@archlast/server 0.0.1

package/dist/admin/seed.js

@@ -0,0 +1,276 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.seedAdminUser = seedAdminUser;
+const logger_js_1 = require("../logging/logger.js");
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const crypto_js_1 = require("../auth/system/crypto.js");
+const schema_js_1 = require("./schema.js");
+/**
+ * Write admin token to env files
+ * - apps/archlast/.env.local: For CLI authentication (ARCHLAST_ADMIN_TOKEN)
+ * - apps/web/.env.local: For web client authentication (NEXT_PUBLIC_ARCHLAST_ADMIN_TOKEN)
+ */
+async function writeAdminTokenToAppEnv(token) {
+    try {
+        const repoRoot = path.resolve(process.cwd(), "../..");
+        // Write to apps/archlast/.env.local for CLI
+        const archlastDir = path.join(repoRoot, "apps", "archlast");
+        const archlastEnvPath = path.join(archlastDir, ".env.local");
+        if (!fs.existsSync(archlastDir)) {
+            fs.mkdirSync(archlastDir, { recursive: true });
+        }
+        let archlastContent = "";
+        if (fs.existsSync(archlastEnvPath)) {
+            archlastContent = fs.readFileSync(archlastEnvPath, "utf-8");
+        }
+        const archlastLines = archlastContent.split("\n");
+        const archlastTokenLine = `ARCHLAST_ADMIN_TOKEN="${token}"`;
+        let newArchlastLines = [];
+        let archlastTokenFound = false;
+        for (const line of archlastLines) {
+            if (line.startsWith("ARCHLAST_ADMIN_TOKEN=")) {
+                newArchlastLines.push(archlastTokenLine);
+                archlastTokenFound = true;
+            }
+            else if (line.trim() !== "") {
+                newArchlastLines.push(line);
+            }
+        }
+        if (!archlastTokenFound) {
+            newArchlastLines.push(archlastTokenLine);
+        }
+        const archlastHeader = `# Archlast CLI Authentication
+# This file is auto-generated during admin user seeding
+# The token is used by the CLI to authenticate with the server
+
+`;
+        fs.writeFileSync(archlastEnvPath, archlastHeader + newArchlastLines.join("\n") + "\n", "utf-8");
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "info",
+            kind: "system",
+            message: `[Admin Seed] ✓ Admin token written to ${archlastEnvPath}`,
+        });
+        // Write to apps/web/.env.local for web client
+        const webDir = path.join(repoRoot, "apps", "web");
+        const webEnvPath = path.join(webDir, ".env.local");
+        if (!fs.existsSync(webDir)) {
+            fs.mkdirSync(webDir, { recursive: true });
+        }
+        let webContent = "";
+        if (fs.existsSync(webEnvPath)) {
+            webContent = fs.readFileSync(webEnvPath, "utf-8");
+        }
+        const webLines = webContent.split("\n");
+        const webTokenLine = `NEXT_PUBLIC_ARCHLAST_ADMIN_TOKEN="${token}"`;
+        let newWebLines = [];
+        let webTokenFound = false;
+        for (const line of webLines) {
+            if (line.startsWith("NEXT_PUBLIC_ARCHLAST_ADMIN_TOKEN=")) {
+                newWebLines.push(webTokenLine);
+                webTokenFound = true;
+            }
+            else if (line.trim() !== "") {
+                newWebLines.push(line);
+            }
+        }
+        if (!webTokenFound) {
+            newWebLines.push(webTokenLine);
+        }
+        fs.writeFileSync(webEnvPath, newWebLines.join("\n") + "\n", "utf-8");
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "info",
+            kind: "system",
+            message: `[Admin Seed] ✓ Admin token written to ${webEnvPath}`,
+        });
+    }
+    catch (err) {
+        // Don't fail the seed if we can't write the token
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "warn",
+            kind: "system",
+            message: "[Admin Seed] Could not write admin token to app .env.local files",
+            context: { error: err instanceof Error ? err.message : String(err) },
+        });
+    }
+}
+/**
+ * Seed the first admin user from environment variables
+ *
+ * Only runs if no admin users exist and ARCHLAST_ADMIN_USERNAME/PASSWORD are set.
+ * In production, use the provisioning endpoint or setup flow instead.
+ */
+async function seedAdminUser(db) {
+    try {
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "info",
+            kind: "system",
+            message: "[Admin Seed] Checking if admin users exist...",
+        });
+        // Check if admin users already exist
