@archlast/server 0.0.1

package/dist/functions/built-in/auth-apikey.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-apikey.d.ts","sourceRoot":"","sources":["../../../src/functions/built-in/auth-apikey.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AA0IH,eAAO,MAAM,gBAAgB,4CAK3B,CAAC;AAyFH,eAAO,MAAM,gBAAgB,4CAK3B,CAAC;AAyHH,eAAO,MAAM,gBAAgB,4CAK3B,CAAC;AA0FH,eAAO,MAAM,eAAe,4CAK1B,CAAC"}

package/dist/functions/built-in/auth-apikey.js

@@ -0,0 +1,344 @@
+"use strict";
+/**
+ * Built-in Auth Functions: API Key Management
+ *
+ * - auth.createApiKey: Create a new admin API key
+ * - auth.revokeApiKey: Revoke an API key
+ * - auth.rotateApiKey: Rotate an API key (revoke old, create new)
+ * - auth.listApiKeys: List all API keys for current tenant
+ *
+ * Features:
+ * - Raw key shown ONCE at creation
+ * - Only keyHash stored (SHA-256 + pepper)
+ * - Tenant-bound and permission-scoped
+ * - Immediate revocation with cache invalidation
+ * - Comprehensive audit logging
+ * - WebSocket session eviction on revoke
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authListApiKeys = exports.authRotateApiKey = exports.authRevokeApiKey = exports.authCreateApiKey = void 0;
+const definition_1 = require("../definition");
+const zod_1 = require("zod");
+const audit_1 = require("../../auth/audit");
+/**
+ * Legacy API key functions - DEPRECATED
+ *
+ * These functions are deprecated. Use Better-Auth API keys instead.
+ * API keys can be managed via the admin dashboard at /dashboard/users (for admins)
+ * or via Better Auth's API key endpoints at /api/auth/api-key/*
+ *
+ * Better-Auth API keys:
+ * - Prefix: arch_ (e.g., arch_abc123...)
+ * - Header: x-api-key or Authorization: Bearer arch_*
+ * - Features: Rate limiting, expiration, metadata, permissions
+ * - Management: Dashboard or Better Auth API
+ */
+// ============================================================================
+// auth.createApiKey
+// ============================================================================
+const createApiKeyArgs = {
+    name: zod_1.z.string().min(1).max(100),
+    description: zod_1.z.string().optional(),
+    permissions: zod_1.z.array(zod_1.z.string()).default([]),
+    scopes: zod_1.z
+        .array(zod_1.z.enum(["query", "mutation", "action"]))
+        .default(["query", "mutation", "action"]),
+    expiresAt: zod_1.z.number().optional(), // Optional expiration timestamp
+    metadata: zod_1.z
+        .object({
+        allowedIps: zod_1.z.array(zod_1.z.string()).optional(),
+        rateLimit: zod_1.z.number().optional(),
+        environment: zod_1.z.string().optional(),
+    })
+        .optional(),
+};
+async function createApiKeyHandler(ctx, args) {
+    const { auth } = ctx;
+    throw new Error("Legacy API key system deprecated. Please use Better-Auth API keys via the admin dashboard at /_archlast/admin/api-keys");
+    // Require authentication and tenant
+    // auth.requireAuthenticated();
+    // auth.requireTenant();
+    // auth.requirePermission("apikey.create");
+    // // API keys cannot create other API keys
+    // if (auth.type === "apiKey") {
+    //     throw new Error("API keys cannot create other API keys");
+    // }
+    // const now = Date.now();
+    // const apiKeyId = createId();
+    // // Generate raw API key (shown only once)
+    // // const rawKey = generateApiKey();
+    // // const keyHash = hashSessionToken(rawKey);
+    // // const keyPrefix = getKeyPrefix(rawKey);
+    // // Validate permissions
+    // if (args.permissions.length === 0) {
+    //     throw new Error("API key must have at least one permission");
+    // }
+    // // Create API key document
+    // const apiKeyDoc = {
+    //     _id: apiKeyId,
+    //     tenantId: auth.tenantId!,
+    //     name: args.name,
+    //     description: args.description,
+    //     keyHash,
+    //     keyPrefix,
+    //     permissions: args.permissions,
+    //     scopes: args.scopes,
+    //     createdAt: now,
+    //     createdBy: auth.userId!,
+    //     expiresAt: args.expiresAt,
+    //     metadata: args.metadata,
+    // };
+    // await ctx.db.insert("auth_admin_api_keys", apiKeyDoc);
+    // // Write audit log
+    // await writeAuditLog(ctx, {
+    //     action: AuditActions.CREATE_API_KEY,
+    //     resourceType: ResourceTypes.API_KEY,
