+   */
+  async signOut() {
+    const response = await this.axios.post(
+      "/api/auth/sign-out",
+      {},
+      { withCredentials: true }
+    );
+    return response.data;
+  }
+  /**
+   * Request password reset email
+   * Uses Better-Auth's password reset flow
+   */
+  async requestPasswordReset(email, callbackURL) {
+    const response = await this.axios.post("/api/auth/forgot-password", {
+      email,
+      redirectTo: callbackURL
+    });
+    return response.data;
+  }
+  /**
+   * Reset password with token
+   * Uses Better-Auth's reset password endpoint
+   */
+  async resetPassword(token, password) {
+    const response = await this.axios.post("/api/auth/reset-password", {
+      token,
+      password
+    });
+    return response.data;
+  }
+  /**
+   * Verify email with token
+   * Uses Better-Auth's email verification endpoint
+   */
+  async verifyEmail(token) {
+    const response = await this.axios.post("/api/auth/verify-email", {
+      token
+    });
+    return response.data;
+  }
+};
+var auth_default = ArchlastAuthClient;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ArchlastAuthClient
+});
+//# sourceMappingURL=index.cjs.map

package/dist/auth/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/auth/index.ts"],"sourcesContent":["/**\n * Client-side auth API wrapper for Archlast.\n *\n * This now uses Better-Auth endpoints via the proxy:\n * - GET  /api/auth/get-session\n * - POST /api/auth/sign-up\n * - POST /api/auth/sign-in\n * - POST /api/auth/sign-out\n *\n * Migration from legacy /_auth/* endpoints:\n * - /_auth/state → /api/auth/get-session\n * - /_auth/sign-up → /api/auth/sign-up (email)\n * - /_auth/sign-in → /api/auth/sign-in (email)\n * - /_auth/sign-out → /api/auth/sign-out\n *\n * Notes:\n * - Uses cookie-based sessions by default (credentials: \"include\").\n * - For programmatic access, use Better-Auth API keys (arch_* prefix) via x-api-key header.\n * - Better-Auth supports username, OAuth, magic link, and more.\n */\n\nimport axios, { type AxiosInstance } from \"axios\";\n\nexport type AuthUser = {\n    id: string;\n    email: string;\n    emailVerified: boolean;\n    name?: string;\n    image?: string;\n    createdAt?: Date;\n    updatedAt?: Date;\n    role?: string;\n    banned?: boolean;\n};\n\nexport type AuthSession = {\n    token: string;\n    expiresAt: Date;\n    userId: string;\n    ipAddress?: string;\n    userAgent?: string;\n};\n\nexport type AuthState = {\n    user: AuthUser | null;\n    session: AuthSession | null;\n    isAuthenticated: boolean;\n};\n\nexport type SignUpInput = {\n    email: string;\n    password: string;\n    name?: string;\n    username?: string;\n};\n\nexport type SignInInput = {\n    email?: string;\n    username?: string;\n    password: string;\n};\n\nexport type ArchlastAuthClientOptions = {\n    /**\n     * Base URL for the Archlast server.\n     * Example: \"http://localhost:4000\"\n     *\n     * If omitted, it will default to:\n     * - window.location.origin in the browser\n     * - \"\" in non-browser contexts\n     */\n    baseUrl?: string;\n\n    /**\n     * App ID for session isolation (e.g. \"web\", \"admin\").\n     * When set, adds x-archlast-app-id header.\n     */\n    appId?: string;\n\n    /**\n     * Better-Auth API key for authentication.\n     * When provided, uses x-api-key header instead of cookies.\n     */\n    apiKey?: string;\n};\n\nfunction resolveBaseUrl(explicit?: string): string {\n    if (explicit && explicit.trim()) return explicit.replace(/\\/+$/, \"\");\n    if (typeof window !