+        if (await (0, schema_js_1.hasAnyAdminUsers)(db)) {
+            logger_js_1.logger.log({
+                timestamp: Date.now(),
+                level: "info",
+                kind: "system",
+                message: "[Admin Seed] ✓ Admin user already exists. Skipping seed.",
+            });
+            return;
+        }
+        // Read from environment variables
+        const username = process.env.ARCHLAST_ADMIN_USERNAME;
+        const password = process.env.ARCHLAST_ADMIN_PASSWORD;
+        if (!username || !password) {
+            logger_js_1.logger.log({
+                timestamp: Date.now(),
+                level: "warn",
+                kind: "system",
+                message: "[Admin Seed] Skipping seed - no ARCHLAST_ADMIN_USERNAME/PASSWORD set. Use the provisioning endpoint or setup flow to create the first admin user.",
+            });
+            return;
+        }
+        // Validate username format
+        const normalizedUsername = (0, schema_js_1.normalizeUsername)(username);
+        if (!(0, schema_js_1.isValidUsername)(normalizedUsername)) {
+            logger_js_1.logger.log({
+                timestamp: Date.now(),
+                level: "error",
+                kind: "system",
+                message: "[Admin Seed] Invalid ARCHLAST_ADMIN_USERNAME. Must be 3-32 characters, alphanumeric and underscore only.",
+            });
+            return;
+        }
+        // Validate password length
+        if (password.length < 8) {
+            logger_js_1.logger.log({
+                timestamp: Date.now(),
+                level: "error",
+                kind: "system",
+                message: "[Admin Seed] Invalid ARCHLAST_ADMIN_PASSWORD. Must be at least 8 characters.",
+            });
+            return;
+        }
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "info",
+            kind: "system",
+            message: "[Admin Seed] Creating first admin user from environment...",
+        });
+        // Hash the password
+        const passwordHash = await (0, crypto_js_1.hashPassword)(password);
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "info",
+            kind: "system",
+            message: `[Admin Seed] Password hash generated (length: ${passwordHash.length})`,
+        });
+        // Create the first admin user
+        const user = await (0, schema_js_1.createFirstAdminUser)(db, normalizedUsername, passwordHash);
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "info",
+            kind: "system",
+            message: "[Admin Seed] ✓ Admin user created successfully!",
+        });
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "info",
+            kind: "system",
+            message: `[Admin Seed]   Username: ${user.username}`,
+        });
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "info",
+            kind: "system",
+            message: `[Admin Seed]   ID: ${user._id}`,
+        });
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "info",
+            kind: "system",
+            message: `[Admin Seed]   Super Admin: ${user.is_super_admin ? "Yes" : "No"}`,
+        });
+        // Create an admin token for CLI authentication
+        const adminToken = await (0, schema_js_1.createAdminToken)(db, "CLI Development Token", user._id, null);
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "info",
+            kind: "system",
+            message: `[Admin Seed] ✓ Admin token created: ${adminToken.token}`,
+        });
+        // Write the token to apps/archlast/.env.local for CLI use
+        await writeAdminTokenToAppEnv(adminToken.token);
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "info",
+            kind: "system",
+            message: "",
+        });
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "info",
+            kind: "system",
+            message: "Login credentials:",
+        });
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "info",
+            kind: "system",
+            message: `  Username: ${normalizedUsername}`,
+        });
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "info",
+            kind: "system",
+            message: `  Password: ${password}`,
+        });
+    }
+    catch (error) {
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "error",
+            kind: "system",
+            message: "Failed to seed admin user:",
+            context: { error },
+        });
+        throw error;
+    }
+}
+//# sourceMappingURL=seed.js.map