+    //     resourceId: apiKeyId,
+    //     status: "success",
+    //     metadata: {
+    //         additionalInfo: {
+    //             name: args.name,
+    //             keyPrefix,
+    //             permissions: args.permissions,
+    //             scopes: args.scopes,
+    //             expiresAt: args.expiresAt,
+    //         },
+    //     },
+    // });
+    // // Invalidate cache
+    // ctx.db.clearCache();
+    // return {
+    //     apiKey: rawKey, // CRITICAL: Only time raw key is returned
+    //     apiKeyId,
+    //     keyPrefix,
+    //     name: args.name,
+    //     permissions: args.permissions,
+    //     scopes: args.scopes,
+    //     createdAt: now,
+    //     expiresAt: args.expiresAt,
+    // };
+}
+exports.authCreateApiKey = (0, definition_1.mutation)({
+    args: createApiKeyArgs,
+    handler: createApiKeyHandler,
+    auth: "required",
+    permissions: ["apikey.create"],
+});
+// ============================================================================
+// auth.revokeApiKey
+// ============================================================================
+const revokeApiKeyArgs = {
+    apiKeyId: zod_1.z.string(),
+    reason: zod_1.z.string().optional(),
+};
+async function revokeApiKeyHandler(ctx, args) {
+    const { auth } = ctx;
+    const { apiKeyId, reason } = args;
+    // Require authentication and tenant
+    auth.requireAuthenticated();
+    auth.requireTenant();
+    auth.requirePermission("apikey.revoke");
+    // API keys cannot revoke themselves or other keys
+    if (auth.type === "apiKey") {
+        throw new Error("API keys cannot revoke API keys");
+    }
+    // Get API key
+    const apiKey = await ctx.db.get("auth_admin_api_keys", apiKeyId);
+    if (!apiKey) {
+        throw new Error("API key not found");
+    }
+    // Verify tenant ownership
+    if (apiKey.tenantId !== auth.tenantId) {
+        throw new Error("Cannot revoke API key from another tenant");
+    }
+    // Check if already revoked
+    if (apiKey.revokedAt) {
+        throw new Error("API key is already revoked");
+    }
+    // Revoke API key
+    const now = Date.now();
+    await ctx.db.update("auth_admin_api_keys", apiKeyId, {
+        revokedAt: now,
+        revokedBy: auth.userId,
+        revokedReason: reason,
+    });
+    // Write audit log
+    await (0, audit_1.writeAuditLog)(ctx, {
+        action: audit_1.AuditActions.REVOKE_API_KEY,
+        resourceType: audit_1.ResourceTypes.API_KEY,
+        resourceId: apiKeyId,
+        status: "success",
+        metadata: {
+            additionalInfo: {
+                name: apiKey.name,
+                keyPrefix: apiKey.keyPrefix,
+                reason,
+            },
+        },
+    });
+    // Invalidate cache (immediate revocation)
+    ctx.db.clearCache();
+    // TODO: WebSocket session eviction
+    // Any active WebSocket connections using this API key should be disconnected
+    return {
+        success: true,
+        apiKeyId,
+        revokedAt: now,
+    };
+}
+exports.authRevokeApiKey = (0, definition_1.mutation)({
+    args: revokeApiKeyArgs,
+    handler: revokeApiKeyHandler,
+    auth: "required",
+    permissions: ["apikey.revoke"],
+});
+// ============================================================================
+// auth.rotateApiKey
+// ============================================================================
+const rotateApiKeyArgs = {
+    apiKeyId: zod_1.z.string(),
+    reason: zod_1.z.string().optional(),
+};
+async function rotateApiKeyHandler(ctx, args) {
+    const { auth } = ctx;
+    const { apiKeyId, reason } = args;
+    // Require authentication and tenant
+    auth.requireAuthenticated();
+    auth.requireTenant();
+    auth.requirePermission("apikey.rotate");
+    // API keys cannot rotate themselves or other keys
+    if (auth.type === "apiKey") {
+        throw new Error("API keys cannot rotate API keys");
+    }
+    // Get existing API key
+    const oldApiKey = await ctx.db.get("auth_admin_api_keys", apiKeyId);
+    if (!oldApiKey) {
+        throw new Error("API key not found");
+    }
+    // Verify tenant ownership
+    if (oldApiKey.tenantId !== auth.tenantId) {
+        throw new Error("Cannot rotate API key from another tenant");
+    }