== \"undefined\" && window.location?.origin) return window.location.origin;\n    return \"\";\n}\n\nexport class ArchlastAuthClient {\n    private readonly baseUrl: string;\n    private readonly axios: AxiosInstance;\n    private readonly appId?: string;\n    private readonly apiKey?: string;\n\n    constructor(options: ArchlastAuthClientOptions = {}) {\n        this.baseUrl = resolveBaseUrl(options.baseUrl);\n        this.appId = options.appId;\n        this.apiKey = options.apiKey;\n        this.axios = axios.create({\n            baseURL: this.baseUrl,\n            withCredentials: !options.apiKey, // Only use cookies if no API key\n            headers: {\n                \"content-type\": \"application/json\",\n                ...(this.appId ? { \"x-archlast-app-id\": this.appId } : {}),\n                ...(options.apiKey ? { \"x-api-key\": options.apiKey } : {}),\n            },\n        });\n    }\n\n    /**\n     * Get current authentication state\n     * Uses Better-Auth's getSession endpoint\n     */\n    async getState(): Promise<AuthState> {\n        try {\n            const response = await this.axios.get<{\n                user: AuthUser | null;\n                session: AuthSession | null;\n            }>(\"/api/auth/get-session\");\n\n            const { user, session } = response.data;\n\n            return {\n                user,\n                session,\n                isAuthenticated: !!user,\n            };\n        } catch (error) {\n            // Return unauthenticated state on error\n            return {\n                user: null,\n                session: null,\n                isAuthenticated: false,\n            };\n        }\n    }\n\n    /**\n     * Sign up new user\n     * Uses Better-Auth's email signUp endpoint\n     */\n    async signUp(input: SignUpInput): Promise<AuthState> {\n        const response = await this.axios.post<{ user: AuthUser }>(\"/api/auth/sign-up/email\", {\n            email: input.email,\n            password: input.password,\n            name: input.name,\n            username: input.username,\n        });\n\n        return {\n            user: response.data.user,\n            session: null, // Session is managed via cookies\n            isAuthenticated: !!response.data.user,\n        };\n    }\n\n    /**\n     * Sign in with email/username and password\n     * Uses Better-Auth's credential sign-in endpoint\n     */\n    async signIn(input: SignInInput): Promise<AuthState> {\n        // Support email or username sign-in\n        if (!input.email && !input.username) {\n            throw new Error(\"Either email or username is required\");\n        }\n\n        const response = await this.axios.post<{ user: AuthUser }>(\"/api/auth/sign-in/email\", {\n            email: input.email,\n            username: input.username,\n            password: input.password,\n        });\n\n        return {\n            user: response.data.user,\n            session: null, // Session is managed via cookies\n            isAuthenticated: !!response.data.user,\n        };\n    }\n\n    /**\n     * Sign out and revoke session\n     * Uses Better-Auth's sign-out endpoint\n     */\n    async signOut(): Promise<{ success: boolean }> {\n        const response = await this.axios.post<{ success: boolean }>(\n            \"/api/auth/sign-out\",\n            {},\n            { withCredentials: true }\n        );\n\n        return response.data;\n    }\n\n    /**\n     * Request password reset email\n     * Uses Better-Auth's password reset flow\n     */\n    async requestPasswordReset(email: string, callbackURL?: string): Promise<{ success: boolean }> {\n        const response = await this.axios.post<{ success: boolean }>(\"/api/auth/forgot-password\", {\n            email,\n            redirectTo: callbackURL,\n        });\n\n        return response.data;\n    }\n\n    /**\n     * Reset password with token\n     * Uses Better-Auth's reset password endpoint\n     */\n    async resetPassword(token: string, password: string): Promise<{ success: boolean }> {\n        const response = await this.axios.post<{ success: boolean }>(\"/api/auth/reset-password\", {\n            token,\n            password,\n        });\n\n        return response.data;\n    }\n\n    /**\n     * Verify email with token\n     * Uses Better-Auth's email verification endpoint\n     */\n    async verifyEmail(token: string): Promise<{ success: boolean; user?: AuthUser }> {\n        const response = await this.axios.post<{ success: boolean; user?: AuthUser }>(\"/api/auth/verify-email\", {\n            token,\n        });\n\n        return response.data;\n    }\n}\n\n/**\n * Default export for backward compatibility\n */\nexport default ArchlastAuthClient;\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAqBA,mBAA0C;AAiE1C,SAAS,eAAe,UAA2B;AAC/C,MAAI,YAAY,SAAS,KAAK,EAAG,QAAO,SAAS,QAAQ,QAAQ,EAAE;AACnE,MAAI,OAAO,WAAW,eAAe,OAAO,UAAU,OAAQ,QAAO,OAAO,SAAS;AACrF,SAAO;AACX;AAEO,IAAM,qBAAN,MAAyB;AAAA,EAM5B,YAAY,UAAqC,CAAC,GAAG;AALrD,wBAAiB;AACjB,wBAAiB;AACjB,wBAAiB;AACjB,wBAAiB;AAGb,SAAK,UAAU,eAAe,QAAQ,OAAO;AAC7C,SAAK,QAAQ,QAAQ;AACrB,SAAK,SAAS,QAAQ;AACtB,SAAK,QAAQ,aAAAA,QAAM,OAAO;AAAA,MACtB,SAAS,KAAK;AAAA,MACd,iBAAiB,CAAC,QAAQ;AAAA;AAAA,MAC1B,SAAS;AAAA,QACL,gBAAgB;AAAA,QAChB,GAAI,KAAK,QAAQ,EAAE,qBAAqB,KAAK,MAAM,IAAI,CAAC;AAAA,QACxD,GAAI,QAAQ,SAAS,EAAE,aAAa,QAAQ,OAAO,IAAI,CAAC;AAAA,MAC5D;AAAA,IACJ,CAAC;AAAA,EACL;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,WAA+B;AACjC,QAAI;AACA,YAAM,WAAW,MAAM,KAAK,MAAM,IAG/B,uBAAuB;AAE1B,YAAM,EAAE,MAAM,QAAQ,IAAI,SAAS;AAEnC,aAAO;AAAA,QACH;AAAA,QACA;AAAA,QACA,iBAAiB,CAAC,CAAC;AAAA,MACvB;AAAA,IACJ,SAAS,OAAO;AAEZ,aAAO;AAAA,QACH,MAAM;AAAA,QACN,SAAS;AAAA,QACT,iBAAiB;AAAA,MACrB;AAAA,IACJ;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,OAAO,OAAwC;AACjD,UAAM,WAAW,MAAM,KAAK,MAAM,KAAyB,2BAA2B;AAAA,MAClF,OAAO,MAAM;AAAA,MACb,UAAU,MAAM;AAAA,MAChB,MAAM,MAAM;AAAA,MACZ,UAAU,MAAM;AAAA,IACpB,CAAC;AAED,WAAO;AAAA,MACH,MAAM,SAAS,KAAK;AAAA,MACpB,SAAS;AAAA;AAAA,MACT,iBAAiB,CAAC,CAAC,SAAS,KAAK;AAAA,IACrC;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,OAAO,OAAwC;AAEjD,QAAI,CAAC,MAAM,SAAS,CAAC,MAAM,UAAU;AACjC,YAAM,IAAI,MAAM,sCAAsC;AAAA,IAC1D;AAEA,UAAM,WAAW,MAAM,KAAK,MAAM,KAAyB,2BAA2B;AAAA,MAClF,OAAO,MAAM;AAAA,MACb,UAAU,MAAM;AAAA,MAChB,UAAU,MAAM;AAAA,IACpB,CAAC;AAED,WAAO;AAAA,MACH,MAAM,SAAS,KAAK;AAAA,MACpB,SAAS;AAAA;AAAA,MACT,iBAAiB,CAAC,CAAC,SAAS,KAAK;AAAA,IACrC;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,UAAyC;AAC3C,UAAM,WAAW,MAAM,KAAK,MAAM;AAAA,MAC9B;AAAA,MACA,CAAC;AAAA,MACD,EAAE,iBAAiB,KAAK;AAAA,IAC5B;AAEA,WAAO,SAAS;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,qBAAqB,OAAe,aAAqD;AAC3F,UAAM,WAAW,MAAM,KAAK,MAAM,KAA2B,6BAA6B;AAAA,MACtF;AAAA,MACA,YAAY;AAAA,IAChB,CAAC;AAED,WAAO,SAAS;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,cAAc,OAAe,UAAiD;AAChF,UAAM,WAAW,MAAM,KAAK,MAAM,KAA2B,4BAA4B;AAAA,MACrF;AAAA,MACA;AAAA,IACJ,CAAC;AAED,WAAO,SAAS;AAAA,EACpB;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,YAAY,OAA+D;AAC7E,UAAM,WAAW,MAAM,KAAK,MAAM,KAA4C,0BAA0B;AAAA,MACpG;AAAA,IACJ,CAAC;AAED,WAAO,SAAS;AAAA,EACpB;AACJ;AAKA,IAAO,eAAQ;","names":["axios"]}

package/dist/auth/index.d.cts

@@ -0,0 +1,128 @@
+/**
+ * Client-side auth API wrapper for Archlast.