package/dist/admin/seed.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"seed.js","sourceRoot":"","sources":["../../src/admin/seed.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA2HA,sCAsJC;AAhRD,oDAA8C;AAC9C,uCAAyB;AACzB,2CAA6B;AAE7B,wDAAwD;AACxD,2CAMqB;AAErB;;;;GAIG;AACH,KAAK,UAAU,uBAAuB,CAAC,KAAa;IAChD,IAAI,CAAC;QACD,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,CAAC;QAEtD,4CAA4C;QAC5C,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,CAAC,CAAC;QAC5D,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC;QAE7D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC9B,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,eAAe,GAAG,EAAE,CAAC;QACzB,IAAI,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;YACjC,eAAe,GAAG,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,aAAa,GAAG,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAClD,MAAM,iBAAiB,GAAG,yBAAyB,KAAK,GAAG,CAAC;QAC5D,IAAI,gBAAgB,GAAa,EAAE,CAAC;QAEpC,IAAI,kBAAkB,GAAG,KAAK,CAAC;QAC/B,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;YAC/B,IAAI,IAAI,CAAC,UAAU,CAAC,uBAAuB,CAAC,EAAE,CAAC;gBAC3C,gBAAgB,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;gBACzC,kBAAkB,GAAG,IAAI,CAAC;YAC9B,CAAC;iBAAM,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBAC5B,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAChC,CAAC;QACL,CAAC;QACD,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACtB,gBAAgB,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC7C,CAAC;QAED,MAAM,cAAc,GAAG;;;;CAI9B,CAAC;QACM,EAAE,CAAC,aAAa,CAAC,eAAe,EAAE,cAAc,GAAG,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;QAEhG,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,yCAAyC,eAAe,EAAE;SACtE,CAAC,CAAC;QAEH,8CAA8C;QAC9C,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QAClD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;QAEnD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACzB,EAAE,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,UAAU,GAAG,EAAE,CAAC;QACpB,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC5B,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;QACtD,CAAC;QAED,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACxC,MAAM,YAAY,GAAG,qCAAqC,KAAK,GAAG,CAAC;QACnE,IAAI,WAAW,GAAa,EAAE,CAAC;QAE/B,IAAI,aAAa,GAAG,KAAK,CAAC;QAC1B,KAAK,MAAM,IAAI,IAAI,QAAQ,EAAE,CAAC;YAC1B,IAAI,IAAI,CAAC,UAAU,CAAC,mCAAmC,CAAC,EAAE,CAAC;gBACvD,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;gBAC/B,aAAa,GAAG,IAAI,CAAC;YACzB,CAAC;iBAAM,IAAI,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;gBAC5B,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC3B,CAAC;QACL,CAAC;QACD,IAAI,CAAC,aAAa,EAAE,CAAC;YACjB,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACnC,CAAC;QAED,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC,CAAC;QAErE,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,yCAAyC,UAAU,EAAE;SACjE,CAAC,CAAC;IACP,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,kDAAkD;QAClD,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,kEAAkE;YAC3E,OAAO,EAAE,EAAE,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;SACvE,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,aAAa,CAAC,EAAmB;IACnD,IAAI,CAAC;QACD,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,+CAA+C;SAC3D,CAAC,CAAC;QAEH,qCAAqC;QACrC,IAAI,MAAM,IAAA,4BAAgB,EAAC,EAAE,CAAC,EAAE,CAAC;YAC7B,kBAAM,CAAC,GAAG,CAAC;gBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,KAAK,EAAE,MAAM;gBACb,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,0DAA0D;aACtE,CAAC,CAAC;YACH,OAAO;QACX,CAAC;QAED,kCAAkC;QAClC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;QACrD,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;QAErD,IAAI,CAAC,QAAQ,IAAI,CAAC,QAAQ,EAAE,CAAC;YACzB,kBAAM,CAAC,GAAG,CAAC;gBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,KAAK,EAAE,MAAM;gBACb,IAAI,EAAE,QAAQ;gBACd,OAAO,EACH,mJAAmJ;aAC1J,CAAC,CAAC;YACH,OAAO;QACX,CAAC;QAED,2BAA2B;QAC3B,MAAM,kBAAkB,GAAG,IAAA,6BAAiB,EAAC,QAAQ,CAAC,CAAC;QACvD,IAAI,CAAC,IAAA,2BAAe,EAAC,kBAAkB,CAAC,EAAE,CAAC;YACvC,kBAAM,CAAC,GAAG,CAAC;gBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,KAAK,EAAE,OAAO;gBACd,IAAI,EAAE,QAAQ;gBACd,OAAO,EACH,0GAA0G;aACjH,CAAC,CAAC;YACH,OAAO;QACX,CAAC;QAED,2BAA2B;QAC3B,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,kBAAM,CAAC,GAAG,CAAC;gBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,KAAK,EAAE,OAAO;gBACd,IAAI,EAAE,QAAQ;gBACd,OAAO,EACH,8EAA8E;aACrF,CAAC,CAAC;YACH,OAAO;QACX,CAAC;QAED,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,4DAA4D;SACxE,CAAC,CAAC;QAEH,oBAAoB;QACpB,MAAM,YAAY,GAAG,MAAM,IAAA,wBAAY,EAAC,QAAQ,CAAC,CAAC;QAClD,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,iDAAiD,YAAY,CAAC,MAAM,GAAG;SACnF,CAAC,CAAC;QAEH,8BAA8B;QAC9B,MAAM,IAAI,GAAG,MAAM,IAAA,gCAAoB,EAAC,EAAE,EAAE,kBAAkB,EAAE,YAAY,CAAC,CAAC;QAE9E,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,iDAAiD;SAC7D,CAAC,CAAC;QACH,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,4BAA4B,IAAI,CAAC,QAAQ,EAAE;SACvD,CAAC,CAAC;QACH,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,sBAAsB,IAAI,CAAC,GAAG,EAAE;SAC5C,CAAC,CAAC;QACH,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,+BAA+B,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE;SAC/E,CAAC,CAAC;QAEH,+CAA+C;QAC/C,MAAM,UAAU,GAAG,MAAM,IAAA,4BAAgB,EAAC,EAAE,EAAE,uBAAuB,EAAE,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACvF,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,uCAAuC,UAAU,CAAC,KAAK,EAAE;SACrE,CAAC,CAAC;QAEH,0DAA0D;QAC1D,MAAM,uBAAuB,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;QAEhD,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,EAAE;SACd,CAAC,CAAC;QACH,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,oBAAoB;SAChC,CAAC,CAAC;QACH,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,eAAe,kBAAkB,EAAE;SAC/C,CAAC,CAAC;QACH,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,MAAM;YACb,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,eAAe,QAAQ,EAAE;SACrC,CAAC,CAAC;IACP,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,OAAO;YACd,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,4BAA4B;YACrC,OAAO,EAAE,EAAE,KAAK,EAAE;SACrB,CAAC,CAAC;QACH,MAAM,KAAK,CAAC;IAChB,CAAC;AACL,CAAC"}