+    throw new Error("Legacy API key system deprecated. Please use Better-Auth API keys via the admin dashboard at /_archlast/admin/api-keys");
+    // // Check if already revoked
+    // if (oldApiKey.revokedAt) {
+    //     throw new Error("Cannot rotate a revoked API key");
+    // }
+    // const now = Date.now();
+    // // Generate new API key
+    // // const rawKey = generateApiKey();
+    // // const keyHash = hashSessionToken(rawKey);
+    // // const keyPrefix = getKeyPrefix(rawKey);
+    // const newApiKeyId = createId();
+    // // Create new API key with same permissions/scopes
+    // const newApiKeyDoc = {
+    //     _id: newApiKeyId,
+    //     tenantId: auth.tenantId!,
+    //     name: `${oldApiKey.name} (rotated)`,
+    //     description: oldApiKey.description,
+    //     keyHash,
+    //     keyPrefix,
+    //     permissions: oldApiKey.permissions,
+    //     scopes: oldApiKey.scopes,
+    //     createdAt: now,
+    //     createdBy: auth.userId!,
+    //     expiresAt: oldApiKey.expiresAt,
+    //     metadata: {
+    //         ...oldApiKey.metadata,
+    //         rotatedFrom: apiKeyId,
+    //     },
+    // };
+    // await ctx.db.insert("auth_admin_api_keys", newApiKeyDoc);
+    // // Revoke old API key
+    // await ctx.db.update("auth_admin_api_keys", apiKeyId, {
+    //     revokedAt: now,
+    //     revokedBy: auth.userId!,
+    //     revokedReason: reason || "Rotated to new key",
+    // });
+    // // Write audit log
+    // await writeAuditLog(ctx, {
+    //     action: AuditActions.ROTATE_API_KEY,
+    //     resourceType: ResourceTypes.API_KEY,
+    //     resourceId: newApiKeyId,
+    //     status: "success",
+    //     metadata: {
+    //         additionalInfo: {
+    //             oldApiKeyId: apiKeyId,
+    //             newApiKeyId,
+    //             name: oldApiKey.name,
+    //             reason,
+    //         },
+    //     },
+    // });
+    // // Invalidate cache
+    // ctx.db.clearCache();
+    // return {
+    //     apiKey: rawKey, // CRITICAL: Only time new raw key is returned
+    //     apiKeyId: newApiKeyId,
+    //     keyPrefix,
+    //     oldApiKeyId: apiKeyId,
+    //     revokedAt: now,
+    // };
+}
+exports.authRotateApiKey = (0, definition_1.mutation)({
+    args: rotateApiKeyArgs,
+    handler: rotateApiKeyHandler,
+    auth: "required",
+    permissions: ["apikey.rotate"],
+});
+// ============================================================================
+// auth.listApiKeys
+// ============================================================================
+const listApiKeysArgs = {
+    includeRevoked: zod_1.z.boolean().optional().default(false),
+};
+async function listApiKeysHandler(ctx, args) {
+    const { auth } = ctx;
+    const { includeRevoked } = args;
+    // Require authentication and tenant
+    auth.requireAuthenticated();
+    auth.requireTenant();
+    auth.requirePermission("apikey.read");
+    // Build query
+    let query = ctx.db.query("auth_admin_api_keys").where({
+        tenantId: auth.tenantId,
+    });
+    // Filter out revoked keys unless explicitly requested
+    if (!includeRevoked) {
+        query = query.where({ revokedAt: null });
+    }
+    const apiKeys = await query.findMany();
+    // Map to response format (never include keyHash)
+    const items = apiKeys.map((key) => ({
+        _id: key._id,
+        name: key.name,
+        description: key.description,
+        keyPrefix: key.keyPrefix,
+        permissions: key.permissions || [],
+        scopes: key.scopes || [],
+        createdAt: key.createdAt,
+        createdBy: key.createdBy,
+        lastUsedAt: key.lastUsedAt,
+        expiresAt: key.expiresAt,
+        revokedAt: key.revokedAt,
+        revokedBy: key.revokedBy,
+        revokedReason: key.revokedReason,
+        metadata: key.metadata
+            ? {
+                environment: key.metadata.environment,
+                rotatedFrom: key.metadata.rotatedFrom,
+            }
+            : undefined,
+    }));
+    return {
+        apiKeys: items,
+        total: items.length,
+    };
+}
+exports.authListApiKeys = (0, definition_1.query)({
+    args: listApiKeysArgs,
+    handler: listApiKeysHandler,
+    auth: "required",
+    permissions: ["apikey.read"],
+});
+//# sourceMappingURL=auth-apikey.js.map