+ *
+ * This now uses Better-Auth endpoints via the proxy:
+ * - GET  /api/auth/get-session
+ * - POST /api/auth/sign-up
+ * - POST /api/auth/sign-in
+ * - POST /api/auth/sign-out
+ *
+ * Migration from legacy /_auth/* endpoints:
+ * - /_auth/state → /api/auth/get-session
+ * - /_auth/sign-up → /api/auth/sign-up (email)
+ * - /_auth/sign-in → /api/auth/sign-in (email)
+ * - /_auth/sign-out → /api/auth/sign-out
+ *
+ * Notes:
+ * - Uses cookie-based sessions by default (credentials: "include").
+ * - For programmatic access, use Better-Auth API keys (arch_* prefix) via x-api-key header.
+ * - Better-Auth supports username, OAuth, magic link, and more.
+ */
+type AuthUser = {
+    id: string;
+    email: string;
+    emailVerified: boolean;
+    name?: string;
+    image?: string;
+    createdAt?: Date;
+    updatedAt?: Date;
+    role?: string;
+    banned?: boolean;
+};
+type AuthSession = {
+    token: string;
+    expiresAt: Date;
+    userId: string;
+    ipAddress?: string;
+    userAgent?: string;
+};
+type AuthState = {
+    user: AuthUser | null;
+    session: AuthSession | null;
+    isAuthenticated: boolean;
+};
+type SignUpInput = {
+    email: string;
+    password: string;
+    name?: string;
+    username?: string;
+};
+type SignInInput = {
+    email?: string;
+    username?: string;
+    password: string;
+};
+type ArchlastAuthClientOptions = {
+    /**
+     * Base URL for the Archlast server.
+     * Example: "http://localhost:4000"
+     *
+     * If omitted, it will default to:
+     * - window.location.origin in the browser
+     * - "" in non-browser contexts
+     */
+    baseUrl?: string;
+    /**
+     * App ID for session isolation (e.g. "web", "admin").
+     * When set, adds x-archlast-app-id header.
+     */
+    appId?: string;
+    /**
+     * Better-Auth API key for authentication.
+     * When provided, uses x-api-key header instead of cookies.
+     */
+    apiKey?: string;
+};
+declare class ArchlastAuthClient {
+    private readonly baseUrl;
+    private readonly axios;
+    private readonly appId?;
+    private readonly apiKey?;
+    constructor(options?: ArchlastAuthClientOptions);
+    /**
+     * Get current authentication state
+     * Uses Better-Auth's getSession endpoint
+     */
+    getState(): Promise<AuthState>;
+    /**
+     * Sign up new user
+     * Uses Better-Auth's email signUp endpoint
+     */
+    signUp(input: SignUpInput): Promise<AuthState>;
+    /**
+     * Sign in with email/username and password
+     * Uses Better-Auth's credential sign-in endpoint
+     */
+    signIn(input: SignInInput): Promise<AuthState>;
+    /**
+     * Sign out and revoke session
+     * Uses Better-Auth's sign-out endpoint
+     */
+    signOut(): Promise<{
+        success: boolean;
+    }>;
+    /**
+     * Request password reset email
+     * Uses Better-Auth's password reset flow
+     */
+    requestPasswordReset(email: string, callbackURL?: string): Promise<{
+        success: boolean;
+    }>;
+    /**
+     * Reset password with token
+     * Uses Better-Auth's reset password endpoint
+     */
+    resetPassword(token: string, password: string): Promise<{
+        success: boolean;
+    }>;
+    /**
+     * Verify email with token
+     * Uses Better-Auth's email verification endpoint
+     */
+    verifyEmail(token: string): Promise<{
+        success: boolean;
+        user?: AuthUser;
+    }>;
+}
+
+export { ArchlastAuthClient, type ArchlastAuthClientOptions, type AuthSession, type AuthState, type AuthUser, type SignInInput, type SignUpInput, ArchlastAuthClient as default };