package/dist/auth/api-key-resolver.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Legacy API Key Resolver Stub
+ *
+ * This is a placeholder stub for the deleted ApiKeyResolver.
+ * We've consolidated to Better-Auth API keys via /api/auth/api-key/*.
+ *
+ * TODO: Remove all references to legacy API key system
+ */
+export declare function generateApiKey(): string;
+export declare function getKeyPrefix(): string;
+export declare function hasScope(_apiKey: string | null, _scope: string): boolean;
+//# sourceMappingURL=api-key-resolver.d.ts.map

package/dist/auth/api-key-resolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key-resolver.d.ts","sourceRoot":"","sources":["../../src/auth/api-key-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,wBAAgB,cAAc,IAAI,MAAM,CAEvC;AAED,wBAAgB,YAAY,IAAI,MAAM,CAErC;AAED,wBAAgB,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAGxE"}

package/dist/auth/api-key-resolver.js

@@ -0,0 +1,24 @@
+"use strict";
+/**
+ * Legacy API Key Resolver Stub
+ *
+ * This is a placeholder stub for the deleted ApiKeyResolver.
+ * We've consolidated to Better-Auth API keys via /api/auth/api-key/*.
+ *
+ * TODO: Remove all references to legacy API key system
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateApiKey = generateApiKey;
+exports.getKeyPrefix = getKeyPrefix;
+exports.hasScope = hasScope;
+function generateApiKey() {
+    throw new Error("Legacy API key system deprecated. Use Better-Auth API keys via /api/auth/api-key/*");
+}
+function getKeyPrefix() {
+    throw new Error("Legacy API key system deprecated. Use Better-Auth API keys via /api/auth/api-key/*");
+}
+function hasScope(_apiKey, _scope) {
+    // Better-Auth API keys don't use scopes
+    return true;
+}
+//# sourceMappingURL=api-key-resolver.js.map

package/dist/auth/api-key-resolver.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key-resolver.js","sourceRoot":"","sources":["../../src/auth/api-key-resolver.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AAEH,wCAEC;AAED,oCAEC;AAED,4BAGC;AAXD,SAAgB,cAAc;IAC1B,MAAM,IAAI,KAAK,CAAC,oFAAoF,CAAC,CAAC;AAC1G,CAAC;AAED,SAAgB,YAAY;IACxB,MAAM,IAAI,KAAK,CAAC,oFAAoF,CAAC,CAAC;AAC1G,CAAC;AAED,SAAgB,QAAQ,CAAC,OAAsB,EAAE,MAAc;IAC3D,wCAAwC;IACxC,OAAO,IAAI,CAAC;AAChB,CAAC"}

package/dist/auth/archlast-auth-adapter.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Legacy ArchlastAuthAdapter Stub
+ *
+ * This is a placeholder stub for the deleted ArchlastAuthAdapter.
+ * The legacy /_auth/* system still references this, but we've consolidated
+ * to Better-Auth for all authentication.
+ *
+ * TODO: Remove the legacy /_auth/* endpoints and migrate to Better-Auth
+ */
+import type { IDatabaseClient } from "../db/interfaces.js";
+export declare class ArchlastAuthAdapter {
+    private db;
+    constructor(db: IDatabaseClient);
+    createSessionForUser(_options: {
+        userId: string;
+        tenantId?: string;
+    }): Promise<any>;
+    revokeSessionByToken(_token: string): Promise<void>;
+    updateSessionTenant(_token: string, _tenantId: string): Promise<void>;
+    verify(_input: any): Promise<any>;
+}
+//# sourceMappingURL=archlast-auth-adapter.d.ts.map

package/dist/auth/archlast-auth-adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"archlast-auth-adapter.d.ts","sourceRoot":"","sources":["../../src/auth/archlast-auth-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAE3D,qBAAa,mBAAmB;IAChB,OAAO,CAAC,EAAE;gBAAF,EAAE,EAAE,eAAe;IAEjC,oBAAoB,CAAC,QAAQ,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC,GAAG,CAAC;IAInF,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAInD,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIrE,MAAM,CAAC,MAAM,EAAE,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC;CAG1C"}

package/dist/auth/archlast-auth-adapter.js

@@ -0,0 +1,32 @@
+"use strict";
+/**
+ * Legacy ArchlastAuthAdapter Stub
+ *
+ * This is a placeholder stub for the deleted ArchlastAuthAdapter.
+ * The legacy /_auth/* system still references this, but we've consolidated
+ * to Better-Auth for all authentication.
+ *
+ * TODO: Remove the legacy /_auth/* endpoints and migrate to Better-Auth
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ArchlastAuthAdapter = void 0;
+class ArchlastAuthAdapter {
+    db;
+    constructor(db) {
+        this.db = db;
+    }
+    async createSessionForUser(_options) {
+        throw new Error("Legacy auth system deprecated. Use Better-Auth via /api/auth/*");
+    }
+    async revokeSessionByToken(_token) {
+        throw new Error("Legacy auth system deprecated. Use Better-Auth via /api/auth/*");
+    }
+    async updateSessionTenant(_token, _tenantId) {
+        throw new Error("Legacy auth system deprecated. Use Better-Auth via /api/auth/*");
+    }
+    async verify(_input) {
+        return { isAuthenticated: false };
+    }
+}
+exports.ArchlastAuthAdapter = ArchlastAuthAdapter;
+//# sourceMappingURL=archlast-auth-adapter.js.map