package/dist/functions/built-in/auth-apikey.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-apikey.js","sourceRoot":"","sources":["../../../src/functions/built-in/auth-apikey.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;AAEH,8CAAgD;AAChD,6BAAwB;AAGxB,4CAA8E;AAG9E;;;;;;;;;;;;GAYG;AAEH,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E,MAAM,gBAAgB,GAAG;IACrB,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;IAChC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,WAAW,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IAC5C,MAAM,EAAE,OAAC;SACJ,KAAK,CAAC,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC;SAC9C,OAAO,CAAC,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;IAC7C,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,gCAAgC;IAClE,QAAQ,EAAE,OAAC;SACN,MAAM,CAAC;QACJ,UAAU,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QAC1C,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAChC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACrC,CAAC;SACD,QAAQ,EAAE;CAClB,CAAC;AAeF,KAAK,UAAU,mBAAmB,CAC9B,GAAgB,EAChB,IAAsB;IAEtB,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC;IAErB,MAAM,IAAI,KAAK,CAAC,wHAAwH,CAAC,CAAC;IAE1I,oCAAoC;IACpC,+BAA+B;IAC/B,wBAAwB;IACxB,2CAA2C;IAE3C,2CAA2C;IAC3C,gCAAgC;IAChC,gEAAgE;IAChE,IAAI;IAEJ,0BAA0B;IAC1B,+BAA+B;IAE/B,4CAA4C;IAC5C,sCAAsC;IACtC,+CAA+C;IAC/C,6CAA6C;IAE7C,0BAA0B;IAC1B,uCAAuC;IACvC,oEAAoE;IACpE,IAAI;IAEJ,6BAA6B;IAC7B,sBAAsB;IACtB,qBAAqB;IACrB,gCAAgC;IAChC,uBAAuB;IACvB,qCAAqC;IACrC,eAAe;IACf,iBAAiB;IACjB,qCAAqC;IACrC,2BAA2B;IAC3B,sBAAsB;IACtB,+BAA+B;IAC/B,iCAAiC;IACjC,+BAA+B;IAC/B,KAAK;IAEL,yDAAyD;IAEzD,qBAAqB;IACrB,6BAA6B;IAC7B,2CAA2C;IAC3C,2CAA2C;IAC3C,4BAA4B;IAC5B,yBAAyB;IACzB,kBAAkB;IAClB,4BAA4B;IAC5B,+BAA+B;IAC/B,yBAAyB;IACzB,6CAA6C;IAC7C,mCAAmC;IACnC,yCAAyC;IACzC,aAAa;IACb,SAAS;IACT,MAAM;IAEN,sBAAsB;IACtB,uBAAuB;IAEvB,WAAW;IACX,iEAAiE;IACjE,gBAAgB;IAChB,iBAAiB;IACjB,uBAAuB;IACvB,qCAAqC;IACrC,2BAA2B;IAC3B,sBAAsB;IACtB,iCAAiC;IACjC,KAAK;AACT,CAAC;AAEY,QAAA,gBAAgB,GAAG,IAAA,qBAAQ,EAAC;IACrC,IAAI,EAAE,gBAAgB;IACtB,OAAO,EAAE,mBAAmB;IAC5B,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,CAAC,eAAe,CAAC;CACjC,CAAC,CAAC;AAEH,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E,MAAM,gBAAgB,GAAG;IACrB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;IACpB,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC;AAUF,KAAK,UAAU,mBAAmB,CAC9B,GAAgB,EAChB,IAAsB;IAEtB,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC;IACrB,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAElC,oCAAoC;IACpC,IAAI,CAAC,oBAAoB,EAAE,CAAC;IAC5B,IAAI,CAAC,aAAa,EAAE,CAAC;IACrB,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAC;IAExC,kDAAkD;IAClD,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACvD,CAAC;IAED,cAAc;IACd,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC;IAEjE,IAAI,CAAC,MAAM,EAAE,CAAC;QACV,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACzC,CAAC;IAED,0BAA0B;IAC1B,IAAI,MAAM,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IACjE,CAAC;IAED,2BAA2B;IAC3B,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAClD,CAAC;IAED,iBAAiB;IACjB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,qBAAqB,EAAE,QAAQ,EAAE;QACjD,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,IAAI,CAAC,MAAO;QACvB,aAAa,EAAE,MAAM;KACxB,CAAC,CAAC;IAEH,kBAAkB;IAClB,MAAM,IAAA,qBAAa,EAAC,GAAG,EAAE;QACrB,MAAM,EAAE,oBAAY,CAAC,cAAc;QACnC,YAAY,EAAE,qBAAa,CAAC,OAAO;QACnC,UAAU,EAAE,QAAQ;QACpB,MAAM,EAAE,SAAS;QACjB,QAAQ,EAAE;YACN,cAAc,EAAE;gBACZ,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,MAAM;aACT;SACJ;KACJ,CAAC,CAAC;IAEH,0CAA0C;IAC1C,GAAG,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC;IAEpB,mCAAmC;IACnC,6EAA6E;IAE7E,OAAO;QACH,OAAO,EAAE,IAAI;QACb,QAAQ;QACR,SAAS,EAAE,GAAG;KACjB,CAAC;AACN,CAAC;AAEY,QAAA,gBAAgB,GAAG,IAAA,qBAAQ,EAAC;IACrC,IAAI,EAAE,gBAAgB;IACtB,OAAO,EAAE,mBAAmB;IAC5B,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,CAAC,eAAe,CAAC;CACjC,CAAC,CAAC;AAEH,+EAA+E;AAC/E,oBAAoB;AACpB,+EAA+E;AAE/E,MAAM,gBAAgB,GAAG;IACrB,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;IACpB,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC;AAYF,KAAK,UAAU,mBAAmB,CAC9B,GAAgB,EAChB,IAAsB;IAEtB,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC;IACrB,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IAElC,oCAAoC;IACpC,IAAI,CAAC,oBAAoB,EAAE,CAAC;IAC5B,IAAI,CAAC,aAAa,EAAE,CAAC;IACrB,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAC;IAExC,kDAAkD;IAClD,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACvD,CAAC;IAED,uBAAuB;IACvB,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,qBAAqB,EAAE,QAAQ,CAAC,CAAC;IAEpE,IAAI,CAAC,SAAS,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACzC,CAAC;IAED,0BAA0B;IAC1B,IAAI,SAAS,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;QACvC,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;IACjE,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,wHAAwH,CAAC,CAAC;IAE1I,8BAA8B;IAC9B,6BAA6B;IAC7B,0DAA0D;IAC1D,IAAI;IAEJ,0BAA0B;IAE1B,0BAA0B;IAC1B,sCAAsC;IACtC,+CAA+C;IAC/C,6CAA6C;IAC7C,kCAAkC;IAElC,qDAAqD;IACrD,yBAAyB;IACzB,wBAAwB;IACxB,gCAAgC;IAChC,2CAA2C;IAC3C,0CAA0C;IAC1C,eAAe;IACf,iBAAiB;IACjB,0CAA0C;IAC1C,gCAAgC;IAChC,sBAAsB;IACtB,+BAA+B;IAC/B,sCAAsC;IACtC,kBAAkB;IAClB,iCAAiC;IACjC,iCAAiC;IACjC,SAAS;IACT,KAAK;IAEL,4DAA4D;IAE5D,wBAAwB;IACxB,yDAAyD;IACzD,sBAAsB;IACtB,+BAA+B;IAC/B,qDAAqD;IACrD,MAAM;IAEN,qBAAqB;IACrB,6BAA6B;IAC7B,2CAA2C;IAC3C,2CAA2C;IAC3C,+BAA+B;IAC/B,yBAAyB;IACzB,kBAAkB;IAClB,4BAA4B;IAC5B,qCAAqC;IACrC,2BAA2B;IAC3B,oCAAoC;IACpC,sBAAsB;IACtB,aAAa;IACb,SAAS;IACT,MAAM;IAEN,sBAAsB;IACtB,uBAAuB;IAEvB,WAAW;IACX,qEAAqE;IACrE,6BAA6B;IAC7B,iBAAiB;IACjB,6BAA6B;IAC7B,sBAAsB;IACtB,KAAK;AACT,CAAC;AAEY,QAAA,gBAAgB,GAAG,IAAA,qBAAQ,EAAC;IACrC,IAAI,EAAE,gBAAgB;IACtB,OAAO,EAAE,mBAAmB;IAC5B,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,CAAC,eAAe,CAAC;CACjC,CAAC,CAAC;AAEH,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E,MAAM,eAAe,GAAG;IACpB,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CACxD,CAAC;AA6BF,KAAK,UAAU,kBAAkB,CAC7B,GAAa,EACb,IAAqB;IAErB,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC;IACrB,MAAM,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC;IAEhC,oCAAoC;IACpC,IAAI,CAAC,oBAAoB,EAAE,CAAC;IAC5B,IAAI,CAAC,aAAa,EAAE,CAAC;IACrB,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAC;IAEtC,cAAc;IACd,IAAI,KAAK,GAAG,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,KAAK,CAAC;QAClD,QAAQ,EAAE,IAAI,CAAC,QAAS;KAC3B,CAAC,CAAC;IAEH,sDAAsD;IACtD,IAAI,CAAC,cAAc,EAAE,CAAC;QAClB,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,QAAQ,EAAE,CAAC;IAEvC,iDAAiD;IACjD,MAAM,KAAK,GAAqB,OAAO,CAAC,GAAG,CAAC,CAAC,GAAQ,EAAE,EAAE,CAAC,CAAC;QACvD,GAAG,EAAE,GAAG,CAAC,GAAG;QACZ,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,WAAW,EAAE,GAAG,CAAC,WAAW,IAAI,EAAE;QAClC,MAAM,EAAE,GAAG,CAAC,MAAM,IAAI,EAAE;QACxB,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,UAAU,EAAE,GAAG,CAAC,UAAU;QAC1B,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,aAAa,EAAE,GAAG,CAAC,aAAa;QAChC,QAAQ,EAAE,GAAG,CAAC,QAAQ;YAClB,CAAC,CAAC;gBACI,WAAW,EAAE,GAAG,CAAC,QAAQ,CAAC,WAAW;gBACrC,WAAW,EAAE,GAAG,CAAC,QAAQ,CAAC,WAAW;aACxC;YACH,CAAC,CAAC,SAAS;KAClB,CAAC,CAAC,CAAC;IAEJ,OAAO;QACH,OAAO,EAAE,KAAK;QACd,KAAK,EAAE,KAAK,CAAC,MAAM;KACtB,CAAC;AACN,CAAC;AAEY,QAAA,eAAe,GAAG,IAAA,kBAAK,EAAC;IACjC,IAAI,EAAE,eAAe;IACrB,OAAO,EAAE,kBAAkB;IAC3B,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,CAAC,aAAa,CAAC;CAC/B,CAAC,CAAC"}

package/dist/functions/built-in/auth-email.d.ts

@@ -0,0 +1,3 @@
+export declare const authRequestEmailVerification: import("../definition").FunctionDefinition;
+export declare const authVerifyEmail: import("../definition").FunctionDefinition;
+//# sourceMappingURL=auth-email.d.ts.map

package/dist/functions/built-in/auth-email.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-email.d.ts","sourceRoot":"","sources":["../../../src/functions/built-in/auth-email.ts"],"names":[],"mappings":"AASA,eAAO,MAAM,4BAA4B,4CA4BvC,CAAC;AAGH,eAAO,MAAM,eAAe,4CA0B1B,CAAC"}

package/dist/functions/built-in/auth-email.js

@@ -0,0 +1,63 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authVerifyEmail = exports.authRequestEmailVerification = void 0;
+/** Built-in Auth Functions: Email Verification */
+const definition_1 = require("../definition");
+const zod_1 = require("zod");
+const cuid2_1 = require("@paralleldrive/cuid2");
+const crypto_1 = require("../../auth/system/crypto");
+// auth.requestEmailVerification
+exports.authRequestEmailVerification = (0, definition_1.mutation)({
+    args: {},
+    handler: async (ctx) => {
+        ctx.auth.requireAuthenticated();
+        if (ctx.auth.type !== "session")
+            throw new Error("API keys cannot verify email");
+        const user = await ctx.db.get("auth_users", ctx.auth.userId);
+        if (!user)
+            throw new Error("User not found");
+        if (user.emailVerified)
+            return { success: true, message: "Email already verified" };
+        const token = crypto.randomUUID();
+        const tokenHash = (0, crypto_1.hashSessionToken)(token);
+        const now = Date.now();
+        await ctx.db.insert("auth_email_verification_tokens", {
+            _id: (0, cuid2_1.createId)(),
+            userId: user._id,
+            tenantId: ctx.auth.tenantId || "",
+            tokenHash,
+            email: user.email,
+            expiresAt: now + 24 * 60 * 60 * 1000, // 24 hours
+            createdAt: now,
+        });
+        // TODO: Send email with verification link
+        return { success: true, token }; // In production, don't return token
+    },
+    auth: "required",
+});
+// auth.verifyEmail
+exports.authVerifyEmail = (0, definition_1.mutation)({
+    args: {
+        token: zod_1.z.string(),
+    },
+    handler: async (ctx, args) => {
+        const tokenHash = (0, crypto_1.hashSessionToken)(args.token);
+        const verifyToken = await ctx.db
+            .query("auth_email_verification_tokens")
+            .where({ tokenHash, consumedAt: null })
+            .findFirst();
+        if (!verifyToken || verifyToken.expiresAt < Date.now()) {
+            throw new Error("Invalid or expired verification token");
+        }
+        await ctx.db.update("auth_users", verifyToken.userId, {
+            emailVerified: true,
+            updatedAt: Date.now(),
+        });
+        await ctx.db.update("auth_email_verification_tokens", verifyToken._id, {
+            consumedAt: Date.now(),
+        });
+        return { success: true };
+    },
+    auth: "public",
+});
+//# sourceMappingURL=auth-email.js.map

package/dist/functions/built-in/auth-email.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-email.js","sourceRoot":"","sources":["../../../src/functions/built-in/auth-email.ts"],"names":[],"mappings":";;;AAAA,kDAAkD;AAClD,8CAAyC;AACzC,6BAAwB;AACxB,gDAAgD;AAChD,qDAA4D;AAI5D,gCAAgC;AACnB,QAAA,4BAA4B,GAAG,IAAA,qBAAQ,EAAC;IACjD,IAAI,EAAE,EAAE;IACR,OAAO,EAAE,KAAK,EAAE,GAAgB,EAAE,EAAE;QAChC,GAAG,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAChC,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAEjF,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,YAAY,EAAE,GAAG,CAAC,IAAI,CAAC,MAAO,CAAC,CAAC;QAC9D,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QAC7C,IAAI,IAAI,CAAC,aAAa;YAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;QAEpF,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAClC,MAAM,SAAS,GAAG,IAAA,yBAAgB,EAAC,KAAK,CAAC,CAAC;QAC1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAEvB,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,gCAAgC,EAAE;YAClD,GAAG,EAAE,IAAA,gBAAQ,GAAE;YACf,MAAM,EAAE,IAAI,CAAC,GAAG;YAChB,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE;YACjC,SAAS;YACT,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,SAAS,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,WAAW;YACjD,SAAS,EAAE,GAAG;SACjB,CAAC,CAAC;QAEH,0CAA0C;QAC1C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,oCAAoC;IACzE,CAAC;IACD,IAAI,EAAE,UAAU;CACnB,CAAC,CAAC;AAEH,mBAAmB;AACN,QAAA,eAAe,GAAG,IAAA,qBAAQ,EAAC;IACpC,IAAI,EAAE;QACF,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;KACpB;IACD,OAAO,EAAE,KAAK,EAAE,GAAgB,EAAE,IAAI,EAAE,EAAE;QACtC,MAAM,SAAS,GAAG,IAAA,yBAAgB,EAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/C,MAAM,WAAW,GAAG,MAAM,GAAG,CAAC,EAAE;aAC3B,KAAK,CAAC,gCAAgC,CAAC;aACvC,KAAK,CAAC,EAAE,SAAS,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC;aACtC,SAAS,EAAE,CAAC;QAEjB,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACrD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,YAAY,EAAE,WAAW,CAAC,MAAM,EAAE;YAClD,aAAa,EAAE,IAAI;YACnB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACxB,CAAC,CAAC;QACH,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,gCAAgC,EAAE,WAAW,CAAC,GAAG,EAAE;YACnE,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;SACzB,CAAC,CAAC;QAEH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC7B,CAAC;IACD,IAAI,EAAE,QAAQ;CACjB,CAAC,CAAC"}