package/dist/auth/archlast-auth-adapter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"archlast-auth-adapter.js","sourceRoot":"","sources":["../../src/auth/archlast-auth-adapter.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;;AAIH,MAAa,mBAAmB;IACR;IAApB,YAAoB,EAAmB;QAAnB,OAAE,GAAF,EAAE,CAAiB;IAAG,CAAC;IAE3C,KAAK,CAAC,oBAAoB,CAAC,QAA+C;QACtE,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;IACtF,CAAC;IAED,KAAK,CAAC,oBAAoB,CAAC,MAAc;QACrC,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;IACtF,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,MAAc,EAAE,SAAiB;QACvD,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;IACtF,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,MAAW;QACpB,OAAO,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;IACtC,CAAC;CACJ;AAlBD,kDAkBC"}

package/dist/auth/audit.d.ts

@@ -0,0 +1,65 @@
+/** Audit Log Helper - Simplified */
+import type { MutationCtx } from "../functions/types";
+export interface AuditLogEntry {
+    action: string;
+    resourceType: string;
+    resourceId: string;
+    status: "success" | "failure";
+    errorMessage?: string;
+    errorCode?: string;
+    metadata?: any;
+}
+export declare function writeAuditLog(ctx: MutationCtx, entry: AuditLogEntry): Promise<void>;
+export interface SecurityEventEntry {
+    eventType: string;
+    severity: "low" | "medium" | "high" | "critical";
+    userId?: string;
+    email?: string;
+    ipAddress: string;
+    userAgent?: string;
+    description: string;
+    metadata?: any;
+}
+export declare function writeSecurityEvent(ctx: MutationCtx, entry: SecurityEventEntry): Promise<void>;
+export declare function trackFailedLogin(ctx: MutationCtx, email: string, ipAddress: string, userAgent?: string): Promise<{
+    shouldBlock: boolean;
+    attemptCount: number;
+}>;
+export declare function clearFailedLoginAttempts(ctx: MutationCtx, email: string): Promise<void>;
+export declare const AuditActions: {
+    readonly SIGN_UP: "auth.signUp";
+    readonly SIGN_IN: "auth.signIn";
+    readonly SIGN_OUT: "auth.signOut";
+    readonly REFRESH_SESSION: "auth.refreshSession";
+    readonly REVOKE_SESSION: "auth.revokeSession";
+    readonly REVOKE_ALL_SESSIONS: "auth.revokeAllSessions";
+    readonly CHANGE_PASSWORD: "auth.changePassword";
+    readonly REQUEST_PASSWORD_RESET: "auth.requestPasswordReset";
+    readonly RESET_PASSWORD: "auth.resetPassword";
+    readonly REQUEST_EMAIL_VERIFICATION: "auth.requestEmailVerification";
+    readonly VERIFY_EMAIL: "auth.verifyEmail";
+    readonly CREATE_TENANT: "auth.createTenant";
+    readonly SWITCH_TENANT: "auth.switchTenant";
+    readonly DELETE_TENANT: "auth.deleteTenant";
+    readonly INVITE_USER: "auth.inviteUser";
+    readonly ACCEPT_INVITE: "auth.acceptInvite";
+    readonly REMOVE_MEMBER: "auth.removeMember";
+    readonly UPDATE_MEMBER_ROLE: "auth.updateMemberRole";
+    readonly CREATE_API_KEY: "auth.createApiKey";
+    readonly REVOKE_API_KEY: "auth.revokeApiKey";
+    readonly ROTATE_API_KEY: "auth.rotateApiKey";
+    readonly LIST_API_KEYS: "auth.listApiKeys";
+    readonly OAUTH_START: "auth.oauth.start";
+    readonly OAUTH_CALLBACK: "auth.oauth.callback";
+};
+export declare const ResourceTypes: {
+    readonly SESSION: "session";
+    readonly USER: "user";
+    readonly TENANT: "tenant";
+    readonly MEMBERSHIP: "membership";
+    readonly INVITE: "invite";
+    readonly API_KEY: "apiKey";
+    readonly PASSWORD_RESET_TOKEN: "passwordResetToken";
+    readonly EMAIL_VERIFICATION_TOKEN: "emailVerificationToken";
+};
+//# sourceMappingURL=audit.d.ts.map

package/dist/auth/audit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/auth/audit.ts"],"names":[],"mappings":"AAAA,oCAAoC;AACpC,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAKtD,MAAM,WAAW,aAAa;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,SAAS,GAAG,SAAS,CAAC;IAC9B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,GAAG,CAAC;CAClB;AAED,wBAAsB,aAAa,CAAC,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAgCzF;AAED,MAAM,WAAW,kBAAkB;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,KAAK,GAAG,QAAQ,GAAG,MAAM,GAAG,UAAU,CAAC;IACjD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,GAAG,CAAC;CAClB;AAED,wBAAsB,kBAAkB,CACpC,GAAG,EAAE,WAAW,EAChB,KAAK,EAAE,kBAAkB,GAC1B,OAAO,CAAC,IAAI,CAAC,CAwBf;AAED,wBAAsB,gBAAgB,CAClC,GAAG,EAAE,WAAW,EAChB,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,MAAM,EACjB,SAAS,CAAC,EAAE,MAAM;;;GAuBrB;AAED,wBAAsB,wBAAwB,CAAC,GAAG,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,iBAgB7E;AAED,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;CAyBf,CAAC;AAEX,eAAO,MAAM,aAAa;;;;;;;;;CAShB,CAAC"}

package/dist/auth/audit.js

@@ -0,0 +1,138 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ResourceTypes = exports.AuditActions = void 0;
+exports.writeAuditLog = writeAuditLog;
+exports.writeSecurityEvent = writeSecurityEvent;
+exports.trackFailedLogin = trackFailedLogin;
+exports.clearFailedLoginAttempts = clearFailedLoginAttempts;
+const logger_js_1 = require("../logging/logger.js");
+const cuid2_1 = require("@paralleldrive/cuid2");
+async function writeAuditLog(ctx, entry) {
+    try {
+        const { auth } = ctx;
+        const tenantId = auth.tenant?._id || null;
+        const userId = auth.userId;
+        const apiKeyId = auth.apiKeyId;
+        const actorType = auth.type === "apiKey" ? "apiKey" : auth.userId ? "user" : "system";
+        await ctx.db.insert("auth_audit_logs", {
+            _id: (0, cuid2_1.createId)(),
+            tenantId,
+            userId,
+            apiKeyId,
+            actorType,
+            action: entry.action,
+            resourceType: entry.resourceType,
+            resourceId: entry.resourceId,
+            status: entry.status,
+            errorMessage: entry.errorMessage,
+            errorCode: entry.errorCode,
+            timestamp: Date.now(),
+        });
+    }
+    catch (error) {
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "error",
+            kind: "system",
+            message: "[Audit Log Error]",
+            context: { error: error instanceof Error ? error.message : String(error) },
+        });
+    }
+}
+async function writeSecurityEvent(ctx, entry) {
+    try {
+        await ctx.db.insert("auth_security_events", {
+            _id: (0, cuid2_1.createId)(),
+            tenantId: ctx.auth.tenant?._id,
+            eventType: entry.eventType,
+            severity: entry.severity,
+            userId: entry.userId,
+            email: entry.email,
+            ipAddress: entry.ipAddress,
+            userAgent: entry.userAgent,
+            description: entry.description,
+            resolved: false,
+            timestamp: Date.now(),
+        });
+    }
+    catch (error) {
+        logger_js_1.logger.log({
+            timestamp: Date.now(),
+            level: "error",
+            kind: "system",
+            message: "[Security Event Error]",
+            context: { error: error instanceof Error ? error.message : String(error) },
+        });
+    }
+}
+async function trackFailedLogin(ctx, email, ipAddress, userAgent) {
+    const now = Date.now();
+    const timeWindow = 15 * 60 * 1000;
+    const maxAttempts = 5;
+    const recentEvents = await ctx.db
+        .query("auth_security_events")
+        .where({ eventType: "failed_login", email })
+        .findMany();
+    const attemptCount = recentEvents.filter((e) => e.timestamp > now - timeWindow).length + 1;
+    await writeSecurityEvent(ctx, {
+        eventType: "failed_login",
+        severity: attemptCount >= maxAttempts ? "high" : "medium",
+        email,
+        ipAddress,
+        userAgent,
+        description: `Failed login attempt ${attemptCount} for ${email}`,
+    });
+    return { shouldBlock: attemptCount >= maxAttempts, attemptCount };
+}
+async function clearFailedLoginAttempts(ctx, email) {
+    const now = Date.now();
+    const timeWindow = 15 * 60 * 1000;
+    const recentEvents = await ctx.db
+        .query("auth_security_events")
+        .where({ eventType: "failed_login", email, resolved: false })
+        .findMany();
+    for (const event of recentEvents.filter((e) => e.timestamp > now - timeWindow)) {
+        await ctx.db.update("auth_security_events", event._id, {
+            resolved: true,
+            resolvedAt: now,
+            resolution: "successful_login",
+        });
+    }
+}
+exports.AuditActions = {
+    SIGN_UP: "auth.signUp",
+    SIGN_IN: "auth.signIn",
+    SIGN_OUT: "auth.signOut",
+    REFRESH_SESSION: "auth.refreshSession",
+    REVOKE_SESSION: "auth.revokeSession",
+    REVOKE_ALL_SESSIONS: "auth.revokeAllSessions",
+    CHANGE_PASSWORD: "auth.changePassword",
+    REQUEST_PASSWORD_RESET: "auth.requestPasswordReset",
+    RESET_PASSWORD: "auth.resetPassword",
+    REQUEST_EMAIL_VERIFICATION: "auth.requestEmailVerification",
+    VERIFY_EMAIL: "auth.verifyEmail",
+    CREATE_TENANT: "auth.createTenant",
+    SWITCH_TENANT: "auth.switchTenant",
+    DELETE_TENANT: "auth.deleteTenant",
+    INVITE_USER: "auth.inviteUser",
+    ACCEPT_INVITE: "auth.acceptInvite",
+    REMOVE_MEMBER: "auth.removeMember",
+    UPDATE_MEMBER_ROLE: "auth.updateMemberRole",
+    CREATE_API_KEY: "auth.createApiKey",
+    REVOKE_API_KEY: "auth.revokeApiKey",
+    ROTATE_API_KEY: "auth.rotateApiKey",
+    LIST_API_KEYS: "auth.listApiKeys",
+    OAUTH_START: "auth.oauth.start",
+    OAUTH_CALLBACK: "auth.oauth.callback",
+};
+exports.ResourceTypes = {
+    SESSION: "session",
+    USER: "user",
+    TENANT: "tenant",
+    MEMBERSHIP: "membership",
+    INVITE: "invite",
+    API_KEY: "apiKey",
+    PASSWORD_RESET_TOKEN: "passwordResetToken",
+    EMAIL_VERIFICATION_TOKEN: "emailVerificationToken",
+};
+//# sourceMappingURL=audit.js.map