package/dist/functions/built-in/auth-invite.d.ts

@@ -0,0 +1,5 @@
+export declare const authInviteUser: import("../definition").FunctionDefinition;
+export declare const authAcceptInvite: import("../definition").FunctionDefinition;
+export declare const authRemoveMember: import("../definition").FunctionDefinition;
+export declare const authUpdateMemberRole: import("../definition").FunctionDefinition;
+//# sourceMappingURL=auth-invite.d.ts.map

package/dist/functions/built-in/auth-invite.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-invite.d.ts","sourceRoot":"","sources":["../../../src/functions/built-in/auth-invite.ts"],"names":[],"mappings":"AAQA,eAAO,MAAM,cAAc,4CA6BzB,CAAC;AAGH,eAAO,MAAM,gBAAgB,4CAqC3B,CAAC;AAGH,eAAO,MAAM,gBAAgB,4CAa3B,CAAC;AAGH,eAAO,MAAM,oBAAoB,4CAoB/B,CAAC"}

package/dist/functions/built-in/auth-invite.js

@@ -0,0 +1,105 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authUpdateMemberRole = exports.authRemoveMember = exports.authAcceptInvite = exports.authInviteUser = void 0;
+/** Built-in Auth Functions: Membership & Invites */
+const definition_1 = require("../definition");
+const zod_1 = require("zod");
+const cuid2_1 = require("@paralleldrive/cuid2");
+// auth.inviteUser
+exports.authInviteUser = (0, definition_1.mutation)({
+    args: {
+        email: zod_1.z.string().email(),
+        role: zod_1.z.string().default("member"),
+        permissions: zod_1.z.array(zod_1.z.string()).optional(),
+    },
+    handler: async (ctx, args) => {
+        ctx.auth.requireAuthenticated();
+        ctx.auth.requireTenant();
+        ctx.auth.requirePermission("tenant.invite");
+        const now = Date.now();
+        const inviteId = (0, cuid2_1.createId)();
+        await ctx.db.insert("auth_invites", {
+            _id: inviteId,
+            tenantId: ctx.auth.tenantId,
+            email: args.email,
+            role: args.role,
+            permissions: args.permissions || [],
+            expiresAt: now + 7 * 24 * 60 * 60 * 1000, // 7 days
+            createdAt: now,
+            updatedAt: now,
+        });
+        return { inviteId, email: args.email };
+    },
+    auth: "required",
+    permissions: ["tenant.invite"],
+});
+// auth.acceptInvite
+exports.authAcceptInvite = (0, definition_1.mutation)({
+    args: {
+        inviteId: zod_1.z.string(),
+    },
+    handler: async (ctx, args) => {
+        ctx.auth.requireAuthenticated();
+        if (ctx.auth.type !== "session")
+            throw new Error("API keys cannot accept invites");
+        const invite = await ctx.db.get("auth_invites", args.inviteId);
+        if (!invite || invite.acceptedAt || invite.expiresAt < Date.now()) {
+            throw new Error("Invalid or expired invite");
+        }
+        const user = await ctx.db.get("auth_users", ctx.auth.userId);
+        if (user.email !== invite.email) {
+            throw new Error("Invite email does not match user email");
+        }
+        const now = Date.now();
+        await ctx.db.insert("auth_memberships", {
+            _id: (0, cuid2_1.createId)(),
+            tenantId: invite.tenantId,
+            userId: ctx.auth.userId,
+            role: invite.role,
+            permissions: invite.permissions || [],
+            createdAt: now,
+            updatedAt: now,
+        });
+        await ctx.db.update("auth_invites", args.inviteId, {
+            acceptedAt: now,
+            acceptedByUserId: ctx.auth.userId,
+        });
+        return { success: true, tenantId: invite.tenantId };
+    },
+    auth: "required",
+});
+// auth.removeMember
+exports.authRemoveMember = (0, definition_1.mutation)({
+    args: {
+        membershipId: zod_1.z.string(),
+    },
+    handler: async (ctx, args) => {
+        ctx.auth.requireAuthenticated();
+        ctx.auth.requirePermission("tenant.manage");
+        await ctx.db.delete("auth_memberships", args.membershipId);
+        return { success: true };
+    },
+    auth: "required",
+    permissions: ["tenant.manage"],
+});
+// auth.updateMemberRole
+exports.authUpdateMemberRole = (0, definition_1.mutation)({
+    args: {
+        membershipId: zod_1.z.string(),
+        role: zod_1.z.string(),
+        permissions: zod_1.z.array(zod_1.z.string()).optional(),
+    },
+    handler: async (ctx, args) => {
+        ctx.auth.requireAuthenticated();
+        ctx.auth.requirePermission("tenant.manage");
+        await ctx.db.update("auth_memberships", args.membershipId, {
+            role: args.role,
+            permissions: args.permissions,
+            updatedAt: Date.now(),
+        });
+        return { success: true };
+    },
+    auth: "required",
+    permissions: ["tenant.manage"],
+});
+//# sourceMappingURL=auth-invite.js.map