package/dist/auth/audit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/auth/audit.ts"],"names":[],"mappings":";;;AAgBA,sCAgCC;AAaD,gDA2BC;AAED,4CA2BC;AAED,4DAgBC;AArID,oDAA8C;AAE9C,gDAAgD;AAYzC,KAAK,UAAU,aAAa,CAAC,GAAgB,EAAE,KAAoB;IACtE,IAAI,CAAC;QACD,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC;QACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,IAAI,IAAI,CAAC;QAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;QAC3B,MAAM,QAAQ,GAAI,IAAY,CAAC,QAAQ,CAAC;QACxC,MAAM,SAAS,GACV,IAAY,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC;QAEjF,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,iBAAiB,EAAE;YACnC,GAAG,EAAE,IAAA,gBAAQ,GAAE;YACf,QAAQ;YACR,MAAM;YACN,QAAQ;YACR,SAAS;YACT,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACxB,CAAC,CAAC;IACP,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,OAAO;YACd,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,mBAAmB;YAC5B,OAAO,EAAE,EAAE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;SAC7E,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAaM,KAAK,UAAU,kBAAkB,CACpC,GAAgB,EAChB,KAAyB;IAEzB,IAAI,CAAC;QACD,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,sBAAsB,EAAE;YACxC,GAAG,EAAE,IAAA,gBAAQ,GAAE;YACf,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG;YAC9B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,MAAM,EAAE,KAAK,CAAC,MAAM;YACpB,KAAK,EAAE,KAAK,CAAC,KAAK;YAClB,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,SAAS,EAAE,KAAK,CAAC,SAAS;YAC1B,WAAW,EAAE,KAAK,CAAC,WAAW;YAC9B,QAAQ,EAAE,KAAK;YACf,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACxB,CAAC,CAAC;IACP,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACb,kBAAM,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,KAAK,EAAE,OAAO;YACd,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,wBAAwB;YACjC,OAAO,EAAE,EAAE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;SAC7E,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,gBAAgB,CAClC,GAAgB,EAChB,KAAa,EACb,SAAiB,EACjB,SAAkB;IAElB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IAClC,MAAM,WAAW,GAAG,CAAC,CAAC;IAEtB,MAAM,YAAY,GAAG,MAAM,GAAG,CAAC,EAAE;SAC5B,KAAK,CAAC,sBAAsB,CAAC;SAC7B,KAAK,CAAC,EAAE,SAAS,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC;SAC3C,QAAQ,EAAE,CAAC;IAEhB,MAAM,YAAY,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC;IAE3F,MAAM,kBAAkB,CAAC,GAAG,EAAE;QAC1B,SAAS,EAAE,cAAc;QACzB,QAAQ,EAAE,YAAY,IAAI,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ;QACzD,KAAK;QACL,SAAS;QACT,SAAS;QACT,WAAW,EAAE,wBAAwB,YAAY,QAAQ,KAAK,EAAE;KACnE,CAAC,CAAC;IAEH,OAAO,EAAE,WAAW,EAAE,YAAY,IAAI,WAAW,EAAE,YAAY,EAAE,CAAC;AACtE,CAAC;AAEM,KAAK,UAAU,wBAAwB,CAAC,GAAgB,EAAE,KAAa;IAC1E,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IAElC,MAAM,YAAY,GAAG,MAAM,GAAG,CAAC,EAAE;SAC5B,KAAK,CAAC,sBAAsB,CAAC;SAC7B,KAAK,CAAC,EAAE,SAAS,EAAE,cAAc,EAAE,KAAK,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;SAC5D,QAAQ,EAAE,CAAC;IAEhB,KAAK,MAAM,KAAK,IAAI,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,GAAG,GAAG,GAAG,UAAU,CAAC,EAAE,CAAC;QAC7E,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,sBAAsB,EAAE,KAAK,CAAC,GAAG,EAAE;YACnD,QAAQ,EAAE,IAAI;YACd,UAAU,EAAE,GAAG;YACf,UAAU,EAAE,kBAAkB;SACjC,CAAC,CAAC;IACP,CAAC;AACL,CAAC;AAEY,QAAA,YAAY,GAAG;IACxB,OAAO,EAAE,aAAa;IACtB,OAAO,EAAE,aAAa;IACtB,QAAQ,EAAE,cAAc;IACxB,eAAe,EAAE,qBAAqB;IACtC,cAAc,EAAE,oBAAoB;IACpC,mBAAmB,EAAE,wBAAwB;IAC7C,eAAe,EAAE,qBAAqB;IACtC,sBAAsB,EAAE,2BAA2B;IACnD,cAAc,EAAE,oBAAoB;IACpC,0BAA0B,EAAE,+BAA+B;IAC3D,YAAY,EAAE,kBAAkB;IAChC,aAAa,EAAE,mBAAmB;IAClC,aAAa,EAAE,mBAAmB;IAClC,aAAa,EAAE,mBAAmB;IAClC,WAAW,EAAE,iBAAiB;IAC9B,aAAa,EAAE,mBAAmB;IAClC,aAAa,EAAE,mBAAmB;IAClC,kBAAkB,EAAE,uBAAuB;IAC3C,cAAc,EAAE,mBAAmB;IACnC,cAAc,EAAE,mBAAmB;IACnC,cAAc,EAAE,mBAAmB;IACnC,aAAa,EAAE,kBAAkB;IACjC,WAAW,EAAE,kBAAkB;IAC/B,cAAc,EAAE,qBAAqB;CAC/B,CAAC;AAEE,QAAA,aAAa,GAAG;IACzB,OAAO,EAAE,SAAS;IAClB,IAAI,EAAE,MAAM;IACZ,MAAM,EAAE,QAAQ;IAChB,UAAU,EAAE,YAAY;IACxB,MAAM,EAAE,QAAQ;IAChB,OAAO,EAAE,QAAQ;IACjB,oBAAoB,EAAE,oBAAoB;IAC1C,wBAAwB,EAAE,wBAAwB;CAC5C,CAAC"}

package/dist/auth/better-auth-adapter.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Better-Auth Database Adapter for Archlast
+ *
+ * This adapter maps Better-Auth operations to Archlast's IDatabaseClient.
+ * It handles:
+ * - Key mapping: id <-> _id (Better-Auth uses id, Archlast uses _id)
+ * - Table name mapping: user <-> system_auth_user, session <-> system_auth_session, etc.
+ * - Where clause transformation
+ * - Transaction support
+ */
+import type { IDatabaseClient } from "../db/interfaces.js";
+/**
+ * Configuration options for the Better-Auth adapter
+ */
+export interface BetterAuthAdapterConfig {
+    /**
+     * Enable debug logging
+     */
+    debugLogs?: boolean;
+}
+/**
+ * Create a Better-Auth adapter factory for Archlast
+ * @param db The database client instance
+ * @param config Optional configuration
+ */
+export declare function createArchlastBetterAuthAdapter(db: IDatabaseClient, config?: BetterAuthAdapterConfig): import("better-auth/adapters", { with: { "resolution-mode": "import" } }).AdapterFactory;
+/**
+ * Create the Better-Auth adapter with a database instance
+ *
+ * Returns the adapter factory directly - Better-Auth knows how to handle this.
+ * Do NOT wrap or modify the factory result, as this breaks Better-Auth's
+ * internal getCurrentAdapter function.
+ */
+export declare function archlastBetterAuthAdapter(db: IDatabaseClient, config?: BetterAuthAdapterConfig): import("better-auth/adapters", { with: { "resolution-mode": "import" } }).AdapterFactory;
+//# sourceMappingURL=better-auth-adapter.d.ts.map

package/dist/auth/better-auth-adapter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"better-auth-adapter.d.ts","sourceRoot":"","sources":["../../src/auth/better-auth-adapter.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAE3D;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACpC;;OAEG;IACH,SAAS,CAAC,EAAE,OAAO,CAAC;CACvB;AA2PD;;;;GAIG;AACH,wBAAgB,+BAA+B,CAC3C,EAAE,EAAE,eAAe,EACnB,MAAM,GAAE,uBAA4B,4FA6QvC;AAED;;;;;;GAMG;AACH,wBAAgB,yBAAyB,CACrC,EAAE,EAAE,eAAe,EACnB,MAAM,GAAE,uBAA4B,4FAIvC"}