package/dist/functions/built-in/auth-invite.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-invite.js","sourceRoot":"","sources":["../../../src/functions/built-in/auth-invite.ts"],"names":[],"mappings":";;;AAAA,oDAAoD;AACpD,8CAAyC;AACzC,6BAAwB;AACxB,gDAAgD;AAIhD,kBAAkB;AACL,QAAA,cAAc,GAAG,IAAA,qBAAQ,EAAC;IACnC,IAAI,EAAE;QACF,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE;QACzB,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC;QAClC,WAAW,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;KAC9C;IACD,OAAO,EAAE,KAAK,EAAE,GAAgB,EAAE,IAAI,EAAE,EAAE;QACtC,GAAG,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAChC,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;QACzB,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAC;QAE5C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,QAAQ,GAAG,IAAA,gBAAQ,GAAE,CAAC;QAE5B,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE;YAChC,GAAG,EAAE,QAAQ;YACb,QAAQ,EAAE,GAAG,CAAC,IAAI,CAAC,QAAS;YAC5B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,EAAE;YACnC,SAAS,EAAE,GAAG,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,SAAS;YACnD,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;SACjB,CAAC,CAAC;QAEH,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,CAAC;IAC3C,CAAC;IACD,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,CAAC,eAAe,CAAC;CACjC,CAAC,CAAC;AAEH,oBAAoB;AACP,QAAA,gBAAgB,GAAG,IAAA,qBAAQ,EAAC;IACrC,IAAI,EAAE;QACF,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE;KACvB;IACD,OAAO,EAAE,KAAK,EAAE,GAAgB,EAAE,IAAI,EAAE,EAAE;QACtC,GAAG,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAChC,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,SAAS;YAAE,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;QAEnF,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,cAAc,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC/D,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,UAAU,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAChE,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,YAAY,EAAE,GAAG,CAAC,IAAI,CAAC,MAAO,CAAC,CAAC;QAC9D,IAAI,IAAI,CAAC,KAAK,KAAK,MAAM,CAAC,KAAK,EAAE,CAAC;YAC9B,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC9D,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,kBAAkB,EAAE;YACpC,GAAG,EAAE,IAAA,gBAAQ,GAAE;YACf,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,MAAO;YACxB,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,WAAW,EAAE,MAAM,CAAC,WAAW,IAAI,EAAE;YACrC,SAAS,EAAE,GAAG;YACd,SAAS,EAAE,GAAG;SACjB,CAAC,CAAC;QAEH,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,cAAc,EAAE,IAAI,CAAC,QAAQ,EAAE;YAC/C,UAAU,EAAE,GAAG;YACf,gBAAgB,EAAE,GAAG,CAAC,IAAI,CAAC,MAAO;SACrC,CAAC,CAAC;QAEH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;IACxD,CAAC;IACD,IAAI,EAAE,UAAU;CACnB,CAAC,CAAC;AAEH,oBAAoB;AACP,QAAA,gBAAgB,GAAG,IAAA,qBAAQ,EAAC;IACrC,IAAI,EAAE;QACF,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;KAC3B;IACD,OAAO,EAAE,KAAK,EAAE,GAAgB,EAAE,IAAI,EAAE,EAAE;QACtC,GAAG,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAChC,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAC;QAE5C,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,kBAAkB,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;QAC3D,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC7B,CAAC;IACD,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,CAAC,eAAe,CAAC;CACjC,CAAC,CAAC;AAEH,wBAAwB;AACX,QAAA,oBAAoB,GAAG,IAAA,qBAAQ,EAAC;IACzC,IAAI,EAAE;QACF,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE;QACxB,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE;QAChB,WAAW,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;KAC9C;IACD,OAAO,EAAE,KAAK,EAAE,GAAgB,EAAE,IAAI,EAAE,EAAE;QACtC,GAAG,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;QAChC,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,CAAC;QAE5C,MAAM,GAAG,CAAC,EAAE,CAAC,MAAM,CAAC,kBAAkB,EAAE,IAAI,CAAC,YAAY,EAAE;YACvD,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACxB,CAAC,CAAC;QAEH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC7B,CAAC;IACD,IAAI,EAAE,UAAU;IAChB,WAAW,EAAE,CAAC,eAAe,CAAC;CACjC,CAAC,CAAC"}

package/dist/functions/built-in/auth-password.d.ts

@@ -0,0 +1,4 @@
+export declare const authChangePassword: import("../definition").FunctionDefinition;
+export declare const authRequestPasswordReset: import("../definition").FunctionDefinition;
+export declare const authResetPassword: import("../definition").FunctionDefinition;
+//# sourceMappingURL=auth-password.d.ts.map

package/dist/functions/built-in/auth-password.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-password.d.ts","sourceRoot":"","sources":["../../../src/functions/built-in/auth-password.ts"],"names":[],"mappings":"AASA,eAAO,MAAM,kBAAkB,4CA+B7B,CAAC;AAGH,eAAO,MAAM,wBAAwB,4CA2BnC,CAAC;AAGH,eAAO,MAAM,iBAAiB,4CA2C5B,CAAC"}